Re: [tor-bugs] #16821 [Core Tor/Tor]: additional /var/run/tor/log default log

[Tor Bug Tracker & Wiki]

#16821: additional /var/run/tor/log default log
+--
 Reporter:  proper  |  Owner:  (none)
 Type:  enhancement | Status:  new
 Priority:  Low |  Milestone:  Tor:
|  unspecified
Component:  Core Tor/Tor|Version:
 Severity:  Normal  | Resolution:
 Keywords:  downstream, logging, tor-relay  |  Actual Points:
Parent ID:  | Points:
 Reviewer:  |Sponsor:
+--

Comment (by weasel):

 The Debian package logs to syslog nowadays.  I don't think that'll change.
 So if this is just a bug for the Debian package, then a) it's in the wrong
 place and b) it should be closed.

 If it's just for upstream, then keep it around if you want.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #16821 [Core Tor/Tor]: additional /var/run/tor/log default log

[Tor Bug Tracker & Wiki]

#16821: additional /var/run/tor/log default log
+--
 Reporter:  proper  |  Owner:  (none)
 Type:  enhancement | Status:  new
 Priority:  Low |  Milestone:  Tor:
|  unspecified
Component:  Core Tor/Tor|Version:
 Severity:  Normal  | Resolution:
 Keywords:  downstream, logging, tor-relay  |  Actual Points:
Parent ID:  | Points:
 Reviewer:  |Sponsor:
+--

Comment (by adrelanos):

 Makes sense. By that logic I think {{{Log notice file /var/log/tor/log}}}
 should be removed from Tor upstream but kept by the Tor Debian package.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #26817 [Core Tor/Tor]: Use NSS for DH

[Tor Bug Tracker & Wiki]

#26817: Use NSS for DH
-+-
 Reporter:  nickm|  Owner:  nickm
 Type:  enhancement  | Status:
 |  needs_review
 Priority:  Medium   |  Milestone:  Tor:
 |  0.3.5.x-final
Component:  Core Tor/Tor |Version:
 Severity:  Normal   | Resolution:
 Keywords:  035-roadmap-subticket, 035-triaged-  |  Actual Points:
  in-20180711|
Parent ID:  #26631   | Points:
 Reviewer:  catalyst |Sponsor:
 |  Sponsor8-can
-+-

Comment (by catalyst):

 Replying to [comment:7 nickm]:
 > For CI purposes I've made a squashed and merged branch as
 `nss_dh_squashed_merged`. PR at https://github.com/torproject/tor/pull/258
 . It includes this branch, and both of the branches it is based on.
 Thanks! Looks good so far. I've looked at all of the commits and nothing
 sticks out as obviously wrong. I want to try to check the memory
 management more closely in a few places if I can, though.

 It looks like the `SSL_SignatureMaxCount()` prototype warning is still
 there. (Probably needs a warning disabled in
 src/lib/crypt_ops/crypto_nss_mgt.c.) Also the Rust build fails during
 `make check` due to a duplication of
 src/lib/crypt_ops/crypto_openssl_mgt.c in
 `src_lib_libtor_crypt_ops_a_SOURCES`.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #26701 [Core Tor/sbws]: Optionally cleanup old v3bw files

[Tor Bug Tracker & Wiki]

#26701: Optionally cleanup old v3bw files
---+-
 Reporter:  pastly |  Owner:  juga
 Type:  defect | Status:  closed
 Priority:  Medium |  Milestone:  sbws 1.0 (MVP must)
Component:  Core Tor/sbws  |Version:
 Severity:  Normal | Resolution:  implemented
 Keywords: |  Actual Points:
Parent ID: | Points:
 Reviewer: |Sponsor:
---+-
Changes (by pastly):

 * status:  needs_review => closed
 * resolution:   => implemented


Comment:

 Merged in bddbf47..920d388

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #27022 [Webpages/Website]: Please change contact/apply email in new job postings (for bookkeeper, grant writer, and grants manager)

[Tor Bug Tracker & Wiki]

#27022: Please change contact/apply email in new job postings (for bookkeeper,
grant writer, and grants manager)
--+
 Reporter:  ewyatt|  Owner:  (none)
 Type:  task  | Status:  new
 Priority:  Very High |  Milestone:
Component:  Webpages/Website  |Version:
 Severity:  Normal|   Keywords:
Actual Points:|  Parent ID:
   Points:|   Reviewer:
  Sponsor:|
--+
 {{{
 -BEGIN PGP SIGNED MESSAGE-
 Hash: SHA512


 Please change the “to apply” email addresses in these new job postings, as
 follows:

 Bookkeeper/Payroll Specialist — from “hr at torproject dot org” to “job-
 bookkeeper at torproject dot org”
 Grants Manager — “hr at torproject dot org” to “job-grantsmanager at
 torproject dot org”
 Grant Writer — “hr at torproject dot org” to “job-grantwriter at
 torproject dot org”

 Thank you!

 -BEGIN PGP SIGNATURE-
 Comment: GPGTools - https://gpgtools.org

 iQIzBAEBCgAdFiEENecqn2ZVRfkstmYkugyUAPgPkc4FAltiPjoACgkQugyUAPgP
 kc7S1BAAlnsdM25OPiCSuhcsoSJlPFj3Akqmqp9RbNTJHrifA24nobCfAfaNFVT1
 +xeFNWgpLTf1ie7rKgd8yMLcsNn5KV9Qjfuv1T4lRxkNuiBvbcIdBXhXi+GkSMzJ
 DhgmiAVezy1La9qP5aVe0RdmdJhZCqitKKxfpswVxVR7uAuyxL5j+IHovkYM8Nni
 J3TIjyIBpN337l7Ha91KMcIRVMcNTY7XkLtMqpDiqLLG5eGQvg0WLStypRFhslLp
 vSy43Iz2PpVFK3mOEipdMSEedN8K8gTATccd0TSfyHcIPz/UPQmAn+6YwMMAUlDw
 K8NQGMCoNxW0cHiq8mdW//OlEGsPHduTbxvJSURS1Fi+VtNKC0aG+oTPjKaAjfE7
 8UK37TTZCXfYvD7uLnjxHGpt/3scgqNClQjKR8Vu5BmNuHPdx2m9tFjD9tRSIAks
 +pljIcPAmfwdgHnc4rttn4oJwqYXGa6uLHfisMxe6W9dJWvO3mLB2NdfguhXn5i4
 m7x/OaKP09X6gNDI2sEKUwyl0aZZVzrSevMzaRqH5MFdrSw6ZB/ekKmpJ4xrtPZI
 Xnsd1n3d5SlMHijQnF1ruHRWZTO4ZvCElSmsIFs2UIrIrt6f/F4wkcQrj1rhsqTk
 nr02l1+fmGUA0LK9Le2fKSJZxPy2qhy+Sp7z4/yFbBhILa17F6c=
 =9N54
 -END PGP SIGNATURE-
 }}}

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #27016 [Applications/Tor Browser]: TBA: Audit thirdparty picasso

[Tor Bug Tracker & Wiki]

#27016: TBA: Audit thirdparty picasso
--+--
 Reporter:  sysrqb|  Owner:  tbb-team
 Type:  defect| Status:  new
 Priority:  Very High |  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:
 Keywords:  tbb-mobile, tbb-proxy-bypass  |  Actual Points:
Parent ID:  #25851| Points:
 Reviewer:|Sponsor:
--+--

Comment (by sysrqb):

 This library using the `NetworkInfo` via the `ConnectivityManager` for
 deciding how many background threads it should create for processing.
 Higher bandwidth connections result in more threads. The default is 3, so
 this shouldn't be a problem. The library also registers for network change
 events. We'll probably need to change it so we don't require these Android
 permissions.

 `UrlConnectionDownloader` is the only class that bypasses the proxy, so
 we'll need a patch for that, as well.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #10629 [Obfuscation/Pluggable transport]: PT spec changes for better interoperability with other projects

[Tor Bug Tracker & Wiki]

#10629: PT spec changes for better interoperability with other projects
-+-
 Reporter:  infinity0|  Owner:  yawning
 Type:  enhancement  | Status:  new
 Priority:  Medium   |  Milestone:  Tor:
 |  unspecified
Component:  Obfuscation/Pluggable transport  |Version:
 Severity:  Normal   | Resolution:
 Keywords:  SponsorS, pt-spec, pt-ng, pt-v2, |  Actual Points:
  tor-pt |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-
Changes (by dmr):

 * cc: dmr (added)


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #5483 [Obfuscation/Pluggable transport]: managed pluggable transports should be able to pause Tor's circuit-building?

[Tor Bug Tracker & Wiki]

#5483: managed pluggable transports should be able to pause Tor's circuit-
building?
+-
 Reporter:  arma|  Owner:  asn
 Type:  enhancement | Status:  new
 Priority:  Medium  |  Milestone:
Component:  Obfuscation/Pluggable transport |Version:
 Severity:  Normal  | Resolution:
 Keywords:  needs-tor-change needs-spec-change  |  Actual Points:
Parent ID:  | Points:
 Reviewer:  |Sponsor:
+-
Changes (by dmr):

 * cc: dmr (added)


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #5148 [Obfuscation/Pluggable transport]: SIGHUP managed proxies when logs reopened

[Tor Bug Tracker & Wiki]

#5148: SIGHUP managed proxies when logs reopened
-+-
 Reporter:  twilde   |  Owner:  asn
 Type:  task | Status:  new
 Priority:  Medium   |  Milestone:
Component:  Obfuscation/Pluggable transport  |Version:
 Severity:  Normal   | Resolution:
 Keywords:  needs-spec-change, needs-tor-change  |  Actual Points:
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-
Changes (by dmr):

 * cc: dmr (added)


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #7153 [Obfuscation/Pluggable transport]: Don't require pluggable transport proxies to be SOCKS proxies

[Tor Bug Tracker & Wiki]

#7153: Don't require pluggable transport proxies to be SOCKS proxies
-+-
 Reporter:  karsten  |  Owner:  asn
 Type:  project  | Status:  new
 Priority:  Medium   |  Milestone:
Component:  Obfuscation/Pluggable transport  |Version:
 Severity:  Normal   | Resolution:
 Keywords:  SponsorF20130228, needs-spec-|  Actual Points:
  change, needs-tor-change   |
Parent ID:  #10629   | Points:
 Reviewer:   |Sponsor:
-+-
Changes (by dmr):

 * cc: dmr (added)


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #15213 [Obfuscation/Pluggable transport]: DNS tunneling transport (like iodine, dnscat)

[Tor Bug Tracker & Wiki]

#15213: DNS tunneling transport (like iodine, dnscat)
-+-
 Reporter:  federico3|  Owner:  asn
 Type:  enhancement  | Status:  new
 Priority:  Medium   |  Milestone:
Component:  Obfuscation/Pluggable transport  |Version:
 Severity:  Normal   | Resolution:
 Keywords:  DNS iodine tor tunneling ideas hard  |  Actual Points:
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-
Changes (by dmr):

 * cc: dmr (added)


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #27018 [Applications/Tor Browser]: TBA: Audit thirdparty dspec

[Tor Bug Tracker & Wiki]

#27018: TBA: Audit thirdparty dspec
--+--
 Reporter:  sysrqb|  Owner:  tbb-team
 Type:  defect| Status:  closed
 Priority:  Very High |  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:  fixed
 Keywords:  tbb-mobile, tbb-proxy-bypass  |  Actual Points:
Parent ID:  #25851| Points:
 Reviewer:|Sponsor:
--+--
Changes (by sysrqb):

 * status:  new => closed
 * resolution:   => fixed


Comment:

 This library is proxy-safe. It is only used with the GUI. Also, it is not
 actually used by Fennec, and it is not included by the build system.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #27019 [Applications/Tor Browser]: TBA: Audit thirdparty apache/commons/codec

[Tor Bug Tracker & Wiki]

#27019: TBA: Audit thirdparty apache/commons/codec
--+--
 Reporter:  sysrqb|  Owner:  tbb-team
 Type:  defect| Status:  closed
 Priority:  Very High |  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:  fixed
 Keywords:  tbb-mobile, tbb-proxy-bypass  |  Actual Points:
Parent ID:  #25851| Points:
 Reviewer:|Sponsor:
--+--
Changes (by sysrqb):

 * status:  new => closed
 * resolution:   => fixed


Comment:

 Entire library is parsing and converting strings. No networking logic
 (yes, including under the net/ directory - that is only for safe encoding
 of messages and URLs).

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #26514 [Applications/Tor Browser]: intermittent updater failures on Win64 (Error 19)

[Tor Bug Tracker & Wiki]

#26514: intermittent updater failures on Win64 (Error 19)
--+--
 Reporter:  mcs   |  Owner:  tbb-team
 Type:  defect| Status:  new
 Priority:  Very High |  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:
 Keywords:  TorBrowserTeam201808  |  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+--

Comment (by mcs):

 Replying to [comment:17 gk]:
 > I don't know how to get a shell within the container during the build.
 What I usually do if I need to get at preprocessed files is compile with
 `-save-temps` and do a `exit 1` after the compilation step making sure I
 get a debug shell.

 Very helpful; thanks! I used `-save-temps` and have now placed a portion
 of the build tree here:
 https://people.torproject.org/~mcs/volatile/bug-26514/

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #27021 [Core Tor/Tor]: do not take self advertised bandwidth into account

[Tor Bug Tracker & Wiki]

#27021: do not take self advertised bandwidth into account
--+---
 Reporter:  toralf|  Owner:  (none)
 Type:  defect| Status:  closed
 Priority:  Medium|  Milestone:
Component:  Core Tor/Tor  |Version:
 Severity:  Normal| Resolution:  duplicate
 Keywords:|  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+---
Changes (by arma):

 * status:  new => closed
 * resolution:   => duplicate


Comment:

 Closing as a duplicate of #17810, per discussion with toralf and pastly

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #27021 [Core Tor/Tor]: do not take self advertised bandwidth into account

[Tor Bug Tracker & Wiki]

#27021: do not take self advertised bandwidth into account
--+
 Reporter:  toralf|  Owner:  (none)
 Type:  defect| Status:  new
 Priority:  Medium|  Milestone:
Component:  Core Tor/Tor  |Version:
 Severity:  Normal|   Keywords:
Actual Points:|  Parent ID:
   Points:|   Reviewer:
  Sponsor:|
--+
 1. It might result a long-term up and down of relay bw. Imageing a case,
 where for some reason a relay reports a lower traffic. It will get a lower
 weigth which  yields into lower traffic and so on.

 2. It invites people to manipulate the weight of their relays.


 BTW: In IRC there are hints and tipps flying around how and where to
 change the Tor source code to manipulate the transferred traffic.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #27020 [Applications/Tor Browser]: RBM build fails with runc version 1.01

[Tor Bug Tracker & Wiki]

#27020: RBM build fails with runc version 1.01
+--
 Reporter:  pospeselr   |  Owner:  pospeselr
 Type:  defect  | Status:  needs_review
 Priority:  Medium  |  Milestone:
Component:  Applications/Tor Browser|Version:
 Severity:  Normal  | Resolution:
 Keywords:  tbb-rbm, TorBrowserTeam201808R  |  Actual Points:
Parent ID:  | Points:
 Reviewer:  |Sponsor:
+--
Changes (by boklm):

 * keywords:  tbb-rbm, TorBrowserTeam201808 => tbb-rbm,
   TorBrowserTeam201808R


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #27020 [Applications/Tor Browser]: RBM build fails with runc version 1.01

[Tor Bug Tracker & Wiki]

#27020: RBM build fails with runc version 1.01
---+--
 Reporter:  pospeselr  |  Owner:  pospeselr
 Type:  defect | Status:  needs_review
 Priority:  Medium |  Milestone:
Component:  Applications/Tor Browser   |Version:
 Severity:  Normal | Resolution:
 Keywords:  tbb-rbm, TorBrowserTeam201808  |  Actual Points:
Parent ID: | Points:
 Reviewer: |Sponsor:
---+--
Changes (by pospeselr):

 * status:  needs_revision => needs_review


Comment:

 Updated patch to set the flag for versions greater than 1.0.0:

 https://gitweb.torproject.org/user/richard/tor-browser-
 build.git/commit/?h=bug_27020

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #27011 [Internal Services/Service - trac]: Remove 'Core Tor -> Erebus' component?

[Tor Bug Tracker & Wiki]

#27011: Remove 'Core Tor -> Erebus' component?
--+-
 Reporter:  arma  |  Owner:  qbi
 Type:  enhancement   | Status:  new
 Priority:  Medium|  Milestone:
Component:  Internal Services/Service - trac  |Version:
 Severity:  Normal| Resolution:
 Keywords:|  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+-

Comment (by atagar):

 Hi Roger, fine with me. I might resurrect the project idea at some point,
 but that's not on the near term horizon and we can always trivially re-add
 the trac component.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #27017 [Applications/Tor Browser]: TBA: Audit thirdparty json

[Tor Bug Tracker & Wiki]

#27017: TBA: Audit thirdparty json
--+--
 Reporter:  sysrqb|  Owner:  tbb-team
 Type:  defect| Status:  closed
 Priority:  Very High |  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:  fixed
 Keywords:  tbb-mobile, tbb-proxy-bypass  |  Actual Points:
Parent ID:  #25851| Points:
 Reviewer:|Sponsor:
--+--
Changes (by sysrqb):

 * status:  new => closed
 * resolution:   => fixed


Comment:

 This library is all parsing and conversion. There isn't any networking
 code here.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #27020 [Applications/Tor Browser]: RBM build fails with runc version 1.01

[Tor Bug Tracker & Wiki]

#27020: RBM build fails with runc version 1.01
---+---
 Reporter:  pospeselr  |  Owner:  pospeselr
 Type:  defect | Status:
   |  needs_revision
 Priority:  Medium |  Milestone:
Component:  Applications/Tor Browser   |Version:
 Severity:  Normal | Resolution:
 Keywords:  tbb-rbm, TorBrowserTeam201808  |  Actual Points:
Parent ID: | Points:
 Reviewer: |Sponsor:
---+---
Changes (by boklm):

 * cc: tbb-team (added)


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #27015 [Applications/Tor Browser]: TBA: Audit thirdparty leakcanary

[Tor Bug Tracker & Wiki]

#27015: TBA: Audit thirdparty leakcanary
--+--
 Reporter:  sysrqb|  Owner:  tbb-team
 Type:  defect| Status:  closed
 Priority:  Very High |  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:  fixed
 Keywords:  tbb-mobile, tbb-proxy-bypass  |  Actual Points:
Parent ID:  #25851| Points:
 Reviewer:|Sponsor:
--+--
Changes (by sysrqb):

 * status:  new => closed
 * resolution:   => fixed


Comment:

 These no-op imported files. Gradle downloads and includes the actual
 library in developer builds, but officials (and `mach`) builds do not
 include this.

 {{{
 // Include LeakCanary in local builds, but not in official builds.
 Mach
 // builds target the official audience, so LeakCanary will not be
 included
 // in any Mach build.
 }}}

 https://gitweb.torproject.org/tor-
 browser.git/tree/mobile/android/app/build.gradle?h=tor-
 browser-60.1.0esr-8.0-1#n248

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #27020 [Applications/Tor Browser]: RBM build fails with runc version 1.01

[Tor Bug Tracker & Wiki]

#27020: RBM build fails with runc version 1.01
---+---
 Reporter:  pospeselr  |  Owner:  pospeselr
 Type:  defect | Status:
   |  needs_revision
 Priority:  Medium |  Milestone:
Component:  Applications/Tor Browser   |Version:
 Severity:  Normal | Resolution:
 Keywords:  tbb-rbm, TorBrowserTeam201808  |  Actual Points:
Parent ID: | Points:
 Reviewer: |Sponsor:
---+---
Changes (by boklm):

 * keywords:   => tbb-rbm, TorBrowserTeam201808
 * component:  Applications/rbm => Applications/Tor Browser


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #27020 [Applications/rbm]: RBM build fails with runc version 1.01

[Tor Bug Tracker & Wiki]

#27020: RBM build fails with runc version 1.01
--+
 Reporter:  pospeselr |  Owner:  pospeselr
 Type:  defect| Status:  needs_revision
 Priority:  Medium|  Milestone:
Component:  Applications/rbm  |Version:
 Severity:  Normal| Resolution:
 Keywords:|  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+
Changes (by boklm):

 * status:  needs_review => needs_revision


Comment:

 Replying to [comment:2 pospeselr]:
 > Patch with the newest runc version string:
 >
 > https://gitweb.torproject.org/user/richard/tor-browser-
 build.git/commit/?h=bug_27020

 Some comments about the patch:
 * there is a typo in the commit message: currenetly
 * we should add `\` before the dots in `1.0.1`
 * maybe we should match `1\.0\.\d` so that we don't need to update it when
 there is a version `1.0.2`.
 * we should also update the comment that currently says `runc_spec100 is
 true if runc spec is exactly 1.0.0`

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #26136 [Core Tor/Tor]: DirPort reachability test inconsistency when only "DirPort x.x.x.x:x NoAdvertise" configured

[Tor Bug Tracker & Wiki]

#26136: DirPort reachability test inconsistency when only "DirPort x.x.x.x:x
NoAdvertise" configured
--+--
 Reporter:  starlight |  Owner:  (none)
 Type:  defect| Status:  new
 Priority:  Medium|  Milestone:  Tor: unspecified
Component:  Core Tor/Tor  |Version:  Tor: unspecified
 Severity:  Normal| Resolution:
 Keywords:|  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+--

Comment (by toralf):

 FWIW I got a similar warning at a stable Debian with a Tor relay 0.3.39
 configured as a bridge.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #27014 [Applications/Tor Browser]: TBA: Audit thirdparty disklrucache

[Tor Bug Tracker & Wiki]

#27014: TBA: Audit thirdparty disklrucache
--+--
 Reporter:  sysrqb|  Owner:  tbb-team
 Type:  defect| Status:  closed
 Priority:  Very High |  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:  fixed
 Keywords:  tbb-mobile, tbb-proxy-bypass  |  Actual Points:
Parent ID:  #25851| Points:
 Reviewer:|Sponsor:
--+--
Changes (by sysrqb):

 * status:  new => closed
 * resolution:   => fixed


Comment:

 This is proxy safe. It creates a cache locally (the browser creates it in
 `context.getCacheDir()`). This is only used for storing/caching icons
 (favicons, touch icons, etc). We should consider whether we want this
 caching layer at all. I'm thinking we don't.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #25485 [Applications/Tor Browser]: Browser/TorBrowser/Tor/libstdc++.so.6: version `CXXABI_1.3.11' not found (required by /usr/lib/x86_64-linux-gnu/libmirclient.so.9)

[Tor Bug Tracker & Wiki]

#25485: Browser/TorBrowser/Tor/libstdc++.so.6: version `CXXABI_1.3.11' not found
(required by /usr/lib/x86_64-linux-gnu/libmirclient.so.9)
+--
 Reporter:  cypherpunks |  Owner:  tbb-team
 Type:  defect  | Status:
|  needs_revision
 Priority:  Very High   |  Milestone:
Component:  Applications/Tor Browser|Version:
 Severity:  Normal  | Resolution:
 Keywords:  ff60-esr, TorBrowserTeam201808  |  Actual Points:
Parent ID:  | Points:
 Reviewer:  |Sponsor:
+--

Comment (by boklm):

 Replying to [comment:23 boklm]:
 > Replying to [comment:19 sukhbir]:
 > > So the question then is that if it's not `strings`, then what would be
 a good way of finding out the installed version of libstdc++ to compare
 with the bundled version? Would parsing the `readelf` output be a better
 fit?
 >
 > Maybe we could build a small c++ program linked with our libstdc++ and
 using the latest CXXABI. If running this program from `start-tor-browser`
 fails then we know that we need to add our libstdc++ to `LD_LIBRARY_PATH`.

 To make a small program using `GLIBCXX_3.4.22`, we need to use some
 function that was added with this version. We can find that by looking in
 the file `libstdc++-v3/config/abi/pre/gnu.ver` from gcc sources:
 https://github.com/gcc-mirror/gcc/blob/gcc-
 6_4_0-release/libstdc%2B%2B-v3/config/abi/pre/gnu.ver#L1869

 It seems that `std::uncaught_exception()` is one of them. So we could use
 the example code from this page:
 https://en.cppreference.com/w/cpp/error/uncaught_exception

 {{{
 #include 
 #include 
 #include 

 struct Foo {
 int count = std::uncaught_exceptions();
 ~Foo() {
 std::cout << (count == std::uncaught_exceptions()
 ? "~Foo() called normally\n"
 : "~Foo() called during stack unwinding\n");
 }
 };
 int main()
 {
 Foo f;
 try {
 Foo f;
 std::cout << "Exception thrown\n";
 throw std::runtime_error("test exception");
 } catch (const std::exception& e) {
 std::cout << "Exception caught: " << e.what() << '\n';
 }
 }
 }}}

 When I build this program using gcc 6.4.0, and I try to run it using my
 system's `libstdc++.so.6`, it fails with:
 {{{
 $ ./out/test/a.out
 ./out/test/a.out: /usr/lib/x86_64-linux-gnu/libstdc++.so.6: version
 `GLIBCXX_3.4.22' not found (required by ./out/test/a.out)
 ./out/test/a.out: /usr/lib/x86_64-linux-gnu/libstdc++.so.6: version
 `GLIBCXX_3.4.21' not found (required by ./out/test/a.out)
 }}}

 But it works if I add Tor Browser's `libstdc++.so.6` to `LD_LIBRARY_PATH`.

 So we could run this small program from `start-tor-browser` to check if
 the system provides a recent `libstdc++.so.6`, and only if it fails add
 our version to `LD_LIBRARY_PATH`.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #26873 [Core Tor]: FTBFS on GNU/Hurd: no PATH_MAX

[Tor Bug Tracker & Wiki]

#26873: FTBFS on GNU/Hurd: no PATH_MAX
---+---
 Reporter:  paulusASol |  Owner:  (none)
 Type:  defect | Status:  closed
 Priority:  Medium |  Milestone:  Tor:
   |  0.3.3.x-final
Component:  Core Tor   |Version:
 Severity:  Normal | Resolution:  fixed
 Keywords:  033-backport 034-backport  |  Actual Points:
Parent ID: | Points:
 Reviewer:  nickm  |Sponsor:
---+---
Changes (by nickm):

 * status:  needs_review => closed
 * resolution:   => fixed
 * milestone:  Tor: 0.3.5.x-final => Tor: 0.3.3.x-final


Comment:

 This looks good to me, and it doesn't seem to break anything.  Merged to
 0.3.3 and forward.  Thank you for the patch!

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #27013 [Applications/Tor Browser]: TBA: Audit thirdparty selfbraille

[Tor Bug Tracker & Wiki]

#27013: TBA: Audit thirdparty selfbraille
--+--
 Reporter:  sysrqb|  Owner:  tbb-team
 Type:  defect| Status:  needs_review
 Priority:  Very High |  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:
 Keywords:  tbb-mobile, tbb-proxy-bypass  |  Actual Points:
Parent ID:  #25851| Points:
 Reviewer:|Sponsor:
--+--
Changes (by sysrqb):

 * status:  new => needs_review


Comment:

 This library creates a Binder IPC with the `BrailleBack` app
 (`com.googlecode.eyesfree.brailleback`). It verifies the SHA-1 hash of the
 signing key of the app before creating a background service for
 communicating with it.

 This library is probably proxy-safe, but the browser and Android OS (via
 `AccessibilityManager` [0]) **could** send arbitrary data over this IPC so
 `BrailleBack` could bypass the Tor Browser proxy. Currently, I don't see
 this happening. I believe Accessibility events are only sent when focus is
 changed in the app, so I don't see a proxy-bypass right now.

 Any opinions here? Close?

 [0]
 
https://developer.android.com/reference/android/view/accessibility/AccessibilityManager

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #27020 [Applications/rbm]: RBM build fails with runc version 1.01

[Tor Bug Tracker & Wiki]

#27020: RBM build fails with runc version 1.01
--+--
 Reporter:  pospeselr |  Owner:  pospeselr
 Type:  defect| Status:  needs_review
 Priority:  Medium|  Milestone:
Component:  Applications/rbm  |Version:
 Severity:  Normal| Resolution:
 Keywords:|  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+--
Changes (by pospeselr):

 * status:  assigned => needs_review
 * cc: boklm (added)


Comment:

 Patch with the newest runc version string:

 https://gitweb.torproject.org/user/richard/tor-browser-
 build.git/commit/?h=bug_27020

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #26873 [Core Tor]: FTBFS on GNU/Hurd: no PATH_MAX

[Tor Bug Tracker & Wiki]

#26873: FTBFS on GNU/Hurd: no PATH_MAX
---+---
 Reporter:  paulusASol |  Owner:  (none)
 Type:  defect | Status:  needs_review
 Priority:  Medium |  Milestone:  Tor:
   |  0.3.5.x-final
Component:  Core Tor   |Version:
 Severity:  Normal | Resolution:
 Keywords:  033-backport 034-backport  |  Actual Points:
Parent ID: | Points:
 Reviewer:  nickm  |Sponsor:
---+---
Changes (by nickm):

 * reviewer:   => nickm


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #27020 [Applications/rbm]: RBM build fails with runc version 1.01

[Tor Bug Tracker & Wiki]

#27020: RBM build fails with runc version 1.01
--+---
 Reporter:  pospeselr |  Owner:  pospeselr
 Type:  defect| Status:  assigned
 Priority:  Medium|  Milestone:
Component:  Applications/rbm  |Version:
 Severity:  Normal| Resolution:
 Keywords:|  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+---

Comment (by sukhbir):

 I think the latest version is not supported because of the differences in
 the spec. What's the exact error?

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #27020 [Applications/rbm]: RBM build fails with runc version 1.01

[Tor Bug Tracker & Wiki]

#27020: RBM build fails with runc version 1.01
--+---
 Reporter:  pospeselr |  Owner:  pospeselr
 Type:  defect| Status:  assigned
 Priority:  Medium|  Milestone:
Component:  Applications/rbm  |Version:
 Severity:  Normal|   Keywords:
Actual Points:|  Parent ID:
   Points:|   Reviewer:
  Sponsor:|
--+---
 RBM build fails with latest runc version (1.0.1)

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #27012 [Applications/Tor Browser]: TBA: Audit thirdparty booking

[Tor Bug Tracker & Wiki]

#27012: TBA: Audit thirdparty booking
--+--
 Reporter:  sysrqb|  Owner:  tbb-team
 Type:  defect| Status:  closed
 Priority:  Very High |  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:  fixed
 Keywords:  tbb-mobile, tbb-proxy-bypass  |  Actual Points:
Parent ID:  #25851| Points:
 Reviewer:|Sponsor:
--+--
Changes (by sysrqb):

 * status:  new => closed
 * resolution:   => fixed


Comment:

 Yes, proxy-safe. This third-party library doesn't have any networking
 logic. It is purely providing right-to-left UI support.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #25851 [Applications/Tor Browser]: TBA - Make sure third-party code is proxy safe

[Tor Bug Tracker & Wiki]

#25851: TBA - Make sure third-party code is proxy safe
--+--
 Reporter:  sysrqb|  Owner:  tbb-team
 Type:  defect| Status:  new
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:
 Keywords:  tbb-mobile, tbb-proxy-bypass  |  Actual Points:
Parent ID:  #21863| Points:
 Reviewer:|Sponsor:  Sponsor4
--+--

Comment (by sysrqb):

 Replying to [comment:1 sysrqb]:
 > Code we should audit:
 > {{{
 > $ ls mobile/android/thirdparty/com/
 > adjust  booking  googlecode  jakewharton  leanplum  squareup
 > }}}

 adjust - skip
 booking - #27012
 googlecode - #27013
 jakewharton - #27014
 leanplum - skip
 squareup/leakcanary - #27015
 squareup/picasso - #27016

 > {{{
 > $ ls mobile/android/thirdparty/org/
 > json  lucasr  mozilla
 > }}}

 json - #27017
 lucasr/dspec - #27018
 mozilla/apache/commons/codec - #27019

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #27019 [Applications/Tor Browser]: TBA: Audit thirdparty apache/commons/codec

[Tor Bug Tracker & Wiki]

#27019: TBA: Audit thirdparty apache/commons/codec
-+-
 Reporter:  sysrqb   |  Owner:  tbb-team
 Type:  defect   | Status:  new
 Priority:  Very High|  Milestone:
Component:  Applications/Tor |Version:
  Browser|   Keywords:  tbb-mobile, tbb-proxy-
 Severity:  Normal   |  bypass
Actual Points:   |  Parent ID:  #25851
   Points:   |   Reviewer:
  Sponsor:   |
-+-
 Proxy-safe?
 {{{
 $ ls mobile/android/thirdparty/org/mozilla/apache/commons/codec/
 binary  BinaryEncoder.java  DecoderException.java  digest
 Encoder.java  netpackage.html
 StringEncoderComparator.java
 BinaryDecoder.java  CharEncoding.java   Decoder.java
 EncoderException.java  language  overview.html  StringDecoder.java
 StringEncoder.java
 }}}

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #27018 [Applications/Tor Browser]: TBA: Audit thirdparty dspec

[Tor Bug Tracker & Wiki]

#27018: TBA: Audit thirdparty dspec
-+-
 Reporter:  sysrqb   |  Owner:  tbb-team
 Type:  defect   | Status:  new
 Priority:  Very High|  Milestone:
Component:  Applications/Tor |Version:
  Browser|   Keywords:  tbb-mobile, tbb-proxy-
 Severity:  Normal   |  bypass
Actual Points:   |  Parent ID:  #25851
   Points:   |   Reviewer:
  Sponsor:   |
-+-
 Proxy-safe?
 {{{
 $ ls mobile/android/thirdparty/org/lucasr/dspec/
 DesignSpec.java  RawResource.java
 }}}

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #27017 [Applications/Tor Browser]: TBA: Audit thirdparty json

[Tor Bug Tracker & Wiki]

#27017: TBA: Audit thirdparty json
-+-
 Reporter:  sysrqb   |  Owner:  tbb-team
 Type:  defect   | Status:  new
 Priority:  Very High|  Milestone:
Component:  Applications/Tor |Version:
  Browser|   Keywords:  tbb-mobile, tbb-proxy-
 Severity:  Normal   |  bypass
Actual Points:   |  Parent ID:  #25851
   Points:   |   Reviewer:
  Sponsor:   |
-+-
 Proxy-safe?
 {{{
 $ ls mobile/android/thirdparty/org/json/simple/
 ItemList.java  JSONArray.java  JSONAware.java  JSONObject.java
 JSONStreamAware.java  JSONValue.java  LICENSE.txt  parser
 }}}

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #27016 [Applications/Tor Browser]: TBA: Audit thirdparty picasso

[Tor Bug Tracker & Wiki]

#27016: TBA: Audit thirdparty picasso
-+-
 Reporter:  sysrqb   |  Owner:  tbb-team
 Type:  defect   | Status:  new
 Priority:  Very High|  Milestone:
Component:  Applications/Tor |Version:
  Browser|   Keywords:  tbb-mobile, tbb-proxy-
 Severity:  Normal   |  bypass
Actual Points:   |  Parent ID:  #25851
   Points:   |   Reviewer:
  Sponsor:   |
-+-
 Proxy-safe?
 {{{
 $ ls mobile/android/thirdparty/com/squareup/picasso/
 Action.java ContentStreamBitmapHunter.java
 GetAction.java  PicassoDrawable.javaStats.java
 Utils.java
 AssetBitmapHunter.java  DeferredRequestCreator.java
 ImageViewAction.javaPicassoExecutorService.java
 StatsSnapshot.java
 BitmapHunter.java   Dispatcher.java
 LruCache.java   Picasso.java
 TargetAction.java
 Cache.java  Downloader.java
 MarkableInputStream.javaRequestCreator.java
 Target.java
 Callback.java   FetchAction.java
 MediaStoreBitmapHunter.java Request.java
 Transformation.java
 ContactsPhotoBitmapHunter.java  FileBitmapHunter.java
 NetworkBitmapHunter.javaResourceBitmapHunter.java
 UrlConnectionDownloader.java
 }}}

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #27015 [Applications/Tor Browser]: TBA: Audit thirdparty leakcanary

[Tor Bug Tracker & Wiki]

#27015: TBA: Audit thirdparty leakcanary
-+-
 Reporter:  sysrqb   |  Owner:  tbb-team
 Type:  defect   | Status:  new
 Priority:  Very High|  Milestone:
Component:  Applications/Tor |Version:
  Browser|   Keywords:  tbb-mobile, tbb-proxy-
 Severity:  Normal   |  bypass
Actual Points:   |  Parent ID:  #25851
   Points:   |   Reviewer:
  Sponsor:   |
-+-
 Proxy-safe?
 {{{
 $ ls mobile/android/thirdparty/com/squareup/leakcanary/
 LeakCanary.java  RefWatcher.java
 }}}

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #27014 [Applications/Tor Browser]: TBA: Audit thirdparty disklrucache

[Tor Bug Tracker & Wiki]

#27014: TBA: Audit thirdparty disklrucache
-+-
 Reporter:  sysrqb   |  Owner:  tbb-team
 Type:  defect   | Status:  new
 Priority:  Very High|  Milestone:
Component:  Applications/Tor |Version:
  Browser|   Keywords:  tbb-mobile, tbb-proxy-
 Severity:  Normal   |  bypass
Actual Points:   |  Parent ID:  #25851
   Points:   |   Reviewer:
  Sponsor:   |
-+-
 Proxy-safe?
 {{{
 $ ls mobile/android/thirdparty/com/jakewharton/disklrucache/
 DiskLruCache.java  StrictLineReader.java  Util.java
 }}}

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #27013 [Applications/Tor Browser]: TBA: Audit thirdparty selfbraille

[Tor Bug Tracker & Wiki]

#27013: TBA: Audit thirdparty selfbraille
-+-
 Reporter:  sysrqb   |  Owner:  tbb-team
 Type:  defect   | Status:  new
 Priority:  Very High|  Milestone:
Component:  Applications/Tor |Version:
  Browser|   Keywords:  tbb-mobile, tbb-proxy-
 Severity:  Normal   |  bypass
Actual Points:   |  Parent ID:  #25851
   Points:   |   Reviewer:
  Sponsor:   |
-+-
 Proxy-safe?
 {{{
 $ ls
 mobile/android/thirdparty/com/googlecode/eyesfree/braille/selfbraille/
 ISelfBrailleService.java  SelfBrailleClient.java  WriteData.java
 }}}

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #27012 [Applications/Tor Browser]: TBA: Audit thirdparty booking

[Tor Bug Tracker & Wiki]

#27012: TBA: Audit thirdparty booking
-+-
 Reporter:  sysrqb   |  Owner:  tbb-team
 Type:  defect   | Status:  new
 Priority:  Very High|  Milestone:
Component:  Applications/Tor |Version:
  Browser|   Keywords:  tbb-mobile, tbb-proxy-
 Severity:  Normal   |  bypass
Actual Points:   |  Parent ID:  #25851
   Points:   |   Reviewer:
  Sponsor:   |
-+-
 Proxy-safe?

 {{{
 $ ls mobile/android/thirdparty/com/booking/rtlviewpager/
 PagerAdapterWrapper.java  RtlViewPager.java
 }}}

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #25851 [Applications/Tor Browser]: TBA - Make sure third-party code is proxy safe

[Tor Bug Tracker & Wiki]

#25851: TBA - Make sure third-party code is proxy safe
--+--
 Reporter:  sysrqb|  Owner:  tbb-team
 Type:  defect| Status:  new
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:
 Keywords:  tbb-mobile, tbb-proxy-bypass  |  Actual Points:
Parent ID:  #21863| Points:
 Reviewer:|Sponsor:  Sponsor4
--+--

Comment (by sysrqb):

 Replying to [comment:1 sysrqb]:
 > Code we should audit:
 > {{{
 > $ ls mobile/android/thirdparty/com/
 > adjust  booking  googlecode  jakewharton  leanplum  squareup
 > }}}

 Adjust is excluded at build-time, so we can ignore that. It is excluded if
 `MOZ_INSTALL_TRACKING` is not set. This is similar to LeanPlum - it
 requires MOZ_ANDROID_GCM, too. We could change the `MOZ_INSTALL_TRACKING`
 default value, too (being extra safe) - but currently it will not be
 included.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #25851 [Applications/Tor Browser]: TBA - Make sure third-party code is proxy safe

[Tor Bug Tracker & Wiki]

#25851: TBA - Make sure third-party code is proxy safe
--+--
 Reporter:  sysrqb|  Owner:  tbb-team
 Type:  defect| Status:  new
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:
 Keywords:  tbb-mobile, tbb-proxy-bypass  |  Actual Points:
Parent ID:  #21863| Points:
 Reviewer:|Sponsor:  Sponsor4
--+--

Comment (by sysrqb):

 Replying to [ticket:25851 sysrqb]:
 > {{{
 > $ git grep -n openConnection\( mobile/android/thirdparty/
 > }}}
 > {{{
 >
 
mobile/android/thirdparty/ch/boye/httpclientandroidlib/conn/ClientConnectionOperator.java:78:
 void openConnection(OperatedClientConnection conn,
 >
 
mobile/android/thirdparty/ch/boye/httpclientandroidlib/impl/conn/DefaultClientConnectionOperator.java:144:
 public void openConnection(
 >
 
mobile/android/thirdparty/ch/boye/httpclientandroidlib/impl/conn/ManagedClientConnectionImpl.java:304:
 this.operator.openConnection(
 > }}}
 #22170
 > {{{
 > mobile/android/thirdparty/com/leanplum/internal/SocketIOClient.java:82:
 HttpURLConnection connection = (HttpURLConnection) url.openConnection();
 > mobile/android/thirdparty/com/leanplum/internal/Util.java:540:
 HttpURLConnection urlConnection = (HttpURLConnection)
 url.openConnection();
 > }}}

 LeanPlum is not included by default. It is only included if
 `MOZ_ANDROID_MMA` is `true` (`false` by default) and `MOZ_ANDROID_GCM`
 must be `true` (which we set `false` at configure time):
 https://gitweb.torproject.org/tor-browser.git/tree/.mozconfig-android?h
 =tor-
 browser-60.1.0esr-8.0-1=ce3ad196040db4886e953cf13fc8d24fdf712d4b#n34


 > {{{
 >
 mobile/android/thirdparty/com/squareup/picasso/UrlConnectionDownloader.java:46:
 protected HttpURLConnection openConnection(Uri path) throws IOException {
 >
 mobile/android/thirdparty/com/squareup/picasso/UrlConnectionDownloader.java:47:
 HttpURLConnection connection = (HttpURLConnection) new
 URL(path.toString()).openConnection();
 >
 mobile/android/thirdparty/com/squareup/picasso/UrlConnectionDownloader.java:58:
 HttpURLConnection connection = openConnection(uri);
 > }}}
 >
 > This isn't the only offending method, we should audit these thoroughly.

 Code we should audit:
 {{{
 $ ls mobile/android/thirdparty/com/
 adjust  booking  googlecode  jakewharton  leanplum  squareup
 }}}
 {{{
 $ ls
 mobile/android/thirdparty/com/googlecode/eyesfree/braille/selfbraille/
 ISelfBrailleService.java  SelfBrailleClient.java  WriteData.java
 }}}
 {{{
 $ ls mobile/android/thirdparty/org/
 json  lucasr  mozilla
 }}}

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #25882 [Core Tor/Tor]: clients not detecting stale onion service introduction points

[Tor Bug Tracker & Wiki]

#25882: clients not detecting stale onion service introduction points
-+-
 Reporter:  cypherpunks  |  Owner:  dgoulet
 Type:  defect   | Status:
 |  assigned
 Priority:  Medium   |  Milestone:  Tor:
 |  unspecified
Component:  Core Tor/Tor |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tor-hs, 034-deferred-20180602|  Actual Points:
  035-removed|
Parent ID:  #22455   | Points:
 Reviewer:   |Sponsor:
-+-

Comment (by cypherpunks2):

 The file
 
[https://trac.torproject.org/projects/tor/attachment/ticket/25882/debug.onionservice.2.log.xz
 debug.onionservice.2.log.xz] contains a pair of new failures, one for the
 v2 service and one for the v3 service, observed at about 21:00 local time.

 Notice the absence of the receipt of an {{{INTRODUCE2}}} cell in both
 cases.

 It seems that our bug affects both v2 and v3 services, and the symptom is
 that the onion service does not receive an {{{INTRODUCE2}}} cell, i.e. it
 does not hear from the introduction point.

 So, two thoughts: what is the mechanism by which the set of introduction
 points known to a client is kept synchronised with the set of "live"
 introduction points maintained by an onion service?  Note that a
 descriptor held by a client may become outdated, a descriptor held by the
 database may become outdated, and circuits maintained by the onion service
 may stop working...

 Also, what is to stop a malicious introduction point from sending an ACK
 to a client but never reaching out to the onion service?

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #25882 [Core Tor/Tor]: clients not detecting stale onion service introduction points

[Tor Bug Tracker & Wiki]

#25882: clients not detecting stale onion service introduction points
-+-
 Reporter:  cypherpunks  |  Owner:  dgoulet
 Type:  defect   | Status:
 |  assigned
 Priority:  Medium   |  Milestone:  Tor:
 |  unspecified
Component:  Core Tor/Tor |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tor-hs, 034-deferred-20180602|  Actual Points:
  035-removed|
Parent ID:  #22455   | Points:
 Reviewer:   |Sponsor:
-+-
Changes (by cypherpunks2):

 * Attachment "debug.onionservice.2.log.xz" added.


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #26809 [Webpages/Support]: add all Tier-1 languages to the support portal to test them

[Tor Bug Tracker & Wiki]

#26809: add all Tier-1 languages to the support portal to test them
--+--
 Reporter:  emmapeel  |  Owner:  hiro
 Type:  enhancement   | Status:  assigned
 Priority:  Medium|  Milestone:
Component:  Webpages/Support  |Version:
 Severity:  Normal| Resolution:
 Keywords:|  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+--
Changes (by emmapeel):

 * cc: ggus (added)


Comment:

 We should also add languages that are already completed, as Indonesian
 (id), even when they are not on the Tier 1 list.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #22710 [Applications/Tor Browser]: produce an "all locales" nightly build of Tor Browser

[Tor Bug Tracker & Wiki]

#22710: produce an "all locales" nightly build of Tor Browser
--+---
 Reporter:  mcs   |  Owner:  tbb-team
 Type:  defect| Status:  needs_information
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:
 Keywords:|  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+---

Comment (by emmapeel):

 An 'all locales' bundle with even incomplete languages will be great to
 have.

 I see it as a developer-translators tool and don't think it will have many
 downloads, it does not need to be on the download page, but maybe on some
 obscure jenkins something.

 It would be good for translators starting a new language and also for
 reviewers to understand the eventual  tags or similar.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #22170 [Applications/Tor Browser]: Check uses of ch.boye.httpclientandroidlib.impl.client.* for proxy safety on Android

[Tor Bug Tracker & Wiki]

#22170: Check uses of ch.boye.httpclientandroidlib.impl.client.* for proxy 
safety
on Android
-+-
 Reporter:  gk   |  Owner:  sysrqb
 Type:  defect   | Status:
 |  needs_review
 Priority:  High |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  ff52-esr, tbb-mobile,|  Actual Points:
  TorBrowserTeam201808R  |
Parent ID:  #21863   | Points:
 Reviewer:   |Sponsor:
-+-

Comment (by sysrqb):

 Replying to [comment:18 sysrqb]:
 > NOTE: this resolved the proxy address using the system DNS resolver
 [13]. This shouldn't leak anything, but we don't need this.
 > [13] https://gitweb.torproject.org/tor-
 
browser.git/tree/mobile/android/thirdparty/ch/boye/httpclientandroidlib/impl/conn/DefaultClientConnectionOperator.java?h
 =tor-browser-60.1.0esr-8.0-1#n159

 This actually uses `java.net.InetAddress.getAllByName()` which resolves a
 host name or parses the a literal IP address:
 {{{
 The host name can either be a machine name, such as "java.sun.com", or a
 textual representation of its IP address. If a literal IP address is
 supplied, only the validity of the address format is checked.
 }}}
 
https://developer.android.com/reference/java/net/InetAddress.html#getAllByName(java.lang.String)

 We are currently hard-coding an IP address, so this should not be a
 problem - in theory. The main problem here is we configure the proxy using
 an IP address, but that is stored as a string when it is passed around
 between the different layers of abstraction as a HTTP parameter. The IP
 address-as-a-String is then parsed into a InetAddress when the connection
 is created. I see four options here:
   1. We leave this as it is and assume this the Android API "does the
 right thing"
   2. We hard-code the InetAddress at this point in the code, too
   3. We modify httpclientandroidlib so the `DEFAULT_PROXY` parameter is
 stored as a URI so we never need to reparse the address
   4. We copy another IP address parsing implementation and use that
 instead of relying on the Android implementation (something like Google
 Guava's which provides similar functionality but does not perform name
 resolution - `InetAddresses.forString(String)`)
 {{{
  * Important note: Unlike {@code InetAddress.getByName()}, the
 methods of this class never
  * cause DNS services to be accessed. For this reason, you should prefer
 these methods as much as
  * possible over their JDK equivalents whenever you are expecting to
 handle only IP address string
  * literals -- there is no blocking DNS penalty for a malformed string.
 }}}
 
https://github.com/google/guava/blob/master/android/guava/src/com/google/common/net/InetAddresses.java#L128

 I'm more in favor or (2) or (4).

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #17400 [Applications/Tor Browser]: Decide how to use the multi-lingual Tor Browser in the alpha/release series

[Tor Bug Tracker & Wiki]

#17400: Decide how to use the multi-lingual Tor Browser in the alpha/release 
series
-+-
 Reporter:  gk   |  Owner:  tbb-
 |  team
 Type:  task | Status:  new
 Priority:  Medium   |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  ux-team, tbb-usability-stoppoint-|  Actual Points:
  wizard, TorBrowserTeam201608   |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-

Comment (by emmapeel):

 I was talking with arthuredelstein about this, he said the plan is to
 start adding a couple of completed languages each release starting with
 TB8, until all the completed languages are available on the download page

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #27011 [Internal Services/Service - trac]: Remove 'Core Tor -> Erebus' component?

[Tor Bug Tracker & Wiki]

#27011: Remove 'Core Tor -> Erebus' component?
--+-
 Reporter:  arma  |  Owner:  qbi
 Type:  enhancement   | Status:  new
 Priority:  Medium|  Milestone:
Component:  Internal Services/Service - trac  |Version:
 Severity:  Normal| Resolution:
 Keywords:|  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+-
Changes (by arma):

 * cc: atagar (added)


Comment:

 I am cc'ing atagar, to get his approval to proceed since he's the Erebus
 component person.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #27009 [Internal Services/Service - trac]: move leekspin trac component to archived

[Tor Bug Tracker & Wiki]

#27009: move leekspin trac component to archived
--+-
 Reporter:  arma  |  Owner:  qbi
 Type:  enhancement   | Status:  new
 Priority:  Medium|  Milestone:
Component:  Internal Services/Service - trac  |Version:
 Severity:  Normal| Resolution:
 Keywords:|  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+-
Changes (by arma):

 * cc: nickm (added)


Comment:

 I am cc'ing nickm, to get his approval to proceed since he's the Core Tor
 component person.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #24212 [Core Tor/pytorctl]: Get developer access to pytorctl

[Tor Bug Tracker & Wiki]

#24212: Get developer access to pytorctl
---+
 Reporter:  teor   |  Owner:  (none)
 Type:  task   | Status:  new
 Priority:  Medium |  Milestone:
Component:  Core Tor/pytorctl  |Version:
 Severity:  Normal | Resolution:
 Keywords: |  Actual Points:
Parent ID: | Points:
 Reviewer: |Sponsor:
---+

Comment (by arma):

 I can help you move forward on this ticket, if you still want this.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #25695 [Applications/Tor Browser]: Activity 5.1: Redesign Tor Browser homepage ("about:tor") - create an user onboard

[Tor Bug Tracker & Wiki]

#25695: Activity 5.1: Redesign Tor Browser homepage ("about:tor") - create an 
user
onboard
---+---
 Reporter:  isabela|  Owner:  antonela
 Type:  defect | Status:  new
 Priority:  Very High  |  Milestone:
Component:  Applications/Tor Browser   |Version:
 Severity:  Normal | Resolution:
 Keywords:  ux-team, TorBrowserTeam201808  |  Actual Points:
Parent ID: | Points:
 Reviewer: |Sponsor:  Sponsor17
---+---

Comment (by antonela):

 > Marvel will work fine for the handoff. Kathy and I are getting better at
 using it :)

 Cool! Glad it is working :)

 > Regarding the illustrations, you may already know this, but the
 following folder contains the onboarding images that Firefox 60 uses:
 > https://dxr.mozilla.org/mozilla-
 esr60/source/browser/extensions/onboarding/content/img

 Thanks for the link and the explainer! I'm going to have pretty much same
 size and I'll provide the .svg and .png for each of them.

 Thanks!

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #16546 [Webpages/Website]: Should we move anonbib to the Tor website?

[Tor Bug Tracker & Wiki]

#16546: Should we move anonbib to the Tor website?
-+-
 Reporter:  nickm|  Owner:
 |  cypherpunks
 Type:  defect   | Status:
 |  assigned
 Priority:  Medium   |  Milestone:
 |  WebsiteV3
Component:  Webpages/Website |Version:
 Severity:  Normal   | Resolution:
 Keywords:  defer-new-website, ux-team,  |  Actual Points:
  research   |
Parent ID:  #26836   | Points:
 Reviewer:   |Sponsor:
-+-

Comment (by arma):

 Replying to [comment:3 nickm]:
 > Well, one thing that would be accomplished is that we wouldn't have to
 manually run a script on the freehaven webserver whenever somebody pushed
 to the git repo.  So that's something.

 This one is solved by a cron run by anonbib@freehaven, which runs this
 script (recorded here for posterity):
 {{{
 #!/bin/sh -e

 CURRENT_COMMIT=$(git rev-parse HEAD)

 if ! git pull --ff-only | grep -F 'Already up-to-date' >/dev/null; then
 git show "${CURRENT_COMMIT}.."
 make
 fi
 }}}

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #27011 [Internal Services/Service - trac]: Remove 'Core Tor -> Erebus' component?

[Tor Bug Tracker & Wiki]

#27011: Remove 'Core Tor -> Erebus' component?
--+-
 Reporter:  arma  |  Owner:  qbi
 Type:  enhancement   | Status:  new
 Priority:  Medium|  Milestone:
Component:  Internal Services/Service - trac  |Version:
 Severity:  Normal|   Keywords:
Actual Points:|  Parent ID:
   Points:|   Reviewer:
  Sponsor:|
--+-
 The "Core Tor -> Erebus" component has no tickets in it, either open or
 closed.

 I believe it's for this gsoc 2015 project:
 https://gitweb.torproject.org/erebus.git/

 But that project does not appear active or maintained.

 I would suggest moving the component to Archived, but there is nothing to
 archive.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #26884 [Applications/Tor Browser]: Update preferences.xul to make it work on mobile

[Tor Bug Tracker & Wiki]

#26884: Update preferences.xul to make it work on mobile
-+-
 Reporter:  igt0 |  Owner:  tbb-
 |  team
 Type:  defect   | Status:
 |  needs_review
 Priority:  Very High|  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tbb-torbutton,   |  Actual Points:
  TorBrowserTeam201808R  |
Parent ID:  #26531   | Points:
 Reviewer:   |Sponsor:
-+-

Comment (by sysrqb):

 Replying to [comment:7 igt0]:
 > Replying to [comment:6 gk]:
 > > Nice! How can we test that? I.e. how is it integrated into the .apk
 (build process)?
 >
 >
 > It is not integrated in the build process. You need to copy the xpi to
 the distribution
 directory(mobile/android/torbrowser/assets/distribution/extensions).

 For this
  1. export TB_BUILD_WITH_DISTRIBUTION=1 (or set this env variable however
 you like) so the distribution is included by .mozconfig-android
  2. create `mobile/android/torbrowser/assets/distribution/extensions`, as
 igt0 said, if that directory structure doesn't already exist, and copy the
 xpi into the extensions directory.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #21183 [Applications/Tor Browser]: Basic Usability Issues

[Tor Bug Tracker & Wiki]

#21183: Basic Usability Issues
--+
 Reporter:  ninavizz  |  Owner:  (none)
 Type:  defect| Status:  new
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:
 Keywords:  ux-team, torbrowser   |  Actual Points:
Parent ID:  #20843| Points:
 Reviewer:|Sponsor:
--+
Changes (by arma):

 * cc: linda (removed)
 * cc: antonela (added)


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #24452 [Applications/Tor Launcher]: Firewall option is visible behind Tor Network Settings... but not during start-up

[Tor Bug Tracker & Wiki]

#24452: Firewall option is visible behind Tor Network Settings... but not during
start-up
---+---
 Reporter:  gk |  Owner:  brade
 Type:  defect | Status:  new
 Priority:  Medium |  Milestone:
Component:  Applications/Tor Launcher  |Version:
 Severity:  Normal | Resolution:
 Keywords:  ux-team|  Actual Points:
Parent ID: | Points:
 Reviewer: |Sponsor:
---+---

Comment (by arma):

 Here are two more threads with users getting confused about the UI
 difference:
 https://lists.torproject.org/pipermail/tor-dev/2018-July/thread.html#13270
 https://lists.torproject.org/pipermail/tor-
 talk/2018-August/thread.html#44361

 I think I favor removing the "firewall ports" option from the inner config
 dialog too.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #24918 [Applications/Tor Browser]: Help users finding the new circuit display

[Tor Bug Tracker & Wiki]

#24918: Help users finding the new circuit display
---+---
 Reporter:  gk |  Owner:  tbb-team
 Type:  defect | Status:
   |  needs_information
 Priority:  Very High  |  Milestone:
Component:  Applications/Tor Browser   |Version:
 Severity:  Normal | Resolution:
 Keywords:  ux-team, TorBrowserTeam201808  |  Actual Points:
Parent ID: | Points:
 Reviewer: |Sponsor:
---+---

Comment (by antonela):

 Hey yes!

 Ideally, the user flow should looks like:

 0 - Tor Browser launches the onboarding.
 1 - Once in the Circuit Card, the user clicks at the CTA [Learn More / Try
 it now! / Visit an .onion].
 3 - A New tab opens, and the walkthrough appears.
 4 - User goes through step1, step2, step3.
 5 - User stays on the .onion or gets back to `about:tor` [onboarding
 closed].

 We discussed two options to run/launch this helper for new features. One
 of them included a fake onion, and we don't want to fake the flow >
 https://marvelapp.com/3djhfhh/screen/46325148

 Instead, I made a prototype with a real .onion to show the user flow. I
 think we can use tpo's onion there >
 https://marvelapp.com/3djhfhh/screen/46324625

 Remember that I'm following Firefox's one here, so that you may find
 source files somewhere.
 ​https://www.mozilla.org/en-US/firefox/59.0.2/tracking-
 protection/start/?step=1

 Let me know what do you think and if anything else is needed!

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #26514 [Applications/Tor Browser]: intermittent updater failures on Win64 (Error 19)

[Tor Bug Tracker & Wiki]

#26514: intermittent updater failures on Win64 (Error 19)
--+--
 Reporter:  mcs   |  Owner:  tbb-team
 Type:  defect| Status:  new
 Priority:  Very High |  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:
 Keywords:  TorBrowserTeam201808  |  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+--

Comment (by gk):

 I don't know how to get a shell within the container during the build.
 What I usually do if I need to get at preprocessed files is compile with
 `-save-temps` and do a `exit 1` after the compilation step making sure I
 get a debug shell.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #26536 [Applications/Tor Browser]: Create APK signing keys

[Tor Bug Tracker & Wiki]

#26536: Create APK signing keys
--+---
 Reporter:  sysrqb|  Owner:  tbb-team
 Type:  task  | Status:  needs_information
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:
 Keywords:  tbb-mobile|  Actual Points:
Parent ID:  #26531| Points:
 Reviewer:|Sponsor:
--+---

Comment (by sysrqb):

 Replying to [comment:2 gk]:
 > What's the story in case the key gets compromised/lost and needs to get
 replaced?

 Total sadness.

 >How is that handled? (I am in particular interested in the impact for
 updates)

 Basically, we would generate a new key, and existing users would not be
 able to install the next update because the signing key would be
 different. As a result, we would have two options. 1) release a new
 version of the app signed with the new key, but first an existing user
 would need to uninstall the old version of the app before they can install
 the new version. 2) release a new version of the app using a different
 name (org.torproject.torbrowser2, or something like that). If we use a
 different name, then the user can have both versions installed at the same
 time and they can manually copy any bookmarks from one app to the other.

 We might want to create a plan for how we inform users about this
 situation and what they should do.

 {{{
 If you lose access to your app signing key or your key is compromised,
 Google cannot retrieve the app signing key for you, and you will not
 be able to release new versions of your app to users as updates to the
 original app.
 }}}
 https://developer.android.com/studio/publish/app-signing#self-manage

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #24452 [Applications/Tor Launcher]: Firewall option is visible behind Tor Network Settings... but not during start-up

[Tor Bug Tracker & Wiki]

#24452: Firewall option is visible behind Tor Network Settings... but not during
start-up
---+---
 Reporter:  gk |  Owner:  brade
 Type:  defect | Status:  new
 Priority:  Medium |  Milestone:
Component:  Applications/Tor Launcher  |Version:
 Severity:  Normal | Resolution:
 Keywords:  ux-team|  Actual Points:
Parent ID: | Points:
 Reviewer: |Sponsor:
---+---
Changes (by antonela):

 * keywords:   => ux-team


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #25658 [Applications/Tor Browser]: Activity 2.1: Improve user understanding and user control by clarifying Tor Browser's security features

[Tor Bug Tracker & Wiki]

#25658: Activity 2.1: Improve user understanding and user control by clarifying 
Tor
Browser's security features
---+---
 Reporter:  isabela|  Owner:  antonela
 Type:  project| Status:  assigned
 Priority:  High   |  Milestone:
Component:  Applications/Tor Browser   |Version:
 Severity:  Normal | Resolution:
 Keywords:  ux-team, TorBrowserTeam201805  |  Actual Points:
Parent ID: | Points:
 Reviewer: |Sponsor:  Sponsor17
---+---

Comment (by arma):

 I like the new phrasing "Feature filter". Calling it a security slider
 sure is confusing about what we might mean by security, and I think with
 that name we will forever have people messing with it thinking that it
 does something that it doesn't actually do.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #6947 [Metrics/Onionoo]: Allow filtering relays by version ranges

[Tor Bug Tracker & Wiki]

#6947: Allow filtering relays by version ranges
-+-
 Reporter:  rransom  |  Owner:  karsten
 Type:  enhancement  | Status:  merge_ready
 Priority:  Medium   |  Milestone:
Component:  Metrics/Onionoo  |Version:
 Severity:  Normal   | Resolution:
 Keywords:   |  Actual Points:
Parent ID:   | Points:
 Reviewer:  irl  |Sponsor:
-+-
Changes (by irl):

 * status:  needs_review => merge_ready


Comment:

 This looks good to me.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #24204 [Core Tor/Tor]: Improve the in-process Tor API: create owning control port

[Tor Bug Tracker & Wiki]

#24204: Improve the in-process Tor API: create owning control port
-+-
 Reporter:  nickm|  Owner:  nickm
 Type:  defect   | Status:
 |  needs_review
 Priority:  Medium   |  Milestone:  Tor:
 |  0.3.5.x-final
Component:  Core Tor/Tor |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tor-mobile, s8-api,  |  Actual Points:
  034-triage-20180328, 035-roadmap-subtask   |
Parent ID:  #25510   | Points:
 Reviewer:   |Sponsor:
 |  Sponsor8-can
-+-
Changes (by nickm):

 * priority:  Very Low => Medium
 * status:  accepted => needs_review
 * cc: hellais (added)


Comment:

 Code in my `tor_api_owning_control` branch; PR at
 https://github.com/torproject/tor/pull/260

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #26994 [Core Tor/Tor]: Solaris 10: test_bwmgt.c compile error with tor-0.3.4.5-rc

[Tor Bug Tracker & Wiki]

#26994: Solaris 10: test_bwmgt.c compile error with tor-0.3.4.5-rc
-+-
 Reporter:  Knut |  Owner:  (none)
 Type:  defect   | Status:
 |  needs_information
 Priority:  Medium   |  Milestone:  Tor:
 |  0.3.5.x-final
Component:  Core Tor/Tor |Version:  Tor:
 |  0.3.4.5-rc
 Severity:  Normal   | Resolution:
 Keywords:  tor-test, solaris, regression,   |  Actual Points:
  035-must   |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-

Comment (by Knut):

 Hi teor,

 search and replace "SEC" with "BW_SEC" in test_bwmgt.c worked.

 Thanks a lot.

 knut

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #27008 [Internal Services/Service - deb.tpo]: Remove ooniprobe and dependencies

[Tor Bug Tracker & Wiki]

#27008: Remove ooniprobe and dependencies
-+-
 Reporter:  irl  |  Owner:  irl
 Type:  task | Status:
 |  accepted
 Priority:  Medium   |  Milestone:
Component:  Internal Services/Service - deb.tpo  |Version:
 Severity:  Normal   | Resolution:
 Keywords:   |  Actual Points:
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-

Comment (by irl):

 An ideal volunteer:

 * cares about OONI
 * is a Debian or Ubuntu developer
 * has experience with Python
 * has experience with nodejs

 I guess also it would be good if this person can set up some CI
 infrastructure to perform automated testing of the packages. There are so
 many Ubuntu suites to support that it quickly becomes a lot of work.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #27008 [Internal Services/Service - deb.tpo]: Remove ooniprobe and dependencies

[Tor Bug Tracker & Wiki]

#27008: Remove ooniprobe and dependencies
-+-
 Reporter:  irl  |  Owner:  irl
 Type:  task | Status:
 |  accepted
 Priority:  Medium   |  Milestone:
Component:  Internal Services/Service - deb.tpo  |Version:
 Severity:  Normal   | Resolution:
 Keywords:   |  Actual Points:
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-

Comment (by hellais):

 > Would it help if we were to focus only on Debian or only on Ubuntu at
 first to get that package going. The fpm package is where I see people
 installing ooniprobe from on Debian/Ubuntu systems for at least the next
 few years. If there is no resource at all, perhaps we can do a call for
 volunteers?

 I think at this point the biggest issue is that somebody is interested in
 having OONI Probe working on linux and takes on the task of figuring out
 how to make it work there.

 I personally cannot commit to doing this, because:

 a. I am not a linux user

 b. I already have too many other things on my plate to have time to become
 a linux user

 Maybe doing a call for volunteers is a reasonable way to go.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #26884 [Applications/Tor Browser]: Update preferences.xul to make it work on mobile

[Tor Bug Tracker & Wiki]

#26884: Update preferences.xul to make it work on mobile
-+-
 Reporter:  igt0 |  Owner:  tbb-
 |  team
 Type:  defect   | Status:
 |  needs_review
 Priority:  Very High|  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tbb-torbutton,   |  Actual Points:
  TorBrowserTeam201808R  |
Parent ID:  #26531   | Points:
 Reviewer:   |Sponsor:
-+-

Comment (by igt0):

 Replying to [comment:6 gk]:
 > Nice! How can we test that? I.e. how is it integrated into the .apk
 (build process)?


 It is not integrated in the build process. You need to copy the xpi to the
 distribution
 directory(mobile/android/torbrowser/assets/distribution/extensions).

 Besides that you will need to update the extension preferences info:
 extensions.enabledAddons: Update the torbutton version to 2.0.1

 extensions.legacy.enabled: It needs to be true

 I wonder if we can integrate it in the work made by sisbell.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #27008 [Internal Services/Service - deb.tpo]: Remove ooniprobe and dependencies

[Tor Bug Tracker & Wiki]

#27008: Remove ooniprobe and dependencies
-+-
 Reporter:  irl  |  Owner:  irl
 Type:  task | Status:
 |  accepted
 Priority:  Medium   |  Milestone:
Component:  Internal Services/Service - deb.tpo  |Version:
 Severity:  Normal   | Resolution:
 Keywords:   |  Actual Points:
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-

Comment (by irl):

 Replying to [comment:8 hellais]:
 > The current deb.tpo package does not work. Here is a list of outstanding
 problems with it:
 > https://github.com/thetorproject/ooni-
 probe/issues?q=is%3Aopen+is%3Aissue+label%3Adebian

 Oh wow. I mean, it works the way that I am using it, which is running as a
 system process on Debian stable and testing systems. I guess others use it
 in lots of different ways.

 > I would prefer we first come up with a working package and do thorough
 testing of it, before we make any changes to the current package.

 Ok.

 > The package that is currently hosted on bintray is not tested at all and
 we currently don't have enough resources to support testing it and working
 on it.

 ):

 Would it help if we were to focus only on Debian or only on Ubuntu at
 first to get that package going. The fpm package is where I see people
 installing ooniprobe from on Debian/Ubuntu systems for at least the next
 few years. If there is no resource at all, perhaps we can do a call for
 volunteers?

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #17400 [Applications/Tor Browser]: Decide how to use the multi-lingual Tor Browser in the alpha/release series

[Tor Bug Tracker & Wiki]

#17400: Decide how to use the multi-lingual Tor Browser in the alpha/release 
series
-+-
 Reporter:  gk   |  Owner:  tbb-
 |  team
 Type:  task | Status:  new
 Priority:  Medium   |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  ux-team, tbb-usability-stoppoint-|  Actual Points:
  wizard, TorBrowserTeam201608   |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-

Comment (by arma):

 Replying to [ticket:17400 gk]:
 > Mike had the idea a while ago to ship the most important bundles
 localized while putting all the other locales in a generic bundle (see:
 http://meetbot.debian.net/tor-dev/2015/tor-dev.2015-08-10-18.01.log.txt).
 I think I like that idea. Is that still something we want?

 It does seem like an easy next step that what we do now, and it would help
 some of our users now without inconveniencing the others much.

 Are there reasons not to do it? :)

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #27010 [- Select a component]: UX Research

[Tor Bug Tracker & Wiki]

#27010: UX Research
--+--
 Reporter:  antonela  |  Owner:  nyinz
 Type:  project   | Status:  assigned
 Priority:  Medium|  Milestone:
Component:  - Select a component  |Version:
 Severity:  Normal|   Keywords:  ux-team
Actual Points:|  Parent ID:
   Points:|   Reviewer:
  Sponsor:  Sponsor9  |
--+--
 This ticket contains Tor's UX research efforts.

 **Upcoming Research**

 TBD

 **Research Archive**

 Apr 2018 - Circuit Display
 Apr 2018 - Onion Indicator
 Mar 2018 - Onion Indicator
 Jan 2018 - Onion Indicator
 Jan 2018 - Tor Launcher

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #22710 [Applications/Tor Browser]: produce an "all locales" nightly build of Tor Browser

[Tor Bug Tracker & Wiki]

#22710: produce an "all locales" nightly build of Tor Browser
--+---
 Reporter:  mcs   |  Owner:  tbb-team
 Type:  defect| Status:  needs_information
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:
 Keywords:|  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+---
Changes (by arma):

 * cc: emmapeel (added)


Comment:

 The former sounds like what we had in mind: A Tor Browser build that lets
 you choose all of the languages that Transifex has any translations for.

 That said, now that we have an emma, I am cc'ing her so she can tell us
 that this ticket is really exciting, or not actually that useful, or
 somewhere in between.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #26514 [Applications/Tor Browser]: intermittent updater failures on Win64 (Error 19)

[Tor Bug Tracker & Wiki]

#26514: intermittent updater failures on Win64 (Error 19)
--+--
 Reporter:  mcs   |  Owner:  tbb-team
 Type:  defect| Status:  new
 Priority:  Very High |  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:
 Keywords:  TorBrowserTeam201808  |  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+--

Comment (by mcs):

 Replying to [comment:14 jacek]:
 > Could you provide your preprocessed mar_verify.c? Something like:
 > make -C obj_dir/modules/libmar/verify/ mar_verify.i
 > should do the trick.

 I will do that once I figure out how to get a shell within the container
 for the "firefox" build.

 boklm: can you tell me how to do that with rbm? I know I can get a shell
 after a build failure, but is there way to get a shell within the
 container without forcing a build failure, e.g., after a successful build
 of the firefox component or after the firefox configure step is done? I
 can probably figure it out, but I suspect you or gk my know how to do this
 already.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #25704 [Core Tor/Nyx]: Nyx unavailable on deb.torproject.org

[Tor Bug Tracker & Wiki]

#25704: Nyx unavailable on deb.torproject.org
--+---
 Reporter:  cypherpunks   |  Owner:  atagar
 Type:  defect| Status:  needs_information
 Priority:  Medium|  Milestone:
Component:  Core Tor/Nyx  |Version:
 Severity:  Normal| Resolution:
 Keywords:|  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+---

Comment (by irl):

 Nyx does not need to be uploaded to deb.torproject.org to make it
 available for stretch. It can instead be included in stretch-backports.
 Either Dererk should do this, or someone else can. It's not uncommon that
 backports maintainers and unstable maintainers are different people.

 Tracking on Debian bug [[https://bugs.debian.org/cgi-
 bin/bugreport.cgi?bug=905212|905212]].

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #27009 [Internal Services/Service - trac]: move leekspin trac component to archived

[Tor Bug Tracker & Wiki]

#27009: move leekspin trac component to archived
--+-
 Reporter:  arma  |  Owner:  qbi
 Type:  enhancement   | Status:  new
 Priority:  Medium|  Milestone:
Component:  Internal Services/Service - trac  |Version:
 Severity:  Normal|   Keywords:
Actual Points:|  Parent ID:
   Points:|   Reviewer:
  Sponsor:|
--+-
 There is a trac component, "Core Tor -> Leekspin", that has exactly one
 closed ticket and no open tickets.

 To streamline the trac ticket submission process, should we move this
 component to "Archived -> Leekspin"?

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #27008 [Internal Services/Service - deb.tpo]: Remove ooniprobe and dependencies

[Tor Bug Tracker & Wiki]

#27008: Remove ooniprobe and dependencies
-+-
 Reporter:  irl  |  Owner:  irl
 Type:  task | Status:
 |  accepted
 Priority:  Medium   |  Milestone:
Component:  Internal Services/Service - deb.tpo  |Version:
 Severity:  Normal   | Resolution:
 Keywords:   |  Actual Points:
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-

Comment (by hellais):

 > The package that is on deb.tpo does work, it's just that it's not easily
 updated to the latest version

 The current deb.tpo package does not work. Here is a list of outstanding
 problems with it:
 https://github.com/thetorproject/ooni-
 probe/issues?q=is%3Aopen+is%3Aissue+label%3Adebian

 > How about if I just upload a new revision of that version with a NEWS
 file to ask users to add the new bintray repository to their APT sources?
 This at least gives them a chance to upload and then later we can remove
 these packages, say after a month or two.

 I would prefer we first come up with a working package and do thorough
 testing of it, before we make any changes to the current package.

 The package that is currently hosted on bintray is not tested at all and
 we currently don't have enough resources to support testing it and working
 on it.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #20854 [Community]: Please make community-team owner of community component

[Tor Bug Tracker & Wiki]

#20854: Please make community-team owner of community component
+
 Reporter:  community-team  |  Owner:  (none)
 Type:  defect  | Status:  closed
 Priority:  Medium  |  Milestone:
Component:  Community   |Version:
 Severity:  Normal  | Resolution:  fixed
 Keywords:  |  Actual Points:
Parent ID:  | Points:
 Reviewer:  |Sponsor:
+
Changes (by emmapeel):

 * status:  new => closed
 * resolution:   => fixed


Comment:

 checked with community liaison and this has been solved. closing.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #24918 [Applications/Tor Browser]: Help users finding the new circuit display

[Tor Bug Tracker & Wiki]

#24918: Help users finding the new circuit display
---+---
 Reporter:  gk |  Owner:  tbb-team
 Type:  defect | Status:
   |  needs_information
 Priority:  Very High  |  Milestone:
Component:  Applications/Tor Browser   |Version:
 Severity:  Normal | Resolution:
 Keywords:  ux-team, TorBrowserTeam201808  |  Actual Points:
Parent ID: | Points:
 Reviewer: |Sponsor:
---+---
Changes (by mcs):

 * status:  new => needs_information


Comment:

 The implementation of this is being tracked in #26962.

 Antonela, does https://marvelapp.com/3djhfhh contain the final design for
 circuit display onboarding? I found that URL in ticket:25695#comment:8.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #27008 [Internal Services/Service - deb.tpo]: Remove ooniprobe and dependencies

[Tor Bug Tracker & Wiki]

#27008: Remove ooniprobe and dependencies
-+-
 Reporter:  irl  |  Owner:  irl
 Type:  task | Status:
 |  accepted
 Priority:  Medium   |  Milestone:
Component:  Internal Services/Service - deb.tpo  |Version:
 Severity:  Normal   | Resolution:
 Keywords:   |  Actual Points:
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-

Comment (by irl):

 The package that is on deb.tpo does work, it's just that it's not easily
 updated to the latest version. How about if I just upload a new revision
 of that version with a NEWS file to ask users to add the new bintray
 repository to their APT sources? This at least gives them a chance to
 upload and then later we can remove these packages, say after a month or
 two.

 They would see the news file when they apt upgrade.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #27008 [Internal Services/Service - deb.tpo]: Remove ooniprobe and dependencies

[Tor Bug Tracker & Wiki]

#27008: Remove ooniprobe and dependencies
-+-
 Reporter:  irl  |  Owner:  irl
 Type:  task | Status:
 |  accepted
 Priority:  Medium   |  Milestone:
Component:  Internal Services/Service - deb.tpo  |Version:
 Severity:  Normal   | Resolution:
 Keywords:   |  Actual Points:
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-

Comment (by hellais):

 My preference for this would be that the ooniprobe debian package on
 deb.torproject.org is unbricked and we keep it available also on
 deb.torproject.org.

 Once that happens we can also offer an install option with bintray.org
 (for circumvention reasons). We don't currently have any plans of running
 our own deb.ooni.io package repository.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #27008 [Internal Services/Service - deb.tpo]: Remove ooniprobe and dependencies

[Tor Bug Tracker & Wiki]

#27008: Remove ooniprobe and dependencies
-+-
 Reporter:  irl  |  Owner:  irl
 Type:  task | Status:
 |  accepted
 Priority:  Medium   |  Milestone:
Component:  Internal Services/Service - deb.tpo  |Version:
 Severity:  Normal   | Resolution:
 Keywords:   |  Actual Points:
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-

Comment (by irl):

 If users were to add the new deb.ooni.io repository, these packages would
 have a higher version number. We would ensure that those packages can
 allow safe upgrade from the packages that were on deb.torproject.org.

 I feel that automatically changing user's APT sources is a little too
 sneaky. Automatically adding new GPG keys to secure APT that effectively
 give another group root access to the machine could well be considered a
 breach of trust by some users.

 https://wiki.debian.org/piuparts is designed to test package upgrades
 don't break user's machines.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #27008 [Internal Services/Service - deb.tpo]: Remove ooniprobe and dependencies

[Tor Bug Tracker & Wiki]

#27008: Remove ooniprobe and dependencies
-+-
 Reporter:  irl  |  Owner:  irl
 Type:  task | Status:
 |  accepted
 Priority:  Medium   |  Milestone:
Component:  Internal Services/Service - deb.tpo  |Version:
 Severity:  Normal   | Resolution:
 Keywords:   |  Actual Points:
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-

Comment (by hellais):

 Replying to [comment:3 irl]:
 > Technically yes. I would prefer to just set up deb.ooni.io and get
 people installing the fpm packages from there. I think there are greater
 benefits in onboarding larger numbers of new users than trying to hack our
 way into updating existing users without their explicit buy-in.

 What happens to users that are currently using deb.torproject.org and try
 to upgrade ooniprobe?

 If upgrading to another repository is not an option, how about we publish
 the fpm package also to deb.torproject.org?

 What I am worried about is being getting stuck with a broken installation
 and there not being an easy upgrade path that leaves their system in a
 clean state.

 Users have already done an "explicit buy-in" to installing and using
 ooniprobe if they have added the deb.tpo repository and apt-get installed
 ooniprobe.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #27008 [Internal Services/Service - deb.tpo]: Remove ooniprobe and dependencies

[Tor Bug Tracker & Wiki]

#27008: Remove ooniprobe and dependencies
-+-
 Reporter:  irl  |  Owner:  irl
 Type:  task | Status:
 |  accepted
 Priority:  Medium   |  Milestone:
Component:  Internal Services/Service - deb.tpo  |Version:
 Severity:  Normal   | Resolution:
 Keywords:   |  Actual Points:
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-

Comment (by irl):

 Technically yes. I would prefer to just set up deb.ooni.io and get people
 installing the fpm packages from there. I think there are greater benefits
 in onboarding larger numbers of new users than trying to hack our way into
 updating existing users without their explicit buy-in.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #27008 [Internal Services/Service - deb.tpo]: Remove ooniprobe and dependencies

[Tor Bug Tracker & Wiki]

#27008: Remove ooniprobe and dependencies
-+-
 Reporter:  irl  |  Owner:  irl
 Type:  task | Status:
 |  accepted
 Priority:  Medium   |  Milestone:
Component:  Internal Services/Service - deb.tpo  |Version:
 Severity:  Normal   | Resolution:
 Keywords:   |  Actual Points:
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-

Comment (by hellais):

 Can we do this in such a way that users who are currently using the
 deb.torproject.org debian repo and upgrade the ooniprobe package will then
 start using the new version of ooniprobe (or are migrated onto another
 repository)?

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #27008 [Internal Services/Service - deb.tpo]: Remove ooniprobe and dependencies

[Tor Bug Tracker & Wiki]

#27008: Remove ooniprobe and dependencies
-+
 Reporter:  irl  |  Owner:  weasel
 Type:  task | Status:  new
 Priority:  Medium   |  Milestone:
Component:  Internal Services/Service - deb.tpo  |Version:
 Severity:  Normal   |   Keywords:
Actual Points:   |  Parent ID:
   Points:   |   Reviewer:
  Sponsor:   |
-+
 It is not time efficient to maintain the ooniprobe package in a way that
 is Debian policy compliant. The packages on deb.tpo have fallen out of
 date and are of limited utility. As such, I proposed that we remove them,
 and I will do this if there are no objections. This would include the
 following source packages:

 * klein
 * ooniprobe
 * python-certifi
 * python-ipaddress
 * txtorcon

 All binaries built from these packages would be removed.

 I had originally included txtorcon in deb.tpo as a dependency for
 ooniprobe in older suites. I believe that users can get later versions
 easily enough from stable-backports on Debian.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #27008 [Internal Services/Service - deb.tpo]: Remove ooniprobe and dependencies

[Tor Bug Tracker & Wiki]

#27008: Remove ooniprobe and dependencies
-+-
 Reporter:  irl  |  Owner:  irl
 Type:  task | Status:
 |  accepted
 Priority:  Medium   |  Milestone:
Component:  Internal Services/Service - deb.tpo  |Version:
 Severity:  Normal   | Resolution:
 Keywords:   |  Actual Points:
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-
Changes (by irl):

 * status:  new => accepted
 * owner:  weasel => irl


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] [Tor Bug Tracker & Wiki] Batch modify: #26960, #26961, #26962

[Tor Bug Tracker & Wiki]

Batch modification to #26960, #26961, #26962 by gk:
priority to Very High

Comment:
Bumping prio.

--
Tickets URL: 

Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #18642 [Core Tor/Tor]: Teach the OOM handler about the DNS cache

[Tor Bug Tracker & Wiki]

#18642: Teach the OOM handler about the DNS cache
-+-
 Reporter:  nickm|  Owner:  (none)
 Type:  enhancement  | Status:
 |  needs_review
 Priority:  Medium   |  Milestone:  Tor:
 |  0.3.5.x-final
Component:  Core Tor/Tor |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tor-dos, oom, tor-relay, dns, 035|  Actual Points:
  -triaged-in-20180711   |
Parent ID:   | Points:  1
 Reviewer:   |Sponsor:
 |  SponsorV-can
-+-
Changes (by neel):

 * reviewer:  dgoulet =>


Comment:

 dgoulet told me that he's on vacation until the 16th. Would someone else
 be willing to review this patch?

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #26536 [Applications/Tor Browser]: Create APK signing keys

[Tor Bug Tracker & Wiki]

#26536: Create APK signing keys
--+---
 Reporter:  sysrqb|  Owner:  tbb-team
 Type:  task  | Status:  needs_information
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:
 Keywords:  tbb-mobile|  Actual Points:
Parent ID:  #26531| Points:
 Reviewer:|Sponsor:
--+---

Comment (by gk):

 What's the story in case the key gets compromised/lost and needs to get
 replace? How is that handled?

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #25696 [Applications/Tor Browser]: Design of alpha onboarding for Tor Browser for Android

[Tor Bug Tracker & Wiki]

#25696: Design of alpha onboarding for Tor Browser for Android
-+-
 Reporter:  isabela  |  Owner:
 |  antonela
 Type:  defect   | Status:
 |  assigned
 Priority:  Very High|  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  ux-team, tbb-mobile, |  Actual Points:
  TorBrowserTeam201808   |
Parent ID:  #26531   | Points:
 Reviewer:   |Sponsor:
 |  Sponsor8
-+-
Changes (by gk):

 * keywords:  ux-team, tbb-mobile => ux-team, tbb-mobile,
   TorBrowserTeam201808
 * priority:  Medium => Very High


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #26884 [Applications/Tor Browser]: Update preferences.xul to make it work on mobile

[Tor Bug Tracker & Wiki]

#26884: Update preferences.xul to make it work on mobile
-+-
 Reporter:  igt0 |  Owner:  tbb-
 |  team
 Type:  defect   | Status:
 |  needs_review
 Priority:  Very High|  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tbb-torbutton,   |  Actual Points:
  TorBrowserTeam201808R  |
Parent ID:  #26531   | Points:
 Reviewer:   |Sponsor:
-+-

Comment (by gk):

 Nice! How can we test that? I.e. how is it integrated into the .apk (build
 process)?

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #27007 [Community/Relays]: create 'wiki/TorRelayGuide/NetBSD'

[Tor Bug Tracker & Wiki]

#27007: create 'wiki/TorRelayGuide/NetBSD'
--+--
 Reporter:  egypcio   |  Owner:  (none)
 Type:  enhancement   | Status:  assigned
 Priority:  Medium|  Milestone:
Component:  Community/Relays  |Version:
 Severity:  Normal| Resolution:
 Keywords:|  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+--
Changes (by nusenu):

 * owner:  Nusenu => (none)
 * status:  new => assigned


Comment:

 if you are willing to maintain the guide for NetBSD just go ahead and
 create that wiki page

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #27006 [Community/Relays]: create 'wiki/TorRelayGuide/DragonFlyBSD'

[Tor Bug Tracker & Wiki]

#27006: create 'wiki/TorRelayGuide/DragonFlyBSD'
-+--
 Reporter:  egypcio  |  Owner:  (none)
 Type:  enhancement  | Status:  assigned
 Priority:  Medium   |  Milestone:
Component:  Community/Relays |Version:
 Severity:  Normal   | Resolution:
 Keywords:  bsd dragonflybsd tdp torbsd  |  Actual Points:
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+--
Changes (by nusenu):

 * status:  new => assigned
 * owner:  Nusenu => (none)


Comment:

 if you are willing to maintain the guide for DragonFlyBSD just go ahead
 and create that wiki page

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #3799 [Community/Translations]: Investigate methods for translating strings in Unixoid shell scripts

[Tor Bug Tracker & Wiki]

#3799: Investigate methods for translating strings in Unixoid shell scripts
+--
 Reporter:  rransom |  Owner:  rransom
 Type:  task| Status:  assigned
 Priority:  Medium  |  Milestone:
Component:  Community/Translations  |Version:
 Severity:  Normal  | Resolution:
 Keywords:  |  Actual Points:
Parent ID:  | Points:
 Reviewer:  |Sponsor:
+--

Comment (by emmapeel):

 ping rransom

 did you look onto gettext utilities? They are pretty straightforward to
 generate translation files in Linux and are currently used on many of our
 projects.

 Or maybe this ticket should be closed?

 Please let me know if I can help you getting started with this

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #13951 [Community/Translations]: Add EFF technologists as maintainers for the HTTPS Everywhere transifex strings

[Tor Bug Tracker & Wiki]

#13951: Add EFF technologists as maintainers for the HTTPS Everywhere transifex
strings
+
 Reporter:  pde |  Owner:  phoul
 Type:  defect  | Status:  closed
 Priority:  High|  Milestone:
Component:  Community/Translations  |Version:
 Severity:  Normal  | Resolution:  fixed
 Keywords:  |  Actual Points:
Parent ID:  | Points:
 Reviewer:  |Sponsor:
+
Changes (by emmapeel):

 * status:  assigned => closed
 * resolution:   => fixed


Comment:

 {{{
 Please re-open if anything is incorrect.
 }}}

 Therefore I close

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #27007 [Community/Relays]: create 'wiki/TorRelayGuide/NetBSD'

[Tor Bug Tracker & Wiki]

#27007: create 'wiki/TorRelayGuide/NetBSD'
--+
 Reporter:  egypcio   |  Owner:  Nusenu
 Type:  enhancement   | Status:  new
 Priority:  Medium|  Milestone:
Component:  Community/Relays  |Version:
 Severity:  Normal| Resolution:
 Keywords:|  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+

Comment (by egypcio):

 keywords: bsd netbsd tdp torbsd

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #27001 [Community/Relays]: update 'wiki/TorRelayGuide/OpenBSD'

[Tor Bug Tracker & Wiki]

#27001: update 'wiki/TorRelayGuide/OpenBSD'
+---
 Reporter:  egypcio |  Owner:  Nusenu
 Type:  enhancement | Status:  closed
 Priority:  Medium  |  Milestone:
Component:  Community/Relays|Version:
 Severity:  Normal  | Resolution:  duplicate
 Keywords:  bsd openbsd tdp torbsd  |  Actual Points:
Parent ID:  | Points:
 Reviewer:  |Sponsor:
+---

Comment (by egypcio):

 thank you for having an eye on this. appreciated.

 I moved the file to #26619 anyway (the ticket that introduced the wiki
 page);
 #27001 was created as an effort to improve #26619 - didn't see it as
 duplicate though.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs