[tor-commits] [Git][tpo/applications/tor-browser][base-browser-115.3.0esr-13.0-1] Deleted 112 commits: Bug 41649: Create rebase and security backport gitlab issue templates

Pier Angelo Vendrame pushed to branch base-browser-115.3.0esr-13.0-1 at The Tor Project / Applications / Tor Browser

WARNING: The push did not contain any new commits, but force pushed to delete the commits and changes below.

Deleted commits: 327cf983 by Richard Pospesel at 2023-09-19T17:52:50+02:00 Bug 41649: Create rebase and security backport gitlab issue templates

- - - - - b69c7d5f by Pier Angelo Vendrame at 2023-09-19T17:52:50+02:00 fixup! Bug 41649: Create rebase and security backport gitlab issue templates

Add a step to make the default branch and add how to find a tag when it does not exist yet.

- - - - - d1b97543 by Richard Pospesel at 2023-09-19T17:52:51+02:00 Bug 41089: Add tor-browser build scripts + Makefile to tor-browser

- - - - - 77222733 by clairehurst at 2023-09-19T17:52:51+02:00 fixup! Bug 41089: Add tor-browser build scripts + Makefile to tor-browser

Bug 42035: Update tools/torbrowser/ scripts to support macOS dev environment

- - - - - 51270bfe by Henry Wilkes at 2023-09-19T17:52:51+02:00 Bug 41803: Add some developer tools for working on tor-browser.

- - - - - 1e9e56f3 by Kathy Brade at 2023-09-19T17:52:52+02:00 Bug 11641: Disable remoting by default.

Unless the -osint command line flag is used, the browser now defaults to the equivalent of -no-remote. There is a new -allow-remote flag that may be used to restore the original (Firefox-like) default behavior.

- - - - - 132220dd by Alex Catarineu at 2023-09-19T17:52:53+02:00 Add TorStrings module for localization

- - - - - 8ff432b2 by Henry Wilkes at 2023-09-19T17:52:53+02:00 fixup! Add TorStrings module for localization

Bug 41333: Stop using aboutTor.dtd. No longer use aboutTBUpdate strings in about:tor.

- - - - - 1ff30999 by Pier Angelo Vendrame at 2023-09-19T17:52:54+02:00 fixup! Add TorStrings module for localization

Marked tor_controlconn_failed as a 12.5-only

- - - - - 7f4e82d7 by Henry Wilkes at 2023-09-19T17:52:54+02:00 fixup! Add TorStrings module for localization

Bug 42091: Remove authPrompt "Learn More" href from TorStrings.

- - - - - 7c71e255 by Henry Wilkes at 2023-09-19T17:52:55+02:00 Tor Browser strings

This commit adds all the strings needed for Tor Browser patches.

- - - - - b470bbf8 by Henry Wilkes at 2023-09-19T17:52:55+02:00 Tor Browser localization migration scripts.

- - - - - 94fc57f0 by Mike Perry at 2023-09-19T17:52:56+02:00 Bug 2176: Rebrand Firefox to TorBrowser

See also Bugs #5194, #7187, #8115, #8219.

This patch does some basic renaming of Firefox to TorBrowser. The rest of the branding is done by images and icons.

Also fix bug 27905.

Bug 25702: Update Tor Browser icon to follow design guidelines

- Updated all of the branding in /browser/branding/official with new 'stable' icon series. - Updated /extensions/onboarding/content/img/tor-watermark.png with new icon and add the source svg in the same directory - Copied /browser/branding/official over /browser/branding/nightly and the new /browser/branding/alpha directories. Replaced content with 'nightly' and 'alpha' icon series. Updated VisualElements_70.png and VisualElements_150.png with updated icons in each branding directory (fixes #22654) - Updated firefox.VisualElementsManfiest.xml with updated colors in each branding directory - Added firefox.svg to each branding directory from which all the other icons are derived (apart from document.icns and document.ico) - Added default256.png and default512.png icons - Updated aboutTBUpdate.css to point to branding-aware icon128.png and removed original icon - Use the Tor Browser icon within devtools/client/themes/images/.

Bug 30631: Blurry Tor Browser icon on macOS app switcher

It would seem the png2icns tool does not generate correct icns files and so on macOS the larger icons were missing resulting in blurry icons in the OS chrome. Regenerated the padded icons in a macOS VM using iconutil.

Bug 28196: preparations for using torbutton tor-browser-brand.ftl

A small change to Fluent FileSource class is required so that we can register a new source without its supported locales being counted as available locales for the browser.

Bug 31803: Replaced about:debugging logo with flat version

Bug 21724: Make Firefox and Tor Browser distinct macOS apps

When macOS opens a document or selects a default browser, it sometimes uses the CFBundleSignature. Changing from the Firefox MOZB signature to a different signature TORB allows macOS to distinguish between Firefox and Tor Browser.

Bug 32092: Fix Tor Browser Support link in preferences

For bug 40562, we moved onionPattern* from bug 27476 to here, as about:tor needs these files but it is included earlier.

Bug 41278: Create Tor Browser styled pdf logo similar to the vanilla Firefox one

- - - - - 7119926f by Henry Wilkes at 2023-09-19T17:52:56+02:00 fixup! Bug 2176: Rebrand Firefox to TorBrowser

Bug 41333: Add a branding svg logo.

Copied from branding/tb-<version>/firefox.svg.

- - - - - db61f42c by Henry Wilkes at 2023-09-19T17:52:57+02:00 squash! Bug 2176: Rebrand Firefox to TorBrowser

Bug 42088: New application icons (used in-app and on linux).

- - - - - bc0fcb88 by Henry Wilkes at 2023-09-19T17:52:58+02:00 fixup! Bug 2176: Rebrand Firefox to TorBrowser

Bug 41957: Use full tor browser icon for site identity button for internal pages.

Also remove colors in tor-styles.css.

- - - - - 71268b41 by Pier Angelo Vendrame at 2023-09-19T17:52:58+02:00 fixup! Bug 2176: Rebrand Firefox to TorBrowser

Bug 42078: Update macOS icons

- - - - - 4caa911d by sanketh at 2023-09-19T17:52:59+02:00 Bug 40209: Implement Basic Crypto Safety

Adds a CryptoSafety actor which detects when you've copied a crypto address from a HTTP webpage and shows a warning.

Closes #40209.

Bug 40428: Fix string attribute names

- - - - - da75a72f by Mike Perry at 2023-09-19T17:52:59+02:00 TB3: Tor Browser's official .mozconfigs.

Also: Add an --enable-tor-browser-data-outside-app-dir configure option

Add --with-tor-browser-version configure option

Bug 31457: disable per-installation profiles

The dedicated profiles (per-installation) feature does not interact well with our bundled profiles on Linux and Windows, and it also causes multiple profiles to be created on macOS under TorBrowser-Data.

Bug 31935: Disable profile downgrade protection.

Since Tor Browser does not support more than one profile, disable the prompt and associated code that offers to create one when a version downgrade situation is detected.

Add --enable-tor-browser-update build option

Bug 40793: moved Tor configuration options from old-configure.in to moz.configure

Bug 41584: Move some configuration options to base-browser level

- - - - - 8471c1f7 by clairehurst at 2023-09-19T17:53:00+02:00 fixup! TB3: Tor Browser's official .mozconfigs.

Bug 42035: update mozconfig for macos development

- - - - - 144cb398 by Henry Wilkes at 2023-09-19T17:53:00+02:00 Bug 41340: Enable TOR_BROWSER_NIGHTLY_BUILD features for dev and nightly builds

tor-browser#41285: Enable fluent warnings.

- - - - - 9e917c2c by Pier Angelo Vendrame at 2023-09-19T17:53:01+02:00 Bug 40562: Added Tor Browser preferences to 000-tor-browser.js

Before reordering patches, we used to keep the Tor-related patches (torbutton and tor-launcher) at the beginning. After that issue, we decided to move them towards the end.

In addition to that, we have decided to move Tor Browser-only preferences there, too, to make Base Browser-only fixups easier to apply.

- - - - - beb27b9f by Henry Wilkes at 2023-09-19T17:53:01+02:00 fixup! Bug 40562: Added Tor Browser preferences to 000-tor-browser.js

Bug 41333: Remove TorCheckService.

- - - - - 885549c5 by Richard Pospesel at 2023-09-19T17:53:02+02:00 fixup! Bug 40562: Added Tor Browser preferences to 000-tor-browser.js

- - - - - 510e84ea by Henry Wilkes at 2023-09-19T17:53:04+02:00 fixup! Bug 40562: Added Tor Browser preferences to 000-tor-browser.js

Bug 41906: Lock network.trr.mode to be explicitly off.

- - - - - 8b79c605 by Pier Angelo Vendrame at 2023-09-19T17:53:04+02:00 Bug 13252: Customize profile management on macOS

On macOS we allow both portable mode and system installation. However, in the latter case, we customize Firefox's directories to match the hierarchy we use for the portable mode.

Also, display an informative error message if the TorBrowser-Data directory cannot be created due to an "access denied" or a "read only volume" error.

- - - - - de89d30e by Pier Angelo Vendrame at 2023-09-19T17:53:05+02:00 Bug 40933: Add tor-launcher functionality

Bug 41926: Reimplement the control port

- - - - - 2f6eb3b8 by Henry Wilkes at 2023-09-19T17:53:05+02:00 fixup! fixup! Bug 40933: Add tor-launcher functionality

Bug 41333: Remove TorCheckService.

- - - - - 83c00801 by Pier Angelo Vendrame at 2023-09-19T17:53:06+02:00 fixup! Bug 40933: Add tor-launcher functionality

Deleted old stuff, unified TorController with ControlSocket, simplified everything (e.g., do not use the dispatcher anymore, just call stuff directly or use a much simpler map).

- - - - - 6f78826f by Pier Angelo Vendrame at 2023-09-19T17:53:06+02:00 fixup! Bug 40933: Add tor-launcher functionality

Use `#` instead of `_` for private things here and there, to make reviewing the changes easier.

- - - - - e82c6f9a by Pier Angelo Vendrame at 2023-09-19T17:53:07+02:00 fixup! Bug 40933: Add tor-launcher functionality

Shuffle code here and there, so that it's feasible to check that nothing actually changed with `git diff --color-moved`.

- - - - - acc4e6c8 by Pier Angelo Vendrame at 2023-09-19T17:53:07+02:00 fixup! Bug 40933: Add tor-launcher functionality

Further refactors/improvements.

- - - - - df87cd7c by Pier Angelo Vendrame at 2023-09-19T17:53:08+02:00 fixup! Bug 40933: Add tor-launcher functionality

Refactored the settings reading, the first connection and events setup.

- - - - - 45e1dd66 by Pier Angelo Vendrame at 2023-09-19T17:53:08+02:00 fixup! Bug 40933: Add tor-launcher functionality

Moved the control port parsing for asynchronous events from TorProvider to TorControlPort.

- - - - - ed0f19a9 by Pier Angelo Vendrame at 2023-09-19T17:53:09+02:00 fixup! Bug 40933: Add tor-launcher functionality

Bug 41986: Fix the control port password handling

- - - - - a65669a5 by Pier Angelo Vendrame at 2023-09-19T17:53:09+02:00 fixup! Bug 40933: Add tor-launcher functionality

- - - - - 5cd0b1e3 by Pier Angelo Vendrame at 2023-09-19T17:53:10+02:00 fixup! Bug 40933: Add tor-launcher functionality

Second chunk of changes requested during the review.

- - - - - 3909206e by Pier Angelo Vendrame at 2023-09-19T17:53:11+02:00 fixup! Bug 40933: Add tor-launcher functionality

Change the provider buidler to make build async and other fixes.

- - - - - 5f7787be by Pier Angelo Vendrame at 2023-09-19T17:53:11+02:00 fixup! Bug 40933: Add tor-launcher functionality

Make the restart case stronger.

- - - - - 34403ea2 by Pier Angelo Vendrame at 2023-09-19T17:53:12+02:00 fixup! Bug 40933: Add tor-launcher functionality

Move the restart to the ProviderBuilder.

- - - - - 8645a190 by Pier Angelo Vendrame at 2023-09-19T17:53:12+02:00 fixup! Bug 40933: Add tor-launcher functionality

Addressed more requests from the review, and added documentation.

- - - - - 8db51876 by Pier Angelo Vendrame at 2023-09-19T17:53:12+02:00 fixup! Bug 40933: Add tor-launcher functionality

Bug 42102: Fix checkPort in TorProcess

- - - - - 4e6197f5 by Richard Pospesel at 2023-09-19T17:53:13+02:00 Bug 40597: Implement TorSettings module

- migrated in-page settings read/write implementation from about:preferences#tor to the TorSettings module - TorSettings initially loads settings from the tor daemon, and saves them to firefox prefs - TorSettings notifies observers when a setting has changed; currently only QuickStart notification is implemented for parity with previous preference notify logic in about:torconnect and about:preferences#tor - about:preferences#tor, and about:torconnect now read and write settings thorugh the TorSettings module - all tor settings live in the torbrowser.settings.* preference branch - removed unused pref modify permission for about:torconnect content page from AsyncPrefs.jsm

Bug 40645: Migrate Moat APIs to Moat.jsm module

- - - - - f44ef500 by Pier Angelo Vendrame at 2023-09-19T17:53:13+02:00 fixup! Bug 40597: Implement TorSettings module

Workaround for a race condition.

- - - - - d7549479 by Pier Angelo Vendrame at 2023-09-19T17:53:14+02:00 fixup! Bug 40597: Implement TorSettings module

The provider building is now async.

- - - - - 402ad307 by Pier Angelo Vendrame at 2023-09-19T17:53:15+02:00 fixup! Bug 40597: Implement TorSettings module

Set the state back to Configure when the tor process exits, and disable qiuckstart. We should also show the "Not Connected" pill again.

- - - - - b5aa34c8 by Arthur Edelstein at 2023-09-19T17:53:15+02:00 Bug 3455: Add DomainIsolator, for isolating circuit by domain.

Add an XPCOM component that registers a ProtocolProxyChannelFilter which sets the username/password for each web request according to url bar domain.

Bug 9442: Add New Circuit button

Bug 13766: Set a 10 minute circuit dirty timeout for the catch-all circ.

Bug 19206: Include a 128 bit random tag as part of the domain isolator nonce.

Bug 19206: Clear out the domain isolator state on `New Identity`.

Bug 21201.2: Isolate by firstPartyDomain from OriginAttributes

Bug 21745: Fix handling of catch-all circuit

Bug 41741: Refactor the domain isolator and new circuit

- - - - - 36278c1a by cypherpunks1 at 2023-09-19T17:53:16+02:00 fixup! Bug 3455: Add DomainIsolator, for isolating circuit by domain.

Bug 40175: Use first-party isolation on reader view

- - - - - 860c94e1 by Pier Angelo Vendrame at 2023-09-19T17:53:16+02:00 fixup! Bug 3455: Add DomainIsolator, for isolating circuit by domain.

The provider building is now async.

- - - - - 548ccc94 by Henry Wilkes at 2023-09-19T17:53:16+02:00 Bug 41600: Add a tor circuit display panel.

- - - - - 4f8016ca by cypherpunks1 at 2023-09-19T17:53:17+02:00 fixup! Bug 41600: Add a tor circuit display panel.

Bug 40175: Support circuit display on about:reader

- - - - - 356932d8 by Richard Pospesel at 2023-09-19T17:53:17+02:00 fixup! Bug 41600: Add a tor circuit display panel.

Bug 41865: Use --text-color-deemphasized rather than --panel-description-color

- - - - - 2973fbe3 by Henry Wilkes at 2023-09-19T17:53:18+02:00 fixup! Bug 41600: Add a tor circuit display panel.

Bug 42045: Allow circuit panel to grow in width for long addresses.

- - - - - 38886199 by Henry Wilkes at 2023-09-19T17:53:21+02:00 fixup! Bug 41600: Add a tor circuit display panel.

Bug 41980: Center-align the circuit heading.

- - - - - 0507161c by Henry Wilkes at 2023-09-19T17:53:21+02:00 fixup! Bug 41600: Add a tor circuit display panel.

Bug 42091: Use TorUIUtils to shorten the onion address.

- - - - - 15fa681a by hackademix at 2023-09-19T17:53:22+02:00 Bug 8324: Prevent DNS proxy bypasses caused by Drag&Drop

Bug 41613: Skip Drang & Drop filtering for DNS-safe URLs

- - - - - 42138254 by Amogh Pradeep at 2023-09-19T17:53:22+02:00 Orfox: Centralized proxy applied to AbstractCommunicator and BaseResources.

See Bug 1357997 for partial uplift.

Also: Bug 28051 - Use our Orbot for proxying our connections

Bug 31144 - ESR68 Network Code Review

- - - - - 508c1958 by Matthew Finkel at 2023-09-19T17:53:23+02:00 Bug 25741: TBA: Disable GeckoNetworkManager

The browser should not need information related to the network interface or network state, tor should take care of that.

- - - - - 993ff8fa by Kathy Brade at 2023-09-19T17:53:23+02:00 Bug 14631: Improve profile access error messages.

Instead of always reporting that the profile is locked, display specific messages for "access denied" and "read-only file system".

To allow for localization, get profile-related error strings from Torbutton. Use app display name ("Tor Browser") in profile-related error alerts.

- - - - - 62399654 by Pier Angelo Vendrame at 2023-09-19T17:53:23+02:00 Bug 40807: Added QRCode.js to toolkit/modules

- - - - - c15a7936 by Richard Pospesel at 2023-09-19T17:53:24+02:00 Bug 31286: Implementation of bridge, proxy, and firewall settings in about:preferences#connection

This patch adds a new about:preferences#connection page which allows modifying bridge, proxy, and firewall settings from within Tor Browser. All of the functionality present in tor-launcher's Network Configuration panel is present:

- Setting built-in bridges - Requesting bridges from BridgeDB via moat - Using user-provided bridges - Configuring SOCKS4, SOCKS5, and HTTP/HTTPS proxies - Setting firewall ports - Viewing and Copying Tor's logs - The Networking Settings in General preferences has been removed

Bug 40774: Update about:preferences page to match new UI designs

- - - - - 74bdf570 by Richard Pospesel at 2023-09-19T17:53:24+02:00 fixup! Bug 31286: Implementation of bridge, proxy, and firewall settings in about:preferences#connection

Bug 41977: Hide the 'Learn more' link in bridge cards

- - - - - 53d77950 by Henry Wilkes at 2023-09-19T17:53:25+02:00 fixup! Bug 31286: Implementation of bridge, proxy, and firewall settings in about:preferences#connection

Bug 41812: Stop using -moz-box-flex

Fixes: Bug 41904: Connection settings now inputs at full width. Bug 41821: Tor logs now expand with dialog.

- - - - - bd927112 by Henry Wilkes at 2023-09-19T17:53:26+02:00 fixup! Bug 31286: Implementation of bridge, proxy, and firewall settings in about:preferences#connection

Bug 42047: Remove sizing hacks for tor dialogs. We can just wait until DOMContentLoaded to call _populateXUL. Then the subDialog code will take care of the sizing for us.

- - - - - 9edf966b by Henry Wilkes at 2023-09-19T17:53:26+02:00 fixup! Bug 31286: Implementation of bridge, proxy, and firewall settings in about:preferences#connection

Bug 41651: Use moz-toggle for enable-bridges switch.

- - - - - da664169 by Richard Pospesel at 2023-09-19T17:53:27+02:00 fixup! Bug 31286: Implementation of bridge, proxy, and firewall settings in about:preferences#connection

Bug 41974: De-emphasized text in custom components is no longer gray in 13.0 alpha

- - - - - 97658076 by Pier Angelo Vendrame at 2023-09-19T17:53:27+02:00 fixup! Bug 31286: Implementation of bridge, proxy, and firewall settings in about:preferences#connection

The provider building is now async.

- - - - - be0507a1 by henry at 2023-09-19T17:53:28+02:00 fixup! Bug 31286: Implementation of bridge, proxy, and firewall settings in about:preferences#connection

Added some error handling for the cases in which the Tor provider failed to build.

- - - - - c126645c by Richard Pospesel at 2023-09-19T17:53:28+02:00 Bug 27476: Implement about:torconnect captive portal within Tor Browser

- implements new about:torconnect page as tor-launcher replacement - adds new torconnect component to browser - tor process management functionality remains implemented in tor-launcher through the TorProtocolService module - adds warning/error box to about:preferences#tor when not connected to tor

Bug 40773: Update the about:torconnect frontend page to match additional UI flows.

Bug 41608: Add a toolbar status button and a urlbar "Connect" button.

- - - - - 0202ab19 by Pier Angelo Vendrame at 2023-09-19T17:53:29+02:00 fixup! Bug 27476: Implement about:torconnect captive portal within Tor Browser

Fixed another race condition and moved to ES modules while I was touching this code.

- - - - - 5911c55f by Henry Wilkes at 2023-09-19T17:53:29+02:00 fixup! Bug 27476: Implement about:torconnect captive portal within Tor Browser

Bug 42079: Support moving out of the TorConnectState.Bootsrapped state for gTorConnectTitlebarStatus and gTorConnectUrlbarButton.

- - - - - 490e2a63 by Henry Wilkes at 2023-09-19T17:53:30+02:00 Bug 7494: Create local home page for TBB.

Bug 41333: Update about:tor to new design. Including: + make the favicon match the branding icon. + make the location bar show a search icon.

- - - - - 04123f41 by Henry Wilkes at 2023-09-19T17:53:30+02:00 fixup! Bug 7494: Create local home page for TBB.

Bug 41333: Remove TorCheckService.

- - - - - eef1671d by Henry Wilkes at 2023-09-19T17:53:31+02:00 fixup! Bug 7494: Create local home page for TBB.

Bug 42075: Increase inline margin for the message links in about:tor.

Also increase the end margin of the emoji icon.

- - - - - 68b2d132 by Henry Wilkes at 2023-09-19T17:53:32+02:00 fixup! Bug 7494: Create local home page for TBB.

Bug 42073: Add onion pattern to about:tor background.

- - - - - 29904003 by Arthur Edelstein at 2023-09-19T17:53:32+02:00 Bug 12620: TorBrowser regression tests

Regression tests for Bug #2950: Make Permissions Manager memory-only

Regression tests for TB4: Tor Browser's Firefox preference overrides.

Note: many more functional tests could be made here

Regression tests for #2874: Block Components.interfaces from content

Bug 18923: Add a script to run all Tor Browser specific tests

Regression tests for Bug #16441: Suppress "Reset Tor Browser" prompt.

- - - - - 4d2619ef by Pier Angelo Vendrame at 2023-09-19T17:53:33+02:00 Bug 41668: Tweaks to the Base Browser updater for Tor Browser

This commit was once part of "Bug 4234: Use the Firefox Update Process for Tor Browser.". However, some parts of it were not needed for Base Browser and some derivative browsers. Therefore, we extracted from that commit the parts for Tor Browser legacy, and we add them back to the patch set with this commit.

- - - - - fc8c490d by Pier Angelo Vendrame at 2023-09-19T17:53:33+02:00 fixup! Bug 41668: Tweaks to the Base Browser updater for Tor Browser

The provider building is now async.

- - - - - 5c8ce95c by Kathy Brade at 2023-09-19T17:53:34+02:00 Bug 12647: Support symlinks in the updater.

- - - - - 7af4c5b4 by Kathy Brade at 2023-09-19T17:53:34+02:00 Bug 19121: reinstate the update.xml hash check

This is a partial revert of commit f1241db6986e4b54473a1ed870f7584c75d51122.

Revert most changes from Mozilla Bug 862173 "don't verify mar file hash when using mar signing to verify the mar file (lessens main thread I/O)."

We kept the addition to the AppConstants API in case other JS code references it in the future.

- - - - - 2eab30bc by Kathy Brade at 2023-09-19T17:53:35+02:00 Bug 16940: After update, load local change notes.

Add an about:tbupdate page that displays the first section from TorBrowser/Docs/ChangeLog.txt and includes a link to the remote post-update page (typically our blog entry for the release).

Always load about:tbupdate in a content process, but implement the code that reads the file system (changelog) in the chrome process for compatibility with future sandboxing efforts.

Also fix bug 29440. Now about:tbupdate is styled as a fairly simple changelog page that is designed to be displayed via a link that is on about:tor.

- - - - - d25a7b17 by Pier Angelo Vendrame at 2023-09-19T17:53:38+02:00 fixup! Bug 16940: After update, load local change notes.

Remove the doubled and unused aboutTBUpdate.dtd

- - - - - 0d1302b6 by Georg Koppen at 2023-09-19T17:53:38+02:00 Bug 32658: Create a new MAR signing key

It's time for our rotation again: Move the backup key in the front position and add a new backup key.

Bug 33803: Move our primary nightly MAR signing key to tor-browser

Bug 33803: Add a secondary nightly MAR signing key

- - - - - 78ec020d by Mike Perry at 2023-09-19T17:53:39+02:00 Omnibox: Add DDG, Startpage, Disconnect, Youtube, Twitter; remove Amazon, eBay, bing

eBay and Amazon don't treat Tor users very well. Accounts often get locked and payments reversed.

Also: Bug 16322: Update DuckDuckGo search engine

We are replacing the clearnet URL with an onion service one (thanks to a patch by a cypherpunk) and are removing the duplicated DDG search engine. Duplicating DDG happend due to bug 1061736 where Mozilla included DDG itself into Firefox. Interestingly, this caused breaking the DDG search if JavaScript is disabled as the Mozilla engine, which gets loaded earlier, does not use the html version of the search page. Moreover, the Mozilla engine tracked where the users were searching from by adding a respective parameter to the search query. We got rid of that feature as well.

Also: This fixes bug 20809: the DuckDuckGo team has changed its server-side code in a way that lets users with JavaScript enabled use the default landing page while those without JavaScript available get redirected directly to the non-JS page. We adapt the search engine URLs accordingly.

Also fixes bug 29798 by making sure we only specify the Google search engine we actually ship an .xml file for.

Also regression tests.

squash! Omnibox: Add DDG, Startpage, Disconnect, Youtube, Twitter; remove Amazon, eBay, bing

Bug 40494: Update Startpage search provider

squash! Omnibox: Add DDG, Startpage, Disconnect, Youtube, Twitter; remove Amazon, eBay, bing

Bug 40438: Add Blockchair as a search engine

Bug 33342: Avoid disconnect search addon error after removal.

We removed the addon in #32767, but it was still being loaded from addonStartup.json.lz4 and throwing an error on startup because its resource: location is not available anymore.

- - - - - 395eccd6 by Alex Catarineu at 2023-09-19T17:53:39+02:00 Bug 40073: Disable remote Public Suffix List fetching

In https://bugzilla.mozilla.org/show_bug.cgi?id=1563246 Firefox implemented fetching the Public Suffix List via RemoteSettings and replacing the default one at runtime, which we do not want.

- - - - - 7216971e by Henry Wilkes at 2023-09-19T17:53:40+02:00 Bug 41906: Hide DNS over HTTPS preferences.

- - - - - 4c0b36c2 by Richard Pospesel at 2023-09-19T17:53:40+02:00 Bug 23247: Communicating security expectations for .onion

Encrypting pages hosted on Onion Services with SSL/TLS is redundant (in terms of hiding content) as all traffic within the Tor network is already fully encrypted. Therefore, serving HTTP pages from an Onion Service is more or less fine.

Prior to this patch, Tor Browser would mostly treat pages delivered via Onion Services as well as pages delivered in the ordinary fashion over the internet in the same way. This created some inconsistencies in behaviour and misinformation presented to the user relating to the security of pages delivered via Onion Services:

- HTTP Onion Service pages did not have any 'lock' icon indicating the site was secure - HTTP Onion Service pages would be marked as unencrypted in the Page Info screen - Mixed-mode content restrictions did not apply to HTTP Onion Service pages embedding Non-Onion HTTP content

This patch fixes the above issues, and also adds several new 'Onion' icons to the mix to indicate all of the various permutations of Onion Services hosted HTTP or HTTPS pages with HTTP or HTTPS content.

Strings for Onion Service Page Info page are pulled from Torbutton's localization strings.

- - - - - 28414d6f by cypherpunks1 at 2023-09-19T17:53:41+02:00 fixup! Bug 23247: Communicating security expectations for .onion

Bug 41934: Treat unencrypted websocket connections to onion services as secure

- - - - - 7c093b39 by Henry Wilkes at 2023-09-19T17:53:41+02:00 fixup! Bug 23247: Communicating security expectations for .onion

Bug 42091: Shorten onion address in site identity panel to be consistent with the circuit display.

- - - - - 78526f46 by Kathy Brade at 2023-09-19T17:53:42+02:00 Bug 30237: Add v3 onion services client authentication prompt

When Tor informs the browser that client authentication is needed, temporarily load about:blank instead of about:neterror and prompt for the user's key.

If a correctly formatted key is entered, use Tor's ONION_CLIENT_AUTH_ADD control port command to add the key (via Torbutton's control port module) and reload the page.

If the user cancels the prompt, display the standard about:neterror "Unable to connect" page. This requires a small change to browser/actors/NetErrorChild.jsm to account for the fact that the docShell no longer has the failedChannel information. The failedChannel is used to extract TLS-related error info, which is not applicable in the case of a canceled .onion authentication prompt.

Add a leaveOpen option to PopupNotifications.show so we can display error messages within the popup notification doorhanger without closing the prompt.

Add support for onion services strings to the TorStrings module.

Add support for Tor extended SOCKS errors (Tor proposal 304) to the socket transport and SOCKS layers. Improved display of all of these errors will be implemented as part of bug 30025.

Also fixes bug 19757: Add a "Remember this key" checkbox to the client auth prompt.

Add an "Onion Services Authentication" section within the about:preferences "Privacy & Security section" to allow viewing and removal of v3 onion client auth keys that have been stored on disk.

Also fixes bug 19251: use enhanced error pages for onion service errors.

- - - - - 59486520 by Pier Angelo Vendrame at 2023-09-19T17:53:42+02:00 fixup! Bug 30237: Add v3 onion services client authentication prompt

The provider building is now async.

- - - - - 1f1b164e by Pier Angelo Vendrame at 2023-09-19T17:53:43+02:00 fixup! Bug 30237: Add v3 onion services client authentication prompt

Fix possible race conditions on the busy state.

- - - - - 67ce8609 by Pier Angelo Vendrame at 2023-09-19T17:53:44+02:00 fixup! Bug 30237: Add v3 onion services client authentication prompt

Re-build the provider every time we need it, since it might change now.

- - - - - d51f004c by Henry Wilkes at 2023-09-19T17:53:44+02:00 fixup! Bug 30237: Add v3 onion services client authentication prompt

Bug 42092: Fix layout styling of saved onion keys dialog.

- - - - - f528f338 by Henry Wilkes at 2023-09-19T17:53:45+02:00 fixup! Bug 30237: Add v3 onion services client authentication prompt

Bug 42091: Tidy up authPrompt.jsm.

Stop importing modules to the global scope and remove authUtil.jsm.

Refactor the description string handling.

- - - - - 6fdd448a by Henry Wilkes at 2023-09-19T17:53:45+02:00 fixup! Bug 30237: Add v3 onion services client authentication prompt

Bug 42091: Shorten the shown onion address in the auth prompt.

- - - - - d7314a7a by Alex Catarineu at 2023-09-19T17:53:46+02:00 Bug 21952: Implement Onion-Location

Whenever a valid Onion-Location HTTP header (or corresponding HTML <meta> http-equiv attribute) is found in a document load, we either redirect to it (if the user opted-in via preference) or notify the presence of an onionsite alternative with a badge in the urlbar.

- - - - - 9c046ad5 by Pier Angelo Vendrame at 2023-09-19T17:53:46+02:00 Bug 40458: Implement .tor.onion aliases

We have enabled HTTPS-Only mode, therefore we do not need HTTPS-Everywhere anymore. However, we want to keep supporting .tor.onion aliases (especially for securedrop). Therefore, in this patch we implemented the parsing of HTTPS-Everywhere rulesets, and the redirect of .tor.onion domains. Actually, Tor Browser believes they are actual domains. We change them on the fly on the SOCKS proxy requests to resolve the domain, and on the code that verifies HTTPS certificates.

- - - - - 7f083816 by Richard Pospesel at 2023-09-19T17:53:47+02:00 fixup! Bug 40458: Implement .tor.onion aliases

Bug 41974: De-emphasized text in custom components is no longer gray in 13.0 alpha

- - - - - b31552fe by Pier Angelo Vendrame at 2023-09-19T17:53:47+02:00 Bug 11698: Incorporate Tor Browser Manual pages into Tor Browser

This patch associates the about:manual page to a translated page that must be injected to browser/omni.ja after the build. The content must be placed in chrome/browser/content/browser/manual/, so that is then available at chrome://browser/content/manual/. We preferred giving absolute freedom to the web team, rather than having to change the patch in case of changes on the documentation.

- - - - - d05ce45e by Henry Wilkes at 2023-09-19T17:53:48+02:00 fixup! Bug 11698: Incorporate Tor Browser Manual pages into Tor Browser

Bug 41333: Use fluent for manual menu entry since we're no longer using aboutTor.dtd.

- - - - - da0ed2d2 by Pier Angelo Vendrame at 2023-09-19T17:53:48+02:00 Bug 41435: Add a Tor Browser migration function

For now this function only deletes old language packs for which we are already packaging the strings with the application.

- - - - - 683152f9 by Henry Wilkes at 2023-09-19T17:53:49+02:00 Bug 42110: Add TorUIUtils module for common tor component methods.

- - - - - a90a396f by Dan Ballard at 2023-09-19T17:53:49+02:00 Bug 40701: Add security warning when downloading a file

Shown in the downloads panel, about:downloads and places.xhtml.

- - - - - 8e194f14 by Richard Pospesel at 2023-09-19T17:53:50+02:00 fixup! Bug 40701: Add security warning when downloading a file

Bug 41971: Update Tails URL in downloads warning

- - - - - d495e30c by Henry Wilkes at 2023-09-19T17:53:50+02:00 fixup! Bug 40701: Add security warning when downloading a file

Bug 41886: Fix downloads panel warning size.

- - - - - 491f92d4 by Henry Wilkes at 2023-09-19T17:53:51+02:00 Bug 41736: Customize toolbar for tor-browser.

- - - - - ca6e3a74 by hackademix at 2023-09-19T17:53:51+02:00 Bug 41728: Pin bridges.torproject.org domains to Let's Encrypt's root cert public key

- - - - - f87bbfc1 by Henry Wilkes at 2023-09-19T17:53:52+02:00 Customize moz-toggle for tor-browser.

- - - - - 4e23d110 by Henry Wilkes at 2023-09-19T17:53:54+02:00 fixup! Customize moz-toggle for tor-browser.

Bug 41651: Use moz-toggle for enable-bridges switch.

- - - - - 0bf2c83e by Henry Wilkes at 2023-09-19T17:53:55+02:00 Bug 42072: 2023 year end campaign for about:tor.

- - - - - 54b2f6d1 by Henry Wilkes at 2023-09-19T17:53:55+02:00 fixup! Bug 42072: 2023 year end campaign for about:tor.

- - - - -

30 changed files:

- .eslintignore - .gitignore - + .gitlab/issue_templates/Backport Android Security Fixes.md - + .gitlab/issue_templates/Rebase Browser - Alpha.md - + .gitlab/issue_templates/Rebase Browser - Stable.md - + browser/actors/AboutTBUpdateChild.jsm - + browser/actors/AboutTBUpdateParent.jsm - + browser/actors/CryptoSafetyChild.jsm - + browser/actors/CryptoSafetyParent.jsm - browser/actors/moz.build - browser/app/Makefile.in - browser/app/macbuild/Contents/Info.plist.in - + browser/app/profile/000-tor-browser.js - browser/base/content/aboutDialog.xhtml - + browser/base/content/aboutDialogTor.css - + browser/base/content/abouttbupdate/aboutTBUpdate.css - + browser/base/content/abouttbupdate/aboutTBUpdate.js - + browser/base/content/abouttbupdate/aboutTBUpdate.xhtml - browser/base/content/appmenu-viewcache.inc.xhtml - + browser/base/content/browser-doctype.inc - browser/base/content/browser-menubar.inc - browser/base/content/browser-sets.inc - browser/base/content/browser-siteIdentity.js - browser/base/content/browser.js - browser/base/content/browser.xhtml - browser/base/content/default-bookmarks.html - browser/base/content/hiddenWindowMac.xhtml - browser/base/content/main-popupset.inc.xhtml - browser/base/content/navigator-toolbox.inc.xhtml - browser/base/content/pageinfo/pageInfo.xhtml

The diff was not included because it is too large.

View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/compare/1d65f29...