Re: [tor-bugs] #25475 [Webpages/Website]: Credits page

[Tor Bug Tracker & Wiki]

#25475: Credits page
--+--
 Reporter:  arthuredelstein   |  Owner:  traumschule
 Type:  defect| Status:  assigned
 Priority:  Medium|  Milestone:  website redesign
Component:  Webpages/Website  |Version:
 Severity:  Normal| Resolution:
 Keywords:|  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+--

Comment (by arma):

 Credits for what?

 Tor has many umbrella projects -- is the idea to just make a page that is
 a jumble of all the contributors of all the projects?

 It seems like each project should handle its own credits.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #27546 [Applications/Tor Browser]: Vertical scrollbar is broken on Linux in Tor Browser 8 with Gtk3

[Tor Bug Tracker & Wiki]

#27546: Vertical scrollbar is broken on Linux in Tor Browser 8 with Gtk3
+--
 Reporter:  gk  |  Owner:  tbb-team
 Type:  defect  | Status:  new
 Priority:  Medium  |  Milestone:
Component:  Applications/Tor Browser|Version:
 Severity:  Normal  | Resolution:
 Keywords:  tbb-8.0-issues, tbb-regression  |  Actual Points:
Parent ID:  | Points:
 Reviewer:  |Sponsor:
+--

Comment (by cypherpunks_reply):

 Replying to [comment:1 gapegas7uftp]:
 > Also experiencing this issue on Linux.  Expected behavior is
 >  left click = scroll 1 page up / down;
 >  middle-click = warp.
 > Other GTK application on my system work this way, but not tor browser.
 Replying to [comment:2 gapegas7uftp]:
 > Could you make this be the default for tor browser 8, so it is like tor
 browser 7? (no regress)

 This is not my experience. For me tor browser 7 warped with a single left
 click and scrolled 1 page up/down with a single right click (and also with
 shift + single left click). So for me your proposal would a change.

 > I am using KDE on ubuntu.
 I am not. This is on Debian sid.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #27659 [Applications/Tor Browser]: Automatically use another guard when an onion service appears unreachable

[Tor Bug Tracker & Wiki]

#27659: Automatically use another guard when an onion service appears 
unreachable
--+--
 Reporter:  traumschule   |  Owner:  tbb-team
 Type:  enhancement   | Status:  closed
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:  wontfix
 Keywords:|  Actual Points:
Parent ID:  #27655| Points:
 Reviewer:|Sponsor:
--+--
Changes (by traumschule):

 * status:  needs_information => closed
 * resolution:   => wontfix


Comment:

 closing this since it's totally off track

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #27608 [Applications/Tor Browser]: TB 8.5a1: messages from the update engine

[Tor Bug Tracker & Wiki]

#27608: TB 8.5a1: messages from the update engine
--+--
 Reporter:  traumschule   |  Owner:  tbb-team
 Type:  defect| Status:  new
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:
 Keywords:  tbb-8.0-issues|  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+--
Changes (by traumschule):

 * status:  needs_information => new


Comment:

 does this help or should i poke my logs a bit more?

 {{{
 ,{"id":"{73a6fe31-595d-460b-a920-fcc0f8843232}","syncGUID":"{679a3a4d-4728
 -44ef-b1a3-9e0b5637f057}","location":"app-
 profile","version":"10.1.9.6","type":"webextension","internal
 
Name":null,"updateURL":null,"updateKey":null,"optionsURL":"ui/options.html","optionsType":3,"optionsBrowserStyle":true,"aboutURL":null,"defaultLocale":{"name":"NoScript","descri
 ption":"Extra protection for your Firefox: NoScript allows JavaScript,
 Flash (and other plugins) only for trusted domains of your choice (e.g.
 your home-banking web site). This
 whitelist based pre-emptive blocking approach prevents exploitation of
 security vulnerabilities (known and even unknown!) with no loss of
 functionality… Experts will agree: Fire
 fox is really safer with NoScript
 
:-)","creator":null,"developers":null,"translators":null,"contributors":null},"visible":true,"active":true,"userDisabled":false,"appDisabled":f
 
alse,"installDate":94668480,"updateDate":1537011357000,"applyBackgroundUpdates":1,"bootstrap":true,"path
 ":"[...]tor-browser8.0a10/Browser
 /TorBrowser/Data/Browser/profile.default/extensions/{73a6fe31-595d-
 
460b-a920-fcc0f8843232}.xpi","skinnable":false,"size":1001138,"sourceURI":"https://addons.cdn.mozilla.net/user
 
-media/addons/722/noscript_security_suite-10.1.9.6-an+fx.xpi?filehash=sha256%3A336ae26d0a70688e6c2b3c14267c9e80f52f6f36c31f23b8242e0edae3666d42","releaseNotesURI":"https://addon
 s.mozilla.org/versions/updateInfo/2532678/en-
 
US/","softDisabled":false,"foreignInstall":true,"strictCompatibility":true,"locales":[{"name":"NoScript","description":"Extra
 protec
 tion for your Firefox: NoScript allows JavaScript, Flash (and other
 plugins) only for trusted domains of your choice (e.g. your home-banking
 web site). This whitelist based pre-
 emptive blocking approach prevents exploitation of security
 vulnerabilities (known and even unknown!) with no loss of functionality…
 Experts will agree: Firefox is really safer
 with NoScript
 
:-)","creator":null,"developers":null,"translators":null,"contributors":null,"locales":["en"]},{"name":"NoScript","description":"Une
 protection supplémentaire pour
  votre Firefox : NoScript autorise JavaScript, Flash (et autres greffons)
 seulement pour les domaines de votre choix (p. ex. le site Web de votre
 banque). Cette approche de bloc
 age préemptif, fondé sur une liste blanche, prévient l’exploitation de
 vulnérabilités informatiques (connues et inconnues) sans perte de
 fonctionnalité. Les experts seront d’acc
 ord : Firefox est vraiment plus sûr avec NoScript
 
:-)","creator":null,"developers":null,"translators":null,"contributors":null,"locales":["fr"]},{"name":"NoScript","description"
 :"Protezione extra per Firefox: NoScript consente JavaScript, Flash (e
 altri plug-in) solo per domini verificati di tua scelta (ad es. il tuo
 sito web di home banking). Questo a
 pproccio di blocco preventivo basato su whitelist previene lo sfruttamento
 delle vulnerabilità della sicurezza (note e persino sconosciute!) senza
 alcuna perdita di funzionalità
 … Gli esperti saranno d‘accordo: Firefox è davvero più sicuro con NoScript
 
:-)","creator":null,"developers":null,"translators":null,"contributors":null,"locales":["it"]},{"name"
 :"NoScript","description":"Zusätzliche Sicherheit für Ihren Firefox: Mit
 NoScript können Sie JavaScript, Flash, Java und andere ausführbare Inhalte
 bloß auf vertrauenswürdigen D
 omains Ihrer Wahl zulassen, z.B. beim Online-Banking. Dieser whitelist-
 basierte präventive Ansatz verhindert das Ausnutzen von (bekannten und
 unbekannten!) Sicherheitslücken ohn
 e Verlust an Funktionalität… Experten sind sich einig: Firefox wird
 wirklich noch sicherer mithilfe von NoScript
 ;-)","creator":null,"developers":null,"translators":null,"contri
 butors":null,"locales":["de"]},{"name":"NoScript","description":"Protecció
 addicional per al vostre Firefox: NoScript permet JavaScript, Flash (i
 altres connectors) només per al
 s dominis de confiança que trieu (p. ex. el web de banca de la llar).
 L'enfocament de bloqueig preventiu basat en la llista blanca evita
 l'explotació de vulnerabilitats de segur
 etat (conegudes i fins i tot desconegudes) sense pèrdua de
 funcionalitat... Els 

Re: [tor-bugs] #27608 [Applications/Tor Browser]: TB 8.5a1: messages from the update engine

[Tor Bug Tracker & Wiki]

#27608: TB 8.5a1: messages from the update engine
--+---
 Reporter:  traumschule   |  Owner:  tbb-team
 Type:  defect| Status:  needs_information
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:
 Keywords:  tbb-8.0-issues|  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+---
Changes (by traumschule):

 * Attachment "{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi" added.

 Looking at the first link my guess is that it tries to update an addon.
 Installing the named xpi from
 {{{TorBrowser/Data/Browser/profile.default/extensions/{73a6fe31-595d-
 460b-a920-fcc0f8843232}.xpi}}} it offered me to install Noscript. Maybe it
 the manifest type is not set correctly?

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #27228 [Core Tor/Tor]: pathbias_should_count(): Bug: Circuit X is now being counted

[Tor Bug Tracker & Wiki]

#27228: pathbias_should_count(): Bug: Circuit X is now being counted
--+--
 Reporter:  traumschule   |  Owner:  traumschule
 Type:  defect| Status:  assigned
 Priority:  Medium|  Milestone:  Tor: unspecified
Component:  Core Tor/Tor  |Version:  Tor: unspecified
 Severity:  Normal| Resolution:
 Keywords:|  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+--
Changes (by traumschule):

 * status:  needs_information => assigned
 * owner:  (none) => traumschule


Comment:

 Replying to [comment:7 mikeperry]:
 > I think it is fine to remove all of the pathbias code once we get a
 tagging resistant cipher in place, such as
 https://gitweb.torproject.org/torspec.git/tree/proposals/295-relay-crypto-
 with-atl.txt
 Hoping for further guidance in any case i will just try this. We'll see if
 i end up with a stable tor.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #25475 [Webpages/Website]: Credits page

[Tor Bug Tracker & Wiki]

#25475: Credits page
--+--
 Reporter:  arthuredelstein   |  Owner:  traumschule
 Type:  defect| Status:  assigned
 Priority:  Medium|  Milestone:  website redesign
Component:  Webpages/Website  |Version:
 Severity:  Normal| Resolution:
 Keywords:|  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+--
Changes (by traumschule):

 * status:  needs_information => assigned


Comment:

 ok, i'll create a file listing all contributors in alphabetical order. if
 we want to be more specific we have something to build upon. happy to read
 your ideas!

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #27333 [Core Tor/Tor]: outdated docs for onion_extend_cpath()

[Tor Bug Tracker & Wiki]

#27333: outdated docs for onion_extend_cpath()
--+
 Reporter:  cyberpunks|  Owner:  traumschule
 Type:  defect| Status:  needs_review
 Priority:  Medium|  Milestone:  Tor: unspecified
Component:  Core Tor/Tor  |Version:  Tor: 0.1.2.4-alpha
 Severity:  Normal| Resolution:
 Keywords:  doc   |  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+
Changes (by traumschule):

 * status:  assigned => needs_review


Comment:

 https://github.com/torproject/tor/pull/344

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #27725 [Core Tor/Tor]: Stealthy onions should appear to be offline

[Tor Bug Tracker & Wiki]

#27725: Stealthy onions should appear to be offline
--+--
 Reporter:  traumschule   |  Owner:  (none)
 Type:  defect| Status:  new
 Priority:  Medium|  Milestone:
Component:  Core Tor/Tor  |Version:
 Severity:  Normal|   Keywords:  auth, hs
Actual Points:|  Parent ID:
   Points:|   Reviewer:
  Sponsor:|
--+--
 Working on #27680 and testing basic and stealth onion services i noticed
 that they behavior is the same. Instead i expected the stealthy one to
 look like it's offline. See also #23653

 What i observed was for both auth types (without correct auth cookie in
 the client):

 When the descriptors weren't uploaded yet, the client failed immediately:
 {{{
 [warn] {REND} Fetching v2 rendezvous descriptor failed. Retrying at
 another directory.
 {REND} Closing stream for '.onion': hidden service is
 unavailable (try again later).
 }}}

 After uploading the descriptors the connection timed out:
 {{{
 [notice] Tried for 120 seconds to get a connection to :80.
 Giving up. (waiting for rendezvous desc)
 }}}

 Please let stealthy onions appear to be offline.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #27669 [Webpages/Website]: Replace recommendations to use tor-ramdisk with something better

[Tor Bug Tracker & Wiki]

#27669: Replace recommendations to use tor-ramdisk with something better
--+
 Reporter:  traumschule   |  Owner:  (none)
 Type:  defect| Status:  new
 Priority:  Medium|  Milestone:
Component:  Webpages/Website  |Version:
 Severity:  Normal| Resolution:
 Keywords:|  Actual Points:
Parent ID:  #13703| Points:
 Reviewer:|Sponsor:
--+

Comment (by cypherpunks2):

 There are no current alternatives. Honestly, I would just use tor-ramdisk,
 even if it no longer has grsecurity/PaX. It's still the lightest Linux-
 based Tor server out there.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #26146 [Applications/Tor Browser]: Setting `general.useragent.override` does not spoof the platform part anymore in ESR 60 which is confusing

[Tor Bug Tracker & Wiki]

#26146: Setting `general.useragent.override` does not spoof the platform part
anymore in ESR 60 which is confusing
-+-
 Reporter:  gk   |  Owner:  mcs
 Type:  defect   | Status:  closed
 Priority:  High |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:  fixed
 Keywords:  ff60-esr, tbb-fingerprinting-os, |  Actual Points:
  tbb-8.0-issues, tbb-8.0.1-can, |
  TorBrowserTeam201809R  |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-

Comment (by cypherpunks2):

 Replying to [comment:67 cypherpunks3]:
 > (That's now another way to pick out tor browser from firefox, not that
 it makes a difference since there were plenty already)

 Tor Browser has never intended to hide the fact that it is not vanilla
 Firefox.

 Anyway, now that a fix is in progress, I am happy.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #27719 [Applications/Tor Browser]: Treat unsafe renegotiation as broken

[Tor Bug Tracker & Wiki]

#27719: Treat unsafe renegotiation as broken
--+--
 Reporter:  cypherpunks2  |  Owner:  tbb-team
 Type:  enhancement   | Status:  new
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:
 Keywords:|  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+--

Comment (by cypherpunks2):

 Replying to [comment:1 gk]:
 > Relevant Moz bugs:
 >
 > https://bugzilla.mozilla.org/show_bug.cgi?id=535649 (original discussion
 and implementation)
 > https://bugzilla.mozilla.org/show_bug.cgi?id=665859 (flip the pref to
 `true` as this bug report requests)

 The second report is over 7 years old and no progress has been made (it's
 still status NEW). It's very possible that we'll have to toggle this
 ourselves if we want to avoid trivial MITM.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #27724 [- Select a component]: Tor Browser manual needs to be updated for the new request bridge option

[Tor Bug Tracker & Wiki]

#27724: Tor Browser manual needs to be updated for the new request bridge option
--+
 Reporter:  Dbryrtfbcbhgf |  Owner:  (none)
 Type:  defect| Status:  new
 Priority:  Medium|  Milestone:
Component:  - Select a component  |Version:
 Severity:  Normal|   Keywords:
Actual Points:|  Parent ID:
   Points:|   Reviewer:
  Sponsor:|
--+
 Tor Browser manual needs to be updated for the new {{{request bridge
 option.}}}  for network blocking  circumvention.
 https://tb-manual.torproject.org/en-US/bridges.html

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #27723 [- Select a component]: Obfs4 stopped working 16 Sept 18

[Tor Bug Tracker & Wiki]

#27723: Obfs4 stopped working 16 Sept 18
--+
 Reporter:  mwolfe|  Owner:  (none)
 Type:  enhancement   | Status:  new
 Priority:  Medium|  Milestone:
Component:  - Select a component  |Version:
 Severity:  Normal| Resolution:
 Keywords:|  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+

Comment (by Dbryrtfbcbhgf):

 1.  After the connection fails click on configure,  or just cancel the
 connection and then click configure.
 2.  Make sure tor is centered in my country is checked
 3.  Check  request a bridge from Torproject.org and click on request the
 bridge
 4.  Fill in the captcha  and click the return “enter” button on your
 keyboard.
 5.  It should now connect

  Here’s an explanation on how to manually connect to a bridge.
 https://tb-manual.torproject.org/en-US/bridges.html

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #27680 [Webpages/Website]: Explain how to use auth cookie for onion services

[Tor Bug Tracker & Wiki]

#27680: Explain how to use auth cookie for onion services
--+--
 Reporter:  traumschule   |  Owner:  traumschule
 Type:  enhancement   | Status:  needs_review
 Priority:  Medium|  Milestone:
Component:  Webpages/Website  |Version:
 Severity:  Normal| Resolution:
 Keywords:|  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+--
Changes (by traumschule):

 * status:  assigned => needs_review


Comment:

 https://github.com/torproject/webwml/pull/50

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #27723 [- Select a component]: Obfs4 stopped working 16 Sept 18

[Tor Bug Tracker & Wiki]

#27723: Obfs4 stopped working 16 Sept 18
--+
 Reporter:  mwolfe|  Owner:  (none)
 Type:  enhancement   | Status:  new
 Priority:  Medium|  Milestone:
Component:  - Select a component  |Version:
 Severity:  Normal| Resolution:
 Keywords:|  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+

Comment (by mwolfe):

 I forgot to mention I am in the UAE.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #27723 [- Select a component]: Obfs4 stopped working 16 Sept 18

[Tor Bug Tracker & Wiki]

#27723: Obfs4 stopped working 16 Sept 18
--+
 Reporter:  mwolfe|  Owner:  (none)
 Type:  enhancement   | Status:  new
 Priority:  Medium|  Milestone:
Component:  - Select a component  |Version:
 Severity:  Normal|   Keywords:
Actual Points:|  Parent ID:
   Points:|   Reviewer:
  Sponsor:|
--+
 I was using obfs4 on 15 Sept 18, but shortly after midnight, it stopped
 working, and I'm using azure. I assume that's the only thing that works
 when obfs4 fails.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #27722 [Core Tor/Tor]: rust protover doesn't canonicalize adjacent and overlapping ranges

[Tor Bug Tracker & Wiki]

#27722: rust protover doesn't canonicalize adjacent and overlapping ranges
-+-
 Reporter:   |  Owner:  (none)
  cyberpunks |
 Type:  defect   | Status:  new
 Priority:  Medium   |  Milestone:  Tor: 0.3.5.x-final
Component:  Core |Version:
  Tor/Tor|   Keywords:  rust, protover, 033-backport,
 Severity:  Normal   |  034-backport
Actual Points:   |  Parent ID:  #27190
   Points:   |   Reviewer:
  Sponsor:   |
-+-
 `protover.c` accepts both `"Foo=1-3,4-5"` and `"Foo=1-3,2-5"` and then
 canonicalizes them into `"Foo=1-5"` with `contract_protocol_list()`. Rust
 rejects the 2nd one as malformed.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #27546 [Applications/Tor Browser]: Vertical scrollbar is broken on Linux in Tor Browser 8 with Gtk3

[Tor Bug Tracker & Wiki]

#27546: Vertical scrollbar is broken on Linux in Tor Browser 8 with Gtk3
+--
 Reporter:  gk  |  Owner:  tbb-team
 Type:  defect  | Status:  new
 Priority:  Medium  |  Milestone:
Component:  Applications/Tor Browser|Version:
 Severity:  Normal  | Resolution:
 Keywords:  tbb-8.0-issues, tbb-regression  |  Actual Points:
Parent ID:  | Points:
 Reviewer:  |Sponsor:
+--

Comment (by gapegas7uftp):

 I creating a file, `tor-
 browser_LANGUAGE/Browser/.config/gtk-3.0/settings.ini` with the content

 {{{
 [Settings]
 gtk-primary-button-warps-slider = false
 }}}

 and can confirm that this creates the desired scrollbar eperience.  Maybe
 the person complaining make the `settings.ini` file in the home directory,
 instead of where tor browser installed / Browser/.config/gtk-3.0?  I think
 that don't work.

 I am using KDE on ubuntu.

 Could you make this be the default for tor browser 8, so it is like tor
 browser 7? (no regress)

 Thanks

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #27702 [Webpages/Website]: Link keys.txt and its signature at the signing keys page

[Tor Bug Tracker & Wiki]

#27702: Link keys.txt and its signature at the signing keys page
--+--
 Reporter:  traumschule   |  Owner:  (none)
 Type:  enhancement   | Status:  needs_review
 Priority:  Medium|  Milestone:
Component:  Webpages/Website  |Version:
 Severity:  Normal| Resolution:
 Keywords:|  Actual Points:
Parent ID:  #22637| Points:
 Reviewer:|Sponsor:
--+--
Changes (by traumschule):

 * status:  new => needs_review
 * parent:  #27700 => #22637


Comment:

 https://github.com/torproject/webwml/pull/48

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #27503 [Applications/Tor Browser]: Disabling accessibility on Windows breaks screen readers

[Tor Bug Tracker & Wiki]

#27503: Disabling accessibility on Windows breaks screen readers
+--
 Reporter:  gk  |  Owner:  tbb-team
 Type:  defect  | Status:  new
 Priority:  High|  Milestone:
Component:  Applications/Tor Browser|Version:
 Severity:  Normal  | Resolution:
 Keywords:  tbb-8.0-issues, tbb-regression  |  Actual Points:
Parent ID:  | Points:
 Reviewer:  |Sponsor:
+--

Comment (by arma):

 We had another person on #tor today asking about this.

 I wonder if we can use our twitter power to draw attention to the widl
 bug?

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #26381 [Applications/Tor Browser]: about:tor page does not load on first start on Windows and browser is stuck in endless reload cycle

[Tor Bug Tracker & Wiki]

#26381: about:tor page does not load on first start on Windows and browser is 
stuck
in endless reload cycle
-+-
 Reporter:  gk   |  Owner:
 |  pospeselr
 Type:  defect   | Status:
 |  needs_review
 Priority:  Very High|  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tbb-torbutton, ff60-esr, |  Actual Points:
  TorBrowserTeam201809R  |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-
Changes (by pospeselr):

 * keywords:  tbb-torbutton, ff60-esr, TorBrowserTeam201809 => tbb-
 torbutton, ff60-esr, TorBrowserTeam201809R
 * status:  needs_revision => needs_review


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #4700 [Core Tor/Tor]: Tor should provide a mechanism for hidden services to differentiate authorized clients and circuits

[Tor Bug Tracker & Wiki]

#4700: Tor should provide a mechanism for hidden services to differentiate
authorized clients and circuits
-+-
 Reporter:  katmagic |  Owner:  (none)
 Type:  enhancement  | Status:
 |  merge_ready
 Priority:  Medium   |  Milestone:  Tor:
 |  unspecified
Component:  Core Tor/Tor |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tor-control, needs-proposal, tor-|  Actual Points:
  hs, needs-design, 035-roadmap-master   |
Parent ID:   | Points:  10
 Reviewer:  dgoulet  |Sponsor:
-+-

Comment (by ahf):

 https://github.com/ahf/tor/commit/3477a73af99eb72f8374928fdc2fab4858485219
 patch for the above problem.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #4700 [Core Tor/Tor]: Tor should provide a mechanism for hidden services to differentiate authorized clients and circuits

[Tor Bug Tracker & Wiki]

#4700: Tor should provide a mechanism for hidden services to differentiate
authorized clients and circuits
-+-
 Reporter:  katmagic |  Owner:  (none)
 Type:  enhancement  | Status:
 |  merge_ready
 Priority:  Medium   |  Milestone:  Tor:
 |  unspecified
Component:  Core Tor/Tor |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tor-control, needs-proposal, tor-|  Actual Points:
  hs, needs-design, 035-roadmap-master   |
Parent ID:   | Points:  10
 Reviewer:  dgoulet  |Sponsor:
-+-

Comment (by ahf):

 Found another bug with this code:

 {{{
 $ nc -l -p 6667
 CAP LS
 NICK user
 USER user user
 rxyw2yu2mxczblqcov5d3m6fqyem7rnamcean46wu7srdh5so7dro7qd.onion :Unknown
 PROXY TCP6 fc00:dead:beef:4dad::0:25 ::1 37 6667
 }}}

 This happens when an IRC client is connecting to an OS with this feature
 enabled. We need to make sure the `PROXY` string is added to the beginning
 of the buffer and not the end.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #23913 [Metrics/Onionoo]: Allow parameters and qualified search terms to be specified more than once

[Tor Bug Tracker & Wiki]

#23913: Allow parameters and qualified search terms to be specified more than 
once
-+--
 Reporter:  nusenu   |  Owner:  metrics-team
 Type:  enhancement  | Status:  assigned
 Priority:  Medium   |  Milestone:
Component:  Metrics/Onionoo  |Version:
 Severity:  Normal   | Resolution:
 Keywords:   |  Actual Points:
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+--

Comment (by karsten):

 This change is going to enable searches for relays having more than one
 flag assigned. We briefly considered implementing this by accepting a list
 of flags in the "flag" parameter (#23914), but that would be boolean AND
 whereas other parameters implement lists as boolean OR. In the case of
 flags boolean OR doesn't really make sense, so if we want boolean AND we
 should implement it by permitting more than one "flag" parameter.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #23914 [Metrics/Onionoo]: Extend flag parameter to support comma-separated list of flags

[Tor Bug Tracker & Wiki]

#23914: Extend flag parameter to support comma-separated list of flags
-+-
 Reporter:  nusenu   |  Owner:  karsten
 Type:  enhancement  | Status:  closed
 Priority:  Medium   |  Milestone:
Component:  Metrics/Onionoo  |Version:
 Severity:  Normal   | Resolution:  wontfix
 Keywords:   |  Actual Points:
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-
Changes (by karsten):

 * status:  accepted => closed
 * resolution:   => wontfix


Comment:

 Closing this ticket for the reason stated in the previous comment and
 after leaving a comment on #23913.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #21263 [Applications/Tor Browser]: Torbutton's readme still talks about toggling

[Tor Bug Tracker & Wiki]

#21263: Torbutton's readme still talks about toggling
-+-
 Reporter:  arma |  Owner:
 |  traumschule
 Type:  defect   | Status:
 |  needs_review
 Priority:  Medium   |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tbb-torbutton,   |  Actual Points:
  TorBrowserTeam201809R  |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-
Changes (by gk):

 * keywords:  tbb-torbutton => tbb-torbutton, TorBrowserTeam201809R


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #27719 [Applications/Tor Browser]: Treat unsafe renegotiation as broken

[Tor Bug Tracker & Wiki]

#27719: Treat unsafe renegotiation as broken
--+--
 Reporter:  cypherpunks2  |  Owner:  tbb-team
 Type:  enhancement   | Status:  new
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:
 Keywords:|  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+--

Comment (by gk):

 Relevant Moz bugs:

 https://bugzilla.mozilla.org/show_bug.cgi?id=535649 (original discussion
 and implementation)
 https://bugzilla.mozilla.org/show_bug.cgi?id=665859 (flip the pref to
 `true` as this bug report requests)

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #26857 [Metrics/Website]: Add new page with specifications for reproducing graphs and tables

[Tor Bug Tracker & Wiki]

#26857: Add new page with specifications for reproducing graphs and tables
-+-
 Reporter:  karsten  |  Owner:  karsten
 Type:  enhancement  | Status:  closed
 Priority:  Medium   |  Milestone:
Component:  Metrics/Website  |Version:
 Severity:  Normal   | Resolution:  implemented
 Keywords:   |  Actual Points:
Parent ID:   | Points:
 Reviewer:  irl  |Sponsor:  Sponsor13
-+-
Changes (by karsten):

 * status:  needs_revision => closed
 * resolution:   => implemented


Comment:

 Great! I went with your first suggestion. Merged and deployed. Closing.
 Thanks!

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #27000 [Metrics/Website]: Stop providing pre-aggregated CSV files after September 15

[Tor Bug Tracker & Wiki]

#27000: Stop providing pre-aggregated CSV files after September 15
-+-
 Reporter:  karsten  |  Owner:  karsten
 Type:  enhancement  | Status:  closed
 Priority:  Medium   |  Milestone:
Component:  Metrics/Website  |Version:
 Severity:  Normal   | Resolution:  implemented
 Keywords:   |  Actual Points:
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-
Changes (by karsten):

 * status:  accepted => closed
 * resolution:   => implemented


Comment:

 Made the change, pushed it to master, and deployed it. Closing.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #27715 [Metrics/ExoneraTor]: support relative time in timestamp parameter

[Tor Bug Tracker & Wiki]

#27715: support relative time in timestamp parameter
+--
 Reporter:  exonerator  |  Owner:  metrics-team
 Type:  enhancement | Status:  new
 Priority:  Medium  |  Milestone:
Component:  Metrics/ExoneraTor  |Version:
 Severity:  Normal  | Resolution:
 Keywords:  |  Actual Points:
Parent ID:  | Points:
 Reviewer:  |Sponsor:
+--

Comment (by karsten):

 Hmm, I see the use case, but I don't really like that the `timestamp`
 parameter accepts a date and a number.

 Here's a possible variation of your idea, which would cover even more use
 cases than yours: if the `timestamp` parameter is left empty, we return
 the most recent 3 days when the given IP address was seen in the Tor
 network. We could even include this in the web interface by making the
 date parameter optional and saying what we return if it's left empty.

 In theory, our new database schema should handle this query just fine. It
 should be just one more query in the `date_address24` table to learn the
 latest contained date for a given IP address prefix. That table is
 currently 1130 MB large with over 10 years of data.

 If this makes sense, we can put it on the list. Needs a patch and a fair
 amount of testing, so that we're not running into performance issues
 again.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #27714 [Metrics/ExoneraTor]: support more recent lookups

[Tor Bug Tracker & Wiki]

#27714: support more recent lookups
+--
 Reporter:  exonerator  |  Owner:  metrics-team
 Type:  enhancement | Status:  new
 Priority:  Medium  |  Milestone:
Component:  Metrics/ExoneraTor  |Version:
 Severity:  Normal  | Resolution:
 Keywords:  |  Actual Points:
Parent ID:  | Points:
 Reviewer:  |Sponsor:
+--

Comment (by karsten):

 Reducing the delay from 2 to 1 days or even more is possible and wouldn't
 cause much work. The main reason against doing it is the risk of false
 negatives. The main reason why such false negatives would occur is when
 the database has not been updated for a few hours. Another possible source
 for confusion are time zones.

 I could imagine taking out this limitation, but only if we display a very
 clear warning that the date may be too recent to provide more than a
 preliminary result.

 If this makes sense, I'd like to talk this over with Julius in two weeks,
 who has provided very valuable input on ExoneraTor's web interface in the
 past from his experience as lawyer.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #27716 [Metrics/CollecTor]: Out of memory when loading in multiple years of relay descriptors

[Tor Bug Tracker & Wiki]

#27716: Out of memory when loading in multiple years of relay descriptors
---+--
 Reporter:  irl|  Owner:  metrics-team
 Type:  defect | Status:  new
 Priority:  Medium |  Milestone:
Component:  Metrics/CollecTor  |Version:
 Severity:  Normal | Resolution:
 Keywords: |  Actual Points:
Parent ID: | Points:
 Reviewer: |Sponsor:
---+--

Comment (by karsten):

 I believe this is a duplicate of #20335 where we decided that "the real
 issue is #20395, and the fix to that will magically lead to the
 ReferenceChecker not OOMing anymore." Leaving it up to you if you want us
 to keep this ticket as a reminder, so that we don't accidentally open
 another ticket for this issue in a couple months, assuming that #20395
 still takes a while.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #13474 [Internal Services/Service - trac]: Can we have TracRedirect plugin installed?

[Tor Bug Tracker & Wiki]

#13474: Can we have TracRedirect plugin installed?
--+
 Reporter:  mrphs |  Owner:  (none)
 Type:  enhancement   | Status:  new
 Priority:  Medium|  Milestone:
Component:  Internal Services/Service - trac  |Version:
 Severity:  Normal| Resolution:
 Keywords:|  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+

Comment (by traumschule):

 Would like to have it, to clean outdated stuff from [[wiki:TitleIndex]],
 but i can live without it :)
 (also with #22842 in mind, but i know myself that upgrading trac plugins
 can be annoying)

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #25417 [Core Tor/Tor]: HSFETCH support for v3 Hidden Services

[Tor Bug Tracker & Wiki]

#25417: HSFETCH support for v3 Hidden Services
-+-
 Reporter:  atagar   |  Owner:  (none)
 Type:  defect   | Status:  new
 Priority:  Medium   |  Milestone:  Tor:
 |  unspecified
Component:  Core Tor/Tor |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tor-control, tor-hs, prop224-extra,  |  Actual Points:
  onionbalance   |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-
Changes (by traumschule):

 * keywords:  tor-control, tor-hs, prop224-extra => tor-control, tor-hs,
 prop224-extra, onionbalance


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #26146 [Applications/Tor Browser]: Setting `general.useragent.override` does not spoof the platform part anymore in ESR 60 which is confusing

[Tor Bug Tracker & Wiki]

#26146: Setting `general.useragent.override` does not spoof the platform part
anymore in ESR 60 which is confusing
-+-
 Reporter:  gk   |  Owner:  mcs
 Type:  defect   | Status:  closed
 Priority:  High |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:  fixed
 Keywords:  ff60-esr, tbb-fingerprinting-os, |  Actual Points:
  tbb-8.0-issues, tbb-8.0.1-can, |
  TorBrowserTeam201809R  |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-

Comment (by cypherpunks3):

 Replying to [comment:67 cypherpunks3]:
 > Replying to [comment:66 cypherpunks3]:
 > > Can I get a tl;dr as to what this patch does?
 > When RFP is on, http header is spoofed according to a 2-tuple (windows
 on pc, and android on mobile). Entry in javascript navigator object is
 spoofed according to the 4-tuple described in the bugzilla ticket above
 (android, linux, mac, windows).
 > (That's now another way to pick out tor browser from firefox, not that
 it makes a difference since there were plenty already)
 At least it's somewhat ok since with JS fonts leak OS info, I'm satisfied
 for now with this work but I wish so hard that the great folks here
 wouldn't fall for such cheap arguments ("muuh changing UA will break this
 site that can't even be accessed anonymously!").

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #25277 [Core Tor/Tor]: Summarise the format of v3 hidden service addresses in the Tor man page

[Tor Bug Tracker & Wiki]

#25277: Summarise the format of v3 hidden service addresses in the Tor man page
-+-
 Reporter:  ageisp0lis   |  Owner:
 |  traumschule
 Type:  defect   | Status:  new
 Priority:  Medium   |  Milestone:  Tor:
 |  unspecified
Component:  Core Tor/Tor |Version:  Tor:
 |  0.3.2.1-alpha
 Severity:  Normal   | Resolution:
 Keywords:  prop224, tor-hs, tor-doc,|  Actual Points:
  034-triage-20180328, 034-removed-20180328  |
Parent ID:   | Points:  0.1
 Reviewer:   |Sponsor:
-+-
Changes (by traumschule):

 * status:  assigned => new


Comment:

 Will not work on it, there already is [[doc/HiddenServiceNames]].

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #27669 [Webpages/Website]: Replace recommendations to use tor-ramdisk with something better

[Tor Bug Tracker & Wiki]

#27669: Replace recommendations to use tor-ramdisk with something better
--+
 Reporter:  traumschule   |  Owner:  (none)
 Type:  defect| Status:  new
 Priority:  Medium|  Milestone:
Component:  Webpages/Website  |Version:
 Severity:  Normal| Resolution:
 Keywords:|  Actual Points:
Parent ID:  #13703| Points:
 Reviewer:|Sponsor:
--+

Comment (by traumschule):

 Sep 14 2018 [https://lwn.net/Articles/764788/ Reply to: Trying to get
 STACKLEAK into the kernel]
 Grsecurity's Spender on
 [https://grsecurity.net/~spender/stackleak_response.txt Fix 32bit
 stackleak stack_left test]

 

 Sep 11 2018 [https://blog.mozilla.org/security/2018/09/11/protecting-
 mozillas-github-repositories-from-malicious-modification/ Protecting
 Mozilla’s GitHub Repositories from Malicious Modification]

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #27721 [Applications]: Third party cookie not working even if I explicitly allow them

[Tor Bug Tracker & Wiki]

#27721: Third party cookie not working even if I explicitly allow them
--+
 Reporter:  Multi |  Owner:  (none)
 Type:  defect| Status:  new
 Priority:  Medium|  Milestone:
Component:  Applications  |Version:
 Severity:  Normal|   Keywords:
Actual Points:|  Parent ID:
   Points:|   Reviewer:
  Sponsor:|
--+
 Previously I was able to comment on news websites using my fake Facebook
 account if I allowed third party cookies in the Tor browser but now even
 if I allow third party cookies websites don't know I am logged in  to
 Facebook and I am not able to comment on the news articles.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #4700 [Core Tor/Tor]: Tor should provide a mechanism for hidden services to differentiate authorized clients and circuits

[Tor Bug Tracker & Wiki]

#4700: Tor should provide a mechanism for hidden services to differentiate
authorized clients and circuits
-+-
 Reporter:  katmagic |  Owner:  (none)
 Type:  enhancement  | Status:
 |  merge_ready
 Priority:  Medium   |  Milestone:  Tor:
 |  unspecified
Component:  Core Tor/Tor |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tor-control, needs-proposal, tor-|  Actual Points:
  hs, needs-design, 035-roadmap-master   |
Parent ID:   | Points:  10
 Reviewer:  dgoulet  |Sponsor:
-+-
Changes (by asn):

 * status:  needs_revision => merge_ready


Comment:

 OK, after review and revisions from dgoulet and ahf I present the final
 merge_ready branch:
 https://github.com/torproject/tor/pull/343

 I'm also gonna send this to mahrud so that he can check it out.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #27680 [Webpages/Website]: Explain how to use auth cookie for onion services

[Tor Bug Tracker & Wiki]

#27680: Explain how to use auth cookie for onion services
--+-
 Reporter:  traumschule   |  Owner:  traumschule
 Type:  enhancement   | Status:  assigned
 Priority:  Medium|  Milestone:
Component:  Webpages/Website  |Version:
 Severity:  Normal| Resolution:
 Keywords:|  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+-
Changes (by traumschule):

 * owner:  (none) => traumschule
 * status:  new => assigned


Comment:

 asn told on IRC that this is not implemented for v3 onion services, but it
 may be good to have it in the FAQ and the onion page at
 http://expyuzz4wqqyqhjn.onion/docs/tor-onion-service.html.en

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #21263 [Applications/Tor Browser]: Torbutton's readme still talks about toggling

[Tor Bug Tracker & Wiki]

#21263: Torbutton's readme still talks about toggling
--+--
 Reporter:  arma  |  Owner:  traumschule
 Type:  defect| Status:  needs_review
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:
 Keywords:  tbb-torbutton |  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+--
Changes (by traumschule):

 * status:  assigned => needs_review


Comment:

 Fixed in https://github.com/traumschule/torbutton

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #20928 [Community/Outreach]: Document our privacy-preserving webserver log setup for the world

[Tor Bug Tracker & Wiki]

#20928: Document our privacy-preserving webserver log setup for the world
+
 Reporter:  arma|  Owner:  (none)
 Type:  task| Status:  new
 Priority:  Medium  |  Milestone:
Component:  Community/Outreach  |Version:
 Severity:  Normal  | Resolution:
 Keywords:  |  Actual Points:
Parent ID:  | Points:
 Reviewer:  |Sponsor:
+

Comment (by traumschule):

 Maybe link in the footer to a paragraph on contact explaining and linking
 [https://salsa.debian.org/dsa-team/mirror/dsa-
 puppet/raw/master/modules/apache2/files/logformat-privacy this] and then a
 blog post?

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #27110 [Applications/Tor Browser]: TBB segfaults on I/O error and silently fails to restart

[Tor Bug Tracker & Wiki]

#27110: TBB segfaults on I/O error and silently fails to restart
--+---
 Reporter:  traumschule   |  Owner:  tbb-team
 Type:  defect| Status:  needs_information
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:
 Keywords:|  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+---

Comment (by traumschule):

 reported it upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=1491537

 Hit {{{segfault at 0 ip af1f6ca7 sp ae9a6080 error 6 in
 libxul.so[aed4b000+6b9e000]}}} once more, this time reloading trac:

 {{{
 JavaScript error:
 
http://ea5faa5po25cf7fb.onion/projects/tor/chrome/autocomplete/js/autocomplete.js,
 line 96: TypeError: $.browser is undefined
 ASSERT: Giving up waiting for the tab closing animation to finish (bug
 608589)
 ./Browser/start-tor-browser: line 375: 19262 Segmentation fault
 TOR_CONTROL_PASSWD=${TOR_CONTROL_PASSWD}
 ./firefox --class "Tor Browser" -profile
 TorBrowser/Data/Browser/profile.default "${@}" < /dev/null
 }}}

 syslog showed
 {{{
 Sep 15 10:37:45 t43 kernel: [1075156.616000] Chrome_~dThread[19315]:
 segfault at 0 ip af20d0a7 sp ae9b9080 error 6 in
 libxul.so[aed61000+6bb]
 Sep 15 10:37:46 t43 kernel: [1075157.839491] Chrome_~dThread[19578]:
 segfault at 0 ip af1940a7 sp ae940080 error 6 in
 libxul.so[aece8000+6bb]
 Sep 15 10:37:46 t43 kernel: [1075159.792345] Chrome_~dThread[19538]:
 segfault at 0 ip af24a0a7 sp ae9f6080 error 6 in
 libxul.so[aed9e000+6bb]
 Sep 15 10:37:52 t43 kernel: [1075166.289269] Chrome_~dThread[19559]:
 segfault at 0 ip af20e0a7 sp ae9ba080 error 6 in
 libxul.so[aed62000+6bb]
 }}}

 dpkg upgraded libc and other packages shortly before, wonder if this is
 related. dpkg.log:
 {{{
 2018-09-15 09:47:10 upgrade emacsen-common:all 3.0.2 3.0.3
 2018-09-15 10:01:39 upgrade gir1.2-gtksource-3.0:i386 3.24.8-1 3.24.9-1
 2018-09-15 10:08:40 upgrade gnome-settings-daemon:i386 3.28.1-1 3.30.0-1
 2018-09-15 10:12:57 upgrade libarchive-zip-perl:all 1.63-1 1.64-1
 2018-09-15 10:17:59 upgrade libgc1c2:i386 1:7.4.2-8.3 1:7.6.4-0.4
 2018-09-15 10:25:39 upgrade libgtksourceview-3.0-common:all 3.24.8-1
 3.24.9-1
 2018-09-15 10:31:45 upgrade libgweather-3-15:i386 3.28.1-1 3.28.2-1
 }}}
 The system was heavily swapping during the upgrade and load was at 8 for
 long periods of time, so maybe I/O timout again.

 Found users who caught the same:
 https://bugs.launchpad.net/ubuntu/+source/firefox/+bug/1656065
 https://bugs.launchpad.net/ubuntu/+source/firefox/+bug/1766875
 https://forums.linuxmint.com/viewtopic.php?t=266558

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #27720 [Internal Services]: New registrar - torproject.fr

[Tor Bug Tracker & Wiki]

#27720: New registrar - torproject.fr
---+
 Reporter:  goose  |  Owner:  (none)
 Type:  task   | Status:  new
 Priority:  Medium |  Milestone:
Component:  Internal Services  |Version:
 Severity:  Normal |   Keywords:
Actual Points: |  Parent ID:
   Points: |   Reviewer:
  Sponsor: |
---+
 Hi,

 I want to inform you that torproject.fr is going to move to a new regstrar
 within the next 7 days. Please tell me if i should change the Tor DNS
 entries otherwise i will put the actual ones back in place after the
 transfer.

 Thx.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #27719 [Applications/Tor Browser]: Treat unsafe renegotiation as broken

[Tor Bug Tracker & Wiki]

#27719: Treat unsafe renegotiation as broken
--+--
 Reporter:  cypherpunks2  |  Owner:  tbb-team
 Type:  enhancement   | Status:  new
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal|   Keywords:
Actual Points:|  Parent ID:
   Points:|   Reviewer:
  Sponsor:|
--+--
 Tor Browser currently has `security.ssl.treat_unsafe_negotiation_as_broken
 = false` which means that sites with unsafe renegotiation will not display
 any warnings. Unsafe renegotiation makes MITM attacks possible, so this
 setting should be changed to `true` so vulnerable sites display a warning
 (red padlock indicating broken encryption).

 See https://security.stackexchange.com/a/111922 for more information.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs