[tbb-bugs] #20680 [Applications/Tor Browser]: Rebase Tor Browser patches to 52 ESR

Tor Bug Tracker & Wiki blackhole at torproject.org
Wed Jan 25 00:06:00 UTC 2017

#20680: Rebase Tor Browser patches to 52 ESR
 Reporter:  arthuredelstein                 |          Owner:  tbb-team
     Type:  defect                          |         Status:  new
 Priority:  Medium                          |      Milestone:
Component:  Applications/Tor Browser        |        Version:
 Severity:  Normal                          |     Resolution:
 Keywords:  ff52-esr, TorBrowserTeam201701  |  Actual Points:
Parent ID:                                  |         Points:
 Reviewer:                                  |        Sponsor:

Comment (by arthuredelstein):

 Here's my current branch:


 And here is a table tracking where each patch from TBB/45ESR went. Note
 there are three additional patches needed here, for which I have opened
 tickets. I'm also still working on testing and inspecting these patches --
 any findings are very welcome.

 Rebasing TBB/45ESR to TBB/52ESR

 A = Already in ESR52 (had been backported to TBB/ESR45)
 B = Replaced by backport from FF53 or later
 D = Dropped commit (because of Reverts)
 O = Obsolete because of other changes
 P = Rebased from TBB/ESR56 to TBB/ESR52 by Pearl Crescent (mcs and brade)
 R = Rebased from TBB/ESR45 to TBB/ESR52
 U = Uplifted/replaced in Firefox and therefore already in ESR52
 W = Patch re-written (see child bugs for review)
 * = More work needed

 R bde5dc5 Bug 20589: Adding new MAR signing key
 R e90690e Bug 13252: Do not store data in the app bundle
 R 90cb545 Bug #10281: Use jemalloc4 and abort on redzone corruption
 A[3445ad74] 4b51be9 Bug 1277704 - Update jemalloc 4 to version 4.3.1.
 A[662ef756] 89d17cb Bug 1269959 - Update jemalloc 4 to version 4.1.1.
 A[8170c2d9] 98c0053 Bug 1254850 - Update jemalloc 4 to version 4.1.0.
 A[1ef4f451] d303a01 Bug 1186934 - update jemalloc to upstream HEAD;
 R c9cf878 Bug 16622: Pref to spoof time zone as UTC
 R 66a6826 Bug 20707: Avoid localization failure in about:preferences
 R a926b2b Bug 19459: Size new windows to 1000x1000 or nearest 200x100
 A[42404707] c6d2b47 Bug 1311275 - use protocol service directly instead of
 NS_GetFileFromURLSpec; r=mayhemer
 A[d7672f77] c64ea49 Bug 1273371, don't use the searchbar for this test,
 instead use a separate textbox, r=gijs
 A[780d816c] 226549c Bug 1270277, HasDataMatchingFlavors should only return
 true for text/unicode, r=snorp
 A[a4ee9d8d] fe6b667 Bug 1249522, when a file is present, only specify file
 type, r=smaug
 A[27d39ba9] d0dc268 Bug 1311044 - show error when connection to domain
 socket is failed; r=bagder
 U[2151007a] d150c8f Bug 20304: SOCKS socket does not support spaces and
 other special characters
 R 605c5e5 Bug 20244.2: Add "privacy.thirdparty.isolate" checkbox
 R 796c0b5 Bug 20244.1: Add "privacy.resistFingerprinting" checkbox
 U[see d087a35e] 54a14f6 Bug 20043: Isolate SharedWorker script requests to
 first party
 A[63c4f33f] f54d277 Bug 1070710 - Use ViewRegion for window dragging.
 A[f1138d1e] f805bd1 Bug 1070710 - Use ViewRegion for vibrant areas in
 VibrancyManager. r=spohl
 A[5ee44d89] 4454b6e Bug 1070710 - Add mozilla::ViewRegion which assembles
 a LayoutDeviceIntRegion as NSViews. r=spohl
 A[92fabd41] a6e755e Bug 1291543 - [1.1] Accept partial information from
 VBR headers. r=jya
 A[e1bbdff4] 7a30be5 Bug 1263334 - Check VBR header is valid before using
 it for duration calculations. r=esawin
 A[d69c074e] 5894fef Bug 1236639 - [1.2] Avoid division by zero in
 MP3Demuxer. r=gerald
 R b0c0a61 Bug 20123: Always block remote jar files
 R 6767d56 Bug 17334: Spoof referrer when leaving a .onion domain
 R 18db5c1 Bug 17858: Cannot create incremental MARs for hardened builds.
 R 8cbed5e4 Bug 19890: Disable installation of system addons
 R 1240853 Bug 19273: Avoid JavaScript patching of the external app helper
 R 0f5d15f Bug 19417: Disable asmjs for now
 R 70e290b Bug 18923: Add a script to run all Tor Browser specific tests
 D 558f719 Revert "Bug 18923: Add a script to run all Tor Browser specific
 D 5475dc3 Bug 18923: Add a script to run all Tor Browser specific tests
 U[bgz.la/1304219] e3aae80 Bug 16998: Isolate link rel=preconnect to first
 D 8e2ac91 Revert "Bug 16998: Disable link rel=preconnect"
 R 5d60090 Bug 19411: Update icon shows up even if partial updates are
 R 7432546 Regression tests for Bug 1517: Reduce precision of time for
 R 10a70ab Bug 19212: SIGSEGV with developer tools open
 O 17b0875 Bug 18884: Add --disable-loop flag
 R 6dd286e Bug 18914: Use English-only label in <isindex/> tags
 R 4f6d3ec Bug 18912: add automated tests for updater cert pinning
 R 1b612be Bug 19121: reinstate the update.xml hash check
 A[b565a3d4] b79ca4f Bug 18885: Disable possible logging of TLS key
 R d491d26 Regression tests for Bug 15646: Prevent keyboard layout
 fingerprinting in KeyboardEvent
 R d816be5 Regression tests for Bug 17009: Pref to suppress some modifier
 key events
 O[eabb5f64] 14fcdbf Bug 18886: Hide pocket menu items when Pocket is
 R 4b78eb5 Bug 18619: If indexedDB disabled, use in-memory db for
 U[54c8149d] 44d8ac6 Bug 18958: Spoof screen.orientation values
 R 9a58c59 Bug 18995: Regression test to ensure CacheStorage is disabled in
 private browsing
 R 7525830 Bug 18900: updater doesn't work on Linux (cannot find libraries)
 D f6a772e Bug 16998: Disable link rel=preconnect
 R 1982608 Bug 18821: Disable libmdns for Android and Desktop
 R 271699e Bug 18800: Remove localhost DNS lookup in nsProfileLock.cpp
 R[a934a3b7] 794c4a7 Bug 13419: Fix ICU cross-compilation for Windows
 R 6ebbc50 Bug 14970: Don't block our unsigned extensions
 R 794d6e1 Bug 18799: disable Network Tickler
 R 2aa8106 Bug 6786: Do not expose system colors to CSS or canvas.
 P 2581fe5 Bug 13252 - Do not store data in the app bundle
 R a576dc8 Bug 18292: Staged updates fail on Windows
 P 8a77ff2 Bug 16940: After update, load local change notes.
 R b264be6 Bug 18008: Create a new MAR Signing key
 P db78778 Bug 13379: Sign our MAR files.
 P ac912c2 Bug #4234: Use the Firefox Update Process for Tor Browser.
 R ce73edb Bug 18170: After update, only changelog tab shown
 R 0525158 Bug #11641: change TBB directory structure to be more like
 R bb70648 Bug #9173: Change the default Firefox profile directory to be
 U[bgz.la/1277803] df5c185 Bug #13670.1: Isolate favicon requests by first
 U[b003df4b] f6a31c4 Bug 16300: Isolate Broadcast Channels to first party.
 U[33d9942f] 9f80f4d Regression tests for Bug 15564: Isolate SharedWorker
 by first party domain
 U[dfebfaa3] 1392761 Bug 15564: Isolate SharedWorker by first party domain
 U[bgz.la/1264595] 5b9b5c7 Bug #15703: Regression tests for isolation of
 mediasource URI
 U[bd3c0cc8] e6d5488 Bug #15502, Part 2: Regression tests for blob URL
 U[bgz.la/1260931] 43785cf Bug #15502. Isolate blob, mediasource &
 mediastream URLs to first party
 U[bgz.la/1264562, bgz.la/1312794] 4751d0e Bug 13670.2: Isolate OCSP
 requests by first party domain
 U[2b1661df] c6c578d Bug #13749.1: regression tests for first party
 isolation of localStorage
 U[bgz.la/1260931] a60ca50 Bug #6564: Isolate DOM storage to first party
 U[d087a35e] b07443b Bug #13749.2: Regression tests for first-party
 isolation of cache
 U[bgz.la/1270680] 7843363 Bug #6539: Isolate the Image Cache per url bar
 U[bgz.la/1260931]] 66f87b3 Bug 13742: Isolate cache to URL bar domain.
 U[a8b4c2a9] eb04eeb Bug 13900: Remove 3rd party HTTP auth tokens.
 O[first-party isolation] 7dde6e5 Bug #5742: API allows you to get the url
 bar URI for a channel or nsIDocument.
 R 7b9e7f1 Bug 16620: Clear window.name when no referrer sent
 R*(<a href="https://trac.torproject.org/18599">#18599</a>) 1a64b63 Bug
 #6253: Add canvas image extraction prompt.
 R e08ad00 Bug 18297: Use separate Noto JP,KR,SC,TC fonts
 U[2fefe85c] 196a0c3 Regression tests for Bug #17207: Hide mime types and
 plugins when resisting fingerprinting
 U[2fefe85c] 74b1f7c Bug #17207: Hide mime types and plugins when resisting
 U[cdccbe2a] ef49977 Bug #13313: Pref 'font.system.whitelist' restricts set
 of permitted fonts
 R 39cddae Bug 17009: Pref to suppress some modifier key events
 R 3246840 Bug 15646: Prevent keyboard layout fingerprinting in
 R 68f324f Bug #16005: Relax minimal mode.
 R 6a871dd Bug 1517: Reduce precision of time for Javascript.
 A[3345f3b6] 8b9f5c4 Bug 867501 - Pref allows JS locale to be set to US
 English/C. r=khuey
 R 218728b Regression tests for #5856: Do not expose physical screen info
 via window & window.screen.
 R 87105f1 Regression tests for #2875: Limit device and system specific CSS
 Media Queries.
 R 4668a00 Regression tests for #4755: Return client window coordinates for
 mouse event screenX/Y (for dragend, 0,0 is returned).
 R e386200 Bug 16441: Suppress "Reset Tor Browser" prompt.
 R 129c3f4 Bug 14392: Make about:tor behave like other initial pages.
 R 10a7cd9 Bug #2176: Rebrand Firefox to TorBrowser
 R e0eb3f3 Regression tests for "Omnibox: Add DDG, Startpage, Disconnect,
 Youtube, Twitter; remove Amazon, eBay, bing"
 *(<a href="https://trac.torproject.org/21309">#21309</a>) 911d56f Omnibox:
 Add DDG, Startpage, Disconnect, Youtube, Twitter;  remove Amazon, eBay,
 R 1ab9ef0 Regression tests for TB4: Tor Browser's Firefox preference
 R 1d1df84 Regression tests for Bug #2950: Make Permissions Manager memory-
 R dd55334 Regression tests for #2874: Block Components.interfaces from
 R f2a0d52 Bug #12620: TorBrowser regression tests folder
 R 656b1e2 Bug 14631: Improve profile access error msgs (strings).
 R a72a74d Bug 14631: Improve profile access error messages.
 O[456e54eb3] 9f284eb Bug #16855: Allow blobs to be downloaded on first-
 party pages
 *(<a href="https://trac.torproject.org/21308">#21308</a>) c2d877c Bug
 16528: Prevent indexedDB Modernizr breakage (e10s highrisk).
 R 8c9ad0a Bug 14716: HTTP Basic Authentication prompt only displayed once
 R 515daac Bug #3875: Use Optimistic Data SOCKS variant.
 R c7b0a03 Bug #5282: Randomize HTTP request order and pipeline depth.
 R fe45c436d Bug 13028: Prevent potential proxy bypass cases.
 U[0e9470fe, f52c3bbf] 05dc6ad Bug #5741: Prevent WebSocket DNS leak.
 R 9baae2e Bug 16488:  Remove "Sign in to Sync" from the menu.
 R 5e39125 Bug 16439: remove screencasting code.
 U[91d0ac11] 602ee90 Bug 17502: Add a pref hiding the "Open with" option
 R,I 4a3629a Bug 12827: Create preference to disable SVG.
 U[556ed991] 41073c0 Bug 13548: Create preference to disable MathML.
 R 7271e80 Bug #2874: Block Components.interfaces from content
 R 4425a1b Bug #12974: Disable NTLM and Negotiate HTTP Auth
 R 2d728f7 Bug 10280: Don't load any plugins into the address space.
 R 4173f95 Bug #8312: Remove "This plugin is disabled" barrier.
 R de2eb8f Bug #3547: Block all plugins except flash.
 O [loop removed] 9adf819 Bug 16863: console.error on new Tor Browser
 R d0fff8c TB4: Tor Browser's Firefox preference overrides.
 R,A [94fa8fd7] 9b466e4 Don't package things we don't build
 A[7041992f] e89d0bf Bug 1211567 - Enable domain socket support for SOCKS;
 O 83c294c Revert "Bug 1229855: Fix miscompilation of uint8_t enum class
 with gcc4.8.2; r=luke a=lizzard"
 A[b093982d] b1b7c16 Bug 1238694 - Limit the number of asm.js/wasm code
 allocations to avoid running into Linux kernel limits. r=luke
 A[1d92294b] 81a0560 Bug 1234246 - Don't reprotect JIT code more than once
 when linking. r=nbp
 A[0db5d8b5] 399e261 Bug 1215479 - Turn on W^X JIT code by default. r=luke
 A[e2fe0b8f] 956bfb8 Bug 1233328 - Part 2: Use SHA-256 StaticFingerprints
 directly instead of StaticPinset since the SHA-1 StaticFingerprints entry
 will always be null. r=keeler
 A[638ba07a] 7da7afe Bug 1233328 - Part 1: Ignore SHA-1 pins in
 PublicKeyPinningService.cpp. r=keeler
 A[05919374] 8d6f636 Bug 1229284 - Remove support for SHA-1 hashes in
 genHPKPStaticPins.js. r=keeler
 A[5d2aea87] f39769b Bug 1266963, stop propagation before other steps,
 A[a815bdb8] a73119f Bug 1246614 - Check if system add-ons directory exists
 before trying to clean it. r=mossop
 A[a3ad2879] 255a977 Bug 1250046 - Remove Shumway references from
 telemetry. r=gfritzsche
 A[347e3720] 0928713 Bug 1250046 - Remove Shumway references from IPC.
 A[d3e1f744] 730552f Bug 1250046 - Remove Shumway core files. r=till
 A[687d9646] e162f31 Bug 1233963 - Work around recent GNU gold behavior
 with segments starting before the first section they contain
 O bc348b2 Revert "Bug 856404 - Enable libraries folding on mingw.
 A[c1230235] 00808ec Don't use -Werror in mingw builds
 O[dd664443] 1186ff4 Disabling view management for mingw-w64 builds
 A[9e4a3887] 82f4abf Bug 1240589 - Cross compilation fixup.
 A[65aeb7ca] 223ec27 Bug 1167248 - Cross compilation fixup.
 R 5fb68cb TB3: Tor Browser's official .mozconfigs.

Ticket URL: <https://trac.torproject.org/projects/tor/ticket/20680#comment:6>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tbb-bugs mailing list