[tbb-bugs] #25543 [Applications/Tor Browser]: Rebase Tor Browser patches for ESR60
Tor Bug Tracker & Wiki
blackhole at torproject.org
Wed Apr 18 03:29:51 UTC 2018
#25543: Rebase Tor Browser patches for ESR60
--------------------------------------+---------------------------------
Reporter: gk | Owner: arthuredelstein
Type: task | Status: assigned
Priority: Very High | Milestone:
Component: Applications/Tor Browser | Version:
Severity: Normal | Resolution:
Keywords: TorBrowserTeam201804 | Actual Points:
Parent ID: #25741 | Points:
Reviewer: | Sponsor:
--------------------------------------+---------------------------------
Comment (by arthuredelstein):
Here is my current version of a rebase branch:
https://github.com/arthuredelstein/tor-browser/commits/25543+6
(b4907074cbe48d46a621fa8ad2b0e4b29c7041de)
It contains nearly all desktop patches rebased to mozilla-beta (those
labeld C and F). It does not yet include a few updater patches (labeled P)
and mobile patches. See https://torpat.ch for further reference. The
branch builds and seems to run OK on Linux 64.
Here's what happened to each patch:
{{{
? = more investigation needed
B = already included in Firefox 60
C = cherry-picked
D = Delete
F = fixed up
K = Broken
N = Not done yet
O = obsolete
P = Pearl Crescent (in progress)
U = Upstreamed
F 90e16dd25b6e Bug 20283: Tor Browser should run without a `/proc`
filesystem.
F 82cd8ae9a5de Bug 21537: Tests for secure .onion cookies
F c70454fd10ef Bug 21537: Mark .onion cookies as secure
F 7719a132533d fixup! Bug 16940: After update, load local change notes.
U 901380f79a74 Bug 23439: Exempt .onion domains from mixed content
warnings
U 314e5b4a08d3 Bug 23439: Exempt .onion domains from mixed content
warnings
B 0fb51b9375f6 Bug 25147: Sanitize HTML fragments created for chrome-
privileged documents
O 74b92f0512e8 Bug 25112: Tor Browser 7.5 is not working on Windows Vista
64bit
B 0d3da213dc86 Bug 1370027: Part 1 - Cleanly handle a subprocess child
being reaped by NSPR. r=aswan
D 76b6a5dc0859 Revert "Bug 18619: If indexedDB disabled, use in-memory db
for asyncStorage.js"
C 93999a363c76 Bug 22794: Don't open AF_INET/AF_INET6 sockets when
AF_LOCAL is configured
C 95ad1e098907 Bug 19910: Rip out optimistic data socks handshake variant
(#3875)
C ba141b6054ea Bug 22614: Make e10s/non-e10s Tor Browsers
indistinguishable
B 01b8fa23b26a Bug 1005640 - Flush StringBundle cache when app-locales
change. r=valentin
C f5eebe23eda5 Bug 13575: Disable randomised Firefox HTTP cache decay user
tests.
F 6e2c459fa66a Bug 23916: Add new MAR signing key
B 5e53cbb2d63c Bug 1403412 - disable VP9 estimizer on Mac; r=jya
C b91202db5ef3 Bug 22548: Firefox downgrades VP9 videos to VP8.
U 031dba9cfdf3 Allow std::unordered_*.
U 848e862614a1 Bug 24197: fix uppercase/lowercase issue in Wow64.h include
B 52781b3a80f4 Bug 23970: Printing to a file is broken with Linux content
sandboxing enabled
B ab8aca382251 Bug 23970: Printing to a file is broken with Linux content
sandboxing enabled
B c96c64300d52 Bug 23970: Printing to a file is broken with Linux content
sandboxing enabled
B 5d36dc9a3d5b Bug 23970: Printing to a file is broken with Linux content
sandboxing enabled
B cfe5bda0cec0 Bug 23970: Printing to a file is broken with Linux content
sandboxing enabled
O d6131d2157a1 Bug 23016: "Print to File" does not create the expected
file in non-English locales
B a0382e7bc741 Bug 1372072 - Part 2: Add a test case for check whether
network information API has been spoofed correctly when
'privacy.resistFingerprinting' is true. r=arthuredelstein,baku
B 3841170c74d8 Bug 1372072 - Part 1: Spoofing network information API and
blocking ontypechange event when 'privacy.resistFingerprinting' is true.
r=arthuredelstein,baku
C ab9be0575af0 Bug 24398: Plugin-container process exhausts memory
C 230cb85895bc Bug 23104: Add a default line height compensation
C 009bc0a8f600 Bug 24478: Enable debug assertions and tests in our ASan
builds
C 2646633951fe Bug 21925: Don't compile with ASan and FORTIFY_SOURCE
C 6794707e2b3a Bug 24052: Handle redirects by blocking them early
K 2e0a54b89593 Bug 24052: Streamline handling of file:// resources
B 2270fb027a31 Bug 1305396 - Replace memmove with std::copy_backward in a
file that doesn't include cstring explicitly. r=keeler
D e7fc8cfbe27d Revert "Bug 21308: Set indexedDB->null when
dom.indexeddb.enabled=false"
D ca8fa1fb280c Revert "bug 23104 - Add a default line height compensation"
C 87b15309e159 Bug 13398: at startup, browser gleans user FULL NAME (real
name, given name) from O/S
B 8c0c1a4d6469 Bug 366945 - Disable middlemouse.contentLoadURL by default
on UNIX and Android, r=gijs
D 478a8ccce85b bug 23104 - Add a default line height compensation
C a19fd1255901 We don't take the SANDBOX_EXPORTS path and fix compile
issues along our way
F[inspect] fc9f5757efd6 Bug 16010: Fixing sandbox compile issues
B fe5c1809487e Bug 1386279 - Renovate Linux sandbox file broker handling
of access(). r=gcp
B f99102a4c3d4 Bug 1374281. r=jld
B 43247a6b0732 Bug 1344106 - Remove Linux todos() now that Linux
sandboxing is riding the trains. r=haik
B 08edba4a1f7a Bug 1317802 - don't stop for SIGSYS in .gdbinit; r=jld
B aab5c2714555 Bug 1337162 - Enable the Linux content sandbox for non-
Nightly builds. r=ted
B bed2159de684 Bug 1355274 - Polyfill SOCK_DGRAM socketpairs with
SOCK_SEQPACKET, for libasyncns. r=gcp
B 4e8bfae856e9 Bug 1361238 - Re-allow accept4, used by accessibility.
r=gcp
B 7dbf00b82e6a Bug 1358647 - Disallow bind/listen/accept for Linux content
processes. r=gcp
B 0232c989f8ea Bug 1286865 - Step 0: Turn off crash-on-seccomp-fail by
default on non-nightly. r=gcp
B 6c802b3741c9 Bug 1320085 - Allow the getrlimit-equivalent subset of
prlimit64. r=tedd
U 2e72b91df3e5 Bug 18101: Suppress upload file dialog proxy bypass (linux)
B 201df98d032e Bug 1365047 Turn on the Windows DLL Blocklist in MinGW
r=aklotz
B 4d27bc319f9d Bug 1368406 Use non-Windows Printf Format Specifiers in
MinGW r=froydnj
U c773ce1f161f Bug 23230: Fix build error on Windows 64
D c04c6fd4da01 Revert "Bug 19273: Avoid JavaScript patching of the
external app helper dialog."
C f7e646dd976c Bug 21830: Copying large text from web console leaks to
/tmp
C 576f4e90158a Bug 21321: Add test for .onion whitelisting
C c79b911518ed Bug 21321: .onion domains are shown as non-secure
U 6214b3a48f36 Don't break accessibility support for Windows
D 2aadce237574 Revert "Getting Tor Browser to build with accessibility
enabled on Windows"
F c542fb08d725 Bug 23044: Don't allow GIO supported protocols by default
U 67d6461d58a6 Bug 16485: Improve about:cache page
O? 019cfd615d7f Bug 21862: Rip out potentially unsafe rust code
U 5a812a560343 Bug 1329521 - GetLoadContextInfo() should not compare
originAttributes and privateBrowsing boolean when docShell is chrome type,
r=smaug
U 1e44ba71702e Bug 22452: Isolate tab list menuitem favicons to content
first party
U 671e4be2682f Bug 22327: Isolate Page Info media previews to content
first party
U a49b1a4d604a Bug 1319908 - Load the menu icons for the bookmarks menu
with the correct content type and principal on OSX; r=baku
U 08391e69ed95 Bug 21972: about:support is partially broken
U a48b75ea65c0 Bug 21684: Don't expose navigator.AddonManager to content
U 177805982c2b Bug 22320: Use pref name 'referer.hideOnionSource'
everywhere
F fba536f97fe2 Bug 21431: Clean-up system extensions shipped in Firefox 52
F 009934b82a3c Bug 16285: Exclude ClearKey system for now
U 6018c8682553 Bug 22165: Block DoListAddresses when resisting
fingerprinting
U 1fc107434bd9 Bug 10286: Regression tests for Touch API fingerprinting
resistance
U 4cd7a879addc Bug 10286: Touch API fingerprinting resistance
C 43c1ed31857d Bug 13612: Disable Social API
F* 5c25352ec8de Bug 21569: Add first-party domain to Permissions key
U 3d7920974fa7 Bug 16337: Round times exposed by Animation API to nearest
100ms
U c991664faabc Bug 21792: Suppress MediaError.message when
privacy.resistFingerprinting = true
B 3d55d320d172 Bug 1282655 - Test if site permissions are universal across
origin attributes. r=tanvi
B 472166860594 Bug 1274020 - Tests that shows the Cache Web API is
separated by origin attributes. r=baku
B 5a8d26d0cc01 Bug 1315602 - Remove the assertion of FirstPartyDomain
should be empty in HTTP redirect. r=smaug
B 84c976d6c191 Bug 1351071: Get rid of pre-generated startup cache
r=glandium
B 0b9734f23584 Bug 1342887 - Detect and log failures to dispatch
SetupMacCommandLine to the main thread. r=rstrong
B 16d29020cd2a Bug 1335916 - Make sure the update driver only calls
SetupMacCommandLine from the main thread. r=rstrong
F 0b00e2ce04e9 Bug 21907: Fix runtime error on CentOS 6
B 452a464d126f Bug 1352305 - Part2: Add a test case for making sure dialog
windows will not be enforced to rounded sizes when fingerprinting
resistance is enabled. r?ehsan
B dd2efe4502f7 Bug 1352305 - Part 1: Making the XULWindow will not be
enforecd to be rounded dimensions if it is a window without a primary
content when fingerprinting resistance is enabled. r?ehsan
O? 98ee0302a49d Bug 21876: Always use esr policies for e10s.
F 73f02a5f325c Bug 21849: Don't allow SSL key logging
D 75c7cfcb68e1 Getting Tor Browser to build with accessibility enabled on
Windows
U ad7ff6542560 Backport of tjr's patch for bug 1331349
U 9ea59d59ffa6 Backport of tjr's patch for bug 1314979
B c640867a52d2 Bug 805173 - Enable HeapEnableTerminationOnCorruption for
chrome processes on Windows. r=mhowell,tjr
C? 64aed57c7b49 Bug #5741: Prevent WebSocket DNS leak.
U cef74a746683 Bug 21723: Fix inconsistent generation of MOZ_MACBUNDLE_ID
O? dc0210891a9e Workaround for broken ASan builds (bug 1272498)
F 4f7b24106278 Bug 14970: Don't block our unsigned extensions
B 3555582727db Bug 1330882 - Part 5: Add more test cases for rounded
windows test. r=arthuredelstein,smaug
B 04f0a2bb4696 Bug 1330882 - Part 4: Making the window.open() can only
open rounded windows and the inner window will be automatically rounded
after setting size through innerWidth/Height and outerWidth/Height when
fingerprinting resistance is enabled. r=smaug
B 6c0ecaa44d1b Bug 1330882 - Part 3: Add a test case for opening new
windows as rounded size when fingerprinting resistance is enabled.
r=arthuredelstein,smaug
B d362791d8e53 Bug 1330882 - Part 2: Disallow the session restore to
modify window size when fingerprinting resistance is enabled.
r=arthuredelstein,mikedeboer
B 75691f7a6e30 Bug 1330882 - Part 1: Making new windows to be rounded size
when fingerprinting resistance is enabled (adopt from Tor #19459).
r=arthuredelstein,smaug
F 3a536e56b9f7 Omnibox: Add DDG, Startpage, Disconnect, Youtube, Twitter;
remove Amazon, eBay, bing
D c40c21632973 Bug 21308: Set indexedDB->null when
dom.indexeddb.enabled=false
B ffcb66f639f4 Bug 1344613 - Prevent null pointer crash in
nsSOCKSIOLayer.cpp
B cebb513dc6aa Bug 1305144 - Option to hide referrer when leaving a .onion
domain. r=mcmanus
F 506eb3cbd392 Bug 20589: Adding new MAR signing key
P dc4fdd28c696 Bug 13252: Do not store data in the app bundle
F 46acba80bdf4 Bug 16940: After update, load local change notes.
P 4564a5f744df Bug 13379: Sign our MAR files.
P 4c9f746f2c19 Bug 4234: Use the Firefox Update Process for Tor Browser.
F b0471f5e9e1f Bug 21724: Make Firefox and Tor Browser distinct macOS apps
C 08964d93d418 Bug 18912: add automated tests for updater cert pinning
P? 9ae35ba3c07e Bug 19121: reinstate the update.xml hash check
O? fee72fffc081 Bug 19411: Update icon shows up even if partial updates
are failing.
F 87036e9e33eb Bug 18900: updater doesn't work on Linux (cannot find
libraries)
F 0f7641a6369c Bug 18008: Create a new MAR Signing key
U 5f189ecd2805 Bug 18170: After update, only changelog tab shown
F 04e72287a8c7 Bug 11641: change TBB directory structure to be more like
Firefox's
F 452829d9135f Bug 9173: Change the default Firefox profile directory to
be TBB-relative.
U? e9be3f9dff33 Bug 20981: On Windows, check TZ for timezone first
U? 142c643b4cff Bug 16622: Pref to spoof time zone as UTC
O fdb2ad415cd6 Bug 20707: Avoid localization failure in about:preferences
O 043e87d50499 Bug 20244.2: Add "privacy.firstparty.isolate" checkbox
O 1cf891b3a783 Bug 20244.1: Add "privacy.resistFingerprinting" checkbox
C d4da5714eb9d Bug 19890: Disable installation of system addons
D db79c0270d50 Bug 19273: Avoid JavaScript patching of the external app
helper dialog.
C b7f33de7c769 Bug 18923: Add a script to run all Tor Browser specific
tests
U 133a941a72c9 Bug 18914: Use English-only label in <isindex/> tags
C fb26928c9f6f Regression tests for #2874: Block Components.interfaces
from content
C 0a2323b8fcaa Regression tests for Bug 1517: Reduce precision of time for
Javascript.
F af9e23384692 Regression tests for Bug 15646: Prevent keyboard layout
fingerprinting in KeyboardEvent
F 6a7ae76e406e Regression tests for Bug 17009: Pref to suppress some
modifier key events
D 53531cf002aa Bug 18619: If indexedDB disabled, use in-memory db for
asyncStorage.js
F db5663390b3e Bug 18821: Disable libmdns for Android and Desktop
F 90e817059ab7 Bug 18800: Remove localhost DNS lookup in nsProfileLock.cpp
F ac9bc3723c2b Bug 18799: disable Network Tickler
U 88e5ed76f941 Bug 6786: Do not expose system colors to CSS or canvas.
F aa65fd2ea82e Bug 16620: Clear window.name when no referrer sent
U 72998c7d5064 Bug 6253: Add canvas image extraction prompt.
U c9c82d317082 Bug 17009: Pref to suppress some modifier key events
U cbad7a986dcb Bug 15646: Prevent keyboard layout fingerprinting in
KeyboardEvent
U f6683c586a30 Bug 16005: Relax minimal mode.
U 03f286aa425e Bug 1517: Reduce precision of time for Javascript.
C 5adf623b76f8 Bug 16441: Suppress "Reset Tor Browser" prompt.
C a71bf76df344 Bug 14392: Make about:tor behave like other initial pages.
F ea9c5e94e364 Bug 2176: Rebrand Firefox to TorBrowser
C d3a986dfb477 Bug 18995: Regression test to ensure CacheStorage is
disabled in private browsing
C b4981a144854 Regression tests for #5856: Do not expose physical screen
info via window & window.screen.
C 98966f5b88b5 Regression tests for #2875: Limit device and system
specific CSS Media Queries.
C 90f3c1b3b687 Regression tests for #4755: Return client window
coordinates for mouse event screenX/Y (for dragend, 0,0 is returned).
C 73dc870c6712 Regression tests for "Omnibox: Add DDG, Startpage,
Disconnect, Youtube, Twitter; remove Amazon, eBay, bing"
C ba2620e0c91d Regression tests for TB4: Tor Browser's Firefox preference
overrides.
C 6bbe63c3f3b8 Regression tests for Bug #2950: Make Permissions Manager
memory-only
C c38fc187252c Bug 12620: TorBrowser regression tests folder
F c8fbfdb5b0e7 Bug 14631: Improve profile access error msgs (strings).
F f05b2599c291 Bug 14631: Improve profile access error messages.
F 9a13c4dd4d89 Bug 14716: HTTP Basic Authentication prompt only displayed
once
C 4fd7433d2b79 Bug 3875: Use Optimistic Data SOCKS variant.
N 2c74c1e6b2c7 Bug 5282: Randomize HTTP request order and pipeline depth.
C 05c64bde4a76 Bug 13028: Prevent potential proxy bypass cases.
O[Bug 18743] fd4a8863a4c3 Bug 16488: Remove "Sign in to Sync" from the
menu.
F c91cc92acf64 Bug 16439: remove screencasting code.
U 478ee75278f0 Bug 12827: Create preference to disable SVG.
F 6e18348d3fa2 Bug 2874: Block Components.interfaces from content
C 7190f7e52771 Bug 12974: Disable NTLM and Negotiate HTTP Auth
F d9ffdac205cc Bug 10280: Don't load any plugins into the address space.
C 83e40fc55843 Bug 8312: Remove "This plugin is disabled" barrier.
C 7151b7736fbc Bug 3547: Block all plugins except flash.
F 3efb1fb5990a TB4: Tor Browser's Firefox preference overrides.
C b7ba24e9438c TB3: Tor Browser's official .mozconfigs.
}}}
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/25543#comment:6>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tbb-bugs
mailing list