- tbb-commits - lists.torproject.org

[Git][tpo/applications/tor-browser-build][maint-14.0] Bug 41270: Add updater rewriterules to make 13.5.7 a watershed
by boklm (＠boklm) 21 Oct '24

21 Oct '24

boklm pushed to branch maint-14.0 at The Tor Project / Applications / tor-browser-build Commits: deed1220 by Nicolas Vigier at 2024-10-21T17:51:12+02:00 Bug 41270: Add updater rewriterules to make 13.5.7 a watershed Co-authored-by: Pier Angelo Vendrame <pierov(a)torproject.org> - - - - - 1 changed file: - projects/release/update_responses_config.yml Changes: ===================================== projects/release/update_responses_config.yml ===================================== @@ -119,4 +119,9 @@ htaccess_rewrite_rules: RewriteRule ^[^/]+/11\.0.*/.* https://aus1.torproject.org/torbrowser/update_pre12.0/release/$0 [last] RewriteRule ^[^/]+/11\.5/.* https://aus1.torproject.org/torbrowser/update_pre12.0/release/$0 [last] RewriteRule ^[^/]+/11\.5\.[01234567]/.* https://aus1.torproject.org/torbrowser/update_pre12.0/release/$0 [last] + # tor-browser-build#41270: make 13.5.7 a watershed update + RewriteRule ^[^/]+/1[12]\.[05].*/.* https://aus1.torproject.org/torbrowser/update_pre14.0/release/$0 [last] + RewriteRule ^[^/]+/13\.0.*/.* https://aus1.torproject.org/torbrowser/update_pre14.0/release/$0 [last] + RewriteRule ^[^/]+/13\.5/.* https://aus1.torproject.org/torbrowser/update_pre14.0/release/$0 [last] + RewriteRule ^[^/]+/13\.5\.[0123456]/.* https://aus1.torproject.org/torbrowser/update_pre14.0/release/$0 [last] [% END -%] View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/d… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/d… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][tor-browser-128.3.0esr-14.0-1] Bug 43006: Disable RFP for Font Visibility on Android
by Pier Angelo Vendrame (＠pierov) 21 Oct '24

21 Oct '24

Pier Angelo Vendrame pushed to branch tor-browser-128.3.0esr-14.0-1 at The Tor Project / Applications / Tor Browser Commits: 43b3ff4d by Dan Ballard at 2024-10-21T15:20:38+00:00 Bug 43006: Disable RFP for Font Visibility on Android - - - - - 1 changed file: - dom/base/Document.cpp Changes: ===================================== dom/base/Document.cpp ===================================== @@ -16403,6 +16403,12 @@ bool Document::RecomputeResistFingerprinting() { } bool Document::ShouldResistFingerprinting(RFPTarget aTarget) const { +#ifdef ANDROID + if (aTarget == RFPTarget::FontVisibilityBaseSystem || + aTarget == RFPTarget::FontVisibilityLangPack) { + return false; + } +#endif return mShouldResistFingerprinting && nsRFPService::IsRFPEnabledFor(this->IsInPrivateBrowsing(), aTarget, mOverriddenFingerprintingSettings); View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/43b3ff4… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/43b3ff4… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser-update-responses][main] Copy update_3/release to update_pre14.0/release for tor-browser-build#41270
by boklm (＠boklm) 21 Oct '24

21 Oct '24

boklm pushed to branch main at The Tor Project / Applications / Tor Browser update responses Commits: 87e03758 by Nicolas Vigier at 2024-10-21T17:21:10+02:00 Copy update_3/release to update_pre14.0/release for tor-browser-build#41270 - - - - - 30 changed files: - + update_pre14.0/release/.htaccess - + update_pre14.0/release/13.5.4-13.5.7-linux-i686-ALL.xml - + update_pre14.0/release/13.5.4-13.5.7-linux-x86_64-ALL.xml - + update_pre14.0/release/13.5.4-13.5.7-macos-ALL.xml - + update_pre14.0/release/13.5.4-13.5.7-windows-i686-ALL.xml - + update_pre14.0/release/13.5.4-13.5.7-windows-x86_64-ALL.xml - + update_pre14.0/release/13.5.5-13.5.7-linux-i686-ALL.xml - + update_pre14.0/release/13.5.5-13.5.7-linux-x86_64-ALL.xml - + update_pre14.0/release/13.5.5-13.5.7-macos-ALL.xml - + update_pre14.0/release/13.5.5-13.5.7-windows-i686-ALL.xml - + update_pre14.0/release/13.5.5-13.5.7-windows-x86_64-ALL.xml - + update_pre14.0/release/13.5.6-13.5.7-linux-i686-ALL.xml - + update_pre14.0/release/13.5.6-13.5.7-linux-x86_64-ALL.xml - + update_pre14.0/release/13.5.6-13.5.7-macos-ALL.xml - + update_pre14.0/release/13.5.6-13.5.7-windows-i686-ALL.xml - + update_pre14.0/release/13.5.6-13.5.7-windows-x86_64-ALL.xml - + update_pre14.0/release/13.5.7-linux-i686-ALL.xml - + update_pre14.0/release/13.5.7-linux-x86_64-ALL.xml - + update_pre14.0/release/13.5.7-macos-ALL.xml - + update_pre14.0/release/13.5.7-windows-i686-ALL.xml - + update_pre14.0/release/13.5.7-windows-x86_64-ALL.xml - + update_pre14.0/release/download-android-aarch64.json - + update_pre14.0/release/download-android-armv7.json - + update_pre14.0/release/download-android-x86.json - + update_pre14.0/release/download-android-x86_64.json - + update_pre14.0/release/download-linux-i686.json - + update_pre14.0/release/download-linux-x86_64.json - + update_pre14.0/release/download-macos.json - + update_pre14.0/release/download-windows-i686.json - + update_pre14.0/release/download-windows-x86_64.json The diff was not included because it is too large. View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-update-responses… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-update-responses… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][tor-browser-115.16.0esr-13.5-1] fixup! Bug 40597: Implement TorSettings module
by ma1 (＠ma1) 21 Oct '24

21 Oct '24

ma1 pushed to branch tor-browser-115.16.0esr-13.5-1 at The Tor Project / Applications / Tor Browser Commits: 8dbe6b39 by hackademix at 2024-10-21T11:02:24+02:00 fixup! Bug 40597: Implement TorSettings module - - - - - 1 changed file: - toolkit/modules/TorConnect.sys.mjs Changes: ===================================== toolkit/modules/TorConnect.sys.mjs ===================================== @@ -1301,7 +1301,15 @@ export const TorConnect = { // which redirect after bootstrapping getURIsToLoad(uriVariant) { const uris = this.fixupURIs(uriVariant); - lazy.logger.debug(`Will load after bootstrap => [${uris.join(", ")}]`); - return uris.map(uri => this.getRedirectURL(uri)); + const localUriRx = /^(file:\/\/\/|moz-extension:)/; + lazy.logger.debug( + `Will load after bootstrap => [${uris + .filter(uri => !localUriRx.test(uri)) + .join(", ")}]` + ); + + return uris.map(uri => + localUriRx.test(uri) ? uri : this.getRedirectURL(uri) + ); }, }; View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/8dbe6b3… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/8dbe6b3… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][tor-browser-128.3.0esr-14.0-1] fixup! Bug 40597: Implement TorSettings module
by ma1 (＠ma1) 21 Oct '24

21 Oct '24

ma1 pushed to branch tor-browser-128.3.0esr-14.0-1 at The Tor Project / Applications / Tor Browser Commits: fc0af914 by hackademix at 2024-10-18T10:54:46+02:00 fixup! Bug 40597: Implement TorSettings module - - - - - 1 changed file: - toolkit/modules/TorConnect.sys.mjs Changes: ===================================== toolkit/modules/TorConnect.sys.mjs ===================================== @@ -1302,7 +1302,15 @@ export const TorConnect = { // which redirect after bootstrapping getURIsToLoad(uriVariant) { const uris = this.fixupURIs(uriVariant); - lazy.logger.debug(`Will load after bootstrap => [${uris.join(", ")}]`); - return uris.map(uri => this.getRedirectURL(uri)); + const localUriRx = /^(file:\/\/\/|moz-extension:)/; + lazy.logger.debug( + `Will load after bootstrap => [${uris + .filter(uri => !localUriRx.test(uri)) + .join(", ")}]` + ); + + return uris.map(uri => + localUriRx.test(uri) ? uri : this.getRedirectURL(uri) + ); }, }; View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/fc0af91… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/fc0af91… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/mullvad-browser][mullvad-browser-128.3.0esr-14.0-1] Bug 1436226: Ignore user prefs and hardware support for media capabilities...
by morgan (＠morgan) 17 Oct '24

17 Oct '24

morgan pushed to branch mullvad-browser-128.3.0esr-14.0-1 at The Tor Project / Applications / Mullvad Browser Commits: e8ef660b by Fatih at 2024-10-17T20:54:59+00:00 Bug 1436226: Ignore user prefs and hardware support for media capabilities when RFPTarget::MediaCapabilities is enabled. r=tjr,media-playback-reviewers,padenot This patch mostly targeted Android, as media.mediasource.vp9.enabled is disabled on only Android and HW support takes precedence over pref, hence leaking HW support for VP9. However, we ended up modifying the patch to ignore prefs or HW support, fixing both possible user pref leak and HW support leak. Differential Revision: https://phabricator.services.mozilla.com/D221338 - - - - - 5 changed files: - dom/media/eme/MediaKeySystemAccess.cpp - dom/media/mediacapabilities/MediaCapabilities.cpp - dom/media/mediasource/MediaSource.cpp - dom/media/mediasource/MediaSource.h - dom/media/mediasource/SourceBuffer.cpp Changes: ===================================== dom/media/eme/MediaKeySystemAccess.cpp ===================================== @@ -319,8 +319,8 @@ static bool CanDecryptAndDecode( CodecType aCodecType, const KeySystemConfig::ContainerSupport& aContainerSupport, const nsTArray<KeySystemConfig::EMECodecString>& aCodecs, - const Maybe<CryptoScheme>& aScheme, - DecoderDoctorDiagnostics* aDiagnostics) { + const Maybe<CryptoScheme>& aScheme, DecoderDoctorDiagnostics* aDiagnostics, + Maybe<bool> aShouldResistFingerprinting) { MOZ_ASSERT(aCodecType != Invalid); for (const KeySystemConfig::EMECodecString& codec : aCodecs) { MOZ_ASSERT(!codec.IsEmpty()); @@ -332,7 +332,8 @@ static bool CanDecryptAndDecode( if (aContainerSupport.Decrypts(codec, aScheme)) { IgnoredErrorResult rv; - MediaSource::IsTypeSupported(aContentType, aDiagnostics, rv); + MediaSource::IsTypeSupported(aContentType, aDiagnostics, rv, + aShouldResistFingerprinting); if (!rv.Failed()) { // GMP can decrypt and is allowed to return compressed samples to // Gecko to decode, and Gecko has a decoder. @@ -709,9 +710,13 @@ static Sequence<MediaKeySystemMediaCapability> GetSupportedCapabilities( // restrictions... const auto& containerSupport = supportedInMP4 ? aKeySystem.mMP4 : aKeySystem.mWebM; + Maybe<bool> shouldResistFingerprinting = + aDocument ? Some(aDocument->ShouldResistFingerprinting( + RFPTarget::MediaCapabilities)) + : Nothing(); if (!CanDecryptAndDecode(aKeySystem.mKeySystem, contentTypeString, majorType, containerSupport, codecs, scheme, - aDiagnostics)) { + aDiagnostics, shouldResistFingerprinting)) { EME_LOG( "MediaKeySystemConfiguration (label='%s') " "MediaKeySystemMediaCapability('%s','%s','%s') unsupported; " ===================================== dom/media/mediacapabilities/MediaCapabilities.cpp ===================================== @@ -577,8 +577,9 @@ Maybe<MediaContainerType> MediaCapabilities::CheckAudioConfiguration( bool MediaCapabilities::CheckTypeForMediaSource(const nsAString& aType) { IgnoredErrorResult rv; - MediaSource::IsTypeSupported(aType, nullptr /* DecoderDoctorDiagnostics */, - rv); + MediaSource::IsTypeSupported( + aType, nullptr /* DecoderDoctorDiagnostics */, rv, + Some(mParent->ShouldResistFingerprinting(RFPTarget::MediaCapabilities))); return !rv.Failed(); } ===================================== dom/media/mediasource/MediaSource.cpp ===================================== @@ -23,6 +23,7 @@ #include "mozilla/Sprintf.h" #include "mozilla/StaticPrefs_media.h" #include "mozilla/dom/BindingDeclarations.h" +#include "mozilla/dom/Document.h" #include "mozilla/dom/HTMLMediaElement.h" #include "mozilla/gfx/gfxVars.h" #include "mozilla/mozalloc.h" @@ -133,7 +134,8 @@ static void RecordTypeForTelemetry(const nsAString& aType, /* static */ void MediaSource::IsTypeSupported(const nsAString& aType, DecoderDoctorDiagnostics* aDiagnostics, - ErrorResult& aRv) { + ErrorResult& aRv, + Maybe<bool> aShouldResistFingerprinting) { if (aType.IsEmpty()) { return aRv.ThrowTypeError("Empty type"); } @@ -159,16 +161,25 @@ void MediaSource::IsTypeSupported(const nsAString& aType, // Now we know that this media type could be played. // MediaSource imposes extra restrictions, and some prefs. + // Avoid leaking information about the fact that it's pref-disabled, + // or that HW acceleration is available (only applicable to VP9 on Android). + bool shouldResistFingerprinting = + aShouldResistFingerprinting.isSome() + ? aShouldResistFingerprinting.value() + : nsContentUtils::ShouldResistFingerprinting( + "Couldn't drill down ShouldResistFingerprinting", + RFPTarget::MediaCapabilities); const MediaMIMEType& mimeType = containerType->Type(); if (mimeType == MEDIAMIMETYPE("video/mp4") || mimeType == MEDIAMIMETYPE("audio/mp4")) { - if (!StaticPrefs::media_mediasource_mp4_enabled()) { + if (!StaticPrefs::media_mediasource_mp4_enabled() && + !shouldResistFingerprinting) { // Don't leak information about the fact that it's pref-disabled; just act // like we can't play it. Or should this throw "Unknown type"? return aRv.ThrowNotSupportedError("Can't play type"); } if (!StaticPrefs::media_mediasource_vp9_enabled() && hasVP9 && - !IsVP9Forced(aDiagnostics)) { + !IsVP9Forced(aDiagnostics) && !shouldResistFingerprinting) { // Don't leak information about the fact that it's pref-disabled; just act // like we can't play it. Or should this throw "Unknown type"? return aRv.ThrowNotSupportedError("Can't play type"); @@ -177,13 +188,14 @@ void MediaSource::IsTypeSupported(const nsAString& aType, return; } if (mimeType == MEDIAMIMETYPE("video/webm")) { - if (!StaticPrefs::media_mediasource_webm_enabled()) { + if (!StaticPrefs::media_mediasource_webm_enabled() && + !shouldResistFingerprinting) { // Don't leak information about the fact that it's pref-disabled; just act // like we can't play it. Or should this throw "Unknown type"? return aRv.ThrowNotSupportedError("Can't play type"); } if (!StaticPrefs::media_mediasource_vp9_enabled() && hasVP9 && - !IsVP9Forced(aDiagnostics)) { + !IsVP9Forced(aDiagnostics) && !shouldResistFingerprinting) { // Don't leak information about the fact that it's pref-disabled; just act // like we can't play it. Or should this throw "Unknown type"? return aRv.ThrowNotSupportedError("Can't play type"); @@ -191,7 +203,8 @@ void MediaSource::IsTypeSupported(const nsAString& aType, return; } if (mimeType == MEDIAMIMETYPE("audio/webm")) { - if (!StaticPrefs::media_mediasource_webm_enabled()) { + if (!StaticPrefs::media_mediasource_webm_enabled() && + !shouldResistFingerprinting) { // Don't leak information about the fact that it's pref-disabled; just act // like we can't play it. Or should this throw "Unknown type"? return aRv.ThrowNotSupportedError("Can't play type"); @@ -280,13 +293,16 @@ void MediaSource::SetDuration(const media::TimeUnit& aDuration) { already_AddRefed<SourceBuffer> MediaSource::AddSourceBuffer( const nsAString& aType, ErrorResult& aRv) { MOZ_ASSERT(NS_IsMainThread()); + nsCOMPtr<nsPIDOMWindowInner> window = GetOwner(); + Document* doc = window ? window->GetExtantDoc() : nullptr; DecoderDoctorDiagnostics diagnostics; - IsTypeSupported(aType, &diagnostics, aRv); - RecordTypeForTelemetry(aType, GetOwner()); + IsTypeSupported( + aType, &diagnostics, aRv, + doc ? Some(doc->ShouldResistFingerprinting(RFPTarget::MediaCapabilities)) + : Nothing()); + RecordTypeForTelemetry(aType, window); bool supported = !aRv.Failed(); - diagnostics.StoreFormatDiagnostics( - GetOwner() ? GetOwner()->GetExtantDoc() : nullptr, aType, supported, - __func__); + diagnostics.StoreFormatDiagnostics(doc, aType, supported, __func__); MSE_API("AddSourceBuffer(aType=%s)%s", NS_ConvertUTF16toUTF8(aType).get(), supported ? "" : " [not supported]"); if (!supported) { @@ -433,13 +449,16 @@ bool MediaSource::IsTypeSupported(const GlobalObject& aOwner, MOZ_ASSERT(NS_IsMainThread()); DecoderDoctorDiagnostics diagnostics; IgnoredErrorResult rv; - IsTypeSupported(aType, &diagnostics, rv); - bool supported = !rv.Failed(); nsCOMPtr<nsPIDOMWindowInner> window = do_QueryInterface(aOwner.GetAsSupports()); + Document* doc = window ? window->GetExtantDoc() : nullptr; + IsTypeSupported( + aType, &diagnostics, rv, + doc ? Some(doc->ShouldResistFingerprinting(RFPTarget::MediaCapabilities)) + : Nothing()); + bool supported = !rv.Failed(); RecordTypeForTelemetry(aType, window); - diagnostics.StoreFormatDiagnostics(window ? window->GetExtantDoc() : nullptr, - aType, supported, __func__); + diagnostics.StoreFormatDiagnostics(doc, aType, supported, __func__); MOZ_LOG(GetMediaSourceAPILog(), mozilla::LogLevel::Debug, ("MediaSource::%s: IsTypeSupported(aType=%s) %s", __func__, NS_ConvertUTF16toUTF8(aType).get(), ===================================== dom/media/mediasource/MediaSource.h ===================================== @@ -83,7 +83,8 @@ class MediaSource final : public DOMEventTargetHelper, // Throws on aRv if not supported. static void IsTypeSupported(const nsAString& aType, DecoderDoctorDiagnostics* aDiagnostics, - ErrorResult& aRv); + ErrorResult& aRv, + Maybe<bool> aShouldResistFingerprinting); IMPL_EVENT_HANDLER(sourceopen); IMPL_EVENT_HANDLER(sourceended); ===================================== dom/media/mediasource/SourceBuffer.cpp ===================================== @@ -13,6 +13,7 @@ #include "mozilla/ErrorResult.h" #include "mozilla/FloatingPoint.h" #include "mozilla/Preferences.h" +#include "mozilla/dom/Document.h" #include "mozilla/dom/MediaSourceBinding.h" #include "mozilla/dom/TimeRanges.h" #include "mozilla/dom/TypedArray.h" @@ -385,13 +386,16 @@ void SourceBuffer::ChangeType(const nsAString& aType, ErrorResult& aRv) { // previously) of SourceBuffer objects in the sourceBuffers attribute of // the parent media source , then throw a NotSupportedError exception and // abort these steps. + Document* doc = mMediaSource->GetOwner() + ? mMediaSource->GetOwner()->GetExtantDoc() + : nullptr; DecoderDoctorDiagnostics diagnostics; - MediaSource::IsTypeSupported(aType, &diagnostics, aRv); + MediaSource::IsTypeSupported( + aType, &diagnostics, aRv, + doc ? Some(doc->ShouldResistFingerprinting(RFPTarget::MediaCapabilities)) + : Nothing()); bool supported = !aRv.Failed(); - diagnostics.StoreFormatDiagnostics( - mMediaSource->GetOwner() ? mMediaSource->GetOwner()->GetExtantDoc() - : nullptr, - aType, supported, __func__); + diagnostics.StoreFormatDiagnostics(doc, aType, supported, __func__); MSE_API("ChangeType(aType=%s)%s", NS_ConvertUTF16toUTF8(aType).get(), supported ? "" : " [not supported]"); if (!supported) { View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/commit/e8e… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/commit/e8e… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][base-browser-128.3.0esr-14.0-1] Bug 1436226: Ignore user prefs and hardware support for media capabilities...
by morgan (＠morgan) 17 Oct '24

17 Oct '24

morgan pushed to branch base-browser-128.3.0esr-14.0-1 at The Tor Project / Applications / Tor Browser Commits: 8f7307ac by Fatih at 2024-10-17T20:54:18+00:00 Bug 1436226: Ignore user prefs and hardware support for media capabilities when RFPTarget::MediaCapabilities is enabled. r=tjr,media-playback-reviewers,padenot This patch mostly targeted Android, as media.mediasource.vp9.enabled is disabled on only Android and HW support takes precedence over pref, hence leaking HW support for VP9. However, we ended up modifying the patch to ignore prefs or HW support, fixing both possible user pref leak and HW support leak. Differential Revision: https://phabricator.services.mozilla.com/D221338 - - - - - 5 changed files: - dom/media/eme/MediaKeySystemAccess.cpp - dom/media/mediacapabilities/MediaCapabilities.cpp - dom/media/mediasource/MediaSource.cpp - dom/media/mediasource/MediaSource.h - dom/media/mediasource/SourceBuffer.cpp Changes: ===================================== dom/media/eme/MediaKeySystemAccess.cpp ===================================== @@ -319,8 +319,8 @@ static bool CanDecryptAndDecode( CodecType aCodecType, const KeySystemConfig::ContainerSupport& aContainerSupport, const nsTArray<KeySystemConfig::EMECodecString>& aCodecs, - const Maybe<CryptoScheme>& aScheme, - DecoderDoctorDiagnostics* aDiagnostics) { + const Maybe<CryptoScheme>& aScheme, DecoderDoctorDiagnostics* aDiagnostics, + Maybe<bool> aShouldResistFingerprinting) { MOZ_ASSERT(aCodecType != Invalid); for (const KeySystemConfig::EMECodecString& codec : aCodecs) { MOZ_ASSERT(!codec.IsEmpty()); @@ -332,7 +332,8 @@ static bool CanDecryptAndDecode( if (aContainerSupport.Decrypts(codec, aScheme)) { IgnoredErrorResult rv; - MediaSource::IsTypeSupported(aContentType, aDiagnostics, rv); + MediaSource::IsTypeSupported(aContentType, aDiagnostics, rv, + aShouldResistFingerprinting); if (!rv.Failed()) { // GMP can decrypt and is allowed to return compressed samples to // Gecko to decode, and Gecko has a decoder. @@ -709,9 +710,13 @@ static Sequence<MediaKeySystemMediaCapability> GetSupportedCapabilities( // restrictions... const auto& containerSupport = supportedInMP4 ? aKeySystem.mMP4 : aKeySystem.mWebM; + Maybe<bool> shouldResistFingerprinting = + aDocument ? Some(aDocument->ShouldResistFingerprinting( + RFPTarget::MediaCapabilities)) + : Nothing(); if (!CanDecryptAndDecode(aKeySystem.mKeySystem, contentTypeString, majorType, containerSupport, codecs, scheme, - aDiagnostics)) { + aDiagnostics, shouldResistFingerprinting)) { EME_LOG( "MediaKeySystemConfiguration (label='%s') " "MediaKeySystemMediaCapability('%s','%s','%s') unsupported; " ===================================== dom/media/mediacapabilities/MediaCapabilities.cpp ===================================== @@ -577,8 +577,9 @@ Maybe<MediaContainerType> MediaCapabilities::CheckAudioConfiguration( bool MediaCapabilities::CheckTypeForMediaSource(const nsAString& aType) { IgnoredErrorResult rv; - MediaSource::IsTypeSupported(aType, nullptr /* DecoderDoctorDiagnostics */, - rv); + MediaSource::IsTypeSupported( + aType, nullptr /* DecoderDoctorDiagnostics */, rv, + Some(mParent->ShouldResistFingerprinting(RFPTarget::MediaCapabilities))); return !rv.Failed(); } ===================================== dom/media/mediasource/MediaSource.cpp ===================================== @@ -23,6 +23,7 @@ #include "mozilla/Sprintf.h" #include "mozilla/StaticPrefs_media.h" #include "mozilla/dom/BindingDeclarations.h" +#include "mozilla/dom/Document.h" #include "mozilla/dom/HTMLMediaElement.h" #include "mozilla/gfx/gfxVars.h" #include "mozilla/mozalloc.h" @@ -133,7 +134,8 @@ static void RecordTypeForTelemetry(const nsAString& aType, /* static */ void MediaSource::IsTypeSupported(const nsAString& aType, DecoderDoctorDiagnostics* aDiagnostics, - ErrorResult& aRv) { + ErrorResult& aRv, + Maybe<bool> aShouldResistFingerprinting) { if (aType.IsEmpty()) { return aRv.ThrowTypeError("Empty type"); } @@ -159,16 +161,25 @@ void MediaSource::IsTypeSupported(const nsAString& aType, // Now we know that this media type could be played. // MediaSource imposes extra restrictions, and some prefs. + // Avoid leaking information about the fact that it's pref-disabled, + // or that HW acceleration is available (only applicable to VP9 on Android). + bool shouldResistFingerprinting = + aShouldResistFingerprinting.isSome() + ? aShouldResistFingerprinting.value() + : nsContentUtils::ShouldResistFingerprinting( + "Couldn't drill down ShouldResistFingerprinting", + RFPTarget::MediaCapabilities); const MediaMIMEType& mimeType = containerType->Type(); if (mimeType == MEDIAMIMETYPE("video/mp4") || mimeType == MEDIAMIMETYPE("audio/mp4")) { - if (!StaticPrefs::media_mediasource_mp4_enabled()) { + if (!StaticPrefs::media_mediasource_mp4_enabled() && + !shouldResistFingerprinting) { // Don't leak information about the fact that it's pref-disabled; just act // like we can't play it. Or should this throw "Unknown type"? return aRv.ThrowNotSupportedError("Can't play type"); } if (!StaticPrefs::media_mediasource_vp9_enabled() && hasVP9 && - !IsVP9Forced(aDiagnostics)) { + !IsVP9Forced(aDiagnostics) && !shouldResistFingerprinting) { // Don't leak information about the fact that it's pref-disabled; just act // like we can't play it. Or should this throw "Unknown type"? return aRv.ThrowNotSupportedError("Can't play type"); @@ -177,13 +188,14 @@ void MediaSource::IsTypeSupported(const nsAString& aType, return; } if (mimeType == MEDIAMIMETYPE("video/webm")) { - if (!StaticPrefs::media_mediasource_webm_enabled()) { + if (!StaticPrefs::media_mediasource_webm_enabled() && + !shouldResistFingerprinting) { // Don't leak information about the fact that it's pref-disabled; just act // like we can't play it. Or should this throw "Unknown type"? return aRv.ThrowNotSupportedError("Can't play type"); } if (!StaticPrefs::media_mediasource_vp9_enabled() && hasVP9 && - !IsVP9Forced(aDiagnostics)) { + !IsVP9Forced(aDiagnostics) && !shouldResistFingerprinting) { // Don't leak information about the fact that it's pref-disabled; just act // like we can't play it. Or should this throw "Unknown type"? return aRv.ThrowNotSupportedError("Can't play type"); @@ -191,7 +203,8 @@ void MediaSource::IsTypeSupported(const nsAString& aType, return; } if (mimeType == MEDIAMIMETYPE("audio/webm")) { - if (!StaticPrefs::media_mediasource_webm_enabled()) { + if (!StaticPrefs::media_mediasource_webm_enabled() && + !shouldResistFingerprinting) { // Don't leak information about the fact that it's pref-disabled; just act // like we can't play it. Or should this throw "Unknown type"? return aRv.ThrowNotSupportedError("Can't play type"); @@ -280,13 +293,16 @@ void MediaSource::SetDuration(const media::TimeUnit& aDuration) { already_AddRefed<SourceBuffer> MediaSource::AddSourceBuffer( const nsAString& aType, ErrorResult& aRv) { MOZ_ASSERT(NS_IsMainThread()); + nsCOMPtr<nsPIDOMWindowInner> window = GetOwner(); + Document* doc = window ? window->GetExtantDoc() : nullptr; DecoderDoctorDiagnostics diagnostics; - IsTypeSupported(aType, &diagnostics, aRv); - RecordTypeForTelemetry(aType, GetOwner()); + IsTypeSupported( + aType, &diagnostics, aRv, + doc ? Some(doc->ShouldResistFingerprinting(RFPTarget::MediaCapabilities)) + : Nothing()); + RecordTypeForTelemetry(aType, window); bool supported = !aRv.Failed(); - diagnostics.StoreFormatDiagnostics( - GetOwner() ? GetOwner()->GetExtantDoc() : nullptr, aType, supported, - __func__); + diagnostics.StoreFormatDiagnostics(doc, aType, supported, __func__); MSE_API("AddSourceBuffer(aType=%s)%s", NS_ConvertUTF16toUTF8(aType).get(), supported ? "" : " [not supported]"); if (!supported) { @@ -433,13 +449,16 @@ bool MediaSource::IsTypeSupported(const GlobalObject& aOwner, MOZ_ASSERT(NS_IsMainThread()); DecoderDoctorDiagnostics diagnostics; IgnoredErrorResult rv; - IsTypeSupported(aType, &diagnostics, rv); - bool supported = !rv.Failed(); nsCOMPtr<nsPIDOMWindowInner> window = do_QueryInterface(aOwner.GetAsSupports()); + Document* doc = window ? window->GetExtantDoc() : nullptr; + IsTypeSupported( + aType, &diagnostics, rv, + doc ? Some(doc->ShouldResistFingerprinting(RFPTarget::MediaCapabilities)) + : Nothing()); + bool supported = !rv.Failed(); RecordTypeForTelemetry(aType, window); - diagnostics.StoreFormatDiagnostics(window ? window->GetExtantDoc() : nullptr, - aType, supported, __func__); + diagnostics.StoreFormatDiagnostics(doc, aType, supported, __func__); MOZ_LOG(GetMediaSourceAPILog(), mozilla::LogLevel::Debug, ("MediaSource::%s: IsTypeSupported(aType=%s) %s", __func__, NS_ConvertUTF16toUTF8(aType).get(), ===================================== dom/media/mediasource/MediaSource.h ===================================== @@ -83,7 +83,8 @@ class MediaSource final : public DOMEventTargetHelper, // Throws on aRv if not supported. static void IsTypeSupported(const nsAString& aType, DecoderDoctorDiagnostics* aDiagnostics, - ErrorResult& aRv); + ErrorResult& aRv, + Maybe<bool> aShouldResistFingerprinting); IMPL_EVENT_HANDLER(sourceopen); IMPL_EVENT_HANDLER(sourceended); ===================================== dom/media/mediasource/SourceBuffer.cpp ===================================== @@ -13,6 +13,7 @@ #include "mozilla/ErrorResult.h" #include "mozilla/FloatingPoint.h" #include "mozilla/Preferences.h" +#include "mozilla/dom/Document.h" #include "mozilla/dom/MediaSourceBinding.h" #include "mozilla/dom/TimeRanges.h" #include "mozilla/dom/TypedArray.h" @@ -385,13 +386,16 @@ void SourceBuffer::ChangeType(const nsAString& aType, ErrorResult& aRv) { // previously) of SourceBuffer objects in the sourceBuffers attribute of // the parent media source , then throw a NotSupportedError exception and // abort these steps. + Document* doc = mMediaSource->GetOwner() + ? mMediaSource->GetOwner()->GetExtantDoc() + : nullptr; DecoderDoctorDiagnostics diagnostics; - MediaSource::IsTypeSupported(aType, &diagnostics, aRv); + MediaSource::IsTypeSupported( + aType, &diagnostics, aRv, + doc ? Some(doc->ShouldResistFingerprinting(RFPTarget::MediaCapabilities)) + : Nothing()); bool supported = !aRv.Failed(); - diagnostics.StoreFormatDiagnostics( - mMediaSource->GetOwner() ? mMediaSource->GetOwner()->GetExtantDoc() - : nullptr, - aType, supported, __func__); + diagnostics.StoreFormatDiagnostics(doc, aType, supported, __func__); MSE_API("ChangeType(aType=%s)%s", NS_ConvertUTF16toUTF8(aType).get(), supported ? "" : " [not supported]"); if (!supported) { View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/8f7307a… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/8f7307a… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][tor-browser-128.3.0esr-14.0-1] Bug 1436226: Ignore user prefs and hardware support for media capabilities...
by morgan (＠morgan) 17 Oct '24

17 Oct '24

morgan pushed to branch tor-browser-128.3.0esr-14.0-1 at The Tor Project / Applications / Tor Browser Commits: a662a454 by Fatih at 2024-10-17T22:22:51+02:00 Bug 1436226: Ignore user prefs and hardware support for media capabilities when RFPTarget::MediaCapabilities is enabled. r=tjr,media-playback-reviewers,padenot This patch mostly targeted Android, as media.mediasource.vp9.enabled is disabled on only Android and HW support takes precedence over pref, hence leaking HW support for VP9. However, we ended up modifying the patch to ignore prefs or HW support, fixing both possible user pref leak and HW support leak. Differential Revision: https://phabricator.services.mozilla.com/D221338 - - - - - 5 changed files: - dom/media/eme/MediaKeySystemAccess.cpp - dom/media/mediacapabilities/MediaCapabilities.cpp - dom/media/mediasource/MediaSource.cpp - dom/media/mediasource/MediaSource.h - dom/media/mediasource/SourceBuffer.cpp Changes: ===================================== dom/media/eme/MediaKeySystemAccess.cpp ===================================== @@ -319,8 +319,8 @@ static bool CanDecryptAndDecode( CodecType aCodecType, const KeySystemConfig::ContainerSupport& aContainerSupport, const nsTArray<KeySystemConfig::EMECodecString>& aCodecs, - const Maybe<CryptoScheme>& aScheme, - DecoderDoctorDiagnostics* aDiagnostics) { + const Maybe<CryptoScheme>& aScheme, DecoderDoctorDiagnostics* aDiagnostics, + Maybe<bool> aShouldResistFingerprinting) { MOZ_ASSERT(aCodecType != Invalid); for (const KeySystemConfig::EMECodecString& codec : aCodecs) { MOZ_ASSERT(!codec.IsEmpty()); @@ -332,7 +332,8 @@ static bool CanDecryptAndDecode( if (aContainerSupport.Decrypts(codec, aScheme)) { IgnoredErrorResult rv; - MediaSource::IsTypeSupported(aContentType, aDiagnostics, rv); + MediaSource::IsTypeSupported(aContentType, aDiagnostics, rv, + aShouldResistFingerprinting); if (!rv.Failed()) { // GMP can decrypt and is allowed to return compressed samples to // Gecko to decode, and Gecko has a decoder. @@ -709,9 +710,13 @@ static Sequence<MediaKeySystemMediaCapability> GetSupportedCapabilities( // restrictions... const auto& containerSupport = supportedInMP4 ? aKeySystem.mMP4 : aKeySystem.mWebM; + Maybe<bool> shouldResistFingerprinting = + aDocument ? Some(aDocument->ShouldResistFingerprinting( + RFPTarget::MediaCapabilities)) + : Nothing(); if (!CanDecryptAndDecode(aKeySystem.mKeySystem, contentTypeString, majorType, containerSupport, codecs, scheme, - aDiagnostics)) { + aDiagnostics, shouldResistFingerprinting)) { EME_LOG( "MediaKeySystemConfiguration (label='%s') " "MediaKeySystemMediaCapability('%s','%s','%s') unsupported; " ===================================== dom/media/mediacapabilities/MediaCapabilities.cpp ===================================== @@ -577,8 +577,9 @@ Maybe<MediaContainerType> MediaCapabilities::CheckAudioConfiguration( bool MediaCapabilities::CheckTypeForMediaSource(const nsAString& aType) { IgnoredErrorResult rv; - MediaSource::IsTypeSupported(aType, nullptr /* DecoderDoctorDiagnostics */, - rv); + MediaSource::IsTypeSupported( + aType, nullptr /* DecoderDoctorDiagnostics */, rv, + Some(mParent->ShouldResistFingerprinting(RFPTarget::MediaCapabilities))); return !rv.Failed(); } ===================================== dom/media/mediasource/MediaSource.cpp ===================================== @@ -23,6 +23,7 @@ #include "mozilla/Sprintf.h" #include "mozilla/StaticPrefs_media.h" #include "mozilla/dom/BindingDeclarations.h" +#include "mozilla/dom/Document.h" #include "mozilla/dom/HTMLMediaElement.h" #include "mozilla/gfx/gfxVars.h" #include "mozilla/mozalloc.h" @@ -133,7 +134,8 @@ static void RecordTypeForTelemetry(const nsAString& aType, /* static */ void MediaSource::IsTypeSupported(const nsAString& aType, DecoderDoctorDiagnostics* aDiagnostics, - ErrorResult& aRv) { + ErrorResult& aRv, + Maybe<bool> aShouldResistFingerprinting) { if (aType.IsEmpty()) { return aRv.ThrowTypeError("Empty type"); } @@ -159,16 +161,25 @@ void MediaSource::IsTypeSupported(const nsAString& aType, // Now we know that this media type could be played. // MediaSource imposes extra restrictions, and some prefs. + // Avoid leaking information about the fact that it's pref-disabled, + // or that HW acceleration is available (only applicable to VP9 on Android). + bool shouldResistFingerprinting = + aShouldResistFingerprinting.isSome() + ? aShouldResistFingerprinting.value() + : nsContentUtils::ShouldResistFingerprinting( + "Couldn't drill down ShouldResistFingerprinting", + RFPTarget::MediaCapabilities); const MediaMIMEType& mimeType = containerType->Type(); if (mimeType == MEDIAMIMETYPE("video/mp4") || mimeType == MEDIAMIMETYPE("audio/mp4")) { - if (!StaticPrefs::media_mediasource_mp4_enabled()) { + if (!StaticPrefs::media_mediasource_mp4_enabled() && + !shouldResistFingerprinting) { // Don't leak information about the fact that it's pref-disabled; just act // like we can't play it. Or should this throw "Unknown type"? return aRv.ThrowNotSupportedError("Can't play type"); } if (!StaticPrefs::media_mediasource_vp9_enabled() && hasVP9 && - !IsVP9Forced(aDiagnostics)) { + !IsVP9Forced(aDiagnostics) && !shouldResistFingerprinting) { // Don't leak information about the fact that it's pref-disabled; just act // like we can't play it. Or should this throw "Unknown type"? return aRv.ThrowNotSupportedError("Can't play type"); @@ -177,13 +188,14 @@ void MediaSource::IsTypeSupported(const nsAString& aType, return; } if (mimeType == MEDIAMIMETYPE("video/webm")) { - if (!StaticPrefs::media_mediasource_webm_enabled()) { + if (!StaticPrefs::media_mediasource_webm_enabled() && + !shouldResistFingerprinting) { // Don't leak information about the fact that it's pref-disabled; just act // like we can't play it. Or should this throw "Unknown type"? return aRv.ThrowNotSupportedError("Can't play type"); } if (!StaticPrefs::media_mediasource_vp9_enabled() && hasVP9 && - !IsVP9Forced(aDiagnostics)) { + !IsVP9Forced(aDiagnostics) && !shouldResistFingerprinting) { // Don't leak information about the fact that it's pref-disabled; just act // like we can't play it. Or should this throw "Unknown type"? return aRv.ThrowNotSupportedError("Can't play type"); @@ -191,7 +203,8 @@ void MediaSource::IsTypeSupported(const nsAString& aType, return; } if (mimeType == MEDIAMIMETYPE("audio/webm")) { - if (!StaticPrefs::media_mediasource_webm_enabled()) { + if (!StaticPrefs::media_mediasource_webm_enabled() && + !shouldResistFingerprinting) { // Don't leak information about the fact that it's pref-disabled; just act // like we can't play it. Or should this throw "Unknown type"? return aRv.ThrowNotSupportedError("Can't play type"); @@ -280,13 +293,16 @@ void MediaSource::SetDuration(const media::TimeUnit& aDuration) { already_AddRefed<SourceBuffer> MediaSource::AddSourceBuffer( const nsAString& aType, ErrorResult& aRv) { MOZ_ASSERT(NS_IsMainThread()); + nsCOMPtr<nsPIDOMWindowInner> window = GetOwner(); + Document* doc = window ? window->GetExtantDoc() : nullptr; DecoderDoctorDiagnostics diagnostics; - IsTypeSupported(aType, &diagnostics, aRv); - RecordTypeForTelemetry(aType, GetOwner()); + IsTypeSupported( + aType, &diagnostics, aRv, + doc ? Some(doc->ShouldResistFingerprinting(RFPTarget::MediaCapabilities)) + : Nothing()); + RecordTypeForTelemetry(aType, window); bool supported = !aRv.Failed(); - diagnostics.StoreFormatDiagnostics( - GetOwner() ? GetOwner()->GetExtantDoc() : nullptr, aType, supported, - __func__); + diagnostics.StoreFormatDiagnostics(doc, aType, supported, __func__); MSE_API("AddSourceBuffer(aType=%s)%s", NS_ConvertUTF16toUTF8(aType).get(), supported ? "" : " [not supported]"); if (!supported) { @@ -433,13 +449,16 @@ bool MediaSource::IsTypeSupported(const GlobalObject& aOwner, MOZ_ASSERT(NS_IsMainThread()); DecoderDoctorDiagnostics diagnostics; IgnoredErrorResult rv; - IsTypeSupported(aType, &diagnostics, rv); - bool supported = !rv.Failed(); nsCOMPtr<nsPIDOMWindowInner> window = do_QueryInterface(aOwner.GetAsSupports()); + Document* doc = window ? window->GetExtantDoc() : nullptr; + IsTypeSupported( + aType, &diagnostics, rv, + doc ? Some(doc->ShouldResistFingerprinting(RFPTarget::MediaCapabilities)) + : Nothing()); + bool supported = !rv.Failed(); RecordTypeForTelemetry(aType, window); - diagnostics.StoreFormatDiagnostics(window ? window->GetExtantDoc() : nullptr, - aType, supported, __func__); + diagnostics.StoreFormatDiagnostics(doc, aType, supported, __func__); MOZ_LOG(GetMediaSourceAPILog(), mozilla::LogLevel::Debug, ("MediaSource::%s: IsTypeSupported(aType=%s) %s", __func__, NS_ConvertUTF16toUTF8(aType).get(), ===================================== dom/media/mediasource/MediaSource.h ===================================== @@ -83,7 +83,8 @@ class MediaSource final : public DOMEventTargetHelper, // Throws on aRv if not supported. static void IsTypeSupported(const nsAString& aType, DecoderDoctorDiagnostics* aDiagnostics, - ErrorResult& aRv); + ErrorResult& aRv, + Maybe<bool> aShouldResistFingerprinting); IMPL_EVENT_HANDLER(sourceopen); IMPL_EVENT_HANDLER(sourceended); ===================================== dom/media/mediasource/SourceBuffer.cpp ===================================== @@ -13,6 +13,7 @@ #include "mozilla/ErrorResult.h" #include "mozilla/FloatingPoint.h" #include "mozilla/Preferences.h" +#include "mozilla/dom/Document.h" #include "mozilla/dom/MediaSourceBinding.h" #include "mozilla/dom/TimeRanges.h" #include "mozilla/dom/TypedArray.h" @@ -385,13 +386,16 @@ void SourceBuffer::ChangeType(const nsAString& aType, ErrorResult& aRv) { // previously) of SourceBuffer objects in the sourceBuffers attribute of // the parent media source , then throw a NotSupportedError exception and // abort these steps. + Document* doc = mMediaSource->GetOwner() + ? mMediaSource->GetOwner()->GetExtantDoc() + : nullptr; DecoderDoctorDiagnostics diagnostics; - MediaSource::IsTypeSupported(aType, &diagnostics, aRv); + MediaSource::IsTypeSupported( + aType, &diagnostics, aRv, + doc ? Some(doc->ShouldResistFingerprinting(RFPTarget::MediaCapabilities)) + : Nothing()); bool supported = !aRv.Failed(); - diagnostics.StoreFormatDiagnostics( - mMediaSource->GetOwner() ? mMediaSource->GetOwner()->GetExtantDoc() - : nullptr, - aType, supported, __func__); + diagnostics.StoreFormatDiagnostics(doc, aType, supported, __func__); MSE_API("ChangeType(aType=%s)%s", NS_ConvertUTF16toUTF8(aType).get(), supported ? "" : " [not supported]"); if (!supported) { View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/a662a45… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/a662a45… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/mullvad-browser][mullvad-browser-115.16.0esr-13.5-1] fixup! Bug 42019: Empty browser's clipboard on browser shutdown
by ma1 (＠ma1) 17 Oct '24

17 Oct '24

ma1 pushed to branch mullvad-browser-115.16.0esr-13.5-1 at The Tor Project / Applications / Mullvad Browser Commits: f1b8976d by hackademix at 2024-10-17T22:23:03+02:00 fixup! Bug 42019: Empty browser's clipboard on browser shutdown Bug 43209: Check if any data is available before trying to retrieve it from the clipboard. - - - - - 1 changed file: - browser/components/BrowserGlue.sys.mjs Changes: ===================================== browser/components/BrowserGlue.sys.mjs ===================================== @@ -165,8 +165,17 @@ const ClipboardPrivacy = { return trans; }, _computeClipboardHash() { + const flavors = ["text/x-moz-url", "text/plain"]; + if ( + !Services.clipboard.hasDataMatchingFlavors( + flavors, + Ci.nsIClipboard.kGlobalClipboard + ) + ) { + return null; + } const trans = this._createTransferable(); - ["text/x-moz-url", "text/plain"].forEach(trans.addDataFlavor); + flavors.forEach(trans.addDataFlavor); try { Services.clipboard.getData(trans, Ci.nsIClipboard.kGlobalClipboard); const clipboardContent = {}; View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/commit/f1b… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/commit/f1b… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][base-browser-115.16.0esr-13.5-1] fixup! Bug 42019: Empty browser's clipboard on browser shutdown
by ma1 (＠ma1) 17 Oct '24

17 Oct '24

ma1 pushed to branch base-browser-115.16.0esr-13.5-1 at The Tor Project / Applications / Tor Browser Commits: 91df6b5c by hackademix at 2024-10-17T22:22:55+02:00 fixup! Bug 42019: Empty browser's clipboard on browser shutdown Bug 43209: Check if any data is available before trying to retrieve it from the clipboard. - - - - - 1 changed file: - browser/components/BrowserGlue.sys.mjs Changes: ===================================== browser/components/BrowserGlue.sys.mjs ===================================== @@ -165,8 +165,17 @@ const ClipboardPrivacy = { return trans; }, _computeClipboardHash() { + const flavors = ["text/x-moz-url", "text/plain"]; + if ( + !Services.clipboard.hasDataMatchingFlavors( + flavors, + Ci.nsIClipboard.kGlobalClipboard + ) + ) { + return null; + } const trans = this._createTransferable(); - ["text/x-moz-url", "text/plain"].forEach(trans.addDataFlavor); + flavors.forEach(trans.addDataFlavor); try { Services.clipboard.getData(trans, Ci.nsIClipboard.kGlobalClipboard); const clipboardContent = {}; View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/91df6b5… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/91df6b5… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][tor-browser-115.16.0esr-13.5-1] fixup! Bug 42019: Empty browser's clipboard on browser shutdown
by ma1 (＠ma1) 17 Oct '24

17 Oct '24

ma1 pushed to branch tor-browser-115.16.0esr-13.5-1 at The Tor Project / Applications / Tor Browser Commits: 67f0b6ff by hackademix at 2024-10-17T22:22:46+02:00 fixup! Bug 42019: Empty browser's clipboard on browser shutdown Bug 43209: Check if any data is available before trying to retrieve it from the clipboard. - - - - - 1 changed file: - browser/components/BrowserGlue.sys.mjs Changes: ===================================== browser/components/BrowserGlue.sys.mjs ===================================== @@ -169,8 +169,17 @@ const ClipboardPrivacy = { return trans; }, _computeClipboardHash() { + const flavors = ["text/x-moz-url", "text/plain"]; + if ( + !Services.clipboard.hasDataMatchingFlavors( + flavors, + Ci.nsIClipboard.kGlobalClipboard + ) + ) { + return null; + } const trans = this._createTransferable(); - ["text/x-moz-url", "text/plain"].forEach(trans.addDataFlavor); + flavors.forEach(trans.addDataFlavor); try { Services.clipboard.getData(trans, Ci.nsIClipboard.kGlobalClipboard); const clipboardContent = {}; View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/67f0b6f… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/67f0b6f… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/mullvad-browser][mullvad-browser-128.3.0esr-14.0-1] fixup! Bug 42019: Empty browser's clipboard on browser shutdown
by ma1 (＠ma1) 17 Oct '24

17 Oct '24

ma1 pushed to branch mullvad-browser-128.3.0esr-14.0-1 at The Tor Project / Applications / Mullvad Browser Commits: 3fb297c3 by hackademix at 2024-10-17T22:22:09+02:00 fixup! Bug 42019: Empty browser's clipboard on browser shutdown Bug 43209: Check if any data is available before trying to retrieve it from the clipboard. - - - - - 1 changed file: - browser/components/BrowserGlue.sys.mjs Changes: ===================================== browser/components/BrowserGlue.sys.mjs ===================================== @@ -185,8 +185,17 @@ const ClipboardPrivacy = { return trans; }, _computeClipboardHash() { + const flavors = ["text/x-moz-url", "text/plain"]; + if ( + !Services.clipboard.hasDataMatchingFlavors( + flavors, + Ci.nsIClipboard.kGlobalClipboard + ) + ) { + return null; + } const trans = this._createTransferable(); - ["text/x-moz-url", "text/plain"].forEach(trans.addDataFlavor); + flavors.forEach(trans.addDataFlavor); try { Services.clipboard.getData(trans, Ci.nsIClipboard.kGlobalClipboard); const clipboardContent = {}; View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/commit/3fb… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/commit/3fb… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][base-browser-128.3.0esr-14.0-1] fixup! Bug 42019: Empty browser's clipboard on browser shutdown
by ma1 (＠ma1) 17 Oct '24

17 Oct '24

ma1 pushed to branch base-browser-128.3.0esr-14.0-1 at The Tor Project / Applications / Tor Browser Commits: e75a4f4e by hackademix at 2024-10-17T22:21:33+02:00 fixup! Bug 42019: Empty browser's clipboard on browser shutdown Bug 43209: Check if any data is available before trying to retrieve it from the clipboard. - - - - - 1 changed file: - browser/components/BrowserGlue.sys.mjs Changes: ===================================== browser/components/BrowserGlue.sys.mjs ===================================== @@ -185,8 +185,17 @@ const ClipboardPrivacy = { return trans; }, _computeClipboardHash() { + const flavors = ["text/x-moz-url", "text/plain"]; + if ( + !Services.clipboard.hasDataMatchingFlavors( + flavors, + Ci.nsIClipboard.kGlobalClipboard + ) + ) { + return null; + } const trans = this._createTransferable(); - ["text/x-moz-url", "text/plain"].forEach(trans.addDataFlavor); + flavors.forEach(trans.addDataFlavor); try { Services.clipboard.getData(trans, Ci.nsIClipboard.kGlobalClipboard); const clipboardContent = {}; View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/e75a4f4… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/e75a4f4… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][tor-browser-128.3.0esr-14.0-1] fixup! Bug 42019: Empty browser's clipboard on browser shutdown
by ma1 (＠ma1) 17 Oct '24

17 Oct '24

ma1 pushed to branch tor-browser-128.3.0esr-14.0-1 at The Tor Project / Applications / Tor Browser Commits: 985e28f4 by hackademix at 2024-10-17T16:25:01+02:00 fixup! Bug 42019: Empty browser's clipboard on browser shutdown Bug 43209: Check if any data is available before trying to retrieve it from the clipboard. - - - - - 1 changed file: - browser/components/BrowserGlue.sys.mjs Changes: ===================================== browser/components/BrowserGlue.sys.mjs ===================================== @@ -189,8 +189,17 @@ const ClipboardPrivacy = { return trans; }, _computeClipboardHash() { + const flavors = ["text/x-moz-url", "text/plain"]; + if ( + !Services.clipboard.hasDataMatchingFlavors( + flavors, + Ci.nsIClipboard.kGlobalClipboard + ) + ) { + return null; + } const trans = this._createTransferable(); - ["text/x-moz-url", "text/plain"].forEach(trans.addDataFlavor); + flavors.forEach(trans.addDataFlavor); try { Services.clipboard.getData(trans, Ci.nsIClipboard.kGlobalClipboard); const clipboardContent = {}; View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/985e28f… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/985e28f… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser-build][maint-13.5] 2 commits: Bug 41274: Improve changelog generation for major releases.
by morgan (＠morgan) 17 Oct '24

17 Oct '24

morgan pushed to branch maint-13.5 at The Tor Project / Applications / tor-browser-build Commits: 13b1b67d by Pier Angelo Vendrame at 2024-10-17T18:19:32+00:00 Bug 41274: Improve changelog generation for major releases. This commits implements --include-from to get linked issues from many issues (potentially all the alpha release preps). It also implements --exclude-from to avoid including issues that were already linked to other rel preps (potentially the previous stables). Also, make sure to look only for currently open issues, otherwise all the various alpha relpreps would be matched when specifying the version number. - - - - - 4a3ec6ae by Pier Angelo Vendrame at 2024-10-17T18:19:41+00:00 Bug 41273: Bump Firefox/GeckoView tag when does not match HEAD. If we detect the tag we would use for build does not match the HEAD of the branch we are using, bump it preemptively. Normally, we would add that tag when ready to build, so this change can help us in case we forget to. If the script is overzealous, we can change the build number before committing. - - - - - 2 changed files: - tools/fetch_changelogs.py - tools/relprep.py Changes: ===================================== tools/fetch_changelogs.py ===================================== @@ -156,7 +156,7 @@ class ChangelogBuilder: elif not is_mullvad and is_mullvad is not None: labels += "&not[labels]=Sponsor 131" r = requests.get( - f"{API_URL}/projects/{PROJECT_ID}/issues?labels={labels}&search={issue_or_version}&in=title", + f"{API_URL}/projects/{PROJECT_ID}/issues?labels={labels}&search={issue_or_version}&in=title&state=opened", headers=self.headers, ) r.raise_for_status() @@ -196,7 +196,7 @@ class ChangelogBuilder: raise ValueError( "Inconsistency detected: a browser was explicitly specified, but the issue does not have the correct labels." ) - self.issue_id = issue["iid"] + self.relprep_issue = issue["iid"] self.is_mullvad = has_s131 if self.version is None: @@ -205,7 +205,9 @@ class ChangelogBuilder: self.version = version_match.group() def create(self, **kwargs): - self._find_linked() + self._find_linked( + kwargs.get("include_from"), kwargs.get("exclude_from") + ) self._add_updates(kwargs) self._sort_issues() name = "Mullvad" if self.is_mullvad else "Tor" @@ -233,16 +235,46 @@ class ChangelogBuilder: text += f" * {issue}\n" return text - def _find_linked(self): + def _find_linked(self, include_relpreps=[], exclude_relpreps=[]): self.issues = [] self.issues_build = [] + if include_relpreps is None: + include_relpreps = [self.relprep_issue] + elif self.relprep_issue not in include_relpreps: + include_relpreps.append(self.relprep_issue) + if exclude_relpreps is None: + exclude_relpreps = [] + + included = {} + excluded = set() + for relprep in include_relpreps: + included.update( + { + issue["references"]["full"]: issue + for issue in self._get_linked_issues(relprep) + } + ) + for relprep in exclude_relpreps: + excluded.update( + [ + issue["references"]["full"] + for issue in self._get_linked_issues(relprep) + ] + ) + for ex in excluded: + if ex in included: + included.pop(ex) + for data in included.values(): + self._add_issue(data) + + def _get_linked_issues(self, issue_id): r = requests.get( - f"{API_URL}/projects/{PROJECT_ID}/issues/{self.issue_id}/links", + f"{API_URL}/projects/{PROJECT_ID}/issues/{issue_id}/links", headers=self.headers, ) - for i in r.json(): - self._add_issue(i) + r.raise_for_status() + return r.json() def _add_issue(self, gitlab_data): self._add_entry(Issue(gitlab_data, self.is_mullvad)) @@ -334,6 +366,16 @@ if __name__ == "__main__": help="New Mullvad Browser Extension version (if updated)", ) parser.add_argument("--ublock", help="New uBlock version (if updated)") + parser.add_argument( + "--exclude-from", + help="Relprep issues to remove entries from, useful when doing a major release", + nargs="*", + ) + parser.add_argument( + "--include-from", + help="Relprep issues to add entries from, useful when doing a major release", + nargs="*", + ) args = parser.parse_args() if not args.issue_version: @@ -350,17 +392,4 @@ if __name__ == "__main__": sys.exit(2) is_mullvad = args.browser == "mullvad-browser" if args.browser else None cb = ChangelogBuilder(token, args.issue_version, is_mullvad) - print( - cb.create( - date=args.date, - firefox=args.firefox, - tor=args.tor, - noscript=args.noscript, - openssl=args.openssl, - zlib=args.zlib, - zstd=args.zstd, - go=args.go, - mb_extension=args.mb_extension, - ublock=args.ublock, - ) - ) + print(cb.create(**vars(args))) ===================================== tools/relprep.py ===================================== @@ -250,6 +250,7 @@ class ReleasePreparation: logger.debug("About to fetch Firefox from %s.", remote) repo.remotes["origin"].fetch() tags = get_sorted_tags(repo) + tag_info = None for t in tags: m = re.match( r"(\w+-browser)-([^-]+)-([\d\.]+)-(\d+)-build(\d+)", t.tag @@ -259,8 +260,21 @@ class ReleasePreparation: and m.group(1) == browser and m.group(3) == self.version.major ): + logger.debug("Matched tag %s.", t.tag) # firefox-version, rebase, build - return (m.group(2), int(m.group(4)), int(m.group(5))) + tag_info = [m.group(2), int(m.group(4)), int(m.group(5))] + break + if tag_info is None: + raise RuntimeError("No compatible tag found.") + branch = t.tag[: m.end(4)] + logger.debug("Checking if tag %s is head of %s.", t.tag, branch) + if t.object != repo.remotes["origin"].refs[branch].commit: + logger.info( + "Found new commits after tag %s, bumping the build number preemptively.", + t.tag, + ) + tag_info[2] += 1 + return tag_info def update_firefox_android(self): logger.info("Updating firefox-android") @@ -402,9 +416,7 @@ class ReleasePreparation: source = self.find_input(config, "openssl") # No need to update URL, as it uses a variable. - hash_url = ( - f"https://github.com/openssl/openssl/releases/download/openssl-{version}/open…" - ) + hash_url = f"https://github.com/openssl/openssl/releases/download/openssl-{version}/open…" r = requests.get(hash_url) r.raise_for_status() source["sha256sum"] = r.text.strip() View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/compare/… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/compare/… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser-build][maint-14.0] Bug 41273: Bump Firefox/GeckoView tag when does not match HEAD.
by morgan (＠morgan) 17 Oct '24

17 Oct '24

morgan pushed to branch maint-14.0 at The Tor Project / Applications / tor-browser-build Commits: 11cdd993 by Pier Angelo Vendrame at 2024-10-17T16:05:28+02:00 Bug 41273: Bump Firefox/GeckoView tag when does not match HEAD. If we detect the tag we would use for build does not match the HEAD of the branch we are using, bump it preemptively. Normally, we would add that tag when ready to build, so this change can help us in case we forget to. If the script is overzealous, we can change the build number before committing. - - - - - 1 changed file: - tools/relprep.py Changes: ===================================== tools/relprep.py ===================================== @@ -242,6 +242,7 @@ class ReleasePreparation: logger.debug("About to fetch Firefox from %s.", remote) repo.remotes["origin"].fetch() tags = get_sorted_tags(repo) + tag_info = None for t in tags: m = re.match( r"(\w+-browser)-([^-]+)-([\d\.]+)-(\d+)-build(\d+)", t.tag @@ -251,8 +252,21 @@ class ReleasePreparation: and m.group(1) == browser and m.group(3) == self.version.major ): + logger.debug("Matched tag %s.", t.tag) # firefox-version, rebase, build - return (m.group(2), int(m.group(4)), int(m.group(5))) + tag_info = [m.group(2), int(m.group(4)), int(m.group(5))] + break + if tag_info is None: + raise RuntimeError("No compatible tag found.") + branch = t.tag[: m.end(4)] + logger.debug("Checking if tag %s is head of %s.", t.tag, branch) + if t.object != repo.remotes["origin"].refs[branch].commit: + logger.info( + "Found new commits after tag %s, bumping the build number preemptively.", + t.tag, + ) + tag_info[2] += 1 + return tag_info def update_translations(self): logger.info("Updating translations") @@ -373,9 +387,7 @@ class ReleasePreparation: source = self.find_input(config, "openssl") # No need to update URL, as it uses a variable. - hash_url = ( - f"https://github.com/openssl/openssl/releases/download/openssl-{version}/open…" - ) + hash_url = f"https://github.com/openssl/openssl/releases/download/openssl-{version}/open…" r = requests.get(hash_url) r.raise_for_status() source["sha256sum"] = r.text.strip() View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/1… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/1… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser-build][main] Bug 41273: Bump Firefox/GeckoView tag when does not match HEAD.
by morgan (＠morgan) 17 Oct '24

17 Oct '24

morgan pushed to branch main at The Tor Project / Applications / tor-browser-build Commits: 11cdd993 by Pier Angelo Vendrame at 2024-10-17T16:05:28+02:00 Bug 41273: Bump Firefox/GeckoView tag when does not match HEAD. If we detect the tag we would use for build does not match the HEAD of the branch we are using, bump it preemptively. Normally, we would add that tag when ready to build, so this change can help us in case we forget to. If the script is overzealous, we can change the build number before committing. - - - - - 1 changed file: - tools/relprep.py Changes: ===================================== tools/relprep.py ===================================== @@ -242,6 +242,7 @@ class ReleasePreparation: logger.debug("About to fetch Firefox from %s.", remote) repo.remotes["origin"].fetch() tags = get_sorted_tags(repo) + tag_info = None for t in tags: m = re.match( r"(\w+-browser)-([^-]+)-([\d\.]+)-(\d+)-build(\d+)", t.tag @@ -251,8 +252,21 @@ class ReleasePreparation: and m.group(1) == browser and m.group(3) == self.version.major ): + logger.debug("Matched tag %s.", t.tag) # firefox-version, rebase, build - return (m.group(2), int(m.group(4)), int(m.group(5))) + tag_info = [m.group(2), int(m.group(4)), int(m.group(5))] + break + if tag_info is None: + raise RuntimeError("No compatible tag found.") + branch = t.tag[: m.end(4)] + logger.debug("Checking if tag %s is head of %s.", t.tag, branch) + if t.object != repo.remotes["origin"].refs[branch].commit: + logger.info( + "Found new commits after tag %s, bumping the build number preemptively.", + t.tag, + ) + tag_info[2] += 1 + return tag_info def update_translations(self): logger.info("Updating translations") @@ -373,9 +387,7 @@ class ReleasePreparation: source = self.find_input(config, "openssl") # No need to update URL, as it uses a variable. - hash_url = ( - f"https://github.com/openssl/openssl/releases/download/openssl-{version}/open…" - ) + hash_url = f"https://github.com/openssl/openssl/releases/download/openssl-{version}/open…" r = requests.get(hash_url) r.raise_for_status() source["sha256sum"] = r.text.strip() View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/1… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/1… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser-build][maint-14.0] Bug 41274: Improve changelog generation for major releases.
by Pier Angelo Vendrame (＠pierov) 17 Oct '24

17 Oct '24

Pier Angelo Vendrame pushed to branch maint-14.0 at The Tor Project / Applications / tor-browser-build Commits: d35b529e by Pier Angelo Vendrame at 2024-10-17T15:38:12+02:00 Bug 41274: Improve changelog generation for major releases. This commits implements --include-from to get linked issues from many issues (potentially all the alpha release preps). It also implements --exclude-from to avoid including issues that were already linked to other rel preps (potentially the previous stables). Also, make sure to look only for currently open issues, otherwise all the various alpha relpreps would be matched when specifying the version number. - - - - - 1 changed file: - tools/fetch_changelogs.py Changes: ===================================== tools/fetch_changelogs.py ===================================== @@ -157,7 +157,7 @@ class ChangelogBuilder: elif not is_mullvad and is_mullvad is not None: labels += "&not[labels]=Sponsor 131" r = requests.get( - f"{API_URL}/projects/{PROJECT_ID}/issues?labels={labels}&search={issue_or_version}&in=title", + f"{API_URL}/projects/{PROJECT_ID}/issues?labels={labels}&search={issue_or_version}&in=title&state=opened", headers=self.headers, ) r.raise_for_status() @@ -197,7 +197,7 @@ class ChangelogBuilder: raise ValueError( "Inconsistency detected: a browser was explicitly specified, but the issue does not have the correct labels." ) - self.issue_id = issue["iid"] + self.relprep_issue = issue["iid"] self.is_mullvad = has_s131 if self.version is None: @@ -206,7 +206,9 @@ class ChangelogBuilder: self.version = version_match.group() def create(self, **kwargs): - self._find_linked() + self._find_linked( + kwargs.get("include_from"), kwargs.get("exclude_from") + ) self._add_updates(kwargs) self._sort_issues() name = "Mullvad" if self.is_mullvad else "Tor" @@ -234,16 +236,46 @@ class ChangelogBuilder: text += f" * {issue}\n" return text - def _find_linked(self): + def _find_linked(self, include_relpreps=[], exclude_relpreps=[]): self.issues = [] self.issues_build = [] + if include_relpreps is None: + include_relpreps = [self.relprep_issue] + elif self.relprep_issue not in include_relpreps: + include_relpreps.append(self.relprep_issue) + if exclude_relpreps is None: + exclude_relpreps = [] + + included = {} + excluded = set() + for relprep in include_relpreps: + included.update( + { + issue["references"]["full"]: issue + for issue in self._get_linked_issues(relprep) + } + ) + for relprep in exclude_relpreps: + excluded.update( + [ + issue["references"]["full"] + for issue in self._get_linked_issues(relprep) + ] + ) + for ex in excluded: + if ex in included: + included.pop(ex) + for data in included.values(): + self._add_issue(data) + + def _get_linked_issues(self, issue_id): r = requests.get( - f"{API_URL}/projects/{PROJECT_ID}/issues/{self.issue_id}/links", + f"{API_URL}/projects/{PROJECT_ID}/issues/{issue_id}/links", headers=self.headers, ) - for i in r.json(): - self._add_issue(i) + r.raise_for_status() + return r.json() def _add_issue(self, gitlab_data): self._add_entry(Issue(gitlab_data, self.is_mullvad)) @@ -335,6 +367,16 @@ if __name__ == "__main__": help="New Mullvad Browser Extension version (if updated)", ) parser.add_argument("--ublock", help="New uBlock version (if updated)") + parser.add_argument( + "--exclude-from", + help="Relprep issues to remove entries from, useful when doing a major release", + nargs="*", + ) + parser.add_argument( + "--include-from", + help="Relprep issues to add entries from, useful when doing a major release", + nargs="*", + ) args = parser.parse_args() if not args.issue_version: @@ -351,17 +393,4 @@ if __name__ == "__main__": sys.exit(2) is_mullvad = args.browser == "mullvad-browser" if args.browser else None cb = ChangelogBuilder(token, args.issue_version, is_mullvad) - print( - cb.create( - date=args.date, - firefox=args.firefox, - tor=args.tor, - noscript=args.noscript, - openssl=args.openssl, - zlib=args.zlib, - zstd=args.zstd, - go=args.go, - mb_extension=args.mb_extension, - ublock=args.ublock, - ) - ) + print(cb.create(**vars(args))) View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/d… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/d… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser-build][main] Bug 41274: Improve changelog generation for major releases.
by Pier Angelo Vendrame (＠pierov) 17 Oct '24

17 Oct '24

Pier Angelo Vendrame pushed to branch main at The Tor Project / Applications / tor-browser-build Commits: d35b529e by Pier Angelo Vendrame at 2024-10-17T15:38:12+02:00 Bug 41274: Improve changelog generation for major releases. This commits implements --include-from to get linked issues from many issues (potentially all the alpha release preps). It also implements --exclude-from to avoid including issues that were already linked to other rel preps (potentially the previous stables). Also, make sure to look only for currently open issues, otherwise all the various alpha relpreps would be matched when specifying the version number. - - - - - 1 changed file: - tools/fetch_changelogs.py Changes: ===================================== tools/fetch_changelogs.py ===================================== @@ -157,7 +157,7 @@ class ChangelogBuilder: elif not is_mullvad and is_mullvad is not None: labels += "&not[labels]=Sponsor 131" r = requests.get( - f"{API_URL}/projects/{PROJECT_ID}/issues?labels={labels}&search={issue_or_version}&in=title", + f"{API_URL}/projects/{PROJECT_ID}/issues?labels={labels}&search={issue_or_version}&in=title&state=opened", headers=self.headers, ) r.raise_for_status() @@ -197,7 +197,7 @@ class ChangelogBuilder: raise ValueError( "Inconsistency detected: a browser was explicitly specified, but the issue does not have the correct labels." ) - self.issue_id = issue["iid"] + self.relprep_issue = issue["iid"] self.is_mullvad = has_s131 if self.version is None: @@ -206,7 +206,9 @@ class ChangelogBuilder: self.version = version_match.group() def create(self, **kwargs): - self._find_linked() + self._find_linked( + kwargs.get("include_from"), kwargs.get("exclude_from") + ) self._add_updates(kwargs) self._sort_issues() name = "Mullvad" if self.is_mullvad else "Tor" @@ -234,16 +236,46 @@ class ChangelogBuilder: text += f" * {issue}\n" return text - def _find_linked(self): + def _find_linked(self, include_relpreps=[], exclude_relpreps=[]): self.issues = [] self.issues_build = [] + if include_relpreps is None: + include_relpreps = [self.relprep_issue] + elif self.relprep_issue not in include_relpreps: + include_relpreps.append(self.relprep_issue) + if exclude_relpreps is None: + exclude_relpreps = [] + + included = {} + excluded = set() + for relprep in include_relpreps: + included.update( + { + issue["references"]["full"]: issue + for issue in self._get_linked_issues(relprep) + } + ) + for relprep in exclude_relpreps: + excluded.update( + [ + issue["references"]["full"] + for issue in self._get_linked_issues(relprep) + ] + ) + for ex in excluded: + if ex in included: + included.pop(ex) + for data in included.values(): + self._add_issue(data) + + def _get_linked_issues(self, issue_id): r = requests.get( - f"{API_URL}/projects/{PROJECT_ID}/issues/{self.issue_id}/links", + f"{API_URL}/projects/{PROJECT_ID}/issues/{issue_id}/links", headers=self.headers, ) - for i in r.json(): - self._add_issue(i) + r.raise_for_status() + return r.json() def _add_issue(self, gitlab_data): self._add_entry(Issue(gitlab_data, self.is_mullvad)) @@ -335,6 +367,16 @@ if __name__ == "__main__": help="New Mullvad Browser Extension version (if updated)", ) parser.add_argument("--ublock", help="New uBlock version (if updated)") + parser.add_argument( + "--exclude-from", + help="Relprep issues to remove entries from, useful when doing a major release", + nargs="*", + ) + parser.add_argument( + "--include-from", + help="Relprep issues to add entries from, useful when doing a major release", + nargs="*", + ) args = parser.parse_args() if not args.issue_version: @@ -351,17 +393,4 @@ if __name__ == "__main__": sys.exit(2) is_mullvad = args.browser == "mullvad-browser" if args.browser else None cb = ChangelogBuilder(token, args.issue_version, is_mullvad) - print( - cb.create( - date=args.date, - firefox=args.firefox, - tor=args.tor, - noscript=args.noscript, - openssl=args.openssl, - zlib=args.zlib, - zstd=args.zstd, - go=args.go, - mb_extension=args.mb_extension, - ublock=args.ublock, - ) - ) + print(cb.create(**vars(args))) View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/d… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/d… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser-build][maint-14.0] 2 commits: Bug 41142: Add no_crosscompile to linux-cross host tools and clang
by Pier Angelo Vendrame (＠pierov) 17 Oct '24

17 Oct '24

Pier Angelo Vendrame pushed to branch maint-14.0 at The Tor Project / Applications / tor-browser-build Commits: cb3ba59c by NoisyCoil at 2024-10-17T13:37:29+02:00 Bug 41142: Add no_crosscompile to linux-cross host tools and clang - - - - - c10878fd by NoisyCoil at 2024-10-17T13:37:29+02:00 Bug 41142: Add the linux-aarch64 target to Rust - - - - - 7 changed files: - projects/clang/config - projects/cmake/config - projects/ninja/config - projects/node/config - projects/python/config - projects/rust/config - projects/wasi-sysroot/config Changes: ===================================== projects/clang/config ===================================== @@ -6,15 +6,20 @@ container: var: llvm_version: '[% pc("llvm-project", "version") %]' + no_crosscompile: 1 input_files: - project: container-image - name: '[% c("var/compiler") %]' project: '[% c("var/compiler") %]' enable: '[% c("var/linux") %]' + # Override the target to make sure we don't have linux-cross - name: binutils project: binutils enable: '[% c("var/linux") %]' + target: + - '[% c("var/channel") %]' + - '[% c("var/projectname") %]-linux-x86_64' - project: cmake name: cmake - project: llvm-project ===================================== projects/cmake/config ===================================== @@ -7,6 +7,8 @@ gpg_keyring: cmake.gpg filename: '[% project %]-[% c("version") %]-[% c("var/build_id") %].tar.[% c("compress_tar") %]' container: use_container: 1 +var: + no_crosscompile: 1 input_files: - project: container-image ===================================== projects/ninja/config ===================================== @@ -5,6 +5,8 @@ git_hash: a524bf3f6bacd1b4ad85d719eed2737d8562f27a #v1.11.1 filename: '[% project %]-[% c("version") %]-[% c("var/build_id") %].tar.[% c("compress_tar") %]' container: use_container: 1 +var: + no_crosscompile: 1 input_files: - project: container-image ===================================== projects/node/config ===================================== @@ -6,15 +6,20 @@ container: var: node_version: 18.19.0 node_sha256: f52b41af20596a9abd8ed75241837ec43945468221448bbf841361e2091819b6 + no_crosscompile: 1 input_files: - URL: 'https://nodejs.org/dist/v[% c("var/node_version") %]/node-v[% c("var/node_version") %].tar.xz' sha256sum: '[% c("var/node_sha256") %]' name: node - project: container-image + # Override the target to make sure we don't have linux-cross - project: binutils name: binutils enable: '[% c("var/linux") %]' + target: + - '[% c("var/channel") %]' + - '[% c("var/projectname") %]-linux-x86_64' - project: '[% c("var/compiler") %]' name: '[% c("var/compiler") %]' enable: '[% c("var/linux") %]' ===================================== projects/python/config ===================================== @@ -4,6 +4,7 @@ filename: 'python-[% c("var/build_id") %].tar.[% c("compress_tar") %]' container: use_container: 1 var: + no_crosscompile: 1 deps: - build-essential - python-all ===================================== projects/rust/config ===================================== @@ -19,6 +19,11 @@ targets: target: i686-unknown-linux-gnu target_flags: --set target.i686-unknown-linux-gnu.linker=clang --set target.i686-unknown-linux-gnu.ar=llvm-ar --set target.i686-unknown-linux-gnu.ranlib=llvm-ranlib + linux-aarch64: + var: + target: aarch64-unknown-linux-gnu + target_flags: --set target.aarch64-unknown-linux-gnu.linker=aarch64-linux-gnu-gcc --set target.aarch64-unknown-linux-gnu.ar=llvm-ar --set target.aarch64-unknown-linux-gnu.ranlib=llvm-ranlib + macos: var: target: '[% c("var/build_target") %]' ===================================== projects/wasi-sysroot/config ===================================== @@ -12,6 +12,9 @@ git_submodule: 0 container: use_container: 1 +var: + no_crosscompile: 1 + input_files: - project: container-image # We do not use GCC, but we need its libsdc++ to run Clang View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/compare/… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/compare/… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser-build][main] 2 commits: Bug 41142: Add no_crosscompile to linux-cross host tools and clang
by boklm (＠boklm) 17 Oct '24

17 Oct '24

boklm pushed to branch main at The Tor Project / Applications / tor-browser-build Commits: cb3ba59c by NoisyCoil at 2024-10-17T13:37:29+02:00 Bug 41142: Add no_crosscompile to linux-cross host tools and clang - - - - - c10878fd by NoisyCoil at 2024-10-17T13:37:29+02:00 Bug 41142: Add the linux-aarch64 target to Rust - - - - - 7 changed files: - projects/clang/config - projects/cmake/config - projects/ninja/config - projects/node/config - projects/python/config - projects/rust/config - projects/wasi-sysroot/config Changes: ===================================== projects/clang/config ===================================== @@ -6,15 +6,20 @@ container: var: llvm_version: '[% pc("llvm-project", "version") %]' + no_crosscompile: 1 input_files: - project: container-image - name: '[% c("var/compiler") %]' project: '[% c("var/compiler") %]' enable: '[% c("var/linux") %]' + # Override the target to make sure we don't have linux-cross - name: binutils project: binutils enable: '[% c("var/linux") %]' + target: + - '[% c("var/channel") %]' + - '[% c("var/projectname") %]-linux-x86_64' - project: cmake name: cmake - project: llvm-project ===================================== projects/cmake/config ===================================== @@ -7,6 +7,8 @@ gpg_keyring: cmake.gpg filename: '[% project %]-[% c("version") %]-[% c("var/build_id") %].tar.[% c("compress_tar") %]' container: use_container: 1 +var: + no_crosscompile: 1 input_files: - project: container-image ===================================== projects/ninja/config ===================================== @@ -5,6 +5,8 @@ git_hash: a524bf3f6bacd1b4ad85d719eed2737d8562f27a #v1.11.1 filename: '[% project %]-[% c("version") %]-[% c("var/build_id") %].tar.[% c("compress_tar") %]' container: use_container: 1 +var: + no_crosscompile: 1 input_files: - project: container-image ===================================== projects/node/config ===================================== @@ -6,15 +6,20 @@ container: var: node_version: 18.19.0 node_sha256: f52b41af20596a9abd8ed75241837ec43945468221448bbf841361e2091819b6 + no_crosscompile: 1 input_files: - URL: 'https://nodejs.org/dist/v[% c("var/node_version") %]/node-v[% c("var/node_version") %].tar.xz' sha256sum: '[% c("var/node_sha256") %]' name: node - project: container-image + # Override the target to make sure we don't have linux-cross - project: binutils name: binutils enable: '[% c("var/linux") %]' + target: + - '[% c("var/channel") %]' + - '[% c("var/projectname") %]-linux-x86_64' - project: '[% c("var/compiler") %]' name: '[% c("var/compiler") %]' enable: '[% c("var/linux") %]' ===================================== projects/python/config ===================================== @@ -4,6 +4,7 @@ filename: 'python-[% c("var/build_id") %].tar.[% c("compress_tar") %]' container: use_container: 1 var: + no_crosscompile: 1 deps: - build-essential - python-all ===================================== projects/rust/config ===================================== @@ -19,6 +19,11 @@ targets: target: i686-unknown-linux-gnu target_flags: --set target.i686-unknown-linux-gnu.linker=clang --set target.i686-unknown-linux-gnu.ar=llvm-ar --set target.i686-unknown-linux-gnu.ranlib=llvm-ranlib + linux-aarch64: + var: + target: aarch64-unknown-linux-gnu + target_flags: --set target.aarch64-unknown-linux-gnu.linker=aarch64-linux-gnu-gcc --set target.aarch64-unknown-linux-gnu.ar=llvm-ar --set target.aarch64-unknown-linux-gnu.ranlib=llvm-ranlib + macos: var: target: '[% c("var/build_target") %]' ===================================== projects/wasi-sysroot/config ===================================== @@ -12,6 +12,9 @@ git_submodule: 0 container: use_container: 1 +var: + no_crosscompile: 1 + input_files: - project: container-image # We do not use GCC, but we need its libsdc++ to run Clang View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/compare/… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/compare/… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][base-browser-115.16.0esr-13.5-1] Bug 42467: Make OS HTTP User-Agent OS spoofing configurable by pref
by morgan (＠morgan) 16 Oct '24

16 Oct '24

morgan pushed to branch base-browser-115.16.0esr-13.5-1 at The Tor Project / Applications / Tor Browser Commits: bd216fff by Pier Angelo Vendrame at 2024-10-16T22:27:14+00:00 Bug 42467: Make OS HTTP User-Agent OS spoofing configurable by pref This commits makes it possible to disable OS spoofing in the HTTP User-Agent header, to see if matching header and JS property improve usability. - - - - - 2 changed files: - netwerk/protocol/http/nsHttpHandler.cpp - toolkit/components/resistfingerprinting/nsRFPService.cpp Changes: ===================================== netwerk/protocol/http/nsHttpHandler.cpp ===================================== @@ -497,6 +497,9 @@ nsresult nsHttpHandler::Init() { // obsService->AddObserver(this, "net:failed-to-process-uri-content", true); } + Preferences::AddWeakObserver( + this, "privacy.resistFingerprinting.spoofOsInUserAgentHeader"_ns); + MakeNewRequestTokenBucket(); mWifiTickler = new Tickler(); if (NS_FAILED(mWifiTickler->Init())) mWifiTickler = nullptr; @@ -2064,6 +2067,9 @@ nsHttpHandler::Observe(nsISupports* subject, const char* topic, // Inform nsIOService that network is tearing down. gIOService->SetHttpHandlerAlreadyShutingDown(); + Preferences::RemoveObserver( + this, "privacy.resistFingerprinting.spoofOsInUserAgentHeader"_ns); + ShutdownConnectionManager(); // need to reset the session start time since cache validation may @@ -2189,6 +2195,11 @@ nsHttpHandler::Observe(nsISupports* subject, const char* topic, ShutdownConnectionManager(); mConnMgr = nullptr; Unused << InitConnectionMgr(); + } else if (!strcmp(topic, "nsPref:changed") && + !NS_strcmp( + data, + u"privacy.resistFingerprinting.spoofOsInUserAgentHeader")) { + nsRFPService::GetSpoofedUserAgent(mSpoofedUserAgent, true); } return NS_OK; ===================================== toolkit/components/resistfingerprinting/nsRFPService.cpp ===================================== @@ -939,12 +939,17 @@ void nsRFPService::GetSpoofedUserAgent(nsACString& userAgent, // https://developer.mozilla.org/en-US/docs/Web/API/NavigatorID/userAgent // https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/User-Agent + const bool spoofOs = + isForHTTPHeader && + Preferences::GetBool( + "privacy.resistFingerprinting.spoofOsInUserAgentHeader", true); + // These magic numbers are the lengths of the UA string literals below. // Assume three-digit Firefox version numbers so we have room to grow. size_t preallocatedLength = 13 + - (isForHTTPHeader ? mozilla::ArrayLength(SPOOFED_HTTP_UA_OS) - : mozilla::ArrayLength(SPOOFED_UA_OS)) - + (spoofOs ? mozilla::ArrayLength(SPOOFED_HTTP_UA_OS) + : mozilla::ArrayLength(SPOOFED_UA_OS)) - 1 + 5 + 3 + 10 + mozilla::ArrayLength(LEGACY_UA_GECKO_TRAIL) - 1 + 9 + 3 + 2; userAgent.SetCapacity(preallocatedLength); @@ -954,7 +959,7 @@ void nsRFPService::GetSpoofedUserAgent(nsACString& userAgent, // "Mozilla/5.0 (%s; rv:%d.0) Gecko/%d Firefox/%d.0" userAgent.AssignLiteral("Mozilla/5.0 ("); - if (isForHTTPHeader) { + if (spoofOs) { userAgent.AppendLiteral(SPOOFED_HTTP_UA_OS); } else { userAgent.AppendLiteral(SPOOFED_UA_OS); View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/bd216ff… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/bd216ff… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][tor-browser-115.16.0esr-13.5-1] 2 commits: Bug 42467: Make OS HTTP User-Agent OS spoofing configurable by pref
by morgan (＠morgan) 16 Oct '24

16 Oct '24

morgan pushed to branch tor-browser-115.16.0esr-13.5-1 at The Tor Project / Applications / Tor Browser Commits: 8ae4a172 by Pier Angelo Vendrame at 2024-10-16T22:24:59+00:00 Bug 42467: Make OS HTTP User-Agent OS spoofing configurable by pref This commits makes it possible to disable OS spoofing in the HTTP User-Agent header, to see if matching header and JS property improve usability. - - - - - 39263a40 by Morgan at 2024-10-16T22:25:12+00:00 fixup! Bug 40562: Added Tor Browser preferences to 000-tor-browser.js Bug 43170: Disable user-agent spoofing in HTTP header - - - - - 3 changed files: - browser/app/profile/000-tor-browser.js - netwerk/protocol/http/nsHttpHandler.cpp - toolkit/components/resistfingerprinting/nsRFPService.cpp Changes: ===================================== browser/app/profile/000-tor-browser.js ===================================== @@ -52,6 +52,8 @@ pref("network.http.connection-retry-timeout", 0); // be reduced to the strictly required time). pref("extensions.torbutton.use_nontor_proxy", false); +// tor-browser#42647: Make OS HTTP User-Agent OS spoofing configurable by pref +pref("privacy.resistFingerprinting.spoofOsInUserAgentHeader", true); // Browser home page: pref("browser.startup.homepage", "about:tor"); ===================================== netwerk/protocol/http/nsHttpHandler.cpp ===================================== @@ -497,6 +497,9 @@ nsresult nsHttpHandler::Init() { // obsService->AddObserver(this, "net:failed-to-process-uri-content", true); } + Preferences::AddWeakObserver( + this, "privacy.resistFingerprinting.spoofOsInUserAgentHeader"_ns); + MakeNewRequestTokenBucket(); mWifiTickler = new Tickler(); if (NS_FAILED(mWifiTickler->Init())) mWifiTickler = nullptr; @@ -2064,6 +2067,9 @@ nsHttpHandler::Observe(nsISupports* subject, const char* topic, // Inform nsIOService that network is tearing down. gIOService->SetHttpHandlerAlreadyShutingDown(); + Preferences::RemoveObserver( + this, "privacy.resistFingerprinting.spoofOsInUserAgentHeader"_ns); + ShutdownConnectionManager(); // need to reset the session start time since cache validation may @@ -2189,6 +2195,11 @@ nsHttpHandler::Observe(nsISupports* subject, const char* topic, ShutdownConnectionManager(); mConnMgr = nullptr; Unused << InitConnectionMgr(); + } else if (!strcmp(topic, "nsPref:changed") && + !NS_strcmp( + data, + u"privacy.resistFingerprinting.spoofOsInUserAgentHeader")) { + nsRFPService::GetSpoofedUserAgent(mSpoofedUserAgent, true); } return NS_OK; ===================================== toolkit/components/resistfingerprinting/nsRFPService.cpp ===================================== @@ -939,12 +939,17 @@ void nsRFPService::GetSpoofedUserAgent(nsACString& userAgent, // https://developer.mozilla.org/en-US/docs/Web/API/NavigatorID/userAgent // https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/User-Agent + const bool spoofOs = + isForHTTPHeader && + Preferences::GetBool( + "privacy.resistFingerprinting.spoofOsInUserAgentHeader", true); + // These magic numbers are the lengths of the UA string literals below. // Assume three-digit Firefox version numbers so we have room to grow. size_t preallocatedLength = 13 + - (isForHTTPHeader ? mozilla::ArrayLength(SPOOFED_HTTP_UA_OS) - : mozilla::ArrayLength(SPOOFED_UA_OS)) - + (spoofOs ? mozilla::ArrayLength(SPOOFED_HTTP_UA_OS) + : mozilla::ArrayLength(SPOOFED_UA_OS)) - 1 + 5 + 3 + 10 + mozilla::ArrayLength(LEGACY_UA_GECKO_TRAIL) - 1 + 9 + 3 + 2; userAgent.SetCapacity(preallocatedLength); @@ -954,7 +959,7 @@ void nsRFPService::GetSpoofedUserAgent(nsACString& userAgent, // "Mozilla/5.0 (%s; rv:%d.0) Gecko/%d Firefox/%d.0" userAgent.AssignLiteral("Mozilla/5.0 ("); - if (isForHTTPHeader) { + if (spoofOs) { userAgent.AppendLiteral(SPOOFED_HTTP_UA_OS); } else { userAgent.AppendLiteral(SPOOFED_UA_OS); View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/compare/10897e… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/compare/10897e… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/mullvad-browser][mullvad-browser-128.3.0esr-14.0-1] Bug 43101: Deep link to the startup security warning explanation.
by morgan (＠morgan) 16 Oct '24

16 Oct '24

morgan pushed to branch mullvad-browser-128.3.0esr-14.0-1 at The Tor Project / Applications / Mullvad Browser Commits: 5d608b10 by hackademix at 2024-10-16T22:11:51+00:00 Bug 43101: Deep link to the startup security warning explanation. - - - - - 1 changed file: - security/sandbox/common/SandboxUtils.sys.mjs Changes: ===================================== security/sandbox/common/SandboxUtils.sys.mjs ===================================== @@ -37,7 +37,7 @@ export var SandboxUtils = { let buttons = [ { - supportPage: "install-firefox-linux", + supportPage: "install-firefox-linux#w_security-features-warning", "l10n-id": "sandbox-unprivileged-namespaces-howtofix", }, { View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/commit/5d6… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/commit/5d6… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][base-browser-128.3.0esr-14.0-1] Bug 43101: Deep link to the startup security warning explanation.
by morgan (＠morgan) 16 Oct '24

16 Oct '24

morgan pushed to branch base-browser-128.3.0esr-14.0-1 at The Tor Project / Applications / Tor Browser Commits: 7a7678d2 by hackademix at 2024-10-16T22:11:05+00:00 Bug 43101: Deep link to the startup security warning explanation. - - - - - 1 changed file: - security/sandbox/common/SandboxUtils.sys.mjs Changes: ===================================== security/sandbox/common/SandboxUtils.sys.mjs ===================================== @@ -37,7 +37,7 @@ export var SandboxUtils = { let buttons = [ { - supportPage: "install-firefox-linux", + supportPage: "install-firefox-linux#w_security-features-warning", "l10n-id": "sandbox-unprivileged-namespaces-howtofix", }, { View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/7a7678d… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/7a7678d… You're receiving this email because of your account on gitlab.torproject.org.

1 0