Trac issueshttps://gitlab.torproject.org/legacy/trac/-/issues2020-06-15T23:27:43Zhttps://gitlab.torproject.org/legacy/trac/-/issues/16632Turn on the background autoupdater2020-06-15T23:27:43ZMike PerryTurn on the background autoupdaterNow that we're fairly sure that everything is working OK with our offline mar signing, etc, we should turn on the background updater for 5.0. The current popup for updates is still a barrier for some people to update immediately, I suspe...Now that we're fairly sure that everything is working OK with our offline mar signing, etc, we should turn on the background updater for 5.0. The current popup for updates is still a barrier for some people to update immediately, I suspect.
I will test an upgrade from 5.0a2 to 5.0a3 with app.update.auto set to true on Linux, so we can verify it still works across the FF31 to FF38 transition. If that works out, we should set the pref by default in 5.0a4, and again in 5.0.
I might need someone else to test Windows and Mac.Mike PerryMike Perryhttps://gitlab.torproject.org/legacy/trac/-/issues/16625Fully disable Firefox network predictor2020-06-15T23:27:42ZMike PerryFully disable Firefox network predictorThe network predictor (formerly called 'seer') makes preemptive connections to resources in a page based on cached information. It can also do the same when the user hovers over a link.
We should verify that this thing does not actually...The network predictor (formerly called 'seer') makes preemptive connections to resources in a page based on cached information. It can also do the same when the user hovers over a link.
We should verify that this thing does not actually make full HTTP requests during the hover prefetch, as that could be a linkability issue. The preemptive connections to resources may also subvert our SOCKS username+password isolation.Mike PerryMike Perryhttps://gitlab.torproject.org/legacy/trac/-/issues/16523Browser/Chrome Javascript Debugger Broken in Tor Browser2020-06-15T23:27:26ZMike PerryBrowser/Chrome Javascript Debugger Broken in Tor BrowserMozilla deprecated the Venkman debugger (https://addons.mozilla.org/en-us/firefox/addon/javascript-debugger/) in favor of the in-browser debugger (https://developer.mozilla.org/en-US/docs/Debugging_JavaScript#JavaScript_Debugger) for deb...Mozilla deprecated the Venkman debugger (https://addons.mozilla.org/en-us/firefox/addon/javascript-debugger/) in favor of the in-browser debugger (https://developer.mozilla.org/en-US/docs/Debugging_JavaScript#JavaScript_Debugger) for debugging addons and browser javascript.
Unfortunately, the instructions on that page do not work. I get a blank window that seems to just hang, without a connection attempt. I tried adding "127.0.0.1,localhost" to the **network.proxy.no_proxies_on** pref, on the assumption that the TCP connection was failing, but to no avail.
We should probably try to have this fixed soon, so that debugging addons and browser javascript is possible in TBB 5.0.Georg KoppenGeorg Koppenhttps://gitlab.torproject.org/legacy/trac/-/issues/16510Remove "Share This Page" from our toolbar2020-06-15T23:27:24ZMike PerryRemove "Share This Page" from our toolbarThe Toolbar in 5.0a3 still includes a "Share This Page" button. We should remove that.
I will do this by updating the default value of browser.uiCustomization.state. Somewhat hacky, but expedient.The Toolbar in 5.0a3 still includes a "Share This Page" button. We should remove that.
I will do this by updating the default value of browser.uiCustomization.state. Somewhat hacky, but expedient.Mike PerryMike Perryhttps://gitlab.torproject.org/legacy/trac/-/issues/16509Disconnect Search is not set correctly for English 5.0a3 bundles2020-06-15T23:27:23ZMike PerryDisconnect Search is not set correctly for English 5.0a3 bundlesIt looks like the Disconnect search is not being set for the English bundles. They still default to Yahoo. For some reason, it seems that the non-English bundles have the proper default.
I suspect this is due to the geolocalization chec...It looks like the Disconnect search is not being set for the English bundles. They still default to Yahoo. For some reason, it seems that the non-English bundles have the proper default.
I suspect this is due to the geolocalization checks in ./toolkit/components/search/nsSearchService.js.
I think if we also set browser.search.defaultenginename.US in our compiled-in prefs, it should properly reset the engine for EnglishMike PerryMike Perryhttps://gitlab.torproject.org/legacy/trac/-/issues/16496"Tor" instead of "Tor Browser" in Windows Properies2020-06-15T23:27:21ZMark Smith"Tor" instead of "Tor Browser" in Windows ProperiesOn Windows, I noticed that the Product Name within the Properties is truncated. This is a regression. I guess this patch did not make it into our ESR 38 codebase:
https://gitweb.torproject.org/user/brade/tor-browser.git/commit/?id=267...On Windows, I noticed that the Product Name within the Properties is truncated. This is a regression. I guess this patch did not make it into our ESR 38 codebase:
https://gitweb.torproject.org/user/brade/tor-browser.git/commit/?id=26735f870de9ec7cb7b9e6aa5bbf4fd9f92ea4fd
(a fixup for #13091).https://gitlab.torproject.org/legacy/trac/-/issues/16483Clearing cache on New Identity in Tor Browser 5.0a3 is throwing exceptions2020-06-15T23:27:13ZGeorg KoppenClearing cache on New Identity in Tor Browser 5.0a3 is throwing exceptionsClearing the cache on New Identity I get
```
Torbutton: Unexpected error during offline cache clearing: [Exception... "Component returned failure code: 0x80004001 (NS_ERROR_NOT_IMPLEMENTED) [nsICacheService.evictEntries]" nsresult: "0x8...Clearing the cache on New Identity I get
```
Torbutton: Unexpected error during offline cache clearing: [Exception... "Component returned failure code: 0x80004001 (NS_ERROR_NOT_IMPLEMENTED) [nsICacheService.evictEntries]" nsresult: "0x80004001 (NS_ERROR_NOT_IMPLEMENTED)" location: "JS frame :: chrome://torbutton/content/torbutton.js :: torbutton_do_new_identity :: line 1792" data: no]
```https://gitlab.torproject.org/legacy/trac/-/issues/15781Get rid of sessionstore component in Torbutton2020-06-15T23:25:32ZGeorg KoppenGet rid of sessionstore component in TorbuttonThere is no usecase anymore for our tbSessionStore.js. https://bugzilla.mozilla.org/show_bug.cgi?id=944557 made sure that there is nothing written to disk in Private Browsing Mode in the first place and if one disables disk blocking ther...There is no usecase anymore for our tbSessionStore.js. https://bugzilla.mozilla.org/show_bug.cgi?id=944557 made sure that there is nothing written to disk in Private Browsing Mode in the first place and if one disables disk blocking there is no need for us to strip information (apart from the fact that this is not working anymore either as |subject| in the notification is |null|.Mike PerryMike Perryhttps://gitlab.torproject.org/legacy/trac/-/issues/15579Organize our patches and prepare for rebase2020-06-15T23:25:07ZMike PerryOrganize our patches and prepare for rebaseBefore we rebase, we should see if we can reorganize our patches into better functional groups, and make a note of what in-tree tests currently fail before the switch.Before we rebase, we should see if we can reorganize our patches into better functional groups, and make a note of what in-tree tests currently fail before the switch.https://gitlab.torproject.org/legacy/trac/-/issues/13035Make sure our cache isolation works with cache22020-06-15T23:27:42ZGeorg KoppenMake sure our cache isolation works with cache2Mozilla wrote a new cache back-end which landed in the 32 release cycle and has a bunch of new features like
```
The new HTTP cache back end has many improvements like request prioritization optimized for first-paint time, ahead of read ...Mozilla wrote a new cache back-end which landed in the 32 release cycle and has a bunch of new features like
```
The new HTTP cache back end has many improvements like request prioritization optimized for first-paint time, ahead of read data preloading to speed up large content load, delayed writes to not block first paint time, pool of most recently used response headers to allow 0ms decisions on reuse or re-validation of a cached payload, 0ms miss-time look-up via an index, smarter eviction policies using frecency algorithm
```
(http://www.janbambas.cz/new-firefox-http-cache-enabled/)
We should make sure that our cache isolation patches get properly rewritten and no new information leaks occur.
See: https://bugzilla.mozilla.org/show_bug.cgi?id=913806 and https://developer.mozilla.org/en-US/docs/HTTP_Cache for further information.Mark SmithMark Smithhttps://gitlab.torproject.org/legacy/trac/-/issues/12975Ensure NTLMv2 is still disabled2020-06-15T23:19:49ZMike PerryEnsure NTLMv2 is still disabledIn #12974, we disabled NTLMv1 and Negotiate auth. Mozilla is also planning on deploying NTLMv2. We need to keep an eye on this deployment and its associated prefs for FF38-ESR, and set the prefs they provide in ways that make sense for T...In #12974, we disabled NTLMv1 and Negotiate auth. Mozilla is also planning on deploying NTLMv2. We need to keep an eye on this deployment and its associated prefs for FF38-ESR, and set the prefs they provide in ways that make sense for Tor.
Their bug is:
https://bugzilla.mozilla.org/show_bug.cgi?id=423758Mike PerryMike Perry