morgan pushed to branch mullvad-browser-128.9.0esr-14.5-1 at The Tor Project / Applications / Mullvad Browser

Commits: 75f63014 by Morgan at 2025-04-16T15:29:13+00:00 fixup! MB 188: Customize Gitlab Issue and Merge templates

revert

- - - - - 976a2fce by Morgan at 2025-04-16T15:29:13+00:00 fixup! Adding issue and merge request templates

revert

- - - - - d300a9f9 by Morgan at 2025-04-17T15:37:08+00:00 BB 43615: Add Gitlab Issue and Merge Request templates

- - - - - 1ee9b56c by Morgan at 2025-04-17T15:37:08+00:00 fixup! BB 43615: Add Gitlab Issue and Merge Request templates

add new and modify existing shared Tor/Mullvad browser templates

- - - - - 1daa5b6c by Morgan at 2025-04-17T15:46:45+00:00 fixup! MB 188: Customize Gitlab Issue and Merge templates

- - - - -

16 changed files:

- + .gitlab/issue_templates/000 Bug Report.md - + .gitlab/issue_templates/010 Proposal.md - + .gitlab/issue_templates/020 Web Compatibility.md - + .gitlab/issue_templates/030 Test.md - + .gitlab/issue_templates/040 Feature.md - .gitlab/issue_templates/Backport.md → .gitlab/issue_templates/050 Backport.md - .gitlab/issue_templates/Rebase Browser - Alpha.md → .gitlab/issue_templates/060 Rebase - Alpha.md - .gitlab/issue_templates/Rebase Browser - Stable.md → .gitlab/issue_templates/061 Rebase - Stable.md - .gitlab/issue_templates/Rebase Browser - Rapid.md → .gitlab/issue_templates/063 Rebase - Rapid.md - .gitlab/issue_templates/Emergency Security Issue.md → .gitlab/issue_templates/090 Emergency Security Issue.md - + .gitlab/issue_templates/Default.md - − .gitlab/issue_templates/QA - Android.md - − .gitlab/issue_templates/QA - Desktop.md - − .gitlab/issue_templates/Uplift.md - − .gitlab/issue_templates/bug.md - .gitlab/merge_request_templates/default.md → .gitlab/merge_request_templates/Default.md

Changes:

===================================== .gitlab/issue_templates/000 Bug Report.md ===================================== @@ -0,0 +1,117 @@ +# 🐞 Bug Report +<!-- +Use this template to report problems with the browser which are unrelated to +website functionality (please use the Web Compatibility template for such issues). +The issue's title MUST provide a succinct description of the problem. + +Some good (hypothetical) titles: +- Browser crashes when visiting example.com in Safer mode +- Letterboxing appears even when disabled when using tiling window-manager +- All fonts in browser-chrome have serifs + +Please DO NOT include information about platform in the title, it is redundant +with our labeling system! +--> + +## Reproduction steps +<!-- +Provide specific steps developers can follow to reproduce your issue. +--> + +## Expected behaviour +<!-- +Provide a description of the browser feature or scenario which does not appear +to be working. +--> + +## Actual behaviour +<!-- +Provide a description of what actually occurs. +--> + +## Bookkeeping +<!-- +Please provide the following information: +--> + +- Browser version: +- Browser channel: + - [ ] Release + - [ ] Alpha + - [ ] Nightly +- Distribution method: + - [ ] Installer/archive from mullvad.net + - [ ] homebrew + - [ ] other (please specify): +- Operating System: + - [ ] Windows + - [ ] macOS + - [ ] Linux + - [ ] Other (please specify): +- Operating System Version: + +### Browser UI language +<!-- +Found in `about:preferences#general`. +Feel free to omit this if you like, but sometimes bugs can be language specific so having +this info may make it easier for developers to reproduce your problem. +--> + +### Have you modified any of the settings in `about:preferences` or `about:config`? If yes, which ones? +<!-- +If you changed any preference in about:config that aren't exposed in a UI, +could you try to see if you can reproduce without them? Generally speaking, such +changes are unsupported and bugs might be closed as invalid. +--> + +### Do you have any extra extensions installed? +<!-- e.g. Firefox Multi-Account Containers, uBlock Origin, etc --> + +## Troubleshooting +<!-- +This is optional, but it will help to resolve your problem. +--> + +### Does this bug occur in a fresh installation? + +### Is this bug new? If it is a regression, in which version of the browser did this bug first appear? +<!-- +Archived packages for past versions can be found here: +- https://archive.torproject.org/tor-package-archive +--> + +### Does this bug occur in the Alpha release channel? +<!-- +Sometimes bugs are fixed in the Alpha (development) channel but not in the Stable channel. +⚠️ However, the Alpha release channel is the development version and as such may be contain +critical bugs not present in the Stable release channel. + +The latest Alpha can be found here: +- https://github.com/mullvad/mullvad-browser/releases?q=prerelease%3Atrue +--> + +### Does this bug occur in Firefox ESR (Desktop only)? +<!-- +Tor Browser is based on Firefox ESR, so any bugs present in this upstream project will likely +also be present in Tor Browser. +Firefox ESR is available for download here: +- https://www.mozilla.org/en-US/firefox/all/desktop-esr/ +--> + +### Does this bug occur in Firefox Rapid Release? +<!-- +If the issue occurs in Firefox ESR, but does not occur in Firefox Rapid Release, we may be able +to identify and backport the patch which fixes it. + +Firefox Rapid Release is available for download here: +- https://www.mozilla.org/en-US/firefox/new/ + +If the issue has been fixed in Firefox, do you know the Bugzilla issue number associated with the fix? +--> + +<!-- Do not edit beneath this line <3 --> + +--- + +/label ~"Apps::Product::MullvadBrowser" +/label ~"Apps::Type::Bug"

===================================== .gitlab/issue_templates/010 Proposal.md ===================================== @@ -0,0 +1,72 @@ +# 💡 Proposal +<!-- +Use this template to request a feature or propose some change in the browser. +The issue will likely be edited many times over its life to flesh out the various +questions, so if you don't know the answers to something, jut leave it blank! + +The issue's title MUST provide a succinct description of proposal. + +Some good (hypothetical) titles: +- Remove 'Safer' option from Security Level +- Bundle uBlock Origin by default +- Replace NoScript with faith-based JavaScript sand-boxing +--> + +## User Story +<!-- +Provide a high-level summary of the proposed feature, the problem it solves, and +what it would allow users to do if implemented. --> + +## Security and Privacy Implications +<!-- +How would this proposal interact with our the browser's threat model? +Would this feature negatively affect the browser's security or privacy +guarantees? +--> + +### Security +<!-- +TODO: Mullvad Browser's threat model is somehow less restrictive than Tor Browser's, but currently undefined +Outline any security implications this feature would introduce. The browser's +security requirements can be found in our threat model document here: +- https://gitlab.torproject.org/tpo/applications/wiki/-/wikis/Design-Documents/Tor-Browser-Design-Doc#21-security-requirements +--> + +### Privacy +<!-- +TODO: Mullvad Browser's threat model is somehow less restrictive than Tor Browser's, but currently undefined +Outline any privacy implications this feature would introduce. The browser's +privacy requirements can be found in our threat model document here: +- https://gitlab.torproject.org/tpo/applications/wiki/-/wikis/Design-Documents/Tor-Browser-Design-Doc#22-privacy-requirements +--> + +## Accessibility Implications +<!-- +Would this proposal affect or interact with the browser's usability for users +with accessibility needs (e.g. vision or mobility issues). What problems would need +to be solved to ensure these users are not left behind? +--> + +## Other Trade-Offs +<!-- +Beyond the security, privacy and accessibility implications, what other implications +are there for users? +--> + +## Prior Art + +### Does this feature exist in other browsers? +- [ ] Yes + - [ ] Firefox + - [ ] Firefox ESR + - [ ] Other (please specify) +- [ ] No + +### Does this feature exist as an extension? If yes, which one provides this functionality? + +<!-- Do not edit beneath this line <3 --> + +--- + +/label ~"Apps::Product::MullvadBrowser" +/label ~"Apps::Type::Proposal"

===================================== .gitlab/issue_templates/020 Web Compatibility.md ===================================== @@ -0,0 +1,108 @@ +# 🌍 Web Compatibility +<!-- +Use this template to report websites which do not work properly in the browser. +The issue's title MUST provide a succinct description of the problem. + +Some good (hypothetical) titles: +- Road signs do not render correctly on maps.foo.com +- Infinite CAPTCHA prompts on bar.nat +- Cannot login to baz.org +--> + +## URL +<!-- Provide a link to the website --> + +## Expected behaviour +<!-- +Provide a description of the how the website is supposed to work +--> + +## Actual behaviour +<!-- +Provide a description of what actually occurs +--> + +## Reproduction steps +<!-- +Provide specific steps developers can follow to reproduce your issue +--> + +## Bookkeeping +<!-- +Please provide the following information: +--> + +- Browser version: +- Browser channel: + - [ ] Release + - [ ] Alpha + - [ ] Nightly +- Distribution method: + - [ ] Installer/archive from mullvad.net + - [ ] homebrew + - [ ] other (please specify): +- Operating System: + - [ ] Windows + - [ ] macOS + - [ ] Linux + - [ ] Other (please specify): +- Operating System Version: + +### Have you modified any of the settings in `about:preferences` or `about:config`? If yes, which ones? +<!-- +If you changed any preference in about:config that aren't exposed in a UI, +could you try to see if you can reproduce without them? Generally speaking, such +changes are unsupported and bugs might be closed as invalid. +--> + +### Do you have any extra extensions installed? +<!-- e.g. Firefox Multi-Account Containers, uBlock Origin, etc --> + +## Troubleshooting +<!-- +This is optional, but it will help to resolve your problem. +--> + +### Does this bug occur in a fresh installation? + +### Is this bug new? If it is a regression, in which version of the browser did this bug first appear? +<!-- +Archived packages for past versions can be found here: +- https://archive.torproject.org/tor-package-archive +--> + +### Does this bug occur in the Alpha release channel? +<!-- +Sometimes bugs are fixed in the Alpha (development) channel but not in the Stable channel. +⚠️ However, the Alpha release channel is the development version and as such may be contain +critical bugs not present in the Stable release channel. + +The latest Alpha can be found here: +- https://github.com/mullvad/mullvad-browser/releases?q=prerelease%3Atrue +--> + +### Does this bug occur in Firefox ESR (Desktop only)? +<!-- +Tor Browser is based on Firefox ESR, so any bugs present in this upstream project will likely +also be present in Tor Browser. +Firefox ESR is available for download here: +- https://www.mozilla.org/en-US/firefox/all/desktop-esr/ +--> + +### Does this bug occur in Firefox Rapid Release? +<!-- +If the issue occurs in Firefox ESR, but does not occur in Firefox Rapid Release, we may be able +to identify and backport the patch which fixes it. + +Firefox Rapid Release is available for download here: +- https://www.mozilla.org/en-US/firefox/new/ + +If the issue has been fixed in Firefox, do you know the Bugzilla issue number associated with the fix? +--> + +<!-- Do not edit beneath this line <3 --> + +--- + +/label ~"Apps::Product::MullvadBrowser" +/label ~"Apps::Type::WebCompatibility"

===================================== .gitlab/issue_templates/030 Test.md ===================================== @@ -0,0 +1,29 @@ +# 💣 Test +<!-- +Use this template to track testing of some feature. Please +try to make the title a good one-liner for the changelogs! + +Some good (hypothetical) titles: +- Add test exercising new circuit button +- Add tests for verifying built-in bridge connectivity +- Develop a mock Lox authority for automated testing +--> + +## Description +<!-- +Provide an overview of the technical/implementation aspects of this +test work a developer would need to know +--> + +## Scenarios +<!-- +Provide a list of high-level classes of desired test-cases +and the expected behaviour of each +--> + +<!-- Do not edit beneath this line <3 --> + +--- + +/label ~"Apps::Product::MullvadBrowser" +/label ~"Apps::Type::Test"

===================================== .gitlab/issue_templates/040 Feature.md ===================================== @@ -0,0 +1,32 @@ +# ✨ Feature +<!-- +Use this template to track implementation of some feature. Please +try to make the title a good one-liner for the changelogs! + +Some good (hypothetical) titles: +- Bundle AwesomeFont Sans Font +- Implement new user on-boarding UX +- Publish Linux aarch64 alpha builds +--> + +## Description +<!-- +Provide an overview of the technical/implementation aspects of this feature +--> + +## Bookkeeping + +### Proposal +<!-- Add links to associated proposal issues (or delete block) --> +- mullvad-browser#123 + +### Design +<!-- Add links to associated design issues (or delete block) --> +- tpo/UX/Design#123 + +<!-- Do not edit beneath this line <3 --> + +--- + +/label ~"Apps::Product::MullvadBrowser" +/label ~"Apps::Type::Feature"

===================================== .gitlab/issue_templates/Backport.md → .gitlab/issue_templates/050 Backport.md ===================================== @@ -1,30 +1,39 @@ +# ⬅️ Backport Patchset <!-- -Title: - Backport mullvad-browser#123: Title of Issue - Backport Bugzilla 1234567: Title of Issue +This is an issue for tracking back-porting a patch-set (e.g. from Alpha to Stable or from +Mozilla Rapid-Release to Alpha).

-This is an issue for tracking back-porting a patch-set (e.g. from Alpha to Stable or from Mozilla Rapid-Release to Alpha) ---> +please ensure the title has the following format: + +- Backport tor-browser#12345: Title of original issue +- Backport Bugzilla 1234567: Title of original issue

-## Backport Patchset +-->

-### Book-keeping +## Bookkeeping

-#### Gitlab Issue(s) +### Issue(s) - tor-browser#12345 - mullvad-browser#123 - https://bugzilla.mozilla.org/show_bug.cgi?id=1234567

-#### Merge Request(s) -- mullvad-browser!123 +### Merge Request(s) +- tor-browser!123

-#### Target Channels +### Target Channels

- [ ] Alpha - [ ] Stable +- [ ] Legacy

-### Notes +## Notes

<!-- whatever additional info, context, etc that would be helpful for backporting -->

+ +<!-- Do not edit beneath this line <3 --> + +--- + +/label ~"Apps::Product::TorBrowser" /label ~"Apps::Type::Backport"

===================================== .gitlab/issue_templates/Rebase Browser - Alpha.md → .gitlab/issue_templates/060 Rebase - Alpha.md ===================================== @@ -1,3 +1,5 @@ +# ⤵️ Rebase Alpha + **NOTE:** All examples in this template reference the rebase from 102.7.0esr to 102.8.0esr

<details> @@ -85,4 +87,10 @@ ``` - [ ] Push tag to `upstream`

+<!-- Do not edit beneath this line <3 --> + +--- + +/label ~"Apps::Product::MullvadBrowser" /label ~"Apps::Type::Rebase" +/label ~"Apps::Priority::Blocker"

===================================== .gitlab/issue_templates/Rebase Browser - Stable.md → .gitlab/issue_templates/061 Rebase - Stable.md ===================================== @@ -1,3 +1,4 @@ +# ⤵️ Rebase Stable **NOTE:** All examples in this template reference the rebase from 102.7.0esr to 102.8.0esr

<details> @@ -86,4 +87,10 @@ ``` - [ ] Push tag to `upstream`

+<!-- Do not edit beneath this line <3 --> + +--- + +/label ~"Apps::Product::MullvadBrowser" /label ~"Apps::Type::Rebase" +/label ~"Apps::Priority::Blocker"

===================================== .gitlab/issue_templates/Rebase Browser - Rapid.md → .gitlab/issue_templates/063 Rebase - Rapid.md ===================================== @@ -1,3 +1,5 @@ +# ⤵️ Rebase Rapid + **NOTE**: All examples in this template reference the rebase from Firefox 129.0a1 to 130.0a1, see the tor-browser `Rebase Browser - Rapid.md` template for further info

<details> @@ -82,4 +84,10 @@ ``` - [ ] Push tag to `upstream`

+<!-- Do not edit beneath this line <3 --> + +--- + +/label ~"Apps::Product::MullvadBrowser" /label ~"Apps::Type::Rebase" +/label ~"Apps::Priority::High"

===================================== .gitlab/issue_templates/Emergency Security Issue.md → .gitlab/issue_templates/090 Emergency Security Issue.md ===================================== @@ -1,15 +1,15 @@ +# 🚨 Emergency Security Issue + **NOTE** This is an issue template to standardise our process for responding to and fixing critical security and privacy vulnerabilities, exploits, etc.

## Information

### Related Issue -- tor-browser#AAAAA - mullvad-browser#BBBBB - tor-browser-build#CCCCC

#### Affected Platforms

-- [ ] Android - [ ] Desktop - [ ] Windows - [ ] macOS @@ -18,7 +18,9 @@ ### Type of Issue: What are we dealing with?

- [ ] Security (sandbox escape, remote code execution, etc) -- [ ] Cross-Site Linkability (correlating sessions across websites) +- [ ] Proxy Bypass (traffic contents becoming MITM'able) +- [ ] De-Anonymization (otherwise identifying which website a user is visiting) +- [ ] Cross-Site Linkability (correlating sessions across circuits and websites) - [ ] Disk Leak (persisting session information to disk) - [ ] Other (please explain)

@@ -29,16 +31,17 @@ - [ ] **clairehurst** : Android, macOS - [ ] **dan** : Android, macOS - [ ] **henry** : accessibility, frontend, localisation + - [ ] **jwilde** : windows, firefox internals - [ ] **ma1** : firefox internals - [ ] **pierov** : updater, fonts, localisation, general - - [ ] **richard** : signing, release + - [ ] **morgan** : signing, release - [ ] **thorin** : fingerprinting - [ ] Other Engineering Teams - [ ] UX (**donuts**) - [ ] TPA (**anarcat**, **lavamind**) - [ ] External Tor Partners - - [ ] Mozilla (**tjr**) - - [ ] Mullvad (**ruihildt**) + - [ ] Mozilla + - [ ] Mullvad - [ ] Other (please list)

### Urgency: When do we need to act? @@ -65,7 +68,6 @@ Sometimes fixes have side-effects: users lose their data, roadmaps need to be ad

- [ ] Start an initial email thread with the following people: - [ ] **bella** - - [ ] **ruihildt**, **support@mullvadvpn.net** - [ ] Relevant Applications Developers - [ ] **(Optional)** **micah** - if there are considerations or asks outside the Applications Team @@ -74,12 +76,20 @@ Sometimes fixes have side-effects: users lose their data, roadmaps need to be ad - [ ] **(Optional)** **gazebook** - if there are consequences to the organisation or partners beyond a browser update, then a communication plan may be needed

+Godspeed! :pray: + +<!-- Do not edit beneath this line <3 --> + +--- + /cc @bella /cc @ma1 /cc @micah -/cc @richard +/cc @morgan /cc @ruihildt

/confidential

-Godspeed! :pray: +/label ~"Apps::Product::MullvadBrowser" +/label ~"Apps::Type::Bug" +/label ~"Apps::Priority::Blocker"

===================================== .gitlab/issue_templates/Default.md ===================================== @@ -0,0 +1,19 @@ +# Open a new Issue + +Please select the appropriate issue template from the **Description** drop-down. + +--- + +- 🐞 **Bug Report** - report a problem with the browser +- 💡 **Proposal** - suggest a new feature +- 🌐 **Web Compatibility** - report a broken website + +*NOTE*: the following issue types are intended for internal use + +- 💣 **Test** - develop a test or update testing infrastructure +- ✨ **Feature** - implement new features +- ⬅️ **Backport** - cherry-pick change to other release channels +- ⤵️ **Rebase - Alpha** - rebase alpha to latest Firefox ESR version +- ⤵️ **Rebase - Stable** - rebase stable to latest Firefox ESR version +- ⤵️ **Rebase - Rapid** - rebase rapid to latest Firefox Nightly version +- 🚨 **Emergency Security Issue** - manage fixing and publishing a critical security fix

===================================== .gitlab/issue_templates/QA - Android.md deleted ===================================== @@ -1,71 +0,0 @@ -Manual QA test check-list for major android releases. Please copy/paste form into your own comment, fill out relevant info and run through the checklist! -<details> - <summary>Tor Browser Android QA Checklist</summary> -```markdown -# System Information - -- Version: Tor Browser XXX -- OS: Android YYY -- Device + CPU Architecture: ZZZ - -# Features - -## Base functionality -- [ ] Tor Browser launches successfully -- [ ] Connects to the Tor network -- [ ] Localisation (Browser chrome) - - [ ] Check especially the recently added strings -- [ ] Toolbars and menus work -- [ ] Fingerprinting resistance: https://arkenfox.github.io/TZP/tzp.html -- [ ] Security level (Standard, Safer, Safest) - - **TODO**: test pages verifying correct behaviour - -## Proxy safety -- [ ] Tor exit test: https://check.torproject.org -- [ ] Circuit isolation - - Following websites should all report different IP addresses - - https://ifconfig.io - - https://myip.wtf - - https://wtfismyip.com -- [ ] DNS leaks: https://dnsleaktest.com - -## Connectivity + Anti-Censorship -- [ ] Bridges: - - Bootstrap - - Browse: https://check.torproject.org - - [ ] Default bridges: - - [ ] obfs4 - - [ ] meek - - [ ] snowflake - - [ ] User provided bridges: - - [ ] obfs4 from https://bridges.torproject.org - - [ ] webtunnel from https://bridges.torproject.org - - [ ] conjure from [gitlab](https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/conju...) - -## Web Browsing -- [ ] HTTPS-Only: http://http.badssl.com -- [ ] .onion: - - [ ] torproject.org onion: http://2gzyxa5ihm7nsggfxnu52rck2vv4rvmdlkiu3zzui5du4xyclen53wid.onion/ - - [ ] Onion service errors - - [ ] invalid onion: http://invalid.onion - - [ ] onion offline: http://wfdn32ds656ycma5gvrh7duvdvxbg2ygzr3no3ijsya25qm6nnko4iqd.onion/ - - [ ] onion baddssl: https://gitlab.torproject.org/tpo/applications/team/-/wikis/Development-Info... - - **TODO** all the identity block states - - **TODO** client auth -- [ ] **TODO**: .securedrop.tor.onion -- [ ] **TODO**: onion-service alt-svc -- [ ] HTML5 Video: https://tekeye.uk/html/html5-video-test-page - - [ ] MPEG4 - - [ ] WebM - - [ ] Ogg -- [ ] WebSocket Test: https://websocketking.com/ - -## External Components -- [ ] NoScript - - [ ] Latest Version: https://addons.mozilla.org/en-US/firefox/addon/noscript/ - - [ ] Not removable from about:addons - - [ ] Tests: https://test-data.tbb.torproject.org/test-data/noscript/ - - **TODO**: fix test pages -``` - -</details>

===================================== .gitlab/issue_templates/QA - Desktop.md deleted ===================================== @@ -1,164 +0,0 @@ -Manual QA test check-list for major desktop releases. Please copy/paste form into your own comment, fill out relevant info and run through the checklist! - -<details> - <summary>Tor Browser Desktop QA Checklist</summary> - -```markdown -# System Information - -- Version: Tor Browser XXX -- OS: Windows|macOS|Linux YYY -- CPU Architecture: -- Profile: New|Old - -# Features - -## Base functionality -- [ ] Tor Browser launches successfully -- [ ] Connects to the Tor network - - [ ] Homepage loads: - - [ ] about:tor - - [ ] about:blank - - [ ] custom -- [ ] Tor Browser loads URLs passed by command-line after bootstrapped -- [ ] Localisation (Browser chrome) - - [ ] Language notification/message bar - - [ ] Spoof English - - [ ] Check especially the recently added strings -- [ ] UI Customisations: - - [ ] New Identity - - [ ] Toolbar icon - - [ ] Hamburger menu - - [ ] File menu - - [ ] New circuit for this site - - [ ] Circuit display - - [ ] Hamburger menu - - [ ] File menu - - [ ] No Firefox extras (Sync, Pocket, Report broken site, Tracking protection, etc) - - [ ] No unified extensions button (puzzle piece) - - [ ] NoScript button hidden - - [ ] Context Menu Populated -- [ ] Fingerprinting resistance: https://arkenfox.github.io/TZP/tzp.html -- [ ] Security level (Standard, Safer, Safest) - - Displays in: - - toolbar icon - - toolbar panel - - about:preferences#privacy - - [ ] On switch, each UI element is updated - - [ ] On custom config (toggle `svg.disabled`) - - [ ] each UI element displays warning - - [ ] `Restore defaults` reverts custom prefs - - **TODO**: test pages verifying correct behaviour -- [ ] New identity -- [ ] Betterboxing - - [ ] Reuse last window size - - [ ] Content alignment - - [ ] No letterboxing: - - [ ]empty tabs or privileged pages (eg: about:blank, about:about) - - [ ] full-screen video - - [ ] pdf viewer - - [ ] reader-mode -- [ ] Downloads Warning - - [ ] Downloads toolbar panel - - [ ] about:downloads - - [ ] Library window (<kbd>Ctrl</kbd>+<kbd>Shift</kbd>+<kbd>o</kbd>) -- [ ] Drag and Drop protections: - - [ ] Dragging a link from a tab to another tab in the same window works - - [ ] Dragging a link from a tab to another tab in a separate window works - - [ ] Dragging a link into the library creates a bookmark - - [ ] Dragging a link from Tor Browser to Firefox doesn't work - - [ ] Dragging a link from Firefox to Tor Browser works - - [ ] Dragging a link from Tor Browser to another app (e.g., text editor) doesn't work - - [ ] Repeat with page favicon - -## Proxy safety -- [ ] Tor exit test: https://check.torproject.org -- [ ] Circuit isolation - - Following websites should all report different IP addresses - - https://ifconfig.io - - https://myip.wtf - - https://wtfismyip.com -- [ ] DNS leaks: https://dnsleaktest.com -- [ ] Circuit Display - - [ ] Website => circuit - - [ ] Remote PDF => circuit - - [ ] Remote image => circuit - - [ ] .onion Website => circuit with onion-service relays - - [ ] .tor.onion Website => circuit with onion-service relays, link to true onion address - - http://ft.securedrop.tor.onion - - [ ] Website in reader mode => circuit (same as w/o reader mode) - - [ ] Local image => no circuit - - [ ] Local SVG with remote content => catch-all circuit, but not shown - - [ ] Local PDF => no circuit - - [ ] Local HTML `file://` with local resources => no circuit - - [ ] Local HTML `file://` with remote resources => catch-all circuit, but not shown - -## Connectivity + Anti-Censorship -- [ ] Tor daemon config by environment variables - - https://gitlab.torproject.org/tpo/applications/team/-/wikis/Environment-vari... -- [ ] Internet Test ( about:preferences#connection ) - - [ ] Fails when offline - - [ ] Succeeds when online -- [ ] Bridges: - - Bootstrap - - Browse: https://check.torproject.org - - Bridge node in circuit-display - - Bridge cards - - Disable - - Remove - - [ ] Default bridges: - - [ ] Removable as a group, not editable - - [ ] obfs4 - - [ ] meek - - [ ] snowflake - - [ ] User provided bridges: - - [ ] Removable and editable individually - - [ ] obfs4 from https://bridges.torproject.org - - [ ] webtunnel from https://bridges.torproject.org - - [ ] conjure from [gitlab](https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/conju...) - - [ ] Request bridges... - - [ ] Removable as a group, but not editable - - [ ] Succeeds when bootstrapped - - [ ] Succeeds when not bootstrapped - - **TODO**: Lox -- [ ] Connect Assist - - Useful pref: `torbrowser.debug.censorship_level` - - [ ] Auto-bootstrap updates Tor connection settings on success - - [ ] Auto-bootstrap restore previous Tor connection settings on failure - -## Web Browsing -- [ ] HTTPS-Only: http://http.badssl.com -- [ ] Crypto-currency warning on http website - - **TODO**: we should provide an example page -- [ ] .onion: - - [ ] torproject.org onion: http://2gzyxa5ihm7nsggfxnu52rck2vv4rvmdlkiu3zzui5du4xyclen53wid.onion/ - - [ ] Onion-Location pill - - [ ] Client authentication - - You can create an ephemeral client-auth onion-service using [onion share](https://onionshare.org) - - [ ] Remember key option saves the key between sessions. - - [ ] Saved keys are viewable in preferences (privacy). - - [ ] Can remove individual keys. - - [ ] Can remove all keys at once. - - [ ] Onion service errors - - [ ] invalid onion: http://invalid.onion - - [ ] onion offline: http://wfdn32ds656ycma5gvrh7duvdvxbg2ygzr3no3ijsya25qm6nnko4iqd.onion/ - - [ ] onion baddssl: https://gitlab.torproject.org/tpo/applications/team/-/wikis/Development-Info... - - **TODO** all the identity block states - - **TODO** client auth -- [ ] **TODO**: .securedrop.tor.onion -- [ ] **TODO**: onion-service alt-svc -- [ ] HTML5 Video: https://tekeye.uk/html/html5-video-test-page - - [ ] MPEG4 - - [ ] WebM - - [ ] Ogg -- [ ] WebSocket Test: https://websocketking.com/ - -## External Components -- [ ] NoScript - - [ ] Latest Version: https://addons.mozilla.org/en-US/firefox/addon/noscript/ - - [ ] Not removable from about:addons - - [ ] Tests: https://test-data.tbb.torproject.org/test-data/noscript/ - - **TODO**: fix test pages -``` - -</details>

===================================== .gitlab/issue_templates/Uplift.md deleted ===================================== @@ -1,26 +0,0 @@ -<!-- -Title: - Uplift tor-browser#12345: Title of Issue - -This is an issue for tracking uplift of a patch-set to Firefox ---> - -## Uplift Patchset - -### Book-keeping - -#### Gitlab Issue(s) -- tor-browser#12345 -- mullvad-browser#123 - -#### Merge Request(s) -- tor-browser!123 - -#### Upstream Mozilla Issue(s): -- https://bugzilla.mozilla.org/show_bug.cgi?id=12345 - -### Notes - -<!-- whatever additional info, context, etc that would be helpful for uplifting --> - -/label ~"Apps::Type::Uplift"

===================================== .gitlab/issue_templates/bug.md deleted ===================================== @@ -1,32 +0,0 @@ -<!-- -* Use this issue template for reporting a new bug. ---> - -### Summary -**Summarize the bug encountered concisely.** - - -### Steps to reproduce: -**How one can reproduce the issue - this is very important.** - -1. Step 1 -2. Step 2 -3. ... - -### What is the current bug behavior? -**What actually happens.** - - -### What is the expected behavior? -**What you want to see instead** - - - -### Environment -**Which operating system are you using? For example: Debian GNU/Linux 10.1, Windows 10, Ubuntu Xenial, FreeBSD 12.2, etc.** -**Which installation method did you use? Distribution package (apt, pkg, homebrew), from source tarball, from Git, etc.** - -### Relevant logs and/or screenshots - - -/label ~"Apps::Type::Bug"

===================================== .gitlab/merge_request_templates/default.md → .gitlab/merge_request_templates/Default.md ===================================== @@ -64,6 +64,7 @@ - **accessibility** : henry - **android** : clairehurst, dan - **build system** : boklm + - **ci/cd**: brizental, henry - **extensions** : ma1 - **firefox internals (XUL/JS/XPCOM)** : jwilde, ma1 - **fonts** : pierov @@ -72,7 +73,7 @@ - **localization** : henry, pierov - **macOS** : clairehurst, dan - **nightly builds** : boklm - - **rebases/release-prep** : dan, ma1, pierov, morgan + - **rebases/release-prep** : brizental, clairehurst, dan, ma1, pierov, morgan - **security** : jwilde, ma1 - **signing** : boklm, morgan - **updater** : pierov

View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/compare/952...