[tbb-bugs] #21340 [Applications/Tor Browser]: Identify and backport new patches from Firefox

Tor Bug Tracker & Wiki blackhole at torproject.org
Thu Apr 27 11:07:24 UTC 2017

#21340: Identify and backport new patches from Firefox
 Reporter:  arthuredelstein                      |          Owner:  tbb-
                                                 |  team
     Type:  defect                               |         Status:
                                                 |  needs_review
 Priority:  Medium                               |      Milestone:
Component:  Applications/Tor Browser             |        Version:
 Severity:  Normal                               |     Resolution:
 Keywords:  ff52-esr, TorBrowserTeam201704R,     |  Actual Points:
  tbb-7.0-must-alpha                             |
Parent ID:                                       |         Points:
 Reviewer:                                       |        Sponsor:
                                                 |  Sponsor4

Comment (by gk):

 Replying to [comment:19 arthuredelstein]:
 > Replying to [comment:18 gk]:
 > > Arthur: where are we here given the previous comments? We have the
 HSTS/HPKP-related backport to consider. Something else as well?
 > I have rebased what I had in comment:6 on top of tor/tor-
 browser-52.0.2esr-7.0-2, except I left out the SVG patches which I think
 we can postpone:

 Sounds good to me.

 > https://github.com/arthuredelstein/tor-browser/commits/21340+5
 > These include the HSTS/HPKP-related patches, as well as these:

 I put the HSTS/HPKP patch review into #17965. Right now I am inclined to
 postpone inclusion and have those patches the first alpha of the 7.5
 series as this is quite complex and might need more testing. Not sure
 about backporting to the 7.0 series in that case.
 > 1315602 Remove the assertion of FirstPartyDomain should be empty in HTTP
 commit efd86213b996d351757498968481962eb610c06c
 > 1274020 Add a test to show that the DOM Cache is separated by origin
 commit 3da33fc90ce348fbc594d5aa45e85d8a4f08e539
 > 1282655 Add a test case to test whether site permissions are universal
 or isolated for each type of OriginAttribute
 commit 59cba8d0681caf53c46cd3718e34c9a49f9c5921
 > 1305144 Spoof referrer when leaving a .onion domain (Tor 17334)
 That got already included and is commit
 4317d7a834b0abf95ba6afdb18902758c691da49. All commits are on `tor-

Ticket URL: <https://trac.torproject.org/projects/tor/ticket/21340#comment:24>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tbb-bugs mailing list