Pier Angelo Vendrame pushed to branch tor-browser-115.0b5-13.0-1 at The Tor Project / Applications / Tor Browser Commits: 796625a7 by Richard Pospesel at 2023-06-14T09:46:55+02:00 Bug 41649: Create rebase and security backport gitlab issue templates - - - - - f4c1bd50 by Richard Pospesel at 2023-06-14T09:46:56+02:00 Bug 41089: Add tor-browser build scripts + Makefile to tor-browser - - - - - 77c88ccb by Pier Angelo Vendrame at 2023-06-14T09:46:57+02:00 fixup! Bug 41089: Add tor-browser build scripts + Makefile to tor-browser Added bridges.js to .eslintignore - - - - - 7d3d1898 by Kathy Brade at 2023-06-14T09:46:57+02:00 Bug 11641: Disable remoting by default. Unless the -osint command line flag is used, the browser now defaults to the equivalent of -no-remote. There is a new -allow-remote flag that may be used to restore the original (Firefox-like) default behavior. - - - - - 9b44e71d by Mike Perry at 2023-06-14T09:46:58+02:00 Bug 2176: Rebrand Firefox to TorBrowser See also Bugs #5194, #7187, #8115, #8219. This patch does some basic renaming of Firefox to TorBrowser. The rest of the branding is done by images and icons. Also fix bug 27905. Bug 25702: Update Tor Browser icon to follow design guidelines - Updated all of the branding in /browser/branding/official with new 'stable' icon series. - Updated /extensions/onboarding/content/img/tor-watermark.png with new icon and add the source svg in the same directory - Copied /browser/branding/official over /browser/branding/nightly and the new /browser/branding/alpha directories. Replaced content with 'nightly' and 'alpha' icon series. Updated VisualElements_70.png and VisualElements_150.png with updated icons in each branding directory (fixes #22654) - Updated firefox.VisualElementsManfiest.xml with updated colors in each branding directory - Added firefox.svg to each branding directory from which all the other icons are derived (apart from document.icns and document.ico) - Added default256.png and default512.png icons - Updated aboutTBUpdate.css to point to branding-aware icon128.png and removed original icon - Use the Tor Browser icon within devtools/client/themes/images/. Bug 30631: Blurry Tor Browser icon on macOS app switcher It would seem the png2icns tool does not generate correct icns files and so on macOS the larger icons were missing resulting in blurry icons in the OS chrome. Regenerated the padded icons in a macOS VM using iconutil. Bug 28196: preparations for using torbutton tor-browser-brand.ftl A small change to Fluent FileSource class is required so that we can register a new source without its supported locales being counted as available locales for the browser. Bug 31803: Replaced about:debugging logo with flat version Bug 21724: Make Firefox and Tor Browser distinct macOS apps When macOS opens a document or selects a default browser, it sometimes uses the CFBundleSignature. Changing from the Firefox MOZB signature to a different signature TORB allows macOS to distinguish between Firefox and Tor Browser. Bug 32092: Fix Tor Browser Support link in preferences For bug 40562, we moved onionPattern* from bug 27476 to here, as about:tor needs these files but it is included earlier. Bug 41278: Create Tor Browser styled pdf logo similar to the vanilla Firefox one - - - - - b51150af by Pier Angelo Vendrame at 2023-06-14T09:46:58+02:00 fixup! Bug 2176: Rebrand Firefox to TorBrowser Bug 41749: Replace the onion-glyph with dedicated icon for onion services - - - - - bff0ab96 by Pier Angelo Vendrame at 2023-06-14T09:46:59+02:00 fixup! Bug 2176: Rebrand Firefox to TorBrowser Added placeholders for new PBM assets needed on Windows - - - - - 7153bf50 by sanketh at 2023-06-14T09:46:59+02:00 Bug 40209: Implement Basic Crypto Safety Adds a CryptoSafety actor which detects when you've copied a crypto address from a HTTP webpage and shows a warning. Closes #40209. Bug 40428: Fix string attribute names - - - - - 58c358a8 by Mike Perry at 2023-06-14T09:47:00+02:00 TB3: Tor Browser's official .mozconfigs. Also: Add an --enable-tor-browser-data-outside-app-dir configure option Add --with-tor-browser-version configure option Bug 31457: disable per-installation profiles The dedicated profiles (per-installation) feature does not interact well with our bundled profiles on Linux and Windows, and it also causes multiple profiles to be created on macOS under TorBrowser-Data. Bug 31935: Disable profile downgrade protection. Since Tor Browser does not support more than one profile, disable the prompt and associated code that offers to create one when a version downgrade situation is detected. Add --enable-tor-browser-update build option Bug 40793: moved Tor configuration options from old-configure.in to moz.configure Bug 41584: Move some configuration options to base-browser level - - - - - 82cffe4c by Henry Wilkes at 2023-06-14T09:47:00+02:00 Bug 41340: Enable TOR_BROWSER_NIGHTLY_BUILD features for dev and nightly builds tor-browser#41285: Enable fluent warnings. - - - - - c92e7608 by Pier Angelo Vendrame at 2023-06-14T09:47:00+02:00 Bug 40562: Added Tor Browser preferences to 000-tor-browser.js Before reordering patches, we used to keep the Tor-related patches (torbutton and tor-launcher) at the beginning. After that issue, we decided to move them towards the end. In addition to that, we have decided to move Tor Browser-only preferences there, too, to make Base Browser-only fixups easier to apply. - - - - - 1891c4f4 by Pier Angelo Vendrame at 2023-06-14T09:47:01+02:00 fixup! Bug 40562: Added Tor Browser preferences to 000-tor-browser.js Moved from the Firefox preferences override commit. To remove from Base Browser and move to Tor Browser only. - - - - - 98da7d5a by Pier Angelo Vendrame at 2023-06-14T09:47:01+02:00 fixup! Bug 40562: Added Tor Browser preferences to 000-tor-browser.js Ignore 000-tor-browser.js during linting - - - - - ed3367e6 by Pier Angelo Vendrame at 2023-06-14T09:47:02+02:00 Bug 13252: Customize profile management on macOS On macOS we allow both portable mode and system installation. However, in the latter case, we customize Firefox's directories to match the hierarchy we use for the portable mode. Also, display an informative error message if the TorBrowser-Data directory cannot be created due to an "access denied" or a "read only volume" error. - - - - - ecf1f3b0 by Pier Angelo Vendrame at 2023-06-14T09:47:02+02:00 Bug 40933: Add tor-launcher functionality - - - - - 513ad9dc by Pier Angelo Vendrame at 2023-06-14T09:47:03+02:00 fixup! Bug 40933: Add tor-launcher functionality Switched to lazy. - - - - - f9c68576 by Richard Pospesel at 2023-06-14T09:47:03+02:00 Bug 40597: Implement TorSettings module - migrated in-page settings read/write implementation from about:preferences#tor to the TorSettings module - TorSettings initially loads settings from the tor daemon, and saves them to firefox prefs - TorSettings notifies observers when a setting has changed; currently only QuickStart notification is implemented for parity with previous preference notify logic in about:torconnect and about:preferences#tor - about:preferences#tor, and about:torconnect now read and write settings thorugh the TorSettings module - all tor settings live in the torbrowser.settings.* preference branch - removed unused pref modify permission for about:torconnect content page from AsyncPrefs.jsm Bug 40645: Migrate Moat APIs to Moat.jsm module - - - - - 013594d7 by Henry Wilkes at 2023-06-14T09:47:03+02:00 fixup! Bug 40597: Implement TorSettings module Bug 41608 - Ignore tor connection errors when tor connection is cancelled by the user. This can happen if the bootstrap process is cancelled late in the process. Also remove unused cancelAutoBootstrapping. - - - - - 3009a246 by Pier Angelo Vendrame at 2023-06-14T09:47:04+02:00 fixup! Bug 40597: Implement TorSettings module Bug 41801: Fix handleProcessReady in TorSettings.init - - - - - 9ea54081 by Alex Catarineu at 2023-06-14T09:47:04+02:00 Bug 10760: Integrate TorButton to TorBrowser core Because of the non-restartless nature of Torbutton, it required a two-stage installation process. On mobile, it was a problem, because it was not loading when the user opened the browser for the first time. Moving it to tor-browser and making it a system extension allows it to load when the user opens the browser for first time. Additionally, this patch also fixes Bug 27611. Bug 26321: New Circuit and New Identity menu items Bug 14392: Make about:tor behave like other initial pages. Bug 25013: Add torbutton as a tor-browser submodule Bug 31575: Replace Firefox Home (newtab) with about:tor - - - - - 2d2e48c8 by Pier Angelo Vendrame at 2023-06-14T09:47:05+02:00 fixup! Bug 10760: Integrate TorButton to TorBrowser core Linted - - - - - 17bf3f82 by hackademix at 2023-06-14T09:47:05+02:00 Bug 8324: Prevent DNS proxy bypasses caused by Drag&Drop Bug 41613: Skip Drang & Drop filtering for DNS-safe URLs - - - - - 25424be7 by Henry Wilkes at 2023-06-14T09:47:06+02:00 Bug 41600: Add a tor circuit display panel. - - - - - 7371f696 by Pier Angelo Vendrame at 2023-06-14T09:47:06+02:00 fixup! Bug 41600: Add a tor circuit display panel. Linted - - - - - 6d02111a by Henry Wilkes at 2023-06-14T09:47:07+02:00 fixup! Bug 41600: Add a tor circuit display panel. Bug 41770 - Stop blocking event propagation of keydown events that we do not handle. This lets the arrow key events pass on to ToolbarKeyboardNavigator. - - - - - b847018d by Amogh Pradeep at 2023-06-14T09:47:07+02:00 Orfox: Centralized proxy applied to AbstractCommunicator and BaseResources. See Bug 1357997 for partial uplift. Also: Bug 28051 - Use our Orbot for proxying our connections Bug 31144 - ESR68 Network Code Review - - - - - 0ba6a113 by Matthew Finkel at 2023-06-14T09:47:07+02:00 Bug 25741: TBA: Disable GeckoNetworkManager The browser should not need information related to the network interface or network state, tor should take care of that. - - - - - 5e5073f3 by Alex Catarineu at 2023-06-14T09:47:08+02:00 Add TorStrings module for localization - - - - - e50c1131 by Henry Wilkes at 2023-06-14T09:47:08+02:00 fixup! Add TorStrings module for localization Bug 41608 - Add new connection status strings. - - - - - 896efd81 by Kathy Brade at 2023-06-14T09:47:09+02:00 Bug 14631: Improve profile access error messages. Instead of always reporting that the profile is locked, display specific messages for "access denied" and "read-only file system". To allow for localization, get profile-related error strings from Torbutton. Use app display name ("Tor Browser") in profile-related error alerts. - - - - - 9e2a9670 by Pier Angelo Vendrame at 2023-06-14T09:47:09+02:00 Bug 40807: Added QRCode.js to toolkit/modules - - - - - bd394039 by Richard Pospesel at 2023-06-14T09:47:10+02:00 Bug 31286: Implementation of bridge, proxy, and firewall settings in about:preferences#connection This patch adds a new about:preferences#connection page which allows modifying bridge, proxy, and firewall settings from within Tor Browser. All of the functionality present in tor-launcher's Network Configuration panel is present: - Setting built-in bridges - Requesting bridges from BridgeDB via moat - Using user-provided bridges - Configuring SOCKS4, SOCKS5, and HTTP/HTTPS proxies - Setting firewall ports - Viewing and Copying Tor's logs - The Networking Settings in General preferences has been removed Bug 40774: Update about:preferences page to match new UI designs - - - - - 4194a32a by Pier Angelo Vendrame at 2023-06-14T09:47:10+02:00 fixup! Bug 31286: Implementation of bridge, proxy, and firewall settings in about:preferences#connection Linted - - - - - 29d3d7c0 by Henry Wilkes at 2023-06-14T09:47:10+02:00 fixup! Bug 31286: Implementation of bridge, proxy, and firewall settings in about:preferences#connection Bug 41608 - Use the torconnect icon for the onion slash. - - - - - 3ed482b9 by Richard Pospesel at 2023-06-14T09:47:13+02:00 Bug 27476: Implement about:torconnect captive portal within Tor Browser - implements new about:torconnect page as tor-launcher replacement - adds tor connection status to url bar and tweaks UX when not online - adds new torconnect component to browser - tor process management functionality remains implemented in tor-launcher through the TorProtocolService module - adds warning/error box to about:preferences#tor when not connected to tor - explicitly allows about:torconnect URIs to ignore Resist Fingerprinting (RFP) - various tweaks to info-pages.inc.css for about:torconnect (also affects other firefox info pages) Bug 40773: Update the about:torconnect frontend page to match additional UI flows - - - - - ca65448f by Pier Angelo Vendrame at 2023-06-14T09:47:13+02:00 fixup! Bug 27476: Implement about:torconnect captive portal within Tor Browser Linted - - - - - ca5c0735 by Henry Wilkes at 2023-06-14T09:47:14+02:00 amend! Bug 27476: Implement about:torconnect captive portal within Tor Browser Bug 27476: Implement about:torconnect captive portal within Tor Browser - implements new about:torconnect page as tor-launcher replacement - adds new torconnect component to browser - tor process management functionality remains implemented in tor-launcher through the TorProtocolService module - adds warning/error box to about:preferences#tor when not connected to tor Bug 40773: Update the about:torconnect frontend page to match additional UI flows. Bug 41608: Add a toolbar status button and a urlbar "Connect" button. - - - - - 8169138c by Henry Wilkes at 2023-06-14T09:47:14+02:00 fixup! Bug 27476: Implement about:torconnect captive portal within Tor Browser Bug 41608 and 41526 - Use KeyboardEvent.repeat to block triggering newly focused buttons in about:torconnect. The approach in tor-browser!607 prevented this by waiting for keyup, but keyup could still be triggered by a key event initialized elsewhere. E.g. when pressing Enter to close a modal dialog, the Enter's keyup event would be sent to the about:torconnect page and trigger the focused button. - - - - - 092e6036 by Arthur Edelstein at 2023-06-14T09:47:15+02:00 Bug 12620: TorBrowser regression tests Regression tests for Bug #2950: Make Permissions Manager memory-only Regression tests for TB4: Tor Browser's Firefox preference overrides. Note: many more functional tests could be made here Regression tests for #2874: Block Components.interfaces from content Bug 18923: Add a script to run all Tor Browser specific tests Regression tests for Bug #16441: Suppress "Reset Tor Browser" prompt. - - - - - 16c56865 by Pier Angelo Vendrame at 2023-06-14T09:47:15+02:00 Bug 41668: Tweaks to the Base Browser updater for Tor Browser This commit was once part of "Bug 4234: Use the Firefox Update Process for Tor Browser.". However, some parts of it were not needed for Base Browser and some derivative browsers. Therefore, we extracted from that commit the parts for Tor Browser legacy, and we add them back to the patch set with this commit. - - - - - 38d9b4e8 by Pier Angelo Vendrame at 2023-06-14T09:47:16+02:00 fixup! Bug 41668: Tweaks to the Base Browser updater for Tor Browser Bug 41776: Keep shipping the old fontconfig file until users have one - - - - - 868eb3c9 by Pier Angelo Vendrame at 2023-06-14T09:47:16+02:00 fixup! Bug 41668: Tweaks to the Base Browser updater for Tor Browser Bug 41776 (fix): Added some missing lines to the previous patch - - - - - adbe3db7 by Pier Angelo Vendrame at 2023-06-14T09:47:16+02:00 fixup! Bug 41668: Tweaks to the Base Browser updater for Tor Browser Add back variables removed from the Base Browser part of the rebase. - - - - - 0ab5f27f by Kathy Brade at 2023-06-14T09:47:17+02:00 Bug 12647: Support symlinks in the updater. - - - - - 92cffda5 by Kathy Brade at 2023-06-14T09:47:17+02:00 Bug 19121: reinstate the update.xml hash check This is a partial revert of commit f1241db6986e4b54473a1ed870f7584c75d51122. Revert most changes from Mozilla Bug 862173 "don't verify mar file hash when using mar signing to verify the mar file (lessens main thread I/O)." We kept the addition to the AppConstants API in case other JS code references it in the future. - - - - - 47a01248 by Kathy Brade at 2023-06-14T09:47:18+02:00 Bug 16940: After update, load local change notes. Add an about:tbupdate page that displays the first section from TorBrowser/Docs/ChangeLog.txt and includes a link to the remote post-update page (typically our blog entry for the release). Always load about:tbupdate in a content process, but implement the code that reads the file system (changelog) in the chrome process for compatibility with future sandboxing efforts. Also fix bug 29440. Now about:tbupdate is styled as a fairly simple changelog page that is designed to be displayed via a link that is on about:tor. - - - - - 07c55aa6 by Pier Angelo Vendrame at 2023-06-14T09:47:18+02:00 fixup! Bug 16940: After update, load local change notes. Define the remote capabilities of about:tbupdate in the correct commit. - - - - - 0d642de1 by Georg Koppen at 2023-06-14T09:47:19+02:00 Bug 32658: Create a new MAR signing key It's time for our rotation again: Move the backup key in the front position and add a new backup key. Bug 33803: Move our primary nightly MAR signing key to tor-browser Bug 33803: Add a secondary nightly MAR signing key - - - - - 6265e136 by Mike Perry at 2023-06-14T09:47:19+02:00 Omnibox: Add DDG, Startpage, Disconnect, Youtube, Twitter; remove Amazon, eBay, bing eBay and Amazon don't treat Tor users very well. Accounts often get locked and payments reversed. Also: Bug 16322: Update DuckDuckGo search engine We are replacing the clearnet URL with an onion service one (thanks to a patch by a cypherpunk) and are removing the duplicated DDG search engine. Duplicating DDG happend due to bug 1061736 where Mozilla included DDG itself into Firefox. Interestingly, this caused breaking the DDG search if JavaScript is disabled as the Mozilla engine, which gets loaded earlier, does not use the html version of the search page. Moreover, the Mozilla engine tracked where the users were searching from by adding a respective parameter to the search query. We got rid of that feature as well. Also: This fixes bug 20809: the DuckDuckGo team has changed its server-side code in a way that lets users with JavaScript enabled use the default landing page while those without JavaScript available get redirected directly to the non-JS page. We adapt the search engine URLs accordingly. Also fixes bug 29798 by making sure we only specify the Google search engine we actually ship an .xml file for. Also regression tests. squash! Omnibox: Add DDG, Startpage, Disconnect, Youtube, Twitter; remove Amazon, eBay, bing Bug 40494: Update Startpage search provider squash! Omnibox: Add DDG, Startpage, Disconnect, Youtube, Twitter; remove Amazon, eBay, bing Bug 40438: Add Blockchair as a search engine Bug 33342: Avoid disconnect search addon error after removal. We removed the addon in #32767, but it was still being loaded from addonStartup.json.lz4 and throwing an error on startup because its resource: location is not available anymore. - - - - - 4b849a9c by Pier Angelo Vendrame at 2023-06-14T09:47:20+02:00 fixup! Omnibox: Add DDG, Startpage, Disconnect, Youtube, Twitter; remove Amazon, eBay, bing Use the upstream DDG icon - - - - - 00da3619 by Alex Catarineu at 2023-06-14T09:47:20+02:00 Bug 40073: Disable remote Public Suffix List fetching In https://bugzilla.mozilla.org/show_bug.cgi?id=1563246 Firefox implemented fetching the Public Suffix List via RemoteSettings and replacing the default one at runtime, which we do not want. - - - - - 9c5130ab by Richard Pospesel at 2023-06-14T09:47:20+02:00 Bug 23247: Communicating security expectations for .onion Encrypting pages hosted on Onion Services with SSL/TLS is redundant (in terms of hiding content) as all traffic within the Tor network is already fully encrypted. Therefore, serving HTTP pages from an Onion Service is more or less fine. Prior to this patch, Tor Browser would mostly treat pages delivered via Onion Services as well as pages delivered in the ordinary fashion over the internet in the same way. This created some inconsistencies in behaviour and misinformation presented to the user relating to the security of pages delivered via Onion Services: - HTTP Onion Service pages did not have any 'lock' icon indicating the site was secure - HTTP Onion Service pages would be marked as unencrypted in the Page Info screen - Mixed-mode content restrictions did not apply to HTTP Onion Service pages embedding Non-Onion HTTP content This patch fixes the above issues, and also adds several new 'Onion' icons to the mix to indicate all of the various permutations of Onion Services hosted HTTP or HTTPS pages with HTTP or HTTPS content. Strings for Onion Service Page Info page are pulled from Torbutton's localization strings. - - - - - d2e8767b by Pier Angelo Vendrame at 2023-06-14T09:47:21+02:00 fixup! Bug 23247: Communicating security expectations for .onion Reimplement the self-signed onion logic - - - - - d97eee90 by cypherpunks1 at 2023-06-14T09:47:21+02:00 fixup! Bug 23247: Communicating security expectations for .onion Bug 33298: Warn when submitting form data from http onion sites over an insecure connection - - - - - db9bf091 by cypherpunks1 at 2023-06-14T09:47:22+02:00 fixup! Bug 23247: Communicating security expectations for .onion Bug 41785: Show http onion resources as secure in network monitor - - - - - 91f9a4b9 by Kathy Brade at 2023-06-16T10:44:36+02:00 Bug 30237: Add v3 onion services client authentication prompt When Tor informs the browser that client authentication is needed, temporarily load about:blank instead of about:neterror and prompt for the user's key. If a correctly formatted key is entered, use Tor's ONION_CLIENT_AUTH_ADD control port command to add the key (via Torbutton's control port module) and reload the page. If the user cancels the prompt, display the standard about:neterror "Unable to connect" page. This requires a small change to browser/actors/NetErrorChild.jsm to account for the fact that the docShell no longer has the failedChannel information. The failedChannel is used to extract TLS-related error info, which is not applicable in the case of a canceled .onion authentication prompt. Add a leaveOpen option to PopupNotifications.show so we can display error messages within the popup notification doorhanger without closing the prompt. Add support for onion services strings to the TorStrings module. Add support for Tor extended SOCKS errors (Tor proposal 304) to the socket transport and SOCKS layers. Improved display of all of these errors will be implemented as part of bug 30025. Also fixes bug 19757: Add a "Remember this key" checkbox to the client auth prompt. Add an "Onion Services Authentication" section within the about:preferences "Privacy & Security section" to allow viewing and removal of v3 onion client auth keys that have been stored on disk. Also fixes bug 19251: use enhanced error pages for onion service errors. - - - - - 2d7199aa by Pier Angelo Vendrame at 2023-06-16T10:44:55+02:00 fixup! Bug 30237: Add v3 onion services client authentication prompt Linted - - - - - 59d9dcd3 by Alex Catarineu at 2023-06-16T10:44:55+02:00 Bug 21952: Implement Onion-Location Whenever a valid Onion-Location HTTP header (or corresponding HTML <meta> http-equiv attribute) is found in a document load, we either redirect to it (if the user opted-in via preference) or notify the presence of an onionsite alternative with a badge in the urlbar. - - - - - c2b796f4 by Henry Wilkes at 2023-06-16T10:44:56+02:00 fixup! Bug 21952: Implement Onion-Location Bug 41608 - Use the same styling for ".onion available" urlbar button as the tor-connect-urlbar-button. This also stops the button from overflowing its container like before. Also move to after the bookmark button. - - - - - 3517b09d by Pier Angelo Vendrame at 2023-06-16T10:44:56+02:00 Bug 40458: Implement .tor.onion aliases We have enabled HTTPS-Only mode, therefore we do not need HTTPS-Everywhere anymore. However, we want to keep supporting .tor.onion aliases (especially for securedrop). Therefore, in this patch we implemented the parsing of HTTPS-Everywhere rulesets, and the redirect of .tor.onion domains. Actually, Tor Browser believes they are actual domains. We change them on the fly on the SOCKS proxy requests to resolve the domain, and on the code that verifies HTTPS certificates. - - - - - 10bc857c by Pier Angelo Vendrame at 2023-06-16T10:44:57+02:00 fixup! Bug 40458: Implement .tor.onion aliases Lint - - - - - 51857f1d by Pier Angelo Vendrame at 2023-06-16T10:44:57+02:00 Bug 11698: Incorporate Tor Browser Manual pages into Tor Browser This patch associates the about:manual page to a translated page that must be injected to browser/omni.ja after the build. The content must be placed in chrome/browser/content/browser/manual/, so that is then available at chrome://browser/content/manual/. We preferred giving absolute freedom to the web team, rather than having to change the patch in case of changes on the documentation. - - - - - 7cf754ce by Pier Angelo Vendrame at 2023-06-16T10:44:57+02:00 Bug 41435: Add a Tor Browser migration function For now this function only deletes old language packs for which we are already packaging the strings with the application. - - - - - 78367b68 by Dan Ballard at 2023-06-16T10:44:58+02:00 Bug 40701: Add in pane security warning when downloading a file - - - - - f18d29f7 by Henry Wilkes at 2023-06-16T10:44:58+02:00 Bug 41736: Customize toolbar for tor-browser. - - - - - d84340d8 by hackademix at 2023-06-16T10:45:00+02:00 Bug 41728: Pin bridges.torproject.org domains to Let's Encrypt's root cert public key - - - - - 803088de by Henry Wilkes at 2023-06-16T10:45:01+02:00 Bug 41803: Add some developer tools for working on tor-browser. - - - - - e79a74e7 by Dan Ballard at 2023-06-16T10:45:01+02:00 amend! Bug 40701: Add in pane security warning when downloading a file Bug 40701: Add security warning when downloading a file Shown in the downloads panel, about:downloads and places.xhtml. - - - - - 82d5fdc7 by Pier Angelo Vendrame at 2023-06-16T10:45:02+02:00 fixup! Bug 31286: Implementation of bridge, proxy, and firewall settings in about:preferences#connection Bug 40552: Improve the description of the modal to provide a bridge manually. - - - - - 205a107c by Pier Angelo Vendrame at 2023-06-16T10:45:02+02:00 fixup! Add TorStrings module for localization Bug 40552: New texts for the add a bridge manually modal - - - - - 53ec47f0 by cypherpunks1 at 2023-06-16T10:45:02+02:00 fixup! Bug 8324: Prevent DNS proxy bypasses caused by Drag&Drop Bug 41792: Allow dragging downloads from about:downloads and the download panel - - - - - cf1574c9 by Pier Angelo Vendrame at 2023-06-16T10:45:03+02:00 fixup! Bug 31286: Implementation of bridge, proxy, and firewall settings in about:preferences#connection Bug 41802: Improve the regex on parseBridgeLine The previous version of the regex took for granted the bridge fingerprint was always available, but it is actually optional. So, parsing some bridge lines (e.g., Conjure) failed, and vanilla bridge was displayed instead of the actual transport. - - - - - 9846bb41 by Dan Ballard at 2023-06-16T10:45:03+02:00 fixup! Bug 27476: Implement about:torconnect captive portal within Tor Browser Bug 41623: Update connection assist's iconography - - - - - 49af0f51 by Dan Ballard at 2023-06-16T10:45:04+02:00 fixup! Bug 31286: Implementation of bridge, proxy, and firewall settings in about:preferences#connection Bug 41623: Update connection assist's iconography - - - - - d3bfbadc by Dan Ballard at 2023-06-16T10:45:04+02:00 fixup! fixup! Bug 27476: Implement about:torconnect captive portal within Tor Browser Bug 41623: Update connection assist's iconography - - - - - ab7c1583 by Henry Wilkes at 2023-06-16T10:45:04+02:00 fixup! Bug 31286: Implementation of bridge, proxy, and firewall settings in about:preferences#connection Bug 41734 - Add a connected label to the built-in bridge dialog. - - - - - e76daef3 by Henry Wilkes at 2023-06-16T10:45:05+02:00 fixup! Add TorStrings module for localization Bug 41734 - Add a connected label to the built-in bridge dialog. - - - - - e1786cb9 by Pier Angelo Vendrame at 2023-06-16T10:45:05+02:00 fixup! Bug 27476: Implement about:torconnect captive portal within Tor Browser Bug 41815: Wrong connect icons Swapped a couple of icons in about:torconnect, and split the offline CSS class from the connection assist/final error, since they now need a different icon. Also, removed the stroke property, since the new icons do not need it. - - - - - f9c4f924 by Pier Angelo Vendrame at 2023-06-16T10:45:06+02:00 fixup! Bug 27476: Implement about:torconnect captive portal within Tor Browser Bug 41816: Workaround to fix the top navigation Using the top navigation does not always work as expected, because we pass a null connection state, instead of the actual state. We could start storing the state as a member, however further refactors are planned (see tor-browser#41710), so also directly asking the parent for the current state works as a quick&dirty workaround. - - - - - 23f711b3 by Henry Wilkes at 2023-06-16T10:45:06+02:00 fixup! Bug 31286: Implementation of bridge, proxy, and firewall settings in about:preferences#connection Bug 41618 - Remove connect bar, and swap internet and connection icons in tor connection preferences. - - - - - a3e9d638 by Henry Wilkes at 2023-06-16T10:45:07+02:00 fixup! Add TorStrings module for localization Bug 41618 - Remove connect bar, and swap internet and connection icons in tor connection preferences. - - - - - 32da309f by Henry Wilkes at 2023-06-16T10:45:07+02:00 fixup! Bug 27476: Implement about:torconnect captive portal within Tor Browser Bug 41726 - Animate the connection icon. - - - - - f2022f24 by Henry Wilkes at 2023-06-16T10:45:07+02:00 fixup! Bug 31286: Implementation of bridge, proxy, and firewall settings in about:preferences#connection Bug 41810 - Add "Connect" button instead of the "Submit" and "OK" button in the bridge request dialog and the manual bridge dialog, respectively. - - - - - 4164e088 by Dan Ballard at 2023-06-16T10:45:08+02:00 fixup! fixup! Bug 2176: Rebrand Firefox to TorBrowser Bug 41809: restore onion glyph in locations outside location bar - - - - - fa2b3adc by Dan Ballard at 2023-06-16T10:45:08+02:00 fixup! Bug 23247: Communicating security expectations for .onion Bug 41809: restore onion glyph in locations outside location bar - - - - - 51b913b3 by Dan Ballard at 2023-06-16T10:45:09+02:00 fixup! Bug 31286: Implementation of bridge, proxy, and firewall settings in about:preferences#connection Bug 41809: restore onion glyph in locations outside location bar - - - - - e5e275da by Pier Angelo Vendrame at 2023-06-16T10:45:09+02:00 fixup! Add TorStrings module for localization Bug 41818: Remove YEC 2022 strings - - - - - 5dae43f0 by Pier Angelo Vendrame at 2023-06-16T10:45:10+02:00 fixup! Bug 40933: Add tor-launcher functionality Added a newnym function - - - - - 306fdd9b by Pier Angelo Vendrame at 2023-06-16T10:45:10+02:00 fixup! Bug 10760: Integrate TorButton to TorBrowser core Bug 40938: Moving the domain isolator out of torbutton - - - - - 71bf4be8 by Arthur Edelstein at 2023-06-16T10:45:10+02:00 Bug 3455: Add DomainIsolator, for isolating circuit by domain. Add an XPCOM component that registers a ProtocolProxyChannelFilter which sets the username/password for each web request according to url bar domain. Bug 9442: Add New Circuit button Bug 13766: Set a 10 minute circuit dirty timeout for the catch-all circ. Bug 19206: Include a 128 bit random tag as part of the domain isolator nonce. Bug 19206: Clear out the domain isolator state on `New Identity`. Bug 21201.2: Isolate by firstPartyDomain from OriginAttributes Bug 21745: Fix handling of catch-all circuit Bug 41741: Refactor the domain isolator and new circuit - - - - - da71d1c4 by Pier Angelo Vendrame at 2023-06-16T10:45:11+02:00 fixup! Bug 3455: Add DomainIsolator, for isolating circuit by domain. Refactors to the old JS code. - - - - - aec9a9f9 by Pier Angelo Vendrame at 2023-06-16T10:45:11+02:00 fixup! Bug 3455: Add DomainIsolator, for isolating circuit by domain. Manage NEWNYM here. - - - - - 0db0a8c5 by Pier Angelo Vendrame at 2023-06-16T10:45:12+02:00 fixup! Bug 3455: Add DomainIsolator, for isolating circuit by domain. Removed the XPCOM definition of the domain isolator. - - - - - 16c3c029 by Pier Angelo Vendrame at 2023-06-16T10:45:12+02:00 fixup! Bug 10760: Integrate TorButton to TorBrowser core Extract the new identity button from torbutton - - - - - d39f5d21 by Pier Angelo Vendrame at 2023-06-16T10:45:13+02:00 fixup! Bug 3455: Add DomainIsolator, for isolating circuit by domain. Actually added the new circuit button. - - - - - c15468c4 by Pier Angelo Vendrame at 2023-06-16T10:45:13+02:00 fixup! Bug 41600: Add a tor circuit display panel. Use the new domain isolator interface. - - - - - 97f55730 by Pier Angelo Vendrame at 2023-06-16T10:45:13+02:00 fixup! Bug 40209: Implement Basic Crypto Safety Use the new domain isolator interface - - - - - d60adf11 by Pier Angelo Vendrame at 2023-06-16T10:45:14+02:00 fixup! Bug 10760: Integrate TorButton to TorBrowser core Remove string changes from Torbutton. We will add them back in the TorStrings commit. - - - - - 92606de9 by Pier Angelo Vendrame at 2023-06-16T10:45:14+02:00 fixup! Add TorStrings module for localization Add our DTDs where needed. These changes were originally in the torbutton commit, but I think they are better fit here, with all the strings files. - - - - - b26e881a by Henry Wilkes at 2023-06-16T10:45:15+02:00 fixup! Bug 27476: Implement about:torconnect captive portal within Tor Browser Bug 41836: Rename deinit to uninit. - - - - - 2c13c604 by Pier Angelo Vendrame at 2023-06-16T10:45:18+02:00 fixup! Bug 21952: Implement Onion-Location Bug 41841: Use the new onion-site.svg icon in the onion-location pill - - - - - 755a45e9 by cypherpunks1 at 2023-06-16T10:45:18+02:00 fixup! Bug 40925: Implemented the Security Level component Bug 26277: Skip the redirection page when searching with DuckDuckGo on the safest security level - - - - - 3e0e1f21 by Henry Wilkes at 2023-06-16T10:45:18+02:00 fixup! Bug 27476: Implement about:torconnect captive portal within Tor Browser Bug 41826 - Tweak tor connect status styling in titlebar and connection preferences. - - - - - c94b0be0 by Henry Wilkes at 2023-06-16T10:45:19+02:00 fixup! Bug 31286: Implementation of bridge, proxy, and firewall settings in about:preferences#connection Bug 41826 - Tweak tor connect status styling in titlebar and connection preferences. - - - - - 960c8921 by Henry Wilkes at 2023-06-16T10:45:19+02:00 fixup! Bug 31286: Implementation of bridge, proxy, and firewall settings in about:preferences#connection Bug 41848 - Consistently disable the accept/connect button in the bridge dialogs until the user gives some input. - - - - - c1e03343 by Henry Wilkes at 2023-06-16T10:45:20+02:00 fixup! Bug 31286: Implementation of bridge, proxy, and firewall settings in about:preferences#connection Bug 41849: Use the firefox check.svg since we removed our own equivalent check.svg in tor-browser!663. - - - - - ac853a1a by Henry Wilkes at 2023-06-16T10:45:20+02:00 fixup! Bug 27476: Implement about:torconnect captive portal within Tor Browser Bug 41850: Don't show tor connection animation for new windows. - - - - - c149eeff by Richard Pospesel at 2023-06-16T10:45:21+02:00 fixup! Bug 41649: Create rebase and security backport gitlab issue templates - made formatting consistent between each template - updated the directions around the base-browser rebase to better reflect how we *actually* do it with regards to only rarely needing to rebase base-browser seperately - fixed a few typos and incorrect git cherry-pick examples - moved signing and tagging to their own section in the rebase templates - changed instances of 'origin' to 'upstream' to be consistent with github/gitlab documentation - added firefox-android section and marked android-components and fenix sections as optional for esr102 only so we don't have to urently fix this once we swithc to esr115 - - - - - 9f785f3b by Richard Pospesel at 2023-06-16T10:45:21+02:00 fixup! Adding issue and merge request templates - removed exta unneeded dashes - updated Backporting section to better match our desired process going forward: - discourage requests for backport to stable - provide justification for backport request from list proposed at last Tor meeting - added 'consistency' justification for patches/changes which can be difficult to context switch between but don't affect the final build output - added explicit merge destination selection - - - - - 5d07962c by Henry Wilkes at 2023-06-20T18:10:41+02:00 fixup! Bug 41600: Add a tor circuit display panel. Bug 41851: Keep circuit panel open when requesting a new circuit. - - - - - df1b9b74 by Dan Ballard at 2023-06-26T21:03:21+02:00 fixup! TB3: Tor Browser's official .mozconfigs. Bug 41828: Remove --with-tor-browser-version from tor-browser-android mozconfig - - - - - d34475cd by Pier Angelo Vendrame at 2023-06-26T21:03:21+02:00 Unpublished commits start here After here are only commits that were added to make 115 work. So, they don't have a counterpart in 102.xx.0esr-13.0. - - - - - 1ad5807c by Pier Angelo Vendrame at 2023-06-26T21:03:22+02:00 fixup! Bug 10760: Integrate TorButton to TorBrowser core Emergency modularization. - - - - - dd526ed0 by Pier Angelo Vendrame at 2023-06-26T21:03:24+02:00 fixup! Bug 8324: Prevent DNS proxy bypasses caused by Drag&Drop Emergency modernization - - - - - 0ac3a905 by Pier Angelo Vendrame at 2023-06-26T21:03:24+02:00 fixup! Bug 10760: Integrate TorButton to TorBrowser core Removed references to global.dtd. - - - - - e187ff83 by Pier Angelo Vendrame at 2023-06-27T14:46:47+02:00 fixup! Bug 16940: After update, load local change notes. Removed global.dtd - - - - - 36f3dae3 by Pier Angelo Vendrame at 2023-06-27T14:46:54+02:00 fixup! Bug 40925: Implemented the Security Level component Improve the patch to skip DDG redirection for 115. - - - - - e15186f2 by Pier Angelo Vendrame at 2023-06-27T14:46:55+02:00 fixup! Bug 8324: Prevent DNS proxy bypasses caused by Drag&Drop Final part of the modernization: switched to an actual module, and moved out of Torbutton! - - - - - e286ad1e by Pier Angelo Vendrame at 2023-06-27T15:51:49+02:00 fixup! Bug 27476: Implement about:torconnect captive portal within Tor Browser Moved the logic of the about:tor redirects before the bootstrap - - - - - d9711f94 by Pier Angelo Vendrame at 2023-06-27T16:00:23+02:00 fixup! Bug 40701: Add in pane security warning when downloading a file Missed a couple of removed lines. - - - - - 30 changed files: - .eslintignore - .gitignore - + .gitlab/issue_templates/Backport Android Security Fixes.md - + .gitlab/issue_templates/Rebase Browser - Alpha.md - + .gitlab/issue_templates/Rebase Browser - Stable.md - .gitlab/merge_request_templates/default.md - + browser/actors/AboutTBUpdateChild.jsm - + browser/actors/AboutTBUpdateParent.jsm - + browser/actors/CryptoSafetyChild.jsm - + browser/actors/CryptoSafetyParent.jsm - browser/actors/moz.build - browser/app/Makefile.in - browser/app/macbuild/Contents/Info.plist.in - + browser/app/profile/000-tor-browser.js - browser/base/content/aboutDialog.xhtml - + browser/base/content/abouttbupdate/aboutTBUpdate.css - + browser/base/content/abouttbupdate/aboutTBUpdate.js - + browser/base/content/abouttbupdate/aboutTBUpdate.xhtml - browser/base/content/appmenu-viewcache.inc.xhtml - + browser/base/content/browser-doctype.inc - browser/base/content/browser-menubar.inc - browser/base/content/browser-sets.inc - browser/base/content/browser-siteIdentity.js - browser/base/content/browser.js - browser/base/content/browser.xhtml - browser/base/content/default-bookmarks.html - browser/base/content/hiddenWindowMac.xhtml - browser/base/content/main-popupset.inc.xhtml - browser/base/content/navigator-toolbox.inc.xhtml - browser/base/content/pageinfo/pageInfo.xhtml The diff was not included because it is too large. View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/compare/4331154... -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/compare/4331154... You're receiving this email because of your account on gitlab.torproject.org.