#28104 closed enhancement (fixed)
Backport Android security fixes for Tor Browser for Android 1.0a3
| Reported by: | gk | Owned by: | tbb-team |
|---|---|---|---|
| Priority: | Very High | Milestone: | |
| Component: | Applications/Tor Browser | Version: | |
| Severity: | Normal | Keywords: | tbb-mobile, TorBrowserTeam201810R, GeorgKoppen201810 |
| Cc: | sysrqb, igt0 | Actual Points: | |
| Parent ID: | Points: | ||
| Reviewer: | Sponsor: | Sponsor8 |
Description
We got notified about a bunch of security/privacy related fixes for Android we might want to backport, in particular:
https://bugzilla.mozilla.org/show_bug.cgi?id=1441345
https://bugzilla.mozilla.org/show_bug.cgi?id=1448014
https://bugzilla.mozilla.org/show_bug.cgi?id=1448305
https://bugzilla.mozilla.org/show_bug.cgi?id=1458905
We should do so for the upcoming, on 60.3.0esr based release.
Child Tickets
Change History (6)
comment:1 Changed 11 months ago by
| Keywords: | TorBrowserTeam201810R added; TorBrowserTeam201810 removed |
|---|---|
| Status: | new → needs_review |
comment:2 Changed 11 months ago by
| Summary: | Beackport Android security fixes for Tor Browser for Android 1.0a3 → Backport Android security fixes for Tor Browser for Android 1.0a3 |
|---|
comment:3 Changed 11 months ago by
I looked the patches and tested the branch on Android 6, 7 and 8. Everything is looking good and working fine.
comment:4 Changed 11 months ago by
| Resolution: | → fixed |
|---|---|
| Status: | needs_review → closed |
Thanks! Merged to tor-browser-60.2.1esr-8.5-1 (commits 1e7ee8ad5a57315bda89fb5b1f7fba49e63ccce4, ce5aede0dc562dab1636baac96e82c955cffad0b, 9ec06f1b4bb17e562e10cb7d39e1af8370522538, c04236287b17b1e8a3ca2a30344d2fe718cae788, c72b56ea4eb7dcbb73d1fce9b9ac066abbe5bd53, 34242a922172ddfcee8e089949e9972f4c0a882f, 4744f30185f1e76fd8243bdc07e2c5dac6dd2302, and 1387995d6a8764a730deac5a6d50a1f2ffa3ca0e.
comment:5 Changed 10 months ago by
| Sponsor: | → Sponsor8 |
|---|
comment:6 Changed 10 months ago by
| Keywords: | tbb-mobile added |
|---|
Okay, I cherry-picked all of the relevant patches without any conflict. See:
bug_28104(https://gitweb.torproject.org/user/gk/tor-browser.git/log/?h=bug_28104) for the result. We might be able to omit #1443145 if we want, as I think we are not using any safebrowsing feature. I'd be fine with that. But the overhead of fixing that bug while we are fixing the other ones is not that high.