arthuredelstein / tor-browser Public

…ill not be enforced to rounded sizes when fingerprinting resistance is enabled. r?ehsan

A browser chrome test which ensures the dialog windows will not be enforced to
be rounded sizes when fingerprinting resistance is enabled.

MozReview-Commit-ID: LQG13FMANav

… rounded dimensions if it is

a window without a primary content when fingerprinting resistance is enabled. r?ehsan

This patch making the nsXULWindow::ForceRoundedDimensions() will only be called
when this window is a window which has a primary content when fingerprinting
resistance is enabled.

This will fix the problem that dialog windows are incorrectly resized after
fingerprinting resistance is enabled.

MozReview-Commit-ID: 6WD6c38CTPv

Always use the policies associated with the esr update channel so that
the e10s behavior is the same for all Tor Browser builds.

This reverts commit 6fd5ac8.

Use GTK2 for hardened-builds as well.

Update the user agent we set to a Windows ESR 52 one.

Bug 21239: Use GTK2 for ESR52 Linux builds

MozReview-Commit-ID: A41UJ6OHvP7

--HG--
extra : rebase_source : 0191c1bbece94bb9dabbf2daf56351a624efa481

This is tjr's workaround for bug 1331335.

Patch by Jacek Caban

…esses on Windows. r=mhowell,tjr

This is an exploit mitigation which causes the Windows system allocator to abort
in the event it is in a corrupted state, rather than attempt to proceed in a
potentially exploitable state.

Because we use jemalloc, this only affects system libraries or plugins which
still use the system allocator.

The has been enabled on our content processes for a while without incident.

r=mhowell,tjr

MozReview-Commit-ID: 5ctXugtbI1A

--HG--
extra : rebase_source : f6f134404be3b258a8e522c22fa061c32a47e313

This is due to an improper implementation of the WebSocket spec by Mozilla.

"There MUST be no more than one connection in a CONNECTING state.  If multiple
connections to the same IP address are attempted simultaneously, the client
MUST serialize them so that there is no more than one connection at a time
running through the following steps.

If the client cannot determine the IP address of the remote host (for
example, because all communication is being done through a proxy server that
performs DNS queries itself), then the client MUST assume for the purposes of
this step that each host name refers to a distinct remote host,"

https://tools.ietf.org/html/rfc6455#page-15

They implmented the first paragraph, but not the second...

While we're at it, we also prevent the DNS service from being used to look up
anything other than IP addresses if socks_remote_dns is set to true, so this
bug can't turn up in other components or due to 3rd party addons.

CFBundleIdentifiers can only contain [A-Za-z.-], and by convention
the app component is lowercase and does not contain '.'.

Make configure delete all characters other than [a-z-] when generating
MOZ_MACBUNDLE_ID from MOZ_APP_DISPLAYNAME.

(This affects "Tor Browser", but not "Firefox".)

When macOS opens a document or selects a default browser, it sometimes
uses the CFBundleSignature. Changing from the Firefox MOZB signature to
a different signature TORB allows macOS to distinguish between Firefox
and Tor Browser.

ASan builds with GCC are broken without this patch. The much more involved
one landed on mozilla-central a while ago but missed the ESR 52 train by
three days.

Mozilla introduced extension signing as a way to make it harder for an
attacker to get a malicious add-on running in a user's browser. See:
https://blog.mozilla.org/addons/2015/02/10/extension-signing-safer-experience
and https://blog.mozilla.org/addons/2016/01/22/add-on-signing-update/
for some background information.

In ESR45 this feature is enabled by default and we exempt both our own
extensions and EFF's HTTPS-Everywhere from this requirement.

… r=bagder,mayhemer

MozReview-Commit-ID: Gvm88q26VHK

--HG--
extra : rebase_source : 188b65cba6b4ecb243b4b6ab8c55733f82217567

…=arthuredelstein,smaug

This patch adds two more test cases, browser_roundedWindow_open.js and
browser_roundedWindow_windowSetting.js. The browser_roundedWindow_open.js tests
the window.open() with window features, it will test window.open() with numbers
of window features to see that whether the opened window is correctly rounded.

The browser_roundedWindow_windowSetting.js tests the setting of
innerWidth/Height and outerWidth/Height. To see that the window is correctly
rounded or not after the setting.

This patch also adds a head.js and rename the browser_roundedWindow.js to
browser_roundedWindow_newWindow.js. The head.js carries two helper functions
that calculate the maximum available content size and the chrome UI size of
the pop up window.

MozReview-Commit-ID: LxJ2h2qAanY

--HG--
extra : rebase_source : b3744155fda93bd9e1650d07db7105092a2e5260

…windows and the inner window will be automatically rounded after setting size through innerWidth/Height and outerWidth/Height when fingerprinting resistance is enabled. r=smaug

    This patch makes the size of inner windows will be automatically rounded for
    either window.open() with window features or setting window size through
    innerWidth/Height and outerWidth/Height when fingerprinting resistance is
    enabled. If the given value is greater the maximum available rounded size, then
    it will be set to the maximum value. Otherwise, the size will be set to the
    nearest upper 200x100.

    This patch also adds one helper function in nsContentUtils for calculating the
    rounded window dimensions.

    MozReview-Commit-ID: J2r3951vuNN

    --HG--
    extra : rebase_source : a44b19bdf2ce7e90fc831ddc2b85a86d594cb0c3

…ded size when fingerprinting resistance is enabled. r=arthuredelstein,smaug

MozReview-Commit-ID: Gvksnh3cKHM

--HG--
extra : rebase_source : cae848ca467af34c08bff7190dce50cffa1399cc

…ize when fingerprinting resistance is enabled. r=arthuredelstein,mikedeboer

MozReview-Commit-ID: F1Ray6c5dzq

--HG--
extra : rebase_source : ed299058bf6f926e5987468dcab518b110fd7220

Conflicts:
	browser/components/sessionstore/SessionStore.jsm

…erprinting resistance is enabled (adopt from Tor #19459). r=arthuredelstein,smaug

MozReview-Commit-ID: 1qBNQhfdIYP

--HG--
extra : rebase_source : c46b4a936960ff165f950a59c1d31c1c5849645f

 remove Amazon, eBay, bing

eBay and Amazon don't treat Tor users very well. Accounts often get locked and
payments reversed.

Also:
Bug 16322: Update DuckDuckGo search engine

We are replacing the clearnet URL with an onion service one (thanks to a
patch by a cypherpunk) and are removing the duplicated DDG search
engine. Duplicating DDG happend due to bug 1061736 where Mozilla
included DDG itself into Firefox. Interestingly, this caused breaking
the DDG search if JavaScript is disabled as the Mozilla engine, which
gets loaded earlier, does not use the html version of the search page.
Moreover, the Mozilla engine tracked where the users were searching from
by adding a respective parameter to the search query. We got rid of that
feature as well.

Also:
This fixes bug 20809: the DuckDuckGo team has changed its server-side
code in a way that lets users with JavaScript enabled use the default
landing page while those without JavaScript available get redirected
directly to the non-JS page. We adapt the search engine URLs
accordingly.

Replaces old patch for Bug 16528.

…=mcmanus

The boolean pref is named "network.http.referer.hideOnionSource"

--HG--
extra : rebase_source : b6e9af7de29e0f8a2457b777ba4703401ad45181

We make the certificate for the secondary key the new primary one,
partly due to #15532 and add the certificate for the new key as the
secondary one.

Add an --enable-tor-browser-data-outside-app-dir configure option.
When this is enabled, all user data is stored in a directory named
TorBrowser-Data which is located next to the application directory.

The first time an updated browser is opened, migrate the existing
browser profile, Tor data directory contents, and UpdateInfo to the
TorBrowser-Data directory. If migration of the browser profile
fails, an error alert is displayed and the browser is started
using a new profile.

Display an informative error messages if the TorBrowser-Data
directory cannot be created due to an "access denied" or a
"read only volume" error.

Add support for installing "override" preferences within the user's
browser profile. All .js files in distribution/preferences (on
Mac OS, Contents/Resources/distribution/preferences) will be copied
to the preferences directory within the user's browser profile when
the profile is created and each time Tor Browser is updated. This
mechanism will be used to install the extension-overrides.js file
into the profile.

On Mac OS, add support for the --invisible command line option which
is used by the meek-http-helper to avoid showing an icon for the
helper browser on the dock.

Add an about:tbupdate page that displays the first section from
TorBrowser/Docs/ChangeLog.txt and includes a link to the remote
post-update page (typically our blog entry for the release).

Replace Mozilla's MAR signing certificates with our own.
Configure with --enable-signmar (build the signmar tool).
Configure with --enable-verify-mar (when updating, require a valid signature
  on the MAR file before it is applied).
Use the Tor Browser version instead of the Firefox version inside the
  MAR file info block (necessary to prevent downgrade attacks).
Use NSS on all platforms for checking MAR signatures (Mozilla plans to use
  OS-native APIs on Mac OS and they already do so on Windows). So that the
  NSS and NSPR libraries the updater depends on can be found at runtime, we
  add the firefox directory to the shared library search path on all platforms.
Use SHA512-based MAR signatures instead of the SHA1-based ones that Mozilla
  uses. This is implemented inside MAR_USE_SHA512_RSA_SIG #ifdef's and with
  a signature algorithm ID of 512 to help avoid collisions with future work
  Mozilla might do in this area.
  See: https://bugzilla.mozilla.org/show_bug.cgi?id=1105689

New configure options:
  --with-tor-browser-version=VERSION # Pass TB version throughout build.
  --enable-tor-browser-update        # Enable bundle update behavior.
The following files are never updated:
  TorBrowser/Data/Browser/profiles.ini
  TorBrowser/Data/Browser/profile.default/bookmarks.html
  TorBrowser/Data/Tor/torrc
Mac OS: Store update metadata under TorBrowser/UpdateInfo.
Removed the %OS_VERSION% component from the update URL (13047) and
  added support for minSupportedOSVersion, an attribute of the
  <update> element that may be used to trigger Firefox's
  "unsupported platform" behavior.
Windows: disable "runas" code path in updater (15201).
Windows: avoid writing to the registry (16236).
Also includes fixes for tickets 13047, 13301, 13356, 13594, 15406,
  16014, and 16909.