- tbb-commits - lists.torproject.org

[Git][tpo/applications/tor-browser-build] Pushed new tag tbb-14.0a8-build2
by morgan (＠morgan) 07 Oct '24

07 Oct '24

morgan pushed new tag tbb-14.0a8-build2 at The Tor Project / Applications / tor-browser-build -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/tree/tbb… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser-build][main] Bug 41249, 41250: Prepare Tor, Mullvad Browser 14.0a8-build2
by morgan (＠morgan) 07 Oct '24

07 Oct '24

morgan pushed to branch main at The Tor Project / Applications / tor-browser-build Commits: 3314ee0a by Morgan at 2024-10-07T17:11:51+00:00 Bug 41249,41250: Prepare Tor,Mullvad Browser 14.0a8-build2 - - - - - 3 changed files: - projects/browser/Bundle-Data/Docs-MB/ChangeLog.txt - projects/browser/Bundle-Data/Docs-TBB/ChangeLog.txt - rbm.conf Changes: ===================================== projects/browser/Bundle-Data/Docs-MB/ChangeLog.txt ===================================== @@ -1,4 +1,4 @@ -Mullvad Browser 14.0a8 - October 03 2024 +Mullvad Browser 14.0a8 - October 07 2024 * All Platforms * Updated uBlock Origin to 1.60.0 * Bug 349: Tidy up mullvad Fluent files [mullvad-browser] @@ -12,6 +12,7 @@ Mullvad Browser 14.0a8 - October 03 2024 * All Platforms * Bug 43157: Move tb-dev to base-browser [tor-browser] * Bug 41256: tools/signing/upload-update_responses-to-staticiforme should regenerate update-responses when it already exists [tor-browser-build] + * Bug 41259: Skip versions which don't set incremental_from when generating incrementals [tor-browser-build] Mullvad Browser 13.5.6 - September 30 2024 * All Platforms ===================================== projects/browser/Bundle-Data/Docs-TBB/ChangeLog.txt ===================================== @@ -1,4 +1,4 @@ -Tor Browser 14.0a8 - October 03 2024 +Tor Browser 14.0a8 - October 07 2024 * All Platforms * Bug 30543: compat: make spoofed orientation reflect spoofed screen dimensions [1607032 + 1918202] [tor-browser] * Bug 42054: ESR128: investigate - thorin's list [tor-browser] @@ -26,6 +26,7 @@ Tor Browser 14.0a8 - October 03 2024 * Windows + macOS + Linux * Bug 41247: Adapt tools/update-responses/update_responses to support multiple versions in the same xml files [tor-browser-build] * Bug 41256: tools/signing/upload-update_responses-to-staticiforme should regenerate update-responses when it already exists [tor-browser-build] + * Bug 41259: Skip versions which don't set incremental_from when generating incrementals [tor-browser-build] Tor Browser 13.5a11 - October 01 2024 * All Platforms ===================================== rbm.conf ===================================== @@ -74,7 +74,7 @@ buildconf: var: torbrowser_version: '14.0a8' - torbrowser_build: 'build1' + torbrowser_build: 'build2' # This should be the date of when the build is started. For the build # to be reproducible, browser_release_date should always be in the past. browser_release_date: '2024/10/03 19:27:08' View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/3… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/3… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser-build][main] 2 commits: Bug 41259: Skip versions which don't set incremental_from when generating incrementals
by morgan (＠morgan) 07 Oct '24

07 Oct '24

morgan pushed to branch main at The Tor Project / Applications / tor-browser-build Commits: f61208a8 by Nicolas Vigier at 2024-10-07T09:40:47+02:00 Bug 41259: Skip versions which don't set incremental_from when generating incrementals Also don't set `incremental_from` for the legacy version in update_responses config. - - - - - f27b3742 by Nicolas Vigier at 2024-10-07T09:46:47+02:00 Bug 41259: Don't set legacy version for Mullvad Browser - - - - - 2 changed files: - projects/release/update_responses_config.yml - tools/update-responses/update_responses Changes: ===================================== projects/release/update_responses_config.yml ===================================== @@ -72,12 +72,11 @@ versions: minSupportedInstructionSet: SSE2 linux-x86_64: minSupportedInstructionSet: SSE2 -[% IF c("var/torbrowser_legacy_version") -%] +[% IF c("var/tor-browser") && c("var/torbrowser_legacy_version") -%] [% c("var/torbrowser_legacy_version") %]: mar_channel_id: [% c('var/mar_channel_id') %] platformVersion: [% c('var/torbrowser_legacy_platform_version') %] detailsURL: https://blog.torproject.org/new[% IF c("var/alpha") %]-alpha[% END %]-release-tor-browser-[% c("var/torbrowser_legacy_version") FILTER remove('\.') %] - incremental_from: [] # minSupportedOsVersion on macOS corresponds to the Darwin version ( https://en.wikipedia.org/wiki/Darwin_(operating_system) ) macos: # macOS v10.12.0 ===================================== tools/update-responses/update_responses ===================================== @@ -702,6 +702,7 @@ my %actions = ( exit_error "Unknown channel" unless $config->{channels}{$channel}; my $versions = as_array($config->{channels}{$channel}); foreach my $version (@$versions) { + next unless $config->{versions}{$version}{incremental_from}; extract_martools($config, $version); get_version_files($config, $version); create_incremental_mars_for_version($config, $version, $channel); View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/compare/… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/compare/… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/mullvad-browser][mullvad-browser-115.16.0esr-13.5-1] fixup! Firefox preference overrides.
by ma1 (＠ma1) 07 Oct '24

07 Oct '24

ma1 pushed to branch mullvad-browser-115.16.0esr-13.5-1 at The Tor Project / Applications / Mullvad Browser Commits: 1a766e24 by hackademix at 2024-10-07T13:20:56+02:00 fixup! Firefox preference overrides. MB361: Disable only cyphersuites using SH1 for signing (ECDSA). - - - - - 1 changed file: - browser/app/profile/001-base-profile.js Changes: ===================================== browser/app/profile/001-base-profile.js ===================================== @@ -121,16 +121,13 @@ pref("network.http.referer.hideOnionSource", true); // [4] https://www.ssllabs.com/ssl-pulse/ pref("security.ssl.require_safe_negotiation", true); -// Bug 40183: Disable TLS ciphersuites using SHA-1 -// https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/40183 +// mullvad-browser#361: Disable TLS cyphersuites using SHA1 for signing (ECDSA) +// see https://bugzilla.mozilla.org/show_bug.cgi?id=1600437 +pref("security.ssl3.ecdhe_ecdsa_aes_256_sha", false); +pref("security.ssl3.ecdhe_ecdsa_aes_128_sha", false); +// lock those disabled by https://bugzilla.mozilla.org/show_bug.cgi?id=1036765 pref("security.ssl3.dhe_rsa_aes_128_sha", false, locked); pref("security.ssl3.dhe_rsa_aes_256_sha", false, locked); -pref("security.ssl3.ecdhe_ecdsa_aes_256_sha", false, locked); -pref("security.ssl3.ecdhe_ecdsa_aes_128_sha", false, locked); -pref("security.ssl3.ecdhe_rsa_aes_128_sha", false, locked); -pref("security.ssl3.ecdhe_rsa_aes_256_sha", false, locked); -pref("security.ssl3.rsa_aes_128_sha", false, locked); -pref("security.ssl3.rsa_aes_256_sha", false, locked); // Wrapping a static pref to lock it and prevent changing. // See tor-browser#40565. View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/commit/1a7… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/commit/1a7… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][base-browser-115.16.0esr-13.5-1] fixup! Firefox preference overrides.
by ma1 (＠ma1) 07 Oct '24

07 Oct '24

ma1 pushed to branch base-browser-115.16.0esr-13.5-1 at The Tor Project / Applications / Tor Browser Commits: 0bff17d4 by hackademix at 2024-10-07T13:20:50+02:00 fixup! Firefox preference overrides. MB361: Disable only cyphersuites using SH1 for signing (ECDSA). - - - - - 1 changed file: - browser/app/profile/001-base-profile.js Changes: ===================================== browser/app/profile/001-base-profile.js ===================================== @@ -121,16 +121,13 @@ pref("network.http.referer.hideOnionSource", true); // [4] https://www.ssllabs.com/ssl-pulse/ pref("security.ssl.require_safe_negotiation", true); -// Bug 40183: Disable TLS ciphersuites using SHA-1 -// https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/40183 +// mullvad-browser#361: Disable TLS cyphersuites using SHA1 for signing (ECDSA) +// see https://bugzilla.mozilla.org/show_bug.cgi?id=1600437 +pref("security.ssl3.ecdhe_ecdsa_aes_256_sha", false); +pref("security.ssl3.ecdhe_ecdsa_aes_128_sha", false); +// lock those disabled by https://bugzilla.mozilla.org/show_bug.cgi?id=1036765 pref("security.ssl3.dhe_rsa_aes_128_sha", false, locked); pref("security.ssl3.dhe_rsa_aes_256_sha", false, locked); -pref("security.ssl3.ecdhe_ecdsa_aes_256_sha", false, locked); -pref("security.ssl3.ecdhe_ecdsa_aes_128_sha", false, locked); -pref("security.ssl3.ecdhe_rsa_aes_128_sha", false, locked); -pref("security.ssl3.ecdhe_rsa_aes_256_sha", false, locked); -pref("security.ssl3.rsa_aes_128_sha", false, locked); -pref("security.ssl3.rsa_aes_256_sha", false, locked); // Wrapping a static pref to lock it and prevent changing. // See tor-browser#40565. View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/0bff17d… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/0bff17d… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][tor-browser-115.16.0esr-13.5-1] fixup! Firefox preference overrides.
by ma1 (＠ma1) 07 Oct '24

07 Oct '24

ma1 pushed to branch tor-browser-115.16.0esr-13.5-1 at The Tor Project / Applications / Tor Browser Commits: 70c7a53e by hackademix at 2024-10-07T13:20:44+02:00 fixup! Firefox preference overrides. MB361: Disable only cyphersuites using SH1 for signing (ECDSA). - - - - - 1 changed file: - browser/app/profile/001-base-profile.js Changes: ===================================== browser/app/profile/001-base-profile.js ===================================== @@ -121,16 +121,13 @@ pref("network.http.referer.hideOnionSource", true); // [4] https://www.ssllabs.com/ssl-pulse/ pref("security.ssl.require_safe_negotiation", true); -// Bug 40183: Disable TLS ciphersuites using SHA-1 -// https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/40183 +// mullvad-browser#361: Disable TLS cyphersuites using SHA1 for signing (ECDSA) +// see https://bugzilla.mozilla.org/show_bug.cgi?id=1600437 +pref("security.ssl3.ecdhe_ecdsa_aes_256_sha", false); +pref("security.ssl3.ecdhe_ecdsa_aes_128_sha", false); +// lock those disabled by https://bugzilla.mozilla.org/show_bug.cgi?id=1036765 pref("security.ssl3.dhe_rsa_aes_128_sha", false, locked); pref("security.ssl3.dhe_rsa_aes_256_sha", false, locked); -pref("security.ssl3.ecdhe_ecdsa_aes_256_sha", false, locked); -pref("security.ssl3.ecdhe_ecdsa_aes_128_sha", false, locked); -pref("security.ssl3.ecdhe_rsa_aes_128_sha", false, locked); -pref("security.ssl3.ecdhe_rsa_aes_256_sha", false, locked); -pref("security.ssl3.rsa_aes_128_sha", false, locked); -pref("security.ssl3.rsa_aes_256_sha", false, locked); // Wrapping a static pref to lock it and prevent changing. // See tor-browser#40565. View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/70c7a53… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/70c7a53… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/mullvad-browser][mullvad-browser-128.3.0esr-14.0-1] fixup! Firefox preference overrides.
by ma1 (＠ma1) 07 Oct '24

07 Oct '24

ma1 pushed to branch mullvad-browser-128.3.0esr-14.0-1 at The Tor Project / Applications / Mullvad Browser Commits: f2211840 by hackademix at 2024-10-07T13:20:13+02:00 fixup! Firefox preference overrides. MB361: Disable only cyphersuites using SH1 for signing (ECDSA). - - - - - 1 changed file: - browser/app/profile/001-base-profile.js Changes: ===================================== browser/app/profile/001-base-profile.js ===================================== @@ -139,16 +139,13 @@ pref("network.http.referer.hideOnionSource", true); // [4] https://www.ssllabs.com/ssl-pulse/ pref("security.ssl.require_safe_negotiation", true); -// Bug 40183: Disable TLS ciphersuites using SHA-1 -// https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/40183 +// mullvad-browser#361: Disable TLS cyphersuites using SHA1 for signing (ECDSA) +// see https://bugzilla.mozilla.org/show_bug.cgi?id=1600437 +pref("security.ssl3.ecdhe_ecdsa_aes_256_sha", false); +pref("security.ssl3.ecdhe_ecdsa_aes_128_sha", false); +// lock those disabled by https://bugzilla.mozilla.org/show_bug.cgi?id=1036765 pref("security.ssl3.dhe_rsa_aes_128_sha", false, locked); pref("security.ssl3.dhe_rsa_aes_256_sha", false, locked); -pref("security.ssl3.ecdhe_ecdsa_aes_256_sha", false, locked); -pref("security.ssl3.ecdhe_ecdsa_aes_128_sha", false, locked); -pref("security.ssl3.ecdhe_rsa_aes_128_sha", false, locked); -pref("security.ssl3.ecdhe_rsa_aes_256_sha", false, locked); -pref("security.ssl3.rsa_aes_128_sha", false, locked); -pref("security.ssl3.rsa_aes_256_sha", false, locked); // Wrapping a static pref to lock it and prevent changing. // See tor-browser#40565. View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/commit/f22… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/commit/f22… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][base-browser-128.3.0esr-14.0-1] fixup! Firefox preference overrides.
by ma1 (＠ma1) 07 Oct '24

07 Oct '24

ma1 pushed to branch base-browser-128.3.0esr-14.0-1 at The Tor Project / Applications / Tor Browser Commits: 70534c90 by hackademix at 2024-10-07T13:20:06+02:00 fixup! Firefox preference overrides. MB361: Disable only cyphersuites using SH1 for signing (ECDSA). - - - - - 1 changed file: - browser/app/profile/001-base-profile.js Changes: ===================================== browser/app/profile/001-base-profile.js ===================================== @@ -139,16 +139,13 @@ pref("network.http.referer.hideOnionSource", true); // [4] https://www.ssllabs.com/ssl-pulse/ pref("security.ssl.require_safe_negotiation", true); -// Bug 40183: Disable TLS ciphersuites using SHA-1 -// https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/40183 +// mullvad-browser#361: Disable TLS cyphersuites using SHA1 for signing (ECDSA) +// see https://bugzilla.mozilla.org/show_bug.cgi?id=1600437 +pref("security.ssl3.ecdhe_ecdsa_aes_256_sha", false); +pref("security.ssl3.ecdhe_ecdsa_aes_128_sha", false); +// lock those disabled by https://bugzilla.mozilla.org/show_bug.cgi?id=1036765 pref("security.ssl3.dhe_rsa_aes_128_sha", false, locked); pref("security.ssl3.dhe_rsa_aes_256_sha", false, locked); -pref("security.ssl3.ecdhe_ecdsa_aes_256_sha", false, locked); -pref("security.ssl3.ecdhe_ecdsa_aes_128_sha", false, locked); -pref("security.ssl3.ecdhe_rsa_aes_128_sha", false, locked); -pref("security.ssl3.ecdhe_rsa_aes_256_sha", false, locked); -pref("security.ssl3.rsa_aes_128_sha", false, locked); -pref("security.ssl3.rsa_aes_256_sha", false, locked); // Wrapping a static pref to lock it and prevent changing. // See tor-browser#40565. View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/70534c9… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/70534c9… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][tor-browser-128.3.0esr-14.0-1] fixup! Firefox preference overrides.
by ma1 (＠ma1) 07 Oct '24

07 Oct '24

ma1 pushed to branch tor-browser-128.3.0esr-14.0-1 at The Tor Project / Applications / Tor Browser Commits: bbf13ec2 by hackademix at 2024-10-07T12:54:36+02:00 fixup! Firefox preference overrides. MB361: Disable only cyphersuites using SH1 for signing (ECDSA). - - - - - 1 changed file: - browser/app/profile/001-base-profile.js Changes: ===================================== browser/app/profile/001-base-profile.js ===================================== @@ -139,16 +139,13 @@ pref("network.http.referer.hideOnionSource", true); // [4] https://www.ssllabs.com/ssl-pulse/ pref("security.ssl.require_safe_negotiation", true); -// Bug 40183: Disable TLS ciphersuites using SHA-1 -// https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/40183 +// mullvad-browser#361: Disable TLS cyphersuites using SHA1 for signing (ECDSA) +// see https://bugzilla.mozilla.org/show_bug.cgi?id=1600437 +pref("security.ssl3.ecdhe_ecdsa_aes_256_sha", false); +pref("security.ssl3.ecdhe_ecdsa_aes_128_sha", false); +// lock those disabled by https://bugzilla.mozilla.org/show_bug.cgi?id=1036765 pref("security.ssl3.dhe_rsa_aes_128_sha", false, locked); pref("security.ssl3.dhe_rsa_aes_256_sha", false, locked); -pref("security.ssl3.ecdhe_ecdsa_aes_256_sha", false, locked); -pref("security.ssl3.ecdhe_ecdsa_aes_128_sha", false, locked); -pref("security.ssl3.ecdhe_rsa_aes_128_sha", false, locked); -pref("security.ssl3.ecdhe_rsa_aes_256_sha", false, locked); -pref("security.ssl3.rsa_aes_128_sha", false, locked); -pref("security.ssl3.rsa_aes_256_sha", false, locked); // Wrapping a static pref to lock it and prevent changing. // See tor-browser#40565. View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/bbf13ec… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/bbf13ec… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/torbrowser-launcher][main] 2 commits: Update/Add Additional Abstractions for AppArmor
by asciiwolf (＠asciiwolf) 05 Oct '24

05 Oct '24

asciiwolf pushed to branch main at The Tor Project / Applications / torbrowser-launcher Commits: e049fdcc by Thomas Ward at 2024-10-05T10:14:32+00:00 Update/Add Additional Abstractions for AppArmor - - - - - 851ff330 by asciiwolf at 2024-10-05T10:14:32+00:00 There are two abstraction sets added. - The first is D-Bus session abstractions. There are D-Bus denies for opening dialog boxes and file open boxes, which need D-Bus abstractions to access the user sessions. Fixed by including abstractions/dbus-session (which also implicitly imports abstractions/dbus-session-strict for systemd user sessions) in the AppArmor rules, if the abstractions exist. The abstractions/dbus-session rule also requires adding an AppArmor owner rule for the ~/.cache/ibus/dbus-* socket. Otherwise, keyboard input will stop working. - The second is X abstractions. Observed initially in #588, systems that do NOT have GNOME installed on them, such as Lubuntu which uses LXQt and has ZERO GNOME components, will have issues accessing X11 sockets. In such systems, the implied abstractions/gnome already part of the AppArmor profile do not exist. Therefore, AppArmor will not import abstractions/gnome which includes the X abstractions because the GNOME abstractions definition does not exist. In such cases, components of the UI will not properly function with dialog boxes. This is why this is separately explicitly required, despite GNOME abstractions including X abstractions. - - - - - 1 changed file: - apparmor/torbrowser.Browser.firefox Changes: ===================================== apparmor/torbrowser.Browser.firefox ===================================== @@ -11,6 +11,8 @@ profile torbrowser_firefox @{torbrowser_firefox_executable} { #include <abstractions/mesa> #include <abstractions/opencl> #include if exists <abstractions/vulkan> + #include if exists <abstractions/dbus-session> + #include if exists <abstractions/X> deny capability sys_ptrace, @@ -26,6 +28,9 @@ profile torbrowser_firefox @{torbrowser_firefox_executable} { network netlink raw, network tcp, + # ibus socket + owner @{HOME}/.cache/ibus/dbus-* rw, + ptrace (trace) peer=@{profile_name}, signal (receive, send) set=("term") peer=@{profile_name}, View it on GitLab: https://gitlab.torproject.org/tpo/applications/torbrowser-launcher/-/compar… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/torbrowser-launcher/-/compar… You're receiving this email because of your account on gitlab.torproject.org.

1 0