- tbb-commits - lists.torproject.org

[Git][tpo/applications/tor-browser-build] Pushed new tag tbb-13.5.9-build1
by ma1 (＠ma1) 24 Oct '24

24 Oct '24

ma1 pushed new tag tbb-13.5.9-build1 at The Tor Project / Applications / tor-browser-build -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/tree/tbb… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser-build][maint-13.5] Bug 41255, 41283: Prepare Tor, Mullvad Browser 13.5.9
by ma1 (＠ma1) 24 Oct '24

24 Oct '24

ma1 pushed to branch maint-13.5 at The Tor Project / Applications / tor-browser-build Commits: 69161822 by hackademix at 2024-10-24T18:23:27+02:00 Bug 41255,41283: Prepare Tor,Mullvad Browser 13.5.9 - - - - - 9 changed files: - projects/browser/Bundle-Data/Docs-MB/ChangeLog.txt - projects/browser/Bundle-Data/Docs-TBB/ChangeLog.txt - projects/browser/allowed_addons.json - projects/firefox/config - projects/geckoview/config - projects/manual/config - projects/tor/config - projects/translation/config - rbm.conf Changes: ===================================== projects/browser/Bundle-Data/Docs-MB/ChangeLog.txt ===================================== @@ -1,3 +1,12 @@ +Mullvad Browser 13.5.9 - October 28 2024 + * All Platforms + * Updated Firefox to 115.17.0esr + * Updated NoScript to 11.4.42 + * Bug 43174: Issue with custom home page on local filesystem [tor-browser] + * Bug 43207: Backport Mozbug 1886222 [tor-browser] + * Bug 43240: Backport security fixes from Firefox 132 [tor-browser] + * Bug 41273: relprep.py: bump Firefox and GV to a (yet) non-existing tag when the last one does not match HEAD [tor-browser-build] + Mullvad Browser 13.5.7 - October 08 2024 * All Platforms * Updated uBlock Origin to 1.60.0 ===================================== projects/browser/Bundle-Data/Docs-TBB/ChangeLog.txt ===================================== @@ -1,3 +1,26 @@ +Tor Browser 13.5.9 - October 28 2024 + * Windows + macOS + Linux + * Updated Tor to 0.4.8.13 + * Bug 43240: Backport security fixes from Firefox 132 [tor-browser] + * Bug 41273: relprep.py: bump Firefox and GV to a (yet) non-existing tag when the last one does not match HEAD [tor-browser-build] + * Updated Firefox to 115.17.0esr + * Bug 42280: Weird connection attempt to multicast IPv6 ff00:::443 on "New identity" [tor-browser] + * Bug 43104: Local files and extensions can't be loaded in new windows before bootstrap [tor-browser] + * Bug 43169: compat: align userAgent in navigator + HTTP Header [tor-browser] + * Bug 43174: Issue with custom home page on local filesystem [tor-browser] + * Bug 43207: Backport Mozbug 1886222 [tor-browser] + * Windows + macOS + * Bug 41252: Disable updating update_responses in 13.5-legacy branch [tor-browser-build] + * Windows + * Bug 43206: Hide Snowflake UX in legacy Tor Browser on Windows [tor-browser] + * Android + * Updated GeckoView to 115.17.0esr + * Build System + * All Platforms + * Bug 41278: Hide legacy 13.5 Tor Browser blog posts after 13.5.7 [tor-browser-build] + * Windows + macOS + * Bug 41269: Simplify projects/go/config and friends once maint-13.5 is legacy Windows and macOS only [tor-browser-build] + Tor Browser 13.5.8 - October 14 2024 * Android * Updated NoScript to 11.4.42 ===================================== projects/browser/allowed_addons.json ===================================== @@ -17,7 +17,7 @@ "picture_url": "https://addons.mozilla.org/user-media/userpics/34/9734/13299734/13299734.pn…" } ], - "average_daily_users": 1213636, + "average_daily_users": 1226737, "categories": { "firefox": [ "web-development", @@ -218,10 +218,10 @@ "category": "recommended" }, "ratings": { - "average": 4.5267, - "bayesian_average": 4.5256323562411405, - "count": 5907, - "text_count": 1856 + "average": 4.5256, + "bayesian_average": 4.524535982963264, + "count": 5929, + "text_count": 1863 }, "ratings_url": "https://addons.mozilla.org/en-US/firefox/addon/darkreader/reviews/", "requires_payment": false, @@ -318,7 +318,7 @@ "type": "extension", "url": "https://addons.mozilla.org/en-US/firefox/addon/darkreader/", "versions_url": "https://addons.mozilla.org/en-US/firefox/addon/darkreader/versions/", - "weekly_downloads": 28552 + "weekly_downloads": 29155 }, "notes": null }, @@ -334,7 +334,7 @@ "picture_url": "https://addons.mozilla.org/user-media/userpics/56/7656/6937656/6937656.png?…" } ], - "average_daily_users": 257891, + "average_daily_users": 258272, "categories": { "firefox": [ "privacy-security" @@ -635,7 +635,7 @@ "type": "extension", "url": "https://addons.mozilla.org/en-US/firefox/addon/decentraleyes/", "versions_url": "https://addons.mozilla.org/en-US/firefox/addon/decentraleyes/versions/", - "weekly_downloads": 2980 + "weekly_downloads": 2826 }, "notes": null }, @@ -651,7 +651,7 @@ "picture_url": "https://addons.mozilla.org/user-media/userpics/73/4073/5474073/5474073.png?…" } ], - "average_daily_users": 1310964, + "average_daily_users": 1352970, "categories": { "firefox": [ "privacy-security" @@ -1170,9 +1170,9 @@ "category": "recommended" }, "ratings": { - "average": 4.8041, - "bayesian_average": 4.801419862395535, - "count": 2527, + "average": 4.8047, + "bayesian_average": 4.802025216140565, + "count": 2534, "text_count": 476 }, "ratings_url": "https://addons.mozilla.org/en-US/firefox/addon/privacy-badger17/reviews/", @@ -1197,7 +1197,7 @@ "type": "extension", "url": "https://addons.mozilla.org/en-US/firefox/addon/privacy-badger17/", "versions_url": "https://addons.mozilla.org/en-US/firefox/addon/privacy-badger17/versions/", - "weekly_downloads": 14939 + "weekly_downloads": 14681 }, "notes": null }, @@ -1213,7 +1213,7 @@ "picture_url": null } ], - "average_daily_users": 8542786, + "average_daily_users": 8647578, "categories": { "firefox": [ "privacy-security" @@ -1378,7 +1378,7 @@ }, "is_disabled": false, "is_experimental": false, - "last_updated": "2024-10-12T13:25:21Z", + "last_updated": "2024-10-23T00:10:54Z", "name": { "ar": "uBlock Origin", "bg": "uBlock Origin", @@ -1523,10 +1523,10 @@ "category": "recommended" }, "ratings": { - "average": 4.7922, - "bayesian_average": 4.791837346304233, - "count": 18640, - "text_count": 4871 + "average": 4.7924, + "bayesian_average": 4.792038892729136, + "count": 18723, + "text_count": 4889 }, "ratings_url": "https://addons.mozilla.org/en-US/firefox/addon/ublock-origin/reviews/", "requires_payment": false, @@ -1589,7 +1589,7 @@ "type": "extension", "url": "https://addons.mozilla.org/en-US/firefox/addon/ublock-origin/", "versions_url": "https://addons.mozilla.org/en-US/firefox/addon/ublock-origin/versions/", - "weekly_downloads": 217905 + "weekly_downloads": 221176 }, "notes": null }, @@ -1605,7 +1605,7 @@ "picture_url": null } ], - "average_daily_users": 187335, + "average_daily_users": 188407, "categories": { "firefox": [ "photos-music-videos", @@ -1701,10 +1701,10 @@ "category": "recommended" }, "ratings": { - "average": 4.45, - "bayesian_average": 4.445212842032069, - "count": 1289, - "text_count": 501 + "average": 4.4508, + "bayesian_average": 4.446012881244534, + "count": 1291, + "text_count": 502 }, "ratings_url": "https://addons.mozilla.org/en-US/firefox/addon/video-background-play-fix/re…", "requires_payment": false, @@ -1726,7 +1726,7 @@ "type": "extension", "url": "https://addons.mozilla.org/en-US/firefox/addon/video-background-play-fix/", "versions_url": "https://addons.mozilla.org/en-US/firefox/addon/video-background-play-fix/ve…", - "weekly_downloads": 353 + "weekly_downloads": 373 }, "notes": null }, @@ -1742,7 +1742,7 @@ "picture_url": null } ], - "average_daily_users": 62764, + "average_daily_users": 62536, "categories": { "firefox": [ "privacy-security", @@ -1877,7 +1877,7 @@ "type": "extension", "url": "https://addons.mozilla.org/en-US/firefox/addon/privacy-possum/", "versions_url": "https://addons.mozilla.org/en-US/firefox/addon/privacy-possum/versions/", - "weekly_downloads": 382 + "weekly_downloads": 282 }, "notes": null }, @@ -1893,7 +1893,7 @@ "picture_url": "https://addons.mozilla.org/user-media/userpics/64/9064/12929064/12929064.pn…" } ], - "average_daily_users": 364513, + "average_daily_users": 366172, "categories": { "firefox": [ "search-tools", @@ -2110,10 +2110,10 @@ "category": "recommended" }, "ratings": { - "average": 4.6173, - "bayesian_average": 4.613162490310139, - "count": 1560, - "text_count": 313 + "average": 4.616, + "bayesian_average": 4.611874580501797, + "count": 1565, + "text_count": 316 }, "ratings_url": "https://addons.mozilla.org/en-US/firefox/addon/search_by_image/reviews/", "requires_payment": false, @@ -2136,7 +2136,7 @@ "type": "extension", "url": "https://addons.mozilla.org/en-US/firefox/addon/search_by_image/", "versions_url": "https://addons.mozilla.org/en-US/firefox/addon/search_by_image/versions/", - "weekly_downloads": 4344 + "weekly_downloads": 4605 }, "notes": null }, @@ -2159,7 +2159,7 @@ "picture_url": null } ], - "average_daily_users": 122483, + "average_daily_users": 122622, "categories": { "firefox": [ "search-tools", @@ -2440,10 +2440,10 @@ "category": "recommended" }, "ratings": { - "average": 4.3776, - "bayesian_average": 4.373284794488685, - "count": 1401, - "text_count": 393 + "average": 4.3775, + "bayesian_average": 4.373186912323384, + "count": 1404, + "text_count": 394 }, "ratings_url": "https://addons.mozilla.org/en-US/firefox/addon/google-search-fixer/reviews/", "requires_payment": false, @@ -2463,7 +2463,7 @@ "type": "extension", "url": "https://addons.mozilla.org/en-US/firefox/addon/google-search-fixer/", "versions_url": "https://addons.mozilla.org/en-US/firefox/addon/google-search-fixer/versions/", - "weekly_downloads": 19 + "weekly_downloads": 25 }, "notes": null }, @@ -2479,7 +2479,7 @@ "picture_url": "https://addons.mozilla.org/user-media/userpics/43/0143/143/143.png?modified…" } ], - "average_daily_users": 290837, + "average_daily_users": 291399, "categories": { "firefox": [ "privacy-security", @@ -2593,7 +2593,7 @@ }, "is_disabled": false, "is_experimental": false, - "last_updated": "2024-10-09T08:34:17Z", + "last_updated": "2024-10-23T06:50:19Z", "name": { "de": "NoScript", "el": "NoScript", @@ -2665,10 +2665,10 @@ "category": "recommended" }, "ratings": { - "average": 4.408, - "bayesian_average": 4.405333664117888, - "count": 2289, - "text_count": 871 + "average": 4.4082, + "bayesian_average": 4.4055307379635416, + "count": 2288, + "text_count": 870 }, "ratings_url": "https://addons.mozilla.org/en-US/firefox/addon/noscript/reviews/", "requires_payment": false, @@ -2712,7 +2712,7 @@ "type": "extension", "url": "https://addons.mozilla.org/en-US/firefox/addon/noscript/", "versions_url": "https://addons.mozilla.org/en-US/firefox/addon/noscript/versions/", - "weekly_downloads": 8154 + "weekly_downloads": 8484 }, "notes": null }, @@ -2728,7 +2728,7 @@ "picture_url": null } ], - "average_daily_users": 165178, + "average_daily_users": 165936, "categories": { "firefox": [ "photos-music-videos", @@ -2838,10 +2838,10 @@ "category": "recommended" }, "ratings": { - "average": 3.8255, - "bayesian_average": 3.8215152080376273, - "count": 1284, - "text_count": 464 + "average": 3.8266, + "bayesian_average": 3.822614769308675, + "count": 1286, + "text_count": 466 }, "ratings_url": "https://addons.mozilla.org/en-US/firefox/addon/youtube-high-definition/revi…", "requires_payment": false, @@ -2860,7 +2860,7 @@ "type": "extension", "url": "https://addons.mozilla.org/en-US/firefox/addon/youtube-high-definition/", "versions_url": "https://addons.mozilla.org/en-US/firefox/addon/youtube-high-definition/vers…", - "weekly_downloads": 1940 + "weekly_downloads": 1957 }, "notes": null } ===================================== projects/firefox/config ===================================== @@ -14,12 +14,12 @@ container: use_container: 1 var: - firefox_platform_version: 115.16.0 + firefox_platform_version: 115.17.0 firefox_version: '[% c("var/firefox_platform_version") %]esr' browser_series: '13.5' browser_rebase: 1 browser_branch: '[% c("var/browser_series") %]-[% c("var/browser_rebase") %]' - browser_build: 3 + browser_build: 2 branding_directory_prefix: 'tb' copyright_year: '[% exec("git show -s --format=%ci").remove("-.*") %]' nightly_updates_publish_dir: '[% c("var/nightly_updates_publish_dir_prefix") %]nightly-[% c("var/osname") %]' ===================================== projects/geckoview/config ===================================== @@ -14,9 +14,9 @@ container: use_container: 1 var: - geckoview_version: 115.16.0esr + geckoview_version: 115.17.0esr browser_branch: 13.5-1 - browser_build: 3 + browser_build: 2 copyright_year: '[% exec("git show -s --format=%ci").remove("-.*") %]' gitlab_project: https://gitlab.torproject.org/tpo/applications/tor-browser git_commit: '[% exec("git rev-parse HEAD") %]' ===================================== projects/manual/config ===================================== @@ -1,7 +1,7 @@ # vim: filetype=yaml sw=2 # To update, see doc/how-to-update-the-manual.txt # Remember to update also the package's hash, with the version! -version: 210938 +version: 215922 filename: 'manual-[% c("version") %]-[% c("var/build_id") %].tar.[% c("compress_tar") %]' container: use_container: 1 @@ -23,6 +23,6 @@ input_files: - project: container-image - URL: 'https://build-sources.tbb.torproject.org/manual_[% c("version") %].zip' name: manual - sha256sum: eb83259f0525a14dae1a1c3944e1e5ac3a2f8111a42834ab0f401628c8a38791 + sha256sum: b5ed703f54d52e9f197320f3698e936d585a3fed23cc4f9fbf59edce2869f885 - filename: packagemanual.py name: package_script ===================================== projects/tor/config ===================================== @@ -1,6 +1,6 @@ # vim: filetype=yaml sw=2 filename: '[% project %]-[% c("version") %]-[% c("var/osname") %]-[% c("var/build_id") %].tar.[% c("compress_tar") %]' -version: 0.4.8.12 +version: 0.4.8.13 git_hash: 'tor-[% c("version") %]' git_url: https://gitlab.torproject.org/tpo/core/tor.git git_submodule: 1 ===================================== projects/translation/config ===================================== @@ -12,13 +12,13 @@ compress_tar: 'gz' steps: base-browser: base-browser: '[% INCLUDE build %]' - git_hash: ceb66dd0937da14962cb535699242b2526e11f02 + git_hash: 3b1be2065b54939ed019d94174f137847bcf3c66 targets: nightly: git_hash: 'base-browser' tor-browser: tor-browser: '[% INCLUDE build %]' - git_hash: 2e5133bd3f271bafc4578465103ae07567452b15 + git_hash: 64ab8361ee87846e46736bd18b12c1dfcd77fe75 targets: nightly: git_hash: 'tor-browser' @@ -32,7 +32,7 @@ steps: fenix: '[% INCLUDE build %]' # We need to bump the commit before releasing but just pointing to a branch # might cause too much rebuidling of the Firefox part. - git_hash: 0c637c9fa2c1ddf1e2bda1a63a0b0d974074d593 + git_hash: 08dbd4e2bb128e2c30941dfeb7800582589f3a21 compress_tar: 'zst' targets: nightly: ===================================== rbm.conf ===================================== @@ -73,11 +73,11 @@ buildconf: git_signtag_opt: '-s' var: - torbrowser_version: '13.5.8' + torbrowser_version: '13.5.9' torbrowser_build: 'build1' # This should be the date of when the build is started. For the build # to be reproducible, browser_release_date should always be in the past. - browser_release_date: '2024/10/14 17:30:00' + browser_release_date: '2024/10/24 16:02:53' browser_release_date_timestamp: '[% USE date; date.format(c("var/browser_release_date"), "%s") %]' updater_enabled: 1 build_mar: 1 View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/6… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/6… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/mullvad-browser] Pushed new tag mullvad-browser-115.17.0esr-13.5-1-build2
by ma1 (＠ma1) 24 Oct '24

24 Oct '24

ma1 pushed new tag mullvad-browser-115.17.0esr-13.5-1-build2 at The Tor Project / Applications / Mullvad Browser -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/tree/mullv… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/mullvad-browser][mullvad-browser-115.17.0esr-13.5-1] 6 commits: Bug 1829029: clean up memory reporting for CacheFileIOManager r=necko-reviewers, valentin, a=RyanVM
by ma1 (＠ma1) 24 Oct '24

24 Oct '24

ma1 pushed to branch mullvad-browser-115.17.0esr-13.5-1 at The Tor Project / Applications / Mullvad Browser Commits: 6bd54722 by Randell Jesup at 2024-10-24T17:12:05+02:00 Bug 1829029: clean up memory reporting for CacheFileIOManager r=necko-reviewers,valentin, a=RyanVM Differential Revision: https://phabricator.services.mozilla.com/D221350 - - - - - 5ad1eeda by Valentin Gosu at 2024-10-24T17:12:06+02:00 Bug 1914521 - Make nsPartChannel inherit the content disposition of the multipart response a=RyanVM Original Revision: https://phabricator.services.mozilla.com/D223728 Differential Revision: https://phabricator.services.mozilla.com/D224288 - - - - - 79901fa5 by Andrew McCreight at 2024-10-24T17:12:08+02:00 Bug 1919809 - Always clear mArgumentStorage in Console's Unlink. a=RyanVM Original Revision: https://phabricator.services.mozilla.com/D222803 Differential Revision: https://phabricator.services.mozilla.com/D224384 - - - - - a689cf5a by Paul Zuehlcke at 2024-10-24T17:12:09+02:00 Bug 1920423, a=RyanVM Differential Revision: https://phabricator.services.mozilla.com/D224349 - - - - - 1d53f0f1 by Andrew McCreight at 2024-10-24T17:12:11+02:00 Bug 1923706 - Pass by value, not reference in CamerasChild::AllocateCapture. a=RyanVM Original Revision: https://phabricator.services.mozilla.com/D225121 Differential Revision: https://phabricator.services.mozilla.com/D225363 - - - - - 36a1ad53 by Kagami Sascha Rosylight at 2024-10-24T17:12:12+02:00 Bug 1924154 - Disallow too small record a=RyanVM Original Revision: https://phabricator.services.mozilla.com/D225687 Differential Revision: https://phabricator.services.mozilla.com/D226147 - - - - - 8 changed files: - dom/console/Console.cpp - dom/media/systemservices/CamerasChild.cpp - dom/push/PushCrypto.sys.mjs - netwerk/cache2/CacheFileIOManager.cpp - netwerk/streamconv/converters/nsMultiMixedConv.cpp - netwerk/streamconv/converters/nsMultiMixedConv.h - toolkit/content/widgets/popupnotification.js - toolkit/themes/shared/popupnotification.css Changes: ===================================== dom/console/Console.cpp ===================================== @@ -802,6 +802,7 @@ NS_IMPL_CYCLE_COLLECTION_UNLINK_BEGIN(Console) NS_IMPL_CYCLE_COLLECTION_UNLINK(mDumpFunction) NS_IMPL_CYCLE_COLLECTION_UNLINK_WEAK_REFERENCE tmp->Shutdown(); + tmp->mArgumentStorage.clearAndFree(); NS_IMPL_CYCLE_COLLECTION_UNLINK_END NS_IMPL_CYCLE_COLLECTION_TRAVERSE_BEGIN(Console) ===================================== dom/media/systemservices/CamerasChild.cpp ===================================== @@ -331,7 +331,7 @@ int CamerasChild::AllocateCapture(CaptureEngine aCapEngine, LOG(("%s", __PRETTY_FUNCTION__)); nsCString unique_id(unique_idUTF8); nsCOMPtr<nsIRunnable> runnable = - mozilla::NewRunnableMethod<CaptureEngine, nsCString, const uint64_t&>( + mozilla::NewRunnableMethod<CaptureEngine, nsCString, uint64_t>( "camera::PCamerasChild::SendAllocateCapture", this, &CamerasChild::SendAllocateCapture, aCapEngine, unique_id, aWindowID); LockAndDispatch<> dispatcher(this, __func__, runnable, -1, mReplyInteger); ===================================== dom/push/PushCrypto.sys.mjs ===================================== @@ -108,6 +108,8 @@ function getEncryptionParams(encryptField) { // aes128gcm scheme. function getCryptoParamsFromPayload(payload) { if (payload.byteLength < 21) { + // The value 21 is from https://datatracker.ietf.org/doc/html/rfc8188#section-2.1 + // | salt (16) | rs (4) | idlen (1) | keyid (idlen) | throw new CryptoError("Truncated header", BAD_CRYPTO); } let rs = @@ -115,8 +117,16 @@ function getCryptoParamsFromPayload(payload) { (payload[17] << 16) | (payload[18] << 8) | payload[19]; + if (rs < 18) { + // https://datatracker.ietf.org/doc/html/rfc8188#section-2.1 + throw new CryptoError( + "Record sizes smaller than 18 are invalid", + BAD_RS_PARAM + ); + } let keyIdLen = payload[20]; if (keyIdLen != 65) { + // https://datatracker.ietf.org/doc/html/rfc8291/#section-4 throw new CryptoError("Invalid sender public key", BAD_DH_PARAM); } if (payload.byteLength <= 21 + keyIdLen) { @@ -171,8 +181,12 @@ export function getCryptoParamsFromHeaders(headers) { throw new CryptoError("Invalid salt parameter", BAD_SALT_PARAM); } var rs = enc.rs ? parseInt(enc.rs, 10) : 4096; - if (isNaN(rs)) { - throw new CryptoError("rs parameter must be a number", BAD_RS_PARAM); + if (isNaN(rs) || rs < 1 || rs > 68719476705) { + // https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-encryption-encodin… + throw new CryptoError( + "rs parameter must be a number greater than 1 and smaller than 2^36-31", + BAD_RS_PARAM + ); } return { salt, @@ -791,6 +805,7 @@ class aes128gcmEncoder { // Perform the actual encryption of the payload. async encrypt(key, nonce) { if (this.rs < 18) { + // https://datatracker.ietf.org/doc/html/rfc8188#section-2.1 throw new CryptoError("recordsize is too small", BAD_RS_PARAM); } @@ -869,6 +884,7 @@ class aes128gcmEncoder { createHeader(key) { // layout is "salt|32-bit-int|8-bit-int|key" if (key.byteLength != 65) { + // https://datatracker.ietf.org/doc/html/rfc8291/#section-4 throw new CryptoError("Invalid key length for header", BAD_DH_PARAM); } // the 2 ints ===================================== netwerk/cache2/CacheFileIOManager.cpp ===================================== @@ -4359,13 +4359,15 @@ class SizeOfHandlesRunnable : public Runnable { public: SizeOfHandlesRunnable(mozilla::MallocSizeOf mallocSizeOf, CacheFileHandles const& handles, - nsTArray<CacheFileHandle*> const& specialHandles) + nsTArray<CacheFileHandle*> const& specialHandles, + nsCOMPtr<nsITimer> const& metadataWritesTimer) : Runnable("net::SizeOfHandlesRunnable"), mMonitor("SizeOfHandlesRunnable.mMonitor"), mMonitorNotified(false), mMallocSizeOf(mallocSizeOf), mHandles(handles), mSpecialHandles(specialHandles), + mMetadataWritesTimer(metadataWritesTimer), mSize(0) {} size_t Get(CacheIOThread* thread) { @@ -4397,6 +4399,10 @@ class SizeOfHandlesRunnable : public Runnable { for (uint32_t i = 0; i < mSpecialHandles.Length(); ++i) { mSize += mSpecialHandles[i]->SizeOfIncludingThis(mMallocSizeOf); } + nsCOMPtr<nsISizeOf> sizeOf = do_QueryInterface(mMetadataWritesTimer); + if (sizeOf) { + mSize += sizeOf->SizeOfIncludingThis(mMallocSizeOf); + } mMonitorNotified = true; mon.Notify(); @@ -4404,11 +4410,12 @@ class SizeOfHandlesRunnable : public Runnable { } private: - mozilla::Monitor mMonitor MOZ_UNANNOTATED; + mozilla::Monitor mMonitor; bool mMonitorNotified; mozilla::MallocSizeOf mMallocSizeOf; CacheFileHandles const& mHandles; nsTArray<CacheFileHandle*> const& mSpecialHandles; + nsCOMPtr<nsITimer> const& mMetadataWritesTimer; size_t mSize; }; @@ -4422,10 +4429,11 @@ size_t CacheFileIOManager::SizeOfExcludingThisInternal( if (mIOThread) { n += mIOThread->SizeOfIncludingThis(mallocSizeOf); - // mHandles and mSpecialHandles must be accessed only on the I/O thread, - // must sync dispatch. + // mHandles, mSpecialHandles and mMetadataWritesTimer must be accessed + // only on the I/O thread, must sync dispatch. RefPtr<SizeOfHandlesRunnable> sizeOfHandlesRunnable = - new SizeOfHandlesRunnable(mallocSizeOf, mHandles, mSpecialHandles); + new SizeOfHandlesRunnable(mallocSizeOf, mHandles, mSpecialHandles, + mMetadataWritesTimer); n += sizeOfHandlesRunnable->Get(mIOThread); } @@ -4434,9 +4442,6 @@ size_t CacheFileIOManager::SizeOfExcludingThisInternal( sizeOf = do_QueryInterface(mCacheDirectory); if (sizeOf) n += sizeOf->SizeOfIncludingThis(mallocSizeOf); - sizeOf = do_QueryInterface(mMetadataWritesTimer); - if (sizeOf) n += sizeOf->SizeOfIncludingThis(mallocSizeOf); - sizeOf = do_QueryInterface(mTrashTimer); if (sizeOf) n += sizeOf->SizeOfIncludingThis(mallocSizeOf); ===================================== netwerk/streamconv/converters/nsMultiMixedConv.cpp ===================================== @@ -467,6 +467,12 @@ nsMultiMixedConv::OnStartRequest(nsIRequest* request) { if (NS_SUCCEEDED(rv)) { mRootContentSecurityPolicy = csp; } + nsCString contentDisposition; + rv = httpChannel->GetResponseHeader("content-disposition"_ns, + contentDisposition); + if (NS_SUCCEEDED(rv)) { + mRootContentDisposition = contentDisposition; + } } else { // try asking the channel directly rv = mChannel->GetContentType(contentType); @@ -837,7 +843,11 @@ nsresult nsMultiMixedConv::SendStart() { rv = mPartChannel->SetContentLength(mContentLength); if (NS_FAILED(rv)) return rv; - mPartChannel->SetContentDisposition(mContentDisposition); + if (!mRootContentDisposition.IsEmpty()) { + mPartChannel->SetContentDisposition(mRootContentDisposition); + } else { + mPartChannel->SetContentDisposition(mContentDisposition); + } // Each part of a multipart/replace response can be used // for the top level document. We must inform upper layers ===================================== netwerk/streamconv/converters/nsMultiMixedConv.h ===================================== @@ -150,15 +150,17 @@ class nsMultiMixedConv : public nsIStreamConverter { nsCOMPtr<nsIStreamListener> mFinalListener; // this guy gets the converted // data via his OnDataAvailable() - nsCOMPtr<nsIChannel> - mChannel; // The channel as we get in in OnStartRequest call - RefPtr<nsPartChannel> mPartChannel; // the channel for the given part we're - // processing. one channel per part. + // The channel as we get it in OnStartRequest call + nsCOMPtr<nsIChannel> mChannel; + // the channel for the given part we're + // processing. one channel per part. + RefPtr<nsPartChannel> mPartChannel; nsCOMPtr<nsISupports> mContext; nsCString mContentType; nsCString mContentDisposition; nsCString mContentSecurityPolicy; nsCString mRootContentSecurityPolicy; + nsCString mRootContentDisposition; uint64_t mContentLength{UINT64_MAX}; uint64_t mTotalSent{0}; ===================================== toolkit/content/widgets/popupnotification.js ===================================== @@ -15,7 +15,7 @@ ".popup-notification-description": "popupid,id=descriptionid", ".popup-notification-description > span:first-of-type": "text=label,popupid", - ".popup-notification-description > b:first-of-type": + ".popup-notification-description > .popup-notification-description-name": "text=name,popupid", ".popup-notification-description > span:nth-of-type(2)": "text=endlabel,popupid", @@ -82,7 +82,7 @@  - <description class="popup-notification-description"><html:span></html:span><html:b></html:b><html:span></html:span><html:b></html:b><html:span></html:span></description> + <description class="popup-notification-description"><html:span></html:span><html:b class="popup-notification-description-name"></html:b><html:span></html:span><html:b></html:b><html:span></html:span></description> <description class="popup-notification-hint-text"></description> </vbox> <toolbarbutton class="messageCloseButton close-icon popup-notification-closebutton tabbable" data-l10n-id="close-notification-message"></toolbarbutton> ===================================== toolkit/themes/shared/popupnotification.css ===================================== @@ -52,6 +52,16 @@ popupnotificationcontent { flex: 1 auto; } +/* + * Ensure that host names in PopupNotifications wrap. This targets the "name" + * element in the description container which is the "name" property of the + * PopupNotification. Name is what gets substituted from the l10n string using + * the placeholder <>. + */ +.popup-notification-description-name { + word-break: break-all; +} + .popup-notification-closebutton { margin-inline-end: -8px; margin-top: -8px; View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/compare/a4… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/compare/a4… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser] Pushed new tag base-browser-115.17.0esr-13.5-1-build2
by ma1 (＠ma1) 24 Oct '24

24 Oct '24

ma1 pushed new tag base-browser-115.17.0esr-13.5-1-build2 at The Tor Project / Applications / Tor Browser -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/tree/base-brow… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][base-browser-115.17.0esr-13.5-1] 6 commits: Bug 1829029: clean up memory reporting for CacheFileIOManager r=necko-reviewers, valentin, a=RyanVM
by ma1 (＠ma1) 24 Oct '24

24 Oct '24

ma1 pushed to branch base-browser-115.17.0esr-13.5-1 at The Tor Project / Applications / Tor Browser Commits: 7d7421a9 by Randell Jesup at 2024-10-24T17:07:18+02:00 Bug 1829029: clean up memory reporting for CacheFileIOManager r=necko-reviewers,valentin, a=RyanVM Differential Revision: https://phabricator.services.mozilla.com/D221350 - - - - - 486009a3 by Valentin Gosu at 2024-10-24T17:07:19+02:00 Bug 1914521 - Make nsPartChannel inherit the content disposition of the multipart response a=RyanVM Original Revision: https://phabricator.services.mozilla.com/D223728 Differential Revision: https://phabricator.services.mozilla.com/D224288 - - - - - de348d2b by Andrew McCreight at 2024-10-24T17:07:21+02:00 Bug 1919809 - Always clear mArgumentStorage in Console's Unlink. a=RyanVM Original Revision: https://phabricator.services.mozilla.com/D222803 Differential Revision: https://phabricator.services.mozilla.com/D224384 - - - - - 72a03207 by Paul Zuehlcke at 2024-10-24T17:07:22+02:00 Bug 1920423, a=RyanVM Differential Revision: https://phabricator.services.mozilla.com/D224349 - - - - - 5efccb49 by Andrew McCreight at 2024-10-24T17:07:23+02:00 Bug 1923706 - Pass by value, not reference in CamerasChild::AllocateCapture. a=RyanVM Original Revision: https://phabricator.services.mozilla.com/D225121 Differential Revision: https://phabricator.services.mozilla.com/D225363 - - - - - 4204d1a8 by Kagami Sascha Rosylight at 2024-10-24T17:07:25+02:00 Bug 1924154 - Disallow too small record a=RyanVM Original Revision: https://phabricator.services.mozilla.com/D225687 Differential Revision: https://phabricator.services.mozilla.com/D226147 - - - - - 8 changed files: - dom/console/Console.cpp - dom/media/systemservices/CamerasChild.cpp - dom/push/PushCrypto.sys.mjs - netwerk/cache2/CacheFileIOManager.cpp - netwerk/streamconv/converters/nsMultiMixedConv.cpp - netwerk/streamconv/converters/nsMultiMixedConv.h - toolkit/content/widgets/popupnotification.js - toolkit/themes/shared/popupnotification.css Changes: ===================================== dom/console/Console.cpp ===================================== @@ -802,6 +802,7 @@ NS_IMPL_CYCLE_COLLECTION_UNLINK_BEGIN(Console) NS_IMPL_CYCLE_COLLECTION_UNLINK(mDumpFunction) NS_IMPL_CYCLE_COLLECTION_UNLINK_WEAK_REFERENCE tmp->Shutdown(); + tmp->mArgumentStorage.clearAndFree(); NS_IMPL_CYCLE_COLLECTION_UNLINK_END NS_IMPL_CYCLE_COLLECTION_TRAVERSE_BEGIN(Console) ===================================== dom/media/systemservices/CamerasChild.cpp ===================================== @@ -331,7 +331,7 @@ int CamerasChild::AllocateCapture(CaptureEngine aCapEngine, LOG(("%s", __PRETTY_FUNCTION__)); nsCString unique_id(unique_idUTF8); nsCOMPtr<nsIRunnable> runnable = - mozilla::NewRunnableMethod<CaptureEngine, nsCString, const uint64_t&>( + mozilla::NewRunnableMethod<CaptureEngine, nsCString, uint64_t>( "camera::PCamerasChild::SendAllocateCapture", this, &CamerasChild::SendAllocateCapture, aCapEngine, unique_id, aWindowID); LockAndDispatch<> dispatcher(this, __func__, runnable, -1, mReplyInteger); ===================================== dom/push/PushCrypto.sys.mjs ===================================== @@ -108,6 +108,8 @@ function getEncryptionParams(encryptField) { // aes128gcm scheme. function getCryptoParamsFromPayload(payload) { if (payload.byteLength < 21) { + // The value 21 is from https://datatracker.ietf.org/doc/html/rfc8188#section-2.1 + // | salt (16) | rs (4) | idlen (1) | keyid (idlen) | throw new CryptoError("Truncated header", BAD_CRYPTO); } let rs = @@ -115,8 +117,16 @@ function getCryptoParamsFromPayload(payload) { (payload[17] << 16) | (payload[18] << 8) | payload[19]; + if (rs < 18) { + // https://datatracker.ietf.org/doc/html/rfc8188#section-2.1 + throw new CryptoError( + "Record sizes smaller than 18 are invalid", + BAD_RS_PARAM + ); + } let keyIdLen = payload[20]; if (keyIdLen != 65) { + // https://datatracker.ietf.org/doc/html/rfc8291/#section-4 throw new CryptoError("Invalid sender public key", BAD_DH_PARAM); } if (payload.byteLength <= 21 + keyIdLen) { @@ -171,8 +181,12 @@ export function getCryptoParamsFromHeaders(headers) { throw new CryptoError("Invalid salt parameter", BAD_SALT_PARAM); } var rs = enc.rs ? parseInt(enc.rs, 10) : 4096; - if (isNaN(rs)) { - throw new CryptoError("rs parameter must be a number", BAD_RS_PARAM); + if (isNaN(rs) || rs < 1 || rs > 68719476705) { + // https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-encryption-encodin… + throw new CryptoError( + "rs parameter must be a number greater than 1 and smaller than 2^36-31", + BAD_RS_PARAM + ); } return { salt, @@ -791,6 +805,7 @@ class aes128gcmEncoder { // Perform the actual encryption of the payload. async encrypt(key, nonce) { if (this.rs < 18) { + // https://datatracker.ietf.org/doc/html/rfc8188#section-2.1 throw new CryptoError("recordsize is too small", BAD_RS_PARAM); } @@ -869,6 +884,7 @@ class aes128gcmEncoder { createHeader(key) { // layout is "salt|32-bit-int|8-bit-int|key" if (key.byteLength != 65) { + // https://datatracker.ietf.org/doc/html/rfc8291/#section-4 throw new CryptoError("Invalid key length for header", BAD_DH_PARAM); } // the 2 ints ===================================== netwerk/cache2/CacheFileIOManager.cpp ===================================== @@ -4359,13 +4359,15 @@ class SizeOfHandlesRunnable : public Runnable { public: SizeOfHandlesRunnable(mozilla::MallocSizeOf mallocSizeOf, CacheFileHandles const& handles, - nsTArray<CacheFileHandle*> const& specialHandles) + nsTArray<CacheFileHandle*> const& specialHandles, + nsCOMPtr<nsITimer> const& metadataWritesTimer) : Runnable("net::SizeOfHandlesRunnable"), mMonitor("SizeOfHandlesRunnable.mMonitor"), mMonitorNotified(false), mMallocSizeOf(mallocSizeOf), mHandles(handles), mSpecialHandles(specialHandles), + mMetadataWritesTimer(metadataWritesTimer), mSize(0) {} size_t Get(CacheIOThread* thread) { @@ -4397,6 +4399,10 @@ class SizeOfHandlesRunnable : public Runnable { for (uint32_t i = 0; i < mSpecialHandles.Length(); ++i) { mSize += mSpecialHandles[i]->SizeOfIncludingThis(mMallocSizeOf); } + nsCOMPtr<nsISizeOf> sizeOf = do_QueryInterface(mMetadataWritesTimer); + if (sizeOf) { + mSize += sizeOf->SizeOfIncludingThis(mMallocSizeOf); + } mMonitorNotified = true; mon.Notify(); @@ -4404,11 +4410,12 @@ class SizeOfHandlesRunnable : public Runnable { } private: - mozilla::Monitor mMonitor MOZ_UNANNOTATED; + mozilla::Monitor mMonitor; bool mMonitorNotified; mozilla::MallocSizeOf mMallocSizeOf; CacheFileHandles const& mHandles; nsTArray<CacheFileHandle*> const& mSpecialHandles; + nsCOMPtr<nsITimer> const& mMetadataWritesTimer; size_t mSize; }; @@ -4422,10 +4429,11 @@ size_t CacheFileIOManager::SizeOfExcludingThisInternal( if (mIOThread) { n += mIOThread->SizeOfIncludingThis(mallocSizeOf); - // mHandles and mSpecialHandles must be accessed only on the I/O thread, - // must sync dispatch. + // mHandles, mSpecialHandles and mMetadataWritesTimer must be accessed + // only on the I/O thread, must sync dispatch. RefPtr<SizeOfHandlesRunnable> sizeOfHandlesRunnable = - new SizeOfHandlesRunnable(mallocSizeOf, mHandles, mSpecialHandles); + new SizeOfHandlesRunnable(mallocSizeOf, mHandles, mSpecialHandles, + mMetadataWritesTimer); n += sizeOfHandlesRunnable->Get(mIOThread); } @@ -4434,9 +4442,6 @@ size_t CacheFileIOManager::SizeOfExcludingThisInternal( sizeOf = do_QueryInterface(mCacheDirectory); if (sizeOf) n += sizeOf->SizeOfIncludingThis(mallocSizeOf); - sizeOf = do_QueryInterface(mMetadataWritesTimer); - if (sizeOf) n += sizeOf->SizeOfIncludingThis(mallocSizeOf); - sizeOf = do_QueryInterface(mTrashTimer); if (sizeOf) n += sizeOf->SizeOfIncludingThis(mallocSizeOf); ===================================== netwerk/streamconv/converters/nsMultiMixedConv.cpp ===================================== @@ -467,6 +467,12 @@ nsMultiMixedConv::OnStartRequest(nsIRequest* request) { if (NS_SUCCEEDED(rv)) { mRootContentSecurityPolicy = csp; } + nsCString contentDisposition; + rv = httpChannel->GetResponseHeader("content-disposition"_ns, + contentDisposition); + if (NS_SUCCEEDED(rv)) { + mRootContentDisposition = contentDisposition; + } } else { // try asking the channel directly rv = mChannel->GetContentType(contentType); @@ -837,7 +843,11 @@ nsresult nsMultiMixedConv::SendStart() { rv = mPartChannel->SetContentLength(mContentLength); if (NS_FAILED(rv)) return rv; - mPartChannel->SetContentDisposition(mContentDisposition); + if (!mRootContentDisposition.IsEmpty()) { + mPartChannel->SetContentDisposition(mRootContentDisposition); + } else { + mPartChannel->SetContentDisposition(mContentDisposition); + } // Each part of a multipart/replace response can be used // for the top level document. We must inform upper layers ===================================== netwerk/streamconv/converters/nsMultiMixedConv.h ===================================== @@ -150,15 +150,17 @@ class nsMultiMixedConv : public nsIStreamConverter { nsCOMPtr<nsIStreamListener> mFinalListener; // this guy gets the converted // data via his OnDataAvailable() - nsCOMPtr<nsIChannel> - mChannel; // The channel as we get in in OnStartRequest call - RefPtr<nsPartChannel> mPartChannel; // the channel for the given part we're - // processing. one channel per part. + // The channel as we get it in OnStartRequest call + nsCOMPtr<nsIChannel> mChannel; + // the channel for the given part we're + // processing. one channel per part. + RefPtr<nsPartChannel> mPartChannel; nsCOMPtr<nsISupports> mContext; nsCString mContentType; nsCString mContentDisposition; nsCString mContentSecurityPolicy; nsCString mRootContentSecurityPolicy; + nsCString mRootContentDisposition; uint64_t mContentLength{UINT64_MAX}; uint64_t mTotalSent{0}; ===================================== toolkit/content/widgets/popupnotification.js ===================================== @@ -15,7 +15,7 @@ ".popup-notification-description": "popupid,id=descriptionid", ".popup-notification-description > span:first-of-type": "text=label,popupid", - ".popup-notification-description > b:first-of-type": + ".popup-notification-description > .popup-notification-description-name": "text=name,popupid", ".popup-notification-description > span:nth-of-type(2)": "text=endlabel,popupid", @@ -82,7 +82,7 @@  - <description class="popup-notification-description"><html:span></html:span><html:b></html:b><html:span></html:span><html:b></html:b><html:span></html:span></description> + <description class="popup-notification-description"><html:span></html:span><html:b class="popup-notification-description-name"></html:b><html:span></html:span><html:b></html:b><html:span></html:span></description> <description class="popup-notification-hint-text"></description> </vbox> <toolbarbutton class="messageCloseButton close-icon popup-notification-closebutton tabbable" data-l10n-id="close-notification-message"></toolbarbutton> ===================================== toolkit/themes/shared/popupnotification.css ===================================== @@ -52,6 +52,16 @@ popupnotificationcontent { flex: 1 auto; } +/* + * Ensure that host names in PopupNotifications wrap. This targets the "name" + * element in the description container which is the "name" property of the + * PopupNotification. Name is what gets substituted from the l10n string using + * the placeholder <>. + */ +.popup-notification-description-name { + word-break: break-all; +} + .popup-notification-closebutton { margin-inline-end: -8px; margin-top: -8px; View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/compare/c07f30… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/compare/c07f30… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser] Pushed new tag tor-browser-115.17.0esr-13.5-1-build2
by ma1 (＠ma1) 24 Oct '24

24 Oct '24

ma1 pushed new tag tor-browser-115.17.0esr-13.5-1-build2 at The Tor Project / Applications / Tor Browser -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/tree/tor-brows… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][tor-browser-115.17.0esr-13.5-1] 6 commits: Bug 1829029: clean up memory reporting for CacheFileIOManager r=necko-reviewers, valentin, a=RyanVM
by ma1 (＠ma1) 24 Oct '24

24 Oct '24

ma1 pushed to branch tor-browser-115.17.0esr-13.5-1 at The Tor Project / Applications / Tor Browser Commits: 0090727a by Randell Jesup at 2024-10-23T16:34:13+02:00 Bug 1829029: clean up memory reporting for CacheFileIOManager r=necko-reviewers,valentin, a=RyanVM Differential Revision: https://phabricator.services.mozilla.com/D221350 - - - - - 883dd4a0 by Valentin Gosu at 2024-10-23T22:54:40+02:00 Bug 1914521 - Make nsPartChannel inherit the content disposition of the multipart response a=RyanVM Original Revision: https://phabricator.services.mozilla.com/D223728 Differential Revision: https://phabricator.services.mozilla.com/D224288 - - - - - 857b9ac0 by Andrew McCreight at 2024-10-23T23:17:44+02:00 Bug 1919809 - Always clear mArgumentStorage in Console's Unlink. a=RyanVM Original Revision: https://phabricator.services.mozilla.com/D222803 Differential Revision: https://phabricator.services.mozilla.com/D224384 - - - - - 52815ac6 by Paul Zuehlcke at 2024-10-23T23:42:13+02:00 Bug 1920423, a=RyanVM Differential Revision: https://phabricator.services.mozilla.com/D224349 - - - - - 011ad74a by Andrew McCreight at 2024-10-24T15:07:56+02:00 Bug 1923706 - Pass by value, not reference in CamerasChild::AllocateCapture. a=RyanVM Original Revision: https://phabricator.services.mozilla.com/D225121 Differential Revision: https://phabricator.services.mozilla.com/D225363 - - - - - 8e9e58fe by Kagami Sascha Rosylight at 2024-10-24T15:11:06+02:00 Bug 1924154 - Disallow too small record a=RyanVM Original Revision: https://phabricator.services.mozilla.com/D225687 Differential Revision: https://phabricator.services.mozilla.com/D226147 - - - - - 8 changed files: - dom/console/Console.cpp - dom/media/systemservices/CamerasChild.cpp - dom/push/PushCrypto.sys.mjs - netwerk/cache2/CacheFileIOManager.cpp - netwerk/streamconv/converters/nsMultiMixedConv.cpp - netwerk/streamconv/converters/nsMultiMixedConv.h - toolkit/content/widgets/popupnotification.js - toolkit/themes/shared/popupnotification.css Changes: ===================================== dom/console/Console.cpp ===================================== @@ -802,6 +802,7 @@ NS_IMPL_CYCLE_COLLECTION_UNLINK_BEGIN(Console) NS_IMPL_CYCLE_COLLECTION_UNLINK(mDumpFunction) NS_IMPL_CYCLE_COLLECTION_UNLINK_WEAK_REFERENCE tmp->Shutdown(); + tmp->mArgumentStorage.clearAndFree(); NS_IMPL_CYCLE_COLLECTION_UNLINK_END NS_IMPL_CYCLE_COLLECTION_TRAVERSE_BEGIN(Console) ===================================== dom/media/systemservices/CamerasChild.cpp ===================================== @@ -331,7 +331,7 @@ int CamerasChild::AllocateCapture(CaptureEngine aCapEngine, LOG(("%s", __PRETTY_FUNCTION__)); nsCString unique_id(unique_idUTF8); nsCOMPtr<nsIRunnable> runnable = - mozilla::NewRunnableMethod<CaptureEngine, nsCString, const uint64_t&>( + mozilla::NewRunnableMethod<CaptureEngine, nsCString, uint64_t>( "camera::PCamerasChild::SendAllocateCapture", this, &CamerasChild::SendAllocateCapture, aCapEngine, unique_id, aWindowID); LockAndDispatch<> dispatcher(this, __func__, runnable, -1, mReplyInteger); ===================================== dom/push/PushCrypto.sys.mjs ===================================== @@ -108,6 +108,8 @@ function getEncryptionParams(encryptField) { // aes128gcm scheme. function getCryptoParamsFromPayload(payload) { if (payload.byteLength < 21) { + // The value 21 is from https://datatracker.ietf.org/doc/html/rfc8188#section-2.1 + // | salt (16) | rs (4) | idlen (1) | keyid (idlen) | throw new CryptoError("Truncated header", BAD_CRYPTO); } let rs = @@ -115,8 +117,16 @@ function getCryptoParamsFromPayload(payload) { (payload[17] << 16) | (payload[18] << 8) | payload[19]; + if (rs < 18) { + // https://datatracker.ietf.org/doc/html/rfc8188#section-2.1 + throw new CryptoError( + "Record sizes smaller than 18 are invalid", + BAD_RS_PARAM + ); + } let keyIdLen = payload[20]; if (keyIdLen != 65) { + // https://datatracker.ietf.org/doc/html/rfc8291/#section-4 throw new CryptoError("Invalid sender public key", BAD_DH_PARAM); } if (payload.byteLength <= 21 + keyIdLen) { @@ -171,8 +181,12 @@ export function getCryptoParamsFromHeaders(headers) { throw new CryptoError("Invalid salt parameter", BAD_SALT_PARAM); } var rs = enc.rs ? parseInt(enc.rs, 10) : 4096; - if (isNaN(rs)) { - throw new CryptoError("rs parameter must be a number", BAD_RS_PARAM); + if (isNaN(rs) || rs < 1 || rs > 68719476705) { + // https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-encryption-encodin… + throw new CryptoError( + "rs parameter must be a number greater than 1 and smaller than 2^36-31", + BAD_RS_PARAM + ); } return { salt, @@ -791,6 +805,7 @@ class aes128gcmEncoder { // Perform the actual encryption of the payload. async encrypt(key, nonce) { if (this.rs < 18) { + // https://datatracker.ietf.org/doc/html/rfc8188#section-2.1 throw new CryptoError("recordsize is too small", BAD_RS_PARAM); } @@ -869,6 +884,7 @@ class aes128gcmEncoder { createHeader(key) { // layout is "salt|32-bit-int|8-bit-int|key" if (key.byteLength != 65) { + // https://datatracker.ietf.org/doc/html/rfc8291/#section-4 throw new CryptoError("Invalid key length for header", BAD_DH_PARAM); } // the 2 ints ===================================== netwerk/cache2/CacheFileIOManager.cpp ===================================== @@ -4359,13 +4359,15 @@ class SizeOfHandlesRunnable : public Runnable { public: SizeOfHandlesRunnable(mozilla::MallocSizeOf mallocSizeOf, CacheFileHandles const& handles, - nsTArray<CacheFileHandle*> const& specialHandles) + nsTArray<CacheFileHandle*> const& specialHandles, + nsCOMPtr<nsITimer> const& metadataWritesTimer) : Runnable("net::SizeOfHandlesRunnable"), mMonitor("SizeOfHandlesRunnable.mMonitor"), mMonitorNotified(false), mMallocSizeOf(mallocSizeOf), mHandles(handles), mSpecialHandles(specialHandles), + mMetadataWritesTimer(metadataWritesTimer), mSize(0) {} size_t Get(CacheIOThread* thread) { @@ -4397,6 +4399,10 @@ class SizeOfHandlesRunnable : public Runnable { for (uint32_t i = 0; i < mSpecialHandles.Length(); ++i) { mSize += mSpecialHandles[i]->SizeOfIncludingThis(mMallocSizeOf); } + nsCOMPtr<nsISizeOf> sizeOf = do_QueryInterface(mMetadataWritesTimer); + if (sizeOf) { + mSize += sizeOf->SizeOfIncludingThis(mMallocSizeOf); + } mMonitorNotified = true; mon.Notify(); @@ -4404,11 +4410,12 @@ class SizeOfHandlesRunnable : public Runnable { } private: - mozilla::Monitor mMonitor MOZ_UNANNOTATED; + mozilla::Monitor mMonitor; bool mMonitorNotified; mozilla::MallocSizeOf mMallocSizeOf; CacheFileHandles const& mHandles; nsTArray<CacheFileHandle*> const& mSpecialHandles; + nsCOMPtr<nsITimer> const& mMetadataWritesTimer; size_t mSize; }; @@ -4422,10 +4429,11 @@ size_t CacheFileIOManager::SizeOfExcludingThisInternal( if (mIOThread) { n += mIOThread->SizeOfIncludingThis(mallocSizeOf); - // mHandles and mSpecialHandles must be accessed only on the I/O thread, - // must sync dispatch. + // mHandles, mSpecialHandles and mMetadataWritesTimer must be accessed + // only on the I/O thread, must sync dispatch. RefPtr<SizeOfHandlesRunnable> sizeOfHandlesRunnable = - new SizeOfHandlesRunnable(mallocSizeOf, mHandles, mSpecialHandles); + new SizeOfHandlesRunnable(mallocSizeOf, mHandles, mSpecialHandles, + mMetadataWritesTimer); n += sizeOfHandlesRunnable->Get(mIOThread); } @@ -4434,9 +4442,6 @@ size_t CacheFileIOManager::SizeOfExcludingThisInternal( sizeOf = do_QueryInterface(mCacheDirectory); if (sizeOf) n += sizeOf->SizeOfIncludingThis(mallocSizeOf); - sizeOf = do_QueryInterface(mMetadataWritesTimer); - if (sizeOf) n += sizeOf->SizeOfIncludingThis(mallocSizeOf); - sizeOf = do_QueryInterface(mTrashTimer); if (sizeOf) n += sizeOf->SizeOfIncludingThis(mallocSizeOf); ===================================== netwerk/streamconv/converters/nsMultiMixedConv.cpp ===================================== @@ -467,6 +467,12 @@ nsMultiMixedConv::OnStartRequest(nsIRequest* request) { if (NS_SUCCEEDED(rv)) { mRootContentSecurityPolicy = csp; } + nsCString contentDisposition; + rv = httpChannel->GetResponseHeader("content-disposition"_ns, + contentDisposition); + if (NS_SUCCEEDED(rv)) { + mRootContentDisposition = contentDisposition; + } } else { // try asking the channel directly rv = mChannel->GetContentType(contentType); @@ -837,7 +843,11 @@ nsresult nsMultiMixedConv::SendStart() { rv = mPartChannel->SetContentLength(mContentLength); if (NS_FAILED(rv)) return rv; - mPartChannel->SetContentDisposition(mContentDisposition); + if (!mRootContentDisposition.IsEmpty()) { + mPartChannel->SetContentDisposition(mRootContentDisposition); + } else { + mPartChannel->SetContentDisposition(mContentDisposition); + } // Each part of a multipart/replace response can be used // for the top level document. We must inform upper layers ===================================== netwerk/streamconv/converters/nsMultiMixedConv.h ===================================== @@ -150,15 +150,17 @@ class nsMultiMixedConv : public nsIStreamConverter { nsCOMPtr<nsIStreamListener> mFinalListener; // this guy gets the converted // data via his OnDataAvailable() - nsCOMPtr<nsIChannel> - mChannel; // The channel as we get in in OnStartRequest call - RefPtr<nsPartChannel> mPartChannel; // the channel for the given part we're - // processing. one channel per part. + // The channel as we get it in OnStartRequest call + nsCOMPtr<nsIChannel> mChannel; + // the channel for the given part we're + // processing. one channel per part. + RefPtr<nsPartChannel> mPartChannel; nsCOMPtr<nsISupports> mContext; nsCString mContentType; nsCString mContentDisposition; nsCString mContentSecurityPolicy; nsCString mRootContentSecurityPolicy; + nsCString mRootContentDisposition; uint64_t mContentLength{UINT64_MAX}; uint64_t mTotalSent{0}; ===================================== toolkit/content/widgets/popupnotification.js ===================================== @@ -15,7 +15,7 @@ ".popup-notification-description": "popupid,id=descriptionid", ".popup-notification-description > span:first-of-type": "text=label,popupid", - ".popup-notification-description > b:first-of-type": + ".popup-notification-description > .popup-notification-description-name": "text=name,popupid", ".popup-notification-description > span:nth-of-type(2)": "text=endlabel,popupid", @@ -82,7 +82,7 @@  - <description class="popup-notification-description"><html:span></html:span><html:b></html:b><html:span></html:span><html:b></html:b><html:span></html:span></description> + <description class="popup-notification-description"><html:span></html:span><html:b class="popup-notification-description-name"></html:b><html:span></html:span><html:b></html:b><html:span></html:span></description> <description class="popup-notification-hint-text"></description> </vbox> <toolbarbutton class="messageCloseButton close-icon popup-notification-closebutton tabbable" data-l10n-id="close-notification-message"></toolbarbutton> ===================================== toolkit/themes/shared/popupnotification.css ===================================== @@ -52,6 +52,16 @@ popupnotificationcontent { flex: 1 auto; } +/* + * Ensure that host names in PopupNotifications wrap. This targets the "name" + * element in the description container which is the "name" property of the + * PopupNotification. Name is what gets substituted from the l10n string using + * the placeholder <>. + */ +.popup-notification-description-name { + word-break: break-all; +} + .popup-notification-closebutton { margin-inline-end: -8px; margin-top: -8px; View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/compare/18d48e… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/compare/18d48e… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser-build][maint-13.5] Bug 41269: Remove Snowflake pluggable-transport from legacy Windows builds
by morgan (＠morgan) 23 Oct '24

23 Oct '24

morgan pushed to branch maint-13.5 at The Tor Project / Applications / tor-browser-build Commits: 88c9740a by Morgan at 2024-10-23T20:20:07+00:00 Bug 41269: Remove Snowflake pluggable-transport from legacy Windows builds - - - - - 3 changed files: - projects/go/config - projects/tor-expert-bundle/build - projects/tor-expert-bundle/config Changes: ===================================== projects/go/config ===================================== @@ -77,7 +77,7 @@ targets: windows: var: GOOS: windows - use_go_1_20: '[% c("origin_project") != "snowflake" %]' + use_go_1_20: 1 windows-i686: var: GOARCH: 386 ===================================== projects/tor-expert-bundle/build ===================================== @@ -14,12 +14,21 @@ cd tor mkdir pluggable_transports && cd pluggable_transports tar -xkf $rootdir/[% c('input_files_by_name/lyrebird') %] +# do not include snowflake-client on Windows targets +[% IF !c("var/windows") -%] tar -xkf $rootdir/[% c('input_files_by_name/snowflake') %] +[% END %] tar -xkf $rootdir/[% c('input_files_by_name/conjure') %] # add per-platform pt extension awk '{gsub(/\$\{pt_extension\}/, "[% c("var/pt_extension") %]"); print}' $rootdir/pt_config.json > pt_config.json +# remove snowflake entires on Windows targets +[% IF c("var/windows") -%] +# remove snowflake pt and bridge entries +jq 'del(.pluggableTransports.snowflake, .bridges.snowflake)' pt_config.json > tmp.pt_config.json && mv tmp.pt_config.json pt_config.json +[% END %] + cd $distdir # package a .aar on android ===================================== projects/tor-expert-bundle/config ===================================== @@ -5,6 +5,10 @@ version: '[% c("var/torbrowser_version") %]' container: use_container: 1 +var: + deps: + - jq + targets: windows: var: @@ -18,6 +22,7 @@ input_files: project: lyrebird - name: snowflake project: snowflake + enable: '[% !c("var/windows") %]' - name: conjure project: conjure - filename: pt_config.json View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/8… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/8… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser-build][maint-14.0] Deleted 1 commit: Bug 41279: Add @pierov and @ma1 as new signers
by morgan (＠morgan) 23 Oct '24

23 Oct '24

morgan pushed to branch maint-14.0 at The Tor Project / Applications / tor-browser-build WARNING: The push did not contain any new commits, but force pushed to delete the commits and changes below. Deleted commits: b6740750 by Nicolas Vigier at 2024-10-23T19:58:28+00:00 Bug 41279: Add @pierov and @ma1 as new signers - - - - - 3 changed files: - tools/signing/machines-setup/setup-signing-machine - + tools/signing/machines-setup/ssh-keys/ma1.pub - + tools/signing/machines-setup/ssh-keys/pierov.pub Changes: ===================================== tools/signing/machines-setup/setup-signing-machine ===================================== @@ -99,6 +99,10 @@ create_user richard signing authorized_keys richard richard.pub create_user morgan signing authorized_keys morgan morgan.pub +create_user ma1 signing +authorized_keys ma1 ma1.pub +create_user pierov signing +authorized_keys pierov pierov.pub # Install rbm deps install_packages libyaml-libyaml-perl libtemplate-perl libdatetime-perl \ ===================================== tools/signing/machines-setup/ssh-keys/ma1.pub ===================================== @@ -0,0 +1 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGRlfeUcrWLHKiUHkfNe6KKEjO2QY20bk4XDc+rng7ka ma1(a)ma1.maone.net ===================================== tools/signing/machines-setup/ssh-keys/pierov.pub ===================================== @@ -0,0 +1 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHitxPcIMVCEcie5XUtMuUQJZQ9fy8k7Z+1vEzBZ8CmF TKey View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/b… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/b… You're receiving this email because of your account on gitlab.torproject.org.

1 0