Pier Angelo Vendrame pushed to branch tor-browser-102.10.0esr-12.0-1 at The Tor Project / Applications / Tor Browser
Commits: 8b73ad9e by Pier Angelo Vendrame at 2023-05-08T10:15:38+02:00 fixup! Firefox preference overrides.
Bug 41683: Disable the network process on Windows
- - - - - c26520af by Pier Angelo Vendrame at 2023-05-08T10:16:07+02:00 fixup! Bug 10760: Integrate TorButton to TorBrowser core
Bug 40501: High CPU load after tor exits unexpectedly
When a peers (tor) disconnects, Firefox seems to keep the stream open, and return 0 on available, rather than throwing. So, as a matter of fact, we had a while trying to read 0 bytes without any pause in _readLine, hence the 100% CPU usage.
- - - - - 23ddf6d2 by hackademix at 2023-05-08T10:16:21+02:00 Bug 41728: Pin bridges.torproject.org domains to Let's Encrypt's root cert public key
- - - - -
3 changed files:
- browser/app/profile/001-base-profile.js - security/manager/ssl/StaticHPKPins.h - toolkit/torbutton/modules/tor-control-port.js
Changes:
===================================== browser/app/profile/001-base-profile.js ===================================== @@ -404,6 +404,14 @@ pref("captivedetect.canonicalURL", ""); // See tor-browser#18801. pref("dom.push.serverURL", "");
+#ifdef XP_WIN +// tor-browser#41683: Disable the network process on Windows +// Mozilla already disables the network process for HTTP. +// With this preference, we completely disable it, because we found that it +// breaks stuff with mingw. See also tor-browser#41489. +pref("network.process.enabled", false); +#endif + // Extension support pref("extensions.autoDisableScopes", 0); pref("extensions.databaseSchema", 3);
===================================== security/manager/ssl/StaticHPKPins.h ===================================== @@ -451,6 +451,14 @@ static const StaticFingerprints kPinset_tor = { kPinset_tor_Data };
+static const char* const kPinset_tor_browser_Data[] = { + kISRG_Root_X1Fingerprint, +}; +static const StaticFingerprints kPinset_tor_browser = { + sizeof(kPinset_tor_browser_Data) / sizeof(const char*), + kPinset_tor_browser_Data +}; + static const char* const kPinset_twitterCom_Data[] = { kGOOGLE_PIN_VeriSignClass2_G2Fingerprint, kGOOGLE_PIN_VeriSignClass3_G2Fingerprint, @@ -619,6 +627,7 @@ static const TransportSecurityPreload kPublicKeyPinningPreloadList[] = { { "blogger.com", true, false, false, -1, &kPinset_google_root_pems }, { "blogspot.com", true, false, false, -1, &kPinset_google_root_pems }, { "br.search.yahoo.com", false, true, false, -1, &kPinset_yahoo }, + { "bridges.torproject.org", false, false, false, -1, &kPinset_tor_browser }, { "bugs.chromium.org", true, false, false, -1, &kPinset_google_root_pems }, { "build.chromium.org", true, false, false, -1, &kPinset_google_root_pems }, { "business.facebook.com", true, false, false, -1, &kPinset_facebook },
===================================== toolkit/torbutton/modules/tor-control-port.js ===================================== @@ -135,6 +135,18 @@ class AsyncSocket { this.inputQueue.push({ onInputStreamReady: stream => { try { + if (!this.scriptableInputStream.available()) { + // This means EOF, but not closed yet. However, arriving at EOF + // should be an error condition for us, since we are in a socket, + // and EOF should mean peer disconnected. + // If the stream has been closed, this function itself should + // throw. + reject( + new Error("onInputStreamReady called without available bytes.") + ); + return; + } + // read our string from input stream let str = this.scriptableInputStream.read( this.scriptableInputStream.available()
View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/compare/77a7ec1...