tbb-commits November 2015

tbb-commits@lists.torproject.org

2 participants
29 discussions

[torbutton/master] Bug 16940: After update, load local change notes.
by gk＠torproject.org 25 Nov '15

25 Nov '15

commit 9b800ffc669f7eb7dd6203a24aa85a39b5edd154 Author: Kathy Brade <brade(a)pearlcrescent.com> Date: Thu Nov 19 10:13:11 2015 -0500 Bug 16940: After update, load local change notes. Include the localizable strings for the about:tbupdate page in Torbutton. --- src/chrome.manifest | 3 +++ src/chrome/locale/en/aboutTBUpdate.dtd | 6 ++++++ trans_tools/import-translations.sh | 1 + 3 files changed, 10 insertions(+) diff --git a/src/chrome.manifest b/src/chrome.manifest index 1d3efb4..30aa2ff 100644 --- a/src/chrome.manifest +++ b/src/chrome.manifest @@ -12,6 +12,9 @@ override chrome://branding/locale/brand.dtd chrome://torbutton/locale/brand.dtd override chrome://branding/locale/brand.properties chrome://torbutton/locale/brand.properties overlay chrome://browser/content/aboutDialog.xul chrome://torbutton/content/aboutDialog.xul +# Strings for the about:tbupdate page +override chrome://browser/locale/aboutTBUpdate.dtd chrome://torbutton/locale/aboutTBUpdate.dtd + locale torbutton af chrome/locale/af/ locale torbutton ak chrome/locale/ak/ locale torbutton am chrome/locale/am/ diff --git a/src/chrome/locale/en/aboutTBUpdate.dtd b/src/chrome/locale/en/aboutTBUpdate.dtd new file mode 100644 index 0000000..37567bd --- /dev/null +++ b/src/chrome/locale/en/aboutTBUpdate.dtd @@ -0,0 +1,6 @@ +<!ENTITY aboutTBUpdate.title "Tor Browser Update"> +<!ENTITY aboutTBUpdate.updated "Tor Browser has been updated."> +<!ENTITY aboutTBUpdate.linkPrefix "For the most up-to-date information about this release, "> +<!ENTITY aboutTBUpdate.linkLabel "visit our website"> +<!ENTITY aboutTBUpdate.linkSuffix "."> +<!ENTITY aboutTBUpdate.changeLogHeading "Changelog:"> diff --git a/trans_tools/import-translations.sh b/trans_tools/import-translations.sh index 494e64f..cfaa05c 100755 --- a/trans_tools/import-translations.sh +++ b/trans_tools/import-translations.sh @@ -17,6 +17,7 @@ LOCALE_DIR=../src/chrome/locale FILEMAP=( "aboutDialog.dtd:torbutton-aboutdialogdtd" "aboutTor.dtd:abouttor-homepage" "aboutTor.properties:torbutton-abouttorproperties" + "aboutTBUpdate.dtd:torbutton-abouttbupdatedtd" "brand.dtd:torbutton-branddtd" "brand.properties:torbutton-brandproperties" "torbutton.dtd:torbutton-torbuttondtd"

1 0

[tor-browser/tor-browser-38.4.0esr-5.5-1] Bug 16940: After update, load local change notes.
by gk＠torproject.org 25 Nov '15

25 Nov '15

commit 4a726fc8a675c0882cbfba2514deb32b53ade2ab Author: Kathy Brade <brade(a)pearlcrescent.com> Date: Wed Nov 25 11:36:20 2015 -0500 Bug 16940: After update, load local change notes. Add an about:tbupdate page that displays the first section from TorBrowser/Docs/ChangeLog.txt and includes a link to the remote post-update page (typically our blog entry for the release). --- .../base/content/abouttbupdate/aboutTBUpdate.css | 34 +++++++++++ .../base/content/abouttbupdate/aboutTBUpdate.js | 10 +++ .../base/content/abouttbupdate/aboutTBUpdate.xhtml | 34 +++++++++++ .../content/abouttbupdate/aboutTBUpdateLogo.png | Bin 0 -> 23266 bytes browser/base/content/browser.js | 14 ++++- browser/base/content/content.js | 64 ++++++++++++++++++++ browser/base/jar.mn | 8 ++- browser/components/about/AboutRedirector.cpp | 8 +++ browser/components/build/nsModule.cpp | 3 + browser/components/nsBrowserContentHandler.js | 12 ++++ .../locales/en-US/chrome/browser/aboutTBUpdate.dtd | 6 ++ browser/locales/jar.mn | 3 + 12 files changed, 194 insertions(+), 2 deletions(-) diff --git a/browser/base/content/abouttbupdate/aboutTBUpdate.css b/browser/base/content/abouttbupdate/aboutTBUpdate.css new file mode 100644 index 0000000..489c9d2 --- /dev/null +++ b/browser/base/content/abouttbupdate/aboutTBUpdate.css @@ -0,0 +1,34 @@ +body { + font-family: sans-serif; + font-size: 110%; + background-image: -moz-linear-gradient(top, #ffffff, #ffffff 10%, #d5ffd5 50%, #d5ffd5); + background-attachment: fixed; + background-size: 100% 100%; +} + +#logo { + background-image: url("chrome://browser/content/abouttbupdate/aboutTBUpdateLogo.png"); + height: 128px; + width: 128px; + margin: 20px; + float: left; +} + +#msg { + margin-top: 50px; + float: left; +} + +#msg-updated { + font-size: 120%; + margin-bottom: 20px; +} + +#changelog-container { + margin: 0px 20px 20px 20px; +} + +#changelog { + margin-left: 20px; + white-space: pre; +} diff --git a/browser/base/content/abouttbupdate/aboutTBUpdate.js b/browser/base/content/abouttbupdate/aboutTBUpdate.js new file mode 100644 index 0000000..8243647 --- /dev/null +++ b/browser/base/content/abouttbupdate/aboutTBUpdate.js @@ -0,0 +1,10 @@ +// Copyright (c) 2015, The Tor Project, Inc. +// See LICENSE for licensing information. +// +// vim: set sw=2 sts=2 ts=8 et syntax=javascript: + +function init() +{ + let event = new CustomEvent("AboutTBUpdateLoad", { bubbles: true }); + document.dispatchEvent(event); +} diff --git a/browser/base/content/abouttbupdate/aboutTBUpdate.xhtml b/browser/base/content/abouttbupdate/aboutTBUpdate.xhtml new file mode 100644 index 0000000..3a29e0c --- /dev/null +++ b/browser/base/content/abouttbupdate/aboutTBUpdate.xhtml @@ -0,0 +1,34 @@ +<?xml version="1.0" encoding="UTF-8"?> + +<!DOCTYPE html [ + <!ENTITY % htmlDTD + PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" + "DTD/xhtml1-strict.dtd"> + %htmlDTD; + <!ENTITY % globalDTD SYSTEM "chrome://global/locale/global.dtd"> + %globalDTD; + <!ENTITY % tbUpdateDTD SYSTEM "chrome://browser/locale/aboutTBUpdate.dtd"> + %tbUpdateDTD; +]> + +<html xmlns="http://www.w3.org/1999/xhtml"> +<head> + <title>&aboutTBUpdate.title;</title> + <link rel="stylesheet" type="text/css" + href="chrome://browser/content/abouttbupdate/aboutTBUpdate.css"/> + <script src="chrome://browser/content/abouttbupdate/aboutTBUpdate.js" + type="text/javascript;version=1.7"/> +</head> +<body dir="&locale.dir;" onload="init()"> +<div id="logo"/> +<div id="msg"> +<div id="msg-updated">&aboutTBUpdate.updated;</div> +<div>&aboutTBUpdate.linkPrefix;<a id="infolink">&aboutTBUpdate.linkLabel;</a>&aboutTBUpdate.linkSuffix; +</div> +</div> +<br clear="all"/> +<div id="changelog-container">&aboutTBUpdate.changeLogHeading; +<div id="changelog"></div> +</div> +</body> +</html> diff --git a/browser/base/content/abouttbupdate/aboutTBUpdateLogo.png b/browser/base/content/abouttbupdate/aboutTBUpdateLogo.png new file mode 100644 index 0000000..be5cae9 Binary files /dev/null and b/browser/base/content/abouttbupdate/aboutTBUpdateLogo.png differ diff --git a/browser/base/content/browser.js b/browser/base/content/browser.js index baddc59..815f018 100644 --- a/browser/base/content/browser.js +++ b/browser/base/content/browser.js @@ -216,6 +216,9 @@ XPCOMUtils.defineLazyModuleGetter(this, "ReaderParent", let gInitialPages = [ "about:tor", +#ifdef TOR_BROWSER_UPDATE + "about:tbupdate", +#endif "about:blank", "about:newtab", "about:home", @@ -2354,7 +2357,11 @@ function URLBarSetURI(aURI) { // Replace initial page URIs with an empty string // only if there's no opener (bug 370555). // Bug 863515 - Make content.opener checks work in electrolysis. +#ifdef TOR_BROWSER_UPDATE + if (gInitialPages.indexOf(uri.spec.split('?')[0]) != -1) +#else if (gInitialPages.indexOf(uri.spec) != -1) +#endif value = !gMultiProcessBrowser && content.opener ? uri.spec : ""; else value = losslessDecodeURI(uri); @@ -6951,8 +6958,13 @@ var gIdentityHandler = { // Chrome URIs however get special treatment. Some chrome URIs are // whitelisted to provide a positive security signal to the user. - let whitelist = /^about:(accounts|addons|app-manager|config|crashes|customizing|downloads|healthreport|home|license|newaddon|permissions|preferences|privatebrowsing|rights|sessionrestore|support|welcomeback)/i; +#ifdef TOR_BROWSER_UPDATE + let whitelist = /^about:(accounts|addons|app-manager|config|crashes|customizing|downloads|healthreport|home|license|newaddon|permissions|preferences|privatebrowsing|rights|sessionrestore|support|welcomeback|tor|tbupdate)/i; + let isChromeUI = uri.schemeIs("about") && whitelist.test(uri.spec.split('?')[0]); +#else + let whitelist = /^about:(accounts|addons|app-manager|config|crashes|customizing|downloads|healthreport|home|license|newaddon|permissions|preferences|privatebrowsing|rights|sessionrestore|support|welcomeback|tor)/i; let isChromeUI = uri.schemeIs("about") && whitelist.test(uri.spec); +#endif if (isChromeUI) { this.setMode(this.IDENTITY_MODE_CHROMEUI); } else if (unknown) { diff --git a/browser/base/content/content.js b/browser/base/content/content.js index 14f21fc..fd87352 100644 --- a/browser/base/content/content.js +++ b/browser/base/content/content.js @@ -11,6 +11,9 @@ Cu.import("resource:///modules/ContentWebRTC.jsm"); Cu.import("resource:///modules/ContentObservers.jsm"); Cu.import("resource://gre/modules/InlineSpellChecker.jsm"); Cu.import("resource://gre/modules/InlineSpellCheckerContent.jsm"); +#ifdef TOR_BROWSER_UPDATE +Cu.import("resource://gre/modules/NetUtil.jsm"); +#endif XPCOMUtils.defineLazyModuleGetter(this, "E10SUtils", "resource:///modules/E10SUtils.jsm"); @@ -560,6 +563,67 @@ let AboutReaderListener = { }; AboutReaderListener.init(); +#ifdef TOR_BROWSER_UPDATE +let AboutTBUpdateListener = { + init: function(chromeGlobal) { + chromeGlobal.addEventListener('AboutTBUpdateLoad', this, false, true); + }, + + get isAboutTBUpdate() { + return content.document.documentURI.split('?')[0].toLowerCase() + == "about:tbupdate"; + }, + + handleEvent: function(aEvent) { + if (this.isAboutTBUpdate && (aEvent.type == "AboutTBUpdateLoad")) + this.onPageLoad(); + }, + + onPageLoad: function() { + let doc = content.document; + doc.getElementById("infolink").setAttribute("href", this.getPostUpdateURL()); + doc.getElementById("changelog").textContent = this.getChangeLogText(); + }, + + // Extract the post update URL from this page's query string. + getPostUpdateURL: function() { + let idx = content.document.documentURI.indexOf('?'); + if (idx > 0) + return decodeURIComponent(content.document.documentURI.substring(idx+1)); + + // No query string: use the default URL. + return Services.urlFormatter.formatURLPref("startup.homepage_override_url"); + }, + + // Read and return the text from the beginning of the changelog file that is + // located at TorBrowser/Docs/ChangeLog.txt. + // When electrolysis is enabled we will need to adopt an architecture that is + // more similar to the one that is used for about:home (see AboutHomeListener + // in this file and browser/modules/AboutHome.jsm). + getChangeLogText: function() { + try { + // "DefProfRt" is .../TorBrowser/Data/Browser + let f = Cc["@mozilla.org/file/directory_service;1"] + .getService(Ci.nsIProperties).get("DefProfRt", Ci.nsIFile); + f = f.parent.parent; // Remove "Data/Browser" + f.appendRelativePath("Docs/ChangeLog.txt"); + + let fs = Cc["@mozilla.org/network/file-input-stream;1"] + .createInstance(Ci.nsIFileInputStream); + fs.init(f, -1, 0, 0); + let s = NetUtil.readInputStreamToString(fs, fs.available()); + fs.close(); + + // Truncate at the first empty line. + return s.replace(/[\r\n][\r\n][\s\S]*$/m, ""); + } catch (e) {} + + return ""; + }, +}; +AboutTBUpdateListener.init(this); +#endif + // An event listener for custom "WebChannelMessageToChrome" events on pages addEventListener("WebChannelMessageToChrome", function (e) { // if target is window then we want the document principal, otherwise fallback to target itself. diff --git a/browser/base/jar.mn b/browser/base/jar.mn index 00f0c8a..73f370a 100644 --- a/browser/base/jar.mn +++ b/browser/base/jar.mn @@ -72,12 +72,18 @@ browser.jar: content/browser/aboutTabCrashed.css (content/aboutTabCrashed.css) content/browser/aboutTabCrashed.js (content/aboutTabCrashed.js) content/browser/aboutTabCrashed.xhtml (content/aboutTabCrashed.xhtml) +#ifdef TOR_BROWSER_UPDATE + content/browser/abouttbupdate/aboutTBUpdate.xhtml (content/abouttbupdate/aboutTBUpdate.xhtml) + content/browser/abouttbupdate/aboutTBUpdate.js (content/abouttbupdate/aboutTBUpdate.js) + content/browser/abouttbupdate/aboutTBUpdate.css (content/abouttbupdate/aboutTBUpdate.css) + content/browser/abouttbupdate/aboutTBUpdateLogo.png (content/abouttbupdate/aboutTBUpdateLogo.png) +#endif * content/browser/browser.css (content/browser.css) * content/browser/browser.js (content/browser.js) * content/browser/browser.xul (content/browser.xul) * content/browser/browser-tabPreviews.xml (content/browser-tabPreviews.xml) * content/browser/chatWindow.xul (content/chatWindow.xul) - content/browser/content.js (content/content.js) +* content/browser/content.js (content/content.js) content/browser/defaultthemes/1.footer.jpg (content/defaultthemes/1.footer.jpg) content/browser/defaultthemes/1.header.jpg (content/defaultthemes/1.header.jpg) content/browser/defaultthemes/1.icon.jpg (content/defaultthemes/1.icon.jpg) diff --git a/browser/components/about/AboutRedirector.cpp b/browser/components/about/AboutRedirector.cpp index 4805c2c..a4f1c4a 100644 --- a/browser/components/about/AboutRedirector.cpp +++ b/browser/components/about/AboutRedirector.cpp @@ -123,6 +123,14 @@ static RedirEntry kRedirMap[] = { nsIAboutModule::URI_MUST_LOAD_IN_CHILD | nsIAboutModule::MAKE_UNLINKABLE | nsIAboutModule::HIDE_FROM_ABOUTABOUT }, +#ifdef TOR_BROWSER_UPDATE + { "tbupdate", "chrome://browser/content/abouttbupdate/aboutTBUpdate.xhtml", + nsIAboutModule::URI_SAFE_FOR_UNTRUSTED_CONTENT | + nsIAboutModule::ALLOW_SCRIPT | + nsIAboutModule::MAKE_UNLINKABLE | + nsIAboutModule::HIDE_FROM_ABOUTABOUT + }, +#endif }; static const int kRedirTotal = ArrayLength(kRedirMap); diff --git a/browser/components/build/nsModule.cpp b/browser/components/build/nsModule.cpp index 553dfcf..8761b7d 100644 --- a/browser/components/build/nsModule.cpp +++ b/browser/components/build/nsModule.cpp @@ -116,6 +116,9 @@ static const mozilla::Module::ContractIDEntry kBrowserContracts[] = { { NS_ABOUT_MODULE_CONTRACTID_PREFIX "looppanel", &kNS_BROWSER_ABOUT_REDIRECTOR_CID }, { NS_ABOUT_MODULE_CONTRACTID_PREFIX "loopconversation", &kNS_BROWSER_ABOUT_REDIRECTOR_CID }, { NS_ABOUT_MODULE_CONTRACTID_PREFIX "reader", &kNS_BROWSER_ABOUT_REDIRECTOR_CID }, +#ifdef TOR_BROWSER_UPDATE + { NS_ABOUT_MODULE_CONTRACTID_PREFIX "tbupdate", &kNS_BROWSER_ABOUT_REDIRECTOR_CID }, +#endif #if defined(XP_WIN) { NS_IEHISTORYENUMERATOR_CONTRACTID, &kNS_WINIEHISTORYENUMERATOR_CID }, #elif defined(XP_MACOSX) diff --git a/browser/components/nsBrowserContentHandler.js b/browser/components/nsBrowserContentHandler.js index a3465a0..9d7d110 100644 --- a/browser/components/nsBrowserContentHandler.js +++ b/browser/components/nsBrowserContentHandler.js @@ -629,6 +629,13 @@ nsBrowserContentHandler.prototype = { // into account because that requires waiting for the session file // to be read. If a crash occurs after updating, before restarting, // we may open the startPage in addition to restoring the session. + // + // Tor Browser: Instead of opening the post-update "override page" + // directly, an about:tbupdate page is opened that includes a link + // to the override page as well as text from the first part of the + // local ChangeLog.txt file. The override page URL comes from the + // openURL attribute within the updates.xml file or, if no showURL + // action is present, from the startup.homepage_override_url pref. var ss = Components.classes["@mozilla.org/browser/sessionstartup;1"] .getService(Components.interfaces.nsISessionStartup); willRestoreSession = ss.isAutomaticRestoreEnabled(); @@ -642,6 +649,11 @@ nsBrowserContentHandler.prototype = { overridePage = overridePage.replace("%OLD_TOR_BROWSER_VERSION%", old_tbversion); #endif + +#ifdef TOR_BROWSER_UPDATE + if (overridePage) + overridePage = "about:tbupdate?" + encodeURIComponent(overridePage); +#endif break; } } diff --git a/browser/locales/en-US/chrome/browser/aboutTBUpdate.dtd b/browser/locales/en-US/chrome/browser/aboutTBUpdate.dtd new file mode 100644 index 0000000..37567bd --- /dev/null +++ b/browser/locales/en-US/chrome/browser/aboutTBUpdate.dtd @@ -0,0 +1,6 @@ +<!ENTITY aboutTBUpdate.title "Tor Browser Update"> +<!ENTITY aboutTBUpdate.updated "Tor Browser has been updated."> +<!ENTITY aboutTBUpdate.linkPrefix "For the most up-to-date information about this release, "> +<!ENTITY aboutTBUpdate.linkLabel "visit our website"> +<!ENTITY aboutTBUpdate.linkSuffix "."> +<!ENTITY aboutTBUpdate.changeLogHeading "Changelog:"> diff --git a/browser/locales/jar.mn b/browser/locales/jar.mn index 03a8cdf..510ce40 100644 --- a/browser/locales/jar.mn +++ b/browser/locales/jar.mn @@ -24,6 +24,9 @@ locale/browser/syncCustomize.dtd (%chrome/browser/syncCustomize.dtd) locale/browser/aboutSyncTabs.dtd (%chrome/browser/aboutSyncTabs.dtd) #endif +#ifdef TOR_BROWSER_UPDATE + locale/browser/aboutTBUpdate.dtd (%chrome/browser/aboutTBUpdate.dtd) +#endif locale/browser/browser.dtd (%chrome/browser/browser.dtd) locale/browser/baseMenuOverlay.dtd (%chrome/browser/baseMenuOverlay.dtd) locale/browser/browser.properties (%chrome/browser/browser.properties)

1 0

[tor-browser-bundle/hardened-builds] Bug 13819: Ship expert bundles with console
by gk＠torproject.org 24 Nov '15

24 Nov '15

commit e4b449bef3f7d44f8533c7d1bdd54cdf0535887f Author: Georg Koppen <gk(a)torproject.org> Date: Mon Sep 21 08:47:47 2015 +0000 Bug 13819: Ship expert bundles with console Currently, the expert bundles are identical to the tor software we ship in Tor Browser. This means there is no console showing up displaying status messages while tor and the browser are running. This commit fixes this by compiling tor twice, once for Tor Browser without console showing up and the second time with the console enabled. The first goes into Tor Browser and the second one is used for the expert bundle. --- gitian/descriptors/windows/gitian-tor.yml | 50 ++++++++++++++++++++--------- gitian/mkbundle-windows.sh | 7 ++-- 2 files changed, 38 insertions(+), 19 deletions(-) diff --git a/gitian/descriptors/windows/gitian-tor.yml b/gitian/descriptors/windows/gitian-tor.yml index 9d6838c..601dc4e 100644 --- a/gitian/descriptors/windows/gitian-tor.yml +++ b/gitian/descriptors/windows/gitian-tor.yml @@ -65,20 +65,38 @@ script: | fi mkdir -p $OUTDIR/src #git archive HEAD | tar -x -C $OUTDIR/src - # Let's avoid the console window popping up. - export CFLAGS="-mwindows -fstack-protector-all -Wstack-protector --param ssp-buffer-size=4 -fno-strict-overflow -Wno-missing-field-initializers -Wformat -Wformat-security" - export LDFLAGS="-mwindows -Wl,--dynamicbase -Wl,--nxcompat -Wl,--enable-reloc-section -lssp -L$INSTDIR/gcclibs" - ./autogen.sh - find -type f -print0 | xargs -0 touch --date="$REFERENCE_DATETIME" - ./configure --disable-asciidoc --host=i686-w64-mingw32 --with-libevent-dir=$INSTDIR/libevent --with-openssl-dir=$INSTDIR/openssl --prefix=$INSTDIR --with-zlib-dir=$INSTDIR/zlib/ - make $MAKEOPTS - make install - cd .. - install -s $INSTDIR/bin/tor.exe $INSTDIR/Tor/ - cp $INSTDIR/share/tor/geoip $INSTDIR/Data/Tor/ - cp $INSTDIR/share/tor/geoip6 $INSTDIR/Data/Tor/ + # We are building normal bundles without the console popping up and expert + # ones with. See bug 13819 for the request and details. + mkdir build + BUILDS="normal expert" + for BUILD in $BUILDS + do + if [ "$BUILD" == "expert" ] + then + FLAG="" + BUNDLE="expert-" + else + FLAG="-mwindows" + BUNDLE="" + fi + export CFLAGS="$FLAG -fstack-protector-all -Wstack-protector --param ssp-buffer-size=4 -fno-strict-overflow -Wno-missing-field-initializers -Wformat -Wformat-security" + export LDFLAGS="$FLAG -Wl,--dynamicbase -Wl,--nxcompat -Wl,--enable-reloc-section -lssp -L$INSTDIR/gcclibs" + ./autogen.sh + find -type f -print0 | xargs -0 touch --date="$REFERENCE_DATETIME" + cd build + ../configure --disable-asciidoc --host=i686-w64-mingw32 --with-libevent-dir=$INSTDIR/libevent --with-openssl-dir=$INSTDIR/openssl --prefix=$INSTDIR --with-zlib-dir=$INSTDIR/zlib/ + make $MAKEOPTS + make install + cd ../.. + install -s $INSTDIR/bin/tor.exe $INSTDIR/Tor/ + cp $INSTDIR/share/tor/geoip $INSTDIR/Data/Tor/ + cp $INSTDIR/share/tor/geoip6 $INSTDIR/Data/Tor/ - # Grabbing the result - cd $INSTDIR - ~/build/dzip.sh tor-win32-gbuilt.zip Tor/ Data/ - cp tor-win32-gbuilt.zip $OUTDIR/ + # Grabbing the result + cd $INSTDIR + ~/build/dzip.sh tor-win32-${BUNDLE}gbuilt.zip Tor/ Data/ + cp tor-win32-${BUNDLE}gbuilt.zip $OUTDIR/ + cd ~/build/tor + # Remove artifacts of the previous build + rm -rf build/* + done diff --git a/gitian/mkbundle-windows.sh b/gitian/mkbundle-windows.sh index 8f89123..6aeec8a 100755 --- a/gitian/mkbundle-windows.sh +++ b/gitian/mkbundle-windows.sh @@ -148,7 +148,8 @@ else cd .. fi -if [ ! -f inputs/tor-win32-gbuilt.zip ]; +if [ ! -f inputs/tor-win32-gbuilt.zip -o \ + ! -f inputs/tor-win32-expert-gbuilt.zip ]; then echo echo "****** Starting Tor Component of Windows Bundle (2/5 for Windows) ******" @@ -161,7 +162,7 @@ then exit 1 fi - cp -a build/out/tor-win32-gbuilt.zip inputs/ + cp -a build/out/tor-win32-*gbuilt.zip inputs/ #cp -a result/tor-windows-res.yml inputs/ else echo @@ -230,7 +231,7 @@ then mkdir -p $WRAPPER_DIR/$TORBROWSER_BUILDDIR/ cp -a build/out/*.exe $WRAPPER_DIR/$TORBROWSER_BUILDDIR/ || exit 1 cp -a build/out/*.mar $WRAPPER_DIR/$TORBROWSER_BUILDDIR/ || exit 1 - cp -a inputs/tor-win32-gbuilt.zip $WRAPPER_DIR/$TORBROWSER_BUILDDIR/tor-win32-${TOR_TAG_ORIG:4}.zip || exit 1 + cp -a inputs/tor-win32-expert-gbuilt.zip $WRAPPER_DIR/$TORBROWSER_BUILDDIR/tor-win32-${TOR_TAG_ORIG:4}.zip || exit 1 touch inputs/bundle-windows.gbuilt else echo

1 0

[tor-browser-bundle/master] Bug 13819: Ship expert bundles with console
by gk＠torproject.org 24 Nov '15

24 Nov '15

commit eaec9e80ac9a2a490456b4d6d3805f66dfa0a627 Author: Georg Koppen <gk(a)torproject.org> Date: Mon Sep 21 08:47:47 2015 +0000 Bug 13819: Ship expert bundles with console Currently, the expert bundles are identical to the tor software we ship in Tor Browser. This means there is no console showing up displaying status messages while tor and the browser are running. This commit fixes this by compiling tor twice, once for Tor Browser without console showing up and the second time with the console enabled. The first goes into Tor Browser and the second one is used for the expert bundle. --- gitian/descriptors/windows/gitian-tor.yml | 50 ++++++++++++++++++++--------- gitian/mkbundle-windows.sh | 7 ++-- 2 files changed, 38 insertions(+), 19 deletions(-) diff --git a/gitian/descriptors/windows/gitian-tor.yml b/gitian/descriptors/windows/gitian-tor.yml index 9d6838c..601dc4e 100644 --- a/gitian/descriptors/windows/gitian-tor.yml +++ b/gitian/descriptors/windows/gitian-tor.yml @@ -65,20 +65,38 @@ script: | fi mkdir -p $OUTDIR/src #git archive HEAD | tar -x -C $OUTDIR/src - # Let's avoid the console window popping up. - export CFLAGS="-mwindows -fstack-protector-all -Wstack-protector --param ssp-buffer-size=4 -fno-strict-overflow -Wno-missing-field-initializers -Wformat -Wformat-security" - export LDFLAGS="-mwindows -Wl,--dynamicbase -Wl,--nxcompat -Wl,--enable-reloc-section -lssp -L$INSTDIR/gcclibs" - ./autogen.sh - find -type f -print0 | xargs -0 touch --date="$REFERENCE_DATETIME" - ./configure --disable-asciidoc --host=i686-w64-mingw32 --with-libevent-dir=$INSTDIR/libevent --with-openssl-dir=$INSTDIR/openssl --prefix=$INSTDIR --with-zlib-dir=$INSTDIR/zlib/ - make $MAKEOPTS - make install - cd .. - install -s $INSTDIR/bin/tor.exe $INSTDIR/Tor/ - cp $INSTDIR/share/tor/geoip $INSTDIR/Data/Tor/ - cp $INSTDIR/share/tor/geoip6 $INSTDIR/Data/Tor/ + # We are building normal bundles without the console popping up and expert + # ones with. See bug 13819 for the request and details. + mkdir build + BUILDS="normal expert" + for BUILD in $BUILDS + do + if [ "$BUILD" == "expert" ] + then + FLAG="" + BUNDLE="expert-" + else + FLAG="-mwindows" + BUNDLE="" + fi + export CFLAGS="$FLAG -fstack-protector-all -Wstack-protector --param ssp-buffer-size=4 -fno-strict-overflow -Wno-missing-field-initializers -Wformat -Wformat-security" + export LDFLAGS="$FLAG -Wl,--dynamicbase -Wl,--nxcompat -Wl,--enable-reloc-section -lssp -L$INSTDIR/gcclibs" + ./autogen.sh + find -type f -print0 | xargs -0 touch --date="$REFERENCE_DATETIME" + cd build + ../configure --disable-asciidoc --host=i686-w64-mingw32 --with-libevent-dir=$INSTDIR/libevent --with-openssl-dir=$INSTDIR/openssl --prefix=$INSTDIR --with-zlib-dir=$INSTDIR/zlib/ + make $MAKEOPTS + make install + cd ../.. + install -s $INSTDIR/bin/tor.exe $INSTDIR/Tor/ + cp $INSTDIR/share/tor/geoip $INSTDIR/Data/Tor/ + cp $INSTDIR/share/tor/geoip6 $INSTDIR/Data/Tor/ - # Grabbing the result - cd $INSTDIR - ~/build/dzip.sh tor-win32-gbuilt.zip Tor/ Data/ - cp tor-win32-gbuilt.zip $OUTDIR/ + # Grabbing the result + cd $INSTDIR + ~/build/dzip.sh tor-win32-${BUNDLE}gbuilt.zip Tor/ Data/ + cp tor-win32-${BUNDLE}gbuilt.zip $OUTDIR/ + cd ~/build/tor + # Remove artifacts of the previous build + rm -rf build/* + done diff --git a/gitian/mkbundle-windows.sh b/gitian/mkbundle-windows.sh index 8f89123..6aeec8a 100755 --- a/gitian/mkbundle-windows.sh +++ b/gitian/mkbundle-windows.sh @@ -148,7 +148,8 @@ else cd .. fi -if [ ! -f inputs/tor-win32-gbuilt.zip ]; +if [ ! -f inputs/tor-win32-gbuilt.zip -o \ + ! -f inputs/tor-win32-expert-gbuilt.zip ]; then echo echo "****** Starting Tor Component of Windows Bundle (2/5 for Windows) ******" @@ -161,7 +162,7 @@ then exit 1 fi - cp -a build/out/tor-win32-gbuilt.zip inputs/ + cp -a build/out/tor-win32-*gbuilt.zip inputs/ #cp -a result/tor-windows-res.yml inputs/ else echo @@ -230,7 +231,7 @@ then mkdir -p $WRAPPER_DIR/$TORBROWSER_BUILDDIR/ cp -a build/out/*.exe $WRAPPER_DIR/$TORBROWSER_BUILDDIR/ || exit 1 cp -a build/out/*.mar $WRAPPER_DIR/$TORBROWSER_BUILDDIR/ || exit 1 - cp -a inputs/tor-win32-gbuilt.zip $WRAPPER_DIR/$TORBROWSER_BUILDDIR/tor-win32-${TOR_TAG_ORIG:4}.zip || exit 1 + cp -a inputs/tor-win32-expert-gbuilt.zip $WRAPPER_DIR/$TORBROWSER_BUILDDIR/tor-win32-${TOR_TAG_ORIG:4}.zip || exit 1 touch inputs/bundle-windows.gbuilt else echo

1 0

[tor-launcher/master] Bug 17344: enumerate available langpacks for lang prompt
by brade＠torproject.org 20 Nov '15

20 Nov '15

commit 20f01697b19ce938b894634d3ca4e39218137ea4 Author: Kathy Brade <brade(a)pearlcrescent.com> Date: Fri Nov 20 15:26:56 2015 -0500 Bug 17344: enumerate available langpacks for lang prompt Remove the hard-coded list of languages and build the listbox items from the set of installed language packs. --- src/chrome/content/localePicker.xul | 19 +------ src/chrome/content/network-settings.js | 97 +++++++++++++++++++++++++++----- 2 files changed, 85 insertions(+), 31 deletions(-) diff --git a/src/chrome/content/localePicker.xul b/src/chrome/content/localePicker.xul index be82e14..5b93825 100644 --- a/src/chrome/content/localePicker.xul +++ b/src/chrome/content/localePicker.xul @@ -35,24 +35,7 @@ <vbox> <label class="question">&torlauncher.localePicker.prompt;</label> <separator/> - <listbox id="localeList" ondblclick="onLocaleListDoubleClick()"> - <listitem value="en-US" label="English" selected="true" /> - <listitem value="ar" label="العربية" /> - <listitem value="de" label="Deutsch" /> - <listitem value="es-ES" label="Español" /> - <listitem value="fa" label="فارسی" /> - <listitem value="fr" label="Français" /> - <listitem value="it" label="Italiano" /> - <listitem value="ja" label="日本語" /> - <listitem value="ko" label="한국어" /> - <listitem value="nl" label="Nederlands" /> - <listitem value="pl" label="Polski" /> - <listitem value="pt-PT" label="Português (Europeu)" /> - <listitem value="ru" label="Русский" /> - <listitem value="tr" label="Türkçe" /> - <listitem value="vi" label="Tiếng Việt" /> - <listitem value="zh-CN" label="简体字" /> - </listbox> + <listbox id="localeList" ondblclick="onLocaleListDoubleClick()"/> </vbox> </wizardpage> diff --git a/src/chrome/content/network-settings.js b/src/chrome/content/network-settings.js index 2382ea6..9d3cb60 100644 --- a/src/chrome/content/network-settings.js +++ b/src/chrome/content/network-settings.js @@ -247,27 +247,98 @@ function initLocaleDialog() if (nextBtn && doneBtn) doneBtn.label = nextBtn.label; - // Select the current language by default. + let { AddonManager } = Cu.import("resource://gre/modules/AddonManager.jsm"); + AddonManager.getAddonsByTypes(["locale"], function(aLangPackAddons) + { + populateLocaleList(aLangPackAddons); + resizeDialogToFitContent(); + TorLauncherLogger.log(2, "initLocaleDialog done"); + }); +} + + +function populateLocaleList(aLangPackAddons) +{ + let knownLanguages = { + "en-US" : "English", + "ar" : "\u0627\u0644\u0639\u0631\u0628\u064a\u0629", + "de" : "Deutsch", + "es-ES" : "Espa\u00f1ol", + "fa" : "\u0641\u0627\u0631\u0633\u06cc", + "fr" : "Fran\u00e7ais", + "it" : "Italiano", + "ja" : "\u65e5\u672c\u8a9e", + "ko" : "\ud55c\uad6d\uc5b4", + "nl" : "Nederlands", + "pl" : "Polski", + "pt-PT" : "Portugu\u00eas (Europeu)", + "ru" : "\u0420\u0443\u0441\u0441\u043a\u0438\u0439", + "tr" : "T\u00fcrk\u00e7e", + "vi" : "Ti\u1ebfng Vi\u1ec7t", + "zh-CN" : "\u7b80\u4f53\u5b57" + }; + + // Retrieve the current locale so we can select it within the list by default. + let curLocale; try { let chromeRegSvc = Cc["@mozilla.org/chrome/chrome-registry;1"] .getService(Ci.nsIXULChromeRegistry); - let curLocale = chromeRegSvc.getSelectedLocale("global").toLowerCase(); - let localeList = document.getElementById(kLocaleList); - for (let i = 0; i < localeList.itemCount; ++i) + curLocale = chromeRegSvc.getSelectedLocale("global").toLowerCase(); + } catch (e) {} + + // Build a list of language info objects (language code plus friendly name). + let foundCurLocale = false; + let langInfo = []; + for (let addon of aLangPackAddons) + { + let uri = addon.getResourceURI(""); + // The add-on IDs look like langpack-LANGCODE(a)firefox.mozilla.org + let matchResult = addon.id.match(/^langpack-(.*)@.*\.mozilla\.org/); + let code = (matchResult) ? matchResult[1] : addon.id; + if (code == "ja-JP-mac") + code = "ja"; + let name = knownLanguages[code]; + if (!name) { - let item = localeList.getItemAtIndex(i); - if (item.value.toLowerCase() == curLocale) - { - localeList.selectedIndex = i; - break; - } + // We do not have a name for this language pack. Use some heuristics. + name = addon.name; + let idx = name.lastIndexOf(" Language Pack"); + if (idx > 0) + name = name.substring(0, idx); } - } catch (e) {} + let isSelected = (curLocale && (code.toLowerCase() == curLocale)); + langInfo.push({ langCode: code, langName: name, isSelected: isSelected } ); + if (isSelected && !foundCurLocale) + foundCurLocale = true; + } - resizeDialogToFitContent(); + // Sort by language code. + langInfo.sort(function(aObj1, aObj2) { + if (aObj1.langCode == aObj2.langCode) + return 0; + + return (aObj1.langCode < aObj2.langCode) ? -1 : 1; + }); - TorLauncherLogger.log(2, "initLocaleDialog done"); + // Add en-US to the beginning of the list. + let code = "en-US"; + let name = knownLanguages[code]; + let isSelected = !foundCurLocale; // select English if nothing else matched + langInfo.splice(0, 0, + { langCode: code, langName: name, isSelected: isSelected }); + + // Populate the XUL listbox. + let localeList = document.getElementById(kLocaleList); + for (let infoObj of langInfo) + { + let listItem = document.createElement("listitem"); + listItem.setAttribute("value", infoObj.langCode); + listItem.setAttribute("label", infoObj.langName); + localeList.appendChild(listItem); + if (infoObj.isSelected) + localeList.selectedItem = listItem; + } }

1 0

[tor-browser/tor-browser-38.4.0esr-5.5-1] fixup! TB4: Tor Browser's Firefox preference overrides.
by gk＠torproject.org 17 Nov '15

17 Nov '15

commit 910844e490662894031a8b73a24093ddeda9e4f0 Author: Georg Koppen <gk(a)torproject.org> Date: Fri Nov 13 14:46:37 2015 +0000 fixup! TB4: Tor Browser's Firefox preference overrides. Bug 17369: Disable RC4 fallback. --- browser/app/profile/000-tor-browser.js | 3 +++ 1 file changed, 3 insertions(+) diff --git a/browser/app/profile/000-tor-browser.js b/browser/app/profile/000-tor-browser.js index c0fce16..1de3ed1 100644 --- a/browser/app/profile/000-tor-browser.js +++ b/browser/app/profile/000-tor-browser.js @@ -242,6 +242,9 @@ pref("network.jar.block-remote-files", false); // Enable TLS 1.1 and 1.2: // https://trac.torproject.org/projects/tor/ticket/11253 pref("security.tls.version.max", 3); +// Disable RC4 fallback. This will go live in Firefox 44, Chrome and IE/Edge: +// https://blog.mozilla.org/security/2015/09/11/deprecating-the-rc4-cipher/ +pref("security.tls.unrestricted_rc4_fallback", false); // Enforce certificate pinning, see: https://bugs.torproject.org/16206 pref("security.cert_pinning.enforcement_level", 2);

1 0

[tor-browser-bundle/master] Fold in stable changelog
by gk＠torproject.org 16 Nov '15

16 Nov '15

commit 28f5feeedcac82cedf52e5b62e3a3bba2d756658 Author: Georg Koppen <gk(a)torproject.org> Date: Mon Nov 16 13:40:07 2015 +0000 Fold in stable changelog --- Bundle-Data/Docs/ChangeLog.txt | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) diff --git a/Bundle-Data/Docs/ChangeLog.txt b/Bundle-Data/Docs/ChangeLog.txt index 2a4af99..ef1a6be 100644 --- a/Bundle-Data/Docs/ChangeLog.txt +++ b/Bundle-Data/Docs/ChangeLog.txt @@ -25,6 +25,27 @@ Tor Browser 5.5a4 -- November 3 2015 * Linux * Bug 17329: Ensure that non-ASCII characters can be typed (fixup of #5926) +Tor Browser 5.0.4 -- November 3 2015 + * All Platforms + * Update Firefox to 38.4.0esr + * Update NoScript to 2.6.9.39 + * Update Torbutton to 1.9.3.5 + * Bug 9623: Spoof Referer when leaving a .onion domain + * Bug 16735: about:tor should accommodate different fonts/font sizes + * Bug 16937: Don't translate the homepage/spellchecker dictionary string + * Bug 17164: Don't show text-select cursor on circuit display + * Bug 17351: Remove unused code + * Translation updates + * Bug 16937: Remove the en-US dictionary from non en-US Tor Browser bundles + * Bug 17318: Remove dead ScrambleSuit bridge + * Bug 17473: Update meek-amazon fingerprint + * Bug 16983: Isolate favicon requests caused by the tab list dropdown + * Bug 17102: Don't crash while opening a second Tor Browser + * Windows: + * Bug 16906: Don't depend on Windows crypto DLLs + * Linux: + * Bug 17329: Ensure that non-ASCII characters can be typed (fixup of #5926) + Tor Browser 5.5a3 -- September 22 2015 * All Platforms * Update Firefox to 38.3.0esr

1 0

[tor-browser/tor-browser-38.4.0esr-5.5-1] fixup! Bug #6253: Add canvas image extraction prompt.
by gk＠torproject.org 16 Nov '15

16 Nov '15

commit 57ff8d65a2ec29f778b5654b6b8284d2b20feb68 Author: Arthur Edelstein <arthuredelstein(a)gmail.com> Date: Fri Nov 6 16:41:29 2015 -0800 fixup! Bug #6253: Add canvas image extraction prompt. Ensure that third parties are never able to extract canvas image data, even if the same domain has been given permission previously as a first party. Also, refactor slightly to clarify logic of IsImageExtractionAllowed. --- dom/canvas/CanvasUtils.cpp | 179 +++++++++++++++++++++++--------------------- 1 file changed, 95 insertions(+), 84 deletions(-) diff --git a/dom/canvas/CanvasUtils.cpp b/dom/canvas/CanvasUtils.cpp index 9883a52..b3c83f6 100644 --- a/dom/canvas/CanvasUtils.cpp +++ b/dom/canvas/CanvasUtils.cpp @@ -46,99 +46,110 @@ namespace CanvasUtils { // Check site-specific permission and display prompt if appropriate. bool IsImageExtractionAllowed(nsIDocument *aDocument, JSContext *aCx) { - if (!aDocument || !aCx) - return false; + // Don't proceed if we don't have a document or JavaScript context. + if (!aDocument || !aCx) { + return false; + } - nsPIDOMWindow *win = aDocument->GetWindow(); - nsCOMPtr<nsIScriptObjectPrincipal> sop(do_QueryInterface(win)); - if (sop && nsContentUtils::IsSystemPrincipal(sop->GetPrincipal())) - return true; + // Documents with system principal can always extract canvas data. + nsPIDOMWindow *win = aDocument->GetWindow(); + nsCOMPtr<nsIScriptObjectPrincipal> sop(do_QueryInterface(win)); + if (sop && nsContentUtils::IsSystemPrincipal(sop->GetPrincipal())) { + return true; + } - // Don't show canvas prompt for chrome scripts (e.g. Page Inspector) - if (nsContentUtils::ThreadsafeIsCallerChrome()) - return true; + // Always give permission to chrome scripts (e.g. Page Inspector). + if (nsContentUtils::ThreadsafeIsCallerChrome()) { + return true; + } - JS::AutoFilename scriptFile; - unsigned scriptLine = 0; - bool isScriptKnown = false; - if (JS::DescribeScriptedCaller(aCx, &scriptFile, &scriptLine)) { - isScriptKnown = true; - // Don't show canvas prompt for PDF.js - if (scriptFile.get() && - strcmp(scriptFile.get(), "resource://pdf.js/build/pdf.js") == 0) - return true; - } - bool isAllowed = false; - nsCOMPtr<mozIThirdPartyUtil> thirdPartyUtil = - do_GetService(THIRDPARTYUTIL_CONTRACTID); - nsCOMPtr<nsIPermissionManager> permissionManager = - do_GetService(NS_PERMISSIONMANAGER_CONTRACTID); - if (thirdPartyUtil && permissionManager) { - nsCOMPtr<nsIURI> uri; - nsresult rv = thirdPartyUtil->GetFirstPartyURI(NULL, aDocument, - getter_AddRefs(uri)); - uint32_t permission = nsIPermissionManager::UNKNOWN_ACTION; - if (NS_SUCCEEDED(rv)) { - // Allow local files to access canvas data; check content permissions - // for remote pages. - bool isFileURL = false; - (void)uri->SchemeIs("file", &isFileURL); - if (isFileURL) - permission = nsIPermissionManager::ALLOW_ACTION; - else { - rv = permissionManager->TestPermission(uri, - PERMISSION_CANVAS_EXTRACT_DATA, &permission); - } + // Get the document URI and its spec. + nsIURI *docURI = aDocument->GetDocumentURI(); + nsCString docURISpec; + docURI->GetSpec(docURISpec); + + // Allow local files to extract canvas data. + bool isFileURL; + (void) docURI->SchemeIs("file", &isFileURL); + if (isFileURL) { + return true; } - if (NS_SUCCEEDED(rv)) { - isAllowed = (permission == nsIPermissionManager::ALLOW_ACTION); - - if (!isAllowed && (permission != nsIPermissionManager::DENY_ACTION)) { - // Log all attempted canvas access and block access by third parties. - bool isThirdParty = true; - nsIURI *docURI = aDocument->GetDocumentURI(); - rv = thirdPartyUtil->IsThirdPartyURI(uri, docURI, &isThirdParty); - NS_ENSURE_SUCCESS(rv, false); - - nsCString firstPartySpec; - rv = uri->GetSpec(firstPartySpec); - nsCString docSpec; - docURI->GetSpec(docSpec); - nsPrintfCString msg("On %s: blocked access to canvas image data" - " from document %s, ", // L10n - firstPartySpec.get(), docSpec.get()); - if (isScriptKnown && scriptFile.get()) { - msg += nsPrintfCString("script from %s:%u", // L10n - scriptFile.get(), scriptLine); - } else { - msg += nsPrintfCString("unknown script"); // L10n + // Get calling script file and line for logging. + JS::AutoFilename scriptFile; + unsigned scriptLine = 0; + bool isScriptKnown = false; + if (JS::DescribeScriptedCaller(aCx, &scriptFile, &scriptLine)) { + isScriptKnown = true; + // Don't show canvas prompt for PDF.js + if (scriptFile.get() && + strcmp(scriptFile.get(), "resource://pdf.js/build/pdf.js") == 0) { + return true; } - nsCOMPtr<nsIConsoleService> console - (do_GetService(NS_CONSOLESERVICE_CONTRACTID)); - if (console) - console->LogStringMessage(NS_ConvertUTF8toUTF16(msg).get()); - - // Log every canvas access attempt to stdout if debugging: -#ifdef DEBUG - printf("%s\n", msg.get()); -#endif - // Ensure URI is valid after logging, but before trying to notify the - // user: - NS_ENSURE_SUCCESS(rv, false); - - if (!isThirdParty) { - // Send notification so that a prompt is displayed. - nsCOMPtr<nsIObserverService> obs = - mozilla::services::GetObserverService(); - obs->NotifyObservers(win, TOPIC_CANVAS_PERMISSIONS_PROMPT, - NS_ConvertUTF8toUTF16(firstPartySpec).get()); + } + + // Load Third Party Util service. + nsresult rv; + nsCOMPtr<mozIThirdPartyUtil> thirdPartyUtil = + do_GetService(THIRDPARTYUTIL_CONTRACTID, &rv); + NS_ENSURE_SUCCESS(rv, false); + + // Get the First Party URI and its spec. + nsCOMPtr<nsIURI> firstPartyURI; + rv = thirdPartyUtil->GetFirstPartyURI(NULL, aDocument, + getter_AddRefs(firstPartyURI)); + NS_ENSURE_SUCCESS(rv, false); + nsCString firstPartySpec; + firstPartyURI->GetSpec(firstPartySpec); + + // Block all third-party attempts to extract canvas. + bool isThirdParty = true; + rv = thirdPartyUtil->IsThirdPartyURI(firstPartyURI, docURI, &isThirdParty); + NS_ENSURE_SUCCESS(rv, false); + if (isThirdParty) { + nsAutoCString message; + message.AppendPrintf("Blocked third party %s in page %s from extracting canvas data.", + docURISpec.get(), firstPartySpec.get()); + if (isScriptKnown) { + message.AppendPrintf(" %s:%u.", scriptFile.get(), scriptLine); } - } + nsContentUtils::LogMessageToConsole(message.get()); + return false; + } + + // Load Permission Manager service. + nsCOMPtr<nsIPermissionManager> permissionManager = + do_GetService(NS_PERMISSIONMANAGER_CONTRACTID); + NS_ENSURE_SUCCESS(rv, false); + + // Check if the site has permission to extract canvas data. + // Either permit or block extraction if a stored permission setting exists. + uint32_t permission; + rv = permissionManager->TestPermission(firstPartyURI, + PERMISSION_CANVAS_EXTRACT_DATA, &permission); + NS_ENSURE_SUCCESS(rv, false); + if (permission == nsIPermissionManager::ALLOW_ACTION) { + return true; + } else if (permission == nsIPermissionManager::DENY_ACTION) { + return false; } - } - return isAllowed; + // At this point, permission is unknown (nsIPermissionManager::UNKNOWN_ACTION). + nsAutoCString message; + message.AppendPrintf("Blocked %s in page %s from extracting canvas data.", + docURISpec.get(), firstPartySpec.get()); + if (isScriptKnown) { + message.AppendPrintf(" %s:%u.", scriptFile.get(), scriptLine); + } + nsContentUtils::LogMessageToConsole(message.get()); + + // Prompt the user (asynchronous). + nsCOMPtr<nsIObserverService> obs = mozilla::services::GetObserverService(); + obs->NotifyObservers(win, TOPIC_CANVAS_PERMISSIONS_PROMPT, + NS_ConvertUTF8toUTF16(firstPartySpec).get()); + + // We don't extract the image for now -- user may override at prompt. + return false; } void

1 0

[tor-browser/tor-browser-38.4.0esr-5.5-1] Merge remote-tracking branch 'arthur/17446+2' into tor-browser-38.4.0esr-5.5-1
by gk＠torproject.org 16 Nov '15

16 Nov '15

commit b501eedc0b4b8018f930fdaf3fc5d0116fab0b14 Merge: c429e39 57ff8d6 Author: Georg Koppen <gk(a)torproject.org> Date: Mon Nov 16 13:13:05 2015 +0000 Merge remote-tracking branch 'arthur/17446+2' into tor-browser-38.4.0esr-5.5-1 dom/canvas/CanvasUtils.cpp | 179 +++++++++++++++++++++++--------------------- 1 file changed, 95 insertions(+), 84 deletions(-)

1 0

[tor-browser/tor-browser-38.4.0esr-5.5-1] Bug 920750 - Disable update xml certificate checks on Mac OS X. r=bbondy
by gk＠torproject.org 13 Nov '15

13 Nov '15

commit f90a87efb57f9e2fd7f3b23e812af721f092a733 Author: Robert Strong <robert.bugzilla(a)gmail.com> Date: Wed Apr 8 00:34:57 2015 -0700 Bug 920750 - Disable update xml certificate checks on Mac OS X. r=bbondy --- browser/app/profile/firefox.js | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/browser/app/profile/firefox.js b/browser/app/profile/firefox.js index 7d9677a..9944a82 100644 --- a/browser/app/profile/firefox.js +++ b/browser/app/profile/firefox.js @@ -99,6 +99,14 @@ pref("app.update.log", false); // the failure. pref("app.update.backgroundMaxErrors", 10); +// The aus update xml certificate checks for application update are disabled on +// Windows and Mac OS X since the mar signature check are implemented on these +// platforms and is sufficient to prevent us from applying a mar that is not +// valid. +#if defined(XP_WIN) || defined(XP_MACOSX) +pref("app.update.cert.requireBuiltIn", false); +pref("app.update.cert.checkAttributes", false); +#else // When |app.update.cert.requireBuiltIn| is true or not specified the // final certificate and all certificates the connection is redirected to before // the final certificate for the url specified in the |app.update.url| @@ -136,6 +144,7 @@ pref("app.update.cert.maxErrors", 5); pref("app.update.certs.1.issuerName", "CN=DigiCert SHA2 High Assurance Server CA,OU=www.digicert.com,O=DigiCert Inc,C=US"); pref("app.update.certs.1.commonName", "*.torproject.org"); +#endif // Whether or not app updates are enabled pref("app.update.enabled", true);

1 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

tbb-commits November 2015