Trac issueshttps://gitlab.torproject.org/legacy/trac/-/issues2020-06-15T23:27:21Zhttps://gitlab.torproject.org/legacy/trac/-/issues/13091Use "Tor Browser" everywhere (space included)2020-06-15T23:27:21ZMark SmithUse "Tor Browser" everywhere (space included)This is a spinoff of bug #13087. We should change our .mozconfig files to have:
```
mk_add_options MOZ_APP_DISPLAYNAME="Tor Browser"
```
and see if that causes any problems. If not, this is a simple change.This is a spinoff of bug #13087. We should change our .mozconfig files to have:
```
mk_add_options MOZ_APP_DISPLAYNAME="Tor Browser"
```
and see if that causes any problems. If not, this is a simple change.Mark SmithMark Smithhttps://gitlab.torproject.org/legacy/trac/-/issues/11449Torbutton New Identity error with regard to NoScript2020-06-15T23:18:37ZTracTorbutton New Identity error with regard to NoScriptError reads:
Torbutton: Error clearing NoScript Temporary Permissions: TypeError: Components.classes['@maone.net/noscript-service;1'] is undefined
I'll be monitoring this bug to give feedback as needed.
I think I'm running 3.6 but I m...Error reads:
Torbutton: Error clearing NoScript Temporary Permissions: TypeError: Components.classes['@maone.net/noscript-service;1'] is undefined
I'll be monitoring this bug to give feedback as needed.
I think I'm running 3.6 but I might be running the latest PT bundle. Hard to tell! Filing another bug about that :/
Thanks!
**Trac**:
**Username**: Cypherpunkshttps://gitlab.torproject.org/legacy/trac/-/issues/3455Tor Browser should set SOCKS username for a request based on first party domain2020-06-15T23:33:20ZMike PerryTor Browser should set SOCKS username for a request based on first party domainOnce Proposal 171 is implemented (#1865), Tor Browser should set the Proposal 171 SOCKS username to a function of the hostname in the referer header (possibly caching the first referer for subsequent link navigation).
If the referer is...Once Proposal 171 is implemented (#1865), Tor Browser should set the Proposal 171 SOCKS username to a function of the hostname in the referer header (possibly caching the first referer for subsequent link navigation).
If the referer is blank, we should use a function of the request URL hostname. This policy should effectively give us the same top-level origin isolation for circuit use that we want for other identifiers.
Lunar also points out that if this function introduces a hashed nonce that is changed on "New Identity" invocations, we can then do without the control port and control auth/password inside torbutton but still provide New Identity. This would simplify a lot of setups, and potentially allow us to remove more code from Torbutton.TorBrowserBundle 2.3.x-stableArthur EdelsteinArthur Edelsteinhttps://gitlab.torproject.org/legacy/trac/-/issues/13432TBB on Linux just asked me if I wanted to update2020-06-15T23:21:14ZMike PerryTBB on Linux just asked me if I wanted to updateMy TBB 4.0-alpha-3 just popped up a window asking me if I wanted to upgrade (I just uploaded the manifest files).
I had previously clicked on the "Help->About Tor Browser" tab, but I had closed that window several minutes prior.
This ...My TBB 4.0-alpha-3 just popped up a window asking me if I wanted to upgrade (I just uploaded the manifest files).
I had previously clicked on the "Help->About Tor Browser" tab, but I had closed that window several minutes prior.
This probably shouldn't have happened, and it especially shouldn't happen for our stable users. We want them to explicitly navigate to the Help window to upgrade if they want to. At least, until we get #11955 and #13379 fixed.https://gitlab.torproject.org/legacy/trac/-/issues/13356symlinks missing after complete MAR file update2020-06-15T23:20:54ZMark Smithsymlinks missing after complete MAR file updateWhile testing using MAR files from our own nightly build, brade and I discovered that the meek symlinks (present on Mac OS) are removed after a complete MAR update is applied to TB 4.0-alpha-3. The problem is in the MAR file generation ...While testing using MAR files from our own nightly build, brade and I discovered that the meek symlinks (present on Mac OS) are removed after a complete MAR update is applied to TB 4.0-alpha-3. The problem is in the MAR file generation – specifically, we neglected to include the addsymlink directives in the updatev2.manifest file (we only put them in the new updatev3.manifest file that is used by ESR31 and newer browsers).Mark SmithMark Smithhttps://gitlab.torproject.org/legacy/trac/-/issues/13016Remove access to all Mozilla-prefixed media queries2020-06-15T23:24:36ZMike PerryRemove access to all Mozilla-prefixed media queriesIn Firefox25, Mozilla added a couple scary media queries (-moz-os-version and -moz-osx-font-smoothing).
I think we should get rid of these, as well as most/all of the prefixed media queries in https://developer.mozilla.org/en-US/docs/We...In Firefox25, Mozilla added a couple scary media queries (-moz-os-version and -moz-osx-font-smoothing).
I think we should get rid of these, as well as most/all of the prefixed media queries in https://developer.mozilla.org/en-US/docs/Web/Guide/CSS/Media_queries#-moz-os-version.
Either just disable them, or make them lie.Mark SmithMark Smithhttps://gitlab.torproject.org/legacy/trac/-/issues/13027Make WebWorkers use spoofed navigator.* useragent values2022-07-09T21:51:27ZMike PerryMake WebWorkers use spoofed navigator.* useragent valuesWe spoof the navigator values through various general.useragent.override prefs. However, this object is now exposed to WebWorkers too, which may or may not be listening to these new prefs (because WebWorkers are special threads and have ...We spoof the navigator values through various general.useragent.override prefs. However, this object is now exposed to WebWorkers too, which may or may not be listening to these new prefs (because WebWorkers are special threads and have restricted access to much of XPCOM).
https://bugzilla.mozilla.org/show_bug.cgi?id=925847Georg KoppenGeorg Koppenhttps://gitlab.torproject.org/legacy/trac/-/issues/13025Lie about the screen orientation2020-06-15T23:35:01ZMike PerryLie about the screen orientationScreen orientation is now exposed as a JS property: https://developer.mozilla.org/en-US/docs/Web/API/Screen.orientation
We should probably make this property lie.Screen orientation is now exposed as a JS property: https://developer.mozilla.org/en-US/docs/Web/API/Screen.orientation
We should probably make this property lie.Georg KoppenGeorg Koppenhttps://gitlab.torproject.org/legacy/trac/-/issues/13460fix error handling mistake in patch for Bug 130282020-06-15T23:21:24ZArthur Edelsteinfix error handling mistake in patch for Bug 13028Visual Studio compiler discovered a problem in patch for Bug 13028 (https://gitweb.torproject.org/tor-browser.git/blobdiff/777695d09e3cff4c79c48839e1c9d5102b772d6f..04c046e11f6622f44ca010bcb8ecf68cf470a4c0:/security/nss/lib/libpkix/pkix_...Visual Studio compiler discovered a problem in patch for Bug 13028 (https://gitweb.torproject.org/tor-browser.git/blobdiff/777695d09e3cff4c79c48839e1c9d5102b772d6f..04c046e11f6622f44ca010bcb8ecf68cf470a4c0:/security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_socket.c)
In both cases, `return PR_FAILURE;` should be `PKIX_ERROR(PKIX_PRNEWTCPSOCKETFAILED);`
Fixup attached.https://gitlab.torproject.org/legacy/trac/-/issues/11955Backport Certificate Pinning to FF31ESR2020-06-15T23:21:14ZMike PerryBackport Certificate Pinning to FF31ESRCertificate pinning did not make it into Firefox 31ESR, however the patches should be an easy backport. We should take Mozilla's patches for this when we rebase to FF31.
Relevant Mozilla bugs:
https://bugzilla.mozilla.org/show_bug.cgi?i...Certificate pinning did not make it into Firefox 31ESR, however the patches should be an easy backport. We should take Mozilla's patches for this when we rebase to FF31.
Relevant Mozilla bugs:
https://bugzilla.mozilla.org/show_bug.cgi?id=744204
https://bugzilla.mozilla.org/show_bug.cgi?id=772756Arthur EdelsteinArthur Edelstein