fenix merge requestshttps://gitlab.torproject.org/tpo/applications/fenix/-/merge_requests2023-04-13T11:54:14Zhttps://gitlab.torproject.org/tpo/applications/fenix/-/merge_requests/167Backport Android-specific security fixes from Firefox 112 to ESR 102.10-based...2023-04-13T11:54:14ZrichardBackport Android-specific security fixes from Firefox 112 to ESR 102.10-based Tor Browser (fenix.git)## Merge Info
<!-- Bookkeeping information for release management -->
### Related Issues
- tor-browser#41724
### Backport Timeline
- [ ] **Immediate** - patchsets for critical bug fixes or other major blocker (e.g. fixes for a 0-d...## Merge Info
<!-- Bookkeeping information for release management -->
### Related Issues
- tor-browser#41724
### Backport Timeline
- [ ] **Immediate** - patchsets for critical bug fixes or other major blocker (e.g. fixes for a 0-day exploit) OR patchsets with trivial changes which do not need testing (e.g. fixes for typos or fixes easily verified in a local developer build)
- [ ] **Next Minor Stable Release** - patchset that needs to be verified in nightly before backport
- [ ] **Eventually** - patchset that needs to be verified in alpha before backport
- [x] **No Backport** - patchset for the next major stable
### Issue Tracking
- [x] Link resolved issues with appropriate [Release Prep issue](https://gitlab.torproject.org/groups/tpo/applications/-/issues/?sort=updated_desc&state=opened&label_name%5B%5D=Release%20Prep&first_page_size=20) for changelog generation
## Change Description
Backports the fixes for:
- https://www.mozilla.org/en-US/security/advisories/mfsa2023-13/#CVE-2023-29534
- https://github.com/mozilla-mobile/firefox-android/commit/01042630c06dd25d529aa7edd73de1172676361a
- https://www.mozilla.org/en-US/security/advisories/mfsa2023-13/#CVE-2023-29546
- https://github.com/mozilla-mobile/firefox-android/commit/0b9a5cc0f5aa8701cb71a598c56e88b2af2fa653richardrichardhttps://gitlab.torproject.org/tpo/applications/fenix/-/merge_requests/166Bug 41684: Android improvements for local dev builds2023-03-21T17:36:43ZPier Angelo VendrameBug 41684: Android improvements for local dev buildsAdded a script to fetch the Tor dependencies from tor-browser-build, and print the name of the signed apk.
Related to tor-browser#41684Added a script to fetch the Tor dependencies from tor-browser-build, and print the name of the signed apk.
Related to tor-browser#41684Pier Angelo VendramePier Angelo Vendramehttps://gitlab.torproject.org/tpo/applications/fenix/-/merge_requests/165Bug 41679: Backport Android-specific security fixes from Firefox 111 to ESR 1...2023-03-16T12:24:03ZrichardBug 41679: Backport Android-specific security fixes from Firefox 111 to ESR 102.9-based Tor Browser (fenix portion)This one wasn't too bad since it's in the same repo at least. Majority of conflicts were in test code (disabling broken tests upstream that we don't have or are already commented out).
This corresponds to the upstream commit range: `d8...This one wasn't too bad since it's in the same repo at least. Majority of conflicts were in test code (disabling broken tests upstream that we don't have or are already commented out).
This corresponds to the upstream commit range: `d834147aff423c3eac8f670f96cac112a23e46af` through `f91af61b4bb2a8c8bfd23ea48a21e43804b482ef`:
- https://github.com/mozilla-mobile/fenix/commit/f91af61b4bb2a8c8bfd23ea48a21e43804b482ef
- https://github.com/mozilla-mobile/fenix/commit/76c71758c0b898681a48e0bdbd52e735ccbc9325
- https://github.com/mozilla-mobile/fenix/commit/6428f96c4f6d96e39838ffea3cde72e6726cb80b
- https://github.com/mozilla-mobile/fenix/commit/14a81f18e5a5eb4775441ec5da5c91383916c0f5
- https://github.com/mozilla-mobile/fenix/commit/d834147aff423c3eac8f670f96cac112a23e46af
Did have to be a bit careful because they've likely auto-linted upstream which adds many (technically) necessary commas we didn't have but I think I caught them all.
Doing a testbuild on `tb-build-05` overnight and we'll find out I suppose.richardrichardhttps://gitlab.torproject.org/tpo/applications/fenix/-/merge_requests/164Bug 41185: Hide learn more about sync2023-01-13T17:43:06Zcypherpunks1Bug 41185: Hide learn more about syncFixes https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41185Fixes https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41185https://gitlab.torproject.org/tpo/applications/fenix/-/merge_requests/163Wait until Tor is connected to process intents2023-02-03T10:55:48ZTommy WebbWait until Tor is connected to process intentsPostpone external intents for opening links, searching, etc. until
Tor is connected. Ensure the browser still opens to the Home screen
when receiving such intents so that the user can get connected to Tor.
Issue: tpo/applications/tor-br...Postpone external intents for opening links, searching, etc. until
Tor is connected. Ensure the browser still opens to the Home screen
when receiving such intents so that the user can get connected to Tor.
Issue: tpo/applications/tor-browser#40536Tommy WebbTommy Webbhttps://gitlab.torproject.org/tpo/applications/fenix/-/merge_requests/162Draft: Rebase Fenix2022-12-06T14:23:20ZrichardDraft: Rebase Fenixpart of https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/40637
Only differences should be dropped the gitlab ci and tweaked order some of our XML to match the existing examples.part of https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/40637
Only differences should be dropped the gitlab ci and tweaked order some of our XML to match the existing examples.richardrichardhttps://gitlab.torproject.org/tpo/applications/fenix/-/merge_requests/161Bug 41471: Update targetSdkVersion to 312022-11-22T18:10:13ZPier Angelo VendrameBug 41471: Update targetSdkVersion to 31Cherry-picked https://github.com/mozilla-mobile/fenix/commit/6f0aea9fd9eef20526bfb31a963d6139b940a448.
Closes tor-browser#41471.Cherry-picked https://github.com/mozilla-mobile/fenix/commit/6f0aea9fd9eef20526bfb31a963d6139b940a448.
Closes tor-browser#41471.Pier Angelo VendramePier Angelo Vendramehttps://gitlab.torproject.org/tpo/applications/fenix/-/merge_requests/159Bug 41394: Implement a setting to always prefer onion sites2022-10-27T15:28:13ZPier Angelo VendrameBug 41394: Implement a setting to always prefer onion sitesPlumb up `privacy.prioritizeonions.enabled` and expose it to the users.
@dan this is the first time I plumb a Firefox preference to Fenix.
I was a bit worried about having the button not in sync with the preference.
If I understand co...Plumb up `privacy.prioritizeonions.enabled` and expose it to the users.
@dan this is the first time I plumb a Firefox preference to Fenix.
I was a bit worried about having the button not in sync with the preference.
If I understand correctly, we store the preferences in Fenix/Android store, and force Firefox to apply these values to preferences at each initialization of GV.
Fenix part of tor-browser#41394.
See also tor-browser!422 and android-components!88.Pier Angelo VendramePier Angelo Vendramehttps://gitlab.torproject.org/tpo/applications/fenix/-/merge_requests/158yec22 improvements: smaller Resistance change freedom text to avoid word wrap...2022-10-18T16:46:25ZDan Ballardyec22 improvements: smaller Resistance change freedom text to avoid word wrapping, smaller pill bg image componentfixing word wrapping in italian as seen in https://share.riseup.net/#2PokcPVZfeQLCOqNGI5oYg
new final looks like: https://share.riseup.net/#f25gqnj1Nxg8DiVBkCEMWAfixing word wrapping in italian as seen in https://share.riseup.net/#2PokcPVZfeQLCOqNGI5oYg
new final looks like: https://share.riseup.net/#f25gqnj1Nxg8DiVBkCEMWADan BallardDan Ballardhttps://gitlab.torproject.org/tpo/applications/fenix/-/merge_requests/157yec22 home fragment, theming, and timegate toggle2022-10-07T16:14:43ZDan Ballardyec22 home fragment, theming, and timegate toggle- tested by changing the yec timestamp so I could see i, then set it to the currently proposed launch date
- the page seems to corrupt when tor-browser has a fault, which on my build was when ever I tried to load a page
- I also retained...- tested by changing the yec timestamp so I could see i, then set it to the currently proposed launch date
- the page seems to corrupt when tor-browser has a fault, which on my build was when ever I tried to load a page
- I also retained the 99 branch if we want to merge this there as well?Dan BallardDan Ballardhttps://gitlab.torproject.org/tpo/applications/fenix/-/merge_requests/156Draft: Improvements for local builds2022-10-03T13:35:30ZPier Angelo VendrameDraft: Improvements for local builds1. Added Tor-related binary dependencies to .gitignore
2. Added a script to sign local TBA builds with the QA key from tor-browser-build.1. Added Tor-related binary dependencies to .gitignore
2. Added a script to sign local TBA builds with the QA key from tor-browser-build.Pier Angelo VendramePier Angelo Vendramehttps://gitlab.torproject.org/tpo/applications/fenix/-/merge_requests/155Bug 41160: One-time uninstall HTTPS Everywhere and force switch to HTTPS-Only.2022-10-08T20:58:01Zma1Bug 41160: One-time uninstall HTTPS Everywhere and force switch to HTTPS-Only.Fenix part of tor-browser#41160.
_Implemented as !amend commit in order to also replace the obsolete message with the following._
Modify add-on support
Bug 41160: One-time ultimate switch Tor Browser Android to HTTPS-Only.
Bug 41159: ...Fenix part of tor-browser#41160.
_Implemented as !amend commit in order to also replace the obsolete message with the following._
Modify add-on support
Bug 41160: One-time ultimate switch Tor Browser Android to HTTPS-Only.
Bug 41159: Remove HTTPS-Everywhere extension from Tor Browser Android.
Bug 41094: Enable HTTPS-Only Mode by default in Tor Browser Android.
fenix#40225: Bundled extensions don't get updated with Android Tor
Browser updates.
Bug 40030: Install HTTPS Everywhere and NoScript addons on startup.
HTTPS Everywhere is installed as a builtin extension and NoScript as
a regular AMO addon. To avoid unnecessary I/O we only install NoScript
the first time, and rely on the browser addon updating mechanism for
keeping up with new versions. This is the same behaviour that was
implemented in the Fennec-based Tor Browser, where it was installed
as a "distribution addon", which also only occurred once.
Bug 40062: HTTPS Everywhere is not shown as installed
Also 40070: Consider storing the list of recommended addons
This implements our own AddonsProvider, which loads the list of
available addons from assets instead of fetching it from an
endpoint. In this list, we replace https-everywhere by
our https-everywhere-eff, so that the EFF one is shown as installed
in the addons list and the AMO one is not displayed.
Also, we hide the uninstall button for builtin addons.
Bug 40058: Hide option for disallowing addon in private modema1ma1https://gitlab.torproject.org/tpo/applications/fenix/-/merge_requests/154fixup! Bug 41314: Add YEC 2022 strings to torbutton and fenix2022-09-23T16:13:56Zboklmfixup! Bug 41314: Add YEC 2022 strings to torbutton and fenixCloses tor-browser#41318Closes tor-browser#41318boklmboklmhttps://gitlab.torproject.org/tpo/applications/fenix/-/merge_requests/153Bug 41314: Add YEC 2022 strings to torbutton and fenix2022-09-22T18:47:10ZrichardBug 41314: Add YEC 2022 strings to torbutton and fenixen-US strings for YEC 2022
cc @emmapeel @nicob @danen-US strings for YEC 2022
cc @emmapeel @nicob @danrichardrichardhttps://gitlab.torproject.org/tpo/applications/fenix/-/merge_requests/152tor-browser#41159 Remove HTTPS Everywhere from Tor Browser Android2022-09-22T20:26:48Zma1tor-browser#41159 Remove HTTPS Everywhere from Tor Browser AndroidThis patch automatically removes HTTPS Everywhereon startup (tor-browser#41159) if and only if:
1. Has not been automatically removed yet (which check and set a persistent ```httpsEverywhereRemoved``` boolean flag)
2. User opted out fr...This patch automatically removes HTTPS Everywhereon startup (tor-browser#41159) if and only if:
1. Has not been automatically removed yet (which check and set a persistent ```httpsEverywhereRemoved``` boolean flag)
2. User opted out from built-in HTTPS-Only
In next alpha and in stable we plan not to check for #2 anymore but just forcibly turn HTTPS-Only ON once, contextually to the one-time extension removal.
From then on user can freely choose any combination of HTTPS-Only and HTTPS Everywhere at their own risk.ma1ma1https://gitlab.torproject.org/tpo/applications/fenix/-/merge_requests/151Turn shouldUseHttpsOnly's default to true (fixes tor-browser#41094).2022-09-02T12:29:13Zma1Turn shouldUseHttpsOnly's default to true (fixes tor-browser#41094).It seems to work as expected (screenshots attached):
1. HTTPS-only is enabled by default and can be switched on/off in settings
2. HTTPS-only kicks in before HTTPS Everywhere (which we're keeping around for now): this users can provide ...It seems to work as expected (screenshots attached):
1. HTTPS-only is enabled by default and can be switched on/off in settings
2. HTTPS-only kicks in before HTTPS Everywhere (which we're keeping around for now): this users can provide feedback about our goal setup (no HTTPSE) but they're not locked in if they really need to switch back to HTTPS Everywhere.
![HTTPS-only settings screenshot](/uploads/88227096f9557d98dd739706edce5706/Screenshot_20220902_132852.png)
![Screenshot_20220902_133335](/uploads/539d100036f6e1aa408f6a95d749d4cd/Screenshot_20220902_133335.png)ma1ma1https://gitlab.torproject.org/tpo/applications/fenix/-/merge_requests/149Bug 40221: Rebased fenix to v1022022-08-01T16:37:31ZPier Angelo VendrameBug 40221: Rebased fenix to v102Closes: #40221.Closes: #40221.Pier Angelo VendramePier Angelo Vendramehttps://gitlab.torproject.org/tpo/applications/fenix/-/merge_requests/148Bug 40212: Disable more telemetry (especially, since it caused crashes)2022-05-20T19:01:33ZPier Angelo VendrameBug 40212: Disable more telemetry (especially, since it caused crashes)This is another patch for #40212, that is intended also to replace my brutal patch.
It solves the crash on my test device and on my daily driver (both of them experienced them).
I _think_ that the cause of the crash was Glean not initi...This is another patch for #40212, that is intended also to replace my brutal patch.
It solves the crash on my test device and on my daily driver (both of them experienced them).
I _think_ that the cause of the crash was Glean not initialized/only partially initialized, during a call to `Glean.setUploadEnabled(true)` (see `app/src/main/java/org/mozilla/fenix/components/metrics/GleanMetricsService.kt`).
I'm not 100% satisfied by this patch, because I encountered a huge amount of these lines in logcat:
```
05-18 12:09:49.904 2624 2660 I glean/Dispatchers: Task queued for execution and delayed until flushed
```
at a certain point they are replaced by these ones:
```
05-18 12:09:49.904 2624 2660 E glean/Dispatchers: Exceeded maximum queue size, discarding task
```
which means that they're not being sent (good).
Maybe good enough for the alpha? I propose that we merge, tag and start build4 from it (since we have the problem with the addons and `mozconfig-android-all` anyway).
In Glean's Rust code I've seen that some parts use an unbounded channel, but from the above error I'd say we are not risking to fill the memory.
Anyway, I think that we should investigate a little bit more, but I fear that fixing these errors require modifications to glean, which we currently take directly as a third-party package.
While writing the text for this MR, I've noticed that these Glean logs are also on the debug build. This means we might be able to get to them.Pier Angelo VendramePier Angelo Vendramehttps://gitlab.torproject.org/tpo/applications/fenix/-/merge_requests/147Bug 40212: Disabled all telemetry "brutally"2022-05-06T16:06:09ZPier Angelo VendrameBug 40212: Disabled all telemetry "brutally"As a temporary fix for crashes in the telemetry code, we modified the function that tells whether telemetry is enabled to always tall that it is not.As a temporary fix for crashes in the telemetry code, we modified the function that tells whether telemetry is enabled to always tall that it is not.Pier Angelo VendramePier Angelo Vendramehttps://gitlab.torproject.org/tpo/applications/fenix/-/merge_requests/144Resolve #40213: Rebase Fenix patches to 99.02022-05-17T12:40:24ZaguestuserResolve #40213: Rebase Fenix patches to 99.0# context
- tor-browser-build#40446
# changes
- Rebase fenix from [tor-browser-96.3.0-11.5-1](http://eweiibe6tdjsdprb4px6rqrzzcsi22m4koia44kc5pcjr7nec2rlxyad.onion/tpo/applications/fenix/-/tree/tor-browser-96.3.0-11.5-1) onto [tor-brow...# context
- tor-browser-build#40446
# changes
- Rebase fenix from [tor-browser-96.3.0-11.5-1](http://eweiibe6tdjsdprb4px6rqrzzcsi22m4koia44kc5pcjr7nec2rlxyad.onion/tpo/applications/fenix/-/tree/tor-browser-96.3.0-11.5-1) onto [tor-browser-99.0.0b3-11.5-1](http://eweiibe6tdjsdprb4px6rqrzzcsi22m4koia44kc5pcjr7nec2rlxyad.onion/tpo/applications/fenix/-/commits/tor-browser-99.0.0b3-11.5-1)
- see comments for notes on merge conflictsaguestuseraguestuser