- tbb-commits - lists.torproject.org

[Git][tpo/applications/firefox-android][firefox-android-115.2.1-13.5-1] 4 commits: Revert "Bug 1836786 - Improve prompts a=dmeehan - BP, tor-browser#42693"
by ma1 (＠ma1) 05 Aug '24

05 Aug '24

ma1 pushed to branch firefox-android-115.2.1-13.5-1 at The Tor Project / Applications / firefox-android Commits: cd556e14 by hackademix at 2024-08-02T22:31:10+02:00 Revert "Bug 1836786 - Improve prompts a=dmeehan - BP, tor-browser#42693" This reverts commit 6271d70897cd1cd4fba39a75d63e3bd1869bcccc. We'll re-apply this patch (and others depending on it) after merging Bug 1903828 - Refactor PromptAbuserDetector into support-utils - - - - - c60897e8 by hackademix at 2024-08-02T22:57:38+02:00 Bug 1903828 - Refactor PromptAbuserDetector into support-utils - BP, tor-browser#43005 - - - - - 1e885468 by hackademix at 2024-08-02T23:25:03+02:00 Bug 1836786 - Improve prompts r=gl - BP, tor-browser#43005 - - - - - 233d8217 by hackademix at 2024-08-04T17:32:36+02:00 Bug 1908344 - Improve prompts showing a=dmeehan - BP, tor-browser#43005 - - - - - 7 changed files: - android-components/.buildconfig.yml - android-components/components/feature/prompts/src/main/java/mozilla/components/feature/prompts/PromptFeature.kt - android-components/components/feature/sitepermissions/build.gradle - android-components/components/feature/sitepermissions/src/main/java/mozilla/components/feature/sitepermissions/SitePermissionsDialogFragment.kt - android-components/components/feature/sitepermissions/src/test/java/mozilla/components/feature/sitepermissions/SitePermissionsDialogFragmentTest.kt - android-components/components/feature/prompts/src/main/java/mozilla/components/feature/prompts/dialog/PromptAbuserDetector.kt → android-components/components/support/utils/src/main/java/mozilla/components/support/ktx/util/PromptAbuserDetector.kt - focus-android/app/src/androidTest/java/org/mozilla/focus/activity/SitePermissionsTest.kt Changes: ===================================== android-components/.buildconfig.yml ===================================== @@ -1150,7 +1150,6 @@ projects: - concept-tabstray - concept-toolbar - feature-session - - feature-prompts - feature-tabs - lib-publicsuffixlist - lib-state ===================================== android-components/components/feature/prompts/src/main/java/mozilla/components/feature/prompts/PromptFeature.kt ===================================== @@ -61,7 +61,6 @@ import mozilla.components.feature.prompts.dialog.ChoiceDialogFragment.Companion. import mozilla.components.feature.prompts.dialog.ColorPickerDialogFragment import mozilla.components.feature.prompts.dialog.ConfirmDialogFragment import mozilla.components.feature.prompts.dialog.MultiButtonDialogFragment -import mozilla.components.feature.prompts.dialog.PromptAbuserDetector import mozilla.components.feature.prompts.dialog.PromptDialogFragment import mozilla.components.feature.prompts.dialog.Prompter import mozilla.components.feature.prompts.dialog.SaveLoginDialogFragment @@ -91,6 +90,7 @@ import mozilla.components.support.base.feature.UserInteractionHandler import mozilla.components.support.base.log.logger.Logger import mozilla.components.support.ktx.kotlin.ifNullOrEmpty import mozilla.components.support.ktx.kotlinx.coroutines.flow.ifAnyChanged +import mozilla.components.support.ktx.util.PromptAbuserDetector import java.lang.ref.WeakReference import java.security.InvalidParameterException import java.util.Collections @@ -467,36 +467,51 @@ class PromptFeature private constructor( internal fun onPromptRequested(session: SessionState) { // Some requests are handle with intents session.content.promptRequests.lastOrNull()?.let { promptRequest -> - store.state.findTabOrCustomTabOrSelectedTab(customTabId)?.let { - promptRequest.executeIfWindowedPrompt { exitFullscreenUsecase(it.id) } + if (session.content.permissionRequestsList.isNotEmpty()) { + onCancel(session.id, promptRequest.uid) + } else { + processPromptRequest(promptRequest, session) } + } + } - when (promptRequest) { - is File -> { - emitPromptDisplayedFact(promptName = "FilePrompt") - filePicker.handleFileRequest(promptRequest) - } - is Share -> handleShareRequest(promptRequest, session) - is SelectCreditCard -> { - emitSuccessfulCreditCardAutofillFormDetectedFact() - if (isCreditCardAutofillEnabled() && promptRequest.creditCards.isNotEmpty()) { - creditCardPicker?.handleSelectCreditCardRequest(promptRequest) - } + @Suppress("NestedBlockDepth") + private fun processPromptRequest( + promptRequest: PromptRequest, + session: SessionState, + ) { + store.state.findTabOrCustomTabOrSelectedTab(customTabId)?.let { + promptRequest.executeIfWindowedPrompt { exitFullscreenUsecase(it.id) } + } + + when (promptRequest) { + is File -> { + emitPromptDisplayedFact(promptName = "FilePrompt") + filePicker.handleFileRequest(promptRequest) + } + + is Share -> handleShareRequest(promptRequest, session) + is SelectCreditCard -> { + emitSuccessfulCreditCardAutofillFormDetectedFact() + if (isCreditCardAutofillEnabled() && promptRequest.creditCards.isNotEmpty()) { + creditCardPicker?.handleSelectCreditCardRequest(promptRequest) } - is SelectLoginPrompt -> { - emitPromptDisplayedFact(promptName = "SelectLoginPrompt") - if (promptRequest.logins.isNotEmpty()) { - loginPicker?.handleSelectLoginRequest(promptRequest) - } + } + + is SelectLoginPrompt -> { + emitPromptDisplayedFact(promptName = "SelectLoginPrompt") + if (promptRequest.logins.isNotEmpty()) { + loginPicker?.handleSelectLoginRequest(promptRequest) } - is SelectAddress -> { - emitSuccessfulAddressAutofillFormDetectedFact() - if (isAddressAutofillEnabled() && promptRequest.addresses.isNotEmpty()) { - addressPicker?.handleSelectAddressRequest(promptRequest) - } + } + is SelectAddress -> { + emitSuccessfulAddressAutofillFormDetectedFact() + if (isAddressAutofillEnabled() && promptRequest.addresses.isNotEmpty()) { + addressPicker?.handleSelectAddressRequest(promptRequest) } - else -> handleDialogsRequest(promptRequest, session) } + + else -> handleDialogsRequest(promptRequest, session) } } ===================================== android-components/components/feature/sitepermissions/build.gradle ===================================== @@ -58,8 +58,8 @@ dependencies { implementation project(':concept-engine') implementation project(':ui-icons') implementation project(':support-ktx') - implementation project(':feature-prompts') implementation project(':feature-tabs') + implementation project(':support-utils') implementation ComponentsDependencies.kotlin_coroutines ===================================== android-components/components/feature/sitepermissions/src/main/java/mozilla/components/feature/sitepermissions/SitePermissionsDialogFragment.kt ===================================== @@ -23,7 +23,7 @@ import android.widget.TextView import androidx.annotation.VisibleForTesting import androidx.appcompat.app.AppCompatDialogFragment import androidx.core.content.ContextCompat -import mozilla.components.feature.prompts.dialog.PromptAbuserDetector +import mozilla.components.support.ktx.util.PromptAbuserDetector internal const val KEY_SESSION_ID = "KEY_SESSION_ID" internal const val KEY_TITLE = "KEY_TITLE" ===================================== android-components/components/feature/sitepermissions/src/test/java/mozilla/components/feature/sitepermissions/SitePermissionsDialogFragmentTest.kt ===================================== @@ -19,6 +19,7 @@ import mozilla.components.support.test.robolectric.testContext import org.junit.Assert.assertEquals import org.junit.Assert.assertFalse import org.junit.Assert.assertTrue +import org.junit.Ignore import org.junit.Test import org.junit.runner.RunWith import org.mockito.Mockito.doNothing @@ -233,6 +234,7 @@ class SitePermissionsDialogFragmentTest { } @Test + @Ignore("https://bugzilla.mozilla.org/show_bug.cgi?id=1903828") fun `clicking on positive button notifies the feature (temporary)`() { val mockFeature: SitePermissionsFeature = mock() val fragment = spy( @@ -261,6 +263,7 @@ class SitePermissionsDialogFragmentTest { } @Test + @Ignore("https://bugzilla.mozilla.org/show_bug.cgi?id=1903828") fun `dismissing the dialog notifies the feature`() { val mockFeature: SitePermissionsFeature = mock() val fragment = spy( @@ -360,6 +363,7 @@ class SitePermissionsDialogFragmentTest { } @Test + @Ignore("https://bugzilla.mozilla.org/show_bug.cgi?id=1903828") fun `clicking on positive button notifies the feature (permanent)`() { val mockFeature: SitePermissionsFeature = mock() val fragment = spy( @@ -389,6 +393,7 @@ class SitePermissionsDialogFragmentTest { } @Test + @Ignore("https://bugzilla.mozilla.org/show_bug.cgi?id=1903828") fun `clicking on negative button notifies the feature (permanent)`() { val mockFeature: SitePermissionsFeature = mock() val fragment = spy( ===================================== android-components/components/feature/prompts/src/main/java/mozilla/components/feature/prompts/dialog/PromptAbuserDetector.kt → android-components/components/support/utils/src/main/java/mozilla/components/support/ktx/util/PromptAbuserDetector.kt ===================================== @@ -2,25 +2,38 @@ * License, v. 2.0. If a copy of the MPL was not distributed with this * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ -package mozilla.components.feature.prompts.dialog +package mozilla.components.support.ktx.util +import androidx.annotation.VisibleForTesting import java.util.Date /** * Helper class to identify if a website has shown many dialogs. + * @param maxSuccessiveDialogSecondsLimit Maximum time required + * between dialogs in seconds before not showing more dialog. */ class PromptAbuserDetector(private val maxSuccessiveDialogSecondsLimit: Int = MAX_SUCCESSIVE_DIALOG_SECONDS_LIMIT) { - internal var jsAlertCount = 0 - internal var lastDialogShownAt = Date() + @VisibleForTesting(otherwise = VisibleForTesting.PRIVATE) + var jsAlertCount = 0 + + @VisibleForTesting(otherwise = VisibleForTesting.PRIVATE) + var lastDialogShownAt = Date() + var shouldShowMoreDialogs = true private set + /** + * Updates internal state for alerts counts. + */ fun resetJSAlertAbuseState() { jsAlertCount = 0 shouldShowMoreDialogs = true } + /** + * Updates internal state for last shown and count of dialogs. + */ fun updateJSDialogAbusedState() { if (!areDialogsAbusedByTime()) { jsAlertCount = 0 @@ -29,25 +42,35 @@ class PromptAbuserDetector(private val maxSuccessiveDialogSecondsLimit: Int = MA lastDialogShownAt = Date() } + /** + * Indicates whether or not user wants to see more dialogs. + */ fun userWantsMoreDialogs(checkBox: Boolean) { shouldShowMoreDialogs = checkBox } + /** + * Indicates whether dialogs are being abused or not. + */ fun areDialogsBeingAbused(): Boolean { return areDialogsAbusedByTime() || areDialogsAbusedByCount() } - internal fun areDialogsAbusedByTime(): Boolean { + @VisibleForTesting(otherwise = VisibleForTesting.PRIVATE) + @Suppress("UndocumentedPublicFunction") // this is visible only for tests + fun now() = Date() + + private fun areDialogsAbusedByTime(): Boolean { return if (jsAlertCount == 0) { false } else { - val now = Date() + val now = now() val diffInSeconds = (now.time - lastDialogShownAt.time) / SECOND_MS diffInSeconds < maxSuccessiveDialogSecondsLimit } } - internal fun areDialogsAbusedByCount(): Boolean { + private fun areDialogsAbusedByCount(): Boolean { return jsAlertCount > MAX_SUCCESSIVE_DIALOG_COUNT } ===================================== focus-android/app/src/androidTest/java/org/mozilla/focus/activity/SitePermissionsTest.kt ===================================== @@ -229,6 +229,7 @@ class SitePermissionsTest { @SmokeTest @Test + @Ignore fun testLocationSharingAllowed() { mockLocationUpdatesRule.setMockLocation() @@ -244,6 +245,7 @@ class SitePermissionsTest { @SmokeTest @Test + @Ignore fun allowCameraPermissionsTest() { Assume.assumeTrue(cameraManager.cameraIdList.isNotEmpty()) searchScreen { View it on GitLab: https://gitlab.torproject.org/tpo/applications/firefox-android/-/compare/62… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/firefox-android/-/compare/62… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][tor-browser-128.1.0esr-14.0-1] 2 commits: Bug 1899180. If a channel is not nsIPrivateBrowsingChannel and has no load...
by ma1 (＠ma1) 05 Aug '24

05 Aug '24

ma1 pushed to branch tor-browser-128.1.0esr-14.0-1 at The Tor Project / Applications / Tor Browser Commits: 7bd25966 by Timothy Nikkel at 2024-08-05T10:37:44+02:00 Bug 1899180. If a channel is not nsIPrivateBrowsingChannel and has no load context, use the private browsing field from it's origin attributes. r=necko-reviewers,anti-tracking-reviewers,valentin If the channel is not a nsIPrivateBrowsingChannel, and it also has no load context (eg inside svg images) then we will over write a non-zero mPrivateBrowsingId on the OriginAttributes of the channel with 0, making NS_UsePrivateBrowsing return false for the channel. Differential Revision: https://phabricator.services.mozilla.com/D212083 - - - - - 88158de9 by Jon Coppeard at 2024-08-05T10:40:09+02:00 Bug 1904011 - Ignore finalized scripts when iterating code covarage tables r=iain Differential Revision: https://phabricator.services.mozilla.com/D214799 - - - - - 6 changed files: - image/test/browser/browser.toml - + image/test/browser/browser_bug1899180.js - + image/test/browser/helper1899180.html - js/src/gc/Zone.cpp - + js/src/jit-test/tests/debug/bug-1904011.js - toolkit/components/antitracking/StoragePrincipalHelper.cpp Changes: ===================================== image/test/browser/browser.toml ===================================== @@ -15,6 +15,9 @@ skip-if = ["true"] # Bug 1207012 - Permaorange from an uncaught exception that i ["browser_bug1869938.js"] support-files = ["helper1869938.html"] +["browser_bug1899180.js"] +support-files = ["helper1899180.html"] + ["browser_docshell_type_editor.js"] ["browser_image.js"] ===================================== image/test/browser/browser_bug1899180.js ===================================== @@ -0,0 +1,49 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +/* + * This test opens a private browsing window, then opens a content page in it + * that loads an svg image that contains an image to an external protocol. + * This tests that we don't hit an assert in this situation. + */ + +add_task(async function test() { + function httpURL(filename) { + let chromeURL = getRootDirectory(gTestPath) + filename; + return chromeURL.replace( + "chrome://mochitests/content/", + "http://mochi.test:8888/" + ); + } + + let win = await BrowserTestUtils.openNewBrowserWindow({ private: true }); + + let tab = (win.gBrowser.selectedTab = BrowserTestUtils.addTab( + win.gBrowser, + "about:blank" + )); + + await BrowserTestUtils.browserLoaded(tab.linkedBrowser); + + const pageUrl = httpURL("helper1899180.html"); + + BrowserTestUtils.startLoadingURIString(tab.linkedBrowser, pageUrl); + + await BrowserTestUtils.browserLoaded(tab.linkedBrowser); + + await new Promise(resolve => { + waitForFocus(resolve, win); + }); + + // do a couple rafs here to ensure its loaded and displayed + await new Promise(r => requestAnimationFrame(r)); + await new Promise(r => requestAnimationFrame(r)); + + await BrowserTestUtils.closeWindow(win); + + win = null; + tab = null; + + ok(true, "we got here and didn't crash/assert"); +}); ===================================== image/test/browser/helper1899180.html ===================================== @@ -0,0 +1,5 @@ +<!DOCTYPE html> +<html> + +<img src='data:image/svg+xml;charset=UTF-8,<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" viewBox="0 0 120 120"><image width="10" height="10" xlink:href="C:\doesntmatter.png"/></svg>'/> +</html> ===================================== js/src/gc/Zone.cpp ===================================== @@ -906,7 +906,13 @@ void Zone::clearScriptCounts(Realm* realm) { // Clear all hasScriptCounts_ flags of BaseScript, in order to release all // ScriptCounts entries of the given realm. for (auto i = scriptCountsMap->modIter(); !i.done(); i.next()) { - BaseScript* script = i.get().key(); + const HeapPtr<BaseScript*>& script = i.get().key(); + if (IsAboutToBeFinalized(script)) { + // Dead scripts may be present during incremental GC until script + // finalizers have been run. + continue; + } + if (script->realm() != realm) { continue; } @@ -927,7 +933,13 @@ void Zone::clearScriptLCov(Realm* realm) { } for (auto i = scriptLCovMap->modIter(); !i.done(); i.next()) { - BaseScript* script = i.get().key(); + const HeapPtr<BaseScript*>& script = i.get().key(); + if (IsAboutToBeFinalized(script)) { + // Dead scripts may be present during incremental GC until script + // finalizers have been run. + continue; + } + if (script->realm() == realm) { i.remove(); } ===================================== js/src/jit-test/tests/debug/bug-1904011.js ===================================== @@ -0,0 +1,15 @@ +// |jit-test| --fuzzing-safe; --ion-offthread-compile=off +gczeal(0); + +let g = newGlobal({newCompartment: true}); +let dbg = new Debugger(g); + +dbg.collectCoverageInfo = true; +g.eval("0"); + +// Start a GC in the debugger's zone and yield after sweeping objects. +schedulezone(g); +gczeal(22); +startgc(100); + +dbg.collectCoverageInfo = false; ===================================== toolkit/components/antitracking/StoragePrincipalHelper.cpp ===================================== @@ -447,7 +447,7 @@ bool StoragePrincipalHelper::GetOriginAttributes( nsCOMPtr<nsILoadInfo> loadInfo = aChannel->LoadInfo(); loadInfo->GetOriginAttributes(&aAttributes); - bool isPrivate = false; + bool isPrivate = aAttributes.mPrivateBrowsingId > 0; nsCOMPtr<nsIPrivateBrowsingChannel> pbChannel = do_QueryInterface(aChannel); if (pbChannel) { nsresult rv = pbChannel->GetIsChannelPrivate(&isPrivate); @@ -456,7 +456,9 @@ bool StoragePrincipalHelper::GetOriginAttributes( // Some channels may not implement nsIPrivateBrowsingChannel nsCOMPtr<nsILoadContext> loadContext; NS_QueryNotificationCallbacks(aChannel, loadContext); - isPrivate = loadContext && loadContext->UsePrivateBrowsing(); + if (loadContext) { + isPrivate = loadContext->UsePrivateBrowsing(); + } } aAttributes.SyncAttributesWithPrivateBrowsing(isPrivate); View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/compare/693e12… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/compare/693e12… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser] Pushed new tag tor-browser-128.1.0esr-14.0-1-build2
by ma1 (＠ma1) 05 Aug '24

05 Aug '24

ma1 pushed new tag tor-browser-128.1.0esr-14.0-1-build2 at The Tor Project / Applications / Tor Browser -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/tree/tor-brows… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/mullvad-browser] Pushed new tag mullvad-browser-115.14.0esr-13.5-1-build2
by ma1 (＠ma1) 05 Aug '24

05 Aug '24

ma1 pushed new tag mullvad-browser-115.14.0esr-13.5-1-build2 at The Tor Project / Applications / Mullvad Browser -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/tree/mullv… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/mullvad-browser][mullvad-browser-115.14.0esr-13.5-1] 2 commits: Bug 1899180. If a channel is not nsIPrivateBrowsingChannel and has no load...
by ma1 (＠ma1) 05 Aug '24

05 Aug '24

ma1 pushed to branch mullvad-browser-115.14.0esr-13.5-1 at The Tor Project / Applications / Mullvad Browser Commits: 9d8af849 by Timothy Nikkel at 2024-08-05T10:31:07+02:00 Bug 1899180. If a channel is not nsIPrivateBrowsingChannel and has no load context, use the private browsing field from it's origin attributes. r=necko-reviewers,anti-tracking-reviewers,valentin If the channel is not a nsIPrivateBrowsingChannel, and it also has no load context (eg inside svg images) then we will over write a non-zero mPrivateBrowsingId on the OriginAttributes of the channel with 0, making NS_UsePrivateBrowsing return false for the channel. Differential Revision: https://phabricator.services.mozilla.com/D212083 - - - - - 7f222f82 by Jon Coppeard at 2024-08-05T10:31:07+02:00 Bug 1904011 - Ignore finalized scripts when iterating code covarage tables r=iain Differential Revision: https://phabricator.services.mozilla.com/D214799 - - - - - 3 changed files: - js/src/gc/Zone.cpp - + js/src/jit-test/tests/debug/bug-1904011.js - toolkit/components/antitracking/StoragePrincipalHelper.cpp Changes: ===================================== js/src/gc/Zone.cpp ===================================== @@ -918,7 +918,13 @@ void Zone::clearScriptCounts(Realm* realm) { // Clear all hasScriptCounts_ flags of BaseScript, in order to release all // ScriptCounts entries of the given realm. for (auto i = scriptCountsMap->modIter(); !i.done(); i.next()) { - BaseScript* script = i.get().key(); + const HeapPtr<BaseScript*>& script = i.get().key(); + if (IsAboutToBeFinalized(script)) { + // Dead scripts may be present during incremental GC until script + // finalizers have been run. + continue; + } + if (script->realm() != realm) { continue; } @@ -939,7 +945,13 @@ void Zone::clearScriptLCov(Realm* realm) { } for (auto i = scriptLCovMap->modIter(); !i.done(); i.next()) { - BaseScript* script = i.get().key(); + const HeapPtr<BaseScript*>& script = i.get().key(); + if (IsAboutToBeFinalized(script)) { + // Dead scripts may be present during incremental GC until script + // finalizers have been run. + continue; + } + if (script->realm() == realm) { i.remove(); } ===================================== js/src/jit-test/tests/debug/bug-1904011.js ===================================== @@ -0,0 +1,15 @@ +// |jit-test| --fuzzing-safe; --ion-offthread-compile=off +gczeal(0); + +let g = newGlobal({newCompartment: true}); +let dbg = new Debugger(g); + +dbg.collectCoverageInfo = true; +g.eval("0"); + +// Start a GC in the debugger's zone and yield after sweeping objects. +schedulezone(g); +gczeal(22); +startgc(100); + +dbg.collectCoverageInfo = false; ===================================== toolkit/components/antitracking/StoragePrincipalHelper.cpp ===================================== @@ -445,7 +445,7 @@ bool StoragePrincipalHelper::GetOriginAttributes( nsCOMPtr<nsILoadInfo> loadInfo = aChannel->LoadInfo(); loadInfo->GetOriginAttributes(&aAttributes); - bool isPrivate = false; + bool isPrivate = aAttributes.mPrivateBrowsingId > 0; nsCOMPtr<nsIPrivateBrowsingChannel> pbChannel = do_QueryInterface(aChannel); if (pbChannel) { nsresult rv = pbChannel->GetIsChannelPrivate(&isPrivate); @@ -454,7 +454,9 @@ bool StoragePrincipalHelper::GetOriginAttributes( // Some channels may not implement nsIPrivateBrowsingChannel nsCOMPtr<nsILoadContext> loadContext; NS_QueryNotificationCallbacks(aChannel, loadContext); - isPrivate = loadContext && loadContext->UsePrivateBrowsing(); + if (loadContext) { + isPrivate = loadContext->UsePrivateBrowsing(); + } } aAttributes.SyncAttributesWithPrivateBrowsing(isPrivate); View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/compare/82… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/compare/82… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser] Pushed new tag base-browser-115.14.0esr-13.5-1-build2
by ma1 (＠ma1) 05 Aug '24

05 Aug '24

ma1 pushed new tag base-browser-115.14.0esr-13.5-1-build2 at The Tor Project / Applications / Tor Browser -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/tree/base-brow… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][base-browser-115.14.0esr-13.5-1] 2 commits: Bug 1899180. If a channel is not nsIPrivateBrowsingChannel and has no load...
by ma1 (＠ma1) 05 Aug '24

05 Aug '24

ma1 pushed to branch base-browser-115.14.0esr-13.5-1 at The Tor Project / Applications / Tor Browser Commits: 590ecd43 by Timothy Nikkel at 2024-08-05T10:25:19+02:00 Bug 1899180. If a channel is not nsIPrivateBrowsingChannel and has no load context, use the private browsing field from it's origin attributes. r=necko-reviewers,anti-tracking-reviewers,valentin If the channel is not a nsIPrivateBrowsingChannel, and it also has no load context (eg inside svg images) then we will over write a non-zero mPrivateBrowsingId on the OriginAttributes of the channel with 0, making NS_UsePrivateBrowsing return false for the channel. Differential Revision: https://phabricator.services.mozilla.com/D212083 - - - - - ded2e90d by Jon Coppeard at 2024-08-05T10:25:20+02:00 Bug 1904011 - Ignore finalized scripts when iterating code covarage tables r=iain Differential Revision: https://phabricator.services.mozilla.com/D214799 - - - - - 3 changed files: - js/src/gc/Zone.cpp - + js/src/jit-test/tests/debug/bug-1904011.js - toolkit/components/antitracking/StoragePrincipalHelper.cpp Changes: ===================================== js/src/gc/Zone.cpp ===================================== @@ -918,7 +918,13 @@ void Zone::clearScriptCounts(Realm* realm) { // Clear all hasScriptCounts_ flags of BaseScript, in order to release all // ScriptCounts entries of the given realm. for (auto i = scriptCountsMap->modIter(); !i.done(); i.next()) { - BaseScript* script = i.get().key(); + const HeapPtr<BaseScript*>& script = i.get().key(); + if (IsAboutToBeFinalized(script)) { + // Dead scripts may be present during incremental GC until script + // finalizers have been run. + continue; + } + if (script->realm() != realm) { continue; } @@ -939,7 +945,13 @@ void Zone::clearScriptLCov(Realm* realm) { } for (auto i = scriptLCovMap->modIter(); !i.done(); i.next()) { - BaseScript* script = i.get().key(); + const HeapPtr<BaseScript*>& script = i.get().key(); + if (IsAboutToBeFinalized(script)) { + // Dead scripts may be present during incremental GC until script + // finalizers have been run. + continue; + } + if (script->realm() == realm) { i.remove(); } ===================================== js/src/jit-test/tests/debug/bug-1904011.js ===================================== @@ -0,0 +1,15 @@ +// |jit-test| --fuzzing-safe; --ion-offthread-compile=off +gczeal(0); + +let g = newGlobal({newCompartment: true}); +let dbg = new Debugger(g); + +dbg.collectCoverageInfo = true; +g.eval("0"); + +// Start a GC in the debugger's zone and yield after sweeping objects. +schedulezone(g); +gczeal(22); +startgc(100); + +dbg.collectCoverageInfo = false; ===================================== toolkit/components/antitracking/StoragePrincipalHelper.cpp ===================================== @@ -445,7 +445,7 @@ bool StoragePrincipalHelper::GetOriginAttributes( nsCOMPtr<nsILoadInfo> loadInfo = aChannel->LoadInfo(); loadInfo->GetOriginAttributes(&aAttributes); - bool isPrivate = false; + bool isPrivate = aAttributes.mPrivateBrowsingId > 0; nsCOMPtr<nsIPrivateBrowsingChannel> pbChannel = do_QueryInterface(aChannel); if (pbChannel) { nsresult rv = pbChannel->GetIsChannelPrivate(&isPrivate); @@ -454,7 +454,9 @@ bool StoragePrincipalHelper::GetOriginAttributes( // Some channels may not implement nsIPrivateBrowsingChannel nsCOMPtr<nsILoadContext> loadContext; NS_QueryNotificationCallbacks(aChannel, loadContext); - isPrivate = loadContext && loadContext->UsePrivateBrowsing(); + if (loadContext) { + isPrivate = loadContext->UsePrivateBrowsing(); + } } aAttributes.SyncAttributesWithPrivateBrowsing(isPrivate); View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/compare/aa9b97… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/compare/aa9b97… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser] Pushed new tag tor-browser-115.14.0esr-13.5-1-build2
by ma1 (＠ma1) 05 Aug '24

05 Aug '24

ma1 pushed new tag tor-browser-115.14.0esr-13.5-1-build2 at The Tor Project / Applications / Tor Browser -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/tree/tor-brows… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][tor-browser-115.14.0esr-13.5-1] 2 commits: Bug 1899180. If a channel is not nsIPrivateBrowsingChannel and has no load...
by ma1 (＠ma1) 05 Aug '24

05 Aug '24

ma1 pushed to branch tor-browser-115.14.0esr-13.5-1 at The Tor Project / Applications / Tor Browser Commits: 76fd6391 by Timothy Nikkel at 2024-08-05T09:53:50+02:00 Bug 1899180. If a channel is not nsIPrivateBrowsingChannel and has no load context, use the private browsing field from it's origin attributes. r=necko-reviewers,anti-tracking-reviewers,valentin If the channel is not a nsIPrivateBrowsingChannel, and it also has no load context (eg inside svg images) then we will over write a non-zero mPrivateBrowsingId on the OriginAttributes of the channel with 0, making NS_UsePrivateBrowsing return false for the channel. Differential Revision: https://phabricator.services.mozilla.com/D212083 - - - - - e2d05e0a by Jon Coppeard at 2024-08-05T09:53:51+02:00 Bug 1904011 - Ignore finalized scripts when iterating code covarage tables r=iain Differential Revision: https://phabricator.services.mozilla.com/D214799 - - - - - 3 changed files: - js/src/gc/Zone.cpp - + js/src/jit-test/tests/debug/bug-1904011.js - toolkit/components/antitracking/StoragePrincipalHelper.cpp Changes: ===================================== js/src/gc/Zone.cpp ===================================== @@ -918,7 +918,13 @@ void Zone::clearScriptCounts(Realm* realm) { // Clear all hasScriptCounts_ flags of BaseScript, in order to release all // ScriptCounts entries of the given realm. for (auto i = scriptCountsMap->modIter(); !i.done(); i.next()) { - BaseScript* script = i.get().key(); + const HeapPtr<BaseScript*>& script = i.get().key(); + if (IsAboutToBeFinalized(script)) { + // Dead scripts may be present during incremental GC until script + // finalizers have been run. + continue; + } + if (script->realm() != realm) { continue; } @@ -939,7 +945,13 @@ void Zone::clearScriptLCov(Realm* realm) { } for (auto i = scriptLCovMap->modIter(); !i.done(); i.next()) { - BaseScript* script = i.get().key(); + const HeapPtr<BaseScript*>& script = i.get().key(); + if (IsAboutToBeFinalized(script)) { + // Dead scripts may be present during incremental GC until script + // finalizers have been run. + continue; + } + if (script->realm() == realm) { i.remove(); } ===================================== js/src/jit-test/tests/debug/bug-1904011.js ===================================== @@ -0,0 +1,15 @@ +// |jit-test| --fuzzing-safe; --ion-offthread-compile=off +gczeal(0); + +let g = newGlobal({newCompartment: true}); +let dbg = new Debugger(g); + +dbg.collectCoverageInfo = true; +g.eval("0"); + +// Start a GC in the debugger's zone and yield after sweeping objects. +schedulezone(g); +gczeal(22); +startgc(100); + +dbg.collectCoverageInfo = false; ===================================== toolkit/components/antitracking/StoragePrincipalHelper.cpp ===================================== @@ -445,7 +445,7 @@ bool StoragePrincipalHelper::GetOriginAttributes( nsCOMPtr<nsILoadInfo> loadInfo = aChannel->LoadInfo(); loadInfo->GetOriginAttributes(&aAttributes); - bool isPrivate = false; + bool isPrivate = aAttributes.mPrivateBrowsingId > 0; nsCOMPtr<nsIPrivateBrowsingChannel> pbChannel = do_QueryInterface(aChannel); if (pbChannel) { nsresult rv = pbChannel->GetIsChannelPrivate(&isPrivate); @@ -454,7 +454,9 @@ bool StoragePrincipalHelper::GetOriginAttributes( // Some channels may not implement nsIPrivateBrowsingChannel nsCOMPtr<nsILoadContext> loadContext; NS_QueryNotificationCallbacks(aChannel, loadContext); - isPrivate = loadContext && loadContext->UsePrivateBrowsing(); + if (loadContext) { + isPrivate = loadContext->UsePrivateBrowsing(); + } } aAttributes.SyncAttributesWithPrivateBrowsing(isPrivate); View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/compare/804813… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/compare/804813… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/mullvad-browser][mullvad-browser-115.14.0esr-13.5-1] Bug 42835: Create an actor to filter file data transfers
by ma1 (＠ma1) 05 Aug '24

05 Aug '24

ma1 pushed to branch mullvad-browser-115.14.0esr-13.5-1 at The Tor Project / Applications / Mullvad Browser Commits: 823e74d9 by hackademix at 2024-08-05T09:11:58+02:00 Bug 42835: Create an actor to filter file data transfers - - - - - 4 changed files: - + toolkit/actors/FilesFilterChild.sys.mjs - + toolkit/actors/FilesFilterParent.sys.mjs - toolkit/actors/moz.build - toolkit/modules/ActorManagerParent.sys.mjs Changes: ===================================== toolkit/actors/FilesFilterChild.sys.mjs ===================================== @@ -0,0 +1,61 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +const lazy = {}; + +ChromeUtils.defineLazyGetter(lazy, "console", () => { + return console.createInstance({ + prefix: "FilesFilter", + }); +}); + +export class FilesFilterChild extends JSWindowActorChild { + handleEvent(event) { + // drop or paste + const { composedTarget } = event; + const dt = event.clipboardData || event.dataTransfer; + + if (dt.files.length) { + if ( + ["HTMLInputElement", "HTMLTextAreaElement"].includes( + ChromeUtils.getClassName(composedTarget) + ) + ) { + event.preventDefault(); + lazy.console.log( + `Preventing path leak on ${event.type} for ${[...dt.files] + .map(f => f.name) + .join(", ")}.` + ); + } + return; + } + + // "Paste Without Formatting" (ctrl+shift+V) in HTML editors coerces files into paths + if (!(event.clipboardData && dt.getData("text"))) { + return; + } + + // check wether the clipboard contains a file + const { clipboard } = Services; + if ( + [clipboard.kSelectionClipboard, clipboard.kGlobalClipboard].some( + clipboardType => + clipboard.isClipboardTypeSupported(clipboardType) && + clipboard.hasDataMatchingFlavors( + ["application/x-moz-file"], + clipboardType + ) + ) + ) { + event.preventDefault(); + event.stopPropagation(); + lazy.console.log( + `Preventing path leak on "Paste Without Formatting" for ${dt.getData( + "text" + )}.` + ); + } + } +} ===================================== toolkit/actors/FilesFilterParent.sys.mjs ===================================== @@ -0,0 +1,7 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +export class FilesFilterParent extends JSWindowActorParent { + // just a stub for now +} ===================================== toolkit/actors/moz.build ===================================== @@ -55,6 +55,8 @@ FINAL_TARGET_FILES.actors += [ "DateTimePickerChild.sys.mjs", "DateTimePickerParent.sys.mjs", "ExtFindChild.sys.mjs", + "FilesFilterChild.sys.mjs", + "FilesFilterParent.sys.mjs", "FindBarChild.sys.mjs", "FindBarParent.sys.mjs", "FinderChild.sys.mjs", ===================================== toolkit/modules/ActorManagerParent.sys.mjs ===================================== @@ -244,6 +244,22 @@ let JSWINDOWACTORS = { allFrames: true, }, + FilesFilter: { + parent: { + esModuleURI: "resource://gre/actors/FilesFilterParent.sys.mjs", + }, + + child: { + esModuleURI: "resource://gre/actors/FilesFilterChild.sys.mjs", + events: { + drop: {}, + paste: { capture: true }, + }, + }, + + allFrames: true, + }, + FindBar: { parent: { esModuleURI: "resource://gre/actors/FindBarParent.sys.mjs", View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/commit/823… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/commit/823… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][base-browser-115.14.0esr-13.5-1] Bug 42835: Create an actor to filter file data transfers
by ma1 (＠ma1) 05 Aug '24

05 Aug '24

ma1 pushed to branch base-browser-115.14.0esr-13.5-1 at The Tor Project / Applications / Tor Browser Commits: aa9b979b by hackademix at 2024-08-05T09:09:37+02:00 Bug 42835: Create an actor to filter file data transfers - - - - - 4 changed files: - + toolkit/actors/FilesFilterChild.sys.mjs - + toolkit/actors/FilesFilterParent.sys.mjs - toolkit/actors/moz.build - toolkit/modules/ActorManagerParent.sys.mjs Changes: ===================================== toolkit/actors/FilesFilterChild.sys.mjs ===================================== @@ -0,0 +1,61 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +const lazy = {}; + +ChromeUtils.defineLazyGetter(lazy, "console", () => { + return console.createInstance({ + prefix: "FilesFilter", + }); +}); + +export class FilesFilterChild extends JSWindowActorChild { + handleEvent(event) { + // drop or paste + const { composedTarget } = event; + const dt = event.clipboardData || event.dataTransfer; + + if (dt.files.length) { + if ( + ["HTMLInputElement", "HTMLTextAreaElement"].includes( + ChromeUtils.getClassName(composedTarget) + ) + ) { + event.preventDefault(); + lazy.console.log( + `Preventing path leak on ${event.type} for ${[...dt.files] + .map(f => f.name) + .join(", ")}.` + ); + } + return; + } + + // "Paste Without Formatting" (ctrl+shift+V) in HTML editors coerces files into paths + if (!(event.clipboardData && dt.getData("text"))) { + return; + } + + // check wether the clipboard contains a file + const { clipboard } = Services; + if ( + [clipboard.kSelectionClipboard, clipboard.kGlobalClipboard].some( + clipboardType => + clipboard.isClipboardTypeSupported(clipboardType) && + clipboard.hasDataMatchingFlavors( + ["application/x-moz-file"], + clipboardType + ) + ) + ) { + event.preventDefault(); + event.stopPropagation(); + lazy.console.log( + `Preventing path leak on "Paste Without Formatting" for ${dt.getData( + "text" + )}.` + ); + } + } +} ===================================== toolkit/actors/FilesFilterParent.sys.mjs ===================================== @@ -0,0 +1,7 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +export class FilesFilterParent extends JSWindowActorParent { + // just a stub for now +} ===================================== toolkit/actors/moz.build ===================================== @@ -55,6 +55,8 @@ FINAL_TARGET_FILES.actors += [ "DateTimePickerChild.sys.mjs", "DateTimePickerParent.sys.mjs", "ExtFindChild.sys.mjs", + "FilesFilterChild.sys.mjs", + "FilesFilterParent.sys.mjs", "FindBarChild.sys.mjs", "FindBarParent.sys.mjs", "FinderChild.sys.mjs", ===================================== toolkit/modules/ActorManagerParent.sys.mjs ===================================== @@ -244,6 +244,22 @@ let JSWINDOWACTORS = { allFrames: true, }, + FilesFilter: { + parent: { + esModuleURI: "resource://gre/actors/FilesFilterParent.sys.mjs", + }, + + child: { + esModuleURI: "resource://gre/actors/FilesFilterChild.sys.mjs", + events: { + drop: {}, + paste: { capture: true }, + }, + }, + + allFrames: true, + }, + FindBar: { parent: { esModuleURI: "resource://gre/actors/FindBarParent.sys.mjs", View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/aa9b979… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/aa9b979… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][tor-browser-115.14.0esr-13.5-1] Bug 42835: Create an actor to filter file data transfers
by ma1 (＠ma1) 05 Aug '24

05 Aug '24

ma1 pushed to branch tor-browser-115.14.0esr-13.5-1 at The Tor Project / Applications / Tor Browser Commits: 8048130a by hackademix at 2024-08-05T09:05:32+02:00 Bug 42835: Create an actor to filter file data transfers - - - - - 4 changed files: - + toolkit/actors/FilesFilterChild.sys.mjs - + toolkit/actors/FilesFilterParent.sys.mjs - toolkit/actors/moz.build - toolkit/modules/ActorManagerParent.sys.mjs Changes: ===================================== toolkit/actors/FilesFilterChild.sys.mjs ===================================== @@ -0,0 +1,61 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +const lazy = {}; + +ChromeUtils.defineLazyGetter(lazy, "console", () => { + return console.createInstance({ + prefix: "FilesFilter", + }); +}); + +export class FilesFilterChild extends JSWindowActorChild { + handleEvent(event) { + // drop or paste + const { composedTarget } = event; + const dt = event.clipboardData || event.dataTransfer; + + if (dt.files.length) { + if ( + ["HTMLInputElement", "HTMLTextAreaElement"].includes( + ChromeUtils.getClassName(composedTarget) + ) + ) { + event.preventDefault(); + lazy.console.log( + `Preventing path leak on ${event.type} for ${[...dt.files] + .map(f => f.name) + .join(", ")}.` + ); + } + return; + } + + // "Paste Without Formatting" (ctrl+shift+V) in HTML editors coerces files into paths + if (!(event.clipboardData && dt.getData("text"))) { + return; + } + + // check wether the clipboard contains a file + const { clipboard } = Services; + if ( + [clipboard.kSelectionClipboard, clipboard.kGlobalClipboard].some( + clipboardType => + clipboard.isClipboardTypeSupported(clipboardType) && + clipboard.hasDataMatchingFlavors( + ["application/x-moz-file"], + clipboardType + ) + ) + ) { + event.preventDefault(); + event.stopPropagation(); + lazy.console.log( + `Preventing path leak on "Paste Without Formatting" for ${dt.getData( + "text" + )}.` + ); + } + } +} ===================================== toolkit/actors/FilesFilterParent.sys.mjs ===================================== @@ -0,0 +1,7 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +export class FilesFilterParent extends JSWindowActorParent { + // just a stub for now +} ===================================== toolkit/actors/moz.build ===================================== @@ -55,6 +55,8 @@ FINAL_TARGET_FILES.actors += [ "DateTimePickerChild.sys.mjs", "DateTimePickerParent.sys.mjs", "ExtFindChild.sys.mjs", + "FilesFilterChild.sys.mjs", + "FilesFilterParent.sys.mjs", "FindBarChild.sys.mjs", "FindBarParent.sys.mjs", "FinderChild.sys.mjs", ===================================== toolkit/modules/ActorManagerParent.sys.mjs ===================================== @@ -244,6 +244,22 @@ let JSWINDOWACTORS = { allFrames: true, }, + FilesFilter: { + parent: { + esModuleURI: "resource://gre/actors/FilesFilterParent.sys.mjs", + }, + + child: { + esModuleURI: "resource://gre/actors/FilesFilterChild.sys.mjs", + events: { + drop: {}, + paste: { capture: true }, + }, + }, + + allFrames: true, + }, + FindBar: { parent: { esModuleURI: "resource://gre/actors/FindBarParent.sys.mjs", View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/8048130… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/8048130… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser-build][main] Bug 41203: Tor Blog generation script uses the wrong url scheme for alpha releases
by boklm (＠boklm) 03 Aug '24

03 Aug '24

boklm pushed to branch main at The Tor Project / Applications / tor-browser-build Commits: ce7944ec by Morgan at 2024-08-01T18:36:58+00:00 Bug 41203: Tor Blog generation script uses the wrong url scheme for alpha releases - - - - - 1 changed file: - tools/signing/create-blog-post Changes: ===================================== tools/signing/create-blog-post ===================================== @@ -9,31 +9,27 @@ var_is_defined blog_publish_user blog_directory content_dir="$blog_directory/content/blog" test -d "$content_dir" || exit_error "$content_dir is not a direcotry" -blog_dir="$content_dir/new-release-tor-browser-"$(echo $tbb_version | sed 's/\.//g') - -test -d "$blog_dir" && exit_error "$blog_dir already exists" - -mkdir "$blog_dir" -echo "Created directory $blog_dir" - if test "$tbb_version_type" = "release" then + blog_dir_base="new-release-tor-browser" lead=../../../assets/static/images/blog/tor-browser-stable.png -else - lead=../../../assets/static/images/blog/tor-browser-alpha.png -fi -ln -s "$lead" "$blog_dir/lead.png" -echo "Created $blog_dir/lead.png -> $lead" - - -if test "$tbb_version_type" = "release" -then title="New Release: Tor Browser $tbb_version" download_page='https://www.torproject.org/download/' else + blog_dir_base="new-alpha-release-tor-browser" + lead=../../../assets/static/images/blog/tor-browser-alpha.png title="New Alpha Release: Tor Browser $tbb_version" download_page='https://www.torproject.org/download/alpha/' fi +blog_dir="$content_dir/$blog_dir_base-"$(echo $tbb_version | sed 's/\.//g') + +test -d "$blog_dir" && exit_error "$blog_dir already exists" + +mkdir "$blog_dir" +echo "Created directory $blog_dir" + +ln -s "$lead" "$blog_dir/lead.png" +echo "Created $blog_dir/lead.png -> $lead" contents_lr="$blog_dir/contents.lr" cat > "$contents_lr" << EOF View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/c… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/c… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/mullvad-browser][mullvad-browser-128.1.0esr-14.0-1] Bug 42835: Create an actor to filter file data transfers
by ma1 (＠ma1) 02 Aug '24

02 Aug '24

ma1 pushed to branch mullvad-browser-128.1.0esr-14.0-1 at The Tor Project / Applications / Mullvad Browser Commits: dccbed9e by hackademix at 2024-08-02T22:26:22+02:00 Bug 42835: Create an actor to filter file data transfers - - - - - 4 changed files: - + toolkit/actors/FilesFilterChild.sys.mjs - + toolkit/actors/FilesFilterParent.sys.mjs - toolkit/actors/moz.build - toolkit/modules/ActorManagerParent.sys.mjs Changes: ===================================== toolkit/actors/FilesFilterChild.sys.mjs ===================================== @@ -0,0 +1,61 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +const lazy = {}; + +ChromeUtils.defineLazyGetter(lazy, "console", () => { + return console.createInstance({ + prefix: "FilesFilter", + }); +}); + +export class FilesFilterChild extends JSWindowActorChild { + handleEvent(event) { + // drop or paste + const { composedTarget } = event; + const dt = event.clipboardData || event.dataTransfer; + + if (dt.files.length) { + if ( + ["HTMLInputElement", "HTMLTextAreaElement"].includes( + ChromeUtils.getClassName(composedTarget) + ) + ) { + event.preventDefault(); + lazy.console.log( + `Preventing path leak on ${event.type} for ${[...dt.files] + .map(f => f.name) + .join(", ")}.` + ); + } + return; + } + + // "Paste Without Formatting" (ctrl+shift+V) in HTML editors coerces files into paths + if (!(event.clipboardData && dt.getData("text"))) { + return; + } + + // check wether the clipboard contains a file + const { clipboard } = Services; + if ( + [clipboard.kSelectionClipboard, clipboard.kGlobalClipboard].some( + clipboardType => + clipboard.isClipboardTypeSupported(clipboardType) && + clipboard.hasDataMatchingFlavors( + ["application/x-moz-file"], + clipboardType + ) + ) + ) { + event.preventDefault(); + event.stopPropagation(); + lazy.console.log( + `Preventing path leak on "Paste Without Formatting" for ${dt.getData( + "text" + )}.` + ); + } + } +} ===================================== toolkit/actors/FilesFilterParent.sys.mjs ===================================== @@ -0,0 +1,7 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +export class FilesFilterParent extends JSWindowActorParent { + // just a stub for now +} ===================================== toolkit/actors/moz.build ===================================== @@ -53,6 +53,8 @@ FINAL_TARGET_FILES.actors += [ "DateTimePickerChild.sys.mjs", "DateTimePickerParent.sys.mjs", "ExtFindChild.sys.mjs", + "FilesFilterChild.sys.mjs", + "FilesFilterParent.sys.mjs", "FindBarChild.sys.mjs", "FindBarParent.sys.mjs", "FinderChild.sys.mjs", ===================================== toolkit/modules/ActorManagerParent.sys.mjs ===================================== @@ -285,6 +285,22 @@ let JSWINDOWACTORS = { allFrames: true, }, + FilesFilter: { + parent: { + esModuleURI: "resource://gre/actors/FilesFilterParent.sys.mjs", + }, + + child: { + esModuleURI: "resource://gre/actors/FilesFilterChild.sys.mjs", + events: { + drop: {}, + paste: { capture: true }, + }, + }, + + allFrames: true, + }, + FindBar: { parent: { esModuleURI: "resource://gre/actors/FindBarParent.sys.mjs", View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/commit/dcc… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/commit/dcc… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][base-browser-128.1.0esr-14.0-1] Bug 42835: Create an actor to filter file data transfers
by ma1 (＠ma1) 02 Aug '24

02 Aug '24

ma1 pushed to branch base-browser-128.1.0esr-14.0-1 at The Tor Project / Applications / Tor Browser Commits: ac2dbd4d by hackademix at 2024-08-02T22:23:38+02:00 Bug 42835: Create an actor to filter file data transfers - - - - - 4 changed files: - + toolkit/actors/FilesFilterChild.sys.mjs - + toolkit/actors/FilesFilterParent.sys.mjs - toolkit/actors/moz.build - toolkit/modules/ActorManagerParent.sys.mjs Changes: ===================================== toolkit/actors/FilesFilterChild.sys.mjs ===================================== @@ -0,0 +1,61 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +const lazy = {}; + +ChromeUtils.defineLazyGetter(lazy, "console", () => { + return console.createInstance({ + prefix: "FilesFilter", + }); +}); + +export class FilesFilterChild extends JSWindowActorChild { + handleEvent(event) { + // drop or paste + const { composedTarget } = event; + const dt = event.clipboardData || event.dataTransfer; + + if (dt.files.length) { + if ( + ["HTMLInputElement", "HTMLTextAreaElement"].includes( + ChromeUtils.getClassName(composedTarget) + ) + ) { + event.preventDefault(); + lazy.console.log( + `Preventing path leak on ${event.type} for ${[...dt.files] + .map(f => f.name) + .join(", ")}.` + ); + } + return; + } + + // "Paste Without Formatting" (ctrl+shift+V) in HTML editors coerces files into paths + if (!(event.clipboardData && dt.getData("text"))) { + return; + } + + // check wether the clipboard contains a file + const { clipboard } = Services; + if ( + [clipboard.kSelectionClipboard, clipboard.kGlobalClipboard].some( + clipboardType => + clipboard.isClipboardTypeSupported(clipboardType) && + clipboard.hasDataMatchingFlavors( + ["application/x-moz-file"], + clipboardType + ) + ) + ) { + event.preventDefault(); + event.stopPropagation(); + lazy.console.log( + `Preventing path leak on "Paste Without Formatting" for ${dt.getData( + "text" + )}.` + ); + } + } +} ===================================== toolkit/actors/FilesFilterParent.sys.mjs ===================================== @@ -0,0 +1,7 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +export class FilesFilterParent extends JSWindowActorParent { + // just a stub for now +} ===================================== toolkit/actors/moz.build ===================================== @@ -53,6 +53,8 @@ FINAL_TARGET_FILES.actors += [ "DateTimePickerChild.sys.mjs", "DateTimePickerParent.sys.mjs", "ExtFindChild.sys.mjs", + "FilesFilterChild.sys.mjs", + "FilesFilterParent.sys.mjs", "FindBarChild.sys.mjs", "FindBarParent.sys.mjs", "FinderChild.sys.mjs", ===================================== toolkit/modules/ActorManagerParent.sys.mjs ===================================== @@ -285,6 +285,22 @@ let JSWINDOWACTORS = { allFrames: true, }, + FilesFilter: { + parent: { + esModuleURI: "resource://gre/actors/FilesFilterParent.sys.mjs", + }, + + child: { + esModuleURI: "resource://gre/actors/FilesFilterChild.sys.mjs", + events: { + drop: {}, + paste: { capture: true }, + }, + }, + + allFrames: true, + }, + FindBar: { parent: { esModuleURI: "resource://gre/actors/FindBarParent.sys.mjs", View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/ac2dbd4… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/ac2dbd4… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][tor-browser-128.1.0esr-14.0-1] Bug 42835: Create an actor to filter file data transfers
by ma1 (＠ma1) 02 Aug '24

02 Aug '24

ma1 pushed to branch tor-browser-128.1.0esr-14.0-1 at The Tor Project / Applications / Tor Browser Commits: 693e125e by hackademix at 2024-08-01T16:28:30+02:00 Bug 42835: Create an actor to filter file data transfers - - - - - 4 changed files: - + toolkit/actors/FilesFilterChild.sys.mjs - + toolkit/actors/FilesFilterParent.sys.mjs - toolkit/actors/moz.build - toolkit/modules/ActorManagerParent.sys.mjs Changes: ===================================== toolkit/actors/FilesFilterChild.sys.mjs ===================================== @@ -0,0 +1,61 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +const lazy = {}; + +ChromeUtils.defineLazyGetter(lazy, "console", () => { + return console.createInstance({ + prefix: "FilesFilter", + }); +}); + +export class FilesFilterChild extends JSWindowActorChild { + handleEvent(event) { + // drop or paste + const { composedTarget } = event; + const dt = event.clipboardData || event.dataTransfer; + + if (dt.files.length) { + if ( + ["HTMLInputElement", "HTMLTextAreaElement"].includes( + ChromeUtils.getClassName(composedTarget) + ) + ) { + event.preventDefault(); + lazy.console.log( + `Preventing path leak on ${event.type} for ${[...dt.files] + .map(f => f.name) + .join(", ")}.` + ); + } + return; + } + + // "Paste Without Formatting" (ctrl+shift+V) in HTML editors coerces files into paths + if (!(event.clipboardData && dt.getData("text"))) { + return; + } + + // check wether the clipboard contains a file + const { clipboard } = Services; + if ( + [clipboard.kSelectionClipboard, clipboard.kGlobalClipboard].some( + clipboardType => + clipboard.isClipboardTypeSupported(clipboardType) && + clipboard.hasDataMatchingFlavors( + ["application/x-moz-file"], + clipboardType + ) + ) + ) { + event.preventDefault(); + event.stopPropagation(); + lazy.console.log( + `Preventing path leak on "Paste Without Formatting" for ${dt.getData( + "text" + )}.` + ); + } + } +} ===================================== toolkit/actors/FilesFilterParent.sys.mjs ===================================== @@ -0,0 +1,7 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +export class FilesFilterParent extends JSWindowActorParent { + // just a stub for now +} ===================================== toolkit/actors/moz.build ===================================== @@ -53,6 +53,8 @@ FINAL_TARGET_FILES.actors += [ "DateTimePickerChild.sys.mjs", "DateTimePickerParent.sys.mjs", "ExtFindChild.sys.mjs", + "FilesFilterChild.sys.mjs", + "FilesFilterParent.sys.mjs", "FindBarChild.sys.mjs", "FindBarParent.sys.mjs", "FinderChild.sys.mjs", ===================================== toolkit/modules/ActorManagerParent.sys.mjs ===================================== @@ -285,6 +285,22 @@ let JSWINDOWACTORS = { allFrames: true, }, + FilesFilter: { + parent: { + esModuleURI: "resource://gre/actors/FilesFilterParent.sys.mjs", + }, + + child: { + esModuleURI: "resource://gre/actors/FilesFilterChild.sys.mjs", + events: { + drop: {}, + paste: { capture: true }, + }, + }, + + allFrames: true, + }, + FindBar: { parent: { esModuleURI: "resource://gre/actors/FindBarParent.sys.mjs", View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/693e125… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/693e125… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser-update-responses][main] alpha: disable macOS updates for now
by boklm (＠boklm) 01 Aug '24

01 Aug '24

boklm pushed to branch main at The Tor Project / Applications / Tor Browser update responses Commits: b5c9cf63 by Nicolas Vigier at 2024-08-01T11:59:18+02:00 alpha: disable macOS updates for now - - - - - 1 changed file: - update_3/alpha/.htaccess Changes: ===================================== update_3/alpha/.htaccess ===================================== @@ -13,16 +13,8 @@ RewriteRule ^Linux_x86_64-gcc3/13.5a8/ALL 13.5a8-14.0a1-linux-x86_64-ALL.xml [la RewriteRule ^Linux_x86_64-gcc3/13.5a9/ALL 13.5a9-14.0a1-linux-x86_64-ALL.xml [last] RewriteRule ^Linux_x86_64-gcc3/[^/]+/ALL 14.0a1-linux-x86_64-ALL.xml [last] RewriteRule ^Linux_x86_64-gcc3/ 14.0a1-linux-x86_64-ALL.xml [last] -RewriteRule ^Darwin_x86_64-gcc3/13.5a7/ALL 13.5a7-14.0a1-macos-ALL.xml [last] -RewriteRule ^Darwin_x86_64-gcc3/13.5a8/ALL 13.5a8-14.0a1-macos-ALL.xml [last] -RewriteRule ^Darwin_x86_64-gcc3/13.5a9/ALL 13.5a9-14.0a1-macos-ALL.xml [last] -RewriteRule ^Darwin_x86_64-gcc3/[^/]+/ALL 14.0a1-macos-ALL.xml [last] -RewriteRule ^Darwin_x86_64-gcc3/ 14.0a1-macos-ALL.xml [last] -RewriteRule ^Darwin_aarch64-gcc3/13.5a7/ALL 13.5a7-14.0a1-macos-ALL.xml [last] -RewriteRule ^Darwin_aarch64-gcc3/13.5a8/ALL 13.5a8-14.0a1-macos-ALL.xml [last] -RewriteRule ^Darwin_aarch64-gcc3/13.5a9/ALL 13.5a9-14.0a1-macos-ALL.xml [last] -RewriteRule ^Darwin_aarch64-gcc3/[^/]+/ALL 14.0a1-macos-ALL.xml [last] -RewriteRule ^Darwin_aarch64-gcc3/ 14.0a1-macos-ALL.xml [last] +RewriteRule ^Darwin_x86_64-gcc3/ no-update.xml [last] +RewriteRule ^Darwin_aarch64-gcc3/ no-update.xml [last] RewriteRule ^WINNT_x86-gcc3/13.5a7/ALL 13.5a7-14.0a1-windows-i686-ALL.xml [last] RewriteRule ^WINNT_x86-gcc3/13.5a8/ALL 13.5a8-14.0a1-windows-i686-ALL.xml [last] RewriteRule ^WINNT_x86-gcc3/13.5a9/ALL 13.5a9-14.0a1-windows-i686-ALL.xml [last] View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-update-responses… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-update-responses… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/mullvad-browser] Pushed new tag mullvad-browser-128.1.0esr-14.0-1-build1
by Pier Angelo Vendrame (＠pierov) 31 Jul '24

31 Jul '24

Pier Angelo Vendrame pushed new tag mullvad-browser-128.1.0esr-14.0-1-build1 at The Tor Project / Applications / Mullvad Browser -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/tree/mullv… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/mullvad-browser] Pushed new tag mullvad-browser-115.14.0esr-13.5-1-build1
by Pier Angelo Vendrame (＠pierov) 31 Jul '24

31 Jul '24

Pier Angelo Vendrame pushed new tag mullvad-browser-115.14.0esr-13.5-1-build1 at The Tor Project / Applications / Mullvad Browser -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/tree/mullv… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/mullvad-browser][mullvad-browser-115.14.0esr-13.5-1] 21 commits: MB 38: Mullvad Browser configuration
by Pier Angelo Vendrame (＠pierov) 31 Jul '24

31 Jul '24

Pier Angelo Vendrame pushed to branch mullvad-browser-115.14.0esr-13.5-1 at The Tor Project / Applications / Mullvad Browser Commits: ae46ad81 by Pier Angelo Vendrame at 2024-07-31T20:08:08+02:00 MB 38: Mullvad Browser configuration - - - - - d86b5952 by Pier Angelo Vendrame at 2024-07-31T20:08:09+02:00 MB 1: Mullvad Browser branding See also: mullvad-browser#5: Product name and directory customization mullvad-browser#12: Create new branding directories and integrate Mullvad icons+branding mullvad-browser#14: Remove Default Built-in bookmarks mullvad-browser#35: Add custom PDF icons for Windows builds mullvad-browser#48: Replace Mozilla copyright and legal trademarks in mullvadbrowser.exe metadata mullvad-browser#51: Update trademark string mullvad-browser#104: Update shipped dll metadata copyright/licensing info mullvad-browser#107: Add alpha and nightly icons - - - - - 73092cde by Pier Angelo Vendrame at 2024-07-31T20:08:09+02:00 MB 20: Allow packaged-addons in PBM. We install a few addons from the distribution directory, but they are not automatically enabled for PBM mode. This commit modifies the code that installs them to also add the PBM permission to the known ones. - - - - - dfe910b2 by Pier Angelo Vendrame at 2024-07-31T20:08:10+02:00 MB 63: Customize some about pages for Mullvad Browser Also: mullvad-browser#57: Purge unneeded about: pages - - - - - 86156a35 by Pier Angelo Vendrame at 2024-07-31T20:08:10+02:00 MB 37: Customization for the about dialog - - - - - bd891acb by Henry Wilkes at 2024-07-31T20:08:10+02:00 MB 39: Add home page about:mullvad-browser - - - - - 5dafaed9 by hackademix at 2024-07-31T20:08:11+02:00 MB 97: Remove UI cues to install new extensions. - - - - - d3ba60f8 by hackademix at 2024-07-31T20:08:11+02:00 MB 47: uBlock Origin customization - - - - - e8419660 by Pier Angelo Vendrame at 2024-07-31T20:08:11+02:00 MB 21: Disable the password manager This commit disables the about:login page and removes the "Login and Password" section of about:preferences. We do not do anything to the real password manager of Firefox, that is in toolkit: it contains C++ parts that make it difficult to actually prevent it from being built.. Finally, we modify the the function that opens about:login to report an error in the console so that we can quickly get a backtrace to the code that tries to use it. - - - - - be92e9d0 by Pier Angelo Vendrame at 2024-07-31T20:08:12+02:00 MB 112: Updater customization for Mullvad Browser MB 71: Set the updater base URL to Mullvad domain - - - - - 0322b2c4 by Nicolas Vigier at 2024-07-31T20:08:12+02:00 MB 79: Add Mullvad Browser MAR signing keys MB 256: Add mullvad-browser nightly mar signing key - - - - - 2946ab36 by Pier Angelo Vendrame at 2024-07-31T20:08:12+02:00 MB 34: Hide unsafe and unwanted preferences UI about:preferences allow to override some of our defaults, that could be fingeprintable or have some other unwanted consequences. - - - - - e5d11b10 by Pier Angelo Vendrame at 2024-07-31T20:08:13+02:00 MB 160: Disable the cookie exceptions button Besides disabling the "Delete on close checkbox", disable also the "Manage Exceptions" button when always using PBM. - - - - - c5c923bb by hackademix at 2024-07-31T20:08:13+02:00 MB 163: prevent uBlock Origin from being uninstalled/disabled - - - - - 5df93fc3 by Richard Pospesel at 2024-07-31T20:08:13+02:00 MB 188: Customize Gitlab Issue and Merge templates - - - - - 6829401c by rui hildt at 2024-07-31T20:08:14+02:00 MB 213: Customize the search engines list - - - - - e05e563e by hackademix at 2024-07-31T20:08:14+02:00 MB 214: Enable cross-tab identity leak protection in "quiet" mode - - - - - 5a1999d0 by Pier Angelo Vendrame at 2024-07-31T20:08:14+02:00 MB 234: Disable OS spoofing in HTTP User-Agent. This commits makes it possible to disable OS spoofing in the HTTP User-Agent header, to see if matching header and JS property improve usability. - - - - - cff0c3c8 by Pier Angelo Vendrame at 2024-07-31T20:08:14+02:00 MB 80: Enable Mullvad Browser as a default browser - - - - - 4a818cac by Dan Ballard at 2024-07-31T20:08:15+02:00 MB 290: Add default bookmarks in alpha channel for testing - - - - - ce77507b by june wilde at 2024-07-31T20:08:15+02:00 MB 305: Disable setting default browser on Windows Until we can pull in upstream changes to fix breakage in setting the Mullvad Browser as default in Windows 10/11 we're disabling the ability to do so via about:preferences as well as via the startup query dialog - - - - - 30 changed files: - .gitlab/issue_templates/Emergency Security Issue.md - + .gitlab/issue_templates/Rebase Browser - Alpha.md - + .gitlab/issue_templates/Rebase Browser - Stable.md - .gitlab/merge_request_templates/default.md - browser/app/Makefile.in - browser/app/macbuild/Contents/Info.plist.in - browser/app/module.ver - browser/app/firefox.exe.manifest → browser/app/mullvadbrowser.exe.manifest - + browser/app/profile/000-mullvad-browser.js - browser/app/profile/001-base-profile.js - browser/base/content/aboutDialog.xhtml - browser/base/content/appmenu-viewcache.inc.xhtml - browser/base/content/browser-menubar.inc - browser/base/content/browser-places.js - browser/base/content/browser.js - browser/base/content/default-bookmarks.html - browser/base/content/nsContextMenu.js - browser/base/content/overrides/app-license.html - browser/base/content/pageinfo/pageInfo.xhtml - browser/base/content/utilityOverlay.js - browser/branding/branding-common.mozbuild - + browser/branding/mb-alpha/VisualElements_150.png - + browser/branding/mb-alpha/VisualElements_70.png - + browser/branding/mb-alpha/configure.sh - + browser/branding/mb-alpha/content/about-logo.png - + browser/branding/mb-alpha/content/about-logo.svg - + browser/branding/mb-alpha/content/about-logo(a)2x.png - + browser/branding/mb-alpha/content/about-wordmark.svg - + browser/branding/mb-alpha/content/about.png - + browser/branding/mb-alpha/content/aboutDialog.css The diff was not included because it is too large. View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/compare/87… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/compare/87… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/mullvad-browser][mullvad-browser-128.1.0esr-14.0-1] 29 commits: MB 38: Mullvad Browser configuration
by Pier Angelo Vendrame (＠pierov) 31 Jul '24

31 Jul '24

Pier Angelo Vendrame pushed to branch mullvad-browser-128.1.0esr-14.0-1 at The Tor Project / Applications / Mullvad Browser Commits: db4b47f7 by Pier Angelo Vendrame at 2024-07-31T19:55:48+02:00 MB 38: Mullvad Browser configuration - - - - - f76d7d0d by Pier Angelo Vendrame at 2024-07-31T19:55:51+02:00 MB 1: Mullvad Browser branding See also: mullvad-browser#5: Product name and directory customization mullvad-browser#12: Create new branding directories and integrate Mullvad icons+branding mullvad-browser#14: Remove Default Built-in bookmarks mullvad-browser#35: Add custom PDF icons for Windows builds mullvad-browser#48: Replace Mozilla copyright and legal trademarks in mullvadbrowser.exe metadata mullvad-browser#51: Update trademark string mullvad-browser#104: Update shipped dll metadata copyright/licensing info mullvad-browser#107: Add alpha and nightly icons - - - - - 1afd7a47 by Beatriz Rizental at 2024-07-31T19:55:51+02:00 fixup! MB 1: Mullvad Browser branding - - - - - 223d8eb1 by Pier Angelo Vendrame at 2024-07-31T19:55:52+02:00 MB 20: Allow packaged-addons in PBM. We install a few addons from the distribution directory, but they are not automatically enabled for PBM mode. This commit modifies the code that installs them to also add the PBM permission to the known ones. - - - - - b6836348 by Pier Angelo Vendrame at 2024-07-31T19:55:52+02:00 MB 63: Customize some about pages for Mullvad Browser Also: mullvad-browser#57: Purge unneeded about: pages - - - - - 53a7a70b by Beatriz Rizental at 2024-07-31T19:55:52+02:00 fixup! MB 63: Customize some about pages for Mullvad Browser - - - - - ef48bd70 by Pier Angelo Vendrame at 2024-07-31T19:55:53+02:00 MB 37: Customization for the about dialog - - - - - 3861b9af by Beatriz Rizental at 2024-07-31T19:55:53+02:00 fixup! MB 37: Customization for the about dialog - - - - - be118d33 by Henry Wilkes at 2024-07-31T19:55:53+02:00 MB 39: Add home page about:mullvad-browser - - - - - 824a5ffe by Beatriz Rizental at 2024-07-31T19:55:54+02:00 fixup! MB 39: Add home page about:mullvad-browser - - - - - 80158b59 by hackademix at 2024-07-31T19:55:54+02:00 MB 97: Remove UI cues to install new extensions. - - - - - f8f024fe by hackademix at 2024-07-31T19:55:54+02:00 MB 47: uBlock Origin customization - - - - - e4da8b52 by Beatriz Rizental at 2024-07-31T19:55:55+02:00 fixup! MB 47: uBlock Origin customization - - - - - 84f0ca0e by Pier Angelo Vendrame at 2024-07-31T19:55:55+02:00 MB 21: Disable the password manager This commit disables the about:login page and removes the "Login and Password" section of about:preferences. We do not do anything to the real password manager of Firefox, that is in toolkit: it contains C++ parts that make it difficult to actually prevent it from being built.. Finally, we modify the the function that opens about:login to report an error in the console so that we can quickly get a backtrace to the code that tries to use it. - - - - - fa8d300f by Beatriz Rizental at 2024-07-31T19:55:56+02:00 fixup! MB 21: Disable the password manager - - - - - 11c36b99 by Pier Angelo Vendrame at 2024-07-31T19:55:56+02:00 MB 112: Updater customization for Mullvad Browser MB 71: Set the updater base URL to Mullvad domain - - - - - 8f961535 by Beatriz Rizental at 2024-07-31T19:55:56+02:00 fixup! MB 112: Updater customization for Mullvad Browser - - - - - c7e4b8cc by Nicolas Vigier at 2024-07-31T19:55:57+02:00 MB 79: Add Mullvad Browser MAR signing keys MB 256: Add mullvad-browser nightly mar signing key - - - - - a277fb1d by Pier Angelo Vendrame at 2024-07-31T19:55:57+02:00 MB 34: Hide unsafe and unwanted preferences UI about:preferences allow to override some of our defaults, that could be fingeprintable or have some other unwanted consequences. - - - - - 2e307143 by Pier Angelo Vendrame at 2024-07-31T19:55:57+02:00 MB 160: Disable the cookie exceptions button Besides disabling the "Delete on close checkbox", disable also the "Manage Exceptions" button when always using PBM. - - - - - 7f940483 by hackademix at 2024-07-31T19:55:58+02:00 MB 163: prevent uBlock Origin from being uninstalled/disabled - - - - - 70d1050d by Richard Pospesel at 2024-07-31T19:55:58+02:00 MB 188: Customize Gitlab Issue and Merge templates - - - - - 75efec8b by rui hildt at 2024-07-31T19:55:58+02:00 MB 213: Customize the search engines list - - - - - 3b49d49c by Beatriz Rizental at 2024-07-31T19:55:59+02:00 fixup! MB 213: Customize the search engines list - - - - - 73004955 by hackademix at 2024-07-31T19:55:59+02:00 MB 214: Enable cross-tab identity leak protection in "quiet" mode - - - - - 34e4ba97 by Pier Angelo Vendrame at 2024-07-31T19:55:59+02:00 MB 234: Disable OS spoofing in HTTP User-Agent. This commits makes it possible to disable OS spoofing in the HTTP User-Agent header, to see if matching header and JS property improve usability. - - - - - 0d85eb74 by Pier Angelo Vendrame at 2024-07-31T19:56:00+02:00 MB 80: Enable Mullvad Browser as a default browser - - - - - 1b5b0947 by Beatriz Rizental at 2024-07-31T19:56:00+02:00 fixup! MB 80: Enable Mullvad Browser as a default browser - - - - - 18d97c67 by Pier Angelo Vendrame at 2024-07-31T19:56:00+02:00 MB 320: Temporarily disable WebRTC and WDBA on Windows. WebRTC should be re-enabled when tor-browser#42758 is resolved, and and the default browser agent when in general we make this feature work again. - - - - - 30 changed files: - .gitlab/issue_templates/Emergency Security Issue.md - + .gitlab/issue_templates/Rebase Browser - Alpha.md - + .gitlab/issue_templates/Rebase Browser - Stable.md - .gitlab/merge_request_templates/default.md - browser/app/Makefile.in - browser/app/macbuild/Contents/Info.plist.in - browser/app/module.ver - browser/app/firefox.exe.manifest → browser/app/mullvadbrowser.exe.manifest - + browser/app/profile/000-mullvad-browser.js - browser/app/profile/001-base-profile.js - browser/base/content/aboutDialog.xhtml - browser/base/content/appmenu-viewcache.inc.xhtml - browser/base/content/browser-menubar.inc - browser/base/content/browser-places.js - browser/base/content/browser.js - browser/base/content/default-bookmarks.html - browser/base/content/nsContextMenu.js - browser/base/content/overrides/app-license.html - browser/base/content/pageinfo/pageInfo.xhtml - browser/base/content/utilityOverlay.js - browser/branding/branding-common.mozbuild - + browser/branding/mb-alpha/VisualElements_150.png - + browser/branding/mb-alpha/VisualElements_70.png - + browser/branding/mb-alpha/configure.sh - + browser/branding/mb-alpha/content/about-logo.png - + browser/branding/mb-alpha/content/about-logo.svg - + browser/branding/mb-alpha/content/about-logo(a)2x.png - + browser/branding/mb-alpha/content/about-wordmark.svg - + browser/branding/mb-alpha/content/about.png - + browser/branding/mb-alpha/content/aboutDialog.css The diff was not included because it is too large. View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/compare/d9… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/compare/d9… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/mullvad-browser] Pushed new branch mullvad-browser-128.1.0esr-14.0-1
by Pier Angelo Vendrame (＠pierov) 31 Jul '24

31 Jul '24

Pier Angelo Vendrame pushed new branch mullvad-browser-128.1.0esr-14.0-1 at The Tor Project / Applications / Mullvad Browser -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/tree/mullv… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser-build][main] Bump Firefox version to 128.1.0esr for nightly builds.
by Pier Angelo Vendrame (＠pierov) 31 Jul '24

31 Jul '24

Pier Angelo Vendrame pushed to branch main at The Tor Project / Applications / tor-browser-build Commits: c40a7699 by Pier Angelo Vendrame at 2024-07-31T19:45:29+02:00 Bump Firefox version to 128.1.0esr for nightly builds. - - - - - 2 changed files: - projects/firefox/config - projects/geckoview/config Changes: ===================================== projects/firefox/config ===================================== @@ -14,10 +14,10 @@ container: use_container: 1 var: - firefox_platform_version: 128.0 + firefox_platform_version: '128.1.0' firefox_version: '[% c("var/firefox_platform_version") %]esr' browser_series: '14.0' - browser_rebase: 2 + browser_rebase: 1 browser_branch: '[% c("var/browser_series") %]-[% c("var/browser_rebase") %]' browser_build: 1 branding_directory_prefix: 'tb' ===================================== projects/geckoview/config ===================================== @@ -16,8 +16,8 @@ container: build_apk: 1 var: - geckoview_version: 128.0esr - browser_branch: 14.0-2 + geckoview_version: 128.1.0esr + browser_branch: 14.0-1 browser_build: 1 copyright_year: '[% exec("git show -s --format=%ci").remove("-.*") %]' gitlab_project: https://gitlab.torproject.org/tpo/applications/tor-browser View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/c… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/c… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser] Pushed new tag base-browser-128.1.0esr-14.0-1-build1
by Pier Angelo Vendrame (＠pierov) 31 Jul '24

31 Jul '24

Pier Angelo Vendrame pushed new tag base-browser-128.1.0esr-14.0-1-build1 at The Tor Project / Applications / Tor Browser -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/tree/base-brow… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser] Pushed new branch base-browser-128.1.0esr-14.0-1
by Pier Angelo Vendrame (＠pierov) 31 Jul '24

31 Jul '24

Pier Angelo Vendrame pushed new branch base-browser-128.1.0esr-14.0-1 at The Tor Project / Applications / Tor Browser -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/tree/base-brow… You're receiving this email because of your account on gitlab.torproject.org.

1 0