Re: [tor-bugs] #33628 [Internal Services/Tor Sysadmin Team]: Add charly to many internal aliases

[Tor Bug Tracker & Wiki]

#33628: Add charly to many internal aliases
-+-
 Reporter:  arma |  Owner:  arma
 Type:  enhancement  | Status:  closed
 Priority:  Medium   |  Milestone:
Component:  Internal Services/Tor Sysadmin Team  |Version:
 Severity:  Normal   | Resolution:
 |  implemented
 Keywords:   |  Actual Points:
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-
Changes (by arma):

 * status:  assigned => closed
 * resolution:   => implemented


Comment:

 All set I think. Please open a new ticket if there is something more we
 need.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #33632 [Core Tor/Tor]: List ed25519 fingerprints on the command line

[Tor Bug Tracker & Wiki]

#33632: List ed25519 fingerprints on the command line
-+-
 Reporter:  teor |  Owner:  (none)
 Type:  enhancement  | Status:  new
 Priority:  Medium   |  Milestone:  Tor:
 |  unspecified
Component:  Core Tor/Tor |Version:
 Severity:  Normal   | Resolution:
 Keywords:  outreachy-ipv6, prop311-can  |  Actual Points:
Parent ID:  #33050   | Points:  1
 Reviewer:   |Sponsor:  Sponsor55-can
-+-

Comment (by teor):

 Hi anuradha1904, I have reviewed #33428, and it is still incomplete.
 Please focus on completing #33428. We are evaluating applications based on
 completed issues.

 You're welcome to start on this issue, if you have time left over, or you
 are waiting on us to review #33428.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #33428 [Core Tor/Chutney]: Make chutney check for relay microdescriptors before verifying

[Tor Bug Tracker & Wiki]

#33428: Make chutney check for relay microdescriptors before verifying
---+---
 Reporter:  teor   |  Owner:  anuradha1904
 Type:  enhancement| Status:
   |  needs_revision
 Priority:  Medium |  Milestone:
Component:  Core Tor/Chutney   |Version:
 Severity:  Normal | Resolution:
 Keywords:  ipv6, prop311, outreachy-ipv6  |  Actual Points:
Parent ID:  #33050 | Points:  1
 Reviewer: |Sponsor:  Sponsor55-can
---+---
Changes (by teor):

 * status:  assigned => needs_revision


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #33428 [Core Tor/Chutney]: Make chutney check for relay microdescriptors before verifying

[Tor Bug Tracker & Wiki]

#33428: Make chutney check for relay microdescriptors before verifying
---+---
 Reporter:  teor   |  Owner:  anuradha1904
 Type:  enhancement| Status:  assigned
 Priority:  Medium |  Milestone:
Component:  Core Tor/Chutney   |Version:
 Severity:  Normal | Resolution:
 Keywords:  ipv6, prop311, outreachy-ipv6  |  Actual Points:
Parent ID:  #33050 | Points:  1
 Reviewer: |Sponsor:  Sponsor55-can
---+---
Changes (by teor):

 * owner:  (none) => anuradha1904
 * status:  needs_review => assigned


Comment:

 Thanks for this pull request, I made some comments on GitHub.

 My biggest question is:

 Have you tested this function?
 How do you know it works?

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #21483 [Applications/Tor Browser]: DuckDuckGo Onion should be the default instead of DuckDuckGo

[Tor Bug Tracker & Wiki]

#21483: DuckDuckGo Onion should be the default instead of DuckDuckGo
--+
 Reporter:  lolscreen |  Owner:  tbb-team
 Type:  defect| Status:
  |  needs_information
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:
 Keywords:  tor-hs, TorBrowserTeam202006  |  Actual Points:
Parent ID:| Points:  0.25
 Reviewer:|Sponsor:
--+

Comment (by kjuvle):

 For reference, there is a ticket downstream in Tails on this issue:
 https://redmine.tails.boum.org/code/issues/12121

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #33072 [Core Tor/Tor]: When under load, give 503 aggressively for dirport requests without compression

[Tor Bug Tracker & Wiki]

#33072: When under load, give 503 aggressively for dirport requests without
compression
-+-
 Reporter:  nickm|  Owner:  dgoulet
 Type:  defect   | Status:
 |  needs_revision
 Priority:  Medium   |  Milestone:  Tor:
 |  0.4.4.x-final
Component:  Core Tor/Tor |Version:
 Severity:  Normal   | Resolution:
 Keywords:  network-health 043-should consider-  |  Actual Points:
  backport-after-0434 042-backport 043-backport  |
Parent ID:  #33018   | Points:
 Reviewer:  teor |Sponsor:
-+-
Changes (by teor):

 * keywords:  network-health 043-should consider-backport-after-0434 =>
 network-health 043-should consider-backport-after-0434 042-backport
 043-backport
 * milestone:  Tor: 0.4.3.x-final => Tor: 0.4.4.x-final


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #33623 [Core Tor/Tor]: sendme: Change default emit cell version from 0 to 1

[Tor Bug Tracker & Wiki]

#33623: sendme: Change default emit cell version from 0 to 1
-+-
 Reporter:  dgoulet  |  Owner:  dgoulet
 Type:  defect   | Status:
 |  merge_ready
 Priority:  Medium   |  Milestone:  Tor:
 |  0.4.4.x-final
Component:  Core Tor/Tor |Version:
 Severity:  Normal   | Resolution:
 Keywords:  consider-backport-after-0434, tor-   |  Actual Points:  0.1
  relay sendme 044-should 041-backport   |
  042-backport 043-backport  |
Parent ID:   | Points:  0.1
 Reviewer:  teor |Sponsor:
-+-
Changes (by teor):

 * status:  needs_review => merge_ready
 * keywords:  tor-relay sendme 044-should 041-backport 042-backport =>
 consider-backport-after-0434, tor-relay sendme 044-should 041-backport
 042-backport 043-backport
 * reviewer:   => teor


Comment:

 Trivial fix, let's merge to master after the security releases.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #33072 [Core Tor/Tor]: When under load, give 503 aggressively for dirport requests without compression

[Tor Bug Tracker & Wiki]

#33072: When under load, give 503 aggressively for dirport requests without
compression
-+-
 Reporter:  nickm|  Owner:  dgoulet
 Type:  defect   | Status:
 |  needs_revision
 Priority:  Medium   |  Milestone:  Tor:
 |  0.4.3.x-final
Component:  Core Tor/Tor |Version:
 Severity:  Normal   | Resolution:
 Keywords:  network-health 043-should consider-  |  Actual Points:
  backport-after-0434|
Parent ID:  #33018   | Points:
 Reviewer:  teor |Sponsor:
-+-
Changes (by teor):

 * status:  needs_review => needs_revision
 * keywords:  network-health 043-should => network-health 043-should
 consider-backport-after-0434
 * reviewer:  nickm, arma => teor


Comment:

 I think this change looks good, but I am not sure about allowing all
 compressed requests. I think we should check the write bucket for
 compressed requests, so that we prioritise requests in this order, by
 default:
 * voting
 * compressed requests
 * uncompressed requests

 But if that's not possible, or it would take a lot of code changes, I'm
 happy to prioritise compressed requests (including voting) over
 uncompressed requests.

 Also, please remove the binary files from the PR. Do we need to update the
 .gitignore to exclude *.a ?

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #33072 [Core Tor/Tor]: When under load, give 503 aggressively for dirport requests without compression

[Tor Bug Tracker & Wiki]

#33072: When under load, give 503 aggressively for dirport requests without
compression
---+---
 Reporter:  nickm  |  Owner:  dgoulet
 Type:  defect | Status:  needs_review
 Priority:  Medium |  Milestone:  Tor:
   |  0.4.3.x-final
Component:  Core Tor/Tor   |Version:
 Severity:  Normal | Resolution:
 Keywords:  network-health 043-should  |  Actual Points:
Parent ID:  #33018 | Points:
 Reviewer:  nickm, arma|Sponsor:
---+---

Comment (by teor):

 Replying to [comment:14 dgoulet]:
 > I need to wait for the 042 backport to be able to do an 042 and onward
 branch ...

 Nick merged #33029 to 0.4.2 and later over the weekend. Is there anything
 else blocking an 0.4.2 branch?

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #19409 [Circumvention/Snowflake]: Make a deb of snowflake and get into Debian

[Tor Bug Tracker & Wiki]

#19409: Make a deb of snowflake and get into Debian
-+--
 Reporter:  adrelanos|  Owner:  cohosh
 Type:  enhancement  | Status:  assigned
 Priority:  High |  Milestone:
Component:  Circumvention/Snowflake  |Version:
 Severity:  Major| Resolution:
 Keywords:   |  Actual Points:
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+--

Comment (by anarcat):

 >  Anarcat: one other thing you could do here that would be really
 helpful: give cohosh some intuition about how much future ongoing misery
 she's signing herself up for, by offering to help package/maintain the set
 of go libs she'll depend on. With that knowledge, the anti-censorship team
 should think about whether signing up for that commitment is the best use
 of their limited time -- or said another way, how to make things scale
 well enough for the future.

 I think that really depends on how popular those libs are and how many
 they are. I wouldn't commit to an answer before looking deeper into that.
 :)

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #19409 [Circumvention/Snowflake]: Make a deb of snowflake and get into Debian

[Tor Bug Tracker & Wiki]

#19409: Make a deb of snowflake and get into Debian
-+--
 Reporter:  adrelanos|  Owner:  cohosh
 Type:  enhancement  | Status:  assigned
 Priority:  High |  Milestone:
Component:  Circumvention/Snowflake  |Version:
 Severity:  Major| Resolution:
 Keywords:   |  Actual Points:
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+--

Comment (by arma):

 Replying to [comment:21 anarcat]:
 > golang is still statically linked in Debian, just like everywhere else,
 because the upstream tooling for dynamic linking is non-existent

 Ah ha, right, great.

 So that means definitely smart to get set up with the Debian go team,
 because they will need to know that here is yet another package that needs
 to get rebuilt whenever there's a security update to one of its go libs.

 > >  One of the awesome things about a snowflake deb (i.e. a deb that lets
 people become snowflakes) would be that you just install the deb and it
 magically works from there -- no editing text files, no opening ports, no
 installing tor, etc. Basically all the features of having a Snowflake
 browser extension, but now also in the (headless) deb package world.
 >
 > ... that sometimes involves a lot of tricky debian packaging tricks. It
 is much easier to do this when upstream already provides tools to do that
 hard stuff ("edit text file", "open port" (?), "configure tor")...

 We're in luck! I'm not doing the bad idea of saying "oh we'll just
 automate all of that in the deb somehow". I'm saying that snowflake, by
 design, doesn't need it: there are no text files to edit, it only makes
 outgoing connections so nothing needs to mess with port forwarding, it
 doesn't use tor, etc.

 So I think we won't need the tricky debian packaging tricks here either.
 :)

 > Let me know if you have any other questions: I have packaged a few
 golang libraries and one binary in Debian and learned some of the ropes,
 so I can help. (Hey, and look at that - I *am* part of the golang team, so
 you got a team member to ask right here. ;)

 Anarcat: one other thing you could do here that would be really helpful:
 give cohosh some intuition about how much future ongoing misery she's
 signing herself up for, by offering to help package/maintain the set of go
 libs she'll depend on. With that knowledge, the anti-censorship team
 should think about whether signing up for that commitment is the best use
 of their limited time -- or said another way, how to make things scale
 well enough for the future.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #33638 [Circumvention/Snowflake]: Refactor (De)SerializeSessionDescription as common utils

[Tor Bug Tracker & Wiki]

#33638: Refactor (De)SerializeSessionDescription as common utils
-+
 Reporter:  arlolra  |  Owner:  (none)
 Type:  defect   | Status:  closed
 Priority:  Medium   |  Milestone:
Component:  Circumvention/Snowflake  |Version:
 Severity:  Normal   | Resolution:  fixed
 Keywords:   |  Actual Points:
Parent ID:   | Points:
 Reviewer:  cohosh   |Sponsor:
-+
Changes (by arlolra):

 * status:  merge_ready => closed
 * resolution:   => fixed


Comment:

 Merged as https://gitweb.torproject.org/pluggable-
 transports/snowflake.git/commit/?id=d10af300c128955599aefabba10ac8db7027e063

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #33638 [Circumvention/Snowflake]: Refactor (De)SerializeSessionDescription as common utils

[Tor Bug Tracker & Wiki]

#33638: Refactor (De)SerializeSessionDescription as common utils
-+-
 Reporter:  arlolra  |  Owner:  (none)
 Type:  defect   | Status:  merge_ready
 Priority:  Medium   |  Milestone:
Component:  Circumvention/Snowflake  |Version:
 Severity:  Normal   | Resolution:
 Keywords:   |  Actual Points:
Parent ID:   | Points:
 Reviewer:  cohosh   |Sponsor:
-+-
Changes (by cohosh):

 * status:  needs_review => merge_ready


Comment:

 Looks good. Thanks for doing this Arlo!

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #33638 [Circumvention/Snowflake]: Refactor (De)SerializeSessionDescription as common utils

[Tor Bug Tracker & Wiki]

#33638: Refactor (De)SerializeSessionDescription as common utils
-+--
 Reporter:  arlolra  |  Owner:  (none)
 Type:  defect   | Status:  needs_review
 Priority:  Medium   |  Milestone:
Component:  Circumvention/Snowflake  |Version:
 Severity:  Normal   | Resolution:
 Keywords:   |  Actual Points:
Parent ID:   | Points:
 Reviewer:  cohosh   |Sponsor:
-+--
Changes (by cohosh):

 * reviewer:   => cohosh


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #33008 [Metrics/Relay Search]: Display a bridge's distribution bucket

[Tor Bug Tracker & Wiki]

#33008: Display a bridge's distribution bucket
-+-
 Reporter:  phw  |  Owner:
 |  metrics-team
 Type:  enhancement  | Status:
 |  needs_review
 Priority:  Medium   |  Milestone:
Component:  Metrics/Relay Search |Version:
 Severity:  Normal   | Resolution:
 Keywords:  s30-o24a1, anti-censorship-roadmap-  |  Actual Points:
  2020Q1 metrics-team-roadmap-2020Q1 |
Parent ID:  #31281   | Points:  2
 Reviewer:  cohosh   |Sponsor:
 |  Sponsor30-can
-+-

Comment (by karsten):

 The new text looks good to me!

 The delay between BridgeDB assigning a new bridge to a distributor and
 Relay Search learning about it is roughly linearly distributed from 1 to
 25 hours. For example, the bridge pool assignments file written by
 BridgeDB at 2020-03-16T00:01:45Z was archived by CollecTor at
 2020-03-17T00:09:00Z and would be processed by Onionoo at about
 2020-03-17T00:45:00Z. That's the worst case scenario, though. How about
 you write something vague like "usually within one day" and keep the "be
 patient" part? :)

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #33636 [Circumvention/Snowflake]: Remove go-webrtc dependency from snowflake

[Tor Bug Tracker & Wiki]

#33636: Remove go-webrtc dependency from snowflake
-+
 Reporter:  cohosh   |  Owner:  cohosh
 Type:  defect   | Status:  closed
 Priority:  Medium   |  Milestone:
Component:  Circumvention/Snowflake  |Version:
 Severity:  Normal   | Resolution:  fixed
 Keywords:   |  Actual Points:
Parent ID:  #19409   | Points:
 Reviewer:   |Sponsor:
-+

Comment (by arlolra):

 > Let's make a new ticket

 See #33638

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #33638 [Circumvention/Snowflake]: Refactor (De)SerializeSessionDescription as common utils

[Tor Bug Tracker & Wiki]

#33638: Refactor (De)SerializeSessionDescription as common utils
-+
 Reporter:  arlolra  |  Owner:  (none)
 Type:  defect   | Status:  new
 Priority:  Medium   |  Milestone:
Component:  Circumvention/Snowflake  |Version:
 Severity:  Normal   |   Keywords:
Actual Points:   |  Parent ID:
   Points:   |   Reviewer:
  Sponsor:   |
-+
 
https://github.com/keroserene/snowflake/commit/7b761d4c8d0e56b9148f106eb01667a7ec5c0424

 from https://trac.torproject.org/projects/tor/ticket/33636#comment:12

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #33638 [Circumvention/Snowflake]: Refactor (De)SerializeSessionDescription as common utils

[Tor Bug Tracker & Wiki]

#33638: Refactor (De)SerializeSessionDescription as common utils
-+--
 Reporter:  arlolra  |  Owner:  (none)
 Type:  defect   | Status:  needs_review
 Priority:  Medium   |  Milestone:
Component:  Circumvention/Snowflake  |Version:
 Severity:  Normal   | Resolution:
 Keywords:   |  Actual Points:
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+--
Changes (by arlolra):

 * status:  new => needs_review


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #19409 [Circumvention/Snowflake]: Make a deb of snowflake and get into Debian

[Tor Bug Tracker & Wiki]

#19409: Make a deb of snowflake and get into Debian
-+--
 Reporter:  adrelanos|  Owner:  cohosh
 Type:  enhancement  | Status:  assigned
 Priority:  High |  Milestone:
Component:  Circumvention/Snowflake  |Version:
 Severity:  Major| Resolution:
 Keywords:   |  Actual Points:
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+--

Comment (by cohosh):

 I opened an ITP for Snowflake here: https://bugs.debian.org/cgi-
 bin/bugreport.cgi?bug=954176

 I'll work on ITPs for the dependencies as well :)

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #33636 [Circumvention/Snowflake]: Remove go-webrtc dependency from snowflake

[Tor Bug Tracker & Wiki]

#33636: Remove go-webrtc dependency from snowflake
-+
 Reporter:  cohosh   |  Owner:  cohosh
 Type:  defect   | Status:  closed
 Priority:  Medium   |  Milestone:
Component:  Circumvention/Snowflake  |Version:
 Severity:  Normal   | Resolution:  fixed
 Keywords:   |  Actual Points:
Parent ID:  #19409   | Points:
 Reviewer:   |Sponsor:
-+
Changes (by cohosh):

 * status:  needs_review => closed
 * resolution:   => fixed


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #33636 [Circumvention/Snowflake]: Remove go-webrtc dependency from snowflake

[Tor Bug Tracker & Wiki]

#33636: Remove go-webrtc dependency from snowflake
-+--
 Reporter:  cohosh   |  Owner:  cohosh
 Type:  defect   | Status:  needs_review
 Priority:  Medium   |  Milestone:
Component:  Circumvention/Snowflake  |Version:
 Severity:  Normal   | Resolution:
 Keywords:   |  Actual Points:
Parent ID:  #19409   | Points:
 Reviewer:   |Sponsor:
-+--

Comment (by cohosh):

 Let's make a new ticket

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #33157 [Circumvention/Snowflake]: Client generates SDP with "IN IP4 0.0.0.0", causing proxy to send "client_ip=0.0.0.0" and bridge to send "USERADDR 0.0.0.0:1"

[Tor Bug Tracker & Wiki]

#33157: Client generates SDP with "IN IP4 0.0.0.0", causing proxy to send
"client_ip=0.0.0.0" and bridge to send "USERADDR 0.0.0.0:1"
-+--
 Reporter:  dcf  |  Owner:  (none)
 Type:  defect   | Status:  needs_review
 Priority:  Medium   |  Milestone:
Component:  Circumvention/Snowflake  |Version:
 Severity:  Normal   | Resolution:
 Keywords:   |  Actual Points:
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+--
Changes (by arlolra):

 * status:  new => needs_review


Comment:

 Changing the status for review on the tangential patch in #comment:4

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #29128 [Core Tor/Tor]: Place complete obfs4 bridge line in accessible location

[Tor Bug Tracker & Wiki]

#29128: Place complete obfs4 bridge line in accessible location
-+-
 Reporter:  phoul|  Owner:  (none)
 Type:  defect   | Status:  new
 Priority:  Medium   |  Milestone:  Tor:
 |  unspecified
Component:  Core Tor/Tor |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tor-pt, tor-doc, |  Actual Points:
  040-deferred-20190220, network-team-roadmap-   |
  2020Q1 |
Parent ID:  #30471   | Points:
 Reviewer:   |Sponsor:
 |  Sponsor28-must
-+-
Changes (by catalyst):

 * cc: catalyst (added)


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #33636 [Circumvention/Snowflake]: Remove go-webrtc dependency from snowflake

[Tor Bug Tracker & Wiki]

#33636: Remove go-webrtc dependency from snowflake
-+--
 Reporter:  cohosh   |  Owner:  cohosh
 Type:  defect   | Status:  needs_review
 Priority:  Medium   |  Milestone:
Component:  Circumvention/Snowflake  |Version:
 Severity:  Normal   | Resolution:
 Keywords:   |  Actual Points:
Parent ID:  #19409   | Points:
 Reviewer:   |Sponsor:
-+--

Comment (by arlolra):

 > I left a comment inline on the pull.

 I took a stab at the refactor suggested there in,
 
https://github.com/keroserene/snowflake/commit/7b761d4c8d0e56b9148f106eb01667a7ec5c0424

 Can open a separate ticket for it if it's preferred.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #31009 [Core Tor/Tor]: Tor lets transports advertise private IP addresses in descriptor

[Tor Bug Tracker & Wiki]

#31009: Tor lets transports advertise private IP addresses in descriptor
-+-
 Reporter:  phw  |  Owner:  ahf
 Type:  defect   | Status:
 |  needs_revision
 Priority:  Medium   |  Milestone:  Tor:
 |  0.4.3.x-final
Component:  Core Tor/Tor |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tor-pt, tor-bridge, 035-backport,|  Actual Points:
  040-backport, 041-backport,|
  042-deferred-20190918, network-team-roadmap-   |
  2020Q1, 043-should |
Parent ID:   | Points:  0.5
 Reviewer:   |Sponsor:
 |  Sponsor28-can
-+-
Changes (by catalyst):

 * cc: catalyst (added)


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #33632 [Core Tor/Tor]: List ed25519 fingerprints on the command line

[Tor Bug Tracker & Wiki]

#33632: List ed25519 fingerprints on the command line
-+-
 Reporter:  teor |  Owner:  (none)
 Type:  enhancement  | Status:  new
 Priority:  Medium   |  Milestone:  Tor:
 |  unspecified
Component:  Core Tor/Tor |Version:
 Severity:  Normal   | Resolution:
 Keywords:  outreachy-ipv6, prop311-can  |  Actual Points:
Parent ID:  #33050   | Points:  1
 Reviewer:   |Sponsor:  Sponsor55-can
-+-

Comment (by anuradha1904):

 Hey teor, can I start with this issue? Thank you.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #33632 [Core Tor/Tor]: List ed25519 fingerprints on the command line

[Tor Bug Tracker & Wiki]

#33632: List ed25519 fingerprints on the command line
-+-
 Reporter:  teor |  Owner:  (none)
 Type:  enhancement  | Status:  new
 Priority:  Medium   |  Milestone:  Tor:
 |  unspecified
Component:  Core Tor/Tor |Version:
 Severity:  Normal   | Resolution:
 Keywords:  outreachy-ipv6, prop311-can  |  Actual Points:
Parent ID:  #33050   | Points:  1
 Reviewer:   |Sponsor:  Sponsor55-can
-+-

Comment (by anuradha1904):

 Hey teor, can I start with this issue? Thank you.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #23226 [Applications/GetTor]: GetTor help message could be more helpful

[Tor Bug Tracker & Wiki]

#23226: GetTor help message could be more helpful
-+-
 Reporter:  catalyst |  Owner:  cohosh
 Type:  defect   | Status:
 |  needs_revision
 Priority:  Medium   |  Milestone:
Component:  Applications/GetTor  |Version:
 Severity:  Normal   | Resolution:
 Keywords:  anti-censorship-roadmap-2020Q1, ux-  |  Actual Points:
  team   |
Parent ID:  #9036| Points:  1
 Reviewer:  phw  |Sponsor:
-+-

Comment (by cohosh):

 Replying to [comment:19 antonela]:
 > Thanks for working on improving this message!
 >
 Thanks for taking a look!
 > Some comments:
 > 1. Yes! let's include an example of how the message should look. I know
 we have been receiving emails with bad formatting. Let's be explicit about
 it.
 > 2. Do we know which are the most requested locale versions? If yes,
 let's use them in the list. If we don't know, then we should list in
 alphabetical order for fast scanning.
 We don't have this data, we can go with alphabetical order.
 >
 > Changes:
 > - Removed `three`, seems redundant.
 > - Made explicit that the OS is the one that they want to install TB.
 Seems clear but was not.
 > - Tried to explain the example.
 >
 These changes look good to me :)
 >
 > We will run user testing on this flow, and we can iterate and adjust
 what is necessary after it.

 Okay great, so the next step is to implement it then? If so, I'll move
 forward with a patch!

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #33428 [Core Tor/Chutney]: Make chutney check for relay microdescriptors before verifying

[Tor Bug Tracker & Wiki]

#33428: Make chutney check for relay microdescriptors before verifying
---+---
 Reporter:  teor   |  Owner:  (none)
 Type:  enhancement| Status:  needs_review
 Priority:  Medium |  Milestone:
Component:  Core Tor/Chutney   |Version:
 Severity:  Normal | Resolution:
 Keywords:  ipv6, prop311, outreachy-ipv6  |  Actual Points:
Parent ID:  #33050 | Points:  1
 Reviewer: |Sponsor:  Sponsor55-can
---+---
Changes (by anuradha1904):

 * status:  new => needs_review
 * cc: anuradha1904 (added)


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #33636 [Circumvention/Snowflake]: Remove go-webrtc dependency from snowflake

[Tor Bug Tracker & Wiki]

#33636: Remove go-webrtc dependency from snowflake
-+--
 Reporter:  cohosh   |  Owner:  cohosh
 Type:  defect   | Status:  needs_review
 Priority:  Medium   |  Milestone:
Component:  Circumvention/Snowflake  |Version:
 Severity:  Normal   | Resolution:
 Keywords:   |  Actual Points:
Parent ID:  #19409   | Points:
 Reviewer:   |Sponsor:
-+--

Comment (by arlolra):

 It might be useful if you split this into two commits since it looks like
 most of the changes show up on `master` before `e26373dd` was merged, but
 either way seems fine.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #33636 [Circumvention/Snowflake]: Remove go-webrtc dependency from snowflake

[Tor Bug Tracker & Wiki]

#33636: Remove go-webrtc dependency from snowflake
-+--
 Reporter:  cohosh   |  Owner:  cohosh
 Type:  defect   | Status:  needs_review
 Priority:  Medium   |  Milestone:
Component:  Circumvention/Snowflake  |Version:
 Severity:  Normal   | Resolution:
 Keywords:   |  Actual Points:
Parent ID:  #19409   | Points:
 Reviewer:   |Sponsor:
-+--
Changes (by cohosh):

 * status:  reopened => needs_review


Comment:

 
https://github.com/cohosh/snowflake/commit/c11461d3391febd62ba5f7fb5517aa65dbcf5c59

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #33636 [Circumvention/Snowflake]: Remove go-webrtc dependency from snowflake

[Tor Bug Tracker & Wiki]

#33636: Remove go-webrtc dependency from snowflake
-+--
 Reporter:  cohosh   |  Owner:  cohosh
 Type:  defect   | Status:  reopened
 Priority:  Medium   |  Milestone:
Component:  Circumvention/Snowflake  |Version:
 Severity:  Normal   | Resolution:
 Keywords:   |  Actual Points:
Parent ID:  #19409   | Points:
 Reviewer:   |Sponsor:
-+--
Changes (by cohosh):

 * status:  closed => reopened
 * resolution:  fixed =>


Comment:

 Ooops forgot to do a `go mod tidy`.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #33636 [Circumvention/Snowflake]: Remove go-webrtc dependency from snowflake

[Tor Bug Tracker & Wiki]

#33636: Remove go-webrtc dependency from snowflake
-+
 Reporter:  cohosh   |  Owner:  cohosh
 Type:  defect   | Status:  closed
 Priority:  Medium   |  Milestone:
Component:  Circumvention/Snowflake  |Version:
 Severity:  Normal   | Resolution:  fixed
 Keywords:   |  Actual Points:
Parent ID:  #19409   | Points:
 Reviewer:   |Sponsor:
-+
Changes (by cohosh):

 * status:  merge_ready => closed
 * resolution:   => fixed


Comment:

 Thanks! Squashed and merged at [https://gitweb.torproject.org/pluggable-
 transports/snowflake.git/commit/?id=6054c09949dfeb807a898e369c546344e26373dd
 e26373dd]

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #33636 [Circumvention/Snowflake]: Remove go-webrtc dependency from snowflake

[Tor Bug Tracker & Wiki]

#33636: Remove go-webrtc dependency from snowflake
-+-
 Reporter:  cohosh   |  Owner:  cohosh
 Type:  defect   | Status:  merge_ready
 Priority:  Medium   |  Milestone:
Component:  Circumvention/Snowflake  |Version:
 Severity:  Normal   | Resolution:
 Keywords:   |  Actual Points:
Parent ID:  #19409   | Points:
 Reviewer:   |Sponsor:
-+-
Changes (by arlolra):

 * status:  needs_review => merge_ready


Comment:

 LGTM

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #33619 [Core Tor/Tor]: Resolve TROVE-2020-004

[Tor Bug Tracker & Wiki]

#33619: Resolve TROVE-2020-004
-+-
 Reporter:  nickm|  Owner:  (none)
 Type:  defect   | Status:  closed
 Priority:  Medium   |  Milestone:  Tor:
 |  0.4.1.x-final
Component:  Core Tor/Tor |Version:
 Severity:  Normal   | Resolution:  fixed
 Keywords:  041-backport 042-backport|  Actual Points:  1
  043-backport   |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-
Changes (by nickm):

 * status:  new => closed
 * actualpoints:   => 1
 * milestone:  Tor: 0.4.4.x-final => Tor: 0.4.1.x-final
 * keywords:   => 041-backport 042-backport 043-backport
 * resolution:   => fixed


Old description:



New description:

 This is a remotely triggerable memory leak on relays and clients, found by
 tobias pulls.

 The issue is that when circpad_setup_machine_on_circ() is reached with an
 inconsistent internal configuration, it fails to free an object that is
 replaced.  It logs a bug warning, but that isn't enough.

 Tobias Pulls found that this code was actually reachable, though, and
 results in a memory leak.

--

Comment:

 We fix this in 78bcfc1280b322ba57a10a116457616eeb742ab6, with a fix that
 avoids the memory leak and prevents us from spamming the logs.  It does
 not fix the underlying issue where the code that wasn't supposed to be
 reachable is actually reached.

 This is a "medium" severity issue, and is also tracked as CVE-2020-10593.

 This fix has been merged to all ''supported'' affected releases (0.4.1.x
 and later).

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #33446 [Internal Services/Tor Sysadmin Team]: migrate cupani/git-rw to the ganeti cluster, triggering an IP address change

[Tor Bug Tracker & Wiki]

#33446: migrate cupani/git-rw to the ganeti cluster, triggering an IP address
change
-+-
 Reporter:  anarcat  |  Owner:  anarcat
 Type:  task | Status:  closed
 Priority:  High |  Milestone:
Component:  Internal Services/Tor Sysadmin Team  |Version:
 Severity:  Major| Resolution:  fixed
 Keywords:  tpa-roadmap-march|  Actual Points:
Parent ID:  #33085   | Points:
 Reviewer:  irl  |Sponsor:
-+-

Comment (by hiro):

 I solved it for hetzner-nbg1-02.torproject.org as following:

 **On the master:**

 {{{

 puppet cert clean hetzner-nbg1-02.torproject.org
 }}}


 **On the client:**


 {{{
 find /var/lib/puppet/ssl -name hetzner-nbg1-02.torproject.org.pem -delete
 }}}


 Then:
 Run the bootstrap script from tsa-misc/installer/puppet-bootstrap-client
 to get a new checksum

 Again on the master:

 {{{
 tpa-puppet-sign-client

 }}}

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #33637 [Circumvention/Snowflake]: Update license for Snowflake

[Tor Bug Tracker & Wiki]

#33637: Update license for Snowflake
-+--
 Reporter:  cohosh   |  Owner:  cohosh
 Type:  task | Status:  assigned
 Priority:  Medium   |  Milestone:
Component:  Circumvention/Snowflake  |Version:
 Severity:  Normal   | Resolution:
 Keywords:   |  Actual Points:
Parent ID:  #19409   | Points:  .1
 Reviewer:   |Sponsor:
-+--

Comment (by cohosh):

 If I was going to guess, I'd say add two lines to the top of the notice:
 {{{
 Copyright (c) 2016, Serene Han, Arlo Breault
 Copyright (c) 2017-2019, Serene Han, Arlo Breault, David Fifield
 Copyright (c) 2019-2020, Arlo Breault, David Fifield, The Tor Project,
 Inc.
 All rights reserved.
 }}}

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #33637 [Circumvention/Snowflake]: Update license for Snowflake

[Tor Bug Tracker & Wiki]

#33637: Update license for Snowflake
-+--
 Reporter:  cohosh   |  Owner:  cohosh
 Type:  task | Status:  assigned
 Priority:  Medium   |  Milestone:
Component:  Circumvention/Snowflake  |Version:
 Severity:  Normal   |   Keywords:
Actual Points:   |  Parent ID:  #19409
   Points:  .1   |   Reviewer:
  Sponsor:   |
-+--
 Working on packaging Snowflake for debian, and perhaps our license needs
 an update? We should make sure we have all our ducks in a row here because
 Debian will care.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #33137 [Core Tor/Tor]: Resolve TROVE-2020-003: crash adding bad ed25519 HSv3 private key from controller

[Tor Bug Tracker & Wiki]

#33137: Resolve TROVE-2020-003: crash adding bad ed25519 HSv3 private key from
controller
-+-
 Reporter:  nickm|  Owner:  asn
 Type:  defect   | Status:  closed
 Priority:  High |  Milestone:  Tor:
 |  0.4.3.x-final
Component:  Core Tor/Tor |Version:
 Severity:  Normal   | Resolution:  fixed
 Keywords:  035-backport 041-backport|  Actual Points:  2
  042-backport 043-backport. 043-must security   |
Parent ID:   | Points:  1-5?
 Reviewer:  ahf, catalyst|Sponsor:
-+-

Comment (by nickm):

 This bug was originally reported by Saibato Naga.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #33578 [Applications/Tor Browser]: Bump Snowflake version to 58b52eb9f7

[Tor Bug Tracker & Wiki]

#33578: Bump Snowflake version to 58b52eb9f7
+--
 Reporter:  cohosh  |  Owner:  tbb-team
 Type:  defect  | Status:  closed
 Priority:  Medium  |  Milestone:
Component:  Applications/Tor Browser|Version:
 Severity:  Normal  | Resolution:  fixed
 Keywords:  tbb-rbm, TorBrowserTeam202003R  |  Actual Points:
Parent ID:  | Points:
 Reviewer:  |Sponsor:
+--
Changes (by boklm):

 * status:  needs_review => closed
 * resolution:   => fixed


Comment:

 This looks good to me. I merged the patch to master as commit
 `bbdb75f2417df66efecf66474bffc047ff557b48`.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #31159 [Internal Services/Tor Sysadmin Team]: Monitor anti-censorship www services with prometheus

[Tor Bug Tracker & Wiki]

#31159: Monitor anti-censorship www services with prometheus
-+-
 Reporter:  phw  |  Owner:  hiro
 Type:  task | Status:
 |  assigned
 Priority:  Medium   |  Milestone:
Component:  Internal Services/Tor Sysadmin Team  |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tpa-roadmap-february tpa-roadmap-|  Actual Points:
  march  |
Parent ID:  #30152   | Points:  1
 Reviewer:   |Sponsor:
-+-

Comment (by phw):

 Replying to [comment:10 hiro]:
 > I can give you access to the machine and we can think a way to do this,
 but it would be better if you could pass me the targets and I add them on
 puppet directly. How does that sound?
 [[br]]
 Hmm, ok.  Note that the entire reason for filing #32679 was that I wanted
 our team to have control over the list of monitoring targets, so we don't
 have to block on others.  But we can go with your plan for now and see how
 it goes.

 The list of default bridges is available in a table on
 [https://trac.torproject.org/projects/tor/wiki/doc/TorBrowser/DefaultBridges
 this wiki page]. Please ignore the two last rows in the table, 0.0.2.0:2
 and 0.0.3.0:1. These are two pseudo IP addresses.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #19251 [Applications/Tor Browser]: TorBrowser might want to have an error page specific to when .onion links fail

[Tor Bug Tracker & Wiki]

#19251: TorBrowser might want to have an error page specific to when .onion 
links
fail
+--
 Reporter:  cypherpunks |  Owner:  brade
 Type:  enhancement | Status:  needs_review
 Priority:  Low |  Milestone:
Component:  Applications/Tor Browser|Version:
 Severity:  Normal  | Resolution:
 Keywords:  ux-team, TorBrowserTeam202003R  |  Actual Points:  6.7
Parent ID:  #30025  | Points:  6
 Reviewer:  acat,pospeselr  |Sponsor:
|  Sponsor27-must
+--

Comment (by pospeselr):

 Ok, a few nits but overall looks good to me:

 - the svgs aren't as small/optimized as they could be, I've attached
 replacements:
  - browser.svg -> https://trac.torproject.org/projects/tor/raw-
 attachment/ticket/19251/browser.svg
  - network.svg -> https://trac.torproject.org/projects/tor/raw-
 attachment/ticket/19251/network.svg
  - onionsite.svg -> https://trac.torproject.org/projects/tor/raw-
 attachment/ticket/19251/onionsite.svg
 - JavaScript has a Map type now ( https://developer.mozilla.org/en-
 US/docs/Web/JavaScript/Reference/Global_Objects/Map ), and I think (?)
 it's best practice to use them rather than the old Object with named
 fields pattern (for instance, in diagramInfoMap in _insertDiagram()). I
 know acat gave similar feedback on one of my patches at some point but I
 don't quite remember the justification.
 - hexErrorFromName could be reduced by having the returns under each case,
 rather than assign && break but I don't feel particularly strongly about
 it.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #33008 [Metrics/Relay Search]: Display a bridge's distribution bucket

[Tor Bug Tracker & Wiki]

#33008: Display a bridge's distribution bucket
-+-
 Reporter:  phw  |  Owner:
 |  metrics-team
 Type:  enhancement  | Status:
 |  needs_review
 Priority:  Medium   |  Milestone:
Component:  Metrics/Relay Search |Version:
 Severity:  Normal   | Resolution:
 Keywords:  s30-o24a1, anti-censorship-roadmap-  |  Actual Points:
  2020Q1 metrics-team-roadmap-2020Q1 |
Parent ID:  #31281   | Points:  2
 Reviewer:  cohosh   |Sponsor:
 |  Sponsor30-can
-+-

Comment (by phw):

 Replying to [comment:26 karsten]:
 > Replying to [comment:24 phw]:
 > > Replying to [comment:23 karsten]:
 > > >  - "None": either not distributed by BridgeDB as requested by the
 bridge operator, or distributed via one of the four other mechanisms but
 too new for Relay Search to know. (The info page should probably mention
 both possibilities.)
 >
 > Your latest screenshot doesn't say anything about that second
 possibility of assignment information not being propagated between
 services yet. I could imagine that impatient new bridge operators will ask
 why their bridge ended up in the None bucket. If you left this note out on
 purpose, maybe in order to keep things short, that's fine by me.
 [[br]]
 Yes, that's an oversight. How about this:
 [[br]]
 > Bridges whose distribution mechanism is "None" are not distributed by
 BridgeDB.  It is the bridge operator's responsibility to distribute their
 bridges to users.  Note that on Relay Search, a freshly set up bridge's
 distribution mechanism says "None" for a while.  Be a bit patient, and it
 will then change to the bridge's actual distribution mechanism.
 [[br]]
 Do we have an approximate time frame within which Relay Search should go
 from "None" to the bridge's actual distribution mechanism?

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #33636 [Circumvention/Snowflake]: Remove go-webrtc dependency from snowflake

[Tor Bug Tracker & Wiki]

#33636: Remove go-webrtc dependency from snowflake
-+--
 Reporter:  cohosh   |  Owner:  cohosh
 Type:  defect   | Status:  needs_review
 Priority:  Medium   |  Milestone:
Component:  Circumvention/Snowflake  |Version:
 Severity:  Normal   | Resolution:
 Keywords:   |  Actual Points:
Parent ID:  #19409   | Points:
 Reviewer:   |Sponsor:
-+--

Comment (by cohosh):

 Okay here's a PR for that: https://github.com/cohosh/snowflake/pull/23

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #19251 [Applications/Tor Browser]: TorBrowser might want to have an error page specific to when .onion links fail

[Tor Bug Tracker & Wiki]

#19251: TorBrowser might want to have an error page specific to when .onion 
links
fail
+--
 Reporter:  cypherpunks |  Owner:  brade
 Type:  enhancement | Status:  needs_review
 Priority:  Low |  Milestone:
Component:  Applications/Tor Browser|Version:
 Severity:  Normal  | Resolution:
 Keywords:  ux-team, TorBrowserTeam202003R  |  Actual Points:  6.7
Parent ID:  #30025  | Points:  6
 Reviewer:  acat,pospeselr  |Sponsor:
|  Sponsor27-must
+--
Changes (by pospeselr):

 * Attachment "onionsite.svg" added.


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #19251 [Applications/Tor Browser]: TorBrowser might want to have an error page specific to when .onion links fail

[Tor Bug Tracker & Wiki]

#19251: TorBrowser might want to have an error page specific to when .onion 
links
fail
+--
 Reporter:  cypherpunks |  Owner:  brade
 Type:  enhancement | Status:  needs_review
 Priority:  Low |  Milestone:
Component:  Applications/Tor Browser|Version:
 Severity:  Normal  | Resolution:
 Keywords:  ux-team, TorBrowserTeam202003R  |  Actual Points:  6.7
Parent ID:  #30025  | Points:  6
 Reviewer:  acat,pospeselr  |Sponsor:
|  Sponsor27-must
+--
Changes (by pospeselr):

 * Attachment "network.svg" added.


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #19251 [Applications/Tor Browser]: TorBrowser might want to have an error page specific to when .onion links fail

[Tor Bug Tracker & Wiki]

#19251: TorBrowser might want to have an error page specific to when .onion 
links
fail
+--
 Reporter:  cypherpunks |  Owner:  brade
 Type:  enhancement | Status:  needs_review
 Priority:  Low |  Milestone:
Component:  Applications/Tor Browser|Version:
 Severity:  Normal  | Resolution:
 Keywords:  ux-team, TorBrowserTeam202003R  |  Actual Points:  6.7
Parent ID:  #30025  | Points:  6
 Reviewer:  acat,pospeselr  |Sponsor:
|  Sponsor27-must
+--
Changes (by pospeselr):

 * Attachment "browser.svg" added.


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #33636 [Circumvention/Snowflake]: Remove go-webrtc dependency from snowflake

[Tor Bug Tracker & Wiki]

#33636: Remove go-webrtc dependency from snowflake
-+--
 Reporter:  cohosh   |  Owner:  cohosh
 Type:  defect   | Status:  needs_review
 Priority:  Medium   |  Milestone:
Component:  Circumvention/Snowflake  |Version:
 Severity:  Normal   | Resolution:
 Keywords:   |  Actual Points:
Parent ID:  #19409   | Points:
 Reviewer:   |Sponsor:
-+--

Comment (by dcf):

 I concur with removing server-webrtc. I haven't used it in forever.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #33428 [Core Tor/Chutney]: Make chutney check for relay microdescriptors before verifying

[Tor Bug Tracker & Wiki]

#33428: Make chutney check for relay microdescriptors before verifying
---+---
 Reporter:  teor   |  Owner:  (none)
 Type:  enhancement| Status:  new
 Priority:  Medium |  Milestone:
Component:  Core Tor/Chutney   |Version:
 Severity:  Normal | Resolution:
 Keywords:  ipv6, prop311, outreachy-ipv6  |  Actual Points:
Parent ID:  #33050 | Points:  1
 Reviewer: |Sponsor:  Sponsor55-can
---+---

Comment (by anuradha1904):

 Hey teor, I have made the PR, kindly check
 https://github.com/torproject/chutney/pull/60

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #27657 [Applications/Tor Browser]: Show .onion icon on Identity drop down?

[Tor Bug Tracker & Wiki]

#27657: Show .onion icon on Identity drop down?
--+---
 Reporter:  gk|  Owner:  tbb-team
 Type:  enhancement   | Status:  new
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:
 Keywords:  ux-team   |  Actual Points:
Parent ID:  #30025| Points:  6
 Reviewer:|Sponsor:  Sponsor27-can
--+---
Changes (by pili):

 * points:   => 6


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #33137 [Core Tor/Tor]: Resolve TROVE-2020-003: crash adding bad ed25519 HSv3 private key from controller (was: Resolve TROVE-2020-003)

[Tor Bug Tracker & Wiki]

#33137: Resolve TROVE-2020-003: crash adding bad ed25519 HSv3 private key from
controller
-+-
 Reporter:  nickm|  Owner:  asn
 Type:  defect   | Status:  closed
 Priority:  High |  Milestone:  Tor:
 |  0.4.3.x-final
Component:  Core Tor/Tor |Version:
 Severity:  Normal   | Resolution:  fixed
 Keywords:  035-backport 041-backport|  Actual Points:  2
  042-backport 043-backport. 043-must security   |
Parent ID:   | Points:  1-5?
 Reviewer:  ahf, catalyst|Sponsor:
-+-
Changes (by nickm):

 * status:  needs_review => closed
 * actualpoints:   => 2
 * keywords:  043-must security => 035-backport 041-backport 042-backport
 043-backport. 043-must security
 * resolution:   => fixed


Old description:



New description:

 This bug is an assertion failure that can only be triggered by an attacker
 with access to the user's controlport: if they use ADD_ONION to pass in an
 invalid ed25519 key, then Tor will exit.

 Here is asn's analysis of the issue:
 {{{

 

 Analysis of TROVE-2020-003
 


 Summary
 


 The issue at hand is that hs_build_address() can crash with an assert
 failure
 if called with an "invalid" ed25519 public key as its 'key' argument.
 Usually
 that function is only called with valid public keys, but after the
 introduction
 of the ADD_ONION control port feature and the hs_service_add_ephemeral()
 function, it can now be called with an invalid public key and cause an
 assert
 crash.

 Tor considers an ed25519 public key to be "invalid" when it has a torsion
 component (see [TORSION-REFS] in rend-spec-v3.txt) so that phishing
 attackers
 cannot generate equivalent onion addresses for a normal onion address.
 This is
 a validation step that is usually not required for normal ed25519-based
 protocols, but it's actually necessary for the security of onion addresses
 or
 in any other place where keys or signatures are used as identifiers and
 security relies on their uniqueness.

 The validating function is ed25519_validate_pubkey() and it's currently
 used in
 two cases:
 1) for onion address validation, so that attackers cannot create
 equivalent
sets of onion addresses
 2) when dirauths validate relay ed25519 keys, for reasons unclear to me
(perhaps this check is not needed)

 Impact
 


 The impact of this bug is a local denial-of-service attack to Tor through
 an
 assert-failure.

 The particular ADD_ONION attack vector can only be triggered by an
 attacker who
 has access to the control port which assumes a local attacker. Also an
 attacker
 who has access to the control port can do various other modifications to
 Tor
 that will result in loss of security. This is the reason this bug is
 marked as
 'low' severity.

 Fix
 


 Given that ed25519 public key validity checks are usually not needed and
 (so
 far) they are only necessary for onion addesses in the Tor protocol, we
 decided
 to fix this specific bug instance without modifying the rest of the
 codebase
 (see below for other fix approaches).

 In our minimal fix we check that the pubkey in hs_service_add_ephemeral()
 is
 valid and error out otherwise.

 This will fix the issue in the current codebase but it doesn't solve it in
 the
 future if a new feature comes in which tried to do something like
 ADD_ONION, or
 if a new feature comes out which tries to use ed25519 in a non-standard
 and
 dangerous way.

 Considerations for the future
 


 ed25519 signature and public key malleability is a complex topic that
 protocol
 designers must be aware of when using ed25519 in non-standard ways in the
 protocol. In our case, we got bitten by passing ed25519 *private* keys
 around,
 but there are other theoretical cases where this can bite us. Hence,
 protocol
 designers and reviewers who work with ed25519 should be aware of such
 threats
 when creating new protocols.

 In the future, we should consider moving to signature schemes based on
 Ristretto (or others) which do not need additional optional key
 validation.

 Other fix approaches
 
==

Re: [tor-bugs] #33636 [Circumvention/Snowflake]: Remove go-webrtc dependency from snowflake

[Tor Bug Tracker & Wiki]

#33636: Remove go-webrtc dependency from snowflake
-+--
 Reporter:  cohosh   |  Owner:  cohosh
 Type:  defect   | Status:  needs_review
 Priority:  Medium   |  Milestone:
Component:  Circumvention/Snowflake  |Version:
 Severity:  Normal   | Resolution:
 Keywords:   |  Actual Points:
Parent ID:  #19409   | Points:
 Reviewer:   |Sponsor:
-+--

Comment (by cohosh):

 Replying to [comment:3 arlolra]:
 > I left a comment inline on the pull.
 >
 > Separately, did you try spinning up a server and connecting to it?
 Also, this server is going to need updating in the turbo tunnel branches.
 Maybe it isn't worth maintaining going forward?  We can always revive it
 from git history if a need crops up.
 Thanks. I did a test, yeah, and it works well. I guess I'm not too
 concerned with maintaining it. The main advantage as far as I can tell is
 to easily test things between the client and server without having to go
 through the deployed broker. This is made a lot easier with Snowbox,
 however, and if we weren't using it for TurboTunnel anyway then I'm not
 sure what the point is.

 I'm all for removing it.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #19251 [Applications/Tor Browser]: TorBrowser might want to have an error page specific to when .onion links fail

[Tor Bug Tracker & Wiki]

#19251: TorBrowser might want to have an error page specific to when .onion 
links
fail
+--
 Reporter:  cypherpunks |  Owner:  brade
 Type:  enhancement | Status:  needs_review
 Priority:  Low |  Milestone:
Component:  Applications/Tor Browser|Version:
 Severity:  Normal  | Resolution:
 Keywords:  ux-team, TorBrowserTeam202003R  |  Actual Points:  6.7
Parent ID:  #30025  | Points:  6
 Reviewer:  acat,pospeselr  |Sponsor:
|  Sponsor27-must
+--

Comment (by mcs):

 Replying to [comment:41 mcs]:
 > Since we are not currently using any markup in that field we could use
 the `textContent` property. Or we could keep it as we wrote it and match
 Mozilla. What do other people think?

 During today's Sponsor 27 IRC meeting, we decided to keep match Mozilla
 and keep support for HTML.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #33636 [Circumvention/Snowflake]: Remove go-webrtc dependency from snowflake

[Tor Bug Tracker & Wiki]

#33636: Remove go-webrtc dependency from snowflake
-+--
 Reporter:  cohosh   |  Owner:  cohosh
 Type:  defect   | Status:  needs_review
 Priority:  Medium   |  Milestone:
Component:  Circumvention/Snowflake  |Version:
 Severity:  Normal   | Resolution:
 Keywords:   |  Actual Points:
Parent ID:  #19409   | Points:
 Reviewer:   |Sponsor:
-+--

Comment (by arlolra):

 I left a comment inline on the pull.

 Separately, did you try spinning up a server and connecting to it?  Also,
 this server is going to need updating in the turbo tunnel branches.  Maybe
 it isn't worth maintaining going forward?  We can always revive it from
 git history if a need crops up.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #33636 [Circumvention/Snowflake]: Remove go-webrtc dependency from snowflake

[Tor Bug Tracker & Wiki]

#33636: Remove go-webrtc dependency from snowflake
-+--
 Reporter:  cohosh   |  Owner:  cohosh
 Type:  defect   | Status:  needs_review
 Priority:  Medium   |  Milestone:
Component:  Circumvention/Snowflake  |Version:
 Severity:  Normal   | Resolution:
 Keywords:   |  Actual Points:
Parent ID:  #19409   | Points:
 Reviewer:   |Sponsor:
-+--
Changes (by cohosh):

 * status:  assigned => needs_review


Comment:

 Here's a PR: https://github.com/cohosh/snowflake/pull/22

 Note: I ran `go mod tidy` which made a few additional changes to `go.mod`.
 These changes seem fine.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #28005 [Applications/Tor Browser]: Officially support onions in HTTPS-Everywhere

[Tor Bug Tracker & Wiki]

#28005: Officially support onions in HTTPS-Everywhere
-+-
 Reporter:  asn  |  Owner:  tbb-
 |  team
 Type:  defect   | Status:
 |  needs_review
 Priority:  Medium   |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tor-hs, https-everywhere, network-   |  Actual Points:  17
  team-roadmap-november, network-team-roadmap-   |
  2020Q1, TorBrowserTeam202003R, ux-team |
Parent ID:  #30029   | Points:  20
 Reviewer:  mcs, sysrqb, antonela|Sponsor:
 |  Sponsor27-must
-+-

Comment (by acat):

 Replying to [comment:31 asn]:
 > Random question: Is there an issue with cookies and SSL and multiple
 websites falling under `*.tor.onion`? I think mike was raising concerns
 about this at some point?

 The urlbar rewrites to `.tor.onion` are cosmetic: they should just affect
 the UI. For everything else other than what is displayed in the urlbar,
 the actual URL is still the `.onion` one. That includes TLS (which is
 checked against the `.onion`, not the `.tor.onion`) and cookies.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #21952 [Applications/Tor Browser]: Onion-location: increasing the use of onion services through automatic redirects and aliasing

[Tor Bug Tracker & Wiki]

#21952: Onion-location: increasing the use of onion services through automatic
redirects and aliasing
-+-
 Reporter:  linda|  Owner:  acat
 Type:  project  | Status:
 |  needs_review
 Priority:  Medium   |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  ux-team, tor-hs, network-team-   |  Actual Points:  10
  roadmap-november, tbb-9.5, network-team-   |
  roadmap-2020Q1, TorBrowserTeam202003R  |
Parent ID:  #30024   | Points:  6
 Reviewer:  pospeselr, mcs, brade|Sponsor:
 |  Sponsor27-must
-+-

Comment (by acat):

 Thanks for the reviews! Here are the revised patches:
 https://github.com/acatarineu/tor-browser/commit/21952+5 and
 https://github.com/acatarineu/torbutton/commit/21952+1. I took the
 suggested string changes for now, let's wait for the final string review.

 I will upload some tor-browser builds with these changes and also add an
 updated `Onion-Location` spec that reflects the current implementation, so
 that asn and maybe others can review.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #33636 [Circumvention/Snowflake]: Remove go-webrtc dependency from snowflake

[Tor Bug Tracker & Wiki]

#33636: Remove go-webrtc dependency from snowflake
-+--
 Reporter:  cohosh   |  Owner:  cohosh
 Type:  defect   | Status:  assigned
 Priority:  Medium   |  Milestone:
Component:  Circumvention/Snowflake  |Version:
 Severity:  Normal   |   Keywords:
Actual Points:   |  Parent ID:
   Points:   |   Reviewer:
  Sponsor:   |
-+--
 We still depend on go-webrtc because of the testing code in server-webrtc.
 Let's migrate this to pion or get rid of this testing code. go-webrtc is
 now officially unmaintained, and this will make it easier for us to
 package Snowflake for #19409

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #33636 [Circumvention/Snowflake]: Remove go-webrtc dependency from snowflake

[Tor Bug Tracker & Wiki]

#33636: Remove go-webrtc dependency from snowflake
-+--
 Reporter:  cohosh   |  Owner:  cohosh
 Type:  defect   | Status:  assigned
 Priority:  Medium   |  Milestone:
Component:  Circumvention/Snowflake  |Version:
 Severity:  Normal   | Resolution:
 Keywords:   |  Actual Points:
Parent ID:  #19409   | Points:
 Reviewer:   |Sponsor:
-+--
Changes (by cohosh):

 * parent:   => #19409


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #28005 [Applications/Tor Browser]: Officially support onions in HTTPS-Everywhere

[Tor Bug Tracker & Wiki]

#28005: Officially support onions in HTTPS-Everywhere
-+-
 Reporter:  asn  |  Owner:  tbb-
 |  team
 Type:  defect   | Status:
 |  needs_review
 Priority:  Medium   |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tor-hs, https-everywhere, network-   |  Actual Points:  17
  team-roadmap-november, network-team-roadmap-   |
  2020Q1, TorBrowserTeam202003R, ux-team |
Parent ID:  #30029   | Points:  20
 Reviewer:  mcs, sysrqb, antonela|Sponsor:
 |  Sponsor27-must
-+-

Comment (by asn):

 Random question: Is there an issue with cookies and SSL and multiple
 websites falling under `*.tor.onion`? I think mike was raising concerns
 about this at some point?

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #33628 [Internal Services/Tor Sysadmin Team]: Add charly to many internal aliases

[Tor Bug Tracker & Wiki]

#33628: Add charly to many internal aliases
-+-
 Reporter:  arma |  Owner:  arma
 Type:  enhancement  | Status:
 |  assigned
 Priority:  Medium   |  Milestone:
Component:  Internal Services/Tor Sysadmin Team  |Version:
 Severity:  Normal   | Resolution:
 Keywords:   |  Actual Points:
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-
Changes (by anarcat):

 * status:  new => assigned
 * owner:  tpa => arma


Comment:

 arma seems to be on top of things here, let me know if you need help :)

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #33623 [Core Tor/Tor]: sendme: Change default emit cell version from 0 to 1

[Tor Bug Tracker & Wiki]

#33623: sendme: Change default emit cell version from 0 to 1
-+-
 Reporter:  dgoulet  |  Owner:  dgoulet
 Type:  defect   | Status:
 |  needs_review
 Priority:  Medium   |  Milestone:  Tor:
 |  0.4.4.x-final
Component:  Core Tor/Tor |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tor-relay sendme 044-should  |  Actual Points:  0.1
  041-backport 042-backport  |
Parent ID:   | Points:  0.1
 Reviewer:   |Sponsor:
-+-
Changes (by dgoulet):

 * keywords:  tor-relay sendme backport? 044-should => tor-relay sendme
 044-should 041-backport 042-backport
 * status:  assigned => needs_review
 * actualpoints:   => 0.1


Comment:

 Based on 041 for backport (earliest version of SENDME v1). Merges forward
 cleanly to master.

 Branch: `ticket33623_041_01`
 PR: https://github.com/torproject/tor/pull/1806

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #33072 [Core Tor/Tor]: When under load, give 503 aggressively for dirport requests without compression

[Tor Bug Tracker & Wiki]

#33072: When under load, give 503 aggressively for dirport requests without
compression
---+---
 Reporter:  nickm  |  Owner:  dgoulet
 Type:  defect | Status:  needs_review
 Priority:  Medium |  Milestone:  Tor:
   |  0.4.3.x-final
Component:  Core Tor/Tor   |Version:
 Severity:  Normal | Resolution:
 Keywords:  network-health 043-should  |  Actual Points:
Parent ID:  #33018 | Points:
 Reviewer:  nickm, arma|Sponsor:
---+---
Changes (by dgoulet):

 * status:  needs_revision => needs_review


Comment:

 **0.4.3:**
 Branch: `ticket33072_043_02`
 PR: https://github.com/torproject/tor/pull/1804

 **0.4.4+:**
 Branch: `ticket33072_044_01`
 PR: https://github.com/torproject/tor/pull/1805

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #33624 [Core Tor/Tor]: Static building tor with openssl does not work

[Tor Bug Tracker & Wiki]

#33624: Static building tor with openssl does not work
--+
 Reporter:  dgoulet   |  Owner:  (none)
 Type:  defect| Status:  needs_review
 Priority:  Medium|  Milestone:  Tor: 0.4.4.x-final
Component:  Core Tor/Tor  |Version:
 Severity:  Normal| Resolution:
 Keywords:  build static openssl  |  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+
Changes (by dgoulet):

 * status:  new => needs_review


Comment:

 Branch: `ticket33624_044_01`
 PR: https://github.com/torproject/tor/pull/1803

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #19409 [Circumvention/Snowflake]: Make a deb of snowflake and get into Debian

[Tor Bug Tracker & Wiki]

#19409: Make a deb of snowflake and get into Debian
-+--
 Reporter:  adrelanos|  Owner:  cohosh
 Type:  enhancement  | Status:  assigned
 Priority:  High |  Milestone:
Component:  Circumvention/Snowflake  |Version:
 Severity:  Major| Resolution:
 Keywords:   |  Actual Points:
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+--

Comment (by anarcat):

 >  Maybe there's a way to package it with some of the dependencies (using
 go mod vendor)?

 That's certainly possible, but frowned upon in Debian. In general, we try
 to package libs separately to alleviate the maintenance burden on the
 release and security teams (as they may need to update those packages in
 the future). Golang is special, unfortunately, there are a number of
 issues with Debian packaging of golang that make that harder:

 https://wiki.debian.org/Teams/DebianGoTeam/2020/GoEcosystemIssues

 ... nothing you need to worry about here, though: we should still pretend
 that golang is like everyone else and that we can't just vendor everything
 that way.

 > And then you will pull in all eighteen-or-whatever go lib debs when you
 install your snowflake deb.

 That, however, is not quite accurate: golang is still statically linked in
 Debian, just like everywhere else, because the upstream tooling for
 dynamic linking is non-existent (or at least non-existent enough that it
 just doesn't work - Ubuntu tried it and failed). So everything is, in
 fact, "vendored in", from a binary perspective.

 >  We can't be the only group in Debian considering packaging a go thing
 that pulls in a bunch of dependencies. We should figure out who in Debian
 is maintaining the go lib debs, and see what their plans are. Maybe there
 is already a critical mass somewhere of people who want to package and
 maintain go libs.

 The trick here is to open a bug report in the Debian BTS
 (https://bugs.debian.org/) for each package and each of its dependencies.
 That way duplicate efforts are avoided.

 There's a magic command called `dh-make-golang` which will build a
 skeleton debian package of your golang module, and will show which
 dependencies are missing. Then you run `dh-make-golang` on those,
 recursively, until you're done. Each of those invocations gives you an
 "ITP" (Intent To Package) email template that you then send to the BTS and
 use to update your progress. When you're done with a package, you find a
 sponsor (ie. a debian member, e.g. yes me or weasel, or talk to
 https://mentors.debian.net) to get your package into unstable, and you're
 basically done (until you need an update).

 >  One of the awesome things about a snowflake deb (i.e. a deb that lets
 people become snowflakes) would be that you just install the deb and it
 magically works from there -- no editing text files, no opening ports, no
 installing tor, etc. Basically all the features of having a Snowflake
 browser extension, but now also in the (headless) deb package world.

 ... that sometimes involves a lot of tricky debian packaging tricks. It is
 much easier to do this when upstream already provides tools to do that
 hard stuff ("edit text file", "open port" (?), "configure tor")...

 > Debian teams have a standardized package template and workflow. It is
 important to follow these, otherwise you will not receive maintenance work
 from the team. Custom packaging methods are just too time consuming to
 maintain.

 Ideally, yes, you get the golang team involved and the package is assigned
 to the team so it falls under their umbrella. This is particularly
 relevant for dependencies that might be used by other packages as well.
 However I'm not sure it's relevant for snowflake itself, because it's
 specific to us (tor).

 Let me know if you have any other questions: I have packaged a few golang
 libraries and one binary in Debian and learned some of the ropes, so I can
 help. (Hey, and look at that - I *am* part of the golang team, so you got
 a team member to ask right here. ;)

 Cheers!

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #23226 [Applications/GetTor]: GetTor help message could be more helpful

[Tor Bug Tracker & Wiki]

#23226: GetTor help message could be more helpful
-+-
 Reporter:  catalyst |  Owner:  cohosh
 Type:  defect   | Status:
 |  needs_revision
 Priority:  Medium   |  Milestone:
Component:  Applications/GetTor  |Version:
 Severity:  Normal   | Resolution:
 Keywords:  anti-censorship-roadmap-2020Q1, ux-  |  Actual Points:
  team   |
Parent ID:  #9036| Points:  1
 Reviewer:  phw  |Sponsor:
-+-
Changes (by antonela):

 * keywords:  anti-censorship-roadmap-2020Q1 => anti-censorship-roadmap-
 2020Q1, ux-team


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #23226 [Applications/GetTor]: GetTor help message could be more helpful

[Tor Bug Tracker & Wiki]

#23226: GetTor help message could be more helpful
+--
 Reporter:  catalyst|  Owner:  cohosh
 Type:  defect  | Status:
|  needs_revision
 Priority:  Medium  |  Milestone:
Component:  Applications/GetTor |Version:
 Severity:  Normal  | Resolution:
 Keywords:  anti-censorship-roadmap-2020Q1  |  Actual Points:
Parent ID:  #9036   | Points:  1
 Reviewer:  phw |Sponsor:
+--

Comment (by antonela):

 Thanks for working on improving this message!

 Some comments:
 1. Yes! let's include an example of how the message should look. I know we
 have been receiving emails with bad formatting. Let's be explicit about
 it.
 2. Do we know which are the most requested locale versions? If yes, let's
 use them in the list. If we don't know, then we should list in
 alphabetical order for fast scanning.

 Changes:
 - Removed `three`, seems redundant.
 - Made explicit that the OS is the one that they want to install TB. Seems
 clear but was not.
 - Tried to explain the example.


 {{{
 This is an automated email response from GetTor.

 GetTor can send you download links for Tor Browser.
 Simply reply to this email and write the operating system you want to
 install Tor Browser on in your response:

 windows
 linux
 osx

 GetTor will then respond with download instructions.

 If you want Tor Browser in a language other than English, mention one of
 the
 following language codes in your response:

 en-US
 es-ES
 pt-BR
 ar
 [...]

 For example, if you want Tor Browser in Spanish your email content will
 look like:

 windows es-ES

 }}}

 We will run user testing on this flow, and we can iterate and adjust what
 is necessary after it.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #33491 [Core Tor/Tor]: tor_bug_occurred_: Bug: src/core/or/dos.c:697: dos_new_client_conn: Non-fatal assertion !(entry == NULL) failed. (Future instances of this warning will be silence

[Tor Bug Tracker & Wiki]

#33491: tor_bug_occurred_: Bug: src/core/or/dos.c:697: dos_new_client_conn: Non-
fatal assertion !(entry == NULL) failed. (Future instances of this warning
will be silenced.) (on Tor 0.4.2.6 )
-+-
 Reporter:  sjcjonker|  Owner:  dgoulet
 Type:  defect   | Status:
 |  merge_ready
 Priority:  Medium   |  Milestone:  Tor:
 |  0.4.3.x-final
Component:  Core Tor/Tor |Version:  Tor:
 |  0.3.3.2-alpha
 Severity:  Normal   | Resolution:
 Keywords:  consider-backport-after-0434, tor-   |  Actual Points:
  dos FreeBSD 043-backport 042-backport, |
  041-backport, 035-backport |
Parent ID:   | Points:
 Reviewer:  teor |Sponsor:
-+-
Changes (by teor):

 * milestone:  Tor: 0.4.4.x-final => Tor: 0.4.3.x-final


Comment:

 CI passed, merged to master, leaving open for backport to 0.3.5 and later.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #21952 [Applications/Tor Browser]: Onion-location: increasing the use of onion services through automatic redirects and aliasing

[Tor Bug Tracker & Wiki]

#21952: Onion-location: increasing the use of onion services through automatic
redirects and aliasing
-+-
 Reporter:  linda|  Owner:  acat
 Type:  project  | Status:
 |  needs_review
 Priority:  Medium   |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  ux-team, tor-hs, network-team-   |  Actual Points:  10
  roadmap-november, tbb-9.5, network-team-   |
  roadmap-2020Q1, TorBrowserTeam202003R  |
Parent ID:  #30024   | Points:  6
 Reviewer:  pospeselr, mcs, brade|Sponsor:
 |  Sponsor27-must
-+-

Comment (by antonela):

 Replying to [comment:110 mcs]:
 > * Does onionLocation.learnMoreURL need to be localized? It could be
 handled like securityLevel.learnMoreURL (use a hard-coded URL but insert
 the current locale). Also, please go ahead and file a child ticket to
 track creation of the "learn more" page.

 Now, we have #33512 as a child here.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #33635 [Core Tor/Tor]: Regenerate practracker exceptions in master

[Tor Bug Tracker & Wiki]

#33635: Regenerate practracker exceptions in master
--+
 Reporter:  teor  |  Owner:  teor
 Type:  task  | Status:  assigned
 Priority:  Medium|  Milestone:  Tor: 0.4.4.x-final
Component:  Core Tor/Tor  |Version:
 Severity:  Normal|   Keywords:  technical-debt, 044-should
Actual Points:|  Parent ID:
   Points:  0.1   |   Reviewer:
  Sponsor:|
--+
 Every so often, we do a full regenerate of the practracker exceptions
 file.

 A full regenerate accepts the current state of the tor codebase, and
 clears the list of practracker warnings.

 That way, reviewers can focus on new warnings. (And we aren't confusing
 new users.)

 Ideally, we should slowly be removing files and functions from the
 exceptions file, as we resolve technical debt.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #21952 [Applications/Tor Browser]: Onion-location: increasing the use of onion services through automatic redirects and aliasing

[Tor Bug Tracker & Wiki]

#21952: Onion-location: increasing the use of onion services through automatic
redirects and aliasing
-+-
 Reporter:  linda|  Owner:  acat
 Type:  project  | Status:
 |  needs_review
 Priority:  Medium   |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  ux-team, tor-hs, network-team-   |  Actual Points:  10
  roadmap-november, tbb-9.5, network-team-   |
  roadmap-2020Q1, TorBrowserTeam202003R  |
Parent ID:  #30024   | Points:  6
 Reviewer:  pospeselr, mcs, brade|Sponsor:
 |  Sponsor27-must
-+-

Comment (by antonela):

 Replying to [comment:111 mcs]:
 > Here are some UX and code-related comments for the `21952+4` branch from
 Kathy and me:
 > * UX: The "Onion Services" and "Onion Services Authentication" sections
 are not near each other within about:preferences#privacy. Is that okay or
 should we move one of them?

 I think Onion Services first makes sense. We can group Onion Services Auth
 with Logins and Passwords. The list may look like:

 1. Onion Services
 2. Cookies and Site Data
 3. Logins and Passwords
 4. Onion Services Auth
 5. History
 6. Address Bar

 > * UX: Should clicking the "Always Prioritize Onions" option flip the
 pref as well as take the user to about:preferences? It surprises us that
 clicking it does not carry out the action.

 Ideally, yes. There is also a highlight animation when the preferences get
 open. The behavior is the same when users click `Advanced Security
 Settings` in the toolbar icon.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #33491 [Core Tor/Tor]: tor_bug_occurred_: Bug: src/core/or/dos.c:697: dos_new_client_conn: Non-fatal assertion !(entry == NULL) failed. (Future instances of this warning will be silence

[Tor Bug Tracker & Wiki]

#33491: tor_bug_occurred_: Bug: src/core/or/dos.c:697: dos_new_client_conn: Non-
fatal assertion !(entry == NULL) failed. (Future instances of this warning
will be silenced.) (on Tor 0.4.2.6 )
-+-
 Reporter:  sjcjonker|  Owner:  dgoulet
 Type:  defect   | Status:
 |  merge_ready
 Priority:  Medium   |  Milestone:  Tor:
 |  0.4.4.x-final
Component:  Core Tor/Tor |Version:  Tor:
 |  0.3.3.2-alpha
 Severity:  Normal   | Resolution:
 Keywords:  consider-backport-after-0434, tor-   |  Actual Points:
  dos FreeBSD 043-backport 042-backport, |
  041-backport, 035-backport |
Parent ID:   | Points:
 Reviewer:  teor |Sponsor:
-+-
Changes (by teor):

 * keywords:  tor-dos FreeBSD 043-backport 042-backport, 041-backport,
 035-backport =>
 consider-backport-after-0434, tor-dos FreeBSD 043-backport
 042-backport, 041-backport, 035-backport
 * status:  needs_review => merge_ready
 * version:  0.4.2.6 => Tor: 0.3.3.2-alpha


Comment:

 Merge forward is clean, but I can't see any CI for master, so here it is:
 * test master: https://github.com/torproject/tor/pull/1802

 Marking for backport after 0.4.3.4, seems pretty low-risk, and pretty
 important (but only for bridges with PTs).

 If the test master CI passes, let's merge to master.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #28005 [Applications/Tor Browser]: Officially support onions in HTTPS-Everywhere

[Tor Bug Tracker & Wiki]

#28005: Officially support onions in HTTPS-Everywhere
-+-
 Reporter:  asn  |  Owner:  tbb-
 |  team
 Type:  defect   | Status:
 |  needs_review
 Priority:  Medium   |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tor-hs, https-everywhere, network-   |  Actual Points:  17
  team-roadmap-november, network-team-roadmap-   |
  2020Q1, TorBrowserTeam202003R, ux-team |
Parent ID:  #30029   | Points:  20
 Reviewer:  mcs, sysrqb, antonela|Sponsor:
 |  Sponsor27-must
-+-

Comment (by antonela):

 Replying to [comment:27 mcs]:
 > * UX: For the circuit display, does it make sense to show the full onion
 address on hover? (in addition to the "Click to Copy" functionality). That
 could be done with a tooltip and would allow users to see the complete
 name without pasting somewhere else.

 We can show the full onion at the `alt` label for users who don't want to
 click copy. I like that idea. A custom tooltip seems too much, but a
 default hover seems appropriate.

 > * The `.tor.onion` illusion is not complete. For example, I noticed that
 when I created a bookmark the unfriendly `.onion` name was stored in the
 bookmark. It might be difficult to find and fix all cases like this
 though. In the long run, I wonder if we can learn something from how
 things like AltSvc are implemented (I assume AltSvc is handled at a much
 lower level than the URL bar but I have not looked closely).

 Saving the memorable address is a must! Maybe alt-svc or onion-location
 make it easier, yes.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #33032 [Core Tor/Tor]: Decode key files with Unix or Windows newlines

[Tor Bug Tracker & Wiki]

#33032: Decode key files with Unix or Windows newlines
-+-
 Reporter:  larshilse|  Owner:  nickm
 Type:  defect   | Status:
 |  needs_review
 Priority:  Medium   |  Milestone:  Tor:
 |  0.4.4.x-final
Component:  Core Tor/Tor |Version:  Tor:
 |  0.3.5.8
 Severity:  Normal   | Resolution:
 Keywords:  Scallion, onion, private key,|  Actual Points:  .2
  044-should, 035-backport, 041-backport,|
  042-backport, 043-backport |
Parent ID:   | Points:  0.5
 Reviewer:  asn  |Sponsor:
-+-

Comment (by teor):

 (I restarted the job.)

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #33032 [Core Tor/Tor]: Decode key files with Unix or Windows newlines

[Tor Bug Tracker & Wiki]

#33032: Decode key files with Unix or Windows newlines
-+-
 Reporter:  larshilse|  Owner:  nickm
 Type:  defect   | Status:
 |  needs_review
 Priority:  Medium   |  Milestone:  Tor:
 |  0.4.4.x-final
Component:  Core Tor/Tor |Version:  Tor:
 |  0.3.5.8
 Severity:  Normal   | Resolution:
 Keywords:  Scallion, onion, private key,|  Actual Points:  .2
  044-should, 035-backport, 041-backport,|
  042-backport, 043-backport |
Parent ID:   | Points:  0.5
 Reviewer:  asn  |Sponsor:
-+-

Comment (by teor):

 Once macOS CI failed here due to a hang, see #32804 for details.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #32804 [Core Tor/Tor]: Travis CI hangs during compile or test

[Tor Bug Tracker & Wiki]

#32804: Travis CI hangs during compile or test
-+-
 Reporter:  teor |  Owner:  (none)
 Type:  defect   | Status:
 |  needs_information
 Priority:  Medium   |  Milestone:  Tor:
 |  0.4.3.x-final
Component:  Core Tor/Tor |Version:  Tor:
 |  unspecified
 Severity:  Normal   | Resolution:
 Keywords:  tor-ci-rarely-fail, tor-test, hang,  |  Actual Points:
  tor-ci, 043-should |
Parent ID:  #29645   | Points:  1
 Reviewer:   |Sponsor:
-+-

Comment (by teor):

 Here's another hang from last week:
 https://travis-ci.org/github/torproject/tor/jobs/661110237

 Affects ticket #33032.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #33608 [Core Tor/Tor]: Stop forcing prefer IPv6 on non-SOCKSPorts

[Tor Bug Tracker & Wiki]

#33608: Stop forcing prefer IPv6 on non-SOCKSPorts
--+
 Reporter:  teor  |  Owner:  teor
 Type:  defect| Status:  needs_review
 Priority:  Medium|  Milestone:  Tor: 0.4.3.x-final
Component:  Core Tor/Tor  |Version:  Tor: 0.4.3.1-alpha
 Severity:  Normal| Resolution:
 Keywords:  043-should, 043-backport  |  Actual Points:  0.1
Parent ID:  #33607| Points:  0.1
 Reviewer:  dgoulet   |Sponsor:
--+
Changes (by asn):

 * reviewer:   => dgoulet


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #33491 [Core Tor/Tor]: tor_bug_occurred_: Bug: src/core/or/dos.c:697: dos_new_client_conn: Non-fatal assertion !(entry == NULL) failed. (Future instances of this warning will be silence

[Tor Bug Tracker & Wiki]

#33491: tor_bug_occurred_: Bug: src/core/or/dos.c:697: dos_new_client_conn: Non-
fatal assertion !(entry == NULL) failed. (Future instances of this warning
will be silenced.) (on Tor 0.4.2.6 )
-+-
 Reporter:  sjcjonker|  Owner:  dgoulet
 Type:  defect   | Status:
 |  needs_review
 Priority:  Medium   |  Milestone:  Tor:
 |  0.4.4.x-final
Component:  Core Tor/Tor |Version:  0.4.2.6
 Severity:  Normal   | Resolution:
 Keywords:  tor-dos FreeBSD 043-backport |  Actual Points:
  042-backport, 041-backport, 035-backport   |
Parent ID:   | Points:
 Reviewer:  teor |Sponsor:
-+-
Changes (by asn):

 * reviewer:   => teor


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #33545 [Core Tor/Tor]: assertion failure when "all zero" client auth key provided

[Tor Bug Tracker & Wiki]

#33545: assertion failure when "all zero" client auth key provided
--+
 Reporter:  mcs   |  Owner:  (none)
 Type:  defect| Status:  needs_review
 Priority:  High  |  Milestone:  Tor: 0.4.3.x-final
Component:  Core Tor/Tor  |Version:  Tor: 0.4.4.0-alpha-dev
 Severity:  Normal| Resolution:
 Keywords:  043-should|  Actual Points:
Parent ID:| Points:
 Reviewer:  asn   |Sponsor:
--+
Changes (by asn):

 * reviewer:   => asn


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #32994 [Core Tor/Tor]: Get all flag defaults from port_cfg_new()

[Tor Bug Tracker & Wiki]

#32994: Get all flag defaults from port_cfg_new()
-+-
 Reporter:  teor |  Owner:
 |  MrSquanchee
 Type:  defect   | Status:
 |  needs_review
 Priority:  Medium   |  Milestone:  Tor:
 |  0.4.4.x-final
Component:  Core Tor/Tor |Version:
 Severity:  Normal   | Resolution:
 Keywords:  extra-review, technical-debt, tor-   |  Actual Points:  0.3
  client, easy, intro, outreachy-ipv6|
Parent ID:   | Points:  1
 Reviewer:  ahf  |Sponsor:
-+-
Changes (by asn):

 * reviewer:   => ahf


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #33032 [Core Tor/Tor]: Decode key files with Unix or Windows newlines

[Tor Bug Tracker & Wiki]

#33032: Decode key files with Unix or Windows newlines
-+-
 Reporter:  larshilse|  Owner:  nickm
 Type:  defect   | Status:
 |  needs_review
 Priority:  Medium   |  Milestone:  Tor:
 |  0.4.4.x-final
Component:  Core Tor/Tor |Version:  Tor:
 |  0.3.5.8
 Severity:  Normal   | Resolution:
 Keywords:  Scallion, onion, private key,|  Actual Points:  .2
  044-should, 035-backport, 041-backport,|
  042-backport, 043-backport |
Parent ID:   | Points:  0.5
 Reviewer:  asn  |Sponsor:
-+-
Changes (by asn):

 * reviewer:   => asn


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #26366 [Core Tor/Tor]: Possible duplicated logic in connection_edge_finished_connecting() and connection_exit_connect()

[Tor Bug Tracker & Wiki]

#26366: Possible duplicated logic in connection_edge_finished_connecting() and
connection_exit_connect()
--+--
 Reporter:  ahf   |  Owner:  neel
 Type:  defect| Status:  needs_review
 Priority:  Medium|  Milestone:  Tor: unspecified
Component:  Core Tor/Tor  |Version:  Tor: unspecified
 Severity:  Normal| Resolution:
 Keywords:  tor-hs|  Actual Points:
Parent ID:| Points:
 Reviewer:  catalyst  |Sponsor:
--+--
Changes (by asn):

 * reviewer:   => catalyst


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #32143 [Core Tor/Tor]: Build some CI jobs with ALL_BUGS_ARE_FATAL

[Tor Bug Tracker & Wiki]

#32143: Build some CI jobs with ALL_BUGS_ARE_FATAL
--+
 Reporter:  teor  |  Owner:  (none)
 Type:  task  | Status:  closed
 Priority:  Medium|  Milestone:  Tor: 0.4.4.x-final
Component:  Core Tor/Tor  |Version:
 Severity:  Normal| Resolution:  fixed
 Keywords:  tor-ci|  Actual Points:
Parent ID:| Points:  0.2
 Reviewer:  teor  |Sponsor:
--+
Changes (by teor):

 * keywords:  043-should tor-ci => tor-ci
 * status:  needs_review => closed
 * resolution:   => fixed
 * milestone:  Tor: 0.4.3.x-final => Tor: 0.4.4.x-final


Comment:

 Thanks!

 Squashed, removed reverted commit and its revert, squashed some commits
 that used the old option name, and merged to master.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #32143 [Core Tor/Tor]: Build some CI jobs with ALL_BUGS_ARE_FATAL

[Tor Bug Tracker & Wiki]

#32143: Build some CI jobs with ALL_BUGS_ARE_FATAL
---+
 Reporter:  teor   |  Owner:  (none)
 Type:  task   | Status:  needs_review
 Priority:  Medium |  Milestone:  Tor: 0.4.3.x-final
Component:  Core Tor/Tor   |Version:
 Severity:  Normal | Resolution:
 Keywords:  043-should tor-ci  |  Actual Points:
Parent ID: | Points:  0.2
 Reviewer:  teor   |Sponsor:
---+
Changes (by rl1987):

 * status:  needs_revision => needs_review


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #19409 [Circumvention/Snowflake]: Make a deb of snowflake and get into Debian

[Tor Bug Tracker & Wiki]

#19409: Make a deb of snowflake and get into Debian
-+--
 Reporter:  adrelanos|  Owner:  cohosh
 Type:  enhancement  | Status:  assigned
 Priority:  High |  Milestone:
Component:  Circumvention/Snowflake  |Version:
 Severity:  Major| Resolution:
 Keywords:   |  Actual Points:
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+--

Comment (by eighthave):

 All of the libs need to be packaged in Debian first.  Vendoring is
 strongly discouraged and only allowed as a last resort, e.g. if a program
 needs a custom version of a lib where the maintainer of that lib has
 rejected the required patches.

 There are two relevant Debian teams for this:
 * Debian Go Packaging: https://qa.debian.org/developer.php?login=pkg-go-
 maintainers%40lists.alioth.debian.org
 * Debian Privacy Tools: https://qa.debian.org/developer.php?login=pkg-
 privacy-maintainers%40lists.alioth.debian.org

 I would email the Debian teams with questions and an outline of the work
 you want to do (with Debian you don't have to subscribe to post messages
 usually).

 Debian teams have a standardized package template and workflow.  It is
 important to follow these, otherwise you will not receive maintenance work
 from the team.  Custom packaging methods are just too time consuming to
 maintain.  The Go Team has documentation too:
 https://go-team.pages.debian.net/

 Looks like they are on IRC too, so try them there.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #28005 [Applications/Tor Browser]: Officially support onions in HTTPS-Everywhere

[Tor Bug Tracker & Wiki]

#28005: Officially support onions in HTTPS-Everywhere
-+-
 Reporter:  asn  |  Owner:  tbb-
 |  team
 Type:  defect   | Status:
 |  needs_review
 Priority:  Medium   |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tor-hs, https-everywhere, network-   |  Actual Points:  17
  team-roadmap-november, network-team-roadmap-   |
  2020Q1, TorBrowserTeam202003R, ux-team |
Parent ID:  #30029   | Points:  20
 Reviewer:  mcs, sysrqb, antonela|Sponsor:
 |  Sponsor27-must
-+-

Comment (by acat):

 Sorry, I forgot to mention that I also moved the
 `browser/components/onionalias` to `browser/components/onionservices`,
 following your comment in
 https://trac.torproject.org/projects/tor/ticket/21952#comment:111, which I
 assumed would also apply here. I also changed the update channel to use
 the testing securedrop one, instead of mine.

 Besides, one comment I had not answered:

 > The .tor.onion illusion is not complete. For example, I noticed that
 when I created a bookmark the unfriendly .onion name was stored in the
 bookmark. It might be difficult to find and fix all cases like this
 though. In the long run, I wonder if we can learn something from how
 things like AltSvc are implemented (I assume AltSvc is handled at a much
 lower level than the URL bar but I have not looked closely).

 I had thought about this one, I was not completely sure if this was the
 desired behaviour, but it probably is. Something we might want to
 consider: is there a reason for someone to want to bookmark explicitly the
 `.onion` and not the `.tor.onion`? If we later implement the urlbar
 rewrites when user types the .onion directly, it might be difficult for a
 user to do this (although technically still possible, by editing the
 bookmark manually via Bookmarks menu). Perhaps we can discuss this (in the
 next S27 meeting?), and I can revise the patch if it's decided it has to
 be done.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #33634 [Metrics/Relay Search]: Confusing JavaScript error when entering email address in Relay Search

[Tor Bug Tracker & Wiki]

#33634: Confusing JavaScript error when entering email address in Relay Search
--+--
 Reporter:  gk|  Owner:  metrics-team
 Type:  defect| Status:  closed
 Priority:  Medium|  Milestone:
Component:  Metrics/Relay Search  |Version:
 Severity:  Normal| Resolution:  duplicate
 Keywords:|  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+--
Changes (by karsten):

 * status:  new => closed
 * resolution:   => duplicate


Comment:

 Searching by email address indeed requires using the "contact:" prefix.
 Non-prefixed search terms only work for a few fields like fingerprint,
 nickname, and IP address. As you already guessed, this is something we
 cannot change easily.

 The error message is indeed wrong. I already wrote a patch for that that
 is currently under review in #32683.

 Resolving as duplicate. Thanks for reporting anyway!

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #33625 [Applications/Tor Browser]: Disallow usage of Tor Browser until it is determined that the version is not the most recent

[Tor Bug Tracker & Wiki]

#33625: Disallow usage of Tor Browser until it is determined that the version is
not the most recent
+--
 Reporter:  cypherpunks |  Owner:  tbb-team
 Type:  enhancement | Status:  new
 Priority:  Medium  |  Milestone:
Component:  Applications/Tor Browser|Version:
 Severity:  Normal  | Resolution:
 Keywords:  TorBrowserTeamTriaged, ux-team  |  Actual Points:
Parent ID:  | Points:
 Reviewer:  |Sponsor:
+--
Changes (by pili):

 * keywords:   => TorBrowserTeamTriaged, ux-team
 * type:  defect => enhancement
 * severity:  Blocker => Normal


Comment:

 Thanks for the enhancement request. We will review this with our UX team.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #33634 [Metrics/Relay Search]: Confusing JavaScript error when entering email address in Relay Search

[Tor Bug Tracker & Wiki]

#33634: Confusing JavaScript error when entering email address in Relay Search
--+--
 Reporter:  gk|  Owner:  metrics-team
 Type:  defect| Status:  new
 Priority:  Medium|  Milestone:
Component:  Metrics/Relay Search  |Version:
 Severity:  Normal|   Keywords:
Actual Points:|  Parent ID:
   Points:|   Reviewer:
  Sponsor:|
--+--
 If I enter a relay fingerprint on Relay Search I get all the info about
 the respective relay as a result, great. Now if I enter an email address
 in Relay Search I get a confusing JavaScript message:
 {{{
 JavaScript Error!

 There is a problem with your javascript environment, you may have noscript
 enabled on the remote onionoo backend. Try temporarily allowing noscript
 to connect to the backend IP address. If the problem persits consult the
 bugtracker.
 }}}
 Note, I did not change any of my JavaScript settings between entering the
 fingerprint and the email address: I have it enabled in both scenarios.

 Now, ideally when entering the email address (without the "contact:"
 prefix which makes the whole thing work) that just give me the relay/a
 list of relays with the respective contact info, just like entering the
 plain fingerprint does.

 I am fine if that's asking too much. :) But then at least the wrong
 JavaScript error should get replaced with something more meaningful.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #33633 [Core Tor/Tor]: Move extend and reachability code to the relay module

[Tor Bug Tracker & Wiki]

#33633: Move extend and reachability code to the relay module
---+---
 Reporter:  teor   |  Owner:  teor
 Type:  task   | Status:  needs_review
 Priority:  Medium |  Milestone:  Tor:
   |  0.4.4.x-final
Component:  Core Tor/Tor   |Version:
 Severity:  Normal | Resolution:
 Keywords:  ipv6, prop311, technical-debt  |  Actual Points:  0.5
Parent ID:  #33220 | Points:  0.5
 Reviewer:  nickm  |Sponsor:
   |  Sponsor55-must
---+---
Changes (by teor):

 * status:  assigned => needs_review


Comment:

 See my PR:
 * master: https://github.com/torproject/tor/pull/1801

 Should be a quick one, it's mostly code movement.

 It's not urgent, and it's not a blocker. I will just continue working off
 the branch.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #33633 [Core Tor/Tor]: Move extend and reachability code to the relay module

[Tor Bug Tracker & Wiki]

#33633: Move extend and reachability code to the relay module
---+---
 Reporter:  teor   |  Owner:  teor
 Type:  task   | Status:  assigned
 Priority:  Medium |  Milestone:  Tor: 0.4.4.x-final
Component:  Core Tor/Tor   |Version:
 Severity:  Normal |   Keywords:  ipv6, prop311, technical-debt
Actual Points:  0.5|  Parent ID:  #33220
   Points:  0.5|   Reviewer:  nickm
  Sponsor: |
  Sponsor55-must   |
---+---
 Most of the extend and reachability code is already in the relay module.

 But some code was left behind in src/core/or/circuitbuild.c.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #33630 [Applications/Tor Browser]: Retire noisebridge01 default bridge

[Tor Bug Tracker & Wiki]

#33630: Retire noisebridge01 default bridge
+--
 Reporter:  phw |  Owner:  tbb-team
 Type:  task| Status:
|  needs_review
 Priority:  Medium  |  Milestone:
Component:  Applications/Tor Browser|Version:
 Severity:  Normal  | Resolution:
 Keywords:  tbb-bridges, TorBrowserTeam202003R  |  Actual Points:  0.5
Parent ID:  | Points:
 Reviewer:  |Sponsor:
+--
Changes (by gk):

 * keywords:  tbb-bridges => tbb-bridges, TorBrowserTeam202003R


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs