[tbb-commits] [Git][tpo/applications/tor-browser][base-browser-115.3.0esr-13.0-1] Deleted 112 commits: Bug 41649: Create rebase and security backport gitlab issue templates
Pier Angelo Vendrame (@pierov)
git at gitlab.torproject.org
Tue Sep 19 16:39:54 UTC 2023
Pier Angelo Vendrame pushed to branch base-browser-115.3.0esr-13.0-1 at The Tor Project / Applications / Tor Browser
WARNING: The push did not contain any new commits, but force pushed to delete the commits and changes below.
Deleted commits:
327cf983 by Richard Pospesel at 2023-09-19T17:52:50+02:00
Bug 41649: Create rebase and security backport gitlab issue templates
- - - - -
b69c7d5f by Pier Angelo Vendrame at 2023-09-19T17:52:50+02:00
fixup! Bug 41649: Create rebase and security backport gitlab issue templates
Add a step to make the default branch and add how to find a tag when it
does not exist yet.
- - - - -
d1b97543 by Richard Pospesel at 2023-09-19T17:52:51+02:00
Bug 41089: Add tor-browser build scripts + Makefile to tor-browser
- - - - -
77222733 by clairehurst at 2023-09-19T17:52:51+02:00
fixup! Bug 41089: Add tor-browser build scripts + Makefile to tor-browser
Bug 42035: Update tools/torbrowser/ scripts to support macOS dev environment
- - - - -
51270bfe by Henry Wilkes at 2023-09-19T17:52:51+02:00
Bug 41803: Add some developer tools for working on tor-browser.
- - - - -
1e9e56f3 by Kathy Brade at 2023-09-19T17:52:52+02:00
Bug 11641: Disable remoting by default.
Unless the -osint command line flag is used, the browser now defaults
to the equivalent of -no-remote. There is a new -allow-remote flag that
may be used to restore the original (Firefox-like) default behavior.
- - - - -
132220dd by Alex Catarineu at 2023-09-19T17:52:53+02:00
Add TorStrings module for localization
- - - - -
8ff432b2 by Henry Wilkes at 2023-09-19T17:52:53+02:00
fixup! Add TorStrings module for localization
Bug 41333: Stop using aboutTor.dtd. No longer use aboutTBUpdate strings in about:tor.
- - - - -
1ff30999 by Pier Angelo Vendrame at 2023-09-19T17:52:54+02:00
fixup! Add TorStrings module for localization
Marked tor_controlconn_failed as a 12.5-only
- - - - -
7f4e82d7 by Henry Wilkes at 2023-09-19T17:52:54+02:00
fixup! Add TorStrings module for localization
Bug 42091: Remove authPrompt "Learn More" href from TorStrings.
- - - - -
7c71e255 by Henry Wilkes at 2023-09-19T17:52:55+02:00
Tor Browser strings
This commit adds all the strings needed for Tor Browser patches.
- - - - -
b470bbf8 by Henry Wilkes at 2023-09-19T17:52:55+02:00
Tor Browser localization migration scripts.
- - - - -
94fc57f0 by Mike Perry at 2023-09-19T17:52:56+02:00
Bug 2176: Rebrand Firefox to TorBrowser
See also Bugs #5194, #7187, #8115, #8219.
This patch does some basic renaming of Firefox to TorBrowser. The rest of the
branding is done by images and icons.
Also fix bug 27905.
Bug 25702: Update Tor Browser icon to follow design guidelines
- Updated all of the branding in /browser/branding/official with new 'stable'
icon series.
- Updated /extensions/onboarding/content/img/tor-watermark.png with new icon and
add the source svg in the same directory
- Copied /browser/branding/official over /browser/branding/nightly and the new
/browser/branding/alpha directories. Replaced content with 'nightly' and
'alpha' icon series.
Updated VisualElements_70.png and VisualElements_150.png with updated icons in
each branding directory (fixes #22654)
- Updated firefox.VisualElementsManfiest.xml with updated colors in each
branding directory
- Added firefox.svg to each branding directory from which all the other icons
are derived (apart from document.icns and document.ico)
- Added default256.png and default512.png icons
- Updated aboutTBUpdate.css to point to branding-aware icon128.png and removed
original icon
- Use the Tor Browser icon within devtools/client/themes/images/.
Bug 30631: Blurry Tor Browser icon on macOS app switcher
It would seem the png2icns tool does not generate correct icns files and
so on macOS the larger icons were missing resulting in blurry icons in
the OS chrome. Regenerated the padded icons in a macOS VM using
iconutil.
Bug 28196: preparations for using torbutton tor-browser-brand.ftl
A small change to Fluent FileSource class is required so that we
can register a new source without its supported locales being
counted as available locales for the browser.
Bug 31803: Replaced about:debugging logo with flat version
Bug 21724: Make Firefox and Tor Browser distinct macOS apps
When macOS opens a document or selects a default browser, it sometimes
uses the CFBundleSignature. Changing from the Firefox MOZB signature to
a different signature TORB allows macOS to distinguish between Firefox
and Tor Browser.
Bug 32092: Fix Tor Browser Support link in preferences
For bug 40562, we moved onionPattern* from bug 27476 to here, as
about:tor needs these files but it is included earlier.
Bug 41278: Create Tor Browser styled pdf logo similar to the vanilla Firefox one
- - - - -
7119926f by Henry Wilkes at 2023-09-19T17:52:56+02:00
fixup! Bug 2176: Rebrand Firefox to TorBrowser
Bug 41333: Add a branding svg logo.
Copied from branding/tb-<version>/firefox.svg.
- - - - -
db61f42c by Henry Wilkes at 2023-09-19T17:52:57+02:00
squash! Bug 2176: Rebrand Firefox to TorBrowser
Bug 42088: New application icons (used in-app and on linux).
- - - - -
bc0fcb88 by Henry Wilkes at 2023-09-19T17:52:58+02:00
fixup! Bug 2176: Rebrand Firefox to TorBrowser
Bug 41957: Use full tor browser icon for site identity button for internal pages.
Also remove colors in tor-styles.css.
- - - - -
71268b41 by Pier Angelo Vendrame at 2023-09-19T17:52:58+02:00
fixup! Bug 2176: Rebrand Firefox to TorBrowser
Bug 42078: Update macOS icons
- - - - -
4caa911d by sanketh at 2023-09-19T17:52:59+02:00
Bug 40209: Implement Basic Crypto Safety
Adds a CryptoSafety actor which detects when you've copied a crypto
address from a HTTP webpage and shows a warning.
Closes #40209.
Bug 40428: Fix string attribute names
- - - - -
da75a72f by Mike Perry at 2023-09-19T17:52:59+02:00
TB3: Tor Browser's official .mozconfigs.
Also:
Add an --enable-tor-browser-data-outside-app-dir configure option
Add --with-tor-browser-version configure option
Bug 31457: disable per-installation profiles
The dedicated profiles (per-installation) feature does not interact
well with our bundled profiles on Linux and Windows, and it also causes
multiple profiles to be created on macOS under TorBrowser-Data.
Bug 31935: Disable profile downgrade protection.
Since Tor Browser does not support more than one profile, disable
the prompt and associated code that offers to create one when a
version downgrade situation is detected.
Add --enable-tor-browser-update build option
Bug 40793: moved Tor configuration options from old-configure.in to moz.configure
Bug 41584: Move some configuration options to base-browser level
- - - - -
8471c1f7 by clairehurst at 2023-09-19T17:53:00+02:00
fixup! TB3: Tor Browser's official .mozconfigs.
Bug 42035: update mozconfig for macos development
- - - - -
144cb398 by Henry Wilkes at 2023-09-19T17:53:00+02:00
Bug 41340: Enable TOR_BROWSER_NIGHTLY_BUILD features for dev and nightly builds
tor-browser#41285: Enable fluent warnings.
- - - - -
9e917c2c by Pier Angelo Vendrame at 2023-09-19T17:53:01+02:00
Bug 40562: Added Tor Browser preferences to 000-tor-browser.js
Before reordering patches, we used to keep the Tor-related patches
(torbutton and tor-launcher) at the beginning.
After that issue, we decided to move them towards the end.
In addition to that, we have decided to move Tor Browser-only
preferences there, too, to make Base Browser-only fixups easier to
apply.
- - - - -
beb27b9f by Henry Wilkes at 2023-09-19T17:53:01+02:00
fixup! Bug 40562: Added Tor Browser preferences to 000-tor-browser.js
Bug 41333: Remove TorCheckService.
- - - - -
885549c5 by Richard Pospesel at 2023-09-19T17:53:02+02:00
fixup! Bug 40562: Added Tor Browser preferences to 000-tor-browser.js
- - - - -
510e84ea by Henry Wilkes at 2023-09-19T17:53:04+02:00
fixup! Bug 40562: Added Tor Browser preferences to 000-tor-browser.js
Bug 41906: Lock network.trr.mode to be explicitly off.
- - - - -
8b79c605 by Pier Angelo Vendrame at 2023-09-19T17:53:04+02:00
Bug 13252: Customize profile management on macOS
On macOS we allow both portable mode and system installation.
However, in the latter case, we customize Firefox's directories to
match the hierarchy we use for the portable mode.
Also, display an informative error message if the TorBrowser-Data
directory cannot be created due to an "access denied" or a
"read only volume" error.
- - - - -
de89d30e by Pier Angelo Vendrame at 2023-09-19T17:53:05+02:00
Bug 40933: Add tor-launcher functionality
Bug 41926: Reimplement the control port
- - - - -
2f6eb3b8 by Henry Wilkes at 2023-09-19T17:53:05+02:00
fixup! fixup! Bug 40933: Add tor-launcher functionality
Bug 41333: Remove TorCheckService.
- - - - -
83c00801 by Pier Angelo Vendrame at 2023-09-19T17:53:06+02:00
fixup! Bug 40933: Add tor-launcher functionality
Deleted old stuff, unified TorController with ControlSocket, simplified
everything (e.g., do not use the dispatcher anymore, just call stuff
directly or use a much simpler map).
- - - - -
6f78826f by Pier Angelo Vendrame at 2023-09-19T17:53:06+02:00
fixup! Bug 40933: Add tor-launcher functionality
Use `#` instead of `_` for private things here and there, to make
reviewing the changes easier.
- - - - -
e82c6f9a by Pier Angelo Vendrame at 2023-09-19T17:53:07+02:00
fixup! Bug 40933: Add tor-launcher functionality
Shuffle code here and there, so that it's feasible to check that
nothing actually changed with `git diff --color-moved`.
- - - - -
acc4e6c8 by Pier Angelo Vendrame at 2023-09-19T17:53:07+02:00
fixup! Bug 40933: Add tor-launcher functionality
Further refactors/improvements.
- - - - -
df87cd7c by Pier Angelo Vendrame at 2023-09-19T17:53:08+02:00
fixup! Bug 40933: Add tor-launcher functionality
Refactored the settings reading, the first connection and events setup.
- - - - -
45e1dd66 by Pier Angelo Vendrame at 2023-09-19T17:53:08+02:00
fixup! Bug 40933: Add tor-launcher functionality
Moved the control port parsing for asynchronous events from TorProvider
to TorControlPort.
- - - - -
ed0f19a9 by Pier Angelo Vendrame at 2023-09-19T17:53:09+02:00
fixup! Bug 40933: Add tor-launcher functionality
Bug 41986: Fix the control port password handling
- - - - -
a65669a5 by Pier Angelo Vendrame at 2023-09-19T17:53:09+02:00
fixup! Bug 40933: Add tor-launcher functionality
- - - - -
5cd0b1e3 by Pier Angelo Vendrame at 2023-09-19T17:53:10+02:00
fixup! Bug 40933: Add tor-launcher functionality
Second chunk of changes requested during the review.
- - - - -
3909206e by Pier Angelo Vendrame at 2023-09-19T17:53:11+02:00
fixup! Bug 40933: Add tor-launcher functionality
Change the provider buidler to make build async and other fixes.
- - - - -
5f7787be by Pier Angelo Vendrame at 2023-09-19T17:53:11+02:00
fixup! Bug 40933: Add tor-launcher functionality
Make the restart case stronger.
- - - - -
34403ea2 by Pier Angelo Vendrame at 2023-09-19T17:53:12+02:00
fixup! Bug 40933: Add tor-launcher functionality
Move the restart to the ProviderBuilder.
- - - - -
8645a190 by Pier Angelo Vendrame at 2023-09-19T17:53:12+02:00
fixup! Bug 40933: Add tor-launcher functionality
Addressed more requests from the review, and added documentation.
- - - - -
8db51876 by Pier Angelo Vendrame at 2023-09-19T17:53:12+02:00
fixup! Bug 40933: Add tor-launcher functionality
Bug 42102: Fix checkPort in TorProcess
- - - - -
4e6197f5 by Richard Pospesel at 2023-09-19T17:53:13+02:00
Bug 40597: Implement TorSettings module
- migrated in-page settings read/write implementation from about:preferences#tor
to the TorSettings module
- TorSettings initially loads settings from the tor daemon, and saves them to
firefox prefs
- TorSettings notifies observers when a setting has changed; currently only
QuickStart notification is implemented for parity with previous preference
notify logic in about:torconnect and about:preferences#tor
- about:preferences#tor, and about:torconnect now read and write settings
thorugh the TorSettings module
- all tor settings live in the torbrowser.settings.* preference branch
- removed unused pref modify permission for about:torconnect content page from
AsyncPrefs.jsm
Bug 40645: Migrate Moat APIs to Moat.jsm module
- - - - -
f44ef500 by Pier Angelo Vendrame at 2023-09-19T17:53:13+02:00
fixup! Bug 40597: Implement TorSettings module
Workaround for a race condition.
- - - - -
d7549479 by Pier Angelo Vendrame at 2023-09-19T17:53:14+02:00
fixup! Bug 40597: Implement TorSettings module
The provider building is now async.
- - - - -
402ad307 by Pier Angelo Vendrame at 2023-09-19T17:53:15+02:00
fixup! Bug 40597: Implement TorSettings module
Set the state back to Configure when the tor process exits, and disable
qiuckstart.
We should also show the "Not Connected" pill again.
- - - - -
b5aa34c8 by Arthur Edelstein at 2023-09-19T17:53:15+02:00
Bug 3455: Add DomainIsolator, for isolating circuit by domain.
Add an XPCOM component that registers a ProtocolProxyChannelFilter
which sets the username/password for each web request according to
url bar domain.
Bug 9442: Add New Circuit button
Bug 13766: Set a 10 minute circuit dirty timeout for the catch-all circ.
Bug 19206: Include a 128 bit random tag as part of the domain isolator nonce.
Bug 19206: Clear out the domain isolator state on `New Identity`.
Bug 21201.2: Isolate by firstPartyDomain from OriginAttributes
Bug 21745: Fix handling of catch-all circuit
Bug 41741: Refactor the domain isolator and new circuit
- - - - -
36278c1a by cypherpunks1 at 2023-09-19T17:53:16+02:00
fixup! Bug 3455: Add DomainIsolator, for isolating circuit by domain.
Bug 40175: Use first-party isolation on reader view
- - - - -
860c94e1 by Pier Angelo Vendrame at 2023-09-19T17:53:16+02:00
fixup! Bug 3455: Add DomainIsolator, for isolating circuit by domain.
The provider building is now async.
- - - - -
548ccc94 by Henry Wilkes at 2023-09-19T17:53:16+02:00
Bug 41600: Add a tor circuit display panel.
- - - - -
4f8016ca by cypherpunks1 at 2023-09-19T17:53:17+02:00
fixup! Bug 41600: Add a tor circuit display panel.
Bug 40175: Support circuit display on about:reader
- - - - -
356932d8 by Richard Pospesel at 2023-09-19T17:53:17+02:00
fixup! Bug 41600: Add a tor circuit display panel.
Bug 41865: Use --text-color-deemphasized rather than --panel-description-color
- - - - -
2973fbe3 by Henry Wilkes at 2023-09-19T17:53:18+02:00
fixup! Bug 41600: Add a tor circuit display panel.
Bug 42045: Allow circuit panel to grow in width for long addresses.
- - - - -
38886199 by Henry Wilkes at 2023-09-19T17:53:21+02:00
fixup! Bug 41600: Add a tor circuit display panel.
Bug 41980: Center-align the circuit heading.
- - - - -
0507161c by Henry Wilkes at 2023-09-19T17:53:21+02:00
fixup! Bug 41600: Add a tor circuit display panel.
Bug 42091: Use TorUIUtils to shorten the onion address.
- - - - -
15fa681a by hackademix at 2023-09-19T17:53:22+02:00
Bug 8324: Prevent DNS proxy bypasses caused by Drag&Drop
Bug 41613: Skip Drang & Drop filtering for DNS-safe URLs
- - - - -
42138254 by Amogh Pradeep at 2023-09-19T17:53:22+02:00
Orfox: Centralized proxy applied to AbstractCommunicator and BaseResources.
See Bug 1357997 for partial uplift.
Also:
Bug 28051 - Use our Orbot for proxying our connections
Bug 31144 - ESR68 Network Code Review
- - - - -
508c1958 by Matthew Finkel at 2023-09-19T17:53:23+02:00
Bug 25741: TBA: Disable GeckoNetworkManager
The browser should not need information related to the network
interface or network state, tor should take care of that.
- - - - -
993ff8fa by Kathy Brade at 2023-09-19T17:53:23+02:00
Bug 14631: Improve profile access error messages.
Instead of always reporting that the profile is locked, display specific
messages for "access denied" and "read-only file system".
To allow for localization, get profile-related error strings from Torbutton.
Use app display name ("Tor Browser") in profile-related error alerts.
- - - - -
62399654 by Pier Angelo Vendrame at 2023-09-19T17:53:23+02:00
Bug 40807: Added QRCode.js to toolkit/modules
- - - - -
c15a7936 by Richard Pospesel at 2023-09-19T17:53:24+02:00
Bug 31286: Implementation of bridge, proxy, and firewall settings in about:preferences#connection
This patch adds a new about:preferences#connection page which allows
modifying bridge, proxy, and firewall settings from within Tor Browser.
All of the functionality present in tor-launcher's Network
Configuration panel is present:
- Setting built-in bridges
- Requesting bridges from BridgeDB via moat
- Using user-provided bridges
- Configuring SOCKS4, SOCKS5, and HTTP/HTTPS proxies
- Setting firewall ports
- Viewing and Copying Tor's logs
- The Networking Settings in General preferences has been removed
Bug 40774: Update about:preferences page to match new UI designs
- - - - -
74bdf570 by Richard Pospesel at 2023-09-19T17:53:24+02:00
fixup! Bug 31286: Implementation of bridge, proxy, and firewall settings in about:preferences#connection
Bug 41977: Hide the 'Learn more' link in bridge cards
- - - - -
53d77950 by Henry Wilkes at 2023-09-19T17:53:25+02:00
fixup! Bug 31286: Implementation of bridge, proxy, and firewall settings in about:preferences#connection
Bug 41812: Stop using -moz-box-flex
Fixes:
Bug 41904: Connection settings now inputs at full width.
Bug 41821: Tor logs now expand with dialog.
- - - - -
bd927112 by Henry Wilkes at 2023-09-19T17:53:26+02:00
fixup! Bug 31286: Implementation of bridge, proxy, and firewall settings in about:preferences#connection
Bug 42047: Remove sizing hacks for tor dialogs. We can just wait until
DOMContentLoaded to call _populateXUL. Then the subDialog code will take
care of the sizing for us.
- - - - -
9edf966b by Henry Wilkes at 2023-09-19T17:53:26+02:00
fixup! Bug 31286: Implementation of bridge, proxy, and firewall settings in about:preferences#connection
Bug 41651: Use moz-toggle for enable-bridges switch.
- - - - -
da664169 by Richard Pospesel at 2023-09-19T17:53:27+02:00
fixup! Bug 31286: Implementation of bridge, proxy, and firewall settings in about:preferences#connection
Bug 41974: De-emphasized text in custom components is no longer gray in 13.0 alpha
- - - - -
97658076 by Pier Angelo Vendrame at 2023-09-19T17:53:27+02:00
fixup! Bug 31286: Implementation of bridge, proxy, and firewall settings in about:preferences#connection
The provider building is now async.
- - - - -
be0507a1 by henry at 2023-09-19T17:53:28+02:00
fixup! Bug 31286: Implementation of bridge, proxy, and firewall settings in about:preferences#connection
Added some error handling for the cases in which the Tor provider
failed to build.
- - - - -
c126645c by Richard Pospesel at 2023-09-19T17:53:28+02:00
Bug 27476: Implement about:torconnect captive portal within Tor Browser
- implements new about:torconnect page as tor-launcher replacement
- adds new torconnect component to browser
- tor process management functionality remains implemented in tor-launcher through the TorProtocolService module
- adds warning/error box to about:preferences#tor when not connected to tor
Bug 40773: Update the about:torconnect frontend page to match additional UI flows.
Bug 41608: Add a toolbar status button and a urlbar "Connect" button.
- - - - -
0202ab19 by Pier Angelo Vendrame at 2023-09-19T17:53:29+02:00
fixup! Bug 27476: Implement about:torconnect captive portal within Tor Browser
Fixed another race condition and moved to ES modules while I was
touching this code.
- - - - -
5911c55f by Henry Wilkes at 2023-09-19T17:53:29+02:00
fixup! Bug 27476: Implement about:torconnect captive portal within Tor Browser
Bug 42079: Support moving out of the TorConnectState.Bootsrapped state
for gTorConnectTitlebarStatus and gTorConnectUrlbarButton.
- - - - -
490e2a63 by Henry Wilkes at 2023-09-19T17:53:30+02:00
Bug 7494: Create local home page for TBB.
Bug 41333: Update about:tor to new design. Including:
+ make the favicon match the branding icon.
+ make the location bar show a search icon.
- - - - -
04123f41 by Henry Wilkes at 2023-09-19T17:53:30+02:00
fixup! Bug 7494: Create local home page for TBB.
Bug 41333: Remove TorCheckService.
- - - - -
eef1671d by Henry Wilkes at 2023-09-19T17:53:31+02:00
fixup! Bug 7494: Create local home page for TBB.
Bug 42075: Increase inline margin for the message links in about:tor.
Also increase the end margin of the emoji icon.
- - - - -
68b2d132 by Henry Wilkes at 2023-09-19T17:53:32+02:00
fixup! Bug 7494: Create local home page for TBB.
Bug 42073: Add onion pattern to about:tor background.
- - - - -
29904003 by Arthur Edelstein at 2023-09-19T17:53:32+02:00
Bug 12620: TorBrowser regression tests
Regression tests for Bug #2950: Make Permissions Manager memory-only
Regression tests for TB4: Tor Browser's Firefox preference overrides.
Note: many more functional tests could be made here
Regression tests for #2874: Block Components.interfaces from content
Bug 18923: Add a script to run all Tor Browser specific tests
Regression tests for Bug #16441: Suppress "Reset Tor Browser" prompt.
- - - - -
4d2619ef by Pier Angelo Vendrame at 2023-09-19T17:53:33+02:00
Bug 41668: Tweaks to the Base Browser updater for Tor Browser
This commit was once part of "Bug 4234: Use the Firefox Update Process
for Tor Browser.".
However, some parts of it were not needed for Base Browser and some
derivative browsers.
Therefore, we extracted from that commit the parts for Tor Browser
legacy, and we add them back to the patch set with this commit.
- - - - -
fc8c490d by Pier Angelo Vendrame at 2023-09-19T17:53:33+02:00
fixup! Bug 41668: Tweaks to the Base Browser updater for Tor Browser
The provider building is now async.
- - - - -
5c8ce95c by Kathy Brade at 2023-09-19T17:53:34+02:00
Bug 12647: Support symlinks in the updater.
- - - - -
7af4c5b4 by Kathy Brade at 2023-09-19T17:53:34+02:00
Bug 19121: reinstate the update.xml hash check
This is a partial revert of commit f1241db6986e4b54473a1ed870f7584c75d51122.
Revert most changes from Mozilla Bug 862173 "don't verify mar file hash
when using mar signing to verify the mar file (lessens main thread I/O)."
We kept the addition to the AppConstants API in case other JS code
references it in the future.
- - - - -
2eab30bc by Kathy Brade at 2023-09-19T17:53:35+02:00
Bug 16940: After update, load local change notes.
Add an about:tbupdate page that displays the first section from
TorBrowser/Docs/ChangeLog.txt and includes a link to the remote
post-update page (typically our blog entry for the release).
Always load about:tbupdate in a content process, but implement the
code that reads the file system (changelog) in the chrome process
for compatibility with future sandboxing efforts.
Also fix bug 29440. Now about:tbupdate is styled as a fairly simple
changelog page that is designed to be displayed via a link that is on
about:tor.
- - - - -
d25a7b17 by Pier Angelo Vendrame at 2023-09-19T17:53:38+02:00
fixup! Bug 16940: After update, load local change notes.
Remove the doubled and unused aboutTBUpdate.dtd
- - - - -
0d1302b6 by Georg Koppen at 2023-09-19T17:53:38+02:00
Bug 32658: Create a new MAR signing key
It's time for our rotation again: Move the backup key in the front
position and add a new backup key.
Bug 33803: Move our primary nightly MAR signing key to tor-browser
Bug 33803: Add a secondary nightly MAR signing key
- - - - -
78ec020d by Mike Perry at 2023-09-19T17:53:39+02:00
Omnibox: Add DDG, Startpage, Disconnect, Youtube, Twitter; remove Amazon, eBay, bing
eBay and Amazon don't treat Tor users very well. Accounts often get locked and
payments reversed.
Also:
Bug 16322: Update DuckDuckGo search engine
We are replacing the clearnet URL with an onion service one (thanks to a
patch by a cypherpunk) and are removing the duplicated DDG search
engine. Duplicating DDG happend due to bug 1061736 where Mozilla
included DDG itself into Firefox. Interestingly, this caused breaking
the DDG search if JavaScript is disabled as the Mozilla engine, which
gets loaded earlier, does not use the html version of the search page.
Moreover, the Mozilla engine tracked where the users were searching from
by adding a respective parameter to the search query. We got rid of that
feature as well.
Also:
This fixes bug 20809: the DuckDuckGo team has changed its server-side
code in a way that lets users with JavaScript enabled use the default
landing page while those without JavaScript available get redirected
directly to the non-JS page. We adapt the search engine URLs
accordingly.
Also fixes bug 29798 by making sure we only specify the Google search
engine we actually ship an .xml file for.
Also regression tests.
squash! Omnibox: Add DDG, Startpage, Disconnect, Youtube, Twitter; remove Amazon, eBay, bing
Bug 40494: Update Startpage search provider
squash! Omnibox: Add DDG, Startpage, Disconnect, Youtube, Twitter; remove Amazon, eBay, bing
Bug 40438: Add Blockchair as a search engine
Bug 33342: Avoid disconnect search addon error after removal.
We removed the addon in #32767, but it was still being loaded
from addonStartup.json.lz4 and throwing an error on startup
because its resource: location is not available anymore.
- - - - -
395eccd6 by Alex Catarineu at 2023-09-19T17:53:39+02:00
Bug 40073: Disable remote Public Suffix List fetching
In https://bugzilla.mozilla.org/show_bug.cgi?id=1563246 Firefox implemented
fetching the Public Suffix List via RemoteSettings and replacing the default
one at runtime, which we do not want.
- - - - -
7216971e by Henry Wilkes at 2023-09-19T17:53:40+02:00
Bug 41906: Hide DNS over HTTPS preferences.
- - - - -
4c0b36c2 by Richard Pospesel at 2023-09-19T17:53:40+02:00
Bug 23247: Communicating security expectations for .onion
Encrypting pages hosted on Onion Services with SSL/TLS is redundant
(in terms of hiding content) as all traffic within the Tor network is
already fully encrypted. Therefore, serving HTTP pages from an Onion
Service is more or less fine.
Prior to this patch, Tor Browser would mostly treat pages delivered
via Onion Services as well as pages delivered in the ordinary fashion
over the internet in the same way. This created some inconsistencies
in behaviour and misinformation presented to the user relating to the
security of pages delivered via Onion Services:
- HTTP Onion Service pages did not have any 'lock' icon indicating
the site was secure
- HTTP Onion Service pages would be marked as unencrypted in the Page
Info screen
- Mixed-mode content restrictions did not apply to HTTP Onion Service
pages embedding Non-Onion HTTP content
This patch fixes the above issues, and also adds several new 'Onion'
icons to the mix to indicate all of the various permutations of Onion
Services hosted HTTP or HTTPS pages with HTTP or HTTPS content.
Strings for Onion Service Page Info page are pulled from Torbutton's
localization strings.
- - - - -
28414d6f by cypherpunks1 at 2023-09-19T17:53:41+02:00
fixup! Bug 23247: Communicating security expectations for .onion
Bug 41934: Treat unencrypted websocket connections to onion services as secure
- - - - -
7c093b39 by Henry Wilkes at 2023-09-19T17:53:41+02:00
fixup! Bug 23247: Communicating security expectations for .onion
Bug 42091: Shorten onion address in site identity panel to be consistent
with the circuit display.
- - - - -
78526f46 by Kathy Brade at 2023-09-19T17:53:42+02:00
Bug 30237: Add v3 onion services client authentication prompt
When Tor informs the browser that client authentication is needed,
temporarily load about:blank instead of about:neterror and prompt
for the user's key.
If a correctly formatted key is entered, use Tor's ONION_CLIENT_AUTH_ADD
control port command to add the key (via Torbutton's control port
module) and reload the page.
If the user cancels the prompt, display the standard about:neterror
"Unable to connect" page. This requires a small change to
browser/actors/NetErrorChild.jsm to account for the fact that the
docShell no longer has the failedChannel information. The failedChannel
is used to extract TLS-related error info, which is not applicable
in the case of a canceled .onion authentication prompt.
Add a leaveOpen option to PopupNotifications.show so we can display
error messages within the popup notification doorhanger without
closing the prompt.
Add support for onion services strings to the TorStrings module.
Add support for Tor extended SOCKS errors (Tor proposal 304) to the
socket transport and SOCKS layers. Improved display of all of these
errors will be implemented as part of bug 30025.
Also fixes bug 19757:
Add a "Remember this key" checkbox to the client auth prompt.
Add an "Onion Services Authentication" section within the
about:preferences "Privacy & Security section" to allow
viewing and removal of v3 onion client auth keys that have
been stored on disk.
Also fixes bug 19251: use enhanced error pages for onion service errors.
- - - - -
59486520 by Pier Angelo Vendrame at 2023-09-19T17:53:42+02:00
fixup! Bug 30237: Add v3 onion services client authentication prompt
The provider building is now async.
- - - - -
1f1b164e by Pier Angelo Vendrame at 2023-09-19T17:53:43+02:00
fixup! Bug 30237: Add v3 onion services client authentication prompt
Fix possible race conditions on the busy state.
- - - - -
67ce8609 by Pier Angelo Vendrame at 2023-09-19T17:53:44+02:00
fixup! Bug 30237: Add v3 onion services client authentication prompt
Re-build the provider every time we need it, since it might change now.
- - - - -
d51f004c by Henry Wilkes at 2023-09-19T17:53:44+02:00
fixup! Bug 30237: Add v3 onion services client authentication prompt
Bug 42092: Fix layout styling of saved onion keys dialog.
- - - - -
f528f338 by Henry Wilkes at 2023-09-19T17:53:45+02:00
fixup! Bug 30237: Add v3 onion services client authentication prompt
Bug 42091: Tidy up authPrompt.jsm.
Stop importing modules to the global scope and remove authUtil.jsm.
Refactor the description string handling.
- - - - -
6fdd448a by Henry Wilkes at 2023-09-19T17:53:45+02:00
fixup! Bug 30237: Add v3 onion services client authentication prompt
Bug 42091: Shorten the shown onion address in the auth prompt.
- - - - -
d7314a7a by Alex Catarineu at 2023-09-19T17:53:46+02:00
Bug 21952: Implement Onion-Location
Whenever a valid Onion-Location HTTP header (or corresponding HTML
<meta> http-equiv attribute) is found in a document load, we either
redirect to it (if the user opted-in via preference) or notify the
presence of an onionsite alternative with a badge in the urlbar.
- - - - -
9c046ad5 by Pier Angelo Vendrame at 2023-09-19T17:53:46+02:00
Bug 40458: Implement .tor.onion aliases
We have enabled HTTPS-Only mode, therefore we do not need
HTTPS-Everywhere anymore.
However, we want to keep supporting .tor.onion aliases (especially for
securedrop).
Therefore, in this patch we implemented the parsing of HTTPS-Everywhere
rulesets, and the redirect of .tor.onion domains.
Actually, Tor Browser believes they are actual domains. We change them
on the fly on the SOCKS proxy requests to resolve the domain, and on
the code that verifies HTTPS certificates.
- - - - -
7f083816 by Richard Pospesel at 2023-09-19T17:53:47+02:00
fixup! Bug 40458: Implement .tor.onion aliases
Bug 41974: De-emphasized text in custom components is no longer gray in 13.0 alpha
- - - - -
b31552fe by Pier Angelo Vendrame at 2023-09-19T17:53:47+02:00
Bug 11698: Incorporate Tor Browser Manual pages into Tor Browser
This patch associates the about:manual page to a translated page that
must be injected to browser/omni.ja after the build.
The content must be placed in chrome/browser/content/browser/manual/, so
that is then available at chrome://browser/content/manual/.
We preferred giving absolute freedom to the web team, rather than having
to change the patch in case of changes on the documentation.
- - - - -
d05ce45e by Henry Wilkes at 2023-09-19T17:53:48+02:00
fixup! Bug 11698: Incorporate Tor Browser Manual pages into Tor Browser
Bug 41333: Use fluent for manual menu entry since we're no longer using aboutTor.dtd.
- - - - -
da0ed2d2 by Pier Angelo Vendrame at 2023-09-19T17:53:48+02:00
Bug 41435: Add a Tor Browser migration function
For now this function only deletes old language packs for which we are
already packaging the strings with the application.
- - - - -
683152f9 by Henry Wilkes at 2023-09-19T17:53:49+02:00
Bug 42110: Add TorUIUtils module for common tor component methods.
- - - - -
a90a396f by Dan Ballard at 2023-09-19T17:53:49+02:00
Bug 40701: Add security warning when downloading a file
Shown in the downloads panel, about:downloads and places.xhtml.
- - - - -
8e194f14 by Richard Pospesel at 2023-09-19T17:53:50+02:00
fixup! Bug 40701: Add security warning when downloading a file
Bug 41971: Update Tails URL in downloads warning
- - - - -
d495e30c by Henry Wilkes at 2023-09-19T17:53:50+02:00
fixup! Bug 40701: Add security warning when downloading a file
Bug 41886: Fix downloads panel warning size.
- - - - -
491f92d4 by Henry Wilkes at 2023-09-19T17:53:51+02:00
Bug 41736: Customize toolbar for tor-browser.
- - - - -
ca6e3a74 by hackademix at 2023-09-19T17:53:51+02:00
Bug 41728: Pin bridges.torproject.org domains to Let's Encrypt's root cert public key
- - - - -
f87bbfc1 by Henry Wilkes at 2023-09-19T17:53:52+02:00
Customize moz-toggle for tor-browser.
- - - - -
4e23d110 by Henry Wilkes at 2023-09-19T17:53:54+02:00
fixup! Customize moz-toggle for tor-browser.
Bug 41651: Use moz-toggle for enable-bridges switch.
- - - - -
0bf2c83e by Henry Wilkes at 2023-09-19T17:53:55+02:00
Bug 42072: 2023 year end campaign for about:tor.
- - - - -
54b2f6d1 by Henry Wilkes at 2023-09-19T17:53:55+02:00
fixup! Bug 42072: 2023 year end campaign for about:tor.
- - - - -
30 changed files:
- .eslintignore
- .gitignore
- + .gitlab/issue_templates/Backport Android Security Fixes.md
- + .gitlab/issue_templates/Rebase Browser - Alpha.md
- + .gitlab/issue_templates/Rebase Browser - Stable.md
- + browser/actors/AboutTBUpdateChild.jsm
- + browser/actors/AboutTBUpdateParent.jsm
- + browser/actors/CryptoSafetyChild.jsm
- + browser/actors/CryptoSafetyParent.jsm
- browser/actors/moz.build
- browser/app/Makefile.in
- browser/app/macbuild/Contents/Info.plist.in
- + browser/app/profile/000-tor-browser.js
- browser/base/content/aboutDialog.xhtml
- + browser/base/content/aboutDialogTor.css
- + browser/base/content/abouttbupdate/aboutTBUpdate.css
- + browser/base/content/abouttbupdate/aboutTBUpdate.js
- + browser/base/content/abouttbupdate/aboutTBUpdate.xhtml
- browser/base/content/appmenu-viewcache.inc.xhtml
- + browser/base/content/browser-doctype.inc
- browser/base/content/browser-menubar.inc
- browser/base/content/browser-sets.inc
- browser/base/content/browser-siteIdentity.js
- browser/base/content/browser.js
- browser/base/content/browser.xhtml
- browser/base/content/default-bookmarks.html
- browser/base/content/hiddenWindowMac.xhtml
- browser/base/content/main-popupset.inc.xhtml
- browser/base/content/navigator-toolbox.inc.xhtml
- browser/base/content/pageinfo/pageInfo.xhtml
The diff was not included because it is too large.
View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/compare/1d65f29cbe66e796ba81c47e40bbbe6c9a0a3866...54b2f6d16c7bd8a2831985176cff496e65b74361
--
View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/compare/1d65f29cbe66e796ba81c47e40bbbe6c9a0a3866...54b2f6d16c7bd8a2831985176cff496e65b74361
You're receiving this email because of your account on gitlab.torproject.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tbb-commits/attachments/20230919/992b66cc/attachment-0001.htm>
More information about the tbb-commits
mailing list