[tbb-bugs] #21340 [Applications/Tor Browser]: Identify and backport new patches from Firefox

Tor Bug Tracker & Wiki blackhole at torproject.org
Mon Mar 13 06:37:07 UTC 2017

#21340: Identify and backport new patches from Firefox
 Reporter:  arthuredelstein           |          Owner:  tbb-team
     Type:  defect                    |         Status:  needs_review
 Priority:  Medium                    |      Milestone:
Component:  Applications/Tor Browser  |        Version:
 Severity:  Normal                    |     Resolution:
 Keywords:  TorBrowserTeam2017R       |  Actual Points:
Parent ID:  #20680                    |         Points:
 Reviewer:                            |        Sponsor:  Sponsor4
Changes (by arthuredelstein):

 * keywords:   => TorBrowserTeam2017R
 * status:  new => needs_review


 Here's a list of patches I cherry-picked or backported from Firefox >=53
 without too much difficulty. They are Tor uplift patches or addition
 first-party isolation work.

 1334690 Isolate AlternateService mappings by Origin Attributes
 1334693 Investigate and isolate SPDY/HTTP2 state by first-party domain
 when privacy.firstparty.isolate = true
 1315602 Remove the assertion of FirstPartyDomain should be empty in HTTP
 1317927 Media caching needs to use origin attributes
 1274020 Add a test to show that the DOM Cache is separated by origin
 1282655 Add a test case to test whether site permissions are universal or
 isolated for each type of OriginAttribute
 1305144 Spoof referrer when leaving a .onion domain (Tor 17334)
 1216893 Add pref to optionally disable SVG (Tor 12827)

 Here's the branch with these patches. If this seems reasonable I will
 merge these with my latest #20680 branch.


 A few patches have substantial conflicts: namely HSTS/HPKP isolation and
 the network predictor isolation patch. These are going to take further
 1290529 clear HSTS and HPKP for subdomains as well when bug 1115712 is
 1323644 Isolate the HSTS and HPKP cache by first party domain.
 1336867 Remove unsafeProcessHeader and isSecureHost in
 1115712 make DataStorage for HPKP and HSTS enumerable via xpcom

 1312954 Making the network predictor obey originAttributes and updating
 SpeculativeConnect() to SpeculativeConnect2().

Ticket URL: <https://trac.torproject.org/projects/tor/ticket/21340#comment:3>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tbb-bugs mailing list