tor-commits November 2023

tor-commits@lists.torproject.org

1 participants
155 discussions

[Git][tpo/applications/mullvad-browser][mullvad-browser-115.5.0esr-13.0-1] fixup! Firefox preference overrides.
by ma1 (＠ma1) 16 Nov '23

16 Nov '23

ma1 pushed to branch mullvad-browser-115.5.0esr-13.0-1 at The Tor Project / Applications / Mullvad Browser Commits: 7ce3d34f by hackademix at 2023-11-16T16:13:36+01:00 fixup! Firefox preference overrides. MB 250: Enable storage.sync to fix broken webextensions - - - - - 1 changed file: - browser/app/profile/001-base-profile.js Changes: ===================================== browser/app/profile/001-base-profile.js ===================================== @@ -567,8 +567,6 @@ pref("extensions.abuseReport.enabled", false); // Therefore, do not allow download of additional language packs. They are not a // privacy/security threat, we are disabling them for UX reasons. See bug 41377. pref("intl.multilingual.downloadEnabled", false); -// Disk activity: Disable storage.sync (tor-browser#41424) -pref("webextensions.storage.sync.enabled", false); // Enforce certificate pinning, see: https://bugs.torproject.org/16206 pref("security.cert_pinning.enforcement_level", 2); View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/commit/7ce… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/commit/7ce… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][tor-browser-115.5.0esr-13.0-1] fixup! Firefox preference overrides.
by ma1 (＠ma1) 16 Nov '23

16 Nov '23

ma1 pushed to branch tor-browser-115.5.0esr-13.0-1 at The Tor Project / Applications / Tor Browser Commits: 2c6df91f by hackademix at 2023-11-16T16:09:40+01:00 fixup! Firefox preference overrides. Bug 42277: Enable storage.sync to fix broken webextensions - - - - - 1 changed file: - browser/app/profile/001-base-profile.js Changes: ===================================== browser/app/profile/001-base-profile.js ===================================== @@ -569,8 +569,6 @@ pref("extensions.abuseReport.enabled", false); // Therefore, do not allow download of additional language packs. They are not a // privacy/security threat, we are disabling them for UX reasons. See bug 41377. pref("intl.multilingual.downloadEnabled", false); -// Disk activity: Disable storage.sync (tor-browser#41424) -pref("webextensions.storage.sync.enabled", false); // Enforce certificate pinning, see: https://bugs.torproject.org/16206 pref("security.cert_pinning.enforcement_level", 2); View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/2c6df91… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/2c6df91… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][base-browser-115.4.0esr-13.5-1] 2 commits: Bug 1849186 - Add a preference not to expose the content title in the window...
by Pier Angelo Vendrame (＠pierov) 16 Nov '23

16 Nov '23

Pier Angelo Vendrame pushed to branch base-browser-115.4.0esr-13.5-1 at The Tor Project / Applications / Tor Browser Commits: 2d2fd4cb by Pier Angelo Vendrame at 2023-11-16T13:36:51+01:00 Bug 1849186 - Add a preference not to expose the content title in the window title. r=Gijs,tabbrowser-reviewers,dao Differential Revision: https://phabricator.services.mozilla.com/D190496 - - - - - c6af08e3 by Pier Angelo Vendrame at 2023-11-16T13:36:52+01:00 fixup! Firefox preference overrides. Bug 41988: Do not expose page titles in winow title - - - - - 4 changed files: - browser/app/profile/001-base-profile.js - browser/app/profile/firefox.js - browser/base/content/tabbrowser.js - browser/components/privatebrowsing/test/browser/browser_privatebrowsing_windowtitle.js Changes: ===================================== browser/app/profile/001-base-profile.js ===================================== @@ -86,6 +86,12 @@ pref("browser.sessionstore.resume_from_crash", false); // Disable capturing thumbnails (tor-browser#41595) // Also not needed in PBM at the moment. pref("browser.pagethumbnails.capturing_disabled", true); +// tor-browser#41988: Remove page titles from window titles to prevent possible +// disk leaks, e.g., in system logs. +// For example, it happened that GNOME shell logged the window name that caused +// JS errors/unexpected conditions for unrelated issues. +pref("privacy.exposeContentTitleInWindow", false); +pref("privacy.exposeContentTitleInWindow.pbm", false); // Empty clipboard content from private windows on exit (tor-browser#42154) pref("browser.privatebrowsing.preserveClipboard", false); ===================================== browser/app/profile/firefox.js ===================================== @@ -968,7 +968,7 @@ pref("privacy.panicButton.enabled", true); // Time until temporary permissions expire, in ms pref("privacy.temporary_permission_expire_time_ms", 3600000); -// Enables protection mechanism against password spoofing for cross domain auh requests +// Enables protection mechanism against password spoofing for cross domain auth requests // See bug 791594 pref("privacy.authPromptSpoofingProtection", true); @@ -2104,6 +2104,12 @@ pref("privacy.webrtc.sharedTabWarning", false); // before navigating to the actual meeting room page. Doesn't survive tab close. pref("privacy.webrtc.deviceGracePeriodTimeoutMs", 3600000); +// Enable including the content in the window title. +// PBM users might want to disable this to avoid a possible source of disk +// leaks. +pref("privacy.exposeContentTitleInWindow", true); +pref("privacy.exposeContentTitleInWindow.pbm", true); + // Start the browser in e10s mode pref("browser.tabs.remote.autostart", true); pref("browser.tabs.remote.desktopbehavior", true); ===================================== browser/base/content/tabbrowser.js ===================================== @@ -102,6 +102,18 @@ true ); }); + XPCOMUtils.defineLazyPreferenceGetter( + this, + "_shouldExposeContentTitle", + "privacy.exposeContentTitleInWindow", + true + ); + XPCOMUtils.defineLazyPreferenceGetter( + this, + "_shouldExposeContentTitlePbm", + "privacy.exposeContentTitleInWindow.pbm", + true + ); if (AppConstants.MOZ_CRASHREPORTER) { ChromeUtils.defineModuleGetter( @@ -1072,6 +1084,19 @@ getWindowTitleForBrowser(aBrowser) { let docElement = document.documentElement; let title = ""; + let dataSuffix = + docElement.getAttribute("privatebrowsingmode") == "temporary" + ? "Private" + : "Default"; + let defaultTitle = docElement.dataset["title" + dataSuffix]; + + if ( + !this._shouldExposeContentTitle || + (PrivateBrowsingUtils.isWindowPrivate(window) && + !this._shouldExposeContentTitlePbm) + ) { + return defaultTitle; + } // If location bar is hidden and the URL type supports a host, // add the scheme and host to the title to prevent spoofing. @@ -1109,10 +1134,6 @@ title += tab.getAttribute("label").replace(/\0/g, ""); } - let dataSuffix = - docElement.getAttribute("privatebrowsingmode") == "temporary" - ? "Private" - : "Default"; if (title) { // We're using a function rather than just using `title` as the // new substring to avoid `$$`, `$'` etc. having a special @@ -1125,7 +1146,7 @@ ); } - return docElement.dataset["title" + dataSuffix]; + return defaultTitle; }, updateTitlebar() { ===================================== browser/components/privatebrowsing/test/browser/browser_privatebrowsing_windowtitle.js ===================================== @@ -107,4 +107,34 @@ add_task(async function test() { true, pb_about_pb_title ); + + await SpecialPowers.pushPrefEnv({ + set: [["privacy.exposeContentTitleInWindow.pbm", false]], + }); + await testTabTitle(await openWin(false), testPageURL, false, page_with_title); + await testTabTitle( + await openWin(true), + testPageURL, + true, + pb_page_without_title + ); + await SpecialPowers.pushPrefEnv({ + set: [ + ["privacy.exposeContentTitleInWindow", false], + ["privacy.exposeContentTitleInWindow.pbm", true], + ], + }); + await testTabTitle( + await openWin(false), + testPageURL, + false, + page_without_title + ); + // The generic preference set to false is intended to override the PBM one + await testTabTitle( + await openWin(true), + testPageURL, + true, + pb_page_without_title + ); }); View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/compare/d25471… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/compare/d25471… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser] Pushed new tag base-browser-115.5.0esr-13.0-1-build1
by Pier Angelo Vendrame (＠pierov) 16 Nov '23

16 Nov '23

Pier Angelo Vendrame pushed new tag base-browser-115.5.0esr-13.0-1-build1 at The Tor Project / Applications / Tor Browser -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/tree/base-brow… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser] Deleted tag base-browser-115.5.0esr-13.5-1-build1
by Pier Angelo Vendrame (＠pierov) 16 Nov '23

16 Nov '23

Pier Angelo Vendrame deleted tag base-browser-115.5.0esr-13.5-1-build1 at The Tor Project / Applications / Tor Browser -- You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/mullvad-browser] Pushed new branch mullvad-browser-115.5.0esr-13.5-1
by Pier Angelo Vendrame (＠pierov) 16 Nov '23

16 Nov '23

Pier Angelo Vendrame pushed new branch mullvad-browser-115.5.0esr-13.5-1 at The Tor Project / Applications / Mullvad Browser -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/tree/mullv… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser] Pushed new branch tor-browser-115.5.0esr-13.5-1
by Pier Angelo Vendrame (＠pierov) 16 Nov '23

16 Nov '23

Pier Angelo Vendrame pushed new branch tor-browser-115.5.0esr-13.5-1 at The Tor Project / Applications / Tor Browser -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/tree/tor-brows… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser-build][main] Bug 40884: add upload-sha256sums make target and release script
by richard (＠richard) 16 Nov '23

16 Nov '23

richard pushed to branch main at The Tor Project / Applications / tor-browser-build Commits: 37c0d265 by Dan Ballard at 2023-11-16T00:37:36+00:00 Bug 40884: add upload-sha256sums make target and release script - - - - - 4 changed files: - Makefile - projects/release/config - + projects/release/upload_sha256sums - rbm.local.conf.example Changes: ===================================== Makefile ===================================== @@ -650,12 +650,28 @@ cargo_vendor-rcodesign: submodule-update submodule-update: git submodule update --init +# requires tpo_user variable be set in rbm.local.conf +torbrowser-upload-sha256sums-release: submodule-update + $(rbm) build release --step upload_sha256sums --target release --target torbrowser + +# requires tpo_user variable be set in rbm.local.conf +torbrowser-upload-sha256sums-alpha: submodule-update + $(rbm) build release --step upload_sha256sums --target alpha --target torbrowser + torbrowser-signtag-release: submodule-update $(rbm) build release --step signtag --target release --target torbrowser torbrowser-signtag-alpha: submodule-update $(rbm) build release --step signtag --target alpha --target torbrowser +# requires tpo_user variable be set in rbm.local.conf +mullvadbrowser-upload-sha256sums-release: submodule-update + $(rbm) build release --step upload_sha256sums --target release --target mullvadbrowser + +# requires tpo_user variable be set in rbm.local.conf +mullvadbrowser-upload-sha256sums-alpha: submodule-update + $(rbm) build release --step upload_sha256sums --target alpha --target mullvadbrowser + mullvadbrowser-signtag-release: submodule-update $(rbm) build release --step signtag --target release --target mullvadbrowser ===================================== projects/release/config ===================================== @@ -258,3 +258,8 @@ steps: debug: 0 input_files: [] dmg2mar: '[% INCLUDE dmg2mar %]' + upload_sha256sums: + build_log: '-' + debug: 0 + input_files: [] + upload_sha256sums: '[% INCLUDE upload_sha256sums %]' ===================================== projects/release/upload_sha256sums ===================================== @@ -0,0 +1,34 @@ +#!/bin/sh +# Tool to sign sha256sums of builds and upload them to where signing/download-unsigned-sha256sums-gpg-signatures-from-people-tpo expects them to be + +version=[% c("version") %]-[% c("var/torbrowser_build") %] +signed=[% c("var/signed_status") %] +channel=[% c("var/build_target") %] +browser=[% c("var/browser_type") %] + +src_dir=[% shell_quote(path(dest_dir)) %]/$signed/$version + +target_dir=~/public_html/builds/$browser/$channel/$version/ + +echo "browser:$browser channel:$channel signed:$signed version:$version" + +if [ ! -d $src_dir ]; then + echo "ERROR: $src_dir does not exist!" + exit +fi + +cd $src_dir +for i in sha256sums*.txt; do + if [ ! -f $i.asc ] ; then + gpg -abs [% c("var/sign_build_gpg_opts") %] $i; + fi +done + +if [ -z '[% c("var/tpo_user") %]' ]; then + print "tpo_user variable unset, required to upload to people.torproject.org. Please set in rbm.local.conf" + exit +fi + +ssh [% c("var/tpo_user") %](a)people.torproject.org "mkdir -p $target_dir" +rsync sha256sums*.* [% c("var/tpo_user") %]@people.torproject.org:$target_dir +echo "Synced sha256sums to https://people.torproject.org/~[% c("var/tpo_user") %]/builds/$browser/$channel/$version/" \ No newline at end of file ===================================== rbm.local.conf.example ===================================== @@ -55,6 +55,11 @@ var: ### and sha256sums-unsigned-build.incrementals.txt files. #sign_build_gpg_opts: '--local-user XXXXXXXX' + ### The var/tpo_user option is used on the release upload_sha256sums step + ### and is the user on people.torproject.org that ssh/rsync will try to + ### upload the files to + #tpo_user: username + ### The clean configuration is used by the cleaning script to find the ### branches and build targets you are using, to compute the list of ### files that should be kept. View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/3… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/3… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][tor-browser-115.5.0esr-13.0-1] fixup! Bug 21952: Implement Onion-Location
by richard (＠richard) 16 Nov '23

16 Nov '23

richard pushed to branch tor-browser-115.5.0esr-13.0-1 at The Tor Project / Applications / Tor Browser Commits: d8eacc7e by Henry Wilkes at 2023-11-16T00:28:11+00:00 fixup! Bug 21952: Implement Onion-Location Bug 41341: Make the body text of onion-location-notification non-bold, and anchor the popup to the bottom right corner of the ".onion available" button. - - - - - 3 changed files: - browser/base/content/popup-notifications.inc - browser/components/onionservices/OnionLocationParent.jsm - browser/components/onionservices/content/onionlocation.css Changes: ===================================== browser/base/content/popup-notifications.inc ===================================== @@ -8,6 +8,15 @@ noautofocus="true" role="alert"/> +  + <popupnotification id="onion-location-notification" hidden="true"> + <popupnotificationcontent orient="vertical"> + <description id="onion-location-body-text"/> + </popupnotificationcontent> + </popupnotification> + <popupnotification id="webRTC-shareDevices-notification" hidden="true" descriptionid="webRTC-shareDevices-notification-description"> <popupnotificationcontent id="webRTC-selectCamera" orient="vertical"> ===================================== browser/components/onionservices/OnionLocationParent.jsm ===================================== @@ -13,12 +13,11 @@ const PRIORITIZE_ONIONS_PREF = "privacy.prioritizeonions.enabled"; // Element IDs const ONIONLOCATION_BOX_ID = "onion-location-box"; -const ONIONLOCATION_BUTTON_ID = "onion-location-button"; const ONIONLOCATION_LABEL_ID = "onion-label"; // Notification IDs const NOTIFICATION_ID = "onion-location"; -const NOTIFICATION_ANCHOR_ID = "onionlocation"; +const NOTIFICATION_ANCHOR_ID = "onion-location-box"; // Strings const STRING_ONION_AVAILABLE = TorStrings.onionLocation.onionAvailable; @@ -108,6 +107,9 @@ class OnionLocationParent extends JSWindowActorParent { callback: () => {}, }; + win.document.getElementById("onion-location-body-text").textContent = + NOTIFICATION_DESCRIPTION; + const options = { autofocus: true, persistent: true, @@ -115,28 +117,25 @@ class OnionLocationParent extends JSWindowActorParent { eventCallback(aTopic) { if (aTopic === "removed") { delete browser._onionLocationPrompt; - delete browser.onionpopupnotificationanchor; } }, learnMoreURL: NOTIFICATION_LEARN_MORE_URL, - displayURI: { - hostPort: NOTIFICATION_TITLE, // This is hacky, but allows us to have a title without extra markup/css. - }, hideClose: true, - popupIconClass: "onionlocation-notification-icon", + popupOptions: { + position: "bottomright topright", + }, }; - // A hacky way of setting the popup anchor outside the usual url bar icon box - // onionlocationpopupnotificationanchor comes from `${ANCHOR_ID}popupnotificationanchor` - // From https://searchfox.org/mozilla-esr68/rev/080f9ed47742644d2ff84f7aa0b10aea5c4… - browser.onionlocationpopupnotificationanchor = win.document.getElementById( - ONIONLOCATION_BUTTON_ID - ); + // A hacky way of setting the popup anchor outside the usual url bar icon + // box, similar to CRF and addons. + // See: https://searchfox.org/mozilla-esr115/rev/7962d6b7b17ee105ad64ab7906af2b9179… + browser[NOTIFICATION_ANCHOR_ID + "popupnotificationanchor"] = + win.document.getElementById(NOTIFICATION_ANCHOR_ID); browser._onionLocationPrompt = win.PopupNotifications.show( browser, NOTIFICATION_ID, - NOTIFICATION_DESCRIPTION, + NOTIFICATION_TITLE, NOTIFICATION_ANCHOR_ID, mainAction, [cancelAction], ===================================== browser/components/onionservices/content/onionlocation.css ===================================== @@ -5,7 +5,3 @@ -moz-context-properties: fill; fill: currentColor; } - -.onionlocation-notification-icon { - display: none; -} View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/d8eacc7… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/d8eacc7… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/mullvad-browser] Pushed new tag mullvad-browser-115.5.0esr-13.0-1-build1
by richard (＠richard) 15 Nov '23

15 Nov '23

richard pushed new tag mullvad-browser-115.5.0esr-13.0-1-build1 at The Tor Project / Applications / Mullvad Browser -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/tree/mullv… You're receiving this email because of your account on gitlab.torproject.org.

1 0

← Newer
1
...
6
7
8
9
10
11
12
...
16
Older →

Jump to page:

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

tor-commits November 2023