Re: [tor-bugs] #21951 [User Experience]: Tor Launcher improvements and automation

[Tor Bug Tracker & Wiki]

#21951: Tor Launcher improvements and automation
-+---
 Reporter:  linda|  Owner:  linda
 Type:  project  | Status:  new
 Priority:  Medium   |  Milestone:
Component:  User Experience  |Version:
 Severity:  Normal   | Resolution:
 Keywords:   |  Actual Points:
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+---

Comment (by iry):

 Hi Linda! Thank you so much for opening this ticket!

 I will be working on the anon-connection-wizard, which is a python clone
 of the Tor Launcher. I do find your solid research useful and inspiring.
 The following is some of my thoughts related to your paper and proposal.

 1) You mentioned two different implementation of the Tor Launcher: "One
 way would be to try a bunch of relays/bridges in a specific order, and
 stop when one is reachable. Another way would be to try all the
 relays/bridges at the same time, and return one that works to the user. "
 Since this behavior may be different from the behavior of users who
 connect to the Tor network without the help of Tor Launcher, we need to be
 careful about the risk that an adversary on the user's ISP side to
 distinguish different Tor users behaviors.

 2) Currently, [BridgeDB](https://bridges.torproject.org/options) use a
 challenge-response test to prevent adversaries from enumerating all the
 existing unlisted bridges. I am not sure if the automation of Tor launcher
 will let adversaries take the advantages of it as well. (I assume by
 saying "all", you mean the built-in bridges options that are already
 available in Tor launcher.)

 3) I find neither the current design of the Tor Launcher or the suggested
 revised design of the Tor Launcher take much care about the use case where
 Tor users use third-party censorship circumvention tools to bypass the Tor
 censorship. However, those third-party censorship circumvention tools are
 actually widely used in heavily censored area where Tor bridges and
 puggable-transports are not effective. For example, when user use a VPN or
 a Lantern to help Tot connect to the network, the current instruction may
 not be clear enough to guide them configure the Tor.

 Could you, or anyone else please share your insights or opinions on the
 problems I mentioned? I am more than happy to have a further discussion on
 these topic.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #21951 [User Experience]: Tor Launcher improvements and automation

[Tor Bug Tracker & Wiki]

#21951: Tor Launcher improvements and automation
-+---
 Reporter:  linda|  Owner:  linda
 Type:  project  | Status:  new
 Priority:  Medium   |  Milestone:
Component:  User Experience  |Version:
 Severity:  Normal   | Resolution:
 Keywords:   |  Actual Points:
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+---
Changes (by iry):

 * cc: iry (added)


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #21667 [Core Tor/Tor]: Prop278: Handle new headers in directory.c

[Tor Bug Tracker & Wiki]

#21667: Prop278: Handle new headers in directory.c
+--
 Reporter:  ahf |  Owner:  ahf
 Type:  task| Status:  needs_revision
 Priority:  Medium  |  Milestone:  Tor:
|  0.3.1.x-final
Component:  Core Tor/Tor|Version:
 Severity:  Normal  | Resolution:
 Keywords:  TorCoreTeam201703, prop278  |  Actual Points:
Parent ID:  | Points:  2
 Reviewer:  |Sponsor:  Sponsor4
+--

Comment (by ahf):

 The code from bug #21668 and the changes already reviewed in PR11 on
 Gitlab have been moved into
 https://gitlab.com/ahf/tor/merge_requests/12/commits

 Currently tracing a bug when running this code in chutney where we
 initially receive a ZLIB compressed object, which we claim is compressed
 with LZMA.

 One of the patches contains a new API in consdiff manager to query
 metadata around a consensus document. These new functions are currently
 just stubs as per discussion on IRC tonight.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #22243 [User Experience/Blog]: CSS and logo changes

[Tor Bug Tracker & Wiki]

#22243: CSS and logo changes
--+--
 Reporter:  isabela   |  Owner:  hiro
 Type:  defect| Status:  new
 Priority:  Medium|  Milestone:
Component:  User Experience/Blog  |Version:
 Severity:  Normal| Resolution:
 Keywords:|  Actual Points:
Parent ID:  #22013| Points:
 Reviewer:|Sponsor:
--+--
Changes (by arma):

 * owner:   => hiro
 * component:  - Select a component => User Experience/Blog


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #21183 [User Experience]: Basic Usability Issues

[Tor Bug Tracker & Wiki]

#21183: Basic Usability Issues
+-
 Reporter:  ninavizz|  Owner:
 Type:  defect  | Status:  new
 Priority:  Medium  |  Milestone:
Component:  User Experience |Version:
 Severity:  Normal  | Resolution:
 Keywords:  UX, UI, torbrowser  |  Actual Points:
Parent ID:  #20843  | Points:
 Reviewer:  |Sponsor:
+-

Comment (by ninavizz):

 @i139 Linda is the UX director at Tor, and has implementation details (for
 all ux things, not just this one) carefully weighed in recommendations she
 makes to the internal dev leads. She's got lots in store, and I'm siked to
 see how Tor's usability improves over the next year!

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #22243 [- Select a component]: CSS and logo changes

[Tor Bug Tracker & Wiki]

#22243: CSS and logo changes
--+
 Reporter:  isabela   |  Owner:
 Type:  defect| Status:  new
 Priority:  Medium|  Milestone:
Component:  - Select a component  |Version:
 Severity:  Normal|   Keywords:
Actual Points:|  Parent ID:  #22013
   Points:|   Reviewer:
  Sponsor:|
--+
 Change all color: #ABCD03 to #68b030

 Primary font should be Source Sans Pro

 Remove the slogan below the logo

 Add new logo (png attached)

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #21766 [Applications/Tor Browser]: Tor Browser based on ESR52 with e10s enabled crashed while trying to download a file

[Tor Bug Tracker & Wiki]

#21766: Tor Browser based on ESR52 with e10s enabled crashed while trying to
download a file
-+-
 Reporter:  gk   |  Owner:  mcs
 Type:  defect   | Status:
 |  assigned
 Priority:  Very High|  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Critical | Resolution:
 Keywords:  ff52-esr, tbb-7.0-must-alpha, tbb-   |  Actual Points:
  e10s, tbb-crash, TorBrowserTeam201705  |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
 |  Sponsor4
-+-

Comment (by mcs):

 Replying to [comment:27 gk]:
 > A third one would be...

 3. Move the Tor Browser specific warning text into one of Mozilla's
 existing dialogs. A problem with this is that their dialogs do not pause
 the download, so bytes are being written to temporary files even though
 the user probably thinks everything is paused.

 4. Something else that is more clever.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #22000 [Applications/Tor Browser]: update OSX browser sandbox profile for e10s

[Tor Bug Tracker & Wiki]

#22000: update OSX browser sandbox profile for e10s
-+-
 Reporter:  brade|  Owner:  tbb-
 |  team
 Type:  defect   | Status:  new
 Priority:  Medium   |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  ff52-esr, tbb-security, tbb- |  Actual Points:
  sandboxing, tbb-e10s,tbb-7.0-must- |
  alpha,TorBrowserTeam201705 |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
 |  Sponsor4
-+-

Comment (by mcs):

 Kathy and I were hoping to come up with a quick fix for this ticket, but
 it turns out that nesting of sandbox configs is not supported on OSX. That
 means that we either need to disable Mozilla's content process sandbox or
 we need to disable our sandbox. Since it seems like there may be a way in
 our sandbox profile to say "allow exec of this specific executable and
 start it without a sandbox" and since (hopefully) Mozilla enables their
 sandbox as early as possible, the second approach is probably the one to
 use. In other words, our tb.sb profile would apply to the chrome process
 and Mozilla's built in content process sandbox rules would apply to the
 content/tab process. But we should look and see what we are giving up if
 we do that, e.g., what does Mozilla allow that we don't want to allow?

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #22242 [Applications/Tor Browser]: Selfrando embeds the RUNPATH in Linux binaries

[Tor Bug Tracker & Wiki]

#22242: Selfrando embeds the RUNPATH in Linux binaries
--+--
 Reporter:  gk|  Owner:  tbb-team
 Type:  defect| Status:  new
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal|   Keywords:
Actual Points:|  Parent ID:
   Points:|   Reviewer:
  Sponsor:|
--+--
 `checksec.sh` is not happy with our RUNPATH. It seems selfrando is the
 culprit here:
 {{{
 0x001d (RUNPATH)Library runpath:
 [/home/debian/install/selfrando]
 }}}

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #22241 [User Experience/Website]: Implement a proper wiki (just as Mozilla does)

[Tor Bug Tracker & Wiki]

#22241: Implement a proper wiki (just as Mozilla does)
-+--
 Reporter:  blockflare   |  Owner:  hiro
 Type:  enhancement  | Status:  new
 Priority:  Medium   |  Milestone:
Component:  User Experience/Website  |Version:
 Severity:  Normal   |   Keywords:
Actual Points:   |  Parent ID:
   Points:   |   Reviewer:
  Sponsor:   |
-+--
 Just an idea that I got: "Wiki" articles are available in trac, which
 makes it less likely to be seen
 https://trac.torproject.org/projects/tor/wiki/TitleIndex

 Mozilla for example has its own wiki portal
 https://wiki.mozilla.org/Main_Page (and it uses MediaWiki which makes it
 much more attractive, and has the look of a wiki)

 (Of course, already existing articles may be ported to that new portal)

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #21940 [Applications/Tor Browser]: OSX updater: consider disabling privilege escalation

[Tor Bug Tracker & Wiki]

#21940: OSX updater: consider disabling privilege escalation
-+-
 Reporter:  mcs  |  Owner:  mcs
 Type:  defect   | Status:  closed
 Priority:  Medium   |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:  fixed
 Keywords:  ff52-esr, tbb-7.0-must,  |  Actual Points:
  TorBrowserTeam201705R  |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-
Changes (by gk):

 * status:  needs_review => closed
 * resolution:   => fixed


Comment:

 Thanks, that's fixed with commit d5211d99de2f37fc3e21329fd32fe80bcc663d37
 on `tor-browser-52.1.0esr-7.0-2`.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #22112 [Metrics/Metrics website]: Replace torperf.csv with onionperf.csv

[Tor Bug Tracker & Wiki]

#22112: Replace torperf.csv with onionperf.csv
-+--
 Reporter:  karsten  |  Owner:  metrics-team
 Type:  enhancement  | Status:  closed
 Priority:  Medium   |  Milestone:
Component:  Metrics/Metrics website  |Version:
 Severity:  Normal   | Resolution:  implemented
 Keywords:   |  Actual Points:
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+--
Changes (by karsten):

 * status:  merge_ready => closed
 * resolution:   => implemented


Comment:

 Renamed the data file to torperf-1.1.csv as suggested
 [https://trac.torproject.org/projects/tor/ticket/22122#comment:8 on this
 related ticket].  Also removed the beta warnings.  Pushed to master and
 deployed.  Closing.  Yay!

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #21940 [Applications/Tor Browser]: OSX updater: consider disabling privilege escalation

[Tor Bug Tracker & Wiki]

#21940: OSX updater: consider disabling privilege escalation
-+-
 Reporter:  mcs  |  Owner:  mcs
 Type:  defect   | Status:
 |  needs_review
 Priority:  Medium   |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  ff52-esr, tbb-7.0-must,  |  Actual Points:
  TorBrowserTeam201705R  |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-

Comment (by arthuredelstein):

 I read over the patch and it looks good to me.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #21766 [Applications/Tor Browser]: Tor Browser based on ESR52 with e10s enabled crashed while trying to download a file

[Tor Bug Tracker & Wiki]

#21766: Tor Browser based on ESR52 with e10s enabled crashed while trying to
download a file
-+-
 Reporter:  gk   |  Owner:  mcs
 Type:  defect   | Status:
 |  assigned
 Priority:  Very High|  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Critical | Resolution:
 Keywords:  ff52-esr, tbb-7.0-must-alpha, tbb-   |  Actual Points:
  e10s, tbb-crash, TorBrowserTeam201705  |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
 |  Sponsor4
-+-

Comment (by gk):

 As time is running short we might want to get creative and think about
 ways to solve this bug by working around this bug.

 One option proposed is to get rid of our external app blocker as it is
 today assuming e10s enabled is more valuable. Another one is to fix #21886
 properly and disable e10s until we find a good solution for this bug. A
 third one would be...

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #22216 [Metrics/CollecTor]: Decide whether to sanitize padding-counts lines

[Tor Bug Tracker & Wiki]

#22216: Decide whether to sanitize padding-counts lines
---+-
 Reporter:  karsten|  Owner:  metrics-team
 Type:  enhancement| Status:  closed
 Priority:  High   |  Milestone:  CollecTor 1.2.0
Component:  Metrics/CollecTor  |Version:
 Severity:  Normal | Resolution:  implemented
 Keywords: |  Actual Points:
Parent ID: | Points:
 Reviewer: |Sponsor:
---+-
Changes (by karsten):

 * status:  merge_ready => closed
 * resolution:   => implemented


Comment:

 Thanks for reviewing!  Merged.  Will deploy in a bit.  Closing.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #21886 [Applications/Tor Browser]: Downloading of binary files stalls at 0/0 bytes in Tor Browser based on ESR52 with e10s off

[Tor Bug Tracker & Wiki]

#21886: Downloading of binary files stalls at 0/0 bytes in Tor Browser based on
ESR52 with e10s off
-+-
 Reporter:  gk   |  Owner:  gk
 Type:  defect   | Status:
 |  needs_revision
 Priority:  High |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tbb-usability, tbb-7.0-must-alpha,   |  Actual Points:
  ff52-esr, TorBrowserTeam201705,|
  GeorgKoppen201705  |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
 |  Sponsor4
-+-
Changes (by gk):

 * keywords:
 tbb-usability, tbb-7.0-must-alpha, ff52-esr, TorBrowserTeam201705R,
 GeorgKoppen201705
 =>
 tbb-usability, tbb-7.0-must-alpha, ff52-esr, TorBrowserTeam201705,
 GeorgKoppen201705
 * status:  needs_review => needs_revision


Comment:

 Good finding. I did not test with e10s enabled as I was only focused on
 the non-e10s case. :(

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #21766 [Applications/Tor Browser]: Tor Browser based on ESR52 with e10s enabled crashed while trying to download a file

[Tor Bug Tracker & Wiki]

#21766: Tor Browser based on ESR52 with e10s enabled crashed while trying to
download a file
-+-
 Reporter:  gk   |  Owner:  mcs
 Type:  defect   | Status:
 |  assigned
 Priority:  Very High|  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Critical | Resolution:
 Keywords:  ff52-esr, tbb-7.0-must-alpha, tbb-   |  Actual Points:
  e10s, tbb-crash, TorBrowserTeam201705  |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
 |  Sponsor4
-+-

Comment (by mcs):

 Another small tidbit of information: this bug occurs even when NoScript is
 disabled (which is not true for #21886).

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #21886 [Applications/Tor Browser]: Downloading of binary files stalls at 0/0 bytes in Tor Browser based on ESR52 with e10s off

[Tor Bug Tracker & Wiki]

#21886: Downloading of binary files stalls at 0/0 bytes in Tor Browser based on
ESR52 with e10s off
-+-
 Reporter:  gk   |  Owner:  gk
 Type:  defect   | Status:
 |  needs_review
 Priority:  High |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tbb-usability, tbb-7.0-must-alpha,   |  Actual Points:
  ff52-esr, TorBrowserTeam201705R,   |
  GeorgKoppen201705  |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
 |  Sponsor4
-+-

Comment (by mcs):

 On OSX, the patch seems to fix the problem of this ticket (e10s off).
 However, after I cancel from the prompt that is presented by Torbutton the
 page is left in the loading state (spinner still going inside the tab
 area). This is a nuisance but probably something we can live with for now.

 A much worse problem is that when e10s is enabled this patch causes the
 main browser process to crash due to an assertion failure (I am testing
 with a debug build). I will attach a stack, but if we cannot find a
 solution for #21766 we should consider skipping the prompt if e10s is
 enabled.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #22240 [Applications/Tor Browser Sandbox]: Selectively re-enable extension auto updates.

[Tor Bug Tracker & Wiki]

#22240: Selectively re-enable extension auto updates.
--+-
 Reporter:  yawning   |  Owner:  yawning
 Type:  enhancement   | Status:  new
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser Sandbox  |Version:
 Severity:  Normal|   Keywords:
Actual Points:|  Parent ID:
   Points:|   Reviewer:
  Sponsor:|
--+-
 Right now, regardless of how it's setup the sandbox disables extension
 auto-updates, as they will fail in the default configuration anyway (can't
 write the updated extension to disk), and because third parties being able
 to ram new versions of critical extensions down the user's throat is bad.

 The browser people are talking about disabling extension auto-updates for
 all bundled extensions.  This removes one of my objections to having auto
 updates enabled, so if the user configures their sandbox in a way that
 allows for extension updates to succeed, maybe the auto updater should
 also be re-enabled.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #21683 [Applications/Tor Browser]: Make sure safebrowsing is still disabled in ESR 52

[Tor Bug Tracker & Wiki]

#21683: Make sure safebrowsing is still disabled in ESR 52
-+-
 Reporter:  gk   |  Owner:  tbb-
 |  team
 Type:  task | Status:  closed
 Priority:  High |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Major| Resolution:  fixed
 Keywords:  ff52-esr, tbb-proxy-bypass, tbb-7.0  |  Actual Points:
  -must-alpha, TorBrowserTeam201705R |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
 |  Sponsor4
-+-
Changes (by gk):

 * status:  needs_review => closed
 * resolution:   => fixed


Comment:

 Replying to [comment:11 mcs]:
 > r=brade, r=mcs
 > Looks good to us. We also saw the following URL-based prefs but maybe
 they are only used for secondary queries?
 > {{{
 > browser.safebrowsing.provider.google.gethashURL
 > browser.safebrowsing.provider.google4.gethashURL
 > browser.safebrowsing.provider.mozilla.gethashURL
 > }}}
 I think so. But, however, I set them to `""` as well in commit
 e6b28367e061f9b6912c3b150383255bdff0ef5c `tor-browser-52.1.0esr-7.0-2` as
 this makes things more clear and doesn't hurt.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #22238 [Applications/Tor Browser]: The firefox binary in Tor Browser 7.0a3 for Linux is not PIE

[Tor Bug Tracker & Wiki]

#22238: The firefox binary in Tor Browser 7.0a3 for Linux is not PIE
-+-
 Reporter:  boklm|  Owner:  tbb-
 |  team
 Type:  defect   | Status:  closed
 Priority:  Medium   |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:  fixed
 Keywords:  tbb-security, tbb-hardened,  |  Actual Points:
  TorBrowserTeam201705R  |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-
Changes (by gk):

 * status:  needs_review => closed
 * resolution:   => fixed


Comment:

 Thanks, looks better. :) Merged to `master` (commit
 48b68f84b34aef3567aeffe6932ff1e40d900f2b) and I backed out the patch on
 `tor-browser-52.1.0esr-7.0-2` (commit
 c474e8a83bff73cff6a26aac945e110bc44846a0).

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #21101 [Metrics/Consensus Health]: Write the git version of depictor and stem that the page was generated with

[Tor Bug Tracker & Wiki]

#21101: Write the git version of depictor and stem that the page was generated 
with
--+
 Reporter:  tom   |  Owner:  tom
 Type:  defect| Status:  closed
 Priority:  Medium|  Milestone:
Component:  Metrics/Consensus Health  |Version:
 Severity:  Normal| Resolution:  fixed
 Keywords:|  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+
Changes (by tom):

 * status:  new => closed
 * resolution:   => fixed


Comment:

 Fixed in 0621cd0

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #22216 [Metrics/CollecTor]: Decide whether to sanitize padding-counts lines

[Tor Bug Tracker & Wiki]

#22216: Decide whether to sanitize padding-counts lines
---+-
 Reporter:  karsten|  Owner:  metrics-team
 Type:  enhancement| Status:  merge_ready
 Priority:  High   |  Milestone:  CollecTor 1.2.0
Component:  Metrics/CollecTor  |Version:
 Severity:  Normal | Resolution:
 Keywords: |  Actual Points:
Parent ID: | Points:
 Reviewer: |Sponsor:
---+-
Changes (by iwakeh):

 * status:  needs_review => merge_ready


Comment:

 Replying to [comment:3 karsten]:
 > I believe we can just copy over these lines.  Please find
 [https://gitweb.torproject.org/karsten/metrics-
 db.git/commit/?h=task-22216=1e80ef7fb995058d0eb1995ed72413111a58e08a
 the last commit in my task-22216 branch].

 All looks fine, new test, all checks and tests pass.
 Ready for merge.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #19934 [Metrics/CollecTor]: CollecTor should use new metrics-lib json classes

[Tor Bug Tracker & Wiki]

#19934: CollecTor should use new metrics-lib json classes
---+-
 Reporter:  iwakeh |  Owner:  iwakeh
 Type:  enhancement| Status:  closed
 Priority:  Medium |  Milestone:  CollecTor 1.2.0
Component:  Metrics/CollecTor  |Version:
 Severity:  Normal | Resolution:  worksforme
 Keywords: |  Actual Points:
Parent ID: | Points:
 Reviewer: |Sponsor:
---+-
Changes (by iwakeh):

 * status:  needs_information => closed
 * resolution:   => worksforme


Comment:

 Replying to [comment:11 karsten]:
 > We closed #20405 as wontfix/worksforme, and I believe we can do the same
 here, right?

 Yep, that's right.
 Closing.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #19842 [Metrics/metrics-lib]: offer a `LenientParser` option with metrics-lib

[Tor Bug Tracker & Wiki]

#19842: offer a `LenientParser` option with metrics-lib
-+
 Reporter:  iwakeh   |  Owner:  karsten
 Type:  enhancement  | Status:  closed
 Priority:  Medium   |  Milestone:
Component:  Metrics/metrics-lib  |Version:
 Severity:  Normal   | Resolution:  worksforme
 Keywords:   |  Actual Points:
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+
Changes (by iwakeh):

 * status:  needs_information => closed
 * resolution:   => worksforme


Comment:

 It seems there is no need currently for the different type of parser.

 Closing.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #22122 [Metrics/metrics-lib]: Add support for six new key-value pairs added by OnionPerf

[Tor Bug Tracker & Wiki]

#22122: Add support for six new key-value pairs added by OnionPerf
-+---
 Reporter:  karsten  |  Owner:  metrics-team
 Type:  enhancement  | Status:  merge_ready
 Priority:  Medium   |  Milestone:  metrics-lib 1.7.0
Component:  Metrics/metrics-lib  |Version:
 Severity:  Normal   | Resolution:
 Keywords:   |  Actual Points:
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+---

Comment (by iwakeh):

 Replying to [comment:7 karsten]:
 > Replying to [comment:6 iwakeh]:
 > > I think there should be an OnionperfResult class that also supports
 the old torperf format.
 > >
 > > Eventually, there might be more use cases for the additional data in
 onionperf measurements.
 > > And, onionperf already adds many keys that are not part of the torperf
 format.
 > >
 > > So, all 'torperf' should become 'onionperf' soon.
 >
 > After giving this some thoughts I think it's more complicated than this.
 The reason is that we're using OnionPerf in a kind of Torperf-
 compatibility mode right now, where it uses the same measurement setup
 (with static downloads of 50KB, 1MB, 5MB files) and produces the same data
 format with only minimal additions.
 >
 > But we'll soon want to add more realistic measurement setups (simulated
 website downloads), produce a richer data format (probably JSON based,
 IIRC), and present more useful measurement results on Tor Metrics.  That's
 what we'll want to call OnionPerf, not what we're doing right now.  And
 we'll still want to refer to past measurements and data formats as
 Torperf.

 Valid concerns.

 >
 > How about we:
 >  1. change the type annotation in .tpf files produced by OnionPerf to
 `@type torperf 1.1`, because that format is still backward compatible to
 `@type torperf 1.0` but adds new fields that a parser for the old format
 does not recognize;

 Agreed.

 >  2. keep referring to everything in CollecTor that downloads from
 OnionPerf instances as OnionPerf, because we're really downloading from
 that new tool, not from the old Torperf tool;

 Agreed.

 >  3. update https://collector.torproject.org/#type-torperf to say that
 these are "Torperf and OnionPerf Measurement Results" and specify what
 fields are new in version 1.1;

 Agreed.

 >  4. leave metrics-lib's `TorperfResults` unchanged and just say that it
 supports new fields added in version 1.1;

 Agreed.

 >  5. rename metrics-web's `onionperf.csv` (beta) to `torperf2.csv`,
 because it still uses the same measurement setup and data format as the
 former `torperf.csv`.  It just adds a new column that makes it backward-
 incompatible with `torperf.csv`.

 I would suggest `torperf-1.1.csv` to reflect the type version.

 >
 > And how about once we're moving to more complex measurement setups and a
 richer data format in OnionPerf we call that `@type onionperf 1.0`,
 `OnionPerfMeasurement`, `onionperf.csv`, and so on.
 >
 > What do you think?

 That all makes sense. Fine.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #22196 [Metrics/metrics-lib]: Configure descriptor sources using method chaining

[Tor Bug Tracker & Wiki]

#22196: Configure descriptor sources using method chaining
-+---
 Reporter:  karsten  |  Owner:  metrics-team
 Type:  enhancement  | Status:  new
 Priority:  Medium   |  Milestone:  metrics-lib 2.0.0
Component:  Metrics/metrics-lib  |Version:
 Severity:  Normal   | Resolution:
 Keywords:   |  Actual Points:
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+---
Changes (by iwakeh):

 * milestone:   => metrics-lib 2.0.0


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #19616 [Metrics/metrics-lib]: Consider renaming metrics-lib

[Tor Bug Tracker & Wiki]

#19616: Consider renaming metrics-lib
-+---
 Reporter:  iwakeh   |  Owner:  karsten
 Type:  enhancement  | Status:  new
 Priority:  Medium   |  Milestone:  metrics-lib 2.0.0
Component:  Metrics/metrics-lib  |Version:
 Severity:  Normal   | Resolution:
 Keywords:   |  Actual Points:
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+---
Changes (by iwakeh):

 * milestone:   => metrics-lib 2.0.0


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #17861 [Metrics/metrics-lib]: Consider adding a new interface RelayNetworkStatusMicrodescConsensus

[Tor Bug Tracker & Wiki]

#17861: Consider adding a new interface RelayNetworkStatusMicrodescConsensus
-+---
 Reporter:  karsten  |  Owner:  karsten
 Type:  enhancement  | Status:  new
 Priority:  Low  |  Milestone:  metrics-lib 1.9.0
Component:  Metrics/metrics-lib  |Version:
 Severity:  Normal   | Resolution:
 Keywords:   |  Actual Points:
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+---
Changes (by iwakeh):

 * milestone:  metrics-lib 2.0.0 => metrics-lib 1.9.0


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #21751 [Metrics/metrics-lib]: Use multiple threads to parse descriptors

[Tor Bug Tracker & Wiki]

#21751: Use multiple threads to parse descriptors
-+---
 Reporter:  karsten  |  Owner:  metrics-team
 Type:  enhancement  | Status:  new
 Priority:  Medium   |  Milestone:  metrics-lib 1.9.0
Component:  Metrics/metrics-lib  |Version:
 Severity:  Normal   | Resolution:
 Keywords:   |  Actual Points:
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+---
Changes (by iwakeh):

 * milestone:   => metrics-lib 1.9.0


Comment:

 This ticket depends on #21365.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #22238 [Applications/Tor Browser]: The firefox binary in Tor Browser 7.0a3 for Linux is not PIE

[Tor Bug Tracker & Wiki]

#22238: The firefox binary in Tor Browser 7.0a3 for Linux is not PIE
-+-
 Reporter:  boklm|  Owner:  tbb-
 |  team
 Type:  defect   | Status:
 |  needs_review
 Priority:  Medium   |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tbb-security, tbb-hardened,  |  Actual Points:
  TorBrowserTeam201705R  |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-
Changes (by boklm):

 * status:  reopened => needs_review


Comment:

 I pushed the branch `bug_22238` adding a `g++ -> hardened-cc` symbolic
 link:
 https://gitweb.torproject.org/user/boklm/tor-browser-
 bundle.git/commit/?h=bug_22238

 I tried a similar change in rbm, without the `--enable-pie` option in
 mozconfig, and this fixed the problem.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #22141 [Metrics/metrics-lib]: Deprecate `DescriptorFile` and add relevant information to `Descriptor`

[Tor Bug Tracker & Wiki]

#22141: Deprecate `DescriptorFile` and add relevant information to `Descriptor`
-+---
 Reporter:  karsten  |  Owner:  metrics-team
 Type:  enhancement  | Status:  new
 Priority:  Medium   |  Milestone:  metrics-lib 1.9.0
Component:  Metrics/metrics-lib  |Version:
 Severity:  Normal   | Resolution:
 Keywords:   |  Actual Points:
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+---
Changes (by iwakeh):

 * milestone:   => metrics-lib 1.9.0


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #19640 [Metrics/metrics-lib]: review and improve interface hierarchy

[Tor Bug Tracker & Wiki]

#19640: review and improve interface hierarchy
-+---
 Reporter:  iwakeh   |  Owner:  metrics-team
 Type:  enhancement  | Status:  assigned
 Priority:  Medium   |  Milestone:  metrics-lib 1.9.0
Component:  Metrics/metrics-lib  |Version:
 Severity:  Normal   | Resolution:
 Keywords:   |  Actual Points:
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+---
Changes (by iwakeh):

 * milestone:  metrics-lib 2.0.0 => metrics-lib 1.9.0


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #20395 [Metrics/metrics-lib]: metrics-lib should be able to handle large descriptor files

[Tor Bug Tracker & Wiki]

#20395: metrics-lib should be able to handle large descriptor files
-+---
 Reporter:  iwakeh   |  Owner:  iwakeh
 Type:  defect   | Status:  accepted
 Priority:  Medium   |  Milestone:  metrics-lib 1.9.0
Component:  Metrics/metrics-lib  |Version:
 Severity:  Normal   | Resolution:
 Keywords:   |  Actual Points:
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+---
Changes (by iwakeh):

 * milestone:  metrics-lib 2.0.0 => metrics-lib 1.9.0


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #21365 [Metrics/metrics-lib]: metrics-lib might not be thread-safe

[Tor Bug Tracker & Wiki]

#21365: metrics-lib might not be thread-safe
-+---
 Reporter:  iwakeh   |  Owner:  metrics-team
 Type:  task | Status:  needs_information
 Priority:  Medium   |  Milestone:  metrics-lib 1.8.0
Component:  Metrics/metrics-lib  |Version:
 Severity:  Normal   | Resolution:
 Keywords:   |  Actual Points:
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+---
Changes (by iwakeh):

 * type:  defect => task
 * milestone:   => metrics-lib 1.8.0


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #21932 [Metrics/metrics-lib]: Stop relying on the platform's default charset

[Tor Bug Tracker & Wiki]

#21932: Stop relying on the platform's default charset
-+---
 Reporter:  karsten  |  Owner:  metrics-team
 Type:  defect   | Status:  needs_information
 Priority:  Medium   |  Milestone:  metrics-lib 1.8.0
Component:  Metrics/metrics-lib  |Version:
 Severity:  Normal   | Resolution:
 Keywords:   |  Actual Points:
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+---
Changes (by iwakeh):

 * milestone:   => metrics-lib 1.8.0


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #22139 [Metrics/metrics-lib]: last_restarted and platform missing even though it is available in descriptor

[Tor Bug Tracker & Wiki]

#22139: last_restarted and platform missing even though it is available in
descriptor
-+---
 Reporter:  cypherpunks  |  Owner:  metrics-team
 Type:  defect   | Status:  new
 Priority:  Medium   |  Milestone:  metrics-lib 1.8.0
Component:  Metrics/metrics-lib  |Version:
 Severity:  Normal   | Resolution:
 Keywords:   |  Actual Points:
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+---
Changes (by iwakeh):

 * milestone:  metrics-lib 1.7.0 => metrics-lib 1.8.0


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #20430 [Metrics/metrics-lib]: log-level definition for metrics-lib

[Tor Bug Tracker & Wiki]

#20430: log-level definition for metrics-lib
-+---
 Reporter:  iwakeh   |  Owner:  karsten
 Type:  enhancement  | Status:  new
 Priority:  Medium   |  Milestone:  metrics-lib 1.8.0
Component:  Metrics/metrics-lib  |Version:
 Severity:  Normal   | Resolution:
 Keywords:   |  Actual Points:
Parent ID:  #20540   | Points:
 Reviewer:   |Sponsor:
-+---
Changes (by iwakeh):

 * milestone:  metrics-lib 1.7.0 => metrics-lib 1.8.0


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #16225 [Metrics/metrics-lib]: Unify exception/error handling in metrics-lib

[Tor Bug Tracker & Wiki]

#16225: Unify exception/error handling in metrics-lib
-+---
 Reporter:  karsten  |  Owner:  karsten
 Type:  enhancement  | Status:  needs_information
 Priority:  Medium   |  Milestone:  metrics-lib 1.8.0
Component:  Metrics/metrics-lib  |Version:
 Severity:  Normal   | Resolution:
 Keywords:   |  Actual Points:
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+---
Changes (by iwakeh):

 * milestone:  metrics-lib 1.7.0 => metrics-lib 1.8.0


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #19607 [Metrics/metrics-lib]: avoid repeated keyword strings

[Tor Bug Tracker & Wiki]

#19607: avoid repeated keyword strings
-+---
 Reporter:  iwakeh   |  Owner:  iwakeh
 Type:  enhancement  | Status:  accepted
 Priority:  Medium   |  Milestone:  metrics-lib 1.8.0
Component:  Metrics/metrics-lib  |Version:
 Severity:  Normal   | Resolution:
 Keywords:   |  Actual Points:
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+---
Changes (by iwakeh):

 * milestone:  metrics-lib 1.7.0 => metrics-lib 1.8.0


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #21886 [Applications/Tor Browser]: Downloading of binary files stalls at 0/0 bytes in Tor Browser based on ESR52 with e10s off

[Tor Bug Tracker & Wiki]

#21886: Downloading of binary files stalls at 0/0 bytes in Tor Browser based on
ESR52 with e10s off
-+-
 Reporter:  gk   |  Owner:  gk
 Type:  defect   | Status:
 |  needs_review
 Priority:  High |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tbb-usability, tbb-7.0-must-alpha,   |  Actual Points:
  ff52-esr, TorBrowserTeam201705R,   |
  GeorgKoppen201705  |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
 |  Sponsor4
-+-
Changes (by gk):

 * cc: arthuredelstein (added)
 * keywords:
 tbb-usability, tbb-7.0-must-alpha, ff52-esr, TorBrowserTeam201705,
 GeorgKoppen201705
 =>
 tbb-usability, tbb-7.0-must-alpha, ff52-esr, TorBrowserTeam201705R,
 GeorgKoppen201705
 * status:  needs_information => needs_review


Comment:

 Okay, I am not fully done here as I seem to still have some details
 missing (I need more detailed logs at that point) but so far the patch in
 the attachment fixes things for me and looks good according to my logs I
 took for the debugging purposes. I have a branch `bug_21886_v3`
 (https://gitweb.torproject.org/user/gk/tor-
 browser.git/commit/?h=bug_21886_v3=96a9fe10689345b0410b6ee25134de4e27c7c883)
 for review.

 The problematic NoScript part is:
 {{{
   if (IOUtil.isMediaDocOrFrame(req, contentType)) {
 IOUtil.suspendChannel(req);
 Thread.delay(() => IOUtil.resumeParentChannel(req), 100);
   }

   isMediaDocOrFrame(channel, contentType) {
 try {
   let cpType = channel.loadInfo.externalContentPolicyType;
   if (cpType === 7 || (cpType === 6 &&
   /^(?:video|audio|application)\//i.test(contentType === undefined
 ? channel.contentType : contentType))) {
 try {
   return !/^attachment\b/i.test(req.getResponseHeader("Content-
 disposition"));
 } catch(e) {
 }
 return true;
   }
 } catch (e) {
 }
 return false;
   },
 }}}
 I don't really understand what `hread.delay(() =>
 IOUtil.resumeParentChannel(req), 100);` but I suspect that the problems we
 are seeing are caused by it.

 What happens deeper down in the stack is the request being closed after
 about 32768 bytes are handled because calling `onDataAvailable` is
 resulting in an error that gets back to `OnStateStop`
 (`NS_ERROR_UNEXPECTED`):
 {{{
 [Main Thread]: D/nsStreamPump nsInputStreamPump::OnInputStreamReady
 [this=7f4591466180]
 [Main Thread]: D/nsStreamPump   OnStateTransfer [this=7f4591466180]
 [Main Thread]: D/nsStreamPump   Available returned [stream=89904d00 rv=0
 avail=32768]
 [Main Thread]: D/nsStreamPump   calling OnDataAvailable [offset=0
 count=32768(32768)]
 [Main Thread]: D/nsHttp nsHttpChannel::OnDataAvailable [this=7f459a4da000
 request=7f4591466180 offset=0 count=32768]
 [Main Thread]: D/nsHttp sending progress and status notification
 [this=7f459a4da000 status=804b0006 progress=32768/60562619]
 [Main Thread]: D/nsStreamPump   OnStateStop [this=7f4591466180
 status=8000]
 [Main Thread]: D/nsHttp nsHttpChannel::OnStopRequest [this=7f459a4da000
 request=7f4591466180 status=8000]
 }}}

 I'd like to keep this ticket open until we understand in detail what is
 going wrong but I think having the patch in the alpha can't hurt.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #22238 [Applications/Tor Browser]: The firefox binary in Tor Browser 7.0a3 for Linux is not PIE

[Tor Bug Tracker & Wiki]

#22238: The firefox binary in Tor Browser 7.0a3 for Linux is not PIE
-+-
 Reporter:  boklm|  Owner:  tbb-
 |  team
 Type:  defect   | Status:
 |  reopened
 Priority:  Medium   |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tbb-security, tbb-hardened,  |  Actual Points:
  TorBrowserTeam201705R  |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-

Comment (by gk):

 Could you test that and provide a patch for the upcoming alpha?

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #22165 [Applications/Tor Browser]: Rip out the option to collect local IP addresses

[Tor Bug Tracker & Wiki]

#22165: Rip out the option to collect local IP addresses
-+-
 Reporter:  gk   |  Owner:  tbb-
 |  team
 Type:  enhancement  | Status:  closed
 Priority:  Medium   |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:  fixed
 Keywords:  ff52-esr, tbb-7.0-must,  |  Actual Points:
  TorBrowserTeam201705R  |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-
Changes (by gk):

 * status:  needs_review => closed
 * resolution:   => fixed


Comment:

 Thanks, this is commit 2c50abdbdd215f7a84211ce70d8c75a0a6f97187 on `tor-
 browser-52.1.0esr-7.0-2`.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #21726 [Applications/Tor Browser]: Get graphite back into the security slider

[Tor Bug Tracker & Wiki]

#21726: Get graphite back into the security slider
-+-
 Reporter:  gk   |  Owner:  tbb-
 |  team
 Type:  defect   | Status:  closed
 Priority:  Medium   |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:  fixed
 Keywords:  tbb-torbutton, tbb-security-slider,  |  Actual Points:
  ff52-esr, tbb-7.0-must, TorBrowserTeam201705R  |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-
Changes (by gk):

 * status:  needs_review => closed
 * resolution:   => fixed


Comment:

 commit 9b5324a8bb68e1e8e10d113e087db24aee712fe4 on `tor-
 browser-52.1.0esr-7.0-2` has it (and the typo in the commit message goes
 away after rebasing, promised ;) ).

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #22238 [Applications/Tor Browser]: The firefox binary in Tor Browser 7.0a3 for Linux is not PIE

[Tor Bug Tracker & Wiki]

#22238: The firefox binary in Tor Browser 7.0a3 for Linux is not PIE
-+-
 Reporter:  boklm|  Owner:  tbb-
 |  team
 Type:  defect   | Status:
 |  reopened
 Priority:  Medium   |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tbb-security, tbb-hardened,  |  Actual Points:
  TorBrowserTeam201705R  |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-
Changes (by boklm):

 * status:  closed => reopened
 * resolution:  fixed =>


Comment:

 Replying to [comment:2 gk]:
 > Do you know what changed to make this necessary now? We did not change
 the compiler version and we still have `export DEB_BUILD_HARDENING_PIE=1`.

 Good question. After looking at what changed, I suspect this might be
 caused by this commit:
 https://hg.mozilla.org/mozilla-central/rev/f8cf0fe7c810

 Before this commit, I think we were using `c++` as the compiler, and after
 this commit `g++` is being used.

 In `gitian/descriptors/linux/gitian-firefox.yml` we are doing:
 {{{
   mv gcc gcc.real
   mv c++ c++.real
   ln -sf hardened-cc gcc
   ln -sf hardened-cc c++
 }}}

 So we are using the hardened wrapper if the `c++` command is used, but not
 if the `g++` command is used.

 So maybe a better fix would be to add a `g++ -> hardened-cc` symlink in
 `gitian/descriptors/linux/gitian-firefox.yml`.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #22071 [Applications/Tor Browser]: Disable redundant Kinto based blocklist update mechanism

[Tor Bug Tracker & Wiki]

#22071: Disable redundant Kinto based blocklist update mechanism
-+-
 Reporter:  gk   |  Owner:  tbb-
 |  team
 Type:  enhancement  | Status:  closed
 Priority:  Medium   |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:  fixed
 Keywords:  ff52-esr, tbb-7.0-must,  |  Actual Points:
  TorBrowserTeam201705R  |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-
Changes (by gk):

 * status:  needs_review => closed
 * resolution:   => fixed


Comment:

 Thanks, fixed the typo and added the fix as commit
 38e1a1966adbbcb5a15edbf300f33f5de8d7aae6 to `tor-browser-52.1.0esr-7.0-2`.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #22153 [Applications/Tor Browser]: Showing feeds in Tor Browser 7.0a3 is broken with security slider set to medium

[Tor Bug Tracker & Wiki]

#22153: Showing feeds in Tor Browser 7.0a3 is broken with security slider set to
medium
-+-
 Reporter:  gk   |  Owner:  tbb-
 |  team
 Type:  defect   | Status:  closed
 Priority:  Medium   |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:  fixed
 Keywords:  ff52-esr, tbb-7.0-must, tbb- |  Actual Points:
  security-slider, TorBrowserTeam201705R |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-
Changes (by gk):

 * status:  needs_review => closed
 * resolution:   => fixed


Comment:

 Thanks. Fixed on `master` with commit
 f367c1dca399a1b15e3da8e098c1de2d7fd36c72.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #22071 [Applications/Tor Browser]: Disable redundant Kinto based blocklist update mechanism

[Tor Bug Tracker & Wiki]

#22071: Disable redundant Kinto based blocklist update mechanism
-+-
 Reporter:  gk   |  Owner:  tbb-
 |  team
 Type:  enhancement  | Status:
 |  needs_review
 Priority:  Medium   |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  ff52-esr, tbb-7.0-must,  |  Actual Points:
  TorBrowserTeam201705R  |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-

Comment (by brade):

 Doh! mcs forgot to mention above that there is a typo in the 2nd line of
 the comment.
 Perhaps change it to:
 {{{// one which is still used, see bug ...}}}

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #21797 [Applications/Tor Browser]: Disable Firefox Telemetry experiments in Tor Browser

[Tor Bug Tracker & Wiki]

#21797: Disable Firefox Telemetry experiments in Tor Browser
-+-
 Reporter:  gk   |  Owner:  tbb-
 |  team
 Type:  defect   | Status:  closed
 Priority:  Medium   |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:  fixed
 Keywords:  ff52-esr, tbb-7.0-must-alpha,|  Actual Points:
  TorBrowserTeam201705R  |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
 |  Sponsor4
-+-
Changes (by gk):

 * status:  needs_review => closed
 * resolution:   => fixed


Comment:

 commit c56819cf6e7f9f394d2ce8553ccd77f7a6559644 has the fix (even though
 it got committed too early by mistake) on `tor-browser-52.1.0esr-7.0-2`.
 Turns out the bug number in the commit message is wrong. While not nice
 this is gone after the next rebase and squash.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #22153 [Applications/Tor Browser]: Showing feeds in Tor Browser 7.0a3 is broken with security slider set to medium

[Tor Bug Tracker & Wiki]

#22153: Showing feeds in Tor Browser 7.0a3 is broken with security slider set to
medium
-+-
 Reporter:  gk   |  Owner:  tbb-
 |  team
 Type:  defect   | Status:
 |  needs_review
 Priority:  Medium   |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  ff52-esr, tbb-7.0-must, tbb- |  Actual Points:
  security-slider, TorBrowserTeam201705R |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-

Comment (by mcs):

 r=brade, r=mcs
 The patch looks good and the changes do fix the problem for us.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #22072 [Applications/Tor Browser]: Disable SSL error reporting in Tor Browser ESR52

[Tor Bug Tracker & Wiki]

#22072: Disable SSL error reporting in Tor Browser ESR52
-+-
 Reporter:  gk   |  Owner:  tbb-
 |  team
 Type:  defect   | Status:  closed
 Priority:  Medium   |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:  fixed
 Keywords:  ff52-esr, tbb-7.0-must,  |  Actual Points:
  TorBrowserTeam201705R  |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-
Changes (by gk):

 * status:  needs_review => closed
 * resolution:   => fixed


Comment:

 commit e4848686fd6078cd9cbdf3c8a9fe979f0f9a7283 has the fix (which got a
 bit early committed by mistake) on `tor-browser-52.1.0esr-7.0-2`, thanks.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #22165 [Applications/Tor Browser]: Rip out the option to collect local IP addresses

[Tor Bug Tracker & Wiki]

#22165: Rip out the option to collect local IP addresses
-+-
 Reporter:  gk   |  Owner:  tbb-
 |  team
 Type:  enhancement  | Status:
 |  needs_review
 Priority:  Medium   |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  ff52-esr, tbb-7.0-must,  |  Actual Points:
  TorBrowserTeam201705R  |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-

Comment (by mcs):

 Replying to [comment:3 gk]:
 > Looks good to me. mcs/brade what do you think?

 Yes, the patch looks good.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #22072 [Applications/Tor Browser]: Disable SSL error reporting in Tor Browser ESR52

[Tor Bug Tracker & Wiki]

#22072: Disable SSL error reporting in Tor Browser ESR52
-+-
 Reporter:  gk   |  Owner:  tbb-
 |  team
 Type:  defect   | Status:
 |  needs_review
 Priority:  Medium   |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  ff52-esr, tbb-7.0-must,  |  Actual Points:
  TorBrowserTeam201705R  |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-

Comment (by mcs):

 r=brade, r=mcs
 This looks good.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #22071 [Applications/Tor Browser]: Disable redundant Kinto based blocklist update mechanism

[Tor Bug Tracker & Wiki]

#22071: Disable redundant Kinto based blocklist update mechanism
-+-
 Reporter:  gk   |  Owner:  tbb-
 |  team
 Type:  enhancement  | Status:
 |  needs_review
 Priority:  Medium   |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  ff52-esr, tbb-7.0-must,  |  Actual Points:
  TorBrowserTeam201705R  |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-

Comment (by mcs):

 r=brade, r=mcs
 Looks good to us.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #21940 [Applications/Tor Browser]: OSX updater: consider disabling privilege escalation

[Tor Bug Tracker & Wiki]

#21940: OSX updater: consider disabling privilege escalation
-+-
 Reporter:  mcs  |  Owner:  mcs
 Type:  defect   | Status:
 |  needs_review
 Priority:  Medium   |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  ff52-esr, tbb-7.0-must,  |  Actual Points:
  TorBrowserTeam201705R  |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-

Comment (by mcs):

 Yes, we did test the patch. Arthur, please take a look at the patch when
 you have a chance.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #22239 [Metrics/Atlas]: Fix styling issues regarding the graphs and headers

[Tor Bug Tracker & Wiki]

#22239: Fix styling issues regarding the graphs and headers
---+--
 Reporter:  cypherpunks|  Owner:  irl
 Type:  defect | Status:  needs_review
 Priority:  Medium |  Milestone:
Component:  Metrics/Atlas  |Version:
 Severity:  Normal | Resolution:
 Keywords: |  Actual Points:
Parent ID: | Points:
 Reviewer: |Sponsor:
---+--
Changes (by cypherpunks):

 * status:  new => needs_review


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #21797 [Applications/Tor Browser]: Disable Firefox Telemetry experiments in Tor Browser

[Tor Bug Tracker & Wiki]

#21797: Disable Firefox Telemetry experiments in Tor Browser
-+-
 Reporter:  gk   |  Owner:  tbb-
 |  team
 Type:  defect   | Status:
 |  needs_review
 Priority:  Medium   |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  ff52-esr, tbb-7.0-must-alpha,|  Actual Points:
  TorBrowserTeam201705R  |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
 |  Sponsor4
-+-

Comment (by brade):

 r=brade, r=mcs
 Yes, this seems to be defense-in-depth.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #22239 [Metrics/Atlas]: Fix styling issues regarding the graphs and headers

[Tor Bug Tracker & Wiki]

#22239: Fix styling issues regarding the graphs and headers
---+-
 Reporter:  cypherpunks|  Owner:  irl
 Type:  defect | Status:  new
 Priority:  Medium |  Milestone:
Component:  Metrics/Atlas  |Version:
 Severity:  Normal |   Keywords:
Actual Points: |  Parent ID:
   Points: |   Reviewer:
  Sponsor: |
---+-
 Atlas currently has two general styling issues.

 1. Incorrect indentation of the graphs on the relay and bridge pages. The
 graphs are too close to the left margin when compared to the general
 content above them.

 2. Inconsistent use of the page-header class. The page-header class
 accentuate headers by adding a border underneath them.  This class is used
 on the about page but the other pages manually add a horizontal rule to
 achieve the same effect.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #22089 [Applications/Tor Browser]: Add Decentraleyes to stop tracking by large CDNs (resulting in slightly less traffic for exits) in the Tor Browser

[Tor Bug Tracker & Wiki]

#22089: Add Decentraleyes to stop tracking by large CDNs (resulting in slightly
less traffic for exits) in the Tor Browser
+--
 Reporter:  imageverif  |  Owner:  tbb-team
 Type:  enhancement | Status:
|  needs_information
 Priority:  Medium  |  Milestone:
Component:  Applications/Tor Browser|Version:
 Severity:  Normal  | Resolution:
 Keywords:  tbb-usability, tbb-performance  |  Actual Points:
Parent ID:  | Points:
 Reviewer:  |Sponsor:
+--

Comment (by cypherpunks):

 This would be a lot more usefull in an upstream Firefox browser where the
 "exit" stays pretty consistent.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #21726 [Applications/Tor Browser]: Get graphite back into the security slider

[Tor Bug Tracker & Wiki]

#21726: Get graphite back into the security slider
-+-
 Reporter:  gk   |  Owner:  tbb-
 |  team
 Type:  defect   | Status:
 |  needs_review
 Priority:  Medium   |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tbb-torbutton, tbb-security-slider,  |  Actual Points:
  ff52-esr, tbb-7.0-must, TorBrowserTeam201705R  |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-

Comment (by mcs):

 r=brade, r=mcs
 Okay.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #21686 [Applications/Tor Browser]: Don't allow MitM by Microsoft Family Safety in ESR 52

[Tor Bug Tracker & Wiki]

#21686: Don't allow MitM by Microsoft Family Safety in ESR 52
-+-
 Reporter:  gk   |  Owner:  tbb-
 |  team
 Type:  enhancement  | Status:  closed
 Priority:  Medium   |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:  fixed
 Keywords:  ff52-esr, tbb-7.0-must-alpha,|  Actual Points:
  TorBrowserTeam201705R  |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
 |  Sponsor4
-+-
Changes (by gk):

 * status:  needs_review => closed
 * resolution:   => fixed


Comment:

 commit 7406c8357ef42e8ec3fa19dc2bb20e0b9f8f3025 has it, thanks (on `tor-
 browser-52.1.0esr-7.0-2`).

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #21790 [Applications/Tor Browser]: Disable captive portal detection in Tor Browser based on ESR52

[Tor Bug Tracker & Wiki]

#21790: Disable captive portal detection in Tor Browser based on ESR52
-+-
 Reporter:  gk   |  Owner:  tbb-
 |  team
 Type:  defect   | Status:  closed
 Priority:  Medium   |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:  fixed
 Keywords:  ff52-esr, tbb-7.0-must-alpha,|  Actual Points:
  TorBrowserTeam201705R  |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-
Changes (by gk):

 * status:  needs_review => closed
 * resolution:   => fixed


Comment:

 commit 859140af51e3a6e9aee5b745cc2e48d061d7fb4f on `tor-
 browser-52.1.0esr-7.0-2` has it, thanks.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #22238 [Applications/Tor Browser]: The firefox binary in Tor Browser 7.0a3 for Linux is not PIE

[Tor Bug Tracker & Wiki]

#22238: The firefox binary in Tor Browser 7.0a3 for Linux is not PIE
-+-
 Reporter:  boklm|  Owner:  tbb-
 |  team
 Type:  defect   | Status:  closed
 Priority:  Medium   |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:  fixed
 Keywords:  tbb-security, tbb-hardened,  |  Actual Points:
  TorBrowserTeam201705R  |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-
Changes (by gk):

 * status:  needs_review => closed
 * resolution:   => fixed


Comment:

 This is now commit b51157dc9a520a693c2fb27ab3213e3bdf1cb5f1 on `tor-
 browser-52.1.0esr-7.0-2`. Would still be nice to understand what made this
 change necessary.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #21686 [Applications/Tor Browser]: Don't allow MitM by Microsoft Family Safety in ESR 52

[Tor Bug Tracker & Wiki]

#21686: Don't allow MitM by Microsoft Family Safety in ESR 52
-+-
 Reporter:  gk   |  Owner:  tbb-
 |  team
 Type:  enhancement  | Status:
 |  needs_review
 Priority:  Medium   |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  ff52-esr, tbb-7.0-must-alpha,|  Actual Points:
  TorBrowserTeam201705R  |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
 |  Sponsor4
-+-

Comment (by mcs):

 r=brade, r=mcs
 This looks fine.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #22089 [Applications/Tor Browser]: Add Decentraleyes to stop tracking by large CDNs (resulting in slightly less traffic for exits) in the Tor Browser

[Tor Bug Tracker & Wiki]

#22089: Add Decentraleyes to stop tracking by large CDNs (resulting in slightly
less traffic for exits) in the Tor Browser
+--
 Reporter:  imageverif  |  Owner:  tbb-team
 Type:  enhancement | Status:
|  needs_information
 Priority:  Medium  |  Milestone:
Component:  Applications/Tor Browser|Version:
 Severity:  Normal  | Resolution:
 Keywords:  tbb-usability, tbb-performance  |  Actual Points:
Parent ID:  | Points:
 Reviewer:  |Sponsor:
+--

Comment (by imageverif):

 Replying to [comment:7 gk]:
 > Replying to [ticket:22089 imageverif]:
 > What exactly is the tracking vector here? Note as well, that there is no
 single exit relay that gets all the user's browser traffic to see as the
 content loaded and the exit used is bound to the URL bar domain.

 Indeed, it's only the header which is uniform for all TBB users (apart
 from the referrer), and thanks for pointing to TBB's stream isolation, I
 didn't realize that arma's blog post was written before it was implemented
 in the TBB.

 The only real advantage that may apply here is the usability side that I
 mentioned in the
 [https://trac.torproject.org/projects/tor/ticket/22089#comment:1 first
 comment] (and the very small performance gains).

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #22153 [Applications/Tor Browser]: Showing feeds in Tor Browser 7.0a3 is broken with security slider set to medium

[Tor Bug Tracker & Wiki]

#22153: Showing feeds in Tor Browser 7.0a3 is broken with security slider set to
medium
-+-
 Reporter:  gk   |  Owner:  tbb-
 |  team
 Type:  defect   | Status:
 |  needs_review
 Priority:  Medium   |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  ff52-esr, tbb-7.0-must, tbb- |  Actual Points:
  security-slider, TorBrowserTeam201705R |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-
Changes (by gk):

 * status:  new => needs_review
 * keywords:  ff52-esr, tbb-7.0-must, tbb-security-slider => ff52-esr,
 tbb-7.0-must, tbb-security-slider, TorBrowserTeam201705R


Comment:

 Yes, `about:feeds` it is this time. See: `bug_22153`
 (https://gitweb.torproject.org/user/gk/tor-browser-
 bundle.git/commit/?h=bug_22153=f367c1dca399a1b15e3da8e098c1de2d7fd36c72)
 for a fix for review.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #21790 [Applications/Tor Browser]: Disable captive portal detection in Tor Browser based on ESR52

[Tor Bug Tracker & Wiki]

#21790: Disable captive portal detection in Tor Browser based on ESR52
-+-
 Reporter:  gk   |  Owner:  tbb-
 |  team
 Type:  defect   | Status:
 |  needs_review
 Priority:  Medium   |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  ff52-esr, tbb-7.0-must-alpha,|  Actual Points:
  TorBrowserTeam201705R  |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-

Comment (by mcs):

 r=brade, r=mcs
 Looks good.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #21683 [Applications/Tor Browser]: Make sure safebrowsing is still disabled in ESR 52

[Tor Bug Tracker & Wiki]

#21683: Make sure safebrowsing is still disabled in ESR 52
-+-
 Reporter:  gk   |  Owner:  tbb-
 |  team
 Type:  task | Status:
 |  needs_review
 Priority:  High |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Major| Resolution:
 Keywords:  ff52-esr, tbb-proxy-bypass, tbb-7.0  |  Actual Points:
  -must-alpha, TorBrowserTeam201705R |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
 |  Sponsor4
-+-

Comment (by mcs):

 r=brade, r=mcs
 Looks good to us. We also saw the following URL-based prefs but maybe they
 are only used for secondary queries?
 {{{
 browser.safebrowsing.provider.google.gethashURL
 browser.safebrowsing.provider.google4.gethashURL
 browser.safebrowsing.provider.mozilla.gethashURL
 }}}

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #22238 [Applications/Tor Browser]: The firefox binary in Tor Browser 7.0a3 for Linux is not PIE

[Tor Bug Tracker & Wiki]

#22238: The firefox binary in Tor Browser 7.0a3 for Linux is not PIE
-+-
 Reporter:  boklm|  Owner:  tbb-
 |  team
 Type:  defect   | Status:
 |  needs_review
 Priority:  Medium   |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tbb-security, tbb-hardened,  |  Actual Points:
  TorBrowserTeam201705R  |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-

Comment (by gk):

 Do you know what changed to make this necessary now? We did not change the
 compiler version and we still have `export DEB_BUILD_HARDENING_PIE=1`.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #21183 [User Experience]: Basic Usability Issues

[Tor Bug Tracker & Wiki]

#21183: Basic Usability Issues
+-
 Reporter:  ninavizz|  Owner:
 Type:  defect  | Status:  new
 Priority:  Medium  |  Milestone:
Component:  User Experience |Version:
 Severity:  Normal  | Resolution:
 Keywords:  UX, UI, torbrowser  |  Actual Points:
Parent ID:  #20843  | Points:
 Reviewer:  |Sponsor:
+-

Comment (by i139):

 what I understand about this changes.
 now TBB use TorButton with six 'elements'

 {{{
 A. new identity
 B. new tor circuit for this site
 C. security settings
 D. tor network settings
 E. check for tor browser updates
 F. tor circuit for this site
 }}}

 in this propose, those elements will be implemented in three buttons,
 rather than just one. but maybe two is enough.

 well

 The TBB will count on

 {{{
 1. intenty button (A. new identity)
 2. circuit button (B. new tor circuit for this site F. tor circuit for
 this site)
 3. security button (C. security settings)
 }}}

 at least, two elements have to be put in another place

 {{{
 D. tor network settings
 E. check for tor browser updates
 }}}

 in my vision is more logical start with those changes moving elements D
 and E. I think put one shortcut in the 'Firefox menu' is enough for
 maintain they visible on TBB

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #22238 [Applications/Tor Browser]: The firefox binary in Tor Browser 7.0a3 for Linux is not PIE

[Tor Bug Tracker & Wiki]

#22238: The firefox binary in Tor Browser 7.0a3 for Linux is not PIE
-+-
 Reporter:  boklm|  Owner:  tbb-
 |  team
 Type:  defect   | Status:
 |  needs_review
 Priority:  Medium   |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tbb-security, tbb-hardened,  |  Actual Points:
  TorBrowserTeam201705R  |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-
Changes (by boklm):

 * keywords:  tbb-security, tbb-hardened => tbb-security, tbb-hardened,
 TorBrowserTeam201705R
 * status:  new => needs_review


Comment:

 I attached a patch adding `ac_add_options --enable-pie`. I checked in a
 build with rbm that it makes the firefox binary PIE.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #22238 [Applications/Tor Browser]: The firefox binary in Tor Browser 7.0a3 for Linux is not PIE

[Tor Bug Tracker & Wiki]

#22238: The firefox binary in Tor Browser 7.0a3 for Linux is not PIE
-+-
 Reporter:  boklm|  Owner:  tbb-team
 Type:  defect   | Status:  new
 Priority:  Medium   |  Milestone:
Component:  Applications/Tor |Version:
  Browser|   Keywords:  tbb-security, tbb-
 Severity:  Normal   |  hardened
Actual Points:   |  Parent ID:
   Points:   |   Reviewer:
  Sponsor:   |
-+-
 The `firefox`, `plugin-container` and `updater` binaries are not PIE.

 We can fix that by adding `ac_add_options --enable-pie` to the mozconfig
 file.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #22071 [Applications/Tor Browser]: Disable redundant Kinto based blocklist update mechanism

[Tor Bug Tracker & Wiki]

#22071: Disable redundant Kinto based blocklist update mechanism
-+-
 Reporter:  gk   |  Owner:  tbb-
 |  team
 Type:  enhancement  | Status:
 |  needs_review
 Priority:  Medium   |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  ff52-esr, tbb-7.0-must,  |  Actual Points:
  TorBrowserTeam201705R  |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-
Changes (by gk):

 * status:  new => needs_review


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #21797 [Applications/Tor Browser]: Disable Firefox Telemetry experiments in Tor Browser

[Tor Bug Tracker & Wiki]

#21797: Disable Firefox Telemetry experiments in Tor Browser
-+-
 Reporter:  gk   |  Owner:  tbb-
 |  team
 Type:  defect   | Status:
 |  needs_review
 Priority:  Medium   |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  ff52-esr, tbb-7.0-must-alpha,|  Actual Points:
  TorBrowserTeam201705R  |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
 |  Sponsor4
-+-
Changes (by gk):

 * status:  new => needs_review
 * keywords:  ff52-esr, tbb-7.0-must-alpha => ff52-esr, tbb-7.0-must-alpha,
 TorBrowserTeam201705R


Comment:

 `bug_21797` (https://gitweb.torproject.org/user/gk/tor-
 browser.git/commit/?h=bug_21797=c56819cf6e7f9f394d2ce8553ccd77f7a6559644)
 has a proposed fix up for review. (Although, looking at the code it seems
 to me this is more of a defense-in-depth).

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #22072 [Applications/Tor Browser]: Disable SSL error reporting in Tor Browser ESR52

[Tor Bug Tracker & Wiki]

#22072: Disable SSL error reporting in Tor Browser ESR52
-+-
 Reporter:  gk   |  Owner:  tbb-
 |  team
 Type:  defect   | Status:
 |  needs_review
 Priority:  Medium   |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  ff52-esr, tbb-7.0-must,  |  Actual Points:
  TorBrowserTeam201705R  |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-
Changes (by gk):

 * keywords:  ff52-esr, tbb-7.0-must => ff52-esr, tbb-7.0-must,
 TorBrowserTeam201705R
 * status:  new => needs_review


Comment:

 `bug_22072` (https://gitweb.torproject.org/user/gk/tor-
 browser.git/commit/?h=bug_22072=e4848686fd6078cd9cbdf3c8a9fe979f0f9a7283)
 has a patch for review. I left the URL in because that makes it easier for
 folks who really want to send those things to Mozilla.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #22071 [Applications/Tor Browser]: Disable redundant Kinto based blocklist update mechanism

[Tor Bug Tracker & Wiki]

#22071: Disable redundant Kinto based blocklist update mechanism
-+-
 Reporter:  gk   |  Owner:  tbb-
 |  team
 Type:  enhancement  | Status:  new
 Priority:  Medium   |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  ff52-esr, tbb-7.0-must,  |  Actual Points:
  TorBrowserTeam201705R  |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-
Changes (by gk):

 * keywords:  ff52-esr, tbb-7.0-must => ff52-esr, tbb-7.0-must,
 TorBrowserTeam201705R


Comment:

 `bug_22071` (https://gitweb.torproject.org/user/gk/tor-
 browser.git/commit/?h=bug_22071=5e140b4c585d4c7f6bc175a7ed51caf24376f41b)
 has a fix ready for review.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #22204 [Core Tor/Tor]: I can't list a relay in my EntryNodes if it doesn't have the Guard flag

[Tor Bug Tracker & Wiki]

#22204: I can't list a relay in my EntryNodes if it doesn't have the Guard flag
-+
 Reporter:  arma |  Owner:  nickm
 Type:  defect   | Status:  accepted
 Priority:  Medium   |  Milestone:  Tor: 0.3.1.x-final
Component:  Core Tor/Tor |Version:  Tor: 0.3.0.6
 Severity:  Normal   | Resolution:
 Keywords:  030-backport regression  |  Actual Points:
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+

Comment (by nickm):

 So, hm. This seemed easy to change, but I think it's actually a bit
 tricky.  See, when somebody says "EntryNodes {de}", they probably should
 only get guard-flagged relays.  But when somebody says "EntryNodes
 $fp1,$fp2" they probably want $fp1 and $fp2 whether they are guards or
 not.

 One way we could resolve this is, if the EntryNodes line contains _only_
 fingerprints, we build the {GUARDS} set from the EntryNodes directly.  In
 this case we'd want to force use of the "restricted" set, or possible a
 new "enumerated" set.

 But either way, this is more than a quick fix.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #21726 [Applications/Tor Browser]: Get graphite back into the security slider

[Tor Bug Tracker & Wiki]

#21726: Get graphite back into the security slider
-+-
 Reporter:  gk   |  Owner:  tbb-
 |  team
 Type:  defect   | Status:
 |  needs_review
 Priority:  Medium   |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tbb-torbutton, tbb-security-slider,  |  Actual Points:
  ff52-esr, tbb-7.0-must, TorBrowserTeam201705R  |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-
Changes (by gk):

 * status:  new => needs_review
 * keywords:  tbb-torbutton, tbb-security-slider, ff52-esr, tbb-7.0-must =>
 tbb-torbutton, tbb-security-slider, ff52-esr, tbb-7.0-must,
 TorBrowserTeam201705R


Comment:

 Mozilla keep still finding critical bugs in this piece of code. Let's keep
 it disabled for the time being. `bug_21726`
 (https://gitweb.torproject.org/user/gk/tor-
 browser.git/commit/?h=bug_21726=b3a33a1823f8f7047e9bf53f1cbc8a98e27738a4)
 has a patch up for review.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #13056 [Applications/Tor Browser]: Some stack canaries are still missing on Tor Browser binaries on Linux

[Tor Bug Tracker & Wiki]

#13056: Some stack canaries are still missing on Tor Browser binaries on Linux
+--
 Reporter:  gk  |  Owner:  tbb-team
 Type:  defect  | Status:  new
 Priority:  Medium  |  Milestone:
Component:  Applications/Tor Browser|Version:
 Severity:  Normal  | Resolution:
 Keywords:  tbb-security, tbb-hardened  |  Actual Points:
Parent ID:  | Points:
 Reviewer:  |Sponsor:
+--

Comment (by boklm):

 In ESR52 builds, `libmozsandbox.so` is also missing stack canaries.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #21953 [Core Tor/Tor]: Dealing with Tor hardening on Windows properly

[Tor Bug Tracker & Wiki]

#21953: Dealing with Tor hardening on Windows properly
---+---
 Reporter:  cypherpunks|  Owner:
 Type:  defect | Status:  merge_ready
 Priority:  Medium |  Milestone:  Tor:
   |  0.3.0.x-final
Component:  Core Tor/Tor   |Version:
 Severity:  Normal | Resolution:
 Keywords:  030-backport 029-backport  |  Actual Points:
Parent ID: | Points:  0.1
 Reviewer: |Sponsor:
---+---
Changes (by nickm):

 * milestone:  Tor: 0.3.1.x-final => Tor: 0.3.0.x-final


Comment:

 Merging to 0.3.1; if it works out we can backport.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #22235 [Metrics/Metrics website]: Add new graph showing the average onion service descriptor count per directory

[Tor Bug Tracker & Wiki]

#22235: Add new graph showing the average onion service descriptor count per
directory
-+--
 Reporter:  karsten  |  Owner:  metrics-team
 Type:  enhancement  | Status:  new
 Priority:  Medium   |  Milestone:
Component:  Metrics/Metrics website  |Version:
 Severity:  Normal   | Resolution:
 Keywords:   |  Actual Points:
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+--

Comment (by asn):

 Replying to [comment:4 karsten]:
 > Regarding your question about the unit, in retrospect, we might compute
 this number directly from reported hidserv statistics.  After all, relays
 report to us how many distinct onion services they have seen throughout
 the day.  No need to extrapolate that to the network total and divide by
 the number of HSDirs.  We could compute this average directly.  That would
 require some more code, but the result would be more accurate.  I think.

 Yep agreed.

 I like this graph. It might come useful in the future!

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #22050 [Metrics/Consensus Health]: Consensus health is concerned about missing reveal values but it shouldn't

[Tor Bug Tracker & Wiki]

#22050: Consensus health is concerned about missing reveal values but it 
shouldn't
-+
 Reporter:  asn  |  Owner:  tom
 Type:  defect   | Status:  closed
 Priority:  Medium   |  Milestone:
Component:  Metrics/Consensus Health |Version:
 Severity:  Normal   | Resolution:  fixed
 Keywords:  tor-hs consensus health tor-srv  |  Actual Points:
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+

Comment (by asn):

 I think that works out! Thanks!

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #20761 [Applications/Tor Launcher]: Tor Browser 6.5a4 is ignoring additional SocksPorts

[Tor Bug Tracker & Wiki]

#20761: Tor Browser 6.5a4 is ignoring additional SocksPorts
---+--
 Reporter:  gk |  Owner:  mcs
 Type:  defect | Status:  closed
 Priority:  Medium |  Milestone:
Component:  Applications/Tor Launcher  |Version:
 Severity:  Normal | Resolution:  fixed
 Keywords:  TorBrowserTeam201705R  |  Actual Points:
Parent ID: | Points:
 Reviewer: |Sponsor:  Sponsor4
---+--
Changes (by gk):

 * status:  needs_review => closed
 * resolution:   => fixed


Comment:

 Let's ship it! commit 3f32f7a6dd4970936cc49d988369a61efa87c031 on tor-
 browser-bundle `master` and commit
 5154173e0facfff26bede4c37d2c47669350d0ff +
 485ba9456724e38b661c90dccc90322c74fa405f on tor-launcher `master` have the
 code.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #22089 [Applications/Tor Browser]: Add Decentraleyes to stop tracking by large CDNs (resulting in slightly less traffic for exits) in the Tor Browser

[Tor Bug Tracker & Wiki]

#22089: Add Decentraleyes to stop tracking by large CDNs (resulting in slightly
less traffic for exits) in the Tor Browser
+--
 Reporter:  imageverif  |  Owner:  tbb-team
 Type:  enhancement | Status:
|  needs_information
 Priority:  Medium  |  Milestone:
Component:  Applications/Tor Browser|Version:
 Severity:  Normal  | Resolution:
 Keywords:  tbb-usability, tbb-performance  |  Actual Points:
Parent ID:  | Points:
 Reviewer:  |Sponsor:
+--
Changes (by gk):

 * status:  new => needs_information


Comment:

 Replying to [ticket:22089 imageverif]:
 > For those who don't know what it does: "Protects you against tracking
 through "free", centralized, content delivery. It prevents a lot of
 requests from reaching networks like Google Hosted Libraries, and serves
 local files to keep sites from breaking. Complements regular content
 blockers."[1]

 What exactly is the tracking vector here? Note as well, that there is no
 single exit relay that gets all the user's browser traffic to see as the
 content loaded and the exit used is bound to the URL bar domain.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #21940 [Applications/Tor Browser]: OSX updater: consider disabling privilege escalation

[Tor Bug Tracker & Wiki]

#21940: OSX updater: consider disabling privilege escalation
-+-
 Reporter:  mcs  |  Owner:  mcs
 Type:  defect   | Status:
 |  needs_review
 Priority:  Medium   |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  ff52-esr, tbb-7.0-must,  |  Actual Points:
  TorBrowserTeam201705R  |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-

Comment (by gk):

 Replying to [comment:9 mcs]:
 > Here is the patch:
 > https://gitweb.torproject.org/user/brade/tor-
 browser.git/commit/?h=bug21940-01=9d7f583bd7aeea524c9ca0f8c83016b348e11e37
 > Some of the changes involve C++ code, so two reviews are needed. The
 patch is fairly small though.

 Looks good to me. I did not test the patch (but assume you did :) ) but
 just compiled the code and looked over the changes.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #21790 [Applications/Tor Browser]: Disable captive portal detection in Tor Browser based on ESR52

[Tor Bug Tracker & Wiki]

#21790: Disable captive portal detection in Tor Browser based on ESR52
-+-
 Reporter:  gk   |  Owner:  tbb-
 |  team
 Type:  defect   | Status:
 |  needs_review
 Priority:  Medium   |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  ff52-esr, tbb-7.0-must-alpha,|  Actual Points:
  TorBrowserTeam201705R  |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-
Changes (by gk):

 * keywords:  ff52-esr, tbb-7.0-must-alpha => ff52-esr, tbb-7.0-must-alpha,
 TorBrowserTeam201705R
 * status:  new => needs_review


Comment:

 `bug_21790` (https://gitweb.torproject.org/user/gk/tor-
 browser.git/commit/?h=bug_21790=4f309e0bc45f7fc523e8f366331c9ecd9fdffa97)
 has a proposed fix up for review.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #21769 [User Experience/Website]: CSP blocks Tor Debian Instructions' Javascript

[Tor Bug Tracker & Wiki]

#21769: CSP blocks Tor Debian Instructions' Javascript
-+--
 Reporter:  tom  |  Owner:  hiro
 Type:  defect   | Status:  new
 Priority:  Medium   |  Milestone:
Component:  User Experience/Website  |Version:
 Severity:  Normal   | Resolution:
 Keywords:   |  Actual Points:
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+--

Comment (by hiro):

 This was related to a JS development extension I was using to debug the
 error. It was interpreting the headers returning from the page and
 throwing an error.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #21686 [Applications/Tor Browser]: Don't allow MitM by Microsoft Family Safety in ESR 52

[Tor Bug Tracker & Wiki]

#21686: Don't allow MitM by Microsoft Family Safety in ESR 52
-+-
 Reporter:  gk   |  Owner:  tbb-
 |  team
 Type:  enhancement  | Status:
 |  needs_review
 Priority:  Medium   |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  ff52-esr, tbb-7.0-must-alpha,|  Actual Points:
  TorBrowserTeam201705R  |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
 |  Sponsor4
-+-
Changes (by gk):

 * keywords:  ff52-esr, tbb-7.0-must-alpha => ff52-esr, tbb-7.0-must-alpha,
 TorBrowserTeam201705R
 * status:  new => needs_review


Comment:

 `bug_21686` (https://gitweb.torproject.org/user/gk/tor-
 browser.git/commit/?h=bug_21686=b06f539b513d463b2473b6bf1c53620bc79d46fb)
 in my public repo has the preference flip.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #21683 [Applications/Tor Browser]: Make sure safebrowsing is still disabled in ESR 52

[Tor Bug Tracker & Wiki]

#21683: Make sure safebrowsing is still disabled in ESR 52
-+-
 Reporter:  gk   |  Owner:  tbb-
 |  team
 Type:  task | Status:
 |  needs_review
 Priority:  High |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Major| Resolution:
 Keywords:  ff52-esr, tbb-proxy-bypass, tbb-7.0  |  Actual Points:
  -must-alpha, TorBrowserTeam201705R |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
 |  Sponsor4
-+-
Changes (by gk):

 * status:  needs_information => needs_review
 * keywords:  ff52-esr, tbb-proxy-bypass, tbb-7.0-must-alpha => ff52-esr,
 tbb-proxy-bypass, tbb-7.0-must-alpha, TorBrowserTeam201705R


Comment:

 `bug_21683` (https://gitweb.torproject.org/user/gk/tor-
 browser.git/commit/?h=bug_21683=92aaa8dfa72ddafc2a83e28863ecab3204b3a913)
 has a patch for review. I set the URLs to `""` as a defense in depth.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #22235 [Metrics/Metrics website]: Add new graph showing the average onion service descriptor count per directory

[Tor Bug Tracker & Wiki]

#22235: Add new graph showing the average onion service descriptor count per
directory
-+--
 Reporter:  karsten  |  Owner:  metrics-team
 Type:  enhancement  | Status:  new
 Priority:  Medium   |  Milestone:
Component:  Metrics/Metrics website  |Version:
 Severity:  Normal   | Resolution:
 Keywords:   |  Actual Points:
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+--

Comment (by karsten):

 Heh, yes, this graph should start in 2015.  I made all graphs for the same
 time period.  If we put this graph on Tor Metrics, the time period would
 certainly be configurable.  I'm updating the graph anyway.

 [[Image(hidserv-descs-per-hsdir.2.png)]]

 Regarding your question about the unit, in retrospect, we might compute
 this number directly from reported hidserv statistics.  After all, relays
 report to us how many distinct onion services they have seen throughout
 the day.  No need to extrapolate that to the network total and divide by
 the number of HSDirs.  We could compute this average directly.  That would
 require some more code, but the result would be more accurate.  I think.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #22237 [Metrics/Atlas]: Fix broken links

[Tor Bug Tracker & Wiki]

#22237: Fix broken links
---+--
 Reporter:  cypherpunks|  Owner:  irl
 Type:  defect | Status:  needs_review
 Priority:  Medium |  Milestone:
Component:  Metrics/Atlas  |Version:
 Severity:  Normal | Resolution:
 Keywords: |  Actual Points:
Parent ID: | Points:
 Reviewer: |Sponsor:
---+--
Changes (by cypherpunks):

 * status:  new => needs_review


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #22237 [Metrics/Atlas]: Fix broken links

[Tor Bug Tracker & Wiki]

#22237: Fix broken links
---+-
 Reporter:  cypherpunks|  Owner:  irl
 Type:  defect | Status:  new
 Priority:  Medium |  Milestone:
Component:  Metrics/Atlas  |Version:
 Severity:  Normal |   Keywords:
Actual Points: |  Parent ID:
   Points: |   Reviewer:
  Sponsor: |
---+-
 According to the W3C Link Checker there are some broken links. See
 [https://validator.w3.org/checklink?uri=atlas.torproject.org]

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #22236 [Metrics/Metrics website]: Add new graph showing directory traffic as percentage of all traffic

[Tor Bug Tracker & Wiki]

#22236: Add new graph showing directory traffic as percentage of all traffic
-+--
 Reporter:  karsten  |  Owner:  metrics-team
 Type:  enhancement  | Status:  new
 Priority:  Medium   |  Milestone:
Component:  Metrics/Metrics website  |Version:
 Severity:  Normal   | Resolution:
 Keywords:   |  Actual Points:
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+--

Comment (by karsten):

 Well, Mike also asked me to make another, related graph on traffic
 generated per user.  I'm attaching that one as well.  It's this one:

 [[Image(bwhist-per-user.png​)]]

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #22235 [Metrics/Metrics website]: Add new graph showing the average onion service descriptor count per directory

[Tor Bug Tracker & Wiki]

#22235: Add new graph showing the average onion service descriptor count per
directory
-+--
 Reporter:  karsten  |  Owner:  metrics-team
 Type:  enhancement  | Status:  new
 Priority:  Medium   |  Milestone:
Component:  Metrics/Metrics website  |Version:
 Severity:  Normal   | Resolution:
 Keywords:   |  Actual Points:
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+--

Comment (by arma):

 Also, what are the units on this? Descriptors for unique onion addresses,
 per day? Meaning it spiked up to each hsdir handling descriptors for 200
 distinct onion addresses per day?

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #22235 [Metrics/Metrics website]: Add new graph showing the average onion service descriptor count per directory

[Tor Bug Tracker & Wiki]

#22235: Add new graph showing the average onion service descriptor count per
directory
-+--
 Reporter:  karsten  |  Owner:  metrics-team
 Type:  enhancement  | Status:  new
 Priority:  Medium   |  Milestone:
Component:  Metrics/Metrics website  |Version:
 Severity:  Normal   | Resolution:
 Keywords:   |  Actual Points:
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+--

Comment (by arma):

 Maybe this graph should start in 2015? :)

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #21685 [Applications/Tor Browser]: Remote New Tab pages have access to internal browser APIs in Firefox 52

[Tor Bug Tracker & Wiki]

#21685: Remote New Tab pages have access to internal browser APIs in Firefox 52
-+-
 Reporter:  gk   |  Owner:  tbb-
 |  team
 Type:  defect   | Status:  closed
 Priority:  High |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:  fixed
 Keywords:  ff52-esr, tbb-7.0-must-alpha,|  Actual Points:
  TorBrowserTeam201705R  |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
 |  Sponsor4
-+-
Changes (by gk):

 * status:  needs_review => closed
 * resolution:   => fixed


Comment:

 Patch applied, thanks (commit 611b3ff60078725f036e253c5d10a3d01d8fde90 on
 `tor-browser-52.1.0esr-7.0-2`)

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #22236 [Metrics/Metrics website]: Add new graph showing directory traffic as percentage of all traffic

[Tor Bug Tracker & Wiki]

#22236: Add new graph showing directory traffic as percentage of all traffic
-+--
 Reporter:  karsten  |  Owner:  metrics-team
 Type:  enhancement  | Status:  new
 Priority:  Medium   |  Milestone:
Component:  Metrics/Metrics website  |Version:
 Severity:  Normal   | Resolution:
 Keywords:   |  Actual Points:
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+--

Comment (by arma):

 Huh. Basically it looks like the user graph.

 I wonder if there's a way to normalize it somehow. It would lose the
 "fraction of total bandwidth" aspect, but maybe it would help us
 understand whether, per client, things are looking better or worse over
 time.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #22236 [Metrics/Metrics website]: Add new graph showing directory traffic as percentage of all traffic

[Tor Bug Tracker & Wiki]

#22236: Add new graph showing directory traffic as percentage of all traffic
-+--
 Reporter:  karsten  |  Owner:  metrics-team
 Type:  enhancement  | Status:  new
 Priority:  Medium   |  Milestone:
Component:  Metrics/Metrics website  |Version:
 Severity:  Normal   | Resolution:
 Keywords:   |  Actual Points:
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+--

Comment (by karsten):

 Here's the sample graph I made a few weeks ago:

 [[Image(dirbytes-fraction.png​)]]

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #22236 [Metrics/Metrics website]: Add new graph showing directory traffic as percentage of all traffic

[Tor Bug Tracker & Wiki]

#22236: Add new graph showing directory traffic as percentage of all traffic
-+--
 Reporter:  karsten  |  Owner:  metrics-team
 Type:  enhancement  | Status:  new
 Priority:  Medium   |  Milestone:
Component:  Metrics/Metrics website  |Version:
 Severity:  Normal   |   Keywords:
Actual Points:   |  Parent ID:
   Points:   |   Reviewer:
  Sponsor:   |
-+--
 Mike asked me a while ago to make a graph showing what fraction of network
 capacity is spent on directory traffic as an easy way to measure directory
 overhead.  The idea was that this graph should trend down as we make
 directory fetches more efficient, but that it could trend up if we add a
 bunch of clients that don't do much other than download the consensus.

 We already have two related graphs,
 [https://metrics.torproject.org/bandwidth.html Total relay bandwidth] and
 [https://metrics.torproject.org/dirbytes.html Bandwidth spent on answering
 directory requests], and this new graph would basically combine those two.

 I made a sample graph that I'll attach to this ticket together with the
 code to make that graph.

 Let's use this ticket to discuss whether such a graph would be useful to
 have on Tor Metrics, and if so, let's use it to write a useful description
 and work on a metrics-web patch.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #22235 [Metrics/Metrics website]: Add new graph showing the average onion service descriptor count per directory

[Tor Bug Tracker & Wiki]

#22235: Add new graph showing the average onion service descriptor count per
directory
-+--
 Reporter:  karsten  |  Owner:  metrics-team
 Type:  enhancement  | Status:  new
 Priority:  Medium   |  Milestone:
Component:  Metrics/Metrics website  |Version:
 Severity:  Normal   | Resolution:
 Keywords:   |  Actual Points:
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+--

Comment (by karsten):

 Here's the sample graph I made a few weeks ago:

 [[Image(hidserv-descs-per-hsdir.png)]]

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs