[tor-bugs] #26543 [Obfuscation/BridgeDB]: Provide a language switcher menu on BridgeDB

[Tor Bug Tracker & Wiki]

#26543: Provide a language switcher menu on BridgeDB
--+--
 Reporter:  teor  |  Owner:  isis
 Type:  defect| Status:  new
 Priority:  Medium|  Milestone:
Component:  Obfuscation/BridgeDB  |Version:
 Severity:  Normal|   Keywords:
Actual Points:|  Parent ID:
   Points:|   Reviewer:
  Sponsor:|
--+--
 "As a side note, that page always loads in my native language with no way
 to switch to English -- pages which do this are the worst. In this case it
 means I can't usefully copy-paste you the exact error messages that I
 get."

 https://lists.torproject.org/pipermail/tor-relays/2018-June/015512.html

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #26542 [Obfuscation/BridgeDB]: Distribute IPv6 bridges though bridges.torproject.org

[Tor Bug Tracker & Wiki]

#26542: Distribute IPv6 bridges though bridges.torproject.org
--+--
 Reporter:  teor  |  Owner:  isis
 Type:  defect| Status:  new
 Priority:  Medium|  Milestone:
Component:  Obfuscation/BridgeDB  |Version:
 Severity:  Normal|   Keywords:
Actual Points:|  Parent ID:
   Points:|   Reviewer:
  Sponsor:|
--+--
 A relay operator can't find any IPv6 bridges on bridges.torproject.org:
 https://lists.torproject.org/pipermail/tor-relays/2018-June/015512.html

 Perhaps this is a bridge authority or BridgeDB issue.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #26425 [Core Tor/Tor]: Add functionality to set SNI for client connections

[Tor Bug Tracker & Wiki]

#26425: Add functionality to set SNI for client connections
--+---
 Reporter:  twim  |  Owner:  (none)
 Type:  enhancement   | Status:  needs_information
 Priority:  Medium|  Milestone:
Component:  Core Tor/Tor  |Version:
 Severity:  Normal| Resolution:
 Keywords:|  Actual Points:
Parent ID:| Points:
 Reviewer:  asn   |Sponsor:
--+---

Comment (by teor):

 How many of these SNIs do we expect to fail?
 For example, if we want tor to bootstrap in 30 seconds, after making about
 7 connections, we need at least 1/7 of the SNIs to be unblocked.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #26535 [Core Tor/Tor]: Appveyor fails test_ntor.sh and test_hs_ntor.sh

[Tor Bug Tracker & Wiki]

#26535: Appveyor fails test_ntor.sh and test_hs_ntor.sh
-+
 Reporter:  asn  |  Owner:  (none)
 Type:  defect   | Status:  new
 Priority:  High |  Milestone:  Tor: 0.3.4.x-final
Component:  Core Tor/Tor |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tor-ci appveyor  |  Actual Points:
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+

Comment (by teor):

 Yeah, python3 considers str to be Unicode, and bytes to be, well, bytes.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #26532 [Core Tor/Tor]: Combine ipv4.h and ipv6.h into address.h?

[Tor Bug Tracker & Wiki]

#26532: Combine ipv4.h and ipv6.h into address.h?
--+
 Reporter:  nickm |  Owner:  (none)
 Type:  defect| Status:  new
 Priority:  Low   |  Milestone:  Tor: 0.3.5.x-final
Component:  Core Tor/Tor  |Version:
 Severity:  Normal| Resolution:
 Keywords:|  Actual Points:
Parent ID:  #26481| Points:
 Reviewer:|Sponsor:
--+

Comment (by teor):

 How often will a file include address.h without ipv4.h?
 (address.h already includes ipv6.h.)

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #3723 [Core Tor/Tor]: Report version of bwscanners in votes

[Tor Bug Tracker & Wiki]

#3723: Report version of bwscanners in votes
--+
 Reporter:  mikeperry |  Owner:  (none)
 Type:  enhancement   | Status:  needs_revision
 Priority:  Medium|  Milestone:  Tor: 0.3.5.x-final
Component:  Core Tor/Tor  |Version:
 Severity:  Normal| Resolution:
 Keywords:  tor-bwauth|  Actual Points:
Parent ID:  #25925| Points:
 Reviewer:  teor  |Sponsor:
--+

Comment (by teor):

 Are there any unit tests for reading measured bandwidths with non-NULL
 routerststuses?
 If there aren't, please open a separate ticket, we should write some
 eventually.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #26541 [Core Tor/Tor]: Fix minor mistakes in the bandwidth-file dir-spec entry

[Tor Bug Tracker & Wiki]

#26541: Fix minor mistakes in the bandwidth-file dir-spec entry
-+
 Reporter:  teor |  Owner:  juga
 Type:  defect   | Status:  assigned
 Priority:  Medium   |  Milestone:  Tor: 0.3.5.x-final
Component:  Core Tor/Tor |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tor-bwauth, torspec  |  Actual Points:
Parent ID:  #3723| Points:
 Reviewer:   |Sponsor:
-+

Comment (by teor):

 Replying to [comment:1 atagar]:
 > Thanks teor! I also suspect we might want to exclude '=' from the set of
 valid ArgumentCharValue, but no big whoop either way. :)

 No, that's a deliberate decision, to allow padded base64.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #25999 [Core Tor/Stem]: Build an abstraction layer over different consensus flavours

[Tor Bug Tracker & Wiki]

#25999: Build an abstraction layer over different consensus flavours
---+---
 Reporter:  teor   |  Owner:  atagar
 Type:  enhancement| Status:  needs_information
 Priority:  Medium |  Milestone:
Component:  Core Tor/Stem  |Version:
 Severity:  Normal | Resolution:
 Keywords:  descriptor |  Actual Points:
Parent ID: | Points:
 Reviewer: |Sponsor:
---+---

Comment (by teor):

 Replying to [comment:5 atagar]:
 > > I might have missed a document type or two, but I can't see any we
 could remove or even combine.
 >
 > At the end of the day data comes from three sources...
 >
 > * From relays via a server descriptor.
 > * From relays via an extrainfo descriptor.
 > * From authorities via the router status entry (ex. flags, bwauth
 measurements, etc).
 >
 > Microdescriptors are nothing more than a distillation of the server
 descriptor so downloads are smaller. Unless I'm missing something there's
 no reason anyone beside tor itself should care about those.
 >
 > The thing I think we *can* simplify is the consensus. I'm at a loss for
 a reason to have both a standard and microdescriptor consensus. Maybe the
 split's for historical backward compatibility?
 >
 > > ns (original) consensus flavour - a comprehensive consensus, used by
 old clients, and for detailed analysis by tools and people
 >
 > That's what I'm unsure about. Microdescriptors were added enough years
 ago that we likely already cut them out of the network.

 No, relays on 0.2.8 and earlier use descriptors for their circuits, and
 there are still a few of them around (even though they are unsupported,
 they still work). So do some really old clients, which at the very least
 will need a consensus substitute to avoid misbehaving and bringing down
 the network:
 https://gitweb.torproject.org/torspec.git/tree/proposals/266-removing-
 current-obsolete-clients.txt

 Also, Torflow and now sbws depend on the ns consensus. I bet Onionoo,
 depictor, and doctor would also fail if we got rid of the ns consensus. If
 we want to migrate away from it, that's a lot of work.

 > As for analysis, the microdescriptor consensus and server descriptors
 have the same data.
 >
 > > Ok, that would be very helpful.
 >
 > Do we have anyone eager to use such a class? It would be sad to
 implement such a thing only to see it go unused. ;)

 If it was available, sbws would have used it.
 If it was available, we could more easily migrate sbws, depictor and
 doctor away from using ns consensuses.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #3723 [Core Tor/Tor]: Report version of bwscanners in votes

[Tor Bug Tracker & Wiki]

#3723: Report version of bwscanners in votes
--+
 Reporter:  mikeperry |  Owner:  (none)
 Type:  enhancement   | Status:  needs_revision
 Priority:  Medium|  Milestone:  Tor: 0.3.5.x-final
Component:  Core Tor/Tor  |Version:
 Severity:  Normal| Resolution:
 Keywords:  tor-bwauth|  Actual Points:
Parent ID:  #25925| Points:
 Reviewer:  teor  |Sponsor:
--+
Changes (by teor):

 * status:  needs_review => needs_revision


Comment:

 Please see my comments on the GitHub pull request.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #3723 [Core Tor/Tor]: Report version of bwscanners in votes

[Tor Bug Tracker & Wiki]

#3723: Report version of bwscanners in votes
--+
 Reporter:  mikeperry |  Owner:  (none)
 Type:  enhancement   | Status:  needs_review
 Priority:  Medium|  Milestone:  Tor: 0.3.5.x-final
Component:  Core Tor/Tor  |Version:
 Severity:  Normal| Resolution:
 Keywords:  tor-bwauth|  Actual Points:
Parent ID:  #25925| Points:
 Reviewer:  teor  |Sponsor:
--+

Comment (by teor):

 The GitHub pull request is:
 https://github.com/torproject/tor/pull/126

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #26541 [Core Tor/Tor]: Fix minor mistakes in the bandwidth-file dir-spec entry

[Tor Bug Tracker & Wiki]

#26541: Fix minor mistakes in the bandwidth-file dir-spec entry
-+
 Reporter:  teor |  Owner:  juga
 Type:  defect   | Status:  assigned
 Priority:  Medium   |  Milestone:  Tor: 0.3.5.x-final
Component:  Core Tor/Tor |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tor-bwauth, torspec  |  Actual Points:
Parent ID:  #3723| Points:
 Reviewer:   |Sponsor:
-+

Comment (by atagar):

 Thanks teor! I also suspect we might want to exclude '=' from the set of
 valid ArgumentCharValue, but no big whoop either way. :)

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #26541 [Core Tor/Tor]: Fix minor mistakes in the bandwidth-file dir-spec entry

[Tor Bug Tracker & Wiki]

#26541: Fix minor mistakes in the bandwidth-file dir-spec entry
--+-
 Reporter:  teor  |  Owner:  juga
 Type:  defect| Status:  assigned
 Priority:  Medium|  Milestone:  Tor: 0.3.5.x-final
Component:  Core Tor/Tor  |Version:
 Severity:  Normal|   Keywords:  tor-bwauth, torspec
Actual Points:|  Parent ID:  #3723
   Points:|   Reviewer:
  Sponsor:|
--+-
 atagar pointed out the following errors in the bandwidth-file dir-spec
 entry:

 The bandwidth-file line appears:
 {{{
 [At most once for votes; does not occur in consensuses.]
 }}}

 He also suggested that we could change the name to bandwidth-file-headers
 or bandwidth-headers if we want. I don't mind what we call it, but it has
 to match #3723.

 I also noticed that the definition of Value is wrong, it should be:
 {{{
 Value ::= ArgumentCharValue+
 ArgumentCharValue ::= any printing ASCII character except NL and SP.
 }}}

 We should also add the new file_created and latest_bandwidth header
 keywords from bandwidth-file-spec.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #25999 [Core Tor/Stem]: Build an abstraction layer over different consensus flavours

[Tor Bug Tracker & Wiki]

#25999: Build an abstraction layer over different consensus flavours
---+---
 Reporter:  teor   |  Owner:  atagar
 Type:  enhancement| Status:  needs_information
 Priority:  Medium |  Milestone:
Component:  Core Tor/Stem  |Version:
 Severity:  Normal | Resolution:
 Keywords:  descriptor |  Actual Points:
Parent ID: | Points:
 Reviewer: |Sponsor:
---+---

Comment (by atagar):

 > I might have missed a document type or two, but I can't see any we could
 remove or even combine.

 At the end of the day data comes from three sources...

 * From relays via a server descriptor.
 * From relays via an extrainfo descriptor.
 * From authorities via the router status entry (ex. flags, bwauth
 measurements, etc).

 Microdescriptors are nothing more than a distillation of the server
 descriptor so downloads are smaller. Unless I'm missing something there's
 no reason anyone beside tor itself should care about those.

 The thing I think we *can* simplify is the consensus. I'm at a loss for a
 reason to have both a standard and microdescriptor consensus. Maybe the
 split's for historical backward compatibility?

 > ns (original) consensus flavour - a comprehensive consensus, used by old
 clients, and for detailed analysis by tools and people

 That's what I'm unsure about. Microdescriptors were added enough years ago
 that we likely already cut them out of the network. As for analysis, the
 microdescriptor consensus and server descriptors have the same data.

 > Ok, that would be very helpful.

 Do we have anyone eager to use such a class? It would be sad to implement
 such a thing only to see it go unused. ;)

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #26540 [Applications/Tor Browser]: Enabling pdfjs disableRange option prevents pdfs from loading

[Tor Bug Tracker & Wiki]

#26540: Enabling pdfjs disableRange option prevents pdfs from loading
-+-
 Reporter:  pospeselr|  Owner:  pospeselr
 Type:  defect   | Status:  assigned
 Priority:  Medium   |  Milestone:
Component:  Applications/Tor |Version:
  Browser|   Keywords:  ff60-esr,
 Severity:  Normal   |  TorBrowserTeam201806
Actual Points:   |  Parent ID:
   Points:   |   Reviewer:
  Sponsor:   |
-+-
 In ESR52, range-based requests in pdf.js (which allows pdfs to render-as-
 load)  go out on the default circuit as the relevant code was running in
 the System security context.  To 'fix' the issue, we simply disabled
 range-based request with the 'pdfjs.disableRange' option.  However, in
 ESR60 based Tor Browser, enabling this option prevents PDFs from loading
 at all.  Without the option enabled, PDFs load and render, but the range-
 based requests still go out on the default circuit.

 Original bug: https://trac.torproject.org/projects/tor/ticket/15599

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #25999 [Core Tor/Stem]: Build an abstraction layer over different consensus flavours

[Tor Bug Tracker & Wiki]

#25999: Build an abstraction layer over different consensus flavours
---+---
 Reporter:  teor   |  Owner:  atagar
 Type:  enhancement| Status:  needs_information
 Priority:  Medium |  Milestone:
Component:  Core Tor/Stem  |Version:
 Severity:  Normal | Resolution:
 Keywords:  descriptor |  Actual Points:
Parent ID: | Points:
 Reviewer: |Sponsor:
---+---

Comment (by teor):

 Replying to [comment:3 atagar]:
 > Hi teor, interesting idea. In Stem I could provide a higher level
 'Relay' class that lazy loads whatever descriptors it needs to get
 commonly desired data (exit policy, contact info, etc). This would need to
 be based on stem.descriptor.remote (the controller interface relies too
 much on caching and the client's torrc to be reliable).

 Ok, that would be very helpful. And it's good to know that we can't fix
 this issue in Tor by modifying the control spec.

 > Honestly I wonder if we should rethink our dir-spec more fundamentally.
 It's grown organically and honestly the myriad of documents is more
 confusing than it probably needs to be.

 But the documents in the dir-spec primarily exist for Tor clients
 (including relays) to efficiently use the network. They don't exist for
 convenient information retrieval by analysts. (That's why we have Stem,
 Collector, Onionoo, Relay Search, and other tools.)

 Here's why we have each document type:
 * ns (original) consensus flavour - a comprehensive consensus, used by old
 clients, and for detailed analysis by tools and people
 * directory authority certificates - validating consensus signatures, used
 by all Tor instances
 * relay descriptors - a signed record of relay attributes, used by bridge
 clients, and for detailed analysis by tools and people
 * relay extrainfo descriptors - a signed record of relay statistics, used
 by metrics
 * microdescriptor consensus flavour - a smaller consensus to save
 bandwidth, used by all recent clients, relays, and bridges
 * microdescriptors - a smaller record of unchanging relay attributes to
 save bandwidth, used by all recent clients, relays, and bridges
 * bridge authority legacy v2 consensus format - used by BridgeDB

   might have missed a document type or two, but I can't see any we could
 remove or even combine.

 I think that we could redesign the directory URL scheme, but it would be a
 long time before we could get rid of legacy URLs.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #26539 [Webpages/Website]: add checksums to download page; make checksum vs. sig file purpose much clearer

[Tor Bug Tracker & Wiki]

#26539: add checksums to download page; make checksum vs. sig file purpose much
clearer
--+
 Reporter:  cypherpunks   |  Owner:  (none)
 Type:  defect| Status:  new
 Priority:  Medium|  Milestone:
Component:  Webpages/Website  |Version:
 Severity:  Normal|   Keywords:  gpg, verify gpg signatures
Actual Points:|  Parent ID:
   Points:|   Reviewer:
  Sponsor:|
--+
 Gpg recently failed to verify a Tor Browser download - a first for me.
 Since data errors in downloads aren't as common as years ago, I assumed an
 error in the *.asc sig file itself, or other issues.

 Such as my Linux GPG version not playing well with the version used to
 sign Tor Browser.

 I wanted to verify checksum of the downloaded TBB, but after a few
 searches on TorProject didn't find the checksum, I re-download TBB.
 It was faster in the long run, but it's a big package to re-download for
 users with limited data plans, when a few byte checksum would suffice to
 see if there was a download data error.

 I propose that checksum files - or a prominent link, be added to the
 download page - not make users hunt them.  That's how many well run
 projects seem to do it - app packages, sig files & checksums are all
 easily found, or have links on the same page.

 The statement, "''See our instructions on how to verify package
 signatures, which allows you to make sure you've downloaded the file we
 intended you to get. Also, note that the Firefox ESR in our bundles is
 modified from the default Firefox ESR'' "
 should be placed above the packages & sig files, where users are far more
 likely to see it.

 The wording could be stronger, clearer - why users would want to verify
 the TBB / other packages PGP signatures of downloads, EVEN from
 TorProject's site (not rely solely on checksums).  A brief statement why
 verifying signed packages is important & how it's unrelated to using
 checksums.  If users (of anything) don't understand a real purpose or
 need, they're more likely to skip steps.

 I could write something to make changes, additions & submit for
 consideration, but only if there's interest in making changes to general
 security methods to educate users, that work for many products.

 * Verification instructions:  They're generally good & someone did a lot
 of work, but many users unfamiliar w/ PGP / GPG's real purpose & the
 procedures may be clueless.

 On the Windows verify instructions (maybe Linux, OS X), it's unclear which
 signature & which "package" they're verifying.
 If they're installing GPG or gpg4win, the instructions should include
 steps (or link to clear instructions) to first verify GPG itself (once),
 then a separate verification of downloaded Tor products - EVEN from
 TorProject's https site.

 The statement, "make sure you've downloaded the file we intended you to
 get." means little to non-gpg users or slightly familiar.  To many, they
 downloaded the correct platform package, therefore they "have the file
 intended for their OS."  As far as they know, they did everything
 required.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #26538 [Core Tor/Tor]: Extract various string, encoding, and formatting logic from config

[Tor Bug Tracker & Wiki]

#26538: Extract various string, encoding, and formatting logic from config
--+
 Reporter:  nickm |  Owner:  nickm
 Type:  defect| Status:  closed
 Priority:  Medium|  Milestone:  Tor: 0.3.5.x-final
Component:  Core Tor/Tor  |Version:
 Severity:  Normal| Resolution:  implemented
 Keywords:  refactoring   |  Actual Points:
Parent ID:  #26481| Points:
 Reviewer:  dgoulet   |Sponsor:
--+
Changes (by nickm):

 * status:  merge_ready => closed
 * resolution:   => implemented


Comment:

 merged!

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #26538 [Core Tor/Tor]: Extract various string, encoding, and formatting logic from config

[Tor Bug Tracker & Wiki]

#26538: Extract various string, encoding, and formatting logic from config
--+
 Reporter:  nickm |  Owner:  nickm
 Type:  defect| Status:  merge_ready
 Priority:  Medium|  Milestone:  Tor: 0.3.5.x-final
Component:  Core Tor/Tor  |Version:
 Severity:  Normal| Resolution:
 Keywords:  refactoring   |  Actual Points:
Parent ID:  #26481| Points:
 Reviewer:  dgoulet   |Sponsor:
--+
Changes (by dgoulet):

 * keywords:   => refactoring
 * cc: dgoulet (removed)
 * status:  needs_review => merge_ready
 * reviewer:   => dgoulet


Comment:

 lgtm;

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #26409 [Applications/Tor Browser]: Language prompt is shown twice at first start in Tor Browser based on ESR60

[Tor Bug Tracker & Wiki]

#26409: Language prompt is shown twice at first start in Tor Browser based on 
ESR60
-+-
 Reporter:  gk   |  Owner:  tbb-
 |  team
 Type:  defect   | Status:  new
 Priority:  Medium   |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  ff60-esr, tbb-torbutton, |  Actual Points:
  TorBrowserTeam201806   |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-
Changes (by viktorj):

 * cc: viktor_jaegerskuepper@… (added)


Comment:

 I believe there is a conflict between what Torbutton does and what is
 already included in Firefox. When I first denied to spoof the locale
 (twice), but later clicked on the corresponding box in the "General" part
 of about:preferences to set it to "on" ("spoof locale"), in this session
 the "accepted languages" seem to be changed to only include en-us/en. But
 after closing and restarting Tor Browser my locale (de) is included again,
 although the checkbox setting is not changed. I first noticed this when
 visiting trac.torproject.org. What is even more weird: When I uncheck the
 box to delete "German [de]", after a restart it is there again,
 independent of the setting of the checkbox.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #25977 [Core Tor/Tor]: Cross-compiling tor rust for macOS is broken

[Tor Bug Tracker & Wiki]

#25977: Cross-compiling tor rust for macOS is broken
-+
 Reporter:  gk   |  Owner:  (none)
 Type:  defect   | Status:  merge_ready
 Priority:  Medium   |  Milestone:  Tor: 0.3.4.x-final
Component:  Core Tor/Tor |Version:
 Severity:  Normal   | Resolution:
 Keywords:  rust build 034-must  |  Actual Points:
Parent ID:  #25779   | Points:
 Reviewer:  catalyst |Sponsor:
-+
Changes (by catalyst):

 * status:  needs_review => merge_ready


Comment:

 Sibling ticket #25895 is merge_ready.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #25895 [Core Tor/Tor]: Cross-compiling tor rust for Windows is broken

[Tor Bug Tracker & Wiki]

#25895: Cross-compiling tor rust for Windows is broken
-+-
 Reporter:  gk   |  Owner:  Hello71
 Type:  defect   | Status:
 |  merge_ready
 Priority:  High |  Milestone:  Tor:
 |  0.3.4.x-final
Component:  Core Tor/Tor |Version:
 Severity:  Normal   | Resolution:
 Keywords:  rust, 034-proposed, tbb-wants,   |  Actual Points:
  033-backport, 034-roadmap-proposed,  034-must  |
Parent ID:  #25849   | Points:
 Reviewer:  catalyst |Sponsor:
-+-

Comment (by catalyst):

 I've checked that the compilation succeeds; I don't have a setup readily
 available to test the resulting binaries.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #25895 [Core Tor/Tor]: Cross-compiling tor rust for Windows is broken

[Tor Bug Tracker & Wiki]

#25895: Cross-compiling tor rust for Windows is broken
-+-
 Reporter:  gk   |  Owner:  Hello71
 Type:  defect   | Status:
 |  merge_ready
 Priority:  High |  Milestone:  Tor:
 |  0.3.4.x-final
Component:  Core Tor/Tor |Version:
 Severity:  Normal   | Resolution:
 Keywords:  rust, 034-proposed, tbb-wants,   |  Actual Points:
  033-backport, 034-roadmap-proposed,  034-must  |
Parent ID:  #25849   | Points:
 Reviewer:  catalyst |Sponsor:
-+-
Changes (by catalyst):

 * status:  needs_review => merge_ready


Comment:

 Thanks for the patches!  I rebased to maint-0.3.4, adjusted some variable
 names and error messages in the configure script, and squashed the
 commits.

 Pull request at:
 https://github.com/torproject/tor/pull/189

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #26537 [Applications/Tor Browser]: Do not build the NSIS uninstaller for Firefox during `mach build stage-package`

[Tor Bug Tracker & Wiki]

#26537: Do not build the NSIS uninstaller for Firefox during `mach build stage-
package`
--+--
 Reporter:  sukhbir   |  Owner:  tbb-team
 Type:  defect| Status:  new
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal|   Keywords:  ff60-esr
Actual Points:|  Parent ID:
   Points:|   Reviewer:
  Sponsor:|
--+--
 Bug #26319 addressed the issue not packaging the Firefox DMG or EXE during
 the `mach package` step by using `mach build stage-package`. However, we
 still have an additional patch which fixes the error where the build fails
 trying to find the NSIS file for creating the uninstaller:

 {{{
 31:23.55 update.locale
 31:25.74 cp: cannot stat 'instgen/helper.exe': No such file or directory
 31:25.74 /var/tmp/build/firefox-
 a0efd2fcd6e9/toolkit/mozapps/installer/windows/nsis/makensis.mk:99: recipe
 for target 'uninstaller' failed
 31:25.74 make[5]: *** [uninstaller] Error 1
 }}}

 See the patch in `8d1c4c396034b2a` (`projects/firefox/nsis-
 uninstall.patch`) which prevents the uninstaller from being built.

 We should find a proper way to fix this so that we don't lose track of it.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #26319 [Applications/Tor Browser]: Don't package up the whole Tor Browser in the `mach package` step

[Tor Bug Tracker & Wiki]

#26319: Don't package up the whole Tor Browser in the `mach package` step
-+-
 Reporter:  gk   |  Owner:  tbb-
 |  team
 Type:  defect   | Status:  closed
 Priority:  High |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:  fixed
 Keywords:  ff60-esr, TorBrowserTeam201806R, |  Actual Points:
  tbb-rbm|
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-

Comment (by sukhbir):

 For reference, #26537 is the bug for the uninstaller patch.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #26538 [Core Tor/Tor]: Extract various string, encoding, and formatting logic from config

[Tor Bug Tracker & Wiki]

#26538: Extract various string, encoding, and formatting logic from config
--+
 Reporter:  nickm |  Owner:  nickm
 Type:  defect| Status:  needs_review
 Priority:  Medium|  Milestone:  Tor: 0.3.5.x-final
Component:  Core Tor/Tor  |Version:
 Severity:  Normal| Resolution:
 Keywords:|  Actual Points:
Parent ID:  #26481| Points:
 Reviewer:|Sponsor:
--+
Changes (by nickm):

 * status:  assigned => needs_review


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #26538 [Core Tor/Tor]: Extract various string, encoding, and formatting logic from config

[Tor Bug Tracker & Wiki]

#26538: Extract various string, encoding, and formatting logic from config
--+
 Reporter:  nickm |  Owner:  nickm
 Type:  defect| Status:  assigned
 Priority:  Medium|  Milestone:  Tor: 0.3.5.x-final
Component:  Core Tor/Tor  |Version:
 Severity:  Normal|   Keywords:
Actual Points:|  Parent ID:  #26481
   Points:|   Reviewer:
  Sponsor:|
--+
 See branch `format_refactor`, with PR at
 https://github.com/torproject/tor/pull/190

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #26516 [Community]: Infinite redirect at https://blog.torproject.org/tor-browser-756-released

[Tor Bug Tracker & Wiki]

#26516: Infinite redirect at 
https://blog.torproject.org/tor-browser-756-released
---+
 Reporter:  pm |  Owner:  alison
 Type:  defect | Status:  closed
 Priority:  Medium |  Milestone:
Component:  Community  |Version:
 Severity:  Normal | Resolution:  fixed
 Keywords: |  Actual Points:
Parent ID: | Points:
 Reviewer: |Sponsor:
---+
Changes (by boklm):

 * status:  new => closed
 * resolution:   => fixed


Comment:

 It seems to be fixed now.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #26500 [Applications/Tor Browser]: tor circuit display's relay icon is in the wrong place for RTL locales

[Tor Bug Tracker & Wiki]

#26500: tor circuit display's relay icon is in the wrong place for RTL locales
--+--
 Reporter:  arthuredelstein   |  Owner:  tbb-team
 Type:  defect| Status:  closed
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:  fixed
 Keywords:  TorBrowserTeam201806R |  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+--
Changes (by gk):

 * status:  needs_review => closed
 * resolution:   => fixed


Comment:

 Applied to `master` (commit b61ed65010816c8ceb4361dbd02a278347dca91b),
 thanks!

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #21349 [Core Tor/Tor]: Split up very long functions in entrynodes.c

[Tor Bug Tracker & Wiki]

#21349: Split up very long functions in entrynodes.c
+--
 Reporter:  nickm   |  Owner:  rl1987
 Type:  defect  | Status:
|  needs_revision
 Priority:  Medium  |  Milestone:  Tor:
|  unspecified
Component:  Core Tor/Tor|Version:
 Severity:  Minor   | Resolution:
 Keywords:  refactor technical-debt tor-client  |  Actual Points:
Parent ID:  | Points:
 Reviewer:  asn |Sponsor:
+--
Changes (by asn):

 * status:  needs_review => needs_revision


Comment:

 Review done in the PR!

 Extremely good work here by rl1987 and really good simplifications all
 around!

 My review comments are mainly code-style and code-improvements, since I
 didn't manage to find a bug. The branch also needs to be rebased to latest
 master, since it doesn't merge cleanly currently because of all the
 various modularization improvements.

 Thanks!

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #26536 [Applications/Tor Browser]: Create APK signing keys

[Tor Bug Tracker & Wiki]

#26536: Create APK signing keys
--+
 Reporter:  sysrqb|  Owner:  tbb-team
 Type:  task  | Status:  new
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal|   Keywords:  tbb-mobile
Actual Points:|  Parent ID:  #26531
   Points:|   Reviewer:
  Sponsor:|
--+
 This is the ticket so we can decide how we create it, where we store it,
 what mechanisms can we use for securing it.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #26535 [Core Tor/Tor]: Appveyor fails test_ntor.sh and test_hs_ntor.sh

[Tor Bug Tracker & Wiki]

#26535: Appveyor fails test_ntor.sh and test_hs_ntor.sh
-+
 Reporter:  asn  |  Owner:  (none)
 Type:  defect   | Status:  new
 Priority:  High |  Milestone:  Tor: 0.3.4.x-final
Component:  Core Tor/Tor |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tor-ci appveyor  |  Actual Points:
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+
Changes (by nickm):

 * priority:  Medium => High


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #26535 [Core Tor/Tor]: Appveyor fails test_ntor.sh and test_hs_ntor.sh

[Tor Bug Tracker & Wiki]

#26535: Appveyor fails test_ntor.sh and test_hs_ntor.sh
-+
 Reporter:  asn  |  Owner:  (none)
 Type:  defect   | Status:  new
 Priority:  Medium   |  Milestone:  Tor: 0.3.4.x-final
Component:  Core Tor/Tor |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tor-ci appveyor  |  Actual Points:
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+

Comment (by nickm):

 I wonder if this is related to our recent change in #26372.

 If so we might need to backport a fix for this.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #26425 [Core Tor/Tor]: Add functionality to set SNI for client connections

[Tor Bug Tracker & Wiki]

#26425: Add functionality to set SNI for client connections
--+---
 Reporter:  twim  |  Owner:  (none)
 Type:  enhancement   | Status:  needs_information
 Priority:  Medium|  Milestone:
Component:  Core Tor/Tor  |Version:
 Severity:  Normal| Resolution:
 Keywords:|  Actual Points:
Parent ID:| Points:
 Reviewer:  asn   |Sponsor:
--+---

Comment (by arma):

 What about a design where Tor has a pool of 20 SNIs, and chooses between
 them, as its default behavior?

 Or it flips a coin and either picks an SNI from the pool, or fabricates a
 fake one like the current behavior.

 Neither of those strategies will make Tor traffic blend in particularly
 well, but both of them would let a user behind twim's firewall use Tor
 out-of-the-box.

 (I guess they could both help with fingerprinting Tor in other ways
 though? Like, "find out if the domain they claim to be going to is
 associated with that other IP address". But, "that domain they claim to be
 going to doesn't even resolve" is a pretty strong indicator as it is.)

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #26534 [Core Tor/Tor]: Split file-access and filesystem-access stuff into its own library

[Tor Bug Tracker & Wiki]

#26534: Split file-access and filesystem-access stuff into its own library
--+
 Reporter:  nickm |  Owner:  nickm
 Type:  defect| Status:  closed
 Priority:  Medium|  Milestone:  Tor: 0.3.5.x-final
Component:  Core Tor/Tor  |Version:
 Severity:  Normal| Resolution:  implemented
 Keywords:  refactoring   |  Actual Points:
Parent ID:  #26481| Points:
 Reviewer:  dgoulet   |Sponsor:  Sponsor3-can
--+
Changes (by nickm):

 * status:  merge_ready => closed
 * resolution:   => implemented


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #26534 [Core Tor/Tor]: Split file-access and filesystem-access stuff into its own library

[Tor Bug Tracker & Wiki]

#26534: Split file-access and filesystem-access stuff into its own library
--+
 Reporter:  nickm |  Owner:  nickm
 Type:  defect| Status:  merge_ready
 Priority:  Medium|  Milestone:  Tor: 0.3.5.x-final
Component:  Core Tor/Tor  |Version:
 Severity:  Normal| Resolution:
 Keywords:  refactoring   |  Actual Points:
Parent ID:  #26481| Points:
 Reviewer:  dgoulet   |Sponsor:  Sponsor3-can
--+

Comment (by nickm):

 Merging to master!

 (The issue with win32err.c is that it can't go in err, since that's at a
 lower level than malloc, and the function needs malloc.)

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #26533 [Core Tor/Tor]: Extract sandbox module into its own library

[Tor Bug Tracker & Wiki]

#26533: Extract sandbox module into its own library
--+
 Reporter:  nickm |  Owner:  nickm
 Type:  defect| Status:  closed
 Priority:  Medium|  Milestone:  Tor: 0.3.5.x-final
Component:  Core Tor/Tor  |Version:
 Severity:  Normal| Resolution:  implemented
 Keywords:  refactoring   |  Actual Points:
Parent ID:  #26481| Points:
 Reviewer:  dgoulet   |Sponsor:  Sponsor3-can
--+
Changes (by nickm):

 * status:  merge_ready => closed
 * resolution:   => implemented


Comment:

 woo; merging!

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #26535 [Core Tor/Tor]: Appveyor fails test_ntor.sh and test_hs_ntor.sh

[Tor Bug Tracker & Wiki]

#26535: Appveyor fails test_ntor.sh and test_hs_ntor.sh
-+
 Reporter:  asn  |  Owner:  (none)
 Type:  defect   | Status:  new
 Priority:  Medium   |  Milestone:  Tor: 0.3.4.x-final
Component:  Core Tor/Tor |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tor-ci appveyor  |  Actual Points:
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+
Changes (by dgoulet):

 * component:  Core Tor/TorDNSEL => Core Tor/Tor


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #26534 [Core Tor/Tor]: Split file-access and filesystem-access stuff into its own library

[Tor Bug Tracker & Wiki]

#26534: Split file-access and filesystem-access stuff into its own library
--+
 Reporter:  nickm |  Owner:  nickm
 Type:  defect| Status:  merge_ready
 Priority:  Medium|  Milestone:  Tor: 0.3.5.x-final
Component:  Core Tor/Tor  |Version:
 Severity:  Normal| Resolution:
 Keywords:  refactoring   |  Actual Points:
Parent ID:  #26481| Points:
 Reviewer:  dgoulet   |Sponsor:  Sponsor3-can
--+
Changes (by dgoulet):

 * cc: dgoulet (removed)
 * reviewer:   => dgoulet
 * status:  needs_review => merge_ready
 * keywords:   => refactoring


Comment:

 One single comment. Feel free to merge if you don't agree.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #26533 [Core Tor/Tor]: Extract sandbox module into its own library

[Tor Bug Tracker & Wiki]

#26533: Extract sandbox module into its own library
--+
 Reporter:  nickm |  Owner:  nickm
 Type:  defect| Status:  merge_ready
 Priority:  Medium|  Milestone:  Tor: 0.3.5.x-final
Component:  Core Tor/Tor  |Version:
 Severity:  Normal| Resolution:
 Keywords:  refactoring   |  Actual Points:
Parent ID:  #26481| Points:
 Reviewer:  dgoulet   |Sponsor:  Sponsor3-can
--+
Changes (by dgoulet):

 * cc: dgoulet (removed)
 * reviewer:   => dgoulet
 * status:  needs_review => merge_ready
 * keywords:   => refactoring


Comment:

 Simple enough. I've reviewed only the last 4 commits since the others were
 merged upstream earlier.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #26425 [Core Tor/Tor]: Add functionality to set SNI for client connections

[Tor Bug Tracker & Wiki]

#26425: Add functionality to set SNI for client connections
--+---
 Reporter:  twim  |  Owner:  (none)
 Type:  enhancement   | Status:  needs_information
 Priority:  Medium|  Milestone:
Component:  Core Tor/Tor  |Version:
 Severity:  Normal| Resolution:
 Keywords:|  Actual Points:
Parent ID:| Points:
 Reviewer:  asn   |Sponsor:
--+---
Changes (by asn):

 * status:  needs_review => needs_information


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #26425 [Core Tor/Tor]: Add functionality to set SNI for client connections

[Tor Bug Tracker & Wiki]

#26425: Add functionality to set SNI for client connections
--+--
 Reporter:  twim  |  Owner:  (none)
 Type:  enhancement   | Status:  needs_review
 Priority:  Medium|  Milestone:
Component:  Core Tor/Tor  |Version:
 Severity:  Normal| Resolution:
 Keywords:|  Actual Points:
Parent ID:| Points:
 Reviewer:  asn   |Sponsor:
--+--

Comment (by arma):

 I can't imagine normal users would have any chance of figuring out that
 they need to set this option, and then picking a good option for it.

 I would be a bit happier with some sort of adaptive "oh I'm in this
 network situation, I need to set my SNI like this" algorithm that Tor just
 does for you. But for that case I would be worried about a network that
 induces changes in SNI behavior, to confirm that you're being a Tor
 client.

 Did we get an answer to "which firewalls?"

 Tor (that is, the vanilla Tor protocol) isn't doing very well these days
 at imitating real TLS from real browsers. That arms race has mainly
 shifted to pluggable transports.

 Big picture: if we think we can fix things for a lot of users here, we
 should try to do it. But if adding this patch will fix things for
 approximately zero users, maybe we should send those people to use
 pluggable transports instead.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #26535 [Core Tor/TorDNSEL]: Appveyor fails test_ntor.sh and test_hs_ntor.sh

[Tor Bug Tracker & Wiki]

#26535: Appveyor fails test_ntor.sh and test_hs_ntor.sh
---+
 Reporter:  asn|  Owner:  (none)
 Type:  defect | Status:  new
 Priority:  Medium |  Milestone:  Tor: 0.3.4.x-final
Component:  Core Tor/TorDNSEL  |Version:
 Severity:  Normal |   Keywords:  tor-ci appveyor
Actual Points: |  Parent ID:
   Points: |   Reviewer:
  Sponsor: |
---+
 {{{
 FAIL: src/test/test_ntor.sh
 2571===
 2572
 2573Traceback (most recent call last):
 2574  File "C:/projects/tor/i686-w64-mingw32/../src/test/ntor_ref.py",
 line 402, in 
 2575test_tor()
 2576  File "C:/projects/tor/i686-w64-mingw32/../src/test/ntor_ref.py",
 line 368, in test_tor
 2577c2s_msg, c_state = tor_client1(node_id, pubkey_B)
 2578  File "C:/projects/tor/i686-w64-mingw32/../src/test/ntor_ref.py",
 line 347, in tor_client1
 2579stdout=subprocess.PIPE)
 2580  File "C:\msys64\mingw32\lib\python3.6\subprocess.py", line 709, in
 __init__
 2581restore_signals, start_new_session)
 2582  File "C:\msys64\mingw32\lib\python3.6\subprocess.py", line 971, in
 _execute_child
 2583args = list2cmdline(args)
 2584  File "C:\msys64\mingw32\lib\python3.6\subprocess.py", line 461, in
 list2cmdline
 2585needquote = (" " in arg) or ("\t" in arg) or not arg
 2586TypeError: a bytes-like object is required, not 'str'
 2587OK
 2588FAIL src/test/test_ntor.sh (exit status: 1)
 2589
 2590

 FAIL: src/test/test_hs_ntor.sh
 2591==
 2592
 2593DONE: python dance
 
[b'Cc\x0e"k\'*\xc4\x8a\x18\xc2\xfcN\xac\x8e(\xaa\x14\xb1\xccqqCN"\x9f\x9b\xd5W@\x94O']
 2594Traceback (most recent call last):
 2595  File "C:/projects/tor/i686-w64-mingw32/../src/test/hs_ntor_ref.py",
 line 424, in 
 2596do_little_t_tor_ntor_test()
 2597  File "C:/projects/tor/i686-w64-mingw32/../src/test/hs_ntor_ref.py",
 line 310, in do_little_t_tor_ntor_test
 2598client_ephemeral_enc_privkey, subcredential)
 2599  File "C:/projects/tor/i686-w64-mingw32/../src/test/hs_ntor_ref.py",
 line 248, in tor_client1
 2600stdout=subprocess.PIPE)
 2601  File "C:\msys64\mingw32\lib\python3.6\subprocess.py", line 709, in
 __init__
 2602restore_signals, start_new_session)
 2603  File "C:\msys64\mingw32\lib\python3.6\subprocess.py", line 971, in
 _execute_child
 2604args = list2cmdline(args)
 2605  File "C:\msys64\mingw32\lib\python3.6\subprocess.py", line 461, in
 list2cmdline
 2606needquote = (" " in arg) or ("\t" in arg) or not arg
 2607TypeError: a bytes-like object is required, not 'str'
 2608FAIL src/test/test_hs_ntor.sh (exit status: 1)
 2609
 2610
 }}}

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #20628 [Applications/Tor Browser]: More locales for Tor Browser

[Tor Bug Tracker & Wiki]

#20628: More locales for Tor Browser
-+-
 Reporter:  arthuredelstein  |  Owner:  tbb-
 |  team
 Type:  defect   | Status:  closed
 Priority:  Medium   |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:  fixed
 Keywords:  tbb-torbutton, tbb-easy, ux-team,|  Actual Points:
  TorBrowserTeam201806   |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-

Comment (by boklm):

 Replying to [comment:19 boklm]:
 > Replying to [comment:16 arthuredelstein]:
 > > https://github.com/arthuredelstein/webml/commit/20628
 >
 > It looks like this commit is adding the new locales to the stable tor
 release instead of the alpha.

 This should be fixed by commits `18744ca9013c74fe9aa7dcee629ce6cc639127bc`
 and `18744ca9013c74fe9aa7dcee629ce6cc639127bc`.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #26528 [Applications/Tor Browser]: App stores should not be allowed to use UpdateService

[Tor Bug Tracker & Wiki]

#26528: App stores should not be allowed to use UpdateService
--+--
 Reporter:  igt0  |  Owner:  tbb-team
 Type:  task  | Status:  needs_review
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:
 Keywords:  tbb-mobile|  Actual Points:
Parent ID:  #26242| Points:
 Reviewer:|Sponsor:
--+--

Comment (by igt0):

 Replying to [comment:2 sysrqb]:
 > Nice. We'll want a different name than `INSTALLER_ORFOX`, and I think
 we'll need our own f-droid repository, too. The Guardian Project run their
 own repo, but I don't remember the specific reasons why the main f-droid
 repo won't accept their apps.
 >

 Indeed `INSTALLER_ORFOX` should be `INSTALLER_FDROID`.


 > I thought about disabling using a different method by excluding the
 updater at compile-time. Unfortunately, this results in different APKs
 [0]. It's conditionally included using an environment variable.
 >
 > {{{
 > if [ -z "${TB_BUILD_WITH_UPDATER}" ]; then
 > # Because Google Play will likely be the primary distribution medium,
 > # we disable updating and rely on Google Play by default. The
 > # Developer Policy explicitly prohibits in-app updating:
 > #An app distributed via Google Play may not modify, replace, or
 > #update itself using any method other than Google Plays update
 > #mechanism.
 > # https://play.google.com/about/privacy-security-deception/malicious-
 behavior/
 >
 > ac_add_options --disable-tor-browser-update
 > ac_add_options --disable-signmar
 > ac_add_options --disable-verify-mar
 > fi
 > }}}
 >
 > [0] https://gitweb.torproject.org/user/sysrqb/tor-browser.git/tree
 /.mozconfig-android?h=tor-browser-60.1.0esr-8.0-1%2b26401#n22


 Yeah, Mozilla has the same challenge[0].

 [0] https://bugzilla.mozilla.org/show_bug.cgi?id=690820

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #20628 [Applications/Tor Browser]: More locales for Tor Browser

[Tor Bug Tracker & Wiki]

#20628: More locales for Tor Browser
-+-
 Reporter:  arthuredelstein  |  Owner:  tbb-
 |  team
 Type:  defect   | Status:  closed
 Priority:  Medium   |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:  fixed
 Keywords:  tbb-torbutton, tbb-easy, ux-team,|  Actual Points:
  TorBrowserTeam201806   |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-

Comment (by boklm):

 Replying to [comment:16 arthuredelstein]:
 > https://github.com/arthuredelstein/webml/commit/20628

 It looks like this commit is adding the new locales to the stable tor
 release instead of the alpha.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #12968 [Applications/Tor Browser]: Specify HEASLR (High Entropy Address Space Layout Randomization) in MinGW-w64

[Tor Bug Tracker & Wiki]

#12968: Specify HEASLR (High Entropy Address Space Layout Randomization) in
MinGW-w64
-+-
 Reporter:  mikeperry|  Owner:  tbb-
 |  team
 Type:  enhancement  | Status:
 |  needs_revision
 Priority:  High |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tbb-security, tbb-rbm, ff60-esr, |  Actual Points:
  TorBrowserTeam201806, boklm201806  |
Parent ID:  #24631   | Points:
 Reviewer:   |Sponsor:
-+-

Comment (by sukhbir):

 As an update, I have been trying to build and find a solution for this
 with boklm's changes above, and it fails with a similar error to the one
 boklm had.

 As per the `ffmpeg` commit, they apply `--image-base,0x14000` to get a
 higher entropy for HEASLR. Since that is not working for us, how about we
 just go with `-Wl,--high-entropy-va` for now till we find a solution?

 There are other "solutions", that use `-Wl,--image-base,0x1000`
 instead (and rebase the address later?) and that seems to work, for the
 build and for the final EXE as well. However, this comes with its own set
 of caveats: https://www.cygwin.com/ml/cygwin-apps/2013-05/msg00134.html is
 the thread that talks about this.

 For inspecting the binary, as per https://bugs.debian.org/cgi-
 bin/bugreport.cgi?bug=836365, I inspected both with `-Wl,--image-
 base,0x1000` and `-Wl,--high-entropy-va`:

 {{{
 $ readpe firefox.exe | grep DLL
 DLL characteristics: 0x160
 }}}

 Indicates that HEASLR was applied in both cases, so if anything, we lose
 out on the extra entropy?

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #26401 [Applications/Tor Browser]: Rebase Orfox patches onto Tor Browser 8.0 for TBA

[Tor Bug Tracker & Wiki]

#26401: Rebase Orfox patches onto Tor Browser 8.0 for TBA
--+--
 Reporter:  sysrqb|  Owner:  tbb-team
 Type:  task  | Status:  new
 Priority:  Very High |  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:
 Keywords:  tbb-mobile|  Actual Points:
Parent ID:  #26531| Points:
 Reviewer:|Sponsor:
--+--
Changes (by arthuredelstein):

 * cc: arthuredelstein (added)


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] [Tor Bug Tracker & Wiki] Batch modify: #21863, #24796, #25363, #25364, ...

[Tor Bug Tracker & Wiki]

Batch modification to #21863, #24796, #25363, #25364, #25366, #25367, #25696, 
#25703, #25906, #26318, #26336, #26401 by sysrqb:
parent to #26531

Comment:
Required for first alpha.

--
Tickets URL: 

Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #25999 [Core Tor/Stem]: Build an abstraction layer over different consensus flavours

[Tor Bug Tracker & Wiki]

#25999: Build an abstraction layer over different consensus flavours
---+---
 Reporter:  teor   |  Owner:  atagar
 Type:  enhancement| Status:  needs_information
 Priority:  Medium |  Milestone:
Component:  Core Tor/Stem  |Version:
 Severity:  Normal | Resolution:
 Keywords:  descriptor |  Actual Points:
Parent ID: | Points:
 Reviewer: |Sponsor:
---+---

Comment (by atagar):

 Hi teor, interesting idea. In Stem I could provide a higher level 'Relay'
 class that lazy loads whatever descriptors it needs to get commonly
 desired data (exit policy, contact info, etc). This would need to be based
 on stem.descriptor.remote (the controller interface relies too much on
 caching and the client's torrc to be reliable).

 Honestly I wonder if we should rethink our dir-spec more fundamentally.
 It's grown organically and honestly the myriad of documents is more
 confusing than it probably needs to be.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #26520 [Applications/Tor Browser]: NoScript is broken with TOR_SKIP_LAUNCH=1 in ESR 60-based Tor Browser

[Tor Bug Tracker & Wiki]

#26520: NoScript is broken with TOR_SKIP_LAUNCH=1 in ESR 60-based Tor Browser
+--
 Reporter:  gk  |  Owner:  tbb-team
 Type:  defect  | Status:  new
 Priority:  Very High   |  Milestone:
Component:  Applications/Tor Browser|Version:
 Severity:  Normal  | Resolution:
 Keywords:  ff60-esr, TorBrowserTeam201806  |  Actual Points:
Parent ID:  | Points:
 Reviewer:  |Sponsor:
+--

Comment (by arthuredelstein):

 Thanks, rustybird! I can reproduce this. The cause of the reported error
 is that NoScript starts (or at least starts listening for messages) later
 than torbutton tries to send startup settings. Unfortunately I haven't
 figured out yet how to determine when NoScript is ready to receive
 messages.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #26531 [Applications/Tor Browser]: Create First Tor Browser for Android Alpha Release

[Tor Bug Tracker & Wiki]

#26531: Create First Tor Browser for Android Alpha Release
--+--
 Reporter:  sysrqb|  Owner:  tbb-team
 Type:  project   | Status:  new
 Priority:  Very High |  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:
 Keywords:  tbb-mobile|  Actual Points:
Parent ID:  #5709 | Points:
 Reviewer:|Sponsor:
--+--

Comment (by sysrqb):

 Must complete:
  1. The first alpha should not be based on Firefox ESR but on the regular
 release channel which we tend to follow for the mobile Tor Browser
  1. We need to make sure there are no proxy bypasses possible
  1. We need good hints for our users that this is an alpha, possibly
 showing the missing features (UX team help)
  1. Rebrand Orfox -> Tor Browser

 Must Do:
  a. What do we want to do with the updater/updating users in case we want
 to not only use Google's Play Store but have the browser available in
  F-Droid and on our website as well?
  b. Are the first-party-isolation and fingerprinting defenses on Android
 working if the respective preferences are flipped?

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #26534 [Core Tor/Tor]: Split file-access and filesystem-access stuff into its own library

[Tor Bug Tracker & Wiki]

#26534: Split file-access and filesystem-access stuff into its own library
--+
 Reporter:  nickm |  Owner:  nickm
 Type:  defect| Status:  needs_review
 Priority:  Medium|  Milestone:  Tor: 0.3.5.x-final
Component:  Core Tor/Tor  |Version:
 Severity:  Normal| Resolution:
 Keywords:|  Actual Points:
Parent ID:  #26481| Points:
 Reviewer:|Sponsor:  Sponsor3-can
--+
Changes (by nickm):

 * status:  assigned => needs_review


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #26534 [Core Tor/Tor]: Split file-access and filesystem-access stuff into its own library

[Tor Bug Tracker & Wiki]

#26534: Split file-access and filesystem-access stuff into its own library
--+
 Reporter:  nickm |  Owner:  nickm
 Type:  defect| Status:  assigned
 Priority:  Medium|  Milestone:  Tor: 0.3.5.x-final
Component:  Core Tor/Tor  |Version:
 Severity:  Normal|   Keywords:
Actual Points:|  Parent ID:  #26481
   Points:|   Reviewer:
  Sponsor:  Sponsor3-can  |
--+
 Okay, this branch is `fs_refactor`.

 It's based on my sandbox_refactor branch (see #26533) , so I made a PR at
 https://github.com/nmathewson/tor/pull/1 if you only want to see the
 changes since that branch.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #26533 [Core Tor/Tor]: Extract sandbox module into its own library

[Tor Bug Tracker & Wiki]

#26533: Extract sandbox module into its own library
--+
 Reporter:  nickm |  Owner:  nickm
 Type:  defect| Status:  needs_review
 Priority:  Medium|  Milestone:  Tor: 0.3.5.x-final
Component:  Core Tor/Tor  |Version:
 Severity:  Normal| Resolution:
 Keywords:|  Actual Points:
Parent ID:  #26481| Points:
 Reviewer:|Sponsor:  Sponsor3-can
--+
Changes (by nickm):

 * status:  assigned => needs_review


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #26533 [Core Tor/Tor]: Extract sandbox module into its own library

[Tor Bug Tracker & Wiki]

#26533: Extract sandbox module into its own library
--+
 Reporter:  nickm |  Owner:  nickm
 Type:  defect| Status:  assigned
 Priority:  Medium|  Milestone:  Tor: 0.3.5.x-final
Component:  Core Tor/Tor  |Version:
 Severity:  Normal|   Keywords:
Actual Points:|  Parent ID:  #26481
   Points:|   Reviewer:
  Sponsor:  Sponsor3-can  |
--+
 See branch `sandbox_refactor` , with PR at
 https://github.com/torproject/tor/pull/188

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #26524 [Core Tor/Tor]: Extract network utilities into a new library

[Tor Bug Tracker & Wiki]

#26524: Extract network utilities into a new library
--+
 Reporter:  nickm |  Owner:  nickm
 Type:  defect| Status:  closed
 Priority:  Medium|  Milestone:  Tor: 0.3.5.x-final
Component:  Core Tor/Tor  |Version:
 Severity:  Normal| Resolution:  implemented
 Keywords:  refactoring   |  Actual Points:
Parent ID:  #26481| Points:
 Reviewer:  dgoulet   |Sponsor:  Sponsor3-can
--+
Changes (by nickm):

 * status:  needs_revision => closed
 * resolution:   => implemented


Comment:

 Answered review comments; opened #26532; merging!

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #26520 [Applications/Tor Browser]: NoScript is broken with TOR_SKIP_LAUNCH=1 in ESR 60-based Tor Browser

[Tor Bug Tracker & Wiki]

#26520: NoScript is broken with TOR_SKIP_LAUNCH=1 in ESR 60-based Tor Browser
+--
 Reporter:  gk  |  Owner:  tbb-team
 Type:  defect  | Status:  new
 Priority:  Very High   |  Milestone:
Component:  Applications/Tor Browser|Version:
 Severity:  Normal  | Resolution:
 Keywords:  ff60-esr, TorBrowserTeam201806  |  Actual Points:
Parent ID:  | Points:
 Reviewer:  |Sponsor:
+--

Comment (by rustybird):

 Just to clarify: NoScript itself doesn't appear to be broken - only the
 communication between TorButton and NoScript.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #26532 [Core Tor/Tor]: Combine ipv4.h and ipv6.h into address.h?

[Tor Bug Tracker & Wiki]

#26532: Combine ipv4.h and ipv6.h into address.h?
--+
 Reporter:  nickm |  Owner:  (none)
 Type:  defect| Status:  new
 Priority:  Low   |  Milestone:  Tor: 0.3.5.x-final
Component:  Core Tor/Tor  |Version:
 Severity:  Normal|   Keywords:
Actual Points:|  Parent ID:  #26481
   Points:|   Reviewer:
  Sponsor:|
--+
 Suggested during a review.  I'm not sure about this; I could go either
 way.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #26531 [Applications/Tor Browser]: Create First Tor Browser for Android Alpha Release

[Tor Bug Tracker & Wiki]

#26531: Create First Tor Browser for Android Alpha Release
--+
 Reporter:  sysrqb|  Owner:  tbb-team
 Type:  project   | Status:  new
 Priority:  Very High |  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal|   Keywords:  tbb-mobile
Actual Points:|  Parent ID:  #5709
   Points:|   Reviewer:
  Sponsor:|
--+
 This is the parent ticket so we can collect all the dependencies in one
 place and we know when we're done. This will be a subset of the tickets
 needed for #5709.

 Based on the thread from the discussion we has in Rome:
 https://lists.torproject.org/pipermail/tbb-dev/2018-March/000814.html

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #26494 [Core Tor/Tor]: Resolve containers<->logs circular dependency

[Tor Bug Tracker & Wiki]

#26494: Resolve containers<->logs circular dependency
--+
 Reporter:  nickm |  Owner:  nickm
 Type:  defect| Status:  closed
 Priority:  Medium|  Milestone:  Tor: 0.3.5.x-final
Component:  Core Tor/Tor  |Version:
 Severity:  Normal| Resolution:  fixed
 Keywords:  refactoring   |  Actual Points:
Parent ID:  #26481| Points:
 Reviewer:  dgoulet   |Sponsor:  Sponsor3
--+
Changes (by nickm):

 * status:  merge_ready => closed
 * resolution:   => fixed


Comment:

 Merged!

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #26317 [Applications/Tor Browser]: Orfox App is not allowing the users to save images

[Tor Bug Tracker & Wiki]

#26317: Orfox App is not allowing the users to save images
--+---
 Reporter:  fabiola.mauriceh@…|  Owner:  tbb-team
 Type:  defect| Status:  needs_information
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:
 Keywords:  tbb-mobile|  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+---

Comment (by sysrqb):

 `Fennec-52.7.3esr/TorBrowser-7.5.3/Orfox-1.5.2-RC-1`
 Installed from F-Droid

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #26317 [Applications/Tor Browser]: Orfox App is not allowing the users to save images

[Tor Bug Tracker & Wiki]

#26317: Orfox App is not allowing the users to save images
--+---
 Reporter:  fabiola.mauriceh@…|  Owner:  tbb-team
 Type:  defect| Status:  needs_information
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:
 Keywords:  tbb-mobile|  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+---
Changes (by sysrqb):

 * status:  new => needs_information


Comment:

 Thanks for reporting this! Sorry for the delay. I can reproduce this by:
  1. finding an image on any webpage
  1. long-tapping on the image
  1. Tapping "Save Image"

 Expected result: Orfox downloads the image

 Actual result: Nothing happens.

 This is significantly worse when the user taps "share image" because the
 app crashes - I opened #26530 for this.

 `Needs more information` because this needs further investigation on by
 us.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #26530 [Applications/Tor Browser]: Orfox crashes when a user shares an image

[Tor Bug Tracker & Wiki]

#26530: Orfox crashes when a user shares an image
--+
 Reporter:  sysrqb|  Owner:  tbb-team
 Type:  defect| Status:  new
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal|   Keywords:  tbb-mobile
Actual Points:|  Parent ID:
   Points:|   Reviewer:
  Sponsor:|
--+
 Steps to reproduce:
  1. Go to any webpage
  1. Long-tap on an image
  1. Tap "Share Image"

 Expected result: App Chooser is shown
 Actual Result: App crashes

 Found after reproducing #26317.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #26523 [Core Tor/Tor]: HSPOST command doesn't parse HSADDRESS argument

[Tor Bug Tracker & Wiki]

#26523: HSPOST command doesn't parse HSADDRESS argument
-+
 Reporter:  akwizgran|  Owner:  (none)
 Type:  defect   | Status:  merge_ready
 Priority:  Medium   |  Milestone:  Tor: 0.3.4.x-final
Component:  Core Tor/Tor |Version:  Tor: 0.3.4.3-alpha
 Severity:  Normal   | Resolution:
 Keywords:  tor-hs, tor-control  |  Actual Points:
Parent ID:   | Points:
 Reviewer:  dgoulet  |Sponsor:
-+
Changes (by dgoulet):

 * keywords:   => tor-hs, tor-control
 * reviewer:   => dgoulet
 * status:  needs_review => merge_ready


Comment:

 Yes I think a backport would be needed since the `HSPOST` command is
 basically not working for HSv3.

 The 033 branch: `bug26523_033_01`
 Applies correctly to 034.

 Thanks akwizgran!

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #25659 [Applications/Tor Browser]: Race-condition loading add-ons in Orfox

[Tor Bug Tracker & Wiki]

#25659: Race-condition loading add-ons in Orfox
--+
 Reporter:  sysrqb|  Owner:  tbb-team
 Type:  defect| Status:  closed
 Priority:  High  |  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:  worksforme
 Keywords:  tbb-mobile|  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+
Changes (by sysrqb):

 * status:  needs_information => closed
 * resolution:   => worksforme


Comment:

 We can't reproduce this anymore.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #26529 [Applications/Torbutton]: TBA - Notify user about possible proxy-bypass before opening external app

[Tor Bug Tracker & Wiki]

#26529: TBA - Notify user about possible proxy-bypass before opening external 
app
+
 Reporter:  sysrqb  |  Owner:  (none)
 Type:  defect  | Status:  new
 Priority:  High|  Milestone:
Component:  Applications/Torbutton  |Version:
 Severity:  Normal  | Resolution:
 Keywords:  tbb-mobile  |  Actual Points:
Parent ID:  #24855  | Points:
 Reviewer:  |Sponsor:
+
Changes (by sysrqb):

 * parent:   => #24855


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #26252 [Applications/Tor Browser]: Orfox leaks actual IP address when downloading

[Tor Bug Tracker & Wiki]

#26252: Orfox leaks actual IP address when downloading
--+---
 Reporter:  Chai T. Rex   |  Owner:  n8fr8
 Type:  defect| Status:  closed
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Critical  | Resolution:  not a bug
 Keywords:  tbb-mobile, tbb-proxy-bypass  |  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+---
Changes (by sysrqb):

 * status:  needs_information => closed
 * resolution:   => not a bug


Comment:

 Replying to [comment:7 Chai T. Rex]:
 > Yes, I was trying to open it with the default video player application
 both times. I've retried with the Orfox downloader instead and the IP
 address no longer leaks.
 >
 > Could Orfox generate a warning message when an external application is
 about to be invoked in a way that could leak the IP address?

 Yes, I agree, thanks for reporting this! I opened #26529 for implementing
 that.

 I'm closing this as `not a bug` because this isn't a proxy-bypass within
 Orfox, itself. This is a general usability problem that we'll improve in
 #26529.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #26529 [Applications/Torbutton]: TBA - Notify user about possible proxy-bypass before opening external app

[Tor Bug Tracker & Wiki]

#26529: TBA - Notify user about possible proxy-bypass before opening external 
app
+
 Reporter:  sysrqb  |  Owner:  (none)
 Type:  defect  | Status:  new
 Priority:  High|  Milestone:
Component:  Applications/Torbutton  |Version:
 Severity:  Normal  |   Keywords:  tbb-mobile
Actual Points:  |  Parent ID:
   Points:  |   Reviewer:
  Sponsor:  |
+
 igt0 and I already discussed this, but I don't see a ticket for this.
 Torbutton currently does this when the user asks Tor Browser to open a
 file. I doubt we can continue relying on `Ci.nsIHelperAppWarningDialog`
 for this, so we'll likely need another method for catching this action.

 I'm putting this into torbutton's component category for now, because that
 is where we catch this situation on desktop, but we may need to implement
 something directly within fennec, on mobile.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #26528 [Applications/Tor Browser]: App stores should not be allowed to use UpdateService

[Tor Bug Tracker & Wiki]

#26528: App stores should not be allowed to use UpdateService
--+--
 Reporter:  igt0  |  Owner:  tbb-team
 Type:  task  | Status:  needs_review
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:
 Keywords:  tbb-mobile|  Actual Points:
Parent ID:  #26242| Points:
 Reviewer:|Sponsor:
--+--

Comment (by sysrqb):

 Nice. We'll want a different name than `INSTALLER_ORFOX`, and I think
 we'll need our own f-droid repository, too. The Guardian Project run their
 own repo, but I don't remember the specific reasons why the main f-droid
 repo won't accept their apps.

 I thought about disabling using a different method by excluding the
 updater at compile-time. Unfortunately, this results in different APKs
 [0]. It's conditionally included using an environment variable.

 {{{
 if [ -z "${TB_BUILD_WITH_UPDATER}" ]; then
 # Because Google Play will likely be the primary distribution medium,
 # we disable updating and rely on Google Play by default. The
 # Developer Policy explicitly prohibits in-app updating:
 #An app distributed via Google Play may not modify, replace, or
 #update itself using any method other than Google Plays update
 #mechanism.
 # https://play.google.com/about/privacy-security-deception/malicious-
 behavior/

 ac_add_options --disable-tor-browser-update
 ac_add_options --disable-signmar
 ac_add_options --disable-verify-mar
 fi
 }}}

 [0] https://gitweb.torproject.org/user/sysrqb/tor-browser.git/tree
 /.mozconfig-android?h=tor-browser-60.1.0esr-8.0-1%2b26401#n22

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #26528 [Applications/Tor Browser]: App stores should not be allowed to use UpdateService

[Tor Bug Tracker & Wiki]

#26528: App stores should not be allowed to use UpdateService
--+--
 Reporter:  igt0  |  Owner:  tbb-team
 Type:  task  | Status:  new
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:
 Keywords:  tbb-mobile|  Actual Points:
Parent ID:  #26242| Points:
 Reviewer:|Sponsor:
--+--
Changes (by igt0):

 * Attachment "0001-Bug-26528-Don-t-allow-Fennec-to-use-UpdateService-
 wh.patch" added.


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #26528 [Applications/Tor Browser]: App stores should not be allowed to use UpdateService

[Tor Bug Tracker & Wiki]

#26528: App stores should not be allowed to use UpdateService
--+--
 Reporter:  igt0  |  Owner:  tbb-team
 Type:  task  | Status:  needs_review
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:
 Keywords:  tbb-mobile|  Actual Points:
Parent ID:  #26242| Points:
 Reviewer:|Sponsor:
--+--
Changes (by igt0):

 * status:  new => needs_review


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #26528 [Applications/Tor Browser]: App stores should not be allowed to use UpdateService

[Tor Bug Tracker & Wiki]

#26528: App stores should not be allowed to use UpdateService
--+
 Reporter:  igt0  |  Owner:  tbb-team
 Type:  task  | Status:  new
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal|   Keywords:  tbb-mobile
Actual Points:|  Parent ID:  #26242
   Points:|   Reviewer:
  Sponsor:|
--+
 We should not allow the user to use the UpdateService when the app was
 installed using any app store(google play, f-droid).

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #26494 [Core Tor/Tor]: Resolve containers<->logs circular dependency

[Tor Bug Tracker & Wiki]

#26494: Resolve containers<->logs circular dependency
--+
 Reporter:  nickm |  Owner:  nickm
 Type:  defect| Status:  merge_ready
 Priority:  Medium|  Milestone:  Tor: 0.3.5.x-final
Component:  Core Tor/Tor  |Version:
 Severity:  Normal| Resolution:
 Keywords:  refactoring   |  Actual Points:
Parent ID:  #26481| Points:
 Reviewer:  dgoulet   |Sponsor:  Sponsor3
--+
Changes (by dgoulet):

 * cc: dgoulet (removed)
 * reviewer:   => dgoulet
 * status:  needs_review => merge_ready
 * keywords:   => refactoring


Comment:

 lgtm;

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #26524 [Core Tor/Tor]: Extract network utilities into a new library

[Tor Bug Tracker & Wiki]

#26524: Extract network utilities into a new library
--+
 Reporter:  nickm |  Owner:  nickm
 Type:  defect| Status:  needs_revision
 Priority:  Medium|  Milestone:  Tor: 0.3.5.x-final
Component:  Core Tor/Tor  |Version:
 Severity:  Normal| Resolution:
 Keywords:  refactoring   |  Actual Points:
Parent ID:  #26481| Points:
 Reviewer:  dgoulet   |Sponsor:  Sponsor3-can
--+
Changes (by dgoulet):

 * status:  needs_review => needs_revision
 * keywords:   => refactoring
 * cc: dgoulet (removed)
 * reviewer:   => dgoulet


Comment:

 Left a review. Might be good to merge depending on the decision on the
 comments.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #26500 [Applications/Tor Browser]: tor circuit display's relay icon is in the wrong place for RTL locales

[Tor Bug Tracker & Wiki]

#26500: tor circuit display's relay icon is in the wrong place for RTL locales
--+--
 Reporter:  arthuredelstein   |  Owner:  tbb-team
 Type:  defect| Status:  needs_review
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:
 Keywords:  TorBrowserTeam201806R |  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+--

Comment (by mcs):

 r=mcs
 This looks good to me; I tested an "fa" build of Tor Browser 8.0a9 with
 this patch applied to Torbutton.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #26216 [Applications/Tor Browser]: Fix broken MAR file generation ( `(( count++ ))` breaks now)

[Tor Bug Tracker & Wiki]

#26216: Fix broken MAR file generation ( `(( count++ ))` breaks now)
+--
 Reporter:  gk  |  Owner:  tbb-team
 Type:  defect  | Status:  needs_review
 Priority:  High|  Milestone:
Component:  Applications/Tor Browser|Version:
 Severity:  Normal  | Resolution:
 Keywords:  ff60-esr, TorBrowserTeam201806  |  Actual Points:
Parent ID:  | Points:
 Reviewer:  |Sponsor:
+--
Changes (by sukhbir):

 * status:  needs_revision => needs_review


Comment:

 For review:

 https://github.com/azadi/gecko-dev/tree/bug-26216-rev1

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #26524 [Core Tor/Tor]: Extract network utilities into a new library

[Tor Bug Tracker & Wiki]

#26524: Extract network utilities into a new library
--+
 Reporter:  nickm |  Owner:  nickm
 Type:  defect| Status:  needs_review
 Priority:  Medium|  Milestone:  Tor: 0.3.5.x-final
Component:  Core Tor/Tor  |Version:
 Severity:  Normal| Resolution:
 Keywords:|  Actual Points:
Parent ID:  #26481| Points:
 Reviewer:|Sponsor:  Sponsor3-can
--+
Changes (by nickm):

 * status:  assigned => needs_review


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #26439 [Core Tor/Tor]: Use the "commands" element of AC_CONFIG_FILES to make generated scripts executable

[Tor Bug Tracker & Wiki]

#26439: Use the "commands" element of AC_CONFIG_FILES to make generated scripts
executable
--+
 Reporter:  nickm |  Owner:  nickm
 Type:  defect| Status:  reopened
 Priority:  Medium|  Milestone:  Tor: 0.3.5.x-final
Component:  Core Tor/Tor  |Version:
 Severity:  Normal| Resolution:
 Keywords:  fast-fix  |  Actual Points:
Parent ID:| Points:
 Reviewer:  dgoulet   |Sponsor:
--+
Changes (by nickm):

 * status:  closed => reopened
 * resolution:  implemented =>


Comment:

 Reverted this with 0742b387253f25: it seems to break appveyor, which
 produces lots of messages like:
 {{{
 chmod
 : cannot access 'link_rust.sh': No such file or directory
 chmod
 : cannot access 'contrib/dist/tor.sh': No such file or directory
 chmod
 : cannot access 'contrib/dist/torctl': No such file or directory
 chmod
 : cannot access 'scripts/maint/checkOptionDocs.pl': No such file or
 directory
 chmod
 }}}

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #26527 [Core Tor/Tor]: Remove ATTR_NONNULL

[Tor Bug Tracker & Wiki]

#26527: Remove ATTR_NONNULL
--+
 Reporter:  nickm |  Owner:  (none)
 Type:  defect| Status:  new
 Priority:  Medium|  Milestone:  Tor: 0.3.5.x-final
Component:  Core Tor/Tor  |Version:
 Severity:  Normal|   Keywords:
Actual Points:|  Parent ID:  #26481
   Points:|   Reviewer:
  Sponsor:|
--+
 We define it to be empty everywhere, since it enables optimizations we
 don't want.  We should just remove it.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #26524 [Core Tor/Tor]: Extract network utilities into a new library

[Tor Bug Tracker & Wiki]

#26524: Extract network utilities into a new library
--+
 Reporter:  nickm |  Owner:  nickm
 Type:  defect| Status:  assigned
 Priority:  Medium|  Milestone:  Tor: 0.3.5.x-final
Component:  Core Tor/Tor  |Version:
 Severity:  Normal| Resolution:
 Keywords:|  Actual Points:
Parent ID:  #26481| Points:
 Reviewer:|Sponsor:  Sponsor3-can
--+

Comment (by nickm):

 I opened #26525 and #26526 for the issues I brought up in  comments in
 this branch.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #26526 [Core Tor/Tor]: Split all address.h functions that can invoke the resolver.

[Tor Bug Tracker & Wiki]

#26526: Split all address.h functions that can invoke the resolver.
--+
 Reporter:  nickm |  Owner:  (none)
 Type:  defect| Status:  new
 Priority:  Medium|  Milestone:  Tor: 0.3.5.x-final
Component:  Core Tor/Tor  |Version:
 Severity:  Normal|   Keywords:
Actual Points:|  Parent ID:  #26481
   Points:|   Reviewer:
  Sponsor:|
--+
 These should have consistent names, and either have their own header, or
 share resolve.h.   Having them in the same place as functions that just do
 name parsing is not good practice.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #26525 [Core Tor/Tor]: Rename sandbox_getaddrinfo() functions.

[Tor Bug Tracker & Wiki]

#26525: Rename sandbox_getaddrinfo() functions.
--+
 Reporter:  nickm |  Owner:  (none)
 Type:  defect| Status:  new
 Priority:  Medium|  Milestone:  Tor: 0.3.5.x-final
Component:  Core Tor/Tor  |Version:
 Severity:  Normal|   Keywords:
Actual Points:|  Parent ID:  #26481
   Points:|   Reviewer:
  Sponsor:|
--+
 From my branch for #26524:
 {{{
 +//  rename these.  They are named as though they were sandbox-only,
 +//  but in fact they're the only allowed entry point to getaddrinfo.
 +//  They don't invoke the sandbox code; they only have an internal
 cache.
 }}}

 These functions should be called something like tor_getaddrinfo...(), or
 tor_getaddrinfo_cache...()

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #26524 [Core Tor/Tor]: Extract network utilities into a new library

[Tor Bug Tracker & Wiki]

#26524: Extract network utilities into a new library
--+
 Reporter:  nickm |  Owner:  nickm
 Type:  defect| Status:  assigned
 Priority:  Medium|  Milestone:  Tor: 0.3.5.x-final
Component:  Core Tor/Tor  |Version:
 Severity:  Normal| Resolution:
 Keywords:|  Actual Points:
Parent ID:  #26481| Points:
 Reviewer:|Sponsor:  Sponsor3-can
--+
Changes (by nickm):

 * sponsor:   => Sponsor3-can


Comment:

 https://github.com/torproject/tor/pull/186 is a PR for my `net_refactor`
 branch.  I'll wait to see what CI thinks before I needs_review.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #26524 [Core Tor/Tor]: Extract network utilities into a new library

[Tor Bug Tracker & Wiki]

#26524: Extract network utilities into a new library
--+
 Reporter:  nickm |  Owner:  nickm
 Type:  defect| Status:  assigned
 Priority:  Medium|  Milestone:  Tor: 0.3.5.x-final
Component:  Core Tor/Tor  |Version:
 Severity:  Normal|   Keywords:
Actual Points:|  Parent ID:  #26481
   Points:|   Reviewer:
  Sponsor:|
--+


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #26319 [Applications/Tor Browser]: Don't package up the whole Tor Browser in the `mach package` step

[Tor Bug Tracker & Wiki]

#26319: Don't package up the whole Tor Browser in the `mach package` step
-+-
 Reporter:  gk   |  Owner:  tbb-
 |  team
 Type:  defect   | Status:  closed
 Priority:  High |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:  fixed
 Keywords:  ff60-esr, TorBrowserTeam201806R, |  Actual Points:
  tbb-rbm|
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-
Changes (by gk):

 * status:  needs_review => closed
 * keywords:  ff60-esr, TorBrowserTeam201806, tbb-rbm => ff60-esr,
 TorBrowserTeam201806R, tbb-rbm
 * resolution:   => fixed


Comment:

 Looks good and merged to `master` (commit
 8d1c4c396034b2ab0b7c55982e1900236f5031a6). Could you file a follow-up
 ticket for the remaining NSIS related patch? We should find a proper
 workaround and/or an upstreamable patch and move either of them into `tor-
 browser` to not lose track of it for upstreaming purposes.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #26523 [Core Tor/Tor]: HSPOST command doesn't parse HSADDRESS argument

[Tor Bug Tracker & Wiki]

#26523: HSPOST command doesn't parse HSADDRESS argument
--+
 Reporter:  akwizgran |  Owner:  (none)
 Type:  defect| Status:  needs_review
 Priority:  Medium|  Milestone:  Tor: 0.3.4.x-final
Component:  Core Tor/Tor  |Version:  Tor: 0.3.4.3-alpha
 Severity:  Normal| Resolution:
 Keywords:|  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+
Changes (by teor):

 * status:  new => needs_review
 * milestone:   => Tor: 0.3.4.x-final


Comment:

 Thanks for this patch!

 We should check if we need to backport it.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #26522 [Core Tor/Tor]: strncat() without bounds

[Tor Bug Tracker & Wiki]

#26522: strncat() without bounds
+--
 Reporter:  Dhiraj  |  Owner:  (none)
 Type:  defect  | Status:  new
 Priority:  Medium  |  Milestone:  Tor: unspecified
Component:  Core Tor/Tor|Version:
 Severity:  Major   | Resolution:
 Keywords:  security-low, 035-proposed  |  Actual Points:
Parent ID:  | Points:
 Reviewer:  |Sponsor:
+--
Changes (by teor):

 * keywords:   => security-low, 035-proposed
 * version:  Tor: unspecified =>
 * milestone:   => Tor: unspecified


Comment:

 Marking as "security-low" in 0.3.5, because our use of strncat() is a
 defence in depth mechanism that doesn't provide as much security as it
 should:
 
https://trac.torproject.org/projects/tor/wiki/org/teams/NetworkTeam/SecurityPolicy

 We should review all uses of strncat() to make sure we always pass the
 *remaining*string length.
 (And all uses of strlcat() to make sure we check the return value.)

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #26319 [Applications/Tor Browser]: Don't package up the whole Tor Browser in the `mach package` step

[Tor Bug Tracker & Wiki]

#26319: Don't package up the whole Tor Browser in the `mach package` step
-+-
 Reporter:  gk   |  Owner:  tbb-
 |  team
 Type:  defect   | Status:
 |  needs_review
 Priority:  High |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  ff60-esr, TorBrowserTeam201806,  |  Actual Points:
  tbb-rbm|
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-
Changes (by sukhbir):

 * status:  needs_revision => needs_review


Comment:

 For review:

 https://github.com/azadi/tor-browser-build-1/tree/bug-26319-rev2

 (rebased on master)

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #26523 [Core Tor/Tor]: HSPOST command doesn't parse HSADDRESS argument

[Tor Bug Tracker & Wiki]

#26523: HSPOST command doesn't parse HSADDRESS argument
--+
 Reporter:  akwizgran |  Owner:  (none)
 Type:  defect| Status:  new
 Priority:  Medium|  Milestone:
Component:  Core Tor/Tor  |Version:  Tor: 0.3.4.3-alpha
 Severity:  Normal| Resolution:
 Keywords:|  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+
Changes (by akwizgran):

 * Attachment "hspost.patch" added.

 Patch against tor-0.3.4.3-alpha

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #26523 [Core Tor/Tor]: HSPOST command doesn't parse HSADDRESS argument

[Tor Bug Tracker & Wiki]

#26523: HSPOST command doesn't parse HSADDRESS argument
--+
 Reporter:  akwizgran |  Owner:  (none)
 Type:  defect| Status:  new
 Priority:  Medium|  Milestone:
Component:  Core Tor/Tor  |Version:  Tor: 0.3.4.3-alpha
 Severity:  Normal|   Keywords:
Actual Points:|  Parent ID:
   Points:|   Reviewer:
  Sponsor:|
--+
 The HSPOST command ignores the HSADDRESS argument unless a SERVER argument
 precedes it, and incorrectly parses the argument (the argument name and =
 sign are treated as part of the address).

 The command returns a synchronous 250 OK response for v2 descriptors, but
 not for v3 descriptors.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #23359 [Applications/Tor Browser]: WebExtensions icons are not shown on first start but on restart

[Tor Bug Tracker & Wiki]

#23359: WebExtensions icons are not shown on first start but on restart
--+--
 Reporter:  gk|  Owner:  tbb-team
 Type:  defect| Status:  assigned
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:
 Keywords:  ff60-esr  |  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+--
Changes (by cypherpunks):

 * keywords:   => ff60-esr


Comment:

 Happens on ff60-esr as well.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #26522 [Core Tor/Tor]: strncat() without bounds

[Tor Bug Tracker & Wiki]

#26522: strncat() without bounds
--+--
 Reporter:  Dhiraj|  Owner:  (none)
 Type:  defect| Status:  new
 Priority:  Medium|  Milestone:
Component:  Core Tor/Tor  |Version:  Tor: unspecified
 Severity:  Major |   Keywords:
Actual Points:|  Parent ID:
   Points:|   Reviewer:
  Sponsor:|
--+--
 Hi Team,

 https://github.com/torproject/tor/blob/master/src/lib/err/backtrace.c#L267-L268

 i.e

 strncat(version, " ", sizeof(version)-1);
 strncat(version, tor_version, sizeof(version)-1);


 Easily used incorrectly (e.g., incorrectly computing the correct maximum
 size to add) such as (CWE-120).

 Consider strcat_s, strlcat, snprintf, or automatically resizing strings. I
 feel the risk is high because the length parameter appears to be a
 constant, instead of computing the number of characters left.


 Request team to please have a look and validate.



 Regards
 Dhiraj

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #26454 [Internal Services/Tor Sysadmin Team]: Please create email alias/forwarding and LDAP for Shane

[Tor Bug Tracker & Wiki]

#26454: Please create email alias/forwarding and LDAP for Shane
-+-
 Reporter:  ewyatt   |  Owner:  tpa
 Type:  task | Status:  new
 Priority:  High |  Milestone:
Component:  Internal Services/Tor Sysadmin Team  |Version:
 Severity:  Normal   | Resolution:
 Keywords:   |  Actual Points:
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-

Comment (by arma):

 Looks good to me. Yes please!

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #26515 [Applications/Tor Browser]: Update Tor Browser blog post URLs

[Tor Bug Tracker & Wiki]

#26515: Update Tor Browser blog post URLs
--+--
 Reporter:  boklm |  Owner:  tbb-team
 Type:  task  | Status:  closed
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:  fixed
 Keywords:  TorBrowserTeam201806R |  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+--
Changes (by gk):

 * status:  needs_review => closed
 * resolution:   => fixed


Comment:

 Looks good. Merged to `master` (commit
 7bace2c620e8ba1f31bcf70deee366c383401022).

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #26505 [Applications/Tor Browser]: "Prevent accessibility services from accessing your browser" should = true

[Tor Bug Tracker & Wiki]

#26505: "Prevent accessibility services from accessing your browser" should = 
true
--+--
 Reporter:  Dbryrtfbcbhgf |  Owner:  tbb-team
 Type:  defect| Status:  new
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:
 Keywords:  ff60-esr  |  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+--
Changes (by gk):

 * keywords:   => ff60-esr


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #26504 [Applications/Tor Browser]: When I go to preferences it says the Firefox version number is 60.1.0esr

[Tor Bug Tracker & Wiki]

#26504: When I go to preferences it says the Firefox version number is 60.1.0esr
--+--
 Reporter:  Dbryrtfbcbhgf |  Owner:  tbb-team
 Type:  defect| Status:  new
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:
 Keywords:  ff60-esr  |  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+--
Changes (by gk):

 * keywords:   => ff60-esr


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #26467 [Core Tor/Tor]: Coverity issues for week 25

[Tor Bug Tracker & Wiki]

#26467: Coverity issues for week 25
--+--
 Reporter:  ahf   |  Owner:  (none)
 Type:  defect| Status:  merge_ready
 Priority:  High  |  Milestone:  Tor: unspecified
Component:  Core Tor/Tor  |Version:  Tor: unspecified
 Severity:  Normal| Resolution:
 Keywords:|  Actual Points:
Parent ID:| Points:
 Reviewer:  dgoulet   |Sponsor:
--+--

Comment (by ahf):

 I created #26521 to track that issue.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #26521 [Core Tor/Tor]: Coverity issues for week 25: Coverity thinks some HS tests have memory leaks

[Tor Bug Tracker & Wiki]

#26521: Coverity issues for week 25: Coverity thinks some HS tests have memory
leaks
--+--
 Reporter:  ahf   |  Owner:  (none)
 Type:  defect| Status:  new
 Priority:  Medium|  Milestone:  Tor: unspecified
Component:  Core Tor/Tor  |Version:  Tor: unspecified
 Severity:  Normal|   Keywords:
Actual Points:|  Parent ID:
   Points:|   Reviewer:
  Sponsor:|
--+--
 The `hs_free_all()` function should free the `hs_service_t` instances in
 our tests, but it seems like Coverity doesn't detect this and claims that
 a memory leak might happen.

 Relevant CID's: 1437457, 1437455, 1437452, 1437446, 1437443, 1437435,
 1437432, 1437430, 1437428, and 1437426.

 CID: 1437442 is related to this issue (I think)

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #26501 [Applications/Tor Browser]: All WebExtensions' toolbar icons missing on first launch

[Tor Bug Tracker & Wiki]

#26501: All WebExtensions' toolbar icons missing on first launch
--+---
 Reporter:  rustybird |  Owner:  tbb-team
 Type:  defect| Status:  closed
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:  duplicate
 Keywords:|  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+---
Changes (by gk):

 * status:  new => closed
 * resolution:   => duplicate


Comment:

 Duplicate of #23359.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #23359 [Applications/Tor Browser]: WebExtensions icons are not shown on first start but on restart (was: HTTPS-Everywhere icon is not shown on first start but on restart)

[Tor Bug Tracker & Wiki]

#23359: WebExtensions icons are not shown on first start but on restart
--+--
 Reporter:  gk|  Owner:  tbb-team
 Type:  defect| Status:  assigned
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:
 Keywords:|  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+--
Changes (by gk):

 * cc: rustybird@… (added)


Comment:

 Resolveed #26501 as duplicate.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs