Trac issueshttps://gitlab.torproject.org/legacy/trac/-/issues2020-06-16T01:09:22Zhttps://gitlab.torproject.org/legacy/trac/-/issues/32380Get current Tor Browser code ready for RLBox2020-06-16T01:09:22ZGeorg KoppenGet current Tor Browser code ready for RLBoxRLBox is written in C++17. We likely hit build issues in an ESR 68 environment with a C++17 requirement. There is the option to adapt RLBox to C++11 code but we should not follow that path but backport build related patches instead.
htt...RLBox is written in C++17. We likely hit build issues in an ESR 68 environment with a C++17 requirement. There is the option to adapt RLBox to C++11 code but we should not follow that path but backport build related patches instead.
https://bugzilla.mozilla.org/show_bug.cgi?id=1560664 is a ticket to start.
If that turns out to be too tricky to require C++17 for the whole codebase we can think about enabling it just for the part we want to start sandboxing.Georg KoppenGeorg Koppenhttps://gitlab.torproject.org/legacy/trac/-/issues/31597Go over all closed bugs/bugs where patches landed between Firefox 61 and 68 (...2020-06-16T01:07:06ZGeorg KoppenGo over all closed bugs/bugs where patches landed between Firefox 61 and 68 (inclusive)We should double-check the thousands of bugs between Firefox 61 and 68 to make sure we don't miss anything important for us.We should double-check the thousands of bugs between Firefox 61 and 68 to make sure we don't miss anything important for us.Georg KoppenGeorg Koppenhttps://gitlab.torproject.org/legacy/trac/-/issues/31567NS_tsnprintf() does not handle %s correctly on Windows2020-06-16T01:06:56ZMark SmithNS_tsnprintf() does not handle %s correctly on WindowsWhile testing the ESR68-based updater on Windows, Kathy and I found a Windows toolchain problem. We tested using our own 64-bit build (rbm nightly build process) on a Windows 10 system.
We discovered that file paths generated using form...While testing the ESR68-based updater on Windows, Kathy and I found a Windows toolchain problem. We tested using our own 64-bit build (rbm nightly build process) on a Windows 10 system.
We discovered that file paths generated using format strings are corrupted. Specifically, calls to `NS_tsnprintf()` do not work correctly; apparently, because that is a "wide" function a `%s` when used in the format string is supposed to mean "expect the arg to be of type WCHAR *". Instead, the args are processed as C-style strings which means they get truncated after the first character (at least when using characters that fit within the first 256 Unicode codepoints).
`NS_tsnprintf()` is a macro that is defined in toolkit/mozapps/update/common/updatedefines.h (all of the code that uses it is related to the updater). We first noticed that problem when we saw a failure inside updater.cpp's `WriteToFile()` function. The following code from that function fails because it tries to move `filename` to a bad path.
```
#if defined(XP_WIN)
NS_tchar dstfilename[MAXPATHLEN] = {NS_T('\0')};
NS_tsnprintf(dstfilename, sizeof(dstfilename) / sizeof(dstfilename[0]),
NS_T("%s\\%s"), gPatchDirPath, aFilename);
if (MoveFileExW(filename, dstfilename, MOVEFILE_REPLACE_EXISTING) == 0) {
return false;
}
#endif
```
The computed path is `C\u` (the first character from `gPatchDirPath` followed by the \ and then the first character of `aFilename`).
On Windows, `NS_tsnprintf()` is defined as `mywcsprintf` which is an inline function that uses `_vsnwprintf()`. We have not traced this bug deeper than that point, but we did verify that the problems disappear if we replace all occurrences of `%s` with `%S` in the `NS_tsnprintf()` format strings. That is a very ugly fix though, and it would be wrong on macOS and Linux.Georg KoppenGeorg Koppenhttps://gitlab.torproject.org/legacy/trac/-/issues/31294Sign Tor Browser releases with an OpenPGP tool that includes Issuer Fingerpri...2020-06-16T01:06:01ZboklmSign Tor Browser releases with an OpenPGP tool that includes Issuer Fingerprint subpackets#31292 has details about the issue. This ticket is for the Tor Browser signatures, while #31292 is for the Tor source tarballs signatures.#31292 has details about the issue. This ticket is for the Tor Browser signatures, while #31292 is for the Tor source tarballs signatures.Georg KoppenGeorg Koppenhttps://gitlab.torproject.org/legacy/trac/-/issues/31134Reenable Graphite for font rendering2020-06-16T01:05:39ZGeorg KoppenReenable Graphite for font renderingWe disabled using Graphite for font rendering (after trying to reenable it) back in #21726 for security reasons. Things have settled down it seems. Thus, we should reenable it and put it back on the security slider this time.We disabled using Graphite for font rendering (after trying to reenable it) back in #21726 for security reasons. Things have settled down it seems. Thus, we should reenable it and put it back on the security slider this time.Georg KoppenGeorg Koppenhttps://gitlab.torproject.org/legacy/trac/-/issues/31129Use Debian 10 for our macOS container images2020-06-16T01:05:35ZGeorg KoppenUse Debian 10 for our macOS container imagesWe should switch to Debian 10 for our macOS builds.We should switch to Debian 10 for our macOS builds.Georg KoppenGeorg Koppenhttps://gitlab.torproject.org/legacy/trac/-/issues/31128Use Debian 10 for our Windows container images2020-06-16T01:05:34ZGeorg KoppenUse Debian 10 for our Windows container imagesWe should switch to Debian 10 for our Windows builds.We should switch to Debian 10 for our Windows builds.Georg KoppenGeorg Koppenhttps://gitlab.torproject.org/legacy/trac/-/issues/30788Ship Malay (ms) Tor Browser in alpha series2020-06-16T01:04:49ZemmapeelShip Malay (ms) Tor Browser in alpha seriesWe can add this to test to alpha. yay!We can add this to test to alpha. yay!Georg KoppenGeorg Koppenhttps://gitlab.torproject.org/legacy/trac/-/issues/30787Ship Lithuanian Tor Browser in alpha series2020-06-16T01:04:49ZemmapeelShip Lithuanian Tor Browser in alpha seriesYes! Lithuanian is already translated too.yay!Yes! Lithuanian is already translated too.yay!Georg KoppenGeorg Koppenhttps://gitlab.torproject.org/legacy/trac/-/issues/30786Ship Thai Tor Browser in alpha series2020-06-16T01:04:48ZemmapeelShip Thai Tor Browser in alpha seriesAfter the localization lab sprint, the Tor Browser locale files have been translated to Thai.
please add them for testing to alpha!After the localization lab sprint, the Tor Browser locale files have been translated to Thai.
please add them for testing to alpha!Georg KoppenGeorg Koppenhttps://gitlab.torproject.org/legacy/trac/-/issues/29844Make sure that all torbutton branches give AB-CD instead of AB_CD2020-06-16T01:01:56ZemmapeelMake sure that all torbutton branches give AB-CD instead of AB_CDwe need to consistently change to bn-BD along the repo and any other "AB_CD" style locale we needwe need to consistently change to bn-BD along the repo and any other "AB_CD" style locale we needGeorg KoppenGeorg Koppenhttps://gitlab.torproject.org/legacy/trac/-/issues/29872Searching from about:tor cause a NoScript XSS warning popup2020-06-16T01:01:49ZboklmSearching from about:tor cause a NoScript XSS warning popupUsing the duckduckgo search box on the about:tor page is causing a NoScript XSS warning window to open.Using the duckduckgo search box on the about:tor page is causing a NoScript XSS warning window to open.Georg KoppenGeorg Koppenhttps://gitlab.torproject.org/legacy/trac/-/issues/29614Use SHA-256 algorithm for Windows timestamping2020-06-16T01:01:17ZGeorg KoppenUse SHA-256 algorithm for Windows timestampingWe switched to using SHA-256 for the authenticode signature but we should use that hash algo for the timestamp as well (currently that's still SHA-1)We switched to using SHA-256 for the authenticode signature but we should use that hash algo for the timestamp as well (currently that's still SHA-1)Georg KoppenGeorg Koppenhttps://gitlab.torproject.org/legacy/trac/-/issues/29239TBA: Don't ship torbutton xpi2020-06-16T01:00:37ZMatthew FinkelTBA: Don't ship torbutton xpiDuring the packaging stage, we bundle `torbutton@torproject.org.xpi`, but it's already being included in chrome. We can probably save some bytes in the resulting apk.
```
1:43.95 16559236 assets/features/torbutton@torproject.org.xpi (O...During the packaging stage, we bundle `torbutton@torproject.org.xpi`, but it's already being included in chrome. We can probably save some bytes in the resulting apk.
```
1:43.95 16559236 assets/features/torbutton@torproject.org.xpi (OK)
```
```
$ ls obj-x86-linux-android/dist/fennec/features/
torbutton@torproject.org.xpi
```
I think this is caused by the following in torbutton's moz.build:
```
FINAL_TARGET_FILES.features['torbutton@torproject.org'] += [
'src/install.rdf'
]
```Georg KoppenGeorg Koppenhttps://gitlab.torproject.org/legacy/trac/-/issues/28261Please provide the english language strings for Torbutton under "en-US" and n...2020-06-16T00:53:00ZGeorg KoppenPlease provide the english language strings for Torbutton under "en-US" and not "en" as it is nowWe ship "en-US" bundles, yet the language strings are under "en" in Torbutton. That leads to hacks like the one igt0 tried in #25013. We should fix the root cause here, though, which is that the language strings should be located under "...We ship "en-US" bundles, yet the language strings are under "en" in Torbutton. That leads to hacks like the one igt0 tried in #25013. We should fix the root cause here, though, which is that the language strings should be located under "en-US" given that there is no standalone Torbutton and there are no "en" bundles we distributeGeorg KoppenGeorg Koppenhttps://gitlab.torproject.org/legacy/trac/-/issues/18950Disable or audit Reader View in ESR 452020-06-16T00:49:33ZGeorg KoppenDisable or audit Reader View in ESR 45Firefox ships with a new feature, Reader View (https://support.mozilla.org/en-US/kb/firefox-reader-view-clutter-free-web-pages). We should audit it or disable it for the time being if we don't get to that.Firefox ships with a new feature, Reader View (https://support.mozilla.org/en-US/kb/firefox-reader-view-clutter-free-web-pages). We should audit it or disable it for the time being if we don't get to that.Georg KoppenGeorg Koppenhttps://gitlab.torproject.org/legacy/trac/-/issues/16333Make sure IndexedDB is disabled from worker code2020-06-16T00:47:23ZGeorg KoppenMake sure IndexedDB is disabled from worker codeIndexedDB is available to WebWorkers. We should verify it remains disabled. https://bugzilla.mozilla.org/show_bug.cgi?id=701634 has the implementation details.IndexedDB is available to WebWorkers. We should verify it remains disabled. https://bugzilla.mozilla.org/show_bug.cgi?id=701634 has the implementation details.Georg KoppenGeorg Koppenhttps://gitlab.torproject.org/legacy/trac/-/issues/25867Update this part of the TB design doc2020-06-16T00:45:44ZcypherpunksUpdate this part of the TB design dochttps://www.torproject.org/projects/torbrowser/design/#other-security
```
network.jar.block-remote-files is set to true. Mozilla tried to block remote JAR files in Firefox 45 but needed to revert that decision due to breaking IBM's iNot...https://www.torproject.org/projects/torbrowser/design/#other-security
```
network.jar.block-remote-files is set to true. Mozilla tried to block remote JAR files in Firefox 45 but needed to revert that decision due to breaking IBM's iNotes. While Mozilla is working on getting this disabled again we take the protective stance already now and block remote JAR files even on the low security level.
```
Since https://bugzilla.mozilla.org/show_bug.cgi?id=1329336 has been fixed
(See https://bugzilla.mozilla.org/show_bug.cgi?id=1427726 as well but that's for the future 67 ESR.)Georg KoppenGeorg Koppenhttps://gitlab.torproject.org/legacy/trac/-/issues/16010Get a working content process sandbox for Tor Browser on Windows2020-06-15T23:47:43ZGeorg KoppenGet a working content process sandbox for Tor Browser on WindowsWe are about to compile Tor Browser for Windows with `--disable-sandbox` as it breaks with mingw-w64 otherwise (https://bugzilla.mozilla.org/show_bug.cgi?id=1042426). One of the main problems is that SEH is not available in GCC mainly du...We are about to compile Tor Browser for Windows with `--disable-sandbox` as it breaks with mingw-w64 otherwise (https://bugzilla.mozilla.org/show_bug.cgi?id=1042426). One of the main problems is that SEH is not available in GCC mainly due to patent issues (See: https://gcc.gnu.org/wiki/WindowsGCCImprovements section Structured Exception Handling (SEH)). According to Jacek the patent expired but still there has no one written the proper code for GCC yet.
We might want to think about ways to get that fixed for us by third parties I guess.Georg KoppenGeorg Koppenhttps://gitlab.torproject.org/legacy/trac/-/issues/23439Exempt .onion domains from mixed content warnings2020-06-15T23:47:17ZGeorg KoppenExempt .onion domains from mixed content warningsPart one of getting .onions exempted for the HTTPS requirement for secure contexts was done in #21321. Now we want to extend that to mixed content settings as well. See: https://bugzilla.mozilla.org/show_bug.cgi?id=1382359 for the Mozill...Part one of getting .onions exempted for the HTTPS requirement for secure contexts was done in #21321. Now we want to extend that to mixed content settings as well. See: https://bugzilla.mozilla.org/show_bug.cgi?id=1382359 for the Mozilla bug.Georg KoppenGeorg Koppen