Bug 40730: Rebased to 102.0.1

This is until we wait to have an esr102 branch.

Base-browser commits

• Revert "Bug 1724777, optimize suppressed MicroTask handling, r=mccr8 a=RyanVM"
  • Still needed :(
• Bug 41004: Bundled fonts are not picked up on macOS
  • Recently approved, and I've asked for uplift. We'll see.
• Base Browser's .mozconfigs.
  • I haven't changed anything on them, yet
• Bug 24796 - Comment out excess permissions from GeckoView
  • Initially I wanted to take GV's commit, but I noticed that it needed to be updated
• Bug 25741 - TBA: Disable GeckoNetworkManager
  • Took GV's patch
  • We may move it after base browser, or remove Tor Browser references
• Bug 28125 - Prevent non-Necko network connections
  • Took GV's patch
  • We may move it after base browser, or remove Tor Browser references, or add the proxy bypass check (possibly uplift?)
• Bug 21431: Clean-up system extensions shipped in Firefox
  • Removed the new "search-detection" from browser/extensions/moz.build (it was only in nightly builds previously)
  • Wrapped the code that loads it in a try-catch block
  • We should check also package-manifest.in and Makefile.in
• Bug 33852: Clean up about:logins (LockWise) to avoid mentioning sync, etc.
  • Dropped the part in browser/components/aboutlogins/content/components/menu-button.css, because the classes aren't used anymore, and the button AboutLoginsGetHelp does not have a hr after it
  • The #branding-logo has already been removed for a while
  • Check also one of Android rebases I've done (99 IIRC)
• Bug 40002: Remove about:ion
  • _secureInternalPages has gone, now E10SUtils.getAboutModule(uri); is used, instead, and we will have to add nsIAboutModule::IS_SECURE_CHROME_UI also to our about pages!
  • the GV patch was already like this, but maybe it was missing the part that removed ion from siteidentity
  • removed ion also from browser/components/moz.build
• Bug 18821: Disable libmdns for Android and Desktop
  • Dropped, because also Moz doesn't inlcude libmdns anymore \o/
• Bug 26353: Prevent speculative connect that violated FPI.
  • Cherry-picked, but I think we should improve this path (I have created an issue, IIRC, I should check on the make uplift easier issue)
• Bug 31740: Remove some unnecessary RemoteSettings instances
  • security/manager/ssl/RemoteSecuritySettings.jsm: like the patch on GV: the patch prevents some constructors from running. But these constructor that are prevented from run changed, hence the conflict
  • double checked the JSONs on services/settings/dumps/main/moz.build from the GV patch
  • what was the reason to remove the check for Android? We risk that these blocklists are not honored on Android at all
• Bug 28369: Stop shipping pingsender executable
  • Cherry-picked the patch, but there's a new preference to deal with it: toolkit.telemetry.testing.suppressPingsender
• Bug 40073: Disable remote Public Suffix List fetching
  • We should find a smarter way to deal with this
• Firefox preference overrides.
  • Do something to merge any GV-only changes
    • Check mobile/android/app/geckoview-prefs.js and mobile/android/app/mobile.js
  • Still the Tor Browser name in browser/app/profile/firefox.js
    • Why do we set changes there? Can't we move them to 001-base-profile.js?
  • browser/themes/shared/menupanel.css: has some last-line nonsense, reverting it
  • taskcluster/ci/source-test/mozlint.yml: do we really need to add our profile file there?
• Bug 40125: Expose Security Level pref in GeckoView
  • Preferred the GV's patch
• Bug 40171: Make WebRequest and GeckoWebExecutor First-Party aware
  • Preferred the already up-to-date GV's patch (but it seems the same)
• Bug 26345: Hide tracking protection UI
  • browser/base/content/appmenu-viewcache.inc.xhtml: the toolbar button has gone (05f6d6a8, Bug 1719463 part 3)
• Bug 27604: Fix addon issues when moving the profile directory
  • This is different in the Bugzilla ticket; we may either check if we can integrate some of the changes, or wait for the NI to be answered
• Bug 32418: Add a configure flag to load policies only from the local policies.json
  • Took the latest revision from https://phabricator.services.mozilla.com/D146300 (also, recreated the commit, since basically I've changed all the patch 😛️)
• Bug 23104: Add a default line height compensation
  • Took GV's patch I've updated yesterday (they're the same, but GV's was already updated for the const * argument on ComputeLineHeight
• Bug 32220: Improve the letterboxing experience
  • We should continue the uplitfing process

Tor Browser commits

• Bug 2176: Rebrand Firefox to TorBrowser
  • Some localization files changed and simplified things
  • browser/themes/shared/identity-block/identity-block.inc.css: probably some leftovers on the #identity-box[pageproxystate="valid"].chromeUI #identity-icon-label part
  • browser/themes/shared/jar.inc.mn: the onion files now respect alphabetical order
  • intl/l10n/L10nRegistry.jsm: deleted, see #40612 (closed) (but it may not be necessary, after all)
  • Use prefers-color-scheme for --tor-branding-color in tor-styles.css
  • Reword, to make it more current?
• TB3: Tor Browser's official .mozconfigs.
  • should if CONFIG["TOR_BROWSER_UPDATE"]:... go to the updater commit
  • the MOZ_RAW comment was from us, I think. I've removed it to avoid git always complaining about it, but if you think we should keep it, I'll add it back
• Bug 13252: Do not store data in the app bundle
  • Small conflict on toolkit/xre/nsAppRunner.cpp because IncreaseDescriptorLimits(); is called with the fully qualified name
• Bug 40597: Implement TorSettings module
  • Some improvements still to do (the defaults, the setters on the bridge data, etc...)
  • Small conflict in browser/modules/moz.build, because ThemeVariableMap.jsm has been deleted
• Bug 10760: Integrate TorButton to TorBrowser core
  • browser/base/content/appmenu-viewcache.inc.xhtml: I think that the repeat of many items isn't necessary anymore
  • browser/base/content/browser-doctype.inc: upstream deleted, I've restored it for localization, but we should try to get rid of it too
  • docshell/base/nsAboutRedirector.cpp: added nsIAboutModule::IS_SECURE_CHROME_UI (we should double check the other flags)
• Orfox: Centralized proxy applied to AbstractCommunicator and BaseResources.
  • Took it from GV
• Bug 19273: Avoid JavaScript patching of the external app helper dialog.
  • Double check this
  • Diff with GV: !332 (comment 2824308)
  • I've removed the telemetry stuff: it needs some workarounds, and we just don't care of it!
• Bug 31286: Implementation of bridge, proxy, and firewall settings in about:preferences#connection
  • I have noticed that we might want to disable the "more from Mozilla" stuff (you can see it in Vanilla Firefox)
  • -moz-toolbar-prefers-color-scheme has become prefers-color-scheme
• Bug 27476: Implement about:torconnect captive portal within Tor Browser
  • toolkit/mozapps/update/UpdateService.jsm: should the patch be here, or part of the big updater commit?
  • remember to check browser/components/about/AboutRedirector.cpp and add nsIAboutModule::IS_SECURE_CHROME_UI
  • dom/base/Document.cpp: see if we can simplify or possibly remove our patch in ColorScheme Document::PreferredColorScheme(IgnoreRFP aIgnoreRFP) const
  • browser/components/torconnect/content/torconnect-urlbar.css:
    • it is now imported in browser/themes/shared/browser-shared.css
      • but I had to add it to jar.mn, and I've decided to add it to chrome://browser/skin. Is it okay, or should we add it to the about:torconnect page, and update the @import?
    • it doesn't specify the box dimensions, because .urlbar-page-action already takes care of them (IIUC)
  • -moz-toolbar-prefers-color-scheme has become prefers-color-scheme
• Bug 12620: TorBrowser regression tests
  • Should we drop it sooner or later? Or just try to switch everything to mochitest, but then spread the tests in the commits that implement some feature
• Bug 4234: Use the Firefox Update Process for Tor Browser.
  • toolkit/mozapps/update/UpdateService.jsm: I'm trying to get rid of all the ifdef XP_WIN. In many cases AppConstants.platform should be preferred (Moz is swiching away from preprocessed jsm)
    • Actually, I had to get rid of all macros, because it isn't preprocessed anymore by Mozilla, and they use # for something else
    • I think that instead of patching out the inclusion of resource://gre/modules/WindowsRegistry.jsm, we should modify its two methods, if we wanted to be on the safe side
    • In general, we could change all the #ifdef TORBROWSER... with AppConstants....
    • Is the check on instruction set something we really need on Tor Browser, or is it something we've been carrying but we could delete?
    • About line 3570: we had the compatVersion dance, I've moved it to updateIsAtLeastAsOldAsCurrentVersion
  • We need to finish dealing with TOR_BROWSER_DATA_OUTSIDE_APP_DIR
  • toolkit/mozapps/update/updater/updater.cpp: the block after the message about CVE-2015-0833 has been slightly moved/refactored/etc
  • Please, review carefully!
• Omnibox: Add DDG, Startpage, Disconnect, Youtube, Twitter; remove Amazon, eBay, bing
  • purged _fetchEngineSelectorEngines because after all we only return thing based on the const engines we create
• Bug 30237: Add v3 onion services client authentication prompt
  • tab-content.js has been removed (1b801a12, Bug 17082439), so moved the registration for the cancelation message to browser/components/sessionstore/SessionStore.jsm. I've also updated the function to pass an object with a receiveMessage method, rather than a callback.
• Bug 40458: Implement .tor.onion aliases
  • check if OnionAliasStore.uninit() is okay inside that array
• Bug 21952: Implement Onion-Location
  • similar considerations to about:torconnect for the urlbar CSS file
    • included in jar.mn
    • added an @import to browser/themes/shared/browser-shared.css
    • removed a few explicit heights (the pill still looks good, IMHO)
  • unified the two CSS into a single one

Other notes

• The MACH_USE_SYSTEM_PYTHON is not supported anymore, we can use MACH_BUILD_PYTHON_NATIVE_PACKAGE_SOURCE=system
  • Is it really needed, though?
• I've noticed the browser/components/screenshots/ directory.
• We'll have to add --without-wasm-sandboxed-libraries, if we aren't using rlbox
• tor-launcher (internal notes, MR to be created, yet):
  • moved the components from the jar.mn to components.conf
  • added the l10n-registry things in the jar.mn
    • possible alternative: listen dynamically for changes in languages, de-register and re-register our language source. JS API is still available

Differences from GeckoView

• Base Browser's .mozconfigs
  • Should add GV's mozconfigs, too
• Firefox preference overrides.
  • Check that we haven't deleted any necessary TBA's options, and rename also GV's pref file, if needed
• Bug 9173: Change the default Firefox profile directory to be relative.
  • Major rework on desktop, but Android stuff should work as Mozilla does (Android apps can write only in their home)
• Bug 40309: Avoid using regional OS locales
  • The patch changed totally, but the new version should be okayish, too (but could be improved, see Bugzilla)
• Bug 2176: Rebrand Firefox to TorBrowser
  • The desktop commit has more files, but I think it's the authoritative one, in this case.
  • We also squashed things, back in December, on desktop
• Bring back old Firefox onboarding
  • browser/extensions/onboarding/moz.build api.js is in preprocessed files in desktop (which is correct, because api.js contains #if 0)
• Bug 26961: New user onboarding.
  • There are some changes like watermark, colors, and the id of a box. But I think we could just take desktop, because it's likely of being more up-to-date, and I think that Android doesn't have an onboarding (or it has it in Fenix)
• TB3: Tor Browser's official .mozconfigs.
  • Changes are only in the way we use now to manage mozconfigs
• Bug 13252: Do not store data in the app bundle
  • Some differences, but I worked on it for S131, so I wouldn't care that much. Also, basically it's a macOS patch
• Bug 10760: Integrate TorButton to TorBrowser core
  • I've restored #include browser-doctype.inc, which was used before Fluent. With the switch to Fluent, this file has been removed. Matt's approach was putting the various <!ENTITY % , which may be smarter, after all (even though, #include browser-doctype.inc is used in more than one place)
  • In desktop we squashed Bug 31575: Replace Firefox Home (newtab) with about:tor
  • Some differences in circuit display
• Bug 40209: Implement Basic Crypto Safety
  • Not in GeckoView, we might add a check to browser/actors/moz.build, and don't add it to FINAL_TARGET_FILES.actors in Android
  • Something to implement in Fenix?
• Bug 19273: Avoid JavaScript patching of the external app helper dialog.
  • GV contains the workaround to keep Moz's telemetry stuff, I preferred just removing it from desktop
• Bug 31286: Implementation of bridge, proxy, and firewall settings in about:preferences#connection
  • Not even checking 😂️
• Omnibox: Add DDG, Startpage, Disconnect, Youtube, Twitter; remove Amazon, eBay, bing
  • Desktop has more search engines, and the fix for Google
• Bug 23247: Communicating security expectations for .onion
  • A few CSS selectors have > in GV
• Bug 30237: Add v3 onion services client authentication prompt
  • Missing feature in Android!
• Bug 21952: Implement Onion-Location
  • Includes the fix for the anchors
  • See above for some fixes on the pill CSS
• Bug 40458: Implement .tor.onion aliases
  • I wonder if this works in Android (even though it's initialized after the connection, so rulesets are never updated, probably)
• Bug 11698: Incorporate Tor Browser Manual pages into Tor Browser
  • I wonder if this is going to work automatically on GV (with the exception that we don't inject the manual in tor-browser-build in GV, and we should make the manual smaller especially for Android)
• Cherry-picked some patches that were missing on desktop