Re: [tor-bugs] #18608 [Core Tor/Tor]: Limiting ADD_ONION TARGET access.

[Tor Bug Tracker & Wiki]

#18608: Limiting ADD_ONION TARGET access.
-+--
 Reporter:  cypherpunks  |  Owner:
 Type:  defect   | Status:  new
 Priority:  Medium   |  Milestone:  Tor: 0.2.???
Component:  Core Tor/Tor |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tor-hs, control  |  Actual Points:
Parent ID:   | Points:  smally
 Reviewer:   |Sponsor:  SponsorR-can
-+--
Changes (by adrelanos):

 * cc: adrelanos (added)


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #18157 [Core Tor/Tor]: Which hidden services am I running?

[Tor Bug Tracker & Wiki]

#18157: Which hidden services am I running?
--+--
 Reporter:  cypherpunks   |  Owner:
 Type:  enhancement   | Status:  new
 Priority:  Medium|  Milestone:  Tor: 0.2.???
Component:  Core Tor/Tor  |Version:
 Severity:  Normal| Resolution:
 Keywords:  tor-hs|  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:  SponsorR-can
--+--
Changes (by adrelanos):

 * cc: adrelanos (added)


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #20190 [Core Tor/Tor]: Remove broken fallbacks from the 0.2.8 list

[Tor Bug Tracker & Wiki]

#20190: Remove broken fallbacks from the 0.2.8 list
--+
 Reporter:  teor  |  Owner:  teor
 Type:  defect| Status:  reopened
 Priority:  Medium|  Milestone:  Tor: 0.2.8.x-final
Component:  Core Tor/Tor  |Version:  Tor: 0.2.8.7
 Severity:  Normal| Resolution:
 Keywords:  fallback  |  Actual Points:
Parent ID:  #20172| Points:  0.1
 Reviewer:|Sponsor:
--+
Changes (by teor):

 * status:  closed => reopened
 * resolution:  fixed =>


Comment:

 I forgot a changes file, and had another operator opt-out.

 See the last 2 commits on my branch broken-028-fallbacks on github.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #20136 [Internal Services/Tor Sysadmin Team]: Please make an ldap account for Linda

[Tor Bug Tracker & Wiki]

#20136: Please make an ldap account for Linda
-+-
 Reporter:  isabela  |  Owner:  tpa
 Type:  task | Status:  new
 Priority:  Medium   |  Milestone:
Component:  Internal Services/Tor Sysadmin Team  |Version:
 Severity:  Normal   | Resolution:
 Keywords:   |  Actual Points:
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-

Comment (by atagar):

 Hi weasel, the information was slighty incorrect (missing the '2' from the
 end of the fingerprint). Sitting next to her now and confirmed that it
 looks right. Here's the signed request.

 Cheers! -Damian

 

 First name: Linda
 Last name: Lee
 Desired uid: Linda
 Forwarding address: ​lindanaeun...@gmail.com
 GPG public key fingerprint: FA0A C9BE 2881 B347 9F4F C0D7 BE70 F826 5ED2
 8FA2

 -BEGIN PGP MESSAGE-
 Version: GnuPG v1.4.11 (GNU/Linux)

 owGbwMvMwMTY0cJysP0z2wTGtYxbkjiLUgtyKvVKKkrCn8THe2QqlKcmFqfm6CiU
 ZKQqZOal5RflJpZk5ucplCcWKxTnZKZnlFQCxZPzi4pSk0sUNHIzi4sz89LBytWN
 1BXSivJzwZzUvBSu/DQwMw2oILWooCgzr0RTTyE4s6QEpCMvtaJEoSRfISO1SCEv
 v1whMS9FITk/Ly2zKDc1BagvsUQhs0QhJz8/u1ihCGSvHpdHalGqejHYzOLM9Dyg
 sqLUwtLUYqAUl3NGampRsaKCrktibmZiHheXLpGAi8sts6i4RCEvMTfVSsEnMy8l
 kcsnESGQmsrlklqcWQS0rTQzBabCLb+oPLEoBeSRxJSUotTiYiuFHJBMXmJqaV5O
 aqpDem5iZo5ecn4ul3uAu0JBaVJOZrJCdmolcnBYKbg5GjgqOFs6uSoYWVgYKjgZ
 m5grWLqZuCk4G7iYKzi5mhsouFkYmSmYuroYKVi4ORpxcXUyyrAwMDIxsLEygeKM
 gYtTABalSRzs/wu2iv958rdGy1bQvz5r++uPv1/3Pa848n6v8rUQ34zECWUqZpvm
 L/zDb+UlLb/r6LP784TTTdgcFv3dtnWpzsttizQvcQu7xdufcN+pWv5iqfmB3cfO
 Sd1h71yTdEyHaZ5wgZbgeYfLcu6tNk9MWxeyHJoy1/rpr7wb92Ni3/WsifuWItrw
 cDdnprbgWgEDC3s5ty32D1PU7R+6ytx7wBhSc/jO/TmSfUJVew3+Nr2v+myZ3NRR
 a75HUdM1c4X7nuV2SpfcLqmx/743SUp06e56IfsPwrIfVXjjmZp7ZsnmV2z40vQq
 duPuw/Vvb5yxP61UsJJhyi77gJL3gbNfGJ27mvleTZtz6zMTj0dt3wA=
 =2JVB
 -END PGP MESSAGE-

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #20210 [Applications/Tor Browser]: Update from 6.5a2 to 6.5a3 on OSX breaks Tor Browser

[Tor Bug Tracker & Wiki]

#20210: Update from 6.5a2 to 6.5a3 on OSX breaks Tor Browser
--+--
 Reporter:  mrphs |  Owner:  tbb-team
 Type:  defect| Status:  new
 Priority:  Very High |  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Major | Resolution:
 Keywords:|  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+--

Comment (by heywoodj123@…):

 On MacOS 10.6.8, I can confirm that the space in the default path to
 TorBrowser-Data/ does indeed seem to be at least part of the cause. I
 installed a clean copy of TorBrowser 6.5a3 to the Desktop and ran it from
 there, and it starts normally. Installing it in /Applications causes the
 "Could not connect to Tor control port" error described above.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #20210 [Applications/Tor Browser]: Update from 6.5a2 to 6.5a3 on OSX breaks Tor Browser

[Tor Bug Tracker & Wiki]

#20210: Update from 6.5a2 to 6.5a3 on OSX breaks Tor Browser
--+--
 Reporter:  mrphs |  Owner:  tbb-team
 Type:  defect| Status:  new
 Priority:  Very High |  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Major | Resolution:
 Keywords:|  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+--

Comment (by mrphs):

 Replying to [comment:5 mcs]:
 > Unfortunately, I then encountered #18753 for the control port socket
 because my browser is installed in /Applications, which means the control
 socket path contains a space:
 > {{{
 > ~/Library/Application Support/TorBrowser-Data/Tor/control.socket
 > }}}
 > (in hindsight, I now realize that #18753 is going to affect a lot of
 people).

 This makes a lot of sense! I didn't get this error because I installed my
 fresh copy in ~/Downloads directory, hence no space in path.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #20221 [Applications/Tor Browser]: Hardened Tor Browser does not produce stack traces.

[Tor Bug Tracker & Wiki]

#20221: Hardened Tor Browser does not produce stack traces.
--+--
 Reporter:  mikeperry |  Owner:  tbb-team
 Type:  defect| Status:  new
 Priority:  High  |  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Major | Resolution:
 Keywords:|  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+--

Comment (by mikeperry):

 GeKo reports that the ASAN_OPTIONS line did not fix the problem for him in
 6.0a5, which was before selfrando.

 I will ping the self-rando people to see what they did differently to
 allow the text in that wiki entry to work.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #20203 [Core Tor/Tor]: tor_assertion_failed on low memory

[Tor Bug Tracker & Wiki]

#20203: tor_assertion_failed on low memory
-+-
 Reporter:  tmpname0901  |  Owner:  nickm
 Type:  defect   | Status:
 |  accepted
 Priority:  High |  Milestone:  Tor:
 |  0.2.8.x-final
Component:  Core Tor/Tor |Version:  Tor:
 |  0.2.8.7
 Severity:  Major| Resolution:
 Keywords:  assert 028-backpoort |  Actual Points:  .3
  TorCoreTeam201609  |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-
Changes (by nickm):

 * owner:   => nickm
 * status:  needs_review => accepted
 * milestone:  Tor: 0.2.9.x-final => Tor: 0.2.8.x-final
 * actualpoints:  .2 => .3


Comment:

 Merged.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #20203 [Core Tor/Tor]: tor_assertion_failed on low memory

[Tor Bug Tracker & Wiki]

#20203: tor_assertion_failed on low memory
-+-
 Reporter:  tmpname0901  |  Owner:  nickm
 Type:  defect   | Status:  closed
 Priority:  High |  Milestone:  Tor:
 |  0.2.8.x-final
Component:  Core Tor/Tor |Version:  Tor:
 |  0.2.8.7
 Severity:  Major| Resolution:  fixed
 Keywords:  assert 028-backpoort |  Actual Points:  .3
  TorCoreTeam201609  |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-
Changes (by nickm):

 * status:  accepted => closed
 * resolution:   => fixed


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #20203 [Core Tor/Tor]: tor_assertion_failed on low memory

[Tor Bug Tracker & Wiki]

#20203: tor_assertion_failed on low memory
-+-
 Reporter:  tmpname0901  |  Owner:
 Type:  defect   | Status:
 |  needs_review
 Priority:  High |  Milestone:  Tor:
 |  0.2.9.x-final
Component:  Core Tor/Tor |Version:  Tor:
 |  0.2.8.7
 Severity:  Major| Resolution:
 Keywords:  assert 028-backpoort |  Actual Points:  .2
  TorCoreTeam201609  |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-

Comment (by nickm):

 oh! Andrea informs me she acked this on IRC the other night.   So, time to
 merge!

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #20210 [Applications/Tor Browser]: Update from 6.5a2 to 6.5a3 on OSX breaks Tor Browser

[Tor Bug Tracker & Wiki]

#20210: Update from 6.5a2 to 6.5a3 on OSX breaks Tor Browser
--+--
 Reporter:  mrphs |  Owner:  tbb-team
 Type:  defect| Status:  new
 Priority:  Very High |  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Major | Resolution:
 Keywords:|  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+--

Comment (by gk):

 Replying to [comment:10 mcs]:
 > Replying to [comment:7 mcs]:
 > > The file permission/mode problem may be related to #19410 (but I have
 no proof).
 >
 > Kathy and I have confirmed that file mode is lost inside dmg2mar during
 the 7z extraction step. Unless there is a 7z option to preserve this, it
 is probably a bug in 7z. In the short run, maybe we can:
 > 1. use the mar tool to extract each complete mar file
 > 2. manually fix file and dir modes to match those used inside the dmg
 > 3. use the mar tool to re-create the mar
 > 4. push the fixed mar files to dist.tpo

 I am not sure about that. At least I won't have time for that tomorrow.
 Not sure about Monday. boklm or anybody else: if you feel this is
 worthwhile, go ahead. Otherwise I'd say this is a nasty alpha bug which
 one can avoid by downloading a fresh new .dmg. Or following the advice on
 the blog which links to comment:5.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #20222 [Internal Services/Service - git]: Fork of & push access for webml repo

[Tor Bug Tracker & Wiki]

#20222: Fork of & push access for webml repo
-+
 Reporter:  saint|  Owner:  tor-gitadm
 Type:  defect   | Status:  new
 Priority:  Medium   |  Milestone:
Component:  Internal Services/Service - git  |Version:
 Severity:  Minor|   Keywords:
Actual Points:   |  Parent ID:
   Points:   |   Reviewer:
  Sponsor:   |
-+
 Hello all,

 I'd like to have a fork of project/web/webml (user/griffin/webml would be
 an ideal location) and push access to the parent repository.  I'd be using
 it to make updates to the FAQ.

 LDAP username is `griffin`

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #20221 [Applications/Tor Browser]: Hardened Tor Browser does not produce stack traces.

[Tor Bug Tracker & Wiki]

#20221: Hardened Tor Browser does not produce stack traces.
--+--
 Reporter:  mikeperry |  Owner:  tbb-team
 Type:  defect| Status:  new
 Priority:  High  |  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Major |   Keywords:
Actual Points:|  Parent ID:
   Points:|   Reviewer:
  Sponsor:|
--+--
 In #19515 and other bugs, we seem not to be getting full stack traces for
 issues.

 It is common just to get: "==537696==AddressSanitizer: while reporting a
 bug found another one. Ignoring." or similar, rather than something that
 could be converted with the symbolizer as per
 
https://trac.torproject.org/projects/tor/wiki/doc/TorBrowser/Hacking#ConvertASansstacktracemessage.

 As per https://github.com/google/sanitizers/issues/391, it sounds like we
 may just need to add fast_unwind_on_fatal=1 to our ASAN_OPTIONS? Or maybe
 we need to update/switch to the latest stack unwinder:
 https://code.google.com/p/chromium/issues/detail?id=490275

 I think it is pretty important to get this working, as I've experienced a
 couple crashes I couldn't do anything about. The ability to get valid
 crash report data from the wild from our hardened builds is extremely
 valuable.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #20210 [Applications/Tor Browser]: Update from 6.5a2 to 6.5a3 on OSX breaks Tor Browser

[Tor Bug Tracker & Wiki]

#20210: Update from 6.5a2 to 6.5a3 on OSX breaks Tor Browser
--+--
 Reporter:  mrphs |  Owner:  tbb-team
 Type:  defect| Status:  new
 Priority:  Very High |  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Major | Resolution:
 Keywords:|  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+--

Comment (by mcs):

 Replying to [comment:7 mcs]:
 > The file permission/mode problem may be related to #19410 (but I have no
 proof).

 Kathy and I have confirmed that file mode is lost inside dmg2mar during
 the 7z extraction step. Unless there is a 7z option to preserve this, it
 is probably a bug in 7z. In the short run, maybe we can:
 1. use the mar tool to extract each complete mar file
 2. manually fix file and dir modes to match those used inside the dmg
 3. use the mar tool to re-create the mar
 4. push the fixed mar files to dist.tpo

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #20220 [Applications/Tor Browser]: TorBrowser cannot connect on Windows

[Tor Bug Tracker & Wiki]

#20220: TorBrowser cannot connect on Windows
--+--
 Reporter:  cypherpunks   |  Owner:  tbb-team
 Type:  defect| Status:  new
 Priority:  High  |  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal|   Keywords:
Actual Points:|  Parent ID:
   Points:|   Reviewer:
  Sponsor:|
--+--
 TorBrowser 6.0.4 and 6.0.5 cannot connect on Windows.

 System details: Windows 10 enterprise, 64bit proc, 64-bit OS

 Error message: "Requesting relay information failed (connection refused -
 5.135.181.213:9222)"

 TorBrowser 6.0.1 works fine, but I did have issues with 6.0.2 as well.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #19854 [Applications/Tor Browser]: Fix URLs in the downloads.json file

[Tor Bug Tracker & Wiki]

#19854: Fix URLs in the downloads.json file
--+
 Reporter:  boklm |  Owner:  boklm
 Type:  defect| Status:  closed
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:  fixed
 Keywords:  TorBrowserTeam201608R |  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+

Comment (by boklm):

 Replying to [comment:9 yawning]:
 > Will the move back happen in the upcoming release?  Or rather, assuming
 I am writing code now, that uses the `downloads.json` file and the auto-
 update related xml files, and that I will likely publish it after the next
 release happens, can I rip out the support for handling different
 hostnames now?

 I opened ticket #20219 to ask sysadmins to update the redirects. I think
 the URL you should use is
 https://www.torproject.org/dist/torbrowser/update_2/alpha/downloads.json
 which will redirect to dist.tpo (when #20219 is done). When we have
 pinning for aus1.tpo we will update the redirects to point there instead
 of dist.tpo, so keeping support for handling different hostnames can be
 useful.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #20219 [Internal Services/Tor Sysadmin Team]: Redirect alpha and hardened channels to dist.tpo rather than aus1.tpo

[Tor Bug Tracker & Wiki]

#20219: Redirect alpha and hardened channels to dist.tpo rather than aus1.tpo
-+-
 Reporter:  boklm|  Owner:  tpa
 Type:  task | Status:  new
 Priority:  Medium   |  Milestone:
Component:  Internal Services/Tor Sysadmin Team  |Version:
 Severity:  Normal   |   Keywords:
Actual Points:   |  Parent ID:
   Points:   |   Reviewer:
  Sponsor:   |
-+-
 A few months ago we added the following redirects:

 1. https://www.torproject.org/dist/torbrowser/update_2/alpha/ -->
 https://aus1.torproject.org/torbrowser/update_2/alpha/
 2. https://www.torproject.org/dist/torbrowser/update_2/hardened/ -->
 https://aus1.torproject.org/torbrowser/update_2/hardened/
 3. https://dist.torproject.org/torbrowser/update_2/alpha/ --->
 https://aus1.torproject.org/torbrowser/update_2/alpha/
 4. https://dist.torproject.org/torbrowser/update_2/hardened/ --->
 https://aus1.torproject.org/torbrowser/update_2/hardened/

 Because there is no pinning on aus1.tpo yet, we want to move the `alpha`
 and `hardened` channels URLs back to dist.tpo (like the `release`
 channel). The redirects 1. and 2. should be modified to point to
 https://dist.torproject.org/torbrowser/update_2/alpha/ and
 https://dist.torproject.org/torbrowser/update_2/hardened/. The redirects
 3. and 4. should be removed.

 Currently the xml files are deployed in both locations, so that it
 continues to work after the redirects are updated:
 - /srv/dist-master.torproject.org/htdocs/torbrowser/update_2/alpha
 - /srv/aus1-master.torproject.org/htdocs/torbrowser/update_2/alpha

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #19838 [Applications/Tor Browser]: Add dgoulet's obfs4 bridge to Tor Browser's default bridges

[Tor Bug Tracker & Wiki]

#19838: Add dgoulet's obfs4 bridge to Tor Browser's default bridges
--+---
 Reporter:  isis  |  Owner:  tbb-team
 Type:  enhancement   | Status:  needs_information
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:
 Keywords:  tbb-bridges   |  Actual Points:
Parent ID:| Points:  1
 Reviewer:|Sponsor:
--+---
Changes (by TvdW):

 * cc: info@… (added)


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #20204 [Applications/Tor Browser]: Windows don't drag on macOS Sierra

[Tor Bug Tracker & Wiki]

#20204: Windows don't drag on macOS Sierra
---+--
 Reporter:  arlolra|  Owner:  tbb-team
 Type:  defect | Status:  new
 Priority:  Medium |  Milestone:
Component:  Applications/Tor Browser   |Version:
 Severity:  Normal | Resolution:
 Keywords:  ff52-esr-will-have, tbb-usability  |  Actual Points:
Parent ID: | Points:
 Reviewer: |Sponsor:
---+--

Comment (by arlolra):

 > That is probably because Apple added an exception for Firefox <= 48

 I see.  Thanks for clarifying.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #19931 [Core Tor/Tor]: curve25519-donna runtime math errors on armhf

[Tor Bug Tracker & Wiki]

#19931: curve25519-donna runtime math errors on armhf
-+-
 Reporter:  chadmiller   |  Owner:
 Type:  defect   | Status:
 |  needs_information
 Priority:  Medium   |  Milestone:  Tor:
 |  0.2.???
Component:  Core Tor/Tor |Version:  Tor:
 |  0.2.8.6
 Severity:  Normal   | Resolution:
 Keywords:  regression, integer-overflow,|  Actual Points:
  029-proposed, 029-nickm-says-no|
Parent ID:   | Points:  0.5
 Reviewer:   |Sponsor:
-+-

Comment (by chadmiller):

 cypherpunks, I verified compiler options do include -fwrapv .

 https://launchpadlibrarian.net/281589091
 /buildlog_snap_ubuntu_xenial_armhf_tor-middle-relay_BUILDING.txt.gz

 My TO-DO before marking "new" again: 1) Run tests to verify sanity. 2)
 find the compiler option that actually makes armhf gcc5 implement -fwrapv
 semantics without logging those warnings.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #20210 [Applications/Tor Browser]: Update from 6.5a2 to 6.5a3 on OSX breaks Tor Browser

[Tor Bug Tracker & Wiki]

#20210: Update from 6.5a2 to 6.5a3 on OSX breaks Tor Browser
--+--
 Reporter:  mrphs |  Owner:  tbb-team
 Type:  defect| Status:  new
 Priority:  Very High |  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Major | Resolution:
 Keywords:|  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+--

Comment (by mcs):

 Replying to [comment:8 gk]:
 > This is still happening as #19410 is only partly fixed: the 6.5a2 .mar
 files did not contain code-signed parts yet. The 6.5a3 ones are the first
 that do. Thus, the incremental ones are still wrong. This should go away
 as soon as all .mar files involved in generating the incremental ones do
 contain the necessary code-signed bits.

 That makes sense. Can we remove the flawed incremental MAR files and stop
 offering them to 6.5a2 users? I guess we did that for the stable channel;
 maybe it is not worth the effort for alpha at this point.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #20216 [Metrics/Censorship analysis]: Iran blocking of direct users, 2016-08 and 2016-09 (was: Iran blocking of vanilla and obfs3, 2016-08 and 2016-09)

[Tor Bug Tracker & Wiki]

#20216: Iran blocking of direct users, 2016-08 and 2016-09
-+-
 Reporter:  dcf  |  Owner:
 Type:  defect   | Status:  new
 Priority:  Medium   |  Milestone:
Component:  Metrics/Censorship analysis  |Version:
 Severity:  Normal   | Resolution:
 Keywords:  censorship block |  Actual Points:
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #20216 [Metrics/Censorship analysis]: Iran blocking of vanilla and obfs3, 2016-08 and 2016-09

[Tor Bug Tracker & Wiki]

#20216: Iran blocking of vanilla and obfs3, 2016-08 and 2016-09
-+-
 Reporter:  dcf  |  Owner:
 Type:  defect   | Status:  new
 Priority:  Medium   |  Milestone:
Component:  Metrics/Censorship analysis  |Version:
 Severity:  Normal   | Resolution:
 Keywords:  censorship block |  Actual Points:
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-

Comment (by dcf):

 Replying to [comment:4 dcf]:
 > Replying to [comment:1 mrphs]:
 > > Looking at a couple of other countries, it seems obfs3 has been
 dropped for everyone at the same rate. Here's Germany and Russia for
 instance:
 > >
 > > DE: https://metrics.torproject.org/userstats-bridge-
 combined.html?start=2016-06-24=2016-09-22=de
 > >
 > > RU: https://metrics.torproject.org/userstats-bridge-
 combined.html?start=2016-06-24=2016-09-22=ru
 > >
 > > So perhaps it's not about obfs3 being blocked.
 >
 > You're right. Here's the graph of the most popular transports across all
 countries.

 [https://lists.torproject.org/pipermail/metrics-
 team/2016-September/000216.html Karsten writes] that 2016-09-02 was the
 date that [https://blog.torproject.org/blog/new-bridge-authority the new
 bridge authority Bifroest took over from Tonga], causing
 
[https://metrics.torproject.org/networksize.html?start=2016-08-01=2016-09-22
 about 40%] of public bridges to stop reporting. If that 40% was
 disproportionately obfs3, that might help explain what we're seeing.

 I don't see how the changed bridge authority could have an effect on the
 number of ''direct'' users, so the fact that direct and obfs3 users both
 decreased on 2016-09-02 could be a coincidence. I just took "obfs3" out of
 the ticket title.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #20204 [Applications/Tor Browser]: Windows don't drag on macOS Sierra

[Tor Bug Tracker & Wiki]

#20204: Windows don't drag on macOS Sierra
---+--
 Reporter:  arlolra|  Owner:  tbb-team
 Type:  defect | Status:  new
 Priority:  Medium |  Milestone:
Component:  Applications/Tor Browser   |Version:
 Severity:  Normal | Resolution:
 Keywords:  ff52-esr-will-have, tbb-usability  |  Actual Points:
Parent ID: | Points:
 Reviewer: |Sponsor:
---+--

Comment (by mcs):

 Replying to [comment:4 arlolra]:
 > Oddly, I downloaded Firefox ESR 45 and did not experience this problem.

 That is probably because Apple added an exception for Firefox <= 48 (which
 should also help ESR channel releases, but Tor Browser has a different
 bundle ID so the exception won't help us). See:
 https://bugzilla.mozilla.org/show_bug.cgi?id=1284859#c11

 Backporting the patches from the following bug should fix this problem:
 https://bugzilla.mozilla.org/show_bug.cgi?id=1070710
 Hopefully the new code does not require a version of OSX greater than 10.6
 (Firefox 49 requires 10.9 or newer).

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #20218 [Core Tor/Tor]: Fix and refactor and redocument routerstatus_has_changed

[Tor Bug Tracker & Wiki]

#20218: Fix and refactor and redocument routerstatus_has_changed
-+--
 Reporter:  nickm|  Owner:
 Type:  defect   | Status:  new
 Priority:  Medium   |  Milestone:  Tor: 0.2.???
Component:  Core Tor/Tor |Version:
 Severity:  Normal   | Resolution:
 Keywords:  029-proposed controller  |  Actual Points:
Parent ID:   | Points:  .1
 Reviewer:   |Sponsor:
-+--

Comment (by nickm):

 (do not change this till #19958 is merged)

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #20203 [Core Tor/Tor]: tor_assertion_failed on low memory

[Tor Bug Tracker & Wiki]

#20203: tor_assertion_failed on low memory
-+-
 Reporter:  tmpname0901  |  Owner:
 Type:  defect   | Status:
 |  needs_review
 Priority:  High |  Milestone:  Tor:
 |  0.2.9.x-final
Component:  Core Tor/Tor |Version:  Tor:
 |  0.2.8.7
 Severity:  Major| Resolution:
 Keywords:  assert 028-backpoort |  Actual Points:  .2
  TorCoreTeam201609  |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-

Comment (by nickm):

 Added a fixup commit there, and dialed back the protection a little.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #19958 [Core Tor/Tor]: Implement proposal 264 (protocol versioning)

[Tor Bug Tracker & Wiki]

#19958: Implement proposal 264 (protocol versioning)
---+---
 Reporter:  nickm  |  Owner:  nickm
 Type:  enhancement| Status:
   |  needs_review
 Priority:  High   |  Milestone:  Tor:
   |  0.2.9.x-final
Component:  Core Tor/Tor   |Version:
 Severity:  Normal | Resolution:
 Keywords:  TorCoreTeam201608, review-group-9  |  Actual Points:  2
Parent ID:  #15055 | Points:  2
 Reviewer:  dgoulet|Sponsor:
---+---

Comment (by dgoulet):

 I've pushed latest from nickm here:
 https://gitlab.com/dgoulet/tor/merge_requests/11

 I went over the latest new commits, all lgtm except one little detail in a
 comment. Leaving this ticket in `needs_review` for now as others might
 want to look at it.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #20203 [Core Tor/Tor]: tor_assertion_failed on low memory

[Tor Bug Tracker & Wiki]

#20203: tor_assertion_failed on low memory
-+-
 Reporter:  tmpname0901  |  Owner:
 Type:  defect   | Status:
 |  needs_review
 Priority:  High |  Milestone:  Tor:
 |  0.2.9.x-final
Component:  Core Tor/Tor |Version:  Tor:
 |  0.2.8.7
 Severity:  Major| Resolution:
 Keywords:  assert 028-backpoort |  Actual Points:  .2
  TorCoreTeam201609  |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-

Comment (by dgoulet):

 DG1: This seems "dangerous" to me as we pass a possible negative int as an
 unsigned int leading to setting a very large number of cells into the
 cmux:

 {{{
 circuitmux_set_num_cells(cmux, circ, queue->n);
 }}}

 Apart from the above, logic and code looks good to me.

 Although, I'm not really familiar with this subsystem, a review from
 andrea would be desirable.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #20204 [Applications/Tor Browser]: Windows don't drag on macOS Sierra

[Tor Bug Tracker & Wiki]

#20204: Windows don't drag on macOS Sierra
---+--
 Reporter:  arlolra|  Owner:  tbb-team
 Type:  defect | Status:  new
 Priority:  Medium |  Milestone:
Component:  Applications/Tor Browser   |Version:
 Severity:  Normal | Resolution:
 Keywords:  ff52-esr-will-have, tbb-usability  |  Actual Points:
Parent ID: | Points:
 Reviewer: |Sponsor:
---+--

Comment (by arlolra):

 Oddly, I downloaded Firefox ESR 45 and did not experience this problem.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #19958 [Core Tor/Tor]: Implement proposal 264 (protocol versioning)

[Tor Bug Tracker & Wiki]

#19958: Implement proposal 264 (protocol versioning)
---+---
 Reporter:  nickm  |  Owner:  nickm
 Type:  enhancement| Status:
   |  needs_review
 Priority:  High   |  Milestone:  Tor:
   |  0.2.9.x-final
Component:  Core Tor/Tor   |Version:
 Severity:  Normal | Resolution:
 Keywords:  TorCoreTeam201608, review-group-9  |  Actual Points:  2
Parent ID:  #15055 | Points:  2
 Reviewer:  dgoulet|Sponsor:
---+---

Comment (by nickm):

 In d881250ff68a7bb I've updated prop264 to know about "pr".

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #19958 [Core Tor/Tor]: Implement proposal 264 (protocol versioning)

[Tor Bug Tracker & Wiki]

#19958: Implement proposal 264 (protocol versioning)
---+---
 Reporter:  nickm  |  Owner:  nickm
 Type:  enhancement| Status:
   |  needs_review
 Priority:  High   |  Milestone:  Tor:
   |  0.2.9.x-final
Component:  Core Tor/Tor   |Version:
 Severity:  Normal | Resolution:
 Keywords:  TorCoreTeam201608, review-group-9  |  Actual Points:  2
Parent ID:  #15055 | Points:  2
 Reviewer:  dgoulet|Sponsor:
---+---
Changes (by nickm):

 * status:  needs_revision => needs_review


Comment:

 I've added a few more commits:
   * Removing version_known, per isis's suggestion. 3d7260b700d636
   * Renaming "proto " to "pr " in vote and consensus documents.
 04dd51807d93
   * Double-checking dirauth vote lines. 8fe26b40d5cc69

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #20218 [Core Tor/Tor]: Fix and refactor and redocument routerstatus_has_changed

[Tor Bug Tracker & Wiki]

#20218: Fix and refactor and redocument routerstatus_has_changed
--+-
 Reporter:  nickm |  Owner:
 Type:  defect| Status:  new
 Priority:  Medium|  Milestone:  Tor: 0.2.???
Component:  Core Tor/Tor  |Version:
 Severity:  Normal|   Keywords:  029-proposed controller
Actual Points:|  Parent ID:
   Points:  .1|   Reviewer:
  Sponsor:|
--+-
 The routerstatus_has_changed() function is used by controllers to to tell
 which rs entries are new.  But it only looks at a fraction of the fields
 which might change in a routerstatus.  Also, it only checks for semantic
 changes that tor cares about (though this is not documented).

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #19774 [Obfuscation/BridgeDB]: bridges.torproject.org could use a favicon

[Tor Bug Tracker & Wiki]

#19774: bridges.torproject.org could use a favicon
--+
 Reporter:  isis  |  Owner:  isis
 Type:  enhancement   | Status:  needs_revision
 Priority:  Very Low  |  Milestone:
Component:  Obfuscation/BridgeDB  |Version:
 Severity:  Minor | Resolution:
 Keywords:  ux, easy  |  Actual Points:
Parent ID:| Points:  1
 Reviewer:|Sponsor:
--+
Changes (by isis):

 * status:  new => needs_revision


Comment:

 Replying to [comment:1 vapour]:
 > I made this draft:
 > 32x32 version:
 >
 > [[Image(http://i.imgur.com/8KMSnQG.png)]]

 Hey, thanks! This is great! It's a little bit crowded with both the bridge
 and the onion when viewed at 16x16 or 24x24 size, but for now this is good
 for stopping all the `404 /favicon` messages in the logs.

 Perhaps we could do either the bridge or the onion? And maybe in colour
 with a transparent background? (Not sure which colour… the ux team is
 about to release style guidelines and I don't know what they recommend
 yet.)

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #19774 [Obfuscation/BridgeDB]: bridges.torproject.org could use a favicon

[Tor Bug Tracker & Wiki]

#19774: bridges.torproject.org could use a favicon
--+--
 Reporter:  isis  |  Owner:  isis
 Type:  enhancement   | Status:  new
 Priority:  Very Low  |  Milestone:
Component:  Obfuscation/BridgeDB  |Version:
 Severity:  Minor | Resolution:
 Keywords:  ux, easy  |  Actual Points:
Parent ID:| Points:  1
 Reviewer:|Sponsor:
--+--
Description changed by isis:

Old description:

> It doesn't have one. It could. I don't particular care what it is, but a
> little bridge or a little onion might be cute.

New description:

 It doesn't have one. It could. I don't particularly care what it is, but a
 little bridge or a little onion might be cute.

--

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #20203 [Core Tor/Tor]: tor_assertion_failed on low memory

[Tor Bug Tracker & Wiki]

#20203: tor_assertion_failed on low memory
-+-
 Reporter:  tmpname0901  |  Owner:
 Type:  defect   | Status:
 |  needs_review
 Priority:  High |  Milestone:  Tor:
 |  0.2.9.x-final
Component:  Core Tor/Tor |Version:  Tor:
 |  0.2.8.7
 Severity:  Major| Resolution:
 Keywords:  assert 028-backpoort |  Actual Points:  .2
  TorCoreTeam201609  |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-

Comment (by cypherpunks):

 > better now?

 seems so

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #20203 [Core Tor/Tor]: tor_assertion_failed on low memory

[Tor Bug Tracker & Wiki]

#20203: tor_assertion_failed on low memory
-+-
 Reporter:  tmpname0901  |  Owner:
 Type:  defect   | Status:
 |  needs_review
 Priority:  High |  Milestone:  Tor:
 |  0.2.9.x-final
Component:  Core Tor/Tor |Version:  Tor:
 |  0.2.8.7
 Severity:  Major| Resolution:
 Keywords:  assert 028-backpoort |  Actual Points:  .2
  TorCoreTeam201609  |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-

Comment (by nickm):

 I've tried to fix both of those issues; better now?

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #20216 [Metrics/Censorship analysis]: Iran blocking of vanilla and obfs3, 2016-08 and 2016-09

[Tor Bug Tracker & Wiki]

#20216: Iran blocking of vanilla and obfs3, 2016-08 and 2016-09
-+-
 Reporter:  dcf  |  Owner:
 Type:  defect   | Status:  new
 Priority:  Medium   |  Milestone:
Component:  Metrics/Censorship analysis  |Version:
 Severity:  Normal   | Resolution:
 Keywords:  censorship block |  Actual Points:
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-

Comment (by joss):

 Hi All,

 Just for a little extra context, we also have code to run the anomaly
 detection system on both normal and bridge usage, and only report a period
 as anomalous when there is an anomalous drop in normal usage and a
 corresponding anomalous rise in bridge usage. (Or vice versa, actually.)

 The nice thing about the system we're working with here is that it's
 designed to exclude anomalies that are seen over a reasonable number of
 other countries, so it should only highlight per-country anomalies in
 usage.

 As noted, Iran did experience this combined bridge/normal anomalous
 period, but there's been a quick drop back to non-anomalous behaviour for
 combined bridge usage. I really should be running this on the per-
 transport graphs...

 For isolating events like this in the future, I'd be happy to work at
 getting this code running with regular outputs like the infolabe-anomalies
 mailing list  that  David mentioned. I'm wary of flooding too much data
 out there, though. Do let me know if there's something that would be of
 particular interest.

 I could just output a list and output graph every day for any country that
 experiences these 'combined' anomalies. Over the five years of data we
 have, and 102 countries that meet our data criteria, we've spotted about
 480 events where there are both types of anomaly simultaneously, so these
 events are relatively rare.

 I'll attach a recent combined anomaly Iran graph for reference.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #20195 [Applications/Tor Browser]: torbutton-torCheckService doesn't honor domain isolation.

[Tor Bug Tracker & Wiki]

#20195: torbutton-torCheckService doesn't honor domain isolation.
+--
 Reporter:  yawning |  Owner:  tbb-team
 Type:  defect  | Status:  assigned
 Priority:  Medium  |  Milestone:
Component:  Applications/Tor Browser|Version:
 Severity:  Normal  | Resolution:
 Keywords:  tbb-torbutton, tbb-linkability  |  Actual Points:
Parent ID:  | Points:
 Reviewer:  |Sponsor:
+--

Comment (by yawning):

 Ah there.  Looks like the domain isolation code is getting called, but
 wireshark doesn't lie.
 FWIW, I took the pcaps without my sandboxing stuff in play, and the
 behavior is consistent.

 {{{
 [09-22 08:31:02] Torbutton INFO: Component returned failure code:
 0x80070057 (NS_ERROR_ILLEGAL_VALUE)
 [mozIThirdPartyUtil.getFirstPartyURIFromChannel]
 [09-22 08:31:02] Torbutton INFO: tor SOCKS isolation catchall:
 
https://check.torproject.org/?TorButton=true#0.99726695529027310.5190771246311907
 via --unknown--:0
 [09-22 08:31:02] Torbutton WARN: no SOCKS credentials found for current
 document.
 }}}

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #20195 [Applications/Tor Browser]: torbutton-torCheckService doesn't honor domain isolation.

[Tor Bug Tracker & Wiki]

#20195: torbutton-torCheckService doesn't honor domain isolation.
+--
 Reporter:  yawning |  Owner:  tbb-team
 Type:  defect  | Status:  assigned
 Priority:  Medium  |  Milestone:
Component:  Applications/Tor Browser|Version:
 Severity:  Normal  | Resolution:
 Keywords:  tbb-torbutton, tbb-linkability  |  Actual Points:
Parent ID:  | Points:
 Reviewer:  |Sponsor:
+--
Changes (by gk):

 * status:  reopened => assigned
 * owner:   => tbb-team


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #20195 [Applications/Tor Browser]: torbutton-torCheckService doesn't honor domain isolation.

[Tor Bug Tracker & Wiki]

#20195: torbutton-torCheckService doesn't honor domain isolation.
+--
 Reporter:  yawning |  Owner:
 Type:  defect  | Status:  reopened
 Priority:  Medium  |  Milestone:
Component:  Applications/Tor Browser|Version:
 Severity:  Normal  | Resolution:
 Keywords:  tbb-torbutton, tbb-linkability  |  Actual Points:
Parent ID:  | Points:
 Reviewer:  |Sponsor:
+--

Comment (by gk):

 Replying to [comment:5 yawning]:
 > There is no log.  The only reason I caught this was because I was
 dumping the SOCKS request bodies with my sandbox code.

 You mean setting `extensions.torbutton.loglevel` to `3` and
 `extensions.torbutton.logmethod` to `0` does not show this request in your
 terminal while all the other ones are visible? Is that fixed in the alphas
 as well?

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #20195 [Applications/Tor Browser]: torbutton-torCheckService doesn't honor domain isolation.

[Tor Bug Tracker & Wiki]

#20195: torbutton-torCheckService doesn't honor domain isolation.
+--
 Reporter:  yawning |  Owner:
 Type:  defect  | Status:  reopened
 Priority:  Medium  |  Milestone:
Component:  Applications/Tor Browser|Version:
 Severity:  Normal  | Resolution:
 Keywords:  tbb-torbutton, tbb-linkability  |  Actual Points:
Parent ID:  | Points:
 Reviewer:  |Sponsor:
+--

Comment (by yawning):

 Interestingly enough this only happens with the release channel, and not
 the latest alpha.

 So it's probably ok to eventually close as "fixed" as long as someone
 knows why the behavior changed, especially considering that it shouldn't
 affect most people.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #20195 [Applications/Tor Browser]: torbutton-torCheckService doesn't honor domain isolation.

[Tor Bug Tracker & Wiki]

#20195: torbutton-torCheckService doesn't honor domain isolation.
+--
 Reporter:  yawning |  Owner:
 Type:  defect  | Status:  reopened
 Priority:  Medium  |  Milestone:
Component:  Applications/Tor Browser|Version:
 Severity:  Normal  | Resolution:
 Keywords:  tbb-torbutton, tbb-linkability  |  Actual Points:
Parent ID:  | Points:
 Reviewer:  |Sponsor:
+--

Comment (by yawning):

 There is no log.  The only reason I caught this was because I was dumping
 the SOCKS request bodies with my sandbox code.

 What happens is, the internal check uses a connection to
 `check.torproject.org` to validate that tor is working.  That request does
 not send a SOCKS username/password for isolation.  If it were using domain
 isolation correctly, the catchall circuit (Username: `---unknown---`)
 would be used.

 The easiest way to reproduce this would probably be using a system tor
 instance and wireshark.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #20203 [Core Tor/Tor]: tor_assertion_failed on low memory

[Tor Bug Tracker & Wiki]

#20203: tor_assertion_failed on low memory
-+-
 Reporter:  tmpname0901  |  Owner:
 Type:  defect   | Status:
 |  needs_review
 Priority:  High |  Milestone:  Tor:
 |  0.2.9.x-final
Component:  Core Tor/Tor |Version:  Tor:
 |  0.2.8.7
 Severity:  Major| Resolution:
 Keywords:  assert 028-backpoort |  Actual Points:  .2
  TorCoreTeam201609  |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-

Comment (by cypherpunks):

 {{{
 +if (/*BUG(*/ queue->n <= 0 /*)*/) {
 +  log_warn(LD_BUG, "Found a supposedly active circuit with no cells "
 +   "to send. Trying to recover.");
 +  circuitmux_set_num_cells(cmux, circ, queue->n);
 +  circuit_mark_for_close(circ, END_CIRC_REASON_INTERNAL);
 +  continue;
 +}
 }}}
 This code will trigger one extra bug warning.
 If circuit wasn't marked for close yes (if some another bug), it will
 report:
 {{{
 "Called on non-marked circuit"
 }}}
 and skip cmux signaling and recover.

 If circuit was marked for close already, it will report:
 {{{
 "Duplicate call to circuit_mark_for_close at" ...
 }}}
 is it ok?

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #20217 [Applications/Tor Browser]: Make sure that all .mar files required for generating incremental ones on OS X contain code-signed bits

[Tor Bug Tracker & Wiki]

#20217: Make sure that all .mar files required for generating incremental ones 
on
OS X contain code-signed bits
-+-
 Reporter:  gk   |  Owner:  tbb-team
 Type:  enhancement  | Status:  new
 Priority:  Medium   |  Milestone:
Component:  Applications/Tor |Version:
  Browser|   Keywords:  tbb-gitian,
 Severity:  Normal   |  TorBrowserTeam201609
Actual Points:   |  Parent ID:
   Points:   |   Reviewer:
  Sponsor:   |
-+-
 While doing the 6.5a3 release it occurred to me we need to make sure every
 time we create the incrementals for OS X all involved full .mar files
 contain the code-signed bits. Otherwise the incremental files will fail.

 We should have a check for this as this is easily forgotten, especially if
 different people are creating the .incremental mar files.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #20195 [Applications/Tor Browser]: torbutton-torCheckService doesn't honor domain isolation.

[Tor Bug Tracker & Wiki]

#20195: torbutton-torCheckService doesn't honor domain isolation.
+--
 Reporter:  yawning |  Owner:
 Type:  defect  | Status:  reopened
 Priority:  Medium  |  Milestone:
Component:  Applications/Tor Browser|Version:
 Severity:  Normal  | Resolution:
 Keywords:  tbb-torbutton, tbb-linkability  |  Actual Points:
Parent ID:  | Points:
 Reviewer:  |Sponsor:
+--
Changes (by gk):

 * keywords:  tbb-torbutton => tbb-torbutton, tbb-linkability


Comment:

 Okay, then I am confused. Could you provide a log explaining what happened
 and what should have happened instead?

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #20195 [Applications/Tor Browser]: torbutton-torCheckService doesn't honor domain isolation.

[Tor Bug Tracker & Wiki]

#20195: torbutton-torCheckService doesn't honor domain isolation.
--+--
 Reporter:  yawning   |  Owner:
 Type:  defect| Status:  reopened
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:
 Keywords:  tbb-torbutton |  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+--
Changes (by yawning):

 * status:  closed => reopened
 * resolution:  not a bug =>


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #20195 [Applications/Tor Browser]: torbutton-torCheckService doesn't honor domain isolation.

[Tor Bug Tracker & Wiki]

#20195: torbutton-torCheckService doesn't honor domain isolation.
--+---
 Reporter:  yawning   |  Owner:
 Type:  defect| Status:  closed
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:  not a bug
 Keywords:  tbb-torbutton |  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+---

Comment (by yawning):

 If the request used the catch-all circuit, I wouldn't have opened the bug.
 The catch-all circuit uses domain isolation (so the rotation works).  This
 does not.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #20203 [Core Tor/Tor]: tor_assertion_failed on low memory

[Tor Bug Tracker & Wiki]

#20203: tor_assertion_failed on low memory
-+-
 Reporter:  tmpname0901  |  Owner:
 Type:  defect   | Status:
 |  needs_review
 Priority:  High |  Milestone:  Tor:
 |  0.2.9.x-final
Component:  Core Tor/Tor |Version:  Tor:
 |  0.2.8.7
 Severity:  Major| Resolution:
 Keywords:  assert 028-backpoort |  Actual Points:  .2
  TorCoreTeam201609  |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-

Comment (by cypherpunks):

 > bugfix on 0.2.4.14-alpha

 Might be yes. But 0.2.7.x and older actually calls
 `circuitmux_detach_circuit` by `circuit_mark_for_close` thus can't fail
 assertion after OOM-killer.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #20195 [Applications/Tor Browser]: torbutton-torCheckService doesn't honor domain isolation.

[Tor Bug Tracker & Wiki]

#20195: torbutton-torCheckService doesn't honor domain isolation.
--+---
 Reporter:  yawning   |  Owner:
 Type:  defect| Status:  closed
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:  not a bug
 Keywords:  tbb-torbutton |  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+---
Changes (by gk):

 * keywords:   => tbb-torbutton
 * status:  new => closed
 * component:  Applications/Torbutton => Applications/Tor Browser
 * resolution:   => not a bug


Comment:

 That's because there is no URL bar domain to isolate the request to. There
 are a few internal ones which are put on the catch-all circuit which gets
 rotated every ten minutes. Thus, this seems not to be a bug to me.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #20202 [Applications/Tor Browser]: modify about:rights

[Tor Bug Tracker & Wiki]

#20202: modify about:rights
--+---
 Reporter:  4LPkTzgt  |  Owner:
 Type:  defect| Status:  needs_information
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:
 Keywords:|  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+---
Changes (by gk):

 * status:  new => needs_information
 * component:  - Select a component => Applications/Tor Browser


Comment:

 Replying to [ticket:20202 4LPkTzgt]:
 > about:rights informations need modifications

 Which?

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #20212 [Core Tor/Tor]: Tor can be forced to open too many circuits by embedding .onion resources

[Tor Bug Tracker & Wiki]

#20212: Tor can be forced to open too many circuits by embedding .onion 
resources
--+-
 Reporter:  gacar |  Owner:
 Type:  enhancement   | Status:  new
 Priority:  Medium|  Milestone:
Component:  Core Tor/Tor  |Version:
 Severity:  Normal| Resolution:
 Keywords:|  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+-
Changes (by gk):

 * cc: gk (added)


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #20204 [Applications/Tor Browser]: Windows don't drag on macOS Sierra

[Tor Bug Tracker & Wiki]

#20204: Windows don't drag on macOS Sierra
---+--
 Reporter:  arlolra|  Owner:  tbb-team
 Type:  defect | Status:  new
 Priority:  Medium |  Milestone:
Component:  Applications/Tor Browser   |Version:
 Severity:  Normal | Resolution:
 Keywords:  ff52-esr-will-have, tbb-usability  |  Actual Points:
Parent ID: | Points:
 Reviewer: |Sponsor:
---+--
Changes (by gk):

 * keywords:  ff52esr-will-have, tbb-usability => ff52-esr-will-have, tbb-
 usability


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #20204 [Applications/Tor Browser]: Windows don't drag on macOS Sierra

[Tor Bug Tracker & Wiki]

#20204: Windows don't drag on macOS Sierra
--+--
 Reporter:  arlolra   |  Owner:  tbb-team
 Type:  defect| Status:  new
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:
 Keywords:  ff52esr-will-have, tbb-usability  |  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+--
Changes (by gk):

 * keywords:   => ff52esr-will-have, tbb-usability


Comment:

 Might be worth thinking about fixing this earlier than with Tor Browser
 7.0.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #20210 [Applications/Tor Browser]: Update from 6.5a2 to 6.5a3 on OSX breaks Tor Browser

[Tor Bug Tracker & Wiki]

#20210: Update from 6.5a2 to 6.5a3 on OSX breaks Tor Browser
--+--
 Reporter:  mrphs |  Owner:  tbb-team
 Type:  defect| Status:  new
 Priority:  Very High |  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Major | Resolution:
 Keywords:|  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+--

Comment (by gk):

 Replying to [comment:7 mcs]:
 > I do not yet have any theories about the incremental MAR file problem.

 This is still happening as #19410 is only partly fixed: the 6.5a2 .mar
 files did not contain code-signed parts yet. The 6.5a3 ones are the first
 that do. Thus, the incremental ones are still wrong. This should go away
 as soon as all .mar files involved in generating the incremental ones do
 contain the necessary code-signed bits.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #20043 [Applications/Tor Browser]: SharedWorker uses catchall circuit

[Tor Bug Tracker & Wiki]

#20043: SharedWorker uses catchall circuit
-+-
 Reporter:  bugzilla |  Owner:  tbb-
 |  team
 Type:  defect   | Status:
 |  needs_review
 Priority:  High |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Major| Resolution:
 Keywords:  tbb-linkability, |  Actual Points:
  TorBrowserTeam201609R  |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-
Changes (by arthuredelstein):

 * keywords:  tbb-linkability => tbb-linkability, TorBrowserTeam201609R
 * status:  new => needs_review


Comment:

 Thanks for discovering and reporting this issue, bugzilla.

 Here are patches for review. There are two commits: a fix and a regression
 test.

 https://github.com/arthuredelstein/tor-browser/commits/20043

 When I revert the fix, the regression test fails.

 For the record, this problem occurs because SharedWorkers are supposed to
 be able to outlive their originating top-level document. So
 https://bugzilla.mozilla.org/show_bug.cgi?id=1118845 correctly stops
 retaining a pointer to that document in the load request. Unfortunately,
 that also means we can't rely on having the top-level document to obtain
 the first-party domain. So we use the backup option (also used in Tor
 Browser patches for first-party isolation of OCSP, Favicons, and link
 rel=preconnect) of GetDocumentURI/SetDocumentURI.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs