[tor-bugs] #33533 [Applications/Tor Browser]: Rebase Tor Browser esr68 patches on top of mozilla-central

Tor Bug Tracker & Wiki blackhole at torproject.org
Tue May 19 20:24:35 UTC 2020


#33533: Rebase Tor Browser esr68 patches on top of mozilla-central
--------------------------------------+--------------------------------
 Reporter:  acat                      |          Owner:  acat
     Type:  task                      |         Status:  needs_review
 Priority:  Medium                    |      Milestone:
Component:  Applications/Tor Browser  |        Version:
 Severity:  Normal                    |     Resolution:
 Keywords:  TorBrowserTeam202005R     |  Actual Points:  14
Parent ID:  #33661                    |         Points:
 Reviewer:  sysrqb, gk                |        Sponsor:  Sponsor58-must
--------------------------------------+--------------------------------

Comment (by acat):

 Replying to [comment:24 mcs]:
 > Kathy and I noticed today that there is a bug in the rebased #23247
 patch (5defe271e8919e77267883f8513cf095451fffd2) that causes the Page Info
 window's Security panel to not display all of its content. The root cause
 is that Mozilla removed `hostName` inside `_getSecurityInfo()` within
 browser/base/content/pageinfo/security.js. Here is a fixup patch:
 > {{{
 >      var isBroken = ui.state &
 Ci.nsIWebProgressListener.STATE_IS_BROKEN;
 >      var isMixed =
 >        ui.state &
 >        (Ci.nsIWebProgressListener.STATE_LOADED_MIXED_ACTIVE_CONTENT |
 >          Ci.nsIWebProgressListener.STATE_LOADED_MIXED_DISPLAY_CONTENT);
 >      var isEV = ui.state &
 Ci.nsIWebProgressListener.STATE_IDENTITY_EV_TOPLEVEL;
 >      var isOnion = false;
 > +    const hostName = this.windowInfo.hostName;
 >      if (hostName && hostName.endsWith(".onion")) {
 >        isOnion = true;
 >      }
 >
 >      let secInfo = await
 window.opener.gBrowser.selectedBrowser.browsingContext.currentWindowGlobal.getSecurityInfo();
 >      if (secInfo) {
 >        secInfo.QueryInterface(Ci.nsITransportSecurityInfo);
 >        let cert = secInfo.serverCert;
 > }}}
 Thanks, that's a nice catch. A simple eslint would have caught this one,
 but unfortunately did not check it this time :(

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/33533#comment:26>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list