[tor-commits] [Git][tpo/applications/tor-browser][tor-browser-115.9.1esr-13.0-1] 3 commits: fixup! Firefox preference overrides.
Pier Angelo Vendrame (@pierov)
git at gitlab.torproject.org
Mon Apr 8 10:51:25 UTC 2024
Pier Angelo Vendrame pushed to branch tor-browser-115.9.1esr-13.0-1 at The Tor Project / Applications / Tor Browser
Commits:
59d59b87 by Pier Angelo Vendrame at 2024-04-08T12:48:52+02:00
fixup! Firefox preference overrides.
Bug 41676: Set privacy.resistFingerprinting.testing.setTZtoUTC as a
defense-in-depth.
We will have to revert this during the ESR-transition.
- - - - -
e29b76ff by Pier Angelo Vendrame at 2024-04-08T12:50:50+02:00
Bug 42428: Make RFP spoof the timezone of document.lastModified.
- - - - -
4b70c6b0 by Pier Angelo Vendrame at 2024-04-08T12:51:14+02:00
Bug 42472: Spoof timezone in XSLT.
- - - - -
3 changed files:
- browser/app/profile/001-base-profile.js
- dom/base/Document.cpp
- dom/xslt/xslt/txEXSLTFunctions.cpp
Changes:
=====================================
browser/app/profile/001-base-profile.js
=====================================
@@ -397,6 +397,9 @@ pref("browser.display.use_system_colors", false);
// Enforce non-native widget theme (true by default, defense in depth).
// Provides a uniform look and feel across platforms. Added with tor-browser#41496.
pref("widget.non-native-theme.enabled", true);
+// tor-browser#41676: Set the TZ environment variable as a defense-in-depth.
+// TODO: Remove this in ESR-128, as it has been removed in 116 with Bug 1837582.
+pref("privacy.resistFingerprinting.testing.setTZtoUTC", true);
// tor-browser#41943: lock and revisit after it gets flipped to true in stable Firefox
pref("javascript.options.spectre.disable_for_isolated_content", false, locked);
=====================================
dom/base/Document.cpp
=====================================
@@ -4104,10 +4104,11 @@ void Document::SetDocumentURI(nsIURI* aURI) {
}
}
-static void GetFormattedTimeString(PRTime aTime,
+static void GetFormattedTimeString(PRTime aTime, bool aUniversal,
nsAString& aFormattedTimeString) {
PRExplodedTime prtime;
- PR_ExplodeTime(aTime, PR_LocalTimeParameters, &prtime);
+ PR_ExplodeTime(aTime, aUniversal ? PR_GMTParameters : PR_LocalTimeParameters,
+ &prtime);
// "MM/DD/YYYY hh:mm:ss"
char formatedTime[24];
if (SprintfLiteral(formatedTime, "%02d/%02d/%04d %02d:%02d:%02d",
@@ -4125,7 +4126,9 @@ void Document::GetLastModified(nsAString& aLastModified) const {
if (!mLastModified.IsEmpty()) {
aLastModified.Assign(mLastModified);
} else {
- GetFormattedTimeString(PR_Now(), aLastModified);
+ GetFormattedTimeString(PR_Now(),
+ ShouldResistFingerprinting(RFPTarget::Unknown),
+ aLastModified);
}
}
@@ -11113,7 +11116,8 @@ void Document::RetrieveRelevantHeaders(nsIChannel* aChannel) {
mLastModified.Truncate();
if (modDate != 0) {
- GetFormattedTimeString(modDate, mLastModified);
+ GetFormattedTimeString(
+ modDate, ShouldResistFingerprinting(RFPTarget::Unknown), mLastModified);
}
}
=====================================
dom/xslt/xslt/txEXSLTFunctions.cpp
=====================================
@@ -591,7 +591,14 @@ nsresult txEXSLTFunctionCall::evaluate(txIEvalContext* aContext,
// http://exslt.org/date/functions/date-time/
PRExplodedTime prtime;
- PR_ExplodeTime(PR_Now(), PR_LocalTimeParameters, &prtime);
+ PR_ExplodeTime(
+ PR_Now(),
+ // We are not allowed to access the Document when evaluating this, so
+ // fall back to the general function.
+ nsContentUtils::ShouldResistFingerprinting(RFPTarget::Unknown)
+ ? PR_GMTParameters
+ : PR_LocalTimeParameters,
+ &prtime);
int32_t offset =
(prtime.tm_params.tp_gmt_offset + prtime.tm_params.tp_dst_offset) /
View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/compare/e69ef25e035e3fd36772da9e2e38925a6c69c092...4b70c6b02d980a3f6d92975ffb79115d70a8a732
--
View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/compare/e69ef25e035e3fd36772da9e2e38925a6c69c092...4b70c6b02d980a3f6d92975ffb79115d70a8a732
You're receiving this email because of your account on gitlab.torproject.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-commits/attachments/20240408/9c017309/attachment-0001.htm>
More information about the tor-commits
mailing list