[tor-commits] [translation/tbmanual-contentspot] https://gitweb.torproject.org/translation.git/commit/?h=tbmanual-contentspot

[translation]

commit bd97b9ddca4c7b9971ee6c995f14801ad2f2bb2d
Author: Translation commit bot 
Date:   Sat Sep 4 04:46:53 2021 +

https://gitweb.torproject.org/translation.git/commit/?h=tbmanual-contentspot
---
 contents+my.po | 14 --
 1 file changed, 8 insertions(+), 6 deletions(-)

diff --git a/contents+my.po b/contents+my.po
index f01ad9ef41..ce68da5536 100644
--- a/contents+my.po
+++ b/contents+my.po
@@ -2962,12 +2962,12 @@ msgstr "အောက်ခြေရှိ 
ညာဘက်ထောင့်တ
 #: https//tb-manual.torproject.org/mobile-tor/
 #: (content/mobile-tor/contents+en.lrtopic.body)
 msgid "4. Under the \"My Apps\" section, open Repositories."
-msgstr ""
+msgstr "4. \"My Apps\" အပိုင်းတွင် Repositories 
(သိုလှောင်ခန်းများ) ကို 
ဖွင့်ပါ။"
 
 #: https//tb-manual.torproject.org/mobile-tor/
 #: (content/mobile-tor/contents+en.lrtopic.body)
 msgid "5. Toggle \"Guardian Project Official Releases\" as enabled."
-msgstr ""
+msgstr "5. \"Guardian Project Official Releases\" ခလုတ်ကို 
ဖွင့်ထားပါ။"
 
 #: https//tb-manual.torproject.org/mobile-tor/
 #: (content/mobile-tor/contents+en.lrtopic.body)
@@ -2975,16 +2975,18 @@ msgid ""
 "6. Now F-Droid downloads the list of apps from the Guardian Project's "
 "repository (Note: this may take a few minutes)."
 msgstr ""
+"6. ထိုအခါ F-Droid သည် Guardian Project ၏ 
သိုလှောင်ခန်းမှ အက်ပ်စ
ာရင်းကို "
+"ဒေါင်းလုဒ်လုပ်ပါမည် 
(သတိပြုရန် - ပြီးစီးရန် မိနစ
်အနည်းငယ် ကြာနိုင်ပါသည်)။"
 
 #: https//tb-manual.torproject.org/mobile-tor/
 #: (content/mobile-tor/contents+en.lrtopic.body)
 msgid "7. Tap the Back button at the upper-left-hand corner."
-msgstr ""
+msgstr "7. အပေါ် ဘယ်ဘက်ထောင့်ရှိ Back 
(နောက်သို့) ခလုတ်ကို တစ
်ချက်နှိပ်ပါ။"
 
 #: https//tb-manual.torproject.org/mobile-tor/
 #: (content/mobile-tor/contents+en.lrtopic.body)
 msgid "8. Open \"Latest\" at the lower-left-hand corner."
-msgstr ""
+msgstr "8. အောက်ခြေ 
ဘယ်ဘက်ထောင့်ရှိ 
\"နောက်ဆုံးထွက်\" ကို ဖွင့်ပါ။"
 
 #: https//tb-manual.torproject.org/mobile-tor/
 #: (content/mobile-tor/contents+en.lrtopic.body)
@@ -2996,7 +2998,7 @@ msgstr ""
 #: https//tb-manual.torproject.org/mobile-tor/
 #: (content/mobile-tor/contents+en.lrtopic.body)
 msgid "11. Search for \"Tor Browser for Android\"."
-msgstr ""
+msgstr "11. \"Tor Browser for Android\" ကို ရှာပါ။"
 
 #: https//tb-manual.torproject.org/mobile-tor/
 #: (content/mobile-tor/contents+en.lrtopic.body)
@@ -3006,7 +3008,7 @@ msgstr ""
 #: https//tb-manual.torproject.org/mobile-tor/
 #: (content/mobile-tor/contents+en.lrtopic.body)
 msgid " The Tor Project website"
-msgstr ""
+msgstr " The Tor Project ဝဘ်ဆိုက်"
 
 #: https//tb-manual.torproject.org/mobile-tor/
 #: (content/mobile-tor/contents+en.lrtopic.body)

___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [translation/tbmanual-contentspot] https://gitweb.torproject.org/translation.git/commit/?h=tbmanual-contentspot

[translation]

commit 983602d9bf92aedf56b38d99a18dd25067b761c0
Author: Translation commit bot 
Date:   Sat Sep 4 04:16:45 2021 +

https://gitweb.torproject.org/translation.git/commit/?h=tbmanual-contentspot
---
 contents+my.po | 26 +-
 1 file changed, 21 insertions(+), 5 deletions(-)

diff --git a/contents+my.po b/contents+my.po
index 4225eb632c..f01ad9ef41 100644
--- a/contents+my.po
+++ b/contents+my.po
@@ -2855,6 +2855,8 @@ msgstr ""
 msgid ""
 "It is like the desktop Tor Browser, but for your Android mobile device."
 msgstr ""
+"၎င်းသည် ကွန်ပျုတာသုံး Tor 
ဘရောက်ဇာနှင့် ဆင်တူပြီး 
သင့် Android "
+"မိုဘိုင်းစက်ပစ္စည်းတွင် 
သုံးရန် ဖြစ်သည်။"
 
 #: https//tb-manual.torproject.org/mobile-tor/
 #: (content/mobile-tor/contents+en.lrtopic.body)
@@ -2867,13 +2869,14 @@ msgstr ""
 #: https//tb-manual.torproject.org/mobile-tor/
 #: (content/mobile-tor/contents+en.lrtopic.body)
 msgid "### DOWNLOADING AND INSTALLATION"
-msgstr ""
+msgstr "### 
ဒေါင်းလုဒ်လုပ်ခြင်းနှင့် 
တပ်ဆင်ခြင်း"
 
 #: https//tb-manual.torproject.org/mobile-tor/
 #: (content/mobile-tor/contents+en.lrtopic.body)
 msgid ""
 "There exists Tor Browser for Android and Tor Browser for Android (alpha)."
 msgstr ""
+"Tor Browser for Android နှင့် Tor Browser for Android (alpha) 
ဟူ၍ ရှိသည်။"
 
 #: https//tb-manual.torproject.org/mobile-tor/
 #: (content/mobile-tor/contents+en.lrtopic.body)
@@ -2881,6 +2884,8 @@ msgid ""
 "Non-technical users should get Tor Browser for Android, as this is stable "
 "and less prone to errors."
 msgstr ""
+"Tor Browser for Android သည် တည်ငြိမ်ပြီး 
ချွတ်ယွင်းချက် ဖြစ
်ပေါ်ခြင်း "
+"ပိုနည်းသောကြောင့် 
နည်းပညာမကျွမ်းကျင်သော 
အသုံးပြုသူများ ရယူသုံးစ
ွဲသင့်သည်။"
 
 #: https//tb-manual.torproject.org/mobile-tor/
 #: (content/mobile-tor/contents+en.lrtopic.body)
@@ -2888,17 +2893,21 @@ msgid ""
 "Tor Browser for Android is available on Play Store, F-Droid and the Tor "
 "Project website."
 msgstr ""
+"Tor Browser for Android ကို Play Store၊ F-Droid နှင့် Tor 
Project "
+"ဝဘ်ဆိုက်တွင် ရရှိနိုင်သည်။"
 
 #: https//tb-manual.torproject.org/mobile-tor/
 #: (content/mobile-tor/contents+en.lrtopic.body)
 msgid ""
 "It is very risky to download Tor Browser outside of these three platforms."
 msgstr ""
+"Tor ဘရောက်ဇာကို 
ဤပလက်ဖောင်းသုံးခုမှ မဟုတ်ဘဲ 
အခြားနေရာမှ "
+"ဒေါင်းလုဒ်လုပ်ခြင်းသည် 
အလွန်အန္တရာယ်များသည်။"
 
 #: https//tb-manual.torproject.org/mobile-tor/
 #: (content/mobile-tor/contents+en.lrtopic.body)
 msgid " Google Play"
-msgstr ""
+msgstr " Google Play"
 
 #: https//tb-manual.torproject.org/mobile-tor/
 #: (content/mobile-tor/contents+en.lrtopic.body)
@@ -2906,11 +2915,14 @@ msgid ""
 "You can install Tor Browser for Android from [Google Play "
 
"Store](https://play.google.com/store/apps/details?id=org.torproject.torbrowser)."
 msgstr ""
+"သင်သည် Tor Browser for Android ကို [Google Play "
+"Store](https://play.google.com/store/apps/details?id=org.torproject.torbrowser)"
+" မှ ရယူတပ်ဆင်နိုင်သည်။"
 
 #: https//tb-manual.torproject.org/mobile-tor/
 #: (content/mobile-tor/contents+en.lrtopic.body)
 msgid " F-Droid"
-msgstr ""
+msgstr " F-Droid"
 
 #: https//tb-manual.torproject.org/mobile-tor/
 #: (content/mobile-tor/contents+en.lrtopic.body)
@@ -2925,6 +2937,8 @@ msgid ""
 "If you would prefer installing the app from F-Droid, please follow these "
 "steps:"
 msgstr ""
+"သင်သည် အက်ပ်ကို F-Droid မှ 
ရယူတပ်ဆင်လိုပါက ကျေးဇူးပြု၍ 
အောက်ပါအဆင့်များကို "
+"လိုက်နာပါ -"
 
 #: https//tb-manual.torproject.org/mobile-tor/
 #: (content/mobile-tor/contents+en.lrtopic.body)
@@ -2932,16 +2946,18 @@ msgid ""
 "1. Install the F-Droid app on your Android device from [the F-Droid "
 "website.](https://f-droid.org/)"
 msgstr ""
+"1. F-Droid အက်ပ်ကို [F-Droid 
ဝဘ်ဆိုက်](https://f-droid.org/) မှ ရယူပြီး 
သင်၏"
+" Android စက်ပစ္စည်းပေါ်တွင် 
တပ်ဆင်ပါ။ "
 
 #: https//tb-manual.torproject.org/mobile-tor/
 #: (content/mobile-tor/contents+en.lrtopic.body)
 msgid "2. After installing 

[tor-commits] [translation/tbmanual-contentspot] https://gitweb.torproject.org/translation.git/commit/?h=tbmanual-contentspot

[translation]

commit 760c42b0e8d45819a39a80bc42b159e29e6c2752
Author: Translation commit bot 
Date:   Sat Sep 4 03:47:04 2021 +

https://gitweb.torproject.org/translation.git/commit/?h=tbmanual-contentspot
---
 contents+my.po | 56 ++--
 1 file changed, 42 insertions(+), 14 deletions(-)

diff --git a/contents+my.po b/contents+my.po
index b198b1b513..4225eb632c 100644
--- a/contents+my.po
+++ b/contents+my.po
@@ -2632,11 +2632,15 @@ msgid ""
 "`~/Library/Application Support/` folder, but in the same folder where you "
 "installed Tor Browser."
 msgstr ""
+"သင်သည် ပုံသေ တည်နေရာ (Applications 
ဖိုင်တွဲ) တွင် Tor ဘရောက်ဇာကို "
+"မထည့်သွင်းခဲ့ပါက TorBrowser-Data 
ဖိုင်တွဲသည် `~/Library/Application "
+"Support/` ဖိုင်တွဲတွင် 
မရှိကြောင်း သတိပြုပါ။ 
၎င်းသည် သင် Tor ဘရောက်ဇာ "
+"တပ်ဆင်ခဲ့သည့် 
ဖိုင်တွဲထဲတွင် ရှိပါသည်။"
 
 #: https//tb-manual.torproject.org/uninstalling/
 #: (content/uninstalling/contents+en.lrtopic.body)
 msgid "On Linux:"
-msgstr ""
+msgstr "*Linux တွင် -"
 
 #: https//tb-manual.torproject.org/uninstalling/
 #: (content/uninstalling/contents+en.lrtopic.body)
@@ -2645,11 +2649,14 @@ msgid ""
 "however the folder will be named \"tor-browser_en-US\" if you are running "
 "the English Tor Browser."
 msgstr ""
+"*သင်၏ Tor ဘရောက်ဇာ ဖိုင်တွဲ 
တည်နေရာရှာပါ။ Linux တွင် 
နဂိုမူလ တည်နေရာ မရှိပါ။"
+" သို့သော် သင်သည် 
အင်္ဂလိပ်ဘာသာစကားသုံး Tor 
ဘရောက်ဇာကို လည်ပတ်နေလျှင် "
+"ထိုဖိုင်တွဲကို \"tor-browser_en-US\" ဟု 
အမည်ပေးထားပါမည်။"
 
 #: https//tb-manual.torproject.org/uninstalling/
 #: (content/uninstalling/contents+en.lrtopic.body)
 msgid "* Delete the Tor Browser folder."
-msgstr ""
+msgstr "*Tor ဘရောက်ဇာကို ဖျက်ပါ။"
 
 #: https//tb-manual.torproject.org/uninstalling/
 #: (content/uninstalling/contents+en.lrtopic.body)
@@ -2657,17 +2664,21 @@ msgid ""
 "Note that your operating system’s standard \"Uninstall\" utility is not "
 "used."
 msgstr ""
+"သင့်ကွန်ပျူတာလည်ပတ်မှု စနစ
်၏ ပုံမှန် \"ဖယ်ထုတ်ရန်\" 
လုပ်ဆောင်ချက်ကို "
+"အသုံးမပြုကြောင်း သတိပြုပါ။"
 
 #: https//tb-manual.torproject.org/known-issues/
 #: (content/known-issues/contents+en.lrtopic.title)
 msgid "KNOWN ISSUES"
-msgstr ""
+msgstr "သိထားပြီးသော ပြဿနာများ"
 
 #: https//tb-manual.torproject.org/known-issues/
 #: (content/known-issues/contents+en.lrtopic.body)
 msgid ""
 "* Tor needs your system clock (and your time zone) set to the correct time."
 msgstr ""
+"*Tor အသုံးပြုပါက သင့်စနစ်နာရီ 
(နှင့် သင်၏ ဒေသစံတော်ချိန်) 
ကို မှန်ကန်သော "
+"အချိန် သတ်မှတ်ထားရန် 
လိုအပ်သည်။"
 
 #: https//tb-manual.torproject.org/known-issues/
 #: (content/known-issues/contents+en.lrtopic.body)
@@ -2689,6 +2700,9 @@ msgid ""
 "You can read more about this on our [Support "
 "Portal](https://support.torproject.org/tbb/tbb-10/)."
 msgstr ""
+"ဤအကြောင်းကို ကျွန်ုပ်တို့၏ 
[အကူအညီ "
+"ပေါ်တယ်](https://support.torproject.org/tbb/tbb-10/) 
တွင် "
+"ပိုမိုဖတ်ရှုနိုင်ပါသည်။"
 
 #: https//tb-manual.torproject.org/known-issues/
 #: (content/known-issues/contents+en.lrtopic.body)
@@ -2696,36 +2710,40 @@ msgid ""
 "The following antivirus and firewall software have been known to interfere "
 "with Tor and may need to be temporarily disabled:"
 msgstr ""
+"အောက်ပါ ဗိုင်းရပ်စ
်တန်ပြန်ခြင်းနှင့် 
ကာကွယ်ပေးသောစနစ် 
ဆော့ဝဲများသည် Tor ကို "
+"နှောင့်ယှက်တတ်ကြောင်း 
သိရသဖြင့် ၎င်းတို့ကို ယာယီ 
ပယ်ဖျက်ထားရန် "
+"လိုအပ်နိုင်ပါသည် -"
 
 #: https//tb-manual.torproject.org/known-issues/
 #: (content/known-issues/contents+en.lrtopic.body)
 msgid "* Webroot SecureAnywhere"
-msgstr ""
+msgstr "* Webroot SecureAnywhere"
 
 #: 

[tor-commits] [translation/communitytpo-contentspot] https://gitweb.torproject.org/translation.git/commit/?h=communitytpo-contentspot

[translation]

commit 46c87c37e59f2f8e072505bcba3ec97ec4907fd8
Author: Translation commit bot 
Date:   Sat Sep 4 03:45:19 2021 +


https://gitweb.torproject.org/translation.git/commit/?h=communitytpo-contentspot
---
 contents+my.po | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/contents+my.po b/contents+my.po
index d03a5c5fa0..53065db589 100644
--- a/contents+my.po
+++ b/contents+my.po
@@ -450,7 +450,7 @@ msgstr ""
 #: https//community.torproject.org/user-research/open/
 #: (content/user-research/open/contents+en.lrpage.body)
 msgid "### Tor Browser for Android"
-msgstr ""
+msgstr "### Tor Browser for Android"
 
 #: https//community.torproject.org/user-research/open/
 #: (content/user-research/open/contents+en.lrpage.body)

___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [translation/support-portal] https://gitweb.torproject.org/translation.git/commit/?h=support-portal

[translation]

commit dcdaeff429c3b35e96b1c0104d63e5106e67228a
Author: Translation commit bot 
Date:   Sat Sep 4 03:17:42 2021 +

https://gitweb.torproject.org/translation.git/commit/?h=support-portal
---
 contents+my.po | 5 -
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/contents+my.po b/contents+my.po
index 0237e9f249..de1d510158 100644
--- a/contents+my.po
+++ b/contents+my.po
@@ -5685,7 +5685,7 @@ msgstr ""
 #: https//support.torproject.org/tbb/tbb-editing-torrc/
 #: (content/tbb/tbb-editing-torrc/contents+en.lrquestion.description)
 msgid "On macOS:"
-msgstr ""
+msgstr "macOS တွင် -"
 
 #: https//support.torproject.org/tbb/tbb-editing-torrc/
 #: (content/tbb/tbb-editing-torrc/contents+en.lrquestion.description)
@@ -5700,6 +5700,9 @@ msgid ""
 "* Note the Library folder is hidden on newer versions of macOS. To navigate "
 "to this folder in Finder, select \"Go to Folder...\" in the \"Go\" menu."
 msgstr ""
+"macOS ၏ ပိုသစ်သော 
ဗားရှင်းများတွင် Library 
ဖိုင်တွဲကို ဝှက်ထားကြောင်း "
+"သတိပြုပါ။ ဤဖိုင်တွဲသို့ Finder 
မှတစ်ဆင့် သွားရန် \"Go\" 
မီနူးရှိ \"Go to "
+"Folder...\" ကို ရွေးချယ်ပါ။"
 
 #: https//support.torproject.org/tbb/tbb-editing-torrc/
 #: (content/tbb/tbb-editing-torrc/contents+en.lrquestion.description)

___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [translation/tbmanual-contentspot] https://gitweb.torproject.org/translation.git/commit/?h=tbmanual-contentspot

[translation]

commit 659f4dbdeb80552db875c3918c02bed0277af1b7
Author: Translation commit bot 
Date:   Sat Sep 4 03:16:46 2021 +

https://gitweb.torproject.org/translation.git/commit/?h=tbmanual-contentspot
---
 contents+my.po | 56 
 1 file changed, 44 insertions(+), 12 deletions(-)

diff --git a/contents+my.po b/contents+my.po
index b9cad1c268..b198b1b513 100644
--- a/contents+my.po
+++ b/contents+my.po
@@ -1498,6 +1498,9 @@ msgid ""
 "so you do not need to worry about [connecting over HTTPS](/secure-"
 "connections)."
 msgstr ""
+"*Tor သုံးစွဲသူများနှင့် onion 
ဝန်ဆောင်မှုများအကြား 
အသွားအလာများကို "
+"အဆုံးမှအဆုံးသို့ 
ကုဒ်ဖြင့်ပြောင်းလဲထားသောကြောင့်
 [HTTPS ဖြင့် "
+"ချိတ်ဆက်ခြင်း](/my/secure-connections) 
အတွက် စိတ်ပူရန် မလိုအပ်ပါ။"
 
 #: https//tb-manual.torproject.org/onion-services/
 #: (content/onion-services/contents+en.lrtopic.body)
@@ -1507,6 +1510,10 @@ msgid ""
 "Tor ensure that it is connecting to the right location and that the "
 "connection is not being tampered with."
 msgstr ""
+"*onion ဝန်ဆောင်မှုတစ်ခု၏ လိပ်စ
ာကို အလိုအလျောက် 
ထုတ်လုပ်သောကြောင့် "
+"ကိုင်တွယ်သူများသည် 
ဒိုမိန်းအမည် ဝယ်ယူရန် 
မလိုအပ်ပါ။ .onion URL ကို "
+"ကြည့်ခြင်းဖြင့် Tor သည် 
မှန်ကန်သော တည်နေရာသို့ 
ချိတ်ဆက်နေပြီး 
ချိတ်ဆက်မှုကို"
+" 
ကြားဖြတ်နှောင့်ယှက်နေခြင်းမရှိကြောင်း
 သေချာစေသည်။"
 
 #: https//tb-manual.torproject.org/onion-services/
 #: (content/onion-services/contents+en.lrtopic.body)
@@ -2373,7 +2380,7 @@ msgstr ""
 #: https//tb-manual.torproject.org/troubleshooting/
 #: (content/troubleshooting/contents+en.lrtopic.body)
 msgid "### IS YOUR CONNECTION CENSORED?"
-msgstr ""
+msgstr "### သင့်ချိတ်ဆက်မှုကို 
ဆင်ဆာဖြတ်ထားသလား။"
 
 #: https//tb-manual.torproject.org/troubleshooting/
 #: (content/troubleshooting/contents+en.lrtopic.body)
@@ -2381,19 +2388,23 @@ msgid ""
 "If you still can’t connect, your Internet Service Provider might be "
 "censoring connections to the Tor network."
 msgstr ""
+"သင်သည် ချိတ်ဆက်၍ မရသေးပါက 
သင်၏ အင်တာနက် ဝန်ဆောင်မှု 
ပံ့ပိုးသူက Tor "
+"ကွန်ရက်သို့ 
ချိတ်ဆက်မှုများကို 
ဆင်ဆာဖြတ်နေခြင်း ဖြစ
်နိုင်သည်။"
 
 #: https//tb-manual.torproject.org/troubleshooting/
 #: (content/troubleshooting/contents+en.lrtopic.body)
 msgid ""
 "Read the [Circumvention](/circumvention) section for possible solutions."
 msgstr ""
+"ဖြစ်နိုင်ခြေရှိသော 
ဖြေရှင်းနည်းများအတွက် "
+"[ဆင်ဆာကျော်ဖြတ်ခြင်း](/circumvention) 
အပိုင်းကို ဖတ်ပါ။"
 
 #: https//tb-manual.torproject.org/troubleshooting/
 #: (content/troubleshooting/contents+en.lrtopic.body)
 #: https//tb-manual.torproject.org/mobile-tor/
 #: (content/mobile-tor/contents+en.lrtopic.body)
 msgid "### KNOWN ISSUES"
-msgstr ""
+msgstr "### သိထားပြီးသော ပြဿနာများ"
 
 #: https//tb-manual.torproject.org/troubleshooting/
 #: (content/troubleshooting/contents+en.lrtopic.body)
@@ -2401,6 +2412,8 @@ msgid ""
 "Tor Browser is under constant development, and some issues are known about "
 "but not yet fixed."
 msgstr ""
+"Tor ဘရောက်ဇာကို စဉ်ဆက်မပြတ် 
တိုးတက်ကောင်းမွန်အောင် 
ပြုလုပ်နေသောကြောင့် "
+"အချို့ပြဿနာများကို 
သိထားပြီးဖြစ်သော်လည်း 
မပြုပြင်ရသေးဘဲ 
ရှိနိုင်ပါသည်။"
 
 #: https//tb-manual.torproject.org/troubleshooting/
 #: (content/troubleshooting/contents+en.lrtopic.body)
@@ -2408,6 +2421,8 @@ msgid ""
 "Please check the [Known Issues](/known-issues) page to see if the problem "
 "you are experiencing is already listed there."
 msgstr ""
+"သင်ကြုံတွေ့နေရသော ပြဿနာကို 
[သိထားပြီးသော 

[tor-commits] [tor-browser/tor-browser-78.14.0esr-10.5-1] Bug 1719146 - Use size_t in breakpad's Linux exception handler. r=gsvelto

[sysrqb]

commit 2876765509423fd9499567bc920e102ceeb07279
Author: Emilio Cobos Álvarez 
Date:   Mon Jul 5 11:59:34 2021 +

Bug 1719146 - Use size_t in breakpad's Linux exception handler. r=gsvelto

Differential Revision: https://phabricator.services.mozilla.com/D119083
---
 .../crashreporter/breakpad-client/linux/handler/exception_handler.cc| 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git 
a/toolkit/crashreporter/breakpad-client/linux/handler/exception_handler.cc 
b/toolkit/crashreporter/breakpad-client/linux/handler/exception_handler.cc
index c8509c2d5363..1365935ba51c 100644
--- a/toolkit/crashreporter/breakpad-client/linux/handler/exception_handler.cc
+++ b/toolkit/crashreporter/breakpad-client/linux/handler/exception_handler.cc
@@ -145,7 +145,7 @@ void InstallAlternateStackLocked() {
   // SIGSTKSZ may be too small to prevent the signal handlers from overrunning
   // the alternative stack. Ensure that the size of the alternative stack is
   // large enough.
-  static const unsigned kSigStackSize = std::max(16384, SIGSTKSZ);
+  static const size_t kSigStackSize = std::max(size_t(16384), 
size_t(SIGSTKSZ));
 
   // Only set an alternative stack if there isn't already one, or if the 
current
   // one is too small.

___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor-browser/tor-browser-78.14.0esr-10.5-1] Bug 1715254 - Deny clone3 to force glibc fallback r=gcp

[sysrqb]

commit 1a70a6ac8a91cab14404db34bcfcf343346fbfb9
Author: Alexandre Lissy 
Date:   Wed Jun 9 13:45:28 2021 +

Bug 1715254 - Deny clone3 to force glibc fallback r=gcp

Differential Revision: https://phabricator.services.mozilla.com/D117297
---
 security/sandbox/linux/SandboxFilter.cpp | 6 ++
 1 file changed, 6 insertions(+)

diff --git a/security/sandbox/linux/SandboxFilter.cpp 
b/security/sandbox/linux/SandboxFilter.cpp
index b60902e841e4..4ee50a23d461 100644
--- a/security/sandbox/linux/SandboxFilter.cpp
+++ b/security/sandbox/linux/SandboxFilter.cpp
@@ -633,6 +633,9 @@ class SandboxPolicyCommon : public SandboxPolicyBase {
   case __NR_clone:
 return ClonePolicy(InvalidSyscall());
 
+  case __NR_clone3:
+return Error(ENOSYS);
+
 // More thread creation.
 #ifdef __NR_set_robust_list
   case __NR_set_robust_list:
@@ -1311,6 +1314,9 @@ class ContentSandboxPolicy : public SandboxPolicyCommon {
   case __NR_clone:
 return ClonePolicy(Error(EPERM));
 
+  case __NR_clone3:
+return Error(ENOSYS);
+
 #  ifdef __NR_fadvise64
   case __NR_fadvise64:
 return Allow();



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor-browser/tor-browser-78.14.0esr-10.5-1] Bug 40416: Add v2 Onion deprecation warnings

[sysrqb]

commit bce42cd48208e2e85c803b0fc316c47228ade5f2
Author: Richard Pospesel 
Date:   Fri May 21 22:18:23 2021 +0200

Bug 40416: Add v2 Onion deprecation warnings

- adds new v2 deprecated warning page (js and styling) that piggy-backs
  off of the existing added onion service errors
- updates identity-icon to onionWarning.svg when visiting a v2 onion site 
adds
  warning tooltip; this warning supersedes all other identity states 
(including
  mixed-content error)
- we determine whether to show the warning page in nsDocShell::DoURILoad()
- a new synchonous IPC method is added to ContentChild/ContentParent to 
determine
  if the session has loaded the warning page already; worst case scenario, 
each
  child process will need to wait on this method to return only once when 
visiting
  a v2 onion; nothing is permanently cached with regards to this change
- an exception for the new sync method is added to sync-messages.ini 
(generally,
  in practice adding new blocking methods is probably bad, but the minimial
  overhead and frequency this method is called is worth the simpler code)
---
 browser/base/content/aboutNetError.xhtml   |  3 ++
 browser/base/content/browser-siteIdentity.js   | 12 +
 browser/base/jar.mn|  2 +-
 .../content/netError/onionNetError.js  |  6 +++
 .../content/netError/v2Deprecated.css  | 25 +
 .../onionservices/content/netError/v2Deprecated.js | 50 ++
 browser/components/onionservices/jar.mn|  8 ++-
 browser/modules/TorStrings.jsm |  8 +++
 .../shared/identity-block/identity-block.inc.css   |  3 +-
 browser/themes/shared/onionPattern.inc.xhtml   |  4 +-
 docshell/base/nsDocShell.cpp   | 61 ++
 dom/ipc/ContentParent.cpp  | 11 
 dom/ipc/ContentParent.h|  2 +
 dom/ipc/PContent.ipdl  |  3 ++
 ipc/ipdl/sync-messages.ini |  3 ++
 js/xpconnect/src/xpc.msg   |  1 +
 xpcom/base/ErrorList.py|  2 +
 17 files changed, 200 insertions(+), 4 deletions(-)

diff --git a/browser/base/content/aboutNetError.xhtml 
b/browser/base/content/aboutNetError.xhtml
index 957b6f15a0be..4572eb2024f1 100644
--- a/browser/base/content/aboutNetError.xhtml
+++ b/browser/base/content/aboutNetError.xhtml
@@ -207,7 +207,10 @@
 
   
 
+
+#include ../../themes/shared/onionPattern.inc.xhtml
   
+  
   
   
 
diff --git a/browser/base/content/browser-siteIdentity.js 
b/browser/base/content/browser-siteIdentity.js
index 2a3431172886..27fee74cba5b 100644
--- a/browser/base/content/browser-siteIdentity.js
+++ b/browser/base/content/browser-siteIdentity.js
@@ -135,6 +135,15 @@ var gIdentityHandler = {
 return this._uriHasHost ? this._uri.host.toLowerCase().endsWith(".onion") 
: false;
   },
 
+  get _uriIsDeprecatedOnionHost() {
+const hostIsV2Onion = function(host) {
+  // matches on v2 onion domains with any number of subdomains
+  const pattern = /^(.*\.)*[a-z2-7]{16}\.onion/i;
+  return pattern.test(host);
+};
+
+return this._uriHasHost ? hostIsV2Onion(this._uri.host) : false;
+  },
   // smart getters
   get _identityPopup() {
 delete this._identityPopup;
@@ -685,6 +694,9 @@ var gIdentityHandler = {
 "identity.extension.label",
 [extensionName]
   );
+} else if (this._uriIsDeprecatedOnionHost) {
+  this._identityBox.className = "onionServiceDeprecated";
+  tooltip = TorStrings.onionServices.v2Deprecated.tooltip;
 } else if (this._uriHasHost && this._isSecureConnection && this._secInfo) {
   // This is a secure connection.
   // _isSecureConnection implicitly includes onion services, which may not 
have an SSL certificate
diff --git a/browser/base/jar.mn b/browser/base/jar.mn
index df65349796b5..21b07ad9511b 100644
--- a/browser/base/jar.mn
+++ b/browser/base/jar.mn
@@ -22,7 +22,7 @@ browser.jar:
 content/browser/logos/send.svg(content/logos/send.svg)
 content/browser/logos/tracking-protection.svg 
(content/logos/tracking-protection.svg)
 content/browser/logos/tracking-protection-dark-theme.svg 
(content/logos/tracking-protection-dark-theme.svg)
-content/browser/aboutNetError.xhtml
(content/aboutNetError.xhtml)
+*   content/browser/aboutNetError.xhtml
(content/aboutNetError.xhtml)
 content/browser/aboutNetError.js   
(content/aboutNetError.js)
 content/browser/aboutRobots-icon.png  
(content/aboutRobots-icon.png)
 content/browser/aboutFrameCrashed.html
(content/aboutFrameCrashed.html)
diff --git a/browser/components/onionservices/content/netError/onionNetError.js 
b/browser/components/onionservices/content/netError/onionNetError.js

[tor-commits] [tor-browser/tor-browser-78.14.0esr-10.5-1] Bug 40091: Load HTTPS Everywhere as a builtin addon in desktop

[sysrqb]

commit 08113a40ac42d0f446f1a671dcade8ed97b784db
Author: Alex Catarineu 
Date:   Fri Sep 4 12:34:35 2020 +0200

Bug 40091: Load HTTPS Everywhere as a builtin addon in desktop

This loads HTTPS Everywhere as a builtin addon from a hardcoded
resource:// URI in desktop. It also ensures that the non-builtin
HTTPS Everywhere addon is always uninstalled on browser startup.

The reason of making this desktop-only is that there are some issues
when installing a builtin extension from geckoview side, making
the extension not available on first startup. So, at least for
now we handle the Fenix case separately. See #40118 for a followup
for investigating these.
---
 browser/components/BrowserGlue.jsm | 37 ++
 toolkit/components/extensions/Extension.jsm| 14 ++--
 .../mozapps/extensions/internal/XPIProvider.jsm| 13 
 3 files changed, 61 insertions(+), 3 deletions(-)

diff --git a/browser/components/BrowserGlue.jsm 
b/browser/components/BrowserGlue.jsm
index ec38d0ca8b33..057a2121533c 100644
--- a/browser/components/BrowserGlue.jsm
+++ b/browser/components/BrowserGlue.jsm
@@ -56,6 +56,13 @@ XPCOMUtils.defineLazyServiceGetter(
   "nsIPushService"
 );
 
+XPCOMUtils.defineLazyServiceGetters(this, {
+  resProto: [
+"@mozilla.org/network/protocol;1?name=resource",
+"nsISubstitutingProtocolHandler",
+  ],
+});
+
 const PREF_PDFJS_ISDEFAULT_CACHE_STATE = "pdfjs.enabledCache.state";
 
 /**
@@ -675,6 +682,7 @@ XPCOMUtils.defineLazyModuleGetters(this, {
 "resource://gre/modules/ContextualIdentityService.jsm",
   Corroborate: "resource://gre/modules/Corroborate.jsm",
   Discovery: "resource:///modules/Discovery.jsm",
+  ExtensionData: "resource://gre/modules/Extension.jsm",
   ExtensionsUI: "resource:///modules/ExtensionsUI.jsm",
   FirefoxMonitor: "resource:///modules/FirefoxMonitor.jsm",
   FxAccounts: "resource://gre/modules/FxAccounts.jsm",
@@ -1330,6 +1338,35 @@ BrowserGlue.prototype = {
   "resource:///modules/themes/dark/"
 );
 
+// Install https-everywhere builtin addon if needed.
+(async () => {
+  const HTTPS_EVERYWHERE_ID = "https-everywhere-...@eff.org";
+  const HTTPS_EVERYWHERE_BUILTIN_URL =
+"resource://torbutton/content/extensions/https-everywhere/";
+  // This does something similar as GeckoViewWebExtension.jsm: it tries
+  // to load the manifest to retrieve the version of the builtin and
+  // compares it to the currently installed one to see whether we need
+  // to install or not. Here we delegate that to
+  // AddonManager.maybeInstallBuiltinAddon.
+  try {
+const resolvedURI = Services.io.newURI(
+  resProto.resolveURI(Services.io.newURI(HTTPS_EVERYWHERE_BUILTIN_URL))
+);
+const extensionData = new ExtensionData(resolvedURI);
+const manifest = await extensionData.loadManifest();
+
+await AddonManager.maybeInstallBuiltinAddon(
+  HTTPS_EVERYWHERE_ID,
+  manifest.version,
+  HTTPS_EVERYWHERE_BUILTIN_URL
+);
+  } catch (e) {
+const log = Log.repository.getLogger("HttpsEverywhereBuiltinLoader");
+log.addAppender(new Log.ConsoleAppender(new Log.BasicFormatter()));
+log.error("Could not install https-everywhere extension", e);
+  }
+})();
+
 if (AppConstants.MOZ_NORMANDY) {
   Normandy.init();
 }
diff --git a/toolkit/components/extensions/Extension.jsm 
b/toolkit/components/extensions/Extension.jsm
index 876e636be3db..7dbd888b1710 100644
--- a/toolkit/components/extensions/Extension.jsm
+++ b/toolkit/components/extensions/Extension.jsm
@@ -211,6 +211,7 @@ const LOGGER_ID_BASE = "addons.webextension.";
 const UUID_MAP_PREF = "extensions.webextensions.uuids";
 const LEAVE_STORAGE_PREF = "extensions.webextensions.keepStorageOnUninstall";
 const LEAVE_UUID_PREF = "extensions.webextensions.keepUuidOnUninstall";
+const PERSISTENT_EXTENSIONS = new Set(["https-everywhere-...@eff.org"]);
 
 const COMMENT_REGEXP = new RegExp(
   String.raw`
@@ -331,7 +332,10 @@ var ExtensionAddonObserver = {
   return;
 }
 
-if (!Services.prefs.getBoolPref(LEAVE_STORAGE_PREF, false)) {
+if (
+  !Services.prefs.getBoolPref(LEAVE_STORAGE_PREF, false) &&
+  !PERSISTENT_EXTENSIONS.has(addon.id)
+) {
   // Clear browser.storage.local backends.
   AsyncShutdown.profileChangeTeardown.addBlocker(
 `Clear Extension Storage ${addon.id} (File Backend)`,
@@ -384,7 +388,10 @@ var ExtensionAddonObserver = {
 
 ExtensionPermissions.removeAll(addon.id);
 
-if (!Services.prefs.getBoolPref(LEAVE_UUID_PREF, false)) {
+if (
+  !Services.prefs.getBoolPref(LEAVE_UUID_PREF, false) &&
+  !PERSISTENT_EXTENSIONS.has(addon.id)
+) {
   // Clear the entry in the UUID map
   UUIDMap.remove(addon.id);
 }
@@ -2474,7 +2481,8 @@ class Extension extends ExtensionData {
   );
 } else if 

[tor-commits] [tor-browser/tor-browser-78.14.0esr-10.5-1] Bug 40002: Remove about:pioneer

[sysrqb]

commit 1be8d89828e6fc51160f474d21364caab2d8556a
Author: Kathy Brade 
Date:   Fri Aug 14 09:06:33 2020 -0400

Bug 40002: Remove about:pioneer

Firefox Pioneer is an opt-in program in which people volunteer to
participate in studies that collect detailed, sensitive data about
how they use their browser.
---
 browser/components/about/AboutRedirector.cpp | 2 --
 browser/components/about/components.conf | 1 -
 2 files changed, 3 deletions(-)

diff --git a/browser/components/about/AboutRedirector.cpp 
b/browser/components/about/AboutRedirector.cpp
index 544e21782729..e7c377d655e7 100644
--- a/browser/components/about/AboutRedirector.cpp
+++ b/browser/components/about/AboutRedirector.cpp
@@ -114,8 +114,6 @@ static const RedirEntry kRedirMap[] = {
  nsIAboutModule::URI_MUST_LOAD_IN_CHILD |
  nsIAboutModule::URI_SAFE_FOR_UNTRUSTED_CONTENT |
  nsIAboutModule::ALLOW_SCRIPT | nsIAboutModule::HIDE_FROM_ABOUTABOUT},
-{"pioneer", "chrome://browser/content/pioneer.html",
- nsIAboutModule::ALLOW_SCRIPT | nsIAboutModule::HIDE_FROM_ABOUTABOUT},
 #ifdef TOR_BROWSER_UPDATE
 {"tbupdate", "chrome://browser/content/abouttbupdate/aboutTBUpdate.xhtml",
  nsIAboutModule::URI_SAFE_FOR_UNTRUSTED_CONTENT |
diff --git a/browser/components/about/components.conf 
b/browser/components/about/components.conf
index d78de142e2e4..8e04467c05da 100644
--- a/browser/components/about/components.conf
+++ b/browser/components/about/components.conf
@@ -14,7 +14,6 @@ pages = [
 'logins',
 'newinstall',
 'newtab',
-'pioneer',
 'pocket-saved',
 'pocket-signup',
 'policies',



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor-browser/tor-browser-78.14.0esr-10.5-1] Bug 33852: Clean up about:logins (LockWise) to avoid mentioning sync, etc.

[sysrqb]

commit 3b5a4ed80a214153f2dfe897c8a64dbdf0fc6ada
Author: Kathy Brade 
Date:   Tue Jul 14 11:15:07 2020 -0400

Bug 33852: Clean up about:logins (LockWise) to avoid mentioning sync, etc.

Hide elements on about:logins that mention sync, "Firefox LockWise", and
Mozilla's LockWise mobile apps.

Disable the "Create New Login" button when security.nocertdb is true.
---
 browser/components/aboutlogins/AboutLoginsParent.jsm   |  2 ++
 browser/components/aboutlogins/content/aboutLogins.css |  8 +++-
 browser/components/aboutlogins/content/aboutLogins.js  |  6 ++
 .../aboutlogins/content/components/fxaccounts-button.css   |  5 +
 .../components/aboutlogins/content/components/menu-button.css  | 10 ++
 5 files changed, 30 insertions(+), 1 deletion(-)

diff --git a/browser/components/aboutlogins/AboutLoginsParent.jsm 
b/browser/components/aboutlogins/AboutLoginsParent.jsm
index 015ce5f29332..d06d6d0ec6c7 100644
--- a/browser/components/aboutlogins/AboutLoginsParent.jsm
+++ b/browser/components/aboutlogins/AboutLoginsParent.jsm
@@ -62,6 +62,7 @@ const PASSWORD_SYNC_NOTIFICATION_ID = "enable-password-sync";
 const HIDE_MOBILE_FOOTER_PREF = "signon.management.page.hideMobileFooter";
 const SHOW_PASSWORD_SYNC_NOTIFICATION_PREF =
   "signon.management.page.showPasswordSyncNotification";
+const NOCERTDB_PREF = "security.nocertdb";
 
 // about:logins will always use the privileged content process,
 // even if it is disabled for other consumers such as about:newtab.
@@ -431,6 +432,7 @@ class AboutLoginsParent extends JSWindowActorParent {
 importVisible:
   Services.policies.isAllowed("profileImport") &&
   AppConstants.platform != "linux",
+canCreateLogins: !Services.prefs.getBoolPref(NOCERTDB_PREF, false),
   });
 
   await AboutLogins._sendAllLoginRelatedObjects(
diff --git a/browser/components/aboutlogins/content/aboutLogins.css 
b/browser/components/aboutlogins/content/aboutLogins.css
index 7ed29bda8297..dca63da2e649 100644
--- a/browser/components/aboutlogins/content/aboutLogins.css
+++ b/browser/components/aboutlogins/content/aboutLogins.css
@@ -69,6 +69,11 @@ login-item {
   grid-area: login;
 }
 
+/* Do not promote Mozilla Sync in Tor Browser. */
+login-intro {
+  display: none !important;
+}
+
 #branding-logo {
   flex-basis: var(--sidebar-width);
   flex-shrink: 0;
@@ -83,7 +88,8 @@ login-item {
   }
 }
 
-:root:not(.official-branding) #branding-logo {
+/* Hide "Firefox LockWise" branding in Tor Browser. */
+#branding-logo {
   visibility: hidden;
 }
 
diff --git a/browser/components/aboutlogins/content/aboutLogins.js 
b/browser/components/aboutlogins/content/aboutLogins.js
index da7d9016a2eb..361b2b0d02bf 100644
--- a/browser/components/aboutlogins/content/aboutLogins.js
+++ b/browser/components/aboutlogins/content/aboutLogins.js
@@ -19,6 +19,9 @@ const gElements = {
   get loginFooter() {
 return this.loginItem.shadowRoot.querySelector("login-footer");
   },
+  get createNewLoginButton() {
+return this.loginList.shadowRoot.querySelector(".create-login-button");
+  },
 };
 
 let numberOfLogins = 0;
@@ -100,6 +103,9 @@ window.addEventListener("AboutLoginsChromeToContent", event 
=> {
   gElements.loginList.setSortDirection(event.detail.value.selectedSort);
   document.documentElement.classList.add("initialized");
   gElements.loginList.classList.add("initialized");
+  if (!event.detail.value.canCreateLogins) {
+gElements.createNewLoginButton.disabled = true;
+  }
   break;
 }
 case "ShowLoginItemError": {
diff --git 
a/browser/components/aboutlogins/content/components/fxaccounts-button.css 
b/browser/components/aboutlogins/content/components/fxaccounts-button.css
index aefda548c84d..a02707980158 100644
--- a/browser/components/aboutlogins/content/components/fxaccounts-button.css
+++ b/browser/components/aboutlogins/content/components/fxaccounts-button.css
@@ -8,6 +8,11 @@
   align-items: center;
 }
 
+/* Do not promote Mozilla Sync in Tor Browser. */
+.logged-out-view {
+  display: none !important;
+}
+
 .fxaccounts-extra-text {
   /* Only show at most 3 lines of text to limit the
  text from overflowing the header. */
diff --git a/browser/components/aboutlogins/content/components/menu-button.css 
b/browser/components/aboutlogins/content/components/menu-button.css
index 3c93d409b2c7..2d7380b2ea37 100644
--- a/browser/components/aboutlogins/content/components/menu-button.css
+++ b/browser/components/aboutlogins/content/components/menu-button.css
@@ -85,3 +85,13 @@
 .menuitem-mobile-android {
   background-image: url("chrome://browser/skin/logo-android.svg");
 }
+
+/*
+ * Do not promote LockWise mobile apps in Tor Browser: hide the menu items
+ * and the separator line that precedes them.
+ */
+.menuitem-mobile-android,
+.menuitem-mobile-ios,
+button[data-event-name="AboutLoginsGetHelp"] + hr {
+  display: none !important;
+}

[tor-commits] [tor-browser/tor-browser-78.14.0esr-10.5-1] Bug 40166: Disable security.certerrors.mitm.auto_enable_enterprise_roots

[sysrqb]

commit 5558f2a06e7707b84a262e07d009eaa6c80c1118
Author: Alex Catarineu 
Date:   Fri Oct 9 12:55:35 2020 +0200

Bug 40166: Disable security.certerrors.mitm.auto_enable_enterprise_roots
---
 browser/app/profile/000-tor-browser.js |  3 +++
 browser/components/BrowserGlue.jsm | 14 ++
 2 files changed, 17 insertions(+)

diff --git a/browser/app/profile/000-tor-browser.js 
b/browser/app/profile/000-tor-browser.js
index 2db11b1ea3d7..760c405d06a6 100644
--- a/browser/app/profile/000-tor-browser.js
+++ b/browser/app/profile/000-tor-browser.js
@@ -325,6 +325,9 @@ pref("security.enterprise_roots.enabled", false);
 // Don't ping Mozilla for MitM detection, see bug 32321
 pref("security.certerrors.mitm.priming.enabled", false);
 
+// Don't automatically enable enterprise roots, see bug 40166
+pref("security.certerrors.mitm.auto_enable_enterprise_roots", false);
+
 // Disable the language pack signing check for now on macOS, see #31942
 #ifdef XP_MACOSX
 pref("extensions.langpacks.signatures.required", false);
diff --git a/browser/components/BrowserGlue.jsm 
b/browser/components/BrowserGlue.jsm
index 057a2121533c..3750230a250b 100644
--- a/browser/components/BrowserGlue.jsm
+++ b/browser/components/BrowserGlue.jsm
@@ -1319,6 +1319,20 @@ BrowserGlue.prototype = {
 // handle any UI migration
 this._migrateUI();
 
+// Clear possibly auto enabled enterprise_roots prefs (see bug 40166)
+if (
+  !Services.prefs.getBoolPref(
+"security.certerrors.mitm.auto_enable_enterprise_roots"
+  ) &&
+  Services.prefs.getBoolPref(
+"security.enterprise_roots.auto-enabled",
+false
+  )
+) {
+  Services.prefs.clearUserPref("security.enterprise_roots.enabled");
+  Services.prefs.clearUserPref("security.enterprise_roots.auto-enabled");
+}
+
 if (!Services.prefs.prefHasUserValue(PREF_PDFJS_ISDEFAULT_CACHE_STATE)) {
   PdfJs.checkIsDefault(this._isNewProfile);
 }



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor-browser/tor-browser-78.14.0esr-10.5-1] Bug 1650281 - P1: Widen `gCombinedSizes` once the buffers grow r=gerald

[sysrqb]

commit e4d2c98010698e7965aff4f475c6f49abfa2aa45
Author: Chun-Min Chang 
Date:   Tue Jul 21 23:38:57 2020 +

Bug 1650281 - P1: Widen `gCombinedSizes` once the buffers grow r=gerald

The `gCombinedSizes` need to be enlarged once the inner buffer within
`MemoryBlockCache` grows. Otherwise, when the `MemoryBlockCache` is
released, subtracting the buffer-size of the `MemoryBlockCache` from
`gCombinedSizes` lead to a underflow.

Differential Revision: https://phabricator.services.mozilla.com/D84273
---
 dom/media/MemoryBlockCache.cpp | 4 
 1 file changed, 4 insertions(+)

diff --git a/dom/media/MemoryBlockCache.cpp b/dom/media/MemoryBlockCache.cpp
index 2d31119dca0a..bf073e6769d0 100644
--- a/dom/media/MemoryBlockCache.cpp
+++ b/dom/media/MemoryBlockCache.cpp
@@ -114,6 +114,10 @@ bool MemoryBlockCache::EnsureBufferCanContain(size_t 
aContentLength) {
 // possibly bypass some future growths that would fit in this new capacity.
 mBuffer.SetLength(capacity);
   }
+  const size_t newSizes = gCombinedSizes += (extra + extraCapacity);
+  LOG("EnsureBufferCanContain(%zu) - buffer size %zu + requested %zu + bonus "
+  "%zu = %zu; combined sizes %zu",
+  aContentLength, initialLength, extra, extraCapacity, capacity, newSizes);
   mHasGrown = true;
   return true;
 }



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor-browser/tor-browser-78.14.0esr-10.5-1] Bug 40073: Disable remote Public Suffix List fetching

[sysrqb]

commit 9cc63eddf63e9a637c24686bed3f61ca50873982
Author: Alex Catarineu 
Date:   Thu Aug 13 11:05:03 2020 +0200

Bug 40073: Disable remote Public Suffix List fetching

In https://bugzilla.mozilla.org/show_bug.cgi?id=1563246 Firefox implemented
fetching the Public Suffix List via RemoteSettings and replacing the default
one at runtime, which we do not want.
---
 browser/components/BrowserGlue.jsm | 5 -
 1 file changed, 5 deletions(-)

diff --git a/browser/components/BrowserGlue.jsm 
b/browser/components/BrowserGlue.jsm
index e08e461a27ff..ec38d0ca8b33 100644
--- a/browser/components/BrowserGlue.jsm
+++ b/browser/components/BrowserGlue.jsm
@@ -695,7 +695,6 @@ XPCOMUtils.defineLazyModuleGetters(this, {
   PluralForm: "resource://gre/modules/PluralForm.jsm",
   PrivateBrowsingUtils: "resource://gre/modules/PrivateBrowsingUtils.jsm",
   ProcessHangMonitor: "resource:///modules/ProcessHangMonitor.jsm",
-  PublicSuffixList: "resource://gre/modules/netwerk-dns/PublicSuffixList.jsm",
   RemoteSettings: "resource://services-settings/remote-settings.js",
   RemoteSecuritySettings:
 "resource://gre/modules/psm/RemoteSecuritySettings.jsm",
@@ -2575,10 +2574,6 @@ BrowserGlue.prototype = {
 this._addBreachesSyncHandler();
   },
 
-  () => {
-PublicSuffixList.init();
-  },
-
   () => {
 RemoteSecuritySettings.init();
   },



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor-browser/tor-browser-78.14.0esr-10.5-1] Bug 32418: Allow updates to be disabled via an enterprise policy.

[sysrqb]

commit d5e199d9f862664f5e290c741f38039ed7f0ce24
Author: Kathy Brade 
Date:   Thu Apr 16 17:07:09 2020 -0400

Bug 32418: Allow updates to be disabled via an enterprise policy.

Restrict the Enterprise Policies mechanism to only consult a
policies.json file (avoiding the Windows Registry and macOS's
file system attributes).

Add a few disabledByPolicy() checks to the update service to
avoid extraneous (and potentially confusing) log messages when
updates are disabled by policy.

Sample content for distribution/policies.json:
{
  "policies": {
"DisableAppUpdate": true
  }
}

On Linux, avoid reading policies from /etc/firefox/policies/policies.json
---
 .../components/enterprisepolicies/EnterprisePolicies.js  | 12 
 toolkit/components/enterprisepolicies/moz.build  |  4 +++-
 toolkit/mozapps/update/UpdateService.jsm | 16 
 3 files changed, 31 insertions(+), 1 deletion(-)

diff --git a/toolkit/components/enterprisepolicies/EnterprisePolicies.js 
b/toolkit/components/enterprisepolicies/EnterprisePolicies.js
index 070d5fe1f16b..adb073a2350c 100644
--- a/toolkit/components/enterprisepolicies/EnterprisePolicies.js
+++ b/toolkit/components/enterprisepolicies/EnterprisePolicies.js
@@ -2,6 +2,10 @@
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 
+// To ensure that policies intended for Firefox or another browser will not
+// be used, Tor Browser only looks for policies in ${InstallDir}/distribution
+#define AVOID_SYSTEM_POLICIES MOZ_PROXY_BYPASS_PROTECTION
+
 const { XPCOMUtils } = ChromeUtils.import(
   "resource://gre/modules/XPCOMUtils.jsm"
 );
@@ -11,9 +15,11 @@ const { AppConstants } = ChromeUtils.import(
 );
 
 XPCOMUtils.defineLazyModuleGetters(this, {
+#ifndef AVOID_SYSTEM_POLICIES
   WindowsGPOParser: "resource://gre/modules/policies/WindowsGPOParser.jsm",
   macOSPoliciesParser:
 "resource://gre/modules/policies/macOSPoliciesParser.jsm",
+#endif
   Policies: "resource:///modules/policies/Policies.jsm",
   JsonSchemaValidator:
 "resource://gre/modules/components-utils/JsonSchemaValidator.jsm",
@@ -117,11 +123,13 @@ EnterprisePoliciesManager.prototype = {
 
   _chooseProvider() {
 let platformProvider = null;
+#ifndef AVOID_SYSTEM_POLICIES
 if (AppConstants.platform == "win") {
   platformProvider = new WindowsGPOPoliciesProvider();
 } else if (AppConstants.platform == "macosx") {
   platformProvider = new macOSPoliciesProvider();
 }
+#endif
 let jsonProvider = new JSONPoliciesProvider();
 if (platformProvider && platformProvider.hasPolicies) {
   if (jsonProvider.hasPolicies) {
@@ -470,6 +478,7 @@ class JSONPoliciesProvider {
   _getConfigurationFile() {
 let configFile = null;
 
+#ifndef AVOID_SYSTEM_POLICIES
 if (AppConstants.platform == "linux") {
   let systemConfigFile = Cc["@mozilla.org/file/local;1"].createInstance(
 Ci.nsIFile
@@ -482,6 +491,7 @@ class JSONPoliciesProvider {
 return systemConfigFile;
   }
 }
+#endif
 
 try {
   let perUserPath = Services.prefs.getBoolPref(PREF_PER_USER_DIR, false);
@@ -563,6 +573,7 @@ class JSONPoliciesProvider {
   }
 }
 
+#ifndef AVOID_SYSTEM_POLICIES
 class WindowsGPOPoliciesProvider {
   constructor() {
 this._policies = null;
@@ -637,6 +648,7 @@ class macOSPoliciesProvider {
 return this._failed;
   }
 }
+#endif
 
 class CombinedProvider {
   constructor(primaryProvider, secondaryProvider) {
diff --git a/toolkit/components/enterprisepolicies/moz.build 
b/toolkit/components/enterprisepolicies/moz.build
index 8f7d7d8cfed7..7528f569bb3e 100644
--- a/toolkit/components/enterprisepolicies/moz.build
+++ b/toolkit/components/enterprisepolicies/moz.build
@@ -19,10 +19,12 @@ TEST_DIRS += [
 
 if CONFIG['MOZ_WIDGET_TOOLKIT'] != "android":
 EXTRA_COMPONENTS += [
-'EnterprisePolicies.js',
 'EnterprisePolicies.manifest',
 'EnterprisePoliciesContent.js',
 ]
+EXTRA_PP_COMPONENTS += [
+'EnterprisePolicies.js',
+]
 
 if CONFIG['MOZ_WIDGET_TOOLKIT'] == 'windows':
 EXTRA_JS_MODULES.policies += [
diff --git a/toolkit/mozapps/update/UpdateService.jsm 
b/toolkit/mozapps/update/UpdateService.jsm
index 2c565cecadd7..1fb397373151 100644
--- a/toolkit/mozapps/update/UpdateService.jsm
+++ b/toolkit/mozapps/update/UpdateService.jsm
@@ -3268,6 +3268,14 @@ UpdateService.prototype = {
* See nsIUpdateService.idl
*/
   get canApplyUpdates() {
+if (this.disabledByPolicy) {
+  LOG(
+"UpdateService.canApplyUpdates - unable to apply updates, " +
+  "the option has been disabled by the administrator."
+  );
+  return false;
+}
+
 return getCanApplyUpdates() && hasUpdateMutex();
   },
 
@@ -3275,6 +3283,14 @@ UpdateService.prototype = {
* See nsIUpdateService.idl
*/
   get 

[tor-commits] [tor-browser/tor-browser-78.14.0esr-10.5-1] Bug 40432: Prevent probing installed applications

[sysrqb]

commit 2caca47fbf46ec2de97e019cefcd94f747a3355b
Author: Matthew Finkel 
Date:   Mon May 17 18:09:09 2021 +

Bug 40432: Prevent probing installed applications
---
 .../exthandler/nsExternalHelperAppService.cpp  | 30 ++
 1 file changed, 25 insertions(+), 5 deletions(-)

diff --git a/uriloader/exthandler/nsExternalHelperAppService.cpp 
b/uriloader/exthandler/nsExternalHelperAppService.cpp
index 0dcc1d3ed6ab..7ff9c5b626a3 100644
--- a/uriloader/exthandler/nsExternalHelperAppService.cpp
+++ b/uriloader/exthandler/nsExternalHelperAppService.cpp
@@ -1002,8 +1002,33 @@ nsresult nsExternalHelperAppService::GetFileTokenForPath(
 
//
 // begin external protocol service default implementation...
 
//
+
+static const char kExternalProtocolPrefPrefix[] =
+"network.protocol-handler.external.";
+static const char kExternalProtocolDefaultPref[] =
+"network.protocol-handler.external-default";
+
 NS_IMETHODIMP nsExternalHelperAppService::ExternalProtocolHandlerExists(
 const char* aProtocolScheme, bool* aHandlerExists) {
+
+  // Replicate the same check performed in LoadURI.
+  // Deny load if the prefs say to do so
+  nsAutoCString externalPref(kExternalProtocolPrefPrefix);
+  externalPref += aProtocolScheme;
+  bool allowLoad = false;
+  *aHandlerExists = false;
+  if (NS_FAILED(Preferences::GetBool(externalPref.get(), ))) {
+// no scheme-specific value, check the default
+if (NS_FAILED(
+Preferences::GetBool(kExternalProtocolDefaultPref, ))) {
+  return NS_OK;  // missing default pref
+}
+  }
+
+  if (!allowLoad) {
+return NS_OK;  // explicitly denied
+  }
+
   nsCOMPtr handlerInfo;
   nsresult rv = GetProtocolHandlerInfo(nsDependentCString(aProtocolScheme),
getter_AddRefs(handlerInfo));
@@ -1046,11 +1071,6 @@ NS_IMETHODIMP 
nsExternalHelperAppService::IsExposedProtocol(
   return NS_OK;
 }
 
-static const char kExternalProtocolPrefPrefix[] =
-"network.protocol-handler.external.";
-static const char kExternalProtocolDefaultPref[] =
-"network.protocol-handler.external-default";
-
 NS_IMETHODIMP
 nsExternalHelperAppService::LoadURI(nsIURI* aURI,
 nsIPrincipal* aTriggeringPrincipal,



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor-browser/tor-browser-78.14.0esr-10.5-1] Bug 40025: Remove Mozilla add-on install permissions

[sysrqb]

commit 84b2afbba1b3e7a99532ed28e528ee4d81104c79
Author: Alex Catarineu 
Date:   Mon Jul 27 18:12:55 2020 +0200

Bug 40025: Remove Mozilla add-on install permissions
---
 browser/app/permissions | 6 --
 1 file changed, 6 deletions(-)

diff --git a/browser/app/permissions b/browser/app/permissions
index c50a15acd72b..093c0f6c1bf8 100644
--- a/browser/app/permissions
+++ b/browser/app/permissions
@@ -11,12 +11,6 @@
 origin uitour  1   
https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion/
 origin uitour  1   about:tor
 
-# XPInstall
-origin install 1   https://addons.mozilla.org
-
 # Remote troubleshooting
 origin remote-troubleshooting  1   https://support.mozilla.org
 
-# addon install
-origin install 1   https://private-network.firefox.com
-origin install 1   https://fpn.firefox.com



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor-browser/tor-browser-78.14.0esr-10.5-1] Bug 1673237 - Always allow SVGs on about: pages r=acat, tjr, emilio

[sysrqb]

commit e6813cca6653b9e37cf5d84cad6aea3a40a79431
Author: sanketh 
Date:   Tue Nov 3 17:34:20 2020 +

Bug 1673237 - Always allow SVGs on about: pages r=acat,tjr,emilio

- Updated layout/svg/tests/test_disabled.html to ensure that this doesn't 
allow
  rendering SVGs on about:blank and about:srcdoc.

Differential Revision: https://phabricator.services.mozilla.com/D95139
---
 dom/base/nsNodeInfoManager.cpp | 18 ++---
 layout/svg/tests/file_disabled_iframe.html | 31 +-
 2 files changed, 41 insertions(+), 8 deletions(-)

diff --git a/dom/base/nsNodeInfoManager.cpp b/dom/base/nsNodeInfoManager.cpp
index b0534b661a23..8bc6b0ba2bd6 100644
--- a/dom/base/nsNodeInfoManager.cpp
+++ b/dom/base/nsNodeInfoManager.cpp
@@ -352,9 +352,12 @@ void nsNodeInfoManager::RemoveNodeInfo(NodeInfo* 
aNodeInfo) {
   MOZ_ASSERT(ret, "Can't find mozilla::dom::NodeInfo to remove!!!");
 }
 
-static bool IsSystemOrAddonPrincipal(nsIPrincipal* aPrincipal) {
+static bool IsSystemOrAddonOrAboutPrincipal(nsIPrincipal* aPrincipal) {
   return aPrincipal->IsSystemPrincipal() ||
- BasePrincipal::Cast(aPrincipal)->AddonPolicy();
+ BasePrincipal::Cast(aPrincipal)->AddonPolicy() ||
+ // NOTE: about:blank and about:srcdoc inherit the principal of their
+ // parent, so aPrincipal->SchemeIs("about") returns false for them.
+ aPrincipal->SchemeIs("about");
 }
 
 bool nsNodeInfoManager::InternalSVGEnabled() {
@@ -375,17 +378,18 @@ bool nsNodeInfoManager::InternalSVGEnabled() {
   }
 
   // We allow SVG (regardless of the pref) if this is a system or add-on
-  // principal, or if this load was requested for a system or add-on principal
-  // (e.g. a remote image being served as part of system or add-on UI)
+  // principal or about: page, or if this load was requested for a system or
+  // add-on principal or about: page (e.g. a remote image being served as part
+  // of system or add-on UI or about: page)
   bool conclusion =
-  (SVGEnabled || IsSystemOrAddonPrincipal(mPrincipal) ||
+  (SVGEnabled || IsSystemOrAddonOrAboutPrincipal(mPrincipal) ||
(loadInfo &&
 (loadInfo->GetExternalContentPolicyType() ==
  nsIContentPolicy::TYPE_IMAGE ||
  loadInfo->GetExternalContentPolicyType() ==
  nsIContentPolicy::TYPE_OTHER) &&
-(IsSystemOrAddonPrincipal(loadInfo->GetLoadingPrincipal()) ||
- IsSystemOrAddonPrincipal(loadInfo->TriggeringPrincipal();
+(IsSystemOrAddonOrAboutPrincipal(loadInfo->GetLoadingPrincipal()) ||
+ IsSystemOrAddonOrAboutPrincipal(loadInfo->TriggeringPrincipal();
   mSVGEnabled = Some(conclusion);
   return conclusion;
 }
diff --git a/layout/svg/tests/file_disabled_iframe.html 
b/layout/svg/tests/file_disabled_iframe.html
index 6feae3024730..55eda75fdefb 100644
--- a/layout/svg/tests/file_disabled_iframe.html
+++ b/layout/svg/tests/file_disabled_iframe.html
@@ -48,5 +48,34 @@
   t.firstChild.firstChild.textContent = "1&2<3>4\xA0";
   is(t.innerHTML, 

[tor-commits] [tor-browser/tor-browser-78.14.0esr-10.5-1] Bug 1658881 - When failing to create a channel and an image request, make sure to set the image blocking status appropriately. r=tnikkel

[sysrqb]

commit d2a3a99d909ae5ec0f0998292ce922a97eaf2ebc
Author: Emilio Cobos Álvarez 
Date:   Wed Sep 9 22:58:29 2020 +

Bug 1658881 - When failing to create a channel and an image request, make 
sure to set the image blocking status appropriately. r=tnikkel

This is the same status as we do for known no-data protocols here:

  
https://searchfox.org/mozilla-central/rev/ac142717cc067d875e83e4b1316f004f6e063a46/dom/base/nsNoDataProtocolContentPolicy.cpp#59

This ensures we treat these two cases the same.

Differential Revision: https://phabricator.services.mozilla.com/D89382
---
 dom/base/nsImageLoadingContent.cpp  | 7 ++-
 layout/reftests/image/reftest.list  | 1 +
 layout/reftests/image/unknown-protocol-ref.html | 1 +
 layout/reftests/image/unknown-protocol.html | 1 +
 4 files changed, 9 insertions(+), 1 deletion(-)

diff --git a/dom/base/nsImageLoadingContent.cpp 
b/dom/base/nsImageLoadingContent.cpp
index 23b1fd791c1f..85de63bef02d 100644
--- a/dom/base/nsImageLoadingContent.cpp
+++ b/dom/base/nsImageLoadingContent.cpp
@@ -1207,7 +1207,12 @@ nsresult nsImageLoadingContent::LoadImage(nsIURI* 
aNewURI, bool aForce,
 MOZ_ASSERT(!req, "Shouldn't have non-null request here");
 // If we don't have a current URI, we might as well store this URI so 
people
 // know what we tried (and failed) to load.
-if (!mCurrentRequest) mCurrentURI = aNewURI;
+if (!mCurrentRequest) {
+  mCurrentURI = aNewURI;
+  if (mImageBlockingStatus == nsIContentPolicy::ACCEPT) {
+mImageBlockingStatus = nsIContentPolicy::REJECT_REQUEST;
+  }
+}
 
 FireEvent(NS_LITERAL_STRING("error"));
 FireEvent(NS_LITERAL_STRING("loadend"));
diff --git a/layout/reftests/image/reftest.list 
b/layout/reftests/image/reftest.list
index a8a91c13ed3a..3c561fe3a7c8 100644
--- a/layout/reftests/image/reftest.list
+++ b/layout/reftests/image/reftest.list
@@ -69,3 +69,4 @@ random-if(/^Windows\x20NT\x206\.1/.test(http.oscpu)) == 
image-srcset-basic-selec
 pref(dom.image-lazy-loading.enabled,true) == 
moz-broken-matching-lazy-load.html moz-broken-matching-1-ref.html
 
 == img-invalidation-local-transform-1.html 
img-invalidation-local-transform-1-ref.html
+== unknown-protocol.html unknown-protocol-ref.html
diff --git a/layout/reftests/image/unknown-protocol-ref.html 
b/layout/reftests/image/unknown-protocol-ref.html
new file mode 100644
index ..b5bb326eef57
--- /dev/null
+++ b/layout/reftests/image/unknown-protocol-ref.html
@@ -0,0 +1 @@
+mailto://foo;>
diff --git a/layout/reftests/image/unknown-protocol.html 
b/layout/reftests/image/unknown-protocol.html
new file mode 100644
index ..ef06881b7bcb
--- /dev/null
+++ b/layout/reftests/image/unknown-protocol.html
@@ -0,0 +1 @@
+



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor-browser/tor-browser-78.14.0esr-10.5-1] Bug 21952: Implement Onion-Location

[sysrqb]

commit a16b60e3c0623180bfd4b9b19872a5d55f4374f4
Author: Alex Catarineu 
Date:   Thu Mar 5 22:16:39 2020 +0100

Bug 21952: Implement Onion-Location

Whenever a valid Onion-Location HTTP header (or corresponding HTML
 http-equiv attribute) is found in a document load, we either
redirect to it (if the user opted-in via preference) or notify the
presence of an onionsite alternative with a badge in the urlbar.
---
 browser/base/content/browser.js|  12 ++
 browser/base/content/browser.xhtml |   3 +
 browser/components/BrowserGlue.jsm |   9 ++
 .../onionservices/OnionLocationChild.jsm   |  43 ++
 .../onionservices/OnionLocationParent.jsm  | 161 +
 .../content/onionlocation-notification-icons.css   |   5 +
 .../onionservices/content/onionlocation-urlbar.css |  27 
 .../content/onionlocation-urlbar.inc.xhtml |  10 ++
 .../onionservices/content/onionlocation.svg|   3 +
 .../content/onionlocationPreferences.inc.xhtml |  11 ++
 .../content/onionlocationPreferences.js|  31 
 browser/components/onionservices/jar.mn|   2 +
 browser/components/onionservices/moz.build |   2 +
 browser/components/preferences/privacy.inc.xhtml   |   2 +
 browser/components/preferences/privacy.js  |  17 +++
 browser/themes/shared/notification-icons.inc.css   |   2 +
 browser/themes/shared/urlbar-searchbar.inc.css |   2 +
 dom/base/Document.cpp  |  34 -
 dom/base/Document.h|   2 +
 dom/webidl/Document.webidl |   9 ++
 modules/libpref/init/StaticPrefList.yaml   |   5 +
 xpcom/ds/StaticAtoms.py|   1 +
 22 files changed, 392 insertions(+), 1 deletion(-)

diff --git a/browser/base/content/browser.js b/browser/base/content/browser.js
index bd5f10cb6f64..04f8752b93f4 100644
--- a/browser/base/content/browser.js
+++ b/browser/base/content/browser.js
@@ -44,6 +44,7 @@ XPCOMUtils.defineLazyModuleGetters(this, {
   NetUtil: "resource://gre/modules/NetUtil.jsm",
   NewTabUtils: "resource://gre/modules/NewTabUtils.jsm",
   OpenInTabsUtils: "resource:///modules/OpenInTabsUtils.jsm",
+  OnionLocationParent: "resource:///modules/OnionLocationParent.jsm",
   PageActions: "resource:///modules/PageActions.jsm",
   PageThumbs: "resource://gre/modules/PageThumbs.jsm",
   PanelMultiView: "resource:///modules/PanelMultiView.jsm",
@@ -5422,6 +5423,7 @@ var XULBrowserWindow = {
 Services.obs.notifyObservers(null, "touchbar-location-change", location);
 UpdateBackForwardCommands(gBrowser.webNavigation);
 ReaderParent.updateReaderButton(gBrowser.selectedBrowser);
+OnionLocationParent.updateOnionLocationBadge(gBrowser.selectedBrowser);
 
 if (!gMultiProcessBrowser) {
   // Bug 1108553 - Cannot rotate images with e10s
@@ -5964,6 +5966,16 @@ const AccessibilityRefreshBlocker = {
 
 var TabsProgressListener = {
   onStateChange(aBrowser, aWebProgress, aRequest, aStateFlags, aStatus) {
+// Clear OnionLocation UI
+if (
+  aStateFlags & Ci.nsIWebProgressListener.STATE_START &&
+  aStateFlags & Ci.nsIWebProgressListener.STATE_IS_NETWORK &&
+  aRequest &&
+  aWebProgress.isTopLevel
+) {
+  OnionLocationParent.onStateChange(aBrowser);
+}
+
 // Collect telemetry data about tab load times.
 if (
   aWebProgress.isTopLevel &&
diff --git a/browser/base/content/browser.xhtml 
b/browser/base/content/browser.xhtml
index 4cab5fad6475..c2caecc1a416 100644
--- a/browser/base/content/browser.xhtml
+++ b/browser/base/content/browser.xhtml
@@ -1077,6 +1077,9 @@
onclick="FullZoom.reset();"
tooltip="dynamic-shortcut-tooltip"
hidden="true"/>
+
+#include ../../components/onionservices/content/onionlocation-urlbar.inc.xhtml
+
 
  {},
+};
+
+const options = {
+  autofocus: true,
+  persistent: true,
+  removeOnDismissal: false,
+  eventCallback(aTopic) {
+if (aTopic === "removed") {
+  delete browser._onionLocationPrompt;
+  delete browser.onionpopupnotificationanchor;
+}
+  },
+  learnMoreURL: NOTIFICATION_LEARN_MORE_URL,
+  displayURI: {
+hostPort: NOTIFICATION_TITLE, // This is hacky, but allows us to have 
a title without extra markup/css.
+  },
+  hideClose: true,
+  popupIconClass: "onionlocation-notification-icon",
+};
+
+// A hacky way of setting the popup anchor outside the usual url bar icon 
box
+// onionlocationpopupnotificationanchor comes from 
`${ANCHOR_ID}popupnotificationanchor`
+// From 
https://searchfox.org/mozilla-esr68/rev/080f9ed47742644d2ff84f7aa0b10aea5c44301a/browser/components/newtab/lib/CFRPageActions.jsm#488
+browser.onionlocationpopupnotificationanchor = win.document.getElementById(

[tor-commits] [tor-browser/tor-browser-78.14.0esr-10.5-1] Bug 33342: Avoid disconnect search addon error after removal.

[sysrqb]

commit 7715beeba975f67557edab91bc677d2d60101dbc
Author: Alex Catarineu 
Date:   Fri Mar 13 18:19:30 2020 +0100

Bug 33342: Avoid disconnect search addon error after removal.

We removed the addon in #32767, but it was still being loaded
from addonStartup.json.lz4 and throwing an error on startup
because its resource: location is not available anymore.
---
 toolkit/mozapps/extensions/internal/XPIProvider.jsm | 6 ++
 1 file changed, 6 insertions(+)

diff --git a/toolkit/mozapps/extensions/internal/XPIProvider.jsm 
b/toolkit/mozapps/extensions/internal/XPIProvider.jsm
index 5e467fb4f14c..794c206fb453 100644
--- a/toolkit/mozapps/extensions/internal/XPIProvider.jsm
+++ b/toolkit/mozapps/extensions/internal/XPIProvider.jsm
@@ -970,6 +970,12 @@ var BuiltInLocation = new (class _BuiltInLocation extends 
XPIStateLocation {
   get enumerable() {
 return false;
   }
+
+  restore(saved) {
+super.restore(saved);
+// Bug 33342: avoid restoring disconnect addon from addonStartup.json.lz4.
+this.removeAddon("disconn...@search.mozilla.org");
+  }
 })();
 
 /**



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor-browser/tor-browser-78.14.0esr-10.5-1] Adding issue template for bugs.

[sysrqb]

commit 68d835c90f177c046511b52588a37a63de2b9a29
Author: Gaba 
Date:   Mon Jun 28 11:44:16 2021 -0700

Adding issue template for bugs.
---
 .gitlab/issue_templates/UXBug.md | 29 +
 .gitlab/issue_templates/bug.md   | 32 
 2 files changed, 61 insertions(+)

diff --git a/.gitlab/issue_templates/UXBug.md b/.gitlab/issue_templates/UXBug.md
new file mode 100644
index ..8e7cb2a5e163
--- /dev/null
+++ b/.gitlab/issue_templates/UXBug.md
@@ -0,0 +1,29 @@
+
+
+### Summary
+**Summarize the bug encountered concisely.**
+
+
+### Steps to reproduce:
+**How one can reproduce the issue - this is very important.**
+
+1. Step 1
+2. Step 2
+3. ...
+
+### What is the current bug behavior?
+**What actually happens.**
+
+
+### What is the expected behavior?
+**What you want to see instead**
+
+
+
+## Relevant logs and/or screenshots
+**Do you have screenshots? Attach them to this ticket please.**
+
+/label ~tor-ux ~needs-investigation ~bug
+/assign @nah
diff --git a/.gitlab/issue_templates/bug.md b/.gitlab/issue_templates/bug.md
new file mode 100644
index ..6ce85a4864be
--- /dev/null
+++ b/.gitlab/issue_templates/bug.md
@@ -0,0 +1,32 @@
+
+
+### Summary
+**Summarize the bug encountered concisely.**
+
+
+### Steps to reproduce:
+**How one can reproduce the issue - this is very important.**
+
+1. Step 1
+2. Step 2
+3. ...
+
+### What is the current bug behavior?
+**What actually happens.**
+
+
+### What is the expected behavior?
+**What you want to see instead**
+
+
+
+### Environment
+**Which operating system are you using? For example: Debian GNU/Linux 10.1, 
Windows 10, Ubuntu Xenial, FreeBSD 12.2, etc.**
+**Which installation method did you use? Distribution package (apt, pkg, 
homebrew), from source tarball, from Git, etc.**
+
+### Relevant logs and/or screenshots
+
+
+/label ~bug



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor-browser/tor-browser-78.14.0esr-10.5-1] Bug 27476: Implement about:torconnect captive portal within Tor Browser

[sysrqb]

commit 89eda798a60a55bb2d64a9011f0b03415470c5bb
Author: Richard Pospesel 
Date:   Wed Apr 28 23:09:34 2021 -0500

Bug 27476: Implement about:torconnect captive portal within Tor Browser

- implements new about:torconnect page as tor-launcher replacement
- adds tor connection status to url bar and tweaks UX when not online
- adds new torconnect component to browser
- tor process management functionality remains implemented in tor-launcher 
through the TorProtocolService module
- the onion pattern from about:tor migrated to an .inc.xhtml file now used 
by both about:tor and about:torconnect
- various design tweaks and resusability fixes to onion pattern
- adds warning/error box to about:preferences#tor when not connected to tor
- explicitly allows about:torconnect URIs to ignore Resist Fingerprinting 
(RFP)
- various tweaks to info-pages.inc.css for about:torconnect (also affects 
other firefox info pages)
---
 browser/actors/NetErrorParent.jsm  |   8 +
 browser/base/content/aboutNetError.js  |  10 +-
 browser/base/content/browser-siteIdentity.js   |   2 +-
 browser/base/content/browser.js|  10 +
 browser/base/content/browser.xhtml |   2 +
 browser/components/BrowserGlue.jsm |  59 +++-
 browser/components/about/AboutRedirector.cpp   |   4 +
 browser/components/about/components.conf   |   1 +
 browser/components/moz.build   |   1 +
 .../onionservices/HttpsEverywhereControl.jsm   |  17 +-
 browser/components/sessionstore/SessionStore.jsm   |  16 +
 browser/components/torconnect/TorConnectChild.jsm  |   9 +
 browser/components/torconnect/TorConnectParent.jsm | 126 
 .../torconnect/content/aboutTorConnect.css | 151 +
 .../torconnect/content/aboutTorConnect.js  | 339 +
 .../torconnect/content/aboutTorConnect.xhtml   |  54 
 .../components/torconnect/content/onion-slash.svg  |   7 +
 browser/components/torconnect/content/onion.svg|   3 +
 .../torconnect/content/torBootstrapUrlbar.js   | 136 +
 .../torconnect/content/torconnect-urlbar.css   |  65 
 .../torconnect/content/torconnect-urlbar.inc.xhtml |  11 +
 browser/components/torconnect/jar.mn   |   7 +
 browser/components/torconnect/moz.build|   6 +
 .../components/torpreferences/content/torPane.js   |  86 ++
 .../torpreferences/content/torPane.xhtml   |  34 +++
 .../torpreferences/content/torPreferences.css  | 121 
 browser/components/urlbar/UrlbarInput.jsm  |  31 ++
 browser/modules/TorConnect.jsm |  62 
 browser/modules/TorProcessService.jsm  |  12 +
 browser/modules/TorProtocolService.jsm | 124 +++-
 browser/modules/TorStrings.jsm |  75 +
 browser/modules/moz.build  |   2 +
 browser/themes/shared/jar.inc.mn   |   1 +
 browser/themes/shared/onionPattern.css | 124 
 browser/themes/shared/onionPattern.inc.xhtml   | 210 +
 browser/themes/shared/urlbar-searchbar.inc.css |   2 +
 dom/base/Document.cpp  |  51 +++-
 dom/base/nsGlobalWindowOuter.cpp   |   2 +
 toolkit/modules/AsyncPrefs.jsm |   2 +
 toolkit/modules/RemotePageAccessManager.jsm|  26 ++
 toolkit/mozapps/update/UpdateService.jsm   |  68 -
 .../themes/shared/in-content/info-pages.inc.css|  15 +-
 .../lib/environments/browser-window.js |   4 +
 43 files changed, 2080 insertions(+), 16 deletions(-)

diff --git a/browser/actors/NetErrorParent.jsm 
b/browser/actors/NetErrorParent.jsm
index 035195391554..fa3cbf23fcb7 100644
--- a/browser/actors/NetErrorParent.jsm
+++ b/browser/actors/NetErrorParent.jsm
@@ -17,6 +17,10 @@ const { SessionStore } = ChromeUtils.import(
 );
 const { HomePage } = ChromeUtils.import("resource:///modules/HomePage.jsm");
 
+const { TorProtocolService } = ChromeUtils.import(
+  "resource:///modules/TorProtocolService.jsm"
+);
+
 const PREF_SSL_IMPACT_ROOTS = [
   "security.tls.version.",
   "security.ssl3.",
@@ -318,6 +322,10 @@ class NetErrorParent extends JSWindowActorParent {
 break;
   }
 }
+break;
+  case "ShouldShowTorConnect":
+return TorProtocolService.shouldShowTorConnect();
 }
+return undefined;
   }
 }
diff --git a/browser/base/content/aboutNetError.js 
b/browser/base/content/aboutNetError.js
index 60db17f46eb9..6844154e16e3 100644
--- a/browser/base/content/aboutNetError.js
+++ b/browser/base/content/aboutNetError.js
@@ -194,8 +194,16 @@ async function setErrorPageStrings(err) {
   document.l10n.setAttributes(titleElement, title);
 }
 
-function initPage() {
+async function initPage() {
   var err = getErrorCode();
+
+  // proxyConnectFailure because no-tor running daemon 

[tor-commits] [tor-browser/tor-browser-78.14.0esr-10.5-1] Bug 1650281 - P2: Make sure `gCombinedSizes` won't be underflowed r=gerald

[sysrqb]

commit 63be947e830fb4054cf43fd233585bbd94721775
Author: Chun-Min Chang 
Date:   Tue Jul 21 23:39:14 2020 +

Bug 1650281 - P2: Make sure `gCombinedSizes` won't be underflowed r=gerald

In any case, `gCombinedSizes` should be larger than or equal to the
buffer within `MemoryClockCache`.

Differential Revision: https://phabricator.services.mozilla.com/D84274
---
 dom/media/MemoryBlockCache.cpp | 1 +
 1 file changed, 1 insertion(+)

diff --git a/dom/media/MemoryBlockCache.cpp b/dom/media/MemoryBlockCache.cpp
index bf073e6769d0..2848a3f3812c 100644
--- a/dom/media/MemoryBlockCache.cpp
+++ b/dom/media/MemoryBlockCache.cpp
@@ -52,6 +52,7 @@ MemoryBlockCache::MemoryBlockCache(int64_t aContentLength)
 }
 
 MemoryBlockCache::~MemoryBlockCache() {
+  MOZ_ASSERT(gCombinedSizes >= mBuffer.Length());
   size_t sizes = static_cast(gCombinedSizes -= mBuffer.Length());
   LOG("~MemoryBlockCache() - destroying buffer of size %zu; combined sizes now 
"
   "%zu",



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor-browser/tor-browser-78.14.0esr-10.5-1] Bug 40475: Include clearing CORS preflight cache

[sysrqb]

commit 85898f8cdd7462c0a619d8b91ba293dc3afe399a
Author: Matthew Finkel 
Date:   Sun Jun 6 20:32:23 2021 +

Bug 40475: Include clearing CORS preflight cache
---
 netwerk/protocol/http/nsCORSListenerProxy.cpp | 7 +++
 netwerk/protocol/http/nsCORSListenerProxy.h   | 1 +
 netwerk/protocol/http/nsHttpHandler.cpp   | 2 ++
 3 files changed, 10 insertions(+)

diff --git a/netwerk/protocol/http/nsCORSListenerProxy.cpp 
b/netwerk/protocol/http/nsCORSListenerProxy.cpp
index 76870e6cea3f..6d2e160c2a9b 100644
--- a/netwerk/protocol/http/nsCORSListenerProxy.cpp
+++ b/netwerk/protocol/http/nsCORSListenerProxy.cpp
@@ -346,6 +346,13 @@ void nsCORSListenerProxy::Shutdown() {
   sPreflightCache = nullptr;
 }
 
+/* static */
+void nsCORSListenerProxy::Clear() {
+  if (sPreflightCache) {
+sPreflightCache->Clear();
+  }
+}
+
 nsCORSListenerProxy::nsCORSListenerProxy(nsIStreamListener* aOuter,
  nsIPrincipal* aRequestingPrincipal,
  bool aWithCredentials)
diff --git a/netwerk/protocol/http/nsCORSListenerProxy.h 
b/netwerk/protocol/http/nsCORSListenerProxy.h
index 8c0df2e0ff28..3f76be33f209 100644
--- a/netwerk/protocol/http/nsCORSListenerProxy.h
+++ b/netwerk/protocol/http/nsCORSListenerProxy.h
@@ -54,6 +54,7 @@ class nsCORSListenerProxy final : public nsIStreamListener,
   NS_DECL_NSITHREADRETARGETABLESTREAMLISTENER
 
   static void Shutdown();
+  static void Clear();
 
   [[nodiscard]] nsresult Init(nsIChannel* aChannel,
   DataURIHandling aAllowDataURI);
diff --git a/netwerk/protocol/http/nsHttpHandler.cpp 
b/netwerk/protocol/http/nsHttpHandler.cpp
index d5e2c61dbec9..c6cb95ca7fcc 100644
--- a/netwerk/protocol/http/nsHttpHandler.cpp
+++ b/netwerk/protocol/http/nsHttpHandler.cpp
@@ -10,6 +10,7 @@
 #include "prsystem.h"
 
 #include "AltServiceChild.h"
+#include "nsCORSListenerProxy.h"
 #include "nsError.h"
 #include "nsHttp.h"
 #include "nsHttpHandler.h"
@@ -2290,6 +2291,7 @@ nsHttpHandler::Observe(nsISupports* subject, const char* 
topic,
 mAltSvcCache->ClearAltServiceMappings();
   }
 }
+nsCORSListenerProxy::Clear();
   } else if (!strcmp(topic, NS_NETWORK_LINK_TOPIC)) {
 nsAutoCString converted = NS_ConvertUTF16toUTF8(data);
 if (!strcmp(converted.get(), NS_NETWORK_LINK_DATA_CHANGED)) {



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor-browser/tor-browser-78.14.0esr-10.5-1] 40209: Implement Basic Crypto Safety

[sysrqb]

commit 2bffa45450af4da3c126da12e919542aef295a9b
Author: sanketh 
Date:   Mon Feb 8 20:12:44 2021 -0500

40209: Implement Basic Crypto Safety

Adds a CryptoSafety actor which detects when you've copied a crypto
address from a HTTP webpage and shows a warning.

Closes #40209.

Bug 40428: Fix string attribute names
---
 browser/actors/CryptoSafetyChild.jsm |  87 
 browser/actors/CryptoSafetyParent.jsm| 142 +++
 browser/actors/moz.build |   2 +
 browser/base/content/popup-notifications.inc |  14 +++
 browser/components/BrowserGlue.jsm   |  17 
 browser/modules/TorStrings.jsm   |  48 +
 browser/themes/shared/browser.inc.css|   5 +
 toolkit/content/license.html |  32 ++
 toolkit/modules/Bech32Decode.jsm | 103 +++
 toolkit/modules/moz.build|   1 +
 10 files changed, 451 insertions(+)

diff --git a/browser/actors/CryptoSafetyChild.jsm 
b/browser/actors/CryptoSafetyChild.jsm
new file mode 100644
index ..87ff261d4915
--- /dev/null
+++ b/browser/actors/CryptoSafetyChild.jsm
@@ -0,0 +1,87 @@
+/* -*- indent-tabs-mode: nil; js-indent-level: 2 -*- */
+/* Copyright (c) 2020, The Tor Project, Inc.
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+var EXPORTED_SYMBOLS = ["CryptoSafetyChild"];
+
+const { Bech32Decode } = ChromeUtils.import(
+  "resource://gre/modules/Bech32Decode.jsm"
+);
+
+const { XPCOMUtils } = ChromeUtils.import(
+  "resource://gre/modules/XPCOMUtils.jsm"
+);
+
+const kPrefCryptoSafety = "security.cryptoSafety";
+
+XPCOMUtils.defineLazyPreferenceGetter(
+  this,
+  "isCryptoSafetyEnabled",
+  kPrefCryptoSafety,
+  true /* defaults to true */
+);
+
+function looksLikeCryptoAddress(s) {
+  // P2PKH and P2SH addresses
+  // https://stackoverflow.com/a/24205650
+  const bitcoinAddr = /^[13][a-km-zA-HJ-NP-Z1-9]{25,39}$/;
+  if (bitcoinAddr.test(s)) {
+return true;
+  }
+
+  // Bech32 addresses
+  if (Bech32Decode(s) !== null) {
+return true;
+  }
+
+  // regular addresses
+  const etherAddr = /^0x[a-fA-F0-9]{40}$/;
+  if (etherAddr.test(s)) {
+return true;
+  }
+
+  // t-addresses
+  // 
https://www.reddit.com/r/zec/comments/8mxj6x/simple_regex_to_validate_a_zcash_tz_address/dzr62p5/
+  const zcashAddr = /^t1[a-zA-Z0-9]{33}$/;
+  if (zcashAddr.test(s)) {
+return true;
+  }
+
+  // Standard, Integrated, and 256-bit Integrated addresses
+  // https://monero.stackexchange.com/a/10627
+  const moneroAddr = 
/^4(?:[0-9AB]|[1-9A-HJ-NP-Za-km-z]{12}(?:[1-9A-HJ-NP-Za-km-z]{30})?)[1-9A-HJ-NP-Za-km-z]{93}$/;
+  if (moneroAddr.test(s)) {
+return true;
+  }
+
+  return false;
+}
+
+class CryptoSafetyChild extends JSWindowActorChild {
+  handleEvent(event) {
+if (isCryptoSafetyEnabled) {
+  // Ignore non-HTTP addresses
+  if (!this.document.documentURIObject.schemeIs("http")) {
+return;
+  }
+  // Ignore onion addresses
+  if (this.document.documentURIObject.host.endsWith(".onion")) {
+return;
+  }
+
+  if (event.type == "copy" || event.type == "cut") {
+this.contentWindow.navigator.clipboard.readText().then(clipText => {
+  const selection = clipText.trim();
+  if (looksLikeCryptoAddress(selection)) {
+this.sendAsyncMessage("CryptoSafety:CopiedText", {
+  selection,
+});
+  }
+});
+  }
+}
+  }
+}
diff --git a/browser/actors/CryptoSafetyParent.jsm 
b/browser/actors/CryptoSafetyParent.jsm
new file mode 100644
index ..bac151df5511
--- /dev/null
+++ b/browser/actors/CryptoSafetyParent.jsm
@@ -0,0 +1,142 @@
+/* -*- indent-tabs-mode: nil; js-indent-level: 2 -*- */
+/* Copyright (c) 2020, The Tor Project, Inc.
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+var EXPORTED_SYMBOLS = ["CryptoSafetyParent"];
+
+const { XPCOMUtils } = ChromeUtils.import(
+  "resource://gre/modules/XPCOMUtils.jsm"
+);
+
+XPCOMUtils.defineLazyModuleGetters(this, {
+  TorStrings: "resource:///modules/TorStrings.jsm",
+});
+
+const kPrefCryptoSafety = "security.cryptoSafety";
+
+XPCOMUtils.defineLazyPreferenceGetter(
+  this,
+  "isCryptoSafetyEnabled",
+  kPrefCryptoSafety,
+  true /* defaults to true */
+);
+
+class CryptoSafetyParent extends JSWindowActorParent {
+  getBrowser() {
+return this.browsingContext.top.embedderElement;
+  }
+
+  receiveMessage(aMessage) {
+if (isCryptoSafetyEnabled) {
+  if (aMessage.name == "CryptoSafety:CopiedText") {
+showPopup(this.getBrowser(), aMessage.data.selection);
+  }
+}
+  

[tor-commits] [tor-browser/tor-browser-78.14.0esr-10.5-1] Bug 28005: Implement .onion alias urlbar rewrites

[sysrqb]

commit e805affcc12bcef9cdbdb5fdd90530b8217f
Author: Alex Catarineu 
Date:   Thu Feb 13 13:24:33 2020 +0100

Bug 28005: Implement .onion alias urlbar rewrites

A custom HTTPS Everywhere update channel is installed,
which provides rules for locally redirecting some memorable
.tor.onion URLs to non-memorable .onion URLs.

When these redirects occur, we also rewrite the URL in the urlbar
to display the human-memorable hostname instead of the actual
.onion.

Bug 34196: Update site info URL with the onion name

Bug 40456: Update the SecureDrop HTTPS-Everywhere update channel
Bug 40478: Onion alias url rewrite is broken
---
 browser/actors/ClickHandlerChild.jsm   |  20 ++
 browser/actors/ClickHandlerParent.jsm  |   1 +
 browser/actors/ContextMenuChild.jsm|   4 +
 browser/base/content/browser-places.js |  12 +-
 browser/base/content/browser-siteIdentity.js   |  12 +-
 browser/base/content/browser.js|  43 -
 browser/base/content/nsContextMenu.js  |  18 ++
 browser/base/content/pageinfo/pageInfo.js  |   2 +-
 browser/base/content/pageinfo/pageInfo.xhtml   |  10 +
 browser/base/content/pageinfo/security.js  |  17 +-
 browser/base/content/tabbrowser.js |   7 +
 browser/base/content/utilityOverlay.js |  12 ++
 browser/components/BrowserGlue.jsm |   8 +
 .../onionservices/ExtensionMessaging.jsm   |  86 +
 .../onionservices/HttpsEverywhereControl.jsm   | 147 +++
 .../components/onionservices/OnionAliasStore.jsm   | 201 +
 browser/components/onionservices/moz.build |   6 +
 browser/components/urlbar/UrlbarInput.jsm  |  13 +-
 docshell/base/nsDocShell.cpp   |  52 ++
 docshell/base/nsDocShell.h |   6 +
 docshell/base/nsDocShellLoadState.cpp  |   4 +
 docshell/base/nsIDocShell.idl  |   5 +
 docshell/base/nsIWebNavigation.idl |   5 +
 docshell/shistory/SessionHistoryEntry.cpp  |  14 ++
 docshell/shistory/SessionHistoryEntry.h|   1 +
 docshell/shistory/nsISHEntry.idl   |   5 +
 docshell/shistory/nsSHEntry.cpp|  22 ++-
 docshell/shistory/nsSHEntry.h  |   1 +
 dom/interfaces/base/nsIBrowser.idl |   3 +-
 dom/ipc/BrowserChild.cpp   |   2 +
 dom/ipc/BrowserParent.cpp  |   3 +-
 dom/ipc/PBrowser.ipdl  |   1 +
 modules/libpref/init/StaticPrefList.yaml   |   6 +
 netwerk/dns/effective_tld_names.dat|   2 +
 netwerk/ipc/DocumentLoadListener.cpp   |  10 +
 toolkit/content/widgets/browser-custom-element.js  |  13 +-
 toolkit/modules/sessionstore/SessionHistory.jsm|   5 +
 37 files changed, 757 insertions(+), 22 deletions(-)

diff --git a/browser/actors/ClickHandlerChild.jsm 
b/browser/actors/ClickHandlerChild.jsm
index 7dd060e83061..206a8fc97a4d 100644
--- a/browser/actors/ClickHandlerChild.jsm
+++ b/browser/actors/ClickHandlerChild.jsm
@@ -138,6 +138,26 @@ class ClickHandlerChild extends JSWindowActorChild {
   json.originStoragePrincipal = ownerDoc.effectiveStoragePrincipal;
   json.triggeringPrincipal = ownerDoc.nodePrincipal;
 
+  // Check if the link needs to be opened with .tor.onion urlbar rewrites
+  // allowed. Only when the owner doc has onionUrlbarRewritesAllowed = true
+  // and the same origin we should allow this.
+  json.onionUrlbarRewritesAllowed = false;
+  if (this.docShell.onionUrlbarRewritesAllowed) {
+const sm = Services.scriptSecurityManager;
+try {
+  let targetURI = Services.io.newURI(href);
+  let isPrivateWin =
+ownerDoc.nodePrincipal.originAttributes.privateBrowsingId > 0;
+  sm.checkSameOriginURI(
+docshell.currentDocumentChannel.URI,
+targetURI,
+false,
+isPrivateWin
+  );
+  json.onionUrlbarRewritesAllowed = true;
+} catch (e) {}
+  }
+
   // If a link element is clicked with middle button, user wants to open
   // the link somewhere rather than pasting clipboard content.  Therefore,
   // when it's clicked with middle button, we should prevent multiple
diff --git a/browser/actors/ClickHandlerParent.jsm 
b/browser/actors/ClickHandlerParent.jsm
index 454c0fe69b27..42ab7a0f6e2a 100644
--- a/browser/actors/ClickHandlerParent.jsm
+++ b/browser/actors/ClickHandlerParent.jsm
@@ -102,6 +102,7 @@ class ClickHandlerParent extends JSWindowActorParent {
   charset: browser.characterSet,
   referrerInfo: E10SUtils.deserializeReferrerInfo(data.referrerInfo),
   allowMixedContent: data.allowMixedContent,
+  onionUrlbarRewritesAllowed: 

[tor-commits] [tor-browser/tor-browser-78.14.0esr-10.5-1] Bug 25741 - TBA: Disable GeckoNetworkManager

[sysrqb]

commit 2aaa22b982e946257b7f4610719403bb7b591629
Author: Matthew Finkel 
Date:   Thu Apr 26 22:22:51 2018 +

Bug 25741 - TBA: Disable GeckoNetworkManager

The browser should not need information related to the network
interface or network state, tor should take care of that.
---
 .../src/main/java/org/mozilla/geckoview/GeckoRuntime.java | 8 ++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git 
a/mobile/android/geckoview/src/main/java/org/mozilla/geckoview/GeckoRuntime.java
 
b/mobile/android/geckoview/src/main/java/org/mozilla/geckoview/GeckoRuntime.java
index ed86dcc5c299..f5587dd7e59c 100644
--- 
a/mobile/android/geckoview/src/main/java/org/mozilla/geckoview/GeckoRuntime.java
+++ 
b/mobile/android/geckoview/src/main/java/org/mozilla/geckoview/GeckoRuntime.java
@@ -121,7 +121,9 @@ public final class GeckoRuntime implements Parcelable {
 mPaused = false;
 // Monitor network status and send change notifications to Gecko
 // while active.
-
GeckoNetworkManager.getInstance().start(GeckoAppShell.getApplicationContext());
+if (BuildConfig.TOR_BROWSER_VERSION == "") {
+
GeckoNetworkManager.getInstance().start(GeckoAppShell.getApplicationContext());
+}
 }
 
 @OnLifecycleEvent(Lifecycle.Event.ON_PAUSE)
@@ -129,7 +131,9 @@ public final class GeckoRuntime implements Parcelable {
 Log.d(LOGTAG, "Lifecycle: onPause");
 mPaused = true;
 // Stop monitoring network status while inactive.
-GeckoNetworkManager.getInstance().stop();
+if (BuildConfig.TOR_BROWSER_VERSION == "") {
+GeckoNetworkManager.getInstance().stop();
+}
 GeckoThread.onPause();
 }
 }



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor-browser/tor-browser-78.14.0esr-10.5-1] Bug 28125 - Prevent non-Necko network connections

[sysrqb]

commit 283916a9d8748bb2cfb768ec0037e9f9c606a4a9
Author: Matthew Finkel 
Date:   Thu Oct 25 19:17:09 2018 +

Bug 28125 - Prevent non-Necko network connections
---
 .../gecko/media/GeckoMediaDrmBridgeV21.java| 49 +-
 .../exoplayer2/upstream/DefaultHttpDataSource.java | 47 +
 2 files changed, 3 insertions(+), 93 deletions(-)

diff --git 
a/mobile/android/geckoview/src/main/java/org/mozilla/gecko/media/GeckoMediaDrmBridgeV21.java
 
b/mobile/android/geckoview/src/main/java/org/mozilla/gecko/media/GeckoMediaDrmBridgeV21.java
index 3ba59bfd6776..eb57b1013642 100644
--- 
a/mobile/android/geckoview/src/main/java/org/mozilla/gecko/media/GeckoMediaDrmBridgeV21.java
+++ 
b/mobile/android/geckoview/src/main/java/org/mozilla/gecko/media/GeckoMediaDrmBridgeV21.java
@@ -488,54 +488,7 @@ public class GeckoMediaDrmBridgeV21 implements 
GeckoMediaDrm {
 
 @Override
 protected Void doInBackground(final Void... params) {
-HttpURLConnection urlConnection = null;
-BufferedReader in = null;
-try {
-URI finalURI = new URI(mURL + "=" + 
URLEncoder.encode(new String(mDrmRequest), "UTF-8"));
-urlConnection = (HttpURLConnection) 
ProxySelector.openConnectionWithProxy(finalURI);
-urlConnection.setRequestMethod("POST");
-if (DEBUG) Log.d(LOGTAG, "Provisioning, posting url =" + 
finalURI.toString());
-
-// Add data
-urlConnection.setRequestProperty("Accept", "*/*");
-urlConnection.setRequestProperty("User-Agent", 
getCDMUserAgent());
-urlConnection.setRequestProperty("Content-Type", 
"application/json");
-
-// Execute HTTP Post Request
-urlConnection.connect();
-
-int responseCode = urlConnection.getResponseCode();
-if (responseCode == HttpURLConnection.HTTP_OK) {
-in = new BufferedReader(new 
InputStreamReader(urlConnection.getInputStream(), StringUtils.UTF_8));
-String inputLine;
-StringBuffer response = new StringBuffer();
-
-while ((inputLine = in.readLine()) != null) {
-response.append(inputLine);
-}
-in.close();
-mResponseBody = 
String.valueOf(response).getBytes(StringUtils.UTF_8);
-if (DEBUG) Log.d(LOGTAG, "Provisioning, response 
received.");
-if (mResponseBody != null) Log.d(LOGTAG, "response 
length=" + mResponseBody.length);
-} else {
-Log.d(LOGTAG, "Provisioning, server returned HTTP error 
code :" + responseCode);
-}
-} catch (IOException e) {
-Log.e(LOGTAG, "Got exception during posting provisioning 
request ...", e);
-} catch (URISyntaxException e) {
-Log.e(LOGTAG, "Got exception during creating uri ...", e);
-} finally {
-if (urlConnection != null) {
-urlConnection.disconnect();
-}
-try {
-if (in != null) {
-in.close();
-}
-} catch (IOException e) {
-Log.e(LOGTAG, "Exception during closing in ...", e);
-}
-}
+Log.i(LOGTAG, "This is Tor Browser. Skipping.");
 return null;
 }
 
diff --git 
a/mobile/android/geckoview/src/thirdparty/java/org/mozilla/thirdparty/com/google/android/exoplayer2/upstream/DefaultHttpDataSource.java
 
b/mobile/android/geckoview/src/thirdparty/java/org/mozilla/thirdparty/com/google/android/exoplayer2/upstream/DefaultHttpDataSource.java
index fdb44cc2ea1f..7a2044721d2d 100644
--- 
a/mobile/android/geckoview/src/thirdparty/java/org/mozilla/thirdparty/com/google/android/exoplayer2/upstream/DefaultHttpDataSource.java
+++ 
b/mobile/android/geckoview/src/thirdparty/java/org/mozilla/thirdparty/com/google/android/exoplayer2/upstream/DefaultHttpDataSource.java
@@ -395,51 +395,8 @@ public class DefaultHttpDataSource implements 
HttpDataSource {
*/
   private HttpURLConnection makeConnection(URL url, byte[] postBody, long 
position,
   long length, boolean allowGzip, boolean followRedirects) throws 
IOException, URISyntaxException {
-/**
- * Tor Project modified the way the connection object was created. For the 
sake of
- * simplicity, instead of duplicating the whole file we changed the 
connection object
- * to use the ProxySelector.
- */
-HttpURLConnection connection = (HttpURLConnection) 
ProxySelector.openConnectionWithProxy(url.toURI());
-
-connection.setConnectTimeout(connectTimeoutMillis);
-connection.setReadTimeout(readTimeoutMillis);
-if (defaultRequestProperties != null) {
-  for (Map.Entry property : 

[tor-commits] [tor-browser/tor-browser-78.14.0esr-10.5-1] Bug 32220: Improve the letterboxing experience

[sysrqb]

commit bb58ca92fee2afefe496b22a4659fe8cb8963615
Author: Richard Pospesel 
Date:   Mon Oct 28 17:42:17 2019 -0700

Bug 32220: Improve the letterboxing experience

CSS and JS changes to alter the UX surrounding letterboxing. The
browser element containing page content is now anchored to the bottom
of the toolbar, and the remaining letterbox margin is the same color
as the firefox chrome. The letterbox margin and border are tied to
the currently selected theme.

Also adds a 'needsLetterbox' property to tabbrowser.xml to fix a race
condition present when using the 'isEmpty' property. Using 'isEmpty'
as a proxy for 'needsLetterbox' resulted in over-zealous/unnecessary
letterboxing of about:blank tabs.
---
 browser/base/content/browser.css   |  8 ++
 browser/base/content/tabbrowser-tab.js |  9 +++
 browser/themes/shared/tabs.inc.css |  6 ++
 .../components/resistfingerprinting/RFPHelper.jsm  | 94 +++---
 4 files changed, 105 insertions(+), 12 deletions(-)

diff --git a/browser/base/content/browser.css b/browser/base/content/browser.css
index 808c03e88223..a0b1bf4a8951 100644
--- a/browser/base/content/browser.css
+++ b/browser/base/content/browser.css
@@ -85,6 +85,14 @@ body {
   display: none;
 }
 
+
+.browserStack > browser.letterboxing {
+  border-color: var(--chrome-content-separator-color);
+  border-style: solid;
+  border-width : 1px;
+  border-top: none;
+}
+
 %ifdef MENUBAR_CAN_AUTOHIDE
 #toolbar-menubar[autohide="true"] {
   overflow: hidden;
diff --git a/browser/base/content/tabbrowser-tab.js 
b/browser/base/content/tabbrowser-tab.js
index 183eff1bab86..7f376ab1d122 100644
--- a/browser/base/content/tabbrowser-tab.js
+++ b/browser/base/content/tabbrowser-tab.js
@@ -225,6 +225,15 @@
   return true;
 }
 
+get needsLetterbox() {
+  let browser = this.linkedBrowser;
+  if (isBlankPageURL(browser.currentURI.spec)) {
+return false;
+  }
+
+  return true;
+}
+
 get lastAccessed() {
   return this._lastAccessed == Infinity ? Date.now() : this._lastAccessed;
 }
diff --git a/browser/themes/shared/tabs.inc.css 
b/browser/themes/shared/tabs.inc.css
index b47842af766c..019da6ecf76f 100644
--- a/browser/themes/shared/tabs.inc.css
+++ b/browser/themes/shared/tabs.inc.css
@@ -33,6 +33,12 @@
   background-color: #f9f9fa;
 }
 
+/* extend down the toolbar's colors when letterboxing is enabled*/
+#tabbrowser-tabpanels.letterboxing {
+  background-color: var(--toolbar-bgcolor);
+  background-image: var(--toolbar-bgimage);
+}
+
 :root[privatebrowsingmode=temporary] #tabbrowser-tabpanels {
   /* Value for --in-content-page-background in aboutPrivateBrowsing.css */
   background-color: #25003e;
diff --git a/toolkit/components/resistfingerprinting/RFPHelper.jsm 
b/toolkit/components/resistfingerprinting/RFPHelper.jsm
index 49010d1c8cb1..b906a067fd63 100644
--- a/toolkit/components/resistfingerprinting/RFPHelper.jsm
+++ b/toolkit/components/resistfingerprinting/RFPHelper.jsm
@@ -40,6 +40,7 @@ class _RFPHelper {
   // 

   constructor() {
 this._initialized = false;
+this._borderDimensions = null;
   }
 
   init() {
@@ -361,6 +362,24 @@ class _RFPHelper {
 });
   }
 
+  getBorderDimensions(aBrowser) {
+if (this._borderDimensions) {
+  return this._borderDimensions;
+}
+
+const win = aBrowser.ownerGlobal;
+const browserStyle = win.getComputedStyle(aBrowser);
+
+this._borderDimensions = {
+  top : parseInt(browserStyle.borderTopWidth),
+  right: parseInt(browserStyle.borderRightWidth),
+  bottom : parseInt(browserStyle.borderBottomWidth),
+  left : parseInt(browserStyle.borderLeftWidth),
+};
+
+return this._borderDimensions;
+  }
+
   _addOrClearContentMargin(aBrowser) {
 let tab = aBrowser.getTabBrowser().getTabForBrowser(aBrowser);
 
@@ -369,9 +388,13 @@ class _RFPHelper {
   return;
 }
 
+// we add the letterboxing class even if the content does not need 
letterboxing
+// in which case margins are set such that the borders are hidden
+aBrowser.classList.add("letterboxing");
+
 // We should apply no margin around an empty tab or a tab with system
 // principal.
-if (tab.isEmpty || aBrowser.contentPrincipal.isSystemPrincipal) {
+if (!tab.needsLetterbox || aBrowser.contentPrincipal.isSystemPrincipal) {
   this._clearContentViewMargin(aBrowser);
 } else {
   this._roundContentView(aBrowser);
@@ -539,10 +562,29 @@ class _RFPHelper {
 // Calculating the margins around the browser element in order to round the
 // content viewport. We will use a 200x100 stepping if the dimension set
 // is not given.
-let margins = calcMargins(containerWidth, containerHeight);
+
+const borderDimensions = this.getBorderDimensions(aBrowser);
+const marginDims = 

[tor-commits] [tor-browser/tor-browser-78.14.0esr-10.5-1] Bug 32658: Create a new MAR signing key

[sysrqb]

commit 0216e2b381993f07bc974376addab33800d9eee6
Author: Georg Koppen 
Date:   Fri Jan 17 12:54:31 2020 +

Bug 32658: Create a new MAR signing key

It's time for our rotation again: Move the backup key in the front
position and add a new backup key.

squash! Bug 32658: Create a new MAR signing key

Bug 33803: Move our primary nightly MAR signing key to tor-browser

Bug 33803: Add a secondary nightly MAR signing key
---
 .../update/updater/nightly_aurora_level3_primary.der  | Bin 1225 -> 1245 bytes
 .../updater/nightly_aurora_level3_secondary.der   | Bin 1225 -> 1245 bytes
 toolkit/mozapps/update/updater/release_primary.der| Bin 1225 -> 1229 bytes
 toolkit/mozapps/update/updater/release_secondary.der  | Bin 1225 -> 1229 bytes
 4 files changed, 0 insertions(+), 0 deletions(-)

diff --git a/toolkit/mozapps/update/updater/nightly_aurora_level3_primary.der 
b/toolkit/mozapps/update/updater/nightly_aurora_level3_primary.der
index 44fd95dcff89..d579cf801e1a 100644
Binary files a/toolkit/mozapps/update/updater/nightly_aurora_level3_primary.der 
and b/toolkit/mozapps/update/updater/nightly_aurora_level3_primary.der differ
diff --git a/toolkit/mozapps/update/updater/nightly_aurora_level3_secondary.der 
b/toolkit/mozapps/update/updater/nightly_aurora_level3_secondary.der
index 90f8e6e82c63..7cbfa77d06e7 100644
Binary files 
a/toolkit/mozapps/update/updater/nightly_aurora_level3_secondary.der and 
b/toolkit/mozapps/update/updater/nightly_aurora_level3_secondary.der differ
diff --git a/toolkit/mozapps/update/updater/release_primary.der 
b/toolkit/mozapps/update/updater/release_primary.der
index 1d94f88ad73b..0103a171de88 100644
Binary files a/toolkit/mozapps/update/updater/release_primary.der and 
b/toolkit/mozapps/update/updater/release_primary.der differ
diff --git a/toolkit/mozapps/update/updater/release_secondary.der 
b/toolkit/mozapps/update/updater/release_secondary.der
index 474706c4b73c..fcee3944e9b7 100644
Binary files a/toolkit/mozapps/update/updater/release_secondary.der and 
b/toolkit/mozapps/update/updater/release_secondary.der differ



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor-browser/tor-browser-78.14.0esr-10.5-1] Bug 30237: Add v3 onion services client authentication prompt

[sysrqb]

commit 90a2590c922690d41e8b79040ccf52487523a10d
Author: Kathy Brade 
Date:   Tue Nov 12 16:11:05 2019 -0500

Bug 30237: Add v3 onion services client authentication prompt

When Tor informs the browser that client authentication is needed,
temporarily load about:blank instead of about:neterror and prompt
for the user's key.

If a correctly formatted key is entered, use Tor's ONION_CLIENT_AUTH_ADD
control port command to add the key (via Torbutton's control port
module) and reload the page.

If the user cancels the prompt, display the standard about:neterror
"Unable to connect" page. This requires a small change to
browser/actors/NetErrorChild.jsm to account for the fact that the
docShell no longer has the failedChannel information. The failedChannel
is used to extract TLS-related error info, which is not applicable
in the case of a canceled .onion authentication prompt.

Add a leaveOpen option to PopupNotifications.show so we can display
error messages within the popup notification doorhanger without
closing the prompt.

Add support for onion services strings to the TorStrings module.

Add support for Tor extended SOCKS errors (Tor proposal 304) to the
socket transport and SOCKS layers. Improved display of all of these
errors will be implemented as part of bug 30025.

Also fixes bug 19757:
 Add a "Remember this key" checkbox to the client auth prompt.

 Add an "Onion Services Authentication" section within the
 about:preferences "Privacy & Security section" to allow
 viewing and removal of v3 onion client auth keys that have
 been stored on disk.

Also fixes bug 19251: use enhanced error pages for onion service errors.
---
 browser/actors/NetErrorChild.jsm   |   7 +
 browser/base/content/aboutNetError.js  |  10 +-
 browser/base/content/aboutNetError.xhtml   |   1 +
 browser/base/content/browser.js|  10 +
 browser/base/content/browser.xhtml |   3 +
 browser/base/content/tab-content.js|   5 +
 browser/components/moz.build   |   1 +
 .../content/authNotificationIcon.inc.xhtml |   6 +
 .../onionservices/content/authPopup.inc.xhtml  |  16 ++
 .../onionservices/content/authPreferences.css  |  20 ++
 .../content/authPreferences.inc.xhtml  |  19 ++
 .../onionservices/content/authPreferences.js   |  66 +
 .../components/onionservices/content/authPrompt.js | 316 +
 .../components/onionservices/content/authUtil.jsm  |  47 +++
 .../onionservices/content/netError/browser.svg |   3 +
 .../onionservices/content/netError/network.svg |   3 +
 .../content/netError/onionNetError.css |  65 +
 .../content/netError/onionNetError.js  | 244 
 .../onionservices/content/netError/onionsite.svg   |   7 +
 .../onionservices/content/onionservices.css|  69 +
 .../onionservices/content/savedKeysDialog.js   | 259 +
 .../onionservices/content/savedKeysDialog.xhtml|  42 +++
 browser/components/onionservices/jar.mn|   9 +
 browser/components/onionservices/moz.build |   1 +
 browser/components/preferences/preferences.xhtml   |   1 +
 browser/components/preferences/privacy.inc.xhtml   |   2 +
 browser/components/preferences/privacy.js  |   7 +
 browser/themes/shared/notification-icons.inc.css   |   3 +
 docshell/base/nsDocShell.cpp   |  81 +-
 dom/ipc/BrowserParent.cpp  |  21 ++
 dom/ipc/BrowserParent.h|   3 +
 dom/ipc/PBrowser.ipdl  |   9 +
 js/xpconnect/src/xpc.msg   |  10 +
 netwerk/base/nsSocketTransport2.cpp|   6 +
 netwerk/socket/nsSOCKSIOLayer.cpp  |  49 
 toolkit/modules/PopupNotifications.jsm |   6 +
 toolkit/modules/RemotePageAccessManager.jsm|   1 +
 .../lib/environments/frame-script.js   |   1 +
 xpcom/base/ErrorList.py|  22 ++
 39 files changed, 1449 insertions(+), 2 deletions(-)

diff --git a/browser/actors/NetErrorChild.jsm b/browser/actors/NetErrorChild.jsm
index af9d6bd46128..de66e9eeda18 100644
--- a/browser/actors/NetErrorChild.jsm
+++ b/browser/actors/NetErrorChild.jsm
@@ -13,6 +13,8 @@ const { RemotePageChild } = ChromeUtils.import(
   "resource://gre/actors/RemotePageChild.jsm"
 );
 
+const { TorStrings } = 
ChromeUtils.import("resource:///modules/TorStrings.jsm");
+
 XPCOMUtils.defineLazyServiceGetter(
   this,
   "gSerializationHelper",
@@ -29,6 +31,7 @@ class NetErrorChild extends RemotePageChild {
   "RPMPrefIsLocked",
   "RPMAddToHistogram",
   "RPMRecordTelemetryEvent",
+  "RPMGetTorStrings",
 ];
 this.exportFunctions(exportableFunctions);
   }
@@ -82,4 

[tor-commits] [tor-browser/tor-browser-78.14.0esr-10.5-1] Orfox: Centralized proxy applied to AbstractCommunicator and BaseResources.

[sysrqb]

commit a9572dfee5e413228daf01e0525a899482d12455
Author: Amogh Pradeep 
Date:   Fri Jun 12 02:07:45 2015 -0400

Orfox: Centralized proxy applied to AbstractCommunicator and BaseResources.

See Bug 1357997 for partial uplift.

Also:
Bug 28051 - Use our Orbot for proxying our connections

Bug 31144 - ESR68 Network Code Review
---
 .../main/java/org/mozilla/gecko/GeckoAppShell.java | 68 +++---
 .../java/org/mozilla/gecko/util/BitmapUtils.java   |  7 ---
 .../java/org/mozilla/gecko/util/ProxySelector.java | 25 +++-
 3 files changed, 59 insertions(+), 41 deletions(-)

diff --git 
a/mobile/android/geckoview/src/main/java/org/mozilla/gecko/GeckoAppShell.java 
b/mobile/android/geckoview/src/main/java/org/mozilla/gecko/GeckoAppShell.java
index 995b23316c32..b9ca73bee2eb 100644
--- 
a/mobile/android/geckoview/src/main/java/org/mozilla/gecko/GeckoAppShell.java
+++ 
b/mobile/android/geckoview/src/main/java/org/mozilla/gecko/GeckoAppShell.java
@@ -1764,39 +1764,41 @@ public class GeckoAppShell {
 
 @WrapForJNI
 private static URLConnection getConnection(final String url) {
-try {
-String spec;
-if (url.startsWith("android://")) {
-spec = url.substring(10);
-} else {
-spec = url.substring(8);
-}
-
-// Check if we are loading a package icon.
-try {
-if (spec.startsWith("icon/")) {
-String[] splits = spec.split("/");
-if (splits.length != 2) {
-return null;
-}
-final String pkg = splits[1];
-final PackageManager pm = 
getApplicationContext().getPackageManager();
-final Drawable d = pm.getApplicationIcon(pkg);
-final Bitmap bitmap = BitmapUtils.getBitmapFromDrawable(d);
-return new BitmapConnection(bitmap);
-}
-} catch (Exception ex) {
-Log.e(LOGTAG, "error", ex);
-}
-
-// if the colon got stripped, put it back
-int colon = spec.indexOf(':');
-if (colon == -1 || colon > spec.indexOf('/')) {
-spec = spec.replaceFirst("/", ":/");
-}
-} catch (Exception ex) {
-return null;
-}
+// Bug 31144 - Prevent potential proxy-bypass
+
+//try {
+//String spec;
+//if (url.startsWith("android://")) {
+//spec = url.substring(10);
+//} else {
+//spec = url.substring(8);
+//}
+
+//// Check if we are loading a package icon.
+//try {
+//if (spec.startsWith("icon/")) {
+//String[] splits = spec.split("/");
+//if (splits.length != 2) {
+//return null;
+//}
+//final String pkg = splits[1];
+//final PackageManager pm = 
getApplicationContext().getPackageManager();
+//final Drawable d = pm.getApplicationIcon(pkg);
+//final Bitmap bitmap = 
BitmapUtils.getBitmapFromDrawable(d);
+//return new BitmapConnection(bitmap);
+//}
+//} catch (Exception ex) {
+//Log.e(LOGTAG, "error", ex);
+//}
+
+//// if the colon got stripped, put it back
+//int colon = spec.indexOf(':');
+//if (colon == -1 || colon > spec.indexOf('/')) {
+//spec = spec.replaceFirst("/", ":/");
+//}
+//} catch (Exception ex) {
+//return null;
+//}
 return null;
 }
 
diff --git 
a/mobile/android/geckoview/src/main/java/org/mozilla/gecko/util/BitmapUtils.java
 
b/mobile/android/geckoview/src/main/java/org/mozilla/gecko/util/BitmapUtils.java
index 73a69a3abd66..f795dacffb47 100644
--- 
a/mobile/android/geckoview/src/main/java/org/mozilla/gecko/util/BitmapUtils.java
+++ 
b/mobile/android/geckoview/src/main/java/org/mozilla/gecko/util/BitmapUtils.java
@@ -101,13 +101,6 @@ public final class BitmapUtils {
 public static Bitmap decodeUrl(final URL url) {
 InputStream stream = null;
 
-try {
-stream = url.openStream();
-} catch (IOException e) {
-Log.w(LOGTAG, "decodeUrl: IOException downloading " + url);
-return null;
-}
-
 if (stream == null) {
 Log.w(LOGTAG, "decodeUrl: stream not found downloading " + url);
 return null;
diff --git 
a/mobile/android/geckoview/src/main/java/org/mozilla/gecko/util/ProxySelector.java
 
b/mobile/android/geckoview/src/main/java/org/mozilla/gecko/util/ProxySelector.java
index 3940d3c84249..9515975f680a 100644
--- 

[tor-commits] [tor-browser/tor-browser-78.14.0esr-10.5-1] Bug 24796 - Comment out excess permissions from GeckoView

[sysrqb]

commit b727578f73568916c3b0a7e3b8b9de91f141ebe0
Author: Matthew Finkel 
Date:   Wed Apr 11 17:52:59 2018 +

Bug 24796 - Comment out excess permissions from GeckoView

The GeckoView AndroidManifest.xml is not preprocessed unlike Fennec's
manifest, so we can't use the ifdef preprocessor guards around the
permissions we do not want. Commenting the permissions is the
next-best-thing.
---
 .../android/geckoview/src/main/AndroidManifest.xml   | 20 +---
 1 file changed, 17 insertions(+), 3 deletions(-)

diff --git a/mobile/android/geckoview/src/main/AndroidManifest.xml 
b/mobile/android/geckoview/src/main/AndroidManifest.xml
index 87ad6dc28047..4c8ab2a9d996 100644
--- a/mobile/android/geckoview/src/main/AndroidManifest.xml
+++ b/mobile/android/geckoview/src/main/AndroidManifest.xml
@@ -6,20 +6,32 @@
 http://schemas.android.com/apk/res/android;
   package="org.mozilla.geckoview">
 
+
+
+
 
 
 
 
+
+
+
 
+
+
+
+
 
 
 https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor-browser/tor-browser-78.14.0esr-10.5-1] Bug 27604: Fix addon issues when moving TB directory

[sysrqb]

commit e5346f100f67c9929072df59be2e9211ea8d2912
Author: Alex Catarineu 
Date:   Wed Oct 30 10:44:48 2019 +0100

Bug 27604: Fix addon issues when moving TB directory
---
 toolkit/mozapps/extensions/internal/XPIProvider.jsm | 8 ++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/toolkit/mozapps/extensions/internal/XPIProvider.jsm 
b/toolkit/mozapps/extensions/internal/XPIProvider.jsm
index bf31932b59f1..5e467fb4f14c 100644
--- a/toolkit/mozapps/extensions/internal/XPIProvider.jsm
+++ b/toolkit/mozapps/extensions/internal/XPIProvider.jsm
@@ -485,7 +485,7 @@ class XPIState {
 
 // Builds prior to be 1512436 did not include the rootURI property.
 // If we're updating from such a build, add that property now.
-if (!("rootURI" in this) && this.file) {
+if (this.file) {
   this.rootURI = getURIForResourceInFile(this.file, "").spec;
 }
 
@@ -498,7 +498,10 @@ class XPIState {
   saved.currentModifiedTime != this.lastModifiedTime
 ) {
   this.lastModifiedTime = saved.currentModifiedTime;
-} else if (saved.currentModifiedTime === null) {
+} else if (
+  saved.currentModifiedTime === null &&
+  (!this.file || !this.file.exists())
+) {
   this.missing = true;
 }
   }
@@ -1439,6 +1442,7 @@ var XPIStates = {
 
   if (oldState[loc.name]) {
 loc.restore(oldState[loc.name]);
+changed = changed || loc.path != oldState[loc.name].path;
   }
   changed = changed || loc.changed;
 



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor-browser/tor-browser-78.14.0esr-10.5-1] Bug 31740: Remove some unnecessary RemoteSettings instances

[sysrqb]

commit 4d196c039f612939068828ce11dcc631d00c30de
Author: Alex Catarineu 
Date:   Wed Oct 16 23:01:12 2019 +0200

Bug 31740: Remove some unnecessary RemoteSettings instances

More concretely, SearchService.jsm 'hijack-blocklists' and
url-classifier-skip-urls.

Avoid creating instance for 'anti-tracking-url-decoration'.

If prefs are disabling their usage, avoid creating instances for
'cert-revocations' and 'intermediates'.

Do not ship JSON dumps for collections we do not expect to need. For
the ones in the 'main' bucket, this prevents them from being synced
unnecessarily (the code in remote-settings does so for collections
in the main bucket for which a dump or local data exists). For the
collections in the other buckets, we just save some size by not
shipping their dumps.

We also clear the collections database on the v2 -> v3 migration.
---
 .../url-classifier/UrlClassifierFeatureBase.cpp|  2 +-
 netwerk/url-classifier/components.conf |  6 --
 security/manager/ssl/RemoteSecuritySettings.jsm| 22 ++
 services/settings/IDBHelpers.jsm   |  4 
 services/settings/dumps/blocklists/moz.build   |  1 -
 services/settings/dumps/main/moz.build |  5 -
 services/settings/dumps/security-state/moz.build   |  1 -
 .../components/antitracking/antitracking.manifest  |  2 +-
 toolkit/components/antitracking/components.conf|  7 ---
 toolkit/components/search/SearchService.jsm|  2 --
 10 files changed, 28 insertions(+), 24 deletions(-)

diff --git a/netwerk/url-classifier/UrlClassifierFeatureBase.cpp 
b/netwerk/url-classifier/UrlClassifierFeatureBase.cpp
index 9bc7fc5d6e9a..3fb3b74a4f08 100644
--- a/netwerk/url-classifier/UrlClassifierFeatureBase.cpp
+++ b/netwerk/url-classifier/UrlClassifierFeatureBase.cpp
@@ -76,7 +76,7 @@ void UrlClassifierFeatureBase::InitializePreferences() {
 
   nsCOMPtr skipListService =
   do_GetService("@mozilla.org/url-classifier/skip-list-service;1");
-  if (NS_WARN_IF(!skipListService)) {
+  if (!skipListService) {
 return;
   }
 
diff --git a/netwerk/url-classifier/components.conf 
b/netwerk/url-classifier/components.conf
index 7f49d94b6488..b2e667247317 100644
--- a/netwerk/url-classifier/components.conf
+++ b/netwerk/url-classifier/components.conf
@@ -13,10 +13,4 @@ Classes = [
 'constructor': 'mozilla::net::ChannelClassifierService::GetSingleton',
 'headers': ['mozilla/net/ChannelClassifierService.h'],
 },
-{
-'cid': '{b9f4fd03-9d87-4bfd-9958-85a821750ddc}',
-'contract_ids': ['@mozilla.org/url-classifier/skip-list-service;1'],
-'jsm': 'resource://gre/modules/UrlClassifierSkipListService.jsm',
-'constructor': 'UrlClassifierSkipListService',
-},
 ]
diff --git a/security/manager/ssl/RemoteSecuritySettings.jsm 
b/security/manager/ssl/RemoteSecuritySettings.jsm
index 199eeb5b58e1..96d6a7a2de48 100644
--- a/security/manager/ssl/RemoteSecuritySettings.jsm
+++ b/security/manager/ssl/RemoteSecuritySettings.jsm
@@ -350,6 +350,16 @@ var RemoteSecuritySettings = {
 
 class IntermediatePreloads {
   constructor() {
+this.maybeInit();
+  }
+
+  maybeInit() {
+if (
+  this.client ||
+  !Services.prefs.getBoolPref(INTERMEDIATES_ENABLED_PREF, true)
+) {
+  return;
+}
 this.client = RemoteSettings(
   Services.prefs.getCharPref(INTERMEDIATES_COLLECTION_PREF),
   {
@@ -379,6 +389,7 @@ class IntermediatePreloads {
   );
   return;
 }
+this.maybeInit();
 
 // Download attachments that are awaiting download, up to a max.
 const maxDownloadsPerRun = Services.prefs.getIntPref(
@@ -704,6 +715,16 @@ function compareFilters(filterA, filterB) {
 
 class CRLiteFilters {
   constructor() {
+this.maybeInit();
+  }
+
+  maybeInit() {
+if (
+  this.client ||
+  !Services.prefs.getBoolPref(CRLITE_FILTERS_ENABLED_PREF, true)
+) {
+  return;
+}
 this.client = RemoteSettings(
   Services.prefs.getCharPref(CRLITE_FILTERS_COLLECTION_PREF),
   {
@@ -729,6 +750,7 @@ class CRLiteFilters {
   );
   return;
 }
+this.maybeInit();
 let current = await this.client.db.list();
 let fullFilters = current.filter(filter => !filter.incremental);
 if (fullFilters.length < 1) {
diff --git a/services/settings/IDBHelpers.jsm b/services/settings/IDBHelpers.jsm
index 5dc59c3687ef..010a5ea82987 100644
--- a/services/settings/IDBHelpers.jsm
+++ b/services/settings/IDBHelpers.jsm
@@ -188,6 +188,10 @@ async function openIDB(allowUpgrades = true) {
 });
   }
   if (event.oldVersion < 3) {
+// Clear existing stores for a fresh start
+transaction.objectStore("records").clear();
+transaction.objectStore("timestamps").clear();
+transaction.objectStore("collections").clear();
 // Attachment store
 db.createObjectStore("attachments", 

[tor-commits] [tor-browser/tor-browser-78.14.0esr-10.5-1] Bug 26345: Hide tracking protection UI

[sysrqb]

commit 83ec1a0a497dfa279a22ab53749d455bfc4a3842
Author: Alex Catarineu 
Date:   Tue Sep 10 16:29:31 2019 +0200

Bug 26345: Hide tracking protection UI
---
 browser/base/content/browser-siteIdentity.js| 4 ++--
 browser/components/about/AboutRedirector.cpp| 4 
 browser/components/about/components.conf| 1 -
 browser/components/customizableui/content/panelUI.inc.xhtml | 4 ++--
 browser/components/moz.build| 1 -
 browser/themes/shared/preferences/privacy.css   | 4 
 6 files changed, 8 insertions(+), 10 deletions(-)

diff --git a/browser/base/content/browser-siteIdentity.js 
b/browser/base/content/browser-siteIdentity.js
index 71b12374758d..b7fa432d9478 100644
--- a/browser/base/content/browser-siteIdentity.js
+++ b/browser/base/content/browser-siteIdentity.js
@@ -837,10 +837,10 @@ var gIdentityHandler = {
 
 this._refreshPermissionIcons();
 
-// Hide the shield icon if it is a chrome page.
+// Bug 26345: Hide tracking protection UI.
 gProtectionsHandler._trackingProtectionIconContainer.classList.toggle(
   "chromeUI",
-  this._isSecureInternalUI
+  true
 );
   },
 
diff --git a/browser/components/about/AboutRedirector.cpp 
b/browser/components/about/AboutRedirector.cpp
index 933d519bd959..544e21782729 100644
--- a/browser/components/about/AboutRedirector.cpp
+++ b/browser/components/about/AboutRedirector.cpp
@@ -114,10 +114,6 @@ static const RedirEntry kRedirMap[] = {
  nsIAboutModule::URI_MUST_LOAD_IN_CHILD |
  nsIAboutModule::URI_SAFE_FOR_UNTRUSTED_CONTENT |
  nsIAboutModule::ALLOW_SCRIPT | nsIAboutModule::HIDE_FROM_ABOUTABOUT},
-{"protections", "chrome://browser/content/protections.html",
- nsIAboutModule::URI_SAFE_FOR_UNTRUSTED_CONTENT |
- nsIAboutModule::URI_MUST_LOAD_IN_CHILD | nsIAboutModule::ALLOW_SCRIPT 
|
- nsIAboutModule::URI_CAN_LOAD_IN_PRIVILEGEDABOUT_PROCESS},
 {"pioneer", "chrome://browser/content/pioneer.html",
  nsIAboutModule::ALLOW_SCRIPT | nsIAboutModule::HIDE_FROM_ABOUTABOUT},
 #ifdef TOR_BROWSER_UPDATE
diff --git a/browser/components/about/components.conf 
b/browser/components/about/components.conf
index f31159d30e15..d78de142e2e4 100644
--- a/browser/components/about/components.conf
+++ b/browser/components/about/components.conf
@@ -20,7 +20,6 @@ pages = [
 'policies',
 'preferences',
 'privatebrowsing',
-'protections',
 'profiling',
 'reader',
 'restartrequired',
diff --git a/browser/components/customizableui/content/panelUI.inc.xhtml 
b/browser/components/customizableui/content/panelUI.inc.xhtml
index 719eee14e681..45f4a10ace7b 100644
--- a/browser/components/customizableui/content/panelUI.inc.xhtml
+++ b/browser/components/customizableui/content/panelUI.inc.xhtml
@@ -244,7 +244,7 @@
 oncommand="gSync.toggleAccountPanel('PanelUI-fxa', 
this, event)"/>
 
 
-
+
   
@@ -255,7 +255,7 @@
 
   
 
-
+
  description {



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor-browser/tor-browser-78.14.0esr-10.5-1] Bug 31286: Implementation of bridge, proxy, and firewall settings in about:preferences#tor

[sysrqb]

commit fd85b339587126d4bfe3a69f98fbf0abeefaf263
Author: Richard Pospesel 
Date:   Mon Sep 16 15:25:39 2019 -0700

Bug 31286: Implementation of bridge, proxy, and firewall settings in 
about:preferences#tor

This patch adds a new about:preferences#tor page which allows modifying
bridge, proxy, and firewall settings from within Tor Browser. All of the
functionality present in tor-launcher's Network Configuration panel is
present:

 - Setting built-in bridges
 - Requesting bridges from BridgeDB via moat
 - Using user-provided bridges
 - Configuring SOCKS4, SOCKS5, and HTTP/HTTPS proxies
 - Setting firewall ports
 - Viewing and Copying Tor's logs
 - The Networking Settings in General preferences has been removed
---
 browser/components/moz.build   |   1 +
 browser/components/preferences/main.inc.xhtml  |  55 --
 browser/components/preferences/main.js |  14 -
 browser/components/preferences/preferences.js  |   9 +
 browser/components/preferences/preferences.xhtml   |   5 +
 browser/components/preferences/privacy.js  |   1 +
 .../torpreferences/content/parseFunctions.jsm  |  89 +++
 .../torpreferences/content/requestBridgeDialog.jsm | 202 +
 .../content/requestBridgeDialog.xhtml  |  35 +
 .../torpreferences/content/torBridgeSettings.jsm   | 325 
 .../torpreferences/content/torCategory.inc.xhtml   |   9 +
 .../torpreferences/content/torFirewallSettings.jsm |  72 ++
 .../torpreferences/content/torLogDialog.jsm|  66 ++
 .../torpreferences/content/torLogDialog.xhtml  |  23 +
 .../components/torpreferences/content/torPane.js   | 857 +
 .../torpreferences/content/torPane.xhtml   | 123 +++
 .../torpreferences/content/torPreferences.css  |  77 ++
 .../torpreferences/content/torPreferencesIcon.svg  |   5 +
 .../torpreferences/content/torProxySettings.jsm| 245 ++
 browser/components/torpreferences/jar.mn   |  14 +
 browser/components/torpreferences/moz.build|   1 +
 browser/modules/BridgeDB.jsm   | 110 +++
 browser/modules/TorProtocolService.jsm | 212 +
 browser/modules/moz.build  |   2 +
 24 files changed, 2483 insertions(+), 69 deletions(-)

diff --git a/browser/components/moz.build b/browser/components/moz.build
index cb6eeb9164ef..09e209dc9c3b 100644
--- a/browser/components/moz.build
+++ b/browser/components/moz.build
@@ -58,6 +58,7 @@ DIRS += [
 'syncedtabs',
 'uitour',
 'urlbar',
+'torpreferences',
 'translation',
 ]
 
diff --git a/browser/components/preferences/main.inc.xhtml 
b/browser/components/preferences/main.inc.xhtml
index f3502e87af98..37ac50ee940b 100644
--- a/browser/components/preferences/main.inc.xhtml
+++ b/browser/components/preferences/main.inc.xhtml
@@ -676,59 +676,4 @@
 
   
 
-
-
-  
-
-
-
-
-  
-
-  
-
-  
-  
-  
-  
-  
-
-
-
-
-  
-
-  
-
 
diff --git a/browser/components/preferences/main.js 
b/browser/components/preferences/main.js
index 9f36871d6303..6b258429e773 100644
--- a/browser/components/preferences/main.js
+++ b/browser/components/preferences/main.js
@@ -361,15 +361,6 @@ var gMainPane = {
 });
 this.updatePerformanceSettingsBox({ duringChangeEvent: false });
 this.displayUseSystemLocale();
-let connectionSettingsLink = document.getElementById(
-  "connectionSettingsLearnMore"
-);
-let connectionSettingsUrl =
-  Services.urlFormatter.formatURLPref("app.support.baseURL") +
-  "prefs-connection-settings";
-connectionSettingsLink.setAttribute("href", connectionSettingsUrl);
-this.updateProxySettingsUI();
-initializeProxyUI(gMainPane);
 
 if (Services.prefs.getBoolPref("intl.multilingual.enabled")) {
   gMainPane.initBrowserLocale();
@@ -503,11 +494,6 @@ var gMainPane = {
   "change",
   gMainPane.updateHardwareAcceleration.bind(gMainPane)
 );
-setEventListener(
-  "connectionSettings",
-  "command",
-  gMainPane.showConnections
-);
 setEventListener(
   "browserContainersCheckbox",
   "command",
diff --git a/browser/components/preferences/preferences.js 
b/browser/components/preferences/preferences.js
index 27e9763a1f9e..089533f20ade 100644
--- a/browser/components/preferences/preferences.js
+++ b/browser/components/preferences/preferences.js
@@ -13,6 +13,7 @@
 /* import-globals-from findInPage.js */
 /* import-globals-from ../../base/content/utilityOverlay.js */
 /* import-globals-from ../../../toolkit/content/preferencesBindings.js */
+/* import-globals-from ../torpreferences/content/torPane.js */
 
 "use strict";
 
@@ -91,6 +92,14 @@ function init_all() {
 document.getElementById("template-paneSync").remove();
   }
   register_module("paneSearchResults", gSearchResultsPane);
+  if (gTorPane.enabled) {
+document.getElementById("category-tor").hidden = 

[tor-commits] [tor-browser/tor-browser-78.14.0esr-10.5-1] Bug 31575: Replace Firefox Home (newtab) with about:tor

[sysrqb]

commit c63a3ab8c86c704ce38e286df6ba846f23ade581
Author: Alex Catarineu 
Date:   Mon Sep 9 13:04:34 2019 +0200

Bug 31575: Replace Firefox Home (newtab) with about:tor

Avoid loading AboutNewTab in BrowserGlue.jsm in order
to avoid several network requests that we do not need. Besides,
about:newtab will now point to about:blank or about:tor (depending
on browser.newtabpage.enabled) and about:home will point to
about:tor.
---
 browser/components/BrowserGlue.jsm   | 29 ++--
 browser/components/newtab/AboutNewTabService.jsm | 15 +---
 browser/components/preferences/home.inc.xhtml|  4 ++--
 browser/components/preferences/preferences.xhtml |  5 +++-
 browser/modules/HomePage.jsm |  2 +-
 5 files changed, 10 insertions(+), 45 deletions(-)

diff --git a/browser/components/BrowserGlue.jsm 
b/browser/components/BrowserGlue.jsm
index 3363e24a9b56..44b1426b92e0 100644
--- a/browser/components/BrowserGlue.jsm
+++ b/browser/components/BrowserGlue.jsm
@@ -29,12 +29,6 @@ ChromeUtils.defineModuleGetter(
   "resource:///modules/CustomizableUI.jsm"
 );
 
-ChromeUtils.defineModuleGetter(
-  this,
-  "AboutNewTab",
-  "resource:///modules/AboutNewTab.jsm"
-);
-
 ChromeUtils.defineModuleGetter(
   this,
   "E10SUtils",
@@ -123,19 +117,6 @@ let JSWINDOWACTORS = {
 matches: ["about:newinstall"],
   },
 
-  AboutNewTab: {
-child: {
-  moduleURI: "resource:///actors/AboutNewTabChild.jsm",
-  events: {
-DOMContentLoaded: {},
-  },
-},
-// The wildcard on about:newtab is for the ?endpoint query parameter
-// that is used for snippets debugging.
-matches: ["about:home", "about:welcome", "about:newtab*"],
-remoteTypes: ["privilegedabout"],
-  },
-
   AboutPlugins: {
 parent: {
   moduleURI: "resource:///actors/AboutPluginsParent.jsm",
@@ -1730,8 +1711,6 @@ BrowserGlue.prototype = {
 
   // the first browser window has finished initializing
   _onFirstWindowLoaded: function BG__onFirstWindowLoaded(aWindow) {
-AboutNewTab.init();
-
 TabCrashHandler.init();
 
 ProcessHangMonitor.init();
@@ -5199,12 +5178,8 @@ var AboutHomeStartupCache = {
   return { pageInputStream: null, scriptInputStream: null };
 }
 
-let state = AboutNewTab.activityStream.store.getState();
-return new Promise(resolve => {
-  this._cacheDeferred = resolve;
-  this.log.trace("Parent received cache streams.");
-  this._procManager.sendAsyncMessage(this.CACHE_REQUEST_MESSAGE, { state 
});
-});
+this.log.error("Activity Stream is disabled in Tor Browser.");
+return { pageInputStream: null, scriptInputStream: null };
   },
 
   /**
diff --git a/browser/components/newtab/AboutNewTabService.jsm 
b/browser/components/newtab/AboutNewTabService.jsm
index 506b521f528c..3962ebf94ab5 100644
--- a/browser/components/newtab/AboutNewTabService.jsm
+++ b/browser/components/newtab/AboutNewTabService.jsm
@@ -286,20 +286,7 @@ class BaseAboutNewTabService {
* the newtab page has no effect on the result of this function.
*/
   get defaultURL() {
-// Generate the desired activity stream resource depending on state, e.g.,
-// "resource://activity-stream/prerendered/activity-stream.html"
-// "resource://activity-stream/prerendered/activity-stream-debug.html"
-// "resource://activity-stream/prerendered/activity-stream-noscripts.html"
-return [
-  "resource://activity-stream/prerendered/",
-  "activity-stream",
-  // Debug version loads dev scripts but noscripts separately loads scripts
-  this.activityStreamDebug && !this.privilegedAboutProcessEnabled
-? "-debug"
-: "",
-  this.privilegedAboutProcessEnabled ? "-noscripts" : "",
-  ".html",
-].join("");
+return "about:tor";
   }
 
   /*
diff --git a/browser/components/preferences/home.inc.xhtml 
b/browser/components/preferences/home.inc.xhtml
index 2e900ccd296c..2a7412944d73 100644
--- a/browser/components/preferences/home.inc.xhtml
+++ b/browser/components/preferences/home.inc.xhtml
@@ -37,7 +37,7 @@
 class="check-home-page-controlled"
 data-preference-related="browser.startup.homepage">
 
-  
+  
   
   
 
@@ -97,7 +97,7 @@
 flex="1"
 preference="browser.newtabpage.enabled">
   
-
+
 
   
 
diff --git a/browser/components/preferences/preferences.xhtml 
b/browser/components/preferences/preferences.xhtml
index 3d89ddf00808..c176457c68fd 100644
--- a/browser/components/preferences/preferences.xhtml
+++ b/browser/components/preferences/preferences.xhtml
@@ -14,7 +14,10 @@
 
 
 
-
+
+  %aboutTorDTD;
+]>
 
 http://www.w3.org/1999/xhtml;
 xmlns:html="http://www.w3.org/1999/xhtml;
diff --git a/browser/modules/HomePage.jsm b/browser/modules/HomePage.jsm
index c903787fde48..bf67b1c5d173 100644
--- a/browser/modules/HomePage.jsm

[tor-commits] [tor-browser/tor-browser-78.14.0esr-10.5-1] Bug 31563: force reloading search extensions if extensions.enabledScopes has changed

[sysrqb]

commit 5d2c03aa3709ad7aa639677f0ea8e580f27e00d3
Author: Alex Catarineu 
Date:   Sat Aug 31 16:23:20 2019 +0200

Bug 31563: force reloading search extensions if extensions.enabledScopes 
has changed
---
 toolkit/components/search/SearchService.jsm | 8 +++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/toolkit/components/search/SearchService.jsm 
b/toolkit/components/search/SearchService.jsm
index 46b992bec8ec..608f3c475458 100644
--- a/toolkit/components/search/SearchService.jsm
+++ b/toolkit/components/search/SearchService.jsm
@@ -975,6 +975,7 @@ SearchService.prototype = {
 let locale = Services.locale.requestedLocale;
 let buildID = Services.appinfo.platformBuildID;
 let appVersion = Services.appinfo.version;
+let enabledScopes = Services.prefs.getIntPref("extensions.enabledScopes", 
-1);
 
 // Allows us to force a cache refresh should the cache format change.
 cache.version = SearchUtils.CACHE_VERSION;
@@ -988,6 +989,10 @@ SearchService.prototype = {
 cache.appVersion = appVersion;
 cache.locale = locale;
 
+// Bug 31563: we want to force reloading engines if 
extensions.enabledScopes
+// pref changes
+cache.enabledScopes = enabledScopes;
+
 if (gModernConfig) {
   cache.builtInEngineList = this._searchOrder;
   // For built-in engines we don't want to store all their data in the 
cache
@@ -1049,7 +1054,8 @@ SearchService.prototype = {
   !cache.engines ||
   cache.version != SearchUtils.CACHE_VERSION ||
   cache.locale != Services.locale.requestedLocale ||
-  cache.buildID != buildID;
+  cache.buildID != buildID ||
+  cache.enabledScopes != 
Services.prefs.getIntPref("extensions.enabledScopes", -1);
 
 let enginesCorrupted = false;
 if (!rebuildCache) {



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor-browser/tor-browser-78.14.0esr-10.5-1] Bug 28369: Stop shipping pingsender executable

[sysrqb]

commit 300b07d66dbc47578b6b4e32283d4eaa6d920bae
Author: Alex Catarineu 
Date:   Wed Apr 10 17:52:51 2019 +0200

Bug 28369: Stop shipping pingsender executable
---
 browser/app/macbuild/Contents/MacOS-files.in   |  1 -
 browser/installer/package-manifest.in  |  4 
 browser/installer/windows/nsis/shared.nsh  |  1 -
 python/mozbuild/mozbuild/artifacts.py  |  2 --
 toolkit/components/telemetry/app/TelemetrySend.jsm | 19 +--
 toolkit/components/telemetry/moz.build |  4 
 6 files changed, 1 insertion(+), 30 deletions(-)

diff --git a/browser/app/macbuild/Contents/MacOS-files.in 
b/browser/app/macbuild/Contents/MacOS-files.in
index a0cac14ef7e3..38c3766c6375 100644
--- a/browser/app/macbuild/Contents/MacOS-files.in
+++ b/browser/app/macbuild/Contents/MacOS-files.in
@@ -13,7 +13,6 @@
 #if defined(MOZ_CRASHREPORTER)
 /minidump-analyzer
 #endif
-/pingsender
 /pk12util
 /ssltunnel
 /xpcshell
diff --git a/browser/installer/package-manifest.in 
b/browser/installer/package-manifest.in
index ad7dd023a92e..9e36326dee5b 100644
--- a/browser/installer/package-manifest.in
+++ b/browser/installer/package-manifest.in
@@ -444,10 +444,6 @@ bin/libfreebl_64int_3.so
 @BINPATH@/minidump-analyzer@BIN_SUFFIX@
 #endif
 
-; [ Ping Sender ]
-;
-@BINPATH@/pingsender@BIN_SUFFIX@
-
 ; Shutdown Terminator
 @RESPATH@/components/terminator.manifest
 
diff --git a/browser/installer/windows/nsis/shared.nsh 
b/browser/installer/windows/nsis/shared.nsh
index 668fbca98b39..cb61865af70f 100755
--- a/browser/installer/windows/nsis/shared.nsh
+++ b/browser/installer/windows/nsis/shared.nsh
@@ -1472,7 +1472,6 @@ ${EndIf}
   Push "crashreporter.exe"
   Push "default-browser-agent.exe"
   Push "minidump-analyzer.exe"
-  Push "pingsender.exe"
   Push "updater.exe"
   Push "updateagent.exe"
   Push "${FileMainEXE}"
diff --git a/python/mozbuild/mozbuild/artifacts.py 
b/python/mozbuild/mozbuild/artifacts.py
index d1de6bca15d9..35107ac894fd 100644
--- a/python/mozbuild/mozbuild/artifacts.py
+++ b/python/mozbuild/mozbuild/artifacts.py
@@ -420,7 +420,6 @@ class LinuxArtifactJob(ArtifactJob):
 '{product}/{product}',
 '{product}/{product}-bin',
 '{product}/minidump-analyzer',
-'{product}/pingsender',
 '{product}/plugin-container',
 '{product}/updater',
 '{product}/**/*.so',
@@ -482,7 +481,6 @@ class MacArtifactJob(ArtifactJob):
 'libosclientcerts.dylib',
 'libsoftokn3.dylib',
 'minidump-analyzer',
-'pingsender',
 'plugin-container.app/Contents/MacOS/plugin-container',
 'updater.app/Contents/MacOS/org.mozilla.updater',
 # 'xpcshell',
diff --git a/toolkit/components/telemetry/app/TelemetrySend.jsm 
b/toolkit/components/telemetry/app/TelemetrySend.jsm
index f0f61b74026b..502416431b24 100644
--- a/toolkit/components/telemetry/app/TelemetrySend.jsm
+++ b/toolkit/components/telemetry/app/TelemetrySend.jsm
@@ -1578,23 +1578,6 @@ var TelemetrySendImpl = {
   },
 
   runPingSender(pings, observer) {
-if (AppConstants.platform === "android") {
-  throw Components.Exception("", Cr.NS_ERROR_NOT_IMPLEMENTED);
-}
-
-const exeName =
-  AppConstants.platform === "win" ? "pingsender.exe" : "pingsender";
-
-let exe = Services.dirsvc.get("GreBinD", Ci.nsIFile);
-exe.append(exeName);
-
-let params = pings.flatMap(ping => [ping.url, ping.path]);
-let process = Cc["@mozilla.org/process/util;1"].createInstance(
-  Ci.nsIProcess
-);
-process.init(exe);
-process.startHidden = true;
-process.noShell = true;
-process.runAsync(params, params.length, observer);
+throw Components.Exception("", Cr.NS_ERROR_NOT_IMPLEMENTED);
   },
 };
diff --git a/toolkit/components/telemetry/moz.build 
b/toolkit/components/telemetry/moz.build
index 8d9104f632a6..520d2da3acf1 100644
--- a/toolkit/components/telemetry/moz.build
+++ b/toolkit/components/telemetry/moz.build
@@ -8,10 +8,6 @@ include('/ipc/chromium/chromium-config.mozbuild')
 
 FINAL_LIBRARY = 'xul'
 
-DIRS = [
-'pingsender',
-]
-
 DEFINES['MOZ_APP_VERSION'] = '"%s"' % CONFIG['MOZ_APP_VERSION']
 
 LOCAL_INCLUDES += [



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor-browser/tor-browser-78.14.0esr-10.5-1] Bug 30541: Disable WebGL readPixel() for web content

[sysrqb]

commit 3ff17b93de8d76601c06a6ea01331efc67bde8f4
Author: Georg Koppen 
Date:   Wed May 29 12:29:19 2019 +

Bug 30541: Disable WebGL readPixel() for web content
---
 dom/canvas/ClientWebGLContext.cpp | 8 
 1 file changed, 8 insertions(+)

diff --git a/dom/canvas/ClientWebGLContext.cpp 
b/dom/canvas/ClientWebGLContext.cpp
index 42c0b1ba6b80..c7f2559332d3 100644
--- a/dom/canvas/ClientWebGLContext.cpp
+++ b/dom/canvas/ClientWebGLContext.cpp
@@ -4118,6 +4118,14 @@ bool ClientWebGLContext::ReadPixels_SharedPrecheck(
 return false;
   }
 
+  // Security check passed, but don't let content readPixel calls through for
+  // now, if Resist Fingerprinting Mode is enabled.
+  if (nsContentUtils::ResistFingerprinting(aCallerType)) {
+JsWarning("readPixels: Not allowed in Resist Fingerprinting Mode");
+out_error.Throw(NS_ERROR_DOM_NOT_SUPPORTED_ERR);
+return false;
+  }
+
   return true;
 }
 



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor-browser/tor-browser-78.14.0esr-10.5-1] Bug 32092: Fix Tor Browser Support link in preferences

[sysrqb]

commit bddb0f15932b09ea801c02e6eb0cc3864f56f06c
Author: Alex Catarineu 
Date:   Tue Oct 15 22:54:10 2019 +0200

Bug 32092: Fix Tor Browser Support link in preferences
---
 browser/components/preferences/preferences.js | 5 +
 1 file changed, 1 insertion(+), 4 deletions(-)

diff --git a/browser/components/preferences/preferences.js 
b/browser/components/preferences/preferences.js
index 089533f20ade..586e32e277cb 100644
--- a/browser/components/preferences/preferences.js
+++ b/browser/components/preferences/preferences.js
@@ -121,10 +121,7 @@ function init_all() {
 
   gotoPref().then(() => {
 let helpButton = document.getElementById("helpButton");
-let helpUrl =
-  Services.urlFormatter.formatURLPref("app.support.baseURL") +
-  "preferences";
-helpButton.setAttribute("href", helpUrl);
+helpButton.setAttribute("href", "https://support.torproject.org/tbb;);
 
 document.getElementById("addonsButton").addEventListener("click", e => {
   if (e.button >= 2) {



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor-browser/tor-browser-78.14.0esr-10.5-1] Bug 13543: Spoof smooth and powerEfficient for Media Capabilities

[sysrqb]

commit 2fccbc04166fe27c86ff51a50daa289193a0cce1
Author: Alex Catarineu 
Date:   Thu Oct 10 15:08:12 2019 +0200

Bug 13543: Spoof smooth and powerEfficient for Media Capabilities
---
 dom/media/mediacapabilities/MediaCapabilities.cpp | 5 +
 1 file changed, 5 insertions(+)

diff --git a/dom/media/mediacapabilities/MediaCapabilities.cpp 
b/dom/media/mediacapabilities/MediaCapabilities.cpp
index fb1b1a2cb32c..3bc6b97eac63 100644
--- a/dom/media/mediacapabilities/MediaCapabilities.cpp
+++ b/dom/media/mediacapabilities/MediaCapabilities.cpp
@@ -290,6 +290,11 @@ already_AddRefed MediaCapabilities::DecodingInfo(
   if (aValue.IsReject()) {
 p = CapabilitiesPromise::CreateAndReject(
 std::move(aValue.RejectValue()), __func__);
+  } else if (nsContentUtils::
+ ShouldResistFingerprinting()) {
+p = CapabilitiesPromise::CreateAndResolve(
+MediaCapabilitiesInfo(true, true, false),
+__func__);
   } else {
 MOZ_ASSERT(config->IsVideo());
 if 
(StaticPrefs::media_mediacapabilities_from_database()) {



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor-browser/tor-browser-78.14.0esr-10.5-1] Bug 31607: App menu items stop working on macOS

[sysrqb]

commit 6938ac32e0a9b51ba961d312c9739790672d5ab6
Author: Kathy Brade 
Date:   Thu Oct 3 10:53:43 2019 -0400

Bug 31607: App menu items stop working on macOS

Avoid re-creating the hidden window, since this causes the nsMenuBarX
object that is associated with the app menu to be freed (which in
turn causes all of the app menu items to stop working).

More detail: There should only be one hidden window.
XREMain::XRE_mainRun() contains an explicit call to create the
hidden window and that is the normal path by which it is created.
However, when Tor Launcher's wizard/progress window is opened during
startup, a hidden window is created earlier as a side effect of
calls to nsAppShellService::GetHiddenWindow(). Then, when
XREMain::XRE_mainRun() creates its hidden window, the original one
is freed which also causes the app menu's nsMenuBarX object which
is associated with that window to be destroyed. When that happens,
the menuGroupOwner property within each Cocoa menu items's MenuItemInfo
object is cleared. This breaks the link that is necessary for
NativeMenuItemTarget's menuItemHit method to dispatch a menu item
event.
---
 xpfe/appshell/nsAppShellService.cpp | 4 
 1 file changed, 4 insertions(+)

diff --git a/xpfe/appshell/nsAppShellService.cpp 
b/xpfe/appshell/nsAppShellService.cpp
index 719684ceb072..1600a3fea789 100644
--- a/xpfe/appshell/nsAppShellService.cpp
+++ b/xpfe/appshell/nsAppShellService.cpp
@@ -93,6 +93,10 @@ void nsAppShellService::EnsureHiddenWindow() {
 
 NS_IMETHODIMP
 nsAppShellService::CreateHiddenWindow() {
+  if (mHiddenWindow) {
+return NS_OK;
+  }
+
   if (!XRE_IsParentProcess()) {
 return NS_ERROR_NOT_IMPLEMENTED;
   }



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor-browser/tor-browser-78.14.0esr-10.5-1] Bug 23247: Communicating security expectations for .onion

[sysrqb]

commit 5eec977ef49d8cbc96e65fb7a97c6a91f8f5b003
Author: Richard Pospesel 
Date:   Fri Jun 8 13:38:40 2018 -0700

Bug 23247: Communicating security expectations for .onion

Encrypting pages hosted on Onion Services with SSL/TLS is redundant
(in terms of hiding content) as all traffic within the Tor network is
already fully encrypted.  Therefore, serving HTTP pages from an Onion
Service is more or less fine.

Prior to this patch, Tor Browser would mostly treat pages delivered
via Onion Services as well as pages delivered in the ordinary fashion
over the internet in the same way.  This created some inconsistencies
in behaviour and misinformation presented to the user relating to the
security of pages delivered via Onion Services:

 - HTTP Onion Service pages did not have any 'lock' icon indicating
   the site was secure
 - HTTP Onion Service pages would be marked as unencrypted in the Page
   Info screen
 - Mixed-mode content restrictions did not apply to HTTP Onion Service
   pages embedding Non-Onion HTTP content

This patch fixes the above issues, and also adds several new 'Onion'
icons to the mix to indicate all of the various permutations of Onion
Services hosted HTTP or HTTPS pages with HTTP or HTTPS content.

Strings for Onion Service Page Info page are pulled from Torbutton's
localization strings.
---
 browser/base/content/browser-siteIdentity.js   | 39 -
 browser/base/content/pageinfo/security.js  | 64 ++
 .../shared/identity-block/identity-block.inc.css   | 19 +++
 .../themes/shared/identity-block/onion-slash.svg   |  5 ++
 .../themes/shared/identity-block/onion-warning.svg |  6 ++
 browser/themes/shared/identity-block/onion.svg |  3 +
 browser/themes/shared/jar.inc.mn   |  3 +
 dom/base/nsContentUtils.cpp| 19 +++
 dom/base/nsContentUtils.h  |  5 ++
 dom/base/nsGlobalWindowOuter.cpp   |  3 +-
 dom/ipc/WindowGlobalActor.cpp  |  4 +-
 dom/ipc/WindowGlobalChild.cpp  |  6 +-
 dom/presentation/PresentationRequest.cpp   |  3 +-
 dom/security/nsMixedContentBlocker.cpp | 16 +-
 security/manager/ssl/nsSecureBrowserUI.cpp | 12 
 15 files changed, 175 insertions(+), 32 deletions(-)

diff --git a/browser/base/content/browser-siteIdentity.js 
b/browser/base/content/browser-siteIdentity.js
index 1d6f9555b33f..71b12374758d 100644
--- a/browser/base/content/browser-siteIdentity.js
+++ b/browser/base/content/browser-siteIdentity.js
@@ -131,6 +131,10 @@ var gIdentityHandler = {
 );
   },
 
+  get _uriIsOnionHost() {
+return this._uriHasHost ? this._uri.host.toLowerCase().endsWith(".onion") 
: false;
+  },
+
   // smart getters
   get _identityPopup() {
 delete this._identityPopup;
@@ -624,9 +628,9 @@ var gIdentityHandler = {
   get pointerlockFsWarningClassName() {
 // Note that the fullscreen warning does not handle _isSecureInternalUI.
 if (this._uriHasHost && this._isSecureConnection) {
-  return "verifiedDomain";
+  return this._uriIsOnionHost ? "onionVerifiedDomain" : "verifiedDomain";
 }
-return "unknownIdentity";
+return this._uriIsOnionHost ? "onionUnknownIdentity" : "unknownIdentity";
   },
 
   /**
@@ -634,6 +638,10 @@ var gIdentityHandler = {
* built-in (returns false) or imported (returns true).
*/
   _hasCustomRoot() {
+if (!this._secInfo) {
+  return false;
+}
+
 let issuerCert = null;
 issuerCert = this._secInfo.succeededCertChain[
   this._secInfo.succeededCertChain.length - 1
@@ -676,11 +684,13 @@ var gIdentityHandler = {
 "identity.extension.label",
 [extensionName]
   );
-} else if (this._uriHasHost && this._isSecureConnection) {
+} else if (this._uriHasHost && this._isSecureConnection && this._secInfo) {
   // This is a secure connection.
-  this._identityBox.className = "verifiedDomain";
+  // _isSecureConnection implicitly includes onion services, which may not 
have an SSL certificate
+  const uriIsOnionHost = this._uriIsOnionHost;
+  this._identityBox.className = uriIsOnionHost ? "onionVerifiedDomain" : 
"verifiedDomain";
   if (this._isMixedActiveContentBlocked) {
-this._identityBox.classList.add("mixedActiveBlocked");
+this._identityBox.classList.add(uriIsOnionHost ? 
"onionMixedActiveBlocked" : "mixedActiveBlocked");
   }
   if (!this._isCertUserOverridden) {
 // It's a normal cert, verifier is the CA Org.
@@ -691,17 +701,17 @@ var gIdentityHandler = {
   }
 } else if (this._isBrokenConnection) {
   // This is a secure connection, but something is wrong.
-  this._identityBox.className = "unknownIdentity";
+  const uriIsOnionHost = this._uriIsOnionHost;
+  this._identityBox.className = uriIsOnionHost ? 

[tor-commits] [tor-browser/tor-browser-78.14.0esr-10.5-1] Bug 27511: Add new identity button to toolbar

[sysrqb]

commit f34938b82f8d786e3c44224bb5566f74398f6bfd
Author: Alex Catarineu 
Date:   Fri Oct 4 19:08:33 2019 +0200

Bug 27511: Add new identity button to toolbar

Also added 'New circuit for this site' button to CustomizableUI, but
not visible by default.
---
 browser/base/content/browser.xhtml  | 10 ++
 .../components/customizableui/CustomizableUI.jsm| 21 +
 browser/themes/shared/icons/new_circuit.svg |  8 
 browser/themes/shared/icons/new_identity.svg|  9 +
 browser/themes/shared/jar.inc.mn|  3 +++
 browser/themes/shared/menupanel.inc.css |  8 
 browser/themes/shared/toolbarbutton-icons.inc.css   |  8 
 7 files changed, 67 insertions(+)

diff --git a/browser/base/content/browser.xhtml 
b/browser/base/content/browser.xhtml
index 72c415b8f843..ddf5d766126b 100644
--- a/browser/base/content/browser.xhtml
+++ b/browser/base/content/browser.xhtml
@@ -1295,6 +1295,16 @@
  ondragenter="newWindowButtonObserver.onDragOver(event)"
  ondragexit="newWindowButtonObserver.onDragExit(event)"/>
 
+  
+
+  
+
   
+http://www.w3.org/2000/svg; xmlns:xlink="http://www.w3.org/1999/xlink;>
+Icon / New Circuit@1.5x
+
+
+
+
+
diff --git a/browser/themes/shared/icons/new_identity.svg 
b/browser/themes/shared/icons/new_identity.svg
new file mode 100644
index ..91d5b35f7e80
--- /dev/null
+++ b/browser/themes/shared/icons/new_identity.svg
@@ -0,0 +1,9 @@
+
+http://www.w3.org/2000/svg; xmlns:xlink="http://www.w3.org/1999/xlink;>
+New Identity Icon
+
+
+
+
+
+
\ No newline at end of file
diff --git a/browser/themes/shared/jar.inc.mn b/browser/themes/shared/jar.inc.mn
index 71fea38eb829..e4a3c8d2d41c 100644
--- a/browser/themes/shared/jar.inc.mn
+++ b/browser/themes/shared/jar.inc.mn
@@ -302,3 +302,6 @@
   skin/classic/browser/install-ssb.svg 
(../shared/install-ssb.svg)
   skin/classic/browser/critical.svg
(../shared/icons/critical.svg)
   skin/classic/browser/webRTC-indicator.css
(../shared/webRTC-indicator.css)
+
+  skin/classic/browser/new_circuit.svg 
(../shared/icons/new_circuit.svg)
+  skin/classic/browser/new_identity.svg
(../shared/icons/new_identity.svg)
diff --git a/browser/themes/shared/menupanel.inc.css 
b/browser/themes/shared/menupanel.inc.css
index c919f32a1454..eae453ec5004 100644
--- a/browser/themes/shared/menupanel.inc.css
+++ b/browser/themes/shared/menupanel.inc.css
@@ -183,3 +183,11 @@ toolbarpaletteitem[place="palette"] > 
#bookmarks-menu-button,
   -moz-context-properties: fill, fill-opacity;
   fill-opacity: 0;
 }
+
+#appMenuNewIdentity {
+  list-style-image: url("chrome://browser/skin/new_identity.svg");
+}
+
+#appMenuNewCircuit {
+  list-style-image: url("chrome://browser/skin/new_circuit.svg");
+}
diff --git a/browser/themes/shared/toolbarbutton-icons.inc.css 
b/browser/themes/shared/toolbarbutton-icons.inc.css
index 9514eb1d5338..cf02f871c9a4 100644
--- a/browser/themes/shared/toolbarbutton-icons.inc.css
+++ b/browser/themes/shared/toolbarbutton-icons.inc.css
@@ -233,6 +233,14 @@ toolbar[brighttext] {
   list-style-image: url("chrome://browser/skin/new-tab.svg");
 }
 
+#new-identity-button {
+  list-style-image: url("chrome://browser/skin/new_identity.svg");
+}
+
+#new-circuit-button {
+  list-style-image: url("chrome://browser/skin/new_circuit.svg");
+}
+
 #privatebrowsing-button {
   list-style-image: url("chrome://browser/skin/privateBrowsing.svg");
 }



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor-browser/tor-browser-78.14.0esr-10.5-1] Bug 25658: Replace security slider with security level UI

[sysrqb]

commit a05bd8319e2156f6e7ec7fce3135326d66adfd2c
Author: Richard Pospesel 
Date:   Mon Mar 4 16:09:51 2019 -0800

Bug 25658: Replace security slider with security level UI

This patch adds a new 'securitylevel' component to Tor Browser intended
to replace the torbutton 'Security Slider'.

This component adds a new Security Level toolbar button which visually
indicates the current global security level via icon (as defined by the
extensions.torbutton.security_slider pref), a drop-down hanger with a
short description of the current security level, and a new section in
the about:preferences#privacy page where users can change their current
security level. In addition, the hanger and the preferences page will
show a visual warning when the user has modified prefs associated with
the security level and provide a one-click 'Restore Defaults' button to
get the user back on recommended settings.

Strings used by this patch are pulled from the torbutton extension, but
en-US defaults are provided if there is an error loading from the
extension. With this patch applied, the usual work-flow of "./mach build
&& ./mach run" work as expected, even if the torbutton extension is
disabled.
---
 browser/base/content/browser.js|  10 +
 browser/base/content/browser.xhtml |   5 +
 browser/components/moz.build   |   1 +
 browser/components/preferences/preferences.xhtml   |   1 +
 browser/components/preferences/privacy.inc.xhtml   |   2 +
 browser/components/preferences/privacy.js  |  19 +
 .../securitylevel/content/securityLevel.js | 501 +
 .../securitylevel/content/securityLevelButton.css  |   9 +
 .../content/securityLevelButton.inc.xhtml  |   7 +
 .../securitylevel/content/securityLevelButton.svg  |  21 +
 .../securitylevel/content/securityLevelPanel.css   |  82 
 .../content/securityLevelPanel.inc.xhtml   |  38 ++
 .../content/securityLevelPreferences.css   |  26 ++
 .../content/securityLevelPreferences.inc.xhtml |  62 +++
 browser/components/securitylevel/jar.mn|   6 +
 browser/components/securitylevel/moz.build |   1 +
 16 files changed, 791 insertions(+)

diff --git a/browser/base/content/browser.js b/browser/base/content/browser.js
index 036d92e131da..a851be586c0c 100644
--- a/browser/base/content/browser.js
+++ b/browser/base/content/browser.js
@@ -216,6 +216,11 @@ XPCOMUtils.defineLazyScriptGetter(
   ["DownloadsButton", "DownloadsIndicatorView"],
   "chrome://browser/content/downloads/indicator.js"
 );
+XPCOMUtils.defineLazyScriptGetter(
+  this,
+  ["SecurityLevelButton"],
+  "chrome://browser/content/securitylevel/securityLevel.js"
+);
 XPCOMUtils.defineLazyScriptGetter(
   this,
   "gEditItemOverlay",
@@ -1876,6 +1881,9 @@ var gBrowserInit = {
 // doesn't flicker as the window is being shown.
 DownloadsButton.init();
 
+// Init the SecuritySettingsButton
+SecurityLevelButton.init();
+
 // Certain kinds of automigration rely on this notification to complete
 // their tasks BEFORE the browser window is shown. SessionStore uses it to
 // restore tabs into windows AFTER important parts like 
gMultiProcessBrowser
@@ -2558,6 +2566,8 @@ var gBrowserInit = {
 
 DownloadsButton.uninit();
 
+SecurityLevelButton.uninit();
+
 gAccessibilityServiceIndicator.uninit();
 
 AccessibilityRefreshBlocker.uninit();
diff --git a/browser/base/content/browser.xhtml 
b/browser/base/content/browser.xhtml
index 229fc2a26dd2..72c415b8f843 100644
--- a/browser/base/content/browser.xhtml
+++ b/browser/base/content/browser.xhtml
@@ -20,6 +20,8 @@
 
 
 
+
+
 
 
 
@@ -623,6 +625,7 @@
 #include ../../components/controlcenter/content/protectionsPanel.inc.xhtml
 #include ../../components/downloads/content/downloadsPanel.inc.xhtml
 #include ../../../devtools/startup/enableDevToolsPopup.inc.xhtml
+#include ../../components/securitylevel/content/securityLevelPanel.inc.xhtml
 #include browser-allTabsMenu.inc.xhtml
 
 
@@ -1136,6 +1139,8 @@
 
   
 
+#include ../../components/securitylevel/content/securityLevelButton.inc.xhtml
+
 
 
 
+
 
 
 
diff --git a/browser/components/preferences/privacy.inc.xhtml 
b/browser/components/preferences/privacy.inc.xhtml
index 572b0233c8c4..f36145ea80d4 100644
--- a/browser/components/preferences/privacy.inc.xhtml
+++ b/browser/components/preferences/privacy.inc.xhtml
@@ -913,6 +913,8 @@
   
 
 
+#include ../securitylevel/content/securityLevelPreferences.inc.xhtml
+
 
 
   
diff --git a/browser/components/preferences/privacy.js 
b/browser/components/preferences/privacy.js
index 2cff75726546..949fa84c24ab 100644
--- a/browser/components/preferences/privacy.js
+++ b/browser/components/preferences/privacy.js
@@ -77,6 +77,12 @@ XPCOMUtils.defineLazyGetter(this, "AlertsServiceDND", 
function() {
   }
 });
 

[tor-commits] [tor-browser/tor-browser-78.14.0esr-10.5-1] Bug 26353: Prevent speculative connect that violated FPI.

[sysrqb]

commit afdea4af23f9f4488adb5d9435c28f9ef81439cb
Author: Arthur Edelstein 
Date:   Sat Jul 14 08:50:55 2018 -0700

Bug 26353: Prevent speculative connect that violated FPI.

Connections were observed in the catch-all circuit when
the user entered an https or http URL in the URL bar, or
typed a search term.
---
 toolkit/components/remotebrowserutils/RemoteWebNavigation.jsm | 4 
 1 file changed, 4 insertions(+)

diff --git a/toolkit/components/remotebrowserutils/RemoteWebNavigation.jsm 
b/toolkit/components/remotebrowserutils/RemoteWebNavigation.jsm
index ffa42297073e..82c7a3b950c2 100644
--- a/toolkit/components/remotebrowserutils/RemoteWebNavigation.jsm
+++ b/toolkit/components/remotebrowserutils/RemoteWebNavigation.jsm
@@ -74,6 +74,9 @@ class RemoteWebNavigation {
 fixupFlags |= Services.uriFixup.FIXUP_FLAG_PRIVATE_CONTEXT;
   }
   uri = Services.uriFixup.createFixupURI(aURI, fixupFlags);
+/***
+   TOR BROWSER: Disable the following speculative connect until
+   we can make it properly obey first-party isolation.
 
   // We know the url is going to be loaded, let's start requesting network
   // connection before the content process asks.
@@ -97,6 +100,7 @@ class RemoteWebNavigation {
 }
 Services.io.speculativeConnect(uri, principal, null);
   }
+***/
 } catch (ex) {
   // Can't setup speculative connection for this uri string for some
   // reason (such as failing to parse the URI), just ignore it.



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor-browser/tor-browser-78.14.0esr-10.5-1] Bug 21830: Copying large text from web console leaks to /tmp

[sysrqb]

commit 1b93376bc21dd05c13f50bfb433e3b536dfcd071
Author: Georg Koppen 
Date:   Fri Aug 4 05:55:49 2017 +

Bug 21830: Copying large text from web console leaks to /tmp

Patch written by Neill Miller
---
 widget/nsTransferable.cpp | 6 ++
 1 file changed, 6 insertions(+)

diff --git a/widget/nsTransferable.cpp b/widget/nsTransferable.cpp
index 9ccfc8639350..135135ab23a8 100644
--- a/widget/nsTransferable.cpp
+++ b/widget/nsTransferable.cpp
@@ -33,6 +33,7 @@ Notes to self:
 #include "nsILoadContext.h"
 #include "nsXULAppAPI.h"
 #include "mozilla/UniquePtr.h"
+#include "mozilla/Preferences.h"
 
 using namespace mozilla;
 
@@ -195,6 +196,11 @@ nsTransferable::Init(nsILoadContext* aContext) {
 
   if (aContext) {
 mPrivateData = aContext->UsePrivateBrowsing();
+  } else {
+// without aContext here to provide PrivateBrowsing information,
+// we defer to the active configured setting
+mPrivateData =
+mozilla::Preferences::GetBool("browser.privatebrowsing.autostart");
   }
 #ifdef DEBUG
   mInitialized = true;



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor-browser/tor-browser-78.14.0esr-10.5-1] Bug 23104: Add a default line height compensation

[sysrqb]

commit ef34ef23989bb58148c27f083fdfb2f90cc88e50
Author: Igor Oliveira 
Date:   Sun Dec 10 18:16:59 2017 -0200

Bug 23104: Add a default line height compensation

Many fonts have issues with their vertical metrics. they
are used to influence the height of ascenders and depth
of descenders. Gecko uses it to calculate the line height
(font height + ascender + descender), however because of
that idiosyncratic behavior across multiple operating
systems, it can be used to identify the user's OS.

The solution proposed in the patch uses a default factor
to be multiplied with the font size, simulating the concept
of ascender and descender. This way all operating
systems will have the same line height only and only if the
frame is outside the chrome.
---
 layout/generic/ReflowInput.cpp | 19 +---
 layout/generic/test/mochitest.ini  |  1 +
 layout/generic/test/test_tor_bug23104.html | 50 ++
 3 files changed, 65 insertions(+), 5 deletions(-)

diff --git a/layout/generic/ReflowInput.cpp b/layout/generic/ReflowInput.cpp
index 5b1f6d62043a..5da354f86558 100644
--- a/layout/generic/ReflowInput.cpp
+++ b/layout/generic/ReflowInput.cpp
@@ -30,6 +30,7 @@
 #include 
 #include "mozilla/dom/HTMLInputElement.h"
 #include "nsGridContainerFrame.h"
+#include "nsContentUtils.h"
 
 using namespace mozilla;
 using namespace mozilla::css;
@@ -2690,7 +2691,8 @@ void 
ReflowInput::CalculateBlockSideMargins(LayoutFrameType aFrameType) {
 
 // For risk management, we use preference to control the behavior, and
 // eNoExternalLeading is the old behavior.
-static nscoord GetNormalLineHeight(nsFontMetrics* aFontMetrics) {
+static nscoord GetNormalLineHeight(nsIContent* aContent,
+   nsFontMetrics* aFontMetrics) {
   MOZ_ASSERT(nullptr != aFontMetrics, "no font metrics");
 
   nscoord normalLineHeight;
@@ -2698,6 +2700,12 @@ static nscoord GetNormalLineHeight(nsFontMetrics* 
aFontMetrics) {
   nscoord externalLeading = aFontMetrics->ExternalLeading();
   nscoord internalLeading = aFontMetrics->InternalLeading();
   nscoord emHeight = aFontMetrics->EmHeight();
+
+  if (nsContentUtils::ShouldResistFingerprinting() &&
+  !aContent->IsInChromeDocument()) {
+return NSToCoordRound(emHeight * NORMAL_LINE_HEIGHT_FACTOR);
+  }
+
   switch (GetNormalLineHeightCalcControl()) {
 case eIncludeExternalLeading:
   normalLineHeight = emHeight + internalLeading + externalLeading;
@@ -2715,7 +2723,8 @@ static nscoord GetNormalLineHeight(nsFontMetrics* 
aFontMetrics) {
   return normalLineHeight;
 }
 
-static inline nscoord ComputeLineHeight(ComputedStyle* aComputedStyle,
+static inline nscoord ComputeLineHeight(nsIContent* aContent,
+ComputedStyle* aComputedStyle,
 nsPresContext* aPresContext,
 nscoord aBlockBSize,
 float aFontSizeInflation) {
@@ -2743,7 +2752,7 @@ static inline nscoord ComputeLineHeight(ComputedStyle* 
aComputedStyle,
 
   RefPtr fm = nsLayoutUtils::GetFontMetricsForComputedStyle(
   aComputedStyle, aPresContext, aFontSizeInflation);
-  return GetNormalLineHeight(fm);
+  return GetNormalLineHeight(aContent, fm);
 }
 
 nscoord ReflowInput::CalcLineHeight() const {
@@ -2765,7 +2774,7 @@ nscoord ReflowInput::CalcLineHeight(nsIContent* aContent,
 float aFontSizeInflation) {
   MOZ_ASSERT(aComputedStyle, "Must have a ComputedStyle");
 
-  nscoord lineHeight = ComputeLineHeight(aComputedStyle, aPresContext,
+  nscoord lineHeight = ComputeLineHeight(aContent, aComputedStyle, 
aPresContext,
  aBlockBSize, aFontSizeInflation);
 
   NS_ASSERTION(lineHeight >= 0, "ComputeLineHeight screwed up");
@@ -2778,7 +2787,7 @@ nscoord ReflowInput::CalcLineHeight(nsIContent* aContent,
 if (!lh.IsNormal()) {
   RefPtr fm = nsLayoutUtils::GetFontMetricsForComputedStyle(
   aComputedStyle, aPresContext, aFontSizeInflation);
-  nscoord normal = GetNormalLineHeight(fm);
+  nscoord normal = GetNormalLineHeight(aContent, fm);
   if (lineHeight < normal) {
 lineHeight = normal;
   }
diff --git a/layout/generic/test/mochitest.ini 
b/layout/generic/test/mochitest.ini
index f6678d8d8e4e..c1602bbbc6b1 100644
--- a/layout/generic/test/mochitest.ini
+++ b/layout/generic/test/mochitest.ini
@@ -161,3 +161,4 @@ skip-if = debug == true || tsan # the test is slow. tsan: 
bug 1612707
 [test_reframe_for_lazy_load_image.html]
 support-files =
 file_reframe_for_lazy_load_image.html
+[test_tor_bug23104.html]
diff --git a/layout/generic/test/test_tor_bug23104.html 
b/layout/generic/test/test_tor_bug23104.html
new file mode 100644
index ..8ff1d2190c45
--- /dev/null
+++ b/layout/generic/test/test_tor_bug23104.html
@@ -0,0 +1,50 @@
+
+
+
+
+  

[tor-commits] [tor-browser/tor-browser-78.14.0esr-10.5-1] Bug 4234: Use the Firefox Update Process for Tor Browser.

[sysrqb]

commit 3153cd6453a075101526effbb2c0cb2bc0d36c11
Author: Kathy Brade 
Date:   Fri Jan 13 11:40:24 2017 -0500

Bug 4234: Use the Firefox Update Process for Tor Browser.

The following files are never updated:
  TorBrowser/Data/Browser/profiles.ini
  TorBrowser/Data/Browser/profile.default/bookmarks.html
  TorBrowser/Data/Tor/torrc
Mac OS: Store update metadata under TorBrowser/UpdateInfo.
Removed the %OS_VERSION% component from the update URL (13047) and
  added support for minSupportedOSVersion, an attribute of the
   element that may be used to trigger Firefox's
  "unsupported platform" behavior.
Hide the "What's new" links (set app.releaseNotesURL value to about:blank).
Windows: disable "runas" code path in updater (15201).
Windows: avoid writing to the registry (16236).
Also includes fixes for tickets 13047, 13301, 13356, 13594, 15406,
  16014, 16909, 24476, and 25909.

Also fix Bug 26049: reduce the delay before the update prompt is displayed.
Instead of Firefox's 2 days, we use 1 hour (after which time the update
doorhanger will be displayed).

Also fix bug 27221: purge the startup cache if the Tor Browser
version changed (even if the Firefox version and build ID did
not change), e.g., after a minor Tor Browser update.

Also fix 32616: Disable GetSecureOutputDirectoryPath() functionality.

Bug 26048: potentially confusing "restart to update" message

Within the update doorhanger, remove the misleading message that mentions
that windows will be restored after an update is applied, and replace the
"Restart and Restore" button label with an existing
"Restart to update Tor Browser" string.

Bug 28885: notify users that update is downloading

Add a "Downloading Tor Browser update" item which appears in the
hamburger (app) menu while the update service is downloading a MAR
file. Before this change, the browser did not indicate to the user
that an update was in progress, which is especially confusing in
Tor Browser because downloads often take some time. If the user
clicks on the new menu item, the about dialog is opened to allow
the user to see download progress.

As part of this fix, the update service was changed to always show
update-related messages in the hamburger menu, even if the update
was started in the foreground via the about dialog or via the
"Check for Tor Browser Update" toolbar menu item. This change is
consistent with the Tor Browser goal of making sure users are
informed about the update process.

Removed #28885 parts of this patch which have been uplifted to Firefox.

Use a localized string from Torbutton for the app menu's
"Downloading update" message. This is a temporary fix that can
be removed once Tor Browser is based on Firefox 79 or newer (at
which point the localized string will be included in the Firefox
language packs).
---
 browser/app/Makefile.in|   2 +
 browser/app/profile/000-tor-browser.js |  16 +-
 browser/app/profile/firefox.js |  10 +-
 .../base/content/aboutDialog-appUpdater-legacy.js  |   2 +-
 browser/base/content/aboutDialog-appUpdater.js |   2 +-
 browser/base/content/aboutDialog.js|  12 +-
 browser/components/BrowserContentHandler.jsm   |  39 ++-
 .../customizableui/content/panelUI.inc.xhtml   |   8 +-
 .../components/customizableui/content/panelUI.js   |  22 ++
 browser/confvars.sh|  35 +--
 browser/installer/package-manifest.in  |   2 +
 build/application.ini.in   |   2 +-
 build/moz.configure/init.configure |   3 +-
 config/createprecomplete.py|  17 +-
 .../client/aboutdebugging/src/actions/runtimes.js  |   5 +
 toolkit/modules/UpdateUtils.jsm|  34 +--
 toolkit/mozapps/extensions/AddonManager.jsm|  24 ++
 toolkit/mozapps/extensions/test/browser/head.js|   1 +
 .../extensions/test/xpcshell/head_addons.js|   1 +
 toolkit/mozapps/update/UpdateService.jsm   | 127 +++-
 toolkit/mozapps/update/UpdateServiceStub.jsm   |   4 +
 toolkit/mozapps/update/common/updatehelper.cpp |   8 +
 toolkit/mozapps/update/moz.build   |   5 +-
 toolkit/mozapps/update/updater/launchchild_osx.mm  |   2 +
 toolkit/mozapps/update/updater/moz.build   |   2 +-
 toolkit/mozapps/update/updater/updater.cpp | 339 ++---
 toolkit/xre/MacLaunchHelper.h  |   2 +
 toolkit/xre/MacLaunchHelper.mm |   2 +
 toolkit/xre/nsAppRunner.cpp|  22 +-
 toolkit/xre/nsUpdateDriver.cpp | 109 ++-
 toolkit/xre/nsXREDirProvider.cpp   |  42 ++-
 tools/update-packaging/common.sh   

[tor-commits] [tor-browser/tor-browser-78.14.0esr-10.5-1] Omnibox: Add DDG, Startpage, Disconnect, Youtube, Twitter; remove Amazon, eBay, bing

[sysrqb]

commit a1714fbb8e370986a42d6e803661d4551e488bda
Author: Mike Perry 
Date:   Fri May 5 03:41:57 2017 -0700

Omnibox: Add DDG, Startpage, Disconnect, Youtube, Twitter; remove Amazon, 
eBay, bing

eBay and Amazon don't treat Tor users very well. Accounts often get locked 
and
payments reversed.

Also:
Bug 16322: Update DuckDuckGo search engine

We are replacing the clearnet URL with an onion service one (thanks to a
patch by a cypherpunk) and are removing the duplicated DDG search
engine. Duplicating DDG happend due to bug 1061736 where Mozilla
included DDG itself into Firefox. Interestingly, this caused breaking
the DDG search if JavaScript is disabled as the Mozilla engine, which
gets loaded earlier, does not use the html version of the search page.
Moreover, the Mozilla engine tracked where the users were searching from
by adding a respective parameter to the search query. We got rid of that
feature as well.

Also:
This fixes bug 20809: the DuckDuckGo team has changed its server-side
code in a way that lets users with JavaScript enabled use the default
landing page while those without JavaScript available get redirected
directly to the non-JS page. We adapt the search engine URLs
accordingly.

Also fixes bug 29798 by making sure we only specify the Google search
engine we actually ship an .xml file for.

Also regression tests.
---
 browser/app/profile/000-tor-browser.js |   9 +-
 .../search/extensions/ddg-onion/favicon.ico| Bin 0 -> 973 bytes
 .../search/extensions/ddg-onion/manifest.json  |  26 
 .../components/search/extensions/ddg/favicon.ico   | Bin 5430 -> 0 bytes
 .../components/search/extensions/ddg/favicon.png   | Bin 0 -> 1150 bytes
 .../components/search/extensions/ddg/manifest.json |  40 +-
 .../extensions/google/_locales/b-1-d/messages.json |  23 
 .../extensions/google/_locales/b-1-e/messages.json |  23 
 .../extensions/google/_locales/b-d/messages.json   |  23 
 .../extensions/google/_locales/b-e/messages.json   |  23 
 .../extensions/google/_locales/en/messages.json|  24 
 .../search/extensions/google/manifest.json |  17 ++-
 browser/components/search/extensions/list.json | 141 ++---
 .../search/extensions/startpage/favicon.png| Bin 0 -> 1150 bytes
 .../search/extensions/startpage/manifest.json  |  26 
 .../search/extensions/twitter/favicon.ico  | Bin 0 -> 1650 bytes
 .../search/extensions/twitter/manifest.json|  26 
 .../extensions/wikipedia/_locales/NN/messages.json |  20 ---
 .../extensions/wikipedia/_locales/NO/messages.json |  20 ---
 .../extensions/wikipedia/_locales/af/messages.json |  20 ---
 .../extensions/wikipedia/_locales/an/messages.json |  20 ---
 .../extensions/wikipedia/_locales/ar/messages.json |  20 ---
 .../wikipedia/_locales/ast/messages.json   |  20 ---
 .../extensions/wikipedia/_locales/az/messages.json |  20 ---
 .../wikipedia/_locales/be-tarask/messages.json |  20 ---
 .../extensions/wikipedia/_locales/be/messages.json |  20 ---
 .../extensions/wikipedia/_locales/bg/messages.json |  20 ---
 .../extensions/wikipedia/_locales/bn/messages.json |  20 ---
 .../extensions/wikipedia/_locales/br/messages.json |  20 ---
 .../extensions/wikipedia/_locales/bs/messages.json |  20 ---
 .../extensions/wikipedia/_locales/ca/messages.json |  20 ---
 .../extensions/wikipedia/_locales/cy/messages.json |  20 ---
 .../extensions/wikipedia/_locales/cz/messages.json |  20 ---
 .../extensions/wikipedia/_locales/da/messages.json |  20 ---
 .../extensions/wikipedia/_locales/de/messages.json |  20 ---
 .../wikipedia/_locales/dsb/messages.json   |  20 ---
 .../extensions/wikipedia/_locales/el/messages.json |  20 ---
 .../extensions/wikipedia/_locales/en/messages.json |  20 ---
 .../extensions/wikipedia/_locales/eo/messages.json |  20 ---
 .../extensions/wikipedia/_locales/es/messages.json |  20 ---
 .../extensions/wikipedia/_locales/et/messages.json |  20 ---
 .../extensions/wikipedia/_locales/eu/messages.json |  20 ---
 .../extensions/wikipedia/_locales/fa/messages.json |  20 ---
 .../extensions/wikipedia/_locales/fi/messages.json |  20 ---
 .../extensions/wikipedia/_locales/fr/messages.json |  20 ---
 .../wikipedia/_locales/fy-NL/messages.json |  20 ---
 .../wikipedia/_locales/ga-IE/messages.json |  20 ---
 .../extensions/wikipedia/_locales/gd/messages.json |  20 ---
 .../extensions/wikipedia/_locales/gl/messages.json |  20 ---
 .../extensions/wikipedia/_locales/gn/messages.json |  20 ---
 .../extensions/wikipedia/_locales/gu/messages.json |  20 ---
 .../extensions/wikipedia/_locales/he/messages.json |  20 ---
 .../extensions/wikipedia/_locales/hi/messages.json |  20 ---
 .../extensions/wikipedia/_locales/hr/messages.json |  20 ---
 .../wikipedia/_locales/hsb/messages.json   |  20 ---
 

[tor-commits] [tor-browser/tor-browser-78.14.0esr-10.5-1] Bug 19121: reinstate the update.xml hash check

[sysrqb]

commit 40ca59e0f5eec59cb9772215dde841d3f6382b6c
Author: Kathy Brade 
Date:   Mon Apr 23 15:22:57 2018 -0400

Bug 19121: reinstate the update.xml hash check

Revert most changes from Mozilla Bug 1373267 "Remove hashFunction and
hashValue attributes from nsIUpdatePatch and code related to these
attributes." Changes to the tests were not reverted; the tests have
been changed significantly and we do not run automated updater tests
for Tor Browser at this time.

Also partial revert of commit f1241db6986e4b54473a1ed870f7584c75d51122.

Revert the nsUpdateService.js changes from Mozilla Bug 862173 "don't
verify mar file hash when using mar signing to verify the mar file
(lessens main thread I/O)."

Changes to the tests were not reverted; the tests have been changed
significantly and we do not run automated updater tests for
Tor Browser at this time.

We kept the addition to the AppConstants API in case other JS code
references it in the future.
---
 toolkit/modules/AppConstants.jsm|  7 
 toolkit/mozapps/update/UpdateService.jsm| 63 -
 toolkit/mozapps/update/UpdateTelemetry.jsm  |  1 +
 toolkit/mozapps/update/nsIUpdateService.idl | 11 +
 4 files changed, 81 insertions(+), 1 deletion(-)

diff --git a/toolkit/modules/AppConstants.jsm b/toolkit/modules/AppConstants.jsm
index cd8ca2659626..84516f0d4c66 100644
--- a/toolkit/modules/AppConstants.jsm
+++ b/toolkit/modules/AppConstants.jsm
@@ -212,6 +212,13 @@ this.AppConstants = Object.freeze({
   false,
 #endif
 
+  MOZ_VERIFY_MAR_SIGNATURE:
+#ifdef MOZ_VERIFY_MAR_SIGNATURE
+  true,
+#else
+  false,
+#endif
+
   MOZ_MAINTENANCE_SERVICE:
 #ifdef MOZ_MAINTENANCE_SERVICE
   true,
diff --git a/toolkit/mozapps/update/UpdateService.jsm 
b/toolkit/mozapps/update/UpdateService.jsm
index 1dc86a073646..ead961ab5252 100644
--- a/toolkit/mozapps/update/UpdateService.jsm
+++ b/toolkit/mozapps/update/UpdateService.jsm
@@ -742,6 +742,20 @@ function LOG(string) {
   }
 }
 
+/**
+ * Convert a string containing binary values to hex.
+ */
+function binaryToHex(input) {
+  var result = "";
+  for (var i = 0; i < input.length; ++i) {
+var hex = input.charCodeAt(i).toString(16);
+if (hex.length == 1)
+  hex = "0" + hex;
+result += hex;
+  }
+  return result;
+}
+
 /**
  * Gets the specified directory at the specified hierarchy under the
  * update root directory and creates it if it doesn't exist.
@@ -1534,6 +1548,8 @@ function UpdatePatch(patch) {
 }
 break;
   case "finalURL":
+  case "hashFunction":
+  case "hashValue":
   case "state":
   case "type":
   case "URL":
@@ -1553,6 +1569,8 @@ UpdatePatch.prototype = {
   // over writing nsIUpdatePatch attributes.
   _attrNames: [
 "errorCode",
+"hashFunction",
+"hashValue",
 "finalURL",
 "selected",
 "size",
@@ -1566,6 +1584,8 @@ UpdatePatch.prototype = {
*/
   serialize: function UpdatePatch_serialize(updates) {
 var patch = updates.createElementNS(URI_UPDATE_NS, "patch");
+patch.setAttribute("hashFunction", this.hashFunction);
+patch.setAttribute("hashValue", this.hashValue);
 patch.setAttribute("size", this.size);
 patch.setAttribute("type", this.type);
 patch.setAttribute("URL", this.URL);
@@ -4315,7 +4335,42 @@ Downloader.prototype = {
 }
 
 LOG("Downloader:_verifyDownload downloaded size == expected size.");
-return true;
+let fileStream = Cc["@mozilla.org/network/file-input-stream;1"].
+ createInstance(Ci.nsIFileInputStream);
+fileStream.init(destination, FileUtils.MODE_RDONLY, FileUtils.PERMS_FILE, 
0);
+
+let digest;
+try {
+  let hash = Cc["@mozilla.org/security/hash;1"].
+ createInstance(Ci.nsICryptoHash);
+  var hashFunction = 
Ci.nsICryptoHash[this._patch.hashFunction.toUpperCase()];
+  if (hashFunction == undefined) {
+throw Cr.NS_ERROR_UNEXPECTED;
+  }
+  hash.init(hashFunction);
+  hash.updateFromStream(fileStream, -1);
+  // NOTE: For now, we assume that the format of _patch.hashValue is hex
+  // encoded binary (such as what is typically output by programs like
+  // sha1sum).  In the future, this may change to base64 depending on how
+  // we choose to compute these hashes.
+  digest = binaryToHex(hash.finish(false));
+} catch (e) {
+  LOG("Downloader:_verifyDownload - failed to compute hash of the " +
+  "downloaded update archive");
+  digest = "";
+}
+
+fileStream.close();
+
+if (digest == this._patch.hashValue.toLowerCase()) {
+  LOG("Downloader:_verifyDownload hashes match.");
+  return true;
+}
+
+LOG("Downloader:_verifyDownload hashes do not match. ");
+AUSTLMY.pingDownloadCode(this.isCompleteUpdate,
+ AUSTLMY.DWNLD_ERR_VERIFY_NO_HASH_MATCH);
+return false;
   },
 
   /**
@@ -4889,6 

[tor-commits] [tor-browser/tor-browser-78.14.0esr-10.5-1] Bug 21724: Make Firefox and Tor Browser distinct macOS apps

[sysrqb]

commit 33406c7e8730e7d2dc0ad22fbb3fd5df407923c8
Author: teor 
Date:   Mon Mar 13 23:06:23 2017 +1100

Bug 21724: Make Firefox and Tor Browser distinct macOS apps

When macOS opens a document or selects a default browser, it sometimes
uses the CFBundleSignature. Changing from the Firefox MOZB signature to
a different signature TORB allows macOS to distinguish between Firefox
and Tor Browser.
---
 browser/app/Makefile.in | 2 +-
 browser/app/macbuild/Contents/Info.plist.in | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/browser/app/Makefile.in b/browser/app/Makefile.in
index 1aec6541fc0f..6770319f1866 100644
--- a/browser/app/Makefile.in
+++ b/browser/app/Makefile.in
@@ -103,5 +103,5 @@ ifdef MOZ_UPDATER
mv -f 
'$(dist_dest)/Contents/MacOS/updater.app/Contents/MacOS/org.mozilla.updater' 
'$(dist_dest)/Contents/Library/LaunchServices'
ln -s ../../../../Library/LaunchServices/org.mozilla.updater 
'$(dist_dest)/Contents/MacOS/updater.app/Contents/MacOS/org.mozilla.updater'
 endif
-   printf APPLMOZB > '$(dist_dest)/Contents/PkgInfo'
+   printf APPLTORB > '$(dist_dest)/Contents/PkgInfo'
 endif
diff --git a/browser/app/macbuild/Contents/Info.plist.in 
b/browser/app/macbuild/Contents/Info.plist.in
index f6791ea48125..95b3bc83905c 100644
--- a/browser/app/macbuild/Contents/Info.plist.in
+++ b/browser/app/macbuild/Contents/Info.plist.in
@@ -179,7 +179,7 @@
CFBundleShortVersionString
%APP_VERSION%
CFBundleSignature
-   MOZB
+   TORB
CFBundleURLTypes





___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor-browser/tor-browser-78.14.0esr-10.5-1] Bug 21431: Clean-up system extensions shipped in Firefox

[sysrqb]

commit 6459898f3637c8a4c1ad5f97e2ccb9889c1dc381
Author: Kathy Brade 
Date:   Tue May 23 17:05:29 2017 -0400

Bug 21431: Clean-up system extensions shipped in Firefox

Only ship the pdfjs extension.
---
 browser/components/BrowserGlue.jsm| 6 ++
 browser/extensions/moz.build  | 5 -
 browser/installer/package-manifest.in | 1 -
 browser/locales/Makefile.in   | 8 
 browser/locales/jar.mn| 7 ---
 5 files changed, 6 insertions(+), 21 deletions(-)

diff --git a/browser/components/BrowserGlue.jsm 
b/browser/components/BrowserGlue.jsm
index 3b7d8d6e0309..3363e24a9b56 100644
--- a/browser/components/BrowserGlue.jsm
+++ b/browser/components/BrowserGlue.jsm
@@ -2076,6 +2076,9 @@ BrowserGlue.prototype = {
 const ID = "screensh...@mozilla.org";
 const _checkScreenshotsPref = async () => {
   let addon = await AddonManager.getAddonByID(ID);
+  if (!addon) {
+return;
+  }
   let disabled = Services.prefs.getBoolPref(PREF, false);
   if (disabled) {
 await addon.disable({ allowSystemAddons: true });
@@ -2092,6 +2095,9 @@ BrowserGlue.prototype = {
 const ID = "webcompat-repor...@mozilla.org";
 Services.prefs.addObserver(PREF, async () => {
   let addon = await AddonManager.getAddonByID(ID);
+  if (!addon) {
+return;
+  }
   let enabled = Services.prefs.getBoolPref(PREF, false);
   if (enabled && !addon.isActive) {
 await addon.enable({ allowSystemAddons: true });
diff --git a/browser/extensions/moz.build b/browser/extensions/moz.build
index fd2e65d01f02..499c59b8d6a5 100644
--- a/browser/extensions/moz.build
+++ b/browser/extensions/moz.build
@@ -5,12 +5,7 @@
 # file, You can obtain one at http://mozilla.org/MPL/2.0/.
 
 DIRS += [
-'doh-rollout',
-'formautofill',
 'pdfjs',
-'screenshots',
-'webcompat',
-'report-site-issue'
 ]
 
 if not CONFIG['TOR_BROWSER_DISABLE_TOR_LAUNCHER']:
diff --git a/browser/installer/package-manifest.in 
b/browser/installer/package-manifest.in
index 53b0b7ddf731..ad7dd023a92e 100644
--- a/browser/installer/package-manifest.in
+++ b/browser/installer/package-manifest.in
@@ -268,7 +268,6 @@
 @RESPATH@/browser/chrome/icons/default/default64.png
 @RESPATH@/browser/chrome/icons/default/default128.png
 #endif
-@RESPATH@/browser/features/*
 
 ; [DevTools Startup Files]
 @RESPATH@/browser/chrome/devtools-startup@JAREXT@
diff --git a/browser/locales/Makefile.in b/browser/locales/Makefile.in
index 05f0242c5248..1fdf34d9460f 100644
--- a/browser/locales/Makefile.in
+++ b/browser/locales/Makefile.in
@@ -58,10 +58,6 @@ libs-%:
@$(MAKE) -C ../../toolkit/locales libs-$* 
XPI_ROOT_APPID='$(XPI_ROOT_APPID)'
@$(MAKE) -C ../../services/sync/locales AB_CD=$* XPI_NAME=locale-$*
@$(MAKE) -C ../../extensions/spellcheck/locales AB_CD=$* 
XPI_NAME=locale-$*
-ifneq (,$(wildcard ../extensions/formautofill/locales))
-   @$(MAKE) -C ../extensions/formautofill/locales AB_CD=$* 
XPI_NAME=locale-$*
-endif
-   @$(MAKE) -C ../extensions/report-site-issue/locales AB_CD=$* 
XPI_NAME=locale-$*
@$(MAKE) -C ../../devtools/client/locales AB_CD=$* XPI_NAME=locale-$* 
XPI_ROOT_APPID='$(XPI_ROOT_APPID)'
@$(MAKE) -C ../../devtools/startup/locales AB_CD=$* XPI_NAME=locale-$* 
XPI_ROOT_APPID='$(XPI_ROOT_APPID)'
@$(MAKE) libs AB_CD=$* XPI_NAME=locale-$* PREF_DIR=$(PREF_DIR)
@@ -75,14 +71,10 @@ chrome-%:
@$(MAKE) -C ../../toolkit/locales chrome-$*
@$(MAKE) -C ../../services/sync/locales chrome AB_CD=$*
@$(MAKE) -C ../../extensions/spellcheck/locales chrome AB_CD=$*
-ifneq (,$(wildcard ../extensions/formautofill/locales))
-   @$(MAKE) -C ../extensions/formautofill/locales chrome AB_CD=$*
-endif
@$(MAKE) -C ../../devtools/client/locales chrome AB_CD=$*
@$(MAKE) -C ../../devtools/startup/locales chrome AB_CD=$*
@$(MAKE) chrome AB_CD=$*
@$(MAKE) -C $(DEPTH)/$(MOZ_BRANDING_DIRECTORY)/locales chrome AB_CD=$*
-   @$(MAKE) -C ../extensions/report-site-issue/locales chrome AB_CD=$*
 
 package-win32-installer: $(SUBMAKEFILES)
$(MAKE) -C ../installer/windows CONFIG_DIR=l10ngen ZIP_IN='$(ZIP_OUT)' 
installer
diff --git a/browser/locales/jar.mn b/browser/locales/jar.mn
index 31e2d3d870e6..ff577dfd4e7c 100644
--- a/browser/locales/jar.mn
+++ b/browser/locales/jar.mn
@@ -60,10 +60,3 @@
 locale/browser/newInstall.dtd  
(%chrome/browser/newInstall.dtd)
 locale/browser/brandings.dtd   
(%chrome/browser/brandings.dtd)
 locale/browser/fxmonitor.properties
(%chrome/browser/fxmonitor.properties)
-
-#ifdef XPI_NAME
-# Bug 1240628, restructure how l10n repacks work with feature addons
-# This is hacky, but ensures the chrome.manifest chain is complete
-[.] chrome.jar:
-% manifest features/chrome.manifest
-#endif



___
tor-commits mailing list

[tor-commits] [tor-browser/tor-browser-78.14.0esr-10.5-1] Bug 13379: Sign our MAR files.

[sysrqb]

commit 076b520e4213527fbd47549a999f82610d1809f9
Author: Kathy Brade 
Date:   Wed Dec 17 16:37:11 2014 -0500

Bug 13379: Sign our MAR files.

Configure with --enable-verify-mar (when updating, require a valid
  signature on the MAR file before it is applied).
Use the Tor Browser version instead of the Firefox version inside the
  MAR file info block (necessary to prevent downgrade attacks).
Use NSS on all platforms for checking MAR signatures (instead of using
  OS-native APIs, which Mozilla does on Mac OS and Windows). So that the
  NSS and NSPR libraries the updater depends on can be found at runtime,
  we add the firefox directory to the shared library search path on macOS.
  On Linux, rpath is used by Mozilla to solve that problem, but that
  approach won't work on macOS because the updater executable is copied
  during the update process to a location that is under TorBrowser-Data,
  and the location of TorBrowser-Data varies.

Also includes the fix for bug 18900.
---
 .mozconfig |  1 +
 .mozconfig-asan|  1 +
 .mozconfig-mac |  1 +
 .mozconfig-mingw   |  1 +
 modules/libmar/tool/mar.c  |  6 +--
 modules/libmar/tool/moz.build  | 12 --
 modules/libmar/verify/moz.build| 14 +++---
 .../mozapps/update/updater/updater-common.build| 24 +--
 toolkit/mozapps/update/updater/updater.cpp | 25 +++
 toolkit/xre/moz.build  |  3 ++
 toolkit/xre/nsUpdateDriver.cpp | 50 ++
 11 files changed, 113 insertions(+), 25 deletions(-)

diff --git a/.mozconfig b/.mozconfig
index 18cd1f9b6487..c50c57d410de 100755
--- a/.mozconfig
+++ b/.mozconfig
@@ -37,3 +37,4 @@ ac_add_options MOZ_TELEMETRY_REPORTING=
 ac_add_options --disable-tor-launcher
 ac_add_options --with-tor-browser-version=dev-build
 ac_add_options --disable-tor-browser-update
+ac_add_options --enable-verify-mar
diff --git a/.mozconfig-asan b/.mozconfig-asan
index 98ea6ac6f3fe..8bee813bfee8 100644
--- a/.mozconfig-asan
+++ b/.mozconfig-asan
@@ -30,6 +30,7 @@ ac_add_options --enable-official-branding
 ac_add_options --enable-default-toolkit=cairo-gtk3
 
 ac_add_options --enable-tor-browser-update
+ac_add_options --enable-verify-mar
 
 ac_add_options --disable-strip
 ac_add_options --disable-install-strip
diff --git a/.mozconfig-mac b/.mozconfig-mac
index 26e2b6b92fdb..5b4624ef1f67 100644
--- a/.mozconfig-mac
+++ b/.mozconfig-mac
@@ -43,6 +43,7 @@ ac_add_options --disable-debug
 
 ac_add_options --enable-tor-browser-data-outside-app-dir
 ac_add_options --enable-tor-browser-update
+ac_add_options --enable-verify-mar
 
 ac_add_options --disable-crashreporter
 ac_add_options --disable-webrtc
diff --git a/.mozconfig-mingw b/.mozconfig-mingw
index 3ec6ff18a3e9..ce6ace1dad67 100644
--- a/.mozconfig-mingw
+++ b/.mozconfig-mingw
@@ -15,6 +15,7 @@ ac_add_options --enable-strip
 ac_add_options --enable-official-branding
 
 ac_add_options --enable-tor-browser-update
+ac_add_options --enable-verify-mar
 ac_add_options --disable-bits-download
 
 # Let's make sure no preference is enabling either Adobe's or Google's CDM.
diff --git a/modules/libmar/tool/mar.c b/modules/libmar/tool/mar.c
index 0bf2cb4bd1d4..ea2b79924914 100644
--- a/modules/libmar/tool/mar.c
+++ b/modules/libmar/tool/mar.c
@@ -65,7 +65,7 @@ static void print_usage() {
   "signed_input_archive.mar base_64_encoded_signature_file "
   "changed_signed_output.mar\n");
   printf("(i) is the index of the certificate to extract\n");
-#  if defined(XP_MACOSX) || (defined(XP_WIN) && !defined(MAR_NSS))
+#  if (defined(XP_MACOSX) || defined(XP_WIN)) && !defined(MAR_NSS)
   printf("Verify a MAR file:\n");
   printf("  mar [-C workingDir] -D DERFilePath -v signed_archive.mar\n");
   printf(
@@ -149,7 +149,7 @@ int main(int argc, char** argv) {
   memset((void*)certBuffers, 0, sizeof(certBuffers));
 #endif
 #if !defined(NO_SIGN_VERIFY) && \
-((!defined(MAR_NSS) && defined(XP_WIN)) || defined(XP_MACOSX))
+(!defined(MAR_NSS) && (defined(XP_WIN) || defined(XP_MACOSX)))
   memset(DERFilePaths, 0, sizeof(DERFilePaths));
   memset(fileSizes, 0, sizeof(fileSizes));
 #endif
@@ -181,7 +181,7 @@ int main(int argc, char** argv) {
   argc -= 2;
 }
 #if !defined(NO_SIGN_VERIFY)
-#  if (!defined(MAR_NSS) && defined(XP_WIN)) || defined(XP_MACOSX)
+#  if (!defined(MAR_NSS) && (defined(XP_WIN) || defined(XP_MACOSX)))
 /* -D DERFilePath, also matches -D[index] DERFilePath
We allow an index for verifying to be symmetric
with the import and export command line arguments. */
diff --git a/modules/libmar/tool/moz.build b/modules/libmar/tool/moz.build
index 19653fb0b073..8953af0bb15c 100644
--- a/modules/libmar/tool/moz.build
+++ 

[tor-commits] [tor-browser/tor-browser-78.14.0esr-10.5-1] Bug 16285: Exclude ClearKey system for now

[sysrqb]

commit 5abf8dcaef6329fd5196856840065d0794d537a3
Author: Georg Koppen 
Date:   Mon May 22 12:44:40 2017 +

Bug 16285: Exclude ClearKey system for now

In the past the ClearKey system had not been compiled when specifying
--disable-eme. But that changed and it is even bundled nowadays (see:
Mozilla's bug 1300654). We don't want to ship it right now as the use
case for it is not really visible while the code had security
vulnerabilities in the past.
---
 browser/installer/package-manifest.in | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/browser/installer/package-manifest.in 
b/browser/installer/package-manifest.in
index 792acb870afa..53b0b7ddf731 100644
--- a/browser/installer/package-manifest.in
+++ b/browser/installer/package-manifest.in
@@ -465,8 +465,8 @@ bin/libfreebl_64int_3.so
 #endif
 
 ; media
-@RESPATH@/gmp-clearkey/0.1/@DLL_PREFIX@clearkey@DLL_SUFFIX@
-@RESPATH@/gmp-clearkey/0.1/manifest.json
+;@RESPATH@/gmp-clearkey/0.1/@DLL_PREFIX@clearkey@DLL_SUFFIX@
+;@RESPATH@/gmp-clearkey/0.1/manifest.json
 
 #ifdef MOZ_DMD
 ; DMD



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor-browser/tor-browser-78.14.0esr-10.5-1] Bug 19273: Avoid JavaScript patching of the external app helper dialog.

[sysrqb]

commit c85c920fe91e352230e87ea8a31631f6ec6e71f5
Author: Kathy Brade 
Date:   Tue Jun 28 15:13:05 2016 -0400

Bug 19273: Avoid JavaScript patching of the external app helper dialog.

When handling an external URI or downloading a file, invoke Torbutton's
external app blocker component (which will present a download warning
dialog unless the user has checked the "Automatically download files
from now on" box).

For e10s compatibility, avoid using a modal dialog and instead use
a callback interface (nsIHelperAppWarningLauncher) to allow Torbutton
to indicate the user's desire to cancel or continue each request.

Other bugs fixed:
 Bug 21766: Crash with e10s enabled while trying to download a file
 Bug 21886: Download is stalled in non-e10s mode
 Bug 22471: Downloading files via the PDF viewer download button is broken
 Bug 22472: Fix FTP downloads when external helper app dialog is shown
 Bug 22610: Avoid crashes when canceling external helper app downloads
 Bug 22618: Downloading pdf file via file:/// is stalling
---
 .../exthandler/nsExternalHelperAppService.cpp  | 202 +
 uriloader/exthandler/nsExternalHelperAppService.h  |   3 +
 .../exthandler/nsIExternalHelperAppService.idl |  47 +
 3 files changed, 217 insertions(+), 35 deletions(-)

diff --git a/uriloader/exthandler/nsExternalHelperAppService.cpp 
b/uriloader/exthandler/nsExternalHelperAppService.cpp
index 4ff7ed2e27cc..0dcc1d3ed6ab 100644
--- a/uriloader/exthandler/nsExternalHelperAppService.cpp
+++ b/uriloader/exthandler/nsExternalHelperAppService.cpp
@@ -132,6 +132,9 @@ static const char NEVER_ASK_FOR_SAVE_TO_DISK_PREF[] =
 static const char NEVER_ASK_FOR_OPEN_FILE_PREF[] =
 "browser.helperApps.neverAsk.openFile";
 
+static const char WARNING_DIALOG_CONTRACT_ID[] =
+"@torproject.org/torbutton-extAppBlocker;1";
+
 // Helper functions for Content-Disposition headers
 
 /**
@@ -388,6 +391,22 @@ static nsresult GetDownloadDirectory(nsIFile** _directory,
   return NS_OK;
 }
 
+static already_AddRefed GetDialogParentAux(
+BrowsingContext* aBrowsingContext, nsIInterfaceRequestor* aWindowContext) {
+  nsCOMPtr dialogParent = aWindowContext;
+
+  if (!dialogParent && aBrowsingContext) {
+dialogParent = do_QueryInterface(aBrowsingContext->GetDOMWindow());
+  }
+  if (!dialogParent && aBrowsingContext && XRE_IsParentProcess()) {
+RefPtr element = aBrowsingContext->Top()->GetEmbedderElement();
+if (element) {
+  dialogParent = do_QueryInterface(element->OwnerDoc()->GetWindow());
+}
+  }
+  return dialogParent.forget();
+}
+
 /**
  * Structure for storing extension->type mappings.
  * @see defaultMimeEntries
@@ -544,6 +563,111 @@ static const nsDefaultMimeTypeEntry 
nonDecodableExtensions[] = {
 {APPLICATION_COMPRESS, "z"},
 {APPLICATION_GZIP, "svgz"}};
 
+//
+// begin nsExternalLoadURIHandler class definition and implementation
+//
+class nsExternalLoadURIHandler final : public nsIHelperAppWarningLauncher {
+ public:
+  NS_DECL_THREADSAFE_ISUPPORTS
+  NS_DECL_NSIHELPERAPPWARNINGLAUNCHER
+
+  nsExternalLoadURIHandler(nsIHandlerInfo* aHandlerInfo, nsIURI* aURI,
+   nsIPrincipal* aTriggeringPrincipal,
+   BrowsingContext* aBrowsingContext);
+
+ protected:
+  ~nsExternalLoadURIHandler();
+
+  nsCOMPtr mHandlerInfo;
+  nsCOMPtr mURI;
+  nsCOMPtr mTriggeringPrincipal;
+  RefPtr mBrowsingContext;
+  nsCOMPtr mWarningDialog;
+};
+
+NS_IMPL_ADDREF(nsExternalLoadURIHandler)
+NS_IMPL_RELEASE(nsExternalLoadURIHandler)
+
+NS_INTERFACE_MAP_BEGIN(nsExternalLoadURIHandler)
+  NS_INTERFACE_MAP_ENTRY_AMBIGUOUS(nsISupports, nsIHelperAppWarningLauncher)
+  NS_INTERFACE_MAP_ENTRY(nsIHelperAppWarningLauncher)
+NS_INTERFACE_MAP_END
+
+nsExternalLoadURIHandler::nsExternalLoadURIHandler(
+nsIHandlerInfo* aHandlerInfo, nsIURI* aURI,
+nsIPrincipal* aTriggeringPrincipal, BrowsingContext* aBrowsingContext)
+: mHandlerInfo(aHandlerInfo),
+  mURI(aURI),
+  mTriggeringPrincipal(aTriggeringPrincipal),
+  mBrowsingContext(aBrowsingContext)
+
+{
+  nsresult rv = NS_OK;
+  mWarningDialog = do_CreateInstance(WARNING_DIALOG_CONTRACT_ID, );
+  if (NS_SUCCEEDED(rv) && mWarningDialog) {
+// This will create a reference cycle (the dialog holds a reference to us
+// as nsIHelperAppWarningLauncher), which will be broken in ContinueRequest
+// or CancelRequest.
+nsCOMPtr dialogParent =
+GetDialogParentAux(aBrowsingContext, nullptr);
+rv = mWarningDialog->MaybeShow(this, dialogParent);
+  }
+
+  if (NS_FAILED(rv)) {
+// If for some reason we could not open the download warning prompt,
+// continue with the request.
+ContinueRequest();
+  }
+}
+

[tor-commits] [tor-browser/tor-browser-78.14.0esr-10.5-1] Bug 16940: After update, load local change notes.

[sysrqb]

commit 29ac8e3c6d992275acbcb9b65f245dbffe6be693
Author: Kathy Brade 
Date:   Wed Nov 25 11:36:20 2015 -0500

Bug 16940: After update, load local change notes.

Add an about:tbupdate page that displays the first section from
TorBrowser/Docs/ChangeLog.txt and includes a link to the remote
post-update page (typically our blog entry for the release).

Always load about:tbupdate in a content process, but implement the
code that reads the file system (changelog) in the chrome process
for compatibility with future sandboxing efforts.

Also fix bug 29440. Now about:tbupdate is styled as a fairly simple
changelog page that is designed to be displayed via a link that is on
about:tor.
---
 browser/actors/AboutTBUpdateChild.jsm  |  53 
 browser/actors/moz.build   |   5 +
 .../base/content/abouttbupdate/aboutTBUpdate.css   |  74 
 .../base/content/abouttbupdate/aboutTBUpdate.js|  10 ++
 .../base/content/abouttbupdate/aboutTBUpdate.xhtml |  39 ++
 browser/base/content/browser-siteIdentity.js   |   2 +-
 browser/base/content/browser.js|   4 +
 browser/base/jar.mn|   5 +
 browser/components/BrowserContentHandler.jsm   |  55 ++---
 browser/components/BrowserGlue.jsm |  25 
 browser/components/about/AboutRedirector.cpp   |   6 +
 browser/components/about/components.conf   |   3 +
 browser/components/moz.build   |   5 +-
 .../locales/en-US/chrome/browser/aboutTBUpdate.dtd |   8 ++
 browser/locales/jar.mn |   3 +
 browser/modules/AboutTBUpdate.jsm  | 134 +
 browser/modules/moz.build  |   5 +
 17 files changed, 420 insertions(+), 16 deletions(-)

diff --git a/browser/actors/AboutTBUpdateChild.jsm 
b/browser/actors/AboutTBUpdateChild.jsm
new file mode 100644
index ..91bb4dbba888
--- /dev/null
+++ b/browser/actors/AboutTBUpdateChild.jsm
@@ -0,0 +1,53 @@
+// Copyright (c) 2019, The Tor Project, Inc.
+// See LICENSE for licensing information.
+//
+// vim: set sw=2 sts=2 ts=8 et syntax=javascript:
+
+var EXPORTED_SYMBOLS = ["AboutTBUpdateChild"];
+
+const {ActorChild} = 
ChromeUtils.import("resource://gre/modules/ActorChild.jsm");
+
+class AboutTBUpdateChild extends ActorChild {
+  receiveMessage(aMessage) {
+if (aMessage.name == "AboutTBUpdate:Update")
+  this.onUpdate(aMessage.data);
+  }
+
+  handleEvent(aEvent) {
+switch (aEvent.type) {
+  case "AboutTBUpdateLoad":
+this.onPageLoad();
+break;
+  case "pagehide":
+this.onPageHide(aEvent);
+break;
+}
+  }
+
+  // aData may contain the following string properties:
+  //   version
+  //   releaseDate
+  //   moreInfoURL
+  //   releaseNotes
+  onUpdate(aData) {
+let doc = this.content.document;
+doc.getElementById("version-content").textContent = aData.version;
+if (aData.releaseDate) {
+  doc.body.setAttribute("havereleasedate", "true");
+  doc.getElementById("releasedate-content").textContent = 
aData.releaseDate;
+}
+if (aData.moreInfoURL)
+  doc.getElementById("infolink").setAttribute("href", aData.moreInfoURL);
+doc.getElementById("releasenotes-content").textContent = 
aData.releaseNotes;
+  }
+
+  onPageLoad() {
+this.mm.sendAsyncMessage("AboutTBUpdate:RequestUpdate");
+  }
+
+  onPageHide(aEvent) {
+if (aEvent.target.defaultView.frameElement) {
+  return;
+}
+  }
+}
diff --git a/browser/actors/moz.build b/browser/actors/moz.build
index 4b903146699e..e70f0f09fe3a 100644
--- a/browser/actors/moz.build
+++ b/browser/actors/moz.build
@@ -74,3 +74,8 @@ FINAL_TARGET_FILES.actors += [
 'WebRTCChild.jsm',
 'WebRTCParent.jsm',
 ]
+
+if CONFIG['TOR_BROWSER_UPDATE']:
+FINAL_TARGET_FILES.actors += [
+'AboutTBUpdateChild.jsm',
+]
diff --git a/browser/base/content/abouttbupdate/aboutTBUpdate.css 
b/browser/base/content/abouttbupdate/aboutTBUpdate.css
new file mode 100644
index ..7c1a34b77f17
--- /dev/null
+++ b/browser/base/content/abouttbupdate/aboutTBUpdate.css
@@ -0,0 +1,74 @@
+/*
+ * Copyright (c) 2019, The Tor Project, Inc.
+ * See LICENSE for licensing information.
+ *
+ * vim: set sw=2 sts=2 ts=8 et syntax=css:
+ */
+
+:root {
+  --abouttor-text-color: white;
+  --abouttor-bg-toron-color: #420C5D;
+}
+
+body {
+  font-family: Helvetica, Arial, sans-serif;
+  color: var(--abouttor-text-color);
+  background-color: var(--abouttor-bg-toron-color);
+  background-attachment: fixed;
+  background-size: 100% 100%;
+}
+
+a {
+  color: var(--abouttor-text-color);
+}
+
+.two-column-grid {
+  display: inline-grid;
+  grid-template-columns: auto auto;
+  grid-column-gap: 50px;
+  margin: 10px 0px 0px 50px;
+}
+
+.two-column-grid div {
+  margin-top: 40px;
+  align-self: baseline;  /* Align baseline of text across the row. */

[tor-commits] [tor-browser/tor-browser-78.14.0esr-10.5-1] Bug 11641: change TBB directory structure to be more like Firefox's

[sysrqb]

commit 50772cd69c36dbcb3b2fe6f2c21dddae6dbae0dd
Author: Kathy Brade 
Date:   Tue Apr 29 13:08:24 2014 -0400

Bug 11641: change TBB directory structure to be more like Firefox's

Unless the -osint command line flag is used, the browser now defaults
to the equivalent of -no-remote.  There is a new -allow-remote flag that
may be used to restore the original (Firefox-like) default behavior.
---
 toolkit/xre/nsAppRunner.cpp | 21 -
 1 file changed, 16 insertions(+), 5 deletions(-)

diff --git a/toolkit/xre/nsAppRunner.cpp b/toolkit/xre/nsAppRunner.cpp
index 9854332f6917..69006b49250e 100644
--- a/toolkit/xre/nsAppRunner.cpp
+++ b/toolkit/xre/nsAppRunner.cpp
@@ -1429,8 +1429,10 @@ static void DumpHelp() {
   "  --migrationStart with migration wizard.\n"
   "  --ProfileManager   Start with ProfileManager.\n"
 #ifdef MOZ_HAS_REMOTE
-  "  --no-remoteDo not accept or send remote commands; implies\n"
+  "  --no-remote(default) Do not accept or send remote commands; "
+  "implies\n"
   " --new-instance.\n"
+  "  --allow-remote Accept and send remote commands.\n"
   "  --new-instance Open new instance, not a new window in running "
   "instance.\n"
 #endif
@@ -3543,16 +3545,25 @@ int XREMain::XRE_mainInit(bool* aExitFlag) {
  gSafeMode);
 
 #if defined(MOZ_HAS_REMOTE)
+  // In Tor Browser, remoting is disabled by default unless -osint is used.
+  bool allowRemote = (CheckArg("allow-remote") == ARG_FOUND);
+  bool isOsint = (CheckArg("osint", nullptr, CheckArgFlag::None) == ARG_FOUND);
+  if (!allowRemote && !isOsint) {
+SaveToEnv("MOZ_NO_REMOTE=1");
+  }
   // Handle --no-remote and --new-instance command line arguments. Setup
   // the environment to better accommodate other components and various
   // restart scenarios.
   ar = CheckArg("no-remote");
-  if (ar == ARG_FOUND || EnvHasValue("MOZ_NO_REMOTE")) {
+  if ((ar == ARG_FOUND) && allowRemote) {
+PR_fprintf(PR_STDERR,
+   "Error: argument --no-remote is invalid when argument "
+   "--allow-remote is specified\n");
+return 1;
+  }
+  if (EnvHasValue("MOZ_NO_REMOTE")) {
 mDisableRemoteClient = true;
 mDisableRemoteServer = true;
-if (!EnvHasValue("MOZ_NO_REMOTE")) {
-  SaveToEnv("MOZ_NO_REMOTE=1");
-}
   }
 
   ar = CheckArg("new-instance");



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor-browser/tor-browser-78.14.0esr-10.5-1] Bug 16620: Clear window.name when no referrer sent

[sysrqb]

commit 715986980add86ecb560ad003088f5ac82e97f01
Author: Kathy Brade 
Date:   Fri Oct 30 14:28:13 2015 -0400

Bug 16620: Clear window.name when no referrer sent

Convert JS implementation (within Torbutton) to a C++ browser patch.
---
 docshell/base/nsDocShell.cpp   |  60 +++
 docshell/test/mochitest/mochitest.ini  |   3 +
 docshell/test/mochitest/test_tor_bug16620.html | 211 +
 docshell/test/mochitest/tor_bug16620.html  |  51 ++
 docshell/test/mochitest/tor_bug16620_form.html |  51 ++
 5 files changed, 376 insertions(+)

diff --git a/docshell/base/nsDocShell.cpp b/docshell/base/nsDocShell.cpp
index d0aa79344605..22eb5c4556f6 100644
--- a/docshell/base/nsDocShell.cpp
+++ b/docshell/base/nsDocShell.cpp
@@ -7476,11 +7476,71 @@ nsresult nsDocShell::CreateContentViewer(const 
nsACString& aContentType,
 aOpenedChannel->GetURI(getter_AddRefs(mLoadingURI));
   }
   FirePageHideNotification(!mSavingOldViewer);
+
   if (mIsBeingDestroyed) {
 // Force to stop the newly created orphaned viewer.
 viewer->Stop();
 return NS_ERROR_DOCSHELL_DYING;
   }
+
+  // Tor bug 16620: Clear window.name of top-level documents if
+  // there is no referrer. We make an exception for new windows,
+  // e.g., window.open(url, "MyName").
+  bool isNewWindowTarget = false;
+  nsCOMPtr props(do_QueryInterface(aRequest, ));
+  if (props) {
+props->GetPropertyAsBool(NS_LITERAL_STRING("docshell.newWindowTarget"),
+ );
+  }
+
+  if (!isNewWindowTarget) {
+nsCOMPtr httpChannel(do_QueryInterface(aOpenedChannel));
+nsCOMPtr httpReferrer;
+if (httpChannel) {
+  nsCOMPtr referrerInfo;
+  rv = httpChannel->GetReferrerInfo(getter_AddRefs(referrerInfo));
+  NS_ENSURE_SUCCESS(rv, rv);
+  if (referrerInfo) {
+// We want GetComputedReferrer() instead of GetOriginalReferrer(), 
since
+// the former takes into consideration referrer policy, protocol
+// whitelisting...
+httpReferrer = referrerInfo->GetComputedReferrer();
+  }
+}
+
+bool isTopFrame = mBrowsingContext->IsTop();
+
+#ifdef DEBUG_WINDOW_NAME
+printf("DOCSHELL %p CreateContentViewer - possibly clearing 
window.name:\n",
+   this);
+printf("  current window.name: \"%s\"\n",
+   NS_ConvertUTF16toUTF8(mName).get());
+
+nsAutoCString curSpec, loadingSpec;
+if (this->mCurrentURI) mCurrentURI->GetSpec(curSpec);
+if (mLoadingURI) mLoadingURI->GetSpec(loadingSpec);
+printf("  current URI: %s\n", curSpec.get());
+printf("  loading URI: %s\n", loadingSpec.get());
+printf("  is top document: %s\n", isTopFrame ? "Yes" : "No");
+
+if (!httpReferrer) {
+  printf("  referrer: None\n");
+} else {
+  nsAutoCString refSpec;
+  httpReferrer->GetSpec(refSpec);
+  printf("  referrer: %s\n", refSpec.get());
+}
+#endif
+
+bool clearName = isTopFrame && !httpReferrer;
+if (clearName) SetName(NS_LITERAL_STRING(""));
+
+#ifdef DEBUG_WINDOW_NAME
+printf("  action taken: %s window.name\n",
+   clearName ? "Cleared" : "Preserved");
+#endif
+  }
+
   mLoadingURI = nullptr;
 
   // Set mFiredUnloadEvent = false so that the unload handler for the
diff --git a/docshell/test/mochitest/mochitest.ini 
b/docshell/test/mochitest/mochitest.ini
index 25d3187711fe..663750b7fc8e 100644
--- a/docshell/test/mochitest/mochitest.ini
+++ b/docshell/test/mochitest/mochitest.ini
@@ -52,6 +52,8 @@ support-files =
   start_historyframe.html
   url1_historyframe.html
   url2_historyframe.html
+  tor_bug16620.html
+  tor_bug16620_form.html
 
 [test_anchor_scroll_after_document_open.html]
 [test_bfcache_plus_hash.html]
@@ -115,6 +117,7 @@ support-files = file_bug675587.html
 [test_framedhistoryframes.html]
 support-files = file_framedhistoryframes.html
 [test_pushState_after_document_open.html]
+[test_tor_bug16620.html]
 [test_windowedhistoryframes.html]
 [test_triggeringprincipal_location_seturi.html]
 [test_bug1507702.html]
diff --git a/docshell/test/mochitest/test_tor_bug16620.html 
b/docshell/test/mochitest/test_tor_bug16620.html
new file mode 100644
index ..46fff5a04711
--- /dev/null
+++ b/docshell/test/mochitest/test_tor_bug16620.html
@@ -0,0 +1,211 @@
+
+
+
+
+
+  Test for Tor Bug 16620 - Clear window.name when no referrer 
sent
+  
+  
+
+
+https://trac.torproject.org/projects/tor/ticket/16620;>Tor Bug 16620
+
+// ## Test constants
+const kTestPath = "/tests/docshell/test/mochitest/";
+const kLinkFile = "tor_bug16620.html";
+const kFormFile = "tor_bug16620_form.html";
+const kBaseURL1 = "http://example.com";;
+const kBaseURL1_https = "https://example.com";;
+const kBaseURL2 = "http://example.net";;
+const kSendReferrerPref = "network.http.sendRefererHeader";
+const 

[tor-commits] [tor-browser/tor-browser-78.14.0esr-10.5-1] Bug 18800: Remove localhost DNS lookup in nsProfileLock.cpp

[sysrqb]

commit f8bee75b83364df61226c6ac97628df24a4f450a
Author: Kathy Brade 
Date:   Thu Apr 21 10:40:26 2016 -0400

Bug 18800: Remove localhost DNS lookup in nsProfileLock.cpp

Instead of using the local computer's IP address within
symlink-based profile lock signatures, always use 127.0.0.1.
---
 toolkit/profile/nsProfileLock.cpp | 17 -
 1 file changed, 8 insertions(+), 9 deletions(-)

diff --git a/toolkit/profile/nsProfileLock.cpp 
b/toolkit/profile/nsProfileLock.cpp
index 25c4f5a79e56..1942815e3446 100644
--- a/toolkit/profile/nsProfileLock.cpp
+++ b/toolkit/profile/nsProfileLock.cpp
@@ -289,18 +289,17 @@ nsresult nsProfileLock::LockWithSymlink(nsIFile* 
aLockFile,
   if (!mReplacedLockTime)
 aLockFile->GetLastModifiedTimeOfLink();
 
+  // For Tor Browser, avoid a DNS lookup here so the Tor network is not
+  // bypassed. Instead, always use 127.0.0.1 for the IP address portion
+  // of the lock signature, which may cause the browser to refuse to
+  // start in the rare event that all of the following conditions are met:
+  //   1. The browser profile is on a network file system.
+  //   2. The file system does not support fcntl() locking.
+  //   3. Tor Browser is run from two different computers at the same time.
+
   struct in_addr inaddr;
   inaddr.s_addr = htonl(INADDR_LOOPBACK);
 
-  char hostname[256];
-  PRStatus status = PR_GetSystemInfo(PR_SI_HOSTNAME, hostname, sizeof 
hostname);
-  if (status == PR_SUCCESS) {
-char netdbbuf[PR_NETDB_BUF_SIZE];
-PRHostEnt hostent;
-status = PR_GetHostByName(hostname, netdbbuf, sizeof netdbbuf, );
-if (status == PR_SUCCESS) memcpy(, hostent.h_addr, sizeof inaddr);
-  }
-
   mozilla::SmprintfPointer signature =
   mozilla::Smprintf("%s:%s%lu", inet_ntoa(inaddr),
 aHaveFcntlLock ? "+" : "", (unsigned long)getpid());



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor-browser/tor-browser-78.14.0esr-10.5-1] Bug 18821: Disable libmdns for Android and Desktop

[sysrqb]

commit 6b9ba804da7cad956c77e720b79d719db2f8d6ac
Author: Georg Koppen 
Date:   Wed Apr 20 14:34:50 2016 +

Bug 18821: Disable libmdns for Android and Desktop

There should be no need to remove the OS X support introduced in
https://bugzilla.mozilla.org/show_bug.cgi?id=1225726 as enabling this
is governed by a preference (which is actually set to `false`). However,
we remove it at build time as well (defense in depth).

This is basically a backout of the relevant passages of
https://hg.mozilla.org/mozilla-central/rev/6bfb430de85d,
https://hg.mozilla.org/mozilla-central/rev/609b337bf7ab and
https://hg.mozilla.org/mozilla-central/rev/8e092ec5fbbd.

Fixed bug 21861 (Disable additional mDNS code to avoid proxy bypasses)
as well.
---
 dom/presentation/provider/components.conf | 10 --
 dom/presentation/provider/moz.build   |  1 -
 netwerk/dns/mdns/libmdns/components.conf  | 15 ---
 netwerk/dns/mdns/libmdns/moz.build| 28 
 4 files changed, 54 deletions(-)

diff --git a/dom/presentation/provider/components.conf 
b/dom/presentation/provider/components.conf
index 04cb28ec757e..56994ed7cd94 100644
--- a/dom/presentation/provider/components.conf
+++ b/dom/presentation/provider/components.conf
@@ -6,9 +6,6 @@
 
 categories = {}
 
-if buildconfig.substs['MOZ_WIDGET_TOOLKIT'] in ('cocoa', 'android'):
-categories["presentation-device-provider"] = "MulticastDNSDeviceProvider"
-
 Classes = [
 {
 'cid': '{f4079b8b-ede5-4b90-a112-5b415a931deb}',
@@ -16,11 +13,4 @@ Classes = [
 'jsm': 'resource://gre/modules/PresentationControlService.jsm',
 'constructor': 'PresentationControlService',
 },
-{
-'cid': '{814f947a-52f7-41c9-94a1-3684797284ac}',
-'contract_ids': 
['@mozilla.org/presentation-device/multicastdns-provider;1'],
-'type': 'mozilla::dom::presentation::MulticastDNSDeviceProvider',
-'headers': ['/dom/presentation/provider/MulticastDNSDeviceProvider.h'],
-'categories': categories,
-},
 ]
diff --git a/dom/presentation/provider/moz.build 
b/dom/presentation/provider/moz.build
index eaea61af415a..d97b75ddbcf9 100644
--- a/dom/presentation/provider/moz.build
+++ b/dom/presentation/provider/moz.build
@@ -10,7 +10,6 @@ EXTRA_JS_MODULES += [
 
 UNIFIED_SOURCES += [
 'DeviceProviderHelpers.cpp',
-'MulticastDNSDeviceProvider.cpp',
 ]
 
 XPCOM_MANIFESTS += [
diff --git a/netwerk/dns/mdns/libmdns/components.conf 
b/netwerk/dns/mdns/libmdns/components.conf
index 6e64140c820e..1b50dbf673a4 100644
--- a/netwerk/dns/mdns/libmdns/components.conf
+++ b/netwerk/dns/mdns/libmdns/components.conf
@@ -5,20 +5,5 @@
 # file, You can obtain one at http://mozilla.org/MPL/2.0/.
 
 Classes = [
-{
-'cid': '{14a50f2b-7ff6-48a5-88e3-615fd111f5d3}',
-'contract_ids': 
['@mozilla.org/toolkit/components/mdnsresponder/dns-info;1'],
-'type': 'mozilla::net::nsDNSServiceInfo',
-'headers': ['/netwerk/dns/mdns/libmdns/nsDNSServiceInfo.h'],
-},
 ]
 
-if buildconfig.substs['MOZ_WIDGET_TOOLKIT'] != 'cocoa':
-Classes += [
-{
-'cid': '{f9346d98-f27a-4e89-b744-493843416480}',
-'contract_ids': 
['@mozilla.org/toolkit/components/mdnsresponder/dns-sd;1'],
-'jsm': 'resource://gre/modules/DNSServiceDiscovery.jsm',
-'constructor': 'nsDNSServiceDiscovery',
-},
-]
diff --git a/netwerk/dns/mdns/libmdns/moz.build 
b/netwerk/dns/mdns/libmdns/moz.build
index 05dc75eb9eda..a6fc1a8a559a 100644
--- a/netwerk/dns/mdns/libmdns/moz.build
+++ b/netwerk/dns/mdns/libmdns/moz.build
@@ -4,34 +4,6 @@
 # License, v. 2.0. If a copy of the MPL was not distributed with this
 # file, You can obtain one at http://mozilla.org/MPL/2.0/.
 
-if CONFIG['MOZ_WIDGET_TOOLKIT'] == 'cocoa':
-UNIFIED_SOURCES += [
-'MDNSResponderOperator.cpp',
-'MDNSResponderReply.cpp',
-'nsDNSServiceDiscovery.cpp',
-]
-
-LOCAL_INCLUDES += [
-  '/netwerk/base',
-]
-
-else:
-EXTRA_JS_MODULES += [
-'DNSServiceDiscovery.jsm',
-'fallback/DataReader.jsm',
-'fallback/DataWriter.jsm',
-'fallback/DNSPacket.jsm',
-'fallback/DNSRecord.jsm',
-'fallback/DNSResourceRecord.jsm',
-'fallback/DNSTypes.jsm',
-'fallback/MulticastDNS.jsm',
-]
-
-if CONFIG['MOZ_WIDGET_TOOLKIT'] == 'android':
-EXTRA_JS_MODULES += [
-'MulticastDNSAndroid.jsm',
-]
-
 UNIFIED_SOURCES += [
 'nsDNSServiceInfo.cpp',
 ]



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor-browser/tor-browser-78.14.0esr-10.5-1] Bug 13252: Do not store data in the app bundle

[sysrqb]

commit 34e635164586706dc194951d925f539c7ee6091f
Author: Kathy Brade 
Date:   Fri Mar 18 14:20:02 2016 -0400

Bug 13252: Do not store data in the app bundle

When --enable-tor-browser-data-outside-app-dir is enabled,
all user data is stored in a directory named
TorBrowser-Data which is located next to the application directory.

Display an informative error message if the TorBrowser-Data
directory cannot be created due to an "access denied" or a
"read only volume" error.

On Mac OS, add support for the --invisible command line option which
is used by the meek-http-helper to avoid showing an icon for the
helper browser on the dock.
---
 toolkit/xre/nsAppRunner.cpp|  76 +++---
 toolkit/xre/nsXREDirProvider.cpp   |  43 +-
 toolkit/xre/nsXREDirProvider.h |   6 ++
 xpcom/io/TorFileUtils.cpp  | 142 +
 xpcom/io/TorFileUtils.h|  33 
 xpcom/io/moz.build |   5 ++
 xpcom/io/nsAppFileLocationProvider.cpp |  53 +---
 7 files changed, 290 insertions(+), 68 deletions(-)

diff --git a/toolkit/xre/nsAppRunner.cpp b/toolkit/xre/nsAppRunner.cpp
index 8de43a8c4cfc..9854332f6917 100644
--- a/toolkit/xre/nsAppRunner.cpp
+++ b/toolkit/xre/nsAppRunner.cpp
@@ -1886,6 +1886,8 @@ static nsresult ProfileMissingDialog(nsINativeAppSupport* 
aNative) {
   }
 }
 
+// If aUnlocker is NULL, it is also OK for the following arguments to be NULL:
+//   aProfileDir, aProfileLocalDir, aResult.
 static ReturnAbortOnError ProfileErrorDialog(nsIFile* aProfileDir,
  nsIFile* aProfileLocalDir,
  ProfileStatus aStatus,
@@ -1894,17 +1896,19 @@ static ReturnAbortOnError ProfileErrorDialog(nsIFile* 
aProfileDir,
  nsIProfileLock** aResult) {
   nsresult rv;
 
-  bool exists;
-  aProfileDir->Exists();
-  if (!exists) {
-return ProfileMissingDialog(aNative);
+  if (aProfileDir) {
+bool exists;
+aProfileDir->Exists();
+if (!exists) {
+  return ProfileMissingDialog(aNative);
+}
   }
 
   ScopedXPCOMStartup xpcom;
   rv = xpcom.Initialize();
   NS_ENSURE_SUCCESS(rv, rv);
 
-  mozilla::Telemetry::WriteFailedProfileLock(aProfileDir);
+  if (aProfileDir) mozilla::Telemetry::WriteFailedProfileLock(aProfileDir);
 
   rv = xpcom.SetWindowCreator(aNative);
   NS_ENSURE_SUCCESS(rv, NS_ERROR_FAILURE);
@@ -1994,7 +1998,8 @@ static ReturnAbortOnError ProfileErrorDialog(nsIFile* 
aProfileDir,
   }
 } else {
 #ifdef MOZ_WIDGET_ANDROID
-  if (java::GeckoAppShell::UnlockProfile()) {
+  if (aProfileDir && aProfileLocalDir && aResult &&
+  java::GeckoAppShell::UnlockProfile()) {
 return NS_LockProfilePath(aProfileDir, aProfileLocalDir, nullptr,
   aResult);
   }
@@ -2102,6 +2107,23 @@ static ReturnAbortOnError ShowProfileManager(
   return LaunchChild(false);
 }
 
+#ifdef TOR_BROWSER_DATA_OUTSIDE_APP_DIR
+static ProfileStatus CheckTorBrowserDataWriteAccess(nsIFile* aAppDir) {
+  // Check whether we can write to the directory that will contain
+  // TorBrowser-Data.
+  nsCOMPtr tbDataDir;
+  RefPtr dirProvider = nsXREDirProvider::GetSingleton();
+  if (!dirProvider) return PROFILE_STATUS_OTHER_ERROR;
+  nsresult rv =
+  dirProvider->GetTorBrowserUserDataDir(getter_AddRefs(tbDataDir));
+  NS_ENSURE_SUCCESS(rv, PROFILE_STATUS_OTHER_ERROR);
+  nsCOMPtr tbDataDirParent;
+  rv = tbDataDir->GetParent(getter_AddRefs(tbDataDirParent));
+  NS_ENSURE_SUCCESS(rv, PROFILE_STATUS_OTHER_ERROR);
+  return nsToolkitProfileService::CheckProfileWriteAccess(tbDataDirParent);
+}
+#endif
+
 static bool gDoMigration = false;
 static bool gDoProfileReset = false;
 static nsCOMPtr gResetOldProfile;
@@ -3178,6 +3200,14 @@ int XREMain::XRE_mainInit(bool* aExitFlag) {
   if (PR_GetEnv("XRE_MAIN_BREAK")) NS_BREAK();
 #endif
 
+#if defined(XP_MACOSX) && defined(TOR_BROWSER_DATA_OUTSIDE_APP_DIR)
+  bool hideDockIcon = (CheckArg("invisible") == ARG_FOUND);
+  if (hideDockIcon) {
+ProcessSerialNumber psn = {0, kCurrentProcess};
+TransformProcessType(, kProcessTransformToBackgroundApplication);
+  }
+#endif
+
   IncreaseDescriptorLimits();
 
 #ifdef USE_GLX_TEST
@@ -4026,7 +4056,34 @@ int XREMain::XRE_mainStartup(bool* aExitFlag) {
 return 0;
   }
 
+#if (defined(MOZ_UPDATER) && !defined(MOZ_WIDGET_ANDROID)) || \
+defined(TOR_BROWSER_DATA_OUTSIDE_APP_DIR)
+  nsCOMPtr exeFile, exeDir;
+  bool persistent;
+  rv = mDirProvider.GetFile(XRE_EXECUTABLE_FILE, ,
+getter_AddRefs(exeFile));
+  NS_ENSURE_SUCCESS(rv, 1);
+  rv = exeFile->GetParent(getter_AddRefs(exeDir));
+  NS_ENSURE_SUCCESS(rv, 1);
+#endif
+
   rv = NS_NewToolkitProfileService(getter_AddRefs(mProfileSvc));
+#ifdef TOR_BROWSER_DATA_OUTSIDE_APP_DIR
+  if (NS_FAILED(rv)) {
+// 

[tor-commits] [tor-browser/tor-browser-78.14.0esr-10.5-1] Bug 9173: Change the default Firefox profile directory to be TBB-relative.

[sysrqb]

commit 2d9a0ab354a7ab302df6933f91880af6b7b3967a
Author: Kathy Brade 
Date:   Fri Oct 18 15:20:06 2013 -0400

Bug 9173: Change the default Firefox profile directory to be TBB-relative.

This should eliminate our need to rely on a wrapper script that
sets /Users/arthur and launches Firefox with -profile.
---
 toolkit/profile/nsToolkitProfileService.cpp |   5 +-
 toolkit/xre/nsAppRunner.cpp |   2 +-
 toolkit/xre/nsConsoleWriter.cpp |   2 +-
 toolkit/xre/nsXREDirProvider.cpp| 150 ++--
 toolkit/xre/nsXREDirProvider.h  |  16 +--
 xpcom/io/nsAppFileLocationProvider.cpp  |  97 +++---
 6 files changed, 84 insertions(+), 188 deletions(-)

diff --git a/toolkit/profile/nsToolkitProfileService.cpp 
b/toolkit/profile/nsToolkitProfileService.cpp
index dc4811313b5e..a3e50f8c00d3 100644
--- a/toolkit/profile/nsToolkitProfileService.cpp
+++ b/toolkit/profile/nsToolkitProfileService.cpp
@@ -723,10 +723,11 @@ nsresult nsToolkitProfileService::Init() {
   NS_ASSERTION(gDirServiceProvider, "No dirserviceprovider!");
   nsresult rv;
 
-  rv = nsXREDirProvider::GetUserAppDataDirectory(getter_AddRefs(mAppData));
+  rv = gDirServiceProvider->GetUserAppDataDirectory(getter_AddRefs(mAppData));
   NS_ENSURE_SUCCESS(rv, rv);
 
-  rv = nsXREDirProvider::GetUserLocalDataDirectory(getter_AddRefs(mTempData));
+  rv =
+  
gDirServiceProvider->GetUserLocalDataDirectory(getter_AddRefs(mTempData));
   NS_ENSURE_SUCCESS(rv, rv);
 
   rv = mAppData->Clone(getter_AddRefs(mProfileDBFile));
diff --git a/toolkit/xre/nsAppRunner.cpp b/toolkit/xre/nsAppRunner.cpp
index 8b5bce27cdc4..e3e7f785ada9 100644
--- a/toolkit/xre/nsAppRunner.cpp
+++ b/toolkit/xre/nsAppRunner.cpp
@@ -3182,7 +3182,7 @@ int XREMain::XRE_mainInit(bool* aExitFlag) {
   if ((mAppData->flags & NS_XRE_ENABLE_CRASH_REPORTER) &&
   NS_SUCCEEDED(CrashReporter::SetExceptionHandler(xreBinDirectory))) {
 nsCOMPtr file;
-rv = nsXREDirProvider::GetUserAppDataDirectory(getter_AddRefs(file));
+rv = mDirProvider.GetUserAppDataDirectory(getter_AddRefs(file));
 if (NS_SUCCEEDED(rv)) {
   CrashReporter::SetUserAppDataDirectory(file);
 }
diff --git a/toolkit/xre/nsConsoleWriter.cpp b/toolkit/xre/nsConsoleWriter.cpp
index 0a2c0c342893..46735a293a00 100644
--- a/toolkit/xre/nsConsoleWriter.cpp
+++ b/toolkit/xre/nsConsoleWriter.cpp
@@ -29,7 +29,7 @@ void WriteConsoleLog() {
   } else {
 if (!gLogConsoleErrors) return;
 
-rv = nsXREDirProvider::GetUserAppDataDirectory(getter_AddRefs(lfile));
+rv = gDirServiceProvider->GetUserAppDataDirectory(getter_AddRefs(lfile));
 if (NS_FAILED(rv)) return;
 
 lfile->AppendNative(NS_LITERAL_CSTRING("console.log"));
diff --git a/toolkit/xre/nsXREDirProvider.cpp b/toolkit/xre/nsXREDirProvider.cpp
index 7641ef683c39..f80cb2827349 100644
--- a/toolkit/xre/nsXREDirProvider.cpp
+++ b/toolkit/xre/nsXREDirProvider.cpp
@@ -32,6 +32,7 @@
 #include "nsArrayEnumerator.h"
 #include "nsEnumeratorUtils.h"
 #include "nsReadableUtils.h"
+#include "nsXPCOMPrivate.h"  // for XPCOM_FILE_PATH_SEPARATOR
 
 #include "SpecialSystemDirectory.h"
 
@@ -249,9 +250,6 @@ nsresult nsXREDirProvider::GetUserProfilesRootDir(nsIFile** 
aResult) {
   nsresult rv = GetUserDataDirectory(getter_AddRefs(file), false);
 
   if (NS_SUCCEEDED(rv)) {
-#if !defined(XP_UNIX) || defined(XP_MACOSX)
-rv = file->AppendNative(NS_LITERAL_CSTRING("Profiles"));
-#endif
 // We must create the profile directory here if it does not exist.
 nsresult tmp = EnsureDirectoryExists(file);
 if (NS_FAILED(tmp)) {
@@ -267,9 +265,6 @@ nsresult 
nsXREDirProvider::GetUserProfilesLocalDir(nsIFile** aResult) {
   nsresult rv = GetUserDataDirectory(getter_AddRefs(file), true);
 
   if (NS_SUCCEEDED(rv)) {
-#if !defined(XP_UNIX) || defined(XP_MACOSX)
-rv = file->AppendNative(NS_LITERAL_CSTRING("Profiles"));
-#endif
 // We must create the profile directory here if it does not exist.
 nsresult tmp = EnsureDirectoryExists(file);
 if (NS_FAILED(tmp)) {
@@ -1403,7 +1398,7 @@ nsresult 
nsXREDirProvider::SetUserDataProfileDirectory(nsCOMPtr& aFile,
 nsresult nsXREDirProvider::GetUserDataDirectoryHome(nsIFile** aFile,
 bool aLocal) {
   // Copied from nsAppFileLocationProvider (more or less)
-  nsresult rv;
+  NS_ENSURE_ARG_POINTER(aFile);
   nsCOMPtr localDir;
 
   if (aLocal && gDataDirHomeLocal) {
@@ -1413,81 +1408,39 @@ nsresult 
nsXREDirProvider::GetUserDataDirectoryHome(nsIFile** aFile,
 return gDataDirHome->Clone(aFile);
   }
 
-#if defined(XP_MACOSX)
-  FSRef fsRef;
-  OSType folderType;
-  if (aLocal) {
-folderType = kCachedDataFolderType;
-  } else {
-#  ifdef MOZ_THUNDERBIRD
-folderType = kDomainLibraryFolderType;
-#  else
-folderType = kApplicationSupportFolderType;
-#  endif
-  }
-  OSErr err = ::FSFindFolder(kUserDomain, folderType, kCreateFolder, );
-  NS_ENSURE_FALSE(err, 

[tor-commits] [tor-browser/tor-browser-78.14.0esr-10.5-1] Bug 13028: Prevent potential proxy bypass cases.

[sysrqb]

commit 915120d3ed61ad524f531593345fe933cfc971d2
Author: Mike Perry 
Date:   Mon Sep 29 14:30:19 2014 -0700

Bug 13028: Prevent potential proxy bypass cases.

It looks like these cases should only be invoked in the NSS command line
tools, and not the browser, but I decided to patch them anyway because there
literally is a maze of network function pointers being passed around, and 
it's
very hard to tell if some random code might not pass in the proper proxied
versions of the networking code here by accident.
---
 security/nss/lib/certhigh/ocsp.c|  8 
 .../lib/libpkix/pkix_pl_nss/module/pkix_pl_socket.c | 21 +
 2 files changed, 29 insertions(+)

diff --git a/security/nss/lib/certhigh/ocsp.c b/security/nss/lib/certhigh/ocsp.c
index cea8456606bf..86fa971cfbef 100644
--- a/security/nss/lib/certhigh/ocsp.c
+++ b/security/nss/lib/certhigh/ocsp.c
@@ -2932,6 +2932,14 @@ ocsp_ConnectToHost(const char *host, PRUint16 port)
 PRNetAddr addr;
 char *netdbbuf = NULL;
 
+// XXX: Do we need a unittest ifdef here? We don't want to break the 
tests, but
+// we want to ensure nothing can ever hit this code in production.
+#if 1
+printf("Tor Browser BUG: Attempted OSCP direct connect to %s, port %u\n", 
host,
+port);
+goto loser;
+#endif
+
 sock = PR_NewTCPSocket();
 if (sock == NULL)
 goto loser;
diff --git a/security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_socket.c 
b/security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_socket.c
index e8698376b5be..85791d84a932 100644
--- a/security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_socket.c
+++ b/security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_socket.c
@@ -1334,6 +1334,13 @@ pkix_pl_Socket_Create(
 plContext),
 PKIX_COULDNOTCREATESOCKETOBJECT);
 
+// XXX: Do we need a unittest ifdef here? We don't want to break the 
tests, but
+// we want to ensure nothing can ever hit this code in production.
+#if 1
+printf("Tor Browser BUG: Attempted pkix direct socket connect\n");
+PKIX_ERROR(PKIX_PRNEWTCPSOCKETFAILED);
+#endif
+
 socket->isServer = isServer;
 socket->timeout = timeout;
 socket->clientSock = NULL;
@@ -1433,6 +1440,13 @@ pkix_pl_Socket_CreateByName(
 
 localCopyName = PL_strdup(serverName);
 
+// XXX: Do we need a unittest ifdef here? We don't want to break the 
tests, but
+// we want to ensure nothing can ever hit this code in production.
+#if 1
+printf("Tor Browser BUG: Attempted pkix direct connect to %s\n", 
serverName);
+PKIX_ERROR(PKIX_PRNEWTCPSOCKETFAILED);
+#endif
+
 sepPtr = strchr(localCopyName, ':');
 /* First strip off the portnum, if present, from the end of the name */
 if (sepPtr) {
@@ -1582,6 +1596,13 @@ pkix_pl_Socket_CreateByHostAndPort(
 PKIX_ENTER(SOCKET, "pkix_pl_Socket_CreateByHostAndPort");
 PKIX_NULLCHECK_THREE(hostname, pStatus, pSocket);
 
+// XXX: Do we need a unittest ifdef here? We don't want to break the 
tests, but
+// we want to ensure nothing can ever hit this code in production.
+#if 1
+printf("Tor Browser BUG: Attempted pkix direct connect to %s, port 
%u\n", hostname,
+portnum);
+PKIX_ERROR(PKIX_PRNEWTCPSOCKETFAILED);
+#endif
 
 prstatus = PR_GetHostByName(hostname, buf, sizeof(buf), );
 



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor-browser/tor-browser-78.14.0esr-10.5-1] Bug 14631: Improve profile access error messages.

[sysrqb]

commit 0c70f5c1977ed7d58922eaf06cf44fb0ba28355d
Author: Kathy Brade 
Date:   Tue Feb 24 13:50:23 2015 -0500

Bug 14631: Improve profile access error messages.

Instead of always reporting that the profile is locked, display specific
messages for "access denied" and "read-only file system".

To allow for localization, get profile-related error strings from Torbutton.
Use app display name ("Tor Browser") in profile-related error alerts.
---
 .../mozapps/profile/profileSelection.properties|   5 +
 toolkit/profile/nsToolkitProfileService.cpp|  57 +++-
 toolkit/profile/nsToolkitProfileService.h  |  13 +-
 toolkit/xre/nsAppRunner.cpp| 155 ++---
 4 files changed, 207 insertions(+), 23 deletions(-)

diff --git 
a/toolkit/locales/en-US/chrome/mozapps/profile/profileSelection.properties 
b/toolkit/locales/en-US/chrome/mozapps/profile/profileSelection.properties
index 2be092bf4c4b..922b52cb1385 100644
--- a/toolkit/locales/en-US/chrome/mozapps/profile/profileSelection.properties
+++ b/toolkit/locales/en-US/chrome/mozapps/profile/profileSelection.properties
@@ -12,6 +12,11 @@ restartMessageUnlocker=%S is already running, but is not 
responding. The old %S
 restartMessageNoUnlockerMac=A copy of %S is already open. Only one copy of %S 
can be open at a time.
 restartMessageUnlockerMac=A copy of %S is already open. The running copy of %S 
will quit in order to open this one.
 
+# LOCALIZATION NOTE (profileProblemTitle, profileReadOnly, profileReadOnlyMac, 
profileAccessDenied):  Messages displayed when the browser profile cannot be 
accessed or written to. %S is the application name.
+profileProblemTitle=%S Profile Problem
+profileReadOnly=You cannot run %S from a read-only file system.  Please copy 
%S to another location before trying to use it.
+profileReadOnlyMac=You cannot run %S from a read-only file system.  Please 
copy %S to your Desktop or Applications folder before trying to use it.
+profileAccessDenied=%S does not have permission to access the profile. Please 
adjust your file system permissions and try again.
 # Profile manager
 # LOCALIZATION NOTE (profileTooltip): First %S is the profile name, second %S 
is the path to the profile folder.
 profileTooltip=Profile: ‘%S’ - Path: ‘%S’
diff --git a/toolkit/profile/nsToolkitProfileService.cpp 
b/toolkit/profile/nsToolkitProfileService.cpp
index a3e50f8c00d3..3f32bd95f9c9 100644
--- a/toolkit/profile/nsToolkitProfileService.cpp
+++ b/toolkit/profile/nsToolkitProfileService.cpp
@@ -1161,9 +1161,10 @@ nsToolkitProfileService::SelectStartupProfile(
   }
 
   bool wasDefault;
+  ProfileStatus profileStatus;
   nsresult rv =
   SelectStartupProfile(, argv.get(), aIsResetting, aRootDir, 
aLocalDir,
-   aProfile, aDidCreate, );
+   aProfile, aDidCreate, , profileStatus);
 
   // Since we were called outside of the normal startup path complete any
   // startup tasks.
@@ -1196,7 +1197,8 @@ nsToolkitProfileService::SelectStartupProfile(
 nsresult nsToolkitProfileService::SelectStartupProfile(
 int* aArgc, char* aArgv[], bool aIsResetting, nsIFile** aRootDir,
 nsIFile** aLocalDir, nsIToolkitProfile** aProfile, bool* aDidCreate,
-bool* aWasDefaultSelection) {
+bool* aWasDefaultSelection, ProfileStatus& aProfileStatus) {
+  aProfileStatus = PROFILE_STATUS_OK;
   if (mStartupProfileSelected) {
 return NS_ERROR_ALREADY_INITIALIZED;
   }
@@ -1290,6 +1292,13 @@ nsresult nsToolkitProfileService::SelectStartupProfile(
 rv = XRE_GetFileFromPath(arg, getter_AddRefs(lf));
 NS_ENSURE_SUCCESS(rv, rv);
 
+aProfileStatus = CheckProfileWriteAccess(lf);
+if (PROFILE_STATUS_OK != aProfileStatus) {
+  NS_ADDREF(*aRootDir = lf);
+  NS_ADDREF(*aLocalDir = lf);
+  return NS_ERROR_FAILURE;
+}
+
 // Make sure that the profile path exists and it's a directory.
 bool exists;
 rv = lf->Exists();
@@ -2079,3 +2088,47 @@ nsresult XRE_GetFileFromPath(const char* aPath, 
nsIFile** aResult) {
 #  error Platform-specific logic needed here.
 #endif
 }
+
+// Check for write permission to the profile directory by trying to create a
+// new file (after ensuring that no file with the same name exists).
+ProfileStatus nsToolkitProfileService::CheckProfileWriteAccess(
+nsIFile* aProfileDir) {
+#if defined(XP_UNIX)
+  NS_NAMED_LITERAL_STRING(writeTestFileName, ".parentwritetest");
+#else
+  NS_NAMED_LITERAL_STRING(writeTestFileName, "parent.writetest");
+#endif
+
+  nsCOMPtr writeTestFile;
+  nsresult rv = aProfileDir->Clone(getter_AddRefs(writeTestFile));
+  if (NS_SUCCEEDED(rv)) rv = writeTestFile->Append(writeTestFileName);
+
+  if (NS_SUCCEEDED(rv)) {
+bool doesExist = false;
+rv = writeTestFile->Exists();
+if (NS_SUCCEEDED(rv) && doesExist) rv = writeTestFile->Remove(true);
+  }
+
+  if (NS_SUCCEEDED(rv)) {
+rv = writeTestFile->Create(nsIFile::NORMAL_FILE_TYPE, 0666);
+

[tor-commits] [tor-browser/tor-browser-78.14.0esr-10.5-1] Bug 12974: Disable NTLM and Negotiate HTTP Auth

[sysrqb]

commit 00ffe0da267ef82dda172d57ee2e4c19f79ada57
Author: Mike Perry 
Date:   Wed Aug 27 15:19:10 2014 -0700

Bug 12974: Disable NTLM and Negotiate HTTP Auth

This is technically an embargoed Mozilla bug, so I probably shouldn't 
provide
too many details.

Suffice to say that NTLM and Negotiate auth are bad for Tor users, and I 
doubt
very many (or any of them) actually need it.

The Mozilla bug is https://bugzilla.mozilla.org/show_bug.cgi?id=1046421
---
 extensions/auth/nsHttpNegotiateAuth.cpp  | 4 
 netwerk/protocol/http/nsHttpNTLMAuth.cpp | 3 +++
 2 files changed, 7 insertions(+)

diff --git a/extensions/auth/nsHttpNegotiateAuth.cpp 
b/extensions/auth/nsHttpNegotiateAuth.cpp
index 99720475b9dd..1c08fcf3da7e 100644
--- a/extensions/auth/nsHttpNegotiateAuth.cpp
+++ b/extensions/auth/nsHttpNegotiateAuth.cpp
@@ -152,6 +152,10 @@ 
nsHttpNegotiateAuth::ChallengeReceived(nsIHttpAuthenticableChannel* authChannel,
   nsIAuthModule* rawModule = (nsIAuthModule*)*continuationState;
 
   *identityInvalid = false;
+
+  /* Always fail Negotiate auth for Tor Browser. We don't need it. */
+  return NS_ERROR_ABORT;
+
   if (rawModule) {
 return NS_OK;
   }
diff --git a/netwerk/protocol/http/nsHttpNTLMAuth.cpp 
b/netwerk/protocol/http/nsHttpNTLMAuth.cpp
index 0a30de051014..891aaadfd758 100644
--- a/netwerk/protocol/http/nsHttpNTLMAuth.cpp
+++ b/netwerk/protocol/http/nsHttpNTLMAuth.cpp
@@ -168,6 +168,9 @@ 
nsHttpNTLMAuth::ChallengeReceived(nsIHttpAuthenticableChannel* channel,
 
   *identityInvalid = false;
 
+  /* Always fail Negotiate auth for Tor Browser. We don't need it. */
+  return NS_ERROR_ABORT;
+
   // Start a new auth sequence if the challenge is exactly "NTLM".
   // If native NTLM auth apis are available and enabled through prefs,
   // try to use them.



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor-browser/tor-browser-78.14.0esr-10.5-1] Bug 16439: Remove screencasting code

[sysrqb]

commit 001d2eb8ff3aeb257db8b4e7ced7cc86b8601e10
Author: Kathy Brade 
Date:   Wed Jun 24 11:01:11 2015 -0400

Bug 16439: Remove screencasting code

We avoid including the screencasting code on mobile (it got ripped out
for desktop in bug 1393582) by simply excluding the related JS modules
from Tor Browser.
---
 toolkit/modules/moz.build | 9 +
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/toolkit/modules/moz.build b/toolkit/modules/moz.build
index f000f35c126f..e1f1eb5759c5 100644
--- a/toolkit/modules/moz.build
+++ b/toolkit/modules/moz.build
@@ -260,10 +260,11 @@ if 'Android' != CONFIG['OS_TARGET']:
 ]
 else:
 DEFINES['ANDROID'] = True
-EXTRA_JS_MODULES += [
-'secondscreen/RokuApp.jsm',
-'secondscreen/SimpleServiceDiscovery.jsm',
-]
+if not CONFIG['TOR_BROWSER_VERSION']:
+EXTRA_JS_MODULES += [
+'secondscreen/RokuApp.jsm',
+'secondscreen/SimpleServiceDiscovery.jsm',
+]
 
 
 if CONFIG['MOZ_WIDGET_TOOLKIT'] == 'windows':



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor-browser/tor-browser-78.14.0esr-10.5-1] Bug 12620: TorBrowser regression tests

[sysrqb]

commit 5e096e9599d40a8c7b33a5c0799ae6ef6baa5b5a
Author: Arthur Edelstein 
Date:   Wed Aug 27 16:25:00 2014 -0700

Bug 12620: TorBrowser regression tests

Regression tests for Bug #2950: Make Permissions Manager memory-only

Regression tests for TB4: Tor Browser's Firefox preference overrides.

Note: many more functional tests could be made here

Regression tests for #2874: Block Components.interfaces from content

Bug 18923: Add a script to run all Tor Browser specific tests

Regression tests for Bug #16441: Suppress "Reset Tor Browser" prompt.
---
 run-tbb-tests| 66 +++
 tbb-tests-ignore.txt | 13 +++
 tbb-tests/browser.ini|  5 +++
 tbb-tests/browser_tor_TB4.js | 35 +++
 tbb-tests/browser_tor_bug2950.js | 74 
 tbb-tests/mochitest.ini  |  3 ++
 tbb-tests/moz.build  | 10 ++
 tbb-tests/test_tor_bug2874.html  | 25 ++
 toolkit/toolkit.mozbuild |  3 +-
 9 files changed, 233 insertions(+), 1 deletion(-)

diff --git a/run-tbb-tests b/run-tbb-tests
new file mode 100755
index ..bc09839f9f05
--- /dev/null
+++ b/run-tbb-tests
@@ -0,0 +1,66 @@
+#!/bin/bash
+
+# This script runs all the Mochitest tests that have been added or
+# modified since the last ffxbld commit.
+#
+# It does not currently run XPCShell tests. We should change this if we
+# start using this type or other types of tests.
+#
+# The logs of the tests are stored in the tbb-tests.log file.
+# Ignored tests are listed in the tbb-tests-ignore.txt file.
+#
+# https://trac.torproject.org/projects/tor/ticket/18923
+
+IFS=$'\n'
+
+if [ -n "$USE_TESTS_LIST" ] && [ -f tbb-tests-list.txt ]
+then
+echo "Using tests list from file tbb-tests-list.txt"
+tests=($(cat tbb-tests-list.txt))
+else
+ffxbld_commit=$(git log -500 --format='oneline' | grep "TB3: Tor Browser's 
official .mozconfigs." \
+| head -1 | cut -d ' ' -f 1)
+
+tests=($(git diff --name-status "$ffxbld_commit" HEAD | \
+grep -e '^[AM].*/test_[^/]\+\.\(html\|xul\)$' \
+ -e '^[AM].*/browser_[^/]\+\.js$' \
+ | sed 's/^[AM]\s\+//'))
+fi
+
+echo 'The following tests will be run:'
+for i in "${!tests[@]}"
+do
+if [ -z "$USE_TESTS_LIST" ] \
+&& grep -q "^${tests[$i]}$" tbb-tests-ignore.txt
+then
+unset "tests[$i]"
+continue
+fi
+echo "- ${tests[$i]}"
+done
+
+if [ -n "$WRITE_TESTS_LIST" ]
+then
+rm -f tbb-tests-list.txt
+for i in "${!tests[@]}"
+do
+echo "${tests[$i]}" >> tbb-tests-list.txt
+done
+exit 0
+fi
+
+rm -f tbb-tests.log
+echo $'\n''Starting tests'
+# We need `security.nocertdb = false` because of #18087. That pref is
+# forced to have the same value as `browser.privatebrowsing.autostart` in
+# torbutton, so we just set `browser.privatebrowsing.autostart=false` here.
+./mach mochitest --log-tbpl tbb-tests.log \
+--setpref network.file.path_blacklist='' \
+--setpref extensions.torbutton.use_nontor_proxy=true \
+--setpref browser.privatebrowsing.autostart=false \
+ "${tests[@]}"
+
+echo "*"
+echo "*"
+echo "Summary of failed tests:"
+grep --color=never TEST-UNEXPECTED-FAIL tbb-tests.log
diff --git a/tbb-tests-ignore.txt b/tbb-tests-ignore.txt
new file mode 100644
index ..ee3927a9e7c4
--- /dev/null
+++ b/tbb-tests-ignore.txt
@@ -0,0 +1,13 @@
+browser/extensions/onboarding/test/browser/browser_onboarding_accessibility.js
+browser/extensions/onboarding/test/browser/browser_onboarding_keyboard.js
+browser/extensions/onboarding/test/browser/browser_onboarding_notification.js
+browser/extensions/onboarding/test/browser/browser_onboarding_notification_2.js
+browser/extensions/onboarding/test/browser/browser_onboarding_notification_3.js
+browser/extensions/onboarding/test/browser/browser_onboarding_notification_4.js
+browser/extensions/onboarding/test/browser/browser_onboarding_notification_5.js
+browser/extensions/onboarding/test/browser/browser_onboarding_notification_click_auto_complete_tour.js
+browser/extensions/onboarding/test/browser/browser_onboarding_select_default_tour.js
+browser/extensions/onboarding/test/browser/browser_onboarding_skip_tour.js
+browser/extensions/onboarding/test/browser/browser_onboarding_tours.js
+browser/extensions/onboarding/test/browser/browser_onboarding_tourset.js
+browser/extensions/onboarding/test/browser/browser_onboarding_uitour.js
diff --git a/tbb-tests/browser.ini b/tbb-tests/browser.ini
new file mode 100644
index ..f481660f1417
--- /dev/null
+++ b/tbb-tests/browser.ini
@@ -0,0 +1,5 @@
+[DEFAULT]
+
+[browser_tor_bug2950.js]
+[browser_tor_omnibox.js]
+[browser_tor_TB4.js]
diff --git a/tbb-tests/browser_tor_TB4.js b/tbb-tests/browser_tor_TB4.js
new file mode 100644
index 

[tor-commits] [tor-browser/tor-browser-78.14.0esr-10.5-1] Add TorStrings module for localization

[sysrqb]

commit 37310771350488c077932c3cbb1741910d4fd547
Author: Alex Catarineu 
Date:   Fri Jul 24 21:15:20 2020 +0200

Add TorStrings module for localization
---
 browser/modules/TorStrings.jsm | 490 +
 browser/modules/moz.build  |   1 +
 2 files changed, 491 insertions(+)

diff --git a/browser/modules/TorStrings.jsm b/browser/modules/TorStrings.jsm
new file mode 100644
index ..e8a8d37ae373
--- /dev/null
+++ b/browser/modules/TorStrings.jsm
@@ -0,0 +1,490 @@
+"use strict";
+
+var EXPORTED_SYMBOLS = ["TorStrings"];
+
+const { XPCOMUtils } = ChromeUtils.import(
+  "resource://gre/modules/XPCOMUtils.jsm"
+);
+const { Services } = ChromeUtils.import(
+  "resource://gre/modules/Services.jsm"
+);
+const { getLocale } = ChromeUtils.import(
+  "resource://torbutton/modules/utils.js"
+);
+
+XPCOMUtils.defineLazyGlobalGetters(this, ["DOMParser"]);
+XPCOMUtils.defineLazyGetter(this, "domParser", () => {
+  const parser = new DOMParser();
+  parser.forceEnableDTD();
+  return parser;
+});
+
+/*
+  Tor DTD String Bundle
+
+  DTD strings loaded from torbutton/tor-launcher, but provide a fallback in 
case they aren't available
+*/
+class TorDTDStringBundle {
+  constructor(aBundleURLs, aPrefix) {
+let locations = [];
+for (const [index, url] of aBundleURLs.entries()) {
+  locations.push(`%dtd_${index};`);
+}
+this._locations = locations;
+this._prefix = aPrefix;
+  }
+
+  // copied from testing/marionette/l10n.js
+  localizeEntity(urls, id) {
+// Use the DOM parser to resolve the entity and extract its real value
+let header = ``;
+let elem = `&${id};`;
+let doc = domParser.parseFromString(header + elem, "text/xml");
+let element = doc.querySelector("elem[id='elementID']");
+
+if (element === null) {
+  throw new Error(`Entity with id='${id}' hasn't been found`);
+}
+
+return element.textContent;
+  }
+
+  getString(key, fallback) {
+if (key) {
+  try {
+return this.localizeEntity(this._bundleURLs, `${this._prefix}${key}`);
+  } catch (e) {}
+}
+
+// on failure, assign the fallback if it exists
+if (fallback) {
+  return fallback;
+}
+// otherwise return string key
+return `$(${key})`;
+  }
+}
+
+/*
+  Tor Property String Bundle
+
+  Property strings loaded from torbutton/tor-launcher, but provide a fallback 
in case they aren't available
+*/
+class TorPropertyStringBundle {
+  constructor(aBundleURL, aPrefix) {
+try {
+  this._bundle = Services.strings.createBundle(aBundleURL);
+} catch (e) {}
+
+this._prefix = aPrefix;
+  }
+
+  getString(key, fallback) {
+if (key) {
+  try {
+return this._bundle.GetStringFromName(`${this._prefix}${key}`);
+  } catch (e) {}
+}
+
+// on failure, assign the fallback if it exists
+if (fallback) {
+  return fallback;
+}
+// otherwise return string key
+return `$(${key})`;
+  }
+}
+
+/*
+  Security Level Strings
+*/
+var TorStrings = {
+  /*
+Tor Browser Security Level Strings
+  */
+  securityLevel: (function() {
+let tsb = new TorDTDStringBundle(
+  ["chrome://torbutton/locale/torbutton.dtd"],
+  "torbutton.prefs.sec_"
+);
+let getString = function(key, fallback) {
+  return tsb.getString(key, fallback);
+};
+
+// read localized strings from torbutton; but use hard-coded en-US strings 
as fallbacks in case of error
+let retval = {
+  securityLevel: getString("caption", "Security Level"),
+  customWarning: getString("custom_warning", "Custom"),
+  overview: getString(
+"overview",
+"Disable certain web features that can be used to attack your security 
and anonymity."
+  ),
+  standard: {
+level: getString("standard_label", "Standard"),
+tooltip: getString("standard_tooltip", "Security Level : Standard"),
+summary: getString(
+  "standard_description",
+  "All Tor Browser and website features are enabled."
+),
+  },
+  safer: {
+level: getString("safer_label", "Safer"),
+tooltip: getString("safer_tooltip", "Security Level : Safer"),
+summary: getString(
+  "safer_description",
+  "Disables website features that are often dangerous, causing some 
sites to lose functionality."
+),
+description1: getString(
+  "js_on_https_sites_only",
+  "JavaScript is disabled on non-HTTPS sites."
+),
+description2: getString(
+  "limit_typography",
+  "Some fonts and math symbols are disabled."
+),
+description3: getString(
+  "click_to_play_media",
+  "Audio and video (HTML5 media), and WebGL are click-to-play."
+),
+  },
+  safest: {
+level: getString("safest_label", "Safest"),
+tooltip: getString("safest_tooltip", "Security Level : Safest"),
+summary: getString(
+  

[tor-commits] [tor-browser/tor-browser-78.14.0esr-10.5-1] Bug 28044: Integrate Tor Launcher into tor-browser

[sysrqb]

commit b1668d79261138c29d7fb5bc591e323c627b5454
Author: Kathy Brade 
Date:   Tue Feb 26 10:07:17 2019 -0500

Bug 28044: Integrate Tor Launcher into tor-browser

Build and package Tor Launcher as part of the browser (similar to
how pdfjs is handled).

If a Tor Launcher extension is present in the user's profile, it is
removed.
---
 browser/extensions/moz.build|  5 +
 browser/installer/package-manifest.in   |  5 +
 toolkit/mozapps/extensions/internal/XPIProvider.jsm | 10 ++
 3 files changed, 20 insertions(+)

diff --git a/browser/extensions/moz.build b/browser/extensions/moz.build
index 4c9fa789d12a..fd2e65d01f02 100644
--- a/browser/extensions/moz.build
+++ b/browser/extensions/moz.build
@@ -12,3 +12,8 @@ DIRS += [
 'webcompat',
 'report-site-issue'
 ]
+
+if not CONFIG['TOR_BROWSER_DISABLE_TOR_LAUNCHER']:
+DIRS += [
+'tor-launcher',
+]
diff --git a/browser/installer/package-manifest.in 
b/browser/installer/package-manifest.in
index 7deaf1b51f9a..582a6e13d607 100644
--- a/browser/installer/package-manifest.in
+++ b/browser/installer/package-manifest.in
@@ -248,6 +248,11 @@
 @RESPATH@/browser/chrome/browser.manifest
 @RESPATH@/browser/chrome/pdfjs.manifest
 @RESPATH@/browser/chrome/pdfjs/*
+#ifndef TOR_BROWSER_DISABLE_TOR_LAUNCHER
+@RESPATH@/browser/chrome/torlauncher.manifest
+@RESPATH@/browser/chrome/torlauncher/*
+@RESPATH@/browser/@PREF_DIR@/torlauncher-prefs.js
+#endif
 @RESPATH@/chrome/toolkit@JAREXT@
 @RESPATH@/chrome/toolkit.manifest
 @RESPATH@/chrome/recording.manifest
diff --git a/toolkit/mozapps/extensions/internal/XPIProvider.jsm 
b/toolkit/mozapps/extensions/internal/XPIProvider.jsm
index ba67e5f6bee8..bcdf6f40d5ed 100644
--- a/toolkit/mozapps/extensions/internal/XPIProvider.jsm
+++ b/toolkit/mozapps/extensions/internal/XPIProvider.jsm
@@ -1462,6 +1462,16 @@ var XPIStates = {
   for (let [id, file] of loc.readAddons()) {
 knownIds.delete(id);
 
+// Since it is now part of the browser, uninstall the Tor Launcher
+// extension. This will remove the Tor Launcher .xpi from user
+// profiles on macOS.
+if (id === "tor-launc...@torproject.org") {
+  logger.debug("Uninstalling the Tor Launcher extension.");
+  loc.installer.uninstallAddon(id);
+  changed = true;
+  continue;
+}
+
 let xpiState = loc.get(id);
 if (!xpiState) {
   // If the location is not supported for sideloading, skip new



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor-browser/tor-browser-78.14.0esr-10.5-1] Bug 10760: Integrate TorButton to TorBrowser core

[sysrqb]

commit b60399b09b25ff7c778875b104b9f3c4e8ce0219
Author: Alex Catarineu 
Date:   Wed Feb 19 23:05:08 2020 +0100

Bug 10760: Integrate TorButton to TorBrowser core

Because of the non-restartless nature of Torbutton, it required
a two-stage installation process. On mobile, it was a problem,
because it was not loading when the user opened the browser for
the first time.

Moving it to tor-browser and making it a system extension allows it
to load when the user opens the browser for first time.

Additionally, this patch also fixes Bug 27611.

Bug 26321: New Circuit and New Identity menu items

Bug 14392: Make about:tor behave like other initial pages.

Bug 25013: Add torbutton as a tor-browser submodule
---
 .gitmodules|  3 ++
 browser/base/content/aboutDialog.xhtml | 38 +++--
 browser/base/content/browser-doctype.inc   |  6 +++
 browser/base/content/browser-menubar.inc   | 49 --
 browser/base/content/browser-sets.inc  |  2 +
 browser/base/content/browser.js|  1 +
 browser/base/content/browser.xhtml |  9 
 .../controlcenter/content/identityPanel.inc.xhtml  | 17 
 .../customizableui/content/panelUI.inc.xhtml   | 17 +++-
 browser/installer/package-manifest.in  |  2 +
 docshell/base/nsAboutRedirector.cpp|  6 ++-
 docshell/build/components.conf |  1 +
 mobile/android/installer/package-manifest.in   |  4 ++
 toolkit/moz.build  |  1 +
 .../mozapps/extensions/internal/XPIProvider.jsm|  9 
 toolkit/torproject/torbutton   |  1 +
 .../lib/environments/browser-window.js |  6 ++-
 17 files changed, 142 insertions(+), 30 deletions(-)

diff --git a/.gitmodules b/.gitmodules
new file mode 100644
index ..2f03bd8e22df
--- /dev/null
+++ b/.gitmodules
@@ -0,0 +1,3 @@
+[submodule "toolkit/torproject/torbutton"]
+   path = toolkit/torproject/torbutton
+   url = https://git.torproject.org/torbutton.git
diff --git a/browser/base/content/aboutDialog.xhtml 
b/browser/base/content/aboutDialog.xhtml
index 69cbf846bbef..5274cbc02831 100644
--- a/browser/base/content/aboutDialog.xhtml
+++ b/browser/base/content/aboutDialog.xhtml
@@ -7,11 +7,11 @@
 
 
 
+
 
+
 
 
 http://www.w3.org/1999/xhtml;
@@ -28,7 +28,7 @@
 data-l10n-id="aboutDialog-title"
 #endif
 role="dialog"
-aria-describedby="version distribution distributionId communityDesc 
contributeDesc trademark"
+aria-describedby="version distribution distributionId projectDesc 
helpDesc trademark trademarkTor"
 >
 #ifdef XP_MACOSX
 #include macWindow.inc.xhtml
@@ -132,24 +132,36 @@
   
 
   
-  
-http://www.mozilla.org/; 
data-l10n-name="community-mozillaLink">
-
+  
+  
+  
+  
+
+https://www.torproject.org/;>
+  
+
   
-  
-https://donate.mozilla.org/?utm_source=firefoxutm_medium=referralutm_campaign=firefox_aboututm_content=firefox_about;
 data-l10n-name="helpus-donateLink">
-http://www.mozilla.org/contribute/; 
data-l10n-name="helpus-getInvolvedLink">
+  
+
+https://donate.torproject.org/;>
+  
+
+
+https://community.torproject.org/;>
+  
+
   
 
   
 
 
-  
-
-
-https://www.mozilla.org/privacy/; 
data-l10n-id="bottomLinks-privacy">
+  
+https://support.torproject.org/;>
+https://community.torproject.org/relay/;>
+
   
   
+  
 
   
 
diff --git a/browser/base/content/browser-doctype.inc 
b/browser/base/content/browser-doctype.inc
index 9aa278773158..48cf6cd3eda0 100644
--- a/browser/base/content/browser-doctype.inc
+++ b/browser/base/content/browser-doctype.inc
@@ -14,3 +14,9 @@
 %syncBrandDTD;
 
 %brandingsDTD;
+
+%torbuttonDTD;
+
+%aboutTorDTD;
+
+%aboutDialogDTD;
diff --git a/browser/base/content/browser-menubar.inc 
b/browser/base/content/browser-menubar.inc
index 267ec91707ba..6f4aa9289c35 100644
--- a/browser/base/content/browser-menubar.inc
+++ b/browser/base/content/browser-menubar.inc
@@ -33,6 +33,18 @@
   command="Tools:NonFissionWindow"
   accesskey="s" label="New Non-Fission Window"/>
 #endif
+
+
+
+
 
   
-
+
+
+
+
+
+https://tb-manual.torproject.org/' + 
Services.locale.requestedLocale, {triggeringPrincipal: 

[tor-commits] [tor-browser/tor-browser-78.14.0esr-10.5-1] Bug 3547: Block all plugins.

[sysrqb]

commit e2f4640d7ae53932c3dfa65f3f21ac981c17fc24
Author: Mike Perry 
Date:   Tue Dec 4 16:03:13 2012 -0800

Bug 3547: Block all plugins.

We cannot use the @mozilla.org/extensions/blocklist;1 service, because we
actually want to stop plugins from ever entering the browser's process space
and/or executing code (for example, AV plugins that collect 
statistics/analyse
urls, magical toolbars that phone home or "help" the user, skype buttons 
that
ruin our day, and censorship filters). Hence we rolled our own.

See https://trac.torproject.org/projects/tor/ticket/3547#comment:6 for 
musings
on a better way. Until then, it is delta-darwinism for us.
---
 dom/plugins/base/PluginFinder.cpp | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/dom/plugins/base/PluginFinder.cpp 
b/dom/plugins/base/PluginFinder.cpp
index 4e1c1fd53698..cace7d4ef6ba 100644
--- a/dom/plugins/base/PluginFinder.cpp
+++ b/dom/plugins/base/PluginFinder.cpp
@@ -480,6 +480,9 @@ nsresult PluginFinder::ScanPluginsDirectory(nsIFile* 
pluginsDir,
 
   *aPluginsChanged = false;
 
+  // Block all plugins
+  return NS_OK;
+
 #ifdef PLUGIN_LOGGING
   nsAutoCString dirPath;
   pluginsDir->GetNativePath(dirPath);



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor-browser/tor-browser-78.14.0esr-10.5-1] Bug 1585470 - Remove duplicate cpu-features.c definition when building GV without webrtc r=glandium

[sysrqb]

commit 376be5b110ec6c50971f48b7a151094850e20172
Author: Matthew Finkel 
Date:   Thu Jul 9 19:10:34 2020 +

Bug 1585470 - Remove duplicate cpu-features.c definition when building GV 
without webrtc r=glandium

Differential Revision: https://phabricator.services.mozilla.com/D82120
---
 media/libaom/moz.build | 5 -
 1 file changed, 5 deletions(-)

diff --git a/media/libaom/moz.build b/media/libaom/moz.build
index 2dec3de4581c..0b3ba0707df9 100644
--- a/media/libaom/moz.build
+++ b/media/libaom/moz.build
@@ -84,11 +84,6 @@ if CONFIG['OS_TARGET'] == 'Android':
 # the OS they're on, so do it for them.
 DEFINES['__linux__'] = True
 
-if not CONFIG['MOZ_WEBRTC']:
-SOURCES += [
-'%%%s/sources/android/cpufeatures/cpu-features.c' % 
CONFIG['ANDROID_NDK'],
-]
-
 for f in SOURCES:
 if f.endswith('sse2.c'):
 SOURCES[f].flags += CONFIG['SSE2_FLAGS']



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor-browser/tor-browser-78.14.0esr-10.5-1] Bug 1642404 - add an option to show that an update is being downloaded r=bytesized, fluent-reviewers, flod

[sysrqb]

commit 829fa204308052b43a3fc8bca4309cd0187e44cf
Author: Mark Smith 
Date:   Mon Jun 22 20:24:46 2020 +

Bug 1642404 - add an option to show that an update is being downloaded 
r=bytesized,fluent-reviewers,flod

Add support for a hidden preference named app.update.notifyDuringDownload
that, when set to true, causes a "Downloading update" message to appear
in the app menu during a MAR download. Clicking the message opens the
about box so the user can see detailed progress information.

Differential Revision: https://phabricator.services.mozilla.com/D77688
---
 browser/app/profile/firefox.js |  4 ++
 browser/components/BrowserGlue.jsm |  1 +
 .../customizableui/content/panelUI.inc.xhtml   |  2 +
 .../components/customizableui/content/panelUI.js   |  5 ++
 .../test/browser_panelUINotifications.js   | 62 ++
 browser/locales/en-US/browser/appmenu.ftl  |  2 +
 .../themes/shared/customizableui/panelUI.inc.css   |  3 ++
 browser/themes/shared/notification-icons.inc.css   |  1 +
 browser/themes/shared/toolbarbutton-icons.inc.css  |  1 +
 toolkit/mozapps/update/UpdateListener.jsm  | 50 +++--
 toolkit/mozapps/update/UpdateService.jsm   | 27 ++
 .../mozapps/update/tests/browser/browser.bits.ini  |  1 +
 toolkit/mozapps/update/tests/browser/browser.ini   |  1 +
 .../update/tests/browser/browser.legacy.bits.ini   |  1 +
 .../update/tests/browser/browser.legacy.ini|  1 +
 .../browser/browser_aboutDialog_bc_downloading.js  | 17 ++
 .../browser_aboutDialog_bc_downloading_notify.js   | 58 
 toolkit/mozapps/update/tests/data/shared.js|  1 +
 18 files changed, 222 insertions(+), 16 deletions(-)

diff --git a/browser/app/profile/firefox.js b/browser/app/profile/firefox.js
index a7e0bd808254..479c68efdd8c 100644
--- a/browser/app/profile/firefox.js
+++ b/browser/app/profile/firefox.js
@@ -131,6 +131,10 @@ pref("app.update.download.promptMaxAttempts", 2);
 // download a fresh installer.
 pref("app.update.elevation.promptMaxAttempts", 2);
 
+// If set to true, a message will be displayed in the hamburger menu while
+// an update is being downloaded.
+pref("app.update.notifyDuringDownload", false);
+
 // If set to true, the Update Service will automatically download updates if 
the
 // user can apply updates. This pref is no longer used on Windows, except as 
the
 // default value to migrate to the new location that this data is now stored
diff --git a/browser/components/BrowserGlue.jsm 
b/browser/components/BrowserGlue.jsm
index 70f5ad8b85e4..0a3555f26432 100644
--- a/browser/components/BrowserGlue.jsm
+++ b/browser/components/BrowserGlue.jsm
@@ -769,6 +769,7 @@ const global = this;
 
 const listeners = {
   observers: {
+"update-downloading": ["UpdateListener"],
 "update-staged": ["UpdateListener"],
 "update-downloaded": ["UpdateListener"],
 "update-available": ["UpdateListener"],
diff --git a/browser/components/customizableui/content/panelUI.inc.xhtml 
b/browser/components/customizableui/content/panelUI.inc.xhtml
index e5c9c00c35e4..3a8b74b0a9f3 100644
--- a/browser/components/customizableui/content/panelUI.inc.xhtml
+++ b/browser/components/customizableui/content/panelUI.inc.xhtml
@@ -223,6 +223,8 @@
   
 
  {
+mainActionCalled = true;
+  },
+};
+// The downloading notification is always displayed in a dismissed state.
+AppMenuNotifications.showNotification(
+  "update-downloading",
+  mainAction,
+  undefined,
+  { dismissed: true }
+);
+is(PanelUI.notificationPanel.state, "closed", "doorhanger is closed.");
+
+is(
+  PanelUI.menuButton.getAttribute("badge-status"),
+  "update-downloading",
+  "Downloading badge is displaying on PanelUI button."
+);
+
+await gCUITestUtils.openMainMenu();
+isnot(
+  PanelUI.menuButton.getAttribute("badge-status"),
+  "update-downloading",
+  "Downloading badge is hidden on PanelUI button."
+);
+let menuItem = PanelUI.mainView.querySelector(".panel-banner-item");
+is(
+  menuItem.label,
+  menuItem.getAttribute("label-update-downloading"),
+  "Showing correct label (downloading)"
+);
+is(menuItem.hidden, false, "update-downloading menu item is showing.");
+
+await gCUITestUtils.hideMainMenu();
+is(
+  PanelUI.menuButton.getAttribute("badge-status"),
+  "update-downloading",
+  "Downloading badge is shown on PanelUI button."
+);
+
+await gCUITestUtils.openMainMenu();
+menuItem.click();
+ok(mainActionCalled, "Main action callback was called");
+
+AppMenuNotifications.removeNotification(/.*/);
+  });
+});
+
 /**
  * We want to ensure a few things with this:
  * - Adding a doorhanger will make a badge disappear
diff --git a/browser/locales/en-US/browser/appmenu.ftl 
b/browser/locales/en-US/browser/appmenu.ftl
index 

[tor-commits] [tor-browser/tor-browser-78.14.0esr-10.5-1] TB4: Tor Browser's Firefox preference overrides.

[sysrqb]

commit 8a0ba0fc9e49dbc7b641653bc0828b58e5b971da
Author: Mike Perry 
Date:   Tue Sep 10 18:20:43 2013 -0700

TB4: Tor Browser's Firefox preference overrides.

This hack directly includes our preference changes in omni.ja.

Bug 18292: Staged updates fail on Windows

Temporarily disable staged updates on Windows.

Bug 18297: Use separate Noto JP,KR,SC,TC fonts

Bug 23404: Add Noto Sans Buginese to the macOS whitelist

Bug 23745: Set dom.indexedDB.enabled = true

Bug 13575: Disable randomised Firefox HTTP cache decay user tests.
(Fernando Fernandez Mancera )

Bug 17252: Enable session identifiers with FPI

Session tickets and session identifiers were isolated
by OriginAttributes, so we can re-enable them by
allowing the default value (true) of
"security.ssl.disable_session_identifiers".

The pref "security.enable_tls_session_tickets" is obsolete
(removed in https://bugzilla.mozilla.org/917049)

Bug 14952: Enable http/2 and AltSvc

In Firefox, SPDY/HTTP2 now uses Origin Attributes for
isolation of connections, push streams, origin frames, etc.
That means we get first-party isolation provided
"privacy.firstparty.isolate" is true. So in this patch, we
stop overriding "network.http.spdy.enabled" and
"network.http.spdy.enabled.http2".

Alternate Services also use Origin Attributes for isolation.
So we stop overriding
"network.http.altsvc.enabled" and "network.http.altsvc.oe"
as well.

(All 4 of the abovementioned "network.http.*" prefs adopt
Firefox 60ESR's default value of true.)

However, we want to disable HTTP/2 push for now, so we
set "network.http.spdy.allow-push" to false.

"network.http.spdy.enabled.http2draft" was removed in Bug 1132357.
"network.http.sped.enabled.v2" was removed in Bug 912550.
"network.http.sped.enabled.v3" was removed in Bug 1097944.
"network.http.sped.enabled.v3-1" was removed in Bug 1248197.

Bug 26114: addons.mozilla.org is not special
* Don't expose navigator.mozAddonManager on any site
* Don't block NoScript from modifying addons.mozilla.org or other sites

Enable ReaderView mode again (#27281).

Bug 29916: Make sure enterprise policies are disabled

Bug 2874: Block Components.interfaces from content

Bug 26146: Spoof HTTP User-Agent header for desktop platforms

In Tor Browser 8.0, the OS was revealed in both the HTTP User-Agent
header and to JavaScript code via navigator.userAgent. To avoid
leaking the OS inside each HTTP request (which many web servers
log), always use the Windows 7 OS value in the desktop User-Agent
header. We continue to allow access to the actual OS via JavaScript,
since doing so improves compatibility with web applications such
as GitHub and Google Docs.

Bug 12885: Windows Jump Lists fail for Tor Browser

Jumplist entries are stored in a binary file in:
  %APPDATA%\\Microsoft\Windows\Recent\CustomDestinations\
and has a name in the form
  [a-f0-9]+.customDestinations-ms

The hex at the front is unique per app, and is ultimately derived from
something called the 'App User Model ID' (AUMID) via some unknown
hashing method. The AUMID is provided as a key when programmatically
creating, updating, and deleting a jumplist. The default behaviour in
firefox is for the installer to define an AUMID for an app, and save it
in the registry so that the jumplist data can be removed by the
uninstaller.

However, the Tor Browser does not set this (or any other) regkey during
installation, so this codepath fails and the app's AUMID is left
undefined. As a result the app's AUMID ends up being defined by
windows, but unknowable by Tor Browser. This unknown AUMID is used to
create and modify the jumplist, but the delete API requires that we
provide the app's AUMID explicitly. Since we don't know what the AUMID
is (since the expected regkey where it is normally stored does not
exist) jumplist deletion will fail and we will leave behind a mostly
empty customDestinations-ms file. The name of the file is derived from
the binary path, so an enterprising person could reverse engineer how
that hex name is calculated, and generate the name for Tor Browser's
default Desktop installation path to determine whether a person had
used Tor Browser in the past.

The 'taskbar.grouping.useprofile' option that is enabled by this patch
works around this AUMID problem by having firefox.exe create it's own
AUMID based on the profile path (rather than looking for a regkey). This
way, if a user goes in and enables and disables jumplist entries, the
backing store is properly deleted.

Unfortunately, all windows users currently have this file lurking in
the above mentioned 

[tor-commits] [tor-browser/tor-browser-78.14.0esr-10.5-1] TB3: Tor Browser's official .mozconfigs.

[sysrqb]

commit 39ccb88c03e34821e04b91a9c507afa28bf3be1a
Author: Mike Perry 
Date:   Mon May 6 15:51:06 2013 -0700

TB3: Tor Browser's official .mozconfigs.

Also:
Bug #9829.1: new .mozconfig file for the new cross-compiler and ESR24
Changes needed to build Mac in 64bit
Bug 10715: Enable Webgl for mingw-w64 again.
Disable ICU when cross-compiling; clean-up.
Bug 15773: Enable ICU on OS X
Bug 15990: Don't build the sandbox with mingw-w64
Bug 12761: Switch to ESR 38 for OS X
Updating .mozconfig-asan
Bug 12516: Compile hardenend Tor Browser with -fwrapv
Bug 18331: Switch to Mozilla's toolchain for building Tor Browser for OS X
Bug 17858: Cannot create incremental MARs for hardened builds.
Define HOST_CFLAGS, etc. to avoid compiling programs such as mbsdiff
(which is part of mar-tools and is not distributed to end-users) with
ASan.
Bug 13419: Add back ICU for Windows
Bug 21239: Use GTK2 for ESR52 Linux builds
Bug 23025: Add hardening flags for macOS
Bug 24478: Enable debug assertions and tests in our ASan builds
--enable-proxy-bypass-protection
Bug 27597: ASan build option in tor-browser-build is broken

Bug 27623 - Export MOZILLA_OFFICIAL during desktop builds

This fixes a problem where some preferences had the wrong default value.
Also see bug 27472 where we made a similar fix for Android.

Bug 30463: Explicitly disable MOZ_TELEMETRY_REPORTING

Bug 31450: Set proper BINDGEN_CFLAGS for ASan builds

Add an --enable-tor-browser-data-outside-app-dir configure option

Add --with-tor-browser-version configure option

Bug 21849: Don't allow SSL key logging.

Bug 31457: disable per-installation profiles

The dedicated profiles (per-installation) feature does not interact
well with our bundled profiles on Linux and Windows, and it also causes
multiple profiles to be created on macOS under TorBrowser-Data.

Bug 31935: Disable profile downgrade protection.

Since Tor Browser does not support more than one profile, disable
the prompt and associated code that offers to create one when a
version downgrade situation is detected.

Bug 32493: Disable MOZ_SERVICES_HEALTHREPORT

Bug 25741 - TBA: Disable features at compile-time

MOZ_NATIVE_DEVICES for casting and the media player
MOZ_TELEMETRY_REPORTING for telemetry
MOZ_DATA_REPORTING for all data reporting preferences (crashreport, 
telemetry, geo)

Bug 25741 - TBA: Add default configure options in dedicated file

Define MOZ_ANDROID_NETWORK_STATE and MOZ_ANDROID_LOCATION

Bug 29859: Disable HLS support for now

Add --disable-tor-launcher build option

Add --enable-tor-browser-update build option

Bug 33734: Set MOZ_NORMANDY to False

Bug 33851: Omit Parental Controls.

Bug 40061: Omit the Windows default browser agent from the build

Bug 40107: Adapt .mozconfig-asan for ESR 78

Bug 40252: Add --enable-rust-simd to our tor-browser mozconfig files
---
 .mozconfig| 39 
 .mozconfig-android| 36 ++
 .mozconfig-asan   | 45 
 .mozconfig-mac| 56 +++
 .mozconfig-mingw  | 31 +++
 browser/base/moz.build|  3 ++
 browser/installer/Makefile.in |  8 +
 browser/moz.configure |  8 ++---
 build/moz.configure/old.configure |  6 
 mobile/android/confvars.sh|  9 ++
 mobile/android/geckoview/build.gradle |  1 +
 mobile/android/moz.configure  | 17 +--
 mobile/android/torbrowser.configure   | 30 +++
 old-configure.in  | 49 ++
 security/moz.build|  2 +-
 security/nss/lib/ssl/Makefile |  2 +-
 toolkit/modules/AppConstants.jsm  |  9 ++
 toolkit/modules/moz.build |  3 ++
 18 files changed, 346 insertions(+), 8 deletions(-)

diff --git a/.mozconfig b/.mozconfig
new file mode 100755
index ..18cd1f9b6487
--- /dev/null
+++ b/.mozconfig
@@ -0,0 +1,39 @@
+. $topsrcdir/browser/config/mozconfig
+
+# This mozconfig file is not used in official Tor Browser builds.
+# It is only intended to be used when doing incremental Linux builds
+# during development. The platform-specific mozconfig configuration
+# files used in official Tor Browser releases can be found in the
+# tor-browser-build repo:
+#   https://gitweb.torproject.org/builders/tor-browser-build.git/
+# under:
+#   tor-browser-build/projects/firefox/mozconfig-$OS-$ARCH
+
+mk_add_options MOZ_OBJDIR=@TOPSRCDIR@/obj-@CONFIG_GUESS@
+mk_add_options MOZ_APP_DISPLAYNAME="Tor Browser"
+export MOZILLA_OFFICIAL=1
+
+ac_add_options 

[tor-commits] [tor-browser/tor-browser-78.14.0esr-10.5-1] Bug 1642754 - Update prompts should not depend on how update was initiated r=bytesized

[sysrqb]

commit ce4a0acd8a97a23fa194184808eefa3c1bd1126f
Author: Mark Smith 
Date:   Wed Jun 17 19:24:09 2020 +

Bug 1642754 - Update prompts should not depend on how update was initiated 
r=bytesized

Show update badge and doorhanger when entering the "pending"
state for foreground updates.

Differential Revision: https://phabricator.services.mozilla.com/D79903
---
 toolkit/mozapps/update/UpdateService.jsm   | 10 ++
 .../browser/browser_aboutDialog_fc_downloadAuto.js | 18 +-
 2 files changed, 19 insertions(+), 9 deletions(-)

diff --git a/toolkit/mozapps/update/UpdateService.jsm 
b/toolkit/mozapps/update/UpdateService.jsm
index 8dd397f628f5..1dc86a073646 100644
--- a/toolkit/mozapps/update/UpdateService.jsm
+++ b/toolkit/mozapps/update/UpdateService.jsm
@@ -5002,8 +5002,6 @@ Downloader.prototype = {
   }
 }
 
-// XXX ehsan shouldShowPrompt should always be false here.
-// But what happens when there is already a UI showing?
 var state = this._patch.state;
 var shouldShowPrompt = false;
 var shouldRegisterOnlineObserver = false;
@@ -5044,9 +5042,7 @@ Downloader.prototype = {
 } else {
   state = STATE_PENDING;
 }
-if (this.background) {
-  shouldShowPrompt = !getCanStageUpdates();
-}
+shouldShowPrompt = !getCanStageUpdates();
 AUSTLMY.pingDownloadCode(this.isCompleteUpdate, AUSTLMY.DWNLD_SUCCESS);
 
 // Tell the updater.exe we're ready to apply.
@@ -5329,9 +5325,7 @@ Downloader.prototype = {
   LOG(
 "Downloader:onStopRequest - failed to stage update. Exception: " + 
e
   );
-  if (this.background) {
-shouldShowPrompt = true;
-  }
+  shouldShowPrompt = true;
 }
   }
 }
diff --git 
a/toolkit/mozapps/update/tests/browser/browser_aboutDialog_fc_downloadAuto.js 
b/toolkit/mozapps/update/tests/browser/browser_aboutDialog_fc_downloadAuto.js
index 6a8835251dec..be65ce8ddef1 100644
--- 
a/toolkit/mozapps/update/tests/browser/browser_aboutDialog_fc_downloadAuto.js
+++ 
b/toolkit/mozapps/update/tests/browser/browser_aboutDialog_fc_downloadAuto.js
@@ -15,7 +15,7 @@ add_task(async function 
aboutDialog_foregroundCheck_downloadAuto() {
 
   // Since the partial should be successful specify an invalid size for the
   // complete update.
-  let params = { queryString: "=1" };
+  let params = { queryString: "=1=0" };
   await runAboutDialogUpdateTest(params, [
 {
   panelId: "checkingForUpdates",
@@ -28,6 +28,22 @@ add_task(async function 
aboutDialog_foregroundCheck_downloadAuto() {
   continueFile: CONTINUE_DOWNLOAD,
   downloadInfo,
 },
+async function aboutDialog_restart_notification() {
+  is(
+PanelUI.notificationPanel.state,
+"closed",
+"The window's doorhanger is closed."
+  );
+  ok(
+PanelUI.menuButton.hasAttribute("badge-status"),
+"The window has a badge."
+  );
+  is(
+PanelUI.menuButton.getAttribute("badge-status"),
+"update-restart",
+"The restart badge is showing for the background window"
+  );
+},
 {
   panelId: "apply",
   checkActiveUpdate: { state: STATE_PENDING },



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [manual/master] improve linux installation instructions and document .desktop file flags

[gus]

commit 6c5e0ff105c97339b270b00f7aba65fd0d9d210a
Author: championquizzer 
Date:   Fri Sep 3 19:38:30 2021 +0530

improve linux installation instructions and document .desktop file flags

fixes #88

fixes #105
---
 .../linux-change-behavior-executable-files.png | Bin 0 -> 82614 bytes
 .../images/linux-make-desktop-file-executable.png  | Bin 0 -> 58122 bytes
 content/installation/contents.lr   |  43 +
 3 files changed, 35 insertions(+), 8 deletions(-)

diff --git a/assets/static/images/linux-change-behavior-executable-files.png 
b/assets/static/images/linux-change-behavior-executable-files.png
new file mode 100644
index 000..a80e895
Binary files /dev/null and 
b/assets/static/images/linux-change-behavior-executable-files.png differ
diff --git a/assets/static/images/linux-make-desktop-file-executable.png 
b/assets/static/images/linux-make-desktop-file-executable.png
new file mode 100644
index 000..b0915ff
Binary files /dev/null and 
b/assets/static/images/linux-make-desktop-file-executable.png differ
diff --git a/content/installation/contents.lr b/content/installation/contents.lr
index d50bde9..c4fd7e9 100644
--- a/content/installation/contents.lr
+++ b/content/installation/contents.lr
@@ -40,19 +40,46 @@ For GNU/Linux:
 
 3. (Recommended) Verify the [file's 
signature](https://support.torproject.org/en/tbb/how-to-verify-signature/).
 
-4. When the download is complete, extract the archive with the command `tar 
-xf [TB archive]` or by using an archive manager.
+4. Now follow either the GUI method or the command-line method: 
 
-5. You'll need to tell your GNU/Linux that you want the ability to execute 
shell scripts from the graphical interface or the command line.
-   Navigate to the newly extracted Tor Browser directory.
-   Right click on `start-tor-browser.desktop`, open Properties or Preferences 
and change the permission to allow executing file as program.
+ GUI method
+
+* When the download is complete, extract the archive using an archive manager.
+
+* You'll need to tell your GNU/Linux that you want the ability to execute 
shell scripts. Navigate to the newly extracted Tor Browser directory. Right 
click on `start-tor-browser.desktop`, open Properties or Preferences and change 
the permission to allow executing file as program.
Double-click the icon to start up Tor Browser for the first time.
 
-   **Note:** On Ubuntu and some other distros if you try to launch the 
start-tor-browser.desktop file a text file might open up.
-To change this behavior and launch Tor Browser instead, follow this: Open 
"Files" (GNOME Files/Nautilus) → open Preferences → go to the 'Behavior' 
Tab → Select "Run them" or "Ask what to do" under "Executable Text Files".
-If you choose the latter click on "Run" after launching the 
start-tor-browser.desktop file.
+
+
+   **Note:** On Ubuntu and some other distros if you try to launch 
`start-tor-browser.desktop` a text file might open up.
+To change this behavior and launch Tor Browser instead, follow this:
+* Launch "Files" (GNOME Files/Nautilus)
+* Click on Preferences.
+* Navigate to the 'Behavior' Tab.
+* Select "Run them" or "Ask what to do" under "Executable Text Files".
+* If you choose the latter click on "Run" after launching the 
`start-tor-browser.desktop` file.
+
+
+
+ Command-line method
 
-6. Alternatively, from inside the Tor Browser directory, you can also start 
from the command line by running:
+* When the download is complete, extract the archive with the command `tar -xf 
[TB archive]`.
+
+* From inside the Tor Browser directory, you can launch Tor Browser by running:
 
`./start-tor-browser.desktop`
 
+   **Note:** If this command fails to run, you probably need to make the file 
executable. From within this directory run: `chmod +x start-tor-browser.desktop`
+
+* Some additional flags that can be used with `start-tor-browser.desktop` from 
the command-line:
+
+| **Flag** | **Description** |
+|--|-|
+| `--register-app` | To register Tor Browser as a desktop application. |
+| `--verbose` | To display Tor and Firefox output in the terminal. |
+| `--log [file]` | To record Tor and Firefox output in file (default: 
tor-browser.log). |
+| `--detach` | To detach from terminal and run Tor Browser in the background. |
+| `--unregister-app` | To unregister Tor Browser as a desktop application. |
+
+
 See here on how to [update Tor 
Browser](https://tb-manual.torproject.org/updating/).

___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [translation/policies-code_of_conducttxtpot] https://gitweb.torproject.org/translation.git/commit/?h=policies-code_of_conducttxtpot

[translation]

commit acd3c30fd14872545a45a60409a27b9dd94f6e25
Author: Translation commit bot 
Date:   Fri Sep 3 23:45:38 2021 +


https://gitweb.torproject.org/translation.git/commit/?h=policies-code_of_conducttxtpot
---
 code_of_conduct+ca.po | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/code_of_conduct+ca.po b/code_of_conduct+ca.po
index 6e0e09da01..389298673e 100644
--- a/code_of_conduct+ca.po
+++ b/code_of_conduct+ca.po
@@ -293,6 +293,8 @@ msgid ""
 "Be mindful of your surroundings and of your fellow participants. Alert "
 "community leaders if you notice:"
 msgstr ""
+"Estigues al tant del teu entorn i als altres usuaris d'aquest. Avisa als "
+"caps de la comunitat si detectes:"
 
 #. type: Bullet: '- '
 #: ../code_of_conduct.txt:94

___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [translation/policies-code_of_conducttxtpot] https://gitweb.torproject.org/translation.git/commit/?h=policies-code_of_conducttxtpot

[translation]

commit 5879f9c4eec40b7badc02a82868070d32a660923
Author: Translation commit bot 
Date:   Fri Sep 3 23:15:49 2021 +


https://gitweb.torproject.org/translation.git/commit/?h=policies-code_of_conducttxtpot
---
 code_of_conduct+ca.po | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/code_of_conduct+ca.po b/code_of_conduct+ca.po
index 96f79ed02c..6e0e09da01 100644
--- a/code_of_conduct+ca.po
+++ b/code_of_conduct+ca.po
@@ -274,8 +274,7 @@ msgstr ""
 #. type: Bullet: '  * '
 #: ../code_of_conduct.txt:85
 msgid "Exercise consideration and respect in your speech and actions."
-msgstr ""
-"Fes ús de la consideració i el respecte en els teus comunicats i accions."
+msgstr "Sigues considerat i respectuós en les teves interaccions."
 
 #. type: Bullet: '  * '
 #: ../code_of_conduct.txt:87
@@ -286,7 +285,7 @@ msgstr "Intenta col·laborar i dialogar abans d'entrar en 
un conflicte."
 #: ../code_of_conduct.txt:89
 msgid ""
 "Refrain from demeaning, discriminatory, or harassing behavior and speech."
-msgstr ""
+msgstr "Abstén-te d'assetjar, discriminar o faltar el respecte."
 
 #. type: Bullet: '  * '
 #: ../code_of_conduct.txt:92

___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor-browser-build/maint-10.5] Bug 40358: Make OpenSSL 1.1.1l buildable for macOS

[sysrqb]

commit 269b0bf650e10d830f46b50ad298f4523e1eae51
Author: Matthew Finkel 
Date:   Fri Sep 3 20:51:55 2021 +

Bug 40358: Make OpenSSL 1.1.1l buildable for macOS
---
 .../0001-Revert-apple-getentropy-removal.patch | 39 ++
 projects/openssl/build |  1 +
 projects/openssl/config|  2 ++
 3 files changed, 42 insertions(+)

diff --git a/projects/openssl/0001-Revert-apple-getentropy-removal.patch 
b/projects/openssl/0001-Revert-apple-getentropy-removal.patch
new file mode 100644
index 000..d101203
--- /dev/null
+++ b/projects/openssl/0001-Revert-apple-getentropy-removal.patch
@@ -0,0 +1,39 @@
+From 8b9e95ae8a9d81b1942be28cba95c35f2303ee2d Mon Sep 17 00:00:00 2001
+From: Matthew Finkel 
+Date: Fri, 3 Sep 2021 20:48:53 +
+Subject: [PATCH] Revert "apple getentropy removal"
+
+This reverts commit b58ac9f1e3f828b5c65c9edd5bb86603a4886a26.
+---
+ crypto/rand/rand_unix.c | 8 
+ 1 file changed, 8 deletions(-)
+
+diff --git a/crypto/rand/rand_unix.c b/crypto/rand/rand_unix.c
+index 43f1069d15..2dfced2052 100644
+--- a/crypto/rand/rand_unix.c
 b/crypto/rand/rand_unix.c
+@@ -34,9 +34,6 @@
+ #if defined(__OpenBSD__)
+ # include 
+ #endif
+-#if defined(__APPLE__)
+-# include 
+-#endif
+ 
+ #if defined(OPENSSL_SYS_UNIX) || defined(__DJGPP__)
+ # include 
+@@ -381,11 +378,6 @@ static ssize_t syscall_random(void *buf, size_t buflen)
+ if (errno != ENOSYS)
+ return -1;
+ }
+-#  elif defined(__APPLE__)
+-if (CCRandomGenerateBytes(buf, buflen) == kCCSuccess)
+-  return (ssize_t)buflen;
+-
+-return -1;
+ #  else
+ union {
+ void *p;
+-- 
+2.25.1
+
diff --git a/projects/openssl/build b/projects/openssl/build
index f8c4cbf..bf0b16f 100644
--- a/projects/openssl/build
+++ b/projects/openssl/build
@@ -12,6 +12,7 @@ export CC='gcc -m32'
   # Tricking OpenSSL into using our clang as cross-compiler
   ln -s $clangdir/bin/clang $clangdir/bin/x86_64-apple-darwin-cc
   export CC="cc [% c("var/FLAGS") %]"
+  patch -p1 < $rootdir/0001-Revert-apple-getentropy-removal.patch
 [% END -%]
 export SOURCE_DATE_EPOCH='[% c("timestamp") %]'
 ./Configure [% c('var/configure_opts') %]
diff --git a/projects/openssl/config b/projects/openssl/config
index e679b0b..f0f6ef3 100644
--- a/projects/openssl/config
+++ b/projects/openssl/config
@@ -32,3 +32,5 @@ input_files:
 project: '[% c("var/compiler") %]'
   - URL: 'https://www.openssl.org/source/openssl-[% c("version") %].tar.gz'
 sha256sum: 0b7a3e5e59c34827fe0c3a74b7ec8baef302b98fa80088d7f9153aa16fa76bd1
+  - filename: 0001-Revert-apple-getentropy-removal.patch
+enable: '[% c("var/osx") %]'



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor-browser-build/maint-10.5] Tag 10.5.6 build 2

[sysrqb]

commit 62c85623166b445b53bcc806860839dfc91c121f
Author: Matthew Finkel 
Date:   Fri Sep 3 22:53:53 2021 +

Tag 10.5.6 build 2
---
 projects/tor-browser/Bundle-Data/Docs/ChangeLog.txt | 3 +++
 rbm.conf| 2 +-
 2 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/projects/tor-browser/Bundle-Data/Docs/ChangeLog.txt 
b/projects/tor-browser/Bundle-Data/Docs/ChangeLog.txt
index a039c19..776a6e8 100644
--- a/projects/tor-browser/Bundle-Data/Docs/ChangeLog.txt
+++ b/projects/tor-browser/Bundle-Data/Docs/ChangeLog.txt
@@ -2,6 +2,9 @@ Tor Browser 10.5.6 -- September 7 2021
  * Windows + OS X + Linux
* Update Openssl to 1.1.1l
* Update Firefox to 78.14.0esr
+ * Build System
+   * OS X
+ * Bug 40358: Make OpenSSL 1.1.1l buildable for macOS [tor-browser-build]
 
 Tor Browser 10.5.5 -- August 18 2021
  * All Platforms
diff --git a/rbm.conf b/rbm.conf
index 560db9b..ad632a9 100644
--- a/rbm.conf
+++ b/rbm.conf
@@ -58,7 +58,7 @@ buildconf:
 
 var:
   torbrowser_version: '10.5.6'
-  torbrowser_build: 'build1'
+  torbrowser_build: 'build2'
   torbrowser_incremental_from:
 - 10.5.5
   project_name: tor-browser

___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [meek/main] Actually recognize utls=HelloChrome_83 in meek-client.

[dcf]

commit 17083fc53147161fda0784a116026e29e2debee2
Author: David Fifield 
Date:   Fri Sep 3 15:46:34 2021 -0600

Actually recognize utls=HelloChrome_83 in meek-client.

To match documentation added in
7aa47e7ffc9ca9153d2d2e79c55c90e7e618.
---
 doc/meek-client.1.txt | 1 -
 meek-client/utls.go   | 2 ++
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/doc/meek-client.1.txt b/doc/meek-client.1.txt
index 28faff5..fce9e6f 100644
--- a/doc/meek-client.1.txt
+++ b/doc/meek-client.1.txt
@@ -51,7 +51,6 @@ with the named TLS fingerprint for TLS camouflage.
 This arg is incompatible with the **--helper** command line option.
 The possible values of __CLIENTHELLOID__ are:
 
-// 
https://github.com/refraction-networking/utls/blob/0b2885c8c0d4467cfe98136748a9d011d0b8fff0/u_common.go#L126
 - HelloRandomizedALPN
 - HelloRandomizedNoALPN
 - HelloFirefox_55
diff --git a/meek-client/utls.go b/meek-client/utls.go
index e7f2b5f..bcd386f 100644
--- a/meek-client/utls.go
+++ b/meek-client/utls.go
@@ -252,6 +252,7 @@ func makeRoundTripper(url *url.URL, clientHelloID 
*utls.ClientHelloID, cfg *utls
 }
 
 // When you update this map, also update the man page in doc/meek-client.1.txt.
+// https://github.com/refraction-networking/utls/blob/master/u_common.go
 var clientHelloIDMap = map[string]*utls.ClientHelloID{
// No HelloCustom: not useful for external configuration.
// No HelloRandomized: doesn't negotiate consistent ALPN.
@@ -269,6 +270,7 @@ var clientHelloIDMap = map[string]*utls.ClientHelloID{
"hellochrome_62":_62,
"hellochrome_70":_70,
"hellochrome_72":_72,
+   "hellochrome_83":_83,
"helloios_auto": _Auto,
"helloios_11_1": _11_1,
"helloios_12_1": _12_1,



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [meek/main] programVersion = "0.36.0"

[dcf]

commit 87f29032d03ebdd5a0ec597c2bb38515a1b721aa
Author: David Fifield 
Date:   Fri Sep 3 15:40:40 2021 -0600

programVersion = "0.36.0"
---
 meek-server/meek-server.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/meek-server/meek-server.go b/meek-server/meek-server.go
index df6886c..154a65d 100644
--- a/meek-server/meek-server.go
+++ b/meek-server/meek-server.go
@@ -44,7 +44,7 @@ import (
 )
 
 const (
-   programVersion = "0.34"
+   programVersion = "0.36.0"
 
ptMethodName = "meek"
// Reject session ids shorter than this, as a weak defense against



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [meek/main] programVersion = "0.37.0"

[dcf]

commit 53974afcd281204a9e7622d7454c10a49192d619
Author: David Fifield 
Date:   Fri Sep 3 15:47:28 2021 -0600

programVersion = "0.37.0"
---
 meek-server/meek-server.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/meek-server/meek-server.go b/meek-server/meek-server.go
index 154a65d..0e9c2e8 100644
--- a/meek-server/meek-server.go
+++ b/meek-server/meek-server.go
@@ -44,7 +44,7 @@ import (
 )
 
 const (
-   programVersion = "0.36.0"
+   programVersion = "0.37.0"
 
ptMethodName = "meek"
// Reject session ids shorter than this, as a weak defense against

___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [meek/main] Fix markup in meek-server man page.

[dcf]

commit ae42cad2499b0b139ded386eec3a5f99f0493ab0
Author: David Fifield 
Date:   Fri Sep 3 15:39:09 2021 -0600

Fix markup in meek-server man page.
---
 doc/meek-server.1 | 22 --
 doc/meek-server.1.txt |  4 ++--
 2 files changed, 18 insertions(+), 8 deletions(-)

diff --git a/doc/meek-server.1 b/doc/meek-server.1
index 3b7a07e..1084a46 100644
--- a/doc/meek-server.1
+++ b/doc/meek-server.1
@@ -2,12 +2,12 @@
 .\" Title: meek-server
 .\"Author: [FIXME: author] [see http://docbook.sf.net/el/author]
 .\" Generator: DocBook XSL Stylesheets v1.79.1 
-.\"  Date: 01/17/2019
+.\"  Date: 09/03/2021
 .\"Manual: \ \&
 .\"Source: \ \&
 .\"  Language: English
 .\"
-.TH "MEEK\-SERVER" "1" "01/17/2019" "\ \&" "\ \&"
+.TH "MEEK\-SERVER" "1" "09/03/2021" "\ \&" "\ \&"
 .\" -
 .\" * Define some portability stuff
 .\" -
@@ -128,10 +128,20 @@ or
 \fB\-\-disable\-tls\fR
 is used\&.
 .RE
-.sp
-\fB\-\-disable\-tls\fR: Use plain HTTP rather than HTTPS\&. This option is 
only for testing purposes\&. Don\(cqt use it in production\&.
-.sp
-\fB\-\-key\fR=\fIFILENAME\fR: Name of a PEM\-encoded TLS private key file\&. 
Required unless \fB\-\-acme\-hostnames\fR or \fB\-\-disable\-tls\fR is used\&.
+.PP
+\fB\-\-disable\-tls\fR
+.RS 4
+Use plain HTTP rather than HTTPS\&. This option is only for testing 
purposes\&. Don\(cqt use it in production\&.
+.RE
+.PP
+\fB\-\-key\fR=\fIFILENAME\fR
+.RS 4
+Name of a PEM\-encoded TLS private key file\&. Required unless
+\fB\-\-acme\-hostnames\fR
+or
+\fB\-\-disable\-tls\fR
+is used\&.
+.RE
 .PP
 \fB\-\-log\fR=\fIFILENAME\fR
 .RS 4
diff --git a/doc/meek-server.1.txt b/doc/meek-server.1.txt
index 6d705e1..80940cb 100644
--- a/doc/meek-server.1.txt
+++ b/doc/meek-server.1.txt
@@ -67,11 +67,11 @@ OPTIONS
 Name of a PEM-encoded TLS certificate file. Required unless
 **--acme-hostnames** or **--disable-tls** is used.
 
-**--disable-tls**:
+**--disable-tls**::
 Use plain HTTP rather than HTTPS. This option is only for testing
 purposes. Don't use it in production.
 
-**--key**=__FILENAME__:
+**--key**=__FILENAME__::
 Name of a PEM-encoded TLS private key file. Required unless
 **--acme-hostnames** or **--disable-tls** is used.
 



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [meek/main] Update utls to v0.0.0-20210713165636-0b2885c8c0d4.

[dcf]

commit 7aa47e7ffc9ca9153d2d2e79c55c90e7e618
Author: David Fifield 
Date:   Fri Sep 3 15:33:25 2021 -0600

Update utls to v0.0.0-20210713165636-0b2885c8c0d4.
---
 doc/meek-client.1 | 15 +--
 doc/meek-client.1.txt |  1 +
 go.mod|  2 +-
 go.sum|  4 ++--
 4 files changed, 17 insertions(+), 5 deletions(-)

diff --git a/doc/meek-client.1 b/doc/meek-client.1
index 8215537..0929310 100644
--- a/doc/meek-client.1
+++ b/doc/meek-client.1
@@ -2,12 +2,12 @@
 .\" Title: meek-client
 .\"Author: [FIXME: author] [see http://docbook.sf.net/el/author]
 .\" Generator: DocBook XSL Stylesheets v1.79.1 
-.\"  Date: 04/29/2020
+.\"  Date: 09/03/2021
 .\"Manual: \ \&
 .\"Source: \ \&
 .\"  Language: English
 .\"
-.TH "MEEK\-CLIENT" "1" "04/29/2020" "\ \&" "\ \&"
+.TH "MEEK\-CLIENT" "1" "09/03/2021" "\ \&" "\ \&"
 .\" -
 .\" * Define some portability stuff
 .\" -
@@ -194,6 +194,17 @@ HelloChrome_72
 .sp -1
 .IP \(bu 2.3
 .\}
+HelloChrome_83
+.RE
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
 HelloChrome_Auto
 .RE
 .sp
diff --git a/doc/meek-client.1.txt b/doc/meek-client.1.txt
index bd1ce5b..e378e53 100644
--- a/doc/meek-client.1.txt
+++ b/doc/meek-client.1.txt
@@ -62,6 +62,7 @@ The possible values of __CLIENTHELLOID__ are:
 - HelloChrome_62
 - HelloChrome_70
 - HelloChrome_72
+- HelloChrome_83
 - HelloChrome_Auto
 - HelloIOS_11_1
 - HelloIOS_12_1
diff --git a/go.mod b/go.mod
index 1216057..c0cb0cb 100644
--- a/go.mod
+++ b/go.mod
@@ -4,7 +4,7 @@ go 1.13
 
 require (
git.torproject.org/pluggable-transports/goptlib.git v1.1.0
-   github.com/refraction-networking/utls v0.0.0-20190909200633-43c36d3c1f57
+   github.com/refraction-networking/utls v0.0.0-20210713165636-0b2885c8c0d4
golang.org/x/crypto v0.0.0-20200429183012-4b2356b1ed79
golang.org/x/net v0.0.0-20200425230154-ff2c4b7c35a0
golang.org/x/sys v0.0.0-20200428200454-593003d681fa
diff --git a/go.sum b/go.sum
index effe803..0bc985f 100644
--- a/go.sum
+++ b/go.sum
@@ -1,7 +1,7 @@
 git.torproject.org/pluggable-transports/goptlib.git v1.1.0 
h1:LMQAA8pAho+QtYrrVNimJQiINNEwcwuuD99vezD/PAo=
 git.torproject.org/pluggable-transports/goptlib.git v1.1.0/go.mod 
h1:YT4XMSkuEXbtqlydr9+OxqFAyspUv0Gr9qhM3B++o/Q=
-github.com/refraction-networking/utls v0.0.0-20190909200633-43c36d3c1f57 
h1:SL1K0QAuC1b54KoY1pjPWe6kSlsFHwK9/oC960fKrTY=
-github.com/refraction-networking/utls 
v0.0.0-20190909200633-43c36d3c1f57/go.mod 
h1:tz9gX959MEFfFN5whTIocCLUG57WiILqtdVxI8c6Wj0=
+github.com/refraction-networking/utls v0.0.0-20210713165636-0b2885c8c0d4 
h1:n9NMHJusHylTmtaJ0Qe0VV9dkTZLiwAxHmrI/l98GeE=
+github.com/refraction-networking/utls 
v0.0.0-20210713165636-0b2885c8c0d4/go.mod 
h1:tz9gX959MEFfFN5whTIocCLUG57WiILqtdVxI8c6Wj0=
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod 
h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
 golang.org/x/crypto v0.0.0-20200429183012-4b2356b1ed79 
h1:IaQbIIB2X/Mp/DKctl6ROxz1KyMlKp4uyvL6+kQ7C88=
 golang.org/x/crypto v0.0.0-20200429183012-4b2356b1ed79/go.mod 
h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [meek/main] Use a non-empty ServerName in TestProxyHTTPSCONNECT.

[dcf]

commit d9d57c24616a52f3f591fd49e4a5b34e2567fef3
Author: David Fifield 
Date:   Fri Sep 3 15:27:01 2021 -0600

Use a non-empty ServerName in TestProxyHTTPSCONNECT.

The crypto/tls server, since go1.12, requires that if a server_name
extension is present, it is not empty. With go1.12 and later, this test
was failing with
proxy_test.go:95: local error: tls: unexpected message

The specific commit that added the empty server_name check was:
https://go-review.googlesource.com/c/go/+/144115

https://github.com/golang/go/commit/4c8b09e9183390d6ab80d3f53a9fe5f6ace92f06#diff-f2f5faeac5da94dc7735456f798177b53421f827b8bfc242b56f116b8e5c7e62R264
Note the comment "enforcing a couple more 'must not be empty' on the
unmarshaling side".

Wireshark also complains in a packet capture:
[Expert Info (Warning/Protocol): Vector length 0 is smaller than 
minimum 1]


https://bugs.torproject.org/tpo/anti-censorship/pluggable-transports/meek/40002
---
 meek-client/proxy_test.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/meek-client/proxy_test.go b/meek-client/proxy_test.go
index b44c9a2..88ab387 100644
--- a/meek-client/proxy_test.go
+++ b/meek-client/proxy_test.go
@@ -226,7 +226,7 @@ func requestResultingFromDialHTTPS(t *testing.T, makeProxy 
func(addr net.Addr) (
 
 func TestProxyHTTPSCONNECT(t *testing.T) {
req, err := requestResultingFromDialHTTPS(t, func(addr net.Addr) 
(*httpProxy, error) {
-   return ProxyHTTPS("tcp", addr.String(), nil, proxy.Direct, 
{InsecureSkipVerify: true}, _Auto)
+   return ProxyHTTPS("tcp", addr.String(), nil, proxy.Direct, 
{InsecureSkipVerify: true, ServerName: testHost}, 
_Auto)
}, "tcp", testAddr)
if err != nil {
panic(err)



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [meek/main] Remove TestCopyPublicFieldsHTTPTransport.

[dcf]

commit ae328538b8b582f2e594d8e3fcf192e8f70b8b16
Author: David Fifield 
Date:   Thu Sep 2 07:06:23 2021 -0600

Remove TestCopyPublicFieldsHTTPTransport.

This ought to have been removed in
bc887de694bc2d2381af099d5c38f0e9efd76c4b.


https://bugs.torproject.org/tpo/anti-censorship/pluggable-transports/meek/40002
---
 meek-client/utls_test.go | 35 ---
 1 file changed, 35 deletions(-)

diff --git a/meek-client/utls_test.go b/meek-client/utls_test.go
index eebb1db..b7e96a2 100644
--- a/meek-client/utls_test.go
+++ b/meek-client/utls_test.go
@@ -11,41 +11,6 @@ import (
utls "github.com/refraction-networking/utls"
 )
 
-func TestCopyPublicFieldsHTTPTransport(t *testing.T) {
-   src := http.DefaultTransport.(*http.Transport)
-   dst := {}
-   copyPublicFields(dst, src)
-   // Test various fields that we might care about a copy of http.Transport
-   // having.
-   if dst.DisableKeepAlives != src.DisableKeepAlives {
-   t.Errorf("mismatch on DisableKeepAlives")
-   }
-   if dst.DisableCompression != src.DisableCompression {
-   t.Errorf("mismatch on DisableCompression")
-   }
-   if dst.MaxIdleConns != src.MaxIdleConns {
-   t.Errorf("mismatch on MaxIdleConns")
-   }
-   if dst.MaxIdleConnsPerHost != src.MaxIdleConnsPerHost {
-   t.Errorf("mismatch on MaxIdleConnsPerHost")
-   }
-   if dst.MaxConnsPerHost != src.MaxConnsPerHost {
-   t.Errorf("mismatch on MaxConnsPerHost")
-   }
-   if dst.IdleConnTimeout != src.IdleConnTimeout {
-   t.Errorf("mismatch on IdleConnTimeout")
-   }
-   if dst.ResponseHeaderTimeout != src.ResponseHeaderTimeout {
-   t.Errorf("mismatch on ResponseHeaderTimeout")
-   }
-   if dst.ExpectContinueTimeout != src.ExpectContinueTimeout {
-   t.Errorf("mismatch on ExpectContinueTimeout")
-   }
-   if dst.MaxResponseHeaderBytes != src.MaxResponseHeaderBytes {
-   t.Errorf("mismatch on MaxResponseHeaderBytes")
-   }
-}
-
 // Test that the name lookup of NewUTLSRoundTripper is case-insensitive.
 func TestNewUTLSRoundTripperCase(t *testing.T) {
mixed, err := NewUTLSRoundTripper("HelloFirefox_Auto", nil, nil)



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [meek/main] Document equalities of "_Auto" utls fingerprints.

[dcf]

commit 339f3d8ea06d765283d177bd4a273befae0bbb42
Author: David Fifield 
Date:   Fri Sep 3 15:38:20 2021 -0600

Document equalities of "_Auto" utls fingerprints.
---
 doc/meek-client.1 | 6 +++---
 doc/meek-client.1.txt | 7 ---
 2 files changed, 7 insertions(+), 6 deletions(-)

diff --git a/doc/meek-client.1 b/doc/meek-client.1
index 0929310..9f45591 100644
--- a/doc/meek-client.1
+++ b/doc/meek-client.1
@@ -139,7 +139,7 @@ HelloFirefox_65
 .sp -1
 .IP \(bu 2.3
 .\}
-HelloFirefox_Auto
+HelloFirefox_Auto = HelloFirefox_65
 .RE
 .sp
 .RS 4
@@ -205,7 +205,7 @@ HelloChrome_83
 .sp -1
 .IP \(bu 2.3
 .\}
-HelloChrome_Auto
+HelloChrome_Auto = HelloChrome_83
 .RE
 .sp
 .RS 4
@@ -238,7 +238,7 @@ HelloIOS_12_1
 .sp -1
 .IP \(bu 2.3
 .\}
-HelloIOS_Auto
+HelloIOS_Auto = HelloIOS_12_1
 .RE
 .sp
 As a special case, the values "none" and "HelloGolang" are recognized as 
aliases for omitting the
diff --git a/doc/meek-client.1.txt b/doc/meek-client.1.txt
index e378e53..28faff5 100644
--- a/doc/meek-client.1.txt
+++ b/doc/meek-client.1.txt
@@ -51,22 +51,23 @@ with the named TLS fingerprint for TLS camouflage.
 This arg is incompatible with the **--helper** command line option.
 The possible values of __CLIENTHELLOID__ are:
 
+// 
https://github.com/refraction-networking/utls/blob/0b2885c8c0d4467cfe98136748a9d011d0b8fff0/u_common.go#L126
 - HelloRandomizedALPN
 - HelloRandomizedNoALPN
 - HelloFirefox_55
 - HelloFirefox_56
 - HelloFirefox_63
 - HelloFirefox_65
-- HelloFirefox_Auto
+- HelloFirefox_Auto = HelloFirefox_65
 - HelloChrome_58
 - HelloChrome_62
 - HelloChrome_70
 - HelloChrome_72
 - HelloChrome_83
-- HelloChrome_Auto
+- HelloChrome_Auto = HelloChrome_83
 - HelloIOS_11_1
 - HelloIOS_12_1
-- HelloIOS_Auto
+- HelloIOS_Auto = HelloIOS_12_1
 
 As a special case, the values "none" and "HelloGolang"
 are recognized as aliases for



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [meek/master] programVersion = "0.37.0"

[dcf]

commit 53974afcd281204a9e7622d7454c10a49192d619
Author: David Fifield 
Date:   Fri Sep 3 15:47:28 2021 -0600

programVersion = "0.37.0"
---
 meek-server/meek-server.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/meek-server/meek-server.go b/meek-server/meek-server.go
index 154a65d..0e9c2e8 100644
--- a/meek-server/meek-server.go
+++ b/meek-server/meek-server.go
@@ -44,7 +44,7 @@ import (
 )
 
 const (
-   programVersion = "0.36.0"
+   programVersion = "0.37.0"
 
ptMethodName = "meek"
// Reject session ids shorter than this, as a weak defense against

___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [meek/master] Actually recognize utls=HelloChrome_83 in meek-client.

[dcf]

commit 17083fc53147161fda0784a116026e29e2debee2
Author: David Fifield 
Date:   Fri Sep 3 15:46:34 2021 -0600

Actually recognize utls=HelloChrome_83 in meek-client.

To match documentation added in
7aa47e7ffc9ca9153d2d2e79c55c90e7e618.
---
 doc/meek-client.1.txt | 1 -
 meek-client/utls.go   | 2 ++
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/doc/meek-client.1.txt b/doc/meek-client.1.txt
index 28faff5..fce9e6f 100644
--- a/doc/meek-client.1.txt
+++ b/doc/meek-client.1.txt
@@ -51,7 +51,6 @@ with the named TLS fingerprint for TLS camouflage.
 This arg is incompatible with the **--helper** command line option.
 The possible values of __CLIENTHELLOID__ are:
 
-// 
https://github.com/refraction-networking/utls/blob/0b2885c8c0d4467cfe98136748a9d011d0b8fff0/u_common.go#L126
 - HelloRandomizedALPN
 - HelloRandomizedNoALPN
 - HelloFirefox_55
diff --git a/meek-client/utls.go b/meek-client/utls.go
index e7f2b5f..bcd386f 100644
--- a/meek-client/utls.go
+++ b/meek-client/utls.go
@@ -252,6 +252,7 @@ func makeRoundTripper(url *url.URL, clientHelloID 
*utls.ClientHelloID, cfg *utls
 }
 
 // When you update this map, also update the man page in doc/meek-client.1.txt.
+// https://github.com/refraction-networking/utls/blob/master/u_common.go
 var clientHelloIDMap = map[string]*utls.ClientHelloID{
// No HelloCustom: not useful for external configuration.
// No HelloRandomized: doesn't negotiate consistent ALPN.
@@ -269,6 +270,7 @@ var clientHelloIDMap = map[string]*utls.ClientHelloID{
"hellochrome_62":_62,
"hellochrome_70":_70,
"hellochrome_72":_72,
+   "hellochrome_83":_83,
"helloios_auto": _Auto,
"helloios_11_1": _11_1,
"helloios_12_1": _12_1,



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [meek/master] programVersion = "0.36.0"

[dcf]

commit 87f29032d03ebdd5a0ec597c2bb38515a1b721aa
Author: David Fifield 
Date:   Fri Sep 3 15:40:40 2021 -0600

programVersion = "0.36.0"
---
 meek-server/meek-server.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/meek-server/meek-server.go b/meek-server/meek-server.go
index df6886c..154a65d 100644
--- a/meek-server/meek-server.go
+++ b/meek-server/meek-server.go
@@ -44,7 +44,7 @@ import (
 )
 
 const (
-   programVersion = "0.34"
+   programVersion = "0.36.0"
 
ptMethodName = "meek"
// Reject session ids shorter than this, as a weak defense against

___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [meek/master] Remove TestCopyPublicFieldsHTTPTransport.

[dcf]

commit ae328538b8b582f2e594d8e3fcf192e8f70b8b16
Author: David Fifield 
Date:   Thu Sep 2 07:06:23 2021 -0600

Remove TestCopyPublicFieldsHTTPTransport.

This ought to have been removed in
bc887de694bc2d2381af099d5c38f0e9efd76c4b.


https://bugs.torproject.org/tpo/anti-censorship/pluggable-transports/meek/40002
---
 meek-client/utls_test.go | 35 ---
 1 file changed, 35 deletions(-)

diff --git a/meek-client/utls_test.go b/meek-client/utls_test.go
index eebb1db..b7e96a2 100644
--- a/meek-client/utls_test.go
+++ b/meek-client/utls_test.go
@@ -11,41 +11,6 @@ import (
utls "github.com/refraction-networking/utls"
 )
 
-func TestCopyPublicFieldsHTTPTransport(t *testing.T) {
-   src := http.DefaultTransport.(*http.Transport)
-   dst := {}
-   copyPublicFields(dst, src)
-   // Test various fields that we might care about a copy of http.Transport
-   // having.
-   if dst.DisableKeepAlives != src.DisableKeepAlives {
-   t.Errorf("mismatch on DisableKeepAlives")
-   }
-   if dst.DisableCompression != src.DisableCompression {
-   t.Errorf("mismatch on DisableCompression")
-   }
-   if dst.MaxIdleConns != src.MaxIdleConns {
-   t.Errorf("mismatch on MaxIdleConns")
-   }
-   if dst.MaxIdleConnsPerHost != src.MaxIdleConnsPerHost {
-   t.Errorf("mismatch on MaxIdleConnsPerHost")
-   }
-   if dst.MaxConnsPerHost != src.MaxConnsPerHost {
-   t.Errorf("mismatch on MaxConnsPerHost")
-   }
-   if dst.IdleConnTimeout != src.IdleConnTimeout {
-   t.Errorf("mismatch on IdleConnTimeout")
-   }
-   if dst.ResponseHeaderTimeout != src.ResponseHeaderTimeout {
-   t.Errorf("mismatch on ResponseHeaderTimeout")
-   }
-   if dst.ExpectContinueTimeout != src.ExpectContinueTimeout {
-   t.Errorf("mismatch on ExpectContinueTimeout")
-   }
-   if dst.MaxResponseHeaderBytes != src.MaxResponseHeaderBytes {
-   t.Errorf("mismatch on MaxResponseHeaderBytes")
-   }
-}
-
 // Test that the name lookup of NewUTLSRoundTripper is case-insensitive.
 func TestNewUTLSRoundTripperCase(t *testing.T) {
mixed, err := NewUTLSRoundTripper("HelloFirefox_Auto", nil, nil)



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [meek/master] Use a non-empty ServerName in TestProxyHTTPSCONNECT.

[dcf]

commit d9d57c24616a52f3f591fd49e4a5b34e2567fef3
Author: David Fifield 
Date:   Fri Sep 3 15:27:01 2021 -0600

Use a non-empty ServerName in TestProxyHTTPSCONNECT.

The crypto/tls server, since go1.12, requires that if a server_name
extension is present, it is not empty. With go1.12 and later, this test
was failing with
proxy_test.go:95: local error: tls: unexpected message

The specific commit that added the empty server_name check was:
https://go-review.googlesource.com/c/go/+/144115

https://github.com/golang/go/commit/4c8b09e9183390d6ab80d3f53a9fe5f6ace92f06#diff-f2f5faeac5da94dc7735456f798177b53421f827b8bfc242b56f116b8e5c7e62R264
Note the comment "enforcing a couple more 'must not be empty' on the
unmarshaling side".

Wireshark also complains in a packet capture:
[Expert Info (Warning/Protocol): Vector length 0 is smaller than 
minimum 1]


https://bugs.torproject.org/tpo/anti-censorship/pluggable-transports/meek/40002
---
 meek-client/proxy_test.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/meek-client/proxy_test.go b/meek-client/proxy_test.go
index b44c9a2..88ab387 100644
--- a/meek-client/proxy_test.go
+++ b/meek-client/proxy_test.go
@@ -226,7 +226,7 @@ func requestResultingFromDialHTTPS(t *testing.T, makeProxy 
func(addr net.Addr) (
 
 func TestProxyHTTPSCONNECT(t *testing.T) {
req, err := requestResultingFromDialHTTPS(t, func(addr net.Addr) 
(*httpProxy, error) {
-   return ProxyHTTPS("tcp", addr.String(), nil, proxy.Direct, 
{InsecureSkipVerify: true}, _Auto)
+   return ProxyHTTPS("tcp", addr.String(), nil, proxy.Direct, 
{InsecureSkipVerify: true, ServerName: testHost}, 
_Auto)
}, "tcp", testAddr)
if err != nil {
panic(err)



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [meek/master] Update utls to v0.0.0-20210713165636-0b2885c8c0d4.

[dcf]

commit 7aa47e7ffc9ca9153d2d2e79c55c90e7e618
Author: David Fifield 
Date:   Fri Sep 3 15:33:25 2021 -0600

Update utls to v0.0.0-20210713165636-0b2885c8c0d4.
---
 doc/meek-client.1 | 15 +--
 doc/meek-client.1.txt |  1 +
 go.mod|  2 +-
 go.sum|  4 ++--
 4 files changed, 17 insertions(+), 5 deletions(-)

diff --git a/doc/meek-client.1 b/doc/meek-client.1
index 8215537..0929310 100644
--- a/doc/meek-client.1
+++ b/doc/meek-client.1
@@ -2,12 +2,12 @@
 .\" Title: meek-client
 .\"Author: [FIXME: author] [see http://docbook.sf.net/el/author]
 .\" Generator: DocBook XSL Stylesheets v1.79.1 
-.\"  Date: 04/29/2020
+.\"  Date: 09/03/2021
 .\"Manual: \ \&
 .\"Source: \ \&
 .\"  Language: English
 .\"
-.TH "MEEK\-CLIENT" "1" "04/29/2020" "\ \&" "\ \&"
+.TH "MEEK\-CLIENT" "1" "09/03/2021" "\ \&" "\ \&"
 .\" -
 .\" * Define some portability stuff
 .\" -
@@ -194,6 +194,17 @@ HelloChrome_72
 .sp -1
 .IP \(bu 2.3
 .\}
+HelloChrome_83
+.RE
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
 HelloChrome_Auto
 .RE
 .sp
diff --git a/doc/meek-client.1.txt b/doc/meek-client.1.txt
index bd1ce5b..e378e53 100644
--- a/doc/meek-client.1.txt
+++ b/doc/meek-client.1.txt
@@ -62,6 +62,7 @@ The possible values of __CLIENTHELLOID__ are:
 - HelloChrome_62
 - HelloChrome_70
 - HelloChrome_72
+- HelloChrome_83
 - HelloChrome_Auto
 - HelloIOS_11_1
 - HelloIOS_12_1
diff --git a/go.mod b/go.mod
index 1216057..c0cb0cb 100644
--- a/go.mod
+++ b/go.mod
@@ -4,7 +4,7 @@ go 1.13
 
 require (
git.torproject.org/pluggable-transports/goptlib.git v1.1.0
-   github.com/refraction-networking/utls v0.0.0-20190909200633-43c36d3c1f57
+   github.com/refraction-networking/utls v0.0.0-20210713165636-0b2885c8c0d4
golang.org/x/crypto v0.0.0-20200429183012-4b2356b1ed79
golang.org/x/net v0.0.0-20200425230154-ff2c4b7c35a0
golang.org/x/sys v0.0.0-20200428200454-593003d681fa
diff --git a/go.sum b/go.sum
index effe803..0bc985f 100644
--- a/go.sum
+++ b/go.sum
@@ -1,7 +1,7 @@
 git.torproject.org/pluggable-transports/goptlib.git v1.1.0 
h1:LMQAA8pAho+QtYrrVNimJQiINNEwcwuuD99vezD/PAo=
 git.torproject.org/pluggable-transports/goptlib.git v1.1.0/go.mod 
h1:YT4XMSkuEXbtqlydr9+OxqFAyspUv0Gr9qhM3B++o/Q=
-github.com/refraction-networking/utls v0.0.0-20190909200633-43c36d3c1f57 
h1:SL1K0QAuC1b54KoY1pjPWe6kSlsFHwK9/oC960fKrTY=
-github.com/refraction-networking/utls 
v0.0.0-20190909200633-43c36d3c1f57/go.mod 
h1:tz9gX959MEFfFN5whTIocCLUG57WiILqtdVxI8c6Wj0=
+github.com/refraction-networking/utls v0.0.0-20210713165636-0b2885c8c0d4 
h1:n9NMHJusHylTmtaJ0Qe0VV9dkTZLiwAxHmrI/l98GeE=
+github.com/refraction-networking/utls 
v0.0.0-20210713165636-0b2885c8c0d4/go.mod 
h1:tz9gX959MEFfFN5whTIocCLUG57WiILqtdVxI8c6Wj0=
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod 
h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
 golang.org/x/crypto v0.0.0-20200429183012-4b2356b1ed79 
h1:IaQbIIB2X/Mp/DKctl6ROxz1KyMlKp4uyvL6+kQ7C88=
 golang.org/x/crypto v0.0.0-20200429183012-4b2356b1ed79/go.mod 
h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits