Trac issueshttps://gitlab.torproject.org/legacy/trac/-/issues2020-06-16T00:44:08Zhttps://gitlab.torproject.org/legacy/trac/-/issues/18912add automated tests for updater cert pinning2020-06-16T00:44:08ZMark Smithadd automated tests for updater cert pinningThis is a spinoff of #17442. We want to add automated tests to ensure that we notice if Mozilla changes something that breaks the updater cert pinning.This is a spinoff of #17442. We want to add automated tests to ensure that we notice if Mozilla changes something that breaks the updater cert pinning.Mark SmithMark Smithhttps://gitlab.torproject.org/legacy/trac/-/issues/18855Add-on directory clean-up error after update check2020-06-15T23:34:38ZGeorg KoppenAdd-on directory clean-up error after update checkIt seems we get an error after the add-on update check with ESR45:
```
1461145678000 addons.xpi ERROR Failed to clean updated system add-ons directories.: Unix error 2 during operation DirectoryIterator.prototype.next on file /path/to/to...It seems we get an error after the add-on update check with ESR45:
```
1461145678000 addons.xpi ERROR Failed to clean updated system add-ons directories.: Unix error 2 during operation DirectoryIterator.prototype.next on file /path/to/tor-browser/Browser/TorBrowser/Data/Browser/profile.default/features (file or directory not found) ((unknown module)) No traceback available
```Mark SmithMark Smithhttps://gitlab.torproject.org/legacy/trac/-/issues/18886consider removing Pocket2020-06-15T23:34:44ZMark Smithconsider removing PocketFirefox 45 ESR includes Pocket client code and UI. We may want to remove it, since it encourages use of a third party service that we do not know much about.
Maybe all we need to do is set extensions.pocket.enabled = false to disable it...Firefox 45 ESR includes Pocket client code and UI. We may want to remove it, since it encourages use of a third party service that we do not know much about.
Maybe all we need to do is set extensions.pocket.enabled = false to disable it.
It is also worth noting that for Firefox 46, the Pocket code has been pulled out of the core browser and moved to a system extension (see https://bugzilla.mozilla.org/show_bug.cgi?id=1215694)Arthur EdelsteinArthur Edelsteinhttps://gitlab.torproject.org/legacy/trac/-/issues/19047Disable Heartbeat prompts in Tor Browser2020-06-16T00:48:56ZGeorg KoppenDisable Heartbeat prompts in Tor Browserhttps://bugzilla.mozilla.org/show_bug.cgi?id=1196104 implements Heartbeat prompts for PBM. We should make sure this is disabled to not confuse our users.https://bugzilla.mozilla.org/show_bug.cgi?id=1196104 implements Heartbeat prompts for PBM. We should make sure this is disabled to not confuse our users.https://gitlab.torproject.org/legacy/trac/-/issues/18885Disable logging of TLS/SSL key material by default in Tor Browser2020-06-15T23:42:27ZGeorg KoppenDisable logging of TLS/SSL key material by default in Tor BrowserWe should think about backporting the fix for https://bugzilla.mozilla.org/show_bug.cgi?id=1183318 as another defense-in-depth measure.We should think about backporting the fix for https://bugzilla.mozilla.org/show_bug.cgi?id=1183318 as another defense-in-depth measure.Georg KoppenGeorg Koppenhttps://gitlab.torproject.org/legacy/trac/-/issues/18945Disable monitoring the connected state of Tor Browser users2020-06-15T23:34:57ZGeorg KoppenDisable monitoring the connected state of Tor Browser users`network.manage-offline-status` should be set to `false` again in order to disable monitoring the connected state of users. (basically enabling the status quo ante).`network.manage-offline-status` should be set to `false` again in order to disable monitoring the connected state of users. (basically enabling the status quo ante).Mark SmithMark Smithhttps://gitlab.torproject.org/legacy/trac/-/issues/18950Disable or audit Reader View in ESR 452020-06-16T00:49:33ZGeorg KoppenDisable or audit Reader View in ESR 45Firefox ships with a new feature, Reader View (https://support.mozilla.org/en-US/kb/firefox-reader-view-clutter-free-web-pages). We should audit it or disable it for the time being if we don't get to that.Firefox ships with a new feature, Reader View (https://support.mozilla.org/en-US/kb/firefox-reader-view-clutter-free-web-pages). We should audit it or disable it for the time being if we don't get to that.Georg KoppenGeorg Koppenhttps://gitlab.torproject.org/legacy/trac/-/issues/18597Enhance performance timing tests for esr452020-06-15T23:34:07ZGeorg KoppenEnhance performance timing tests for esr45We currently have tests for making sure the Navigation Timing and Resource Timing APIs are disabled. We should enhance these tests to make sure
a) the `getEntries` methods are not working to get timing information back (done in the reso...We currently have tests for making sure the Navigation Timing and Resource Timing APIs are disabled. We should enhance these tests to make sure
a) the `getEntries` methods are not working to get timing information back (done in the resource timing test)
b) the Performance Observer (https://bugzilla.mozilla.org/show_bug.cgi?id=1165796) does not provide a way to get this data
c) write a corresponding test for the User Timing API (we had #16336 for disabling the preference).boklmboklmhttps://gitlab.torproject.org/legacy/trac/-/issues/19176Language packs are not rezipped deterministically2020-06-15T23:35:22ZGeorg KoppenLanguage packs are not rezipped deterministicallyMy patch for #18915 forgot to use our deterministic zip wrapper and used `zip` directly with foreseeable results.My patch for #18915 forgot to use our deterministic zip wrapper and used `zip` directly with foreseeable results.https://gitlab.torproject.org/legacy/trac/-/issues/18904Mac OS: meek-http-helper profile not updated2020-06-13T18:32:23ZMark SmithMac OS: meek-http-helper profile not updatedAfter the changes from #13252 and related tickets were merged, on Mac OS a template is used to create the meek-http-helper browser profile. Unfortunately, the meek-client-torbrowser code that Kathy and I wrote to copy files does not acco...After the changes from #13252 and related tickets were merged, on Mac OS a template is used to create the meek-http-helper browser profile. Unfortunately, the meek-client-torbrowser code that Kathy and I wrote to copy files does not account for the fact that files within the template may change during a Tor Browser update (it only copies files if the profile.meek-http-helper directory does not exist).Mark SmithMark Smithhttps://gitlab.torproject.org/legacy/trac/-/issues/19115Make sure Tor Browser 6.0 is not falling back to Bing as its search engine2020-06-15T23:35:18ZGeorg KoppenMake sure Tor Browser 6.0 is not falling back to Bing as its search engineDisconnect does not have access to Google search results anymore. At least not at the moment. The fallback is Bing which gives a horrible search experience to our users. We should make sure that this does not happen in Tor Browser 6.0.
...Disconnect does not have access to Google search results anymore. At least not at the moment. The fallback is Bing which gives a horrible search experience to our users. We should make sure that this does not happen in Tor Browser 6.0.
Some options are:
1) Go back to Startpage (at least temporarily) for Google results
2) Switch to DuckDuckGo directly
3) Use Disconnect but set DuckDuckGo as the engine delivering the search results.https://gitlab.torproject.org/legacy/trac/-/issues/18811Our first-party isolation patch incorrectly rejects blobs retrieved in workers2020-06-15T23:34:33ZArthur EdelsteinOur first-party isolation patch incorrectly rejects blobs retrieved in workersWhen isolation is enabled, blobs retrieved by an XHR inside a worker are rejected even when the blob's first party matches the worker's first party. I found that the regression was caused by this Mozilla patch:
https://hg.mozilla.org/moz...When isolation is enabled, blobs retrieved by an XHR inside a worker are rejected even when the blob's first party matches the worker's first party. I found that the regression was caused by this Mozilla patch:
https://hg.mozilla.org/mozilla-central/diff/12a852867c16/dom/base/nsXMLHttpRequest.cpp#l1694
Because of the Mozilla patch, when we are in a worker, NS_NewChannel is no longer passed a document, so our patch code in `nsHostObjectProtocolHandler::NewChannel2` is not able to obtain the correct first party. Therefore the blob URI is rejected even if the first party of the worker matches. I haven't yet figured out how to fix this problem.Arthur EdelsteinArthur Edelsteinhttps://gitlab.torproject.org/legacy/trac/-/issues/19121reinstate the update.xml hash check2020-06-15T23:35:19ZMark Smithreinstate the update.xml hash checkWhile working on #18912, Kathy and I discovered the following Mozilla change that causes the update.xml hash check to be skipped when signed MAR files are in use (this change shipped in Firefox 43):
https://bugzilla.mozilla.org/show_bug....While working on #18912, Kathy and I discovered the following Mozilla change that causes the update.xml hash check to be skipped when signed MAR files are in use (this change shipped in Firefox 43):
https://bugzilla.mozilla.org/show_bug.cgi?id=862173
I think the our philosophy is different than Mozilla's and that we probably want to reinstate the hash check. Mike and Georg, do you agree?Mark SmithMark Smithhttps://gitlab.torproject.org/legacy/trac/-/issues/18944Remove block-malicious-sites-checkbox on TLS error page2020-06-15T23:34:57ZGeorg KoppenRemove block-malicious-sites-checkbox on TLS error pageIf a secure connection failed the error page contains a checkbox stating "Report errors like this to help Mozilla identify and block malicious sites". We don't want to do this.If a secure connection failed the error page contains a checkbox stating "Report errors like this to help Mozilla identify and block malicious sites". We don't want to do this.Georg KoppenGeorg Koppenhttps://gitlab.torproject.org/legacy/trac/-/issues/18546Review networking code for Firefox 452020-06-15T23:33:55ZGeorg KoppenReview networking code for Firefox 45We should review the networking code for Firefox 45 to make sure the are no Tor bypasses.We should review the networking code for Firefox 45 to make sure the are no Tor bypasses.Mike PerryMike Perryhttps://gitlab.torproject.org/legacy/trac/-/issues/18884Rip Firefox Hello Beta / Loop extension in ESR45 based Tor Browser2020-06-15T23:34:43ZGeorg KoppenRip Firefox Hello Beta / Loop extension in ESR45 based Tor BrowserWe should think about getting rid of the Hello/Loop extension. As gacar mentioned (https://lists.torproject.org/pipermail/tor-qa/2016-April/000809.html) it is quite large (1.6 MB) and is probably not running anyway as we are disable WebR...We should think about getting rid of the Hello/Loop extension. As gacar mentioned (https://lists.torproject.org/pipermail/tor-qa/2016-April/000809.html) it is quite large (1.6 MB) and is probably not running anyway as we are disable WebRTC at compile time and Firefox Hello is not active either.Arthur EdelsteinArthur Edelsteinhttps://gitlab.torproject.org/legacy/trac/-/issues/18619TBB/ESR45 reports "InvalidStateError" in browser console2020-06-16T00:43:58ZArthur EdelsteinTBB/ESR45 reports "InvalidStateError" in browser consoleAn `InvalidStateError` appears in the browser console, unfortunately with no source filename or line number (only the word `<unknown>` for source). I tracked this error down to our setting the pref "dom.indexedDB.enabled" to false in `00...An `InvalidStateError` appears in the browser console, unfortunately with no source filename or line number (only the word `<unknown>` for source). I tracked this error down to our setting the pref "dom.indexedDB.enabled" to false in `000-tor-browser.js`. I haven't yet found where the error is being produced, but I presume it is a `.jsm` or `.js` file somewhere in the Firefox codebase, attempting to use an indexedDB.https://gitlab.torproject.org/legacy/trac/-/issues/19065Tor Browser icon not visible anymore in upper left corner on Linux since 05/132020-06-15T23:35:15ZGeorg KoppenTor Browser icon not visible anymore in upper left corner on Linux since 05/13The nightly build from May 09 is the last one still showing the Tor Browser icon in the upper left corner of browser windows/dialogs. The nightly from May 13 is the first one that just shows a placeholder icon on Linux.The nightly build from May 09 is the last one still showing the Tor Browser icon in the upper left corner of browser windows/dialogs. The nightly from May 13 is the first one that just shows a placeholder icon on Linux.Georg KoppenGeorg Koppen