[tbb-commits] [Git][tpo/applications/tor-browser][base-browser-102.9.0esr-12.5-1] 9 commits: fixup! Bug 41149: Re-enable DLL injection protection in all builds not just nightlies

Pier Angelo Vendrame (@pierov) git at gitlab.torproject.org
Fri Mar 10 09:12:25 UTC 2023



Pier Angelo Vendrame pushed to branch base-browser-102.9.0esr-12.5-1 at The Tor Project / Applications / Tor Browser


Commits:
ff847912 by Pier Angelo Vendrame at 2023-03-10T09:44:43+01:00
fixup! Bug 41149: Re-enable DLL injection protection in all builds not just nightlies

Bug 41647: Clean up our {TOR,BASE}_BROWSER(_VERSION)? macros

Changed BASE_BROWSER with BASE_BROWSER_VERSION.

- - - - -
9b0c427d by Pier Angelo Vendrame at 2023-03-10T09:44:51+01:00
fixup! Bug 41599: Always return an empty string as network ID

Bug 41647: Clean up our {TOR,BASE}_BROWSER(_VERSION)? macros

Changed BASE_BROWSER with BASE_BROWSER_VERSION.

- - - - -
ed2e2a46 by Pier Angelo Vendrame at 2023-03-10T09:44:52+01:00
fixup! Bug 41108: Remove privileged macOS installation from 102

Bug 41647: Clean up our {TOR,BASE}_BROWSER(_VERSION)? macros

Changed BASE_BROWSER with BASE_BROWSER_VERSION.

- - - - -
09494c9c by Pier Angelo Vendrame at 2023-03-10T09:44:52+01:00
fixup! Base Browser's .mozconfigs.

Bug 41647: Clean up our {TOR,BASE}_BROWSER(_VERSION)? macros

Removed the --enable-base-browser flag and the BASE_BROWSER macro and
added --with-base-browser-version to the -dev mozconfig.

- - - - -
3a9ece68 by Pier Angelo Vendrame at 2023-03-10T09:44:53+01:00
fixup! Bug 25741: TBA: Disable GeckoNetworkManager

Bug 41647: Clean up our {TOR,BASE}_BROWSER(_VERSION)? macros

Changed TOR_BROWSER_VERSION to TOR_BROWSER.

- - - - -
8482c229 by Pier Angelo Vendrame at 2023-03-10T09:44:53+01:00
fixup! Bug 31575: Disable Firefox Home (Activity Stream)

Bug 41647: Clean up our {TOR,BASE}_BROWSER(_VERSION)? macros

Changed BASE_BROWSER with BASE_BROWSER_VERSION.

- - - - -
fcc36dda by Pier Angelo Vendrame at 2023-03-10T09:44:54+01:00
fixup! Bug 31740: Remove some unnecessary RemoteSettings instances

Bug 41647: Clean up our {TOR,BASE}_BROWSER(_VERSION)? macros

Changed BASE_BROWSER with BASE_BROWSER_VERSION.

- - - - -
be67ccc4 by Pier Angelo Vendrame at 2023-03-10T09:44:54+01:00
fixup! Firefox preference overrides.

Bug 41647: Clean up our {TOR,BASE}_BROWSER(_VERSION)? macros

Changed TOR_BROWSER_VERSION with BASE_BROWSER_VERSION.

- - - - -
065785a8 by Pier Angelo Vendrame at 2023-03-10T09:44:54+01:00
fixup! Bug 41542: Disable the creation of a default profile

Bug 41647: Clean up our {TOR,BASE}_BROWSER(_VERSION)? macros

Changed TOR_BROWSER_VERSION with BASE_BROWSER_VERSION.

- - - - -


18 changed files:

- browser/components/about/AboutRedirector.cpp
- browser/config/mozconfigs/base-browser
- browser/config/mozconfigs/base-browser-android
- docshell/base/nsAboutRedirector.cpp
- mobile/android/app/mobile.js
- mobile/android/geckoview/src/main/java/org/mozilla/geckoview/GeckoRuntime.java
- moz.configure
- mozconfig-linux-x86_64-dev
- mozconfig-macos-x86_64 → mozconfig-macos
- netwerk/system/android/nsAndroidNetworkLinkService.cpp
- netwerk/system/linux/nsNetworkLinkService.cpp
- netwerk/system/mac/nsNetworkLinkService.mm
- netwerk/system/netlink/NetlinkService.cpp
- netwerk/system/win32/nsNotifyAddrListener.cpp
- toolkit/modules/AppConstants.jsm
- toolkit/profile/nsToolkitProfileService.cpp
- toolkit/xre/MacRunFromDmgUtils.mm
- toolkit/xre/dllservices/mozglue/WindowsDllBlocklist.cpp


Changes:

=====================================
browser/components/about/AboutRedirector.cpp
=====================================
@@ -70,7 +70,7 @@ static const RedirEntry kRedirMap[] = {
          nsIAboutModule::URI_CAN_LOAD_IN_PRIVILEGEDABOUT_PROCESS |
          nsIAboutModule::URI_SAFE_FOR_UNTRUSTED_CONTENT |
          nsIAboutModule::IS_SECURE_CHROME_UI},
-#ifndef BASE_BROWSER
+#ifndef BASE_BROWSER_VERSION
     {"firefoxview", "chrome://browser/content/firefoxview.html",
      nsIAboutModule::ALLOW_SCRIPT | nsIAboutModule::IS_SECURE_CHROME_UI |
          nsIAboutModule::HIDE_FROM_ABOUTABOUT},
@@ -108,7 +108,7 @@ static const RedirEntry kRedirMap[] = {
          nsIAboutModule::URI_CAN_LOAD_IN_PRIVILEGEDABOUT_PROCESS |
          nsIAboutModule::URI_SAFE_FOR_UNTRUSTED_CONTENT |
          nsIAboutModule::ALLOW_SCRIPT},
-#ifndef BASE_BROWSER
+#ifndef BASE_BROWSER_VERSION
     {"pocket-saved", "chrome://pocket/content/panels/saved.html",
      nsIAboutModule::URI_SAFE_FOR_UNTRUSTED_CONTENT |
          nsIAboutModule::URI_CAN_LOAD_IN_CHILD | nsIAboutModule::ALLOW_SCRIPT |


=====================================
browser/config/mozconfigs/base-browser
=====================================
@@ -36,8 +36,6 @@ ac_add_options --disable-system-policies
 # See bug #41131
 ac_add_options --disable-backgroundtasks
 
-ac_add_options --enable-base-browser
-
 # Disable telemetry
 ac_add_options MOZ_TELEMETRY_REPORTING=
 


=====================================
browser/config/mozconfigs/base-browser-android
=====================================
@@ -31,8 +31,6 @@ ac_add_options --disable-parental-controls
 ac_add_options --enable-proxy-bypass-protection
 ac_add_options --disable-system-policies
 
-ac_add_options --enable-base-browser
-
 # Disable telemetry
 ac_add_options MOZ_TELEMETRY_REPORTING=
 


=====================================
docshell/base/nsAboutRedirector.cpp
=====================================
@@ -165,7 +165,7 @@ static const RedirEntry kRedirMap[] = {
 #endif
     {"telemetry", "chrome://global/content/aboutTelemetry.xhtml",
      nsIAboutModule::ALLOW_SCRIPT | nsIAboutModule::IS_SECURE_CHROME_UI},
-#ifndef BASE_BROWSER
+#ifndef BASE_BROWSER_VERSION
     {"url-classifier", "chrome://global/content/aboutUrlClassifier.xhtml",
      nsIAboutModule::ALLOW_SCRIPT},
 #endif


=====================================
mobile/android/app/mobile.js
=====================================
@@ -355,7 +355,7 @@ pref("app.update.timerMinimumDelay", 30); // seconds
 // used by update service to decide whether or not to
 // automatically download an update
 pref("app.update.autodownload", "wifi");
-#ifdef TOR_BROWSER_VERSION
+#ifdef BASE_BROWSER_VERSION
 pref("app.update.url.android", "");
 #else
 pref("app.update.url.android", "https://aus5.mozilla.org/update/4/%PRODUCT%/%VERSION%/%BUILD_ID%/%BUILD_TARGET%/%LOCALE%/%CHANNEL%/%OS_VERSION%/%DISTRIBUTION%/%DISTRIBUTION_VERSION%/%MOZ_VERSION%/update.xml");


=====================================
mobile/android/geckoview/src/main/java/org/mozilla/geckoview/GeckoRuntime.java
=====================================
@@ -161,9 +161,12 @@ public final class GeckoRuntime implements Parcelable {
       mPaused = false;
       // Monitor network status and send change notifications to Gecko
       // while active.
-      if (BuildConfig.TOR_BROWSER_VERSION == "") {
+      if (!BuildConfig.TOR_BROWSER) {
         GeckoNetworkManager.getInstance().start(GeckoAppShell.getApplicationContext());
+      } else {
+        Log.d(LOGTAG, "Tor Browser: skip GeckoNetworkManager startup"); 
       }
+
     }
 
     @OnLifecycleEvent(Lifecycle.Event.ON_PAUSE)
@@ -171,7 +174,7 @@ public final class GeckoRuntime implements Parcelable {
       Log.d(LOGTAG, "Lifecycle: onPause");
       mPaused = true;
       // Stop monitoring network status while inactive.
-      if (BuildConfig.TOR_BROWSER_VERSION == "") {
+      if (!BuildConfig.TOR_BROWSER) {
         GeckoNetworkManager.getInstance().stop();
       }
       GeckoThread.onPause();


=====================================
moz.configure
=====================================
@@ -1016,14 +1016,6 @@ def zlib_in_mozglue(system_zlib, js_shared, linker, os):
 set_config("ZLIB_IN_MOZGLUE", zlib_in_mozglue)
 set_define("ZLIB_IN_MOZGLUE", zlib_in_mozglue)
 
-option(
-    "--enable-base-browser",
-    help="Enable Base Browser"
-)
-
-set_config("BASE_BROWSER", True, when="--enable-base-browser")
-set_define("BASE_BROWSER", True, when="--enable-base-browser")
-
 
 option(
     "--with-relative-data-dir",
@@ -1044,6 +1036,37 @@ def relative_data_dir(value, target):
 set_define("RELATIVE_DATA_DIR", relative_data_dir)
 
 
+option(
+    "--with-base-browser-version",
+    nargs=1,
+    help="Set the Base Browser version, e.g., 7.0a1"
+)
+
+
+ at depends("--with-base-browser-version")
+def base_browser_version(value):
+    if not value:
+        die(
+            "--with-base-browser-version is required for Base Browser and derived browsers."
+        )
+    return value[0]
+
+
+ at depends("--with-base-browser-version")
+def base_browser_version_quoted(value):
+    if not value:
+        die(
+            "--with-base-browser-version is required for Base Browser and derived browsers."
+        )
+    if '"' in value or "\\" in value:
+        die("--with-base-browser-version cannot contain \" or \\.")
+    return '"{}"'.format(value[0])
+
+
+set_define("BASE_BROWSER_VERSION", base_browser_version)
+set_define("BASE_BROWSER_VERSION_QUOTED", base_browser_version_quoted)
+
+
 # Please do not add configure checks from here on.
 
 # Fallthrough to autoconf-based configure


=====================================
mozconfig-linux-x86_64-dev
=====================================
@@ -11,3 +11,4 @@ ac_add_options --enable-default-toolkit=cairo-gtk3
 ac_add_options --disable-strip
 ac_add_options --disable-install-strip
 
+ac_add_options --with-base-browser-version=dev-build


=====================================
mozconfig-macos-x86_64 → mozconfig-macos
=====================================


=====================================
netwerk/system/android/nsAndroidNetworkLinkService.cpp
=====================================
@@ -123,7 +123,7 @@ nsAndroidNetworkLinkService::GetLinkType(uint32_t* aLinkType) {
 
 NS_IMETHODIMP
 nsAndroidNetworkLinkService::GetNetworkID(nsACString& aNetworkID) {
-#ifdef BASE_BROWSER
+#ifdef BASE_BROWSER_VERSION
   aNetworkID.Truncate();
 #else
   if (!mNetlinkSvc) {


=====================================
netwerk/system/linux/nsNetworkLinkService.cpp
=====================================
@@ -50,7 +50,7 @@ nsNetworkLinkService::GetLinkType(uint32_t* aLinkType) {
 
 NS_IMETHODIMP
 nsNetworkLinkService::GetNetworkID(nsACString& aNetworkID) {
-#ifdef BASE_BROWSER
+#ifdef BASE_BROWSER_VERSION
   aNetworkID.Truncate();
 #else
   if (!mNetlinkSvc) {


=====================================
netwerk/system/mac/nsNetworkLinkService.mm
=====================================
@@ -123,7 +123,7 @@ nsNetworkLinkService::GetLinkType(uint32_t* aLinkType) {
 
 NS_IMETHODIMP
 nsNetworkLinkService::GetNetworkID(nsACString& aNetworkID) {
-#ifdef BASE_BROWSER
+#ifdef BASE_BROWSER_VERSION
   aNetworkID.Truncate();
 #else
   MutexAutoLock lock(mMutex);


=====================================
netwerk/system/netlink/NetlinkService.cpp
=====================================
@@ -1875,7 +1875,7 @@ void NetlinkService::CalculateNetworkID() {
 }
 
 void NetlinkService::GetNetworkID(nsACString& aNetworkID) {
-#ifdef BASE_BROWSER
+#ifdef BASE_BROWSER_VERSION
   aNetworkID.Truncate();
 #else
   MutexAutoLock lock(mMutex);


=====================================
netwerk/system/win32/nsNotifyAddrListener.cpp
=====================================
@@ -105,7 +105,7 @@ nsNotifyAddrListener::GetLinkType(uint32_t* aLinkType) {
 
 NS_IMETHODIMP
 nsNotifyAddrListener::GetNetworkID(nsACString& aNetworkID) {
-#ifdef BASE_BROWSER
+#ifdef BASE_BROWSER_VERSION
   aNetworkID.Truncate();
 #else
   MutexAutoLock lock(mMutex);


=====================================
toolkit/modules/AppConstants.jsm
=====================================
@@ -354,6 +354,8 @@ this.AppConstants = Object.freeze({
   MOZ_WIDGET_TOOLKIT: "@MOZ_WIDGET_TOOLKIT@",
   ANDROID_PACKAGE_NAME: "@ANDROID_PACKAGE_NAME@",
 
+  BASE_BROWSER_VERSION: "@BASE_BROWSER_VERSION@",
+
   DEBUG_JS_MODULES: "@DEBUG_JS_MODULES@",
 
   MOZ_BING_API_CLIENTID: "@MOZ_BING_API_CLIENTID@",


=====================================
toolkit/profile/nsToolkitProfileService.cpp
=====================================
@@ -1583,7 +1583,7 @@ nsresult nsToolkitProfileService::SelectStartupProfile(
       // this behavior through a build-time flag, should Mozilla be interested
       // in taking it.
       // See also https://bugzilla.mozilla.org/show_bug.cgi?id=1770174
-#ifndef BASE_BROWSER
+#ifndef BASE_BROWSER_VERSION
       // If there is only one profile and it isn't meant to be the profile that
       // older versions of Firefox use then we must create a default profile
       // for older versions of Firefox to avoid the existing profile being


=====================================
toolkit/xre/MacRunFromDmgUtils.mm
=====================================
@@ -288,7 +288,7 @@ static void StripQuarantineBit(NSString* aBundlePath) {
   LaunchTask(@"/usr/bin/xattr", arguments);
 }
 
-#if defined(MOZ_UPDATER) && !defined(BASE_BROWSER)
+#if defined(MOZ_UPDATER) && !defined(BASE_BROWSER_VERSION)
 bool LaunchElevatedDmgInstall(NSString* aBundlePath, NSArray* aArguments) {
   NSTask* task;
   if (@available(macOS 10.13, *)) {
@@ -332,7 +332,7 @@ static bool InstallFromPath(NSString* aBundlePath, NSString* aDestPath) {
 
   bool triedElevatedInstall = false;
 
-#if defined(MOZ_UPDATER) && !defined(BASE_BROWSER)
+#if defined(MOZ_UPDATER) && !defined(BASE_BROWSER_VERSION)
   // The installation may have been unsuccessful if the user did not have the
   // rights to write to the Applications directory. Check for this situation and
   // launch an elevated installation if necessary. Rather than creating a new,


=====================================
toolkit/xre/dllservices/mozglue/WindowsDllBlocklist.cpp
=====================================
@@ -531,7 +531,7 @@ continue_loading:
   return ret;
 }
 
-#if defined(NIGHTLY_BUILD) || defined(BASE_BROWSER)
+#if defined(NIGHTLY_BUILD) || defined(BASE_BROWSER_VERSION)
 // Map of specific thread proc addresses we should block. In particular,
 // LoadLibrary* APIs which indicate DLL injection
 static void* gStartAddressesToBlock[4];
@@ -544,7 +544,7 @@ static bool ShouldBlockThread(void* aStartAddress) {
     return false;
   }
 
-#if defined(NIGHTLY_BUILD) || defined(BASE_BROWSER)
+#if defined(NIGHTLY_BUILD) || defined(BASE_BROWSER_VERSION)
   for (auto p : gStartAddressesToBlock) {
     if (p == aStartAddress) {
       return true;
@@ -618,7 +618,7 @@ MFBT_API void DllBlocklist_Initialize(uint32_t aInitFlags) {
     }
   }
 
-#if defined(NIGHTLY_BUILD) || defined(BASE_BROWSER)
+#if defined(NIGHTLY_BUILD) || defined(BASE_BROWSER_VERSION)
   // Populate a list of thread start addresses to block.
   HMODULE hKernel = GetModuleHandleW(L"kernel32.dll");
   if (hKernel) {



View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/compare/53121e557775d0a5c77d0095267a59a26981c14c...065785a831c6d97380f99c95138e977b5185cf13

-- 
View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/compare/53121e557775d0a5c77d0095267a59a26981c14c...065785a831c6d97380f99c95138e977b5185cf13
You're receiving this email because of your account on gitlab.torproject.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tbb-commits/attachments/20230310/75910ae6/attachment-0001.htm>


More information about the tbb-commits mailing list