#21340: Identify and backport new patches from Firefox --------------------------------------+------------------------------ Reporter: arthuredelstein | Owner: tbb-team Type: defect | Status: needs_review Priority: Medium | Milestone: Component: Applications/Tor Browser | Version: Severity: Normal | Resolution: Keywords: TorBrowserTeam2017R | Actual Points: Parent ID: #20680 | Points: Reviewer: | Sponsor: Sponsor4 --------------------------------------+------------------------------ Changes (by arthuredelstein):
* keywords: => TorBrowserTeam2017R * status: new => needs_review Comment: Here's a list of patches I cherry-picked or backported from Firefox >=53 without too much difficulty. They are Tor uplift patches or addition first-party isolation work. {{{ 1334690 Isolate AlternateService mappings by Origin Attributes 1334693 Investigate and isolate SPDY/HTTP2 state by first-party domain when privacy.firstparty.isolate = true 1315602 Remove the assertion of FirstPartyDomain should be empty in HTTP redirect 1317927 Media caching needs to use origin attributes 1274020 Add a test to show that the DOM Cache is separated by origin attributes 1282655 Add a test case to test whether site permissions are universal or isolated for each type of OriginAttribute 1305144 Spoof referrer when leaving a .onion domain (Tor 17334) 1216893 Add pref to optionally disable SVG (Tor 12827) }}} Here's the branch with these patches. If this seems reasonable I will merge these with my latest #20680 branch. https://github.com/arthuredelstein/tor-browser/commits/20680 A few patches have substantial conflicts: namely HSTS/HPKP isolation and the network predictor isolation patch. These are going to take further work: {{{ 1290529 clear HSTS and HPKP for subdomains as well when bug 1115712 is fixed 1323644 Isolate the HSTS and HPKP cache by first party domain. 1336867 Remove unsafeProcessHeader and isSecureHost in nsISiteSecurityService 1115712 make DataStorage for HPKP and HSTS enumerable via xpcom 1312954 Making the network predictor obey originAttributes and updating SpeculativeConnect() to SpeculativeConnect2(). }}} -- Ticket URL: <https://trac.torproject.org/projects/tor/ticket/21340#comment:3> Tor Bug Tracker & Wiki <https://trac.torproject.org/> The Tor Project: anonymity online _______________________________________________ tor-bugs mailing list tor-bugs@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs