arthuredelstein / tor-browser Public

…or mouse event screenX/Y (for dragend, 0,0 is returned).

…y-only

This reverts commit 7837901.

…ove Amazon, eBay, bing

When built with --enable-tor-browser-data-outside-app-dir, account for the new Mac OS directory structure (see bug #13252).

When built with --enable-tor-browser-data-outside-app-dir, account for the new Mac OS directory structure (see bug #13252). Many of the updater changes we made earlier are no longer needed. Also, fix a JS warning inside toolkit/mozapps/update/nsUpdateService.js and improve startup time logging of update status.

Add an --enable-tor-browser-data-outside-app-dir configure option. When this is enabled, all user data is stored in a directory named TorBrowser-Data which is located next to the application directory. The first time an updated browser is opened, migrate the existing browser profile, Tor data directory contents, and UpdateInfo to the TorBrowser-Data directory. If migration of the browser profile fails, an error alert is displayed and the browser is started using a new profile. Display an informative error messages if the TorBrowser-Data directory cannot be created due to an "access denied" or a "read only volume" error. Add support for installing "override" preferences within the user's browser profile. All .js files in distribution/preferences (on Mac OS, Contents/Resources/distribution/preferences) will be copied to the preferences directory within the user's browser profile when the profile is created and each time Tor Browser is updated. This mechanism will be used to install the extension-overrides.js file into the profile. On Mac OS, add support for the --invisible command line option which is used by the meek-http-helper to avoid showing an icon for the helper browser on the dock.

Temporarily disable staged updates on Windows.

Add an about:tbupdate page that displays the first section from TorBrowser/Docs/ChangeLog.txt and includes a link to the remote post-update page (typically our blog entry for the release).

This is part of our plan to rotate the main key used for signing MAR files about once a year to make. This is a defense in depth measure as there is no official way for revoking MAR signing keys. We begin with just replacing the secondary key as this one got mostly used to sign MAR files over the last year.

Replace Mozilla's MAR signing certificates with our own. Configure with --enable-signmar (build the signmar tool). Configure with --enable-verify-mar (when updating, require a valid signature on the MAR file before it is applied). Use the Tor Browser version instead of the Firefox version inside the MAR file info block (necessary to prevent downgrade attacks). Use NSS on all platforms for checking MAR signatures (Mozilla plans to use OS-native APIs on Mac OS and they already do so on Windows). So that the NSS and NSPR libraries the updater depends on can be found at runtime, we add the firefox directory to the shared library search path on all platforms. Use SHA512-based MAR signatures instead of the SHA1-based ones that Mozilla uses. This is implemented inside MAR_USE_SHA512_RSA_SIG #ifdef's and with a signature algorithm ID of 512 to help avoid collisions with future work Mozilla might do in this area. See: https://bugzilla.mozilla.org/show_bug.cgi?id=1105689

New configure options: --with-tor-browser-version=VERSION # Pass TB version throughout build. --enable-tor-browser-update # Enable bundle update behavior. The following files are never updated: TorBrowser/Data/Browser/profiles.ini TorBrowser/Data/Browser/profile.default/bookmarks.html TorBrowser/Data/Tor/torrc Mac OS: Store update metadata under TorBrowser/UpdateInfo. Removed the %OS_VERSION% component from the update URL (13047) and added support for minSupportedOSVersion, an attribute of the <update> element that may be used to trigger Firefox's "unsupported platform" behavior. Windows: disable "runas" code path in updater (15201). Windows: avoid writing to the registry (16236). Also includes fixes for tickets 13047, 13301, 13356, 13594, 15406, 16014, and 16909. Conflicts: browser/confvars.sh

When in permanent private browsing mode, always return false for isAutomaticRestoreEnabled. This ensures that there will not be any confusion inside nsBrowserContentHandler.defaultArgs as to whether a one time session restore will occur. Also, for consistency and in case someone looks at the pref, avoid setting browser.sessionstore.resume_session = true during browser shutdown. This bug occurred when staging was not used during the update process. On Windows it always occurred because staging is not used even when it should be (see #18292).

Unless the -osint command line flag is used, the browser now defaults to the equivalent of -no-remote. There is a new -allow-remote flag that may be used to restore the original (Firefox-like) default behavior.

…ative. This should eliminate our need to rely on a wrapper script that sets $HOME and launches Firefox with -profile.

Note that when the privacy.thirdparty.isolate pref. is set to 1 or 2, we disable use of Broadcast Channels by SharedWorkers since we cannot obtain the isolation host.

…omain

This patch handles blob URLs created and retrieved in Web Workers. See also #15703 and #16429.

Also prevent DOM storage from ever writing to disk.

This test ensures that if first-party isolation is enabled ("privacy.thirdparty.isolate" pref is set to 2) then when a loaded file is cached, it is indexed by the URL-bar domain. In this test, a number of files are loaded (via IFRAME, LINK, SCRIPT, IMG, OBJECT, EMBED, AUDIO, VIDEO, TRACK and XMLHttpRequest) by parent pages with different URL bar domains. When isolation is active, we test to confirm that a separate copy of each file is cached for each different parent domain. We also test to make sure that when isolation is inactive, a single copy of the child page is cached and reused for all parent domains. squash! Bug #13749.2: Regression tests for first-party isolation of cache Also checks first-party isolation of favicons: https://bugs.torproject.org/16728

The image cache maintains its own table outside of the main cache, and does not obey cacheKeys by default.

Prevent user tracking via HTTP Basic Authentication by removing Authorization headers from third party requests. This is a port of a piece of the Stanford SafeCache code that previously was included in Torbutton.

allow the activation or deactivation of isolating DOM storage and image caching by first party URI.

… or nsIDocument. static ThirdPartyUtil API

…Document. Logs the URI of the source doc/channel that failed.

Convert JS implementation (within Torbutton) to a C++ browser patch.

arthuredelstein / tor-browser Public

Commits on Apr 7, 2016