fixup! Bug 1832832 - protect encoder accesses in Java callbacks. r=media-playback-reviewers,alwu a=pascalc

- MOZ_GUARDED_BY is just GUARDED_BY in esr 102

Differential Revision: https://phabricator.services.mozilla.com/D178564

Alex Catarineu authored 5 years ago and Pier Angelo Vendrame committed 1 year ago

Whenever a valid Onion-Location HTTP header (or corresponding HTML
<meta> http-equiv attribute) is found in a document load, we either
redirect to it (if the user opted-in via preference) or notify the
presence of an onionsite alternative with a badge in the urlbar.

Kathleen Brade authored 5 years ago and Pier Angelo Vendrame committed 1 year ago

When Tor informs the browser that client authentication is needed,
temporarily load about:blank instead of about:neterror and prompt
for the user's key.

If a correctly formatted key is entered, use Tor's ONION_CLIENT_AUTH_ADD
control port command to add the key (via Torbutton's control port
module) and reload the page.

If the user cancels the prompt, display the standard about:neterror
"Unable to connect" page. This requires a small change to
browser/actors/NetErrorChild.jsm to account for the fact that the
docShell no longer has the failedChannel information. The failedChannel
is used to extract TLS-related error info, which is not applicable
in the case of a canceled .onion authentication prompt.

Add a leaveOpen option to PopupNotifications.show so we can display
error messages within the popup notification doorhanger without
closing the prompt.

Add support for onion services strings to the TorStrings module.

Add support for Tor extended SOCKS errors (Tor proposal 304) to the
socket transport and SOCKS layers. Improved display of all of these
errors will be implemented as part of bug 30025.

Also fixes bug 19757:
 Add a "Remember this key" checkbox to the client auth prompt.

 Add an "Onion Services Authentication" section within the
 about:preferences "Privacy & Security section" to allow
 viewing and removal of v3 onion client auth keys that have
 been stored on disk.

Also fixes bug 19251: use enhanced error pages for onion service errors.

cypherpunks1 authored 1 year ago and Pier Angelo Vendrame committed 1 year ago

Bug 33298: Warn when submitting form data from http onion sites over an insecure connection

Richard Pospesel authored 6 years ago and Pier Angelo Vendrame committed 1 year ago

Encrypting pages hosted on Onion Services with SSL/TLS is redundant
(in terms of hiding content) as all traffic within the Tor network is
already fully encrypted.  Therefore, serving HTTP pages from an Onion
Service is more or less fine.

Prior to this patch, Tor Browser would mostly treat pages delivered
via Onion Services as well as pages delivered in the ordinary fashion
over the internet in the same way.  This created some inconsistencies
in behaviour and misinformation presented to the user relating to the
security of pages delivered via Onion Services:

 - HTTP Onion Service pages did not have any 'lock' icon indicating
   the site was secure
 - HTTP Onion Service pages would be marked as unencrypted in the Page
   Info screen
 - Mixed-mode content restrictions did not apply to HTTP Onion Service
   pages embedding Non-Onion HTTP content

This patch fixes the above issues, and also adds several new 'Onion'
icons to the mix to indicate all of the various permutations of Onion
Services hosted HTTP or HTTPS pages with HTTP or HTTPS content.

Strings for Onion Service Page Info page are pulled from Torbutton's
localization strings.

Richard Pospesel authored 3 years ago and Pier Angelo Vendrame committed 1 year ago

- implements new about:torconnect page as tor-launcher replacement
- adds tor connection status to url bar and tweaks UX when not online
- adds new torconnect component to browser
- tor process management functionality remains implemented in tor-launcher through the TorProtocolService module
- adds warning/error box to about:preferences#tor when not connected to tor
- explicitly allows about:torconnect URIs to ignore Resist Fingerprinting (RFP)
- various tweaks to info-pages.inc.css for about:torconnect (also affects other firefox info pages)

Bug 40773: Update the about:torconnect frontend page to match additional UI flows

ma1 authored 2 years ago and Pier Angelo Vendrame committed 1 year ago

Bug 41613: Skip Drang & Drop filtering for DNS-safe URLs

Georg Koppen authored 5 years ago and Pier Angelo Vendrame committed 1 year ago

Related Bugzilla: https://bugzilla.mozilla.org/show_bug.cgi?id=1428034

Marco Simonelli authored 2 years ago and Pier Angelo Vendrame committed 1 year ago

- fixes required to build dom/media/systemservices

Marco Simonelli authored 2 years ago and Pier Angelo Vendrame committed 1 year ago

- fixes required to build dom/media/webrtc

Georg Koppen authored 3 years ago and Pier Angelo Vendrame committed 1 year ago

This reverts commit 1eb1364357ac5bc2a4531337fb5416af39c3793f.

This fixes tor-browser#40721, tor-browser#40698, and tor-browser#40706.
However, it is a temporary workaround, that we should revert once
https://bugzilla.mozilla.org/show_bug.cgi?id=1744719 is fixed.

Rob Wu authored 2 years ago and Pier Angelo Vendrame committed 1 year ago

Depends on D164656

Differential Revision: https://phabricator.services.mozilla.com/D166108

Kershaw Chang authored 2 years ago and Pier Angelo Vendrame committed 1 year ago

Differential Revision: https://phabricator.services.mozilla.com/D164656

Differential Revision: https://phabricator.services.mozilla.com/D178074

Bug 1830206 - Add an arbitrary limit to the number of audio channels a media can have. r=alwu, a=RyanVM

Differential Revision: https://phabricator.services.mozilla.com/D177644

Add a new field to nsContentList that should be true if and only if
that list is in one of the hashtable caches.

The entry destructor release assert double checks that any list it contains
knew it was in an entry. This should be superfluous as long as
SetContentList is the only place that sets HashEntry::mContentList to a non-null
value, and nsContentList::mInHashtable to true.

The first SetContentList release assert ensures that the entry starts out empty,
because if it wasn't we'd need to tell the current list that it is being
removed from the cache entry.

The second SetContentList release assert ensures that the list is never in more
than one entry at the same time, which allows us to make mInHashtable a boolean
and not an integer.

The release asserts in the remove-from-hashtable methods ensure that the list
isn't in a hashtable afterwards. These are done as two separate checks to try to
help with debugging if we see these asserts get hit. These methods are called
from the destructor, and other places related to tearing down a content list.

Differential Revision: https://phabricator.services.mozilla.com/D178322

Bug 1830795, part 3 - Move content list cache entry classes into their list classes. r=nika a=RyanVM

In the next patch, I'm adding a field to nsContentList that I want these hash
table entries to be able to access, so I'm making them inner classes here.

I've also renamed them to get rid of some redundancy, because
otherwise the qualified names would be long.

Differential Revision: https://phabricator.services.mozilla.com/D177844

Differential Revision: https://phabricator.services.mozilla.com/D177843

This isn't necessary for the later parts, but I think it makes
it easier to understand.

Differential Revision: https://phabricator.services.mozilla.com/D177842

Otherwise GCing will not release them.

Differential Revision: https://phabricator.services.mozilla.com/D176828

Differential Revision: https://phabricator.services.mozilla.com/D176697

Differential Revision: https://phabricator.services.mozilla.com/D176356

Bug 1830186 - Use local variable instead of temporary in GridLines::SetLineInfo. r=dholbert, a=RyanVM

Differential Revision: https://phabricator.services.mozilla.com/D176594

Differential Revision: https://phabricator.services.mozilla.com/D175018

Differential Revision: https://phabricator.services.mozilla.com/D176016

Differential Revision: https://phabricator.services.mozilla.com/D171779

Bug 1814856 - Collapse QuotaManager::mShutdownStarted on gShutdown. r=dom-storage-reviewers,janv a=RyanVM

Differential Revision: https://phabricator.services.mozilla.com/D173533

Differential Revision: https://phabricator.services.mozilla.com/D174176

Depends on D174175

Bug 1812498 - Destroy RenderBufferTextureHosts that use VideoBridgeParent's Shmems in VideoBridgeParent::OnChannelError(). r=lsalzman, a=RyanVM

Destroy RenderBufferTextureHosts that use VideoBridgeParent's Shmems before destroying all VideoBridgeParent's Shmems by PVideoBridgeParent::OnChannelError().

The patch includes Bug 1817674 fix.

Differential Revision: https://phabricator.services.mozilla.com/D172764

Differential Revision: https://phabricator.services.mozilla.com/D172637

Bug 1602927 - disable test_names_sorted.html on linux64 opt r=intermittent-reviewers,gbrown a=test-only

Differential Revision: https://phabricator.services.mozilla.com/D147625

Bug 1812498 - Destroy RenderBufferTextureHosts that use VideoBridgeParent's Shmems in VideoBridgeParent::OnChannelError(). r=lsalzman, a=dsmith

Destroy RenderBufferTextureHosts that use VideoBridgeParent's Shmems before destroying all VideoBridgeParent's Shmems by PVideoBridgeParent::OnChannelError().

The patch includes Bug 1817674 fix.

Differential Revision: https://phabricator.services.mozilla.com/D172764

Differential Revision: https://phabricator.services.mozilla.com/D171401

This patch adds the ability for Windows on ARM to launch either x86 or
ARM Widevine plugins. It also adds the ability for Windows on x86 to
refuse ARM binaries in case, for example, a profile is transferred
between machines.

Overall this should be a non-functional change for users at the time of
landing. It does however allow us to ship the ARM Widevine plugin to
Windows ARM users to workaround a plugin crash with the x86 Widevine
plugin. This only affects Windows 10 users (Windows 11 works fine).

Differential Revision: https://phabricator.services.mozilla.com/D167634

Differential Revision: https://phabricator.services.mozilla.com/D171485