- tbb-commits - lists.torproject.org

[tor-browser-build/master] Merge remote-tracking branch 'boklm/bug_24341' into bug_25000
by gk＠torproject.org 21 Feb '18

21 Feb '18

commit 229bd55f79d69b90e3d4ac618ca163314b3a990c Merge: fefb117 946d493 Author: Georg Koppen <gk(a)torproject.org> Date: Mon Feb 19 15:03:17 2018 +0000 Merge remote-tracking branch 'boklm/bug_24341' into bug_25000 projects/common/runc-config.json | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-)

1 0

[tor-browser-build/master] Bug 25000: Add [System+Principal] to the NoScript whitelist
by gk＠torproject.org 21 Feb '18

21 Feb '18

commit fefb117ad2769e792648c5c2d14292eb9d3475c5 Author: Georg Koppen <gk(a)torproject.org> Date: Mon Feb 19 12:27:28 2018 +0000 Bug 25000: Add [System+Principal] to the NoScript whitelist We need to whitelist `[System+Principal]` for functioning settings frames of WebExtensions on the about:addons page. On higher security slider levels this is broken otherwise. To quote Giorgio Maone (see: #25000 comment:14): "The Tor Browser enforces permissions cascading, and in the Add-ons Options window the top frame is about:addons, whose principal's origin is [System+Principal]. Since this origin is omitted from Tor Browser's version of NoScript mandatory whitelist, the top site by default is considered forbidden, cascading down script blocking to the WebExtension's subframe." --- .../Data/Browser/profile.default/preferences/extension-overrides.js | 6 +++--- .../Data/Browser/profile.default/preferences/extension-overrides.js | 6 +++--- .../Data/Browser/profile.default/preferences/extension-overrides.js | 6 +++--- 3 files changed, 9 insertions(+), 9 deletions(-) diff --git a/projects/tor-browser/Bundle-Data/linux/Data/Browser/profile.default/preferences/extension-overrides.js b/projects/tor-browser/Bundle-Data/linux/Data/Browser/profile.default/preferences/extension-overrides.js index c610aff..54dcf91 100644 --- a/projects/tor-browser/Bundle-Data/linux/Data/Browser/profile.default/preferences/extension-overrides.js +++ b/projects/tor-browser/Bundle-Data/linux/Data/Browser/profile.default/preferences/extension-overrides.js @@ -8,9 +8,9 @@ pref("extensions.https_everywhere.toolbar_hint_shown", true); # NoScript Preferences: pref("capability.policy.maonoscript.javascript.enabled", "allAccess"); -pref("capability.policy.maonoscript.sites", "about: about:tbupdate about:tor chrome: resource: blob: mediasource: moz-extension: moz-safe-about: about:neterror about:certerror about:feeds about:tabcrashed about:cache"); -pref("noscript.default", "about: about:tbupdate about:tor chrome: resource: blob: mediasource: moz-extension: moz-safe-about: about:neterror about:certerror about:feeds about:tabcrashed about:cache"); -pref("noscript.mandatory", "about: about:tbupdate about:tor chrome: resource: blob: mediasource: moz-extension: moz-safe-about: about:neterror about:certerror about:feeds about:tabcrashed about:cache"); +pref("capability.policy.maonoscript.sites", "[System+Principal] about: about:tbupdate about:tor chrome: resource: blob: mediasource: moz-extension: moz-safe-about: about:neterror about:certerror about:feeds about:tabcrashed about:cache"); +pref("noscript.default", "[System+Principal] about: about:tbupdate about:tor chrome: resource: blob: mediasource: moz-extension: moz-safe-about: about:neterror about:certerror about:feeds about:tabcrashed about:cache"); +pref("noscript.mandatory", "[System+Principal] about: about:tbupdate about:tor chrome: resource: blob: mediasource: moz-extension: moz-safe-about: about:neterror about:certerror about:feeds about:tabcrashed about:cache"); pref("noscript.ABE.enabled", false); pref("noscript.ABE.notify", false); pref("noscript.ABE.wanIpAsLocal", false); diff --git a/projects/tor-browser/Bundle-Data/mac/TorBrowser/Data/Browser/profile.default/preferences/extension-overrides.js b/projects/tor-browser/Bundle-Data/mac/TorBrowser/Data/Browser/profile.default/preferences/extension-overrides.js index c610aff..54dcf91 100644 --- a/projects/tor-browser/Bundle-Data/mac/TorBrowser/Data/Browser/profile.default/preferences/extension-overrides.js +++ b/projects/tor-browser/Bundle-Data/mac/TorBrowser/Data/Browser/profile.default/preferences/extension-overrides.js @@ -8,9 +8,9 @@ pref("extensions.https_everywhere.toolbar_hint_shown", true); # NoScript Preferences: pref("capability.policy.maonoscript.javascript.enabled", "allAccess"); -pref("capability.policy.maonoscript.sites", "about: about:tbupdate about:tor chrome: resource: blob: mediasource: moz-extension: moz-safe-about: about:neterror about:certerror about:feeds about:tabcrashed about:cache"); -pref("noscript.default", "about: about:tbupdate about:tor chrome: resource: blob: mediasource: moz-extension: moz-safe-about: about:neterror about:certerror about:feeds about:tabcrashed about:cache"); -pref("noscript.mandatory", "about: about:tbupdate about:tor chrome: resource: blob: mediasource: moz-extension: moz-safe-about: about:neterror about:certerror about:feeds about:tabcrashed about:cache"); +pref("capability.policy.maonoscript.sites", "[System+Principal] about: about:tbupdate about:tor chrome: resource: blob: mediasource: moz-extension: moz-safe-about: about:neterror about:certerror about:feeds about:tabcrashed about:cache"); +pref("noscript.default", "[System+Principal] about: about:tbupdate about:tor chrome: resource: blob: mediasource: moz-extension: moz-safe-about: about:neterror about:certerror about:feeds about:tabcrashed about:cache"); +pref("noscript.mandatory", "[System+Principal] about: about:tbupdate about:tor chrome: resource: blob: mediasource: moz-extension: moz-safe-about: about:neterror about:certerror about:feeds about:tabcrashed about:cache"); pref("noscript.ABE.enabled", false); pref("noscript.ABE.notify", false); pref("noscript.ABE.wanIpAsLocal", false); diff --git a/projects/tor-browser/Bundle-Data/windows/Data/Browser/profile.default/preferences/extension-overrides.js b/projects/tor-browser/Bundle-Data/windows/Data/Browser/profile.default/preferences/extension-overrides.js index c610aff..54dcf91 100644 --- a/projects/tor-browser/Bundle-Data/windows/Data/Browser/profile.default/preferences/extension-overrides.js +++ b/projects/tor-browser/Bundle-Data/windows/Data/Browser/profile.default/preferences/extension-overrides.js @@ -8,9 +8,9 @@ pref("extensions.https_everywhere.toolbar_hint_shown", true); # NoScript Preferences: pref("capability.policy.maonoscript.javascript.enabled", "allAccess"); -pref("capability.policy.maonoscript.sites", "about: about:tbupdate about:tor chrome: resource: blob: mediasource: moz-extension: moz-safe-about: about:neterror about:certerror about:feeds about:tabcrashed about:cache"); -pref("noscript.default", "about: about:tbupdate about:tor chrome: resource: blob: mediasource: moz-extension: moz-safe-about: about:neterror about:certerror about:feeds about:tabcrashed about:cache"); -pref("noscript.mandatory", "about: about:tbupdate about:tor chrome: resource: blob: mediasource: moz-extension: moz-safe-about: about:neterror about:certerror about:feeds about:tabcrashed about:cache"); +pref("capability.policy.maonoscript.sites", "[System+Principal] about: about:tbupdate about:tor chrome: resource: blob: mediasource: moz-extension: moz-safe-about: about:neterror about:certerror about:feeds about:tabcrashed about:cache"); +pref("noscript.default", "[System+Principal] about: about:tbupdate about:tor chrome: resource: blob: mediasource: moz-extension: moz-safe-about: about:neterror about:certerror about:feeds about:tabcrashed about:cache"); +pref("noscript.mandatory", "[System+Principal] about: about:tbupdate about:tor chrome: resource: blob: mediasource: moz-extension: moz-safe-about: about:neterror about:certerror about:feeds about:tabcrashed about:cache"); pref("noscript.ABE.enabled", false); pref("noscript.ABE.notify", false); pref("noscript.ABE.wanIpAsLocal", false);

1 0

[tor-browser/tor-browser-52.6.0esr-8.0-2] Revert "Bug 18619: If indexedDB disabled, use in-memory db for asyncStorage.js"
by gk＠torproject.org 20 Feb '18

20 Feb '18

commit 8ee6fdadea2a79524f1b9b9427d4daf0362a074f Author: Georg Koppen <gk(a)torproject.org> Date: Tue Feb 20 10:15:47 2018 +0000 Revert "Bug 18619: If indexedDB disabled, use in-memory db for asyncStorage.js" This reverts commit dcd2db035018a6e5466dcd27eb630dfd08995c71. We don't need this patch anymore as we are relying on IndexedDB being disabled in Private Browsing Mode (PBM) and properly isolated in non-PBM. --- devtools/shared/async-storage.js | 38 ++++++-------------------------------- 1 file changed, 6 insertions(+), 32 deletions(-) diff --git a/devtools/shared/async-storage.js b/devtools/shared/async-storage.js index 31ad22a8f666..0d260fc5ad5a 100644 --- a/devtools/shared/async-storage.js +++ b/devtools/shared/async-storage.js @@ -43,32 +43,6 @@ "use strict"; const Promise = require("promise"); -const prefs = require("sdk/preferences/service"); - -// Substitute memory-only "database" when "dom.indexedDB.enabled" is false. -// Match the API and behavior of the indexedDB-based version. -const memoryDB = function () { - let dbMap = new Map(); - if (prefs.get('dom.indexedDB.enabled', true)) { - return {}; // We won't use a memory db. - } - return { - getItem : k => { - let value = dbMap.get(k); - // Match the behavior of indexedDB-based implementation - // when an item is not present. - if (value === undefined) { - value = null; - } - return Promise.resolve(value); - }, - setItem : (k, v) => Promise.resolve(dbMap.set(k, v)), - removeItem : k => Promise.resolve(dbMap.delete(k)), - clear : () => Promise.resolve(dbMap.clear()), - length : () => Promise.resolve(dbMap.size), - key : n => Promise.resolve(Array.from(dbMap.keys())[n]) - }; -}(); const DBNAME = "devtools-async-storage"; const DBVERSION = 1; @@ -206,9 +180,9 @@ function key(n) { }); } -exports.getItem = memoryDB.getItem || getItem; -exports.setItem = memoryDB.setItem || setItem; -exports.removeItem = memoryDB.removeItem || removeItem; -exports.clear = memoryDB.clear || clear; -exports.length = memoryDB.length || length; -exports.key = memoryDB.key || key; +exports.getItem = getItem; +exports.setItem = setItem; +exports.removeItem = removeItem; +exports.clear = clear; +exports.length = length; +exports.key = key;

1 0

[tor-browser/tor-browser-52.6.0esr-8.0-2] Bug 22794: Don't open AF_INET/AF_INET6 sockets when AF_LOCAL is configured
by gk＠torproject.org 19 Feb '18

19 Feb '18

commit eafaa94a613a326bd13234540fe88b86451ee3e9 Author: Richard Pospesel <richard(a)torproject.org> Date: Thu Feb 1 16:20:42 2018 -0800 Bug 22794: Don't open AF_INET/AF_INET6 sockets when AF_LOCAL is configured The initialization path for the SOCKS proxy in firefox involves creating a generic AF_INET socket, and then replacing it if the actual configuration requires something else (either AF_INET6 or AF_LOCAL). With syscall filtering configured to return an error in the event of AF_INET or AF_INET6 socket creation, this initialization path fails. We would like this capability so that we can prevent firefox from making network requests outside of the Tor proxy. This patch adds a check in the initial socket creation path to see if the SOCKS proxy host begins with file:// with the assumption that such URIs point to a UNIX Domain Socket (on Linux+macOS only). In that case, we create an AF_LOCAL socket rather than the requested type. A similar check for Windows already exists to determine if the proxy is actually a named pipe. In the subsequent replacing step no work occurs as the passed in socket matches the type we need, so no changes need to be made there. NOTE: With this change there is still a one-time request for an AF_INET6 socket that occurs. This code path exists to determine whether the system supports IPv6; if socket(AF_INET6...) fails then it is assumed that the system does not. However, this check only affects code that is unreachable when using AF_LOCAL sockets so it seems safe to leave as it is. However, this does mean that Tor Browser will still be incompatible with seccomp policies which kill the calling thread in the event of a socket(AF_INET6,...) call. --- netwerk/socket/nsSOCKSSocketProvider.cpp | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/netwerk/socket/nsSOCKSSocketProvider.cpp b/netwerk/socket/nsSOCKSSocketProvider.cpp index c62534f7bf3d..bcae1234f486 100644 --- a/netwerk/socket/nsSOCKSSocketProvider.cpp +++ b/netwerk/socket/nsSOCKSSocketProvider.cpp @@ -43,6 +43,14 @@ nsSOCKSSocketProvider::CreateV5(nsISupports *aOuter, REFNSIID aIID, void **aResu return rv; } +#if defined(XP_UNIX) +bool +static IsUNIXDomainSocketPath(const nsACString& aPath) +{ + return StringBeginsWith(aPath, NS_LITERAL_CSTRING("file://")); +} +#endif + NS_IMETHODIMP nsSOCKSSocketProvider::NewSocket(int32_t family, const char *host, @@ -62,6 +70,13 @@ nsSOCKSSocketProvider::NewSocket(int32_t family, sock = CreateNamedPipeLayer(); } else #endif +#if defined(XP_UNIX) + nsAutoCString proxyHost; + proxy->GetHost(proxyHost); + if(IsUNIXDomainSocketPath(proxyHost)) { + family = AF_LOCAL; + } +#endif { sock = PR_OpenTCPSocket(family); if (!sock) {

1 0

[tor-browser/tor-browser-52.6.0esr-8.0-2] Bug 19910: Rip out optimistic data socks handshake variant (#3875)
by gk＠torproject.org 19 Feb '18

19 Feb '18

commit 67fa1e520d8cfc420f5bdee4b53b8310df18a977 Author: Kathy Brade <brade(a)pearlcrescent.com> Date: Wed Feb 14 10:39:42 2018 -0500 Bug 19910: Rip out optimistic data socks handshake variant (#3875) This has been shown to cause problems with STARTTLS in XMPP (used in Tor Messenger) and with Tor Launcher's Moat client. A replacement will be added to the Tor daemon itself via bug 5915 (Write patch to make socks handshakes succeed instantly). --- netwerk/base/nsSocketTransport2.cpp | 44 ++++++++----------------------------- netwerk/base/nsSocketTransport2.h | 4 +--- netwerk/socket/nsSOCKSIOLayer.cpp | 3 +-- 3 files changed, 11 insertions(+), 40 deletions(-) diff --git a/netwerk/base/nsSocketTransport2.cpp b/netwerk/base/nsSocketTransport2.cpp index 4399465fe534..1bfd1fc91525 100644 --- a/netwerk/base/nsSocketTransport2.cpp +++ b/netwerk/base/nsSocketTransport2.cpp @@ -1983,26 +1983,7 @@ nsSocketTransport::OnSocketReady(PRFileDesc *fd, int16_t outFlags) // Update poll timeout in case it was changed mPollTimeout = mTimeouts[TIMEOUT_READ_WRITE]; } - // Tor 3875: Use optimistic data with SOCKS. - // To accomplish this, two new states were added that are only used with - // SOCKS connections: - // STATE_SENDINGGET - The SOCKS handshake has proceeded to the - // "sent connect" state; now it is okay to - // optimistically send some application data (e.g., - // an HTTP GET request). - // STATE_SENTGET - Optimistic data has been sent; make a second call - // to PR_ConnectContinue() to allow the SOCKS - // handshake to finish. - else if (mState == STATE_SENDINGGET) { - if ((mPollFlags & PR_POLL_WRITE) && (outFlags & ~PR_POLL_READ)) { - mOutput.OnSocketReady(NS_OK); // Allow application data to be sent. - } - mPollTimeout = mTimeouts[TIMEOUT_READ_WRITE]; - mPollFlags = (PR_POLL_EXCEPT | PR_POLL_READ); - mState = STATE_SENTGET; // Wait for SOCKS handshake response. - } - else if (((mState == STATE_CONNECTING) || (mState = STATE_SENTGET)) && - !gIOService->IsNetTearingDown()) { + else if ((mState == STATE_CONNECTING) && !gIOService->IsNetTearingDown()) { // We do not need to do PR_ConnectContinue when we are already // shutting down. @@ -2026,14 +2007,7 @@ nsSocketTransport::OnSocketReady(PRFileDesc *fd, int16_t outFlags) Telemetry::PRCONNECTCONTINUE_BLOCKING_TIME_OFFLINE); } - bool isUsingSocks = mProxyTransparent && !mProxyHost.IsEmpty(); - if (status == PR_SUCCESS && mState == STATE_CONNECTING) { - OnSocketConnected(); - if (isUsingSocks) { - mState = STATE_SENDINGGET; - } - } - else if (status == PR_SUCCESS && mState == STATE_SENTGET) { + if (status == PR_SUCCESS) { // // we are connected! // @@ -2060,17 +2034,17 @@ nsSocketTransport::OnSocketReady(PRFileDesc *fd, int16_t outFlags) // If the connect is still not ready, then continue polling... // if ((PR_WOULD_BLOCK_ERROR == code) || (PR_IN_PROGRESS_ERROR == code)) { - if (mState != STATE_SENTGET) { - // Set up the select flags for connect... - mPollFlags = (PR_POLL_EXCEPT | PR_POLL_WRITE); - // Update poll timeout in case it was changed - mPollTimeout = mTimeouts[TIMEOUT_CONNECT]; - } + // Set up the select flags for connect... + mPollFlags = (PR_POLL_EXCEPT | PR_POLL_WRITE); + // Update poll timeout in case it was changed + mPollTimeout = mTimeouts[TIMEOUT_CONNECT]; } // // The SOCKS proxy rejected our request. Find out why. // - else if (PR_UNKNOWN_ERROR == code && isUsingSocks) { + else if (PR_UNKNOWN_ERROR == code && + mProxyTransparent && + !mProxyHost.IsEmpty()) { code = PR_GetOSError(); mCondition = ErrorAccordingToNSPR(code); } diff --git a/netwerk/base/nsSocketTransport2.h b/netwerk/base/nsSocketTransport2.h index b4baed233ff1..7c85ccdc409f 100644 --- a/netwerk/base/nsSocketTransport2.h +++ b/netwerk/base/nsSocketTransport2.h @@ -201,9 +201,7 @@ private: STATE_IDLE, STATE_RESOLVING, STATE_CONNECTING, - STATE_TRANSFERRING, - STATE_SENDINGGET, - STATE_SENTGET + STATE_TRANSFERRING }; // Safer way to get and automatically release PRFileDesc objects. diff --git a/netwerk/socket/nsSOCKSIOLayer.cpp b/netwerk/socket/nsSOCKSIOLayer.cpp index a21dfa4a5a11..5429637c1c3a 100644 --- a/netwerk/socket/nsSOCKSIOLayer.cpp +++ b/netwerk/socket/nsSOCKSIOLayer.cpp @@ -83,8 +83,7 @@ public: void SetConnectTimeout(PRIntervalTime to); PRStatus DoHandshake(PRFileDesc *fd, int16_t oflags = -1); int16_t GetPollFlags() const; - bool IsConnected() const { return (mState == SOCKS_CONNECTED || - mState == SOCKS5_READ_CONNECT_RESPONSE_TOP); } + bool IsConnected() const { return mState == SOCKS_CONNECTED; } void ForgetFD() { mFD = nullptr; } void SetNamedPipeFD(PRFileDesc *fd) { mFD = fd; }

1 0

[tor-browser/tor-browser-52.6.0esr-8.0-2] Bug 22614: Make e10s/non-e10s Tor Browsers indistinguishable
by gk＠torproject.org 19 Feb '18

19 Feb '18

commit a91cf5fa9be89c32948f72b87819ff08c43a360e Author: Fernando Fernandez Mancera <ffmancera(a)riseup.net> Date: Fri Feb 2 11:38:01 2018 +0100 Bug 22614: Make e10s/non-e10s Tor Browsers indistinguishable e10s in its current form probably brings some fingerprinting risks with it. E.g. users of accessibility tools (not only those users) won't have e10s enabled on windows and macOS. In order to solve this issue "dom.disable_window_showModalDialog" is set to "true". --- browser/app/profile/000-tor-browser.js | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/browser/app/profile/000-tor-browser.js b/browser/app/profile/000-tor-browser.js index ca27504e4b7d..eb26de046874 100644 --- a/browser/app/profile/000-tor-browser.js +++ b/browser/app/profile/000-tor-browser.js @@ -181,7 +181,8 @@ pref("dom.maxHardwareConcurrency", 1); // Bug 21675: Spoof single-core cpu pref("dom.w3c_touch_events.enabled", 0); // Bug 10286: Always disable Touch API // Disable randomised Firefox HTTP cache decay user test groups (Bug: 13575) pref("browser.cache.frecency_experiment", -1); - +// Make e10s/non-e10s Tor Browsers indistinguishable (Bug: 22614) +pref("dom.disable_window_showModalDialog", true); // Third party stuff pref("privacy.firstparty.isolate", true); // Always enforce first party isolation

1 0

[tor-browser/tor-browser-52.6.0esr-8.0-2] Bug 1005640 - Flush StringBundle cache when app-locales change. r=valentin
by gk＠torproject.org 19 Feb '18

19 Feb '18

commit 0445d514609fd71e1aad90f67af8355825cda929 Author: Zibi Braniecki <gandalf(a)mozilla.com> Date: Tue Apr 18 01:03:05 2017 -0700 Bug 1005640 - Flush StringBundle cache when app-locales change. r=valentin StringBundle caches bundles, so when language chain changes we should flush the cache to enable new strings to be loaded. This also affects localized prefs like intl.accept_languages. Then in HttpHandler we have to mark the value as dirty so that next time it's called it actually recalculates using flushed string bundle with the new locale. MozReview-Commit-ID: DKWEDUli4yH --HG-- extra : rebase_source : 75ecc4204deca066d7492d1494492a91685f36be This fixes bug 22659 on our side. --- intl/strres/nsStringBundle.cpp | 4 +++- netwerk/protocol/http/nsHttpHandler.cpp | 34 +++++++++++++++++++-------------- netwerk/protocol/http/nsHttpHandler.h | 3 ++- 3 files changed, 25 insertions(+), 16 deletions(-) diff --git a/intl/strres/nsStringBundle.cpp b/intl/strres/nsStringBundle.cpp index ab840a469a4c..a763ba228b66 100644 --- a/intl/strres/nsStringBundle.cpp +++ b/intl/strres/nsStringBundle.cpp @@ -529,6 +529,7 @@ nsStringBundleService::Init() os->AddObserver(this, "profile-do-change", true); os->AddObserver(this, "chrome-flush-caches", true); os->AddObserver(this, "xpcom-category-entry-added", true); + os->AddObserver(this, "intl:app-locales-changed", true); } // instantiate the override service, if there is any. @@ -546,7 +547,8 @@ nsStringBundleService::Observe(nsISupports* aSubject, { if (strcmp("memory-pressure", aTopic) == 0 || strcmp("profile-do-change", aTopic) == 0 || - strcmp("chrome-flush-caches", aTopic) == 0) + strcmp("chrome-flush-caches", aTopic) == 0 || + strcmp("intl:app-locales-changed", aTopic) == 0) { flushBundleCache(); } diff --git a/netwerk/protocol/http/nsHttpHandler.cpp b/netwerk/protocol/http/nsHttpHandler.cpp index 4276c7144eb3..21ce43d35fd5 100644 --- a/netwerk/protocol/http/nsHttpHandler.cpp +++ b/netwerk/protocol/http/nsHttpHandler.cpp @@ -203,6 +203,7 @@ nsHttpHandler::nsHttpHandler() , mProduct("Gecko") , mCompatFirefoxEnabled(false) , mUserAgentIsDirty(true) + , mAcceptLanguagesIsDirty(true) , mPromptTempRedirect(true) , mEnablePersistentHttpsCaching(false) , mDoNotTrackEnabled(false) @@ -466,8 +467,13 @@ nsHttpHandler::AddStandardRequestHeaders(nsHttpRequestHead *request, bool isSecu // Add the "Accept-Language" header. This header is also exposed to the // service worker. + if (mAcceptLanguagesIsDirty) { + rv = SetAcceptLanguages(); + MOZ_ASSERT(NS_SUCCEEDED(rv)); + } + + // Add the "Accept-Language" header if (!mAcceptLanguages.IsEmpty()) { - // Add the "Accept-Language" header rv = request->SetHeader(nsHttp::Accept_Language, mAcceptLanguages, false, nsHttpHeaderArray::eVarietyRequestOverride); @@ -1484,16 +1490,10 @@ nsHttpHandler::PrefsChanged(nsIPrefBranch *prefs, const char *pref) // if (PREF_CHANGED(INTL_ACCEPT_LANGUAGES)) { - nsCOMPtr<nsIPrefLocalizedString> pls; - prefs->GetComplexValue(INTL_ACCEPT_LANGUAGES, - NS_GET_IID(nsIPrefLocalizedString), - getter_AddRefs(pls)); - if (pls) { - nsXPIDLString uval; - pls->ToString(getter_Copies(uval)); - if (uval) - SetAcceptLanguages(NS_ConvertUTF16toUTF8(uval).get()); - } + // We don't want to set the new accept languages here since + // this pref is a complex type and it may be racy with flushing + // string resources. + mAcceptLanguagesIsDirty = true; } // @@ -1870,12 +1870,18 @@ PrepareAcceptLanguages(const char *i_AcceptLanguages, nsACString &o_AcceptLangua } nsresult -nsHttpHandler::SetAcceptLanguages(const char *aAcceptLanguages) +nsHttpHandler::SetAcceptLanguages() { + mAcceptLanguagesIsDirty = false; + + const nsAdoptingCString& acceptLanguages = + Preferences::GetLocalizedCString(INTL_ACCEPT_LANGUAGES); + nsAutoCString buf; - nsresult rv = PrepareAcceptLanguages(aAcceptLanguages, buf); - if (NS_SUCCEEDED(rv)) + nsresult rv = PrepareAcceptLanguages(acceptLanguages.get(), buf); + if (NS_SUCCEEDED(rv)) { mAcceptLanguages.Assign(buf); + } return rv; } diff --git a/netwerk/protocol/http/nsHttpHandler.h b/netwerk/protocol/http/nsHttpHandler.h index 155740f3d223..bb30afc500f8 100644 --- a/netwerk/protocol/http/nsHttpHandler.h +++ b/netwerk/protocol/http/nsHttpHandler.h @@ -393,7 +393,7 @@ private: void PrefsChanged(nsIPrefBranch *prefs, const char *pref); nsresult SetAccept(const char *); - nsresult SetAcceptLanguages(const char *); + nsresult SetAcceptLanguages(); nsresult SetAcceptEncodings(const char *, bool mIsSecure); nsresult InitConnectionMgr(); @@ -497,6 +497,7 @@ private: nsCString mUserAgent; nsXPIDLCString mUserAgentOverride; bool mUserAgentIsDirty; // true if mUserAgent should be rebuilt + bool mAcceptLanguagesIsDirty; bool mPromptTempRedirect;

1 0

[tor-browser-build/master] Bug 24341: update platform.arch to avoid error with some runc versions
by gk＠torproject.org 19 Feb '18

19 Feb '18

commit 946d493f800fa39fadba61fa0440a35074d0bbd5 Author: Nicolas Vigier <boklm(a)torproject.org> Date: Fri Nov 17 23:14:39 2017 +0100 Bug 24341: update platform.arch to avoid error with some runc versions The runc versions after this commit: https://github.com/opencontainers/runc/commit/1cd050244e004bc9940787f888b45… and before this commit: https://github.com/opencontainers/runc/commit/e1146182a8cebb5a6133a9e298a5e… cannot run containers where platform.arch is set to anything else than amd64 when running on amd64. The platform.arch is not used for anything so we can set it to amd64 in all cases to avoid the error with that runc version. --- projects/common/runc-config.json | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/projects/common/runc-config.json b/projects/common/runc-config.json index 7a88805..e75c13d 100644 --- a/projects/common/runc-config.json +++ b/projects/common/runc-config.json @@ -2,11 +2,7 @@ "ociVersion": "1.0.0[% IF !c("var_p/runc_spec100") %]-rc1[% END %]", "platform": { "os": "linux", -[% IF c("var/container/arch") == 'i386' -%] - "arch": "386" -[% ELSE -%] - "arch": "[% c("var/container/arch") %]" -[% END -%] + "arch": "amd64" }, "process": { "terminal": [% IF c("interactive") %]true[% ELSE %]false[% END %],

1 0

[tor-browser-build/master] Merge remote-tracking branch 'boklm/bug_24341'
by gk＠torproject.org 19 Feb '18

19 Feb '18

commit 166edadb8ea5bae52fa582952402d9e89e564a8d Merge: 86ea671 946d493 Author: Georg Koppen <gk(a)torproject.org> Date: Mon Feb 19 15:03:26 2018 +0000 Merge remote-tracking branch 'boklm/bug_24341' projects/common/runc-config.json | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-)

1 0

[tor-browser-build/master] Bug 24614: Bump meek tag for moat feature
by gk＠torproject.org 19 Feb '18

19 Feb '18

commit 86ea671920a69772ee7adb4a168f06cbd4b21168 Author: Georg Koppen <gk(a)torproject.org> Date: Mon Feb 19 12:12:54 2018 +0000 Bug 24614: Bump meek tag for moat feature --- projects/meek/config | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/projects/meek/config b/projects/meek/config index 46f4ec9..f58fbd1 100644 --- a/projects/meek/config +++ b/projects/meek/config @@ -1,5 +1,5 @@ # vim: filetype=yaml sw=2 -version: 0.25 +version: 0.29 git_url: https://git.torproject.org/pluggable-transports/meek.git git_hash: '[% c("version") %]' tag_gpg_id: 1

1 0