- tbb-commits - lists.torproject.org

[tor-browser/tor-browser-60.1.0esr-8.0-1] Bug 26670: Make canvas permission respect FPI
by gk＠torproject.org 29 Aug '18

29 Aug '18

commit 79db24856a23ec7ae1f6d8cf46919a499ae5bb9f Author: Arthur Edelstein <arthuredelstein(a)gmail.com> Date: Wed Aug 29 09:56:57 2018 -0700 Bug 26670: Make canvas permission respect FPI --- browser/base/content/browser.js | 21 ++++++++++++--------- dom/canvas/CanvasUtils.cpp | 23 ++++++++++++++++------- dom/ipc/PBrowser.ipdl | 4 ++-- dom/ipc/TabParent.cpp | 4 ++-- dom/ipc/TabParent.h | 2 +- 5 files changed, 33 insertions(+), 21 deletions(-) diff --git a/browser/base/content/browser.js b/browser/base/content/browser.js index fbfbf3e809ca..443619533567 100644 --- a/browser/base/content/browser.js +++ b/browser/base/content/browser.js @@ -6824,7 +6824,7 @@ var CanvasPermissionPromptHelper = { }, // aSubject is an nsIBrowser (e10s) or an nsIDOMWindow (non-e10s). - // aData is an URL string. + // aData is an Origin string. observe(aSubject, aTopic, aData) { if (aTopic != this._permissionsPrompt) { return; @@ -6838,7 +6838,6 @@ var CanvasPermissionPromptHelper = { browser = aSubject.QueryInterface(Ci.nsIBrowser); } - let uri = Services.io.newURI(aData); if (gBrowser.selectedBrowser !== browser) { // Must belong to some other window. return; @@ -6846,17 +6845,21 @@ var CanvasPermissionPromptHelper = { let message = gNavigatorBundle.getFormattedString("canvas.siteprompt", ["<>"], 1); - function setCanvasPermission(aURI, aPerm, aPersistent) { - Services.perms.add(aURI, "canvas", aPerm, - aPersistent ? Ci.nsIPermissionManager.EXPIRE_NEVER - : Ci.nsIPermissionManager.EXPIRE_SESSION); + let principal = Services.scriptSecurityManager + .createCodebasePrincipalFromOrigin(aData); + + function setCanvasPermission(aPerm, aPersistent) { + Services.perms.addFromPrincipal( + principal, "canvas", aPerm, + aPersistent ? Ci.nsIPermissionManager.EXPIRE_NEVER + : Ci.nsIPermissionManager.EXPIRE_SESSION); } let mainAction = { label: gNavigatorBundle.getString("canvas.allow"), accessKey: gNavigatorBundle.getString("canvas.allow.accesskey"), callback(state) { - setCanvasPermission(uri, Ci.nsIPermissionManager.ALLOW_ACTION, + setCanvasPermission(Ci.nsIPermissionManager.ALLOW_ACTION, state && state.checkboxChecked); } }; @@ -6865,7 +6868,7 @@ var CanvasPermissionPromptHelper = { label: gNavigatorBundle.getString("canvas.notAllow"), accessKey: gNavigatorBundle.getString("canvas.notAllow.accesskey"), callback(state) { - setCanvasPermission(uri, Ci.nsIPermissionManager.DENY_ACTION, + setCanvasPermission(Ci.nsIPermissionManager.DENY_ACTION, state && state.checkboxChecked); } }]; @@ -6881,7 +6884,7 @@ var CanvasPermissionPromptHelper = { let options = { checkbox, - name: uri.asciiHost, + name: principal.URI.host, learnMoreURL: Services.urlFormatter.formatURLPref("app.support.baseURL") + "fingerprint-permission", }; PopupNotifications.show(browser, aTopic, message, this._notificationIcon, diff --git a/dom/canvas/CanvasUtils.cpp b/dom/canvas/CanvasUtils.cpp index 0a8d7f0e2e59..ca8d91d92181 100644 --- a/dom/canvas/CanvasUtils.cpp +++ b/dom/canvas/CanvasUtils.cpp @@ -58,8 +58,13 @@ bool IsImageExtractionAllowed(nsIDocument *aDocument, JSContext *aCx) // Documents with system principal can always extract canvas data. nsPIDOMWindowOuter *win = aDocument->GetWindow(); nsCOMPtr<nsIScriptObjectPrincipal> sop(do_QueryInterface(win)); - if (sop && nsContentUtils::IsSystemPrincipal(sop->GetPrincipal())) { - return true; + if (!sop) { + return false; + } + + nsCOMPtr<nsIPrincipal> principal(sop->GetPrincipal()); + if (principal && nsContentUtils::IsSystemPrincipal(principal)) { + return true; } // Always give permission to chrome scripts (e.g. Page Inspector). @@ -127,9 +132,9 @@ bool IsImageExtractionAllowed(nsIDocument *aDocument, JSContext *aCx) // Check if the site has permission to extract canvas data. // Either permit or block extraction if a stored permission setting exists. uint32_t permission; - rv = permissionManager->TestPermission(topLevelDocURI, - PERMISSION_CANVAS_EXTRACT_DATA, - &permission); + rv = permissionManager->TestPermissionFromPrincipal(principal, + PERMISSION_CANVAS_EXTRACT_DATA, + &permission); NS_ENSURE_SUCCESS(rv, false); switch (permission) { case nsIPermissionManager::ALLOW_ACTION: @@ -165,16 +170,20 @@ bool IsImageExtractionAllowed(nsIDocument *aDocument, JSContext *aCx) nsContentUtils::LogMessageToConsole(message.get()); // Prompt the user (asynchronous). + nsAutoCString origin; + rv = principal->GetOrigin(origin); + NS_ENSURE_SUCCESS(rv, false); + if (XRE_IsContentProcess()) { TabChild* tabChild = TabChild::GetFrom(win); if (tabChild) { - tabChild->SendShowCanvasPermissionPrompt(topLevelDocURISpec); + tabChild->SendShowCanvasPermissionPrompt(origin); } } else { nsCOMPtr<nsIObserverService> obs = mozilla::services::GetObserverService(); if (obs) { obs->NotifyObservers(win, TOPIC_CANVAS_PERMISSIONS_PROMPT, - NS_ConvertUTF8toUTF16(topLevelDocURISpec).get()); + NS_ConvertUTF8toUTF16(origin).get()); } } diff --git a/dom/ipc/PBrowser.ipdl b/dom/ipc/PBrowser.ipdl index 024ebc5b6cf7..118eaf15af1f 100644 --- a/dom/ipc/PBrowser.ipdl +++ b/dom/ipc/PBrowser.ipdl @@ -579,9 +579,9 @@ parent: * This function is used to notify the parent that it should display a * canvas permission prompt. * - * @param aFirstPartyURI first party of the tab that is requesting access. + * @param aOrigin origin string of the document that is requesting access. */ - async ShowCanvasPermissionPrompt(nsCString aFirstPartyURI); + async ShowCanvasPermissionPrompt(nsCString aOrigin); child: /** diff --git a/dom/ipc/TabParent.cpp b/dom/ipc/TabParent.cpp index 86bb854962be..d8f4567626e1 100644 --- a/dom/ipc/TabParent.cpp +++ b/dom/ipc/TabParent.cpp @@ -3567,7 +3567,7 @@ TabParent::RecvLookUpDictionary(const nsString& aText, } mozilla::ipc::IPCResult -TabParent::RecvShowCanvasPermissionPrompt(const nsCString& aFirstPartyURI) +TabParent::RecvShowCanvasPermissionPrompt(const nsCString& aOrigin) { nsCOMPtr<nsIBrowser> browser = do_QueryInterface(mFrameElement); if (!browser) { @@ -3580,7 +3580,7 @@ TabParent::RecvShowCanvasPermissionPrompt(const nsCString& aFirstPartyURI) return IPC_FAIL_NO_REASON(this); } nsresult rv = os->NotifyObservers(browser, "canvas-permissions-prompt", - NS_ConvertUTF8toUTF16(aFirstPartyURI).get()); + NS_ConvertUTF8toUTF16(aOrigin).get()); if (NS_FAILED(rv)) { return IPC_FAIL_NO_REASON(this); } diff --git a/dom/ipc/TabParent.h b/dom/ipc/TabParent.h index 7d62663835d7..6f3d6de10c10 100644 --- a/dom/ipc/TabParent.h +++ b/dom/ipc/TabParent.h @@ -631,7 +631,7 @@ protected: virtual mozilla::ipc::IPCResult RecvGetTabCount(uint32_t* aValue) override; - virtual mozilla::ipc::IPCResult RecvShowCanvasPermissionPrompt(const nsCString& aFirstPartyURI) override; + virtual mozilla::ipc::IPCResult RecvShowCanvasPermissionPrompt(const nsCString& aOrigin) override; ContentCacheInParent mContentCache;

1 0

[tor-browser/tor-browser-60.1.0esr-8.0-1] fixup! TB4: Tor Browser's Firefox preference overrides.
by gk＠torproject.org 29 Aug '18

29 Aug '18

commit 3c6862f6cc8a7dc59b9eba41638100638ecb33b0 Author: Georg Koppen <gk(a)torproject.org> Date: Tue Aug 28 21:51:27 2018 +0000 fixup! TB4: Tor Browser's Firefox preference overrides. Disable wasm for now until we have it properly reviewed in #21549. --- browser/app/profile/000-tor-browser.js | 2 ++ 1 file changed, 2 insertions(+) diff --git a/browser/app/profile/000-tor-browser.js b/browser/app/profile/000-tor-browser.js index 17c9d614b61c..2b5ebe8cf949 100644 --- a/browser/app/profile/000-tor-browser.js +++ b/browser/app/profile/000-tor-browser.js @@ -231,6 +231,8 @@ pref("mathml.disabled", false); // Until we address at least the linkability concerns in #19417 let's disable // asmjs. pref("javascript.options.asmjs", false); +// Unless we audit wasm properly in #21549 let's disable it. +pref("javascript.options.wasm", false); // Mozilla keeps still finding critical bugs in Graphite code. Disable it for // now, see bug 21726. pref("gfx.font_rendering.graphite.enabled", false);

1 0

[tor-browser/tor-browser-60.1.0esr-8.0-1] squash! Bug 4234: Use the Firefox Update Process for Tor Browser.
by gk＠torproject.org 29 Aug '18

29 Aug '18

commit 7b269d1c44ba383444a1bfed3acb67ab3cac5071 Author: Kathy Brade <brade(a)pearlcrescent.com> Date: Wed Aug 22 13:51:29 2018 -0400 squash! Bug 4234: Use the Firefox Update Process for Tor Browser. Also fix bug 27221: purge the startup cache if the Tor Browser version changed (even if the Firefox version and build ID did not change), e.g., after a minor Tor Browser update. --- toolkit/xre/nsAppRunner.cpp | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/toolkit/xre/nsAppRunner.cpp b/toolkit/xre/nsAppRunner.cpp index d036bc915c80..1000014aedd0 100644 --- a/toolkit/xre/nsAppRunner.cpp +++ b/toolkit/xre/nsAppRunner.cpp @@ -3208,6 +3208,13 @@ CheckCompatibility(nsIFile* aProfileDir, const nsCString& aVersion, if (NS_FAILED(rv) || !aVersion.Equals(buf)) return false; +#ifdef TOR_BROWSER_VERSION + nsAutoCString tbVersion(TOR_BROWSER_VERSION); + rv = parser.GetString("Compatibility", "LastTorBrowserVersion", buf); + if (NS_FAILED(rv) || !tbVersion.Equals(buf)) + return false; +#endif + rv = parser.GetString("Compatibility", "LastOSABI", buf); if (NS_FAILED(rv) || !aOSABI.Equals(buf)) return false; @@ -3304,6 +3311,13 @@ WriteVersion(nsIFile* aProfileDir, const nsCString& aVersion, PR_Write(fd, kHeader, sizeof(kHeader) - 1); PR_Write(fd, aVersion.get(), aVersion.Length()); +#ifdef TOR_BROWSER_VERSION + nsAutoCString tbVersion(TOR_BROWSER_VERSION); + static const char kTorBrowserVersionHeader[] = NS_LINEBREAK "LastTorBrowserVersion="; + PR_Write(fd, kTorBrowserVersionHeader, sizeof(kTorBrowserVersionHeader) - 1); + PR_Write(fd, tbVersion.get(), tbVersion.Length()); +#endif + static const char kOSABIHeader[] = NS_LINEBREAK "LastOSABI="; PR_Write(fd, kOSABIHeader, sizeof(kOSABIHeader) - 1); PR_Write(fd, aOSABI.get(), aOSABI.Length());

1 0

[tor-browser/tor-browser-60.1.0esr-8.0-1] fixup! TB4: Tor Browser's Firefox preference overrides.
by gk＠torproject.org 29 Aug '18

29 Aug '18

commit d7442e6576b00951a7e60b97cb3308da17caa996 Author: Georg Koppen <gk(a)torproject.org> Date: Tue Aug 28 21:57:47 2018 +0000 fixup! TB4: Tor Browser's Firefox preference overrides. Disable WebVR for now until we have it properly audited in #21607. --- browser/app/profile/000-tor-browser.js | 1 + 1 file changed, 1 insertion(+) diff --git a/browser/app/profile/000-tor-browser.js b/browser/app/profile/000-tor-browser.js index 46c56ea0cede..17c9d614b61c 100644 --- a/browser/app/profile/000-tor-browser.js +++ b/browser/app/profile/000-tor-browser.js @@ -151,6 +151,7 @@ pref("media.webspeech.synth.enabled", false); // Bug 10283: Disable SpeechSynthe pref("dom.webaudio.enabled", false); // Bug 13017: Disable Web Audio API pref("dom.maxHardwareConcurrency", 1); // Bug 21675: Spoof single-core cpu pref("dom.w3c_touch_events.enabled", 0); // Bug 10286: Always disable Touch API +pref("dom.vr.enabled", false); // Bug 21607: Disable WebVR for now // Disable randomised Firefox HTTP cache decay user test groups (Bug: 13575) pref("security.webauth.webauthn", false); // Bug 26614: Disable Web Authentication API for now pref("browser.cache.frecency_experiment", -1);

1 0

[torbutton/master] Bug 26520: Fix sec slider/NoScript for TOR_SKIP_LAUNCH=1
by gk＠torproject.org 29 Aug '18

29 Aug '18

commit 931f0659c42fe317fd8ccae0d9210f8814dcf8ea Author: Arthur Edelstein <arthuredelstein(a)gmail.com> Date: Mon Jul 16 17:58:33 2018 -0700 Bug 26520: Fix sec slider/NoScript for TOR_SKIP_LAUNCH=1 We need to wait for NoScript to have launched before we send the first settings message from the security slider. So wait for NoScript to send us a message first. --- src/modules/noscript-control.js | 75 ++++++++++++++++++++++++----------------- 1 file changed, 44 insertions(+), 31 deletions(-) diff --git a/src/modules/noscript-control.js b/src/modules/noscript-control.js index 196d14c2..14f78c49 100644 --- a/src/modules/noscript-control.js +++ b/src/modules/noscript-control.js @@ -9,6 +9,9 @@ const { LegacyExtensionContext } = Cu.import("resource://gre/modules/LegacyExtensionsUtils.jsm", {}); const { bindPrefAndInit } = Cu.import("resource://torbutton/modules/utils.js", {}); +let logger = Components.classes["@torproject.org/torbutton-logger;1"] + .getService(Components.interfaces.nsISupports).wrappedJSObject; +let log = (level, msg) => logger.log(level, msg); // ## NoScript settings @@ -80,34 +83,6 @@ let noscriptSettings = safetyLevel => ( // The extension ID for NoScript (WebExtension) const noscriptID = "{73a6fe31-595d-460b-a920-fcc0f8843232}"; -// A mock extension object that can communicate with another extension -// via the WebExtensions sendMessage/onMessage mechanism. -let extensionContext = new LegacyExtensionContext({ id : noscriptID }); - -// The component that handles WebExtensions' sendMessage. -let messageManager = extensionContext.messenger.messageManagers[0]; - -// __setNoScriptSettings(settings)__. -// NoScript listens for internal settings with onMessage. We can send -// a new settings JSON object according to NoScript's -// protocol and these are accepted! See the use of -// `browser.runtime.onMessage.addListener(...)` in NoScript's bg/main.js. -let sendNoScriptSettings = settings => - extensionContext.messenger.sendMessage(messageManager, settings, noscriptID); - -// __setNoScriptSafetyLevel(safetyLevel)__. -// Set NoScript settings according to a particular safety level -// (security slider level): 0 = Standard, 1 = Safer, 2 = Safest -let setNoScriptSafetyLevel = safetyLevel => - sendNoScriptSettings(noscriptSettings(safetyLevel)); - -// ## Slider binding - -// __securitySliderToSafetyLevel(sliderState)__. -// Converts the "extensions.torbutton.security_slider" pref value -// to a "safety level" value: 0 = Standard, 1 = Safer, 2 = Safest -let securitySliderToSafetyLevel = sliderState => [undefined, 2, 1, 1, 0][sliderState]; - // Ensure binding only occurs once. let initialized = false; @@ -119,9 +94,47 @@ var initialize = () => { return; } initialized = true; - bindPrefAndInit( - "extensions.torbutton.security_slider", - sliderState => setNoScriptSafetyLevel(securitySliderToSafetyLevel(sliderState))); + + try { + // A mock extension object that can communicate with another extension + // via the WebExtensions sendMessage/onMessage mechanism. + let extensionContext = new LegacyExtensionContext({ id : noscriptID }); + + // The component that handles WebExtensions' sendMessage. + let messageManager = extensionContext.messenger.messageManagers[0]; + + // __setNoScriptSettings(settings)__. + // NoScript listens for internal settings with onMessage. We can send + // a new settings JSON object according to NoScript's + // protocol and these are accepted! See the use of + // `browser.runtime.onMessage.addListener(...)` in NoScript's bg/main.js. + let sendNoScriptSettings = settings => + extensionContext.messenger.sendMessage(messageManager, settings, noscriptID); + + // __setNoScriptSafetyLevel(safetyLevel)__. + // Set NoScript settings according to a particular safety level + // (security slider level): 0 = Standard, 1 = Safer, 2 = Safest + let setNoScriptSafetyLevel = safetyLevel => + sendNoScriptSettings(noscriptSettings(safetyLevel)); + + // __securitySliderToSafetyLevel(sliderState)__. + // Converts the "extensions.torbutton.security_slider" pref value + // to a "safety level" value: 0 = Standard, 1 = Safer, 2 = Safest + let securitySliderToSafetyLevel = sliderState => + [undefined, 2, 1, 1, 0][sliderState]; + + // Wait for the first message from NoScript to arrive, and then + // bind the security_slider pref to the NoScript settings. + let messageListener = (a,b,c) => { + extensionContext.api.browser.runtime.onMessage.removeListener(messageListener); + bindPrefAndInit( + "extensions.torbutton.security_slider", + sliderState => setNoScriptSafetyLevel(securitySliderToSafetyLevel(sliderState))); + }; + extensionContext.api.browser.runtime.onMessage.addListener(messageListener); + } catch (e) { + log(5, e.message); + } }; // Export initialize() function for external use.

1 0

[tor-browser/tor-browser-60.1.0esr-8.0-1] fixup! TB4: Tor Browser's Firefox preference overrides.
by gk＠torproject.org 29 Aug '18

29 Aug '18

commit 6417fe352cdd2275664870ce0003fe3dfd2561eb Author: Georg Koppen <gk(a)torproject.org> Date: Tue Aug 28 22:23:19 2018 +0000 fixup! TB4: Tor Browser's Firefox preference overrides. Disable the Web Authentication API for now until we have it evaluated in #26614. --- browser/app/profile/000-tor-browser.js | 1 + 1 file changed, 1 insertion(+) diff --git a/browser/app/profile/000-tor-browser.js b/browser/app/profile/000-tor-browser.js index 7a0d26aa53cf..46c56ea0cede 100644 --- a/browser/app/profile/000-tor-browser.js +++ b/browser/app/profile/000-tor-browser.js @@ -152,6 +152,7 @@ pref("dom.webaudio.enabled", false); // Bug 13017: Disable Web Audio API pref("dom.maxHardwareConcurrency", 1); // Bug 21675: Spoof single-core cpu pref("dom.w3c_touch_events.enabled", 0); // Bug 10286: Always disable Touch API // Disable randomised Firefox HTTP cache decay user test groups (Bug: 13575) +pref("security.webauth.webauthn", false); // Bug 26614: Disable Web Authentication API for now pref("browser.cache.frecency_experiment", -1); // Third party stuff

1 0

[tor-browser/tor-browser-60.1.0esr-8.0-1] squash! TB4: Tor Browser's Firefox preference overrides.
by gk＠torproject.org 29 Aug '18

29 Aug '18

commit cc1c7ef7e3c4767e5a505fe791a9026855384bb4 Author: Georg Koppen <gk(a)torproject.org> Date: Tue Aug 28 22:32:00 2018 +0000 squash! TB4: Tor Browser's Firefox preference overrides. Enable ReaderView mode again (#27281). --- browser/app/profile/000-tor-browser.js | 4 ---- 1 file changed, 4 deletions(-) diff --git a/browser/app/profile/000-tor-browser.js b/browser/app/profile/000-tor-browser.js index 082b69a11ffe..7a0d26aa53cf 100644 --- a/browser/app/profile/000-tor-browser.js +++ b/browser/app/profile/000-tor-browser.js @@ -146,10 +146,6 @@ pref("privacy.resistFingerprinting.block_mozAddonManager", true); // Bug 26114 pref("dom.event.highrestimestamp.enabled", true); // Bug #17046: "Highres" (but truncated) timestamps prevent uptime leaks pref("privacy.suppressModifierKeyEvents", true); // Bug #17009: Suppress ALT and SHIFT events" pref("ui.use_standins_for_native_colors", true); // https://bugzilla.mozilla.org/232227 -// Make Reader View users uniform if they really want to use that feature. See -// bug 18950 for more details. -pref("browser.reader.detectedFirstArticle", true); -pref("reader.parse-on-load.enabled", false); pref("privacy.use_utc_timezone", true); pref("media.webspeech.synth.enabled", false); // Bug 10283: Disable SpeechSynthesis API pref("dom.webaudio.enabled", false); // Bug 13017: Disable Web Audio API

1 0

[torbutton/master] Bug 26490: Remove the security slider notification
by gk＠torproject.org 28 Aug '18

28 Aug '18

commit 1eb701f4701340c89c9f76ad2eb6ae86ca051e61 Author: Georg Koppen <gk(a)torproject.org> Date: Mon Aug 27 23:05:08 2018 +0000 Bug 26490: Remove the security slider notification We now have the onboarding to show users our security slider. We remove the notification bar on first start as it was a workaround for that onboarding feature which on some system causes problems with window size rounding. --- src/chrome/content/torbutton.js | 29 ----------------------------- src/chrome/locale/en/torbutton.properties | 3 --- src/defaults/preferences/preferences.js | 1 - 3 files changed, 33 deletions(-) diff --git a/src/chrome/content/torbutton.js b/src/chrome/content/torbutton.js index 47621835..3f38830b 100644 --- a/src/chrome/content/torbutton.js +++ b/src/chrome/content/torbutton.js @@ -417,7 +417,6 @@ var torbutton_abouttor_message_handler = { receiveMessage: function(aMessage) { switch(aMessage.name) { case "AboutTor:Loaded": - torbutton_show_sec_slider_notification(); aMessage.target.messageManager.sendAsyncMessage("AboutTor:ChromeData", this.chromeData); break; @@ -598,34 +597,6 @@ function torbutton_check_for_update() { prompter.checkForUpdates(); } -function torbutton_show_sec_slider_notification() { - // Show the notification about the new security slider. - if (m_tb_prefs. - getBoolPref("extensions.torbutton.show_slider_notification")) { - let sb = torbutton_get_stringbundle(); - let button_label = - torbutton_get_property_string("torbutton.slider_notification_button"); - let box = gBrowser.getNotificationBox(); - - let buttons = [{ - label: button_label, - accessKey: 'S', - popup: null, - callback: torbutton_open_prefs_dialog, - }]; - - let priority = box.PRIORITY_INFO_LOW; - let message = - torbutton_get_property_string("torbutton.slider_notification"); - - box.appendNotification(message, 'new-menu-notification', - "chrome://torbutton/skin/tor-enabled-16.png", - priority, buttons); - m_tb_prefs. - setBoolPref("extensions.torbutton.show_slider_notification", false); - } -} - // Bug 1506 P4: Checking for Tor Browser updates is pretty important, // probably even as a fallback if we ever do get a working updater. function torbutton_do_async_versioncheck() { diff --git a/src/chrome/locale/en/torbutton.properties b/src/chrome/locale/en/torbutton.properties index 60154dbe..f11fb5bf 100644 --- a/src/chrome/locale/en/torbutton.properties +++ b/src/chrome/locale/en/torbutton.properties @@ -31,9 +31,6 @@ torbutton.popup.confirm_plugins = Plugins such as Flash can harm your privacy an torbutton.popup.never_ask_again = Never ask me again torbutton.popup.confirm_newnym = Tor Browser will close all windows and tabs. All website sessions will be lost.\n\nRestart Tor Browser now to reset your identity?\n\n -torbutton.slider_notification = The green onion menu now has a security slider which lets you adjust your security level. Check it out! -torbutton.slider_notification_button = Open security settings - torbutton.maximize_warning = Maximizing Tor Browser can allow websites to determine your monitor size, which can be used to track you. We recommend that you leave Tor Browser windows in their original default size. # Canvas permission prompt. Strings are kept here for ease of translation. diff --git a/src/defaults/preferences/preferences.js b/src/defaults/preferences/preferences.js index 428e70bc..92d1c106 100644 --- a/src/defaults/preferences/preferences.js +++ b/src/defaults/preferences/preferences.js @@ -42,7 +42,6 @@ pref("extensions.torbutton(a)torproject.org.getAddons.cache.enabled", false); // Security Slider pref("extensions.torbutton.security_slider", 4); pref("extensions.torbutton.security_custom", false); -pref("extensions.torbutton.show_slider_notification", true); pref("extensions.torbutton.prompt_torbrowser", true); pref("extensions.torbutton.confirm_plugins", true);

1 0

[tor-browser/tor-browser-60.1.0esr-8.0-1] Bug 26048: potentially confusing "restart to update" message
by gk＠torproject.org 28 Aug '18

28 Aug '18

commit 5e9fd4fcc131a2f7d17440c739db26f8c1fc893c Author: Kathy Brade <brade(a)pearlcrescent.com> Date: Tue Aug 28 11:58:55 2018 -0400 Bug 26048: potentially confusing "restart to update" message Within the update doorhanger, remove the misleading message that mentions that windows will be restored after an update is applied, and replace the "Restart and Restore" button label with an existing "Restart to update Tor Browser" string. --- browser/components/customizableui/content/panelUI.inc.xul | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/browser/components/customizableui/content/panelUI.inc.xul b/browser/components/customizableui/content/panelUI.inc.xul index 3aab2fd2587d..5891556a6e5f 100644 --- a/browser/components/customizableui/content/panelUI.inc.xul +++ b/browser/components/customizableui/content/panelUI.inc.xul @@ -123,7 +123,7 @@ <popupnotification id="appMenu-update-restart-notification" popupid="update-restart" label="&updateRestart.header.message2;" - buttonlabel="&updateRestart.acceptButton.label;" + buttonlabel="&updateRestart.header.message2;" buttonaccesskey="&updateRestart.acceptButton.accesskey;" closebuttonhidden="true" secondarybuttonlabel="&updateRestart.cancelButton.label;" @@ -133,7 +133,7 @@ buttonhighlight="true" hidden="true"> <popupnotificationcontent id="update-restart-notification-content" orient="vertical"> - <description id="update-restart-description">&updateRestart.message2;</description> + <description id="update-restart-description"> </description> </popupnotificationcontent> </popupnotification> </panel>

1 0

[tor-browser/tor-browser-60.1.0esr-8.0-1] squash! Bug 4234: Use the Firefox Update Process for Tor Browser.
by gk＠torproject.org 28 Aug '18

28 Aug '18

commit 9ec2b75e1639153f064fd751506f86e52979d180 Author: Kathy Brade <brade(a)pearlcrescent.com> Date: Tue Aug 28 12:12:42 2018 -0400 squash! Bug 4234: Use the Firefox Update Process for Tor Browser. Also fix Bug 26049: reduce the delay before the update prompt is displayed. Instead of Firefox's 2 days, we use 1 hour (after which time the update doorhanger will be displayed). --- browser/branding/official/pref/firefox-branding.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/browser/branding/official/pref/firefox-branding.js b/browser/branding/official/pref/firefox-branding.js index c53fe7202788..682da69ffce8 100644 --- a/browser/branding/official/pref/firefox-branding.js +++ b/browser/branding/official/pref/firefox-branding.js @@ -11,8 +11,8 @@ pref("app.update.interval", 43200); // 12 hours // background (in seconds) // 0 means "download everything at once" pref("app.update.download.backgroundInterval", 0); -// Give the user x seconds to react before showing the big UI. default=48 hours -pref("app.update.promptWaitTime", 172800); +// Give the user x seconds to react before showing the big UI. default=1 hour +pref("app.update.promptWaitTime", 3600); // app.update.url.manual: URL user can browse to manually if for some reason // all update installation attempts fail. // app.update.url.details: a default value for the "More information about this

1 0