Pier Angelo Vendrame pushed to branch tor-browser-102.10.0esr-12.0-1 at The Tor Project / Applications / Tor Browser
Commits:
-
8b73ad9e
by Pier Angelo Vendrame at 2023-05-08T10:15:38+02:00
-
c26520af
by Pier Angelo Vendrame at 2023-05-08T10:16:07+02:00
-
23ddf6d2
by hackademix at 2023-05-08T10:16:21+02:00
3 changed files:
- browser/app/profile/001-base-profile.js
- security/manager/ssl/StaticHPKPins.h
- toolkit/torbutton/modules/tor-control-port.js
Changes:
| ... | ... | @@ -404,6 +404,14 @@ pref("captivedetect.canonicalURL", ""); |
| 404 | 404 | // See tor-browser#18801.
|
| 405 | 405 | pref("dom.push.serverURL", "");
|
| 406 | 406 | |
| 407 | +#ifdef XP_WIN
|
|
| 408 | +// tor-browser#41683: Disable the network process on Windows
|
|
| 409 | +// Mozilla already disables the network process for HTTP.
|
|
| 410 | +// With this preference, we completely disable it, because we found that it
|
|
| 411 | +// breaks stuff with mingw. See also tor-browser#41489.
|
|
| 412 | +pref("network.process.enabled", false);
|
|
| 413 | +#endif
|
|
| 414 | + |
|
| 407 | 415 | // Extension support
|
| 408 | 416 | pref("extensions.autoDisableScopes", 0);
|
| 409 | 417 | pref("extensions.databaseSchema", 3);
|
| ... | ... | @@ -451,6 +451,14 @@ static const StaticFingerprints kPinset_tor = { |
| 451 | 451 | kPinset_tor_Data
|
| 452 | 452 | };
|
| 453 | 453 | |
| 454 | +static const char* const kPinset_tor_browser_Data[] = {
|
|
| 455 | + kISRG_Root_X1Fingerprint,
|
|
| 456 | +};
|
|
| 457 | +static const StaticFingerprints kPinset_tor_browser = {
|
|
| 458 | + sizeof(kPinset_tor_browser_Data) / sizeof(const char*),
|
|
| 459 | + kPinset_tor_browser_Data
|
|
| 460 | +};
|
|
| 461 | + |
|
| 454 | 462 | static const char* const kPinset_twitterCom_Data[] = {
|
| 455 | 463 | kGOOGLE_PIN_VeriSignClass2_G2Fingerprint,
|
| 456 | 464 | kGOOGLE_PIN_VeriSignClass3_G2Fingerprint,
|
| ... | ... | @@ -619,6 +627,7 @@ static const TransportSecurityPreload kPublicKeyPinningPreloadList[] = { |
| 619 | 627 | { "blogger.com", true, false, false, -1, &kPinset_google_root_pems },
|
| 620 | 628 | { "blogspot.com", true, false, false, -1, &kPinset_google_root_pems },
|
| 621 | 629 | { "br.search.yahoo.com", false, true, false, -1, &kPinset_yahoo },
|
| 630 | + { "bridges.torproject.org", false, false, false, -1, &kPinset_tor_browser },
|
|
| 622 | 631 | { "bugs.chromium.org", true, false, false, -1, &kPinset_google_root_pems },
|
| 623 | 632 | { "build.chromium.org", true, false, false, -1, &kPinset_google_root_pems },
|
| 624 | 633 | { "business.facebook.com", true, false, false, -1, &kPinset_facebook },
|
| ... | ... | @@ -135,6 +135,18 @@ class AsyncSocket { |
| 135 | 135 | this.inputQueue.push({
|
| 136 | 136 | onInputStreamReady: stream => {
|
| 137 | 137 | try {
|
| 138 | + if (!this.scriptableInputStream.available()) {
|
|
| 139 | + // This means EOF, but not closed yet. However, arriving at EOF
|
|
| 140 | + // should be an error condition for us, since we are in a socket,
|
|
| 141 | + // and EOF should mean peer disconnected.
|
|
| 142 | + // If the stream has been closed, this function itself should
|
|
| 143 | + // throw.
|
|
| 144 | + reject(
|
|
| 145 | + new Error("onInputStreamReady called without available bytes.")
|
|
| 146 | + );
|
|
| 147 | + return;
|
|
| 148 | + }
|
|
| 149 | + |
|
| 138 | 150 | // read our string from input stream
|
| 139 | 151 | let str = this.scriptableInputStream.read(
|
| 140 | 152 | this.scriptableInputStream.available()
|