[tor-bugs] #21340 [Applications/Tor Browser]: Identify and backport new patches from Firefox

Tor Bug Tracker & Wiki blackhole at torproject.org
Mon Mar 13 06:37:07 UTC 2017 

#21340: Identify and backport new patches from Firefox
--------------------------------------+------------------------------
 Reporter:  arthuredelstein           |          Owner:  tbb-team
     Type:  defect                    |         Status:  needs_review
 Priority:  Medium                    |      Milestone:
Component:  Applications/Tor Browser  |        Version:
 Severity:  Normal                    |     Resolution:
 Keywords:  TorBrowserTeam2017R       |  Actual Points:
Parent ID:  #20680                    |         Points:
 Reviewer:                            |        Sponsor:  Sponsor4
--------------------------------------+------------------------------
Changes (by arthuredelstein):

 * keywords:   => TorBrowserTeam2017R
 * status:  new => needs_review


Comment:

 Here's a list of patches I cherry-picked or backported from Firefox >=53
 without too much difficulty. They are Tor uplift patches or addition
 first-party isolation work.

 {{{
 1334690 Isolate AlternateService mappings by Origin Attributes
 1334693 Investigate and isolate SPDY/HTTP2 state by first-party domain
 when privacy.firstparty.isolate = true
 1315602 Remove the assertion of FirstPartyDomain should be empty in HTTP
 redirect
 1317927 Media caching needs to use origin attributes
 1274020 Add a test to show that the DOM Cache is separated by origin
 attributes
 1282655 Add a test case to test whether site permissions are universal or
 isolated for each type of OriginAttribute
 1305144 Spoof referrer when leaving a .onion domain (Tor 17334)
 1216893 Add pref to optionally disable SVG (Tor 12827)
 }}}

 Here's the branch with these patches. If this seems reasonable I will
 merge these with my latest #20680 branch.

 https://github.com/arthuredelstein/tor-browser/commits/20680

 A few patches have substantial conflicts: namely HSTS/HPKP isolation and
 the network predictor isolation patch. These are going to take further
 work:
 {{{
 1290529 clear HSTS and HPKP for subdomains as well when bug 1115712 is
 fixed
 1323644 Isolate the HSTS and HPKP cache by first party domain.
 1336867 Remove unsafeProcessHeader and isSecureHost in
 nsISiteSecurityService
 1115712 make DataStorage for HPKP and HSTS enumerable via xpcom

 1312954 Making the network predictor obey originAttributes and updating
 SpeculativeConnect() to SpeculativeConnect2().
 }}}

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/21340#comment:3>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list