Pier Angelo Vendrame pushed to branch tor-browser-102.10.0esr-12.0-1 at The Tor Project / Applications / Tor Browser

Commits:

3 changed files:

Changes:

  • browser/app/profile/001-base-profile.js
    ... ... @@ -404,6 +404,14 @@ pref("captivedetect.canonicalURL", "");
    404 404
     // See tor-browser#18801.
    
    405 405
     pref("dom.push.serverURL", "");
    
    406 406
     
    
    407
    +#ifdef XP_WIN
    
    408
    +// tor-browser#41683: Disable the network process on Windows
    
    409
    +// Mozilla already disables the network process for HTTP.
    
    410
    +// With this preference, we completely disable it, because we found that it
    
    411
    +// breaks stuff with mingw. See also tor-browser#41489.
    
    412
    +pref("network.process.enabled", false);
    
    413
    +#endif
    
    414
    +
    
    407 415
     // Extension support
    
    408 416
     pref("extensions.autoDisableScopes", 0);
    
    409 417
     pref("extensions.databaseSchema", 3);
    

  • security/manager/ssl/StaticHPKPins.h
    ... ... @@ -451,6 +451,14 @@ static const StaticFingerprints kPinset_tor = {
    451 451
       kPinset_tor_Data
    
    452 452
     };
    
    453 453
     
    
    454
    +static const char* const kPinset_tor_browser_Data[] = {
    
    455
    +  kISRG_Root_X1Fingerprint,
    
    456
    +};
    
    457
    +static const StaticFingerprints kPinset_tor_browser = {
    
    458
    +  sizeof(kPinset_tor_browser_Data) / sizeof(const char*),
    
    459
    +  kPinset_tor_browser_Data
    
    460
    +};
    
    461
    +
    
    454 462
     static const char* const kPinset_twitterCom_Data[] = {
    
    455 463
       kGOOGLE_PIN_VeriSignClass2_G2Fingerprint,
    
    456 464
       kGOOGLE_PIN_VeriSignClass3_G2Fingerprint,
    
    ... ... @@ -619,6 +627,7 @@ static const TransportSecurityPreload kPublicKeyPinningPreloadList[] = {
    619 627
       { "blogger.com", true, false, false, -1, &kPinset_google_root_pems },
    
    620 628
       { "blogspot.com", true, false, false, -1, &kPinset_google_root_pems },
    
    621 629
       { "br.search.yahoo.com", false, true, false, -1, &kPinset_yahoo },
    
    630
    +  { "bridges.torproject.org", false, false, false, -1, &kPinset_tor_browser },
    
    622 631
       { "bugs.chromium.org", true, false, false, -1, &kPinset_google_root_pems },
    
    623 632
       { "build.chromium.org", true, false, false, -1, &kPinset_google_root_pems },
    
    624 633
       { "business.facebook.com", true, false, false, -1, &kPinset_facebook },
    

  • toolkit/torbutton/modules/tor-control-port.js
    ... ... @@ -135,6 +135,18 @@ class AsyncSocket {
    135 135
           this.inputQueue.push({
    
    136 136
             onInputStreamReady: stream => {
    
    137 137
               try {
    
    138
    +            if (!this.scriptableInputStream.available()) {
    
    139
    +              // This means EOF, but not closed yet. However, arriving at EOF
    
    140
    +              // should be an error condition for us, since we are in a socket,
    
    141
    +              // and EOF should mean peer disconnected.
    
    142
    +              // If the stream has been closed, this function itself should
    
    143
    +              // throw.
    
    144
    +              reject(
    
    145
    +                new Error("onInputStreamReady called without available bytes.")
    
    146
    +              );
    
    147
    +              return;
    
    148
    +            }
    
    149
    +
    
    138 150
                 // read our string from input stream
    
    139 151
                 let str = this.scriptableInputStream.read(
    
    140 152
                   this.scriptableInputStream.available()