Re: [tor-bugs] #32588 [Core Tor/Tor]: Setting ORPort [ipv6]:auto mistakenly advertises port 94

[Tor Bug Tracker & Wiki]

#32588: Setting ORPort [ipv6]:auto mistakenly advertises port 94
-+-
 Reporter:  arma |  Owner:  teor
 Type:  defect   | Status:
 |  needs_review
 Priority:  Medium   |  Milestone:  Tor:
 |  0.4.3.x-final
Component:  Core Tor/Tor |Version:  Tor:
 |  0.2.3.9-alpha
 Severity:  Normal   | Resolution:
 Keywords:  ipv6, memory-safety, security-low,   |  Actual Points:  0.6
  035-backport, 040-backport, 041-backport,  |
  042-backport   |
Parent ID:   | Points:  1
 Reviewer:   |Sponsor:
-+-
Changes (by teor):

 * keywords:
 ipv6, memory-safety, security-low, 035-backport, 040-backport,
 041-backport, 042-backport 043-should
 =>
 ipv6, memory-safety, security-low, 035-backport, 040-backport,
 041-backport, 042-backport


Comment:

 I made some fixes suggested by dgoulet in #32822, and squashed them in to
 a new PR:
 * 0.3.5: https://github.com/torproject/tor/pull/1654

 The fixup commits are in the old PR.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #32846 [Core Tor/Tor]: Tor Manual: Alphabetize Client Options

[Tor Bug Tracker & Wiki]

#32846: Tor Manual: Alphabetize Client Options
-+-
 Reporter:  swati|  Owner:  (none)
 Type:  project  | Status:
 |  merge_ready
 Priority:  Medium   |  Milestone:
Component:  Core Tor/Tor |Version:
 Severity:  Normal   | Resolution:
 Keywords:  documentation, tor-client, manpage,  |  Actual Points:
  gsod, extra-review |
Parent ID:  #4310| Points:
 Reviewer:  catalyst, teor   |Sponsor:
-+-

Comment (by teor):

 Replying to [comment:11 catalyst]:
 > Replying to [comment:10 teor]:
 > > Here are some useful things that I think would help people read the
 manual:
 > >   * CircuitPadding splits the circuit timeout option group. If we're
 going to put it out of order anyway, maybe we should put it with
 ConnectionPadding.
 > I agree, except with moving CircuitPadding.  As a slightly more "top-
 level" option, leaving it in alphabetic order might be better.  Maybe we
 should make a new ticket for moving the timeout options in a new
 subsection?

 This is now #32928.

 > > Here are things we could fix now, but we could also do the fix in
 another ticket, possibly by creating a new subsection:
 > > * StrictNodes and GeoIPExcludeUnknown might logically belong after
 ExcludeNodes
 > > * All the *Nodes options (including the HS*Nodes) options, would make
 sense together
 > > * This is a big change, so it probably needs another ticket
 > >
 > > If we create a section for the *Nodes options, we could mark them as
 advanced options. They're all options that might compromise anonymity, by
 changing how tor behaves.
 > I agree; let's make a new ticket for these.

 This is now #32929.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #32929 [Core Tor/Tor]: Tor Manual: Split Node options into their own subsection

[Tor Bug Tracker & Wiki]

#32929: Tor Manual: Split Node options into their own subsection
-+-
 Reporter:  teor |  Owner:  (none)
 Type:  task | Status:  new
 Priority:  Medium   |  Milestone:  Tor: 0.4.3.x-final
Component:  Core |Version:
  Tor/Tor|   Keywords:  documentation tor-client manpage
 Severity:  Normal   |  easy 043-can
Actual Points:   |  Parent ID:  #4310
   Points:  0.5  |   Reviewer:
  Sponsor:   |
-+-
 Let's put the client *Node* and GeoIPExcludeUnknown options in their own
 manpage section.

 For context, see:
 https://trac.torproject.org/projects/tor/ticket/32846#comment:11

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #32928 [Core Tor/Tor]: Tor Manual: Split Circuit Timeout options into their own subsection

[Tor Bug Tracker & Wiki]

#32928: Tor Manual: Split Circuit Timeout options into their own subsection
-+-
 Reporter:  teor |  Owner:  (none)
 Type:  task | Status:  new
 Priority:  Medium   |  Milestone:  Tor: 0.4.3.x-final
Component:  Core |Version:
  Tor/Tor|   Keywords:  documentation tor-client manpage
 Severity:  Normal   |  easy 043-can
Actual Points:   |  Parent ID:  #4310
   Points:  0.5  |   Reviewer:
  Sponsor:   |
-+-
 Let's put the *Circuit*Timeout options in their own manpage section.

 For context, see:
 https://trac.torproject.org/projects/tor/ticket/32846#comment:11

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #32434 [Applications/Tor Browser]: Get build changes needed for RLBox into tor-browser-build

[Tor Bug Tracker & Wiki]

#32434: Get build changes needed for RLBox into tor-browser-build
-+-
 Reporter:  gk   |  Owner:  tbb-
 |  team
 Type:  project  | Status:
 |  needs_review
 Priority:  Medium   |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tbb-security, GeorgKoppen202001, |  Actual Points:
  TorBrowserTeam202001R  |
Parent ID:  #32379   | Points:
 Reviewer:   |Sponsor:
-+-
Changes (by gk):

 * keywords:  tbb-security, GeorgKoppen202001 => tbb-security,
 GeorgKoppen202001, TorBrowserTeam202001R
 * status:  new => needs_review


Comment:

 Okay, `bug_32389` (https://gitweb.torproject.org/user/gk/tor-browser-
 build.git/log/?h=bug_32389) is a branch that produces a
 `libgraphitewasm.so` in Tor Browser. Thus, the build related parts (in
 child tickets) are good for review.

 I still need to go through all my browser patches and figure our why the
 built bundle is crashing. Moreover, I think the right way to treat this
 new feature is to put all the browser patches needed into `tor-browser-
 build`, too, as there are a lot of changes and they are pretty big. I
 would feel more comfortable if all of them are only applied if we build an
 RLBox enabled bundle. That work will happen #32389, though.

 (Setting this ticket in `needs_review` as all the child tickets and for a
 second pair of eyes for the approach described above.)

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #32224 [Applications/Tor Browser]: Add extensions.torbutton.use_nontor_proxy back to Tor Browser 9!!

[Tor Bug Tracker & Wiki]

#32224: Add extensions.torbutton.use_nontor_proxy back to Tor Browser 9!!
--+--
 Reporter:  cypherpunks   |  Owner:  tbb-team
 Type:  task  | Status:  reopened
 Priority:  Immediate |  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Blocker   | Resolution:
 Keywords:|  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+--

Comment (by cypherpunks):

 This patch seems to work for me.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #32224 [Applications/Tor Browser]: Add extensions.torbutton.use_nontor_proxy back to Tor Browser 9!!

[Tor Bug Tracker & Wiki]

#32224: Add extensions.torbutton.use_nontor_proxy back to Tor Browser 9!!
--+--
 Reporter:  cypherpunks   |  Owner:  tbb-team
 Type:  task  | Status:  reopened
 Priority:  Immediate |  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Blocker   | Resolution:
 Keywords:|  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+--
Changes (by cypherpunks):

 * Attachment "startup-observer.js.patch" added.


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #32435 [Applications/Tor Browser]: Compile clang for Linux x86_64 with WASM support

[Tor Bug Tracker & Wiki]

#32435: Compile clang for Linux x86_64 with WASM support
-+-
 Reporter:  gk   |  Owner:  tbb-
 |  team
 Type:  task | Status:
 |  needs_review
 Priority:  Medium   |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tbb-security, GeorgKoppen202001, |  Actual Points:
  TorBrowserTeam202001R  |
Parent ID:  #32434   | Points:
 Reviewer:   |Sponsor:
-+-
Changes (by gk):

 * keywords:  tbb-security, GeorgKoppen202001 => tbb-security,
 GeorgKoppen202001, TorBrowserTeam202001R
 * status:  new => needs_review


Comment:

 `bug_32389` (https://gitweb.torproject.org/user/gk/tor-browser-
 build.git/commit/?h=bug_32389=298b18f9e1319077e8909b5ec43f270fbfabf405)
 has a build patch up for review.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #32436 [Applications/Tor Browser]: Include lucetc project into tor-browser-build

[Tor Bug Tracker & Wiki]

#32436: Include lucetc project into tor-browser-build
-+-
 Reporter:  gk   |  Owner:  tbb-
 |  team
 Type:  task | Status:
 |  needs_review
 Priority:  Medium   |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tbb-security, GeorgKoppen202001, |  Actual Points:
  TorBrowserTeam202001R  |
Parent ID:  #32434   | Points:
 Reviewer:   |Sponsor:
-+-
Changes (by gk):

 * keywords:  tbb-security, GeorgKoppen202001 => tbb-security,
 GeorgKoppen202001, TorBrowserTeam202001R
 * status:  new => needs_review


Comment:

 `bug_32389` (https://gitweb.torproject.org/user/gk/tor-browser-
 build.git/commit/?h=bug_32389=c0a0bd52abdd275048910a0056b4f3c20c2a1dbe)
 has a build patch up for review.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #32437 [Applications/Tor Browser]: Include wasi-libc project into tor-browser-build

[Tor Bug Tracker & Wiki]

#32437: Include wasi-libc project into tor-browser-build
-+-
 Reporter:  gk   |  Owner:  tbb-
 |  team
 Type:  task | Status:
 |  needs_review
 Priority:  Medium   |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tbb-security, GeorgKoppen202001, |  Actual Points:
  TorBrowserTeam202001R  |
Parent ID:  #32434   | Points:
 Reviewer:   |Sponsor:
-+-
Changes (by gk):

 * keywords:  tbb-security, GeorgKoppen202001 => tbb-security,
 GeorgKoppen202001, TorBrowserTeam202001R
 * status:  new => needs_review


Comment:

 `bug_32389` (https://gitweb.torproject.org/user/gk/tor-browser-
 build.git/commit/?h=bug_32389=230db0dab69ab9a5a0eb92f050b1c4ddc5b0430f)
 has a build patch up for review.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #32526 [Applications/Tor Browser]: Enhance wasi-sysroot

[Tor Bug Tracker & Wiki]

#32526: Enhance wasi-sysroot
-+---
 Reporter:  gk   |  Owner:  tbb-team
 Type:  task | Status:  closed
 Priority:  Medium   |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:  duplicate
 Keywords:  tbb-security, GeorgKoppen202001  |  Actual Points:
Parent ID:  #32434   | Points:
 Reviewer:   |Sponsor:
-+---
Changes (by gk):

 * status:  new => closed
 * resolution:   => duplicate


Comment:

 Let's include all the wasi-sysroot parts in one bug, #32437.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #32927 [Applications/Tor Browser]: Get new certificate for authenticode signing

[Tor Bug Tracker & Wiki]

#32927: Get new certificate for authenticode signing
-+-
 Reporter:  gk   |  Owner:  gk
 Type:  defect   | Status:  assigned
 Priority:  Medium   |  Milestone:
Component:  Applications/Tor |Version:
  Browser|   Keywords:  tbb-sign,
 Severity:  Normal   |  GeorgKoppen202002
Actual Points:   |  Parent ID:
   Points:   |   Reviewer:
  Sponsor:   |
-+-
 Our certificate for authenticode signing expires later this year. We
 should get and deploy a new one.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #32907 [Core Tor/Tor]: Remove or_options_t dependencies from module config headers

[Tor Bug Tracker & Wiki]

#32907: Remove or_options_t dependencies from module config headers
--+
 Reporter:  teor  |  Owner:  (none)
 Type:  defect| Status:  new
 Priority:  Medium|  Milestone:  Tor: 0.4.3.x-final
Component:  Core Tor/Tor  |Version:
 Severity:  Normal| Resolution:
 Keywords:|  Actual Points:
Parent ID:  #32798| Points:  0.5
 Reviewer:|Sponsor:
--+
Changes (by teor):

 * parent:   => #32798


Comment:

 If we do this task, we'll be able to compile more headers by themselves,
 in all compilation modes,

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #30638 [Core Tor/Tor]: Test banning ed25519 keys in the approved-routers file on moria1

[Tor Bug Tracker & Wiki]

#30638: Test banning ed25519 keys in the approved-routers file on moria1
-+-
 Reporter:  teor |  Owner:  arma
 Type:  task | Status:
 |  assigned
 Priority:  Medium   |  Milestone:  Tor:
 |  0.4.3.x-final
Component:  Core Tor/Tor |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tor-dirauth, 042-deferred-20190918   |  Actual Points:
  043-should |
Parent ID:   | Points:  1
 Reviewer:   |Sponsor:
-+-
Changes (by teor):

 * keywords:  tor-dirauth, 042-deferred-20190918 042-should => tor-dirauth,
 042-deferred-20190918 043-should
 * status:  new => assigned
 * owner:  (none) => arma


Comment:

 This code was merged in 0.4.3, so it's 043-should.

 I think arma is the most logical person to do this test, because he often
 runs master on moria1.
 (Although any other authority operator could also run master and try it.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #32588 [Core Tor/Tor]: Setting ORPort [ipv6]:auto mistakenly advertises port 94

[Tor Bug Tracker & Wiki]

#32588: Setting ORPort [ipv6]:auto mistakenly advertises port 94
-+-
 Reporter:  arma |  Owner:  teor
 Type:  defect   | Status:
 |  needs_review
 Priority:  Medium   |  Milestone:  Tor:
 |  0.4.3.x-final
Component:  Core Tor/Tor |Version:  Tor:
 |  0.2.3.9-alpha
 Severity:  Normal   | Resolution:
 Keywords:  ipv6, memory-safety, security-low,   |  Actual Points:  0.6
  035-backport, 040-backport, 041-backport,  |
  042-backport 043-should|
Parent ID:   | Points:  1
 Reviewer:   |Sponsor:
-+-
Changes (by teor):

 * status:  assigned => needs_review


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #32588 [Core Tor/Tor]: Setting ORPort [ipv6]:auto mistakenly advertises port 94

[Tor Bug Tracker & Wiki]

#32588: Setting ORPort [ipv6]:auto mistakenly advertises port 94
-+-
 Reporter:  arma |  Owner:  teor
 Type:  defect   | Status:
 |  assigned
 Priority:  Medium   |  Milestone:  Tor:
 |  0.4.3.x-final
Component:  Core Tor/Tor |Version:  Tor:
 |  0.2.3.9-alpha
 Severity:  Normal   | Resolution:
 Keywords:  ipv6, memory-safety, security-low,   |  Actual Points:  0.6
  035-backport, 040-backport, 041-backport,  |
  042-backport 043-should|
Parent ID:   | Points:  1
 Reviewer:   |Sponsor:
-+-
Changes (by teor):

 * status:  needs_review => assigned
 * owner:  (none) => teor


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #32905 [Core Tor/Tor]: Remove the ClientAutoIPv6ORPort option

[Tor Bug Tracker & Wiki]

#32905: Remove the ClientAutoIPv6ORPort option
--+--
 Reporter:  neel  |  Owner:  neel
 Type:  defect| Status:  needs_revision
 Priority:  Medium|  Milestone:  Tor: unspecified
Component:  Core Tor/Tor  |Version:  Tor: unspecified
 Severity:  Normal| Resolution:
 Keywords:  ipv6  |  Actual Points:
Parent ID:  #30639| Points:
 Reviewer:|Sponsor:
--+--
Changes (by teor):

 * status:  needs_review => needs_revision


Comment:

 Since this option has been present in tor for a few releases, we should
 deprecate it in one release, and then remove it in the next release,

 Please open a separate ticket to deprecate the option in the deprecation
 table:
 https://gitweb.torproject.org/tor.git/tree/src/app/config/config.c#n819
 We can merge that ticket into the current master.

 Then, after we split off the next release, we can merge this ticket into
 master.
 (And revert the changes to the deprecation table.)

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #32614 [Core Tor/Tor]: hs-v3: Consider flagging an intro point as bad if rendezvous fails multiple times

[Tor Bug Tracker & Wiki]

#32614: hs-v3: Consider flagging an intro point as bad if rendezvous fails 
multiple
times
-+
 Reporter:  dgoulet  |  Owner:  neel
 Type:  defect   | Status:  needs_review
 Priority:  Medium   |  Milestone:  Tor: 0.4.3.x-final
Component:  Core Tor/Tor |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tor-circuit, tor-hs  |  Actual Points:
Parent ID:   | Points:  0.2
 Reviewer:  dgoulet  |Sponsor:  Sponsor27-can
-+

Comment (by neel):

 Old PR has merge conflicts. New PR:
 https://github.com/torproject/tor/pull/1653

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #32925 [Internal Services/Services Admin Team]: trac emails set reply-to to tor-assistants, which is an obsolete list

[Tor Bug Tracker & Wiki]

#32925: trac emails set reply-to to tor-assistants, which is an obsolete list
-+-
 Reporter:  arma |  Owner:  (none)
 Type:  defect   | Status:  closed
 Priority:  Medium   |  Milestone:
Component:  Internal Services/Services Admin |Version:
  Team   |
 Severity:  Normal   | Resolution:  fixed
 Keywords:   |  Actual Points:
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-

Comment (by arma):

 Ok, will do. And I guess "wait, what, why is that config not in revision
 control" is a separate question for our (future) trac admins. :)

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #32756 [Core Tor/Tor]: SocksPolicy has no way to refer to AF_UNIX sockets

[Tor Bug Tracker & Wiki]

#32756: SocksPolicy has no way to refer to AF_UNIX sockets
--+--
 Reporter:  arma  |  Owner:  (none)
 Type:  defect| Status:  new
 Priority:  Medium|  Milestone:  Tor: unspecified
Component:  Core Tor/Tor  |Version:
 Severity:  Normal| Resolution:
 Keywords:|  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+--
Changes (by neel):

 * status:  assigned => new


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #32756 [Core Tor/Tor]: SocksPolicy has no way to refer to AF_UNIX sockets

[Tor Bug Tracker & Wiki]

#32756: SocksPolicy has no way to refer to AF_UNIX sockets
--+--
 Reporter:  arma  |  Owner:  (none)
 Type:  defect| Status:  assigned
 Priority:  Medium|  Milestone:  Tor: unspecified
Component:  Core Tor/Tor  |Version:
 Severity:  Normal| Resolution:
 Keywords:|  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+--
Changes (by neel):

 * owner:  neel => (none)


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #32905 [Core Tor/Tor]: Remove the ClientAutoIPv6ORPort option

[Tor Bug Tracker & Wiki]

#32905: Remove the ClientAutoIPv6ORPort option
--+--
 Reporter:  neel  |  Owner:  neel
 Type:  defect| Status:  needs_review
 Priority:  Medium|  Milestone:  Tor: unspecified
Component:  Core Tor/Tor  |Version:  Tor: unspecified
 Severity:  Normal| Resolution:
 Keywords:  ipv6  |  Actual Points:
Parent ID:  #30639| Points:
 Reviewer:|Sponsor:
--+--
Changes (by neel):

 * status:  assigned => needs_review


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #32925 [Internal Services/Services Admin Team]: trac emails set reply-to to tor-assistants, which is an obsolete list

[Tor Bug Tracker & Wiki]

#32925: trac emails set reply-to to tor-assistants, which is an obsolete list
-+-
 Reporter:  arma |  Owner:  (none)
 Type:  defect   | Status:  closed
 Priority:  Medium   |  Milestone:
Component:  Internal Services/Services Admin |Version:
  Team   |
 Severity:  Normal   | Resolution:  fixed
 Keywords:   |  Actual Points:
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-
Changes (by qbi):

 * status:  new => closed
 * resolution:   => fixed


Comment:

 The file belongs to the trac service. So it is not maintained in puppet or
 any other service. You can just edit the file and save it.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #32905 [Core Tor/Tor]: Remove the ClientAutoIPv6ORPort option

[Tor Bug Tracker & Wiki]

#32905: Remove the ClientAutoIPv6ORPort option
--+--
 Reporter:  neel  |  Owner:  neel
 Type:  defect| Status:  assigned
 Priority:  Medium|  Milestone:  Tor: unspecified
Component:  Core Tor/Tor  |Version:  Tor: unspecified
 Severity:  Normal| Resolution:
 Keywords:  ipv6  |  Actual Points:
Parent ID:  #30639| Points:
 Reviewer:|Sponsor:
--+--
Changes (by neel):

 * parent:   => #30639


Comment:

 Also see: https://lists.torproject.org/pipermail/tor-
 dev/2020-January/014120.html

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #32905 [Core Tor/Tor]: Remove the ClientAutoIPv6ORPort option

[Tor Bug Tracker & Wiki]

#32905: Remove the ClientAutoIPv6ORPort option
--+--
 Reporter:  neel  |  Owner:  neel
 Type:  defect| Status:  assigned
 Priority:  Medium|  Milestone:  Tor: unspecified
Component:  Core Tor/Tor  |Version:  Tor: unspecified
 Severity:  Normal| Resolution:
 Keywords:  ipv6  |  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+--

Comment (by neel):

 PR: https://github.com/torproject/tor/pull/1652

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #30639 [Core Tor/Tor]: Tor tries to connect over IPv6 in IPv4 networks with ClientAutoIPv6ORPort set

[Tor Bug Tracker & Wiki]

#30639: Tor tries to connect over IPv6 in IPv4 networks with 
ClientAutoIPv6ORPort
set
-+-
 Reporter:  gk   |  Owner:  (none)
 Type:  defect   | Status:  new
 Priority:  Medium   |  Milestone:  Tor:
 |  unspecified
Component:  Core Tor/Tor |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tbb-wants, network-team-roadmap- |  Actual Points:
  maybe, bootstrap, 041-deferred-20190719|
Parent ID:  #29641   | Points:
 Reviewer:   |Sponsor:
-+-

Comment (by neel):

 I think we are better off removing this option completely. See: #32905

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #11206 [Applications/Tor Browser]: Tor Browser will not save Exceptions in the Firefox cookie manager

[Tor Bug Tracker & Wiki]

#11206: Tor Browser will not save Exceptions in the Firefox cookie manager
--+--
 Reporter:  toruser23 |  Owner:  tbb-team
 Type:  defect| Status:  new
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:
 Keywords:  tbb-torbutton |  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+--

Comment (by gk):

 Replying to [comment:7 Thorin]:
 > But this is by design. Permissions (all site exceptions are kept in
 permissions.sqlite) are disabled from writing to disk, and are memory only
 > - `permissions.memory_only` = `true`
 >
 > I feel like I'm missing the point, since this ticket has been open for 6
 years

 Originally, the ticket has meant something slightly different as Torbutton
 back in the day had the option to save cookies across sessions if the user
 chose that option.

 However, even if that's not the case today anymore the current situation
 is still a bug. We need to decide where the bug is, though (I am not sure
 what the expected behavior in vanilla PBM is but I assume cookies can
 retained across sessions. Maybe should follow that model? Or maybe we
 should adapt the UI if `permissions.memory_only` is set to `true` making
 it clear there is no across-sessions-thing. Or maybe the bug is something
 else). However, offering the option to save exceptions across restarts and
 not following along to the surprise of users is clearly sub-optimal.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #22756 [Applications/Tor Browser]: Only show Canvas fingerprinting prompt when there is a user interaction?

[Tor Bug Tracker & Wiki]

#22756: Only show Canvas fingerprinting prompt when there is a user interaction?
-+-
 Reporter:  arthuredelstein  |  Owner:  tbb-
 |  team
 Type:  defect   | Status:  closed
 Priority:  Medium   |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:  fixed
 Keywords:  tbb-fingerprinting, ff60-esr-will-   |  Actual Points:
  have   |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-
Changes (by gk):

 * status:  new => closed
 * keywords:  tbb-fingerprinting => tbb-fingerprinting, ff60-esr-will-have
 * resolution:   => fixed


Comment:

 Good catch, closing.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #22089 [Applications/Tor Browser]: Add Decentraleyes to slighten off a bit Exit traffic and work around some CDNs blocking of Tor

[Tor Bug Tracker & Wiki]

#22089: Add Decentraleyes to slighten off a bit Exit traffic and work around 
some
CDNs blocking of Tor
-+-
 Reporter:  imageverif   |  Owner:  tbb-
 |  team
 Type:  enhancement  | Status:
 |  needs_review
 Priority:  Medium   |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tbb-usability-website, tbb-  |  Actual Points:
  performance|
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-

Comment (by cypherpunks):

 Replying to [comment:25 cypherpunks]:
 > Replying to [comment:22 gk]:
 > > I am not convinced yet this is worth the effort. comment:18 is a good
 start, we should think about expanding it. E.g. there are clear security
 downsides in the sense that a new extension added to Tor Browser means a
 new attack vector and we would need to spend a considerable amount of time
 to review the code every new release contains and as we want to get away
 from automatic extensions updates anyway we would start to monitor
 upstream libraries for security fixes to the locally shipped libraries.
 That could easily result in quite some effort from our side...
 > There's already a
 [https://git.synz.io/Synzvato/decentraleyes/tree/master/audit script] that
 does this automatically for you:
 >
 > > This audit script allows any user and extension reviewer to verify the
 integrity of the bundled resources. It automatically, and transparently,
 compares all bundled libraries to their original sources.
 > >
 > > https://git.synz.io/Synzvato/decentraleyes/tree/master/audit
 >
 > Running it once before every release doesn't sound too bad.
 Authenticity of bundled scripts is not the only security concern I think.
 Bugs or features incompatible with Tor's objectives could be introduced in
 the extension, but that is true of Firefox also and he is much bigger
 beast, so I think it's not good reason to not include decentraleyes or
 similar feature.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #32224 [Applications/Tor Browser]: Add extensions.torbutton.use_nontor_proxy back to Tor Browser 9!!

[Tor Bug Tracker & Wiki]

#32224: Add extensions.torbutton.use_nontor_proxy back to Tor Browser 9!!
--+--
 Reporter:  cypherpunks   |  Owner:  tbb-team
 Type:  task  | Status:  reopened
 Priority:  Immediate |  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Blocker   | Resolution:
 Keywords:|  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+--

Comment (by cypherpunks):

 I agree, this is broken in TB9. Torbutton now forcefully resets
 network.proxy.type to 0 at every launch (see torbutton/components/startup-
 observer.js). And there is no way to disable Torbutton from Add-ons.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #8560 [Applications/Tor Browser]: 100% CPU usage in Tor Browser?

[Tor Bug Tracker & Wiki]

#8560: 100% CPU usage in Tor Browser?
--+--
 Reporter:  mikeperry |  Owner:  tbb-team
 Type:  defect| Status:  new
 Priority:  High  |  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:| Resolution:
 Keywords:  tbb-firefox-patch |  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+--

Comment (by cypherpunks):

 i did not have any problem in 8.x. issue appeared for me in 9.x when
 running a control port at 9150 (i.e. from another tbb profile) and using
 another tbb profile with extensions.torlauncher.start_tor=false. problem
 lies somewhere in tor-circuit-display.js/tor-control-port.js when trying
 to communicate with a control port it has no access to

 extensions.torbutton.display_circuit=false as workaround

 hope this is useful gk

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #28970 [Core Tor/Tor]: tor_bug_occurred_(): Bug: ../src/or/hs_client.c:624: setup_intro_circ_auth_key: Non-fatal assertion

[Tor Bug Tracker & Wiki]

#28970: tor_bug_occurred_(): Bug: ../src/or/hs_client.c:624:
setup_intro_circ_auth_key: Non-fatal assertion
-+-
 Reporter:  torcrash |  Owner:  dgoulet
 Type:  defect   | Status:  closed
 Priority:  High |  Milestone:  Tor:
 |  0.3.5.x-final
Component:  Core Tor/Tor |Version:  Tor:
 |  0.3.4.9
 Severity:  Critical | Resolution:  fixed
 Keywords:  consider-backport-after-0424,|  Actual Points:  0.1
  042-backport, 041-backport, 040-backport,  |
  035-backport, tor-client, tor-hs, postfreeze-  |
  ok, 040-unreached-must, network-team-roadmap-  |
  august, regression?, 041-unreached-must,   |
  042-should |
Parent ID:  #29995   | Points:  5
 Reviewer:  teor |Sponsor:
 |  Sponsor27-must
-+-

Comment (by arma):

 I just closed #32926 as a duplicate.

 It looks like the version of Tor that Orbot is shipping is still 0.4.1.5,
 which means those users will continue to experience this bug (among other
 bugs they also get from using an old Tor version).

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #32926 [Core Tor/Tor]: tor_bug_occurred_: Bug: src/feature/hs/hs_client.c

[Tor Bug Tracker & Wiki]

#32926: tor_bug_occurred_: Bug: src/feature/hs/hs_client.c
--+--
 Reporter:  cypherpunks   |  Owner:  (none)
 Type:  defect| Status:  closed
 Priority:  Medium|  Milestone:
Component:  Core Tor/Tor  |Version:  Tor: 0.4.1.5
 Severity:  Normal| Resolution:  duplicate
 Keywords:  hs_client |  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+--
Changes (by arma):

 * status:  new => closed
 * cc: cypherpunks (removed)
 * resolution:   => duplicate


Comment:

 Duplicate of #28970, which is fixed in the 0.4.2.x stable, and also (I
 hear) backported to 0.4.1.7.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #11096 [Applications/Tor Browser]: Randomize MAC address before start of Tor

[Tor Bug Tracker & Wiki]

#11096: Randomize MAC address before start of Tor
--+--
 Reporter:  csoghoian |  Owner:  tbb-team
 Type:  enhancement   | Status:  closed
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:  wontfix
 Keywords:  tbb-security  |  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+--

Comment (by cypherpunks):

 Replying to [comment:1 cypherpunks]:
 >
 > However, changing your MAC *is* good for preventing LAN adversaries from
 linking your presence/activity in different locations,
 This also the case with the black Van in front of your house sniffing WiFi
 traffic's matching your Mac

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #32915 [- Select a component]: Some Tor exit node servers are using Cloudflare DNS, result in "DNS resolution error"

[Tor Bug Tracker & Wiki]

#32915: Some Tor exit node servers are using Cloudflare DNS, result in "DNS
resolution error"
--+
 Reporter:  cypherpunks   |  Owner:  (none)
 Type:  defect| Status:  new
 Priority:  Medium|  Milestone:
Component:  - Select a component  |Version:
 Severity:  Normal| Resolution:
 Keywords:|  Actual Points:
Parent ID:  #24351| Points:
 Reviewer:|Sponsor:
--+

Comment (by cypherpunks):

 Replying to [comment:3 cypherpunks]:
 > Tor circuit last node(3rd one)
 >
 > 195.128.103.192
 >
 > Ban this piece of shit please...
 Hey, you can educate the volunteers first! But this can't be the true.
 Please educate yourself about circuits positions! Instead of blaming
 someone else and requesting ban. I request for banning false positive
 reports.

 
http://rougmnvswfsmd4dq.onion/rs.html#details/95FA758717D185CBC1D5EE992AAE084AD041927D

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #32926 [Core Tor/Tor]: tor_bug_occurred_: Bug: src/feature/hs/hs_client.c

[Tor Bug Tracker & Wiki]

#32926: tor_bug_occurred_: Bug: src/feature/hs/hs_client.c
--+--
 Reporter:  cypherpunks   |  Owner:  (none)
 Type:  defect| Status:  new
 Priority:  Medium|  Component:  Core Tor/Tor
  Version:  Tor: 0.4.1.5  |   Severity:  Normal
 Keywords:  hs_client |  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+--
 I got this bug warnings on current orbot while roaming and visiting
 https://3g2upl4pq6kufc4m.onion
 {{{
 checking binary version: 0.4.1.5-openssl1.0.2p
 upgrading binaries to latest version: 0.4.1.5-openssl1.0.2p
 Waiting for control port...
 checking binary version: 0.4.1.5-openssl1.0.2p
 updating torrc custom configuration...
 success.
 Orbot started …
 Tor configuration VERIFIED.
 Waiting for control port...
 Connecting to control port: 38417
 SUCCESS connected to Tor control port.
 SUCCESS - authenticated to control port.
 adding control port event handler
 SUCCESS added control port event handler
 Tor started; process id=9952
 NOTICE: Bootstrapped 14% (handshake): Handshaking with a relay
 NOTICE: Bootstrapped 15% (handshake_done): Handshake with a relay done
 NOTICE: Bootstrapped 45% (requesting_descriptors): Asking for relay
 descriptors
 NOTICE: Bootstrapped 50% (loading_descriptors): Loading relay descriptors
 NOTICE: Bootstrapped 58% (loading_descriptors): Loading relay descriptors
 NOTICE: Bootstrapped 65% (loading_descriptors): Loading relay descriptors
 NOTICE: Bootstrapped 72% (loading_descriptors): Loading relay descriptors
 NOTICE: Bootstrapped 75% (enough_dirinfo): Loaded enough directory info to
 build circuits
 NOTICE: Bootstrapped 80% (ap_conn): Connecting to a relay to build
 circuits
 NOTICE: Bootstrapped 85% (ap_conn_done): Connected to a relay to build
 circuits
 NOTICE: Bootstrapped 89% (ap_handshake): Finishing handshake with a relay
 to build circuits
 NOTICE: Bootstrapped 90% (ap_handshake_done): Handshake finished with a
 relay to build circuits
 NOTICE: Bootstrapped 95% (circuit_create): Establishing a Tor circuit
 NOTICE: Guard 66726565646F6D ($4BA58DAC7296A43835C4C274A32731FF1C1F8A80)
 is failing more circuits than usual. Most likely this means the Tor
 network is overloaded. Success counts are 116/175. Use counts are 78/80.
 167 circuits completed, 2 were unusable, 49 collapsed, and 54 timed out.
 For reference, your timeout cutoff is 60 seconds.
 NOTICE: Bootstrapped 100% (done): Done
 NOTICE: Guard order66 ($2DD6D527F665763426B4ADE633B300C49B61CD2D) is
 failing more circuits than usual. Most likely this means the Tor network
 is overloaded. Success counts are 157/227. Use counts are 61/63. 222
 circuits completed, 5 were unusable, 61 collapsed, and 85 timed out. For
 reference, your timeout cutoff is 60 seconds.
 NOTICE: Guard Unnamed ($91E4CEE5D96F906D079179EE6931BDB064F519EE) is
 failing more circuits than usual. Most likely this means the Tor network
 is overloaded. Success counts are 98/156. Use counts are 67/70. 152
 circuits completed, 3 were unusable, 52 collapsed, and 64 timed out. For
 reference, your timeout cutoff is 60 seconds.
 NOTICE: Our IP address has changed.  Rotating keys...
 WARN: tor_bug_occurred_: Bug: src/feature/hs/hs_client.c:685:
 setup_intro_circ_auth_key: Non-fatal assertion !(desc == NULL) failed.
 (Future instances of this warning will be silenced.) (on Tor 0.4.1.5
 439ca48989ece545)
 WARN: Bug: Non-fatal assertion !(desc == NULL) failed in
 setup_intro_circ_auth_key at src/feature/hs/hs_client.c:685. (Stack trace
 not available) (on Tor 0.4.1.5 439ca48989ece545)
 WARN: tor_bug_occurred_: Bug: src/feature/hs/hs_client.c:491:
 intro_circ_is_ok: Non-fatal assertion
 !(!hs_ident_intro_circ_is_valid(circ->hs_ident)) failed. (Future instances
 of this warning will be silenced.) (on Tor 0.4.1.5 439ca48989ece545)
 WARN: Bug: Non-fatal assertion
 !(!hs_ident_intro_circ_is_valid(circ->hs_ident)) failed in
 intro_circ_is_ok at src/feature/hs/hs_client.c:491. (Stack trace not
 available) (on Tor 0.4.1.5 439ca48989ece545)
 NOTICE: pathbias_count_use_success: Bug: Unexpectedly high use successes
 counts (62.75/58.75) for guard TheMothernode
 ($6A3C57BE1EA3B400240F821A22B5E6060501A031) (on Tor 0.4.1.5
 439ca48989ece545)
 NOTICE: pathbias_count_use_success: Bug: Unexpectedly high use successes
 counts (76.222989/75.567841) for guard Charlezx
 ($DBDC2599CC9109D3A852B3E357AFE7A3AE191961) (on Tor 0.4.1.5
 439ca48989ece545)
 NOTICE: pathbias_count_use_success: Bug: Unexpectedly high use successes
 counts (77.222989/75.567841) for guard Charlezx
 ($DBDC2599CC9109D3A852B3E357AFE7A3AE191961) (on Tor 0.4.1.5
 439ca48989ece545)

 }}}

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs 

Re: [tor-bugs] #32925 [Internal Services/Services Admin Team]: trac emails set reply-to to tor-assistants, which is an obsolete list

[Tor Bug Tracker & Wiki]

#32925: trac emails set reply-to to tor-assistants, which is an obsolete list
-+-
 Reporter:  arma |  Owner:  (none)
 Type:  defect   | Status:  new
 Priority:  Medium   |  Milestone:
Component:  Internal Services/Services Admin |Version:
  Team   |
 Severity:  Normal   | Resolution:
 Keywords:   |  Actual Points:
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-
Changes (by arma):

 * cc: hiro, qbi (added)


Comment:

 I cc hiro and qbi in hopes of learning the answer to how I should properly
 do my edit.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #32925 [Internal Services/Services Admin Team]: trac emails set reply-to to tor-assistants, which is an obsolete list

[Tor Bug Tracker & Wiki]

#32925: trac emails set reply-to to tor-assistants, which is an obsolete list
-+-
 Reporter:  arma |  Owner:  (none)
 Type:  defect   | Status:  new
 Priority:  Medium   |  Milestone:
Component:  Internal Services/Services   |Version:
  Admin Team |
 Severity:  Normal   |   Keywords:
Actual Points:   |  Parent ID:
   Points:   |   Reviewer:
  Sponsor:   |
-+-
 When trac sends an email, it sets the header
 {{{
 Reply-To: no-reply@tpo, tor-assistants@tpo
 }}}
 (modified to avoid leaving more spam bait for the world)

 The tor-assistants list is no longer in use. Anybody who replies to these
 emails will not be doing a productive act.

 I found the line in /srv/trac.torproject.org/trac/tor/conf/trac.ini called
 {{{smtp_replyto}}}, and I can edit it and restart trac.

 But, is this file in puppet or git or something? I see both a .git
 directory and an RCS directory.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #22756 [Applications/Tor Browser]: Only show Canvas fingerprinting prompt when there is a user interaction?

[Tor Bug Tracker & Wiki]

#22756: Only show Canvas fingerprinting prompt when there is a user interaction?
--+--
 Reporter:  arthuredelstein   |  Owner:  tbb-team
 Type:  defect| Status:  new
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:
 Keywords:  tbb-fingerprinting|  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+--

Comment (by Thorin):

 @sysqrb @gk : this was resolved in FF59+ under RFP (see's tom bug link),
 so we should be good to close this

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #22089 [Applications/Tor Browser]: Add Decentraleyes to slighten off a bit Exit traffic and work around some CDNs blocking of Tor

[Tor Bug Tracker & Wiki]

#22089: Add Decentraleyes to slighten off a bit Exit traffic and work around 
some
CDNs blocking of Tor
-+-
 Reporter:  imageverif   |  Owner:  tbb-
 |  team
 Type:  enhancement  | Status:
 |  needs_review
 Priority:  Medium   |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tbb-usability-website, tbb-  |  Actual Points:
  performance|
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-

Comment (by cypherpunks):

 Replying to [comment:22 gk]:
 > I am not convinced yet this is worth the effort. comment:18 is a good
 start, we should think about expanding it. E.g. there are clear security
 downsides in the sense that a new extension added to Tor Browser means a
 new attack vector and we would need to spend a considerable amount of time
 to review the code every new release contains and as we want to get away
 from automatic extensions updates anyway we would start to monitor
 upstream libraries for security fixes to the locally shipped libraries.
 That could easily result in quite some effort from our side...
 There's already a
 [https://git.synz.io/Synzvato/decentraleyes/tree/master/audit script] that
 does this automatically for you:

 > This audit script allows any user and extension reviewer to verify the
 integrity of the bundled resources. It automatically, and transparently,
 compares all bundled libraries to their original sources.
 >
 > https://git.synz.io/Synzvato/decentraleyes/tree/master/audit

 Running it once before every release doesn't sound too bad.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #32924 [Applications/Tor Browser]: artofproblemsolving.com is broken, doesn't happen with vanilla Firefox

[Tor Bug Tracker & Wiki]

#32924: artofproblemsolving.com is broken, doesn't happen with vanilla Firefox
--+--
 Reporter:  cypherpunks   |  Owner:  tbb-team
 Type:  defect| Status:  new
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:
 Keywords:|  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+--

Comment (by cypherpunks):

 Replying to [comment:1 cypherpunks]:
 > Your options:
 >
 > 1. Install [https://codeberg.org/crimeflare/cloudflare-
 tor/src/branch/master/what-to-do.md#website-consumer Decentraleyes add-on
 to serve JS files locally].

 That won't work since the file is served from
 assets.artofproblemsolving.com and not some other 3rd party.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs