Re: [tor-bugs] #29729 [Core Tor/Chutney]: Work out which networks to run in Chutney's CI

[Tor Bug Tracker & Wiki]

#29729: Work out which networks to run in Chutney's CI
-+-
 Reporter:  teor |  Owner:  teor
 Type:  enhancement  | Status:
 |  assigned
 Priority:  Medium   |  Milestone:
Component:  Core Tor/Chutney |Version:
 Severity:  Normal   | Resolution:
 Keywords:  chutney-ci, network-team-|  Actual Points:
  roadmap-2019-Q1Q2  |
Parent ID:   | Points:  1
 Reviewer:   |Sponsor:
 |  Sponsor19
-+-

Comment (by teor):

 I have a nice diagram paper diagram for our different CI dimensions. I'll
 work out how to put the final version in text.

 Here's a list of the networks that tor's `make test-network-all` runs. We
 need to test all these networks, because breaking them would break Tor's
 CI.

 0.2.9:
 basic-min
 bridges-min
 hs-min
 single-onion
 bridges+ipv6-min
 ipv6-exit-min
 hs-ipv6
 single-onion-ipv6

 0.3.4 and later:
 basic-min
 bridges-min
 hs-v2-min
 hs-v3-min
 single-onion-v23
 bridges+ipv6-min
 ipv6-exit-min
 hs-v23-ipv6-md
 single-onion-ipv6-md

 Here's a list of the network sets and arguments I want to test:

 No Tor installed (?):
 * --dry-run

 master only:
 * --coverage --debug --all-warnings
 * --quiet --no-warnings
 * --net-dir `mktemp -d`
 * --data 1 (or 10s worth) --start-time 70 --bootstrap-time 70
 --stop-time 10 --rounds 2 --connections 2

 0.2.9 and master:
 * bridges networks
 * --offline (Mac & Linux)

 0.2.9, 0.3.4, and master:
 * onion networks
 * IPv6 networks --ipv4 127.0.0.1 --ipv6 :1

 This seems like a lot, but we only modify chutney once a week (or less).
 So we can afford to do exhaustive tests.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #29957 [Applications/Tor Browser]: clicking on "click to play" media leaks URLs via NoScript on-disk preferences

[Tor Bug Tracker & Wiki]

#29957: clicking on "click to play" media leaks URLs via NoScript on-disk
preferences
---+---
 Reporter:  catalyst   |  Owner:  tbb-team
 Type:  defect | Status:  needs_information
 Priority:  High   |  Milestone:
Component:  Applications/Tor Browser   |Version:
 Severity:  Normal | Resolution:
 Keywords:  tbb-disk-leak, tbb-newnym  |  Actual Points:
Parent ID: | Points:
 Reviewer: |Sponsor:
---+---

Comment (by cypherpunks):

 Here is *exactly* what I did to confirm it:

 1. Deleted Tor Browser directory

 2. Installed fresh Tor Browser 8.0.8

 3. Changed security slider to "Safer"

 4. Navigated to
 
https://upload.wikimedia.org/wikipedia/commons/transcoded/2/22/Volcano_Lava_Sample.webm/Volcano_Lava_Sample.webm.360p.vp9.webm

 5. Clicked to play

 6. Looked at NoScript settings page and confirmed it was whitelisted

 7. Restarted browser

 Before step 5, I looked at the sqlite in an online sqlite viewer and it
 said the collection_name was default/{73a6fe31-595d-
 460b-a920-fcc0f8843232}, the record_id was key-policy, and the record was
 this:

 {{{
 {"id":"key-
 
policy","key":"policy","data":{"DEFAULT":{"capabilities":["fetch","font","frame","object","other","script","webgl"],"temp":false},"TRUSTED":{"capabilities":["fetch","font","frame","media","object","other","script","webgl"],"temp":false},"UNTRUSTED":{"capabilities":["frame","font"],"temp":false},"sites":{"trusted":[],"untrusted":["http:"],"custom":{}},"enforced":true,"autoAllowTop":false},"_status":"created"}
 }}}

 After step 7 I looked at the same record, and now it was this:

 {{{
 {"id":"key-
 
policy","key":"policy","data":{"DEFAULT":{"capabilities":["fetch","font","frame","object","other","script","webgl"],"temp":false},"TRUSTED":{"capabilities":["fetch","font","frame","media","object","other","script","webgl"],"temp":false},"UNTRUSTED":{"capabilities":["frame","font"],"temp":false},"sites":{"trusted":[],"untrusted":["http:"],"custom":{"https://upload.wikimedia.org/wikipedia/commons/transcoded/2/22/Volcano_Lava_Sample.webm/Volcano_Lava_Sample.webm.360p.vp9.webm":{"capabilities":["fetch","font","frame","object","other","script","webgl","media"],"temp":false}}},"enforced":true,"autoAllowTop":false},"_status":"created"}
 }}}

 That sqlite file is stored on the disk.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #30049 [Core Tor/Tor]: Work out how to test mixed-version chutney networks in Tor's CI

[Tor Bug Tracker & Wiki]

#30049: Work out how to test mixed-version chutney networks in Tor's CI
-+-
 Reporter:  teor |  Owner:  (none)
 Type:  enhancement  | Status:  new
 Priority:  Medium   |  Milestone:  Tor:
 |  unspecified
Component:  Core Tor/Tor |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tor-ci, network-team-|  Actual Points:
  roadmap-2019-Q1Q2-maybe|
Parent ID:  #29280   | Points:  2
 Reviewer:   |Sponsor:
 |  Sponsor19-can
-+-

Comment (by teor):

 Here are the mixed networks that Tor uses:

 0.2.9:
 mixed

 0.3.4 and later:
 mixed+hs-v2

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #29957 [Applications/Tor Browser]: clicking on "click to play" media leaks URLs via NoScript on-disk preferences

[Tor Bug Tracker & Wiki]

#29957: clicking on "click to play" media leaks URLs via NoScript on-disk
preferences
---+---
 Reporter:  catalyst   |  Owner:  tbb-team
 Type:  defect | Status:  needs_information
 Priority:  High   |  Milestone:
Component:  Applications/Tor Browser   |Version:
 Severity:  Normal | Resolution:
 Keywords:  tbb-disk-leak, tbb-newnym  |  Actual Points:
Parent ID: | Points:
 Reviewer: |Sponsor:
---+---

Comment (by cypherpunks):

 In the file called storage-sync.sqlite (in profile.default) I have this
 text copied from Notepad (example and not everything in the .sqlite file,
 just the relevant part):

 {{{
 
["fetch","font","frame","object","other","script","webgl","media"],"temp":false},"https://upload.wikimedia.org/wikipedia/commons/transcoded/0/0a/Comparing_CMEs.ogv/Comparing_CMEs.ogv.480p.vp9.webm":{"capabilities":["fetch","font","frame","object","other","script","webgl","media"],"temp":false}}},"enforced":true,"autoAllowTop":false},"_status":"created"}‚';i
 ƒedefault/{73a6fe31-595d-460b-a920-fcc0f8843232}key-sync{"id":"key-
 
sync","key":"sync","data":{"global":false,"xss":true,"cascadeRestrictions":true,"xssScanRequestBody":false,"xssBlockUnscannedPOST":true,"overrideTorBrowserPolicy":false,"clearclick":true,"storage":"sync"},"_status":"created"}
 }}}

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #29792 [Core Tor/Tor]: practracker problems and CI broken on master

[Tor Bug Tracker & Wiki]

#29792: practracker problems and CI broken on master
--+
 Reporter:  asn   |  Owner:  (none)
 Type:  defect| Status:  new
 Priority:  High  |  Milestone:  Tor:
  |  0.4.1.x-final
Component:  Core Tor/Tor  |Version:
 Severity:  Normal| Resolution:
 Keywords:  practracker tech-debt tor-ci  |  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+

Comment (by teor):

 I opened child tickets for e) and f).
 f) and #30033 will give us g).
 I don't like h) any more.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #30051 [Core Tor/Tor]: Add practracker as a post-commit git hook for frequent coders

[Tor Bug Tracker & Wiki]

#30051: Add practracker as a post-commit git hook for frequent coders
-+-
 Reporter:  teor |  Owner:  (none)
 Type:  enhancement  | Status:  new
 Priority:  Medium   |  Milestone:  Tor:
 |  0.4.1.x-final
Component:  Core Tor/Tor |Version:
 Severity:  Normal   | Resolution:
 Keywords:  practracker tech-debt tor-ci git-|  Actual Points:
  scripts|
Parent ID:  #29792   | Points:  1
 Reviewer:   |Sponsor:
-+-
Changes (by teor):

 * keywords:  practracker tech-debt tor-ci tor-git-scripts => practracker
 tech-debt tor-ci git-scripts


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #30033 [Core Tor/Tor]: The pre-push hook should call the pre-commit hook on every commit

[Tor Bug Tracker & Wiki]

#30033: The pre-push hook should call the pre-commit hook on every commit
--+--
 Reporter:  teor  |  Owner:  (none)
 Type:  defect| Status:  needs_review
 Priority:  Medium|  Milestone:  Tor: unspecified
Component:  Core Tor/Tor  |Version:
 Severity:  Normal| Resolution:
 Keywords:  git-scripts   |  Actual Points:
Parent ID:  #29792| Points:
 Reviewer:|Sponsor:
--+--
Changes (by teor):

 * parent:   => #29792


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #30051 [Core Tor/Tor]: Add practracker as a post-commit git hook for frequent coders

[Tor Bug Tracker & Wiki]

#30051: Add practracker as a post-commit git hook for frequent coders
-+-
 Reporter:  teor |  Owner:  (none)
 Type:   | Status:  new
  enhancement|
 Priority:  Medium   |  Milestone:  Tor: 0.4.1.x-final
Component:  Core |Version:
  Tor/Tor|   Keywords:  practracker tech-debt tor-ci tor-
 Severity:  Normal   |  git-scripts
Actual Points:   |  Parent ID:  #29792
   Points:  1|   Reviewer:
  Sponsor:   |
-+-
 * it might still be annoying, but it's less annoying than having CI fail
 * we can fix issues for infrequent coders at the CI or merge stage
 * reviewers can see the practracker diff and decide if it's reasonable

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #30050 [Core Tor/Tor]: Disable practracker in CI, when a release becomes a release candidate

[Tor Bug Tracker & Wiki]

#30050: Disable practracker in CI, when a release becomes a release candidate
-+-
 Reporter:  teor |  Owner:  (none)
 Type:  task | Status:  new
 Priority:  Medium   |  Milestone:  Tor: 0.4.0.x-final
Component:  Core |Version:
  Tor/Tor|   Keywords:  practracker tech-debt tor-ci
 Severity:  Normal   |  040-must
Actual Points:   |  Parent ID:  #29792
   Points:  1|   Reviewer:
  Sponsor:   |
-+-
 * we get practracker on master, where it is most useful
 * we keep practracker in alphas, where we still get some large code
 changes
 * we don't have to worry about practracker for backports:
   * we rely on the existing backport triage process to maintain code
 quality in backport branches
   * we don't need practracker for backport branches, because we (usually)
 don't make large changes to backport branches

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #29241 [Core Tor/Tor]: NSS SSL_ExportKeyingMaterial failing

[Tor Bug Tracker & Wiki]

#29241: NSS SSL_ExportKeyingMaterial failing
-+-
 Reporter:  sysrqb   |  Owner:  nickm
 Type:  defect   | Status:
 |  merge_ready
 Priority:  High |  Milestone:  Tor:
 |  0.3.5.x-final
Component:  Core Tor/Tor |Version:  Tor:
 |  0.3.5.1-alpha
 Severity:  Normal   | Resolution:
 Keywords:  consider-backport-after-0405-alpha   |  Actual Points:  1.7
  regression, 035-backport, 040-must, spec   |
  teor-merge 040-backport|
Parent ID:   | Points:  2
 Reviewer:   |Sponsor:
-+-
Changes (by teor):

 * milestone:  Tor: 0.4.1.x-final => Tor: 0.3.5.x-final
 * actualpoints:  1.5 => 1.7


Comment:

 Merged to 0.4.0 and later.

 Added a commit to master:
 practracker: accept 6 extra lines in tortls_nss.c:tor_tls_context_new()

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #29957 [Applications/Tor Browser]: clicking on "click to play" media leaks URLs via NoScript on-disk preferences

[Tor Bug Tracker & Wiki]

#29957: clicking on "click to play" media leaks URLs via NoScript on-disk
preferences
---+---
 Reporter:  catalyst   |  Owner:  tbb-team
 Type:  defect | Status:  needs_information
 Priority:  High   |  Milestone:
Component:  Applications/Tor Browser   |Version:
 Severity:  Normal | Resolution:
 Keywords:  tbb-disk-leak, tbb-newnym  |  Actual Points:
Parent ID: | Points:
 Reviewer: |Sponsor:
---+---

Comment (by cypherpunks):

 Replying to [comment:1 gk]:
 > I tried to reproduce both issues but failed with a clean Tor Browser
 8.0.8 on Windows 7. So, I wonder what goes wrong on the user's computer.
 Maybe some extra tools installed are interfering?

 I just tried this on my own Windows 7 computer with browser 8.0.8 and it
 *does* persist for me. I went to Wikipedia with the slider set to "Safer"
 and viewed some videos that were click-to-play. After restarting Tor
 Browser and checking the NoScript settings "per-site permissions", the
 whitelisted URLs are being shown like this one:

 >
 
https://upload.wikimedia.org/wikipedia/commons/transcoded/0/0a/Comparing_CMEs.ogv/Comparing_CMEs.ogv.480p.vp9.webm

 I restarted Tor Browser with New Identity, and I closed and re-opened it,
 and I rebooted my computer, so I can *confirm* that this is an issue!

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #30006 [Applications/Quality Assurance and Testing]: Monitor "aliveness" of default bridges in Tor Browser

[Tor Bug Tracker & Wiki]

#30006: Monitor "aliveness" of default bridges in Tor Browser
-+-
 Reporter:  phw  |  Owner:  phw
 Type:  defect   | Status:
 |  assigned
 Priority:  Medium   |  Milestone:
Component:  Applications/Quality Assurance and   |Version:
  Testing|
 Severity:  Normal   | Resolution:
 Keywords:  default bridge   |  Actual Points:
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-

Comment (by phw):

 I'm considering creating a git repository, maintained by the anti-
 censorship team, that contains an up-to-date CSV file (which would be
 simple for anarcat to fetch and parse) for our default bridges with the
 following information:

 * Fingerprint
 * IP address and port(s)
 * Email address (or other contact info) of owner
 * What protocols the bridge speaks (e.g., vanilla Tor, obfs3, ...)
 * Date of when the bridge was set up
 * ...anything else?

 What do you think? Should we rather keep OONI's list up-to-date? Mostly, I
 want a single source of truth that includes contact information of the
 operator.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #30049 [Core Tor/Tor]: Work out how to test mixed-version chutney networks in Tor's CI

[Tor Bug Tracker & Wiki]

#30049: Work out how to test mixed-version chutney networks in Tor's CI
-+-
 Reporter:  teor |  Owner:  (none)
 Type:   | Status:  new
  enhancement|
 Priority:  Medium   |  Milestone:  Tor: unspecified
Component:  Core |Version:
  Tor/Tor|   Keywords:  tor-ci, network-team-
 Severity:  Normal   |  roadmap-2019-Q1Q2-maybe
Actual Points:   |  Parent ID:  #29280
   Points:  2|   Reviewer:
  Sponsor:   |
  Sponsor19-can  |
-+-
 We need multiple tor versions to run a mixed network with Chutney.

 I don't think we can install multiple tor versions in Chutney's CI,
 because we're using a package manager.

 Maybe we could compile Tor in Tor's CI, *and* install the stable-release
 version of Tor?

 We'd have to set up the tor-stable symlink for the test, too.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #30048 [Core Tor/Chutney]: Write a bwfile creation and validation test for chutney

[Tor Bug Tracker & Wiki]

#30048: Write a bwfile creation and validation test for chutney
-+-
 Reporter:  teor |  Owner:  (none)
 Type:   | Status:  new
  enhancement|
 Priority:  Medium   |  Milestone:
Component:  Core |Version:
  Tor/Chutney|   Keywords:  chutney-ci, network-team-
 Severity:  Normal   |  roadmap-2019-Q1Q2-maybe
Actual Points:   |  Parent ID:  #29729
   Points:  1|   Reviewer:
  Sponsor:   |
  Sponsor19-can  |
-+-
 Chutney has a bwfile network, but the user has to create the actual file.
 And there are no tests.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #29801 [Core Tor/Tor]: Add teor's suggestions for Prop#299 (referring IPv4 or IPv6 based on IP Version Failure Count)

[Tor Bug Tracker & Wiki]

#29801: Add teor's suggestions for Prop#299 (referring IPv4 or IPv6 based on IP
Version Failure Count)
---+---
 Reporter:  neel   |  Owner:  neel
 Type:  enhancement| Status:  needs_information
 Priority:  Medium |  Milestone:
Component:  Core Tor/Tor   |Version:
 Severity:  Normal | Resolution:
 Keywords:  ipv6, prop299  |  Actual Points:
Parent ID:  #27491 | Points:
 Reviewer:  nickm  |Sponsor:
---+---
Changes (by teor):

 * status:  needs_review => needs_information


Comment:

 Here is my review:

 I am not sure if we should implement this proposal.

 I think this proposal is really complex. It risks destabilising Tor's
 network code. It uses a lot of randomness, which has led to hard-to-
 diagnose network bugs in the past. (I suggested many of the ideas in the
 proposal, so this complexity and risk is my fault.)

 The proposal is also non-standard: it claims to be "Happy Eyeballs", but
 it does not implement [https://tools.ietf.org/html/rfc8305 RFC 8305]. (The
 simplest version of RFC 8305 uses IPv4 and IPv6 addresses for the same
 machine. It tries IPv6, waits 250ms, then tries IPv4.)

 I'd like to see an alternative proposal for implementing Happy Eyeballs in
 Tor. (Neel, you don't have to write that proposal.) Then we can decide
 which alternative to accept.

 Here's a quick sketch of what a minimal Happy Eyeballs proposal would look
 like:

 When selecting addresses:
 1. Modify extend_info_t so it contains an IPv4 and an IPv6 address
 2. When a bridge or relay has multiple addresses, add them both to the
 extend_info_t.

 When connecting using an extend_info_t:
 1. If there is an existing authenticated connection, use it.
 2. If not, connect using the first available, allowed, and preferred
 address. (IPv4 by default.)
 3. Then, schedule a timer for connecting using the other address, if it is
 available and allowed. We should choose a timer value that is higher than
 most clients successful TLS authentication time.

 When a connection successfully authenticates using TLS:
 1. Cancel any other connection timers
 2. Cancel any other in-progress connections

 When all available and allowed connection attempts fail:
 1. Tell the rest of Tor that the connection has failed

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #28655 [Obfuscation/BridgeDB]: If a bridge supports obfs4, don't give out its other flavors

[Tor Bug Tracker & Wiki]

#28655: If a bridge supports obfs4, don't give out its other flavors
--+---
 Reporter:  arma  |  Owner:  dgoulet
 Type:  defect| Status:  assigned
 Priority:  High  |  Milestone:
Component:  Obfuscation/BridgeDB  |Version:
 Severity:  Normal| Resolution:
 Keywords:  bridgedb  |  Actual Points:
Parent ID:| Points:  2
 Reviewer:|Sponsor:  Sponsor19
--+---
Changes (by phw):

 * cc: phw (added)


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #7349 [Core Tor/Tor]: Obfsbridges should be able to "disable" their ORPort

[Tor Bug Tracker & Wiki]

#7349: Obfsbridges should be able to "disable" their ORPort
-+-
 Reporter:  asn  |  Owner:  (none)
 Type:  project  | Status:  new
 Priority:  Very High|  Milestone:  Tor:
 |  unspecified
Component:  Core Tor/Tor |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tor-bridge, SponsorZ, tor-pt,|  Actual Points:
  proposal-needed, censorship, sponsor19, 040|
  -roadmap-proposed  |
Parent ID:   | Points:  10
 Reviewer:   |Sponsor:
 |  Sponsor19-can
-+-
Changes (by phw):

 * cc: phw (added)


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #29480 [Obfuscation/BridgeDB]: Expose bridge pool assignments again

[Tor Bug Tracker & Wiki]

#29480: Expose bridge pool assignments again
--+
 Reporter:  irl   |  Owner:  sysrqb
 Type:  defect| Status:  new
 Priority:  Very Low  |  Milestone:
Component:  Obfuscation/BridgeDB  |Version:
 Severity:  Normal| Resolution:
 Keywords:|  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+
Changes (by phw):

 * cc: phw (added)


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #29480 [Obfuscation/BridgeDB]: Expose bridge pool assignments again

[Tor Bug Tracker & Wiki]

#29480: Expose bridge pool assignments again
--+
 Reporter:  irl   |  Owner:  sysrqb
 Type:  defect| Status:  new
 Priority:  Very Low  |  Milestone:
Component:  Obfuscation/BridgeDB  |Version:
 Severity:  Normal| Resolution:
 Keywords:|  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+

Comment (by phw):

 Looks like this only requires #14082 to be reverted. I'll look into it
 once I have access to the BridgeDB machine and the bridgedb-admin.git
 repo.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #29241 [Core Tor/Tor]: NSS SSL_ExportKeyingMaterial failing

[Tor Bug Tracker & Wiki]

#29241: NSS SSL_ExportKeyingMaterial failing
-+-
 Reporter:  sysrqb   |  Owner:  nickm
 Type:  defect   | Status:
 |  merge_ready
 Priority:  High |  Milestone:  Tor:
 |  0.4.1.x-final
Component:  Core Tor/Tor |Version:  Tor:
 |  0.3.5.1-alpha
 Severity:  Normal   | Resolution:
 Keywords:  consider-backport-after-0405-alpha   |  Actual Points:  1.5
  regression, 035-backport, 040-must, spec   |
  teor-merge 040-backport|
Parent ID:   | Points:  2
 Reviewer:   |Sponsor:
-+-
Changes (by teor):

 * milestone:  Tor: 0.3.5.x-final => Tor: 0.4.1.x-final


Comment:

 Oops, this should still be in 0.4.1.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #29241 [Core Tor/Tor]: NSS SSL_ExportKeyingMaterial failing

[Tor Bug Tracker & Wiki]

#29241: NSS SSL_ExportKeyingMaterial failing
-+-
 Reporter:  sysrqb   |  Owner:  nickm
 Type:  defect   | Status:
 |  merge_ready
 Priority:  High |  Milestone:  Tor:
 |  0.3.5.x-final
Component:  Core Tor/Tor |Version:  Tor:
 |  0.3.5.1-alpha
 Severity:  Normal   | Resolution:
 Keywords:  consider-backport-after-0405-alpha   |  Actual Points:  1.5
  regression, 035-backport, 040-must, spec   |
  teor-merge 040-backport|
Parent ID:   | Points:  2
 Reviewer:   |Sponsor:
-+-
Changes (by teor):

 * keywords:  regression, 035-backport?, 040-must, spec teor-merge =>
 consider-backport-after-0405-alpha regression, 035-backport, 040-must,
 spec teor-merge 040-backport
 * version:   => Tor: 0.3.5.1-alpha
 * milestone:  Tor: 0.4.0.x-final => Tor: 0.3.5.x-final


Comment:

 This change seems simple enough to backport to 0.3.5, and it also seems
 important to fix. (Although there aren't that many NSS relays out there.)

 I backported to 0.3.5 and fixed the bugfix version in a changes file:
 https://github.com/torproject/tor/pull/911

 I'll merge to 0.4.0 and later once CI passes on 0.3.5.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #29437 [Core Tor/Stem]: test-stem times out intermittently

[Tor Bug Tracker & Wiki]

#29437: test-stem times out intermittently
---+
 Reporter:  rl1987 |  Owner:  teor
 Type:  defect | Status:  closed
 Priority:  Medium |  Milestone:  Tor: 0.2.9.x-final
Component:  Core Tor/Stem  |Version:  Tor: 0.2.4.8-alpha
 Severity:  Normal | Resolution:  fixed
 Keywords:  tor-ci-fail-sometimes  |  Actual Points:  0.2
Parent ID: | Points:  0.2
 Reviewer: |Sponsor:
---+
Changes (by teor):

 * status:  assigned => closed
 * version:   => Tor: 0.2.4.8-alpha
 * resolution:   => fixed
 * milestone:   => Tor: 0.2.9.x-final


Comment:

 Fixed in children.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #30021 [Core Tor/Tor]: Do not cache cipher list classification if cipher list is not yet available.

[Tor Bug Tracker & Wiki]

#30021: Do not cache cipher list classification if cipher list is not yet
available.
-+-
 Reporter:  nickm|  Owner:  nickm
 Type:  defect   | Status:  closed
 Priority:  High |  Milestone:  Tor:
 |  0.2.9.x-final
Component:  Core Tor/Tor |Version:  Tor:
 |  0.2.4.8-alpha
 Severity:  Normal   | Resolution:  fixed
 Keywords:  tor-ci-fail-sometimes, ci, stem, |  Actual Points:  .5
  ssl, 029-backport, 034-backport,   |
  035-backport, asn-merge|
Parent ID:  #29437   | Points:
 Reviewer:  ahf  |Sponsor:
-+-
Changes (by teor):

 * version:   => Tor: 0.2.4.8-alpha


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #29036 [Core Tor/Tor]: Coverage merge failures cause test_process_slow stderr check to fail

[Tor Bug Tracker & Wiki]

#29036: Coverage merge failures cause test_process_slow stderr check to fail
-+-
 Reporter:  teor |  Owner:  teor
 Type:  defect   | Status:  closed
 Priority:  High |  Milestone:  Tor:
 |  0.2.9.x-final
Component:  Core Tor/Tor |Version:  Tor:
 |  0.2.9.15
 Severity:  Major| Resolution:  fixed
 Keywords:  041-accepted-20190115, regression,   |  Actual Points:  0.6
  tor-ci, 029-backport, 034-backport,|
  035-backport, 040-backport, tor-ci-fail-   |
  sometimes  |
Parent ID:   | Points:  0.5
 Reviewer:  catalyst |Sponsor:
-+-
Changes (by teor):

 * milestone:  Tor: 0.3.5.x-final => Tor: 0.2.9.x-final


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #30021 [Core Tor/Tor]: Do not cache cipher list classification if cipher list is not yet available.

[Tor Bug Tracker & Wiki]

#30021: Do not cache cipher list classification if cipher list is not yet
available.
-+-
 Reporter:  nickm|  Owner:  nickm
 Type:  defect   | Status:  closed
 Priority:  High |  Milestone:  Tor:
 |  0.2.9.x-final
Component:  Core Tor/Tor |Version:
 Severity:  Normal   | Resolution:  fixed
 Keywords:  tor-ci-fail-sometimes, ci, stem, |  Actual Points:  .5
  ssl, 029-backport, 034-backport,   |
  035-backport, asn-merge|
Parent ID:  #29437   | Points:
 Reviewer:  ahf  |Sponsor:
-+-
Changes (by teor):

 * milestone:  Tor: 0.3.5.x-final => Tor: 0.2.9.x-final


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #28496 [Obfuscation/BridgeDB]: Consider dropping yahoo from the bridgedb email domains

[Tor Bug Tracker & Wiki]

#28496: Consider dropping yahoo from the bridgedb email domains
--+---
 Reporter:  arma  |  Owner:  dgoulet
 Type:  enhancement   | Status:  assigned
 Priority:  Medium|  Milestone:
Component:  Obfuscation/BridgeDB  |Version:
 Severity:  Normal| Resolution:
 Keywords:  bridgedb  |  Actual Points:
Parent ID:| Points:  1
 Reviewer:|Sponsor:  Sponsor19
--+---
Changes (by phw):

 * cc: phw (added)


Comment:

 Over at #9316, we're thinking about what statistics BridgeDB should keep
 track of. The number of email requests per provider should be one of them,
 which will help with this ticket.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #9316 [Obfuscation/BridgeDB]: BridgeDB should export statistics

[Tor Bug Tracker & Wiki]

#9316: BridgeDB should export statistics
-+-
 Reporter:  asn  |  Owner:  dgoulet
 Type:  task | Status:
 |  assigned
 Priority:  Medium   |  Milestone:
Component:  Obfuscation/BridgeDB |Version:
 Severity:  Normal   | Resolution:
 Keywords:  metrics, bridgedb, network-team- |  Actual Points:
  roadmap-2019-Q1Q2  |
Parent ID:  #19332   | Points:  3
 Reviewer:   |Sponsor:
 |  Sponsor19
-+-

Comment (by phw):

 Here's a preliminary list of statistics that we may want, and why we want
 them. Needless to say, we need to figure out how to collect these
 statistics safely.

 * Approximate number of ''successful'' requests per distribution
 mechanism, per country, per bridge type.
   * This shows us the demand for bridges over time, and how much use
 BridgeDB sees.
   * It also teaches us what distribution mechanisms are the most useful
 (or at least popular).

 * Approximate number of ''denied'' requests per distribution mechanism,
 per country, per bridge type.
   * This may show us if people are interacting with BridgeDB
 unsuccessfully, despite good intentions.
   * It may also show us if somebody is trying to game the system.
   * Unfortunately, it's difficult to tell apart well-intentioned misuse
 from ill-intentioned misuse.

 * Approximate number of ''email'' requests per provider, per bridge type.
   * This would help us decide what email providers we should pay attention
 to.
   * This would also teach us what providers we could safely retire. For
 example, over at #28496, we are thinking about removing Yahoo. What
 fraction of requests would be affected by this?

 * Approximate number of ''HTTPS'' requests coming from proxies.
   * This may be an indicator of people trying to game the system.

 * Maybe the number of bridges per transport in BridgeDB (see #14453).

 What am I forgetting?

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #13727 [Obfuscation/BridgeDB]: BridgeDB should not distribute Tor Browser's default bridges

[Tor Bug Tracker & Wiki]

#13727: BridgeDB should not distribute Tor Browser's default bridges
+---
 Reporter:  isis|  Owner:  (none)
 Type:  defect  | Status:  assigned
 Priority:  Medium  |  Milestone:
Component:  Obfuscation/BridgeDB|Version:
 Severity:  Normal  | Resolution:
 Keywords:  bridgedb-dist, tbb-bridges  |  Actual Points:
Parent ID:  | Points:  2
 Reviewer:  |Sponsor:  Sponsor19
+---
Changes (by phw):

 * cc: phw (added)


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #13727 [Obfuscation/BridgeDB]: BridgeDB should not distribute Tor Browser's default bridges

[Tor Bug Tracker & Wiki]

#13727: BridgeDB should not distribute Tor Browser's default bridges
+---
 Reporter:  isis|  Owner:  (none)
 Type:  defect  | Status:  assigned
 Priority:  Medium  |  Milestone:
Component:  Obfuscation/BridgeDB|Version:
 Severity:  Normal  | Resolution:
 Keywords:  bridgedb-dist, tbb-bridges  |  Actual Points:
Parent ID:  | Points:  2
 Reviewer:  |Sponsor:  Sponsor19
+---

Comment (by phw):

 Given that #18329 and #21177 are now implemented, it's time to contact our
 default bridge operators. Do we have a list of contact information?

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #30021 [Core Tor/Tor]: Do not cache cipher list classification if cipher list is not yet available.

[Tor Bug Tracker & Wiki]

#30021: Do not cache cipher list classification if cipher list is not yet
available.
-+-
 Reporter:  nickm|  Owner:  nickm
 Type:  defect   | Status:  closed
 Priority:  High |  Milestone:  Tor:
 |  0.3.5.x-final
Component:  Core Tor/Tor |Version:
 Severity:  Normal   | Resolution:  fixed
 Keywords:  tor-ci-fail-sometimes, ci, stem, |  Actual Points:  .5
  ssl, 029-backport, 034-backport,   |
  035-backport, asn-merge|
Parent ID:  #29437   | Points:
 Reviewer:  ahf  |Sponsor:
-+-
Changes (by teor):

 * status:  merge_ready => closed
 * resolution:   => fixed


Comment:

 Merged #29036, #30011, and #30021.

 For this ticket, that's:
 * 0.2.9: https://github.com/torproject/tor/pull/902
 * 0.3.5: https://github.com/torproject/tor/pull/903

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #29036 [Core Tor/Tor]: Coverage merge failures cause test_process_slow stderr check to fail

[Tor Bug Tracker & Wiki]

#29036: Coverage merge failures cause test_process_slow stderr check to fail
-+-
 Reporter:  teor |  Owner:  teor
 Type:  defect   | Status:  closed
 Priority:  High |  Milestone:  Tor:
 |  0.3.5.x-final
Component:  Core Tor/Tor |Version:  Tor:
 |  0.2.9.15
 Severity:  Major| Resolution:  fixed
 Keywords:  041-accepted-20190115, regression,   |  Actual Points:  0.6
  tor-ci, 029-backport, 034-backport,|
  035-backport, 040-backport, tor-ci-fail-   |
  sometimes  |
Parent ID:   | Points:  0.5
 Reviewer:  catalyst |Sponsor:
-+-
Changes (by teor):

 * status:  merge_ready => closed
 * resolution:   => fixed


Comment:

 Merged #29036, #30011, and #30021.

 For this ticket, that's:
 * 0.2.9: ​https://github.com/torproject/tor/pull/877
 * 0.3.4: ​https://github.com/torproject/tor/pull/878
 * 0.3.5: ​https://github.com/torproject/tor/pull/879

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #30011 [Core Tor/Tor]: Kill test-stem if takes more than 9.5 minutes

[Tor Bug Tracker & Wiki]

#30011: Kill test-stem if takes more than 9.5 minutes
-+-
 Reporter:  teor |  Owner:  teor
 Type:  defect   | Status:  closed
 Priority:  High |  Milestone:  Tor:
 |  0.3.5.x-final
Component:  Core Tor/Tor |Version:  Tor:
 |  0.3.5.4-alpha
 Severity:  Normal   | Resolution:  fixed
 Keywords:  tor-ci-fail-sometimes,   |  Actual Points:  0.3
  035-backport, 040-backport |
Parent ID:  #29437   | Points:  0.3
 Reviewer:  nickm|Sponsor:
-+-
Changes (by teor):

 * status:  merge_ready => closed
 * resolution:   => fixed


Comment:

 Merged #29036, #30011, and #30021.

 For this ticket, that's:
 * 0.3.5: ​https://github.com/torproject/tor/pull/898

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #30040 [Core Tor/Tor]: Double-free bug on huge bandwidth file in some platforms

[Tor Bug Tracker & Wiki]

#30040: Double-free bug on huge bandwidth file in some platforms
-+-
 Reporter:  asn  |  Owner:  (none)
 Type:  defect   | Status:  new
 Priority:  Medium   |  Milestone:  Tor:
 |  0.4.1.x-final
Component:  Core Tor/Tor |Version:
 Severity:  Normal   | Resolution:
 Keywords:  security-low? bw-auth double-free|  Actual Points:
  hackerone bug-bounty 040-backport 040-must |
Parent ID:   | Points:  0.3
 Reviewer:   |Sponsor:
-+-
Changes (by teor):

 * keywords:  bw-auth double-free hackerone bug-bounty 040-must =>
 security-low? bw-auth double-free hackerone bug-bounty 040-backport
 040-must


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #30041 [Core Tor/Tor]: OOB access with huge buffers (src/lib/buf/buffers.c)

[Tor Bug Tracker & Wiki]

#30041: OOB access with huge buffers (src/lib/buf/buffers.c)
-+-
 Reporter:  asn  |  Owner:  (none)
 Type:  defect   | Status:  new
 Priority:  Medium   |  Milestone:  Tor:
 |  0.4.1.x-final
Component:  Core Tor/Tor |Version:
 Severity:  Normal   | Resolution:
 Keywords:  security-low hackerone bug-bounty|  Actual Points:
  029-backport 034-backport 035-backport |
  040-backport 040-must  |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-
Changes (by teor):

 * keywords:
 security hackerone bug-bounty 029-backport 034-backport 035-backport
 040-must
 =>
 security-low hackerone bug-bounty 029-backport 034-backport
 035-backport 040-backport 040-must
 * milestone:  Tor: 0.2.9.x-final => Tor: 0.4.1.x-final


Comment:

 Adjust tags

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #29036 [Core Tor/Tor]: Coverage merge failures cause test_process_slow stderr check to fail

[Tor Bug Tracker & Wiki]

#29036: Coverage merge failures cause test_process_slow stderr check to fail
-+-
 Reporter:  teor |  Owner:  teor
 Type:  defect   | Status:
 |  merge_ready
 Priority:  High |  Milestone:  Tor:
 |  0.3.5.x-final
Component:  Core Tor/Tor |Version:  Tor:
 |  0.2.9.15
 Severity:  Major| Resolution:
 Keywords:  041-accepted-20190115, regression,   |  Actual Points:  0.6
  tor-ci, 029-backport, 034-backport,|
  035-backport, 040-backport, tor-ci-fail-   |
  sometimes  |
Parent ID:   | Points:  0.5
 Reviewer:  catalyst |Sponsor:
-+-
Changes (by teor):

 * status:  reopened => merge_ready


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #30047 [Core Tor/Tor]: Group different websites to the same exit node

[Tor Bug Tracker & Wiki]

#30047: Group different websites to the same exit node
--+--
 Reporter:  tornewuser|  Owner:  (none)
 Type:  enhancement   | Status:  new
 Priority:  Medium|  Component:  Core Tor/Tor
  Version:  Tor: unspecified  |   Severity:  Normal
 Keywords:|  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+--
 Sometimes sites require user to use the same IP between domains. A good
 example is youtube.com that is streaming from googlevodeo.com and
 sometimes (for live streams) it passes IP to the googlevideo.com and
 terminate connection if the stream request IP differ from the IP used to
 load youtube. There should be an option to group websites to the same exit
 node. The exit node can be changed periodically but should always be the
 same for both (or more) addresses.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #30018 [Core Tor/Stem]: Unable to download consensus using an ORPort

[Tor Bug Tracker & Wiki]

#30018: Unable to download consensus using an ORPort
---+---
 Reporter:  irl|  Owner:  atagar
 Type:  defect | Status:  needs_information
 Priority:  Medium |  Milestone:
Component:  Core Tor/Stem  |Version:
 Severity:  Normal | Resolution:
 Keywords: |  Actual Points:
Parent ID: | Points:
 Reviewer: |Sponsor:
---+---

Comment (by teor):

 This issue might also be due to firewall restrictions on tor26, which are
 intended to slow down large numbers of old tor clients, or custom scripts.

 Does it happen with any other authority?

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #29500 [Core Tor/Tor]: Broken circuitpadding unittests on appveyor

[Tor Bug Tracker & Wiki]

#29500: Broken circuitpadding unittests on appveyor
-+-
 Reporter:  asn  |  Owner:
 |  mikeperry
 Type:  defect   | Status:  closed
 Priority:  High |  Milestone:  Tor:
 |  0.4.1.x-final
Component:  Core Tor/Tor |Version:  Tor:
 |  0.4.0.1-alpha
 Severity:  Normal   | Resolution:  fixed
 Keywords:  asn-merge, nickm-merge, wtf-pad, |  Actual Points:  3.5
  tor-relay, tor-cell, padding, 040-must,|
  040-backport   |
Parent ID:  #28631   | Points:  3
 Reviewer:  nickm, asn, teor |Sponsor:
 |  Sponsor2
-+-

Comment (by teor):

 Thanks everyone for your hard work on this tricky bug!

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #29036 [Core Tor/Tor]: Coverage merge failures cause test_process_slow stderr check to fail

[Tor Bug Tracker & Wiki]

#29036: Coverage merge failures cause test_process_slow stderr check to fail
-+-
 Reporter:  teor |  Owner:  teor
 Type:  defect   | Status:
 |  reopened
 Priority:  High |  Milestone:  Tor:
 |  0.3.5.x-final
Component:  Core Tor/Tor |Version:  Tor:
 |  0.2.9.15
 Severity:  Major| Resolution:
 Keywords:  041-accepted-20190115, regression,   |  Actual Points:  0.6
  tor-ci, 029-backport, 034-backport,|
  035-backport, 040-backport, tor-ci-fail-   |
  sometimes  |
Parent ID:   | Points:  0.5
 Reviewer:  catalyst |Sponsor:
-+-
Changes (by teor):

 * keywords:
 asn-merge, nickm-merge, 041-accepted-20190115, regression, tor-ci,
 029-backport, 034-backport, 035-backport, 040-backport, tor-ci-fail-
 sometimes
 =>
 041-accepted-20190115, regression, tor-ci, 029-backport, 034-backport,
 035-backport, 040-backport, tor-ci-fail-sometimes


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #30011 [Core Tor/Tor]: Kill test-stem if takes more than 9.5 minutes

[Tor Bug Tracker & Wiki]

#30011: Kill test-stem if takes more than 9.5 minutes
-+-
 Reporter:  teor |  Owner:  teor
 Type:  defect   | Status:
 |  merge_ready
 Priority:  High |  Milestone:  Tor:
 |  0.3.5.x-final
Component:  Core Tor/Tor |Version:  Tor:
 |  0.3.5.4-alpha
 Severity:  Normal   | Resolution:
 Keywords:  tor-ci-fail-sometimes,   |  Actual Points:  0.3
  035-backport, 040-backport |
Parent ID:  #29437   | Points:  0.3
 Reviewer:  nickm|Sponsor:
-+-
Changes (by teor):

 * milestone:  Tor: 0.4.1.x-final => Tor: 0.3.5.x-final


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #29036 [Core Tor/Tor]: Coverage merge failures cause test_process_slow stderr check to fail

[Tor Bug Tracker & Wiki]

#29036: Coverage merge failures cause test_process_slow stderr check to fail
-+-
 Reporter:  teor |  Owner:  teor
 Type:  defect   | Status:
 |  reopened
 Priority:  High |  Milestone:  Tor:
 |  0.3.5.x-final
Component:  Core Tor/Tor |Version:  Tor:
 |  0.2.9.15
 Severity:  Major| Resolution:
 Keywords:  asn-merge, nickm-merge,  |  Actual Points:  0.6
  041-accepted-20190115, regression, tor-ci, |
  029-backport, 034-backport, 035-backport,  |
  040-backport, tor-ci-fail-sometimes|
Parent ID:   | Points:  0.5
 Reviewer:  catalyst |Sponsor:
-+-
Changes (by teor):

 * status:  closed => reopened
 * version:  Tor: unspecified => Tor: 0.2.9.15
 * resolution:  fixed =>
 * milestone:  Tor: 0.4.1.x-final => Tor: 0.3.5.x-final


Comment:

 Please don't close tickets that need to be backported: put them in Tor:
 0.3.5.x-final instead.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #29724 [Core Tor/sbws]: Create a blog post about work done and future work

[Tor Bug Tracker & Wiki]

#29724: Create a blog post about work done and future work
--+---
 Reporter:  juga  |  Owner:  juga
 Type:  defect| Status:  needs_revision
 Priority:  Medium|  Milestone:  sbws: 1.1.x-final
Component:  Core Tor/sbws |Version:  sbws: 1.0.5
 Severity:  Normal| Resolution:
 Keywords:  no-changes-version, docs  |  Actual Points:
Parent ID:| Points:  1
 Reviewer:|Sponsor:
--+---
Changes (by gaba):

 * cc: stephw (added)


Comment:

 This is something that could be included in the
 https://blog.torproject.org . Ccing Steph here.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #28533 [Obfuscation/BridgeDB]: bridgesdb: replace the message to mail support with a link to the documentation

[Tor Bug Tracker & Wiki]

#28533: bridgesdb: replace the message to mail support with a link to the
documentation
--+---
 Reporter:  emmapeel  |  Owner:  phw
 Type:  defect| Status:  assigned
 Priority:  High  |  Milestone:
Component:  Obfuscation/BridgeDB  |Version:
 Severity:  Normal| Resolution:
 Keywords:|  Actual Points:
Parent ID:| Points:  1
 Reviewer:|Sponsor:  Sponsor19
--+---
Changes (by phw):

 * owner:  (none) => phw


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #29229 [Obfuscation/BridgeDB]: Does anybody notice if the bridge auth goes away?

[Tor Bug Tracker & Wiki]

#29229: Does anybody notice if the bridge auth goes away?
-+-
 Reporter:  gaba |  Owner:  dgoulet
 Type:  defect   | Status:
 |  assigned
 Priority:  High |  Milestone:
Component:  Obfuscation/BridgeDB |Version:
 Severity:  Normal   | Resolution:
 Keywords:  bridgedb, network-team-  |  Actual Points:
  roadmap-2019-Q1Q2  |
Parent ID:   | Points:  2
 Reviewer:   |Sponsor:
 |  Sponsor19
-+-
Changes (by phw):

 * cc: phw (added)


Comment:

 I wonder if this is something our Prometheus deployment can help us with?

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #30028 [Internal Services/Tor Sysadmin Team]: additional prometheus/grafana exporters/dashboards

[Tor Bug Tracker & Wiki]

#30028: additional prometheus/grafana exporters/dashboards
-+-
 Reporter:  anarcat  |  Owner:  anarcat
 Type:  project  | Status:
 |  assigned
 Priority:  Medium   |  Milestone:
Component:  Internal Services/Tor Sysadmin Team  |Version:
 Severity:  Normal   | Resolution:
 Keywords:   |  Actual Points:
Parent ID:  #29681   | Points:
 Reviewer:   |Sponsor:
-+-

Comment (by anarcat):

 i added the postfix exporter on all `mail_processing` nodes. it's not all
 postfix servers, because, well, postfix is installed *everywhere*. i
 figured i would keep this only to a subset.

 this was a little trickier than the apache exporter, because the postfix
 exporter is not available in stretch, so I had to do an unofficial
 backport, which i uploaded to db.torproject.org. i also took this
 opportunity to upload a NMU of the package in Debian as well, since it was
 out of date.

 i imported the dashboard from
 [https://github.com/kumina/postfix_exporter/issues/21 this issue] but it
 doesn't work out of the box, we'll probably have to write our own. i
 started working on one, but it's incomplete.

 next step is to finish those graphs and deploy exporters for bind and
 (maybe?) pgsql.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #27609 [Applications/Tor Browser]: TBA: Evaluate Tor Onion Proxy Library

[Tor Bug Tracker & Wiki]

#27609: TBA: Evaluate Tor Onion Proxy Library
-+-
 Reporter:  sysrqb   |  Owner:  tbb-
 |  team
 Type:  defect   | Status:
 |  needs_revision
 Priority:  Very High|  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tbb-mobile, TBA-a3, tbb-8.5-must-|  Actual Points:
  alpha, TorBrowserTeam201904|
Parent ID:   | Points:
 Reviewer:   |Sponsor:
 |  Sponsor8
-+-

Comment (by n8fr8):

 I don't have more time to respond right now, but please try the
 "0.3.5.8-rc-v2" tor-android-binary gradle dependency as it has some fixes.

 In summary, we are trying to rely on the native library loading that
 Android provides, and executing the .so files in places, instead of
 unpacking them from the APK ourselves and/or copying them over or to the
 app's r/w file space. This is due to changes in Android Q that requires
 this.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #29315 [Metrics/Website]: Write down guidelines for adding new stats

[Tor Bug Tracker & Wiki]

#29315: Write down guidelines for adding new stats
-+
 Reporter:  karsten  |  Owner:  karsten
 Type:  enhancement  | Status:  needs_revision
 Priority:  Very High|  Milestone:
Component:  Metrics/Website  |Version:
 Severity:  Normal   | Resolution:
 Keywords:  metrics-roadmap-2019-q2  |  Actual Points:
Parent ID:   | Points:  3
 Reviewer:  irl  |Sponsor:
-+

Comment (by phw):

 I just read the guidelines because I want to get BridgeDB statistics into
 Tor Metrics. Overall, the guidelines were helpful! However, I would have
 liked to read more about how to move my data over to you. As I understand,
 I make my data available (e.g., over a webserver?) and you then fetch it,
 right?

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #29315 [Metrics/Website]: Write down guidelines for adding new stats

[Tor Bug Tracker & Wiki]

#29315: Write down guidelines for adding new stats
-+
 Reporter:  karsten  |  Owner:  karsten
 Type:  enhancement  | Status:  needs_revision
 Priority:  Very High|  Milestone:
Component:  Metrics/Website  |Version:
 Severity:  Normal   | Resolution:
 Keywords:  metrics-roadmap-2019-q2  |  Actual Points:
Parent ID:   | Points:  3
 Reviewer:  irl  |Sponsor:
-+
Changes (by phw):

 * cc: phw (added)


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #27609 [Applications/Tor Browser]: TBA: Evaluate Tor Onion Proxy Library

[Tor Bug Tracker & Wiki]

#27609: TBA: Evaluate Tor Onion Proxy Library
-+-
 Reporter:  sysrqb   |  Owner:  tbb-
 |  team
 Type:  defect   | Status:
 |  needs_revision
 Priority:  Very High|  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tbb-mobile, TBA-a3, tbb-8.5-must-|  Actual Points:
  alpha, TorBrowserTeam201904|
Parent ID:   | Points:
 Reviewer:   |Sponsor:
 |  Sponsor8
-+-
Changes (by gk):

 * cc: n8fr8 (added)


Comment:

 Thanks for digging through all of that. I wonder whether Nathan has an
 idea about what's us with that.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #30046 [- Select a component]: im lost tangled with local law there crooked as hell this is potentally fire sale of all sales phone 5735904424 message me

[Tor Bug Tracker & Wiki]

#30046: im lost tangled with local law there crooked as hell this is potentally
fire sale of all sales phone 5735904424 message me
--+
 Reporter:  firehorse |  Owner:  (none)
 Type:  defect| Status:  new
 Priority:  Immediate |  Milestone:
Component:  - Select a component  |Version:
 Severity:  Critical  | Resolution:
 Keywords:|  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+

Comment (by firehorse):

 put in 127.0.0.1 been messin with me for days tried tor and it went thru
 it to

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #30046 [- Select a component]: im lost tangled with local law there crooked as hell this is potentally fire sale of all sales phone 5735904424 message me

[Tor Bug Tracker & Wiki]

#30046: im lost tangled with local law there crooked as hell this is potentally
fire sale of all sales phone 5735904424 message me
--+
 Reporter:  firehorse |  Owner:  (none)
 Type:  defect| Status:  new
 Priority:  Immediate |  Milestone:
Component:  - Select a component  |Version:
 Severity:  Critical  | Resolution:
 Keywords:|  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+
Changes (by firehorse):

 * Attachment "ips from json.jpg" added.


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #30046 [- Select a component]: im lost tangled with local law there crooked as hell this is potentally fire sale of all sales phone 5735904424 message me

[Tor Bug Tracker & Wiki]

#30046: im lost tangled with local law there crooked as hell this is potentally
fire sale of all sales phone 5735904424 message me
--+
 Reporter:  firehorse |  Owner:  (none)
 Type:  defect| Status:  new
 Priority:  Immediate |  Milestone:
Component:  - Select a component  |Version:
 Severity:  Critical  | Resolution:
 Keywords:|  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+
Changes (by firehorse):

 * Attachment "welcome.jp.txt" added.


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #30046 [- Select a component]: im lost tangled with local law there crooked as hell this is potentally fire sale of all sales phone 5735904424 message me

[Tor Bug Tracker & Wiki]

#30046: im lost tangled with local law there crooked as hell this is potentally
fire sale of all sales phone 5735904424 message me
---+--
 Reporter:  firehorse  |  Owner:  (none)
 Type:  defect | Status:  new
 Priority:  Immediate  |  Component:  - Select a component
  Version: |   Severity:  Critical
 Keywords: |  Actual Points:
Parent ID: | Points:
 Reviewer: |Sponsor:
---+--
 im lost  they burned 6 computers so far and its local sherriffs in in it
 voice of god us air force and mk ultra synthetic telepathy

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #30044 [Internal Services/Service - git]: Let phw push to pluggable-transports/snowflake.git

[Tor Bug Tracker & Wiki]

#30044: Let phw push to pluggable-transports/snowflake.git
-+
 Reporter:  ahf  |  Owner:  tor-gitadm
 Type:  task | Status:  new
 Priority:  Medium   |  Milestone:
Component:  Internal Services/Service - git  |Version:
 Severity:  Normal   | Resolution:
 Keywords:  snowflake|  Actual Points:
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+
Changes (by dcf):

 * cc: arlolra, cohosh (added)


Comment:

 I agree.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #30045 [Core Tor]: output of "tor --key-expiration sign" should be a time stamp

[Tor Bug Tracker & Wiki]

#30045: output of "tor --key-expiration sign" should be a time stamp
+--
 Reporter:  toralf  |  Owner:  (none)
 Type:  enhancement | Status:  new
 Priority:  Medium  |  Component:  Core Tor
  Version:  Tor: 0.4.0.3-alpha  |   Severity:  Normal
 Keywords:  |  Actual Points:
Parent ID:  | Points:
 Reviewer:  |Sponsor:
+--
 It would be helpful for a cron job having sth like
 {{{
 let "diff = $(tor --key-expiration sign --format=timestamp) - $(date +%s)"
 }}}
 in it.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #29437 [Core Tor/Stem]: test-stem times out intermittently

[Tor Bug Tracker & Wiki]

#29437: test-stem times out intermittently
---+--
 Reporter:  rl1987 |  Owner:  teor
 Type:  defect | Status:  assigned
 Priority:  Medium |  Milestone:
Component:  Core Tor/Stem  |Version:
 Severity:  Normal | Resolution:
 Keywords:  tor-ci-fail-sometimes  |  Actual Points:  0.2
Parent ID: | Points:  0.2
 Reviewer: |Sponsor:
---+--

Comment (by atagar):

 Yikes, this must have been quite a tricky issue. Thank you Nick for you
 detailed description, it was a fascinating read and congratulations on
 sorting it out!

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #30012 [Core Tor/Stem]: When stem receives a signal, log useful information

[Tor Bug Tracker & Wiki]

#30012: When stem receives a signal, log useful information
---+
 Reporter:  teor   |  Owner:  atagar
 Type:  defect | Status:  new
 Priority:  Medium |  Milestone:
Component:  Core Tor/Stem  |Version:
 Severity:  Normal | Resolution:
 Keywords: |  Actual Points:
Parent ID: | Points:
 Reviewer: |Sponsor:
---+

Comment (by atagar):

 Hi teor. Quick search suggested we might be able to add a signal
 handler...

 https://stackoverflow.com/questions/132058/showing-the-stack-trace-from-a
 -running-python-application

 I won't be able to get to this any time soon, but certainly worthwhile to
 experiment with at some point.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #30018 [Core Tor/Stem]: Unable to download consensus using an ORPort

[Tor Bug Tracker & Wiki]

#30018: Unable to download consensus using an ORPort
---+---
 Reporter:  irl|  Owner:  atagar
 Type:  defect | Status:  needs_information
 Priority:  Medium |  Milestone:
Component:  Core Tor/Stem  |Version:
 Severity:  Normal | Resolution:
 Keywords: |  Actual Points:
Parent ID: | Points:
 Reviewer: |Sponsor:
---+---
Changes (by atagar):

 * status:  new => needs_information


Comment:

 Hi irl, I just tried your command with the current git codebase and I
 think it's working, but not quite sure (the run command has hung for the
 last minute, but that's more likely because tor26 is taking a while).

 I'm 98% sure this is a duplicate of #28961. Do you need anything else?

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #30044 [Internal Services/Service - git]: Let phw push to pluggable-transports/snowflake.git

[Tor Bug Tracker & Wiki]

#30044: Let phw push to pluggable-transports/snowflake.git
-+
 Reporter:  ahf  |  Owner:  tor-gitadm
 Type:  task | Status:  new
 Priority:  Medium   |  Milestone:
Component:  Internal Services/Service - git  |Version:
 Severity:  Normal   |   Keywords:  snowflake
Actual Points:   |  Parent ID:
   Points:   |   Reviewer:
  Sponsor:   |
-+
 {{{
 -BEGIN PGP SIGNED MESSAGE-
 Hash: SHA512

 Hello,

 I'd like to have phw being able to push to the
 pluggable-transports/snowflake.git git repository.

 Thanks,
 Alex 2019/04/05.
 -BEGIN PGP SIGNATURE-

 iQIzBAEBCgAdFiEEHCp6PVqFSLSt79Uq+bwv4isIzo8FAlynhUgACgkQ+bwv4isI
 zo+6IhAAlJNKeB7oVNZRdIM6wEpKniWQziyI3s/syhuzVfPQheUJo/3zawmLhAGo
 gwOn3CrWaoM3DuEk8ab4VCtAxmBEZLsQZQAw9gjmxB5Cj3jJQltzu3NVPpEm93Bt
 0NW7p/FyIE8neX9h5pG4RbwifZ1d21FDoXajOAns6XSnQLe/t/N3EsHI1q9dbLIM
 iSqdv1Z5UdDYewvYN6+PCQ+to0MVzt8t24yvFgRfQRH5bYVP9gd60Qjkqi1if5ZV
 4SY5fgEsoSX7cYjCqHJ6RZb7BrK31bX8LAZHqz9rCvZvLV31RuN4QPT48muXZCHz
 4JA5d0GFM2wG9ipiAuYYSKRPDkIWxDzynDud69bPJVwV2JzgCA93uoXASXsuoB3r
 3PZ5QXLw0xfkbUryOwrs94eSQcqabbhTlvPkoXfo52nS4Tp5lf060TXTvw9lTlWR
 T85+PWltusoIgxUuy5nqoKzPpaQvm9wU6+vbf3I+ZNA04jMMdZEp+5YdR3NisyR8
 gRIi767YaK/hviv7Qpcy35iF1x6MoE/Y7tE7HNJjNJHbQeebJTxjB0KZ6VklqTio
 4UVlGtgNcSeA8WnkrDstIoMxqPmfMDM3XFelSRJcRxg+2yeKidluZyVqdtwUNQ5Y
 eu+67k7FKWvOA3WuwwgeSeKp+MQ/qjZ01Lv55+7hwuev7my4SeE=
 =av8t
 -END PGP SIGNATURE-
 }}}

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #29751 [Core Tor/sbws]: Create debian package for last 1.1.0 version

[Tor Bug Tracker & Wiki]

#29751: Create debian package for last 1.1.0 version
+-
 Reporter:  juga|  Owner:  juga
 Type:  task| Status:  closed
 Priority:  Medium  |  Milestone:  sbws: 1.1.0
Component:  Core Tor/sbws   |Version:  sbws: 1.0.5
 Severity:  Normal  | Resolution:  implemented
 Keywords:  package, not-to-review  |  Actual Points:
Parent ID:  | Points:  1
 Reviewer:  |Sponsor:
+-
Changes (by juga):

 * status:  assigned => closed
 * resolution:   => implemented


Comment:

 Uploaded and accepted: https://tracker.debian.org/news/1037424/accepted-
 sbws-110-1-source-into-unstable/

 Technically, this ticket doesn't belong torproject.org trac.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #30043 [Internal Services/Service - git]: Create bridgedb.git and bridgedb-admin.git repository for phw

[Tor Bug Tracker & Wiki]

#30043: Create bridgedb.git and bridgedb-admin.git repository for phw
-+
 Reporter:  phw  |  Owner:  tor-gitadm
 Type:  task | Status:  new
 Priority:  Medium   |  Milestone:
Component:  Internal Services/Service - git  |Version:
 Severity:  Normal   |   Keywords:
Actual Points:   |  Parent ID:
   Points:   |   Reviewer:
  Sponsor:   |
-+
 Hey git team,

 Can you please create the following two git repositories for phw?

 * `phw/bridgedb.git`
 * `phw/bridgedb-admin.git`

 Thanks!

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #30042 [- Select a component]: Get involved link is broken

[Tor Bug Tracker & Wiki]

#30042: Get involved link is broken
-+--
 Reporter:  kevinsimper  |  Owner:  (none)
 Type:  defect   | Status:  new
 Priority:  Medium   |  Component:  - Select a component
  Version:   |   Severity:  Normal
 Keywords:   |  Actual Points:
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+--
 On this page https://www.torproject.org/contact/

 when you click get involved you go to this page
 https://2019.www.torproject.org/getinvolved/volunteer/ which is a 404

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #30033 [Core Tor/Tor]: The pre-push hook should call the pre-commit hook on every commit

[Tor Bug Tracker & Wiki]

#30033: The pre-push hook should call the pre-commit hook on every commit
--+--
 Reporter:  teor  |  Owner:  (none)
 Type:  defect| Status:  needs_review
 Priority:  Medium|  Milestone:  Tor: unspecified
Component:  Core Tor/Tor  |Version:
 Severity:  Normal| Resolution:
 Keywords:  git-scripts   |  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+--
Changes (by rl1987):

 * status:  new => needs_review


Comment:

 https://github.com/torproject/tor/pull/910

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #27609 [Applications/Tor Browser]: TBA: Evaluate Tor Onion Proxy Library

[Tor Bug Tracker & Wiki]

#27609: TBA: Evaluate Tor Onion Proxy Library
-+-
 Reporter:  sysrqb   |  Owner:  tbb-
 |  team
 Type:  defect   | Status:
 |  needs_revision
 Priority:  Very High|  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tbb-mobile, TBA-a3, tbb-8.5-must-|  Actual Points:
  alpha, TorBrowserTeam201904|
Parent ID:   | Points:
 Reviewer:   |Sponsor:
 |  Sponsor8
-+-

Comment (by sisbell):

 I did a deep dive into the library loading for tor.

  1. After going through older builds and then our newer ones, the browser
 APK has never extracted the tor binaries. It does extract for the
 firefox/mozilla native libraries.
  1. ''Orbot extracts libraries'': I tried using tor-android-service with a
 build of Orbot app and the tor library extracts correctly. So this looks
 like something specific to the firefox build. It is a little strange that
 the libraries in Orbot show up as arm rather than armv7 (as shown in
 Native Libs Monitor)
  1. ''Not a toolchain issue'': I also built Orbot/tor-android-service with
 the same toolchain as tbb and the libraries still extract so it doesn't
 appear to be a toolchain related issue.

 Comparing versions tor-android-binary library

  1. 0.3.4.9 - we can see that the tor.so is in the tor-browser apk and it
 registers as an arm library within the apk.
  1. 0.3.5.8 - tor.so isn't picked up at all as a native library, even
 within the tor-browser apk (I verified with Native Libs Monitor).
  1. When I try to launch the latest version of tor, I get "no such
 directory or file". When I check the app space on the device tor is
 correctly located on the device. So this error doesn't make much sense. I
 managed to reproduce this behavior with a sample app by having APK A
 dependent on aar B. B had /lib/armeabi-v7/tor.so in the aar. I then built
 APK A and also reincluded jniLibs/armeabli-v7/tor.so in APK A. So there
 are two versions in the build chain. With this build I was able to
 reproduce the "no such directory or file" error. However, I was unable to
 find any double inclusion within the firefox build.
  1. I took my local/latest version of the tor-browser APK that fails as
 defined in (3) and replaced version 0.3.5.8 of tor.so with version
 0.3.4.9. I directly modified the APK so there is no other change. The app
 started up correctly.

 '''Summary:'''
 We will need to fall back to the older version of tor for our build. In
 regards to the latest version of tor-android-binary, it works correctly
 outside of firefox. The only thing that looks strange is that it registers
 as arm rather than armv7 so that would be worth a look in the future.

 I've upgraded TOPL and tor-android-service to use the latest version of
 tor-android so I will create a patch to move to an older version in the
 firefox build. The APIs are slightly different between versions so this
 will touch some of the code.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #24622 [Applications/Tor Browser]: Torcrazybutton can't decipher website s3.amazonaws.com

[Tor Bug Tracker & Wiki]

#24622: Torcrazybutton can't decipher website s3.amazonaws.com
-+-
 Reporter:  cypherpunks  |  Owner:  tbb-
 |  team
 Type:  defect   | Status:  new
 Priority:  Medium   |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Major| Resolution:
 Keywords:  tbb-7.0-issues, tbb-regression,  |  Actual Points:
  tbb-linkability, GeorgKoppen201903,|
  TorBrowserTeam201904   |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-

Comment (by acat):

 Reported here: https://bugzilla.mozilla.org/show_bug.cgi?id=1542309

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #29981 [Applications/Tor Browser]: Add option to build without using containers

[Tor Bug Tracker & Wiki]

#29981: Add option to build without using containers
---+--
 Reporter:  boklm  |  Owner:  tbb-team
 Type:  task   | Status:  new
 Priority:  Medium |  Milestone:
Component:  Applications/Tor Browser   |Version:
 Severity:  Normal | Resolution:
 Keywords:  tbb-rbm, TorBrowserTeam201904  |  Actual Points:
Parent ID: | Points:
 Reviewer: |Sponsor:
---+--

Comment (by boklm):

 I started working on a patch for that, and after comparing a build done
 without containers, and a normal build with containers, I get an almost
 matching apk. The only difference is:
 {{{
 Binary files 1/META-INF/ANDROIDQ.RSA and 2/META-INF/ANDROIDQ.RSA differ
 diff -r 1/META-INF/ANDROIDQ.SF 2/META-INF/ANDROIDQ.SF
 2,4c2,4
 < SHA1-Digest-Manifest-Main-Attributes: nJdsdwNyiHipRN3sUz498qUG+L0=
 < SHA1-Digest-Manifest: vF7lnm0ro+G4diQqON1e3X8+snc=
 < Created-By: 1.8.0_171 (Oracle Corporation)
 ---
 > SHA1-Digest-Manifest-Main-Attributes: E8IbsJM7v8R6d8dy6OqA+g4Q9EE=
 > SHA1-Digest-Manifest: cBYG++7ArsIP93o3h2mGE0OM4WI=
 > Created-By: 1.8.0_212 (Oracle Corporation)
 diff -r 1/META-INF/MANIFEST.MF 2/META-INF/MANIFEST.MF
 2c2
 < Created-By: 1.8.0_171 (Oracle Corporation)
 ---
 > Created-By: 1.8.0_212 (Oracle Corporation)
 }}}

 It seems to be because the `tor-browser` step is done in a buster
 container. The debug signature is also causing the build without
 containers to stall.

 So I think if we find an other workaround for the debug signature that
 doesn't require using buster, we should be able to get matching build
 without and without containers.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #29787 [Metrics/Onionperf]: Enumerate possible failure cases and include failure information in .tpf output

[Tor Bug Tracker & Wiki]

#29787: Enumerate possible failure cases and include failure information in .tpf
output
---+--
 Reporter:  karsten|  Owner:  metrics-team
 Type:  enhancement| Status:  new
 Priority:  Medium |  Milestone:
Component:  Metrics/Onionperf  |Version:
 Severity:  Normal | Resolution:
 Keywords: |  Actual Points:
Parent ID: | Points:
 Reviewer: |Sponsor:
---+--

Comment (by karsten):

 Hi acute!

 Your idea to extend that code that matches tgen logs and tor control port
 event logs sounds interesting. Is that going to replace OnionPerf's
 analysis.py? If yes, why don't you extend or replace that code rather than
 start a new code base?

 However, I wonder if we could start simpler here by simply looking at the
 tgen logs alone:

  1. For an initial classification of failure cases it might be sufficient
 to learn ''when'' a request fails and ''how''. Like, in which request
 phase does a request fail and how much time has elapsed up to that point?
 Maybe the tgen logs also tell us how a request failed, that is, whether
 the tor process sent an error or tgen ran into a timeout or stallout (even
 though we're setting stallout high enough that this is currently not the
 case) or checksum error or whatever. It would be good to know what
 fraction of requests succeeded and what fractions failed at the various
 request stages. This is all based on tgen information, which is the
 application point of view that treats tor as a black box.

  2. The next step after that, for me, would be to match tgen logs with tor
 control port event logs. I wonder why we'd be using the source port for
 this. Is that to handle potentially overlapping requests? Do we handle
 cases where a source port is re-used over the day, by including time? And
 what do we do if no corresponding source port is found in the other log
 file, or is that scenario unrealistic/impossible? In short, this sounds
 complicated and potentially error-prone. Maybe we could simplify this by
 doing the matching solely based on timing information? And do you think we
 could also match tor logs (not control port events) by using the same
 timing information? Assuming that there's anything interesting in these
 logs.

 Sadly, the weekend is almost here and I likely won't be able to spend much
 time on this analysis over the weekend. But if I find time, I'll start by
 reading tgen logs and writing little helper tools to classify failure
 cases solely based on tgen logs. I'll share measurement identifiers of
 some sort for failure cases as I find them.

 Thanks!

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #30038 [Applications/Tor Browser]: libgtk2.0-dev is not needed for WebRTC building (anymore)

[Tor Bug Tracker & Wiki]

#30038: libgtk2.0-dev is not needed for WebRTC building (anymore)
-+-
 Reporter:  gk   |  Owner:  tbb-
 |  team
 Type:  defect   | Status:  closed
 Priority:  Medium   |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:  fixed
 Keywords:  TorBrowserTeam201904R,   |  Actual Points:
  GeorgKoppen201904, tbb-rbm |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-
Changes (by boklm):

 * status:  needs_review => closed
 * resolution:   => fixed


Comment:

 This looks good to me. I merged it to master as commit
 `f266df2fedf0ab596aaed55b3ee835dcfd55f88b`.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #29822 [Internal Services/Tor Sysadmin Team]: prometheus server cannot reach build-arm* boxes

[Tor Bug Tracker & Wiki]

#29822: prometheus server cannot reach build-arm* boxes
-+
 Reporter:  anarcat  |  Owner:  weasel
 Type:  defect   | Status:  closed
 Priority:  Medium   |  Milestone:
Component:  Internal Services/Tor Sysadmin Team  |Version:
 Severity:  Minor| Resolution:  fixed
 Keywords:   |  Actual Points:
Parent ID:  #29681   | Points:
 Reviewer:   |Sponsor:
-+
Changes (by anarcat):

 * status:  assigned => closed
 * resolution:   => fixed


Comment:

 weasel fixed this by logging in through the arm boxes. for some reason the
 kvm boxes can't access the mikrotik directly anymore. he did the
 configuration on the mikrotik and prometheus can now scrape those metrics.
 i documented the process in the wiki, and we're all done here.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #30032 [Applications/Tor Browser]: Add warning or disable adding additional extensions

[Tor Bug Tracker & Wiki]

#30032: Add warning or disable adding additional extensions
--+--
 Reporter:  legind|  Owner:  tbb-team
 Type:  defect| Status:  new
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:
 Keywords:  ux-team   |  Actual Points:
Parent ID:  #30037| Points:
 Reviewer:|Sponsor:
--+--

Comment (by gk):

 Replying to [comment:3 cypherpunks]:
 > Just wanted to write from a user's perspective, the only addon I used
 with Tor Browser was DownThemAll as it made downloading multiple files
 much easier. At the moment I'm trying "Simple mass downloader" since
 DownThemAll isn't compatible with the new Firefox.
 >
 > Can Tor try to proactively fix anonymity or security related issues from
 addons that are most likely to be installed on Tor Browser? It may require
 some research to figure that out. My guess is download managers/helpers
 and adblockers would be among the most popular.

 No, that's not feasible. And, frankly, we should not be in the business of
 evaluating all sorts of combinations of installed extensions at all and
 what that means for user anonymity. Oh, and even if we could do that once
 at a specific point in time that would not be enough. We'd need to monitor
 that over time for all (most popular) extensions.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #29045 [Applications/Tor Launcher]: ask tor to leave dormant mode

[Tor Bug Tracker & Wiki]

#29045: ask tor to leave dormant mode
---+---
 Reporter:  mcs|  Owner:  brade
 Type:  defect | Status:  new
 Priority:  Medium |  Milestone:
Component:  Applications/Tor Launcher  |Version:
 Severity:  Normal | Resolution:
 Keywords:  TorBrowserTeam201904   |  Actual Points:
Parent ID: | Points:
 Reviewer: |Sponsor:
---+---
Changes (by gk):

 * keywords:   => TorBrowserTeam201904


Comment:

 Assuming this is something for April.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #28329 [Applications/Tor Browser]: Design TBA+Orbot configuration UI/UX

[Tor Bug Tracker & Wiki]

#28329: Design TBA+Orbot configuration UI/UX
-+-
 Reporter:  sysrqb   |  Owner:  tbb-
 |  team
 Type:  enhancement  | Status:
 |  needs_revision
 Priority:  Very High|  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tbb-mobile, ux-team, TBA-a3, |  Actual Points:
  tbb-8.5-must-alpha, TorBrowserTeam201904   |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
 |  Sponsor8
-+-

Comment (by sysrqb):

 Adding a note here, unfortunately, we can't add the spinning onion
 animation using the third-party lottie library. This is due to an
 incompatibility between our current dependencies and the library's
 dependencies. Tor Browser for Android currently requires the Android
 Support Library version 23.4.0 but Lottie requires (at a minimum) version
 25.0.1. I looked at all released versions of Lottie, and the oldest
 released version (v1.0.0) depends on Support Library 25.0.1 - and Lottie
 v1.0.0 was released over two years ago (so this would require serious
 consideration anyway).

 This isn't disqualifying us from using lottie in the future, possibly
 after we move to 68esr where Firefox for Android uses Android Support
 Library 26.1.0 (same as Lottie), but we simply can't use it at this
 moment.

 https://mvnrepository.com/artifact/com.airbnb.android/lottie

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #29734 [Obfuscation/Snowflake]: Broker should receive country stats information from Proxy and Client

[Tor Bug Tracker & Wiki]

#29734: Broker should receive country stats information from Proxy and Client
-+
 Reporter:  cohosh   |  Owner:  cohosh
 Type:  enhancement  | Status:  needs_revision
 Priority:  Medium   |  Milestone:
Component:  Obfuscation/Snowflake|Version:
 Severity:  Normal   | Resolution:
 Keywords:  snowflake, geoip, stats  |  Actual Points:  2
Parent ID:  #29207   | Points:  1
 Reviewer:  ahf  |Sponsor:  Sponsor19
-+
Changes (by cohosh):

 * status:  merge_ready => needs_revision


Comment:

 Putting this in needs_revision before we've actually modified it to
 collect proxy not client data.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #25688 [Obfuscation/Snowflake]: proxy-go is still deadlocking occasionally

[Tor Bug Tracker & Wiki]

#25688: proxy-go is still deadlocking occasionally
+--
 Reporter:  dcf |  Owner:  cohosh
 Type:  defect  | Status:  needs_review
 Priority:  Low |  Milestone:
Component:  Obfuscation/Snowflake   |Version:
 Severity:  Normal  | Resolution:
 Keywords:  network-team-roadmap-2019-Q1Q2  |  Actual Points:
Parent ID:  | Points:  3
 Reviewer:  |Sponsor:
+--

Comment (by cohosh):

 Replying to [comment:23 dcf]:
 > I was going to quibble about `makePeerConnectionFromOffer` becoming
 blocking, which through `runSession`, will block the main polling loop in
 `main` (if I understand right). But I think this is an architectural
 problem unrelated to the deadlock fix, so let's ignore it. (It seems like
 `makePeerConnectionFromOffer` and `sendAnswer` should run in their own
 goroutine, responsible for a single PeerConnection.)
 >
 I agree that these should ideally be their own goroutine, though this is
 unrelated to this bug. Note also that the blocking of
 makePeerConnectionFromOffer is accompanied by a 3 second timeout
 [https://github.com/keroserene/go-
 webrtc/blob/a1272c08ab1d5ca154c6794ddc5f73d2e576fe1b/peerconnection.cc#L350
 here] in the blocking library call. It's not great design to rely on this
 but perhaps this is better fixed in a separate refactoring ticket.
 > Replying to [comment:22 cohosh]:
 > > Replying to [comment:21 dcf]:
 > > I am ok with this as well, but we should probably be tearing down the
 peer connections properly after a timeout anyway (though maybe go handles
 this on its own eventually?)
 >
 > I'm looking at the code and I don't quite get how it's supposed to work.
 The error handlers
 
([https://github.com/cohosh/snowflake/blob/08f5205461573bf8a6e8961540ac620865a3b45c
 /proxy-go/snowflake.go#L302 here]
 
[https://github.com/cohosh/snowflake/blob/08f5205461573bf8a6e8961540ac620865a3b45c
 /proxy-go/snowflake.go#L313 here]
 
[https://github.com/cohosh/snowflake/blob/08f5205461573bf8a6e8961540ac620865a3b45c
 /proxy-go/snowflake.go#L318 here]) call `pc.Destroy()`, and `retToken()`
 
[https://github.com/cohosh/snowflake/blob/08f5205461573bf8a6e8961540ac620865a3b45c
 /proxy-go/snowflake.go#L355 in the caller]. The timeout checker
 
[https://github.com/cohosh/snowflake/blob/08f5205461573bf8a6e8961540ac620865a3b45c
 /proxy-go/snowflake.go#L334 here] calls both `pc.Destroy()` and also
 `retToken()`, which makes sense because it doesn't have a caller to call
 `retToken()`. So that looks good.
 >
 > When a PeerConnection ends "naturally", I suppose what happens is that
 
[https://github.com/cohosh/snowflake/blob/08f5205461573bf8a6e8961540ac620865a3b45c
 /proxy-go/snowflake.go#L334 dc.OnClose()] gets called, which calls
 `pc.DeleteDataChannel(dc)`, but not `pc.Destroy()` nor `retToken()`. I can
 understand why `pc.DeleteDataChannel(dc)` gets called here and not in the
 other cases--because in the other cases we don't have a DataChannel yet--
 but then I'm wondering why it doesn't call the other two functions. Are we
 losing a token in this case too?
 >
 > I was thinking, what we need is an OnError handler so we can get called
 back when a DataChannel fails to establish. I found
 [https://github.com/keroserene/go-
 webrtc/blob/0c5ebb10a5dd7990a4962b78de27c2a8c735dac0/datachannel.go#L47-L50
 this comment]:
 > {{{
 > OnError - is not implemented because the underlying Send
 > always returns true as specified for SCTP, there is no reasonable
 > exposure of other specific errors from the native code, and OnClose
 > already covers the bases.
 > }}}
 > I was curious about what happens in browser WebRTC so I hacked
 [https://developer.mozilla.org/en-
 US/docs/Web/API/WebRTC_API/Simple_RTCDataChannel_sample this demo] and
 [https://github.com/mdn/samples-
 server/tree/49c605fbda926a2dce9955b362233eef673e6090/s/webrtc-simple-
 datachannel code] to comment out [https://github.com/mdn/samples-
 server/blob/49c605fbda926a2dce9955b362233eef673e6090/s/webrtc-simple-
 datachannel/main.js#L60-L62 the onicecandidate callback] in the remote.
 What happens is you get a browser-produced line in the console:
 > {{{
 > ⚠️ ICE failed, add a STUN server and see about:webrtc for more details
 > }}}
 > but none of the error callbacks get called, so the application is never
 aware of the failure. (There is a [https://developer.mozilla.org/en-
 US/docs/Web/API/RTCPeerConnection/onicecandidateerror onicecandidateerror]
 callback but apparently nothing implements it.) So it looks like a browser
 is not doing anything fundamentally different, and checking after a
 timeout seems like a reasonable way to do it.
 Yeah I found the same unimplemented error callback. I'm 

Re: [tor-bugs] #29732 [Core Tor/Tor]: Add full-fledged deterministic PRNG support for testing.

[Tor Bug Tracker & Wiki]

#29732: Add full-fledged deterministic PRNG support for testing.
--+
 Reporter:  nickm |  Owner:  nickm
 Type:  enhancement   | Status:  needs_review
 Priority:  Medium|  Milestone:  Tor: 0.4.1.x-final
Component:  Core Tor/Tor  |Version:
 Severity:  Normal| Resolution:
 Keywords:|  Actual Points:  1
Parent ID:| Points:
 Reviewer:|Sponsor:
--+
Changes (by nickm):

 * actualpoints:   => 1


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #29732 [Core Tor/Tor]: Add full-fledged deterministic PRNG support for testing.

[Tor Bug Tracker & Wiki]

#29732: Add full-fledged deterministic PRNG support for testing.
--+
 Reporter:  nickm |  Owner:  nickm
 Type:  enhancement   | Status:  needs_review
 Priority:  Medium|  Milestone:  Tor: 0.4.1.x-final
Component:  Core Tor/Tor  |Version:
 Severity:  Normal| Resolution:
 Keywords:|  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+
Changes (by nickm):

 * status:  assigned => needs_review


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #29732 [Core Tor/Tor]: Add full-fledged deterministic PRNG support for testing.

[Tor Bug Tracker & Wiki]

#29732: Add full-fledged deterministic PRNG support for testing.
--+
 Reporter:  nickm |  Owner:  nickm
 Type:  enhancement   | Status:  assigned
 Priority:  Medium|  Milestone:  Tor: 0.4.1.x-final
Component:  Core Tor/Tor  |Version:
 Severity:  Normal| Resolution:
 Keywords:|  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+

Comment (by nickm):

 New version at `ticket29732_v2` with PR at
 https://github.com/torproject/tor/pull/909 .

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #29768 [Applications/Tor Browser]: Introduce new features to users in Tor Browser

[Tor Bug Tracker & Wiki]

#29768: Introduce new features to users in Tor Browser
-+-
 Reporter:  antonela |  Owner:  tbb-
 |  team
 Type:  defect   | Status:
 |  needs_information
 Priority:  High |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  TorBrowserTeam201904, tbb-8.5-must-  |  Actual Points:
  alpha, TorBrowserTeam201904|
Parent ID:  #25658   | Points:
 Reviewer:   |Sponsor:
-+-

Comment (by mcs):

 Replying to [comment:46 gk]:
 > If that sounds reasonable should we just leave the onboarding as it is
 for now OR should we add the Note? (Or should we do something
 differently?)

 Maybe we should include a slightly re-worded note that will be less
 confusing to completely new users, e.g.,
   Note: By default, NoScript and HTTPS-Everywhere are not included on the
 toolbar, but you can customize your toolbar to add them.

 But maybe such a note encourages new users to go looking for NoScript and
 HTTPS-E, which we may not want.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #29357 [Core Tor/Tor]: add an ActiveOnStartup config option

[Tor Bug Tracker & Wiki]

#29357: add an ActiveOnStartup config option
---+---
 Reporter:  mcs|  Owner:  nickm
 Type:  enhancement| Status:  closed
 Priority:  Very High  |  Milestone:  Tor:
   |  0.4.0.x-final
Component:  Core Tor/Tor   |Version:
 Severity:  Normal | Resolution:  fixed
 Keywords:  tbb-needs, 040-proposed, 040-must  |  Actual Points:  .1
Parent ID: | Points:  .5
 Reviewer:  ahf|Sponsor:
---+---
Changes (by asn):

 * status:  merge_ready => closed
 * resolution:   => fixed


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #29045 [Applications/Tor Launcher]: ask tor to leave dormant mode

[Tor Bug Tracker & Wiki]

#29045: ask tor to leave dormant mode
---+---
 Reporter:  mcs|  Owner:  brade
 Type:  defect | Status:  new
 Priority:  Medium |  Milestone:
Component:  Applications/Tor Launcher  |Version:
 Severity:  Normal | Resolution:
 Keywords: |  Actual Points:
Parent ID: | Points:
 Reviewer: |Sponsor:
---+---
Changes (by mcs):

 * parent:  #29357 =>


Comment:

 Replying to [comment:2 asn]:
 > hello. #29357 has been merged.

 Thanks! I removed the parent relationship so you can close #29357.

 We will need to add the following to Tor Browser's torrc-defaults file:
  DormantCanceledByStartup 1

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #30021 [Core Tor/Tor]: Do not cache cipher list classification if cipher list is not yet available.

[Tor Bug Tracker & Wiki]

#30021: Do not cache cipher list classification if cipher list is not yet
available.
-+-
 Reporter:  nickm|  Owner:  nickm
 Type:  defect   | Status:
 |  merge_ready
 Priority:  High |  Milestone:  Tor:
 |  0.3.5.x-final
Component:  Core Tor/Tor |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tor-ci-fail-sometimes, ci, stem, |  Actual Points:  .5
  ssl, 029-backport, 034-backport,   |
  035-backport, asn-merge|
Parent ID:  #29437   | Points:
 Reviewer:  ahf  |Sponsor:
-+-
Changes (by nickm):

 * status:  reopened => merge_ready


Comment:

 Reopened as backport candidate.  We need this everywhere that we want
 "test-stem" to pass reliably, and there are probably other openssl
 weirdnesses that it solves as well.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #29500 [Core Tor/Tor]: Broken circuitpadding unittests on appveyor

[Tor Bug Tracker & Wiki]

#29500: Broken circuitpadding unittests on appveyor
-+-
 Reporter:  asn  |  Owner:
 |  mikeperry
 Type:  defect   | Status:  closed
 Priority:  High |  Milestone:  Tor:
 |  0.4.1.x-final
Component:  Core Tor/Tor |Version:  Tor:
 |  0.4.0.1-alpha
 Severity:  Normal   | Resolution:  fixed
 Keywords:  asn-merge, nickm-merge, wtf-pad, |  Actual Points:  3.5
  tor-relay, tor-cell, padding, 040-must,|
  040-backport   |
Parent ID:  #28631   | Points:  3
 Reviewer:  nickm, asn, teor |Sponsor:
 |  Sponsor2
-+-
Changes (by asn):

 * status:  needs_review => closed
 * resolution:   => fixed


Comment:

 LGTM. Pushed to 040 and onwards.
 Let's hope this fixes the issue. If not, let's reopen.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #30021 [Core Tor/Tor]: Do not cache cipher list classification if cipher list is not yet available.

[Tor Bug Tracker & Wiki]

#30021: Do not cache cipher list classification if cipher list is not yet
available.
-+-
 Reporter:  nickm|  Owner:  nickm
 Type:  defect   | Status:
 |  reopened
 Priority:  High |  Milestone:  Tor:
 |  0.3.5.x-final
Component:  Core Tor/Tor |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tor-ci-fail-sometimes, ci, stem, |  Actual Points:  .5
  ssl, 029-backport, 034-backport,   |
  035-backport, asn-merge|
Parent ID:  #29437   | Points:
 Reviewer:  ahf  |Sponsor:
-+-
Changes (by nickm):

 * status:  closed => reopened
 * resolution:  fixed =>
 * milestone:  Tor: 0.4.0.x-final => Tor: 0.3.5.x-final


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #30035 [Applications/Tor Browser]: unexpected exit on startup

[Tor Bug Tracker & Wiki]

#30035: unexpected exit on startup
--+---
 Reporter:  TDionysus |  Owner:  tbb-team
 Type:  defect| Status:  needs_information
 Priority:  High  |  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Major | Resolution:
 Keywords:  tbb-crash |  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+---

Comment (by mcs):

 Replying to [comment:2 gk]:
 > mcs/brade: What exactly where the correct incantations for getting info
 from the command-line on macOS?

 The first thing I would check is whether any copies of `tor.real` (the Tor
 daemon that is part of Tor Browser) are still running in the background.
 To do that:
 * Open a command shell by starting the Terminal application (press
 `Cmd+Space` and then type `Terminal` followed by `Return`, or look in
 /Applications/Utilities for Terminal and open it).
 * Within the command shell, type `ps -A | grep tor.real` and see if
 anything is found.
 * If one or more `tor.real` processes are found, terminate all of them by
 typing `killall tor.real` and then try opening Tor Browser again.

 Assuming the above does not fix the problem, you can see tor messages from
 the command line by opening a command shell (see above) and then starting
 Tor Browser's `firefox` process from the command shell. For example, if
 you have placed Tor Browser in a folder on your desktop named TB, you
 would type the following command to start the browser (and then look at
 what messages are output): `~/Desktop/TB/Tor\
 Browser.app/Contents/MacOS/firefox`

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #13398 [Applications/Tor Browser]: at startup, browser gleans user FULL NAME (real name, given name) from O/S

[Tor Bug Tracker & Wiki]

#13398: at startup, browser gleans user FULL NAME (real name, given name) from 
O/S
--+---
 Reporter:  zinc  |  Owner:  pospeselr
 Type:  defect| Status:  closed
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:  fixed
 Keywords:  TorBrowserTeam201710R |  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+---

Comment (by Thorin):

 FYI: upstream, fixed in FF68+
 - https://bugzilla.mozilla.org/show_bug.cgi?id=1541958 - nsIUserInfo
 removed
 - original ticket: https://bugzilla.mozilla.org/show_bug.cgi?id=1433350

 One less thing to rebase in ESR68

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #30040 [Core Tor/Tor]: Double-free bug on huge bandwidth file in some platforms

[Tor Bug Tracker & Wiki]

#30040: Double-free bug on huge bandwidth file in some platforms
-+-
 Reporter:  asn  |  Owner:  (none)
 Type:  defect   | Status:  new
 Priority:  Medium   |  Milestone:  Tor:
 |  0.4.1.x-final
Component:  Core Tor/Tor |Version:
 Severity:  Normal   | Resolution:
 Keywords:  bw-auth double-free hackerone bug-   |  Actual Points:
  bounty 040-must|
Parent ID:   | Points:  0.3
 Reviewer:   |Sponsor:
-+-
Changes (by asn):

 * keywords:  bw-auth double-free hackerone bug-bounty => bw-auth double-
 free hackerone bug-bounty 040-must


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #30041 [Core Tor/Tor]: OOB access with huge buffers (src/lib/buf/buffers.c)

[Tor Bug Tracker & Wiki]

#30041: OOB access with huge buffers (src/lib/buf/buffers.c)
-+-
 Reporter:  asn  |  Owner:  (none)
 Type:  defect   | Status:  new
 Priority:  Medium   |  Milestone:  Tor:
 |  0.2.9.x-final
Component:  Core Tor/Tor |Version:
 Severity:  Normal   | Resolution:
 Keywords:  security hackerone bug-bounty|  Actual Points:
  029-backport 034-backport 035-backport |
  040-must   |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-
Changes (by asn):

 * keywords:  security hackerone bug-bounty 029-backport 034-backport
 035-backport =>
 security hackerone bug-bounty 029-backport 034-backport 035-backport
 040-must


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #30041 [Core Tor/Tor]: OOB access with huge buffers (src/lib/buf/buffers.c)

[Tor Bug Tracker & Wiki]

#30041: OOB access with huge buffers (src/lib/buf/buffers.c)
-+-
 Reporter:  asn  |  Owner:  (none)
 Type:  defect   | Status:  new
 Priority:  Medium   |  Milestone:  Tor:
 |  0.2.9.x-final
Component:  Core Tor/Tor |Version:
 Severity:  Normal   | Resolution:
 Keywords:  security hackerone bug-bounty|  Actual Points:
  029-backport 034-backport 035-backport |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-

Comment (by asn):

 attached patches supplied by paldium

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #30041 [Core Tor/Tor]: OOB access with huge buffers (src/lib/buf/buffers.c)

[Tor Bug Tracker & Wiki]

#30041: OOB access with huge buffers (src/lib/buf/buffers.c)
-+-
 Reporter:  asn  |  Owner:  (none)
 Type:  defect   | Status:  new
 Priority:  Medium   |  Milestone:  Tor:
 |  0.2.9.x-final
Component:  Core Tor/Tor |Version:
 Severity:  Normal   | Resolution:
 Keywords:  security hackerone bug-bounty|  Actual Points:
  029-backport 034-backport 035-backport |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-
Changes (by asn):

 * Attachment "0003-Check-return-value-of-buf_move_to_buf-for-error.patch"
 added.


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #30041 [Core Tor/Tor]: OOB access with huge buffers (src/lib/buf/buffers.c)

[Tor Bug Tracker & Wiki]

#30041: OOB access with huge buffers (src/lib/buf/buffers.c)
-+-
 Reporter:  asn  |  Owner:  (none)
 Type:  defect   | Status:  new
 Priority:  Medium   |  Milestone:  Tor:
 |  0.2.9.x-final
Component:  Core Tor/Tor |Version:
 Severity:  Normal   | Resolution:
 Keywords:  security hackerone bug-bounty|  Actual Points:
  029-backport 034-backport 035-backport |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-
Changes (by asn):

 * Attachment "0001-POC-out-of-boundary-access-with-large-buffers.patch"
 added.


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #30041 [Core Tor/Tor]: OOB access with huge buffers (src/lib/buf/buffers.c)

[Tor Bug Tracker & Wiki]

#30041: OOB access with huge buffers (src/lib/buf/buffers.c)
-+-
 Reporter:  asn  |  Owner:  (none)
 Type:  defect   | Status:  new
 Priority:  Medium   |  Milestone:  Tor:
 |  0.2.9.x-final
Component:  Core Tor/Tor |Version:
 Severity:  Normal   | Resolution:
 Keywords:  security hackerone bug-bounty|  Actual Points:
  029-backport 034-backport 035-backport |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-
Changes (by asn):

 * Attachment "0002-Protect-buffers-against-INT_MAX-datalen-
 overflows.patch" added.


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #30041 [Core Tor/Tor]: OOB access with huge buffers (src/lib/buf/buffers.c)

[Tor Bug Tracker & Wiki]

#30041: OOB access with huge buffers (src/lib/buf/buffers.c)
-+-
 Reporter:  asn  |  Owner:  (none)
 Type:  defect   | Status:  new
 Priority:  Medium   |  Milestone:  Tor: 0.2.9.x-final
Component:  Core |Version:
  Tor/Tor|   Keywords:  security hackerone bug-bounty
 Severity:  Normal   |  029-backport 034-backport 035-backport
Actual Points:   |  Parent ID:
   Points:   |   Reviewer:
  Sponsor:   |
-+-
 Here is an out-of-bounds read bug found by paldium in hackerone. It's a
 low-severity bug because it can only be used for DoS, and requires
 transfer of more than INT_MAX bytes through a connection.

 We should backport to 029 and forward anyhow.

 {{{
 # Summary
 It is possible to trigger out of boundary accesses with buffers if their
 content exceeds INT_MAX bytes. See my first patch (0001) how to trigger
 the issue through unit tests, as this is the easiest way to see what
 happens. It will result in an out of boundary read. A 64 bit system with
 at least 5 GB is required for this unit test though!

 # Explanation
 A buffer consists of one or multiple chunks, which actually contain the
 data. A chunk contains a memory region and a data pointer. The data
 pointer points somewhere into the memory, where the actual user data is
 stored.

 Even though a chunk is free to be larger than INT_MAX, it cannot be
 advised to use such chunks. Whenever a function performs searches or
 lookups, it is bound to "int" due to buf_pos_t. Many functions properly
 check that INT_MAX is not exceeded and throw assertions, but unfortunately
 not all...

 Keeping that in mind, I was able to perform a sequence of actions that in
 fact create chunks with a data length greater than INT_MAX. The int
 variable "pos" will eventually overflow and access memory far ahead from
 reserved user data, effectively performing an out of boundary access.

 # Exploitation
 Generally this is a defensive coding measure to make sure that buffers are
 safe.

 It should be possible to trigger a huge buffer in
 src/core/mainloop/connection.c. In function
 connection_buf_read_from_socket a linked connection (directory
 authentication, as far as I can tell) is joined into the connection buffer
 with buf_move_to_buf.

 The return value of buf_move_to_buf is not properly checked, which means
 that excessively large data returned from the linked connection can slowly
 increase the value of "max_to_read" which means that more and more data
 can be stored in the connection.

 Should it eventually overflow INT_MAX (granted, this takes a LOOONG time),
 the integer calculation will corrupt the buffer, leading to out of
 boundary operations.

 # Patch
 To prevent this issue, both patches (0002 to fix buffers and 0003 to check
 for error return value) must be applied.

 ## Impact

 Heap data is corrupted and out of boundary read access occur. It will be
 very hard to extract data with that, because it would be a blind memory
 check -- and will most likely directly cause a segmentation fault.

 Most likely attack vector is therefore denial of service.
 }}}

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #30040 [Core Tor/Tor]: Double-free bug on huge bandwidth file in some platforms

[Tor Bug Tracker & Wiki]

#30040: Double-free bug on huge bandwidth file in some platforms
-+-
 Reporter:  asn  |  Owner:  (none)
 Type:  defect   | Status:  new
 Priority:  Medium   |  Milestone:  Tor:
 |  0.4.1.x-final
Component:  Core Tor/Tor |Version:
 Severity:  Normal   | Resolution:
 Keywords:  bw-auth double-free hackerone bug-   |  Actual Points:
  bounty |
Parent ID:   | Points:  0.3
 Reviewer:   |Sponsor:
-+-
Changes (by asn):

 * Attachment "0001-Prevent-double-free-on-huge-files-with-32-bit.patch"
 added.


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #30040 [Core Tor/Tor]: Double-free bug on huge bandwidth file in some platforms

[Tor Bug Tracker & Wiki]

#30040: Double-free bug on huge bandwidth file in some platforms
-+-
 Reporter:  asn  |  Owner:  (none)
 Type:  defect   | Status:  new
 Priority:  Medium   |  Milestone:  Tor: 0.4.1.x-final
Component:  Core |Version:
  Tor/Tor|   Keywords:  bw-auth double-free hackerone bug-
 Severity:  Normal   |  bounty
Actual Points:   |  Parent ID:
   Points:  0.3  |   Reviewer:
  Sponsor:   |
-+-
 Here is a very situational double-free bug reported in hackerone from bug
 hunter paldium. It's a low-severity item since bandwidth files are
 considered trusted input, and anyone who controls a bandwidth file can
 cause worse disasters than double-frees. Also it only applies on very
 specific platforms that none of our dirauths use.

 {{{

 Details:
 The function compat_getdelim_ is used for tor_getline if tor is compiled
 on a system that lacks getline and getdelim. These systems should be
 very rare, considering that getdelim is POSIX.

 If this system is further a 32 bit architecture, it is possible to
 trigger a double free with huge files.

 If bufsiz has been already increased to 2 GB, the next chunk would
 be 4 GB in size, which wraps around to 0 due to 32 bit limitations.

 A realloc(*buf, 0) could be imagined as "free(*buf); return malloc(0);"
 which therefore could return NULL. The code in question considers
 that an error, but will keep the value of *buf pointing to already
 freed memory.

 The caller of tor_getline() would free the pointer again, therefore
 leading to a double free.

 This code can only be triggered in dirserv_read_measured_bandwidths
 with a huge measured bandwith list file on a system that actually
 allows to reach 2 GB of space through realloc.

 It is not possible to trigger this on Linux with glibc or other major
 *BSD systems even on unit tests, because these systems cannot reach
 so much memory due to memory fragmentation.

 This patch is effectively based on the penetration test report of
 cure53 for curl available at https://cure53.de/pentest-report_curl.pdf
 and explained under section "CRL-01-007 Double-free in aprintf() via
 unsafe size_t multiplication (Medium)".

 ## Impact

 Successfully triggering a double free can corrupt the heap
 which might allow more sophisticated attacks within the
 tor application.
 }}}

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #30040 [Core Tor/Tor]: Double-free bug on huge bandwidth file in some platforms

[Tor Bug Tracker & Wiki]

#30040: Double-free bug on huge bandwidth file in some platforms
-+-
 Reporter:  asn  |  Owner:  (none)
 Type:  defect   | Status:  new
 Priority:  Medium   |  Milestone:  Tor:
 |  0.4.1.x-final
Component:  Core Tor/Tor |Version:
 Severity:  Normal   | Resolution:
 Keywords:  bw-auth double-free hackerone bug-   |  Actual Points:
  bounty |
Parent ID:   | Points:  0.3
 Reviewer:   |Sponsor:
-+-

Comment (by asn):

 attaching patch supplied by bug reporter

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #30032 [Applications/Tor Browser]: Add warning or disable adding additional extensions

[Tor Bug Tracker & Wiki]

#30032: Add warning or disable adding additional extensions
--+--
 Reporter:  legind|  Owner:  tbb-team
 Type:  defect| Status:  new
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:
 Keywords:  ux-team   |  Actual Points:
Parent ID:  #30037| Points:
 Reviewer:|Sponsor:
--+--

Comment (by cypherpunks):

 Just wanted to write from a user's perspective, the only addon I used with
 Tor Browser was DownThemAll as it made downloading multiple files much
 easier. At the moment I'm trying "Simple mass downloader" since
 DownThemAll isn't compatible with the new Firefox.

 Can Tor try to proactively fix anonymity or security related issues from
 addons that are most likely to be installed on Tor Browser? It may require
 some research to figure that out. My guess is download managers/helpers
 and adblockers would be among the most popular.

 From my experience, Simple mass downloader seems to record file links in
 the browser history and they are not removed with new identity or browser
 restarts.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #29045 [Applications/Tor Launcher]: ask tor to leave dormant mode

[Tor Bug Tracker & Wiki]

#29045: ask tor to leave dormant mode
---+---
 Reporter:  mcs|  Owner:  brade
 Type:  defect | Status:  new
 Priority:  Medium |  Milestone:
Component:  Applications/Tor Launcher  |Version:
 Severity:  Normal | Resolution:
 Keywords: |  Actual Points:
Parent ID:  #29357 | Points:
 Reviewer: |Sponsor:
---+---

Comment (by asn):

 hello. #29357 has been merged.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #29357 [Core Tor/Tor]: add an ActiveOnStartup config option

[Tor Bug Tracker & Wiki]

#29357: add an ActiveOnStartup config option
---+---
 Reporter:  mcs|  Owner:  nickm
 Type:  enhancement| Status:
   |  merge_ready
 Priority:  Very High  |  Milestone:  Tor:
   |  0.4.0.x-final
Component:  Core Tor/Tor   |Version:
 Severity:  Normal | Resolution:
 Keywords:  tbb-needs, 040-proposed, 040-must  |  Actual Points:  .1
Parent ID: | Points:  .5
 Reviewer:  ahf|Sponsor:
---+---
Changes (by asn):

 * keywords:  tbb-needs, 040-proposed, 040-must, asn-merge => tbb-needs,
 040-proposed, 040-must


Comment:

 merged to 040 and forward. cannot close ticket due to child ticket being
 open. informing that ticket.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #30011 [Core Tor/Tor]: Kill test-stem if takes more than 9.5 minutes

[Tor Bug Tracker & Wiki]

#30011: Kill test-stem if takes more than 9.5 minutes
-+-
 Reporter:  teor |  Owner:  teor
 Type:  defect   | Status:
 |  merge_ready
 Priority:  High |  Milestone:  Tor:
 |  0.4.1.x-final
Component:  Core Tor/Tor |Version:  Tor:
 |  0.3.5.4-alpha
 Severity:  Normal   | Resolution:
 Keywords:  tor-ci-fail-sometimes,   |  Actual Points:  0.3
  035-backport, 040-backport |
Parent ID:  #29437   | Points:  0.3
 Reviewer:  nickm|Sponsor:
-+-
Changes (by asn):

 * keywords:  tor-ci-fail-sometimes, 035-backport, 040-backport,  asn-merge
 => tor-ci-fail-sometimes, 035-backport, 040-backport


Comment:

 merged to 040 and onwards. leaving ticket open for the rest of the
 backports.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #29036 [Core Tor/Tor]: Coverage merge failures cause test_process_slow stderr check to fail

[Tor Bug Tracker & Wiki]

#29036: Coverage merge failures cause test_process_slow stderr check to fail
-+-
 Reporter:  teor |  Owner:  teor
 Type:  defect   | Status:  closed
 Priority:  High |  Milestone:  Tor:
 |  0.4.1.x-final
Component:  Core Tor/Tor |Version:  Tor:
 |  unspecified
 Severity:  Major| Resolution:  fixed
 Keywords:  asn-merge, nickm-merge,  |  Actual Points:  0.6
  041-accepted-20190115, regression, tor-ci, |
  029-backport, 034-backport, 035-backport,  |
  040-backport, tor-ci-fail-sometimes|
Parent ID:   | Points:  0.5
 Reviewer:  catalyst |Sponsor:
-+-
Changes (by asn):

 * status:  merge_ready => closed
 * resolution:   => fixed


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs