[tor-bugs] #31033 [Applications/Tor Browser]: TorBrowser window won't appear on the screen

[Tor Bug Tracker & Wiki]

#31033: TorBrowser window won't appear on the screen
-+-
 Reporter:  mrasoulib|  Owner:  tbb-team
 Type:  defect   | Status:  new
 Priority:  High |  Component:  Applications/Tor
 |  Browser
  Version:  sbws: unspecified|   Severity:  Critical
 Keywords:  TorBrowser window won't  |  Actual Points:
  show up|
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-
 When I open tor browser by running "Start Tor Browser" the connection
 appears to be successful, but no TorBrowser window appears afterwards.
 When I run the program again I receive the following error message:
 "Tor Browser is already running, but is not responding. The old Tor
 Browser process must be closed to open a new window."
 No browser windows ever appear on the screen.
 After installing the TorBrowser again, everything is good for a couple of
 times, but then the same problem occurs.
 I'm running the program on Windows 10.
 My TorProject installer file is "torbrowser-install-win64-9.0a1_en-US".

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #13828 [Core Tor/Tor]: Refactor rend_cache_store_v2_desc_as_dir and rend_cache_store_v2_desc_as_client to avoid duplicate code

[Tor Bug Tracker & Wiki]

#13828: Refactor rend_cache_store_v2_desc_as_dir and
rend_cache_store_v2_desc_as_client to avoid duplicate code
-+-
 Reporter:  arma |  Owner:  (none)
 Type:  enhancement  | Status:  new
 Priority:  Very Low |  Milestone:  Tor:
 |  unspecified
Component:  Core Tor/Tor |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tor-hs, easy, refactor, technical-   |  Actual Points:
  debt   |
Parent ID:   | Points:  1
 Reviewer:   |Sponsor:
-+-

Comment (by arma):

 I propose closing this ticket as wontfix, since none of the onion service
 devs want to touch the v2 code anymore.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #30931 [Circumvention/Snowflake]: Setup accounts for publishing the webextension

[Tor Bug Tracker & Wiki]

#30931: Setup accounts for publishing the webextension
-+-
 Reporter:  arlolra  |  Owner:  phw
 Type:  defect   | Status:  closed
 Priority:  Medium   |  Milestone:
Component:  Circumvention/Snowflake  |Version:
 Severity:  Normal   | Resolution:  implemented
 Keywords:  snowflake-webextension   |  Actual Points:
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-

Comment (by arlolra):

 > I just paid mine but not sure about others in the group.

 I paid at the time I attempted to publish.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #30199 [Applications/Tor Browser]: tor-android-service: Review 2019/04/16

[Tor Bug Tracker & Wiki]

#30199: tor-android-service: Review 2019/04/16
-+-
 Reporter:  sysrqb   |  Owner:  tbb-
 |  team
 Type:  defect   | Status:  new
 Priority:  Medium   |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tbb-mobile, tbb-8.5, |  Actual Points:
  TorBrowserTeam201906   |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-

Comment (by sisbell):

 The original branch point was from commit:
 8ad7668013a7291b98cf8689cd99961db69f8ed3

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #30978 [Circumvention/Snowflake]: Get snowflake metrics published

[Tor Bug Tracker & Wiki]

#30978: Get snowflake metrics published
---+---
 Reporter:  cohosh |  Owner:  (none)
 Type:  task   | Status:  new
 Priority:  Medium |  Milestone:
Component:  Circumvention/Snowflake|Version:
 Severity:  Normal | Resolution:
 Keywords:  metrics, snowflake, stats  |  Actual Points:
Parent ID: | Points:
 Reviewer: |Sponsor:  Sponsor28
---+---
Description changed by cohosh:

Old description:

> We've now implemented the collection of snowflake stats at the broker:
> #21315, and the metrics team has signed off of them as ready to publish.
>
> The next step is to figure out how to export these statistics and where
> to publish them.

New description:

 We've now implemented the collection of snowflake stats at the broker:
 #21315, and the metrics team has signed off of them as ready to publish.

 The next step is to figure out how to export these statistics and where to
 publish them.

 Noting that we should keep an eye on the guidelines in #29315 for this.

--

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #29734 [Circumvention/Snowflake]: Broker should receive country stats information from Proxy and Client

[Tor Bug Tracker & Wiki]

#29734: Broker should receive country stats information from Proxy and Client
-+
 Reporter:  cohosh   |  Owner:  cohosh
 Type:  enhancement  | Status:  closed
 Priority:  Medium   |  Milestone:
Component:  Circumvention/Snowflake  |Version:
 Severity:  Normal   | Resolution:  implemented
 Keywords:  snowflake, geoip, stats  |  Actual Points:  2
Parent ID:  #29207   | Points:  1
 Reviewer:  ahf  |Sponsor:  Sponsor28-must
-+
Changes (by cohosh):

 * status:  merge_ready => closed
 * resolution:   => implemented


Comment:

 Merged to master and deployed with #21315.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #21315 [Circumvention/Snowflake]: publish some realtime stats from the broker?

[Tor Bug Tracker & Wiki]

#21315: publish some realtime stats from the broker?
-+---
 Reporter:  arma |  Owner:  cohosh
 Type:  enhancement  | Status:  closed
 Priority:  Medium   |  Milestone:
Component:  Circumvention/Snowflake  |Version:
 Severity:  Normal   | Resolution:  implemented
 Keywords:  anti-censorship-roadmap  |  Actual Points:
Parent ID:  #29461   | Points:
 Reviewer:  phw  |Sponsor:  Sponsor28-can
-+---
Changes (by cohosh):

 * status:  merge_ready => closed
 * resolution:   => implemented


Comment:

 Merged to master and deployed.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #31009 [Core Tor/Tor]: Tor lets transports advertise private IP addresses in descriptor

[Tor Bug Tracker & Wiki]

#31009: Tor lets transports advertise private IP addresses in descriptor
-+-
 Reporter:  phw  |  Owner:  (none)
 Type:  defect   | Status:
 |  needs_review
 Priority:  Medium   |  Milestone:  Tor:
 |  0.4.2.x-final
Component:  Core Tor/Tor |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tor-pt, tor-bridge, 029-backport,|  Actual Points:
  035-backport, 040-backport, 041-backport   |
Parent ID:   | Points:  0.5
 Reviewer:   |Sponsor:
 |  Sponsor28-can
-+-

Comment (by arma):

 I'd be pleased for somebody else to write up a changes file and make some
 git branches here.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #31032 [Internal Services/Service - deb.tpo]: Use narrowly-scoped signing keys in instructions for using torproject apt repository

[Tor Bug Tracker & Wiki]

#31032: Use narrowly-scoped signing keys in instructions for using torproject 
apt
repository
-+
 Reporter:  dkg  |  Owner:  weasel
 Type:  defect   | Status:  new
 Priority:  Medium   |  Milestone:
Component:  Internal Services/Service - deb.tpo  |Version:
 Severity:  Normal   | Resolution:
 Keywords:   |  Actual Points:
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+
Changes (by anarcat):

 * owner:  (none) => weasel
 * component:  - Select a component => Internal Services/Service - deb.tpo


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #31032 [- Select a component]: Use narrowly-scoped signing keys in instructions for using torproject apt repository

[Tor Bug Tracker & Wiki]

#31032: Use narrowly-scoped signing keys in instructions for using torproject 
apt
repository
--+
 Reporter:  dkg   |  Owner:  (none)
 Type:  defect| Status:  new
 Priority:  Medium|  Milestone:
Component:  - Select a component  |Version:
 Severity:  Normal|   Keywords:
Actual Points:|  Parent ID:
   Points:|   Reviewer:
  Sponsor:|
--+
 https://2019.www.torproject.org/docs/debian.html.en engages in a number of
 suboptimal practices.  In particular, it should not encourage users to use
 `apt-key add` with an OpenPGP certificate that is not expected to certify
 all repositories on the machine.

 See https://wiki.debian.org/DebianRepository/UseThirdParty for reasonable
 guidance on setting up third party APT repositories.

 (at the very least: place the key someplace like
 `/usr/local/share/keyrings/tor-project-arhcive.gpg` and then use a
 `signed-by` directive in the apt repository configuration)

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #10760 [Applications/Tor Browser]: Integrate TorButton to TorBrowser core to prevent users from disabling it

[Tor Bug Tracker & Wiki]

#10760: Integrate TorButton to TorBrowser core to prevent users from disabling 
it
-+-
 Reporter:  Rezonansowy  |  Owner:  tbb-
 |  team
 Type:  defect   | Status:
 |  needs_revision
 Priority:  High |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  AffectsTails, tbb-parity, ux-team,   |  Actual Points:
  TorBrowserTeam201906, GeorgKoppen201906|
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-

Comment (by gk):

 Replying to [comment:67 acat]:
 > I addressed the comments in a new branch: https://github.com/acatarineu
 /tor-browser/compare/30429+1..30429+2.
 >
 > I rebased the previous branch, fixing up the torbutton commit and
 squashing the circuit UI commit. Also realized that I had done the locale
 deduplication changes as a fixup for the torbutton integration commit, but
 > I think it should have been for the security UI one. So I moved those
 changes to the security UI commit (Bug 25658). Also included a couple of
 changes not mentioned in the review: removed redundant torbutton in
 `toolkit/moz.build` and removed `Example *` from `identityPanel.inc.xul`.
 >
 > Is it fine to take 30429+2 as the next 'active' branch for #30429, or
 will make the ongoing review of the patches more difficult?

 Works for me. I stick to `30429` for now until I am done with that one for
 a first round.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #10760 [Applications/Tor Browser]: Integrate TorButton to TorBrowser core to prevent users from disabling it

[Tor Bug Tracker & Wiki]

#10760: Integrate TorButton to TorBrowser core to prevent users from disabling 
it
-+-
 Reporter:  Rezonansowy  |  Owner:  tbb-
 |  team
 Type:  defect   | Status:
 |  needs_revision
 Priority:  High |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  AffectsTails, tbb-parity, ux-team,   |  Actual Points:
  TorBrowserTeam201906, GeorgKoppen201906|
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-
Changes (by gk):

 * cc: yawning (removed)


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #10760 [Applications/Tor Browser]: Integrate TorButton to TorBrowser core to prevent users from disabling it

[Tor Bug Tracker & Wiki]

#10760: Integrate TorButton to TorBrowser core to prevent users from disabling 
it
-+-
 Reporter:  Rezonansowy  |  Owner:  tbb-
 |  team
 Type:  defect   | Status:
 |  needs_revision
 Priority:  High |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  AffectsTails, tbb-parity, ux-team,   |  Actual Points:
  TorBrowserTeam201906, GeorgKoppen201906|
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-

Comment (by yawning):

 Since I can't do so, can someone remove me from the cc of this.  Thanks.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #10760 [Applications/Tor Browser]: Integrate TorButton to TorBrowser core to prevent users from disabling it

[Tor Bug Tracker & Wiki]

#10760: Integrate TorButton to TorBrowser core to prevent users from disabling 
it
-+-
 Reporter:  Rezonansowy  |  Owner:  tbb-
 |  team
 Type:  defect   | Status:
 |  needs_revision
 Priority:  High |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  AffectsTails, tbb-parity, ux-team,   |  Actual Points:
  TorBrowserTeam201906, GeorgKoppen201906|
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-

Comment (by acat):

 I addressed the comments in a new branch: https://github.com/acatarineu
 /tor-browser/compare/30429+1..30429+2.

 I rebased the previous branch, fixing up the torbutton commit and
 squashing the circuit UI commit. Also realized that I had done the locale
 deduplication changes as a fixup for the torbutton integration commit, but
 I think it should have been for the security UI one. So I moved those
 changes to the security UI commit (Bug 25658). Also included a couple of
 changes not mentioned in the review: removed redundant torbutton in
 `toolkit/moz.build` and removed `Example *` from `identityPanel.inc.xul`.

 Is it fine to take 30429+2 as the next 'active' branch for #30429, or will
 make the ongoing review of the patches more difficult?

 > We don't need the stringbundleset for torbutton.properties anymore?.
 I think we don't, did not see any code in torbutton getting the
 stringbundle element by id.

 > Additionally, I guess you omitted all the toolbaricon parts as we don't
 want to expose the onion anymore on the toolbar? If so, then this sounds
 good to me.
 Yes, that's the case.

 > Where does it remove the duplicated translations in that commit?
 I meant that the duplicated strings from properties are not used anymore
 in that commit (and therefore can be removed). But did not remove them
 from the translation files yet.

 > The general approach looks good to me, nice find. I think we should get
 rid of all getString() calls while we are at it and make sure that
 everything we need is available both for desktop and mobile, hence in the
 .dtd file (we have #24653 for the localization parity part which could be
 solved while redoing this part).
 So, if I understand it correctly, we should remove
 securityLevel.properties and move the non-duplicated ones to
 torbutton.dtd. Should we adapt the keys like:
 `securityLevel.safest.tooltip` -> `torbutton.prefs.sec_safest_tooltip`?
 Should I do a translation repository patch for this and review it here?

 > any reason to not append the about:tor handler to the list in
 nsAboutRedirector.cpp but putting it between crashparent and crashcontent?
 No, changed that.

 > We should think as well more general about a mechanism of avoiding
 duplicated translations as I am not sure whether the hack you found is
 applicable in more than the sec-settings situation.
 Do you have in mind specific cases where it would not work? I think from
 privileged code we will always be able to create a domparser to get the
 translation (actually, currently also from non-privileged web content).
 But in any case, I think Fluent is the way to go for this, a single format
 that will work for programatic and "document" localization without these
 hacks.

 > using a NullPrincipal for new tabs seems indeed to be a good idea; Would
 we get away with that for about:tor as well given that we try hard to give
 it only content privs with the nsIAboutModule
 I did not find a way to open it with nullprincipal. I also tried other
 about:*, and only `about:home`, `about:newtab` and `about:welcome` worked
 for me (maybe it's because they have special handling in
 `AboutRedirector::NewChannel`?).

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #31009 [Core Tor/Tor]: Tor lets transports advertise private IP addresses in descriptor

[Tor Bug Tracker & Wiki]

#31009: Tor lets transports advertise private IP addresses in descriptor
-+-
 Reporter:  phw  |  Owner:  (none)
 Type:  defect   | Status:
 |  needs_review
 Priority:  Medium   |  Milestone:  Tor:
 |  0.4.2.x-final
Component:  Core Tor/Tor |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tor-pt, tor-bridge, 029-backport,|  Actual Points:
  035-backport, 040-backport, 041-backport   |
Parent ID:   | Points:  0.5
 Reviewer:   |Sponsor:
 |  Sponsor28-can
-+-
Changes (by gaba):

 * sponsor:   => Sponsor28-can


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #30999 [Circumvention/Snowflake]: Spruce up the product pages

[Tor Bug Tracker & Wiki]

#30999: Spruce up the product pages
-+--
 Reporter:  arlolra  |  Owner:  cohosh
 Type:  defect   | Status:  assigned
 Priority:  Medium   |  Milestone:
Component:  Circumvention/Snowflake  |Version:
 Severity:  Normal   | Resolution:
 Keywords:  snowflake-webextension   |  Actual Points:
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+--
Changes (by cohosh):

 * status:  new => assigned
 * owner:  (none) => cohosh


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #31031 [Applications/Tor Browser]: Tor Browser trying to read /etc/machine-id on start

[Tor Bug Tracker & Wiki]

#31031: Tor Browser trying to read /etc/machine-id on start
+--
 Reporter:  rain-undefined  |  Owner:  tbb-team
 Type:  defect  | Status:  new
 Priority:  Medium  |  Component:  Applications/Tor Browser
  Version:  |   Severity:  Normal
 Keywords:  |  Actual Points:
Parent ID:  | Points:
 Reviewer:  |Sponsor:
+--
 Steps to reproduce:

 - Tor Browser from the official website
 - Download and enable the AppArmor profile from https://github.com/Whonix
 /apparmor-profile-torbrowser (you may need to modify 2 or 3 lines due to
 different naming, e.g. change `*-browser` to `*-browser*`)
 - Start TorBrowser
 - Inspect `/var/log/kern.log`

 You'll see a message like
 `Jun 29 01:23:45 debian kernel: [xx.xx] audit: type=1400
 audit(xx.xxx:xx): apparmor="DENIED" operation="open"
 profile="/**/*-browser*/Browser/firefox" name="/etc/machine-id" pid=
 comm="firefox.real" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0`

 Not sure if this behaviour is also present in Firefox, maybe test it when
 I have time.

 ---
 Debian 10 "Buster"
 Tor Browser 8.5.3
 AppArmor 2.13.2-10

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #30931 [Circumvention/Snowflake]: Setup accounts for publishing the webextension

[Tor Bug Tracker & Wiki]

#30931: Setup accounts for publishing the webextension
-+-
 Reporter:  arlolra  |  Owner:  phw
 Type:  defect   | Status:  closed
 Priority:  Medium   |  Milestone:
Component:  Circumvention/Snowflake  |Version:
 Severity:  Normal   | Resolution:  implemented
 Keywords:  snowflake-webextension   |  Actual Points:
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-

Comment (by cohosh):

 Okay just looked at this page here:
 https://developer.chrome.com/webstore/publish#set-up-group-publishing
 - Each member of the group must pay the developer fee.
 I just paid mine but not sure about others in the group.

 Looks like there's a possibility for a group collaborative inbox here:
 https://support.google.com/a/answer/167430?hl=en

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #31030 [Core Tor/Tor]: Coverity: Several warnings from test code

[Tor Bug Tracker & Wiki]

#31030: Coverity: Several warnings from test code
--+
 Reporter:  nickm |  Owner:  nickm
 Type:  defect| Status:  needs_review
 Priority:  Medium|  Milestone:  Tor: 0.4.2.x-final
Component:  Core Tor/Tor  |Version:
 Severity:  Normal| Resolution:
 Keywords:  coverity  |  Actual Points:  .1
Parent ID:| Points:
 Reviewer:|Sponsor:
--+
Changes (by nickm):

 * status:  assigned => needs_review
 * keywords:   => coverity
 * actualpoints:   => .1
 * milestone:   => Tor: 0.4.2.x-final


Comment:

 See branch `ticket31030` with PR at
 https://github.com/torproject/tor/pull/1154

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #31030 [Core Tor/Tor]: Coverity: Several warnings from test code

[Tor Bug Tracker & Wiki]

#31030: Coverity: Several warnings from test code
--+--
 Reporter:  nickm |  Owner:  nickm
 Type:  defect| Status:  assigned
 Priority:  Medium|  Milestone:
Component:  Core Tor/Tor  |Version:
 Severity:  Normal|   Keywords:
Actual Points:|  Parent ID:
   Points:|   Reviewer:
  Sponsor:|
--+--
 Coverity gives a half dozen or so new warnings in our unit test code.
 These are all harmless, since they're test-only, but they are still worth
 fixing.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #31025 [Core Tor/Tor]: Coverity is confused by switch statement in siphash24 implementation

[Tor Bug Tracker & Wiki]

#31025: Coverity is confused by switch statement in siphash24 implementation
--+
 Reporter:  nickm |  Owner:  nickm
 Type:  defect| Status:  needs_review
 Priority:  Medium|  Milestone:  Tor: 0.4.2.x-final
Component:  Core Tor/Tor  |Version:
 Severity:  Normal| Resolution:
 Keywords:  coverity  |  Actual Points:  .1
Parent ID:| Points:
 Reviewer:|Sponsor:
--+
Changes (by nickm):

 * status:  assigned => needs_review
 * actualpoints:   => .1


Comment:

 https://github.com/torproject/tor/pull/1153 (`ticket31025`) is the best I
 could come up with here: using a slightly different byte-copy
 implementation when building for coverity.

 I tried switching to this implementation unconditionally, but it caused a
 performance regression in siphash.

 I do not know for certain if this will shut coverity up or not. :)

 Another alternative might be writing a coverity model for the siphash24
 function.  I don't actually know how to do that correctly, though.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #30708 [Circumvention/Obfs4]: Create a docker image for obfs4proxy

[Tor Bug Tracker & Wiki]

#30708: Create a docker image for obfs4proxy
+--
 Reporter:  phw |  Owner:  phw
 Type:  task| Status:
|  needs_review
 Priority:  Medium  |  Milestone:
Component:  Circumvention/Obfs4 |Version:
 Severity:  Normal  | Resolution:
 Keywords:  anti-censorship-roadmap, sponsor28  |  Actual Points:
Parent ID:  #30777  | Points:  3
 Reviewer:  cohosh  |Sponsor:
|  Sponsor28-must
+--
Changes (by cohosh):

 * reviewer:   => cohosh


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #30931 [Circumvention/Snowflake]: Setup accounts for publishing the webextension

[Tor Bug Tracker & Wiki]

#30931: Setup accounts for publishing the webextension
-+-
 Reporter:  arlolra  |  Owner:  phw
 Type:  defect   | Status:  closed
 Priority:  Medium   |  Milestone:
Component:  Circumvention/Snowflake  |Version:
 Severity:  Normal   | Resolution:  implemented
 Keywords:  snowflake-webextension   |  Actual Points:
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-

Comment (by cohosh):

 Replying to [comment:20 arlolra]:
 > > I was able to publish it but it's pending review.
 >
 > Sadly, it was rejected from the chrome web store.  There doesn't seem to
 be any indication as to why though.  Maybe I didn't fill in enough info
 and we should tackle #30999 first.
 >
 > I filed #31029 so that we can still have a way to distribute it to
 Chrome users in the meantime.
 Hmm, looks we don't have a contact email address for the group. That might
 be why we aren't getting the feedback. Is there some way we could make a
 shared email alias?

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #31029 [Circumvention/Snowflake]: Advertise the webextension outside the various stores

[Tor Bug Tracker & Wiki]

#31029: Advertise the webextension outside the various stores
-+
 Reporter:  arlolra  |  Owner:  (none)
 Type:  defect   | Status:  new
 Priority:  Medium   |  Milestone:
Component:  Circumvention/Snowflake  |Version:
 Severity:  Normal   | Resolution:
 Keywords:  snowflake-webextension   |  Actual Points:
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+
Changes (by gaba):

 * cc: stephw, gaba (added)


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #30931 [Circumvention/Snowflake]: Setup accounts for publishing the webextension

[Tor Bug Tracker & Wiki]

#30931: Setup accounts for publishing the webextension
-+-
 Reporter:  arlolra  |  Owner:  phw
 Type:  defect   | Status:  closed
 Priority:  Medium   |  Milestone:
Component:  Circumvention/Snowflake  |Version:
 Severity:  Normal   | Resolution:  implemented
 Keywords:  snowflake-webextension   |  Actual Points:
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-

Comment (by arlolra):

 > I was able to publish it but it's pending review.

 Sadly, it was rejected from the chrome web store.  There doesn't seem to
 be any indication as to why though.  Maybe I didn't fill in enough info
 and we should tackle #30999 first.

 I filed #31029 so that we can still have a way to distribute it to Chrome
 users in the meantime.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #31029 [Circumvention/Snowflake]: Advertise the webextension outside the various stores

[Tor Bug Tracker & Wiki]

#31029: Advertise the webextension outside the various stores
-+-
 Reporter:  arlolra  |  Owner:  (none)
 Type:  defect   | Status:  new
 Priority:  Medium   |  Milestone:
Component:  Circumvention/Snowflake  |Version:
 Severity:  Normal   |   Keywords:  snowflake-
 |  webextension
Actual Points:   |  Parent ID:
   Points:   |   Reviewer:
  Sponsor:   |
-+-
 Most likely on https://snowflake.torproject.org/

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #30998 [Circumvention/Snowflake]: Use HTTP/1.1 in websocket server for compatibility with Firefox and Safari

[Tor Bug Tracker & Wiki]

#30998: Use HTTP/1.1 in websocket server for compatibility with Firefox and 
Safari
-+
 Reporter:  cohosh   |  Owner:  alolra
 Type:  defect   | Status:  closed
 Priority:  High |  Milestone:
Component:  Circumvention/Snowflake  |Version:
 Severity:  Normal   | Resolution:  fixed
 Keywords:  snowflake-webextension   |  Actual Points:
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+
Changes (by arlolra):

 * status:  merge_ready => closed
 * resolution:   => fixed


Comment:

 > Do you want to try deploying it?

 I'm assuming you mean me.

 I followed the
 
[https://trac.torproject.org/projects/tor/wiki/org/teams/AntiCensorshipTeam/SnowflakeBridgeSurvivalGuide
 survival guide] and it seemed to go ok.  Some tests with the webextension
 in Firefox proved fruitful.

 > I guess this is another reason (along with #28726 and #29125) to migrate
 away from the custom websocket library and use one of the third-party
 libraries that has emerged since it was written.

 Filed #31028 for that

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #31028 [Circumvention/Snowflake]: Migrate away from the custom websocket library

[Tor Bug Tracker & Wiki]

#31028: Migrate away from the custom websocket library
-+
 Reporter:  arlolra  |  Owner:  (none)
 Type:  defect   | Status:  new
 Priority:  Medium   |  Milestone:
Component:  Circumvention/Snowflake  |Version:
 Severity:  Normal   |   Keywords:
Actual Points:   |  Parent ID:
   Points:   |   Reviewer:
  Sponsor:   |
-+
 See comment:14:ticket:30998

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #31026 [Core Tor/Tor]: Coverity doesn't understand that begin_cell_parse() won't return address==NULL when is_begindir is false

[Tor Bug Tracker & Wiki]

#31026: Coverity doesn't understand that begin_cell_parse() won't return
address==NULL when is_begindir is false
--+
 Reporter:  nickm |  Owner:  nickm
 Type:  defect| Status:  needs_review
 Priority:  Medium|  Milestone:  Tor: 0.4.2.x-final
Component:  Core Tor/Tor  |Version:
 Severity:  Normal| Resolution:
 Keywords:  coverity  |  Actual Points:  .1
Parent ID:| Points:
 Reviewer:|Sponsor:
--+
Changes (by nickm):

 * status:  assigned => needs_review
 * actualpoints:   => .1


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #31026 [Core Tor/Tor]: Coverity doesn't understand that begin_cell_parse() won't return address==NULL when is_begindir is false

[Tor Bug Tracker & Wiki]

#31026: Coverity doesn't understand that begin_cell_parse() won't return
address==NULL when is_begindir is false
--+
 Reporter:  nickm |  Owner:  nickm
 Type:  defect| Status:  assigned
 Priority:  Medium|  Milestone:  Tor: 0.4.2.x-final
Component:  Core Tor/Tor  |Version:
 Severity:  Normal| Resolution:
 Keywords:  coverity  |  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+

Comment (by nickm):

 Fix in `ticket31026`; PR at https://github.com/torproject/tor/pull/1152

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #31027 [Core Tor/Tor]: Coverity: circpadding: dead code in circpad_machine_remove_token

[Tor Bug Tracker & Wiki]

#31027: Coverity: circpadding: dead code in  circpad_machine_remove_token
--+
 Reporter:  nickm |  Owner:  (none)
 Type:  defect| Status:  new
 Priority:  Medium|  Milestone:  Tor: 0.4.2.x-final
Component:  Core Tor/Tor  |Version:
 Severity:  Normal|   Keywords:  coverity
Actual Points:|  Parent ID:
   Points:|   Reviewer:
  Sponsor:|
--+
 In `circpad_machine_remove_token()`, we check for `state==NULL` on line
 1087, and then again on line 1107.  Since state is not assigned between
 these points, the second check is dead code.

 This is CID 1447298.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #31026 [Core Tor/Tor]: Coverity doesn't understand that begin_cell_parse() won't return address==NULL when is_begindir is false

[Tor Bug Tracker & Wiki]

#31026: Coverity doesn't understand that begin_cell_parse() won't return
address==NULL when is_begindir is false
--+
 Reporter:  nickm |  Owner:  nickm
 Type:  defect| Status:  assigned
 Priority:  Medium|  Milestone:  Tor: 0.4.2.x-final
Component:  Core Tor/Tor  |Version:
 Severity:  Normal|   Keywords:  coverity
Actual Points:|  Parent ID:
   Points:|   Reviewer:
  Sponsor:|
--+
 This is CID 1447296.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #31025 [Core Tor/Tor]: Coverity is confused by switch statement in siphash24 implementation

[Tor Bug Tracker & Wiki]

#31025: Coverity is confused by switch statement in siphash24 implementation
--+
 Reporter:  nickm |  Owner:  nickm
 Type:  defect| Status:  assigned
 Priority:  Medium|  Milestone:  Tor: 0.4.2.x-final
Component:  Core Tor/Tor  |Version:
 Severity:  Normal|   Keywords:  coverity
Actual Points:|  Parent ID:
   Points:|   Reviewer:
  Sponsor:|
--+
 Even when `siphash24()` is called with a constant src_len, coverity seems
 to think we might be indexing beyond that length.  My guess is that
 coverity can't handle the switch statement syntax that we're using.

 This is CID 1447293 and CID 1447295.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #31024 [Core Tor/Tor]: Coverity: circpadding: always check circpad_machine_current_state()

[Tor Bug Tracker & Wiki]

#31024: Coverity: circpadding: always check circpad_machine_current_state()
--+-
 Reporter:  nickm |  Owner:  (none)
 Type:  defect| Status:  new
 Priority:  Medium|  Milestone:  Tor: 0.4.1.x-final
Component:  Core Tor/Tor  |Version:
 Severity:  Normal|   Keywords:  041-should coverity
Actual Points:|  Parent ID:
   Points:|   Reviewer:
  Sponsor:|
--+-
 We usually check `circpad_machine_current_state()`'s return value, but in
 2 places we don't.  Coverity thinks that we're messing up in those cases.

 This is CID 1447297 [circpad_estimate_circ_rtt_on_received] and 1447291
 [circpad_is_token_removal_supported].

 I suggest that we change our code to test the pointer in those cases.  If
 we're sure that it can't be NULL, we can is an `if (BUG(...))` check.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #31022 [Core Tor/Tor]: Tor's windows "--service install" should warn if it installs on a global writeable path

[Tor Bug Tracker & Wiki]

#31022: Tor's windows "--service install" should warn if it installs on a global
writeable path
---+---
 Reporter:  asn|  Owner:  (none)
 Type:  defect | Status:  new
 Priority:  Medium |  Milestone:  Tor:
   |  0.4.2.x-final
Component:  Core Tor/Tor   |Version:
 Severity:  Normal | Resolution:
 Keywords:  hackerone bug-bounty security  |  Actual Points:
Parent ID: | Points:  0.3
 Reviewer: |Sponsor:
---+---

Comment (by cypherpunks):

 > The Tor service runs under `NT authority\local service` account, so if
 an admin unzips tor.exe into a folder that is writable by non-admin users
 (e.g. C:\tor), then
 fire that admin.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #31008 [Core Tor/Tor]: Typographical error on tor man pages help command

[Tor Bug Tracker & Wiki]

#31008: Typographical error on tor man pages help command
-+-
 Reporter:  clash|  Owner:  (none)
 Type:  defect   | Status:
 |  merge_ready
 Priority:  Medium   |  Milestone:  Tor:
 |  0.4.2.x-final
Component:  Core Tor/Tor |Version:
 Severity:  Normal   | Resolution:
 Keywords:  035-backport, 040-backport,  |  Actual Points:  0.1
  041-backport, trivial, asn-merge   |
Parent ID:   | Points:  0.1
 Reviewer:  nickm|Sponsor:
-+-
Changes (by nickm):

 * keywords:
 035-backport, 040-backport, 041-backport, trivial, nickm-merge, asn-
 merge
 => 035-backport, 040-backport, 041-backport, trivial, asn-merge
 * reviewer:   => nickm


Comment:

 LGTM

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #30732 [Applications/Tor Browser]: "Your Firefox is critically out of date" banner

[Tor Bug Tracker & Wiki]

#30732: "Your Firefox is critically out of date" banner
--+---
 Reporter:  hellomebois   |  Owner:  tbb-team
 Type:  defect| Status:  needs_information
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:
 Keywords:|  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+---

Comment (by mcs):

 Replying to [comment:11 gk]:
 > So, we set the pref to `false` in `000-tor-browser.js`. There is only
 one way this get set to `true` (apart from changing the pref manually)
 which is via https://searchfox.org/mozilla-
 esr60/source/toolkit/components/telemetry/healthreport-prefs.js#10. Which
 is only included if `MOZ_SERVICES_HEALTHREPORT` is defined
 (https://searchfox.org/mozilla-
 esr60/source/modules/libpref/greprefs.js#6). And that seems to be the
 case. So, maybe we have some race-condition here in the pref system that
 is causing this and we should make sure `MOZ_SERVICES_HEALTHREPORT` is not
 defined in the first place? (And `MOZ_TELEMETRY_REPORTING` and
 `MOZ_DATA_REPORTING` and friends) mcs/brade: what do you think?

 We agree with you that it would be better to disable more of these "phone
 home" services. The pref system race is an interesting idea, although it
 seems like we would receive more reports of this problem (unless it is
 very rare that the race finishes a certain way).


 An additional question for Steph: when you look at
 `datareporting.healthreport.uploadEnabled` via about:config, is it bold
 (user-modified)? In other words, do you have a default value of `false` or
 a default value of `true`?

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #28930 [Core Tor/Tor]: consider reordering PT/proxy phases

[Tor Bug Tracker & Wiki]

#28930: consider reordering PT/proxy phases
-+-
 Reporter:  catalyst |  Owner:  ahf
 Type:  enhancement  | Status:
 |  needs_review
 Priority:  Medium   |  Milestone:  Tor:
 |  unspecified
Component:  Core Tor/Tor |Version:
 Severity:  Normal   | Resolution:
 Keywords:  pt, proxy, 040-deferred-20190220,|  Actual Points:  8.5
  ex-sponsor-19, network-team-   |
  roadmap-2019-Q1Q2, ex-28018-child, bootstrap,  |
  ex-sponsor19   |
Parent ID:   | Points:  3
 Reviewer:   |Sponsor:
-+-
Changes (by ahf):

 * status:  assigned => needs_review
 * actualpoints:   => 8.5


Comment:

 Moving this to needs review.

 PR in https://github.com/torproject/tor/pull/1151

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #31019 [Applications/Tor Browser]: Investigate update on Windows via BITS

[Tor Bug Tracker & Wiki]

#31019: Investigate update on Windows via BITS
-+-
 Reporter:  gk   |  Owner:  tbb-
 |  team
 Type:  task | Status:  new
 Priority:  Medium   |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  ff68-esr, tbb-update, tbb-proxy- |  Actual Points:
  bypass |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-

Comment (by mcs):

 We will need to confirm, but it looks like the code that interacts with
 BITS can be omitted from the build by adding `--disable-bits-download` to
 our `.mozconfig-mingw` file.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #30998 [Circumvention/Snowflake]: Use HTTP/1.1 in websocket server for compatibility with Firefox and Safari

[Tor Bug Tracker & Wiki]

#30998: Use HTTP/1.1 in websocket server for compatibility with Firefox and 
Safari
-+-
 Reporter:  cohosh   |  Owner:  alolra
 Type:  defect   | Status:  merge_ready
 Priority:  High |  Milestone:
Component:  Circumvention/Snowflake  |Version:
 Severity:  Normal   | Resolution:
 Keywords:  snowflake-webextension   |  Actual Points:
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-

Comment (by dcf):

 I merged arlolra's patch and tagged websocket
 [https://gitweb.torproject.org/pluggable-
 transports/websocket.git/log/?h=v0.4.0 v0.4.0]. Do you want to try
 deploying it?

 I guess this is another reason (along with #28726 and #29125) to migrate
 away from the custom websocket library and use one of the third-party
 libraries that has emerged since it was written.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #31023 [Core Tor/Tor]: Add tests for tor-print-ed-signing-cert and other tools, and run them in CI

[Tor Bug Tracker & Wiki]

#31023: Add tests for tor-print-ed-signing-cert and other tools, and run them 
in CI
+
 Reporter:  teor|  Owner:  rl1987
 Type:  defect  | Status:  accepted
 Priority:  Medium  |  Milestone:  Tor: unspecified
Component:  Core Tor/Tor|Version:  Tor: 0.3.5.1-alpha
 Severity:  Normal  | Resolution:
 Keywords:  technical-debt  |  Actual Points:
Parent ID:  #31012  | Points:  1
 Reviewer:  |Sponsor:
+
Changes (by rl1987):

 * owner:  (none) => rl1987
 * status:  new => accepted


Comment:

 I'll try to get this done next week.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #30998 [Circumvention/Snowflake]: Use HTTP/1.1 in websocket server for compatibility with Firefox and Safari (was: Get Snowflake webextension working on Firefox)

[Tor Bug Tracker & Wiki]

#30998: Use HTTP/1.1 in websocket server for compatibility with Firefox and 
Safari
-+-
 Reporter:  cohosh   |  Owner:  alolra
 Type:  defect   | Status:  merge_ready
 Priority:  High |  Milestone:
Component:  Circumvention/Snowflake  |Version:
 Severity:  Normal   | Resolution:
 Keywords:  snowflake-webextension   |  Actual Points:
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-
Changes (by dcf):

 * status:  assigned => merge_ready


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #31012 [Core Tor/Tor]: tor-print-ed-signing-cert shows local time, without a timezone

[Tor Bug Tracker & Wiki]

#31012: tor-print-ed-signing-cert shows local time, without a timezone
--+
 Reporter:  teor  |  Owner:  rl1987
 Type:  defect| Status:  merge_ready
 Priority:  Medium|  Milestone:  Tor: 0.4.2.x-final
Component:  Core Tor/Tor  |Version:  Tor: 0.3.5.1-alpha
 Severity:  Normal| Resolution:
 Keywords:|  Actual Points:  0.1
Parent ID:| Points:  0.1
 Reviewer:  teor  |Sponsor:
--+

Comment (by teor):

 I opened #31023 to write tests that run these tools.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #31023 [Core Tor/Tor]: Add tests for tor-print-ed-signing-cert and other tools, and run them in CI

[Tor Bug Tracker & Wiki]

#31023: Add tests for tor-print-ed-signing-cert and other tools, and run them 
in CI
--+
 Reporter:  teor  |  Owner:  (none)
 Type:  defect| Status:  new
 Priority:  Medium|  Milestone:  Tor: unspecified
Component:  Core Tor/Tor  |Version:  Tor: 0.3.5.1-alpha
 Severity:  Normal|   Keywords:  technical-debt
Actual Points:|  Parent ID:  #31012
   Points:  1 |   Reviewer:
  Sponsor:|
--+
 We almost missed a memory safety bug in #31012, because our CI doesn't run
 our tools. We should write some quick tool tests, and run them in our CI.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #31012 [Core Tor/Tor]: tor-print-ed-signing-cert shows local time, without a timezone

[Tor Bug Tracker & Wiki]

#31012: tor-print-ed-signing-cert shows local time, without a timezone
--+
 Reporter:  teor  |  Owner:  rl1987
 Type:  defect| Status:  merge_ready
 Priority:  Medium|  Milestone:  Tor: 0.4.2.x-final
Component:  Core Tor/Tor  |Version:  Tor: 0.3.5.1-alpha
 Severity:  Normal| Resolution:
 Keywords:|  Actual Points:  0.1
Parent ID:| Points:  0.1
 Reviewer:  teor  |Sponsor:
--+
Changes (by teor):

 * status:  needs_revision => merge_ready
 * reviewer:   => teor


Comment:

 Looks better now, let's get the merger to run it, and then we're done.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #31022 [Core Tor/Tor]: Tor's windows "--service install" should warn if it installs on a global writeable path

[Tor Bug Tracker & Wiki]

#31022: Tor's windows "--service install" should warn if it installs on a global
writeable path
--+---
 Reporter:  asn   |  Owner:  (none)
 Type:  defect| Status:  new
 Priority:  Medium|  Milestone:  Tor: 0.4.2.x-final
Component:  Core Tor/Tor  |Version:
 Severity:  Normal|   Keywords:  hackerone bug-bounty security
Actual Points:|  Parent ID:
   Points:  0.3   |   Reviewer:
  Sponsor:|
--+---
 Seems like there is a platform-specific (windows) configuration-specific
 (requires multi-user setup, and specific install proceedure) local root
 exploit on Windows, if "--service install" is used on the wrong directory
 level.

 In the future we should warn if "--service install" is used insecurely,
 and we should provide installer wizards to do this right.

 IMO this is a very unlikely issue so I assigned it to 042, but feel free
 to move if you think so.

 Report inlined:

 {{{
 Title: When tor.exe is running as a Windows service, it may be
 subject to privilege escalation
 Scope: None
 Weakness:  Privilege Escalation
 Severity:  Low
 Link:  https://hackerone.com/reports/602533
 Date:  2019-06-06 18:17:39 +
 By:@xiaoyinl

 Details:
 According to https://2019.www.torproject.org/docs/faq#NTService, you can
 run Tor as a Windows service. To install Tor as a service, you run `tor
 --service install`. However, the installed Tor service uses the same
 tor.exe image path as the service path. The Tor service runs under `NT
 authority\local service` account, so if an admin unzips tor.exe into a
 folder that is writable by non-admin users (e.g. C:\tor), then a malicious
 standard user can gain LocalService privilege by planting a malicious DLL
 into the folder where tor.exe is located.

 To make things worse, it's common that admins unzip tor.exe into a
 nonadmin-writable directory, because if it's unzipped into one of the
 admins' user directories (like Downloads, Documents, etc.), then the
 service won't even run, because LocalService account has no access to
 admin's directories. Actually, the OP of
 https://trac.torproject.org/projects/tor/ticket/29345 "fixed" his problem
 by unzipping tor into C:\\:

 > In fact, if you extract tor files in a Tor folder located in C:\ you
 probably won't have this problem of permissions

 This unfortunately made him vulnerable to privilege escalation.

 **Reproduce**:
 1. download Tor from https://www.torproject.org/dist/torbrowser/8.5.1/tor-
 win32-0.3.5.8.zip
 2. unzip it into C:\\tor-win32-0.3.5.8.
 3. Open an admin command prompt, run C:\\tor-win32-0.3.5.8\\Tor\\tor.exe
 --service install
 4. Log in a standard Windows user, create a malicious iphlpapi.dll, and
 copy this file into C:\\tor-win32-0.3.5.8\\Tor\\
 5. Restart your system. The malicious iphlpapi.dll should run.

 **Fix**:
 To fix this bug, when installed as a service, copy Tor's executable folder
 into a protected directory, like C:\\Program Files, or C:\\Windows. Then
 use the protected tor.exe as the service path.

 ## Impact

 A malicious Windows local standard user can gain LocalService privilege.
 He can then deanonymize Tor traffic, and can interfere other Windows
 services running on LocalService account.

 2019-06-07 10:04:29 +: @xiaoyinl (comment)
 This report is about local privilege escalation. There is no social
 engineering involved. The attacker is a **local** non-administrator user,
 so the attacker can copy the malicious dll file to `C:\tor-
 win32-0.3.5.8\Tor\` himself. Then the attacker can have access to
 LocalService data files and Registry hives.
 }}}

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #31019 [Applications/Tor Browser]: Investigate update on Windows via BITS

[Tor Bug Tracker & Wiki]

#31019: Investigate update on Windows via BITS
-+-
 Reporter:  gk   |  Owner:  tbb-
 |  team
 Type:  task | Status:  new
 Priority:  Medium   |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  ff68-esr, tbb-update, tbb-proxy- |  Actual Points:
  bypass |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-

Comment (by cypherpunks):

 Background Update Agent updates system-wide installation of Tor Browser
 without user intervention, downloading update through system Tor proxy via
 BITS... very far future...

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #31021 [Core Tor/Fallback Scripts]: Add fallback CI for the check_existing and OUTPUT_CANDIDATES modes

[Tor Bug Tracker & Wiki]

#31021: Add fallback CI for the check_existing and OUTPUT_CANDIDATES modes
---+---
 Reporter:  teor   |  Owner:  (none)
 Type:  enhancement| Status:  new
 Priority:  Medium |  Milestone:
Component:  Core Tor/Fallback Scripts  |Version:
 Severity:  Normal |   Keywords:  fallback,
   |  fallback-ci
Actual Points: |  Parent ID:  #28797
   Points: |   Reviewer:
  Sponsor: |
---+---
 We should test these modes, because they run some different code to the
 default mode.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #28987 [Core Tor/Fallback Scripts]: Add a log level option to the fallback script

[Tor Bug Tracker & Wiki]

#28987: Add a log level option to the fallback script
---+
 Reporter:  teor   |  Owner:  (none)
 Type:  enhancement| Status:  new
 Priority:  Medium |  Milestone:
Component:  Core Tor/Fallback Scripts  |Version:
 Severity:  Normal | Resolution:
 Keywords:  fallback-ci|  Actual Points:
Parent ID:  #28797 | Points:
 Reviewer: |Sponsor:
---+
Changes (by teor):

 * keywords:   => fallback-ci
 * type:  defect => enhancement


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #28863 [Core Tor/Fallback Scripts]: updateFallbackDirs.py thinks it is python 3 compatible but it is not

[Tor Bug Tracker & Wiki]

#28863: updateFallbackDirs.py thinks it is python 3 compatible but it is not
---+---
 Reporter:  starlight  |  Owner:  (none)
 Type:  defect | Status:  needs_information
 Priority:  Medium |  Milestone:
Component:  Core Tor/Fallback Scripts  |Version:
 Severity:  Normal | Resolution:
 Keywords:  fallback-ci|  Actual Points:
Parent ID:  #28797 | Points:
 Reviewer: |Sponsor:
---+---
Changes (by teor):

 * keywords:   => fallback-ci


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #28797 [Core Tor/Fallback Scripts]: Set up CI on the fallback script with a small number of relays

[Tor Bug Tracker & Wiki]

#28797: Set up CI on the fallback script with a small number of relays
---+--
 Reporter:  teor   |  Owner:  (none)
 Type:  enhancement| Status:  needs_review
 Priority:  Medium |  Milestone:
Component:  Core Tor/Fallback Scripts  |Version:
 Severity:  Normal | Resolution:
 Keywords:  fallback, fallback-ci  |  Actual Points:  0.5
Parent ID:  #28793 | Points:  0.5
 Reviewer:  nickm  |Sponsor:
---+--
Changes (by teor):

 * keywords:  fallback => fallback, fallback-ci


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #31020 [Core Tor/Fallback Scripts]: Validate the fallback scripts CI output using grep and stem

[Tor Bug Tracker & Wiki]

#31020: Validate the fallback scripts CI output using grep and stem
---+---
 Reporter:  teor   |  Owner:  (none)
 Type:  enhancement| Status:  new
 Priority:  Medium |  Milestone:
Component:  Core Tor/Fallback Scripts  |Version:
 Severity:  Normal |   Keywords:  fallback,
   |  fallback-ci
Actual Points: |  Parent ID:  #28797
   Points: |   Reviewer:
  Sponsor: |
---+---
 Or we could write a test python script that runs the other scripts and
 checks their output.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #28797 [Core Tor/Fallback Scripts]: Set up CI on the fallback script with a small number of relays

[Tor Bug Tracker & Wiki]

#28797: Set up CI on the fallback script with a small number of relays
---+--
 Reporter:  teor   |  Owner:  (none)
 Type:  enhancement| Status:  needs_review
 Priority:  Medium |  Milestone:
Component:  Core Tor/Fallback Scripts  |Version:
 Severity:  Normal | Resolution:
 Keywords:  fallback   |  Actual Points:  0.5
Parent ID:  #28793 | Points:  0.5
 Reviewer:  nickm  |Sponsor:
---+--
Changes (by teor):

 * parent:   => #28793


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #28795 [Core Tor/Tor]: Generate a new fallback list in 2019 and backport it to all supported Tor versions

[Tor Bug Tracker & Wiki]

#28795: Generate a new fallback list in 2019 and backport it to all supported 
Tor
versions
-+-
 Reporter:  teor |  Owner:  teor
 Type:  task | Status:
 |  needs_review
 Priority:  Medium   |  Milestone:  Tor:
 |  0.4.1.x-final
Component:  Core Tor/Tor |Version:
 Severity:  Normal   | Resolution:
 Keywords:  fallback, 029-backport,  |  Actual Points:  1.5
  035-backport, 040-backport, 041-backport,  |
  041-should |
Parent ID:  #28793   | Points:  1
 Reviewer:   |Sponsor:
-+-
Changes (by teor):

 * status:  needs_revision => needs_review
 * actualpoints:  0.5 => 1.5


Comment:

 See my pull request:
 * 0.2.9: https://github.com/torproject/tor/pull/1146

 And clean merges:
 * 0.3.5: https://github.com/torproject/tor/pull/1147
 * 0.4.0: https://github.com/torproject/tor/pull/1148
 * 0.4.1: https://github.com/torproject/tor/pull/1149
 * master: https://github.com/torproject/tor/pull/1150

 This is a merge of the AU lists 3 & 4. I tried merging the DE and US
 lists, but they didn't add any more fallbacks. (It looks like timing makes
 the biggest difference to the results, not location. At least at my
 current location. So that's good to know.)

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #28795 [Core Tor/Tor]: Generate a new fallback list in 2019 and backport it to all supported Tor versions

[Tor Bug Tracker & Wiki]

#28795: Generate a new fallback list in 2019 and backport it to all supported 
Tor
versions
-+-
 Reporter:  teor |  Owner:  teor
 Type:  task | Status:
 |  needs_revision
 Priority:  Medium   |  Milestone:  Tor:
 |  0.4.1.x-final
Component:  Core Tor/Tor |Version:
 Severity:  Normal   | Resolution:
 Keywords:  fallback, 029-backport,  |  Actual Points:  0.5
  035-backport, 040-backport, 041-backport,  |
  041-should |
Parent ID:  #28793   | Points:  1
 Reviewer:   |Sponsor:
-+-
Changes (by teor):

 * Attachment "fallback_dirs_2019-06-28-10-26-11_US_246ed3b179f1b237.inc"
 removed.

 fallback dir list 4 US

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #28795 [Core Tor/Tor]: Generate a new fallback list in 2019 and backport it to all supported Tor versions

[Tor Bug Tracker & Wiki]

#28795: Generate a new fallback list in 2019 and backport it to all supported 
Tor
versions
-+-
 Reporter:  teor |  Owner:  teor
 Type:  task | Status:
 |  needs_revision
 Priority:  Medium   |  Milestone:  Tor:
 |  0.4.1.x-final
Component:  Core Tor/Tor |Version:
 Severity:  Normal   | Resolution:
 Keywords:  fallback, 029-backport,  |  Actual Points:  0.5
  035-backport, 040-backport, 041-backport,  |
  041-should |
Parent ID:  #28793   | Points:  1
 Reviewer:   |Sponsor:
-+-
Changes (by teor):

 * Attachment "fallback_dirs_2019-06-28-10-26-11_US_246ed3b179f1b237.inc"
 added.

 fallback dir list 4 US

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #31015 [Applications/Tor Browser]: svg.disabled = 'true' hides the the UI icons in extensions

[Tor Bug Tracker & Wiki]

#31015: svg.disabled = 'true' hides the the UI icons in extensions
--+--
 Reporter:  cypherpunks   |  Owner:  tbb-team
 Type:  defect| Status:  new
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Major | Resolution:
 Keywords:  tbb-security-slider   |  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+--

Comment (by cypherpunks):

 I cannot create an account at https://bugzilla.mozilla.org

 When I enter an email address and click "Create Account" it tells me:

 > Account Creation Restricted

 > User account creation has been restricted.
 > Contact your administrator or the maintainer (bmo-m...@mozilla.com) for
 information about creating an account.

 Must I go through that (IMO complicated) route or can you handle it
 yourself?

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #31016 [Applications/Tor Browser]: Limited (and partially wrong) advice in documentation. Consider uBlock Origin and uMatrix extensions.

[Tor Bug Tracker & Wiki]

#31016: Limited (and partially wrong) advice in documentation. Consider uBlock
Origin and uMatrix extensions.
--+--
 Reporter:  cypherpunks   |  Owner:  tbb-team
 Type:  defect| Status:  closed
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:  wontfix
 Keywords:|  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+--

Comment (by cypherpunks):

 You are answering only the second part of the report.
 The first one remains: the advice in the documentation is wrong/limited.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #28672 [Circumvention/Snowflake]: Android reproducible build of Snowflake

[Tor Bug Tracker & Wiki]

#28672: Android reproducible build of Snowflake
-+-
 Reporter:  dcf  |  Owner:  (none)
 Type:  project  | Status:
 |  needs_review
 Priority:  Medium   |  Milestone:
Component:  Circumvention/Snowflake  |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tbb-mobile, tbb-rbm, |  Actual Points:
  GeorgKoppen201904, ex-sponsor-19,  |
  TorBrowserTeam201906R  |
Parent ID:  #30318   | Points:
 Reviewer:   |Sponsor:
 |  Sponsor28-can
-+-
Changes (by boklm):

 * keywords:
 tbb-mobile, tbb-rbm, GeorgKoppen201904, ex-sponsor-19,
 TorBrowserTeam201906
 =>
 tbb-mobile, tbb-rbm, GeorgKoppen201904, ex-sponsor-19,
 TorBrowserTeam201906R
 * status:  needs_revision => needs_review


Comment:

 There is a new patch for review in branch `bug_28672_v7`:
 https://gitweb.torproject.org/user/boklm/tor-browser-
 build.git/commit/?h=bug_28672_v7=082b4fd8759ef9e88317940d77d091291d0363df

 This gomobile patch is fixing the issue with `/tmp/gomobile-work-
 X` paths:
 https://gitweb.torproject.org/user/boklm/tor-browser-
 build.git/tree/projects/gomobile/0001-If-the-GOMOBILE_TMPDIR-env-variable-
 is-defined-
 use-t.patch?h=bug_28672_v7=082b4fd8759ef9e88317940d77d091291d0363df

 However there was still an issue with a `/tmp/go-buildX`. I tried
 fixing it with a `sed -i -E -e 's#(/tmp/go-build|/tmp/go-
 link-)[0-9]{9}/#\1X/#g' libgojni.so`, but this did not fix the
 issue completely as there was still differences after that:
 {{{
 --- out/snowflake/snowflake-d11e55aabe37-android-armv7-d0aca3.aar
 +++ /home/boklm/reproduce-build/tor-browser-build/out/snowflake/snowflake-
 d11e55aabe37-android-armv7-d0aca3.aar
 ├── zipinfo {}
 │ @@ -1,10 +1,10 @@
 │ -Zip file size: 1090707 bytes, number of entries: 8
 │ +Zip file size: 1090705 bytes, number of entries: 8
 │  -rw---  3.0 unx  154 t- defN 19-Apr-16 16:59
 AndroidManifest.xml
 │  -rw---  3.0 unx0 b- stor 19-Apr-16 16:59 R.txt
 │  -rw---  3.0 unx11138 b- defN 19-Apr-16 16:59 classes.jar
 │  drwx--  3.0 unx0 b- stor 19-Apr-16 16:59 jni/
 │  drwx--  3.0 unx0 b- stor 19-Apr-16 16:59 jni/armeabi-v7a/
 │  -rw---  3.0 unx  3133888 b- defN 19-Apr-16 16:59 jni/armeabi-
 v7a/libgojni.so
 │  -rw---  3.0 unx   25 t- stor 19-Apr-16 16:59 proguard.txt
 │  drwx--  3.0 unx0 b- stor 19-Apr-16 16:59 res/
 │ -8 files, 3145205 bytes uncompressed, 1089881 bytes compressed:  65.4%
 │ +8 files, 3145205 bytes uncompressed, 1089879 bytes compressed:  65.4%
 ├── jni/armeabi-v7a/libgojni.so
 │┄ No file format specific differences found inside, yet data differs (ELF
 32-bit LSB shared object, ARM, EABI5 version 1 (SYSV), dynamically linked,
 not stripped)
 │ @@ -20,16 +20,16 @@
 │  130: 0400  52e5 7464 f089 0d00 f099 0d00  R.td
 │  140: f099 0d00 1066 0a00 1066 0a00 0600   .f...f..
 │  150: 0800  0400  5300  0400   S...
 │  160: 476f  3966 3676 6e5f 5755 5876 6950  Go..9f6vn_WUXviP
 │  170: 6c7a 4a38 6c30 6a47 2f62 5769 6354 4c66  lzJ8l0jG/bWicTLf
 │  180: 3656 6572 7637 456d 536e 5945 792f 5877  6Verv7EmSnYEy/Xw
 │  190: 766f 4d72 5359 5250 6a78 345f 3264 4f6f  voMrSYRPjx4_2dOo
 │ -1a0: 505a 2f35 5767 4c57 5934 555a 4c4a 6e65  PZ/5WgLWY4UZLJne
 │ -1b0: 4d53 4146 6f68 6900      MSAFohi.
 │ +1a0: 505a 2f45 7054 3844 3964 6734 765f 6134  PZ/EpT8D9dg4v_a4
 │ +1b0: 6648 4c51 7767 3700      fHLQwg7.
 │  1c0:     0100     
 │  1d0:   1200  4300     C...
 │  1e0:   1200  5000  48d9 0b00  P...H...
 │  1f0: 4400  1200 0b00 7b00  9cd9 0b00  D...{...
 │  200: 0800  1200 0b00 9800  8cd9 0b00  
 │  210: 0800  1200 0b00 bf00  94d9 0b00  
 │  220: 0800  1200 0b00 e600  00d9 0b00  
 │ @@ -326,15 +326,15 @@
 │  0001450: 0100 0100 0100 0100 0100 0100 0100 0100  
 │  0001460: 0100 0100 0100 0100 0100 0200 0200 0100  
 │  0001470: 0100 0100 0100 0100  0200 0100 0200  
 │  0001480: 0200 0200 0100 0100 0100 0200 0200 0200  
 │  0001490: 0200 0200 0200 0200 0200 0200 0100 0100  
 │  00014a0: 0200 0200 0200 0200 0100 0200 0200 0100  

Re: [tor-bugs] #31012 [Core Tor/Tor]: tor-print-ed-signing-cert shows local time, without a timezone

[Tor Bug Tracker & Wiki]

#31012: tor-print-ed-signing-cert shows local time, without a timezone
--+
 Reporter:  teor  |  Owner:  rl1987
 Type:  defect| Status:  needs_revision
 Priority:  Medium|  Milestone:  Tor: 0.4.2.x-final
Component:  Core Tor/Tor  |Version:  Tor: 0.3.5.1-alpha
 Severity:  Normal| Resolution:
 Keywords:|  Actual Points:  0.1
Parent ID:| Points:  0.1
 Reviewer:|Sponsor:
--+
Changes (by teor):

 * status:  needs_review => needs_revision
 * actualpoints:   => 0.1
 * version:   => Tor: 0.3.5.1-alpha
 * milestone:  Tor: unspecified => Tor: 0.4.2.x-final


Comment:

 I left some comments on the PR.

 Please fix this crash:
 {{{
 $  src/tools/tor-print-ed-signing-cert ~/.tor/keys/ed25519_signing_cert
 Expires at: Tue Jul  2 17:00:00 2019

 =
 ==11166==ERROR: AddressSanitizer: stack-buffer-overflow on address
 0x7ffee8b04630 at pc 0x0001074297de bp 0x7ffee8b04350 sp 0x7ffee8b03ac8
 READ of size 23 at 0x7ffee8b04630 thread T0
 #0 0x1074297dd in printf_common(void*, char const*, __va_list_tag*)
 (libclang_rt.asan_osx_dynamic.dylib:x86_64h+0x267dd)
 #1 0x10742a6bc in wrap_printf
 (libclang_rt.asan_osx_dynamic.dylib:x86_64h+0x276bc)
 #2 0x1070fc689 in main tor-print-ed-signing-cert.c:77
 #3 0x7fff586df014 in start (libdyld.dylib:x86_64+0x1014)

 Address 0x7ffee8b04630 is located in stack of thread T0 at offset 464 in
 frame
 #0 0x1070fc21f in main tor-print-ed-signing-cert.c:17

   This frame has 5 object(s):
 [32, 40) 'cert' (line 18)
 [64, 72) 'got_tag' (line 27)
 [96, 352) 'certbuf' (line 29)
 [416, 424) 'expiration' (line 59)
 [448, 464) 'rfc822_str' (line 63) <== Memory access at offset 464
 overflows this variable
 HINT: this may be a false positive if your program uses some custom stack
 unwind mechanism or swapcontext
   (longjmp and C++ exceptions *are* supported)
 SUMMARY: AddressSanitizer: stack-buffer-overflow
 (libclang_rt.asan_osx_dynamic.dylib:x86_64h+0x267dd) in
 printf_common(void*, char const*, __va_list_tag*)
 Shadow bytes around the buggy address:
   0x1fffdd160870: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
   0x1fffdd160880: 00 00 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 f1
   0x1fffdd160890: 00 f2 f2 f2 00 f2 f2 f2 00 00 00 00 00 00 00 00
   0x1fffdd1608a0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
   0x1fffdd1608b0: 00 00 00 00 00 00 00 00 f2 f2 f2 f2 f2 f2 f2 f2
 =>0x1fffdd1608c0: 00 f2 f2 f2 00 00[f3]f3 00 00 00 00 00 00 00 00
   0x1fffdd1608d0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
   0x1fffdd1608e0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
   0x1fffdd1608f0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
   0x1fffdd160900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
   0x1fffdd160910: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 Shadow byte legend (one shadow byte represents 8 application bytes):
   Addressable:   00
   Partially addressable: 01 02 03 04 05 06 07
   Heap left redzone:   fa
   Freed heap region:   fd
   Stack left redzone:  f1
   Stack mid redzone:   f2
   Stack right redzone: f3
   Stack after return:  f5
   Stack use after scope:   f8
   Global redzone:  f9
   Global init order:   f6
   Poisoned by user:f7
   Container overflow:  fc
   Array cookie:ac
   Intra object redzone:bb
   ASan internal:   fe
   Left alloca redzone: ca
   Right alloca redzone:cb
 ==11166==ABORTING
 Abort trap: 6
 Exit 134
 }}}

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #31019 [Applications/Tor Browser]: Investigate update on Windows via BITS

[Tor Bug Tracker & Wiki]

#31019: Investigate update on Windows via BITS
-+-
 Reporter:  gk   |  Owner:  tbb-team
 Type:  task | Status:  new
 Priority:  Medium   |  Milestone:
Component:  Applications/Tor |Version:
  Browser|   Keywords:  ff68-esr, tbb-update,
 Severity:  Normal   |  tbb-proxy-bypass
Actual Points:   |  Parent ID:
   Points:   |   Reviewer:
  Sponsor:   |
-+-
 It seems there is coming a new update method for Windows users with
 Firefox 68 ESR which is called BITS (Background Intelligent Transfer
 Service), which is a Windows component.[1] The marketing promise is that
 "This change will allow Firefox to continue downloading an update
 after Firefox has been closed." [2]  which seems to be dangerous in the
 Tor Browser context.

 There is a pref we can flip, though to use the older internal updater [3].
 However, we should make sure the potential proxy bypass I am seeing here
 is actually mitigated by that.

 [1] https://www.ghacks.net/2019/06/24/firefox-will-use-bits-on-windows-
 for-updates-going-forward/
 [2]
 https://groups.google.com/forum/#!topic/mozilla.dev.platform/PCzoYCfi_fk
 [3] https://bugzilla.mozilla.org/show_bug.cgi?id=1553977

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #28795 [Core Tor/Tor]: Generate a new fallback list in 2019 and backport it to all supported Tor versions

[Tor Bug Tracker & Wiki]

#28795: Generate a new fallback list in 2019 and backport it to all supported 
Tor
versions
-+-
 Reporter:  teor |  Owner:  teor
 Type:  task | Status:
 |  needs_revision
 Priority:  Medium   |  Milestone:  Tor:
 |  0.4.1.x-final
Component:  Core Tor/Tor |Version:
 Severity:  Normal   | Resolution:
 Keywords:  fallback, 029-backport,  |  Actual Points:  0.5
  035-backport, 040-backport, 041-backport,  |
  041-should |
Parent ID:  #28793   | Points:  1
 Reviewer:   |Sponsor:
-+-
Changes (by teor):

 * Attachment "fallback_dirs_2019-06-28-10-26-11_US_246ed3b179f1b237.inc"
 added.

 fallback dir list 4 US

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #28795 [Core Tor/Tor]: Generate a new fallback list in 2019 and backport it to all supported Tor versions

[Tor Bug Tracker & Wiki]

#28795: Generate a new fallback list in 2019 and backport it to all supported 
Tor
versions
-+-
 Reporter:  teor |  Owner:  teor
 Type:  task | Status:
 |  needs_revision
 Priority:  Medium   |  Milestone:  Tor:
 |  0.4.1.x-final
Component:  Core Tor/Tor |Version:
 Severity:  Normal   | Resolution:
 Keywords:  fallback, 029-backport,  |  Actual Points:  0.5
  035-backport, 040-backport, 041-backport,  |
  041-should |
Parent ID:  #28793   | Points:  1
 Reviewer:   |Sponsor:
-+-
Changes (by teor):

 * Attachment "fallback_dirs_2019-06-28-10-26-11_US_246ed3b179f1b237.log"
 added.

 fallback dir list 4 US log

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #31018 [Applications/Tor Browser]: about:plugins error

[Tor Bug Tracker & Wiki]

#31018: about:plugins error
-+--
 Reporter:  cypherpunks  |  Owner:  tbb-team
 Type:  defect   | Status:  new
 Priority:  Medium   |  Component:  Applications/Tor Browser
  Version:   |   Severity:  Normal
 Keywords:   |  Actual Points:
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+--
 {{{
 10:19:34.887 NS_NOINTERFACE: Component returned failure code: 0x80004002
 (NS_NOINTERFACE) [nsIWebProgress.DOMWindow] WebNavigationContent.js:218
 }}}

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #28797 [Core Tor/Fallback Scripts]: Set up CI on the fallback script with a small number of relays

[Tor Bug Tracker & Wiki]

#28797: Set up CI on the fallback script with a small number of relays
---+--
 Reporter:  teor   |  Owner:  (none)
 Type:  enhancement| Status:  needs_review
 Priority:  Medium |  Milestone:
Component:  Core Tor/Fallback Scripts  |Version:
 Severity:  Normal | Resolution:
 Keywords:  fallback   |  Actual Points:  0.5
Parent ID: | Points:  0.5
 Reviewer:  nickm  |Sponsor:
---+--
Changes (by teor):

 * cc: nickm (added)
 * reviewer:   => nickm
 * points:   => 0.5
 * status:  new => needs_review
 * actualpoints:   => 0.5


Comment:

 Hi Nick, would you mind doing a quick review on this fallback script pull
 request?
 It's not urgent.

 https://github.com/torproject/fallback-scripts/pull/6

 I did this so I could get a US list, because my US machine is too small to
 handle the script.

 It's based on #29100, because it needs the env var features of the script.
 Please just review the last commit.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #31017 [Applications/Tor Browser]: about:home error

[Tor Bug Tracker & Wiki]

#31017: about:home error
-+--
 Reporter:  cypherpunks  |  Owner:  tbb-team
 Type:  defect   | Status:  new
 Priority:  Medium   |  Component:  Applications/Tor Browser
  Version:   |   Severity:  Normal
 Keywords:   |  Actual Points:
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+--
 {{{
 10:11:43.935 NS_ERROR_NOT_AVAILABLE: Component returned failure code:
 0x80040111 (NS_ERROR_NOT_AVAILABLE) [nsIWebNavigation.loadURIWithOptions]
 browser-child.js:359
 }}}

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #31012 [Core Tor/Tor]: tor-print-ed-signing-cert shows local time, without a timezone

[Tor Bug Tracker & Wiki]

#31012: tor-print-ed-signing-cert shows local time, without a timezone
--+--
 Reporter:  teor  |  Owner:  rl1987
 Type:  defect| Status:  needs_review
 Priority:  Medium|  Milestone:  Tor: unspecified
Component:  Core Tor/Tor  |Version:
 Severity:  Normal| Resolution:
 Keywords:|  Actual Points:
Parent ID:| Points:  0.1
 Reviewer:|Sponsor:
--+--
Changes (by rl1987):

 * status:  accepted => needs_review


Comment:

 https://github.com/torproject/tor/pull/1145

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #30237 [Applications/Tor Browser]: Tor Browser: Improve TBB UI of hidden service client authorization

[Tor Bug Tracker & Wiki]

#30237: Tor Browser: Improve TBB UI of hidden service client authorization
--+
 Reporter:  asn   |  Owner:  tbb-team
 Type:  defect| Status:  new
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:
 Keywords:  TorBrowserTeam201906  |  Actual Points:
Parent ID:  #3| Points:
 Reviewer:|Sponsor:  Sponsor27-must
--+

Comment (by asn):

 This looks really good!

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #31015 [Applications/Tor Browser]: svg.disabled = 'true' hides the the UI icons in extensions

[Tor Bug Tracker & Wiki]

#31015: svg.disabled = 'true' hides the the UI icons in extensions
--+--
 Reporter:  cypherpunks   |  Owner:  tbb-team
 Type:  defect| Status:  new
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Major | Resolution:
 Keywords:  tbb-security-slider   |  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+--
Changes (by gk):

 * keywords:   => tbb-security-slider


Comment:

 This is a Firefox bug as we just use code that got upstreamed a while ago,
 see: https://bugzilla.mozilla.org/show_bug.cgi?id=1216893. Ideally, we'd
 fix the problem there. Could you file a respective bug in Mozilla's bug
 tracker blocking the one that landed the SVG patch?

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #31016 [Applications/Tor Browser]: Limited (and partially wrong) advice in documentation. Consider uBlock Origin and uMatrix extensions.

[Tor Bug Tracker & Wiki]

#31016: Limited (and partially wrong) advice in documentation. Consider uBlock
Origin and uMatrix extensions.
--+--
 Reporter:  cypherpunks   |  Owner:  tbb-team
 Type:  defect| Status:  closed
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:  wontfix
 Keywords:|  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+--
Changes (by gk):

 * status:  new => closed
 * resolution:   => wontfix


Comment:

 We are not in the blocking business of 3rd party requests for privacy
 reasons and don't plan to do so. And there are no plans to replace HTTPS-E
 and NoScript with both extensions.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #28795 [Core Tor/Tor]: Generate a new fallback list in 2019 and backport it to all supported Tor versions

[Tor Bug Tracker & Wiki]

#28795: Generate a new fallback list in 2019 and backport it to all supported 
Tor
versions
-+-
 Reporter:  teor |  Owner:  teor
 Type:  task | Status:
 |  needs_revision
 Priority:  Medium   |  Milestone:  Tor:
 |  0.4.1.x-final
Component:  Core Tor/Tor |Version:
 Severity:  Normal   | Resolution:
 Keywords:  fallback, 029-backport,  |  Actual Points:  0.5
  035-backport, 040-backport, 041-backport,  |
  041-should |
Parent ID:  #28793   | Points:  1
 Reviewer:   |Sponsor:
-+-
Changes (by teor):

 * Attachment "fallback_dirs_2019-06-28-09-00-11_DE_f0437a39ddbc8459.log"
 added.

 fallback dir list 4 DE log

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #28795 [Core Tor/Tor]: Generate a new fallback list in 2019 and backport it to all supported Tor versions

[Tor Bug Tracker & Wiki]

#28795: Generate a new fallback list in 2019 and backport it to all supported 
Tor
versions
-+-
 Reporter:  teor |  Owner:  teor
 Type:  task | Status:
 |  needs_revision
 Priority:  Medium   |  Milestone:  Tor:
 |  0.4.1.x-final
Component:  Core Tor/Tor |Version:
 Severity:  Normal   | Resolution:
 Keywords:  fallback, 029-backport,  |  Actual Points:  0.5
  035-backport, 040-backport, 041-backport,  |
  041-should |
Parent ID:  #28793   | Points:  1
 Reviewer:   |Sponsor:
-+-
Changes (by teor):

 * Attachment "fallback_dirs_2019-06-28-09-00-11_DE_f0437a39ddbc8459.inc"
 added.

 fallback dir list 4 DE

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #28795 [Core Tor/Tor]: Generate a new fallback list in 2019 and backport it to all supported Tor versions

[Tor Bug Tracker & Wiki]

#28795: Generate a new fallback list in 2019 and backport it to all supported 
Tor
versions
-+-
 Reporter:  teor |  Owner:  teor
 Type:  task | Status:
 |  needs_revision
 Priority:  Medium   |  Milestone:  Tor:
 |  0.4.1.x-final
Component:  Core Tor/Tor |Version:
 Severity:  Normal   | Resolution:
 Keywords:  fallback, 029-backport,  |  Actual Points:  0.5
  035-backport, 040-backport, 041-backport,  |
  041-should |
Parent ID:  #28793   | Points:  1
 Reviewer:   |Sponsor:
-+-
Changes (by teor):

 * Attachment "fallback_dirs_2019-06-28-08-58-39_AU_f0437a39ddbc8459.log"
 added.

 fallback dir list 4 log

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #31016 [Applications/Tor Browser]: Limited (and partially wrong) advice in documentation. Consider uBlock Origin and uMatrix extensions.

[Tor Bug Tracker & Wiki]

#31016: Limited (and partially wrong) advice in documentation. Consider uBlock
Origin and uMatrix extensions.
-+--
 Reporter:  cypherpunks  |  Owner:  tbb-team
 Type:  defect   | Status:  new
 Priority:  Medium   |  Component:  Applications/Tor Browser
  Version:   |   Severity:  Normal
 Keywords:   |  Actual Points:
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+--
 
https://trac.torproject.org/projects/tor/wiki/org/teams/CommunityTeam/Support_discuss
 #CanIinstallanewadd-onorextensioninTorBrowserlikeAdBlockPlusoruBlockOrigin
 says:

 > It’s strongly discouraged to install new add-ons in Tor Browser, because
 they can compromise both your privacy and your security. Plus, Tor Browser
 already comes installed with two add-ons — HTTPS Everywhere and NoScript —
 which give you a lot of added protection.

 However this is a limited and (in the case of uBlock Origin and uMatrix)
 pretty irrelevant advice because:

 1. HTTPS-E and NoScript lack important functionality which uMatrix and uBO
 have. Example: blocking 3rd party requests can be critical to enhancing
 privacy.

 OTOH

 2. uMatrix and uBO can fully block JavaScript (which makes NoScript
 unnecessary) and uM can block mixed content.

 3. HTTPS-E is pretty much a meaningless extension because it attempts to
 provide a workaround for websites which are not configured properly. IOW
 it may create a false sense of security by potentially enforcing HTTPS
 which may not be configured properly by the website owners. Additionally
 it has a privacy issue too as it needs connection to a particular host to
 update its lists.

 Please consider working with gorhill to use uBO and uMatrix instead of
 HTTPS-E and NoScript.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #28795 [Core Tor/Tor]: Generate a new fallback list in 2019 and backport it to all supported Tor versions

[Tor Bug Tracker & Wiki]

#28795: Generate a new fallback list in 2019 and backport it to all supported 
Tor
versions
-+-
 Reporter:  teor |  Owner:  teor
 Type:  task | Status:
 |  needs_revision
 Priority:  Medium   |  Milestone:  Tor:
 |  0.4.1.x-final
Component:  Core Tor/Tor |Version:
 Severity:  Normal   | Resolution:
 Keywords:  fallback, 029-backport,  |  Actual Points:  0.5
  035-backport, 040-backport, 041-backport,  |
  041-should |
Parent ID:  #28793   | Points:  1
 Reviewer:   |Sponsor:
-+-
Changes (by teor):

 * Attachment "fallback_dirs_2019-06-28-08-58-39_AU_f0437a39ddbc8459.inc"
 added.

 fallback dir list 4

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #30732 [Applications/Tor Browser]: "Your Firefox is critically out of date" banner

[Tor Bug Tracker & Wiki]

#30732: "Your Firefox is critically out of date" banner
--+---
 Reporter:  hellomebois   |  Owner:  tbb-team
 Type:  defect| Status:  needs_information
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:
 Keywords:|  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+---
Changes (by gk):

 * priority:  Low => Medium
 * cc: mcs, brade (added)


Comment:

 Replying to [comment:10 steph]:
 > I also get this banner. I don't remember ever having modified anything,
 and I don't have any add-ons, but my value for
 datareporting.healthreport.uploadEnabled was true.

 Did you start to see the banner recently or is that already ongoing for a
 while? And does it go away if you flip the pref?

 So, we set the pref to `false` in `000-tor-browser.js`. There is only one
 way this get set to `true` (apart from changing the pref manually) which
 is via https://searchfox.org/mozilla-
 esr60/source/toolkit/components/telemetry/healthreport-prefs.js#10. Which
 is only included if `MOZ_SERVICES_HEALTHREPORT` is defined
 (https://searchfox.org/mozilla-
 esr60/source/modules/libpref/greprefs.js#6). And that seems to be the
 case. So, maybe we have some race-condition here in the pref system that
 is causing this and we should make sure `MOZ_SERVICES_HEALTHREPORT` is not
 defined in the first place? (And `MOZ_TELEMETRY_REPORTING` and
 `MOZ_DATA_REPORTING` and friends) mcs/brade: what do you think?

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #31015 [Applications/Tor Browser]: svg.disabled = 'true' hides the the UI icons in extensions

[Tor Bug Tracker & Wiki]

#31015: svg.disabled = 'true' hides the the UI icons in extensions
-+--
 Reporter:  cypherpunks  |  Owner:  tbb-team
 Type:  defect   | Status:  new
 Priority:  Medium   |  Component:  Applications/Tor Browser
  Version:   |   Severity:  Major
 Keywords:   |  Actual Points:
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+--
 In "safest" security level `svg.disabled` is set to `true` in Tor Browser.
 This causes the UI icons in the latest versions of uBblock Origin and
 uMatrix to disappear.

 The author of the extensions declined working on this with a note:

 "I consider this a browser issue, to be reported to Firefox issue tracker.
 Extensions extend a browser abilities, they should not be subjected to
 restrictions which are meant to be imposed on web pages."

 https://github.com/uBlockOrigin/uBlock-issues/issues/446

 However as this is Tor Browser specific, I am reporting it here.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #31014 [Webpages/Website]: torproject.org is not properly display on mobile devices

[Tor Bug Tracker & Wiki]

#31014: torproject.org is not properly display on mobile devices
--+--
 Reporter:  gk|  Owner:  hiro
 Type:  defect| Status:  new
 Priority:  Medium|  Milestone:
Component:  Webpages/Website  |Version:
 Severity:  Normal| Resolution:
 Keywords:|  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+--
Changes (by gk):

 * Attachment "torproject_glitch.png" added.


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #31014 [Webpages/Website]: torproject.org is not properly display on mobile devices

[Tor Bug Tracker & Wiki]

#31014: torproject.org is not properly display on mobile devices
--+--
 Reporter:  gk|  Owner:  hiro
 Type:  defect| Status:  new
 Priority:  Medium|  Milestone:
Component:  Webpages/Website  |Version:
 Severity:  Normal|   Keywords:
Actual Points:|  Parent ID:
   Points:|   Reviewer:
  Sponsor:|
--+--
 There is a glitch on torproject.org making "Browse" only partly visible on
 my mobile phone.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #31012 [Core Tor/Tor]: tor-print-ed-signing-cert shows local time, without a timezone

[Tor Bug Tracker & Wiki]

#31012: tor-print-ed-signing-cert shows local time, without a timezone
--+--
 Reporter:  teor  |  Owner:  rl1987
 Type:  defect| Status:  accepted
 Priority:  Medium|  Milestone:  Tor: unspecified
Component:  Core Tor/Tor  |Version:
 Severity:  Normal| Resolution:
 Keywords:|  Actual Points:
Parent ID:| Points:  0.1
 Reviewer:|Sponsor:
--+--

Comment (by teor):

 weasel also asked for rfc 822, but do whatever is easiest and most
 convenient in C.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #31012 [Core Tor/Tor]: tor-print-ed-signing-cert shows local time, without a timezone

[Tor Bug Tracker & Wiki]

#31012: tor-print-ed-signing-cert shows local time, without a timezone
--+--
 Reporter:  teor  |  Owner:  rl1987
 Type:  defect| Status:  accepted
 Priority:  Medium|  Milestone:  Tor: unspecified
Component:  Core Tor/Tor  |Version:
 Severity:  Normal| Resolution:
 Keywords:|  Actual Points:
Parent ID:| Points:  0.1
 Reviewer:|Sponsor:
--+--
Changes (by rl1987):

 * status:  new => accepted
 * owner:  (none) => rl1987


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #31013 [Applications/Tor Browser]: Saving images in Tor Browser on Android does not work

[Tor Bug Tracker & Wiki]

#31013: Saving images in Tor Browser on Android does not work
--+
 Reporter:  gk|  Owner:  tbb-team
 Type:  defect| Status:  new
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal|   Keywords:  tbb-mobile, tbb-
  |  parity
Actual Points:|  Parent ID:
   Points:|   Reviewer:
  Sponsor:|
--+
 We have reports on the blog that saving images does not work in Tor
 Browser on Android
 (https://blog.torproject.org/comment/282272#comment-282272).

 Steps to reproduce:

 1) With Tor Browser go to https://torproject.org
 2) long-tap on the Tor logo in the upper left corner
 3) Choose image
 4) Save Image
 5) Allow access to device to save images
 6) Nothing happens

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs