- tbb-commits - lists.torproject.org

[Git][tpo/applications/tor-browser-build][main] Bug 41522: Remove incorrect comment in linux-signer-sign-android-aab
by boklm (＠boklm) 29 Aug '25

29 Aug '25

boklm pushed to branch main at The Tor Project / Applications / tor-browser-build Commits: 9bdc0d94 by Nicolas Vigier at 2025-08-29T13:04:30+02:00 Bug 41522: Remove incorrect comment in linux-signer-sign-android-aab This is a comment I initialy added to linux-signer-sign-android-apks, then mistakenly copied to linux-signer-sign-android-aab (which doesn't exist in the maint-14.5 branch). - - - - - 1 changed file: - tools/signing/linux-signer-sign-android-aab Changes: ===================================== tools/signing/linux-signer-sign-android-aab ===================================== @@ -11,8 +11,6 @@ projname=$(project-name) # tbb_version_type, tbb_version and SIGNING_PROJECTNAME are used in # wrappers/sign-apk, so we export them export tbb_version tbb_version_type SIGNING_PROJECTNAME -# (note: we should also export SIGNING_PROJECTNAME and tbb_version in -# the maint-14.5 branch) check_installed_packages() { local packages='unzip openjdk-11-jdk-headless openjdk-11-jre-headless' View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/9… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/9… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/mullvad-browser][mullvad-browser-140.2.0esr-15.0-1] fixup! BB 42220: Allow for more file types to be forced-inline.
by ma1 (＠ma1) 29 Aug '25

29 Aug '25

ma1 pushed to branch mullvad-browser-140.2.0esr-15.0-1 at The Tor Project / Applications / Mullvad Browser Commits: a295032e by hackademix at 2025-08-29T13:13:03+02:00 fixup! BB 42220: Allow for more file types to be forced-inline. BB 44140: Align PDF changes to 140esr Firefox allows to open some files in the browser without any confirmation, but this will result in a disk leak, because the file will be downloaded to the temporary directory first (and not deleted, in some cases). A preference allows PDFs to be opened without being downloaded to disk. So, we introduce a similar one to do the same for all the files that are set to be opened automatically in the browser, except svg and html files to prevent XSS hazards (see BB 43211). - - - - - 1 changed file: - uriloader/base/nsURILoader.cpp Changes: ===================================== uriloader/base/nsURILoader.cpp ===================================== @@ -320,7 +320,11 @@ NS_IMETHODIMP nsDocumentOpenInfo::OnStopRequest(nsIRequest* request, return NS_OK; } -static bool IsContentPDF(nsIChannel* aChannel, const nsACString& aContentType) { +static bool IsContentPDF( + nsIChannel* aChannel, const nsACString& aContentType, + nsAutoCString* aOutExt = + nullptr // best-guess file extension, useful for non-PDFs +) { bool isPDF = aContentType.LowerCaseEqualsASCII(APPLICATION_PDF); if (!isPDF && (aContentType.LowerCaseEqualsASCII(APPLICATION_OCTET_STREAM) || aContentType.IsEmpty())) { @@ -328,14 +332,25 @@ static bool IsContentPDF(nsIChannel* aChannel, const nsACString& aContentType) { aChannel->GetContentDispositionFilename(flname); isPDF = StringEndsWith(flname, u".pdf"_ns); if (!isPDF) { + nsAutoCString ext; nsCOMPtr<nsIURI> uri; aChannel->GetURI(getter_AddRefs(uri)); nsCOMPtr<nsIURL> url(do_QueryInterface(uri)); if (url) { - nsAutoCString ext; url->GetFileExtension(ext); isPDF = ext.EqualsLiteral("pdf"); } + if (aOutExt) { + // Fill the extension out param if required + if (!(isPDF || flname.IsEmpty())) { + // For non PDFs, fallback to filename from content disposition + int32_t extStart = flname.RFindChar(u'.'); + if (extStart != kNotFound) { + CopyUTF16toUTF8(Substring(flname, extStart + 1), ext); + } + } + *aOutExt = ext; + } } } @@ -343,7 +358,7 @@ static bool IsContentPDF(nsIChannel* aChannel, const nsACString& aContentType) { } static mozilla::Result<bool, nsresult> ShouldHandleExternally( - const nsACString& aMimeType) { + const nsACString& aMimeType, const nsACString& aExtension) { // For a PDF, check if the preference is set that forces attachments to be // opened inline. If so, treat it as a non-attachment by clearing // 'forceExternalHandling' again. This allows it open a PDF directly @@ -356,7 +371,7 @@ static mozilla::Result<bool, nsresult> ShouldHandleExternally( return mozilla::Err(NS_ERROR_FAILURE); } - mimeSvc->GetFromTypeAndExtension(aMimeType, EmptyCString(), + mimeSvc->GetFromTypeAndExtension(aMimeType, aExtension, getter_AddRefs(mimeInfo)); if (mimeInfo) { @@ -430,31 +445,43 @@ nsresult nsDocumentOpenInfo::DispatchContent(nsIRequest* request) { forceExternalHandling = false; } + nsAutoCString ext; + bool isPDF = + forceExternalHandling && IsContentPDF(aChannel, mContentType, &ext); + bool maybeForceInternalHandling = - forceExternalHandling && - (mozilla::StaticPrefs::browser_download_open_pdf_attachments_inline() || - mozilla::StaticPrefs::browser_download_ignore_content_disposition()); + (isPDF && + mozilla::StaticPrefs::browser_download_open_pdf_attachments_inline()) || + ( + forceExternalHandling && + mozilla::StaticPrefs::browser_download_ignore_content_disposition() && + // we want to exclude html and svg files, which could execute + // scripts (tor-browser#43211) + kNotFound == mContentType.LowerCaseFindASCII("html") && + kNotFound == ext.LowerCaseFindASCII("htm") && + kNotFound == mContentType.LowerCaseFindASCII("/svg+") && + !ext.EqualsIgnoreCase("svg")); // Check if this is a PDF which should be opened internally. We also handle // octet-streams that look like they might be PDFs based on their extension. + // Additionally, we try to avoid downloading also non-PDF attachments + // when the general Content-Disposition override preference is set to true. if (maybeForceInternalHandling) { - // For a PDF, check if the preference is set that forces attachments to be - // opened inline. If so, treat it as a non-attachment by clearing + // Preferences are set to open attachments inline by clearing // 'forceExternalHandling' again. This allows it open a PDF directly // instead of downloading it first. It may still end up being handled by // a helper app depending anyway on the later checks. - nsCString mimeType = IsContentPDF(aChannel, mContentType) - ? nsLiteralCString(APPLICATION_PDF) - : mContentType; - auto result = ShouldHandleExternally(mimeType); + // This may apply to other file types if an internal handler exists. + auto result = ShouldHandleExternally( + isPDF ? nsLiteralCString(APPLICATION_PDF) : mContentType, ext); if (result.isErr()) { return result.unwrapErr(); } forceExternalHandling = result.unwrap(); - // If we're not opening the PDF externally we block it if it's sandboxed. + // If we're not opening the file externally and it's sandboxed we block it. if (IsSandboxed(aChannel) && !forceExternalHandling) { - LOG(("Blocked sandboxed PDF")); + LOG(("Blocked sandboxed file")); nsCOMPtr<nsIHttpChannel> httpChannel = do_QueryInterface(aChannel); if (httpChannel) { nsContentSecurityUtils::LogMessageToConsole( View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/commit/a29… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/commit/a29… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser-build][maint-14.5] Bug 41554: Export SIGNING_PROJECTNAME and tbb_version in linux-signer-sign-android-apks
by boklm (＠boklm) 29 Aug '25

29 Aug '25

boklm pushed to branch maint-14.5 at The Tor Project / Applications / tor-browser-build Commits: 7bbac89c by Nicolas Vigier at 2025-08-29T12:59:32+02:00 Bug 41554: Export SIGNING_PROJECTNAME and tbb_version in linux-signer-sign-android-apks Following the changes from 821c192ed9def86b92a20bc8878a7c519230996f, wrappers/sign-apk is now using those variables. - - - - - 1 changed file: - tools/signing/linux-signer-sign-android-apks Changes: ===================================== tools/signing/linux-signer-sign-android-apks ===================================== @@ -8,8 +8,9 @@ source "$script_dir/functions" topdir="$script_dir/../.." ARCHS="armv7 aarch64 x86 x86_64" projname=$(project-name) -# tbb_version_type is used in wrappers/sign-apk, so we export it -export tbb_version_type +# tbb_version_type, tbb_version and SIGNING_PROJECTNAME are used in +# wrappers/sign-apk, so we export them +export tbb_version tbb_version_type SIGNING_PROJECTNAME check_installed_packages() { local packages='unzip openjdk-11-jdk-headless openjdk-11-jre-headless' View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/7… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/7… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][base-browser-140.2.0esr-15.0-1] fixup! BB 42220: Allow for more file types to be forced-inline.
by ma1 (＠ma1) 29 Aug '25

29 Aug '25

ma1 pushed to branch base-browser-140.2.0esr-15.0-1 at The Tor Project / Applications / Tor Browser Commits: 181f221a by hackademix at 2025-08-29T12:55:38+02:00 fixup! BB 42220: Allow for more file types to be forced-inline. BB 44140: Align PDF changes to 140esr Firefox allows to open some files in the browser without any confirmation, but this will result in a disk leak, because the file will be downloaded to the temporary directory first (and not deleted, in some cases). A preference allows PDFs to be opened without being downloaded to disk. So, we introduce a similar one to do the same for all the files that are set to be opened automatically in the browser, except svg and html files to prevent XSS hazards (see BB 43211). - - - - - 1 changed file: - uriloader/base/nsURILoader.cpp Changes: ===================================== uriloader/base/nsURILoader.cpp ===================================== @@ -320,7 +320,11 @@ NS_IMETHODIMP nsDocumentOpenInfo::OnStopRequest(nsIRequest* request, return NS_OK; } -static bool IsContentPDF(nsIChannel* aChannel, const nsACString& aContentType) { +static bool IsContentPDF( + nsIChannel* aChannel, const nsACString& aContentType, + nsAutoCString* aOutExt = + nullptr // best-guess file extension, useful for non-PDFs +) { bool isPDF = aContentType.LowerCaseEqualsASCII(APPLICATION_PDF); if (!isPDF && (aContentType.LowerCaseEqualsASCII(APPLICATION_OCTET_STREAM) || aContentType.IsEmpty())) { @@ -328,14 +332,25 @@ static bool IsContentPDF(nsIChannel* aChannel, const nsACString& aContentType) { aChannel->GetContentDispositionFilename(flname); isPDF = StringEndsWith(flname, u".pdf"_ns); if (!isPDF) { + nsAutoCString ext; nsCOMPtr<nsIURI> uri; aChannel->GetURI(getter_AddRefs(uri)); nsCOMPtr<nsIURL> url(do_QueryInterface(uri)); if (url) { - nsAutoCString ext; url->GetFileExtension(ext); isPDF = ext.EqualsLiteral("pdf"); } + if (aOutExt) { + // Fill the extension out param if required + if (!(isPDF || flname.IsEmpty())) { + // For non PDFs, fallback to filename from content disposition + int32_t extStart = flname.RFindChar(u'.'); + if (extStart != kNotFound) { + CopyUTF16toUTF8(Substring(flname, extStart + 1), ext); + } + } + *aOutExt = ext; + } } } @@ -343,7 +358,7 @@ static bool IsContentPDF(nsIChannel* aChannel, const nsACString& aContentType) { } static mozilla::Result<bool, nsresult> ShouldHandleExternally( - const nsACString& aMimeType) { + const nsACString& aMimeType, const nsACString& aExtension) { // For a PDF, check if the preference is set that forces attachments to be // opened inline. If so, treat it as a non-attachment by clearing // 'forceExternalHandling' again. This allows it open a PDF directly @@ -356,7 +371,7 @@ static mozilla::Result<bool, nsresult> ShouldHandleExternally( return mozilla::Err(NS_ERROR_FAILURE); } - mimeSvc->GetFromTypeAndExtension(aMimeType, EmptyCString(), + mimeSvc->GetFromTypeAndExtension(aMimeType, aExtension, getter_AddRefs(mimeInfo)); if (mimeInfo) { @@ -430,31 +445,43 @@ nsresult nsDocumentOpenInfo::DispatchContent(nsIRequest* request) { forceExternalHandling = false; } + nsAutoCString ext; + bool isPDF = + forceExternalHandling && IsContentPDF(aChannel, mContentType, &ext); + bool maybeForceInternalHandling = - forceExternalHandling && - (mozilla::StaticPrefs::browser_download_open_pdf_attachments_inline() || - mozilla::StaticPrefs::browser_download_ignore_content_disposition()); + (isPDF && + mozilla::StaticPrefs::browser_download_open_pdf_attachments_inline()) || + ( + forceExternalHandling && + mozilla::StaticPrefs::browser_download_ignore_content_disposition() && + // we want to exclude html and svg files, which could execute + // scripts (tor-browser#43211) + kNotFound == mContentType.LowerCaseFindASCII("html") && + kNotFound == ext.LowerCaseFindASCII("htm") && + kNotFound == mContentType.LowerCaseFindASCII("/svg+") && + !ext.EqualsIgnoreCase("svg")); // Check if this is a PDF which should be opened internally. We also handle // octet-streams that look like they might be PDFs based on their extension. + // Additionally, we try to avoid downloading also non-PDF attachments + // when the general Content-Disposition override preference is set to true. if (maybeForceInternalHandling) { - // For a PDF, check if the preference is set that forces attachments to be - // opened inline. If so, treat it as a non-attachment by clearing + // Preferences are set to open attachments inline by clearing // 'forceExternalHandling' again. This allows it open a PDF directly // instead of downloading it first. It may still end up being handled by // a helper app depending anyway on the later checks. - nsCString mimeType = IsContentPDF(aChannel, mContentType) - ? nsLiteralCString(APPLICATION_PDF) - : mContentType; - auto result = ShouldHandleExternally(mimeType); + // This may apply to other file types if an internal handler exists. + auto result = ShouldHandleExternally( + isPDF ? nsLiteralCString(APPLICATION_PDF) : mContentType, ext); if (result.isErr()) { return result.unwrapErr(); } forceExternalHandling = result.unwrap(); - // If we're not opening the PDF externally we block it if it's sandboxed. + // If we're not opening the file externally and it's sandboxed we block it. if (IsSandboxed(aChannel) && !forceExternalHandling) { - LOG(("Blocked sandboxed PDF")); + LOG(("Blocked sandboxed file")); nsCOMPtr<nsIHttpChannel> httpChannel = do_QueryInterface(aChannel); if (httpChannel) { nsContentSecurityUtils::LogMessageToConsole( View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/181f221… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/181f221… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser-build][main] Bug 41522: Adapt signing scripts for tor-vpn
by boklm (＠boklm) 29 Aug '25

29 Aug '25

boklm pushed to branch main at The Tor Project / Applications / tor-browser-build Commits: 821c192e by Nicolas Vigier at 2025-08-29T12:16:22+02:00 Bug 41522: Adapt signing scripts for tor-vpn - - - - - 30 changed files: - rbm.conf - tools/signing/do-all-signing - + tools/signing/do-all-signing.torvpn - tools/signing/functions - + tools/signing/linux-signer-gpg-sign.torvpn - + tools/signing/linux-signer-sign-android-aab - + tools/signing/linux-signer-sign-android-aab.torvpn - tools/signing/linux-signer-sign-android-apks - + tools/signing/linux-signer-sign-android-apks.torvpn - tools/signing/machines-setup/setup-signing-machine - + tools/signing/machines-setup/sudoers.d/sign-aab - tools/signing/machines-setup/sudoers.d/sign-apk - tools/signing/set-config - + tools/signing/staticiforme-prepare-cdn-dist-upload.torvpn - + tools/signing/sync-builder-to-local.torvpn - + tools/signing/sync-builder-to-local.torvpn.dry-run - + tools/signing/sync-builder-unsigned-to-local-signed.torvpn - + tools/signing/sync-builder-unsigned-to-local-signed.torvpn.dry-run - + tools/signing/sync-linux-signer-to-local.torvpn - + tools/signing/sync-linux-signer-to-local.torvpn.dry-run - + tools/signing/sync-local-to-builder.torvpn - + tools/signing/sync-local-to-builder.torvpn.dry-run - + tools/signing/sync-local-to-linux-signer.torvpn - + tools/signing/sync-local-to-linux-signer.torvpn.dry-run - + tools/signing/sync-local-to-staticiforme.torvpn - + tools/signing/sync-local-to-staticiforme.torvpn.dry-run - + tools/signing/sync-scripts-to-linux-signer.torvpn - + tools/signing/sync-scripts-to-linux-signer.torvpn.dry-run - + tools/signing/wrappers/sign-aab - tools/signing/wrappers/sign-apk Changes: ===================================== rbm.conf ===================================== @@ -97,8 +97,8 @@ var: # enable/disable all android or desktop platforms. If you want to # check whether a release includes some android or desktop platforms # see signing_android and signing_desktop below. - is_android_release: '[% c("var/tor-browser") %]' - is_desktop_release: '1' + is_android_release: '[% c("var/tor-browser") || c("var/tor-vpn") %]' + is_desktop_release: '[% ! c("var/tor-vpn") %]' # signing_android is used in signing scripts to check if at least # one android platform is being signed/published @@ -328,6 +328,18 @@ targets: max_torbrowser_incremental_from: 2 build_infos_json: 1 + torvpn: + var: + tor-vpn: 1 + torbrowser_version: '1.0.0Beta' + torbrowser_build: 'build1' + browser_release_date: '2025/08/28 15:33:44' + project-name: tor-vpn + projectname: torvpn + Project_Name: 'Tor VPN' + ProjectName: TorVPN + project_initials: tv + torbrowser: var: tor-browser: 1 ===================================== tools/signing/do-all-signing ===================================== @@ -67,7 +67,7 @@ echo echo [ -z "$platform_android" ] || \ - [ -f "$steps_dir/linux-signer-sign-android-apks.done" ] || \ + [ -f "$steps_dir/sync-after-sign-android-apks.done" ] || \ [ -n "$KSPASS" ] || \ read -sp "Enter android apk signing password ($tbb_version_type): " KSPASS echo @@ -155,6 +155,14 @@ EOF unset KSPASS } +function linux-signer-sign-android-aab { + ssh "$ssh_host_linux_signer" 'bash -s' << EOF + export KSPASS=$KSPASS + ~/signing-$SIGNING_PROJECTNAME-$tbb_version_type/linux-signer-sign-android-aab.$SIGNING_PROJECTNAME +EOF + unset KSPASS +} + function sync-after-sign-android-apks { "$script_dir/sync-linux-signer-to-local" } @@ -257,6 +265,8 @@ do_step sync-before-linux-signer-signmars do_step sync-after-signmars [ -n "$platform_android" ] && \ do_step linux-signer-sign-android-apks +[ "$SIGNING_PROJECTNAME" = 'torvpn' ] && [ -n "$platform_android" ] && \ + do_step linux-signer-sign-android-aab [ -n "$platform_android" ] && \ do_step sync-after-sign-android-apks [ -n "$platform_windows" ] && \ @@ -275,6 +285,6 @@ do_step download-unsigned-sha256sums-gpg-signatures-from-people-tpo do_step sync-local-to-staticiforme do_step sync-scripts-to-staticiforme do_step staticiforme-prepare-cdn-dist-upload -! is_legacy && \ +[ "$SIGNING_PROJECTNAME" != 'torvpn' ] && ! is_legacy \ do_step upload-update_responses-to-staticiforme do_step finished-signing-clean-linux-signer ===================================== tools/signing/do-all-signing.torvpn ===================================== @@ -0,0 +1 @@ +do-all-signing \ No newline at end of file ===================================== tools/signing/functions ===================================== @@ -14,6 +14,7 @@ function var_is_defined { } function check_update_responses_repository_dir { + test "$SIGNING_PROJECTNAME" = 'torvpn' && return 0 if test -z "$update_responses_repository_dir" || ! test -d "$update_responses_repository_dir" then cat << 'EOF' > /dev/stderr ===================================== tools/signing/linux-signer-gpg-sign.torvpn ===================================== @@ -0,0 +1 @@ +linux-signer-gpg-sign \ No newline at end of file ===================================== tools/signing/linux-signer-sign-android-aab ===================================== @@ -0,0 +1,46 @@ +#!/bin/bash + +set -e +no_generate_config=1 +script_dir=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd ) +source "$script_dir/functions" + +topdir="$script_dir/../.." +test "$SIGNING_PROJECTNAME" = 'torvpn' +projname=$(project-name) +# tbb_version_type, tbb_version and SIGNING_PROJECTNAME are used in +# wrappers/sign-apk, so we export them +export tbb_version tbb_version_type SIGNING_PROJECTNAME +# (note: we should also export SIGNING_PROJECTNAME and tbb_version in +# the maint-14.5 branch) + +check_installed_packages() { + local packages='unzip openjdk-11-jdk-headless openjdk-11-jre-headless' + for package in $packages + do + dpkg -s "$package" | grep -q '^Status: install ok installed$' || \ + exit_error "package $package is missing" + done +} + +sign_aab() { + sudo -u signing-apk -- /signing/tor-browser-build/tools/signing/wrappers/sign-aab +} + +check_installed_packages + +if [ -z "$KSPASS" ]; then + echo "Enter keystore passphrase" + stty -echo; read KSPASS; stty echo + export KSPASS +fi + +cp -af ~/"$SIGNING_PROJECTNAME-$tbb_version"/$projname-$tbb_version.aab \ + /home/signing-apk/unsigned-files/"$SIGNING_PROJECTNAME-$tbb_version_type.aab" + +sign_aab + +cp /home/signing-apk/signed-files/"$SIGNING_PROJECTNAME-$tbb_version_type.aab" \ + ~/"$SIGNING_PROJECTNAME-$tbb_version"/$projname-$tbb_version.aab +rm /home/signing-apk/signed-files/"$SIGNING_PROJECTNAME-$tbb_version_type.aab" +rm /home/signing-apk/unsigned-files/"$SIGNING_PROJECTNAME-$tbb_version_type.aab" ===================================== tools/signing/linux-signer-sign-android-aab.torvpn ===================================== @@ -0,0 +1 @@ +linux-signer-sign-android-aab \ No newline at end of file ===================================== tools/signing/linux-signer-sign-android-apks ===================================== @@ -7,9 +7,11 @@ source "$script_dir/functions" topdir="$script_dir/../.." ARCHS="armv7 aarch64 x86 x86_64" +test "$SIGNING_PROJECTNAME" = 'torvpn' && ARCHS='multiarch' projname=$(project-name) -# tbb_version_type is used in wrappers/sign-apk, so we export it -export tbb_version_type +# tbb_version_type, tbb_version and SIGNING_PROJECTNAME are used in +# wrappers/sign-apk, so we export them +export tbb_version tbb_version_type SIGNING_PROJECTNAME check_installed_packages() { local packages='unzip openjdk-11-jdk-headless openjdk-11-jre-headless' @@ -21,10 +23,11 @@ check_installed_packages() { } setup_build_tools() { + abt_version=16 build_tools_dir=/signing/android-build-tools - test -f "$build_tools_dir"/android-12/apksigner || \ - exit_error "$build_tools_dir/android-12/apksigner is missing" - export PATH="$build_tools_dir/android-12:${PATH}" + test -f "$build_tools_dir"/android-$abt_version/apksigner || \ + exit_error "$build_tools_dir/android-$abt_version/apksigner is missing" + export PATH="$build_tools_dir/android-$abt_version:${PATH}" } sign_apk() { @@ -36,7 +39,6 @@ verify_apk() { scheme_v1="Verified using v1 scheme (JAR signing): true" scheme_v2="Verified using v2 scheme (APK Signature Scheme v2): true" - # Verify the expected signing key was used, Alpha verses Release based on the filename. if test "$tbb_version_type" = "alpha"; then cert_digest="Signer #1 certificate SHA-256 digest: 15f760b41acbe4783e667102c9f67119be2af62fab07763f9d57f01e5e1074e1" pubkey_digest="Signer #1 public key SHA-256 digest: 4e617e6516f81123ca58e718d617a704ac8365c575bd9e7a731ba5dd0476869d" @@ -44,7 +46,14 @@ verify_apk() { cert_digest="Signer #1 certificate SHA-256 digest: 20061f045e737c67375c17794cfedb436a03cec6bacb7cb9f96642205ca2cec8" pubkey_digest="Signer #1 public key SHA-256 digest: 343ca8a2e5452670bdc335a181a4baed909f868937d68c4653e44ef84de8dfc6" fi + if test "$SIGNING_PROJECTNAME" = "torvpn"; then + # No v1 scheme signature on torvpn apk + scheme_v1='' + cert_digest="Signer #1 certificate SHA-256 digest: c2f6ffa30e56a7c53a226248ef908612ee539df2f52bede5a55037425b83331d" + pubkey_digest="Signer #1 public key SHA-256 digest: fddc5f93ae0bc971e951481b0b5e6b62e47040fe979ff535cf75daade2f13f3d" + fi for digest in "${scheme_v1}" "${scheme_v2}" "${cert_digest}" "${pubkey_digest}"; do + test -z "$digest" && continue if ! echo "${verified}" | grep -q "${digest}"; then echo "Expected digest not found:" echo ${digest} @@ -69,8 +78,10 @@ mkdir -p ~/"$SIGNING_PROJECTNAME-$tbb_version-apks" chgrp signing ~/"$SIGNING_PROJECTNAME-$tbb_version-apks" chmod g+w ~/"$SIGNING_PROJECTNAME-$tbb_version-apks" cp -af ~/"$SIGNING_PROJECTNAME-$tbb_version"/*.apk \ - ~/"$SIGNING_PROJECTNAME-$tbb_version"/*.bspatch \ ~/"$SIGNING_PROJECTNAME-$tbb_version-apks" +test "$SIGNING_PROJECTNAME" != 'torvpn' && \ + cp -af ~/"$SIGNING_PROJECTNAME-$tbb_version"/*.bspatch \ + ~/"$SIGNING_PROJECTNAME-$tbb_version-apks" cd ~/"$SIGNING_PROJECTNAME-$tbb_version-apks" # Sign all packages @@ -79,7 +90,8 @@ for arch in ${ARCHS}; do unsigned_apk=${projname}-qa-unsigned-android-${arch}-${tbb_version}.apk unsigned_apk_bspatch=${projname}-qa-unsign-android-${arch}-${tbb_version}.bspatch signed_apk=${projname}-android-${arch}-${tbb_version}.apk - bspatch "$qa_apk" "$unsigned_apk" "$unsigned_apk_bspatch" + test -f "$unsigned_apk" || \ + bspatch "$qa_apk" "$unsigned_apk" "$unsigned_apk_bspatch" sign_apk "$unsigned_apk" "$signed_apk" verify_apk "$signed_apk" cp -f "$signed_apk" ~/"$SIGNING_PROJECTNAME-$tbb_version" ===================================== tools/signing/linux-signer-sign-android-apks.torvpn ===================================== @@ -0,0 +1 @@ +linux-signer-sign-android-apks \ No newline at end of file ===================================== tools/signing/machines-setup/setup-signing-machine ===================================== @@ -91,6 +91,7 @@ sudoers_file sign-gpg sudoers_file sign-mar sudoers_file sign-exe sudoers_file sign-apk +sudoers_file sign-aab sudoers_file sign-rcodesign sudoers_file sign-rcodesign-128 sudoers_file set-date @@ -105,6 +106,10 @@ authorized_keys ma1 ma1.pub create_user pierov signing authorized_keys pierov pierov.pub +mkdir -p /home/signing-apk/unsigned-files /home/signing-apk/signed-files +chgrp signing /home/signing-apk/unsigned-files /home/signing-apk/signed-files +chmod g+rwx /home/signing-apk/unsigned-files /home/signing-apk/signed-files + # Install rbm deps install_packages libyaml-libyaml-perl libtemplate-perl libdatetime-perl \ libio-handle-util-perl libio-all-perl \ ===================================== tools/signing/machines-setup/sudoers.d/sign-aab ===================================== @@ -0,0 +1,2 @@ +Defaults>signing-apk env_keep += "SIGNING_PROJECTNAME tbb_version tbb_version_type KSPASS" +%signing ALL = (signing-apk) NOPASSWD: /signing/tor-browser-build/tools/signing/wrappers/sign-aab ===================================== tools/signing/machines-setup/sudoers.d/sign-apk ===================================== @@ -1,2 +1,2 @@ -Defaults>signing-apk env_keep += "SIGNING_PROJECTNAME tbb_version_type KSPASS" +Defaults>signing-apk env_keep += "SIGNING_PROJECTNAME tbb_version tbb_version_type KSPASS" %signing ALL = (signing-apk) NOPASSWD: /signing/tor-browser-build/tools/signing/wrappers/sign-apk ===================================== tools/signing/set-config ===================================== @@ -16,6 +16,7 @@ test -n "${SIGNING_PROJECTNAME+x}" \ test "$SIGNING_PROJECTNAME" = 'torbrowser' \ || test "$SIGNING_PROJECTNAME" = 'basebrowser' \ || test "$SIGNING_PROJECTNAME" = 'mullvadbrowser' \ + || test "$SIGNING_PROJECTNAME" = 'torvpn' \ || exit_error "Unknown SIGNING_PROJECTNAME $SIGNING_PROJECTNAME" export SIGNING_PROJECTNAME ===================================== tools/signing/staticiforme-prepare-cdn-dist-upload.torvpn ===================================== @@ -0,0 +1 @@ +staticiforme-prepare-cdn-dist-upload \ No newline at end of file ===================================== tools/signing/sync-builder-to-local.torvpn ===================================== @@ -0,0 +1 @@ +sync-builder-to-local \ No newline at end of file ===================================== tools/signing/sync-builder-to-local.torvpn.dry-run ===================================== @@ -0,0 +1 @@ +sync-builder-to-local \ No newline at end of file ===================================== tools/signing/sync-builder-unsigned-to-local-signed.torvpn ===================================== @@ -0,0 +1 @@ +sync-builder-unsigned-to-local-signed \ No newline at end of file ===================================== tools/signing/sync-builder-unsigned-to-local-signed.torvpn.dry-run ===================================== @@ -0,0 +1 @@ +sync-builder-unsigned-to-local-signed \ No newline at end of file ===================================== tools/signing/sync-linux-signer-to-local.torvpn ===================================== @@ -0,0 +1 @@ +sync-linux-signer-to-local \ No newline at end of file ===================================== tools/signing/sync-linux-signer-to-local.torvpn.dry-run ===================================== @@ -0,0 +1 @@ +sync-linux-signer-to-local \ No newline at end of file ===================================== tools/signing/sync-local-to-builder.torvpn ===================================== @@ -0,0 +1 @@ +sync-local-to-builder \ No newline at end of file ===================================== tools/signing/sync-local-to-builder.torvpn.dry-run ===================================== @@ -0,0 +1 @@ +sync-local-to-builder \ No newline at end of file ===================================== tools/signing/sync-local-to-linux-signer.torvpn ===================================== @@ -0,0 +1 @@ +sync-local-to-linux-signer \ No newline at end of file ===================================== tools/signing/sync-local-to-linux-signer.torvpn.dry-run ===================================== @@ -0,0 +1 @@ +sync-local-to-linux-signer \ No newline at end of file ===================================== tools/signing/sync-local-to-staticiforme.torvpn ===================================== @@ -0,0 +1 @@ +sync-local-to-staticiforme \ No newline at end of file ===================================== tools/signing/sync-local-to-staticiforme.torvpn.dry-run ===================================== @@ -0,0 +1 @@ +sync-local-to-staticiforme \ No newline at end of file ===================================== tools/signing/sync-scripts-to-linux-signer.torvpn ===================================== @@ -0,0 +1 @@ +sync-scripts-to-linux-signer \ No newline at end of file ===================================== tools/signing/sync-scripts-to-linux-signer.torvpn.dry-run ===================================== @@ -0,0 +1 @@ +sync-scripts-to-linux-signer \ No newline at end of file ===================================== tools/signing/wrappers/sign-aab ===================================== @@ -0,0 +1,41 @@ +#!/bin/bash +set -e + +function exit_error { + for msg in "$@" + do + echo "$msg" >&2 + done + exit 1 +} + +case "$SIGNING_PROJECTNAME" in + torbrowser | mullvadbrowser | torvpn) + ;; + *) + exit_error "Unexpected value for SIGNING_PROJECTNAME: $SIGNING_PROJECTNAME" + ;; +esac + +case "$tbb_version_type" in + release | alpha) + ;; + *) + exit_error "Unexpected value for tbb_version_type: $tbb_version_type" + ;; +esac + +android_signing_key_dir=/home/signing-apk/keys +android_signing_key_path="$android_signing_key_dir/torvpn.p12" +test -f "$android_signing_key_path" || exit_error "$android_signing_key_path is missing" + +tmpdir=$(mktemp -d) +cd "$tmpdir" + +jarsigner -keystore "${android_signing_key_path}" -storepass:env KSPASS \ + -signedjar /home/signing-apk/signed-files/"$SIGNING_PROJECTNAME-$tbb_version_type.aab" \ + -verbose /home/signing-apk/unsigned-files/"$SIGNING_PROJECTNAME-$tbb_version_type.aab" \ + tor-vpn + +cd - +rm -Rf "$tmpdir" ===================================== tools/signing/wrappers/sign-apk ===================================== @@ -14,15 +14,30 @@ if test "$tbb_version_type" != 'release' \ exit_error "Unexpected value for tbb_version_type: $tbb_version_type" fi +case "$SIGNING_PROJECTNAME" in + torbrowser | mullvadbrowser | torvpn) + ;; + *) + exit_error "Unexpected value for SIGNING_PROJECTNAME: $SIGNING_PROJECTNAME" + ;; +esac + android_signing_key_dir=/home/signing-apk/keys -android_signing_key_path="$android_signing_key_dir/tba_$tbb_version_type.p12" +android_signing_key_path="$android_signing_key_dir/$pname_$tbb_version_type.p12" +test -n "$SIGNING_PROJECTNAME" && test "$SIGNING_PROJECTNAME" = 'torvpn' && \ + android_signing_key_path="$android_signing_key_dir/torvpn.p12" test -f "$android_signing_key_path" || exit_error "$android_signing_key_path is missing" setup_build_tools() { + abt_version=16 + # If signing 14.5, keep using android-12 build tools + # (we can remove this when 15.0 is the stable release) + ( test -z "$tbb_version" || echo "$tbb_version" | grep -q '^14\.5' ) && \ + abt_version=12 build_tools_dir=/signing/android-build-tools - test -f "$build_tools_dir"/android-12/apksigner || \ - exit_error "$build_tools_dir/android-12/apksigner is missing" - export PATH="$build_tools_dir/android-12:${PATH}" + test -f "$build_tools_dir"/android-$abt_version/apksigner || \ + exit_error "$build_tools_dir/android-$abt_version/apksigner is missing" + export PATH="$build_tools_dir/android-$abt_version:${PATH}" } # Sign individual apk View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/8… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/8… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser] Pushed new tag tor-browser-140.2.0esr-15.0-1-build3
by ma1 (＠ma1) 29 Aug '25

29 Aug '25

ma1 pushed new tag tor-browser-140.2.0esr-15.0-1-build3 at The Tor Project / Applications / Tor Browser -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/tree/tor-brows… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][tor-browser-140.2.0esr-15.0-1] 2 commits: Revert "BB 42220: Allow for more file types to be forced-inline."
by ma1 (＠ma1) 29 Aug '25

29 Aug '25

ma1 pushed to branch tor-browser-140.2.0esr-15.0-1 at The Tor Project / Applications / Tor Browser Commits: 0539d9c3 by hackademix at 2025-08-29T12:21:36+02:00 Revert "BB 42220: Allow for more file types to be forced-inline." This reverts commit 90dbc9451a30f7d68384e26fe38517534bf7e302. - - - - - 2e79fc22 by Pier Angelo Vendrame at 2025-08-29T12:21:38+02:00 BB 42220: Allow for more file types to be forced-inline. Firefox allows to open some files in the browser without any confirmation, but this will result in a disk leak, because the file will be downloaded to the temporary directory first (and not deleted, in some cases). A preference allows PDFs to be opened without being downloaded to disk. So, we introduce a similar one to do the same for all the files that are set to be opened automatically in the browser, except svg and html files to prevent XSS hazards (see BB 43211). - - - - - 1 changed file: - uriloader/base/nsURILoader.cpp Changes: ===================================== uriloader/base/nsURILoader.cpp ===================================== @@ -320,7 +320,11 @@ NS_IMETHODIMP nsDocumentOpenInfo::OnStopRequest(nsIRequest* request, return NS_OK; } -static bool IsContentPDF(nsIChannel* aChannel, const nsACString& aContentType) { +static bool IsContentPDF( + nsIChannel* aChannel, const nsACString& aContentType, + nsAutoCString* aOutExt = + nullptr // best-guess file extension, useful for non-PDFs +) { bool isPDF = aContentType.LowerCaseEqualsASCII(APPLICATION_PDF); if (!isPDF && (aContentType.LowerCaseEqualsASCII(APPLICATION_OCTET_STREAM) || aContentType.IsEmpty())) { @@ -328,14 +332,25 @@ static bool IsContentPDF(nsIChannel* aChannel, const nsACString& aContentType) { aChannel->GetContentDispositionFilename(flname); isPDF = StringEndsWith(flname, u".pdf"_ns); if (!isPDF) { + nsAutoCString ext; nsCOMPtr<nsIURI> uri; aChannel->GetURI(getter_AddRefs(uri)); nsCOMPtr<nsIURL> url(do_QueryInterface(uri)); if (url) { - nsAutoCString ext; url->GetFileExtension(ext); isPDF = ext.EqualsLiteral("pdf"); } + if (aOutExt) { + // Fill the extension out param if required + if (!(isPDF || flname.IsEmpty())) { + // For non PDFs, fallback to filename from content disposition + int32_t extStart = flname.RFindChar(u'.'); + if (extStart != kNotFound) { + CopyUTF16toUTF8(Substring(flname, extStart + 1), ext); + } + } + *aOutExt = ext; + } } } @@ -343,7 +358,7 @@ static bool IsContentPDF(nsIChannel* aChannel, const nsACString& aContentType) { } static mozilla::Result<bool, nsresult> ShouldHandleExternally( - const nsACString& aMimeType) { + const nsACString& aMimeType, const nsACString& aExtension) { // For a PDF, check if the preference is set that forces attachments to be // opened inline. If so, treat it as a non-attachment by clearing // 'forceExternalHandling' again. This allows it open a PDF directly @@ -356,7 +371,7 @@ static mozilla::Result<bool, nsresult> ShouldHandleExternally( return mozilla::Err(NS_ERROR_FAILURE); } - mimeSvc->GetFromTypeAndExtension(aMimeType, EmptyCString(), + mimeSvc->GetFromTypeAndExtension(aMimeType, aExtension, getter_AddRefs(mimeInfo)); if (mimeInfo) { @@ -430,31 +445,43 @@ nsresult nsDocumentOpenInfo::DispatchContent(nsIRequest* request) { forceExternalHandling = false; } + nsAutoCString ext; + bool isPDF = + forceExternalHandling && IsContentPDF(aChannel, mContentType, &ext); + bool maybeForceInternalHandling = - forceExternalHandling && - (mozilla::StaticPrefs::browser_download_open_pdf_attachments_inline() || - mozilla::StaticPrefs::browser_download_ignore_content_disposition()); + (isPDF && + mozilla::StaticPrefs::browser_download_open_pdf_attachments_inline()) || + ( + forceExternalHandling && + mozilla::StaticPrefs::browser_download_ignore_content_disposition() && + // we want to exclude html and svg files, which could execute + // scripts (tor-browser#43211) + kNotFound == mContentType.LowerCaseFindASCII("html") && + kNotFound == ext.LowerCaseFindASCII("htm") && + kNotFound == mContentType.LowerCaseFindASCII("/svg+") && + !ext.EqualsIgnoreCase("svg")); // Check if this is a PDF which should be opened internally. We also handle // octet-streams that look like they might be PDFs based on their extension. + // Additionally, we try to avoid downloading also non-PDF attachments + // when the general Content-Disposition override preference is set to true. if (maybeForceInternalHandling) { - // For a PDF, check if the preference is set that forces attachments to be - // opened inline. If so, treat it as a non-attachment by clearing + // Preferences are set to open attachments inline by clearing // 'forceExternalHandling' again. This allows it open a PDF directly // instead of downloading it first. It may still end up being handled by // a helper app depending anyway on the later checks. - nsCString mimeType = IsContentPDF(aChannel, mContentType) - ? nsLiteralCString(APPLICATION_PDF) - : mContentType; - auto result = ShouldHandleExternally(mimeType); + // This may apply to other file types if an internal handler exists. + auto result = ShouldHandleExternally( + isPDF ? nsLiteralCString(APPLICATION_PDF) : mContentType, ext); if (result.isErr()) { return result.unwrapErr(); } forceExternalHandling = result.unwrap(); - // If we're not opening the PDF externally we block it if it's sandboxed. + // If we're not opening the file externally and it's sandboxed we block it. if (IsSandboxed(aChannel) && !forceExternalHandling) { - LOG(("Blocked sandboxed PDF")); + LOG(("Blocked sandboxed file")); nsCOMPtr<nsIHttpChannel> httpChannel = do_QueryInterface(aChannel); if (httpChannel) { nsContentSecurityUtils::LogMessageToConsole( View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/compare/893598… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/compare/893598… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][tor-browser-140.2.0esr-15.0-1] fixup! TB 40041 [android]: Implement Tor Network Settings
by clairehurst (＠clairehurst) 28 Aug '25

28 Aug '25

clairehurst pushed to branch tor-browser-140.2.0esr-15.0-1 at The Tor Project / Applications / Tor Browser Commits: 89359823 by clairehurst at 2025-08-28T11:03:40-07:00 fixup! TB 40041 [android]: Implement Tor Network Settings Better fix for #44036 Crash on opening "Search Settings" on android - - - - - 1 changed file: - mobile/android/fenix/app/src/main/java/org/mozilla/fenix/settings/SettingsFragment.kt Changes: ===================================== mobile/android/fenix/app/src/main/java/org/mozilla/fenix/settings/SettingsFragment.kt ===================================== @@ -12,6 +12,7 @@ import android.os.Build import android.os.Bundle import android.os.Handler import android.os.Looper +import android.os.StrictMode import android.util.Log import android.view.LayoutInflater import android.view.View @@ -37,7 +38,6 @@ import kotlinx.coroutines.CoroutineScope import kotlinx.coroutines.Dispatchers import kotlinx.coroutines.delay import kotlinx.coroutines.launch -import kotlinx.coroutines.runBlocking import mozilla.components.browser.state.state.selectedOrDefaultSearchEngine import mozilla.components.concept.engine.Engine import mozilla.components.concept.sync.AccountObserver @@ -191,7 +191,7 @@ class SettingsFragment : PreferenceFragmentCompat(), UserInteractionHandler { } override fun onCreatePreferences(savedInstanceState: Bundle?, rootKey: String?) { - runBlocking(context = Dispatchers.IO) { + requireContext().components.strictMode.resetAfter(StrictMode.allowThreadDiskReads()) { setPreferencesFromResource(R.xml.preferences, rootKey) } } View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/8935982… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/8935982… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][tor-browser-140.2.0esr-15.0-1] fixup! TB 42891: Set the bundled search engine for Tor Browser.
by Pier Angelo Vendrame (＠pierov) 28 Aug '25

28 Aug '25

Pier Angelo Vendrame pushed to branch tor-browser-140.2.0esr-15.0-1 at The Tor Project / Applications / Tor Browser Commits: 55e239b2 by Pier Angelo Vendrame at 2025-08-28T18:17:11+02:00 fixup! TB 42891: Set the bundled search engine for Tor Browser. TB 43525: Move search engine customization to SearchEngineSelector. - - - - - 3 changed files: - toolkit/components/search/SearchEngineSelector.sys.mjs - toolkit/components/search/SearchService.sys.mjs - toolkit/components/search/content/torBrowserSearchEngines.json Changes: ===================================== toolkit/components/search/SearchEngineSelector.sys.mjs ===================================== @@ -2,6 +2,8 @@ * License, v. 2.0. If a copy of the MPL was not distributed with this * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ +import { AppConstants } from "resource://gre/modules/AppConstants.sys.mjs"; + /** * @typedef {import("../uniffi-bindgen-gecko-js/components/generated/RustSearch.sys.mjs").SearchEngineSelector} RustSearchEngineSelector * We use "Rust" above to avoid conflict with the class name for the JavaScript wrapper. @@ -92,30 +94,13 @@ export class SearchEngineSelector { return this._getConfigurationPromise; } - this._getConfigurationPromise = Promise.all([ - this._getConfiguration(), - this._getConfigurationOverrides(), - ]); - let remoteSettingsData = await this._getConfigurationPromise; - this._configuration = remoteSettingsData[0]; - this._configurationOverrides = remoteSettingsData[1]; - delete this._getConfigurationPromise; - - if (!this._configuration?.length) { - throw Components.Exception( - "Failed to get engine data from Remote Settings", - Cr.NS_ERROR_UNEXPECTED - ); - } - - if (!this._listenerAdded) { - this._remoteConfig.on("sync", this._onConfigurationUpdated); - this._remoteConfigOverrides.on( - "sync", - this._onConfigurationOverridesUpdated - ); - this._listenerAdded = true; - } + let { promise, resolve } = Promise.withResolvers(); + this._getConfigurationPromise = promise; + this._configuration = await ( + await fetch("chrome://global/content/search/torBrowserSearchEngines.json") + ).json(); + this._configurationOverrides = []; + resolve(this._configuration); if (lazy.SearchUtils.rustSelectorFeatureGate) { this.#selector.setSearchConfig( @@ -242,6 +227,12 @@ export class SearchEngineSelector { * The new configuration object */ _onConfigurationUpdated({ data: { current } }) { + // tor-browser#43525: Even though RemoteSettings are a no-op for us, we do + // not want them to interfere in any way. + if (AppConstants.BASE_BROWSER_VERSION) { + return; + } + this._configuration = current; if (lazy.SearchUtils.rustSelectorFeatureGate) { @@ -268,6 +259,12 @@ export class SearchEngineSelector { * The new configuration object */ _onConfigurationOverridesUpdated({ data: { current } }) { + // tor-browser#43525: Even though RemoteSettings are a no-op for us, we do + // not want them to interfere in any way. + if (AppConstants.BASE_BROWSER_VERSION) { + return; + } + this._configurationOverrides = current; if (lazy.SearchUtils.rustSelectorFeatureGate) { ===================================== toolkit/components/search/SearchService.sys.mjs ===================================== @@ -2628,11 +2628,21 @@ export class SearchService { // This is prefixed with _ rather than # because it is // called in test_remove_engine_notification_box.js async _fetchEngineSelectorEngines() { - // tor-browser#43525: Check this still works. - const engines = await ( - await fetch("chrome://global/content/search/torBrowserSearchEngines.json") - ).json(); - return { engines, privateDefault: undefined }; + let searchEngineSelectorProperties = { + locale: "en-US", + region: lazy.Region.home || "unknown", + channel: lazy.SearchUtils.MODIFIED_APP_CHANNEL, + experiment: this._experimentPrefValue, + distroID: lazy.SearchUtils.distroID ?? "", + }; + + for (let [key, value] of Object.entries(searchEngineSelectorProperties)) { + this._settings.setMetaDataAttribute(key, value); + } + + return this.#engineSelector.fetchEngineConfiguration( + searchEngineSelectorProperties + ); } #setDefaultFromSelector(refinedConfig) { ===================================== toolkit/components/search/content/torBrowserSearchEngines.json ===================================== @@ -1,78 +1,127 @@ [ { - "aliases": ["duckduckgo", "ddg"], - "name": "DuckDuckGo", - "urls": { - "search": { - "base": "https://duckduckgo.com/", - "params": [], - "searchTermParamName": "q" + "base": { + "aliases": ["duckduckgo", "ddg"], + "classification": "general", + "name": "DuckDuckGo", + "urls": { + "search": { + "base": "https://duckduckgo.com/", + "params": [], + "searchTermParamName": "q" + } } }, "id": "04e99a38-13ee-47d8-8aa4-64482b3dea99", "identifier": "ddg", "recordType": "engine", - "variants": [] + "variants": [ + { + "environment": { + "allRegionsAndLocales": true + } + } + ] }, { - "aliases": ["ddgonion"], - "name": "DuckDuckGo (.onion)", - "urls": { - "search": { - "base": "https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion/", - "params": [], - "searchTermParamName": "q" + "base": { + "aliases": ["ddgonion"], + "classification": "general", + "name": "DuckDuckGo (.onion)", + "urls": { + "search": { + "base": "https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion/", + "params": [], + "searchTermParamName": "q" + } } }, "id": "1e431da4-a60c-4411-9251-a95a841d451f", "identifier": "ddg-onion", "recordType": "engine", - "variants": [] + "variants": [ + { + "environment": { + "allRegionsAndLocales": true + } + } + ] }, { - "aliases": ["startpage"], - "name": "Startpage", - "urls": { - "search": { - "base": "https://www.startpage.com/sp/search", - "params": [], - "searchTermParamName": "q" + "base": { + "aliases": ["startpage"], + "classification": "general", + "name": "Startpage", + "urls": { + "search": { + "base": "https://www.startpage.com/sp/search", + "params": [], + "searchTermParamName": "q" + } } }, "id": "927bbd9f-b2f3-48b4-8974-1c1148028f4d", "identifier": "startpage", "recordType": "engine", - "variants": [] + "variants": [ + { + "environment": { + "allRegionsAndLocales": true + } + } + ] }, { - "aliases": ["startpage-onion"], - "name": "Startpage (.onion)", - "urls": { - "search": { - "base": "http://startpagel6srwcjlue4zgq3zevrujfaow726kjytqbbjyrswwmjzcqd.onion/sp/se…", - "params": [], - "searchTermParamName": "q" + "base": { + "aliases": ["startpage-onion"], + "classification": "general", + "name": "Startpage (.onion)", + "urls": { + "search": { + "base": "http://startpagel6srwcjlue4zgq3zevrujfaow726kjytqbbjyrswwmjzcqd.onion/sp/se…", + "params": [], + "searchTermParamName": "q" + } } }, "id": "e7eaba8d-6b9e-43fb-a799-b01b096c03ff", "identifier": "startpage-onion", "recordType": "engine", - "variants": [] + "variants": [ + { + "environment": { + "allRegionsAndLocales": true + } + } + ] }, { - "aliases": ["wikipedia"], - "classification": "unknown", - "name": "Wikipedia (en)", - "urls": { - "search": { - "base": "https://en.wikipedia.org/wiki/Special:Search", - "params": [], - "searchTermParamName": "search" + "base": { + "aliases": ["wikipedia"], + "classification": "unknown", + "name": "Wikipedia (en)", + "urls": { + "search": { + "base": "https://en.wikipedia.org/wiki/Special:Search", + "params": [], + "searchTermParamName": "search" + } } }, "id": "7f6d23c2-191e-483e-af3a-ce6451e3a8dd", "identifier": "wikipedia", "recordType": "engine", - "variants": [] + "variants": [ + { + "environment": { + "allRegionsAndLocales": true + } + } + ] + }, + { + "recordType": "defaultEngines", + "globalDefault": "ddg", + "globalDefaultPrivate": "ddg" } ] View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/55e239b… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/55e239b… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][tor-browser-140.2.0esr-15.0-1] fixup! [android] Disable features and functionality
by brizental (＠brizental) 28 Aug '25

28 Aug '25

brizental pushed to branch tor-browser-140.2.0esr-15.0-1 at The Tor Project / Applications / Tor Browser Commits: 7c85c4fd by Beatriz Rizental at 2025-08-28T09:34:49-06:00 fixup! [android] Disable features and functionality - - - - - 1 changed file: - mobile/android/fenix/app/src/main/java/org/mozilla/fenix/HomeActivity.kt Changes: ===================================== mobile/android/fenix/app/src/main/java/org/mozilla/fenix/HomeActivity.kt ===================================== @@ -378,35 +378,8 @@ open class HomeActivity : LocaleAwareAppCompatActivity(), NavHostActivity, TorAn } } - SplashScreenManager( - splashScreenOperation = if (FxNimbus.features.splashScreen.value().offTrainOnboarding) { - ApplyExperimentsOperation( - storage = DefaultExperimentsOperationStorage(components.settings), - nimbus = components.nimbus.sdk, - ) - } else { - FetchExperimentsOperation( - storage = DefaultExperimentsOperationStorage(components.settings), - nimbus = components.nimbus.sdk, - ) - }, - scope = lifecycleScope, - splashScreenTimeout = FxNimbus.features.splashScreen.value().maximumDurationMs.toLong(), - isDeviceSupported = { Build.VERSION.SDK_INT > Build.VERSION_CODES.M }, - storage = DefaultSplashScreenStorage(components.settings), - showSplashScreen = { installSplashScreen().setKeepOnScreenCondition(it) }, - onSplashScreenFinished = { result -> - if (result.sendTelemetry) { - SplashScreen.firstLaunchExtended.record( - SplashScreen.FirstLaunchExtendedExtra(dataFetched = result.wasDataFetched), - ) - } - - if (savedInstanceState == null && shouldShowOnboarding) { - navHost.navController.navigate(NavGraphDirections.actionGlobalOnboarding()) - } - }, - ).showSplashScreen() + // tor-browser#43730: Do not delay splash screen + // to fetch or apply Nimbus experiments. lifecycleScope.launch { val debugSettingsRepository = DefaultDebugSettingsRepository( View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/7c85c4f… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/7c85c4f… You're receiving this email because of your account on gitlab.torproject.org.

1 0