February 2022 - tor-commits - lists.torproject.org

[translation/communitytpo-contentspot] new translations in communitytpo-contentspot
by translation＠torproject.org 01 Feb '22

01 Feb '22

commit ea9f0534d69d5f5f61fd066e6ba737a7297e7c24 Author: Translation commit bot <translation(a)torproject.org> Date: Tue Feb 1 15:15:09 2022 +0000 new translations in communitytpo-contentspot --- contents+zh-TW.po | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/contents+zh-TW.po b/contents+zh-TW.po index 5b88df680f..293d415d74 100644 --- a/contents+zh-TW.po +++ b/contents+zh-TW.po @@ -3127,7 +3127,7 @@ msgid "" "Security trainings can help people communicate and use the internet safely, " "but there are additional considerations to be made before training some at-" "risk groups." -msgstr "" +msgstr "安全教育可以教導人們如何安全的透過網路來溝通，但是對於身處於風險中的人來說，仍有些額外需要考慮的注意事項，" #: https//community.torproject.org/training/best-practices/ #: (content/training/best-practices/contents+en.lrpage.body)

1 0

[translation/tor-and-https_completed] new translations in tor-and-https_completed
by translation＠torproject.org 01 Feb '22

01 Feb '22

commit 066acc1c0bab7d8bcf6ea6aa6056a8977083a85b Author: Translation commit bot <translation(a)torproject.org> Date: Tue Feb 1 14:25:48 2022 +0000 new translations in tor-and-https_completed --- km.po | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/km.po b/km.po index b9ace5adaf..ff9c61332e 100644 --- a/km.po +++ b/km.po @@ -6,7 +6,7 @@ msgstr "" "Project-Id-Version: Tor Project\n" "POT-Creation-Date: 2014-07-17 14:23+0000\n" "PO-Revision-Date: 2019-06-06 07:53+0000\n" -"Last-Translator: Cantaloupe\n" +"Last-Translator: b490494caa0236b9908792b2f9977c3e_14d9832\n" "Language-Team: Khmer (http://www.transifex.com/otf/torproject/language/km/)\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n"

1 0

[translation/tor-and-https_completed] new translations in tor-and-https_completed
by translation＠torproject.org 01 Feb '22

01 Feb '22

commit 04745076bbd37d653ec31082312d6d449e622138 Author: Translation commit bot <translation(a)torproject.org> Date: Tue Feb 1 14:15:19 2022 +0000 new translations in tor-and-https_completed --- km.po | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/km.po b/km.po index 84277b26c5..b9ace5adaf 100644 --- a/km.po +++ b/km.po @@ -6,7 +6,7 @@ msgstr "" "Project-Id-Version: Tor Project\n" "POT-Creation-Date: 2014-07-17 14:23+0000\n" "PO-Revision-Date: 2019-06-06 07:53+0000\n" -"Last-Translator: Kanika\n" +"Last-Translator: Cantaloupe\n" "Language-Team: Khmer (http://www.transifex.com/otf/torproject/language/km/)\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n"

1 0

[translation/communitytpo-contentspot] new translations in communitytpo-contentspot
by translation＠torproject.org 01 Feb '22

01 Feb '22

commit 05b57286ab1c5f8bae68a2acdd1c01c42a355864 Author: Translation commit bot <translation(a)torproject.org> Date: Tue Feb 1 13:45:12 2022 +0000 new translations in communitytpo-contentspot --- contents+ru.po | 27 ++++++++++++--------------- 1 file changed, 12 insertions(+), 15 deletions(-) diff --git a/contents+ru.po b/contents+ru.po index c0d80fc6e4..f3b1d08820 100644 --- a/contents+ru.po +++ b/contents+ru.po @@ -504,8 +504,8 @@ msgid "" "Good preparation is essential to an effective and safe training, so we've " "curated some resources to help you make the most of your training event." msgstr "" -"Хорошая подготовка очень важна для эффективного и безопасного обучения. Мы " -"подготовили ресурсы, которые помогут получить максимум от вашего тренинга." +"Хорошая подготовка необходима для эффективного и безопасного обучения. Мы " +"подготовили материалы, которые помогут выжать максимум из вашего тренинга." #: (dynamic) https//community.torproject.org/training/checklist/ #: (content/training/checklist/contents+en.lrpage.title) @@ -518,8 +518,7 @@ msgid "" "Based on our best practices, we have a checklist to help you prepare to " "conduct your training." msgstr "" -"Основываясь на наших лучших практиках, у нас есть чек-лист, который поможет " -"вам подготовиться к проведению обучения." +"На основе собственного опыта мы составили чеклист для подготовки к тренингу." #: (dynamic) https//community.torproject.org/training/resources/ #: (content/training/resources/contents+en.lrpage.title) @@ -532,7 +531,7 @@ msgstr "Материалы для тренингов" #: (content/training/resources/contents+en.lrpage.subtitle) msgid "" "Do you teach your community about using Tor? These resources are for you." -msgstr "Вы обучаете свое сообщество использованию Tor? Эти ресурсы для вас." +msgstr "Учите других пользоваться Tor? У нас есть для вас материалы." #: (dynamic) https//community.torproject.org/training/code-of-conduct/ #: (content/training/code-of-conduct/contents+en.lrpage.title) @@ -542,7 +541,7 @@ msgstr "Условия работы тренеров" #: (dynamic) https//community.torproject.org/training/code-of-conduct/ #: (content/training/code-of-conduct/contents+en.lrpage.subtitle) msgid "Foster a safe, engaging environment." -msgstr "Создайте безопасную, привлекательную среду." +msgstr "Создайте безопасную, мотивирующую обстановку." #: (dynamic) https//community.torproject.org/training/faq/ #: (content/training/faq/contents+en.lrpage.title) @@ -555,8 +554,8 @@ msgid "" "People who are new to the Tor project, quite often, ask similar questions, " "and we can help you prepare for these questions." msgstr "" -"Люди, которые являются новичками в проекте Tor, довольно часто задают " -"типовые вопросы, и мы можем помочь вам подготовиться к ним." +"Новички, которые только знакомятся с Tor, часто задают однотипные вопросы. " +"Мы подобрали к ним ответы." #: (dynamic) https//community.torproject.org/training/risks/ #: (content/training/risks/contents+en.lrpage.title) @@ -568,8 +567,7 @@ msgstr "Риски" msgid "" "Things you should be aware of before running a digital security training." msgstr "" -"Вещи, о которых вы должны знать, прежде чем проводить тренинг по цифровой " -"безопасности." +"О чём следует знать перед проведением тренинга по цифровой безопасности." #: (dynamic) msgid "Join the Community" @@ -618,8 +616,8 @@ msgid "" "tools can be risky if not done with care." msgstr "" "Для некоторых пользователей с серьезными моделями угроз обучение Tor и " -"другим инструментам обеспечения конфиденциальности может быть рискованным, " -"если не соблюдать осторожность." +"другим инструментам защиты приватности может быть рискованным, если не " +"соблюдать осторожность." #: https//community.torproject.org/training/ #: (content/training/contents+en.lrpage.body) @@ -629,9 +627,8 @@ msgid "" "community-team) for more help." msgstr "" "Если это относится к вашему сообществу, или если вы не уверены, пожалуйста, " -"[свяжитесь с нашей командой сообщества](https://lists.torproject.org/cgi-" -"bin/mailman/listinfo/tor-community-team) для получения дополнительной " -"помощи." +"[свяжитесь с нами](https://lists.torproject.org/cgi-" +"bin/mailman/listinfo/tor-community-team), постараемся помочь." #: (dynamic) msgid "Become a Tester"

1 0

[translation/communitytpo-contentspot] Merge branch 'communitytpo-contentspot' of git-rw.torproject.org:translation into communitytpo-contentspot
by translation＠torproject.org 01 Feb '22

01 Feb '22

commit c8063a690a8a8b311a2f1be018977e6598552e63 Merge: 05b57286ab e8d1085b70 Author: Translation commit bot <translation(a)torproject.org> Date: Tue Feb 1 13:54:00 2022 +0000 Merge branch 'communitytpo-contentspot' of git-rw.torproject.org:translation into communitytpo-contentspot .gitlab-ci.yml | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-)

1 0

[tor-browser/tor-browser-91.5.0esr-11.5-2] Bug 40562: Added Tor-related preferences to 000-tor-browser.js
by richard＠torproject.org 01 Feb '22

01 Feb '22

commit ee499f37fd2921e70cf227a72c411ba125de872d Author: Pier Angelo Vendrame <pierov(a)torproject.org> Date: Tue Jan 18 19:18:48 2022 +0100 Bug 40562: Added Tor-related preferences to 000-tor-browser.js Before reordering patches, we used to keep the Tor-related patches (torbutton and tor-launcher) at the beginning. After that issue, we decided to move them towards the end, however we kept TB4: Tor Browser's Firefox preference overrides at the beginning because it influcences many other features. As a result, to keep bisect working, we split that commit, and moved all the preferences related to Tor (such as network.proxy.*) here. --- browser/app/profile/000-tor-browser.js | 69 ++++++++++++++++++++++++++++++++++ 1 file changed, 69 insertions(+) diff --git a/browser/app/profile/000-tor-browser.js b/browser/app/profile/000-tor-browser.js index 10e1d0730bbb..aac1da85e24e 100644 --- a/browser/app/profile/000-tor-browser.js +++ b/browser/app/profile/000-tor-browser.js @@ -211,6 +211,17 @@ pref("network.predictor.enabled", false); // Temporarily disabled. See https://b // Bug 40177: Make sure tracker cookie purging is disabled pref("privacy.purge_trackers.enabled", false); +// Proxy and proxy security +pref("network.proxy.socks", "127.0.0.1"); +pref("network.proxy.socks_port", 9150); +pref("network.proxy.socks_remote_dns", true); +pref("network.proxy.no_proxies_on", ""); // For fingerprinting and local service vulns (#10419) +pref("network.proxy.allow_hijacking_localhost", true); // Allow proxies for localhost (#31065) +pref("network.proxy.type", 1); +// Bug 40548: Disable proxy-bypass +pref("network.proxy.failover_direct", false); +pref("network.security.ports.banned", "9050,9051,9150,9151"); +pref("network.dns.disabled", true); // This should cover the #5741 patch for DNS leaks pref("network.dns.disablePrefetch", true); pref("network.protocol-handler.external-default", false); pref("network.protocol-handler.external.mailto", false); @@ -373,6 +384,64 @@ pref("dom.audiochannel.mediaControl", false); #expand pref("torbrowser.version", __TOR_BROWSER_VERSION_QUOTED__); +// Old torbutton prefs + +// debug prefs +pref("extensions.torbutton.loglevel",4); +pref("extensions.torbutton.logmethod",1); // 0=stdout, 1=errorconsole, 2=debuglog + +// Display prefs +pref("extensions.torbutton.display_circuit", true); +pref("extensions.torbutton(a)torproject.org.description", "chrome://torbutton/locale/torbutton.properties"); +pref("extensions.torbutton.updateNeeded", false); + +// Tor check and proxy prefs +pref("extensions.torbutton.test_enabled",true); +pref("extensions.torbutton.test_url","https://check.torproject.org/?TorButton=true"); +pref("extensions.torbutton.local_tor_check",true); +pref("extensions.torbutton.versioncheck_url","https://www.torproject.org/projects/torbrowser/RecommendedTBBVersions"); +pref("extensions.torbutton.versioncheck_enabled",true); +pref("extensions.torbutton.use_nontor_proxy",false); + +// State prefs: +pref("extensions.torbutton.startup",false); +pref("extensions.torbutton.inserted_button",false); +pref("extensions.torbutton.inserted_security_level",false); + +// This is only used when letterboxing is disabled. +// See #7255 for details. We display the warning three times to make sure the +// user did not click on it by accident. +pref("extensions.torbutton.maximize_warnings_remaining", 3); + +// Security prefs: +pref("extensions.torbutton.clear_http_auth",true); +pref("extensions.torbutton.close_newnym",true); +pref("extensions.torbutton.resize_new_windows",false); +pref("extensions.torbutton.startup_state", 2); // 0=non-tor, 1=tor, 2=last +pref("extensions.torbutton.tor_memory_jar",false); +pref("extensions.torbutton.nontor_memory_jar",false); +pref("extensions.torbutton.launch_warning",true); + +// Opt out of Firefox addon pings: +// https://developer.mozilla.org/en/Addons/Working_with_AMO +pref("extensions.torbutton(a)torproject.org.getAddons.cache.enabled", false); + +// Security Slider +pref("extensions.torbutton.security_slider", 4); +pref("extensions.torbutton.security_custom", false); + +pref("extensions.torbutton.confirm_plugins", true); +pref("extensions.torbutton.confirm_newnym", true); + +pref("extensions.torbutton.noscript_inited", false); +pref("extensions.torbutton.noscript_persist", false); + +// Browser home page: +pref("browser.startup.homepage", "about:tor"); + +// This pref specifies an ad-hoc "version" for various pref update hacks we need to do +pref("extensions.torbutton.pref_fixup_version", 0); + // If we are bundling fonts, whitelist those bundled fonts, and restrict system fonts to a selection. #ifdef MOZ_BUNDLED_FONTS

1 0

[tor-browser/tor-browser-91.5.0esr-11.5-2] TB3: Tor Browser's official .mozconfigs.
by richard＠torproject.org 01 Feb '22

01 Feb '22

commit 6070549977dabcba852c2b54aa4838ded1f5c58f Author: Mike Perry <mikeperry-git(a)torproject.org> Date: Mon May 6 15:51:06 2013 -0700 TB3: Tor Browser's official .mozconfigs. Also: Bug #9829.1: new .mozconfig file for the new cross-compiler and ESR24 Changes needed to build Mac in 64bit Bug 10715: Enable Webgl for mingw-w64 again. Disable ICU when cross-compiling; clean-up. Bug 15773: Enable ICU on OS X Bug 15990: Don't build the sandbox with mingw-w64 Bug 12761: Switch to ESR 38 for OS X Updating .mozconfig-asan Bug 12516: Compile hardenend Tor Browser with -fwrapv Bug 18331: Switch to Mozilla's toolchain for building Tor Browser for OS X Bug 17858: Cannot create incremental MARs for hardened builds. Define HOST_CFLAGS, etc. to avoid compiling programs such as mbsdiff (which is part of mar-tools and is not distributed to end-users) with ASan. Bug 13419: Add back ICU for Windows Bug 21239: Use GTK2 for ESR52 Linux builds Bug 23025: Add hardening flags for macOS Bug 24478: Enable debug assertions and tests in our ASan builds --enable-proxy-bypass-protection Bug 27597: ASan build option in tor-browser-build is broken Bug 27623 - Export MOZILLA_OFFICIAL during desktop builds This fixes a problem where some preferences had the wrong default value. Also see bug 27472 where we made a similar fix for Android. Bug 30463: Explicitly disable MOZ_TELEMETRY_REPORTING Bug 31450: Set proper BINDGEN_CFLAGS for ASan builds Add an --enable-tor-browser-data-outside-app-dir configure option Add --with-tor-browser-version configure option Bug 21849: Don't allow SSL key logging. Bug 31457: disable per-installation profiles The dedicated profiles (per-installation) feature does not interact well with our bundled profiles on Linux and Windows, and it also causes multiple profiles to be created on macOS under TorBrowser-Data. Bug 31935: Disable profile downgrade protection. Since Tor Browser does not support more than one profile, disable the prompt and associated code that offers to create one when a version downgrade situation is detected. Bug 32493: Disable MOZ_SERVICES_HEALTHREPORT Bug 25741 - TBA: Disable features at compile-time MOZ_NATIVE_DEVICES for casting and the media player MOZ_TELEMETRY_REPORTING for telemetry MOZ_DATA_REPORTING for all data reporting preferences (crashreport, telemetry, geo) Bug 25741 - TBA: Add default configure options in dedicated file Define MOZ_ANDROID_NETWORK_STATE and MOZ_ANDROID_LOCATION Bug 29859: Disable HLS support for now Add --disable-tor-launcher build option Add --enable-tor-browser-update build option Bug 33734: Set MOZ_NORMANDY to False Bug 33851: Omit Parental Controls. Bug 40061: Omit the Windows default browser agent from the build Bug 40107: Adapt .mozconfig-asan for ESR 78 Bug 40252: Add --enable-rust-simd to our tor-browser mozconfig files --- .mozconfig | 39 +++++++++++++++++++++++ .mozconfig-android | 36 ++++++++++++++++++++++ .mozconfig-asan | 45 +++++++++++++++++++++++++++ .mozconfig-mac | 56 ++++++++++++++++++++++++++++++++++ .mozconfig-mingw | 31 +++++++++++++++++++ browser/app/profile/000-tor-browser.js | 2 ++ browser/base/moz.build | 3 ++ browser/installer/Makefile.in | 8 +++++ browser/moz.configure | 8 ++--- build/moz.configure/old.configure | 5 +++ mobile/android/confvars.sh | 9 ++++++ mobile/android/geckoview/build.gradle | 1 + mobile/android/moz.configure | 21 +++++++++++-- mobile/android/torbrowser.configure | 30 ++++++++++++++++++ old-configure.in | 49 +++++++++++++++++++++++++++++ security/moz.build | 2 +- security/nss/lib/ssl/Makefile | 2 +- toolkit/modules/AppConstants.jsm | 15 +++++++++ toolkit/modules/moz.build | 3 ++ 19 files changed, 357 insertions(+), 8 deletions(-) diff --git a/.mozconfig b/.mozconfig new file mode 100755 index 000000000000..18cd1f9b6487 --- /dev/null +++ b/.mozconfig @@ -0,0 +1,39 @@ +. $topsrcdir/browser/config/mozconfig + +# This mozconfig file is not used in official Tor Browser builds. +# It is only intended to be used when doing incremental Linux builds +# during development. The platform-specific mozconfig configuration +# files used in official Tor Browser releases can be found in the +# tor-browser-build repo: +# https://gitweb.torproject.org/builders/tor-browser-build.git/ +# under: +# tor-browser-build/projects/firefox/mozconfig-$OS-$ARCH + +mk_add_options MOZ_OBJDIR=@TOPSRCDIR@/obj-@CONFIG_GUESS@ +mk_add_options MOZ_APP_DISPLAYNAME="Tor Browser" +export MOZILLA_OFFICIAL=1 + +ac_add_options --enable-optimize +ac_add_options --enable-rust-simd +ac_add_options --enable-official-branding + +# Let's support GTK3 for ESR60 +ac_add_options --enable-default-toolkit=cairo-gtk3 + +ac_add_options --disable-strip +ac_add_options --disable-install-strip +ac_add_options --disable-tests +ac_add_options --disable-debug +ac_add_options --disable-crashreporter +ac_add_options --disable-webrtc +ac_add_options --disable-parental-controls +# Let's make sure no preference is enabling either Adobe's or Google's CDM. +ac_add_options --disable-eme +ac_add_options --enable-proxy-bypass-protection + +# Disable telemetry +ac_add_options MOZ_TELEMETRY_REPORTING= + +ac_add_options --disable-tor-launcher +ac_add_options --with-tor-browser-version=dev-build +ac_add_options --disable-tor-browser-update diff --git a/.mozconfig-android b/.mozconfig-android new file mode 100755 index 000000000000..50015ec615ef --- /dev/null +++ b/.mozconfig-android @@ -0,0 +1,36 @@ +mk_add_options MOZ_OBJDIR=@TOPSRCDIR@/obj-arm-linux-androideabi +mk_add_options MOZ_APP_DISPLAYNAME="Tor Browser" +export MOZILLA_OFFICIAL=1 + +ac_add_options --enable-optimize +ac_add_options --enable-rust-simd +ac_add_options --enable-official-branding + +# Android +ac_add_options --enable-application=mobile/android +ac_add_options --target=arm-linux-androideabi +ac_add_options --with-android-ndk="$NDK_BASE" #Enter the android ndk location(ndk r17b) +ac_add_options --with-android-sdk="$SDK_BASE" #Enter the android sdk location +ac_add_options --with-branding=mobile/android/branding/alpha + +# Use Mozilla's Clang blobs +CC="$HOME/.mozbuild/clang/bin/clang" +CXX="$HOME/.mozbuild/clang/bin/clang++" + +#enable ccache to set amount of cache assigned for build. +ac_add_options --with-ccache + +ac_add_options --enable-strip +ac_add_options --disable-tests +ac_add_options --disable-debug +ac_add_options --disable-rust-debug + +ac_add_options --disable-updater +ac_add_options --disable-crashreporter +ac_add_options --disable-webrtc +ac_add_options --disable-parental-controls + +ac_add_options --enable-proxy-bypass-protection + +# Disable telemetry +ac_add_options MOZ_TELEMETRY_REPORTING= diff --git a/.mozconfig-asan b/.mozconfig-asan new file mode 100644 index 000000000000..98ea6ac6f3fe --- /dev/null +++ b/.mozconfig-asan @@ -0,0 +1,45 @@ +. $topsrcdir/browser/config/mozconfig + +export CFLAGS="-fsanitize=address -Dxmalloc=myxmalloc" +export CXXFLAGS="-fsanitize=address -Dxmalloc=myxmalloc" +# We need to add -ldl explicitely due to bug 1213698 +export LDFLAGS="-fsanitize=address -ldl" + +# Define HOST_CFLAGS, etc. to avoid compiling programs such as mbsdiff +# (which is part of mar-tools and is not distributed to end-users) with +# ASan. See bug 17858. +export HOST_CFLAGS="" +export HOST_CXXFLAGS="" +export HOST_LDFLAGS="-ldl" + +mk_add_options MOZ_OBJDIR=@TOPSRCDIR@/obj-@CONFIG_GUESS@ +mk_add_options MOZ_APP_DISPLAYNAME="Tor Browser" +export MOZILLA_OFFICIAL=1 +export BINDGEN_CFLAGS='--gcc-toolchain=/var/tmp/dist/gcc' + +ac_add_options --enable-address-sanitizer +ac_add_options --disable-jemalloc +ac_add_options --disable-elf-hack +ac_add_options --with-clang-path=/var/tmp/dist/clang/bin/clang + +ac_add_options --enable-optimize +ac_add_options --enable-rust-simd +ac_add_options --enable-official-branding + +# Let's support GTK3 for ESR60 +ac_add_options --enable-default-toolkit=cairo-gtk3 + +ac_add_options --enable-tor-browser-update + +ac_add_options --disable-strip +ac_add_options --disable-install-strip +ac_add_options --disable-tests +ac_add_options --disable-debug +ac_add_options --disable-crashreporter +ac_add_options --disable-webrtc +ac_add_options --disable-parental-controls +ac_add_options --disable-eme +ac_add_options --enable-proxy-bypass-protection + +# Disable telemetry +ac_add_options MOZ_TELEMETRY_REPORTING= diff --git a/.mozconfig-mac b/.mozconfig-mac new file mode 100644 index 000000000000..26e2b6b92fdb --- /dev/null +++ b/.mozconfig-mac @@ -0,0 +1,56 @@ +# ld needs libLTO.so from llvm +mk_add_options "export LD_LIBRARY_PATH=$topsrcdir/clang/lib" + +CROSS_CCTOOLS_PATH=$topsrcdir/cctools +CROSS_SYSROOT=$topsrcdir/MacOSX10.7.sdk +CROSS_PRIVATE_FRAMEWORKS=$CROSS_SYSROOT/System/Library/PrivateFrameworks +HARDENING_FLAGS="-Werror=format -Werror=format-security -fstack-protector-strong -D_FORTIFY_SOURCE=2" +FLAGS="-target x86_64-apple-darwin10 -mlinker-version=136 -B $CROSS_CCTOOLS_PATH/bin -isysroot $CROSS_SYSROOT $HARDENING_FLAGS" + +export CC="$topsrcdir/clang/bin/clang $FLAGS" +export CXX="$topsrcdir/clang/bin/clang++ $FLAGS" +export CPP="$topsrcdir/clang/bin/clang $FLAGS -E" +export LLVMCONFIG=$topsrcdir/clang/bin/llvm-config +export LDFLAGS="-Wl,-syslibroot,$CROSS_SYSROOT -Wl,-dead_strip -Wl,-pie" +export TOOLCHAIN_PREFIX=$CROSS_CCTOOLS_PATH/bin/x86_64-apple-darwin10- +#TODO: bug 1184202 - would be nice if these could be detected with TOOLCHAIN_PREFIX automatically +export AR=${TOOLCHAIN_PREFIX}ar +export RANLIB=${TOOLCHAIN_PREFIX}ranlib +export STRIP=${TOOLCHAIN_PREFIX}strip +export OTOOL=${TOOLCHAIN_PREFIX}otool +export DSYMUTIL=$topsrcdir/clang/bin/llvm-dsymutil + +export HOST_CC="$topsrcdir/clang/bin/clang" +export HOST_CXX="$topsrcdir/clang/bin/clang++" +export HOST_CPP="$topsrcdir/clang/bin/clang -E" +export HOST_CFLAGS="-g" +export HOST_CXXFLAGS="-g" +export HOST_LDFLAGS="-g" + +ac_add_options --target=x86_64-apple-darwin +ac_add_options --with-macos-private-frameworks=$CROSS_PRIVATE_FRAMEWORKS + +mk_add_options MOZ_OBJDIR=@TOPSRCDIR@/obj-macos +mk_add_options MOZ_APP_DISPLAYNAME="Tor Browser" +export MOZILLA_OFFICIAL=1 + +ac_add_options --enable-application=browser +ac_add_options --enable-strip +ac_add_options --enable-official-branding +ac_add_options --enable-optimize +ac_add_options --enable-rust-simd +ac_add_options --disable-debug + +ac_add_options --enable-tor-browser-data-outside-app-dir +ac_add_options --enable-tor-browser-update + +ac_add_options --disable-crashreporter +ac_add_options --disable-webrtc +ac_add_options --disable-parental-controls +ac_add_options --disable-tests +# Let's make sure no preference is enabling either Adobe's or Google's CDM. +ac_add_options --disable-eme +ac_add_options --enable-proxy-bypass-protection + +# Disable telemetry +ac_add_options MOZ_TELEMETRY_REPORTING= diff --git a/.mozconfig-mingw b/.mozconfig-mingw new file mode 100644 index 000000000000..3ec6ff18a3e9 --- /dev/null +++ b/.mozconfig-mingw @@ -0,0 +1,31 @@ +CROSS_COMPILE=1 + +ac_add_options --enable-application=browser +ac_add_options --target=i686-w64-mingw32 +ac_add_options --with-toolchain-prefix=i686-w64-mingw32- +ac_add_options --enable-default-toolkit=cairo-windows +mk_add_options MOZ_OBJDIR=@TOPSRCDIR@/obj-mingw +mk_add_options MOZ_APP_DISPLAYNAME="Tor Browser" +export MOZILLA_OFFICIAL=1 + +ac_add_options --disable-debug +ac_add_options --enable-optimize +ac_add_options --enable-rust-simd +ac_add_options --enable-strip +ac_add_options --enable-official-branding + +ac_add_options --enable-tor-browser-update +ac_add_options --disable-bits-download + +# Let's make sure no preference is enabling either Adobe's or Google's CDM. +ac_add_options --disable-eme +ac_add_options --disable-crashreporter +ac_add_options --disable-maintenance-service +ac_add_options --disable-webrtc +ac_add_options --disable-parental-controls +ac_add_options --disable-tests +ac_add_options --enable-proxy-bypass-protection + +# Disable telemetry +ac_add_options MOZ_TELEMETRY_REPORTING= +ac_add_options --disable-default-browser-agent diff --git a/browser/app/profile/000-tor-browser.js b/browser/app/profile/000-tor-browser.js index a0520be072f2..10e1d0730bbb 100644 --- a/browser/app/profile/000-tor-browser.js +++ b/browser/app/profile/000-tor-browser.js @@ -371,6 +371,8 @@ pref("dom.presentation.receiver.enabled", false); pref("dom.audiochannel.audioCompeting", false); pref("dom.audiochannel.mediaControl", false); +#expand pref("torbrowser.version", __TOR_BROWSER_VERSION_QUOTED__); + // If we are bundling fonts, whitelist those bundled fonts, and restrict system fonts to a selection. #ifdef MOZ_BUNDLED_FONTS diff --git a/browser/base/moz.build b/browser/base/moz.build index 4058d6d86fea..ee3bc8028b9e 100644 --- a/browser/base/moz.build +++ b/browser/base/moz.build @@ -81,6 +81,9 @@ if CONFIG["MOZ_WIDGET_TOOLKIT"] in ("windows", "gtk", "cocoa"): if CONFIG["MOZ_WIDGET_TOOLKIT"] in ("windows", "gtk"): DEFINES["MENUBAR_CAN_AUTOHIDE"] = 1 +if CONFIG["TOR_BROWSER_UPDATE"]: + DEFINES["TOR_BROWSER_UPDATE"] = 1 + JAR_MANIFESTS += ["jar.mn"] GeneratedFile( diff --git a/browser/installer/Makefile.in b/browser/installer/Makefile.in index f98964d8a9eb..d55b373ff488 100644 --- a/browser/installer/Makefile.in +++ b/browser/installer/Makefile.in @@ -82,6 +82,14 @@ endif endif endif +ifdef TOR_BROWSER_DISABLE_TOR_LAUNCHER +DEFINES += -DTOR_BROWSER_DISABLE_TOR_LAUNCHER +endif + +ifdef TOR_BROWSER_UPDATE +DEFINES += -DTOR_BROWSER_UPDATE +endif + ifneq (,$(filter WINNT Darwin Android,$(OS_TARGET))) DEFINES += -DMOZ_SHARED_MOZGLUE=1 endif diff --git a/browser/moz.configure b/browser/moz.configure index 8653bcbb165d..5a0b722b915e 100644 --- a/browser/moz.configure +++ b/browser/moz.configure @@ -5,11 +5,11 @@ # file, You can obtain one at http://mozilla.org/MPL/2.0/. imply_option("MOZ_PLACES", True) -imply_option("MOZ_SERVICES_HEALTHREPORT", True) +imply_option("MOZ_SERVICES_HEALTHREPORT", False) imply_option("MOZ_SERVICES_SYNC", True) -imply_option("MOZ_DEDICATED_PROFILES", True) -imply_option("MOZ_BLOCK_PROFILE_DOWNGRADE", True) -imply_option("MOZ_NORMANDY", True) +imply_option("MOZ_DEDICATED_PROFILES", False) +imply_option("MOZ_BLOCK_PROFILE_DOWNGRADE", False) +imply_option("MOZ_NORMANDY", False) with only_when(target_is_linux & compile_environment): option(env="MOZ_NO_PIE_COMPAT", help="Enable non-PIE wrapper") diff --git a/build/moz.configure/old.configure b/build/moz.configure/old.configure index 35ab75df3a14..95f4200d0973 100644 --- a/build/moz.configure/old.configure +++ b/build/moz.configure/old.configure @@ -119,6 +119,11 @@ def old_configure_options(*options): "--with-user-appdir", "--x-includes", "--x-libraries", + # Tor additions. + "--with-tor-browser-version", + "--enable-tor-browser-update", + "--enable-tor-browser-data-outside-app-dir", + "--enable-tor-launcher", ) def prepare_configure_options(host, target, all_options, *options): # old-configure only supports the options listed in @old_configure_options diff --git a/mobile/android/confvars.sh b/mobile/android/confvars.sh index 70e13c85b258..b2670451ed91 100644 --- a/mobile/android/confvars.sh +++ b/mobile/android/confvars.sh @@ -29,6 +29,15 @@ MOZ_ANDROID_BROWSER_INTENT_CLASS=org.mozilla.gecko.BrowserApp MOZ_NO_SMART_CARDS=1 +# Adds MIME-type support for raw video MOZ_RAW=1 MOZ_APP_ID={aa3c5121-dab2-40e2-81ca-7ea25febc110} + +### Tor Browser for Android ### + +# Disable telemetry at compile-time +unset MOZ_TELEMETRY_REPORTING + +# Disable data reporting at compile-time +unset MOZ_DATA_REPORTING diff --git a/mobile/android/geckoview/build.gradle b/mobile/android/geckoview/build.gradle index f60ea1730d5c..bdee206175db 100644 --- a/mobile/android/geckoview/build.gradle +++ b/mobile/android/geckoview/build.gradle @@ -93,6 +93,7 @@ android { buildConfigField 'String', "MOZ_APP_DISPLAYNAME", "\"${mozconfig.substs.MOZ_APP_DISPLAYNAME}\""; buildConfigField 'String', "MOZ_APP_UA_NAME", "\"${mozconfig.substs.MOZ_APP_UA_NAME}\""; buildConfigField 'String', "MOZ_UPDATE_CHANNEL", "\"${mozconfig.substs.MOZ_UPDATE_CHANNEL}\""; + buildConfigField 'String', "TOR_BROWSER_VERSION", "\"${mozconfig.substs.TOR_BROWSER_VERSION}\""; // MOZILLA_VERSION is oddly quoted from autoconf, but we don't have to handle it specially in Gradle. buildConfigField 'String', "MOZILLA_VERSION", "\"${mozconfig.substs.MOZILLA_VERSION}\""; diff --git a/mobile/android/moz.configure b/mobile/android/moz.configure index 106f6c816814..96a014bb28e8 100644 --- a/mobile/android/moz.configure +++ b/mobile/android/moz.configure @@ -13,7 +13,7 @@ project_flag( project_flag( "MOZ_ANDROID_HLS_SUPPORT", help="Enable HLS (HTTP Live Streaming) support (currently using the ExoPlayer library)", - default=True, + default=False, ) option( @@ -51,7 +51,10 @@ set_config( ) imply_option("MOZ_NORMANDY", False) -imply_option("MOZ_SERVICES_HEALTHREPORT", True) +# Comment this so we can imply |False| in torbrowser.configure +# The Build system doesn't allow multiple imply_option() +# calls with the same key. +# imply_option("MOZ_SERVICES_HEALTHREPORT", True) imply_option("MOZ_ANDROID_HISTORY", True) imply_option("--enable-small-chunk-size", True) @@ -70,6 +73,8 @@ def check_target(target): ) +include("torbrowser.configure") + include("../../toolkit/moz.configure") include("../../build/moz.configure/android-sdk.configure") include("../../build/moz.configure/java.configure") @@ -87,3 +92,15 @@ set_config( "MOZ_ANDROID_FAT_AAR_ARCHITECTURES", depends("MOZ_ANDROID_FAT_AAR_ARCHITECTURES")(lambda x: x), ) + +project_flag( + "MOZ_ANDROID_NETWORK_STATE", + help="Include permission for accessing WiFi/network state on Android", + default=False, +) + +project_flag( + "MOZ_ANDROID_LOCATION", + help="Include permission for accessing fine and course-grain Location on Android", + default=False, +) diff --git a/mobile/android/torbrowser.configure b/mobile/android/torbrowser.configure new file mode 100644 index 000000000000..bcb725cae121 --- /dev/null +++ b/mobile/android/torbrowser.configure @@ -0,0 +1,30 @@ +# -*- Mode: python; indent-tabs-mode: nil; tab-width: 40 -*- +# vim: set filetype=python: +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. + +# Set Tor Browser default config + +imply_option("MOZ_ANDROID_EXCLUDE_FONTS", False) + +# Disable uploading crash reports and dump files to an external server +# This is still configured in old-configure. Uncomment when this moves +# to the python config +# imply_option("MOZ_CRASHREPORTER", False) + +# Disable uploading information about the browser configuration and +# performance to an external server +imply_option("MOZ_SERVICES_HEALTHREPORT", False) + +# Disable creating telemetry and data reports that are uploaded to an +# external server +# These aren't actually configure options. These are disabled in +# confvars.sh, but they look like configure options so we'll document +# them here, as well. +# XXX: no confvars.sh here +# imply_option("MOZ_TELEMETRY_REPORTING", False) +# imply_option("MOZ_DATA_REPORTING", False) + +imply_option("MOZ_ANDROID_NETWORK_STATE", False) +imply_option("MOZ_ANDROID_LOCATION", False) diff --git a/old-configure.in b/old-configure.in index bf86baaa5313..10fede751d6a 100644 --- a/old-configure.in +++ b/old-configure.in @@ -1881,6 +1881,55 @@ if test -n "$MOZ_UPDATER"; then AC_DEFINE(MOZ_UPDATER) fi +dnl ======================================================== +dnl Tor additions +dnl ======================================================== +MOZ_ARG_WITH_STRING(tor-browser-version, +[ --with-tor-browser-version=VERSION + Set Tor Browser version, e.g., 7.0a1], + TOR_BROWSER_VERSION="$withval") + +if test -z "$TOR_BROWSER_VERSION"; then + AC_MSG_ERROR([--with-tor-browser-version is required for Tor Browser.]) +fi + +MOZ_ARG_ENABLE_BOOL(tor-browser-update, +[ --enable-tor-browser-update + Enable Tor Browser update], + TOR_BROWSER_UPDATE=1, + TOR_BROWSER_UPDATE= ) + +if test -n "$TOR_BROWSER_UPDATE"; then + AC_DEFINE(TOR_BROWSER_UPDATE) +fi + +MOZ_ARG_ENABLE_BOOL(tor-browser-data-outside-app-dir, +[ --enable-tor-browser-data-outside-app-dir + Enable Tor Browser data outside of app directory], + TOR_BROWSER_DATA_OUTSIDE_APP_DIR=1, + TOR_BROWSER_DATA_OUTSIDE_APP_DIR= ) + +if test -n "$TOR_BROWSER_DATA_OUTSIDE_APP_DIR"; then + AC_DEFINE(TOR_BROWSER_DATA_OUTSIDE_APP_DIR) +fi + +AC_DEFINE_UNQUOTED(TOR_BROWSER_VERSION,$TOR_BROWSER_VERSION) +AC_DEFINE_UNQUOTED(TOR_BROWSER_VERSION_QUOTED,"$TOR_BROWSER_VERSION") +AC_SUBST(TOR_BROWSER_UPDATE) +AC_SUBST(TOR_BROWSER_DATA_OUTSIDE_APP_DIR) + +MOZ_ARG_DISABLE_BOOL(tor-launcher, +[ --disable-tor-launcher + Do not include Tor Launcher], + TOR_BROWSER_DISABLE_TOR_LAUNCHER=1, + TOR_BROWSER_DISABLE_TOR_LAUNCHER=) + +if test -n "$TOR_BROWSER_DISABLE_TOR_LAUNCHER"; then + AC_DEFINE(TOR_BROWSER_DISABLE_TOR_LAUNCHER) +fi + +AC_SUBST(TOR_BROWSER_DISABLE_TOR_LAUNCHER) + dnl ======================================================== dnl parental controls (for Windows Vista) dnl ======================================================== diff --git a/security/moz.build b/security/moz.build index 18e50f9dcc37..8d0427525487 100644 --- a/security/moz.build +++ b/security/moz.build @@ -85,7 +85,7 @@ gyp_vars["nss_dist_obj_dir"] = "$PRODUCT_DIR/dist/bin" gyp_vars["disable_tests"] = 1 gyp_vars["disable_dbm"] = 1 gyp_vars["disable_libpkix"] = 1 -gyp_vars["enable_sslkeylogfile"] = 1 +gyp_vars["enable_sslkeylogfile"] = 0 # pkg-config won't reliably find zlib on our builders, so just force it. # System zlib is only used for modutil and signtool unless # SSL zlib is enabled, which we are disabling immediately below this. diff --git a/security/nss/lib/ssl/Makefile b/security/nss/lib/ssl/Makefile index 8a8b06f4b508..90571bb3e256 100644 --- a/security/nss/lib/ssl/Makefile +++ b/security/nss/lib/ssl/Makefile @@ -41,7 +41,7 @@ endif # Enable key logging by default in debug builds, but not opt builds. # Logging still needs to be enabled at runtime through env vars. -NSS_ALLOW_SSLKEYLOGFILE ?= $(if $(BUILD_OPT),0,1) +NSS_ALLOW_SSLKEYLOGFILE ?= 0 ifeq (1,$(NSS_ALLOW_SSLKEYLOGFILE)) DEFINES += -DNSS_ALLOW_SSLKEYLOGFILE=1 endif diff --git a/toolkit/modules/AppConstants.jsm b/toolkit/modules/AppConstants.jsm index 9b3acf6ecc30..ea10dc97535d 100644 --- a/toolkit/modules/AppConstants.jsm +++ b/toolkit/modules/AppConstants.jsm @@ -354,6 +354,14 @@ this.AppConstants = Object.freeze({ MOZ_WIDGET_TOOLKIT: "@MOZ_WIDGET_TOOLKIT@", ANDROID_PACKAGE_NAME: "@ANDROID_PACKAGE_NAME@", + TOR_BROWSER_VERSION: "@TOR_BROWSER_VERSION@", + TOR_BROWSER_DATA_OUTSIDE_APP_DIR: +#ifdef TOR_BROWSER_DATA_OUTSIDE_APP_DIR + true, +#else + false, +#endif + DEBUG_JS_MODULES: "@DEBUG_JS_MODULES@", MOZ_BING_API_CLIENTID: "@MOZ_BING_API_CLIENTID@", @@ -431,4 +439,11 @@ this.AppConstants = Object.freeze({ #else false, #endif + + TOR_BROWSER_UPDATE: +#ifdef TOR_BROWSER_UPDATE + true, +#else + false, +#endif }); diff --git a/toolkit/modules/moz.build b/toolkit/modules/moz.build index 3fb050b5d18b..9d349d9f3394 100644 --- a/toolkit/modules/moz.build +++ b/toolkit/modules/moz.build @@ -302,6 +302,9 @@ for var in ( if CONFIG[var]: DEFINES[var] = True +if CONFIG["TOR_BROWSER_UPDATE"]: + DEFINES["TOR_BROWSER_UPDATE"] = 1 + JAR_MANIFESTS += ["jar.mn"] DEFINES["TOPOBJDIR"] = TOPOBJDIR

1 0

[tor-browser/tor-browser-91.5.0esr-11.5-2] Bug 40597: Implement TorSettings module
by richard＠torproject.org 01 Feb '22

01 Feb '22

commit 59704b9eda625349d7bc85e68d5e118a48d0a7f5 Author: Richard Pospesel <richard(a)torproject.org> Date: Fri Aug 6 16:39:03 2021 +0200 Bug 40597: Implement TorSettings module - migrated in-page settings read/write implementation from about:preferences#tor to the TorSettings module - TorSettings initially loads settings from the tor daemon, and saves them to firefox prefs - TorSettings notifies observers when a setting has changed; currently only QuickStart notification is implemented for parity with previous preference notify logic in about:torconnect and about:preferences#tor - about:preferences#tor, and about:torconnect now read and write settings thorugh the TorSettings module - all tor settings live in the torbrowser.settings.* preference branch - removed unused pref modify permission for about:torconnect content page from AsyncPrefs.jsm Bug 40645: Migrate Moat APIs to Moat.jsm module --- browser/modules/BridgeDB.jsm | 61 ++ browser/modules/Moat.jsm | 730 +++++++++++++++++++++ browser/modules/TorConnect.jsm | 643 ++++++++++++++++++ browser/modules/TorProtocolService.jsm | 484 ++++++++++++++ browser/modules/TorSettings.jsm | 693 +++++++++++++++++++ browser/modules/moz.build | 4 + .../processsingleton/MainProcessSingleton.jsm | 5 + 7 files changed, 2620 insertions(+) diff --git a/browser/modules/BridgeDB.jsm b/browser/modules/BridgeDB.jsm new file mode 100644 index 000000000000..50665710ebf4 --- /dev/null +++ b/browser/modules/BridgeDB.jsm @@ -0,0 +1,61 @@ +"use strict"; + +var EXPORTED_SYMBOLS = ["BridgeDB"]; + +const { MoatRPC } = ChromeUtils.import("resource:///modules/Moat.jsm"); + +var BridgeDB = { + _moatRPC: null, + _challenge: null, + _image: null, + _bridges: null, + + get currentCaptchaImage() { + return this._image; + }, + + get currentBridges() { + return this._bridges; + }, + + async submitCaptchaGuess(solution) { + if (!this._moatRPC) { + this._moatRPC = new MoatRPC(); + await this._moatRPC.init(); + } + + const response = await this._moatRPC.check( + "obfs4", + this._challenge, + solution, + false + ); + this._bridges = response?.bridges; + return this._bridges; + }, + + async requestNewCaptchaImage() { + try { + if (!this._moatRPC) { + this._moatRPC = new MoatRPC(); + await this._moatRPC.init(); + } + + const response = await this._moatRPC.fetch(["obfs4"]); + this._challenge = response.challenge; + this._image = + "data:image/jpeg;base64," + encodeURIComponent(response.image); + } catch (err) { + console.log(`error : ${err}`); + } + return this._image; + }, + + close() { + this._moatRPC?.uninit(); + this._moatRPC = null; + this._challenge = null; + this._image = null; + this._bridges = null; + }, +}; diff --git a/browser/modules/Moat.jsm b/browser/modules/Moat.jsm new file mode 100644 index 000000000000..d02075e4412f --- /dev/null +++ b/browser/modules/Moat.jsm @@ -0,0 +1,730 @@ +"use strict"; + +var EXPORTED_SYMBOLS = ["MoatRPC"]; + +const { Services } = ChromeUtils.import("resource://gre/modules/Services.jsm"); + +const { Subprocess } = ChromeUtils.import( + "resource://gre/modules/Subprocess.jsm" +); + +const { TorLauncherUtil } = ChromeUtils.import( + "resource://torlauncher/modules/tl-util.jsm" +); + +const { TorProtocolService } = ChromeUtils.import( + "resource:///modules/TorProtocolService.jsm" +); + +const { TorSettings, TorBridgeSource, TorProxyType } = ChromeUtils.import( + "resource:///modules/TorSettings.jsm" +); + +const TorLauncherPrefs = Object.freeze({ + bridgedb_front: "extensions.torlauncher.bridgedb_front", + bridgedb_reflector: "extensions.torlauncher.bridgedb_reflector", + moat_service: "extensions.torlauncher.moat_service", +}); + +// Config keys used to query tor daemon properties +const TorConfigKeys = Object.freeze({ + clientTransportPlugin: "ClientTransportPlugin", +}); + +// +// Launches and controls the PT process lifetime +// +class MeekTransport { + constructor() { + this._inited = false; + this._meekClientProcess = null; + this._meekProxyType = null; + this._meekProxyAddress = null; + this._meekProxyPort = 0; + this._meekProxyUsername = null; + this._meekProxyPassword = null; + } + + // launches the meekprocess + async init() { + // ensure we haven't already init'd + if (this._inited) { + throw new Error("MeekTransport: Already initialized"); + } + + // cleanup function for killing orphaned pt process + let onException = () => {}; + try { + // figure out which pluggable transport to use + const supportedTransports = ["meek", "meek_lite"]; + let transportPlugins = await TorProtocolService.readStringArraySetting( + TorConfigKeys.clientTransportPlugin + ); + + let { meekTransport, meekClientPath, meekClientArgs } = (() => { + for (const line of transportPlugins) { + let tokens = line.split(" "); + if (tokens.length > 2 && tokens[1] == "exec") { + let transportArray = tokens[0].split(",").map(aStr => aStr.trim()); + let transport = transportArray.find(aTransport => + supportedTransports.includes(aTransport) + ); + + if (transport != undefined) { + return { + meekTransport: transport, + meekClientPath: tokens[2], + meekClientArgs: tokens.slice(3), + }; + } + } + } + + return { + meekTransport: null, + meekClientPath: null, + meekClientArgs: null, + }; + })(); + + // Convert meek client path to absolute path if necessary + let meekWorkDir = await TorLauncherUtil.getTorFile( + "pt-startup-dir", + false + ); + let re = TorLauncherUtil.isWindows ? /^[A-Za-z]:\\/ : /^\//; + if (!re.test(meekClientPath)) { + let meekPath = meekWorkDir.clone(); + meekPath.appendRelativePath(meekClientPath); + meekClientPath = meekPath.path; + } + + // Construct the per-connection arguments. + let meekClientEscapedArgs = ""; + const meekReflector = Services.prefs.getStringPref( + TorLauncherPrefs.bridgedb_reflector + ); + + // Escape aValue per section 3.5 of the PT specification: + // First the "<Key>=<Value>" formatted arguments MUST be escaped, + // such that all backslash, equal sign, and semicolon characters + // are escaped with a backslash. + let escapeArgValue = aValue => { + if (!aValue) { + return ""; + } + + let rv = aValue.replace(/\\/g, "\\\\"); + rv = rv.replace(/=/g, "\\="); + rv = rv.replace(/;/g, "\\;"); + return rv; + }; + + if (meekReflector) { + meekClientEscapedArgs += "url="; + meekClientEscapedArgs += escapeArgValue(meekReflector); + } + const meekFront = Services.prefs.getStringPref( + TorLauncherPrefs.bridgedb_front + ); + if (meekFront) { + if (meekClientEscapedArgs.length) { + meekClientEscapedArgs += ";"; + } + meekClientEscapedArgs += "front="; + meekClientEscapedArgs += escapeArgValue(meekFront); + } + + // Setup env and start meek process + let ptStateDir = TorLauncherUtil.getTorFile("tordatadir", false); + let meekHelperProfileDir = TorLauncherUtil.getTorFile( + "pt-profiles-dir", + true + ); + ptStateDir.append("pt_state"); // Match what tor uses. + meekHelperProfileDir.appendRelativePath("profile.moat-http-helper"); + + let envAdditions = { + TOR_PT_MANAGED_TRANSPORT_VER: "1", + TOR_PT_STATE_LOCATION: ptStateDir.path, + TOR_PT_EXIT_ON_STDIN_CLOSE: "1", + TOR_PT_CLIENT_TRANSPORTS: meekTransport, + TOR_BROWSER_MEEK_PROFILE: meekHelperProfileDir.path, + }; + if (TorSettings.proxy.enabled) { + envAdditions.TOR_PT_PROXY = TorSettings.proxy.uri; + } + + let opts = { + command: meekClientPath, + arguments: meekClientArgs, + workdir: meekWorkDir.path, + environmentAppend: true, + environment: envAdditions, + stderr: "pipe", + }; + + // Launch meek client + let meekClientProcess = await Subprocess.call(opts); + // kill our process if exception is thrown + onException = () => { + meekClientProcess.kill(); + }; + + // Callback chain for reading stderr + let stderrLogger = async () => { + if (this._meekClientProcess) { + let errString = await this._meekClientProcess.stderr.readString(); + console.log(`MeekTransport: stderr => ${errString}`); + await stderrLogger(); + } + }; + stderrLogger(); + + // Read pt's stdout until terminal (CMETHODS DONE) is reached + // returns array of lines for parsing + let getInitLines = async (stdout = "") => { + let string = await meekClientProcess.stdout.readString(); + stdout += string; + + // look for the final message + const CMETHODS_DONE = "CMETHODS DONE"; + let endIndex = stdout.lastIndexOf(CMETHODS_DONE); + if (endIndex != -1) { + endIndex += CMETHODS_DONE.length; + return stdout.substr(0, endIndex).split("\n"); + } + return getInitLines(stdout); + }; + + // read our lines from pt's stdout + let meekInitLines = await getInitLines(); + // tokenize our pt lines + let meekInitTokens = meekInitLines.map(line => { + let tokens = line.split(" "); + return { + keyword: tokens[0], + args: tokens.slice(1), + }; + }); + + let meekProxyType = null; + let meekProxyAddr = null; + let meekProxyPort = 0; + + // parse our pt tokens + for (const { keyword, args } of meekInitTokens) { + const argsJoined = args.join(" "); + let keywordError = false; + switch (keyword) { + case "VERSION": { + if (args.length != 1 || args[0] !== "1") { + keywordError = true; + } + break; + } + case "PROXY": { + if (args.length != 1 || args[0] !== "DONE") { + keywordError = true; + } + break; + } + case "CMETHOD": { + if (args.length != 3) { + keywordError = true; + break; + } + const transport = args[0]; + const proxyType = args[1]; + const addrPortString = args[2]; + const addrPort = addrPortString.split(":"); + + if (transport !== meekTransport) { + throw new Error( + `MeekTransport: Expected ${meekTransport} but found ${transport}` + ); + } + if (!["socks4", "socks4a", "socks5"].includes(proxyType)) { + throw new Error( + `MeekTransport: Invalid proxy type => ${proxyType}` + ); + } + if (addrPort.length != 2) { + throw new Error( + `MeekTransport: Invalid proxy address => ${addrPortString}` + ); + } + const addr = addrPort[0]; + const port = parseInt(addrPort[1]); + if (port < 1 || port > 65535) { + throw new Error(`MeekTransport: Invalid proxy port => ${port}`); + } + + // convert proxy type to strings used by protocol-proxy-servce + meekProxyType = proxyType === "socks5" ? "socks" : "socks4"; + meekProxyAddr = addr; + meekProxyPort = port; + + break; + } + // terminal + case "CMETHODS": { + if (args.length != 1 || args[0] !== "DONE") { + keywordError = true; + } + break; + } + // errors (all fall through): + case "VERSION-ERROR": + case "ENV-ERROR": + case "PROXY-ERROR": + case "CMETHOD-ERROR": + throw new Error(`MeekTransport: ${keyword} => '${argsJoined}'`); + } + if (keywordError) { + throw new Error( + `MeekTransport: Invalid ${keyword} keyword args => '${argsJoined}'` + ); + } + } + + this._meekClientProcess = meekClientProcess; + // register callback to cleanup on process exit + this._meekClientProcess.wait().then(exitObj => { + this._meekClientProcess = null; + this.uninit(); + }); + + this._meekProxyType = meekProxyType; + this._meekProxyAddress = meekProxyAddr; + this._meekProxyPort = meekProxyPort; + + // socks5 + if (meekProxyType === "socks") { + if (meekClientEscapedArgs.length <= 255) { + this._meekProxyUsername = meekClientEscapedArgs; + this._meekProxyPassword = "\x00"; + } else { + this._meekProxyUsername = meekClientEscapedArgs.substring(0, 255); + this._meekProxyPassword = meekClientEscapedArgs.substring(255); + } + // socks4 + } else { + this._meekProxyUsername = meekClientEscapedArgs; + this._meekProxyPassword = undefined; + } + + this._inited = true; + } catch (ex) { + onException(); + throw ex; + } + } + + async uninit() { + this._inited = false; + + await this._meekClientProcess?.kill(); + this._meekClientProcess = null; + this._meekProxyType = null; + this._meekProxyAddress = null; + this._meekProxyPort = 0; + this._meekProxyUsername = null; + this._meekProxyPassword = null; + } +} + +// +// Callback object with a cached promise for the returned Moat data +// +class MoatResponseListener { + constructor() { + this._response = ""; + // we need this promise here because await nsIHttpChannel::asyncOpen does + // not return only once the request is complete, it seems to return + // after it begins, so we have to get the result from this listener object. + // This promise is only resolved once onStopRequest is called + this._responsePromise = new Promise((resolve, reject) => { + this._resolve = resolve; + this._reject = reject; + }); + } + + // callers wait on this for final response + response() { + return this._responsePromise; + } + + // noop + onStartRequest(request) {} + + // resolve or reject our Promise + onStopRequest(request, status) { + try { + if (!Components.isSuccessCode(status)) { + const errorMessage = TorLauncherUtil.getLocalizedStringForError(status); + this._reject(new Error(errorMessage)); + } + if (request.responseStatus != 200) { + this._reject(new Error(request.responseStatusText)); + } + } catch (err) { + this._reject(err); + } + this._resolve(this._response); + } + + // read response data + onDataAvailable(request, stream, offset, length) { + const scriptableStream = Cc[ + "@mozilla.org/scriptableinputstream;1" + ].createInstance(Ci.nsIScriptableInputStream); + scriptableStream.init(stream); + this._response += scriptableStream.read(length); + } +} + +// constructs the json objects and sends the request over moat +class MoatRPC { + constructor() { + this._meekTransport = null; + this._inited = false; + } + + async init() { + if (this._inited) { + throw new Error("MoatRPC: Already initialized"); + } + + let meekTransport = new MeekTransport(); + await meekTransport.init(); + this._meekTransport = meekTransport; + this._inited = true; + } + + async uninit() { + await this._meekTransport?.uninit(); + this._meekTransport = null; + this._inited = false; + } + + async _makeRequest(procedure, args) { + if (!this._inited) { + throw new Error("MoatRPC: Not initialized"); + } + + const proxyType = this._meekTransport._meekProxyType; + const proxyAddress = this._meekTransport._meekProxyAddress; + const proxyPort = this._meekTransport._meekProxyPort; + const proxyUsername = this._meekTransport._meekProxyUsername; + const proxyPassword = this._meekTransport._meekProxyPassword; + + const proxyPS = Cc[ + "@mozilla.org/network/protocol-proxy-service;1" + ].getService(Ci.nsIProtocolProxyService); + const flags = Ci.nsIProxyInfo.TRANSPARENT_PROXY_RESOLVES_HOST; + const noTimeout = 0xffffffff; // UINT32_MAX + const proxyInfo = proxyPS.newProxyInfoWithAuth( + proxyType, + proxyAddress, + proxyPort, + proxyUsername, + proxyPassword, + undefined, + undefined, + flags, + noTimeout, + undefined + ); + + const procedureURIString = `${Services.prefs.getStringPref( + TorLauncherPrefs.moat_service + )}/${procedure}`; + + const procedureURI = Services.io.newURI(procedureURIString); + // There does not seem to be a way to directly create an nsILoadInfo from + // JavaScript, so we create a throw away non-proxied channel to get one. + const secFlags = Ci.nsILoadInfo.SEC_ALLOW_CROSS_ORIGIN_SEC_CONTEXT_IS_NULL; + const loadInfo = Services.io.newChannelFromURI( + procedureURI, + undefined, + Services.scriptSecurityManager.getSystemPrincipal(), + undefined, + secFlags, + Ci.nsIContentPolicy.TYPE_OTHER + ).loadInfo; + + const httpHandler = Services.io + .getProtocolHandler("http") + .QueryInterface(Ci.nsIHttpProtocolHandler); + const ch = httpHandler + .newProxiedChannel(procedureURI, proxyInfo, 0, undefined, loadInfo) + .QueryInterface(Ci.nsIHttpChannel); + + // remove all headers except for 'Host" + const headers = []; + ch.visitRequestHeaders({ + visitHeader: (key, val) => { + if (key !== "Host") { + headers.push(key); + } + }, + }); + headers.forEach(key => ch.setRequestHeader(key, "", false)); + + // Arrange for the POST data to be sent. + const argsJson = JSON.stringify(args); + + const inStream = Cc["@mozilla.org/io/string-input-stream;1"].createInstance( + Ci.nsIStringInputStream + ); + inStream.setData(argsJson, argsJson.length); + const upChannel = ch.QueryInterface(Ci.nsIUploadChannel); + const contentType = "application/vnd.api+json"; + upChannel.setUploadStream(inStream, contentType, argsJson.length); + ch.requestMethod = "POST"; + + // Make request + const listener = new MoatResponseListener(); + await ch.asyncOpen(listener, ch); + + // wait for response + const responseJSON = await listener.response(); + + // parse that JSON + return JSON.parse(responseJSON); + } + + // + // Moat APIs + // + + // Receive a CAPTCHA challenge, takes the following parameters: + // - transports: array of transport strings available to us eg: ["obfs4", "meek"] + // + // returns an object with the following fields: + // - transport: a transport string the moat server decides it will send you selected + // from the list of provided transports + // - image: a base64 encoded jpeg with the captcha to complete + // - challenge: a nonce/cookie string associated with this request + async fetch(transports) { + + if ( + // ensure this is an array + Array.isArray(transports) && + // ensure array has values + !!transports.length && + // ensure each value in the array is a string + transports.reduce((acc, cur) => acc && typeof cur === "string", true) + ) { + const args = { + data: [ + { + version: "0.1.0", + type: "client-transports", + supported: transports, + }, + ], + }; + const response = await this._makeRequest("fetch", args); + if ("errors" in response) { + const code = response.errors[0].code; + const detail = response.errors[0].detail; + throw new Error(`MoatRPC: ${detail} (${code})`); + } + + const transport = response.data[0].transport; + const image = response.data[0].image; + const challenge = response.data[0].challenge; + + return { transport, image, challenge }; + } + throw new Error("MoatRPC: fetch() expects a non-empty array of strings"); + } + + // Submit an answer for a CAPTCHA challenge and get back bridges, takes the following + // parameters: + // - transport: the transport string associated with a previous fetch request + // - challenge: the nonce string associated with the fetch request + // - solution: solution to the CAPTCHA associated with the fetch request + // - qrcode: true|false whether we want to get back a qrcode containing the bridge strings + // + // returns an object with the following fields: + // - bridges: an array of bridge line strings + // - qrcode: base64 encoded jpeg of bridges if requested, otherwise null + // if the provided solution is incorrect, returns an empty object + async check(transport, challenge, solution, qrcode) { + const args = { + data: [ + { + id: "2", + version: "0.1.0", + type: "moat-solution", + transport, + challenge, + solution, + qrcode: qrcode ? "true" : "false", + }, + ], + }; + const response = await this._makeRequest("check", args); + if ("errors" in response) { + const code = response.errors[0].code; + const detail = response.errors[0].detail; + if (code == 419 && detail === "The CAPTCHA solution was incorrect.") { + return {}; + } + + throw new Error(`MoatRPC: ${detail} (${code})`); + } + + const bridges = response.data[0].bridges; + const qrcodeImg = qrcode ? response.data[0].qrcode : null; + + return { bridges, qrcode: qrcodeImg }; + } + + // Convert received settings object to format used by TorSettings module + // In the event of error, just return null + _fixupSettings(settings) { + try { + let retval = TorSettings.defaultSettings() + if ("bridges" in settings) { + retval.bridges.enabled = true; + switch(settings.bridges.source) { + case "builtin": + retval.bridges.source = TorBridgeSource.BuiltIn; + retval.bridges.builtin_type = settings.bridges.type; + // Tor Browser will periodically update the built-in bridge strings list using the + // circumvention_builtin() function, so we can ignore the bridge strings we have received here; + // BridgeDB only returns a subset of the available built-in bridges through the circumvention_settings() + // function which is fine for our 3rd parties, but we're better off ignoring them in Tor Browser, otherwise + // we get in a weird situation of needing to update our built-in bridges in a piece-meal fashion which + // seems over-complicated/error-prone + break; + case "bridgedb": + retval.bridges.source = TorBridgeSource.BridgeDB; + if (settings.bridges.bridge_strings) { + retval.bridges.bridge_strings = settings.bridges.bridge_strings; + } else { + throw new Error("MoatRPC::_fixupSettings(): Received no bridge-strings for BridgeDB bridge source"); + } + break; + default: + throw new Error(`MoatRPC::_fixupSettings(): Unexpected bridge source '${settings.bridges.source}'`); + } + } + if ("proxy" in settings) { + // TODO: populate proxy settings + } + if ("firewall" in settings) { + // TODO: populate firewall settings + } + return retval; + } catch(ex) { + console.log(ex.message); + return null; + } + } + + // Converts a list of settings objects received from BridgeDB to a list of settings objects + // understood by the TorSettings module + // In the event of error, returns and empty list + _fixupSettingsList(settingsList) { + try { + let retval = []; + for (let settings of settingsList) { + settings = this._fixupSettings(settings); + if (settings != null) { + retval.push(settings); + } + } + return retval; + } catch (ex) { + console.log(ex.message); + return []; + } + } + + // Request tor settings for the user optionally based on their location (derived + // from their IP), takes the following parameters: + // - transports: optional, an array of transports available to the client; if empty (or not + // given) returns settings using all working transports known to the server + // - country: optional, an ISO 3166-1 alpha-2 country code to request settings for; + // if not provided the country is determined by the user's IP address + // + // returns an array of settings objects in roughly the same format as the _settings + // object on the TorSettings module. + // - If the server cannot determine the user's country (and no country code is provided), + // then null is returned + // - If the country has no associated settings, an empty array is returned + async circumvention_settings(transports, country) { + const args = { + transports: transports ? transports : [], + country: country, + }; + const response = await this._makeRequest("circumvention/settings", args); + if ("errors" in response) { + const code = response.errors[0].code; + const detail = response.errors[0].detail; + if (code == 406) { + console.log("MoatRPC::circumvention_settings(): Cannot automatically determine user's country-code"); + // cannot determine user's country + return null; + } + + throw new Error(`MoatRPC: ${detail} (${code})`); + } else if ("settings" in response) { + return this._fixupSettingsList(response.settings); + } + + return []; + } + + // Request a copy of the censorship circumvention map (as if cirumvention_settings were + // queried for all country codes) + // + // returns a map whose key is an ISO 3166-1 alpha-2 country code and whose + // values are arrays of settings objects + async circumvention_map() { + const args = { }; + const response = await this._makeRequest("circumvention/map", args); + if ("errors" in response) { + const code = response.errors[0].code; + const detail = response.errors[0].detail; + throw new Error(`MoatRPC: ${detail} (${code})`); + } + + let map = new Map(); + for (const [country, config] of Object.entries(response)) { + map.set(country, this._fixupSettingsList(config.settings)); + } + + return map; + } + + // Request a copy of the builtin bridges, takes the following parameters: + // - transports: optional, an array of transports we would like the latest bridge strings + // for; if empty (or not given) returns all of them + // + // returns a map whose keys are pluggable transport types and whose values are arrays of + // bridge strings for that type + async circumvention_builtin(transports) { + const args = { + transports: transports ? transports : [], + }; + const response = await this._makeRequest("circumvention/builtin", args); + if ("errors" in response) { + const code = response.errors[0].code; + const detail = response.errors[0].detail; + throw new Error(`MoatRPC: ${detail} (${code})`); + } + + let map = new Map(); + for (const [transport, bridge_strings] of Object.entries(response)) { + map.set(transport, bridge_strings); + } + + return map; + } +} diff --git a/browser/modules/TorConnect.jsm b/browser/modules/TorConnect.jsm new file mode 100644 index 000000000000..c7ab480e2be0 --- /dev/null +++ b/browser/modules/TorConnect.jsm @@ -0,0 +1,643 @@ +"use strict"; + +var EXPORTED_SYMBOLS = ["TorConnect", "TorConnectTopics", "TorConnectState"]; + +const { Services } = ChromeUtils.import( + "resource://gre/modules/Services.jsm" +); + +const { BrowserWindowTracker } = ChromeUtils.import( + "resource:///modules/BrowserWindowTracker.jsm" +); + +const { TorProtocolService, TorProcessStatus, TorTopics, TorBootstrapRequest } = ChromeUtils.import( + "resource:///modules/TorProtocolService.jsm" +); + +const { TorLauncherUtil } = ChromeUtils.import( + "resource://torlauncher/modules/tl-util.jsm" +); + +const { TorSettings, TorSettingsTopics, TorBridgeSource, TorBuiltinBridgeTypes, TorProxyType } = ChromeUtils.import( + "resource:///modules/TorSettings.jsm" +); + +const { MoatRPC } = ChromeUtils.import("resource:///modules/Moat.jsm"); + +/* Browser observer topis */ +const BrowserTopics = Object.freeze({ + ProfileAfterChange: "profile-after-change", +}); + +/* Relevant prefs used by tor-launcher */ +const TorLauncherPrefs = Object.freeze({ + prompt_at_startup: "extensions.torlauncher.prompt_at_startup", +}); + +const TorConnectState = Object.freeze({ + /* Our initial state */ + Initial: "Initial", + /* In-between initial boot and bootstrapping, users can change tor network settings during this state */ + Configuring: "Configuring", + /* Tor is attempting to bootstrap with settings from censorship-circumvention db */ + AutoBootstrapping: "AutoBootstrapping", + /* Tor is bootstrapping */ + Bootstrapping: "Bootstrapping", + /* Passthrough state back to Configuring */ + Error: "Error", + /* Final state, after successful bootstrap */ + Bootstrapped: "Bootstrapped", + /* If we are using System tor or the legacy Tor-Launcher */ + Disabled: "Disabled", +}); + +/* + TorConnect State Transitions + + ┌─────────┐ ┌────────┐ + │ ▼ ▼ │ + │ ┌──────────────────────────────────────────────────────────┐ │ + ┌─┼────── │ Error │ ◀───┐ │ + │ │ └──────────────────────────────────────────────────────────┘ │ │ + │ │ ▲ │ │ + │ │ │ │ │ + │ │ │ │ │ + │ │ ┌───────────────────────┐ ┌──────────┐ │ │ + │ │ ┌──── │ Initial │ ────────────────────▶ │ Disabled │ │ │ + │ │ │ └───────────────────────┘ └──────────┘ │ │ + │ │ │ │ │ │ + │ │ │ │ beginBootstrap() │ │ + │ │ │ ▼ │ │ + │ │ │ ┌──────────────────────────────────────────────────────────┐ │ │ + │ │ │ │ Bootstrapping │ ────┘ │ + │ │ │ └──────────────────────────────────────────────────────────┘ │ + │ │ │ │ ▲ │ │ + │ │ │ │ cancelBootstrap() │ beginBootstrap() └────┐ │ + │ │ │ ▼ │ │ │ + │ │ │ ┌──────────────────────────────────────────────────────────┐ │ │ + │ │ └───▶ │ │ ─┼────┘ + │ │ │ │ │ + │ │ │ │ │ + │ │ │ Configuring │ │ + │ │ │ │ │ + │ │ │ │ │ + └─┼─────▶ │ │ │ + │ └──────────────────────────────────────────────────────────┘ │ + │ │ ▲ │ + │ │ beginAutoBootstrap() │ cancelAutoBootstrap() │ + │ ▼ │ │ + │ ┌───────────────────────┐ │ │ + └────── │ AutoBootstrapping │ ─┘ │ + └───────────────────────┘ │ + │ │ + │ │ + ▼ │ + ┌───────────────────────┐ │ + │ Bootstrapped │ ◀───────────────────────────────────┘ + └───────────────────────┘ +*/ + +/* Maps allowed state transitions + TorConnectStateTransitions[state] maps to an array of allowed states to transition to + This is just an encoding of the above transition diagram that we verify at runtime +*/ +const TorConnectStateTransitions = + Object.freeze(new Map([ + [TorConnectState.Initial, + [TorConnectState.Disabled, + TorConnectState.Bootstrapping, + TorConnectState.Configuring, + TorConnectState.Error]], + [TorConnectState.Configuring, + [TorConnectState.AutoBootstrapping, + TorConnectState.Bootstrapping, + TorConnectState.Error]], + [TorConnectState.AutoBootstrapping, + [TorConnectState.Configuring, + TorConnectState.Bootstrapped, + TorConnectState.Error]], + [TorConnectState.Bootstrapping, + [TorConnectState.Configuring, + TorConnectState.Bootstrapped, + TorConnectState.Error]], + [TorConnectState.Error, + [TorConnectState.Configuring]], + // terminal states + [TorConnectState.Bootstrapped, []], + [TorConnectState.Disabled, []], + ])); + +/* Topics Notified by the TorConnect module */ +const TorConnectTopics = Object.freeze({ + StateChange: "torconnect:state-change", + BootstrapProgress: "torconnect:bootstrap-progress", + BootstrapComplete: "torconnect:bootstrap-complete", + BootstrapError: "torconnect:bootstrap-error", +}); + +// The StateCallback is a wrapper around an async function which executes during +// the lifetime of a TorConnect State. A system is also provided to allow this +// ongoing function to early-out via a per StateCallback on_transition callback +// which may be called externally when we need to early-out and move on to another +// state (for example, from Bootstrapping to Configuring in the event the user +// cancels a bootstrap attempt) +class StateCallback { + + constructor(state, callback) { + this._state = state; + this._callback = callback; + this._init(); + } + + _init() { + // this context object is bound to the callback each time transition is + // attempted via begin() + this._context = { + // This callback may be overwritten in the _callback for each state + // States may have various pieces of work which need to occur + // before they can be exited (eg resource cleanup) + // See the _stateCallbacks map for examples + on_transition: (nextState) => {}, + + // flag used to determine if a StateCallback should early-out + // its work + _transitioning: false, + + // may be called within the StateCallback to determine if exit is possible + get transitioning() { + return this._transitioning; + } + }; + } + + async begin(...args) { + console.log(`TorConnect: Entering ${this._state} state`); + this._init(); + try { + // this Promise will block until this StateCallback has completed its work + await Promise.resolve(this._callback.call(this._context, ...args)); + console.log(`TorConnect: Exited ${this._state} state`); + + // handled state transition + Services.obs.notifyObservers({state: this._nextState}, TorConnectTopics.StateChange); + TorConnect._callback(this._nextState).begin(...this._nextStateArgs); + } catch (obj) { + TorConnect._changeState(TorConnectState.Error, obj?.message, obj?.details); + } + } + + transition(nextState, ...args) { + this._nextState = nextState; + this._nextStateArgs = [...args]; + + // calls the on_transition callback to resolve any async work or do per-state cleanup + // this call to on_transition should resolve the async work currentlying going on in this.begin() + this._context.on_transition(nextState); + this._context._transitioning = true; + } +} + +const TorConnect = (() => { + let retval = { + + _state: TorConnectState.Initial, + _bootstrapProgress: 0, + _bootstrapStatus: null, + _errorMessage: null, + _errorDetails: null, + _logHasWarningOrError: false, + _transitionPromise: null, + + /* These functions represent ongoing work associated with one of our states + Some of these functions are mostly empty, apart from defining an + on_transition function used to resolve their Promise */ + _stateCallbacks: Object.freeze(new Map([ + /* Initial is never transitioned to */ + [TorConnectState.Initial, new StateCallback(TorConnectState.Initial, async function() { + // The initial state doesn't actually do anything, so here is a skeleton for other + // states which do perform work + await new Promise(async (resolve, reject) => { + // This function is provided to signal to the callback that it is complete. + // It is called as a result of _changeState and at the very least must + // resolve the root Promise object within the StateCallback function + // The on_transition callback may also perform necessary cleanup work + this.on_transition = (nextState) => { + resolve(); + }; + + try { + // each state may have a sequence of async work to do + let asyncWork = async () => {}; + await asyncWork(); + + // after each block we may check for an opportunity to early-out + if (this.transitioning) { + return; + } + + // repeat the above pattern as necessary + } catch(err) { + // any thrown exceptions here will trigger a transition to the Error state + TorConnect._changeState(TorConnectState.Error, err?.message, err?.details); + } + }); + })], + /* Configuring */ + [TorConnectState.Configuring, new StateCallback(TorConnectState.Configuring, async function() { + await new Promise(async (resolve, reject) => { + this.on_transition = (nextState) => { + resolve(); + }; + }); + })], + /* Bootstrapping */ + [TorConnectState.Bootstrapping, new StateCallback(TorConnectState.Bootstrapping, async function() { + // wait until bootstrap completes or we get an error + await new Promise(async (resolve, reject) => { + const tbr = new TorBootstrapRequest(); + this.on_transition = async (nextState) => { + if (nextState === TorConnectState.Configuring) { + // stop bootstrap process if user cancelled + await tbr.cancel(); + } + resolve(); + }; + + tbr.onbootstrapstatus = (progress, status) => { + TorConnect._updateBootstrapStatus(progress, status); + }; + tbr.onbootstrapcomplete = () => { + TorConnect._changeState(TorConnectState.Bootstrapped); + }; + tbr.onbootstraperror = (message, details) => { + TorConnect._changeState(TorConnectState.Error, message, details); + }; + + tbr.bootstrap(); + }); + })], + /* AutoBootstrapping */ + [TorConnectState.AutoBootstrapping, new StateCallback(TorConnectState.AutoBootstrapping, async function(countryCode) { + await new Promise(async (resolve, reject) => { + this.on_transition = (nextState) => { + resolve(); + }; + + // lookup user's potential censorship circumvention settings from Moat service + try { + this.mrpc = new MoatRPC(); + await this.mrpc.init(); + + this.settings = await this.mrpc.circumvention_settings([...TorBuiltinBridgeTypes, "vanilla"], countryCode); + + if (this.transitioning) return; + + if (this.settings === null) { + // unable to determine country + TorConnect._changeState(TorConnectState.Error, "Unable to determine user country", "DETAILS_STRING"); + return; + } else if (this.settings.length === 0) { + // no settings available for country + TorConnect._changeState(TorConnectState.Error, "No settings available for your location", "DETAILS_STRING"); + return; + } + } catch (err) { + TorConnect._changeState(TorConnectState.Error, err?.message, err?.details); + return; + } finally { + // important to uninit MoatRPC object or else the pt process will live as long as tor-browser + this.mrpc?.uninit(); + } + + // apply each of our settings and try to bootstrap with each + try { + this.originalSettings = TorSettings.getSettings(); + + let index = 0; + for (let currentSetting of this.settings) { + // let us early out if user cancels + if (this.transitioning) return; + + console.log(`TorConnect: Attempting Bootstrap with configuration ${++index}/${this.settings.length}`); + + TorSettings.setSettings(currentSetting); + await TorSettings.applySettings(); + + // build out our bootstrap request + const tbr = new TorBootstrapRequest(); + tbr.onbootstrapstatus = (progress, status) => { + TorConnect._updateBootstrapStatus(progress, status); + }; + tbr.onbootstraperror = (message, details) => { + console.log(`TorConnect: Auto-Bootstrap error => ${message}; ${details}`); + }; + + // update transition callback for user cancel + this.on_transition = async (nextState) => { + if (nextState === TorConnectState.Configuring) { + await tbr.cancel(); + } + resolve(); + }; + + // begin bootstrap + if (await tbr.bootstrap()) { + // persist the current settings to preferences + TorSettings.saveToPrefs(); + TorConnect._changeState(TorConnectState.Bootstrapped); + return; + } + } + // bootstrapped failed for all potential settings, so reset daemon to use original + TorSettings.setSettings(this.originalSettings); + await TorSettings.applySettings(); + TorSettings.saveToPrefs(); + + // only explicitly change state here if something else has not transitioned us + if (!this.transitioning) { + TorConnect._changeState(TorConnectState.Error, "AutoBootstrapping failed", "DETAILS_STRING"); + } + return; + } catch (err) { + // restore original settings in case of error + try { + TorSettings.setSettings(this.originalSettings); + await TorSettings.applySettings(); + } catch(err) { + console.log(`TorConnect: Failed to restore original settings => ${err}`); + } + TorConnect._changeState(TorConnectState.Error, err?.message, err?.details); + return; + } + }); + })], + /* Bootstrapped */ + [TorConnectState.Bootstrapped, new StateCallback(TorConnectState.Bootstrapped, async function() { + await new Promise((resolve, reject) => { + // on_transition not defined because no way to leave Bootstrapped state + // notify observers of bootstrap completion + Services.obs.notifyObservers(null, TorConnectTopics.BootstrapComplete); + }); + })], + /* Error */ + [TorConnectState.Error, new StateCallback(TorConnectState.Error, async function(errorMessage, errorDetails) { + await new Promise((resolve, reject) => { + this.on_transition = async(nextState) => { + resolve(); + }; + + TorConnect._errorMessage = errorMessage; + TorConnect._errorDetails = errorDetails; + + Services.obs.notifyObservers({message: errorMessage, details: errorDetails}, TorConnectTopics.BootstrapError); + + TorConnect._changeState(TorConnectState.Configuring); + }); + })], + /* Disabled */ + [TorConnectState.Disabled, new StateCallback(TorConnectState.Disabled, async function() { + await new Promise((resolve, reject) => { + // no-op, on_transition not defined because no way to leave Disabled state + }); + })], + ])), + + _callback: function(state) { + return this._stateCallbacks.get(state); + }, + + _changeState: function(newState, ...args) { + const prevState = this._state; + + // ensure this is a valid state transition + if (!TorConnectStateTransitions.get(prevState)?.includes(newState)) { + throw Error(`TorConnect: Attempted invalid state transition from ${prevState} to ${newState}`); + } + + console.log(`TorConnect: Try transitioning from ${prevState} to ${newState}`); + + // set our new state first so that state transitions can themselves trigger + // a state transition + this._state = newState; + + // call our state function and forward any args + this._callback(prevState).transition(newState, ...args); + }, + + _updateBootstrapStatus: function(progress, status) { + this._bootstrapProgress= progress; + this._bootstrapStatus = status; + + console.log(`TorConnect: Bootstrapping ${this._bootstrapProgress}% complete (${this._bootstrapStatus})`); + Services.obs.notifyObservers({ + progress: TorConnect._bootstrapProgress, + status: TorConnect._bootstrapStatus, + hasWarnings: TorConnect._logHasWarningOrError + }, TorConnectTopics.BootstrapProgress); + }, + + // init should be called on app-startup in MainProcessingSingleton.jsm + init: function() { + console.log("TorConnect: init()"); + + // delay remaining init until after profile-after-change + Services.obs.addObserver(this, BrowserTopics.ProfileAfterChange); + + this._callback(TorConnectState.Initial).begin(); + }, + + observe: async function(subject, topic, data) { + console.log(`TorConnect: Observed ${topic}`); + + switch(topic) { + + /* Determine which state to move to from Initial */ + case BrowserTopics.ProfileAfterChange: { + if (TorLauncherUtil.useLegacyLauncher || !TorProtocolService.ownsTorDaemon) { + // Disabled + this._changeState(TorConnectState.Disabled); + } else { + let observeTopic = (topic) => { + Services.obs.addObserver(this, topic); + console.log(`TorConnect: Observing topic '${topic}'`); + }; + + // register the Tor topics we always care about + observeTopic(TorTopics.ProcessExited); + observeTopic(TorTopics.LogHasWarnOrErr); + observeTopic(TorSettingsTopics.Ready); + } + Services.obs.removeObserver(this, topic); + break; + } + /* We need to wait until TorSettings have been loaded and applied before we can Quickstart */ + case TorSettingsTopics.Ready: { + if (this.shouldQuickStart) { + // Quickstart + this._changeState(TorConnectState.Bootstrapping); + } else { + // Configuring + this._changeState(TorConnectState.Configuring); + } + break; + } + case TorTopics.LogHasWarnOrErr: { + this._logHasWarningOrError = true; + break; + } + default: + // ignore + break; + } + }, + + /* + Various getters + */ + + get shouldShowTorConnect() { + // TorBrowser must control the daemon + return (TorProtocolService.ownsTorDaemon && + // and we're not using the legacy launcher + !TorLauncherUtil.useLegacyLauncher && + // if we have succesfully bootstraped, then no need to show TorConnect + this.state != TorConnectState.Bootstrapped); + }, + + get shouldQuickStart() { + // quickstart must be enabled + return TorSettings.quickstart.enabled && + // and the previous bootstrap attempt must have succeeded + !Services.prefs.getBoolPref(TorLauncherPrefs.prompt_at_startup, true); + }, + + get state() { + return this._state; + }, + + get bootstrapProgress() { + return this._bootstrapProgress; + }, + + get bootstrapStatus() { + return this._bootstrapStatus; + }, + + get errorMessage() { + return this._errorMessage; + }, + + get errorDetails() { + return this._errorDetails; + }, + + get logHasWarningOrError() { + return this._logHasWarningOrError; + }, + + /* + These functions allow external consumers to tell TorConnect to transition states + */ + + beginBootstrap: function() { + console.log("TorConnect: beginBootstrap()"); + this._changeState(TorConnectState.Bootstrapping); + }, + + cancelBootstrap: function() { + console.log("TorConnect: cancelBootstrap()"); + this._changeState(TorConnectState.Configuring); + }, + + beginAutoBootstrap: function(countryCode) { + console.log("TorConnect: beginAutoBootstrap()"); + this._changeState(TorConnectState.AutoBootstrapping, countryCode); + }, + + cancelAutoBootstrap: function() { + console.log("TorConnect: cancelAutoBootstrap()"); + this._changeState(TorConnectState.Configuring); + }, + + /* + Further external commands and helper methods + */ + openTorPreferences: function() { + const win = BrowserWindowTracker.getTopWindow(); + win.switchToTabHavingURI("about:preferences#tor", true); + }, + + openTorConnect: function() { + const win = BrowserWindowTracker.getTopWindow(); + win.switchToTabHavingURI("about:torconnect", true, {ignoreQueryString: true}); + }, + + copyTorLogs: function() { + // Copy tor log messages to the system clipboard. + const chSvc = Cc["@mozilla.org/widget/clipboardhelper;1"].getService( + Ci.nsIClipboardHelper + ); + const countObj = { value: 0 }; + chSvc.copyString(TorProtocolService.getLog(countObj)); + const count = countObj.value; + return TorLauncherUtil.getFormattedLocalizedString( + "copiedNLogMessagesShort", + [count], + 1 + ); + }, + + getRedirectURL: function(url) { + return `about:torconnect?redirect=${encodeURIComponent(url)}`; + }, + + // called from browser.js on browser startup, passed in either the user's homepage(s) + // or uris passed via command-line; we want to replace them with about:torconnect uris + // which redirect after bootstrapping + getURIsToLoad: function(uriVariant) { + // convert the object we get from browser.js + let uriStrings = ((v) => { + // an interop array + if (v instanceof Ci.nsIArray) { + // Transform the nsIArray of nsISupportsString's into a JS Array of + // JS strings. + return Array.from( + v.enumerate(Ci.nsISupportsString), + supportStr => supportStr.data + ); + // an interop string + } else if (v instanceof Ci.nsISupportsString) { + return [v.data]; + // a js string + } else if (typeof v === "string") { + return v.split("|"); + // a js array of js strings + } else if (Array.isArray(v) && + v.reduce((allStrings, entry) => {return allStrings && (typeof entry === "string");}, true)) { + return v; + } + // about:tor as safe fallback + console.log(`TorConnect: getURIsToLoad() received unknown variant '${JSON.stringify(v)}'`); + return ["about:tor"]; + })(uriVariant); + + // will attempt to convert user-supplied string to a uri, fallback to about:tor if cannot convert + // to valid uri object + let uriStringToUri = (uriString) => { + const fixupFlags = Ci.nsIURIFixup.FIXUP_FLAG_NONE; + let uri = Services.uriFixup.getFixupURIInfo(uriString, fixupFlags) + .preferredURI; + return uri ? uri : Services.io.newURI("about:tor"); + }; + let uris = uriStrings.map(uriStringToUri); + + // assume we have a valid uri and generate an about:torconnect redirect uri + let redirectUrls = uris.map((uri) => this.getRedirectURL(uri.spec)); + + console.log(`TorConnect: Will load after bootstrap => [${uris.map((uri) => {return uri.spec;}).join(", ")}]`); + return redirectUrls; + }, + }; + retval.init(); + return retval; +})(); /* TorConnect */ diff --git a/browser/modules/TorProtocolService.jsm b/browser/modules/TorProtocolService.jsm new file mode 100644 index 000000000000..ac6d643691f6 --- /dev/null +++ b/browser/modules/TorProtocolService.jsm @@ -0,0 +1,484 @@ +// Copyright (c) 2021, The Tor Project, Inc. + +"use strict"; + +var EXPORTED_SYMBOLS = ["TorProtocolService", "TorProcessStatus", "TorTopics", "TorBootstrapRequest"]; + +const { Services } = ChromeUtils.import( + "resource://gre/modules/Services.jsm" +); + +const { setTimeout, clearTimeout } = ChromeUtils.import("resource://gre/modules/Timer.jsm"); + +const { TorLauncherUtil } = ChromeUtils.import( + "resource://torlauncher/modules/tl-util.jsm" +); + +// see tl-process.js +const TorProcessStatus = Object.freeze({ + Unknown: 0, + Starting: 1, + Running: 2, + Exited: 3, +}); + +/* tor-launcher observer topics */ +const TorTopics = Object.freeze({ + BootstrapStatus: "TorBootstrapStatus", + BootstrapError: "TorBootstrapError", + ProcessExited: "TorProcessExited", + LogHasWarnOrErr: "TorLogHasWarnOrErr", +}); + +/* Browser observer topis */ +const BrowserTopics = Object.freeze({ + ProfileAfterChange: "profile-after-change", +}); + +var TorProtocolService = { + _TorLauncherUtil: function() { + let { TorLauncherUtil } = ChromeUtils.import( + "resource://torlauncher/modules/tl-util.jsm" + ); + return TorLauncherUtil; + }(), + _TorLauncherProtocolService: null, + _TorProcessService: null, + + // maintain a map of tor settings set by Tor Browser so that we don't + // repeatedly set the same key/values over and over + // this map contains string keys to primitive or array values + _settingsCache: new Map(), + + init() { + Services.obs.addObserver(this, BrowserTopics.ProfileAfterChange); + }, + + observe(subject, topic, data) { + if (topic === BrowserTopics.ProfileAfterChange) { + // we have to delay init'ing this or else the crypto service inits too early without a profile + // which breaks the password manager + this._TorLauncherProtocolService = Cc["@torproject.org/torlauncher-protocol-service;1"].getService( + Ci.nsISupports + ).wrappedJSObject; + this._TorProcessService = Cc["@torproject.org/torlauncher-process-service;1"].getService( + Ci.nsISupports + ).wrappedJSObject, + + Services.obs.removeObserver(this, topic); + } + }, + + _typeof(aValue) { + switch (typeof aValue) { + case "boolean": + return "boolean"; + case "string": + return "string"; + case "object": + if (aValue == null) { + return "null"; + } else if (Array.isArray(aValue)) { + return "array"; + } + return "object"; + } + return "unknown"; + }, + + _assertValidSettingKey(aSetting) { + // ensure the 'key' is a string + if (typeof aSetting != "string") { + throw new Error( + `Expected setting of type string but received ${typeof aSetting}` + ); + } + }, + + _assertValidSetting(aSetting, aValue) { + this._assertValidSettingKey(aSetting); + + const valueType = this._typeof(aValue); + switch (valueType) { + case "boolean": + case "string": + case "null": + return; + case "array": + for (const element of aValue) { + if (typeof element != "string") { + throw new Error( + `Setting '${aSetting}' array contains value of invalid type '${typeof element}'` + ); + } + } + return; + default: + throw new Error( + `Invalid object type received for setting '${aSetting}'` + ); + } + }, + + // takes a Map containing tor settings + // throws on error + async writeSettings(aSettingsObj) { + // only write settings that have changed + let newSettings = new Map(); + for (const [setting, value] of aSettingsObj) { + let saveSetting = false; + + // make sure we have valid data here + this._assertValidSetting(setting, value); + + if (!this._settingsCache.has(setting)) { + // no cached setting, so write + saveSetting = true; + } else { + const cachedValue = this._settingsCache.get(setting); + if (value != cachedValue) { + // compare arrays member-wise + if (Array.isArray(value) && Array.isArray(cachedValue)) { + if (value.length != cachedValue.length) { + saveSetting = true; + } else { + const arrayLength = value.length; + for (let i = 0; i < arrayLength; ++i) { + if (value[i] != cachedValue[i]) { + saveSetting = true; + break; + } + } + } + } else { + // some other different values + saveSetting = true; + } + } + } + + if (saveSetting) { + newSettings.set(setting, value); + } + } + + // only write if new setting to save + if (newSettings.size > 0) { + // convert settingsObject map to js object for torlauncher-protocol-service + let settingsObject = {}; + for (const [setting, value] of newSettings) { + settingsObject[setting] = value; + } + + let errorObject = {}; + if (! await this._TorLauncherProtocolService.TorSetConfWithReply(settingsObject, errorObject)) { + throw new Error(errorObject.details); + } + + // save settings to cache after successfully writing to Tor + for (const [setting, value] of newSettings) { + this._settingsCache.set(setting, value); + } + } + }, + + async _readSetting(aSetting) { + this._assertValidSettingKey(aSetting); + let reply = await this._TorLauncherProtocolService.TorGetConf(aSetting); + if (this._TorLauncherProtocolService.TorCommandSucceeded(reply)) { + return reply.lineArray; + } + throw new Error(reply.lineArray.join("\n")); + }, + + async _readBoolSetting(aSetting) { + let lineArray = await this._readSetting(aSetting); + if (lineArray.length != 1) { + throw new Error( + `Expected an array with length 1 but received array of length ${ + lineArray.length + }` + ); + } + + let retval = lineArray[0]; + switch (retval) { + case "0": + return false; + case "1": + return true; + default: + throw new Error(`Expected boolean (1 or 0) but received '${retval}'`); + } + }, + + async _readStringSetting(aSetting) { + let lineArray = await this._readSetting(aSetting); + if (lineArray.length != 1) { + throw new Error( + `Expected an array with length 1 but received array of length ${ + lineArray.length + }` + ); + } + return lineArray[0]; + }, + + async _readStringArraySetting(aSetting) { + let lineArray = await this._readSetting(aSetting); + return lineArray; + }, + + async readBoolSetting(aSetting) { + let value = await this._readBoolSetting(aSetting); + this._settingsCache.set(aSetting, value); + return value; + }, + + async readStringSetting(aSetting) { + let value = await this._readStringSetting(aSetting); + this._settingsCache.set(aSetting, value); + return value; + }, + + async readStringArraySetting(aSetting) { + let value = await this._readStringArraySetting(aSetting); + this._settingsCache.set(aSetting, value); + return value; + }, + + // writes current tor settings to disk + async flushSettings() { + await this.sendCommand("SAVECONF"); + }, + + getLog(countObj) { + countObj = countObj || { value: 0 }; + let torLog = this._TorLauncherProtocolService.TorGetLog(countObj); + return torLog; + }, + + // true if we launched and control tor, false if using system tor + get ownsTorDaemon() { + return this._TorLauncherUtil.shouldStartAndOwnTor; + }, + + // Assumes `ownsTorDaemon` is true + isNetworkDisabled() { + const reply = TorProtocolService._TorLauncherProtocolService.TorGetConfBool( + "DisableNetwork", + true + ); + if (TorProtocolService._TorLauncherProtocolService.TorCommandSucceeded(reply)) { + return reply.retVal; + } + return true; + }, + + async enableNetwork() { + let settings = {}; + settings.DisableNetwork = false; + let errorObject = {}; + if (! await this._TorLauncherProtocolService.TorSetConfWithReply(settings, errorObject)) { + throw new Error(errorObject.details); + } + }, + + async sendCommand(cmd) { + return await this._TorLauncherProtocolService.TorSendCommand(cmd); + }, + + retrieveBootstrapStatus() { + return this._TorLauncherProtocolService.TorRetrieveBootstrapStatus(); + }, + + _GetSaveSettingsErrorMessage(aDetails) { + try { + return this._TorLauncherUtil.getSaveSettingsErrorMessage(aDetails); + } catch (e) { + console.log("GetSaveSettingsErrorMessage error", e); + return "Unexpected Error"; + } + }, + + async setConfWithReply(settings) { + let result = false; + const error = {}; + try { + result = await this._TorLauncherProtocolService.TorSetConfWithReply(settings, error); + } catch (e) { + console.log("TorSetConfWithReply error", e); + error.details = this._GetSaveSettingsErrorMessage(e.message); + } + return { result, error }; + }, + + isBootstrapDone() { + return this._TorProcessService.mIsBootstrapDone; + }, + + clearBootstrapError() { + return this._TorProcessService.TorClearBootstrapError(); + }, + + torBootstrapErrorOccurred() { + return this._TorProcessService.TorBootstrapErrorOccurred; + }, + + // Resolves to null if ok, or an error otherwise + async connect() { + const kTorConfKeyDisableNetwork = "DisableNetwork"; + const settings = {}; + settings[kTorConfKeyDisableNetwork] = false; + const { result, error } = await this.setConfWithReply(settings); + if (!result) { + return error; + } + try { + await this.sendCommand("SAVECONF"); + this.clearBootstrapError(); + this.retrieveBootstrapStatus(); + } catch (e) { + return error; + } + return null; + }, + + torLogHasWarnOrErr() { + return this._TorLauncherProtocolService.TorLogHasWarnOrErr; + }, + + async torStopBootstrap() { + // Tell tor to disable use of the network; this should stop the bootstrap + // process. + const kErrorPrefix = "Setting DisableNetwork=1 failed: "; + try { + let settings = {}; + settings.DisableNetwork = true; + const { result, error } = await this.setConfWithReply(settings); + if (!result) { + console.log( + `Error stopping bootstrap ${kErrorPrefix} ${error.details}` + ); + } + } catch (e) { + console.log(`Error stopping bootstrap ${kErrorPrefix} ${e}`); + } + this.retrieveBootstrapStatus(); + }, + + get torProcessStatus() { + if (this._TorProcessService) { + return this._TorProcessService.TorProcessStatus; + } + return TorProcessStatus.Unknown; + }, +}; +TorProtocolService.init(); + +// modeled after XMLHttpRequest +// nicely encapsulates the observer register/unregister logic +class TorBootstrapRequest { + constructor() { + // number of ms to wait before we abandon the bootstrap attempt + // a value of 0 implies we never wait + this.timeout = 0; + // callbacks for bootstrap process status updates + this.onbootstrapstatus = (progress, status) => {}; + this.onbootstrapcomplete = () => {}; + this.onbootstraperror = (message, details) => {}; + + // internal resolve() method for bootstrap + this._bootstrapPromiseResolve = null; + this._bootstrapPromise = null; + this._timeoutID = null; + } + + async observe(subject, topic, data) { + const obj = subject?.wrappedJSObject; + switch(topic) { + case TorTopics.BootstrapStatus: { + const progress = obj.PROGRESS; + const status = TorLauncherUtil.getLocalizedBootstrapStatus(obj, "TAG"); + if (this.onbootstrapstatus) { + this.onbootstrapstatus(progress, status); + } + if (progress === 100) { + if (this.onbootstrapcomplete) { + this.onbootstrapcomplete(); + } + this._bootstrapPromiseResolve(true); + clearTimeout(this._timeoutID); + } + + break; + } + case TorTopics.BootstrapError: { + // first stop our bootstrap timeout before handling the error + clearTimeout(this._timeoutID); + + await TorProtocolService.torStopBootstrap(); + + const message = obj.message; + const details = obj.details; + if (this.onbootstraperror) { + this.onbootstraperror(message, details); + } + this._bootstrapPromiseResolve(false); + break; + } + } + } + + // resolves 'true' if bootstrap succeeds, false otherwise + async bootstrap() { + if (this._bootstrapPromise) return this._bootstrapPromise; + + this._bootstrapPromise = new Promise(async (resolve, reject) => { + this._bootstrapPromiseResolve = resolve; + + // register ourselves to listen for bootstrap events + Services.obs.addObserver(this, TorTopics.BootstrapStatus); + Services.obs.addObserver(this, TorTopics.BootstrapError); + + // optionally cancel bootstrap after a given timeout + if (this.timeout > 0) { + this._timeoutID = setTimeout(async () => { + await TorProtocolService.torStopBootstrap(); + if (this.onbootstraperror) { + this.onbootstraperror("Tor Bootstrap process timed out", `Bootstrap attempt abandoned after waiting ${this.timeout} ms`); + } + this._bootstrapPromiseResolve(false); + }, this.timeout); + } + + // wait for bootstrapping to begin and maybe handle error + let err = await TorProtocolService.connect(); + if (err) { + clearTimeout(this._timeoutID); + await TorProtocolService.torStopBootstrap(); + + const message = err.message; + const details = err.details; + if (this.onbootstraperror) { + this.onbootstraperror(message, details); + } + this._bootstrapPromiseResolve(false); + } + }).finally(() => { + // and remove ourselves once bootstrap is resolved + Services.obs.removeObserver(this, TorTopics.BootstrapStatus); + Services.obs.removeObserver(this, TorTopics.BootstrapError); + }); + + return this._bootstrapPromise; + } + + async cancel() { + clearTimeout(this._timeoutID); + + await TorProtocolService.torStopBootstrap(); + + this._bootstrapPromiseResolve(false); + } +}; diff --git a/browser/modules/TorSettings.jsm b/browser/modules/TorSettings.jsm new file mode 100644 index 000000000000..1b5b564e1e62 --- /dev/null +++ b/browser/modules/TorSettings.jsm @@ -0,0 +1,693 @@ +"use strict"; + +var EXPORTED_SYMBOLS = ["TorSettings", "TorSettingsTopics", "TorSettingsData", "TorBridgeSource", "TorBuiltinBridgeTypes", "TorProxyType"]; + +const { Services } = ChromeUtils.import( + "resource://gre/modules/Services.jsm" +); + +const { TorProtocolService, TorProcessStatus } = ChromeUtils.import( + "resource:///modules/TorProtocolService.jsm" +); + +/* Browser observer topics */ +const BrowserTopics = Object.freeze({ + ProfileAfterChange: "profile-after-change", +}); + +/* tor-launcher observer topics */ +const TorTopics = Object.freeze({ + ProcessIsReady: "TorProcessIsReady", +}); + +/* TorSettings observer topics */ +const TorSettingsTopics = Object.freeze({ + Ready: "torsettings:ready", + SettingChanged: "torsettings:setting-changed", +}); + +/* TorSettings observer data (for SettingChanged topic) */ +const TorSettingsData = Object.freeze({ + QuickStartEnabled : "torsettings:quickstart_enabled", +}); + +/* Prefs used to store settings in TorBrowser prefs */ +const TorSettingsPrefs = Object.freeze({ + /* bool: are we pulling tor settings from the preferences */ + enabled: 'torbrowser.settings.enabled', + quickstart : { + /* bool: does tor connect automatically on launch */ + enabled: 'torbrowser.settings.quickstart.enabled', + }, + bridges : { + /* bool: does tor use bridges */ + enabled : 'torbrowser.settings.bridges.enabled', + /* int: -1=invalid|0=builtin|1=bridge_db|2=user_provided */ + source : 'torbrowser.settings.bridges.source', + /* string: obfs4|meek_azure|snowflake|etc */ + builtin_type : 'torbrowser.settings.bridges.builtin_type', + /* preference branch: each child branch should be a bridge string */ + bridge_strings : 'torbrowser.settings.bridges.bridge_strings', + }, + proxy : { + /* bool: does tor use a proxy */ + enabled : 'torbrowser.settings.proxy.enabled', + /* -1=invalid|0=socks4,1=socks5,2=https */ + type: 'torbrowser.settings.proxy.type', + /* string: proxy server address */ + address: 'torbrowser.settings.proxy.address', + /* int: [1,65535], proxy port */ + port: 'torbrowser.settings.proxy.port', + /* string: username */ + username: 'torbrowser.settings.proxy.username', + /* string: password */ + password: 'torbrowser.settings.proxy.password', + }, + firewall : { + /* bool: does tor have a port allow list */ + enabled: 'torbrowser.settings.firewall.enabled', + /* string: comma-delimitted list of port numbers */ + allowed_ports: 'torbrowser.settings.firewall.allowed_ports', + }, +}); + +/* Legacy tor-launcher prefs and pref branches*/ +const TorLauncherPrefs = Object.freeze({ + quickstart: "extensions.torlauncher.quickstart", + default_bridge_type: "extensions.torlauncher.default_bridge_type", + default_bridge: "extensions.torlauncher.default_bridge.", + default_bridge_recommended_type: "extensions.torlauncher.default_bridge_recommended_type", + bridgedb_bridge: "extensions.torlauncher.bridgedb_bridge.", +}); + +/* Config Keys used to configure tor daemon */ +const TorConfigKeys = Object.freeze({ + useBridges: "UseBridges", + bridgeList: "Bridge", + socks4Proxy: "Socks4Proxy", + socks5Proxy: "Socks5Proxy", + socks5ProxyUsername: "Socks5ProxyUsername", + socks5ProxyPassword: "Socks5ProxyPassword", + httpsProxy: "HTTPSProxy", + httpsProxyAuthenticator: "HTTPSProxyAuthenticator", + reachableAddresses: "ReachableAddresses", + clientTransportPlugin: "ClientTransportPlugin", +}); + +const TorBridgeSource = Object.freeze({ + Invalid: -1, + BuiltIn: 0, + BridgeDB: 1, + UserProvided: 2, +}); + +const TorProxyType = Object.freeze({ + Invalid: -1, + Socks4: 0, + Socks5: 1, + HTTPS: 2, +}); + + +const TorBuiltinBridgeTypes = Object.freeze( + (() => { + let bridgeListBranch = Services.prefs.getBranch(TorLauncherPrefs.default_bridge); + let bridgePrefs = bridgeListBranch.getChildList(""); + + // an unordered set for shoving bridge types into + let bridgeTypes = new Set(); + // look for keys ending in ".N" and treat string before that as the bridge type + const pattern = /\.[0-9]+$/; + for (const key of bridgePrefs) { + const offset = key.search(pattern); + if (offset != -1) { + const bt = key.substring(0, offset); + bridgeTypes.add(bt); + } + } + + // recommended bridge type goes first in the list + let recommendedBridgeType = Services.prefs.getCharPref(TorLauncherPrefs.default_bridge_recommended_type, null); + + let retval = []; + if (recommendedBridgeType && bridgeTypes.has(recommendedBridgeType)) { + retval.push(recommendedBridgeType); + } + + for (const bridgeType of bridgeTypes.values()) { + if (bridgeType != recommendedBridgeType) { + retval.push(bridgeType); + } + } + return retval; + })() +); + +/* Parsing Methods */ + +// expects a string representation of an integer from 1 to 65535 +let parsePort = function(aPort) { + // ensure port string is a valid positive integer + const validIntRegex = /^[0-9]+$/; + if (!validIntRegex.test(aPort)) { + return 0; + } + + // ensure port value is on valid range + let port = Number.parseInt(aPort); + if (port < 1 || port > 65535) { + return 0; + } + + return port; +}; +// expects a string in the format: "ADDRESS:PORT" +let parseAddrPort = function(aAddrColonPort) { + let tokens = aAddrColonPort.split(":"); + if (tokens.length != 2) { + return ["", 0]; + } + let address = tokens[0]; + let port = parsePort(tokens[1]); + return [address, port]; +}; + +// expects a string in the format: "USERNAME:PASSWORD" +// split on the first colon and any subsequent go into password +let parseUsernamePassword = function(aUsernameColonPassword) { + let colonIndex = aUsernameColonPassword.indexOf(":"); + if (colonIndex < 0) { + return ["", ""]; + } + + let username = aUsernameColonPassword.substring(0, colonIndex); + let password = aUsernameColonPassword.substring(colonIndex + 1); + + return [username, password]; +}; + +// expects a string in the format: ADDRESS:PORT,ADDRESS:PORT,... +// returns array of ports (as ints) +let parseAddrPortList = function(aAddrPortList) { + let addrPorts = aAddrPortList.split(","); + // parse ADDRESS:PORT string and only keep the port (second element in returned array) + let retval = addrPorts.map(addrPort => parseAddrPort(addrPort)[1]); + return retval; +}; + +// expects a '/n' or '/r/n' delimited bridge string, which we split and trim +// each bridge string can also optionally have 'bridge' at the beginning ie: +// bridge $(type) $(address):$(port) $(certificate) +// we strip out the 'bridge' prefix here +let parseBridgeStrings = function(aBridgeStrings) { + + // replace carriage returns ('\r') with new lines ('\n') + aBridgeStrings = aBridgeStrings.replace(/\r/g, "\n"); + // then replace contiguous new lines ('\n') with a single one + aBridgeStrings = aBridgeStrings.replace(/[\n]+/g, "\n"); + + // split on the newline and for each bridge string: trim, remove starting 'bridge' string + // finally discard entries that are empty strings; empty strings could occur if we receive + // a new line containing only whitespace + let splitStrings = aBridgeStrings.split("\n"); + return splitStrings.map(val => val.trim().replace(/^bridge\s+/i, "")) + .filter(bridgeString => bridgeString != ""); +}; + +// expecting a ',' delimited list of ints with possible white space between +// returns an array of ints +let parsePortList = function(aPortListString) { + let splitStrings = aPortListString.split(","); + // parse and remove duplicates + let portSet = new Set(splitStrings.map(val => parsePort(val.trim()))); + // parsePort returns 0 for failed parses, so remove 0 from list + portSet.delete(0); + return Array.from(portSet); +}; + +let getBuiltinBridgeStrings = function(builtinType) { + let bridgeBranch = Services.prefs.getBranch(TorLauncherPrefs.default_bridge); + let bridgeBranchPrefs = bridgeBranch.getChildList(""); + let retval = []; + + // regex matches against strings ending in ".N" where N is a positive integer + let pattern = /\.[0-9]+$/; + for (const key of bridgeBranchPrefs) { + // verify the location of the match is the correct offset required for aBridgeType + // to fit, and that the string begins with aBridgeType + if (key.search(pattern) == builtinType.length && + key.startsWith(builtinType)) { + let bridgeStr = bridgeBranch.getCharPref(key); + retval.push(bridgeStr); + } + } + + // shuffle so that Tor Browser users don't all try the built-in bridges in the same order + arrayShuffle(retval); + + return retval; +}; + +/* Array methods */ + +let arrayShuffle = function(array) { + // fisher-yates shuffle + for (let i = array.length - 1; i > 0; --i) { + // number n such that 0.0 <= n < 1.0 + const n = Math.random(); + // integer j such that 0 <= j <= i + const j = Math.floor(n * (i + 1)); + + // swap values at indices i and j + const tmp = array[i]; + array[i] = array[j]; + array[j] = tmp; + } +} + +let arrayCopy = function(array) { + return [].concat(array); +} + +/* TorSettings module */ + +const TorSettings = (() => { + let self = { + _settings: null, + + // tor daemon related settings + defaultSettings: function() { + let settings = { + quickstart: { + enabled: false + }, + bridges : { + enabled: false, + source: TorBridgeSource.Invalid, + builtin_type: null, + bridge_strings: [], + }, + proxy: { + enabled: false, + type: TorProxyType.Invalid, + address: null, + port: 0, + username: null, + password: null, + }, + firewall: { + enabled: false, + allowed_ports: [], + }, + }; + return settings; + }, + + /* load or init our settings, and register observers */ + init: function() { + if (TorProtocolService.ownsTorDaemon) { + // if the settings branch exists, load settings from prefs + if (Services.prefs.getBoolPref(TorSettingsPrefs.enabled, false)) { + this.loadFromPrefs(); + } else { + // otherwise load defaults + this._settings = this.defaultSettings(); + } + Services.obs.addObserver(this, BrowserTopics.ProfileAfterChange); + Services.obs.addObserver(this, TorTopics.ProcessIsReady); + } + }, + + /* wait for relevant life-cycle events to apply saved settings */ + observe: async function(subject, topic, data) { + console.log(`TorSettings: Observed ${topic}`); + + // once the tor daemon is ready, we need to apply our settings + let handleProcessReady = async () => { + // push down settings to tor + await this.applySettings(); + console.log("TorSettings: Ready"); + Services.obs.notifyObservers(null, TorSettingsTopics.Ready); + }; + + switch (topic) { + case BrowserTopics.ProfileAfterChange: { + Services.obs.removeObserver(this, BrowserTopics.ProfileAfterChange); + if (TorProtocolService.torProcessStatus == TorProcessStatus.Running) { + await handleProcessReady(); + } + } + break; + case TorTopics.ProcessIsReady: { + Services.obs.removeObserver(this, TorTopics.ProcessIsReady); + await handleProcessReady(); + } + break; + } + }, + + // load our settings from prefs + loadFromPrefs: function() { + console.log("TorSettings: loadFromPrefs()"); + + let settings = this.defaultSettings(); + + /* Quickstart */ + settings.quickstart.enabled = Services.prefs.getBoolPref(TorSettingsPrefs.quickstart.enabled); + /* Bridges */ + settings.bridges.enabled = Services.prefs.getBoolPref(TorSettingsPrefs.bridges.enabled); + if (settings.bridges.enabled) { + settings.bridges.source = Services.prefs.getIntPref(TorSettingsPrefs.bridges.source); + // builtin bridge (obfs4, meek, snowlfake, etc) + if (settings.bridges.source == TorBridgeSource.BuiltIn) { + let builtinType = Services.prefs.getStringPref(TorSettingsPrefs.bridges.builtin_type); + settings.bridges.builtin_type = builtinType; + // always dynamically load builtin bridges rather than loading the cached versions + // if the user upgrades and the builtin bridges have changed, we want to ensure the user + // can still bootstrap using the provided bridges + let bridgeStrings = getBuiltinBridgeStrings(builtinType); + if (bridgeStrings.length > 0) { + settings.bridges.bridge_strings = bridgeStrings; + } else { + // in this case the user is using a builtin bridge that is no longer supported, + // reset to settings to default values + settings.bridges.enabled = false; + settings.bridges.source = TorBridgeSource.Invalid; + settings.bridges.builtin_type = null; + } + } else { + settings.bridges.bridge_strings = []; + let bridgeBranchPrefs = Services.prefs.getBranch(TorSettingsPrefs.bridges.bridge_strings).getChildList(""); + bridgeBranchPrefs.forEach(pref => { + let bridgeString = Services.prefs.getStringPref(`${TorSettingsPrefs.bridges.bridge_strings}${pref}`); + settings.bridges.bridge_strings.push(bridgeString); + }); + } + } else { + settings.bridges.source = TorBridgeSource.Invalid; + settings.bridges.builtin_type = null; + settings.bridges.bridge_strings = []; + } + /* Proxy */ + settings.proxy.enabled = Services.prefs.getBoolPref(TorSettingsPrefs.proxy.enabled); + if (settings.proxy.enabled) { + settings.proxy.type = Services.prefs.getIntPref(TorSettingsPrefs.proxy.type); + settings.proxy.address = Services.prefs.getStringPref(TorSettingsPrefs.proxy.address); + settings.proxy.port = Services.prefs.getIntPref(TorSettingsPrefs.proxy.port); + settings.proxy.username = Services.prefs.getStringPref(TorSettingsPrefs.proxy.username); + settings.proxy.password = Services.prefs.getStringPref(TorSettingsPrefs.proxy.password); + } else { + settings.proxy.type = TorProxyType.Invalid; + settings.proxy.address = null; + settings.proxy.port = 0; + settings.proxy.username = null; + settings.proxy.password = null; + } + + /* Firewall */ + settings.firewall.enabled = Services.prefs.getBoolPref(TorSettingsPrefs.firewall.enabled); + if(settings.firewall.enabled) { + let portList = Services.prefs.getStringPref(TorSettingsPrefs.firewall.allowed_ports); + settings.firewall.allowed_ports = parsePortList(portList); + } else { + settings.firewall.allowed_ports = 0; + } + + this._settings = settings; + + return this; + }, + + // save our settings to prefs + saveToPrefs: function() { + console.log("TorSettings: saveToPrefs()"); + + let settings = this._settings; + + /* Quickstart */ + Services.prefs.setBoolPref(TorSettingsPrefs.quickstart.enabled, settings.quickstart.enabled); + /* Bridges */ + Services.prefs.setBoolPref(TorSettingsPrefs.bridges.enabled, settings.bridges.enabled); + if (settings.bridges.enabled) { + Services.prefs.setIntPref(TorSettingsPrefs.bridges.source, settings.bridges.source); + if (settings.bridges.source === TorBridgeSource.BuiltIn) { + Services.prefs.setStringPref(TorSettingsPrefs.bridges.builtin_type, settings.bridges.builtin_type); + } else { + Services.prefs.clearUserPref(TorSettingsPrefs.bridges.builtin_type); + } + // erase existing bridge strings + let bridgeBranchPrefs = Services.prefs.getBranch(TorSettingsPrefs.bridges.bridge_strings).getChildList(""); + bridgeBranchPrefs.forEach(pref => { + Services.prefs.clearUserPref(`${TorSettingsPrefs.bridges.bridge_strings}${pref}`); + }); + // write new ones + settings.bridges.bridge_strings.forEach((string, index) => { + Services.prefs.setStringPref(`${TorSettingsPrefs.bridges.bridge_strings}.${index}`, string); + }); + } else { + Services.prefs.clearUserPref(TorSettingsPrefs.bridges.source); + Services.prefs.clearUserPref(TorSettingsPrefs.bridges.builtin_type); + let bridgeBranchPrefs = Services.prefs.getBranch(TorSettingsPrefs.bridges.bridge_strings).getChildList(""); + bridgeBranchPrefs.forEach(pref => { + Services.prefs.clearUserPref(`${TorSettingsPrefs.bridges.bridge_strings}${pref}`); + }); + } + /* Proxy */ + Services.prefs.setBoolPref(TorSettingsPrefs.proxy.enabled, settings.proxy.enabled); + if (settings.proxy.enabled) { + Services.prefs.setIntPref(TorSettingsPrefs.proxy.type, settings.proxy.type); + Services.prefs.setStringPref(TorSettingsPrefs.proxy.address, settings.proxy.address); + Services.prefs.setIntPref(TorSettingsPrefs.proxy.port, settings.proxy.port); + Services.prefs.setStringPref(TorSettingsPrefs.proxy.username, settings.proxy.username); + Services.prefs.setStringPref(TorSettingsPrefs.proxy.password, settings.proxy.password); + } else { + Services.prefs.clearUserPref(TorSettingsPrefs.proxy.type); + Services.prefs.clearUserPref(TorSettingsPrefs.proxy.address); + Services.prefs.clearUserPref(TorSettingsPrefs.proxy.port); + Services.prefs.clearUserPref(TorSettingsPrefs.proxy.username); + Services.prefs.clearUserPref(TorSettingsPrefs.proxy.password); + } + /* Firewall */ + Services.prefs.setBoolPref(TorSettingsPrefs.firewall.enabled, settings.firewall.enabled); + if (settings.firewall.enabled) { + Services.prefs.setStringPref(TorSettingsPrefs.firewall.allowed_ports, settings.firewall.allowed_ports.join(",")); + } else { + Services.prefs.clearUserPref(TorSettingsPrefs.firewall.allowed_ports); + } + + // all tor settings now stored in prefs :) + Services.prefs.setBoolPref(TorSettingsPrefs.enabled, true); + + return this; + }, + + // push our settings down to the tor daemon + applySettings: async function() { + console.log("TorSettings: applySettings()"); + let settings = this._settings; + let settingsMap = new Map(); + + /* Bridges */ + settingsMap.set(TorConfigKeys.useBridges, settings.bridges.enabled); + if (settings.bridges.enabled) { + settingsMap.set(TorConfigKeys.bridgeList, settings.bridges.bridge_strings); + } else { + // shuffle bridge list + settingsMap.set(TorConfigKeys.bridgeList, null); + } + + /* Proxy */ + settingsMap.set(TorConfigKeys.socks4Proxy, null); + settingsMap.set(TorConfigKeys.socks5Proxy, null); + settingsMap.set(TorConfigKeys.socks5ProxyUsername, null); + settingsMap.set(TorConfigKeys.socks5ProxyPassword, null); + settingsMap.set(TorConfigKeys.httpsProxy, null); + settingsMap.set(TorConfigKeys.httpsProxyAuthenticator, null); + if (settings.proxy.enabled) { + let address = settings.proxy.address; + let port = settings.proxy.port; + let username = settings.proxy.username; + let password = settings.proxy.password; + + switch (settings.proxy.type) { + case TorProxyType.Socks4: + settingsMap.set(TorConfigKeys.socks4Proxy, `${address}:${port}`); + break; + case TorProxyType.Socks5: + settingsMap.set(TorConfigKeys.socks5Proxy, `${address}:${port}`); + settingsMap.set(TorConfigKeys.socks5ProxyUsername, username); + settingsMap.set(TorConfigKeys.socks5ProxyPassword, password); + break; + case TorProxyType.HTTPS: + settingsMap.set(TorConfigKeys.httpsProxy, `${address}:${port}`); + settingsMap.set(TorConfigKeys.httpsProxyAuthenticator, `${username}:${password}`); + break; + } + } + + /* Firewall */ + if (settings.firewall.enabled) { + let reachableAddresses = settings.firewall.allowed_ports.map(port => `*:${port}`).join(","); + settingsMap.set(TorConfigKeys.reachableAddresses, reachableAddresses); + } else { + settingsMap.set(TorConfigKeys.reachableAddresses, null); + } + + /* Push to Tor */ + await TorProtocolService.writeSettings(settingsMap); + + return this; + }, + + // set all of our settings at once from a settings object + setSettings: function(settings) { + console.log("TorSettings: setSettings()"); + let backup = this.getSettings(); + + try { + if (settings.bridges.enabled) { + this._settings.bridges.enabled = true; + this._settings.bridges.source = settings.bridges.source; + switch(settings.bridges.source) { + case TorBridgeSource.BridgeDB: + case TorBridgeSource.UserProvided: + this._settings.bridges.bridge_strings = settings.bridges.bridge_strings + break; + case TorBridgeSource.BuiltIn: { + this._settings.bridges.builtin_type = settings.bridges.builtin_type; + let bridgeStrings = getBuiltinBridgeStrings(settings.bridges.builtin_type); + if (bridgeStrings.length > 0) { + this._settings.bridges.bridge_strings = bridgeStrings; + } else { + throw new Error(`No available builtin bridges of type ${settings.bridges.builtin_type}`); + } + break; + } + default: + throw new Error(`Bridge source '${settings.source}' is not a valid source`); + } + } else { + this.bridges.enabled = false; + } + + // TODO: proxy and firewall + } catch(ex) { + this._settings = backup; + console.log(`TorSettings: setSettings failed => ${ex.message}`); + } + + console.log("TorSettings: setSettings result"); + console.log(this._settings); + }, + + // get a copy of all our settings + getSettings: function() { + console.log("TorSettings: getSettings()"); + // TODO: replace with structuredClone someday (post esr94): https://developer.mozilla.org/en-US/docs/Web/API/structuredClone + return JSON.parse(JSON.stringify(this._settings)); + }, + + /* Getters and Setters */ + + // Quickstart + get quickstart() { + return { + get enabled() { return self._settings.quickstart.enabled; }, + set enabled(val) { + if (val != self._settings.quickstart.enabled) + { + self._settings.quickstart.enabled = val; + Services.obs.notifyObservers({value: val}, TorSettingsTopics.SettingChanged, TorSettingsData.QuickStartEnabled); + } + }, + }; + }, + + // Bridges + get bridges() { + return { + get enabled() { return self._settings.bridges.enabled; }, + set enabled(val) { + self._settings.bridges.enabled = val; + // reset bridge settings + self._settings.bridges.source = TorBridgeSource.Invalid; + self._settings.bridges.builtin_type = null; + self._settings.bridges.bridge_strings = []; + }, + get source() { return self._settings.bridges.source; }, + set source(val) { self._settings.bridges.source = val; }, + get builtin_type() { return self._settings.bridges.builtin_type; }, + set builtin_type(val) { + let bridgeStrings = getBuiltinBridgeStrings(val); + if (bridgeStrings.length > 0) { + self._settings.bridges.builtin_type = val; + self._settings.bridges.bridge_strings = bridgeStrings; + } + }, + get bridge_strings() { return arrayCopy(self._settings.bridges.bridge_strings); }, + set bridge_strings(val) { + self._settings.bridges.bridge_strings = parseBridgeStrings(val); + }, + }; + }, + + // Proxy + get proxy() { + return { + get enabled() { return self._settings.proxy.enabled; }, + set enabled(val) { + self._settings.proxy.enabled = val; + // reset proxy settings + self._settings.proxy.type = TorProxyType.Invalid; + self._settings.proxy.address = null; + self._settings.proxy.port = 0; + self._settings.proxy.username = null; + self._settings.proxy.password = null; + }, + get type() { return self._settings.proxy.type; }, + set type(val) { self._settings.proxy.type = val; }, + get address() { return self._settings.proxy.address; }, + set address(val) { self._settings.proxy.address = val; }, + get port() { return arrayCopy(self._settings.proxy.port); }, + set port(val) { self._settings.proxy.port = parsePort(val); }, + get username() { return self._settings.proxy.username; }, + set username(val) { self._settings.proxy.username = val; }, + get password() { return self._settings.proxy.password; }, + set password(val) { self._settings.proxy.password = val; }, + get uri() { + switch (this.type) { + case TorProxyType.Socks4: + return `socks4a://${this.address}:${this.port}`; + case TorProxyType.Socks5: + if (this.username) { + return `socks5://${this.username}:${this.password}@${this.address}:${this.port}`; + } + return `socks5://${this.address}:${this.port}`; + case TorProxyType.HTTPS: + if (this._proxyUsername) { + return `http://${this.username}:${this.password}@${this.address}:${this.port}`; + } + return `http://${this.address}:${this.port}`; + } + return null; + }, + }; + }, + + // Firewall + get firewall() { + return { + get enabled() { return self._settings.firewall.enabled; }, + set enabled(val) { + self._settings.firewall.enabled = val; + // reset firewall settings + self._settings.firewall.allowed_ports = []; + }, + get allowed_ports() { return self._settings.firewall.allowed_ports; }, + set allowed_ports(val) { self._settings.firewall.allowed_ports = parsePortList(val); }, + }; + }, + }; + self.init(); + return self; +})(); diff --git a/browser/modules/moz.build b/browser/modules/moz.build index b069f1b641f7..646784690c9a 100644 --- a/browser/modules/moz.build +++ b/browser/modules/moz.build @@ -128,6 +128,7 @@ EXTRA_JS_MODULES += [ "AboutNewTab.jsm", "AppUpdater.jsm", "AsyncTabSwitcher.jsm", + "BridgeDB.jsm", "BrowserUIUtils.jsm", "BrowserUsageTelemetry.jsm", "BrowserWindowTracker.jsm", @@ -138,6 +139,7 @@ EXTRA_JS_MODULES += [ "FaviconLoader.jsm", "HomePage.jsm", "LaterRun.jsm", + 'Moat.jsm', "NewTabPagePreloading.jsm", "OpenInTabsUtils.jsm", "PageActions.jsm", @@ -152,6 +154,8 @@ EXTRA_JS_MODULES += [ "TabsList.jsm", "TabUnloader.jsm", "ThemeVariableMap.jsm", + "TorProtocolService.jsm", + "TorSettings.jsm", "TransientPrefs.jsm", "webrtcUI.jsm", "ZoomUI.jsm", diff --git a/toolkit/components/processsingleton/MainProcessSingleton.jsm b/toolkit/components/processsingleton/MainProcessSingleton.jsm index ecdbf2a01d99..7bde782e54ce 100644 --- a/toolkit/components/processsingleton/MainProcessSingleton.jsm +++ b/toolkit/components/processsingleton/MainProcessSingleton.jsm @@ -24,6 +24,11 @@ MainProcessSingleton.prototype = { null ); + ChromeUtils.import( + "resource:///modules/TorSettings.jsm", + null + ); + Services.ppmm.loadProcessScript( "chrome://global/content/process-content.js", true

1 0

[tor-browser/tor-browser-91.5.0esr-11.5-2] Bug 10760: Integrate TorButton to TorBrowser core
by richard＠torproject.org 01 Feb '22

01 Feb '22

commit cb3cd953f3bbe90d9bc1a66d8c1af04c9ce6bf91 Author: Alex Catarineu <acat(a)torproject.org> Date: Wed Feb 19 23:05:08 2020 +0100 Bug 10760: Integrate TorButton to TorBrowser core Because of the non-restartless nature of Torbutton, it required a two-stage installation process. On mobile, it was a problem, because it was not loading when the user opened the browser for the first time. Moving it to tor-browser and making it a system extension allows it to load when the user opens the browser for first time. Additionally, this patch also fixes Bug 27611. Bug 26321: New Circuit and New Identity menu items Bug 14392: Make about:tor behave like other initial pages. Bug 25013: Add torbutton as a tor-browser submodule Bug 31575: Replace Firefox Home (newtab) with about:tor Avoid loading AboutNewTab in BrowserGlue.jsm in order to avoid several network requests that we do not need. Besides, about:newtab will now point to about:blank or about:tor (depending on browser.newtabpage.enabled) and about:home will point to about:tor. --- .gitmodules | 3 ++ browser/base/content/aboutDialog.xhtml | 38 +++++++++++------- browser/base/content/appmenu-viewcache.inc.xhtml | 28 +++++++++++++- browser/base/content/browser-doctype.inc | 6 +++ browser/base/content/browser-menubar.inc | 45 ++++++++++++++++------ browser/base/content/browser-sets.inc | 2 + browser/base/content/browser.js | 1 + browser/base/content/browser.xhtml | 9 +++++ browser/components/BrowserGlue.jsm | 33 +--------------- .../controlcenter/content/identityPanel.inc.xhtml | 22 +++++++++++ browser/components/newtab/AboutNewTabService.jsm | 15 +------- browser/components/preferences/home.inc.xhtml | 4 +- browser/components/preferences/preferences.xhtml | 5 ++- browser/installer/package-manifest.in | 2 + browser/modules/HomePage.jsm | 2 +- docshell/base/nsAboutRedirector.cpp | 6 ++- docshell/build/components.conf | 1 + mobile/android/installer/package-manifest.in | 4 ++ toolkit/moz.build | 1 + .../mozapps/extensions/internal/XPIProvider.jsm | 9 +++++ toolkit/torproject/torbutton | 1 + .../lib/environments/browser-window.js | 6 ++- 22 files changed, 166 insertions(+), 77 deletions(-) diff --git a/.gitmodules b/.gitmodules new file mode 100644 index 000000000000..2f03bd8e22df --- /dev/null +++ b/.gitmodules @@ -0,0 +1,3 @@ +[submodule "toolkit/torproject/torbutton"] + path = toolkit/torproject/torbutton + url = https://git.torproject.org/torbutton.git diff --git a/browser/base/content/aboutDialog.xhtml b/browser/base/content/aboutDialog.xhtml index 55c8b1c2c5f7..4eb122b0b2d8 100644 --- a/browser/base/content/aboutDialog.xhtml +++ b/browser/base/content/aboutDialog.xhtml @@ -7,11 +7,11 @@ <?xml-stylesheet href="chrome://global/skin/global.css" type="text/css"?> <?xml-stylesheet href="chrome://browser/content/aboutDialog.css" type="text/css"?> <?xml-stylesheet href="chrome://branding/content/aboutDialog.css" type="text/css"?> +<?xml-stylesheet href="chrome://torbutton/skin/aboutDialog.css" type="text/css"?> + <!DOCTYPE window [ -#ifdef XP_MACOSX #include browser-doctype.inc -#endif ]> <window xmlns:html="http://www.w3.org/1999/xhtml" @@ -28,7 +28,7 @@ data-l10n-id="aboutDialog-title" #endif role="dialog" - aria-describedby="version distribution distributionId communityDesc contributeDesc trademark" + aria-describedby="version distribution distributionId projectDesc helpDesc trademark trademarkTor" > #ifdef XP_MACOSX #include macWindow.inc.xhtml @@ -146,24 +146,36 @@ <label is="text-link" useoriginprincipal="true" href="about:credits" data-l10n-name="community-exp-creditsLink"/> </description> </vbox> - <description class="text-blurb" id="communityDesc" data-l10n-id="community-2"> - <label is="text-link" href="https://www.mozilla.org/?utm_source=firefox-browser&utm_medium=firefox-…" data-l10n-name="community-mozillaLink"/> - <label is="text-link" useoriginprincipal="true" href="about:credits" data-l10n-name="community-creditsLink"/> +  + <description class="text-blurb" id="communityDesc" data-l10n-id="community-2" hidden="true"></description> + <description class="text-blurb" id="contributeDesc" data-l10n-id="helpus" hidden="true"></description> + <description class="text-blurb" id="projectDesc"> + &project.start; + <label is="text-link" href="https://www.torproject.org/"> + &project.tpoLink; + </label>&project.end; </description> - <description class="text-blurb" id="contributeDesc" data-l10n-id="helpus"> - <label is="text-link" href="https://donate.mozilla.org/?utm_source=firefox&utm_medium=referral&…" data-l10n-name="helpus-donateLink"/> - <label is="text-link" href="https://www.mozilla.org/contribute/?utm_source=firefox-browser&utm_medi…" data-l10n-name="helpus-getInvolvedLink"/> + <description class="text-blurb" id="helpDesc"> + &help.start; + <label is="text-link" href="https://donate.torproject.org/"> + &help.donateLink; + </label> + &help.or; + <label is="text-link" href="https://community.torproject.org/"> + &help.getInvolvedLink; + </label>&help.end; </description> </vbox> </vbox> </hbox> <vbox id="bottomBox"> - <hbox pack="center"> - <label is="text-link" class="bottom-link" useoriginprincipal="true" href="about:license" data-l10n-id="bottomLinks-license"/> - <label is="text-link" class="bottom-link" useoriginprincipal="true" href="about:rights" data-l10n-id="bottomLinks-rights"/> - <label is="text-link" class="bottom-link" href="https://www.mozilla.org/privacy/?utm_source=firefox-browser&utm_medium=…" data-l10n-id="bottomLinks-privacy"/> + <hbox id="newBottom" pack="center" position="1"> + <label is="text-link" class="bottom-link" href="https://support.torproject.org/">&bottomLinks.questions;</label> + <label is="text-link" class="bottom-link" href="https://community.torproject.org/relay/">&bottomLinks.grow;</label> + <label is="text-link" class="bottom-link" useoriginprincipal="true" href="about:license">&bottomLinks.license;</label> </hbox> <description id="trademark" data-l10n-id="trademarkInfo"></description> + <description id="trademarkTor">&tor.TrademarkStatement;</description> </vbox> </vbox> diff --git a/browser/base/content/appmenu-viewcache.inc.xhtml b/browser/base/content/appmenu-viewcache.inc.xhtml index 895ef976fc23..a473509f1647 100644 --- a/browser/base/content/appmenu-viewcache.inc.xhtml +++ b/browser/base/content/appmenu-viewcache.inc.xhtml @@ -45,7 +45,8 @@ class="subviewbutton subviewbutton-iconic" data-l10n-id="appmenuitem-new-private-window" key="key_privatebrowsing" - command="Tools:PrivateBrowsing"/> + command="Tools:PrivateBrowsing" + hidden="true"/> #ifdef NIGHTLY_BUILD <toolbarbutton id="appMenu-fission-window-button" class="subviewbutton subviewbutton-iconic" @@ -61,7 +62,19 @@ <toolbarbutton id="appMenuRestoreLastSession" data-l10n-id="appmenu-restore-session" class="subviewbutton subviewbutton-iconic" - command="Browser:RestoreLastSession"/> + command="Browser:RestoreLastSession" + hidden="true"/> + <toolbarseparator/> + <toolbarbutton id="appMenuNewIdentity" + class="subviewbutton subviewbutton-iconic" + key="torbutton-new-identity-key" + label="&torbutton.context_menu.new_identity;" + oncommand="torbutton_new_identity();"/> + <toolbarbutton id="appMenuNewCircuit" + class="subviewbutton subviewbutton-iconic" + key="torbutton-new-circuit-key" + label="&torbutton.context_menu.new_circuit;" + oncommand="torbutton_new_circuit();"/> <toolbarseparator/> <toolbaritem id="appMenu-zoom-controls" class="toolbaritem-combined-buttons" closemenu="none">  @@ -256,6 +269,17 @@ key="key_privatebrowsing" command="Tools:PrivateBrowsing"/> <toolbarseparator/> + <toolbarbutton id="appMenuNewIdentity" + class="subviewbutton" + key="torbutton-new-identity-key" + label="&torbutton.context_menu.new_identity_sentence_case;" + oncommand="torbutton_new_identity();"/> + <toolbarbutton id="appMenuNewCircuit" + class="subviewbutton" + key="torbutton-new-circuit-key" + label="&torbutton.context_menu.new_circuit_sentence_case;" + oncommand="torbutton_new_circuit();"/> + <toolbarseparator/> <toolbarbutton id="appMenu-bookmarks-button" class="subviewbutton subviewbutton-nav" data-l10n-id="library-bookmarks-menu" diff --git a/browser/base/content/browser-doctype.inc b/browser/base/content/browser-doctype.inc index cea0382acde2..691d16a7b2e5 100644 --- a/browser/base/content/browser-doctype.inc +++ b/browser/base/content/browser-doctype.inc @@ -6,3 +6,9 @@ %textcontextDTD; <!ENTITY % placesDTD SYSTEM "chrome://browser/locale/places/places.dtd"> %placesDTD; +<!ENTITY % torbuttonDTD SYSTEM "chrome://torbutton/locale/torbutton.dtd"> +%torbuttonDTD; +<!ENTITY % aboutTorDTD SYSTEM "chrome://torbutton/locale/aboutTor.dtd"> +%aboutTorDTD; +<!ENTITY % aboutDialogDTD SYSTEM "chrome://torbutton/locale/aboutDialog.dtd"> +%aboutDialogDTD; diff --git a/browser/base/content/browser-menubar.inc b/browser/base/content/browser-menubar.inc index cd348e8e7817..4b7564cea087 100644 --- a/browser/base/content/browser-menubar.inc +++ b/browser/base/content/browser-menubar.inc @@ -38,6 +38,18 @@ command="Tools:NonFissionWindow" accesskey="s" label="New Non-Fission Window"/> #endif + <menuseparator/> + <menuitem id="menu_newIdentity" + accesskey="&torbutton.context_menu.new_identity_key;" + key="torbutton-new-identity-key" + label="&torbutton.context_menu.new_identity;" + oncommand="torbutton_new_identity();"/> + <menuitem id="menu_newCircuit" + accesskey="&torbutton.context_menu.new_circuit_key;" + key="torbutton-new-circuit-key" + label="&torbutton.context_menu.new_circuit;" + oncommand="torbutton_new_circuit();"/> + <menuseparator/> <menuitem id="menu_openLocation" hidden="true" command="Browser:OpenLocation" @@ -463,23 +475,34 @@ <menupopup id="menu_HelpPopup" onpopupshowing="buildHelpMenu();">  - <menuitem id="menu_openHelp" +  + <box id="feedbackPage"/> + <box id="helpSafeMode"/> + <box id="menu_HelpPopup_reportPhishingtoolmenu"/> + <box id="menu_HelpPopup_reportPhishingErrortoolmenu"/> +  + <menuitem id="torBrowserUserManual" + oncommand="gBrowser.selectedTab = gBrowser.addTab('https://tb-manual.torproject.org/' + Services.locale.requestedLocale, {triggeringPrincipal: Services.scriptSecurityManager.getSystemPrincipal()});" + label="&aboutTor.torbrowser_user_manual.label;" + accesskey="&aboutTor.torbrowser_user_manual.accesskey;"/> +  +  #else - /> + /> --> #endif - <menuitem id="feedbackPage" +  +  <menuitem id="troubleShooting" oncommand="openTroubleshootingPage()" data-l10n-id="menu-help-more-troubleshooting-info" @@ -489,18 +512,18 @@ data-l10n-id="menu-help-report-site-issue" appmenu-data-l10n-id="appmenu-help-report-site-issue" hidden="true"/> - <menuitem id="menu_HelpPopup_reportPhishingtoolmenu" +  +  <menuseparator id="aboutSeparator"/> <menuitem id="aboutName" oncommand="openAboutDialog();" diff --git a/browser/base/content/browser-sets.inc b/browser/base/content/browser-sets.inc index fdd83f64896e..c3129d6aae07 100644 --- a/browser/base/content/browser-sets.inc +++ b/browser/base/content/browser-sets.inc @@ -383,4 +383,6 @@ data-l10n-id="hide-other-apps-shortcut" modifiers="accel,alt"/> #endif + <key id="torbutton-new-identity-key" modifiers="accel shift" key="U" oncommand="torbutton_new_identity()"/> + <key id="torbutton-new-circuit-key" modifiers="accel shift" key="L" oncommand="torbutton_new_circuit()"/> </keyset> diff --git a/browser/base/content/browser.js b/browser/base/content/browser.js index 90abfb43da02..f823ce536c5d 100644 --- a/browser/base/content/browser.js +++ b/browser/base/content/browser.js @@ -633,6 +633,7 @@ var gPageIcons = { }; var gInitialPages = [ + "about:tor", "about:blank", "about:newtab", "about:home", diff --git a/browser/base/content/browser.xhtml b/browser/base/content/browser.xhtml index 82fd0d32d670..8efb544918b8 100644 --- a/browser/base/content/browser.xhtml +++ b/browser/base/content/browser.xhtml @@ -29,6 +29,8 @@ <?xml-stylesheet href="chrome://browser/skin/searchbar.css" type="text/css"?> <?xml-stylesheet href="chrome://browser/skin/places/tree-icons.css" type="text/css"?> <?xml-stylesheet href="chrome://browser/skin/places/editBookmark.css" type="text/css"?> +<?xml-stylesheet href="chrome://torbutton/skin/tor-circuit-display.css" type="text/css"?> +<?xml-stylesheet href="chrome://torbutton/skin/torbutton.css" type="text/css"?> # All DTD information is stored in a separate file so that it can be shared by # hiddenWindowMac.xhtml. @@ -106,11 +108,18 @@ Services.scriptloader.loadSubScript("chrome://browser/content/places/places-menupopup.js", this); Services.scriptloader.loadSubScript("chrome://browser/content/search/autocomplete-popup.js", this); Services.scriptloader.loadSubScript("chrome://browser/content/search/searchbar.js", this); + Services.scriptloader.loadSubScript("chrome://torbutton/content/tor-circuit-display.js", this); + Services.scriptloader.loadSubScript("chrome://torbutton/content/torbutton.js", this); window.onload = gBrowserInit.onLoad.bind(gBrowserInit); window.onunload = gBrowserInit.onUnload.bind(gBrowserInit); window.onclose = WindowIsClosing; + //onLoad Handler + try { + window.addEventListener("load", torbutton_init, false); + } catch (e) {} + window.addEventListener("MozBeforeInitialXULLayout", gBrowserInit.onBeforeInitialXULLayout.bind(gBrowserInit), { once: true }); diff --git a/browser/components/BrowserGlue.jsm b/browser/components/BrowserGlue.jsm index e3b29f47f8cb..0386e4159eeb 100644 --- a/browser/components/BrowserGlue.jsm +++ b/browser/components/BrowserGlue.jsm @@ -20,7 +20,6 @@ const { AppConstants } = ChromeUtils.import( Cu.importGlobalProperties(["Glean"]); XPCOMUtils.defineLazyModuleGetters(this, { - AboutNewTab: "resource:///modules/AboutNewTab.jsm", ActorManagerParent: "resource://gre/modules/ActorManagerParent.jsm", AddonManager: "resource://gre/modules/AddonManager.jsm", AppMenuNotifications: "resource://gre/modules/AppMenuNotifications.jsm", @@ -211,28 +210,6 @@ let JSWINDOWACTORS = { matches: ["about:logins", "about:logins?*", "about:loginsimportreport"], }, - AboutNewTab: { - parent: { - moduleURI: "resource:///actors/AboutNewTabParent.jsm", - }, - child: { - moduleURI: "resource:///actors/AboutNewTabChild.jsm", - events: { - DOMContentLoaded: {}, - pageshow: {}, - visibilitychange: {}, - }, - }, - // The wildcard on about:newtab is for the ?endpoint query parameter - // that is used for snippets debugging. The wildcard for about:home - // is similar, and also allows for falling back to loading the - // about:home document dynamically if an attempt is made to load - // about:home?jscache from the AboutHomeStartupCache as a top-level - // load. - matches: ["about:home*", "about:welcome", "about:newtab*"], - remoteTypes: ["privilegedabout"], - }, - AboutPlugins: { parent: { moduleURI: "resource:///actors/AboutPluginsParent.jsm", @@ -1617,8 +1594,6 @@ BrowserGlue.prototype = { // the first browser window has finished initializing _onFirstWindowLoaded: function BG__onFirstWindowLoaded(aWindow) { - AboutNewTab.init(); - TabCrashHandler.init(); ProcessHangMonitor.init(); @@ -5319,12 +5294,8 @@ var AboutHomeStartupCache = { return { pageInputStream: null, scriptInputStream: null }; } - let state = AboutNewTab.activityStream.store.getState(); - return new Promise(resolve => { - this._cacheDeferred = resolve; - this.log.trace("Parent is requesting cache streams."); - this._procManager.sendAsyncMessage(this.CACHE_REQUEST_MESSAGE, { state }); - }); + this.log.error("Activity Stream is disabled in Tor Browser."); + return { pageInputStream: null, scriptInputStream: null }; }, /** diff --git a/browser/components/controlcenter/content/identityPanel.inc.xhtml b/browser/components/controlcenter/content/identityPanel.inc.xhtml index 9a41ac1f33cc..06511866ae29 100644 --- a/browser/components/controlcenter/content/identityPanel.inc.xhtml +++ b/browser/components/controlcenter/content/identityPanel.inc.xhtml @@ -92,6 +92,28 @@ </vbox> </hbox> +  + + <vbox id="circuit-display-container" class="identity-popup-section"> + <toolbarseparator/> + <vbox id="circuit-display-header" flex="1" role="group" + aria-labelledby="circuit-display-headline"> + <hbox flex="1"> + <label id="circuit-display-headline" + role="heading" aria-level="2">&torbutton.circuit_display.title;</label> + </hbox> + </vbox> + <vbox id="circuit-display-content"> + <html:ul id="circuit-display-nodes" dir="auto"/> + <hbox id="circuit-guard-note-container"/> + <hbox id="circuit-reload-button-container"> + <html:button id="circuit-reload-button" + onclick="torbutton_new_circuit()" + default="true">&torbutton.circuit_display.new_circuit;</html:button> + </hbox> + </vbox> + </vbox> +  <vbox hidden="true" id="identity-popup-clear-sitedata-footer"> diff --git a/browser/components/newtab/AboutNewTabService.jsm b/browser/components/newtab/AboutNewTabService.jsm index 44308daa2b2d..d98c014e3f9e 100644 --- a/browser/components/newtab/AboutNewTabService.jsm +++ b/browser/components/newtab/AboutNewTabService.jsm @@ -420,20 +420,7 @@ class BaseAboutNewTabService { * the newtab page has no effect on the result of this function. */ get defaultURL() { - // Generate the desired activity stream resource depending on state, e.g., - // "resource://activity-stream/prerendered/activity-stream.html" - // "resource://activity-stream/prerendered/activity-stream-debug.html" - // "resource://activity-stream/prerendered/activity-stream-noscripts.html" - return [ - "resource://activity-stream/prerendered/", - "activity-stream", - // Debug version loads dev scripts but noscripts separately loads scripts - this.activityStreamDebug && !this.privilegedAboutProcessEnabled - ? "-debug" - : "", - this.privilegedAboutProcessEnabled ? "-noscripts" : "", - ".html", - ].join(""); + return "about:tor"; } get welcomeURL() { diff --git a/browser/components/preferences/home.inc.xhtml b/browser/components/preferences/home.inc.xhtml index 5bb936782ed9..e812d969837e 100644 --- a/browser/components/preferences/home.inc.xhtml +++ b/browser/components/preferences/home.inc.xhtml @@ -33,7 +33,7 @@ class="check-home-page-controlled" data-preference-related="browser.startup.homepage"> <menupopup> - <menuitem value="0" data-l10n-id="home-mode-choice-default" /> + <menuitem value="0" label="&aboutTor.title;" /> <menuitem value="2" data-l10n-id="home-mode-choice-custom" /> <menuitem value="1" data-l10n-id="home-mode-choice-blank" /> </menupopup> @@ -84,7 +84,7 @@ Preferences so we need to handle setting the pref manually.--> <menulist id="newTabMode" flex="1" data-preference-related="browser.newtabpage.enabled"> <menupopup> - <menuitem value="0" data-l10n-id="home-mode-choice-default" /> + <menuitem value="0" label="&aboutTor.title;" /> <menuitem value="1" data-l10n-id="home-mode-choice-blank" /> </menupopup> </menulist> diff --git a/browser/components/preferences/preferences.xhtml b/browser/components/preferences/preferences.xhtml index aab4a9e558bc..32184867ac17 100644 --- a/browser/components/preferences/preferences.xhtml +++ b/browser/components/preferences/preferences.xhtml @@ -13,7 +13,10 @@ <?xml-stylesheet href="chrome://browser/skin/preferences/containers.css"?> <?xml-stylesheet href="chrome://browser/skin/preferences/privacy.css"?> -<!DOCTYPE html> +<!DOCTYPE html [ +<!ENTITY % aboutTorDTD SYSTEM "chrome://torbutton/locale/aboutTor.dtd"> + %aboutTorDTD; +]> <html xmlns="http://www.w3.org/1999/xhtml" xmlns:html="http://www.w3.org/1999/xhtml" diff --git a/browser/installer/package-manifest.in b/browser/installer/package-manifest.in index 8f52da54f7b9..d4068cabb4ae 100644 --- a/browser/installer/package-manifest.in +++ b/browser/installer/package-manifest.in @@ -239,6 +239,8 @@ @RESPATH@/browser/chrome/browser.manifest @RESPATH@/chrome/pdfjs.manifest @RESPATH@/chrome/pdfjs/* +@RESPATH@/chrome/torbutton.manifest +@RESPATH@/chrome/torbutton/* @RESPATH@/chrome/toolkit@JAREXT@ @RESPATH@/chrome/toolkit.manifest @RESPATH@/chrome/recording.manifest diff --git a/browser/modules/HomePage.jsm b/browser/modules/HomePage.jsm index f73b0f3e6c8c..26618374df3a 100644 --- a/browser/modules/HomePage.jsm +++ b/browser/modules/HomePage.jsm @@ -21,7 +21,7 @@ XPCOMUtils.defineLazyModuleGetters(this, { }); const kPrefName = "browser.startup.homepage"; -const kDefaultHomePage = "about:home"; +const kDefaultHomePage = "about:tor"; const kExtensionControllerPref = "browser.startup.homepage_override.extensionControlled"; const kHomePageIgnoreListId = "homepage-urls"; diff --git a/docshell/base/nsAboutRedirector.cpp b/docshell/base/nsAboutRedirector.cpp index a320b4ebd431..6ab1a57f92cf 100644 --- a/docshell/base/nsAboutRedirector.cpp +++ b/docshell/base/nsAboutRedirector.cpp @@ -158,7 +158,11 @@ static const RedirEntry kRedirMap[] = { {"crashcontent", "about:blank", nsIAboutModule::HIDE_FROM_ABOUTABOUT | nsIAboutModule::URI_CAN_LOAD_IN_CHILD | - nsIAboutModule::URI_MUST_LOAD_IN_CHILD}}; + nsIAboutModule::URI_MUST_LOAD_IN_CHILD}, + {"tor", "chrome://torbutton/content/aboutTor/aboutTor.xhtml", + nsIAboutModule::URI_MUST_LOAD_IN_CHILD | + nsIAboutModule::URI_SAFE_FOR_UNTRUSTED_CONTENT | + nsIAboutModule::ALLOW_SCRIPT}}; static const int kRedirTotal = mozilla::ArrayLength(kRedirMap); NS_IMETHODIMP diff --git a/docshell/build/components.conf b/docshell/build/components.conf index 9987b60fa2ec..475546757fd4 100644 --- a/docshell/build/components.conf +++ b/docshell/build/components.conf @@ -29,6 +29,7 @@ about_pages = [ 'srcdoc', 'support', 'telemetry', + 'tor', 'url-classifier', 'webrtc', ] diff --git a/mobile/android/installer/package-manifest.in b/mobile/android/installer/package-manifest.in index f0664be7b6ee..dc65078b7014 100644 --- a/mobile/android/installer/package-manifest.in +++ b/mobile/android/installer/package-manifest.in @@ -132,6 +132,10 @@ @BINPATH@/chrome/devtools@JAREXT@ @BINPATH@/chrome/devtools.manifest +; Torbutton +@BINPATH@/chrome/torbutton@JAREXT@ +@BINPATH@/chrome/torbutton.manifest + ; [Default Preferences] ; All the pref files must be part of base to prevent migration bugs #ifndef MOZ_ANDROID_FAT_AAR_ARCHITECTURES diff --git a/toolkit/moz.build b/toolkit/moz.build index 14f4638b693e..4edccfac6d62 100644 --- a/toolkit/moz.build +++ b/toolkit/moz.build @@ -22,6 +22,7 @@ DIRS += [ "mozapps/preferences", "profile", "themes", + "torproject/torbutton", ] if CONFIG["OS_ARCH"] == "WINNT" and CONFIG["MOZ_DEFAULT_BROWSER_AGENT"]: diff --git a/toolkit/mozapps/extensions/internal/XPIProvider.jsm b/toolkit/mozapps/extensions/internal/XPIProvider.jsm index c1cef2814b38..8e16e236b238 100644 --- a/toolkit/mozapps/extensions/internal/XPIProvider.jsm +++ b/toolkit/mozapps/extensions/internal/XPIProvider.jsm @@ -1476,6 +1476,15 @@ var XPIStates = { for (let [id, file] of loc.readAddons()) { knownIds.delete(id); + // Uninstall torbutton if it is installed in the user profile + if (id === "torbutton(a)torproject.org" && + loc.name === KEY_APP_PROFILE) { + logger.debug("Uninstalling torbutton from user profile."); + loc.installer.uninstallAddon(id); + changed = true; + continue; + } + let xpiState = loc.get(id); if (!xpiState) { // If the location is not supported for sideloading, skip new diff --git a/toolkit/torproject/torbutton b/toolkit/torproject/torbutton new file mode 160000 index 000000000000..a7f607351517 --- /dev/null +++ b/toolkit/torproject/torbutton @@ -0,0 +1 @@ +Subproject commit a7f6073515175a1f2d7a2bca1eaec2bfaff03c0c diff --git a/tools/lint/eslint/eslint-plugin-mozilla/lib/environments/browser-window.js b/tools/lint/eslint/eslint-plugin-mozilla/lib/environments/browser-window.js index 76e03f2d49bb..2ff107b553b2 100644 --- a/tools/lint/eslint/eslint-plugin-mozilla/lib/environments/browser-window.js +++ b/tools/lint/eslint/eslint-plugin-mozilla/lib/environments/browser-window.js @@ -75,7 +75,11 @@ function getGlobalScriptIncludes(scriptPath) { "browser/components/search/content/" ) .replace("chrome://browser/content/", "browser/base/content/") - .replace("chrome://global/content/", "toolkit/content/"); + .replace("chrome://global/content/", "toolkit/content/") + .replace( + "chrome://torbutton/content/", + "toolkit/torproject/torbutton/chrome/content/" + ); for (let mapping of Object.getOwnPropertyNames(MAPPINGS)) { if (sourceFile.includes(mapping)) {

1 0

[tor-browser/tor-browser-91.5.0esr-11.5-2] Orfox: Centralized proxy applied to AbstractCommunicator and BaseResources.
by richard＠torproject.org 01 Feb '22

01 Feb '22

commit 97e875c43b0b508acaea5163090c39ac743bd91c Author: Amogh Pradeep <amoghbl1(a)gmail.com> Date: Fri Jun 12 02:07:45 2015 -0400 Orfox: Centralized proxy applied to AbstractCommunicator and BaseResources. See Bug 1357997 for partial uplift. Also: Bug 28051 - Use our Orbot for proxying our connections Bug 31144 - ESR68 Network Code Review --- .../java/org/mozilla/gecko/util/ProxySelector.java | 25 +++++++++++++++++++++- 1 file changed, 24 insertions(+), 1 deletion(-) diff --git a/mobile/android/geckoview/src/main/java/org/mozilla/gecko/util/ProxySelector.java b/mobile/android/geckoview/src/main/java/org/mozilla/gecko/util/ProxySelector.java index dbd07a069de1..800c7cf96de8 100644 --- a/mobile/android/geckoview/src/main/java/org/mozilla/gecko/util/ProxySelector.java +++ b/mobile/android/geckoview/src/main/java/org/mozilla/gecko/util/ProxySelector.java @@ -29,6 +29,10 @@ import java.net.URLConnection; import java.util.List; public class ProxySelector { + private static final String TOR_PROXY_ADDRESS = "127.0.0.1"; + private static final int TOR_SOCKS_PROXY_PORT = 9150; + private static final int TOR_HTTP_PROXY_PORT = 8218; + public static URLConnection openConnectionWithProxy(final URI uri) throws IOException { final java.net.ProxySelector ps = java.net.ProxySelector.getDefault(); Proxy proxy = Proxy.NO_PROXY; @@ -39,7 +43,26 @@ public class ProxySelector { } } - return uri.toURL().openConnection(proxy); + /* Ignore the proxy we found from the VM, only use Tor. We can probably + * safely use the logic in this class in the future. */ + return uri.toURL().openConnection(getProxy()); + } + + public static Proxy getProxy() { + // TODO make configurable + return new Proxy(Proxy.Type.SOCKS, new InetSocketAddress(TOR_PROXY_ADDRESS, TOR_SOCKS_PROXY_PORT)); + } + + public static String getProxyHostAddress() { + return TOR_PROXY_ADDRESS; + } + + public static int getSocksProxyPort() { + return TOR_SOCKS_PROXY_PORT; + } + + public static int getHttpProxyPort() { + return TOR_HTTP_PROXY_PORT; } public ProxySelector() {

1 0