Re: [tor-bugs] #21991 [Metrics/Torflow]: Allow bandwidth scanners to use non-Exits to access onion addresses

2017-04-18 Thread Tor Bug Tracker & Wiki 
#21991: Allow bandwidth scanners to use non-Exits to access onion addresses
-+
 Reporter:  teor |  Owner:  aagbsn
 Type:  enhancement  | Status:  new
 Priority:  Medium   |  Milestone:
Component:  Metrics/Torflow  |Version:
 Severity:  Normal   | Resolution:
 Keywords:   |  Actual Points:
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+

Comment (by teor):

 Once this is implemented, we should add an onion address into the default
 set (see #21990).

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #21990 [Metrics/Torflow]: Use a sensible default set of bandwidth servers

2017-04-18 Thread Tor Bug Tracker & Wiki 
#21990: Use a sensible default set of bandwidth servers
-+
 Reporter:  teor |  Owner:  aagbsn
 Type:  enhancement  | Status:  new
 Priority:  Medium   |  Milestone:
Component:  Metrics/Torflow  |Version:
 Severity:  Normal   | Resolution:
 Keywords:   |  Actual Points:
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+

Comment (by arma):

 weasel and micah put the bwauth files on our fastly cdn server. That's
 worth checking out.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #21991 [Metrics/Torflow]: Allow bandwidth scanners to use non-Exits to access onion addresses

2017-04-18 Thread Tor Bug Tracker & Wiki 
#21991: Allow bandwidth scanners to use non-Exits to access onion addresses
-+
 Reporter:  teor |  Owner:  aagbsn
 Type:  enhancement  | Status:  new
 Priority:  Medium   |  Milestone:
Component:  Metrics/Torflow  |Version:
 Severity:  Normal   |   Keywords:
Actual Points:   |  Parent ID:
   Points:   |   Reviewer:
  Sponsor:   |
-+
 Tor's bandwidth scanner passes the bandwidth server HTTPS address to Tor's
 SOCKSPort. So using an onion address should just work.

 But to get the full benefit from onion addresses, we need to do two
 things:
 * run the bandwidth server as a single onion service (otherwise the
 variance is too high), and
 * allow the second relay in the path to be a middle or guard when
 connecting to onion addresses.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #21990 [Metrics/Torflow]: Use a sensible default set of bandwidth servers

2017-04-18 Thread Tor Bug Tracker & Wiki 
#21990: Use a sensible default set of bandwidth servers
-+
 Reporter:  teor |  Owner:  aagbsn
 Type:  enhancement  | Status:  new
 Priority:  Medium   |  Milestone:
Component:  Metrics/Torflow  |Version:
 Severity:  Normal   |   Keywords:
Actual Points:   |  Parent ID:
   Points:   |   Reviewer:
  Sponsor:   |
-+
 The default bandwidth authority HTTPS server is easy to overload by
 mistake, and has no redundancy.

 Ideally, we should specify a default list with:
 * An IPv4 address,
 * An IPv6 address,
 * A DNS address (ideally on a CDN with dual-stack support)
 * An onion address (once we test this works)

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #21989 [Core Tor/Tor]: Should we tell Exits to reject all traffic if DNS fails?

2017-04-18 Thread Tor Bug Tracker & Wiki 
#21989: Should we tell Exits to reject all traffic if DNS fails?
--+--
 Reporter:  teor  |  Owner:
 Type:  defect| Status:  new
 Priority:  Medium|  Milestone:  Tor: unspecified
Component:  Core Tor/Tor  |Version:
 Severity:  Normal|   Keywords:  dns, tor-exit
Actual Points:|  Parent ID:  #21900
   Points:  1 |   Reviewer:
  Sponsor:|
--+--
 Tor Exits with broken DNS still allow Exit traffic.

 But this slows down initial connections for clients, because the Exit will
 refuse all DNS requests. (Clients no longer cache DNS.)

 Perhaps we should make Exits refuse traffic until their DNS is working?
 (Unless a non-default option is set?)

 This would also fix #21900, where a broken DNS config really does stop all
 Exit traffic.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #21988 [- Select a component]: says not usingtor

2017-04-18 Thread Tor Bug Tracker & Wiki 
#21988: says not usingtor
--+--
 Reporter:  bobkat|  Owner:
 Type:  defect| Status:  new
 Priority:  Medium|  Milestone:
Component:  - Select a component  |Version:  Tor: unspecified
 Severity:  Normal|   Keywords:  not using tor
Actual Points:|  Parent ID:
   Points:|   Reviewer:
  Sponsor:|
--+--
 My dad vice says installed

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #21983 [Applications/Tor Browser]: Should we do more to discourage custom prefs and nonstandard addons?

2017-04-18 Thread Tor Bug Tracker & Wiki 
#21983: Should we do more to discourage custom prefs and nonstandard addons?
-+--
 Reporter:  arthuredelstein  |  Owner:  tbb-team
 Type:  defect   | Status:  new
 Priority:  Medium   |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tbb-usability, tbb-security  |  Actual Points:
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+--

Comment (by yawning):

 Replying to [comment:2 arma]:
 > Maybe the about:tor homepage is a good place to notify users of their
 non-standardness and why it's scary?

 `about:support` has `Important Modified Preferences`, which could probably
 be tailored for this sort of application.

 On a related note, insert rant about how going back to stock standard
 everything requires re-installing the entire browser, instead of just
 obliterating the profile directory here.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #21983 [Applications/Tor Browser]: Should we do more to discourage custom prefs and nonstandard addons?

2017-04-18 Thread Tor Bug Tracker & Wiki 
#21983: Should we do more to discourage custom prefs and nonstandard addons?
-+--
 Reporter:  arthuredelstein  |  Owner:  tbb-team
 Type:  defect   | Status:  new
 Priority:  Medium   |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tbb-usability, tbb-security  |  Actual Points:
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+--

Comment (by arma):

 Maybe the about:tor homepage is a good place to notify users of their non-
 standardness and why it's scary?

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #21846 [Metrics/Torflow]: BwAuthority can't be run out of the box without manual work

2017-04-18 Thread Tor Bug Tracker & Wiki 
#21846: BwAuthority can't be run out of the box without manual work
---+-
 Reporter:  davidwf|  Owner:  aagbsn
 Type:  enhancement| Status:  merge_ready
 Priority:  Medium |  Milestone:
Component:  Metrics/Torflow|Version:
 Severity:  Normal | Resolution:
 Keywords: |  Actual Points:
Parent ID: | Points:
 Reviewer:  chelseakomlo, tom  |Sponsor:
---+-

Comment (by chelseakomlo):

 Changing this to merge ready. tom, feel free to change to needs_review if
 you see anything else that needs revision.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #21846 [Metrics/Torflow]: BwAuthority can't be run out of the box without manual work

2017-04-18 Thread Tor Bug Tracker & Wiki 
#21846: BwAuthority can't be run out of the box without manual work
---+-
 Reporter:  davidwf|  Owner:  aagbsn
 Type:  enhancement| Status:  merge_ready
 Priority:  Medium |  Milestone:
Component:  Metrics/Torflow|Version:
 Severity:  Normal | Resolution:
 Keywords: |  Actual Points:
Parent ID: | Points:
 Reviewer:  chelseakomlo, tom  |Sponsor:
---+-
Changes (by chelseakomlo):

 * status:  needs_review => merge_ready


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #21846 [Metrics/Torflow]: BwAuthority can't be run out of the box without manual work

2017-04-18 Thread Tor Bug Tracker & Wiki 
#21846: BwAuthority can't be run out of the box without manual work
---+--
 Reporter:  davidwf|  Owner:  aagbsn
 Type:  enhancement| Status:  needs_review
 Priority:  Medium |  Milestone:
Component:  Metrics/Torflow|Version:
 Severity:  Normal | Resolution:
 Keywords: |  Actual Points:
Parent ID: | Points:
 Reviewer:  chelseakomlo, tom  |Sponsor:
---+--

Comment (by chelseakomlo):

 This seems good to me as well (I tested this on macOS).

 If virtualenv is used, #20466 shouldn't be an issue (I believe).

 #20454 should also be addressed with this patch.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #21980 [Core Tor/Tor]: prop224: Implement time period functions

2017-04-18 Thread Tor Bug Tracker & Wiki 
#21980: prop224: Implement time period functions
-+
 Reporter:  dgoulet  |  Owner:  asn
 Type:  enhancement  | Status:  needs_review
 Priority:  Medium   |  Milestone:  Tor: 0.3.1.x-final
Component:  Core Tor/Tor |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tor-hs, prop224  |  Actual Points:
Parent ID:  #21888   | Points:  0.5
 Reviewer:  nickm|Sponsor:  SponsorR-must
-+

Comment (by nickm):

 I left a couple of spec questions on the ticket.

 Sorry for so many spec questions!

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #21662 [Core Tor/Tor]: prop278: Add support for LZMA2 and/or Zstandard

2017-04-18 Thread Tor Bug Tracker & Wiki 
#21662: prop278: Add support for LZMA2 and/or Zstandard
+--
 Reporter:  ahf |  Owner:  ahf
 Type:  task| Status:  needs_revision
 Priority:  Medium  |  Milestone:  Tor:
|  0.3.1.x-final
Component:  Core Tor/Tor|Version:
 Severity:  Normal  | Resolution:
 Keywords:  TorCoreTeam201703, prop278  |  Actual Points:
Parent ID:  | Points:  2
 Reviewer:  |Sponsor:  Sponsor4
+--
Changes (by nickm):

 * status:  needs_review => needs_revision


Comment:

 Looks good!  I've made some initial comments and asked some questions.
 Also, I should take another pass or two over this code when I'm a little
 less tired, and think about the pointer arithmetic very carefully.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #21663 [Core Tor/Tor]: prop278: Refactor the torgzip module to support additional compression schemes

2017-04-18 Thread Tor Bug Tracker & Wiki 
#21663: prop278: Refactor the torgzip module to support additional compression
schemes
+--
 Reporter:  ahf |  Owner:  ahf
 Type:  task| Status:  needs_revision
 Priority:  Medium  |  Milestone:  Tor:
|  0.3.1.x-final
Component:  Core Tor/Tor|Version:
 Severity:  Normal  | Resolution:
 Keywords:  TorCoreTeam201703, prop278  |  Actual Points:
Parent ID:  | Points:  3
 Reviewer:  |Sponsor:  Sponsor4
+--
Changes (by nickm):

 * status:  needs_review => needs_revision


Comment:

 Looks pretty good to me!The only issues I noted on the ticket were
 pretty minor.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #21987 [- Select a component]: Buscar iformacion

2017-04-18 Thread Tor Bug Tracker & Wiki 
#21987: Buscar iformacion
--+--
 Reporter:  Ángel |  Owner:
 Type:  defect| Status:  closed
 Priority:  Medium|  Milestone:
Component:  - Select a component  |Version:  Obfsproxy: 0.1.0
 Severity:  Normal| Resolution:  not a bug
 Keywords:  Todo  |  Actual Points:  Ningúno
Parent ID:| Points:
 Reviewer:|Sponsor:  Sponsor4-can
--+--
Changes (by catalyst):

 * status:  new => closed
 * resolution:   => not a bug


Comment:

 This does not appear to be related to Tor.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #21963 [Core Tor/Tor]: consdiff code accepts invalid patch

2017-04-18 Thread Tor Bug Tracker & Wiki 
#21963: consdiff code accepts invalid patch
--+
 Reporter:  Sebastian |  Owner:
 Type:  defect| Status:  closed
 Priority:  Medium|  Milestone:  Tor: 0.3.1.x-final
Component:  Core Tor/Tor  |Version:
 Severity:  Normal| Resolution:  fixed
 Keywords:|  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+
Changes (by nickm):

 * status:  needs_review => closed
 * resolution:   => fixed


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #21971 [Core Tor/Tor]: Coverity issues in HS circuitmap unittests

2017-04-18 Thread Tor Bug Tracker & Wiki 
#21971: Coverity issues in HS circuitmap unittests
-+
 Reporter:  asn  |  Owner:
 Type:  defect   | Status:  closed
 Priority:  Medium   |  Milestone:  Tor: 0.3.1.x-final
Component:  Core Tor/Tor |Version:
 Severity:  Normal   | Resolution:  fixed
 Keywords:  tor-hs prop224 coverity  |  Actual Points:
Parent ID:   | Points:  0.3
 Reviewer:   |Sponsor:  SponsorR-can
-+
Changes (by nickm):

 * status:  merge_ready => closed
 * resolution:   => fixed


Comment:

 Merged!

 You can also safely compare ssize_t with tt_i64_op.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #21966 [Core Tor/Tor]: consdiff generation incorrect

2017-04-18 Thread Tor Bug Tracker & Wiki 
#21966: consdiff generation incorrect
--+
 Reporter:  Sebastian |  Owner:
 Type:  defect| Status:  closed
 Priority:  Medium|  Milestone:  Tor: 0.3.1.x-final
Component:  Core Tor/Tor  |Version:
 Severity:  Normal| Resolution:  fixed
 Keywords:|  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+
Changes (by nickm):

 * status:  needs_review => closed
 * resolution:   => fixed


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #20341 [Core Tor/Tor]: torrc man page missing components for Bridge line

2017-04-18 Thread Tor Bug Tracker & Wiki 
#20341: torrc man page missing components for Bridge line
-+-
 Reporter:  stefanib |  Owner:
 Type:  defect   | Status:  new
 Priority:  Low  |  Milestone:  Tor:
 |  0.3.2.x-final
Component:  Core Tor/Tor |Version:
 Severity:  Normal   | Resolution:
 Keywords:  torrc, manual, page, |  Actual Points:
  tor-03-unspecified-201612  |
Parent ID:   | Points:  0.1
 Reviewer:   |Sponsor:
-+-

Comment (by nickm):

 (I'd take a patch for this in 0.3.1 if someone writes one in time)

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #21966 [Core Tor/Tor]: consdiff generation incorrect

2017-04-18 Thread Tor Bug Tracker & Wiki 
#21966: consdiff generation incorrect
--+
 Reporter:  Sebastian |  Owner:
 Type:  defect| Status:  needs_review
 Priority:  Medium|  Milestone:  Tor: 0.3.1.x-final
Component:  Core Tor/Tor  |Version:
 Severity:  Normal| Resolution:
 Keywords:|  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+

Comment (by nickm):

 Merged consdiff_newline. Thanks!

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #21963 [Core Tor/Tor]: consdiff code accepts invalid patch

2017-04-18 Thread Tor Bug Tracker & Wiki 
#21963: consdiff code accepts invalid patch
--+
 Reporter:  Sebastian |  Owner:
 Type:  defect| Status:  needs_review
 Priority:  Medium|  Milestone:  Tor: 0.3.1.x-final
Component:  Core Tor/Tor  |Version:
 Severity:  Normal| Resolution:
 Keywords:|  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+

Comment (by nickm):

 Merged consdiff_add. Thanks!

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #21964 [Core Tor/Tor]: Consdiff code accepts non-numbers in ranges

2017-04-18 Thread Tor Bug Tracker & Wiki 
#21964: Consdiff code accepts non-numbers in ranges
--+
 Reporter:  Sebastian |  Owner:
 Type:  defect| Status:  needs_review
 Priority:  Medium|  Milestone:  Tor: 0.3.1.x-final
Component:  Core Tor/Tor  |Version:
 Severity:  Normal| Resolution:
 Keywords:|  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+

Comment (by nickm):

 Hm. Is it sufficient to check only the first character?  I guess maybe it
 is.  But if so, we should really use TOR_ISDIGIT.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #21987 [- Select a component]: Buscar iformacion

2017-04-18 Thread Tor Bug Tracker & Wiki 
#21987: Buscar iformacion
--+--
 Reporter:  Ángel |  Owner:
 Type:  defect| Status:  new
 Priority:  Medium|  Milestone:
Component:  - Select a component  |Version:  Obfsproxy: 0.1.0
 Severity:  Normal|   Keywords:  Todo
Actual Points:  Ningúno   |  Parent ID:
   Points:|   Reviewer:
  Sponsor:  Sponsor4-can  |
--+--
 Usar todo tipo de información

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #12930 [Obfuscation/Pluggable transport]: Someone, somewhere needs to unescape pluggable transport "SMETHOD ARGS" arguments.

2017-04-18 Thread Tor Bug Tracker & Wiki 
#12930: Someone, somewhere needs to unescape pluggable transport "SMETHOD ARGS"
arguments.
-+-
 Reporter:  yawning  |  Owner:  asn
 Type:  defect   | Status:  new
 Priority:  Medium   |  Milestone:
Component:  Obfuscation/Pluggable transport  |Version:
 Severity:  Normal   | Resolution:
 Keywords:  goptlib  |  Actual Points:
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-

Comment (by dcf):

 If it helps, here is how goptlib handles args (goptlib being the primary
 implementation of the PT protocol other than tor itself). It's mostly
 based on my own interpretation of what the spec says, but it at least has
 a lot of tests. The comments that quote pt-spec.txt are taken from an
 earlier version of the spec, probably
 [https://gitweb.torproject.org/torspec.git/tree/pt-
 spec.txt?id=4dcd7e94f17c072e771119ec90d7cbce4a4788a4 4dcd7e94f1] from July
 2014.

 [https://gitweb.torproject.org/pluggable-
 transports/goptlib.git/tree/args.go?id=0.7 args.go]: the main functions
 are `parseClientParameters`, `parseServerTransportOptions`, and
 `encodeSmethodArgs` (we haven't yet needed a function to encode client
 parameters). `encodeSmethodArgs` escapes only these three bytes: `\` `=`
 `,`. Other byte values such as `\n` and `\x00` are handled instead in
 pt.go.

 [https://gitweb.torproject.org/pluggable-
 transports/goptlib.git/tree/args_test.go?id=0.7 args_test.go]: is test
 code for the functions in args.go. Please let me know if you have
 additional test cases or if any of the existing ones seem wrong to you.

 [https://gitweb.torproject.org/pluggable-
 transports/goptlib.git/tree/pt.go?id=0.7 pt.go]: interacts a little bit
 with argument syntax in the `formatline` function, which is responsible
 for formatting stdout lines like `SMETHOD`. `formatline` panics (i.e.
 crashes) on any `\n`, `\x00`, or byte value greater than `\x7f` (see the
 `argIsSafe` function). Formerly, goptlib didn't panic but applied an
 additional backslash encoding to these bytes, which Yawning noted in
 comment:1 and has since been removed in favor of panicking.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #12930 [Obfuscation/Pluggable transport]: Someone, somewhere needs to unescape pluggable transport "SMETHOD ARGS" arguments.

2017-04-18 Thread Tor Bug Tracker & Wiki 
#12930: Someone, somewhere needs to unescape pluggable transport "SMETHOD ARGS"
arguments.
-+-
 Reporter:  yawning  |  Owner:  asn
 Type:  defect   | Status:  new
 Priority:  Medium   |  Milestone:
Component:  Obfuscation/Pluggable transport  |Version:
 Severity:  Normal   | Resolution:
 Keywords:  goptlib  |  Actual Points:
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-
Changes (by catalyst):

 * severity:   => Normal


Comment:

 There are multiple conflicting definitions of pluggable transport
 arguments that probably cannot be made consistent in a backward-compatible
 way.  https://gitweb.torproject.org/torspec.git/tree/pt-spec.txt#n368
 defines the general BNF syntax for a managed transport process-to-parent
 communication, which excludes NUL and NL.  The `SMETHOD` syntax at
 https://gitweb.torproject.org/torspec.git/tree/pt-spec.txt#n544 looks more
 ad-hoc, but it implies that the options are space-separated words.  The
 `ARGS` option is `k=v` pairs separated by commas, and only has provisions
 for escaping commas and equals signs (but not NUL, NL, SP, or backslash).

 Ultimately, the SMETHOD ARGS will end up in a `Bridge` config line,
 described at https://gitweb.torproject.org/torspec.git/tree/proposals/180
 -pluggable-transport.txt#n146.  This config line has space-separated `k=v`
 pairs.  The syntax has provisions for escaping backslash and semicolon but
 not spaces, equals signs, commas, newlines, or NUL characters.  The
 `tor(1)` manual page is out of date and doesn't reflect the prop180 config
 line syntax.  (This is bug #20341.)

 https://gitweb.torproject.org/torspec.git/tree/bridgedb-spec.txt#n93 says
 the arguments are comma-separated `k=v` pairs, but
 https://gitweb.torproject.org/torspec.git/tree/bridgedb-spec.txt#n338 then
 recommends displaying them as space-separated `k=v` pairs.  (This is
 consistent with the prop180 config line syntax.)

 After IRC discussion with arma and Yawning, it seems that the best
 solution may be to amend the specs to disallow certain characters from
 keys or values in transport args, such as NUL, NL, SP, backslash, equals
 sign, comma, and maybe semicolon.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #21986 [Internal Services/Service - deb.tpo]: Ubuntu 17.04 isn't included in Tor Project "deb" server

2017-04-18 Thread Tor Bug Tracker & Wiki 
#21986: Ubuntu 17.04 isn't included in Tor Project "deb" server
-+-
 Reporter:  Chai T. Rex  |  Owner:  weasel
 Type:  defect   | Status:
 |  assigned
 Priority:  Medium   |  Milestone:
Component:  Internal Services/Service - deb.tpo  |Version:
 Severity:  Normal   | Resolution:
 Keywords:   |  Actual Points:
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-
Changes (by cypherpunks):

 * owner:   => weasel
 * status:  new => assigned
 * component:  - Select a component => Internal Services/Service - deb.tpo


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #21983 [Applications/Tor Browser]: Should we do more to discourage custom prefs and nonstandard addons?

2017-04-18 Thread Tor Bug Tracker & Wiki 
#21983: Should we do more to discourage custom prefs and nonstandard addons?
-+--
 Reporter:  arthuredelstein  |  Owner:  tbb-team
 Type:  defect   | Status:  new
 Priority:  Medium   |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tbb-usability, tbb-security  |  Actual Points:
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+--
Changes (by yawning):

 * cc: yawning (added)


Comment:

 Maybe?

 For what it's worth, `sandboxed-tor-browser` uses a read-only extensions
 directory, unless the user explicitly configures it read/write.  It
 doesn't do anything with prefs, beyond locking certain prefs.

 In general my feeling is that if people want to reduce their anonymity
 set/get owned because they decied to installing random addons or setting
 placebo tinfoil hat prefs they copy-pasted off some blog/forum/whatever,
 they should be free to.

 I think a different question is, should we have something equivalent to
 `/proc/sys/kernel/tainted` so it's blatantly obvious that they voided
 their (non-existent) warranty when something breaks.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #21662 [Core Tor/Tor]: prop278: Add support for LZMA2 and/or Zstandard

2017-04-18 Thread Tor Bug Tracker & Wiki 
#21662: prop278: Add support for LZMA2 and/or Zstandard
+--
 Reporter:  ahf |  Owner:  ahf
 Type:  task| Status:  needs_review
 Priority:  Medium  |  Milestone:  Tor:
|  0.3.1.x-final
Component:  Core Tor/Tor|Version:
 Severity:  Normal  | Resolution:
 Keywords:  TorCoreTeam201703, prop278  |  Actual Points:
Parent ID:  | Points:  2
 Reviewer:  |Sponsor:  Sponsor4
+--
Changes (by ahf):

 * status:  accepted => needs_review


Comment:

 Ready for review: https://gitlab.com/ahf/tor/merge_requests/2/

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #21986 [- Select a component]: Ubuntu 17.04 isn't included in Tor Project "deb" server

2017-04-18 Thread Tor Bug Tracker & Wiki 
#21986: Ubuntu 17.04 isn't included in Tor Project "deb" server
--+-
 Reporter:  Chai T. Rex   |  Owner:
 Type:  defect| Status:  new
 Priority:  Medium|  Milestone:
Component:  - Select a component  |Version:
 Severity:  Normal|   Keywords:
Actual Points:|  Parent ID:
   Points:|   Reviewer:
  Sponsor:|
--+-
 Ubuntu 17.04 [https://wiki.ubuntu.com/ZestyZapus/ReleaseSchedule#line-41
 was released on April 13th], but the
 [https://deb.torproject.org/torproject.org/dists/ list of distributions on
 the Tor Project "deb" server] doesn't yet include 17.04's "zesty"
 codename.

 Can it please be added?

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #21949 [User Experience/Website]: Identifying the requirements of the four torproject.org portals

2017-04-18 Thread Tor Bug Tracker & Wiki 
#21949: Identifying the requirements of the four torproject.org portals
-+--
 Reporter:  linda|  Owner:  linda
 Type:  defect   | Status:  assigned
 Priority:  Medium   |  Milestone:
Component:  User Experience/Website  |Version:
 Severity:  Normal   | Resolution:
 Keywords:   |  Actual Points:
Parent ID:  #21222   | Points:
 Reviewer:   |Sponsor:
-+--

Comment (by linda):

 Content is being discussed
 
[https://docs.google.com/document/d/1xT0TTH_jI32xwU4sz7XwgLtFDoqj97uL5JhQauIOl4A/edit#
 here] if people want to join in the conversation!

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #21949 [User Experience/Website]: Identifying the requirements of the four torproject.org portals

2017-04-18 Thread Tor Bug Tracker & Wiki 
#21949: Identifying the requirements of the four torproject.org portals
-+--
 Reporter:  linda|  Owner:  linda
 Type:  defect   | Status:  assigned
 Priority:  Medium   |  Milestone:
Component:  User Experience/Website  |Version:
 Severity:  Normal   | Resolution:
 Keywords:   |  Actual Points:
Parent ID:  #21222   | Points:
 Reviewer:   |Sponsor:
-+--
Description changed by linda:

Old description:

> = Objective =
>
> Write user stories for all four portals to define the content
> requirements for each page.
>
> = Definition =
>
> * A user story describes the type of user, what they want and why. A user
> story helps to create a simplified description of a requirement. It is a
> description of a software feature from an end-user perspective.
>
> = Methodology =
>
> Talk with stakeholders of each portal, write user stories.
>
> = Results =
>
> '' Linda will post user stories after they are written.''

New description:

 = Objective =

 Write user stories for all four portals to define the content requirements
 for each page.

 = Definition =

 * A user story describes the type of user, what they want and why. A user
 story helps to create a simplified description of a requirement. It is a
 description of a software feature from an end-user perspective.

 = Methodology =

 Talk with stakeholders of each portal, write user stories.

 = Results =

 HOME
 * Audience: first-time Tor users, people curious about Tor, press
 * Purpose: host critical first-user information and redirect people to the
 appropriate portals

 DEV
 * Audience: TPI devs, contract/volunteer devs, people who want to
 volunteer
 * Purpose: sync all the high-level information about work being done on
 Tor

 SUPPORT
 * Audience: first-time Tor users, relay operators, Tor users with issues
 * Purpose: help install Tor Browser, resolve common questions,
 troubleshoot common errors

 OUTREACH
 * Audience: Tor trainers, Tor speakers, Tor-evangelists on the ground
 * Purpose: give people excited about Tor what they need to energize more
 people about Tor

--

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #21985 [Internal Services/Tor Sysadmin Team]: Please refresh my key certifications

2017-04-18 Thread Tor Bug Tracker & Wiki 
#21985: Please refresh my key certifications
-+
 Reporter:  micah|  Owner:  tpa
 Type:  defect   | Status:  closed
 Priority:  Medium   |  Milestone:
Component:  Internal Services/Tor Sysadmin Team  |Version:
 Severity:  Normal   | Resolution:  fixed
 Keywords:  openpgp, expiration  |  Actual Points:
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+
Changes (by weasel):

 * status:  new => closed
 * resolution:   => fixed


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #21984 [Applications/Tor Browser]: Tor Browser vulnerable with AudioContext Fingerprinting test

2017-04-18 Thread Tor Bug Tracker & Wiki 
#21984: Tor Browser vulnerable with AudioContext Fingerprinting test
--+--
 Reporter:  Sampei|  Owner:  tbb-team
 Type:  defect| Status:  new
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:
 Keywords:|  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+--

Comment (by arma):

 Looks like a subset of #13017 ?

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #21985 [Internal Services/Tor Sysadmin Team]: Please refresh my key certifications

2017-04-18 Thread Tor Bug Tracker & Wiki 
#21985: Please refresh my key certifications
-+-
 Reporter:  micah|  Owner:  tpa
 Type:  defect   | Status:  new
 Priority:  Medium   |  Milestone:
Component:  Internal Services/Tor Sysadmin   |Version:
  Team   |   Keywords:  openpgp,
 Severity:  Normal   |  expiration
Actual Points:   |  Parent ID:
   Points:   |   Reviewer:
  Sponsor:   |
-+-
 The openpgp key used for me on db.torproject.org needs to be refreshed
 from the keyservers.

 ==> : UDFormatError: Signing key
 (8CBF9A322861A790, Micah) has expired

 I changed my passwd in db.t.o yesterday after generating a new one in my
 password manager, but now when I try to login with it today, I am not able
 to login. So I wanted to reset my password so I could fix that.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #21984 [Applications/Tor Browser]: Tor Browser vulnerable with AudioContext Fingerprinting test

2017-04-18 Thread Tor Bug Tracker & Wiki 
#21984: Tor Browser vulnerable with AudioContext Fingerprinting test
--+--
 Reporter:  Sampei|  Owner:  tbb-team
 Type:  defect| Status:  new
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:
 Keywords:|  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+--
Changes (by arma):

 * owner:   => tbb-team
 * version:  Tor: unspecified =>
 * component:  - Select a component => Applications/Tor Browser


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #21980 [Core Tor/Tor]: prop224: Implement time period functions

2017-04-18 Thread Tor Bug Tracker & Wiki 
#21980: prop224: Implement time period functions
-+
 Reporter:  dgoulet  |  Owner:  asn
 Type:  enhancement  | Status:  needs_review
 Priority:  Medium   |  Milestone:  Tor: 0.3.1.x-final
Component:  Core Tor/Tor |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tor-hs, prop224  |  Actual Points:
Parent ID:  #21888   | Points:  0.5
 Reviewer:  nickm|Sponsor:  SponsorR-must
-+
Changes (by asn):

 * cc: asn (added)


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #21978 [Core Tor/Tor]: hs: Decouple adding and validating a service

2017-04-18 Thread Tor Bug Tracker & Wiki 
#21978: hs: Decouple adding and validating a service
-+
 Reporter:  dgoulet  |  Owner:  dgoulet
 Type:  enhancement  | Status:  needs_review
 Priority:  Medium   |  Milestone:  Tor: 0.3.1.x-final
Component:  Core Tor/Tor |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tor-hs, prop224  |  Actual Points:
Parent ID:  #21888   | Points:  0.2
 Reviewer:  asn  |Sponsor:  SponsorR-must
-+
Changes (by asn):

 * reviewer:   => asn


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #21962 [Applications/Tor Browser]: Segmentation fault with "high" security when changing in about:addons to "Extensions" or "Appearance"

2017-04-18 Thread Tor Bug Tracker & Wiki 
#21962: Segmentation fault with "high" security when changing in about:addons to
"Extensions" or "Appearance"
-+-
 Reporter:  viktorj  |  Owner:
 |  arthuredelstein
 Type:  defect   | Status:
 |  accepted
 Priority:  Very High|  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Major| Resolution:
 Keywords:  tbb-crash, tbb-usability, ff52-esr,  |  Actual Points:
  tbb-7.0-must-alpha, TorBrowserTeam201704   |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
 |  Sponsor4
-+-

Comment (by mcs):

 Kathy and I are also looking at this ticket. Arthur, please let us know if
 you are making progress so we are not duplicating work.

 We can reproduce the crash, and we believe that the immediate cause is the
 `static_cast` that is in this code from Element.cpp:
 {{{
 const nsAttrValue*
 nsIContent::DoGetClasses() const
 {
   MOZ_ASSERT(HasFlag(NODE_MAY_HAVE_CLASS), "Unexpected call");
   MOZ_ASSERT(IsElement(), "Only elements can have classes");

   if (IsSVGElement()) {
 const nsAttrValue* animClass =
   static_cast(this)->GetAnimatedClassName();
 if (animClass) {
   return animClass;
 }
   }

   return AsElement()->GetParsedAttr(nsGkAtoms::_class);
 }
 }}}

 But the above code is not new. Our current working theory is that SVGs are
 being blocked in error early during creation of the about:addons document
 (and possibly in other cases) even though they should be allowed. If some
 time later SVGs are perceived as allowed, then Bad Things will occur such
 as doing a static_cast to the wrong kind of object.

 In theory, and hopefully in practice, the Mozilla patch to block SVGs is
 better than our approach because it assigns an alternate namespace for
 SVGs at element creation time, which should avoid these kinds of
 static_cast bugs.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #10591 [User Experience/Website]: Create a sitemap for current torproject.org website

2017-04-18 Thread Tor Bug Tracker & Wiki 
#10591: Create a sitemap for current torproject.org website
-+---
 Reporter:  phobos   |  Owner:  isabela
 Type:  task | Status:  closed
 Priority:  Medium   |  Milestone:  WebsiteV3
Component:  User Experience/Website  |Version:
 Severity:  Normal   | Resolution:  fixed
 Keywords:  www-team easy defer-new-website  |  Actual Points:
Parent ID:  #18243   | Points:
 Reviewer:   |Sponsor:
-+---
Changes (by isabela):

 * status:  assigned => closed
 * resolution:   => fixed


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #21984 [- Select a component]: Tor Browser vulnerable with AudioContext Fingerprinting test

2017-04-18 Thread Tor Bug Tracker & Wiki 
#21984: Tor Browser vulnerable with AudioContext Fingerprinting test
--+--
 Reporter:  Sampei|  Owner:
 Type:  defect| Status:  new
 Priority:  Medium|  Milestone:
Component:  - Select a component  |Version:  Tor: unspecified
 Severity:  Normal|   Keywords:
Actual Points:|  Parent ID:
   Points:|   Reviewer:
  Sponsor:|
--+--
 Stabe Tor Browser is vulnerable at the test below:

 https://audiofingerprint.openwpm.com/

 solution

 about:config

 dom.webaudio.enabled

 set to false

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #21555 [Applications/Tor Browser]: Twitter like button not working on 6.5

2017-04-18 Thread Tor Bug Tracker & Wiki 
#21555: Twitter like button not working on 6.5
-+-
 Reporter:  isabela  |  Owner:
 |  arthuredelstein
 Type:  defect   | Status:  closed
 Priority:  High |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:  fixed
 Keywords:  tbb-usability-website,   |  Actual Points:
  TorBrowserTeam201703R  |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-

Comment (by arthuredelstein):

 Replying to [comment:21 cypherpunks]:
 > It is disconcerting that isis posted a workaround (danke!) six weeks ago
 but didn't mention the downsides to this workaround (nicht danke!).

 > I think it is a bit irresponsible of isis to recommend this workaround
 here without informing users of the risks.

 I think you are misunderstanding the discussion there. In comment:18, Isis
 did a diagnostic test on an old version of Tor Browser to help with
 developing a patch for this bug. That purpose was clear from the context
 -- there's no indication that a workaround was being proposed.

 Besides, this bug tracker is intended for discussing software development.
 As such, ideas will be freely proposed and discarded. So one should be
 very hesitant to take a bug comment as advice for users.

 > Maybe a Tor Browser upgrade should fix the damage done by this advice
 (and force the setting back to `1`)?

 You do bring up an important point, that nonstandard prefs in Tor Browser
 are dangerous for users, and perhaps more users are naively changing prefs
 than we realize. I opened a ticket to examine this overall problem: #21983

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #21983 [Applications/Tor Browser]: Should we do more to discourage custom prefs and nonstandard addons?

2017-04-18 Thread Tor Bug Tracker & Wiki 
#21983: Should we do more to discourage custom prefs and nonstandard addons?
-+-
 Reporter:  arthuredelstein  |  Owner:  tbb-team
 Type:  defect   | Status:  new
 Priority:  Medium   |  Milestone:
Component:  Applications/Tor |Version:
  Browser|   Keywords:  tbb-usability, tbb-
 Severity:  Normal   |  security
Actual Points:   |  Parent ID:
   Points:   |   Reviewer:
  Sponsor:   |
-+-
 We make some effort to discourage users from setting nonstandard prefs in
 Tor Browser, or installing 3rd-party extensions/plugins. But maybe we can
 do more? For example, should we pop up a warning about deanonymization
 when users first attempt to modify a pref or install an addon? And if
 users click past that warning, should be periodically pop up warnings in
 the future to let users know they have nonstandard prefs or a nonstandard
 addon installed?

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #21923 [Applications/Tor Browser]: Allowing only HTTPS JavaScript on the medium security slider level is broken

2017-04-18 Thread Tor Bug Tracker & Wiki 
#21923: Allowing only HTTPS JavaScript on the medium security slider level is
broken
-+-
 Reporter:  gk   |  Owner:  tbb-
 |  team
 Type:  defect   | Status:
 |  needs_review
 Priority:  Very High|  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Critical | Resolution:
 Keywords:  noscript, tbb-usability-website, |  Actual Points:
  ff52-esr   |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-

Comment (by cypherpunks):

 16:02:59.098 Error: Only restartless (bootstrap) add-ons can be installed
 from sources:
 Stack trace:
 
this.XPIProvider.installAddonFromLocation<@resource://gre/modules/addons/XPIProvider.jsm:4151:13
 TaskImpl_run@resource://gre/modules/Task.jsm:319:42
 Handler.prototype.process@resource://gre/modules/Promise.jsm ->
 resource://gre/modules/Promise-backend.js:932:23
 this.PromiseWalker.walkerLoop@resource://gre/modules/Promise.jsm ->
 resource://gre/modules/Promise-backend.js:813:7
 this.PromiseWalker.scheduleWalkerLoop/<@resource://gre/modules/Promise.jsm
 -> resource://gre/modules/Promise-backend.js:747:11
  1 controls.js:63:9
 loadAddonFromFile/<
 resource://devtools/client/aboutdebugging/components/addons/controls.js:63:9
 Handler.prototype.process resource://gre/modules/Promise-
 backend.js:935:21
 this.PromiseWalker.walkerLoop resource://gre/modules/Promise-
 backend.js:813:7
 this.PromiseWalker.scheduleWalkerLoop/< resource://gre/modules
 /Promise-backend.js:747:11

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #21555 [Applications/Tor Browser]: Twitter like button not working on 6.5

2017-04-18 Thread Tor Bug Tracker & Wiki 
#21555: Twitter like button not working on 6.5
-+-
 Reporter:  isabela  |  Owner:
 |  arthuredelstein
 Type:  defect   | Status:  closed
 Priority:  High |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:  fixed
 Keywords:  tbb-usability-website,   |  Actual Points:
  TorBrowserTeam201703R  |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-

Comment (by cypherpunks):

 Replying to [comment:18 isis]:
 > Replying to [comment:4 gk]:
 > > Could someone with Twitter presence double-check that this is not a
 6.5 regression by trying to hit the like buttons with 6.0.8?
 >
 > With `network.cookie.cookieBehavior` set to 1 on 6.0.8, both retweets
 and likes are broken. Setting the pref to 0 fixes it.

 It is disconcerting that isis posted a workaround (danke!) six weeks ago
 but didn't mention the downsides to this workaround (nicht danke!). Now
 that this is due to be fixed tomorrow (according to
 https://twitter.com/torproject/status/852640132054360064 anyway) I wonder
 how many twitter+tor users have forgotten all about this and will
 permanently leave their `cookieBehavior` set to `0`.

 For anybody reading this ticket who doesn't realize: setting
 `cookieBehavior` to `0` means that Tor Browser will send 3rd party
 cookies; eg if you're logged into twitter it will make it so that viewing
 randomwebsite.com with a "tweet" button will inform twitter that you went
 to that website (even if you don't click the button).

 I think it is a bit irresponsible of isis to recommend this workaround
 here without informing users of the risks. It seems certain that many
 people will now leave this setting changed, which negates one of big
 benefits of using Tor Browser.

 Maybe a Tor Browser upgrade should fix the damage done by this advice (and
 force the setting back to `1`)?

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #15910 [Applications/Tor Browser]: Figure out what to do with OpenH264 (downloads) in Tor Browser

2017-04-18 Thread Tor Bug Tracker & Wiki 
#15910: Figure out what to do with OpenH264 (downloads) in Tor Browser
--+--
 Reporter:  gk|  Owner:  tbb-team
 Type:  task  | Status:  assigned
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:
 Keywords:  ff59-esr  |  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+--
Changes (by gk):

 * keywords:  ff52-esr, tbb-7.0-must-alpha, TorBrowserTeam201704R =>
   ff59-esr
 * owner:  gk => tbb-team
 * status:  needs_review => assigned


Comment:

 Thanks. It seems we won't get it anytime soon for  support
 (https://bugzilla.mozilla.org/show_bug.cgi?id=1057646#c18). Thus, only the
 WebRTC usecase remains. We are still disabling that one, though. Moving
 this on our ESR59 radar then.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #21981 [Applications/Quality Assurance and Testing]: Update marionette version used in Tor Browser test suite

2017-04-18 Thread Tor Bug Tracker & Wiki 
#21981: Update marionette version used in Tor Browser test suite
-+-
 Reporter:  boklm|  Owner:  boklm
 Type:  task | Status:  closed
 Priority:  High |  Milestone:
Component:  Applications/Quality Assurance and   |Version:
  Testing|
 Severity:  Normal   | Resolution:  fixed
 Keywords:  TorBrowserTeam201704 |  Actual Points:
Parent ID:  #21982   | Points:
 Reviewer:   |Sponsor:
-+-
Changes (by boklm):

 * status:  new => closed
 * resolution:   => fixed


Comment:

 This is done in commit 51431cd2249579ef09c3d2bd4a470cda49ad045e.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #21981 [Applications/Quality Assurance and Testing]: Update marionette version used in Tor Browser test suite

2017-04-18 Thread Tor Bug Tracker & Wiki 
#21981: Update marionette version used in Tor Browser test suite
-+-
 Reporter:  boklm|  Owner:  boklm
 Type:  task | Status:  new
 Priority:  High |  Milestone:
Component:  Applications/Quality Assurance and   |Version:
  Testing|
 Severity:  Normal   | Resolution:
 Keywords:  TorBrowserTeam201704 |  Actual Points:
Parent ID:  #21982   | Points:
 Reviewer:   |Sponsor:
-+-
Changes (by boklm):

 * parent:   => #21982


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #21982 [Applications/Quality Assurance and Testing]: Fix Tor Browser testsuite tests on ESR52

2017-04-18 Thread Tor Bug Tracker & Wiki 
#21982: Fix Tor Browser testsuite tests on ESR52
-+-
 Reporter:  boklm|  Owner:  boklm
 Type:  task | Status:  new
 Priority:  High |  Milestone:
Component:  Applications/Quality Assurance   |Version:
  and Testing|   Keywords:
 Severity:  Normal   |  TorBrowserTeam201704
Actual Points:   |  Parent ID:
   Points:   |   Reviewer:
  Sponsor:   |
-+-
 We need to fix the tests that are failing on ESR52 Tor Browser.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #21980 [Core Tor/Tor]: prop224: Implement time period functions

2017-04-18 Thread Tor Bug Tracker & Wiki 
#21980: prop224: Implement time period functions
-+
 Reporter:  dgoulet  |  Owner:  asn
 Type:  enhancement  | Status:  needs_review
 Priority:  Medium   |  Milestone:  Tor: 0.3.1.x-final
Component:  Core Tor/Tor |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tor-hs, prop224  |  Actual Points:
Parent ID:  #21888   | Points:  0.5
 Reviewer:  nickm|Sponsor:  SponsorR-must
-+
Changes (by dgoulet):

 * status:  new => needs_review
 * reviewer:   => nickm


Comment:

 This work has been done by asn and reviewed by me already so setting this
 for nickm.

 Tor code: `ticket21980_031_01`
 Gitlab: https://gitlab.com/dgoulet/tor/merge_requests/27

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #21981 [Applications/Quality Assurance and Testing]: Update marionette version used in Tor Browser test suite

2017-04-18 Thread Tor Bug Tracker & Wiki 
#21981: Update marionette version used in Tor Browser test suite
-+-
 Reporter:  boklm|  Owner:  boklm
 Type:  task | Status:  new
 Priority:  High |  Milestone:
Component:  Applications/Quality Assurance   |Version:
  and Testing|   Keywords:
 Severity:  Normal   |  TorBrowserTeam201704
Actual Points:   |  Parent ID:
   Points:   |   Reviewer:
  Sponsor:   |
-+-
 The version of marionette we are currently using does not seem to work
 with ESR52. We should use a new version of marionette.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #21980 [Core Tor/Tor]: prop224: Implement time period functions

2017-04-18 Thread Tor Bug Tracker & Wiki 
#21980: prop224: Implement time period functions
---+
 Reporter:  dgoulet|  Owner:  asn
 Type:  enhancement| Status:  new
 Priority:  Medium |  Milestone:  Tor: 0.3.1.x-final
Component:  Core Tor/Tor   |Version:
 Severity:  Normal |   Keywords:  tor-hs, prop224
Actual Points: |  Parent ID:  #21888
   Points:  0.5|   Reviewer:
  Sponsor:  SponsorR-must  |
---+
 Time period functions that we need in order to know where to
 upload/download the descriptor.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #21979 [Core Tor/Tor]: prop224: Load and configure service

2017-04-18 Thread Tor Bug Tracker & Wiki 
#21979: prop224: Load and configure service
-+
 Reporter:  dgoulet  |  Owner:  dgoulet
 Type:  enhancement  | Status:  accepted
 Priority:  Medium   |  Milestone:  Tor: 0.3.1.x-final
Component:  Core Tor/Tor |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tor-hs, prop224  |  Actual Points:
Parent ID:  #20657   | Points:  6
 Reviewer:   |Sponsor:  SponsorR-must
-+
Changes (by dgoulet):

 * status:  new => accepted


Comment:

 This depends on #21978 branch so I'll wait for it to be merged upstream
 before submitting a branch for review.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #21979 [Core Tor/Tor]: prop224: Load and configure service

2017-04-18 Thread Tor Bug Tracker & Wiki 
#21979: prop224: Load and configure service
---+
 Reporter:  dgoulet|  Owner:  dgoulet
 Type:  enhancement| Status:  new
 Priority:  Medium |  Milestone:  Tor: 0.3.1.x-final
Component:  Core Tor/Tor   |Version:
 Severity:  Normal |   Keywords:  tor-hs, prop224
Actual Points: |  Parent ID:  #20657
   Points:  6  |   Reviewer:
  Sponsor:  SponsorR-must  |
---+
 This is a much bigger patch implementing a key feature of hidden service.
 Loading and configuring a service from the torrc file.

 A new object is added which is `hs_service_t` representing a v3 service.
 The `hs_config.[ch]` files are introduced which loads the options and
 create an `hs_service_t` object out of it.

 Like the legacy code, it goes in two steps. First, load the options and
 validate. Then, load/generate the keys if not in validate mode.

 Some refactoring of the legacy code was needed in order to have a central
 entry point for the configuration of the HS options for both v2 and v3.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #15910 [Applications/Tor Browser]: Figure out what to do with OpenH264 (downloads) in Tor Browser

2017-04-18 Thread Tor Bug Tracker & Wiki 
#15910: Figure out what to do with OpenH264 (downloads) in Tor Browser
-+-
 Reporter:  gk   |  Owner:  gk
 Type:  task | Status:
 |  needs_review
 Priority:  Medium   |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  ff52-esr, tbb-7.0-must-alpha,|  Actual Points:
  TorBrowserTeam201704R  |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-

Comment (by mcs):

 Replying to [comment:25 gk]:
 > mcs/brade: Could have a quick look at the patch (even if it is post
 factum)?

 r=brade, r=mcs
 This looks like the correct fix.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #21978 [Core Tor/Tor]: hs: Decouple adding and validating a service

2017-04-18 Thread Tor Bug Tracker & Wiki 
#21978: hs: Decouple adding and validating a service
-+
 Reporter:  dgoulet  |  Owner:  dgoulet
 Type:  enhancement  | Status:  needs_review
 Priority:  Medium   |  Milestone:  Tor: 0.3.1.x-final
Component:  Core Tor/Tor |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tor-hs, prop224  |  Actual Points:
Parent ID:  #21888   | Points:  0.2
 Reviewer:   |Sponsor:  SponsorR-must
-+
Changes (by dgoulet):

 * status:  new => needs_review


Comment:

 Tor code: `ticket21978_031_01`
 Gitlab: https://gitlab.com/dgoulet/tor/merge_requests/26

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #21978 [Core Tor/Tor]: hs: Decouple adding and validating a service

2017-04-18 Thread Tor Bug Tracker & Wiki 
#21978: hs: Decouple adding and validating a service
---+
 Reporter:  dgoulet|  Owner:  dgoulet
 Type:  enhancement| Status:  new
 Priority:  Medium |  Milestone:  Tor: 0.3.1.x-final
Component:  Core Tor/Tor   |Version:
 Severity:  Normal |   Keywords:  tor-hs, prop224
Actual Points: |  Parent ID:  #21888
   Points:  0.2|   Reviewer:
  Sponsor:  SponsorR-must  |
---+
 One commit that splits the `rend_add_service()` function into two
 functions. One actually adding the service to the global list and the
 second one to validate the service thus adding a new function:
 `rend_validate_service()`

 We need this for prop224 code that will in two steps validate and then add
 the service when loading a service from configuration.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #21587 [Metrics/Metrics website]: Improve running bridges statistic by skipping statuses without any running bridges

2017-04-18 Thread Tor Bug Tracker & Wiki 
#21587: Improve running bridges statistic by skipping statuses without any 
running
bridges
-+--
 Reporter:  karsten  |  Owner:  metrics-team
 Type:  defect   | Status:  merge_ready
 Priority:  Medium   |  Milestone:
Component:  Metrics/Metrics website  |Version:
 Severity:  Normal   | Resolution:
 Keywords:   |  Actual Points:
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+--
Changes (by iwakeh):

 * status:  needs_review => merge_ready


Comment:

 The reasoning makes sense and the fix looks ok.
 Maybe, log a warning for the zero running bridges case?

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #21871 [Core Tor/Tor]: prop224: Change descriptor format for legacy encryption key

2017-04-18 Thread Tor Bug Tracker & Wiki 
#21871: prop224: Change descriptor format for legacy encryption key
-+
 Reporter:  dgoulet  |  Owner:  dgoulet
 Type:  enhancement  | Status:  needs_review
 Priority:  Medium   |  Milestone:  Tor: 0.3.1.x-final
Component:  Core Tor/Tor |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tor-hs, prop224  |  Actual Points:
Parent ID:  #21888   | Points:  3
 Reviewer:   |Sponsor:  SponsorR-must
-+
Changes (by dgoulet):

 * status:  needs_revision => needs_review


Comment:

 Here is a version 2. I had to squash two commits together because the
 first one (which was the remove private key from hs_descriptor.h) didn't
 make sense at all with the next commit which changes the descriptor format
 of encryption keys. It was actually just more complicated to deal with
 both in two commits and not adding any useful semantic.

 I've fixed one of the comment in the merge request, the two others are in
 discussion mode I guess.

 Torspec: `ticket21871_01`
 Tor code: `ticket21871_031_02`
 Gitlab: https://gitlab.com/dgoulet/tor/merge_requests/25

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #21578 [Metrics/Metrics website]: Resolve deprecation warnings after upgrading to metrics-lib 1.6.0

2017-04-18 Thread Tor Bug Tracker & Wiki 
#21578: Resolve deprecation warnings after upgrading to metrics-lib 1.6.0
-+--
 Reporter:  karsten  |  Owner:  metrics-team
 Type:  defect   | Status:  merge_ready
 Priority:  Medium   |  Milestone:
Component:  Metrics/Metrics website  |Version:
 Severity:  Normal   | Resolution:
 Keywords:   |  Actual Points:
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+--
Changes (by iwakeh):

 * status:  needs_review => merge_ready


Comment:

 All deprecation warnings are gone.
 Merge ready.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #21542 [Applications/Tor Launcher]: use Subprocess.jsm to launch tor

2017-04-18 Thread Tor Bug Tracker & Wiki 
#21542: use Subprocess.jsm to launch tor
---+---
 Reporter:  mcs|  Owner:  brade
 Type:  defect | Status:  new
 Priority:  Medium |  Milestone:
Component:  Applications/Tor Launcher  |Version:
 Severity:  Normal | Resolution:
 Keywords:  tbb-usability, ff52-esr|  Actual Points:
Parent ID:  #10059 | Points:
 Reviewer: |Sponsor:
---+---

Comment (by mcs):

 Replying to [comment:4 arma]:
 > Sounds plausible!
 >
 > Right now Tor has a hard-coded log to stdout that it adds during
 startup, but we could -- hm. I was going to say we could make it
 configurable, but that won't work. I guess Tor Browser could patch Tor
 before building it, to make that stdout into a stderr?

 Firefox's Subprocess.jsm allows access to both stdout and stderr, so I
 don't think the network team needs to make any changes. I just assumed the
 log was being sent to stderr. Is anything sent to stderr?

 Obviously the advantage of this approach (capture tor's stdout) over the
 one described in ticket:10059#comment:17 is that in most cases
 '''something''' will be logged to stdout even if tor never gets to the
 point of opening a control port listener.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #21662 [Core Tor/Tor]: prop278: Add support for LZMA2 and/or Zstandard

2017-04-18 Thread Tor Bug Tracker & Wiki 
#21662: prop278: Add support for LZMA2 and/or Zstandard
+--
 Reporter:  ahf |  Owner:  ahf
 Type:  task| Status:  accepted
 Priority:  Medium  |  Milestone:  Tor:
|  0.3.1.x-final
Component:  Core Tor/Tor|Version:
 Severity:  Normal  | Resolution:
 Keywords:  TorCoreTeam201703, prop278  |  Actual Points:
Parent ID:  | Points:  2
 Reviewer:  |Sponsor:  Sponsor4
+--

Comment (by ahf):

 Starting to track the cleaned up commits in:
 https://gitlab.com/ahf/tor/merge_requests/2

 Currently LZMA support is available - Zstandard coming up.

 Note that this code depends upon the code that is currently being reviewed
 as part of #21663.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #21776 [Applications/Tor Browser]: ESR52 based Tor Browser does not redirect to Trac bug after login

2017-04-18 Thread Tor Bug Tracker & Wiki 
#21776: ESR52 based Tor Browser does not redirect to Trac bug after login
--+
 Reporter:  gk|  Owner:  tbb-team
 Type:  defect| Status:  closed
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:  worksforme
 Keywords:  ff52-esr  |  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+
Changes (by gk):

 * status:  new => closed
 * resolution:   => worksforme


Comment:

 Works now, thanks weasel.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #21776 [Applications/Tor Browser]: ESR52 based Tor Browser does not redirect to Trac bug after login

2017-04-18 Thread Tor Bug Tracker & Wiki 
#21776: ESR52 based Tor Browser does not redirect to Trac bug after login
--+--
 Reporter:  gk|  Owner:  tbb-team
 Type:  defect| Status:  new
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:
 Keywords:  ff52-esr  |  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+--

Comment (by cypherpunks):

 Looks plausible.
 There is another issue
 {{{
 13:10:10.856 An error occurred during a connection to
 trac.torproject.org:443.

 The client has encountered bad data from the server.

 Error code: SSL_ERROR_BAD_SERVER
  1 (unknown)
 }}}
 with various sites, and I suspect it is client-side.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #21776 [Applications/Tor Browser]: ESR52 based Tor Browser does not redirect to Trac bug after login

2017-04-18 Thread Tor Bug Tracker & Wiki 
#21776: ESR52 based Tor Browser does not redirect to Trac bug after login
--+--
 Reporter:  gk|  Owner:  tbb-team
 Type:  defect| Status:  new
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:
 Keywords:  ff52-esr  |  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+--

Comment (by weasel):

 I suspect this was an effect of sending Referrer-Policy: no-referrer,
 which has now been replaced with sending Referrer-Policy: same-origin,
 server-side.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #21971 [Core Tor/Tor]: Coverity issues in HS circuitmap unittests

2017-04-18 Thread Tor Bug Tracker & Wiki 
#21971: Coverity issues in HS circuitmap unittests
-+
 Reporter:  asn  |  Owner:
 Type:  defect   | Status:  merge_ready
 Priority:  Medium   |  Milestone:  Tor: 0.3.1.x-final
Component:  Core Tor/Tor |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tor-hs prop224 coverity  |  Actual Points:
Parent ID:   | Points:  0.3
 Reviewer:   |Sponsor:  SponsorR-can
-+
Changes (by dgoulet):

 * status:  needs_review => merge_ready


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #21776 [Applications/Tor Browser]: ESR52 based Tor Browser does not redirect to Trac bug after login

2017-04-18 Thread Tor Bug Tracker & Wiki 
#21776: ESR52 based Tor Browser does not redirect to Trac bug after login
--+--
 Reporter:  gk|  Owner:  tbb-team
 Type:  defect| Status:  new
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:
 Keywords:  ff52-esr  |  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+--

Comment (by cypherpunks):

 Seems to be fixed in 7.0a3.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #21971 [Core Tor/Tor]: Coverity issues in HS circuitmap unittests

2017-04-18 Thread Tor Bug Tracker & Wiki 
#21971: Coverity issues in HS circuitmap unittests
-+
 Reporter:  asn  |  Owner:
 Type:  defect   | Status:  needs_review
 Priority:  Medium   |  Milestone:  Tor: 0.3.1.x-final
Component:  Core Tor/Tor |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tor-hs prop224 coverity  |  Actual Points:
Parent ID:   | Points:  0.3
 Reviewer:   |Sponsor:  SponsorR-can
-+

Comment (by dgoulet):

 Hmmm, patch lgtm but I see possibly other type check issue like in
 `test_establish_intro_wrong_purpose()` where we have:

 {{{
   ssize_t cell_len = 0;
   [...]
   tt_int_op(cell_len, >, 0);
 }}}

 Seems that Coverity doesn't bark on that one and I doubt it's harmful
 also...

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #21953 [Core Tor/Tor]: Dealing with Tor hardening on Windows properly

2017-04-18 Thread Tor Bug Tracker & Wiki 
#21953: Dealing with Tor hardening on Windows properly
--+
 Reporter:  cypherpunks   |  Owner:
 Type:  defect| Status:  assigned
 Priority:  Medium|  Milestone:  Tor: 0.3.1.x-final
Component:  Core Tor/Tor  |Version:
 Severity:  Normal| Resolution:
 Keywords:  030-backport  |  Actual Points:
Parent ID:| Points:  0.1
 Reviewer:|Sponsor:
--+

Comment (by cypherpunks):

 Thanks, Nick. Let's see how long does the formal process take.

 @gk: It is tbb-wants since 2009 at least, so it could be tbb-needs in
 2017. Official Tor builds for Windows are used (and produced) primarily by
 Tor Browser, so it is affected.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #21766 [Applications/Tor Browser]: Tor Browser based on ESR52 with e10s enabled crashed while trying to download a file

2017-04-18 Thread Tor Bug Tracker & Wiki 
#21766: Tor Browser based on ESR52 with e10s enabled crashed while trying to
download a file
-+-
 Reporter:  gk   |  Owner:  tbb-
 |  team
 Type:  defect   | Status:  new
 Priority:  Very High|  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Critical | Resolution:
 Keywords:  ff52-esr, TorBrowserTeam201704,  |  Actual Points:
  tbb-7.0-must-alpha, tbb-e10s, tbb-crash|
Parent ID:   | Points:
 Reviewer:   |Sponsor:
 |  Sponsor4
-+-
Changes (by gk):

 * keywords:  ff52-esr, TorBrowserTeam201704, tbb-7.0-must-alpha, tbb-e10s
 =>
 ff52-esr, TorBrowserTeam201704, tbb-7.0-must-alpha, tbb-e10s, tbb-
 crash


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #21962 [Applications/Tor Browser]: Segmentation fault with "high" security when changing in about:addons to "Extensions" or "Appearance"

2017-04-18 Thread Tor Bug Tracker & Wiki 
#21962: Segmentation fault with "high" security when changing in about:addons to
"Extensions" or "Appearance"
-+-
 Reporter:  viktorj  |  Owner:
 |  arthuredelstein
 Type:  defect   | Status:
 |  accepted
 Priority:  Very High|  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Major| Resolution:
 Keywords:  tbb-crash, tbb-usability, ff52-esr,  |  Actual Points:
  tbb-7.0-must-alpha, TorBrowserTeam201704   |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
 |  Sponsor4
-+-

Comment (by gk):

 FWIW: This is not e10s related. We are crashing somewhere in CSS code:
 {{{
 #0  nsAttrValue::Contains (this=this@entry=0xa5a5a5a5a5a5a5a5,
 aValue=0x7fffc869cb80, aCaseSensitive=eCaseMatters)
 at /home/debian/build/tor-browser/dom/base/nsAttrValue.cpp:1163
 #1  0x73a0024b in SelectorMatches (aElement=0x7fffc407d600,
 aSelector=0x7fffd708e460, aNodeMatchContext=...,
 aTreeMatchContext=...,
 aSelectorFlags=aSelectorFlags@entry=SelectorMatchesFlags::NONE,
 aDependence=0x0, this=)
 at /home/debian/build/tor-
 browser/layout/style/nsCSSRuleProcessor.cpp:1723
 #2  0x73a00d21 in SelectorMatches
 (aElement=aElement@entry=0x7fffc407d600,
 aSelector=aSelector@entry=0x7fffd708e460, aNodeMatchContext=...,
 aTreeMatchContext=...,
 aSelectorFlags=aSelectorFlags@entry=SelectorMatchesFlags::NONE,
 aDependence=aDependence@entry=0x0, this=)
 at /home/debian/build/tor-
 browser/layout/style/nsCSSRuleProcessor.cpp:1670
 #3  0x73a00d6c in nsCSSRuleProcessor::RestrictedSelectorMatches (
 aElement=aElement@entry=0x7fffc407d600, aSelector=0x7fffd708e460,
 aTreeMatchContext=...)
 at /home/debian/build/tor-
 browser/layout/style/nsCSSRuleProcessor.cpp:2299
 #4  0x73ac3085 in
 mozilla::ElementRestyler::SelectorMatchesForRestyle (
 this=0x7fffae20, aElement=0x7fffc407d600)
 at /home/debian/build/tor-browser/layout/base/RestyleManager.cpp:2537
 }}}

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #15910 [Applications/Tor Browser]: Figure out what to do with OpenH264 (downloads) in Tor Browser

2017-04-18 Thread Tor Bug Tracker & Wiki 
#15910: Figure out what to do with OpenH264 (downloads) in Tor Browser
-+-
 Reporter:  gk   |  Owner:  gk
 Type:  task | Status:
 |  needs_review
 Priority:  Medium   |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  ff52-esr, tbb-7.0-must-alpha,|  Actual Points:
  TorBrowserTeam201704R  |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-

Comment (by cypherpunks):

 Replying to [comment:25 gk]:
 > Thus, the browser thinks the download server is down
 Does the proper server response spoofing (`data:,`)
 solve your problem?
 > And this is no issue on Windows as we are not compiling with MSVC.
 As they are not compiling for MinGW (for now ;).

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #21964 [Core Tor/Tor]: Consdiff code accepts non-numbers in ranges

2017-04-18 Thread Tor Bug Tracker & Wiki 
#21964: Consdiff code accepts non-numbers in ranges
--+
 Reporter:  Sebastian |  Owner:
 Type:  defect| Status:  needs_review
 Priority:  Medium|  Milestone:  Tor: 0.3.1.x-final
Component:  Core Tor/Tor  |Version:
 Severity:  Normal| Resolution:
 Keywords:|  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+
Changes (by Sebastian):

 * milestone:  Tor: 0.3.2.x-final => Tor: 0.3.1.x-final


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #21964 [Core Tor/Tor]: Consdiff code accepts non-numbers in ranges

2017-04-18 Thread Tor Bug Tracker & Wiki 
#21964: Consdiff code accepts non-numbers in ranges
--+
 Reporter:  Sebastian |  Owner:
 Type:  defect| Status:  needs_review
 Priority:  Medium|  Milestone:  Tor: 0.3.2.x-final
Component:  Core Tor/Tor  |Version:
 Severity:  Normal| Resolution:
 Keywords:|  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+
Changes (by Sebastian):

 * status:  new => needs_review


Comment:

 branch consdiff_numeric in my repo

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #15910 [Applications/Tor Browser]: Figure out what to do with OpenH264 (downloads) in Tor Browser

2017-04-18 Thread Tor Bug Tracker & Wiki 
#15910: Figure out what to do with OpenH264 (downloads) in Tor Browser
-+-
 Reporter:  gk   |  Owner:  gk
 Type:  task | Status:
 |  needs_review
 Priority:  Medium   |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  ff52-esr, tbb-7.0-must-alpha,|  Actual Points:
  TorBrowserTeam201704R  |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-
Changes (by gk):

 * cc: mcs, brade (added)
 * status:  reopened => needs_review
 * keywords:  ff52-esr, tbb-7.0-must-alpha, TorBrowserTeam201704 =>
 ff52-esr, tbb-7.0-must-alpha, TorBrowserTeam201704R


Comment:

 Okay, the issue is that there is no a local fallback to contact the GMP
 download/update service. This is implemented with https://hg.mozilla.org
 /mozilla-central/rev/7c1929f35c5d. Thus, the browser thinks the download
 server is down (as we block this download) and is falling back to the new
 method. See: https://bugzilla.mozilla.org/show_bug.cgi?id=1267495 for a
 more detailed discussion. I pushed this to `tor-browser-52.1.0esr-7.0-2`
 to get the final build started (https://gitweb.torproject.org/tor-
 browser.git/commit/?h=tor-
 browser-52.1.0esr-7.0-2=72667935298e11ca5a0e2e5202a5d9e33981eedf).

 mcs/brade: Could have a quick look at the patch (even if it is post
 factum)?

 And this is no issue on Windows as we are not compiling with MSVC.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #21890 [Metrics/metrics-lib]: Don't skip unrecognized lines in certain cases

2017-04-18 Thread Tor Bug Tracker & Wiki 
#21890: Don't skip unrecognized lines in certain cases
-+---
 Reporter:  karsten  |  Owner:  metrics-team
 Type:  defect   | Status:  merge_ready
 Priority:  Medium   |  Milestone:  metrics-lib 1.7.0
Component:  Metrics/metrics-lib  |Version:
 Severity:  Normal   | Resolution:
 Keywords:   |  Actual Points:
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+---
Changes (by iwakeh):

 * milestone:   => metrics-lib 1.7.0


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #21890 [Metrics/metrics-lib]: Don't skip unrecognized lines in certain cases

2017-04-18 Thread Tor Bug Tracker & Wiki 
#21890: Don't skip unrecognized lines in certain cases
-+--
 Reporter:  karsten  |  Owner:  metrics-team
 Type:  defect   | Status:  merge_ready
 Priority:  Medium   |  Milestone:
Component:  Metrics/metrics-lib  |Version:
 Severity:  Normal   | Resolution:
 Keywords:   |  Actual Points:
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+--
Changes (by iwakeh):

 * status:  needs_review => merge_ready


Comment:

 Looks fine; new tests; all tests and checks pass.
 Ready for merge.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #21961 [Applications/Tor Browser]: shoult torbrowser enable network.IDN_show_punycode by default?

2017-04-18 Thread Tor Bug Tracker & Wiki 
#21961: shoult torbrowser enable network.IDN_show_punycode by default?
--+--
 Reporter:  cypherpunks   |  Owner:  tbb-team
 Type:  enhancement   | Status:  new
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:
 Keywords:|  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+--

Comment (by cypherpunks):

 depending on how fast you want to address this you might also wait for the
 final decision in the
 upstream ticket: https://bugzilla.mozilla.org/show_bug.cgi?id=1332714

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #21953 [Core Tor/Tor]: Dealing with Tor hardening on Windows properly

2017-04-18 Thread Tor Bug Tracker & Wiki 
#21953: Dealing with Tor hardening on Windows properly
--+
 Reporter:  cypherpunks   |  Owner:
 Type:  defect| Status:  assigned
 Priority:  Medium|  Milestone:  Tor: 0.3.1.x-final
Component:  Core Tor/Tor  |Version:
 Severity:  Normal| Resolution:
 Keywords:  030-backport  |  Actual Points:
Parent ID:| Points:  0.1
 Reviewer:|Sponsor:
--+
Changes (by gk):

 * keywords:  tbb-needs 030-backport => 030-backport


Comment:

 Replying to [comment:2 nickm]:
 > It needs a reviewer who knows Windows well. Having a patch would also be
 nice.
 >
 > Gk, do you agree this is tbb-needs?

 I don't think so. It would surely be a good thing to have but it is not
 even Tor Browser specific. Thus, removing the keyword. cypherpunks:
 Please, do not set random keywords we need to keep track of our workflow.
 Thanks.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #21961 [Applications/Tor Browser]: shoult torbrowser enable network.IDN_show_punycode by default?

2017-04-18 Thread Tor Bug Tracker & Wiki 
#21961: shoult torbrowser enable network.IDN_show_punycode by default?
--+--
 Reporter:  cypherpunks   |  Owner:  tbb-team
 Type:  enhancement   | Status:  new
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:
 Keywords:|  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+--
Changes (by gk):

 * cc: ikurua22 (added)


Comment:

 #21976 is a duplicate.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #21976 [Applications/Tor Browser]: network.IDN_show_punycode = true should be TBB default.

2017-04-18 Thread Tor Bug Tracker & Wiki 
#21976: network.IDN_show_punycode = true should be TBB default.
--+---
 Reporter:  ikurua22  |  Owner:  tbb-team
 Type:  defect| Status:  closed
 Priority:  Very High |  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:  duplicate
 Keywords:|  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+---
Changes (by gk):

 * status:  new => closed
 * resolution:   => duplicate


Comment:

 Duplicate of #21961.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #21944 [Applications/Tor Browser]: Makeing all TBB users into middle nodes to make website traffic fingerprinting attacks much harder for a attacker

2017-04-18 Thread Tor Bug Tracker & Wiki 
#21944: Makeing all TBB users into middle nodes to make website traffic
fingerprinting attacks much harder for a attacker
--+--
 Reporter:  Dbryrtfbcbhgf |  Owner:  tbb-team
 Type:  enhancement   | Status:  closed
 Priority:  High  |  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Major | Resolution:  wontfix
 Keywords:|  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+--
Changes (by gk):

 * status:  new => closed
 * resolution:   => wontfix


Comment:

 The FAQ quote has a good rationale for this WONTFIX.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #21945 [Applications/Tor Browser]: Fix initial window size on Linux

2017-04-18 Thread Tor Bug Tracker & Wiki 
#21945: Fix initial window size on Linux
-+-
 Reporter:  arthuredelstein  |  Owner:  tbb-
 |  team
 Type:  defect   | Status:  new
 Priority:  Medium   |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tbb-6.5-regression, tbb- |  Actual Points:
  fingerprinting-resolution  |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-
Changes (by gk):

 * keywords:   => tbb-6.5-regression, tbb-fingerprinting-resolution


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #21977 [Applications/Tor Browser Sandbox]: Fetch install/update metadata files from a different location/

2017-04-18 Thread Tor Bug Tracker & Wiki 
#21977: Fetch install/update metadata files from a different location/
--+-
 Reporter:  yawning   |  Owner:  yawning
 Type:  defect| Status:  new
 Priority:  High  |  Milestone:
Component:  Applications/Tor Browser Sandbox  |Version:
 Severity:  Normal| Resolution:
 Keywords:|  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+-

Comment (by gk):

 There is still time left for a 0.0.6 with that fix to make it into the
 7.0a3 build, although not much. :(

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #21962 [Applications/Tor Browser]: Segmentation fault with "high" security when changing in about:addons to "Extensions" or "Appearance"

2017-04-18 Thread Tor Bug Tracker & Wiki 
#21962: Segmentation fault with "high" security when changing in about:addons to
"Extensions" or "Appearance"
-+-
 Reporter:  viktorj  |  Owner:
 |  arthuredelstein
 Type:  defect   | Status:
 |  accepted
 Priority:  Very High|  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Major| Resolution:
 Keywords:  tbb-crash, tbb-usability, ff52-esr,  |  Actual Points:
  tbb-7.0-must-alpha, TorBrowserTeam201704   |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
 |  Sponsor4
-+-
Changes (by gk):

 * cc: gk (added)


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #21936 [Internal Services/Tor Sysadmin Team]: turn off onionperf.torproject.org

2017-04-18 Thread Tor Bug Tracker & Wiki 
#21936: turn off onionperf.torproject.org
-+-
 Reporter:  hiro |  Owner:  tpa
 Type:  defect   | Status:
 |  needs_information
 Priority:  Medium   |  Milestone:
Component:  Internal Services/Tor Sysadmin Team  |Version:
 Severity:  Normal   | Resolution:
 Keywords:   |  Actual Points:
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-

Comment (by hiro):

 Hi weasel!
 We can shutdown and retire ferrinii. Thanks!

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #18048 [Metrics/Atlas]: Update Atlas's jQuery

2017-04-18 Thread Tor Bug Tracker & Wiki 
#18048: Update Atlas's jQuery
---+--
 Reporter:  cypherpunks|  Owner:  RaBe
 Type:  defect | Status:  new
 Priority:  Low|  Milestone:
Component:  Metrics/Atlas  |Version:
 Severity:  Minor  | Resolution:
 Keywords: |  Actual Points:
Parent ID: | Points:
 Reviewer: |Sponsor:
---+--
Changes (by RaBe):

 * status:  assigned => new


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #21636 [Metrics/Atlas]: Add a NoEdConsensus flag to Atlas

2017-04-18 Thread Tor Bug Tracker & Wiki 
#21636: Add a NoEdConsensus flag to Atlas
---+--
 Reporter:  teor   |  Owner:  RaBe
 Type:  enhancement| Status:  new
 Priority:  Medium |  Milestone:
Component:  Metrics/Atlas  |Version:
 Severity:  Normal | Resolution:
 Keywords: |  Actual Points:
Parent ID: | Points:
 Reviewer: |Sponsor:
---+--
Changes (by RaBe):

 * status:  assigned => new


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #21977 [Applications/Tor Browser Sandbox]: Fetch install/update metadata files from a different location/

2017-04-18 Thread Tor Bug Tracker & Wiki 
#21977: Fetch install/update metadata files from a different location/
--+-
 Reporter:  yawning   |  Owner:  yawning
 Type:  defect| Status:  new
 Priority:  High  |  Milestone:
Component:  Applications/Tor Browser Sandbox  |Version:
 Severity:  Normal|   Keywords:
Actual Points:|  Parent ID:
   Points:|   Reviewer:
  Sponsor:|
--+-
 The Tor Browser people decided to randomly change the URL that contains
 the update XML files, so metadata will live under `update_3` at some point
 in the future.  The sandbox code pulls all channels pull updates from
 `update_2` at the moment (along with the relevant `downloads.json` files).

 There's some talk of redirects so as long as `update_2` keeps working till
 something like 7.5, this can probably be pushed off till 7.0 ships.

 See: https://trac.torproject.org/projects/tor/ticket/19316#comment:20

 (It would be nice if, they told me they were doing this, though I guess
 stumbling on it randomly in trac works too.)

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #17111 [Core Tor/Tor]: Add a timer; "HiddenServiceOpenDays" "HiddenServiceOpenHours"

2017-04-18 Thread Tor Bug Tracker & Wiki 
#17111: Add a timer; "HiddenServiceOpenDays" "HiddenServiceOpenHours"
--+--
 Reporter:  ikurua22  |  Owner:
 Type:  defect| Status:  closed
 Priority:  Medium|  Milestone:  Tor: unspecified
Component:  Core Tor/Tor  |Version:  Tor: unspecified
 Severity:  Normal| Resolution:  fixed
 Keywords:|  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+--
Changes (by ikurua22):

 * status:  new => closed
 * resolution:   => fixed
 * severity:   => Normal


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #18858 [Applications/Orbot]: Orfox won't quit.

2017-04-18 Thread Tor Bug Tracker & Wiki 
#18858: Orfox won't quit.
+
 Reporter:  ikurua22|  Owner:  n8fr8
 Type:  task| Status:  closed
 Priority:  Medium  |  Milestone:
Component:  Applications/Orbot  |Version:
 Severity:  Normal  | Resolution:  fixed
 Keywords:  Orfox   |  Actual Points:
Parent ID:  | Points:
 Reviewer:  |Sponsor:
+
Changes (by ikurua22):

 * status:  new => closed
 * resolution:   => fixed


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #21976 [Applications/Tor Browser]: network.IDN_show_punycode = true should be TBB default.

2017-04-18 Thread Tor Bug Tracker & Wiki 
#21976: network.IDN_show_punycode = true should be TBB default.
--+--
 Reporter:  ikurua22  |  Owner:  tbb-team
 Type:  defect| Status:  new
 Priority:  Very High |  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal|   Keywords:
Actual Points:|  Parent ID:
   Points:|   Reviewer:
  Sponsor:|
--+--
 https://thehackernews.com/2017/04/unicode-Punycode-phishing-attack.html

 TBB's default value is false, thus it's impossible to identify this.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs