[tor-project] PieroV's Monthly Status Report, August 2024
Pier Angelo Vendrame
pierov at torproject.org
Mon Sep 2 11:43:54 UTC 2024
Hi everyone!
Here is my status report for August 2024.
I spent this month almost only on tasks linked with the transition from
Firefox ESR115 to ESR128.
At the beginning of the month, I reviewed Dan's Android rebase.
Then, after it landed, I checked for new reproducibility problems. I
found only one with the license files [0]. The oss-license-plugin wasn't
updated upstream this year, so it must be linked with other toolchain
updates (including Java from 11 to 17 and Gradle).
The solution [1] was to build and use a patched plugin that uses
`TreeSet` instead of a `HashSet`.
Sadly, the APK sizes grew a lot between 115 and 128. For this reason, we
couldn't publish 14.0a2 and 14.0a3 on the Play Store for the x86 and
x86-64 architectures [2].
During this month, Claire, cohosh from the AC team, and I spent some
time investigating this. 14.0a4 should fit at least for Android x86-64.
For Android x86, we might have to shave another 100-200kB if we
understood how this threshold works.
Another issue I worked on was a leak of regional locale data with the
`Intl` API. During the rebase, we had to start specifying `RFPTarget`s,
and I chose the only one handled differently without realizing it.
This was a reminder of how important it is to upstream our patches
whenever possible.
I started the process for this one two years ago [3], but then it didn't
land because it would have applied also to the browser UI.
After finding a new fix that worked for us, I added a proposal to the
upstream bug on a possible approach that might also work for Firefox.
Another bug worth mentioning was a problem with mixed content in Onion
Services [4]. The fix eventually was easy [5], but it took me quite a
while to understand what was going on because it involved debugging
between parent and content processes.
Also, it was a great occasion to improve the Onion Sites I implemented
for testing [6] and the documentation around them. While doing so, I
accidentally learned that we accept self-signed certificates only if
they specify subject alternative names. This new knowledge allowed me to
quickly answer another issue [7] without further investigation.
Finally, Mozilla is releasing Firefox 115.15 tomorrow, which is expected
to be the last update for the 115 series [8].
However, it's also the last version supporting Windows 7. While we agree
that people shouldn't use unsupported operating systems, we know some of
our users don't have another choice.
So, if eventually Mozilla decides to extend the support for Firefox 115,
we might end up extending Tor Browser 13.5's life as well [9].
One of our updater changes is to check for the minimum requirements on
the client side to avoid sending the OS version to our update servers.
So, this month, I also simulated providing several updates to Firefox:
one compatible with Windows >= 7 and one with Windows >= 10.
Sadly, the updater didn't handle this case as expected, and I needed to
create a patch. We will need some additional deployment steps if we
actually provide the alternative update path.
In this case, we will also drop the hash check on the update files (it's
redundant since they are already signed) [10].
Cheers,
Pier
[0]
https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/41211
[1]
https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/merge_requests/1016
[2]
https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/42607
[3] https://bugzilla.mozilla.org/show_bug.cgi?id=1746668
[4]
https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/43013
[5]
https://gitlab.torproject.org/tpo/applications/tor-browser/-/merge_requests/1116/diffs
[6]
https://gitlab.torproject.org/tpo/applications/wiki/-/wikis/Development-Information/BadSSL-But-Onion
[7]
https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/42887
[8] https://whattrainisitnow.com/release/?version=esr
[9]
https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/42747
[10]
https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/42737
More information about the tor-project
mailing list