Pier Angelo Vendrame pushed to branch tor-browser-102.10.0esr-13.0-1 at The Tor Project / Applications / Tor Browser

Commits:

10 changed files:

Changes:

  • .gitlab/issue_templates/Backport Android Security Fixes.md
    ... ... @@ -4,6 +4,7 @@
    4 4
       - example : `102.8.0`
    
    5 5
     - `$(RR_VERSION)` : the Mozilla defined Rapid-Release version; Tor Browser for Android is based off of the `$(ESR_VERSION)`, but Mozilla's Firefox for Android is based off of the `$(RR_VERSION)` so we need to keep track of security vulnerabilities to backport from the monthly Rapid-Release train and our frozen ESR train.
    
    6 6
       - example: `110`
    
    7
    +- `$(PROJECT_NAME)` : the name of the browser project, either `base-browser` or `tor-browser`
    
    7 8
     - `$(TOR_BROWSER_MAJOR)` : the Tor Browser major version
    
    8 9
       - example : `12`
    
    9 10
     - `$(TOR_BROWSER_MINOR)` : the Tor Browser minor version
    
    ... ... @@ -12,7 +13,7 @@
    12 13
       - example : `build1`
    
    13 14
     </details>
    
    14 15
     
    
    15
    -**NOTE:** It is assumed the `tor-browser` rebase has already happened and there exists a `build1` build tag for both `base-browser` and `tor-browser`
    
    16
    +**NOTE:** It is assumed the `tor-browser` rebase (stable and alpha) has already happened and there exists a `build1` build tags for both `base-browser` and `tor-browser` (stable and alpha)
    
    16 17
     
    
    17 18
     ### **Bookkeeping**
    
    18 19
     
    
    ... ... @@ -36,26 +37,53 @@
    36 37
       - Create link to the CVE on [mozilla.org](https://www.mozilla.org/en-US/security/advisories/)
    
    37 38
         - example: https://www.mozilla.org/en-US/security/advisories/mfsa2023-05/#CVE-2023-25740
    
    38 39
       - Create link to the associated Bugzilla issues (found in the CVE description)
    
    39
    -  - Create a link to the relevant `gecko-dev`/other commit hashes which need to be backported OR a brief justification for why the fix does not need to be backported
    
    40
    +  - Create links to the relevant `gecko-dev`/other commit hashes which need to be backported OR a brief justification for why the fix does not need to be backported
    
    40 41
         - To find the `gecko-dev` version of a `mozilla-central`, search for a unique string in the relevant `mozilla-central` commit message in the `gecko-dev/release` branch log.
    
    41 42
         - **NOTE:** This process is unfortunately somewhat poorly defined/ad-hoc given the general variation in how Bugzilla issues are labeled and resolved. In general this is going to involve a bit of hunting to identify needed commits or determining whether or not the fix is relevant.
    
    42 43
     
    
    44
    +### CVEs
    
    45
    +
    
    46
    +<!-- CVE Resolution Template, foreach CVE to investigate add an entry in the form:
    
    47
    +- [ ] https://www.mozilla.org/en-US/security/advisories/mfsaYYYY-NN/#CVE-YYYY-XXXXX // CVE description
    
    48
    +  - https://bugzilla.mozilla.org/show_bug.cgi?id=NNNNNN // Bugzilla issue
    
    49
    +  - **Note** : Any relevant info about this fix, justification for why it is not necessary, etc
    
    50
    +  - **Patches**
    
    51
    +    - firefox-android : https://link.to/relevant/patch
    
    52
    +    - firefox : https://link.to/relevant/patch
    
    53
    + -->
    
    43 54
     
    
    44 55
     ### **tor-browser** : https://gitlab.torproject.org/tpo/applications/tor-browser.git
    
    45 56
     - [ ] Backport any Android-specific security fixes from Firefox rapid-release
    
    46
    -  - [ ] Sign/Tag commit:
    
    47
    -    - Tag : `tor-browser-$(ESR_VERSION)-$(TOR_BROWSER_MAJOR).$(TOR_BROWSER_MINOR)-1-$(BUILD_N)`
    
    57
    +  - [ ] Backport patches to `tor-browser` stable branch
    
    58
    +  - [ ] Open MR
    
    59
    +  - [ ] Merge
    
    60
    +  - [ ] Rebase patches onto:
    
    61
    +    - [ ] `base-browser` stable
    
    62
    +    - [ ] `tor-browser` alpha
    
    63
    +    - [ ] `base-browser` alpha
    
    64
    +  - [ ] Sign/Tag commits:
    
    65
    +    - Tag : `$(PROJECT_NAME)-$(ESR_VERSION)-$(TOR_BROWSER_MAJOR).$(TOR_BROWSER_MINOR)-1-$(BUILD_N)`
    
    48 66
         - Message: `Tagging $(BUILD_N) for $(ESR_VERSION)-based alpha)`
    
    49
    -  - [ ] Push tag to `origin`
    
    67
    +    - [ ] `base-browser` stable
    
    68
    +    - [ ] `tor-browser` stable
    
    69
    +    - [ ] `base-browser` alpha
    
    70
    +    - [ ] `tor-browser` alpha
    
    71
    +  - [ ] Push tags to `origin`
    
    50 72
     **OR**
    
    51 73
     - [ ] No backports
    
    52 74
     
    
    53 75
     ### **application-services** : *TODO: we will need to setup a gitlab copy of this repo that we can apply security backports to if there are ever any security issues here*
    
    54 76
     - [ ] Backport any Android-specific security fixes from Firefox rapid-release
    
    55
    -  - [ ] Sign/Tag commit:
    
    77
    +  - [ ] Backport patches to `application-services` stable branch
    
    78
    +  - [ ] Open MR
    
    79
    +  - [ ] Merge
    
    80
    +  - [ ] Rebase patches onto `application-services` alpha
    
    81
    +  - [ ] Sign/Tag commits:
    
    56 82
         - Tag : `application-services-$(ESR_VERSION)-$(TOR_BROWSER_MAJOR).$(TOR_BROWSER_MINOR)-1-$(BUILD_N)`
    
    57 83
         - Message: `Tagging $(BUILD_N) for $(ESR_VERSION)-based alpha`
    
    58
    -  - [ ] Push tag to `origin`
    
    84
    +    - [ ] `application-services` stable
    
    85
    +    - [ ] `application-services` alpha
    
    86
    +  - [ ] Push tags to `origin`
    
    59 87
       **OR**
    
    60 88
     - [ ] No backports
    
    61 89
     
    
    ... ... @@ -63,10 +91,16 @@
    63 91
     ### **android-components** : https://gitlab.torproject.org/tpo/applications/android-components.git
    
    64 92
     - [ ] Backport any Android-specific security fixes from Firefox rapid-release
    
    65 93
       - **NOTE**: Since November 2022, this repo has been merged with `fenix` into a singular `firefox-android` repo: https://github.com/mozilla-mobile/firefox-android. Any backport will require a patch rewrite to apply to our legacy `android-components` project.
    
    66
    -  - [ ] Sign/Tag commit:
    
    94
    +  - [ ] Backport patches to `android-components` stable branch
    
    95
    +  - [ ] Open MR
    
    96
    +  - [ ] Merge
    
    97
    +  - [ ] Rebase patches onto `android-components` alpha
    
    98
    +  - [ ] Sign/Tag commits:
    
    67 99
         - Tag : `android-components-$(ESR_VERSION)-$(TOR_BROWSER_MAJOR).$(TOR_BROWSER_MINOR)-1-$(BUILD_N)`
    
    68 100
         - Message: `Tagging $(BUILD_N) for $(ESR_VERSION)-based alpha)`
    
    69
    -  - [ ] Push tag to `origin`
    
    101
    +    - [ ] `android-components` stable
    
    102
    +    - [ ] `android-components` alpha
    
    103
    +  - [ ] Push tags to `origin`
    
    70 104
     **OR**
    
    71 105
     - [ ] No backports
    
    72 106
     
    
    ... ... @@ -74,15 +108,17 @@
    74 108
     ### **fenix** : https://gitlab.torproject.org/tpo/applications/fenix.git
    
    75 109
     - [ ] Backport any Android-specific security fixes from Firefox rapid-release
    
    76 110
       - **NOTE**: Since February 2023, this repo has been merged with `android-components` into a singular `firefox-android` repo: https://github.com/mozilla-mobile/firefox-android. Any backport will require a patch rewrite to apply to our legacy `fenix` project.
    
    77
    -  - [ ] Sign/Tag commit:
    
    111
    +  - [ ] Backport patches to `fenix` stable branch
    
    112
    +  - [ ] Open MR
    
    113
    +  - [ ] Merge
    
    114
    +  - [ ] Rebase patches onto `fenix` alpha
    
    115
    +  - [ ] Sign/Tag commits:
    
    78 116
         - Tag : `tor-browser-$(ESR_VERSION)-$(TOR_BROWSER_MAJOR).$(TOR_BROWSER_MINOR)-1-$(BUILD_N)`
    
    79 117
         - Message: `Tagging $(BUILD_N) for $(ESR_VERSION)-based alpha)`
    
    80
    -  - [ ] Push tag to `origin`
    
    118
    +    - [ ] `fenix` stable
    
    119
    +    - [ ] `fenix` alpha
    
    120
    +  - [ ] Push tags to `origin`
    
    81 121
     **OR**
    
    82 122
     - [ ] No backports
    
    83 123
     
    
    84
    -### CVEs
    
    85
    -
    
    86
    -<!-- Create CVE resolution here -->
    
    87
    -
    
    88 124
     /confidential

  • .gitlab/issue_templates/Rebase Browser - Alpha.md
    ... ... @@ -27,14 +27,46 @@
    27 27
     
    
    28 28
     - [ ] Link this issue to the appropriate [Release Prep](https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/?sort=updated_desc&state=opened&label_name%5B%5D=Release%20Prep) issue.
    
    29 29
     
    
    30
    +### Update Branch Protection Rules
    
    31
    +
    
    32
    +- [ ] In [Repository Settings](https://gitlab.torproject.org/tpo/applications/tor-browser/-/settings/repository):
    
    33
    +  - [ ] Remove previous alpha `base-browser` and `tor-browser` branch protection rules (this will prevent pushing new changes to the branches being rebased)
    
    34
    +  - [ ] Create new `base-browser` and `tor-browser` branch protection rule:
    
    35
    +    - **Branch**: `*-$(ESR_VERSION)esr-$(BROWSER_MAJOR).$(BROWSER_MINOR)-1*`
    
    36
    +      - example: `*-102.8.0esr-12.5-1*`
    
    37
    +    - **Allowed to merge**: `Maintainers`
    
    38
    +    - **Allowed to push and merge**: `Maintainers`
    
    39
    +    - **Allowed to force push**: `false`
    
    40
    +
    
    41
    +### **Create New Branches**
    
    42
    +
    
    43
    +- [ ] Create new alpha `base-browser` branch from Firefox mercurial tag (found during the stable rebase)
    
    44
    +  - branch name in the form: `base-browser-$(ESR_VERSION)esr-$(BROWSER_MAJOR).$(BROWSER_MINOR)-1`
    
    45
    +  - example: `base-browser-102.8.0esr-12.5-1`
    
    46
    +- [ ] Create new alpha `tor-browser` branch from Firefox mercurial tag
    
    47
    +  - branch name in the form: `tor-browser-$(ESR_VERSION)esr-$(BROWSER_MAJOR).$(BROWSER_MINOR)-1`
    
    48
    +  - example: `tor-browser-102.8.0esr-12.5-1`
    
    49
    +- [ ] Push new `base-browser` branch to `origin`
    
    50
    +- [ ] Push new `tor-browser` branch to `origin`
    
    51
    +
    
    30 52
     ### **Rebase base-browser**
    
    31 53
     
    
    32
    -- [ ] Checkout a new branch for the `base-browser` rebase
    
    54
    +- [ ] Checkout a new local branch for the `base-browser` rebase
    
    33 55
       - example: `git branch base-browser-rebase FIREFOX_102_8_0esr_BUILD1`
    
    34 56
     - [ ] Cherry-pick the previous `base-browser` commits up to `base-browser`'s `build1` tag onto new `base-browser` rebase branch
    
    35 57
       - example: `git cherry-pick FIREFOX_102_7_0esr_BUILD1..base-browser-102.7.0esr-12.5-1-build1`
    
    36 58
     - [ ] Rebase and autosquash these cherry-picked commits
    
    37 59
       - example: `git rebase --autosquash --interactive FIREFOX_102_8_0esr_BUILD1 HEAD`
    
    60
    +  - [ ] **(Optional)** Patch reordering
    
    61
    +    - Relocate new `base-browser` patches in the patch-set to enforce this rough thematic ordering:
    
    62
    +      - **MOZILLA BACKPORTS** - official Firefox patches we have backported to our ESR branch: Android-specific security updates, critical bug fixes, worthwhile features, etc
    
    63
    +      - **MOZILLA REVERTS** - revert commits of official Firefox patches
    
    64
    +      - **UPLIFT CANDIDATES** - patches which stand on their own and should be uplifted to `mozilla-central`
    
    65
    +      - **BUILD CONFIGURATION** - tools/scripts, gitlab templates, etc
    
    66
    +      - **BROWSER CONFIGURATION** - branding, mozconfigs, preference overrides, etc
    
    67
    +      - **SECURITY PATCHES** - security improvements, hardening, etc
    
    68
    +      - **PRIVACY PATCHES** - fingerprinting, linkability, proxy bypass, etc
    
    69
    +      - **FEATURES** - new functionality: updater, UX, letterboxing, security level, add-on integration, etc
    
    38 70
     - [ ] Cherry-pick remainder of patches after the `build1` tag
    
    39 71
       - example: `git cherry-pick base-browser-102.7.0esr-12.5-1-build1 origin/base-browser-102.7.0esr-12.5-1`
    
    40 72
     - [ ] Compare patch sets to ensure nothing *weird* happened during conflict resolution:
    
    ... ... @@ -61,15 +93,30 @@
    61 93
       - example: `git cherry-pick base-browser-102.7.0esr-12.5-1-build1..tor-browser-102.7.0esr-12.5-1-build1`
    
    62 94
     - [ ] Rebase and autosquash these cherry-picked commits (from the last new `base-browser` commit to `HEAD`)
    
    63 95
       - example: `git rebase --autosquash --interactive base-browser-102.8.0esr-12.5-1-build1 HEAD`
    
    96
    +  - [ ] **(Optional)** Patch reordering
    
    97
    +    - Relocate new `tor-browser` patches in the patch-set to enforce this rough thematic ordering:
    
    98
    +      - **BUILD CONFIGURATION** - tools/scripts, gitlab templates, etc
    
    99
    +      - **BROWSER CONFIGURATION** - branding, mozconfigs, preference overrides, etc
    
    100
    +      - **UPDATER PATCHES** - updater tweaks, signing keys, etc
    
    101
    +      - **SECURITY PATCHES** - non tor-dependent security improvements, hardening, etc
    
    102
    +      - **PRIVACY PATCHES** - non tor-dependent fingerprinting, linkability, proxy bypass, etc
    
    103
    +      - **FEAURES** - non tor-dependent features
    
    104
    +      - **TOR INTEGRATION** - legacy tor-launcher/torbutton, tor modules, bootstrapping, etc
    
    105
    +      - **TOR SECURITY PATCHES** - tor-specific security improvements
    
    106
    +      - **TOR PRIVACY PATCHES** - tor-specific privacy improvements
    
    107
    +      - **TOR FEATURES** - new tor-specific functionality: manual, onion-location, onion service client auth, etc
    
    64 108
     - [ ] Cherry-pick remainder of patches after the last `buildN` tag
    
    65 109
       - example: `git cherry-pick base-browser-102.7.0esr-12.5-1-build1..origin/tor-browser-102.7.0esr-12.5-1`
    
    110
    +- [ ] Rebase and autosquash again (from the last new `base-browser` commit to `HEAD`), this time replacing all `fixup` and `squash` commands with `pick`. The goal here is to have all of the `fixup` and `squash` commits beside the commit which they modify.
    
    111
    +  - example: `git rebase --autosquash --interactive base-browser-102.8.0esr-12.5-1-build1 HEAD`
    
    112
    +  - **NOTE**: Do not allow `fixup` or `squash` commands here!
    
    66 113
     - [ ] Compare patch sets to ensure nothing *weird* happened during conflict resolution:
    
    67 114
       - [ ] diff of diffs:
    
    68 115
         -  Do the diff between `current_patchset.diff` and `rebased_patchset.diff` with your preferred difftool and look at differences on lines that starts with + or -
    
    69 116
         - `git diff $(ESR_TAG_PREV)..$(BROWSER_BRANCH_PREV) > current_patchset.diff`
    
    70 117
         - `git diff $(ESR_TAG)..$(BROWSER_BRANCH) > rebased_patchset.diff`
    
    71 118
         - diff `current_patchset.diff` and `rebased_patchset.diff`
    
    72
    -      - If everything went correctly, the only lines which should differ should be the lines starting with `index abc123...def456`
    
    119
    +      - If everything went correctly, the only lines which should differ should be the lines starting with `index abc123...def456` (unless the previous `base-browser` branch includes changes not included in the previous `tor-browser` branch)
    
    73 120
       - [ ] rangediff: `git range-diff $(ESR_TAG_PREV)..$(TOR_BROWSER_BRANCH_PREV) $(ESR_TAG)..HEAD`
    
    74 121
         - example: `git range-dif FIREFOX_102_7_0esr_BUILD1..origin/tor-browser-102.7.0esr-12.5-1 FIREFOX_102_8_0esr_BUILD1..HEAD`
    
    75 122
     - [ ] Open MR for the `tor-browser` rebase
    

  • .gitlab/issue_templates/Rebase Browser - Stable.md
    ... ... @@ -25,6 +25,17 @@
    25 25
     
    
    26 26
     - [ ] Link this issue to the appropriate [Release Prep](https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/?sort=updated_desc&state=opened&label_name%5B%5D=Release%20Prep) issue.
    
    27 27
     
    
    28
    +### Update Branch Protection Rules
    
    29
    +
    
    30
    +- [ ] In [Repository Settings](https://gitlab.torproject.org/tpo/applications/tor-browser/-/settings/repository):
    
    31
    +  - [ ] Remove previous stable `base-browser` and `tor-browser` branch protection rules (this will prevent pushing new changes to the branches being rebased)
    
    32
    +  - [ ] Create new `base-browser` and `tor-browser` branch protection rule:
    
    33
    +    - **Branch**: `*-$(ESR_VERSION)esr-$(BROWSER_MAJOR).$(BROWSER_MINOR)-1*`
    
    34
    +      - example: `*-102.8.0esr-12.0-1*`
    
    35
    +    - **Allowed to merge**: `Maintainers`
    
    36
    +    - **Allowed to push and merge**: `Maintainers`
    
    37
    +    - **Allowed to force push**: `false`
    
    38
    +
    
    28 39
     ### **Identify the Firefox Tagged Commit and Create New Branches**
    
    29 40
     
    
    30 41
     - [ ] Find the Firefox mercurial tag here : https://hg.mozilla.org/releases/mozilla-esr102/tags
    
    ... ... @@ -48,7 +59,7 @@
    48 59
     
    
    49 60
     ### **Rebase base-browser**
    
    50 61
     
    
    51
    -- [ ] Checkout a new branch for the `base-browser` rebase
    
    62
    +- [ ] Checkout a new local branch for the `base-browser` rebase
    
    52 63
       - example: `git branch base-browser-rebase FIREFOX_102_8_0esr_BUILD1`
    
    53 64
     - [ ] Cherry-pick the previous `base-browser` commits up to `base-browser`'s `build1` tag onto new `base-browser` rebase branch
    
    54 65
       - example: `git cherry-pick FIREFOX_102_7_0esr_BUILD1..base-browser-102.7.0esr-12.0-1-build1`
    
    ... ... @@ -72,6 +83,7 @@
    72 83
       - Message : `Tagging build1 for $(ESR_VERSION)esr-based stable`
    
    73 84
     - [ ] Push tag to `origin`
    
    74 85
     
    
    86
    +
    
    75 87
     ### **Rebase tor-browser**
    
    76 88
     
    
    77 89
     - [ ] Checkout a new branch for the `tor-browser` rebase starting from the `base-browser` `build1` tag
    
    ... ... @@ -88,7 +100,7 @@
    88 100
         - `git diff $(ESR_TAG_PREV)..$(BROWSER_BRANCH_PREV) > current_patchset.diff`
    
    89 101
         - `git diff $(ESR_TAG)..$(BROWSER_BRANCH) > rebased_patchset.diff`
    
    90 102
         - diff `current_patchset.diff` and `rebased_patchset.diff`
    
    91
    -      - If everything went correctly, the only lines which should differ should be the lines starting with `index abc123...def456`
    
    103
    +      - If everything went correctly, the only lines which should differ should be the lines starting with `index abc123...def456` (unless the previous `base-browser` branch includes changes not included in the previous `tor-browser` branch)
    
    92 104
       - [ ] rangediff: `git range-diff $(ESR_TAG_PREV)..$(TOR_BROWSER_BRANCH_PREV) $(ESR_TAG)..HEAD`
    
    93 105
         - example: `git range-dif FIREFOX_102_7_0esr_BUILD1..origin/tor-browser-102.7.0esr-12.0-1 FIREFOX_102_8_0esr_BUILD1..HEAD`
    
    94 106
     - [ ] Open MR for the `tor-browser` rebase
    
    ... ... @@ -97,4 +109,3 @@
    97 109
       - Tag : `tor-browser-$(ESR_VERSION)esr-$(BROWSER_MAJOR).$(BROWSER_MINOR)-1-build1`
    
    98 110
       - Message : `Tagging build1 for $(ESR_VERSION)esr-based stable`
    
    99 111
     - [ ] Push tag to `origin`
    100
    -

  • browser/app/profile/000-tor-browser.js
    ... ... @@ -30,8 +30,6 @@ pref("network.security.ports.banned", "", locked);
    30 30
     pref("network.dns.disabled", true); // This should cover the #5741 patch for DNS leaks
    
    31 31
     pref("network.http.max-persistent-connections-per-proxy", 256);
    
    32 32
     
    
    33
    -pref("browser.uiCustomization.state", "{\"placements\":{\"widget-overflow-fixed-list\":[],\"PersonalToolbar\":[\"personal-bookmarks\"],\"nav-bar\":[\"back-button\",\"forward-button\",\"stop-reload-button\",\"urlbar-container\",\"torbutton-button\",\"security-level-button\",\"new-identity-button\",\"downloads-button\"],\"TabsToolbar\":[\"tabbrowser-tabs\",\"new-tab-button\",\"alltabs-button\"],\"toolbar-menubar\":[\"menubar-items\"],\"PanelUI-contents\":[\"home-button\",\"edit-controls\",\"zoom-controls\",\"new-window-button\",\"save-page-button\",\"print-button\",\"bookmarks-menu-button\",\"history-panelmenu\",\"find-button\",\"preferences-button\",\"add-ons-button\",\"developer-button\"],\"addon-bar\":[\"addonbar-closebutton\",\"status-bar\"]},\"seen\":[\"developer-button\",\"_73a6fe31-595d-460b-a920-fcc0f8843232_-browser-action\"],\"dirtyAreaCache\":[\"PersonalToolbar\",\"nav-bar\",\"TabsToolbar\",\"toolbar-menubar\"],\"currentVersion\":14,\"newElementCount\":1}");
    
    34
    -
    
    35 33
     // Treat .onions as secure
    
    36 34
     pref("dom.securecontext.allowlist_onions", true);
    
    37 35
     
    

  • browser/app/profile/001-base-profile.js
    ... ... @@ -464,9 +464,6 @@ pref("intl.multilingual.downloadEnabled", false);
    464 464
     // Disk activity: Disable storage.sync (tor-browser#41424)
    
    465 465
     pref("webextensions.storage.sync.enabled", false);
    
    466 466
     
    
    467
    -// Toolbar layout
    
    468
    -pref("browser.uiCustomization.state", "{\"placements\":{\"widget-overflow-fixed-list\":[],\"PersonalToolbar\":[\"personal-bookmarks\"],\"nav-bar\":[\"back-button\",\"forward-button\",\"stop-reload-button\",\"urlbar-container\",\"security-level-button\",\"new-identity-button\",\"downloads-button\"],\"TabsToolbar\":[\"tabbrowser-tabs\",\"new-tab-button\",\"alltabs-button\"],\"toolbar-menubar\":[\"menubar-items\"],\"PanelUI-contents\":[\"home-button\",\"edit-controls\",\"zoom-controls\",\"new-window-button\",\"save-page-button\",\"print-button\",\"bookmarks-menu-button\",\"history-panelmenu\",\"find-button\",\"preferences-button\",\"add-ons-button\",\"developer-button\"],\"addon-bar\":[\"addonbar-closebutton\",\"status-bar\"]},\"seen\":[\"developer-button\"],\"dirtyAreaCache\":[\"PersonalToolbar\",\"nav-bar\",\"TabsToolbar\",\"toolbar-menubar\"],\"currentVersion\":14,\"newElementCount\":1}");
    
    469
    -
    
    470 467
     // Enforce certificate pinning, see: https://bugs.torproject.org/16206
    
    471 468
     pref("security.cert_pinning.enforcement_level", 2);
    
    472 469
     
    
    ... ... @@ -499,6 +496,10 @@ pref("browser.urlbar.suggest.topsites", false);
    499 496
     // is only reported via telemetry (which is disabled). See tor-browser#40048.
    
    500 497
     pref("corroborator.enabled", false);
    
    501 498
     
    
    499
    +// tor-browser#41417: do not allow live reload until we switch to Fluent and
    
    500
    +// stop using .textContent.
    
    501
    +pref("intl.multilingual.liveReload", false);
    
    502
    +
    
    502 503
     // Onboarding.
    
    503 504
     pref("browser.onboarding.tourset-version", 5);
    
    504 505
     pref("browser.onboarding.newtour", "welcome,privacy,tor-network-9.0,circuit-display,security,expect-differences,onion-services,learn-more");
    

  • browser/components/customizableui/CustomizableUI.jsm
    ... ... @@ -65,6 +65,16 @@ const kSubviewEvents = ["ViewShowing", "ViewHiding"];
    65 65
      */
    
    66 66
     var kVersion = 17;
    
    67 67
     
    
    68
    +/**
    
    69
    + * The current version for base browser.
    
    70
    + */
    
    71
    +var kVersionBaseBrowser = 1;
    
    72
    +
    
    73
    +/**
    
    74
    + * The current version for tor browser.
    
    75
    + */
    
    76
    +var kVersionTorBrowser = 1;
    
    77
    +
    
    68 78
     /**
    
    69 79
      * Buttons removed from built-ins by version they were removed. kVersion must be
    
    70 80
      * bumped any time a new id is added to this. Use the button id as key, and
    
    ... ... @@ -218,6 +228,8 @@ var CustomizableUIInternal = {
    218 228
         this._updateForNewVersion();
    
    219 229
         this._updateForNewProtonVersion();
    
    220 230
         this._markObsoleteBuiltinButtonsSeen();
    
    231
    +    this._updateForBaseBrowser();
    
    232
    +    this._updateForTorBrowser();
    
    221 233
     
    
    222 234
         this.registerArea(
    
    223 235
           CustomizableUI.AREA_FIXED_OVERFLOW_PANEL,
    
    ... ... @@ -236,10 +248,17 @@ var CustomizableUIInternal = {
    236 248
           Services.policies.isAllowed("removeHomeButtonByDefault")
    
    237 249
             ? null
    
    238 250
             : "home-button",
    
    239
    -      "spring",
    
    251
    +      // Don't want springs either side of the urlbar. tor-browser#41736
    
    240 252
           "urlbar-container",
    
    241
    -      "spring",
    
    242
    -      "save-to-pocket-button",
    
    253
    +      // save-to-pocket-button is entirely disabled. See tor-browser#18886 and
    
    254
    +      // tor-browser#31602.
    
    255
    +      // Base-browser additions tor-browser#41736. If you want to add to, remove
    
    256
    +      // from, or rearrange this list, then bump the kVersionBaseBrowser and
    
    257
    +      // update existing saved states in _updateForBaseBrowser.
    
    258
    +      // Or if the change is only meant for tor-browser, bump kVersionTorBrowser
    
    259
    +      // instead and update the existing saved states in _updateForTorBrowser.
    
    260
    +      "security-level-button",
    
    261
    +      "new-identity-button",
    
    243 262
           "downloads-button",
    
    244 263
           AppConstants.MOZ_DEV_EDITION ? "developer-button" : null,
    
    245 264
           "fxa-toolbar-menu-button",
    
    ... ... @@ -255,6 +274,10 @@ var CustomizableUIInternal = {
    255 274
           },
    
    256 275
           true
    
    257 276
         );
    
    277
    +    // navbarPlacements does not match the initial default XHTML layout.
    
    278
    +    // Therefore we always need to rebuild the navbar area when
    
    279
    +    // registerToolbarNode is called. tor-browser#41736
    
    280
    +    gDirtyAreaCache.add(CustomizableUI.AREA_NAVBAR);
    
    258 281
     
    
    259 282
         if (AppConstants.MENUBAR_CAN_AUTOHIDE) {
    
    260 283
           this.registerArea(
    
    ... ... @@ -687,6 +710,123 @@ var CustomizableUIInternal = {
    687 710
         }
    
    688 711
       },
    
    689 712
     
    
    713
    +  _updateForBaseBrowser() {
    
    714
    +    if (!gSavedState) {
    
    715
    +      // Use the defaults.
    
    716
    +      return;
    
    717
    +    }
    
    718
    +
    
    719
    +    const currentVersion = gSavedState.currentVersionBaseBrowser;
    
    720
    +
    
    721
    +    if (currentVersion < 1) {
    
    722
    +      // NOTE: In base-browser/tor-browser version 12.5a5, and earlier, the
    
    723
    +      // toolbar was configured by setting the full JSON string for the default
    
    724
    +      // "browser.uiCustomization.state" preference value. The disadvantage is
    
    725
    +      // that we could not update this value in a way that existing users (who
    
    726
    +      // would have non-default preference values) would also get the desired
    
    727
    +      // change (e.g. for adding or removing a button).
    
    728
    +      //
    
    729
    +      // With tor-browser#41736 we want to switch to changing the toolbar
    
    730
    +      // dynamically like firefox. Therefore, this first version transfer simply
    
    731
    +      // gets the toolbar into the same state we wanted before, away from the
    
    732
    +      // default firefox state.
    
    733
    +      //
    
    734
    +      // If an existing user state aligned with the previous default
    
    735
    +      // "browser.uiCustomization.state" then this shouldn't visibly change
    
    736
    +      // anything.
    
    737
    +      // If a user explicitly customized the toolbar to go back to the firefox
    
    738
    +      // default, then this may undo those changes.
    
    739
    +      const navbarPlacements =
    
    740
    +        gSavedState.placements[CustomizableUI.AREA_NAVBAR];
    
    741
    +      if (navbarPlacements) {
    
    742
    +        const getBeforeAfterUrlbar = () => {
    
    743
    +          // NOTE: The urlbar is non-removable from the navbar, so should have
    
    744
    +          // an index.
    
    745
    +          const index = navbarPlacements.indexOf("urlbar-container");
    
    746
    +          let after = index + 1;
    
    747
    +          if (
    
    748
    +            after < navbarPlacements.length &&
    
    749
    +            navbarPlacements[after] === "search-container"
    
    750
    +          ) {
    
    751
    +            // Skip past the search-container.
    
    752
    +            after++;
    
    753
    +          }
    
    754
    +          return { before: index - 1, after };
    
    755
    +        };
    
    756
    +
    
    757
    +        // Remove the urlbar springs either side of the urlbar.
    
    758
    +        const { before, after } = getBeforeAfterUrlbar();
    
    759
    +        if (
    
    760
    +          after < navbarPlacements.length &&
    
    761
    +          this.matchingSpecials(navbarPlacements[after], "spring")
    
    762
    +        ) {
    
    763
    +          // Remove the spring after.
    
    764
    +          navbarPlacements.splice(after, 1);
    
    765
    +          // NOTE: The `before` index does not change.
    
    766
    +        }
    
    767
    +        if (
    
    768
    +          before >= 0 &&
    
    769
    +          this.matchingSpecials(navbarPlacements[before], "spring")
    
    770
    +        ) {
    
    771
    +          // Remove the spring before.
    
    772
    +          navbarPlacements.splice(before, 1);
    
    773
    +        }
    
    774
    +
    
    775
    +        // Make sure the security-level-button and new-identity-button appears
    
    776
    +        // in the toolbar.
    
    777
    +        for (const id of ["new-identity-button", "security-level-button"]) {
    
    778
    +          let alreadyAdded = false;
    
    779
    +          for (const placements of Object.values(gSavedState.placements)) {
    
    780
    +            if (placements.includes(id)) {
    
    781
    +              alreadyAdded = true;
    
    782
    +              break;
    
    783
    +            }
    
    784
    +          }
    
    785
    +          if (alreadyAdded) {
    
    786
    +            continue;
    
    787
    +          }
    
    788
    +
    
    789
    +          // Add to the nav-bar, after the urlbar-container.
    
    790
    +          // NOTE: We have already removed the spring after the urlbar.
    
    791
    +          navbarPlacements.splice(getBeforeAfterUrlbar().after, 0, id);
    
    792
    +        }
    
    793
    +      }
    
    794
    +
    
    795
    +      // Remove save-to-pocket-button. See tor-browser#18886 and
    
    796
    +      // tor-browser#31602.
    
    797
    +      for (const placements of Object.values(gSavedState.placements)) {
    
    798
    +        let buttonIndex = placements.indexOf("save-to-pocket-button");
    
    799
    +        if (buttonIndex != -1) {
    
    800
    +          placements.splice(buttonIndex, 1);
    
    801
    +        }
    
    802
    +      }
    
    803
    +
    
    804
    +      // Remove unused fields that used to be part of
    
    805
    +      // "browser.uiCustomization.state".
    
    806
    +      delete gSavedState.placements["PanelUI-contents"];
    
    807
    +      delete gSavedState.placements["addon-bar"];
    
    808
    +    }
    
    809
    +  },
    
    810
    +
    
    811
    +  _updateForTorBrowser() {
    
    812
    +    if (!gSavedState) {
    
    813
    +      // Use the defaults.
    
    814
    +      return;
    
    815
    +    }
    
    816
    +
    
    817
    +    const currentVersion = gSavedState.currentVersionTorBrowser;
    
    818
    +
    
    819
    +    if (currentVersion < 1) {
    
    820
    +      // Remove torbutton-button, which no longer exists.
    
    821
    +      for (const placements of Object.values(gSavedState.placements)) {
    
    822
    +        let buttonIndex = placements.indexOf("torbutton-button");
    
    823
    +        if (buttonIndex != -1) {
    
    824
    +          placements.splice(buttonIndex, 1);
    
    825
    +        }
    
    826
    +      }
    
    827
    +    }
    
    828
    +  },
    
    829
    +
    
    690 830
       _placeNewDefaultWidgetsInArea(aArea) {
    
    691 831
         let futurePlacedWidgets = gFuturePlacements.get(aArea);
    
    692 832
         let savedPlacements =
    
    ... ... @@ -2501,6 +2641,14 @@ var CustomizableUIInternal = {
    2501 2641
           gSavedState.currentVersion = 0;
    
    2502 2642
         }
    
    2503 2643
     
    
    2644
    +    if (!("currentVersionBaseBrowser" in gSavedState)) {
    
    2645
    +      gSavedState.currentVersionBaseBrowser = 0;
    
    2646
    +    }
    
    2647
    +
    
    2648
    +    if (!("currentVersionTorBrowser" in gSavedState)) {
    
    2649
    +      gSavedState.currentVersionTorBrowser = 0;
    
    2650
    +    }
    
    2651
    +
    
    2504 2652
         gSeenWidgets = new Set(gSavedState.seen || []);
    
    2505 2653
         gDirtyAreaCache = new Set(gSavedState.dirtyAreaCache || []);
    
    2506 2654
         gNewElementCount = gSavedState.newElementCount || 0;
    
    ... ... @@ -2579,6 +2727,8 @@ var CustomizableUIInternal = {
    2579 2727
           seen: gSeenWidgets,
    
    2580 2728
           dirtyAreaCache: gDirtyAreaCache,
    
    2581 2729
           currentVersion: kVersion,
    
    2730
    +      currentVersionBaseBrowser: kVersionBaseBrowser,
    
    2731
    +      currentVersionTorBrowser: kVersionTorBrowser,
    
    2582 2732
           newElementCount: gNewElementCount,
    
    2583 2733
         };
    
    2584 2734
     
    

  • browser/components/extensions/parent/ext-browserAction.js
    ... ... @@ -193,6 +193,10 @@ this.browserAction = class extends ExtensionAPIPersistent {
    193 193
       }
    
    194 194
     
    
    195 195
       build() {
    
    196
    +    // The extension ID for NoScript (WebExtension)
    
    197
    +    const isNoScript =
    
    198
    +      this.extension.id === "{73a6fe31-595d-460b-a920-fcc0f8843232}";
    
    199
    +
    
    196 200
         let widget = CustomizableUI.createWidget({
    
    197 201
           id: this.id,
    
    198 202
           viewId: this.viewId,
    
    ... ... @@ -200,7 +204,11 @@ this.browserAction = class extends ExtensionAPIPersistent {
    200 204
           removable: true,
    
    201 205
           label: this.action.getProperty(null, "title"),
    
    202 206
           tooltiptext: this.action.getProperty(null, "title"),
    
    203
    -      defaultArea: browserAreas[this.action.getDefaultArea()],
    
    207
    +      // Do not want to add the NoScript extension to the toolbar by default.
    
    208
    +      // tor-browser#41736
    
    209
    +      defaultArea: isNoScript
    
    210
    +        ? null
    
    211
    +        : browserAreas[this.action.getDefaultArea()],
    
    204 212
           showInPrivateBrowsing: this.extension.privateBrowsingAllowed,
    
    205 213
     
    
    206 214
           // Don't attempt to load properties from the built-in widget string
    

  • browser/components/preferences/main.js
    ... ... @@ -1196,17 +1196,18 @@ var gMainPane = {
    1196 1196
         gMainPane.recordBrowserLanguagesTelemetry("reorder");
    
    1197 1197
     
    
    1198 1198
         switch (gMainPane.getLanguageSwitchTransitionType(newLocales)) {
    
    1199
    -      // tor-browser#41417: Always prompt for the restart, until we switch to
    
    1200
    -      // Fluent, since the current way we use to update languages does not allow
    
    1201
    -      // live-reload. We could also call showConfirmLanguageChangeMessageBar in
    
    1202
    -      // the official live-reload case, but the result is inconsistent and makes
    
    1203
    -      // handling the locales-match case harder.
    
    1204 1199
           case "requires-restart":
    
    1205
    -      case "live-reload":
    
    1206 1200
             // Prepare to change the locales, as they were different.
    
    1207 1201
             gMainPane.showConfirmLanguageChangeMessageBar(newLocales);
    
    1208 1202
             gMainPane.updatePrimaryBrowserLanguageUI(newLocales[0]);
    
    1209 1203
             break;
    
    1204
    +      case "live-reload":
    
    1205
    +        Services.locale.requestedLocales = newLocales;
    
    1206
    +        gMainPane.updatePrimaryBrowserLanguageUI(
    
    1207
    +          Services.locale.appLocaleAsBCP47
    
    1208
    +        );
    
    1209
    +        gMainPane.hideConfirmLanguageChangeMessageBar();
    
    1210
    +        break;
    
    1210 1211
           case "locales-match":
    
    1211 1212
             // They matched, so we can reset the UI.
    
    1212 1213
             gMainPane.updatePrimaryBrowserLanguageUI(
    
    ... ... @@ -1459,12 +1460,18 @@ var gMainPane = {
    1459 1460
         }
    
    1460 1461
     
    
    1461 1462
         switch (gMainPane.getLanguageSwitchTransitionType(selected)) {
    
    1462
    -      // tor-browser#41417: see onPrimaryBrowserLanguageMenuChange
    
    1463 1463
           case "requires-restart":
    
    1464
    -      case "live-reload":
    
    1465 1464
             gMainPane.showConfirmLanguageChangeMessageBar(selected);
    
    1466 1465
             gMainPane.updatePrimaryBrowserLanguageUI(selected[0]);
    
    1467 1466
             break;
    
    1467
    +      case "live-reload":
    
    1468
    +        Services.locale.requestedLocales = selected;
    
    1469
    +
    
    1470
    +        gMainPane.updatePrimaryBrowserLanguageUI(
    
    1471
    +          Services.locale.appLocaleAsBCP47
    
    1472
    +        );
    
    1473
    +        gMainPane.hideConfirmLanguageChangeMessageBar();
    
    1474
    +        break;
    
    1468 1475
           case "locales-match":
    
    1469 1476
             // They matched, so we can reset the UI.
    
    1470 1477
             gMainPane.updatePrimaryBrowserLanguageUI(
    

  • browser/themes/shared/icons/new_circuit.svg
    1
    -<svg width="16px" height="16px" viewBox="0 0 16 16" version="1.1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink">
    
    2
    -    <g stroke="none" stroke-width="1" fill="context-fill" fill-rule="evenodd" opacity="context-fill-opacity">
    
    3
    -        <path d="m10.707 6h3.993l.3-.3v-3.993c.0002-.09902-.0291-.19586-.084-.27825s-.1331-.14661-.2245-.18453c-.0915-.03792-.1922-.04782-.2893-.02845-.0971.01936-.1863.06713-.2562.13723l-1.459 1.459c-1.2817-1.16743-2.95335-1.813714-4.687-1.812-3.859 0-7 3.141-7 7s3.141 7 7 7c1.74123.007 3.422-.6379 4.7116-1.8079 1.2896-1.1701 2.0945-2.7804 2.2564-4.5141.0156-.1649-.0348-.32927-.1401-.4571s-.2571-.2087-.4219-.2249c-.1644-.01324-.3275.03801-.4548.1429s-.2088.2552-.2272.4191c-.1334 1.42392-.7948 2.7464-1.854 3.7072-1.0593.9609-2.43986 1.4905-3.87 1.4848-3.171 0-5.75-2.579-5.75-5.75s2.579-5.75 5.75-5.75c1.40277-.00207 2.7572.5123 3.805 1.445l-1.451 1.451c-.07.06987-.1178.15895-.1372.25597-.0194.09701-.0096.1976.0282.28903.0378.09144.1019.1696.1841.22461.0823.055.179.08437.2779.08439z"/>
    
    4
    -        <path d="m8 12.5c-2.48528 0-4.5-2.0147-4.5-4.5 0-2.48528 2.01472-4.5 4.5-4.5z"/>
    
    5
    -    </g>
    
    1
    +<svg width="16" height="16" viewBox="0 0 16 16" fill="none" xmlns="http://www.w3.org/2000/svg">
    
    2
    +<path fill-rule="evenodd" clip-rule="evenodd" d="M10.5994 2.89744C9.52191 2.34851 8.2983 2.15477 7.10392 2.34398C6.64247 2.41708 6.19453 2.5459 5.76923 2.72578C5.82159 2.91042 5.84961 3.10529 5.84961 3.3067C5.84961 4.48031 4.89821 5.4317 3.72461 5.4317C2.551 5.4317 1.59961 4.48031 1.59961 3.3067C1.59961 2.1331 2.551 1.1817 3.72461 1.1817C4.23757 1.1817 4.70808 1.36346 5.07525 1.66608C5.65429 1.3987 6.27072 1.21038 6.90834 1.10937C8.36342 0.878863 9.85413 1.11489 11.1668 1.78364C12.4795 2.45239 13.5468 3.51953 14.2158 4.83212C14.8848 6.14471 15.121 7.63538 14.8907 9.0905C14.8368 9.43143 14.5167 9.66408 14.1757 9.61013C13.8348 9.55617 13.6022 9.23605 13.6561 8.89511C13.8451 7.70071 13.6512 6.47713 13.1021 5.39971C12.553 4.3223 11.6769 3.44636 10.5994 2.89744ZM4.64961 3.3067C4.64961 3.81756 4.23547 4.2317 3.72461 4.2317C3.21375 4.2317 2.79961 3.81756 2.79961 3.3067C2.79961 2.79584 3.21375 2.3817 3.72461 2.3817C4.23547 2.3817 4.64961 2.79584 4.64961 3.3067Z" fill="context-fill"/>
    
    3
    +<path fill-rule="evenodd" clip-rule="evenodd" d="M1.82421 6.38991C2.16514 6.44387 2.39779 6.76399 2.34383 7.10492C2.15482 8.29933 2.34875 9.52291 2.89785 10.6003C3.44695 11.6777 4.32303 12.5537 5.40053 13.1026C6.47803 13.6515 7.70165 13.8453 8.89602 13.6561C9.35628 13.5831 9.8031 13.4548 10.2274 13.2757C10.1734 13.0884 10.1445 12.8906 10.1445 12.686C10.1445 11.5124 11.0959 10.561 12.2695 10.561C13.4431 10.561 14.3945 11.5124 14.3945 12.686C14.3945 13.8596 13.4431 14.811 12.2695 14.811C11.7602 14.811 11.2927 14.6318 10.9267 14.333C10.3471 14.6009 9.72997 14.7895 9.0916 14.8907C7.63652 15.1212 6.14581 14.8851 4.83311 14.2164C3.52042 13.5476 2.45311 12.4805 1.78415 11.1679C1.11519 9.85533 0.878921 8.36466 1.1092 6.90954C1.16315 6.56861 1.48327 6.33596 1.82421 6.38991ZM13.1945 12.686C13.1945 13.1968 12.7804 13.611 12.2695 13.611C11.7587 13.611 11.3445 13.1968 11.3445 12.686C11.3445 12.1751 11.7587 11.761 12.2695 11.761C12.7804 11.761 13.1945 12.1751 13.1945 12.686Z" fill="context-fill"/>
    
    6 4
     </svg>

  • security/manager/ssl/StaticHPKPins.h
    ... ... @@ -451,6 +451,14 @@ static const StaticFingerprints kPinset_tor = {
    451 451
       kPinset_tor_Data
    
    452 452
     };
    
    453 453
     
    
    454
    +static const char* const kPinset_tor_browser_Data[] = {
    
    455
    +  kISRG_Root_X1Fingerprint,
    
    456
    +};
    
    457
    +static const StaticFingerprints kPinset_tor_browser = {
    
    458
    +  sizeof(kPinset_tor_browser_Data) / sizeof(const char*),
    
    459
    +  kPinset_tor_browser_Data
    
    460
    +};
    
    461
    +
    
    454 462
     static const char* const kPinset_twitterCom_Data[] = {
    
    455 463
       kGOOGLE_PIN_VeriSignClass2_G2Fingerprint,
    
    456 464
       kGOOGLE_PIN_VeriSignClass3_G2Fingerprint,
    
    ... ... @@ -619,6 +627,7 @@ static const TransportSecurityPreload kPublicKeyPinningPreloadList[] = {
    619 627
       { "blogger.com", true, false, false, -1, &kPinset_google_root_pems },
    
    620 628
       { "blogspot.com", true, false, false, -1, &kPinset_google_root_pems },
    
    621 629
       { "br.search.yahoo.com", false, true, false, -1, &kPinset_yahoo },
    
    630
    +  { "bridges.torproject.org", false, false, false, -1, &kPinset_tor_browser },
    
    622 631
       { "bugs.chromium.org", true, false, false, -1, &kPinset_google_root_pems },
    
    623 632
       { "build.chromium.org", true, false, false, -1, &kPinset_google_root_pems },
    
    624 633
       { "business.facebook.com", true, false, false, -1, &kPinset_facebook },