Re: [tor-bugs] #17334 [Applications/Tor Browser]: Move Referrer spoofing for .onion domains out of Torbutton

[Tor Bug Tracker & Wiki]

#17334: Move Referrer spoofing for .onion domains out of Torbutton
-+-
 Reporter:  gk   |  Owner:  tbb-
 |  team
 Type:  task | Status:
 |  needs_review
 Priority:  Medium   |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tbb-torbutton-conversion,|  Actual Points:
  TorBrowserTeam201609R  |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
 |  SponsorU
-+-
Changes (by arthuredelstein):

 * keywords:  tbb-torbutton-conversion, TorBrowserTeam201609 => tbb-
 torbutton-conversion, TorBrowserTeam201609R
 * status:  new => needs_review
 * severity:   => Normal


Comment:

 Here are patches for review:
 https://github.com/arthuredelstein/tor-browser/commit/17334
 https://github.com/arthuredelstein/torbutton/commit/17334

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #17857 [Core Tor/Tor]: Create a consensus param to disable (netflow) padding if RSOS is enabled

[Tor Bug Tracker & Wiki]

#17857: Create a consensus param to disable (netflow) padding if RSOS is enabled
---+--
 Reporter:  teor   |  Owner:
 Type:  enhancement| Status:  new
 Priority:  Medium |  Milestone:  Tor: 0.2.???
Component:  Core Tor/Tor   |Version:
 Severity:  Normal | Resolution:
 Keywords:  rsos, sos, tor-hs, isaremoved  |  Actual Points:
Parent ID: | Points:  1
 Reviewer: |Sponsor:
---+--

Comment (by mikeperry):

 For KISS principles: I think the simplest thing to do here is to add a
 consensus parameter that disables netflow padding for all Tor processes
 have RSOS or tor2web enabled (ie: for the service/server side, not for
 clients). It should be an emergency-use only thing, for us to set if the
 overhead looks exceptionally high, and we suspect RSOS/tor2web to be a
 major source of the problem, and we're looking to stop the bleeding.

 For all other non-emergency tuning, it should be enough to advise RSOS
 services to disable or reduce netflow padding themselves via torrc, or
 make a new release with different default behavior for them.

 Furthermore: I'm guessing that the overhead for most RSOS and tor2web
 users won't actually be very high. The netflow padding doesn't add
 overhead to connections that stay active, and both RSOS and tor2web
 server-side instances are likely to be under heavy use. This also makes me
 lean in the direction of only providing an emergency "shut-er-down" switch
 (which we already have for netflow padding as a whole).

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #20008 [Metrics/Metrics website]: Perform an ad-hoc analysis of Tor's sanitized web logs

[Tor Bug Tracker & Wiki]

#20008: Perform an ad-hoc analysis of Tor's sanitized web logs
-+-
 Reporter:  karsten  |  Owner:
 Type:  task | Status:  new
 Priority:  Medium   |  Milestone:
Component:  Metrics/Metrics website  |Version:
 Severity:  Normal   | Resolution:
 Keywords:   |  Actual Points:
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-
Changes (by arthuredelstein):

 * cc: arthuredelstein (added)


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #19459 [Applications/Tor Browser]: Write (C++) patch for window resizing parts

[Tor Bug Tracker & Wiki]

#19459: Write (C++) patch for window resizing parts
-+-
 Reporter:  gk   |  Owner:
 |  arthuredelstein
 Type:  task | Status:
 |  needs_revision
 Priority:  Medium   |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tbb-torbutton-conversion,|  Actual Points:
  TorBrowserTeam201609   |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
 |  SponsorU
-+-

Comment (by arthuredelstein):

 Replying to [comment:18 gk]:
 > Okay, I gave v7 another round of testing. On OS X my issue is gone,
 thanks! On Windows it basically remains: The width is good but the height
 is off (I get 730px or 710px).
 >
 > Two additional things I'd like to see addressed:
 >
 > 1) When maximizing (e.g. by chance) and restarting the window is not
 resized to sane defaults. We should do that, though, at least until
 something for #14429 lands.
 >
 > 2) I realized you set `maxWidth` to `1200`. While I generally think it
 could be smart to revisit the decision to cap that value at `1000`, I'd
 like to see this happening in a different ticket. There we could think
 about a new `maxWidth` value based on real data. This would help making
 this move more transparent as well.

 Here's a new patch that fixes these two issues:
 https://github.com/arthuredelstein/tor-browser/commit/19459+8

 I have partially isolated the Windows problem, but unfortunately I'm still
 struggling with it. When I set the gBrowser dimensions, like this:
 {{{
 gBrowser.flex = "";
 gBrowser.height = 1000;
 }}}
 the window gets an incorrect extra margin at the bottom (on Windows only).
 I'm in the process of trying to debug to find the cause of the extra
 margin. It looks like it will need a C++ patch to fix this incorrect
 behavior.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #20125 [User Experience/Website]: Tor Mirror Update as of 9/9/2016

[Tor Bug Tracker & Wiki]

#20125: Tor Mirror Update as of 9/9/2016
-+
 Reporter:  aquintex |  Owner:  Sebastian
 Type:  task | Status:  new
 Priority:  Medium   |  Milestone:
Component:  User Experience/Website  |Version:
 Severity:  Normal   |   Keywords:  tor mirror
Actual Points:   |  Parent ID:
   Points:   |   Reviewer:
  Sponsor:   |
-+
 All,

 Please find the Tor Mirror update as of 9/9/2016 at:

 https://github.com/aquintex/torproject.org.git

 Removed 5xx sites from the list, notified 4xx mirror holders of errors.
 Updated one listing.

 Sebastian gave me some tips on using github, please let me know if I have
 done this correctly, if not "push" me in the right direction.

 Thanks!
 John

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #20124 [Applications/Tor Browser]: Possible accidental search from URL bar

[Tor Bug Tracker & Wiki]

#20124: Possible accidental search from URL bar
-+-
 Reporter:   |  Owner:  tbb-team
  be11f157cd19c4a2ba1e9c70a38b1a74   |
 Type:  enhancement  | Status:  new
 Priority:  Low  |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   |   Keywords:  search URL-
 |  bar
Actual Points:   |  Parent ID:
   Points:   |   Reviewer:
  Sponsor:   |
-+-
 Users may accidentally search from the URL bar, due to a typo. This can
 unintentionally reveal possibly identifying information(URL with a user
 id) to a search engine.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #19992 [Applications/Tor Browser]: System details leakable via navigator.oscpu

[Tor Bug Tracker & Wiki]

#19992: System details leakable via navigator.oscpu
--+
 Reporter:  be11f157cd19c4a2ba1e9c70a38b1a74  |  Owner:  tbb-team
 Type:  defect| Status:  closed
 Priority:  High  |  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Major | Resolution:  worksforme
 Keywords:  tbb-fingerprinting|  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+

Comment (by be11f157cd19c4a2ba1e9c70a38b1a74):

 Sorry for the confusion, apparently this only happens on the new tab page.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #15055 [Core Tor/Tor]: Implement ed25519 link handshake

[Tor Bug Tracker & Wiki]

#15055: Implement ed25519 link handshake
-+-
 Reporter:  nickm|  Owner:  nickm
 Type:  enhancement  | Status:
 |  assigned
 Priority:  High |  Milestone:  Tor:
 |  0.2.9.x-final
Component:  Core Tor/Tor |Version:  Tor:
 |  0.2.7
 Severity:  Normal   | Resolution:
 Keywords:  tor-relay, prop-220, |  Actual Points:
  027-triaged-1-in, 028-triaged, |
  201511-deferred, 201512-deferred, tor-crypto-  |
  identity, tor-ed25519-proto,   |
  TorCoreTeam201609, nickm-check-done-20160905   |
Parent ID:  #15054   | Points:  parent
 Reviewer:   |Sponsor:
 |  SponsorU-must
-+-

Comment (by nickm):

 My unit tests now test the success cases of the code. Next, to test the
 failing cases (all of them).

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #20123 [Applications/Tor Browser]: consider blocking remote jar files at Low Security

[Tor Bug Tracker & Wiki]

#20123: consider blocking remote jar files at Low Security
--+--
 Reporter:  arthuredelstein   |  Owner:  tbb-team
 Type:  defect| Status:  new
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal|   Keywords:
Actual Points:|  Parent ID:
   Points:|   Reviewer:
  Sponsor:|
--+--
 Mozilla recently blocked remote jar files by default:

 https://bugzilla.mozilla.org/show_bug.cgi?id=1215235

 Then they had to re-enable the remote jar files again in the release,
 because users of IBM iNotes (some sort of webmail thing) ran into an
 incompatibility.

 https://bugzilla.mozilla.org/show_bug.cgi?id=1255139

 In any case, Mozilla's intention is to block by default again in the
 future. So when that happens, if not sooner, we should ensure that our
 security slider is not re-enabling remote jar files at Low Security.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #20120 [Applications/Tor Browser]: TorBrowser keeps crashing

[Tor Bug Tracker & Wiki]

#20120: TorBrowser keeps crashing
--+--
 Reporter:  Verhoeff  |  Owner:  tbb-team
 Type:  defect| Status:  new
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:
 Keywords:|  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+--

Comment (by cypherpunks):

 > 8 com.apple.CoreGraphics 0x7fff97f73d98 CGFontCreateWithFontName +
 46
 > 9 XUL 0x000103ff6e20 0x1036fd000 + 9412128

 MacOS and fonts, fonts, fonts
 #17395 yet

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #1922 [Core Tor/Tor]: torrc.d-style configuration directories

[Tor Bug Tracker & Wiki]

#1922: torrc.d-style configuration directories
---+--
 Reporter:  aa138346   |  Owner:
 Type:  enhancement| Status:  new
 Priority:  High   |  Milestone:  Tor: 0.2.???
Component:  Core Tor/Tor   |Version:
 Severity:  Normal | Resolution:
 Keywords:  tor-client, intro  |  Actual Points:
Parent ID: | Points:  medium
 Reviewer: |Sponsor:
---+--
Changes (by Ralph):

 * cc: torproject.org@… (added)


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #17767 [Applications/Tor Browser]: Make it more clear that JavaScript is disabled on security level "high"

[Tor Bug Tracker & Wiki]

#17767: Make it more clear that JavaScript is disabled on security level "high"
-+-
 Reporter:  gk   |  Owner:  tbb-
 |  team
 Type:  defect   | Status:
 |  needs_review
 Priority:  Medium   |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tbb-security-slider, |  Actual Points:
  TorBrowserTeam201609R  |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
 |  SponsorU
-+-
Changes (by arthuredelstein):

 * status:  new => needs_review
 * keywords:  tbb-security-slider, TorBrowserTeam201609 => tbb-security-
 slider, TorBrowserTeam201609R


Comment:

 Here's a patch for review:
 https://github.com/arthuredelstein/torbutton/commit/17767

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #20120 [Applications/Tor Browser]: TorBrowser keeps crashing

[Tor Bug Tracker & Wiki]

#20120: TorBrowser keeps crashing
--+--
 Reporter:  Verhoeff  |  Owner:  tbb-team
 Type:  defect| Status:  new
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:
 Keywords:|  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+--
Changes (by cypherpunks):

 * owner:   => tbb-team
 * component:  - Select a component => Applications/Tor Browser


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #20118 [Applications/Tor bundles/installation]: Don't unpack HTTPS Everywhere anymore while bundling Tor Browser

[Tor Bug Tracker & Wiki]

#20118: Don't unpack HTTPS Everywhere anymore while bundling Tor Browser
-+-
 Reporter:  gk   |  Owner:  tbb-
 |  team
 Type:  enhancement  | Status:  closed
 Priority:  Medium   |  Milestone:
Component:  Applications/Tor |Version:
  bundles/installation   |
 Severity:  Normal   | Resolution:  fixed
 Keywords:  tbb-usability, GeorgKoppen201609,|  Actual Points:
  TorBrowserTeam201609R  |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-
Changes (by gk):

 * status:  needs_revision => closed
 * resolution:   => fixed


Comment:

 Okay, I finally went with bug_20188_v5
 (https://gitweb.torproject.org/user/gk/tor-browser-
 bundle.git/commit/?h=bug_20118_v5&id=ae5f3f9f9bb12a0e07d268262c6e5b8e3b0baf88)
 after I found issues while testing. Applied to master as commit
 ae5f3f9f9bb12a0e07d268262c6e5b8e3b0baf88.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #14271 [Applications/Tor Browser]: Make Torbutton work with Unix Domain Socket option

[Tor Bug Tracker & Wiki]

#14271: Make Torbutton work with Unix Domain Socket option
-+-
 Reporter:  gk   |  Owner:  brade
 Type:  enhancement  | Status:
 |  needs_information
 Priority:  High |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tbb-torbutton, tbb-security, |  Actual Points:
  TorBrowserTeam201609   |
Parent ID:  #14270   | Points:
 Reviewer:   |Sponsor:
 |  SponsorU
-+-

Comment (by gk):

 Okay, pushed to master commit 28a55f5bf324f43373006328c5b03793096f71c4.
 Arthur, let us know if we should make additional changes or just close
 this bug.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #20122 [Internal Services/Tor Sysadmin Team]: Create VM for Tor Browser tests

[Tor Bug Tracker & Wiki]

#20122: Create VM for Tor Browser tests
-+-
 Reporter:  boklm|  Owner:  tpa
 Type:  task | Status:  new
 Priority:  Medium   |  Milestone:
Component:  Internal Services/Tor Sysadmin Team  |Version:
 Severity:  Normal   |   Keywords:
Actual Points:   |  Parent ID:
   Points:   |   Reviewer:
  Sponsor:   |
-+-
 We need a new VM to replace the tbb-test VMs previously hosted at 1984. We
 will be using `build-x86-04.torproject.org` to run the Linux tests (once
 #20018 is done). However we still need a VM to store the results, and host
 test pages.

 If possible, the VM should have 30GB of disk space, and 2GB of RAM.

 The host names `test-data.tbb.torproject.org` and `test-
 reports.tbb.torproject.org` will need to be updated to point to the public
 IP address of this VM (or if we can't have a public IP address for this
 VM, an IP address where some ports can be redirected to this VM). We will
 need to access ports 22 (for uploading test results through ssh), 80 and
 443 (for http and https test pages) from outside (or 3 other port numbers
 if those 3 are already taken on the external IP).

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #13727 [Obfuscation/BridgeDB]: BridgeDB should not distribute Tor Browser's default bridges

[Tor Bug Tracker & Wiki]

#13727: BridgeDB should not distribute Tor Browser's default bridges
+--
 Reporter:  isis|  Owner:  isis
 Type:  defect  | Status:
|  needs_information
 Priority:  Medium  |  Milestone:
Component:  Obfuscation/BridgeDB|Version:
 Severity:  Normal  | Resolution:
 Keywords:  bridgedb-dist, tbb-bridges  |  Actual Points:
Parent ID:  | Points:
 Reviewer:  |Sponsor:
+--

Comment (by dcf):

 See also discussion at the related #18329. I thought about closing that
 one as a duplicate of this one, but decided not to because nickm had set a
 milestone on it.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #13727 [Obfuscation/BridgeDB]: BridgeDB should not distribute Tor Browser's default bridges

[Tor Bug Tracker & Wiki]

#13727: BridgeDB should not distribute Tor Browser's default bridges
+--
 Reporter:  isis|  Owner:  isis
 Type:  defect  | Status:
|  needs_information
 Priority:  Medium  |  Milestone:
Component:  Obfuscation/BridgeDB|Version:
 Severity:  Normal  | Resolution:
 Keywords:  bridgedb-dist, tbb-bridges  |  Actual Points:
Parent ID:  | Points:
 Reviewer:  |Sponsor:
+--
Changes (by dcf):

 * severity:   => Normal


Comment:

 Our current workaround for this is to ask the operators of default bridges
 to block their ORPort with a firewall, so the bridge isn't considered live
 by the bridge authority. Most of the current default obfs4 bridges are
 configured this way. Having an open ORPort can only be a liability for an
 obfs4 bridge; it creates the possibility that someone will connect to the
 ORPort using vanilla Tor, get DPIed, and burn the whole IP address (see
 also #7349).

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #14271 [Applications/Tor Browser]: Make Torbutton work with Unix Domain Socket option

[Tor Bug Tracker & Wiki]

#14271: Make Torbutton work with Unix Domain Socket option
-+-
 Reporter:  gk   |  Owner:  brade
 Type:  enhancement  | Status:
 |  needs_information
 Priority:  High |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tbb-torbutton, tbb-security, |  Actual Points:
  TorBrowserTeam201609   |
Parent ID:  #14270   | Points:
 Reviewer:   |Sponsor:
 |  SponsorU
-+-

Comment (by brade):

 Here's a revised patch:
 
https://gitweb.torproject.org/user/brade/torbutton.git/commit/?h=bug14271-03&id=28a55f5bf324f43373006328c5b03793096f71c4

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #20092 [Applications/Tor Browser]: Rotate ports for default obfs4 bridges

[Tor Bug Tracker & Wiki]

#20092: Rotate ports for default obfs4 bridges
---+--
 Reporter:  lynntsai   |  Owner:  tbb-team
 Type:  task   | Status:  closed
 Priority:  Medium |  Milestone:
Component:  Applications/Tor Browser   |Version:
 Severity:  Normal | Resolution:  fixed
 Keywords:  TorBrowserTeam201609R tbb-bridges  |  Actual Points:
Parent ID: | Points:
 Reviewer: |Sponsor:
---+--
Changes (by dcf):

 * keywords:  TorBrowserTeam201609R => TorBrowserTeam201609R tbb-bridges


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #19528 [Applications/Tor Browser]: The build id stays the same with every Firefox update

[Tor Bug Tracker & Wiki]

#19528: The build id stays the same with every Firefox update
---+--
 Reporter:  gk |  Owner:  tbb-team
 Type:  defect | Status:  closed
 Priority:  Medium |  Milestone:
Component:  Applications/Tor Browser   |Version:
 Severity:  Normal | Resolution:  fixed
 Keywords:  tbb-gitian, TorBrowserTeam201609R  |  Actual Points:
Parent ID: | Points:
 Reviewer: |Sponsor:
---+--

Comment (by boklm):

 Replying to [comment:30 gk]:
 > 2) Could you provide a patch for `000-tor-browser.js`, too, setting
 `general.buildID.override` accordingly?

 After looking at `000-tor-browser.js`, we are already setting
 `general.buildID.override` there, so no new patch is needed.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #20121 [Applications/Tor bundles/installation]: Create Seatbealt profile(s) for Tor Browser

[Tor Bug Tracker & Wiki]

#20121: Create Seatbealt profile(s) for Tor Browser
-+-
 Reporter:  gk   |  Owner:  tbb-
 |  team
 Type:  defect   | Status:  new
 Priority:  Very High|  Milestone:
Component:  Applications/Tor |Version:
  bundles/installation   |
 Severity:  Normal   | Resolution:
 Keywords:  tbb-security TorBrowserTeam201609|  Actual Points:
Parent ID:   | Points:
 Reviewer:   |Sponsor:
 |  SponsorU
-+-

Comment (by gk):

 I think I'd need OS X dev volunteers. :) *looks around*

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #20121 [Applications/Tor bundles/installation]: Create Seatbealt profile(s) for Tor Browser

[Tor Bug Tracker & Wiki]

#20121: Create Seatbealt profile(s) for Tor Browser
-+-
 Reporter:  gk   |  Owner:  tbb-team
 Type:  defect   | Status:  new
 Priority:  Very High|  Milestone:
Component:  Applications/Tor |Version:
  bundles/installation   |   Keywords:  tbb-security
 Severity:  Normal   |  TorBrowserTeam201609
Actual Points:   |  Parent ID:
   Points:   |   Reviewer:
  Sponsor:  SponsorU |
-+-
 We need sandboxing profiles for Tor Browser. I pinged trams recently on
 #tor-dev as he worked on this for Tor Browser years ago
 (https://lists.torproject.org/pipermail/tor-qa/2013-November/000230.html
 ff.). He suggested we look at his IronFox (https://www.romab.com/ironfox/)
 and it would probably enough to just copy them over. We can get a .tar.gz
 bundle as well. (And I guess he would help in case we have questions ;) )

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #20039 [Metrics/metrics-lib]: integrate `DescriptorIndexCollector` in a fully backward-compatible way

[Tor Bug Tracker & Wiki]

#20039: integrate `DescriptorIndexCollector` in a fully backward-compatible way
-+---
 Reporter:  iwakeh   |  Owner:  iwakeh
 Type:  enhancement  | Status:  assigned
 Priority:  Medium   |  Milestone:  metrics-lib 1.5.0
Component:  Metrics/metrics-lib  |Version:
 Severity:  Normal   | Resolution:
 Keywords:   |  Actual Points:
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+---

Comment (by iwakeh):

 Second change:

 `DescriptorIndexCollector#collectDescriptors` will take either a full URL
 to an index.json variant or in case a base URL like
 {{{https://x.y.z/a/b}}} is given attempt to download index.json.gz from
 there, i.e. attempt to download {{{https://x.y.z/a/b/index.json.gz}}}.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #20007 [Core Tor/Tor]: Sandbox causing crash when setting HidServAuth when there is a hidden service running

[Tor Bug Tracker & Wiki]

#20007: Sandbox causing crash when setting HidServAuth when there is a hidden
service running
+
 Reporter:  segfault|  Owner:
 Type:  defect  | Status:  new
 Priority:  Medium  |  Milestone:
Component:  Core Tor/Tor|Version:  Tor: 0.2.9.2-alpha
 Severity:  Normal  | Resolution:
 Keywords:  regression, tor-hs  |  Actual Points:
Parent ID:  | Points:
 Reviewer:  |Sponsor:
+
Changes (by segfault):

 * status:  needs_information => new


Comment:

 Meta: Since I'm new to Tor but plan to continue contributing, please tell
 me if I'm not using the tracker as expected. For example, should I reset
 the status to "new" or assign it to someone (who?)? Is there a guideline
 for contributors?

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #20039 [Metrics/metrics-lib]: integrate `DescriptorIndexCollector` in a fully backward-compatible way

[Tor Bug Tracker & Wiki]

#20039: integrate `DescriptorIndexCollector` in a fully backward-compatible way
-+---
 Reporter:  iwakeh   |  Owner:  iwakeh
 Type:  enhancement  | Status:  assigned
 Priority:  Medium   |  Milestone:  metrics-lib 1.5.0
Component:  Metrics/metrics-lib  |Version:
 Severity:  Normal   | Resolution:
 Keywords:   |  Actual Points:
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+---
Changes (by iwakeh):

 * status:  new => assigned
 * owner:  karsten => iwakeh


Comment:

 The index.json functionality belongs to CollecTor; metrics-lib only keeps
 a minimal copy of the *Node classes to facilitate reading of index.json
 variants.

 The //master// copy is located in CollecTor incl. the relevant tests.

 Reasoning:
 Best would be to issue an independent module of CollecTor to provide
 index.json* reading functionality. In order to reduce api maintenance this
 is not done and a simple copy is kept in metrics-lib to enable index.json*
 reading.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #19934 [Metrics/CollecTor]: CollecTor should use new metrics-lib json classes

[Tor Bug Tracker & Wiki]

#19934: CollecTor should use new metrics-lib json classes
---+-
 Reporter:  iwakeh |  Owner:  iwakeh
 Type:  enhancement| Status:  assigned
 Priority:  Medium |  Milestone:  CollecTor 1.1.0
Component:  Metrics/CollecTor  |Version:
 Severity:  Normal | Resolution:
 Keywords: |  Actual Points:
Parent ID: | Points:
 Reviewer: |Sponsor:
---+-
Changes (by iwakeh):

 * status:  needs_review => assigned


Comment:

 All `index` package *Node classes will be moved to CollecTor (incl. the
 related tests).

 A copy of these some of these classes for accessing the index.json
 variants is also kept in metrics-lib., see #20039.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #20118 [Applications/Tor bundles/installation]: Don't unpack HTTPS Everywhere anymore while bundling Tor Browser

[Tor Bug Tracker & Wiki]

#20118: Don't unpack HTTPS Everywhere anymore while bundling Tor Browser
-+-
 Reporter:  gk   |  Owner:  tbb-
 |  team
 Type:  enhancement  | Status:
 |  needs_revision
 Priority:  Medium   |  Milestone:
Component:  Applications/Tor |Version:
  bundles/installation   |
 Severity:  Normal   | Resolution:
 Keywords:  tbb-usability, GeorgKoppen201609,|  Actual Points:
  TorBrowserTeam201609R  |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-

Comment (by mcs):

 r=mcs
 I did not try to build with these changes either but they look good.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #20007 [Core Tor/Tor]: Sandbox causing crash when setting HidServAuth when there is a hidden service running

[Tor Bug Tracker & Wiki]

#20007: Sandbox causing crash when setting HidServAuth when there is a hidden
service running
+
 Reporter:  segfault|  Owner:
 Type:  defect  | Status:  needs_information
 Priority:  Medium  |  Milestone:
Component:  Core Tor/Tor|Version:  Tor: 0.2.9.2-alpha
 Severity:  Normal  | Resolution:
 Keywords:  regression, tor-hs  |  Actual Points:
Parent ID:  | Points:
 Reviewer:  |Sponsor:
+

Comment (by segfault):

 > What are you really trying to do?
 > !HidServAuth is a client option, but you are running a hidden service.
 Did you mean to use !HiddenServiceAuthorizeClient instead?

 No, I did not confuse !HidServAuth with !HiddenServiceAuthorizeClient. I'm
 developing the Tails Server, which is an application run inside Tails to
 start hidden services (with client authentication). There is also a small
 client application, which primarily sets the client authentication cookie
 via !`SETCONF HidServAuth`, to be able to connect to a service started via
 Tails Server. Now it's possible that a user who runs a hidden service also
 wants to connect to another hidden service, which is when this issue would
 occur.

 > What is actually happening?
 > What is the full log? I'd like to see notice level.

 The two warn level messages are the only ones related to this issue. Here
 is the full notice level log:

 {{{
 # /usr/bin/tor --defaults-torrc /usr/share/tor/tor-service-defaults-torrc
 --[wiki:RunAsDaemon] 0 --Log notice --[wiki:CookieAuthentication] 0
 --Sandbox 1 --[wiki:HiddenServiceDir] /var/lib/tor/hidden_service/
 --[wiki:HiddenServicePort] 80
 Sep 09 14:42:01.037 [notice] Tor 0.2.9.2-alpha (git-0b1c884a450cad98)
 running on Linux with Libevent 2.0.21-stable, OpenSSL 1.0.2h and Zlib
 1.2.8.
 Sep 09 14:42:01.037 [notice] Tor can't help you if you use it wrong! Learn
 how to be safe at https://www.torproject.org/download/download#warning
 Sep 09 14:42:01.037 [notice] This version is not a stable Tor release.
 Expect more bugs than usual.
 Sep 09 14:42:01.037 [notice] Read configuration file "/usr/share/tor/tor-
 service-defaults-torrc".
 Sep 09 14:42:01.037 [notice] Read configuration file "/etc/tor/torrc".
 Sep 09 14:42:01.044 [notice] Opening Socks listener on 127.0.0.1:9050
 Sep 09 14:42:01.044 [notice] Opening Socks listener on 127.0.0.1:49050
 Sep 09 14:42:01.000 [notice] Parsing GEOIP IPv4 file /usr/share/tor/geoip.
 Sep 09 14:42:01.000 [notice] Parsing GEOIP IPv6 file
 /usr/share/tor/geoip6.
 Sep 09 14:42:01.000 [notice] Bootstrapped 0%: Starting
 Sep 09 14:42:01.000 [notice] Bootstrapped 80%: Connecting to the Tor
 network
 Sep 09 14:42:02.000 [notice] Opening Control listener on
 /var/run/tor/control
 Sep 09 14:42:02.000 [notice] Bootstrapped 85%: Finishing handshake with
 first hop
 Sep 09 14:42:02.000 [notice] Bootstrapped 90%: Establishing a Tor circuit
 Sep 09 14:42:03.000 [notice] Tor has successfully opened a circuit. Looks
 like client functionality is working.
 Sep 09 14:42:03.000 [notice] Bootstrapped 100%: Done
 Sep 09 14:42:06.000 [notice] New control connection opened.
 Sep 09 14:42:06.000 [warn] Directory /var/lib/tor/hidden_service/ cannot
 be read: Permission denied
 Sep 09 14:42:06.000 [warn] Controller gave us config lines that didn't
 validate: Failed to configure rendezvous options. See logs for details.
 }}}


 > Does the hidden service work with the Sandbox on startup (without the
 SETCONF)? Is this simply a permissions problem on the directory?

 The hidden service works with the Sandbox without the SETCONF, so this is
 not only a permissions problem.

 > What is actually causing the issue?
 >
 > rend_parse_service_authorization() parses client HidServAuth entries, it
 doesn't read any service HiddenServiceDirectory files. So it might be that
 any SETCONF is your problem here, not specifically HidServAuth. What
 happens when you issue a SETCONF ClientOnly=1 instead of HidServAuth?
 (ClientOnly is ignored on clients, it has no effect).

 Indeed, it seems like every SETCONF fails like this (I tested it with
 SETCONF ClientOnly=1 and SETCONF Log debug). I'm sorry I missed this - I
 discovered this issue while investigating #20003, which is an issue
 regarding the sandbox and HidServAuth (but it does not occur in recent tor
 versions anymore). So I somehow assumed that this issue was also about
 HidServAuth.

 > rend_services_add_filenames_to_lists() implements the Sandbox for each
 HiddenServiceDirectory, using the following lines:
 >
 > rend_service_add_filenames_to_list(open_lst, s);smartlist_add(stat_lst,
 tor_strdup(s->directory));
 >
 > As far as I can see, this code is working correctly, and should make the
 hidden service directory available via the sandbox at startup. Maybe this
 directory isn't bei

Re: [tor-bugs] #19410 [Applications/Tor Browser]: Incremental updates from 6.0 to 6.0.1 are not working on OS X

[Tor Bug Tracker & Wiki]

#19410: Incremental updates from 6.0 to 6.0.1 are not working on OS X
-+-
 Reporter:  gk   |  Owner:  boklm
 Type:  defect   | Status:  closed
 Priority:  High |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Major| Resolution:  fixed
 Keywords:  tbb-6.0-issues,  |  Actual Points:
  TorBrowserTeam201609R  |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-

Comment (by boklm):

 Replying to [comment:22 boklm]:
 > It seems `7zip` does not correctly extract symlinks from dmg files (they
 are replaced by empty files). It is not a problem as we don't use any
 symlink currently (except the Applications -> /Applications, which is not
 included in the mar files), but it could be a problem if we start using
 symlinks in the future.

 Regarding this issue, I posted a message on their forum:
 https://sourceforge.net/p/sevenzip/discussion/45798/thread/3592e4b0/

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #19410 [Applications/Tor Browser]: Incremental updates from 6.0 to 6.0.1 are not working on OS X

[Tor Bug Tracker & Wiki]

#19410: Incremental updates from 6.0 to 6.0.1 are not working on OS X
-+-
 Reporter:  gk   |  Owner:  boklm
 Type:  defect   | Status:  closed
 Priority:  High |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Major| Resolution:  fixed
 Keywords:  tbb-6.0-issues,  |  Actual Points:
  TorBrowserTeam201609R  |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-
Changes (by gk):

 * status:  needs_review => closed
 * resolution:   => fixed


Comment:

 Thanks, looks good to me. Applied to master with commit
 23bea36eb8d8d27ca00b2394757be08530cb7f19 (tor-browser-bundle) and commit
 4747b28324da7266b2e28cea5d771eb84bb3f1ce (tor-browser-spec).

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #19528 [Applications/Tor Browser]: The build id stays the same with every Firefox update

[Tor Bug Tracker & Wiki]

#19528: The build id stays the same with every Firefox update
---+--
 Reporter:  gk |  Owner:  tbb-team
 Type:  defect | Status:  closed
 Priority:  Medium |  Milestone:
Component:  Applications/Tor Browser   |Version:
 Severity:  Normal | Resolution:  fixed
 Keywords:  tbb-gitian, TorBrowserTeam201609R  |  Actual Points:
Parent ID: | Points:
 Reviewer: |Sponsor:
---+--

Comment (by gk):

 FWIW: hardened-builds has this, too, with commit
 ac62d42011e18a5cf124d3265b3b62a931c17e9a.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #13017 [Applications/Tor Browser]: Determine if AudioBuffers/OfflineAudioContext are a fingerprinting vector

[Tor Bug Tracker & Wiki]

#13017: Determine if AudioBuffers/OfflineAudioContext are a fingerprinting 
vector
-+-
 Reporter:  mikeperry|  Owner:
 |  arthuredelstein
 Type:  task | Status:
 |  assigned
 Priority:  Very High|  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Critical | Resolution:
 Keywords:  tbb-fingerprinting-os,   |  Actual Points:
  TorBrowserTeam201609   |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-

Comment (by Octopus):

 Hello! Developer of Fingerprint Central here!
 The website is still in [https://fpcentral.irisa.fr/ beta] but thanks to
 several visitors, it seems that we can already have an early insight on
 some AudioContext attributes from the 40 TBB fingerprints that were
 collected. I added the tests found from the
 [https://audiofingerprint.openwpm.com/ OpenWPM Study] and you can see some
 results below that I found the most relevant.

 ||N°||Count||Percentage||User-Agent||pxi buffer hash||ac-sampleRate||ac-
 maxChannelCount||
 ||1||21||60.00%||"Mozilla/5.0 (Windows NT 6.1; rv:45.0) Gecko/20100101
 Firefox/45.0"||158e8189...||44100||2||
 ||2||4||11.43%||"Mozilla/5.0 (Windows NT 6.1; rv:45.0) Gecko/20100101
 Firefox/45.0" ||89cad797...||48000||2||
 ||3||3||8.57%||"Mozilla/5.0 (Windows NT 6.1; rv:45.0) Gecko/20100101
 Firefox/45.0"  ||4baefb24...||44100||2||
 ||4||1||2.86%||"Mozilla/5.0 (Windows NT 6.1; rv:45.0) Gecko/20100101
 Firefox/45.0"  ||89cad797...||96000||2||
 ||5||1||2.86%||"Mozilla/5.0 (Windows NT 6.1; rv:45.0) Gecko/20100101
 Firefox/45.0"  ||4baefb24...||48000||2||
 ||6||1||2.86%||"Mozilla/5.0 (Windows NT 6.1; rv:38.0) Gecko/20100101
 Firefox/38.0"  ||158e8189...||48000||2||
 ||7||1||2.86%||"Mozilla/5.0 (Windows NT 6.1; rv:45.0) Gecko/20100101
 Firefox/45.0"  ||e8a01cca...||44100||2||
 ||8||1||2.86%||"Mozilla/5.0 (Windows NT 6.1; rv:45.0) Gecko/20100101
 Firefox/45.0"  ||4baefb24...||44100||1||
 ||9||1||2.86%||"Mozilla/5.0 (Windows NT 6.1; rv:45.0) Gecko/20100101
 Firefox/45.0"  ||158e8189...||44100||32||
 ||10||1||2.86%||"Mozilla/5.0 (Windows NT 6.1; rv:45.0) Gecko/20100101
 Firefox/45.0" ||158e8189...||44100||0||

 I don't know if it can be generalized to the majority of the TBB
 population but it seems that most users should have the same combination
 of Sample rate/Channel count/Buffer hash. However, differences can still
 be observed between sample rate (44100Hz/48000Hz/96000Hz) and max channel
 count (0/2/32/1) and users without the most common values may be more
 prone to fingerprinting than others. I added the hash to see if there was
 a link between these attributes and the rendered audio but this needs more
 investigation as noted by #comment:26.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #20118 [Applications/Tor bundles/installation]: Don't unpack HTTPS Everywhere anymore while bundling Tor Browser

[Tor Bug Tracker & Wiki]

#20118: Don't unpack HTTPS Everywhere anymore while bundling Tor Browser
-+-
 Reporter:  gk   |  Owner:  tbb-
 |  team
 Type:  enhancement  | Status:
 |  needs_revision
 Priority:  Medium   |  Milestone:
Component:  Applications/Tor |Version:
  bundles/installation   |
 Severity:  Normal   | Resolution:
 Keywords:  tbb-usability, GeorgKoppen201609,|  Actual Points:
  TorBrowserTeam201609R  |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-

Comment (by boklm):

 I did not try building with this patch, but the changes look correct.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #19528 [Applications/Tor Browser]: The build id stays the same with every Firefox update

[Tor Bug Tracker & Wiki]

#19528: The build id stays the same with every Firefox update
---+--
 Reporter:  gk |  Owner:  tbb-team
 Type:  defect | Status:  closed
 Priority:  Medium |  Milestone:
Component:  Applications/Tor Browser   |Version:
 Severity:  Normal | Resolution:  fixed
 Keywords:  tbb-gitian, TorBrowserTeam201609R  |  Actual Points:
Parent ID: | Points:
 Reviewer: |Sponsor:
---+--
Changes (by gk):

 * status:  needs_review => closed
 * resolution:   => fixed


Comment:

 Thanks. This got applied to master with commit commit
 ba7f0fcf914e889f78c0562a46e6026462f10ac8.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #19528 [Applications/Tor Browser]: The build id stays the same with every Firefox update

[Tor Bug Tracker & Wiki]

#19528: The build id stays the same with every Firefox update
---+---
 Reporter:  gk |  Owner:  tbb-team
 Type:  defect | Status:
   |  needs_review
 Priority:  Medium |  Milestone:
Component:  Applications/Tor Browser   |Version:
 Severity:  Normal | Resolution:
 Keywords:  tbb-gitian, TorBrowserTeam201609R  |  Actual Points:
Parent ID: | Points:
 Reviewer: |Sponsor:
---+---
Description changed by gk:

Old description:

> #19400 was among other things are result from our hard-coded
> REFERENCE_DATEIME that gets used as the build id. We should change that
> with every Firefox release.

New description:

 #19400 was among other things a result of our hard-coded
 REFERENCE_DATETIME that gets used as the build id. We should change that
 with every Firefox release.

--

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #19528 [Applications/Tor Browser]: The build id stays the same with every Firefox update

[Tor Bug Tracker & Wiki]

#19528: The build id stays the same with every Firefox update
---+---
 Reporter:  gk |  Owner:  tbb-team
 Type:  defect | Status:
   |  needs_review
 Priority:  Medium |  Milestone:
Component:  Applications/Tor Browser   |Version:
 Severity:  Normal | Resolution:
 Keywords:  tbb-gitian, TorBrowserTeam201609R  |  Actual Points:
Parent ID: | Points:
 Reviewer: |Sponsor:
---+---
Changes (by boklm):

 * status:  needs_information => needs_review


Comment:

 Ah indeed, this was a copy past error. `appfile` should be getting
 `$tmpdir/Contents/Resources/application.ini` assigned if
 `$tmpdir/Contents/Resources/application.ini` exists.

 I pushed a new branch `bug_19528-v6` to correct this:
 https://gitweb.torproject.org/user/boklm/tor-browser-
 bundle.git/commit/?h=bug_19528-v6

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #19410 [Applications/Tor Browser]: Incremental updates from 6.0 to 6.0.1 are not working on OS X

[Tor Bug Tracker & Wiki]

#19410: Incremental updates from 6.0 to 6.0.1 are not working on OS X
-+-
 Reporter:  gk   |  Owner:  boklm
 Type:  defect   | Status:
 |  needs_review
 Priority:  High |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Major| Resolution:
 Keywords:  tbb-6.0-issues,  |  Actual Points:
  TorBrowserTeam201609R  |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-
Changes (by boklm):

 * status:  needs_revision => needs_review
 * keywords:  tbb-6.0-issues, TorBrowserTeam201609 => tbb-6.0-issues,
 TorBrowserTeam201609R


Comment:

 I attached a patch for the tor-browser-spec repo, adding instructions to
 regenerate the mar files.

 I also pushed a `bug_19410-v4` branch:
 https://gitweb.torproject.org/user/boklm/tor-browser-
 bundle.git/commit/?h=bug_19410-v4

 This branch adds the `dmg2mars` and `dmg2mars-alpha` makefile rules. It
 also update the p7zip URLs in the comments in the dm2mar to use
 `snapshot.debian.org` (the previous URLs are no longer working).

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #14271 [Applications/Tor Browser]: Make Torbutton work with Unix Domain Socket option

[Tor Bug Tracker & Wiki]

#14271: Make Torbutton work with Unix Domain Socket option
-+-
 Reporter:  gk   |  Owner:  brade
 Type:  enhancement  | Status:
 |  needs_information
 Priority:  High |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tbb-torbutton, tbb-security, |  Actual Points:
  TorBrowserTeam201609   |
Parent ID:  #14270   | Points:
 Reviewer:   |Sponsor:
 |  SponsorU
-+-

Comment (by gk):

 mcs/brade could you create an updated patch? I want to have this in the
 alpha as well. We can accommodate Arthur's remaining concerns (if there
 are any) in a fixup commit.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #17857 [Core Tor/Tor]: Create a consensus param to disable (netflow) padding if RSOS is enabled

[Tor Bug Tracker & Wiki]

#17857: Create a consensus param to disable (netflow) padding if RSOS is enabled
---+--
 Reporter:  teor   |  Owner:
 Type:  enhancement| Status:  new
 Priority:  Medium |  Milestone:  Tor: 0.2.???
Component:  Core Tor/Tor   |Version:
 Severity:  Normal | Resolution:
 Keywords:  rsos, sos, tor-hs, isaremoved  |  Actual Points:
Parent ID: | Points:  1
 Reviewer: |Sponsor:
---+--

Comment (by asn):

 I get bad feelings about adding more torrc options or consensus
 parameters, but the bandwidth overhead here is indeed worth reducing.

 BTW, if we introduce the consensus parameter, why turn it on by default?
 Does the netflow padding offer any additional security to SOS services or
 tor2web clients? IIUC, if the client of the SOS service does netflow
 padding, then they are protected. I'm not sure how that works out for
 tor2web.

 Also, reading the top post:

   In the meantime, however, we should provide the ability to disable
 netflow padding via the consensus for these services. With a consensus
 param, we can monitor the netflow padding overhead in relay extra-info
 descriptors, and experiment with turning padding for RSOS/SOS on and off
 while observing the change in total overhead at relays.

 I think that asking the dirauths to toggle this switch just for us to do
 statistical measurements is not going to work out. Also, I feel that the
 stat noise will cover any traffic produced by the few SOS services on the
 network.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #20118 [Applications/Tor bundles/installation]: Don't unpack HTTPS Everywhere anymore while bundling Tor Browser

[Tor Bug Tracker & Wiki]

#20118: Don't unpack HTTPS Everywhere anymore while bundling Tor Browser
-+-
 Reporter:  gk   |  Owner:  tbb-
 |  team
 Type:  enhancement  | Status:
 |  needs_revision
 Priority:  Medium   |  Milestone:
Component:  Applications/Tor |Version:
  bundles/installation   |
 Severity:  Normal   | Resolution:
 Keywords:  tbb-usability, GeorgKoppen201609,|  Actual Points:
  TorBrowserTeam201609R  |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-
Changes (by gk):

 * status:  assigned => needs_revision
 * keywords:  tbb-usability, TorBrowserTeam201609 => tbb-usability,
 GeorgKoppen201609, TorBrowserTeam201609R
 * cc: boklm (added)


Comment:

 bug_20118_v3 in my public tor-browser-bundle repo
 (https://gitweb.torproject.org/user/gk/tor-browser-
 bundle.git/commit/?h=bug_20118_v3&id=46a041e6573c0abbc074e7865a700f383edbc8c1)
 has a proposed fix up for review.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #20114 [Applications/Tor Check]: Tor Browser v6.0.4 on Linux reported that exiting via node 162.243.117.41 was "not connected through tor" on check.torproject.org

[Tor Bug Tracker & Wiki]

#20114: Tor Browser v6.0.4 on Linux reported that exiting via node 
162.243.117.41
was "not connected through tor" on check.torproject.org
+-
 Reporter:  6h72Q484AddGha8H|  Owner:  arlolra
 Type:  defect  | Status:  new
 Priority:  Medium  |  Milestone:
Component:  Applications/Tor Check  |Version:
 Severity:  Normal  | Resolution:
 Keywords:  |  Actual Points:
Parent ID:  | Points:
 Reviewer:  |Sponsor:
+-

Comment (by gk):

 #20115 is a duplicate.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #20115 [Applications/Tor Check]: check.tpo reports false negative on known exit IP?

[Tor Bug Tracker & Wiki]

#20115: check.tpo reports false negative on known exit IP?
+---
 Reporter:  cypherpunks |  Owner:  arlolra
 Type:  defect  | Status:  closed
 Priority:  Medium  |  Milestone:
Component:  Applications/Tor Check  |Version:
 Severity:  Normal  | Resolution:  duplicate
 Keywords:  |  Actual Points:
Parent ID:  | Points:
 Reviewer:  |Sponsor:
+---
Changes (by gk):

 * status:  new => closed
 * resolution:   => duplicate


Comment:

 Duplicate of #20114.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #20115 [Applications/Tor Check]: check.tpo reports false negative on known exit IP?

[Tor Bug Tracker & Wiki]

#20115: check.tpo reports false negative on known exit IP?
+-
 Reporter:  cypherpunks |  Owner:  arlolra
 Type:  defect  | Status:  new
 Priority:  Medium  |  Milestone:
Component:  Applications/Tor Check  |Version:
 Severity:  Normal  | Resolution:
 Keywords:  |  Actual Points:
Parent ID:  | Points:
 Reviewer:  |Sponsor:
+-
Changes (by cypherpunks):

 * owner:   => arlolra
 * component:  - Select a component => Applications/Tor Check


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #20119 [Core Tor/Tor]: Fails to create the pid file when an enclosing directory is missing

[Tor Bug Tracker & Wiki]

#20119: Fails to create the pid file when an enclosing directory is missing
--+--
 Reporter:  yurivict271   |  Owner:
 Type:  defect| Status:  new
 Priority:  Medium|  Milestone:
Component:  Core Tor/Tor  |Version:  Tor: 0.2.8.7
 Severity:  Normal| Resolution:
 Keywords:|  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+--
Changes (by cypherpunks):

 * component:  - Select a component => Core Tor/Tor


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs