morgan pushed to branch mullvad-browser-128.4.0esr-14.5-1 at The Tor Project / Applications / Mullvad Browser
Commits: 8d27898b by Morgan at 2024-11-14T02:01:24+00:00 fixup! MB 188: Customize Gitlab Issue and Merge templates
- - - - - 35c0859d by Morgan at 2024-11-14T02:01:43+00:00 fixup! Adding issue and merge request templates
Bug 43295: Update MR templates
- - - - - 5c8645ae by Morgan at 2024-11-14T02:04:59+00:00 fixup! MB 188: Customize Gitlab Issue and Merge templates
Bug 43295: Update MR templates
- - - - -
4 changed files:
- .gitlab/issue_templates/Emergency Security Issue.md - − .gitlab/issue_templates/Rebase Browser - Alpha.md - − .gitlab/issue_templates/Rebase Browser - Stable.md - .gitlab/merge_request_templates/default.md
Changes:
===================================== .gitlab/issue_templates/Emergency Security Issue.md ===================================== @@ -18,7 +18,9 @@ ### Type of Issue: What are we dealing with?
- [ ] Security (sandbox escape, remote code execution, etc) -- [ ] Cross-Site Linkability (correlating sessions across websites) +- [ ] Proxy Bypass (traffic contents becoming MITM'able) +- [ ] De-Anonymization (otherwise identifying which website a user is visiting) +- [ ] Cross-Site Linkability (correlating sessions across circuits and websites) - [ ] Disk Leak (persisting session information to disk) - [ ] Other (please explain)
@@ -34,11 +36,16 @@ - [ ] **richard** : signing, release - [ ] **thorin** : fingerprinting - [ ] Other Engineering Teams + - [ ] Networking (**ahf**, **dgoulet**) + - [ ] Anti-Censorship (**meskio**, **cohosh**) - [ ] UX (**donuts**) - [ ] TPA (**anarcat**, **lavamind**) - [ ] External Tor Partners - - [ ] Mozilla (**tjr**) - - [ ] Mullvad (**ruihildt**) + - [ ] Mozilla + - [ ] Mullvad + - [ ] Brave + - [ ] Guardian Project (Orbot, Onion Browser) + - [ ] Tails - [ ] Other (please list)
### Urgency: When do we need to act? @@ -65,7 +72,6 @@ Sometimes fixes have side-effects: users lose their data, roadmaps need to be ad
- [ ] Start an initial email thread with the following people: - [ ] **bella** - - [ ] **ruihildt**, **support@mullvadvpn.net** - [ ] Relevant Applications Developers - [ ] **(Optional)** **micah** - if there are considerations or asks outside the Applications Team @@ -78,7 +84,6 @@ Sometimes fixes have side-effects: users lose their data, roadmaps need to be ad /cc @ma1 /cc @micah /cc @richard -/cc @ruihildt
/confidential
===================================== .gitlab/issue_templates/Rebase Browser - Alpha.md deleted ===================================== @@ -1,83 +0,0 @@ -**NOTE:** All examples in this template reference the rebase from 102.7.0esr to 102.8.0esr - -<details> - <summary>Explanation of Variables</summary> - -- `$(ESR_VERSION)`: the Mozilla defined ESR version, used in various places for building mullvad-browser tags, labels, etc - - **Example**: `102.8.0` -- `$(ESR_TAG)`: the Mozilla defined hg (Mercurial) tag associated with `$(ESR_VERSION)` - - **Example**: `FIREFOX_102_8_0esr_RELEASE` -- `$(BROWSER_MAJOR)`: the browser major version - - **Example**: `12` -- `$(BROWSER_MINOR)`: the browser minor version - - **Example**: either `0` or `5`; Alpha's is always `(Stable + 5) % 10` -- `$(BASE_BROWSER_BRANCH)`: the full name of the current `base-browser` branch - - **Example**: `base-browser-102.8.0esr-12.5-1` -- `$(BASE_BROWSER_BRANCH_PREV)`: the full name of the previous `base-browser` branch - - **Example**: `base-browser-102.7.0esr-12.5-1` -- `$(BASE_BROWSER_BRANCH_TAG)`: the `base-browser` build tag used as base commit for `mullvad-browser` - - **Example**: `base-browser-102.8.0esr-12.5-1-build1` -- `$(BASE_BROWSER_BRANCH_PREV_TAG)`: the `base-browser` build tag used as base commit for the previous `mullvad-browser` - - **Example**: `base-browser-102.7.0esr-12.5-1-build1` -- `$(MULLVAD_BROWSER_BRANCH)`: the full name of the current `mullvad-browser` branch - - **Example**: `mullvad-browser-102.8.0esr-12.5-1` -- `$(MULLVAD_BROWSER_BRANCH_PREV)`: the full name of the previous `mullvad-browser` branch - - **Example**: `mullvad-browser-102.7.0esr-12.5-1` -</details> - -**NOTE:** It is assumed that we've already rebased and tagged `base-browser` alpha and that we've already rebased `mullvad-browser` stable - -### **Bookkeeping** - -- [ ] Link this issue to the appropriate [Release Prep](https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/?s...) issue. - -### Update Branch Protection Rules - -- [ ] In [Repository Settings](https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/settings/re...): - - [ ] Remove previous alpha `mullvad-browser` branch protection rules (this will prevent pushing new changes to the branches being rebased) - - [ ] Create new `mullvad-browser` branch protection rule: - - **Branch**: `mullvad-browser-$(ESR_VERSION)esr-$(BROWSER_MAJOR).$(BROWSER_MINOR)-1*` - - **Example**: `mullvad-browser-102.8.0esr-12.5-1*` - - **Allowed to merge**: `Maintainers` - - **Allowed to push and merge**: `Maintainers` - - **Allowed to force push**: `false` - -### **Create and Push New Branch** - -- [ ] Create new alpha `mullvad-browser` branch from this ESR's alpha `base-browser` tag - - Branch name in the form: `mullvad-browser-$(ESR_VERSION)esr-$(BROWSER_MAJOR).$(BROWSER_MINOR)-1` - - **Example**: `git branch mullvad-browser-102.8.0esr-12.5-1 base-browser-102.8.0esr-12.5-1-build1` -- [ ] Push new `mullvad-browser` branch to `upstream` -- [ ] Push `base-browser` tag to `upstream` - -### **Rebase tor-browser** - -- [ ] Checkout a new local branch for the `mullvad-browser` rebase - - **Example**: `git branch mullvad-browser-rebase upstream/mullvad-browser-102.8.0esr-12.5-1` -- [ ] `mullvad-browser` rebase - - [ ] Cherry-pick the previous `mullvad-browser` branch's commit range up to the last `mullvad-browser` `build1` tag - - **Example**: `git cherry-pick base-browser-102.7.0esr-12.5-1-build1..mullvad-browser-102.7.0esr-12.5-1-build1` - - [ ] Rebase and autosquash these newly cherry-picked commits - - **Example**: `git rebase --autosquash --interactive upstream/mullvad-browser-102.8.0esr-12.5-1` - - [ ] Cherry-pick remainder of patches after the last `mullvad-browser` `buildN` tag - - **Example**: `git cherry-pick mullvad-browser-102.7.0esr-12.5-1-build1..upstream/mulvad-browser-102.7.0esr-12.5-1` - - [ ] Rebase and autosquash again, this time replacing all `fixup` and `squash` commands with `pick`. The goal here is to have all of the `fixup` and `squash` commits beside the commit which they modify, but kept un-squashed for easy debugging/bisecting. - - **Example**: `git rebase --autosquash --interactive upstream/mullvad-browser-102.8.0esr-12.5-1` -- [ ] Compare patch sets to ensure nothing *weird* happened during conflict resolution: - - [ ] diff of diffs: - - Do the diff between `current_patchset.diff` and `rebased_patchset.diff` with your preferred difftool and look at differences on lines that starts with + or - - - `git diff $(BASE_BROWSER_BRANCH_PREV_TAG)..$(MULLVAD_BROWSER_BRANCH_PREV) > current_patchset.diff` - - `git diff $(BASE_BROWSER_BRANCH_TAG)..HEAD > rebased_patchset.diff` - - diff `current_patchset.diff` and `rebased_patchset.diff` - - If everything went correctly, the only lines which should differ should be the lines starting with `index abc123...def456` (unless the previous `base-browser` branch includes changes not included in the previous `mullvad-browser` branch) - - [ ] rangediff: `git range-diff $(BASE_BROWSER_BRANCH_PREV_TAG)..$(MULLVAD_BROWSER_BRANCH_PREV) $(BASE_BROWSER_BRANCH_TAG)..HEAD` - - **Example**: `git range-diff base-browser-102.7.0esr-12.5-1-build1..upstream/mullvad-browser-102.7.0esr-12.5-1 base-browser-102.8.0esr-12.5-1-build1..HEAD` -- [ ] Open MR for the `mullvad-browser` rebase -- [ ] Merge - -### **Sign and Tag** - -- [ ] Sign/Tag `HEAD` of the merged `mullvad-browser` branch: - - **Tag**: `mullvad-browser-$(ESR_VERSION)esr-$(BROWSER_MAJOR).$(BROWSER_MINOR)-1-build1` - - **Message**: `Tagging build1 for $(ESR_VERSION)esr-based stable` - - [ ] Push tag to `upstream`
===================================== .gitlab/issue_templates/Rebase Browser - Stable.md deleted ===================================== @@ -1,84 +0,0 @@ -**NOTE:** All examples in this template reference the rebase from 102.7.0esr to 102.8.0esr - -<details> - <summary>Explanation of Variables</summary> - -- `$(ESR_VERSION)`: the Mozilla defined ESR version, used in various places for building mullvad-browser tags, labels, etc - - **Example**: `102.8.0` -- `$(ESR_TAG)`: the Mozilla defined hg (Mercurial) tag associated with `$(ESR_VERSION)` - - **Example**: `FIREFOX_102_8_0esr_RELEASE` -- `$(BROWSER_MAJOR)`: the browser major version - - **Example**: `12` -- `$(BROWSER_MINOR)`: the browser minor version - - **Example**: either `0` or `5`; Alpha's is always `(Stable + 5) % 10` -- `$(BASE_BROWSER_BRANCH)`: the full name of the current `base-browser` branch - - **Example**: `base-browser-102.8.0esr-12.0-1` -- `$(BASE_BROWSER_BRANCH_PREV)`: the full name of the previous `base-browser` branch - - **Example**: `base-browser-102.7.0esr-12.0-1` -- `$(BASE_BROWSER_BRANCH_TAG)`: the `base-browser` build tag used as base commit for `mullvad-browser` - - **Example**: `base-browser-102.8.0esr-12.0-1-build1` -- `$(BASE_BROWSER_BRANCH_PREV_TAG)`: the `base-browser` build tag used as base commit for the previous `mullvad-browser` - - **Example**: `base-browser-102.7.0esr-12.0-1-build1` -- `$(MULLVAD_BROWSER_BRANCH)`: the full name of the current `mullvad-browser` branch - - **Example**: `mullvad-browser-102.8.0esr-12.0-1` -- `$(MULLVAD_BROWSER_BRANCH_PREV)`: the full name of the previous `mullvad-browser` branch - - **Example**: `mullvad-browser-102.7.0esr-12.0-1` -</details> - -**NOTE:** It is assumed that we've already rebased and tagged `base-browser` stable - -### **Bookkeeping** - -- [ ] Link this issue to the appropriate [Release Prep](https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/?s...) issue. - -### Update Branch Protection Rules - -- [ ] In [Repository Settings](https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/settings/re...): - - [ ] Remove previous stable `mullvad-browser` branch protection rules (this will prevent pushing new changes to the branches being rebased) - - [ ] Create new `mullvad-browser` branch protection rule: - - **Branch**: `mullvad-browser-$(ESR_VERSION)esr-$(BROWSER_MAJOR).$(BROWSER_MINOR)-1*` - - **Example**: `mullvad-browser-102.8.0esr-12.0-1*` - - **Allowed to merge**: `Maintainers` - - **Allowed to push and merge**: `Maintainers` - - **Allowed to force push**: `false` - -### **Create and Push New Branch** - -- [ ] Create new stable `mullvad-browser` branch from this ESR's stable `base-browser` tag - - Branch name in the form: `mullvad-browser-$(ESR_VERSION)esr-$(BROWSER_MAJOR).$(BROWSER_MINOR)-1` - - **Example**: `git branch mullvad-browser-102.8.0esr-12.0-1 base-browser-102.8.0esr-12.0-1-build1` -- [ ] Push new `mullvad-browser` branch to `upstream` -- [ ] Push `base-browser` tag to `upstream` -- [ ] Push `$(ESR_TAG)` to `upstream` - -### **Rebase mullvad-browser** - -- [ ] Checkout a new local branch for the `mullvad-browser` rebase - - **Example**: `git branch mullvad-browser-rebase upstream/mullvad-browser-102.8.0esr-12.0-1` -- [ ] `mullvad-browser` rebase - - [ ] Cherry-pick the previous `mullvad-browser` branch's commit range up to the last `mullvad-browser` `build1` tag - - **Example**: `git cherry-pick base-browser-102.7.0esr-12.0-1-build1..mullvad-browser-102.7.0esr-12.0-1-build1` - - [ ] Rebase and autosquash these newly cherry-picked commits - - **Example**: `git rebase --autosquash --interactive upstream/mullvad-browser-102.8.0esr-12.0-1` - - [ ] Cherry-pick remainder of patches after the last `mullvad-browser` `buildN` tag - - **Example**: `git cherry-pick mullvad-browser-102.7.0esr-12.0-1-build1..upstream/mullvad-browser-102.7.0esr-12.0-1` - - [ ] Rebase and autosquash again, this time replacing all `fixup` and `squash` commands with `pick`. The goal here is to have all of the `fixup` and `squash` commits beside the commit which they modify, but kept un-squashed for easy debugging/bisecting. - - **Example**: `git rebase --autosquash --interactive upstream/mullvad-browser-102.8.0esr-12.0-1` -- [ ] Compare patch sets to ensure nothing *weird* happened during conflict resolution: - - [ ] diff of diffs: - - Do the diff between `current_patchset.diff` and `rebased_patchset.diff` with your preferred difftool and look at differences on lines that starts with + or - - - `git diff $(BASE_BROWSER_BRANCH_PREV_TAG)..$(MULLVAD_BROWSER_BRANCH_PREV) > current_patchset.diff` - - `git diff $(BASE_BROWSER_BRANCH_TAG)..HEAD > rebased_patchset.diff` - - diff `current_patchset.diff` and `rebased_patchset.diff` - - If everything went correctly, the only lines which should differ should be the lines starting with `index abc123...def456` (unless the previous `base-browser` branch includes changes not included in the previous `mullvad-browser` branch) - - [ ] rangediff: `git range-diff $(BASE_BROWSER_BRANCH_PREV_TAG)..$(MULLVAD_BROWSER_BRANCH_PREV) $(BASE_BROWSER_BRANCH_TAG)..HEAD` - - **Example**: `git range-diff base-browser-102.7.0esr-12.0-1-build1..upstream/mullvad-browser-102.7.0esr-12.5-1 base-browser-102.8.0esr-12.5-1-build1..HEAD` -- [ ] Open MR for the `mullvad-browser` rebase -- [ ] Merge - -### **Sign and Tag** - -- [ ] Sign/Tag `HEAD` of the merged `mullvad-browser` branch: - - **Tag**: `mullvad-browser-$(ESR_VERSION)esr-$(BROWSER_MAJOR).$(BROWSER_MINOR)-1-build1` - - **Message**: `Tagging build1 for $(ESR_VERSION)esr-based stable` - - [ ] Push tag to `upstream`
===================================== .gitlab/merge_request_templates/default.md ===================================== @@ -2,18 +2,41 @@
<!-- Bookkeeping information for release management -->
-### Related Issues +### Issues + +#### Resolves +- mullvad-browser#xxxxx - tor-browser#xxxxx +- tor-browser-build#xxxxx + +#### Related + - mullvad-browser#xxxxx +- tor-browser#xxxxx - tor-browser-build#xxxxx
+### Merging + +<!-- This block tells the merger where commits need to be merged and future code archaeologists where commits were *supposed* to be merged --> + +#### Target Branches + +- [ ] **`mullvad-browser`** - `!fixups` to `mullvad-browser`-specific commits, new features, security backports +- [ ] **`base-browser`** *and* **`tor-browser`** - `!fixups` to `base-browser`-specific commits or new features to be shared with `tor-browser` + - ⚠️ **IMPORTANT**: Please list the `base-browser`-specific commits which need to be cherry-picked to the `base-browser` and `tor-browser` branches here + +#### Target Channels + +- [ ] **Alpha**: esr128-14.5 +- [ ] **Stable**: esr128-14.0 + ### Backporting
#### Timeline +- [ ] **No Backport (preferred)**: patchset for the next major stable - [ ] **Immediate**: patchset needed as soon as possible - [ ] **Next Minor Stable Release**: patchset that needs to be verified in nightly before backport - [ ] **Eventually**: patchset that needs to be verified in alpha before backport -- [ ] **No Backport (preferred)**: patchset for the next major stable
#### (Optional) Justification - [ ] **Emergency security update**: patchset fixes CVEs, 0-days, etc @@ -23,11 +46,6 @@ - [ ] **Localization**: typos and other localization changes that should be also in the release branch - [ ] **Other**: please explain
-### Merging -- [ ] Merge to `mullvad-browser` - `!fixups` to `mullvad-browser`-specific commits, new features, security backports -- [ ] Merge to `base-browser` -`!fixups` to `base-browser`-specific commits, new features to be shared with `tor-browser` - - **NOTE**: if your changeset includes patches to both `base-browser` and `mullvad-browser` please clearly label in the change description which commits should be cherry-picked to `base-browser` after merging - ### Issue Tracking - [ ] Link resolved issues with appropriate [Release Prep issue](https://gitlab.torproject.org/groups/tpo/applications/-/issues/?sort=updated...) for changelog generation
@@ -36,7 +54,7 @@ #### Request Reviewer
- [ ] Request review from an applications developer depending on modified system: - - **NOTE**: if the MR modifies multiple areas, please `/cc` all the relevant reviewers (since gitlab only allows 1 reviewer) + - **NOTE**: if the MR modifies multiple areas, please `/cc` all the relevant reviewers (since Gitlab only allows 1 reviewer) - **accessibility** : henry - **android** : clairehurst, dan - **build system** : boklm @@ -44,21 +62,22 @@ - **firefox internals (XUL/JS/XPCOM)** : jwilde, ma1 - **fonts** : pierov - **frontend (implementation)** : henry - - **frontend (review)** : donuts, richard + - **frontend (review)** : donuts, morgan - **localization** : henry, pierov - **macOS** : clairehurst, dan - **nightly builds** : boklm - - **rebases/release-prep** : dan, ma1, pierov, richard + - **rebases/release-prep** : dan, ma1, pierov, morgan - **security** : jwilde, ma1 - - **signing** : boklm, richard + - **signing** : boklm, morgan - **updater** : pierov - - **windows** : jwilde, richard - - **misc/other** : pierov, richard + - **windows** : jwilde, morgan + - **misc/other** : pierov, morgan
#### Change Description
<!-- Whatever context the reviewer needs to effectively review the patchset; if the patch includes UX updates be sure to include screenshots/video of how any new behaviour -->
+ #### How Tested
<!-- Description of steps taken to verify the change -->
View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/compare/b51...