Re: [tor-bugs] #21558 [Core Tor/Stem]: Add Ed25519 support

[Tor Bug Tracker & Wiki]

#21558: Add Ed25519 support
---+-
 Reporter:  patrickod  |  Owner:  atagar
 Type:  enhancement| Status:  closed
 Priority:  Medium |  Milestone:
Component:  Core Tor/Stem  |Version:
 Severity:  Normal | Resolution:  implemented
 Keywords: |  Actual Points:
Parent ID: | Points:
 Reviewer: |Sponsor:
---+-
Changes (by atagar):

 * status:  needs_review => closed
 * resolution:   => implemented


Comment:

 Sorry about the delay!
 
[https://gitweb.torproject.org/stem.git/commit/?id=727e14b9570ce3881228503ee04ace491de62009
 Merged support for ed25519 certs].

 Thanks Patrick! Honestly overhauled this quite a bit (additional tests,
 tweaks, and most notably pynacl is now only required for validaton, not
 parsing). That said, your work was *very* useful - especially the crypto
 bits. Many thanks Patrick!

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #21834 [- Select a component]: ExcludeExitNodes settings ignored

[Tor Bug Tracker & Wiki]

#21834: ExcludeExitNodes settings ignored
--+--
 Reporter:  JoeDiFostar   |  Owner:
 Type:  defect| Status:  reopened
 Priority:  High  |  Milestone:
Component:  - Select a component  |Version:  Tor: unspecified
 Severity:  Normal| Resolution:
 Keywords:|  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+--
Changes (by JoeDiFostar):

 * status:  closed => reopened
 * resolution:  worksforme =>


Comment:

 Changed my torrc

 ExcludeExitNodes {US},{CA}
 GeoIPExcludeUnknown auto
 StrictNodes 1

 started tor browser, changed the connect path a few times and United
 States is still selected as exit node!

 I don't care if those counries are selected as entry or middle node, I
 don't want them as exit.

 I wan't clear about this in my first message.  My apologies for that.
 Being a developer myself, I know the importance of being precise in error
 reports. I wrongly assumed that seeing the excludeexitnodes directives in
 my config would have been self-explanatory as my intentions were

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #21834 [- Select a component]: ExcludeExitNodes settings ignored

[Tor Bug Tracker & Wiki]

#21834: ExcludeExitNodes settings ignored
--+--
 Reporter:  JoeDiFostar   |  Owner:
 Type:  defect| Status:  closed
 Priority:  High  |  Milestone:
Component:  - Select a component  |Version:  Tor: unspecified
 Severity:  Normal| Resolution:  worksforme
 Keywords:|  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+--
Changes (by cypherpunks):

 * status:  new => closed
 * resolution:   => worksforme


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #21834 [- Select a component]: ExcludeExitNodes settings ignored

[Tor Bug Tracker & Wiki]

#21834: ExcludeExitNodes settings ignored
--+--
 Reporter:  JoeDiFostar   |  Owner:
 Type:  defect| Status:  new
 Priority:  High  |  Milestone:
Component:  - Select a component  |Version:  Tor: unspecified
 Severity:  Normal| Resolution:
 Keywords:|  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+--

Comment (by cypherpunks):

 Please see:
 https://www.torproject.org/docs/tor-manual.html.en#ExcludeNodes
 https://www.torproject.org/docs/tor-manual.html.en#StrictNodes

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #21834 [- Select a component]: ExcludeExitNodes settings ignored

[Tor Bug Tracker & Wiki]

#21834: ExcludeExitNodes settings ignored
--+--
 Reporter:  JoeDiFostar   |  Owner:
 Type:  defect| Status:  new
 Priority:  High  |  Milestone:
Component:  - Select a component  |Version:  Tor: unspecified
 Severity:  Normal|   Keywords:
Actual Points:|  Parent ID:
   Points:|   Reviewer:
  Sponsor:|
--+--
 Tor Browser 6.5.1/Win 7.0x64

 I have the following in my torrc and the browser happily selects US nodes

 DataDirectory E:\Program Files (x86)\Tor
 Browser\Browser\TorBrowser\Data\Tor
 GeoIPFile E:\Program Files (x86)\Tor
 Browser\Browser\TorBrowser\Data\Tor\geoip
 GeoIPv6File E:\Program Files (x86)\Tor
 Browser\Browser\TorBrowser\Data\Tor\geoip6
 HiddenServiceStatistics 0
 ExcludeExitNodes {US},{CA}
 GeoIPExcludeUnknown auto

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #8387 [Core Tor/Tor]: Unbuilt one-hop circuits sometimes hang around forever

[Tor Bug Tracker & Wiki]

#8387: Unbuilt one-hop circuits sometimes hang around forever
-+-
 Reporter:  mikeperry|  Owner:  nickm
 Type:  defect   | Status:
 |  needs_information
 Priority:  High |  Milestone:  Tor:
 |  unspecified
Component:  Core Tor/Tor |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tor-client, 025-triaged, |  Actual Points:
  027-triaged-1-out, 2016-bug-retrospective, |
  tor-03-unspecified-201612  |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-

Comment (by s7r):

 Hmm this looks old but here's what I got today:
 {{{
 Mar 29 15:12:11.000 [notice] Diagnostic for issue 8387: Found 1 one-hop
 circuits more than 1800 seconds old! Logging 1...
 Mar 29 15:12:11.000 [notice]   #0 created at 2017-03-29 14:26:57. open,
 General-purpose client. Not marked for close. Package window: 1000. usable
 for new conns. Not marked dirty.
 Mar 29 15:12:11.000 [notice] It has been 3 seconds since I last called
 circuit_expire_old_circuits_clientside().
 }}}

 On Tor `0.3.0.2-alpha-dev (git-0f79fb51e5653cbc+f6d2aaa)`.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #21685 [Applications/Tor Browser]: Remote New Tab pages have access to internal browser APIs in Firefox 52

[Tor Bug Tracker & Wiki]

#21685: Remote New Tab pages have access to internal browser APIs in Firefox 52
-+-
 Reporter:  gk   |  Owner:  tbb-
 |  team
 Type:  defect   | Status:  new
 Priority:  Medium   |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  ff52-esr, tbb-7.0-must,  |  Actual Points:
  TorBrowserTeam201703   |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
 |  Sponsor4
-+-

Comment (by cypherpunks):

 We should replace about:newtab with about:tor via Torbutton using
 NewTabURL.jsm API https://bugzilla.mozilla.org/show_bug.cgi?id=1118285
 or via direct Firefox patch.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #21685 [Applications/Tor Browser]: Remote New Tab pages have access to internal browser APIs in Firefox 52

[Tor Bug Tracker & Wiki]

#21685: Remote New Tab pages have access to internal browser APIs in Firefox 52
-+-
 Reporter:  gk   |  Owner:  tbb-
 |  team
 Type:  defect   | Status:  new
 Priority:  Medium   |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  ff52-esr, tbb-7.0-must,  |  Actual Points:
  TorBrowserTeam201703   |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
 |  Sponsor4
-+-
Changes (by tokotoko):

 * cc: fdsfgs@… (added)


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #21726 [Applications/Tor Browser]: Get graphite back into the security slider

[Tor Bug Tracker & Wiki]

#21726: Get graphite back into the security slider
-+-
 Reporter:  gk   |  Owner:  tbb-
 |  team
 Type:  defect   | Status:  new
 Priority:  Medium   |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tbb-torbutton, tbb-security-slider,  |  Actual Points:
  ff52-esr   |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-
Changes (by tokotoko):

 * cc: fdsfgs@… (added)


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #21687 [Applications/Tor Browser]: Make sure prefetch in the network predictor adheres to design guidelines

[Tor Bug Tracker & Wiki]

#21687: Make sure prefetch in the network predictor adheres to design guidelines
--+--
 Reporter:  gk|  Owner:  tbb-team
 Type:  task  | Status:  new
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:
 Keywords:  ff52-esr  |  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:  Sponsor4
--+--
Changes (by tokotoko):

 * cc: fdsfgs@… (removed)


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #21785 [Applications/Tor Browser]: Keep an eye on the Storage API

[Tor Bug Tracker & Wiki]

#21785: Keep an eye on the Storage API
--+--
 Reporter:  gk|  Owner:  tbb-team
 Type:  task  | Status:  new
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:
 Keywords:  ff52-esr, tbb-fingerprinting  |  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+--
Changes (by tokotoko):

 * cc: fdsfgs@… (added)


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #21797 [Applications/Tor Browser]: Disable Firefox Telemetry experiments in Tor Browser

[Tor Bug Tracker & Wiki]

#21797: Disable Firefox Telemetry experiments in Tor Browser
--+--
 Reporter:  gk|  Owner:  tbb-team
 Type:  defect| Status:  new
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:
 Keywords:  ff52-esr  |  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:  Sponsor4
--+--
Changes (by tokotoko):

 * cc: fdsfgs@… (added)


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #21034 [Applications/Tor Browser]: Per site security settings?

[Tor Bug Tracker & Wiki]

#21034: Per site security settings?
--+--
 Reporter:  arthuredelstein   |  Owner:  tbb-team
 Type:  defect| Status:  new
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:
 Keywords:|  Actual Points:
Parent ID:  #20843| Points:
 Reviewer:|Sponsor:
--+--

Comment (by jonathanfemideer):

 Replying to [comment:18 gk]:
 > Replying to [comment:16 jonathanfemideer]:
 > > Replying to [comment:13 gk]:
 > > > Is it "high" because one said in 1) for foo.com the rule is "high"?
 > >
 > > Again, the answer here is, "No," and again this is because the user is
 viewing, within one tab, content from ''both'' sites.
 >
 > I am confused about that one because reading the other parts of your
 response leads me to assume you meant "Yes". The context of the quote you
 took is the *iframe* and not the whole site. Or did I misunderstand your
 position?

 Good catch! Sorry for my mistake. You are quite right that the context you
 were asking about in the portion of your question that I quoted was the
 '''iframe''' in that tab, not the whole site, the whole page, or the whole
 content of the tab. Let me try again :)

 > > > But for now let's assume we implement this indeed how is the
 implementation supposed to behave in the following scenario:
 > > >
 > > > 0) By default the user is in "medium" mode.
 > > > 1) In tab 1 one has foo.com open. A user does not like to have
 "medium" mode here but says: "For this site I want to have high security
 because I am scared" and adapts that accordingly.
 > > > 2) In tab 2 bar.com is open which is per default (see 0)) above in
 "medium" mode. But bar.com includes an iframe pointing to foo.com.
 > > >
 > > > Now the question is: what are the security settings for stuff loaded
 in the iframe? Is it "medium" because it is embedded in bar.com and
 bar.com is the site you are in contact with?
 > >
 > > The answer here is, "No," because of the false premise, "''bar.com is
 '''the''' site you are in contact with''". This premise is false because
 the user in your example is viewing, within one tab, content from ''both''
 sites.
 > >
 > > > Is it "high" because one said in 1) for foo.com the rule is "high"?
 > >

 The answer here is, "Yes."

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #21833 [Applications/Tor Browser]: libvirt Changes in 16.10 bust check-prequisites.py

[Tor Bug Tracker & Wiki]

#21833: libvirt Changes in 16.10 bust check-prequisites.py
--+--
 Reporter:  tom   |  Owner:  tbb-team
 Type:  defect| Status:  new
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal|   Keywords:
Actual Points:|  Parent ID:
   Points:|   Reviewer:
  Sponsor:|
--+--
 The group was renamed in 16.10, see
 https://help.ubuntu.com/lts/serverguide/libvirt.html#libvirt-installation

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #21730 [Metrics/Metrics website]: Include metrics-lib's JavaDocs on the Metrics website

[Tor Bug Tracker & Wiki]

#21730: Include metrics-lib's JavaDocs on the Metrics website
-+--
 Reporter:  karsten  |  Owner:  iwakeh
 Type:  enhancement  | Status:  needs_review
 Priority:  Medium   |  Milestone:
Component:  Metrics/Metrics website  |Version:
 Severity:  Normal   | Resolution:
 Keywords:   |  Actual Points:
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+--

Comment (by iwakeh):

 Thanks, for checking!
 I forgot to commit the bootstrap script and also found a bug.
 All is ammmended to the above branch.

 Step by step:
 If the checkout wasn't recursive, run
 {{{
 website/src/main/resources/bootstrap-development.sh
 }}}

 Then add the `lib` folder under `shared` (this is nothing new).
 `cd` into website and run `ant war`.
 This should result in all javadocs being build, but only
 metrics-lib's javadoc is included in the war.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #21034 [Applications/Tor Browser]: Per site security settings?

[Tor Bug Tracker & Wiki]

#21034: Per site security settings?
--+--
 Reporter:  arthuredelstein   |  Owner:  tbb-team
 Type:  defect| Status:  new
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:
 Keywords:|  Actual Points:
Parent ID:  #20843| Points:
 Reviewer:|Sponsor:
--+--

Comment (by mcs):

 I attended a session during the recent Tor meeting where similar issues
 were discussed. For reference, the session notes are here:
 
[https://trac.torproject.org/projects/tor/wiki/org/meetings/2017Amsterdam/Notes/SecuritySliderUsability
 Security Slider Usability Session Notes].

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #18831 [Applications/Tor Browser]: We need Yasm >= 1.2.0 to build ESR 52

[Tor Bug Tracker & Wiki]

#18831: We need Yasm >= 1.2.0 to build ESR 52
-+-
 Reporter:  gk   |  Owner:  tbb-
 |  team
 Type:  enhancement  | Status:
 |  needs_review
 Priority:  Medium   |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  ff52-esr, tbb-gitian, tbb-7.0-must,  |  Actual Points:
  TorBrowserTeam201703, GeorgKoppen201703R,  |
  tbb-7.0-must-nightly   |
Parent ID:  #21147   | Points:
 Reviewer:   |Sponsor:
 |  Sponsor4
-+-

Comment (by cypherpunks):

 Ubuntu 12.04 LTS (Precise Pangolin) will be EOLed in less than a month
 https://lists.ubuntu.com/archives/ubuntu-security-
 announce/2017-March/003777.html.
 Also why not https://bugzilla.mozilla.org/show_bug.cgi?id=1113450?

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #21747 [Applications/Tor Browser]: Requesting a new circuit for a site is not working in ESR 52 based Tor Browser

[Tor Bug Tracker & Wiki]

#21747: Requesting a new circuit for a site is not working in ESR 52 based Tor
Browser
-+-
 Reporter:  gk   |  Owner:
 |  arthuredelstein
 Type:  defect   | Status:
 |  needs_review
 Priority:  Medium   |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tbb-torbutton, ff52-esr, |  Actual Points:
  tbb-7.0-must, TorBrowserTeam201703R, tbb-7.0   |
  -must-nightly  |
Parent ID:  #21201   | Points:
 Reviewer:   |Sponsor:
 |  Sponsor4
-+-

Comment (by mcs):

 Replying to [comment:10 arthuredelstein]:
 > Thanks for the review. Traditionally we have used "--unknown--" for the
 catchall domain (and SOCKS username). But for a chrome-initiated request,
 originAttributes.firstParty is an empty string. So this line ensures that
 request goes through the "--unknown--" circuit.

 That makes sense. Thanks!

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #21804 [Applications/Tor Browser]: Tor Browser refuses to start with : Corrupt redzone 0 bytes after 0x7f0503ede9d0 (size 80), byte=0x0

[Tor Bug Tracker & Wiki]

#21804: Tor Browser refuses to start with : Corrupt redzone 0 bytes 
after
0x7f0503ede9d0 (size 80), byte=0x0
--+--
 Reporter:  adrelanos |  Owner:  tbb-team
 Type:  defect| Status:  new
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:
 Keywords:|  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+--
Changes (by adrelanos):

 * status:  needs_information => new


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #21804 [Applications/Tor Browser]: Tor Browser refuses to start with : Corrupt redzone 0 bytes after 0x7f0503ede9d0 (size 80), byte=0x0

[Tor Bug Tracker & Wiki]

#21804: Tor Browser refuses to start with : Corrupt redzone 0 bytes 
after
0x7f0503ede9d0 (size 80), byte=0x0
--+---
 Reporter:  adrelanos |  Owner:  tbb-team
 Type:  defect| Status:  needs_information
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:
 Keywords:|  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+---

Comment (by adrelanos):

 6.5a6

 * Qubes Debian stretch based AppVM: works
 * VirtualBox Debian stretch: works
 * VirtualBox Whonix Debian stretch based VM: broken
 * Qubes-Whonix Debian stretch based AppVM: broken

 "Some setting that Whonix changes or package that Whonix does (not)
 install is triggering this issue." (No recompiled packages.) Any advice on
 narrow it down more than that?

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #21527 [User Experience/Website]: Please add iwakeh to the Core Tor People page

[Tor Bug Tracker & Wiki]

#21527: Please add iwakeh to the Core Tor People page
-+--
 Reporter:  karsten  |  Owner:  hiro
 Type:  task | Status:  needs_review
 Priority:  Medium   |  Milestone:
Component:  User Experience/Website  |Version:
 Severity:  Normal   | Resolution:
 Keywords:   |  Actual Points:
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+--

Comment (by karsten):

 Please find the attached patch.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #21832 [Core Tor/Stem]: test_set_process_name failed.

[Tor Bug Tracker & Wiki]

#21832: test_set_process_name failed.
---+
 Reporter:  meto   |  Owner:  atagar
 Type:  defect | Status:  new
 Priority:  Very Low   |  Milestone:
Component:  Core Tor/Stem  |Version:
 Severity:  Trivial| Resolution:
 Keywords:  testing|  Actual Points:
Parent ID: | Points:
 Reviewer: |Sponsor:
---+
Changes (by meto):

 * keywords:   => testing


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #21730 [Metrics/Metrics website]: Include metrics-lib's JavaDocs on the Metrics website

[Tor Bug Tracker & Wiki]

#21730: Include metrics-lib's JavaDocs on the Metrics website
-+--
 Reporter:  karsten  |  Owner:  iwakeh
 Type:  enhancement  | Status:  needs_review
 Priority:  Medium   |  Milestone:
Component:  Metrics/Metrics website  |Version:
 Severity:  Normal   | Resolution:
 Keywords:   |  Actual Points:
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+--

Comment (by karsten):

 I read the three commits, and they look good.  But I failed getting
 submodules initialized.  Can you maybe post the exact commands for cloning
 a new metrics-web repository and building the .war file?  I may be missing
 an initialization command, but I can't figure out which.  Thanks!

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #3652 [Core Tor/Tor]: Export clock skew opinion as getinfo command

[Tor Bug Tracker & Wiki]

#3652: Export clock skew opinion as getinfo command
-+-
 Reporter:  mikeperry|  Owner:  nickm
 Type:  enhancement  | Status:
 |  needs_revision
 Priority:  High |  Milestone:  Tor:
 |  0.3.2.x-final
Component:  Core Tor/Tor |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tbb-wants small-feature needs-   |  Actual Points:
  proposal tor-client|
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-
Changes (by gk):

 * cc: g.koppen@…, brade. (removed)
 * cc: gk, brade (added)


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #9570 [Applications/Tor Browser]: Many changes to private browsing code of Firefox happened since 17esr out

[Tor Bug Tracker & Wiki]

#9570: Many changes to private browsing code of Firefox happened since 17esr out
--+
 Reporter:  cypherpunks   |  Owner:  mikeperry
 Type:  defect| Status:  needs_revision
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:
 Keywords:  MikePerry201312R  |  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+
Changes (by gk):

 * keywords:  ff52-esr, MikePerry201312R => MikePerry201312R


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #17400 [Applications/Tor Browser]: Decide how to use the multi-lingual Tor Browser in the alpha/release series

[Tor Bug Tracker & Wiki]

#17400: Decide how to use the multi-lingual Tor Browser in the alpha/release 
series
-+-
 Reporter:  gk   |  Owner:  tbb-
 |  team
 Type:  task | Status:  new
 Priority:  Medium   |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tbb-usability-stoppoint-wizard,  |  Actual Points:
  TorBrowserTeam201608   |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-
Changes (by gk):

 * cc: lnl (added)


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #21805 [Applications/Tor Browser]: webgl is getting blocked in low security

[Tor Bug Tracker & Wiki]

#21805: webgl is getting blocked in low security
--+---
 Reporter:  arthuredelstein   |  Owner:  tbb-team
 Type:  defect| Status:  needs_information
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:
 Keywords:  tbb-usability |  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+---
Changes (by gk):

 * status:  new => needs_information
 * keywords:  tbb-security-slider, tbb-usability => tbb-usability


Comment:

 Yes, that's because WebGL is a privacy problem and, looking at the data
 from past sec-high and sec-crit bugs, not a security problem. Which is why
 it is not governed by the security slider and I think that's okay.

 Here is what we are doing right now according to the design spec:
 {{{
 First, WebGL Canvases have click-to-play placeholders (provided by
 NoScript), and do not run until authorized by the user. Second, we
 obfuscate driver information by setting the Firefox preferences webgl
 .disable-extensions, webgl.min_capability_mode, and webgl.disable-fail-if-
 major-performance-caveat which reduce the information provided by the
 following WebGL API calls: getParameter(), getSupportedExtensions(), and
 getExtension(). To make the minimal WebGL mode usable we additionally
 normalize its properties with a Firefox patch.
 }}}
 It seems your report is not a bug then. Maybe you wanted to argue we
 should not do the click-to-play thing at all anymore?

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #21755 [Applications/Tor Browser]: Restrict third party cookies and other tracking data is unchecked in ESR52 based Tor Browser

[Tor Bug Tracker & Wiki]

#21755: Restrict third party cookies and other tracking data is unchecked in 
ESR52
based Tor Browser
-+-
 Reporter:  gk   |  Owner:  tbb-
 |  team
 Type:  defect   | Status:  closed
 Priority:  Medium   |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:  fixed
 Keywords:  ff52-esr, tbb-7.0-must,  |  Actual Points:
  TorBrowserTeam201703   |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
 |  Sponsor4
-+-
Changes (by arthuredelstein):

 * status:  new => closed
 * resolution:   => fixed


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #21755 [Applications/Tor Browser]: Restrict third party cookies and other tracking data is unchecked in ESR52 based Tor Browser

[Tor Bug Tracker & Wiki]

#21755: Restrict third party cookies and other tracking data is unchecked in 
ESR52
based Tor Browser
-+-
 Reporter:  gk   |  Owner:  tbb-
 |  team
 Type:  defect   | Status:  new
 Priority:  Medium   |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  ff52-esr, tbb-7.0-must,  |  Actual Points:
  TorBrowserTeam201703   |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
 |  Sponsor4
-+-

Comment (by arthuredelstein):

 I have a fixup patch at cda80ad28fa7c5508ae5686a6c0819fddc4cc595,
 in https://github.com/arthuredelstein/tor-browser/commits/20680+9
 As far as I can tell, isolation is working and this was simply a bug in
 binding of the checkbox to the pref.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #20680 [Applications/Tor Browser]: Rebase Tor Browser patches to 52 ESR

[Tor Bug Tracker & Wiki]

#20680: Rebase Tor Browser patches to 52 ESR
-+-
 Reporter:  arthuredelstein  |  Owner:  tbb-
 |  team
 Type:  defect   | Status:  new
 Priority:  Medium   |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  ff52-esr, tbb-7.0-must,  |  Actual Points:
  TorBrowserTeam201703, tbb-7.0-must-nightly |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
 |  Sponsor4
-+-

Comment (by arthuredelstein):

 Latest version:
 ​​https://github.com/arthuredelstein/tor-browser/commits/20680+9

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #21546 [Applications/Tor Browser]: Adapt Tor Launcher to TBB/FF52ESR

[Tor Bug Tracker & Wiki]

#21546: Adapt Tor Launcher to TBB/FF52ESR
-+-
 Reporter:  arthuredelstein  |  Owner:  tbb-
 |  team
 Type:  defect   | Status:  closed
 Priority:  Medium   |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:  fixed
 Keywords:  ff52-esr, tbb-7.0-must,  |  Actual Points:
  TorBrowserTeam201703R, tbb-7.0-must-nightly|
Parent ID:  #20680   | Points:
 Reviewer:   |Sponsor:
-+-
Changes (by gk):

 * status:  needs_review => closed
 * resolution:   => fixed


Comment:

 That's commit 336e7c8731296866dd67a090c010e41fcc26ef69 on `master` now.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #18831 [Applications/Tor Browser]: We need Yasm >= 1.2.0 to build ESR 52

[Tor Bug Tracker & Wiki]

#18831: We need Yasm >= 1.2.0 to build ESR 52
-+-
 Reporter:  gk   |  Owner:  tbb-
 |  team
 Type:  enhancement  | Status:
 |  needs_review
 Priority:  Medium   |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  ff52-esr, tbb-gitian, tbb-7.0-must,  |  Actual Points:
  TorBrowserTeam201703, GeorgKoppen201703R,  |
  tbb-7.0-must-nightly   |
Parent ID:  #21147   | Points:
 Reviewer:   |Sponsor:
 |  Sponsor4
-+-
Changes (by gk):

 * keywords:
 ff52-esr, tbb-gitian, tbb-7.0-must, TorBrowserTeam201703,
 GeorgKoppen201703, tbb-7.0-must-nightly
 =>
 ff52-esr, tbb-gitian, tbb-7.0-must, TorBrowserTeam201703,
 GeorgKoppen201703R, tbb-7.0-must-nightly
 * status:  new => needs_review


Comment:

 `bug_18831_v3` (https://gitweb.torproject.org/user/gk/tor-browser-
 bundle.git/commit/?h=bug_18831_v3=6a2363caf530f0cdb11e879010c553c390e711b9)
 in my public tor-browser-bundle repo has a fix up for review.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #21831 [Applications/Tor Browser]: "Connection is Not Secure" warning.

[Tor Bug Tracker & Wiki]

#21831: "Connection is Not Secure" warning.
--+---
 Reporter:  jonathanfemideer  |  Owner:  tbb-team
 Type:  defect| Status:  closed
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:  duplicate
 Keywords:|  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+---
Changes (by gk):

 * status:  new => closed
 * resolution:   => duplicate


Comment:

 This is a duplicate of #21323 where we are currently thinking about how to
 activate the mixed content blocking if at all.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #21323 [Applications/Tor Browser]: Activate mixed content blocking

[Tor Bug Tracker & Wiki]

#21323: Activate mixed content blocking
--+--
 Reporter:  arthuredelstein   |  Owner:  tbb-team
 Type:  defect| Status:  needs_review
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:
 Keywords:  TorBrowserTeam201703R |  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+--
Changes (by gk):

 * cc: jonathanfemideer (added)


Comment:

 #21831 is a duplicate of this one. Note there that it is suggested that
 mixed content blocking at least on the "High" setting should be disabled
 (as mentioned in comment:7) but probably on all levels, though.

 There is the additional "if we can't enable it by default then let the
 user enable it as there is a button for it" request which I'll open a
 ticket for in case we finally decide to not activate the mixed content
 blocking by default.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #21779 [Applications/Tor Browser]: Non-admin users can't access Tor Browser on macOS

[Tor Bug Tracker & Wiki]

#21779: Non-admin users can't access Tor Browser on macOS
--+--
 Reporter:  teor  |  Owner:  tbb-team
 Type:  defect| Status:  new
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:
 Keywords:|  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+--

Comment (by gk):

 Replying to [comment:1 mcs]:
 > Kathy and I were able to reproduce this bug. As you point out, it should
 be fine to allow rx permission to "other." Doing something like:
 >   chmod -R o+rX TorBrowser.app
 > during our packaging should fix this problem.

 I am fine taking a fix for the next alpha (alpha because I'd like to test
 it with an update first and see what is happening).

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #21034 [Applications/Tor Browser]: Per site security settings?

[Tor Bug Tracker & Wiki]

#21034: Per site security settings?
--+--
 Reporter:  arthuredelstein   |  Owner:  tbb-team
 Type:  defect| Status:  new
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:
 Keywords:|  Actual Points:
Parent ID:  #20843| Points:
 Reviewer:|Sponsor:
--+--

Comment (by gk):

 Replying to [comment:16 jonathanfemideer]:
 > Replying to [comment:13 gk]:
 >
 >
 > > So, I am inclined to resolve this as `WONTFIX` due to the UX nightmare
 at least.
 >
 > Please don't close this as `WONTFIX`. Let us instead use this bug report
 (or feature request) to figure out how best to meet the desired security
 improvements.
 >
 > Your question below is a great start. Thank you for asing it!
 >
 > > But for now let's assume we implement this indeed how is the
 implementation supposed to behave in the following scenario:
 > >
 > > 0) By default the user is in "medium" mode.
 > > 1) In tab 1 one has foo.com open. A user does not like to have
 "medium" mode here but says: "For this site I want to have high security
 because I am scared" and adapts that accordingly.
 > > 2) In tab 2 bar.com is open which is per default (see 0)) above in
 "medium" mode. But bar.com includes an iframe pointing to foo.com.
 > >
 > > Now the question is: what are the security settings for stuff loaded
 in the iframe? Is it "medium" because it is embedded in bar.com and
 bar.com is the site you are in contact with?
 >
 > The answer here is, "No," because of the false premise, "''bar.com is
 '''the''' site you are in contact with''". This premise is false because
 the user in your example is viewing, within one tab, content from ''both''
 sites.
 >
 > > Is it "high" because one said in 1) for foo.com the rule is "high"?
 >
 > Again, the answer here is, "No," and again this is because the user is
 viewing, within one tab, content from ''both'' sites.

 I am confused about that one because reading the other parts of your
 response leads me to assume you meant "Yes". The context of the quote you
 took is the *iframe* and not the whole site. Or did I misunderstand your
 position?

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #21804 [Applications/Tor Browser]: Tor Browser refuses to start with : Corrupt redzone 0 bytes after 0x7f0503ede9d0 (size 80), byte=0x0

[Tor Bug Tracker & Wiki]

#21804: Tor Browser refuses to start with : Corrupt redzone 0 bytes 
after
0x7f0503ede9d0 (size 80), byte=0x0
--+---
 Reporter:  adrelanos |  Owner:  tbb-team
 Type:  defect| Status:  needs_information
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:
 Keywords:|  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+---
Changes (by gk):

 * cc: arthuredelstein (added)
 * status:  new => needs_information


Comment:

 6.5a6 is the first version that contains our jemalloc hardening.
 adrelanos: Could you try narrowing the issue down by starting Tor Browser
 outside Qubes-Whonix the same way you do within Qubes-Whonix? And then if
 that does not explode just starting it in Qubes without the Whonix
 component? Does that already explode? Or do you need Whonix to get to
 that?

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #21747 [Applications/Tor Browser]: Requesting a new circuit for a site is not working in ESR 52 based Tor Browser

[Tor Bug Tracker & Wiki]

#21747: Requesting a new circuit for a site is not working in ESR 52 based Tor
Browser
-+-
 Reporter:  gk   |  Owner:
 |  arthuredelstein
 Type:  defect   | Status:
 |  needs_review
 Priority:  Medium   |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tbb-torbutton, ff52-esr, |  Actual Points:
  tbb-7.0-must, TorBrowserTeam201703R, tbb-7.0   |
  -must-nightly  |
Parent ID:  #21201   | Points:
 Reviewer:   |Sponsor:
 |  Sponsor4
-+-

Comment (by arthuredelstein):

 Replying to [comment:9 mcs]:
 > r=brade, r=mcs
 > This patch looks okay and it seems to work. Why did you need to add the
 following code?
 > {{{
 >   if (domain === "") {
 > domain = "--unknown--";
 >   }
 > }}}

 Thanks for the review. Traditionally we have used "--unknown--" for the
 catchall domain (and SOCKS username). But for a chrome-initiated request,
 originAttributes.firstParty is an empty string. So this line ensures that
 request goes through the "--unknown--" circuit.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs