[tor-bugs] #18546 [Applications/Tor Browser]: Review networking code for Firefox 45
Tor Bug Tracker & Wiki
blackhole at torproject.org
Thu Apr 21 11:42:57 UTC 2016
#18546: Review networking code for Firefox 45
-------------------------------------------------+-------------------------
Reporter: gk | Owner:
Type: task | mikeperry
Priority: Very High | Status:
Component: Applications/Tor Browser | assigned
Severity: Critical | Milestone:
Keywords: ff45-esr, MikePerry201604, | Version:
TorBrowserTeam201604 | Resolution:
Parent ID: | Actual Points:
Reviewer: | Points:
| Sponsor:
-------------------------------------------------+-------------------------
Comment (by gk):
Replying to [comment:6 gk]:
> Replying to [comment:4 mikeperry]:
> > Here's the quick notes for stuff that really needs another set of
eyes:
> > * We need to verify the proper application of our OCSP and NSS safety
patches in security/nss. Last time we improperly applied the DNS patch
while rebasing. That might happen again here, too.
>
> They look good to me.
>
> > * We should make sure that ./netwerk/dns/mdns/libmdns/ is Android
only and also disabled for OrFox
>
> This is #18821.
>
> > * The "Presentation API" stuff seems new, but possibly not enabled
yet. It has lots of networking things. We should make sure it is disabled.
Yes, it is disabled. However, we already had libmdns things leaking into
desktop/android builds which are related to the Presentation API (see:
https://wiki.mozilla.org/images/thumb/e/e6/Presentation_API_Architecture_overview.png
/650px-Presentation_API_Architecture_overview.png). Thus, we should take a
closer look at the whole picture when we move to ESR52: #18862
> > * The nsDNSService patches should be verified for the same reason as
the NSS ones
Looks good to me.
> > * There's some resolver stuff in Android that uses SOCK_DGRAM. We
should make sure this is not active in OrFox
Might be best to ask the Orfox people as this code is available for ages
and IIRC Orfox is already supposed to be proxy bypass free: #18864.
> > * It looks like
./toolkit/modules/secondscreen/SimpleServiceDiscovery.jsm is included now?
Can we kill it? And what is this second screen stuff?
We take care of it by the patch mcs and brade wrote back for #16439
(cafffd10e5be3dc27b3a666df1769ee53eb9b009 on tor-browser-45.0.2esr-6.x-1).
> > * dom.udpsocket and dom.moztcpsocket are still off, yes?
The former, yes, for the latter there are no relevant changes compared to
ESR38 it seems. However, this pref is not really exposed, so we may want
to set it explicitly to avoid digging through code each time. This is
#18863.
> > * We disabled/patched the debugger and related discovery stuff
before, right? Is that still off?
Yes and comparing the ESR38 prefs with the ESR45 show we are still good
here.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/18546#comment:7>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list