Pier Angelo Vendrame pushed to branch tor-browser-102.10.0esr-13.0-1 at The Tor Project / Applications / Tor Browser
Commits:
7cf4e447 by Pier Angelo Vendrame at 2023-04-20T20:16:02+02:00
fixup! Bug 41417: Always prompt users to restart after changing language
Bug 41738: Drop the patch to disable live reload
Revert "Bug 41417: Always prompt users to restart after changing language"
This reverts commit bad85a459ea24b34f3c09924c6d2b9f0bc750d88.
- - - - -
4ae88530 by Pier Angelo Vendrame at 2023-04-20T20:16:02+02:00
fixup! Firefox preference overrides.
Bug 41738: Drop the patch to disable live reload and use the pref
- - - - -
1ce930e3 by Henry Wilkes at 2023-04-20T20:03:08+00:00
Bug 41736 - Customize toolbar for base-browser.
- - - - -
d354800c by Henry Wilkes at 2023-04-20T20:03:08+00:00
fixup! Bug 40926: Implemented the New Identity feature
Bug 41736 - Stop setting the browser.uiCustomization.state preference.
- - - - -
adacb2c3 by Henry Wilkes at 2023-04-20T20:03:08+00:00
fixup! Bug 40925: Implemented the Security Level component
Bug 41736 - Stop setting the browser.uiCustomization.state preference.
- - - - -
491718d1 by Henry Wilkes at 2023-04-20T20:03:08+00:00
fixup! Firefox preference overrides.
Bug 41736 - Stop setting the browser.uiCustomization.state preference.
- - - - -
352acb10 by Henry Wilkes at 2023-04-20T20:03:08+00:00
Bug 41736 - Customize toolbar for tor-browser.
- - - - -
96796fa5 by Henry Wilkes at 2023-04-20T20:03:08+00:00
fixup! Bug 40562: Added Tor Browser preferences to 000-tor-browser.js
Bug 41736 - Stop setting the browser.uiCustomization.state preference.
- - - - -
9b35dbeb by hackademix at 2023-04-20T20:11:22+00:00
Bug 41728: Pin bridges.torproject.org domains to Let's Encrypt's root cert public key
- - - - -
0db7a4bd by Richard Pospesel at 2023-04-23T11:51:30+00:00
fixup! Bug 41649: Create rebase and security backport gitlab issue templates
- - - - -
d1f3b52e by Henry Wilkes at 2023-05-04T08:43:14+00:00
fixup! Bug 10760: Integrate TorButton to TorBrowser core
Bug 41607 - New icon for new circuit toolbar button
- - - - -
10 changed files:
- .gitlab/issue_templates/Backport Android Security Fixes.md
- .gitlab/issue_templates/Rebase Browser - Alpha.md
- .gitlab/issue_templates/Rebase Browser - Stable.md
- browser/app/profile/000-tor-browser.js
- browser/app/profile/001-base-profile.js
- browser/components/customizableui/CustomizableUI.jsm
- browser/components/extensions/parent/ext-browserAction.js
- browser/components/preferences/main.js
- browser/themes/shared/icons/new_circuit.svg
- security/manager/ssl/StaticHPKPins.h
Changes:
=====================================
.gitlab/issue_templates/Backport Android Security Fixes.md
=====================================
@@ -4,6 +4,7 @@
- example : `102.8.0`
- `$(RR_VERSION)` : the Mozilla defined Rapid-Release version; Tor Browser for Android is based off of the `$(ESR_VERSION)`, but Mozilla's Firefox for Android is based off of the `$(RR_VERSION)` so we need to keep track of security vulnerabilities to backport from the monthly Rapid-Release train and our frozen ESR train.
- example: `110`
+- `$(PROJECT_NAME)` : the name of the browser project, either `base-browser` or `tor-browser`
- `$(TOR_BROWSER_MAJOR)` : the Tor Browser major version
- example : `12`
- `$(TOR_BROWSER_MINOR)` : the Tor Browser minor version
@@ -12,7 +13,7 @@
- example : `build1`
</details>
-**NOTE:** It is assumed the `tor-browser` rebase has already happened and there exists a `build1` build tag for both `base-browser` and `tor-browser`
+**NOTE:** It is assumed the `tor-browser` rebase (stable and alpha) has already happened and there exists a `build1` build tags for both `base-browser` and `tor-browser` (stable and alpha)
### **Bookkeeping**
@@ -36,26 +37,53 @@
- Create link to the CVE on [mozilla.org](https://www.mozilla.org/en-US/security/advisories/)
- example: https://www.mozilla.org/en-US/security/advisories/mfsa2023-05/#CVE-2023-257…
- Create link to the associated Bugzilla issues (found in the CVE description)
- - Create a link to the relevant `gecko-dev`/other commit hashes which need to be backported OR a brief justification for why the fix does not need to be backported
+ - Create links to the relevant `gecko-dev`/other commit hashes which need to be backported OR a brief justification for why the fix does not need to be backported
- To find the `gecko-dev` version of a `mozilla-central`, search for a unique string in the relevant `mozilla-central` commit message in the `gecko-dev/release` branch log.
- **NOTE:** This process is unfortunately somewhat poorly defined/ad-hoc given the general variation in how Bugzilla issues are labeled and resolved. In general this is going to involve a bit of hunting to identify needed commits or determining whether or not the fix is relevant.
+### CVEs
+
+<!-- CVE Resolution Template, foreach CVE to investigate add an entry in the form:
+- [ ] https://www.mozilla.org/en-US/security/advisories/mfsaYYYY-NN/#CVE-YYYY-XXX… // CVE description
+ - https://bugzilla.mozilla.org/show_bug.cgi?id=NNNNNN // Bugzilla issue
+ - **Note** : Any relevant info about this fix, justification for why it is not necessary, etc
+ - **Patches**
+ - firefox-android : https://link.to/relevant/patch
+ - firefox : https://link.to/relevant/patch
+ -->
### **tor-browser** : https://gitlab.torproject.org/tpo/applications/tor-browser.git
- [ ] Backport any Android-specific security fixes from Firefox rapid-release
- - [ ] Sign/Tag commit:
- - Tag : `tor-browser-$(ESR_VERSION)-$(TOR_BROWSER_MAJOR).$(TOR_BROWSER_MINOR)-1-$(BUILD_N)`
+ - [ ] Backport patches to `tor-browser` stable branch
+ - [ ] Open MR
+ - [ ] Merge
+ - [ ] Rebase patches onto:
+ - [ ] `base-browser` stable
+ - [ ] `tor-browser` alpha
+ - [ ] `base-browser` alpha
+ - [ ] Sign/Tag commits:
+ - Tag : `$(PROJECT_NAME)-$(ESR_VERSION)-$(TOR_BROWSER_MAJOR).$(TOR_BROWSER_MINOR)-1-$(BUILD_N)`
- Message: `Tagging $(BUILD_N) for $(ESR_VERSION)-based alpha)`
- - [ ] Push tag to `origin`
+ - [ ] `base-browser` stable
+ - [ ] `tor-browser` stable
+ - [ ] `base-browser` alpha
+ - [ ] `tor-browser` alpha
+ - [ ] Push tags to `origin`
**OR**
- [ ] No backports
### **application-services** : *TODO: we will need to setup a gitlab copy of this repo that we can apply security backports to if there are ever any security issues here*
- [ ] Backport any Android-specific security fixes from Firefox rapid-release
- - [ ] Sign/Tag commit:
+ - [ ] Backport patches to `application-services` stable branch
+ - [ ] Open MR
+ - [ ] Merge
+ - [ ] Rebase patches onto `application-services` alpha
+ - [ ] Sign/Tag commits:
- Tag : `application-services-$(ESR_VERSION)-$(TOR_BROWSER_MAJOR).$(TOR_BROWSER_MINOR)-1-$(BUILD_N)`
- Message: `Tagging $(BUILD_N) for $(ESR_VERSION)-based alpha`
- - [ ] Push tag to `origin`
+ - [ ] `application-services` stable
+ - [ ] `application-services` alpha
+ - [ ] Push tags to `origin`
**OR**
- [ ] No backports
@@ -63,10 +91,16 @@
### **android-components** : https://gitlab.torproject.org/tpo/applications/android-components.git
- [ ] Backport any Android-specific security fixes from Firefox rapid-release
- **NOTE**: Since November 2022, this repo has been merged with `fenix` into a singular `firefox-android` repo: https://github.com/mozilla-mobile/firefox-android. Any backport will require a patch rewrite to apply to our legacy `android-components` project.
- - [ ] Sign/Tag commit:
+ - [ ] Backport patches to `android-components` stable branch
+ - [ ] Open MR
+ - [ ] Merge
+ - [ ] Rebase patches onto `android-components` alpha
+ - [ ] Sign/Tag commits:
- Tag : `android-components-$(ESR_VERSION)-$(TOR_BROWSER_MAJOR).$(TOR_BROWSER_MINOR)-1-$(BUILD_N)`
- Message: `Tagging $(BUILD_N) for $(ESR_VERSION)-based alpha)`
- - [ ] Push tag to `origin`
+ - [ ] `android-components` stable
+ - [ ] `android-components` alpha
+ - [ ] Push tags to `origin`
**OR**
- [ ] No backports
@@ -74,15 +108,17 @@
### **fenix** : https://gitlab.torproject.org/tpo/applications/fenix.git
- [ ] Backport any Android-specific security fixes from Firefox rapid-release
- **NOTE**: Since February 2023, this repo has been merged with `android-components` into a singular `firefox-android` repo: https://github.com/mozilla-mobile/firefox-android. Any backport will require a patch rewrite to apply to our legacy `fenix` project.
- - [ ] Sign/Tag commit:
+ - [ ] Backport patches to `fenix` stable branch
+ - [ ] Open MR
+ - [ ] Merge
+ - [ ] Rebase patches onto `fenix` alpha
+ - [ ] Sign/Tag commits:
- Tag : `tor-browser-$(ESR_VERSION)-$(TOR_BROWSER_MAJOR).$(TOR_BROWSER_MINOR)-1-$(BUILD_N)`
- Message: `Tagging $(BUILD_N) for $(ESR_VERSION)-based alpha)`
- - [ ] Push tag to `origin`
+ - [ ] `fenix` stable
+ - [ ] `fenix` alpha
+ - [ ] Push tags to `origin`
**OR**
- [ ] No backports
-### CVEs
-
-<!-- Create CVE resolution here -->
-
/confidential
=====================================
.gitlab/issue_templates/Rebase Browser - Alpha.md
=====================================
@@ -27,14 +27,46 @@
- [ ] Link this issue to the appropriate [Release Prep](https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/is… issue.
+### Update Branch Protection Rules
+
+- [ ] In [Repository Settings](https://gitlab.torproject.org/tpo/applications/tor-browser/-/sett…:
+ - [ ] Remove previous alpha `base-browser` and `tor-browser` branch protection rules (this will prevent pushing new changes to the branches being rebased)
+ - [ ] Create new `base-browser` and `tor-browser` branch protection rule:
+ - **Branch**: `*-$(ESR_VERSION)esr-$(BROWSER_MAJOR).$(BROWSER_MINOR)-1*`
+ - example: `*-102.8.0esr-12.5-1*`
+ - **Allowed to merge**: `Maintainers`
+ - **Allowed to push and merge**: `Maintainers`
+ - **Allowed to force push**: `false`
+
+### **Create New Branches**
+
+- [ ] Create new alpha `base-browser` branch from Firefox mercurial tag (found during the stable rebase)
+ - branch name in the form: `base-browser-$(ESR_VERSION)esr-$(BROWSER_MAJOR).$(BROWSER_MINOR)-1`
+ - example: `base-browser-102.8.0esr-12.5-1`
+- [ ] Create new alpha `tor-browser` branch from Firefox mercurial tag
+ - branch name in the form: `tor-browser-$(ESR_VERSION)esr-$(BROWSER_MAJOR).$(BROWSER_MINOR)-1`
+ - example: `tor-browser-102.8.0esr-12.5-1`
+- [ ] Push new `base-browser` branch to `origin`
+- [ ] Push new `tor-browser` branch to `origin`
+
### **Rebase base-browser**
-- [ ] Checkout a new branch for the `base-browser` rebase
+- [ ] Checkout a new local branch for the `base-browser` rebase
- example: `git branch base-browser-rebase FIREFOX_102_8_0esr_BUILD1`
- [ ] Cherry-pick the previous `base-browser` commits up to `base-browser`'s `build1` tag onto new `base-browser` rebase branch
- example: `git cherry-pick FIREFOX_102_7_0esr_BUILD1..base-browser-102.7.0esr-12.5-1-build1`
- [ ] Rebase and autosquash these cherry-picked commits
- example: `git rebase --autosquash --interactive FIREFOX_102_8_0esr_BUILD1 HEAD`
+ - [ ] **(Optional)** Patch reordering
+ - Relocate new `base-browser` patches in the patch-set to enforce this rough thematic ordering:
+ - **MOZILLA BACKPORTS** - official Firefox patches we have backported to our ESR branch: Android-specific security updates, critical bug fixes, worthwhile features, etc
+ - **MOZILLA REVERTS** - revert commits of official Firefox patches
+ - **UPLIFT CANDIDATES** - patches which stand on their own and should be uplifted to `mozilla-central`
+ - **BUILD CONFIGURATION** - tools/scripts, gitlab templates, etc
+ - **BROWSER CONFIGURATION** - branding, mozconfigs, preference overrides, etc
+ - **SECURITY PATCHES** - security improvements, hardening, etc
+ - **PRIVACY PATCHES** - fingerprinting, linkability, proxy bypass, etc
+ - **FEATURES** - new functionality: updater, UX, letterboxing, security level, add-on integration, etc
- [ ] Cherry-pick remainder of patches after the `build1` tag
- example: `git cherry-pick base-browser-102.7.0esr-12.5-1-build1 origin/base-browser-102.7.0esr-12.5-1`
- [ ] Compare patch sets to ensure nothing *weird* happened during conflict resolution:
@@ -61,15 +93,30 @@
- example: `git cherry-pick base-browser-102.7.0esr-12.5-1-build1..tor-browser-102.7.0esr-12.5-1-build1`
- [ ] Rebase and autosquash these cherry-picked commits (from the last new `base-browser` commit to `HEAD`)
- example: `git rebase --autosquash --interactive base-browser-102.8.0esr-12.5-1-build1 HEAD`
+ - [ ] **(Optional)** Patch reordering
+ - Relocate new `tor-browser` patches in the patch-set to enforce this rough thematic ordering:
+ - **BUILD CONFIGURATION** - tools/scripts, gitlab templates, etc
+ - **BROWSER CONFIGURATION** - branding, mozconfigs, preference overrides, etc
+ - **UPDATER PATCHES** - updater tweaks, signing keys, etc
+ - **SECURITY PATCHES** - non tor-dependent security improvements, hardening, etc
+ - **PRIVACY PATCHES** - non tor-dependent fingerprinting, linkability, proxy bypass, etc
+ - **FEAURES** - non tor-dependent features
+ - **TOR INTEGRATION** - legacy tor-launcher/torbutton, tor modules, bootstrapping, etc
+ - **TOR SECURITY PATCHES** - tor-specific security improvements
+ - **TOR PRIVACY PATCHES** - tor-specific privacy improvements
+ - **TOR FEATURES** - new tor-specific functionality: manual, onion-location, onion service client auth, etc
- [ ] Cherry-pick remainder of patches after the last `buildN` tag
- example: `git cherry-pick base-browser-102.7.0esr-12.5-1-build1..origin/tor-browser-102.7.0esr-12.5-1`
+- [ ] Rebase and autosquash again (from the last new `base-browser` commit to `HEAD`), this time replacing all `fixup` and `squash` commands with `pick`. The goal here is to have all of the `fixup` and `squash` commits beside the commit which they modify.
+ - example: `git rebase --autosquash --interactive base-browser-102.8.0esr-12.5-1-build1 HEAD`
+ - **NOTE**: Do not allow `fixup` or `squash` commands here!
- [ ] Compare patch sets to ensure nothing *weird* happened during conflict resolution:
- [ ] diff of diffs:
- Do the diff between `current_patchset.diff` and `rebased_patchset.diff` with your preferred difftool and look at differences on lines that starts with + or -
- `git diff $(ESR_TAG_PREV)..$(BROWSER_BRANCH_PREV) > current_patchset.diff`
- `git diff $(ESR_TAG)..$(BROWSER_BRANCH) > rebased_patchset.diff`
- diff `current_patchset.diff` and `rebased_patchset.diff`
- - If everything went correctly, the only lines which should differ should be the lines starting with `index abc123...def456`
+ - If everything went correctly, the only lines which should differ should be the lines starting with `index abc123...def456` (unless the previous `base-browser` branch includes changes not included in the previous `tor-browser` branch)
- [ ] rangediff: `git range-diff $(ESR_TAG_PREV)..$(TOR_BROWSER_BRANCH_PREV) $(ESR_TAG)..HEAD`
- example: `git range-dif FIREFOX_102_7_0esr_BUILD1..origin/tor-browser-102.7.0esr-12.5-1 FIREFOX_102_8_0esr_BUILD1..HEAD`
- [ ] Open MR for the `tor-browser` rebase
=====================================
.gitlab/issue_templates/Rebase Browser - Stable.md
=====================================
@@ -25,6 +25,17 @@
- [ ] Link this issue to the appropriate [Release Prep](https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/is… issue.
+### Update Branch Protection Rules
+
+- [ ] In [Repository Settings](https://gitlab.torproject.org/tpo/applications/tor-browser/-/sett…:
+ - [ ] Remove previous stable `base-browser` and `tor-browser` branch protection rules (this will prevent pushing new changes to the branches being rebased)
+ - [ ] Create new `base-browser` and `tor-browser` branch protection rule:
+ - **Branch**: `*-$(ESR_VERSION)esr-$(BROWSER_MAJOR).$(BROWSER_MINOR)-1*`
+ - example: `*-102.8.0esr-12.0-1*`
+ - **Allowed to merge**: `Maintainers`
+ - **Allowed to push and merge**: `Maintainers`
+ - **Allowed to force push**: `false`
+
### **Identify the Firefox Tagged Commit and Create New Branches**
- [ ] Find the Firefox mercurial tag here : https://hg.mozilla.org/releases/mozilla-esr102/tags
@@ -48,7 +59,7 @@
### **Rebase base-browser**
-- [ ] Checkout a new branch for the `base-browser` rebase
+- [ ] Checkout a new local branch for the `base-browser` rebase
- example: `git branch base-browser-rebase FIREFOX_102_8_0esr_BUILD1`
- [ ] Cherry-pick the previous `base-browser` commits up to `base-browser`'s `build1` tag onto new `base-browser` rebase branch
- example: `git cherry-pick FIREFOX_102_7_0esr_BUILD1..base-browser-102.7.0esr-12.0-1-build1`
@@ -72,6 +83,7 @@
- Message : `Tagging build1 for $(ESR_VERSION)esr-based stable`
- [ ] Push tag to `origin`
+
### **Rebase tor-browser**
- [ ] Checkout a new branch for the `tor-browser` rebase starting from the `base-browser` `build1` tag
@@ -88,7 +100,7 @@
- `git diff $(ESR_TAG_PREV)..$(BROWSER_BRANCH_PREV) > current_patchset.diff`
- `git diff $(ESR_TAG)..$(BROWSER_BRANCH) > rebased_patchset.diff`
- diff `current_patchset.diff` and `rebased_patchset.diff`
- - If everything went correctly, the only lines which should differ should be the lines starting with `index abc123...def456`
+ - If everything went correctly, the only lines which should differ should be the lines starting with `index abc123...def456` (unless the previous `base-browser` branch includes changes not included in the previous `tor-browser` branch)
- [ ] rangediff: `git range-diff $(ESR_TAG_PREV)..$(TOR_BROWSER_BRANCH_PREV) $(ESR_TAG)..HEAD`
- example: `git range-dif FIREFOX_102_7_0esr_BUILD1..origin/tor-browser-102.7.0esr-12.0-1 FIREFOX_102_8_0esr_BUILD1..HEAD`
- [ ] Open MR for the `tor-browser` rebase
@@ -97,4 +109,3 @@
- Tag : `tor-browser-$(ESR_VERSION)esr-$(BROWSER_MAJOR).$(BROWSER_MINOR)-1-build1`
- Message : `Tagging build1 for $(ESR_VERSION)esr-based stable`
- [ ] Push tag to `origin`
-
=====================================
browser/app/profile/000-tor-browser.js
=====================================
@@ -30,8 +30,6 @@ pref("network.security.ports.banned", "", locked);
pref("network.dns.disabled", true); // This should cover the #5741 patch for DNS leaks
pref("network.http.max-persistent-connections-per-proxy", 256);
-pref("browser.uiCustomization.state", "{\"placements\":{\"widget-overflow-fixed-list\":[],\"PersonalToolbar\":[\"personal-bookmarks\"],\"nav-bar\":[\"back-button\",\"forward-button\",\"stop-reload-button\",\"urlbar-container\",\"torbutton-button\",\"security-level-button\",\"new-identity-button\",\"downloads-button\"],\"TabsToolbar\":[\"tabbrowser-tabs\",\"new-tab-button\",\"alltabs-button\"],\"toolbar-menubar\":[\"menubar-items\"],\"PanelUI-contents\":[\"home-button\",\"edit-controls\",\"zoom-controls\",\"new-window-button\",\"save-page-button\",\"print-button\",\"bookmarks-menu-button\",\"history-panelmenu\",\"find-button\",\"preferences-button\",\"add-ons-button\",\"developer-button\"],\"addon-bar\":[\"addonbar-closebutton\",\"status-bar\"]},\"seen\":[\"developer-button\",\"_73a6fe31-595d-460b-a920-fcc0f8843232_-browser-action\"],\"dirtyAreaCache\":[\"PersonalToolbar\",\"nav-bar\",\"TabsToolbar\",\"toolbar-menubar\"],\"currentVersion\":14,\"newElementCount\":1}");
-
// Treat .onions as secure
pref("dom.securecontext.allowlist_onions", true);
=====================================
browser/app/profile/001-base-profile.js
=====================================
@@ -464,9 +464,6 @@ pref("intl.multilingual.downloadEnabled", false);
// Disk activity: Disable storage.sync (tor-browser#41424)
pref("webextensions.storage.sync.enabled", false);
-// Toolbar layout
-pref("browser.uiCustomization.state", "{\"placements\":{\"widget-overflow-fixed-list\":[],\"PersonalToolbar\":[\"personal-bookmarks\"],\"nav-bar\":[\"back-button\",\"forward-button\",\"stop-reload-button\",\"urlbar-container\",\"security-level-button\",\"new-identity-button\",\"downloads-button\"],\"TabsToolbar\":[\"tabbrowser-tabs\",\"new-tab-button\",\"alltabs-button\"],\"toolbar-menubar\":[\"menubar-items\"],\"PanelUI-contents\":[\"home-button\",\"edit-controls\",\"zoom-controls\",\"new-window-button\",\"save-page-button\",\"print-button\",\"bookmarks-menu-button\",\"history-panelmenu\",\"find-button\",\"preferences-button\",\"add-ons-button\",\"developer-button\"],\"addon-bar\":[\"addonbar-closebutton\",\"status-bar\"]},\"seen\":[\"developer-button\"],\"dirtyAreaCache\":[\"PersonalToolbar\",\"nav-bar\",\"TabsToolbar\",\"toolbar-menubar\"],\"currentVersion\":14,\"newElementCount\":1}");
-
// Enforce certificate pinning, see: https://bugs.torproject.org/16206
pref("security.cert_pinning.enforcement_level", 2);
@@ -499,6 +496,10 @@ pref("browser.urlbar.suggest.topsites", false);
// is only reported via telemetry (which is disabled). See tor-browser#40048.
pref("corroborator.enabled", false);
+// tor-browser#41417: do not allow live reload until we switch to Fluent and
+// stop using .textContent.
+pref("intl.multilingual.liveReload", false);
+
// Onboarding.
pref("browser.onboarding.tourset-version", 5);
pref("browser.onboarding.newtour", "welcome,privacy,tor-network-9.0,circuit-display,security,expect-differences,onion-services,learn-more");
=====================================
browser/components/customizableui/CustomizableUI.jsm
=====================================
@@ -65,6 +65,16 @@ const kSubviewEvents = ["ViewShowing", "ViewHiding"];
*/
var kVersion = 17;
+/**
+ * The current version for base browser.
+ */
+var kVersionBaseBrowser = 1;
+
+/**
+ * The current version for tor browser.
+ */
+var kVersionTorBrowser = 1;
+
/**
* Buttons removed from built-ins by version they were removed. kVersion must be
* bumped any time a new id is added to this. Use the button id as key, and
@@ -218,6 +228,8 @@ var CustomizableUIInternal = {
this._updateForNewVersion();
this._updateForNewProtonVersion();
this._markObsoleteBuiltinButtonsSeen();
+ this._updateForBaseBrowser();
+ this._updateForTorBrowser();
this.registerArea(
CustomizableUI.AREA_FIXED_OVERFLOW_PANEL,
@@ -236,10 +248,17 @@ var CustomizableUIInternal = {
Services.policies.isAllowed("removeHomeButtonByDefault")
? null
: "home-button",
- "spring",
+ // Don't want springs either side of the urlbar. tor-browser#41736
"urlbar-container",
- "spring",
- "save-to-pocket-button",
+ // save-to-pocket-button is entirely disabled. See tor-browser#18886 and
+ // tor-browser#31602.
+ // Base-browser additions tor-browser#41736. If you want to add to, remove
+ // from, or rearrange this list, then bump the kVersionBaseBrowser and
+ // update existing saved states in _updateForBaseBrowser.
+ // Or if the change is only meant for tor-browser, bump kVersionTorBrowser
+ // instead and update the existing saved states in _updateForTorBrowser.
+ "security-level-button",
+ "new-identity-button",
"downloads-button",
AppConstants.MOZ_DEV_EDITION ? "developer-button" : null,
"fxa-toolbar-menu-button",
@@ -255,6 +274,10 @@ var CustomizableUIInternal = {
},
true
);
+ // navbarPlacements does not match the initial default XHTML layout.
+ // Therefore we always need to rebuild the navbar area when
+ // registerToolbarNode is called. tor-browser#41736
+ gDirtyAreaCache.add(CustomizableUI.AREA_NAVBAR);
if (AppConstants.MENUBAR_CAN_AUTOHIDE) {
this.registerArea(
@@ -687,6 +710,123 @@ var CustomizableUIInternal = {
}
},
+ _updateForBaseBrowser() {
+ if (!gSavedState) {
+ // Use the defaults.
+ return;
+ }
+
+ const currentVersion = gSavedState.currentVersionBaseBrowser;
+
+ if (currentVersion < 1) {
+ // NOTE: In base-browser/tor-browser version 12.5a5, and earlier, the
+ // toolbar was configured by setting the full JSON string for the default
+ // "browser.uiCustomization.state" preference value. The disadvantage is
+ // that we could not update this value in a way that existing users (who
+ // would have non-default preference values) would also get the desired
+ // change (e.g. for adding or removing a button).
+ //
+ // With tor-browser#41736 we want to switch to changing the toolbar
+ // dynamically like firefox. Therefore, this first version transfer simply
+ // gets the toolbar into the same state we wanted before, away from the
+ // default firefox state.
+ //
+ // If an existing user state aligned with the previous default
+ // "browser.uiCustomization.state" then this shouldn't visibly change
+ // anything.
+ // If a user explicitly customized the toolbar to go back to the firefox
+ // default, then this may undo those changes.
+ const navbarPlacements =
+ gSavedState.placements[CustomizableUI.AREA_NAVBAR];
+ if (navbarPlacements) {
+ const getBeforeAfterUrlbar = () => {
+ // NOTE: The urlbar is non-removable from the navbar, so should have
+ // an index.
+ const index = navbarPlacements.indexOf("urlbar-container");
+ let after = index + 1;
+ if (
+ after < navbarPlacements.length &&
+ navbarPlacements[after] === "search-container"
+ ) {
+ // Skip past the search-container.
+ after++;
+ }
+ return { before: index - 1, after };
+ };
+
+ // Remove the urlbar springs either side of the urlbar.
+ const { before, after } = getBeforeAfterUrlbar();
+ if (
+ after < navbarPlacements.length &&
+ this.matchingSpecials(navbarPlacements[after], "spring")
+ ) {
+ // Remove the spring after.
+ navbarPlacements.splice(after, 1);
+ // NOTE: The `before` index does not change.
+ }
+ if (
+ before >= 0 &&
+ this.matchingSpecials(navbarPlacements[before], "spring")
+ ) {
+ // Remove the spring before.
+ navbarPlacements.splice(before, 1);
+ }
+
+ // Make sure the security-level-button and new-identity-button appears
+ // in the toolbar.
+ for (const id of ["new-identity-button", "security-level-button"]) {
+ let alreadyAdded = false;
+ for (const placements of Object.values(gSavedState.placements)) {
+ if (placements.includes(id)) {
+ alreadyAdded = true;
+ break;
+ }
+ }
+ if (alreadyAdded) {
+ continue;
+ }
+
+ // Add to the nav-bar, after the urlbar-container.
+ // NOTE: We have already removed the spring after the urlbar.
+ navbarPlacements.splice(getBeforeAfterUrlbar().after, 0, id);
+ }
+ }
+
+ // Remove save-to-pocket-button. See tor-browser#18886 and
+ // tor-browser#31602.
+ for (const placements of Object.values(gSavedState.placements)) {
+ let buttonIndex = placements.indexOf("save-to-pocket-button");
+ if (buttonIndex != -1) {
+ placements.splice(buttonIndex, 1);
+ }
+ }
+
+ // Remove unused fields that used to be part of
+ // "browser.uiCustomization.state".
+ delete gSavedState.placements["PanelUI-contents"];
+ delete gSavedState.placements["addon-bar"];
+ }
+ },
+
+ _updateForTorBrowser() {
+ if (!gSavedState) {
+ // Use the defaults.
+ return;
+ }
+
+ const currentVersion = gSavedState.currentVersionTorBrowser;
+
+ if (currentVersion < 1) {
+ // Remove torbutton-button, which no longer exists.
+ for (const placements of Object.values(gSavedState.placements)) {
+ let buttonIndex = placements.indexOf("torbutton-button");
+ if (buttonIndex != -1) {
+ placements.splice(buttonIndex, 1);
+ }
+ }
+ }
+ },
+
_placeNewDefaultWidgetsInArea(aArea) {
let futurePlacedWidgets = gFuturePlacements.get(aArea);
let savedPlacements =
@@ -2501,6 +2641,14 @@ var CustomizableUIInternal = {
gSavedState.currentVersion = 0;
}
+ if (!("currentVersionBaseBrowser" in gSavedState)) {
+ gSavedState.currentVersionBaseBrowser = 0;
+ }
+
+ if (!("currentVersionTorBrowser" in gSavedState)) {
+ gSavedState.currentVersionTorBrowser = 0;
+ }
+
gSeenWidgets = new Set(gSavedState.seen || []);
gDirtyAreaCache = new Set(gSavedState.dirtyAreaCache || []);
gNewElementCount = gSavedState.newElementCount || 0;
@@ -2579,6 +2727,8 @@ var CustomizableUIInternal = {
seen: gSeenWidgets,
dirtyAreaCache: gDirtyAreaCache,
currentVersion: kVersion,
+ currentVersionBaseBrowser: kVersionBaseBrowser,
+ currentVersionTorBrowser: kVersionTorBrowser,
newElementCount: gNewElementCount,
};
=====================================
browser/components/extensions/parent/ext-browserAction.js
=====================================
@@ -193,6 +193,10 @@ this.browserAction = class extends ExtensionAPIPersistent {
}
build() {
+ // The extension ID for NoScript (WebExtension)
+ const isNoScript =
+ this.extension.id === "{73a6fe31-595d-460b-a920-fcc0f8843232}";
+
let widget = CustomizableUI.createWidget({
id: this.id,
viewId: this.viewId,
@@ -200,7 +204,11 @@ this.browserAction = class extends ExtensionAPIPersistent {
removable: true,
label: this.action.getProperty(null, "title"),
tooltiptext: this.action.getProperty(null, "title"),
- defaultArea: browserAreas[this.action.getDefaultArea()],
+ // Do not want to add the NoScript extension to the toolbar by default.
+ // tor-browser#41736
+ defaultArea: isNoScript
+ ? null
+ : browserAreas[this.action.getDefaultArea()],
showInPrivateBrowsing: this.extension.privateBrowsingAllowed,
// Don't attempt to load properties from the built-in widget string
=====================================
browser/components/preferences/main.js
=====================================
@@ -1196,17 +1196,18 @@ var gMainPane = {
gMainPane.recordBrowserLanguagesTelemetry("reorder");
switch (gMainPane.getLanguageSwitchTransitionType(newLocales)) {
- // tor-browser#41417: Always prompt for the restart, until we switch to
- // Fluent, since the current way we use to update languages does not allow
- // live-reload. We could also call showConfirmLanguageChangeMessageBar in
- // the official live-reload case, but the result is inconsistent and makes
- // handling the locales-match case harder.
case "requires-restart":
- case "live-reload":
// Prepare to change the locales, as they were different.
gMainPane.showConfirmLanguageChangeMessageBar(newLocales);
gMainPane.updatePrimaryBrowserLanguageUI(newLocales[0]);
break;
+ case "live-reload":
+ Services.locale.requestedLocales = newLocales;
+ gMainPane.updatePrimaryBrowserLanguageUI(
+ Services.locale.appLocaleAsBCP47
+ );
+ gMainPane.hideConfirmLanguageChangeMessageBar();
+ break;
case "locales-match":
// They matched, so we can reset the UI.
gMainPane.updatePrimaryBrowserLanguageUI(
@@ -1459,12 +1460,18 @@ var gMainPane = {
}
switch (gMainPane.getLanguageSwitchTransitionType(selected)) {
- // tor-browser#41417: see onPrimaryBrowserLanguageMenuChange
case "requires-restart":
- case "live-reload":
gMainPane.showConfirmLanguageChangeMessageBar(selected);
gMainPane.updatePrimaryBrowserLanguageUI(selected[0]);
break;
+ case "live-reload":
+ Services.locale.requestedLocales = selected;
+
+ gMainPane.updatePrimaryBrowserLanguageUI(
+ Services.locale.appLocaleAsBCP47
+ );
+ gMainPane.hideConfirmLanguageChangeMessageBar();
+ break;
case "locales-match":
// They matched, so we can reset the UI.
gMainPane.updatePrimaryBrowserLanguageUI(
=====================================
browser/themes/shared/icons/new_circuit.svg
=====================================
@@ -1,6 +1,4 @@
-<svg width="16px" height="16px" viewBox="0 0 16 16" version="1.1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink">
- <g stroke="none" stroke-width="1" fill="context-fill" fill-rule="evenodd" opacity="context-fill-opacity">
- <path d="m10.707 6h3.993l.3-.3v-3.993c.0002-.09902-.0291-.19586-.084-.27825s-.1331-.14661-.2245-.18453c-.0915-.03792-.1922-.04782-.2893-.02845-.0971.01936-.1863.06713-.2562.13723l-1.459 1.459c-1.2817-1.16743-2.95335-1.813714-4.687-1.812-3.859 0-7 3.141-7 7s3.141 7 7 7c1.74123.007 3.422-.6379 4.7116-1.8079 1.2896-1.1701 2.0945-2.7804 2.2564-4.5141.0156-.1649-.0348-.32927-.1401-.4571s-.2571-.2087-.4219-.2249c-.1644-.01324-.3275.03801-.4548.1429s-.2088.2552-.2272.4191c-.1334 1.42392-.7948 2.7464-1.854 3.7072-1.0593.9609-2.43986 1.4905-3.87 1.4848-3.171 0-5.75-2.579-5.75-5.75s2.579-5.75 5.75-5.75c1.40277-.00207 2.7572.5123 3.805 1.445l-1.451 1.451c-.07.06987-.1178.15895-.1372.25597-.0194.09701-.0096.1976.0282.28903.0378.09144.1019.1696.1841.22461.0823.055.179.08437.2779.08439z"/>
- <path d="m8 12.5c-2.48528 0-4.5-2.0147-4.5-4.5 0-2.48528 2.01472-4.5 4.5-4.5z"/>
- </g>
+<svg width="16" height="16" viewBox="0 0 16 16" fill="none" xmlns="http://www.w3.org/2000/svg">
+<path fill-rule="evenodd" clip-rule="evenodd" d="M10.5994 2.89744C9.52191 2.34851 8.2983 2.15477 7.10392 2.34398C6.64247 2.41708 6.19453 2.5459 5.76923 2.72578C5.82159 2.91042 5.84961 3.10529 5.84961 3.3067C5.84961 4.48031 4.89821 5.4317 3.72461 5.4317C2.551 5.4317 1.59961 4.48031 1.59961 3.3067C1.59961 2.1331 2.551 1.1817 3.72461 1.1817C4.23757 1.1817 4.70808 1.36346 5.07525 1.66608C5.65429 1.3987 6.27072 1.21038 6.90834 1.10937C8.36342 0.878863 9.85413 1.11489 11.1668 1.78364C12.4795 2.45239 13.5468 3.51953 14.2158 4.83212C14.8848 6.14471 15.121 7.63538 14.8907 9.0905C14.8368 9.43143 14.5167 9.66408 14.1757 9.61013C13.8348 9.55617 13.6022 9.23605 13.6561 8.89511C13.8451 7.70071 13.6512 6.47713 13.1021 5.39971C12.553 4.3223 11.6769 3.44636 10.5994 2.89744ZM4.64961 3.3067C4.64961 3.81756 4.23547 4.2317 3.72461 4.2317C3.21375 4.2317 2.79961 3.81756 2.79961 3.3067C2.79961 2.79584 3.21375 2.3817 3.72461 2.3817C4.23547 2.3817 4.64961 2.79584 4.64961 3.3067Z" fill="context-fill"/>
+<path fill-rule="evenodd" clip-rule="evenodd" d="M1.82421 6.38991C2.16514 6.44387 2.39779 6.76399 2.34383 7.10492C2.15482 8.29933 2.34875 9.52291 2.89785 10.6003C3.44695 11.6777 4.32303 12.5537 5.40053 13.1026C6.47803 13.6515 7.70165 13.8453 8.89602 13.6561C9.35628 13.5831 9.8031 13.4548 10.2274 13.2757C10.1734 13.0884 10.1445 12.8906 10.1445 12.686C10.1445 11.5124 11.0959 10.561 12.2695 10.561C13.4431 10.561 14.3945 11.5124 14.3945 12.686C14.3945 13.8596 13.4431 14.811 12.2695 14.811C11.7602 14.811 11.2927 14.6318 10.9267 14.333C10.3471 14.6009 9.72997 14.7895 9.0916 14.8907C7.63652 15.1212 6.14581 14.8851 4.83311 14.2164C3.52042 13.5476 2.45311 12.4805 1.78415 11.1679C1.11519 9.85533 0.878921 8.36466 1.1092 6.90954C1.16315 6.56861 1.48327 6.33596 1.82421 6.38991ZM13.1945 12.686C13.1945 13.1968 12.7804 13.611 12.2695 13.611C11.7587 13.611 11.3445 13.1968 11.3445 12.686C11.3445 12.1751 11.7587 11.761 12.2695 11.761C12.7804 11.761 13.1945 12.1751 13.1945 12.686Z" fill="context-fill"/>
</svg>
=====================================
security/manager/ssl/StaticHPKPins.h
=====================================
@@ -451,6 +451,14 @@ static const StaticFingerprints kPinset_tor = {
kPinset_tor_Data
};
+static const char* const kPinset_tor_browser_Data[] = {
+ kISRG_Root_X1Fingerprint,
+};
+static const StaticFingerprints kPinset_tor_browser = {
+ sizeof(kPinset_tor_browser_Data) / sizeof(const char*),
+ kPinset_tor_browser_Data
+};
+
static const char* const kPinset_twitterCom_Data[] = {
kGOOGLE_PIN_VeriSignClass2_G2Fingerprint,
kGOOGLE_PIN_VeriSignClass3_G2Fingerprint,
@@ -619,6 +627,7 @@ static const TransportSecurityPreload kPublicKeyPinningPreloadList[] = {
{ "blogger.com", true, false, false, -1, &kPinset_google_root_pems },
{ "blogspot.com", true, false, false, -1, &kPinset_google_root_pems },
{ "br.search.yahoo.com", false, true, false, -1, &kPinset_yahoo },
+ { "bridges.torproject.org", false, false, false, -1, &kPinset_tor_browser },
{ "bugs.chromium.org", true, false, false, -1, &kPinset_google_root_pems },
{ "build.chromium.org", true, false, false, -1, &kPinset_google_root_pems },
{ "business.facebook.com", true, false, false, -1, &kPinset_facebook },
View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/compare/337dcb…
--
View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/compare/337dcb…
You're receiving this email because of your account on gitlab.torproject.org.