Rebase Tor Browser patches for ESR60

This is the ticket to discuss and review the rebase of our patches for ESR60

added TorBrowserTeam201805R component::applications/tor browser ff60-esr owner::arthuredelstein parent::25741 priority::very high resolution::fixed severity::normal status::closed type::task labels

Trac:
Cc: arthuredelstein to tbb-team
Status: new to assigned
Owner: tbb-team to arthuredelstein

Trac:
Username: franklin
Cc: tbb-team to tbb-team, franklin

Moving our tickets to April.

Trac:
Keywords: TorBrowserTeam201803 deleted, TorBrowserTeam201804 added

Trac:
Priority: High to Very High

Trac:
Parent: N/A to #25741 (moved)

Here is my current version of a rebase branch: https://github.com/arthuredelstein/tor-browser/commits/25543+6 (b4907074cbe48d46a621fa8ad2b0e4b29c7041de)

It contains nearly all desktop patches rebased to mozilla-beta (those labeld C and F). It does not yet include a few updater patches (labeled P) and mobile patches. See https://torpat.ch for further reference. The branch builds and seems to run OK on Linux 64.

Here's what happened to each patch:

? = more investigation needed
B = already included in Firefox 60
C = cherry-picked
D = Delete
F = fixed up
K = Broken
O = obsolete
P = Pearl Crescent (in progress)
U = Upstreamed

F 90e16dd25b6e Bug 20283: Tor Browser should run without a `/proc` filesystem.
F 82cd8ae9a5de Bug 21537: Tests for secure .onion cookies
F c70454fd10ef Bug 21537: Mark .onion cookies as secure
F 7719a132533d fixup! Bug 16940: After update, load local change notes.
U 901380f79a74 Bug 23439: Exempt .onion domains from mixed content warnings
U 314e5b4a08d3 Bug 23439: Exempt .onion domains from mixed content warnings
B 0fb51b9375f6 Bug 25147: Sanitize HTML fragments created for chrome-privileged documents
O 74b92f0512e8 Bug 25112: Tor Browser 7.5 is not working on Windows Vista 64bit
B 0d3da213dc86 Bug 1370027: Part 1 - Cleanly handle a subprocess child being reaped by NSPR. r=aswan
D 76b6a5dc0859 Revert "Bug 18619: If indexedDB disabled, use in-memory db for asyncStorage.js"
C 93999a363c76 Bug 22794: Don't open AF_INET/AF_INET6 sockets when AF_LOCAL is configured
C 95ad1e098907 Bug 19910: Rip out optimistic data socks handshake variant (#3875)
C ba141b6054ea Bug 22614: Make e10s/non-e10s Tor Browsers indistinguishable
B 01b8fa23b26a Bug 1005640 - Flush StringBundle cache when app-locales change. r=valentin
C f5eebe23eda5 Bug 13575: Disable randomised Firefox HTTP cache decay user tests.
F 6e2c459fa66a Bug 23916: Add new MAR signing key
B 5e53cbb2d63c Bug 1403412 - disable VP9 estimizer on Mac; r=jya
C b91202db5ef3 Bug 22548: Firefox downgrades VP9 videos to VP8.
U 031dba9cfdf3 Allow std::unordered_*.
U 848e862614a1 Bug 24197: fix uppercase/lowercase issue in Wow64.h include
B 52781b3a80f4 Bug 23970: Printing to a file is broken with Linux content sandboxing enabled
B ab8aca382251 Bug 23970: Printing to a file is broken with Linux content sandboxing enabled
B c96c64300d52 Bug 23970: Printing to a file is broken with Linux content sandboxing enabled
B 5d36dc9a3d5b Bug 23970: Printing to a file is broken with Linux content sandboxing enabled
B cfe5bda0cec0 Bug 23970: Printing to a file is broken with Linux content sandboxing enabled
O d6131d2157a1 Bug 23016: "Print to File" does not create the expected file in non-English locales
B a0382e7bc741 Bug 1372072 - Part 2: Add a test case for check whether network information API has been spoofed correctly when 'privacy.resistFingerprinting' is true. r=arthuredelstein,baku
B 3841170c74d8 Bug 1372072 - Part 1: Spoofing network information API and blocking ontypechange event when 'privacy.resistFingerprinting' is true. r=arthuredelstein,baku
C ab9be0575af0 Bug 24398: Plugin-container process exhausts memory
C 230cb85895bc Bug 23104: Add a default line height compensation
C 009bc0a8f600 Bug 24478: Enable debug assertions and tests in our ASan builds
C 2646633951fe Bug 21925: Don't compile with ASan and FORTIFY_SOURCE
C 6794707e2b3a Bug 24052: Handle redirects by blocking them early
K 2e0a54b89593 Bug 24052: Streamline handling of file:// resources
B 2270fb027a31 Bug 1305396 - Replace memmove with std::copy_backward in a file that doesn't include cstring explicitly. r=keeler
D e7fc8cfbe27d Revert "Bug 21308: Set indexedDB->null when dom.indexeddb.enabled=false"
D ca8fa1fb280c Revert "bug 23104 - Add a default line height compensation"
C 87b15309e159 Bug 13398: at startup, browser gleans user FULL NAME (real name, given name) from O/S
B 8c0c1a4d6469 Bug 366945 - Disable middlemouse.contentLoadURL by default on UNIX and Android, r=gijs
D 478a8ccce85b bug 23104 - Add a default line height compensation
C a19fd1255901 We don't take the SANDBOX_EXPORTS path and fix compile issues along our way
F[inspect] fc9f5757efd6 Bug 16010: Fixing sandbox compile issues
B fe5c1809487e Bug 1386279 - Renovate Linux sandbox file broker handling of access(). r=gcp
B f99102a4c3d4 Bug 1374281. r=jld
B 43247a6b0732 Bug 1344106 - Remove Linux todos() now that Linux sandboxing is riding the trains. r=haik
B 08edba4a1f7a Bug 1317802 - don't stop for SIGSYS in .gdbinit; r=jld
B aab5c2714555 Bug 1337162 - Enable the Linux content sandbox for non-Nightly builds. r=ted
B bed2159de684 Bug 1355274 - Polyfill SOCK_DGRAM socketpairs with SOCK_SEQPACKET, for libasyncns. r=gcp
B 4e8bfae856e9 Bug 1361238 - Re-allow accept4, used by accessibility. r=gcp
B 7dbf00b82e6a Bug 1358647 - Disallow bind/listen/accept for Linux content processes. r=gcp
B 0232c989f8ea Bug 1286865 - Step 0: Turn off crash-on-seccomp-fail by default on non-nightly. r=gcp
B 6c802b3741c9 Bug 1320085 - Allow the getrlimit-equivalent subset of prlimit64. r=tedd
U 2e72b91df3e5 Bug 18101: Suppress upload file dialog proxy bypass (linux)
B 201df98d032e Bug 1365047 Turn on the Windows DLL Blocklist in MinGW r=aklotz
B 4d27bc319f9d Bug 1368406 Use non-Windows Printf Format Specifiers in MinGW r=froydnj
U c773ce1f161f Bug 23230: Fix build error on Windows 64
D c04c6fd4da01 Revert "Bug 19273: Avoid JavaScript patching of the external app helper dialog."
C f7e646dd976c Bug 21830: Copying large text from web console leaks to /tmp
C 576f4e90158a Bug 21321: Add test for .onion whitelisting
C c79b911518ed Bug 21321: .onion domains are shown as non-secure
U 6214b3a48f36 Don't break accessibility support for Windows
D 2aadce237574 Revert "Getting Tor Browser to build with accessibility enabled on Windows"
F c542fb08d725 Bug 23044: Don't allow GIO supported protocols by default
U 67d6461d58a6 Bug 16485: Improve about:cache page
O? 019cfd615d7f Bug 21862: Rip out potentially unsafe rust code
U 5a812a560343 Bug 1329521 - GetLoadContextInfo() should not compare originAttributes and privateBrowsing boolean when docShell is chrome type, r=smaug
U 1e44ba71702e Bug 22452: Isolate tab list menuitem favicons to content first party
U 671e4be2682f Bug 22327: Isolate Page Info media previews to content first party
U a49b1a4d604a Bug 1319908 - Load the menu icons for the bookmarks menu with the correct content type and principal on OSX; r=baku
U 08391e69ed95 Bug 21972: about:support is partially broken
U a48b75ea65c0 Bug 21684: Don't expose navigator.AddonManager to content
U 177805982c2b Bug 22320: Use pref name 'referer.hideOnionSource' everywhere
F fba536f97fe2 Bug 21431: Clean-up system extensions shipped in Firefox 52
F 009934b82a3c Bug 16285: Exclude ClearKey system for now
U 6018c8682553 Bug 22165: Block DoListAddresses when resisting fingerprinting
U 1fc107434bd9 Bug 10286: Regression tests for Touch API fingerprinting resistance
U 4cd7a879addc Bug 10286: Touch API fingerprinting resistance
C 43c1ed31857d Bug 13612: Disable Social API
F* 5c25352ec8de Bug 21569: Add first-party domain to Permissions key
U 3d7920974fa7 Bug 16337: Round times exposed by Animation API to nearest 100ms
U c991664faabc Bug 21792: Suppress MediaError.message when privacy.resistFingerprinting = true
B 3d55d320d172 Bug 1282655 - Test if site permissions are universal across origin attributes. r=tanvi
B 472166860594 Bug 1274020 - Tests that shows the Cache Web API is separated by origin attributes. r=baku
B 5a8d26d0cc01 Bug 1315602 - Remove the assertion of FirstPartyDomain should be empty in HTTP redirect. r=smaug
B 84c976d6c191 Bug 1351071: Get rid of pre-generated startup cache r=glandium
B 0b9734f23584 Bug 1342887 - Detect and log failures to dispatch SetupMacCommandLine to the main thread. r=rstrong
B 16d29020cd2a Bug 1335916 - Make sure the update driver only calls SetupMacCommandLine from the main thread. r=rstrong
F 0b00e2ce04e9 Bug 21907: Fix runtime error on CentOS 6
B 452a464d126f Bug 1352305 - Part2: Add a test case for making sure dialog windows will not be enforced to rounded sizes when fingerprinting resistance is enabled. r?ehsan
B dd2efe4502f7 Bug 1352305 - Part 1:  Making the XULWindow will not be enforecd to be rounded dimensions if it is a window without a primary content when fingerprinting resistance is enabled. r?ehsan
O? 98ee0302a49d Bug 21876: Always use esr policies for e10s.
F 73f02a5f325c Bug 21849: Don't allow SSL key logging
D 75c7cfcb68e1 Getting Tor Browser to build with accessibility enabled on Windows
U ad7ff6542560 Backport of tjr's patch for bug 1331349
U 9ea59d59ffa6 Backport of tjr's patch for bug 1314979
B c640867a52d2 Bug 805173 - Enable HeapEnableTerminationOnCorruption for chrome processes on Windows. r=mhowell,tjr
C? 64aed57c7b49 Bug #5741: Prevent WebSocket DNS leak.
U cef74a746683 Bug 21723: Fix inconsistent generation of MOZ_MACBUNDLE_ID
O? dc0210891a9e Workaround for broken ASan builds (bug 1272498)
F 4f7b24106278 Bug 14970: Don't block our unsigned extensions
B 3555582727db Bug 1330882 - Part 5: Add more test cases for rounded windows test. r=arthuredelstein,smaug
B 04f0a2bb4696 Bug 1330882 - Part 4: Making the window.open() can only open rounded windows and the inner window will be automatically rounded after setting size through innerWidth/Height and outerWidth/Height when fingerprinting resistance is enabled. r=smaug
B 6c0ecaa44d1b Bug 1330882 - Part 3: Add a test case for opening new windows as rounded size when fingerprinting resistance is enabled. r=arthuredelstein,smaug
B d362791d8e53 Bug 1330882 - Part 2: Disallow the session restore to modify window size when fingerprinting resistance is enabled. r=arthuredelstein,mikedeboer
B 75691f7a6e30 Bug 1330882 - Part 1: Making new windows to be rounded size when fingerprinting resistance is enabled (adopt from Tor #19459). r=arthuredelstein,smaug
F 3a536e56b9f7 Omnibox: Add DDG, Startpage, Disconnect, Youtube, Twitter;  remove Amazon, eBay, bing
D c40c21632973 Bug 21308: Set indexedDB->null when dom.indexeddb.enabled=false
B ffcb66f639f4 Bug 1344613 - Prevent null pointer crash in nsSOCKSIOLayer.cpp
B cebb513dc6aa Bug 1305144 - Option to hide referrer when leaving a .onion domain. r=mcmanus
F 506eb3cbd392 Bug 20589: Adding new MAR signing key
P dc4fdd28c696 Bug 13252: Do not store data in the app bundle
F 46acba80bdf4 Bug 16940: After update, load local change notes.
P 4564a5f744df Bug 13379: Sign our MAR files.
P 4c9f746f2c19 Bug 4234: Use the Firefox Update Process for Tor Browser.
F b0471f5e9e1f Bug 21724: Make Firefox and Tor Browser distinct macOS apps
C 08964d93d418 Bug 18912: add automated tests for updater cert pinning
P? 9ae35ba3c07e Bug 19121: reinstate the update.xml hash check
O? fee72fffc081 Bug 19411: Update icon shows up even if partial updates are failing.
F 87036e9e33eb Bug 18900: updater doesn't work on Linux (cannot find libraries)
F 0f7641a6369c Bug 18008: Create a new MAR Signing key
U 5f189ecd2805 Bug 18170: After update, only changelog tab shown
F 04e72287a8c7 Bug 11641: change TBB directory structure to be more like Firefox's
F 452829d9135f Bug 9173: Change the default Firefox profile directory to be TBB-relative.
U? e9be3f9dff33 Bug 20981: On Windows, check TZ for timezone first
U? 142c643b4cff Bug 16622: Pref to spoof time zone as UTC
O fdb2ad415cd6 Bug 20707: Avoid localization failure in about:preferences
O 043e87d50499 Bug 20244.2: Add "privacy.firstparty.isolate" checkbox
O 1cf891b3a783 Bug 20244.1: Add "privacy.resistFingerprinting" checkbox
C d4da5714eb9d Bug 19890: Disable installation of system addons
D db79c0270d50 Bug 19273: Avoid JavaScript patching of the external app helper dialog.
C b7f33de7c769 Bug 18923: Add a script to run all Tor Browser specific tests
U 133a941a72c9 Bug 18914: Use English-only label in <isindex/> tags
C fb26928c9f6f Regression tests for #2874: Block Components.interfaces from content
C 0a2323b8fcaa Regression tests for Bug 1517: Reduce precision of time for Javascript.
F af9e23384692 Regression tests for Bug 15646: Prevent keyboard layout fingerprinting in KeyboardEvent
F 6a7ae76e406e Regression tests for Bug 17009: Pref to suppress some modifier key events
D 53531cf002aa Bug 18619: If indexedDB disabled, use in-memory db for asyncStorage.js
F db5663390b3e Bug 18821: Disable libmdns for Android and Desktop
F 90e817059ab7 Bug 18800: Remove localhost DNS lookup in nsProfileLock.cpp
F ac9bc3723c2b Bug 18799: disable Network Tickler
U 88e5ed76f941 Bug 6786: Do not expose system colors to CSS or canvas.
F aa65fd2ea82e Bug 16620: Clear window.name when no referrer sent
U 72998c7d5064 Bug 6253: Add canvas image extraction prompt.
U c9c82d317082 Bug 17009: Pref to suppress some modifier key events
U cbad7a986dcb Bug 15646: Prevent keyboard layout fingerprinting in KeyboardEvent
U f6683c586a30 Bug 16005: Relax minimal mode.
U 03f286aa425e Bug 1517: Reduce precision of time for Javascript.
C 5adf623b76f8 Bug 16441: Suppress "Reset Tor Browser" prompt.
C a71bf76df344 Bug 14392: Make about:tor behave like other initial pages.
F ea9c5e94e364 Bug 2176: Rebrand Firefox to TorBrowser
C d3a986dfb477 Bug 18995: Regression test to ensure CacheStorage is disabled in private browsing
C b4981a144854 Regression tests for #5856: Do not expose physical screen info via window & window.screen.
C 98966f5b88b5 Regression tests for #2875: Limit device and system specific CSS Media Queries.
C 90f3c1b3b687 Regression tests for #4755: Return client window coordinates for mouse event screenX/Y (for dragend, 0,0 is returned).
C 73dc870c6712 Regression tests for "Omnibox: Add DDG, Startpage, Disconnect, Youtube, Twitter; remove Amazon, eBay, bing"
C ba2620e0c91d Regression tests for TB4: Tor Browser's Firefox preference overrides.
C 6bbe63c3f3b8 Regression tests for Bug #2950: Make Permissions Manager memory-only
C c38fc187252c Bug 12620: TorBrowser regression tests folder
F c8fbfdb5b0e7 Bug 14631: Improve profile access error msgs (strings).
F f05b2599c291 Bug 14631: Improve profile access error messages.
F 9a13c4dd4d89 Bug 14716: HTTP Basic Authentication prompt only displayed once
C 4fd7433d2b79 Bug 3875: Use Optimistic Data SOCKS variant.
O 2c74c1e6b2c7 Bug 5282: Randomize HTTP request order and pipeline depth.
C 05c64bde4a76 Bug 13028: Prevent potential proxy bypass cases.
O[Bug 18743] fd4a8863a4c3 Bug 16488:  Remove "Sign in to Sync" from the menu.
F c91cc92acf64 Bug 16439: remove screencasting code.
U 478ee75278f0 Bug 12827: Create preference to disable SVG.
F 6e18348d3fa2 Bug 2874: Block Components.interfaces from content
C 7190f7e52771 Bug 12974: Disable NTLM and Negotiate HTTP Auth
F d9ffdac205cc Bug 10280: Don't load any plugins into the address space.
C 83e40fc55843 Bug 8312: Remove "This plugin is disabled" barrier.
C 7151b7736fbc Bug 3547: Block all plugins except flash.
F 3efb1fb5990a TB4: Tor Browser's Firefox preference overrides.
C b7ba24e9438c TB3: Tor Browser's official .mozconfigs.

Okay, I'll skimmed the list and have some comments:

N 2c74c1e6b2c7 Bug 5282: Randomize HTTP request order and pipeline depth.

That should be an "O" instead of an "N". There is no pipelining code anymore in ESR60, and thus the patch is obsolete.

K 2e0a54b89593 Bug 24052: Streamline handling of file:// resources

What does "K" mean here? It makes me a bit nervous given that this was one of our fixes to close a cricital hole in Firefox.

I assume "F*" means "still work in progress but essentially done"?

Replying to gk:

Okay, I'll skimmed the list and have some comments:

{{{ N 2c74c1e6b2c7 Bug 5282: Randomize HTTP request order and pipeline depth. }}} That should be an "O" instead of an "N". There is no pipelining code anymore in ESR60, and thus the patch is obsolete.

OK! I will edit the list in comment:6 to fix that.

{{{ K 2e0a54b89593 Bug 24052: Streamline handling of file:// resources }}} What does "K" mean here? It makes me a bit nervous given that this was one of our fixes to close a cricital hole in Firefox.

Including this patch causes a runtime error that prevents the browser from starting up properly. We will need to debug this problem.

I assume "F*" means "still work in progress but essentially done"?

Yes, the patch seems to work, but there is a problem with the unit test that I would like to fix to be more sure.

Thanks for posting all of the patch details.

I just attached a couple of patches that are fixups: libmdns.patch​ fixes a compile error on macOS, and packaging.patch​ fixes errors that prevented ./mach package from finishing. Kathy and I are still working off your 25543_volatile+4 branch for the moment, but it looks like your 25543+6 branch needs these changes too.

Trac:
tb-patches-2018-04-20.zip

#13252 (moved) patch plus a few fixups

I removed the individual "fixup" patches that I attached to this ticket a couple of days ago and I replaced them with a .zip archive which contains proper git am formatted patches. The .zip also contains a rebased patch for #13252 (moved).

Kathy and I are still working on rebasing these two patches: P 4564a5f744df Bug 13379: Sign our MAR files. P 4c9f746f2c19 Bug 4234: Use the Firefox Update Process for Tor Browser.

We will also take care of this one: P? 9ae35ba3c07e Bug 19121: reinstate the update.xml hash check For this patch we need to resurrect more code that Mozilla has removed (see https://bugzil.la/1373267).

Replying to mcs:

I removed the individual "fixup" patches that I attached to this ticket a couple of days ago and I replaced them with a .zip archive which contains proper git am formatted patches. The .zip also contains a rebased patch for #13252 (moved).

Thank you for these! I have added those patches to the branch and rebased to the latest mozilla-beta (Firefox 60).

https://github.com/arthuredelstein/tor-browser/commits/25543+7 (b67b8dc99c9a31121a5bb1204634c833e74fb63f)

Trac:
Cc: tbb-team, franklin to tbb-team, franklin, igt0

Trac:
tb-patches-2018-04-24.zip

more fixup patches

I attached a zip archive that contains a few more fixup patches. There are probably more places in the Tor Browser patches where we need to remove the JS version from the MIME type when referencing from an XHTML file or HTML file (see 0001-fixup-Bug-16940-After-update-load-local-change-notes.patch within the zip archive).

Also, Kathy and I finished our initial rebasing of the updater patches and are in the process of testing them. I assume you would rather wait and receive tested patches, but let us know if you would rather have them sooner (we will probably not finish the updater testing until next week).

Replying to arthuredelstein:

{{{ F 3efb1fb5990a TB4: Tor Browser's Firefox preference overrides. }}}

Friendly reminder to update general.useragent.override before merging this. (59d6b454184b3 on 25543+7)

Replying to mcs:

I attached a zip archive that contains a few more fixup patches.

Thanks for these -- I have added them to https://github.com/arthuredelstein/tor-browser/commits/25543+7 (HEAD is now fe38c8a83d8e90a99f6d04fb19a1dc085a19a766).

There are probably more places in the Tor Browser patches where we need to remove the JS version from the MIME type when referencing from an XHTML file or HTML file (see 0001-fixup-Bug-16940-After-update-load-local-change-notes.patch within the zip archive).

I did a search to find any examples of "version=" and found them in the following files:

docshell/test/test_tor_bug16620.html  
docshell/test/tor_bug16620.html       
docshell/test/tor_bug16620_form.html  
dom/events/test/test_tor_bug15646.html
tbb-tests/test_tor_bug1517.html       
tbb-tests/test_tor_bug23104.html      
tbb-tests/test_tor_bug2875.html       

These are all tests we have added, and it seems that the scripts still run, so I'm inclined not to patch them, although it would do no harm to do so.

Also, Kathy and I finished our initial rebasing of the updater patches and are in the process of testing them. I assume you would rather wait and receive tested patches, but let us know if you would rather have them sooner (we will probably not finish the updater testing until next week).

Waiting for your tests sounds good to me. Thank you!