April 2023 - tor-commits - lists.torproject.org

[Git][tpo/applications/tor-browser][tor-browser-102.10.0esr-12.5-1] fixup! Bug 41649: Create rebase and security backport gitlab issue templates
by Richard Pospesel (＠richard) 23 Apr '23

23 Apr '23

Richard Pospesel pushed to branch tor-browser-102.10.0esr-12.5-1 at The Tor Project / Applications / Tor Browser Commits: 0db7a4bd by Richard Pospesel at 2023-04-23T11:51:30+00:00 fixup! Bug 41649: Create rebase and security backport gitlab issue templates - - - - - 3 changed files: - .gitlab/issue_templates/Backport Android Security Fixes.md - .gitlab/issue_templates/Rebase Browser - Alpha.md - .gitlab/issue_templates/Rebase Browser - Stable.md Changes: ===================================== .gitlab/issue_templates/Backport Android Security Fixes.md ===================================== @@ -4,6 +4,7 @@ - example : `102.8.0` - `$(RR_VERSION)` : the Mozilla defined Rapid-Release version; Tor Browser for Android is based off of the `$(ESR_VERSION)`, but Mozilla's Firefox for Android is based off of the `$(RR_VERSION)` so we need to keep track of security vulnerabilities to backport from the monthly Rapid-Release train and our frozen ESR train. - example: `110` +- `$(PROJECT_NAME)` : the name of the browser project, either `base-browser` or `tor-browser` - `$(TOR_BROWSER_MAJOR)` : the Tor Browser major version - example : `12` - `$(TOR_BROWSER_MINOR)` : the Tor Browser minor version @@ -12,7 +13,7 @@ - example : `build1` </details> -**NOTE:** It is assumed the `tor-browser` rebase has already happened and there exists a `build1` build tag for both `base-browser` and `tor-browser` +**NOTE:** It is assumed the `tor-browser` rebase (stable and alpha) has already happened and there exists a `build1` build tags for both `base-browser` and `tor-browser` (stable and alpha) ### **Bookkeeping** @@ -36,26 +37,53 @@ - Create link to the CVE on [mozilla.org](https://www.mozilla.org/en-US/security/advisories/) - example: https://www.mozilla.org/en-US/security/advisories/mfsa2023-05/#CVE-2023-257… - Create link to the associated Bugzilla issues (found in the CVE description) - - Create a link to the relevant `gecko-dev`/other commit hashes which need to be backported OR a brief justification for why the fix does not need to be backported + - Create links to the relevant `gecko-dev`/other commit hashes which need to be backported OR a brief justification for why the fix does not need to be backported - To find the `gecko-dev` version of a `mozilla-central`, search for a unique string in the relevant `mozilla-central` commit message in the `gecko-dev/release` branch log. - **NOTE:** This process is unfortunately somewhat poorly defined/ad-hoc given the general variation in how Bugzilla issues are labeled and resolved. In general this is going to involve a bit of hunting to identify needed commits or determining whether or not the fix is relevant. +### CVEs + + ### **tor-browser** : https://gitlab.torproject.org/tpo/applications/tor-browser.git - [ ] Backport any Android-specific security fixes from Firefox rapid-release - - [ ] Sign/Tag commit: - - Tag : `tor-browser-$(ESR_VERSION)-$(TOR_BROWSER_MAJOR).$(TOR_BROWSER_MINOR)-1-$(BUILD_N)` + - [ ] Backport patches to `tor-browser` stable branch + - [ ] Open MR + - [ ] Merge + - [ ] Rebase patches onto: + - [ ] `base-browser` stable + - [ ] `tor-browser` alpha + - [ ] `base-browser` alpha + - [ ] Sign/Tag commits: + - Tag : `$(PROJECT_NAME)-$(ESR_VERSION)-$(TOR_BROWSER_MAJOR).$(TOR_BROWSER_MINOR)-1-$(BUILD_N)` - Message: `Tagging $(BUILD_N) for $(ESR_VERSION)-based alpha)` - - [ ] Push tag to `origin` + - [ ] `base-browser` stable + - [ ] `tor-browser` stable + - [ ] `base-browser` alpha + - [ ] `tor-browser` alpha + - [ ] Push tags to `origin` **OR** - [ ] No backports ### **application-services** : *TODO: we will need to setup a gitlab copy of this repo that we can apply security backports to if there are ever any security issues here* - [ ] Backport any Android-specific security fixes from Firefox rapid-release - - [ ] Sign/Tag commit: + - [ ] Backport patches to `application-services` stable branch + - [ ] Open MR + - [ ] Merge + - [ ] Rebase patches onto `application-services` alpha + - [ ] Sign/Tag commits: - Tag : `application-services-$(ESR_VERSION)-$(TOR_BROWSER_MAJOR).$(TOR_BROWSER_MINOR)-1-$(BUILD_N)` - Message: `Tagging $(BUILD_N) for $(ESR_VERSION)-based alpha` - - [ ] Push tag to `origin` + - [ ] `application-services` stable + - [ ] `application-services` alpha + - [ ] Push tags to `origin` **OR** - [ ] No backports @@ -63,10 +91,16 @@ ### **android-components** : https://gitlab.torproject.org/tpo/applications/android-components.git - [ ] Backport any Android-specific security fixes from Firefox rapid-release - **NOTE**: Since November 2022, this repo has been merged with `fenix` into a singular `firefox-android` repo: https://github.com/mozilla-mobile/firefox-android. Any backport will require a patch rewrite to apply to our legacy `android-components` project. - - [ ] Sign/Tag commit: + - [ ] Backport patches to `android-components` stable branch + - [ ] Open MR + - [ ] Merge + - [ ] Rebase patches onto `android-components` alpha + - [ ] Sign/Tag commits: - Tag : `android-components-$(ESR_VERSION)-$(TOR_BROWSER_MAJOR).$(TOR_BROWSER_MINOR)-1-$(BUILD_N)` - Message: `Tagging $(BUILD_N) for $(ESR_VERSION)-based alpha)` - - [ ] Push tag to `origin` + - [ ] `android-components` stable + - [ ] `android-components` alpha + - [ ] Push tags to `origin` **OR** - [ ] No backports @@ -74,15 +108,17 @@ ### **fenix** : https://gitlab.torproject.org/tpo/applications/fenix.git - [ ] Backport any Android-specific security fixes from Firefox rapid-release - **NOTE**: Since February 2023, this repo has been merged with `android-components` into a singular `firefox-android` repo: https://github.com/mozilla-mobile/firefox-android. Any backport will require a patch rewrite to apply to our legacy `fenix` project. - - [ ] Sign/Tag commit: + - [ ] Backport patches to `fenix` stable branch + - [ ] Open MR + - [ ] Merge + - [ ] Rebase patches onto `fenix` alpha + - [ ] Sign/Tag commits: - Tag : `tor-browser-$(ESR_VERSION)-$(TOR_BROWSER_MAJOR).$(TOR_BROWSER_MINOR)-1-$(BUILD_N)` - Message: `Tagging $(BUILD_N) for $(ESR_VERSION)-based alpha)` - - [ ] Push tag to `origin` + - [ ] `fenix` stable + - [ ] `fenix` alpha + - [ ] Push tags to `origin` **OR** - [ ] No backports -### CVEs - - - /confidential ===================================== .gitlab/issue_templates/Rebase Browser - Alpha.md ===================================== @@ -27,14 +27,46 @@ - [ ] Link this issue to the appropriate [Release Prep](https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/is… issue. +### Update Branch Protection Rules + +- [ ] In [Repository Settings](https://gitlab.torproject.org/tpo/applications/tor-browser/-/sett…: + - [ ] Remove previous alpha `base-browser` and `tor-browser` branch protection rules (this will prevent pushing new changes to the branches being rebased) + - [ ] Create new `base-browser` and `tor-browser` branch protection rule: + - **Branch**: `*-$(ESR_VERSION)esr-$(BROWSER_MAJOR).$(BROWSER_MINOR)-1*` + - example: `*-102.8.0esr-12.5-1*` + - **Allowed to merge**: `Maintainers` + - **Allowed to push and merge**: `Maintainers` + - **Allowed to force push**: `false` + +### **Create New Branches** + +- [ ] Create new alpha `base-browser` branch from Firefox mercurial tag (found during the stable rebase) + - branch name in the form: `base-browser-$(ESR_VERSION)esr-$(BROWSER_MAJOR).$(BROWSER_MINOR)-1` + - example: `base-browser-102.8.0esr-12.5-1` +- [ ] Create new alpha `tor-browser` branch from Firefox mercurial tag + - branch name in the form: `tor-browser-$(ESR_VERSION)esr-$(BROWSER_MAJOR).$(BROWSER_MINOR)-1` + - example: `tor-browser-102.8.0esr-12.5-1` +- [ ] Push new `base-browser` branch to `origin` +- [ ] Push new `tor-browser` branch to `origin` + ### **Rebase base-browser** -- [ ] Checkout a new branch for the `base-browser` rebase +- [ ] Checkout a new local branch for the `base-browser` rebase - example: `git branch base-browser-rebase FIREFOX_102_8_0esr_BUILD1` - [ ] Cherry-pick the previous `base-browser` commits up to `base-browser`'s `build1` tag onto new `base-browser` rebase branch - example: `git cherry-pick FIREFOX_102_7_0esr_BUILD1..base-browser-102.7.0esr-12.5-1-build1` - [ ] Rebase and autosquash these cherry-picked commits - example: `git rebase --autosquash --interactive FIREFOX_102_8_0esr_BUILD1 HEAD` + - [ ] **(Optional)** Patch reordering + - Relocate new `base-browser` patches in the patch-set to enforce this rough thematic ordering: + - **MOZILLA BACKPORTS** - official Firefox patches we have backported to our ESR branch: Android-specific security updates, critical bug fixes, worthwhile features, etc + - **MOZILLA REVERTS** - revert commits of official Firefox patches + - **UPLIFT CANDIDATES** - patches which stand on their own and should be uplifted to `mozilla-central` + - **BUILD CONFIGURATION** - tools/scripts, gitlab templates, etc + - **BROWSER CONFIGURATION** - branding, mozconfigs, preference overrides, etc + - **SECURITY PATCHES** - security improvements, hardening, etc + - **PRIVACY PATCHES** - fingerprinting, linkability, proxy bypass, etc + - **FEATURES** - new functionality: updater, UX, letterboxing, security level, add-on integration, etc - [ ] Cherry-pick remainder of patches after the `build1` tag - example: `git cherry-pick base-browser-102.7.0esr-12.5-1-build1 origin/base-browser-102.7.0esr-12.5-1` - [ ] Compare patch sets to ensure nothing *weird* happened during conflict resolution: @@ -61,15 +93,30 @@ - example: `git cherry-pick base-browser-102.7.0esr-12.5-1-build1..tor-browser-102.7.0esr-12.5-1-build1` - [ ] Rebase and autosquash these cherry-picked commits (from the last new `base-browser` commit to `HEAD`) - example: `git rebase --autosquash --interactive base-browser-102.8.0esr-12.5-1-build1 HEAD` + - [ ] **(Optional)** Patch reordering + - Relocate new `tor-browser` patches in the patch-set to enforce this rough thematic ordering: + - **BUILD CONFIGURATION** - tools/scripts, gitlab templates, etc + - **BROWSER CONFIGURATION** - branding, mozconfigs, preference overrides, etc + - **UPDATER PATCHES** - updater tweaks, signing keys, etc + - **SECURITY PATCHES** - non tor-dependent security improvements, hardening, etc + - **PRIVACY PATCHES** - non tor-dependent fingerprinting, linkability, proxy bypass, etc + - **FEAURES** - non tor-dependent features + - **TOR INTEGRATION** - legacy tor-launcher/torbutton, tor modules, bootstrapping, etc + - **TOR SECURITY PATCHES** - tor-specific security improvements + - **TOR PRIVACY PATCHES** - tor-specific privacy improvements + - **TOR FEATURES** - new tor-specific functionality: manual, onion-location, onion service client auth, etc - [ ] Cherry-pick remainder of patches after the last `buildN` tag - example: `git cherry-pick base-browser-102.7.0esr-12.5-1-build1..origin/tor-browser-102.7.0esr-12.5-1` +- [ ] Rebase and autosquash again (from the last new `base-browser` commit to `HEAD`), this time replacing all `fixup` and `squash` commands with `pick`. The goal here is to have all of the `fixup` and `squash` commits beside the commit which they modify. + - example: `git rebase --autosquash --interactive base-browser-102.8.0esr-12.5-1-build1 HEAD` + - **NOTE**: Do not allow `fixup` or `squash` commands here! - [ ] Compare patch sets to ensure nothing *weird* happened during conflict resolution: - [ ] diff of diffs: - Do the diff between `current_patchset.diff` and `rebased_patchset.diff` with your preferred difftool and look at differences on lines that starts with + or - - `git diff $(ESR_TAG_PREV)..$(BROWSER_BRANCH_PREV) > current_patchset.diff` - `git diff $(ESR_TAG)..$(BROWSER_BRANCH) > rebased_patchset.diff` - diff `current_patchset.diff` and `rebased_patchset.diff` - - If everything went correctly, the only lines which should differ should be the lines starting with `index abc123...def456` + - If everything went correctly, the only lines which should differ should be the lines starting with `index abc123...def456` (unless the previous `base-browser` branch includes changes not included in the previous `tor-browser` branch) - [ ] rangediff: `git range-diff $(ESR_TAG_PREV)..$(TOR_BROWSER_BRANCH_PREV) $(ESR_TAG)..HEAD` - example: `git range-dif FIREFOX_102_7_0esr_BUILD1..origin/tor-browser-102.7.0esr-12.5-1 FIREFOX_102_8_0esr_BUILD1..HEAD` - [ ] Open MR for the `tor-browser` rebase ===================================== .gitlab/issue_templates/Rebase Browser - Stable.md ===================================== @@ -25,6 +25,17 @@ - [ ] Link this issue to the appropriate [Release Prep](https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/is… issue. +### Update Branch Protection Rules + +- [ ] In [Repository Settings](https://gitlab.torproject.org/tpo/applications/tor-browser/-/sett…: + - [ ] Remove previous stable `base-browser` and `tor-browser` branch protection rules (this will prevent pushing new changes to the branches being rebased) + - [ ] Create new `base-browser` and `tor-browser` branch protection rule: + - **Branch**: `*-$(ESR_VERSION)esr-$(BROWSER_MAJOR).$(BROWSER_MINOR)-1*` + - example: `*-102.8.0esr-12.0-1*` + - **Allowed to merge**: `Maintainers` + - **Allowed to push and merge**: `Maintainers` + - **Allowed to force push**: `false` + ### **Identify the Firefox Tagged Commit and Create New Branches** - [ ] Find the Firefox mercurial tag here : https://hg.mozilla.org/releases/mozilla-esr102/tags @@ -48,7 +59,7 @@ ### **Rebase base-browser** -- [ ] Checkout a new branch for the `base-browser` rebase +- [ ] Checkout a new local branch for the `base-browser` rebase - example: `git branch base-browser-rebase FIREFOX_102_8_0esr_BUILD1` - [ ] Cherry-pick the previous `base-browser` commits up to `base-browser`'s `build1` tag onto new `base-browser` rebase branch - example: `git cherry-pick FIREFOX_102_7_0esr_BUILD1..base-browser-102.7.0esr-12.0-1-build1` @@ -72,6 +83,7 @@ - Message : `Tagging build1 for $(ESR_VERSION)esr-based stable` - [ ] Push tag to `origin` + ### **Rebase tor-browser** - [ ] Checkout a new branch for the `tor-browser` rebase starting from the `base-browser` `build1` tag @@ -88,7 +100,7 @@ - `git diff $(ESR_TAG_PREV)..$(BROWSER_BRANCH_PREV) > current_patchset.diff` - `git diff $(ESR_TAG)..$(BROWSER_BRANCH) > rebased_patchset.diff` - diff `current_patchset.diff` and `rebased_patchset.diff` - - If everything went correctly, the only lines which should differ should be the lines starting with `index abc123...def456` + - If everything went correctly, the only lines which should differ should be the lines starting with `index abc123...def456` (unless the previous `base-browser` branch includes changes not included in the previous `tor-browser` branch) - [ ] rangediff: `git range-diff $(ESR_TAG_PREV)..$(TOR_BROWSER_BRANCH_PREV) $(ESR_TAG)..HEAD` - example: `git range-dif FIREFOX_102_7_0esr_BUILD1..origin/tor-browser-102.7.0esr-12.0-1 FIREFOX_102_8_0esr_BUILD1..HEAD` - [ ] Open MR for the `tor-browser` rebase @@ -97,4 +109,3 @@ - Tag : `tor-browser-$(ESR_VERSION)esr-$(BROWSER_MAJOR).$(BROWSER_MINOR)-1-build1` - Message : `Tagging build1 for $(ESR_VERSION)esr-based stable` - [ ] Push tag to `origin` - View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/0db7a4b… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/0db7a4b… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][tor-browser-102.10.0esr-12.5-1] Bug 41728: Pin bridges.torproject.org domains to Let's Encrypt's root cert public key
by Richard Pospesel (＠richard) 20 Apr '23

20 Apr '23

Richard Pospesel pushed to branch tor-browser-102.10.0esr-12.5-1 at The Tor Project / Applications / Tor Browser Commits: 9b35dbeb by hackademix at 2023-04-20T20:11:22+00:00 Bug 41728: Pin bridges.torproject.org domains to Let's Encrypt's root cert public key - - - - - 1 changed file: - security/manager/ssl/StaticHPKPins.h Changes: ===================================== security/manager/ssl/StaticHPKPins.h ===================================== @@ -451,6 +451,14 @@ static const StaticFingerprints kPinset_tor = { kPinset_tor_Data }; +static const char* const kPinset_tor_browser_Data[] = { + kISRG_Root_X1Fingerprint, +}; +static const StaticFingerprints kPinset_tor_browser = { + sizeof(kPinset_tor_browser_Data) / sizeof(const char*), + kPinset_tor_browser_Data +}; + static const char* const kPinset_twitterCom_Data[] = { kGOOGLE_PIN_VeriSignClass2_G2Fingerprint, kGOOGLE_PIN_VeriSignClass3_G2Fingerprint, @@ -619,6 +627,7 @@ static const TransportSecurityPreload kPublicKeyPinningPreloadList[] = { { "blogger.com", true, false, false, -1, &kPinset_google_root_pems }, { "blogspot.com", true, false, false, -1, &kPinset_google_root_pems }, { "br.search.yahoo.com", false, true, false, -1, &kPinset_yahoo }, + { "bridges.torproject.org", false, false, false, -1, &kPinset_tor_browser }, { "bugs.chromium.org", true, false, false, -1, &kPinset_google_root_pems }, { "build.chromium.org", true, false, false, -1, &kPinset_google_root_pems }, { "business.facebook.com", true, false, false, -1, &kPinset_facebook }, View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/9b35dbe… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/9b35dbe… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][base-browser-102.10.0esr-12.5-1] 4 commits: Bug 41736 - Customize toolbar for base-browser.
by Richard Pospesel (＠richard) 20 Apr '23

20 Apr '23

Richard Pospesel pushed to branch base-browser-102.10.0esr-12.5-1 at The Tor Project / Applications / Tor Browser Commits: ca768445 by Henry Wilkes at 2023-04-20T20:00:45+00:00 Bug 41736 - Customize toolbar for base-browser. - - - - - 1cc48456 by Henry Wilkes at 2023-04-20T20:00:45+00:00 fixup! Bug 40926: Implemented the New Identity feature Bug 41736 - Stop setting the browser.uiCustomization.state preference. - - - - - 4bea1315 by Henry Wilkes at 2023-04-20T20:00:46+00:00 fixup! Bug 40925: Implemented the Security Level component Bug 41736 - Stop setting the browser.uiCustomization.state preference. - - - - - 90750ca9 by Henry Wilkes at 2023-04-20T20:00:46+00:00 fixup! Firefox preference overrides. Bug 41736 - Stop setting the browser.uiCustomization.state preference. - - - - - 3 changed files: - browser/app/profile/001-base-profile.js - browser/components/customizableui/CustomizableUI.jsm - browser/components/extensions/parent/ext-browserAction.js Changes: ===================================== browser/app/profile/001-base-profile.js ===================================== @@ -464,9 +464,6 @@ pref("intl.multilingual.downloadEnabled", false); // Disk activity: Disable storage.sync (tor-browser#41424) pref("webextensions.storage.sync.enabled", false); -// Toolbar layout -pref("browser.uiCustomization.state", "{\"placements\":{\"widget-overflow-fixed-list\":[],\"PersonalToolbar\":[\"personal-bookmarks\"],\"nav-bar\":[\"back-button\",\"forward-button\",\"stop-reload-button\",\"urlbar-container\",\"security-level-button\",\"new-identity-button\",\"downloads-button\"],\"TabsToolbar\":[\"tabbrowser-tabs\",\"new-tab-button\",\"alltabs-button\"],\"toolbar-menubar\":[\"menubar-items\"],\"PanelUI-contents\":[\"home-button\",\"edit-controls\",\"zoom-controls\",\"new-window-button\",\"save-page-button\",\"print-button\",\"bookmarks-menu-button\",\"history-panelmenu\",\"find-button\",\"preferences-button\",\"add-ons-button\",\"developer-button\"],\"addon-bar\":[\"addonbar-closebutton\",\"status-bar\"]},\"seen\":[\"developer-button\"],\"dirtyAreaCache\":[\"PersonalToolbar\",\"nav-bar\",\"TabsToolbar\",\"toolbar-menubar\"],\"currentVersion\":14,\"newElementCount\":1}"); - // Enforce certificate pinning, see: https://bugs.torproject.org/16206 pref("security.cert_pinning.enforcement_level", 2); ===================================== browser/components/customizableui/CustomizableUI.jsm ===================================== @@ -65,6 +65,11 @@ const kSubviewEvents = ["ViewShowing", "ViewHiding"]; */ var kVersion = 17; +/** + * The current version for base browser. + */ +var kVersionBaseBrowser = 1; + /** * Buttons removed from built-ins by version they were removed. kVersion must be * bumped any time a new id is added to this. Use the button id as key, and @@ -218,6 +223,7 @@ var CustomizableUIInternal = { this._updateForNewVersion(); this._updateForNewProtonVersion(); this._markObsoleteBuiltinButtonsSeen(); + this._updateForBaseBrowser(); this.registerArea( CustomizableUI.AREA_FIXED_OVERFLOW_PANEL, @@ -236,10 +242,15 @@ var CustomizableUIInternal = { Services.policies.isAllowed("removeHomeButtonByDefault") ? null : "home-button", - "spring", + // Don't want springs either side of the urlbar. tor-browser#41736 "urlbar-container", - "spring", - "save-to-pocket-button", + // save-to-pocket-button is entirely disabled. See tor-browser#18886 and + // tor-browser#31602. + // Base-browser additions tor-browser#41736. If you want to add to, remove + // from, or rearrange this list, then bump the kVersionBaseBrowser and + // update existing saved states in _updateForBaseBrowser. + "security-level-button", + "new-identity-button", "downloads-button", AppConstants.MOZ_DEV_EDITION ? "developer-button" : null, "fxa-toolbar-menu-button", @@ -255,6 +266,10 @@ var CustomizableUIInternal = { }, true ); + // navbarPlacements does not match the initial default XHTML layout. + // Therefore we always need to rebuild the navbar area when + // registerToolbarNode is called. tor-browser#41736 + gDirtyAreaCache.add(CustomizableUI.AREA_NAVBAR); if (AppConstants.MENUBAR_CAN_AUTOHIDE) { this.registerArea( @@ -687,6 +702,104 @@ var CustomizableUIInternal = { } }, + _updateForBaseBrowser() { + if (!gSavedState) { + // Use the defaults. + return; + } + + const currentVersion = gSavedState.currentVersionBaseBrowser; + + if (currentVersion < 1) { + // NOTE: In base-browser/tor-browser version 12.5a5, and earlier, the + // toolbar was configured by setting the full JSON string for the default + // "browser.uiCustomization.state" preference value. The disadvantage is + // that we could not update this value in a way that existing users (who + // would have non-default preference values) would also get the desired + // change (e.g. for adding or removing a button). + // + // With tor-browser#41736 we want to switch to changing the toolbar + // dynamically like firefox. Therefore, this first version transfer simply + // gets the toolbar into the same state we wanted before, away from the + // default firefox state. + // + // If an existing user state aligned with the previous default + // "browser.uiCustomization.state" then this shouldn't visibly change + // anything. + // If a user explicitly customized the toolbar to go back to the firefox + // default, then this may undo those changes. + const navbarPlacements = + gSavedState.placements[CustomizableUI.AREA_NAVBAR]; + if (navbarPlacements) { + const getBeforeAfterUrlbar = () => { + // NOTE: The urlbar is non-removable from the navbar, so should have + // an index. + const index = navbarPlacements.indexOf("urlbar-container"); + let after = index + 1; + if ( + after < navbarPlacements.length && + navbarPlacements[after] === "search-container" + ) { + // Skip past the search-container. + after++; + } + return { before: index - 1, after }; + }; + + // Remove the urlbar springs either side of the urlbar. + const { before, after } = getBeforeAfterUrlbar(); + if ( + after < navbarPlacements.length && + this.matchingSpecials(navbarPlacements[after], "spring") + ) { + // Remove the spring after. + navbarPlacements.splice(after, 1); + // NOTE: The `before` index does not change. + } + if ( + before >= 0 && + this.matchingSpecials(navbarPlacements[before], "spring") + ) { + // Remove the spring before. + navbarPlacements.splice(before, 1); + } + + // Make sure the security-level-button and new-identity-button appears + // in the toolbar. + for (const id of ["new-identity-button", "security-level-button"]) { + let alreadyAdded = false; + for (const placements of Object.values(gSavedState.placements)) { + if (placements.includes(id)) { + alreadyAdded = true; + break; + } + } + if (alreadyAdded) { + continue; + } + + // Add to the nav-bar, after the urlbar-container. + // NOTE: We have already removed the spring after the urlbar. + navbarPlacements.splice(getBeforeAfterUrlbar().after, 0, id); + } + } + + // Remove save-to-pocket-button. See tor-browser#18886 and + // tor-browser#31602. + for (const placements of Object.values(gSavedState.placements)) { + let buttonIndex = placements.indexOf("save-to-pocket-button"); + if (buttonIndex != -1) { + placements.splice(buttonIndex, 1); + } + } + + // Remove unused fields that used to be part of + // "browser.uiCustomization.state". + delete gSavedState.placements["PanelUI-contents"]; + delete gSavedState.placements["addon-bar"]; + } + }, + _placeNewDefaultWidgetsInArea(aArea) { let futurePlacedWidgets = gFuturePlacements.get(aArea); let savedPlacements = @@ -2501,6 +2614,10 @@ var CustomizableUIInternal = { gSavedState.currentVersion = 0; } + if (!("currentVersionBaseBrowser" in gSavedState)) { + gSavedState.currentVersionBaseBrowser = 0; + } + gSeenWidgets = new Set(gSavedState.seen || []); gDirtyAreaCache = new Set(gSavedState.dirtyAreaCache || []); gNewElementCount = gSavedState.newElementCount || 0; @@ -2579,6 +2696,7 @@ var CustomizableUIInternal = { seen: gSeenWidgets, dirtyAreaCache: gDirtyAreaCache, currentVersion: kVersion, + currentVersionBaseBrowser: kVersionBaseBrowser, newElementCount: gNewElementCount, }; ===================================== browser/components/extensions/parent/ext-browserAction.js ===================================== @@ -193,6 +193,10 @@ this.browserAction = class extends ExtensionAPIPersistent { } build() { + // The extension ID for NoScript (WebExtension) + const isNoScript = + this.extension.id === "{73a6fe31-595d-460b-a920-fcc0f8843232}"; + let widget = CustomizableUI.createWidget({ id: this.id, viewId: this.viewId, @@ -200,7 +204,11 @@ this.browserAction = class extends ExtensionAPIPersistent { removable: true, label: this.action.getProperty(null, "title"), tooltiptext: this.action.getProperty(null, "title"), - defaultArea: browserAreas[this.action.getDefaultArea()], + // Do not want to add the NoScript extension to the toolbar by default. + // tor-browser#41736 + defaultArea: isNoScript + ? null + : browserAreas[this.action.getDefaultArea()], showInPrivateBrowsing: this.extension.privateBrowsingAllowed, // Don't attempt to load properties from the built-in widget string View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/compare/fd31ee… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/compare/fd31ee… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][tor-browser-102.10.0esr-12.5-1] 6 commits: Bug 41736 - Customize toolbar for base-browser.
by Richard Pospesel (＠richard) 20 Apr '23

20 Apr '23

Richard Pospesel pushed to branch tor-browser-102.10.0esr-12.5-1 at The Tor Project / Applications / Tor Browser Commits: 1ce930e3 by Henry Wilkes at 2023-04-20T20:03:08+00:00 Bug 41736 - Customize toolbar for base-browser. - - - - - d354800c by Henry Wilkes at 2023-04-20T20:03:08+00:00 fixup! Bug 40926: Implemented the New Identity feature Bug 41736 - Stop setting the browser.uiCustomization.state preference. - - - - - adacb2c3 by Henry Wilkes at 2023-04-20T20:03:08+00:00 fixup! Bug 40925: Implemented the Security Level component Bug 41736 - Stop setting the browser.uiCustomization.state preference. - - - - - 491718d1 by Henry Wilkes at 2023-04-20T20:03:08+00:00 fixup! Firefox preference overrides. Bug 41736 - Stop setting the browser.uiCustomization.state preference. - - - - - 352acb10 by Henry Wilkes at 2023-04-20T20:03:08+00:00 Bug 41736 - Customize toolbar for tor-browser. - - - - - 96796fa5 by Henry Wilkes at 2023-04-20T20:03:08+00:00 fixup! Bug 40562: Added Tor Browser preferences to 000-tor-browser.js Bug 41736 - Stop setting the browser.uiCustomization.state preference. - - - - - 4 changed files: - browser/app/profile/000-tor-browser.js - browser/app/profile/001-base-profile.js - browser/components/customizableui/CustomizableUI.jsm - browser/components/extensions/parent/ext-browserAction.js Changes: ===================================== browser/app/profile/000-tor-browser.js ===================================== @@ -30,8 +30,6 @@ pref("network.security.ports.banned", "", locked); pref("network.dns.disabled", true); // This should cover the #5741 patch for DNS leaks pref("network.http.max-persistent-connections-per-proxy", 256); -pref("browser.uiCustomization.state", "{\"placements\":{\"widget-overflow-fixed-list\":[],\"PersonalToolbar\":[\"personal-bookmarks\"],\"nav-bar\":[\"back-button\",\"forward-button\",\"stop-reload-button\",\"urlbar-container\",\"torbutton-button\",\"security-level-button\",\"new-identity-button\",\"downloads-button\"],\"TabsToolbar\":[\"tabbrowser-tabs\",\"new-tab-button\",\"alltabs-button\"],\"toolbar-menubar\":[\"menubar-items\"],\"PanelUI-contents\":[\"home-button\",\"edit-controls\",\"zoom-controls\",\"new-window-button\",\"save-page-button\",\"print-button\",\"bookmarks-menu-button\",\"history-panelmenu\",\"find-button\",\"preferences-button\",\"add-ons-button\",\"developer-button\"],\"addon-bar\":[\"addonbar-closebutton\",\"status-bar\"]},\"seen\":[\"developer-button\",\"_73a6fe31-595d-460b-a920-fcc0f8843232_-browser-action\"],\"dirtyAreaCache\":[\"PersonalToolbar\",\"nav-bar\",\"TabsToolbar\",\"toolbar-menubar\"],\"currentVersion\":14,\"newElementCount\":1}"); - // Treat .onions as secure pref("dom.securecontext.allowlist_onions", true); ===================================== browser/app/profile/001-base-profile.js ===================================== @@ -464,9 +464,6 @@ pref("intl.multilingual.downloadEnabled", false); // Disk activity: Disable storage.sync (tor-browser#41424) pref("webextensions.storage.sync.enabled", false); -// Toolbar layout -pref("browser.uiCustomization.state", "{\"placements\":{\"widget-overflow-fixed-list\":[],\"PersonalToolbar\":[\"personal-bookmarks\"],\"nav-bar\":[\"back-button\",\"forward-button\",\"stop-reload-button\",\"urlbar-container\",\"security-level-button\",\"new-identity-button\",\"downloads-button\"],\"TabsToolbar\":[\"tabbrowser-tabs\",\"new-tab-button\",\"alltabs-button\"],\"toolbar-menubar\":[\"menubar-items\"],\"PanelUI-contents\":[\"home-button\",\"edit-controls\",\"zoom-controls\",\"new-window-button\",\"save-page-button\",\"print-button\",\"bookmarks-menu-button\",\"history-panelmenu\",\"find-button\",\"preferences-button\",\"add-ons-button\",\"developer-button\"],\"addon-bar\":[\"addonbar-closebutton\",\"status-bar\"]},\"seen\":[\"developer-button\"],\"dirtyAreaCache\":[\"PersonalToolbar\",\"nav-bar\",\"TabsToolbar\",\"toolbar-menubar\"],\"currentVersion\":14,\"newElementCount\":1}"); - // Enforce certificate pinning, see: https://bugs.torproject.org/16206 pref("security.cert_pinning.enforcement_level", 2); ===================================== browser/components/customizableui/CustomizableUI.jsm ===================================== @@ -65,6 +65,16 @@ const kSubviewEvents = ["ViewShowing", "ViewHiding"]; */ var kVersion = 17; +/** + * The current version for base browser. + */ +var kVersionBaseBrowser = 1; + +/** + * The current version for tor browser. + */ +var kVersionTorBrowser = 1; + /** * Buttons removed from built-ins by version they were removed. kVersion must be * bumped any time a new id is added to this. Use the button id as key, and @@ -218,6 +228,8 @@ var CustomizableUIInternal = { this._updateForNewVersion(); this._updateForNewProtonVersion(); this._markObsoleteBuiltinButtonsSeen(); + this._updateForBaseBrowser(); + this._updateForTorBrowser(); this.registerArea( CustomizableUI.AREA_FIXED_OVERFLOW_PANEL, @@ -236,10 +248,17 @@ var CustomizableUIInternal = { Services.policies.isAllowed("removeHomeButtonByDefault") ? null : "home-button", - "spring", + // Don't want springs either side of the urlbar. tor-browser#41736 "urlbar-container", - "spring", - "save-to-pocket-button", + // save-to-pocket-button is entirely disabled. See tor-browser#18886 and + // tor-browser#31602. + // Base-browser additions tor-browser#41736. If you want to add to, remove + // from, or rearrange this list, then bump the kVersionBaseBrowser and + // update existing saved states in _updateForBaseBrowser. + // Or if the change is only meant for tor-browser, bump kVersionTorBrowser + // instead and update the existing saved states in _updateForTorBrowser. + "security-level-button", + "new-identity-button", "downloads-button", AppConstants.MOZ_DEV_EDITION ? "developer-button" : null, "fxa-toolbar-menu-button", @@ -255,6 +274,10 @@ var CustomizableUIInternal = { }, true ); + // navbarPlacements does not match the initial default XHTML layout. + // Therefore we always need to rebuild the navbar area when + // registerToolbarNode is called. tor-browser#41736 + gDirtyAreaCache.add(CustomizableUI.AREA_NAVBAR); if (AppConstants.MENUBAR_CAN_AUTOHIDE) { this.registerArea( @@ -687,6 +710,123 @@ var CustomizableUIInternal = { } }, + _updateForBaseBrowser() { + if (!gSavedState) { + // Use the defaults. + return; + } + + const currentVersion = gSavedState.currentVersionBaseBrowser; + + if (currentVersion < 1) { + // NOTE: In base-browser/tor-browser version 12.5a5, and earlier, the + // toolbar was configured by setting the full JSON string for the default + // "browser.uiCustomization.state" preference value. The disadvantage is + // that we could not update this value in a way that existing users (who + // would have non-default preference values) would also get the desired + // change (e.g. for adding or removing a button). + // + // With tor-browser#41736 we want to switch to changing the toolbar + // dynamically like firefox. Therefore, this first version transfer simply + // gets the toolbar into the same state we wanted before, away from the + // default firefox state. + // + // If an existing user state aligned with the previous default + // "browser.uiCustomization.state" then this shouldn't visibly change + // anything. + // If a user explicitly customized the toolbar to go back to the firefox + // default, then this may undo those changes. + const navbarPlacements = + gSavedState.placements[CustomizableUI.AREA_NAVBAR]; + if (navbarPlacements) { + const getBeforeAfterUrlbar = () => { + // NOTE: The urlbar is non-removable from the navbar, so should have + // an index. + const index = navbarPlacements.indexOf("urlbar-container"); + let after = index + 1; + if ( + after < navbarPlacements.length && + navbarPlacements[after] === "search-container" + ) { + // Skip past the search-container. + after++; + } + return { before: index - 1, after }; + }; + + // Remove the urlbar springs either side of the urlbar. + const { before, after } = getBeforeAfterUrlbar(); + if ( + after < navbarPlacements.length && + this.matchingSpecials(navbarPlacements[after], "spring") + ) { + // Remove the spring after. + navbarPlacements.splice(after, 1); + // NOTE: The `before` index does not change. + } + if ( + before >= 0 && + this.matchingSpecials(navbarPlacements[before], "spring") + ) { + // Remove the spring before. + navbarPlacements.splice(before, 1); + } + + // Make sure the security-level-button and new-identity-button appears + // in the toolbar. + for (const id of ["new-identity-button", "security-level-button"]) { + let alreadyAdded = false; + for (const placements of Object.values(gSavedState.placements)) { + if (placements.includes(id)) { + alreadyAdded = true; + break; + } + } + if (alreadyAdded) { + continue; + } + + // Add to the nav-bar, after the urlbar-container. + // NOTE: We have already removed the spring after the urlbar. + navbarPlacements.splice(getBeforeAfterUrlbar().after, 0, id); + } + } + + // Remove save-to-pocket-button. See tor-browser#18886 and + // tor-browser#31602. + for (const placements of Object.values(gSavedState.placements)) { + let buttonIndex = placements.indexOf("save-to-pocket-button"); + if (buttonIndex != -1) { + placements.splice(buttonIndex, 1); + } + } + + // Remove unused fields that used to be part of + // "browser.uiCustomization.state". + delete gSavedState.placements["PanelUI-contents"]; + delete gSavedState.placements["addon-bar"]; + } + }, + + _updateForTorBrowser() { + if (!gSavedState) { + // Use the defaults. + return; + } + + const currentVersion = gSavedState.currentVersionTorBrowser; + + if (currentVersion < 1) { + // Remove torbutton-button, which no longer exists. + for (const placements of Object.values(gSavedState.placements)) { + let buttonIndex = placements.indexOf("torbutton-button"); + if (buttonIndex != -1) { + placements.splice(buttonIndex, 1); + } + } + } + }, + _placeNewDefaultWidgetsInArea(aArea) { let futurePlacedWidgets = gFuturePlacements.get(aArea); let savedPlacements = @@ -2501,6 +2641,14 @@ var CustomizableUIInternal = { gSavedState.currentVersion = 0; } + if (!("currentVersionBaseBrowser" in gSavedState)) { + gSavedState.currentVersionBaseBrowser = 0; + } + + if (!("currentVersionTorBrowser" in gSavedState)) { + gSavedState.currentVersionTorBrowser = 0; + } + gSeenWidgets = new Set(gSavedState.seen || []); gDirtyAreaCache = new Set(gSavedState.dirtyAreaCache || []); gNewElementCount = gSavedState.newElementCount || 0; @@ -2579,6 +2727,8 @@ var CustomizableUIInternal = { seen: gSeenWidgets, dirtyAreaCache: gDirtyAreaCache, currentVersion: kVersion, + currentVersionBaseBrowser: kVersionBaseBrowser, + currentVersionTorBrowser: kVersionTorBrowser, newElementCount: gNewElementCount, }; ===================================== browser/components/extensions/parent/ext-browserAction.js ===================================== @@ -193,6 +193,10 @@ this.browserAction = class extends ExtensionAPIPersistent { } build() { + // The extension ID for NoScript (WebExtension) + const isNoScript = + this.extension.id === "{73a6fe31-595d-460b-a920-fcc0f8843232}"; + let widget = CustomizableUI.createWidget({ id: this.id, viewId: this.viewId, @@ -200,7 +204,11 @@ this.browserAction = class extends ExtensionAPIPersistent { removable: true, label: this.action.getProperty(null, "title"), tooltiptext: this.action.getProperty(null, "title"), - defaultArea: browserAreas[this.action.getDefaultArea()], + // Do not want to add the NoScript extension to the toolbar by default. + // tor-browser#41736 + defaultArea: isNoScript + ? null + : browserAreas[this.action.getDefaultArea()], showInPrivateBrowsing: this.extension.privateBrowsingAllowed, // Don't attempt to load properties from the built-in widget string View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/compare/4ae885… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/compare/4ae885… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser-update-responses][main] alpha: new version, 12.5a5
by boklm (＠boklm) 20 Apr '23

20 Apr '23

boklm pushed to branch main at The Tor Project / Applications / Tor Browser update responses Commits: f3488a32 by Nicolas Vigier at 2023-04-20T21:46:33+02:00 alpha: new version, 12.5a5 - - - - - 30 changed files: - update_3/alpha/.htaccess - − update_3/alpha/12.5a3-12.5a4-linux32-ALL.xml - − update_3/alpha/12.5a3-12.5a4-linux64-ALL.xml - − update_3/alpha/12.5a3-12.5a4-macos-ALL.xml - − update_3/alpha/12.5a3-12.5a4-win32-ALL.xml - − update_3/alpha/12.5a3-12.5a4-win64-ALL.xml - + update_3/alpha/12.5a4-12.5a5-linux32-ALL.xml - + update_3/alpha/12.5a4-12.5a5-linux64-ALL.xml - + update_3/alpha/12.5a4-12.5a5-macos-ALL.xml - + update_3/alpha/12.5a4-12.5a5-win32-ALL.xml - + update_3/alpha/12.5a4-12.5a5-win64-ALL.xml - − update_3/alpha/12.5a4-linux32-ALL.xml - − update_3/alpha/12.5a4-linux64-ALL.xml - − update_3/alpha/12.5a4-macos-ALL.xml - − update_3/alpha/12.5a4-win32-ALL.xml - − update_3/alpha/12.5a4-win64-ALL.xml - + update_3/alpha/12.5a5-linux32-ALL.xml - + update_3/alpha/12.5a5-linux64-ALL.xml - + update_3/alpha/12.5a5-macos-ALL.xml - + update_3/alpha/12.5a5-win32-ALL.xml - + update_3/alpha/12.5a5-win64-ALL.xml - update_3/alpha/download-android-aarch64.json - update_3/alpha/download-android-armv7.json - update_3/alpha/download-android-x86.json - update_3/alpha/download-android-x86_64.json - update_3/alpha/download-linux-i686.json - update_3/alpha/download-linux-x86_64.json - update_3/alpha/download-macos.json - update_3/alpha/download-windows-i686.json - update_3/alpha/download-windows-x86_64.json The diff was not included because it is too large. View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-update-responses… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-update-responses… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][tor-browser-102.10.0esr-12.5-1] 2 commits: fixup! Bug 41417: Always prompt users to restart after changing language
by Pier Angelo Vendrame (＠pierov) 20 Apr '23

20 Apr '23

Pier Angelo Vendrame pushed to branch tor-browser-102.10.0esr-12.5-1 at The Tor Project / Applications / Tor Browser Commits: 7cf4e447 by Pier Angelo Vendrame at 2023-04-20T20:16:02+02:00 fixup! Bug 41417: Always prompt users to restart after changing language Bug 41738: Drop the patch to disable live reload Revert "Bug 41417: Always prompt users to restart after changing language" This reverts commit bad85a459ea24b34f3c09924c6d2b9f0bc750d88. - - - - - 4ae88530 by Pier Angelo Vendrame at 2023-04-20T20:16:02+02:00 fixup! Firefox preference overrides. Bug 41738: Drop the patch to disable live reload and use the pref - - - - - 2 changed files: - browser/app/profile/001-base-profile.js - browser/components/preferences/main.js Changes: ===================================== browser/app/profile/001-base-profile.js ===================================== @@ -499,6 +499,10 @@ pref("browser.urlbar.suggest.topsites", false); // is only reported via telemetry (which is disabled). See tor-browser#40048. pref("corroborator.enabled", false); +// tor-browser#41417: do not allow live reload until we switch to Fluent and +// stop using .textContent. +pref("intl.multilingual.liveReload", false); + // Onboarding. pref("browser.onboarding.tourset-version", 5); pref("browser.onboarding.newtour", "welcome,privacy,tor-network-9.0,circuit-display,security,expect-differences,onion-services,learn-more"); ===================================== browser/components/preferences/main.js ===================================== @@ -1196,17 +1196,18 @@ var gMainPane = { gMainPane.recordBrowserLanguagesTelemetry("reorder"); switch (gMainPane.getLanguageSwitchTransitionType(newLocales)) { - // tor-browser#41417: Always prompt for the restart, until we switch to - // Fluent, since the current way we use to update languages does not allow - // live-reload. We could also call showConfirmLanguageChangeMessageBar in - // the official live-reload case, but the result is inconsistent and makes - // handling the locales-match case harder. case "requires-restart": - case "live-reload": // Prepare to change the locales, as they were different. gMainPane.showConfirmLanguageChangeMessageBar(newLocales); gMainPane.updatePrimaryBrowserLanguageUI(newLocales[0]); break; + case "live-reload": + Services.locale.requestedLocales = newLocales; + gMainPane.updatePrimaryBrowserLanguageUI( + Services.locale.appLocaleAsBCP47 + ); + gMainPane.hideConfirmLanguageChangeMessageBar(); + break; case "locales-match": // They matched, so we can reset the UI. gMainPane.updatePrimaryBrowserLanguageUI( @@ -1459,12 +1460,18 @@ var gMainPane = { } switch (gMainPane.getLanguageSwitchTransitionType(selected)) { - // tor-browser#41417: see onPrimaryBrowserLanguageMenuChange case "requires-restart": - case "live-reload": gMainPane.showConfirmLanguageChangeMessageBar(selected); gMainPane.updatePrimaryBrowserLanguageUI(selected[0]); break; + case "live-reload": + Services.locale.requestedLocales = selected; + + gMainPane.updatePrimaryBrowserLanguageUI( + Services.locale.appLocaleAsBCP47 + ); + gMainPane.hideConfirmLanguageChangeMessageBar(); + break; case "locales-match": // They matched, so we can reset the UI. gMainPane.updatePrimaryBrowserLanguageUI( View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/compare/337dcb… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/compare/337dcb… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser-build][main] Update Mullvad Browser release prep templates to include downstream package...
by Richard Pospesel (＠richard) 20 Apr '23

20 Apr '23

Richard Pospesel pushed to branch main at The Tor Project / Applications / tor-browser-build Commits: b1b4bf77 by Richard Pospesel at 2023-04-20T17:53:16+00:00 Update Mullvad Browser release prep templates to include downstream package notification/maintenance - - - - - 1 changed file: - .gitlab/issue_templates/Release Prep - Mullvad Browser Stable.md Changes: ===================================== .gitlab/issue_templates/Release Prep - Mullvad Browser Stable.md ===================================== @@ -98,7 +98,7 @@ Mullvad Browser Stable lives in the various `maint-$(MULLVAD_BROWSER_MAJOR).$(MU </details> <details> - <summary>Communications</summary> + <summary>Downstream</summary> ### notify stakeholders @@ -107,9 +107,15 @@ Mullvad Browser Stable lives in the various `maint-$(MULLVAD_BROWSER_MAJOR).$(MU - [ ] New `mullvad-browser` project branch and tags - [ ] mullvad-browser-update-responses git hash - [ ] changelog +- [ ] Email downstream consumers: + - [ ] flathub package maintainer: proletarius101(a)protonmail.com + - [ ] arch package maintainer: bootctl(a)gmail.com -</details> +### merge requests +- [ ] homebrew: https://github.com/Homebrew/homebrew-cask/blob/master/Casks/mullvad-browser… + - **NOTE**: should just need to update the version to latest +</details> /label ~"Release Prep" View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/b… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/b… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser-build][main] Bug 40818: Enable wasm target for rust
by Pier Angelo Vendrame (＠pierov) 20 Apr '23

20 Apr '23

Pier Angelo Vendrame pushed to branch main at The Tor Project / Applications / tor-browser-build Commits: d86056dd by Cecylia Bocovich at 2023-04-20T13:11:22+00:00 Bug 40818: Enable wasm target for rust - - - - - 2 changed files: - projects/rust/build - projects/rust/config Changes: ===================================== projects/rust/build ===================================== @@ -6,6 +6,8 @@ tar -C /var/tmp/dist -xf [% c('input_files_by_name/cmake') %] export PATH="/var/tmp/dist/cmake/bin:$PATH" tar -C /var/tmp/dist -xf [% c('input_files_by_name/binutils') %] export PATH=/var/tmp/dist/binutils/bin:$PATH +tar -C /var/tmp/dist -xf [% c('input_files_by_name/ninja') %] +export PATH=/var/tmp/dist/ninja:$PATH tar -C /var/tmp/dist -xf [% c('input_files_by_name/rust_prebuilt') %] cd /var/tmp/dist/rust-[% c('version') %]-x86_64-unknown-linux-gnu ./install.sh --prefix=$distdir-rust-prebuilt @@ -52,6 +54,11 @@ mkdir /var/tmp/build tar -C /var/tmp/build -xf [% c('input_files_by_name/rust') %] cd /var/tmp/build/rustc-[% c('version') %]-src +# This is a workaround to get access to the libunwind header files. Our LLVM_CONFIG +# thinks that the llvm source root is at /var/tmp/dist/clang-source because that's +# where it was when clang was compiled. +ln -s "/var/tmp/build/rustc-[% c('version') %]-src/src/llvm-project" "/var/tmp/build/clang-source" + mkdir build cd build ../configure --prefix=$distdir --disable-docs --disable-compiler-docs [% c("var/configure_opt") %] ===================================== projects/rust/config ===================================== @@ -7,7 +7,7 @@ container: targets: android: var: - configure_opt: --enable-local-rust --enable-vendor --enable-extended --release-channel=stable --sysconfdir=etc --llvm-root=/var/tmp/dist/clang --set rust.jemalloc --target=x86_64-unknown-linux-gnu,armv7-linux-androideabi,thumbv7neon-linux-androideabi,aarch64-linux-android,i686-linux-android,x86_64-linux-android --set=target.armv7-linux-androideabi.cc=armv7a-linux-androideabi16-clang --set=target.armv7-linux-androideabi.ar=armv7a-linux-androideabi-ar --set=target.thumbv7neon-linux-androideabi.cc=armv7a-linux-androideabi16-clang --set=target.thumbv7neon-linux-androideabi.ar=armv7a-linux-androideabi-ar --set=target.aarch64-linux-android.cc=aarch64-linux-android21-clang --set=target.aarch64-linux-android.ar=aarch64-linux-android-ar --set=target.i686-linux-android.cc=i686-linux-android16-clang --set=target.i686-linux-android.ar=i686-linux-android-ar --set=target.x86_64-linux-android.cc=x86_64-linux-android21-clang --set=target.x86_64-linux-android.ar=x86_64-linux-android-ar + configure_opt: --enable-local-rust --enable-vendor --enable-extended --release-channel=stable --sysconfdir=etc --llvm-root=/var/tmp/dist/clang --set rust.jemalloc --target=x86_64-unknown-linux-gnu,armv7-linux-androideabi,thumbv7neon-linux-androideabi,aarch64-linux-android,i686-linux-android,x86_64-linux-android,wasm32-unknown-unknown --set=target.armv7-linux-androideabi.cc=armv7a-linux-androideabi16-clang --set=target.armv7-linux-androideabi.ar=armv7a-linux-androideabi-ar --set=target.thumbv7neon-linux-androideabi.cc=armv7a-linux-androideabi16-clang --set=target.thumbv7neon-linux-androideabi.ar=armv7a-linux-androideabi-ar --set=target.aarch64-linux-android.cc=aarch64-linux-android21-clang --set=target.aarch64-linux-android.ar=aarch64-linux-android-ar --set=target.i686-linux-android.cc=i686-linux-android16-clang --set=target.i686-linux-android.ar=i686-linux-android-ar --set=target.x86_64-linux-android.cc=x86_64-linux-android21-clang --set=target.x86_64-linux-android.ar=x86_64-linux-android-ar --set target.wasm32-unknown-unknown.linker=clang --set target.wasm32-unknown-unknown.ar=llvm-ar --set target.wasm32-unknown-unknown.ranlib=llvm-ranlib --set rust.lld=true linux: var: @@ -41,11 +41,11 @@ targets: # # Finally, we tell Rust to use some tools from LLVM, like the prebuilt # binaries do. - configure_opt: --enable-local-rust --enable-vendor --enable-extended --release-channel=stable --sysconfdir=etc --llvm-root=/var/tmp/dist/clang --set rust.jemalloc --target=x86_64-unknown-linux-gnu,i686-unknown-linux-gnu --set target.x86_64-unknown-linux-gnu.linker=clang --set target.x86_64-unknown-linux-gnu.ar=llvm-ar --set target.x86_64-unknown-linux-gnu.ranlib=llvm-ranlib --set target.i686-unknown-linux-gnu.linker=clang --set target.i686-unknown-linux-gnu.ar=llvm-ar --set target.i686-unknown-linux-gnu.ranlib=llvm-ranlib + configure_opt: --enable-local-rust --enable-vendor --enable-extended --release-channel=stable --sysconfdir=etc --llvm-root=/var/tmp/dist/clang --set rust.jemalloc --target=x86_64-unknown-linux-gnu,i686-unknown-linux-gnu,wasm32-unknown-unknown --set target.x86_64-unknown-linux-gnu.linker=clang --set target.x86_64-unknown-linux-gnu.ar=llvm-ar --set target.x86_64-unknown-linux-gnu.ranlib=llvm-ranlib --set target.i686-unknown-linux-gnu.linker=clang --set target.i686-unknown-linux-gnu.ar=llvm-ar --set target.i686-unknown-linux-gnu.ranlib=llvm-ranlib --set target.wasm32-unknown-unknown.linker=clang --set target.wasm32-unknown-unknown.ar=llvm-ar --set target.wasm32-unknown-unknown.ranlib=llvm-ranlib --set rust.lld=true macos: var: - configure_opt: --enable-local-rust --enable-vendor --enable-extended --release-channel=stable --sysconfdir=etc --llvm-root=/var/tmp/dist/macosx-toolchain/clang --set rust.jemalloc --target=x86_64-unknown-linux-gnu,[% c("var/build_target") %] --set=target.[% c("var/build_target") %].cc=[% c("var/build_target") %]-clang --set target.x86_64-unknown-linux-gnu.linker=clang --set target.x86_64-unknown-linux-gnu.ar=llvm-ar --set target.x86_64-unknown-linux-gnu.ranlib=llvm-ranlib + configure_opt: --enable-local-rust --enable-vendor --enable-extended --release-channel=stable --sysconfdir=etc --llvm-root=/var/tmp/dist/macosx-toolchain/clang --set rust.jemalloc --target=x86_64-unknown-linux-gnu,[% c("var/build_target") %],wasm32-unknown-unknown --set=target.[% c("var/build_target") %].cc=[% c("var/build_target") %]-clang --set target.x86_64-unknown-linux-gnu.linker=clang --set target.x86_64-unknown-linux-gnu.ar=llvm-ar --set target.x86_64-unknown-linux-gnu.ranlib=llvm-ranlib --set target.wasm32-unknown-unknown.linker=clang --set target.wasm32-unknown-unknown.ar=llvm-ar --set target.wasm32-unknown-unknown.ranlib=llvm-ranlib --set rust.lld=true arch_deps: - pkg-config @@ -53,7 +53,7 @@ targets: var: # See tor-browser-build#29320 compiler: mingw-w64 - configure_opt: --enable-local-rust --enable-vendor --enable-extended --release-channel=stable --sysconfdir=etc --llvm-root=/var/tmp/dist/clang --target=x86_64-unknown-linux-gnu,[% c("arch") %]-pc-windows-gnu --set target.x86_64-unknown-linux-gnu.linker=clang --set target.x86_64-unknown-linux-gnu.ar=llvm-ar --set target.x86_64-unknown-linux-gnu.ranlib=llvm-ranlib + configure_opt: --enable-local-rust --enable-vendor --enable-extended --release-channel=stable --sysconfdir=etc --llvm-root=/var/tmp/dist/clang --target=x86_64-unknown-linux-gnu,[% c("arch") %]-pc-windows-gnu,wasm32-unknown-unknown --set target.x86_64-unknown-linux-gnu.linker=clang --set target.x86_64-unknown-linux-gnu.ar=llvm-ar --set target.x86_64-unknown-linux-gnu.ranlib=llvm-ranlib --set target.wasm32-unknown-unknown.linker=clang --set target.wasm32-unknown-unknown.ar=llvm-ar --set target.wasm32-unknown-unknown.ranlib=llvm-ranlib --set rust.lld=true arch_deps: - pkg-config @@ -72,6 +72,8 @@ input_files: # libgcc, and the GNU/LLVM is a tier 3 platform supported only for x86_64). # macOS does not need Clang because it comes already with its compiler. enable: '[% c("var/linux") || c("var/android") || c("var/windows") %]' + - project: ninja + name: ninja - URL: 'https://static.rust-lang.org/dist/rustc-[% c("version") %]-src.tar.gz' name: rust sig_ext: asc View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/d… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/d… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[pluggable-transports/snowflake] branch main updated (297ca91 -> f723cf5)
by gitolite role 20 Apr '23

20 Apr '23

This is an automated email from the git hooks/post-receive script. meskio pushed a change to branch main in repository pluggable-transports/snowflake. from 297ca91 Use goptlib from gitlab.torproject.org new 17829d8 Comment typo. new 6bdd48c Restore ListenAndServe error return in Transport.Listen. new 590d158 Comment typo. new 6bae31f Use a static array in benchmarks. new 97c9300 Fix loop termination in TestQueuePacketConnWriteToKCP. new c097d5f Use a sync.Pool to reuse packet buffers in QueuePacketConn. new f723cf5 Merge remote-tracking branch 'gitlab/main' The 7 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "add" were already present in the repository and have only been added to this reference. Summary of changes: common/turbotunnel/queuepacketconn.go | 49 +++++++++++++--- common/turbotunnel/queuepacketconn_test.go | 89 +++++++++++++++++++++++++----- server/lib/http.go | 5 +- server/lib/snowflake.go | 10 +++- server/stats.go | 2 +- 5 files changed, 127 insertions(+), 28 deletions(-) -- To stop receiving notification emails like this one, please contact the administrator of this repository.

1 7

[Git][tpo/applications/tor-browser] Pushed new branch tor-browser-102.10.0esr-13.0-1
by Pier Angelo Vendrame (＠pierov) 20 Apr '23

20 Apr '23

Pier Angelo Vendrame pushed new branch tor-browser-102.10.0esr-13.0-1 at The Tor Project / Applications / Tor Browser -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/tree/tor-brows… You're receiving this email because of your account on gitlab.torproject.org.

1 0