tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE
commit 965af5d58e39080602f57b2fc0f16ed5c3030803
parent 4c89c1e158076c446343fd8830a73e844ecd5886
Author: Dan Baker <dbaker@mozilla.com>
Date:   Wed, 22 Oct 2025 12:06:40 -0600

Bug 1995393 - updated libwebrtc patch stack

Diffstat:

Athird_party/libwebrtc/moz-patch-stack/4221e1bc2f.no-op-cherry-pick-msg | 1+


Athird_party/libwebrtc/moz-patch-stack/p0001.patch | 44++++++++++++++++++++++++++++++++++++++++++++


Athird_party/libwebrtc/moz-patch-stack/p0002.patch | 109+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++


3 files changed, 154 insertions(+), 0 deletions(-)

diff --git a/third_party/libwebrtc/moz-patch-stack/4221e1bc2f.no-op-cherry-pick-msg b/third_party/libwebrtc/moz-patch-stack/4221e1bc2f.no-op-cherry-pick-msg
@@ -0,0 +1 @@
+We already cherry-picked this when we vendored 36ea4535a5.
diff --git a/third_party/libwebrtc/moz-patch-stack/p0001.patch b/third_party/libwebrtc/moz-patch-stack/p0001.patch
@@ -0,0 +1,44 @@
+From: Philipp Hancke <phancke@meta.com>
+Date: Sat, 16 Aug 2025 12:15:50 -0700
+Subject: (cherry-pick-branch-heads/7339) [M140] sdp munging: do not misdetect
+ rtp attributes on datachannel
+
+rtcp-mux and rtcp-rsize are unconditionally set for datachannel
+but since they are not serialized in the SDP they are not parsed.
+This leads the munging detector to misclassify this.
+
+a unit test is added as a separate CL for easier backmerging.
+
+(cherry picked from commit 602b06b1125ea4d107fbfbda7d314b4157c4c74b)
+
+Bug: webrtc:414284082,chromium:40567530
+Fixed: chromium:439807581
+Change-Id: I4ebb2ad5062ea42fc47a314ed929de42f91bbea7
+Reviewed-on: https://webrtc-review.googlesource.com/c/src/+/404740
+Commit-Queue: Philipp Hancke <phancke@meta.com>
+Reviewed-by: Harald Alvestrand <hta@webrtc.org>
+Cr-Original-Commit-Position: refs/heads/main@{#45357}
+Reviewed-on: https://webrtc-review.googlesource.com/c/src/+/405281
+Cr-Commit-Position: refs/branch-heads/7339@{#1}
+Cr-Branched-From: 9bd64751d9b3b35a820cb72c9029993e218146a1-refs/heads/main@{#45270}
+---
+ pc/sdp_munging_detector.cc | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+diff --git a/pc/sdp_munging_detector.cc b/pc/sdp_munging_detector.cc
+index addfa25c02..f54aeaa86a 100644
+--- a/pc/sdp_munging_detector.cc
++++ b/pc/sdp_munging_detector.cc
+@@ -424,6 +424,12 @@ SdpMungingType DetermineSdpMungingType(
+     }
+     // Validate video and audio contents.
+     MediaType media_type = last_created_media_description->type();
++    bool is_rtp =
++        media_type == MediaType::AUDIO || media_type == MediaType::VIDEO;
++    if (!is_rtp) {
++      // The checks that follow only apply for RTP-based contents.
++      continue;
++    }
+     if (media_type == MediaType::VIDEO) {
+       type = DetermineVideoSdpMungingType(last_created_media_description,
+                                           media_description_to_set);
diff --git a/third_party/libwebrtc/moz-patch-stack/p0002.patch b/third_party/libwebrtc/moz-patch-stack/p0002.patch
@@ -0,0 +1,109 @@
+From: Jonas Oreland <jonaso@webrtc.org>
+Date: Tue, 26 Aug 2025 15:57:29 +0200
+Subject: (cherry-pick-branch-heads/7339) [M140] DTLS1.3: Fix missing
+ retransmission due to failure to set timer.
+
+DTLS 1.3 considers itself connected earlier than DTLS 1.2 did - when
+second flight reaches the client. This CL fixes a bug that when
+client is connected (state_ != SSL_CONNECTING), it would not
+continue retransmitting. Continuous retransmission is needed
+when the third flight is lost multiple times. Or really anytime that DTLS request it :)
+
+This fixes the TODO in dtls_ice_integrationtest.cc in which dtls1.3
+spuriously failed with certain (packet loss intensive) configurations.
+
+CREDITS: sergeysu@ that found and fixed the problem!
+
+(cherry picked from commit 4221e1bc2fc360448c1663f0bbae058ff9f65a48)
+
+No-Try: true
+Bug: chromium:441245658, chromium:441486101
+Change-Id: I3302f6f384d7e4cda090184094a6fadaf7e4f129
+Reviewed-on: https://webrtc-review.googlesource.com/c/src/+/406320
+Reviewed-by: Tomas Gunnarsson <tommi@webrtc.org>
+Reviewed-by: Harald Alvestrand <hta@webrtc.org>
+Commit-Queue: Jonas Oreland <jonaso@webrtc.org>
+Cr-Original-Commit-Position: refs/heads/main@{#45439}
+Reviewed-on: https://webrtc-review.googlesource.com/c/src/+/407780
+Commit-Queue: Guido Urdaneta <guidou@webrtc.org>
+Cr-Commit-Position: refs/branch-heads/7339@{#2}
+Cr-Branched-From: 9bd64751d9b3b35a820cb72c9029993e218146a1-refs/heads/main@{#45270}
+---
+ p2p/dtls/dtls_ice_integrationtest.cc |  6 +-----
+ rtc_base/openssl_stream_adapter.cc   | 15 ++++++++++++---
+ rtc_base/openssl_stream_adapter.h    |  2 ++
+ 3 files changed, 15 insertions(+), 8 deletions(-)
+
+diff --git a/p2p/dtls/dtls_ice_integrationtest.cc b/p2p/dtls/dtls_ice_integrationtest.cc
+index 2d539e2e22..1e42998d4f 100644
+--- a/p2p/dtls/dtls_ice_integrationtest.cc
++++ b/p2p/dtls/dtls_ice_integrationtest.cc
+@@ -127,11 +127,7 @@ class DtlsIceIntegrationTest : public ::testing::TestWithParam<std::tuple<
+ 
+     BuiltInNetworkBehaviorConfig networkBehavior;
+     networkBehavior.link_capacity = DataRate::KilobitsPerSec(220);
+-    // TODO (webrtc:383141571) : Investigate why this testcase fails for
+-    // DTLS 1.3 delay if networkBehavior.queue_delay_ms = 100ms.
+-    // - unless both peers support dtls in stun, in which case it passes.
+-    // - note: only for dtls1.3, it works for dtls1.2!
+-    networkBehavior.queue_delay_ms = 50;
++    networkBehavior.queue_delay_ms = 100;
+     networkBehavior.queue_length_packets = 30;
+     networkBehavior.loss_percent = 50;
+ 
+diff --git a/rtc_base/openssl_stream_adapter.cc b/rtc_base/openssl_stream_adapter.cc
+index 604a9465c7..0bf0d8ea62 100644
+--- a/rtc_base/openssl_stream_adapter.cc
++++ b/rtc_base/openssl_stream_adapter.cc
+@@ -852,10 +852,15 @@ void OpenSSLStreamAdapter::SetTimeout(int delay_ms) {
+           // We check the timer even after SSL_CONNECTED,
+           // but ContinueSSL() is only needed when SSL_CONNECTING
+           if (state_ == SSL_CONNECTING) {
++            // Note: timeout is set inside ContinueSSL()
+             ContinueSSL();
++          } else if (state_ == SSL_CONNECTED) {
++            MaybeSetTimeout();
++          } else {
++            RTC_DCHECK_NOTREACHED() << "state_: " << state_;
+           }
+         } else {
+-          RTC_DCHECK_NOTREACHED();
++          RTC_DCHECK_NOTREACHED() << "flag->alive() == false";
+         }
+         // This callback will never run again (stopped above).
+         return TimeDelta::PlusInfinity();
+@@ -970,6 +975,12 @@ int OpenSSLStreamAdapter::ContinueSSL() {
+     }
+   }
+ 
++  MaybeSetTimeout();
++
++  return 0;
++}
++
++void OpenSSLStreamAdapter::MaybeSetTimeout() {
+   if (ssl_ != nullptr) {
+     struct timeval timeout;
+     if (DTLSv1_get_timeout(ssl_, &timeout)) {
+@@ -977,8 +988,6 @@ int OpenSSLStreamAdapter::ContinueSSL() {
+       SetTimeout(delay);
+     }
+   }
+-
+-  return 0;
+ }
+ 
+ void OpenSSLStreamAdapter::Error(absl::string_view context,
+diff --git a/rtc_base/openssl_stream_adapter.h b/rtc_base/openssl_stream_adapter.h
+index 856d37c156..c10e93e3d4 100644
+--- a/rtc_base/openssl_stream_adapter.h
++++ b/rtc_base/openssl_stream_adapter.h
+@@ -210,6 +210,8 @@ class OpenSSLStreamAdapter final : public SSLStreamAdapter {
+            !peer_certificate_digest_value_.empty();
+   }
+ 
++  void MaybeSetTimeout();
++
+   const std::unique_ptr<StreamInterface> stream_;
+   absl::AnyInvocable<void(SSLHandshakeError)> handshake_error_;
+