Re: [tor-bugs] #26214 [Core Tor/Tor]: Check stream SENDME against max

[Tor Bug Tracker & Wiki]

#26214: Check stream SENDME against max
--+
 Reporter:  mikeperry |  Owner:  mikeperry
 Type:  defect| Status:  needs_review
 Priority:  Medium|  Milestone:  Tor: 0.3.4.x-final
Component:  Core Tor/Tor  |Version:
 Severity:  Normal| Resolution:
 Keywords:|  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:  SponsorV-can
--+
Changes (by mikeperry):

 * status:  assigned => needs_review


Comment:

 https://github.com/torproject/tor/pull/123

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #26214 [Core Tor/Tor]: Check stream SENDME against max

[Tor Bug Tracker & Wiki]

#26214: Check stream SENDME against max
--+
 Reporter:  mikeperry |  Owner:  mikeperry
 Type:  defect| Status:  assigned
 Priority:  Medium|  Milestone:  Tor: 0.3.4.x-final
Component:  Core Tor/Tor  |Version:
 Severity:  Normal|   Keywords:
Actual Points:|  Parent ID:
   Points:|   Reviewer:
  Sponsor:  SponsorV-can  |
--+
 In connection_edge_process_relay_cell() under the RELAY_COMMAND_SENDME
 handling, we check the circuit-level sendme against the window START_MAX,
 but we do not check the stream level SENDME against any max

 This means that an attacker can send as many stream-level sendme's on a
 circuit as they like, inflating the stream window as large as they like.
 This might be a serious OOM bug, but the circuit level SENDME check should
 prevent that, I think.

 Even so, it would be nice to fix this in 0.3.4, so that the vanguards
 script's detection of invalid/dropped circuit data is more accurate.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #26207 [Core Tor/Stem]: Stem 1.6.0 incompatible with PyPy 5.6.0

[Tor Bug Tracker & Wiki]

#26207: Stem 1.6.0 incompatible with PyPy 5.6.0
---+
 Reporter:  mikeperry  |  Owner:  atagar
 Type:  defect | Status:  closed
 Priority:  Medium |  Milestone:
Component:  Core Tor/Stem  |Version:
 Severity:  Normal | Resolution:  fixed
 Keywords: |  Actual Points:
Parent ID: | Points:
 Reviewer: |Sponsor:
---+

Comment (by teor):

 Pypy also comes in python 2.7 and python 3.5 compatible flavours. I'm not
 sure if you want to test both.
 http://pypy.org/download.html

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #26207 [Core Tor/Stem]: Stem 1.6.0 incompatible with PyPy 5.6.0

[Tor Bug Tracker & Wiki]

#26207: Stem 1.6.0 incompatible with PyPy 5.6.0
---+
 Reporter:  mikeperry  |  Owner:  atagar
 Type:  defect | Status:  closed
 Priority:  Medium |  Milestone:
Component:  Core Tor/Stem  |Version:
 Severity:  Normal | Resolution:  fixed
 Keywords: |  Actual Points:
Parent ID: | Points:
 Reviewer: |Sponsor:
---+
Changes (by atagar):

 * status:  new => closed
 * resolution:   => fixed


Comment:

 Thanks Mike! PyPy compatibility fixed, and added checking it to our
 release instructions.

 https://gitweb.torproject.org/stem.git/commit/?id=c52db04

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #26208 [Core Tor/Tor]: Bug: Non-fatal assertion info failed in onion_extend_cpath Tor 0.3.3.6

[Tor Bug Tracker & Wiki]

#26208: Bug: Non-fatal assertion info failed in onion_extend_cpath Tor 0.3.3.6
---+---
 Reporter:  Dbryrtfbcbhgf  |  Owner:  (none)
 Type:  defect | Status:  closed
 Priority:  Medium |  Milestone:
Component:  Core Tor/Tor   |Version:
 Severity:  Normal | Resolution:  duplicate
 Keywords: |  Actual Points:
Parent ID:  #25692 | Points:
 Reviewer: |Sponsor:
---+---
Changes (by teor):

 * status:  new => closed
 * resolution:   => duplicate
 * parent:   => #25692


Comment:

 This is a duplicate of #25692. Please use 0.3.2 or 0.3.4.1-alpha until it
 is backported to 0.3.3.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #26188 [Core Tor/Tor]: Bug: src/or/circuitbuild.c:2779

[Tor Bug Tracker & Wiki]

#26188: Bug: src/or/circuitbuild.c:2779
--+--
 Reporter:  cypherpunks   |  Owner:  (none)
 Type:  defect| Status:  closed
 Priority:  Medium|  Milestone:
Component:  Core Tor/Tor  |Version:  Tor: 0.3.3.6
 Severity:  Normal| Resolution:  duplicate
 Keywords:|  Actual Points:
Parent ID:  #25692| Points:
 Reviewer:|Sponsor:
--+--
Changes (by teor):

 * parent:   => #25692


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #26029 [Core Tor/Tor]: onion_extend_cpath

[Tor Bug Tracker & Wiki]

#26029: onion_extend_cpath
--+
 Reporter:  whiteshield   |  Owner:  (none)
 Type:  defect| Status:  closed
 Priority:  Medium|  Milestone:  Tor: 0.3.5.x-final
Component:  Core Tor/Tor  |Version:  Tor: 0.3.3.5-rc
 Severity:  Normal| Resolution:  duplicate
 Keywords:  tor-windows   |  Actual Points:
Parent ID:  #25691| Points:
 Reviewer:|Sponsor:
--+
Changes (by teor):

 * parent:   => #25691


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #26212 [Applications/Tor Browser]: Use digital signature verification to prevent modification of omni.ja

[Tor Bug Tracker & Wiki]

#26212: Use digital signature verification to prevent modification of omni.ja
--+--
 Reporter:  indigotime|  Owner:  tbb-team
 Type:  enhancement   | Status:  new
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:
 Keywords:|  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+--

Comment (by teor):

 For some operating systems, like macOS, the entire application directory
 is covered by the digital signature on the application (not the downloaded
 dmg file, which has a separate signature). So if any file is modified, the
 application will fail to launch.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #26132 [Metrics/Onionoo]: Fix the Expires header on relay search

[Tor Bug Tracker & Wiki]

#26132: Fix the Expires header on relay search
-+--
 Reporter:  teor |  Owner:  metrics-team
 Type:  defect   | Status:  assigned
 Priority:  Medium   |  Milestone:
Component:  Metrics/Onionoo  |Version:
 Severity:  Normal   | Resolution:
 Keywords:   |  Actual Points:
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+--
Changes (by irl):

 * owner:  irl => metrics-team
 * status:  needs_information => assigned
 * component:  Metrics/Relay Search => Metrics/Onionoo


Comment:

 It looks like adding the `must-revalidate` header to Onionoo responses
 will fix this, assuming that mobile Safari honours it.

 > Servers SHOULD send the `must-revalidate` directive if and only if
 failure to revalidate a request on the entity could result in incorrect
 operation, such as a silently unexecuted financial transaction. Recipients
 MUST NOT take any automated action that violates this directive, and MUST
 NOT automatically provide an unvalidated copy of the entity if
 revalidation fails.

 This does seem like an extreme step to take though. Safari should really
 be honouring the `max-age=` directive unless it has bad connectivity.

 Reassigning to metrics-team as I won't have any more time to progress this
 week.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #26213 [Internal Services/Tor Sysadmin Team]: Install python-cryptography on carinatum

[Tor Bug Tracker & Wiki]

#26213: Install python-cryptography on carinatum
-+-
 Reporter:  atagar   |  Owner:  tpa
 Type:  enhancement  | Status:  new
 Priority:  Medium   |  Milestone:
Component:  Internal Services/Tor Sysadmin Team  |Version:
 Severity:  Normal   |   Keywords:
Actual Points:   |  Parent ID:
   Points:   |   Reviewer:
  Sponsor:   |
-+-
 Hi lovely sysadmins. I'm attempting to run a new DocTor check on carinatum
 that uses tor's ORPort. This requires python's cryptography module which
 should be installable via either 'apt-get install python-cryptography' or
 'pip install cryptography'.

 Thanks!

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #26073 [Applications/Tor Browser]: patch tor-browser-build.git for Firefox 60 ESR

[Tor Bug Tracker & Wiki]

#26073: patch tor-browser-build.git for Firefox 60 ESR
+--
 Reporter:  arthuredelstein |  Owner:  tbb-team
 Type:  defect  | Status:
|  needs_revision
 Priority:  Very High   |  Milestone:
Component:  Applications/Tor Browser|Version:
 Severity:  Normal  | Resolution:
 Keywords:  TorBrowserTeam201805, ff60-esr  |  Actual Points:
Parent ID:  | Points:
 Reviewer:  |Sponsor:
+--
Changes (by gk):

 * status:  needs_review => needs_revision


Comment:

 Okay, `tor-browser-60.0.1esr-8.0-1` is a thing now. Looking at the commits
 in your `bug-26073` a general thing I noticed, please make sure the
 commits on `bug-26073` are still needed for the final branch. For instance
 there is no reason for us to merge
 71f7fd76779cb4b4a96ac17a80a82e5de64d0924 to `master`. It's been a WIP
 commit. Moreover, it's not been correct in the sense that it has been
 changing much more than just the nightly related branch. You only need to
 change the `git_hash` part in
 {{{
   nightly:
 git_hash: 'tor-browser-[% c("var/firefox_version") %]-[%
 c("var/torbrowser_branch") %]-1'
 tag_gpg_id: 0
 var:
   torbrowser_update_channel: default
 }}}
 + `firefox_platform_version`.

 e7b62d616f4a339257c69f2b895802c015b829eb does not need to get merged
 either. Just add a clean commit starting from `master` dealing with the
 lang packs. Etc.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #25543 [Applications/Tor Browser]: Rebase Tor Browser patches for ESR60

[Tor Bug Tracker & Wiki]

#25543: Rebase Tor Browser patches for ESR60
-+-
 Reporter:  gk   |  Owner:
 |  arthuredelstein
 Type:  task | Status:  closed
 Priority:  Very High|  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:  fixed
 Keywords:  TorBrowserTeam201805R, ff60-esr  |  Actual Points:
Parent ID:  #25741   | Points:
 Reviewer:   |Sponsor:
-+-
Changes (by gk):

 * status:  needs_review => closed
 * resolution:   => fixed


Comment:

 Replying to [comment:45 arthuredelstein]:
 > > > > Why is `browser_permissions.js` suddenly deleted?
 > > > > You are adding `^M` characters to `test_permmanager_defaults.js`
 when doing changes.
 > > >
 > > > Fixed (I have rebased the existing Permissions patch for now.)
 > >
 > > I still see those characters. I think you can get rid of them by
 converting that file using `dos2unix` or some similar tool.
 >
 > I'm not seeing the characters -- maybe I'm missing something? The new
 commit is fe68460a72cddd936a5a313a2f986bafd9e7e7ef

 I see those by doing `git show -p -1
 extensions/cookie/test/unit/test_permmanager_defaults.js`. The problem
 seems actually to be that the patch for bug 1421992 is causing this. Thus,
 if Mozilla thinks this is okay, then be it so.

 This looks fine to me now. I added just one fixup commit to remove a
 superfluous newline that got added during the last revision and pushed
 `tor-browser-60.0.1esr-8.0-1` to our `tor-browser` repo. \o/

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #25926 [Metrics/Website]: "The anonymous Internet" page on metrics has malicious looking links

[Tor Bug Tracker & Wiki]

#25926: "The anonymous Internet" page on metrics has malicious looking links
-+--
 Reporter:  pastly   |  Owner:  metrics-team
 Type:  defect   | Status:  closed
 Priority:  High |  Milestone:
Component:  Metrics/Website  |Version:
 Severity:  Major| Resolution:  fixed
 Keywords:   |  Actual Points:
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+--
Changes (by karsten):

 * status:  needs_information => closed
 * resolution:   => fixed


Comment:

 There, put the ''updated'' link back to the page. Let's discuss moving the
 link elsewhere on #24422. Closing. Thanks for all the input!

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #25926 [Metrics/Website]: "The anonymous Internet" page on metrics has malicious looking links

[Tor Bug Tracker & Wiki]

#25926: "The anonymous Internet" page on metrics has malicious looking links
-+---
 Reporter:  pastly   |  Owner:  metrics-team
 Type:  defect   | Status:  needs_information
 Priority:  High |  Milestone:
Component:  Metrics/Website  |Version:
 Severity:  Major| Resolution:
 Keywords:   |  Actual Points:
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+---

Comment (by karsten):

 I'm open to the idea of moving this page to another area of the website.
 When we added the page, those other areas of the website did not exist,
 and it made ''some'' sense to create link pages just as we had graph pages
 or table pages. But we should reconsider this, now that the website has
 evolved quite a bit. Do you mind doing that as part of #24422?

 I'm now going to put the link back, but without the archived version.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #26212 [Applications/Tor Browser]: Use digital signature verification to prevent modification of omni.ja

[Tor Bug Tracker & Wiki]

#26212: Use digital signature verification to prevent modification of omni.ja
--+--
 Reporter:  indigotime|  Owner:  tbb-team
 Type:  enhancement   | Status:  new
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:
 Keywords:|  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+--
Changes (by Dbryrtfbcbhgf):

 * severity:  Major => Normal


Comment:

 omni.ja is contained inside the signed torprowser.app , if it is modified
 then PGP signature will become invalid.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #26132 [Metrics/Relay Search]: Fix the Expires header on relay search

[Tor Bug Tracker & Wiki]

#26132: Fix the Expires header on relay search
--+---
 Reporter:  teor  |  Owner:  irl
 Type:  defect| Status:  needs_information
 Priority:  Medium|  Milestone:
Component:  Metrics/Relay Search  |Version:
 Severity:  Normal| Resolution:
 Keywords:|  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+---

Comment (by teor):

 Replying to [comment:2 irl]:
 > Data on relay search comes from Onionoo, which uses the `Cache-Control:
 max-age=` directive to instruct caches that data is stale after 15
 minutes.
 >
 > The `rs.html` page only changes when I make changes to it, it's not
 dynamically generated. I do see the `Expires:` header though and from some
 quick reading this appears to be added by Jetty and is not something we've
 done deliberately.
 >
 > What browser is it you're using? Maybe it has broken caching. I'm
 attempting to reproduce in Firefox just now.

 iOS MobileSafari. It tends to cache aggressively (particularly when its
 using mobile data?). And it might have broken caching in some edge cases.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #26132 [Metrics/Relay Search]: Fix the Expires header on relay search

[Tor Bug Tracker & Wiki]

#26132: Fix the Expires header on relay search
--+---
 Reporter:  teor  |  Owner:  irl
 Type:  defect| Status:  needs_information
 Priority:  Medium|  Milestone:
Component:  Metrics/Relay Search  |Version:
 Severity:  Normal| Resolution:
 Keywords:|  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+---
Changes (by irl):

 * status:  accepted => needs_information


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #26073 [Applications/Tor Browser]: patch tor-browser-build.git for Firefox 60 ESR

[Tor Bug Tracker & Wiki]

#26073: patch tor-browser-build.git for Firefox 60 ESR
+--
 Reporter:  arthuredelstein |  Owner:  tbb-team
 Type:  defect  | Status:  needs_review
 Priority:  Very High   |  Milestone:
Component:  Applications/Tor Browser|Version:
 Severity:  Normal  | Resolution:
 Keywords:  TorBrowserTeam201805, ff60-esr  |  Actual Points:
Parent ID:  | Points:
 Reviewer:  |Sponsor:
+--

Comment (by sukhbir):

 Here is the error log when building Tor Browser using the latest commit
 60.0.1esr (set -x output):

 {{{
 + rm -f precomplete
 + python /var/tmp/tmp.VlhW2i4ozE/mar-tools/createprecomplete.py
 + popd
 ~
 + cd /var/tmp/dist/tor-browser
 + MAR_FILE=tor-browser-linux64-8.0a7_en-US.mar
 + MAR=/var/tmp/tmp.VlhW2i4ozE/mar-tools/mar
 + MBSDIFF=/var/tmp/tmp.VlhW2i4ozE/mar-tools/mbsdiff
 + /var/tmp/tmp.VlhW2i4ozE/mar-tools/make_full_update.sh -q
 /var/tmp/tmp.lSy2JiVd4y/tor-browser-8.0a7-linux-x86_64-682b20/tor-browser-
 linux64-8.0a7_en-US.mar /var/tmp/dist/tor-browser/tor-browser_en-
 US/Browser
 /var/tmp/dist/tor-browser/tor-browser_en-US/Browser /var/tmp/dist/tor-
 browser
 }}}

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #26132 [Metrics/Relay Search]: Fix the Expires header on relay search

[Tor Bug Tracker & Wiki]

#26132: Fix the Expires header on relay search
--+--
 Reporter:  teor  |  Owner:  irl
 Type:  defect| Status:  accepted
 Priority:  Medium|  Milestone:
Component:  Metrics/Relay Search  |Version:
 Severity:  Normal| Resolution:
 Keywords:|  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+--

Comment (by irl):

 I've not been able to reproduce this in Firefox. Onionoo queries are
 repeated after 15 minutes without a refresh of the `rs.html` page.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #26212 [Applications/Tor Browser]: Use digital signature verification to prevent modification of omni.ja (was: Use digital signature to prevent modification of omni.ja)

[Tor Bug Tracker & Wiki]

#26212: Use digital signature verification to prevent modification of omni.ja
--+--
 Reporter:  indigotime|  Owner:  tbb-team
 Type:  enhancement   | Status:  new
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Major | Resolution:
 Keywords:|  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+--

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #25403 [Metrics/Website]: Create jsp with bgp documentation

[Tor Bug Tracker & Wiki]

#25403: Create jsp with bgp documentation
-+
 Reporter:  iwakeh   |  Owner:  metrics-team
 Type:  enhancement  | Status:  needs_revision
 Priority:  Medium   |  Milestone:
Component:  Metrics/Website  |Version:
 Severity:  Normal   | Resolution:
 Keywords:   |  Actual Points:
Parent ID:  #24229   | Points:
 Reviewer:   |Sponsor:
-+

Comment (by irl):

 Replying to [comment:8 iwakeh]:
 > So, actually this could be considered done as soon as the paths (cf.
 comment:5) are updated and the design fine-tuning is part of #25404?

 That sounds good to me. Sorry for taking a while to respond to this
 question.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #25926 [Metrics/Website]: "The anonymous Internet" page on metrics has malicious looking links

[Tor Bug Tracker & Wiki]

#25926: "The anonymous Internet" page on metrics has malicious looking links
-+---
 Reporter:  pastly   |  Owner:  metrics-team
 Type:  defect   | Status:  needs_information
 Priority:  High |  Milestone:
Component:  Metrics/Website  |Version:
 Severity:  Major| Resolution:
 Keywords:   |  Actual Points:
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+---

Comment (by irl):

 When I was looking at this for #24422, I was considering moving this to
 another area of the website to make it clear that this is external and not
 part of Tor Metrics. We can add a disclaimer there that we are not
 responsible for the content of external websites. As the website was
 restored, it is clearly something that is "maintained" and so there is no
 need here to link to an archived version in my opinion.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #26132 [Metrics/Relay Search]: Fix the Expires header on relay search

[Tor Bug Tracker & Wiki]

#26132: Fix the Expires header on relay search
--+--
 Reporter:  teor  |  Owner:  irl
 Type:  defect| Status:  accepted
 Priority:  Medium|  Milestone:
Component:  Metrics/Relay Search  |Version:
 Severity:  Normal| Resolution:
 Keywords:|  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+--
Changes (by irl):

 * cc: metrics-team (added)


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #26132 [Metrics/Relay Search]: Fix the Expires header on relay search

[Tor Bug Tracker & Wiki]

#26132: Fix the Expires header on relay search
--+--
 Reporter:  teor  |  Owner:  metrics-team
 Type:  defect| Status:  new
 Priority:  Medium|  Milestone:
Component:  Metrics/Relay Search  |Version:
 Severity:  Normal| Resolution:
 Keywords:|  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+--

Comment (by irl):

 Data on relay search comes from Onionoo, which uses the `Cache-Control:
 max-age=` directive to instruct caches that data is stale after 15
 minutes.

 The `rs.html` page only changes when I make changes to it, it's not
 dynamically generated. I do see the `Expires:` header though and from some
 quick reading this appears to be added by Jetty and is not something we've
 done deliberately.

 What browser is it you're using? Maybe it has broken caching. I'm
 attempting to reproduce in Firefox just now.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #26132 [Metrics/Relay Search]: Fix the Expires header on relay search

[Tor Bug Tracker & Wiki]

#26132: Fix the Expires header on relay search
--+--
 Reporter:  teor  |  Owner:  irl
 Type:  defect| Status:  accepted
 Priority:  Medium|  Milestone:
Component:  Metrics/Relay Search  |Version:
 Severity:  Normal| Resolution:
 Keywords:|  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+--
Changes (by irl):

 * owner:  metrics-team => irl
 * status:  new => accepted


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #7027 [Core Tor/Tor]: Defend against Website Traffic Fingerprinting

[Tor Bug Tracker & Wiki]

#7027: Defend against Website Traffic Fingerprinting
-+-
 Reporter:  mikeperry|  Owner:  (none)
 Type:  enhancement  | Status:  new
 Priority:  High |  Milestone:  Tor:
 |  unspecified
Component:  Core Tor/Tor |Version:
 Severity:  Normal   | Resolution:
 Keywords:  SponsorZ-large tor-client traffic-   |  Actual Points:
  analysis research-program  |
Parent ID:   | Points:  parent
 Reviewer:   |Sponsor:
-+-

Comment (by indigotime):

 Probably, something like this addon https://addons.mozilla.org/en-
 US/firefox/addon/mystique-ff/ will help to defend against traffic
 fingerprinting...

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] [Tor Bug Tracker & Wiki] Batch modify: #20351, #20224

[Tor Bug Tracker & Wiki]

Batch modification to #20351, #20224 by iwakeh:
milestone to CollecTor 1.7.0

Comment:
Moved to new milestone.

--
Tickets URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #19506 [Core Tor/Tor]: Tool to inspect id signing certs (was: missing a tool to inspect id signing certs)

[Tor Bug Tracker & Wiki]

#19506: Tool to inspect id signing certs
-+-
 Reporter:  weasel   |  Owner:  rl1987
 Type:  enhancement  | Status:
 |  accepted
 Priority:  High |  Milestone:  Tor:
 |  unspecified
Component:  Core Tor/Tor |Version:  Tor:
 |  0.2.8.4-rc
 Severity:  Normal   | Resolution:
 Keywords:  ed25519 tor-relay monitor tooling|  Actual Points:
  admin-tools|
Parent ID:   | Points:  2
 Reviewer:   |Sponsor:
-+-
Changes (by rl1987):

 * owner:  (none) => rl1987
 * status:  new => accepted
 * type:  defect => enhancement


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #25848 [Metrics/Onionoo]: Replace Gson with Jackson in Onionoo

[Tor Bug Tracker & Wiki]

#25848: Replace Gson with Jackson in Onionoo
-+-
 Reporter:  iwakeh   |  Owner:  karsten
 Type:  enhancement  | Status:  merge_ready
 Priority:  High |  Milestone:
Component:  Metrics/Onionoo  |Version:
 Severity:  Normal   | Resolution:
 Keywords:   |  Actual Points:
Parent ID:  #25815   | Points:
 Reviewer:   |Sponsor:
-+-
Changes (by iwakeh):

 * status:  needs_review => merge_ready


Comment:

 Looks fine and passes all checks & tests.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #26211 [Core Tor/Tor]: torspec update for GETINFO md/all

[Tor Bug Tracker & Wiki]

#26211: torspec update for GETINFO md/all
--+
 Reporter:  rl1987|  Owner:  (none)
 Type:  defect| Status:
  |  needs_review
 Priority:  Medium|  Milestone:  Tor:
  |  0.3.5.x-final
Component:  Core Tor/Tor  |Version:
 Severity:  Normal| Resolution:
 Keywords:  tor-client tor-control microdesc  |  Actual Points:
Parent ID:  #8323 | Points:
 Reviewer:|Sponsor:
--+
Changes (by rl1987):

 * status:  new => needs_review


Comment:

 https://github.com/torproject/torspec/pull/12

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #23840 [Community/Tor Support]: Google's reCAPTCHA fails 100%

[Tor Bug Tracker & Wiki]

#23840: Google's reCAPTCHA fails 100%
+--
 Reporter:  cypherpunks |  Owner:  hiro
 Type:  defect  | Status:  reopened
 Priority:  Immediate   |  Milestone:
Component:  Community/Tor Support   |Version:
 Severity:  Blocker | Resolution:
 Keywords:  cloudflare,google,captcha,noscript  |  Actual Points:
Parent ID:  #18361  | Points:
 Reviewer:  |Sponsor:
+--

Comment (by indigotime):

 >NetworkError: Failed to load worker script at
 https://www.gstatic.com/recaptcha/api2/v1526884278587/recaptcha__en.js
 (nsresult = 0x805e0006) 1 webworker.js:1

 recaptcha__en.js should be delivered locally to prevent this error.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #26212 [Applications/Tor Browser]: Use digital signature to prevent modification of omni.ja

[Tor Bug Tracker & Wiki]

#26212: Use digital signature to prevent modification of omni.ja
--+--
 Reporter:  indigotime|  Owner:  tbb-team
 Type:  enhancement   | Status:  new
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Major |   Keywords:
Actual Points:|  Parent ID:
   Points:|   Reviewer:
  Sponsor:|
--+--
 Since omni.ja is an ordinary zip archive, anyone can easily inject a
 backdoor into it and redistribute modified version of Tor Browser. So,
 it's need to use digital signature to prevent modification of both omni.ja
 files.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #26211 [Core Tor/Tor]: torspec update for GETINFO md/all

[Tor Bug Tracker & Wiki]

#26211: torspec update for GETINFO md/all
+--
 Reporter:  rl1987  |  Owner:  (none)
 Type:  defect  | Status:  new
 Priority:  Medium  |  Milestone:  Tor: 0.3.5.x-final
Component:  Core|Version:
  Tor/Tor   |
 Severity:  Normal  |   Keywords:  tor-client tor-control microdesc
Actual Points:  |  Parent ID:  #8323
   Points:  |   Reviewer:
  Sponsor:  |
+--


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #26210 [Core Tor/Stem]: Stem test for GETINFO md/all

[Tor Bug Tracker & Wiki]

#26210: Stem test for GETINFO md/all
+--
 Reporter:  rl1987  |  Owner:  atagar
 Type:  defect  | Status:  new
 Priority:  Medium  |  Milestone:  Tor: 0.3.5.x-final
Component:  Core|Version:
  Tor/Stem  |
 Severity:  Normal  |   Keywords:  tor-client tor-control microdesc
Actual Points:  |  Parent ID:  #8323
   Points:  |   Reviewer:
  Sponsor:  |
+--


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs