.gitignore

@@ -193,3 +193,6 @@ config/external/icu4x
 # Ignore Storybook generated files
 browser/components/storybook/node_modules/
 browser/components/storybook/storybook-static/
+
+# Ignore binary base of tor browser
+.binaries

browser/actors/AboutTBUpdateChild.jsm

+// Copyright (c) 2020, The Tor Project, Inc.
+// See LICENSE for licensing information.
+//
+// vim: set sw=2 sts=2 ts=8 et syntax=javascript:
+
+var EXPORTED_SYMBOLS = ["AboutTBUpdateChild"];
+
+const { RemotePageChild } = ChromeUtils.import(
+  "resource://gre/actors/RemotePageChild.jsm"
+);
+
+class AboutTBUpdateChild extends RemotePageChild {}

browser/actors/AboutTBUpdateParent.jsm

+// Copyright (c) 2020, The Tor Project, Inc.
+// See LICENSE for licensing information.
+//
+// vim: set sw=2 sts=2 ts=8 et syntax=javascript:
+
+"use strict";
+
+this.EXPORTED_SYMBOLS = ["AboutTBUpdateParent"];
+
+const { Services } = ChromeUtils.import("resource://gre/modules/Services.jsm");
+const { AppConstants } = ChromeUtils.import(
+  "resource://gre/modules/AppConstants.jsm"
+);
+
+const kRequestUpdateMessageName = "FetchUpdateData";
+
+/**
+ * This code provides services to the about:tbupdate page. Whenever
+ * about:tbupdate needs to do something chrome-privileged, it sends a
+ * message that's handled here. It is modeled after Mozilla's about:home
+ * implementation.
+ */
+class AboutTBUpdateParent extends JSWindowActorParent {
+  async receiveMessage(aMessage) {
+    if (aMessage.name == kRequestUpdateMessageName) {
+      return this.getReleaseNoteInfo();
+    }
+    return undefined;
+  }
+
+  get moreInfoURL() {
+    try {
+      return Services.prefs.getCharPref("torbrowser.post_update.url");
+    } catch (e) {}
+
+    // Use the default URL as a fallback.
+    return Services.urlFormatter.formatURLPref("startup.homepage_override_url");
+  }
+
+  // Read the text from the beginning of the changelog file that is located
+  // at TorBrowser/Docs/ChangeLog.txt and return an object that contains
+  // the following properties:
+  //   version        e.g., Tor Browser 8.5
+  //   releaseDate    e.g., March 31 2019
+  //   releaseNotes   details of changes (lines 2 - end of ChangeLog.txt)
+  // We attempt to parse the first line of ChangeLog.txt to extract the
+  // version and releaseDate. If parsing fails, we return the entire first
+  // line in version and omit releaseDate.
+  //
+  // On Mac OS, when building with --enable-tor-browser-data-outside-app-dir
+  // to support Gatekeeper signing, the ChangeLog.txt file is located in
+  // TorBrowser.app/Contents/Resources/TorBrowser/Docs/.
+  async getReleaseNoteInfo() {
+    let info = { moreInfoURL: this.moreInfoURL };
+
+    try {
+      let f;
+      if (AppConstants.TOR_BROWSER_DATA_OUTSIDE_APP_DIR) {
+        // "XREExeF".parent is the directory that contains firefox, i.e.,
+        // Browser/ or, on Mac OS, TorBrowser.app/Contents/MacOS/.
+        f = Services.dirsvc.get("XREExeF", Ci.nsIFile).parent;
+        if (AppConstants.platform === "macosx") {
+          f = f.parent;
+          f.append("Resources");
+        }
+        f.append("TorBrowser");
+      } else {
+        // "DefProfRt" is .../TorBrowser/Data/Browser
+        f = Services.dirsvc.get("DefProfRt", Ci.nsIFile);
+        f = f.parent.parent; // Remove "Data/Browser"
+      }
+
+      f.append("Docs");
+      f.append("ChangeLog.txt");
+
+      // NOTE: We load in the entire file, but only use the first few lines
+      // before the first blank line.
+      const logLines = (await IOUtils.readUTF8(f.path))
+        .replace(/\n\r?\n.*/ms, "")
+        .split(/\n\r?/);
+
+      // Read the first line to get the version and date.
+      // Assume everything after the last "-" is the date.
+      const firstLine = logLines.shift();
+      const match = firstLine?.match(/(.*)-+(.*)/);
+      if (match) {
+        info.version = match[1].trim();
+        info.releaseDate = match[2].trim();
+      } else {
+        // No date.
+        info.version = firstLine?.trim();
+      }
+
+      // We want to read the rest of the release notes as a tree. Each entry
+      // will contain the text for that line.
+      // We choose a negative index for the top node of this tree to ensure no
+      // line will appear less indented.
+      const topEntry = { indent: -1, children: undefined };
+      let prevEntry = topEntry;
+
+      for (let line of logLines) {
+        const indent = line.match(/^ */)[0];
+        line = line.trim();
+        if (line.startsWith("*")) {
+          // Treat as a bullet point.
+          let entry = {
+            text: line.replace(/^\*\s/, ""),
+            indent: indent.length,
+          };
+          let parentEntry;
+          if (entry.indent > prevEntry.indent) {
+            // A sub-list of the previous item.
+            prevEntry.children = [];
+            parentEntry = prevEntry;
+          } else {
+            // Same list or end of sub-list.
+            // Search for the first parent whose indent comes before ours.
+            parentEntry = prevEntry.parent;
+            while (entry.indent <= parentEntry.indent) {
+              parentEntry = parentEntry.parent;
+            }
+          }
+          entry.parent = parentEntry;
+          parentEntry.children.push(entry);
+          prevEntry = entry;
+        } else if (prevEntry === topEntry) {
+          // Unexpected, missing bullet point on first line.
+          // Place as its own bullet point instead, and set as prevEntry for the
+          // next loop.
+          prevEntry = { text: line, indent: indent.length, parent: topEntry };
+          topEntry.children = [prevEntry];
+        } else {
+          // Append to the previous bullet point.
+          prevEntry.text += ` ${line}`;
+        }
+      }
+
+      info.releaseNotes = topEntry.children;
+    } catch (e) {
+      Cu.reportError(e);
+    }
+
+    return info;
+  }
+}

browser/actors/CryptoSafetyChild.jsm

+/* -*- indent-tabs-mode: nil; js-indent-level: 2 -*- */
+/* Copyright (c) 2020, The Tor Project, Inc.
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+var EXPORTED_SYMBOLS = ["CryptoSafetyChild"];
+
+const { Bech32Decode } = ChromeUtils.import(
+  "resource://gre/modules/Bech32Decode.jsm"
+);
+
+const { XPCOMUtils } = ChromeUtils.import(
+  "resource://gre/modules/XPCOMUtils.jsm"
+);
+
+const kPrefCryptoSafety = "security.cryptoSafety";
+
+XPCOMUtils.defineLazyPreferenceGetter(
+  this,
+  "isCryptoSafetyEnabled",
+  kPrefCryptoSafety,
+  true /* defaults to true */
+);
+
+function looksLikeCryptoAddress(s) {
+  // P2PKH and P2SH addresses
+  // https://stackoverflow.com/a/24205650
+  const bitcoinAddr = /^[13][a-km-zA-HJ-NP-Z1-9]{25,39}$/;
+  if (bitcoinAddr.test(s)) {
+    return true;
+  }
+
+  // Bech32 addresses
+  if (Bech32Decode(s) !== null) {
+    return true;
+  }
+
+  // regular addresses
+  const etherAddr = /^0x[a-fA-F0-9]{40}$/;
+  if (etherAddr.test(s)) {
+    return true;
+  }
+
+  // t-addresses
+  // https://www.reddit.com/r/zec/comments/8mxj6x/simple_regex_to_validate_a_zcash_tz_address/dzr62p5/
+  const zcashAddr = /^t1[a-zA-Z0-9]{33}$/;
+  if (zcashAddr.test(s)) {
+    return true;
+  }
+
+  // Standard, Integrated, and 256-bit Integrated addresses
+  // https://monero.stackexchange.com/a/10627
+  const moneroAddr = /^4(?:[0-9AB]|[1-9A-HJ-NP-Za-km-z]{12}(?:[1-9A-HJ-NP-Za-km-z]{30})?)[1-9A-HJ-NP-Za-km-z]{93}$/;
+  if (moneroAddr.test(s)) {
+    return true;
+  }
+
+  return false;
+}
+
+class CryptoSafetyChild extends JSWindowActorChild {
+  handleEvent(event) {
+    if (isCryptoSafetyEnabled) {
+      // Ignore non-HTTP addresses
+      if (!this.document.documentURIObject.schemeIs("http")) {
+        return;
+      }
+      // Ignore onion addresses
+      if (this.document.documentURIObject.host.endsWith(".onion")) {
+        return;
+      }
+
+      if (event.type == "copy" || event.type == "cut") {
+        this.contentWindow.navigator.clipboard.readText().then(clipText => {
+          const selection = clipText.replace(/\s+/g, "");
+          if (looksLikeCryptoAddress(selection)) {
+            this.sendAsyncMessage("CryptoSafety:CopiedText", {
+              selection,
+            });
+          }
+        });
+      }
+    }
+  }
+}

browser/actors/CryptoSafetyParent.jsm

+/* -*- indent-tabs-mode: nil; js-indent-level: 2 -*- */
+/* Copyright (c) 2020, The Tor Project, Inc.
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+var EXPORTED_SYMBOLS = ["CryptoSafetyParent"];
+
+const { XPCOMUtils } = ChromeUtils.import(
+  "resource://gre/modules/XPCOMUtils.jsm"
+);
+
+XPCOMUtils.defineLazyModuleGetters(this, {
+  TorStrings: "resource:///modules/TorStrings.jsm",
+});
+
+const kPrefCryptoSafety = "security.cryptoSafety";
+
+XPCOMUtils.defineLazyPreferenceGetter(
+  this,
+  "isCryptoSafetyEnabled",
+  kPrefCryptoSafety,
+  true /* defaults to true */
+);
+
+class CryptoSafetyParent extends JSWindowActorParent {
+  getBrowser() {
+    return this.browsingContext.top.embedderElement;
+  }
+
+  receiveMessage(aMessage) {
+    if (isCryptoSafetyEnabled) {
+      if (aMessage.name == "CryptoSafety:CopiedText") {
+        showPopup(this.getBrowser(), aMessage.data.selection);
+      }
+    }
+  }
+}
+
+function trimAddress(cryptoAddr) {
+  if (cryptoAddr.length <= 32) {
+    return cryptoAddr;
+  }
+  return cryptoAddr.substring(0, 32) + "...";
+}
+
+function showPopup(aBrowser, cryptoAddr) {
+  const chromeDoc = aBrowser.ownerDocument;
+  if (chromeDoc) {
+    const win = chromeDoc.defaultView;
+    const cryptoSafetyPrompt = new CryptoSafetyPrompt(
+      aBrowser,
+      win,
+      cryptoAddr
+    );
+    cryptoSafetyPrompt.show();
+  }
+}
+
+class CryptoSafetyPrompt {
+  constructor(aBrowser, aWin, cryptoAddr) {
+    this._browser = aBrowser;
+    this._win = aWin;
+    this._cryptoAddr = cryptoAddr;
+  }
+
+  show() {
+    const primaryAction = {
+      label: TorStrings.cryptoSafetyPrompt.primaryAction,
+      accessKey: TorStrings.cryptoSafetyPrompt.primaryActionAccessKey,
+      callback: () => {
+        this._win.torbutton_new_circuit();
+      },
+    };
+
+    const secondaryAction = {
+      label: TorStrings.cryptoSafetyPrompt.secondaryAction,
+      accessKey: TorStrings.cryptoSafetyPrompt.secondaryActionAccessKey,
+      callback: () => {},
+    };
+
+    let _this = this;
+    const options = {
+      popupIconURL: "chrome://global/skin/icons/warning.svg",
+      eventCallback(aTopic) {
+        if (aTopic === "showing") {
+          _this._onPromptShowing();
+        }
+      },
+    };
+
+    const cryptoWarningText = TorStrings.cryptoSafetyPrompt.cryptoWarning.replace(
+      "%S",
+      trimAddress(this._cryptoAddr)
+    );
+
+    if (this._win.PopupNotifications) {
+      this._prompt = this._win.PopupNotifications.show(
+        this._browser,
+        "crypto-safety-warning",
+        cryptoWarningText,
+        null /* anchor ID */,
+        primaryAction,
+        [secondaryAction],
+        options
+      );
+    }
+  }
+
+  _onPromptShowing() {
+    let xulDoc = this._browser.ownerDocument;
+
+    let whatCanHeading = xulDoc.getElementById(
+      "crypto-safety-warning-notification-what-can-heading"
+    );
+    if (whatCanHeading) {
+      whatCanHeading.textContent = TorStrings.cryptoSafetyPrompt.whatCanHeading;
+    }
+
+    let whatCanBody = xulDoc.getElementById(
+      "crypto-safety-warning-notification-what-can-body"
+    );
+    if (whatCanBody) {
+      whatCanBody.textContent = TorStrings.cryptoSafetyPrompt.whatCanBody;
+    }
+
+    let learnMoreElem = xulDoc.getElementById(
+      "crypto-safety-warning-notification-learnmore"
+    );
+    if (learnMoreElem) {
+      learnMoreElem.setAttribute(
+        "value",
+        TorStrings.cryptoSafetyPrompt.learnMore
+      );
+      learnMoreElem.setAttribute(
+        "href",
+        TorStrings.cryptoSafetyPrompt.learnMoreURL
+      );
+    }
+  }
+}

browser/actors/NetErrorChild.jsm

@@ -13,6 +13,8 @@ const { RemotePageChild } = ChromeUtils.import(
   "resource://gre/actors/RemotePageChild.jsm"
 );
 
+const { TorStrings } = ChromeUtils.import("resource:///modules/TorStrings.jsm");
+
 XPCOMUtils.defineLazyServiceGetter(
   this,
   "gSerializationHelper",
@@ -32,6 +34,7 @@ class NetErrorChild extends RemotePageChild {
       "RPMAddToHistogram",
       "RPMRecordTelemetryEvent",
       "RPMGetHttpResponseHeader",
+      "RPMGetTorStrings",
     ];
     this.exportFunctions(exportableFunctions);
   }
@@ -110,4 +113,8 @@ class NetErrorChild extends RemotePageChild {
 
     return "";
   }
+
+  RPMGetTorStrings() {
+    return Cu.cloneInto(TorStrings.onionServices, this.contentWindow);
+  }
 }

browser/actors/NetErrorParent.jsm

@@ -18,6 +18,8 @@ const { TelemetryController } = ChromeUtils.import(
   "resource://gre/modules/TelemetryController.jsm"
 );
 
+const { TorConnect } = ChromeUtils.import("resource:///modules/TorConnect.jsm");
+
 const PREF_SSL_IMPACT_ROOTS = [
   "security.tls.version.",
   "security.ssl3.",
@@ -341,6 +343,10 @@ class NetErrorParent extends JSWindowActorParent {
             break;
           }
         }
+        break;
+      case "ShouldShowTorConnect":
+        return TorConnect.shouldShowTorConnect;
     }
+    return undefined;
   }
 }

browser/actors/moz.build

@@ -57,6 +57,8 @@ FINAL_TARGET_FILES.actors += [
     "ContentSearchParent.jsm",
     "ContextMenuChild.jsm",
     "ContextMenuParent.jsm",
+    "CryptoSafetyChild.jsm",
+    "CryptoSafetyParent.jsm",
     "DecoderDoctorChild.jsm",
     "DecoderDoctorParent.jsm",
     "DOMFullscreenChild.jsm",
@@ -93,3 +95,9 @@ FINAL_TARGET_FILES.actors += [
 BROWSER_CHROME_MANIFESTS += [
     "test/browser/browser.ini",
 ]
+
+if CONFIG["TOR_BROWSER_UPDATE"]:
+    FINAL_TARGET_FILES.actors += [
+        "AboutTBUpdateChild.jsm",
+        "AboutTBUpdateParent.jsm",
+    ]

browser/app/Makefile.in

@@ -97,10 +97,12 @@ tools repackage:: $(DIST)/bin/$(MOZ_APP_NAME) $(objdir)/macbuild/Contents/MacOS-
 	rsync -aL $(DIST)/bin/$(MOZ_APP_NAME) '$(dist_dest)/Contents/MacOS'
 	cp -RL $(topsrcdir)/$(MOZ_BRANDING_DIRECTORY)/firefox.icns '$(dist_dest)/Contents/Resources/firefox.icns'
 	cp -RL $(topsrcdir)/$(MOZ_BRANDING_DIRECTORY)/document.icns '$(dist_dest)/Contents/Resources/document.icns'
+ifndef TOR_BROWSER_UPDATE
 	$(MKDIR) -p '$(dist_dest)/Contents/Library/LaunchServices'
 ifdef MOZ_UPDATER
 	mv -f '$(dist_dest)/Contents/MacOS/updater.app/Contents/MacOS/org.mozilla.updater' '$(dist_dest)/Contents/Library/LaunchServices'
 	ln -s ../../../../Library/LaunchServices/org.mozilla.updater '$(dist_dest)/Contents/MacOS/updater.app/Contents/MacOS/org.mozilla.updater'
 endif
-	printf APPLMOZB > '$(dist_dest)/Contents/PkgInfo'
+endif
+	printf APPLTORB > '$(dist_dest)/Contents/PkgInfo'
 endif

browser/app/macbuild/Contents/Info.plist.in

@@ -179,7 +179,7 @@
 	<key>CFBundleShortVersionString</key>
 	<string>@APP_VERSION@</string>
 	<key>CFBundleSignature</key>
-	<string>MOZB</string>
+	<string>TORB</string>
 	<key>CFBundleURLTypes</key>
 	<array>
 		<dict>

browser/app/permissions

@@ -6,3 +6,8 @@
 # * permission is an integer between 1 and 15
 # Permissions defined here will also be set for private browsing.
 # See PermissionManager.cpp for more...
+
+# UITour
+# DuckDuckGo .onion (used for circuit display onboarding).
+origin	uitour	1	https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion/
+origin	uitour	1	about:tor

browser/app/profile/000-tor-browser.js

+#include 001-base-profile.js
+
+pref("app.update.notifyDuringDownload", true);
+pref("app.update.url.manual", "https://www.torproject.org/download/languages/");
+pref("app.update.url.details", "https://www.torproject.org/download/");
+pref("app.update.badgeWaitTime", 0);
+pref("app.releaseNotesURL", "about:blank");
+// disables the 'What's New?' link in the about dialog, otherwise we need to
+// duplicate logic for generating the url to the blog post that is already more
+// easily found in about:tor
+pref("app.releaseNotesURL.aboutDialog", "about:blank");
+// point to our feedback url rather than Mozilla's
+pref("app.feedback.baseURL", "https://support.torproject.org/%LOCALE%/get-in-touch/");
+
+pref("browser.shell.checkDefaultBrowser", false);
+
+// Proxy and proxy security
+pref("network.proxy.socks", "127.0.0.1");
+pref("network.proxy.socks_port", 9150);
+pref("network.proxy.socks_remote_dns", true);
+pref("network.proxy.no_proxies_on", ""); // For fingerprinting and local service vulns (#10419)
+pref("network.proxy.allow_hijacking_localhost", true); // Allow proxies for localhost (#31065)
+pref("network.proxy.type", 1);
+// Bug 40548: Disable proxy-bypass
+pref("network.proxy.failover_direct", false);
+// localhost is already blocked by setting `network.proxy.allow_hijacking_localhost` to
+// true, allowing users to explicitly block ports makes them fingerprintable; for details, see
+// Bug 41317: Tor Browser leaks banned ports in network.security.ports.banned
+pref("network.security.ports.banned", "", locked);
+pref("network.dns.disabled", true); // This should cover the #5741 patch for DNS leaks
+pref("network.http.max-persistent-connections-per-proxy", 256);
+
+pref("browser.uiCustomization.state", "{\"placements\":{\"widget-overflow-fixed-list\":[],\"PersonalToolbar\":[\"personal-bookmarks\"],\"nav-bar\":[\"back-button\",\"forward-button\",\"stop-reload-button\",\"urlbar-container\",\"torbutton-button\",\"security-level-button\",\"new-identity-button\",\"downloads-button\"],\"TabsToolbar\":[\"tabbrowser-tabs\",\"new-tab-button\",\"alltabs-button\"],\"toolbar-menubar\":[\"menubar-items\"],\"PanelUI-contents\":[\"home-button\",\"edit-controls\",\"zoom-controls\",\"new-window-button\",\"save-page-button\",\"print-button\",\"bookmarks-menu-button\",\"history-panelmenu\",\"find-button\",\"preferences-button\",\"add-ons-button\",\"developer-button\"],\"addon-bar\":[\"addonbar-closebutton\",\"status-bar\"]},\"seen\":[\"developer-button\",\"_73a6fe31-595d-460b-a920-fcc0f8843232_-browser-action\"],\"dirtyAreaCache\":[\"PersonalToolbar\",\"nav-bar\",\"TabsToolbar\",\"toolbar-menubar\"],\"currentVersion\":14,\"newElementCount\":1}");
+
+// Treat .onions as secure
+pref("dom.securecontext.allowlist_onions", true);
+
+// Disable HTTPS-Only mode for .onion domains (tor-browser#19850)
+pref("dom.security.https_only_mode.upgrade_onion", false);
+
+// tor-browser#22320: Hide referer when comming from a .onion address
+pref("network.http.referer.hideOnionSource", true);
+
+// Bug 40423/41137: Disable http/3
+// We should re-enable it as soon as Tor gets UDP support
+pref("network.http.http3.enabled", false);
+
+// 0 = do not use a second connection, see all.js and #7656
+pref("network.http.connection-retry-timeout", 0);
+
+#expand pref("torbrowser.version", __TOR_BROWSER_VERSION_QUOTED__);
+
+// Old torbutton prefs
+
+// debug prefs
+pref("extensions.torbutton.loglevel", 4);
+pref("extensions.torbutton.logmethod", 1); // 0=stdout, 1=errorconsole, 2=debuglog
+
+// Display prefs
+pref("extensions.torbutton.display_circuit", true);
+
+// Tor check and proxy prefs
+pref("extensions.torbutton.test_enabled", true);
+pref("extensions.torbutton.test_url", "https://check.torproject.org/?TorButton=true");
+pref("extensions.torbutton.local_tor_check", true);
+pref("extensions.torbutton.use_nontor_proxy", false);
+
+// State prefs:
+pref("extensions.torbutton.startup", false);
+
+// This is only used when letterboxing is disabled.
+// See #7255 for details. We display the warning three times to make sure the
+// user did not click on it by accident.
+pref("extensions.torbutton.maximize_warnings_remaining", 3);
+
+// Security prefs:
+pref("extensions.torbutton.resize_new_windows", false);
+pref("extensions.torbutton.launch_warning", true);
+
+// Browser home page:
+pref("browser.startup.homepage", "about:tor");
+
+// This pref specifies an ad-hoc "version" for various pref update hacks we need to do
+pref("extensions.torbutton.pref_fixup_version", 0);
+
+// Formerly tor-launcher defaults
+// When presenting the setup wizard, first prompt for locale.
+pref("intl.locale.matchOS", true);
+pref("extensions.torlauncher.prompt_for_locale", true);
+
+pref("extensions.torlauncher.start_tor", true);
+pref("extensions.torlauncher.prompt_at_startup", true);
+pref("extensions.torlauncher.quickstart", false);
+
+pref("extensions.torlauncher.loglevel", 4);  // 1=verbose, 2=debug, 3=info, 4=note, 5=warn
+pref("extensions.torlauncher.logmethod", 1);  // 0=stdout, 1=errorconsole, 2=debuglog
+pref("extensions.torlauncher.max_tor_log_entries", 1000);
+
+// By default, Tor Launcher configures a TCP listener for the Tor
+// control port, as defined by control_host and control_port.
+// Set control_port_use_ipc to true to use an IPC object (e.g., a Unix
+// domain socket) instead. You may also modify control_ipc_path to
+// override the default IPC object location. If a relative path is used,
+// it is handled like torrc_path (see below).
+pref("extensions.torlauncher.control_host", "127.0.0.1");
+pref("extensions.torlauncher.control_port", 9151);
+pref("extensions.torlauncher.control_port_use_ipc", false);
+pref("extensions.torlauncher.control_ipc_path", "");
+
+// By default, Tor Launcher configures a TCP listener for the Tor
+// SOCKS port. The host is taken from the network.proxy.socks pref and
+// the port is taken from the network.proxy.socks_port pref.
+// Set socks_port_use_ipc to true to use an IPC object (e.g., a Unix
+// domain socket) instead. You may also modify socks_ipc_path to
+// override the default IPC object location. If a relative path is used,
+// it is handled like torrc_path (see below).
+// Modify socks_port_flags to use a different set of SocksPort flags (but be
+// careful).
+pref("extensions.torlauncher.socks_port_use_ipc", false);
+pref("extensions.torlauncher.socks_ipc_path", "");
+pref("extensions.torlauncher.socks_port_flags", "ExtendedErrors IPv6Traffic PreferIPv6 KeepAliveIsolateSOCKSAuth");
+
+// The tor_path is relative to the application directory. On Linux and
+// Windows this is the Browser/ directory that contains the firefox
+// executables, and on Mac OS it is the TorBrowser.app directory.
+pref("extensions.torlauncher.tor_path", "");
+
+// The torrc_path and tordatadir_path are relative to the data directory,
+// which is TorBrowser-Data/ if it exists as a sibling of the application
+// directory. If TorBrowser-Data/ does not exist, these paths are relative
+// to the TorBrowser/ directory within the application directory.
+pref("extensions.torlauncher.torrc_path", "");
+pref("extensions.torlauncher.tordatadir_path", "");
+
+// BridgeDB-related preferences (used for Moat).
+pref("extensions.torlauncher.bridgedb_front", "cdn.sstatic.net");
+pref("extensions.torlauncher.bridgedb_reflector", "https://moat.torproject.org.global.prod.fastly.net/");
+pref("extensions.torlauncher.moat_service", "https://bridges.torproject.org/moat");
+pref("extensions.torlauncher.bridgedb_bridge_type", "obfs4");
+
+// Recommended default bridge type (can be set per localized bundle).
+// pref("extensions.torlauncher.default_bridge_recommended_type", "obfs3");
+
+// Default bridges.
+// pref("extensions.torlauncher.default_bridge.TYPE.1", "TYPE x.x.x.x:yy");
+// pref("extensions.torlauncher.default_bridge.TYPE.2", "TYPE x.x.x.x:yy");

browser/app/profile/001-base-profile.js

@@ -455,6 +455,12 @@ pref("browser.urlbar.suggest.topsites", false);
 // is only reported via telemetry (which is disabled). See tor-browser#40048.
 pref("corroborator.enabled", false);
 
+// Onboarding.
+pref("browser.onboarding.tourset-version", 5);
+pref("browser.onboarding.newtour", "welcome,privacy,tor-network-9.0,circuit-display,security,expect-differences,onion-services,learn-more");
+pref("browser.onboarding.updatetour", "learn-more");
+pref("browser.onboarding.skip-tour-button.hide", true);
+
 // prefs to disable jump-list entries in the taskbar on Windows (see bug #12885)
 #ifdef XP_WIN
 // this pref changes the app's set AUMID to be dependent on the profile path, rather than

browser/app/profile/firefox.js

@@ -140,14 +140,8 @@ pref("app.update.elevation.promptMaxAttempts", 2);
 pref("app.update.notifyDuringDownload", false);
 
 // If set to true, the Update Service will automatically download updates if the
-// user can apply updates. This pref is no longer used on Windows, except as the
-// default value to migrate to the new location that this data is now stored
-// (which is in a file in the update directory). Because of this, this pref
-// should no longer be used directly. Instead, getAppUpdateAutoEnabled and
-// getAppUpdateAutoEnabled from UpdateUtils.jsm should be used.
-#ifndef XP_WIN
-  pref("app.update.auto", true);
-#endif
+// user can apply updates.
+pref("app.update.auto", true);
 
 // If set to true, the Update Service will apply updates in the background
 // when it finishes downloading them.
@@ -2156,6 +2150,22 @@ pref("browser.sessionstore.restore_tabs_lazily", true);
 
 pref("browser.suppress_first_window_animation", true);
 
+// Preferences for Photon onboarding system extension
+pref("browser.onboarding.enabled", true);
+// Mark this as an upgraded profile so we don't offer the initial new user onboarding tour.
+pref("browser.onboarding.tourset-version", 2);
+pref("browser.onboarding.state", "default");
+// On the Activity-Stream page, the snippet's position overlaps with our notification.
+// So use `browser.onboarding.notification.finished` to let the AS page know
+// if our notification is finished and safe to show their snippet.
+pref("browser.onboarding.notification.finished", false);
+pref("browser.onboarding.notification.mute-duration-on-first-session-ms", 300000); // 5 mins
+pref("browser.onboarding.notification.max-life-time-per-tour-ms", 432000000); // 5 days
+pref("browser.onboarding.notification.max-life-time-all-tours-ms", 1209600000); // 14 days
+pref("browser.onboarding.notification.max-prompt-count-per-tour", 8);
+pref("browser.onboarding.newtour", "performance,private,screenshots,addons,customize,default");
+pref("browser.onboarding.updatetour", "performance,library,screenshots,singlesearch,customize,sync");
+
 // Preference that allows individual users to disable Screenshots.
 pref("extensions.screenshots.disabled", false);
 

browser/base/content/aboutDialog-appUpdater.js

@@ -174,7 +174,7 @@ appUpdater.prototype = {
       if (aChildID == "downloadAndInstall") {
         let updateVersion = gAppUpdater.update.displayVersion;
         // Include the build ID if this is an "a#" (nightly or aurora) build
-        if (/a\d+$/.test(updateVersion)) {
+        if (!AppConstants.TOR_BROWSER_UPDATE && /a\d+$/.test(updateVersion)) {
           let buildID = gAppUpdater.update.buildID;
           let year = buildID.slice(0, 4);
           let month = buildID.slice(4, 6);

browser/base/content/aboutDialog.js

@@ -54,15 +54,15 @@ async function init(aEvent) {
     bits: Services.appinfo.is64Bit ? 64 : 32,
   };
 
+  // Adjust version text to show the Tor Browser version
+  versionAttributes.version =
+    AppConstants.TOR_BROWSER_VERSION +
+    " (based on Mozilla Firefox " +
+    AppConstants.MOZ_APP_VERSION_DISPLAY +
+    ")";
+
   let version = Services.appinfo.version;
   if (/a\d+$/.test(version)) {
-    versionId = "aboutDialog-version-nightly";
-    let buildID = Services.appinfo.appBuildID;
-    let year = buildID.slice(0, 4);
-    let month = buildID.slice(4, 6);
-    let day = buildID.slice(6, 8);
-    versionAttributes.isodate = `${year}-${month}-${day}`;
-
     document.getElementById("experimental").hidden = false;
     document.getElementById("communityDesc").hidden = true;
   }

browser/base/content/aboutDialog.xhtml

@@ -7,6 +7,12 @@
 <?xml-stylesheet href="chrome://global/skin/global.css" type="text/css"?>
 <?xml-stylesheet href="chrome://browser/content/aboutDialog.css" type="text/css"?>
 <?xml-stylesheet href="chrome://branding/content/aboutDialog.css" type="text/css"?>
+<?xml-stylesheet href="chrome://torbutton/skin/aboutDialog.css" type="text/css"?>
+
+<!-- We need to include the localization DTDs until we migrate to Fluent -->
+<!DOCTYPE window [
+#include browser-doctype.inc
+]>
 
 <window xmlns:html="http://www.w3.org/1999/xhtml"
         xmlns="http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul"
@@ -22,7 +28,7 @@
         data-l10n-id="aboutDialog-title"
 #endif
         role="dialog"
-        aria-describedby="version distribution distributionId communityDesc contributeDesc trademark"
+        aria-describedby="version distribution distributionId projectDesc helpDesc trademark trademarkTor"
         >
 #ifdef XP_MACOSX
 #include macWindow.inc.xhtml
@@ -140,24 +146,36 @@
               <label is="text-link" useoriginprincipal="true" href="about:credits" data-l10n-name="community-exp-creditsLink"/>
             </description>
           </vbox>
-          <description class="text-blurb" id="communityDesc" data-l10n-id="community-2">
-            <label is="text-link" href="https://www.mozilla.org/?utm_source=firefox-browser&#38;utm_medium=firefox-desktop&#38;utm_campaign=about-dialog" data-l10n-name="community-mozillaLink"/>
-            <label is="text-link" useoriginprincipal="true" href="about:credits" data-l10n-name="community-creditsLink"/>
+          <!-- Keep communityDesc and contributeDesc to avoid JS errors trying to hide them -->
+          <description class="text-blurb" id="communityDesc" data-l10n-id="community-2" hidden="true"></description>
+          <description class="text-blurb" id="contributeDesc" data-l10n-id="helpus" hidden="true"></description>
+          <description class="text-blurb" id="projectDesc">
+            &project.start;
+            <label is="text-link" href="https://www.torproject.org/">
+              &project.tpoLink;
+            </label>&project.end;
           </description>
-          <description class="text-blurb" id="contributeDesc" data-l10n-id="helpus">
-            <label is="text-link" href="https://donate.mozilla.org/?utm_source=firefox&#38;utm_medium=referral&#38;utm_campaign=firefox_about&#38;utm_content=firefox_about" data-l10n-name="helpus-donateLink"/>
-            <label is="text-link" href="https://www.mozilla.org/contribute/?utm_source=firefox-browser&#38;utm_medium=firefox-desktop&#38;utm_campaign=about-dialog" data-l10n-name="helpus-getInvolvedLink"/>
+          <description class="text-blurb" id="helpDesc">
+            &help.start;
+            <label is="text-link" href="https://donate.torproject.org/">
+              &help.donateLink;
+            </label>
+            &help.or;
+            <label is="text-link" href="https://community.torproject.org/">
+              &help.getInvolvedLink;
+            </label>&help.end;
           </description>
         </vbox>
       </vbox>
     </hbox>
     <vbox id="bottomBox">
-      <hbox pack="center">
-        <label is="text-link" class="bottom-link" useoriginprincipal="true" href="about:license" data-l10n-id="bottomLinks-license"/>
-        <label is="text-link" class="bottom-link" useoriginprincipal="true" href="about:rights" data-l10n-id="bottomLinks-rights"/>
-        <label is="text-link" class="bottom-link" href="https://www.mozilla.org/privacy/?utm_source=firefox-browser&#38;utm_medium=firefox-desktop&#38;utm_campaign=about-dialog" data-l10n-id="bottomLinks-privacy"/>
+      <hbox id="newBottom" pack="center" position="1">
+        <label is="text-link" class="bottom-link" href="https://support.torproject.org/">&bottomLinks.questions;</label>
+        <label is="text-link" class="bottom-link" href="https://community.torproject.org/relay/">&bottomLinks.grow;</label>
+        <label is="text-link" class="bottom-link" useoriginprincipal="true" href="about:license">&bottomLinks.license;</label>
       </hbox>
       <description id="trademark" data-l10n-id="trademarkInfo"></description>
+      <description id="trademarkTor">&tor.TrademarkStatement;</description>
     </vbox>
   </vbox>
 

browser/base/content/abouttbupdate/aboutTBUpdate.css

+/*
+ * Copyright (c) 2019, The Tor Project, Inc.
+ * See LICENSE for licensing information.
+ *
+ * vim: set sw=2 sts=2 ts=8 et syntax=css:
+ */
+
+:root {
+  --abouttor-text-color: white;
+  --abouttor-bg-toron-color: #420C5D;
+}
+
+body {
+  font-family: Helvetica, Arial, sans-serif;
+  color: var(--abouttor-text-color);
+  background-color: var(--abouttor-bg-toron-color);
+  margin-block: 40px;
+  margin-inline: 50px;
+  display: grid;
+  grid-template-columns: auto auto;
+  align-items: baseline;
+  gap: 40px 50px;
+}
+
+body > *:not([hidden]) {
+  display: contents;
+}
+
+.label-column {
+  grid-column: 1;
+}
+
+.content {
+  grid-column: 2;
+  font-family: monospace;
+  line-height: 1.4;
+}
+
+.label-column, .content {
+  margin: 0;
+  padding: 0;
+  font-size: 1rem;
+  font-weight: normal;
+}
+
+a {
+  color: inherit;
+}
+
+.no-line-break {
+  white-space: nowrap;
+}
+
+ul {
+  padding-inline: 1em 0;
+}
+
+h3, h4 {
+  font-size: 1.1rem;
+  font-weight: bold;
+}
+
+h3.build-system-heading {
+  font-size: 1.5rem;
+  font-weight: normal;
+  margin-block-start: 3em;
+}

browser/base/content/abouttbupdate/aboutTBUpdate.js

+// Copyright (c) 2020, The Tor Project, Inc.
+// See LICENSE for licensing information.
+//
+// vim: set sw=2 sts=2 ts=8 et syntax=javascript:
+
+/* eslint-env mozilla/frame-script */
+
+/**
+ * An object representing a bullet point in the release notes.
+ *
+ * typedef {Object} ReleaseBullet
+ * @property {string} text - The text for this bullet point.
+ * @property {?Array<ReleaseBullet>} children - A sub-list of bullet points.
+ */
+
+/**
+ * Fill an element with the given list of release bullet points.
+ *
+ * @param {Element} container - The element to fill with bullet points.
+ * @param {Array<ReleaseBullet>} bulletPoints - The list of bullet points.
+ * @param {string} [childTag="h3"] - The element tag name to use for direct
+ *   children. Initially, the children are h3 sub-headings.
+ */
+function fillReleaseNotes(container, bulletPoints, childTag = "h3") {
+  for (const { text, children } of bulletPoints) {
+    const childEl = document.createElement(childTag);
+    // Keep dashes like "[tor-browser]" on the same line by nowrapping the word.
+    for (const [index, part] of text.split(/(\S+-\S+)/).entries()) {
+      if (!part) {
+        continue;
+      }
+      const span = document.createElement("span");
+      span.textContent = part;
+      span.classList.toggle("no-line-break", index % 2);
+      childEl.appendChild(span);
+    }
+    container.appendChild(childEl);
+    if (children) {
+      if (childTag == "h3" && text.toLowerCase() === "build system") {
+        // Special case: treat the "Build System" heading's children as
+        // sub-headings.
+        childEl.classList.add("build-system-heading");
+        fillReleaseNotes(container, children, "h4");
+      } else {
+        const listEl = document.createElement("ul");
+        fillReleaseNotes(listEl, children, "li");
+        if (childTag == "li") {
+          // Insert within the "li" element.
+          childEl.appendChild(listEl);
+        } else {
+          container.appendChild(listEl);
+        }
+      }
+    }
+  }
+}
+
+/**
+ * Set the content for the specified container, or hide it if we have no
+ * content.
+ *
+ * @template C
+ * @param {string} containerId - The id for the container.
+ * @param {?C} content - The content for this container, or a falsey value if
+ *   the container has no content.
+ * @param {function(contentEl: Elemenet, content: C)} [fillContent] - A function
+ *   to fill the ".content" contentEl with the given 'content'. If unspecified,
+ *   the 'content' will become the contentEl's textContent.
+ */
+function setContent(containerId, content, fillContent) {
+  const container = document.getElementById(containerId);
+  if (!content) {
+    container.hidden = true;
+    return;
+  }
+  const contentEl = container.querySelector(".content");
+  // Release notes are only in English.
+  contentEl.setAttribute("lang", "en-US");
+  contentEl.setAttribute("dir", "ltr");
+  if (fillContent) {
+    fillContent(contentEl, content);
+  } else {
+    contentEl.textContent = content;
+  }
+}
+
+/**
+ * Callback when we receive the update details.
+ *
+ * @param {Object} aData - The update details.
+ * @param {?string} aData.version - The update version.
+ * @param {?string} aData.releaseDate - The release date.
+ * @param {?string} aData.moreInfoURL - A URL for more info.
+ * @param {?Array<ReleaseBullet>} aData.releaseNotes - Release notes as bullet
+ *   points.
+ */
+function onUpdate(aData) {
+  setContent("version-row", aData.version);
+  setContent("releasedate-row", aData.releaseDate);
+  setContent("releasenotes", aData.releaseNotes, fillReleaseNotes);
+
+  if (aData.moreInfoURL) {
+    document.getElementById("infolink").setAttribute("href", aData.moreInfoURL);
+  } else {
+    document.getElementById("fullinfo").hidden = true;
+  }
+}
+
+RPMSendQuery("FetchUpdateData").then(onUpdate);