Bug #14940
Upgrade Tor Browser to 7.0.10
100%
Description
Subtasks
Related issues
Related to Tails - |
Resolved | 2017-11-16 | |
Has duplicate Tails - |
Duplicate | 2017-11-10 | |
Blocks Tails - |
Resolved | 2017-06-29 |
History
#1 Updated by intrigeri 2017-11-09 10:17:52
- blocks
Feature #13244: Core work 2017Q4: Foundations Team added
#2 Updated by intrigeri 2017-11-10 22:41:03
- has duplicate
Feature #14947: Upgrade Tor Browser to 7.0.10 added
#3 Updated by anonym 2017-11-11 01:12:55
- Status changed from Confirmed to In Progress
- % Done changed from 0 to 30
- Feature Branch set to feature/14940-torbrowser-7.0.10
Bad news, browsing with file://
results in only HTLM being rendered rendered, no CSS, or images. This breaks:
- the “Tails documentation” launcher
- the “Tails documentation (offline)” bookmark in Tor Browser
- the Unsafe Browser start page
- all automated tests using the Unsafe Browser + a few automated tests for Tor Browser
I wonder if this is due to Tor Browser 7.0.9’s (or the Firefox code it is based on) fix for the (still embargoed!) vulnerability based on file://
urls.
#4 Updated by anonym 2017-11-11 12:36:09
Re: broken images and CSS for local pages, they seem to be unrelated:
- 7.0.6: ok (last version we’ve used in Tails (3.2))
- 7.0.7: ok
- 7.0.8: no images, but CSS is ok
- 7.0.9: no images, no CSS
- 7.0.10: no images, no CSS
#5 Updated by anonym 2017-11-11 13:02:25
This is interesting:
- Tor Browser 7.0.7 -> 7.0.8 only upgrades Torbutton 1.9.7.8 -> 1.9.7.9 which only updates some translations + fixups on their donation banner. That is somehow enough to break images on local pages. Disabling Torbutton makes the images work again.
- Tor Browser 7.0.8 -> 7.0.9 only fixes “Bug 24052: Streamline handling of file:// resources” which breaks both images and CSS. I say “both” despite the previous bullet indicating that Torbutton is responsible for breaking images, because disabling Torbutton no longer fixes image loading in this version. So it indeed seems that the fix for Tor#24502 alone breaks both CSS and images.
Here are the two patches that comprose the Tor#24502 fix:
#6 Updated by anonym 2017-11-11 14:01:18
Proposed cheap contingency plan: if this isn’t fixed in time for Tails 3.3, then we ship this sorry state of the browser vs offline docs + a known issue recommending the online version whenever possible (i.e. “only torture yourself with the offline docs when really offline”). But we make a pure HTML version of the Unsafe Browser start page so users might actually see the warning (currently the broken rendering first lists tons of links, so the warning might be out of view depending on vertical size of the window).
I also wanted to switch the “Tails documentation” launcher to use yelp
, which we already ship, but it’s broken for this use case. If there is some other small HTML reader we ship that could be tried instead, otherwise there might be a tiny one we could install (?). Or I could copy and use the code we have for this in the Greeter.
#7 Updated by anonym 2017-11-11 14:03:27
Reported the bug upstream, btw: https://trac.torproject.org/projects/tor/ticket/24243
#8 Updated by intrigeri 2017-11-11 14:12:12
Hi!
> Proposed cheap contingency plan: if this isn’t fixed in time for Tails 3.3, then we ship this sorry state of the browser vs offline docs + a known issue recommending the online version whenever possible (i.e. “only torture yourself with the offline docs when really offline”).
Sounds good enough to me.
Additionally, we could temporarily modify /usr/local/bin/tails-documentation
to point to the online doc: it does not cover all cases when we point to the local doc, but at least it would fix the two desktop launchers, which seems the most important use case to me.
> But we make a pure HTML version of the Unsafe Browser start page so users might actually see the warning (currently the broken rendering first lists tons of links, so the warning might be out of view depending on vertical size of the window).
Perfect.
> I also wanted to switch the “Tails documentation” launcher to use yelp
, which we already ship, but […].
FTR we had good reasons to “Revert back to browsing the offline documentation using Iceweasel instead of Yelp (Closes: Bug #7390, Bug #7285)” in Tails 1.1 IIRC.
> If there is some other small HTML reader we ship that could be tried instead, otherwise there might be a tiny one we could install (?). Or I could copy and use the code we have for this in the Greeter.
I don’t think it’s worth the effort.
#9 Updated by anonym 2017-11-13 17:05:36
- related to
Bug #14962: Tor Browser >= 7.0.8 fails to render local pages correctly added
#10 Updated by anonym 2017-11-13 20:55:42
- Status changed from In Progress to Fix committed
- % Done changed from 30 to 100
Applied in changeset commit:da8353756503fa76e3983dbdbb8cdf3c1537b8cb.
#11 Updated by anonym 2017-11-15 11:33:39
- Status changed from Fix committed to Resolved