ma1 pushed to branch tor-browser-115.17.0esr-13.5-1 at The Tor Project / Applications / Tor Browser

Commits:

8 changed files:

Changes:

  • dom/console/Console.cpp
    ... ... @@ -802,6 +802,7 @@ NS_IMPL_CYCLE_COLLECTION_UNLINK_BEGIN(Console)
    802 802
       NS_IMPL_CYCLE_COLLECTION_UNLINK(mDumpFunction)
    
    803 803
       NS_IMPL_CYCLE_COLLECTION_UNLINK_WEAK_REFERENCE
    
    804 804
       tmp->Shutdown();
    
    805
    +  tmp->mArgumentStorage.clearAndFree();
    
    805 806
     NS_IMPL_CYCLE_COLLECTION_UNLINK_END
    
    806 807
     
    
    807 808
     NS_IMPL_CYCLE_COLLECTION_TRAVERSE_BEGIN(Console)
    

  • dom/media/systemservices/CamerasChild.cpp
    ... ... @@ -331,7 +331,7 @@ int CamerasChild::AllocateCapture(CaptureEngine aCapEngine,
    331 331
       LOG(("%s", __PRETTY_FUNCTION__));
    
    332 332
       nsCString unique_id(unique_idUTF8);
    
    333 333
       nsCOMPtr<nsIRunnable> runnable =
    
    334
    -      mozilla::NewRunnableMethod<CaptureEngine, nsCString, const uint64_t&>(
    
    334
    +      mozilla::NewRunnableMethod<CaptureEngine, nsCString, uint64_t>(
    
    335 335
               "camera::PCamerasChild::SendAllocateCapture", this,
    
    336 336
               &CamerasChild::SendAllocateCapture, aCapEngine, unique_id, aWindowID);
    
    337 337
       LockAndDispatch<> dispatcher(this, __func__, runnable, -1, mReplyInteger);
    

  • dom/push/PushCrypto.sys.mjs
    ... ... @@ -108,6 +108,8 @@ function getEncryptionParams(encryptField) {
    108 108
     // aes128gcm scheme.
    
    109 109
     function getCryptoParamsFromPayload(payload) {
    
    110 110
       if (payload.byteLength < 21) {
    
    111
    +    // The value 21 is from https://datatracker.ietf.org/doc/html/rfc8188#section-2.1
    
    112
    +    // | salt (16) | rs (4) | idlen (1) | keyid (idlen) |
    
    111 113
         throw new CryptoError("Truncated header", BAD_CRYPTO);
    
    112 114
       }
    
    113 115
       let rs =
    
    ... ... @@ -115,8 +117,16 @@ function getCryptoParamsFromPayload(payload) {
    115 117
         (payload[17] << 16) |
    
    116 118
         (payload[18] << 8) |
    
    117 119
         payload[19];
    
    120
    +  if (rs < 18) {
    
    121
    +    // https://datatracker.ietf.org/doc/html/rfc8188#section-2.1
    
    122
    +    throw new CryptoError(
    
    123
    +      "Record sizes smaller than 18 are invalid",
    
    124
    +      BAD_RS_PARAM
    
    125
    +    );
    
    126
    +  }
    
    118 127
       let keyIdLen = payload[20];
    
    119 128
       if (keyIdLen != 65) {
    
    129
    +    // https://datatracker.ietf.org/doc/html/rfc8291/#section-4
    
    120 130
         throw new CryptoError("Invalid sender public key", BAD_DH_PARAM);
    
    121 131
       }
    
    122 132
       if (payload.byteLength <= 21 + keyIdLen) {
    
    ... ... @@ -171,8 +181,12 @@ export function getCryptoParamsFromHeaders(headers) {
    171 181
         throw new CryptoError("Invalid salt parameter", BAD_SALT_PARAM);
    
    172 182
       }
    
    173 183
       var rs = enc.rs ? parseInt(enc.rs, 10) : 4096;
    
    174
    -  if (isNaN(rs)) {
    
    175
    -    throw new CryptoError("rs parameter must be a number", BAD_RS_PARAM);
    
    184
    +  if (isNaN(rs) || rs < 1 || rs > 68719476705) {
    
    185
    +    // https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-encryption-encoding-03#section-3.1
    
    186
    +    throw new CryptoError(
    
    187
    +      "rs parameter must be a number greater than 1 and smaller than 2^36-31",
    
    188
    +      BAD_RS_PARAM
    
    189
    +    );
    
    176 190
       }
    
    177 191
       return {
    
    178 192
         salt,
    
    ... ... @@ -791,6 +805,7 @@ class aes128gcmEncoder {
    791 805
       // Perform the actual encryption of the payload.
    
    792 806
       async encrypt(key, nonce) {
    
    793 807
         if (this.rs < 18) {
    
    808
    +      // https://datatracker.ietf.org/doc/html/rfc8188#section-2.1
    
    794 809
           throw new CryptoError("recordsize is too small", BAD_RS_PARAM);
    
    795 810
         }
    
    796 811
     
    
    ... ... @@ -869,6 +884,7 @@ class aes128gcmEncoder {
    869 884
       createHeader(key) {
    
    870 885
         // layout is "salt|32-bit-int|8-bit-int|key"
    
    871 886
         if (key.byteLength != 65) {
    
    887
    +      // https://datatracker.ietf.org/doc/html/rfc8291/#section-4
    
    872 888
           throw new CryptoError("Invalid key length for header", BAD_DH_PARAM);
    
    873 889
         }
    
    874 890
         // the 2 ints
    

  • netwerk/cache2/CacheFileIOManager.cpp
    ... ... @@ -4359,13 +4359,15 @@ class SizeOfHandlesRunnable : public Runnable {
    4359 4359
      public:
    
    4360 4360
       SizeOfHandlesRunnable(mozilla::MallocSizeOf mallocSizeOf,
    
    4361 4361
                             CacheFileHandles const& handles,
    
    4362
    -                        nsTArray<CacheFileHandle*> const& specialHandles)
    
    4362
    +                        nsTArray<CacheFileHandle*> const& specialHandles,
    
    4363
    +                        nsCOMPtr<nsITimer> const& metadataWritesTimer)
    
    4363 4364
           : Runnable("net::SizeOfHandlesRunnable"),
    
    4364 4365
             mMonitor("SizeOfHandlesRunnable.mMonitor"),
    
    4365 4366
             mMonitorNotified(false),
    
    4366 4367
             mMallocSizeOf(mallocSizeOf),
    
    4367 4368
             mHandles(handles),
    
    4368 4369
             mSpecialHandles(specialHandles),
    
    4370
    +        mMetadataWritesTimer(metadataWritesTimer),
    
    4369 4371
             mSize(0) {}
    
    4370 4372
     
    
    4371 4373
       size_t Get(CacheIOThread* thread) {
    
    ... ... @@ -4397,6 +4399,10 @@ class SizeOfHandlesRunnable : public Runnable {
    4397 4399
         for (uint32_t i = 0; i < mSpecialHandles.Length(); ++i) {
    
    4398 4400
           mSize += mSpecialHandles[i]->SizeOfIncludingThis(mMallocSizeOf);
    
    4399 4401
         }
    
    4402
    +    nsCOMPtr<nsISizeOf> sizeOf = do_QueryInterface(mMetadataWritesTimer);
    
    4403
    +    if (sizeOf) {
    
    4404
    +      mSize += sizeOf->SizeOfIncludingThis(mMallocSizeOf);
    
    4405
    +    }
    
    4400 4406
     
    
    4401 4407
         mMonitorNotified = true;
    
    4402 4408
         mon.Notify();
    
    ... ... @@ -4404,11 +4410,12 @@ class SizeOfHandlesRunnable : public Runnable {
    4404 4410
       }
    
    4405 4411
     
    
    4406 4412
      private:
    
    4407
    -  mozilla::Monitor mMonitor MOZ_UNANNOTATED;
    
    4413
    +  mozilla::Monitor mMonitor;
    
    4408 4414
       bool mMonitorNotified;
    
    4409 4415
       mozilla::MallocSizeOf mMallocSizeOf;
    
    4410 4416
       CacheFileHandles const& mHandles;
    
    4411 4417
       nsTArray<CacheFileHandle*> const& mSpecialHandles;
    
    4418
    +  nsCOMPtr<nsITimer> const& mMetadataWritesTimer;
    
    4412 4419
       size_t mSize;
    
    4413 4420
     };
    
    4414 4421
     
    
    ... ... @@ -4422,10 +4429,11 @@ size_t CacheFileIOManager::SizeOfExcludingThisInternal(
    4422 4429
       if (mIOThread) {
    
    4423 4430
         n += mIOThread->SizeOfIncludingThis(mallocSizeOf);
    
    4424 4431
     
    
    4425
    -    // mHandles and mSpecialHandles must be accessed only on the I/O thread,
    
    4426
    -    // must sync dispatch.
    
    4432
    +    // mHandles, mSpecialHandles and mMetadataWritesTimer must be accessed
    
    4433
    +    // only on the I/O thread, must sync dispatch.
    
    4427 4434
         RefPtr<SizeOfHandlesRunnable> sizeOfHandlesRunnable =
    
    4428
    -        new SizeOfHandlesRunnable(mallocSizeOf, mHandles, mSpecialHandles);
    
    4435
    +        new SizeOfHandlesRunnable(mallocSizeOf, mHandles, mSpecialHandles,
    
    4436
    +                                  mMetadataWritesTimer);
    
    4429 4437
         n += sizeOfHandlesRunnable->Get(mIOThread);
    
    4430 4438
       }
    
    4431 4439
     
    
    ... ... @@ -4434,9 +4442,6 @@ size_t CacheFileIOManager::SizeOfExcludingThisInternal(
    4434 4442
       sizeOf = do_QueryInterface(mCacheDirectory);
    
    4435 4443
       if (sizeOf) n += sizeOf->SizeOfIncludingThis(mallocSizeOf);
    
    4436 4444
     
    
    4437
    -  sizeOf = do_QueryInterface(mMetadataWritesTimer);
    
    4438
    -  if (sizeOf) n += sizeOf->SizeOfIncludingThis(mallocSizeOf);
    
    4439
    -
    
    4440 4445
       sizeOf = do_QueryInterface(mTrashTimer);
    
    4441 4446
       if (sizeOf) n += sizeOf->SizeOfIncludingThis(mallocSizeOf);
    
    4442 4447
     
    

  • netwerk/streamconv/converters/nsMultiMixedConv.cpp
    ... ... @@ -467,6 +467,12 @@ nsMultiMixedConv::OnStartRequest(nsIRequest* request) {
    467 467
         if (NS_SUCCEEDED(rv)) {
    
    468 468
           mRootContentSecurityPolicy = csp;
    
    469 469
         }
    
    470
    +    nsCString contentDisposition;
    
    471
    +    rv = httpChannel->GetResponseHeader("content-disposition"_ns,
    
    472
    +                                        contentDisposition);
    
    473
    +    if (NS_SUCCEEDED(rv)) {
    
    474
    +      mRootContentDisposition = contentDisposition;
    
    475
    +    }
    
    470 476
       } else {
    
    471 477
         // try asking the channel directly
    
    472 478
         rv = mChannel->GetContentType(contentType);
    
    ... ... @@ -837,7 +843,11 @@ nsresult nsMultiMixedConv::SendStart() {
    837 843
       rv = mPartChannel->SetContentLength(mContentLength);
    
    838 844
       if (NS_FAILED(rv)) return rv;
    
    839 845
     
    
    840
    -  mPartChannel->SetContentDisposition(mContentDisposition);
    
    846
    +  if (!mRootContentDisposition.IsEmpty()) {
    
    847
    +    mPartChannel->SetContentDisposition(mRootContentDisposition);
    
    848
    +  } else {
    
    849
    +    mPartChannel->SetContentDisposition(mContentDisposition);
    
    850
    +  }
    
    841 851
     
    
    842 852
       // Each part of a multipart/replace response can be used
    
    843 853
       // for the top level document.  We must inform upper layers
    

  • netwerk/streamconv/converters/nsMultiMixedConv.h
    ... ... @@ -150,15 +150,17 @@ class nsMultiMixedConv : public nsIStreamConverter {
    150 150
       nsCOMPtr<nsIStreamListener> mFinalListener;  // this guy gets the converted
    
    151 151
                                                    // data via his OnDataAvailable()
    
    152 152
     
    
    153
    -  nsCOMPtr<nsIChannel>
    
    154
    -      mChannel;  // The channel as we get in in OnStartRequest call
    
    155
    -  RefPtr<nsPartChannel> mPartChannel;  // the channel for the given part we're
    
    156
    -                                       // processing. one channel per part.
    
    153
    +  // The channel as we get it in OnStartRequest call
    
    154
    +  nsCOMPtr<nsIChannel> mChannel;
    
    155
    +  // the channel for the given part we're
    
    156
    +  // processing. one channel per part.
    
    157
    +  RefPtr<nsPartChannel> mPartChannel;
    
    157 158
       nsCOMPtr<nsISupports> mContext;
    
    158 159
       nsCString mContentType;
    
    159 160
       nsCString mContentDisposition;
    
    160 161
       nsCString mContentSecurityPolicy;
    
    161 162
       nsCString mRootContentSecurityPolicy;
    
    163
    +  nsCString mRootContentDisposition;
    
    162 164
       uint64_t mContentLength{UINT64_MAX};
    
    163 165
       uint64_t mTotalSent{0};
    
    164 166
     
    

  • toolkit/content/widgets/popupnotification.js
    ... ... @@ -15,7 +15,7 @@
    15 15
             ".popup-notification-description": "popupid,id=descriptionid",
    
    16 16
             ".popup-notification-description > span:first-of-type":
    
    17 17
               "text=label,popupid",
    
    18
    -        ".popup-notification-description > b:first-of-type":
    
    18
    +        ".popup-notification-description > .popup-notification-description-name":
    
    19 19
               "text=name,popupid",
    
    20 20
             ".popup-notification-description > span:nth-of-type(2)":
    
    21 21
               "text=endlabel,popupid",
    
    ... ... @@ -82,7 +82,7 @@
    82 82
                   <!-- These need to be on the same line to avoid creating
    
    83 83
                       whitespace between them (whitespace is added in the
    
    84 84
                       localization file, if necessary). -->
    
    85
    -              <description class="popup-notification-description"><html:span></html:span><html:b></html:b><html:span></html:span><html:b></html:b><html:span></html:span></description>
    
    85
    +              <description class="popup-notification-description"><html:span></html:span><html:b class="popup-notification-description-name"></html:b><html:span></html:span><html:b></html:b><html:span></html:span></description>
    
    86 86
                   <description class="popup-notification-hint-text"></description>
    
    87 87
                 </vbox>
    
    88 88
                 <toolbarbutton class="messageCloseButton close-icon popup-notification-closebutton tabbable" data-l10n-id="close-notification-message"></toolbarbutton>
    

  • toolkit/themes/shared/popupnotification.css
    ... ... @@ -52,6 +52,16 @@ popupnotificationcontent {
    52 52
       flex: 1 auto;
    
    53 53
     }
    
    54 54
     
    
    55
    +/*
    
    56
    + * Ensure that host names in PopupNotifications wrap. This targets the "name"
    
    57
    + * element in the description container which is the "name" property of the
    
    58
    + * PopupNotification. Name is what gets substituted from the l10n string using
    
    59
    + * the placeholder <>.
    
    60
    + */
    
    61
    +.popup-notification-description-name {
    
    62
    +  word-break: break-all;
    
    63
    +}
    
    64
    +
    
    55 65
     .popup-notification-closebutton {
    
    56 66
       margin-inline-end: -8px;
    
    57 67
       margin-top: -8px;