[tbb-commits] [Git][tpo/applications/tor-browser][tor-browser-115.0b5-13.0-1] 120 commits: Bug 41649: Create rebase and security backport gitlab issue templates
Pier Angelo Vendrame (@pierov)
git at gitlab.torproject.org
Wed Jun 28 17:07:41 UTC 2023
Pier Angelo Vendrame pushed to branch tor-browser-115.0b5-13.0-1 at The Tor Project / Applications / Tor Browser
Commits:
796625a7 by Richard Pospesel at 2023-06-14T09:46:55+02:00
Bug 41649: Create rebase and security backport gitlab issue templates
- - - - -
f4c1bd50 by Richard Pospesel at 2023-06-14T09:46:56+02:00
Bug 41089: Add tor-browser build scripts + Makefile to tor-browser
- - - - -
77c88ccb by Pier Angelo Vendrame at 2023-06-14T09:46:57+02:00
fixup! Bug 41089: Add tor-browser build scripts + Makefile to tor-browser
Added bridges.js to .eslintignore
- - - - -
7d3d1898 by Kathy Brade at 2023-06-14T09:46:57+02:00
Bug 11641: Disable remoting by default.
Unless the -osint command line flag is used, the browser now defaults
to the equivalent of -no-remote. There is a new -allow-remote flag that
may be used to restore the original (Firefox-like) default behavior.
- - - - -
9b44e71d by Mike Perry at 2023-06-14T09:46:58+02:00
Bug 2176: Rebrand Firefox to TorBrowser
See also Bugs #5194, #7187, #8115, #8219.
This patch does some basic renaming of Firefox to TorBrowser. The rest of the
branding is done by images and icons.
Also fix bug 27905.
Bug 25702: Update Tor Browser icon to follow design guidelines
- Updated all of the branding in /browser/branding/official with new 'stable'
icon series.
- Updated /extensions/onboarding/content/img/tor-watermark.png with new icon and
add the source svg in the same directory
- Copied /browser/branding/official over /browser/branding/nightly and the new
/browser/branding/alpha directories. Replaced content with 'nightly' and
'alpha' icon series.
Updated VisualElements_70.png and VisualElements_150.png with updated icons in
each branding directory (fixes #22654)
- Updated firefox.VisualElementsManfiest.xml with updated colors in each
branding directory
- Added firefox.svg to each branding directory from which all the other icons
are derived (apart from document.icns and document.ico)
- Added default256.png and default512.png icons
- Updated aboutTBUpdate.css to point to branding-aware icon128.png and removed
original icon
- Use the Tor Browser icon within devtools/client/themes/images/.
Bug 30631: Blurry Tor Browser icon on macOS app switcher
It would seem the png2icns tool does not generate correct icns files and
so on macOS the larger icons were missing resulting in blurry icons in
the OS chrome. Regenerated the padded icons in a macOS VM using
iconutil.
Bug 28196: preparations for using torbutton tor-browser-brand.ftl
A small change to Fluent FileSource class is required so that we
can register a new source without its supported locales being
counted as available locales for the browser.
Bug 31803: Replaced about:debugging logo with flat version
Bug 21724: Make Firefox and Tor Browser distinct macOS apps
When macOS opens a document or selects a default browser, it sometimes
uses the CFBundleSignature. Changing from the Firefox MOZB signature to
a different signature TORB allows macOS to distinguish between Firefox
and Tor Browser.
Bug 32092: Fix Tor Browser Support link in preferences
For bug 40562, we moved onionPattern* from bug 27476 to here, as
about:tor needs these files but it is included earlier.
Bug 41278: Create Tor Browser styled pdf logo similar to the vanilla Firefox one
- - - - -
b51150af by Pier Angelo Vendrame at 2023-06-14T09:46:58+02:00
fixup! Bug 2176: Rebrand Firefox to TorBrowser
Bug 41749: Replace the onion-glyph with dedicated icon for onion services
- - - - -
bff0ab96 by Pier Angelo Vendrame at 2023-06-14T09:46:59+02:00
fixup! Bug 2176: Rebrand Firefox to TorBrowser
Added placeholders for new PBM assets needed on Windows
- - - - -
7153bf50 by sanketh at 2023-06-14T09:46:59+02:00
Bug 40209: Implement Basic Crypto Safety
Adds a CryptoSafety actor which detects when you've copied a crypto
address from a HTTP webpage and shows a warning.
Closes #40209.
Bug 40428: Fix string attribute names
- - - - -
58c358a8 by Mike Perry at 2023-06-14T09:47:00+02:00
TB3: Tor Browser's official .mozconfigs.
Also:
Add an --enable-tor-browser-data-outside-app-dir configure option
Add --with-tor-browser-version configure option
Bug 31457: disable per-installation profiles
The dedicated profiles (per-installation) feature does not interact
well with our bundled profiles on Linux and Windows, and it also causes
multiple profiles to be created on macOS under TorBrowser-Data.
Bug 31935: Disable profile downgrade protection.
Since Tor Browser does not support more than one profile, disable
the prompt and associated code that offers to create one when a
version downgrade situation is detected.
Add --enable-tor-browser-update build option
Bug 40793: moved Tor configuration options from old-configure.in to moz.configure
Bug 41584: Move some configuration options to base-browser level
- - - - -
82cffe4c by Henry Wilkes at 2023-06-14T09:47:00+02:00
Bug 41340: Enable TOR_BROWSER_NIGHTLY_BUILD features for dev and nightly builds
tor-browser#41285: Enable fluent warnings.
- - - - -
c92e7608 by Pier Angelo Vendrame at 2023-06-14T09:47:00+02:00
Bug 40562: Added Tor Browser preferences to 000-tor-browser.js
Before reordering patches, we used to keep the Tor-related patches
(torbutton and tor-launcher) at the beginning.
After that issue, we decided to move them towards the end.
In addition to that, we have decided to move Tor Browser-only
preferences there, too, to make Base Browser-only fixups easier to
apply.
- - - - -
1891c4f4 by Pier Angelo Vendrame at 2023-06-14T09:47:01+02:00
fixup! Bug 40562: Added Tor Browser preferences to 000-tor-browser.js
Moved from the Firefox preferences override commit.
To remove from Base Browser and move to Tor Browser only.
- - - - -
98da7d5a by Pier Angelo Vendrame at 2023-06-14T09:47:01+02:00
fixup! Bug 40562: Added Tor Browser preferences to 000-tor-browser.js
Ignore 000-tor-browser.js during linting
- - - - -
ed3367e6 by Pier Angelo Vendrame at 2023-06-14T09:47:02+02:00
Bug 13252: Customize profile management on macOS
On macOS we allow both portable mode and system installation.
However, in the latter case, we customize Firefox's directories to
match the hierarchy we use for the portable mode.
Also, display an informative error message if the TorBrowser-Data
directory cannot be created due to an "access denied" or a
"read only volume" error.
- - - - -
ecf1f3b0 by Pier Angelo Vendrame at 2023-06-14T09:47:02+02:00
Bug 40933: Add tor-launcher functionality
- - - - -
513ad9dc by Pier Angelo Vendrame at 2023-06-14T09:47:03+02:00
fixup! Bug 40933: Add tor-launcher functionality
Switched to lazy.
- - - - -
f9c68576 by Richard Pospesel at 2023-06-14T09:47:03+02:00
Bug 40597: Implement TorSettings module
- migrated in-page settings read/write implementation from about:preferences#tor
to the TorSettings module
- TorSettings initially loads settings from the tor daemon, and saves them to
firefox prefs
- TorSettings notifies observers when a setting has changed; currently only
QuickStart notification is implemented for parity with previous preference
notify logic in about:torconnect and about:preferences#tor
- about:preferences#tor, and about:torconnect now read and write settings
thorugh the TorSettings module
- all tor settings live in the torbrowser.settings.* preference branch
- removed unused pref modify permission for about:torconnect content page from
AsyncPrefs.jsm
Bug 40645: Migrate Moat APIs to Moat.jsm module
- - - - -
013594d7 by Henry Wilkes at 2023-06-14T09:47:03+02:00
fixup! Bug 40597: Implement TorSettings module
Bug 41608 - Ignore tor connection errors when tor connection is
cancelled by the user. This can happen if the bootstrap process is
cancelled late in the process.
Also remove unused cancelAutoBootstrapping.
- - - - -
3009a246 by Pier Angelo Vendrame at 2023-06-14T09:47:04+02:00
fixup! Bug 40597: Implement TorSettings module
Bug 41801: Fix handleProcessReady in TorSettings.init
- - - - -
9ea54081 by Alex Catarineu at 2023-06-14T09:47:04+02:00
Bug 10760: Integrate TorButton to TorBrowser core
Because of the non-restartless nature of Torbutton, it required
a two-stage installation process. On mobile, it was a problem,
because it was not loading when the user opened the browser for
the first time.
Moving it to tor-browser and making it a system extension allows it
to load when the user opens the browser for first time.
Additionally, this patch also fixes Bug 27611.
Bug 26321: New Circuit and New Identity menu items
Bug 14392: Make about:tor behave like other initial pages.
Bug 25013: Add torbutton as a tor-browser submodule
Bug 31575: Replace Firefox Home (newtab) with about:tor
- - - - -
2d2e48c8 by Pier Angelo Vendrame at 2023-06-14T09:47:05+02:00
fixup! Bug 10760: Integrate TorButton to TorBrowser core
Linted
- - - - -
17bf3f82 by hackademix at 2023-06-14T09:47:05+02:00
Bug 8324: Prevent DNS proxy bypasses caused by Drag&Drop
Bug 41613: Skip Drang & Drop filtering for DNS-safe URLs
- - - - -
25424be7 by Henry Wilkes at 2023-06-14T09:47:06+02:00
Bug 41600: Add a tor circuit display panel.
- - - - -
7371f696 by Pier Angelo Vendrame at 2023-06-14T09:47:06+02:00
fixup! Bug 41600: Add a tor circuit display panel.
Linted
- - - - -
6d02111a by Henry Wilkes at 2023-06-14T09:47:07+02:00
fixup! Bug 41600: Add a tor circuit display panel.
Bug 41770 - Stop blocking event propagation of keydown events that we do
not handle. This lets the arrow key events pass on to
ToolbarKeyboardNavigator.
- - - - -
b847018d by Amogh Pradeep at 2023-06-14T09:47:07+02:00
Orfox: Centralized proxy applied to AbstractCommunicator and BaseResources.
See Bug 1357997 for partial uplift.
Also:
Bug 28051 - Use our Orbot for proxying our connections
Bug 31144 - ESR68 Network Code Review
- - - - -
0ba6a113 by Matthew Finkel at 2023-06-14T09:47:07+02:00
Bug 25741: TBA: Disable GeckoNetworkManager
The browser should not need information related to the network
interface or network state, tor should take care of that.
- - - - -
5e5073f3 by Alex Catarineu at 2023-06-14T09:47:08+02:00
Add TorStrings module for localization
- - - - -
e50c1131 by Henry Wilkes at 2023-06-14T09:47:08+02:00
fixup! Add TorStrings module for localization
Bug 41608 - Add new connection status strings.
- - - - -
896efd81 by Kathy Brade at 2023-06-14T09:47:09+02:00
Bug 14631: Improve profile access error messages.
Instead of always reporting that the profile is locked, display specific
messages for "access denied" and "read-only file system".
To allow for localization, get profile-related error strings from Torbutton.
Use app display name ("Tor Browser") in profile-related error alerts.
- - - - -
9e2a9670 by Pier Angelo Vendrame at 2023-06-14T09:47:09+02:00
Bug 40807: Added QRCode.js to toolkit/modules
- - - - -
bd394039 by Richard Pospesel at 2023-06-14T09:47:10+02:00
Bug 31286: Implementation of bridge, proxy, and firewall settings in about:preferences#connection
This patch adds a new about:preferences#connection page which allows
modifying bridge, proxy, and firewall settings from within Tor Browser.
All of the functionality present in tor-launcher's Network
Configuration panel is present:
- Setting built-in bridges
- Requesting bridges from BridgeDB via moat
- Using user-provided bridges
- Configuring SOCKS4, SOCKS5, and HTTP/HTTPS proxies
- Setting firewall ports
- Viewing and Copying Tor's logs
- The Networking Settings in General preferences has been removed
Bug 40774: Update about:preferences page to match new UI designs
- - - - -
4194a32a by Pier Angelo Vendrame at 2023-06-14T09:47:10+02:00
fixup! Bug 31286: Implementation of bridge, proxy, and firewall settings in about:preferences#connection
Linted
- - - - -
29d3d7c0 by Henry Wilkes at 2023-06-14T09:47:10+02:00
fixup! Bug 31286: Implementation of bridge, proxy, and firewall settings in about:preferences#connection
Bug 41608 - Use the torconnect icon for the onion slash.
- - - - -
3ed482b9 by Richard Pospesel at 2023-06-14T09:47:13+02:00
Bug 27476: Implement about:torconnect captive portal within Tor Browser
- implements new about:torconnect page as tor-launcher replacement
- adds tor connection status to url bar and tweaks UX when not online
- adds new torconnect component to browser
- tor process management functionality remains implemented in tor-launcher through the TorProtocolService module
- adds warning/error box to about:preferences#tor when not connected to tor
- explicitly allows about:torconnect URIs to ignore Resist Fingerprinting (RFP)
- various tweaks to info-pages.inc.css for about:torconnect (also affects other firefox info pages)
Bug 40773: Update the about:torconnect frontend page to match additional UI flows
- - - - -
ca65448f by Pier Angelo Vendrame at 2023-06-14T09:47:13+02:00
fixup! Bug 27476: Implement about:torconnect captive portal within Tor Browser
Linted
- - - - -
ca5c0735 by Henry Wilkes at 2023-06-14T09:47:14+02:00
amend! Bug 27476: Implement about:torconnect captive portal within Tor Browser
Bug 27476: Implement about:torconnect captive portal within Tor Browser
- implements new about:torconnect page as tor-launcher replacement
- adds new torconnect component to browser
- tor process management functionality remains implemented in tor-launcher through the TorProtocolService module
- adds warning/error box to about:preferences#tor when not connected to tor
Bug 40773: Update the about:torconnect frontend page to match additional UI flows.
Bug 41608: Add a toolbar status button and a urlbar "Connect" button.
- - - - -
8169138c by Henry Wilkes at 2023-06-14T09:47:14+02:00
fixup! Bug 27476: Implement about:torconnect captive portal within Tor Browser
Bug 41608 and 41526 - Use KeyboardEvent.repeat to block triggering newly
focused buttons in about:torconnect. The approach in tor-browser!607
prevented this by waiting for keyup, but keyup could still be triggered
by a key event initialized elsewhere. E.g. when pressing Enter to close
a modal dialog, the Enter's keyup event would be sent to the
about:torconnect page and trigger the focused button.
- - - - -
092e6036 by Arthur Edelstein at 2023-06-14T09:47:15+02:00
Bug 12620: TorBrowser regression tests
Regression tests for Bug #2950: Make Permissions Manager memory-only
Regression tests for TB4: Tor Browser's Firefox preference overrides.
Note: many more functional tests could be made here
Regression tests for #2874: Block Components.interfaces from content
Bug 18923: Add a script to run all Tor Browser specific tests
Regression tests for Bug #16441: Suppress "Reset Tor Browser" prompt.
- - - - -
16c56865 by Pier Angelo Vendrame at 2023-06-14T09:47:15+02:00
Bug 41668: Tweaks to the Base Browser updater for Tor Browser
This commit was once part of "Bug 4234: Use the Firefox Update Process
for Tor Browser.".
However, some parts of it were not needed for Base Browser and some
derivative browsers.
Therefore, we extracted from that commit the parts for Tor Browser
legacy, and we add them back to the patch set with this commit.
- - - - -
38d9b4e8 by Pier Angelo Vendrame at 2023-06-14T09:47:16+02:00
fixup! Bug 41668: Tweaks to the Base Browser updater for Tor Browser
Bug 41776: Keep shipping the old fontconfig file until users have one
- - - - -
868eb3c9 by Pier Angelo Vendrame at 2023-06-14T09:47:16+02:00
fixup! Bug 41668: Tweaks to the Base Browser updater for Tor Browser
Bug 41776 (fix): Added some missing lines to the previous patch
- - - - -
adbe3db7 by Pier Angelo Vendrame at 2023-06-14T09:47:16+02:00
fixup! Bug 41668: Tweaks to the Base Browser updater for Tor Browser
Add back variables removed from the Base Browser part of the rebase.
- - - - -
0ab5f27f by Kathy Brade at 2023-06-14T09:47:17+02:00
Bug 12647: Support symlinks in the updater.
- - - - -
92cffda5 by Kathy Brade at 2023-06-14T09:47:17+02:00
Bug 19121: reinstate the update.xml hash check
This is a partial revert of commit f1241db6986e4b54473a1ed870f7584c75d51122.
Revert most changes from Mozilla Bug 862173 "don't verify mar file hash
when using mar signing to verify the mar file (lessens main thread I/O)."
We kept the addition to the AppConstants API in case other JS code
references it in the future.
- - - - -
47a01248 by Kathy Brade at 2023-06-14T09:47:18+02:00
Bug 16940: After update, load local change notes.
Add an about:tbupdate page that displays the first section from
TorBrowser/Docs/ChangeLog.txt and includes a link to the remote
post-update page (typically our blog entry for the release).
Always load about:tbupdate in a content process, but implement the
code that reads the file system (changelog) in the chrome process
for compatibility with future sandboxing efforts.
Also fix bug 29440. Now about:tbupdate is styled as a fairly simple
changelog page that is designed to be displayed via a link that is on
about:tor.
- - - - -
07c55aa6 by Pier Angelo Vendrame at 2023-06-14T09:47:18+02:00
fixup! Bug 16940: After update, load local change notes.
Define the remote capabilities of about:tbupdate in the correct commit.
- - - - -
0d642de1 by Georg Koppen at 2023-06-14T09:47:19+02:00
Bug 32658: Create a new MAR signing key
It's time for our rotation again: Move the backup key in the front
position and add a new backup key.
Bug 33803: Move our primary nightly MAR signing key to tor-browser
Bug 33803: Add a secondary nightly MAR signing key
- - - - -
6265e136 by Mike Perry at 2023-06-14T09:47:19+02:00
Omnibox: Add DDG, Startpage, Disconnect, Youtube, Twitter; remove Amazon, eBay, bing
eBay and Amazon don't treat Tor users very well. Accounts often get locked and
payments reversed.
Also:
Bug 16322: Update DuckDuckGo search engine
We are replacing the clearnet URL with an onion service one (thanks to a
patch by a cypherpunk) and are removing the duplicated DDG search
engine. Duplicating DDG happend due to bug 1061736 where Mozilla
included DDG itself into Firefox. Interestingly, this caused breaking
the DDG search if JavaScript is disabled as the Mozilla engine, which
gets loaded earlier, does not use the html version of the search page.
Moreover, the Mozilla engine tracked where the users were searching from
by adding a respective parameter to the search query. We got rid of that
feature as well.
Also:
This fixes bug 20809: the DuckDuckGo team has changed its server-side
code in a way that lets users with JavaScript enabled use the default
landing page while those without JavaScript available get redirected
directly to the non-JS page. We adapt the search engine URLs
accordingly.
Also fixes bug 29798 by making sure we only specify the Google search
engine we actually ship an .xml file for.
Also regression tests.
squash! Omnibox: Add DDG, Startpage, Disconnect, Youtube, Twitter; remove Amazon, eBay, bing
Bug 40494: Update Startpage search provider
squash! Omnibox: Add DDG, Startpage, Disconnect, Youtube, Twitter; remove Amazon, eBay, bing
Bug 40438: Add Blockchair as a search engine
Bug 33342: Avoid disconnect search addon error after removal.
We removed the addon in #32767, but it was still being loaded
from addonStartup.json.lz4 and throwing an error on startup
because its resource: location is not available anymore.
- - - - -
4b849a9c by Pier Angelo Vendrame at 2023-06-14T09:47:20+02:00
fixup! Omnibox: Add DDG, Startpage, Disconnect, Youtube, Twitter; remove Amazon, eBay, bing
Use the upstream DDG icon
- - - - -
00da3619 by Alex Catarineu at 2023-06-14T09:47:20+02:00
Bug 40073: Disable remote Public Suffix List fetching
In https://bugzilla.mozilla.org/show_bug.cgi?id=1563246 Firefox implemented
fetching the Public Suffix List via RemoteSettings and replacing the default
one at runtime, which we do not want.
- - - - -
9c5130ab by Richard Pospesel at 2023-06-14T09:47:20+02:00
Bug 23247: Communicating security expectations for .onion
Encrypting pages hosted on Onion Services with SSL/TLS is redundant
(in terms of hiding content) as all traffic within the Tor network is
already fully encrypted. Therefore, serving HTTP pages from an Onion
Service is more or less fine.
Prior to this patch, Tor Browser would mostly treat pages delivered
via Onion Services as well as pages delivered in the ordinary fashion
over the internet in the same way. This created some inconsistencies
in behaviour and misinformation presented to the user relating to the
security of pages delivered via Onion Services:
- HTTP Onion Service pages did not have any 'lock' icon indicating
the site was secure
- HTTP Onion Service pages would be marked as unencrypted in the Page
Info screen
- Mixed-mode content restrictions did not apply to HTTP Onion Service
pages embedding Non-Onion HTTP content
This patch fixes the above issues, and also adds several new 'Onion'
icons to the mix to indicate all of the various permutations of Onion
Services hosted HTTP or HTTPS pages with HTTP or HTTPS content.
Strings for Onion Service Page Info page are pulled from Torbutton's
localization strings.
- - - - -
d2e8767b by Pier Angelo Vendrame at 2023-06-14T09:47:21+02:00
fixup! Bug 23247: Communicating security expectations for .onion
Reimplement the self-signed onion logic
- - - - -
d97eee90 by cypherpunks1 at 2023-06-14T09:47:21+02:00
fixup! Bug 23247: Communicating security expectations for .onion
Bug 33298: Warn when submitting form data from http onion sites over an insecure connection
- - - - -
db9bf091 by cypherpunks1 at 2023-06-14T09:47:22+02:00
fixup! Bug 23247: Communicating security expectations for .onion
Bug 41785: Show http onion resources as secure in network monitor
- - - - -
91f9a4b9 by Kathy Brade at 2023-06-16T10:44:36+02:00
Bug 30237: Add v3 onion services client authentication prompt
When Tor informs the browser that client authentication is needed,
temporarily load about:blank instead of about:neterror and prompt
for the user's key.
If a correctly formatted key is entered, use Tor's ONION_CLIENT_AUTH_ADD
control port command to add the key (via Torbutton's control port
module) and reload the page.
If the user cancels the prompt, display the standard about:neterror
"Unable to connect" page. This requires a small change to
browser/actors/NetErrorChild.jsm to account for the fact that the
docShell no longer has the failedChannel information. The failedChannel
is used to extract TLS-related error info, which is not applicable
in the case of a canceled .onion authentication prompt.
Add a leaveOpen option to PopupNotifications.show so we can display
error messages within the popup notification doorhanger without
closing the prompt.
Add support for onion services strings to the TorStrings module.
Add support for Tor extended SOCKS errors (Tor proposal 304) to the
socket transport and SOCKS layers. Improved display of all of these
errors will be implemented as part of bug 30025.
Also fixes bug 19757:
Add a "Remember this key" checkbox to the client auth prompt.
Add an "Onion Services Authentication" section within the
about:preferences "Privacy & Security section" to allow
viewing and removal of v3 onion client auth keys that have
been stored on disk.
Also fixes bug 19251: use enhanced error pages for onion service errors.
- - - - -
2d7199aa by Pier Angelo Vendrame at 2023-06-16T10:44:55+02:00
fixup! Bug 30237: Add v3 onion services client authentication prompt
Linted
- - - - -
59d9dcd3 by Alex Catarineu at 2023-06-16T10:44:55+02:00
Bug 21952: Implement Onion-Location
Whenever a valid Onion-Location HTTP header (or corresponding HTML
<meta> http-equiv attribute) is found in a document load, we either
redirect to it (if the user opted-in via preference) or notify the
presence of an onionsite alternative with a badge in the urlbar.
- - - - -
c2b796f4 by Henry Wilkes at 2023-06-16T10:44:56+02:00
fixup! Bug 21952: Implement Onion-Location
Bug 41608 - Use the same styling for ".onion available" urlbar button as
the tor-connect-urlbar-button. This also stops the button from
overflowing its container like before. Also move to after the bookmark
button.
- - - - -
3517b09d by Pier Angelo Vendrame at 2023-06-16T10:44:56+02:00
Bug 40458: Implement .tor.onion aliases
We have enabled HTTPS-Only mode, therefore we do not need
HTTPS-Everywhere anymore.
However, we want to keep supporting .tor.onion aliases (especially for
securedrop).
Therefore, in this patch we implemented the parsing of HTTPS-Everywhere
rulesets, and the redirect of .tor.onion domains.
Actually, Tor Browser believes they are actual domains. We change them
on the fly on the SOCKS proxy requests to resolve the domain, and on
the code that verifies HTTPS certificates.
- - - - -
10bc857c by Pier Angelo Vendrame at 2023-06-16T10:44:57+02:00
fixup! Bug 40458: Implement .tor.onion aliases
Lint
- - - - -
51857f1d by Pier Angelo Vendrame at 2023-06-16T10:44:57+02:00
Bug 11698: Incorporate Tor Browser Manual pages into Tor Browser
This patch associates the about:manual page to a translated page that
must be injected to browser/omni.ja after the build.
The content must be placed in chrome/browser/content/browser/manual/, so
that is then available at chrome://browser/content/manual/.
We preferred giving absolute freedom to the web team, rather than having
to change the patch in case of changes on the documentation.
- - - - -
7cf754ce by Pier Angelo Vendrame at 2023-06-16T10:44:57+02:00
Bug 41435: Add a Tor Browser migration function
For now this function only deletes old language packs for which we are
already packaging the strings with the application.
- - - - -
78367b68 by Dan Ballard at 2023-06-16T10:44:58+02:00
Bug 40701: Add in pane security warning when downloading a file
- - - - -
f18d29f7 by Henry Wilkes at 2023-06-16T10:44:58+02:00
Bug 41736: Customize toolbar for tor-browser.
- - - - -
d84340d8 by hackademix at 2023-06-16T10:45:00+02:00
Bug 41728: Pin bridges.torproject.org domains to Let's Encrypt's root cert public key
- - - - -
803088de by Henry Wilkes at 2023-06-16T10:45:01+02:00
Bug 41803: Add some developer tools for working on tor-browser.
- - - - -
e79a74e7 by Dan Ballard at 2023-06-16T10:45:01+02:00
amend! Bug 40701: Add in pane security warning when downloading a file
Bug 40701: Add security warning when downloading a file
Shown in the downloads panel, about:downloads and places.xhtml.
- - - - -
82d5fdc7 by Pier Angelo Vendrame at 2023-06-16T10:45:02+02:00
fixup! Bug 31286: Implementation of bridge, proxy, and firewall settings in about:preferences#connection
Bug 40552: Improve the description of the modal to provide a bridge
manually.
- - - - -
205a107c by Pier Angelo Vendrame at 2023-06-16T10:45:02+02:00
fixup! Add TorStrings module for localization
Bug 40552: New texts for the add a bridge manually modal
- - - - -
53ec47f0 by cypherpunks1 at 2023-06-16T10:45:02+02:00
fixup! Bug 8324: Prevent DNS proxy bypasses caused by Drag&Drop
Bug 41792: Allow dragging downloads from about:downloads and the download panel
- - - - -
cf1574c9 by Pier Angelo Vendrame at 2023-06-16T10:45:03+02:00
fixup! Bug 31286: Implementation of bridge, proxy, and firewall settings in about:preferences#connection
Bug 41802: Improve the regex on parseBridgeLine
The previous version of the regex took for granted the bridge
fingerprint was always available, but it is actually optional.
So, parsing some bridge lines (e.g., Conjure) failed, and vanilla
bridge was displayed instead of the actual transport.
- - - - -
9846bb41 by Dan Ballard at 2023-06-16T10:45:03+02:00
fixup! Bug 27476: Implement about:torconnect captive portal within Tor Browser
Bug 41623: Update connection assist's iconography
- - - - -
49af0f51 by Dan Ballard at 2023-06-16T10:45:04+02:00
fixup! Bug 31286: Implementation of bridge, proxy, and firewall settings in about:preferences#connection
Bug 41623: Update connection assist's iconography
- - - - -
d3bfbadc by Dan Ballard at 2023-06-16T10:45:04+02:00
fixup! fixup! Bug 27476: Implement about:torconnect captive portal within Tor Browser
Bug 41623: Update connection assist's iconography
- - - - -
ab7c1583 by Henry Wilkes at 2023-06-16T10:45:04+02:00
fixup! Bug 31286: Implementation of bridge, proxy, and firewall settings in about:preferences#connection
Bug 41734 - Add a connected label to the built-in bridge dialog.
- - - - -
e76daef3 by Henry Wilkes at 2023-06-16T10:45:05+02:00
fixup! Add TorStrings module for localization
Bug 41734 - Add a connected label to the built-in bridge dialog.
- - - - -
e1786cb9 by Pier Angelo Vendrame at 2023-06-16T10:45:05+02:00
fixup! Bug 27476: Implement about:torconnect captive portal within Tor Browser
Bug 41815: Wrong connect icons
Swapped a couple of icons in about:torconnect, and split the offline CSS
class from the connection assist/final error, since they now need a
different icon.
Also, removed the stroke property, since the new icons do not need it.
- - - - -
f9c4f924 by Pier Angelo Vendrame at 2023-06-16T10:45:06+02:00
fixup! Bug 27476: Implement about:torconnect captive portal within Tor Browser
Bug 41816: Workaround to fix the top navigation
Using the top navigation does not always work as expected, because we
pass a null connection state, instead of the actual state.
We could start storing the state as a member, however further refactors
are planned (see tor-browser#41710), so also directly asking the parent
for the current state works as a quick&dirty workaround.
- - - - -
23f711b3 by Henry Wilkes at 2023-06-16T10:45:06+02:00
fixup! Bug 31286: Implementation of bridge, proxy, and firewall settings in about:preferences#connection
Bug 41618 - Remove connect bar, and swap internet and connection icons
in tor connection preferences.
- - - - -
a3e9d638 by Henry Wilkes at 2023-06-16T10:45:07+02:00
fixup! Add TorStrings module for localization
Bug 41618 - Remove connect bar, and swap internet and connection icons
in tor connection preferences.
- - - - -
32da309f by Henry Wilkes at 2023-06-16T10:45:07+02:00
fixup! Bug 27476: Implement about:torconnect captive portal within Tor Browser
Bug 41726 - Animate the connection icon.
- - - - -
f2022f24 by Henry Wilkes at 2023-06-16T10:45:07+02:00
fixup! Bug 31286: Implementation of bridge, proxy, and firewall settings in about:preferences#connection
Bug 41810 - Add "Connect" button instead of the "Submit" and "OK" button in the bridge request dialog and the manual bridge dialog, respectively.
- - - - -
4164e088 by Dan Ballard at 2023-06-16T10:45:08+02:00
fixup! fixup! Bug 2176: Rebrand Firefox to TorBrowser
Bug 41809: restore onion glyph in locations outside location bar
- - - - -
fa2b3adc by Dan Ballard at 2023-06-16T10:45:08+02:00
fixup! Bug 23247: Communicating security expectations for .onion
Bug 41809: restore onion glyph in locations outside location bar
- - - - -
51b913b3 by Dan Ballard at 2023-06-16T10:45:09+02:00
fixup! Bug 31286: Implementation of bridge, proxy, and firewall settings in about:preferences#connection
Bug 41809: restore onion glyph in locations outside location bar
- - - - -
e5e275da by Pier Angelo Vendrame at 2023-06-16T10:45:09+02:00
fixup! Add TorStrings module for localization
Bug 41818: Remove YEC 2022 strings
- - - - -
5dae43f0 by Pier Angelo Vendrame at 2023-06-16T10:45:10+02:00
fixup! Bug 40933: Add tor-launcher functionality
Added a newnym function
- - - - -
306fdd9b by Pier Angelo Vendrame at 2023-06-16T10:45:10+02:00
fixup! Bug 10760: Integrate TorButton to TorBrowser core
Bug 40938: Moving the domain isolator out of torbutton
- - - - -
71bf4be8 by Arthur Edelstein at 2023-06-16T10:45:10+02:00
Bug 3455: Add DomainIsolator, for isolating circuit by domain.
Add an XPCOM component that registers a ProtocolProxyChannelFilter
which sets the username/password for each web request according to
url bar domain.
Bug 9442: Add New Circuit button
Bug 13766: Set a 10 minute circuit dirty timeout for the catch-all circ.
Bug 19206: Include a 128 bit random tag as part of the domain isolator nonce.
Bug 19206: Clear out the domain isolator state on `New Identity`.
Bug 21201.2: Isolate by firstPartyDomain from OriginAttributes
Bug 21745: Fix handling of catch-all circuit
Bug 41741: Refactor the domain isolator and new circuit
- - - - -
da71d1c4 by Pier Angelo Vendrame at 2023-06-16T10:45:11+02:00
fixup! Bug 3455: Add DomainIsolator, for isolating circuit by domain.
Refactors to the old JS code.
- - - - -
aec9a9f9 by Pier Angelo Vendrame at 2023-06-16T10:45:11+02:00
fixup! Bug 3455: Add DomainIsolator, for isolating circuit by domain.
Manage NEWNYM here.
- - - - -
0db0a8c5 by Pier Angelo Vendrame at 2023-06-16T10:45:12+02:00
fixup! Bug 3455: Add DomainIsolator, for isolating circuit by domain.
Removed the XPCOM definition of the domain isolator.
- - - - -
16c3c029 by Pier Angelo Vendrame at 2023-06-16T10:45:12+02:00
fixup! Bug 10760: Integrate TorButton to TorBrowser core
Extract the new identity button from torbutton
- - - - -
d39f5d21 by Pier Angelo Vendrame at 2023-06-16T10:45:13+02:00
fixup! Bug 3455: Add DomainIsolator, for isolating circuit by domain.
Actually added the new circuit button.
- - - - -
c15468c4 by Pier Angelo Vendrame at 2023-06-16T10:45:13+02:00
fixup! Bug 41600: Add a tor circuit display panel.
Use the new domain isolator interface.
- - - - -
97f55730 by Pier Angelo Vendrame at 2023-06-16T10:45:13+02:00
fixup! Bug 40209: Implement Basic Crypto Safety
Use the new domain isolator interface
- - - - -
d60adf11 by Pier Angelo Vendrame at 2023-06-16T10:45:14+02:00
fixup! Bug 10760: Integrate TorButton to TorBrowser core
Remove string changes from Torbutton.
We will add them back in the TorStrings commit.
- - - - -
92606de9 by Pier Angelo Vendrame at 2023-06-16T10:45:14+02:00
fixup! Add TorStrings module for localization
Add our DTDs where needed.
These changes were originally in the torbutton commit, but I think they
are better fit here, with all the strings files.
- - - - -
b26e881a by Henry Wilkes at 2023-06-16T10:45:15+02:00
fixup! Bug 27476: Implement about:torconnect captive portal within Tor Browser
Bug 41836: Rename deinit to uninit.
- - - - -
2c13c604 by Pier Angelo Vendrame at 2023-06-16T10:45:18+02:00
fixup! Bug 21952: Implement Onion-Location
Bug 41841: Use the new onion-site.svg icon in the onion-location pill
- - - - -
755a45e9 by cypherpunks1 at 2023-06-16T10:45:18+02:00
fixup! Bug 40925: Implemented the Security Level component
Bug 26277: Skip the redirection page when searching with DuckDuckGo on the safest security level
- - - - -
3e0e1f21 by Henry Wilkes at 2023-06-16T10:45:18+02:00
fixup! Bug 27476: Implement about:torconnect captive portal within Tor Browser
Bug 41826 - Tweak tor connect status styling in titlebar and connection
preferences.
- - - - -
c94b0be0 by Henry Wilkes at 2023-06-16T10:45:19+02:00
fixup! Bug 31286: Implementation of bridge, proxy, and firewall settings in about:preferences#connection
Bug 41826 - Tweak tor connect status styling in titlebar and connection
preferences.
- - - - -
960c8921 by Henry Wilkes at 2023-06-16T10:45:19+02:00
fixup! Bug 31286: Implementation of bridge, proxy, and firewall settings in about:preferences#connection
Bug 41848 - Consistently disable the accept/connect button in the bridge
dialogs until the user gives some input.
- - - - -
c1e03343 by Henry Wilkes at 2023-06-16T10:45:20+02:00
fixup! Bug 31286: Implementation of bridge, proxy, and firewall settings in about:preferences#connection
Bug 41849: Use the firefox check.svg since we removed our own equivalent
check.svg in tor-browser!663.
- - - - -
ac853a1a by Henry Wilkes at 2023-06-16T10:45:20+02:00
fixup! Bug 27476: Implement about:torconnect captive portal within Tor Browser
Bug 41850: Don't show tor connection animation for new windows.
- - - - -
c149eeff by Richard Pospesel at 2023-06-16T10:45:21+02:00
fixup! Bug 41649: Create rebase and security backport gitlab issue templates
- made formatting consistent between each template
- updated the directions around the base-browser rebase to better reflect how
we *actually* do it with regards to only rarely needing to rebase base-browser
seperately
- fixed a few typos and incorrect git cherry-pick examples
- moved signing and tagging to their own section in the rebase templates
- changed instances of 'origin' to 'upstream' to be consistent with github/gitlab documentation
- added firefox-android section and marked android-components and fenix sections as optional for esr102 only so we don't have to urently fix this once we swithc to esr115
- - - - -
9f785f3b by Richard Pospesel at 2023-06-16T10:45:21+02:00
fixup! Adding issue and merge request templates
- removed exta unneeded dashes
- updated Backporting section to better match our desired process
going forward:
- discourage requests for backport to stable
- provide justification for backport request from list proposed at
last Tor meeting
- added 'consistency' justification for patches/changes which can be difficult to context switch between but don't affect the final build output
- added explicit merge destination selection
- - - - -
5d07962c by Henry Wilkes at 2023-06-20T18:10:41+02:00
fixup! Bug 41600: Add a tor circuit display panel.
Bug 41851: Keep circuit panel open when requesting a new circuit.
- - - - -
df1b9b74 by Dan Ballard at 2023-06-26T21:03:21+02:00
fixup! TB3: Tor Browser's official .mozconfigs.
Bug 41828: Remove --with-tor-browser-version from tor-browser-android mozconfig
- - - - -
d34475cd by Pier Angelo Vendrame at 2023-06-26T21:03:21+02:00
Unpublished commits start here
After here are only commits that were added to make 115 work.
So, they don't have a counterpart in 102.xx.0esr-13.0.
- - - - -
1ad5807c by Pier Angelo Vendrame at 2023-06-26T21:03:22+02:00
fixup! Bug 10760: Integrate TorButton to TorBrowser core
Emergency modularization.
- - - - -
dd526ed0 by Pier Angelo Vendrame at 2023-06-26T21:03:24+02:00
fixup! Bug 8324: Prevent DNS proxy bypasses caused by Drag&Drop
Emergency modernization
- - - - -
0ac3a905 by Pier Angelo Vendrame at 2023-06-26T21:03:24+02:00
fixup! Bug 10760: Integrate TorButton to TorBrowser core
Removed references to global.dtd.
- - - - -
e187ff83 by Pier Angelo Vendrame at 2023-06-27T14:46:47+02:00
fixup! Bug 16940: After update, load local change notes.
Removed global.dtd
- - - - -
36f3dae3 by Pier Angelo Vendrame at 2023-06-27T14:46:54+02:00
fixup! Bug 40925: Implemented the Security Level component
Improve the patch to skip DDG redirection for 115.
- - - - -
e15186f2 by Pier Angelo Vendrame at 2023-06-27T14:46:55+02:00
fixup! Bug 8324: Prevent DNS proxy bypasses caused by Drag&Drop
Final part of the modernization: switched to an actual module, and moved
out of Torbutton!
- - - - -
e286ad1e by Pier Angelo Vendrame at 2023-06-27T15:51:49+02:00
fixup! Bug 27476: Implement about:torconnect captive portal within Tor Browser
Moved the logic of the about:tor redirects before the bootstrap
- - - - -
d9711f94 by Pier Angelo Vendrame at 2023-06-27T16:00:23+02:00
fixup! Bug 40701: Add in pane security warning when downloading a file
Missed a couple of removed lines.
- - - - -
30 changed files:
- .eslintignore
- .gitignore
- + .gitlab/issue_templates/Backport Android Security Fixes.md
- + .gitlab/issue_templates/Rebase Browser - Alpha.md
- + .gitlab/issue_templates/Rebase Browser - Stable.md
- .gitlab/merge_request_templates/default.md
- + browser/actors/AboutTBUpdateChild.jsm
- + browser/actors/AboutTBUpdateParent.jsm
- + browser/actors/CryptoSafetyChild.jsm
- + browser/actors/CryptoSafetyParent.jsm
- browser/actors/moz.build
- browser/app/Makefile.in
- browser/app/macbuild/Contents/Info.plist.in
- + browser/app/profile/000-tor-browser.js
- browser/base/content/aboutDialog.xhtml
- + browser/base/content/abouttbupdate/aboutTBUpdate.css
- + browser/base/content/abouttbupdate/aboutTBUpdate.js
- + browser/base/content/abouttbupdate/aboutTBUpdate.xhtml
- browser/base/content/appmenu-viewcache.inc.xhtml
- + browser/base/content/browser-doctype.inc
- browser/base/content/browser-menubar.inc
- browser/base/content/browser-sets.inc
- browser/base/content/browser-siteIdentity.js
- browser/base/content/browser.js
- browser/base/content/browser.xhtml
- browser/base/content/default-bookmarks.html
- browser/base/content/hiddenWindowMac.xhtml
- browser/base/content/main-popupset.inc.xhtml
- browser/base/content/navigator-toolbox.inc.xhtml
- browser/base/content/pageinfo/pageInfo.xhtml
The diff was not included because it is too large.
View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/compare/433115466b3e542c1507273fc47cc1365ce398ab...d9711f9419364d386c6244a99181559ed1dae2d0
--
View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/compare/433115466b3e542c1507273fc47cc1365ce398ab...d9711f9419364d386c6244a99181559ed1dae2d0
You're receiving this email because of your account on gitlab.torproject.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tbb-commits/attachments/20230628/16098e0d/attachment-0001.htm>
More information about the tbb-commits
mailing list