December 2016 - tor-commits - lists.torproject.org

[sandboxed-tor-browser/master] fixup! Bug #20858: Make OpenGL work in the container with SW rendering.
by yawning＠torproject.org 02 Dec '16

02 Dec '16

commit f43c7ae0233b6ce9a38e768283a2d01bf3ebd481 Author: Yawning Angel <yawning(a)schwanenlied.me> Date: Fri Dec 2 09:47:17 2016 +0000 fixup! Bug #20858: Make OpenGL work in the container with SW rendering. i386 systems require waitpid() to be whitelisted for the firefox GLX test child process. --- data/torbrowser-launcher-whitelist-extras-i386.seccomp | 2 ++ 1 file changed, 2 insertions(+) diff --git a/data/torbrowser-launcher-whitelist-extras-i386.seccomp b/data/torbrowser-launcher-whitelist-extras-i386.seccomp index cf3d565..d00383f 100644 --- a/data/torbrowser-launcher-whitelist-extras-i386.seccomp +++ b/data/torbrowser-launcher-whitelist-extras-i386.seccomp @@ -15,3 +15,5 @@ set_thread_area: 1 recv: 1 send: 1 socketcall: 1 + +waitpid: 1

1 0

[sandboxed-tor-browser/master] Bug #20858: Make OpenGL work in the container with SW rendering.
by yawning＠torproject.org 02 Dec '16

02 Dec '16

commit a1c6e6063e7d912fd069c8ad5ee08797be521521 Author: Yawning Angel <yawning(a)schwanenlied.me> Date: Fri Dec 2 08:53:19 2016 +0000 Bug #20858: Make OpenGL work in the container with SW rendering. Tested and works on Debian x86_64, Fedora 25. Software rendering with unsandboxed TBB is busted on my Arch system. --- .../internal/sandbox/application.go | 46 +++++++++++++++++++--- 1 file changed, 40 insertions(+), 6 deletions(-) diff --git a/src/cmd/sandboxed-tor-browser/internal/sandbox/application.go b/src/cmd/sandboxed-tor-browser/internal/sandbox/application.go index f04e572..6ce948e 100644 --- a/src/cmd/sandboxed-tor-browser/internal/sandbox/application.go +++ b/src/cmd/sandboxed-tor-browser/internal/sandbox/application.go @@ -172,6 +172,9 @@ func RunTorBrowser(cfg *config.Config, manif *config.Manifest, tor *tor.Tor) (cm h.bind(tor.SocksSurrogatePath(), socksPath, false) h.assetFile(stubPath, "tbb_stub.so") + // Hardware accelerated OpenGL will not work, and never will. + h.setenv("LIBGL_ALWAYS_SOFTWARE", "1") + // Tor Browser currently is incompatible with PaX MPROTECT, apply the // override if needed. realFirefoxPath := filepath.Join(realBrowserHome, "firefox") @@ -210,10 +213,15 @@ func RunTorBrowser(cfg *config.Config, manif *config.Manifest, tor *tor.Tor) (cm // "libc.so", - Uhhhhh.... wtf? // "libcanberra.so.0", - Not ubiquitous. } + + glExtraLibs, glLibPaths := h.appendRestrictedOpenGL() + extraLibs = append(extraLibs, glExtraLibs...) + ldLibraryPath = ldLibraryPath + glLibPaths + if cfg.Sandbox.EnablePulseAudio && pulseAudioWorks { const libPulse = "libpulse.so.0" - paLibsPath := findDistributionDependentLibs("", "pulseaudio") + paLibsPath := findDistributionDependentLibs(nil, "", "pulseaudio") if paLibsPath != "" && cache.GetLibraryPath(libPulse) != "" { const restrictedPulseDir = "/usr/lib/pulseaudio" @@ -539,8 +547,12 @@ func newConsoleLogger(prefix string) *consoleLogger { return l } -func findDistributionDependentLibs(subDir, fn string) string { - for _, base := range distributionDependentLibSearchPath { +func findDistributionDependentLibs(extraSearch []string, subDir, fn string) string { + var searchPaths []string + searchPaths = append(searchPaths, extraSearch...) + searchPaths = append(searchPaths, distributionDependentLibSearchPath...) + + for _, base := range searchPaths { candidate := filepath.Join(base, subDir, fn) if FileExists(candidate) { return candidate @@ -549,6 +561,28 @@ func findDistributionDependentLibs(subDir, fn string) string { return "" } +func (h *hugbox) appendRestrictedOpenGL() ([]string, string) { + const ( + archXorgDir = "/usr/lib/xorg/modules" + swrastDri = "swrast_dri.so" + ) + + swrastPath := findDistributionDependentLibs([]string{archXorgDir}, "dri", swrastDri) + if swrastPath != "" { + // Debian needs libGL.so.1 explicitly specified. + retLibs := []string{swrastDri, "libGL.so.1"} + + driDir, _ := filepath.Split(swrastPath) + restrictedDriDir := filepath.Join(restrictedLibDir, "dri") + h.roBind(swrastPath, filepath.Join(restrictedDriDir, swrastDri), false) + h.setenv("LIBGL_DRIVERS_PATH", restrictedDriDir) + + return retLibs, ":" + driDir + } + + return nil, "" +} + func (h *hugbox) appendRestrictedGtk2() ([]string, string, error) { const ( libAdwaita = "libadwaita.so" @@ -567,7 +601,7 @@ func (h *hugbox) appendRestrictedGtk2() ([]string, string, error) { // Figure out where the system keeps the Gtk+-2.0 theme libraries, // and bind mount in Adwaita and Pixmap. - adwaitaPath := findDistributionDependentLibs(engineSubDir, libAdwaita) + adwaitaPath := findDistributionDependentLibs(nil, engineSubDir, libAdwaita) if adwaitaPath != "" { gtkEngineDir, _ := filepath.Split(adwaitaPath) normGtkEngineDir := filepath.Join(restrictedLibDir, "gtk-2.0", "2.10.0", "engines") @@ -583,7 +617,7 @@ func (h *hugbox) appendRestrictedGtk2() ([]string, string, error) { // Figure out where the system keeps the Gtk+-2.0 print backends, // and bind mount in the file one. - printFilePath := findDistributionDependentLibs(printSubDir, libPrintFile) + printFilePath := findDistributionDependentLibs(nil, printSubDir, libPrintFile) if printFilePath != "" { gtkPrintDir, _ := filepath.Split(printFilePath) normGtkPrintDir := filepath.Join(restrictedLibDir, "gtk-2.0", "2.10.0", "printbackends") @@ -603,7 +637,7 @@ func (h *hugbox) appendRestrictedGtk2() ([]string, string, error) { // Figure out if the system gdk-pixbuf-2.0 needs loaders for common // file formats. Arch and Fedora 25 do not. Debian does. As far as // I can tell, the only file format we actually care about is PNG. - pngLoaderPath := findDistributionDependentLibs(gdkSubDir, libPngLoader) + pngLoaderPath := findDistributionDependentLibs(nil, gdkSubDir, libPngLoader) if pngLoaderPath != "" { loaderDir, _ := filepath.Split(pngLoaderPath) normGdkPath := filepath.Join(restrictedLibDir, "gdk-pixbuf-2.0", "2.10.0")

1 0

[webwml/master] Add new Tor Browser alphas (6.5a5)
by gk＠torproject.org 02 Dec '16

02 Dec '16

commit f0af2274cb4b4fb9fcba1cd1b5c2343d8d9a446f Author: Georg Koppen <gk(a)torproject.org> Date: Fri Dec 2 07:49:01 2016 +0000 Add new Tor Browser alphas (6.5a5) --- include/versions.wmi | 18 +++++++++--------- projects/torbrowser/RecommendedTBBVersions | 8 +++++++- 2 files changed, 16 insertions(+), 10 deletions(-) diff --git a/include/versions.wmi b/include/versions.wmi index c1a5208..73cae23 100644 --- a/include/versions.wmi +++ b/include/versions.wmi @@ -5,28 +5,28 @@ <define-tag version-torbrowserdevelopbranch whitespace=delete>maint-6.0</define-tag> <define-tag version-torbrowserbundledir whitespace=delete>6.0.7</define-tag> -<define-tag version-torbrowserbundlebetadir whitespace=delete>6.5a4</define-tag> +<define-tag version-torbrowserbundlebetadir whitespace=delete>6.5a5</define-tag> <define-tag version-torbrowserbundle whitespace=delete>6.0.7</define-tag> <define-tag releasedate-torbrowserbundle whitespace=delete>2016-11-30</define-tag> -<define-tag version-torbrowserbundlebeta whitespace=delete>6.5a4</define-tag> -<define-tag releasedate-torbrowserbundlebeta whitespace=delete>2016-11-16</define-tag> +<define-tag version-torbrowserbundlebeta whitespace=delete>6.5a5</define-tag> +<define-tag releasedate-torbrowserbundlebeta whitespace=delete>2016-12-1</define-tag> <define-tag version-torbrowserbundlelinux32 whitespace=delete>6.0.7</define-tag> <define-tag releasedate-torbrowserbundlelinux32 whitespace=delete>2016-11-30</define-tag> <define-tag version-torbrowserbundlelinux64 whitespace=delete>6.0.7</define-tag> <define-tag releasedate-torbrowserbundlelinux64 whitespace=delete>2016-11-30</define-tag> -<define-tag version-torbrowserbundlelinux32beta whitespace=delete>6.5a4</define-tag> -<define-tag releasedate-torbrowserbundlelinux32beta whitespace=delete>2016-11-16</define-tag> -<define-tag version-torbrowserbundlelinux64beta whitespace=delete>6.5a4</define-tag> -<define-tag releasedate-torbrowserbundlelinux64beta whitespace=delete>2016-11-16</define-tag> +<define-tag version-torbrowserbundlelinux32beta whitespace=delete>6.5a5</define-tag> +<define-tag releasedate-torbrowserbundlelinux32beta whitespace=delete>2016-12-1</define-tag> +<define-tag version-torbrowserbundlelinux64beta whitespace=delete>6.5a5</define-tag> +<define-tag releasedate-torbrowserbundlelinux64beta whitespace=delete>2016-12-1</define-tag> <define-tag version-torbrowserbundleosx32 whitespace=delete>6.0.7</define-tag> <define-tag releasedate-torbrowserbundleosx32 whitespace=delete>2016-11-30</define-tag> <define-tag version-torbrowserbundleosx64 whitespace=delete>6.0.7</define-tag> <define-tag releasedate-torbrowserbundleosx64 whitespace=delete>2016-11-30</define-tag> -<define-tag version-torbrowserbundleosx64beta whitespace=delete>6.5a4</define-tag> -<define-tag releasedate-torbrowserbundleosx64beta whitespace=delete>2016-11-16</define-tag> +<define-tag version-torbrowserbundleosx64beta whitespace=delete>6.5a5</define-tag> +<define-tag releasedate-torbrowserbundleosx64beta whitespace=delete>2016-12-1</define-tag> <define-tag package-win32-stable whitespace=delete>../dist/torbrowser/<version-torbrowserbundledir>/tor-win32-<version-win32-stable>.zip</define-tag> diff --git a/projects/torbrowser/RecommendedTBBVersions b/projects/torbrowser/RecommendedTBBVersions index 22a5328..50feb9c 100644 --- a/projects/torbrowser/RecommendedTBBVersions +++ b/projects/torbrowser/RecommendedTBBVersions @@ -8,5 +8,11 @@ "6.5a4-MacOS", "6.5a4-Windows", "6.5a4-hardened", -"6.5a4-hardened-Linux" +"6.5a4-hardened-Linux", +"6.5a5", +"6.5a5-Linux", +"6.5a5-MacOS", +"6.5a5-Windows", +"6.5a5-hardened", +"6.5a5-hardened-Linux" ]

1 0

[sandboxed-tor-browser/master] Shutdown the old tor prior to installing the update.
by yawning＠torproject.org 02 Dec '16

02 Dec '16

commit 9a621397c46cbbc96bec85e129e53efb3521a1c1 Author: Yawning Angel <yawning(a)schwanenlied.me> Date: Fri Dec 2 06:50:45 2016 +0000 Shutdown the old tor prior to installing the update. --- src/cmd/sandboxed-tor-browser/internal/ui/install.go | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/src/cmd/sandboxed-tor-browser/internal/ui/install.go b/src/cmd/sandboxed-tor-browser/internal/ui/install.go index e8858b4..2ab7464 100644 --- a/src/cmd/sandboxed-tor-browser/internal/ui/install.go +++ b/src/cmd/sandboxed-tor-browser/internal/ui/install.go @@ -272,6 +272,13 @@ func (c *Common) doUpdate(async *Async, dialFn dialFunc) { return } + // Shutdown the old tor now. + if c.tor != nil { + log.Printf("update: Shutting down old tor.") + c.tor.Shutdown() + c.tor = nil + } + // Apply the update. log.Printf("update: Updating Tor Browser.") async.UpdateProgress("Updating Tor Browser.")

1 0

[sandboxed-tor-browser/master] Remove the old and out of date `doc/Architecture.txt` file.
by yawning＠torproject.org 02 Dec '16

02 Dec '16

commit f634e86cf37328389d2176dbe084065012954381 Author: Yawning Angel <yawning(a)schwanenlied.me> Date: Fri Dec 2 05:30:01 2016 +0000 Remove the old and out of date `doc/Architecture.txt` file. Better documentation is at: https://trac.torproject.org/projects/tor/wiki/doc/TorBrowser/Sandbox/Linux --- doc/Architecture.txt | 160 --------------------------------------------------- 1 file changed, 160 deletions(-) diff --git a/doc/Architecture.txt b/doc/Architecture.txt deleted file mode 100644 index 0a5c789..0000000 --- a/doc/Architecture.txt +++ /dev/null @@ -1,160 +0,0 @@ -sandboxed-tor-browser Architecture And Design -Yawning Angel (yawning at schwanenlied dot me) - -[Note: This started out as part of an e-mail thread with the Tor Browser - developers.] - -Design requirements: - - * Modern Linux kernels without USER_NS support MUST be capable of - supporting the sandboxed tor browser (basically, use bubblewrap - since it's less of a monstrosity than firejail is, both require - SUID root or additional capabilities for this use model which - complicates the installation process, but that's an orthogonal - issue). - - bubblewrap packages are available for Debian and Ubuntu which probably - covers the bulk of the user-base, though I am doing development on - neither. - - * Proxy bypass MUST BE impossible without a sandbox escape, even if - the adversary gets RCE capability. This is harder than it appears, - and influences a few other thoughts. - - * The firefox process's write access to the filesystem MUST be limited - to the user preferences, download directory and the bookmarks. The - firefox process's read access to the filesystem SHOULD be limited to - the Tor Browser bundle installation directory. - - There is a UX tradeoff here in that, without access to at least the - user's home directory, uploading things is difficult, but there's a - lot of data a potentially malicious firefox executable can get at - if it can read from the entire home directory. - - * The firefox process MUST NOT be responsible for launching the tor - instance. The tor process MUST live in a separate sandbox, with no - access to user data (ie: tor MUST only be able to see - Browser/Tor-Browser/Data). - - * The firefox process MUST NOT be responsible for updating Tor Browser. - The downloads MUST be fetched over tor, and a more permissive - sandbox spawned to handle updating. - - * I have no idea how to handle meek, I sort of don't care for the - 0.0.1 non-shit sandbox implementation. Something to keep in mind. - - * Audio is a mess. If the host system has PulseAudio, it can optionally be - exposed in the sandbox, but that is another attack vector. - - * This really needs Wayland, because the X11 security model is a - shitfest of total fail, and "firefox owned the X server and got out" - is a distinct possibility. - -Design: - -sandboxed-tor-browser is a Go application that handles: - - * Downloading and installing Tor Browser. - - * Fetches and installs the latest Tor Browser over Tor, or the normal - internet, depending on of Tor is already running as a system service. - * The TLS cert for the download metadata fetch (`downloads.json`) is - validated via static HPKP pins. The actual downloads can come from - anywhere (allowing the possibility for CDNs/mirrors). - * Validates the PGP signature with a hard coded copy of the PGP key. - - * Running a sandboxed instance of the tor daemon. - - * Launches the bundle's tor daemon inside a sandbox. - * A seccomp whitelist is used unless pluggable transports are enabled, in - which case a blacklist is used. - * This process has full network access, but an extremely limited view into - the host filesystem. - * For the initial release only pluggable transports supported by obfs4proxy - are enabled. - * Libraries are handled in a similar manner to how they are for the firefox - container (as in, only what is needed, nothing more). - - * Updating Tor Browser. - - * Version check over Tor on launch. Static HPKP pins are used to ensure - the remote update metadata server is trusted. - * Download MAR format updates over Tor. - * Validates the MAR signature with hard coded copies of the MAR signing - key(s). - * Apply the MAR updates using the `updater` excutable shipped with Tor, - supporting both incremental and complete updates. This process is in a - sandbox that does not allow external network access at all. - - * Run a sandboxed instance of Tor Browser. - - * A LD_PRELOAD stub is used to force firefox to use AF_LOCAL sockets for - the control and SOCKS ports, and to work around certain Firefox quirks - and bugs. - * Uses bubblewrap to instantiate a Linux container. - * seccomp2 system call filter, with whitelist/blacklist format that is - compatible with Subgraph. - * Separate PID table, mount table, etc. - * No external communication except via stdio, and path based AF_LOCAL - sockets. - * Normalized hostname, `/etc/passwd`, `/etc/group`, D-bus machine ID. - * Limited view of the host filesystem, all directories read-only unless - * otherwise specified. The sandboxed filesystem layout is normalized - as much as possible. - * System libraries are explcitly bind mounted into the container in - standardized locations to reduce attack surface and to make it hard - to use the installed libraries to gain much insight into the host - system. This is accomplished via reading the ELF dynamic section of - the binary to be executed, and then mounting a breadth-first-search - with the assistance of the `/etc/ld.so.cache` file. - * Gtk Theme related directories. - * The X11 AF_LOCAL socket. - * (Optionally) The PulseAudio socket. - * The browser directory. - * The browser caches directory (read/write, might be removed). - * The browser profile directory (read/write, extensions sub-dir - read-only unless overriden by the user). - * The browser downloads directory (read/write) - * The browser desktop directory (read/write) - * A runtime directory. - * A surrogate control port that gives "fake" responses to Tor - Browser. The bare minimum to get a fully functional circuit - display is implemented, and the surrogate ensures that responses - are filtered appropriately so that Tor Browser never sees streams - or circuits that it is not responsible for. - * A re-dispatching SOCKS proxy, required to identify which streams - and circuits should be visible to the control port surrogate. - -Sandbox weaknesses: - -Basically sandbox escape should require one of a kernel exploit, display server -exploit, or Tor SOCKS port based exploit in addition to the Firefox exploit, so -from a security standpoint things are vastly improved. - - * (Security, Privacy) X11 is a huge mess of utter fail, especially - considering the sandboxed processes get direct access to the host X server. - - * Vector for sandbox escape or exploits. - * X processes can easily become display server wide keyloggers and other - things that threaten user privacy. - * Certain applications set X root window properties that leak information - about the host system (eg: PulseAudio). - - Using a nested X solution such as Xephyr "just works", so that's a way to - mitigate this for those that want that. - - * (Security, Privacy) If the user opts to enable PulseAudio support, it opens - up another attack vector for exploits, government ultrasonic mind control, - the browser acting as a listening device, and etc. - - * (Security, Privacy) Firefox requires a `/proc` filesystem, which contains more - information than it should have access to. - - * (Security) The Firefox process can write bad things to the profile - directory if it choses to do so. - - * (Privacy) The Firefox process still can access the network over Tor to - exfiltrate data. - - * (Privacy) While the user name is re-written in the sandbox to - `amnesia`, the UID/GID are not.

1 0

[translation/torbutton-abouttorproperties_completed] Update translations for torbutton-abouttorproperties_completed
by translation＠torproject.org 01 Dec '16

01 Dec '16

commit 8794b87a90ab6f66d129caf6460661eca3bb7111 Author: Translation commit bot <translation(a)torproject.org> Date: Thu Dec 1 23:17:14 2016 +0000 Update translations for torbutton-abouttorproperties_completed --- zh_CN/abouttor.properties | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/zh_CN/abouttor.properties b/zh_CN/abouttor.properties index 39dbd19..7622354 100644 --- a/zh_CN/abouttor.properties +++ b/zh_CN/abouttor.properties @@ -2,12 +2,6 @@ # See LICENSE for licensing information. # vim: set sw=2 sts=2 ts=8 et: -aboutTor.searchSP.privacy=使用<a href="%2$S">Startpage</a><a href="%1$S">安全</a>搜索。 -# The following string is a link which replaces %1$S above. -aboutTor.searchSP.privacy.link=https://startpage.com/eng/protect-privacy.html -# The following string is a link which replaces %2$S above. -aboutTor.searchSP.search.link=https://startpage.com/ - aboutTor.searchDDG.privacy=使用<a href="%2$S">DuckDuckGo</a><a href="%1$S">安全</a>搜索。 # The following string is a link which replaces %1$S above. aboutTor.searchDDG.privacy.link=https://duckduckgo.com/privacy.html @@ -19,3 +13,10 @@ aboutTor.searchDC.privacy=使用<a href="%2$S">Disconnect.me</a><a href="%1$S"> aboutTor.searchDC.privacy.link=https://disconnect.me/privacy # The following string is a link which replaces %2$S above. aboutTor.searchDC.search.link=https://search.disconnect.me/ + +aboutTor.donationBanner.donate=立即捐助！ +aboutTor.donationBanner.heart=Tor 是互联网自由的核心 +aboutTor.donationBanner.tagline1=数百万人依靠 Tor 安全、私密地上网 +aboutTor.donationBanner.tagline2=人们互相保护组成的网络 +aboutTor.donationBanner.tagline3=监视即压迫 +aboutTor.donationBanner.tagline4=为记者、告密者及活动人士提供保护，专注匿名安全 10 年

1 0

[translation/torbutton-abouttorproperties] Update translations for torbutton-abouttorproperties
by translation＠torproject.org 01 Dec '16

01 Dec '16

commit 4be460ed7ca9955b0fa038248c04da251333dbb1 Author: Translation commit bot <translation(a)torproject.org> Date: Thu Dec 1 23:17:10 2016 +0000 Update translations for torbutton-abouttorproperties --- zh_CN/abouttor.properties | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/zh_CN/abouttor.properties b/zh_CN/abouttor.properties index e6ad6a0..7622354 100644 --- a/zh_CN/abouttor.properties +++ b/zh_CN/abouttor.properties @@ -17,6 +17,6 @@ aboutTor.searchDC.search.link=https://search.disconnect.me/ aboutTor.donationBanner.donate=立即捐助！ aboutTor.donationBanner.heart=Tor 是互联网自由的核心 aboutTor.donationBanner.tagline1=数百万人依靠 Tor 安全、私密地上网 -aboutTor.donationBanner.tagline2=A Network of People Protecting People +aboutTor.donationBanner.tagline2=人们互相保护组成的网络 aboutTor.donationBanner.tagline3=监视即压迫 aboutTor.donationBanner.tagline4=为记者、告密者及活动人士提供保护，专注匿名安全 10 年

1 0

[translation/bridgedb_completed] Update translations for bridgedb_completed
by translation＠torproject.org 01 Dec '16

01 Dec '16

commit 2223e812301ffe9053d6d38c56f4dcf3dee745a3 Author: Translation commit bot <translation(a)torproject.org> Date: Thu Dec 1 23:15:09 2016 +0000 Update translations for bridgedb_completed --- zh_CN/LC_MESSAGES/bridgedb.po | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/zh_CN/LC_MESSAGES/bridgedb.po b/zh_CN/LC_MESSAGES/bridgedb.po index 6b20564..b290e9c 100644 --- a/zh_CN/LC_MESSAGES/bridgedb.po +++ b/zh_CN/LC_MESSAGES/bridgedb.po @@ -11,6 +11,7 @@ # Meng San, 2014,2016 # leungsookfan <leung.sookfan(a)riseup.net>, 2014 # Meng San, 2016 +# Mingye Wang <arthur200126(a)gmail.com>, 2016 # khi, 2014-2015 # Y.F Yang <yfdyh000(a)gmail.com>, 2014-2015 msgid "" @@ -18,8 +19,8 @@ msgstr "" "Project-Id-Version: The Tor Project\n" "Report-Msgid-Bugs-To: 'https://trac.torproject.org/projects/tor/newticket?component=BridgeDB&keywo…'\n" "POT-Creation-Date: 2015-07-25 03:40+0000\n" -"PO-Revision-Date: 2016-10-10 17:55+0000\n" -"Last-Translator: Meng San\n" +"PO-Revision-Date: 2016-12-01 22:50+0000\n" +"Last-Translator: Mingye Wang <arthur200126(a)gmail.com>\n" "Language-Team: Chinese (China) (http://www.transifex.com/otf/torproject/language/zh_CN/)\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" @@ -233,7 +234,7 @@ msgid "" "difficult for anyone watching your internet traffic to determine that you are\n" "using Tor.\n" "\n" -msgstr "BridgeDB 提供多种 %s Pluggable Transports %s 网桥，可用于混淆 Tor 网络的连接，从而让网络监控者难以判断你在使用 Tor。\n" +msgstr "BridgeDB 提供多种%s可拔插传输%s网桥，用于混淆 Tor 网络的连接，从而让网络监控者难以判断你在使用 Tor。\n" #. TRANSLATORS: Please DO NOT translate "Pluggable Transports". #: bridgedb/strings.py:79

1 0

[translation/bridgedb] Update translations for bridgedb
by translation＠torproject.org 01 Dec '16

01 Dec '16

commit 909a5321df69fd584d04543145e59dcc3ca8998c Author: Translation commit bot <translation(a)torproject.org> Date: Thu Dec 1 23:15:03 2016 +0000 Update translations for bridgedb --- zh_CN/LC_MESSAGES/bridgedb.po | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/zh_CN/LC_MESSAGES/bridgedb.po b/zh_CN/LC_MESSAGES/bridgedb.po index 6b20564..b290e9c 100644 --- a/zh_CN/LC_MESSAGES/bridgedb.po +++ b/zh_CN/LC_MESSAGES/bridgedb.po @@ -11,6 +11,7 @@ # Meng San, 2014,2016 # leungsookfan <leung.sookfan(a)riseup.net>, 2014 # Meng San, 2016 +# Mingye Wang <arthur200126(a)gmail.com>, 2016 # khi, 2014-2015 # Y.F Yang <yfdyh000(a)gmail.com>, 2014-2015 msgid "" @@ -18,8 +19,8 @@ msgstr "" "Project-Id-Version: The Tor Project\n" "Report-Msgid-Bugs-To: 'https://trac.torproject.org/projects/tor/newticket?component=BridgeDB&keywo…'\n" "POT-Creation-Date: 2015-07-25 03:40+0000\n" -"PO-Revision-Date: 2016-10-10 17:55+0000\n" -"Last-Translator: Meng San\n" +"PO-Revision-Date: 2016-12-01 22:50+0000\n" +"Last-Translator: Mingye Wang <arthur200126(a)gmail.com>\n" "Language-Team: Chinese (China) (http://www.transifex.com/otf/torproject/language/zh_CN/)\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" @@ -233,7 +234,7 @@ msgid "" "difficult for anyone watching your internet traffic to determine that you are\n" "using Tor.\n" "\n" -msgstr "BridgeDB 提供多种 %s Pluggable Transports %s 网桥，可用于混淆 Tor 网络的连接，从而让网络监控者难以判断你在使用 Tor。\n" +msgstr "BridgeDB 提供多种%s可拔插传输%s网桥，用于混淆 Tor 网络的连接，从而让网络监控者难以判断你在使用 Tor。\n" #. TRANSLATORS: Please DO NOT translate "Pluggable Transports". #: bridgedb/strings.py:79

1 0

[tor-messenger-build/master] Add a pref to disable JavaScript in browser requests
by arlo＠torproject.org 01 Dec '16

01 Dec '16

commit cf474e84580cb4e2f9ed6e024ce9bb4e3f968f52 Author: Arlo Breault <arlolra(a)gmail.com> Date: Thu Dec 1 14:43:23 2016 -0800 Add a pref to disable JavaScript in browser requests * Bugzilla 1321420 --- ChangeLog | 3 +- .../0001-Set-Tor-Messenger-preferences.patch | 31 +++++++------ ...0002-Trac-16489-Prevent-account-autologin.patch | 4 +- ...Support-Special-Characters-input-prompt-o.patch | 4 +- ...Better-error-reporting-for-failed-outgoin.patch | 4 +- .../0005-Trac-13312-OTR-over-Twitter-DMs.patch | 4 +- ...-Fix-tab-strip-background-colour-on-OS-X..patch | 4 +- ...-XMPP-createConversation-should-handle-in.patch | 4 +- ...-Set-_userVCard-own-property-when-downloa.patch | 4 +- .../0009-XMPP-in-band-registration.patch | 4 +- .../instantbird/0010-Remove-search-from-UI.patch | 4 +- .../0011-Add-Tor-Messenger-branding.patch | 4 +- projects/instantbird/0012-Account-picture.patch | 4 +- .../0013-Modify-protocol-defaults.patch | 4 +- .../instantbird/0014-Modify-IRC-defaults.patch | 4 +- projects/instantbird/0015-Modify-themes.patch | 4 +- .../instantbird/0016-Modify-XMPP-defaults.patch | 4 +- projects/instantbird/0017-Remove-logging-UI.patch | 4 +- projects/instantbird/0018-Cert-override.patch | 4 +- .../0019-Display-all-traffic-over-Tor.patch | 4 +- .../instantbird/0020-Trac-17480-Content-sink.patch | 4 +- .../0021-SASL-ECDSA-NIST256P-CHALLENGE.patch | 4 +- ...-msg-is-not-defined-error-in-irc.js-chang.patch | 4 +- ...Contact-list-entries-should-adapt-their-h.patch | 4 +- ...1187281-Only-show-close-button-on-Windows.patch | 4 +- ...-Remove-old-Yahoo-Messenger-support.-r-al.patch | 4 +- ...-Use-built-in-functions-instead-of-an-svg.patch | 4 +- ...-Add-a-pref-to-disable-JavaScript-in-brow.patch | 52 ++++++++++++++++++++++ projects/instantbird/config | 1 + 29 files changed, 122 insertions(+), 65 deletions(-) diff --git a/ChangeLog b/ChangeLog index 8acb5fd..78e111c 100644 --- a/ChangeLog +++ b/ChangeLog @@ -5,7 +5,8 @@ Tor Messenger 0.3.0b2 -- * Use the THUNDERBIRD_45_5_1_RELEASE tag on comm-esr45 * Update tor-browser to 6.0.7 * Don't allow javascript: links in themes - * Disable svg and mathml in content + * Bugzilla 1321420: Add a pref to disable JavaScript in browser requests + * Bugzilla 1321641: Disable svg and mathml in content Tor Messenger 0.3.0b1 -- November 22, 2016 * All Platforms diff --git a/projects/instantbird/0001-Set-Tor-Messenger-preferences.patch b/projects/instantbird/0001-Set-Tor-Messenger-preferences.patch index bb9000e..f1fe704 100644 --- a/projects/instantbird/0001-Set-Tor-Messenger-preferences.patch +++ b/projects/instantbird/0001-Set-Tor-Messenger-preferences.patch @@ -1,17 +1,17 @@ -From 4c3c3738aef40779b8725db2cc8e32474b2e512c Mon Sep 17 00:00:00 2001 +From 0e21b50aaf1fe5931e1d82fbe9bb482f5449ccd1 Mon Sep 17 00:00:00 2001 From: Sukhbir Singh <sukhbir(a)torproject.org> Date: Mon, 10 Oct 2016 19:48:41 -0700 -Subject: [PATCH 01/26] Set Tor Messenger preferences +Subject: [PATCH 01/27] Set Tor Messenger preferences --- - im/app/profile/all-instantbird.js | 420 ++++++++++++++++++++++++++++++++++++-- - 1 file changed, 398 insertions(+), 22 deletions(-) + im/app/profile/all-instantbird.js | 423 ++++++++++++++++++++++++++++++++++++-- + 1 file changed, 401 insertions(+), 22 deletions(-) diff --git a/im/app/profile/all-instantbird.js b/im/app/profile/all-instantbird.js -index b7a397017..ff49380b6 100644 +index b7a397017..b18e98e7f 100644 --- a/im/app/profile/all-instantbird.js +++ b/im/app/profile/all-instantbird.js -@@ -1,3 +1,47 @@ +@@ -1,3 +1,50 @@ +/** + * This file is divded into three section, + * @@ -50,6 +50,9 @@ index b7a397017..ff49380b6 100644 +// Put conversations on hold so that OTR disconnect is not sent. See #20208. +pref("messenger.conversations.holdByDefault", true); + ++// Disable JavaScript in browser requests ++pref("chat.browserRequest.disableJavascript", true); ++ +// No AUS check for system add-on updates for Tor Browser users. +// This pref is taken from the TB diff of browser/app/profile/firefox.js +pref("extensions.systemAddon.update.url", ""); @@ -59,7 +62,7 @@ index b7a397017..ff49380b6 100644 /* This Source Code Form is subject to the terms of the Mozilla Public * License, v. 2.0. If a copy of the MPL was not distributed with this * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ -@@ -28,7 +72,7 @@ pref("general.autoScroll", true); +@@ -28,7 +75,7 @@ pref("general.autoScroll", true); // 0 = spellcheck nothing // 1 = check multi-line controls [default] // 2 = check multi/single line controls @@ -68,7 +71,7 @@ index b7a397017..ff49380b6 100644 pref("messenger.accounts.convertOldPasswords", true); pref("messenger.accounts.promptOnDelete", true); -@@ -66,7 +110,7 @@ pref("extensions.mintrayr.singleClickRestore", false); +@@ -66,7 +113,7 @@ pref("extensions.mintrayr.singleClickRestore", false); // Whether message related sounds should be played at all. If this is enabled // then the more specific prefs are checked as well. @@ -77,7 +80,7 @@ index b7a397017..ff49380b6 100644 // Specifies whether each message event should trigger a sound for incoming // and outgoing messages, or when your nickname is mentioned in a chat. pref("messenger.options.playSounds.outgoing", true); -@@ -142,26 +186,23 @@ pref("app.update.staging.enabled", true); +@@ -142,26 +189,23 @@ pref("app.update.staging.enabled", true); // Update service URL: // You do not need to use all the %VAR% parameters. Use what you need, %PRODUCT%,%VERSION%,%BUILD_ID%,%CHANNEL% for example @@ -109,7 +112,7 @@ index b7a397017..ff49380b6 100644 // Interval: Time before prompting the user to restart to install the latest // download (in seconds) default=30 minutes -@@ -202,7 +243,7 @@ pref("browser.search.order.1", "chrome://instantbird/locale/regio +@@ -202,7 +246,7 @@ pref("browser.search.order.1", "chrome://instantbird/locale/regio pref("browser.search.order.2", "chrome://instantbird/locale/region.properties"); // send ping to the server to update @@ -118,7 +121,7 @@ index b7a397017..ff49380b6 100644 // disable logging for the search service update system by default pref("browser.search.update.log", false); -@@ -222,10 +263,10 @@ pref("extensions.ignoreMTimeChanges", false); +@@ -222,10 +266,10 @@ pref("extensions.ignoreMTimeChanges", false); pref("extensions.logging.enabled", false); pref("general.skins.selectedSkin", "classic/1.0"); @@ -131,7 +134,7 @@ index b7a397017..ff49380b6 100644 // Preferences for the Get Add-ons pane pref("extensions.getAddons.cache.enabled", false); -@@ -244,10 +285,24 @@ pref("extensions.getMoreMessageStylesURL", "https://add-ons.instantbird.org/%LOC +@@ -244,10 +288,24 @@ pref("extensions.getMoreMessageStylesURL", "https://add-ons.instantbird.org/%LOC pref("extensions.getMoreEmoticonsURL", "https://add-ons.instantbird.org/%LOCALE%/%APP%/%VERSION%/emoticons/"); pref("extensions.getMoreProtocolsURL", "https://add-ons.instantbird.org/%LOCALE%/%APP%/%VERSION%/protocols/"); @@ -159,7 +162,7 @@ index b7a397017..ff49380b6 100644 // don't load links inside Instantbird pref("network.protocol-handler.expose-all", false); -@@ -259,13 +314,13 @@ pref("network.protocol-handler.expose.https", true); +@@ -259,13 +317,13 @@ pref("network.protocol-handler.expose.https", true); // expose javascript: so that message themes can use it. // javascript: links inside messages are filtered out. @@ -176,7 +179,7 @@ index b7a397017..ff49380b6 100644 // We have an Error Console menu item by default so let's display chrome errors pref("javascript.options.showInConsole", true); -@@ -300,14 +355,335 @@ pref("browser.tabs.tabClipWidth", 140); +@@ -300,14 +358,335 @@ pref("browser.tabs.tabClipWidth", 140); // 3 at the end of the tabstrip pref("browser.tabs.closeButtons", 1); diff --git a/projects/instantbird/0002-Trac-16489-Prevent-account-autologin.patch b/projects/instantbird/0002-Trac-16489-Prevent-account-autologin.patch index f69ce4c..27c53cd 100644 --- a/projects/instantbird/0002-Trac-16489-Prevent-account-autologin.patch +++ b/projects/instantbird/0002-Trac-16489-Prevent-account-autologin.patch @@ -1,7 +1,7 @@ -From a4ddbd00c0a32d809a2af24f9f2eb3ce9e6734f4 Mon Sep 17 00:00:00 2001 +From 727612a3c5919be6e57c34ff064e9d047d052386 Mon Sep 17 00:00:00 2001 From: Arlo Breault <arlolra(a)gmail.com> Date: Mon, 16 Nov 2015 20:37:53 -0800 -Subject: [PATCH 02/26] Trac 16489: Prevent account autologin +Subject: [PATCH 02/27] Trac 16489: Prevent account autologin --- chat/components/src/imAccounts.js | 2 +- diff --git a/projects/instantbird/0003-Trac-17896-Support-Special-Characters-input-prompt-o.patch b/projects/instantbird/0003-Trac-17896-Support-Special-Characters-input-prompt-o.patch index 6eff88d..be5b62b 100644 --- a/projects/instantbird/0003-Trac-17896-Support-Special-Characters-input-prompt-o.patch +++ b/projects/instantbird/0003-Trac-17896-Support-Special-Characters-input-prompt-o.patch @@ -1,7 +1,7 @@ -From e5f7cc504ec4045209879a43e21e9408f82f759d Mon Sep 17 00:00:00 2001 +From 14c9615c0b5c95c824b3ecbe1323d33849ff1690 Mon Sep 17 00:00:00 2001 From: aleth <aleth(a)instantbird.org> Date: Sat, 30 Jan 2016 20:56:38 +0100 -Subject: [PATCH 03/26] Trac 17896: Support "Special Characters" input prompt +Subject: [PATCH 03/27] Trac 17896: Support "Special Characters" input prompt on OS X * Bug 1151784 - Add Edit menu to the conversation window on OS X. r=nhnt11,florian diff --git a/projects/instantbird/0004-Trac-17494-Better-error-reporting-for-failed-outgoin.patch b/projects/instantbird/0004-Trac-17494-Better-error-reporting-for-failed-outgoin.patch index 0c9d3fb..fe4feb5 100644 --- a/projects/instantbird/0004-Trac-17494-Better-error-reporting-for-failed-outgoin.patch +++ b/projects/instantbird/0004-Trac-17494-Better-error-reporting-for-failed-outgoin.patch @@ -1,7 +1,7 @@ -From bd4f023395241318ad8bab0f721fbccccffb8885 Mon Sep 17 00:00:00 2001 +From 8810e6c3a0bfcc31b226c1404cfd2c880c1c1c34 Mon Sep 17 00:00:00 2001 From: Arlo Breault <arlolra(a)gmail.com> Date: Tue, 2 Feb 2016 16:04:51 -0800 -Subject: [PATCH 04/26] Trac 17494: Better error reporting for failed outgoing +Subject: [PATCH 04/27] Trac 17494: Better error reporting for failed outgoing messages * Bug 1245325 - Better error reporting for failed outgoing messages. r=clokep diff --git a/projects/instantbird/0005-Trac-13312-OTR-over-Twitter-DMs.patch b/projects/instantbird/0005-Trac-13312-OTR-over-Twitter-DMs.patch index e586e10..1254069 100644 --- a/projects/instantbird/0005-Trac-13312-OTR-over-Twitter-DMs.patch +++ b/projects/instantbird/0005-Trac-13312-OTR-over-Twitter-DMs.patch @@ -1,7 +1,7 @@ -From 5996053c815c9872b3ec90eabbdaad69071064fa Mon Sep 17 00:00:00 2001 +From c02d910d93b7ba9ccc2611ebea5d14ca75e23c47 Mon Sep 17 00:00:00 2001 From: Arlo Breault <arlolra(a)gmail.com> Date: Tue, 15 Mar 2016 17:40:42 -0700 -Subject: [PATCH 05/26] Trac 13312: OTR over Twitter DMs +Subject: [PATCH 05/27] Trac 13312: OTR over Twitter DMs --- chat/components/src/imConversations.js | 3 +- diff --git a/projects/instantbird/0006-Bug-1218193-Fix-tab-strip-background-colour-on-OS-X..patch b/projects/instantbird/0006-Bug-1218193-Fix-tab-strip-background-colour-on-OS-X..patch index c2872f0..d3ad306 100644 --- a/projects/instantbird/0006-Bug-1218193-Fix-tab-strip-background-colour-on-OS-X..patch +++ b/projects/instantbird/0006-Bug-1218193-Fix-tab-strip-background-colour-on-OS-X..patch @@ -1,7 +1,7 @@ -From b9052add0dc1e7fdca9c9be6a86cfee4765fb1cd Mon Sep 17 00:00:00 2001 +From af6669624ad0a3f581b4e60819d8a814dea1e96e Mon Sep 17 00:00:00 2001 From: Nihanth Subramanya <nhnt11(a)gmail.com> Date: Sun, 9 Oct 2016 21:53:04 -0700 -Subject: [PATCH 06/26] Bug 1218193 - Fix tab strip background colour on OS X. +Subject: [PATCH 06/27] Bug 1218193 - Fix tab strip background colour on OS X. r=aleth --- diff --git a/projects/instantbird/0007-Bug-1246431-XMPP-createConversation-should-handle-in.patch b/projects/instantbird/0007-Bug-1246431-XMPP-createConversation-should-handle-in.patch index 3be82c4..6dfcab0 100644 --- a/projects/instantbird/0007-Bug-1246431-XMPP-createConversation-should-handle-in.patch +++ b/projects/instantbird/0007-Bug-1246431-XMPP-createConversation-should-handle-in.patch @@ -1,7 +1,7 @@ -From 50e579c8128762aba5b089dd8efa2581c5647309 Mon Sep 17 00:00:00 2001 +From 906d903b83bd1304f2507809c78b6e8a01618db7 Mon Sep 17 00:00:00 2001 From: Arlo Breault <arlolra(a)gmail.com> Date: Sun, 9 Oct 2016 21:57:07 -0700 -Subject: [PATCH 07/26] Bug 1246431 - XMPP createConversation should handle +Subject: [PATCH 07/27] Bug 1246431 - XMPP createConversation should handle incoming messages from the server properly. r=aleth --- diff --git a/projects/instantbird/0008-Bug-1298574-Set-_userVCard-own-property-when-downloa.patch b/projects/instantbird/0008-Bug-1298574-Set-_userVCard-own-property-when-downloa.patch index 860260e..2709721 100644 --- a/projects/instantbird/0008-Bug-1298574-Set-_userVCard-own-property-when-downloa.patch +++ b/projects/instantbird/0008-Bug-1298574-Set-_userVCard-own-property-when-downloa.patch @@ -1,7 +1,7 @@ -From ec8291566407e9791f5cbb7a518ba990f8063c97 Mon Sep 17 00:00:00 2001 +From 46e98074c3e4f0f82452547cf34ea5790182b9ab Mon Sep 17 00:00:00 2001 From: Arlo Breault <arlolra(a)gmail.com> Date: Sun, 28 Aug 2016 08:57:41 -0700 -Subject: [PATCH 08/26] Bug 1298574 - Set _userVCard own property when +Subject: [PATCH 08/27] Bug 1298574 - Set _userVCard own property when downloading vCard fails. r=aleth * This prevents an infinite req / res cycle. diff --git a/projects/instantbird/0009-XMPP-in-band-registration.patch b/projects/instantbird/0009-XMPP-in-band-registration.patch index 9df73d4..acbb3f6 100644 --- a/projects/instantbird/0009-XMPP-in-band-registration.patch +++ b/projects/instantbird/0009-XMPP-in-band-registration.patch @@ -1,7 +1,7 @@ -From a65748c8260e0e9e1d5c5c49460a0f4f932572ec Mon Sep 17 00:00:00 2001 +From 32840337a82ae03003a249179ac14d963245156f Mon Sep 17 00:00:00 2001 From: Sukhbir Singh <sukhbir(a)torproject.org> Date: Mon, 10 Oct 2016 18:42:25 -0700 -Subject: [PATCH 09/26] XMPP in-band registration +Subject: [PATCH 09/27] XMPP in-band registration --- chat/locales/en-US/xmpp.properties | 5 + diff --git a/projects/instantbird/0010-Remove-search-from-UI.patch b/projects/instantbird/0010-Remove-search-from-UI.patch index 6abe85b..8c734d5 100644 --- a/projects/instantbird/0010-Remove-search-from-UI.patch +++ b/projects/instantbird/0010-Remove-search-from-UI.patch @@ -1,7 +1,7 @@ -From 8a782e78164f9bab6992169c94eb63968413437e Mon Sep 17 00:00:00 2001 +From 93f125d61a384b1693aee15a60f6e11964f5abcb Mon Sep 17 00:00:00 2001 From: Sukhbir Singh <sukhbir(a)torproject.org> Date: Mon, 10 Oct 2016 18:47:48 -0700 -Subject: [PATCH 10/26] Remove search from UI +Subject: [PATCH 10/27] Remove search from UI --- im/content/nsContextMenu.js | 18 +----------------- diff --git a/projects/instantbird/0011-Add-Tor-Messenger-branding.patch b/projects/instantbird/0011-Add-Tor-Messenger-branding.patch index 33da960..973adad 100644 --- a/projects/instantbird/0011-Add-Tor-Messenger-branding.patch +++ b/projects/instantbird/0011-Add-Tor-Messenger-branding.patch @@ -1,7 +1,7 @@ -From 894cf42051d4df8ef2186072157ea4de664a7215 Mon Sep 17 00:00:00 2001 +From 388606395c2dcf2b2513b17e1abea45c661f44b5 Mon Sep 17 00:00:00 2001 From: Sukhbir Singh <sukhbir(a)torproject.org> Date: Mon, 10 Oct 2016 18:56:27 -0700 -Subject: [PATCH 11/26] Add Tor Messenger branding +Subject: [PATCH 11/27] Add Tor Messenger branding --- im/app/macbuild/Contents/Info.plist.in | 2 +- diff --git a/projects/instantbird/0012-Account-picture.patch b/projects/instantbird/0012-Account-picture.patch index d3d4c0b..d46a804 100644 --- a/projects/instantbird/0012-Account-picture.patch +++ b/projects/instantbird/0012-Account-picture.patch @@ -1,7 +1,7 @@ -From a6ed86bacc2304bb23ecfd339aa6a2c39750e704 Mon Sep 17 00:00:00 2001 +From 8770c4d143855951b8eedc90b8188c3a2f401f2e Mon Sep 17 00:00:00 2001 From: Sukhbir Singh <sukhbir(a)torproject.org> Date: Mon, 10 Oct 2016 19:24:09 -0700 -Subject: [PATCH 12/26] Account picture +Subject: [PATCH 12/27] Account picture --- im/content/blist.xul | 3 +-- diff --git a/projects/instantbird/0013-Modify-protocol-defaults.patch b/projects/instantbird/0013-Modify-protocol-defaults.patch index d5b138f..d226c82 100644 --- a/projects/instantbird/0013-Modify-protocol-defaults.patch +++ b/projects/instantbird/0013-Modify-protocol-defaults.patch @@ -1,7 +1,7 @@ -From 9dffeaa7b684ae17975a79cb05e1c3835999dbb5 Mon Sep 17 00:00:00 2001 +From 6b5c348d5d4de54db3cbfc8f68acbc7e351ac836 Mon Sep 17 00:00:00 2001 From: Sukhbir Singh <sukhbir(a)torproject.org> Date: Mon, 10 Oct 2016 19:25:34 -0700 -Subject: [PATCH 13/26] Modify protocol defaults +Subject: [PATCH 13/27] Modify protocol defaults * Top protocols diff --git a/projects/instantbird/0014-Modify-IRC-defaults.patch b/projects/instantbird/0014-Modify-IRC-defaults.patch index 2e82d90..11bf85d 100644 --- a/projects/instantbird/0014-Modify-IRC-defaults.patch +++ b/projects/instantbird/0014-Modify-IRC-defaults.patch @@ -1,7 +1,7 @@ -From 17523fa3d2f7860abe3eb6629894a7df9bdc2350 Mon Sep 17 00:00:00 2001 +From 1546228595bfc1b7127d7c4d9327a30c90e8f080 Mon Sep 17 00:00:00 2001 From: Sukhbir Singh <sukhbir(a)torproject.org> Date: Mon, 10 Oct 2016 19:31:58 -0700 -Subject: [PATCH 14/26] Modify IRC defaults +Subject: [PATCH 14/27] Modify IRC defaults * ctcp ping diff --git a/projects/instantbird/0015-Modify-themes.patch b/projects/instantbird/0015-Modify-themes.patch index d4a7212..bc91e46 100644 --- a/projects/instantbird/0015-Modify-themes.patch +++ b/projects/instantbird/0015-Modify-themes.patch @@ -1,7 +1,7 @@ -From 7873271e02abb179a0b1a303a21fffeff515cbc4 Mon Sep 17 00:00:00 2001 +From 6529649b4c2dcf440970552b62d999656aabdb72 Mon Sep 17 00:00:00 2001 From: Sukhbir Singh <sukhbir(a)torproject.org> Date: Mon, 10 Oct 2016 19:36:38 -0700 -Subject: [PATCH 15/26] Modify themes +Subject: [PATCH 15/27] Modify themes * theme extension updateh diff --git a/projects/instantbird/0016-Modify-XMPP-defaults.patch b/projects/instantbird/0016-Modify-XMPP-defaults.patch index cfb73bc..e141d2f 100644 --- a/projects/instantbird/0016-Modify-XMPP-defaults.patch +++ b/projects/instantbird/0016-Modify-XMPP-defaults.patch @@ -1,7 +1,7 @@ -From 5f1268c7139217124d8ade00cd9fb1f90da0ab49 Mon Sep 17 00:00:00 2001 +From 8b1f0d8dfbc4483dc566269974ba85a50d6f4f21 Mon Sep 17 00:00:00 2001 From: Sukhbir Singh <sukhbir(a)torproject.org> Date: Mon, 10 Oct 2016 19:38:49 -0700 -Subject: [PATCH 16/26] Modify XMPP defaults +Subject: [PATCH 16/27] Modify XMPP defaults * xmpp-default-domain diff --git a/projects/instantbird/0017-Remove-logging-UI.patch b/projects/instantbird/0017-Remove-logging-UI.patch index fbf2e6f..2305fc8 100644 --- a/projects/instantbird/0017-Remove-logging-UI.patch +++ b/projects/instantbird/0017-Remove-logging-UI.patch @@ -1,7 +1,7 @@ -From 7db01c64bbc4b4bf34316ba1cfcf4c2d13a99035 Mon Sep 17 00:00:00 2001 +From aad7c7e9e29750bfcb9ecb9b0b0072a2d47525bd Mon Sep 17 00:00:00 2001 From: Sukhbir Singh <sukhbir(a)torproject.org> Date: Mon, 10 Oct 2016 19:50:48 -0700 -Subject: [PATCH 17/26] Remove logging UI +Subject: [PATCH 17/27] Remove logging UI --- im/content/preferences/privacy.xul | 20 -------------------- diff --git a/projects/instantbird/0018-Cert-override.patch b/projects/instantbird/0018-Cert-override.patch index 7454098..71609dd 100644 --- a/projects/instantbird/0018-Cert-override.patch +++ b/projects/instantbird/0018-Cert-override.patch @@ -1,7 +1,7 @@ -From 7df4822425e825e6bdd8dc225f28e087eec7c5c8 Mon Sep 17 00:00:00 2001 +From 76f4eef0da58e7bfc521108b89657bbc03c7c8ac Mon Sep 17 00:00:00 2001 From: Sukhbir Singh <sukhbir(a)torproject.org> Date: Mon, 10 Oct 2016 19:56:46 -0700 -Subject: [PATCH 18/26] Cert override +Subject: [PATCH 18/27] Cert override --- im/app/profile/cert_override.txt | 3 +++ diff --git a/projects/instantbird/0019-Display-all-traffic-over-Tor.patch b/projects/instantbird/0019-Display-all-traffic-over-Tor.patch index 7bafdf9..f7dcf4b 100644 --- a/projects/instantbird/0019-Display-all-traffic-over-Tor.patch +++ b/projects/instantbird/0019-Display-all-traffic-over-Tor.patch @@ -1,7 +1,7 @@ -From 96f480c22c8c4a6002c4bfd563cd444494b56294 Mon Sep 17 00:00:00 2001 +From 9d12cc1475c703b56fef75b4b9760047fc4abf6d Mon Sep 17 00:00:00 2001 From: Sukhbir Singh <sukhbir(a)torproject.org> Date: Mon, 10 Oct 2016 19:58:31 -0700 -Subject: [PATCH 19/26] Display all traffic over Tor +Subject: [PATCH 19/27] Display all traffic over Tor --- im/content/accountWizard.xul | 2 ++ diff --git a/projects/instantbird/0020-Trac-17480-Content-sink.patch b/projects/instantbird/0020-Trac-17480-Content-sink.patch index 5c43728..9940f2d 100644 --- a/projects/instantbird/0020-Trac-17480-Content-sink.patch +++ b/projects/instantbird/0020-Trac-17480-Content-sink.patch @@ -1,7 +1,7 @@ -From c88a57576cc3b78c69395d35888662e8de4d2f8e Mon Sep 17 00:00:00 2001 +From 53c2abceb1182a49395b2cd9b3c3ccfdcebbc5a8 Mon Sep 17 00:00:00 2001 From: Arlo Breault <arlolra(a)gmail.com> Date: Wed, 5 Oct 2016 11:09:25 -0700 -Subject: [PATCH 20/26] Trac 17480: Content sink +Subject: [PATCH 20/27] Trac 17480: Content sink --- chat/modules/imContentSink.jsm | 33 ++++++--------------------------- diff --git a/projects/instantbird/0021-SASL-ECDSA-NIST256P-CHALLENGE.patch b/projects/instantbird/0021-SASL-ECDSA-NIST256P-CHALLENGE.patch index bf0ce9f..fc11959 100644 --- a/projects/instantbird/0021-SASL-ECDSA-NIST256P-CHALLENGE.patch +++ b/projects/instantbird/0021-SASL-ECDSA-NIST256P-CHALLENGE.patch @@ -1,7 +1,7 @@ -From 08b1abe3af6bdc0143d82ca671218146147ac09e Mon Sep 17 00:00:00 2001 +From 162ae0788f7bca552b6ff319d6fd981fc0b96b2a Mon Sep 17 00:00:00 2001 From: Arlo Breault <arlolra(a)gmail.com> Date: Sun, 2 Oct 2016 08:46:55 -0700 -Subject: [PATCH 21/26] SASL ECDSA-NIST256P-CHALLENGE +Subject: [PATCH 21/27] SASL ECDSA-NIST256P-CHALLENGE --- chat/components/src/imAccounts.js | 1 + diff --git a/projects/instantbird/0022-Bug-1313137-msg-is-not-defined-error-in-irc.js-chang.patch b/projects/instantbird/0022-Bug-1313137-msg-is-not-defined-error-in-irc.js-chang.patch index ec5eda8..81f2cd8 100644 --- a/projects/instantbird/0022-Bug-1313137-msg-is-not-defined-error-in-irc.js-chang.patch +++ b/projects/instantbird/0022-Bug-1313137-msg-is-not-defined-error-in-irc.js-chang.patch @@ -1,7 +1,7 @@ -From b2a074e0dd2ccf85039846f1722f22af2a86062a Mon Sep 17 00:00:00 2001 +From 5293fe4db12ee2fda30ed452335789e7709c809d Mon Sep 17 00:00:00 2001 From: aleth <aleth(a)instantbird.org> Date: Wed, 26 Oct 2016 20:16:58 +0200 -Subject: [PATCH 22/26] Bug 1313137 - "msg is not defined" error in +Subject: [PATCH 22/27] Bug 1313137 - "msg is not defined" error in irc.js:changeBuddyNick. r=clokep --HG-- diff --git a/projects/instantbird/0023-Bug-954368-Contact-list-entries-should-adapt-their-h.patch b/projects/instantbird/0023-Bug-954368-Contact-list-entries-should-adapt-their-h.patch index 5433910..9f0aebb 100644 --- a/projects/instantbird/0023-Bug-954368-Contact-list-entries-should-adapt-their-h.patch +++ b/projects/instantbird/0023-Bug-954368-Contact-list-entries-should-adapt-their-h.patch @@ -1,7 +1,7 @@ -From 146c625d13d61402b879381a5ce372677837dfc8 Mon Sep 17 00:00:00 2001 +From 40cd830e6d90bad7810dccadc2b944c246659e99 Mon Sep 17 00:00:00 2001 From: aleth <aleth(a)instantbird.org> Date: Thu, 12 May 2016 15:10:43 +0200 -Subject: [PATCH 23/26] Bug 954368 - Contact list entries should adapt their +Subject: [PATCH 23/27] Bug 954368 - Contact list entries should adapt their height to the actual font size. r=florian --HG-- diff --git a/projects/instantbird/0024-Bug-1187281-Only-show-close-button-on-Windows.patch b/projects/instantbird/0024-Bug-1187281-Only-show-close-button-on-Windows.patch index dbdfe6e..5ad39e2 100644 --- a/projects/instantbird/0024-Bug-1187281-Only-show-close-button-on-Windows.patch +++ b/projects/instantbird/0024-Bug-1187281-Only-show-close-button-on-Windows.patch @@ -1,7 +1,7 @@ -From f5d793612a6fc1aee9f85347ed92b8358e3730fd Mon Sep 17 00:00:00 2001 +From 8c8930d1d6fe933814adfe6ef828f4ef4fe76a6b Mon Sep 17 00:00:00 2001 From: Arlo Breault <arlolra(a)gmail.com> Date: Sat, 5 Nov 2016 14:55:20 -0700 -Subject: [PATCH 24/26] Bug 1187281 - Only show "close" button on Windows +Subject: [PATCH 24/27] Bug 1187281 - Only show "close" button on Windows --- im/content/accounts.xul | 2 ++ diff --git a/projects/instantbird/0025-Bug-1316000-Remove-old-Yahoo-Messenger-support.-r-al.patch b/projects/instantbird/0025-Bug-1316000-Remove-old-Yahoo-Messenger-support.-r-al.patch index c8fc880..9144d64 100644 --- a/projects/instantbird/0025-Bug-1316000-Remove-old-Yahoo-Messenger-support.-r-al.patch +++ b/projects/instantbird/0025-Bug-1316000-Remove-old-Yahoo-Messenger-support.-r-al.patch @@ -1,7 +1,7 @@ -From 98df785bcb7e90dc878dcfe70e7c84cec1c69cd3 Mon Sep 17 00:00:00 2001 +From fd1b3c76721f43025219f2a5f76e5f33ffa20a9e Mon Sep 17 00:00:00 2001 From: Patrick Cloke <clokep(a)gmail.com> Date: Wed, 9 Nov 2016 09:03:49 -0800 -Subject: [PATCH 25/26] Bug 1316000 - Remove old Yahoo! Messenger support. +Subject: [PATCH 25/27] Bug 1316000 - Remove old Yahoo! Messenger support. r=aleth --- diff --git a/projects/instantbird/0026-Bug-1321641-Use-built-in-functions-instead-of-an-svg.patch b/projects/instantbird/0026-Bug-1321641-Use-built-in-functions-instead-of-an-svg.patch index 415903a..34387ec 100644 --- a/projects/instantbird/0026-Bug-1321641-Use-built-in-functions-instead-of-an-svg.patch +++ b/projects/instantbird/0026-Bug-1321641-Use-built-in-functions-instead-of-an-svg.patch @@ -1,7 +1,7 @@ -From 09954cbcf1d6c769e0610718edd41c13183fcc75 Mon Sep 17 00:00:00 2001 +From d210341ceb40de88a99ac22c1714e4c01bb504af Mon Sep 17 00:00:00 2001 From: Arlo Breault <arlolra(a)gmail.com> Date: Thu, 1 Dec 2016 13:25:42 -0800 -Subject: [PATCH 26/26] Bug 1321641 - Use built-in functions instead of an svg +Subject: [PATCH 26/27] Bug 1321641 - Use built-in functions instead of an svg for bubbles filter --- diff --git a/projects/instantbird/0027-Bug-1321420-Add-a-pref-to-disable-JavaScript-in-brow.patch b/projects/instantbird/0027-Bug-1321420-Add-a-pref-to-disable-JavaScript-in-brow.patch new file mode 100644 index 0000000..27e6c65 --- /dev/null +++ b/projects/instantbird/0027-Bug-1321420-Add-a-pref-to-disable-JavaScript-in-brow.patch @@ -0,0 +1,52 @@ +From 00e2ca60ebfa8d78824cb5e21917d9580ddf6d25 Mon Sep 17 00:00:00 2001 +From: Arlo Breault <arlolra(a)gmail.com> +Date: Thu, 1 Dec 2016 14:34:51 -0800 +Subject: [PATCH 27/27] Bug 1321420 - Add a pref to disable JavaScript in + browser requests + +--- + chat/chat-prefs.js | 2 ++ + chat/content/browserRequest.js | 7 +++++++ + 2 files changed, 9 insertions(+) + +diff --git a/chat/chat-prefs.js b/chat/chat-prefs.js +index 60b9c1e8c..90a212e5c 100644 +--- a/chat/chat-prefs.js ++++ b/chat/chat-prefs.js +@@ -86,6 +86,8 @@ pref("chat.prpls.prpl-skype.disable", true); + pref("chat.prpls.prpl-facebook.disable", true); + // Disable Yahoo Messenger as legacy Yahoo was shut down. + pref("chat.prpls.prpl-yahoo.disable", true); ++// Disable JavaScript in browser requests. ++pref("chat.browserRequest.disableJavascript", false); + + // loglevel is the minimum severity level that a libpurple message + // must have to be reported in the Error Console. +diff --git a/chat/content/browserRequest.js b/chat/content/browserRequest.js +index c52c8c637..0069219fa 100644 +--- a/chat/content/browserRequest.js ++++ b/chat/content/browserRequest.js +@@ -2,6 +2,8 @@ + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + ++Components.utils.import("resource:///modules/imServices.jsm"); ++ + var wpl = Components.interfaces.nsIWebProgressListener; + + var reporterListener = { +@@ -133,6 +135,11 @@ function loadRequestedUrl() + account.protocol.iconBaseURI + "icon48.png"; + + let browser = document.getElementById("requestFrame"); ++ browser.docShell.allowPlugins = false; ++ ++ if (Services.prefs.getBoolPref("chat.browserRequest.disableJavascript")) ++ browser.docShell.allowJavascript = false; ++ + browser.addProgressListener(reporterListener, + Components.interfaces.nsIWebProgress.NOTIFY_ALL); + let url = request.url; +-- +2.11.0 + diff --git a/projects/instantbird/config b/projects/instantbird/config index cc1cdc7..336502c 100644 --- a/projects/instantbird/config +++ b/projects/instantbird/config @@ -88,6 +88,7 @@ input_files: - filename: 0024-Bug-1187281-Only-show-close-button-on-Windows.patch - filename: 0025-Bug-1316000-Remove-old-Yahoo-Messenger-support.-r-al.patch - filename: 0026-Bug-1321641-Use-built-in-functions-instead-of-an-svg.patch + - filename: 0027-Bug-1321420-Add-a-pref-to-disable-JavaScript-in-brow.patch - filename: mozconfig-common - filename: 'mozconfig-[% c("var/osname") %]' name: mozconfig

1 0