Trac issueshttps://gitlab.torproject.org/legacy/trac/-/issues2022-09-01T23:00:14Zhttps://gitlab.torproject.org/legacy/trac/-/issues/28704Compile Tor and dependencies on our own for Android2022-09-01T23:00:14ZGeorg KoppenCompile Tor and dependencies on our own for AndroidCurrently we are building just Orbot in `tor-browser-build` and fetching the dependencies as we need them. We should at least build Tor and its dependencies on our own, integrating Android specific build logic into our projects we alread...Currently we are building just Orbot in `tor-browser-build` and fetching the dependencies as we need them. We should at least build Tor and its dependencies on our own, integrating Android specific build logic into our projects we already have (like OpenSSL, Libevent etc.).
This is the parent ticket for that task.Shane IsbellShane Isbellhttps://gitlab.torproject.org/legacy/trac/-/issues/32027Bump version of Go to 1.13+2022-09-01T23:00:13ZCecylia BocovichBump version of Go to 1.13+We're going to need it eventually for newer versions of pion/webrtc, and there's a nice feature in to log package that allows us to pass the log output writer to libraries.We're going to need it eventually for newer versions of pion/webrtc, and there's a nice feature in to log package that allows us to pass the log output writer to libraries.boklmboklmhttps://gitlab.torproject.org/legacy/trac/-/issues/33856Set browser.privatebrowsing.forceMediaMemoryCache=true2020-06-24T11:43:52ZrichardSet browser.privatebrowsing.forceMediaMemoryCache=trueNew pref added to disable disk caching of video in private browsing mode.
Relevant ticket:
- https://bugzilla.mozilla.org/show_bug.cgi?id=1532486New pref added to disable disk caching of video in private browsing mode.
Relevant ticket:
- https://bugzilla.mozilla.org/show_bug.cgi?id=1532486Mark SmithMark Smithhttps://gitlab.torproject.org/legacy/trac/-/issues/31161Document usage and setup of Android signing token2020-06-16T01:26:59ZGeorg KoppenDocument usage and setup of Android signing tokenWe have documentation in `tor-browser-spec` about setting up our Windows signing token and should do the same for the Android one.
We could add the relevant instructions for using the whole setup on our actual signing machine in a separ...We have documentation in `tor-browser-spec` about setting up our Windows signing token and should do the same for the Android one.
We could add the relevant instructions for using the whole setup on our actual signing machine in a separate commit within this ticket's scope.Matthew FinkelMatthew Finkelhttps://gitlab.torproject.org/legacy/trac/-/issues/29615Adjust creation of buildID script2020-06-16T01:25:30ZGeorg KoppenAdjust creation of buildID scriptWe should adjust the creation of our build ID script to make sure we have a larger space using the months available (currently Tor Browser 17 is the last major version that produces valid buildIDs). And we should think about a good way t...We should adjust the creation of our build ID script to make sure we have a larger space using the months available (currently Tor Browser 17 is the last major version that produces valid buildIDs). And we should think about a good way to implement something where we don't need to worry about the buildID creation in the future anymore.https://gitlab.torproject.org/legacy/trac/-/issues/34377Port padlock states for .onion services to Fenix2020-06-16T01:13:16ZGeorg KoppenPort padlock states for .onion services to Fenix#26690 ported the padlock states for onions to mobile. We need to redo that for Fenix.#26690 ported the padlock states for onions to mobile. We need to redo that for Fenix.https://gitlab.torproject.org/legacy/trac/-/issues/34193Audit the U2F API2020-06-16T01:13:01ZAlex CatarineuAudit the U2F APISimilar to #26614, we should audit the `U2F` API implementation that is enabled with the `security.webauth.u2f` pref.Similar to #26614, we should audit the `U2F` API implementation that is enabled with the `security.webauth.u2f` pref.https://gitlab.torproject.org/legacy/trac/-/issues/33965Uplift 27604: Fix addon issues when moving TB directory2020-06-16T01:12:42ZAlex CatarineuUplift 27604: Fix addon issues when moving TB directoryThis is https://bugzilla.mozilla.org/show_bug.cgi?id=1429838, which did not get much attention by mozilla. But we can try attaching our patch and see if there's some progress.This is https://bugzilla.mozilla.org/show_bug.cgi?id=1429838, which did not get much attention by mozilla. But we can try attaching our patch and see if there's some progress.Alex CatarineuAlex Catarineuhttps://gitlab.torproject.org/legacy/trac/-/issues/33964Consider uplifting 21537: Mark .onion cookies as secure2020-06-16T01:12:41ZAlex CatarineuConsider uplifting 21537: Mark .onion cookies as secureAssuming that adapting the patch for newer Firefox versions was done correctly in #33533, now the patch is just a single [line](https://github.com/acatarineu/tor-browser/commit/53dad612587427817197d6bc2559285cc65ae238), which might be ea...Assuming that adapting the patch for newer Firefox versions was done correctly in #33533, now the patch is just a single [line](https://github.com/acatarineu/tor-browser/commit/53dad612587427817197d6bc2559285cc65ae238), which might be easy to uplift.https://gitlab.torproject.org/legacy/trac/-/issues/33963Uplift test for 21321 (Add test for .onion whitelisting)2020-06-16T01:12:41ZAlex CatarineuUplift test for 21321 (Add test for .onion whitelisting)It's just making sure that `dom.securecontext.whitelist_onions` is set to `false`, which should not affect Firefox.It's just making sure that `dom.securecontext.whitelist_onions` is set to `false`, which should not affect Firefox.Alex CatarineuAlex Catarineuhttps://gitlab.torproject.org/legacy/trac/-/issues/33962Uplift patch for 5741 (dns leak protection)2020-06-16T01:12:41ZAlex CatarineuUplift patch for 5741 (dns leak protection)This should probably be under the `--enable-proxy-bypass-protection` flag.This should probably be under the `--enable-proxy-bypass-protection` flag.Alex CatarineuAlex Catarineuhttps://gitlab.torproject.org/legacy/trac/-/issues/33961Uplift patch for "21830: Copying large text from web console leaks to /tmp"2020-06-16T01:12:40ZAlex CatarineuUplift patch for "21830: Copying large text from web console leaks to /tmp"Bugzilla is https://bugzilla.mozilla.org/show_bug.cgi?id=1433030. We can somehow try to make progress on that.Bugzilla is https://bugzilla.mozilla.org/show_bug.cgi?id=1433030. We can somehow try to make progress on that.https://gitlab.torproject.org/legacy/trac/-/issues/33960Uplift patch for "32414: Make Services.search.addEngine obey FPI"2020-06-16T01:12:40ZAlex CatarineuUplift patch for "32414: Make Services.search.addEngine obey FPI"Alex CatarineuAlex Catarineuhttps://gitlab.torproject.org/legacy/trac/-/issues/33954Consider different approach for "2176: Rebrand Firefox to TorBrowser "2020-06-16T01:12:39ZAlex CatarineuConsider different approach for "2176: Rebrand Firefox to TorBrowser "The current patch replaces all occurrences of `branding/brand.ftl` with `branding/tor-browser-brand.ftl`. This means that many files are touched by the patch (increasing chances of rebase conflict), and whenever Firefox adds new instance...The current patch replaces all occurrences of `branding/brand.ftl` with `branding/tor-browser-brand.ftl`. This means that many files are touched by the patch (increasing chances of rebase conflict), and whenever Firefox adds new instances of `branding/brand.ftl` we need to modify the patch to also cover those.
I think we should try a different approach to keep all instances of `branding/brand.ftl` untouched, and do the `branding/brand.ftl` -> `branding/tor-browser-brand.ftl` remapping somewhere else, and just in a single place.
One way would be to force the Fluent `FileSource` that we register in torbutton to take precedence over any other source and rename `tor-browser-brand.ftl` to `brand.ftl`, to override Firefox one (including langpacks).
We probably would need to do this in [L10nRegistry.js](https://searchfox.org/mozilla-central/rev/3446310d6cc5c85cde16a82eccf560e9b71a3d44/intl/l10n/L10nRegistry.jsm#141), but I would need to investigate a bit more.https://gitlab.torproject.org/legacy/trac/-/issues/33867Disable password manager and password generation2020-06-16T01:12:28ZrichardDisable password manager and password generationDisable the integrated password manager and password generation feature as part of disk avoidance.
Feature documentation: https://wiki.mozilla.org/Toolkit:Password_Manager/Password_Generation
Set preferences:
- signon.generation.avail...Disable the integrated password manager and password generation feature as part of disk avoidance.
Feature documentation: https://wiki.mozilla.org/Toolkit:Password_Manager/Password_Generation
Set preferences:
- signon.generation.available=false
- signon.generation.enabled=falsehttps://gitlab.torproject.org/legacy/trac/-/issues/33866Add Onion Service info to new cert viewer2020-06-16T01:12:28ZrichardAdd Onion Service info to new cert viewerwhen security.aboutcertificate.enabled is true (now the default in Firefox) the new cert viewer UI is enabled. As part of #23247 we added 'Onion Service' string to security/encryption info for onion services, so we will need to replicate...when security.aboutcertificate.enabled is true (now the default in Firefox) the new cert viewer UI is enabled. As part of #23247 we added 'Onion Service' string to security/encryption info for onion services, so we will need to replicate this change in the new UI.https://gitlab.torproject.org/legacy/trac/-/issues/33865Maybe disable all auto-play2020-06-16T01:12:27ZrichardMaybe disable all auto-playIf we set media.autoplay.default=5 audio and video become click to play (0> allow all, 1 => block audio, 5 => block audio+video). Seems like a good default for tor network in general from a bandwidth perspective?If we set media.autoplay.default=5 audio and video become click to play (0> allow all, 1 => block audio, 5 => block audio+video). Seems like a good default for tor network in general from a bandwidth perspective?https://gitlab.torproject.org/legacy/trac/-/issues/33862Fix usages of createTransport API2020-06-16T01:12:27ZAlex CatarineuFix usages of createTransport APIThere was a nsISocketTransportService breaking change in https://bugzilla.mozilla.org/show_bug.cgi?id=1558726. We have to fix those in torbutton and tor-launcher.There was a nsISocketTransportService breaking change in https://bugzilla.mozilla.org/show_bug.cgi?id=1558726. We have to fix those in torbutton and tor-launcher.https://gitlab.torproject.org/legacy/trac/-/issues/33855Don't use site's icon as window icon in Windows when in private browsing mode2020-06-16T01:12:25ZrichardDon't use site's icon as window icon in Windows when in private browsing modeWhen the browser is in site-specific browser mode the app browser icon is set to the website's favicon. This icon presumably is cached somewhere by the operating system, so we should not expose the icon in this fashion when in private br...When the browser is in site-specific browser mode the app browser icon is set to the website's favicon. This icon presumably is cached somewhere by the operating system, so we should not expose the icon in this fashion when in private browsing mode.
This mode can be accessed when:
- browser.ssb.enabled = true
Relevant ticket:
- https://bugzilla.mozilla.org/show_bug.cgi?id=1602194https://gitlab.torproject.org/legacy/trac/-/issues/33854Spoof Network ID2020-06-16T01:12:25ZrichardSpoof Network IDMozilla 1561005 added a unique string identifier to `nsINetworkLinkService.idl`. It's at least partially based off of a hash of the user's IP and MAC address. It's not clear to me what it's used for, but we should probably stub out the i...Mozilla 1561005 added a unique string identifier to `nsINetworkLinkService.idl`. It's at least partially based off of a hash of the user's IP and MAC address. It's not clear to me what it's used for, but we should probably stub out the implementations.
Relevant ticket:
- https://bugzilla.mozilla.org/show_bug.cgi?id=1561005