Re: [tor-bugs] #17558 [Applications/Tor Browser]: Sanitize copying to clipboard (was: Copying to clipboard is dangerous [ip leak exploit & arb. code exec])

[Tor Bug Tracker & Wiki]

#17558: Sanitize copying to clipboard
--+--
 Reporter:  cypherpunks   |  Owner:  tbb-team
 Type:  defect| Status:  new
 Priority:  High  |  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Major | Resolution:
 Keywords:|  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+--
Changes (by cypherpunks):

 * keywords:
 exploit, clipboard, arbitrary, code, execution, copy, read, paste,
 user, system, fingerprint, leak, ip, reveal, location
 =>


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #26697 [Applications/Tor Browser]: Add Android toolchain

[Tor Bug Tracker & Wiki]

#26697: Add Android toolchain
-+-
 Reporter:  boklm|  Owner:  tbb-
 |  team
 Type:  task | Status:
 |  needs_revision
 Priority:  High |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tbb-rbm, tbb-mobile, |  Actual Points:
  TorBrowserTeam201810   |
Parent ID:  #26693   | Points:
 Reviewer:   |Sponsor:
-+-

Comment (by sisbell):

 Changes (android-1017)

  * Removed reference to maven-repo archive. This is now handled within
 firefox project

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #27438 [Applications/Tor Browser]: Android Gradle Build Downloads

[Tor Bug Tracker & Wiki]

#27438: Android Gradle Build Downloads
-+-
 Reporter:  sisbell  |  Owner:  tbb-
 |  team
 Type:  defect   | Status:
 |  needs_review
 Priority:  Medium   |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tbb-rbm, tbb-mobile, |  Actual Points:
  TorBrowserTeam201810R  |
Parent ID:  #26693   | Points:
 Reviewer:   |Sponsor:
-+-

Comment (by sisbell):

 Patch applied

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #27443 [Applications/Tor Browser]: Update Firefox RBM config and build for Android

[Tor Bug Tracker & Wiki]

#27443: Update Firefox RBM config and build for Android
-+-
 Reporter:  sisbell  |  Owner:  tbb-
 |  team
 Type:  defect   | Status:
 |  needs_revision
 Priority:  Medium   |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tbb-rbm, tbb-mobile, |  Actual Points:
  TorBrowserTeam201810   |
Parent ID:  #26693   | Points:
 Reviewer:   |Sponsor:
-+-

Comment (by sisbell):

 Changes (android-1017)

  * Applied patch for downloading artifacts through script

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #27750 [Core Tor/Tor]: conn_close_if_marked: Non-fatal assertion !(connection_is_writing(conn))

[Tor Bug Tracker & Wiki]

#27750: conn_close_if_marked: Non-fatal assertion !(connection_is_writing(conn))
--+
 Reporter:  dgoulet   |  Owner:  dgoulet
 Type:  defect| Status:
  |  needs_information
 Priority:  Very High |  Milestone:  Tor:
  |  0.3.5.x-final
Component:  Core Tor/Tor  |Version:  Tor: 0.3.4.8
 Severity:  Normal| Resolution:
 Keywords:  regression, assert, 035-must  |  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+

Comment (by udo):

 Now running 0.3.5.3-alpha.
 We will need a few days to be fairly sure.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #27750 [Core Tor/Tor]: conn_close_if_marked: Non-fatal assertion !(connection_is_writing(conn))

[Tor Bug Tracker & Wiki]

#27750: conn_close_if_marked: Non-fatal assertion !(connection_is_writing(conn))
--+
 Reporter:  dgoulet   |  Owner:  dgoulet
 Type:  defect| Status:
  |  needs_information
 Priority:  Very High |  Milestone:  Tor:
  |  0.3.5.x-final
Component:  Core Tor/Tor  |Version:  Tor: 0.3.4.8
 Severity:  Normal| Resolution:
 Keywords:  regression, assert, 035-must  |  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+

Comment (by udo):

 After 0.3.3.9 I went to 0.3.4.8 which has the issue.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #27750 [Core Tor/Tor]: conn_close_if_marked: Non-fatal assertion !(connection_is_writing(conn))

[Tor Bug Tracker & Wiki]

#27750: conn_close_if_marked: Non-fatal assertion !(connection_is_writing(conn))
--+
 Reporter:  dgoulet   |  Owner:  dgoulet
 Type:  defect| Status:
  |  needs_information
 Priority:  Very High |  Milestone:  Tor:
  |  0.3.5.x-final
Component:  Core Tor/Tor  |Version:  Tor: 0.3.4.8
 Severity:  Normal| Resolution:
 Keywords:  regression, assert, 035-must  |  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+

Comment (by udo):

 tor-0.3.3.9-0.fc28.x86_64 does NOT have this issue.

 While trying to build an rpm for 0.3.5.3.-alpha I try:
 Version:0.3.5.3-%{alphatag}
 but:
 # rpmbuild -bb SPECS/tor.spec
 error: line 23: Illegal char '-' (0x2d) in: Version:0.3.5.3-alpha

 I.e.: one cannot have a dash ('-') there when building rpm.
 but I do need to tell rpm the exact version string as it also expects this
 version in the directory tree in the source tar file.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #27662 [Core Tor/Tor]: refactor networkstatus_parse_vote_from_string()

[Tor Bug Tracker & Wiki]

#27662: refactor networkstatus_parse_vote_from_string()
-+-
 Reporter:  cyberpunks   |  Owner:  (none)
 Type:  defect   | Status:
 |  needs_review
 Priority:  Medium   |  Milestone:  Tor:
 |  0.3.6.x-final
Component:  Core Tor/Tor |Version:
 Severity:  Normal   | Resolution:
 Keywords:  technical-debt, refactor, long-  |  Actual Points:
  functions, cthulhucode |
Parent ID:  #22408   | Points:
 Reviewer:   |Sponsor:
-+-
Changes (by teor):

 * status:  needs_revision => needs_review


Comment:

 This branch can be reviewed, but I wonder if it conflicts with other code
 changes that have already been merged. I guess we'll find out.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #27740 [Core Tor/Tor]: rust protover_all_supported() returns rust-allocated string in *missing_out

[Tor Bug Tracker & Wiki]

#27740: rust protover_all_supported() returns rust-allocated string in 
*missing_out
-+-
 Reporter:  cyberpunks   |  Owner:  ahf
 Type:  defect   | Status:
 |  needs_review
 Priority:  Very High|  Milestone:  Tor:
 |  0.3.5.x-final
Component:  Core Tor/Tor |Version:  Tor:
 |  0.3.3.1-alpha
 Severity:  Normal   | Resolution:
 Keywords:  rust, protover, memory-safety,   |  Actual Points:
  035-must, fast-fix, 033-backport,  |
  034-backport   |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-
Changes (by teor):

 * status:  assigned => needs_review


Comment:

 I think this has a patch, so it needs review?

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #25136 [Core Tor/Tor]: "system clock jump" warnings still persist

[Tor Bug Tracker & Wiki]

#25136: "system clock jump" warnings still persist
-+-
 Reporter:  bundesgebaermutter   |  Owner:  (none)
 Type:  defect   | Status:  closed
 Priority:  Medium   |  Milestone:  Tor:
 |  unspecified
Component:  Core Tor/Tor |Version:  Tor:
 |  0.3.2.9
 Severity:  Normal   | Resolution:  fixed
 Keywords:  clock, jumped, 034-triage-20180328,  |  Actual Points:
  034-removed-20180328   |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-
Changes (by teor):

 * status:  new => closed
 * resolution:   => fixed


Comment:

 We resolved this issue in 0.3.4, possibly by changing how events worked.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #27751 [Core Tor/Tor]: Travis: add CI with --enable-nss

[Tor Bug Tracker & Wiki]

#27751: Travis: add CI with --enable-nss
--+
 Reporter:  teor  |  Owner:  teor
 Type:  enhancement   | Status:  needs_review
 Priority:  High  |  Milestone:  Tor: 0.3.5.x-final
Component:  Core Tor/Tor  |Version:
 Severity:  Normal| Resolution:
 Keywords:  fast-fix, tor-ci  |  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:  Sponsor8-can
--+
Changes (by teor):

 * status:  assigned => needs_review


Comment:

 Sorry that we missed this ticket!
 Someone should review it soon.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #15621 [Core Tor/Tor]: Kill the pre-version 3 intro protocol code with fire.

[Tor Bug Tracker & Wiki]

#15621: Kill the pre-version 3 intro protocol code with fire.
-+-
 Reporter:  yawning  |  Owner:  dgoulet
 Type:  enhancement  | Status:
 |  accepted
 Priority:  Medium   |  Milestone:  Tor:
 |  unspecified
Component:  Core Tor/Tor |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tor-hs technical-debt deprecation|  Actual Points:
  prop224|
Parent ID:  #6418| Points:  1
 Reviewer:  asn  |Sponsor:
 |  SponsorR-must
-+-
Changes (by teor):

 * keywords:  tor-hs technical-debt deprecation => tor-hs technical-debt
 deprecation prop224


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #28113 [Core Tor/Tor]: notify systemd if shutdown will be longer than 30 seconds

[Tor Bug Tracker & Wiki]

#28113: notify systemd if shutdown will be longer than 30 seconds
-+-
 Reporter:  Hello71  |  Owner:  Hello71
 Type:  defect   | Status:
 |  needs_revision
 Priority:  Medium   |  Milestone:  Tor:
 |  0.3.5.x-final
Component:  Core Tor/Tor |Version:  Tor:
 |  0.2.6.2-alpha
 Severity:  Normal   | Resolution:
 Keywords:  tor-systemd, 029-backport-maybe, |  Actual Points:
  033-backport-maybe, 034-backport-maybe, 035|
  -backport-maybe|
Parent ID:   | Points:
 Reviewer:  teor |Sponsor:
-+-
Changes (by teor):

 * status:  needs_review => needs_revision
 * reviewer:   => teor


Comment:

 I reviewed the pull request: a minor refactor and a comment would be
 helpful.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #27948 [Core Tor/Tor]: Backtrace does not work on NetBSD (was: Backtrace does not work)

[Tor Bug Tracker & Wiki]

#27948: Backtrace does not work on NetBSD
-+-
 Reporter:  wiz  |  Owner:  (none)
 Type:  defect   | Status:  new
 Priority:  High |  Milestone:  Tor:
 |  0.3.5.x-final
Component:  Core Tor/Tor |Version:
 Severity:  Normal   | Resolution:
 Keywords:  fast-fix regression 034-backport |  Actual Points:
  netbsd 033-backport 029-backport   |
Parent ID:  #17808   | Points:
 Reviewer:   |Sponsor:
-+-

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #28081 [Core Tor/Tor]: rust protover discards all votes if one is not UTF-8

[Tor Bug Tracker & Wiki]

#28081: rust protover discards all votes if one is not UTF-8
-+-
 Reporter:  cyberpunks   |  Owner:  (none)
 Type:  defect   | Status:  new
 Priority:  Medium   |  Milestone:  Tor:
 |  0.3.5.x-final
Component:  Core Tor/Tor |Version:  Tor:
 |  0.3.3.1-alpha
 Severity:  Normal   | Resolution:
 Keywords:  rust, protover, 033-backport,|  Actual Points:
  034-backport   |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-
Changes (by teor):

 * keywords:  rust, protover => rust, protover, 033-backport, 034-backport


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #27948 [Core Tor/Tor]: Backtrace does not work

[Tor Bug Tracker & Wiki]

#27948: Backtrace does not work
-+-
 Reporter:  wiz  |  Owner:  (none)
 Type:  defect   | Status:  new
 Priority:  High |  Milestone:  Tor:
 |  0.3.5.x-final
Component:  Core Tor/Tor |Version:
 Severity:  Normal   | Resolution:
 Keywords:  fast-fix regression 034-backport |  Actual Points:
  netbsd 033-backport 029-backport   |
Parent ID:  #17808   | Points:
 Reviewer:   |Sponsor:
-+-
Changes (by teor):

 * keywords:  regression 034-backport netbsd 033-backport 029-backport =>
 fast-fix regression 034-backport netbsd 033-backport 029-backport


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #17808 [Core Tor/Tor]: Tor doesn't produce a backtrace on gcc x86_64 on macOS

[Tor Bug Tracker & Wiki]

#17808: Tor doesn't produce a backtrace on gcc x86_64 on macOS
-+-
 Reporter:  teor |  Owner:  (none)
 Type:  defect   | Status:
 |  needs_information
 Priority:  Medium   |  Milestone:  Tor:
 |  unspecified
Component:  Core Tor/Tor |Version:  Tor:
 |  0.2.7.6
 Severity:  Normal   | Resolution:
 Keywords:  tor-client tor-relay backtrace   |  Actual Points:
  needs-analysis |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-

Comment (by teor):

 This issue also affects NetBSD-8.99.25/amd64, see #27948.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #27948 [Core Tor/Tor]: Backtrace does not work (was: tor-0.3.4.8: self test failures on NetBSD)

[Tor Bug Tracker & Wiki]

#27948: Backtrace does not work
-+-
 Reporter:  wiz  |  Owner:  (none)
 Type:  defect   | Status:  new
 Priority:  High |  Milestone:  Tor:
 |  0.3.5.x-final
Component:  Core Tor/Tor |Version:
 Severity:  Normal   | Resolution:
 Keywords:  regression 034-backport netbsd   |  Actual Points:
  033-backport 029-backport  |
Parent ID:  #17808   | Points:
 Reviewer:   |Sponsor:
-+-
Changes (by teor):

 * keywords:  regression 034-backport netbsd => regression 034-backport
 netbsd 033-backport 029-backport
 * status:  needs_information => new
 * parent:   => #17808


Comment:

 In #17808 we treated backtrace failures as expected on FreeBSD. We should
 do the same for NetBSD until we work out how to get a good backtrace on
 NetBSD.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #22233 [Core Tor/Tor]: Reconsider behavior on .z URLs with Accept-Encoding header

[Tor Bug Tracker & Wiki]

#22233: Reconsider behavior on .z URLs  with Accept-Encoding header
-+-
 Reporter:  nickm|  Owner:  ahf
 Type:  defect   | Status:
 |  needs_revision
 Priority:  Medium   |  Milestone:  Tor:
 |  unspecified
Component:  Core Tor/Tor |Version:
 Severity:  Normal   | Resolution:
 Keywords:  034-triage-20180328, |  Actual Points:
  034-removed-20180328   |
Parent ID:   | Points:
 Reviewer:  teor |Sponsor:
 |  Sponsor4
-+-
Changes (by teor):

 * status:  needs_review => needs_revision
 * reviewer:   => teor


Comment:

 Please split your pull request: it contains two different changes that
 might end up in different releases.

 Here's my review for the ".z" part:

 Directory mirrors on 0.3.0 and earlier rely on ".z" to know when to send
 compressed content. And I don't know if we have tested later versions
 without ".z".

 So we can't stop sending ".z" until:
 * we have tested 0.3.1 and later without ".z", and
 * all relays are 0.3.1 or later (0.2.9 is supported until 2020)
 OR
 * we have tested 0.3.1 and later without ".z", and
 * we make 0.3.3 and later declare a new directory protocol version, and
 * we make tor test for the new protocol version (or 0.3.1 or later) before
 removing ".z"

 We could put the second option into 0.3.6 if it's well-tested. The first
 option would have to wait until 2021 (~0.4.0).

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #28100 [Core Tor/Tor]: Tor shouldn't set Content-Type: application/octet-stream when compressing results

[Tor Bug Tracker & Wiki]

#28100: Tor shouldn't set Content-Type: application/octet-stream when 
compressing
results
-+-
 Reporter:  Hello71  |  Owner:  (none)
 Type:  defect   | Status:
 |  needs_revision
 Priority:  Medium   |  Milestone:  Tor:
 |  0.3.5.x-final
Component:  Core Tor/Tor |Version:  Tor:
 |  0.3.1.1-alpha
 Severity:  Normal   | Resolution:
 Keywords:  033-backport-maybe, 034-backport-|  Actual Points:
  maybe, 035-backport-maybe  |
Parent ID:   | Points:
 Reviewer:  teor |Sponsor:
-+-
Changes (by teor):

 * status:  new => needs_revision
 * reviewer:   => teor
 * version:   => Tor: 0.3.1.1-alpha
 * keywords:   => 033-backport-maybe, 034-backport-maybe, 035-backport-maybe
 * milestone:   => Tor: 0.3.5.x-final


Comment:

 This code is in ​https://github.com/torproject/tor/pull/416 , but it needs
 to be split into its own pull request.

 It's a simple bugfix on 0.3.1.1-alpha, so we might want to backport it.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #28113 [Core Tor/Tor]: notify systemd if shutdown will be longer than 30 seconds

[Tor Bug Tracker & Wiki]

#28113: notify systemd if shutdown will be longer than 30 seconds
-+-
 Reporter:  Hello71  |  Owner:  Hello71
 Type:  defect   | Status:
 |  needs_review
 Priority:  Medium   |  Milestone:  Tor:
 |  0.3.5.x-final
Component:  Core Tor/Tor |Version:  Tor:
 |  0.2.6.2-alpha
 Severity:  Normal   | Resolution:
 Keywords:  tor-systemd, 029-backport-maybe, |  Actual Points:
  033-backport-maybe, 034-backport-maybe, 035|
  -backport-maybe|
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-
Changes (by teor):

 * keywords:   =>
 tor-systemd, 029-backport-maybe, 033-backport-maybe, 034-backport-
 maybe, 035-backport-maybe
 * version:  Tor: unspecified => Tor: 0.2.6.2-alpha
 * milestone:   => Tor: 0.3.5.x-final


Comment:

 This has been a bug since we introduced systemd support in 0.2.6.2-alpha
 (or possibly 0.2.6.3-alpha).

 It's a simple patch, so I think we might want to backport it. Tenatively
 assigning it to 0.3.5.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #28076 [Core Tor/sbws]: When sbws has measured less than 60% of relays, write a header with progress

[Tor Bug Tracker & Wiki]

#28076: When sbws has measured less than 60% of relays, write a header with
progress
---+
 Reporter:  teor   |  Owner:  (none)
 Type:  defect | Status:  needs_revision
 Priority:  Medium |  Milestone:  sbws 1.1
Component:  Core Tor/sbws  |Version:
 Severity:  Normal | Resolution:
 Keywords: |  Actual Points:
Parent ID: | Points:
 Reviewer: |Sponsor:
---+
Changes (by teor):

 * status:  needs_review => needs_revision


Comment:

 I reviewed the code on the pull request.
 It looks good, but we need to update the changelog entry.
 I don't think we need the rm-link option, but you can keep it if you want.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #27443 [Applications/Tor Browser]: Update Firefox RBM config and build for Android

[Tor Bug Tracker & Wiki]

#27443: Update Firefox RBM config and build for Android
-+-
 Reporter:  sisbell  |  Owner:  tbb-
 |  team
 Type:  defect   | Status:
 |  needs_revision
 Priority:  Medium   |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tbb-rbm, tbb-mobile, |  Actual Points:
  TorBrowserTeam201810   |
Parent ID:  #26693   | Points:
 Reviewer:   |Sponsor:
-+-

Comment (by sisbell):

 Changes (android-1017)

  * Removed softlink for gcc
  * Removed trailing spaces in mozconfig
  * Removed binutils dependency for android
  * Added specific var/martool rather than using var/platform
  * Added in tor branding property into the mozconfig

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #24419 [Metrics/Onionoo]: Improve getter names for boolean fields

[Tor Bug Tracker & Wiki]

#24419: Improve getter names for boolean fields
-+--
 Reporter:  karsten  |  Owner:  metrics-team
 Type:  enhancement  | Status:  needs_review
 Priority:  Medium   |  Milestone:
Component:  Metrics/Onionoo  |Version:
 Severity:  Normal   | Resolution:
 Keywords:   |  Actual Points:
Parent ID:   | Points:
 Reviewer:  irl  |Sponsor:
-+--

Comment (by efgyirfe784):

 I created child ticket #28114 to update metrics-lib.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #28114 [Metrics/Library]: Improve getter names for boolean fields in metrics-lib

[Tor Bug Tracker & Wiki]

#28114: Improve getter names for boolean fields in metrics-lib
-+--
 Reporter:  efgyirfe784  |  Owner:  metrics-team
 Type:  enhancement  | Status:  new
 Priority:  Medium   |  Milestone:
Component:  Metrics/Library  |Version:
 Severity:  Normal   | Resolution:
 Keywords:   |  Actual Points:
Parent ID:  #24419   | Points:
 Reviewer:   |Sponsor:
-+--
Changes (by efgyirfe784):

 * parent:   => #24419


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #28113 [Core Tor/Tor]: notify systemd if shutdown will be longer than 30 seconds

[Tor Bug Tracker & Wiki]

#28113: notify systemd if shutdown will be longer than 30 seconds
--+--
 Reporter:  Hello71   |  Owner:  Hello71
 Type:  defect| Status:  needs_review
 Priority:  Medium|  Milestone:
Component:  Core Tor/Tor  |Version:  Tor: unspecified
 Severity:  Normal| Resolution:
 Keywords:|  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+--
Changes (by Hello71):

 * status:  assigned => needs_review


Comment:

 https://github.com/torproject/tor/pull/417

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #28114 [Metrics/Library]: Improve getter names for boolean fields in metrics-lib

[Tor Bug Tracker & Wiki]

#28114: Improve getter names for boolean fields in metrics-lib
-+-
 Reporter:  efgyirfe784  |  Owner:  metrics-team
 Type:  enhancement  | Status:  new
 Priority:  Medium   |  Component:  Metrics/Library
  Version:   |   Severity:  Normal
 Keywords:   |  Actual Points:
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-
 This ticket is created from #24419. #24419 notes that not all Onionoo
 methods could be changed to the isXY() pattern for boolean getter methods
 due to interfaces such as org.torproject.descriptor.NetworkStatusEntry.
 This ticket is to update metrics-libs accordingly. From #24419:


 >1. I did not change
 src/test/org/torproject/metrics/onionoo/updater/DummyStatusEntry's
 "getUnmeasured()" to "isUnmeasured()" because the interface
 org.torproject.descriptor.NetworkStatusEntry requires it, and I figured
 org.torproject.descriptor is outside the scope of this ticket.

 >>Agreed. We'd first have to change metrics-lib interfaces, put out a new
 major metrics-lib release, and then update the tests in Onionoo. Worth
 doing, though we would ideally combine this with other changes that
 require a major metrics-lib version bump.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #28113 [Core Tor/Tor]: notify systemd if shutdown will be longer than 30 seconds

[Tor Bug Tracker & Wiki]

#28113: notify systemd if shutdown will be longer than 30 seconds
--+--
 Reporter:  Hello71   |  Owner:  Hello71
 Type:  defect| Status:  assigned
 Priority:  Medium|  Component:  Core Tor/Tor
  Version:  Tor: unspecified  |   Severity:  Normal
 Keywords:|  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+--
 currently systemd just kills tor if the user sets ShutdownWaitLength more
 than 30 seconds. we should tell systemd not to kill tor.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #28068 [Applications/Tor Browser]: Tor not reopening on USB

[Tor Bug Tracker & Wiki]

#28068: Tor not reopening on USB
--+---
 Reporter:  mackey|  Owner:  tbb-team
 Type:  defect| Status:  needs_information
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:
 Keywords:|  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+---

Comment (by mackey):

 Tor browser 7.5.6 works fine. Thew new version 8 does not.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #27441 [Applications/Tor Browser]: Update Debian Image to use Stretch

[Tor Bug Tracker & Wiki]

#27441: Update Debian Image to use Stretch
-+-
 Reporter:  sisbell  |  Owner:  tbb-
 |  team
 Type:  task | Status:
 |  needs_revision
 Priority:  High |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tbb-rbm, tbb-mobile, |  Actual Points:
  TorBrowserTeam201810   |
Parent ID:  #26693   | Points:
 Reviewer:   |Sponsor:
-+-

Comment (by sisbell):

 Fixed

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #27438 [Applications/Tor Browser]: Android Gradle Build Downloads

[Tor Bug Tracker & Wiki]

#27438: Android Gradle Build Downloads
-+-
 Reporter:  sisbell  |  Owner:  tbb-
 |  team
 Type:  defect   | Status:
 |  needs_review
 Priority:  Medium   |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tbb-rbm, tbb-mobile, |  Actual Points:
  TorBrowserTeam201810R  |
Parent ID:  #26693   | Points:
 Reviewer:   |Sponsor:
-+-

Comment (by sisbell):

 Replying to [comment:18 boklm]:

 > Replying to [comment:17 sisbell]:
 >
 >
 > > > > Its a little more complicated but not by much. Basically, it
 checks extensions to see if it has gpg signature for an artifact and if so
 then verifies it with a key from key server. If there is no gpg sig, then
 it looks for a sha2 file and verifies that. If there is no sha2, then it
 just generates one and flags it. (it could go on to check sha1, md5 but I
 didn't implement that). I'm ok either way with script or artc. Would that
 require different scripts for each platform we build on?
 > > > >
 > > > >
 >
 > If I understand correctly the sources of artc, a signature made by any
 key that is available on pgp.mit.edu will be accepted, so that does not
 seem very useful as anybody can generate a key and upload it there. A sha
 file that is hosted on the same server as the file we download is also not
 very useful as someone able to modify the file on the server will probably
 also be able to modify the sha file too.
 >
 > In branch `bug_27438` I added a script, in an `input_files`, that is
 downloading all the URLs from `gradle-dependencies-list.txt`, check that
 the files are matching the expected sha256sums, and move them to the same
 directory as in their URL:
 > https://gitweb.torproject.org/user/boklm/tor-browser-
 build.git/commit/?h=bug_27438=ba47a5262a31039ef519b0655cbfe221dcb71b8b
 >
 > After running this I'm getting the same content as `maven-
 repo-1.0.tar.gz`. If that looks good to you, you can add the patch to your
 branch.
 >> Looks good. I'll apply the patch shortly

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #26697 [Applications/Tor Browser]: Add Android toolchain

[Tor Bug Tracker & Wiki]

#26697: Add Android toolchain
-+-
 Reporter:  boklm|  Owner:  tbb-
 |  team
 Type:  task | Status:
 |  needs_revision
 Priority:  High |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tbb-rbm, tbb-mobile, |  Actual Points:
  TorBrowserTeam201810   |
Parent ID:  #26693   | Points:
 Reviewer:   |Sponsor:
-+-

Comment (by sisbell):

 Changes (android-1017)

  * Removed README.ANDROID since it looks like we are going with a
 different approach
  * Switched to Android platform-26 to align with latest changes in tor-
 browser

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #28099 [Core Tor/sbws]: Make a policy for adding new sbws relay keys

[Tor Bug Tracker & Wiki]

#28099: Make a policy for adding new sbws relay keys
---+-
 Reporter:  teor   |  Owner:  (none)
 Type:  task   | Status:  new
 Priority:  Medium |  Milestone:  sbws 1.0 (MVP nice)
Component:  Core Tor/sbws  |Version:
 Severity:  Normal | Resolution:
 Keywords: |  Actual Points:
Parent ID: | Points:
 Reviewer: |Sponsor:
---+-

Comment (by teor):

 Replying to [comment:1 juga]:
 > Replying to [ticket:28099 teor]:
 > > There are some keys in the spec and the code that are not being used
 by anyone.
 >
 > It is what i meant.
 > Also, maybe i used wrong the word policy, and i meant any key/value in
 the bandwidth-file-spec, not only in sbws, and not only for the relays,
 also for the header
 >
 > >
 > > > For instance, do we have tickets of cases where these key/values
 were needed/requested?.
 > >
 > > When we find this information, we should update the spec so it tells
 us why we need each value.
 >
 > Header key example not being used so far: `earliest_bandwidth`. with it
 we know from which time in the past we considered results in the current
 bandwidth file.
 > But in which cases we might need to look at that?, when a relay had a
 very different bandwidth 11 days ago and the file `earliest_bandwidth` is
 10 days ago?.
 > There was any case in the past (ticket, metrics, irc, ...) where having
 that information would have helped?.
 > Maybe we don't need a justification for all key/values, but i think
 having it will also help to understand why it would be useful to archive
 the file and how it can helps to understand the metrics or problems.

 earliest_bandwidth is Timestamp formatted as a human-readable date.
 Timestamp is used by Tor to work out when a bandwidth file is too old to
 use to vote.

 > A relay key example is `rtt`. I used it once and generated a graph with
 the bandwidths. With that i could check that all relays' bandwidth were
 slightly faster but the shape of the graph was not changing.
 > We are not using it anymore, and the code to obtain it seems to slow
 down a lot `sbws`. If we keep it, do we know for what we might want to use
 it?.

 I think we should disable rtt by default. rtt is useful for debugging, so
 we should allow operators to turn it on, with a warning that it slows down
 sbws.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #27690 [Core Tor/Tor]: Update bandwidth-file-spec with scaling methods

[Tor Bug Tracker & Wiki]

#27690: Update bandwidth-file-spec with scaling methods
--+-
 Reporter:  juga  |  Owner:  (none)
 Type:  defect| Status:  new
 Priority:  Medium|  Milestone:  sbws 1.0 (MVP must)
Component:  Core Tor/Tor  |Version:
 Severity:  Normal| Resolution:
 Keywords:  tor-spec, tor-bwauth  |  Actual Points:
Parent ID:  #27107| Points:
 Reviewer:|Sponsor:
--+-

Comment (by teor):

 Replying to [comment:3 juga]:
 > Replying to [comment:2 teor]:
 > > Replying to [comment:1 juga]:
 > > > Maybe we should not include any scaling method, and instead create a
 bandwidth scaling specification when we come out with an algorithm that is
 tested enough we are happy with.
 > >
 > > We should delete the parts of the spec that we aren't going to
 implement soon.
 > >
 > > > Otherwise, should we include/repeat Torflow scaling in this spec?
 > >
 > > Yes, because eventually we will delete the torflow repository and
 spec.

 Actually, that's not true - we will archive the repository in the "attic"
 directory.

 > > Also, torflow's scaling spec is hard to find, and it is buried in a
 whole lot of other specs for code that is not used.
 >
 > Ok, i'll include Torflow scaling in the bandwidth-file-spec.
 > If torflow repo and spec will be removed, we will lose the parts of
 torflow that are not about scaling.
 > By the time that would happen, maybe we should have an spec about how
 the measurements are done *and* the scaling, both for torflow and sbws.

 We won't archive the torflow repository until we have stopped using
 torflow.
 When we've stopped using torflow, we won't need a spec for how it works.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #28062 [Core Tor/sbws]: Publish bandwidth files only when they contain only the 60% of relays

[Tor Bug Tracker & Wiki]

#28062: Publish bandwidth files only when they contain only the 60% of relays
---+-
 Reporter:  juga   |  Owner:  juga
 Type:  defect | Status:  needs_review
 Priority:  Medium |  Milestone:  sbws 1.0 (MVP nice)
Component:  Core Tor/sbws  |Version:
 Severity:  Normal | Resolution:
 Keywords: |  Actual Points:
Parent ID:  #28042 | Points:
 Reviewer: |Sponsor:
---+-

Comment (by juga):

 s/removed/closed/

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #28062 [Core Tor/sbws]: Publish bandwidth files only when they contain only the 60% of relays

[Tor Bug Tracker & Wiki]

#28062: Publish bandwidth files only when they contain only the 60% of relays
---+-
 Reporter:  juga   |  Owner:  juga
 Type:  defect | Status:  needs_review
 Priority:  Medium |  Milestone:  sbws 1.0 (MVP nice)
Component:  Core Tor/sbws  |Version:
 Severity:  Normal | Resolution:
 Keywords: |  Actual Points:
Parent ID:  #28042 | Points:
 Reviewer: |Sponsor:
---+-
Changes (by juga):

 * status:  needs_revision => needs_review


Comment:

 I implemented #28076 based on the PR here. If #28076 is accepted, this can
 be removed

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #28076 [Core Tor/sbws]: When sbws has measured less than 60% of relays, write a header with progress

[Tor Bug Tracker & Wiki]

#28076: When sbws has measured less than 60% of relays, write a header with
progress
---+--
 Reporter:  teor   |  Owner:  (none)
 Type:  defect | Status:  needs_review
 Priority:  Medium |  Milestone:  sbws 1.1
Component:  Core Tor/sbws  |Version:
 Severity:  Normal | Resolution:
 Keywords: |  Actual Points:
Parent ID: | Points:
 Reviewer: |Sponsor:
---+--
Changes (by juga):

 * status:  new => needs_review


Comment:

 https://github.com/torproject/sbws/pull/277, includes #28062 + cli
 argument + what explained here

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #27103 [Core Tor/Tor]: report initial OR_CONN as the earliest boostrap phases

[Tor Bug Tracker & Wiki]

#27103: report initial OR_CONN as the earliest boostrap phases
-+-
 Reporter:  catalyst |  Owner:
 |  catalyst
 Type:  defect   | Status:
 |  assigned
 Priority:  Medium   |  Milestone:  Tor:
 |  0.3.6.x-final
Component:  Core Tor/Tor |Version:
 Severity:  Normal   | Resolution:
 Keywords:  usability, ux, ux-team, bootstrap,   |  Actual Points:
  035-roadmap-subtask, 035-triaged-in-20180711,  |
  s8-bootstrap, s8-errors|
Parent ID:  #28018   | Points:
 Reviewer:   |Sponsor:
 |  Sponsor8
-+-
Changes (by catalyst):

 * keywords:
 usability, ux, ux-team, bootstrap, 035-roadmap-subtask, 035-triaged-
 in-20180711, s8-bootstrap
 =>
 usability, ux, ux-team, bootstrap, 035-roadmap-subtask, 035-triaged-
 in-20180711, s8-bootstrap, s8-errors


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #27895 [Internal Services/Service - git]: Add push access to alexishan

[Tor Bug Tracker & Wiki]

#27895: Add push access to alexishan
-+-
 Reporter:  legind   |  Owner:  tor-gitadm
 Type:  task | Status:
 |  needs_information
 Priority:  Medium   |  Milestone:
Component:  Internal Services/Service - git  |Version:
 Severity:  Normal   | Resolution:
 Keywords:   |  Actual Points:
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-

Comment (by legind):

 Ref: #28112

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #27167 [Core Tor/Tor]: track "first" OR_CONN

[Tor Bug Tracker & Wiki]

#27167: track "first" OR_CONN
-+-
 Reporter:  catalyst |  Owner:  (none)
 Type:  task | Status:  new
 Priority:  Medium   |  Milestone:  Tor:
 |  0.3.6.x-final
Component:  Core Tor/Tor |Version:
 Severity:  Normal   | Resolution:
 Keywords:  usability, ux, ux-team, bootstrap,   |  Actual Points:
  035-roadmap-subtask, 035-triaged-in-20180711,  |
  s8-bootstrap, 035-deferred-20180930,   |
  s8-errors  |
Parent ID:  #27103   | Points:
 Reviewer:   |Sponsor:
 |  Sponsor8
-+-
Changes (by catalyst):

 * keywords:
 usability, ux, ux-team, bootstrap, 035-roadmap-subtask, 035-triaged-
 in-20180711, s8-bootstrap, 035-deferred-20180930
 =>
 usability, ux, ux-team, bootstrap, 035-roadmap-subtask, 035-triaged-
 in-20180711, s8-bootstrap, 035-deferred-20180930, s8-errors
 * sponsor:   => Sponsor8


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #24967 [Core Tor/Torsocks]: torsocks fails to check SIP if the path itself is a symlink

[Tor Bug Tracker & Wiki]

#24967: torsocks fails to check SIP if the path itself is a symlink
---+---
 Reporter:  Hello71|  Owner:  Hello71
 Type:  defect | Status:  needs_information
 Priority:  Medium |  Milestone:
Component:  Core Tor/Torsocks  |Version:
 Severity:  Major  | Resolution:
 Keywords: |  Actual Points:
Parent ID: | Points:
 Reviewer: |Sponsor:
---+---
Changes (by Hello71):

 * status:  needs_revision => needs_information


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #22233 [Core Tor/Tor]: Reconsider behavior on .z URLs with Accept-Encoding header

[Tor Bug Tracker & Wiki]

#22233: Reconsider behavior on .z URLs  with Accept-Encoding header
-+-
 Reporter:  nickm|  Owner:  ahf
 Type:  defect   | Status:
 |  needs_review
 Priority:  Medium   |  Milestone:  Tor:
 |  unspecified
Component:  Core Tor/Tor |Version:
 Severity:  Normal   | Resolution:
 Keywords:  034-triage-20180328, |  Actual Points:
  034-removed-20180328   |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
 |  Sponsor4
-+-
Changes (by Hello71):

 * status:  assigned => needs_review


Comment:

 In fact, I would argue for an implementation that simply doesn't send or
 accept ".z". An optimal implementation would support ".z", ".lzma",
 ".zstd", and whatever, but there's no need to. This interface is intended
 for programmatic clients only; any human access is for debugging purposes
 only.

 https://github.com/torproject/tor/pull/416

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #28112 [Internal Services/Tor Sysadmin Team]: New LDAP account for Alexis Hancock

[Tor Bug Tracker & Wiki]

#28112: New LDAP account for Alexis Hancock
-+-
 Reporter:  legind   |  Owner:  tpa
 Type:  defect   | Status:  new
 Priority:  Medium   |  Milestone:
Component:  Internal Services/Tor Sysadmin Team  |Version:
 Severity:  Normal   |   Keywords:
Actual Points:   |  Parent ID:
   Points:   |   Reviewer:
  Sponsor:   |
-+-
 {{{
 -BEGIN PGP SIGNED MESSAGE-
 Hash: SHA256

 Please create an LDAP account for Alexis.  She will be maintaining HTTPS
 Everywhere.  This is related to
 https://trac.torproject.org/projects/tor/ticket/27895

 Name: Alexis Hancock
 Fwding Email: ale...@eff.org
 OpenPGP Fingerprint: CE340E9D077F1DC0F4FA7B030D16CFA2BA1F7420
 Desired Username: alexishan

 Thank you,
 Bill
 -BEGIN PGP SIGNATURE-

 iQIyBAEBCAAdFiEEEHPnTrOL1tGUdsv46p2/n7dhpncFAlvEwekACgkQ6p2/n7dh
 pndB0A/2IUpkSjls4y3BOq+6/qifs4A3d+sUi8v6mU3D+B4ndwyayDFrOo9s537G
 m5Vxsb3+9BE6TOFba/mvrWQ2DKk6uJ7Da0bclbFLFdACWS2xDMjgYmck4aQbMx6Y
 H5/pY8lxUTdgQOzog4k/2ScyzWEyTmExiJ/E7QPo4bTMiY8oSsNMBh04XugWxW2W
 QyiH499u9fFsq5P+BiFVyxHiT3GNvxdbYmOwDkCJOeovNX0N2HQ2J7SpZmX+0PRg
 2uNtPoEcKCE7W3mqsHLjFaXzoKwptELecDO6sL64JvR8i+u51FPIgFjMG5dKNCFj
 aKK6dSe6o1Ab/+/0xEYqFdtWetjSFKNOfPQsHsAC5g3anyO7Hj71O2Vl1tBUo7Db
 p3EDnC6q5wcmvhB1SUmGLRLrDCL7CHNl8Jwnq2GRhbXh823LWeotYE0lO4/udC3b
 Tzry3yFwGBEpmoxsiynQB/+IP548TJt+MSSCvgArCaINPYLrez0am2lrb+MR6iJ8
 mMLu9HfsOYa0U4Nb6gWHdgJZVu7+F65kCNwQApMx9PUYiU8MkFTlsoyjG6fY7Fww
 aNuVsfOreCIj84sBL2sLSXnmEGsG90NpMBblGOjtdwDxTKcwSDxbvWAW2IHWlgGj
 MKGIv8inrqTjzqt4F8qPSKbrt9/ON896EnBamsDbj1CUcJInmw==
 =fF+Z
 -END PGP SIGNATURE-
 }}}

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #28084 [Core Tor]: Proposed "Best Practices" for running Tor public network services

[Tor Bug Tracker & Wiki]

#28084: Proposed "Best Practices" for running Tor public network services
-+
 Reporter:  gman999  |  Owner:  (none)
 Type:  enhancement  | Status:  new
 Priority:  Medium   |  Milestone:
Component:  Core Tor |Version:
 Severity:  Normal   | Resolution:
 Keywords:   |  Actual Points:
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+
Changes (by phoul):

 * cc: phoul (added)


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #28111 [Applications/Tor Browser]: For about:tor, use a Tor Browser icon in identity box

[Tor Bug Tracker & Wiki]

#28111: For about:tor, use a Tor Browser icon in identity box
--+--
 Reporter:  arthuredelstein   |  Owner:  tbb-team
 Type:  defect| Status:  new
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:
 Keywords:  ux-team, tbb-branding |  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+--

Comment (by arthuredelstein):

 As suggested by mcs, I tried replacing the Firefox icon with our Tor
 Browser icon. (When we implement a new Tor Browser icon, we can replace
 this again.)

 Here's my patch: https://github.com/arthuredelstein/tor-
 browser/commit/28111

 Here are screenshots:

 [[Image(identity_box_default_theme.png)]]
 [[Image(identity_box_dark_theme.png)]]
 [[Image(identity_box_default_theme_doorhanger.png)]]

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #28111 [Applications/Tor Browser]: For about:tor, use a Tor Browser icon in identity box

[Tor Bug Tracker & Wiki]

#28111: For about:tor, use a Tor Browser icon in identity box
--+--
 Reporter:  arthuredelstein   |  Owner:  tbb-team
 Type:  defect| Status:  new
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:
 Keywords:  ux-team, tbb-branding |  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+--
Changes (by arthuredelstein):

 * Attachment "identity_box_default_theme_doorhanger.png" added.


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #28111 [Applications/Tor Browser]: For about:tor, use a Tor Browser icon in identity box

[Tor Bug Tracker & Wiki]

#28111: For about:tor, use a Tor Browser icon in identity box
--+--
 Reporter:  arthuredelstein   |  Owner:  tbb-team
 Type:  defect| Status:  new
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:
 Keywords:  ux-team, tbb-branding |  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+--
Changes (by arthuredelstein):

 * Attachment "identity_box_default_theme.png" added.


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #28111 [Applications/Tor Browser]: For about:tor, use a Tor Browser icon in identity box

[Tor Bug Tracker & Wiki]

#28111: For about:tor, use a Tor Browser icon in identity box
--+--
 Reporter:  arthuredelstein   |  Owner:  tbb-team
 Type:  defect| Status:  new
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:
 Keywords:  ux-team, tbb-branding |  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+--
Changes (by arthuredelstein):

 * Attachment "identity_box_dark_theme.png" added.


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #27200 [Applications/Tor Browser]: about:tor favicon should be the tb icon

[Tor Bug Tracker & Wiki]

#27200: about:tor favicon should be the tb icon
--+---
 Reporter:  ProTipGuyFWIWWeLoveARMA   |  Owner:  tbb-team
 Type:  enhancement   | Status:  needs_information
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:
 Keywords:  ux-team   |  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+---

Comment (by arthuredelstein):

 Replying to [comment:9 mcs]:

 > That seems OK, although I would argue that it would be better to have an
 icon there for consistency with Firefox (which some users may be familiar
 with).

 Good point.

 > BUT — the URL bar icon is not the subject of this ticket (and I think we
 have a ticket for the URL bar issue somewhere). This ticket is about the
 favicon which is displayed on the tab. Open about:support to see an
 example (and yes, about:support also has the wrong icon in the URL bar).

 Oops. I opened #28111 for the identity box issue.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #28111 [Applications/Tor Browser]: For about:tor, use a Tor Browser icon in identity box

[Tor Bug Tracker & Wiki]

#28111: For about:tor, use a Tor Browser icon in identity box
--+
 Reporter:  arthuredelstein   |  Owner:  tbb-team
 Type:  defect| Status:  new
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal|   Keywords:  ux-team, tbb-
  |  branding
Actual Points:|  Parent ID:
   Points:|   Reviewer:
  Sponsor:|
--+
 Right now, the Firefox icon is displayed in the identity box. We should
 fix this. Antonela proposed the following design:
 https://trac.torproject.org/projects/tor/attachment/ticket/27200/27200.png

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #28063 [Internal Services/Tor Sysadmin Team]: Please make ldap account for Pili

[Tor Bug Tracker & Wiki]

#28063: Please make ldap account for Pili
-+-
 Reporter:  arma |  Owner:  tpa
 Type:  enhancement  | Status:  closed
 Priority:  Medium   |  Milestone:
Component:  Internal Services/Tor Sysadmin Team  |Version:
 Severity:  Normal   | Resolution:
 |  implemented
 Keywords:   |  Actual Points:
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-
Changes (by arma):

 * status:  new => closed
 * resolution:   => implemented


Comment:

 Should be all set now. Please bug us if something isn't working.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #27808 [Core Tor/Tor]: tor 0.3.5.early-alpha: Raw assertion failed at smartlist_core.c::191191 : idx>=0

[Tor Bug Tracker & Wiki]

#27808: tor 0.3.5.early-alpha: Raw assertion failed at smartlist_core.c::191191 
:
idx>=0
-+
 Reporter:  jchevali |  Owner:  rl1987
 Type:  defect   | Status:  closed
 Priority:  Very High|  Milestone:  Tor: 0.3.5.x-final
Component:  Core Tor/Tor |Version:  Tor: 0.3.5.1-alpha
 Severity:  Normal   | Resolution:  fixed
 Keywords:  regression 035-must  |  Actual Points:
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+
Changes (by jchevali):

 * status:  reopened => closed
 * resolution:   => fixed


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #27808 [Core Tor/Tor]: tor 0.3.5.early-alpha: Raw assertion failed at smartlist_core.c::191191 : idx>=0

[Tor Bug Tracker & Wiki]

#27808: tor 0.3.5.early-alpha: Raw assertion failed at smartlist_core.c::191191 
:
idx>=0
-+
 Reporter:  jchevali |  Owner:  rl1987
 Type:  defect   | Status:  reopened
 Priority:  Very High|  Milestone:  Tor: 0.3.5.x-final
Component:  Core Tor/Tor |Version:  Tor: 0.3.5.1-alpha
 Severity:  Normal   | Resolution:
 Keywords:  regression 035-must  |  Actual Points:
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+

Comment (by jchevali):

 I've retested at tag tor-0.3.5.3-alpha after merge of PR-404 and it's a
 pass. Thank you.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #26040 [Core Tor/Tor]: Improve getrandom handling

[Tor Bug Tracker & Wiki]

#26040: Improve getrandom handling
-+-
 Reporter:  Hello71  |  Owner:  Hello71
 Type:  enhancement  | Status:  closed
 Priority:  Medium   |  Milestone:  Tor:
 |  unspecified
Component:  Core Tor/Tor |Version:
 Severity:  Normal   | Resolution:
 Keywords:  034-deferred-20180602,   |  worksforme
  035-removed-20180711   |  Actual Points:
Parent ID:   | Points:
 Reviewer:  catalyst |Sponsor:
-+-
Changes (by Hello71):

 * status:  needs_revision => closed
 * resolution:   => worksforme


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #27438 [Applications/Tor Browser]: Android Gradle Build Downloads

[Tor Bug Tracker & Wiki]

#27438: Android Gradle Build Downloads
-+-
 Reporter:  sisbell  |  Owner:  tbb-
 |  team
 Type:  defect   | Status:
 |  needs_review
 Priority:  Medium   |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tbb-rbm, tbb-mobile, |  Actual Points:
  TorBrowserTeam201810R  |
Parent ID:  #26693   | Points:
 Reviewer:   |Sponsor:
-+-
Changes (by boklm):

 * keywords:  tbb-rbm, tbb-mobile, TorBrowserTeam201810 => tbb-rbm, tbb-
 mobile, TorBrowserTeam201810R
 * status:  needs_revision => needs_review


Comment:

 Replying to [comment:17 sisbell]:
 > >> Its a little more complicated but not by much. Basically, it checks
 extensions to see if it has gpg signature for an artifact and if so then
 verifies it with a key from key server. If there is no gpg sig, then it
 looks for a sha2 file and verifies that. If there is no sha2, then it just
 generates one and flags it. (it could go on to check sha1, md5 but I
 didn't implement that). I'm ok either way with script or artc. Would that
 require different scripts for each platform we build on?

 If I understand correctly the sources of artc, a signature made by any key
 that is available on pgp.mit.edu will be accepted, so that does not seem
 very useful as anybody can generate a key and upload it there. A sha file
 that is hosted on the same server as the file we download is also not very
 useful as someone able to modify the file on the server will probably also
 be able to modify the sha file too.

 In branch `bug_27438` I added a script, in an `input_files`, that is
 downloading all the URLs from `gradle-dependencies-list.txt`, check that
 the files are matching the expected sha256sums, and move them to the same
 directory as in their URL:
 https://gitweb.torproject.org/user/boklm/tor-browser-
 build.git/commit/?h=bug_27438=ba47a5262a31039ef519b0655cbfe221dcb71b8b

 After running this I'm getting the same content as `maven-
 repo-1.0.tar.gz`. If that looks good to you, you can add the patch to your
 branch.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #28110 [Webpages/Website]: testi ticket

[Tor Bug Tracker & Wiki]

#28110: testi ticket
--+---
 Reporter:  bekeela   |  Owner:  hiro
 Type:  defect| Status:  closed
 Priority:  Medium|  Milestone:
Component:  Webpages/Website  |Version:
 Severity:  Normal| Resolution:  not a bug
 Keywords:|  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+---
Changes (by phoul):

 * status:  new => closed
 * resolution:   => not a bug


Comment:

 Closing the test ticket, this was for a training session.

 Sorry for any noise.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #28110 [Webpages/Website]: testi ticket

[Tor Bug Tracker & Wiki]

#28110: testi ticket
--+--
 Reporter:  bekeela   |  Owner:  hiro
 Type:  defect| Status:  new
 Priority:  Medium|  Milestone:
Component:  Webpages/Website  |Version:
 Severity:  Normal| Resolution:
 Keywords:|  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+--

Comment (by phoul):

 Test comment

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #26975 [Applications/Tor Browser]: Add Mobile Branding for Tor Browser

[Tor Bug Tracker & Wiki]

#26975: Add Mobile Branding for Tor Browser
--+--
 Reporter:  sisbell   |  Owner:  tbb-team
 Type:  defect| Status:  closed
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:  fixed
 Keywords:|  Actual Points:
Parent ID:  #26693| Points:
 Reviewer:|Sponsor:
--+--
Changes (by sisbell):

 * status:  new => closed
 * resolution:   => fixed


Comment:

 This problem does not appear after updating to the latest code.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #27938 [Core Tor/Nyx]: SQLite permission error writing to cache

[Tor Bug Tracker & Wiki]

#27938: SQLite permission error writing to cache
--+
 Reporter:  atagar|  Owner:  atagar
 Type:  defect| Status:  closed
 Priority:  High  |  Milestone:
Component:  Core Tor/Nyx  |Version:
 Severity:  Normal| Resolution:  fixed
 Keywords:|  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+
Changes (by atagar):

 * status:  new => closed
 * resolution:   => fixed


Comment:

 There we go. Fix pushed...

 https://gitweb.torproject.org/nyx.git/commit/?id=f72a452

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #28108 [Applications/Tor Browser]: backport 1479540

[Tor Bug Tracker & Wiki]

#28108: backport 1479540
--+
 Reporter:  arthuredelstein   |  Owner:  tbb-team
 Type:  defect| Status:  closed
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:  worksforme
 Keywords:  TorBrowserTeam201810R |  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+
Changes (by arthuredelstein):

 * status:  needs_review => closed
 * resolution:   => worksforme


Comment:

 Turns out the patch has already been rebased to ESR60 and will available
 in the next ESR release. So we don't need to do anything here.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #28104 [Applications/Tor Browser]: Backport Android security fixes for Tor Browser for Android 1.0a3

[Tor Bug Tracker & Wiki]

#28104: Backport Android security fixes for Tor Browser for Android 1.0a3
-+-
 Reporter:  gk   |  Owner:  tbb-
 |  team
 Type:  enhancement  | Status:  closed
 Priority:  Very High|  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:  fixed
 Keywords:  TorBrowserTeam201810R,   |  Actual Points:
  GeorgKoppen201810  |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-
Changes (by gk):

 * status:  needs_review => closed
 * resolution:   => fixed


Comment:

 Thanks! Merged to `tor-browser-60.2.1esr-8.5-1` (commits
 1e7ee8ad5a57315bda89fb5b1f7fba49e63ccce4,
 ce5aede0dc562dab1636baac96e82c955cffad0b,
 9ec06f1b4bb17e562e10cb7d39e1af8370522538,
 c04236287b17b1e8a3ca2a30344d2fe718cae788,
 c72b56ea4eb7dcbb73d1fce9b9ac066abbe5bd53,
 34242a922172ddfcee8e089949e9972f4c0a882f,
 4744f30185f1e76fd8243bdc07e2c5dac6dd2302, and
 1387995d6a8764a730deac5a6d50a1f2ffa3ca0e.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #26081 [Metrics/Analysis]: Unusual increase in unique .onion v2 services

[Tor Bug Tracker & Wiki]

#26081: Unusual increase in unique .onion v2 services
--+--
 Reporter:  computerfreak |  Owner:  metrics-team
 Type:  defect| Status:  closed
 Priority:  Medium|  Milestone:
Component:  Metrics/Analysis  |Version:
 Severity:  Normal| Resolution:  fixed
 Keywords:|  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+--
Changes (by karsten):

 * status:  new => closed
 * resolution:   => fixed


Comment:

 Unfortunately, this is not something we can find out.

 The onion service directories reported higher numbers of unique onion
 service addresses in their statistics than on the days before. We cannot
 say who published these onion service descriptors, or how these additional
 50,000 unique addresses were related.

 What we can do is look into possible issues on the statistics evaluation
 side. I just looked at the underlying aggregated data, and I cannot find
 anything unusual. I think the number really went up from around 70,000 to
 around 120,000.

 If I had to guess, I'd say that these additional addresses are caused by
 an application that uses lots of onion services for its operation. It
 could be that a new application was announced on these days or that an
 existing application was somehow made more widely known. I doubt that
 these services are created by a small number of users. But in the end this
 is just guessing.

 Closing, because there's nothing we can do here.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #28110 [Webpages/Website]: testi ticket

[Tor Bug Tracker & Wiki]

#28110: testi ticket
--+--
 Reporter:  bekeela   |  Owner:  hiro
 Type:  defect| Status:  new
 Priority:  Medium|  Milestone:
Component:  Webpages/Website  |Version:
 Severity:  Normal|   Keywords:
Actual Points:|  Parent ID:
   Points:|   Reviewer:
  Sponsor:|
--+--
 This is a test...This is only a test :)

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #27746 [Metrics]: Compile slide deck to present Tor Metrics for the open day session in Mexico

[Tor Bug Tracker & Wiki]

#27746: Compile slide deck to present Tor Metrics for the open day session in
Mexico
-+
 Reporter:  irl  |  Owner:  irl
 Type:  task | Status:  closed
 Priority:  Medium   |  Milestone:
Component:  Metrics  |Version:
 Severity:  Normal   | Resolution:  fixed
 Keywords:   |  Actual Points:
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+
Changes (by karsten):

 * status:  accepted => closed
 * resolution:   => fixed


Comment:

 This slide deck has been created, the session has been held (and was
 really good!), and the slides are available for download here:

 https://people.torproject.org/~irl/2018-10-mexicocity-ecosystem.pdf

 Closing, despite not being the ticket owner. Please re-open if anything
 remained to be done.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #28109 [- Select a component]: envio de directorio

[Tor Bug Tracker & Wiki]

#28109: envio de directorio
+--
 Reporter:  carlaherrera30  |  Owner:  freered@…
 Type:  defect  | Status:  assigned
 Priority:  Medium  |  Component:  - Select a component
  Version:  |   Severity:  Normal
 Keywords:  |  Actual Points:
Parent ID:  | Points:
 Reviewer:  |Sponsor:
+--
 Su ayuda con el envío de directorio completos y actualizado FREERED.

 gracias

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #24920 [Applications/Tor Browser]: TBA has tabs and private tabs, we only want private tabs (was: Orfox has tabs and private tabs, we only want private tabs)

[Tor Bug Tracker & Wiki]

#24920: TBA has tabs and private tabs, we only want private tabs
--+--
 Reporter:  sysrqb|  Owner:  tbb-team
 Type:  defect| Status:  new
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:
 Keywords:  tbb-mobile|  Actual Points:
Parent ID:  #5709 | Points:
 Reviewer:|Sponsor:
--+--

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #28108 [Applications/Tor Browser]: backport 1479540

[Tor Bug Tracker & Wiki]

#28108: backport 1479540
--+--
 Reporter:  arthuredelstein   |  Owner:  tbb-team
 Type:  defect| Status:  needs_review
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:
 Keywords:  TorBrowserTeam201810R |  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+--
Changes (by arthuredelstein):

 * keywords:  TorBrowserTeam201810 => TorBrowserTeam201810R
 * status:  new => needs_review


Comment:

 Here's the patch cherry-picked on top of the latest `tor-
 browser-60.2.1esr-8.5-1`:
 https://github.com/arthuredelstein/tor-browser/commit/28108

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #28104 [Applications/Tor Browser]: Backport Android security fixes for Tor Browser for Android 1.0a3

[Tor Bug Tracker & Wiki]

#28104: Backport Android security fixes for Tor Browser for Android 1.0a3
-+-
 Reporter:  gk   |  Owner:  tbb-
 |  team
 Type:  enhancement  | Status:
 |  needs_review
 Priority:  Very High|  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  TorBrowserTeam201810R,   |  Actual Points:
  GeorgKoppen201810  |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-

Comment (by igt0):

 I looked the patches and tested the branch on Android 6, 7 and 8.
 Everything is looking good and working fine.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #28062 [Core Tor/sbws]: Publish bandwidth files only when they contain only the 60% of relays

[Tor Bug Tracker & Wiki]

#28062: Publish bandwidth files only when they contain only the 60% of relays
---+-
 Reporter:  juga   |  Owner:  juga
 Type:  defect | Status:  needs_revision
 Priority:  Medium |  Milestone:  sbws 1.0 (MVP nice)
Component:  Core Tor/sbws  |Version:
 Severity:  Normal | Resolution:
 Keywords: |  Actual Points:
Parent ID:  #28042 | Points:
 Reviewer: |Sponsor:
---+-

Comment (by juga):

 Replying to [comment:4 teor]:
 > Based on the comments in #28042, I think we need to implement #28076,
 where we create a file with a header but no relays.

 I can add an option to either remove the file or add the header.
 Would you prefer i then close this ticket and add all of this in #28076 or
 merge this and then change it in 28076?

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #28108 [Applications/Tor Browser]: backport 1479540

[Tor Bug Tracker & Wiki]

#28108: backport 1479540
--+
 Reporter:  arthuredelstein   |  Owner:  tbb-team
 Type:  defect| Status:  new
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal|   Keywords:
  |  TorBrowserTeam201810
Actual Points:|  Parent ID:
   Points:|   Reviewer:
  Sponsor:|
--+
 While building tor-browser.git (separately from tor-browser-build.git) I
 ran into https://bugzilla.mozilla.org/1479540

 It would like to propose backporting this patch to make Tor Browser
 hacking a little smoother.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #27111 [Applications/Tor Browser]: TBA: Implement about:tor

[Tor Bug Tracker & Wiki]

#27111: TBA: Implement about:tor
-+-
 Reporter:  igt0 |  Owner:  tbb-
 |  team
 Type:  defect   | Status:
 |  needs_revision
 Priority:  Medium   |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tbb-mobile, TBA-a2,  |  Actual Points:
  TorBrowserTeam201810R  |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-
Changes (by sysrqb):

 * status:  needs_review => needs_revision


Comment:

 Partially unrelated, but ideally, when the new tb-manual is available for
 TBA, then we'll probably need to adjust the URL construction within
 `src/chrome/content/aboutTor/aboutTor-content.js:onLocaleChange()`. (I
 guess this is similar to option 1 in #20739). We'll need a new mockup for
 this, too.

 ---

 In `src/chrome/content/torbutton.js:torbutton_init()`:
 {{{
 +if (torbutton_is_mobile()) {
 +torbutton_abouttor_message_handler.updateAllOpenPages();
 +}
 +
 }}}
 Can you add a comment about why this is needed only on mobile?

 


 We should set the homepage as `about:tor`, too. Fennec doesn't respect
 `browser.startup.homepage`, so we must hardcode it :/

 The easiest option may be modifying
 `mobile/android/base/java/org/mozilla/gecko/AboutPages.java:HOME`.
 Unfortunately, this won't work well until torbutton is integrated and
 there's no longer the need of restarting the app before torbutton fully
 installs. Another option is adding in a check for
 `browser.startup.homepage`, and that overrides `AboutPages:HOME`.

 

 This patch doesn't provide the same view as the mockup with the virtual
 keyboard opened (right-side of
 
https://trac.torproject.org/projects/tor/attachment/ticket/25696/24309%20-%20TBA%20-%20Welcome%20Page.png).
 This'll require a tor-browser patch, as well, because Fennec automatically
 opens the ActivityStream HomePager every time the URL bar is focused.

 

 Overall, I don't see any problems with this torbutton patch. This should
 be reviewed by someone else (in particular someone with more knowledge of
 this code) - making sure this doesn't break anything on desktop. I'm
 setting to needs_revision because I think explaining why about:tor
 requires an explicit signal on mobile  during init() is helpful for
 reviewing this.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #27800 [Core Tor/Tor]: Non-fatal assertion !(old) failed in node_add_to_ed25519_map

[Tor Bug Tracker & Wiki]

#27800: Non-fatal assertion !(old) failed in node_add_to_ed25519_map
--+
 Reporter:  stefani   |  Owner:  catalyst
 Type:  defect| Status:  closed
 Priority:  Very High |  Milestone:  Tor: 0.3.5.x-final
Component:  Core Tor/Tor  |Version:  Tor: 0.3.2.1-alpha
 Severity:  Normal| Resolution:  fixed
 Keywords:  regression, 035-must  |  Actual Points:  3
Parent ID:| Points:
 Reviewer:  nickm |Sponsor:
--+
Changes (by catalyst):

 * actualpoints:   => 3


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #28106 [Core Tor/sbws]: Change integration tests from bash to shell

[Tor Bug Tracker & Wiki]

#28106: Change integration tests from bash to shell
---+
 Reporter:  juga   |  Owner:  (none)
 Type:  defect | Status:  new
 Priority:  Medium |  Milestone:
Component:  Core Tor/sbws  |Version:
 Severity:  Normal | Resolution:
 Keywords: |  Actual Points:
Parent ID: | Points:
 Reviewer: |Sponsor:
---+
Changes (by catalyst):

 * cc: catalyst (added)


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #27471 [Core Tor/Tor]: HS intermittently fails: Non-fatal assertion failed in send_introduce1

[Tor Bug Tracker & Wiki]

#27471: HS intermittently fails: Non-fatal assertion failed in send_introduce1
---+---
 Reporter:  tgragnato  |  Owner:  dgoulet
 Type:  defect | Status:
   |  merge_ready
 Priority:  Very High  |  Milestone:  Tor:
   |  0.3.5.x-final
Component:  Core Tor/Tor   |Version:  Tor:
   |  0.3.4.7-rc
 Severity:  Minor  | Resolution:
 Keywords:  tor-hs, regression?, 025-backport  |  Actual Points:
Parent ID: | Points:
 Reviewer:  asn|Sponsor:
---+---
Changes (by nickm):

 * keywords:  tor-hs, regression?, 035-must => tor-hs, regression?,
 025-backport


Comment:

 thanks!  Merged that to 0.3.6, and leaving here for possible backport
 assuming nothing goes wrong. :)

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #27471 [Core Tor/Tor]: HS intermittently fails: Non-fatal assertion failed in send_introduce1

[Tor Bug Tracker & Wiki]

#27471: HS intermittently fails: Non-fatal assertion failed in send_introduce1
---+---
 Reporter:  tgragnato  |  Owner:  dgoulet
 Type:  defect | Status:
   |  merge_ready
 Priority:  Very High  |  Milestone:  Tor:
   |  0.3.5.x-final
Component:  Core Tor/Tor   |Version:  Tor:
   |  0.3.4.7-rc
 Severity:  Minor  | Resolution:
 Keywords:  tor-hs, regression?, 035-backport  |  Actual Points:
Parent ID: | Points:
 Reviewer:  asn|Sponsor:
---+---
Changes (by nickm):

 * keywords:  tor-hs, regression?, 025-backport => tor-hs, regression?,
 035-backport


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #27471 [Core Tor/Tor]: HS intermittently fails: Non-fatal assertion failed in send_introduce1

[Tor Bug Tracker & Wiki]

#27471: HS intermittently fails: Non-fatal assertion failed in send_introduce1
---+---
 Reporter:  tgragnato  |  Owner:  dgoulet
 Type:  defect | Status:  merge_ready
 Priority:  Very High  |  Milestone:  Tor:
   |  0.3.5.x-final
Component:  Core Tor/Tor   |Version:  Tor:
   |  0.3.4.7-rc
 Severity:  Minor  | Resolution:
 Keywords:  tor-hs, regression?, 035-must  |  Actual Points:
Parent ID: | Points:
 Reviewer:  asn|Sponsor:
---+---

Comment (by dgoulet):

 Replying to [comment:19 nickm]:
 > Hi!  Could one of you take care of squashing this against maint-0.3.5?
 I just tried, but it didn't squash cleanly.

 Branch: `ticket27471_035_02`

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #27471 [Core Tor/Tor]: HS intermittently fails: Non-fatal assertion failed in send_introduce1

[Tor Bug Tracker & Wiki]

#27471: HS intermittently fails: Non-fatal assertion failed in send_introduce1
---+---
 Reporter:  tgragnato  |  Owner:  dgoulet
 Type:  defect | Status:  merge_ready
 Priority:  Very High  |  Milestone:  Tor:
   |  0.3.5.x-final
Component:  Core Tor/Tor   |Version:  Tor:
   |  0.3.4.7-rc
 Severity:  Minor  | Resolution:
 Keywords:  tor-hs, regression?, 035-must  |  Actual Points:
Parent ID: | Points:
 Reviewer:  asn|Sponsor:
---+---

Comment (by nickm):

 Hi!  Could one of you take care of squashing this against maint-0.3.5?  I
 just tried, but it didn't squash cleanly.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #28106 [Core Tor/sbws]: Change integration tests from bash to shell

[Tor Bug Tracker & Wiki]

#28106: Change integration tests from bash to shell
---+
 Reporter:  juga   |  Owner:  (none)
 Type:  defect | Status:  new
 Priority:  Medium |  Milestone:
Component:  Core Tor/sbws  |Version:
 Severity:  Normal | Resolution:
 Keywords: |  Actual Points:
Parent ID: | Points:
 Reviewer: |Sponsor:
---+
Changes (by gman999):

 * cc: gman999@… (added)


Comment:

 also added to cc

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #27838 [Core Tor/Tor]: v3 onion service wrongly considers Invalid signature for service descriptor signing key: expired

[Tor Bug Tracker & Wiki]

#27838: v3 onion service wrongly considers Invalid signature for service 
descriptor
signing key: expired
--+
 Reporter:  s7r   |  Owner:  dgoulet
 Type:  defect| Status:  accepted
 Priority:  High  |  Milestone:  Tor: 0.3.5.x-final
Component:  Core Tor/Tor  |Version:  Tor: 0.3.5.1-alpha
 Severity:  Normal| Resolution:
 Keywords:  tor-hs|  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+

Comment (by dgoulet):

 Ok after a discussion with asn, the right thing to do is to:

 1) Identify the mutable values within a descriptors that would need to be
 refreshed before uploading (for instance, revision counter). We already
 have several of these so we would also need to add the certificate
 creation so we always have fresh cert. The time is rounded down to the
 hour so to avoid the leak of when _exactly_ the descriptor is uploaded.

 2) Add such a function that refreshes all the mutable values before
 uploading.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #26931 [Core Tor/Tor]: Wrong service-side HSv3 hash ring for HSv3 once a day (low impact)

[Tor Bug Tracker & Wiki]

#26931: Wrong service-side HSv3 hash ring for HSv3 once a day (low impact)
--+
 Reporter:  asn   |  Owner:  (none)
 Type:  defect| Status:  closed
 Priority:  Medium|  Milestone:  Tor: 0.3.5.x-final
Component:  Core Tor/Tor  |Version:
 Severity:  Normal| Resolution:  not a bug
 Keywords:  tor-hs hsv3 reachability  |  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+
Changes (by dgoulet):

 * status:  new => closed
 * resolution:   => not a bug


Comment:

 After consideration, this is a no bug.

 The reason is that we use the `valid_after` time of the consensus to
 rotate the descriptor so if the `next_rotation_time` is set to 00:00, then
 we won't rotate until we have a consensus that has its valid after time
 `>= 00:00` meaning the consensus that has the new SRV.

 See `should_rotate_descriptors()`.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #27995 [Core Tor/Tor]: hs v3 auth descriptor cookie validation: tor crash when parsing .auth file after SIGHUP

[Tor Bug Tracker & Wiki]

#27995: hs v3 auth descriptor cookie validation: tor crash when parsing .auth 
file
after SIGHUP
-+-
 Reporter:  madage   |  Owner:  dgoulet
 Type:  defect   | Status:
 |  needs_review
 Priority:  High |  Milestone:  Tor:
 |  0.3.5.x-final
Component:  Core Tor/Tor |Version:  Tor:
 |  0.3.5.2-alpha
 Severity:  Normal   | Resolution:
 Keywords:  hs onion service v3 descriptor   |  Actual Points:
  cookie validation regression high  |
Parent ID:   | Points:
 Reviewer:  asn  |Sponsor:
-+-
Changes (by dgoulet):

 * status:  accepted => needs_review
 * reviewer:   => asn


Comment:

 Branch: `ticket27995_035_01`.
 PR: https://github.com/torproject/tor/pull/415

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #27995 [Core Tor/Tor]: hs v3 auth descriptor cookie validation: tor crash when parsing .auth file after SIGHUP

[Tor Bug Tracker & Wiki]

#27995: hs v3 auth descriptor cookie validation: tor crash when parsing .auth 
file
after SIGHUP
-+-
 Reporter:  madage   |  Owner:  dgoulet
 Type:  defect   | Status:
 |  accepted
 Priority:  High |  Milestone:  Tor:
 |  0.3.5.x-final
Component:  Core Tor/Tor |Version:  Tor:
 |  0.3.5.2-alpha
 Severity:  Normal   | Resolution:
 Keywords:  hs onion service v3 descriptor   |  Actual Points:
  cookie validation regression high  |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-
Changes (by dgoulet):

 * owner:  (none) => dgoulet
 * reviewer:  dgoulet =>
 * status:  needs_review => accepted


Comment:

 Hmmm this is reproducible as explained in the ticket...

 The reason is that the service `descriptor_cookie` is created when we
 generate the service keys in `build_service_desc_keys()` meaning that on
 HUP, that does NOT get called again ending up with an empty descriptor
 cookie but with authorized clients.

 To be honest, in order to minimize complexity, we should probably _always_
 generate the cookie and only use it when we have authorized client
 enabled. That way, we don't have to worry about configuration changes and
 that cookie value. Would be a one liner fix.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #17558 [Applications/Tor Browser]: Copying to clipboard is dangerous [ip leak exploit & arb. code exec] (was: Copying to clipboard is dangerous)

[Tor Bug Tracker & Wiki]

#17558: Copying to clipboard is dangerous [ip leak exploit & arb. code exec]
-+-
 Reporter:  cypherpunks  |  Owner:  tbb-
 |  team
 Type:  defect   | Status:  new
 Priority:  High |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Major| Resolution:
 Keywords:  exploit, clipboard, arbitrary,   |  Actual Points:
  code, execution, copy, read, paste, user,  |
  system, fingerprint, leak, ip, reveal, |
  location   |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-
Changes (by cypherpunks):

 * cc: it@… (added)
 * keywords:   =>
 exploit, clipboard, arbitrary, code, execution, copy, read, paste,
 user, system, fingerprint, leak, ip, reveal, location


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #27900 [Core Tor/Tor]: Please establish which C standard tor code complies with

[Tor Bug Tracker & Wiki]

#27900: Please establish which C standard tor code complies with
--+
 Reporter:  yurivict271   |  Owner:  (none)
 Type:  defect| Status:  closed
 Priority:  Medium|  Milestone:  Tor: 0.3.5.x-final
Component:  Core Tor/Tor  |Version:
 Severity:  Normal| Resolution:  not a bug
 Keywords:|  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+
Changes (by dgoulet):

 * status:  new => closed
 * resolution:   => not a bug


Comment:

 I really don't see any other action items here. `-std=gnu99` is what is
 being used and we do have the `AC_PROG_CC_C99` being used.

 Reopen if I'm missing something and there is something we can actually do.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #27813 [Core Tor/Tor]: Tor 0.3.4.8 is leaking memory

[Tor Bug Tracker & Wiki]

#27813: Tor 0.3.4.8 is leaking memory
-+-
 Reporter:  anong|  Owner:  (none)
 Type:  defect   | Status:
 |  needs_information
 Priority:  Very High|  Milestone:  Tor:
 |  0.3.5.x-final
Component:  Core Tor/Tor |Version:  Tor:
 |  0.3.4.8
 Severity:  Critical | Resolution:
 Keywords:  regression? memleak oom  |  Actual Points:
  034-backport tor-relay 035-must|
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-
Changes (by dgoulet):

 * status:  new => needs_information


Comment:

 So far testing shows that #28089 was the cause of this memory leak kernel
 side. We'll keep this open for a while to monitor the situation after
 0.3.4.9 is released but it is looking good!

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #27750 [Core Tor/Tor]: conn_close_if_marked: Non-fatal assertion !(connection_is_writing(conn))

[Tor Bug Tracker & Wiki]

#27750: conn_close_if_marked: Non-fatal assertion !(connection_is_writing(conn))
--+
 Reporter:  dgoulet   |  Owner:  dgoulet
 Type:  defect| Status:
  |  needs_information
 Priority:  Very High |  Milestone:  Tor:
  |  0.3.5.x-final
Component:  Core Tor/Tor  |Version:  Tor: 0.3.4.8
 Severity:  Normal| Resolution:
 Keywords:  regression, assert, 035-must  |  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+
Changes (by nickm):

 * status:  accepted => needs_information


Comment:

 This may be fixed by the fix of #28089; let's see whether it recurs in
 0.3.5.3-alpha or later. (Or in 0.3.4.9 or later.)

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #28107 [Applications/Tor Browser]: Tor Browser 8.0 turns off VP9 videos when detects low fps

[Tor Bug Tracker & Wiki]

#28107: Tor Browser 8.0 turns off VP9 videos when detects low fps
--+---
 Reporter:  vp9   |  Owner:  tbb-team
 Type:  defect| Status:  needs_information
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:
 Keywords:  tbb-fingerprinting|  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+---
Changes (by gk):

 * owner:  (none) => tbb-team
 * status:  new => needs_information
 * component:  - Select a component => Applications/Tor Browser
 * keywords:   => tbb-fingerprinting


Comment:

 Replying to [ticket:28107 vp9]:
 > #22548 doesn't work in Tor Browser 8.0.

 Could you be a bit more verbose about what is not working? As far as I see
 our patch still does work as we intended: for those platforms where VP9 is
 available all users get VP9 *unrelated* to the frames per second they are
 capable of playing. How did that stop working?

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #27471 [Core Tor/Tor]: HS intermittently fails: Non-fatal assertion failed in send_introduce1

[Tor Bug Tracker & Wiki]

#27471: HS intermittently fails: Non-fatal assertion failed in send_introduce1
---+---
 Reporter:  tgragnato  |  Owner:  dgoulet
 Type:  defect | Status:  merge_ready
 Priority:  Very High  |  Milestone:  Tor:
   |  0.3.5.x-final
Component:  Core Tor/Tor   |Version:  Tor:
   |  0.3.4.7-rc
 Severity:  Minor  | Resolution:
 Keywords:  tor-hs, regression?, 035-must  |  Actual Points:
Parent ID: | Points:
 Reviewer:  asn|Sponsor:
---+---
Changes (by dgoulet):

 * status:  needs_review => merge_ready


Comment:

 I'm happy with this! I thought of it a bit more and I think we should
 close the circuits here instead of re-extending on error. I think we'll
 fix more issues over time instead of dealing with an error because we have
 unusable circuits lying around.

 I thought of the attacker problem here where someone induces a client to
 fetch a descriptor (let say a malicious web page) and then somehow notices
 the close of the intro circuits and because the attacker would know the
 descriptor has new intro points, it could maybe deduce that it was in fact
 that .onion and thus I'm its Guard node.

 However, I doubt this is a practical attack considering the narrow window
 where we replace a descriptor while we have an intro circuit inflight. It
 can happen once at a client but I doubt it can happen enough to lead to
 information leak.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #27841 [Core Tor/Tor]: Close intro circuit after introduction has been completed

[Tor Bug Tracker & Wiki]

#27841: Close intro circuit after introduction has been completed
--+---
 Reporter:  asn   |  Owner:  neel
 Type:  defect| Status:  needs_information
 Priority:  Medium|  Milestone:  Tor: unspecified
Component:  Core Tor/Tor  |Version:
 Severity:  Normal| Resolution:
 Keywords:  tor-hs dos|  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+---
Changes (by dgoulet):

 * cc: asn (added)
 * status:  assigned => needs_information


Comment:

 Yes client side we are fine. I think this ticket was more on the
 introduction point side?

 Now I just realized something that is maybe bad in v3 (not in v2).

 See `handle_introduce1()` (hs_intropoint.c). Notice at the end that we
 only close the circuit if we send a NACK but not a ACK. Actually, it
 should be the opposite! The reason is that if you ACK, then the client
 will close that circuits so instead of waiting for another round trip for
 the DESTROY cell, the IP can just send it after the ACK and the client
 will likely close it much faster.

 Now, why we shouldn't close with a NACK? Because, in case of a NACK, the
 client will use the same circuit to re-extend to a new IP. If the current
 IP is closing the circuits, that re-extend is most likely failing... So
 the whole "reextend on NACK" optimization is rendered useless by closing
 the circuit on NACK on the intro side.

 To summarize (all of this intro point side):

 * Close IP on ACK
 * Keep circuit on NACK.

 Thoughts?

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #27471 [Core Tor/Tor]: HS intermittently fails: Non-fatal assertion failed in send_introduce1

[Tor Bug Tracker & Wiki]

#27471: HS intermittently fails: Non-fatal assertion failed in send_introduce1
---+---
 Reporter:  tgragnato  |  Owner:  dgoulet
 Type:  defect | Status:  needs_review
 Priority:  Very High  |  Milestone:  Tor:
   |  0.3.5.x-final
Component:  Core Tor/Tor   |Version:  Tor:
   |  0.3.4.7-rc
 Severity:  Minor  | Resolution:
 Keywords:  tor-hs, regression?, 035-must  |  Actual Points:
Parent ID: | Points:
 Reviewer:  asn|Sponsor:
---+---
Changes (by nickm):

 * status:  needs_revision => needs_review


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #27549 [Core Tor/Tor]: hs-v3: Refactor the descriptor cookie computation code

[Tor Bug Tracker & Wiki]

#27549: hs-v3: Refactor the descriptor cookie computation code
--+
 Reporter:  dgoulet   |  Owner:  dgoulet
 Type:  defect| Status:  closed
 Priority:  Medium|  Milestone:  CollecTor
  |  1.7.0
Component:  Core Tor/Tor  |Version:
 Severity:  Normal| Resolution:  implemented
 Keywords:  tor-hs, hs-auth, refactoring  |  Actual Points:
Parent ID:  #27544| Points:
 Reviewer:  asn   |Sponsor:
--+
Changes (by nickm):

 * status:  merge_ready => closed
 * resolution:   => implemented
 * milestone:  Tor: 0.3.5.x-final => CollecTor 1.7.0


Comment:

 Squashed and merged to master (0.3.6)

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #27549 [Core Tor/Tor]: hs-v3: Refactor the descriptor cookie computation code

[Tor Bug Tracker & Wiki]

#27549: hs-v3: Refactor the descriptor cookie computation code
--+
 Reporter:  dgoulet   |  Owner:  dgoulet
 Type:  defect| Status:  merge_ready
 Priority:  Medium|  Milestone:  Tor:
  |  0.3.5.x-final
Component:  Core Tor/Tor  |Version:
 Severity:  Normal| Resolution:
 Keywords:  tor-hs, hs-auth, refactoring  |  Actual Points:
Parent ID:  #27544| Points:
 Reviewer:  asn   |Sponsor:
--+
Changes (by nickm):

 * milestone:  Tor: unspecified => Tor: 0.3.5.x-final


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #28094 [Core Tor/Tor]: fix docs in workqueue.c (was: fix docs)

[Tor Bug Tracker & Wiki]

#28094: fix docs in workqueue.c
--+
 Reporter:  cyberpunks|  Owner:  (none)
 Type:  defect| Status:  needs_review
 Priority:  Medium|  Milestone:  Tor: 0.3.6.x-final
Component:  Core Tor/Tor  |Version:
 Severity:  Normal| Resolution:
 Keywords:  tor-docs  |  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+
Changes (by nickm):

 * status:  new => needs_review
 * milestone:   => Tor: 0.3.6.x-final


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #22548 [Applications/Tor Browser]: Firefox downgrades VP9 videos to VP8 when measured performance is not enough

[Tor Bug Tracker & Wiki]

#22548: Firefox downgrades VP9 videos to VP8 when measured performance is not
enough
-+-
 Reporter:  cypherpunks  |  Owner:  tbb-
 |  team
 Type:  defect   | Status:  closed
 Priority:  Medium   |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:  fixed
 Keywords:  tbb-fingerprinting,  |  Actual Points:
  TorBrowserTeam201801R  |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-

Comment (by vp9):

 Weird. But here it is: #28107.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #28107 [- Select a component]: Tor Browser 8.0 turns off VP9 videos when detects low fps

[Tor Bug Tracker & Wiki]

#28107: Tor Browser 8.0 turns off VP9 videos when detects low fps
+--
 Reporter:  vp9 |  Owner:  (none)
 Type:  defect  | Status:  new
 Priority:  Medium  |  Component:  - Select a component
  Version:  |   Severity:  Normal
 Keywords:  |  Actual Points:
Parent ID:  | Points:
 Reviewer:  |Sponsor:
+--
 #22548 doesn't work in Tor Browser 8.0.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #28106 [Core Tor/sbws]: Change integration tests from bash to shell

[Tor Bug Tracker & Wiki]

#28106: Change integration tests from bash to shell
---+
 Reporter:  juga   |  Owner:  (none)
 Type:  defect | Status:  new
 Priority:  Medium |  Milestone:
Component:  Core Tor/sbws  |Version:
 Severity:  Normal | Resolution:
 Keywords: |  Actual Points:
Parent ID: | Points:
 Reviewer: |Sponsor:
---+
Changes (by egypcio):

 * cc: egypcio (added)


Comment:

 I would like to follow this ticket,
 so I'm adding myself in CC to get notifications about this one.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #22548 [Applications/Tor Browser]: Firefox downgrades VP9 videos to VP8 when measured performance is not enough

[Tor Bug Tracker & Wiki]

#22548: Firefox downgrades VP9 videos to VP8 when measured performance is not
enough
-+-
 Reporter:  cypherpunks  |  Owner:  tbb-
 |  team
 Type:  defect   | Status:  closed
 Priority:  Medium   |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:  fixed
 Keywords:  tbb-fingerprinting,  |  Actual Points:
  TorBrowserTeam201801R  |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-
Changes (by gk):

 * status:  reopened => closed
 * resolution:   => fixed


Comment:

 I don't think there is a reason to reopen this specific bug. If you think
 there is an issue, please file a new one.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #28106 [Core Tor/sbws]: Change integration tests from bash to shell

[Tor Bug Tracker & Wiki]

#28106: Change integration tests from bash to shell
---+
 Reporter:  juga   |  Owner:  (none)
 Type:  defect | Status:  new
 Priority:  Medium |  Milestone:
Component:  Core Tor/sbws  |Version:
 Severity:  Normal | Resolution:
 Keywords: |  Actual Points:
Parent ID: | Points:
 Reviewer: |Sponsor:
---+

Comment (by gman999):

 Yes, the ideal way to provide portable tests (in this case
 tests/testnets/simple.common scripts) is that they are written in POSIX
 shell, therefore not requiring shells/bash on systems not including bash
 by default (ie, the *BSDs).

 I will try to hack on them but not sure when I'll have the bandwidth.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #28106 [Core Tor/sbws]: Change integration tests from bash to shell

[Tor Bug Tracker & Wiki]

#28106: Change integration tests from bash to shell
---+
 Reporter:  juga   |  Owner:  (none)
 Type:  defect | Status:  new
 Priority:  Medium |  Milestone:
Component:  Core Tor/sbws  |Version:
 Severity:  Normal |   Keywords:
Actual Points: |  Parent ID:
   Points: |   Reviewer:
  Sponsor: |
---+
 gman999 reported that tests need to change from bash to shell to include
 them in openbsd

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #26690 [Applications/Tor Browser]: TBA: Port padlock states for .onion services to mobile

[Tor Bug Tracker & Wiki]

#26690: TBA: Port padlock states for .onion services to mobile
-+-
 Reporter:  igt0 |  Owner:  tbb-
 |  team
 Type:  enhancement  | Status:
 |  needs_revision
 Priority:  Medium   |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tbb-mobile, TBA-a2,  |  Actual Points:
  TorBrowserTeam201810R  |
Parent ID:  #5709| Points:
 Reviewer:   |Sponsor:
-+-
Changes (by sysrqb):

 * status:  needs_review => needs_revision


Comment:

 Nice, looks good! Only some minor comments.

 From the commit message:
 {{{
  Prior to this patch, TBA was showing all onion services as SSL/TLS
 encrypted connections(lock icon).
 }}}
 Nit: That isn't true, is it? Maybe I'm misreading it. Currently, onion
 sites served without TLS do not show a lock icon, right?

 

 {{{
 +
 }}}

 I feel like "onion_active" doesn't describe the state well. Can we call it
 onion_lock (or something similar)? When I see IconType.ONION_ACTIVATE in
 the code, I don't immediately remember what that means. I think
 IconType.ONION_LOCK be a little better. And maybe the icons that don't
 contain locks shouldn't have "lock" in their name? Thoughts?

 

 {{{
 @@ -100,6 +103,8 @@ public class SecurityModeUtil {
  final MixedMode displayMixedMode =
 identity.getMixedModeDisplay();
  final TrackingMode trackingMode = identity.getTrackingMode();
  final boolean securityException = identity.isSecurityException();
 +   final boolean isOnionHost = identity.isOnionHost();
 +   final boolean hasCert = identity.hasCert();
 }}}
 Nit: Please correct the indentation

 

 {{{
 @@ -119,9 +124,15 @@ public class SecurityModeUtil {
  return IconType.DEFAULT;
  }

 -return securityModeMap.containsKey(securityMode)
 -? securityModeMap.get(securityMode)
 -: IconType.UNKNOWN;
 +if (securityMode == SecurityMode.UNKNOWN) {
 +return isOnionHost ? IconType.ONION : IconType.UNKNOWN;
 +   } else if (securityMode == SecurityMode.IDENTIFIED) {
 +return isOnionHost ? (hasCert ? IconType.ONION_ACTIVATE :
 IconType.ONION) : IconType.LOCK_SECURE;
 +   } else if (securityMode == SecurityMode.VERIFIED) {
 +return isOnionHost ? IconType.ONION_ACTIVATE :
 IconType.LOCK_SECURE;
 +   } else {
 +return IconType.UNKNOWN;
 +}
  }
 }}}
 Nit. Here, too.

 

 {{{
 -mIcon.setImageResource(R.drawable.ic_lock_disabled);
 +int resId = siteIdentity.isOnionHost() ?
 R.drawable.ic_lock_onion_disabled : R.drawable.ic_lock_disabled;
 +mIcon.setImageResource(resId);
 }}}
 These changes in
 `mobile/android/base/java/org/mozilla/gecko/toolbar/SiteIdentityPopup.java`
 are #27657, so I'm not sure we should implement this yet (although I like
 it).

 

 {{{
 -final boolean isIdentityKnown = (siteIdentity.getSecurityMode()
 == SecurityMode.IDENTIFIED ||
 - siteIdentity.getSecurityMode()
 == SecurityMode.VERIFIED);
 +final boolean isIdentityKnown = ((siteIdentity.getSecurityMode()
 == SecurityMode.IDENTIFIED ||
 + siteIdentity.getSecurityMode()
 == SecurityMode.VERIFIED) &&
 + siteIdentity.hasCert());

 }}}

 Is this needed? Can the SecurityMode be Verified or Identified without a
 cert? (I don't see a code path that allows this, but it's possible I
 missed it)

 

 I created some (simple) test pages for this:
 https://people.torproject.org/~sysrqb/mixed_content/
 http://sbe5fi5cka5l3fqe.onion/~sysrqb/mixed_content/

 The fact Mozilla re-implemented all of this logic for mobile instead of
 reusing some of the existing browser functionality is really annoying.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs