[tbb-commits] [Git][tpo/applications/tor-browser][base-browser-102.9.0esr-12.5-1] 9 commits: fixup! Bug 41149: Re-enable DLL injection protection in all builds not just nightlies
Pier Angelo Vendrame (@pierov)
git at gitlab.torproject.org
Fri Mar 10 09:12:25 UTC 2023
Pier Angelo Vendrame pushed to branch base-browser-102.9.0esr-12.5-1 at The Tor Project / Applications / Tor Browser
Commits:
ff847912 by Pier Angelo Vendrame at 2023-03-10T09:44:43+01:00
fixup! Bug 41149: Re-enable DLL injection protection in all builds not just nightlies
Bug 41647: Clean up our {TOR,BASE}_BROWSER(_VERSION)? macros
Changed BASE_BROWSER with BASE_BROWSER_VERSION.
- - - - -
9b0c427d by Pier Angelo Vendrame at 2023-03-10T09:44:51+01:00
fixup! Bug 41599: Always return an empty string as network ID
Bug 41647: Clean up our {TOR,BASE}_BROWSER(_VERSION)? macros
Changed BASE_BROWSER with BASE_BROWSER_VERSION.
- - - - -
ed2e2a46 by Pier Angelo Vendrame at 2023-03-10T09:44:52+01:00
fixup! Bug 41108: Remove privileged macOS installation from 102
Bug 41647: Clean up our {TOR,BASE}_BROWSER(_VERSION)? macros
Changed BASE_BROWSER with BASE_BROWSER_VERSION.
- - - - -
09494c9c by Pier Angelo Vendrame at 2023-03-10T09:44:52+01:00
fixup! Base Browser's .mozconfigs.
Bug 41647: Clean up our {TOR,BASE}_BROWSER(_VERSION)? macros
Removed the --enable-base-browser flag and the BASE_BROWSER macro and
added --with-base-browser-version to the -dev mozconfig.
- - - - -
3a9ece68 by Pier Angelo Vendrame at 2023-03-10T09:44:53+01:00
fixup! Bug 25741: TBA: Disable GeckoNetworkManager
Bug 41647: Clean up our {TOR,BASE}_BROWSER(_VERSION)? macros
Changed TOR_BROWSER_VERSION to TOR_BROWSER.
- - - - -
8482c229 by Pier Angelo Vendrame at 2023-03-10T09:44:53+01:00
fixup! Bug 31575: Disable Firefox Home (Activity Stream)
Bug 41647: Clean up our {TOR,BASE}_BROWSER(_VERSION)? macros
Changed BASE_BROWSER with BASE_BROWSER_VERSION.
- - - - -
fcc36dda by Pier Angelo Vendrame at 2023-03-10T09:44:54+01:00
fixup! Bug 31740: Remove some unnecessary RemoteSettings instances
Bug 41647: Clean up our {TOR,BASE}_BROWSER(_VERSION)? macros
Changed BASE_BROWSER with BASE_BROWSER_VERSION.
- - - - -
be67ccc4 by Pier Angelo Vendrame at 2023-03-10T09:44:54+01:00
fixup! Firefox preference overrides.
Bug 41647: Clean up our {TOR,BASE}_BROWSER(_VERSION)? macros
Changed TOR_BROWSER_VERSION with BASE_BROWSER_VERSION.
- - - - -
065785a8 by Pier Angelo Vendrame at 2023-03-10T09:44:54+01:00
fixup! Bug 41542: Disable the creation of a default profile
Bug 41647: Clean up our {TOR,BASE}_BROWSER(_VERSION)? macros
Changed TOR_BROWSER_VERSION with BASE_BROWSER_VERSION.
- - - - -
18 changed files:
- browser/components/about/AboutRedirector.cpp
- browser/config/mozconfigs/base-browser
- browser/config/mozconfigs/base-browser-android
- docshell/base/nsAboutRedirector.cpp
- mobile/android/app/mobile.js
- mobile/android/geckoview/src/main/java/org/mozilla/geckoview/GeckoRuntime.java
- moz.configure
- mozconfig-linux-x86_64-dev
- mozconfig-macos-x86_64 → mozconfig-macos
- netwerk/system/android/nsAndroidNetworkLinkService.cpp
- netwerk/system/linux/nsNetworkLinkService.cpp
- netwerk/system/mac/nsNetworkLinkService.mm
- netwerk/system/netlink/NetlinkService.cpp
- netwerk/system/win32/nsNotifyAddrListener.cpp
- toolkit/modules/AppConstants.jsm
- toolkit/profile/nsToolkitProfileService.cpp
- toolkit/xre/MacRunFromDmgUtils.mm
- toolkit/xre/dllservices/mozglue/WindowsDllBlocklist.cpp
Changes:
=====================================
browser/components/about/AboutRedirector.cpp
=====================================
@@ -70,7 +70,7 @@ static const RedirEntry kRedirMap[] = {
nsIAboutModule::URI_CAN_LOAD_IN_PRIVILEGEDABOUT_PROCESS |
nsIAboutModule::URI_SAFE_FOR_UNTRUSTED_CONTENT |
nsIAboutModule::IS_SECURE_CHROME_UI},
-#ifndef BASE_BROWSER
+#ifndef BASE_BROWSER_VERSION
{"firefoxview", "chrome://browser/content/firefoxview.html",
nsIAboutModule::ALLOW_SCRIPT | nsIAboutModule::IS_SECURE_CHROME_UI |
nsIAboutModule::HIDE_FROM_ABOUTABOUT},
@@ -108,7 +108,7 @@ static const RedirEntry kRedirMap[] = {
nsIAboutModule::URI_CAN_LOAD_IN_PRIVILEGEDABOUT_PROCESS |
nsIAboutModule::URI_SAFE_FOR_UNTRUSTED_CONTENT |
nsIAboutModule::ALLOW_SCRIPT},
-#ifndef BASE_BROWSER
+#ifndef BASE_BROWSER_VERSION
{"pocket-saved", "chrome://pocket/content/panels/saved.html",
nsIAboutModule::URI_SAFE_FOR_UNTRUSTED_CONTENT |
nsIAboutModule::URI_CAN_LOAD_IN_CHILD | nsIAboutModule::ALLOW_SCRIPT |
=====================================
browser/config/mozconfigs/base-browser
=====================================
@@ -36,8 +36,6 @@ ac_add_options --disable-system-policies
# See bug #41131
ac_add_options --disable-backgroundtasks
-ac_add_options --enable-base-browser
-
# Disable telemetry
ac_add_options MOZ_TELEMETRY_REPORTING=
=====================================
browser/config/mozconfigs/base-browser-android
=====================================
@@ -31,8 +31,6 @@ ac_add_options --disable-parental-controls
ac_add_options --enable-proxy-bypass-protection
ac_add_options --disable-system-policies
-ac_add_options --enable-base-browser
-
# Disable telemetry
ac_add_options MOZ_TELEMETRY_REPORTING=
=====================================
docshell/base/nsAboutRedirector.cpp
=====================================
@@ -165,7 +165,7 @@ static const RedirEntry kRedirMap[] = {
#endif
{"telemetry", "chrome://global/content/aboutTelemetry.xhtml",
nsIAboutModule::ALLOW_SCRIPT | nsIAboutModule::IS_SECURE_CHROME_UI},
-#ifndef BASE_BROWSER
+#ifndef BASE_BROWSER_VERSION
{"url-classifier", "chrome://global/content/aboutUrlClassifier.xhtml",
nsIAboutModule::ALLOW_SCRIPT},
#endif
=====================================
mobile/android/app/mobile.js
=====================================
@@ -355,7 +355,7 @@ pref("app.update.timerMinimumDelay", 30); // seconds
// used by update service to decide whether or not to
// automatically download an update
pref("app.update.autodownload", "wifi");
-#ifdef TOR_BROWSER_VERSION
+#ifdef BASE_BROWSER_VERSION
pref("app.update.url.android", "");
#else
pref("app.update.url.android", "https://aus5.mozilla.org/update/4/%PRODUCT%/%VERSION%/%BUILD_ID%/%BUILD_TARGET%/%LOCALE%/%CHANNEL%/%OS_VERSION%/%DISTRIBUTION%/%DISTRIBUTION_VERSION%/%MOZ_VERSION%/update.xml");
=====================================
mobile/android/geckoview/src/main/java/org/mozilla/geckoview/GeckoRuntime.java
=====================================
@@ -161,9 +161,12 @@ public final class GeckoRuntime implements Parcelable {
mPaused = false;
// Monitor network status and send change notifications to Gecko
// while active.
- if (BuildConfig.TOR_BROWSER_VERSION == "") {
+ if (!BuildConfig.TOR_BROWSER) {
GeckoNetworkManager.getInstance().start(GeckoAppShell.getApplicationContext());
+ } else {
+ Log.d(LOGTAG, "Tor Browser: skip GeckoNetworkManager startup");
}
+
}
@OnLifecycleEvent(Lifecycle.Event.ON_PAUSE)
@@ -171,7 +174,7 @@ public final class GeckoRuntime implements Parcelable {
Log.d(LOGTAG, "Lifecycle: onPause");
mPaused = true;
// Stop monitoring network status while inactive.
- if (BuildConfig.TOR_BROWSER_VERSION == "") {
+ if (!BuildConfig.TOR_BROWSER) {
GeckoNetworkManager.getInstance().stop();
}
GeckoThread.onPause();
=====================================
moz.configure
=====================================
@@ -1016,14 +1016,6 @@ def zlib_in_mozglue(system_zlib, js_shared, linker, os):
set_config("ZLIB_IN_MOZGLUE", zlib_in_mozglue)
set_define("ZLIB_IN_MOZGLUE", zlib_in_mozglue)
-option(
- "--enable-base-browser",
- help="Enable Base Browser"
-)
-
-set_config("BASE_BROWSER", True, when="--enable-base-browser")
-set_define("BASE_BROWSER", True, when="--enable-base-browser")
-
option(
"--with-relative-data-dir",
@@ -1044,6 +1036,37 @@ def relative_data_dir(value, target):
set_define("RELATIVE_DATA_DIR", relative_data_dir)
+option(
+ "--with-base-browser-version",
+ nargs=1,
+ help="Set the Base Browser version, e.g., 7.0a1"
+)
+
+
+ at depends("--with-base-browser-version")
+def base_browser_version(value):
+ if not value:
+ die(
+ "--with-base-browser-version is required for Base Browser and derived browsers."
+ )
+ return value[0]
+
+
+ at depends("--with-base-browser-version")
+def base_browser_version_quoted(value):
+ if not value:
+ die(
+ "--with-base-browser-version is required for Base Browser and derived browsers."
+ )
+ if '"' in value or "\\" in value:
+ die("--with-base-browser-version cannot contain \" or \\.")
+ return '"{}"'.format(value[0])
+
+
+set_define("BASE_BROWSER_VERSION", base_browser_version)
+set_define("BASE_BROWSER_VERSION_QUOTED", base_browser_version_quoted)
+
+
# Please do not add configure checks from here on.
# Fallthrough to autoconf-based configure
=====================================
mozconfig-linux-x86_64-dev
=====================================
@@ -11,3 +11,4 @@ ac_add_options --enable-default-toolkit=cairo-gtk3
ac_add_options --disable-strip
ac_add_options --disable-install-strip
+ac_add_options --with-base-browser-version=dev-build
=====================================
mozconfig-macos-x86_64 → mozconfig-macos
=====================================
=====================================
netwerk/system/android/nsAndroidNetworkLinkService.cpp
=====================================
@@ -123,7 +123,7 @@ nsAndroidNetworkLinkService::GetLinkType(uint32_t* aLinkType) {
NS_IMETHODIMP
nsAndroidNetworkLinkService::GetNetworkID(nsACString& aNetworkID) {
-#ifdef BASE_BROWSER
+#ifdef BASE_BROWSER_VERSION
aNetworkID.Truncate();
#else
if (!mNetlinkSvc) {
=====================================
netwerk/system/linux/nsNetworkLinkService.cpp
=====================================
@@ -50,7 +50,7 @@ nsNetworkLinkService::GetLinkType(uint32_t* aLinkType) {
NS_IMETHODIMP
nsNetworkLinkService::GetNetworkID(nsACString& aNetworkID) {
-#ifdef BASE_BROWSER
+#ifdef BASE_BROWSER_VERSION
aNetworkID.Truncate();
#else
if (!mNetlinkSvc) {
=====================================
netwerk/system/mac/nsNetworkLinkService.mm
=====================================
@@ -123,7 +123,7 @@ nsNetworkLinkService::GetLinkType(uint32_t* aLinkType) {
NS_IMETHODIMP
nsNetworkLinkService::GetNetworkID(nsACString& aNetworkID) {
-#ifdef BASE_BROWSER
+#ifdef BASE_BROWSER_VERSION
aNetworkID.Truncate();
#else
MutexAutoLock lock(mMutex);
=====================================
netwerk/system/netlink/NetlinkService.cpp
=====================================
@@ -1875,7 +1875,7 @@ void NetlinkService::CalculateNetworkID() {
}
void NetlinkService::GetNetworkID(nsACString& aNetworkID) {
-#ifdef BASE_BROWSER
+#ifdef BASE_BROWSER_VERSION
aNetworkID.Truncate();
#else
MutexAutoLock lock(mMutex);
=====================================
netwerk/system/win32/nsNotifyAddrListener.cpp
=====================================
@@ -105,7 +105,7 @@ nsNotifyAddrListener::GetLinkType(uint32_t* aLinkType) {
NS_IMETHODIMP
nsNotifyAddrListener::GetNetworkID(nsACString& aNetworkID) {
-#ifdef BASE_BROWSER
+#ifdef BASE_BROWSER_VERSION
aNetworkID.Truncate();
#else
MutexAutoLock lock(mMutex);
=====================================
toolkit/modules/AppConstants.jsm
=====================================
@@ -354,6 +354,8 @@ this.AppConstants = Object.freeze({
MOZ_WIDGET_TOOLKIT: "@MOZ_WIDGET_TOOLKIT@",
ANDROID_PACKAGE_NAME: "@ANDROID_PACKAGE_NAME@",
+ BASE_BROWSER_VERSION: "@BASE_BROWSER_VERSION@",
+
DEBUG_JS_MODULES: "@DEBUG_JS_MODULES@",
MOZ_BING_API_CLIENTID: "@MOZ_BING_API_CLIENTID@",
=====================================
toolkit/profile/nsToolkitProfileService.cpp
=====================================
@@ -1583,7 +1583,7 @@ nsresult nsToolkitProfileService::SelectStartupProfile(
// this behavior through a build-time flag, should Mozilla be interested
// in taking it.
// See also https://bugzilla.mozilla.org/show_bug.cgi?id=1770174
-#ifndef BASE_BROWSER
+#ifndef BASE_BROWSER_VERSION
// If there is only one profile and it isn't meant to be the profile that
// older versions of Firefox use then we must create a default profile
// for older versions of Firefox to avoid the existing profile being
=====================================
toolkit/xre/MacRunFromDmgUtils.mm
=====================================
@@ -288,7 +288,7 @@ static void StripQuarantineBit(NSString* aBundlePath) {
LaunchTask(@"/usr/bin/xattr", arguments);
}
-#if defined(MOZ_UPDATER) && !defined(BASE_BROWSER)
+#if defined(MOZ_UPDATER) && !defined(BASE_BROWSER_VERSION)
bool LaunchElevatedDmgInstall(NSString* aBundlePath, NSArray* aArguments) {
NSTask* task;
if (@available(macOS 10.13, *)) {
@@ -332,7 +332,7 @@ static bool InstallFromPath(NSString* aBundlePath, NSString* aDestPath) {
bool triedElevatedInstall = false;
-#if defined(MOZ_UPDATER) && !defined(BASE_BROWSER)
+#if defined(MOZ_UPDATER) && !defined(BASE_BROWSER_VERSION)
// The installation may have been unsuccessful if the user did not have the
// rights to write to the Applications directory. Check for this situation and
// launch an elevated installation if necessary. Rather than creating a new,
=====================================
toolkit/xre/dllservices/mozglue/WindowsDllBlocklist.cpp
=====================================
@@ -531,7 +531,7 @@ continue_loading:
return ret;
}
-#if defined(NIGHTLY_BUILD) || defined(BASE_BROWSER)
+#if defined(NIGHTLY_BUILD) || defined(BASE_BROWSER_VERSION)
// Map of specific thread proc addresses we should block. In particular,
// LoadLibrary* APIs which indicate DLL injection
static void* gStartAddressesToBlock[4];
@@ -544,7 +544,7 @@ static bool ShouldBlockThread(void* aStartAddress) {
return false;
}
-#if defined(NIGHTLY_BUILD) || defined(BASE_BROWSER)
+#if defined(NIGHTLY_BUILD) || defined(BASE_BROWSER_VERSION)
for (auto p : gStartAddressesToBlock) {
if (p == aStartAddress) {
return true;
@@ -618,7 +618,7 @@ MFBT_API void DllBlocklist_Initialize(uint32_t aInitFlags) {
}
}
-#if defined(NIGHTLY_BUILD) || defined(BASE_BROWSER)
+#if defined(NIGHTLY_BUILD) || defined(BASE_BROWSER_VERSION)
// Populate a list of thread start addresses to block.
HMODULE hKernel = GetModuleHandleW(L"kernel32.dll");
if (hKernel) {
View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/compare/53121e557775d0a5c77d0095267a59a26981c14c...065785a831c6d97380f99c95138e977b5185cf13
--
View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/compare/53121e557775d0a5c77d0095267a59a26981c14c...065785a831c6d97380f99c95138e977b5185cf13
You're receiving this email because of your account on gitlab.torproject.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tbb-commits/attachments/20230310/75910ae6/attachment-0001.htm>
More information about the tbb-commits
mailing list