Rebase Base Browser to 115 nightly

For ESR 115, we want to gain a couple of months by starting to rebase once 115 hits nightly.

It will involve a few more rebases, but I expect the most of the problematic changes to be from 102 to 114, rather than being on 115 nightly-115 stable.

Also, this will give us a time window on which we are on par with Mozilla, and we can use it to get a few changes upstream.

Last year we saw that the most problematic changes were in the Tor Browser part of the patch set, and we think that splitting the rebase in Base Browser and Tor Browser makes sense and will help the review process. The issue for the Tor Browser part of the process will follow.

added Doing FF115-esr labels

assigned to @pierov

• Revert "Bug 1724777, optimize suppressed MicroTask handling, r=mccr8 a=RyanVM"
  • It seems not to be needed anymore. I've checked on m-c builds, and closed the upstream Bug.
  • When we get our builds, we should double check.
• Bug 41483: Remove the firefox override for appstrings.properties
  • Upstream deleted mobile/locales/jar.mn, delete it on our side, too
  • A few conflicts in other jar.mn, maybe because the override on netError.dtd was removed
  • In general, we should double check stuff is working as expected
• Bug 41116: Normalize system fonts.
  • Upstream asked for changes, we will need to update this patch. I will create a fixup! when we're done, for ease of review
• WebRTC patches, Part 2
  • conflicts in third_party/libwebrtc/modules/desktop_capture/desktop_capture_types.h: something around the pid_t stuff, easily fixable
  • conflicts in third_party/libwebrtc/rtc_base/socket.h: there's a new undef (ENETUNREACH), just added our undef block after the new one
  • third_party/libwebrtc/rtc_base/synchronization/rw_lock_win.h was removed upstream, remove it also from our patch
• WebRTC patches, Part 6
  • conflict in dom/media/systemservices/video_engine/desktop_device_info.cc: our change is very easy, so ignore everything else, and just change to pid_t in DesktopDisplayDevice::setPid
• Base Browser's .mozconfigs.
• security/moz.build: a new variable around our change triggered a conflict, but seemed pretty easy to solve, to me
• Tweaks to the build system
  • mobile/android/gradle/with_gecko_binaries.gradle: the file changed a lot! The logic behind the change was that we disable the compile enviroment, to avoid doing an additional build for nothing. However, at a certain point, Mozilla decided that if you don't have the compile environment and you're not in artifacts build mode, you don't have artifacts at all. This was the quick&dirty fix that we never properly solved. The file completely changed, but I guess that we still need to force the build system to think we have our artifacts.
• Bug 41108: Remove privileged macOS installation from 102
  • triedElevatedInstall and the telemetry have gone, so small conflict
• Bug 24796: Comment out excess permissions from GeckoView
  • mobile/android/geckoview/src/main/AndroidManifest.xml: a new permission (HIGH_SAMPLING_RATE_SENSORS) triggers a conflict
• Bug 21431: Clean-up system extensions shipped in Firefox
  • browser/components/BrowserGlue.sys.mjs: a couple of lazy. triggers a conflict, but easily solvable
  • browser/extensions/moz.build: doh-rollout isn't in the list anymore (and in any case, we accept our version, with empty DIRS.
  • browser/locales/jar.mn: small conflicts due to netError.dtd not being an override anymore
• Bug 41457: Remove Mozilla permissions
  • browser/app/permissions: about:welcome got the permission to automatically play media, I've removed it for now, but we can add it back if we'll ever need it
• Bug 40002: Remove about:ion
  • browser/components/moz.build: new about pages, we will have to check them
  • services/sync/components.conf: conflicts because of jsm extension change (easily solable)
• Bug 26353: Prevent speculative connect that violated FPI.
  • toolkit/components/remotebrowserutils/RemoteWebNavigation.sys.mjs: speculative connection is now its own function! So, I've changed to patch to return immediately, instead of adding the comments back.
  • Opened #41762 to review the patch
• Bug 31740: Remove some unnecessary RemoteSettings instances
  • browser/components/search/SearchSERPTelemetry.sys.mjs: easy to solve, but we should review it
  • docshell/base/nsAboutRedirector.cpp: conflicts because of the new about:translations page, easy to solve
  • netwerk/url-classifier/components.conf: crashes because of changes from jsm to esModule/.sys.mjs extension, easy to solve
  • services/settings/dumps/blocklists/moz.build:
    • Moz is testing addons-bloomfilters.json on Android, too. Our patch already took it by default, why?
    • In general, I've dropped our changes, because if Moz doesn't use addons-bloomfilters.json, we should not use it either, and plugins.json should be completely useless on Android, as I don't think GV ever supported plugins on Android
    • More information: !26 (comment 2705686) (might be very hackish, we'll need to get back on that)
  • services/settings/dumps/main/moz.build: new dumps! I think we'll need to review them more carefully
  • services/settings/remote-settings.sys.mjs: conflicts because of the new lazy thing, but easy to solve them
  • toolkit/components/antitracking/components.conf: usual esmodule conflicts
  • toolkit/components/search/SearchService.sys.mjs: lots of changes, the conflict is due to this file switching to private members/methods
  • toolkit/modules/IgnoreLists.sys.mjs: to re-lint and review, not sure the old changes are still correct
• Bug 41635: Disable the Normandy component
  • browser/components/BrowserGlue.sys.mjs: conflicts for the lazy stuff.
  • Maybe we can use the question mark, thanks to the lazy thing!! But I haven't checked yet, just tried to get back our old patch.
• Bug 28369: Stop shipping pingsender executable
  • browser/installer/package-manifest.in: conflicts because of the new Notification COM Server, seems easy to solve
  • toolkit/components/telemetry/app/TelemetrySend.sys.mjs: usual conflicts that happen when you delete a lot of code. I've tried not to delete the code and just throw immediately. I guess it will trigger the linter, we should review this (maybe we can just silence the linter, for this)
  • toolkit/components/telemetry/moz.build: easy to solve, it is a new if just below the lines we delete
• Bug 41565: Gate Telemetry Tasks behind MOZ_TELEMETRY_REPORTING
  • Dropped, see #41752 (closed).
• Bug 41568: Disable LaterRun
  • browser/components/BrowserContentHandler.sys.mjs: LateRun has lazy now
• Bug 40788: Prevent nsIURLQueryStrippingListService from calling home when it is not enabled.
  • Drop: the initialization has been completely reworked upstream after my Bug
• Firefox preference overrides.
  • mobile/android/app/geckoview-prefs.js: we append at the end of the file, but the end of upstream has changed, hence the easy to solve conflict

I've arrived to "Bug 41659: Add canonical color definitions to base-browser", I will start from here tomorrow.

added Next label and removed Doing label

added Doing label and removed Next label

• Bug 30605: Honor privacy.spoof_english in Android
  • mobile/android/components/geckoview/GeckoViewStartup.jsm: conflicts because of the new way of importing things; also, had to change a little bit the patch to use the lazy mechanism.
• Bug 40199: Avoid using system locale for intl.accept_languages in GeckoView
  • mobile/android/geckoview/src/main/java/org/mozilla/geckoview/GeckoRuntimeSettings.java: the code has changed, but we were already replacing it, so I've restored our patch
• Bug 40171: Make WebRequest and GeckoWebExecutor First-Party aware
  • mobile/android/geckoview/src/main/java/org/mozilla/geckoview/WebRequest.java: easy conflict due to a change on a comment, easy to solve. However, I preferred moving the attribute we add after all Moz's attribute (we already did like this in some parts, but we weren't very coherent in this patch)
• Bug 9173: Change the default Firefox profile directory to be relative
  • toolkit/xre/nsXREDirProvider.h: some refactors, for which a few methods have become private instead of protected. So, small conflict easily solvable.
• Bug 23104: Add a default line height compensation
  • layout/generic/ReflowInput.cpp: dropped the test for chrome documents, just rely on ShouldResistFingerprint.
  • layout/generic/test/mochitest.ini: small conflict because we append to the file
• Base Browser strings
  • browser/base/content/browser.xhtml: small conflict because of new Firefox translations, easy to solve
• Bug 32308: use direct browser sizing for letterboxing.
  • browser/actors/RFPHelperChild.sys.mjs, browser/actors/RFPHelperParent.sys.mjs: the commit deletes them. They have been updated upstream for esmodules, but they don't have new functionalities, so I'm deleting them
  • browser/actors/moz.build: remove the files from the previous bullet point
  • toolkit/components/resistfingerprinting/RFPHelper.jsm: not sure where the conflict was, but lots of changes!! We will need to check this very carefully.
  • toolkit/modules/FinderParent.jsm: probably the conflicts were in the lazy object. I think the code in this file in 115 takes for granted that RFPHelper is available, whereas the code in 102 had some additional ifs. It might be something to check.
• Bug 41369: Improve Firefox language settings for multi-lingual packages
  • browser/base/jar.mn: small conflict because the override of netError.dtd has been removed
• Bug 41371: Temporary hack to fix language selector popup position
  • Dropped, as it was a temporary workaround needed only up to 107 (according to the comment in the JS changes in the commit)
• Bug 31575: Disable Firefox Home (Activity Stream)
  • browser/base/content/browser.js: I think the conflict was on the extensions of esModules
  • browser/components/BrowserGlue.sys.mjs:
    • Some conflicts because of esModules/lazy object
    • requestCache: it returns a Promise, why don't we return a Promise.reject, there?
  • browser/components/about/AboutRedirector.cpp
    • Probably conflict with new about pages
    • about:newtab now redirects to chrome://browser/content/blanktab.html instead of about:blank! We should double check that
  • browser/components/about/components.conf: new about pages
  • browser/components/moz.build: new about pages
  • browser/components/preferences/home.inc.xhtml: not sure why it conflicted...
• Bug 41542: Disable the creation of a default profile
  • Cherry-picked, but I sent a better patch upstream
• Bug 4234: Use the Firefox Update Process for Base Browser.
• browser/components/BrowserContentHandler.sys.mjs: should we use old_version in lazy.UpdatePing.handleUpdateSuccess? Or are they the update ping we disable?
• build/moz.configure/init.configure: we need to check how to properly handle the new as_milestone flag
• build/moz.configure/update-programs.configure: usual conflicts we get when we append at the end of the file
• toolkit/mozapps/update/UpdateService.sys.mjs:
  • at a certain point we add an if and indent a lot of code, so, I changed this part of code to avoid changing indentation
  • gUpdateBundle is still available, but is in the lazy object
  • "canceling download" has become "skipping download", keeping the upstream
  • linting fails because one of the functions is too complex now
• toolkit/mozapps/update/updater/updater.cpp: when calling gArchiveReader.VerifyProductInformation, we have changed indentation, but it seems that Firefox had a double if (rv == OK), and decided to remove one, so should be an okay change
• toolkit/xre/MacLaunchHelper.h: added InstallPrivilegedHelper, which is the function we already disabled, and AbortElevatedUpdate, which I've disabled because we can't even start elevated updates
• toolkit/xre/MacLaunchHelper.mm: BOOL -> bool
• toolkit/xre/nsXREDirProvider.cpp: copied updRoot.forget(aResult); return NS_OK; in our code, since it is in #ifdef XP_WIN in Firefox code. So, took the occasion to unindent the preprocessor instructions
• tools/update-packaging/make_incremental_update.sh:
  • dropping our changes for requested_forced_updates! It seems Firefox dropped them, too
  • not setting directories_to_remove and extra_files_to_remove anymore. They are consumed in the Tor Browser part of the updater patches, but at the moment they are always empty, so basically a no-op? Is there any reason to keep support them? (and in case, the assignment to the Tor Browser updater commit).
• Bug 41698: Reword the recommendation badges in about:addons
  • toolkit/mozapps/extensions/content/aboutaddons.html: utmcontent is now utm-content, hence the conflict (easy to solve)
• Bug 41598: Prevent NoScript from being removed/disabled.
  • toolkit/components/extensions/Extension.jsm: permissions are now setup in their own _setupStartupPermissions method (and ExtensionPermissions is accessed through lazy)
• Bug 40925: Implemented the Security Level component
  • browser/base/content/browser.js: conflict on the definition of gEditItemOverlay, which is after SecurityLevelButton, I think
  • browser/themes/shared/customizableui/panelUI-shared.css: the list of selectors in the part of the code we modify has changed, but I think it should be fine
• Bug 40926: Implemented the New Identity feature
  • browser/base/content/browser.js: probably for the same reasons as security level
  • browser/themes/shared/jar.inc.mn: new block of resources for weather, so one of the usual conflicts you get for appending at the end
• Bug 41736: Customize toolbar for base-browser.
  • browser/components/extensions/parent/ext-browserAction.js

I needed to change our mozconfigs, because --{enable,disable}-verify-mar isn't an option anymore.

Signature verification is always enabled, you need to explicitly disable with --enable-unverified-updates (check build/moz.configure/update-programs.configure).

I chose not to enable it on Android because it depends on the compile environment, and in any case, we don't use mars on Android, and it seems a bad default, should anyone ever do it.

Range-diff command:

git range-diff 1f1cc2f2390cf6fda052f4531c73213b632edc0b..base-browser-102.11.0esr-12.5-1-build1 tor-browser-115.0a1-13.0-1..

Build error: ResistFingerprinting does not exist anymore. We use it in dom/canvas/ClientWebGLContext.cpp (Bug 30541: Disable WebGL readPixel() for web content)

There's a ShouldResistFingerprinting overload that takes a CallerType and a nsIGlobalObject (and optionally a RFPTarget, see toolkit/components/resistfingerprinting/RFPTargets.inc).

Similar calls use GetParentObject() as a second argument, it seems to fix the build error, but I don't have a clue whether this is correct.

Apart from this, no other build errors!

As for runtime errors:

Uncaught Error: Failed to load resource:///modules/firefox-view-notification-manager.sys.mjs
    init chrome://browser/content/browser.js:9814
    onDOMContentLoaded chrome://browser/content/browser.js:1633

which is sorta expected, I guess?

I disabled the about:firefoxview page, but we might customize instead of just removing it. (And in any case, I've removed only the page from AboutRedirector.cpp!).

Also, trying to click on firefoxview triggers this error in the console:

Uncaught TypeError: CustomizableUI.getPlacementOfWidget(...) is null
    openTab chrome://browser/content/browser.js:9856
    oncommand chrome://browser/content/browser.xhtml:1

The error that seems more problematic is:

Uncaught TypeError: window.gNavToolbox.palette is undefined
    init chrome://browser/content/newidentity.js:488
    onLoad chrome://browser/content/browser.js:1713

Runtime errors got solved by re-enabling firefoxview.

I will re-enable it, and create an issue to decide about that page.

Build error: ResistFingerprinting does not exist anymore. We use it in dom/canvas/ClientWebGLContext.cpp (Bug 30541: Disable WebGL readPixel() for web content)

There's a ShouldResistFingerprinting overload that takes a CallerType and a nsIGlobalObject (and optionally a RFPTarget, see toolkit/components/resistfingerprinting/RFPTargets.inc).

Similar calls use GetParentObject() as a second argument, it seems to fix the build error, but I don't have a clue whether this is correct.

Tested at https://registry.khronos.org/webgl/sdk/tests/conformance/reading/read-pixels-test.html.

With Firefox I get a long text about the successful tests, with Base Browser I get only one pass, and then I get an error in the console (inlcuding «readPixels: Not allowed in Resist Fingerprinting Mode»).

This is something for which we could probably implement a test of our own easily.

Just updated gecko-dev/master and got another conflict on Firefox preference overrides. (easy to solve, too).

However, in that commit, we add the pref file for TBA, so we should not do this change there, but move it elsewhere.

Interesting: https://bugzilla.mozilla.org/show_bug.cgi?id=1780557

So, we are asking for high sampling rate to Android, which is a smell imho... Hopefully RFP+other prefs protect users from this. (@thorin)

https://developer.mozilla.org/en-US/docs/Web/API/Sensor_APIs

here's a list of not supported on all platforms (i.e I checked the android column as well)

• AbsoluteOrientationSensor
• Accelerometer
• AmbientLightSensor
• GravitySensor
• Gyroscope
• LinearAccelerationSensor
• Magnetometer
• OrientationSensor
• RelativeOrientationSensor
• Sensor
• SensorErrorEvent

Here's a list of what is supported (anywhere) ... yeah, I got nothing.

I'm a little confused. I am not aware of any RFP protections for sensor etc, since we no longer support them. I no longer know what to make of 1562290 limit gyroscope for example.

IIUIC 1780557 doesn't affect web content? @tom

https://developer.mozilla.org/en-US/docs/Web/API/DeviceMotionEvent is supported - I have not looked into this, maybe we should

about:config, sensor, default values on both nightly desktop (115) and nightly FF (114)

• device.sensors.ambientLight.enabled- false
• device.sensors.enabled - true
• device.sensors.motion.enabled - true
• device.sensors.orientation.enabled - true
• device.sensors.proximity.enabled - false
• device.sensors.test.events - false

Cool, thanks!

https://developer.mozilla.org/en-US/docs/Web/API/DeviceMotionEvent is supported - I have not looked into this, maybe we should

links

• https://github.com/intel/generic-sensor-demos
• https://intel.github.io/generic-sensor-demos/orientation-phone/

Is this worthy of a ticket, @pierov ? I personally don't see orientation as an issue (it's revealed by inner window), but motion (I assume) is producing state that if static could help linkify - e.g. a phone propped up against a stand

I think we need a new thread model ASAP, to help us evaluating changes like this one.

I'm not too worried, for this particular API, and I'm not sure who its consumers are to tell: "just disable it". I can see games, or some apps like spirit level (does the latter really need to run on Tor Browser?).

iOS has a requestPermission method that we could use, too. We could open an issue to evaluate adding this functionality, and then uplift it.

Relevant Bugs:

• https://bugzilla.mozilla.org/show_bug.cgi?id=1536382
• https://bugzilla.mozilla.org/show_bug.cgi?id=1515780

On the other hand, do we have a rule to try to unbind our browser from the reality to reduce fingerprinting?

Maybe an issue is a good idea after all, at least for documentation purposes.

I've decided to remove Bug 41417: Always prompt users to restart after changing language and its fixup, since it was its revert, in favor or a more cleaned branch from the beginning.

#41417 (closed) so I can click and hover-over hyperlinks

mentioned in merge request pierov/tor-browser!1 (merged)

marked this issue as related to #41752 (closed)

mentioned in merge request !641 (merged)

marked this issue as related to #41771 (closed)

https://bugzilla.mozilla.org/show_bug.cgi?id=1448046 - components shim is default false in FF115 - where are we tracking the prefs cleanup? [edit assuming it is not reverted or something]

Yes, #41496 (closed)!

Also, just got the first Base Browser 115 for Linux in the reproducible build system!

I've noticed Firefox now might be shipping a private_browsing.exe. We will need to investigate it.

Probably it doesn't hurt us.

Well, it does, in a certain sense: we will need private_browsing.VisualElementsManifest.xml, VisualElements/PrivateBrowsing_150.png and VisualElements/PrivateBrowsing_70.png (so, the branding directory has been reworked a little bit, as I feared).

marked this issue as related to #41796 (closed)

added Task label

added All Platforms label

marked this issue as related to tor-browser-build#40855 (closed)

Another round, with beta 3!

Most of the errors so far are new modularizations.

Apart from that, one to review is for the Security Level toolbarseparator: all toolbarseparator definitions have been replaced with a single one.

#widget-overflow-mainView > toolbarseparator,
#widget-overflow-mainView > .panel-subview-body > toolbarseparator,
.PanelUI-subView toolbarseparator,
#unified-extensions-panel toolbarseparator,
#permission-popup-mainView > toolbarseparator,
#editBookmarkPanel toolbarseparator,
#downloadsFooterButtons > toolbarseparator,
.cui-widget-panel toolbarseparator,
#securityLevel-panel toolbarseparator {
  appearance: none;
  min-height: 0;
  border-top: 1px solid var(--panel-separator-color);
  border-bottom: none;
  margin: var(--panel-separator-margin);
  padding: 0;
}

has become

.PanelUI-subView toolbarseparator.proton-zap {
  border-image: var(--panel-separator-zap-gradient, none) 1;
}

added Needs Review label and removed Doing label

marked this issue as related to tor-browser-build#40848 (closed)

mentioned in merge request !678 (merged)

removed Needs Review label

closed

marked this issue as related to tor-browser-build#40873 (closed)

marked this issue as related to tor-browser-build#40965 (closed)

marked this issue as related to tor-browser-build#40966 (closed)

removed the relation with tor-browser-build#40965 (closed)

removed the relation with tor-browser-build#40966 (closed)