Trac issueshttps://gitlab.torproject.org/legacy/trac/-/issues2020-06-15T23:21:49Zhttps://gitlab.torproject.org/legacy/trac/-/issues/13586Use security.ssl.disable_session_identifiers pref in meek-http-helper to rest...2020-06-15T23:21:49ZDavid Fifielddcf@torproject.orgUse security.ssl.disable_session_identifiers pref in meek-http-helper to restore TLS session ticketscomment:1:ticket:13442 shows that meek-http-helper in Tor Browser 4.0 doesn't match stock Firefox because it is missing the TLS session ticket extension. It's because of #10822 (and upstream Mozilla [#917049](https://bugzilla.mozilla.org...comment:1:ticket:13442 shows that meek-http-helper in Tor Browser 4.0 doesn't match stock Firefox because it is missing the TLS session ticket extension. It's because of #10822 (and upstream Mozilla [#917049](https://bugzilla.mozilla.org/show_bug.cgi?id=917049) and [#967977](https://bugzilla.mozilla.org/show_bug.cgi?id=967977)) which replaced one pref with another.
I've tested manually that setting `security.ssl.disable_session_identifiers=false` restores the missing extension. A test build with this patch has just started, but it's straightforward enough that I'll attach it now.https://gitlab.torproject.org/legacy/trac/-/issues/13320Upgrade go to 1.3.32020-06-15T23:20:49ZDavid Fifielddcf@torproject.orgUpgrade go to 1.3.3We're currently on 1.3. [1.3.1](https://groups.google.com/d/topic/golang-nuts/CF5wyVEjEaY) was bug fixes, [1.3.2](https://groups.google.com/d/topic/golang-nuts/eeOHNw_shwU) fixed a security bug in the crypto/tls package (which I don't th...We're currently on 1.3. [1.3.1](https://groups.google.com/d/topic/golang-nuts/CF5wyVEjEaY) was bug fixes, [1.3.2](https://groups.google.com/d/topic/golang-nuts/eeOHNw_shwU) fixed a security bug in the crypto/tls package (which I don't think affected us), and [1.3.3](https://groups.google.com/d/topic/golang-announce/MYS5MkDF5_A) fixed a bug in the Windows packaging of 1.3.2.
https://golang.org/doc/devel/release.html#go1.3https://gitlab.torproject.org/legacy/trac/-/issues/13027Make WebWorkers use spoofed navigator.* useragent values2022-07-09T21:51:27ZMike PerryMake WebWorkers use spoofed navigator.* useragent valuesWe spoof the navigator values through various general.useragent.override prefs. However, this object is now exposed to WebWorkers too, which may or may not be listening to these new prefs (because WebWorkers are special threads and have ...We spoof the navigator values through various general.useragent.override prefs. However, this object is now exposed to WebWorkers too, which may or may not be listening to these new prefs (because WebWorkers are special threads and have restricted access to much of XPCOM).
https://bugzilla.mozilla.org/show_bug.cgi?id=925847Georg KoppenGeorg Koppenhttps://gitlab.torproject.org/legacy/trac/-/issues/13025Lie about the screen orientation2020-06-15T23:35:01ZMike PerryLie about the screen orientationScreen orientation is now exposed as a JS property: https://developer.mozilla.org/en-US/docs/Web/API/Screen.orientation
We should probably make this property lie.Screen orientation is now exposed as a JS property: https://developer.mozilla.org/en-US/docs/Web/API/Screen.orientation
We should probably make this property lie.Georg KoppenGeorg Koppenhttps://gitlab.torproject.org/legacy/trac/-/issues/13016Remove access to all Mozilla-prefixed media queries2020-06-15T23:24:36ZMike PerryRemove access to all Mozilla-prefixed media queriesIn Firefox25, Mozilla added a couple scary media queries (-moz-os-version and -moz-osx-font-smoothing).
I think we should get rid of these, as well as most/all of the prefixed media queries in https://developer.mozilla.org/en-US/docs/We...In Firefox25, Mozilla added a couple scary media queries (-moz-os-version and -moz-osx-font-smoothing).
I think we should get rid of these, as well as most/all of the prefixed media queries in https://developer.mozilla.org/en-US/docs/Web/Guide/CSS/Media_queries#-moz-os-version.
Either just disable them, or make them lie.Mark SmithMark Smith