ESR 128 Patch Review (Desktop)
- cc @boklm @brizental @clairehurst @dan @henry @jwilde @ma1 @pierov
- cc @bella
- cc @manuel
PieroV's ESR-128 Rebase MR: !1043 (merged)
Hi everyone o/
Below is a list of all of the (non-fixup, non-backports) patches from tor-browser-115.11.0esr-13.5-1
. I think a good goal here should be have at least 2 sets of eyes on all of our patches.
At a minimum if, you have written or significantly contributed to one of these patches, please review it! Beyond that, there are 154 patches listed here and 9 devs. Presuming we divide this up evenly among us that will come to roughly 17 additional patches on top of any ones you've individually authored. Of course the distribution will not be perfectly even, this is only a model/starting point :)
Once you've reviewed a patch and possibly commented in the MR, please add your name to the corresponding comment in this issue. You can also add comments under them for any notes or discussions. The commit's comment thread can be resolved once two people have reviewed it and there is nothing to discuss.
Thanks!
Patches to Review
-
Bug 42583: Modify moz-support-link for Tor Browser. - reviewed by: Henry
-
Bug 42583: Modify moz-support-link for Base Browser. - reviewed by: Henry
-
Bug 42347: Add a notification for dropped OS version support. - reviewed by: Henry
-
Bug 42562: Normalized the Accepted Languages on Android. - reviewed by: Claire, Pier
- needs the Android patchset to be tested
-
Bug 42574: Letterboxing, exempt pdf.js. - reviewed by: ma1, Pier
-
Bug 41930: Remove the UI to customize accept_languages. - reviewed by: Pier
- #42242 (closed)
-
Temporary commit: manually place generated wasm files - reviewed by: Henry, Pier
- part of Lox, which requires some changes and it isn't shipped to users anyway
-
Bug 41822: Unconditionally disable default browser UX in about:preferences - reviewed by: Pier
- possible follow up: remove the change of
!shellSvc
toshellSvc
-
Customize moz-toggle for tor-browser. - reviewed by: Henry
- part of the patch was dropped because not trivial to port, see #42612 (closed)
-
Bug 41728: Pin bridges.torproject.org domains to Let's Encrypt's root cert public key - reviewed by: ma1
- Might drop, see tpo/tpa/team#41175 (closed)
-
Bug 41736: Customize toolbar for tor-browser. - reviewed by: Henry
-
Bug 40701: Add security warning when downloading a file - reviewed by: Henry, Dan
- #41820 (closed) #42641 (closed)
-
Bug 42110: Add TorUIUtils module for common tor component methods. - reviewed by: Henry
-
Bug 41435: Add a Tor Browser migration function - reviewed by: Pier
-
Bug 11698: Incorporate Tor Browser Manual pages into Tor Browser - reviewed by: Pier
-
Bug 40458: Implement .tor.onion aliases - reviewed by: Pier
- possible follow up: check the various flags in AboutRedirector
-
Bug 21952: Implement Onion-Location - reviewed by: Henry, Pier
- possible follow up: force v3 addresses instead of ignoring v2 (#42736)
-
Bug 30237: Add v3 onion services client authentication prompt - reviewed by: Henry
- #42680 (closed)
-
Bug 23247: Communicating security expectations for .onion - reviewed by:
- #42608 (closed) #42613 (closed)
-
Bug 41906: Hide DNS over HTTPS preferences. - reviewed by: Henry, Pier
-
Bug 40073: Disable remote Public Suffix List fetching - reviewed by: Pier
- #41022
-
Omnibox: Add DDG, Startpage, Disconnect, Youtube, Twitter; remove Amazon, eBay, bing - reviewed by: Pier
- search engine configuration has changed, we need to add new configurations, so it makes sense to decide the engines we actually want (#41835 (closed))
- icons are missing at the moment
-
Bug 32658: Create a new MAR signing key - reviewed by: Pier
-
Bug 16940: After update, load local change notes. - reviewed by: Henry, Pier
- #42738
-
Bug 19121: reinstate the update.xml hash check - reviewed by: Pier
- #42737 (closed)
-
Bug 12647: Support symlinks in the updater. - reviewed by: Pier
- #34319
-
Bug 41668: Tweaks to the Base Browser updater for Tor Browser - reviewed by: Pier
- #42681
-
Bug 12620: TorBrowser regression tests - reviewed by: Pier
-
Bug 7494: Create local home page for TBB. - reviewed by: Henry
- #42629 (closed) #42713 (closed) #42715
-
Temporary changes to about:torconnect for Android. - reviewed by: Claire, Pier
-
Bug 27476: Implement about:torconnect captive portal within Tor Browser - reviewed by: Henry
-
Bug 31286: Implementation of bridge, proxy, and firewall settings in about:preferences#connection - reviewed by: Henry
-
Bug 40807: Added QRCode.js to toolkit/modules - reviewed by: Pier
-
Bug 14631: Improve profile access error messages. - reviewed by: Pier
- #42739
-
Bug 25741: TBA: Disable GeckoNetworkManager - reviewed by: Pier (more or less)
- #41661
-
Orfox: Centralized proxy applied to AbstractCommunicator and BaseResources. - reviewed by: Pier
- this patch is bad, see #42660 (closed)
-
Bug 8324: Prevent DNS proxy bypasses caused by Drag&Drop - reviewed by: Pier
-
Bug 42247: Android helpers for the TorProvider - reviewed by: Claire, Pier
- #42628 (closed)
-
Bug 41600: Add a tor circuit display panel. - reviewed by: Henry
- #42661 (closed)
-
Bug 3455: Add DomainIsolator, for isolating circuit by domain. - reviewed by: Pier
-
Bug 40597: Implement TorSettings module - reviewed by: Henry, Pier
- !1039 (merged)
-
Lox integration - reviewed by: Henry
-
Bug 40933: Add tor-launcher functionality - reviewed by: Pier
-
Bug 13252: Customize profile management on macOS - reviewed by: Pier
-
Bug 40562: Added Tor Browser preferences to 000-tor-browser.js - reviewed by: Pier (no pref, only the rest)
- Pref review issue: #42356
- We could do some additional checks on the addition for
000-tor-browser-android.js
inJS_PREFERENCE_PP_FILES
-
Bug 41340: Enable TOR_BROWSER_NIGHTLY_BUILD features for dev and nightly builds - reviewed by: Pier
-
TB3: Tor Browser's official .mozconfigs. - reviewed by: Pier
-
Bug 40209: Implement Basic Crypto Safety - reviewed by: Henry (the UI part) Pier
- Broken: #42701 #42702 (closed)
-
Add purple tor version of the loading APNG. - reviewed by: Henry
-
Bug 41917: Tor brand-specific styles. - reviewed by:
-
Bug 2176: Rebrand Firefox to TorBrowser - reviewed by: Henry (esp UI part)
-
Bug 42305: Add script to combine translation files across versions. - reviewed by: Henry
-
Tor Browser localization migration scripts. - reviewed by:
- might have some problem we need to follow up with
-
Tor Browser strings - reviewed by: Henry
-
Add TorStrings module for localization - reviewed by: Henry
-
Bug 11641: Disable remoting by default. - reviewed by: Pier
-
Bug 41803: Add some developer tools for working on tor-browser. - reviewed by: Henry
-
Bug 41089: Add tor-browser build scripts + Makefile to tor-browser -
Add CI for Tor Browser - reviewed by: Henry
- It's going to be changed with Bea's new CI commits
-
Bug 41649: Create rebase and security backport gitlab issue templates - reviewed by: Pier
- needs updates about the Android stuff
-
Bug 42308: Create README for tor-browser. - reviewed by: Henry, Pier
-
Bug 42027: Base Browser migration procedures. - reviewed by: Pier
-
Bug 41736: Customize toolbar for base-browser. - reviewed by: Henry
- #42631 #42640 (closed)
-
Bug 40926: Implemented the New Identity feature - reviewed by: Pier
-
Bug 40925: Implemented the Security Level component - reviewed by: Henry (esp UI), ma1
- #42641 (closed) #42587 (closed) #42705 (closed)
- had to drop the part that redirected DDG searches to HTML in safest
-
Bug 41834: Hide "Can't Be Removed - learn more" menu line for uninstallable add-ons - reviewed by: ma1
-
Bug 41736: Hide NoScript extension's toolbar button by default. - reviewed by: Henry
-
Bug 41598: Prevent NoScript from being removed/disabled. - reviewed by: ma1
-
Bug 40069: Add helpers for message passing with extensions - reviewed by: ma1
-
Bug 42438: Tweaks to the migration wizard. - reviewed by: Pier
-
Bug 41698: Reword the recommendation badges in about:addons - reviewed by: Henry, ma1, Pier
- #42634
-
Bug 41603: Customize the creation of MOZ_SOURCE_URL - reviewed by: Pier
-
Bug 41682: Add base-browser nightly mar signing key - reviewed by: boklm
-
Bug 42061: Create an alpha update channel. - reviewed by: boklm
-
Bug 4234: Use the Firefox Update Process for Base Browser. -
Bug 31575: Disable Firefox Home (Activity Stream) - reviewed by: Pier
- #42716 (closed)
-
Bug 42528: Don't leak system scrollbar size on windows. -
Bug 42443: Shrink window to match letterboxing size when the emtpy area is clicked. - reviewed by: ma1
-
Bug 41695: Warn on window maximization without letterboxing in RFPHelper module - reviewed by: ma1
-
Bug 41916: Letterboxing preferences UI - reviewed by: ma1
-
Bug 41918: Option to reuse last window size when letterboxing is enabled. - reviewed by: ma1
-
Bug 41631: Prevent weird initial window dimensions caused by subpixel computations - reviewed by: ma1
-
Bug 32308: Use direct browser sizing for letterboxing. - reviewed by: ma1
-
Bug 32411: Letterboxing, exempt view-source: URIs. - reviewed by: ma1
-
Bug 31064: Letterboxing, exempt browser extensions. - reviewed by: ma1
-
Bug 41434: Letterboxing, improve logging. - reviewed by: ma1
-
Bug 41434: Letterboxing, preemptively apply margins in a global CSS rule to mitigate race conditions on newly created windows and tabs. - reviewed by: ma1
-
Bug 42472: Spoof timezone in XSLT. - reviewed by: Pier
-
Bug 42428: Make RFP spoof the timezone of document.lastModified. -
reviewed by:Uplifted
-
-
Bug 42397: Change RFP-spoofed TZ to Atlantic/Reykjavik. -
reviewed by:Uplifted
-
-
Bug 42376: Pass the locale list when constructing l10n in datetimebox -
reviewed by:Uplifted
-
-
Bug 42084: Ensure English spoofing works even if preferences are set out of order. - reviewed by: Pier
- This patch conflicts with 41930 in a certain sense
-
Bug 42019: Empty browser's clipboard on browser shutdown - reviewed by: ma1, Pier
-
Bug 41881: Don't persist custom network requests on private windows -
reviewed by:Uplifted
-
-
Bug 41739: Remove "Website appearance" from about:preferences. - reviewed by: Henry, Pier
-
Bug 41740: Change the RFP value of devicePixelRatio to 2 -
reviewed by:Uplifted
-
-
Bug 18905: Hide unwanted items from help menu - reviewed by: Henry, Pier
- #42647 (closed) #42740 (closed) #42362 (closed) #42742 (closed)
-
Bug 40283: Workaround for the file upload bug - reviewed by: Pier (sorta)
- Android patch, probably needs the rest of the patchset to be tested and it's a workaround
-
Bug 41966: Allow removing locales from the locale alternatives list. -
reviewed by:Uplifted
-
-
Bug 41369: Improve Firefox language settings for multi-lingual packages - reviewed by: Henry
-
Base Browser strings - reviewed by: Henry, Richard (? they marked the thread as solved but didn't comment)
-
Bug 41659: Add canonical color definitions to base-browser - reviewed by: Henry, Richard
- #41665 (closed)
-
Bug 42288: Allow language spoofing in status messages. - reviewed by: Pier, Richard
- Bug 1900648
-
Bug 41791: Omit the source URL when copying page contents to the clipboard - reviewed by: Pier, Richard
-
Bug 33955: When copying an image only copy the image contents to the clipboard - reviewed by: Pier, Richard
- #42611 (closed)
-
Bug 40432: Prevent probing installed applications - reviewed by: Pier, Richard
-
Bug 40309: Avoid using regional OS locales - reviewed by: Pier, Richard
- needs work for en locales that aren't US
-
Bug 13028: Prevent potential proxy bypass cases. - reviewed by: Pier, Richard
- #42732 (closed)
-
Bug 27604: Fix addon issues when moving the profile directory - reviewed by: Pier, Richard
- #33965
-
Bug 9173: Change the default Firefox profile directory to be relative. - reviewed by: Pier, Richard
-
Bug 26345: Hide tracking protection UI - reviewed by: Henry, Richard
- #42679 (closed)
-
Bug 40171: Make WebRequest and GeckoWebExecutor First-Party aware - reviewed by: Pier, Richard
- #40171 still open for review
-
Bug 40199: Avoid using system locale for intl.accept_languages in GeckoView -
reviewed by:Replaced by Bug 42562: Normalized the Accepted Languages on Android.
-
-
Bug 30605: Honor privacy.spoof_english in Android - reviewed by: Pier, Richard
- Android, needs the rest of the patchset, #42731 (closed)
-
Bug 41901: Hardcode normalized FontSubstitutes. - reviewed by: Pier, Richard
-
Bug 41043: Hardcode the UI font on Linux - reviewed by: Pier, Richard
-
Firefox preference overrides. - reviewed by: Pier, Richard
- #42356 #42718 (closed)
-
Bug 42037: Disable about:firefoxview page - reviewed by: Henry, Richard
- #42718 (closed)
-
Bug 41327: Disable UrlbarProviderInterventions - reviewed by: Pier, Richard
- Had non-trivial changes during the rebase
-
Bug 40175: Add origin attributes to about:reader top-level requests -
reviewed by:Uplifted
-
-
Bug 41599: Always return an empty string as network ID - reviewed by: ma1
-
Bug 40717: Hide Windows SSO in settings - reviewed by: Pier, Richard
-
Bug 41568: Disable LaterRun - reviewed by: Henry, Richard
- #42630 (closed)
-
Bug 28369: Stop shipping pingsender executable - reviewed by: boklm, Richard
-
Bug 30541: Disable WebGL readPixel() for web content - reviewed by: Pier, Richard
-
Bug 41635: Disable the Normandy component - reviewed by: Pier, Richard
-
Bug 41092: Add a RemoteSettings JSON dump for query-stripping - reviewed by: Pier, Richard (?)
-
Bug 31740: Remove some unnecessary RemoteSettings instances - reviewed by: Pier, Richard
- #42730 (closed)
-
Bug 26353: Prevent speculative connect that violated FPI. -
Bug 40002: Remove about:ion - reviewed by: boklm, Richard
-
Bug 41457: Remove Mozilla permissions - reviewed by: boklm, Richard
-
Bug 33852: Clean up about:logins (LockWise) to avoid mentioning sync, etc. - reviewed by: Pier
- Partially broken, #42727
-
Bug 21431: Clean-up system extensions shipped in Firefox - reviewed by: Richard
- #41309 (closed)
-
Bug 16285: Exclude ClearKey system for now - reviewed by: Richard
-
Bug 40166: Disable security.certerrors.mitm.auto_enable_enterprise_roots - reviewed by: Pier, Richard
- #42646 (closed)
-
Bug 12974: Disable NTLM and Negotiate HTTP Auth - reviewed by: Richard
-
Bug 28125: Prevent non-Necko network connections - reviewed by: Pier, Richard
- #42729
-
Bug 24796: Comment out excess permissions from GeckoView - reviewed by: Pier, Richard
- Possible follow up: remove the misleading comments
-
Bug 41149: Re-enable DLL injection protection in all builds not just nightlies - reviewed by: Dan, Pier, Richard
- Possible follow up: transform it into a way to define
BLOCK_LOADLIBRARY_INJECTION
-
Bug 41108: Remove privileged macOS installation from 102 - reviewed by: Pier, Richard
- Possible follow-up: reword and/or move with the updater commit
-
Tweaks to the build system - reviewed by: Pier
-
Base Browser's .mozconfigs. - reviewed by: Pier
- #42659
- Other follow up: remove the Android
imply_option
that don't do anything
-
Adding issue and merge request templates - reviewed by: Pier, Richard
-
Bug 41854: Allow overriding download spam protection. - reviewed by: ma1
-
Bug 41459: WebRTC fails to build under mingw (Part 6) - reviewed by:
-
Bug 41459: WebRTC fails to build under mingw (Part 5) - reviewed by:
-
Bug 41459: WebRTC fails to build under mingw (Part 4) - reviewed by:
-
Bug 41459: WebRTC fails to build under mingw (Part 3) - reviewed by:
-
Bug 41459: WebRTC fails to build under mingw (Part 2)cry - reviewed by:
-
Bug 41459: WebRTC fails to build under mingw (Part 1) - reviewed by:
- known broken (but it might be any part, actually)
-
Bug 41116: Normalize system fonts. -
reviewed by:Uplifted
-
-
Bug 41483: Remove the firefox override for appstrings.properties - reviewed by: Richard
-
Bug 42194: Fix blank net error page on failed DNS resolution with active proxy. - reviewed by: Richard
-
Bug 41454: Move focus after calling openPreferences for a sub-category. - reviewed by: Henry, Richard