From b7bf572b77a1c355473204a79da912d2333e392f Mon Sep 17 00:00:00 2001
From: Piero V <vogliadifarniente@gmail.com>
Date: Fri, 7 Jan 2022 12:49:02 +0100
Subject: [PATCH 1/3] Fixed tests for Tor Browser 11/Firefox 91.

Canged fp_navigator and fp_useragent to test with the correct version.

The screen dimensions test was failing because letterboxing is disabled
on about:pages (I checked with Richard, and this is the indended
behavior).
Therefore, the test is now run on a TPO page, and it passes.

Updated the settings test, to check for new settings (see
tor-browser!215), and not to check anymore for deprecated and removed
settings (see tor-browser#40177).

As a result of these settings changes, some DOM objects are now
exposed:
* pointer events
* gamepads
* applicationCache
* visualViewport
However, Tor Browser already contains mitigatins against their use for
fingerprinting (e.g., gamepads do not work, Mozilla added some
protections to pointer events for Bugzilla#1363508, letterboxing should
prevent fingerprinting on visualViewport, cache storage is 0 bytes,
etc...).
Some other DOM objects are just new (e.g., clientInformation).

Finally, HTTPS everywhere test failed because now Firefox redirects to
HTTPS if available, even when HTTPS-Only Mode is not enabled.
To detect if HTTPS everywhere is actually the responsible of the
redirect, we need to run it with dom.security.https_first_pbm set to
false.
---
 .../test_dom-objects-enumeration.py           | 21 ++++++--
 .../tor_browser_tests/test_fp_navigator.py    |  3 +-
 .../test_fp_screen_dimensions.py              |  2 +
 .../tor_browser_tests/test_fp_useragent.py    |  3 +-
 .../test_https-everywhere.py                  |  7 ++-
 marionette/tor_browser_tests/test_settings.py | 48 +++++++++++++------
 6 files changed, 62 insertions(+), 22 deletions(-)

diff --git a/marionette/tor_browser_tests/test_dom-objects-enumeration.py b/marionette/tor_browser_tests/test_dom-objects-enumeration.py
index 26ff945..666e9b0 100644
--- a/marionette/tor_browser_tests/test_dom-objects-enumeration.py
+++ b/marionette/tor_browser_tests/test_dom-objects-enumeration.py
@@ -17,6 +17,7 @@ class Test(testsuite.TorBrowserTest):
                 "AbortSignal",
                 "AbstractRange",
                 "addEventListener",
+                "applicationCache",
                 "alert",
                 "Animation",
                 "AnimationEffect",
@@ -61,6 +62,7 @@ class Test(testsuite.TorBrowserTest):
                 "CharacterData",
                 "clearInterval",
                 "clearTimeout",
+                "clientInformation",
                 "Clipboard",
                 "ClipboardEvent",
                 "close",
@@ -368,6 +370,7 @@ class Test(testsuite.TorBrowserTest):
                 "NotifyPaintEvent",
                 "Number",
                 "Object",
+                "OfflineResourceList",
                 "onabort",
                 "onabsolutedeviceorientation",
                 "onafterprint",
@@ -376,6 +379,7 @@ class Test(testsuite.TorBrowserTest):
                 "onanimationiteration",
                 "onanimationstart",
                 "onauxclick",
+                "onbeforeinput",
                 "onbeforeprint",
                 "onbeforeunload",
                 "onblur",
@@ -387,10 +391,8 @@ class Test(testsuite.TorBrowserTest):
                 "oncontextmenu",
                 "oncuechange",
                 "ondblclick",
-                "ondevicelight",
                 "ondevicemotion",
                 "ondeviceorientation",
-                "ondeviceproximity",
                 "ondrag",
                 "ondragend",
                 "ondragenter",
@@ -405,6 +407,9 @@ class Test(testsuite.TorBrowserTest):
                 "onerror",
                 "onfocus",
                 "onformdata",
+                "ongamepadconnected",
+                "ongamepaddisconnected",
+                "ongotpointercapture",
                 "onhashchange",
                 "oninput",
                 "oninvalid",
@@ -417,6 +422,7 @@ class Test(testsuite.TorBrowserTest):
                 "onloadedmetadata",
                 "onloadend",
                 "onloadstart",
+                "onlostpointercapture",
                 "onmessage",
                 "onmessageerror",
                 "onmousedown",
@@ -435,6 +441,14 @@ class Test(testsuite.TorBrowserTest):
                 "onpause",
                 "onplay",
                 "onplaying",
+                "onpointercancel",
+                "onpointerdown",
+                "onpointerenter",
+                "onpointerleave",
+                "onpointermove",
+                "onpointerout",
+                "onpointerover",
+                "onpointerup",
                 "onpopstate",
                 "onprogress",
                 "onratechange",
@@ -459,7 +473,6 @@ class Test(testsuite.TorBrowserTest):
                 "ontransitionstart",
                 "onunhandledrejection",
                 "onunload",
-                "onuserproximity",
                 "onvolumechange",
                 "onwaiting",
                 "onwebkitanimationend",
@@ -498,6 +511,7 @@ class Test(testsuite.TorBrowserTest):
                 "personalbar",
                 "Plugin",
                 "PluginArray",
+                "PointerEvent",
                 "PopStateEvent",
                 "PopupBlockedEvent",
                 "postMessage",
@@ -713,6 +727,7 @@ class Test(testsuite.TorBrowserTest):
                 "ValidityState",
                 "valueOf",
                 "VideoPlaybackQuality",
+                "visualViewport",
                 "VisualViewport",
                 "VTTCue",
                 "VTTRegion",
diff --git a/marionette/tor_browser_tests/test_fp_navigator.py b/marionette/tor_browser_tests/test_fp_navigator.py
index 91dc951..e976d85 100644
--- a/marionette/tor_browser_tests/test_fp_navigator.py
+++ b/marionette/tor_browser_tests/test_fp_navigator.py
@@ -56,7 +56,8 @@ class Test(MarionetteTestCase):
             app_version = "5.0 (Macintosh)"
             platform = "MacIntel"
             oscpu = "Intel Mac OS X 10.13"
-        nav_props["userAgent"] = "Mozilla/5.0 (" + ua_os + "; rv:78.0) Gecko/20100101 Firefox/78.0"
+        ua_ver = '91.0'
+        nav_props["userAgent"] = "Mozilla/5.0 (" + ua_os + "; rv:" + ua_ver + ") Gecko/20100101 Firefox/" + ua_ver
         nav_props["appVersion"] = app_version
         nav_props["platform"] = platform
         nav_props["oscpu"] = oscpu
diff --git a/marionette/tor_browser_tests/test_fp_screen_dimensions.py b/marionette/tor_browser_tests/test_fp_screen_dimensions.py
index 2e0af6d..48de4d6 100644
--- a/marionette/tor_browser_tests/test_fp_screen_dimensions.py
+++ b/marionette/tor_browser_tests/test_fp_screen_dimensions.py
@@ -3,6 +3,8 @@ from marionette_harness import MarionetteTestCase
 class Test(MarionetteTestCase):
     def test_screen_dims(self):
         with self.marionette.using_context('content'):
+            self.marionette.navigate('https://check.torproject.org/')
+
             # https://gitweb.torproject.org/torbrowser.git/blob/HEAD:/src/current-patches/firefox/0021-Do-not-expose-physical-screen-info.-via-window-and-w.patch
             js = self.marionette.execute_script
             # check that availWidth and availHeight are equal to window innerWidth and innerHeight
diff --git a/marionette/tor_browser_tests/test_fp_useragent.py b/marionette/tor_browser_tests/test_fp_useragent.py
index 5b32bb3..13da933 100644
--- a/marionette/tor_browser_tests/test_fp_useragent.py
+++ b/marionette/tor_browser_tests/test_fp_useragent.py
@@ -15,5 +15,6 @@ class Test(MarionetteTestCase):
                 ua_os = 'Windows NT 6.1; Win64; x64'
             if osname == 'MacOSX':
                 ua_os = 'Macintosh; Intel Mac OS X 10.13'
-            self.assertEqual("Mozilla/5.0 (" + ua_os + "; rv:78.0) Gecko/20100101 Firefox/78.0",
+            ua_ver = '91.0'
+            self.assertEqual("Mozilla/5.0 (" + ua_os + "; rv:" + ua_ver + ") Gecko/20100101 Firefox/" + ua_ver,
                               js("return navigator.userAgent"))
diff --git a/marionette/tor_browser_tests/test_https-everywhere.py b/marionette/tor_browser_tests/test_https-everywhere.py
index 7819771..443c9a6 100644
--- a/marionette/tor_browser_tests/test_https-everywhere.py
+++ b/marionette/tor_browser_tests/test_https-everywhere.py
@@ -10,8 +10,8 @@ class Test(MarionetteTestCase):
         ts = testsuite.TestSuite()
         self.ts = ts
 
-        self.HTTP_URL = "http://httpbin.org/"
-        self.HTTPS_URL = "https://httpbin.org/"
+        self.HTTP_URL = "http://https-everywhere.badssl.com/redirect-test/status.svg"
+        self.HTTPS_URL = "https://https-everywhere.badssl.com/redirect-test/status.svg"
 
         self.is_disabled = self.ts.t['test']['name'] == 'https-everywhere-disabled'
 
@@ -51,6 +51,9 @@ class Test(MarionetteTestCase):
                     lambda _: m.execute_script("return OnionAliasStore._onionMap.size;") > 0)
 
         with self.marionette.using_context('content'):
+            # Even without HTTPS Everywhere, Firefox checks if HTTPS is
+            # available, with this set to true
+            self.marionette.set_pref('dom.security.https_first_pbm', False)
             self.marionette.navigate(self.HTTP_URL)
 
             if not self.is_disabled:
diff --git a/marionette/tor_browser_tests/test_settings.py b/marionette/tor_browser_tests/test_settings.py
index f24cdd0..86dfe77 100644
--- a/marionette/tor_browser_tests/test_settings.py
+++ b/marionette/tor_browser_tests/test_settings.py
@@ -32,11 +32,13 @@ class Test(MarionetteTestCase):
                 # Disk activity: Disable Browsing History Storage
                 "browser.privatebrowsing.autostart": True,
                 "browser.cache.disk.enable": False,
-                "browser.cache.offline.enable": False,
                 "permissions.memory_only": True,
                 "network.cookie.lifetimePolicy": 2,
                 "security.nocertdb": True,
 
+                # Enabled LSNG
+                "dom.storage.next_gen": True,
+
                 # Disk activity: TBB Directory Isolation
                 "browser.download.useDownloadDir": False,
                 "browser.shell.checkDefaultBrowser": False,
@@ -60,6 +62,9 @@ class Test(MarionetteTestCase):
                 "datareporting.policy.dataSubmissionEnabled": False,
                 "security.mixed_content.block_active_content": True, # Activated with bug #21323
 
+                # Bug 40083: Make sure Region.jsm fetching is disabled
+                "browser.region.update.enabled": False,
+
                 # Make sure Unified Telemetry is really disabled, see: #18738.
                 "toolkit.telemetry.unified": False,
                 "toolkit.telemetry.enabled": True if ts.t["tbbinfos"]["version"].startswith("tbb-nightly") else False,
@@ -75,10 +80,8 @@ class Test(MarionetteTestCase):
                 "privacy.trackingprotection.pbmode.enabled": False,
                 # Disable the Pocket extension (Bug #18886 and #31602)
                 "extensions.pocket.enabled": False,
-                "network.http.referer.hideOnionSource": True,
 
                 # Fingerprinting
-                "webgl.disable-extensions": True,
                 "webgl.disable-fail-if-major-performance-caveat": True,
                 "webgl.enable-webgl2": False,
                 "gfx.downloadable_fonts.fallback_delay": -1,
@@ -91,22 +94,38 @@ class Test(MarionetteTestCase):
                 "privacy.resistFingerprinting.block_mozAddonManager": True, # Bug 26114
                 "dom.webaudio.enabled": False, # Bug 13017: Disable Web Audio API
                 "dom.w3c_touch_events.enabled": 0, # Bug 10286: Always disable Touch API
-                "dom.w3c_pointer_events.enabled": False,
                 "dom.vr.enabled": False, # Bug 21607: Disable WebVR for now
                 # Disable randomised Firefox HTTP cache decay user test groups (Bug: 13575)
                 "security.webauth.webauthn": False, # Bug 26614: Disable Web Authentication API for now
+                # Disable SAB, no matter if the sites are cross-origin isolated.
+                "dom.postMessage.sharedArrayBuffer.withCOOP_COEP": False,
+                "network.http.referer.hideOnionSource": True,
+                # Bug 40463: Disable Windows SSO
+                "network.http.windows-sso.enabled": False,
+                # Bug 40383: Disable new PerformanceEventTiming
+                "dom.enable_event_timing": False,
+                # Disable API for measuring text width and height.
+                "dom.textMetrics.actualBoundingBox.enabled": False,
+                "dom.textMetrics.baselines.enabled": False,
+                "dom.textMetrics.emHeight.enabled": False,
+                "dom.textMetrics.fontBoundingBox.enabled": False,
+                "pdfjs.enableScripting": False,
 
                 # Third party stuff
                 "network.cookie.cookieBehavior": 1,
                 "privacy.firstparty.isolate": True,
                 "network.http.spdy.allow-push": False, # Disabled for now. See https://bugs.torproject.org/27127
                 "network.predictor.enabled": False, # Temporarily disabled. See https://bugs.torproject.org/16633
+                # Bug 40177: Make sure tracker cookie purging is disabled
+                "privacy.purge_trackers.enabled": False,
                 
                 # Proxy and proxy security
                 "network.proxy.socks": "127.0.0.1",
                 "network.proxy.socks_remote_dns": True,
                 "network.proxy.no_proxies_on": "", # For fingerprinting and local service vulns (#10419)
                 "network.proxy.type": 1,
+                # Bug 40548: Disable proxy-bypass
+                "network.proxy.failover_direct": False,
                 "network.security.ports.banned": "9050,9051,9150,9151",
                 "network.dns.disablePrefetch": True,
                 "network.protocol-handler.external-default": False,
@@ -118,7 +137,6 @@ class Test(MarionetteTestCase):
                 "network.protocol-handler.warn-external.news": True,
                 "network.protocol-handler.warn-external.nntp": True,
                 "network.protocol-handler.warn-external.snews": True,
-                "plugin.state.flash": 0,
                 "media.peerconnection.enabled": False, # Disable WebRTC interfaces
                 # Disables media devices but only if `media.peerconnection.enabled` is set to
                 # `false` as well. (see bug 16328 for this defense-in-depth measure)
@@ -173,14 +191,14 @@ class Test(MarionetteTestCase):
                 # extensions.enabledScopes is set to 5 by marionette_driver
                 #"extensions.enabledScopes": 1,
                 "extensions.pendingOperations": False,
-                "xpinstall.whitelist.add": "",
-                "xpinstall.whitelist.add.36": "",
                 # We don't know what extensions Mozilla is advertising to our users and we
                 # don't want to have some random Google Analytics script running either on the
                 # about:addons page, see bug 22073 and 22900.
                 "extensions.getAddons.showPane": False,
                 # Bug 26114: Allow NoScript to access addons.mozilla.org etc.
                 "extensions.webextensions.restrictedDomains": "",
+                # Don't give Mozilla-recommended third-party extensions special privileges.
+                "extensions.postDownloadThirdPartyPrompt": False,
 
                 "dom.enable_resource_timing": False,
 
@@ -190,16 +208,12 @@ class Test(MarionetteTestCase):
                 # Enforce certificate pinning, see: https://bugs.torproject.org/16206
                 "security.cert_pinning.enforcement_level": 2,
 
+                # Don't load OS client certs.
+                "security.osclientcerts.autoload": False,
+
                 # Don't allow MitM via Microsoft Family Safety, see bug 21686
                 "security.family_safety.mode": 0,
 
-                # Disable the language pack signing check for now, see: bug 26465
-
-                # Avoid report TLS errors to Mozilla. We might want to repurpose this feature
-                # one day to help detecting bad relays (which is bug 19119). For now we just
-                # hide the checkbox, see bug 22072.
-                "security.ssl.errorReporting.enabled": False,
-
                 # Workaround for https://bugs.torproject.org/13579. Progress on
                 # `about:downloads` is only shown if the following preference is set to `true`
                 # in case the download panel got removed from the toolbar.
@@ -211,7 +225,7 @@ class Test(MarionetteTestCase):
                 # checking torbrowser.version match the version from the filename
                 "torbrowser.version": ts.t["tbbinfos"]["version"],
 
-                "startup.homepage_override_url": "https://blog.torproject.org/category/tags/tor-browser",
+                "startup.homepage_override_url": "https://blog.torproject.org/category/applications",
 
                 # Disable network information API everywhere
                 # but, alas, the behavior is inconsistent across platforms, see:
@@ -220,6 +234,10 @@ class Test(MarionetteTestCase):
                 "dom.netinfo.enabled": False,
                 }
 
+        MOZ_BUNDLED_FONTS = True
+        if MOZ_BUNDLED_FONTS:
+            self.SETTINGS["gfx.bundled-fonts.activate"] = 1
+
         # Settings for the Tor Browser 8.0
         self.SETTINGS_80 = {
                 }
-- 
GitLab


From 0167631fd8a5737d9d6c21e1f5fa02e6c71bcff6 Mon Sep 17 00:00:00 2001
From: Pier Angelo Vendrame <pierov@torproject.org>
Date: Mon, 10 Jan 2022 17:31:51 +0100
Subject: [PATCH 2/3] Changed the IP address for the bridge test

The bridge test was not ending, because the bridge specified in the
configuration was down. With this new bridge, the test passed as
expected.
---
 tor-config/tor_bridge.conf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tor-config/tor_bridge.conf b/tor-config/tor_bridge.conf
index 5d82115..23eb9eb 100644
--- a/tor-config/tor_bridge.conf
+++ b/tor-config/tor_bridge.conf
@@ -1,4 +1,4 @@
 [% INCLUDE main_config %]
 
 UseBridges 1
-Bridge 35.170.192.213:12358
+Bridge 185.100.87.30:80 5B403DFE34F4872EB027059CECAE30B0C864B3A2
-- 
GitLab


From 1e53c8a9667e3d3f429b4473ce5af1794ab0a8f1 Mon Sep 17 00:00:00 2001
From: Pier Angelo Vendrame <pierov@torproject.org>
Date: Mon, 17 Jan 2022 09:32:31 +0100
Subject: [PATCH 3/3] Bug 40033: Use Python 2 for the test virtual environment

---
 setup-virtualenv | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/setup-virtualenv b/setup-virtualenv
index f0c6288..9641ee1 100755
--- a/setup-virtualenv
+++ b/setup-virtualenv
@@ -42,7 +42,7 @@ if ($OSNAME eq 'cygwin') {
 }
 
 unless (-d $virtenv_marionette_dir) {
-    run($virtualenv_cmd, $virtenv_marionette_dir);
+    run($virtualenv_cmd, $virtenv_marionette_dir, '-p', 'python2');
     # upgrade pip and setuptools
     run("$virtenv_marionette_dir/$bin/pip", 'install', '--upgrade', 'pip');
     run("$virtenv_marionette_dir/$bin/pip", 'install', '--upgrade', 'setuptools');
-- 
GitLab