arthuredelstein / tor-browser Public

Bug 10286: Disable Touch API

If the top window's URI is not available, check for the system principal
to determine if SVGs may be used.  This fixes bug 21962.

Bug 21778: Canvas prompt not showing in Tor Browser based in ESR52

When running in multiprocess mode, use IPC to relay the
canvas-permissions-prompt observer notification to the chrome
(parent) process.

Fixes bug 10283 and disables the SpeechSynthesis API.

This blocks downloading GMPs via the new local fallback. See:
https://trac.torproject.org/projects/tor/ticket/15910#comment:25

MozReview-Commit-ID: BcWcqEKwGBv

--HG--
extra : rebase_source : 4bd21805a89359a5a2ed7ffd2ee2b76cf1e9e634

This is https://bugzilla.mozilla.org/show_bug.cgi?id=1351278

Bug 19316: change update URL from update_2 to update_3

It's not clear if it is still needed but we take it to be on the safe
side. This closes #21868.

Bug 19316: add support for a minInstructionSet attribute in the update
manifests.

… to the main thread. r=rstrong

MozReview-Commit-ID: LMoxF5yfXq2

--HG--
extra : rebase_source : c206e32bf8abf1aa225901ff5cde390a8a2ecec7

…ine from the main thread. r=rstrong

MozReview-Commit-ID: 9nOgB6z8ooE

--HG--
extra : rebase_source : 6a6a18f64297a0bd44e7d6f49b1812e035636e4c

In Mozilla bug 1324780, support for building with glib 2.28 (the version
available in CentOS 6) was added. However we are building on Debian
Wheezy which has glib 2.32. We fix that by backing out all glib > 2.28
code paths.

…ill not be enforced to rounded sizes when fingerprinting resistance is enabled. r?ehsan

A browser chrome test which ensures the dialog windows will not be enforced to
be rounded sizes when fingerprinting resistance is enabled.

MozReview-Commit-ID: LQG13FMANav

… rounded dimensions if it is

a window without a primary content when fingerprinting resistance is enabled. r?ehsan

This patch making the nsXULWindow::ForceRoundedDimensions() will only be called
when this window is a window which has a primary content when fingerprinting
resistance is enabled.

This will fix the problem that dialog windows are incorrectly resized after
fingerprinting resistance is enabled.

MozReview-Commit-ID: 6WD6c38CTPv

Always use the policies associated with the esr update channel so that
the e10s behavior is the same for all Tor Browser builds.

This reverts commit 6fd5ac8.

This is tjr's workaround for bug 1331335.

Patch by Jacek Caban

…esses on Windows. r=mhowell,tjr

This is an exploit mitigation which causes the Windows system allocator to abort
in the event it is in a corrupted state, rather than attempt to proceed in a
potentially exploitable state.

Because we use jemalloc, this only affects system libraries or plugins which
still use the system allocator.

The has been enabled on our content processes for a while without incident.

r=mhowell,tjr

MozReview-Commit-ID: 5ctXugtbI1A

--HG--
extra : rebase_source : f6f134404be3b258a8e522c22fa061c32a47e313

This is due to an improper implementation of the WebSocket spec by Mozilla.

"There MUST be no more than one connection in a CONNECTING state.  If multiple
connections to the same IP address are attempted simultaneously, the client
MUST serialize them so that there is no more than one connection at a time
running through the following steps.

If the client cannot determine the IP address of the remote host (for
example, because all communication is being done through a proxy server that
performs DNS queries itself), then the client MUST assume for the purposes of
this step that each host name refers to a distinct remote host,"

https://tools.ietf.org/html/rfc6455#page-15

They implmented the first paragraph, but not the second...

While we're at it, we also prevent the DNS service from being used to look up
anything other than IP addresses if socks_remote_dns is set to true, so this
bug can't turn up in other components or due to 3rd party addons.

CFBundleIdentifiers can only contain [A-Za-z.-], and by convention
the app component is lowercase and does not contain '.'.

Make configure delete all characters other than [a-z-] when generating
MOZ_MACBUNDLE_ID from MOZ_APP_DISPLAYNAME.

(This affects "Tor Browser", but not "Firefox".)

When macOS opens a document or selects a default browser, it sometimes
uses the CFBundleSignature. Changing from the Firefox MOZB signature to
a different signature TORB allows macOS to distinguish between Firefox
and Tor Browser.

ASan builds with GCC are broken without this patch. The much more involved
one landed on mozilla-central a while ago but missed the ESR 52 train by
three days.

Mozilla introduced extension signing as a way to make it harder for an
attacker to get a malicious add-on running in a user's browser. See:
https://blog.mozilla.org/addons/2015/02/10/extension-signing-safer-experience
and https://blog.mozilla.org/addons/2016/01/22/add-on-signing-update/
for some background information.

In ESR45 this feature is enabled by default and we exempt both our own
extensions and EFF's HTTPS-Everywhere from this requirement.

…=arthuredelstein,smaug

This patch adds two more test cases, browser_roundedWindow_open.js and
browser_roundedWindow_windowSetting.js. The browser_roundedWindow_open.js tests
the window.open() with window features, it will test window.open() with numbers
of window features to see that whether the opened window is correctly rounded.

The browser_roundedWindow_windowSetting.js tests the setting of
innerWidth/Height and outerWidth/Height. To see that the window is correctly
rounded or not after the setting.

This patch also adds a head.js and rename the browser_roundedWindow.js to
browser_roundedWindow_newWindow.js. The head.js carries two helper functions
that calculate the maximum available content size and the chrome UI size of
the pop up window.

MozReview-Commit-ID: LxJ2h2qAanY

--HG--
extra : rebase_source : b3744155fda93bd9e1650d07db7105092a2e5260

…windows and the inner window will be automatically rounded after setting size through innerWidth/Height and outerWidth/Height when fingerprinting resistance is enabled. r=smaug

    This patch makes the size of inner windows will be automatically rounded for
    either window.open() with window features or setting window size through
    innerWidth/Height and outerWidth/Height when fingerprinting resistance is
    enabled. If the given value is greater the maximum available rounded size, then
    it will be set to the maximum value. Otherwise, the size will be set to the
    nearest upper 200x100.

    This patch also adds one helper function in nsContentUtils for calculating the
    rounded window dimensions.

    MozReview-Commit-ID: J2r3951vuNN

    --HG--
    extra : rebase_source : a44b19bdf2ce7e90fc831ddc2b85a86d594cb0c3

…ded size when fingerprinting resistance is enabled. r=arthuredelstein,smaug

MozReview-Commit-ID: Gvksnh3cKHM

--HG--
extra : rebase_source : cae848ca467af34c08bff7190dce50cffa1399cc

…ize when fingerprinting resistance is enabled. r=arthuredelstein,mikedeboer

MozReview-Commit-ID: F1Ray6c5dzq

--HG--
extra : rebase_source : ed299058bf6f926e5987468dcab518b110fd7220

Conflicts:
	browser/components/sessionstore/SessionStore.jsm

…erprinting resistance is enabled (adopt from Tor #19459). r=arthuredelstein,smaug

MozReview-Commit-ID: 1qBNQhfdIYP

--HG--
extra : rebase_source : c46b4a936960ff165f950a59c1d31c1c5849645f