tor-commits
Threads by month
- ----- 2026 -----
- July
- June
- May
- April
- March
- February
- January
- ----- 2025 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2024 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2023 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2022 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2021 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2020 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2019 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2018 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2017 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2016 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2015 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2014 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2013 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2012 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2011 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- 1 participants
- 215413 discussions
[Git][tpo/applications/tor-browser][tor-browser-115.3.0esr-13.0-1] 2 commits: fixup! Bug 40933: Add tor-launcher functionality
by richard (@richard) 28 Sep '23
by richard (@richard) 28 Sep '23
28 Sep '23
richard pushed to branch tor-browser-115.3.0esr-13.0-1 at The Tor Project / Applications / Tor Browser
Commits:
14e1b34c by Pier Angelo Vendrame at 2023-09-27T19:39:39+00:00
fixup! Bug 40933: Add tor-launcher functionality
Bug 42131: Check for existing circuits during initialization.
- - - - -
4b7f4df4 by Pier Angelo Vendrame at 2023-09-27T19:39:39+00:00
fixup! Bug 40933: Add tor-launcher functionality
Bug 42132: Poll for circuit information when we did not collect its data
already.
- - - - -
2 changed files:
- toolkit/components/tor-launcher/TorControlPort.sys.mjs
- toolkit/components/tor-launcher/TorProvider.sys.mjs
Changes:
=====================================
toolkit/components/tor-launcher/TorControlPort.sys.mjs
=====================================
@@ -272,6 +272,11 @@ class AsyncSocket {
*
* @typedef {string} NodeFingerprint
*/
+/**
+ * @typedef {object} CircuitInfo
+ * @property {CircuitID} id
+ * @property {NodeFingerprint[]} nodes
+ */
/**
* @typedef {object} Bridge
* @property {string} transport The transport of the bridge, or vanilla if not
@@ -729,12 +734,14 @@ export class TorController {
/**
* Ask Tor a list of circuits.
*
- * @returns {string[]} An array with a string for each line
+ * @returns {CircuitInfo[]} An array with a string for each line
*/
async getCircuits() {
const circuits = await this.#getInfo("circuit-status");
- // TODO: Do more parsing once we move the event parsing to this class!
- return circuits.split(/\r?\n/);
+ return circuits
+ .split(/\r?\n/)
+ .map(this.#parseCircBuilt.bind(this))
+ .filter(circ => circ);
}
// Configuration
@@ -1022,25 +1029,15 @@ export class TorController {
this.#eventHandler.onBootstrapStatus(status);
break;
case "CIRC":
- const builtEvent =
- /^(?<ID>[a-zA-Z0-9]{1,16})\sBUILT\s(?<Path>(,?\$([0-9a-fA-F]{40})(?:~[a-zA-Z0-9]{1,19})?)+)/.exec(
- data.groups.data
- );
+ const maybeCircuit = this.#parseCircBuilt(data.groups.data);
const closedEvent = /^(?<ID>[a-zA-Z0-9]{1,16})\sCLOSED/.exec(
data.groups.data
);
- if (builtEvent) {
- const fp = /\$([0-9a-fA-F]{40})/g;
- const nodes = Array.from(builtEvent.groups.Path.matchAll(fp), g =>
- g[1].toUpperCase()
+ if (maybeCircuit) {
+ this.#eventHandler.onCircuitBuilt(
+ maybeCircuit.id,
+ maybeCircuit.nodes
);
- // In some cases, we might already receive SOCKS credentials in the
- // line. However, this might be a problem with onion services: we get
- // also a 4-hop circuit that we likely do not want to show to the
- // user, especially because it is used only temporarily, and it would
- // need a technical explaination.
- // const credentials = this.#parseCredentials(data.groups.data);
- this.#eventHandler.onCircuitBuilt(builtEvent.groups.ID, nodes);
} else if (closedEvent) {
this.#eventHandler.onCircuitClosed(closedEvent.groups.ID);
}
@@ -1068,7 +1065,7 @@ export class TorController {
}
}
- // Other helpers
+ // Parsers
/**
* Parse a bootstrap status line.
@@ -1099,15 +1096,32 @@ export class TorController {
}
/**
- * Throw an exception when value is not a string.
+ * Parse a CIRC BUILT event or a GETINFO circuit-status.
*
- * @param {any} value The value to check
- * @param {string} name The name of the `value` argument
+ * @param {string} line The line to parse
+ * @returns {CircuitInfo?} The ID and nodes of the circuit, or null if the
+ * parsing failed.
*/
- #expectString(value, name) {
- if (typeof value !== "string" && !(value instanceof String)) {
- throw new Error(`The ${name} argument is expected to be a string.`);
+ #parseCircBuilt(line) {
+ const builtEvent =
+ /^(?<ID>[a-zA-Z0-9]{1,16})\sBUILT\s(?<Path>(,?\$([0-9a-fA-F]{40})(?:~[a-zA-Z0-9]{1,19})?)+)/.exec(
+ line
+ );
+ if (!builtEvent) {
+ return null;
}
+ const fp = /\$([0-9a-fA-F]{40})/g;
+ const nodes = Array.from(builtEvent.groups.Path.matchAll(fp), g =>
+ g[1].toUpperCase()
+ );
+ // In some cases, we might already receive SOCKS credentials in the
+ // line. However, this might be a problem with Onion services: we get
+ // also a 4-hop circuit that we likely do not want to show to the
+ // user, especially because it is used only temporarily, and it would
+ // need a technical explaination.
+ // So we do not try to extract them for now. Otherwise, we could do
+ // const credentials = this.#parseCredentials(line);
+ return { id: builtEvent.groups.ID, nodes };
}
/**
@@ -1146,6 +1160,20 @@ export class TorController {
)
);
}
+
+ // Other helpers
+
+ /**
+ * Throw an exception when value is not a string.
+ *
+ * @param {any} value The value to check
+ * @param {string} name The name of the `value` argument
+ */
+ #expectString(value, name) {
+ if (typeof value !== "string" && !(value instanceof String)) {
+ throw new Error(`The ${name} argument is expected to be a string.`);
+ }
+ }
}
/**
=====================================
toolkit/components/tor-launcher/TorProvider.sys.mjs
=====================================
@@ -137,7 +137,7 @@ export class TorProvider {
* built before the new identity but not yet used. If we cleaned the map, we
* risked of not having the data about it.
*
- * @type {Map<CircuitID, NodeFingerprint[]>}
+ * @type {Map<CircuitID, Promise<NodeFingerprint[]>>}
*/
#circuits = new Map();
/**
@@ -204,6 +204,11 @@ export class TorProvider {
logger.debug(`Notifying ${TorProviderTopics.ProcessIsReady}`);
Services.obs.notifyObservers(null, TorProviderTopics.ProcessIsReady);
+
+ // If we are using an external Tor daemon, we might need to fetch circuits
+ // already, in case streams use them. Do not await because we do not want to
+ // block the intialization on this (it should not fail anyway...).
+ this.#fetchCircuits();
}
/**
@@ -799,6 +804,16 @@ export class TorProvider {
return crypto.getRandomValues(new Uint8Array(kPasswordLen));
}
+ /**
+ * Ask Tor the circuits it already knows to populate our circuit map with the
+ * circuits that were already open before we started listening for events.
+ */
+ async #fetchCircuits() {
+ for (const { id, nodes } of await this.#controller.getCircuits()) {
+ this.onCircuitBuilt(id, nodes);
+ }
+ }
+
// Notification handlers
/**
@@ -983,18 +998,35 @@ export class TorProvider {
* @param {CircuitID} circuitId The ID of the circuit used by the stream
* @param {string} username The SOCKS username
* @param {string} password The SOCKS password
- * @returns
*/
- onStreamSucceeded(streamId, circuitId, username, password) {
+ async onStreamSucceeded(streamId, circuitId, username, password) {
if (!username || !password) {
return;
}
logger.debug("Stream succeeded event", username, password, circuitId);
- const circuit = this.#circuits.get(circuitId);
+ let circuit = this.#circuits.get(circuitId);
if (!circuit) {
- logger.error(
- "Seen a STREAM SUCCEEDED with an unknown circuit. Not notifying observers."
- );
+ circuit = new Promise((resolve, reject) => {
+ this.#controlConnection.getCircuits().then(circuits => {
+ for (const { id, nodes } of circuits) {
+ if (id === circuitId) {
+ resolve(nodes);
+ return;
+ }
+ // Opportunistically collect circuits, since we are iterating them.
+ this.#circuits.set(id, nodes);
+ }
+ logger.error(
+ `Seen a STREAM SUCCEEDED with circuit ${circuitId}, but Tor did not send information about it.`
+ );
+ reject();
+ });
+ });
+ this.#circuits.set(circuitId, circuit);
+ }
+ try {
+ circuit = await circuit;
+ } catch {
return;
}
Services.obs.notifyObservers(
View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/compare/c97861…
--
View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/compare/c97861…
You're receiving this email because of your account on gitlab.torproject.org.
1
0
[Git][tpo/applications/tor-browser][tor-browser-115.3.0esr-13.0-1] 2 commits: fixup! Bug 40562: Added Tor Browser preferences to 000-tor-browser.js
by richard (@richard) 28 Sep '23
by richard (@richard) 28 Sep '23
28 Sep '23
richard pushed to branch tor-browser-115.3.0esr-13.0-1 at The Tor Project / Applications / Tor Browser
Commits:
8085f615 by Pier Angelo Vendrame at 2023-09-27T14:55:14+02:00
fixup! Bug 40562: Added Tor Browser preferences to 000-tor-browser.js
Bug 41496: Pref review for 115/13.0
- - - - -
c978614e by Pier Angelo Vendrame at 2023-09-27T14:55:16+02:00
fixup! Firefox preference overrides.
Bug 41496: Pref review for 115/13.0
- - - - -
2 changed files:
- browser/app/profile/000-tor-browser.js
- browser/app/profile/001-base-profile.js
Changes:
=====================================
browser/app/profile/000-tor-browser.js
=====================================
@@ -41,14 +41,19 @@ pref("dom.security.https_only_mode.upgrade_onion", false);
// Bug 40423/41137: Disable http/3
// We should re-enable it as soon as Tor gets UDP support
-pref("network.http.http3.enabled", false);
+pref("network.http.http3.enable", false);
// 0 = do not use a second connection, see all.js and #7656
pref("network.http.connection-retry-timeout", 0);
#expand pref("torbrowser.version", __BASE_BROWSER_VERSION_QUOTED__);
-// Old torbutton pref
+// Tor Browser used to be compatible with non-Tor proxies. This feature is not
+// available anymore, but this legacy preference can be still used to disable
+// first-party domain circuit isolation.
+// In general, it should not be used. This use-case is still supported only for
+// sites that break with this isolation (and even in that case, its use should
+// be reduced to the strictly required time).
pref("extensions.torbutton.use_nontor_proxy", false);
// Browser home page:
@@ -61,8 +66,6 @@ pref("browser.download.showTorWarning", true);
pref("extensions.torbutton.pref_fixup_version", 0);
// Formerly tor-launcher defaults
-// When presenting the setup wizard, first prompt for locale.
-pref("intl.locale.matchOS", true);
pref("extensions.torlauncher.start_tor", true);
pref("extensions.torlauncher.prompt_at_startup", true);
@@ -112,7 +115,7 @@ pref("extensions.torlauncher.bridgedb_reflector", "https://moat.torproject.org.g
pref("extensions.torlauncher.moat_service", "https://bridges.torproject.org/moat");
pref("extensions.torlauncher.bridgedb_bridge_type", "obfs4");
-// Recommended default bridge type (can be set per localized bundle).
+// Recommended default bridge type.
// pref("extensions.torlauncher.default_bridge_recommended_type", "obfs3");
// Default bridges.
=====================================
browser/app/profile/001-base-profile.js
=====================================
@@ -40,6 +40,8 @@ pref("app.update.promptWaitTime", 3600);
pref("app.update.staging.enabled", false);
#endif
+pref("browser.startup.homepage_override.buildID", "20100101");
+
// Disable the "Refresh" prompt that is displayed for stale profiles.
pref("browser.disableResetPrompt", true);
@@ -47,7 +49,6 @@ pref("browser.disableResetPrompt", true);
pref("browser.privatebrowsing.autostart", true);
pref("browser.cache.disk.enable", false);
pref("permissions.memory_only", true);
-pref("network.cookie.lifetimePolicy", 2);
pref("security.nocertdb", true);
pref("media.aboutwebrtc.hist.enabled", false);
@@ -66,7 +67,10 @@ pref("browser.download.enable_spam_prevention", true);
// Misc privacy: Disk
pref("signon.rememberSignons", false);
pref("browser.formfill.enable", false);
+pref("signon.formlessCapture.enabled", false); // Added with tor-browser#41496
pref("signon.autofillForms", false);
+// Do not store extra data (form, scrollbar positions, cookies, POST data) for
+// the session restore functionality.
pref("browser.sessionstore.privacy_level", 2);
// Use the in-memory media cache and increase its maximum size (#29120)
pref("browser.privatebrowsing.forceMediaMemoryCache", true);
@@ -80,6 +84,8 @@ pref("browser.pagethumbnails.capturing_disabled", true);
// Enable HTTPS-Only mode (tor-browser#19850)
pref("dom.security.https_only_mode", true);
+// The previous pref automatically sets this to true (see StaticPrefList.yaml),
+// but set it anyway only as a defense-in-depth.
pref("dom.security.https_only_mode_pbm", true);
// tor-browser#22320: Hide referer when comming from a .onion address
@@ -118,7 +124,8 @@ pref("security.tls.version.enable-deprecated", false, locked);
// Misc privacy: Remote
pref("browser.send_pings", false);
// Space separated list of URLs that are allowed to send objects (instead of
-// only strings) through webchannels.
+// only strings) through webchannels. The default for Firefox is some Mozilla
+// domains.
pref("webchannel.allowObject.urlWhitelist", "");
pref("geo.enabled", false);
pref("geo.provider.network.url", "");
@@ -127,6 +134,7 @@ pref("geo.provider.use_corelocation", false);
pref("geo.provider.use_gpsd", false);
pref("geo.provider.use_geoclue", false);
pref("browser.search.suggest.enabled", false);
+pref("browser.search.suggest.enabled.private", false);
pref("browser.urlbar.suggest.searches", false);
pref("browser.urlbar.suggest.quicksuggest.nonsponsored", false);
pref("browser.urlbar.suggest.quicksuggest.sponsored", false);
@@ -143,7 +151,6 @@ pref("browser.safebrowsing.provider.google4.updateURL", "");
pref("browser.safebrowsing.provider.google4.gethashURL", "");
pref("browser.safebrowsing.provider.mozilla.updateURL", "");
pref("browser.safebrowsing.provider.mozilla.gethashURL", "");
-pref("extensions.ui.lastCategory", "addons://list/extension");
pref("datareporting.healthreport.uploadEnabled", false);
pref("datareporting.policy.dataSubmissionEnabled", false);
// Make sure Unified Telemetry is really disabled, see: #18738.
@@ -152,6 +159,9 @@ pref("toolkit.telemetry.unified", false);
pref("toolkit.telemetry.enabled", false, locked);
pref("toolkit.telemetry.server", "data:,");
pref("toolkit.telemetry.archive.enabled", false);
+pref("toolkit.telemetry.newProfilePing.enabled", false); // Added in tor-browser#41496
+pref("toolkit.telemetry.shutdownPingSender.enabled", false); // Added in tor-browser#41496
+pref("toolkit.telemetry.firstShutdownPing.enabled", false); // Added in tor-browser#41496
pref("toolkit.telemetry.updatePing.enabled", false); // Make sure updater telemetry is disabled; see #25909.
pref("toolkit.telemetry.bhrPing.enabled", false);
pref("toolkit.telemetry.coverage.opt-out", true);
@@ -160,6 +170,11 @@ pref("toolkit.coverage.endpoint.base", "");
pref("browser.ping-centre.telemetry", false);
pref("browser.tabs.crashReporting.sendReport", false);
pref("browser.crashReports.unsubmittedCheck.autoSubmit2", false);
+// Added in tor-browser#41496 even though false by default
+pref("browser.crashReports.unsubmittedCheck.enabled", false);
+// Added in tor-browser#41496 even though it shuld be already always disabled
+// since we disable MOZ_CRASHREPORTER.
+pref("breakpad.reportURL", "data:");
#ifdef XP_WIN
// Defense-in-depth: ensure that the Windows default browser agent will
// not ping Mozilla if it is somehow present (we omit it at build time).
@@ -177,10 +192,8 @@ pref("services.sync.engine.passwords", false);
pref("services.sync.engine.prefs", false);
pref("services.sync.engine.tabs", false);
pref("extensions.getAddons.cache.enabled", false); // https://blog.mozilla.org/addons/how-to-opt-out-of-add-on-metadata-updates/
-pref("browser.search.region", "US"); // The next two prefs disable GeoIP search lookups (#16254)
-pref("browser.search.geoip.url", "");
pref("browser.fixup.alternate.enabled", false); // Bug #16783: Prevent .onion fixups
-pref("privacy.donottrackheader.enabled", false); // (privacy-browser#17)
+pref("privacy.donottrackheader.enabled", false); // (mullvad-browser#17)
// Make sure there is no Tracking Protection active in Tor Browser, see: #17898.
pref("privacy.trackingprotection.enabled", false);
pref("privacy.trackingprotection.pbmode.enabled", false);
@@ -200,15 +213,10 @@ pref("browser.newtabpage.activity-stream.feeds.section.topstories", false);
pref("browser.newtabpage.activity-stream.showSponsored", false);
pref("browser.newtabpage.activity-stream.showSponsoredTopSites", false);
pref("browser.newtabpage.activity-stream.default.sites", "");
+// Activity Stream telemetry
pref("browser.newtabpage.activity-stream.feeds.telemetry", false);
pref("browser.newtabpage.activity-stream.telemetry", false);
-// tor-browser#41945 - disable automatic cookie banners dismissal until
-// we're sure it does not causes fingerprinting risks or other issues.
-pref("cookiebanners.service.mode", 0);
-pref("cookiebanners.service.mode.privateBrowsing", 0);
-pref("cookiebanners.ui.desktop.enabled", false);
-
// tor-browser#40788: disable AS's calls to home.
// Notice that null is between quotes because it is a JSON string.
// Keep checked firefox.js to see if new entries are added.
@@ -221,6 +229,12 @@ pref("browser.newtabpage.activity-stream.asrouter.providers.messaging-experiment
// Disable fetching asrouter.ftl and related console errors (tor-browser#40763).
pref("browser.newtabpage.activity-stream.asrouter.useRemoteL10n", false);
+// tor-browser#41945 - disable automatic cookie banners dismissal until
+// we're sure it does not causes fingerprinting risks or other issues.
+pref("cookiebanners.service.mode", 0);
+pref("cookiebanners.service.mode.privateBrowsing", 0);
+pref("cookiebanners.ui.desktop.enabled", false);
+
// Disable moreFromMozilla pane in the preferences/settings (tor-browser#41292).
pref("browser.preferences.moreFromMozilla", false);
@@ -228,14 +242,16 @@ pref("browser.preferences.moreFromMozilla", false);
pref("extensions.screenshots.disabled", true);
pref("extensions.webcompat-reporter.enabled", false);
+pref("browser.search.region", "US"); // Disable GeoIP search lookups (#16254)
// Disable use of WiFi location information
pref("browser.region.network.scan", false);
pref("browser.region.network.url", "");
pref("browser.region.local-geocoding", false);
-// Bug 40083: Make sure Region.jsm fetching is disabled
+// Bug 40083: Make sure Region.sys.mjs fetching is disabled
pref("browser.region.update.enabled", false);
-// Don't load Mozilla domains in a separate tab process
+// Don't load Mozilla domains in a separate privileged tab process
+pref("browser.tabs.remote.separatePrivilegedMozillaWebContentProcess", false);
pref("browser.tabs.remote.separatedMozillaDomains", "");
// Avoid DNS lookups on search terms
@@ -270,12 +286,23 @@ pref("security.pki.crlite_mode", 0);
// Disable website password breach alerts
pref("signon.management.page.breach-alerts.enabled", false);
-// Disable remote "password recipes"
+// Disable remote "password recipes". They are a way to improve the UX of the
+// password manager by havinc specific heuristics for some sites.
+// It needs remote settings and in general we disable the password manager.
+// More information about this feature at
+// https://bugzilla.mozilla.org/show_bug.cgi?id=1119454
pref("signon.recipes.remoteRecipes.enabled", false);
-// Disable ServiceWorkers and push notifications by default
+// Disable ServiceWorkers by default. They do not work in PBM in any case.
+// See https://bugzilla.mozilla.org/show_bug.cgi?id=1320796
pref("dom.serviceWorkers.enabled", false);
+// Push notifications use an online Mozilla service and a persistent ID stored
+// in dom.push.userAgentID, so disable them by default.
+// See also https://support.mozilla.org/kb/push-notifications-firefox
pref("dom.push.enabled", false);
+// As a defense in depth measure, also set the push server URL to empty.
+// See tor-browser#18801.
+pref("dom.push.serverURL", "");
// Fingerprinting
// tor-browser#41797: For release builds, lock RFP
@@ -292,7 +319,6 @@ pref("privacy.resistFingerprinting", true);
pref("webgl.disable-fail-if-major-performance-caveat", true);
// tor-browser#16404: disable until we investigate it further (#22333)
pref("webgl.enable-webgl2", false);
-pref("browser.startup.homepage_override.buildID", "20100101");
pref("browser.link.open_newwindow.restriction", 0); // Bug 9881: Open popups in new tabs (to avoid fullscreen popups)
// Prevent scripts from moving and resizing open windows
pref("dom.disable_window_move_resize", true);
@@ -307,7 +333,9 @@ pref("dom.webmidi.enabled", false); // Bug 41398: Disable Web MIDI API
// randomized IDs when this pref is true).
// Defense-in-depth (already the default value) from Firefox 119 or 120.
pref("media.devices.enumerate.legacy.enabled", false);
-pref("dom.w3c_touch_events.enabled", 0); // Bug 10286: Always disable Touch API
+// Bug 10286: Always disable Touch API.
+// We might need to deepen this topic, see tor-browser#42069.
+pref("dom.w3c_touch_events.enabled", 0);
pref("dom.vr.enabled", false); // Bug 21607: Disable WebVR for now
pref("security.webauth.webauthn", false); // Bug 26614: Disable Web Authentication API for now
// Disable SAB, no matter if the sites are cross-origin isolated.
@@ -350,6 +378,7 @@ pref("javascript.options.spectre.disable_for_isolated_content", false, locked);
pref("privacy.firstparty.isolate", true); // Always enforce first party isolation
// tor-browser#40123 and #40308: Disable for now until audit
pref("privacy.partition.network_state", false);
+// Only accept cookies from the originating site (block third party cookies)
pref("network.cookie.cookieBehavior", 1);
pref("network.cookie.cookieBehavior.pbmode", 1);
pref("network.predictor.enabled", false); // Temporarily disabled. See https://bugs.torproject.org/16633
@@ -365,7 +394,9 @@ pref("privacy.purge_trackers.enabled", false);
// Do not allow cross-origin sub-resources to open HTTP authentication
// credentials dialogs. Hardens against potential credentials phishing.
pref("network.auth.subresource-http-auth-allow", 1);
-// Disable sending additional analytics to web servers
+// Disable sending additional analytics to web servers.
+// This disables navigator.sendBeacon, even though this is discouraged by the
+// standard: https://w3c.github.io/beacon/#privacy-and-security
pref("beacon.enabled", false);
pref("network.dns.disablePrefetch", true);
@@ -379,13 +410,19 @@ pref("network.protocol-handler.warn-external.mailto", true);
pref("network.protocol-handler.warn-external.news", true);
pref("network.protocol-handler.warn-external.nntp", true);
pref("network.protocol-handler.warn-external.snews", true);
+#ifdef XP_WIN
+ pref("network.protocol-handler.external.ms-windows-store", false);
+ pref("network.protocol-handler.warn-external.ms-windows-store", true);
+#endif
pref("network.proxy.allow_bypass", false, locked); // #40682
// Lock to 'true', which is already the firefox default, to prevent users
// from making themselves fingerprintable by disabling. This pref
// alters content load order in a page. See tor-browser#24686
pref("network.http.tailing.enabled", true, locked);
-// Make sure the varoius http2 settings, buffer sizes, timings, etc are locked to firefox defaults to minimize network performance fingerprinting. See https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/27128
+// Make sure the varoius http2 settings, buffer sizes, timings, etc are locked
+// to firefox defaults to minimize network performance fingerprinting.
+// See https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/27128
pref("network.http.http2.enabled", true, locked);
pref("network.http.http2.enabled.deps", true, locked);
pref("network.http.http2.enforce-tls-profile", true, locked);
@@ -395,13 +432,13 @@ pref("network.http.http2.coalesce-hostnames", true, locked);
pref("network.http.http2.persistent-settings", false, locked);
pref("network.http.http2.ping-threshold", 58, locked);
pref("network.http.http2.ping-timeout", 8, locked);
-pref("network.http.http2.send-buffer-size", 131072, locked);
+pref("network.http.http2.send-buffer-size", 0, locked);
pref("network.http.http2.allow-push", true, locked);
pref("network.http.http2.push-allowance", 131072, locked);
pref("network.http.http2.pull-allowance", 12582912, locked);
pref("network.http.http2.default-concurrent", 100, locked);
pref("network.http.http2.default-hpack-buffer", 65536, locked);
-pref("network.http.http2.websockets", false, locked);
+pref("network.http.http2.websockets", true, locked);
pref("network.http.http2.enable-hpack-dump", false, locked);
// tor-browser#23044: Make sure we don't have any GIO supported protocols
@@ -467,10 +504,6 @@ pref("network.manage-offline-status", false);
pref("network.captive-portal-service.enabled", false);
pref("network.connectivity-service.enabled", false);
pref("captivedetect.canonicalURL", "");
-// As a "defense in depth" measure, configure an empty push server URL (the
-// DOM Push features are disabled by default via other prefs).
-// See tor-browser#18801.
-pref("dom.push.serverURL", "");
#ifdef XP_WIN
// tor-browser#41683: Disable the network process on Windows
@@ -482,9 +515,7 @@ pref("network.process.enabled", false);
// Extension support
pref("extensions.autoDisableScopes", 0);
-pref("extensions.databaseSchema", 3);
pref("extensions.enabledScopes", 5); // AddonManager.SCOPE_PROFILE=1 | AddonManager.SCOPE_APPLICATION=4
-pref("extensions.pendingOperations", false);
// We don't know what extensions Mozilla is advertising to our users and we
// don't want to have some random Google Analytics script running either on the
// about:addons page, see bug 22073, 22900 and 31601.
@@ -498,8 +529,8 @@ pref("browser.discovery.enabled", false);
pref("extensions.webextensions.restrictedDomains", "");
// Don't give Mozilla-recommended third-party extensions special privileges.
pref("extensions.postDownloadThirdPartyPrompt", false);
-// tor-browser#41701: Reporting an extension does not work
-// disable extension reporting since the request goes to Mozilla and is rejected anyway (HTTP 400)
+// tor-browser#41701: Reporting an extension does not work. The request goes to
+// Mozilla and is always rejected anyway (HTTP 400).
pref("extensions.abuseReport.enabled", false);
// We are already providing the languages we support in multi-lingual packages.
// Therefore, do not allow download of additional language packs. They are not a
@@ -526,10 +557,6 @@ pref("security.certerrors.mitm.priming.enabled", false);
// Don't automatically enable enterprise roots, see bug 40166
pref("security.certerrors.mitm.auto_enable_enterprise_roots", false);
-// Don't allow any domain overrides access to offscreen rendering, see tor-browser#41135
-pref("gfx.offscreencanvas.domain-enabled", false);
-pref("gfx.offscreencanvas.domain-allowlist", "");
-
// Disable share menus on Mac and Windows tor-browser#41117
pref("browser.menu.share_url.allow", false, locked);
View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/compare/eae5ea…
--
View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/compare/eae5ea…
You're receiving this email because of your account on gitlab.torproject.org.
1
0
[Git][tpo/applications/tor-browser-build][maint-12.5] Bug 40957: Update subkey expiration date for Tor Browser gpg key
by richard (@richard) 27 Sep '23
by richard (@richard) 27 Sep '23
27 Sep '23
richard pushed to branch maint-12.5 at The Tor Project / Applications / tor-browser-build
Commits:
078300d8 by Nicolas Vigier at 2023-09-26T22:18:45+00:00
Bug 40957: Update subkey expiration date for Tor Browser gpg key
- - - - -
1 changed file:
- keyring/torbrowser.gpg
Changes:
=====================================
keyring/torbrowser.gpg
=====================================
Binary files a/keyring/torbrowser.gpg and b/keyring/torbrowser.gpg differ
View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/0…
--
View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/0…
You're receiving this email because of your account on gitlab.torproject.org.
1
0
[Git][tpo/applications/tor-browser-build][main] Bug 40957: Update subkey expiration date for Tor Browser gpg key
by richard (@richard) 27 Sep '23
by richard (@richard) 27 Sep '23
27 Sep '23
richard pushed to branch main at The Tor Project / Applications / tor-browser-build
Commits:
ed83891d by Nicolas Vigier at 2023-09-26T22:17:44+00:00
Bug 40957: Update subkey expiration date for Tor Browser gpg key
- - - - -
1 changed file:
- keyring/torbrowser.gpg
Changes:
=====================================
keyring/torbrowser.gpg
=====================================
Binary files a/keyring/torbrowser.gpg and b/keyring/torbrowser.gpg differ
View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/e…
--
View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/e…
You're receiving this email because of your account on gitlab.torproject.org.
1
0
[Git][tpo/applications/firefox-android][firefox-android-115.2.1-13.0-1] fixup! Disable features and functionality
by Dan Ballard (@dan) 27 Sep '23
by Dan Ballard (@dan) 27 Sep '23
27 Sep '23
Dan Ballard pushed to branch firefox-android-115.2.1-13.0-1 at The Tor Project / Applications / firefox-android
Commits:
533daef0 by clairehurst at 2023-09-26T17:59:27+00:00
fixup! Disable features and functionality
- - - - -
3 changed files:
- fenix/app/src/main/java/org/mozilla/fenix/settings/quicksettings/QuickSettingsSheetDialogFragment.kt
- fenix/app/src/main/java/org/mozilla/fenix/settings/quicksettings/protections/ProtectionsView.kt
- fenix/app/src/main/res/layout/quicksettings_protections_panel.xml
Changes:
=====================================
fenix/app/src/main/java/org/mozilla/fenix/settings/quicksettings/QuickSettingsSheetDialogFragment.kt
=====================================
@@ -132,7 +132,8 @@ class QuickSettingsSheetDialogFragment : FenixDialogFragment() {
override fun onViewCreated(view: View, savedInstanceState: Bundle?) {
super.onViewCreated(view, savedInstanceState)
- observeTrackersChange(requireComponents.core.store)
+// Removed as part of Bug_42115: Enhanced Tracking Protection can still be enabled
+// observeTrackersChange(requireComponents.core.store)
consumeFrom(quickSettingsStore) {
websiteInfoView.update(it.webInfoState)
websitePermissionsView.update(it.websitePermissionsState)
@@ -190,34 +191,36 @@ class QuickSettingsSheetDialogFragment : FenixDialogFragment() {
@VisibleForTesting
internal fun provideTabId(): String = args.sessionId
- @VisibleForTesting
- internal fun observeTrackersChange(store: BrowserStore) {
- consumeFlow(store) { flow ->
- flow.mapNotNull { state ->
- state.findTabOrCustomTab(provideTabId())
- }.ifAnyChanged { tab ->
- arrayOf(
- tab.trackingProtection.blockedTrackers,
- tab.trackingProtection.loadedTrackers,
- )
- }.collect {
- updateTrackers(it)
- }
- }
- }
-
- @VisibleForTesting
- internal fun updateTrackers(tab: SessionState) {
- provideTrackingProtectionUseCases().fetchTrackingLogs(
- tab.id,
- onSuccess = { trackers ->
- protectionsView.updateDetailsSection(trackers.isNotEmpty())
- },
- onError = {
- Logger.error("QuickSettingsSheetDialogFragment - fetchTrackingLogs onError", it)
- },
- )
- }
+// Removed as part of Bug_42115: Enhanced Tracking Protection can still be enabled
+// @VisibleForTesting
+// internal fun observeTrackersChange(store: BrowserStore) {
+// consumeFlow(store) { flow ->
+// flow.mapNotNull { state ->
+// state.findTabOrCustomTab(provideTabId())
+// }.ifAnyChanged { tab ->
+// arrayOf(
+// tab.trackingProtection.blockedTrackers,
+// tab.trackingProtection.loadedTrackers,
+// )
+// }.collect {
+// updateTrackers(it)
+// }
+// }
+// }
+
+// Removed as part of Bug_42115: Enhanced Tracking Protection can still be enabled
+// @VisibleForTesting
+// internal fun updateTrackers(tab: SessionState) {
+// provideTrackingProtectionUseCases().fetchTrackingLogs(
+// tab.id,
+// onSuccess = { trackers ->
+// protectionsView.updateDetailsSection(trackers.isNotEmpty())
+// },
+// onError = {
+// Logger.error("QuickSettingsSheetDialogFragment - fetchTrackingLogs onError", it)
+// },
+// )
+// }
@VisibleForTesting
internal fun provideTrackingProtectionUseCases() = requireComponents.useCases.trackingProtectionUseCases
=====================================
fenix/app/src/main/java/org/mozilla/fenix/settings/quicksettings/protections/ProtectionsView.kt
=====================================
@@ -54,28 +54,32 @@ class ProtectionsView(
* Allows changing what this View displays.
*/
fun update(state: ProtectionsState) {
- bindTrackingProtectionInfo(state.isTrackingProtectionEnabled)
+// Removed as part of Bug_42115: Enhanced Tracking Protection can still be enabled
+// bindTrackingProtectionInfo(state.isTrackingProtectionEnabled)
bindCookieBannerProtection(state.cookieBannerUIMode)
- binding.trackingProtectionSwitch.isVisible = settings.shouldUseTrackingProtection
+// Removed as part of Bug_42115: Enhanced Tracking Protection can still be enabled
+// binding.trackingProtectionSwitch.isVisible = settings.shouldUseTrackingProtection
binding.cookieBannerItem.isVisible = shouldShowCookieBanner &&
state.cookieBannerUIMode != CookieBannerUIMode.HIDE
-
- binding.trackingProtectionDetails.setOnClickListener {
- interactor.onTrackingProtectionDetailsClicked()
- }
+// Removed as part of Bug_42115: Enhanced Tracking Protection can still be enabled
+// binding.trackingProtectionDetails.setOnClickListener {
+// interactor.onTrackingProtectionDetailsClicked()
+// }
}
- @VisibleForTesting
- internal fun updateDetailsSection(show: Boolean) {
- binding.trackingProtectionDetails.isVisible = show
- }
-
- private fun bindTrackingProtectionInfo(isTrackingProtectionEnabled: Boolean) {
- binding.trackingProtectionSwitch.isChecked = isTrackingProtectionEnabled
- binding.trackingProtectionSwitch.setOnCheckedChangeListener { _, isChecked ->
- interactor.onTrackingProtectionToggled(isChecked)
- }
- }
+// Removed as part of Bug_42115: Enhanced Tracking Protection can still be enabled
+// @VisibleForTesting
+// internal fun updateDetailsSection(show: Boolean) {
+// binding.trackingProtectionDetails.isVisible = show
+// }
+
+// Removed as part of Bug_42115: Enhanced Tracking Protection can still be enabled
+// private fun bindTrackingProtectionInfo(isTrackingProtectionEnabled: Boolean) {
+// binding.trackingProtectionSwitch.isChecked = isTrackingProtectionEnabled
+// binding.trackingProtectionSwitch.setOnCheckedChangeListener { _, isChecked ->
+// interactor.onTrackingProtectionToggled(isChecked)
+// }
+// }
@VisibleForTesting
internal val binding = QuicksettingsProtectionsPanelBinding.inflate(
=====================================
fenix/app/src/main/res/layout/quicksettings_protections_panel.xml
=====================================
@@ -12,36 +12,38 @@
android:layout_width="match_parent"
android:layout_height="wrap_content"
android:minHeight="@dimen/tracking_protection_item_height"
- app:layout_constraintBottom_toTopOf="@id/trackingProtectionSwitch"
+ app:layout_constraintBottom_toBottomOf="parent"
app:layout_constraintTop_toTopOf="parent" />
- <org.mozilla.fenix.trackingprotection.SwitchWithDescription
- android:id="@+id/trackingProtectionSwitch"
- android:layout_width="match_parent"
- android:layout_height="wrap_content"
- android:layout_marginTop="16dp"
- android:minHeight="@dimen/tracking_protection_item_height"
- android:text="@string/preference_enhanced_tracking_protection"
- app:layout_constraintBottom_toTopOf="@id/trackingProtectionDetails"
- app:layout_constraintTop_toBottomOf="@id/cookieBannerItem"
- app:switchDescriptionOff="@string/etp_panel_off"
- app:switchDescriptionOn="@string/etp_panel_on"
- app:switchIconOff="@drawable/ic_tracking_protection_disabled"
- app:switchIconOn="@drawable/ic_tracking_protection_enabled"
- app:switchTitle="@string/preference_enhanced_tracking_protection" />
+<!-- Removed as part of Bug_42115: Enhanced Tracking Protection can still be enabled-->
+<!-- <org.mozilla.fenix.trackingprotection.SwitchWithDescription-->
+<!-- android:id="@+id/trackingProtectionSwitch"-->
+<!-- android:layout_width="match_parent"-->
+<!-- android:layout_height="wrap_content"-->
+<!-- android:layout_marginTop="16dp"-->
+<!-- android:minHeight="@dimen/tracking_protection_item_height"-->
+<!-- android:text="@string/preference_enhanced_tracking_protection"-->
+<!-- app:layout_constraintBottom_toTopOf="@id/trackingProtectionDetails"-->
+<!-- app:layout_constraintTop_toBottomOf="@id/cookieBannerItem"-->
+<!-- app:switchDescriptionOff="@string/etp_panel_off"-->
+<!-- app:switchDescriptionOn="@string/etp_panel_on"-->
+<!-- app:switchIconOff="@drawable/ic_tracking_protection_disabled"-->
+<!-- app:switchIconOn="@drawable/ic_tracking_protection_enabled"-->
+<!-- app:switchTitle="@string/preference_enhanced_tracking_protection" />-->
- <TextView
- android:id="@+id/trackingProtectionDetails"
- style="@style/QuickSettingsText.Icon"
- android:layout_width="0dp"
- android:layout_height="@dimen/quicksettings_item_height"
- android:layout_alignParentEnd="true"
- android:gravity="end|center_vertical"
- android:text="@string/enhanced_tracking_protection_details"
- android:visibility="gone"
- app:drawableEndCompat="@drawable/ic_arrowhead_right"
- app:layout_constraintBottom_toBottomOf="parent"
- app:layout_constraintEnd_toEndOf="parent"
- app:layout_constraintStart_toStartOf="parent" />
+ <!-- Removed as part of Bug_42115: Enhanced Tracking Protection can still be enabled-->
+<!-- <TextView-->
+<!-- android:id="@+id/trackingProtectionDetails"-->
+<!-- style="@style/QuickSettingsText.Icon"-->
+<!-- android:layout_width="0dp"-->
+<!-- android:layout_height="@dimen/quicksettings_item_height"-->
+<!-- android:layout_alignParentEnd="true"-->
+<!-- android:gravity="end|center_vertical"-->
+<!-- android:text="@string/enhanced_tracking_protection_details"-->
+<!-- android:visibility="gone"-->
+<!-- app:drawableEndCompat="@drawable/ic_arrowhead_right"-->
+<!-- app:layout_constraintBottom_toBottomOf="parent"-->
+<!-- app:layout_constraintEnd_toEndOf="parent"-->
+<!-- app:layout_constraintStart_toStartOf="parent" />-->
</androidx.constraintlayout.widget.ConstraintLayout>
View it on GitLab: https://gitlab.torproject.org/tpo/applications/firefox-android/-/commit/533…
--
View it on GitLab: https://gitlab.torproject.org/tpo/applications/firefox-android/-/commit/533…
You're receiving this email because of your account on gitlab.torproject.org.
1
0
[Git][tpo/applications/tor-browser-update-responses][main] release: new version, 12.5.5
by richard (@richard) 27 Sep '23
by richard (@richard) 27 Sep '23
27 Sep '23
richard pushed to branch main at The Tor Project / Applications / Tor Browser update responses
Commits:
a5c4e965 by Richard Pospesel at 2023-09-26T17:40:28+00:00
release: new version, 12.5.5
- - - - -
30 changed files:
- update_3/release/.htaccess
- − update_3/release/12.5.1-12.5.4-linux32-ALL.xml
- − update_3/release/12.5.1-12.5.4-linux64-ALL.xml
- − update_3/release/12.5.1-12.5.4-macos-ALL.xml
- − update_3/release/12.5.1-12.5.4-win32-ALL.xml
- − update_3/release/12.5.1-12.5.4-win64-ALL.xml
- + update_3/release/12.5.1-12.5.5-linux32-ALL.xml
- + update_3/release/12.5.1-12.5.5-linux64-ALL.xml
- + update_3/release/12.5.1-12.5.5-macos-ALL.xml
- + update_3/release/12.5.1-12.5.5-win32-ALL.xml
- + update_3/release/12.5.1-12.5.5-win64-ALL.xml
- − update_3/release/12.5.2-12.5.4-linux32-ALL.xml
- − update_3/release/12.5.2-12.5.4-linux64-ALL.xml
- − update_3/release/12.5.2-12.5.4-macos-ALL.xml
- − update_3/release/12.5.2-12.5.4-win32-ALL.xml
- − update_3/release/12.5.2-12.5.4-win64-ALL.xml
- + update_3/release/12.5.2-12.5.5-linux32-ALL.xml
- + update_3/release/12.5.2-12.5.5-linux64-ALL.xml
- + update_3/release/12.5.2-12.5.5-macos-ALL.xml
- + update_3/release/12.5.2-12.5.5-win32-ALL.xml
- + update_3/release/12.5.2-12.5.5-win64-ALL.xml
- − update_3/release/12.5.3-12.5.4-linux32-ALL.xml
- − update_3/release/12.5.3-12.5.4-linux64-ALL.xml
- − update_3/release/12.5.3-12.5.4-macos-ALL.xml
- − update_3/release/12.5.3-12.5.4-win32-ALL.xml
- − update_3/release/12.5.3-12.5.4-win64-ALL.xml
- + update_3/release/12.5.3-12.5.5-linux32-ALL.xml
- + update_3/release/12.5.3-12.5.5-linux64-ALL.xml
- + update_3/release/12.5.3-12.5.5-macos-ALL.xml
- + update_3/release/12.5.3-12.5.5-win32-ALL.xml
The diff was not included because it is too large.
View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-update-responses…
--
View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-update-responses…
You're receiving this email because of your account on gitlab.torproject.org.
1
0
[Git][tpo/applications/tor-browser-build] Pushed new tag mb-12.5.5-build1
by richard (@richard) 27 Sep '23
by richard (@richard) 27 Sep '23
27 Sep '23
richard pushed new tag mb-12.5.5-build1 at The Tor Project / Applications / tor-browser-build
--
View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/tree/mb-…
You're receiving this email because of your account on gitlab.torproject.org.
1
0
[Git][tpo/applications/tor-browser-build] Pushed new tag tbb-12.5.5-build1
by richard (@richard) 27 Sep '23
by richard (@richard) 27 Sep '23
27 Sep '23
richard pushed new tag tbb-12.5.5-build1 at The Tor Project / Applications / tor-browser-build
--
View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/tree/tbb…
You're receiving this email because of your account on gitlab.torproject.org.
1
0
[Git][tpo/applications/tor-browser-build][maint-12.5] Bugs 40961, 40962: Tor Browser and Mullvad Browser 12.5.5
by richard (@richard) 27 Sep '23
by richard (@richard) 27 Sep '23
27 Sep '23
richard pushed to branch maint-12.5 at The Tor Project / Applications / tor-browser-build
Commits:
db01e230 by Richard Pospesel at 2023-09-25T20:43:08+00:00
Bugs 40961, 40962: Tor Browser and Mullvad Browser 12.5.5
- - - - -
9 changed files:
- projects/browser/Bundle-Data/Docs-MB/ChangeLog.txt
- projects/browser/Bundle-Data/Docs-TBB/ChangeLog.txt
- projects/browser/allowed_addons.json
- projects/browser/config
- projects/firefox/config
- projects/geckoview/config
- projects/tor/config
- projects/translation/config
- rbm.conf
Changes:
=====================================
projects/browser/Bundle-Data/Docs-MB/ChangeLog.txt
=====================================
@@ -1,3 +1,70 @@
+Mullvad Browse 12.5.5 - September 25 2023
+ * All Platforms
+ * Updated NoScript to 11.4.27
+ * Upated uBlock Origin to 1.52.2
+ * Bug 42123: Backport security fixes from Firefox 118 to ESR 102.15 / 115.3 - based Tor Browser [tor-browser]
+
+Mullvad Browser 13.0a5 - September 21 2023
+ * All Platforms
+ * Updated Translations
+ * Updated Firefox to 115.3.0esr
+ * Bug 228: Remove popup asking for preferred language on websites [mullvad-browser]
+ * Bug 238: Rebase Mullvad Browser to 115.3.0esr [mullvad-browser]
+ * Bug 40893: Update (Noto) fonts for 13.0 [tor-browser-build]
+ * Bug 41327: Disable UrlbarProviderInterventions [tor-browser]
+ * Bug 41581: ESR115: figure out extension pinning / unified Extensions [tor-browser]
+ * Bug 41903: The info icon on the language change prompt is not shown [tor-browser]
+ * Bug 42026: Disable cookie banner service and UI. [tor-browser]
+ * Bug 42037: Disable about:firefoxview [tor-browser]
+ * Bug 42083: RemoteSecuritySettings.init throws error in console [tor-browser]
+ * Bug 42094: Disable media.aboutwebrtc.hist.enabled as security in-depth [tor-browser]
+ * Windows
+ * Bug 41798: Stop building private_browsing.exe on Windows [tor-browser]
+ * Build System
+ * All Platforms
+ * Bug 40956: Allow testing the updater also with release and alpha channel [tor-browser-build]
+ * Windows
+ * Bug 41995: Generated headers on Windows aren't reproducible [tor-browser]
+
+Mullvad Browser 13.0a4 - September 12 2023
+ * All Platforms
+ * Updated Firefox to 115.2.1esr
+ * Updated Translations
+ * Updated NoScript to 11.4.27
+ * Bug 211: Change "Mullvad Browser Home" to "New tab" [mullvad-browser]
+ * Bug 231: Fix the Security Level "read more" link in popup/settings panel [mullvad-browser]
+ * Bug 236: Rebase alpha onto 115.2.1 [mullvad-browser]
+ * Bug 40149: Remove patching of nightly update URL [tor-browser-build]
+ * Bug 40937: First window after update should go to the user-friendly release page on GitHub [tor-browser-build]
+ * Bug 41528: Hard-coded English "based on Mozilla Firefox" appears in version in "About" dialog [tor-browser]
+ * Bug 41675: ESR115: decide on large array buffers [tor-browser]
+ * Bug 41739: Remove "Website appearance" [tor-browser]
+ * Bug 41740: ESR115: change devicePixelRatio spoof to 2 in alpha for testing [tor-browser]
+ * Bug 41774: Hide the new "Switching to a new device" help menu item [tor-browser]
+ * Bug 41797: Lock RFP in release builds [tor-browser]
+ * Bug 41876: Remove firefox view from title bar [tor-browser]
+ * Bug 41881: Developer tools/Network/New Request remembers requests [tor-browser]
+ * Bug 42027: Create a Base Browser version of migrateUI [tor-browser]
+ * Bug 42043: Disable gUM: media.devices.enumerate.legacy.enabled [tor-browser]
+ * Bug 42046: Remove XUL layout hacks from base browser [tor-browser]
+ * Bug 42050: Bring back Save As... dialog as default [tor-browser]
+ * Bug 42061: Move the alpha update channel creation to a commit on its own [tor-browser]
+ * Bug 42084: Race condition with language preferences may make spoof_english ineffective [tor-browser]
+ * Windows
+ * Bug 40930: Update zlib to 1.3 after 13.0a3 [tor-browser-build]
+ * macOS
+ * Bug 42057: Disable Platform text-recognition functionality [tor-browser]
+ * Build System
+ * All Platforms
+ * Bug 40857: Mullvad Browser generated downloads.json references tbb-* build tag rather than mb-* [tor-browser-build]
+ * Bug 40932: Remove appname_bundle_android, appname_bundle_macos, appname_bundle_linux, appname_bundle_win32, appname_bundle_win64 from projects/release/update_responses_config.yml [tor-browser-build]
+ * Bug 40933: Fix generating incrementals between 12.5.x and 13.0 [tor-browser-build]
+ * Bug 40935: Fix fallout from build target rename in signing scripts [tor-browser-build]
+ * Bug 40942: Use the branch to build Base Browser [tor-browser-build]
+ * Bug 40946: override_updater_url does not work for Mullvad Browser [tor-browser-build]
+ * macOS
+ * Bug 40943: Update libdmg-hfsplus to include our uplifted patch [tor-browser-build]
+
Mullvad Browser 12.5.4 - September 12 2023
* All Platforms
* Updated Firefox to 102.15.1esr
=====================================
projects/browser/Bundle-Data/Docs-TBB/ChangeLog.txt
=====================================
@@ -1,3 +1,139 @@
+Tor Browser 12.5.5 - September 25 2023
+ * All Platforms
+ * Updated tor to 0.4.7.15
+ * Updated NoScript to 11.4.27
+ * Updated Translations
+ * Bug 42120: Use foursquare as domain front for snowflake [tor-browser]
+ * Bug 42123: Backport security fixes from Firefox 118 to ESR 102.15 / 115.3 - based Tor Browser [tor-browser]
+ * Windows + macOS + Linux
+ * Bug 42126: moat and connect assist broken for people who can't reach domain front [tor-browser]
+
+Tor Browser 13.0a5 - September 21 2023
+ * All Platforms
+ * Updated Translations
+ * Updated OpenSSL to 3.0.11
+ * Updated tor to 0.4.8.6
+ * Bug 40938: Migrate remaining torbutton functionality to tor-browser [tor-browser]
+ * Bug 41327: Disable UrlbarProviderInterventions [tor-browser]
+ * Bug 42026: Disable cookie banner service and UI. [tor-browser]
+ * Bug 42094: Disable media.aboutwebrtc.hist.enabled as security in-depth [tor-browser]
+ * Bug 42112: Rebase alpha to 115.3.0esr [tor-browser]
+ * Bug 42120: Use foursquare as domain front for snowflake [tor-browser]
+ * Windows + macOS + Linux
+ * Updated Firefox to 115.3.0esr
+ * Bug 40893: Update (Noto) fonts for 13.0 [tor-browser-build]
+ * Bug 41639: Fix the wordmark (title and background) of the "About Tor Browser" window [tor-browser]
+ * Bug 41822: The default browser button came back on 115 [tor-browser]
+ * Bug 41864: TOR_CONTROL_HOST and TOR_SOCKS_HOST do not work as expected when the browser launches tor [tor-browser]
+ * Bug 41903: The info icon on the language change prompt is not shown [tor-browser]
+ * Bug 41957: Revert to Fx's default identity block style for internal pages [tor-browser]
+ * Bug 41958: Console error when closing tor browser with about:preferences open [tor-browser]
+ * Bug 41986: Fix the control port password handling [tor-browser]
+ * Bug 42037: Disable about:firefoxview [tor-browser]
+ * Bug 42073: Add simplified onion pattern to the new homepage [tor-browser]
+ * Bug 42079: TorConnect: handle switching from Bootstrapped to Configuring state [tor-browser]
+ * Bug 42083: RemoteSecuritySettings.init throws error in console [tor-browser]
+ * Bug 42091: Onion authorization prompt overflows [tor-browser]
+ * Bug 42092: Onion services key table display problems. [tor-browser]
+ * Bug 42102: TorProcess says the SOCKS port is not valid even though it is [tor-browser]
+ * Bug 42110: Add a utility module for shared UI methods needed for several tor browser components [tor-browser]
+ * Windows
+ * Bug 41798: Stop building private_browsing.exe on Windows [tor-browser]
+ * macOS
+ * Bug 42078: Implement MacOS application icons [tor-browser]
+ * Linux
+ * Bug 42088: Implement Linux application icons [tor-browser]
+ * Android
+ * Updated GeckoView to 115.3.0esr
+ * Bug 42089: Disable Mozilla 1805450 [tor-browser]
+ * Bug 42122: Fix crash due to bad android deprecation and APIs
+ * Build System
+ * Windows + macOS + Linux
+ * Bug 40956: Allow testing the updater also with release and alpha channel [tor-browser-build]
+ * Windows
+ * Bug 41995: Generated headers on Windows aren't reproducible [tor-browser]
+
+Tor Browser 13.0a4 - September 12 2023
+ * All Platforms
+ * Updated Translations
+ * Updated NoScript to 11.4.27
+ * Updated tor to 0.4.8.5
+ * Updated Snowflake to 2.6.1
+ * Bug 40951: Firefox fails to build for macos after #40938 [tor-browser-build]
+ * Bug 41675: ESR115: decide on large array buffers [tor-browser]
+ * Bug 41740: ESR115: change devicePixelRatio spoof to 2 in alpha for testing [tor-browser]
+ * Bug 41797: Lock RFP in release builds [tor-browser]
+ * Bug 41934: Websocket raises DOMException on http onions in 13.0a1 [tor-browser]
+ * Bug 42034: aboutTBUpdate.dtd is duplicated [tor-browser]
+ * Bug 42043: Disable gUM: media.devices.enumerate.legacy.enabled [tor-browser]
+ * Bug 42061: Move the alpha update channel creation to a commit on its own [tor-browser]
+ * Bug 42084: Race condition with language preferences may make spoof_english ineffective [tor-browser]
+ * Bug 42093: Rebase alpha onto 115.2.1esr [tor-browser]
+ * Windows + macOS + Linux
+ * Updated Firefox to 115.2.1esr
+ * Bug 40149: Remove patching of nightly update URL [tor-browser-build]
+ * Bug 40821: The update details URL is wrong in alphas [tor-browser-build]
+ * Bug 40938: Copy the new tor-browser.ftl file to the appropriate directory [tor-browser-build]
+ * Bug 41333: Modernize Tor Browser's new-tab page (about:tor) [tor-browser]
+ * Bug 41528: Hard-coded English "based on Mozilla Firefox" appears in version in "About" dialog [tor-browser]
+ * Bug 41651: Use moz-toggle in connection preferences [tor-browser]
+ * Bug 41739: Remove "Website appearance" [tor-browser]
+ * Bug 41774: Hide the new "Switching to a new device" help menu item [tor-browser]
+ * Bug 41821: Fix the proxy type in the proxy modal of about:preferences in 13.0 [tor-browser]
+ * Bug 41865: Use --text-color-deemphasized rather than --panel-description-color [tor-browser]
+ * Bug 41876: Remove firefox view from title bar [tor-browser]
+ * Bug 41881: Developer tools/Network/New Request remembers requests [tor-browser]
+ * Bug 41886: Downloads drop-down panel has new-line/line-break between every word in the 'Be careful opening downloads' warning [tor-browser]
+ * Bug 41904: The log textarea doesn't resize anymore [tor-browser]
+ * BUg 41906: hide about:preferences#privacy > DNS over HTTPS section [tor-browser]
+ * Bug 41971: Update Tails URL in downloads warning [tor-browser]
+ * Bug 41974: De-emphasized text in custom components is no longer gray in 13.0 alpha [tor-browser]
+ * Bug 41977: Hide the "Learn more" link in bridge cards [tor-browser]
+ * Bug 41980: Circuit display headline is misaligned in 13.0 alpha [tor-browser]
+ * Bug 42027: Create a Base Browser version of migrateUI [tor-browser]
+ * Bug 42045: Circuit panel overflows with long ipv6 addresses [tor-browser]
+ * Bug 42046: Remove XUL layout hacks from base browser [tor-browser]
+ * Bug 42047: Remove layout hacks from tor browser preferences [tor-browser]
+ * Bug 42050: Bring back Save As... dialog as default [tor-browser]
+ * Bug 42075: Fix link spacing and underline on new homepage [tor-browser]
+ * Windows + Android
+ * Updated zlib to 1.3
+ * Bug 40930: Update zlib to 1.3 after 13.0a3 [tor-browser-build]
+ * macOS
+ * Bug 42057: Disable Platform text-recognition functionality [tor-browser]
+ * Linux
+ * Bug 41509: After update, KDE Plasma identifies Tor Browser Nightly window group as "firefox-nightly" [tor-browser]
+ * Android
+ * Updated GeckoView to 115.2.1esr
+ * Bug 40941: Remove PT process options on Android [tor-browser-build]
+ * Bug 41878: firefox-mobile: refactor tor bootstrap off deleted onboarding path [tor-browser]
+ * Bug 41879: firefox-android: Add Tor integration and UI commit is too big, needs to be split up [tor-browser]
+ * Bug 41882: Update DuckDuckGo icons [tor-browser]
+ * Bug 41987: Tor Browser Android Onboarding Plan [tor-browser]
+ * Bug 42001: Hide 'Open links in external app' settings option and force defaults [tor-browser]
+ * Bug 42038: TBA Alpha - inscriptions Tor Browser Alpha and FireFox Browser simultaneously on the start screen [tor-browser]
+ * Bug 42076: Theme is visable in options, but shouldn't be [tor-browser]
+ * Build System
+ * All Platforms
+ * Updated Go to 1.21.1
+ * Bug 40929: Update go to 1.21 series after 13.0a3 [tor-browser-build]
+ * Bug 40932: Remove appname_bundle_android, appname_bundle_macos, appname_bundle_linux, appname_bundle_win32, appname_bundle_win64 from projects/release/update_responses_config.yml [tor-browser-build]
+ * Bug 40935: Fix fallout from build target rename in signing scripts [tor-browser-build]
+ * Bug 40948: Remove lyrebird-vendor sha256sum in nightly [tor-browser-build]
+ * Windows + macOS + Linux
+ * Bug 40786: deploy_update_responses-*.sh requires +r permissions to run [tor-browser-build]
+ * Bug 40931: Fix incrementals after tor-browser-build#40829 [tor-browser-build]
+ * Bug 40933: Fix generating incrementals between 12.5.x and 13.0 [tor-browser-build]
+ * Bug 40942: Use the branch to build Base Browser [tor-browser-build]
+ * Bug 40944: After #40931, updates_responses is using incremental.mar files as if they were non-incremental mar files [tor-browser-build]
+ * Bug 40946: override_updater_url does not work for Mullvad Browser [tor-browser-build]
+ * Bug 40947: Remove migrate_langs from tools/signing/nightly/update-responses-base-config.yml [tor-browser-build]
+ * macOS
+ * Bug 40943: Update libdmg-hfsplus to include our uplifted patch [tor-browser-build]
+ * Bug 42035: Update tools/torbrowser/ scripts to support macOS dev environment [tor-browser]
+ * Linux
+ * Bug 42071: tor-browser deployed format changed breaking fetch.sh [tor-browser]
+
Tor Browser 12.5.4 - September 12 2023
* All Platforms
* Updated Translations
=====================================
projects/browser/allowed_addons.json
=====================================
@@ -17,7 +17,7 @@
"picture_url": "https://addons.mozilla.org/user-media/userpics/34/9734/13299734/13299734.pn…"
}
],
- "average_daily_users": 997396,
+ "average_daily_users": 1014444,
"categories": {
"android": [
"experimental",
@@ -221,10 +221,10 @@
"category": "recommended"
},
"ratings": {
- "average": 4.5546,
- "bayesian_average": 4.553446665437272,
- "count": 5144,
- "text_count": 1618
+ "average": 4.5534,
+ "bayesian_average": 4.55225009063314,
+ "count": 5166,
+ "text_count": 1629
},
"ratings_url": "https://addons.mozilla.org/en-US/firefox/addon/darkreader/reviews/",
"requires_payment": false,
@@ -321,7 +321,7 @@
"type": "extension",
"url": "https://addons.mozilla.org/en-US/firefox/addon/darkreader/",
"versions_url": "https://addons.mozilla.org/en-US/firefox/addon/darkreader/versions/",
- "weekly_downloads": 25493
+ "weekly_downloads": 26444
},
"notes": null
},
@@ -337,7 +337,7 @@
"picture_url": "https://addons.mozilla.org/user-media/userpics/56/7656/6937656/6937656.png?…"
}
],
- "average_daily_users": 254833,
+ "average_daily_users": 256930,
"categories": {
"android": [
"security-privacy"
@@ -553,9 +553,9 @@
"category": "recommended"
},
"ratings": {
- "average": 4.8125,
- "bayesian_average": 4.807850481587009,
- "count": 1360,
+ "average": 4.8128,
+ "bayesian_average": 4.80814342064221,
+ "count": 1362,
"text_count": 240
},
"ratings_url": "https://addons.mozilla.org/en-US/firefox/addon/decentraleyes/reviews/",
@@ -641,7 +641,7 @@
"type": "extension",
"url": "https://addons.mozilla.org/en-US/firefox/addon/decentraleyes/",
"versions_url": "https://addons.mozilla.org/en-US/firefox/addon/decentraleyes/versions/",
- "weekly_downloads": 3381
+ "weekly_downloads": 3097
},
"notes": null
},
@@ -657,7 +657,7 @@
"picture_url": "https://addons.mozilla.org/user-media/userpics/73/4073/5474073/5474073.png?…"
}
],
- "average_daily_users": 1103209,
+ "average_daily_users": 1117012,
"categories": {
"android": [
"security-privacy"
@@ -669,7 +669,7 @@
"contributions_url": "https://paypal.me/SupportEFF?utm_content=product-page-contribute&utm_medium…",
"created": "2014-05-01T18:23:16Z",
"current_version": {
- "id": 5584898,
+ "id": 5622730,
"compatibility": {
"firefox": {
"min": "60.0",
@@ -680,7 +680,7 @@
"max": "*"
}
},
- "edit_url": "https://addons.mozilla.org/en-US/developers/addon/privacy-badger17/versions…",
+ "edit_url": "https://addons.mozilla.org/en-US/developers/addon/privacy-badger17/versions…",
"is_strict_compatibility_enabled": false,
"license": {
"id": 6,
@@ -691,23 +691,24 @@
"url": "http://www.gnu.org/licenses/gpl-3.0.html"
},
"release_notes": {
- "en-US": "2023.6.23 is a bug fix release addressing various site breakages.\n\nNotes for 2023.6.14:\n<ul><li>Privacy Badger now comes with the largest blocklist yet, thanks to improved tracking detection and continually expanding <a href=\"https://prod.outgoing.prod.webservices.mozgcp.net/v1/e7679342a72ee118b720d9…" rel=\"nofollow\">pre-training</a>. In addition to learning from tracking techniques like cookies and canvas fingerprinting, Privacy Badger now also learns from the <a href=\"https://prod.outgoing.prod.webservices.mozgcp.net/v1/5a177129df8c5230a116e1…" rel=\"nofollow\">Beacon API</a>.</li><li>Fixed blocking trackers from just-closed tabs or from pages you recently navigated away from</li><li>Improved display of tracking domains on the options page on larger screens</li><li>Fixed various site breakages</li><li>Improved Italian translations</li></ul>"
+ "en-US": "<ul><li><a href=\"https://prod.outgoing.prod.webservices.mozgcp.net/v1/07ac27a67ad814cdf74ed5…" rel=\"nofollow\">Improved link tracking protection</a> (\"link unwrapping\") on Google sites. With this update Privacy Badger removes tracking from links in Google Docs, Gmail, Google Maps, and Google Images results. Privacy Badger now also removes tracking from links added after scrolling through Google Search results.</li><li>Fixed various site breakages</li><li>Added Malay and restored Serbian translations</li><li>Improved Traditional Chinese translations</li></ul>"
},
- "reviewed": "2023-06-28T16:18:01Z",
- "version": "2023.6.23",
+ "reviewed": "2023-09-15T11:48:09Z",
+ "version": "2023.9.12",
"files": [
{
- "id": 4129240,
- "created": "2023-06-23T20:19:09Z",
- "hash": "sha256:ce79513710b2aed96bf03ec63d8be2e8274329e8d90911f5b8962c777e006e96",
+ "id": 4167070,
+ "created": "2023-09-12T19:42:38Z",
+ "hash": "sha256:eae97d9d3df3350476901ca412505cb4a43d0e7fa79bd9516584935158f82095",
"is_restart_required": false,
"is_webextension": true,
"is_mozilla_signed_extension": false,
"platform": "all",
- "size": 1968096,
+ "size": 1986265,
"status": "public",
- "url": "https://addons.mozilla.org/firefox/downloads/file/4129240/privacy_badger17-…",
+ "url": "https://addons.mozilla.org/firefox/downloads/file/4167070/privacy_badger17-…",
"permissions": [
+ "alarms",
"tabs",
"http://*/*",
"https://*/*",
@@ -721,6 +722,10 @@
"https://*.messenger.com/*",
"http://*.messenger.com/*",
"*://*.facebookcorewwwi.onion/*",
+ "https://docs.google.com/*",
+ "http://docs.google.com/*",
+ "https://mail.google.com/*",
+ "http://mail.google.com/*",
"https://www.google.com/*",
"http://www.google.com/*",
"https://www.google.ad/*",
@@ -1101,10 +1106,6 @@
"http://www.google.co.zw/*",
"https://www.google.cat/*",
"http://www.google.cat/*",
- "https://hangouts.google.com/*",
- "http://hangouts.google.com/*",
- "https://docs.google.com/*",
- "http://docs.google.com/*",
"<all_urls>"
],
"optional_permissions": [],
@@ -1134,7 +1135,7 @@
},
"is_disabled": false,
"is_experimental": false,
- "last_updated": "2023-06-28T16:18:01Z",
+ "last_updated": "2023-09-15T11:48:09Z",
"name": {
"en-US": "Privacy Badger"
},
@@ -1180,9 +1181,9 @@
"category": "recommended"
},
"ratings": {
- "average": 4.8008,
- "bayesian_average": 4.798040649165502,
- "count": 2289,
+ "average": 4.8005,
+ "bayesian_average": 4.797738794107263,
+ "count": 2291,
"text_count": 436
},
"ratings_url": "https://addons.mozilla.org/en-US/firefox/addon/privacy-badger17/reviews/",
@@ -1207,7 +1208,7 @@
"type": "extension",
"url": "https://addons.mozilla.org/en-US/firefox/addon/privacy-badger17/",
"versions_url": "https://addons.mozilla.org/en-US/firefox/addon/privacy-badger17/versions/",
- "weekly_downloads": 18054
+ "weekly_downloads": 18666
},
"notes": null
},
@@ -1223,7 +1224,7 @@
"picture_url": null
}
],
- "average_daily_users": 6472388,
+ "average_daily_users": 6583619,
"categories": {
"android": [
"security-privacy"
@@ -1235,7 +1236,7 @@
"contributions_url": "",
"created": "2015-04-25T07:26:22Z",
"current_version": {
- "id": 5596914,
+ "id": 5626680,
"compatibility": {
"firefox": {
"min": "78.0",
@@ -1246,7 +1247,7 @@
"max": "*"
}
},
- "edit_url": "https://addons.mozilla.org/en-US/developers/addon/ublock-origin/versions/55…",
+ "edit_url": "https://addons.mozilla.org/en-US/developers/addon/ublock-origin/versions/56…",
"is_strict_compatibility_enabled": false,
"license": {
"id": 6,
@@ -1257,22 +1258,22 @@
"url": "http://www.gnu.org/licenses/gpl-3.0.html"
},
"release_notes": {
- "en-US": "See complete release notes for <a href=\"https://prod.outgoing.prod.webservices.mozgcp.net/v1/57eadd553bcb629be4f757…" rel=\"nofollow\">1.51.0</a>.\n\n<b>Fixes / changes</b>\n\n<ul><li><a href=\"https://prod.outgoing.prod.webservices.mozgcp.net/v1/a578674b791ed67b926b31…" rel=\"nofollow\">Remove obsolete web<em>accessible</em>resources</a></li><li><a href=\"https://prod.outgoing.prod.webservices.mozgcp.net/v1/7071379ad6c88fec4e40b3…" rel=\"nofollow\">Add missing (deprecated) method to google ima</a></li><li><a href=\"https://prod.outgoing.prod.webservices.mozgcp.net/v1/bf46690e10ed8a086d9d50…" rel=\"nofollow\">Fix regression in handling of experimental <code>header=</code> filter option</a></li><li><a href=\"https://prod.outgoing.prod.webservices.mozgcp.net/v1/f2328063ec5c7512d5899f…" rel=\"nofollow\">Only already normalized CSS selectors can be fast path-compiled</a></li><li><a href=\"https://prod.outgoing.prod.webservices.mozgcp.net/v1/e271cd306c9578e0ed17c7…" rel=\"nofollow\">Improve compatibility with AdGuard's scriptlets</a></li><li><a href=\"https://prod.outgoing.prod.webservices.mozgcp.net/v1/f42373a2522c9739807b48…" rel=\"nofollow\">Add static network filter option: <code>permissions</code></a></li><li><a href=\"https://prod.outgoing.prod.webservices.mozgcp.net/v1/f502abdb178413a344a43d…" rel=\"nofollow\">Add <code>set-attr</code> scriptlet</a></li><li><a href=\"https://prod.outgoing.prod.webservices.mozgcp.net/v1/46449872121aa9a39f8fe5…" rel=\"nofollow\">Do not bail too early when trapping properties in <code>acs</code> scriptlet</a></li><li><a href=\"https://prod.outgoing.prod.webservices.mozgcp.net/v1/76b28688717445a36e5ee4…" rel=\"nofollow\">Fix regression in cloud storage import of \"Filter lists\" pane</a></li><li><a href=\"https://prod.outgoing.prod.webservices.mozgcp.net/v1/eb0f0fdfbd50904d7cd8e2…" rel=\"nofollow\">Add <code>set-session-storage-item</code> scriptlet</a></li><li><a href=\"https://prod.outgoing.prod.webservices.mozgcp.net/v1/f125a8290e220a02336532…" rel=\"nofollow\">Prevent negative position when widget size is greater than viewport size</a><ul><li><a href=\"https://prod.outgoing.prod.webservices.mozgcp.net/v1/e49ec519e35ce90b1ce424…" rel=\"nofollow\">Ensure no negative value for <code>top</code> property of floating widget in logger</a></li></ul></li><li><a href=\"https://prod.outgoing.prod.webservices.mozgcp.net/v1/2398a39690c82a85f3fb23…" rel=\"nofollow\">Add visual hint when not all sublists are enabled</a></li><li><a href=\"https://prod.outgoing.prod.webservices.mozgcp.net/v1/f549cc526fa10665161c86…" rel=\"nofollow\">Add support for AdGuard's noop (<code>_</code>) network filter option</a></li><li><a href=\"https://prod.outgoing.prod.webservices.mozgcp.net/v1/c649c1ddb8b1d7f280a068…" rel=\"nofollow\">Add \"tabless\" filter expression for logger output</a></li><li><a href=\"https://prod.outgoing.prod.webservices.mozgcp.net/v1/3f7e7d0a06e918e4c8b3f8…" rel=\"nofollow\">Add support for logical expressions to <code>!#if</code> directive</a><ul><li>Also added support for <code>!#else</code></li></ul></li><li><a href=\"https://prod.outgoing.prod.webservices.mozgcp.net/v1/f1e827e5c4e256a0c832f9…" rel=\"nofollow\">Add resource aliases for increased compatibility with AdGuard lists</a></li><li><a href=\"https://prod.outgoing.prod.webservices.mozgcp.net/v1/6f42d070e087002ada8f37…" rel=\"nofollow\">Add compatibility with AdGuard's <code>#%#//scriptlet(...)</code> syntax</a><ul><li>Also added support for quoted parameters in <code>##+js(...)</code> syntax</li></ul></li><li><a href=\"https://prod.outgoing.prod.webservices.mozgcp.net/v1/50632bd7b34e7e7185c764…" rel=\"nofollow\">Fix syntax highlighter throwing with invalid patterns</a></li><li>...</li></ul>\n<a href=\"https://prod.outgoing.prod.webservices.mozgcp.net/v1/7c755863346ab5ff9e77ae…" rel=\"nofollow\">Commits history since last version</a>."
+ "en-US": "See complete release notes for <a href=\"https://prod.outgoing.prod.webservices.mozgcp.net/v1/e38b38b24e46f55b7c57f8…" rel=\"nofollow\">1.52.2</a>.\n\n<b>Fixes / changes</b>\n\n<ul><li><a href=\"https://prod.outgoing.prod.webservices.mozgcp.net/v1/c8600567c8c689e1622572…" rel=\"nofollow\">Fix XHR hook partial response handling</a> (fix by @ephemeralViolette)</li><li><a href=\"https://prod.outgoing.prod.webservices.mozgcp.net/v1/086a07ab99860699ff92c9…" rel=\"nofollow\">Fix regression in <code>:is()</code> operator</a></li><li><a href=\"https://prod.outgoing.prod.webservices.mozgcp.net/v1/70ff1de4e99376d9ec6147…" rel=\"nofollow\">Do not assume set viewport for popup panel when using portrait mode in descktop</a></li><li><a href=\"https://prod.outgoing.prod.webservices.mozgcp.net/v1/bbe0786f040f57b52d6ee7…" rel=\"nofollow\">Fix removal of <code>:scope</code> prefix in <code>:has()</code> operator</a></li></ul>\n<a href=\"https://prod.outgoing.prod.webservices.mozgcp.net/v1/3851922ac2114338a1a10a…" rel=\"nofollow\">Commits history since last version</a>."
},
- "reviewed": "2023-07-25T09:58:22Z",
- "version": "1.51.0",
+ "reviewed": "2023-09-25T15:47:17Z",
+ "version": "1.52.2",
"files": [
{
- "id": 4141256,
- "created": "2023-07-19T23:09:25Z",
- "hash": "sha256:8b73468bc233a11dd2895219466381783d19123857dd0b6fd16a01820fca4834",
+ "id": 4171020,
+ "created": "2023-09-21T17:09:35Z",
+ "hash": "sha256:e8ee3f9d597a6d42db9d73fe87c1d521de340755fd8bfdd69e41623edfe096d6",
"is_restart_required": false,
"is_webextension": true,
"is_mozilla_signed_extension": false,
"platform": "all",
- "size": 3538418,
+ "size": 3578876,
"status": "public",
- "url": "https://addons.mozilla.org/firefox/downloads/file/4141256/ublock_origin-1.5…",
+ "url": "https://addons.mozilla.org/firefox/downloads/file/4171020/ublock_origin-1.5…",
"permissions": [
"dns",
"menus",
@@ -1388,7 +1389,7 @@
},
"is_disabled": false,
"is_experimental": false,
- "last_updated": "2023-09-11T16:45:44Z",
+ "last_updated": "2023-09-25T15:47:17Z",
"name": {
"ar": "uBlock Origin",
"bg": "uBlock Origin",
@@ -1533,10 +1534,10 @@
"category": "recommended"
},
"ratings": {
- "average": 4.7827,
- "bayesian_average": 4.782306388225343,
- "count": 15984,
- "text_count": 4147
+ "average": 4.7829,
+ "bayesian_average": 4.782507229381479,
+ "count": 16045,
+ "text_count": 4163
},
"ratings_url": "https://addons.mozilla.org/en-US/firefox/addon/ublock-origin/reviews/",
"requires_payment": false,
@@ -1598,7 +1599,7 @@
"type": "extension",
"url": "https://addons.mozilla.org/en-US/firefox/addon/ublock-origin/",
"versions_url": "https://addons.mozilla.org/en-US/firefox/addon/ublock-origin/versions/",
- "weekly_downloads": 141824
+ "weekly_downloads": 146003
},
"notes": null
},
@@ -1614,7 +1615,7 @@
"picture_url": null
}
],
- "average_daily_users": 170796,
+ "average_daily_users": 170996,
"categories": {
"android": [
"photos-media"
@@ -1713,9 +1714,9 @@
"category": "recommended"
},
"ratings": {
- "average": 4.4934,
- "bayesian_average": 4.488285425448023,
- "count": 1139,
+ "average": 4.4899,
+ "bayesian_average": 4.484788968165164,
+ "count": 1141,
"text_count": 425
},
"ratings_url": "https://addons.mozilla.org/en-US/firefox/addon/video-background-play-fix/re…",
@@ -1738,7 +1739,7 @@
"type": "extension",
"url": "https://addons.mozilla.org/en-US/firefox/addon/video-background-play-fix/",
"versions_url": "https://addons.mozilla.org/en-US/firefox/addon/video-background-play-fix/ve…",
- "weekly_downloads": 408
+ "weekly_downloads": 305
},
"notes": null
},
@@ -1754,7 +1755,7 @@
"picture_url": null
}
],
- "average_daily_users": 85891,
+ "average_daily_users": 86760,
"categories": {
"android": [
"experimental",
@@ -1775,11 +1776,11 @@
},
"android": {
"min": "48.0",
- "max": "*"
+ "max": "68.*"
}
},
"edit_url": "https://addons.mozilla.org/en-US/developers/addon/privacy-possum/versions/4…",
- "is_strict_compatibility_enabled": false,
+ "is_strict_compatibility_enabled": true,
"license": {
"id": 6,
"is_custom": false,
@@ -1892,7 +1893,7 @@
"type": "extension",
"url": "https://addons.mozilla.org/en-US/firefox/addon/privacy-possum/",
"versions_url": "https://addons.mozilla.org/en-US/firefox/addon/privacy-possum/versions/",
- "weekly_downloads": 720
+ "weekly_downloads": 2439
},
"notes": null
},
@@ -1908,7 +1909,7 @@
"picture_url": "https://addons.mozilla.org/user-media/userpics/64/9064/12929064/12929064.pn…"
}
],
- "average_daily_users": 265122,
+ "average_daily_users": 268258,
"categories": {
"android": [
"photos-media",
@@ -2127,10 +2128,10 @@
"category": "recommended"
},
"ratings": {
- "average": 4.6523,
- "bayesian_average": 4.647695702345138,
- "count": 1320,
- "text_count": 254
+ "average": 4.6533,
+ "bayesian_average": 4.648688441384268,
+ "count": 1321,
+ "text_count": 255
},
"ratings_url": "https://addons.mozilla.org/en-US/firefox/addon/search_by_image/reviews/",
"requires_payment": false,
@@ -2151,7 +2152,7 @@
"type": "extension",
"url": "https://addons.mozilla.org/en-US/firefox/addon/search_by_image/",
"versions_url": "https://addons.mozilla.org/en-US/firefox/addon/search_by_image/versions/",
- "weekly_downloads": 3992
+ "weekly_downloads": 4288
},
"notes": null
},
@@ -2174,7 +2175,7 @@
"picture_url": null
}
],
- "average_daily_users": 111829,
+ "average_daily_users": 112323,
"categories": {
"android": [
"other"
@@ -2457,10 +2458,10 @@
"category": "recommended"
},
"ratings": {
- "average": 4.3834,
- "bayesian_average": 4.378879936387472,
- "count": 1252,
- "text_count": 346
+ "average": 4.3746,
+ "bayesian_average": 4.370112364351098,
+ "count": 1260,
+ "text_count": 351
},
"ratings_url": "https://addons.mozilla.org/en-US/firefox/addon/google-search-fixer/reviews/",
"requires_payment": false,
@@ -2480,7 +2481,7 @@
"type": "extension",
"url": "https://addons.mozilla.org/en-US/firefox/addon/google-search-fixer/",
"versions_url": "https://addons.mozilla.org/en-US/firefox/addon/google-search-fixer/versions/",
- "weekly_downloads": 48
+ "weekly_downloads": 59
},
"notes": null
},
@@ -2496,7 +2497,7 @@
"picture_url": "https://addons.mozilla.org/user-media/userpics/43/0143/143/143.png?modified…"
}
],
- "average_daily_users": 304519,
+ "average_daily_users": 306943,
"categories": {
"android": [
"performance",
@@ -2510,7 +2511,7 @@
"contributions_url": "https://www.paypal.com/donate/?hosted_button_id=9ERKTU5MBH4EW&utm_content=p…",
"created": "2005-05-13T10:51:32Z",
"current_version": {
- "id": 5597003,
+ "id": 5620645,
"compatibility": {
"firefox": {
"min": "59.0",
@@ -2521,7 +2522,7 @@
"max": "*"
}
},
- "edit_url": "https://addons.mozilla.org/en-US/developers/addon/noscript/versions/5597003",
+ "edit_url": "https://addons.mozilla.org/en-US/developers/addon/noscript/versions/5620645",
"is_strict_compatibility_enabled": false,
"license": {
"id": 13,
@@ -2532,22 +2533,22 @@
"url": "http://www.gnu.org/licenses/gpl-2.0.html"
},
"release_notes": {
- "en-US": "v 11.4.26\n============================================================\nx [Android] Fixed regression preventing NoScript prompts\n from being shown\nx [XSS] Fallback to execute most demanding regular\n expressions asynchronously\nx [XSS] Removed obsolete Flash-related checks\nx [XSS] Make InjectionChecker's regular expressions easier\n to debug\nx [XSS] Updated OpenID regexp"
+ "en-US": "v 11.4.27\n============================================================\nx [XSS] Better specificity of HTML elements preliminary\n checks\nx [XSS] Better specificity of potential fragmented injection\n through framework syntax detection (thanks Rom623, barbaz\n et al)\nx [nscl] RegExp.combo(): RegExp creation by combination for\n better readability and comments\nx [nscl] Replaced lib/sha256.js with web platform native\n implementation (thanks Martin for suggested patch)\nx [nscl] Fixed property/function mismatch (thanks Alex)\nx Fixed operators precedence issue #312 (thanks Alex)\nx [nscl] Prevent dead object access on BF cache (thanks\n jamhubub and mriehm)"
},
- "reviewed": "2023-07-25T09:58:54Z",
- "version": "11.4.26",
+ "reviewed": "2023-09-13T06:54:08Z",
+ "version": "11.4.27",
"files": [
{
- "id": 4141345,
- "created": "2023-07-20T07:16:01Z",
- "hash": "sha256:283db0eaebbd2888c1a852f5acabaa8e0225ff1eb1a97a25bceaedfd14d9f44c",
+ "id": 4164985,
+ "created": "2023-09-08T14:50:57Z",
+ "hash": "sha256:6b57d9afce663f801177b7492fe7f00967ee3e66b6351b2cf3ff2a6c3ca99637",
"is_restart_required": false,
"is_webextension": true,
"is_mozilla_signed_extension": false,
"platform": "all",
- "size": 952442,
+ "size": 950105,
"status": "public",
- "url": "https://addons.mozilla.org/firefox/downloads/file/4141345/noscript-11.4.26.…",
+ "url": "https://addons.mozilla.org/firefox/downloads/file/4164985/noscript-11.4.27.…",
"permissions": [
"contextMenus",
"storage",
@@ -2614,7 +2615,7 @@
},
"is_disabled": false,
"is_experimental": false,
- "last_updated": "2023-09-08T14:26:13Z",
+ "last_updated": "2023-09-13T06:54:08Z",
"name": {
"de": "NoScript",
"el": "NoScript",
@@ -2686,10 +2687,10 @@
"category": "recommended"
},
"ratings": {
- "average": 4.3969,
- "bayesian_average": 4.394206528489455,
- "count": 2109,
- "text_count": 816
+ "average": 4.3975,
+ "bayesian_average": 4.39481198926411,
+ "count": 2118,
+ "text_count": 819
},
"ratings_url": "https://addons.mozilla.org/en-US/firefox/addon/noscript/reviews/",
"requires_payment": false,
@@ -2733,7 +2734,7 @@
"type": "extension",
"url": "https://addons.mozilla.org/en-US/firefox/addon/noscript/",
"versions_url": "https://addons.mozilla.org/en-US/firefox/addon/noscript/versions/",
- "weekly_downloads": 7314
+ "weekly_downloads": 7384
},
"notes": null
},
@@ -2749,7 +2750,7 @@
"picture_url": null
}
],
- "average_daily_users": 153051,
+ "average_daily_users": 153921,
"categories": {
"android": [
"performance",
@@ -2763,18 +2764,18 @@
"contributions_url": "",
"created": "2011-07-15T10:42:41Z",
"current_version": {
- "id": 5522766,
+ "id": 5625141,
"compatibility": {
"firefox": {
- "min": "48.0",
+ "min": "113.0",
"max": "*"
},
"android": {
- "min": "48.0",
+ "min": "113.0",
"max": "*"
}
},
- "edit_url": "https://addons.mozilla.org/en-US/developers/addon/youtube-high-definition/v…",
+ "edit_url": "https://addons.mozilla.org/en-US/developers/addon/youtube-high-definition/v…",
"is_strict_compatibility_enabled": false,
"license": {
"id": 12,
@@ -2785,33 +2786,30 @@
"url": "http://www.gnu.org/licenses/lgpl-3.0.html"
},
"release_notes": {
- "en-US": "AMO GUID added"
+ "en-US": "Manifest v3 Support"
},
- "reviewed": "2023-02-09T15:16:44Z",
- "version": "109.0.0",
+ "reviewed": "2023-09-21T07:50:10Z",
+ "version": "118.0.5",
"files": [
{
- "id": 4067111,
- "created": "2023-02-06T12:44:20Z",
- "hash": "sha256:bdda70d2ad5bfc5065844b76008ac731341b46be0d43ab9de535f28206ea3c59",
+ "id": 4169481,
+ "created": "2023-09-18T12:22:43Z",
+ "hash": "sha256:66d24520820ea01056219751f4c42bf49cb7c0a295eb53e63cf28d603ea42d50",
"is_restart_required": false,
"is_webextension": true,
"is_mozilla_signed_extension": false,
"platform": "all",
- "size": 234450,
+ "size": 216452,
"status": "public",
- "url": "https://addons.mozilla.org/firefox/downloads/file/4067111/youtube_high_defi…",
+ "url": "https://addons.mozilla.org/firefox/downloads/file/4169481/youtube_high_defi…",
"permissions": [
- "tabs",
"storage",
- "cookies",
- "webRequest",
- "webRequestBlocking",
- "<all_urls>",
"*://*.youtube.com/*"
],
"optional_permissions": [],
- "host_permissions": []
+ "host_permissions": [
+ "<all_urls>"
+ ]
}
]
},
@@ -2835,7 +2833,7 @@
},
"is_disabled": false,
"is_experimental": false,
- "last_updated": "2023-02-09T15:16:44Z",
+ "last_updated": "2023-09-21T07:50:10Z",
"name": {
"en-US": "YouTube High Definition",
"zh-TW": "YouTube High Definition"
@@ -2864,10 +2862,10 @@
"category": "recommended"
},
"ratings": {
- "average": 3.8981,
- "bayesian_average": 3.8938714538391337,
- "count": 1158,
- "text_count": 410
+ "average": 3.897,
+ "bayesian_average": 3.8927898014617073,
+ "count": 1165,
+ "text_count": 416
},
"ratings_url": "https://addons.mozilla.org/en-US/firefox/addon/youtube-high-definition/revi…",
"requires_payment": false,
@@ -2886,7 +2884,7 @@
"type": "extension",
"url": "https://addons.mozilla.org/en-US/firefox/addon/youtube-high-definition/",
"versions_url": "https://addons.mozilla.org/en-US/firefox/addon/youtube-high-definition/vers…",
- "weekly_downloads": 1907
+ "weekly_downloads": 1686
},
"notes": null
}
=====================================
projects/browser/config
=====================================
@@ -103,12 +103,12 @@ input_files:
enable: '[% ! c("var/android") %]'
- filename: Bundle-Data
enable: '[% ! c("var/android") %]'
- - URL: https://addons.mozilla.org/firefox/downloads/file/4141345/noscript-11.4.26.…
+ - URL: https://addons.mozilla.org/firefox/downloads/file/4164985/noscript-11.4.27.…
name: noscript
- sha256sum: 283db0eaebbd2888c1a852f5acabaa8e0225ff1eb1a97a25bceaedfd14d9f44c
- - URL: https://addons.mozilla.org/firefox/downloads/file/4141256/ublock_origin-1.5…
+ sha256sum: 6b57d9afce663f801177b7492fe7f00967ee3e66b6351b2cf3ff2a6c3ca99637
+ - URL: https://addons.mozilla.org/firefox/downloads/file/4171020/ublock_origin-1.5…
name: ublock-origin
- sha256sum: 8b73468bc233a11dd2895219466381783d19123857dd0b6fd16a01820fca4834
+ sha256sum: e8ee3f9d597a6d42db9d73fe87c1d521de340755fd8bfdd69e41623edfe096d6
enable: '[% c("var/mullvad-browser") %]'
- URL: https://github.com/mullvad/browser-extension/releases/download/v0.8.3-firef…
name: mullvad-extension
=====================================
projects/firefox/config
=====================================
@@ -18,7 +18,7 @@ var:
firefox_version: '[% c("var/firefox_platform_version") %]esr'
browser_series: '12.5'
browser_branch: '[% c("var/browser_series") %]-1'
- browser_build: 1
+ browser_build: 2
branding_directory_prefix: 'tb'
copyright_year: '[% exec("git show -s --format=%ci").remove("-.*") %]'
nightly_updates_publish_dir: '[% c("var/nightly_updates_publish_dir_prefix") %]nightly-[% c("var/osname") %]'
@@ -88,7 +88,6 @@ targets:
git_url: https://gitlab.torproject.org/tpo/applications/mullvad-browser.git
var:
branding_directory_prefix: 'mb'
- browser_build: 1
gitlab_project: https://gitlab.torproject.org/tpo/applications/mullvad-browser
linux-x86_64:
=====================================
projects/geckoview/config
=====================================
@@ -16,7 +16,7 @@ container:
var:
geckoview_version: 102.15.1esr
browser_branch: 12.5-1
- browser_build: 1
+ browser_build: 2
copyright_year: '[% exec("git show -s --format=%ci").remove("-.*") %]'
gitlab_project: https://gitlab.torproject.org/tpo/applications/tor-browser
git_commit: '[% exec("git rev-parse HEAD") %]'
=====================================
projects/tor/config
=====================================
@@ -1,6 +1,6 @@
# vim: filetype=yaml sw=2
filename: '[% project %]-[% c("version") %]-[% c("var/osname") %]-[% c("var/build_id") %].tar.gz'
-version: 0.4.7.14
+version: 0.4.7.15
git_hash: 'tor-[% c("version") %]'
git_url: https://gitlab.torproject.org/tpo/core/tor.git
git_submodule: 1
=====================================
projects/translation/config
=====================================
@@ -6,7 +6,7 @@ version: '[% c("abbrev") %]'
steps:
base-browser:
base-browser: '[% INCLUDE build %]'
- git_hash: 566b80ceb253add31128e6bde62a6c0224afeeb9
+ git_hash: b7a2b2cde8e814640554e14520b6b81693810bbd
targets:
nightly:
git_hash: 'base-browser'
@@ -18,7 +18,7 @@ steps:
git_hash: 'basebrowser-newidentityftl'
tor-browser:
tor-browser: '[% INCLUDE build %]'
- git_hash: c4e6b2794f42ab85025fdf61cdb9ed4cc0fbab05
+ git_hash: 00be2129bd017415db63a5da5e18ce54375b7dde
targets:
nightly:
git_hash: 'tor-browser'
@@ -26,7 +26,7 @@ steps:
fenix: '[% INCLUDE build %]'
# We need to bump the commit before releasing but just pointing to a branch
# might cause too much rebuidling of the Firefox part.
- git_hash: 8a98bcc4f466a6cd61c121c502898affc5b96141
+ git_hash: fca8abec22d042536973c482af21683edd98f1b1
targets:
nightly:
git_hash: 'fenix-torbrowserstringsxml'
=====================================
rbm.conf
=====================================
@@ -94,9 +94,10 @@ buildconf:
git_signtag_opt: '-s'
var:
- torbrowser_version: '12.5.4'
+ torbrowser_version: '12.5.5'
torbrowser_build: 'build1'
torbrowser_incremental_from:
+ - 12.5.4
- 12.5.3
- 12.5.2
- 12.5.1
View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/d…
--
View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/d…
You're receiving this email because of your account on gitlab.torproject.org.
1
0
[Git][tpo/applications/tor-browser-build][main] Bug 40963: Make update channel usage consistent between geckoview and firefox-android
by Pier Angelo Vendrame (@pierov) 26 Sep '23
by Pier Angelo Vendrame (@pierov) 26 Sep '23
26 Sep '23
Pier Angelo Vendrame pushed to branch main at The Tor Project / Applications / tor-browser-build
Commits:
e92709ce by Richard Pospesel at 2023-09-25T20:55:45+00:00
Bug 40963: Make update channel usage consistent between geckoview and firefox-android
- - - - -
1 changed file:
- projects/geckoview/build
Changes:
=====================================
projects/geckoview/build
=====================================
@@ -78,7 +78,7 @@ mkdir "$HOME/.mozbuild"
# For single-arch builds, we want to fake a fat aar anyway, to avoid having
# arch suffixes in filenames, or having to rename files.
cat >> mozconfig-android-all << 'MOZCONFIG_EOF'
-ac_add_options --enable-update-channel=[% c("var/channel") %]
+ac_add_options --enable-update-channel=[% c("var/variant") %]
ac_add_options --with-base-browser-version=[% c("var/torbrowser_version") %]
export MOZ_INCLUDE_SOURCE_INFO=1
export MOZ_SOURCE_REPO="[% c('var/gitlab_project') %]"
View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/e…
--
View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/e…
You're receiving this email because of your account on gitlab.torproject.org.
1
0