- tbb-commits - lists.torproject.org

[Git][tpo/applications/tor-browser][tor-browser-128.3.0esr-14.0-1] 2 commits: Bug 1607032: Spoof screen orientation and angle to primary values. r=tjr, geckoview-reviewers, owlish
by morgan (＠morgan) 02 Oct '24

02 Oct '24

morgan pushed to branch tor-browser-128.3.0esr-14.0-1 at The Tor Project / Applications / Tor Browser Commits: 89b45eb4 by Fatih at 2024-10-02T18:59:01+00:00 Bug 1607032: Spoof screen orientation and angle to primary values. r=tjr,geckoview-reviewers,owlish Differential Revision: https://phabricator.services.mozilla.com/D220904 - - - - - 084cb5b9 by Fatih at 2024-10-02T18:59:01+00:00 Bug 1918202: Spoof orientation based on screen size. r=tjr Differential Revision: https://phabricator.services.mozilla.com/D221863 - - - - - 6 changed files: - dom/base/ScreenOrientation.cpp - dom/base/nsGlobalWindowInner.cpp - dom/base/test/chrome/bug418986-1.js - hal/android/AndroidHal.cpp - toolkit/components/resistfingerprinting/nsRFPService.cpp - toolkit/components/resistfingerprinting/nsRFPService.h Changes: ===================================== dom/base/ScreenOrientation.cpp ===================================== @@ -626,7 +626,13 @@ void ScreenOrientation::CleanupFullscreenListener() { OrientationType ScreenOrientation::DeviceType(CallerType aCallerType) const { if (nsContentUtils::ShouldResistFingerprinting( aCallerType, GetOwnerGlobal(), RFPTarget::ScreenOrientation)) { - return OrientationType::Landscape_primary; + Document* doc = GetResponsibleDocument(); + BrowsingContext* bc = doc ? doc->GetBrowsingContext() : nullptr; + if (!bc) { + return nsRFPService::GetDefaultOrientationType(); + } + CSSIntSize size = bc->GetTopInnerSizeForRFP(); + return nsRFPService::ViewportSizeToOrientationType(size.width, size.height); } return mType; } @@ -634,18 +640,19 @@ OrientationType ScreenOrientation::DeviceType(CallerType aCallerType) const { uint16_t ScreenOrientation::DeviceAngle(CallerType aCallerType) const { if (nsContentUtils::ShouldResistFingerprinting( aCallerType, GetOwnerGlobal(), RFPTarget::ScreenOrientation)) { - return 0; + Document* doc = GetResponsibleDocument(); + BrowsingContext* bc = doc ? doc->GetBrowsingContext() : nullptr; + if (!bc) { + return 0; + } + CSSIntSize size = bc->GetTopInnerSizeForRFP(); + return nsRFPService::ViewportSizeToAngle(size.width, size.height); } return mAngle; } OrientationType ScreenOrientation::GetType(CallerType aCallerType, ErrorResult& aRv) const { - if (nsContentUtils::ShouldResistFingerprinting( - aCallerType, GetOwnerGlobal(), RFPTarget::ScreenOrientation)) { - return OrientationType::Landscape_primary; - } - Document* doc = GetResponsibleDocument(); BrowsingContext* bc = doc ? doc->GetBrowsingContext() : nullptr; if (!bc) { @@ -653,16 +660,17 @@ OrientationType ScreenOrientation::GetType(CallerType aCallerType, return OrientationType::Portrait_primary; } - return bc->GetCurrentOrientationType(); -} - -uint16_t ScreenOrientation::GetAngle(CallerType aCallerType, - ErrorResult& aRv) const { + OrientationType orientation = bc->GetCurrentOrientationType(); if (nsContentUtils::ShouldResistFingerprinting( aCallerType, GetOwnerGlobal(), RFPTarget::ScreenOrientation)) { - return 0; + CSSIntSize size = bc->GetTopInnerSizeForRFP(); + return nsRFPService::ViewportSizeToOrientationType(size.width, size.height); } + return orientation; +} +uint16_t ScreenOrientation::GetAngle(CallerType aCallerType, + ErrorResult& aRv) const { Document* doc = GetResponsibleDocument(); BrowsingContext* bc = doc ? doc->GetBrowsingContext() : nullptr; if (!bc) { @@ -670,7 +678,13 @@ uint16_t ScreenOrientation::GetAngle(CallerType aCallerType, return 0; } - return bc->GetCurrentOrientationAngle(); + uint16_t angle = static_cast<uint16_t>(bc->GetCurrentOrientationAngle()); + if (nsContentUtils::ShouldResistFingerprinting( + aCallerType, GetOwnerGlobal(), RFPTarget::ScreenOrientation)) { + CSSIntSize size = bc->GetTopInnerSizeForRFP(); + return nsRFPService::ViewportSizeToAngle(size.width, size.height); + } + return angle; } ScreenOrientation::LockPermission ===================================== dom/base/nsGlobalWindowInner.cpp ===================================== @@ -7306,11 +7306,13 @@ void nsGlobalWindowInner::InitWasOffline() { mWasOffline = NS_IsOffline(); } int16_t nsGlobalWindowInner::Orientation(CallerType aCallerType) { // GetOrientationAngle() returns 0, 90, 180 or 270. // window.orientation returns -90, 0, 90 or 180. + uint16_t screenAngle = Screen()->GetOrientationAngle(); if (nsIGlobalObject::ShouldResistFingerprinting( aCallerType, RFPTarget::ScreenOrientation)) { - return 0; + CSSIntSize size = mBrowsingContext->GetTopInnerSizeForRFP(); + screenAngle = nsRFPService::ViewportSizeToAngle(size.width, size.height); } - int16_t angle = AssertedCast<int16_t>(Screen()->GetOrientationAngle()); + int16_t angle = AssertedCast<int16_t>(screenAngle); return angle <= 180 ? angle : angle - 360; } ===================================== dom/base/test/chrome/bug418986-1.js ===================================== @@ -32,9 +32,6 @@ var test = function (isContent) { ["screen.availTop", 0], ["screen.width", "outerWidth"], ["screen.height", "outerHeight"], - ["screen.orientation.type", "'landscape-primary'"], - ["screen.orientation.angle", 0], - ["screen.mozOrientation", "'landscape-primary'"], ["devicePixelRatio", 2], ]; ===================================== hal/android/AndroidHal.cpp ===================================== @@ -79,19 +79,20 @@ void GetCurrentNetworkInformation(hal::NetworkInformation* aNetworkInfo) { static bool IsSupportedScreenOrientation(hal::ScreenOrientation aOrientation) { // The Android backend only supports these orientations. - static constexpr ScreenOrientation kSupportedOrientations[] = { - ScreenOrientation::PortraitPrimary, - ScreenOrientation::PortraitSecondary, - ScreenOrientation::PortraitPrimary | ScreenOrientation::PortraitSecondary, - ScreenOrientation::LandscapePrimary, - ScreenOrientation::LandscapeSecondary, - ScreenOrientation::LandscapePrimary | - ScreenOrientation::LandscapeSecondary, - ScreenOrientation::PortraitPrimary | - ScreenOrientation::PortraitSecondary | - ScreenOrientation::LandscapePrimary | - ScreenOrientation::LandscapeSecondary, - ScreenOrientation::Default, + static constexpr hal::ScreenOrientation kSupportedOrientations[] = { + hal::ScreenOrientation::PortraitPrimary, + hal::ScreenOrientation::PortraitSecondary, + hal::ScreenOrientation::PortraitPrimary | + hal::ScreenOrientation::PortraitSecondary, + hal::ScreenOrientation::LandscapePrimary, + hal::ScreenOrientation::LandscapeSecondary, + hal::ScreenOrientation::LandscapePrimary | + hal::ScreenOrientation::LandscapeSecondary, + hal::ScreenOrientation::PortraitPrimary | + hal::ScreenOrientation::PortraitSecondary | + hal::ScreenOrientation::LandscapePrimary | + hal::ScreenOrientation::LandscapeSecondary, + hal::ScreenOrientation::Default, }; for (auto supportedOrientation : kSupportedOrientations) { if (aOrientation == supportedOrientation) { ===================================== toolkit/components/resistfingerprinting/nsRFPService.cpp ===================================== @@ -2284,3 +2284,34 @@ Maybe<RFPTarget> nsRFPService::GetOverriddenFingerprintingSettingsForURI( return result; } + +/* static */ +uint16_t nsRFPService::ViewportSizeToAngle(int32_t aWidth, int32_t aHeight) { +#ifdef MOZ_WIDGET_ANDROID + bool neutral = aHeight >= aWidth; +#else + bool neutral = aWidth >= aHeight; +#endif + if (neutral) { + return 0; + } + return 90; +} + +/* static */ +dom::OrientationType nsRFPService::ViewportSizeToOrientationType( + int32_t aWidth, int32_t aHeight) { + if (aWidth >= aHeight) { + return dom::OrientationType::Landscape_primary; + } + return dom::OrientationType::Portrait_primary; +} + +/* static */ +dom::OrientationType nsRFPService::GetDefaultOrientationType() { +#ifdef MOZ_WIDGET_ANDROID + return dom::OrientationType::Portrait_primary; +#else + return dom::OrientationType::Landscape_primary; +#endif +} ===================================== toolkit/components/resistfingerprinting/nsRFPService.h ===================================== @@ -14,6 +14,7 @@ #include "mozilla/ContentBlockingLog.h" #include "mozilla/gfx/Types.h" #include "mozilla/TypedEnumBits.h" +#include "mozilla/dom/ScreenOrientationBinding.h" #include "js/RealmOptions.h" #include "nsHashtablesFwd.h" #include "nsICookieJarSettings.h" @@ -368,6 +369,16 @@ class nsRFPService final : public nsIObserver, public nsIRFPService { static bool CheckSuspiciousFingerprintingActivity( nsTArray<ContentBlockingLog::LogEntry>& aLogs); + // Converts the viewport size to the angle. + static uint16_t ViewportSizeToAngle(int32_t aWidth, int32_t aHeight); + + // Converts the viewport size to the orientation type. + static dom::OrientationType ViewportSizeToOrientationType(int32_t aWidth, + int32_t aHeight); + + // Returns the default orientation type for the given platform. + static dom::OrientationType GetDefaultOrientationType(); + private: nsresult Init(); View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/compare/c4c73e… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/compare/c4c73e… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/mullvad-browser][mullvad-browser-128.3.0esr-14.0-1] Bug 1918009 - Fix the RFP-spoofed User-Agent header. r=tjr
by morgan (＠morgan) 02 Oct '24

02 Oct '24

morgan pushed to branch mullvad-browser-128.3.0esr-14.0-1 at The Tor Project / Applications / Mullvad Browser Commits: 92d9fad9 by Pier Angelo Vendrame at 2024-10-02T18:50:03+00:00 Bug 1918009 - Fix the RFP-spoofed User-Agent header. r=tjr The spoofed value of the HTTP user-agent header is not consistent with the value of navigator.userAgent on Windows, and this can lead to compatibility issues. Differential Revision: https://phabricator.services.mozilla.com/D223745 - - - - - 3 changed files: - browser/components/resistfingerprinting/test/browser/browser_navigator.js - browser/components/resistfingerprinting/test/browser/browser_navigator_iframes.js - toolkit/components/resistfingerprinting/nsRFPService.h Changes: ===================================== browser/components/resistfingerprinting/test/browser/browser_navigator.js ===================================== @@ -115,11 +115,11 @@ const SPOOFED_UA_NAVIGATOR_OS = { other: "X11; Linux x86_64", }; const SPOOFED_UA_HTTPHEADER_OS = { - linux: "Windows NT 10.0", - win: "Windows NT 10.0", - macosx: "Windows NT 10.0", + linux: "Windows NT 10.0; Win64; x64", + win: "Windows NT 10.0; Win64; x64", + macosx: "Windows NT 10.0; Win64; x64", android: "Android 10; Mobile", - other: "Windows NT 10.0", + other: "Windows NT 10.0; Win64; x64", }; const SPOOFED_HW_CONCURRENCY = 2; ===================================== browser/components/resistfingerprinting/test/browser/browser_navigator_iframes.js ===================================== @@ -130,11 +130,11 @@ const SPOOFED_UA_NAVIGATOR_OS = { other: "X11; Linux x86_64", }; const SPOOFED_UA_HTTPHEADER_OS = { - linux: "Windows NT 10.0", - win: "Windows NT 10.0", - macosx: "Windows NT 10.0", + linux: "Windows NT 10.0; Win64; x64", + win: "Windows NT 10.0; Win64; x64", + macosx: "Windows NT 10.0; Win64; x64", android: "Android 10; Mobile", - other: "Windows NT 10.0", + other: "Windows NT 10.0; Win64; x64", }; const SPOOFED_HW_CONCURRENCY = 2; ===================================== toolkit/components/resistfingerprinting/nsRFPService.h ===================================== @@ -63,7 +63,7 @@ #if defined(MOZ_WIDGET_ANDROID) # define SPOOFED_HTTP_UA_OS "Android 10; Mobile" #else -# define SPOOFED_HTTP_UA_OS "Windows NT 10.0" +# define SPOOFED_HTTP_UA_OS "Windows NT 10.0; Win64; x64" #endif struct JSContext; View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/commit/92d… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/commit/92d… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][base-browser-128.3.0esr-14.0-1] Bug 1918009 - Fix the RFP-spoofed User-Agent header. r=tjr
by morgan (＠morgan) 02 Oct '24

02 Oct '24

morgan pushed to branch base-browser-128.3.0esr-14.0-1 at The Tor Project / Applications / Tor Browser Commits: dbdddf48 by Pier Angelo Vendrame at 2024-10-02T18:49:35+00:00 Bug 1918009 - Fix the RFP-spoofed User-Agent header. r=tjr The spoofed value of the HTTP user-agent header is not consistent with the value of navigator.userAgent on Windows, and this can lead to compatibility issues. Differential Revision: https://phabricator.services.mozilla.com/D223745 - - - - - 3 changed files: - browser/components/resistfingerprinting/test/browser/browser_navigator.js - browser/components/resistfingerprinting/test/browser/browser_navigator_iframes.js - toolkit/components/resistfingerprinting/nsRFPService.h Changes: ===================================== browser/components/resistfingerprinting/test/browser/browser_navigator.js ===================================== @@ -115,11 +115,11 @@ const SPOOFED_UA_NAVIGATOR_OS = { other: "X11; Linux x86_64", }; const SPOOFED_UA_HTTPHEADER_OS = { - linux: "Windows NT 10.0", - win: "Windows NT 10.0", - macosx: "Windows NT 10.0", + linux: "Windows NT 10.0; Win64; x64", + win: "Windows NT 10.0; Win64; x64", + macosx: "Windows NT 10.0; Win64; x64", android: "Android 10; Mobile", - other: "Windows NT 10.0", + other: "Windows NT 10.0; Win64; x64", }; const SPOOFED_HW_CONCURRENCY = 2; ===================================== browser/components/resistfingerprinting/test/browser/browser_navigator_iframes.js ===================================== @@ -130,11 +130,11 @@ const SPOOFED_UA_NAVIGATOR_OS = { other: "X11; Linux x86_64", }; const SPOOFED_UA_HTTPHEADER_OS = { - linux: "Windows NT 10.0", - win: "Windows NT 10.0", - macosx: "Windows NT 10.0", + linux: "Windows NT 10.0; Win64; x64", + win: "Windows NT 10.0; Win64; x64", + macosx: "Windows NT 10.0; Win64; x64", android: "Android 10; Mobile", - other: "Windows NT 10.0", + other: "Windows NT 10.0; Win64; x64", }; const SPOOFED_HW_CONCURRENCY = 2; ===================================== toolkit/components/resistfingerprinting/nsRFPService.h ===================================== @@ -63,7 +63,7 @@ #if defined(MOZ_WIDGET_ANDROID) # define SPOOFED_HTTP_UA_OS "Android 10; Mobile" #else -# define SPOOFED_HTTP_UA_OS "Windows NT 10.0" +# define SPOOFED_HTTP_UA_OS "Windows NT 10.0; Win64; x64" #endif struct JSContext; View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/dbdddf4… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/dbdddf4… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][tor-browser-128.3.0esr-14.0-1] Bug 1918009 - Fix the RFP-spoofed User-Agent header. r=tjr
by morgan (＠morgan) 02 Oct '24

02 Oct '24

morgan pushed to branch tor-browser-128.3.0esr-14.0-1 at The Tor Project / Applications / Tor Browser Commits: c4c73ea4 by Pier Angelo Vendrame at 2024-10-02T18:31:19+00:00 Bug 1918009 - Fix the RFP-spoofed User-Agent header. r=tjr The spoofed value of the HTTP user-agent header is not consistent with the value of navigator.userAgent on Windows, and this can lead to compatibility issues. Differential Revision: https://phabricator.services.mozilla.com/D223745 - - - - - 3 changed files: - browser/components/resistfingerprinting/test/browser/browser_navigator.js - browser/components/resistfingerprinting/test/browser/browser_navigator_iframes.js - toolkit/components/resistfingerprinting/nsRFPService.h Changes: ===================================== browser/components/resistfingerprinting/test/browser/browser_navigator.js ===================================== @@ -115,11 +115,11 @@ const SPOOFED_UA_NAVIGATOR_OS = { other: "X11; Linux x86_64", }; const SPOOFED_UA_HTTPHEADER_OS = { - linux: "Windows NT 10.0", - win: "Windows NT 10.0", - macosx: "Windows NT 10.0", + linux: "Windows NT 10.0; Win64; x64", + win: "Windows NT 10.0; Win64; x64", + macosx: "Windows NT 10.0; Win64; x64", android: "Android 10; Mobile", - other: "Windows NT 10.0", + other: "Windows NT 10.0; Win64; x64", }; const SPOOFED_HW_CONCURRENCY = 2; ===================================== browser/components/resistfingerprinting/test/browser/browser_navigator_iframes.js ===================================== @@ -130,11 +130,11 @@ const SPOOFED_UA_NAVIGATOR_OS = { other: "X11; Linux x86_64", }; const SPOOFED_UA_HTTPHEADER_OS = { - linux: "Windows NT 10.0", - win: "Windows NT 10.0", - macosx: "Windows NT 10.0", + linux: "Windows NT 10.0; Win64; x64", + win: "Windows NT 10.0; Win64; x64", + macosx: "Windows NT 10.0; Win64; x64", android: "Android 10; Mobile", - other: "Windows NT 10.0", + other: "Windows NT 10.0; Win64; x64", }; const SPOOFED_HW_CONCURRENCY = 2; ===================================== toolkit/components/resistfingerprinting/nsRFPService.h ===================================== @@ -63,7 +63,7 @@ #if defined(MOZ_WIDGET_ANDROID) # define SPOOFED_HTTP_UA_OS "Android 10; Mobile" #else -# define SPOOFED_HTTP_UA_OS "Windows NT 10.0" +# define SPOOFED_HTTP_UA_OS "Windows NT 10.0; Win64; x64" #endif struct JSContext; View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/c4c73ea… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/c4c73ea… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/mullvad-browser][mullvad-browser-128.3.0esr-14.0-1] fixup! Firefox preference overrides.
by morgan (＠morgan) 02 Oct '24

02 Oct '24

morgan pushed to branch mullvad-browser-128.3.0esr-14.0-1 at The Tor Project / Applications / Mullvad Browser Commits: 37ace560 by Morgan at 2024-10-02T17:36:53+00:00 fixup! Firefox preference overrides. Bug 43164: Prevent search-bar from being auto-hidden when not used for awhile - - - - - 1 changed file: - browser/app/profile/001-base-profile.js Changes: ===================================== browser/app/profile/001-base-profile.js ===================================== @@ -9,6 +9,11 @@ pref("intl.locale.requested", ""); pref("browser.startup.homepage", "about:blank"); pref("browser.newtabpage.enabled", false); +// tor-browser#43164: Prevent search-bar from being auto-hidden when not used for awhile +// This preference is locked so that the browser itself can never set an actual +// value that would trigger the migration. +pref("browser.search.widget.lastUsed", "", locked); + // Disable initial homepage notifications pref("browser.search.update", false); pref("startup.homepage_welcome_url", ""); View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/commit/37a… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/commit/37a… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][base-browser-128.3.0esr-14.0-1] fixup! Firefox preference overrides.
by morgan (＠morgan) 02 Oct '24

02 Oct '24

morgan pushed to branch base-browser-128.3.0esr-14.0-1 at The Tor Project / Applications / Tor Browser Commits: e25795c4 by Morgan at 2024-10-02T17:34:44+00:00 fixup! Firefox preference overrides. Bug 43164: Prevent search-bar from being auto-hidden when not used for awhile - - - - - 1 changed file: - browser/app/profile/001-base-profile.js Changes: ===================================== browser/app/profile/001-base-profile.js ===================================== @@ -9,6 +9,11 @@ pref("intl.locale.requested", ""); pref("browser.startup.homepage", "about:blank"); pref("browser.newtabpage.enabled", false); +// tor-browser#43164: Prevent search-bar from being auto-hidden when not used for awhile +// This preference is locked so that the browser itself can never set an actual +// value that would trigger the migration. +pref("browser.search.widget.lastUsed", "", locked); + // Disable initial homepage notifications pref("browser.search.update", false); pref("startup.homepage_welcome_url", ""); View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/e25795c… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/e25795c… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][tor-browser-128.3.0esr-14.0-1] fixup! Firefox preference overrides.
by morgan (＠morgan) 02 Oct '24

02 Oct '24

morgan pushed to branch tor-browser-128.3.0esr-14.0-1 at The Tor Project / Applications / Tor Browser Commits: 019449c4 by Morgan at 2024-10-02T17:32:43+00:00 fixup! Firefox preference overrides. Bug 43164: Prevent search-bar from being auto-hidden when not used for awhile - - - - - 1 changed file: - browser/app/profile/001-base-profile.js Changes: ===================================== browser/app/profile/001-base-profile.js ===================================== @@ -9,6 +9,11 @@ pref("intl.locale.requested", ""); pref("browser.startup.homepage", "about:blank"); pref("browser.newtabpage.enabled", false); +// tor-browser#43164: Prevent search-bar from being auto-hidden when not used for awhile +// This preference is locked so that the browser itself can never set an actual +// value that would trigger the migration. +pref("browser.search.widget.lastUsed", "", locked); + // Disable initial homepage notifications pref("browser.search.update", false); pref("startup.homepage_welcome_url", ""); View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/019449c… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/019449c… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser-build] Pushed new tag tbb-13.5a11-build1
by morgan (＠morgan) 02 Oct '24

02 Oct '24

morgan pushed new tag tbb-13.5a11-build1 at The Tor Project / Applications / tor-browser-build -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/tree/tbb… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser-build][maint-13.5a11] Bug 41253: Prepare Tor Browser 13.5a11
by morgan (＠morgan) 02 Oct '24

02 Oct '24

morgan pushed to branch maint-13.5a11 at The Tor Project / Applications / tor-browser-build Commits: a4cc91f7 by Morgan at 2024-10-02T16:56:22+00:00 Bug 41253: Prepare Tor Browser 13.5a11 - - - - - 5 changed files: - projects/browser/Bundle-Data/Docs-TBB/ChangeLog.txt - projects/browser/config - projects/firefox/config - projects/translation/config - rbm.conf Changes: ===================================== projects/browser/Bundle-Data/Docs-TBB/ChangeLog.txt ===================================== @@ -1,3 +1,47 @@ +Tor Browser 13.5a11 - October 01 2024 + * All Platforms + * Bug 41252: Disable updating update_responses in 13.5-legacy branch [tor-browser-build] + * Windows + macOS + Linux + * Updated Firefox to 115.16.0esr + +Tor Browser 13.5.6 - September 30 2024 + * All Platforms + * Updated NoScript to 11.4.40 + * Bug 42832: Download spam prevention should not affect browser extensions [tor-browser] + * Bug 43167: Rebase Tor Browser Stable onto 115.16.0esr [tor-browser] + * Bug 43173: Backport security fixes from Firefox 131 [tor-browser] + * Windows + macOS + Linux + * Updated Firefox to 115.16.0esr + * Bug 42737: Drop the hash check on updates [tor-browser] + * Bug 43098: YEC 2024 Takeover for Desktop Stable [tor-browser] + * Windows + macOS + * Bug 42747: Windows 7/8 and macOS 10.12-10.14 Legacy/Maintenance [tor-browser] + * Android + * Updated GeckoView to 115.16.0esr + * Bug 43099: YEC 2024 Takeover for Android Stable [tor-browser] + +Tor Browser 14.0a7 - September 27 2024 + * All Platforms + * Updated NoScript to 11.4.40 + * Bug 42832: Download spam prevention should not affect browser extensions [tor-browser] + * Bug 43163: Disable offscreen canvas until verified it is not fingerprintable [tor-browser] + * Bug 43166: Rebase Tor Browser alpha onto Firefox 128.3.0esr [tor-browser] + * Windows + macOS + Linux + * Updated Firefox to 128.3.0esr + * Bug 42070: Backport Bugzilla 1834307 and hide smooth-scroll UX [tor-browser] + * Bug 42362: "New window" missing from File menu [tor-browser] + * Bug 42742: Inconsistent use of "New private window" vs "New window" [tor-browser] + * Bug 41248: Check and update bundled font versions [tor-browser-build] + * Android + * Updated GeckoView to 128.3.0esr + * Bug 43172: remove remote settings and SERPTelemetry [tor-browser] + * Build System + * All Platforms + * Updated Go to 1.23.1 + * Bug 41236: Remove binutils when not needed [tor-browser-build] + * Windows + macOS + Linux + * Bug 41246: Add updater rewriterules to make 13.5a10 a watershed [tor-browser-build] + Tor Browser 13.5a10 - September 25 2024 * Windows + macOS + Linux * Updated Firefox to 115.15.0esr ===================================== projects/browser/config ===================================== @@ -104,9 +104,9 @@ input_files: enable: '[% ! c("var/android") %]' - filename: Bundle-Data enable: '[% ! c("var/android") %]' - - URL: https://addons.mozilla.org/firefox/downloads/file/4349514/noscript-11.4.37.… + - URL: https://addons.mozilla.org/firefox/downloads/file/4357325/noscript-11.4.40.… name: noscript - sha256sum: 5e9921599c63e0b357851ea7ca1354554b3af2c676bbbfff5687cafce4396c18 + sha256sum: 242ead426159d871480a13062cbee08abc97da746cdc5c643aee2692e9adbbb2 - URL: https://addons.mozilla.org/firefox/downloads/file/4328681/ublock_origin-1.5… name: ublock-origin sha256sum: 1db9c676a07d141f8d36dbbc24f9e3d64a6cc2340dbfc6c848bc4395f96cfb14 ===================================== projects/firefox/config ===================================== @@ -14,12 +14,12 @@ container: use_container: 1 var: - firefox_platform_version: 115.15.0 + firefox_platform_version: 115.16.0 firefox_version: '[% c("var/firefox_platform_version") %]esr' browser_series: '13.5' - browser_rebase: 2 + browser_rebase: 1 browser_branch: '[% c("var/browser_series") %]-[% c("var/browser_rebase") %]' - browser_build: 1 + browser_build: 2 branding_directory_prefix: 'tb' copyright_year: '[% exec("git show -s --format=%ci").remove("-.*") %]' nightly_updates_publish_dir: '[% c("var/nightly_updates_publish_dir_prefix") %]nightly-[% c("var/osname") %]' ===================================== projects/translation/config ===================================== @@ -12,13 +12,13 @@ compress_tar: 'gz' steps: base-browser: base-browser: '[% INCLUDE build %]' - git_hash: 16446c485b3be4198a7e79bfcac6510784a18506 + git_hash: a142f78af87f994913faa15fb4b0f34f0ce1a22b targets: nightly: git_hash: 'base-browser' tor-browser: tor-browser: '[% INCLUDE build %]' - git_hash: a2bf4c2f45736958ac99f60e60b9f6d0e94454c3 + git_hash: 04f824bce1b6fb4b989bb9303949af17eab11406 targets: nightly: git_hash: 'tor-browser' ===================================== rbm.conf ===================================== @@ -73,18 +73,18 @@ buildconf: git_signtag_opt: '-s' var: - torbrowser_version: '13.5a10' + torbrowser_version: '13.5a11' torbrowser_build: 'build1' # This should be the date of when the build is started. For the build # to be reproducible, browser_release_date should always be in the past. - browser_release_date: '2024/09/25 17:00:00' + browser_release_date: '2024/10/01 17:00:00' browser_release_date_timestamp: '[% USE date; date.format(c("var/browser_release_date"), "%s") %]' updater_enabled: 1 build_mar: 1 torbrowser_incremental_from: + - 13.5a10 - 13.5a9 - 13.5a8 - - 13.5a7 mar_channel_id: '[% c("var/projectname") %]-torproject-[% c("var/channel") %]' # By default, we sort the list of installed packages. This allows sharing View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/a… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/a… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][tor-browser-128.3.0esr-14.0-1] 2 commits: fixup! Orfox: Centralized proxy applied to AbstractCommunicator and BaseResources.
by Pier Angelo Vendrame (＠pierov) 02 Oct '24

02 Oct '24

Pier Angelo Vendrame pushed to branch tor-browser-128.3.0esr-14.0-1 at The Tor Project / Applications / Tor Browser Commits: 8acd4ac6 by Dan Ballard at 2024-10-02T16:09:15+00:00 fixup! Orfox: Centralized proxy applied to AbstractCommunicator and BaseResources. This reverts commit a16d36fce768826615620ee73bec755fcd7081ea for tb-42660 - - - - - 10a39162 by Dan Ballard at 2024-10-02T16:09:15+00:00 Bug 42660: Disable ProxySelector.openConnectionWithProxy and NOPify CrashReporter.sendCrashReport - - - - - 2 changed files: - mobile/android/geckoview/src/main/java/org/mozilla/gecko/util/ProxySelector.java - mobile/android/geckoview/src/main/java/org/mozilla/geckoview/CrashReporter.java Changes: ===================================== mobile/android/geckoview/src/main/java/org/mozilla/gecko/util/ProxySelector.java ===================================== @@ -28,40 +28,19 @@ import java.net.URLConnection; import java.util.List; public class ProxySelector { - private static final String TOR_PROXY_ADDRESS = "127.0.0.1"; - private static final int TOR_SOCKS_PROXY_PORT = 9150; - private static final int TOR_HTTP_PROXY_PORT = 8218; - public static URLConnection openConnectionWithProxy(final URI uri) throws IOException { - final java.net.ProxySelector ps = java.net.ProxySelector.getDefault(); - Proxy proxy = Proxy.NO_PROXY; - if (ps != null) { - final List<Proxy> proxies = ps.select(uri); - if (proxies != null && !proxies.isEmpty()) { - proxy = proxies.get(0); - } - } - - /* Ignore the proxy we found from the VM, only use Tor. We can probably - * safely use the logic in this class in the future. */ - return uri.toURL().openConnection(getProxy()); - } - - public static Proxy getProxy() { - // TODO make configurable - return new Proxy(Proxy.Type.SOCKS, new InetSocketAddress(TOR_PROXY_ADDRESS, TOR_SOCKS_PROXY_PORT)); - } - - public static String getProxyHostAddress() { - return TOR_PROXY_ADDRESS; - } - - public static int getSocksProxyPort() { - return TOR_SOCKS_PROXY_PORT; - } - - public static int getHttpProxyPort() { - return TOR_HTTP_PROXY_PORT; +// tb-42660: This should not be used: it cannot safely get tor configs so would be a proxy leak risk + throw new IOException("openConnectionWithProxy disabled by tb-42660"); +// final java.net.ProxySelector ps = java.net.ProxySelector.getDefault(); +// Proxy proxy = Proxy.NO_PROXY; +// if (ps != null) { +// final List<Proxy> proxies = ps.select(uri); +// if (proxies != null && !proxies.isEmpty()) { +// proxy = proxies.get(0); +// } +// } +// +// return uri.toURL().openConnection(proxy); } public ProxySelector() {} ===================================== mobile/android/geckoview/src/main/java/org/mozilla/geckoview/CrashReporter.java ===================================== @@ -169,6 +169,11 @@ public class CrashReporter { @NonNull final File minidumpFile, @NonNull final JSONObject extras) throws IOException, URISyntaxException { + // tb-42660: makeing a NOP + if (true) { + return GeckoResult.fromValue("0"); + } + Log.d(LOGTAG, "Sending crash report: " + minidumpFile.getPath()); HttpURLConnection conn = null; View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/compare/ac6b47… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/compare/ac6b47… You're receiving this email because of your account on gitlab.torproject.org.

1 0