[tor-bugs] #15197 [Tor Browser]: Rebase Tor Browser patches to ESR 45
Tor Bug Tracker & Wiki
blackhole at torproject.org
Fri Mar 25 07:30:01 UTC 2016
#15197: Rebase Tor Browser patches to ESR 45
--------------------------------------------+------------------------------
Reporter: gk | Owner:
Type: task | arthuredelstein
Priority: Very High | Status: new
Component: Tor Browser | Milestone:
Severity: Critical | Version:
Keywords: ff45-esr, TorBrowserTeam201603 | Resolution:
Parent ID: | Actual Points:
Reviewer: | Points:
| Sponsor: SponsorU
--------------------------------------------+------------------------------
Comment (by arthuredelstein):
Here is my rebased branch to TBB/ESR45: https://github.com/arthuredelstein
/tor-browser/commits/15197+7
(Hash 3934bfd814b74d0e7eec382ab126ef83107b23ab)
I tried to re-order commits to group them by category and also to follow
gk's suggestions in comment:13.
The following shows what happened to each commit on the most recent
TBB/ESR38-alpha branch, `remotes/origin/tor-browser-38.7.1esr-6.0-1`:
{{{
#!html
<pre>
Key:
A = Already in ESR45 (had been backported to TBB/ESR38)
B = Replaced by backport from FF46 or later
D = Dropped commit (because of Reverts)
R = Rebased from TBB/ESR38 to TBB/ESR45
P = Rebased from TBB/ESR38 to TBB/ESR45 by Pearl Crescent (mcs and brade)
U = Upstreamed by us and therefore already in ESR45
W = Patch re-written (see child bugs for review)
Commits:
R c1b7d7e fixup! Bug 16940: After update, load local change notes.
R 38e31a6 fixup! Bug #4234: Use the Firefox Update Process for Tor
Browser.
R a9354c8 Bug 13252 - Do not store data in the app bundle
P 9729ce1 Bug 18292: Staged updates fail on Windows
R 09e1a0e Bug 18170: After update, only changelog tab shown
R beb375e Bug 18297: Use separate Noto JP,KR,SC,TC fonts
<a href="https://hg.mozilla.org/mozilla-central/rev/04aa9165c832">A</a>
9abdcf8 Bug 1202266 - Suppress '-Wformat-security' in libstagefright
CXXFLAGS. r=kentuckyfriedtakahe
R 78e86ce Bug 16322: Update DuckDuckGo search engine
R e38d0e1 Bug 18008: Create a new MAR Signing key
<a href="https://hg.mozilla.org/mozilla-central/rev/2abc599b0464">U</a>
23e813e Bug 17931: Use a non-format argument in LogMessageToConsole
<a href="https://hg.mozilla.org/mozilla-central/rev/7cfbfa3139b4">U</a>
c758f98 Bug 17931: Update GonkGPSGeolocationProvider.cpp to use B2G-style
logging
R 0c04c060 Regression tests for Bug 15564: Isolate SharedWorker by first
party domain
R c1c8969 Bug 15564: Isolate SharedWorker by first party domain
R 345666e Bug 17009: Pref to suppress some modifier key events
R 6e30c72 Bug 16441: Suppress "Reset Tor Browser" prompt.
R 1a86d45 Bug 16863: console.error on new Tor Browser window
R 24f9e73 Bug 12516: Compile hardenend Tor Browser with -fwrapv
R c629f33 Bug 17502: Add a pref hiding the "Open with" option
P 79324a1 Bug 16940: After update, load local change notes.
<a href="https://hg.mozilla.org/mozilla-central/rev/8388bcc79553">A</a>
1fb0575 Bug 1151485 - Disable app update xml certificate checks on Linux
now that there is mar signing on Linux. r=bbondy
<a href="https://hg.mozilla.org/mozilla-central/rev/f87c7a84a77f">A</a>
54c9f73 Bug 920750 - Disable update xml certificate checks on Mac OS X.
r=bbondy
R fe91f17 Bug 16620: Clear window.name when no referrer sent
R 2c935ce Regression tests for Bug #17207: Hide mime types and plugins
when resisting fingerprinting
R 78688df Bug #17207: Hide mime types and plugins when resisting
fingerprinting
R 75fe2a3 Updating .mozconfig-asan
<a href="https://hg.mozilla.org/mozilla-central/rev/5e86358d4ec2">A</a>
206cb87 Bug 1196381 - Eliminate breakpad dependency in ThreadStackHelper;
r=nfroyd r=snorp The breakpad dependency in ThreadStackHelper is
preventing us from upgrading our in-tree copy to a newer version (bug
1069556). This patch gets rid of that dependency. This makes native stack
frames not work for BHR, but because of the ftp.m.o decommissioning,
native symbolication was already broken and naive stack frames already
don't work, so we don't really lose anything from this patch.
<a href="https://hg.mozilla.org/mozilla-central/rev/33e89c9a4172">A</a>
e3d793a Bug 1147248 - GCC 4.9 needs this patch to use address sanitizer.
r=glandium
D 9b0aed1 Revert "Back out changes for bug 16909"
D f5928cb Back out changes for bug 16909
<a href="https://hg.mozilla.org/mozilla-central/rev/c4aebb4abcc5">U</a>
dab1267 Bug 16906: Don't depend on Windows crypto DLLs
<a href="https://hg.mozilla.org/mozilla-central/rev/34bbc3cb3e79">A</a>
1516b26 Bug 16906: Fix MinGW compilation breakage.
R 5899d2a Bug #16855: Allow blobs to be downloaded on first-party pages
<a href="https://hg.mozilla.org/mozilla-central/rev/ae5f5a18ddd0">A</a>
4268c90 Bug 1192120 - Fix warnings that show up when opening the downloads
window in private browsing mode; r=mconley
<a href="https://hg.mozilla.org/mozilla-central/rev/059f102b3567">A</a>
3c89cbf Bug #16311: Fix the responseEnd attribute (navigation timing)
R 85e63e7 Bug 16488: Remove "Sign in to Sync" from the menu.
R bb566bc Bug #13313: Pref 'font.system.whitelist' restricts set of
permitted fonts
<a href="https://hg.mozilla.org/mozilla-central/rev/6a9178395997">U</a>
d5e200f Bug #13313 Part 2: Fix windows cross-compile for --enable-bundled-
fonts
R 56597fc Bug #15703: Regression tests for isolation of mediasource URI
R 5e849a9 Bug #15502. Isolate blob, mediasource & mediastream URLs to
first party
D e4e326d Revert "Bug #15502. Isolate blob URLs to first party; no
blobURLs in Web Workers"
<a href="https://hg.mozilla.org/mozilla-central/rev/498153aa50a7">U</a>
d01aaac Bug 1078657 - Add SpawnTask.js for async tasks in mochitests.
r=jmaher
P d74d9a3 Bug 16236: Windows updater: avoid writing to the registry.
R 3b3a6c1 Bug 16528: Prevent indexedDB Modernizr breakage (e10s highrisk).
R 175a3e4 Bug #16005: Restrict WebGL minimal mode a bit.
<a href="https://hg.mozilla.org/mozilla-central/rev/6101a4ede19e">A</a>
6af09f7 Bug 16316: Fix New Tiles pref bustage.
R 46729ee Bug #16315: Test spoofed media queries in picture elements
R c4d1a61 Bug #13670.1: Isolate favicon requests by first party
R 5ad573e3 Bug 15646: Prevent keyboard layout fingerprinting in
KeyboardEvent
R dc834bf Bug #16005: Relax minimal mode.
R f642400 Bug 16300: Isolate Broadcast Channels to first party.
R c3a33a3 Bug 16439: remove screencasting code.
R c886505 Bug 16285: Disabling EME bits
<a href="https://hg.mozilla.org/mozilla-central/rev/ac6fd8d8e6a8">A</a>
a8d8642 Bug 1057908 - GeckoMediaPluginService needs to be proxied from
Content processes to parent process. Add nsServiceManagerUtils.h include
to WMFDecoderModule.cpp.
R ab2ce70 Bug 15910: Disable GMPs for now
<a href="https://hg.mozilla.org/projects/nss/rev/1c628bb28ce0">A</a>
f01ccbd Bug 16351: Upgrade our toolchain (Binutils/GCC)
<a href="https://hg.mozilla.org/mozilla-central/rev/4829b02a11af">A</a>
29e3813 Bug 918827 - Remove caching for ftp connections. r=michal
<a href="https://hg.mozilla.org/mozilla-central/rev/0c9e32f0a414">A</a>
cc14bed Bug 1151345 - Firefox app menu sometimes contains only "Quit" on
OS X. r=spohl
<a href="https://hg.mozilla.org/mozilla-central/rev/824009fbc42f">A</a>
ec9cb22 bug 1183967 - fixup correct case of mfidl.h
<a href="https://hg.mozilla.org/mozilla-central/rev/e37165f9b5fe">A</a>
5751773 Bug 1133689 - Make D3DVsyncDisplay destructor private.
r=jmuizelaar
R 4a27f7e Don't package things we don't build
R 028f802 Bug 13900: Remove 3rd party HTTP auth tokens.
R 39ab4c4 Bug #15502, Part 2: Regression tests for blob URL isolation
D e083bbb Bug #15502. Isolate blob URLs to first party; no blobURLs in Web
Workers
R c3f8f15 Bug 13670.2: Isolate OCSP requests by first party domain
R 3eb1aa1 Bug #13749.1: regression tests for first party isolation of
localStorage
R 41d0d77 Bug #13749.2: Regression tests for first-party isolation of
cache
R df36076 Bug #6564: Isolate DOM storage to first party URI.
W 415f86f Bug #6539: Isolate the Image Cache per url bar domain.
R 6e9c970 Bug 13742: Isolate cache to URL bar domain.
R af1b667 Bug #10819: Add a pref, "privacy.thirdparty.isolate", to allow
the activation or deactivation of isolating DOM storage and image caching
by first party URI.
R d82c874 Bug #5742: API allows you to get the url bar URI for a channel
or nsIDocument.
P bb74041 Bug 13379: Sign our MAR files.
<a href="https://hg.mozilla.org/mozilla-central/rev/27eafcbadfda">A</a>
f26c37f Bug 1158866 - Enable MAR verification on linux via NSS. r=rstrong
<a href="https://hg.mozilla.org/mozilla-central/rev/883e17fc475f">A</a>
c60696f Bug 973933 - Fix libmar warnings. r=rstrong. a=Callek
<a href="https://hg.mozilla.org/mozilla-central/rev/1aaa76c1c3ad">A</a>
43e23e2 Bug 973933 - Fix Nightly builds failing on updater-xpcshell.
r=rstrong
<a href="https://hg.mozilla.org/mozilla-central/rev/fc00de5d587f">A</a>
8d026f8 Bug 973933 - Temporarily disable Linux for MAR verification.
r=rstrong
<a href="https://hg.mozilla.org/mozilla-central/rev/c3dc05ca2b4a">A</a>
40a911a Bug 973933 - Fix mochitest chrome updater tests. r=rstrong
<a href="https://hg.mozilla.org/mozilla-central/rev/a0d5f4706bd2">A</a>
9547661 Bug 973933 - New updater-xpcshell binary for updater tests.
r=rstrong
<a href="https://hg.mozilla.org/mozilla-central/rev/71c747f84d03">A</a>
0fef593 Bug 991993: Disable NSS for updater on OSX and enable native APIs.
r=smichaud,rstrong
<a href="https://hg.mozilla.org/mozilla-central/rev/7adb8fc053b5">A</a>
4f65cb1 Bug 903126 - Replace DER file with XPCShell cert. r=rstrong
<a href="https://hg.mozilla.org/mozilla-central/rev/40a318763f49">A</a>
f783eff Bug 903126 - Don't use an xpcshell cert for verification.
r=rstrong
<a href="https://hg.mozilla.org/mozilla-central/rev/aea7dfa29464">A</a>
8d2ab52 Bug 903135 - Multi platform MAR verification updater support.
r=rstrong
<a href="https://hg.mozilla.org/mozilla-central/rev/c19d11fe2997">A</a>
e688472 Bug 903135 - Multi platform MAR verification build config.
r=rstrong
<a href="https://hg.mozilla.org/mozilla-central/rev/144170110448">A</a>
61e3f10 Bug 903135 - Updates to libmar needed to support B2G MAR signature
verification. r=bbondy
P 3358ed4 Bug #4234: Use the Firefox Update Process for Tor Browser.
P 73e122b Bug #11641: change TBB directory structure to be more like
Firefox's
P 91fdf8b Bug #9173: Change the default Firefox profile directory to be
TBB-relative.
R 145727a Bug #6253: Add canvas image extraction prompt.
R f862331 Bug 12827: Create preference to disable SVG.
R be59619 Bug 13548: Create preference to disable MathML.
W b09bdbf Bug 1517: Reduce precision of time for Javascript.
<a href="https://hg.mozilla.org/mozilla-central/rev/52d635f2b33d">B</a>
8c876c1 Bug #5926: Allow JS locale to be set to English/C.
<a href="https://hg.mozilla.org/mozilla-central/rev/deb7126157d7">U</a>
8b3d00b Bug #6786: Do not expose system colors to CSS or canvas.
<a href="https://hg.mozilla.org/mozilla-central/rev/3abb08512b24">U</a>
0cfc2a0 Bug 13025: Lie about screen orientation.
<a href="https://hg.mozilla.org/mozilla-central/rev/3abb08512b24">U</a>
3c54815 Bug 13016: Hide CSS -moz-osx-font-smoothing values.
R 9645cb2 Regression tests for #5856: Do not expose physical screen info
via window & window.screen.
<a href="https://hg.mozilla.org/mozilla-central/rev/3abb08512b24">U</a>
d9ea633 Bug #5856: Do not expose physical screen info via window &
window.screen.
R c188fd1 Regression tests for #2875: Limit device and system specific CSS
Media Queries.
<a href="https://hg.mozilla.org/mozilla-central/rev/3abb08512b24">U</a>
9afd24e Bug #2875: Limit device and system specific CSS Media Queries.
R 8b43089 Regression tests for #4755: Return client window coordinates for
mouse event screenX/Y (for dragend, 0,0 is returned).
<a href="https://hg.mozilla.org/mozilla-central/rev/3abb08512b24">U</a>
648a3de Bug #4755: Return client window coordinates for mouse event
screenX/Y (for dragend, 0,0 is returned).
<a href="https://hg.mozilla.org/releases/mozilla-
beta/diff/5dc991cc398a/security/nss/coreconf/WIN32.mk#l1.32">A</a> c6ca7ea
Bug 10761: Fix shutdown crashes on Windows
R e8d86e0 TB3: Tor Browser's official .mozconfigs.
R 13c7e53 Bug 14392: Make about:tor behave like other initial pages.
R 33122ba Bug #2176: Rebrand Firefox to TorBrowser
R db648a6 Regression tests for "Omnibox: Add DDG, Startpage, Disconnect,
Youtube, Twitter; remove Amazon, eBay, bing"
R c219db4 Omnibox: Add DDG, Startpage, Disconnect, Youtube, Twitter;
remove Amazon, eBay, bing
R b9566ae Regression tests for TB4: Tor Browser's Firefox preference
overrides.
R 1d8b7a2 TB4: Tor Browser's Firefox preference overrides.
<a href="https://hg.mozilla.org/mozilla-central/rev/5d47d1ff7e56">U</a>
19688d0 Bug #2949: Make Intermediate Cert Store memory-only.
R ddc5b7b Regression tests for Bug #2950: Make Permissions Manager memory-
only
<a href="https://hg.mozilla.org/mozilla-central/rev/9361bef1aefe">U</a>
555bf3b Bug #2950: Make Permissions Manager memory-only
R 5bfa856 Regression tests for #2874: Block Components.interfaces from
content
R ef7a707 Bug #12620: TorBrowser regression tests folder
R b474453 Bug #2874: Block Components.interfaces from content
R f7e3ce6 Bug 14631: Improve profile access error msgs (strings).
R 511c61b Bug 14631: Improve profile access error messages.
R d704575 Bug 14716: HTTP Basic Authentication prompt only displayed once
<a href="https://hg.mozilla.org/mozilla-central/rev/76cee391a698">U</a>
fbdf8d1 Bug #3455.2. Allow RFC1929 authentication (username/password) to
SOCKS servers.
R 5df872da Bug #3875: Use Optimistic Data SOCKS variant.
R b654aae Bug #5715: Make nsICacheService.EvictEntries synchronous
<a href="https://hg.mozilla.org/mozilla-central/rev/7d9434a0044f">U</a>
de59ee8 TB2: Provide an observer event to close persistent connections
R f8b56c1 Bug #5282: Randomize HTTP request order and pipeline depth.
R dfa5228 Bug 13028: Prevent potential proxy bypass cases.
R f5d75eb Bug #5741: Prevent WebSocket DNS leak.
R 2e2ebc2 Bug #12974: Disable NTLM and Negotiate HTTP Auth
R dd4c42d Bug 10280: Don't load any plugins into the address space.
R 15a3319 Bug #8312: Remove "This plugin is disabled" barrier.
R bcf625d Bug #3547: Block all plugins except flash.
<a href="https://hg.mozilla.org/mozilla-central/rev/6ee1f299da22">U</a>
10d37d6 Bug 12430: Disable external jar: via preference
</pre>
}}}
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/15197#comment:14>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list