user/sysrqb/tor-browser, branch tor-browser-52.7.2esr-7.5-1-build1 Matt's tor-browser repository Bug 25112: Tor Browser 7.5 is not working on Windows Vista 64bit 2018-03-16T07:48:51+00:00 Richard Pospesel richard@torproject.org 2018-03-06T23:49:21+00:00 fcaf1340c7f0d0aab47928ad1063a6daaa4c0372 With sandboxing enabled on Vista, 32-bit Firefox uses another 64-bit process (wow_helper.exe) to patch functions in the loaded ntdll.dll in the child content process. However, we are not building wow_helper.exe and it is not present, so the content process creation method silently fails. We 'could' go in and properly update the build system to build wow_helper.exe with 64-bit mingw. However, Vista support is going away very soon for Tor Browser once we update to a newer Firefox ESR. Therefore, the more prudent fix is to simply disable sandboxing when running on Vista or lower in this WOW64 scenario, rather than to do the work to get wow_helper.exe building only to have to rip it all out in a few months when we rebase with latest Firefox ESR. This logic is ifdef'd out for 64-bit builds. Verified the Tor Browser works as expected in following scenarios: 32-bit Firefox on 32-bit Windows Vista -> Sandbox enabled 32-bit Firefox on 64-bit Windows Vista -> Sandbox disabled 32-bit Firefox on 64-bit Windows 7 -> Sandbox enabled 
With sandboxing enabled on Vista, 32-bit Firefox uses another 64-bit
process (wow_helper.exe) to patch functions in the loaded ntdll.dll
in the child content process.  However, we are not building
wow_helper.exe and it is not present, so the content process
creation method silently fails.

We 'could' go in and properly update the build system to build
wow_helper.exe with 64-bit mingw.  However, Vista support is going
away very soon for Tor Browser once we update to a newer Firefox ESR.
Therefore, the more prudent fix is to simply disable sandboxing when
running on Vista or lower in this WOW64 scenario, rather than to do
the work to get wow_helper.exe building only to have to rip it all
out in a few months when we rebase with latest Firefox ESR.  This
logic is ifdef'd out for 64-bit builds.

Verified the Tor Browser works as expected in following scenarios:
  32-bit Firefox on 32-bit Windows Vista -> Sandbox enabled
  32-bit Firefox on 64-bit Windows Vista -> Sandbox disabled
  32-bit Firefox on 64-bit Windows 7 -> Sandbox enabled
Bug 23970: Printing to a file is broken with Linux content sandboxing enabled 2018-03-16T07:48:50+00:00 Richard Pospesel richard@torproject.org 2017-11-27T23:04:21+00:00 c175722aa8582e5b6bd3a3d9e59183d824fde75f Ported over firefox patch 997c6b961cd0 (Bug 1329835) 
Ported over firefox patch 997c6b961cd0 (Bug 1329835)
Bug 23970: Printing to a file is broken with Linux content sandboxing enabled 2018-03-16T07:48:49+00:00 Richard Pospesel richard@torproject.org 2017-11-27T22:49:53+00:00 147d236333bcba56325e4632a01aafd2954ea82c Ported over firefox patch 5e7872cb3b5c (Bug 1364627) 
Ported over firefox patch 5e7872cb3b5c (Bug 1364627)
Bug 23970: Printing to a file is broken with Linux content sandboxing enabled 2018-03-16T07:48:47+00:00 Richard Pospesel richard@torproject.org 2017-11-27T22:41:39+00:00 2c3266142d96303458f3201c1fde0c0d7147f075 Ported over firefox patch 5b9702d8fe4e (Bug 1309205 Part 3) 
Ported over firefox patch 5b9702d8fe4e (Bug 1309205 Part 3)
Bug 23970: Printing to a file is broken with Linux content sandboxing enabled 2018-03-16T07:48:46+00:00 Richard Pospesel richard@torproject.org 2017-11-27T22:40:05+00:00 6298eba995c4ebb7b8156157d35149a3c66bd4e0 Ported over firefox patch 2797f193a147 (Bug 1309205 Part 2) 
Ported over firefox patch 2797f193a147 (Bug 1309205 Part 2)
Bug 23970: Printing to a file is broken with Linux content sandboxing enabled 2018-03-16T07:48:44+00:00 Richard Pospesel richard@torproject.org 2017-11-27T21:57:32+00:00 102c337496bdbc5b0fcc5d213068f39ea6571074 Ported over firefox patch 5c25a123203a (Bug 1309205 Part 1) 
Ported over firefox patch 5c25a123203a (Bug 1309205 Part 1)
Bug 23016: "Print to File" does not create the expected file in non-English locales 2018-03-16T07:48:43+00:00 Richard Pospesel richard@torproject.org 2017-11-15T18:48:38+00:00 18d1920d10765795339f2cd3fde520df4fdb4309 The Problem: During firefox and Web Content process startup, ::OverrideDefaultLocaleIfNeeded() is called which will conditionally ::setlocale() to "C.UTF-8" or "C" based off of the javascript.use_us_english_locale preference (to prevent fingerprinting based on how dates and what-not are formatted). Sometime after this call in the Web Content process the locale is set to the system's locale which effectively stomps over the work done by the ::OverrideDefaultLocaleIfNeeded() call. As a result, the firefox process and the Web Content process are configured to use different locales; firefox uses "C.UTF-8" while Web Content uses "" (system default). On Linux, the "Print to File" printer is a default GTK printer whose name is localized based off of the process's locale. The GTK print dialog is hosted in the firefox process and therefore the printer name will be 'Print to File.' This process sends this name over to the Web Content process, which iterates over the list of printers and finds one whose name matches. However, as the Web Content process's locale is set to system, its printer names will be localized and in the language of the system, so no printer with the name 'Print to File' will be found, and printing fails. This is why disabling javascript.use_us_english_locale fixes the issue. It also explains why disabling multi-process mode via the browser.tabs.remote.autostart.2 preference fixes the issue; one process means the printer-name is never used as a selector and also means no mismatched locale can happen. The Solution: The fix for this issue is to first check the javascript.use_us_english_locale preference each place in code where setlocale occurs, particularly in the nsLocaleService object which is the particular code path which overrides setlocale in the Web Content process. 
The Problem:

During firefox and Web Content process startup,
::OverrideDefaultLocaleIfNeeded() is called which will conditionally
::setlocale() to "C.UTF-8" or "C" based off of the
javascript.use_us_english_locale preference (to prevent fingerprinting
based on how dates and what-not are formatted).  Sometime after this
call in the Web Content process the locale is set to the system's locale
which effectively stomps over the work done by the
::OverrideDefaultLocaleIfNeeded() call.  As a result, the firefox
process and the Web Content process are configured to use different
locales; firefox uses "C.UTF-8" while Web Content uses "" (system
default).

On Linux, the "Print to File" printer is a default GTK printer whose
name is localized based off of the process's locale.  The GTK print dialog
is hosted in the firefox process and therefore the printer name will be
'Print to File.'  This process sends this name over to the Web Content
process, which iterates over the list of printers and finds one whose
name matches.  However, as the Web Content process's locale is set to
system, its printer names will be localized and in the language of the
system, so no printer with the name 'Print to File' will be found, and
printing fails.

This is why disabling javascript.use_us_english_locale fixes the issue.
It also explains why disabling multi-process mode via the
browser.tabs.remote.autostart.2 preference fixes the issue; one
process means the printer-name is never used as a selector and also
means no mismatched locale can happen.

The Solution:

The fix for this issue is to first check the
javascript.use_us_english_locale preference each place in code where
setlocale occurs, particularly in the nsLocaleService object which is the
particular code path which overrides setlocale in the Web Content
process.
Bug 1372072 - Part 2: Add a test case for check whether network information API has been spoofed correctly when 'privacy.resistFingerprinting' is true. r=arthuredelstein,baku 2018-03-16T07:48:41+00:00 Tim Huang tihuang@mozilla.com 2017-12-13T17:35:50+00:00 8c7fe4469d8a0934c4bb8ad10657a137213b652b This adds a test case to test that network information is correctly spoofed when 'privacy.resistFingerprinting' is true. Firefox ESR 52 does not have the navigation object inside workers. Thus, the worker test was removed. MozReview-Commit-ID: Lt6HZlFrcja --HG-- extra : rebase_source : 70d44115532549814af9fce3af9fe379e36bca80 
This adds a test case to test that network information is correctly spoofed when
'privacy.resistFingerprinting' is true.

Firefox ESR 52 does not have the navigation object inside workers. Thus, the
worker test was removed.

MozReview-Commit-ID: Lt6HZlFrcja

--HG--
extra : rebase_source : 70d44115532549814af9fce3af9fe379e36bca80
Bug 1372072 - Part 1: Spoofing network information API and blocking ontypechange event when 'privacy.resistFingerprinting' is true. r=arthuredelstein,baku 2018-03-16T07:48:40+00:00 Tim Huang tihuang@mozilla.com 2017-12-13T17:29:00+00:00 c441c40d8fcc76c2917a60a17a4fdaf44b6473ec This patch makes the network information API always returns the default type 'unknown' and blocking the ontypechange event while connection type changed when 'privacy. resistFingerprinting' is true. MozReview-Commit-ID: 4eOdHgAGtyY --HG-- extra : rebase_source : 78449fb4888b787062ff2139e36c219e0eac0b2c 
This patch makes the network information API always returns the default type 'unknown'
and blocking the ontypechange event while connection type changed when 'privacy.
resistFingerprinting' is true.

MozReview-Commit-ID: 4eOdHgAGtyY

--HG--
extra : rebase_source : 78449fb4888b787062ff2139e36c219e0eac0b2c
Bug 24398: Plugin-container process exhausts memory 2018-03-16T07:48:38+00:00 Georg Koppen gk@torproject.org 2017-12-13T14:15:57+00:00 f24d97e5e80cf7ea317656fc673c44c85cf4bf5d The plugin-container process can thrash/crash due to increasing memory consumption after our workaround for bug 24052. The patch provided by a cypherpunk (bug thanks!) deals with that as far as the Developer Tools are concerned. 
The plugin-container process can thrash/crash due to increasing memory
consumption after our workaround for bug 24052. The patch provided by a
cypherpunk (bug thanks!) deals with that as far as the Developer Tools
are concerned.