user/richard/tor-browser, branch bug_13410_v1 Richard's tor-browser repository Bug 13410: Disable self-signed certificate warnings when visiting .onion sites 2020-02-26T20:35:06+00:00 Richard Pospesel richard@torproject.org 2020-02-26T20:35:06+00:00 5c71904dc8e50ded0439050936864361523c0d3b Self-signed certs and certs signed by an unknown certificate authority are not so much a problem for sites hosted on onion services. This patch alters the trust level for certs for onion sites, treating them as trusted by default (for the purposes of cert chain authentication). Other error conditions (expired certs, mismatched domain, etc) still raise appropriate messages to the user. 
Self-signed certs and certs signed by an unknown certificate authority
are not so much a problem for sites hosted on onion services.

This patch alters the trust level for certs for onion sites, treating
them as trusted by default (for the purposes of cert chain
authentication). Other error conditions (expired certs, mismatched
domain, etc) still raise appropriate messages to the user.
squash! Bug 30237: Add v3 onion services client authentication prompt 2020-02-21T21:26:49+00:00 Kathy Brade brade@pearlcrescent.com 2020-02-13T20:06:38+00:00 aed69dc95387429e18b18ad578fb78d4a83d91f2 Also fixes bug 19757: Add a "Remember this key" checkbox to the client auth prompt. Add an "Onion Services Authentication" section within the about:preferences "Privacy & Security section" to allow viewing and removal of v3 onion client auth keys that have been stored on disk. 
Also fixes bug 19757:
 Add a "Remember this key" checkbox to the client auth prompt.

 Add an "Onion Services Authentication" section within the
 about:preferences "Privacy & Security section" to allow
 viewing and removal of v3 onion client auth keys that have
 been stored on disk.
fixup! Pick up latest Torbutton code 2020-02-21T21:26:14+00:00 Matthew Finkel sysrqb@torproject.org 2020-02-21T21:26:14+00:00 9e9300163c9074f9b12691d42aefc489e27729ef 






Bug 32493: Disable MOZ_SERVICES_HEALTHREPORT
2020-02-19T20:08:38+00:00

Nicolas Vigier
boklm@torproject.org

2020-01-30T13:32:13+00:00

6046d1d582804594a57d132280376b8027d1ed83












Bug 32658: Create a new MAR signing key
2020-02-19T19:50:34+00:00

Georg Koppen
gk@torproject.org

2020-01-17T12:54:31+00:00

0f42a8ed2229c1ad5da15803eeebd2f849ffdb21

It's time for our rotation again: Move the backup key in the front
position and add a new backup key.





It's time for our rotation again: Move the backup key in the front
position and add a new backup key.







Revert "Bug 1603270 - Add telemetry for FirefoxPromoBannerRow user actions. r=VladBaicu, a=RyanVM"
2020-02-11T20:41:06+00:00

Matthew Finkel
Matthew.Finkel@gmail.com

2020-02-11T20:41:06+00:00

c2da27fca068dac7658fe53f51124908ee8c723b

This reverts commit 334f572f8b2113c464bd65e1282b7085a1dfb5eb.





This reverts commit 334f572f8b2113c464bd65e1282b7085a1dfb5eb.







Revert "Bug 31764: Fix for error when navigating via 'Paste and go'"
2020-02-11T02:30:11+00:00

Nicolas Vigier
boklm@torproject.org

2020-01-30T10:57:52+00:00

19fa956d545b6af7f0aa5048bceab7c00ec879cc

This reverts commit 59d89229b68f8fbaa46e910a9bd03a6b26e8403e.

With #32470 we backported Mozilla's fix for this issue.





This reverts commit 59d89229b68f8fbaa46e910a9bd03a6b26e8403e.

With #32470 we backported Mozilla's fix for this issue.







Bug 1590538 - Don't pass an empty object to urlbar-user-start-navigation because it doesn't handle it properly. r=Standard8
2020-02-11T02:30:11+00:00

Marco Bonardo
mbonardo@mozilla.com

2019-10-30T14:25:02+00:00

a83411dfd84faff2f5a9f40da161339f065504de

Differential Revision: https://phabricator.services.mozilla.com/D50634

--HG--
extra : moz-landing-system : lando





Differential Revision: https://phabricator.services.mozilla.com/D50634

--HG--
extra : moz-landing-system : lando







Bug 32414: Make Services.search.addEngine obey FPI
2020-02-11T02:30:11+00:00

Alex Catarineu
acat@torproject.org

2020-01-10T16:54:18+00:00

3ad7a3a333643469d0d1e80ebc7670983f9a6a73












Bug 461204 - Improve the random number generator for the boundaries in multipart/form-data r=smaug
2020-02-11T02:30:10+00:00

Alex Catarineu
acat@torproject.org

2020-01-13T20:41:14+00:00

ac96b77c70e682d27b335c483099cbdacbaccb16

Using a weak RNG for the form boundary allows a website operator to perform several
attacks on users (as outlined in https://trac.torproject.org/projects/tor/ticket/22919)

These include:
 - Identifying Windows users based on the unseeded RNG
 - Identify the number of form submissions that have occurred cross-origin between same-origin submissions

Additionally, a predictable boundary makes it possible to forge a boundary in the middle
of a file upload.

Differential Revision: https://phabricator.services.mozilla.com/D56056

--HG--
extra : moz-landing-system : lando





Using a weak RNG for the form boundary allows a website operator to perform several
attacks on users (as outlined in https://trac.torproject.org/projects/tor/ticket/22919)

These include:
 - Identifying Windows users based on the unseeded RNG
 - Identify the number of form submissions that have occurred cross-origin between same-origin submissions

Additionally, a predictable boundary makes it possible to forge a boundary in the middle
of a file upload.

Differential Revision: https://phabricator.services.mozilla.com/D56056

--HG--
extra : moz-landing-system : lando