This is an automated email from the git hooks/post-receive script.
richard pushed a commit to branch main in repository tor-browser-spec.
The following commit(s) were added to refs/heads/main by this push: new 8776a7c Bug 40044: FF92/93 Audit 8776a7c is described below
commit 8776a7cc0707f381858221ef6e73e8984c45d223 Author: Richard Pospesel richard@torproject.org AuthorDate: Wed Oct 26 22:02:18 2022 +0000
Bug 40044: FF92/93 Audit --- audits/FF92_93_AUDIT | 85 ++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 85 insertions(+)
diff --git a/audits/FF92_93_AUDIT b/audits/FF92_93_AUDIT new file mode 100644 index 0000000..1f2f38e --- /dev/null +++ b/audits/FF92_93_AUDIT @@ -0,0 +1,85 @@ +Tracking issue: https://gitlab.torproject.org/tpo/applications/tor-browser-spec/-/issues/400... + +# General + +The audit begins at the commit hash where the previous audit ended. Use code_audit.sh for creating the diff and highlighting potentially problematic code. The audit is scoped to a specific language (currently C/C++, Rust, Java/Kotlin, and Javascript). + +The output includes the entire patch where the new problematic code was introduced. Search for `XXX MATCH XXX` to find the next potential violation. + +`code_audit.sh` contains the list of known problematic APIs. New usage of these functions are documented and analyzed in this audit. + +## Firefox: https://github.com/mozilla/gecko-dev.git ( https://hg.mozilla.org/releases/ ) + +- Start: `be2c584eacac4f7fe827c1d2409399fe13ba614a` ( `FIREFOX_RELEASE_92_BASE` ) +- End: `7ea8b05d021fc8e0194e1b8eb9d37a351c9bdc5f` ( `FIREFOX_RELEASE_93_END` ) + +### Languages: +- [x] java +- [x] cpp +- [x] js +- [x] rust + +Nothing of interest (using `code_audit.sh`) +--- + +## Application Services: https://github.com/mozilla/application-services.git + +- Start: `11f7a4b079c83d37505067bd00e17e96ed52ed64` ( `v82.3.0` ) +- End: `b1f371719ca20db642b64a0e860b4ecb0aaf316f` ( `v86.1.0` ) + +### Languages: +- [x] java +- [x] cpp +- [x] js +- [x] rust + +Nothing of interest (using `code_audit.sh`) + +## Android Components: https://github.com/mozilla-mobile/android-components.git + +- Start: `84553b30da506c656f2a323aed66f8d335fcbf2b` +- End: `e39f5dba3f9c29b46856d700701f6715adc261c5` ( `v93.0.12` ) + +### Languages: +- [x] java +- [x] cpp +- [x] js +- [x] rust + +Nothing of interest (using `code_audit.sh`) + +## Fenix: https://github.com/mozilla-mobile/fenix.git + +- Start: `9552ae0ab75c81bf72637b27f59031f1d088a7bf` +- End: `bcd31c22cd5460867092c71382392f13aeb95e64` ( `v93.2.0` ) + +### Languages: +- [x] java +- [x] cpp +- [x] js +- [x] rust + +Nothing of interest (using `code_audit.sh`) + +## Ticket Review ## + +### Review List + +#### 92 (https://bugzilla.mozilla.org/buglist.cgi?query_format=advanced&resolutio... ) + +- https://bugzilla.mozilla.org/show_bug.cgi?id=1226042 : @pierov https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41116 + - Fixed in tor-browser and patchin proces of uplift: https://bugzilla.mozilla.org/show_bug.cgi?id=1787790 +- https://bugzilla.mozilla.org/show_bug.cgi?id=1512851 : @dan https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41117 + - Made functionality dependent on MOZ_PROXY_BYPASS_PROTECTION, may uplift +- https://bugzilla.mozilla.org/show_bug.cgi?id=1714583 : @ma1 https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41118 + - Nothing to do here +- https://bugzilla.mozilla.org/show_bug.cgi?id=1721178 : @dan https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41119 + - Nothing to do here +- https://bugzilla.mozilla.org/show_bug.cgi?id=1723869 : @boklm https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41120 + - Nothing to do here +- https://bugzilla.mozilla.org/show_bug.cgi?id=516362 : @pierov https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41121 + - Tweaked this patch slightly to prevent Tor Browser from running with elevated privileges + +#### 93 (https://bugzilla.mozilla.org/buglist.cgi?query_format=advanced&resolutio... ) + +none!