Commits:
-
8b73ad9e
by Pier Angelo Vendrame at 2023-05-08T10:15:38+02:00
fixup! Firefox preference overrides.
Bug 41683: Disable the network process on Windows
-
c26520af
by Pier Angelo Vendrame at 2023-05-08T10:16:07+02:00
fixup! Bug 10760: Integrate TorButton to TorBrowser core
Bug 40501: High CPU load after tor exits unexpectedly
When a peers (tor) disconnects, Firefox seems to keep the stream open,
and return 0 on available, rather than throwing.
So, as a matter of fact, we had a while trying to read 0 bytes without
any pause in _readLine, hence the 100% CPU usage.
-
23ddf6d2
by hackademix at 2023-05-08T10:16:21+02:00
Bug 41728: Pin bridges.torproject.org domains to Let's Encrypt's root cert public key
3 changed files:
Changes:
browser/app/profile/001-base-profile.js
| ... |
... |
@@ -404,6 +404,14 @@ pref("captivedetect.canonicalURL", ""); |
|
404
|
404
|
// See tor-browser#18801.
|
|
405
|
405
|
pref("dom.push.serverURL", "");
|
|
406
|
406
|
|
|
|
407
|
+#ifdef XP_WIN
|
|
|
408
|
+// tor-browser#41683: Disable the network process on Windows
|
|
|
409
|
+// Mozilla already disables the network process for HTTP.
|
|
|
410
|
+// With this preference, we completely disable it, because we found that it
|
|
|
411
|
+// breaks stuff with mingw. See also tor-browser#41489.
|
|
|
412
|
+pref("network.process.enabled", false);
|
|
|
413
|
+#endif
|
|
|
414
|
+
|
|
407
|
415
|
// Extension support
|
|
408
|
416
|
pref("extensions.autoDisableScopes", 0);
|
|
409
|
417
|
pref("extensions.databaseSchema", 3);
|
security/manager/ssl/StaticHPKPins.h
| ... |
... |
@@ -451,6 +451,14 @@ static const StaticFingerprints kPinset_tor = { |
|
451
|
451
|
kPinset_tor_Data
|
|
452
|
452
|
};
|
|
453
|
453
|
|
|
|
454
|
+static const char* const kPinset_tor_browser_Data[] = {
|
|
|
455
|
+ kISRG_Root_X1Fingerprint,
|
|
|
456
|
+};
|
|
|
457
|
+static const StaticFingerprints kPinset_tor_browser = {
|
|
|
458
|
+ sizeof(kPinset_tor_browser_Data) / sizeof(const char*),
|
|
|
459
|
+ kPinset_tor_browser_Data
|
|
|
460
|
+};
|
|
|
461
|
+
|
|
454
|
462
|
static const char* const kPinset_twitterCom_Data[] = {
|
|
455
|
463
|
kGOOGLE_PIN_VeriSignClass2_G2Fingerprint,
|
|
456
|
464
|
kGOOGLE_PIN_VeriSignClass3_G2Fingerprint,
|
| ... |
... |
@@ -619,6 +627,7 @@ static const TransportSecurityPreload kPublicKeyPinningPreloadList[] = { |
|
619
|
627
|
{ "blogger.com", true, false, false, -1, &kPinset_google_root_pems },
|
|
620
|
628
|
{ "blogspot.com", true, false, false, -1, &kPinset_google_root_pems },
|
|
621
|
629
|
{ "br.search.yahoo.com", false, true, false, -1, &kPinset_yahoo },
|
|
|
630
|
+ { "bridges.torproject.org", false, false, false, -1, &kPinset_tor_browser },
|
|
622
|
631
|
{ "bugs.chromium.org", true, false, false, -1, &kPinset_google_root_pems },
|
|
623
|
632
|
{ "build.chromium.org", true, false, false, -1, &kPinset_google_root_pems },
|
|
624
|
633
|
{ "business.facebook.com", true, false, false, -1, &kPinset_facebook },
|
toolkit/torbutton/modules/tor-control-port.js
| ... |
... |
@@ -135,6 +135,18 @@ class AsyncSocket { |
|
135
|
135
|
this.inputQueue.push({
|
|
136
|
136
|
onInputStreamReady: stream => {
|
|
137
|
137
|
try {
|
|
|
138
|
+ if (!this.scriptableInputStream.available()) {
|
|
|
139
|
+ // This means EOF, but not closed yet. However, arriving at EOF
|
|
|
140
|
+ // should be an error condition for us, since we are in a socket,
|
|
|
141
|
+ // and EOF should mean peer disconnected.
|
|
|
142
|
+ // If the stream has been closed, this function itself should
|
|
|
143
|
+ // throw.
|
|
|
144
|
+ reject(
|
|
|
145
|
+ new Error("onInputStreamReady called without available bytes.")
|
|
|
146
|
+ );
|
|
|
147
|
+ return;
|
|
|
148
|
+ }
|
|
|
149
|
+
|
|
138
|
150
|
// read our string from input stream
|
|
139
|
151
|
let str = this.scriptableInputStream.read(
|
|
140
|
152
|
this.scriptableInputStream.available()
|
|