This is an automated email from the git hooks/post-receive script. richard pushed a commit to branch main in repository tor-browser-spec. The following commit(s) were added to refs/heads/main by this push: new da46045 Bug 40030: FFF97 Audit da46045 is described below commit da46045536cc1c9bb0b144d2ced0a011697bca1d Author: Richard Pospesel <richard@torproject.org> AuthorDate: Tue Nov 1 21:23:31 2022 +0000 Bug 40030: FFF97 Audit --- audits/FF97_AUDIT | 84 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 84 insertions(+) diff --git a/audits/FF97_AUDIT b/audits/FF97_AUDIT new file mode 100644 index 0000000..5fa1bab --- /dev/null +++ b/audits/FF97_AUDIT @@ -0,0 +1,84 @@ +# General + +The audit begins at the commit hash where the previous audit ended. Use code_audit.sh for creating the diff and highlighting potentially problematic code. The audit is scoped to a specific language (currently C/C++, Rust, Java/Kotlin, and Javascript). + +The output includes the entire patch where the new problematic code was introduced. Search for `XXX MATCH XXX` to find the next potential violation. + +`code_audit.sh` contains the list of known problematic APIs. New usage of these functions are documented and analyzed in this audit. + +## Firefox: https://github.com/mozilla/gecko-dev.git + +- Start: `e6b83e1727b7e9a6847e6e15bdb935d9937099e4` ( `FIREFOX_RELEASE_97_BASE` ) +- End: `82764d45153d175f4686ead7aac977810fe1fd1b` ( `FIREFOX_RELEASE_98_BASE` ) + +### Languages: +- [x] java +- [x] cpp +- [x] js +- [x] rust + +Nothing of interest (using `code_audit.sh`) + +**OR** + +### foreach PROBLEMATIC_HASH: +#### $(PROBLEMATIC_HASH) +- Summary +- Review Result: (SAFE|BAD) + +--- + +## Application Services: https://github.com/mozilla/application-services.git + +- Start: `df53ad867be7d79899e05797533cd624f1eeb2a2` ( `v90.0.1` ) +- End: `17942945873cdb8be56a9316d3cb8a611b3ef321` ( `v91.1.0` ) + +### Languages: +- [x] java +- [x] cpp +- [x] js +- [x] rust + +Nothing of interest (using `code_audit.sh`) + +## Android Components: https://github.com/mozilla-mobile/android-components.git + +- Start: `604152ef532c33d8fc2412fd6d21cf29e9764c51` ( `v97.0.0` ) +- End: `0465a6f809adafd5429c230e890e7f4911f0070e` ( `v97.0.13` ) + +### Languages: +- [x] java +- [x] cpp +- [x] js +- [x] rust + +Nothing of interest (using `code_audit.sh`) + +## Fenix: https://github.com/mozilla-mobile/fenix.git + +- Start: `84d4a07c0067f7c51757b157c79658a891870d95` ( `v97.0.0-beta.1` ) +- End: `16042ab2a16a64c9c94c8c01ea93578062415ac5` ( `releases_v97.0.0` ) + +### Languages: +- [x] java +- [x] cpp +- [x] js +- [x] rust + +Nothing of interest (using `code_audit.sh`) + +## Ticket Review ## + +### Review List + +#### 97 https://bugzilla.mozilla.org/buglist.cgi?query_format=advanced&resolution=FI... + +- https://bugzilla.mozilla.org/show_bug.cgi?id=1741428 @richard https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41130 + - Upstream widl fix required, took mozilla's patch to headers in the meantime + - Created https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/40... to track upstream bug +- https://bugzilla.mozilla.org/show_bug.cgi?id=1738983 @pierov https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41131 + - Disabled updater and left ticket open to revisitin ESR115 +- https://bugzilla.mozilla.org/show_bug.cgi?id=1432983 @pierov https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41132 + - Nothing to do here +- https://bugzilla.mozilla.org/show_bug.cgi?id=1745092 @boklm https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41133 + - Nothing to do here -- To stop receiving notification emails like this one, please contact the administrator of this repository.