The Tor Project issueshttps://gitlab.torproject.org/groups/tpo/-/issues2022-04-04T16:31:02Zhttps://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/40460Upgrade to OpenSSL 1.1.1n2022-04-04T16:31:02ZrichardUpgrade to OpenSSL 1.1.1nNew openssl about to drop and I hear it's going to spit fire:
https://mta.openssl.org/pipermail/openssl-announce/2022-March/000216.htmlNew openssl about to drop and I hear it's going to spit fire:
https://mta.openssl.org/pipermail/openssl-announce/2022-March/000216.htmlboklmboklm2022-03-15https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41107Bundled extensions don't get updated with Android Tor Browser updates (they s...2022-09-22T20:32:42Zma1Bundled extensions don't get updated with Android Tor Browser updates (they stay stuck at the first installed version)### Summary
Bundled extensions (e.g. NoScript) do not get updated to the version shipped with the current Tor Browser version during automatic browser updates.
Noticed while trying to troubleshoot an issue on a Samsung S21 device where ...### Summary
Bundled extensions (e.g. NoScript) do not get updated to the version shipped with the current Tor Browser version during automatic browser updates.
Noticed while trying to troubleshoot an issue on a Samsung S21 device where the Tor Browser have been installed for months, and realizing that NoScript was stuck at version 11.2.11 while TB version is 11.5 (which ships with NoScript 11.4.6).
### Steps to reproduce:
1. Install an older Tor Browser on Android and check NoScript version number
2. Update to current Tor Browser (__not__ uninstalling and reinstalling)
3. Check again NoScript version number
### What is the current bug behavior?
NoScript version is still the one originally installed.
### What is the expected behavior?
NoScript should be updated to the version shipping with latest Tor Browser
### Environment
- OS: Android 12
- Installation method: Google Playma1ma12022-08-22https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41156User-installed addons are broken on Android2022-08-31T16:42:13Zma1User-installed addons are broken on Android### Summary
User installed addons can be installed but cannot work because they are disabled by default in Private Browsing, and our patches hide the UI to change this setting (ironically, on the assumption users have no business at __di...### Summary
User installed addons can be installed but cannot work because they are disabled by default in Private Browsing, and our patches hide the UI to change this setting (ironically, on the assumption users have no business at __disabling__ them).
### Steps to reproduce:
1. On TBB for Android version 11.5, install any of the addons listed in `Settings>Addons`, e.g. uBlock
2. Try to use it, e.g. by opening its `Settings` page
### What is the current bug behavior?
Blank or non-interactive addon UI
### What is the expected behavior?
Regular and interactive addon UI
### Environment
Tor Browser 11.5 on Android 12 from Google Playma1ma12022-08-25https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/29815Sign our macOS bundles on Linux2023-12-04T13:27:05ZGeorg KoppenSign our macOS bundles on LinuxI've wanted that for a long time and did not find an already open ticket, but we should leverage our hardened Linux box to sign our .dmg files as well, like we do for our .exe files. One part that makes it harder as the macOS signing is ...I've wanted that for a long time and did not find an already open ticket, but we should leverage our hardened Linux box to sign our .dmg files as well, like we do for our .exe files. One part that makes it harder as the macOS signing is content signing while the authenticode signing is not. Another hard part is that there is no such thing as `osslsigncode` which we could use with (minimal) patching.
Or maybe there is? See: https://github.com/saucelabs/isign. However, there is still (much) work to do, see: https://github.com/saucelabs/isign/issues/88.Sponsor 131 - Phase 4 - Browser Release Managementrichardrichard2023-10-10https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/40964Create new Tor Browser gpg subkey2023-10-16T21:20:23ZboklmCreate new Tor Browser gpg subkeyAfter being extended by 5 months in #40957, the current Tor Browser gpg subkey will be expiring in some months. We should generate a new subkey and switch to it while the old one is still valid for a few months.After being extended by 5 months in #40957, the current Tor Browser gpg subkey will be expiring in some months. We should generate a new subkey and switch to it while the old one is still valid for a few months.boklmboklm2023-11-13https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/40936Revert tor-browser-build#409332023-12-01T08:49:02ZrichardRevert tor-browser-build#40933Once we are no longer building incrmentals from the 12.5 series, we should revert a21969281d18941b69a94b994b0797f8b88ad45f in `main`Once we are no longer building incrmentals from the 12.5 series, we should revert a21969281d18941b69a94b994b0797f8b88ad45f in `main`richardrichard2023-12-01https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/41110Avoid Fontconfig warning about "ambiguous path"2024-03-27T08:15:02ZRusty BirdAvoid Fontconfig warning about "ambiguous path" $ ./start-tor-browser --verbose
Fontconfig warning: "/home/user/tor-browser/Browser/fontconfig/fonts.conf", line 42: Use of ambiguous path in <dir> element. please add prefix="cwd" if current behavior is desired.
I'll open a mer... $ ./start-tor-browser --verbose
Fontconfig warning: "/home/user/tor-browser/Browser/fontconfig/fonts.conf", line 42: Use of ambiguous path in <dir> element. please add prefix="cwd" if current behavior is desired.
I'll open a merge request that adds `prefix="cwd"`.Rusty BirdRusty Birdhttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/42459Add startpage onion service to list of search providers2024-03-26T21:17:06ZrichardAdd startpage onion service to list of search providersStartpage has added a new onion service, so lets add it to the list of built-in search providers.
URL: http://startpagel6srwcjlue4zgq3zevrujfaow726kjytqbbjyrswwmjzcqd.onion/
We'd like this in the next stable release 13.0.12 and the nex...Startpage has added a new onion service, so lets add it to the list of built-in search providers.
URL: http://startpagel6srwcjlue4zgq3zevrujfaow726kjytqbbjyrswwmjzcqd.onion/
We'd like this in the next stable release 13.0.12 and the next alpha release 13.5a6Dan BallardDan Ballardhttps://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/41102src archive does not match likely due to mismatched xz-utils version2024-03-11T14:50:02Zrichardsrc archive does not match likely due to mismatched xz-utils versionDiscovered during the 13.0.11 release, the underlying tar archive does match, so this is just a matter of the xz generation differing betwen versions:
- https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/41101#not...Discovered during the 13.0.11 release, the underlying tar archive does match, so this is just a matter of the xz generation differing betwen versions:
- https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/41101#note_3004284boklmboklmhttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/42435Update moat domain fronting configuration2024-03-26T20:56:08ZCecylia BocovichUpdate moat domain fronting configurationThe front we're currently using for moat (foursquare.com) renewed its certificate today, which brought into effect [Fastly's new policy to match the Host header to the cert SANs](https://github.com/net4people/bbs/issues/309). Moat won't ...The front we're currently using for moat (foursquare.com) renewed its certificate today, which brought into effect [Fastly's new policy to match the Host header to the cert SANs](https://github.com/net4people/bbs/issues/309). Moat won't work until we update the `bridgedb_front` and `bridgedb_reflector` prefs. We're discussing what the new domain fronting configuration should be in https://gitlab.torproject.org/tpo/anti-censorship/team/-/issues/135Cecylia BocovichCecylia Bocovichhttps://gitlab.torproject.org/tpo/applications/mullvad-browser/-/issues/271After update, don't open the release page on Github. Instead link it in the s...2024-03-26T20:57:03ZruihildtAfter update, don't open the release page on Github. Instead link it in the startpage, like in Tor BrowserUsers are complaining a Github page is opening automatically after update (which I entirely agree is unnecessary and unwelcome).
Could we adopt the same flow as in Tor Browser.
See screenshot:
![image](/uploads/e19a1ed79ffdf358bf738ff...Users are complaining a Github page is opening automatically after update (which I entirely agree is unnecessary and unwelcome).
Could we adopt the same flow as in Tor Browser.
See screenshot:
![image](/uploads/e19a1ed79ffdf358bf738ffb8be9b953/image.png)richardrichardhttps://gitlab.torproject.org/tpo/applications/mullvad-browser/-/issues/270Mullvad support email has changed from `support@mullvad.net` to `support@mull...2024-03-05T12:59:36ZruihildtMullvad support email has changed from `support@mullvad.net` to `support@mullvadvpn.net`From `support@mullvad.net` to `support@mullvadvpn.net`From `support@mullvad.net` to `support@mullvadvpn.net`Pier Angelo VendramePier Angelo Vendramehttps://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/41085kick_devmole_build script prints wrong URL for Mullvad's build hashes2024-03-05T16:39:24Zrichardkick_devmole_build script prints wrong URL for Mullvad's build hashesMissing `browser` in the path and a trailing /Missing `browser` in the path and a trailing /richardrichardhttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/42402Remove Android YEC strings2024-02-08T09:18:22ZPier Angelo VendrameRemove Android YEC stringsIn firefox-android!58 I missed the strings. We should remove them.
Desktop strings have already been removed.In firefox-android!58 I missed the strings. We should remove them.
Desktop strings have already been removed.Pier Angelo VendramePier Angelo Vendramehttps://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/41067Use Capture::Tiny instead of IO::CaptureOutput2024-01-31T08:52:10ZSertonixUse Capture::Tiny instead of IO::CaptureOutput[IO::CaptureOutput](https://metacpan.org/pod/IO::CaptureOutput) has been marked as deprecated. I think it is not a good idea to have deprecated dependencies so it would be nice to remove it.
- [ ] update instructions in README[IO::CaptureOutput](https://metacpan.org/pod/IO::CaptureOutput) has been marked as deprecated. I think it is not a good idea to have deprecated dependencies so it would be nice to remove it.
- [ ] update instructions in READMEboklmboklmhttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/42373Backport Moz 18748012024-01-18T15:08:20ZPier Angelo VendrameBackport Moz 1874801Thorin found [Bug 1874801](https://bugzilla.mozilla.org/show_bug.cgi?id=1874801), and I think it might be a candidate for backport.
@richard how could we proceed? Alpha first and then 13.0.10?
@tjr do you think this could be uplifted t...Thorin found [Bug 1874801](https://bugzilla.mozilla.org/show_bug.cgi?id=1874801), and I think it might be a candidate for backport.
@richard how could we proceed? Alpha first and then 13.0.10?
@tjr do you think this could be uplifted to 115 at Moz?
/cc @ma1 for additional opinions :smile:.https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/42363Tab thumbnails enhancements2024-01-11T16:33:30Zma1Tab thumbnails enhancementsVarious performance and privacy enhancements backported from mainline (non-ESR) firefox-android.Various performance and privacy enhancements backported from mainline (non-ESR) firefox-android.ma1ma1https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/41059Update keyring/torbrowser.gpg with updated key2024-01-10T15:56:40ZboklmUpdate keyring/torbrowser.gpg with updated keyTor Browser gpg key has been updated with new expiration date, so we
should update `keyring/torbrowser.gpg`.Tor Browser gpg key has been updated with new expiration date, so we
should update `keyring/torbrowser.gpg`.boklmboklmhttps://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/41056Make it possible to use templates in var/torbrowser_incremental_from2024-01-15T15:06:35ZboklmMake it possible to use templates in var/torbrowser_incremental_fromTo avoid having separate definitions of `var/torbrowser_incremental_from`
for torbrowser and mullvadbrowser (which can lead to forgetting to
update one of them, like #41054), it would be useful to be able to use
templates there.To avoid having separate definitions of `var/torbrowser_incremental_from`
for torbrowser and mullvadbrowser (which can lead to forgetting to
update one of them, like #41054), it would be useful to be able to use
templates there.boklmboklmhttps://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/41050Improve the disk leak sanitization on start-$browser2023-12-19T16:17:42ZPier Angelo VendrameImprove the disk leak sanitization on start-$browserWe received this user feedback:
> [...]
>
> With commands "# Prevent disk leaks in $HOME/.local/share (tor-browser#17560)" \
> You totally removed my folder "/home/USERX/.local/share"
>
> Why: \
> "Mullvad/Browser/.local" folder in my ...We received this user feedback:
> [...]
>
> With commands "# Prevent disk leaks in $HOME/.local/share (tor-browser#17560)" \
> You totally removed my folder "/home/USERX/.local/share"
>
> Why: \
> "Mullvad/Browser/.local" folder in my config is a symlink to my real "home/USERX/.local".
>
> [...]
While this user was running an unsupported configuration, I think it highlights that we have some room for improvement:
1. we can check `realpath` first: if it's outside the `Browser` directory, we bail
2. we make that delete more precise (i.e., we remove only the relevant GTK files)ma1ma1