Pier Angelo Vendrame pushed to branch tor-browser-102.10.0esr-12.0-1 at The Tor Project / Applications / Tor Browser
Commits:
-
8b73ad9e
by Pier Angelo Vendrame at 2023-05-08T10:15:38+02:00
-
c26520af
by Pier Angelo Vendrame at 2023-05-08T10:16:07+02:00
-
23ddf6d2
by hackademix at 2023-05-08T10:16:21+02:00
3 changed files:
- browser/app/profile/001-base-profile.js
- security/manager/ssl/StaticHPKPins.h
- toolkit/torbutton/modules/tor-control-port.js
Changes:
... | ... | @@ -404,6 +404,14 @@ pref("captivedetect.canonicalURL", ""); |
404 | 404 | // See tor-browser#18801.
|
405 | 405 | pref("dom.push.serverURL", "");
|
406 | 406 | |
407 | +#ifdef XP_WIN
|
|
408 | +// tor-browser#41683: Disable the network process on Windows
|
|
409 | +// Mozilla already disables the network process for HTTP.
|
|
410 | +// With this preference, we completely disable it, because we found that it
|
|
411 | +// breaks stuff with mingw. See also tor-browser#41489.
|
|
412 | +pref("network.process.enabled", false);
|
|
413 | +#endif
|
|
414 | + |
|
407 | 415 | // Extension support
|
408 | 416 | pref("extensions.autoDisableScopes", 0);
|
409 | 417 | pref("extensions.databaseSchema", 3);
|
... | ... | @@ -451,6 +451,14 @@ static const StaticFingerprints kPinset_tor = { |
451 | 451 | kPinset_tor_Data
|
452 | 452 | };
|
453 | 453 | |
454 | +static const char* const kPinset_tor_browser_Data[] = {
|
|
455 | + kISRG_Root_X1Fingerprint,
|
|
456 | +};
|
|
457 | +static const StaticFingerprints kPinset_tor_browser = {
|
|
458 | + sizeof(kPinset_tor_browser_Data) / sizeof(const char*),
|
|
459 | + kPinset_tor_browser_Data
|
|
460 | +};
|
|
461 | + |
|
454 | 462 | static const char* const kPinset_twitterCom_Data[] = {
|
455 | 463 | kGOOGLE_PIN_VeriSignClass2_G2Fingerprint,
|
456 | 464 | kGOOGLE_PIN_VeriSignClass3_G2Fingerprint,
|
... | ... | @@ -619,6 +627,7 @@ static const TransportSecurityPreload kPublicKeyPinningPreloadList[] = { |
619 | 627 | { "blogger.com", true, false, false, -1, &kPinset_google_root_pems },
|
620 | 628 | { "blogspot.com", true, false, false, -1, &kPinset_google_root_pems },
|
621 | 629 | { "br.search.yahoo.com", false, true, false, -1, &kPinset_yahoo },
|
630 | + { "bridges.torproject.org", false, false, false, -1, &kPinset_tor_browser },
|
|
622 | 631 | { "bugs.chromium.org", true, false, false, -1, &kPinset_google_root_pems },
|
623 | 632 | { "build.chromium.org", true, false, false, -1, &kPinset_google_root_pems },
|
624 | 633 | { "business.facebook.com", true, false, false, -1, &kPinset_facebook },
|
... | ... | @@ -135,6 +135,18 @@ class AsyncSocket { |
135 | 135 | this.inputQueue.push({
|
136 | 136 | onInputStreamReady: stream => {
|
137 | 137 | try {
|
138 | + if (!this.scriptableInputStream.available()) {
|
|
139 | + // This means EOF, but not closed yet. However, arriving at EOF
|
|
140 | + // should be an error condition for us, since we are in a socket,
|
|
141 | + // and EOF should mean peer disconnected.
|
|
142 | + // If the stream has been closed, this function itself should
|
|
143 | + // throw.
|
|
144 | + reject(
|
|
145 | + new Error("onInputStreamReady called without available bytes.")
|
|
146 | + );
|
|
147 | + return;
|
|
148 | + }
|
|
149 | + |
|
138 | 150 | // read our string from input stream
|
139 | 151 | let str = this.scriptableInputStream.read(
|
140 | 152 | this.scriptableInputStream.available()
|