Pier Angelo Vendrame pushed to branch base-browser-115.3.0esr-13.0-1 at The Tor Project / Applications / Tor Browser

WARNING: The push did not contain any new commits, but force pushed to delete the commits and changes below.

Deleted commits:

• 327cf983
  by Richard Pospesel at 2023-09-19T17:52:50+02:00

  Bug 41649: Create rebase and security backport gitlab issue templates
  

• b69c7d5f
  by Pier Angelo Vendrame at 2023-09-19T17:52:50+02:00

  fixup! Bug 41649: Create rebase and security backport gitlab issue templates
  
  Add a step to make the default branch and add how to find a tag when it
  does not exist yet.
  

• d1b97543
  by Richard Pospesel at 2023-09-19T17:52:51+02:00

  Bug 41089: Add tor-browser build scripts + Makefile to tor-browser
  

• 77222733
  by clairehurst at 2023-09-19T17:52:51+02:00

  fixup! Bug 41089: Add tor-browser build scripts + Makefile to tor-browser
  
  Bug 42035: Update tools/torbrowser/ scripts to support macOS dev environment
  

• 51270bfe
  by Henry Wilkes at 2023-09-19T17:52:51+02:00

  Bug 41803: Add some developer tools for working on tor-browser.
  

• 1e9e56f3
  by Kathy Brade at 2023-09-19T17:52:52+02:00

  Bug 11641: Disable remoting by default.
  
  Unless the -osint command line flag is used, the browser now defaults
  to the equivalent of -no-remote.  There is a new -allow-remote flag that
  may be used to restore the original (Firefox-like) default behavior.
  

• 132220dd
  by Alex Catarineu at 2023-09-19T17:52:53+02:00

  Add TorStrings module for localization
  

• 8ff432b2
  by Henry Wilkes at 2023-09-19T17:52:53+02:00

  fixup! Add TorStrings module for localization
  
  Bug 41333: Stop using aboutTor.dtd. No longer use aboutTBUpdate strings in about:tor.
  

• 1ff30999
  by Pier Angelo Vendrame at 2023-09-19T17:52:54+02:00

  fixup! Add TorStrings module for localization
  
  Marked tor_controlconn_failed as a 12.5-only
  

• 7f4e82d7
  by Henry Wilkes at 2023-09-19T17:52:54+02:00

  fixup! Add TorStrings module for localization
  
  Bug 42091: Remove authPrompt "Learn More" href from TorStrings.
  

• 7c71e255
  by Henry Wilkes at 2023-09-19T17:52:55+02:00

  Tor Browser strings
  
  This commit adds all the strings needed for Tor Browser patches.
  

• b470bbf8
  by Henry Wilkes at 2023-09-19T17:52:55+02:00

  Tor Browser localization migration scripts.
  

• 94fc57f0
  by Mike Perry at 2023-09-19T17:52:56+02:00

  Bug 2176: Rebrand Firefox to TorBrowser
  
  See also Bugs #5194, #7187, #8115, #8219.
  
  This patch does some basic renaming of Firefox to TorBrowser. The rest of the
  branding is done by images and icons.
  
  Also fix bug 27905.
  
  Bug 25702: Update Tor Browser icon to follow design guidelines
  
  - Updated all of the branding in /browser/branding/official with new 'stable'
  icon series.
  - Updated /extensions/onboarding/content/img/tor-watermark.png with new icon and
  add the source svg in the same directory
  - Copied /browser/branding/official over /browser/branding/nightly and the new
  /browser/branding/alpha directories. Replaced content with 'nightly' and
  'alpha' icon series.
  Updated VisualElements_70.png and VisualElements_150.png with updated icons in
  each branding directory (fixes #22654)
  - Updated firefox.VisualElementsManfiest.xml with updated colors in each
  branding directory
  - Added firefox.svg to each branding directory from which all the other icons
  are derived (apart from document.icns and document.ico)
  - Added default256.png and default512.png icons
  - Updated aboutTBUpdate.css to point to branding-aware icon128.png and removed
  original icon
  - Use the Tor Browser icon within devtools/client/themes/images/.
  
  Bug 30631: Blurry Tor Browser icon on macOS app switcher
  
  It would seem the png2icns tool does not generate correct icns files and
  so on macOS the larger icons were missing resulting in blurry icons in
  the OS chrome. Regenerated the padded icons in a macOS VM using
  iconutil.
  
  Bug 28196: preparations for using torbutton tor-browser-brand.ftl
  
  A small change to Fluent FileSource class is required so that we
  can register a new source without its supported locales being
  counted as available locales for the browser.
  
  Bug 31803: Replaced about:debugging logo with flat version
  
  Bug 21724: Make Firefox and Tor Browser distinct macOS apps
  
  When macOS opens a document or selects a default browser, it sometimes
  uses the CFBundleSignature. Changing from the Firefox MOZB signature to
  a different signature TORB allows macOS to distinguish between Firefox
  and Tor Browser.
  
  Bug 32092: Fix Tor Browser Support link in preferences
  
  For bug 40562, we moved onionPattern* from bug 27476 to here, as
  about:tor needs these files but it is included earlier.
  
  Bug 41278: Create Tor Browser styled pdf logo similar to the vanilla Firefox one
  

• 7119926f
  by Henry Wilkes at 2023-09-19T17:52:56+02:00

  fixup! Bug 2176: Rebrand Firefox to TorBrowser
  
  Bug 41333: Add a branding svg logo.
  
  Copied from branding/tb-<version>/firefox.svg.
  

• db61f42c
  by Henry Wilkes at 2023-09-19T17:52:57+02:00

  squash! Bug 2176: Rebrand Firefox to TorBrowser
  
  Bug 42088: New application icons (used in-app and on linux).
  

• bc0fcb88
  by Henry Wilkes at 2023-09-19T17:52:58+02:00

  fixup! Bug 2176: Rebrand Firefox to TorBrowser
  
  Bug 41957: Use full tor browser icon for site identity button for internal pages.
  
  Also remove colors in tor-styles.css.
  

• 71268b41
  by Pier Angelo Vendrame at 2023-09-19T17:52:58+02:00

  fixup! Bug 2176: Rebrand Firefox to TorBrowser
  
  Bug 42078: Update macOS icons
  

• 4caa911d
  by sanketh at 2023-09-19T17:52:59+02:00

  Bug 40209: Implement Basic Crypto Safety
  
  Adds a CryptoSafety actor which detects when you've copied a crypto
  address from a HTTP webpage and shows a warning.
  
  Closes #40209.
  
  Bug 40428: Fix string attribute names
  

• da75a72f
  by Mike Perry at 2023-09-19T17:52:59+02:00

  TB3: Tor Browser's official .mozconfigs.
  
  Also:
  Add an --enable-tor-browser-data-outside-app-dir configure option
  
  Add --with-tor-browser-version configure option
  
  Bug 31457: disable per-installation profiles
  
  The dedicated profiles (per-installation) feature does not interact
  well with our bundled profiles on Linux and Windows, and it also causes
  multiple profiles to be created on macOS under TorBrowser-Data.
  
  Bug 31935: Disable profile downgrade protection.
  
  Since Tor Browser does not support more than one profile, disable
  the prompt and associated code that offers to create one when a
  version downgrade situation is detected.
  
  Add --enable-tor-browser-update build option
  
  Bug 40793: moved Tor configuration options from old-configure.in to moz.configure
  
  Bug 41584: Move some configuration options to base-browser level
  

• 8471c1f7
  by clairehurst at 2023-09-19T17:53:00+02:00

  fixup! TB3: Tor Browser's official .mozconfigs.
  
  Bug 42035: update mozconfig for macos development
  

• 144cb398
  by Henry Wilkes at 2023-09-19T17:53:00+02:00

  Bug 41340: Enable TOR_BROWSER_NIGHTLY_BUILD features for dev and nightly builds
  
  tor-browser#41285: Enable fluent warnings.
  

• 9e917c2c
  by Pier Angelo Vendrame at 2023-09-19T17:53:01+02:00

  Bug 40562: Added Tor Browser preferences to 000-tor-browser.js
  
  Before reordering patches, we used to keep the Tor-related patches
  (torbutton and tor-launcher) at the beginning.
  After that issue, we decided to move them towards the end.
  
  In addition to that, we have decided to move Tor Browser-only
  preferences there, too, to make Base Browser-only fixups easier to
  apply.
  

• beb27b9f
  by Henry Wilkes at 2023-09-19T17:53:01+02:00

  fixup! Bug 40562: Added Tor Browser preferences to 000-tor-browser.js
  
  Bug 41333: Remove TorCheckService.
  

• 885549c5
  by Richard Pospesel at 2023-09-19T17:53:02+02:00

  fixup! Bug 40562: Added Tor Browser preferences to 000-tor-browser.js
  

• 510e84ea
  by Henry Wilkes at 2023-09-19T17:53:04+02:00

  fixup! Bug 40562: Added Tor Browser preferences to 000-tor-browser.js
  
  Bug 41906: Lock network.trr.mode to be explicitly off.
  

• 8b79c605
  by Pier Angelo Vendrame at 2023-09-19T17:53:04+02:00

  Bug 13252: Customize profile management on macOS
  
  On macOS we allow both portable mode and system installation.
  However, in the latter case, we customize Firefox's directories to
  match the hierarchy we use for the portable mode.
  
  Also, display an informative error message if the TorBrowser-Data
  directory cannot be created due to an "access denied" or a
  "read only volume" error.
  

• de89d30e
  by Pier Angelo Vendrame at 2023-09-19T17:53:05+02:00

  Bug 40933: Add tor-launcher functionality
  
  Bug 41926: Reimplement the control port
  

• 2f6eb3b8
  by Henry Wilkes at 2023-09-19T17:53:05+02:00

  fixup! fixup! Bug 40933: Add tor-launcher functionality
  
  Bug 41333: Remove TorCheckService.
  

• 83c00801
  by Pier Angelo Vendrame at 2023-09-19T17:53:06+02:00

  fixup! Bug 40933: Add tor-launcher functionality
  
  Deleted old stuff, unified TorController with ControlSocket, simplified
  everything (e.g., do not use the dispatcher anymore, just call stuff
  directly or use a much simpler map).
  

• 6f78826f
  by Pier Angelo Vendrame at 2023-09-19T17:53:06+02:00

  fixup! Bug 40933: Add tor-launcher functionality
  
  Use `#` instead of `_` for private things here and there, to make
  reviewing the changes easier.
  

• e82c6f9a
  by Pier Angelo Vendrame at 2023-09-19T17:53:07+02:00

  fixup! Bug 40933: Add tor-launcher functionality
  
  Shuffle code here and there, so that it's feasible to check that
  nothing actually changed with `git diff --color-moved`.
  

• acc4e6c8
  by Pier Angelo Vendrame at 2023-09-19T17:53:07+02:00

  fixup! Bug 40933: Add tor-launcher functionality
  
  Further refactors/improvements.
  

• df87cd7c
  by Pier Angelo Vendrame at 2023-09-19T17:53:08+02:00

  fixup! Bug 40933: Add tor-launcher functionality
  
  Refactored the settings reading, the first connection and events setup.
  

• 45e1dd66
  by Pier Angelo Vendrame at 2023-09-19T17:53:08+02:00

  fixup! Bug 40933: Add tor-launcher functionality
  
  Moved the control port parsing for asynchronous events from TorProvider
  to TorControlPort.
  

• ed0f19a9
  by Pier Angelo Vendrame at 2023-09-19T17:53:09+02:00

  fixup! Bug 40933: Add tor-launcher functionality
  
  Bug 41986: Fix the control port password handling
  

• a65669a5
  by Pier Angelo Vendrame at 2023-09-19T17:53:09+02:00

  fixup! Bug 40933: Add tor-launcher functionality
  

• 5cd0b1e3
  by Pier Angelo Vendrame at 2023-09-19T17:53:10+02:00

  fixup! Bug 40933: Add tor-launcher functionality
  
  Second chunk of changes requested during the review.
  

• 3909206e
  by Pier Angelo Vendrame at 2023-09-19T17:53:11+02:00

  fixup! Bug 40933: Add tor-launcher functionality
  
  Change the provider buidler to make build async and other fixes.
  

• 5f7787be
  by Pier Angelo Vendrame at 2023-09-19T17:53:11+02:00

  fixup! Bug 40933: Add tor-launcher functionality
  
  Make the restart case stronger.
  

• 34403ea2
  by Pier Angelo Vendrame at 2023-09-19T17:53:12+02:00

  fixup! Bug 40933: Add tor-launcher functionality
  
  Move the restart to the ProviderBuilder.
  

• 8645a190
  by Pier Angelo Vendrame at 2023-09-19T17:53:12+02:00

  fixup! Bug 40933: Add tor-launcher functionality
  
  Addressed more requests from the review, and added documentation.
  

• 8db51876
  by Pier Angelo Vendrame at 2023-09-19T17:53:12+02:00

  fixup! Bug 40933: Add tor-launcher functionality
  
  Bug 42102: Fix checkPort in TorProcess
  

• 4e6197f5
  by Richard Pospesel at 2023-09-19T17:53:13+02:00

  Bug 40597: Implement TorSettings module
  
  - migrated in-page settings read/write implementation from about:preferences#tor
    to the TorSettings module
  - TorSettings initially loads settings from the tor daemon, and saves them to
    firefox prefs
  - TorSettings notifies observers when a setting has changed; currently only
    QuickStart notification is implemented for parity with previous preference
    notify logic in about:torconnect and about:preferences#tor
  - about:preferences#tor, and about:torconnect now read and write settings
    thorugh the TorSettings module
  - all tor settings live in the torbrowser.settings.* preference branch
  - removed unused pref modify permission for about:torconnect content page from
    AsyncPrefs.jsm
  
  Bug 40645: Migrate Moat APIs to Moat.jsm module
  

• f44ef500
  by Pier Angelo Vendrame at 2023-09-19T17:53:13+02:00

  fixup! Bug 40597: Implement TorSettings module
  
  Workaround for a race condition.
  

• d7549479
  by Pier Angelo Vendrame at 2023-09-19T17:53:14+02:00

  fixup! Bug 40597: Implement TorSettings module
  
  The provider building is now async.
  

• 402ad307
  by Pier Angelo Vendrame at 2023-09-19T17:53:15+02:00

  fixup! Bug 40597: Implement TorSettings module
  
  Set the state back to Configure when the tor process exits, and disable
  qiuckstart.
  We should also show the "Not Connected" pill again.
  

• b5aa34c8
  by Arthur Edelstein at 2023-09-19T17:53:15+02:00

  Bug 3455: Add DomainIsolator, for isolating circuit by domain.
  
  Add an XPCOM component that registers a ProtocolProxyChannelFilter
  which sets the username/password for each web request according to
  url bar domain.
  
  Bug 9442: Add New Circuit button
  
  Bug 13766: Set a 10 minute circuit dirty timeout for the catch-all circ.
  
  Bug 19206: Include a 128 bit random tag as part of the domain isolator nonce.
  
  Bug 19206: Clear out the domain isolator state on `New Identity`.
  
  Bug 21201.2: Isolate by firstPartyDomain from OriginAttributes
  
  Bug 21745: Fix handling of catch-all circuit
  
  Bug 41741: Refactor the domain isolator and new circuit
  

• 36278c1a
  by cypherpunks1 at 2023-09-19T17:53:16+02:00

  fixup! Bug 3455: Add DomainIsolator, for isolating circuit by domain.
  
  Bug 40175: Use first-party isolation on reader view
  

• 860c94e1
  by Pier Angelo Vendrame at 2023-09-19T17:53:16+02:00

  fixup! Bug 3455: Add DomainIsolator, for isolating circuit by domain.
  
  The provider building is now async.
  

• 548ccc94
  by Henry Wilkes at 2023-09-19T17:53:16+02:00

  Bug 41600: Add a tor circuit display panel.
  

• 4f8016ca
  by cypherpunks1 at 2023-09-19T17:53:17+02:00

  fixup! Bug 41600: Add a tor circuit display panel.
  
  Bug 40175: Support circuit display on about:reader
  

• 356932d8
  by Richard Pospesel at 2023-09-19T17:53:17+02:00

  fixup! Bug 41600: Add a tor circuit display panel.
  
  Bug 41865: Use --text-color-deemphasized rather than --panel-description-color
  

• 2973fbe3
  by Henry Wilkes at 2023-09-19T17:53:18+02:00

  fixup! Bug 41600: Add a tor circuit display panel.
  
  Bug 42045: Allow circuit panel to grow in width for long addresses.
  

• 38886199
  by Henry Wilkes at 2023-09-19T17:53:21+02:00

  fixup! Bug 41600: Add a tor circuit display panel.
  
  Bug 41980: Center-align the circuit heading.
  

• 0507161c
  by Henry Wilkes at 2023-09-19T17:53:21+02:00

  fixup! Bug 41600: Add a tor circuit display panel.
  
  Bug 42091: Use TorUIUtils to shorten the onion address.
  

• 15fa681a
  by hackademix at 2023-09-19T17:53:22+02:00

  Bug 8324: Prevent DNS proxy bypasses caused by Drag&Drop
  
  Bug 41613: Skip Drang & Drop filtering for DNS-safe URLs
  

• 42138254
  by Amogh Pradeep at 2023-09-19T17:53:22+02:00

  Orfox: Centralized proxy applied to AbstractCommunicator and BaseResources.
  
  See Bug 1357997 for partial uplift.
  
  Also:
  Bug 28051 - Use our Orbot for proxying our connections
  
  Bug 31144 - ESR68 Network Code Review
  

• 508c1958
  by Matthew Finkel at 2023-09-19T17:53:23+02:00

  Bug 25741: TBA: Disable GeckoNetworkManager
  
  The browser should not need information related to the network
  interface or network state, tor should take care of that.
  

• 993ff8fa
  by Kathy Brade at 2023-09-19T17:53:23+02:00

  Bug 14631: Improve profile access error messages.
  
  Instead of always reporting that the profile is locked, display specific
  messages for "access denied" and "read-only file system".
  
  To allow for localization, get profile-related error strings from Torbutton.
  Use app display name ("Tor Browser") in profile-related error alerts.
  

• 62399654
  by Pier Angelo Vendrame at 2023-09-19T17:53:23+02:00

  Bug 40807: Added QRCode.js to toolkit/modules
  

• c15a7936
  by Richard Pospesel at 2023-09-19T17:53:24+02:00

  Bug 31286: Implementation of bridge, proxy, and firewall settings in about:preferences#connection
  
  This patch adds a new about:preferences#connection page which allows
  modifying bridge, proxy, and firewall settings from within Tor Browser.
  All of the functionality present in tor-launcher's Network
  Configuration panel is present:
  
   - Setting built-in bridges
   - Requesting bridges from BridgeDB via moat
   - Using user-provided bridges
   - Configuring SOCKS4, SOCKS5, and HTTP/HTTPS proxies
   - Setting firewall ports
   - Viewing and Copying Tor's logs
   - The Networking Settings in General preferences has been removed
  
  Bug 40774: Update about:preferences page to match new UI designs
  

• 74bdf570
  by Richard Pospesel at 2023-09-19T17:53:24+02:00

  fixup! Bug 31286: Implementation of bridge, proxy, and firewall settings in about:preferences#connection
  
  Bug 41977: Hide the 'Learn more' link in bridge cards
  

• 53d77950
  by Henry Wilkes at 2023-09-19T17:53:25+02:00

  fixup! Bug 31286: Implementation of bridge, proxy, and firewall settings in about:preferences#connection
  
  Bug 41812: Stop using -moz-box-flex
  
  Fixes:
  Bug 41904: Connection settings now inputs at full width.
  Bug 41821: Tor logs now expand with dialog.
  

• bd927112
  by Henry Wilkes at 2023-09-19T17:53:26+02:00

  fixup! Bug 31286: Implementation of bridge, proxy, and firewall settings in about:preferences#connection
  
  Bug 42047: Remove sizing hacks for tor dialogs. We can just wait until
  DOMContentLoaded to call _populateXUL. Then the subDialog code will take
  care of the sizing for us.
  

• 9edf966b
  by Henry Wilkes at 2023-09-19T17:53:26+02:00

  fixup! Bug 31286: Implementation of bridge, proxy, and firewall settings in about:preferences#connection
  
  Bug 41651: Use moz-toggle for enable-bridges switch.
  

• da664169
  by Richard Pospesel at 2023-09-19T17:53:27+02:00

  fixup! Bug 31286: Implementation of bridge, proxy, and firewall settings in about:preferences#connection
  
  Bug 41974: De-emphasized text in custom components is no longer gray in 13.0 alpha
  

• 97658076
  by Pier Angelo Vendrame at 2023-09-19T17:53:27+02:00

  fixup! Bug 31286: Implementation of bridge, proxy, and firewall settings in about:preferences#connection
  
  The provider building is now async.
  

• be0507a1
  by henry at 2023-09-19T17:53:28+02:00

  fixup! Bug 31286: Implementation of bridge, proxy, and firewall settings in about:preferences#connection
  
  Added some error handling for the cases in which the Tor provider
  failed to build.
  

• c126645c
  by Richard Pospesel at 2023-09-19T17:53:28+02:00

  Bug 27476: Implement about:torconnect captive portal within Tor Browser
  
  - implements new about:torconnect page as tor-launcher replacement
  - adds new torconnect component to browser
  - tor process management functionality remains implemented in tor-launcher through the TorProtocolService module
  - adds warning/error box to about:preferences#tor when not connected to tor
  
  Bug 40773: Update the about:torconnect frontend page to match additional UI flows.
  
  Bug 41608: Add a toolbar status button and a urlbar "Connect" button.
  

• 0202ab19
  by Pier Angelo Vendrame at 2023-09-19T17:53:29+02:00

  fixup! Bug 27476: Implement about:torconnect captive portal within Tor Browser
  
  Fixed another race condition and moved to ES modules while I was
  touching this code.
  

• 5911c55f
  by Henry Wilkes at 2023-09-19T17:53:29+02:00

  fixup! Bug 27476: Implement about:torconnect captive portal within Tor Browser
  
  Bug 42079: Support moving out of the TorConnectState.Bootsrapped state
  for gTorConnectTitlebarStatus and gTorConnectUrlbarButton.
  

• 490e2a63
  by Henry Wilkes at 2023-09-19T17:53:30+02:00

  Bug 7494: Create local home page for TBB.
  
  Bug 41333: Update about:tor to new design. Including:
  + make the favicon match the branding icon.
  + make the location bar show a search icon.
  

• 04123f41
  by Henry Wilkes at 2023-09-19T17:53:30+02:00

  fixup! Bug 7494: Create local home page for TBB.
  
  Bug 41333: Remove TorCheckService.
  

• eef1671d
  by Henry Wilkes at 2023-09-19T17:53:31+02:00

  fixup! Bug 7494: Create local home page for TBB.
  
  Bug 42075: Increase inline margin for the message links in about:tor.
  
  Also increase the end margin of the emoji icon.
  

• 68b2d132
  by Henry Wilkes at 2023-09-19T17:53:32+02:00

  fixup! Bug 7494: Create local home page for TBB.
  
  Bug 42073: Add onion pattern to about:tor background.
  

• 29904003
  by Arthur Edelstein at 2023-09-19T17:53:32+02:00

  Bug 12620: TorBrowser regression tests
  
  Regression tests for Bug #2950: Make Permissions Manager memory-only
  
  Regression tests for TB4: Tor Browser's Firefox preference overrides.
  
  Note: many more functional tests could be made here
  
  Regression tests for #2874: Block Components.interfaces from content
  
  Bug 18923: Add a script to run all Tor Browser specific tests
  
  Regression tests for Bug #16441: Suppress "Reset Tor Browser" prompt.
  

• 4d2619ef
  by Pier Angelo Vendrame at 2023-09-19T17:53:33+02:00

  Bug 41668: Tweaks to the Base Browser updater for Tor Browser
  
  This commit was once part of "Bug 4234: Use the Firefox Update Process
  for Tor Browser.".
  However, some parts of it were not needed for Base Browser and some
  derivative browsers.
  Therefore, we extracted from that commit the parts for Tor Browser
  legacy, and we add them back to the patch set with this commit.
  

• fc8c490d
  by Pier Angelo Vendrame at 2023-09-19T17:53:33+02:00

  fixup! Bug 41668: Tweaks to the Base Browser updater for Tor Browser
  
  The provider building is now async.
  

• 5c8ce95c
  by Kathy Brade at 2023-09-19T17:53:34+02:00

  Bug 12647: Support symlinks in the updater.
  

• 7af4c5b4
  by Kathy Brade at 2023-09-19T17:53:34+02:00

  Bug 19121: reinstate the update.xml hash check
  
  This is a partial revert of commit f1241db6986e4b54473a1ed870f7584c75d51122.
  
  Revert most changes from Mozilla Bug 862173 "don't verify mar file hash
  when using mar signing to verify the mar file (lessens main thread I/O)."
  
  We kept the addition to the AppConstants API in case other JS code
  references it in the future.
  

• 2eab30bc
  by Kathy Brade at 2023-09-19T17:53:35+02:00

  Bug 16940: After update, load local change notes.
  
  Add an about:tbupdate page that displays the first section from
  TorBrowser/Docs/ChangeLog.txt and includes a link to the remote
  post-update page (typically our blog entry for the release).
  
  Always load about:tbupdate in a content process, but implement the
  code that reads the file system (changelog) in the chrome process
  for compatibility with future sandboxing efforts.
  
  Also fix bug 29440. Now about:tbupdate is styled as a fairly simple
  changelog page that is designed to be displayed via a link that is on
  about:tor.
  

• d25a7b17
  by Pier Angelo Vendrame at 2023-09-19T17:53:38+02:00

  fixup! Bug 16940: After update, load local change notes.
  
  Remove the doubled and unused aboutTBUpdate.dtd
  

• 0d1302b6
  by Georg Koppen at 2023-09-19T17:53:38+02:00

  Bug 32658: Create a new MAR signing key
  
  It's time for our rotation again: Move the backup key in the front
  position and add a new backup key.
  
  Bug 33803: Move our primary nightly MAR signing key to tor-browser
  
  Bug 33803: Add a secondary nightly MAR signing key
  

• 78ec020d
  by Mike Perry at 2023-09-19T17:53:39+02:00

  Omnibox: Add DDG, Startpage, Disconnect, Youtube, Twitter; remove Amazon, eBay, bing
  
  eBay and Amazon don't treat Tor users very well. Accounts often get locked and
  payments reversed.
  
  Also:
  Bug 16322: Update DuckDuckGo search engine
  
  We are replacing the clearnet URL with an onion service one (thanks to a
  patch by a cypherpunk) and are removing the duplicated DDG search
  engine. Duplicating DDG happend due to bug 1061736 where Mozilla
  included DDG itself into Firefox. Interestingly, this caused breaking
  the DDG search if JavaScript is disabled as the Mozilla engine, which
  gets loaded earlier, does not use the html version of the search page.
  Moreover, the Mozilla engine tracked where the users were searching from
  by adding a respective parameter to the search query. We got rid of that
  feature as well.
  
  Also:
  This fixes bug 20809: the DuckDuckGo team has changed its server-side
  code in a way that lets users with JavaScript enabled use the default
  landing page while those without JavaScript available get redirected
  directly to the non-JS page. We adapt the search engine URLs
  accordingly.
  
  Also fixes bug 29798 by making sure we only specify the Google search
  engine we actually ship an .xml file for.
  
  Also regression tests.
  
  squash! Omnibox: Add DDG, Startpage, Disconnect, Youtube, Twitter; remove Amazon, eBay, bing
  
  Bug 40494: Update Startpage search provider
  
  squash! Omnibox: Add DDG, Startpage, Disconnect, Youtube, Twitter; remove Amazon, eBay, bing
  
  Bug 40438: Add Blockchair as a search engine
  
  Bug 33342: Avoid disconnect search addon error after removal.
  
  We removed the addon in #32767, but it was still being loaded
  from addonStartup.json.lz4 and throwing an error on startup
  because its resource: location is not available anymore.
  

• 395eccd6
  by Alex Catarineu at 2023-09-19T17:53:39+02:00

  Bug 40073: Disable remote Public Suffix List fetching
  
  In https://bugzilla.mozilla.org/show_bug.cgi?id=1563246 Firefox implemented
  fetching the Public Suffix List via RemoteSettings and replacing the default
  one at runtime, which we do not want.
  

• 7216971e
  by Henry Wilkes at 2023-09-19T17:53:40+02:00

  Bug 41906: Hide DNS over HTTPS preferences.
  

• 4c0b36c2
  by Richard Pospesel at 2023-09-19T17:53:40+02:00

  Bug 23247: Communicating security expectations for .onion
  
  Encrypting pages hosted on Onion Services with SSL/TLS is redundant
  (in terms of hiding content) as all traffic within the Tor network is
  already fully encrypted.  Therefore, serving HTTP pages from an Onion
  Service is more or less fine.
  
  Prior to this patch, Tor Browser would mostly treat pages delivered
  via Onion Services as well as pages delivered in the ordinary fashion
  over the internet in the same way.  This created some inconsistencies
  in behaviour and misinformation presented to the user relating to the
  security of pages delivered via Onion Services:
  
   - HTTP Onion Service pages did not have any 'lock' icon indicating
     the site was secure
   - HTTP Onion Service pages would be marked as unencrypted in the Page
     Info screen
   - Mixed-mode content restrictions did not apply to HTTP Onion Service
     pages embedding Non-Onion HTTP content
  
  This patch fixes the above issues, and also adds several new 'Onion'
  icons to the mix to indicate all of the various permutations of Onion
  Services hosted HTTP or HTTPS pages with HTTP or HTTPS content.
  
  Strings for Onion Service Page Info page are pulled from Torbutton's
  localization strings.
  

• 28414d6f
  by cypherpunks1 at 2023-09-19T17:53:41+02:00

  fixup! Bug 23247: Communicating security expectations for .onion
  
  Bug 41934: Treat unencrypted websocket connections to onion services as secure
  

• 7c093b39
  by Henry Wilkes at 2023-09-19T17:53:41+02:00

  fixup! Bug 23247: Communicating security expectations for .onion
  
  Bug 42091: Shorten onion address in site identity panel to be consistent
  with the circuit display.
  

• 78526f46
  by Kathy Brade at 2023-09-19T17:53:42+02:00

  Bug 30237: Add v3 onion services client authentication prompt
  
  When Tor informs the browser that client authentication is needed,
  temporarily load about:blank instead of about:neterror and prompt
  for the user's key.
  
  If a correctly formatted key is entered, use Tor's ONION_CLIENT_AUTH_ADD
  control port command to add the key (via Torbutton's control port
  module) and reload the page.
  
  If the user cancels the prompt, display the standard about:neterror
  "Unable to connect" page. This requires a small change to
  browser/actors/NetErrorChild.jsm to account for the fact that the
  docShell no longer has the failedChannel information. The failedChannel
  is used to extract TLS-related error info, which is not applicable
  in the case of a canceled .onion authentication prompt.
  
  Add a leaveOpen option to PopupNotifications.show so we can display
  error messages within the popup notification doorhanger without
  closing the prompt.
  
  Add support for onion services strings to the TorStrings module.
  
  Add support for Tor extended SOCKS errors (Tor proposal 304) to the
  socket transport and SOCKS layers. Improved display of all of these
  errors will be implemented as part of bug 30025.
  
  Also fixes bug 19757:
   Add a "Remember this key" checkbox to the client auth prompt.
  
   Add an "Onion Services Authentication" section within the
   about:preferences "Privacy & Security section" to allow
   viewing and removal of v3 onion client auth keys that have
   been stored on disk.
  
  Also fixes bug 19251: use enhanced error pages for onion service errors.
  

• 59486520
  by Pier Angelo Vendrame at 2023-09-19T17:53:42+02:00

  fixup! Bug 30237: Add v3 onion services client authentication prompt
  
  The provider building is now async.
  

• 1f1b164e
  by Pier Angelo Vendrame at 2023-09-19T17:53:43+02:00

  fixup! Bug 30237: Add v3 onion services client authentication prompt
  
  Fix possible race conditions on the busy state.
  

• 67ce8609
  by Pier Angelo Vendrame at 2023-09-19T17:53:44+02:00

  fixup! Bug 30237: Add v3 onion services client authentication prompt
  
  Re-build the provider every time we need it, since it might change now.
  

• d51f004c
  by Henry Wilkes at 2023-09-19T17:53:44+02:00

  fixup! Bug 30237: Add v3 onion services client authentication prompt
  
  Bug 42092: Fix layout styling of saved onion keys dialog.
  

• f528f338
  by Henry Wilkes at 2023-09-19T17:53:45+02:00

  fixup! Bug 30237: Add v3 onion services client authentication prompt
  
  Bug 42091: Tidy up authPrompt.jsm.
  
  Stop importing modules to the global scope and remove authUtil.jsm.
  
  Refactor the description string handling.
  

• 6fdd448a
  by Henry Wilkes at 2023-09-19T17:53:45+02:00

  fixup! Bug 30237: Add v3 onion services client authentication prompt
  
  Bug 42091: Shorten the shown onion address in the auth prompt.
  

• d7314a7a
  by Alex Catarineu at 2023-09-19T17:53:46+02:00

  Bug 21952: Implement Onion-Location
  
  Whenever a valid Onion-Location HTTP header (or corresponding HTML
  <meta> http-equiv attribute) is found in a document load, we either
  redirect to it (if the user opted-in via preference) or notify the
  presence of an onionsite alternative with a badge in the urlbar.
  

• 9c046ad5
  by Pier Angelo Vendrame at 2023-09-19T17:53:46+02:00

  Bug 40458: Implement .tor.onion aliases
  
  We have enabled HTTPS-Only mode, therefore we do not need
  HTTPS-Everywhere anymore.
  However, we want to keep supporting .tor.onion aliases (especially for
  securedrop).
  Therefore, in this patch we implemented the parsing of HTTPS-Everywhere
  rulesets, and the redirect of .tor.onion domains.
  Actually, Tor Browser believes they are actual domains. We change them
  on the fly on the SOCKS proxy requests to resolve the domain, and on
  the code that verifies HTTPS certificates.
  

• 7f083816
  by Richard Pospesel at 2023-09-19T17:53:47+02:00

  fixup! Bug 40458: Implement .tor.onion aliases
  
  Bug 41974: De-emphasized text in custom components is no longer gray in 13.0 alpha
  

• b31552fe
  by Pier Angelo Vendrame at 2023-09-19T17:53:47+02:00

  Bug 11698: Incorporate Tor Browser Manual pages into Tor Browser
  
  This patch associates the about:manual page to a translated page that
  must be injected to browser/omni.ja after the build.
  The content must be placed in chrome/browser/content/browser/manual/, so
  that is then available at chrome://browser/content/manual/.
  We preferred giving absolute freedom to the web team, rather than having
  to change the patch in case of changes on the documentation.
  

• d05ce45e
  by Henry Wilkes at 2023-09-19T17:53:48+02:00

  fixup! Bug 11698: Incorporate Tor Browser Manual pages into Tor Browser
  
  Bug 41333: Use fluent for manual menu entry since we're no longer using aboutTor.dtd.
  

• da0ed2d2
  by Pier Angelo Vendrame at 2023-09-19T17:53:48+02:00

  Bug 41435: Add a Tor Browser migration function
  
  For now this function only deletes old language packs for which we are
  already packaging the strings with the application.
  

• 683152f9
  by Henry Wilkes at 2023-09-19T17:53:49+02:00

  Bug 42110: Add TorUIUtils module for common tor component methods.
  

• a90a396f
  by Dan Ballard at 2023-09-19T17:53:49+02:00

  Bug 40701: Add security warning when downloading a file
  
  Shown in the downloads panel, about:downloads and places.xhtml.
  

• 8e194f14
  by Richard Pospesel at 2023-09-19T17:53:50+02:00

  fixup! Bug 40701: Add security warning when downloading a file
  
  Bug 41971: Update Tails URL in downloads warning
  

• d495e30c
  by Henry Wilkes at 2023-09-19T17:53:50+02:00

  fixup! Bug 40701: Add security warning when downloading a file
  
  Bug 41886: Fix downloads panel warning size.
  

• 491f92d4
  by Henry Wilkes at 2023-09-19T17:53:51+02:00

  Bug 41736: Customize toolbar for tor-browser.
  

• ca6e3a74
  by hackademix at 2023-09-19T17:53:51+02:00

  Bug 41728: Pin bridges.torproject.org domains to Let's Encrypt's root cert public key
  

• f87bbfc1
  by Henry Wilkes at 2023-09-19T17:53:52+02:00

  Customize moz-toggle for tor-browser.
  

• 4e23d110
  by Henry Wilkes at 2023-09-19T17:53:54+02:00

  fixup! Customize moz-toggle for tor-browser.
  
  Bug 41651: Use moz-toggle for enable-bridges switch.
  

• 0bf2c83e
  by Henry Wilkes at 2023-09-19T17:53:55+02:00

  Bug 42072: 2023 year end campaign for about:tor.
  

• 54b2f6d1
  by Henry Wilkes at 2023-09-19T17:53:55+02:00

  fixup! Bug 42072: 2023 year end campaign for about:tor.
  

30 changed files:

• .eslintignore
• .gitignore
• + .gitlab/issue_templates/Backport Android Security Fixes.md
• + .gitlab/issue_templates/Rebase Browser - Alpha.md
• + .gitlab/issue_templates/Rebase Browser - Stable.md
• + browser/actors/AboutTBUpdateChild.jsm
• + browser/actors/AboutTBUpdateParent.jsm
• + browser/actors/CryptoSafetyChild.jsm
• + browser/actors/CryptoSafetyParent.jsm
• browser/actors/moz.build
• browser/app/Makefile.in
• browser/app/macbuild/Contents/Info.plist.in
• + browser/app/profile/000-tor-browser.js
• browser/base/content/aboutDialog.xhtml
• + browser/base/content/aboutDialogTor.css
• + browser/base/content/abouttbupdate/aboutTBUpdate.css
• + browser/base/content/abouttbupdate/aboutTBUpdate.js
• + browser/base/content/abouttbupdate/aboutTBUpdate.xhtml
• browser/base/content/appmenu-viewcache.inc.xhtml
• + browser/base/content/browser-doctype.inc
• browser/base/content/browser-menubar.inc
• browser/base/content/browser-sets.inc
• browser/base/content/browser-siteIdentity.js
• browser/base/content/browser.js
• browser/base/content/browser.xhtml
• browser/base/content/default-bookmarks.html
• browser/base/content/hiddenWindowMac.xhtml
• browser/base/content/main-popupset.inc.xhtml
• browser/base/content/navigator-toolbox.inc.xhtml
• browser/base/content/pageinfo/pageInfo.xhtml

The diff was not included because it is too large.