Re: [tor-bugs] #26114 [Applications/Tor Browser]: Adapt to upstreamed AddonManager changes

[Tor Bug Tracker & Wiki]

#26114: Adapt to upstreamed AddonManager changes
-+-
 Reporter:  gk   |  Owner:  tbb-
 |  team
 Type:  task | Status:  closed
 Priority:  Medium   |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:  fixed
 Keywords:  ff60-esr, tbb-fingerprinting,|  Actual Points:
  TorBrowserTeam201808R  |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-
Changes (by gk):

 * status:  needs_review => closed
 * resolution:   => fixed


Comment:

 Looks good and merged to `tor-browser-60.1.0esr-8.0-1` (commit
 703c18896354c159a2fc132f468289282104a235).

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #27261 [Applications/Tor Browser]: Tor Browser 8.0a9/10 gets stuck in an endless reload cycle

[Tor Bug Tracker & Wiki]

#27261: Tor Browser 8.0a9/10 gets stuck in an endless reload cycle
-+-
 Reporter:  gk   |  Owner:  tbb-
 |  team
 Type:  defect   | Status:  new
 Priority:  Very High|  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  TorBrowserTeam201808, ff60-esr,  |  Actual Points:
  noscript   |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-

Comment (by gk):

 Replying to [comment:15 fixtbb]:
 > Replying to [comment:13 gk]:
 > > https://www.dropbox.com/s/674t8y1o0s0vt8q/torbrowser.avi?dl=0
 > Blocked : 1/1! But, hey, it's a clean 8.0a10! Do you initialize
 NoScript properly?
 > > shows the problem (thanks ezio) and
 > Safest mode! Why didn't you mention it in your steps? SVG and
 downloadable fonts blocking is able to destroy content pages!

 That happens as well without touching the security slider at all.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #27274 [- Select a component]: ASan on OSX Travis is incompatible with Rust's santiziers

[Tor Bug Tracker & Wiki]

#27274: ASan on OSX Travis is incompatible with Rust's santiziers
--+
 Reporter:  alexcrichton  |  Owner:  (none)
 Type:  defect| Status:  new
 Priority:  Medium|  Milestone:
Component:  - Select a component  |Version:
 Severity:  Normal| Resolution:
 Keywords:|  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+

Comment (by alexcrichton):

 Ah unfortunately I don't think so in this situation. The problem is mostly
 with `cargo test` itself. Cargo alters `DYLD_LIBRARY_PATH` to include the
 rustc sysroot libdir which contains the ASan dylib, and I think because it
 has the same name as the system one it ends up trumping it (and then
 causing problems because it's different).

 Taking a look at Cargo it also looks like it prefixes DYLD_LIBRARY_PATH
 instead of suffixing it.

 Geez this really is a mess with Cargo and rustc! You can probably tell
 that many other projects probably haven't gotten ASan C code + Rust
 working yet...

 One of the better long-term fixes for this may be to rename rust's own
 copy of these dynamic libraries, ensuring that the don't clash with the
 system's perhaps

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #27273 [Core Tor/Tor]: ASan fails to link on Travis due to rustc and linker arguments

[Tor Bug Tracker & Wiki]

#27273: ASan fails to link on Travis due to rustc and linker arguments
--+
 Reporter:  alexcrichton  |  Owner:  (none)
 Type:  defect| Status:  new
 Priority:  Medium|  Milestone:  Tor: 0.3.5.x-final
Component:  Core Tor/Tor  |Version:
 Severity:  Normal| Resolution:
 Keywords:  rust  |  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+

Comment (by alexcrichton):

 Ah yeah I tried to pass -defaultlibs in the hopes that it would work, but
 unfortunately I also was unable to get it working. We also unfortunately
 don't have a way to disable this behavior in rustc (passing
 -nodefaultlibs), but we probably should...

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #27272 [Core Tor/Tor]: ASan is incompatible with Rust's jemalloc on Travis

[Tor Bug Tracker & Wiki]

#27272: ASan is incompatible with Rust's jemalloc on Travis
--+
 Reporter:  alexcrichton  |  Owner:  (none)
 Type:  defect| Status:  new
 Priority:  Medium|  Milestone:  Tor: 0.3.5.x-final
Component:  Core Tor/Tor  |Version:
 Severity:  Normal| Resolution:
 Keywords:  rust  |  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+

Comment (by alexcrichton):

 Ah unfortunately I haven't dug into why exactly jemalloc and ASan are
 incompatible, I just assumed it was some fundamental thing. I think that
 while it's in theory possible to compile crates with -fsanitize=address it
 wouldn't affect precompiled crates like the standard library (which
 includes jemalloc).

 In that sense I don't think it'd help here (specifically w/ the jemalloc
 problem). AFAIK the only solution is to get things to stop using jemalloc
 entirely. It may be worth investigating though why jemalloc is segfaulting
 with ASan, and it may or may not be a patch we could apply upstream.

 FWIW we'd like to move away from jemalloc as the default allocator, we're
 just having a tough time doing so unfortunately.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #27274 [- Select a component]: ASan on OSX Travis is incompatible with Rust's santiziers

[Tor Bug Tracker & Wiki]

#27274: ASan on OSX Travis is incompatible with Rust's santiziers
--+
 Reporter:  alexcrichton  |  Owner:  (none)
 Type:  defect| Status:  new
 Priority:  Medium|  Milestone:
Component:  - Select a component  |Version:
 Severity:  Normal| Resolution:
 Keywords:|  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+

Comment (by teor):

 Can we change the linker paths to put the system copy first?

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #27273 [Core Tor/Tor]: ASan fails to link on Travis due to rustc and linker arguments

[Tor Bug Tracker & Wiki]

#27273: ASan fails to link on Travis due to rustc and linker arguments
--+
 Reporter:  alexcrichton  |  Owner:  (none)
 Type:  defect| Status:  new
 Priority:  Medium|  Milestone:  Tor: 0.3.5.x-final
Component:  Core Tor/Tor  |Version:
 Severity:  Normal| Resolution:
 Keywords:  rust  |  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+

Comment (by teor):

 Some systems don't have bash installed. Do we require bash for other build
 steps?
 If not, we should list it as a dependency.

 Also, some distros install bash in /usr/local/bin, so we should use env to
 find it.

 Is there an argument that's the opposite of -nodefaultlibs? If so, we
 could add it to the command-line using any shell.
 There doesn't seem to be a -defaultlibs in gcc, although there may be some
 command-line code that gives every option a negated form.
 https://gcc.gnu.org/onlinedocs/gcc/Link-Options.html

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #26209 [Webpages/Blog]: In Tor Blog comments pages appear even when the limit isn't reached

[Tor Bug Tracker & Wiki]

#26209: In Tor Blog comments pages appear even when the limit isn't reached
---+--
 Reporter:  cypherpunks|  Owner:  hiro
 Type:  defect | Status:  reopened
 Priority:  High   |  Milestone:
Component:  Webpages/Blog  |Version:
 Severity:  Major  | Resolution:
 Keywords: |  Actual Points:
Parent ID: | Points:
 Reviewer: |Sponsor:
---+--
Description changed by dcf:

Old description:

> https://blog.torproject.org/get-help-running-your-relay-our-new-
> advocate#comments
>
> https://blog.torproject.org/get-help-running-your-relay-our-new-
> advocate?page=1%2C0
>
> looks like a bug

New description:

 https://blog.torproject.org/get-help-running-your-relay-our-new-
 advocate#comments
 [https://web.archive.org/web/20180823034140/https://blog.torproject.org
 /get-help-running-your-relay-our-new-advocate (archive)]

 https://blog.torproject.org/get-help-running-your-relay-our-new-
 advocate?page=1%2C0
 [https://web.archive.org/web/20180823034251/https://blog.torproject.org
 /get-help-running-your-relay-our-new-advocate?page=1%2C0 (archive)]

 looks like a bug

--

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #27272 [Core Tor/Tor]: ASan is incompatible with Rust's jemalloc on Travis

[Tor Bug Tracker & Wiki]

#27272: ASan is incompatible with Rust's jemalloc on Travis
--+
 Reporter:  alexcrichton  |  Owner:  (none)
 Type:  defect| Status:  new
 Priority:  Medium|  Milestone:  Tor: 0.3.5.x-final
Component:  Core Tor/Tor  |Version:
 Severity:  Normal| Resolution:
 Keywords:  rust  |  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+

Comment (by teor):

 Thanks for working on these issues!

 Can we compile every crate with -fsanitize=address in every mode?
 It might be easier to be consistent, than have some objects compiled with
 some settings, and other objects compiled with other settings.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #26209 [Webpages/Blog]: In Tor Blog comments pages appear even when the limit isn't reached

[Tor Bug Tracker & Wiki]

#26209: In Tor Blog comments pages appear even when the limit isn't reached
---+--
 Reporter:  cypherpunks|  Owner:  hiro
 Type:  defect | Status:  reopened
 Priority:  High   |  Milestone:
Component:  Webpages/Blog  |Version:
 Severity:  Major  | Resolution:
 Keywords: |  Actual Points:
Parent ID: | Points:
 Reviewer: |Sponsor:
---+--

Comment (by dcf):

 Replying to [comment:3 cypherpunks]:
 > #26209 is a duplicate.

 26209 is this ticket, I think you mean #26344 is the duplicate.

 I'm not sure that #26344 is correctly marked as a duplicate, though. My
 reading is that #26344 is about pagination links not appearing or not
 working; while this ticket (#26209) is about pagination links appearing
 when they shouldn't.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #22557 [Webpages/Blog]: Comment pagination links could go to `#comments` anchors

[Tor Bug Tracker & Wiki]

#22557: Comment pagination links could go to `#comments` anchors
---+-
 Reporter:  dcf|  Owner:  hiro
 Type:  enhancement| Status:  closed
 Priority:  Medium |  Milestone:
Component:  Webpages/Blog  |Version:
 Severity:  Minor  | Resolution:  wontfix
 Keywords: |  Actual Points:
Parent ID:  #22013 | Points:
 Reviewer: |Sponsor:
---+-
Changes (by dcf):

 * status:  needs_review => closed
 * resolution:   => wontfix


Comment:

 I'll change this from needs_review to wontfix, as the gist of comment:4 is
 that doing this would be technically awkward.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #27233 [Webpages/Blog]: Blog: Jump to correct page when a linked comment is not on the first page

[Tor Bug Tracker & Wiki]

#27233: Blog: Jump to correct page when a linked comment is not on the first 
page
---+--
 Reporter:  traumschule|  Owner:  hiro
 Type:  defect | Status:  new
 Priority:  Medium |  Milestone:
Component:  Webpages/Blog  |Version:
 Severity:  Normal | Resolution:
 Keywords: |  Actual Points:
Parent ID: | Points:
 Reviewer: |Sponsor:
---+--

Comment (by dcf):

 I think this is a duplicate of #22443. See comment:9:ticket:22443 and
 following. If it's possible to change the source anchor, then the
 workaround is to use the new permalink style:
 https://blog.torproject.org/comment/79839#comment-79839.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #27279 [Webpages/Website]: Extra "." in Debian instructions

[Tor Bug Tracker & Wiki]

#27279: Extra "." in Debian instructions
--+
 Reporter:  teor  |  Owner:  (none)
 Type:  defect| Status:  new
 Priority:  Medium|  Milestone:
Component:  Webpages/Website  |Version:
 Severity:  Normal|   Keywords:
Actual Points:|  Parent ID:
   Points:|   Reviewer:
  Sponsor:|
--+
 There's an extra "." in the new Debian onion instructions:

 {{{
 .
 deb tor://sdscoq7snqtznauu.onion/torproject.org buster main

 deb tor://sdscoq7snqtznauu.onion/torproject.org tor-nightly-
 master- main
 }}}

 https://www.torproject.org/docs/debian.html.en

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #27278 [Webpages/Website]: Bad Instruction Page

[Tor Bug Tracker & Wiki]

#27278: Bad Instruction Page
--+
 Reporter:  TormanToo |  Owner:  (none)
 Type:  defect| Status:  new
 Priority:  Very High |  Milestone:
Component:  Webpages/Website  |Version:
 Severity:  Normal| Resolution:
 Keywords:|  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+

Comment (by teor):

 What is "the outcome"?

 The browser log, or the terminal after running the commands?

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #25804 [Obfuscation/Snowflake]: Domain fronting to App Engine stopped working

[Tor Bug Tracker & Wiki]

#25804: Domain fronting to App Engine stopped working
---+-
 Reporter:  dcf|  Owner:  (none)
 Type:  defect | Status:  closed
 Priority:  Medium |  Milestone:
Component:  Obfuscation/Snowflake  |Version:
 Severity:  Normal | Resolution:  wontfix
 Keywords:  moat   |  Actual Points:
Parent ID: | Points:
 Reviewer: |Sponsor:
---+-
Changes (by dcf):

 * status:  new => closed
 * resolution:   => wontfix


Comment:

 Closing this as it is well understood by now.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #27275 [Core Tor/Tor]: Stop reporting appveyor on_success, because it's noisy

[Tor Bug Tracker & Wiki]

#27275: Stop reporting appveyor on_success, because it's noisy
--+--
 Reporter:  teor  |  Owner:  (none)
 Type:  defect| Status:  needs_review
 Priority:  Medium|  Milestone:  Tor: unspecified
Component:  Core Tor/Tor  |Version:
 Severity:  Normal| Resolution:
 Keywords:  tor-ci|  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+--
Changes (by teor):

 * status:  needs_information => needs_review


Comment:

 nickm says yes, so I'll let this ticket go through the review process
 while others respond.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #27276 [Applications/Tor Browser]: Update security slider to follow NoScript protocol change

[Tor Bug Tracker & Wiki]

#27276: Update security slider to follow NoScript protocol change
-+-
 Reporter:  arthuredelstein  |  Owner:  tbb-
 |  team
 Type:  defect   | Status:
 |  needs_review
 Priority:  Very High|  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tbb-security-slider, ff60-esr,   |  Actual Points:
  TorBrowserTeam201808R  |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-
Changes (by arthuredelstein):

 * status:  new => needs_review
 * keywords:  tbb-security-slider => tbb-security-slider, ff60-esr,
 TorBrowserTeam201808R


Comment:

 I also found that the "NoScript." prefix no longer exists. Here's a patch
 for review:

 https://github.com/arthuredelstein/torbutton/commit/27276

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #3799 [Community/Translations]: Investigate methods for translating strings in Unixoid shell scripts

[Tor Bug Tracker & Wiki]

#3799: Investigate methods for translating strings in Unixoid shell scripts
+--
 Reporter:  rransom |  Owner:  traumschule
 Type:  task| Status:  needs_review
 Priority:  Medium  |  Milestone:
Component:  Community/Translations  |Version:
 Severity:  Normal  | Resolution:
 Keywords:  |  Actual Points:
Parent ID:  | Points:
 Reviewer:  |Sponsor:
+--
Changes (by traumschule):

 * status:  assigned => needs_review


Comment:

 gave it a try: https://github.com/traumschule/torbrowser-localized

 test: {{{LANGUAGE=de_DE ./Browser/start-tor-browser}}}

 let me know if it breaks anything!

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #27278 [Webpages/Website]: Bad Instruction Page

[Tor Bug Tracker & Wiki]

#27278: Bad Instruction Page
--+
 Reporter:  TormanToo |  Owner:  (none)
 Type:  defect| Status:  new
 Priority:  Very High |  Milestone:
Component:  Webpages/Website  |Version:
 Severity:  Normal|   Keywords:
Actual Points:|  Parent ID:
   Points:|   Reviewer:
  Sponsor:|
--+
 The page at https://www.torproject.org/docs/debian.html.en does not work
 on Xubuntu 16.  It should begin commands with sudo.  Also, someone needs
 to go thru it and see that the outcome is full of errors.

 Thank you.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #27277 [Applications/Tor Browser]: I got a message in TorBrowser asking me to Approve new permissions

[Tor Bug Tracker & Wiki]

#27277: I got a message in TorBrowser asking me to Approve new permissions
--+--
 Reporter:  Dbryrtfbcbhgf |  Owner:  tbb-team
 Type:  defect| Status:  new
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:
 Keywords:|  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+--

Comment (by Dbryrtfbcbhgf):

 This message may be scary for end users, making it sound like it could
 possible compromise them.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #27277 [Applications/Tor Browser]: I got a message in TorBrowser asking me to Approve new permissions

[Tor Bug Tracker & Wiki]

#27277: I got a message in TorBrowser asking me to Approve new permissions
--+--
 Reporter:  Dbryrtfbcbhgf |  Owner:  tbb-team
 Type:  defect| Status:  new
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal|   Keywords:
Actual Points:|  Parent ID:
   Points:|   Reviewer:
  Sponsor:|
--+--
 I got a message in TorBrowser asking me to Approve new permissions. Here
 is a
 
[[Image(https://s22.postimg.cc/hlbe2zx9d/Screen_Shot_2018-08-22_at_5.34.02_PM.png)]]
 TorBrowser 8.0a10

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #27271 [Applications/Tor Browser]: Don't allow the user to install extensions from web

[Tor Bug Tracker & Wiki]

#27271: Don't allow the user to install extensions from web
--+--
 Reporter:  igt0  |  Owner:  tbb-team
 Type:  defect| Status:  needs_review
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:
 Keywords:|  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+--

Comment (by igt0):

 updated code:

 
https://trac.torproject.org/projects/tor/attachment/ticket/27271/0001-Bug-27271-Don-t
 -allow-the-user-to-install-extensions.2.patch

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #27271 [Applications/Tor Browser]: Don't allow the user to install extensions from web

[Tor Bug Tracker & Wiki]

#27271: Don't allow the user to install extensions from web
--+--
 Reporter:  igt0  |  Owner:  tbb-team
 Type:  defect| Status:  needs_review
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:
 Keywords:|  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+--
Changes (by igt0):

 * Attachment "0001-Bug-27271-Don-t-allow-the-user-to-install-
 extensions.2.patch" added.


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #27275 [Core Tor/Tor]: Stop reporting appveyor on_success, because it's noisy

[Tor Bug Tracker & Wiki]

#27275: Stop reporting appveyor on_success, because it's noisy
--+---
 Reporter:  teor  |  Owner:  (none)
 Type:  defect| Status:  needs_information
 Priority:  Medium|  Milestone:  Tor: unspecified
Component:  Core Tor/Tor  |Version:
 Severity:  Normal| Resolution:
 Keywords:  tor-ci|  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+---
Changes (by teor):

 * status:  new => needs_information


Comment:

 Please see my branch ticket27275 on https://github.com/teor2345/tor.git

 I'm going to make sure that people actually want this change before I get
 it reviewed.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #26128 [Applications/Tor Browser]: Make security slider work with NoScript for ESR60

[Tor Bug Tracker & Wiki]

#26128: Make security slider work with NoScript for ESR60
-+--
 Reporter:  arthuredelstein  |  Owner:  tbb-team
 Type:  defect   | Status:  closed
 Priority:  Very High|  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:  fixed
 Keywords:  ff60-esr, TorBrowserTeam201806R  |  Actual Points:
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+--
Changes (by arthuredelstein):

 * status:  reopened => closed
 * resolution:   => fixed


Comment:

 Thanks, Giorgio. I opened #27276

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #27276 [Applications/Tor Browser]: Update security slider to follow NoScript protocol change

[Tor Bug Tracker & Wiki]

#27276: Update security slider to follow NoScript protocol change
--+
 Reporter:  arthuredelstein   |  Owner:  tbb-team
 Type:  defect| Status:  new
 Priority:  Very High |  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal|   Keywords:  tbb-security-
  |  slider
Actual Points:|  Parent ID:
   Points:|   Reviewer:
  Sponsor:|
--+
 ma1 [ticket:26128#comment:15 wrote]:

 > Please notice that NoScript 10.1.8.17 ​does change its message handling
 to slightly abstract it, simplify it and fix some subtle bugs.
 >
 > As a consequence, the property by which all the messages (including
 updateSettings)identify themselves is not called "type" anymore, but
 "_messageName".
 >
 > In order to work with 10.1.8.1.17 and above, the Security Slider must
 therefore send this the updated policy in an object with a "_messageName":
 "updateSettings" property (alone, or in addition to the existent "type":
 "updateSettings" one for backward compatibility).

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #27275 [Core Tor/Tor]: Stop reporting appveyor on_success, because it's noisy

[Tor Bug Tracker & Wiki]

#27275: Stop reporting appveyor on_success, because it's noisy
--+--
 Reporter:  teor  |  Owner:  (none)
 Type:  defect| Status:  new
 Priority:  Medium|  Milestone:  Tor: unspecified
Component:  Core Tor/Tor  |Version:
 Severity:  Normal|   Keywords:  tor-ci
Actual Points:|  Parent ID:
   Points:|   Reviewer:
  Sponsor:|
--+--
 Appveyor currently reports:
 {{{
 on_success:
 - cmd: ... success
 on_failure:
 - cmd: ... failure
 }}}
 which is really noisy.

 Travis currently reports:
 {{{
   irc:
 ...
 on_success: change
 on_failure: change
 }}}
 which seems ok.

 We should make Appveyor notifications more like Travis.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #27261 [Applications/Tor Browser]: Tor Browser 8.0a9/10 gets stuck in an endless reload cycle

[Tor Bug Tracker & Wiki]

#27261: Tor Browser 8.0a9/10 gets stuck in an endless reload cycle
-+-
 Reporter:  gk   |  Owner:  tbb-
 |  team
 Type:  defect   | Status:  new
 Priority:  Very High|  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  TorBrowserTeam201808, ff60-esr,  |  Actual Points:
  noscript   |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-

Comment (by ma1):

 Replying to [comment:11 ma1]:

 > I'll keep testing on the RCs from now on, since 10.1.8.17 is about to be
 released and dramatically changes the way some possibly related subsystems
 work (hopefully reducing their side effects).

 And doing so I suddenly realized I had to
 [https://trac.torproject.org/projects/tor/ticket/26128#comment:15 reopen
 ticked 26128], unfortunately, because the updateSettings message (like all
 the others exchanged internally by NoScript) is slightly changed in
 10.1.8.17, prompting for a (quite simple) fix in order to keep the
 Security Slider working, sorry :(

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #26128 [Applications/Tor Browser]: Make security slider work with NoScript for ESR60

[Tor Bug Tracker & Wiki]

#26128: Make security slider work with NoScript for ESR60
-+--
 Reporter:  arthuredelstein  |  Owner:  tbb-team
 Type:  defect   | Status:  reopened
 Priority:  Very High|  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  ff60-esr, TorBrowserTeam201806R  |  Actual Points:
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+--
Changes (by ma1):

 * status:  closed => reopened
 * resolution:  fixed =>


Comment:

 Please notice that NoScript 10.1.8.17
 
[https://github.com/hackademix/noscript/commit/075a5ad0e0f9b4f9af614194d9c8d21d0ed45184
 does change its message handling] to slightly abstract it, simplify it and
 fix some subtle bugs.

 As a consequence, the property by which all the messages (including
 updateSettings)identify themselves is not called "type" anymore, but
 "_messageName".

 In order to work with 10.1.8.1.17 and above, the Security Slider must
 therefore send this the updated policy in an object with a "_messageName":
 "updateSettings" property (alone, or in addition to the existent "type":
 "updateSettings" one for backward compatibility).

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #27252 [Core Tor/Tor]: Reduce the number of travis jobs

[Tor Bug Tracker & Wiki]

#27252: Reduce the number of travis jobs
-+-
 Reporter:  teor |  Owner:  teor
 Type:  enhancement  | Status:
 |  assigned
 Priority:  Medium   |  Milestone:  Tor:
 |  0.3.5.x-final
Component:  Core Tor/Tor |Version:
 Severity:  Normal   | Resolution:
 Keywords:  rust tor-ci 029-backport-maybe   |  Actual Points:
  032-backport 033-backport 034-backport |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-

Comment (by teor):

 Replying to [comment:2 catalyst]:
 > Replying to [ticket:27252 teor]:
 > > In 0.2.9 and later:
 > > * work out if we really need clang and gcc on Linux and macOS
 > I think if Xcode comes with only clang, and Tor Browser doesn't build on
 macOS with gcc, we don't need to test with gcc on macOS.

 Here are some reasons why I'd like to keep gcc on macOS:
 * sometimes gcc on macOS finds warnings or errors that don't appear on
 Linux
 * while most native builders use clang, gcc can still cross-compile for
 macOS
 * the macOS package managers MacPorts and Fink support building tor with
 gcc, if it is the first compiler in the path

 I don't know if these reasons are good enough to keep a separate macOS gcc
 build. I will see if we can combine some the macOS builds.

 In general, I'd like all the macOS builds, and all the clang builds, to be
 orthogonal, because they are slower than the Linux gcc builds.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #27261 [Applications/Tor Browser]: Tor Browser 8.0a9/10 gets stuck in an endless reload cycle

[Tor Bug Tracker & Wiki]

#27261: Tor Browser 8.0a9/10 gets stuck in an endless reload cycle
-+-
 Reporter:  gk   |  Owner:  tbb-
 |  team
 Type:  defect   | Status:  new
 Priority:  Very High|  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  TorBrowserTeam201808, ff60-esr,  |  Actual Points:
  noscript   |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-

Comment (by fixtbb):

 Replying to [comment:13 gk]:
 > https://www.dropbox.com/s/674t8y1o0s0vt8q/torbrowser.avi?dl=0
 Blocked : 1/1! But, hey, it's a clean 8.0a10! Do you initialize
 NoScript properly?
 > shows the problem (thanks ezio) and
 Safest mode! Why didn't you mention it in your steps? SVG and downloadable
 fonts blocking is able to destroy content pages!
 > a potentially related one: once the reload cycle starts the extension
 menus don't open anymore.
 or are not so fast to open.
 > The extension menus not opening anymore, however, is independent from
 NoScript. It happens as well with it removed from Tor Browser. So, my
 current theory is that there is an underlying bug that is causing to break
 NoScript (and the HTTPS-E and potentially other (Web)Extensions) in a way
 that the reload cycle happens.
 Debugging is better with HTTPS-E disabled.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #27049 [Core Tor/Tor]: "No circuits are opened" messages with onion services

[Tor Bug Tracker & Wiki]

#27049: "No circuits are opened" messages with onion services
--+
 Reporter:  mikeperry |  Owner:  mikeperry
 Type:  defect| Status:  needs_review
 Priority:  Medium|  Milestone:  Tor: 0.3.5.x-final
Component:  Core Tor/Tor  |Version:
 Severity:  Normal| Resolution:
 Keywords:  033-backport  |  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+
Changes (by mikeperry):

 * status:  needs_revision => needs_review


Comment:

 Ok fixed the changes file name + bug typo.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #27248 [Core Tor/Tor]: Can we make our node-related structures more efficient?

[Tor Bug Tracker & Wiki]

#27248: Can we make our node-related structures more efficient?
-+-
 Reporter:  nickm|  Owner:  (none)
 Type:  defect   | Status:  new
 Priority:  Medium   |  Milestone:  Tor:
 |  0.3.5.x-final
Component:  Core Tor/Tor |Version:
 Severity:  Normal   | Resolution:
 Keywords:  035-roadmap-master, 035-triaged- |  Actual Points:
  in-20180711|
Parent ID:  #27243   | Points:
 Reviewer:   |Sponsor:
-+-

Comment (by teor):

 I am suggesting that Tor keeps each relay field in one place (usually the
 node_t), rather than up to 4 places (routerstatus_t, microdesc_t,
 routerinfo_t and node_t).

 For example:

 There is currently an IPv6 address and port field in routerstatus_t,
 microdesc_t, and routerinfo_t (and maybe in node_t).

 Most clients use microdescs. They currently store IPv6:
 * in the microdesc_t, when using consensus methods 27 and earlier it is
 the relay's IPv6 address, otherwise it is zero
 * in the routerstatus_t, when using consensus methods 27 and later it is
 the relay's IPv6 address, otherwise it is zero

 Directory authorities and directory mirrors also store the same IPv6
 address in the routerinfo_t.

 We can put an IPv6 address in the node, and make all of Tor's code use
 that IPv6 address. (Except maybe on authorities, if they need to know
 "IPv6 in the descriptor" and "IPv6 in the consensus" at the same time.
 But they mostly want to know what's in the descriptor.)

 For every field in microdesc_t, routerstatus_t, and routerinfo_t we can:
 * put it in the node, or
 * remove it, or
 * decide to parse it as needed.

 For routerinfo_t, we can also decide to:
 * not parse relay descriptors on directory mirrors, and
 * keep some authority-only routerinfo fields in a cut-down version of the
 structure.
 But routerinfo_t is less important, because clients don't use it unless
 they have UseMicrodescriptors 0.

 When we put all the microdesc_t and routerstatus_t fields in the node, we
 can stop allocating any routerstatus_t and microdesc_t. (Or just allocate
 them on the stack during parsing.)

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #26114 [Applications/Tor Browser]: Adapt to upstreamed AddonManager changes

[Tor Bug Tracker & Wiki]

#26114: Adapt to upstreamed AddonManager changes
-+-
 Reporter:  gk   |  Owner:  tbb-
 |  team
 Type:  task | Status:
 |  needs_review
 Priority:  Medium   |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  ff60-esr, tbb-fingerprinting,|  Actual Points:
  TorBrowserTeam201808R  |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-
Changes (by arthuredelstein):

 * status:  new => needs_review
 * keywords:  ff60-esr, tbb-fingerprinting => ff60-esr, tbb-fingerprinting,
 TorBrowserTeam201808R


Comment:

 Here's a patch for review:
 https://github.com/arthuredelstein/tor-browser/commit/26114

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #27260 [Applications/Tor Browser]: Audit network.http.spdy.enabled.deps

[Tor Bug Tracker & Wiki]

#27260: Audit network.http.spdy.enabled.deps
-+-
 Reporter:  arthuredelstein  |  Owner:  tbb-
 |  team
 Type:  defect   | Status:  new
 Priority:  Medium   |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tbb-fingerprinting, tbb- |  Actual Points:
  linkability, ff60-esr  |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-

Comment (by fixtbb):

 $%@! Mozilla! They use two (or more?) different ways to access prefs!

 [https://http2.github.io/http2-spec/#pri-depend Stream Dependencies] looks
 like a QoS for the protocol.
 As Tor Browser uses FPI, all http/2 multiplexed streams should go through
 isolated tor circuit for one first party only. Then, from
 [https://http2.github.io/http2-spec/#rfc.section.10.8 Privacy Concerns],
 only timing-based attack is feasible, but unreliable.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #27066 [Core Tor/Tor]: circuit_build_times_update_alpha(): Bug: Could not determine largest build time

[Tor Bug Tracker & Wiki]

#27066: circuit_build_times_update_alpha(): Bug: Could not determine largest 
build
time
---+---
 Reporter:  cstest |  Owner:  (none)
 Type:  defect | Status:  new
 Priority:  Medium |  Milestone:  Tor:
   |  0.3.5.x-final
Component:  Core Tor/Tor   |Version:  Tor: 0.3.3.9
 Severity:  Normal | Resolution:
 Keywords:  034-backport 033-backport  |  Actual Points:
Parent ID: | Points:
 Reviewer: |Sponsor:
---+---

Comment (by mikeperry):

 Ok I have a new theory, writing it here for the record:

 1. Circuit build times are being recorded while the default high timeout
 value (and high close timeout) is used. Lots of circuits take a while to
 complete, but successfully do so.
 2. Eventually, a low timeout value is learned.
 3. A SIGHUP arrives, which causes CBT to reload from the state file. While
 doing this, old compatibility code activates, and converts many/most of
 your previous timeout values to "abandoned" values.
 4. Finally, enough circuits time out again such that everything in the
 array is "abandonded".

 This set of events would be consistent with your loglines, especially if
 you have no lines from #27049.

 This still does not explain why this is v3 only, though.

 Is the SIGHUP that you are sending only being done when v3 is enabled? Can
 you not SIGHUP Tor and see if the issue persists, or is there some reason
 you need to HUP it?

 If for some reason you must SIGHUP Tor, I have a branch that disables this
 compatibility code upon SIGHUP, as well as resets CBT when these warns
 happen. The CBT reset *should* allow things to continue to work in that
 case (unless the connectivity/hang bug is not related to CBT at all):

 https://github.com/mikeperry-tor/tor/tree/bug27066-cbtreset
 https://github.com/mikeperry-tor/tor/archive/bug27066-cbtreset.zip

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #27269 [Applications/Tor Browser]: noscript not working in Tor Browser 8.0a10r

[Tor Bug Tracker & Wiki]

#27269: noscript not working in Tor Browser 8.0a10r
---+---
 Reporter:  ezio   |  Owner:  tbb-team
 Type:  defect | Status:  closed
 Priority:  Medium |  Milestone:  Tor:
   |  unspecified
Component:  Applications/Tor Browser   |Version:
 Severity:  Normal | Resolution:  duplicate
 Keywords:  Tor Browser 8.0a10r ,noscript  |  Actual Points:
Parent ID: | Points:
 Reviewer: |Sponsor:
---+---

Comment (by ezio):

 OK thanks

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #27097 [Applications/Tor Browser]: Add "Tor News" newsletter signup link in Tor Browser

[Tor Bug Tracker & Wiki]

#27097: Add "Tor News" newsletter signup link in Tor Browser
-+-
 Reporter:  arthuredelstein  |  Owner:  tbb-
 |  team
 Type:  defect   | Status:  new
 Priority:  Medium   |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  ux-team, tbb-fundraising,|  Actual Points:
  TorBrowserTeam201808   |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-

Comment (by antonela):

 hey!

 I explored Firefox's Snippets and seems to be the best option for this
 feature
 https://wiki.mozilla.org/Firefox/Projects/Firefox_Start/Snippet_Service

 I made some versions with different background color and position. If it
 takes a lot of time and we need to have it soon, I made a version with the
 link at the `bottom`.

 https://marvelapp.com/42g2bae

 Please, let me know what do you think!

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #27261 [Applications/Tor Browser]: Tor Browser 8.0a9/10 gets stuck in an endless reload cycle

[Tor Bug Tracker & Wiki]

#27261: Tor Browser 8.0a9/10 gets stuck in an endless reload cycle
-+-
 Reporter:  gk   |  Owner:  tbb-
 |  team
 Type:  defect   | Status:  new
 Priority:  Very High|  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  TorBrowserTeam201808, ff60-esr,  |  Actual Points:
  noscript   |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-

Comment (by ma1):

 Replying to [comment:13 gk]:
 > So, my current theory is that there is an underlying bug that is causing
 to break NoScript (and the HTTPS-E and potentially other (Web)Extensions)
 in a way that the reload cycle happens.

 This is a pretty good working theory: in facts, one of the thing NoScript
 does to ensure other extensions don't interfere accidentally with the CSP
 it injects in webRequest.onHeadersReceived in the parent process, is
 checking whether scripts are actually blocked at a later stage (in the
 child process), and if they aren't, it triggers a page reload after trying
 its best to ensure NoScript has the final word on HTTP headers next time.

 Therefore if something consistently messes with NoScript's ability to
 block scripts, and especially strips off the CSP headers of a page in a
 way that causes pages' JavaScript to bypass NoScript's restriction, that
 would likely cause a reload loop.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #27271 [Applications/Tor Browser]: Don't allow the user to install extensions from web

[Tor Bug Tracker & Wiki]

#27271: Don't allow the user to install extensions from web
--+--
 Reporter:  igt0  |  Owner:  tbb-team
 Type:  defect| Status:  needs_review
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:
 Keywords:|  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+--
Changes (by gk):

 * cc: dmr (added)


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #27271 [Applications/Tor Browser]: Don't allow the user to install extensions from web

[Tor Bug Tracker & Wiki]

#27271: Don't allow the user to install extensions from web
--+--
 Reporter:  igt0  |  Owner:  tbb-team
 Type:  defect| Status:  needs_review
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:
 Keywords:|  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+--
Changes (by gk):

 * cc: dmr (removed)


Comment:

 OKay, just setting the pref after start-up and restarting still allows me
 to install extensions. I need to make a clean build to verify that, I
 guess.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #26819 [Core Tor/Tor]: Minimal client-side support for TLS via NSS

[Tor Bug Tracker & Wiki]

#26819: Minimal client-side support for TLS via NSS
-+-
 Reporter:  nickm|  Owner:  nickm
 Type:  enhancement  | Status:
 |  accepted
 Priority:  Medium   |  Milestone:  Tor:
 |  0.3.5.x-final
Component:  Core Tor/Tor |Version:
 Severity:  Normal   | Resolution:
 Keywords:  035-roadmap-subticket, 035-triaged-  |  Actual Points:
  in-20180711|
Parent ID:  #26631   | Points:
 Reviewer:   |Sponsor:
 |  Sponsor8-can
-+-

Comment (by nickm):

 My `nss_tls` branch can now bootstrap for me.  It has many bugs and
 missing pieces remaining, though, which is why I'm not putting it into
 needs_review yet.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #27162 [Core Tor/Tor]: Travis: consider running CI on beta, nightly, and tor's lowest supported rust

[Tor Bug Tracker & Wiki]

#27162: Travis: consider running CI on beta, nightly, and tor's lowest supported
rust
-+
 Reporter:  teor |  Owner:  teor
 Type:  enhancement  | Status:  assigned
 Priority:  Medium   |  Milestone:  Tor: 0.3.6.x-final
Component:  Core Tor/Tor |Version:
 Severity:  Normal   | Resolution:
 Keywords:  rust, tor-ci, privcount  |  Actual Points:
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+
Changes (by dmr):

 * cc: dmr (added)


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #27252 [Core Tor/Tor]: Reduce the number of travis jobs

[Tor Bug Tracker & Wiki]

#27252: Reduce the number of travis jobs
-+-
 Reporter:  teor |  Owner:  teor
 Type:  enhancement  | Status:
 |  assigned
 Priority:  Medium   |  Milestone:  Tor:
 |  0.3.5.x-final
Component:  Core Tor/Tor |Version:
 Severity:  Normal   | Resolution:
 Keywords:  rust tor-ci 029-backport-maybe   |  Actual Points:
  032-backport 033-backport 034-backport |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-
Changes (by dmr):

 * cc: dmr (added)


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #27215 [Core Tor/Tor]: hs: Change default HiddenServiceVersion to 3

[Tor Bug Tracker & Wiki]

#27215: hs: Change default HiddenServiceVersion to 3
--+
 Reporter:  dgoulet   |  Owner:  (none)
 Type:  enhancement   | Status:  needs_review
 Priority:  Medium|  Milestone:  Tor:
  |  0.3.5.x-final
Component:  Core Tor/Tor  |Version:
 Severity:  Normal| Resolution:
 Keywords:  tor-hs, 035-roadmap-proposed  |  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+
Changes (by dmr):

 * cc: dmr (added)


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #27188 [Core Tor/Tor]: hsv3 unavailable after reconnecting: No more HSDir available to query.

[Tor Bug Tracker & Wiki]

#27188: hsv3 unavailable after reconnecting: No more HSDir available to query.
--+
 Reporter:  traumschule   |  Owner:  (none)
 Type:  defect| Status:  new
 Priority:  Medium|  Milestone:  Tor: 0.3.5.x-final
Component:  Core Tor/Tor  |Version:  Tor: unspecified
 Severity:  Normal| Resolution:
 Keywords:  tor-hs hsdir  |  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+
Changes (by dmr):

 * cc: dmr (added)


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #17728 [Core Tor/Tor]: Use NETINFO handshake rather than date header to check time with authorities

[Tor Bug Tracker & Wiki]

#17728: Use NETINFO handshake rather than date header to check time with
authorities
---+---
 Reporter:  teor   |  Owner:  (none)
 Type:  enhancement| Status:  new
 Priority:  Medium |  Milestone:  Tor:
   |  unspecified
Component:  Core Tor/Tor   |Version:
 Severity:  Normal | Resolution:
 Keywords:  tor-client easy time boostrap  |  Actual Points:
Parent ID:  #9675  | Points:
 Reviewer: |Sponsor:
---+---
Changes (by dmr):

 * cc: dmr (added)


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #3652 [Core Tor/Tor]: Export clock skew opinion as getinfo command

[Tor Bug Tracker & Wiki]

#3652: Export clock skew opinion as getinfo command
-+-
 Reporter:  mikeperry|  Owner:  nickm
 Type:  enhancement  | Status:
 |  needs_revision
 Priority:  High |  Milestone:  Tor:
 |  unspecified
Component:  Core Tor/Tor |Version:
 Severity:  Normal   | Resolution:
 Keywords:  small-feature, needs-proposal, tor-  |  Actual Points:
  client, clock-skew, 032-unreached, tbb-needs   |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-
Changes (by dmr):

 * cc: dmr (added)


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #9675 [Applications/Tor Launcher]: Provide feedback mechanism for clock-skew and other bad problems

[Tor Bug Tracker & Wiki]

#9675: Provide feedback mechanism for clock-skew and other bad problems
-+-
 Reporter:  lunar|  Owner:  brade
 Type:  defect   | Status:
 |  assigned
 Priority:  High |  Milestone:
Component:  Applications/Tor Launcher|Version:
 Severity:  Normal   | Resolution:
 Keywords:  tbb-3.0, extdev-interview, tbb-  |  Actual Points:
  helpdesk-frequent, tbb-usability,  |
  AffectsTails   |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-
Changes (by dmr):

 * cc: dmr (added)


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #25882 [Core Tor/Tor]: clients not detecting stale onion service introduction points

[Tor Bug Tracker & Wiki]

#25882: clients not detecting stale onion service introduction points
-+-
 Reporter:  cypherpunks  |  Owner:  dgoulet
 Type:  defect   | Status:
 |  assigned
 Priority:  High |  Milestone:  Tor:
 |  unspecified
Component:  Core Tor/Tor |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tor-hs, 034-deferred-20180602|  Actual Points:
  035-removed reachability   |
Parent ID:  #22455   | Points:
 Reviewer:   |Sponsor:
-+-
Changes (by dmr):

 * cc: dmr (added)


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #27248 [Core Tor/Tor]: Can we make our node-related structures more efficient?

[Tor Bug Tracker & Wiki]

#27248: Can we make our node-related structures more efficient?
-+-
 Reporter:  nickm|  Owner:  (none)
 Type:  defect   | Status:  new
 Priority:  Medium   |  Milestone:  Tor:
 |  0.3.5.x-final
Component:  Core Tor/Tor |Version:
 Severity:  Normal   | Resolution:
 Keywords:  035-roadmap-master, 035-triaged- |  Actual Points:
  in-20180711|
Parent ID:  #27243   | Points:
 Reviewer:   |Sponsor:
-+-
Changes (by catalyst):

 * cc: catalyst (added)


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #26553 [Applications/Tor Browser]: Sign our own extensions in Tor Browser

[Tor Bug Tracker & Wiki]

#26553: Sign our own extensions in Tor Browser
-+-
 Reporter:  gk   |  Owner:  tbb-
 |  team
 Type:  defect   | Status:  new
 Priority:  High |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  ff60-esr, tbb-security,  |  Actual Points:
  GeorgKoppen201808, TorBrowserTeam201808|
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-
Changes (by dmr):

 * cc: dmr (added)


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #27271 [Applications/Tor Browser]: Don't allow the user to install extensions from web

[Tor Bug Tracker & Wiki]

#27271: Don't allow the user to install extensions from web
--+--
 Reporter:  igt0  |  Owner:  tbb-team
 Type:  defect| Status:  needs_review
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:
 Keywords:|  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+--
Changes (by dmr):

 * cc: dmr (added)


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #27220 [Applications/Tor Browser]: Allow TBA to install tor button, tor launcher and https everywhere extensions without signatures

[Tor Bug Tracker & Wiki]

#27220: Allow TBA to  install tor button, tor launcher and https everywhere
extensions without signatures
--+--
 Reporter:  igt0  |  Owner:  tbb-team
 Type:  defect| Status:  closed
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:  fixed
 Keywords:|  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+--
Changes (by dmr):

 * cc: dmr (added)


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #27274 [- Select a component]: ASan on OSX Travis is incompatible with Rust's santiziers

[Tor Bug Tracker & Wiki]

#27274: ASan on OSX Travis is incompatible with Rust's santiziers
--+
 Reporter:  alexcrichton  |  Owner:  (none)
 Type:  defect| Status:  new
 Priority:  Medium|  Milestone:
Component:  - Select a component  |Version:
 Severity:  Normal|   Keywords:
Actual Points:|  Parent ID:
   Points:|   Reviewer:
  Sponsor:|
--+
 In helping to debug https://trac.torproject.org/projects/tor/ticket/25386
 I've found that an unfortunate case is being hit where `cargo test` is
 using rustc's copy of the asan runtime instead of the system's copy, which
 causes problems due to presumably version mismatches between them.

 The error looks like https://travis-ci.com/alexcrichton/tor/jobs/141409956
 and only starts to show up after
 https://trac.torproject.org/projects/tor/ticket/27273 and
 https://trac.torproject.org/projects/tor/ticket/27272 are fixed.

 AFAIK the only "fix" for this is to basically just delete the sanitizer
 runtimes in the Rust sysroot as they're not used anyway, but I'll try to
 keep thinking and see if there's a better solution!

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #27256 [Applications/Tor Browser]: Android specific about:config preferences

[Tor Bug Tracker & Wiki]

#27256: Android specific about:config preferences
--+--
 Reporter:  towiw |  Owner:  tbb-team
 Type:  defect| Status:  new
 Priority:  High  |  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Major | Resolution:
 Keywords:  tbb-mobile|  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+--

Comment (by towiw2):

 Ignore my last comment.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #20045 [Webpages/Website]: FAQ + man page entry for using Tor from an IPv6 only host.

[Tor Bug Tracker & Wiki]

#20045: FAQ + man page entry for using Tor from an IPv6 only host.
---+--
 Reporter:  cypherpunks|  Owner:  (none)
 Type:  enhancement| Status:  needs_review
 Priority:  Medium |  Milestone:
Component:  Webpages/Website   |Version:
 Severity:  Normal | Resolution:
 Keywords:  FAQ tor-doc easy ipv6  |  Actual Points:
Parent ID: | Points:  1
 Reviewer: |Sponsor:
---+--

Comment (by traumschule):

 Pushed another commit to add a missing  before the answer block.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #27220 [Applications/Tor Browser]: Allow TBA to install tor button, tor launcher and https everywhere extensions without signatures

[Tor Bug Tracker & Wiki]

#27220: Allow TBA to  install tor button, tor launcher and https everywhere
extensions without signatures
--+--
 Reporter:  igt0  |  Owner:  tbb-team
 Type:  defect| Status:  closed
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:  fixed
 Keywords:|  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+--

Comment (by gk):

 Replying to [comment:12 tom]:
 > Can anyone confirm that this doesn't allow someone to install any random
 add-on that they name torbut...@torproject.org ?

 FWIW this gets addressed with the patch for #27271.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #27097 [Applications/Tor Browser]: Add "Tor News" newsletter signup link in Tor Browser

[Tor Bug Tracker & Wiki]

#27097: Add "Tor News" newsletter signup link in Tor Browser
-+-
 Reporter:  arthuredelstein  |  Owner:  tbb-
 |  team
 Type:  defect   | Status:  new
 Priority:  Medium   |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  ux-team, tbb-fundraising,|  Actual Points:
  TorBrowserTeam201808   |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-
Changes (by gk):

 * keywords:  ux-team, tbb-fundraising, TorBrowserTeam201808R => ux-team,
 tbb-fundraising, TorBrowserTeam201808
 * status:  needs_review => new


Comment:

 That's just been the two strings, right? At any rate, I pushed those to
 `master` (commit 3e7502789eca79d2e73c82b65770fc0d08527584). Setting the
 state to `new` again for the remaining things.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #27261 [Applications/Tor Browser]: Tor Browser 8.0a9/10 gets stuck in an endless reload cycle

[Tor Bug Tracker & Wiki]

#27261: Tor Browser 8.0a9/10 gets stuck in an endless reload cycle
-+-
 Reporter:  gk   |  Owner:  tbb-
 |  team
 Type:  defect   | Status:  new
 Priority:  Very High|  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  TorBrowserTeam201808, ff60-esr,  |  Actual Points:
  noscript   |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-

Comment (by gk):

 https://www.dropbox.com/s/674t8y1o0s0vt8q/torbrowser.avi?dl=0 shows the
 problem (thanks ezio) and a potentially related one: once the reload cycle
 starts the extension menus don't open anymore.

 The extension menus not opening anymore, however, is independent from
 NoScript. It happens as well with it removed from Tor Browser. So, my
 current theory is that there is an underlying bug that is causing to break
 NoScript (and the HTTPS-E and potentially other (Web)Extensions) in a way
 that the reload cycle happens.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #27261 [Applications/Tor Browser]: Tor Browser 8.0a9/10 gets stuck in an endless reload cycle

[Tor Bug Tracker & Wiki]

#27261: Tor Browser 8.0a9/10 gets stuck in an endless reload cycle
-+-
 Reporter:  gk   |  Owner:  tbb-
 |  team
 Type:  defect   | Status:  new
 Priority:  Very High|  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  TorBrowserTeam201808, ff60-esr,  |  Actual Points:
  noscript   |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-
Changes (by gk):

 * cc: ezio (added)


Comment:

 #27269 is a duplicate

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #27269 [Applications/Tor Browser]: noscript not working in Tor Browser 8.0a10r

[Tor Bug Tracker & Wiki]

#27269: noscript not working in Tor Browser 8.0a10r
---+---
 Reporter:  ezio   |  Owner:  tbb-team
 Type:  defect | Status:  closed
 Priority:  Medium |  Milestone:  Tor:
   |  unspecified
Component:  Applications/Tor Browser   |Version:
 Severity:  Normal | Resolution:  duplicate
 Keywords:  Tor Browser 8.0a10r ,noscript  |  Actual Points:
Parent ID: | Points:
 Reviewer: |Sponsor:
---+---
Changes (by gk):

 * status:  new => closed
 * resolution:   => duplicate


Comment:

 That's actually #27261 (see the duckduckgo reload over and over again on
 your video in the first tab?). Let's track the bug there.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #27248 [Core Tor/Tor]: Can we make our node-related structures more efficient?

[Tor Bug Tracker & Wiki]

#27248: Can we make our node-related structures more efficient?
-+-
 Reporter:  nickm|  Owner:  (none)
 Type:  defect   | Status:  new
 Priority:  Medium   |  Milestone:  Tor:
 |  0.3.5.x-final
Component:  Core Tor/Tor |Version:
 Severity:  Normal   | Resolution:
 Keywords:  035-roadmap-master, 035-triaged- |  Actual Points:
  in-20180711|
Parent ID:  #27243   | Points:
 Reviewer:   |Sponsor:
-+-

Comment (by dgoulet):

 Replying to [comment:1 teor]:
 > We can:
 > * use microdesc_t, routerstatus_t, and routerinfo_t to fill in the
 fields in the node, and
 > * remove microdesc_t, routerstatus_t, and routerinfo_t from the node.

 Tbh, I'm very confused by what you mean here? I assume you are talking
 about `node_t` when you say "node"?

 The `node_t` has pointers to those 3 objects, so what would be your idea
 to save space?

 {{{
   microdesc_t *md;
   routerinfo_t *ri;
   routerstatus_t *rs;
 }}}

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #16406 [Webpages/Website]: "Tor" is not listed as a project on torproject.org

[Tor Bug Tracker & Wiki]

#16406: "Tor" is not listed as a project on torproject.org
+--
 Reporter:  arthuredelstein |  Owner:
|  cypherpunks
 Type:  enhancement | Status:
|  needs_review
 Priority:  Medium  |  Milestone:
|  WebsiteV3
Component:  Webpages/Website|Version:
 Severity:  Normal  | Resolution:
 Keywords:  defer-new-website, website-content  |  Actual Points:
Parent ID:  | Points:
 Reviewer:  hiro|Sponsor:
+--

Comment (by traumschule):

 as this was merged the project list now misses an icon for Tor. Just added
 a new commit to above (still open) PR to change the icon path to the onion
 (as for metrics).
 https://www.torproject.org/projects/projects.html.en
 
http://yslc6nb5fftewvbmxlkdm3h3b42feesug7qebc2a42xsgeesp4llkayd.onion/projects/projects.html

 (maybe the merged PRs are still open because the tickets have not been set
 to merge_ready? wouldn't expect GH to check though)

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #27269 [Applications/Tor Browser]: noscript not working in Tor Browser 8.0a10r

[Tor Bug Tracker & Wiki]

#27269: noscript not working in Tor Browser 8.0a10r
---+---
 Reporter:  ezio   |  Owner:  tbb-team
 Type:  defect | Status:  new
 Priority:  Medium |  Milestone:  Tor:
   |  unspecified
Component:  Applications/Tor Browser   |Version:
 Severity:  Normal | Resolution:
 Keywords:  Tor Browser 8.0a10r ,noscript  |  Actual Points:
Parent ID: | Points:
 Reviewer: |Sponsor:
---+---
Changes (by nickm):

 * owner:  (none) => tbb-team
 * component:  - Select a component => Applications/Tor Browser


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #27273 [Core Tor/Tor]: ASan fails to link on Travis due to rustc and linker arguments

[Tor Bug Tracker & Wiki]

#27273: ASan fails to link on Travis due to rustc and linker arguments
--+
 Reporter:  alexcrichton  |  Owner:  (none)
 Type:  defect| Status:  new
 Priority:  Medium|  Milestone:  Tor: 0.3.5.x-final
Component:  Core Tor/Tor  |Version:
 Severity:  Normal| Resolution:
 Keywords:  rust  |  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+
Changes (by nickm):

 * keywords:   => rust
 * component:  - Select a component => Core Tor/Tor
 * milestone:   => Tor: 0.3.5.x-final


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #27272 [Core Tor/Tor]: ASan is incompatible with Rust's jemalloc on Travis

[Tor Bug Tracker & Wiki]

#27272: ASan is incompatible with Rust's jemalloc on Travis
--+
 Reporter:  alexcrichton  |  Owner:  (none)
 Type:  defect| Status:  new
 Priority:  Medium|  Milestone:  Tor: 0.3.5.x-final
Component:  Core Tor/Tor  |Version:
 Severity:  Normal| Resolution:
 Keywords:  rust  |  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+
Changes (by nickm):

 * keywords:   => rust
 * component:  - Select a component => Core Tor/Tor
 * milestone:   => Tor: 0.3.5.x-final


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #27097 [Applications/Tor Browser]: Add "Tor News" newsletter signup link in Tor Browser

[Tor Bug Tracker & Wiki]

#27097: Add "Tor News" newsletter signup link in Tor Browser
-+-
 Reporter:  arthuredelstein  |  Owner:  tbb-
 |  team
 Type:  defect   | Status:
 |  needs_review
 Priority:  Medium   |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  ux-team, tbb-fundraising,|  Actual Points:
  TorBrowserTeam201808R  |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-
Changes (by arthuredelstein):

 * keywords:  ux-team, tbb-fundraising => ux-team, tbb-fundraising,
 TorBrowserTeam201808R
 * status:  new => needs_review


Comment:

 We discussed at length among Tor members and settled on the following
 text:

 {{{
 Get the latest news from Tor straight to your inbox. Sign up for Tor News.
 }}}

 Here's a patch for review that adds that text. We would like to land this
 soon to allow translation to get started:

 https://github.com/arthuredelstein/torbutton/commit/27097

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #27269 [- Select a component]: noscript not working in Tor Browser 8.0a10r

[Tor Bug Tracker & Wiki]

#27269: noscript not working in Tor Browser 8.0a10r
---+---
 Reporter:  ezio   |  Owner:  (none)
 Type:  defect | Status:  new
 Priority:  Medium |  Milestone:  Tor:
   |  unspecified
Component:  - Select a component   |Version:
 Severity:  Normal | Resolution:
 Keywords:  Tor Browser 8.0a10r ,noscript  |  Actual Points:
Parent ID: | Points:
 Reviewer: |Sponsor:
---+---

Comment (by ezio):

 video link

 https://www.dropbox.com/s/674t8y1o0s0vt8q/torbrowser.avi?dl=0

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #27272 [- Select a component]: ASan is incompatible with Rust's jemalloc on Travis

[Tor Bug Tracker & Wiki]

#27272: ASan is incompatible with Rust's jemalloc on Travis
--+
 Reporter:  alexcrichton  |  Owner:  (none)
 Type:  defect| Status:  new
 Priority:  Medium|  Milestone:
Component:  - Select a component  |Version:
 Severity:  Normal| Resolution:
 Keywords:|  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+

Comment (by alexcrichton):

 As a follow-up to this as well, I've found that one final reason (I hope!)
 as to why Travis is failing with hardened code and Rust is due to the
 usage of `link_rust.sh` in RUSTFLAGS. By default Tor is using `cargo test`
 without a `--target` argument which means that `RUSTFLAGS` is *also*
 passed to compilation of build scripts. These build scripts don't actually
 link to C code and don't need the `-fsanitize=address` treatment, but the
 build scripts (often in upstream crates) are compiled with Jemalloc as the
 crate's allocator. By being linked with `link_rust.sh` this causes them to
 segfault at runtime, presumably because ASan is not compatible with
 jemalloc.

 One way to fix this I know if (and yes, I know this is a weird fix!) is to
 pass `--target x86_64-unknown-linux-gnu`. Basically you pass `--target` to
 Cargo as-if you're cross-compiling, except you're not actually given the
 actual targets in play. This causes Cargo to not pass `RUSTFLAGS` to the
 build script compilations, meaning that build scripts are not compiled
 with sanitizers.

 This part is definitely the trickiest, and I haven't quite figured out yet
 how to integrate this into the build system :(

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #27273 [- Select a component]: ASan fails to link on Travis due to rustc and linker arguments

[Tor Bug Tracker & Wiki]

#27273: ASan fails to link on Travis due to rustc and linker arguments
--+
 Reporter:  alexcrichton  |  Owner:  (none)
 Type:  defect| Status:  new
 Priority:  Medium|  Milestone:
Component:  - Select a component  |Version:
 Severity:  Normal|   Keywords:
Actual Points:|  Parent ID:
   Points:|   Reviewer:
  Sponsor:|
--+
 In helping to debug https://trac.torproject.org/projects/tor/ticket/25386
 I've found that a number of the link errors are attributable to the linker
 invocation on Travis. The recent `link_rust.sh` script is definitely
 necessary I think, except that I believe it needs a few tweaks:

 * The `-lasan` argument should be replaced with `-fsanitizer=address` I
 believe to ensure that the C compiler links all of its relevant libraries
 (as they may have different names and different numbers of libs on some
 platforms I think).
 * Second, the Rust compiler by default passes `-nodefaultlibs` to the
 linker which means that the linker script also passes this along. It
 looks, however, like this is incompatible with `-fsanitizer=address`,
 causing link errors. This argument should be safe to strip out though.

 The first bullet was easy enough to fix locally and the second bullet was
 fixable by changing `link_rust.sh` to a `bash` script and then using
 something like:

 {{{
 linker_args="$@"
 $CCLD @RUST_LINKER_OPTIONS@ ${linker_args//-nodefaultlibs/}
 }}}

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #27271 [Applications/Tor Browser]: Don't allow the user to install extensions from web

[Tor Bug Tracker & Wiki]

#27271: Don't allow the user to install extensions from web
--+--
 Reporter:  igt0  |  Owner:  tbb-team
 Type:  defect| Status:  needs_review
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:
 Keywords:|  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+--
Changes (by igt0):

 * cc: sysrqb, gk (added)
 * status:  new => needs_review


Comment:

 I think for the alpha, the proposed patch is a good solution until we
 figure out a final one.

 
https://trac.torproject.org/projects/tor/attachment/ticket/27271/0001-Bug-27271-Don-t
 -allow-the-user-to-install-extensions.patch

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #27271 [Applications/Tor Browser]: Don't allow the user to install extensions from web

[Tor Bug Tracker & Wiki]

#27271: Don't allow the user to install extensions from web
--+--
 Reporter:  igt0  |  Owner:  tbb-team
 Type:  defect| Status:  new
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:
 Keywords:|  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+--
Changes (by igt0):

 * Attachment "0001-Bug-27271-Don-t-allow-the-user-to-install-
 extensions.patch" added.


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #27272 [- Select a component]: ASan is incompatible with Rust's jemalloc on Travis

[Tor Bug Tracker & Wiki]

#27272: ASan is incompatible with Rust's jemalloc on Travis
--+
 Reporter:  alexcrichton  |  Owner:  (none)
 Type:  defect| Status:  new
 Priority:  Medium|  Milestone:
Component:  - Select a component  |Version:
 Severity:  Normal|   Keywords:
Actual Points:|  Parent ID:
   Points:|   Reviewer:
  Sponsor:|
--+
 In helping to debug https://trac.torproject.org/projects/tor/ticket/25386
 I've found that many of the segfaults at runtime are attributable to Rust
 pulling in jemalloc by default for tests, which apparently doesn't play
 well with ASan when linked in.

 I've found that using code like:

 {{{
 #[global_allocator]
 static ALLOCATOR: std::alloc::System = std::alloc::System;
 }}}

 is enough to solve the problem. This tells Rust that it should use the
 system allocator (e.g. the malloc/free symbols) instead of jemalloc. This
 was stabilized very recently in Rust, though, so using it may not be so
 trivial!

 In some local testing I was able to get away with adding the above
 declaration to the `tor_allocate` crate for the most part, but crates like
 `crypto`, `external`, and `smartlist` don't already link to `tor_allocate`
 and needed the above declaration with a `#[cfg(test)]` as well. Once this
 was all added though I mostly no longer saw segfaults related to jemalloc
 and ASan

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #27271 [Applications/Tor Browser]: Don't allow the user to install extensions from web

[Tor Bug Tracker & Wiki]

#27271: Don't allow the user to install extensions from web
--+--
 Reporter:  igt0  |  Owner:  tbb-team
 Type:  defect| Status:  new
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal|   Keywords:
Actual Points:|  Parent ID:
   Points:|   Reviewer:
  Sponsor:|
--+--
 Tor browser for Android doesn't verify if the torbutton extension has a
 signature to install it.
 Thus, if someone sends a tampered torbutton extension to the user, they
 can install it.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #20700 [Core Tor/Tor]: prop224: Implement standard client authorization

[Tor Bug Tracker & Wiki]

#20700: prop224: Implement standard client authorization
-+-
 Reporter:  dgoulet  |  Owner:  haxxpop
 Type:  enhancement  | Status:
 |  needs_revision
 Priority:  Very High|  Milestone:  Tor:
 |  0.3.5.x-final
Component:  Core Tor/Tor |Version:
 Severity:  Normal   | Resolution:
 Keywords:  prop224, tor-hs, 035-roadmap-|  Actual Points:
  master, 035-triaged-in-20180711|
Parent ID:  #25955   | Points:  3
 Reviewer:  dgoulet  |Sponsor:
-+-
Changes (by dgoulet):

 * status:  needs_review => needs_revision


Comment:

 I've commented on the new PR. Very very good stuff :). Minor easy-to-fix
 things I pointed it out.

 There is an issue that I've been discussing with haxxpop on IRC so I'll
 summarize it here. If the client gets the descriptor but can't decrypt it,
 there are two cases:

 1. Client has *no* client authorization configured for the .onion.

  What happens in this case is that we end up with many scaring warnings:
 {{{
 Aug 22 14:07:03.704 [warn] Encrypted service descriptor MAC check failed
 Aug 22 14:07:03.704 [warn] Decrypting encrypted desc failed.
 Aug 22 14:07:03.704 [warn] Service descriptor decryption failed.
 Aug 22 14:07:03.704 [warn] Could not parse received descriptor as client.
 }}}

  ... and then the client will refetch the descriptor on _all_ HSDir
 leading to 8 times these failures. So the question is what to do if
 decryption fails? My opinion is:

  * Downgrade the logs to info(). Then, iff the client can't decrypt the
 descriptor, then log info that it probably doesn't have a valid
 authorization for the service and *stop* the refetch. Creating a
 thundering herd on all HSDir because the first can't be decrypted is not
 good imo.

 2. Client has client authorization configured for the .onion but not
 working.

  In this case, same will happen as above *but* we do know in this case
 that the client has an authorization for the .onion but it simply didn't
 worked. So same as above, I would not make the client refetch but this
 time log *notice* that their configured authorization is not working.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #27270 [Core Tor/Stem]: Pycodestyle "invalid escape sequence" warnings

[Tor Bug Tracker & Wiki]

#27270: Pycodestyle "invalid escape sequence" warnings
---+
 Reporter:  atagar |  Owner:  atagar
 Type:  defect | Status:  new
 Priority:  Low|  Milestone:
Component:  Core Tor/Stem  |Version:
 Severity:  Normal |   Keywords:
Actual Points: |  Parent ID:
   Points: |   Reviewer:
  Sponsor: |
---+
 Interesting catch from Thomas that pycodestyle is emitting a slew of
 "invalid escape sequence" warnings. This is pycodestyle 2.4.0 and python
 3.7 on netbsd. Seems we might have some cross-version stuff to account for
 here...

 https://bugs.python.org/issue27364
 https://github.com/PyCQA/pycodestyle/issues/755

 {{{
 > python3.7 run_tests.py --unit
 ==
  INITIALISING
 ==

   checking stem version... 1.6.0-dev
   checking python version...   3.7.0
   checking cryptography version... 2.3.1
   checking pynacl version...   1.1.2
   checking mock version... 1.0
   checking pyflakes version... 2.0.0
   checking pycodestyle version...  2.4.0
   checking for orphaned .pyc files...  done (0.0s)
   checking for unused tests... done (0.0s)
   importing test modules...done (0.1s)
   running pyflakes...  done (2.4s)
   running pycodestyle...   done (12.6s)

 ==
   UNIT TESTS
 ==

   util.enum... success (0.00s)
   util.connection...   success (0.05s)
   util.conf... success (0.00s)
   util.log...  success (0.00s)
   util.proc... success (0.02s)
   util.str_tools...success (0.00s)
   util.system...   success (0.02s)
   util.term... success (0.00s)
   util.tor_tools...success (0.00s)
   util.__init__... success (0.00s)
   installation...  success (0.00s)
   descriptor.export... success (0.01s)
   descriptor.reader... success (0.11s)
   descriptor.remote... success (0.32s)
   descriptor.server_descriptor...  success (0.12s)
   descriptor.extrainfo_descriptor...   success (0.13s)
   descriptor.microdescriptor...success (0.01s)
   descriptor.router_status_entry...success (0.04s)
   descriptor.tordnsel...   success (0.00s)
   descriptor.networkstatus.directory_authority...  success (0.02s)
   descriptor.networkstatus.key_certificate...  success (0.02s)
   descriptor.networkstatus.document_v2...  success (0.00s)
   descriptor.networkstatus.document_v3...  success (0.16s)
   descriptor.networkstatus.bridge_document...  success (0.00s)
   descriptor.hidden_service_descriptor...  success (0.02s)
   descriptor.certificate...success (0.01s)
   exit_policy.rule...  success (0.02s)
   exit_policy.policy...success (0.08s)
   endpoint...  success (0.00s)
   version...   success (0.01s)
   manual...success (0.02s)
   directory.authority...   success (0.00s)
   directory.fallback...success (0.04s)
   tutorial...  success (0.02s)
   tutorial_examples... success (0.04s)
   response.add_onion...success (0.00s)
   response.control_message...  success (0.01s)
   response.control_line... success (0.00s)
   response.events...   success (0.08s)
   response.getinfo...  success (0.00s)
   response.getconf...  success (0.00s)
   

Re: [tor-bugs] #27269 [- Select a component]: noscript not working in Tor Browser 8.0a10r

[Tor Bug Tracker & Wiki]

#27269: noscript not working in Tor Browser 8.0a10r
---+---
 Reporter:  ezio   |  Owner:  (none)
 Type:  defect | Status:  new
 Priority:  Medium |  Milestone:  Tor:
   |  unspecified
Component:  - Select a component   |Version:
 Severity:  Normal | Resolution:
 Keywords:  Tor Browser 8.0a10r ,noscript  |  Actual Points:
Parent ID: | Points:
 Reviewer: |Sponsor:
---+---

Comment (by ezio):

 OK video file is too big, so i will add a Dropbox link

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #26506 [Applications/Tor Browser]: NoScript not working on TBB/ESR60 on Windows

[Tor Bug Tracker & Wiki]

#26506: NoScript not working on TBB/ESR60 on Windows
-+-
 Reporter:  arthuredelstein  |  Owner:
 |  pospeselr
 Type:  defect   | Status:
 |  assigned
 Priority:  Very High|  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  ff60-esr, TorBrowserTeam201808,  |  Actual Points:
  noscript   |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-

Comment (by ezio):

 hi, as requested i opened a new ticket
 https://trac.torproject.org/projects/tor/ticket/27269

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #27253 [Core Tor/Stem]: Decide: rename Size subclasses to indicate unsigned and bit counts

[Tor Bug Tracker & Wiki]

#27253: Decide: rename Size subclasses to indicate unsigned and bit counts
-+--
 Reporter:  dmr  |  Owner:  atagar
 Type:  enhancement  | Status:  needs_review
 Priority:  Medium   |  Milestone:
Component:  Core Tor/Stem|Version:
 Severity:  Normal   | Resolution:
 Keywords:  client dev code-improvement  |  Actual Points:
Parent ID:   | Points:
 Reviewer:  atagar   |Sponsor:
-+--

Comment (by atagar):

 Hi Dave, sorry about the delay in getting to your pull request! It's
 review season at work right now so bit stressed, and focusing on that
 right now.

 When it comes to the unsigned flag that is the *one* thing I already gave
 a little thought to... and honestly reverted since I didn't understand a
 point in it.

 https://gitweb.torproject.org/user/atagar/stem.git/commit/?h=dmr_review

 Quite possible thought this is actually for something upcoming?

 > I wanted to make sure this got specifically addressed before a
 stem.client release, since after that point it might be too late (due to
 backwards-compatibility concerns).

 Don't fret about stem.client when it comes to the release. We're not
 vending this module at all in 1.7. We can continue to change it at will.

 We *are* vending stem.descriptor.remote's new ORPort capabilities which
 uses stem.client, but as long as that keeps working we're good.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #27083 [Applications/Tor Browser]: TBA: Window size rounding isn't used

[Tor Bug Tracker & Wiki]

#27083: TBA: Window size rounding isn't used
--+--
 Reporter:  sysrqb|  Owner:  tbb-team
 Type:  defect| Status:  new
 Priority:  Very High |  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:
 Keywords:  tbb-mobile, TorBrowserTeam201808  |  Actual Points:
Parent ID:  #25703| Points:
 Reviewer:|Sponsor:
--+--

Comment (by towiw2):

 Actually it may work. I don't have two phones to test it. Can anyone test
 it on two different phones and see if setting the same display size is
 effective?

 Only phones running on 7.0 nougat and above have the ability to change
 display size. At least 7.0+ users can have the same fingerprint.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #27269 [- Select a component]: noscript not working in Tor Browser 8.0a10r

[Tor Bug Tracker & Wiki]

#27269: noscript not working in Tor Browser 8.0a10r
-+-
 Reporter:  ezio |  Owner:  (none)
 Type:  defect   | Status:  new
 Priority:  Medium   |  Milestone:  Tor: unspecified
Component:  - Select a   |Version:
  component  |   Keywords:  Tor Browser 8.0a10r
 Severity:  Normal   |  ,noscript
Actual Points:   |  Parent ID:
   Points:   |   Reviewer:
  Sponsor:   |
-+-
 As requested by ma1
 (https://trac.torproject.org/projects/tor/ticket/26506) i opened a new
 ticket

 (windows 7 sp1 64) after a few restarts noscript stop working, all the
 add-ons in the toolbar stop working as well (if i click on the noscript
 icon it doesn't open any menu and https everywhere shows a blank menu), i
 tested the Tor Browser 8.0a10r on ​http://ip-check.info/?lang=en and it
 clearly says that javascript is enabled and i can actually see all the
 informations.

 I tried to do what ma1 suggested and i attached a video file to this
 ticket

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #27255 [Applications/Tor Browser]: TBA: Adding new search engine fails

[Tor Bug Tracker & Wiki]

#27255: TBA: Adding new search engine fails
--+--
 Reporter:  towiw |  Owner:  tbb-team
 Type:  defect| Status:  new
 Priority:  Very High |  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Major | Resolution:
 Keywords:  tbb-mobile|  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+--

Comment (by towiw2):

 It sometimes successfully adds a new search engine but it takes a very
 long time.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #26536 [Applications/Tor Browser]: Create APK signing keys

[Tor Bug Tracker & Wiki]

#26536: Create APK signing keys
--+---
 Reporter:  sysrqb|  Owner:  tbb-team
 Type:  task  | Status:  needs_information
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:
 Keywords:  tbb-mobile|  Actual Points:
Parent ID:  #26531| Points:
 Reviewer:|Sponsor:
--+---

Comment (by sysrqb):

 I created a short-term keypair for only the initial alpha releases. We
 will create a new, long-term key before the first stable release. I have
 this key offline.

 {{{
 $ keytool -genkey -v -keystore tba_alpha.p12 -storetype pkcs12 -keyalg RSA
 -keysize 3072 -validity 1 -alias tba_alpha
 }}}

 Key information
 {{{
 $ keytool -list -v -keystore tba_alpha.p12 -alias tba_alpha -storetype
 pkcs12
 Enter keystore password:
 Alias name: tba_alpha
 Creation date: Aug 22, 2018
 Entry type: PrivateKeyEntry
 Certificate chain length: 1
 Certificate[1]:
 Owner: CN=Tor Browser, OU=Applications Team, O=The Tor Project, L=Seattle,
 ST=WA, C=US
 Issuer: CN=Tor Browser, OU=Applications Team, O=The Tor Project,
 L=Seattle, ST=WA, C=US
 Serial number: 5f29a0f3
 Valid from: Wed Aug 22 17:17:47 UTC 2018 until: Sun Jan 07 17:17:47 UTC
 2046
 Certificate fingerprints:
  MD5:  6B:27:D0:7B:3B:5C:FA:E9:60:45:15:24:08:A0:72:AE
  SHA1: D8:D5:4C:45:85:F3:BB:2C:80:D3:6C:85:A0:D4:1B:6D:C9:6A:33:80
  SHA256:
 
15:F7:60:B4:1A:CB:E4:78:3E:66:71:02:C9:F6:71:19:BE:2A:F6:2F:AB:07:76:3F:9D:57:F0:1E:5E:10:74:E1
 Signature algorithm name: SHA256withRSA
 Subject Public Key Algorithm: 3072-bit RSA key
 Version: 3

 Extensions:

 #1: ObjectId: 2.5.29.14 Criticality=false
 SubjectKeyIdentifier [
 KeyIdentifier [
 : E6 1D 34 04 98 A0 7A 83   42 2C 11 2A 8C 9D D3 D6  ..4...z.B,.*
 0010: E7 9E 73 66..sf
 ]
 ]

 }}}

 Public Key Certificate:
 {{{
 $ keytool -exportcert -v -keystore tba_alpha.p12 -alias tba_alpha
 -storetype pkcs12 -rfc
 Enter keystore password:
 -BEGIN CERTIFICATE-
 MIIEjzCCAvegAwIBAgIEXymg8zANBgkqhkiG9w0BAQsFADB4MQswCQYDVQQGEwJV
 UzELMAkGA1UECBMCV0ExEDAOBgNVBAcTB1NlYXR0bGUxGDAWBgNVBAoTD1RoZSBU
 b3IgUHJvamVjdDEaMBgGA1UECxMRQXBwbGljYXRpb25zIFRlYW0xFDASBgNVBAMT
 C1RvciBCcm93c2VyMB4XDTE4MDgyMjE3MTc0N1oXDTQ2MDEwNzE3MTc0N1oweDEL
 MAkGA1UEBhMCVVMxCzAJBgNVBAgTAldBMRAwDgYDVQQHEwdTZWF0dGxlMRgwFgYD
 VQQKEw9UaGUgVG9yIFByb2plY3QxGjAYBgNVBAsTEUFwcGxpY2F0aW9ucyBUZWFt
 MRQwEgYDVQQDEwtUb3IgQnJvd3NlcjCCAaIwDQYJKoZIhvcNAQEBBQADggGPADCC
 AYoCggGBAJRv7+VdgiT268+L4q3MeuPKbl9mfGu72Js6wcFqlAyMRXTokvo2ythN
 +n8zMlpc2hHJ01dR88RgaqlUseF5LvuT6AaxI5zLMhaZbww0Np+XS/c9ZfxZ/0YZ
 WUIyJ5LUEeG9z1bBG0KKhoxyX9ab1IQkGYiRPRgiTaXlkSA+i11XYVDtigqX8C+u
 jl4UUr3yBT9AX1vJ1lC8gRLgwIcz8/9orpwaoUm/7VmEgx9N9Ys8ubXUlnT5Em4k
 wwbrnZuEO7OOwK3ZBSeOt9iFH/i2ASflu+cJ7JLFnd8ql9BtClXKP83u97ZD122N
 IaOiXf2YKH4LsWSZyZ6sk8N/cJO8mZ2i7QqWLoPfKqCz8xKoploItQ2NGiEVM5GR
 xsshW1iJ+d024OWupD6c2Mt8WMhbHHeZ3xBDBUqtvTijMSQztGh25ksTdO9pcJxQ
 kkUeOub4QL240MC0TdvPAP6wZFAo7do/TeKcpwCYmIyj6igiu/kLUfsDnZZtdw2m
 NCa1XVhM1wIDAQABoyEwHzAdBgNVHQ4EFgQU5h00BJigeoNCLBEqjJ3T1ueec2Yw
 DQYJKoZIhvcNAQELBQADggGBAHZkWaei+KqmWxqnbbrJcIOzZuy8zi+RSVKBQS/C
 ZPnqkIShT0W2bSVkMR4brvU5zDtRfpgfguFhRwnct/9GGdRlMJmEMTcm/4cNgZiz
 PNO2Y80HV3EsLTNDjFtMX8DBvltk0oZMSlllqGhb7tqZwCfeKBSPz+aH4XgnvpTv
 kWg/ux0BG+fkYgts3dYcQoaWZ6nEQYoPpJyJ+zgPrGtGITBHUrD2WCr6muarEVIR
 7JZfwjy1knFSblA/cgDzoRg13L13ntsCF98lGhiBZo8UGvmNFubSolwzmyf7US3z
 ZvypsKrXJXz0rU1pbFC01Dka626UVkzZoMf53m9KjcIpP92U3l2GZhXsqxJJ26tu
 8x98Jwi5l22upmOsNttAeYtUMI1ODdxL/uVEIVfOw48lyYQgOsdsIiKDi3NDbjto
 zMVZOPvcSx2ESrq+GaoKZjkXGAg7beRdLWvsmGGoejuft+N2yqRYaFQ7sjCVQlq2
 D9GDJUVvnPEj25zrwtgRmPgLZg==
 -END CERTIFICATE-
 }}}

 I debated whether we should create the key using RSA or ECDSA. I decided
 on using RSA, but we can discuss this later, before creating the long-term
 key.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #27221 [Applications/Tor Browser]: Tor Browser 8.0a10 wants to update to 8.0a10

[Tor Bug Tracker & Wiki]

#27221: Tor Browser 8.0a10 wants to update to 8.0a10
-+-
 Reporter:  boklm|  Owner:  tbb-team
 Type:  defect   | Status:
 |  needs_review
 Priority:  Very High|  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  ff60-esr, TorBrowserTeam201808R  |  Actual Points:
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-
Changes (by mcs):

 * keywords:  ff60-esr, TorBrowserTeam201808 => ff60-esr,
 TorBrowserTeam201808R
 * status:  new => needs_review


Comment:

 Here is a fix:
 https://gitweb.torproject.org/user/brade/tor-
 browser.git/commit/?h=bug27221-01=d97dc2bdddf642bf192962b40afaf6d220c9fc2d

 Kathy and I did some testing on macOS; it would be great if someone could
 do some independent testing. One simple test is to replace the binary bits
 of a 8.0a10 install that is in a bad state due to this bug and then
 restart. The startupCache should be removed and life should be good again.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #26506 [Applications/Tor Browser]: NoScript not working on TBB/ESR60 on Windows

[Tor Bug Tracker & Wiki]

#26506: NoScript not working on TBB/ESR60 on Windows
-+-
 Reporter:  arthuredelstein  |  Owner:
 |  pospeselr
 Type:  defect   | Status:
 |  assigned
 Priority:  Very High|  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  ff60-esr, TorBrowserTeam201808,  |  Actual Points:
  noscript   |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-

Comment (by ma1):

 I couldn't reproduce this at all, at least not in the original formulation
 of this bug (which did not imply the breakage happening after some usage
 and/or other extensions being broken too).

 I had definitely fixed a bug producing exactly the effects described in
 the original post (and caused by a missing Firefox crypto API in the Tor
 Browser only) in 10.1.8.3rc6, with
 
[https://github.com/hackademix/noscript/commit/8ae9513f75fa8c975a5960684bfaa575ceaa6f6d
 this commit].

 Please close this and open a new bug for this new, intermittent and quite
 difficult to reproduce issue.
 Also, please flag the NoScript Options>Advanced>Debug checkbox and attach
 whatever seems NoScript-related you can find in your browser console
 (ctrl+shift+J) just after the problem happens.

 Thank you.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #27261 [Applications/Tor Browser]: Tor Browser 8.0a9/10 gets stuck in an endless reload cycle

[Tor Bug Tracker & Wiki]

#27261: Tor Browser 8.0a9/10 gets stuck in an endless reload cycle
-+-
 Reporter:  gk   |  Owner:  tbb-
 |  team
 Type:  defect   | Status:  new
 Priority:  Very High|  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  TorBrowserTeam201808, ff60-esr,  |  Actual Points:
  noscript   |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-

Comment (by ma1):

 I've tried repeating the steps outlined in commment #7 not 3 but at least
 30 times, with no results: the browser keeps behaving normally,
 unfortunately :(

 Of course I did not even try 17rc7 (or rc8, which I've released some
 minutes ago), keeping 16 stable which ships with a fresh 8.0a10.

 I'll keep testing on the RCs from now on, since 10.1.8.17 is about to be
 released and dramatically changes the way some possibly related subsystems
 work (hopefully reducing their side effects).

 Here's my compatibility.ini file, in case it helps:

 {{{
 [Compatibility]
 LastVersion=60.1.0_20180204020101/20180204020101
 LastOSABI=WINNT_x86_64-gcc3
 LastPlatformDir=C:\Users\Giorgio\Desktop\TB8\Browser
 LastAppDir=C:\Users\Giorgio\Desktop\TB8\Browser\browser
 }}}

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #27268 [- Select a component]: preferences cleanup

[Tor Bug Tracker & Wiki]

#27268: preferences cleanup
--+
 Reporter:  rzb   |  Owner:  (none)
 Type:  defect| Status:  new
 Priority:  Medium|  Milestone:
Component:  - Select a component  |Version:
 Severity:  Normal|   Keywords:
Actual Points:|  Parent ID:
   Points:|   Reviewer:
  Sponsor:|
--+
 pref("plugins.hide_infobar_for_missing_plugin", true);
  - dead pref? hxxps://dxr.mozilla.org/mozilla-
 esr60/search?q=hide_infobar_for_missing_plugin -> 0 results found

 pref("plugins.hideMissingPluginsNotification", true);
  - dead pref? hxxps://dxr.mozilla.org/mozilla-
 esr60/search?q=hideMissingPluginsNotification -> 0 results found

 pref("plugin.expose_full_path", false);
  - dead pref? hxxps://dxr.mozilla.org/mozilla-
 esr60/search?q=expose_full_path -> 0 results found


 unless you have custom code that re-implements this I don't think the pref
 does anything anymore:
 pref("dom.mozTCPSocket.enabled", false);
  - hxxps://dxr.mozilla.org/mozilla-esr60/search?q=mozTCPSocket

 pref("browser.usedOnWindows10", true);
  - dead pref? hxxps://hg.mozilla.org/mozilla-central/rev/5dd17564f294 ->
 also uplifted to FF50
  - hxxps://dxr.mozilla.org/mozilla-esr60/search?q=usedOnWindows10 -> 2
 remnants for .introURL but nothing for "browser.usedOnWindows10"

 pref("browser.selfsupport.enabled", false);
 pref("browser.selfsupport.url", "");
  - both removed in FF55 -> https://bugzilla.mozilla.org/1361578
  - hxxps://dxr.mozilla.org/mozilla-esr60/search?q=browser.selfsupport -> 0
 results
  - hxxps://dxr.mozilla.org/mozilla-esr60/search?q=selfsupport -> 8 results
 but nothing that looks related to these 2 prefs


 pref("browser.newtabpage.directory.ping", "data:text/plain,");
  - dead pref? removed in FF55: https://bugzilla.mozilla.org/1241390


 pref("browser.newtabpage.directory.source", "data:text/plain,");
 pref("browser.newtabpage.enhanced", false);
 pref("browser.newtabpage.introShown", true);
  - all 3 were removed in FF60:
 https://bugzilla.mozilla.org/buglist.cgi?bug_id=1370930,1433133

 pref("browser.newtabpage.remote", false);
  - last remnants removed in FF60 (https://bugzilla.mozilla.org/1355166)

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #27260 [Applications/Tor Browser]: Audit network.http.spdy.enabled.deps

[Tor Bug Tracker & Wiki]

#27260: Audit network.http.spdy.enabled.deps
-+-
 Reporter:  arthuredelstein  |  Owner:  tbb-
 |  team
 Type:  defect   | Status:  new
 Priority:  Medium   |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tbb-fingerprinting, tbb- |  Actual Points:
  linkability, ff60-esr  |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-

Comment (by arthuredelstein):

 Replying to [comment:2 fixtbb]:
 > Not only you forget to remove prefs ;)
 > https://dxr.mozilla.org/mozilla-
 esr60/search?q=network.http.spdy.enabled.deps

 The pref is used here:
 https://dxr.mozilla.org/mozilla-
 
esr60/rev/dd52b41d2b775e5c7261ce52795268b7670635fc/netwerk/protocol/http/nsHttpHandler.cpp#1501

 and the relevance can be found here:
 https://dxr.mozilla.org/mozilla-esr60/search?q=UseH2Deps=true

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #27231 [Webpages/Website]: OpenBSD install instructions

[Tor Bug Tracker & Wiki]

#27231: OpenBSD install instructions
--+
 Reporter:  gman999   |  Owner:  (none)
 Type:  defect| Status:  closed
 Priority:  Medium|  Milestone:
Component:  Webpages/Website  |Version:
 Severity:  Major | Resolution:  fixed
 Keywords:  openbsd install   |  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+
Changes (by traumschule):

 * status:  needs_review => closed
 * resolution:   => fixed


Comment:

 merged

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #27252 [Core Tor/Tor]: Reduce the number of travis jobs

[Tor Bug Tracker & Wiki]

#27252: Reduce the number of travis jobs
-+-
 Reporter:  teor |  Owner:  teor
 Type:  enhancement  | Status:
 |  assigned
 Priority:  Medium   |  Milestone:  Tor:
 |  0.3.5.x-final
Component:  Core Tor/Tor |Version:
 Severity:  Normal   | Resolution:
 Keywords:  rust tor-ci 029-backport-maybe   |  Actual Points:
  032-backport 033-backport 034-backport |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-

Comment (by catalyst):

 Replying to [ticket:27252 teor]:
 > In 0.2.9 and later:
 > * work out if we really need clang and gcc on Linux and macOS
 I think if Xcode comes with only clang, and Tor Browser doesn't build on
 macOS with gcc, we don't need to test with gcc on macOS.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #27231 [Webpages/Website]: OpenBSD install instructions

[Tor Bug Tracker & Wiki]

#27231: OpenBSD install instructions
--+--
 Reporter:  gman999   |  Owner:  (none)
 Type:  defect| Status:  needs_review
 Priority:  Medium|  Milestone:
Component:  Webpages/Website  |Version:
 Severity:  Major | Resolution:
 Keywords:  openbsd install   |  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+--

Comment (by gman999):

 done.

 someone can close the ticket.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #27215 [Core Tor/Tor]: hs: Change default HiddenServiceVersion to 3

[Tor Bug Tracker & Wiki]

#27215: hs: Change default HiddenServiceVersion to 3
--+
 Reporter:  dgoulet   |  Owner:  (none)
 Type:  enhancement   | Status:  needs_review
 Priority:  Medium|  Milestone:  Tor:
  |  0.3.5.x-final
Component:  Core Tor/Tor  |Version:
 Severity:  Normal| Resolution:
 Keywords:  tor-hs, 035-roadmap-proposed  |  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+
Changes (by dgoulet):

 * status:  new => needs_review


Comment:

 Branch: `ticket27215_035_01`
 PR: https://github.com/torproject/tor/pull/288

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #27267 [Internal Services/Service - trac]: Allow asn to edit the trac page permissions

[Tor Bug Tracker & Wiki]

#27267: Allow asn to edit the trac page permissions
--+-
 Reporter:  asn   |  Owner:  qbi
 Type:  defect| Status:  new
 Priority:  Medium|  Milestone:
Component:  Internal Services/Service - trac  |Version:
 Severity:  Normal|   Keywords:
Actual Points:|  Parent ID:
   Points:|   Reviewer:
  Sponsor:|
--+-
 Hello trac people,

 I'm the only person able to edit
 https://trac.torproject.org/projects/tor/wiki/doc/NextGenOnions .

 I want to make other people eligible to edit that page, without opening it
 to the internet just yet.

 Can someone upgrade me to a trac entity that can edit trac's ACL?

 Thanks!

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #27261 [Applications/Tor Browser]: Tor Browser 8.0a9/10 gets stuck in an endless reload cycle

[Tor Bug Tracker & Wiki]

#27261: Tor Browser 8.0a9/10 gets stuck in an endless reload cycle
-+-
 Reporter:  gk   |  Owner:  tbb-
 |  team
 Type:  defect   | Status:  new
 Priority:  Very High|  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  TorBrowserTeam201808, ff60-esr,  |  Actual Points:
  noscript   |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-

Comment (by gk):

 Yes, still the same issue.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #26536 [Applications/Tor Browser]: Create APK signing keys

[Tor Bug Tracker & Wiki]

#26536: Create APK signing keys
--+---
 Reporter:  sysrqb|  Owner:  tbb-team
 Type:  task  | Status:  needs_information
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:
 Keywords:  tbb-mobile|  Actual Points:
Parent ID:  #26531| Points:
 Reviewer:|Sponsor:
--+---

Comment (by sysrqb):

 Woah! "Android 9 supports APK key rotation, which gives apps the ability
 to change their signing key as part of an APK update."
 https://source.android.com/security/apksigning/v3

 This is only with the newest version of Android. It includes support for a
 new signature scheme.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #26884 [Applications/Tor Browser]: Update preferences.xul to make it work on mobile

[Tor Bug Tracker & Wiki]

#26884: Update preferences.xul to make it work on mobile
-+-
 Reporter:  igt0 |  Owner:  tbb-
 |  team
 Type:  defect   | Status:  closed
 Priority:  Very High|  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:  fixed
 Keywords:  tbb-torbutton, TorBrowserTeam201808  |  Actual Points:
Parent ID:  #26531   | Points:
 Reviewer:   |Sponsor:
-+-
Changes (by gk):

 * status:  reopened => closed
 * resolution:   => fixed


Comment:

 Replying to [comment:28 gk]:
 > Damn, I should have tested it again:
 > {{{
 > JavaScript error: chrome://torbutton/content/torbutton.js, line 2251:
 TypeError: show_torbrowser_manual is not a function
 > }}}
 > this happens on a desktop Tor Browser (8.0a10 Linux).

 Okay, I think what happened was me testing the commit before bumping the
 Torbutton version and then later, after tagging, I saw the error. Blowing
 the `startupCache` away manually "solves" this problem. igt0 verified that
 an actual version bump has the same effect. Thus, we are good here it
 seems and can proceed with `2.0.3`.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #27266 [Metrics/ExoneraTor]: Links to IP addresses in same /24 are broken

[Tor Bug Tracker & Wiki]

#27266: Links to IP addresses in same /24 are broken
+--
 Reporter:  karsten |  Owner:  metrics-team
 Type:  defect  | Status:  new
 Priority:  Medium  |  Milestone:
Component:  Metrics/ExoneraTor  |Version:
 Severity:  Normal  |   Keywords:
Actual Points:  |  Parent ID:
   Points:  |   Reviewer:
  Sponsor:  |
+--
 When a result is negative but there are IP addresses of relays in the same
 /24, we're printing out links to those searches. However, those searches
 are currently broken since moving ExoneraTor to Tor Metrics. I'm not
 fixing this right away, because I'd like to get the #27234 changes merged
 first. Should be okay to wait another week.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #26506 [Applications/Tor Browser]: NoScript not working on TBB/ESR60 on Windows

[Tor Bug Tracker & Wiki]

#26506: NoScript not working on TBB/ESR60 on Windows
-+-
 Reporter:  arthuredelstein  |  Owner:
 |  pospeselr
 Type:  defect   | Status:
 |  assigned
 Priority:  Very High|  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  ff60-esr, TorBrowserTeam201808,  |  Actual Points:
  noscript   |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-

Comment (by ezio):

 the bug is still reproducible with ​latest RC (10.1.8.17rc7), i already
 tried

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #26506 [Applications/Tor Browser]: NoScript not working on TBB/ESR60 on Windows

[Tor Bug Tracker & Wiki]

#26506: NoScript not working on TBB/ESR60 on Windows
-+-
 Reporter:  arthuredelstein  |  Owner:
 |  pospeselr
 Type:  defect   | Status:
 |  assigned
 Priority:  Very High|  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  ff60-esr, TorBrowserTeam201808,  |  Actual Points:
  noscript   |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-

Comment (by ezio):

 Hi, in my case (windows 7 sp1 64), after a few restarts noscript stop
 working, all the add-ons in the toolbar stop working as well (if i click
 on the noscript icon it doesn't open any menu and https everywhere shows a
 blank menu), i tested the Tor Browser 8.0a10r on http://ip-
 check.info/?lang=en and it clearly says that javascript is enabled and i
 can actually see all the informations.
 Let me know if you need any further information

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs