Merge branch 'feature/16356-tor-browser-9.0+force-all-tests' into devel (refs: #16356)

config/chroot_local-hooks/10-tbb

@@ -46,7 +46,7 @@ download_and_verify_files() {
 }
 
 install_tor_browser() {
-    local bundle destination tmp prep torlauncher_xpi_path torlauncher_version
+    local bundle destination tmp prep
     bundle="${1}"
     destination="${2}"
 
@@ -65,7 +65,7 @@ install_tor_browser() {
     # Enable our myspell/hunspell dictionaries. TBB only provides the
     # one for en-US, but Debian's seems more comprehensive, so we'll
     # only use Debian's dictionaries.
-    rm -f "${prep}"/dictionaries/*
+    mkdir "${prep}"/dictionaries
     for f in /usr/share/hunspell/*.aff /usr/share/hunspell/*.dic; do
         ln -s "${f}" "${prep}"/dictionaries/
     done
@@ -74,56 +74,76 @@ install_tor_browser() {
     # instead of the system one, whenever ours is too old.
     # For details see projects/firefox/abicheck.cc in
     # https://git.torproject.org/builders/tor-browser-build.git
-    # Tor Browser 8.0a10 requires GLIBCXX_3.4.22, which Buster has
+    # Tor Browser 9.0a7 requires GLIBCXX_3.4.25, which Buster has,
     # so disable this for now.
-    # cp "${prep}"/TorBrowser/Tor/libstdc++.so.6 "${prep}"
+    # cp "${prep}"/TorBrowser/Tor/libstdc++/libstdc++.so.6 "${prep}"
 
     # We don't need the Tor binary, the shared libraries Tor needs
     # (but Firefox doesn't) and documentation shipped in the TBB.
     rm -r "${prep}"/TorBrowser/Tor "${prep}"/TorBrowser/Docs
 
-    # We don't want tor-launcher to be part of the regular browser
-    # profile but we want to keep it as a standalone application
-    # when Tails is started in "bridge mode".
-    torlauncher_xpi_path="${prep}/TorBrowser/Data/Browser/profile.default/extensions/tor-launcher@torproject.org.xpi"
-    7z x -o"${TOR_LAUNCHER_INSTALL}" "${torlauncher_xpi_path}"
-    torlauncher_version="$(sed -n \
-        's,^        <em:version>\([0-9\.]\+\)</em:version>,\1,p' \
-        "${TOR_LAUNCHER_INSTALL}/install.rdf")"
-    SOURCE_DATE_YYYYMMDD=$(date --utc --date="@$SOURCE_DATE_EPOCH" '+%Y%m%d')
-    cat > "${TOR_LAUNCHER_INSTALL}/application.ini" << EOF
+    # The Tor Browser will fail, complaining about an incomplete profile,
+    # unless there's a readable TorBrowser/Data/Browser/Caches
+    # in the directory where the firefox executable is located.
+    mkdir -p "${prep}"/TorBrowser/Data/Browser/Caches
+
+    # Otherwise the "General" section in the preferences is not displayed.
+    install -d -m 0755 "${prep}"/TorBrowser/UpdateInfo
+
+    mv "${prep}" "${destination}"
+    rm -r "${tmp}"
+}
+
+# Install Tor Launcher as a standalone XUL application.
+install_tor_launcher() {
+    local tbb_install destination tmp
+    tbb_install="${1}"
+    destination="${2}"
+
+    tmp="$(mktemp -d)"
+    7z x -o"${tmp}" "${tbb_install}/browser/omni.ja"
+    mv "${tmp}/chrome/torlauncher/" "${destination}"
+    # Tor Launcher is a system add-on but can be converted to
+    # something that works as a XUL standalone application by just
+    # moving things around:
+    mkdir "${destination}/chrome"
+    for x in content locale skin; do
+        mv "${destination}/${x}" "${destination}/chrome/"
+    done
+    mkdir -p "${destination}"/defaults/preferences
+    cp "${tmp}/defaults/preferences/torlauncher-prefs.js" \
+       "${destination}/defaults/preferences/prefs.js"
+    # ... and then we extract only the Tor Launcher parts from the
+    # manifest, and adapt to how we moved files around above:
+    grep torlauncher "${tmp}/chrome//chrome.manifest" \
+        | sed --regexp-extended \
+              -e 's@^(content|locale|skin) (torlauncher.*) torlauncher/(.*)$@\1 \2 chrome/\3@' \
+              -e 's@^(component) (\S+) torlauncher/(.+)$@\1 \2 \3@' \
+              -e 's@^(resource torlauncher) .*$@\1 ./@' \
+        > "${destination}/chrome.manifest"
+    cp "${destination}/chrome/skin/default48.png" "${destination}/icon.png"
+    cat > "${destination}/application.ini" << EOF
 [App]
 Vendor=TorProject
 Name=TorLauncher
-Version=${torlauncher_version}
-BuildID=${SOURCE_DATE_YYYYMMDD}
+Version=$(get_firefox_version "${tbb_install}/application.ini")
+BuildID=$(date --utc --date="@$SOURCE_DATE_EPOCH" '+%Y%m%d')
 ID=tor-launcher@torproject.org
 
 [Gecko]
-MinVersion=$(get_firefox_version "${prep}/application.ini")
+MinVersion=$(get_firefox_version "${tbb_install}/application.ini")
 MaxVersion=*.*.*
 
 [Shell]
 Icon=icon.png
 EOF
-    chmod -R a+rX "${TOR_LAUNCHER_INSTALL}"
-    rm "${torlauncher_xpi_path}"
-
-    # The Tor Browser will fail, complaining about an incomplete profile,
-    # unless there's a readable TorBrowser/Data/Browser/Caches
-    # in the directory where the firefox executable is located.
-    mkdir -p "${prep}"/TorBrowser/Data/Browser/Caches
-
-    # Otherwise the "General" section in the preferences is not displayed.
-    install -d -m 0755 "${prep}"/TorBrowser/UpdateInfo
-
-    mv "${prep}" "${destination}"
-
+    chmod -R a+rX "${destination}"
     rm -r "${tmp}"
 }
 
 # TBB works around the lack of code signing for its extensions by
 # hacking in exceptions. We do the same!
+# Improving this is tracked on #12571.
 apply_extension_code_signing_hacks () {
     local tbb_install tbb_timestamp
     tbb_install="${1}"
@@ -134,43 +154,61 @@ apply_extension_code_signing_hacks () {
         cd "${tmp}"
         7z x -tzip "${tbb_install}/omni.ja"
         patch -p1 <<EOF
-diff -Naur a/chrome/toolkit/content/mozapps/extensions/extensions.js b/chrome/toolkit/content/mozapps/extensions/extensions.js
---- a/chrome/toolkit/content/mozapps/extensions/extensions.js 2000-01-01 00:00:00.000000000 +0000
-+++ b/chrome/toolkit/content/mozapps/extensions/extensions.js 2000-01-01 00:00:00.000000000 +0000
-@@ -282,7 +282,8 @@
-   // they aren't the correct type for signing.
-   if (aAddon.id == "torbutton@torproject.org" ||
-       aAddon.id == "tor-launcher@torproject.org" ||
--      aAddon.id == "https-everywhere-eff@eff.org") {
-+      aAddon.id == "https-everywhere-eff@eff.org" ||
-+      aAddon.id == "uBlock0@raymondhill.net") {
-     return true;
-   }
-   return aAddon.isCorrectlySigned !== false;
-diff -Naur a/modules/addons/XPIProvider.jsm b/modules/addons/XPIProvider.jsm
---- a/modules/addons/XPIProvider.jsm 2000-01-01 00:00:00.000000000 +0000
-+++ b/modules/addons/XPIProvider.jsm 2000-01-01 00:00:00.000000000 +0000
-@@ -749,7 +749,8 @@
-   if (aAddon.id == "torbutton@torproject.org" ||
-       aAddon.id == "tor-launcher@torproject.org" ||
-       aAddon.id == "https-everywhere-eff@eff.org" ||
--      aAddon.id == "meek-http-helper@bamsoftware.com") {
-+      aAddon.id == "meek-http-helper@bamsoftware.com" ||
-+      aAddon.id == "uBlock0@raymondhill.net") {
+diff -Naur a/chrome/toolkit/content/mozapps/extensions/aboutaddonsCommon.js b/chrome/toolkit/content/mozapps/extensions/aboutaddonsCommon.js
+--- a/chrome/toolkit/content/mozapps/extensions/aboutaddonsCommon.js	2019-09-02 15:24:00.000000000 +0200
++++ b/chrome/toolkit/content/mozapps/extensions/aboutaddonsCommon.js	2019-09-08 20:42:24.198382292 +0200
+@@ -195,6 +195,10 @@
+   if (addon.id == "https-everywhere-eff@eff.org") {
      return true;
    }
++  // Allow uBlock installed from Debian (Tails#12571)
++  if (addon.id == "uBlock0@raymondhill.net") {
++    return true;
++  }
+   return addon.isCorrectlySigned !== false;
+ }
+ 
+diff -Naur a/modules/addons/XPIDatabase.jsm b/modules/addons/XPIDatabase.jsm
+--- a/modules/addons/XPIDatabase.jsm	2019-09-02 15:24:00.000000000 +0200
++++ b/modules/addons/XPIDatabase.jsm	2019-09-08 20:40:29.469007744 +0200
+@@ -2126,6 +2126,11 @@
+       return true;
+     }
  
-@@ -3465,6 +3466,7 @@
-             addon.id != "tor-launcher@torproject.org" &&
-             addon.id != "https-everywhere-eff@eff.org" &&
-             addon.id != "meek-http-helper@bamsoftware.com" &&
-+            addon.id != "uBlock0@raymondhill.net" &&
-             addon.signedState <= AddonManager.SIGNEDSTATE_MISSING) {
-           logger.warn("Refusing to install staged add-on " + id + " with signed state " + addon.signedState);
-           seenFiles.push(stageDirEntry.leafName);
++    // Ensure that we allow uBlock installed from Debian (Tails#12571)
++    if (aAddon.id == "uBlock0@raymondhill.net") {
++      return true;
++    }
++
+     // Ensure that Tor Launcher is never enabled as an add-on. It will be
+     // removed inside getInstallState() soon.
+     if (aAddon.id == "tor-launcher@torproject.org")
+@@ -2729,7 +2734,8 @@
+       }
+ 
+       unsigned =
+-        XPIDatabase.mustSign(aNewAddon.type) && !aNewAddon.isCorrectlySigned;
++        XPIDatabase.mustSign(aNewAddon.type) && !aNewAddon.isCorrectlySigned
++        && aNewAddon.id !== "uBlock0@raymondhill.net";
+       if (unsigned) {
+         throw Error(`Extension ${aNewAddon.id} is not correctly signed`);
+       }
+diff -Naur a/modules/addons/XPIInstall.jsm b/modules/addons/XPIInstall.jsm
+--- a/modules/addons/XPIInstall.jsm	2019-09-02 15:24:00.000000000 +0200
++++ b/modules/addons/XPIInstall.jsm	2019-09-08 20:41:07.345467589 +0200
+@@ -3826,6 +3826,7 @@
+     if (
+       XPIDatabase.mustSign(addon.type) &&
+       addon.id !== "https-everywhere-eff@eff.org" &&
++      addon.id !== "uBlock0@raymondhill.net" &&
+       addon.signedState <= AddonManager.SIGNEDSTATE_MISSING
+     ) {
+       throw new Error(
 EOF
-        touch --date="@${tbb_timestamp}" modules/addons/XPIProvider.jsm \
-              chrome/toolkit/content/mozapps/extensions/extensions.js
+        touch --date="@${tbb_timestamp}" \
+              chrome/toolkit/content/mozapps/extensions/aboutaddonsCommon.js \
+              modules/addons/XPIDatabase.jsm \
+              modules/addons/XPIInstall.jsm
         rm "${tbb_install}/omni.ja"
         7z a -mtc=off -tzip "${tbb_install}/omni.ja" *
     )
@@ -180,21 +218,21 @@ EOF
         cd "${tmp}"
         7z x -tzip "${tbb_install}/browser/omni.ja"
         patch -p1 <<EOF
-diff -Naur x/components/nsBrowserGlue.js y/components/nsBrowserGlue.js
---- a/components/nsBrowserGlue.js 2000-01-01 00:00:00.000000000 +0000
-+++ b/components/nsBrowserGlue.js 2000-01-01 00:00:00.000000000 +0000
-@@ -1137,7 +1137,8 @@
+diff -Naur a/modules/BrowserGlue.jsm b/modules/BrowserGlue.jsm
+--- a/modules/BrowserGlue.jsm	2019-09-02 15:24:00.000000000 +0200
++++ b/modules/BrowserGlue.jsm	2019-09-08 20:45:59.323681266 +0200
+@@ -1926,7 +1926,8 @@
+           // disabled. Even if they lack Mozilla's blessing they are enabled
+           // nevertheless.
            if ((addon.signedState <= AddonManager.SIGNEDSTATE_MISSING) &&
-               !(addon.id == "torbutton@torproject.org" ||
-                 addon.id == "tor-launcher@torproject.org" ||
--                addon.id == "https-everywhere-eff@eff.org")) {
-+                addon.id == "https-everywhere-eff@eff.org" ||
-+                addon.id == "uBlock0@raymondhill.net")) {
+-              (addon.id !== "https-everywhere-eff@eff.org")) {
++              (addon.id !== "https-everywhere-eff@eff.org") &&
++              (addon.id !== "uBlock0@raymondhill.net")) {
              this._notifyUnsignedAddonsDisabled();
              break;
            }
 EOF
-        touch --date="@${tbb_timestamp}" components/nsBrowserGlue.js
+        touch --date="@${tbb_timestamp}" modules/BrowserGlue.jsm
         rm "${tbb_install}/browser/omni.ja"
         7z a -mtc=off -tzip "${tbb_install}/browser/omni.ja" *
     )
@@ -215,15 +253,9 @@ apply_prefs_hacks() {
 	sed -i '/extensions\.torlauncher\./d' defaults/preferences/000-tor-browser.js
 	# Display the Stop/Reload button: our test suite currently depends on it
 	perl -pi -E \
-	    's/^(pref\("browser.uiCustomization.state",.*\\"loop-button\\")/$1,\\"stop-reload-button\\"/' \
+	    's/^(pref\("browser\.uiCustomization\.state",.*\\"loop-button\\")/$1,\\"stop-reload-button\\"/' \
 	    defaults/preferences/000-tor-browser.js
 
-	# Hide the security level button in the unsafe browser (#16735)
-	UNSAFE_BROWSER_PREFS=/usr/share/tails/chroot-browsers/unsafe-browser/prefs.js
-	echo "\n// Hide the security level button" >> "${UNSAFE_BROWSER_PREFS}"
-	grep -E '^pref\("browser.uiCustomization.state"' defaults/preferences/000-tor-browser.js | \
-		perl -p -E 's/(.*)\\"security-level-button\\",/user_$1/' >> "${UNSAFE_BROWSER_PREFS}"
-
 	# Append our custom prefs
 	cat /usr/share/tails/tor-browser-prefs.js \
 	    >> defaults/preferences/000-tor-browser.js
@@ -327,6 +359,7 @@ install_tor_browser "${TMP}/${MAIN_TARBALL}" "${TBB_INSTALL}"
 apply_extension_code_signing_hacks "${TBB_INSTALL}" "${TBB_TIMESTAMP}"
 apply_prefs_hacks "${TBB_INSTALL}" "${TBB_TIMESTAMP}"
 strip_nondeterminism "${TBB_INSTALL}" "${TBB_TIMESTAMP}"
+install_tor_launcher "${TBB_INSTALL}" "${TOR_LAUNCHER_INSTALL}"
 
 mkdir -p "${TBB_EXT}"
 if [ "${NIGHTLY_BUILD}" != yes ]; then

config/chroot_local-hooks/11-unsafe-browser

+#!/bin/sh
+
+set -e
+set -u
+
+echo "Prepare the Unsafe Browser"
+
+# Import ensure_hook_dependency_is_installed()
+. /usr/local/lib/tails-shell-library/build.sh
+
+# Install python3-lz4 (required by jsonlz4)
+ensure_hook_dependency_is_installed python3-lz4
+
+# Compress the addonStartup.json with Mozilla's jsonlz4
+INPUT="/usr/share/tails/chroot-browsers/unsafe-browser/addonStartup.json"
+OUTPUT="${INPUT}.lz4"
+/usr/local/bin/jsonlz4 -c < "${INPUT}" > "${OUTPUT}"

config/chroot_local-hooks/98-remove_unwanted_files

@@ -32,3 +32,7 @@ update-ca-certificates
 # debugging (and slightly make things easier for malware, perhaps) and
 # otherwise just occupy disk space.
 rm -f /boot/*.map /boot/*.map-*
+
+# Files needed at build time for preparing the Unsafe Browser
+rm /usr/local/bin/jsonlz4
+rm /usr/share/tails/chroot-browsers/unsafe-browser/addonStartup.json

config/chroot_local-includes/etc/tor-browser/profile/chrome/userChrome.css

@@ -25,14 +25,3 @@
 
 /* Hide HTTPS Everywhere button in the toolbar */
 #https-everywhere-button { display: none; }
-
-/* Hide the uBlock sidebar, that's opened on first launch
-   References:
-    - https://github.com/gorhill/uBlock/releases/tag/1.16.6
-    - https://github.com/uBlock-LLC/uBlock/issues/1764 */
-vbox#sidebar-box[sidebarcommand="_UUID~ADDON_-sidebar-action"] {
-   display: none !important;
-}
-vbox#sidebar-box[sidebarcommand="ublock0_raymondhill_net-sidebar-action"] {
-   display: none !important;
-}

config/chroot_local-includes/usr/local/bin/jsonlz4

+#!/usr/bin/env python3
+
+# This script is based on https://unix.stackexchange.com/a/434882
+# Original author: https://unix.stackexchange.com/users/61726/h%c3%a5kon-a-hjortland
+
+import os
+import sys
+import lz4.block
+
+usage = f"""Usage: {sys.argv[0]} [-c|-d] < infile > outfile
+Compress or decompress Mozilla-flavor LZ4 files.
+
+Examples:
+    {sys.argv[0]} -d < infile.json.lz4 > outfile.json
+    {sys.argv[0]} -c < infile.json > outfile.json.lz4"""
+
+stdin = os.fdopen(sys.stdin.fileno(), 'rb')
+stdout = os.fdopen(sys.stdout.fileno(), 'wb')
+
+if sys.argv[1:] == ['-c']:
+    stdout.write(b'mozLz40\0' + lz4.block.compress(stdin.read()))
+elif sys.argv[1:] == ['-d']:
+    assert stdin.read(8) == b'mozLz40\0'
+    stdout.write(lz4.block.decompress(stdin.read()))
+else:
+    print(usage)
+    sys.exit(1)

config/chroot_local-includes/usr/local/bin/tor-launcher

@@ -27,6 +27,9 @@ if [ ! -d "${PROFILE}" ]; then
     configure_best_tor_launcher_locale "${PROFILE}"
 fi
 
+# Make sure Tor Launcher is not disabled.
+export TOR_SKIP_LAUNCH=0
+
 exec_unconfined_firefox \
     -app "${TOR_LAUNCHER_INSTALL}/application.ini" \
     -profile "${PROFILE}"

config/chroot_local-includes/usr/local/lib/onion-grater

@@ -566,7 +566,16 @@ class FilteredControlPortProxyHandler(socketserver.StreamRequestHandler):
         ))
 
     def connect_to_real_control_port(self):
-        controller = stem.connection.connect(control_socket=global_args.control_socket_path)
+        controller = None
+        tries = 0
+        # If tor isn't running this would just loop endlessly as fast
+        # as possible, so let's rate limit it so it at least cannot
+        # become a performance issue.
+        while not controller:
+            if tries >= 3:
+                time.sleep(1)
+            controller = stem.connection.connect(control_socket=global_args.control_socket_path)
+            tries += 1
         stem.connection.authenticate_cookie(controller, cookie_path=global_args.control_cookie_path)
         return controller
 

config/chroot_local-includes/usr/local/lib/tails-shell-library/chroot-browser.sh

@@ -7,7 +7,7 @@ if [ "$(whoami)" != "root" ]; then
     exit 1
 fi
 
-# Import the TBB_INSTALL, TBB_PROFILE and TBB_EXT variables, and
+# Import the TBB_INSTALL and TBB_EXT variables, and
 # configure_xulrunner_app_locale().
 . /usr/local/lib/tails-shell-library/tor-browser.sh
 
@@ -122,7 +122,11 @@ configure_chroot_browser_profile () {
     local extension
     while [ -n "${*:-}" ]; do
         extension="${1}" ; shift
-        ln -s "${extension}" "${browser_ext}"
+        if [ "$(basename "${extension}")" = 'red-2.0-an+fx.xpi' ]; then
+           ln -s "${extension}" "${browser_ext}"/'{91a24c60-0f27-427c-b9a6-96b71f3984a9}.xpi'
+        else
+           ln -s "${extension}" "${browser_ext}"
+        fi
     done
 
     # Set preferences
@@ -131,15 +135,16 @@ configure_chroot_browser_profile () {
     cat "${chroot_browser_config}/common/prefs.js" \
         "${chroot_browser_config}/${browser_name}/prefs.js" > "${browser_prefs}"
 
+    # Install addonStartup.json.lz4. This is required to enable the red theme.
+    cp "${chroot_browser_config}/${browser_name}/addonStartup.json.lz4" \
+        "${browser_profile}"
+
     # Set browser home page to something that explains what's going on
     if [ -n "${home_page:-}" ]; then
         echo 'user_pref("browser.startup.homepage", "'"${home_page}"'");' >> \
             "${browser_prefs}"
     fi
 
-    # Set an appropriate theme
-    cat "${chroot_browser_config}/${browser_name}/theme.js" >> "${browser_prefs}"
-
     # Customize the GUI.
     local browser_chrome="${browser_profile}/chrome/userChrome.css"
     mkdir -p "$(dirname "${browser_chrome}")"
@@ -159,8 +164,6 @@ set_chroot_browser_locale () {
     configure_xulrunner_app_locale "${browser_profile}" "${locale}"
 }
 
-# Must be called after configure_chroot_browser_profile(), since it
-# depends on which extensions are installed in the profile.
 set_chroot_browser_name () {
     local chroot="${1}"
     local human_readable_name="${2}"
@@ -170,65 +173,36 @@ set_chroot_browser_name () {
     local ext_dir="${chroot}/${TBB_EXT}"
     local browser_profile_ext_dir="$(chroot_browser_profile_dir "${chroot}" "${browser_name}" "${browser_user}")/extensions"
 
-    # If Torbutton is installed in the browser profile, it will decide
+    # Torbutton is installed in the browser's omni.ja and it decides
     # the browser name.
-    if [ -e "${browser_profile_ext_dir}/torbutton@torproject.org" ]; then
-        local torbutton_locale_dir="${ext_dir}/torbutton/chrome/locale/${locale}"
-        if [ ! -d "${torbutton_locale_dir}" ]; then
-            # Surprisingly, the default locale is en, not en-US
-            torbutton_locale_dir="${chroot}/usr/share/xul-ext/torbutton/chrome/locale/en"
-        fi
-        sed -i "s/<"'!'"ENTITY\s\+brand\(Full\|Short\|Shorter\)Name.*$/<"'!'"ENTITY brand\1Name \"${human_readable_name}\">/" "${torbutton_locale_dir}/brand.dtd"
-        # Since Torbutton decides the name, we don't have to mess with
-        # with the browser's own branding, which will save time and
-        # memory.
-        return
-    fi
-
-    local pack top rest
-    if [ "${locale}" != "en-US" ]; then
-        pack="${ext_dir}/langpack-${locale}@firefox.mozilla.org.xpi"
-        top="browser/chrome"
-        rest="${locale}/locale"
-    else
-        pack="${chroot}/${TBB_INSTALL}/browser/omni.ja"
-        top="chrome"
-        rest="en-US/locale"
-    fi
+    local pack="${chroot}/${TBB_INSTALL}/omni.ja"
     local tmp="$(mktemp -d)"
-    local branding_dtd="${top}/${rest}/branding/brand.dtd"
-    local branding_properties="${top}/${rest}/branding/brand.properties"
-    7z x -o"${tmp}" "${pack}" "${branding_dtd}" "${branding_properties}"
-    sed -i "s/<"'!'"ENTITY\s\+brand\(Full\|Short\|Shorter\)Name.*$/<"'!'"ENTITY brand\1Name \"${human_readable_name}\">/" "${tmp}/${branding_dtd}"
-    perl -pi -E \
-	 's/^(brand(?:Full|Short|Shorter)Name=).*$/$1'"${human_readable_name}/" \
-         "${tmp}/${branding_properties}"
-    (cd ${tmp} ; 7z u -tzip "${pack}" .)
+    (
+       cd "${tmp}"
+       7z x -o"${tmp}" "${pack}" chrome/torbutton/locale
+       local torbutton_locale_dir="chrome/torbutton/locale/${locale}"
+       if [ ! -d "${torbutton_locale_dir}" ]; then
+          torbutton_locale_dir="chrome/torbutton/locale/en-US"
+       fi
+       sed -i "s/<"'!'"ENTITY\s\+brand\(Full\|Short\|Shorter\)Name.*$/<"'!'"ENTITY brand\1Name \"${human_readable_name}\">/" "${torbutton_locale_dir}/brand.dtd"
+       7z u -tzip "${pack}" .
+    )
     chmod a+r "${pack}"
     rm -Rf "${tmp}"
 }
 
 delete_chroot_browser_searchplugins() {
     local chroot="${1}"
-    local locale="${2}"
     local ext_dir="${chroot}/${TBB_EXT}"
 
-    if [ "${locale}" != "en-US" ]; then
-        pack="${ext_dir}/langpack-${locale}@firefox.mozilla.org.xpi"
-        top="browser/chrome"
-        rest="${locale}/locale"
-    else
-        pack="${chroot}/${TBB_INSTALL}/browser/omni.ja"
-        top="chrome"
-        rest="en-US/locale"
-    fi
-    local searchplugins_dir="${top}/${rest}/browser/searchplugins"
+    pack="${chroot}/${TBB_INSTALL}/browser/omni.ja"
+    local searchplugins_dir="chrome/browser/search-extensions"
     local searchplugins_list="${searchplugins_dir}/list.json"
     local tmp="$(mktemp -d)"
     (
         cd "${tmp}"
         7z x -tzip "${pack}" "${searchplugins_dir}"
-        ls "${searchplugins_dir}"/*.xml | xargs 7z d -tzip "${pack}"
+        ls -d "${searchplugins_dir}"/*/manifest.json | xargs 7z d -tzip "${pack}"
         echo '{"default": {"visibleDefaultEngines": []}, "experimental-hidden": {"visibleDefaultEngines": []}}' \
              > "${searchplugins_list}"
         7z u -tzip "${pack}" "${searchplugins_list}"
@@ -253,7 +227,7 @@ configure_chroot_browser () {
         "${best_locale}"
     set_chroot_browser_name "${chroot}" "${human_readable_name}"  \
         "${browser_name}" "${browser_user}" "${best_locale}"
-    delete_chroot_browser_searchplugins "${chroot}" "${best_locale}"
+    delete_chroot_browser_searchplugins "${chroot}"
     set_chroot_browser_permissions "${chroot}" "${browser_name}" \
         "${browser_user}"
 }
@@ -270,8 +244,8 @@ run_browser_in_chroot () {
     sudo -u "${local_user}" xhost "+SI:localuser:${chroot_user}"
     chroot "${chroot}" sudo -u "${chroot_user}" /bin/sh -c \
         ". /usr/local/lib/tails-shell-library/tor-browser.sh && \
-         exec_firefox -DISPLAY='${DISPLAY}' \
-                      --class='${wm_class}' \
+         export TOR_TRANSPROXY=1 && \
+         exec_firefox --class='${wm_class}' \
                       -profile '${profile}'"
     sudo -u "${local_user}" xhost "-SI:localuser:${chroot_user}"
 }

config/chroot_local-includes/usr/local/lib/tails-shell-library/tor-browser.sh

@@ -27,6 +27,13 @@ exec_firefox_helper() {
     export FONTCONFIG_FILE="fonts.conf"
     export GNOME_ACCESSIBILITY=1
 
+    # Since Tor Browser 9.0 it has become integrated into the browser,
+    # so let's make it the responsibility of callers to explicitly set
+    # this variable to 0 if they want to enable Tor Launcher.
+    if [ -z "${TOR_SKIP_LAUNCH:-}" ]; then
+        export TOR_SKIP_LAUNCH=1
+    fi
+
     # The Tor Browser often assumes that the current directory is
     # where the browser lives, e.g. for the fixed set of fonts set by
     # fontconfig above.

config/chroot_local-includes/usr/local/sbin/unsafe-browser

@@ -10,16 +10,13 @@ export TEXTDOMAIN
 # Import tor_has_bootstrapped()
 . /usr/local/lib/tails-shell-library/systemd.sh
 
-# Import the TBB_EXT variable, and guess_best_tor_browser_locale().
+# Import the TBB_EXT variable.
 . /usr/local/lib/tails-shell-library/tor-browser.sh
 
 # Import localized_tails_doc_page().
 . /usr/local/lib/tails-shell-library/localization.sh
 
-# Import try_cleanup_browser_chroot(), setup_browser_chroot(),
-# configure_chroot_dns_servers(), configure_chroot_browser(),
-# configure_chroot_browser(), set_chroot_browser_locale()
-# set_chroot_browser_name(), set_chroot_browser_permissions()
+# Import setup_chroot_for_browser(), configure_chroot_browser(),
 # and run_browser_in_chroot().
 . /usr/local/lib/tails-shell-library/chroot-browser.sh
 
@@ -100,7 +97,9 @@ setup_chroot_for_browser "${CHROOT}" "${COW}" "${BROWSER_USER}" || \
 
 echo "* Configuring chroot"
 configure_chroot_browser "${CHROOT}" "${BROWSER_USER}" "${BROWSER_NAME}" \
-    "${HUMAN_READABLE_NAME}" "${HOME_PAGE}" "${TBB_EXT}"/langpack-*.xpi || \
+    "${HUMAN_READABLE_NAME}" "${HOME_PAGE}" \
+    "${TBB_EXT}"/langpack-*.xpi \
+    /usr/share/tails/chroot-browsers/unsafe-browser/extensions/*.xpi || \
         error "`gettext \"Failed to configure browser.\"`"
 # If /etc/resolv-over-clearnet.conf file is empty or doesn't exist, we
 # have no clearnet DNS server.

config/chroot_local-includes/usr/share/tails/browser-localization/descriptions

@@ -18,10 +18,12 @@ is:IS
 it:IT
 ja:JP
 ko:KR
+mk:MK
 nb-NO:NO
 nl:NL
 pl:PL
 pt-BR:BR
+ro:RO
 ru:RU
 sv-SE:SE
 tr:TR

config/chroot_local-includes/usr/share/tails/chroot-browsers/common/prefs.js

@@ -18,3 +18,6 @@ user_pref("print.postscript.cups.enabled", false);
 
 // Hide "Get Addons" in Add-ons manager
 user_pref("extensions.getAddons.showPane", false);
+
+// Disable Pocket service integration
+pref("extensions.pocket.enabled", false);

config/chroot_local-includes/usr/share/tails/chroot-browsers/common/userChrome.css

 @namespace url("http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul");
 
+/* Hide features specific to Tor Browser. */
+#appMenuNewIdentity,