- tbb-commits - lists.torproject.org

[Git][tpo/applications/tor-browser-build][main] 4 commits: Bug 41247: Simplify tools/update-responses/update_responses
by morgan (＠morgan) 03 Oct '24

03 Oct '24

morgan pushed to branch main at The Tor Project / Applications / tor-browser-build Commits: 7b2ef30f by Nicolas Vigier at 2024-10-03T10:17:59+02:00 Bug 41247: Simplify tools/update-responses/update_responses Most commands implemented in update_responses expect the channel to be an optional argument, doing the operation on all channels if no channel is provided. However we don't really need that feature. In this commit we simplify the script by making the channel a required argument. At the same time we remove the get_channel_version command, which was not used anywhere. - - - - - 97935517 by Nicolas Vigier at 2024-10-03T10:18:01+02:00 Bug 41247: Add support for multiple versions in update_responses - - - - - 0a476854 by Nicolas Vigier at 2024-10-03T16:19:53+02:00 Bug 41247: Add torbrowser_legacy_version to update-responses - - - - - d64bc351 by Nicolas Vigier at 2024-10-03T16:19:55+02:00 Bug 41247: Drop sha512 hash from update_responses files (except for nightly) With tor-browser#42737, the sha512 hash included in the update_responses files is not checked anymore. Since we're doing a watershed update, support for older versions checking the hash is not needed. However since we don't do watershed updates in nightly, we'll keep the sha512 hash in nightly for a little more time. - - - - - 8 changed files: - .gitlab/issue_templates/Release Prep - Tor Browser Stable.md - projects/release/create_update_responses_tar - projects/release/update_responses_config.yml - rbm.conf - tools/signing/nightly/config.yml - tools/signing/nightly/sign-nightly - − tools/update-responses/get_channel_version - tools/update-responses/update_responses Changes: ===================================== .gitlab/issue_templates/Release Prep - Tor Browser Stable.md ===================================== @@ -39,6 +39,8 @@ Tor Browser Stable lives in the various `maint-$(TOR_BROWSER_MAJOR).$(TOR_BROWSE - [ ] `var/torbrowser_version` : update to next version - [ ] `var/torbrowser_build` : update to `$(TOR_BROWSER_BUILD_N)` - [ ] `var/browser_release_date` : update to build date. For the build to be reproducible, the date should be in the past when building. + - [ ] `var/torbrowser_legacy_version` : update to next version in the legacy-13.5 branch + - [ ] `var/torbrowser_legacy_platform_version` : update to firefox platform version in the legacy-13.5 branch - [ ] ***(Desktop Only)***`var/torbrowser_incremental_from` : update to previous Desktop version - **NOTE**: We try to build incrementals for the previous 3 desktop versions except in the case of a watershed update - **IMPORTANT**: Really *actually* make sure this is the previous Desktop version or else the `make torbrowser-incrementals-*` step will fail ===================================== projects/release/create_update_responses_tar ===================================== @@ -1,8 +1,8 @@ #!/bin/bash [% c("var/set_default_env") -%] -[% shell_quote(c("basedir")) %]/tools/update-responses/update_responses -mkdir -p [% shell_quote(path(dest_dir)) %]/update-responses [% SET channel = c('var/channel') -%] +[% shell_quote(c("basedir")) %]/tools/update-responses/update_responses [% channel %] +mkdir -p [% shell_quote(path(dest_dir)) %]/update-responses mv [% shell_quote(c("basedir")) %]/tools/update-responses/htdocs/[% channel %] [% channel %] chmod 775 [% channel %] chmod 664 [% channel %]/.htaccess [% channel %]/* ===================================== projects/release/update_responses_config.yml ===================================== @@ -27,7 +27,11 @@ build_targets: - Darwin_x86_64-gcc3 - Darwin_aarch64-gcc3 channels: - [% c('var/channel') %]: [% c("var/torbrowser_version") %] + [% c('var/channel') %]: + - [% c("var/torbrowser_version") %] +[% IF c("var/torbrowser_legacy_version") -%] + - [% c("var/torbrowser_legacy_version") %] +[% END -%] versions: [% c("var/torbrowser_version") %]: [% IF c("var/create_unsigned_incrementals") -%] @@ -68,6 +72,26 @@ versions: minSupportedInstructionSet: SSE2 linux-x86_64: minSupportedInstructionSet: SSE2 +[% IF c("var/torbrowser_legacy_version") -%] + [% c("var/torbrowser_legacy_version") %]: + mar_channel_id: [% c('var/mar_channel_id') %] + platformVersion: [% c('var/torbrowser_legacy_platform_version') %] + detailsURL: https://blog.torproject.org/new[% IF c("var/alpha") %]-alpha[% END %]-release-tor-browser-[% c("var/torbrowser_legacy_version") FILTER remove('\.') %] + incremental_from: [] + # minSupportedOsVersion on macOS corresponds to the Darwin version ( https://en.wikipedia.org/wiki/Darwin_(operating_system) ) + macos: + # macOS v10.12.0 + minSupportedOSVersion: 16.0.0 + # minSupportedOsVersion on Windows corresponds to the operating system version ( https://docs.microsoft.com/en-us/windows/win32/sysinfo/operating-system-ver… ) + windows-i686: + # Windows 7 + minSupportedOSVersion: 6.1 + minSupportedInstructionSet: SSE2 + windows-x86_64: + # Windows 7 + minSupportedOSVersion: 6.1 + minSupportedInstructionSet: SSE2 +[% END -%] mar_compression: xz [% IF c("var/tor-browser") -%] tag: 'tbb-[% c("var/torbrowser_version") %]-[% c("var/torbrowser_build") %]' ===================================== rbm.conf ===================================== @@ -87,6 +87,9 @@ var: - 14.0a4 mar_channel_id: '[% c("var/projectname") %]-torproject-[% c("var/channel") %]' + torbrowser_legacy_version: 13.5a11 + torbrowser_legacy_platform_version: 115.16.0 + # By default, we sort the list of installed packages. This allows sharing # containers with identical list of packages, even if they are not listed # in the same order. In the cases where the installation order is ===================================== tools/signing/nightly/config.yml ===================================== @@ -1,4 +1,5 @@ --- +hashes_in_responses: 1 martools_version: 9.0.2 martools_url: https://archive.torproject.org/tor-package-archive/torbrowser/ martools_gpg_keyring: keyring/torbrowser.gpg ===================================== tools/signing/nightly/sign-nightly ===================================== @@ -256,7 +256,7 @@ sub update_responses { my $htdocsdir = "$topdir/tools/update-responses/htdocs/nightly"; path($htdocsdir)->remove_tree({ safe => 0 }); exit_error "Error running update_responses for $publish_dir" unless - system("$topdir/tools/update-responses/update_responses") == 0; + system("$topdir/tools/update-responses/update_responses", 'nightly') == 0; path("$topdir/nightly/updates/$publish_dir/nightly")->remove_tree({ safe => 0 }); make_path("$topdir/nightly/updates/$publish_dir"); dirmove($htdocsdir, "$topdir/nightly/updates/$publish_dir/nightly") ===================================== tools/update-responses/get_channel_version deleted ===================================== @@ -1 +0,0 @@ -update_responses \ No newline at end of file ===================================== tools/update-responses/update_responses ===================================== @@ -42,6 +42,10 @@ sub exit_error { exit (exists $_[1] ? $_[1] : 1); } +sub as_array { + ref $_[0] eq 'ARRAY' ? $_[0] : [ $_[0] ]; +} + sub get_tmpdir { my ($config) = @_; return File::Temp->newdir($config->{tmp_dir} ? @@ -72,13 +76,11 @@ sub write_htdocs { } sub clean_htdocs { - my (@channels) = @_; - foreach my $channel (@channels) { - opendir(my $d, "$htdocsdir/$channel"); - my @files = grep { ! $htdocsfiles{$channel}->{$_} } readdir $d; - closedir $d; - unlink map { "$htdocsdir/$channel/$_" } @files; - } + my ($channel) = @_; + opendir(my $d, "$htdocsdir/$channel"); + my @files = grep { ! $htdocsfiles{$channel}->{$_} } readdir $d; + closedir $d; + unlink map { "$htdocsdir/$channel/$_" } @files; } sub get_sha512_hex_of_file { @@ -105,8 +107,10 @@ sub get_version_files { type => 'complete', URL => "$download_url/$file", size => -s "$vdir/$file", - hashFunction => 'SHA512', - hashValue => get_sha512_hex_of_file("$vdir/$file"), + $config->{hashes_in_responses} ? ( + hashFunction => 'SHA512', + hashValue => get_sha512_hex_of_file("$vdir/$file"), + ) : (), }; next; } @@ -116,9 +120,11 @@ sub get_version_files { type => 'partial', URL => "$download_url/$file", size => -s "$vdir/$file", - hashFunction => 'SHA512', - hashValue => get_sha512_hex_of_file("$vdir/$file"), - } + $config->{hashes_in_responses} ? ( + hashFunction => 'SHA512', + hashValue => get_sha512_hex_of_file("$vdir/$file"), + ) : (), + }; } } closedir $d; @@ -239,8 +245,10 @@ sub create_incremental_mar { type => 'partial', URL => "$download_url/$mar_file", size => -s $mar_file_path, - hashFunction => 'SHA512', - hashValue => get_sha512_hex_of_file($mar_file_path), + $config->{hashes_in_responses} ? ( + hashFunction => 'SHA512', + hashValue => get_sha512_hex_of_file($mar_file_path), + ) : (), }; }; return if $pm->start($finished_file); @@ -307,16 +315,6 @@ sub version_dir { return get_config($config, $version, 'any', 'releases_dir') . "/$version"; } -sub channel_to_version { - my ($config, @channels) = @_; - return values %{$config->{channels}} unless @channels; - foreach my $channel (@channels) { - exit_error "Unknown channel $channel" - unless $config->{channels}{$channel}; - } - return map { $config->{channels}{$_} } @channels; -} - sub get_buildinfos { my ($config, $version) = @_; return if exists $config->{versions}{$version}{buildID}; @@ -347,49 +345,58 @@ sub get_buildinfos { } sub get_response { - my ($config, $version, $os, @patches) = @_; + my ($config, $versions, $os, $lang, $from_version) = @_; my $res; my $writer = XML::Writer->new(OUTPUT => \$res, ENCODING => 'UTF-8'); $writer->xmlDecl; $writer->startTag('updates'); - if (get_config($config, $version, $os, 'unsupported')) { + foreach my $version (@$versions) { + if (get_config($config, $version, $os, 'unsupported')) { + $writer->startTag('update', + unsupported => 'true', + detailsURL => get_config($config, $version, $os, 'detailsURL'), + ); + goto CLOSETAGS; + } + my $minversion = get_config($config, $version, $os, 'minSupportedOSVersion'); + my $mininstruc = get_config($config, $version, $os, 'minSupportedInstructionSet'); $writer->startTag('update', - unsupported => 'true', + type => 'minor', + displayVersion => $version, + appVersion => $version, + platformVersion => get_config($config, $version, $os, 'platformVersion'), + buildID => get_config($config, $version, $os, 'buildID'), detailsURL => get_config($config, $version, $os, 'detailsURL'), + actions => 'showURL', + openURL => get_config($config, $version, $os, 'detailsURL'), + defined $minversion ? ( minSupportedOSVersion => $minversion ) : (), + defined $mininstruc ? ( minSupportedInstructionSet => $mininstruc ) : (), ); - goto CLOSETAGS; - } - my $minversion = get_config($config, $version, $os, 'minSupportedOSVersion'); - my $mininstruc = get_config($config, $version, $os, 'minSupportedInstructionSet'); - $writer->startTag('update', - type => 'minor', - displayVersion => $version, - appVersion => $version, - platformVersion => get_config($config, $version, $os, 'platformVersion'), - buildID => get_config($config, $version, $os, 'buildID'), - detailsURL => get_config($config, $version, $os, 'detailsURL'), - actions => 'showURL', - openURL => get_config($config, $version, $os, 'detailsURL'), - defined $minversion ? ( minSupportedOSVersion => $minversion ) : (), - defined $mininstruc ? ( minSupportedInstructionSet => $mininstruc ) : (), - ); - foreach my $patch (@patches) { - my @sorted_patch = map { $_ => $patch->{$_} } sort keys %$patch; - $writer->startTag('patch', @sorted_patch); - $writer->endTag('patch'); + if (my $patch = $config->{versions}{$version}{files}{$os}{$lang}{complete}) { + my @sorted_patch = map { $_ => $patch->{$_} } sort keys %$patch; + $writer->startTag('patch', @sorted_patch); + $writer->endTag('patch'); + } + if ($from_version) { + if (my $patch = $config->{versions}{$version}{files}{$os}{$lang}{partial}{$from_version}) { + my @sorted_patch = map { $_ => $patch->{$_} } sort keys %$patch; + $writer->startTag('patch', @sorted_patch); + $writer->endTag('patch'); + } + } + CLOSETAGS: + $writer->endTag('update'); } - CLOSETAGS: - $writer->endTag('update'); $writer->endTag('updates'); $writer->end; return $res; } sub write_responses { - my ($config, @channels) = @_; - @channels = keys %{$config->{channels}} unless @channels; - foreach my $channel (@channels) { - my $version = $config->{channels}{$channel}; + my ($config, $channel) = @_; + my $versions = as_array($config->{channels}{$channel}); + my (%oses, %langs, %from_versions); + foreach my $version (@$versions) { get_version_files($config, $version); get_buildinfos($config, $version); my $files = $config->{versions}{$version}{files}; @@ -398,79 +405,96 @@ sub write_responses { my $new_os = $migrate_archs->{$old_os}; foreach my $lang (keys %{$files->{$new_os}}) { $files->{$old_os}{$lang}{complete} = - $files->{$new_os}{$lang}{complete}; + $files->{$new_os}{$lang}{complete}; } } foreach my $os (keys %$files) { + $oses{$os} = 1; foreach my $lang (keys %{$files->{$os}}) { - my $resp = get_response($config, $version, $os, - $files->{$os}{$lang}{complete}); - write_htdocs($channel, "$version-$os-$lang.xml", $resp); + $langs{$lang} = 1; foreach my $from_version (keys %{$files->{$os}{$lang}{partial}}) { - $resp = get_response($config, $version, $os, - $files->{$os}{$lang}{complete}, - $files->{$os}{$lang}{partial}{$from_version}); - write_htdocs($channel, "$from_version-$version-$os-$lang.xml", $resp); + $from_versions{$from_version} = 1; } } } - write_htdocs($channel, 'no-update.xml', - '<?xml version="1.0" encoding="UTF-8"?>' - . "\n<updates></updates>\n"); } + my $versions_str = join('+', @$versions); + foreach my $os (keys %oses) { + foreach my $lang (keys %langs) { + my $resp = get_response($config, $versions, $os, $lang); + write_htdocs($channel, "$versions_str-$os-$lang.xml", $resp); + foreach my $from_version (keys %from_versions) { + $resp = get_response($config, $versions, $os, $lang, $from_version); + write_htdocs($channel, "$from_version-$versions_str-$os-$lang.xml", $resp); + } + } + } + write_htdocs($channel, 'no-update.xml', + '<?xml version="1.0" encoding="UTF-8"?>' + . "\n<updates></updates>\n"); } sub write_htaccess { - my ($config, @channels) = @_; - @channels = keys %{$config->{channels}} unless @channels; + my ($config, $channel) = @_; my $flags = "[last]"; - foreach my $channel (@channels) { - my $htaccess = "RewriteEngine On\n"; - $htaccess .= $config->{htaccess_rewrite_rules}{$channel} // ''; - my $version = $config->{channels}{$channel}; - my $migrate_langs = $config->{versions}{$version}{migrate_langs} // {}; + my $htaccess = "RewriteEngine On\n"; + $htaccess .= $config->{htaccess_rewrite_rules}{$channel} // ''; + my $versions = as_array($config->{channels}{$channel}); + my $versions_str = join('+', @$versions); + my (%oses, %langs, %from_versions); + my $migrate_langs; + foreach my $version (@$versions) { + $migrate_langs = $config->{versions}{$version}{migrate_langs} + if $config->{versions}{$version}{migrate_langs}; my $files = $config->{versions}{$version}{files}; - $htaccess .= "RewriteRule ^[^\/]+/$version/ no-update.xml $flags\n"; - foreach my $os (sort keys %$files) { - foreach my $bt (build_targets_by_os($os)) { - foreach my $lang (sort keys %{$files->{$os}}) { - foreach my $from_version (sort keys %{$files->{$os}{$lang}{partial}}) { - $htaccess .= "RewriteRule ^$bt/$from_version/$lang " - . "$from_version-$version-$os-$lang.xml $flags\n"; - } - $htaccess .= "RewriteRule ^$bt/[^\/]+/$lang " - . "$version-$os-$lang.xml $flags\n"; + foreach my $os (keys %$files) { + $oses{$os} = 1; + foreach my $lang (keys %{$files->{$os}}) { + $langs{$lang} = 1; + foreach my $from_version (keys %{$files->{$os}{$lang}{partial}}) { + $from_versions{$from_version} = 1; } - foreach my $lang (sort keys %$migrate_langs) { - $htaccess .= "RewriteRule ^$bt/[^\/]+/$lang " - . "$version-$os-$migrate_langs->{$lang}.xml $flags\n"; + } + } + $htaccess .= "RewriteRule ^[^\/]+/$version/ no-update.xml $flags\n"; + } + foreach my $os (sort keys %oses) { + foreach my $bt (build_targets_by_os($os)) { + foreach my $lang (sort keys %langs) { + foreach my $from_version (sort keys %from_versions) { + $htaccess .= "RewriteRule ^$bt/$from_version/$lang " + . "$from_version-$versions_str-$os-$lang.xml $flags\n"; } - $htaccess .= "RewriteRule ^$bt/ $version-$os-ALL.xml $flags\n"; + $htaccess .= "RewriteRule ^$bt/[^\/]+/$lang " + . "$versions_str-$os-$lang.xml $flags\n"; + } + foreach my $lang (sort keys %$migrate_langs) { + $htaccess .= "RewriteRule ^$bt/[^\/]+/$lang " + . "$versions_str-$os-$migrate_langs->{$lang}.xml $flags\n"; } + $htaccess .= "RewriteRule ^$bt/ $versions_str-$os-ALL.xml $flags\n"; } - write_htdocs($channel, '.htaccess', $htaccess); } + write_htdocs($channel, '.htaccess', $htaccess); } sub write_downloads_json { - my ($config, @channels) = @_; + my ($config, $channel) = @_; return unless $config->{create_downloads_json}; - @channels = keys %{$config->{channels}} unless @channels; - foreach my $channel (@channels) { - my $version = $config->{channels}{$channel}; - my $tag = get_config($config, $version, 'any', 'tag'); - my $data = { - version => "$version", - tag => "$tag", - downloads => get_version_downloads($config, $version), - }; - write_htdocs($channel, 'downloads.json', - JSON->new->utf8->canonical->encode($data)); - my $pp_downloads = get_perplatform_downloads($config, $version, $tag); - foreach my $os (keys %{$pp_downloads}) { - write_htdocs($channel, "download-$os.json", + my $versions = as_array($config->{channels}{$channel}); + my ($version) = @$versions; + my $tag = get_config($config, $version, 'any', 'tag'); + my $data = { + version => "$version", + tag => "$tag", + downloads => get_version_downloads($config, $version), + }; + write_htdocs($channel, 'downloads.json', + JSON->new->utf8->canonical->encode($data)); + my $pp_downloads = get_perplatform_downloads($config, $version, $tag); + foreach my $os (keys %{$pp_downloads}) { + write_htdocs($channel, "download-$os.json", JSON->new->utf8->canonical->encode($pp_downloads->{$os})); - } } } @@ -486,8 +510,10 @@ sub marzip_path { } my $martools_tmpdir; +my $extracted_martools; sub extract_martools { my ($config, $version) = @_; + return if $extracted_martools; my $marzip = marzip_path($config, $version); $martools_tmpdir = get_tmpdir($config); my $old_cwd = getcwd; @@ -503,6 +529,7 @@ sub extract_martools { } else { $ENV{LD_LIBRARY_PATH} = "$martools_tmpdir/mar-tools"; } + $extracted_martools = 1; } sub log_step { @@ -559,7 +586,8 @@ sub build_targets_list { sub check_update_responses_channel { my ($config, $base_url, $channel) = @_; - my $channel_version = $config->{channels}{$channel}; + my $channel_versions = as_array($config->{channels}{$channel}); + my ($channel_version) = @$channel_versions; foreach my $build_target (build_targets_list()) { foreach my $lang (qw(en-US de)) { my $url = "$base_url/$channel/$build_target/1.0/$lang"; @@ -621,11 +649,11 @@ sub download_version { } sub download_missing_versions { - my ($config, @channels) = @_; - foreach my $channel (@channels) { - exit_error "Unknown channel $channel" - unless $config->{channels}{$channel}; - my $cversion = $config->{channels}{$channel}; + my ($config, $channel) = @_; + exit_error "Unknown channel $channel" + unless $config->{channels}{$channel}; + my $cversions = as_array($config->{channels}{$channel}); + foreach my $cversion (@$cversions) { next unless $config->{versions}{$cversion}{incremental_from}; foreach my $version (@{$config->{versions}{$cversion}{incremental_from}}) { next if -d version_dir($config, $version); @@ -636,11 +664,9 @@ sub download_missing_versions { sub check_update_responses { my ($config) = @_; - exit_error "usage: $PROGRAM_NAME <base_url> [channels...]" unless @ARGV; - my ($base_url, @channels) = @ARGV; - foreach my $channel (@channels ? @channels : keys %{$config->{channels}}) { - check_update_responses_channel($config, $base_url, $channel); - } + exit_error "usage: $PROGRAM_NAME <base_url> <channel>" unless @ARGV; + my ($base_url, $channel) = @ARGV; + check_update_responses_channel($config, $base_url, $channel); if (!@check_errors) { print "\n\nNo errors\n"; return; @@ -660,38 +686,34 @@ sub check_update_responses { my %actions = ( update_responses => sub { my ($config) = @_; - my @channels = @ARGV ? @ARGV : keys %{$config->{channels}}; - foreach my $channel (@channels) { - exit_error "Unknown channel $channel" - unless $config->{channels}{$channel}; - $htdocsfiles{$channel} = { '.' => 1, '..' => 1 }; - } - write_responses($config, @channels); - write_htaccess($config, @channels); - write_downloads_json($config, @channels); - clean_htdocs(@channels); + exit_error "Wrong arguments" unless @ARGV == 1; + my $channel = $ARGV[0]; + exit_error "Unknown channel $channel" unless $config->{channels}{$channel}; + $htdocsfiles{$channel} = { '.' => 1, '..' => 1 }; + write_responses($config, $channel); + write_htaccess($config, $channel); + write_downloads_json($config, $channel); + clean_htdocs($channel); }, gen_incrementals => sub { my ($config) = @_; - foreach my $channel (@ARGV) { - my ($version) = channel_to_version($config, $channel); + exit_error "Wrong arguments" unless @ARGV == 1; + my $channel = $ARGV[0]; + exit_error "Unknown channel" unless $config->{channels}{$channel}; + my $versions = as_array($config->{channels}{$channel}); + foreach my $version (@$versions) { extract_martools($config, $version); get_version_files($config, $version); create_incremental_mars_for_version($config, $version, $channel); } }, download_missing_versions => sub { - my ($config) = @_; - my @channels = @ARGV ? @ARGV : keys %{$config->{channels}}; - download_missing_versions($config, @channels); - }, - check_update_responses_deployement => \&check_update_responses, - get_channel_version => sub { my ($config) = @_; exit_error "Wrong arguments" unless @ARGV == 1; - exit_error "Unknown channel" unless $config->{channels}{$ARGV[0]}; - print $config->{channels}{$ARGV[0]}, "\n"; + my $channel = $ARGV[0]; + download_missing_versions($config, $channel); }, + check_update_responses_deployement => \&check_update_responses, ); my $action = fileparse($PROGRAM_NAME); View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/compare/… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/compare/… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser-update-responses][main] Fix 13.5.6 update
by boklm (＠boklm) 03 Oct '24

03 Oct '24

boklm pushed to branch main at The Tor Project / Applications / Tor Browser update responses Commits: e6568d28 by Nicolas Vigier at 2024-10-03T15:17:16+02:00 Fix 13.5.6 update https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/4… - - - - - 8 changed files: - update_3/release/13.5.3-13.5.6-macos-ALL.xml - update_3/release/13.5.4-13.5.6-macos-ALL.xml - update_3/release/13.5.5-13.5.6-macos-ALL.xml - update_3/release/13.5.6-macos-ALL.xml - update_3/release/download-android-aarch64.json - update_3/release/download-android-armv7.json - update_3/release/download-android-x86.json - update_3/release/download-android-x86_64.json Changes: ===================================== update_3/release/13.5.3-13.5.6-macos-ALL.xml ===================================== @@ -1,2 +1,2 @@ <?xml version="1.0" encoding="UTF-8"?> -<updates><update type="minor" displayVersion="13.5.6" appVersion="13.5.6" platformVersion="115.16.0" buildID="20240930230510" detailsURL="https://blog.torproject.org/new-release-tor-browser-1356" actions="showURL" openURL="https://blog.torproject.org/new-release-tor-browser-1356" minSupportedOSVersion="16.0.0"><patch URL="https://cdn.torproject.org/aus1/torbrowser/13.5.6/tor-browser-macos-13.5.6_…" hashFunction="SHA512" hashValue="3812e78c7002ed4b8fe4ab326dd6f665b7948513d95dc1539eb3dd427122f35edd23a80601bca3ec1bcb3a6d1e2186c4f73afa5158fd2804c9c3ab3cb129803f" size="169711162" type="complete"></patch><patch URL="https://cdn.torproject.org/aus1/torbrowser/13.5.6/tor-browser-macos--13.5.3…" hashFunction="SHA512" hashValue="0e1f434b7a7cb2b05299ca20c909242401e486b04816b22338820530069822e95f352ef4010b60c8663d5870064410dcb9878cacd9d82e50560776a245992a3a" size="9024392" type="partial"></patch></update></updates> +<updates><update type="minor" displayVersion="13.5.6" appVersion="13.5.6" platformVersion="115.16.0" buildID="20240930230510" detailsURL="https://blog.torproject.org/new-release-tor-browser-1356" actions="showURL" openURL="https://blog.torproject.org/new-release-tor-browser-1356" minSupportedOSVersion="16.0.0"><patch URL="https://cdn.torproject.org/aus1/torbrowser/13.5.6/tor-browser-macos-13.5.6_…" hashFunction="SHA512" hashValue="1e5b00a0e4d078647f8e04c967703e1d0e5ae8171108f2012ca36106c7bf76a41bb50766b79de6e4eabb1d1454f70754d731d1048ad96a20046221ed06677fce" size="169713986" type="complete"></patch><patch URL="https://cdn.torproject.org/aus1/torbrowser/13.5.6/tor-browser-macos--13.5.3…" hashFunction="SHA512" hashValue="10252334829fa21b7ec10154606cd1079482ef2cc65db6c41dd1ff293a06012b8321f53accb50876f9d53771f16ec666404088d8c42ee43b5ccbec14b76f99bb" size="9029180" type="partial"></patch></update></updates> ===================================== update_3/release/13.5.4-13.5.6-macos-ALL.xml ===================================== @@ -1,2 +1,2 @@ <?xml version="1.0" encoding="UTF-8"?> -<updates><update type="minor" displayVersion="13.5.6" appVersion="13.5.6" platformVersion="115.16.0" buildID="20240930230510" detailsURL="https://blog.torproject.org/new-release-tor-browser-1356" actions="showURL" openURL="https://blog.torproject.org/new-release-tor-browser-1356" minSupportedOSVersion="16.0.0"><patch URL="https://cdn.torproject.org/aus1/torbrowser/13.5.6/tor-browser-macos-13.5.6_…" hashFunction="SHA512" hashValue="3812e78c7002ed4b8fe4ab326dd6f665b7948513d95dc1539eb3dd427122f35edd23a80601bca3ec1bcb3a6d1e2186c4f73afa5158fd2804c9c3ab3cb129803f" size="169711162" type="complete"></patch><patch URL="https://cdn.torproject.org/aus1/torbrowser/13.5.6/tor-browser-macos--13.5.4…" hashFunction="SHA512" hashValue="bb89e1aacae8732d0e8a5f5e9ca78d089871edbad9dc7e6f73e1ba5dfdf2ee09e483833fcfa31c25ab38549b0753c95bd77c78180ba3b2a6de579943fa3e1638" size="8537264" type="partial"></patch></update></updates> +<updates><update type="minor" displayVersion="13.5.6" appVersion="13.5.6" platformVersion="115.16.0" buildID="20240930230510" detailsURL="https://blog.torproject.org/new-release-tor-browser-1356" actions="showURL" openURL="https://blog.torproject.org/new-release-tor-browser-1356" minSupportedOSVersion="16.0.0"><patch URL="https://cdn.torproject.org/aus1/torbrowser/13.5.6/tor-browser-macos-13.5.6_…" hashFunction="SHA512" hashValue="1e5b00a0e4d078647f8e04c967703e1d0e5ae8171108f2012ca36106c7bf76a41bb50766b79de6e4eabb1d1454f70754d731d1048ad96a20046221ed06677fce" size="169713986" type="complete"></patch><patch URL="https://cdn.torproject.org/aus1/torbrowser/13.5.6/tor-browser-macos--13.5.4…" hashFunction="SHA512" hashValue="bb7d500f431022b5ce5b1b7385ef3db44217681b992ba4fc790b9db0c52ee797c6f54a3d47cb43b8e5d8879330dcc6bbd5e10d6c522563717b74fd50fd55cdaf" size="8534004" type="partial"></patch></update></updates> ===================================== update_3/release/13.5.5-13.5.6-macos-ALL.xml ===================================== @@ -1,2 +1,2 @@ <?xml version="1.0" encoding="UTF-8"?> -<updates><update type="minor" displayVersion="13.5.6" appVersion="13.5.6" platformVersion="115.16.0" buildID="20240930230510" detailsURL="https://blog.torproject.org/new-release-tor-browser-1356" actions="showURL" openURL="https://blog.torproject.org/new-release-tor-browser-1356" minSupportedOSVersion="16.0.0"><patch URL="https://cdn.torproject.org/aus1/torbrowser/13.5.6/tor-browser-macos-13.5.6_…" hashFunction="SHA512" hashValue="3812e78c7002ed4b8fe4ab326dd6f665b7948513d95dc1539eb3dd427122f35edd23a80601bca3ec1bcb3a6d1e2186c4f73afa5158fd2804c9c3ab3cb129803f" size="169711162" type="complete"></patch><patch URL="https://cdn.torproject.org/aus1/torbrowser/13.5.6/tor-browser-macos--13.5.5…" hashFunction="SHA512" hashValue="e4b7087c41afe1fd942f0e439e2ce7b175d10c4dc6c027af81e90204edcf8811b19bda84ee2eed70a1fe09c117303c8ba0d196b263965c2d7c6af01e6852f919" size="8476716" type="partial"></patch></update></updates> +<updates><update type="minor" displayVersion="13.5.6" appVersion="13.5.6" platformVersion="115.16.0" buildID="20240930230510" detailsURL="https://blog.torproject.org/new-release-tor-browser-1356" actions="showURL" openURL="https://blog.torproject.org/new-release-tor-browser-1356" minSupportedOSVersion="16.0.0"><patch URL="https://cdn.torproject.org/aus1/torbrowser/13.5.6/tor-browser-macos-13.5.6_…" hashFunction="SHA512" hashValue="1e5b00a0e4d078647f8e04c967703e1d0e5ae8171108f2012ca36106c7bf76a41bb50766b79de6e4eabb1d1454f70754d731d1048ad96a20046221ed06677fce" size="169713986" type="complete"></patch><patch URL="https://cdn.torproject.org/aus1/torbrowser/13.5.6/tor-browser-macos--13.5.5…" hashFunction="SHA512" hashValue="d0848e8628a720a24c837dd2f53f93c9805083bd5aa1988bbb3d01cc8c52584bad06975b062e4ce14ab67dd7884a31c7453f4840243f750394733eaa2097662d" size="8478964" type="partial"></patch></update></updates> ===================================== update_3/release/13.5.6-macos-ALL.xml ===================================== @@ -1,2 +1,2 @@ <?xml version="1.0" encoding="UTF-8"?> -<updates><update type="minor" displayVersion="13.5.6" appVersion="13.5.6" platformVersion="115.16.0" buildID="20240930230510" detailsURL="https://blog.torproject.org/new-release-tor-browser-1356" actions="showURL" openURL="https://blog.torproject.org/new-release-tor-browser-1356" minSupportedOSVersion="16.0.0"><patch URL="https://cdn.torproject.org/aus1/torbrowser/13.5.6/tor-browser-macos-13.5.6_…" hashFunction="SHA512" hashValue="3812e78c7002ed4b8fe4ab326dd6f665b7948513d95dc1539eb3dd427122f35edd23a80601bca3ec1bcb3a6d1e2186c4f73afa5158fd2804c9c3ab3cb129803f" size="169711162" type="complete"></patch></update></updates> +<updates><update type="minor" displayVersion="13.5.6" appVersion="13.5.6" platformVersion="115.16.0" buildID="20240930230510" detailsURL="https://blog.torproject.org/new-release-tor-browser-1356" actions="showURL" openURL="https://blog.torproject.org/new-release-tor-browser-1356" minSupportedOSVersion="16.0.0"><patch URL="https://cdn.torproject.org/aus1/torbrowser/13.5.6/tor-browser-macos-13.5.6_…" hashFunction="SHA512" hashValue="1e5b00a0e4d078647f8e04c967703e1d0e5ae8171108f2012ca36106c7bf76a41bb50766b79de6e4eabb1d1454f70754d731d1048ad96a20046221ed06677fce" size="169713986" type="complete"></patch></update></updates> ===================================== update_3/release/download-android-aarch64.json ===================================== @@ -1 +1 @@ -{"binary":"https://dist.torproject.org/torbrowser/13.5.4/tor-browser-android-aarch64-1…","git_tag":"tbb-13.5.4-build1","sig":"https://dist.torproject.org/torbrowser/13.5.4/tor-browser-android-aarch64-1…","version":"13.5.4"} \ No newline at end of file +{"binary":"https://dist.torproject.org/torbrowser/13.5.6/tor-browser-android-aarch64-1…","git_tag":"tbb-13.5.6-build1","sig":"https://dist.torproject.org/torbrowser/13.5.6/tor-browser-android-aarch64-1…","version":"13.5.6"} \ No newline at end of file ===================================== update_3/release/download-android-armv7.json ===================================== @@ -1 +1 @@ -{"binary":"https://dist.torproject.org/torbrowser/13.5.4/tor-browser-android-armv7-13.…","git_tag":"tbb-13.5.4-build1","sig":"https://dist.torproject.org/torbrowser/13.5.4/tor-browser-android-armv7-13.…","version":"13.5.4"} \ No newline at end of file +{"binary":"https://dist.torproject.org/torbrowser/13.5.6/tor-browser-android-armv7-13.…","git_tag":"tbb-13.5.6-build1","sig":"https://dist.torproject.org/torbrowser/13.5.6/tor-browser-android-armv7-13.…","version":"13.5.6"} \ No newline at end of file ===================================== update_3/release/download-android-x86.json ===================================== @@ -1 +1 @@ -{"binary":"https://dist.torproject.org/torbrowser/13.5.4/tor-browser-android-x86-13.5.…","git_tag":"tbb-13.5.4-build1","sig":"https://dist.torproject.org/torbrowser/13.5.4/tor-browser-android-x86-13.5.…","version":"13.5.4"} \ No newline at end of file +{"binary":"https://dist.torproject.org/torbrowser/13.5.6/tor-browser-android-x86-13.5.…","git_tag":"tbb-13.5.6-build1","sig":"https://dist.torproject.org/torbrowser/13.5.6/tor-browser-android-x86-13.5.…","version":"13.5.6"} \ No newline at end of file ===================================== update_3/release/download-android-x86_64.json ===================================== @@ -1 +1 @@ -{"binary":"https://dist.torproject.org/torbrowser/13.5.4/tor-browser-android-x86_64-13…","git_tag":"tbb-13.5.4-build1","sig":"https://dist.torproject.org/torbrowser/13.5.4/tor-browser-android-x86_64-13…","version":"13.5.4"} \ No newline at end of file +{"binary":"https://dist.torproject.org/torbrowser/13.5.6/tor-browser-android-x86_64-13…","git_tag":"tbb-13.5.6-build1","sig":"https://dist.torproject.org/torbrowser/13.5.6/tor-browser-android-x86_64-13…","version":"13.5.6"} \ No newline at end of file View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-update-responses… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-update-responses… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/mullvad-browser][mullvad-browser-128.3.0esr-14.0-1] fixup! Firefox preference overrides.
by morgan (＠morgan) 02 Oct '24

02 Oct '24

morgan pushed to branch mullvad-browser-128.3.0esr-14.0-1 at The Tor Project / Applications / Mullvad Browser Commits: 8523387b by Pier Angelo Vendrame at 2024-10-02T19:53:07+00:00 fixup! Firefox preference overrides. Bug 42054: ESR128: investigate - thorin's list. Set or remove some preferences as suggested by Thorin. - - - - - 1 changed file: - browser/app/profile/001-base-profile.js Changes: ===================================== browser/app/profile/001-base-profile.js ===================================== @@ -101,6 +101,12 @@ pref("browser.pagethumbnails.capturing_disabled", true); // pref("privacy.exposeContentTitleInWindow", false); // pref("privacy.exposeContentTitleInWindow.pbm", false); +// tor-browser#42054: Opt-out from any built-in backup system, even though +// local, as it might be a violation of our standalone mode. +// Users can still opt-in if they wish. +pref("browser.backup.enabled", false); +pref("browser.backup.scheduled.enabled", false); + // Empty clipboard content from private windows on exit (tor-browser#42154) pref("browser.privatebrowsing.preserveClipboard", false); @@ -251,6 +257,9 @@ pref("privacy.trackingprotection.fingerprinting.enabled", false); pref("privacy.trackingprotection.socialtracking.enabled", false); pref("privacy.socialtracking.block_cookies.enabled", false); pref("privacy.annotate_channels.strict_list.enabled", false); +// tor-browser#43178: for defense-in-depth, avoid remote overrides to FPP. +// Notice that it should not apply to RFP anyway... +pref("privacy.fingerprintingProtection.remoteOverrides.enabled", false); // Disable the Pocket extension (Bug #18886 and #31602) pref("extensions.pocket.enabled", false); @@ -284,6 +293,9 @@ pref("browser.newtabpage.activity-stream.asrouter.providers.messaging-experiment // Disable fetching asrouter.ftl and related console errors (tor-browser#40763). pref("browser.newtabpage.activity-stream.asrouter.useRemoteL10n", false); +// tor-browser#42054: make sure search result telemetry is disabled. +pref("browser.search.serpEventTelemetryCategorization.enabled", false); + // tor-browser#42872, #42555: Disable translations. // Translation have a bad UX in 128 (and with our config). Maybe we will // re-enable after auditing and fixing the UX. @@ -444,9 +456,6 @@ pref("pdfjs.disabled", false, locked); #endif // Bug 40057: Ensure system colors are not used for CSS4 colors pref("browser.display.use_system_colors", false); -// Enforce non-native widget theme (true by default, defense in depth). -// Provides a uniform look and feel across platforms. Added with tor-browser#41496. -pref("widget.non-native-theme.enabled", true); // tor-browser#41676: Set the TZ environment variable as a defense-in-depth. // TODO: Remove this in ESR-128, as it has been removed in 116 with Bug 1837582. pref("privacy.resistFingerprinting.testing.setTZtoUTC", true); @@ -524,7 +533,9 @@ pref("network.http.http2.websockets", true, locked); pref("network.http.http2.enable-hpack-dump", false, locked); // tor-browser#23044: Make sure we don't have any GIO supported protocols -// (defense in depth measure) +// (defense in depth measure). +// As of Firefox 118 (Bug 1843763), upstream does not add any protocol by +// default, but setting it to blank seems a good idea (tor-browser#42054). pref("network.gio.supported-protocols", ""); // Mullvad Browser enables WebRTC by default, meaning that there the following prefs // are first-line defense, rather than "in depth" (mullvad-browser#40) @@ -627,9 +638,6 @@ pref("security.cert_pinning.enforcement_level", 2); // Don't load OS client certs. pref("security.osclientcerts.autoload", false); -// Don't allow MitM via Microsoft Family Safety, see bug 21686 -pref("security.family_safety.mode", 0); - // Don't allow MitM via enterprise roots, see bug 30681 pref("security.enterprise_roots.enabled", false); View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/commit/852… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/commit/852… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][base-browser-128.3.0esr-14.0-1] fixup! Firefox preference overrides.
by morgan (＠morgan) 02 Oct '24

02 Oct '24

morgan pushed to branch base-browser-128.3.0esr-14.0-1 at The Tor Project / Applications / Tor Browser Commits: b8610ea4 by Pier Angelo Vendrame at 2024-10-02T19:52:38+00:00 fixup! Firefox preference overrides. Bug 42054: ESR128: investigate - thorin's list. Set or remove some preferences as suggested by Thorin. - - - - - 1 changed file: - browser/app/profile/001-base-profile.js Changes: ===================================== browser/app/profile/001-base-profile.js ===================================== @@ -101,6 +101,12 @@ pref("browser.pagethumbnails.capturing_disabled", true); // pref("privacy.exposeContentTitleInWindow", false); // pref("privacy.exposeContentTitleInWindow.pbm", false); +// tor-browser#42054: Opt-out from any built-in backup system, even though +// local, as it might be a violation of our standalone mode. +// Users can still opt-in if they wish. +pref("browser.backup.enabled", false); +pref("browser.backup.scheduled.enabled", false); + // Empty clipboard content from private windows on exit (tor-browser#42154) pref("browser.privatebrowsing.preserveClipboard", false); @@ -251,6 +257,9 @@ pref("privacy.trackingprotection.fingerprinting.enabled", false); pref("privacy.trackingprotection.socialtracking.enabled", false); pref("privacy.socialtracking.block_cookies.enabled", false); pref("privacy.annotate_channels.strict_list.enabled", false); +// tor-browser#43178: for defense-in-depth, avoid remote overrides to FPP. +// Notice that it should not apply to RFP anyway... +pref("privacy.fingerprintingProtection.remoteOverrides.enabled", false); // Disable the Pocket extension (Bug #18886 and #31602) pref("extensions.pocket.enabled", false); @@ -284,6 +293,9 @@ pref("browser.newtabpage.activity-stream.asrouter.providers.messaging-experiment // Disable fetching asrouter.ftl and related console errors (tor-browser#40763). pref("browser.newtabpage.activity-stream.asrouter.useRemoteL10n", false); +// tor-browser#42054: make sure search result telemetry is disabled. +pref("browser.search.serpEventTelemetryCategorization.enabled", false); + // tor-browser#42872, #42555: Disable translations. // Translation have a bad UX in 128 (and with our config). Maybe we will // re-enable after auditing and fixing the UX. @@ -444,9 +456,6 @@ pref("pdfjs.disabled", false, locked); #endif // Bug 40057: Ensure system colors are not used for CSS4 colors pref("browser.display.use_system_colors", false); -// Enforce non-native widget theme (true by default, defense in depth). -// Provides a uniform look and feel across platforms. Added with tor-browser#41496. -pref("widget.non-native-theme.enabled", true); // tor-browser#41676: Set the TZ environment variable as a defense-in-depth. // TODO: Remove this in ESR-128, as it has been removed in 116 with Bug 1837582. pref("privacy.resistFingerprinting.testing.setTZtoUTC", true); @@ -524,7 +533,9 @@ pref("network.http.http2.websockets", true, locked); pref("network.http.http2.enable-hpack-dump", false, locked); // tor-browser#23044: Make sure we don't have any GIO supported protocols -// (defense in depth measure) +// (defense in depth measure). +// As of Firefox 118 (Bug 1843763), upstream does not add any protocol by +// default, but setting it to blank seems a good idea (tor-browser#42054). pref("network.gio.supported-protocols", ""); pref("media.peerconnection.enabled", false); // Disable WebRTC interfaces // Mullvad Browser enables WebRTC by default, meaning that there the following prefs @@ -631,9 +642,6 @@ pref("security.cert_pinning.enforcement_level", 2); // Don't load OS client certs. pref("security.osclientcerts.autoload", false); -// Don't allow MitM via Microsoft Family Safety, see bug 21686 -pref("security.family_safety.mode", 0); - // Don't allow MitM via enterprise roots, see bug 30681 pref("security.enterprise_roots.enabled", false); View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/b8610ea… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/b8610ea… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][tor-browser-128.3.0esr-14.0-1] fixup! Firefox preference overrides.
by morgan (＠morgan) 02 Oct '24

02 Oct '24

morgan pushed to branch tor-browser-128.3.0esr-14.0-1 at The Tor Project / Applications / Tor Browser Commits: 816dae39 by Pier Angelo Vendrame at 2024-10-02T19:32:59+00:00 fixup! Firefox preference overrides. Bug 42054: ESR128: investigate - thorin's list. Set or remove some preferences as suggested by Thorin. - - - - - 1 changed file: - browser/app/profile/001-base-profile.js Changes: ===================================== browser/app/profile/001-base-profile.js ===================================== @@ -101,6 +101,12 @@ pref("browser.pagethumbnails.capturing_disabled", true); // pref("privacy.exposeContentTitleInWindow", false); // pref("privacy.exposeContentTitleInWindow.pbm", false); +// tor-browser#42054: Opt-out from any built-in backup system, even though +// local, as it might be a violation of our standalone mode. +// Users can still opt-in if they wish. +pref("browser.backup.enabled", false); +pref("browser.backup.scheduled.enabled", false); + // Empty clipboard content from private windows on exit (tor-browser#42154) pref("browser.privatebrowsing.preserveClipboard", false); @@ -251,6 +257,9 @@ pref("privacy.trackingprotection.fingerprinting.enabled", false); pref("privacy.trackingprotection.socialtracking.enabled", false); pref("privacy.socialtracking.block_cookies.enabled", false); pref("privacy.annotate_channels.strict_list.enabled", false); +// tor-browser#43178: for defense-in-depth, avoid remote overrides to FPP. +// Notice that it should not apply to RFP anyway... +pref("privacy.fingerprintingProtection.remoteOverrides.enabled", false); // Disable the Pocket extension (Bug #18886 and #31602) pref("extensions.pocket.enabled", false); @@ -284,6 +293,9 @@ pref("browser.newtabpage.activity-stream.asrouter.providers.messaging-experiment // Disable fetching asrouter.ftl and related console errors (tor-browser#40763). pref("browser.newtabpage.activity-stream.asrouter.useRemoteL10n", false); +// tor-browser#42054: make sure search result telemetry is disabled. +pref("browser.search.serpEventTelemetryCategorization.enabled", false); + // tor-browser#42872, #42555: Disable translations. // Translation have a bad UX in 128 (and with our config). Maybe we will // re-enable after auditing and fixing the UX. @@ -444,9 +456,6 @@ pref("pdfjs.disabled", false, locked); #endif // Bug 40057: Ensure system colors are not used for CSS4 colors pref("browser.display.use_system_colors", false); -// Enforce non-native widget theme (true by default, defense in depth). -// Provides a uniform look and feel across platforms. Added with tor-browser#41496. -pref("widget.non-native-theme.enabled", true); // tor-browser#41676: Set the TZ environment variable as a defense-in-depth. // TODO: Remove this in ESR-128, as it has been removed in 116 with Bug 1837582. pref("privacy.resistFingerprinting.testing.setTZtoUTC", true); @@ -524,7 +533,9 @@ pref("network.http.http2.websockets", true, locked); pref("network.http.http2.enable-hpack-dump", false, locked); // tor-browser#23044: Make sure we don't have any GIO supported protocols -// (defense in depth measure) +// (defense in depth measure). +// As of Firefox 118 (Bug 1843763), upstream does not add any protocol by +// default, but setting it to blank seems a good idea (tor-browser#42054). pref("network.gio.supported-protocols", ""); pref("media.peerconnection.enabled", false); // Disable WebRTC interfaces // Mullvad Browser enables WebRTC by default, meaning that there the following prefs @@ -631,9 +642,6 @@ pref("security.cert_pinning.enforcement_level", 2); // Don't load OS client certs. pref("security.osclientcerts.autoload", false); -// Don't allow MitM via Microsoft Family Safety, see bug 21686 -pref("security.family_safety.mode", 0); - // Don't allow MitM via enterprise roots, see bug 30681 pref("security.enterprise_roots.enabled", false); View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/816dae3… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/816dae3… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/mullvad-browser][mullvad-browser-128.3.0esr-14.0-1] 2 commits: Bug 1607032: Spoof screen orientation and angle to primary values. r=tjr, geckoview-reviewers, owlish
by morgan (＠morgan) 02 Oct '24

02 Oct '24

morgan pushed to branch mullvad-browser-128.3.0esr-14.0-1 at The Tor Project / Applications / Mullvad Browser Commits: 0c49d19c by Fatih at 2024-10-02T19:27:24+00:00 Bug 1607032: Spoof screen orientation and angle to primary values. r=tjr,geckoview-reviewers,owlish Differential Revision: https://phabricator.services.mozilla.com/D220904 - - - - - 0fb83408 by Fatih at 2024-10-02T19:27:24+00:00 Bug 1918202: Spoof orientation based on screen size. r=tjr Differential Revision: https://phabricator.services.mozilla.com/D221863 - - - - - 6 changed files: - dom/base/ScreenOrientation.cpp - dom/base/nsGlobalWindowInner.cpp - dom/base/test/chrome/bug418986-1.js - hal/android/AndroidHal.cpp - toolkit/components/resistfingerprinting/nsRFPService.cpp - toolkit/components/resistfingerprinting/nsRFPService.h Changes: ===================================== dom/base/ScreenOrientation.cpp ===================================== @@ -626,7 +626,13 @@ void ScreenOrientation::CleanupFullscreenListener() { OrientationType ScreenOrientation::DeviceType(CallerType aCallerType) const { if (nsContentUtils::ShouldResistFingerprinting( aCallerType, GetOwnerGlobal(), RFPTarget::ScreenOrientation)) { - return OrientationType::Landscape_primary; + Document* doc = GetResponsibleDocument(); + BrowsingContext* bc = doc ? doc->GetBrowsingContext() : nullptr; + if (!bc) { + return nsRFPService::GetDefaultOrientationType(); + } + CSSIntSize size = bc->GetTopInnerSizeForRFP(); + return nsRFPService::ViewportSizeToOrientationType(size.width, size.height); } return mType; } @@ -634,18 +640,19 @@ OrientationType ScreenOrientation::DeviceType(CallerType aCallerType) const { uint16_t ScreenOrientation::DeviceAngle(CallerType aCallerType) const { if (nsContentUtils::ShouldResistFingerprinting( aCallerType, GetOwnerGlobal(), RFPTarget::ScreenOrientation)) { - return 0; + Document* doc = GetResponsibleDocument(); + BrowsingContext* bc = doc ? doc->GetBrowsingContext() : nullptr; + if (!bc) { + return 0; + } + CSSIntSize size = bc->GetTopInnerSizeForRFP(); + return nsRFPService::ViewportSizeToAngle(size.width, size.height); } return mAngle; } OrientationType ScreenOrientation::GetType(CallerType aCallerType, ErrorResult& aRv) const { - if (nsContentUtils::ShouldResistFingerprinting( - aCallerType, GetOwnerGlobal(), RFPTarget::ScreenOrientation)) { - return OrientationType::Landscape_primary; - } - Document* doc = GetResponsibleDocument(); BrowsingContext* bc = doc ? doc->GetBrowsingContext() : nullptr; if (!bc) { @@ -653,16 +660,17 @@ OrientationType ScreenOrientation::GetType(CallerType aCallerType, return OrientationType::Portrait_primary; } - return bc->GetCurrentOrientationType(); -} - -uint16_t ScreenOrientation::GetAngle(CallerType aCallerType, - ErrorResult& aRv) const { + OrientationType orientation = bc->GetCurrentOrientationType(); if (nsContentUtils::ShouldResistFingerprinting( aCallerType, GetOwnerGlobal(), RFPTarget::ScreenOrientation)) { - return 0; + CSSIntSize size = bc->GetTopInnerSizeForRFP(); + return nsRFPService::ViewportSizeToOrientationType(size.width, size.height); } + return orientation; +} +uint16_t ScreenOrientation::GetAngle(CallerType aCallerType, + ErrorResult& aRv) const { Document* doc = GetResponsibleDocument(); BrowsingContext* bc = doc ? doc->GetBrowsingContext() : nullptr; if (!bc) { @@ -670,7 +678,13 @@ uint16_t ScreenOrientation::GetAngle(CallerType aCallerType, return 0; } - return bc->GetCurrentOrientationAngle(); + uint16_t angle = static_cast<uint16_t>(bc->GetCurrentOrientationAngle()); + if (nsContentUtils::ShouldResistFingerprinting( + aCallerType, GetOwnerGlobal(), RFPTarget::ScreenOrientation)) { + CSSIntSize size = bc->GetTopInnerSizeForRFP(); + return nsRFPService::ViewportSizeToAngle(size.width, size.height); + } + return angle; } ScreenOrientation::LockPermission ===================================== dom/base/nsGlobalWindowInner.cpp ===================================== @@ -7306,11 +7306,13 @@ void nsGlobalWindowInner::InitWasOffline() { mWasOffline = NS_IsOffline(); } int16_t nsGlobalWindowInner::Orientation(CallerType aCallerType) { // GetOrientationAngle() returns 0, 90, 180 or 270. // window.orientation returns -90, 0, 90 or 180. + uint16_t screenAngle = Screen()->GetOrientationAngle(); if (nsIGlobalObject::ShouldResistFingerprinting( aCallerType, RFPTarget::ScreenOrientation)) { - return 0; + CSSIntSize size = mBrowsingContext->GetTopInnerSizeForRFP(); + screenAngle = nsRFPService::ViewportSizeToAngle(size.width, size.height); } - int16_t angle = AssertedCast<int16_t>(Screen()->GetOrientationAngle()); + int16_t angle = AssertedCast<int16_t>(screenAngle); return angle <= 180 ? angle : angle - 360; } ===================================== dom/base/test/chrome/bug418986-1.js ===================================== @@ -32,9 +32,6 @@ var test = function (isContent) { ["screen.availTop", 0], ["screen.width", "outerWidth"], ["screen.height", "outerHeight"], - ["screen.orientation.type", "'landscape-primary'"], - ["screen.orientation.angle", 0], - ["screen.mozOrientation", "'landscape-primary'"], ["devicePixelRatio", 2], ]; ===================================== hal/android/AndroidHal.cpp ===================================== @@ -79,19 +79,20 @@ void GetCurrentNetworkInformation(hal::NetworkInformation* aNetworkInfo) { static bool IsSupportedScreenOrientation(hal::ScreenOrientation aOrientation) { // The Android backend only supports these orientations. - static constexpr ScreenOrientation kSupportedOrientations[] = { - ScreenOrientation::PortraitPrimary, - ScreenOrientation::PortraitSecondary, - ScreenOrientation::PortraitPrimary | ScreenOrientation::PortraitSecondary, - ScreenOrientation::LandscapePrimary, - ScreenOrientation::LandscapeSecondary, - ScreenOrientation::LandscapePrimary | - ScreenOrientation::LandscapeSecondary, - ScreenOrientation::PortraitPrimary | - ScreenOrientation::PortraitSecondary | - ScreenOrientation::LandscapePrimary | - ScreenOrientation::LandscapeSecondary, - ScreenOrientation::Default, + static constexpr hal::ScreenOrientation kSupportedOrientations[] = { + hal::ScreenOrientation::PortraitPrimary, + hal::ScreenOrientation::PortraitSecondary, + hal::ScreenOrientation::PortraitPrimary | + hal::ScreenOrientation::PortraitSecondary, + hal::ScreenOrientation::LandscapePrimary, + hal::ScreenOrientation::LandscapeSecondary, + hal::ScreenOrientation::LandscapePrimary | + hal::ScreenOrientation::LandscapeSecondary, + hal::ScreenOrientation::PortraitPrimary | + hal::ScreenOrientation::PortraitSecondary | + hal::ScreenOrientation::LandscapePrimary | + hal::ScreenOrientation::LandscapeSecondary, + hal::ScreenOrientation::Default, }; for (auto supportedOrientation : kSupportedOrientations) { if (aOrientation == supportedOrientation) { ===================================== toolkit/components/resistfingerprinting/nsRFPService.cpp ===================================== @@ -2284,3 +2284,34 @@ Maybe<RFPTarget> nsRFPService::GetOverriddenFingerprintingSettingsForURI( return result; } + +/* static */ +uint16_t nsRFPService::ViewportSizeToAngle(int32_t aWidth, int32_t aHeight) { +#ifdef MOZ_WIDGET_ANDROID + bool neutral = aHeight >= aWidth; +#else + bool neutral = aWidth >= aHeight; +#endif + if (neutral) { + return 0; + } + return 90; +} + +/* static */ +dom::OrientationType nsRFPService::ViewportSizeToOrientationType( + int32_t aWidth, int32_t aHeight) { + if (aWidth >= aHeight) { + return dom::OrientationType::Landscape_primary; + } + return dom::OrientationType::Portrait_primary; +} + +/* static */ +dom::OrientationType nsRFPService::GetDefaultOrientationType() { +#ifdef MOZ_WIDGET_ANDROID + return dom::OrientationType::Portrait_primary; +#else + return dom::OrientationType::Landscape_primary; +#endif +} ===================================== toolkit/components/resistfingerprinting/nsRFPService.h ===================================== @@ -14,6 +14,7 @@ #include "mozilla/ContentBlockingLog.h" #include "mozilla/gfx/Types.h" #include "mozilla/TypedEnumBits.h" +#include "mozilla/dom/ScreenOrientationBinding.h" #include "js/RealmOptions.h" #include "nsHashtablesFwd.h" #include "nsICookieJarSettings.h" @@ -368,6 +369,16 @@ class nsRFPService final : public nsIObserver, public nsIRFPService { static bool CheckSuspiciousFingerprintingActivity( nsTArray<ContentBlockingLog::LogEntry>& aLogs); + // Converts the viewport size to the angle. + static uint16_t ViewportSizeToAngle(int32_t aWidth, int32_t aHeight); + + // Converts the viewport size to the orientation type. + static dom::OrientationType ViewportSizeToOrientationType(int32_t aWidth, + int32_t aHeight); + + // Returns the default orientation type for the given platform. + static dom::OrientationType GetDefaultOrientationType(); + private: nsresult Init(); View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/compare/92… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/compare/92… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][base-browser-128.3.0esr-14.0-1] 2 commits: Bug 1607032: Spoof screen orientation and angle to primary values. r=tjr, geckoview-reviewers, owlish
by morgan (＠morgan) 02 Oct '24

02 Oct '24

morgan pushed to branch base-browser-128.3.0esr-14.0-1 at The Tor Project / Applications / Tor Browser Commits: 9f066a06 by Fatih at 2024-10-02T19:25:48+00:00 Bug 1607032: Spoof screen orientation and angle to primary values. r=tjr,geckoview-reviewers,owlish Differential Revision: https://phabricator.services.mozilla.com/D220904 - - - - - 6112a1c3 by Fatih at 2024-10-02T19:25:48+00:00 Bug 1918202: Spoof orientation based on screen size. r=tjr Differential Revision: https://phabricator.services.mozilla.com/D221863 - - - - - 6 changed files: - dom/base/ScreenOrientation.cpp - dom/base/nsGlobalWindowInner.cpp - dom/base/test/chrome/bug418986-1.js - hal/android/AndroidHal.cpp - toolkit/components/resistfingerprinting/nsRFPService.cpp - toolkit/components/resistfingerprinting/nsRFPService.h Changes: ===================================== dom/base/ScreenOrientation.cpp ===================================== @@ -626,7 +626,13 @@ void ScreenOrientation::CleanupFullscreenListener() { OrientationType ScreenOrientation::DeviceType(CallerType aCallerType) const { if (nsContentUtils::ShouldResistFingerprinting( aCallerType, GetOwnerGlobal(), RFPTarget::ScreenOrientation)) { - return OrientationType::Landscape_primary; + Document* doc = GetResponsibleDocument(); + BrowsingContext* bc = doc ? doc->GetBrowsingContext() : nullptr; + if (!bc) { + return nsRFPService::GetDefaultOrientationType(); + } + CSSIntSize size = bc->GetTopInnerSizeForRFP(); + return nsRFPService::ViewportSizeToOrientationType(size.width, size.height); } return mType; } @@ -634,18 +640,19 @@ OrientationType ScreenOrientation::DeviceType(CallerType aCallerType) const { uint16_t ScreenOrientation::DeviceAngle(CallerType aCallerType) const { if (nsContentUtils::ShouldResistFingerprinting( aCallerType, GetOwnerGlobal(), RFPTarget::ScreenOrientation)) { - return 0; + Document* doc = GetResponsibleDocument(); + BrowsingContext* bc = doc ? doc->GetBrowsingContext() : nullptr; + if (!bc) { + return 0; + } + CSSIntSize size = bc->GetTopInnerSizeForRFP(); + return nsRFPService::ViewportSizeToAngle(size.width, size.height); } return mAngle; } OrientationType ScreenOrientation::GetType(CallerType aCallerType, ErrorResult& aRv) const { - if (nsContentUtils::ShouldResistFingerprinting( - aCallerType, GetOwnerGlobal(), RFPTarget::ScreenOrientation)) { - return OrientationType::Landscape_primary; - } - Document* doc = GetResponsibleDocument(); BrowsingContext* bc = doc ? doc->GetBrowsingContext() : nullptr; if (!bc) { @@ -653,16 +660,17 @@ OrientationType ScreenOrientation::GetType(CallerType aCallerType, return OrientationType::Portrait_primary; } - return bc->GetCurrentOrientationType(); -} - -uint16_t ScreenOrientation::GetAngle(CallerType aCallerType, - ErrorResult& aRv) const { + OrientationType orientation = bc->GetCurrentOrientationType(); if (nsContentUtils::ShouldResistFingerprinting( aCallerType, GetOwnerGlobal(), RFPTarget::ScreenOrientation)) { - return 0; + CSSIntSize size = bc->GetTopInnerSizeForRFP(); + return nsRFPService::ViewportSizeToOrientationType(size.width, size.height); } + return orientation; +} +uint16_t ScreenOrientation::GetAngle(CallerType aCallerType, + ErrorResult& aRv) const { Document* doc = GetResponsibleDocument(); BrowsingContext* bc = doc ? doc->GetBrowsingContext() : nullptr; if (!bc) { @@ -670,7 +678,13 @@ uint16_t ScreenOrientation::GetAngle(CallerType aCallerType, return 0; } - return bc->GetCurrentOrientationAngle(); + uint16_t angle = static_cast<uint16_t>(bc->GetCurrentOrientationAngle()); + if (nsContentUtils::ShouldResistFingerprinting( + aCallerType, GetOwnerGlobal(), RFPTarget::ScreenOrientation)) { + CSSIntSize size = bc->GetTopInnerSizeForRFP(); + return nsRFPService::ViewportSizeToAngle(size.width, size.height); + } + return angle; } ScreenOrientation::LockPermission ===================================== dom/base/nsGlobalWindowInner.cpp ===================================== @@ -7306,11 +7306,13 @@ void nsGlobalWindowInner::InitWasOffline() { mWasOffline = NS_IsOffline(); } int16_t nsGlobalWindowInner::Orientation(CallerType aCallerType) { // GetOrientationAngle() returns 0, 90, 180 or 270. // window.orientation returns -90, 0, 90 or 180. + uint16_t screenAngle = Screen()->GetOrientationAngle(); if (nsIGlobalObject::ShouldResistFingerprinting( aCallerType, RFPTarget::ScreenOrientation)) { - return 0; + CSSIntSize size = mBrowsingContext->GetTopInnerSizeForRFP(); + screenAngle = nsRFPService::ViewportSizeToAngle(size.width, size.height); } - int16_t angle = AssertedCast<int16_t>(Screen()->GetOrientationAngle()); + int16_t angle = AssertedCast<int16_t>(screenAngle); return angle <= 180 ? angle : angle - 360; } ===================================== dom/base/test/chrome/bug418986-1.js ===================================== @@ -32,9 +32,6 @@ var test = function (isContent) { ["screen.availTop", 0], ["screen.width", "outerWidth"], ["screen.height", "outerHeight"], - ["screen.orientation.type", "'landscape-primary'"], - ["screen.orientation.angle", 0], - ["screen.mozOrientation", "'landscape-primary'"], ["devicePixelRatio", 2], ]; ===================================== hal/android/AndroidHal.cpp ===================================== @@ -79,19 +79,20 @@ void GetCurrentNetworkInformation(hal::NetworkInformation* aNetworkInfo) { static bool IsSupportedScreenOrientation(hal::ScreenOrientation aOrientation) { // The Android backend only supports these orientations. - static constexpr ScreenOrientation kSupportedOrientations[] = { - ScreenOrientation::PortraitPrimary, - ScreenOrientation::PortraitSecondary, - ScreenOrientation::PortraitPrimary | ScreenOrientation::PortraitSecondary, - ScreenOrientation::LandscapePrimary, - ScreenOrientation::LandscapeSecondary, - ScreenOrientation::LandscapePrimary | - ScreenOrientation::LandscapeSecondary, - ScreenOrientation::PortraitPrimary | - ScreenOrientation::PortraitSecondary | - ScreenOrientation::LandscapePrimary | - ScreenOrientation::LandscapeSecondary, - ScreenOrientation::Default, + static constexpr hal::ScreenOrientation kSupportedOrientations[] = { + hal::ScreenOrientation::PortraitPrimary, + hal::ScreenOrientation::PortraitSecondary, + hal::ScreenOrientation::PortraitPrimary | + hal::ScreenOrientation::PortraitSecondary, + hal::ScreenOrientation::LandscapePrimary, + hal::ScreenOrientation::LandscapeSecondary, + hal::ScreenOrientation::LandscapePrimary | + hal::ScreenOrientation::LandscapeSecondary, + hal::ScreenOrientation::PortraitPrimary | + hal::ScreenOrientation::PortraitSecondary | + hal::ScreenOrientation::LandscapePrimary | + hal::ScreenOrientation::LandscapeSecondary, + hal::ScreenOrientation::Default, }; for (auto supportedOrientation : kSupportedOrientations) { if (aOrientation == supportedOrientation) { ===================================== toolkit/components/resistfingerprinting/nsRFPService.cpp ===================================== @@ -2284,3 +2284,34 @@ Maybe<RFPTarget> nsRFPService::GetOverriddenFingerprintingSettingsForURI( return result; } + +/* static */ +uint16_t nsRFPService::ViewportSizeToAngle(int32_t aWidth, int32_t aHeight) { +#ifdef MOZ_WIDGET_ANDROID + bool neutral = aHeight >= aWidth; +#else + bool neutral = aWidth >= aHeight; +#endif + if (neutral) { + return 0; + } + return 90; +} + +/* static */ +dom::OrientationType nsRFPService::ViewportSizeToOrientationType( + int32_t aWidth, int32_t aHeight) { + if (aWidth >= aHeight) { + return dom::OrientationType::Landscape_primary; + } + return dom::OrientationType::Portrait_primary; +} + +/* static */ +dom::OrientationType nsRFPService::GetDefaultOrientationType() { +#ifdef MOZ_WIDGET_ANDROID + return dom::OrientationType::Portrait_primary; +#else + return dom::OrientationType::Landscape_primary; +#endif +} ===================================== toolkit/components/resistfingerprinting/nsRFPService.h ===================================== @@ -14,6 +14,7 @@ #include "mozilla/ContentBlockingLog.h" #include "mozilla/gfx/Types.h" #include "mozilla/TypedEnumBits.h" +#include "mozilla/dom/ScreenOrientationBinding.h" #include "js/RealmOptions.h" #include "nsHashtablesFwd.h" #include "nsICookieJarSettings.h" @@ -368,6 +369,16 @@ class nsRFPService final : public nsIObserver, public nsIRFPService { static bool CheckSuspiciousFingerprintingActivity( nsTArray<ContentBlockingLog::LogEntry>& aLogs); + // Converts the viewport size to the angle. + static uint16_t ViewportSizeToAngle(int32_t aWidth, int32_t aHeight); + + // Converts the viewport size to the orientation type. + static dom::OrientationType ViewportSizeToOrientationType(int32_t aWidth, + int32_t aHeight); + + // Returns the default orientation type for the given platform. + static dom::OrientationType GetDefaultOrientationType(); + private: nsresult Init(); View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/compare/dbdddf… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/compare/dbdddf… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][tor-browser-128.3.0esr-14.0-1] 2 commits: Bug 1607032: Spoof screen orientation and angle to primary values. r=tjr, geckoview-reviewers, owlish
by morgan (＠morgan) 02 Oct '24

02 Oct '24

morgan pushed to branch tor-browser-128.3.0esr-14.0-1 at The Tor Project / Applications / Tor Browser Commits: 89b45eb4 by Fatih at 2024-10-02T18:59:01+00:00 Bug 1607032: Spoof screen orientation and angle to primary values. r=tjr,geckoview-reviewers,owlish Differential Revision: https://phabricator.services.mozilla.com/D220904 - - - - - 084cb5b9 by Fatih at 2024-10-02T18:59:01+00:00 Bug 1918202: Spoof orientation based on screen size. r=tjr Differential Revision: https://phabricator.services.mozilla.com/D221863 - - - - - 6 changed files: - dom/base/ScreenOrientation.cpp - dom/base/nsGlobalWindowInner.cpp - dom/base/test/chrome/bug418986-1.js - hal/android/AndroidHal.cpp - toolkit/components/resistfingerprinting/nsRFPService.cpp - toolkit/components/resistfingerprinting/nsRFPService.h Changes: ===================================== dom/base/ScreenOrientation.cpp ===================================== @@ -626,7 +626,13 @@ void ScreenOrientation::CleanupFullscreenListener() { OrientationType ScreenOrientation::DeviceType(CallerType aCallerType) const { if (nsContentUtils::ShouldResistFingerprinting( aCallerType, GetOwnerGlobal(), RFPTarget::ScreenOrientation)) { - return OrientationType::Landscape_primary; + Document* doc = GetResponsibleDocument(); + BrowsingContext* bc = doc ? doc->GetBrowsingContext() : nullptr; + if (!bc) { + return nsRFPService::GetDefaultOrientationType(); + } + CSSIntSize size = bc->GetTopInnerSizeForRFP(); + return nsRFPService::ViewportSizeToOrientationType(size.width, size.height); } return mType; } @@ -634,18 +640,19 @@ OrientationType ScreenOrientation::DeviceType(CallerType aCallerType) const { uint16_t ScreenOrientation::DeviceAngle(CallerType aCallerType) const { if (nsContentUtils::ShouldResistFingerprinting( aCallerType, GetOwnerGlobal(), RFPTarget::ScreenOrientation)) { - return 0; + Document* doc = GetResponsibleDocument(); + BrowsingContext* bc = doc ? doc->GetBrowsingContext() : nullptr; + if (!bc) { + return 0; + } + CSSIntSize size = bc->GetTopInnerSizeForRFP(); + return nsRFPService::ViewportSizeToAngle(size.width, size.height); } return mAngle; } OrientationType ScreenOrientation::GetType(CallerType aCallerType, ErrorResult& aRv) const { - if (nsContentUtils::ShouldResistFingerprinting( - aCallerType, GetOwnerGlobal(), RFPTarget::ScreenOrientation)) { - return OrientationType::Landscape_primary; - } - Document* doc = GetResponsibleDocument(); BrowsingContext* bc = doc ? doc->GetBrowsingContext() : nullptr; if (!bc) { @@ -653,16 +660,17 @@ OrientationType ScreenOrientation::GetType(CallerType aCallerType, return OrientationType::Portrait_primary; } - return bc->GetCurrentOrientationType(); -} - -uint16_t ScreenOrientation::GetAngle(CallerType aCallerType, - ErrorResult& aRv) const { + OrientationType orientation = bc->GetCurrentOrientationType(); if (nsContentUtils::ShouldResistFingerprinting( aCallerType, GetOwnerGlobal(), RFPTarget::ScreenOrientation)) { - return 0; + CSSIntSize size = bc->GetTopInnerSizeForRFP(); + return nsRFPService::ViewportSizeToOrientationType(size.width, size.height); } + return orientation; +} +uint16_t ScreenOrientation::GetAngle(CallerType aCallerType, + ErrorResult& aRv) const { Document* doc = GetResponsibleDocument(); BrowsingContext* bc = doc ? doc->GetBrowsingContext() : nullptr; if (!bc) { @@ -670,7 +678,13 @@ uint16_t ScreenOrientation::GetAngle(CallerType aCallerType, return 0; } - return bc->GetCurrentOrientationAngle(); + uint16_t angle = static_cast<uint16_t>(bc->GetCurrentOrientationAngle()); + if (nsContentUtils::ShouldResistFingerprinting( + aCallerType, GetOwnerGlobal(), RFPTarget::ScreenOrientation)) { + CSSIntSize size = bc->GetTopInnerSizeForRFP(); + return nsRFPService::ViewportSizeToAngle(size.width, size.height); + } + return angle; } ScreenOrientation::LockPermission ===================================== dom/base/nsGlobalWindowInner.cpp ===================================== @@ -7306,11 +7306,13 @@ void nsGlobalWindowInner::InitWasOffline() { mWasOffline = NS_IsOffline(); } int16_t nsGlobalWindowInner::Orientation(CallerType aCallerType) { // GetOrientationAngle() returns 0, 90, 180 or 270. // window.orientation returns -90, 0, 90 or 180. + uint16_t screenAngle = Screen()->GetOrientationAngle(); if (nsIGlobalObject::ShouldResistFingerprinting( aCallerType, RFPTarget::ScreenOrientation)) { - return 0; + CSSIntSize size = mBrowsingContext->GetTopInnerSizeForRFP(); + screenAngle = nsRFPService::ViewportSizeToAngle(size.width, size.height); } - int16_t angle = AssertedCast<int16_t>(Screen()->GetOrientationAngle()); + int16_t angle = AssertedCast<int16_t>(screenAngle); return angle <= 180 ? angle : angle - 360; } ===================================== dom/base/test/chrome/bug418986-1.js ===================================== @@ -32,9 +32,6 @@ var test = function (isContent) { ["screen.availTop", 0], ["screen.width", "outerWidth"], ["screen.height", "outerHeight"], - ["screen.orientation.type", "'landscape-primary'"], - ["screen.orientation.angle", 0], - ["screen.mozOrientation", "'landscape-primary'"], ["devicePixelRatio", 2], ]; ===================================== hal/android/AndroidHal.cpp ===================================== @@ -79,19 +79,20 @@ void GetCurrentNetworkInformation(hal::NetworkInformation* aNetworkInfo) { static bool IsSupportedScreenOrientation(hal::ScreenOrientation aOrientation) { // The Android backend only supports these orientations. - static constexpr ScreenOrientation kSupportedOrientations[] = { - ScreenOrientation::PortraitPrimary, - ScreenOrientation::PortraitSecondary, - ScreenOrientation::PortraitPrimary | ScreenOrientation::PortraitSecondary, - ScreenOrientation::LandscapePrimary, - ScreenOrientation::LandscapeSecondary, - ScreenOrientation::LandscapePrimary | - ScreenOrientation::LandscapeSecondary, - ScreenOrientation::PortraitPrimary | - ScreenOrientation::PortraitSecondary | - ScreenOrientation::LandscapePrimary | - ScreenOrientation::LandscapeSecondary, - ScreenOrientation::Default, + static constexpr hal::ScreenOrientation kSupportedOrientations[] = { + hal::ScreenOrientation::PortraitPrimary, + hal::ScreenOrientation::PortraitSecondary, + hal::ScreenOrientation::PortraitPrimary | + hal::ScreenOrientation::PortraitSecondary, + hal::ScreenOrientation::LandscapePrimary, + hal::ScreenOrientation::LandscapeSecondary, + hal::ScreenOrientation::LandscapePrimary | + hal::ScreenOrientation::LandscapeSecondary, + hal::ScreenOrientation::PortraitPrimary | + hal::ScreenOrientation::PortraitSecondary | + hal::ScreenOrientation::LandscapePrimary | + hal::ScreenOrientation::LandscapeSecondary, + hal::ScreenOrientation::Default, }; for (auto supportedOrientation : kSupportedOrientations) { if (aOrientation == supportedOrientation) { ===================================== toolkit/components/resistfingerprinting/nsRFPService.cpp ===================================== @@ -2284,3 +2284,34 @@ Maybe<RFPTarget> nsRFPService::GetOverriddenFingerprintingSettingsForURI( return result; } + +/* static */ +uint16_t nsRFPService::ViewportSizeToAngle(int32_t aWidth, int32_t aHeight) { +#ifdef MOZ_WIDGET_ANDROID + bool neutral = aHeight >= aWidth; +#else + bool neutral = aWidth >= aHeight; +#endif + if (neutral) { + return 0; + } + return 90; +} + +/* static */ +dom::OrientationType nsRFPService::ViewportSizeToOrientationType( + int32_t aWidth, int32_t aHeight) { + if (aWidth >= aHeight) { + return dom::OrientationType::Landscape_primary; + } + return dom::OrientationType::Portrait_primary; +} + +/* static */ +dom::OrientationType nsRFPService::GetDefaultOrientationType() { +#ifdef MOZ_WIDGET_ANDROID + return dom::OrientationType::Portrait_primary; +#else + return dom::OrientationType::Landscape_primary; +#endif +} ===================================== toolkit/components/resistfingerprinting/nsRFPService.h ===================================== @@ -14,6 +14,7 @@ #include "mozilla/ContentBlockingLog.h" #include "mozilla/gfx/Types.h" #include "mozilla/TypedEnumBits.h" +#include "mozilla/dom/ScreenOrientationBinding.h" #include "js/RealmOptions.h" #include "nsHashtablesFwd.h" #include "nsICookieJarSettings.h" @@ -368,6 +369,16 @@ class nsRFPService final : public nsIObserver, public nsIRFPService { static bool CheckSuspiciousFingerprintingActivity( nsTArray<ContentBlockingLog::LogEntry>& aLogs); + // Converts the viewport size to the angle. + static uint16_t ViewportSizeToAngle(int32_t aWidth, int32_t aHeight); + + // Converts the viewport size to the orientation type. + static dom::OrientationType ViewportSizeToOrientationType(int32_t aWidth, + int32_t aHeight); + + // Returns the default orientation type for the given platform. + static dom::OrientationType GetDefaultOrientationType(); + private: nsresult Init(); View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/compare/c4c73e… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/compare/c4c73e… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/mullvad-browser][mullvad-browser-128.3.0esr-14.0-1] Bug 1918009 - Fix the RFP-spoofed User-Agent header. r=tjr
by morgan (＠morgan) 02 Oct '24

02 Oct '24

morgan pushed to branch mullvad-browser-128.3.0esr-14.0-1 at The Tor Project / Applications / Mullvad Browser Commits: 92d9fad9 by Pier Angelo Vendrame at 2024-10-02T18:50:03+00:00 Bug 1918009 - Fix the RFP-spoofed User-Agent header. r=tjr The spoofed value of the HTTP user-agent header is not consistent with the value of navigator.userAgent on Windows, and this can lead to compatibility issues. Differential Revision: https://phabricator.services.mozilla.com/D223745 - - - - - 3 changed files: - browser/components/resistfingerprinting/test/browser/browser_navigator.js - browser/components/resistfingerprinting/test/browser/browser_navigator_iframes.js - toolkit/components/resistfingerprinting/nsRFPService.h Changes: ===================================== browser/components/resistfingerprinting/test/browser/browser_navigator.js ===================================== @@ -115,11 +115,11 @@ const SPOOFED_UA_NAVIGATOR_OS = { other: "X11; Linux x86_64", }; const SPOOFED_UA_HTTPHEADER_OS = { - linux: "Windows NT 10.0", - win: "Windows NT 10.0", - macosx: "Windows NT 10.0", + linux: "Windows NT 10.0; Win64; x64", + win: "Windows NT 10.0; Win64; x64", + macosx: "Windows NT 10.0; Win64; x64", android: "Android 10; Mobile", - other: "Windows NT 10.0", + other: "Windows NT 10.0; Win64; x64", }; const SPOOFED_HW_CONCURRENCY = 2; ===================================== browser/components/resistfingerprinting/test/browser/browser_navigator_iframes.js ===================================== @@ -130,11 +130,11 @@ const SPOOFED_UA_NAVIGATOR_OS = { other: "X11; Linux x86_64", }; const SPOOFED_UA_HTTPHEADER_OS = { - linux: "Windows NT 10.0", - win: "Windows NT 10.0", - macosx: "Windows NT 10.0", + linux: "Windows NT 10.0; Win64; x64", + win: "Windows NT 10.0; Win64; x64", + macosx: "Windows NT 10.0; Win64; x64", android: "Android 10; Mobile", - other: "Windows NT 10.0", + other: "Windows NT 10.0; Win64; x64", }; const SPOOFED_HW_CONCURRENCY = 2; ===================================== toolkit/components/resistfingerprinting/nsRFPService.h ===================================== @@ -63,7 +63,7 @@ #if defined(MOZ_WIDGET_ANDROID) # define SPOOFED_HTTP_UA_OS "Android 10; Mobile" #else -# define SPOOFED_HTTP_UA_OS "Windows NT 10.0" +# define SPOOFED_HTTP_UA_OS "Windows NT 10.0; Win64; x64" #endif struct JSContext; View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/commit/92d… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/commit/92d… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][base-browser-128.3.0esr-14.0-1] Bug 1918009 - Fix the RFP-spoofed User-Agent header. r=tjr
by morgan (＠morgan) 02 Oct '24

02 Oct '24

morgan pushed to branch base-browser-128.3.0esr-14.0-1 at The Tor Project / Applications / Tor Browser Commits: dbdddf48 by Pier Angelo Vendrame at 2024-10-02T18:49:35+00:00 Bug 1918009 - Fix the RFP-spoofed User-Agent header. r=tjr The spoofed value of the HTTP user-agent header is not consistent with the value of navigator.userAgent on Windows, and this can lead to compatibility issues. Differential Revision: https://phabricator.services.mozilla.com/D223745 - - - - - 3 changed files: - browser/components/resistfingerprinting/test/browser/browser_navigator.js - browser/components/resistfingerprinting/test/browser/browser_navigator_iframes.js - toolkit/components/resistfingerprinting/nsRFPService.h Changes: ===================================== browser/components/resistfingerprinting/test/browser/browser_navigator.js ===================================== @@ -115,11 +115,11 @@ const SPOOFED_UA_NAVIGATOR_OS = { other: "X11; Linux x86_64", }; const SPOOFED_UA_HTTPHEADER_OS = { - linux: "Windows NT 10.0", - win: "Windows NT 10.0", - macosx: "Windows NT 10.0", + linux: "Windows NT 10.0; Win64; x64", + win: "Windows NT 10.0; Win64; x64", + macosx: "Windows NT 10.0; Win64; x64", android: "Android 10; Mobile", - other: "Windows NT 10.0", + other: "Windows NT 10.0; Win64; x64", }; const SPOOFED_HW_CONCURRENCY = 2; ===================================== browser/components/resistfingerprinting/test/browser/browser_navigator_iframes.js ===================================== @@ -130,11 +130,11 @@ const SPOOFED_UA_NAVIGATOR_OS = { other: "X11; Linux x86_64", }; const SPOOFED_UA_HTTPHEADER_OS = { - linux: "Windows NT 10.0", - win: "Windows NT 10.0", - macosx: "Windows NT 10.0", + linux: "Windows NT 10.0; Win64; x64", + win: "Windows NT 10.0; Win64; x64", + macosx: "Windows NT 10.0; Win64; x64", android: "Android 10; Mobile", - other: "Windows NT 10.0", + other: "Windows NT 10.0; Win64; x64", }; const SPOOFED_HW_CONCURRENCY = 2; ===================================== toolkit/components/resistfingerprinting/nsRFPService.h ===================================== @@ -63,7 +63,7 @@ #if defined(MOZ_WIDGET_ANDROID) # define SPOOFED_HTTP_UA_OS "Android 10; Mobile" #else -# define SPOOFED_HTTP_UA_OS "Windows NT 10.0" +# define SPOOFED_HTTP_UA_OS "Windows NT 10.0; Win64; x64" #endif struct JSContext; View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/dbdddf4… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/dbdddf4… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][tor-browser-128.3.0esr-14.0-1] Bug 1918009 - Fix the RFP-spoofed User-Agent header. r=tjr
by morgan (＠morgan) 02 Oct '24

02 Oct '24

morgan pushed to branch tor-browser-128.3.0esr-14.0-1 at The Tor Project / Applications / Tor Browser Commits: c4c73ea4 by Pier Angelo Vendrame at 2024-10-02T18:31:19+00:00 Bug 1918009 - Fix the RFP-spoofed User-Agent header. r=tjr The spoofed value of the HTTP user-agent header is not consistent with the value of navigator.userAgent on Windows, and this can lead to compatibility issues. Differential Revision: https://phabricator.services.mozilla.com/D223745 - - - - - 3 changed files: - browser/components/resistfingerprinting/test/browser/browser_navigator.js - browser/components/resistfingerprinting/test/browser/browser_navigator_iframes.js - toolkit/components/resistfingerprinting/nsRFPService.h Changes: ===================================== browser/components/resistfingerprinting/test/browser/browser_navigator.js ===================================== @@ -115,11 +115,11 @@ const SPOOFED_UA_NAVIGATOR_OS = { other: "X11; Linux x86_64", }; const SPOOFED_UA_HTTPHEADER_OS = { - linux: "Windows NT 10.0", - win: "Windows NT 10.0", - macosx: "Windows NT 10.0", + linux: "Windows NT 10.0; Win64; x64", + win: "Windows NT 10.0; Win64; x64", + macosx: "Windows NT 10.0; Win64; x64", android: "Android 10; Mobile", - other: "Windows NT 10.0", + other: "Windows NT 10.0; Win64; x64", }; const SPOOFED_HW_CONCURRENCY = 2; ===================================== browser/components/resistfingerprinting/test/browser/browser_navigator_iframes.js ===================================== @@ -130,11 +130,11 @@ const SPOOFED_UA_NAVIGATOR_OS = { other: "X11; Linux x86_64", }; const SPOOFED_UA_HTTPHEADER_OS = { - linux: "Windows NT 10.0", - win: "Windows NT 10.0", - macosx: "Windows NT 10.0", + linux: "Windows NT 10.0; Win64; x64", + win: "Windows NT 10.0; Win64; x64", + macosx: "Windows NT 10.0; Win64; x64", android: "Android 10; Mobile", - other: "Windows NT 10.0", + other: "Windows NT 10.0; Win64; x64", }; const SPOOFED_HW_CONCURRENCY = 2; ===================================== toolkit/components/resistfingerprinting/nsRFPService.h ===================================== @@ -63,7 +63,7 @@ #if defined(MOZ_WIDGET_ANDROID) # define SPOOFED_HTTP_UA_OS "Android 10; Mobile" #else -# define SPOOFED_HTTP_UA_OS "Windows NT 10.0" +# define SPOOFED_HTTP_UA_OS "Windows NT 10.0; Win64; x64" #endif struct JSContext; View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/c4c73ea… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/c4c73ea… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/mullvad-browser][mullvad-browser-128.3.0esr-14.0-1] fixup! Firefox preference overrides.
by morgan (＠morgan) 02 Oct '24

02 Oct '24

morgan pushed to branch mullvad-browser-128.3.0esr-14.0-1 at The Tor Project / Applications / Mullvad Browser Commits: 37ace560 by Morgan at 2024-10-02T17:36:53+00:00 fixup! Firefox preference overrides. Bug 43164: Prevent search-bar from being auto-hidden when not used for awhile - - - - - 1 changed file: - browser/app/profile/001-base-profile.js Changes: ===================================== browser/app/profile/001-base-profile.js ===================================== @@ -9,6 +9,11 @@ pref("intl.locale.requested", ""); pref("browser.startup.homepage", "about:blank"); pref("browser.newtabpage.enabled", false); +// tor-browser#43164: Prevent search-bar from being auto-hidden when not used for awhile +// This preference is locked so that the browser itself can never set an actual +// value that would trigger the migration. +pref("browser.search.widget.lastUsed", "", locked); + // Disable initial homepage notifications pref("browser.search.update", false); pref("startup.homepage_welcome_url", ""); View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/commit/37a… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/commit/37a… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][base-browser-128.3.0esr-14.0-1] fixup! Firefox preference overrides.
by morgan (＠morgan) 02 Oct '24

02 Oct '24

morgan pushed to branch base-browser-128.3.0esr-14.0-1 at The Tor Project / Applications / Tor Browser Commits: e25795c4 by Morgan at 2024-10-02T17:34:44+00:00 fixup! Firefox preference overrides. Bug 43164: Prevent search-bar from being auto-hidden when not used for awhile - - - - - 1 changed file: - browser/app/profile/001-base-profile.js Changes: ===================================== browser/app/profile/001-base-profile.js ===================================== @@ -9,6 +9,11 @@ pref("intl.locale.requested", ""); pref("browser.startup.homepage", "about:blank"); pref("browser.newtabpage.enabled", false); +// tor-browser#43164: Prevent search-bar from being auto-hidden when not used for awhile +// This preference is locked so that the browser itself can never set an actual +// value that would trigger the migration. +pref("browser.search.widget.lastUsed", "", locked); + // Disable initial homepage notifications pref("browser.search.update", false); pref("startup.homepage_welcome_url", ""); View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/e25795c… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/e25795c… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][tor-browser-128.3.0esr-14.0-1] fixup! Firefox preference overrides.
by morgan (＠morgan) 02 Oct '24

02 Oct '24

morgan pushed to branch tor-browser-128.3.0esr-14.0-1 at The Tor Project / Applications / Tor Browser Commits: 019449c4 by Morgan at 2024-10-02T17:32:43+00:00 fixup! Firefox preference overrides. Bug 43164: Prevent search-bar from being auto-hidden when not used for awhile - - - - - 1 changed file: - browser/app/profile/001-base-profile.js Changes: ===================================== browser/app/profile/001-base-profile.js ===================================== @@ -9,6 +9,11 @@ pref("intl.locale.requested", ""); pref("browser.startup.homepage", "about:blank"); pref("browser.newtabpage.enabled", false); +// tor-browser#43164: Prevent search-bar from being auto-hidden when not used for awhile +// This preference is locked so that the browser itself can never set an actual +// value that would trigger the migration. +pref("browser.search.widget.lastUsed", "", locked); + // Disable initial homepage notifications pref("browser.search.update", false); pref("startup.homepage_welcome_url", ""); View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/019449c… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/019449c… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser-build] Pushed new tag tbb-13.5a11-build1
by morgan (＠morgan) 02 Oct '24

02 Oct '24

morgan pushed new tag tbb-13.5a11-build1 at The Tor Project / Applications / tor-browser-build -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/tree/tbb… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser-build][maint-13.5a11] Bug 41253: Prepare Tor Browser 13.5a11
by morgan (＠morgan) 02 Oct '24

02 Oct '24

morgan pushed to branch maint-13.5a11 at The Tor Project / Applications / tor-browser-build Commits: a4cc91f7 by Morgan at 2024-10-02T16:56:22+00:00 Bug 41253: Prepare Tor Browser 13.5a11 - - - - - 5 changed files: - projects/browser/Bundle-Data/Docs-TBB/ChangeLog.txt - projects/browser/config - projects/firefox/config - projects/translation/config - rbm.conf Changes: ===================================== projects/browser/Bundle-Data/Docs-TBB/ChangeLog.txt ===================================== @@ -1,3 +1,47 @@ +Tor Browser 13.5a11 - October 01 2024 + * All Platforms + * Bug 41252: Disable updating update_responses in 13.5-legacy branch [tor-browser-build] + * Windows + macOS + Linux + * Updated Firefox to 115.16.0esr + +Tor Browser 13.5.6 - September 30 2024 + * All Platforms + * Updated NoScript to 11.4.40 + * Bug 42832: Download spam prevention should not affect browser extensions [tor-browser] + * Bug 43167: Rebase Tor Browser Stable onto 115.16.0esr [tor-browser] + * Bug 43173: Backport security fixes from Firefox 131 [tor-browser] + * Windows + macOS + Linux + * Updated Firefox to 115.16.0esr + * Bug 42737: Drop the hash check on updates [tor-browser] + * Bug 43098: YEC 2024 Takeover for Desktop Stable [tor-browser] + * Windows + macOS + * Bug 42747: Windows 7/8 and macOS 10.12-10.14 Legacy/Maintenance [tor-browser] + * Android + * Updated GeckoView to 115.16.0esr + * Bug 43099: YEC 2024 Takeover for Android Stable [tor-browser] + +Tor Browser 14.0a7 - September 27 2024 + * All Platforms + * Updated NoScript to 11.4.40 + * Bug 42832: Download spam prevention should not affect browser extensions [tor-browser] + * Bug 43163: Disable offscreen canvas until verified it is not fingerprintable [tor-browser] + * Bug 43166: Rebase Tor Browser alpha onto Firefox 128.3.0esr [tor-browser] + * Windows + macOS + Linux + * Updated Firefox to 128.3.0esr + * Bug 42070: Backport Bugzilla 1834307 and hide smooth-scroll UX [tor-browser] + * Bug 42362: "New window" missing from File menu [tor-browser] + * Bug 42742: Inconsistent use of "New private window" vs "New window" [tor-browser] + * Bug 41248: Check and update bundled font versions [tor-browser-build] + * Android + * Updated GeckoView to 128.3.0esr + * Bug 43172: remove remote settings and SERPTelemetry [tor-browser] + * Build System + * All Platforms + * Updated Go to 1.23.1 + * Bug 41236: Remove binutils when not needed [tor-browser-build] + * Windows + macOS + Linux + * Bug 41246: Add updater rewriterules to make 13.5a10 a watershed [tor-browser-build] + Tor Browser 13.5a10 - September 25 2024 * Windows + macOS + Linux * Updated Firefox to 115.15.0esr ===================================== projects/browser/config ===================================== @@ -104,9 +104,9 @@ input_files: enable: '[% ! c("var/android") %]' - filename: Bundle-Data enable: '[% ! c("var/android") %]' - - URL: https://addons.mozilla.org/firefox/downloads/file/4349514/noscript-11.4.37.… + - URL: https://addons.mozilla.org/firefox/downloads/file/4357325/noscript-11.4.40.… name: noscript - sha256sum: 5e9921599c63e0b357851ea7ca1354554b3af2c676bbbfff5687cafce4396c18 + sha256sum: 242ead426159d871480a13062cbee08abc97da746cdc5c643aee2692e9adbbb2 - URL: https://addons.mozilla.org/firefox/downloads/file/4328681/ublock_origin-1.5… name: ublock-origin sha256sum: 1db9c676a07d141f8d36dbbc24f9e3d64a6cc2340dbfc6c848bc4395f96cfb14 ===================================== projects/firefox/config ===================================== @@ -14,12 +14,12 @@ container: use_container: 1 var: - firefox_platform_version: 115.15.0 + firefox_platform_version: 115.16.0 firefox_version: '[% c("var/firefox_platform_version") %]esr' browser_series: '13.5' - browser_rebase: 2 + browser_rebase: 1 browser_branch: '[% c("var/browser_series") %]-[% c("var/browser_rebase") %]' - browser_build: 1 + browser_build: 2 branding_directory_prefix: 'tb' copyright_year: '[% exec("git show -s --format=%ci").remove("-.*") %]' nightly_updates_publish_dir: '[% c("var/nightly_updates_publish_dir_prefix") %]nightly-[% c("var/osname") %]' ===================================== projects/translation/config ===================================== @@ -12,13 +12,13 @@ compress_tar: 'gz' steps: base-browser: base-browser: '[% INCLUDE build %]' - git_hash: 16446c485b3be4198a7e79bfcac6510784a18506 + git_hash: a142f78af87f994913faa15fb4b0f34f0ce1a22b targets: nightly: git_hash: 'base-browser' tor-browser: tor-browser: '[% INCLUDE build %]' - git_hash: a2bf4c2f45736958ac99f60e60b9f6d0e94454c3 + git_hash: 04f824bce1b6fb4b989bb9303949af17eab11406 targets: nightly: git_hash: 'tor-browser' ===================================== rbm.conf ===================================== @@ -73,18 +73,18 @@ buildconf: git_signtag_opt: '-s' var: - torbrowser_version: '13.5a10' + torbrowser_version: '13.5a11' torbrowser_build: 'build1' # This should be the date of when the build is started. For the build # to be reproducible, browser_release_date should always be in the past. - browser_release_date: '2024/09/25 17:00:00' + browser_release_date: '2024/10/01 17:00:00' browser_release_date_timestamp: '[% USE date; date.format(c("var/browser_release_date"), "%s") %]' updater_enabled: 1 build_mar: 1 torbrowser_incremental_from: + - 13.5a10 - 13.5a9 - 13.5a8 - - 13.5a7 mar_channel_id: '[% c("var/projectname") %]-torproject-[% c("var/channel") %]' # By default, we sort the list of installed packages. This allows sharing View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/a… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/a… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][tor-browser-128.3.0esr-14.0-1] 2 commits: fixup! Orfox: Centralized proxy applied to AbstractCommunicator and BaseResources.
by Pier Angelo Vendrame (＠pierov) 02 Oct '24

02 Oct '24

Pier Angelo Vendrame pushed to branch tor-browser-128.3.0esr-14.0-1 at The Tor Project / Applications / Tor Browser Commits: 8acd4ac6 by Dan Ballard at 2024-10-02T16:09:15+00:00 fixup! Orfox: Centralized proxy applied to AbstractCommunicator and BaseResources. This reverts commit a16d36fce768826615620ee73bec755fcd7081ea for tb-42660 - - - - - 10a39162 by Dan Ballard at 2024-10-02T16:09:15+00:00 Bug 42660: Disable ProxySelector.openConnectionWithProxy and NOPify CrashReporter.sendCrashReport - - - - - 2 changed files: - mobile/android/geckoview/src/main/java/org/mozilla/gecko/util/ProxySelector.java - mobile/android/geckoview/src/main/java/org/mozilla/geckoview/CrashReporter.java Changes: ===================================== mobile/android/geckoview/src/main/java/org/mozilla/gecko/util/ProxySelector.java ===================================== @@ -28,40 +28,19 @@ import java.net.URLConnection; import java.util.List; public class ProxySelector { - private static final String TOR_PROXY_ADDRESS = "127.0.0.1"; - private static final int TOR_SOCKS_PROXY_PORT = 9150; - private static final int TOR_HTTP_PROXY_PORT = 8218; - public static URLConnection openConnectionWithProxy(final URI uri) throws IOException { - final java.net.ProxySelector ps = java.net.ProxySelector.getDefault(); - Proxy proxy = Proxy.NO_PROXY; - if (ps != null) { - final List<Proxy> proxies = ps.select(uri); - if (proxies != null && !proxies.isEmpty()) { - proxy = proxies.get(0); - } - } - - /* Ignore the proxy we found from the VM, only use Tor. We can probably - * safely use the logic in this class in the future. */ - return uri.toURL().openConnection(getProxy()); - } - - public static Proxy getProxy() { - // TODO make configurable - return new Proxy(Proxy.Type.SOCKS, new InetSocketAddress(TOR_PROXY_ADDRESS, TOR_SOCKS_PROXY_PORT)); - } - - public static String getProxyHostAddress() { - return TOR_PROXY_ADDRESS; - } - - public static int getSocksProxyPort() { - return TOR_SOCKS_PROXY_PORT; - } - - public static int getHttpProxyPort() { - return TOR_HTTP_PROXY_PORT; +// tb-42660: This should not be used: it cannot safely get tor configs so would be a proxy leak risk + throw new IOException("openConnectionWithProxy disabled by tb-42660"); +// final java.net.ProxySelector ps = java.net.ProxySelector.getDefault(); +// Proxy proxy = Proxy.NO_PROXY; +// if (ps != null) { +// final List<Proxy> proxies = ps.select(uri); +// if (proxies != null && !proxies.isEmpty()) { +// proxy = proxies.get(0); +// } +// } +// +// return uri.toURL().openConnection(proxy); } public ProxySelector() {} ===================================== mobile/android/geckoview/src/main/java/org/mozilla/geckoview/CrashReporter.java ===================================== @@ -169,6 +169,11 @@ public class CrashReporter { @NonNull final File minidumpFile, @NonNull final JSONObject extras) throws IOException, URISyntaxException { + // tb-42660: makeing a NOP + if (true) { + return GeckoResult.fromValue("0"); + } + Log.d(LOGTAG, "Sending crash report: " + minidumpFile.getPath()); HttpURLConnection conn = null; View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/compare/ac6b47… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/compare/ac6b47… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][tor-browser-128.3.0esr-14.0-1] fixup! Add CI for Tor Browser
by Pier Angelo Vendrame (＠pierov) 02 Oct '24

02 Oct '24

Pier Angelo Vendrame pushed to branch tor-browser-128.3.0esr-14.0-1 at The Tor Project / Applications / Tor Browser Commits: ac6b47d5 by Henry Wilkes at 2024-10-02T10:27:03+01:00 fixup! Add CI for Tor Browser Bug 43181: Automatically run translation CI for strings.xml changes. - - - - - 1 changed file: - .gitlab/ci/update-translations.yml Changes: ===================================== .gitlab/ci/update-translations.yml ===================================== @@ -6,6 +6,7 @@ - "**/*.ftl" - "**/*.properties" - "**/*.dtd" + - "**/*strings.xml" - if: $FORCE_UPDATE_TRANSLATIONS == "true" variables: TOR_BROWSER_COMBINED_FILES_JSON: "combined-translation-files.json" View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/ac6b47d… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/ac6b47d… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser-build][main] Bug 41254: Stop copying cryptoSafetyPrompt.properties.
by Pier Angelo Vendrame (＠pierov) 02 Oct '24

02 Oct '24

Pier Angelo Vendrame pushed to branch main at The Tor Project / Applications / tor-browser-build Commits: bab35eb4 by Pier Angelo Vendrame at 2024-10-02T12:53:54+02:00 Bug 41254: Stop copying cryptoSafetyPrompt.properties. That file is not used anymore, and it was supposed to not exist, but it has been deleted only from the en-US directory in translation.git. - - - - - 1 changed file: - projects/firefox/build Changes: ===================================== projects/firefox/build ===================================== @@ -143,7 +143,6 @@ mkdir "$HOME/.mozbuild" fi [% END -%] mv "$transl_tor_browser/$source_lang/tor-browser.ftl" "$l10ncentral/$lang/toolkit/toolkit/global/" - mv "$transl_tor_browser/$source_lang/cryptoSafetyPrompt.properties" "$l10ncentral/$lang/browser/chrome/browser/" mv "$transl_tor_browser/$source_lang" "$torbutton_locales/$lang" echo "% locale torbutton $lang %locale/$lang/" >> "$torbutton_jar" echo " locale/$lang (chrome/locale/$lang/*)" >> "$torbutton_jar" View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/b… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/b… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser-build][maint-13.5a11] Bug 41252: Do not run upload-update_responses-to-staticiforme
by morgan (＠morgan) 01 Oct '24

01 Oct '24

morgan pushed to branch maint-13.5a11 at The Tor Project / Applications / tor-browser-build Commits: f9e2b4a5 by Nicolas Vigier at 2024-10-01T19:36:41+02:00 Bug 41252: Do not run upload-update_responses-to-staticiforme When signing a 13.5-legacy release, don't update and upload update_responses. The update_responses containing both the 14.0 and 13.5-legacy releases will be generated from the `maint-14.0` branch. - - - - - 1 changed file: - tools/signing/do-all-signing Changes: ===================================== tools/signing/do-all-signing ===================================== @@ -206,5 +206,4 @@ do_step download-unsigned-sha256sums-gpg-signatures-from-people-tpo do_step sync-local-to-staticiforme do_step sync-scripts-to-staticiforme do_step staticiforme-prepare-cdn-dist-upload -do_step upload-update_responses-to-staticiforme do_step finished-signing-clean-linux-signer View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/f… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/f… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser] Deleted tag mullvad-browser-115.16.0esr-13.5-1-build2
by morgan (＠morgan) 01 Oct '24

01 Oct '24

morgan deleted tag mullvad-browser-115.16.0esr-13.5-1-build2 at The Tor Project / Applications / Tor Browser -- You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/mullvad-browser] Pushed new tag mullvad-browser-115.16.0esr-13.5-1-build2
by morgan (＠morgan) 01 Oct '24

01 Oct '24

morgan pushed new tag mullvad-browser-115.16.0esr-13.5-1-build2 at The Tor Project / Applications / Mullvad Browser -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/tree/mullv… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][base-browser-128.3.0esr-14.0-1] Bug 42716: Disable unwanted about: pages
by morgan (＠morgan) 01 Oct '24

01 Oct '24

morgan pushed to branch base-browser-128.3.0esr-14.0-1 at The Tor Project / Applications / Tor Browser Commits: 520cda9e by Morgan at 2024-10-01T20:36:57+00:00 Bug 42716: Disable unwanted about: pages - - - - - 5 changed files: - browser/components/about/AboutRedirector.cpp - browser/components/about/components.conf - docshell/base/nsAboutRedirector.cpp - docshell/build/components.conf - toolkit/content/jar.mn Changes: ===================================== browser/components/about/AboutRedirector.cpp ===================================== @@ -86,9 +86,11 @@ static const RedirEntry kRedirMap[] = { {"rights", "chrome://global/content/aboutRights.xhtml", nsIAboutModule::URI_SAFE_FOR_UNTRUSTED_CONTENT | nsIAboutModule::ALLOW_SCRIPT | nsIAboutModule::IS_SECURE_CHROME_UI}, +#ifndef BASE_BROWSER_VERSION {"robots", "chrome://browser/content/aboutRobots.xhtml", nsIAboutModule::URI_SAFE_FOR_UNTRUSTED_CONTENT | nsIAboutModule::ALLOW_SCRIPT}, +#endif {"sessionrestore", "chrome://browser/content/aboutSessionRestore.xhtml", nsIAboutModule::ALLOW_SCRIPT | nsIAboutModule::HIDE_FROM_ABOUTABOUT | nsIAboutModule::IS_SECURE_CHROME_UI}, ===================================== browser/components/about/components.conf ===================================== @@ -23,7 +23,7 @@ pages = [ 'reader', 'restartrequired', 'rights', - 'robots', + # Removed 'robots'. tor-browser#42831. 'sessionrestore', 'settings', # Removed 'shoppingsidebar'. tor-browser#42831. ===================================== docshell/base/nsAboutRedirector.cpp ===================================== @@ -135,8 +135,10 @@ static const RedirEntry kRedirMap[] = { nsIAboutModule::URI_MUST_LOAD_IN_CHILD | nsIAboutModule::URI_CAN_LOAD_IN_PRIVILEGEDABOUT_PROCESS | nsIAboutModule::IS_SECURE_CHROME_UI}, +#ifndef BASE_BROWSER_VERSION {"mozilla", "chrome://global/content/mozilla.html", nsIAboutModule::URI_SAFE_FOR_UNTRUSTED_CONTENT}, +#endif #if !defined(ANDROID) && !defined(XP_WIN) {"webauthn", "chrome://global/content/aboutWebauthn.html", nsIAboutModule::ALLOW_SCRIPT | nsIAboutModule::IS_SECURE_CHROME_UI}, @@ -181,15 +183,17 @@ static const RedirEntry kRedirMap[] = { {"windows-messages", "chrome://global/content/aboutWindowsMessages.html", nsIAboutModule::ALLOW_SCRIPT}, #endif -#ifndef MOZ_GLEAN_ANDROID +#ifdef MOZ_TELEMETRY_REPORTING +# ifndef MOZ_GLEAN_ANDROID {"glean", "chrome://global/content/aboutGlean.html", -# if !defined(NIGHTLY_BUILD) && defined(MOZILLA_OFFICIAL) +# if !defined(NIGHTLY_BUILD) && defined(MOZILLA_OFFICIAL) nsIAboutModule::HIDE_FROM_ABOUTABOUT | -# endif +# endif nsIAboutModule::ALLOW_SCRIPT}, -#endif +# endif {"telemetry", "chrome://global/content/aboutTelemetry.xhtml", nsIAboutModule::ALLOW_SCRIPT | nsIAboutModule::IS_SECURE_CHROME_UI}, +#endif {"translations", "chrome://global/content/translations/translations.html", nsIAboutModule::ALLOW_SCRIPT | nsIAboutModule::URI_SAFE_FOR_UNTRUSTED_CONTENT | @@ -200,8 +204,10 @@ static const RedirEntry kRedirMap[] = { {"url-classifier", "chrome://global/content/aboutUrlClassifier.xhtml", nsIAboutModule::ALLOW_SCRIPT}, #endif +#ifdef MOZ_WEBRTC {"webrtc", "chrome://global/content/aboutwebrtc/aboutWebrtc.html", nsIAboutModule::ALLOW_SCRIPT}, +#endif {"crashparent", "about:blank", nsIAboutModule::HIDE_FROM_ABOUTABOUT}, {"crashcontent", "about:blank", nsIAboutModule::HIDE_FROM_ABOUTABOUT | ===================================== docshell/build/components.conf ===================================== @@ -22,7 +22,7 @@ about_pages = [ 'logging', 'logo', 'memory', - 'mozilla', + # Removed 'mozilla'. tor-browser#42831. 'neterror', 'networking', 'performance', @@ -30,20 +30,22 @@ about_pages = [ 'serviceworkers', 'srcdoc', 'support', - 'telemetry', 'translations', - 'url-classifier', - 'webrtc', + # Removed 'url-classifier'. tor-browser#42831. ] if defined('MOZ_CRASHREPORTER'): about_pages.append('crashes') +if defined('MOZ_TELEMETRY_REPORTING'): + about_pages.append('telemetry') +if defined('MOZ_WEBRTC'): + about_pages.append('webrtc') if buildconfig.substs['MOZ_WIDGET_TOOLKIT'] != 'android': about_pages.append('profiles') if buildconfig.substs['MOZ_WIDGET_TOOLKIT'] == 'windows': about_pages.append('third-party') about_pages.append('windows-messages') -if not defined('MOZ_GLEAN_ANDROID'): +if defined('MOZ_TELEMETRY_REPORTING') and not defined('MOZ_GLEAN_ANDROID'): about_pages.append('glean') if buildconfig.substs['MOZ_WIDGET_TOOLKIT'] != 'android' and buildconfig.substs['MOZ_WIDGET_TOOLKIT'] != 'windows': about_pages.append('webauthn') ===================================== toolkit/content/jar.mn ===================================== @@ -23,6 +23,7 @@ toolkit.jar: #endif content/global/aboutServiceWorkers.js content/global/aboutServiceWorkers.xhtml +#ifdef MOZ_WEBRTC content/global/aboutwebrtc/aboutWebrtc.css (aboutwebrtc/aboutWebrtc.css) content/global/aboutwebrtc/aboutWebrtc.mjs (aboutwebrtc/aboutWebrtc.mjs) content/global/aboutwebrtc/graph.mjs (aboutwebrtc/graph.mjs) @@ -31,16 +32,19 @@ toolkit.jar: content/global/aboutwebrtc/disclosure.mjs (aboutwebrtc/disclosure.mjs) content/global/aboutwebrtc/copyButton.mjs (aboutwebrtc/copyButton.mjs) content/global/aboutwebrtc/aboutWebrtc.html (aboutwebrtc/aboutWebrtc.html) +#endif content/global/aboutSupport.js * content/global/aboutSupport.xhtml -#ifndef MOZ_GLEAN_ANDROID +#ifdef MOZ_TELEMETRY_REPORTING +# ifndef MOZ_GLEAN_ANDROID content/global/aboutGlean.js content/global/aboutGlean.html content/global/aboutGlean.css -#endif +# endif content/global/aboutTelemetry.js content/global/aboutTelemetry.xhtml content/global/aboutTelemetry.css +#endif content/global/aboutUrlClassifier.js content/global/aboutUrlClassifier.xhtml content/global/aboutUrlClassifier.css View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/520cda9… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/520cda9… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][tor-browser-128.3.0esr-14.0-1] Bug 42716: Disable unwanted about: pages
by morgan (＠morgan) 01 Oct '24

01 Oct '24

morgan pushed to branch tor-browser-128.3.0esr-14.0-1 at The Tor Project / Applications / Tor Browser Commits: 9921cbc8 by Morgan at 2024-10-01T20:31:28+00:00 Bug 42716: Disable unwanted about: pages - - - - - 5 changed files: - browser/components/about/AboutRedirector.cpp - browser/components/about/components.conf - docshell/base/nsAboutRedirector.cpp - docshell/build/components.conf - toolkit/content/jar.mn Changes: ===================================== browser/components/about/AboutRedirector.cpp ===================================== @@ -91,9 +91,11 @@ static const RedirEntry kRedirMap[] = { {"rights", "chrome://global/content/aboutRights.xhtml", nsIAboutModule::URI_SAFE_FOR_UNTRUSTED_CONTENT | nsIAboutModule::ALLOW_SCRIPT | nsIAboutModule::IS_SECURE_CHROME_UI}, +#ifndef BASE_BROWSER_VERSION {"robots", "chrome://browser/content/aboutRobots.xhtml", nsIAboutModule::URI_SAFE_FOR_UNTRUSTED_CONTENT | nsIAboutModule::ALLOW_SCRIPT}, +#endif {"rulesets", "chrome://browser/content/rulesets/aboutRulesets.html", nsIAboutModule::ALLOW_SCRIPT | nsIAboutModule::URI_MUST_LOAD_IN_CHILD | nsIAboutModule::URI_CAN_LOAD_IN_PRIVILEGEDABOUT_PROCESS | ===================================== browser/components/about/components.conf ===================================== @@ -24,7 +24,7 @@ pages = [ 'reader', 'restartrequired', 'rights', - 'robots', + # Removed 'robots'. tor-browser#42831. 'rulesets', 'sessionrestore', 'settings', ===================================== docshell/base/nsAboutRedirector.cpp ===================================== @@ -135,8 +135,10 @@ static const RedirEntry kRedirMap[] = { nsIAboutModule::URI_MUST_LOAD_IN_CHILD | nsIAboutModule::URI_CAN_LOAD_IN_PRIVILEGEDABOUT_PROCESS | nsIAboutModule::IS_SECURE_CHROME_UI}, +#ifndef BASE_BROWSER_VERSION {"mozilla", "chrome://global/content/mozilla.html", nsIAboutModule::URI_SAFE_FOR_UNTRUSTED_CONTENT}, +#endif #if !defined(ANDROID) && !defined(XP_WIN) {"webauthn", "chrome://global/content/aboutWebauthn.html", nsIAboutModule::ALLOW_SCRIPT | nsIAboutModule::IS_SECURE_CHROME_UI}, @@ -181,15 +183,17 @@ static const RedirEntry kRedirMap[] = { {"windows-messages", "chrome://global/content/aboutWindowsMessages.html", nsIAboutModule::ALLOW_SCRIPT}, #endif -#ifndef MOZ_GLEAN_ANDROID +#ifdef MOZ_TELEMETRY_REPORTING +# ifndef MOZ_GLEAN_ANDROID {"glean", "chrome://global/content/aboutGlean.html", -# if !defined(NIGHTLY_BUILD) && defined(MOZILLA_OFFICIAL) +# if !defined(NIGHTLY_BUILD) && defined(MOZILLA_OFFICIAL) nsIAboutModule::HIDE_FROM_ABOUTABOUT | -# endif +# endif nsIAboutModule::ALLOW_SCRIPT}, -#endif +# endif {"telemetry", "chrome://global/content/aboutTelemetry.xhtml", nsIAboutModule::ALLOW_SCRIPT | nsIAboutModule::IS_SECURE_CHROME_UI}, +#endif {"torconnect", "chrome://global/content/torconnect/aboutTorConnect.html", nsIAboutModule::URI_SAFE_FOR_UNTRUSTED_CONTENT | nsIAboutModule::URI_CAN_LOAD_IN_CHILD | nsIAboutModule::ALLOW_SCRIPT | @@ -205,8 +209,10 @@ static const RedirEntry kRedirMap[] = { {"url-classifier", "chrome://global/content/aboutUrlClassifier.xhtml", nsIAboutModule::ALLOW_SCRIPT}, #endif +#ifdef MOZ_WEBRTC {"webrtc", "chrome://global/content/aboutwebrtc/aboutWebrtc.html", nsIAboutModule::ALLOW_SCRIPT}, +#endif {"crashparent", "about:blank", nsIAboutModule::HIDE_FROM_ABOUTABOUT}, {"crashcontent", "about:blank", nsIAboutModule::HIDE_FROM_ABOUTABOUT | ===================================== docshell/build/components.conf ===================================== @@ -22,7 +22,7 @@ about_pages = [ 'logging', 'logo', 'memory', - 'mozilla', + # Removed 'mozilla'. tor-browser#42831. 'neterror', 'networking', 'performance', @@ -30,22 +30,24 @@ about_pages = [ 'serviceworkers', 'srcdoc', 'support', - 'telemetry', 'torconnect', 'translations', 'tor', - 'url-classifier', - 'webrtc', + # Removed 'url-classifier'. tor-browser#42831. ] if defined('MOZ_CRASHREPORTER'): about_pages.append('crashes') +if defined('MOZ_TELEMETRY_REPORTING'): + about_pages.append('telemetry') +if defined('MOZ_WEBRTC'): + about_pages.append('webrtc') if buildconfig.substs['MOZ_WIDGET_TOOLKIT'] != 'android': about_pages.append('profiles') if buildconfig.substs['MOZ_WIDGET_TOOLKIT'] == 'windows': about_pages.append('third-party') about_pages.append('windows-messages') -if not defined('MOZ_GLEAN_ANDROID'): +if defined('MOZ_TELEMETRY_REPORTING') and not defined('MOZ_GLEAN_ANDROID'): about_pages.append('glean') if buildconfig.substs['MOZ_WIDGET_TOOLKIT'] != 'android' and buildconfig.substs['MOZ_WIDGET_TOOLKIT'] != 'windows': about_pages.append('webauthn') ===================================== toolkit/content/jar.mn ===================================== @@ -23,6 +23,7 @@ toolkit.jar: #endif content/global/aboutServiceWorkers.js content/global/aboutServiceWorkers.xhtml +#ifdef MOZ_WEBRTC content/global/aboutwebrtc/aboutWebrtc.css (aboutwebrtc/aboutWebrtc.css) content/global/aboutwebrtc/aboutWebrtc.mjs (aboutwebrtc/aboutWebrtc.mjs) content/global/aboutwebrtc/graph.mjs (aboutwebrtc/graph.mjs) @@ -31,16 +32,19 @@ toolkit.jar: content/global/aboutwebrtc/disclosure.mjs (aboutwebrtc/disclosure.mjs) content/global/aboutwebrtc/copyButton.mjs (aboutwebrtc/copyButton.mjs) content/global/aboutwebrtc/aboutWebrtc.html (aboutwebrtc/aboutWebrtc.html) +#endif content/global/aboutSupport.js * content/global/aboutSupport.xhtml -#ifndef MOZ_GLEAN_ANDROID +#ifdef MOZ_TELEMETRY_REPORTING +# ifndef MOZ_GLEAN_ANDROID content/global/aboutGlean.js content/global/aboutGlean.html content/global/aboutGlean.css -#endif +# endif content/global/aboutTelemetry.js content/global/aboutTelemetry.xhtml content/global/aboutTelemetry.css +#endif content/global/aboutUrlClassifier.js content/global/aboutUrlClassifier.xhtml content/global/aboutUrlClassifier.css View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/9921cbc… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/9921cbc… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/mullvad-browser][mullvad-browser-128.3.0esr-14.0-1] Bug 1911745 - Unify BrowsingContext flag coherency checks, r=mccr8
by ma1 (＠ma1) 01 Oct '24

01 Oct '24

ma1 pushed to branch mullvad-browser-128.3.0esr-14.0-1 at The Tor Project / Applications / Mullvad Browser Commits: 6e72b4ae by Nika Layzell at 2024-10-01T22:29:48+02:00 Bug 1911745 - Unify BrowsingContext flag coherency checks, r=mccr8 Previously these checks were largely diagnostic tools for finding bugs in other code as it evolves. This unifies the checks a bit more and makes them stronger for BrowsingContexts created over IPC, providing a place for more coherency checks to be added in the future. Differential Revision: https://phabricator.services.mozilla.com/D218860 - - - - - 2 changed files: - docshell/base/BrowsingContext.cpp - docshell/base/BrowsingContext.h Changes: ===================================== docshell/base/BrowsingContext.cpp ===================================== @@ -578,9 +578,20 @@ mozilla::ipc::IPCResult BrowsingContext::CreateFromIPC( context->mRequestContextId = aInit.mRequestContextId; // NOTE: Private browsing ID is set by `SetOriginAttributes`. + if (const char* failure = + context->BrowsingContextCoherencyChecks(aOriginProcess)) { + mozilla::ipc::IProtocol* actor = aOriginProcess; + if (!actor) { + actor = ContentChild::GetSingleton(); + } + return IPC_FAIL_UNSAFE_PRINTF(actor, "Incoherent BrowsingContext: %s", + failure); + } + Register(context); - return context->Attach(/* aFromIPC */ true, aOriginProcess); + context->Attach(/* aFromIPC */ true, aOriginProcess); + return IPC_OK(); } BrowsingContext::BrowsingContext(WindowContext* aParentWindow, @@ -795,8 +806,64 @@ void BrowsingContext::Embed() { } } -mozilla::ipc::IPCResult BrowsingContext::Attach(bool aFromIPC, - ContentParent* aOriginProcess) { +const char* BrowsingContext::BrowsingContextCoherencyChecks( + ContentParent* aOriginProcess) { +#define COHERENCY_ASSERT(condition) \ + if (!(condition)) return "Assertion " #condition " failed"; + + if (mGroup->IsPotentiallyCrossOriginIsolated() != + (Top()->GetOpenerPolicy() == + nsILoadInfo::OPENER_POLICY_SAME_ORIGIN_EMBEDDER_POLICY_REQUIRE_CORP)) { + return "Invalid CrossOriginIsolated state"; + } + + if (aOriginProcess && !IsContent()) { + return "Content cannot create chrome BCs"; + } + + // LoadContext should generally match our opener or parent. + if (IsContent()) { + if (RefPtr<BrowsingContext> opener = GetOpener()) { + COHERENCY_ASSERT(opener->mType == mType); + COHERENCY_ASSERT(opener->mGroup == mGroup); + COHERENCY_ASSERT(opener->mUseRemoteTabs == mUseRemoteTabs); + COHERENCY_ASSERT(opener->mUseRemoteSubframes == mUseRemoteSubframes); + COHERENCY_ASSERT(opener->mPrivateBrowsingId == mPrivateBrowsingId); + COHERENCY_ASSERT( + opener->mOriginAttributes.EqualsIgnoringFPD(mOriginAttributes)); + } + } + if (RefPtr<BrowsingContext> parent = GetParent()) { + COHERENCY_ASSERT(parent->mType == mType); + COHERENCY_ASSERT(parent->mGroup == mGroup); + COHERENCY_ASSERT(parent->mUseRemoteTabs == mUseRemoteTabs); + COHERENCY_ASSERT(parent->mUseRemoteSubframes == mUseRemoteSubframes); + COHERENCY_ASSERT(parent->mPrivateBrowsingId == mPrivateBrowsingId); + COHERENCY_ASSERT( + parent->mOriginAttributes.EqualsIgnoringFPD(mOriginAttributes)); + } + + // UseRemoteSubframes and UseRemoteTabs must match. + if (mUseRemoteSubframes && !mUseRemoteTabs) { + return "Cannot set useRemoteSubframes without also setting useRemoteTabs"; + } + + // Double-check OriginAttributes/Private Browsing + // Chrome browsing contexts must not have a private browsing OriginAttribute + // Content browsing contexts must maintain the equality: + // mOriginAttributes.mPrivateBrowsingId == mPrivateBrowsingId + if (IsChrome()) { + COHERENCY_ASSERT(mOriginAttributes.mPrivateBrowsingId == 0); + } else { + COHERENCY_ASSERT(mOriginAttributes.mPrivateBrowsingId == + mPrivateBrowsingId); + } +#undef COHERENCY_ASSERT + + return nullptr; +} + +void BrowsingContext::Attach(bool aFromIPC, ContentParent* aOriginProcess) { MOZ_DIAGNOSTIC_ASSERT(!mEverAttached); MOZ_DIAGNOSTIC_ASSERT_IF(aFromIPC, aOriginProcess || XRE_IsContentProcess()); mEverAttached = true; @@ -815,25 +882,15 @@ mozilla::ipc::IPCResult BrowsingContext::Attach(bool aFromIPC, MOZ_DIAGNOSTIC_ASSERT(mGroup); MOZ_DIAGNOSTIC_ASSERT(!mIsDiscarded); - if (mGroup->IsPotentiallyCrossOriginIsolated() != - (Top()->GetOpenerPolicy() == - nsILoadInfo::OPENER_POLICY_SAME_ORIGIN_EMBEDDER_POLICY_REQUIRE_CORP)) { - MOZ_DIAGNOSTIC_ASSERT(aFromIPC); - if (aFromIPC) { - auto* actor = aOriginProcess - ? static_cast<mozilla::ipc::IProtocol*>(aOriginProcess) - : static_cast<mozilla::ipc::IProtocol*>( - ContentChild::GetSingleton()); - return IPC_FAIL( - actor, - "Invalid CrossOriginIsolated state in BrowsingContext::Attach call"); - } else { - MOZ_CRASH( - "Invalid CrossOriginIsolated state in BrowsingContext::Attach call"); +#ifdef MOZ_DIAGNOSTIC_ASSERT_ENABLED + // We'll already have checked this if `aFromIPC` is set before calling this + // function. + if (!aFromIPC) { + if (const char* failure = BrowsingContextCoherencyChecks(aOriginProcess)) { + MOZ_CRASH_UNSAFE_PRINTF("Incoherent BrowsingContext: %s", failure); } } - - AssertCoherentLoadContext(); +#endif // Add ourselves either to our parent or BrowsingContextGroup's child list. // Important: We shouldn't return IPC_FAIL after this point, since the @@ -915,7 +972,6 @@ mozilla::ipc::IPCResult BrowsingContext::Attach(bool aFromIPC, if (XRE_IsParentProcess()) { Canonical()->CanonicalAttach(); } - return IPC_OK(); } void BrowsingContext::Detach(bool aFromIPC) { @@ -1768,40 +1824,6 @@ nsresult BrowsingContext::SetOriginAttributes(const OriginAttributes& aAttrs) { return NS_OK; } -void BrowsingContext::AssertCoherentLoadContext() { -#ifdef MOZ_DIAGNOSTIC_ASSERT_ENABLED - // LoadContext should generally match our opener or parent. - if (IsContent()) { - if (RefPtr<BrowsingContext> opener = GetOpener()) { - MOZ_DIAGNOSTIC_ASSERT(opener->mType == mType); - MOZ_DIAGNOSTIC_ASSERT(opener->mGroup == mGroup); - MOZ_DIAGNOSTIC_ASSERT(opener->mUseRemoteTabs == mUseRemoteTabs); - MOZ_DIAGNOSTIC_ASSERT(opener->mUseRemoteSubframes == mUseRemoteSubframes); - MOZ_DIAGNOSTIC_ASSERT(opener->mPrivateBrowsingId == mPrivateBrowsingId); - MOZ_DIAGNOSTIC_ASSERT( - opener->mOriginAttributes.EqualsIgnoringFPD(mOriginAttributes)); - } - } - if (RefPtr<BrowsingContext> parent = GetParent()) { - MOZ_DIAGNOSTIC_ASSERT(parent->mType == mType); - MOZ_DIAGNOSTIC_ASSERT(parent->mGroup == mGroup); - MOZ_DIAGNOSTIC_ASSERT(parent->mUseRemoteTabs == mUseRemoteTabs); - MOZ_DIAGNOSTIC_ASSERT(parent->mUseRemoteSubframes == mUseRemoteSubframes); - MOZ_DIAGNOSTIC_ASSERT(parent->mPrivateBrowsingId == mPrivateBrowsingId); - MOZ_DIAGNOSTIC_ASSERT( - parent->mOriginAttributes.EqualsIgnoringFPD(mOriginAttributes)); - } - - // UseRemoteSubframes and UseRemoteTabs must match. - MOZ_DIAGNOSTIC_ASSERT( - !mUseRemoteSubframes || mUseRemoteTabs, - "Cannot set useRemoteSubframes without also setting useRemoteTabs"); - - // Double-check OriginAttributes/Private Browsing - AssertOriginAttributesMatchPrivateBrowsing(); -#endif -} - void BrowsingContext::AssertOriginAttributesMatchPrivateBrowsing() { // Chrome browsing contexts must not have a private browsing OriginAttribute // Content browsing contexts must maintain the equality: ===================================== docshell/base/BrowsingContext.h ===================================== @@ -984,7 +984,18 @@ class BrowsingContext : public nsILoadContext, public nsWrapperCache { bool aHasPostData); private: - mozilla::ipc::IPCResult Attach(bool aFromIPC, ContentParent* aOriginProcess); + // Assert that this BrowsingContext is coherent relative to related + // BrowsingContexts. This will be run before the BrowsingContext is attached. + // + // A non-null string return value indicates that there was a coherency check + // failure, which will be handled with either a crash or IPC failure. + // + // If provided, `aOriginProcess` is the process which is responsible for the + // creation of this BrowsingContext. + [[nodiscard]] const char* BrowsingContextCoherencyChecks( + ContentParent* aOriginProcess); + + void Attach(bool aFromIPC, ContentParent* aOriginProcess); // Recomputes whether we can execute scripts in this BrowsingContext based on // the value of AllowJavascript() and whether scripts are allowed in the @@ -998,10 +1009,6 @@ class BrowsingContext : public nsILoadContext, public nsWrapperCache { void AssertOriginAttributesMatchPrivateBrowsing(); - // Assert that the BrowsingContext's LoadContext flags appear coherent - // relative to related BrowsingContexts. - void AssertCoherentLoadContext(); - friend class ::nsOuterWindowProxy; friend class ::nsGlobalWindowOuter; friend class WindowContext; View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/commit/6e7… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/commit/6e7… You're receiving this email because of your account on gitlab.torproject.org.

1 0