tor-commits
Threads by month
- ----- 2025 -----
- May
- April
- March
- February
- January
- ----- 2024 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2023 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2022 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2021 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2020 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2019 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2018 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2017 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2016 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2015 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2014 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2013 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2012 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2011 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
January 2021
- 16 participants
- 2244 discussions

[tor-browser/tor-browser-86.0b1-10.5-1] Bug 40073: Disable remote Public Suffix List fetching
by gk@torproject.org 30 Jan '21
by gk@torproject.org 30 Jan '21
30 Jan '21
commit 8f46069bec76f9a878a92c9c55eb8936d4a5af62
Author: Alex Catarineu <acat(a)torproject.org>
Date: Thu Aug 13 11:05:03 2020 +0200
Bug 40073: Disable remote Public Suffix List fetching
In https://bugzilla.mozilla.org/show_bug.cgi?id=1563246 Firefox implemented
fetching the Public Suffix List via RemoteSettings and replacing the default
one at runtime, which we do not want.
---
browser/components/BrowserGlue.jsm | 5 -----
1 file changed, 5 deletions(-)
diff --git a/browser/components/BrowserGlue.jsm b/browser/components/BrowserGlue.jsm
index af1aadf1eb73..e45472258a80 100644
--- a/browser/components/BrowserGlue.jsm
+++ b/browser/components/BrowserGlue.jsm
@@ -65,7 +65,6 @@ XPCOMUtils.defineLazyModuleGetters(this, {
PluralForm: "resource://gre/modules/PluralForm.jsm",
PrivateBrowsingUtils: "resource://gre/modules/PrivateBrowsingUtils.jsm",
ProcessHangMonitor: "resource:///modules/ProcessHangMonitor.jsm",
- PublicSuffixList: "resource://gre/modules/netwerk-dns/PublicSuffixList.jsm",
RemoteSettings: "resource://services-settings/remote-settings.js",
RemoteSecuritySettings:
"resource://gre/modules/psm/RemoteSecuritySettings.jsm",
@@ -2757,10 +2756,6 @@ BrowserGlue.prototype = {
this._addBreachesSyncHandler();
},
- () => {
- PublicSuffixList.init();
- },
-
() => {
RemoteSecuritySettings.init();
},
1
0

[tor-browser/tor-browser-86.0b1-10.5-1] Bug 40198: Expose privacy.spoof_english pref in GeckoView
by gk@torproject.org 30 Jan '21
by gk@torproject.org 30 Jan '21
30 Jan '21
commit 169ac2fa705c73eb974383ce218c631568ec942b
Author: Alex Catarineu <acat(a)torproject.org>
Date: Sun Oct 18 17:06:04 2020 +0200
Bug 40198: Expose privacy.spoof_english pref in GeckoView
---
mobile/android/geckoview/api.txt | 3 ++
.../mozilla/geckoview/GeckoRuntimeSettings.java | 33 ++++++++++++++++++++++
2 files changed, 36 insertions(+)
diff --git a/mobile/android/geckoview/api.txt b/mobile/android/geckoview/api.txt
index 61fd351cda2b..e267ee00f996 100644
--- a/mobile/android/geckoview/api.txt
+++ b/mobile/android/geckoview/api.txt
@@ -639,6 +639,7 @@ package org.mozilla.geckoview {
method public boolean getRemoteDebuggingEnabled();
method @Nullable public GeckoRuntime getRuntime();
method @Nullable public Rect getScreenSizeOverride();
+ method public boolean getSpoofEnglish();
method @Nullable public RuntimeTelemetry.Delegate getTelemetryDelegate();
method public int getTorSecurityLevel();
method public boolean getUseMaxScreenDepth();
@@ -658,6 +659,7 @@ package org.mozilla.geckoview {
method @NonNull public GeckoRuntimeSettings setLoginAutofillEnabled(boolean);
method @NonNull public GeckoRuntimeSettings setPreferredColorScheme(int);
method @NonNull public GeckoRuntimeSettings setRemoteDebuggingEnabled(boolean);
+ method @NonNull public GeckoRuntimeSettings setSpoofEnglish(boolean);
method @NonNull public GeckoRuntimeSettings setTorSecurityLevel(int);
method @NonNull public GeckoRuntimeSettings setWebFontsEnabled(boolean);
method @NonNull public GeckoRuntimeSettings setWebManifestEnabled(boolean);
@@ -693,6 +695,7 @@ package org.mozilla.geckoview {
method @NonNull public GeckoRuntimeSettings.Builder preferredColorScheme(int);
method @NonNull public GeckoRuntimeSettings.Builder remoteDebuggingEnabled(boolean);
method @NonNull public GeckoRuntimeSettings.Builder screenSizeOverride(int, int);
+ method @NonNull public GeckoRuntimeSettings.Builder spoofEnglish(boolean);
method @NonNull public GeckoRuntimeSettings.Builder telemetryDelegate(@NonNull RuntimeTelemetry.Delegate);
method @NonNull public GeckoRuntimeSettings.Builder torSecurityLevel(int);
method @NonNull public GeckoRuntimeSettings.Builder useMaxScreenDepth(boolean);
diff --git a/mobile/android/geckoview/src/main/java/org/mozilla/geckoview/GeckoRuntimeSettings.java b/mobile/android/geckoview/src/main/java/org/mozilla/geckoview/GeckoRuntimeSettings.java
index 625883afe8d3..0d0ad52730ad 100644
--- a/mobile/android/geckoview/src/main/java/org/mozilla/geckoview/GeckoRuntimeSettings.java
+++ b/mobile/android/geckoview/src/main/java/org/mozilla/geckoview/GeckoRuntimeSettings.java
@@ -457,6 +457,17 @@ public final class GeckoRuntimeSettings extends RuntimeSettings {
getSettings().mTorSecurityLevel.set(level);
return this;
}
+
+ /**
+ * Sets whether we should spoof locale to English for webpages.
+ *
+ * @param flag True if we should spoof locale to English for webpages, false otherwise.
+ * @return This Builder instance.
+ */
+ public @NonNull Builder spoofEnglish(final boolean flag) {
+ getSettings().mSpoofEnglish.set(flag ? 2 : 1);
+ return this;
+ }
}
private GeckoRuntime mRuntime;
@@ -507,6 +518,8 @@ public final class GeckoRuntimeSettings extends RuntimeSettings {
"signon.autofillForms", true);
/* package */ final Pref<Integer> mTorSecurityLevel = new Pref<>(
"extensions.torbutton.security_slider", 4);
+ /* package */ final Pref<Integer> mSpoofEnglish = new Pref<>(
+ "privacy.spoof_english", 0);
/* package */ int mPreferredColorScheme = COLOR_SCHEME_SYSTEM;
@@ -1175,6 +1188,26 @@ public final class GeckoRuntimeSettings extends RuntimeSettings {
return this;
}
+ /**
+ * Get whether we should spoof locale to English for webpages.
+ *
+ * @return Whether we should spoof locale to English for webpages.
+ */
+ public boolean getSpoofEnglish() {
+ return mSpoofEnglish.get() == 2;
+ }
+
+ /**
+ * Set whether we should spoof locale to English for webpages.
+ *
+ * @param flag A flag determining whether we should locale to English for webpages.
+ * @return This GeckoRuntimeSettings instance.
+ */
+ public @NonNull GeckoRuntimeSettings setSpoofEnglish(final boolean flag) {
+ mSpoofEnglish.commit(flag ? 2 : 1);
+ return this;
+ }
+
@Override // Parcelable
public void writeToParcel(final Parcel out, final int flags) {
super.writeToParcel(out, flags);
1
0

[tor-browser/tor-browser-86.0b1-10.5-1] Bug 4234: Use the Firefox Update Process for Tor Browser.
by gk@torproject.org 30 Jan '21
by gk@torproject.org 30 Jan '21
30 Jan '21
commit 3d60601e70321bd8a7c6a4c16ffef1ceb6947c5b
Author: Kathy Brade <brade(a)pearlcrescent.com>
Date: Fri Jan 13 11:40:24 2017 -0500
Bug 4234: Use the Firefox Update Process for Tor Browser.
The following files are never updated:
TorBrowser/Data/Browser/profiles.ini
TorBrowser/Data/Browser/profile.default/bookmarks.html
TorBrowser/Data/Tor/torrc
Mac OS: Store update metadata under TorBrowser/UpdateInfo.
Removed the %OS_VERSION% component from the update URL (13047) and
added support for minSupportedOSVersion, an attribute of the
<update> element that may be used to trigger Firefox's
"unsupported platform" behavior.
Hide the "What's new" links (set app.releaseNotesURL value to about:blank).
Windows: disable "runas" code path in updater (15201).
Windows: avoid writing to the registry (16236).
Also includes fixes for tickets 13047, 13301, 13356, 13594, 15406,
16014, 16909, 24476, and 25909.
Also fix Bug 26049: reduce the delay before the update prompt is displayed.
Instead of Firefox's 2 days, we use 1 hour (after which time the update
doorhanger will be displayed).
Also fix bug 27221: purge the startup cache if the Tor Browser
version changed (even if the Firefox version and build ID did
not change), e.g., after a minor Tor Browser update.
Also fix 32616: Disable GetSecureOutputDirectoryPath() functionality.
Bug 26048: potentially confusing "restart to update" message
Within the update doorhanger, remove the misleading message that mentions
that windows will be restored after an update is applied, and replace the
"Restart and Restore" button label with an existing
"Restart to update Tor Browser" string.
Bug 28885: notify users that update is downloading
Add a "Downloading Tor Browser update" item which appears in the
hamburger (app) menu while the update service is downloading a MAR
file. Before this change, the browser did not indicate to the user
that an update was in progress, which is especially confusing in
Tor Browser because downloads often take some time. If the user
clicks on the new menu item, the about dialog is opened to allow
the user to see download progress.
As part of this fix, the update service was changed to always show
update-related messages in the hamburger menu, even if the update
was started in the foreground via the about dialog or via the
"Check for Tor Browser Update" toolbar menu item. This change is
consistent with the Tor Browser goal of making sure users are
informed about the update process.
Removed #28885 parts of this patch which have been uplifted to Firefox.
---
browser/app/Makefile.in | 2 +
browser/app/profile/000-tor-browser.js | 16 +-
browser/app/profile/firefox.js | 10 +-
browser/base/content/aboutDialog-appUpdater.js | 2 +-
browser/base/content/aboutDialog.js | 12 +-
browser/components/BrowserContentHandler.jsm | 39 ++-
.../customizableui/content/panelUI.inc.xhtml | 5 +-
browser/confvars.sh | 35 +--
browser/installer/package-manifest.in | 2 +
build/application.ini.in | 2 +-
build/moz.configure/init.configure | 3 +-
config/createprecomplete.py | 19 +-
.../client/aboutdebugging/src/actions/runtimes.js | 5 +
toolkit/modules/UpdateUtils.jsm | 34 +--
toolkit/mozapps/extensions/AddonManager.jsm | 24 ++
toolkit/mozapps/extensions/test/browser/head.js | 1 +
.../extensions/test/xpcshell/head_addons.js | 1 +
toolkit/mozapps/update/UpdateService.jsm | 125 +++++++-
toolkit/mozapps/update/UpdateServiceStub.jsm | 4 +
toolkit/mozapps/update/common/updatehelper.cpp | 8 +
toolkit/mozapps/update/moz.build | 5 +-
toolkit/mozapps/update/updater/launchchild_osx.mm | 2 +
toolkit/mozapps/update/updater/moz.build | 2 +-
toolkit/mozapps/update/updater/updater.cpp | 339 ++++++++++++++++++---
toolkit/xre/MacLaunchHelper.h | 2 +
toolkit/xre/MacLaunchHelper.mm | 2 +
toolkit/xre/nsAppRunner.cpp | 22 +-
toolkit/xre/nsUpdateDriver.cpp | 109 ++++++-
toolkit/xre/nsXREDirProvider.cpp | 42 ++-
tools/update-packaging/common.sh | 64 ++--
tools/update-packaging/make_full_update.sh | 25 ++
tools/update-packaging/make_incremental_update.sh | 71 ++++-
32 files changed, 880 insertions(+), 154 deletions(-)
diff --git a/browser/app/Makefile.in b/browser/app/Makefile.in
index 8dd3a9a65661..3a5550c96c15 100644
--- a/browser/app/Makefile.in
+++ b/browser/app/Makefile.in
@@ -97,10 +97,12 @@ tools repackage:: $(DIST)/bin/$(MOZ_APP_NAME) $(objdir)/macbuild/Contents/MacOS-
rsync -aL $(DIST)/bin/$(MOZ_APP_NAME) '$(dist_dest)/Contents/MacOS'
cp -RL $(topsrcdir)/$(MOZ_BRANDING_DIRECTORY)/firefox.icns '$(dist_dest)/Contents/Resources/firefox.icns'
cp -RL $(topsrcdir)/$(MOZ_BRANDING_DIRECTORY)/document.icns '$(dist_dest)/Contents/Resources/document.icns'
+ifndef TOR_BROWSER_UPDATE
$(MKDIR) -p '$(dist_dest)/Contents/Library/LaunchServices'
ifdef MOZ_UPDATER
mv -f '$(dist_dest)/Contents/MacOS/updater.app/Contents/MacOS/org.mozilla.updater' '$(dist_dest)/Contents/Library/LaunchServices'
ln -s ../../../../Library/LaunchServices/org.mozilla.updater '$(dist_dest)/Contents/MacOS/updater.app/Contents/MacOS/org.mozilla.updater'
+endif
endif
printf APPLTORB > '$(dist_dest)/Contents/PkgInfo'
endif
diff --git a/browser/app/profile/000-tor-browser.js b/browser/app/profile/000-tor-browser.js
index bb8bc18142b7..7afc248e1137 100644
--- a/browser/app/profile/000-tor-browser.js
+++ b/browser/app/profile/000-tor-browser.js
@@ -7,7 +7,6 @@
// Disable initial homepage notifications
pref("browser.search.update", false);
pref("browser.rights.3.shown", true);
-pref("browser.startup.homepage_override.mstone", "ignore");
pref("startup.homepage_welcome_url", "");
pref("startup.homepage_welcome_url.additional", "");
@@ -20,9 +19,17 @@ pref("startup.homepage_override_url", "https://blog.torproject.org/category/tags
// Try to nag a bit more about updates: Pop up a restart dialog an hour after the initial dialog
pref("app.update.promptWaitTime", 3600);
-
-#ifdef XP_WIN
-// For now, disable staged updates on Windows (see #18292).
+pref("app.update.notifyDuringDownload", true);
+pref("app.update.url.manual", "https://www.torproject.org/download/languages/");
+pref("app.update.url.details", "https://www.torproject.org/download/");
+pref("app.update.badgeWaitTime", 0);
+pref("app.releaseNotesURL", "about:blank");
+
+#ifndef XP_MACOSX
+// Disable staged updates on platforms other than macOS.
+// Staged updates do not work on Windows due to #18292.
+// Also, on Windows and Linux any changes that are made to the browser profile
+// or Tor data after an update is staged will be lost.
pref("app.update.staging.enabled", false);
#endif
@@ -82,6 +89,7 @@ pref("datareporting.policy.dataSubmissionEnabled", false);
// Make sure Unified Telemetry is really disabled, see: #18738.
pref("toolkit.telemetry.unified", false);
pref("toolkit.telemetry.enabled", false);
+pref("toolkit.telemetry.updatePing.enabled", false); // Make sure updater telemetry is disabled; see #25909.
#ifdef XP_WIN
// Defense-in-depth: ensure that the Windows default browser agent will
// not ping Mozilla if it is somehow present (we omit it at build time).
diff --git a/browser/app/profile/firefox.js b/browser/app/profile/firefox.js
index e781c1dc5798..2de62e868bcc 100644
--- a/browser/app/profile/firefox.js
+++ b/browser/app/profile/firefox.js
@@ -134,14 +134,8 @@ pref("app.update.elevation.promptMaxAttempts", 2);
pref("app.update.notifyDuringDownload", false);
// If set to true, the Update Service will automatically download updates if the
-// user can apply updates. This pref is no longer used on Windows, except as the
-// default value to migrate to the new location that this data is now stored
-// (which is in a file in the update directory). Because of this, this pref
-// should no longer be used directly. Instead, getAppUpdateAutoEnabled and
-// getAppUpdateAutoEnabled from UpdateUtils.jsm should be used.
-#ifndef XP_WIN
- pref("app.update.auto", true);
-#endif
+// user can apply updates.
+pref("app.update.auto", true);
// If set to true, the Update Service will apply updates in the background
// when it finishes downloading them.
diff --git a/browser/base/content/aboutDialog-appUpdater.js b/browser/base/content/aboutDialog-appUpdater.js
index 97d59902d555..195e78824802 100644
--- a/browser/base/content/aboutDialog-appUpdater.js
+++ b/browser/base/content/aboutDialog-appUpdater.js
@@ -161,7 +161,7 @@ appUpdater.prototype = {
if (aChildID == "downloadAndInstall") {
let updateVersion = gAppUpdater.update.displayVersion;
// Include the build ID if this is an "a#" (nightly or aurora) build
- if (/a\d+$/.test(updateVersion)) {
+ if (!AppConstants.TOR_BROWSER_UPDATE && /a\d+$/.test(updateVersion)) {
let buildID = gAppUpdater.update.buildID;
let year = buildID.slice(0, 4);
let month = buildID.slice(4, 6);
diff --git a/browser/base/content/aboutDialog.js b/browser/base/content/aboutDialog.js
index b96337666cff..ab1d9b80b944 100644
--- a/browser/base/content/aboutDialog.js
+++ b/browser/base/content/aboutDialog.js
@@ -56,15 +56,13 @@ async function init(aEvent) {
bits: Services.appinfo.is64Bit ? 64 : 32,
};
+ // Adjust version text to show the Tor Browser version
+ versionAttributes.version = AppConstants.TOR_BROWSER_VERSION +
+ " (based on Mozilla Firefox " +
+ AppConstants.MOZ_APP_VERSION_DISPLAY + ")";
+
let version = Services.appinfo.version;
if (/a\d+$/.test(version)) {
- versionId = "aboutDialog-version-nightly";
- let buildID = Services.appinfo.appBuildID;
- let year = buildID.slice(0, 4);
- let month = buildID.slice(4, 6);
- let day = buildID.slice(6, 8);
- versionAttributes.isodate = `${year}-${month}-${day}`;
-
document.getElementById("experimental").hidden = false;
document.getElementById("communityDesc").hidden = true;
}
diff --git a/browser/components/BrowserContentHandler.jsm b/browser/components/BrowserContentHandler.jsm
index b4ea1974aa5b..0a37ca088ca0 100644
--- a/browser/components/BrowserContentHandler.jsm
+++ b/browser/components/BrowserContentHandler.jsm
@@ -46,6 +46,8 @@ XPCOMUtils.defineLazyGlobalGetters(this, [URL]);
const NEWINSTALL_PAGE = "about:newinstall";
+const kTBSavedVersionPref = "browser.startup.homepage_override.torbrowser.version";
+
// One-time startup homepage override configurations
const ONCE_DOMAINS = ["mozilla.org", "firefox.com"];
const ONCE_PREF = "browser.startup.homepage_override.once";
@@ -105,7 +107,8 @@ const OVERRIDE_ALTERNATE_PROFILE = 4;
* Returns:
* OVERRIDE_NEW_PROFILE if this is the first run with a new profile.
* OVERRIDE_NEW_MSTONE if this is the first run with a build with a different
- * Gecko milestone (i.e. right after an upgrade).
+ * Gecko milestone or Tor Browser version (i.e. right
+ * after an upgrade).
* OVERRIDE_NEW_BUILD_ID if this is the first run with a new build ID of the
* same Gecko milestone (i.e. after a nightly upgrade).
* OVERRIDE_NONE otherwise.
@@ -128,6 +131,11 @@ function needHomepageOverride(prefb) {
var mstone = Services.appinfo.platformVersion;
+ var savedTBVersion = null;
+ try {
+ savedTBVersion = prefb.getCharPref(kTBSavedVersionPref);
+ } catch (e) {}
+
var savedBuildID = prefb.getCharPref(
"browser.startup.homepage_override.buildID",
""
@@ -146,7 +154,22 @@ function needHomepageOverride(prefb) {
prefb.setCharPref("browser.startup.homepage_override.mstone", mstone);
prefb.setCharPref("browser.startup.homepage_override.buildID", buildID);
- return savedmstone ? OVERRIDE_NEW_MSTONE : OVERRIDE_NEW_PROFILE;
+ prefb.setCharPref(kTBSavedVersionPref, AppConstants.TOR_BROWSER_VERSION);
+
+ // After an upgrade from an older release of Tor Browser (<= 5.5a1), the
+ // savedmstone will be undefined because those releases included the
+ // value "ignore" for the browser.startup.homepage_override.mstone pref.
+ // To correctly detect an upgrade vs. a new profile, we check for the
+ // presence of the "app.update.postupdate" pref.
+ let updated = prefb.prefHasUserValue("app.update.postupdate");
+ return (savedmstone || updated) ? OVERRIDE_NEW_MSTONE
+ : OVERRIDE_NEW_PROFILE;
+ }
+
+ if (AppConstants.TOR_BROWSER_VERSION != savedTBVersion) {
+ prefb.setCharPref("browser.startup.homepage_override.buildID", buildID);
+ prefb.setCharPref(kTBSavedVersionPref, AppConstants.TOR_BROWSER_VERSION);
+ return OVERRIDE_NEW_MSTONE;
}
if (buildID != savedBuildID) {
@@ -647,6 +670,13 @@ nsBrowserContentHandler.prototype = {
"browser.startup.homepage_override.buildID",
"unknown"
);
+
+ // We do the same for the Tor Browser version.
+ let old_tbversion = null;
+ try {
+ old_tbversion = prefb.getCharPref(kTBSavedVersionPref);
+ } catch (e) {}
+
override = needHomepageOverride(prefb);
if (override != OVERRIDE_NONE) {
switch (override) {
@@ -679,9 +709,10 @@ nsBrowserContentHandler.prototype = {
"startup.homepage_override_url"
);
let update = UpdateManager.readyUpdate;
+ let old_version = old_tbversion ? old_tbversion: old_mstone;
if (
update &&
- Services.vc.compare(update.appVersion, old_mstone) > 0
+ Services.vc.compare(update.appVersion, old_version) > 0
) {
overridePage = getPostUpdateOverridePage(update, overridePage);
// Send the update ping to signal that the update was successful.
@@ -689,6 +720,8 @@ nsBrowserContentHandler.prototype = {
}
overridePage = overridePage.replace("%OLD_VERSION%", old_mstone);
+ overridePage = overridePage.replace("%OLD_TOR_BROWSER_VERSION%",
+ old_tbversion);
break;
case OVERRIDE_NEW_BUILD_ID:
if (UpdateManager.readyUpdate) {
diff --git a/browser/components/customizableui/content/panelUI.inc.xhtml b/browser/components/customizableui/content/panelUI.inc.xhtml
index 94e0531cb052..46183006c04d 100644
--- a/browser/components/customizableui/content/panelUI.inc.xhtml
+++ b/browser/components/customizableui/content/panelUI.inc.xhtml
@@ -143,14 +143,15 @@
<popupnotification id="appMenu-update-restart-notification"
popupid="update-restart"
data-lazy-l10n-id="appmenu-update-restart"
- data-l10n-attrs="buttonlabel, buttonaccesskey, secondarybuttonlabel, secondarybuttonaccesskey"
+ data-l10n-attrs="buttonaccesskey, secondarybuttonlabel, secondarybuttonaccesskey"
+ buttonlabel="&updateRestart.panelUI.label2;"
closebuttonhidden="true"
dropmarkerhidden="true"
checkboxhidden="true"
buttonhighlight="true"
hidden="true">
<popupnotificationcontent id="update-restart-notification-content" orient="vertical">
- <description id="update-restart-description" data-lazy-l10n-id="appmenu-update-restart-message"></description>
+ <description id="update-restart-description"> </description>
</popupnotificationcontent>
</popupnotification>
diff --git a/browser/confvars.sh b/browser/confvars.sh
index 92871c9516f9..040a27e9b92d 100755
--- a/browser/confvars.sh
+++ b/browser/confvars.sh
@@ -6,26 +6,6 @@
MOZ_APP_VENDOR=Mozilla
MOZ_UPDATER=1
-if test "$OS_ARCH" = "WINNT"; then
- if ! test "$HAVE_64BIT_BUILD"; then
- if test "$MOZ_UPDATE_CHANNEL" = "nightly" -o \
- "$MOZ_UPDATE_CHANNEL" = "nightly-try" -o \
- "$MOZ_UPDATE_CHANNEL" = "aurora" -o \
- "$MOZ_UPDATE_CHANNEL" = "beta" -o \
- "$MOZ_UPDATE_CHANNEL" = "release"; then
- if ! test "$MOZ_DEBUG"; then
- if ! test "$USE_STUB_INSTALLER"; then
- # Expect USE_STUB_INSTALLER from taskcluster for downstream task consistency
- echo "ERROR: STUB installer expected to be enabled but"
- echo "ERROR: USE_STUB_INSTALLER is not specified in the environment"
- exit 1
- fi
- MOZ_STUB_INSTALLER=1
- fi
- fi
- fi
-fi
-
BROWSER_CHROME_URL=chrome://browser/content/browser.xhtml
# MOZ_APP_DISPLAYNAME will be set by branding/configure.sh
@@ -38,6 +18,21 @@ MOZ_BRANDING_DIRECTORY=browser/branding/unofficial
MOZ_OFFICIAL_BRANDING_DIRECTORY=browser/branding/official
MOZ_APP_ID={ec8030f7-c20a-464f-9b0e-13a3a9e97384}
+# ACCEPTED_MAR_CHANNEL_IDS should usually be the same as the value MAR_CHANNEL_ID.
+# If more than one ID is needed, then you should use a comma separated list
+# of values.
+# The MAR_CHANNEL_ID must not contain the following 3 characters: ",\t "
+if test "$MOZ_UPDATE_CHANNEL" = "alpha"; then
+ ACCEPTED_MAR_CHANNEL_IDS=torbrowser-torproject-alpha
+ MAR_CHANNEL_ID=torbrowser-torproject-alpha
+elif test "$MOZ_UPDATE_CHANNEL" = "nightly"; then
+ ACCEPTED_MAR_CHANNEL_IDS=torbrowser-torproject-nightly
+ MAR_CHANNEL_ID=torbrowser-torproject-nightly
+else
+ ACCEPTED_MAR_CHANNEL_IDS=torbrowser-torproject-release
+ MAR_CHANNEL_ID=torbrowser-torproject-release
+fi
+
MOZ_PROFILE_MIGRATOR=1
# Include the DevTools client, not just the server (which is the default)
diff --git a/browser/installer/package-manifest.in b/browser/installer/package-manifest.in
index ca92c31f8d46..f40210cc51cb 100644
--- a/browser/installer/package-manifest.in
+++ b/browser/installer/package-manifest.in
@@ -36,8 +36,10 @@
; Mac bundle stuff
@APPNAME@/Contents/Info.plist
#ifdef MOZ_UPDATER
+#ifndef TOR_BROWSER_UPDATE
@APPNAME@/Contents/Library/LaunchServices
#endif
+#endif
@APPNAME@/Contents/PkgInfo
@RESPATH@/firefox.icns
@RESPATH@/document.icns
diff --git a/build/application.ini.in b/build/application.ini.in
index a6141de0be15..96faf3775588 100644
--- a/build/application.ini.in
+++ b/build/application.ini.in
@@ -52,5 +52,5 @@ ServerURL=https://crash-reports.mozilla.com/submit?id=@MOZ_APP_ID@&version=…
#if MOZ_UPDATER
[AppUpdate]
-URL=https://@MOZ_APPUPDATE_HOST@/update/6/%PRODUCT%/%VERSION%/%BUILD_ID%/%BUILD_TARGET%/%LOCALE%/%CHANNEL%/%OS_VERSION%/%SYSTEM_CAPABILITIES%/%DISTRIBUTION%/%DISTRIBUTION_VERSION%/update.xml
+URL=https://aus1.torproject.org/torbrowser/update_3/%CHANNEL%/%BUILD_TARGET%/%VERSION%/%LOCALE%
#endif
diff --git a/build/moz.configure/init.configure b/build/moz.configure/init.configure
index 7435bdeaad03..e2b14d07b375 100644
--- a/build/moz.configure/init.configure
+++ b/build/moz.configure/init.configure
@@ -1181,7 +1181,6 @@ def version_path(path):
# set RELEASE_OR_BETA and NIGHTLY_BUILD variables depending on the cycle we're in
# The logic works like this:
# - if we have "a1" in GRE_MILESTONE, we're building Nightly (define NIGHTLY_BUILD)
-# - otherwise, if we have "a" in GRE_MILESTONE, we're building Nightly or Aurora
# - otherwise, we're building Release/Beta (define RELEASE_OR_BETA)
@depends(check_build_environment, build_project, version_path, "--help")
@imports(_from="__builtin__", _import="open")
@@ -1228,7 +1227,7 @@ def milestone(build_env, build_project, version_path, _):
if "a1" in milestone:
is_nightly = True
- elif "a" not in milestone:
+ else:
is_release_or_beta = True
major_version = milestone.split(".")[0]
diff --git a/config/createprecomplete.py b/config/createprecomplete.py
index dda4efcdf8e1..39aa85182dcb 100644
--- a/config/createprecomplete.py
+++ b/config/createprecomplete.py
@@ -5,6 +5,7 @@
# update instructions which is used to remove files and directories that are no
# longer present in a complete update. The current working directory is used for
# the location to enumerate and to create the precomplete file.
+# For symlinks, remove instructions are always generated.
from __future__ import absolute_import
from __future__ import unicode_literals
@@ -13,9 +14,18 @@ import os
import io
+# TODO When TOR_BROWSER_DATA_OUTSIDE_APP_DIR is used on all platforms,
+# we should remove all lines in this file that contain:
+# TorBrowser/Data
+
+
def get_build_entries(root_path):
"""Iterates through the root_path, creating a list for each file and
directory. Excludes any file paths ending with channel-prefs.js.
+ To support Tor Browser updates, excludes:
+ TorBrowser/Data/Browser/profiles.ini
+ TorBrowser/Data/Browser/profile.default/bookmarks.html
+ TorBrowser/Data/Tor/torrc
"""
rel_file_path_set = set()
rel_dir_path_set = set()
@@ -27,6 +37,10 @@ def get_build_entries(root_path):
if not (
rel_path_file.endswith("channel-prefs.js")
or rel_path_file.endswith("update-settings.ini")
+ or rel_path_file == "TorBrowser/Data/Browser/profiles.ini"
+ or rel_path_file
+ == "TorBrowser/Data/Browser/profile.default/bookmarks.html"
+ or rel_path_file == "TorBrowser/Data/Tor/torrc"
or rel_path_file.find("distribution/") != -1
):
rel_file_path_set.add(rel_path_file)
@@ -36,7 +50,10 @@ def get_build_entries(root_path):
rel_path_dir = os.path.join(parent_dir_rel_path, dir_name)
rel_path_dir = rel_path_dir.replace("\\", "/") + "/"
if rel_path_dir.find("distribution/") == -1:
- rel_dir_path_set.add(rel_path_dir)
+ if os.path.islink(rel_path_dir[:-1]):
+ rel_file_path_set.add(rel_path_dir[:-1])
+ else:
+ rel_dir_path_set.add(rel_path_dir)
rel_file_path_list = list(rel_file_path_set)
rel_file_path_list.sort(reverse=True)
diff --git a/devtools/client/aboutdebugging/src/actions/runtimes.js b/devtools/client/aboutdebugging/src/actions/runtimes.js
index 3d9ce0490bf2..00dff36f28a2 100644
--- a/devtools/client/aboutdebugging/src/actions/runtimes.js
+++ b/devtools/client/aboutdebugging/src/actions/runtimes.js
@@ -71,6 +71,11 @@ async function getRuntimeIcon(runtime, channel) {
}
}
+ // Use the release build skin for devtools within Tor Browser alpha releases.
+ if (channel === "alpha") {
+ return "chrome://devtools/skin/images/aboutdebugging-firefox-release.svg";
+ }
+
return channel === "release" || channel === "beta" || channel === "aurora"
? `chrome://devtools/skin/images/aboutdebugging-firefox-${channel}.svg`
: "chrome://devtools/skin/images/aboutdebugging-firefox-nightly.svg";
diff --git a/toolkit/modules/UpdateUtils.jsm b/toolkit/modules/UpdateUtils.jsm
index d2b695b47442..883928472732 100644
--- a/toolkit/modules/UpdateUtils.jsm
+++ b/toolkit/modules/UpdateUtils.jsm
@@ -103,7 +103,7 @@ var UpdateUtils = {
case "PRODUCT":
return Services.appinfo.name;
case "VERSION":
- return Services.appinfo.version;
+ return AppConstants.TOR_BROWSER_VERSION;
case "BUILD_ID":
return Services.appinfo.appBuildID;
case "BUILD_TARGET":
@@ -167,25 +167,17 @@ var UpdateUtils = {
* downloads and installs updates. This corresponds to whether or not the user
* has selected "Automatically install updates" in about:preferences.
*
- * On Windows, this setting is shared across all profiles for the installation
+ * On Windows (except in Tor Browser), this setting is shared across all profiles
+ * for the installation
* and is read asynchronously from the file. On other operating systems, this
* setting is stored in a pref and is thus a per-profile setting.
*
* @return A Promise that resolves with a boolean.
*/
getAppUpdateAutoEnabled() {
- if (Services.policies) {
- if (!Services.policies.isAllowed("app-auto-updates-off")) {
- // We aren't allowed to turn off auto-update - it is forced on.
- return Promise.resolve(true);
- }
- if (!Services.policies.isAllowed("app-auto-updates-on")) {
- // We aren't allowed to turn on auto-update - it is forced off.
- return Promise.resolve(false);
- }
- }
- if (AppConstants.platform != "win") {
- // On platforms other than Windows the setting is stored in a preference.
+ if (AppConstants.TOR_BROWSER_UPDATE || (AppConstants.platform != "win")) {
+ // On platforms other than Windows and always in Tor Browser the setting
+ // is stored in a preference.
let prefValue = Services.prefs.getBoolPref(
PREF_APP_UPDATE_AUTO,
DEFAULT_APP_UPDATE_AUTO
@@ -256,7 +248,8 @@ var UpdateUtils = {
* updates" and "Check for updates but let you choose to install them" options
* in about:preferences.
*
- * On Windows, this setting is shared across all profiles for the installation
+ * On Windows (except in Tor Browser), this setting is shared across all profiles
+ * for the installation
* and is written asynchronously to the file. On other operating systems, this
* setting is stored in a pref and is thus a per-profile setting.
*
@@ -276,14 +269,9 @@ var UpdateUtils = {
* this operation simply sets a pref.
*/
setAppUpdateAutoEnabled(enabledValue) {
- if (this.appUpdateAutoSettingIsLocked()) {
- return Promise.reject(
- "setAppUpdateAutoEnabled: Unable to change value of setting because " +
- "it is locked by policy"
- );
- }
- if (AppConstants.platform != "win") {
- // Only in Windows do we store the update config in the update directory
+ if (AppConstants.TOR_BROWSER_UPDATE || (AppConstants.platform != "win")) {
+ // Only in Windows (but never for Tor Browser) do we store the update config
+ // in the update directory
let prefValue = !!enabledValue;
Services.prefs.setBoolPref(PREF_APP_UPDATE_AUTO, prefValue);
// Rather than call maybeUpdateAutoConfigChanged, a pref observer has
diff --git a/toolkit/mozapps/extensions/AddonManager.jsm b/toolkit/mozapps/extensions/AddonManager.jsm
index 726819a25493..b7c046e93eff 100644
--- a/toolkit/mozapps/extensions/AddonManager.jsm
+++ b/toolkit/mozapps/extensions/AddonManager.jsm
@@ -23,6 +23,7 @@ const { AppConstants } = ChromeUtils.import(
const MOZ_COMPATIBILITY_NIGHTLY = ![
"aurora",
+ "alpha",
"beta",
"release",
"esr",
@@ -37,6 +38,7 @@ const PREF_EM_AUTOUPDATE_DEFAULT = "extensions.update.autoUpdateDefault";
const PREF_EM_STRICT_COMPATIBILITY = "extensions.strictCompatibility";
const PREF_EM_CHECK_UPDATE_SECURITY = "extensions.checkUpdateSecurity";
const PREF_SYS_ADDON_UPDATE_ENABLED = "extensions.systemAddon.update.enabled";
+const PREF_EM_LAST_TORBROWSER_VERSION = "extensions.lastTorBrowserVersion";
const PREF_MIN_WEBEXT_PLATFORM_VERSION =
"extensions.webExtensionsMinPlatformVersion";
@@ -700,6 +702,28 @@ var AddonManagerInternal = {
);
}
+ // To ensure that extension and plugin code gets a chance to run
+ // after each browser update, set appChanged = true when the
+ // Tor Browser version has changed even if the Mozilla app
+ // version has not changed.
+ let tbChanged = undefined;
+ try {
+ tbChanged = AppConstants.TOR_BROWSER_VERSION !=
+ Services.prefs.getCharPref(PREF_EM_LAST_TORBROWSER_VERSION);
+ }
+ catch (e) { }
+ if (tbChanged !== false) {
+ // Because PREF_EM_LAST_TORBROWSER_VERSION was not present in older
+ // versions of Tor Browser, an app change is indicated when tbChanged
+ // is undefined or true.
+ if (appChanged === false) {
+ appChanged = true;
+ }
+
+ Services.prefs.setCharPref(PREF_EM_LAST_TORBROWSER_VERSION,
+ AppConstants.TOR_BROWSER_VERSION);
+ }
+
if (!MOZ_COMPATIBILITY_NIGHTLY) {
PREF_EM_CHECK_COMPATIBILITY =
PREF_EM_CHECK_COMPATIBILITY_BASE +
diff --git a/toolkit/mozapps/extensions/test/browser/head.js b/toolkit/mozapps/extensions/test/browser/head.js
index cc008aff2481..6e1b3ba454d1 100644
--- a/toolkit/mozapps/extensions/test/browser/head.js
+++ b/toolkit/mozapps/extensions/test/browser/head.js
@@ -43,6 +43,7 @@ var PREF_CHECK_COMPATIBILITY;
var channel = Services.prefs.getCharPref("app.update.channel", "default");
if (
channel != "aurora" &&
+ channel != "alpha" &&
channel != "beta" &&
channel != "release" &&
channel != "esr"
diff --git a/toolkit/mozapps/extensions/test/xpcshell/head_addons.js b/toolkit/mozapps/extensions/test/xpcshell/head_addons.js
index 70cfa3bf6f78..4884ed7897ce 100644
--- a/toolkit/mozapps/extensions/test/xpcshell/head_addons.js
+++ b/toolkit/mozapps/extensions/test/xpcshell/head_addons.js
@@ -390,6 +390,7 @@ function isNightlyChannel() {
return (
channel != "aurora" &&
+ channel != "alpha" &&
channel != "beta" &&
channel != "release" &&
channel != "esr"
diff --git a/toolkit/mozapps/update/UpdateService.jsm b/toolkit/mozapps/update/UpdateService.jsm
index 47843d17b979..bb7c1f852395 100644
--- a/toolkit/mozapps/update/UpdateService.jsm
+++ b/toolkit/mozapps/update/UpdateService.jsm
@@ -32,11 +32,15 @@ XPCOMUtils.defineLazyModuleGetters(this, {
AddonManager: "resource://gre/modules/AddonManager.jsm",
AsyncShutdown: "resource://gre/modules/AsyncShutdown.jsm",
CertUtils: "resource://gre/modules/CertUtils.jsm",
+#ifdef XP_WIN
ctypes: "resource://gre/modules/ctypes.jsm",
+#endif
DeferredTask: "resource://gre/modules/DeferredTask.jsm",
setTimeout: "resource://gre/modules/Timer.jsm",
UpdateUtils: "resource://gre/modules/UpdateUtils.jsm",
+#if !defined(TOR_BROWSER_UPDATE)
WindowsRegistry: "resource://gre/modules/WindowsRegistry.jsm",
+#endif
});
const UPDATESERVICE_CID = Components.ID(
@@ -461,6 +465,7 @@ function testWriteAccess(updateTestFile, createDirectory) {
updateTestFile.remove(false);
}
+#ifdef XP_WIN
/**
* Windows only function that closes a Win32 handle.
*
@@ -553,6 +558,7 @@ function getPerInstallationMutexName(aGlobal = true) {
(aGlobal ? "Global\\" : "") + "MozillaUpdateMutex-" + hasher.finish(true)
);
}
+#endif
/**
* Whether or not the current instance has the update mutex. The update mutex
@@ -563,6 +569,7 @@ function getPerInstallationMutexName(aGlobal = true) {
* @return true if this instance holds the update mutex
*/
function hasUpdateMutex() {
+#ifdef XP_WIN
if (AppConstants.platform != "win") {
return true;
}
@@ -570,6 +577,9 @@ function hasUpdateMutex() {
gUpdateMutexHandle = createMutex(getPerInstallationMutexName(true), false);
}
return !!gUpdateMutexHandle;
+#else
+ return true;
+#endif
}
/**
@@ -600,6 +610,11 @@ function areDirectoryEntriesWriteable(aDir) {
* @return true if elevation is required, false otherwise
*/
function getElevationRequired() {
+#if defined(TOR_BROWSER_UPDATE)
+ // To avoid potential security holes associated with running the updater
+ // process with elevated privileges, Tor Browser does not support elevation.
+ return false;
+#else
if (AppConstants.platform != "macosx") {
return false;
}
@@ -634,6 +649,7 @@ function getElevationRequired() {
"not required"
);
return false;
+#endif
}
/**
@@ -683,6 +699,7 @@ function getCanApplyUpdates() {
return false;
}
+#if !defined(TOR_BROWSER_UPDATE)
if (AppConstants.platform == "macosx") {
LOG(
"getCanApplyUpdates - bypass the write since elevation can be used " +
@@ -698,6 +715,7 @@ function getCanApplyUpdates() {
);
return true;
}
+#endif
try {
if (AppConstants.platform == "win") {
@@ -1495,6 +1513,9 @@ function handleUpdateFailure(update, errorCode) {
cancelations++;
Services.prefs.setIntPref(PREF_APP_UPDATE_CANCELATIONS, cancelations);
if (AppConstants.platform == "macosx") {
+#if defined(TOR_BROWSER_UPDATE)
+ cleanupActiveUpdate();
+#else
let osxCancelations = Services.prefs.getIntPref(
PREF_APP_UPDATE_CANCELATIONS_OSX,
0
@@ -1518,6 +1539,7 @@ function handleUpdateFailure(update, errorCode) {
(update.state = STATE_PENDING_ELEVATE)
);
}
+#endif
update.statusText = gUpdateBundle.GetStringFromName("elevationFailure");
} else {
writeStatusFile(getReadyUpdateDir(), (update.state = STATE_PENDING));
@@ -2112,7 +2134,26 @@ function Update(update) {
this._patches.push(patch);
}
- if (!this._patches.length && !update.hasAttribute("unsupported")) {
+ if (update.hasAttribute("unsupported")) {
+ this.unsupported = ("true" == update.getAttribute("unsupported"));
+ } else if (update.hasAttribute("minSupportedOSVersion")) {
+ let minOSVersion = update.getAttribute("minSupportedOSVersion");
+ try {
+ let osVersion = Services.sysinfo.getProperty("version");
+ this.unsupported = (Services.vc.compare(osVersion, minOSVersion) < 0);
+ } catch (e) {}
+ }
+ if (!this.unsupported && update.hasAttribute("minSupportedInstructionSet")) {
+ let minInstructionSet = update.getAttribute("minSupportedInstructionSet");
+ if (['MMX', 'SSE', 'SSE2', 'SSE3',
+ 'SSE4A', 'SSE4_1', 'SSE4_2'].indexOf(minInstructionSet) >= 0) {
+ try {
+ this.unsupported = !Services.sysinfo.getProperty("has" + minInstructionSet);
+ } catch (e) {}
+ }
+ }
+
+ if (!this._patches.length && !this.unsupported) {
throw Components.Exception("", Cr.NS_ERROR_ILLEGAL_VALUE);
}
@@ -2150,9 +2191,7 @@ function Update(update) {
if (!isNaN(attr.value)) {
this.promptWaitTime = parseInt(attr.value);
}
- } else if (attr.name == "unsupported") {
- this.unsupported = attr.value == "true";
- } else {
+ } else if (attr.name != "unsupported") {
switch (attr.name) {
case "appVersion":
case "buildID":
@@ -2177,7 +2216,11 @@ function Update(update) {
}
if (!this.previousAppVersion) {
+#ifdef TOR_BROWSER_UPDATE
+ this.previousAppVersion = AppConstants.TOR_BROWSER_VERSION;
+#else
this.previousAppVersion = Services.appinfo.version;
+#endif
}
if (!this.elevationFailure) {
@@ -2560,6 +2603,7 @@ UpdateService.prototype = {
Services.obs.removeObserver(this, topic);
Services.prefs.removeObserver(PREF_APP_UPDATE_LOG, this);
+#ifdef XP_WIN
if (AppConstants.platform == "win" && gUpdateMutexHandle) {
// If we hold the update mutex, let it go!
// The OS would clean this up sometime after shutdown,
@@ -2567,6 +2611,7 @@ UpdateService.prototype = {
closeHandle(gUpdateMutexHandle);
gUpdateMutexHandle = null;
}
+#endif
if (this._retryTimer) {
this._retryTimer.cancel();
}
@@ -2592,6 +2637,7 @@ UpdateService.prototype = {
}
break;
case "test-close-handle-update-mutex":
+#ifdef XP_WIN
if (Cu.isInAutomation) {
if (AppConstants.platform == "win" && gUpdateMutexHandle) {
LOG("UpdateService:observe - closing mutex handle for testing");
@@ -2599,6 +2645,7 @@ UpdateService.prototype = {
gUpdateMutexHandle = null;
}
}
+#endif
break;
}
},
@@ -2630,6 +2677,9 @@ UpdateService.prototype = {
return;
}
gUpdateFileWriteInfo = { phase: "startup", failure: false };
+#if defined(TOR_BROWSER_UPDATE) && !defined(XP_MACOSX)
+ this._removeOrphanedTorBrowserFiles();
+#endif
if (!this.canCheckForUpdates) {
LOG(
"UpdateService:_postUpdateProcessing - unable to check for " +
@@ -2941,6 +2991,42 @@ UpdateService.prototype = {
}
},
+#if defined(TOR_BROWSER_UPDATE) && !defined(XP_MACOSX)
+ /**
+ * When updating from an earlier version to Tor Browser 6.0 or later, old
+ * update info files are left behind on Linux and Windows. Remove them.
+ */
+ _removeOrphanedTorBrowserFiles: function AUS__removeOrphanedTorBrowserFiles() {
+ try {
+ let oldUpdateInfoDir = getAppBaseDir(); // aka the Browser directory.
+
+#ifdef XP_WIN
+ // On Windows, the updater files were stored under
+ // Browser/TorBrowser/Data/Browser/Caches/firefox/
+ oldUpdateInfoDir.appendRelativePath(
+ "TorBrowser\\Data\\Browser\\Caches\\firefox");
+#endif
+
+ // Remove the updates directory.
+ let updatesDir = oldUpdateInfoDir.clone();
+ updatesDir.append("updates");
+ if (updatesDir.exists() && updatesDir.isDirectory()) {
+ updatesDir.remove(true);
+ }
+
+ // Remove files: active-update.xml and updates.xml
+ let filesToRemove = [ "active-update.xml", "updates.xml" ];
+ filesToRemove.forEach(function(aFileName) {
+ let f = oldUpdateInfoDir.clone();
+ f.append(aFileName);
+ if (f.exists()) {
+ f.remove(false);
+ }
+ });
+ } catch (e) {}
+ },
+#endif
+
/**
* Register an observer when the network comes online, so we can short-circuit
* the app.update.interval when there isn't connectivity
@@ -3347,9 +3433,14 @@ UpdateService.prototype = {
updates.forEach(function(aUpdate) {
// Ignore updates for older versions of the application and updates for
// the same version of the application with the same build ID.
- if (
- vc.compare(aUpdate.appVersion, Services.appinfo.version) < 0 ||
- (vc.compare(aUpdate.appVersion, Services.appinfo.version) == 0 &&
+#ifdef TOR_BROWSER_UPDATE
+ let compatVersion = AppConstants.TOR_BROWSER_VERSION;
+#else
+ let compatVersion = Services.appinfo.version;
+#endif
+ let rc = vc.compare(aUpdate.appVersion, compatVersion);
+ if (rc < 0 ||
+ (rc == 0 &&
aUpdate.buildID == Services.appinfo.appBuildID)
) {
LOG(
@@ -3758,20 +3849,32 @@ UpdateService.prototype = {
// build ID. If we already have an update ready, we want to apply those
// same checks against the version of the ready update, so that we don't
// download an update that isn't newer than the one we already have.
+#ifdef TOR_BROWSER_UPDATE
+ let compatVersion = AppConstants.TOR_BROWSER_VERSION;
+#else
+ let compatVersion = Services.appinfo.version;
+#endif
if (
updateIsAtLeastAsOldAs(
update,
- Services.appinfo.version,
+ compatVersion,
Services.appinfo.appBuildID
)
) {
LOG(
"UpdateService:downloadUpdate - canceling download of update since " +
"it is for an earlier or same application version and build ID.\n" +
+#ifdef TOR_BROWSER_UPDATE
+ "current Tor Browser version: " +
+ compatVersion +
+ "\n" +
+ "update Tor Browser version : " +
+#else
"current application version: " +
- Services.appinfo.version +
+ compatVersion +
"\n" +
"update application version : " +
+#endif
update.appVersion +
"\n" +
"current build ID: " +
@@ -4434,6 +4537,7 @@ Checker.prototype = {
*/
_callback: null,
+#if !defined(TOR_BROWSER_UPDATE)
_getCanMigrate: function UC__getCanMigrate() {
if (AppConstants.platform != "win") {
return false;
@@ -4503,6 +4607,7 @@ Checker.prototype = {
LOG("Checker:_getCanMigrate - no registry entries for this installation");
return false;
},
+#endif // !defined(TOR_BROWSER_UPDATE)
/**
* The URL of the update service XML file to connect to that contains details
@@ -4531,9 +4636,11 @@ Checker.prototype = {
url += (url.includes("?") ? "&" : "?") + "force=1";
}
+#if !defined(TOR_BROWSER_UPDATE)
if (this._getCanMigrate()) {
url += (url.includes("?") ? "&" : "?") + "mig64=1";
}
+#endif
LOG("Checker:getUpdateURL - update URL: " + url);
return url;
diff --git a/toolkit/mozapps/update/UpdateServiceStub.jsm b/toolkit/mozapps/update/UpdateServiceStub.jsm
index 3535131daa28..3ecfd97c8778 100644
--- a/toolkit/mozapps/update/UpdateServiceStub.jsm
+++ b/toolkit/mozapps/update/UpdateServiceStub.jsm
@@ -78,8 +78,12 @@ function UpdateServiceStub() {
// contains the status file's path
// We may need to migrate update data
+ // In Tor Browser we skip this because we do not use an update agent and we
+ // do not want to store any data outside of the browser installation directory.
+ // For more info, see https://bugzilla.mozilla.org/show_bug.cgi?id=1458314
if (
AppConstants.platform == "win" &&
+ !AppConstants.TOR_BROWSER_UPDATE &&
!Services.prefs.getBoolPref(prefUpdateDirMigrated, false)
) {
migrateUpdateDirectory();
diff --git a/toolkit/mozapps/update/common/updatehelper.cpp b/toolkit/mozapps/update/common/updatehelper.cpp
index b094d9eb75e9..c825d3c1ea8e 100644
--- a/toolkit/mozapps/update/common/updatehelper.cpp
+++ b/toolkit/mozapps/update/common/updatehelper.cpp
@@ -66,6 +66,13 @@ BOOL PathGetSiblingFilePath(LPWSTR destinationBuffer, LPCWSTR siblingFilePath,
* @return TRUE if successful
*/
BOOL GetSecureOutputDirectoryPath(LPWSTR outBuf) {
+#ifdef TOR_BROWSER_UPDATE
+ // This function is used to support the maintenance service and elevated
+ // updates and is therefore not called by Tor Browser's updater. We stub
+ // it out to avoid any chance that the Tor Browser updater will create
+ // files under C:\Program Files (x86)\ or a similar location.
+ return FALSE;
+#else
PWSTR progFilesX86;
if (FAILED(SHGetKnownFolderPath(FOLDERID_ProgramFilesX86, KF_FLAG_CREATE,
nullptr, &progFilesX86))) {
@@ -99,6 +106,7 @@ BOOL GetSecureOutputDirectoryPath(LPWSTR outBuf) {
}
return TRUE;
+#endif
}
/**
diff --git a/toolkit/mozapps/update/moz.build b/toolkit/mozapps/update/moz.build
index 1852712b3cee..4ec06e6341ab 100644
--- a/toolkit/mozapps/update/moz.build
+++ b/toolkit/mozapps/update/moz.build
@@ -22,11 +22,14 @@ EXTRA_COMPONENTS += [
EXTRA_JS_MODULES += [
"UpdateListener.jsm",
- "UpdateService.jsm",
"UpdateServiceStub.jsm",
"UpdateTelemetry.jsm",
]
+EXTRA_PP_JS_MODULES += [
+ "UpdateService.jsm",
+]
+
XPCOM_MANIFESTS += [
"components.conf",
]
diff --git a/toolkit/mozapps/update/updater/launchchild_osx.mm b/toolkit/mozapps/update/updater/launchchild_osx.mm
index 3074c0da065b..a48318ece4c3 100644
--- a/toolkit/mozapps/update/updater/launchchild_osx.mm
+++ b/toolkit/mozapps/update/updater/launchchild_osx.mm
@@ -372,6 +372,7 @@ bool ObtainUpdaterArguments(int* argc, char*** argv) {
@end
+#ifndef TOR_BROWSER_UPDATE
bool ServeElevatedUpdate(int argc, const char** argv) {
MacAutoreleasePool pool;
@@ -387,6 +388,7 @@ bool ServeElevatedUpdate(int argc, const char** argv) {
[updater release];
return didSucceed;
}
+#endif
bool IsOwnedByGroupAdmin(const char* aAppBundle) {
MacAutoreleasePool pool;
diff --git a/toolkit/mozapps/update/updater/moz.build b/toolkit/mozapps/update/updater/moz.build
index 40d7a77a6b62..ac7f82a4f9ad 100644
--- a/toolkit/mozapps/update/updater/moz.build
+++ b/toolkit/mozapps/update/updater/moz.build
@@ -51,7 +51,7 @@ xpcshell_cert.script = "gen_cert_header.py:create_header"
dep1_cert.script = "gen_cert_header.py:create_header"
dep2_cert.script = "gen_cert_header.py:create_header"
-if CONFIG["MOZ_UPDATE_CHANNEL"] in ("beta", "release", "esr"):
+if CONFIG["MOZ_UPDATE_CHANNEL"] in ("alpha", "beta", "release", "esr"):
primary_cert.inputs += ["release_primary.der"]
secondary_cert.inputs += ["release_secondary.der"]
elif CONFIG["MOZ_UPDATE_CHANNEL"] in (
diff --git a/toolkit/mozapps/update/updater/updater.cpp b/toolkit/mozapps/update/updater/updater.cpp
index a04227d7b99e..226354d5e753 100644
--- a/toolkit/mozapps/update/updater/updater.cpp
+++ b/toolkit/mozapps/update/updater/updater.cpp
@@ -16,7 +16,7 @@
* updatev3.manifest
* -----------------
* method = "add" | "add-if" | "add-if-not" | "patch" | "patch-if" |
- * "remove" | "rmdir" | "rmrfdir" | type
+ * "remove" | "rmdir" | "rmrfdir" | "addsymlink" | type
*
* 'add-if-not' adds a file if it doesn't exist.
*
@@ -78,7 +78,9 @@ bool IsRecursivelyWritable(const char* aPath);
void LaunchChild(int argc, const char** argv);
void LaunchMacPostProcess(const char* aAppBundle);
bool ObtainUpdaterArguments(int* argc, char*** argv);
+# ifndef TOR_BROWSER_UPDATE
bool ServeElevatedUpdate(int argc, const char** argv);
+# endif
void SetGroupOwnershipAndPermissions(const char* aAppBundle);
struct UpdateServerThreadArgs {
int argc;
@@ -478,9 +480,12 @@ static const NS_tchar* get_relative_path(const NS_tchar* fullpath) {
* The line from the manifest that contains the path.
* @param isdir
* Whether the path is a directory path. Defaults to false.
+ * @param islinktarget
+ * Whether the path is a symbolic link target. Defaults to false.
* @return valid filesystem path or nullptr if the path checks fail.
*/
-static NS_tchar* get_valid_path(NS_tchar** line, bool isdir = false) {
+static NS_tchar* get_valid_path(NS_tchar** line, bool isdir = false,
+ bool islinktarget = false) {
NS_tchar* path = mstrtok(kQuote, line);
if (!path) {
LOG(("get_valid_path: unable to determine path: " LOG_S, *line));
@@ -516,10 +521,12 @@ static NS_tchar* get_valid_path(NS_tchar** line, bool isdir = false) {
path[NS_tstrlen(path) - 1] = NS_T('\0');
}
- // Don't allow relative paths that resolve to a parent directory.
- if (NS_tstrstr(path, NS_T("..")) != nullptr) {
- LOG(("get_valid_path: paths must not contain '..': " LOG_S, path));
- return nullptr;
+ if (!islinktarget) {
+ // Don't allow relative paths that resolve to a parent directory.
+ if (NS_tstrstr(path, NS_T("..")) != nullptr) {
+ LOG(("get_valid_path: paths must not contain '..': " LOG_S, path));
+ return nullptr;
+ }
}
return path;
@@ -559,7 +566,7 @@ static void ensure_write_permissions(const NS_tchar* path) {
(void)_wchmod(path, _S_IREAD | _S_IWRITE);
#else
struct stat fs;
- if (!stat(path, &fs) && !(fs.st_mode & S_IWUSR)) {
+ if (!lstat(path, &fs) && !S_ISLNK(fs.st_mode) && !(fs.st_mode & S_IWUSR)) {
(void)chmod(path, fs.st_mode | S_IWUSR);
}
#endif
@@ -746,11 +753,9 @@ static int ensure_copy(const NS_tchar* path, const NS_tchar* dest) {
return READ_ERROR;
}
-# ifdef XP_UNIX
if (S_ISLNK(ss.st_mode)) {
return ensure_copy_symlink(path, dest);
}
-# endif
AutoFile infile(ensure_open(path, NS_T("rb"), ss.st_mode));
if (!infile) {
@@ -837,12 +842,19 @@ static int ensure_copy_recursive(const NS_tchar* path, const NS_tchar* dest,
return READ_ERROR;
}
-#ifdef XP_UNIX
+#ifndef XP_WIN
if (S_ISLNK(sInfo.st_mode)) {
return ensure_copy_symlink(path, dest);
}
#endif
+#ifdef XP_UNIX
+ // Ignore Unix domain sockets. See #20691.
+ if (S_ISSOCK(sInfo.st_mode)) {
+ return 0;
+ }
+#endif
+
if (!S_ISDIR(sInfo.st_mode)) {
return ensure_copy(path, dest);
}
@@ -899,7 +911,7 @@ static int rename_file(const NS_tchar* spath, const NS_tchar* dpath,
}
struct NS_tstat_t spathInfo;
- rv = NS_tstat(spath, &spathInfo);
+ rv = NS_tlstat(spath, &spathInfo); // Get info about file or symlink.
if (rv) {
LOG(("rename_file: failed to read file status info: " LOG_S ", "
"err: %d",
@@ -907,7 +919,12 @@ static int rename_file(const NS_tchar* spath, const NS_tchar* dpath,
return READ_ERROR;
}
- if (!S_ISREG(spathInfo.st_mode)) {
+#ifdef XP_WIN
+ if (!S_ISREG(spathInfo.st_mode))
+#else
+ if (!S_ISREG(spathInfo.st_mode) && !S_ISLNK(spathInfo.st_mode))
+#endif
+ {
if (allowDirs && !S_ISDIR(spathInfo.st_mode)) {
LOG(("rename_file: path present, but not a file: " LOG_S ", err: %d",
spath, errno));
@@ -916,7 +933,12 @@ static int rename_file(const NS_tchar* spath, const NS_tchar* dpath,
LOG(("rename_file: proceeding to rename the directory"));
}
- if (!NS_taccess(dpath, F_OK)) {
+#ifdef XP_WIN
+ if (!NS_taccess(dpath, F_OK))
+#else
+ if (!S_ISLNK(spathInfo.st_mode) && !NS_taccess(dpath, F_OK))
+#endif
+ {
if (ensure_remove(dpath)) {
LOG(
("rename_file: destination file exists and could not be "
@@ -936,7 +958,7 @@ static int rename_file(const NS_tchar* spath, const NS_tchar* dpath,
return OK;
}
-#ifdef XP_WIN
+#if defined(XP_WIN) && !defined(TOR_BROWSER_UPDATE)
// Remove the directory pointed to by path and all of its files and
// sub-directories. If a file is in use move it to the tobedeleted directory
// and attempt to schedule removal of the file on reboot
@@ -1035,7 +1057,19 @@ static int backup_restore(const NS_tchar* path, const NS_tchar* relPath) {
NS_tsnprintf(relBackup, sizeof(relBackup) / sizeof(relBackup[0]),
NS_T("%s") BACKUP_EXT, relPath);
- if (NS_taccess(backup, F_OK)) {
+ bool isLink = false;
+#ifndef XP_WIN
+ struct stat linkInfo;
+ int rv = lstat(backup, &linkInfo);
+ if (rv) {
+ LOG(("backup_restore: cannot get info for backup file: " LOG_S ", err: %d",
+ relBackup, errno));
+ return OK;
+ }
+ isLink = S_ISLNK(linkInfo.st_mode);
+#endif
+
+ if (!isLink && NS_taccess(backup, F_OK)) {
LOG(("backup_restore: backup file doesn't exist: " LOG_S, relBackup));
return OK;
}
@@ -1053,8 +1087,18 @@ static int backup_discard(const NS_tchar* path, const NS_tchar* relPath) {
NS_tsnprintf(relBackup, sizeof(relBackup) / sizeof(relBackup[0]),
NS_T("%s") BACKUP_EXT, relPath);
+ bool isLink = false;
+#ifndef XP_WIN
+ struct stat linkInfo;
+ int rv2 = lstat(backup, &linkInfo);
+ if (rv2) {
+ return OK; // File does not exist; nothing to do.
+ }
+ isLink = S_ISLNK(linkInfo.st_mode);
+#endif
+
// Nothing to discard
- if (NS_taccess(backup, F_OK)) {
+ if (!isLink && NS_taccess(backup, F_OK)) {
return OK;
}
@@ -1069,6 +1113,8 @@ static int backup_discard(const NS_tchar* path, const NS_tchar* relPath) {
relBackup, relPath));
return WRITE_ERROR_DELETE_BACKUP;
}
+
+# if !defined(TOR_BROWSER_UPDATE)
// The MoveFileEx call to remove the file on OS reboot will fail if the
// process doesn't have write access to the HKEY_LOCAL_MACHINE registry key
// but this is ok since the installer / uninstaller will delete the
@@ -1085,6 +1131,7 @@ static int backup_discard(const NS_tchar* path, const NS_tchar* relPath) {
"file: " LOG_S,
relPath));
}
+# endif
}
#else
if (rv) {
@@ -1139,7 +1186,7 @@ class Action {
class RemoveFile : public Action {
public:
- RemoveFile() : mSkip(0) {}
+ RemoveFile() : mSkip(0), mIsLink(0) {}
int Parse(NS_tchar* line) override;
int Prepare() override;
@@ -1150,6 +1197,7 @@ class RemoveFile : public Action {
mozilla::UniquePtr<NS_tchar[]> mFile;
mozilla::UniquePtr<NS_tchar[]> mRelPath;
int mSkip;
+ int mIsLink;
};
int RemoveFile::Parse(NS_tchar* line) {
@@ -1172,28 +1220,39 @@ int RemoveFile::Parse(NS_tchar* line) {
}
int RemoveFile::Prepare() {
- // Skip the file if it already doesn't exist.
- int rv = NS_taccess(mFile.get(), F_OK);
- if (rv) {
- mSkip = 1;
- mProgressCost = 0;
- return OK;
+ int rv;
+#ifndef XP_WIN
+ struct stat linkInfo;
+ rv = lstat(mFile.get(), &linkInfo);
+ mIsLink = ((0 == rv) && S_ISLNK(linkInfo.st_mode));
+#endif
+
+ if (!mIsLink) {
+ // Skip the file if it already doesn't exist.
+ rv = NS_taccess(mFile.get(), F_OK);
+ if (rv) {
+ mSkip = 1;
+ mProgressCost = 0;
+ return OK;
+ }
}
LOG(("PREPARE REMOVEFILE " LOG_S, mRelPath.get()));
- // Make sure that we're actually a file...
- struct NS_tstat_t fileInfo;
- rv = NS_tstat(mFile.get(), &fileInfo);
- if (rv) {
- LOG(("failed to read file status info: " LOG_S ", err: %d", mFile.get(),
- errno));
- return READ_ERROR;
- }
+ if (!mIsLink) {
+ // Make sure that we're actually a file...
+ struct NS_tstat_t fileInfo;
+ rv = NS_tstat(mFile.get(), &fileInfo);
+ if (rv) {
+ LOG(("failed to read file status info: " LOG_S ", err: %d", mFile.get(),
+ errno));
+ return READ_ERROR;
+ }
- if (!S_ISREG(fileInfo.st_mode)) {
- LOG(("path present, but not a file: " LOG_S, mFile.get()));
- return DELETE_ERROR_EXPECTED_FILE;
+ if (!S_ISREG(fileInfo.st_mode)) {
+ LOG(("path present, but not a file: " LOG_S, mFile.get()));
+ return DELETE_ERROR_EXPECTED_FILE;
+ }
}
NS_tchar* slash = (NS_tchar*)NS_tstrrchr(mFile.get(), NS_T('/'));
@@ -1222,7 +1281,13 @@ int RemoveFile::Execute() {
// The file is checked for existence here and in Prepare since it might have
// been removed by a separate instruction: bug 311099.
- int rv = NS_taccess(mFile.get(), F_OK);
+ int rv = 0;
+ if (mIsLink) {
+ struct NS_tstat_t linkInfo;
+ rv = NS_tlstat(mFile.get(), &linkInfo);
+ } else {
+ rv = NS_taccess(mFile.get(), F_OK);
+ }
if (rv) {
LOG(("file cannot be removed because it does not exist; skipping"));
mSkip = 1;
@@ -1945,6 +2010,92 @@ void PatchIfFile::Finish(int status) {
PatchFile::Finish(status);
}
+#ifndef XP_WIN
+class AddSymlink : public Action {
+ public:
+ AddSymlink() : mAdded(false) {}
+
+ virtual int Parse(NS_tchar* line);
+ virtual int Prepare();
+ virtual int Execute();
+ virtual void Finish(int status);
+
+ private:
+ mozilla::UniquePtr<NS_tchar[]> mLinkPath;
+ mozilla::UniquePtr<NS_tchar[]> mRelPath;
+ mozilla::UniquePtr<NS_tchar[]> mTarget;
+ bool mAdded;
+};
+
+int AddSymlink::Parse(NS_tchar* line) {
+ // format "<linkname>" "target"
+
+ NS_tchar* validPath = get_valid_path(&line);
+ if (!validPath) return PARSE_ERROR;
+
+ mRelPath = mozilla::MakeUnique<NS_tchar[]>(MAXPATHLEN);
+ NS_tstrcpy(mRelPath.get(), validPath);
+ mLinkPath.reset(get_full_path(validPath));
+ if (!mLinkPath) {
+ return PARSE_ERROR;
+ }
+
+ // consume whitespace between args
+ NS_tchar* q = mstrtok(kQuote, &line);
+ if (!q) return PARSE_ERROR;
+
+ validPath = get_valid_path(&line, false, true);
+ if (!validPath) return PARSE_ERROR;
+
+ mTarget = mozilla::MakeUnique<NS_tchar[]>(MAXPATHLEN);
+ NS_tstrcpy(mTarget.get(), validPath);
+
+ return OK;
+}
+
+int AddSymlink::Prepare() {
+ LOG(("PREPARE ADDSYMLINK " LOG_S " -> " LOG_S, mRelPath.get(),
+ mTarget.get()));
+
+ return OK;
+}
+
+int AddSymlink::Execute() {
+ LOG(("EXECUTE ADDSYMLINK " LOG_S " -> " LOG_S, mRelPath.get(),
+ mTarget.get()));
+
+ // First make sure that we can actually get rid of any existing file or link.
+ struct stat linkInfo;
+ int rv = lstat(mLinkPath.get(), &linkInfo);
+ if ((0 == rv) && !S_ISLNK(linkInfo.st_mode)) {
+ rv = NS_taccess(mLinkPath.get(), F_OK);
+ }
+ if (rv == 0) {
+ rv = backup_create(mLinkPath.get());
+ if (rv) return rv;
+ } else {
+ rv = ensure_parent_dir(mLinkPath.get());
+ if (rv) return rv;
+ }
+
+ // Create the link.
+ rv = symlink(mTarget.get(), mLinkPath.get());
+ if (!rv) {
+ mAdded = true;
+ }
+
+ return rv;
+}
+
+void AddSymlink::Finish(int status) {
+ LOG(("FINISH ADDSYMLINK " LOG_S " -> " LOG_S, mRelPath.get(), mTarget.get()));
+ // When there is an update failure and a link has been added it is removed
+ // here since there might not be a backup to replace it.
+ if (status && mAdded) NS_tremove(mLinkPath.get());
+ backup_finish(mLinkPath.get(), mRelPath.get(), status);
+}
+#endif
+
//-----------------------------------------------------------------------------
#ifdef XP_WIN
@@ -2267,14 +2418,29 @@ static bool IsSecureUpdateStatusSucceeded(bool& isSucceeded) {
*/
static int CopyInstallDirToDestDir() {
// These files should not be copied over to the updated app
-#ifdef XP_WIN
-# define SKIPLIST_COUNT 3
-#elif XP_MACOSX
-# define SKIPLIST_COUNT 0
+#if defined(TOR_BROWSER_UPDATE) && !defined(TOR_BROWSER_DATA_OUTSIDE_APP_DIR)
+# ifdef XP_WIN
+# define SKIPLIST_COUNT 6
+# else
+# define SKIPLIST_COUNT 5
+# endif
#else
-# define SKIPLIST_COUNT 2
+# ifdef XP_WIN
+# define SKIPLIST_COUNT 3
+# elif XP_MACOSX
+# define SKIPLIST_COUNT 0
+# else
+# define SKIPLIST_COUNT 2
+# endif
#endif
copy_recursive_skiplist<SKIPLIST_COUNT> skiplist;
+#if defined(TOR_BROWSER_UPDATE) && !defined(TOR_BROWSER_DATA_OUTSIDE_APP_DIR)
+# ifdef XP_MACOSX
+ skiplist.append(0, gInstallDirPath, NS_T("Updated.app"));
+ skiplist.append(1, gInstallDirPath, NS_T("TorBrowser/UpdateInfo/updates/0"));
+# endif
+#endif
+
#ifndef XP_MACOSX
skiplist.append(0, gInstallDirPath, NS_T("updated"));
skiplist.append(1, gInstallDirPath, NS_T("updates/0"));
@@ -2283,6 +2449,19 @@ static int CopyInstallDirToDestDir() {
# endif
#endif
+#if defined(TOR_BROWSER_UPDATE) && !defined(TOR_BROWSER_DATA_OUTSIDE_APP_DIR)
+# ifdef XP_WIN
+ skiplist.append(SKIPLIST_COUNT - 3, gInstallDirPath,
+ NS_T("TorBrowser/Data/Browser/profile.default/parent.lock"));
+# else
+ skiplist.append(SKIPLIST_COUNT - 3, gInstallDirPath,
+ NS_T("TorBrowser/Data/Browser/profile.default/.parentlock"));
+# endif
+
+ skiplist.append(SKIPLIST_COUNT - 1, gInstallDirPath,
+ NS_T("TorBrowser/Data/Tor/lock"));
+#endif
+
return ensure_copy_recursive(gInstallDirPath, gWorkingDirPath, skiplist);
}
@@ -2420,7 +2599,9 @@ static int ProcessReplaceRequest() {
if (NS_taccess(deleteDir, F_OK)) {
NS_tmkdir(deleteDir, 0755);
}
+# if !defined(TOR_BROWSER_UPDATE)
remove_recursive_on_reboot(tmpDir, deleteDir);
+# endif
#endif
}
@@ -2428,8 +2609,45 @@ static int ProcessReplaceRequest() {
// On OS X, we we need to remove the staging directory after its Contents
// directory has been moved.
NS_tchar updatedAppDir[MAXPATHLEN];
+# if defined(TOR_BROWSER_UPDATE) && !defined(TOR_BROWSER_DATA_OUTSIDE_APP_DIR)
+ NS_tsnprintf(updatedAppDir, sizeof(updatedAppDir) / sizeof(updatedAppDir[0]),
+ NS_T("%s/Updated.app"), gInstallDirPath);
+ // For Tor Browser on OS X, we also need to copy everything else that is
+ // inside Updated.app.
+ NS_tDIR* dir = NS_topendir(updatedAppDir);
+ if (dir) {
+ NS_tdirent* entry;
+ while ((entry = NS_treaddir(dir)) != 0) {
+ if (NS_tstrcmp(entry->d_name, NS_T(".")) &&
+ NS_tstrcmp(entry->d_name, NS_T(".."))) {
+ NS_tchar childSrcPath[MAXPATHLEN];
+ NS_tsnprintf(childSrcPath,
+ sizeof(childSrcPath) / sizeof(childSrcPath[0]),
+ NS_T("%s/%s"), updatedAppDir, entry->d_name);
+ NS_tchar childDstPath[MAXPATHLEN];
+ NS_tsnprintf(childDstPath,
+ sizeof(childDstPath) / sizeof(childDstPath[0]),
+ NS_T("%s/%s"), gInstallDirPath, entry->d_name);
+ ensure_remove_recursive(childDstPath);
+ rv = rename_file(childSrcPath, childDstPath, true);
+ if (rv) {
+ LOG(("Moving " LOG_S " to " LOG_S " failed, err: %d", childSrcPath,
+ childDstPath, errno));
+ }
+ }
+ }
+
+ NS_tclosedir(dir);
+ } else {
+ LOG(("Updated.app dir can't be found: " LOG_S ", err: %d", updatedAppDir,
+ errno));
+ }
+# else
NS_tsnprintf(updatedAppDir, sizeof(updatedAppDir) / sizeof(updatedAppDir[0]),
NS_T("%s/Updated.app"), gPatchDirPath);
+# endif
+
+ // Remove the Updated.app directory.
ensure_remove_recursive(updatedAppDir);
#endif
@@ -2603,11 +2821,15 @@ static void UpdateThreadFunc(void* param) {
#ifdef XP_MACOSX
static void ServeElevatedUpdateThreadFunc(void* param) {
+# ifdef TOR_BROWSER_UPDATE
+ WriteStatusFile(ELEVATION_CANCELED);
+# else
UpdateServerThreadArgs* threadArgs = (UpdateServerThreadArgs*)param;
gSucceeded = ServeElevatedUpdate(threadArgs->argc, threadArgs->argv);
if (!gSucceeded) {
WriteStatusFile(ELEVATION_CANCELED);
}
+# endif
QuitProgressUI();
}
@@ -2631,7 +2853,7 @@ int LaunchCallbackAndPostProcessApps(int argc, NS_tchar** argv,
#endif
) {
if (argc > callbackIndex) {
-#if defined(XP_WIN)
+#if defined(XP_WIN) && !defined(TOR_BROWSER_UPDATE)
if (gSucceeded) {
if (!LaunchWinPostProcess(gInstallDirPath, gPatchDirPath)) {
fprintf(stderr, "The post update process was not launched");
@@ -2686,8 +2908,12 @@ int NS_main(int argc, NS_tchar** argv) {
UmaskContext umaskContext(0);
bool isElevated =
+# ifdef TOR_BROWSER_UPDATE
+ false;
+# else
strstr(argv[0], "/Library/PrivilegedHelperTools/org.mozilla.updater") !=
0;
+# endif
if (isElevated) {
if (!ObtainUpdaterArguments(&argc, &argv)) {
// Won't actually get here because ObtainUpdaterArguments will terminate
@@ -3311,6 +3537,26 @@ int NS_main(int argc, NS_tchar** argv) {
// using the service is because we are testing.
if (!useService && !noServiceFallback &&
updateLockFileHandle == INVALID_HANDLE_VALUE) {
+# ifdef TOR_BROWSER_UPDATE
+# ifdef TOR_BROWSER_DATA_OUTSIDE_APP_DIR
+ // Because the TorBrowser-Data directory that contains the user's
+ // profile is a sibling of the Tor Browser installation directory,
+ // the user probably has permission to apply updates. Therefore, to
+ // avoid potential security issues such as CVE-2015-0833, do not
+ // attempt to elevate privileges. Instead, write a "failed" message
+ // to the update status file (this function will return immediately
+ // after the CloseHandle(elevatedFileHandle) call below).
+# else
+ // Because the user profile is contained within the Tor Browser
+ // installation directory, the user almost certainly has permission to
+ // apply updates. Therefore, to avoid potential security issues such
+ // as CVE-2015-0833, do not attempt to elevate privileges. Instead,
+ // write a "failed" message to the update status file (this function
+ // will return immediately after the CloseHandle(elevatedFileHandle)
+ // call below).
+# endif
+ WriteStatusFile(WRITE_ERROR_ACCESS_DENIED);
+# else
// Get the secure ID before trying to update so it is possible to
// determine if the updater has created a new one.
char uuidStringBefore[UUID_LEN] = {'\0'};
@@ -3356,6 +3602,7 @@ int NS_main(int argc, NS_tchar** argv) {
gCopyOutputFiles = false;
WriteStatusFile(ELEVATION_CANCELED);
}
+# endif
}
// If we started the elevated updater, and it finished, check the secure
@@ -3703,6 +3950,7 @@ int NS_main(int argc, NS_tchar** argv) {
if (!sStagedUpdate && !sReplaceRequest && _wrmdir(gDeleteDirPath)) {
LOG(("NS_main: unable to remove directory: " LOG_S ", err: %d", DELETE_DIR,
errno));
+# if !defined(TOR_BROWSER_UPDATE)
// The directory probably couldn't be removed due to it containing files
// that are in use and will be removed on OS reboot. The call to remove the
// directory on OS reboot is done after the calls to remove the files so the
@@ -3721,6 +3969,7 @@ int NS_main(int argc, NS_tchar** argv) {
"directory: " LOG_S,
DELETE_DIR));
}
+# endif
}
#endif /* XP_WIN */
@@ -4362,7 +4611,13 @@ int DoUpdate() {
action = new AddIfNotFile();
} else if (NS_tstrcmp(token, NS_T("patch-if")) == 0) { // Patch if exists
action = new PatchIfFile();
- } else {
+ }
+#ifndef XP_WIN
+ else if (NS_tstrcmp(token, NS_T("addsymlink")) == 0) {
+ action = new AddSymlink();
+ }
+#endif
+ else {
LOG(("DoUpdate: unknown token: " LOG_S, token));
free(buf);
return PARSE_ERROR;
diff --git a/toolkit/xre/MacLaunchHelper.h b/toolkit/xre/MacLaunchHelper.h
index f8dc75ee4d08..ce816acd83e2 100644
--- a/toolkit/xre/MacLaunchHelper.h
+++ b/toolkit/xre/MacLaunchHelper.h
@@ -17,7 +17,9 @@ extern "C" {
* pid of the terminated process to confirm that it executed successfully.
*/
void LaunchChildMac(int aArgc, char** aArgv, pid_t* aPid = 0);
+#ifndef TOR_BROWSER_UPDATE
bool LaunchElevatedUpdate(int aArgc, char** aArgv, pid_t* aPid = 0);
+#endif
}
#endif
diff --git a/toolkit/xre/MacLaunchHelper.mm b/toolkit/xre/MacLaunchHelper.mm
index ec570ffab124..da2917c2a99e 100644
--- a/toolkit/xre/MacLaunchHelper.mm
+++ b/toolkit/xre/MacLaunchHelper.mm
@@ -40,6 +40,7 @@ void LaunchChildMac(int aArgc, char** aArgv, pid_t* aPid) {
}
}
+#ifndef TOR_BROWSER_UPDATE
BOOL InstallPrivilegedHelper() {
AuthorizationRef authRef = NULL;
OSStatus status = AuthorizationCreate(
@@ -116,3 +117,4 @@ bool LaunchElevatedUpdate(int aArgc, char** aArgv, pid_t* aPid) {
}
return didSucceed;
}
+#endif
diff --git a/toolkit/xre/nsAppRunner.cpp b/toolkit/xre/nsAppRunner.cpp
index e762c64923a9..ceb143be1c86 100644
--- a/toolkit/xre/nsAppRunner.cpp
+++ b/toolkit/xre/nsAppRunner.cpp
@@ -3189,6 +3189,11 @@ static bool CheckCompatibility(nsIFile* aProfileDir, const nsCString& aVersion,
gLastAppBuildID.Assign(gAppData->buildID);
nsAutoCString buf;
+
+ nsAutoCString tbVersion(TOR_BROWSER_VERSION_QUOTED);
+ rv = parser.GetString("Compatibility", "LastTorBrowserVersion", buf);
+ if (NS_FAILED(rv) || !tbVersion.Equals(buf)) return false;
+
rv = parser.GetString("Compatibility", "LastOSABI", buf);
if (NS_FAILED(rv) || !aOSABI.Equals(buf)) return false;
@@ -3274,6 +3279,12 @@ static void WriteVersion(nsIFile* aProfileDir, const nsCString& aVersion,
PR_Write(fd, kHeader, sizeof(kHeader) - 1);
PR_Write(fd, aVersion.get(), aVersion.Length());
+ nsAutoCString tbVersion(TOR_BROWSER_VERSION_QUOTED);
+ static const char kTorBrowserVersionHeader[] =
+ NS_LINEBREAK "LastTorBrowserVersion=";
+ PR_Write(fd, kTorBrowserVersionHeader, sizeof(kTorBrowserVersionHeader) - 1);
+ PR_Write(fd, tbVersion.get(), tbVersion.Length());
+
static const char kOSABIHeader[] = NS_LINEBREAK "LastOSABI=";
PR_Write(fd, kOSABIHeader, sizeof(kOSABIHeader) - 1);
PR_Write(fd, aOSABI.get(), aOSABI.Length());
@@ -4679,8 +4690,17 @@ int XREMain::XRE_mainStartup(bool* aExitFlag) {
if (CheckArg("test-process-updates")) {
SaveToEnv("MOZ_TEST_PROCESS_UPDATES=1");
}
+# ifdef TOR_BROWSER_UPDATE
+ nsAutoCString compatVersion(TOR_BROWSER_VERSION_QUOTED);
+# endif
ProcessUpdates(mDirProvider.GetGREDir(), exeDir, updRoot, gRestartArgc,
- gRestartArgv, mAppData->version);
+ gRestartArgv,
+# ifdef TOR_BROWSER_UPDATE
+ compatVersion.get()
+# else
+ mAppData->version
+# endif
+ );
if (EnvHasValue("MOZ_TEST_PROCESS_UPDATES")) {
SaveToEnv("MOZ_TEST_PROCESS_UPDATES=");
*aExitFlag = true;
diff --git a/toolkit/xre/nsUpdateDriver.cpp b/toolkit/xre/nsUpdateDriver.cpp
index bd2d4d3e5937..4a4ad10a0aa5 100644
--- a/toolkit/xre/nsUpdateDriver.cpp
+++ b/toolkit/xre/nsUpdateDriver.cpp
@@ -163,6 +163,13 @@ static nsresult GetInstallDirPath(nsIFile* appDir, nsACString& installDirPath) {
return NS_OK;
}
+#ifdef DEBUG
+static void dump_argv(const char* aPrefix, char** argv, int argc) {
+ printf("%s - %d args\n", aPrefix, argc);
+ for (int i = 0; i < argc; ++i) printf(" %d: %s\n", i, argv[i]);
+}
+#endif
+
static bool GetFile(nsIFile* dir, const nsACString& name,
nsCOMPtr<nsIFile>& result) {
nsresult rv;
@@ -224,6 +231,34 @@ typedef enum {
eAppliedService,
} UpdateStatus;
+#ifdef DEBUG
+static const char* UpdateStatusToString(UpdateStatus aStatus) {
+ const char* rv = "unknown";
+ switch (aStatus) {
+ case eNoUpdateAction:
+ rv = "NoUpdateAction";
+ break;
+ case ePendingUpdate:
+ rv = "PendingUpdate";
+ break;
+ case ePendingService:
+ rv = "PendingService";
+ break;
+ case ePendingElevate:
+ rv = "PendingElevate";
+ break;
+ case eAppliedUpdate:
+ rv = "AppliedUpdate";
+ break;
+ case eAppliedService:
+ rv = "AppliedService";
+ break;
+ }
+
+ return rv;
+}
+#endif
+
/**
* Returns a value indicating what needs to be done in order to handle an
* update.
@@ -296,9 +331,39 @@ static bool IsOlderVersion(nsIFile* versionFile, const char* appVersion) {
return false;
}
+#ifdef DEBUG
+ printf("IsOlderVersion checking appVersion %s against updateVersion %s\n",
+ appVersion, buf);
+#endif
+
return mozilla::Version(appVersion) > buf;
}
+#ifndef TOR_BROWSER_DATA_OUTSIDE_APP_DIR
+# if defined(TOR_BROWSER_UPDATE) && defined(XP_MACOSX)
+static nsresult GetUpdateDirFromAppDir(nsIFile* aAppDir, nsIFile** aResult) {
+ // On Mac OSX, we stage the update to an Updated.app directory that is
+ // directly below the main Tor Browser.app directory (two levels up from
+ // the appDir).
+ NS_ENSURE_ARG_POINTER(aAppDir);
+ NS_ENSURE_ARG_POINTER(aResult);
+ nsCOMPtr<nsIFile> parentDir1, parentDir2;
+ nsresult rv = aAppDir->GetParent(getter_AddRefs(parentDir1));
+ NS_ENSURE_SUCCESS(rv, rv);
+ rv = parentDir1->GetParent(getter_AddRefs(parentDir2));
+ NS_ENSURE_SUCCESS(rv, rv);
+
+ nsCOMPtr<nsIFile> updatedDir;
+ if (!GetFile(parentDir2, "Updated.app"_ns, updatedDir)) {
+ return NS_ERROR_FAILURE;
+ }
+
+ updatedDir.forget(aResult);
+ return NS_OK;
+}
+# endif
+#endif
+
/**
* Applies, switches, or stages an update.
*
@@ -446,7 +511,12 @@ static void ApplyUpdate(nsIFile* greDir, nsIFile* updateDir, nsIFile* appDir,
} else {
// Get the directory where the update is staged or will be staged.
#if defined(XP_MACOSX)
+# if defined(TOR_BROWSER_UPDATE) && !defined(TOR_BROWSER_DATA_OUTSIDE_APP_DIR)
+ rv = GetUpdateDirFromAppDir(appDir, getter_AddRefs(updatedDir));
+ if (NS_FAILED(rv)) {
+# else
if (!GetFile(updateDir, "Updated.app"_ns, updatedDir)) {
+# endif
#else
if (!GetFile(appDir, "updated"_ns, updatedDir)) {
#endif
@@ -541,6 +611,9 @@ static void ApplyUpdate(nsIFile* greDir, nsIFile* updateDir, nsIFile* appDir,
}
LOG(("spawning updater process [%s]\n", updaterPath.get()));
+#ifdef DEBUG
+ dump_argv("ApplyUpdate updater", argv, argc);
+#endif
#if defined(XP_UNIX) && !defined(XP_MACOSX)
// We use execv to spawn the updater process on all UNIX systems except Mac
@@ -579,6 +652,10 @@ static void ApplyUpdate(nsIFile* greDir, nsIFile* updateDir, nsIFile* appDir,
}
#elif defined(XP_MACOSX)
UpdateDriverSetupMacCommandLine(argc, argv, restart);
+# ifdef DEBUG
+dump_argv("ApplyUpdate after SetupMacCommandLine", argv, argc);
+# endif
+# ifndef TOR_BROWSER_UPDATE
// We need to detect whether elevation is required for this update. This can
// occur when an admin user installs the application, but another admin
// user attempts to update (see bug 394984).
@@ -591,6 +668,7 @@ if (restart && !IsRecursivelyWritable(installDirPath.get())) {
}
exit(0);
}
+# endif
if (isStaged) {
// Launch the updater to replace the installation with the staged updated.
@@ -661,9 +739,27 @@ static bool ProcessHasTerminated(ProcessType pt) {
nsresult ProcessUpdates(nsIFile* greDir, nsIFile* appDir, nsIFile* updRootDir,
int argc, char** argv, const char* appVersion,
bool restart, ProcessType* pid) {
+#if defined(XP_WIN) && defined(TOR_BROWSER_UPDATE)
+ // Try to remove the "tobedeleted" directory which, if present, contains
+ // files that could not be removed during a previous update (e.g., DLLs
+ // that were in use and therefore locked by Windows).
+ nsCOMPtr<nsIFile> deleteDir;
+ nsresult winrv = appDir->Clone(getter_AddRefs(deleteDir));
+ if (NS_SUCCEEDED(winrv)) {
+ winrv = deleteDir->AppendNative("tobedeleted"_ns);
+ if (NS_SUCCEEDED(winrv)) {
+ winrv = deleteDir->Remove(true);
+ }
+ }
+#endif
+
nsresult rv;
nsCOMPtr<nsIFile> updatesDir;
+#ifdef DEBUG
+ printf("ProcessUpdates updateRootDir: %s appVersion: %s\n",
+ updRootDir->HumanReadablePath().get(), appVersion);
+#endif
rv = updRootDir->Clone(getter_AddRefs(updatesDir));
NS_ENSURE_SUCCESS(rv, rv);
rv = updatesDir->AppendNative("updates"_ns);
@@ -683,6 +779,12 @@ nsresult ProcessUpdates(nsIFile* greDir, nsIFile* appDir, nsIFile* updRootDir,
nsCOMPtr<nsIFile> statusFile;
UpdateStatus status = GetUpdateStatus(updatesDir, statusFile);
+#ifdef DEBUG
+ printf("ProcessUpdates status: %s (%d)\n", UpdateStatusToString(status),
+ status);
+ printf("ProcessUpdates updatesDir: %s\n",
+ updatesDir->HumanReadablePath().get());
+#endif
switch (status) {
case ePendingUpdate:
case ePendingService: {
@@ -746,13 +848,16 @@ nsUpdateProcessor::ProcessUpdate() {
NS_ENSURE_SUCCESS(rv, rv);
}
+ nsAutoCString appVersion;
+#ifdef TOR_BROWSER_UPDATE
+ appVersion = TOR_BROWSER_VERSION_QUOTED;
+#else
nsCOMPtr<nsIXULAppInfo> appInfo =
do_GetService("@mozilla.org/xre/app-info;1", &rv);
NS_ENSURE_SUCCESS(rv, rv);
-
- nsAutoCString appVersion;
rv = appInfo->GetVersion(appVersion);
NS_ENSURE_SUCCESS(rv, rv);
+#endif
// Copy the parameters to the StagedUpdateInfo structure shared with the
// watcher thread.
diff --git a/toolkit/xre/nsXREDirProvider.cpp b/toolkit/xre/nsXREDirProvider.cpp
index ecd6499bae31..affab1b6ae07 100644
--- a/toolkit/xre/nsXREDirProvider.cpp
+++ b/toolkit/xre/nsXREDirProvider.cpp
@@ -1258,6 +1258,41 @@ nsresult nsXREDirProvider::GetUpdateRootDir(nsIFile** aResult,
}
#endif
nsCOMPtr<nsIFile> updRoot;
+#if defined(TOR_BROWSER_UPDATE)
+ // For Tor Browser, we store update history, etc. within the UpdateInfo
+ // directory under the user data directory.
+ nsresult rv = GetTorBrowserUserDataDir(getter_AddRefs(updRoot));
+ NS_ENSURE_SUCCESS(rv, rv);
+ rv = updRoot->AppendNative("UpdateInfo"_ns);
+ NS_ENSURE_SUCCESS(rv, rv);
+# if defined(XP_MACOSX) && defined(TOR_BROWSER_DATA_OUTSIDE_APP_DIR)
+ // Since the TorBrowser-Data directory may be shared among different
+ // installations of the application, embed the app path in the update dir
+ // so that the update history is partitioned. This is much less likely to
+ // be an issue on Linux or Windows because the Tor Browser packages for
+ // those platforms include a "container" folder that provides partitioning
+ // by default, and we do not support use of a shared, OS-recommended area
+ // for user data on those platforms.
+ nsCOMPtr<nsIFile> appFile;
+ bool per = false;
+ rv = GetFile(XRE_EXECUTABLE_FILE, &per, getter_AddRefs(appFile));
+ NS_ENSURE_SUCCESS(rv, rv);
+ nsCOMPtr<nsIFile> appRootDirFile;
+ nsAutoString appDirPath;
+ if (NS_FAILED(appFile->GetParent(getter_AddRefs(appRootDirFile))) ||
+ NS_FAILED(appRootDirFile->GetPath(appDirPath))) {
+ return NS_ERROR_FAILURE;
+ }
+
+ int32_t dotIndex = appDirPath.RFind(".app");
+ if (dotIndex == kNotFound) {
+ dotIndex = appDirPath.Length();
+ }
+ appDirPath = Substring(appDirPath, 1, dotIndex - 1);
+ rv = updRoot->AppendRelativePath(appDirPath);
+ NS_ENSURE_SUCCESS(rv, rv);
+# endif
+#else // ! TOR_BROWSER_UPDATE
nsCOMPtr<nsIFile> appFile;
bool per = false;
nsresult rv = GetFile(XRE_EXECUTABLE_FILE, &per, getter_AddRefs(appFile));
@@ -1265,7 +1300,7 @@ nsresult nsXREDirProvider::GetUpdateRootDir(nsIFile** aResult,
rv = appFile->GetParent(getter_AddRefs(updRoot));
NS_ENSURE_SUCCESS(rv, rv);
-#ifdef XP_MACOSX
+# ifdef XP_MACOSX
nsCOMPtr<nsIFile> appRootDirFile;
nsCOMPtr<nsIFile> localDir;
nsAutoString appDirPath;
@@ -1299,7 +1334,7 @@ nsresult nsXREDirProvider::GetUpdateRootDir(nsIFile** aResult,
localDir.forget(aResult);
return NS_OK;
-#elif XP_WIN
+# elif XP_WIN
nsAutoString installPath;
rv = updRoot->GetPath(installPath);
NS_ENSURE_SUCCESS(rv, rv);
@@ -1328,7 +1363,8 @@ nsresult nsXREDirProvider::GetUpdateRootDir(nsIFile** aResult,
nsAutoString updatePathStr;
updatePathStr.Assign(updatePath.get());
updRoot->InitWithPath(updatePathStr);
-#endif // XP_WIN
+# endif // XP_WIN
+#endif // ! TOR_BROWSER_UPDATE
updRoot.forget(aResult);
return NS_OK;
}
diff --git a/tools/update-packaging/common.sh b/tools/update-packaging/common.sh
index 4b994f30169c..26eabbf31379 100755
--- a/tools/update-packaging/common.sh
+++ b/tools/update-packaging/common.sh
@@ -8,6 +8,10 @@
# Author: Darin Fisher
#
+# TODO When TOR_BROWSER_DATA_OUTSIDE_APP_DIR is used on all platforms,
+# we should remove all lines in this file that contain:
+# TorBrowser/Data
+
# -----------------------------------------------------------------------------
QUIET=0
@@ -76,17 +80,8 @@ make_add_instruction() {
forced=
fi
- is_extension=$(echo "$f" | grep -c 'distribution/extensions/.*/')
- if [ $is_extension = "1" ]; then
- # Use the subdirectory of the extensions folder as the file to test
- # before performing this add instruction.
- testdir=$(echo "$f" | sed 's/\(.*distribution\/extensions\/[^\/]*\)\/.*/\1/')
- verbose_notice " add-if \"$testdir\" \"$f\""
- echo "add-if \"$testdir\" \"$f\"" >> "$filev3"
- else
- verbose_notice " add \"$f\"$forced"
- echo "add \"$f\"" >> "$filev3"
- fi
+ verbose_notice " add \"$f\"$forced"
+ echo "add \"$f\"" >> "$filev3"
}
check_for_add_if_not_update() {
@@ -109,21 +104,21 @@ make_add_if_not_instruction() {
echo "add-if-not \"$f\" \"$f\"" >> "$filev3"
}
+make_addsymlink_instruction() {
+ link="$1"
+ target="$2"
+ filev3="$3"
+
+ verbose_notice " addsymlink: $link -> $target"
+ echo "addsymlink \"$link\" \"$target\"" >> "$filev3"
+}
+
make_patch_instruction() {
f="$1"
filev3="$2"
- is_extension=$(echo "$f" | grep -c 'distribution/extensions/.*/')
- if [ $is_extension = "1" ]; then
- # Use the subdirectory of the extensions folder as the file to test
- # before performing this add instruction.
- testdir=$(echo "$f" | sed 's/\(.*distribution\/extensions\/[^\/]*\)\/.*/\1/')
- verbose_notice " patch-if \"$testdir\" \"$f.patch\" \"$f\""
- echo "patch-if \"$testdir\" \"$f.patch\" \"$f\"" >> "$filev3"
- else
- verbose_notice " patch \"$f.patch\" \"$f\""
- echo "patch \"$f.patch\" \"$f\"" >> "$filev3"
- fi
+ verbose_notice " patch \"$f.patch\" \"$f\""
+ echo "patch \"$f.patch\" \"$f\"" >> "$filev3"
}
append_remove_instructions() {
@@ -168,6 +163,10 @@ append_remove_instructions() {
# List all files in the current directory, stripping leading "./"
# Pass a variable name and it will be filled as an array.
+# To support Tor Browser updates, skip the following files:
+# TorBrowser/Data/Browser/profiles.ini
+# TorBrowser/Data/Browser/profile.default/bookmarks.html
+# TorBrowser/Data/Tor/torrc
list_files() {
count=0
temp_filelist=$(mktemp)
@@ -178,6 +177,11 @@ list_files() {
| sed 's/\.\/\(.*\)/\1/' \
| sort -r > "${temp_filelist}"
while read file; do
+ if [ "$file" = "TorBrowser/Data/Browser/profiles.ini" -o \
+ "$file" = "TorBrowser/Data/Browser/profile.default/bookmarks.html" -o \
+ "$file" = "TorBrowser/Data/Tor/torrc" ]; then
+ continue;
+ fi
eval "${1}[$count]=\"$file\""
(( count++ ))
done < "${temp_filelist}"
@@ -199,3 +203,19 @@ list_dirs() {
done < "${temp_dirlist}"
rm "${temp_dirlist}"
}
+
+# List all symbolic links in the current directory, stripping leading "./"
+list_symlinks() {
+ count=0
+
+ find . -type l \
+ | sed 's/\.\/\(.*\)/\1/' \
+ | sort -r > "temp-symlinklist"
+ while read symlink; do
+ target=$(readlink "$symlink")
+ eval "${1}[$count]=\"$symlink\""
+ eval "${2}[$count]=\"$target\""
+ (( count++ ))
+ done < "temp-symlinklist"
+ rm "temp-symlinklist"
+}
diff --git a/tools/update-packaging/make_full_update.sh b/tools/update-packaging/make_full_update.sh
index db2c5898efdc..603988997405 100755
--- a/tools/update-packaging/make_full_update.sh
+++ b/tools/update-packaging/make_full_update.sh
@@ -71,6 +71,7 @@ if [ ! -f "precomplete" ]; then
fi
list_files files
+list_symlinks symlinks symlink_targets
popd
@@ -81,6 +82,21 @@ notice "Adding type instruction to update manifests"
notice " type complete"
echo "type \"complete\"" >> "$updatemanifestv3"
+# TODO When TOR_BROWSER_DATA_OUTSIDE_APP_DIR is used on all platforms,
+# we should remove the following lines:
+# If removal of any old, existing directories is desired, emit the appropriate
+# rmrfdir commands.
+notice ""
+notice "Adding directory removal instructions to update manifests"
+for dir_to_remove in $directories_to_remove; do
+ # rmrfdir requires a trailing slash; if slash is missing, add one.
+ if ! [[ "$dir_to_remove" =~ /$ ]]; then
+ dir_to_remove="${dir_to_remove}/"
+ fi
+ echo "rmrfdir \"$dir_to_remove\"" >> "$updatemanifestv3"
+done
+# END TOR_BROWSER_DATA_OUTSIDE_APP_DIR removal
+
notice ""
notice "Adding file add instructions to update manifests"
num_files=${#files[*]}
@@ -102,6 +118,15 @@ for ((i=0; $i<$num_files; i=$i+1)); do
targetfiles="$targetfiles \"$f\""
done
+notice ""
+notice "Adding symlink add instructions to update manifests"
+num_symlinks=${#symlinks[*]}
+for ((i=0; $i<$num_symlinks; i=$i+1)); do
+ link="${symlinks[$i]}"
+ target="${symlink_targets[$i]}"
+ make_addsymlink_instruction "$link" "$target" "$updatemanifestv3"
+done
+
# Append remove instructions for any dead files.
notice ""
notice "Adding file and directory remove instructions from file 'removed-files'"
diff --git a/tools/update-packaging/make_incremental_update.sh b/tools/update-packaging/make_incremental_update.sh
index 24d68616731a..1adfef8fd96e 100755
--- a/tools/update-packaging/make_incremental_update.sh
+++ b/tools/update-packaging/make_incremental_update.sh
@@ -78,7 +78,11 @@ if [ $# = 0 ]; then
exit 1
fi
-requested_forced_updates='Contents/MacOS/firefox'
+# Firefox uses requested_forced_updates='Contents/MacOS/firefox' due to
+# 770996 but in Tor Browser we do not need that fix.
+requested_forced_updates=""
+directories_to_remove=""
+extra_files_to_remove=""
while getopts "hqf:" flag
do
@@ -114,6 +118,28 @@ workdir="$(mktemp -d)"
updatemanifestv3="$workdir/updatev3.manifest"
archivefiles="updatev3.manifest"
+# TODO When TOR_BROWSER_DATA_OUTSIDE_APP_DIR is used on all platforms,
+# we should remove the following lines:
+# If the NoScript extension has changed between
+# releases, add it to the "force updates" list.
+ext_path='TorBrowser/Data/Browser/profile.default/extensions'
+if [ -d "$newdir/$ext_path" ]; then
+ noscript='{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi'
+
+ # NoScript is a packed extension, so we simply compare the old and the new
+ # .xpi files.
+ noscript_path="$ext_path/$noscript"
+ diff -a "$olddir/$noscript_path" "$newdir/$noscript_path" > /dev/null
+ rc=$?
+ if [ $rc -gt 1 ]; then
+ notice "Unexpected exit $rc from $noscript_path diff command"
+ exit 2
+ elif [ $rc -eq 1 ]; then
+ requested_forced_updates="$requested_forced_updates $noscript_path"
+ fi
+fi
+# END TOR_BROWSER_DATA_OUTSIDE_APP_DIR removal
+
mkdir -p "$workdir"
# Generate a list of all files in the target directory.
@@ -124,6 +150,7 @@ fi
list_files oldfiles
list_dirs olddirs
+list_symlinks oldsymlinks oldsymlink_targets
popd
@@ -141,6 +168,7 @@ fi
list_dirs newdirs
list_files newfiles
+list_symlinks newsymlinks newsymlink_targets
popd
@@ -151,6 +179,22 @@ notice "Adding type instruction to update manifests"
notice " type partial"
echo "type \"partial\"" >> $updatemanifestv3
+# TODO When TOR_BROWSER_DATA_OUTSIDE_APP_DIR is used on all platforms,
+# we should remove the following lines:
+# If removal of any old, existing directories is desired, emit the appropriate
+# rmrfdir commands.
+notice ""
+notice "Adding directory removal instructions to update manifests"
+for dir_to_remove in $directories_to_remove; do
+ # rmrfdir requires a trailing slash, so add one if missing.
+ if ! [[ "$dir_to_remove" =~ /$ ]]; then
+ dir_to_remove="${dir_to_remove}/"
+ fi
+ echo "rmrfdir \"$dir_to_remove\"" >> "$updatemanifestv3"
+done
+# END TOR_BROWSER_DATA_OUTSIDE_APP_DIR removal
+
+
notice ""
notice "Adding file patch and add instructions to update manifests"
@@ -242,6 +286,23 @@ for ((i=0; $i<$num_oldfiles; i=$i+1)); do
fi
done
+# Remove and re-add symlinks
+notice ""
+notice "Adding symlink remove/add instructions to update manifests"
+num_oldsymlinks=${#oldsymlinks[*]}
+for ((i=0; $i<$num_oldsymlinks; i=$i+1)); do
+ link="${oldsymlinks[$i]}"
+ verbose_notice " remove: $link"
+ echo "remove \"$link\"" >> "$updatemanifestv3"
+done
+
+num_newsymlinks=${#newsymlinks[*]}
+for ((i=0; $i<$num_newsymlinks; i=$i+1)); do
+ link="${newsymlinks[$i]}"
+ target="${newsymlink_targets[$i]}"
+ make_addsymlink_instruction "$link" "$target" "$updatemanifestv3"
+done
+
# Newly added files
notice ""
notice "Adding file add instructions to update manifests"
@@ -286,6 +347,14 @@ notice ""
notice "Adding file and directory remove instructions from file 'removed-files'"
append_remove_instructions "$newdir" "$updatemanifestv3"
+# TODO When TOR_BROWSER_DATA_OUTSIDE_APP_DIR is used on all platforms,
+# we should remove the following lines:
+for f in $extra_files_to_remove; do
+ notice " remove \"$f\""
+ echo "remove \"$f\"" >> "$updatemanifestv3"
+done
+# END TOR_BROWSER_DATA_OUTSIDE_APP_DIR removal
+
notice ""
notice "Adding directory remove instructions for directories that no longer exist"
num_olddirs=${#olddirs[*]}
1
0

[tor-browser/tor-browser-86.0b1-10.5-1] Bug 19121: reinstate the update.xml hash check
by gk@torproject.org 30 Jan '21
by gk@torproject.org 30 Jan '21
30 Jan '21
commit c65074fdaa2b9155438b566ab39608c690d15721
Author: Kathy Brade <brade(a)pearlcrescent.com>
Date: Mon Apr 23 15:22:57 2018 -0400
Bug 19121: reinstate the update.xml hash check
Revert most changes from Mozilla Bug 1373267 "Remove hashFunction and
hashValue attributes from nsIUpdatePatch and code related to these
attributes." Changes to the tests were not reverted; the tests have
been changed significantly and we do not run automated updater tests
for Tor Browser at this time.
Also partial revert of commit f1241db6986e4b54473a1ed870f7584c75d51122.
Revert the nsUpdateService.js changes from Mozilla Bug 862173 "don't
verify mar file hash when using mar signing to verify the mar file
(lessens main thread I/O)."
Changes to the tests were not reverted; the tests have been changed
significantly and we do not run automated updater tests for
Tor Browser at this time.
We kept the addition to the AppConstants API in case other JS code
references it in the future.
---
toolkit/modules/AppConstants.jsm | 7 ++++
toolkit/mozapps/update/UpdateService.jsm | 63 ++++++++++++++++++++++++++++-
toolkit/mozapps/update/UpdateTelemetry.jsm | 1 +
toolkit/mozapps/update/nsIUpdateService.idl | 11 +++++
4 files changed, 81 insertions(+), 1 deletion(-)
diff --git a/toolkit/modules/AppConstants.jsm b/toolkit/modules/AppConstants.jsm
index a0dc71f3b676..44d8839df5e1 100644
--- a/toolkit/modules/AppConstants.jsm
+++ b/toolkit/modules/AppConstants.jsm
@@ -212,6 +212,13 @@ this.AppConstants = Object.freeze({
false,
#endif
+ MOZ_VERIFY_MAR_SIGNATURE:
+#ifdef MOZ_VERIFY_MAR_SIGNATURE
+ true,
+#else
+ false,
+#endif
+
MOZ_MAINTENANCE_SERVICE:
#ifdef MOZ_MAINTENANCE_SERVICE
true,
diff --git a/toolkit/mozapps/update/UpdateService.jsm b/toolkit/mozapps/update/UpdateService.jsm
index 43fd3ddbf7f2..47843d17b979 100644
--- a/toolkit/mozapps/update/UpdateService.jsm
+++ b/toolkit/mozapps/update/UpdateService.jsm
@@ -907,6 +907,20 @@ function LOG(string) {
}
}
+/**
+ * Convert a string containing binary values to hex.
+ */
+function binaryToHex(input) {
+ var result = "";
+ for (var i = 0; i < input.length; ++i) {
+ var hex = input.charCodeAt(i).toString(16);
+ if (hex.length == 1)
+ hex = "0" + hex;
+ result += hex;
+ }
+ return result;
+}
+
/**
* Gets the specified directory at the specified hierarchy under the
* update root directory and creates it if it doesn't exist.
@@ -1894,6 +1908,8 @@ function UpdatePatch(patch) {
}
break;
case "finalURL":
+ case "hashFunction":
+ case "hashValue":
case "state":
case "type":
case "URL":
@@ -1913,6 +1929,8 @@ UpdatePatch.prototype = {
// over writing nsIUpdatePatch attributes.
_attrNames: [
"errorCode",
+ "hashFunction",
+ "hashValue",
"finalURL",
"selected",
"size",
@@ -1926,6 +1944,8 @@ UpdatePatch.prototype = {
*/
serialize: function UpdatePatch_serialize(updates) {
var patch = updates.createElementNS(URI_UPDATE_NS, "patch");
+ patch.setAttribute("hashFunction", this.hashFunction);
+ patch.setAttribute("hashValue", this.hashValue);
patch.setAttribute("size", this.size);
patch.setAttribute("type", this.type);
patch.setAttribute("URL", this.URL);
@@ -4935,7 +4955,42 @@ Downloader.prototype = {
}
LOG("Downloader:_verifyDownload downloaded size == expected size.");
- return true;
+ let fileStream = Cc["@mozilla.org/network/file-input-stream;1"].
+ createInstance(Ci.nsIFileInputStream);
+ fileStream.init(destination, FileUtils.MODE_RDONLY, FileUtils.PERMS_FILE, 0);
+
+ let digest;
+ try {
+ let hash = Cc["@mozilla.org/security/hash;1"].
+ createInstance(Ci.nsICryptoHash);
+ var hashFunction = Ci.nsICryptoHash[this._patch.hashFunction.toUpperCase()];
+ if (hashFunction == undefined) {
+ throw Cr.NS_ERROR_UNEXPECTED;
+ }
+ hash.init(hashFunction);
+ hash.updateFromStream(fileStream, -1);
+ // NOTE: For now, we assume that the format of _patch.hashValue is hex
+ // encoded binary (such as what is typically output by programs like
+ // sha1sum). In the future, this may change to base64 depending on how
+ // we choose to compute these hashes.
+ digest = binaryToHex(hash.finish(false));
+ } catch (e) {
+ LOG("Downloader:_verifyDownload - failed to compute hash of the " +
+ "downloaded update archive");
+ digest = "";
+ }
+
+ fileStream.close();
+
+ if (digest == this._patch.hashValue.toLowerCase()) {
+ LOG("Downloader:_verifyDownload hashes match.");
+ return true;
+ }
+
+ LOG("Downloader:_verifyDownload hashes do not match. ");
+ AUSTLMY.pingDownloadCode(this.isCompleteUpdate,
+ AUSTLMY.DWNLD_ERR_VERIFY_NO_HASH_MATCH);
+ return false;
},
/**
@@ -5521,6 +5576,9 @@ Downloader.prototype = {
" is higher than patch size: " +
this._patch.size
);
+ // It's important that we use a different code than
+ // NS_ERROR_CORRUPTED_CONTENT so that tests can verify the difference
+ // between a hash error and a wrong download error.
AUSTLMY.pingDownloadCode(
this.isCompleteUpdate,
AUSTLMY.DWNLD_ERR_PATCH_SIZE_LARGER
@@ -5539,6 +5597,9 @@ Downloader.prototype = {
" is not equal to expected patch size: " +
this._patch.size
);
+ // It's important that we use a different code than
+ // NS_ERROR_CORRUPTED_CONTENT so that tests can verify the difference
+ // between a hash error and a wrong download error.
AUSTLMY.pingDownloadCode(
this.isCompleteUpdate,
AUSTLMY.DWNLD_ERR_PATCH_SIZE_NOT_EQUAL
diff --git a/toolkit/mozapps/update/UpdateTelemetry.jsm b/toolkit/mozapps/update/UpdateTelemetry.jsm
index 70ef8fb661eb..2c2e6affd03b 100644
--- a/toolkit/mozapps/update/UpdateTelemetry.jsm
+++ b/toolkit/mozapps/update/UpdateTelemetry.jsm
@@ -192,6 +192,7 @@ var AUSTLMY = {
DWNLD_ERR_VERIFY_NO_REQUEST: 13,
DWNLD_ERR_VERIFY_PATCH_SIZE_NOT_EQUAL: 14,
DWNLD_ERR_WRITE_FAILURE: 15,
+ DWNLD_ERR_VERIFY_NO_HASH_MATCH: 16,
// Temporary failure code to see if there are failures without an update phase
DWNLD_UNKNOWN_PHASE_ERR_WRITE_FAILURE: 40,
diff --git a/toolkit/mozapps/update/nsIUpdateService.idl b/toolkit/mozapps/update/nsIUpdateService.idl
index 49bb97ae7843..993ba72bae70 100644
--- a/toolkit/mozapps/update/nsIUpdateService.idl
+++ b/toolkit/mozapps/update/nsIUpdateService.idl
@@ -39,6 +39,17 @@ interface nsIUpdatePatch : nsISupports
*/
attribute AString finalURL;
+ /**
+ * The hash function to use when determining this file's integrity
+ */
+ attribute AString hashFunction;
+
+ /**
+ * The value of the hash function named above that should be computed if
+ * this file is not corrupt.
+ */
+ attribute AString hashValue;
+
/**
* The size of this file, in bytes.
*/
1
0

[tor-browser/tor-browser-86.0b1-10.5-1] Bug 13379: Sign our MAR files.
by gk@torproject.org 30 Jan '21
by gk@torproject.org 30 Jan '21
30 Jan '21
commit 3d9102d7bfa4471aa4a075ebdb73549ee7e3fb2c
Author: Kathy Brade <brade(a)pearlcrescent.com>
Date: Wed Dec 17 16:37:11 2014 -0500
Bug 13379: Sign our MAR files.
Configure with --enable-verify-mar (when updating, require a valid
signature on the MAR file before it is applied).
Use the Tor Browser version instead of the Firefox version inside the
MAR file info block (necessary to prevent downgrade attacks).
Use NSS on all platforms for checking MAR signatures (instead of using
OS-native APIs, which Mozilla does on Mac OS and Windows). So that the
NSS and NSPR libraries the updater depends on can be found at runtime,
we add the firefox directory to the shared library search path on macOS.
On Linux, rpath is used by Mozilla to solve that problem, but that
approach won't work on macOS because the updater executable is copied
during the update process to a location that is under TorBrowser-Data,
and the location of TorBrowser-Data varies.
Also includes the fix for bug 18900.
---
.mozconfig | 1 +
.mozconfig-asan | 1 +
.mozconfig-mac | 1 +
.mozconfig-mingw | 1 +
modules/libmar/tool/mar.c | 6 +--
modules/libmar/tool/moz.build | 12 ++++--
modules/libmar/verify/moz.build | 14 +++---
.../mozapps/update/updater/updater-common.build | 26 +++++++++--
toolkit/mozapps/update/updater/updater.cpp | 25 +++++++----
toolkit/xre/moz.build | 3 ++
toolkit/xre/nsUpdateDriver.cpp | 50 ++++++++++++++++++++++
11 files changed, 115 insertions(+), 25 deletions(-)
diff --git a/.mozconfig b/.mozconfig
index 18cd1f9b6487..c50c57d410de 100755
--- a/.mozconfig
+++ b/.mozconfig
@@ -37,3 +37,4 @@ ac_add_options MOZ_TELEMETRY_REPORTING=
ac_add_options --disable-tor-launcher
ac_add_options --with-tor-browser-version=dev-build
ac_add_options --disable-tor-browser-update
+ac_add_options --enable-verify-mar
diff --git a/.mozconfig-asan b/.mozconfig-asan
index bad7ea022c9f..e42ff6c86bc5 100644
--- a/.mozconfig-asan
+++ b/.mozconfig-asan
@@ -29,6 +29,7 @@ ac_add_options --enable-official-branding
ac_add_options --enable-default-toolkit=cairo-gtk3
ac_add_options --enable-tor-browser-update
+ac_add_options --enable-verify-mar
ac_add_options --disable-strip
ac_add_options --disable-install-strip
diff --git a/.mozconfig-mac b/.mozconfig-mac
index 26e2b6b92fdb..5b4624ef1f67 100644
--- a/.mozconfig-mac
+++ b/.mozconfig-mac
@@ -43,6 +43,7 @@ ac_add_options --disable-debug
ac_add_options --enable-tor-browser-data-outside-app-dir
ac_add_options --enable-tor-browser-update
+ac_add_options --enable-verify-mar
ac_add_options --disable-crashreporter
ac_add_options --disable-webrtc
diff --git a/.mozconfig-mingw b/.mozconfig-mingw
index 3ec6ff18a3e9..ce6ace1dad67 100644
--- a/.mozconfig-mingw
+++ b/.mozconfig-mingw
@@ -15,6 +15,7 @@ ac_add_options --enable-strip
ac_add_options --enable-official-branding
ac_add_options --enable-tor-browser-update
+ac_add_options --enable-verify-mar
ac_add_options --disable-bits-download
# Let's make sure no preference is enabling either Adobe's or Google's CDM.
diff --git a/modules/libmar/tool/mar.c b/modules/libmar/tool/mar.c
index 0bf2cb4bd1d4..ea2b79924914 100644
--- a/modules/libmar/tool/mar.c
+++ b/modules/libmar/tool/mar.c
@@ -65,7 +65,7 @@ static void print_usage() {
"signed_input_archive.mar base_64_encoded_signature_file "
"changed_signed_output.mar\n");
printf("(i) is the index of the certificate to extract\n");
-# if defined(XP_MACOSX) || (defined(XP_WIN) && !defined(MAR_NSS))
+# if (defined(XP_MACOSX) || defined(XP_WIN)) && !defined(MAR_NSS)
printf("Verify a MAR file:\n");
printf(" mar [-C workingDir] -D DERFilePath -v signed_archive.mar\n");
printf(
@@ -149,7 +149,7 @@ int main(int argc, char** argv) {
memset((void*)certBuffers, 0, sizeof(certBuffers));
#endif
#if !defined(NO_SIGN_VERIFY) && \
- ((!defined(MAR_NSS) && defined(XP_WIN)) || defined(XP_MACOSX))
+ (!defined(MAR_NSS) && (defined(XP_WIN) || defined(XP_MACOSX)))
memset(DERFilePaths, 0, sizeof(DERFilePaths));
memset(fileSizes, 0, sizeof(fileSizes));
#endif
@@ -181,7 +181,7 @@ int main(int argc, char** argv) {
argc -= 2;
}
#if !defined(NO_SIGN_VERIFY)
-# if (!defined(MAR_NSS) && defined(XP_WIN)) || defined(XP_MACOSX)
+# if (!defined(MAR_NSS) && (defined(XP_WIN) || defined(XP_MACOSX)))
/* -D DERFilePath, also matches -D[index] DERFilePath
We allow an index for verifying to be symmetric
with the import and export command line arguments. */
diff --git a/modules/libmar/tool/moz.build b/modules/libmar/tool/moz.build
index a6d26c66a668..d6fa1677ddf1 100644
--- a/modules/libmar/tool/moz.build
+++ b/modules/libmar/tool/moz.build
@@ -43,15 +43,21 @@ if CONFIG["MOZ_BUILD_APP"] != "tools/update-packaging":
"verifymar",
]
+ if CONFIG["TOR_BROWSER_UPDATE"]:
+ DEFINES["MAR_NSS"] = True
+
if CONFIG["OS_ARCH"] == "WINNT":
USE_STATIC_LIBS = True
OS_LIBS += [
"ws2_32",
- "crypt32",
- "advapi32",
]
- elif CONFIG["OS_ARCH"] == "Darwin":
+ if not CONFIG["TOR_BROWSER_UPDATE"]:
+ OS_LIBS += [
+ "crypt32",
+ "advapi32",
+ ]
+ elif CONFIG["OS_ARCH"] == "Darwin" and not CONFIG["TOR_BROWSER_UPDATE"]:
OS_LIBS += [
"-framework Security",
]
diff --git a/modules/libmar/verify/moz.build b/modules/libmar/verify/moz.build
index b07475655f0d..03718eee50b4 100644
--- a/modules/libmar/verify/moz.build
+++ b/modules/libmar/verify/moz.build
@@ -16,15 +16,12 @@ FORCE_STATIC_LIB = True
if CONFIG["OS_ARCH"] == "WINNT":
USE_STATIC_LIBS = True
elif CONFIG["OS_ARCH"] == "Darwin":
- UNIFIED_SOURCES += [
- "MacVerifyCrypto.cpp",
- ]
- OS_LIBS += [
- "-framework Security",
+ USE_LIBS += [
+ "nspr",
+ "nss",
+ "signmar",
]
else:
- DEFINES["MAR_NSS"] = True
- LOCAL_INCLUDES += ["../sign"]
USE_LIBS += [
"nspr",
"nss",
@@ -38,6 +35,9 @@ else:
"-Wl,-rpath=\\$$ORIGIN",
]
+DEFINES["MAR_NSS"] = True
+LOCAL_INCLUDES += ["../sign"]
+
LOCAL_INCLUDES += [
"../src",
]
diff --git a/toolkit/mozapps/update/updater/updater-common.build b/toolkit/mozapps/update/updater/updater-common.build
index 2f2a210f255b..74b24151757f 100644
--- a/toolkit/mozapps/update/updater/updater-common.build
+++ b/toolkit/mozapps/update/updater/updater-common.build
@@ -4,6 +4,12 @@
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+DEFINES["MAR_NSS"] = True
+
+link_with_nss = DEFINES["MAR_NSS"] or (
+ CONFIG["OS_ARCH"] == "Linux" and CONFIG["MOZ_VERIFY_MAR_SIGNATURE"]
+)
+
srcs = [
"archivereader.cpp",
"updater.cpp",
@@ -36,10 +42,14 @@ if CONFIG["OS_ARCH"] == "WINNT":
"ws2_32",
"shell32",
"shlwapi",
- "crypt32",
- "advapi32",
]
+ if not link_with_nss:
+ OS_LIBS += [
+ "crypt32",
+ "advapi32",
+ ]
+
USE_LIBS += [
"bspatch",
"mar",
@@ -47,6 +57,13 @@ USE_LIBS += [
"xz-embedded",
]
+if link_with_nss:
+ USE_LIBS += [
+ "nspr",
+ "nss",
+ "signmar",
+ ]
+
if CONFIG["MOZ_WIDGET_TOOLKIT"] == "gtk":
have_progressui = 1
srcs += [
@@ -61,9 +78,12 @@ if CONFIG["MOZ_WIDGET_TOOLKIT"] == "cocoa":
]
OS_LIBS += [
"-framework Cocoa",
- "-framework Security",
"-framework SystemConfiguration",
]
+ if not link_with_nss:
+ OS_LIBS += [
+ "-framework Security",
+ ]
UNIFIED_SOURCES += [
"/toolkit/xre/updaterfileutils_osx.mm",
]
diff --git a/toolkit/mozapps/update/updater/updater.cpp b/toolkit/mozapps/update/updater/updater.cpp
index 226354d5e753..d6f1f6c568bc 100644
--- a/toolkit/mozapps/update/updater/updater.cpp
+++ b/toolkit/mozapps/update/updater/updater.cpp
@@ -106,9 +106,11 @@ struct UpdateServerThreadArgs {
# define USE_EXECV
#endif
-#if defined(MOZ_VERIFY_MAR_SIGNATURE) && !defined(XP_WIN) && !defined(XP_MACOSX)
-# include "nss.h"
-# include "prerror.h"
+#if defined(MOZ_VERIFY_MAR_SIGNATURE)
+# if defined(MAR_NSS) || (!defined(XP_WIN) && !defined(XP_MACOSX))
+# include "nss.h"
+# include "prerror.h"
+# endif
#endif
#include "crctable.h"
@@ -2721,8 +2723,13 @@ static void UpdateThreadFunc(void* param) {
if (ReadMARChannelIDs(updateSettingsPath, &MARStrings) != OK) {
rv = UPDATE_SETTINGS_FILE_CHANNEL;
} else {
+# ifdef TOR_BROWSER_UPDATE
+ const char* appVersion = TOR_BROWSER_VERSION_QUOTED;
+# else
+ const char* appVersion = MOZ_APP_VERSION;
+# endif
rv = gArchiveReader.VerifyProductInformation(
- MARStrings.MARChannelID.get(), MOZ_APP_VERSION);
+ MARStrings.MARChannelID.get(), appVersion);
}
}
}
@@ -2923,11 +2930,10 @@ int NS_main(int argc, NS_tchar** argv) {
}
#endif
-#if defined(MOZ_VERIFY_MAR_SIGNATURE) && !defined(XP_WIN) && !defined(XP_MACOSX)
- // On Windows and Mac we rely on native APIs to do verifications so we don't
- // need to initialize NSS at all there.
- // Otherwise, minimize the amount of NSS we depend on by avoiding all the NSS
- // databases.
+#if defined(MOZ_VERIFY_MAR_SIGNATURE)
+# if defined(MAR_NSS) || (!defined(XP_WIN) && !defined(XP_MACOSX))
+ // If using NSS for signature verification, initialize NSS but minimize
+ // the portion we depend on by avoiding all of the NSS databases.
if (NSS_NoDB_Init(nullptr) != SECSuccess) {
PRErrorCode error = PR_GetError();
fprintf(stderr, "Could not initialize NSS: %s (%d)", PR_ErrorToName(error),
@@ -2935,6 +2941,7 @@ int NS_main(int argc, NS_tchar** argv) {
_exit(1);
}
#endif
+#endif
#ifdef XP_MACOSX
if (!isElevated) {
diff --git a/toolkit/xre/moz.build b/toolkit/xre/moz.build
index edaabb958d98..f0a12c6c5942 100644
--- a/toolkit/xre/moz.build
+++ b/toolkit/xre/moz.build
@@ -232,6 +232,9 @@ for var in ("APP_VERSION", "APP_ID"):
if CONFIG["MOZ_BUILD_APP"] == "browser":
DEFINES["MOZ_BUILD_APP_IS_BROWSER"] = True
+if CONFIG["TOR_BROWSER_UPDATE"]:
+ DEFINES["MAR_NSS"] = True
+
LOCAL_INCLUDES += [
"../../other-licenses/nsis/Contrib/CityHash/cityhash",
"../components/find",
diff --git a/toolkit/xre/nsUpdateDriver.cpp b/toolkit/xre/nsUpdateDriver.cpp
index 4a4ad10a0aa5..a0a9f6ba93c7 100644
--- a/toolkit/xre/nsUpdateDriver.cpp
+++ b/toolkit/xre/nsUpdateDriver.cpp
@@ -364,6 +364,42 @@ static nsresult GetUpdateDirFromAppDir(nsIFile* aAppDir, nsIFile** aResult) {
# endif
#endif
+#if defined(TOR_BROWSER_UPDATE) && defined(MOZ_VERIFY_MAR_SIGNATURE) && \
+ defined(MAR_NSS) && defined(XP_MACOSX)
+/**
+ * Ideally we would save and restore the original library path value after
+ * the updater finishes its work (and before firefox is re-launched).
+ * Doing so would avoid potential problems like the following bug:
+ * https://bugzilla.mozilla.org/show_bug.cgi?id=1434033
+ */
+/**
+ * Appends the specified path to the library path.
+ * This is used so that the updater can find libnss3.dylib and other
+ * shared libs.
+ *
+ * @param pathToAppend A new library path to prepend to the dynamic linker's
+ * search path.
+ */
+# include "prprf.h"
+# define PATH_SEPARATOR ":"
+# define LD_LIBRARY_PATH_ENVVAR_NAME "DYLD_LIBRARY_PATH"
+static void AppendToLibPath(const char* pathToAppend) {
+ char* pathValue = getenv(LD_LIBRARY_PATH_ENVVAR_NAME);
+ if (nullptr == pathValue || '\0' == *pathValue) {
+ // Leak the string because that is required by PR_SetEnv.
+ char* s =
+ Smprintf("%s=%s", LD_LIBRARY_PATH_ENVVAR_NAME, pathToAppend).release();
+ PR_SetEnv(s);
+ } else {
+ // Leak the string because that is required by PR_SetEnv.
+ char* s = Smprintf("%s=%s" PATH_SEPARATOR "%s", LD_LIBRARY_PATH_ENVVAR_NAME,
+ pathToAppend, pathValue)
+ .release();
+ PR_SetEnv(s);
+ }
+}
+#endif
+
/**
* Applies, switches, or stages an update.
*
@@ -610,6 +646,20 @@ static void ApplyUpdate(nsIFile* greDir, nsIFile* updateDir, nsIFile* appDir,
PR_SetEnv("MOZ_SAFE_MODE_RESTART=1");
}
+#if defined(TOR_BROWSER_UPDATE) && defined(MOZ_VERIFY_MAR_SIGNATURE) && \
+ defined(MAR_NSS) && defined(XP_MACOSX)
+ // On macOS, append the app directory to the shared library search path
+ // so the system can locate the shared libraries that are needed by the
+ // updater, e.g., libnss3.dylib).
+ nsAutoCString appPath;
+ nsresult rv2 = appDir->GetNativePath(appPath);
+ if (NS_SUCCEEDED(rv2)) {
+ AppendToLibPath(appPath.get());
+ } else {
+ LOG(("ApplyUpdate -- appDir->GetNativePath() failed (0x%x)\n", rv2));
+ }
+#endif
+
LOG(("spawning updater process [%s]\n", updaterPath.get()));
#ifdef DEBUG
dump_argv("ApplyUpdate updater", argv, argc);
1
0

[tor-browser/tor-browser-86.0b1-10.5-1] Bug 21724: Make Firefox and Tor Browser distinct macOS apps
by gk@torproject.org 30 Jan '21
by gk@torproject.org 30 Jan '21
30 Jan '21
commit e9c0489f22ecb77f7975d23af9fd2c4524273820
Author: teor <teor2345(a)gmail.com>
Date: Mon Mar 13 23:06:23 2017 +1100
Bug 21724: Make Firefox and Tor Browser distinct macOS apps
When macOS opens a document or selects a default browser, it sometimes
uses the CFBundleSignature. Changing from the Firefox MOZB signature to
a different signature TORB allows macOS to distinguish between Firefox
and Tor Browser.
---
browser/app/Makefile.in | 2 +-
browser/app/macbuild/Contents/Info.plist.in | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/browser/app/Makefile.in b/browser/app/Makefile.in
index 54d6b43fe126..8dd3a9a65661 100644
--- a/browser/app/Makefile.in
+++ b/browser/app/Makefile.in
@@ -102,5 +102,5 @@ ifdef MOZ_UPDATER
mv -f '$(dist_dest)/Contents/MacOS/updater.app/Contents/MacOS/org.mozilla.updater' '$(dist_dest)/Contents/Library/LaunchServices'
ln -s ../../../../Library/LaunchServices/org.mozilla.updater '$(dist_dest)/Contents/MacOS/updater.app/Contents/MacOS/org.mozilla.updater'
endif
- printf APPLMOZB > '$(dist_dest)/Contents/PkgInfo'
+ printf APPLTORB > '$(dist_dest)/Contents/PkgInfo'
endif
diff --git a/browser/app/macbuild/Contents/Info.plist.in b/browser/app/macbuild/Contents/Info.plist.in
index fb5e6993ea9d..1d376c8d83d6 100644
--- a/browser/app/macbuild/Contents/Info.plist.in
+++ b/browser/app/macbuild/Contents/Info.plist.in
@@ -179,7 +179,7 @@
<key>CFBundleShortVersionString</key>
<string>@APP_VERSION@</string>
<key>CFBundleSignature</key>
- <string>MOZB</string>
+ <string>TORB</string>
<key>CFBundleURLTypes</key>
<array>
<dict>
1
0

[tor-browser/tor-browser-86.0b1-10.5-1] Bug 18800: Remove localhost DNS lookup in nsProfileLock.cpp
by gk@torproject.org 30 Jan '21
by gk@torproject.org 30 Jan '21
30 Jan '21
commit 35e0d92720034ed10b5b07740be3cec100e683db
Author: Kathy Brade <brade(a)pearlcrescent.com>
Date: Thu Apr 21 10:40:26 2016 -0400
Bug 18800: Remove localhost DNS lookup in nsProfileLock.cpp
Instead of using the local computer's IP address within
symlink-based profile lock signatures, always use 127.0.0.1.
---
toolkit/profile/nsProfileLock.cpp | 17 ++++++++---------
1 file changed, 8 insertions(+), 9 deletions(-)
diff --git a/toolkit/profile/nsProfileLock.cpp b/toolkit/profile/nsProfileLock.cpp
index 01818d32e6f7..adccfa4dd6d4 100644
--- a/toolkit/profile/nsProfileLock.cpp
+++ b/toolkit/profile/nsProfileLock.cpp
@@ -289,18 +289,17 @@ nsresult nsProfileLock::LockWithSymlink(nsIFile* aLockFile,
if (!mReplacedLockTime)
aLockFile->GetLastModifiedTimeOfLink(&mReplacedLockTime);
+ // For Tor Browser, avoid a DNS lookup here so the Tor network is not
+ // bypassed. Instead, always use 127.0.0.1 for the IP address portion
+ // of the lock signature, which may cause the browser to refuse to
+ // start in the rare event that all of the following conditions are met:
+ // 1. The browser profile is on a network file system.
+ // 2. The file system does not support fcntl() locking.
+ // 3. Tor Browser is run from two different computers at the same time.
+
struct in_addr inaddr;
inaddr.s_addr = htonl(INADDR_LOOPBACK);
- char hostname[256];
- PRStatus status = PR_GetSystemInfo(PR_SI_HOSTNAME, hostname, sizeof hostname);
- if (status == PR_SUCCESS) {
- char netdbbuf[PR_NETDB_BUF_SIZE];
- PRHostEnt hostent;
- status = PR_GetHostByName(hostname, netdbbuf, sizeof netdbbuf, &hostent);
- if (status == PR_SUCCESS) memcpy(&inaddr, hostent.h_addr, sizeof inaddr);
- }
-
mozilla::SmprintfPointer signature =
mozilla::Smprintf("%s:%s%lu", inet_ntoa(inaddr),
aHaveFcntlLock ? "+" : "", (unsigned long)getpid());
1
0

[tor-browser/tor-browser-86.0b1-10.5-1] Bug 11641: change TBB directory structure to be more like Firefox's
by gk@torproject.org 30 Jan '21
by gk@torproject.org 30 Jan '21
30 Jan '21
commit 4e90ccd2ccfbd2db210b3c00d2ebfbaf7e3ecce7
Author: Kathy Brade <brade(a)pearlcrescent.com>
Date: Tue Apr 29 13:08:24 2014 -0400
Bug 11641: change TBB directory structure to be more like Firefox's
Unless the -osint command line flag is used, the browser now defaults
to the equivalent of -no-remote. There is a new -allow-remote flag that
may be used to restore the original (Firefox-like) default behavior.
---
toolkit/xre/nsAppRunner.cpp | 21 ++++++++++++++++-----
1 file changed, 16 insertions(+), 5 deletions(-)
diff --git a/toolkit/xre/nsAppRunner.cpp b/toolkit/xre/nsAppRunner.cpp
index 9e34295e8119..e762c64923a9 100644
--- a/toolkit/xre/nsAppRunner.cpp
+++ b/toolkit/xre/nsAppRunner.cpp
@@ -1805,8 +1805,10 @@ static void DumpHelp() {
" --migration Start with migration wizard.\n"
" --ProfileManager Start with ProfileManager.\n"
#ifdef MOZ_HAS_REMOTE
- " --no-remote Do not accept or send remote commands; implies\n"
+ " --no-remote (default) Do not accept or send remote commands; "
+ "implies\n"
" --new-instance.\n"
+ " --allow-remote Accept and send remote commands.\n"
" --new-instance Open new instance, not a new window in running "
"instance.\n"
#endif
@@ -4009,16 +4011,25 @@ int XREMain::XRE_mainInit(bool* aExitFlag) {
gSafeMode);
#if defined(MOZ_HAS_REMOTE)
+ // In Tor Browser, remoting is disabled by default unless -osint is used.
+ bool allowRemote = (CheckArg("allow-remote") == ARG_FOUND);
+ bool isOsint = (CheckArg("osint", nullptr, CheckArgFlag::None) == ARG_FOUND);
+ if (!allowRemote && !isOsint) {
+ SaveToEnv("MOZ_NO_REMOTE=1");
+ }
// Handle --no-remote and --new-instance command line arguments. Setup
// the environment to better accommodate other components and various
// restart scenarios.
ar = CheckArg("no-remote");
- if (ar == ARG_FOUND || EnvHasValue("MOZ_NO_REMOTE")) {
+ if ((ar == ARG_FOUND) && allowRemote) {
+ PR_fprintf(PR_STDERR,
+ "Error: argument --no-remote is invalid when argument "
+ "--allow-remote is specified\n");
+ return 1;
+ }
+ if (EnvHasValue("MOZ_NO_REMOTE")) {
mDisableRemoteClient = true;
mDisableRemoteServer = true;
- if (!EnvHasValue("MOZ_NO_REMOTE")) {
- SaveToEnv("MOZ_NO_REMOTE=1");
- }
}
ar = CheckArg("new-instance");
1
0

[tor-browser/tor-browser-86.0b1-10.5-1] Bug 18821: Disable libmdns for Android and Desktop
by gk@torproject.org 30 Jan '21
by gk@torproject.org 30 Jan '21
30 Jan '21
commit 7a9c42dff422ea142b66613f06686f7537169aad
Author: Georg Koppen <gk(a)torproject.org>
Date: Wed Apr 20 14:34:50 2016 +0000
Bug 18821: Disable libmdns for Android and Desktop
There should be no need to remove the OS X support introduced in
https://bugzilla.mozilla.org/show_bug.cgi?id=1225726 as enabling this
is governed by a preference (which is actually set to `false`). However,
we remove it at build time as well (defense in depth).
This is basically a backout of the relevant passages of
https://hg.mozilla.org/mozilla-central/rev/6bfb430de85d,
https://hg.mozilla.org/mozilla-central/rev/609b337bf7ab and
https://hg.mozilla.org/mozilla-central/rev/8e092ec5fbbd.
Fixed bug 21861 (Disable additional mDNS code to avoid proxy bypasses)
as well.
---
dom/presentation/provider/components.conf | 10 ----------
dom/presentation/provider/moz.build | 1 -
netwerk/dns/mdns/libmdns/components.conf | 15 ---------------
netwerk/dns/mdns/libmdns/moz.build | 28 ----------------------------
4 files changed, 54 deletions(-)
diff --git a/dom/presentation/provider/components.conf b/dom/presentation/provider/components.conf
index 04cb28ec757e..56994ed7cd94 100644
--- a/dom/presentation/provider/components.conf
+++ b/dom/presentation/provider/components.conf
@@ -6,9 +6,6 @@
categories = {}
-if buildconfig.substs['MOZ_WIDGET_TOOLKIT'] in ('cocoa', 'android'):
- categories["presentation-device-provider"] = "MulticastDNSDeviceProvider"
-
Classes = [
{
'cid': '{f4079b8b-ede5-4b90-a112-5b415a931deb}',
@@ -16,11 +13,4 @@ Classes = [
'jsm': 'resource://gre/modules/PresentationControlService.jsm',
'constructor': 'PresentationControlService',
},
- {
- 'cid': '{814f947a-52f7-41c9-94a1-3684797284ac}',
- 'contract_ids': ['@mozilla.org/presentation-device/multicastdns-provider;1'],
- 'type': 'mozilla::dom::presentation::MulticastDNSDeviceProvider',
- 'headers': ['/dom/presentation/provider/MulticastDNSDeviceProvider.h'],
- 'categories': categories,
- },
]
diff --git a/dom/presentation/provider/moz.build b/dom/presentation/provider/moz.build
index f6c4527d2cdf..9fab92997787 100644
--- a/dom/presentation/provider/moz.build
+++ b/dom/presentation/provider/moz.build
@@ -8,7 +8,6 @@ EXTRA_JS_MODULES += ["PresentationControlService.jsm"]
UNIFIED_SOURCES += [
"DeviceProviderHelpers.cpp",
- "MulticastDNSDeviceProvider.cpp",
]
XPCOM_MANIFESTS += [
diff --git a/netwerk/dns/mdns/libmdns/components.conf b/netwerk/dns/mdns/libmdns/components.conf
index 6e64140c820e..1b50dbf673a4 100644
--- a/netwerk/dns/mdns/libmdns/components.conf
+++ b/netwerk/dns/mdns/libmdns/components.conf
@@ -5,20 +5,5 @@
# file, You can obtain one at http://mozilla.org/MPL/2.0/.
Classes = [
- {
- 'cid': '{14a50f2b-7ff6-48a5-88e3-615fd111f5d3}',
- 'contract_ids': ['@mozilla.org/toolkit/components/mdnsresponder/dns-info;1'],
- 'type': 'mozilla::net::nsDNSServiceInfo',
- 'headers': ['/netwerk/dns/mdns/libmdns/nsDNSServiceInfo.h'],
- },
]
-if buildconfig.substs['MOZ_WIDGET_TOOLKIT'] != 'cocoa':
- Classes += [
- {
- 'cid': '{f9346d98-f27a-4e89-b744-493843416480}',
- 'contract_ids': ['@mozilla.org/toolkit/components/mdnsresponder/dns-sd;1'],
- 'jsm': 'resource://gre/modules/DNSServiceDiscovery.jsm',
- 'constructor': 'nsDNSServiceDiscovery',
- },
- ]
diff --git a/netwerk/dns/mdns/libmdns/moz.build b/netwerk/dns/mdns/libmdns/moz.build
index f9c025fa823e..e6e70a6d803c 100644
--- a/netwerk/dns/mdns/libmdns/moz.build
+++ b/netwerk/dns/mdns/libmdns/moz.build
@@ -4,34 +4,6 @@
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, You can obtain one at http://mozilla.org/MPL/2.0/.
-if CONFIG["MOZ_WIDGET_TOOLKIT"] == "cocoa":
- UNIFIED_SOURCES += [
- "MDNSResponderOperator.cpp",
- "MDNSResponderReply.cpp",
- "nsDNSServiceDiscovery.cpp",
- ]
-
- LOCAL_INCLUDES += [
- "/netwerk/base",
- ]
-
-else:
- EXTRA_JS_MODULES += [
- "DNSServiceDiscovery.jsm",
- "fallback/DataReader.jsm",
- "fallback/DataWriter.jsm",
- "fallback/DNSPacket.jsm",
- "fallback/DNSRecord.jsm",
- "fallback/DNSResourceRecord.jsm",
- "fallback/DNSTypes.jsm",
- "fallback/MulticastDNS.jsm",
- ]
-
- if CONFIG["MOZ_WIDGET_TOOLKIT"] == "android":
- EXTRA_JS_MODULES += [
- "MulticastDNSAndroid.jsm",
- ]
-
UNIFIED_SOURCES += [
"nsDNSServiceInfo.cpp",
]
1
0

[tor-browser/tor-browser-86.0b1-10.5-1] Bug 19273: Avoid JavaScript patching of the external app helper dialog.
by gk@torproject.org 30 Jan '21
by gk@torproject.org 30 Jan '21
30 Jan '21
commit 41662e313c7070378c4d62bc582369735900596a
Author: Kathy Brade <brade(a)pearlcrescent.com>
Date: Tue Jun 28 15:13:05 2016 -0400
Bug 19273: Avoid JavaScript patching of the external app helper dialog.
When handling an external URI or downloading a file, invoke Torbutton's
external app blocker component (which will present a download warning
dialog unless the user has checked the "Automatically download files
from now on" box).
For e10s compatibility, avoid using a modal dialog and instead use
a callback interface (nsIHelperAppWarningLauncher) to allow Torbutton
to indicate the user's desire to cancel or continue each request.
Other bugs fixed:
Bug 21766: Crash with e10s enabled while trying to download a file
Bug 21886: Download is stalled in non-e10s mode
Bug 22471: Downloading files via the PDF viewer download button is broken
Bug 22472: Fix FTP downloads when external helper app dialog is shown
Bug 22610: Avoid crashes when canceling external helper app downloads
Bug 22618: Downloading pdf file via file:/// is stalling
---
.../exthandler/nsExternalHelperAppService.cpp | 172 ++++++++++++++++++---
uriloader/exthandler/nsExternalHelperAppService.h | 3 +
.../exthandler/nsIExternalHelperAppService.idl | 47 ++++++
3 files changed, 204 insertions(+), 18 deletions(-)
diff --git a/uriloader/exthandler/nsExternalHelperAppService.cpp b/uriloader/exthandler/nsExternalHelperAppService.cpp
index 2886fd35748a..2887cb256953 100644
--- a/uriloader/exthandler/nsExternalHelperAppService.cpp
+++ b/uriloader/exthandler/nsExternalHelperAppService.cpp
@@ -133,6 +133,9 @@ static const char NEVER_ASK_FOR_SAVE_TO_DISK_PREF[] =
static const char NEVER_ASK_FOR_OPEN_FILE_PREF[] =
"browser.helperApps.neverAsk.openFile";
+static const char WARNING_DIALOG_CONTRACT_ID[] =
+ "@torproject.org/torbutton-extAppBlocker;1";
+
// Helper functions for Content-Disposition headers
/**
@@ -405,6 +408,22 @@ static nsresult GetDownloadDirectory(nsIFile** _directory,
return NS_OK;
}
+static already_AddRefed<nsIInterfaceRequestor> GetDialogParentAux(
+ BrowsingContext* aBrowsingContext, nsIInterfaceRequestor* aWindowContext) {
+ nsCOMPtr<nsIInterfaceRequestor> dialogParent = aWindowContext;
+
+ if (!dialogParent && aBrowsingContext) {
+ dialogParent = do_QueryInterface(aBrowsingContext->GetDOMWindow());
+ }
+ if (!dialogParent && aBrowsingContext && XRE_IsParentProcess()) {
+ RefPtr<Element> element = aBrowsingContext->Top()->GetEmbedderElement();
+ if (element) {
+ dialogParent = do_QueryInterface(element->OwnerDoc()->GetWindow());
+ }
+ }
+ return dialogParent.forget();
+}
+
/**
* Structure for storing extension->type mappings.
* @see defaultMimeEntries
@@ -629,6 +648,92 @@ static const char* descriptionOverwriteExtensions[] = {
"avif", "pdf", "svg", "webp", "xml",
};
+//////////////////////////////////////////////////////////////////////////////////////////////////////
+// begin nsExternalLoadURIHandler class definition and implementation
+//////////////////////////////////////////////////////////////////////////////////////////////////////
+class nsExternalLoadURIHandler final : public nsIHelperAppWarningLauncher {
+ public:
+ NS_DECL_THREADSAFE_ISUPPORTS
+ NS_DECL_NSIHELPERAPPWARNINGLAUNCHER
+
+ nsExternalLoadURIHandler(nsIHandlerInfo* aHandlerInfo, nsIURI* aURI,
+ nsIPrincipal* aTriggeringPrincipal,
+ BrowsingContext* aBrowsingContext);
+
+ protected:
+ ~nsExternalLoadURIHandler();
+
+ nsCOMPtr<nsIHandlerInfo> mHandlerInfo;
+ nsCOMPtr<nsIURI> mURI;
+ nsCOMPtr<nsIPrincipal> mTriggeringPrincipal;
+ RefPtr<BrowsingContext> mBrowsingContext;
+ nsCOMPtr<nsIHelperAppWarningDialog> mWarningDialog;
+};
+
+NS_IMPL_ADDREF(nsExternalLoadURIHandler)
+NS_IMPL_RELEASE(nsExternalLoadURIHandler)
+
+NS_INTERFACE_MAP_BEGIN(nsExternalLoadURIHandler)
+ NS_INTERFACE_MAP_ENTRY_AMBIGUOUS(nsISupports, nsIHelperAppWarningLauncher)
+ NS_INTERFACE_MAP_ENTRY(nsIHelperAppWarningLauncher)
+NS_INTERFACE_MAP_END
+
+nsExternalLoadURIHandler::nsExternalLoadURIHandler(
+ nsIHandlerInfo* aHandlerInfo, nsIURI* aURI,
+ nsIPrincipal* aTriggeringPrincipal, BrowsingContext* aBrowsingContext)
+ : mHandlerInfo(aHandlerInfo),
+ mURI(aURI),
+ mTriggeringPrincipal(aTriggeringPrincipal),
+ mBrowsingContext(aBrowsingContext)
+
+{
+ nsresult rv = NS_OK;
+ mWarningDialog = do_CreateInstance(WARNING_DIALOG_CONTRACT_ID, &rv);
+ if (NS_SUCCEEDED(rv) && mWarningDialog) {
+ // This will create a reference cycle (the dialog holds a reference to us
+ // as nsIHelperAppWarningLauncher), which will be broken in ContinueRequest
+ // or CancelRequest.
+ nsCOMPtr<nsIInterfaceRequestor> dialogParent =
+ GetDialogParentAux(aBrowsingContext, nullptr);
+ rv = mWarningDialog->MaybeShow(this, dialogParent);
+ }
+
+ if (NS_FAILED(rv)) {
+ // If for some reason we could not open the download warning prompt,
+ // continue with the request.
+ ContinueRequest();
+ }
+}
+
+nsExternalLoadURIHandler::~nsExternalLoadURIHandler() {}
+
+NS_IMETHODIMP nsExternalLoadURIHandler::ContinueRequest() {
+ MOZ_ASSERT(mURI);
+ MOZ_ASSERT(mHandlerInfo);
+
+ // Break our reference cycle with the download warning dialog (set up in
+ // LoadURI).
+ mWarningDialog = nullptr;
+
+ nsresult rv = NS_OK;
+ nsCOMPtr<nsIContentDispatchChooser> chooser =
+ do_CreateInstance("@mozilla.org/content-dispatch-chooser;1", &rv);
+ NS_ENSURE_SUCCESS(rv, rv);
+
+ return chooser->HandleURI(mHandlerInfo, mURI, mTriggeringPrincipal,
+ mBrowsingContext);
+}
+
+NS_IMETHODIMP nsExternalLoadURIHandler::CancelRequest(nsresult aReason) {
+ NS_ENSURE_ARG(NS_FAILED(aReason));
+
+ // Break our reference cycle with the download warning dialog (set up in
+ // LoadURI).
+ mWarningDialog = nullptr;
+
+ return NS_OK;
+}
+
static StaticRefPtr<nsExternalHelperAppService> sExtHelperAppSvcSingleton;
/**
@@ -655,6 +760,9 @@ nsExternalHelperAppService::GetSingleton() {
return do_AddRef(sExtHelperAppSvcSingleton);
}
+//////////////////////////////////////////////////////////////////////////////////////////////////////
+// nsExternalHelperAppService definition and implementation
+//////////////////////////////////////////////////////////////////////////////////////////////////////
NS_IMPL_ISUPPORTS(nsExternalHelperAppService, nsIExternalHelperAppService,
nsPIExternalAppLauncher, nsIExternalProtocolService,
nsIMIMEService, nsIObserver, nsISupportsWeakReference)
@@ -1112,12 +1220,13 @@ nsExternalHelperAppService::LoadURI(nsIURI* aURI,
rv = GetProtocolHandlerInfo(scheme, getter_AddRefs(handler));
NS_ENSURE_SUCCESS(rv, rv);
- nsCOMPtr<nsIContentDispatchChooser> chooser =
- do_CreateInstance("@mozilla.org/content-dispatch-chooser;1", &rv);
- NS_ENSURE_SUCCESS(rv, rv);
+ RefPtr<nsExternalLoadURIHandler> h = new nsExternalLoadURIHandler(
+ handler, uri, aTriggeringPrincipal, aBrowsingContext);
+ if (!h) {
+ return NS_ERROR_OUT_OF_MEMORY;
+ }
- return chooser->HandleURI(handler, uri, aTriggeringPrincipal,
- aBrowsingContext);
+ return NS_OK;
}
//////////////////////////////////////////////////////////////////////////////////////////////////////
@@ -1262,6 +1371,7 @@ NS_INTERFACE_MAP_BEGIN(nsExternalAppHandler)
NS_INTERFACE_MAP_ENTRY(nsIStreamListener)
NS_INTERFACE_MAP_ENTRY(nsIRequestObserver)
NS_INTERFACE_MAP_ENTRY(nsIHelperAppLauncher)
+ NS_INTERFACE_MAP_ENTRY(nsIHelperAppWarningLauncher)
NS_INTERFACE_MAP_ENTRY(nsICancelable)
NS_INTERFACE_MAP_ENTRY(nsIBackgroundFileSaverObserver)
NS_INTERFACE_MAP_ENTRY(nsINamed)
@@ -1659,18 +1769,7 @@ void nsExternalAppHandler::MaybeApplyDecodingForExtension(
already_AddRefed<nsIInterfaceRequestor>
nsExternalAppHandler::GetDialogParent() {
- nsCOMPtr<nsIInterfaceRequestor> dialogParent = mWindowContext;
-
- if (!dialogParent && mBrowsingContext) {
- dialogParent = do_QueryInterface(mBrowsingContext->GetDOMWindow());
- }
- if (!dialogParent && mBrowsingContext && XRE_IsParentProcess()) {
- RefPtr<Element> element = mBrowsingContext->Top()->GetEmbedderElement();
- if (element) {
- dialogParent = do_QueryInterface(element->OwnerDoc()->GetWindow());
- }
- }
- return dialogParent.forget();
+ return GetDialogParentAux(mBrowsingContext, mWindowContext);
}
NS_IMETHODIMP nsExternalAppHandler::OnStartRequest(nsIRequest* request) {
@@ -1798,6 +1897,34 @@ NS_IMETHODIMP nsExternalAppHandler::OnStartRequest(nsIRequest* request) {
loadInfo->SetForceAllowDataURI(true);
}
+ mWarningDialog = do_CreateInstance(WARNING_DIALOG_CONTRACT_ID, &rv);
+ if (NS_SUCCEEDED(rv) && mWarningDialog) {
+ // This will create a reference cycle (the dialog holds a reference to us
+ // as nsIHelperAppWarningLauncher), which will be broken in ContinueRequest
+ // or CancelRequest.
+ nsCOMPtr<nsIInterfaceRequestor> dialogParent = GetDialogParent();
+ rv = mWarningDialog->MaybeShow(this, dialogParent);
+ }
+
+ if (NS_FAILED(rv)) {
+ // If for some reason we could not open the download warning prompt,
+ // continue with the request.
+ ContinueRequest();
+ }
+
+ return NS_OK;
+}
+
+NS_IMETHODIMP nsExternalAppHandler::ContinueRequest() {
+ nsAutoCString MIMEType;
+ if (mMimeInfo) {
+ mMimeInfo->GetMIMEType(MIMEType);
+ }
+
+ // Break our reference cycle with the download warning dialog (set up in
+ // OnStartRequest).
+ mWarningDialog = nullptr;
+
// now that the temp file is set up, find out if we need to invoke a dialog
// asking the user what they want us to do with this content...
@@ -1881,6 +2008,7 @@ NS_IMETHODIMP nsExternalAppHandler::OnStartRequest(nsIRequest* request) {
action = nsIMIMEInfo::saveToDisk;
}
+ nsresult rv = NS_OK;
if (alwaysAsk) {
// Display the dialog
mDialog = do_CreateInstance(NS_HELPERAPPLAUNCHERDLG_CONTRACTID, &rv);
@@ -1937,6 +2065,14 @@ NS_IMETHODIMP nsExternalAppHandler::OnStartRequest(nsIRequest* request) {
return NS_OK;
}
+NS_IMETHODIMP nsExternalAppHandler::CancelRequest(nsresult aReason) {
+ // Break our reference cycle with the download warning dialog (set up in
+ // OnStartRequest).
+ mWarningDialog = nullptr;
+
+ return Cancel(aReason);
+}
+
// Convert error info into proper message text and send OnStatusChange
// notification to the dialog progress listener or nsITransfer implementation.
void nsExternalAppHandler::SendStatusChange(ErrorType type, nsresult rv,
@@ -2608,7 +2744,7 @@ NS_IMETHODIMP nsExternalAppHandler::Cancel(nsresult aReason) {
}
// Break our reference cycle with the helper app dialog (set up in
- // OnStartRequest)
+ // ContinueRequest)
mDialog = nullptr;
mRequest = nullptr;
diff --git a/uriloader/exthandler/nsExternalHelperAppService.h b/uriloader/exthandler/nsExternalHelperAppService.h
index 8c87587e9ee7..9f149a560ab7 100644
--- a/uriloader/exthandler/nsExternalHelperAppService.h
+++ b/uriloader/exthandler/nsExternalHelperAppService.h
@@ -218,6 +218,7 @@ class nsExternalHelperAppService : public nsIExternalHelperAppService,
*/
class nsExternalAppHandler final : public nsIStreamListener,
public nsIHelperAppLauncher,
+ public nsIHelperAppWarningLauncher,
public nsIBackgroundFileSaverObserver,
public nsINamed {
public:
@@ -225,6 +226,7 @@ class nsExternalAppHandler final : public nsIStreamListener,
NS_DECL_NSISTREAMLISTENER
NS_DECL_NSIREQUESTOBSERVER
NS_DECL_NSIHELPERAPPLAUNCHER
+ NS_DECL_NSIHELPERAPPWARNINGLAUNCHER
NS_DECL_NSICANCELABLE
NS_DECL_NSIBACKGROUNDFILESAVEROBSERVER
NS_DECL_NSINAMED
@@ -496,6 +498,7 @@ class nsExternalAppHandler final : public nsIStreamListener,
nsCOMPtr<nsITransfer> mTransfer;
nsCOMPtr<nsIHelperAppLauncherDialog> mDialog;
+ nsCOMPtr<nsIHelperAppWarningDialog> mWarningDialog;
/**
diff --git a/uriloader/exthandler/nsIExternalHelperAppService.idl b/uriloader/exthandler/nsIExternalHelperAppService.idl
index 657e15bc0742..ebdb1cdacf78 100644
--- a/uriloader/exthandler/nsIExternalHelperAppService.idl
+++ b/uriloader/exthandler/nsIExternalHelperAppService.idl
@@ -177,3 +177,50 @@ interface nsIHelperAppLauncher : nsICancelable
*/
readonly attribute uint64_t browsingContextId;
};
+
+/**
+ * nsIHelperAppWarningLauncher is implemented by two classes:
+ * nsExternalLoadURIHandler
+ * nsExternalAppHandler
+ */
+[scriptable, uuid(cffd508b-4aaf-43ad-99c6-671d35cbc558)]
+interface nsIHelperAppWarningLauncher : nsISupports
+{
+ /**
+ * Callback invoked by the external app warning dialog to continue the
+ * request.
+ * NOTE: This will release the reference to the nsIHelperAppWarningDialog.
+ */
+ void continueRequest();
+
+ /**
+ * Callback invoked by the external app warning dialog to cancel the request.
+ * NOTE: This will release the reference to the nsIHelperAppWarningDialog.
+ *
+ * @param aReason
+ * Pass a failure code to indicate the reason why this operation is
+ * being canceled. It is an error to pass a success code.
+ */
+ void cancelRequest(in nsresult aReason);
+};
+
+/**
+ * nsIHelperAppWarningDialog is implemented by Torbutton's external app
+ * blocker (src/components/external-app-blocker.js).
+ */
+[scriptable, uuid(f4899a3f-0df3-42cc-9db8-bdf599e5a208)]
+interface nsIHelperAppWarningDialog : nsISupports
+{
+ /**
+ * Possibly show a launch warning dialog (it will not be shown if the user
+ * has chosen to not see the warning again).
+ *
+ * @param aLauncher
+ * A nsIHelperAppWarningLauncher to be invoked after the user confirms
+ * or cancels the download.
+ * @param aWindowContext
+ * The window associated with the download.
+ */
+ void maybeShow(in nsIHelperAppWarningLauncher aLauncher,
+ in nsISupports aWindowContext);
+};
1
0