Re: [tor-bugs] #22948 [Core Tor/Tor]: Padding, Keepalive and Drop cells should have random payloads (was: Padding and Keepalive cells should have random payloads)

[Tor Bug Tracker & Wiki]

#22948: Padding, Keepalive and Drop cells should have random payloads
--+
 Reporter:  teor  |  Owner:
 Type:  defect| Status:  new
 Priority:  Medium|  Milestone:  Tor: 0.3.1.x-final
Component:  Core Tor/Tor  |Version:  Tor: 0.3.1.1-alpha
 Severity:  Normal| Resolution:
 Keywords:  tor-spec, security-maybe  |  Actual Points:
Parent ID:  #18856| Points:  0.5
 Reviewer:|Sponsor:
--+

Comment (by teor):

 This issue also affects RELAY_COMMAND_DROP cells.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #22954 [Applications/Tor Browser]: lxc-based tor-browser-bundle builds failing

[Tor Bug Tracker & Wiki]

#22954: lxc-based tor-browser-bundle builds failing
--+--
 Reporter:  arthuredelstein   |  Owner:  tbb-team
 Type:  defect| Status:  needs_review
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:
 Keywords:  TorBrowserTeam201707R |  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+--
Changes (by arthuredelstein):

 * status:  new => needs_review


Comment:

 I noticed this error is fixed by the patch in this pull request that was
 merged into the gitian-builder master branch:
 https://github.com/devrandom/gitian-builder/pull/135

 So here's a branch that cherry-picks that commit onto our tor-browser-4
 branch:
 https://github.com/arthuredelstein/gitian-builder/commit/22954

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #22954 [Applications/Tor Browser]: lxc-based tor-browser-bundle builds failing

[Tor Bug Tracker & Wiki]

#22954: lxc-based tor-browser-bundle builds failing
--+
 Reporter:  arthuredelstein   |  Owner:  tbb-team
 Type:  defect| Status:  new
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal|   Keywords:
  |  TorBrowserTeam201707R
Actual Points:|  Parent ID:
   Points:|   Reviewer:
  Sponsor:|
--+
 A clean build of tor-browser-bundle using lxc fails with the error:
 {{{
 cp: cannot stat 'base-jessie-amd64-bootstrap/usr/lib/x86_64-linux-gnu/lxc
 /lxc-init': No such file or directory
 }}}

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #21304 [Obfuscation/Snowflake]: Sanitize snowflake.log

[Tor Bug Tracker & Wiki]

#21304: Sanitize snowflake.log
---+-
 Reporter:  arlolra|  Owner:
 Type:  defect | Status:  new
 Priority:  Medium |  Milestone:
Component:  Obfuscation/Snowflake  |Version:
 Severity:  Normal | Resolution:
 Keywords: |  Actual Points:
Parent ID: | Points:
 Reviewer: |Sponsor:
---+-

Comment (by dcf):

 client logs in UTC since [https://gitweb.torproject.org/pluggable-
 transports/snowflake.git/commit/?id=86a244c39ea7937342239d9c2a003926685cb199
 86a244c39e].

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #22950 [Applications/Tor Browser Sandbox]: Filter out X11 root window property queries.

[Tor Bug Tracker & Wiki]

#22950: Filter out X11 root window property queries.
--+-
 Reporter:  yawning   |  Owner:  yawning
 Type:  enhancement   | Status:  new
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser Sandbox  |Version:
 Severity:  Normal| Resolution:
 Keywords:  sandbox-fingerprinting|  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+-
Changes (by yawning):

 * keywords:   => sandbox-fingerprinting


Comment:

 The immediate solution for this is "Use Xephyr", so people that wish to
 avoid this have options already since that's supported and relatively well
 tested.  I am inclined to think that plugging all of the X11 related
 information disclosure issues is futile by virtue of the protocol design
 without basically implementing a full fledged X server.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #22874 [Obfuscation/Snowflake]: Standalone broker (independent of App Engine)

[Tor Bug Tracker & Wiki]

#22874: Standalone broker (independent of App Engine)
---+--
 Reporter:  dcf|  Owner:  cmm32
 Type:  project| Status:  assigned
 Priority:  High   |  Milestone:
Component:  Obfuscation/Snowflake  |Version:
 Severity:  Normal | Resolution:
 Keywords: |  Actual Points:
Parent ID: | Points:
 Reviewer: |Sponsor:
---+--
Changes (by dcf):

 * keywords:  arlolra serene cmm32 =>
 * cc: arlolra, serene, cmm32 (added)


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #22947 [Webpages/Blog]: Possible Security Issue (Information Disclosure) with Drupal on blog.torproject.org

[Tor Bug Tracker & Wiki]

#22947: Possible Security Issue (Information Disclosure) with Drupal on
blog.torproject.org
---+--
 Reporter:  cypherpunks|  Owner:  hiro
 Type:  defect | Status:  new
 Priority:  Medium |  Milestone:
Component:  Webpages/Blog  |Version:
 Severity:  Normal | Resolution:
 Keywords:  security   |  Actual Points:
Parent ID: | Points:
 Reviewer: |Sponsor:
---+--

Comment (by cypherpunks):

 After trying a bit to reproduce this, I failed to do so. This may nave
 been a transient bug due to restoring a tab from a previous session (maybe
 Firefox did something weird with a header in the request and the server-
 side scripting didn't like it?) or maybe someone was poking the Drupal
 backend at the same time I was loading the page?

 Either way, someone may want to look at the Drupal config and at least
 make sure server-side issues don't get spit out into the HTML served to
 the client.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #22163 [Webpages/Website]: Make it more obvious how to report security related bugs

[Tor Bug Tracker & Wiki]

#22163: Make it more obvious how to report security related bugs
--+--
 Reporter:  gk|  Owner:  hiro
 Type:  enhancement   | Status:  new
 Priority:  Medium|  Milestone:
Component:  Webpages/Website  |Version:
 Severity:  Normal| Resolution:
 Keywords:|  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+--

Comment (by cypherpunks):

 Yes, this is still very much a problem. The "Contact" page on
 www.torproject.org says to "email the respective maintainer", but who that
 person is isn't very clear. Putting the tor-security email address on the
 contact page is absolutely necessary IMO. I actually reported a (low-
 severity) security bug through Trac because I couldn't find the tor-
 security email address, so this is a mistake that people can make with
 more severe issues that shouldn't be publicly visible.

 Hiro: Are you the maintainer for the webpages and blog? You're the default
 owner for newly reported webpage and blog bugs, so I'm assuming that's the
 case. Could you take a look at
 https://trac.torproject.org/projects/tor/ticket/22947 when you get a
 chance? Thanks in advance. Fixing this bug is probably higher-priority,
 though :)

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #22953 [Internal Services/Tor Sysadmin Team]: Please replace my ldap key

[Tor Bug Tracker & Wiki]

#22953: Please replace my ldap key
-+-
 Reporter:  Sebastian|  Owner:  tpa
 Type:  task | Status:  new
 Priority:  Medium   |  Milestone:
Component:  Internal Services/Tor Sysadmin Team  |Version:
 Severity:  Normal   |   Keywords:
Actual Points:   |  Parent ID:
   Points:   |   Reviewer:
  Sponsor:   |
-+-
 So far my ldap account used the key 6D31 11D4 E031 3392 FE8B  EDD4 0800
 D6BB DF3D CEE6, but that has been revoked for a while. Please change it to
 261C 5FBE 7728 5F88 FB0C  3432 66C8 C2D7 C5AA 446D. The keys are cross-
 signed and the new key has a ton of signatures from Tor folks.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #21983 [Applications/Tor Browser]: Should we do more to discourage custom prefs and nonstandard addons?

[Tor Bug Tracker & Wiki]

#21983: Should we do more to discourage custom prefs and nonstandard addons?
-+--
 Reporter:  arthuredelstein  |  Owner:  tbb-team
 Type:  defect   | Status:  new
 Priority:  Medium   |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tbb-usability, tbb-security  |  Actual Points:
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+--

Comment (by cypherpunks):

 https://bugzilla.mozilla.org/show_bug.cgi?id=536093

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #22952 [Applications/Tor Browser]: Tor Browser Arabic Fonts Issue ! (was: Web Site Arabic Fonts Issue !)

[Tor Bug Tracker & Wiki]

#22952: Tor Browser Arabic Fonts Issue !
--+--
 Reporter:  sigma4111 |  Owner:  tbb-team
 Type:  defect| Status:  new
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:
 Keywords:  tbb-fingerprinting-fonts  |  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+--
Changes (by dcf):

 * keywords:   => tbb-fingerprinting-fonts
 * owner:   => tbb-team
 * version:  Tor: unspecified =>
 * component:  Webpages/Website => Applications/Tor Browser


Comment:

 Tor Browser uses a built-in set of font files in order to prevent font
 fingerprinting. If Tor Browser allowed a site to use Arial, then a web
 server could fingerprint you by detecting whether you have the Arial font
 installed or not.

 But, if the fonts look really bad, it's possible we can work together to
 include a font file that looks better.

 For me, the font on that page is [https://www.google.com/get/noto/#naskh-
 arab Noto Naskh Arabic]. Is the the same for you?

 I recategorized your ticket from Webpages/Website to Applications/Tor
 Browser because the former is only about the torproject.org website.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #22865 [Obfuscation/meek]: Explicitly set Content-Length to zero when there is no data to send

[Tor Bug Tracker & Wiki]

#22865: Explicitly set Content-Length to zero when there is no data to send
--+--
 Reporter:  twim  |  Owner:  dcf
 Type:  defect| Status:  needs_review
 Priority:  Medium|  Milestone:
Component:  Obfuscation/meek  |Version:
 Severity:  Normal| Resolution:
 Keywords:|  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+--

Comment (by twim):

 > I'm confused now by your references to the flexible environment. I tried
 deploying reflect.go to the flexible environment by adding `env: flex` to
 app.yaml:
 > So it seems that reflect.go needs more extensive changes than just
 attachment:0001-Explicitly-set-Content-Length-to-zero-when-there-
 is-.patch​ in order to run in the flexible environment. Are you running
 something other than reflect.go on App Engine?

 Sorry for this confusion. GAE flex is absolutely different environment
 with no 'lightweight restricted Go 1.6 runtime'. So one can run anything
 on there (in fact this is just Docker containers) thus enabling use of any
 reverse proxy. I run a reflector based on
 `net/http/httputil.ReverseProxy`. I've just bundled it and you can find it
 at https://github.com/nogoegst/reflector.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #22865 [Obfuscation/meek]: Explicitly set Content-Length to zero when there is no data to send

[Tor Bug Tracker & Wiki]

#22865: Explicitly set Content-Length to zero when there is no data to send
--+--
 Reporter:  twim  |  Owner:  dcf
 Type:  defect| Status:  needs_review
 Priority:  Medium|  Milestone:
Component:  Obfuscation/meek  |Version:
 Severity:  Normal| Resolution:
 Keywords:|  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+--

Comment (by twim):

 Replying to [comment:9 dcf]:
 > I've just done a test here locally, and meek-client compiled with
 `go1.8.3 linux/amd64` sends `Content-Length: 0` even without the patch
 from this ticket. I inspected the traffic by running a socat shim on port
 4000:
 > ...
 > Are you able to reproduce this? I don't see how the patch would cause it
 to behave any differently.

 Yes I am. It turns out that `Content-Length` is being set to 0 when
 HTTP/1.1 is used, and omitted in case of HTTP/2.

 > And the documentation for [https://golang.org/pkg/net/http/#NewRequest
 http.NewRequest] says that a *bytes.Reader has special handling and sets
 the body to the magic value [https://golang.org/pkg/net/http/#pkg-
 variables NoBody] when the length of the Reader is 0:

 No, it says that body is set to NoBody if `request.ContentLength == 0`.


 > So I'm wondering if this patch is really needed? If so, can you give me
 complete reproduction instructions so that I can see the bug for myself?

 Yes, see https://github.com/golang/go/issues/20257 for details. And this
 is a blocker on GAE Flex (maybe others).

 I wrote a PoC for this (see attachments). With HTTP/2 it makes a request
 like this:
 `POST / HTTP/2.0\r\nHost: meek.appspot.com\r\nAccept-Encoding: gzip\r
 \nUser-Agent: Go-http-client/2.0\r\n\r\n`
 So this gets proxied via HTTP/1.1 to the application. If there is a
 middleware in between it returns `411 Length Required`.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #22952 [Webpages/Website]: Web Site Arabic Fonts Issue !

[Tor Bug Tracker & Wiki]

#22952: Web Site Arabic Fonts Issue !
--+--
 Reporter:  sigma4111 |  Owner:
 Type:  defect| Status:  new
 Priority:  Medium|  Milestone:
Component:  Webpages/Website  |Version:  Tor: unspecified
 Severity:  Normal| Resolution:
 Keywords:|  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+--

Comment (by sigma4111):

 I forget to mention the following: Arabic characters displayed correctly
 regarding their meaning. They do not appearing as sequeres or dots or
 other symboles. Issue is just about their fonts that appeared in Tor
 browser. Font of contents is wrong. They should displayed as Arial, but
 they displayed as other Arabic fonts which is not the original !

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #22952 [Webpages/Website]: Web Site Arabic Fonts Issue !

[Tor Bug Tracker & Wiki]

#22952: Web Site Arabic Fonts Issue !
--+--
 Reporter:  sigma4111 |  Owner:
 Type:  defect| Status:  new
 Priority:  Medium|  Milestone:
Component:  Webpages/Website  |Version:  Tor: unspecified
 Severity:  Normal|   Keywords:
Actual Points:|  Parent ID:
   Points:|   Reviewer:
  Sponsor:|
--+--
 Hi. can you help me kindly to resolve fonts issue with this site:

 https://sites.google.com/site/arcommunistslibrary

 This site in Arabic language. Please look to it in normal firefox browser
 (on Windows or Linux), then compare it with it's appearance in Tor
 (regullar Tor or Tor of Tails are same error).

 On Tor, size of fonts are big (look for right sidebar navigation for
 example). Fonts of Arabic contents are not the original fonts !

 How to solve this error ? I tried the following (but failed):
 "preferences", then "contents", then from "fonts & colors" selected
 "advanced" & set the following:

 - fonts for: Arabic
 - proportional: sans sarif
 - sarif: sans sarif
 - sans sarif: sansarif
 - monospace: monospace

 then I tried (but also failed):

 - fonts for: Arabic
 - proportional: sans
 - sarif: sans
 - sans sarif: sans
 - monospace: monospace

 then I tried (& also failed):

 - fonts for: Arabic
 - proportional: sans sarif
 - sarif: sans
 - sans sarif: san sarif
 - monospace: monospace

 In all above cases, I had 2 subtrials: 1st with uncheck "allow pages to
 choose their owen fonts" box, & 2nd with check this box (after failure
 when uncheck it).

 In all above trails, after set parameters, I restart Tor browser. All my
 effort failed !!

 I contact their owners on their e-mail that existing on their site. They
 inform me that they use "Arial" as the default fonts for their site, &
 most content on their site are in "Arial".

 Please, is their any fix for this issue ?

 Best

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #16981 [Applications/Tor Browser]: NoScript Option

[Tor Bug Tracker & Wiki]

#16981: NoScript Option
--+--
 Reporter:  cypherpunks   |  Owner:  ma1
 Type:  defect| Status:  assigned
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:
 Keywords:  noscript, tbb-usability   |  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+--
Changes (by cypherpunks):

 * owner:  tbb-team => ma1
 * status:  reopened => assigned
 * severity:   => Normal
 * keywords:   => noscript, tbb-usability


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #22949 [Applications/Orbot]: Add some IP-HOST pair for meek use

[Tor Bug Tracker & Wiki]

#22949: Add some IP-HOST pair for meek use
+---
 Reporter:  cypherpunks |  Owner:  n8fr8
 Type:  enhancement | Status:  new
 Priority:  Medium  |  Milestone:
Component:  Applications/Orbot  |Version:
 Severity:  Normal  | Resolution:
 Keywords:  meek|  Actual Points:
Parent ID:  | Points:
 Reviewer:  |Sponsor:
+---
Changes (by dcf):

 * keywords:   => meek
 * priority:  Very High => Medium
 * type:  defect => enhancement
 * severity:  Critical => Normal


Comment:

 I think that a local IP address database is unlikely to be implemented,
 for maintainability reasons. Also I'm not sure this is actually a common
 problem. Have you actually encountered it in practice, or are you just
 suggesting it as a possibility?

 [https://lists.torproject.org/pipermail/tor-talk/2016-June/041699.html
 meek-google hasn't worked for a year now]—were you only using
 www.google.com as an example, or are you actually using it for fronting
 somehow? Is there really a work network that blocks www.google.com by DNS?
 How would anyone get any work done?

 If you are on a network that actually is DNS-blocking the default front
 domain, you can try [[doc/meek#Howtochangethefrontdomain|changing the
 front domain]]. You can also try configuring a DNS server other than the
 default. If that doesn't work, you can also maintain your own local DNS
 database in /etc/hosts or similar. Or just use obfs4 in that case?

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #3546 [Applications/Tor Browser]: Disabling Third party cookies breaks some REcaptcha-using sites

[Tor Bug Tracker & Wiki]

#3546: Disabling Third party cookies breaks some REcaptcha-using sites
--+--
 Reporter:  mikeperry |  Owner:  tbb-team
 Type:  defect| Status:  assigned
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:
 Keywords:  tbb-usability-website |  Actual Points:
Parent ID:| Points:  4
 Reviewer:|Sponsor:
--+--
Changes (by cypherpunks):

 * keywords:  needs-triage => tbb-usability-website
 * owner:  mikeperry => tbb-team
 * type:  enhancement => defect
 * severity:   => Normal
 * milestone:  TorBrowserBundle 2.2.x-stable =>


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #22400 [Core Tor/Tor]: We bootstrap from different primary guards when we start with a non-live consensus and not enough guards in the state file

[Tor Bug Tracker & Wiki]

#22400: We bootstrap from different primary guards when we start with a non-live
consensus and not enough guards in the state file
---+---
 Reporter:  arma   |  Owner:  nickm
 Type:  defect | Status:  accepted
 Priority:  Medium |  Milestone:  Tor:
   |  0.3.1.x-final
Component:  Core Tor/Tor   |Version:  Tor:
   |  0.3.0.7
 Severity:  Normal | Resolution:
 Keywords:  tor-client tor-guard 030-backport  |  Actual Points:
Parent ID: | Points:  3
 Reviewer:  asn|Sponsor:
---+---

Comment (by cypherpunks):

 > Are you quite sure?

 I mean patch for this bug used "reasonably live" that was
 networkstatus_valid_until_is_reasonably_live originally and changelog was
 accurate, later patch was transformed to use live_consensus_is_missing()
 which calls networkstatus_get_live_consensus() and now it's about strongly
 live consensus (not reasonably live) with 3 hours not 1 day. Isn't?

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #18254 [Applications/Tor Browser]: option to disable a security prompt when it pops up

[Tor Bug Tracker & Wiki]

#18254: option to disable a security prompt when it pops up
--+--
 Reporter:  lurkerman |  Owner:  tbb-team
 Type:  defect| Status:  closed
 Priority:  High  |  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Minor | Resolution:  user disappeared
 Keywords:  tbb-usability |  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+--
Changes (by cypherpunks):

 * status:  needs_information => closed
 * resolution:   => user disappeared


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #17650 [Applications/Tor Browser]: Cannot login to Youtube

[Tor Bug Tracker & Wiki]

#17650: Cannot login to Youtube
--+---
 Reporter:  mansdt|  Owner:  tbb-team
 Type:  defect| Status:  needs_information
 Priority:  High  |  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Major | Resolution:
 Keywords:  tbb-usability-website |  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+---

Comment (by cypherpunks):

 ff52-esr-will-have?

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #22400 [Core Tor/Tor]: We bootstrap from different primary guards when we start with a non-live consensus and not enough guards in the state file

[Tor Bug Tracker & Wiki]

#22400: We bootstrap from different primary guards when we start with a non-live
consensus and not enough guards in the state file
---+---
 Reporter:  arma   |  Owner:  nickm
 Type:  defect | Status:  accepted
 Priority:  Medium |  Milestone:  Tor:
   |  0.3.1.x-final
Component:  Core Tor/Tor   |Version:  Tor:
   |  0.3.0.7
 Severity:  Normal | Resolution:
 Keywords:  tor-client tor-guard 030-backport  |  Actual Points:
Parent ID: | Points:  3
 Reviewer:  asn|Sponsor:
---+---

Comment (by nickm):

 Replying to [comment:19 cypherpunks]:
 > > "reasonably live" (under 1 day old)
 >
 > No. "Reasonably live" is about valid_after <= now <= valid_until. 3
 hours range by default.

 Are you quite sure? See `networkstatus_valid_until_is_reasonably_live` in
 networkstatus.c

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #22400 [Core Tor/Tor]: We bootstrap from different primary guards when we start with a non-live consensus and not enough guards in the state file

[Tor Bug Tracker & Wiki]

#22400: We bootstrap from different primary guards when we start with a non-live
consensus and not enough guards in the state file
---+---
 Reporter:  arma   |  Owner:  nickm
 Type:  defect | Status:  accepted
 Priority:  Medium |  Milestone:  Tor:
   |  0.3.1.x-final
Component:  Core Tor/Tor   |Version:  Tor:
   |  0.3.0.7
 Severity:  Normal | Resolution:
 Keywords:  tor-client tor-guard 030-backport  |  Actual Points:
Parent ID: | Points:  3
 Reviewer:  asn|Sponsor:
---+---

Comment (by cypherpunks):

 > "reasonably live" (under 1 day old)

 No. "Reasonably live" is about valid_after <= now <= valid_until. 3 hours
 range by default.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #22921 [Core Tor/Tor]: Tor 0.3.0.9 and 0.3.1.4-alpha on FreeBSD: Failed to find node for hop 0 of our path. Discarding this circuit.

[Tor Bug Tracker & Wiki]

#22921: Tor 0.3.0.9 and 0.3.1.4-alpha on FreeBSD: Failed to find node for hop 0 
of
our path. Discarding this circuit.
--+
 Reporter:  neel  |  Owner:
 Type:  defect| Status:  needs_information
 Priority:  Very High |  Milestone:  Tor: 0.3.1.x-final
Component:  Core Tor/Tor  |Version:  Tor: 0.3.0.9
 Severity:  Critical  | Resolution:
 Keywords:  030-backport  |  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+

Comment (by cypherpunks):

 This is about fix for #22400, with wrong timezone (consensus detected as
 old) tor can to build circuits but can't to add new guard.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #22951 [Core Tor/Tor]: NETINFO cells are mandatory, but tor-spec says "may"

[Tor Bug Tracker & Wiki]

#22951: NETINFO cells are mandatory, but tor-spec says "may"
---+
 Reporter:  teor   |  Owner:
 Type:  defect | Status:  needs_revision
 Priority:  Medium |  Milestone:  Tor: 0.3.2.x-final
Component:  Core Tor/Tor   |Version:
 Severity:  Normal | Resolution:
 Keywords:  tor-spec easy doc  |  Actual Points:
Parent ID:  #18856 | Points:
 Reviewer: |Sponsor:
---+
Changes (by teor):

 * status:  new => needs_revision


Comment:

 A disgnostic script that demonstrates this is available at:
 https://github.com/teor2345/endosome/blob/master/client-or-22951.py

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #22941 [Core Tor/Tor]: Bootstrapped frozen at 85% : Failed to find node for hop 0 of our path.

[Tor Bug Tracker & Wiki]

#22941: Bootstrapped frozen at 85% : Failed to find node for hop 0 of our path.
--+---
 Reporter:  JohnMilos |  Owner:
 Type:  defect| Status:  closed
 Priority:  Medium|  Milestone:
Component:  Core Tor/Tor  |Version:
 Severity:  Normal| Resolution:  duplicate
 Keywords:|  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+---
Changes (by cypherpunks):

 * status:  needs_information => closed
 * resolution:   => duplicate


Comment:

 duplicate of #22921

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #22921 [Core Tor/Tor]: Tor 0.3.0.9 and 0.3.1.4-alpha on FreeBSD: Failed to find node for hop 0 of our path. Discarding this circuit.

[Tor Bug Tracker & Wiki]

#22921: Tor 0.3.0.9 and 0.3.1.4-alpha on FreeBSD: Failed to find node for hop 0 
of
our path. Discarding this circuit.
--+
 Reporter:  neel  |  Owner:
 Type:  defect| Status:  needs_information
 Priority:  Very High |  Milestone:  Tor: 0.3.1.x-final
Component:  Core Tor/Tor  |Version:  Tor: 0.3.0.9
 Severity:  Critical  | Resolution:
 Keywords:  030-backport  |  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+

Comment (by cypherpunks):

 #22941, user confirms about wrong time zone leading to this warns. If so
 it's very cryptic way to report about problems.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #22951 [Core Tor/Tor]: NETINFO cells are mandatory, but tor-spec says "may"

[Tor Bug Tracker & Wiki]

#22951: NETINFO cells are mandatory, but tor-spec says "may"
--+
 Reporter:  teor  |  Owner:
 Type:  defect| Status:  new
 Priority:  Medium|  Milestone:  Tor: 0.3.2.x-final
Component:  Core Tor/Tor  |Version:
 Severity:  Normal|   Keywords:  tor-spec easy doc
Actual Points:|  Parent ID:  #18856
   Points:|   Reviewer:
  Sponsor:|
--+
 In this context, "may" is ambiguous: NETINFO is actually a mandatory
 requirement:
 {{{
cell (4.5).  As soon as it gets the CERTS cell, the initiator knows
whether the responder is correctly authenticated.  At this point the
 -  initiator may send a NETINFO cell if it does not wish to
 +  initiator MUST send a NETINFO cell if it does not wish to
authenticate, or a CERTS cell, an AUTHENTICATE cell (4.4), and a
 NETINFO
cell if it does.  When this handshake is in use, the first cell must
be VERSIONS, VPADDING or AUTHORIZE, and no other cell type is allowed
 to
intervene besides those specified, except for PADDING and VPADDING
 cells.
 }}}
 https://gitweb.torproject.org/torspec.git/tree/tor-spec.txt#n482

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #22941 [Core Tor/Tor]: Bootstrapped frozen at 85% : Failed to find node for hop 0 of our path.

[Tor Bug Tracker & Wiki]

#22941: Bootstrapped frozen at 85% : Failed to find node for hop 0 of our path.
--+---
 Reporter:  JohnMilos |  Owner:
 Type:  defect| Status:  needs_information
 Priority:  Medium|  Milestone:
Component:  Core Tor/Tor  |Version:
 Severity:  Normal| Resolution:
 Keywords:|  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+---

Comment (by JohnMilos):

 Ok, sorry my mistake !
 All was ok but not the timezone : settled initially on UTC-08:00 strangely
 !
 I selected UTC+01:00 and all looks ok now.
 Thanks to all.
 Thread to close.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #22941 [Core Tor/Tor]: Bootstrapped frozen at 85% : Failed to find node for hop 0 of our path.

[Tor Bug Tracker & Wiki]

#22941: Bootstrapped frozen at 85% : Failed to find node for hop 0 of our path.
--+---
 Reporter:  JohnMilos |  Owner:
 Type:  defect| Status:  needs_information
 Priority:  Medium|  Milestone:
Component:  Core Tor/Tor  |Version:
 Severity:  Normal| Resolution:
 Keywords:|  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+---

Comment (by JohnMilos):

 What do you mean by "triggered by old cached stuff and some recent fix
 maybe" ?
 I tried Tor Browser from 2 distinct directories : from a key usb and
 another fresh downloaded version on the desktop. Only common thing is the
 computer.
 Time is ok, date also.
 I've tried with and without VPN => same issue.
 By the way, i don't think it's possible to perfectly synchronize time on a
 PC ? 2 sec ahead or not ? It makes a difference ?

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #22921 [Core Tor/Tor]: Tor 0.3.0.9 and 0.3.1.4-alpha on FreeBSD: Failed to find node for hop 0 of our path. Discarding this circuit.

[Tor Bug Tracker & Wiki]

#22921: Tor 0.3.0.9 and 0.3.1.4-alpha on FreeBSD: Failed to find node for hop 0 
of
our path. Discarding this circuit.
--+
 Reporter:  neel  |  Owner:
 Type:  defect| Status:  needs_information
 Priority:  Very High |  Milestone:  Tor: 0.3.1.x-final
Component:  Core Tor/Tor  |Version:  Tor: 0.3.0.9
 Severity:  Critical  | Resolution:
 Keywords:  030-backport  |  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+

Comment (by cypherpunks):

 neel, please keep cached stuff (consensus,, descriptors) somewhere. it
 could help to reproduce this bug.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #22941 [Core Tor/Tor]: Bootstrapped frozen at 85% : Failed to find node for hop 0 of our path.

[Tor Bug Tracker & Wiki]

#22941: Bootstrapped frozen at 85% : Failed to find node for hop 0 of our path.
--+---
 Reporter:  JohnMilos |  Owner:
 Type:  defect| Status:  needs_information
 Priority:  Medium|  Milestone:
Component:  Core Tor/Tor  |Version:
 Severity:  Normal| Resolution:
 Keywords:|  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+---

Comment (by cypherpunks):

 > Also downloaded another fresh tor browser package => launched it and
 same issue.

 Did you remove previously installed directory with tor browser? If not,
 try to remove it.

 I'm sure it's #22921 duplicate triggered by old cached stuff and some
 recent fix maybe.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #22941 [Core Tor/Tor]: Bootstrapped frozen at 85% : Failed to find node for hop 0 of our path.

[Tor Bug Tracker & Wiki]

#22941: Bootstrapped frozen at 85% : Failed to find node for hop 0 of our path.
--+---
 Reporter:  JohnMilos |  Owner:
 Type:  defect| Status:  needs_information
 Priority:  Medium|  Milestone:
Component:  Core Tor/Tor  |Version:
 Severity:  Normal| Resolution:
 Keywords:|  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+---

Comment (by JohnMilos):

 Hi,
 i checked time, time zone and date => all is ok.
 Also downloaded another fresh tor browser package => launched it and same
 issue.
 I'm a bit lost i must admit !

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #22949 [Applications/Orbot]: Add some IP-HOST pair for meek use

[Tor Bug Tracker & Wiki]

#22949: Add some IP-HOST pair for meek use
+---
 Reporter:  cypherpunks |  Owner:  n8fr8
 Type:  defect  | Status:  new
 Priority:  Very High   |  Milestone:
Component:  Applications/Orbot  |Version:
 Severity:  Critical| Resolution:
 Keywords:  |  Actual Points:
Parent ID:  | Points:
 Reviewer:  |Sponsor:
+---
Changes (by yawning):

 * cc: yawning (removed)


Comment:

 Attempting in vain to remove myself from the cc list.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #22950 [Applications/Tor Browser Sandbox]: Filter out X11 root window property queries.

[Tor Bug Tracker & Wiki]

#22950: Filter out X11 root window property queries.
--+-
 Reporter:  yawning   |  Owner:  yawning
 Type:  enhancement   | Status:  new
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser Sandbox  |Version:
 Severity:  Normal|   Keywords:
Actual Points:|  Parent ID:
   Points:|   Reviewer:
  Sponsor:|
--+-
 There's a whole host of X11 root window properties that leak various bits
 of information about the host system.  These should be filtered out, and
 now can be because the sandbox has an X11 proxy that can do protocol
 inspection and response rewriting.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #22949 [Applications/Orbot]: Add some IP-HOST pair for meek use

[Tor Bug Tracker & Wiki]

#22949: Add some IP-HOST pair for meek use
+---
 Reporter:  cypherpunks |  Owner:  n8fr8
 Type:  defect  | Status:  new
 Priority:  Very High   |  Milestone:
Component:  Applications/Orbot  |Version:
 Severity:  Critical| Resolution:
 Keywords:  |  Actual Points:
Parent ID:  | Points:
 Reviewer:  |Sponsor:
+---

Comment (by cypherpunks):

 Good idea, meek-amazon and meek-azure front-ends are probably only blocked
 in some corporate firewalls, so maybe countering DNS poisoning may be
 useful in those cases.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #22932 [Applications/Tor Browser Sandbox]: Support an amnesiac profile directory.

[Tor Bug Tracker & Wiki]

#22932: Support an amnesiac profile directory.
--+-
 Reporter:  yawning   |  Owner:  yawning
 Type:  enhancement   | Status:  closed
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser Sandbox  |Version:
 Severity:  Normal| Resolution:  fixed
 Keywords:|  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+-
Changes (by yawning):

 * status:  accepted => closed
 * resolution:   => fixed


Comment:

 https://gitweb.torproject.org/tor-browser/sandboxed-tor-
 browser.git/commit/?id=c8e63575340e5541ae50051acbe03b69b14e577c

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #22932 [Applications/Tor Browser Sandbox]: Support an amnesiac profile directory. (was: Support a non-volatile profile directory.)

[Tor Bug Tracker & Wiki]

#22932: Support an amnesiac profile directory.
--+--
 Reporter:  yawning   |  Owner:  yawning
 Type:  enhancement   | Status:  accepted
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser Sandbox  |Version:
 Severity:  Normal| Resolution:
 Keywords:|  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+--
Changes (by yawning):

 * status:  new => accepted


Comment:

 Change the summary to more accurately reflect how this works.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #22922 [Internal Services/Tor Sysadmin Team]: pipeline.torproject.net subdomain for 199.119.112.90

[Tor Bug Tracker & Wiki]

#22922: pipeline.torproject.net subdomain for 199.119.112.90
-+
 Reporter:  hiro |  Owner:  tpa
 Type:  defect   | Status:  closed
 Priority:  Medium   |  Milestone:
Component:  Internal Services/Tor Sysadmin Team  |Version:
 Severity:  Normal   | Resolution:  fixed
 Keywords:   |  Actual Points:
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+
Changes (by weasel):

 * status:  new => closed
 * resolution:   => fixed


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #22938 [Internal Services/Tor Sysadmin Team]: Please refresh key - 0xCB8FC772D1AA1D30

[Tor Bug Tracker & Wiki]

#22938: Please refresh key - 0xCB8FC772D1AA1D30
-+
 Reporter:  sysrqb   |  Owner:  tpa
 Type:  enhancement  | Status:  closed
 Priority:  Medium   |  Milestone:
Component:  Internal Services/Tor Sysadmin Team  |Version:
 Severity:  Normal   | Resolution:  fixed
 Keywords:   |  Actual Points:
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+
Changes (by weasel):

 * status:  new => closed
 * resolution:   => fixed


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #21400 [Applications/Orbot]: Samsung Note 10.1

[Tor Bug Tracker & Wiki]

#21400: Samsung Note 10.1
--+
 Reporter:  LunarWolf |  Owner:  n8fr8
 Type:  defect| Status:  closed
 Priority:  Medium|  Milestone:
Component:  Applications/Orbot|Version:
 Severity:  Normal| Resolution:  fixed
 Keywords:  orbot, android, lollipop  |  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+
Changes (by cypherpunks):

 * status:  new => closed
 * resolution:   => fixed


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #21083 [Applications/Orbot]: Socket exception in Android client

[Tor Bug Tracker & Wiki]

#21083: Socket exception in Android client
+
 Reporter:  omverma |  Owner:  n8fr8
 Type:  defect  | Status:  closed
 Priority:  Medium  |  Milestone:
Component:  Applications/Orbot  |Version:
 Severity:  Normal  | Resolution:  fixed
 Keywords:  |  Actual Points:
Parent ID:  | Points:
 Reviewer:  |Sponsor:
+
Changes (by cypherpunks):

 * status:  new => closed
 * resolution:   => fixed


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #21025 [Applications/Orbot]: Orbot Problem on Nexus 6P

[Tor Bug Tracker & Wiki]

#21025: Orbot Problem on Nexus 6P
+
 Reporter:  Orbot Problems  |  Owner:  n8fr8
 Type:  defect  | Status:  closed
 Priority:  Medium  |  Milestone:
Component:  Applications/Orbot  |Version:
 Severity:  Normal  | Resolution:  fixed
 Keywords:  |  Actual Points:
Parent ID:  | Points:
 Reviewer:  |Sponsor:
+
Changes (by cypherpunks):

 * status:  new => closed
 * resolution:   => fixed


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #21708 [Applications/Orbot]: Orbot/application

[Tor Bug Tracker & Wiki]

#21708: Orbot/application
+
 Reporter:  gregory.boston  |  Owner:  <  >
 Type:  defect  | Status:  closed
 Priority:  Immediate   |  Milestone:
Component:  Applications/Orbot  |Version:
 Severity:  Blocker | Resolution:  worksforme
 Keywords:  |  Actual Points:
Parent ID:  | Points:
 Reviewer:  |Sponsor:
+
Changes (by cypherpunks):

 * status:  new => closed
 * resolution:   => worksforme


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #22949 [Applications/Orbot]: Add some IP-HOST pair for meek use

[Tor Bug Tracker & Wiki]

#22949: Add some IP-HOST pair for meek use
+---
 Reporter:  cypherpunks |  Owner:  n8fr8
 Type:  defect  | Status:  new
 Priority:  Very High   |  Milestone:
Component:  Applications/Orbot  |Version:
 Severity:  Critical|   Keywords:
Actual Points:  |  Parent ID:
   Points:  |   Reviewer:
  Sponsor:  |
+---
 1. I want to use meek.
 2. My network is blocking DNS request.

 Please consider adding some IP:PORT pair to Orbot itself.


 Current behavior:
 Orbot: "Hey DNS, resolve www.google.com(for domain fronting)"
 DNS: "Reject!"
 Orbot: "Hey user, you can't connect!!"


 Expected behavior:
 Orbot: "Hey DNS, resolve www.google.com(for domain fronting)"
 DNS: "Reject!"
 Orbot: "Then I'll try 120.130.140.150(www.google.com's IP addr.)"
 Orbot: Trying to connect: 120.130.140.150:443 with "Host: google.com".
 Orbot: Success. Fuck DNS :)


 I'm not joking. By adding valid IP address into Orbot core, user
 can access to Tor network even DNS is blocked.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #22948 [Core Tor/Tor]: Padding and Keepalive cells should have random payloads

[Tor Bug Tracker & Wiki]

#22948: Padding and Keepalive cells should have random payloads
--+--
 Reporter:  teor  |  Owner:
 Type:  defect| Status:  new
 Priority:  Medium|  Milestone:  Tor: 0.3.1.x-final
Component:  Core Tor/Tor  |Version:  Tor: 0.3.1.1-alpha
 Severity:  Normal|   Keywords:  tor-spec, security-maybe
Actual Points:|  Parent ID:  #18856
   Points:  0.5   |   Reviewer:
  Sponsor:|
--+--
 tor-spec says:
 {{{
Link padding can be created by sending PADDING or VPADDING cells
along the connection; relay cells of type "DROP" can be used for
long-range padding.  The contents of a PADDING, VPADDING, or DROP
cell SHOULD be chosen randomly, and MUST be ignored.
 }}}
 https://gitweb.torproject.org/torspec.git/tree/tor-spec.txt#n1534

 But padding cells sent by channelpadding_send_padding_cell_for_callback()
 and keepalive cells sent by run_connection_housekeeping() have a payload
 of all zero bytes.

 I don't know if this is a security issue or not. It is probably ok, unless
 Tor has compression enabled on its TLS connections. If compression is
 enabled, all the padding data size calculations will be wrong.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #22948 [Core Tor/Tor]: Padding and Keepalive cells should have random payloads

[Tor Bug Tracker & Wiki]

#22948: Padding and Keepalive cells should have random payloads
--+
 Reporter:  teor  |  Owner:
 Type:  defect| Status:  new
 Priority:  Medium|  Milestone:  Tor: 0.3.1.x-final
Component:  Core Tor/Tor  |Version:  Tor: 0.3.1.1-alpha
 Severity:  Normal| Resolution:
 Keywords:  tor-spec, security-maybe  |  Actual Points:
Parent ID:  #18856| Points:  0.5
 Reviewer:|Sponsor:
--+
Changes (by teor):

 * cc: mikeperry (added)


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #22947 [Webpages/Blog]: Possible Security Issue (Information Disclosure) with Drupal on blog.torproject.org

[Tor Bug Tracker & Wiki]

#22947: Possible Security Issue (Information Disclosure) with Drupal on
blog.torproject.org
---+--
 Reporter:  cypherpunks|  Owner:  hiro
 Type:  defect | Status:  new
 Priority:  Medium |  Milestone:
Component:  Webpages/Blog  |Version:
 Severity:  Normal |   Keywords:  security
Actual Points: |  Parent ID:
   Points: |   Reviewer:
  Sponsor: |
---+--
 When loading https://blog.torproject.org/blog/tor-0312-alpha-out-notes-
 about-0311-alpha, a Drupal warning appeared at the top of the page that
 looked something like:

 Warning: Drupal mkdir() failed directory already exists, etc. etc.

 Encountered around 06:00-06:10 UTC. I apologize for the vague wording, but
 I was an idiot and forgot to take a screenshot. The error appeared after
 the tab was reloaded from a previous Firefox session, and disappeared
 after I refreshed the page.  The warning message contained directory/path
 names that appeared at least slightly sensitive. I don't think that
 displaying server-side error messages to a client is intended behavior,
 either...

 Apologies if this is the wrong channel for reporting this. I looked for an
 email address for security issues, but the Contact page says to "email the
 respective maintainer" (???). I'm not familiar with who maintains the
 blog, and it doesn't seem very high-risk or reproducible, so I'll leave a
 comment on the blog directing someone here.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs