richard pushed to branch tor-browser-102.12.0esr-12.5-1 at The Tor Project / Applications / Tor Browser

Commits:

4 changed files:

Changes:

  • .gitlab/issue_templates/Backport Android Security Fixes.md
    1 1
     <details>
    
    2 2
       <summary>Explanation of Variables</summary>
    
    3
    -- `$(ESR_VERSION)` : the Mozilla defined ESR version, used in various places for building tor-browser tags, labels, etc
    
    4
    -  - example : `102.8.0`
    
    5
    -- `$(RR_VERSION)` : the Mozilla defined Rapid-Release version; Tor Browser for Android is based off of the `$(ESR_VERSION)`, but Mozilla's Firefox for Android is based off of the `$(RR_VERSION)` so we need to keep track of security vulnerabilities to backport from the monthly Rapid-Release train and our frozen ESR train.
    
    6
    -  - example: `110`
    
    7
    -- `$(PROJECT_NAME)` : the name of the browser project, either `base-browser` or `tor-browser`
    
    8
    -- `$(TOR_BROWSER_MAJOR)` : the Tor Browser major version
    
    9
    -  - example : `12`
    
    10
    -- `$(TOR_BROWSER_MINOR)` : the Tor Browser minor version
    
    11
    -  - example : either `0` or `5`; Alpha's is always `(Stable + 5) % 10`
    
    12
    -- `$(BUILD_N)` : a project's build revision within a its branch; many of the Firefox-related projects have a `$(BUILD_N)` suffix and may differ between projects even when they contribute to the same build.
    
    13
    -  - example : `build1`
    
    3
    +
    
    4
    +- `$(ESR_VERSION)`: the Mozilla defined ESR version, used in various places for building tor-browser tags, labels, etc
    
    5
    +  - **Example**: `102.8.0`
    
    6
    +- `$(RR_VERSION)`: the Mozilla defined Rapid-Release version; Tor Browser for Android is based off of the `$(ESR_VERSION)`, but Mozilla's Firefox for Android is based off of the `$(RR_VERSION)` so we need to keep track of security vulnerabilities to backport from the monthly Rapid-Release train and our frozen ESR train.
    
    7
    +  - **Example**: `110`
    
    8
    +- `$(PROJECT_NAME)`: the name of the browser project, either `base-browser` or `tor-browser`
    
    9
    +- `$(TOR_BROWSER_MAJOR)`: the Tor Browser major version
    
    10
    +  - **Example**: `12`
    
    11
    +- `$(TOR_BROWSER_MINOR)`: the Tor Browser minor version
    
    12
    +  - **Example**: either `0` or `5`; Alpha's is always `(Stable + 5) % 10`
    
    13
    +- `$(BUILD_N)`: a project's build revision within a its branch; many of the Firefox-related projects have a `$(BUILD_N)` suffix and may differ between projects even when they contribute to the same build.
    
    14
    +  - **Example**: `build1`
    
    14 15
     </details>
    
    15 16
     
    
    16
    -**NOTE:** It is assumed the `tor-browser` rebase (stable and alpha) has already happened and there exists a `build1` build tags for both `base-browser` and `tor-browser` (stable and alpha)
    
    17
    +**NOTE:** It is assumed the `tor-browser` rebases (stable and alpha) have already happened and there exists a `build1` build tags for both `base-browser` and `tor-browser` (stable and alpha)
    
    17 18
     
    
    18 19
     ### **Bookkeeping**
    
    19 20
     
    
    20 21
     - [ ] Link this issue to the appropriate [Release Prep](https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/?sort=updated_desc&state=opened&label_name%5B%5D=Release%20Prep) issues (stable and alpha).
    
    21 22
     
    
    22
    -### **Security Vulnerabilities Report** : https://www.mozilla.org/en-US/security/advisories/
    
    23
    +### **Security Vulnerabilities Report**: https://www.mozilla.org/en-US/security/advisories/
    
    23 24
     
    
    24 25
     - Potentially Affected Components:
    
    25
    -  - `firefox`/`geckoview` : https://github.com/mozilla/gecko-dev
    
    26
    -  - `application-services` : https://github.com/mozilla/application-services
    
    27
    -  - `android-components` : https://github.com/mozilla-mobile/firefox-android
    
    28
    -  - `fenix` : https://github.com/mozilla-mobile/firefox-android
    
    26
    +  - `firefox`/`geckoview`: https://github.com/mozilla/gecko-dev
    
    27
    +  - `application-services`: https://github.com/mozilla/application-services
    
    28
    +  - `android-components` (ESR 102 only): https://github.com/mozilla-mobile/firefox-android
    
    29
    +  - `fenix` (ESR 102 only): https://github.com/mozilla-mobile/firefox-android
    
    30
    +  - `firefox-android`: https://github.com/mozilla-mobile/firefox-android
    
    29 31
     
    
    30
    -**NOTE:** `android-components` and `fenix` used to have their own repos, but since November 2022 they have converged to a single `firefox-android` repo. Any backports will require manually porting patches over to our legacy repos.
    
    32
    +**NOTE:** `android-components` and `fenix` used to have their own repos, but since November 2022 they have converged to a single `firefox-android` repo. Any backports will require manually porting patches over to our legacy repos until we have transitioned to ESR 115.
    
    31 33
     
    
    32
    -- [ ] Go through any `Security Vulnerabilities fixed in Firefox $(RR_VERSION)` (or similar) and create a candidate list of CVEs which potentially need to be backported in this issue:
    
    34
    +- [ ] Go through the `Security Vulnerabilities fixed in Firefox $(RR_VERSION)` report and create a candidate list of CVEs which potentially need to be backported in this issue:
    
    33 35
       - CVEs which are explicitly labeled as 'Android' only
    
    34 36
       - CVEs which are fixed in Rapid Release but not in ESR
    
    35 37
       - 'Memory safety bugs' fixed in Rapid Release but not in ESR
    
    36 38
     - [ ] Foreach issue:
    
    37 39
       - Create link to the CVE on [mozilla.org](https://www.mozilla.org/en-US/security/advisories/)
    
    38
    -    - example: https://www.mozilla.org/en-US/security/advisories/mfsa2023-05/#CVE-2023-25740
    
    40
    +    - **Example**: https://www.mozilla.org/en-US/security/advisories/mfsa2023-05/#CVE-2023-25740
    
    39 41
       - Create link to the associated Bugzilla issues (found in the CVE description)
    
    40 42
       - Create links to the relevant `gecko-dev`/other commit hashes which need to be backported OR a brief justification for why the fix does not need to be backported
    
    41 43
         - To find the `gecko-dev` version of a `mozilla-central`, search for a unique string in the relevant `mozilla-central` commit message in the `gecko-dev/release` branch log.
    
    ... ... @@ -46,13 +48,13 @@
    46 48
     <!-- CVE Resolution Template, foreach CVE to investigate add an entry in the form:
    
    47 49
     - [ ] https://www.mozilla.org/en-US/security/advisories/mfsaYYYY-NN/#CVE-YYYY-XXXXX // CVE description
    
    48 50
       - https://bugzilla.mozilla.org/show_bug.cgi?id=NNNNNN // Bugzilla issue
    
    49
    -  - **Note** : Any relevant info about this fix, justification for why it is not necessary, etc
    
    51
    +  - **Note**: Any relevant info about this fix, justification for why it is not necessary, etc
    
    50 52
       - **Patches**
    
    51
    -    - firefox-android : https://link.to/relevant/patch
    
    52
    -    - firefox : https://link.to/relevant/patch
    
    53
    +    - firefox-android: https://link.to/relevant/patch
    
    54
    +    - firefox: https://link.to/relevant/patch
    
    53 55
      -->
    
    54 56
     
    
    55
    -### **tor-browser** : https://gitlab.torproject.org/tpo/applications/tor-browser.git
    
    57
    +### **tor-browser**: https://gitlab.torproject.org/tpo/applications/tor-browser.git
    
    56 58
     - [ ] Backport any Android-specific security fixes from Firefox rapid-release
    
    57 59
       - [ ] Backport patches to `tor-browser` stable branch
    
    58 60
       - [ ] Open MR
    
    ... ... @@ -62,33 +64,34 @@
    62 64
         - [ ] `tor-browser` alpha
    
    63 65
         - [ ] `base-browser` alpha
    
    64 66
       - [ ] Sign/Tag commits:
    
    65
    -    - Tag : `$(PROJECT_NAME)-$(ESR_VERSION)-$(TOR_BROWSER_MAJOR).$(TOR_BROWSER_MINOR)-1-$(BUILD_N)`
    
    66
    -    - Message: `Tagging $(BUILD_N) for $(ESR_VERSION)-based alpha)`
    
    67
    +    - **Tag**: `$(PROJECT_NAME)-$(ESR_VERSION)-$(TOR_BROWSER_MAJOR).$(TOR_BROWSER_MINOR)-1-$(BUILD_N)`
    
    68
    +    - **Message**: `Tagging $(BUILD_N) for $(ESR_VERSION)-based stable|alpha)`
    
    67 69
         - [ ] `base-browser` stable
    
    68 70
         - [ ] `tor-browser` stable
    
    69 71
         - [ ] `base-browser` alpha
    
    70 72
         - [ ] `tor-browser` alpha
    
    71
    -  - [ ] Push tags to `origin`
    
    72
    -**OR**
    
    73
    +  - [ ] Push tags to `upstream`
    
    74
    +- **OR**
    
    73 75
     - [ ] No backports
    
    74 76
     
    
    75
    -### **application-services** : *TODO: we will need to setup a gitlab copy of this repo that we can apply security backports to if there are ever any security issues here*
    
    77
    +### **application-services**: https://gitlab.torproject.org/tpo/applications/application-services
    
    78
    +- **NOTE**: we will need to setup a gitlab copy of this repo and update `tor-browser-build` before we can apply security backports here
    
    76 79
     - [ ] Backport any Android-specific security fixes from Firefox rapid-release
    
    77 80
       - [ ] Backport patches to `application-services` stable branch
    
    78 81
       - [ ] Open MR
    
    79 82
       - [ ] Merge
    
    80 83
       - [ ] Rebase patches onto `application-services` alpha
    
    81 84
       - [ ] Sign/Tag commits:
    
    82
    -    - Tag : `application-services-$(ESR_VERSION)-$(TOR_BROWSER_MAJOR).$(TOR_BROWSER_MINOR)-1-$(BUILD_N)`
    
    83
    -    - Message: `Tagging $(BUILD_N) for $(ESR_VERSION)-based alpha`
    
    85
    +    - **Tag**: `application-services-$(ESR_VERSION)-$(TOR_BROWSER_MAJOR).$(TOR_BROWSER_MINOR)-1-$(BUILD_N)`
    
    86
    +    - **Message**: `Tagging $(BUILD_N) for $(ESR_VERSION)-based stable|alpha`
    
    84 87
         - [ ] `application-services` stable
    
    85 88
         - [ ] `application-services` alpha
    
    86
    -  - [ ] Push tags to `origin`
    
    87
    -  **OR**
    
    89
    +  - [ ] Push tags to `upstream`
    
    90
    +- **OR**
    
    88 91
     - [ ] No backports
    
    89 92
     
    
    90 93
     
    
    91
    -### **android-components** : https://gitlab.torproject.org/tpo/applications/android-components.git
    
    94
    +### **android-components (Optional, ESR 102)**: https://gitlab.torproject.org/tpo/applications/android-components.git
    
    92 95
     - [ ] Backport any Android-specific security fixes from Firefox rapid-release
    
    93 96
       - **NOTE**: Since November 2022, this repo has been merged with `fenix` into a singular `firefox-android` repo: https://github.com/mozilla-mobile/firefox-android. Any backport will require a patch rewrite to apply to our legacy `android-components` project.
    
    94 97
       - [ ] Backport patches to `android-components` stable branch
    
    ... ... @@ -96,16 +99,16 @@
    96 99
       - [ ] Merge
    
    97 100
       - [ ] Rebase patches onto `android-components` alpha
    
    98 101
       - [ ] Sign/Tag commits:
    
    99
    -    - Tag : `android-components-$(ESR_VERSION)-$(TOR_BROWSER_MAJOR).$(TOR_BROWSER_MINOR)-1-$(BUILD_N)`
    
    100
    -    - Message: `Tagging $(BUILD_N) for $(ESR_VERSION)-based alpha)`
    
    102
    +    - **Tag**: `android-components-$(ESR_VERSION)-$(TOR_BROWSER_MAJOR).$(TOR_BROWSER_MINOR)-1-$(BUILD_N)`
    
    103
    +    - **Message**: `Tagging $(BUILD_N) for $(ESR_VERSION)-based stable|alpha)`
    
    101 104
         - [ ] `android-components` stable
    
    102 105
         - [ ] `android-components` alpha
    
    103
    -  - [ ] Push tags to `origin`
    
    104
    -**OR**
    
    106
    +  - [ ] Push tags to `upstream`
    
    107
    +- **OR**
    
    105 108
     - [ ] No backports
    
    106 109
     
    
    107 110
     
    
    108
    -### **fenix** : https://gitlab.torproject.org/tpo/applications/fenix.git
    
    111
    +### **fenix (Optional, ESR 102)**: https://gitlab.torproject.org/tpo/applications/fenix.git
    
    109 112
     - [ ] Backport any Android-specific security fixes from Firefox rapid-release
    
    110 113
       - **NOTE**: Since February 2023, this repo has been merged with `android-components` into a singular `firefox-android` repo: https://github.com/mozilla-mobile/firefox-android. Any backport will require a patch rewrite to apply to our legacy `fenix` project.
    
    111 114
       - [ ] Backport patches to `fenix` stable branch
    
    ... ... @@ -113,12 +116,27 @@
    113 116
       - [ ] Merge
    
    114 117
       - [ ] Rebase patches onto `fenix` alpha
    
    115 118
       - [ ] Sign/Tag commits:
    
    116
    -    - Tag : `tor-browser-$(ESR_VERSION)-$(TOR_BROWSER_MAJOR).$(TOR_BROWSER_MINOR)-1-$(BUILD_N)`
    
    117
    -    - Message: `Tagging $(BUILD_N) for $(ESR_VERSION)-based alpha)`
    
    119
    +    - **Tag**: `tor-browser-$(ESR_VERSION)-$(TOR_BROWSER_MAJOR).$(TOR_BROWSER_MINOR)-1-$(BUILD_N)`
    
    120
    +    - **Message**: `Tagging $(BUILD_N) for $(ESR_VERSION)-based stable|alpha)`
    
    118 121
         - [ ] `fenix` stable
    
    119 122
         - [ ] `fenix` alpha
    
    120
    -  - [ ] Push tags to `origin`
    
    121
    -**OR**
    
    123
    +  - [ ] Push tags to `upstream`
    
    124
    +- **OR**
    
    125
    +- [ ] No backports
    
    126
    +
    
    127
    +### **firefox-android**: https://gitlab.torproject.org/tpo/applications/firefox-android
    
    128
    +- [ ] Backport any Android-specific security fixes from Firefox rapid-release
    
    129
    +  - [ ] Backport patches to `firefox-android` stable branch
    
    130
    +  - [ ] Open MR
    
    131
    +  - [ ] Merge
    
    132
    +  - [ ] Rebase patches onto `fenix` alpha
    
    133
    +  - [ ] Sign/Tag commits:
    
    134
    +    - **Tag**: `firefox-android-$(ESR_VERSION)-$(TOR_BROWSER_MAJOR).$(TOR_BROWSER_MINOR)-1-$(BUILD_N)`
    
    135
    +    - **Message**: `Tagging $(BUILD_N) for $(ESR_VERSION)-based stable|alpha)`
    
    136
    +    - [ ] `firefox-android` stable
    
    137
    +    - [ ] `firefox-android` alpha
    
    138
    +  - [ ] Push tags to `upstream`
    
    139
    +- **OR**
    
    122 140
     - [ ] No backports
    
    123 141
     
    
    124 142
     /confidential

  • .gitlab/issue_templates/Rebase Browser - Alpha.md
    1
    -**NOTE:** All examples reference the rebase from 102.7.0esr to 102.8.0esr
    
    1
    +**NOTE:** All examples in this template reference the rebase from 102.7.0esr to 102.8.0esr
    
    2 2
     
    
    3 3
     <details>
    
    4 4
       <summary>Explanation of Variables</summary>
    
    5
    -- `$(ESR_VERSION)` : the Mozilla defined ESR version, used in various places for building tor-browser tags, labels, etc
    
    6
    -  - example : `102.8.0`
    
    7
    -- `$(ESR_TAG)` : the Mozilla defined hg (Mercurial) tag associated with `$(ESR_VERSION)`
    
    8
    -  - example : `FIREFOX_102_8_0esr_RELEASE`
    
    9
    -- `$(ESR_TAG_PREV)` : the Mozilla defined hg (Mercurial) tag associated with the previous ESR version when rebasing (ie, the ESR version we are rebasing from)
    
    10
    -- `$(BROWSER_MAJOR)` : the browser major version
    
    11
    -  - example : `12`
    
    12
    -- `$(BROWSER_MINOR)` : the browser minor version
    
    13
    -  - example : either `0` or `5`; Alpha's is always `(Stable + 5) % 10`
    
    14
    -- `$(BASE_BROWSER_BRANCH)` : the full name of the current `base-browser` branch
    
    15
    -  - example: `base-browser-102.8.0esr-12.5-1`
    
    16
    -- `$(BASE_BROWSER_BRANCH_PREV)` : the full name of the previous `base-browser` branch
    
    17
    -  - example: `base-browser-102.7.0esr-12.5-1`
    
    18
    -- `$(TOR_BROWSER_BRANCH)` : the full name of the current `tor-browser` branch
    
    19
    -  - example: `tor-browser-102.8.0esr-12.5-1`
    
    20
    -- `$(TOR_BROWSER_BRANCH_PREV)` : the full name of the previous `tor-browser` branch
    
    21
    -  - example: `tor-browser-102.7.0esr-12.5-1`
    
    5
    +
    
    6
    +- `$(ESR_VERSION)`: the Mozilla defined ESR version, used in various places for building tor-browser tags, labels, etc
    
    7
    +  - **Example**: `102.8.0`
    
    8
    +- `$(ESR_TAG)`: the Mozilla defined hg (Mercurial) tag associated with `$(ESR_VERSION)`
    
    9
    +  - **Example**: `FIREFOX_102_8_0esr_RELEASE`
    
    10
    +- `$(ESR_TAG_PREV)`: the Mozilla defined hg (Mercurial) tag associated with the previous ESR version when rebasing (ie, the ESR version we are rebasing from)
    
    11
    +  - **Example**: `FIREFOX_102_7_0esr_BUILD1`
    
    12
    +- `$(BROWSER_MAJOR)`: the browser major version
    
    13
    +  - **Example**: `12`
    
    14
    +- `$(BROWSER_MINOR)`: the browser minor version
    
    15
    +  - **Example**: either `0` or `5`; Alpha's is always `(Stable + 5) % 10`
    
    16
    +- `$(BASE_BROWSER_BRANCH)`: the full name of the current `base-browser` branch
    
    17
    +  - **Example**: `base-browser-102.8.0esr-12.5-1`
    
    18
    +- `$(BASE_BROWSER_BRANCH_PREV)`: the full name of the previous `base-browser` branch
    
    19
    +  - **Example**: `base-browser-102.7.0esr-12.5-1`
    
    20
    +- `$(TOR_BROWSER_BRANCH)`: the full name of the current `tor-browser` branch
    
    21
    +  - **Example**: `tor-browser-102.8.0esr-12.5-1`
    
    22
    +- `$(TOR_BROWSER_BRANCH_PREV)`: the full name of the previous `tor-browser` branch
    
    23
    +  - **Example**: `tor-browser-102.7.0esr-12.5-1`
    
    22 24
     </details>
    
    23 25
     
    
    24
    -**NOTE:** It is assumed that we've already identified the new esr branch during the tor-browser stable rebase
    
    26
    +**NOTE:** It is assumed that we've already identified the new ESR branch during the tor-browser stable rebase
    
    25 27
     
    
    26 28
     ### **Bookkeeping**
    
    27 29
     
    
    ... ... @@ -33,7 +35,7 @@
    33 35
       - [ ] Remove previous alpha `base-browser` and `tor-browser` branch protection rules (this will prevent pushing new changes to the branches being rebased)
    
    34 36
       - [ ] Create new `base-browser` and `tor-browser` branch protection rule:
    
    35 37
         - **Branch**: `*-$(ESR_VERSION)esr-$(BROWSER_MAJOR).$(BROWSER_MINOR)-1*`
    
    36
    -      - example: `*-102.8.0esr-12.5-1*`
    
    38
    +      - **Example**: `*-102.8.0esr-12.5-1*`
    
    37 39
         - **Allowed to merge**: `Maintainers`
    
    38 40
         - **Allowed to push and merge**: `Maintainers`
    
    39 41
         - **Allowed to force push**: `false`
    
    ... ... @@ -41,23 +43,36 @@
    41 43
     ### **Create New Branches**
    
    42 44
     
    
    43 45
     - [ ] Create new alpha `base-browser` branch from Firefox mercurial tag (found during the stable rebase)
    
    44
    -  - branch name in the form: `base-browser-$(ESR_VERSION)esr-$(BROWSER_MAJOR).$(BROWSER_MINOR)-1`
    
    45
    -  - example: `base-browser-102.8.0esr-12.5-1`
    
    46
    +  - Branch name in the form: `base-browser-$(ESR_VERSION)esr-$(BROWSER_MAJOR).$(BROWSER_MINOR)-1`
    
    47
    +  - **Example**: `base-browser-102.8.0esr-12.5-1`
    
    46 48
     - [ ] Create new alpha `tor-browser` branch from Firefox mercurial tag
    
    47
    -  - branch name in the form: `tor-browser-$(ESR_VERSION)esr-$(BROWSER_MAJOR).$(BROWSER_MINOR)-1`
    
    48
    -  - example: `tor-browser-102.8.0esr-12.5-1`
    
    49
    -- [ ] Push new `base-browser` branch to `origin`
    
    50
    -- [ ] Push new `tor-browser` branch to `origin`
    
    49
    +  - Branch name in the form: `tor-browser-$(ESR_VERSION)esr-$(BROWSER_MAJOR).$(BROWSER_MINOR)-1`
    
    50
    +  - **Example**: `tor-browser-102.8.0esr-12.5-1`
    
    51
    +- [ ] Push new `base-browser` branch to `upstream`
    
    52
    +- [ ] Push new `tor-browser` branch to `upstream`
    
    53
    +
    
    54
    +### **Rebase tor-browser**
    
    51 55
     
    
    52
    -### **Rebase base-browser**
    
    56
    +- [ ] Checkout a new local branch for the `tor-browser` rebase
    
    57
    +  - **Example**: `git branch tor-browser-rebase FIREFOX_102_8_0esr_BUILD1`
    
    58
    +- [ ] **(Optional)** `base-browser` rebase and autosquash
    
    59
    +  - **NOTE** This step may be skipped if the `HEAD` of the previous `base-browser` branch is a `-buildN` tag
    
    60
    +  - [ ] Cherry-pick the previous `base-browser` commits up to `base-browser`'s `buildN` tag onto new `base-browser` rebase branch
    
    61
    +    - **Example**: `git cherry-pick FIREFOX_102_7_0esr_BUILD1..base-browser-102.7.0esr-12.5-1-build1`
    
    62
    +  - [ ] Rebase and autosquash these cherry-picked commits
    
    63
    +    - **Example**: `git rebase --autosquash --interactive FIREFOX_102_8_0esr_BUILD1 HEAD`
    
    64
    +  - [ ] Cherry-pick remainder of patches after the `buildN` tag
    
    65
    +    - **Example**: `git cherry-pick base-browser-102.7.0esr-12.5-1-build1..upstream/base-browser-102.7.0esr-12.5-1`
    
    53 66
     
    
    54
    -- [ ] Checkout a new local branch for the `base-browser` rebase
    
    55
    -  - example: `git branch base-browser-rebase FIREFOX_102_8_0esr_BUILD1`
    
    56
    -- [ ] Cherry-pick the previous `base-browser` commits up to `base-browser`'s `build1` tag onto new `base-browser` rebase branch
    
    57
    -  - example: `git cherry-pick FIREFOX_102_7_0esr_BUILD1..base-browser-102.7.0esr-12.5-1-build1`
    
    58
    -- [ ] Rebase and autosquash these cherry-picked commits
    
    59
    -  - example: `git rebase --autosquash --interactive FIREFOX_102_8_0esr_BUILD1 HEAD`
    
    67
    +- [ ] `tor-browser` rebase and autosquash
    
    68
    +  - [ ] Note the current git hash of `HEAD` for `tor-browser` rebase+autosquash step: `git rev-parse HEAD`
    
    69
    +  - [ ] Cherry-pick the appropriate previous `tor-browser` branch's commit range up to the last `tor-browser` `buildN` tag
    
    70
    +    - **Example**: `git cherry-pick base-browser-102.7.0esr-12.5-1-build1..tor-browser-102.7.0esr-12.5-1-build1`
    
    71
    +    - **Example (if separate base-browser rebase was skipped)**: `git cherry-pick FIREFOX_102_7_0esr_BUILD1..tor-browser-102.7.0esr-12.5-1-build1`
    
    72
    +  - [ ] Rebase and autosquash  **ONLY** these newly cherry-picked commits using the commit noted previously: `git rebase --autosquash --interactive $(PREV_HEAD)`
    
    73
    +     - **Example**: `git rebase --autosquash --interactive FIREFOX_102_8_0esr_RELEASE`
    
    60 74
       - [ ] **(Optional)** Patch reordering
    
    75
    +    - **NOTE**: We typically want to do this after new features or bug fix commits which are not !fixups to an existing commit have been merged and are just sitting at the end of the commit history
    
    61 76
         - Relocate new `base-browser` patches in the patch-set to enforce this rough thematic ordering:
    
    62 77
           - **MOZILLA BACKPORTS** - official Firefox patches we have backported to our ESR branch: Android-specific security updates, critical bug fixes, worthwhile features, etc
    
    63 78
           - **MOZILLA REVERTS** - revert commits of official Firefox patches
    
    ... ... @@ -66,34 +81,7 @@
    66 81
           - **BROWSER CONFIGURATION** - branding, mozconfigs, preference overrides, etc
    
    67 82
           - **SECURITY PATCHES** - security improvements, hardening, etc
    
    68 83
           - **PRIVACY PATCHES** - fingerprinting, linkability, proxy bypass, etc
    
    69
    -      - **FEATURES** - new functionality: updater, UX, letterboxing, security level, add-on integration, etc
    
    70
    -- [ ] Cherry-pick remainder of patches after the `build1` tag
    
    71
    -  - example: `git cherry-pick base-browser-102.7.0esr-12.5-1-build1 origin/base-browser-102.7.0esr-12.5-1`
    
    72
    -- [ ] Compare patch sets to ensure nothing *weird* happened during conflict resolution:
    
    73
    -  - [ ] diff of diffs:
    
    74
    -    -  Do the diff between `current_patchset.diff` and `rebased_patchset.diff` with your preferred difftool and look at differences on lines that starts with + or -
    
    75
    -    - `git diff $(ESR_TAG_PREV)..$(BASE_BROWSER_BRANCH_PREV) > current_patchset.diff`
    
    76
    -    - `git diff $(ESR_TAG)..$(BASE_BROWSER_BRANCH) > rebased_patchset.diff`
    
    77
    -    - diff `current_patchset.diff` and `rebased_patchset.diff`
    
    78
    -      - If everything went correctly, the only lines which should differ should be the lines starting with `index abc123...def456`
    
    79
    -  - [ ] rangediff: `git range-diff $(ESR_TAG_PREV)..$(BASE_BROWSER_BRANCH_PREV) $(ESR_TAG)..HEAD`
    
    80
    -    - example: `git range-dif FIREFOX_102_7_0esr_BUILD1..origin/base-browser-102.7.0esr-12.5-1 FIREFOX_102_8_0esr_BUILD1..HEAD`
    
    81
    -- [ ] Open MR for the `base-browser` rebase
    
    82
    -- [ ] Merge
    
    83
    -- [ ] Sign/Tag HEAD of the merged new `base-browser` branch:
    
    84
    -  - Tag : `base-browser-$(ESR_VERSION)esr-$(BROWSER_MAJOR).$(BROWSER_MINOR)-1-build1`
    
    85
    -  - Message : `Tagging build1 for $(ESR_VERSION)esr-based alpha`
    
    86
    -- [ ] Push tag to `origin`
    
    87
    -
    
    88
    -### **Rebase tor-browser**
    
    89
    -
    
    90
    -- [ ] Checkout a new branch for the `tor-browser` rebase starting from the `base-browser` `build1` tag
    
    91
    -  - example: `git branch tor-browser-rebase base-browser-102.8.0esr-12.5-1-build1`
    
    92
    -- [ ] Cherry-pick the previous `tor-browser` commits from `base-browser`'s previous `build1` tag up to `tor-browser`'s newest `buildN` tag (not necessarily `build1` if we have multiple build tags)
    
    93
    -  - example: `git cherry-pick base-browser-102.7.0esr-12.5-1-build1..tor-browser-102.7.0esr-12.5-1-build1`
    
    94
    -- [ ] Rebase and autosquash these cherry-picked commits (from the last new `base-browser` commit to `HEAD`)
    
    95
    -  - example: `git rebase --autosquash --interactive base-browser-102.8.0esr-12.5-1-build1 HEAD`
    
    96
    -  - [ ] **(Optional)** Patch reordering
    
    84
    +      - **FEATURES** - new functionality: updater, UX, letterboxing, security level, add-on
    
    97 85
         - Relocate new `tor-browser` patches in the patch-set to enforce this rough thematic ordering:
    
    98 86
           - **BUILD CONFIGURATION** - tools/scripts, gitlab templates, etc
    
    99 87
           - **BROWSER CONFIGURATION** - branding, mozconfigs, preference overrides, etc
    
    ... ... @@ -105,11 +93,10 @@
    105 93
           - **TOR SECURITY PATCHES** - tor-specific security improvements
    
    106 94
           - **TOR PRIVACY PATCHES** - tor-specific privacy improvements
    
    107 95
           - **TOR FEATURES** - new tor-specific functionality: manual, onion-location, onion service client auth, etc
    
    108
    -- [ ] Cherry-pick remainder of patches after the last `buildN` tag
    
    109
    -  - example: `git cherry-pick base-browser-102.7.0esr-12.5-1-build1..origin/tor-browser-102.7.0esr-12.5-1`
    
    110
    -- [ ] Rebase and autosquash again (from the last new `base-browser` commit to `HEAD`), this time replacing all `fixup` and `squash` commands with `pick`. The goal here is to have all of the `fixup` and `squash` commits beside the commit which they modify.
    
    111
    -  - example: `git rebase --autosquash --interactive base-browser-102.8.0esr-12.5-1-build1 HEAD`
    
    112
    -  - **NOTE**: Do not allow `fixup` or `squash` commands here!
    
    96
    +  - [ ] Cherry-pick remainder of patches after the last `tor-browser` `buildN` tag
    
    97
    +    - **Example**: `git cherry-pick tor-browser-102.7.0esr-12.5-1-build1..upstream/tor-browser-102.7.0esr-12.5-1`
    
    98
    +  - [ ] Rebase and autosquash again, this time replacing all `fixup` and `squash` commands with `pick`. The goal here is to have all of the `fixup` and `squash` commits beside the commit which they modify, but kept un-squashed for easy debugging/bisecting.
    
    99
    +    - **Example**: `git rebase --autosquash --interactive FIREFOX_102_8_0esr_RELEASE`
    
    113 100
     - [ ] Compare patch sets to ensure nothing *weird* happened during conflict resolution:
    
    114 101
       - [ ] diff of diffs:
    
    115 102
         -  Do the diff between `current_patchset.diff` and `rebased_patchset.diff` with your preferred difftool and look at differences on lines that starts with + or -
    
    ... ... @@ -118,11 +105,20 @@
    118 105
         - diff `current_patchset.diff` and `rebased_patchset.diff`
    
    119 106
           - If everything went correctly, the only lines which should differ should be the lines starting with `index abc123...def456` (unless the previous `base-browser` branch includes changes not included in the previous `tor-browser` branch)
    
    120 107
       - [ ] rangediff: `git range-diff $(ESR_TAG_PREV)..$(TOR_BROWSER_BRANCH_PREV) $(ESR_TAG)..HEAD`
    
    121
    -    - example: `git range-dif FIREFOX_102_7_0esr_BUILD1..origin/tor-browser-102.7.0esr-12.5-1 FIREFOX_102_8_0esr_BUILD1..HEAD`
    
    108
    +    - **Example**: `git range-dif FIREFOX_102_7_0esr_BUILD1..upstream/tor-browser-102.7.0esr-12.5-1 FIREFOX_102_8_0esr_BUILD1..HEAD`
    
    122 109
     - [ ] Open MR for the `tor-browser` rebase
    
    123 110
     - [ ] Merge
    
    124
    -- [ ] Sign/Tag HEAD of the merged new `tor-browser` branch:
    
    125
    -  - Tag : `tor-browser-$(ESR_VERSION)esr-$(BROWSER_MAJOR).$(BROWSER_MINOR)-1-build1`
    
    126
    -  - Message : `Tagging build1 for $(ESR_VERSION)esr-based alpha`
    
    127
    -- [ ] Push tag to `origin`
    
    111
    +- Update and push `base-browser` branch
    
    112
    +  - [ ] Reset the new `base-browser` branch to the appropriate commit in this new `tor-browser` branch
    
    113
    +  - [ ] Push these commits to `upstream`
    
    114
    +
    
    115
    +### **Sign and Tag**
    
    128 116
     
    
    117
    +- [ ] Sign/Tag `HEAD` of the merged `tor-browser` branch:
    
    118
    +  - **Tag**: `tor-browser-$(ESR_VERSION)esr-$(BROWSER_MAJOR).$(BROWSER_MINOR)-1-build1`
    
    119
    +  - **Message**: `Tagging build1 for $(ESR_VERSION)esr-based alpha`
    
    120
    +  - [ ] Push tag to `upstream`
    
    121
    +- [ ] Sign/Tag HEAD of the merged `base-browser` branch:
    
    122
    +  - **Tag**: `base-browser-$(ESR_VERSION)esr-$(BROWSER_MAJOR).$(BROWSER_MINOR)-1-build1`
    
    123
    +  - **Message**: `Tagging build1 for $(ESR_VERSION)esr-based alpha`
    
    124
    +  - [ ] Push tag to `upstream`

  • .gitlab/issue_templates/Rebase Browser - Stable.md
    1
    -**NOTE:** All examples reference the rebase from 102.7.0esr to 102.8.0esr
    
    1
    +**NOTE:** All examples in this template reference the rebase from 102.7.0esr to 102.8.0esr
    
    2 2
     
    
    3 3
     <details>
    
    4
    -  <summary>Explanation of variables</summary>
    
    5
    -- `$(ESR_VERSION)` : the Mozilla defined ESR version, used in various places for building tor-browser tags, labels, etc
    
    6
    -  - example : `102.8.0`
    
    7
    -- `$(ESR_TAG)` : the Mozilla defined hg (Mercurial) tag associated with `$(ESR_VERSION)`
    
    8
    -  - example : `FIREFOX_102_8_0esr_RELEASE`
    
    9
    -- `$(ESR_TAG_PREV)` : the Mozilla defined hg (Mercurial) tag associated with the previous ESR version when rebasing (ie, the ESR version we are rebasing from)
    
    10
    -- `$(BROWSER_MAJOR)` : the browser major version
    
    11
    -  - example : `12`
    
    12
    -- `$(BROWSER_MINOR)` : the browser minor version
    
    13
    -  - example : either `0` or `5`; Alpha's is always `(Stable + 5) % 10`
    
    14
    -- `$(BASE_BROWSER_BRANCH)` : the full name of the current `base-browser` branch
    
    15
    -  - example: `base-browser-102.8.0esr-12.0-1`
    
    16
    -- `$(BASE_BROWSER_BRANCH_PREV)` : the full name of the previous `base-browser` branch
    
    17
    -  - example: `base-browser-102.7.0esr-12.0-1`
    
    18
    -- `$(TOR_BROWSER_BRANCH)` : the full name of the current `tor-browser` branch
    
    19
    -  - example: `tor-browser-102.8.0esr-12.0-1`
    
    20
    -- `$(TOR_BROWSER_BRANCH_PREV)` : the full name of the previous `tor-browser` branch
    
    21
    -  - example: `tor-browser-102.7.0esr-12.0-1`
    
    4
    +  <summary>Explanation of Variables</summary>
    
    5
    +
    
    6
    +- `$(ESR_VERSION)`: the Mozilla defined ESR version, used in various places for building tor-browser tags, labels, etc
    
    7
    +  - **Example**: `102.8.0`
    
    8
    +- `$(ESR_TAG)`: the Mozilla defined hg (Mercurial) tag associated with `$(ESR_VERSION)`
    
    9
    +  - **Example**: `FIREFOX_102_8_0esr_RELEASE`
    
    10
    +- `$(ESR_TAG_PREV)`: the Mozilla defined hg (Mercurial) tag associated with the previous ESR version when rebasing (ie, the ESR version we are rebasing from)
    
    11
    +  - **Example**: `FIREFOX_102_7_0esr_BUILD1`
    
    12
    +- `$(BROWSER_MAJOR)`: the browser major version
    
    13
    +  - **Example**: `12`
    
    14
    +- `$(BROWSER_MINOR)`: the browser minor version
    
    15
    +  - **Example**: either `0` or `5`; Alpha's is always `(Stable + 5) % 10`
    
    16
    +- `$(BASE_BROWSER_BRANCH)`: the full name of the current `base-browser` branch
    
    17
    +  - **Example**: `base-browser-102.8.0esr-12.0-1`
    
    18
    +- `$(BASE_BROWSER_BRANCH_PREV)`: the full name of the previous `base-browser` branch
    
    19
    +  - **Example**: `base-browser-102.7.0esr-12.0-1`
    
    20
    +- `$(TOR_BROWSER_BRANCH)`: the full name of the current `tor-browser` branch
    
    21
    +  - **Example**: `tor-browser-102.8.0esr-12.0-1`
    
    22
    +- `$(TOR_BROWSER_BRANCH_PREV)`: the full name of the previous `tor-browser` branch
    
    23
    +  - **Example**: `tor-browser-102.7.0esr-12.0-1`
    
    22 24
     </details>
    
    23 25
     
    
    24 26
     ### **Bookkeeping**
    
    ... ... @@ -31,69 +33,55 @@
    31 33
       - [ ] Remove previous stable `base-browser` and `tor-browser` branch protection rules (this will prevent pushing new changes to the branches being rebased)
    
    32 34
       - [ ] Create new `base-browser` and `tor-browser` branch protection rule:
    
    33 35
         - **Branch**: `*-$(ESR_VERSION)esr-$(BROWSER_MAJOR).$(BROWSER_MINOR)-1*`
    
    34
    -      - example: `*-102.8.0esr-12.0-1*`
    
    36
    +      - **Example**: `*-102.8.0esr-12.0-1*`
    
    35 37
         - **Allowed to merge**: `Maintainers`
    
    36 38
         - **Allowed to push and merge**: `Maintainers`
    
    37 39
         - **Allowed to force push**: `false`
    
    38 40
     
    
    39 41
     ### **Identify the Firefox Tagged Commit and Create New Branches**
    
    40 42
     
    
    41
    -- [ ] Find the Firefox mercurial tag here : https://hg.mozilla.org/releases/mozilla-esr102/tags
    
    42
    -   - example: `FIREFOX_102_8_0esr_BUILD1`
    
    43
    -- [ ] Find the analogous `gecko-dev` commit : https://github.com/mozilla/gecko-dev
    
    44
    -  - Search for unique string found in the mercurial commit in the `gecko-dev/esr102` branch
    
    45
    -  - example: 3a3a96c9eedd02296d6652dd50314fccbc5c4845
    
    43
    +- [ ] Find the Firefox mercurial tag here: https://hg.mozilla.org/releases/mozilla-esr102/tags
    
    44
    +   - **Example**: `FIREFOX_102_8_0esr_BUILD1`
    
    45
    +- [ ] Find the analogous `gecko-dev` commit: https://github.com/mozilla/gecko-dev
    
    46
    +  - **Tip**: Search for unique string (like the Differential Revision ID) found in the mercurial commit in the `gecko-dev/esr102` branch to find the equivalent commit
    
    47
    +  - **Example**: `3a3a96c9eedd02296d6652dd50314fccbc5c4845`
    
    46 48
     - [ ] Sign and Tag `gecko-dev` commit
    
    47 49
       - Sign/Tag `gecko-dev` commit :
    
    48
    -    - Tag : `$(ESR_TAG)`
    
    49
    -    - Message : `Hg tag $(ESR_TAG)`
    
    50
    +    - **Tag**: `$(ESR_TAG)`
    
    51
    +    - **Message**: `Hg tag $(ESR_TAG)`
    
    50 52
     - [ ] Create new stable `base-browser` branch from tag
    
    51
    -  - branch name in the form: `base-browser-$(ESR_VERSION)esr-$(BROWSER_MAJOR).$(BROWSER_MINOR)-1`
    
    52
    -  - example: `base-browser-102.8.0esr-12.0-1`
    
    53
    +  - Branch name in the form: `base-browser-$(ESR_VERSION)esr-$(BROWSER_MAJOR).$(BROWSER_MINOR)-1`
    
    54
    +  - **Example**: `base-browser-102.8.0esr-12.0-1`
    
    53 55
     - [ ] Create new stable `tor-browser` branch from
    
    54
    -  - branch name in the form: `tor-browser-$(ESR_VERSION)esr-$(BROWSER_MAJOR).$(BROWSER_MINOR)-1`
    
    55
    -  - example: `tor-browser-102.8.0esr-12.0-1`
    
    56
    -- [ ] Push new `base-browser` branch to `origin`
    
    57
    -- [ ] Push new `tor-browser` branch to `origin`
    
    58
    -- [ ] Push new `$(ESR_TAG)` to `origin`
    
    59
    -
    
    60
    -### **Rebase base-browser**
    
    61
    -
    
    62
    -- [ ] Checkout a new local branch for the `base-browser` rebase
    
    63
    -  - example: `git branch base-browser-rebase FIREFOX_102_8_0esr_BUILD1`
    
    64
    -- [ ] Cherry-pick the previous `base-browser` commits up to `base-browser`'s `build1` tag onto new `base-browser` rebase branch
    
    65
    -  - example: `git cherry-pick FIREFOX_102_7_0esr_BUILD1..base-browser-102.7.0esr-12.0-1-build1`
    
    66
    -- [ ] Rebase and autosquash these cherry-picked commits
    
    67
    -  - example: `git rebase --autosquash --interactive FIREFOX_102_8_0esr_BUILD1 HEAD`
    
    68
    -- [ ] Cherry-pick remainder of patches after the `build1` tag
    
    69
    -  - example: `git cherry-pick base-browser-102.7.0esr-12.0-1-build1 origin/base-browser-102.7.0esr-12.0-1`
    
    70
    -- [ ] Compare patch sets to ensure nothing *weird* happened during conflict resolution:
    
    71
    -  - [ ] diff of diffs:
    
    72
    -    -  Do the diff between `current_patchset.diff` and `rebased_patchset.diff` with your preferred difftool and look at differences on lines that starts with + or -
    
    73
    -    - `git diff $(ESR_TAG_PREV)..$(BASE_BROWSER_BRANCH_PREV) > current_patchset.diff`
    
    74
    -    - `git diff $(ESR_TAG)..$(BASE_BROWSER_BRANCH) > rebased_patchset.diff`
    
    75
    -    - diff `current_patchset.diff` and `rebased_patchset.diff`
    
    76
    -      - If everything went correctly, the only lines which should differ should be the lines starting with `index abc123...def456`
    
    77
    -  - [ ] rangediff: `git range-diff $(ESR_TAG_PREV)..$(BASE_BROWSER_BRANCH_PREV) $(ESR_TAG)..HEAD`
    
    78
    -    - example: `git range-dif FIREFOX_102_7_0esr_BUILD1..origin/base-browser-102.7.0esr-12.0-1 FIREFOX_102_8_0esr_BUILD1..HEAD`
    
    79
    -- [ ] Open MR for the `base-browser` rebase
    
    80
    -- [ ] Merge
    
    81
    -- [ ] Sign/Tag HEAD of the merged new `base-browser` branch:
    
    82
    -  - Tag : `base-browser-$(ESR_VERSION)esr-$(BROWSER_MAJOR).$(BROWSER_MINOR)-1-build1`
    
    83
    -  - Message : `Tagging build1 for $(ESR_VERSION)esr-based stable`
    
    84
    -- [ ] Push tag to `origin`
    
    85
    -
    
    56
    +  - Branch name in the form: `tor-browser-$(ESR_VERSION)esr-$(BROWSER_MAJOR).$(BROWSER_MINOR)-1`
    
    57
    +  - **Example**: `tor-browser-102.8.0esr-12.0-1`
    
    58
    +- [ ] Push new `base-browser` branch to `upstream`
    
    59
    +- [ ] Push new `tor-browser` branch to `upstream`
    
    60
    +- [ ] Push new `$(ESR_TAG)` to `upstream`
    
    86 61
     
    
    87 62
     ### **Rebase tor-browser**
    
    88 63
     
    
    89
    -- [ ] Checkout a new branch for the `tor-browser` rebase starting from the `base-browser` `build1` tag
    
    90
    -  - example: `git branch tor-browser-rebase base-browser-102.8.0esr-12.0-1-build1`
    
    91
    -- [ ] Cherry-pick the previous `tor-browser` commits from `base-browser`'s previous `build1` tag up to `tor-browser`'s newest `buildN` tag (not necessarily `build1` if we have multiple build tags)
    
    92
    -  - example: `git cherry-pick base-browser-102.7.0esr-12.0-1-build1..tor-browser-102.7.0esr-12.0-1-build1`
    
    93
    -- [ ] Rebase and autosquash these cherry-picked commits (from the last new `base-browser` commit to `HEAD`)
    
    94
    -  - example: `git rebase --autosquash --interactive base-browser-102.8.0esr-12.0-1-build1 HEAD`
    
    95
    -- [ ] Cherry-pick remainder of patches after the last `buildN` tag
    
    96
    -  - example: `git cherry-pick base-browser-102.7.0esr-12.0-1-build1..origin/tor-browser-102.7.0esr-12.0-1`
    
    64
    +- [ ] Checkout a new local branch for the `tor-browser` rebase
    
    65
    +  - **Example**: `git branch tor-browser-rebase FIREFOX_102_8_0esr_BUILD1`
    
    66
    +- [ ] **(Optional)** `base-browser` rebase
    
    67
    +  - **NOTE** This step may be skipped if the `HEAD` of the previous `base-browser` branch is a `-buildN` tag
    
    68
    +  - [ ] Cherry-pick the previous `base-browser` commits up to `base-browser`'s `buildN` tag onto new `base-browser` rebase branch
    
    69
    +    - **Example**: `git cherry-pick FIREFOX_102_7_0esr_BUILD1..base-browser-102.7.0esr-12.0-1-build1`
    
    70
    +  - [ ] Rebase and autosquash these cherry-picked commits
    
    71
    +    - **Example**: `git rebase --autosquash --interactive FIREFOX_102_8_0esr_BUILD1 HEAD`
    
    72
    +  - [ ] Cherry-pick remainder of patches after the `buildN` tag
    
    73
    +    - **Example**: `git cherry-pick base-browser-102.7.0esr-12.0-1-build1..upstream/base-browser-102.7.0esr-12.0-1`
    
    74
    +- [ ] `tor-browser` rebase
    
    75
    +  - [ ] Note the current git hash of `HEAD` for `tor-browser` rebase+autosquash step: `git rev-parse HEAD`
    
    76
    +  - [ ] Cherry-pick the appropriate previous `tor-browser` branch's commit range up to the last `tor-browser` `buildN` tag
    
    77
    +    - **Example**: `git cherry-pick base-browser-102.7.0esr-12.0-1-build1..tor-browser-102.7.0esr-12.0-1-build1`
    
    78
    +    - **Example (if separate base-browser rebase was skipped)**: `git cherry-pick FIREFOX_102_7_0esr_BUILD1..tor-browser-102.7.0esr-12.0-1-build1`
    
    79
    +  - [ ] Rebase and autosquash these newly cherry-picked commits: `git rebase --autosquash --interactive $(PREV_HEAD)`
    
    80
    +     - **Example**: `git rebase --autosquash --interactive FIREFOX_102_8_0esr_RELEASE`
    
    81
    +  - [ ] Cherry-pick remainder of patches after the last `tor-browser` `buildN` tag
    
    82
    +    - **Example**: `git cherry-pick tor-browser-102.7.0esr-12.0-1-build1..upstream/tor-browser-102.7.0esr-12.0-1`
    
    83
    +  - [ ] Rebase and autosquash again, this time replacing all `fixup` and `squash` commands with `pick`. The goal here is to have all of the `fixup` and `squash` commits beside the commit which they modify, but kept un-squashed for easy debugging/bisecting.
    
    84
    +    - **Example**: `git rebase --autosquash --interactive FIREFOX_102_8_0esr_RELEASE`
    
    97 85
     - [ ] Compare patch sets to ensure nothing *weird* happened during conflict resolution:
    
    98 86
       - [ ] diff of diffs:
    
    99 87
         -  Do the diff between `current_patchset.diff` and `rebased_patchset.diff` with your preferred difftool and look at differences on lines that starts with + or -
    
    ... ... @@ -102,10 +90,20 @@
    102 90
         - diff `current_patchset.diff` and `rebased_patchset.diff`
    
    103 91
           - If everything went correctly, the only lines which should differ should be the lines starting with `index abc123...def456` (unless the previous `base-browser` branch includes changes not included in the previous `tor-browser` branch)
    
    104 92
       - [ ] rangediff: `git range-diff $(ESR_TAG_PREV)..$(TOR_BROWSER_BRANCH_PREV) $(ESR_TAG)..HEAD`
    
    105
    -    - example: `git range-dif FIREFOX_102_7_0esr_BUILD1..origin/tor-browser-102.7.0esr-12.0-1 FIREFOX_102_8_0esr_BUILD1..HEAD`
    
    93
    +    - **Example**: `git range-dif FIREFOX_102_7_0esr_BUILD1..upstream/tor-browser-102.7.0esr-12.0-1 FIREFOX_102_8_0esr_BUILD1..HEAD`
    
    106 94
     - [ ] Open MR for the `tor-browser` rebase
    
    107 95
     - [ ] Merge
    
    108
    -- [ ] Sign/Tag HEAD of the merged new `tor-browser` branch:
    
    109
    -  - Tag : `tor-browser-$(ESR_VERSION)esr-$(BROWSER_MAJOR).$(BROWSER_MINOR)-1-build1`
    
    110
    -  - Message : `Tagging build1 for $(ESR_VERSION)esr-based stable`
    
    111
    -- [ ] Push tag to `origin`
    96
    +- Update and push `base-browser` branch
    
    97
    +  - [ ] Reset the new `base-browser` branch to the appropriate commit in this new `tor-browser` branch
    
    98
    +  - [ ] Push these commits to `upstream`
    
    99
    +
    
    100
    +### **Sign and Tag**
    
    101
    +
    
    102
    +- [ ] Sign/Tag `HEAD` of the merged `tor-browser` branch:
    
    103
    +  - **Tag**: `tor-browser-$(ESR_VERSION)esr-$(BROWSER_MAJOR).$(BROWSER_MINOR)-1-build1`
    
    104
    +  - **Message**: `Tagging build1 for $(ESR_VERSION)esr-based stable`
    
    105
    +  - [ ] Push tag to `upstream`
    
    106
    +- [ ] Sign/Tag HEAD of the merged `base-browser` branch:
    
    107
    +  - **Tag**: `base-browser-$(ESR_VERSION)esr-$(BROWSER_MAJOR).$(BROWSER_MINOR)-1-build1`
    
    108
    +  - **Message**: `Tagging build1 for $(ESR_VERSION)esr-based stable`
    
    109
    +  - [ ] Push tag to `upstream`

  • .gitlab/merge_request_templates/default.md
    ... ... @@ -2,23 +2,34 @@
    2 2
     
    
    3 3
     <!-- Bookkeeping information for release management -->
    
    4 4
     
    
    5
    -- ### Related Issues
    
    6
    -  - tor-browser#xxxxx
    
    7
    -  - tor-browser-build#xxxxx
    
    8
    -  - etc
    
    9
    -
    
    10
    -- ### Backport Timeline
    
    11
    -  - [ ] **Immediate** - patchsets for critical bug fixes or other major blocker (e.g. fixes for a 0-day exploit) OR patchsets with trivial changes which do not need testing (e.g. fixes for typos or fixes easily verified in a local developer build)
    
    12
    -  - [ ] **Next Minor Stable Release** - patchset that needs to be verified in nightly before backport
    
    13
    -  - [ ] **Eventually** - patchset that needs to be verified in alpha before backport
    
    14
    -  - [ ] **No Backport** - patchset for the next major stable
    
    15
    -
    
    16
    -- ### Upstream Merging
    
    17
    -  - [ ] Merge to `base-browser` - typically for `!fixups` to patches in the `base-browser` branch, though sometimes new patches as well
    
    18
    -    - **NOTE**: if your changeset includes patches to both `base-browser` and `tor-browser` please please make separate merge requests for each part
    
    19
    -
    
    20
    -- ### Issue Tracking
    
    21
    -  - [ ] Link resolved issues with appropriate [Release Prep issue](https://gitlab.torproject.org/groups/tpo/applications/-/issues/?sort=updated_desc&state=opened&label_name%5B%5D=Release%20Prep&first_page_size=20) for changelog generation
    
    5
    +### Related Issues
    
    6
    +- tor-browser#xxxxx
    
    7
    +- mullvad-browser#xxxxx
    
    8
    +- tor-browser-build#xxxxx
    
    9
    +
    
    10
    +### Backporting
    
    11
    +
    
    12
    +#### Timeline
    
    13
    +- [ ] **Immediate**: patchset needed as soon as possible
    
    14
    +- [ ] **Next Minor Stable Release**: patchset that needs to be verified in nightly before backport
    
    15
    +- [ ] **Eventually**: patchset that needs to be verified in alpha before backport
    
    16
    +- [ ] **No Backport (preferred)**: patchset for the next major stable
    
    17
    +
    
    18
    +#### (Optional) Justification
    
    19
    +- [ ] **Emergency security update**: patchset fixes CVEs, 0-days, etc
    
    20
    +- [ ] **Censorship event**: patchset enables censorship circumvention
    
    21
    +- [ ] **Critical bug-fix**: patchset fixes a bug in core-functionality
    
    22
    +- [ ] **Consistency**: patchset which would make development easier if it were in both the alpha and release branches; developer tools, build system changes, etc
    
    23
    +- [ ] **Sponsor required**: patchset required for sponsor
    
    24
    +- [ ] **Other**: please explain
    
    25
    +
    
    26
    +### Merging
    
    27
    +- [ ] Merge to `tor-browser` - `!fixups` to `tor-browser`-specific commits, new features, security backports
    
    28
    +- [ ] Merge to `base-browser` -`!fixups` to `base-browser`-specific commits, new features to be shared with `mullvad-browser`, and security backports
    
    29
    +  - **NOTE**: if your changeset includes patches to both `base-browser` and `tor-browser` please clearly label in the change description which commits should be cherry-picked to `base-browser` after merging
    
    30
    +
    
    31
    +### Issue Tracking
    
    32
    +- [ ] Link resolved issues with appropriate [Release Prep issue](https://gitlab.torproject.org/groups/tpo/applications/-/issues/?sort=updated_desc&state=opened&label_name%5B%5D=Release%20Prep&first_page_size=20) for changelog generation
    
    22 33
     
    
    23 34
     ## Change Description
    
    24 35