Re: [tor-bugs] #28026 [Core Tor/Tor]: make hs-v3 client auth configuration clearer in man page

[Tor Bug Tracker & Wiki]

#28026: make hs-v3 client auth configuration clearer in man page
--+
 Reporter:  mtigas|  Owner:  (none)
 Type:  defect| Status:  merge_ready
 Priority:  Medium|  Milestone:  Tor: 0.3.5.x-final
Component:  Core Tor/Tor  |Version:
 Severity:  Normal| Resolution:
 Keywords:  hs-auth   |  Actual Points:
Parent ID:| Points:
 Reviewer:  asn   |Sponsor:
--+

Comment (by arma):

 (#25796 is now merged)

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #28133 [- Select a component]: Tor Browser crashes/restarts when using Reader View shortcut (ctrl+alt+r)

[Tor Bug Tracker & Wiki]

#28133: Tor Browser crashes/restarts when using Reader View shortcut 
(ctrl+alt+r)
--+--
 Reporter:  ev9F8itL  |  Owner:  (none)
 Type:  defect| Status:  new
 Priority:  Low   |  Component:  - Select a component
  Version:|   Severity:  Minor
 Keywords:  ff60-esr  |  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+--
 Even if the webpage doesn't support reader view, ctrl+alt+r causes Tor
 Browser to crash/restart and lose the current session. Clicking on the
 reader view icon to the right of the URL bar works, however.


 Produced on Tor Browser 8.0.2, Debian GNU/Linux 9 (64-bit).

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #28067 [Core Tor/Tor]: Annotations should be documented in dir-spec.txt

[Tor Bug Tracker & Wiki]

#28067: Annotations should be documented in dir-spec.txt
--+--
 Reporter:  rl1987|  Owner:  (none)
 Type:  enhancement   | Status:  new
 Priority:  Medium|  Milestone:  Tor: unspecified
Component:  Core Tor/Tor  |Version:
 Severity:  Normal| Resolution:
 Keywords:|  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+--

Comment (by nickm):

 I'd be fine with that.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #28128 [Core Tor/Tor]: v3 client auth: No interned sandbox parameter found

[Tor Bug Tracker & Wiki]

#28128: v3 client auth: No interned sandbox parameter found
--+
 Reporter:  pege  |  Owner:  (none)
 Type:  defect| Status:  new
 Priority:  Medium|  Milestone:  Tor: 0.3.5.x-final
Component:  Core Tor/Tor  |Version:  Tor: 0.3.5.3-alpha
 Severity:  Normal| Resolution:
 Keywords:|  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+
Changes (by nickm):

 * milestone:   => Tor: 0.3.5.x-final


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #28131 [Applications/Tor Browser]: Troubleshooting: refresh

[Tor Bug Tracker & Wiki]

#28131: Troubleshooting: refresh
--+--
 Reporter:  Simone|  Owner:  tbb-team
 Type:  defect| Status:  new
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:
 Keywords:|  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+--
Changes (by nickm):

 * owner:  (none) => tbb-team
 * component:  Core Tor => Applications/Tor Browser


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #27896 [Core Tor/Tor]: base32 padding inconsistency between client and server in HS v3 client auth preview

[Tor Bug Tracker & Wiki]

#27896: base32 padding inconsistency between client and server in HS v3 client 
auth
preview
-+
 Reporter:  jchevali |  Owner:  (none)
 Type:  defect   | Status:  needs_information
 Priority:  Medium   |  Milestone:  Tor: 0.3.6.x-final
Component:  Core Tor/Tor |Version:  Tor: 0.3.5.1-alpha
 Severity:  Normal   | Resolution:
 Keywords:  tor-hs, hs-auth  |  Actual Points:
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+
Changes (by nickm):

 * milestone:  Tor: unspecified => Tor: 0.3.6.x-final


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #28129 [Core Tor/Tor]: reload v3 client authorization: Assertion !tor_mem_is_zero

[Tor Bug Tracker & Wiki]

#28129: reload v3 client authorization: Assertion !tor_mem_is_zero
+
 Reporter:  pege|  Owner:  (none)
 Type:  defect  | Status:  new
 Priority:  High|  Milestone:  Tor: 0.3.5.x-final
Component:  Core Tor/Tor|Version:  Tor: 0.3.5.3-alpha
 Severity:  Normal  | Resolution:
 Keywords:  tor-hs hs-auth  |  Actual Points:
Parent ID:  | Points:
 Reviewer:  |Sponsor:
+
Changes (by nickm):

 * priority:  Medium => High
 * milestone:   => Tor: 0.3.5.x-final


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #27723 [Obfuscation/Censorship analysis]: Obfs4 stopped working 16 Sept 18

[Tor Bug Tracker & Wiki]

#27723: Obfs4 stopped working 16 Sept 18
-+-
 Reporter:  mwolfe   |  Owner:  dcf
 Type:  task | Status:  new
 Priority:  Medium   |  Milestone:
Component:  Obfuscation/Censorship analysis  |Version:
 Severity:  Normal   | Resolution:
 Keywords:  censorship block ae obfs4 meek   |  Actual Points:
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-

Comment (by traumschule):

 Where should that teaching happen: in TB, the FAQ, wiki, tb-manual or on
 the download page even?

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #10034 [Applications/Tor bundles/installation]: TB breaks if control settings are changed

[Tor Bug Tracker & Wiki]

#10034: TB breaks if control settings are changed
-+-
 Reporter:  Remi |  Owner:  erinn
 Type:  defect   | Status:  closed
 Priority:  Medium   |  Milestone:
Component:  Applications/Tor |Version:  Tor:
  bundles/installation   |  0.2.3.25
 Severity:  Normal   | Resolution:  wontfix
 Keywords:  control  |  Actual Points:
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-
Changes (by gk):

 * keywords:  control, needs-triage => control
 * status:  needs_information => closed
 * resolution:   => wontfix


Comment:

 No Vidalia anymore.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #8334 [Applications/Tor bundles/installation]: Enumerate all the safe and unsafe addons that have ever existed

[Tor Bug Tracker & Wiki]

#8334: Enumerate all the safe and unsafe addons that have ever existed
-+-
 Reporter:  Tor12345 |  Owner:
 |  cypherpunks
 Type:  task | Status:  closed
 Priority:  Medium   |  Milestone:
Component:  Applications/Tor |Version:
  bundles/installation   |
 Severity:  Normal   | Resolution:  wontfix
 Keywords:   |  Actual Points:
Parent ID:   | Points:
 |  Infinite
 Reviewer:   |Sponsor:
-+-
Changes (by gk):

 * status:  needs_information => closed
 * resolution:   => wontfix


Comment:

 Nothing we want to do.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #10613 [Applications/Tor bundles/installation]: Adding Firefox Addon "Blender" into default addons of Tor?

[Tor Bug Tracker & Wiki]

#10613: Adding Firefox Addon "Blender" into default addons of Tor?
-+-
 Reporter:  deathbysnoo  |  Owner:  erinn
 Type:  enhancement  | Status:  closed
 Priority:  Medium   |  Milestone:
Component:  Applications/Tor |Version:
  bundles/installation   |
 Severity:  Normal   | Resolution:  wontfix
 Keywords:  new-addon|  Actual Points:
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-
Changes (by gk):

 * keywords:  needs-triage new-addon => new-addon
 * status:  new => closed
 * resolution:   => wontfix


Comment:

 Nothing we want, WONTFIXing.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #11652 [Applications/Tor bundles/installation]: Review text of Tor Browser User Manual

[Tor Bug Tracker & Wiki]

#11652: Review text of Tor Browser User Manual
-+-
 Reporter:  mttp |  Owner:  (none)
 Type:  task | Status:  closed
 Priority:  Medium   |  Milestone:
Component:  Applications/Tor |Version:
  bundles/installation   | Resolution:
 Severity:  Normal   |  worksforme
 Keywords:  tbb-manual, SponsorO |  Actual Points:
Parent ID:  #10974   | Points:
 Reviewer:   |Sponsor:
-+-
Changes (by gk):

 * status:  new => closed
 * keywords:  tbb-manual, SponsorO, needs-triage => tbb-manual, SponsorO
 * resolution:   => worksforme


Comment:

 I think we are good here with the process we established with the
 community team.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #12387 [Applications/Tor Browser]: (Some) Pluggable Transport binaries are not stripped

[Tor Bug Tracker & Wiki]

#12387: (Some) Pluggable Transport binaries are not stripped
--+---
 Reporter:  gk|  Owner:  mikeperry
 Type:  defect| Status:  assigned
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:
 Keywords:  tbb-testcase, tbb-rbm |  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+---
Changes (by gk):

 * keywords:  tbb-testcase, MikePerry201504 => tbb-testcase, tbb-rbm
 * component:  Applications/Tor bundles/installation => Applications/Tor
 Browser


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #12865 [Applications/Tor bundles/installation]: Two installer construction instructions is one too many.

[Tor Bug Tracker & Wiki]

#12865: Two installer construction instructions is one too many.
-+-
 Reporter:  mttp |  Owner:  mttp
 Type:  defect   | Status:  closed
 Priority:  Medium   |  Milestone:
Component:  Applications/Tor |Version:
  bundles/installation   |
 Severity:  Normal   | Resolution:  fixed
 Keywords:   |  Actual Points:
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-
Changes (by gk):

 * status:  assigned => closed
 * resolution:   => fixed


Comment:

 I think that this got fix when we move the expert bundle build to our
 reproducible build process.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #12454 [Applications/Tor Browser]: many PT components ship with "test" or "tests" directories

[Tor Bug Tracker & Wiki]

#12454: many PT components ship with "test" or "tests" directories
--+-
 Reporter:  mcs   |  Owner:  dcf
 Type:  defect| Status:  new
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:
 Keywords:  tbb-rbm   |  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+-
Changes (by gk):

 * keywords:  needs-triage => tbb-rbm
 * component:  Applications/Tor bundles/installation => Applications/Tor
 Browser


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #5184 [Applications/Tor bundles/installation]: Spanish TBB contains all Torbutton locale files

[Tor Bug Tracker & Wiki]

#5184: Spanish TBB contains all Torbutton locale files
-+-
 Reporter:  rransom  |  Owner:  erinn
 Type:  defect   | Status:  closed
 Priority:  Low  |  Milestone:
Component:  Applications/Tor |Version:
  bundles/installation   | Resolution:
 Severity:  Normal   |  worksforme
 Keywords:  size-reduction   |  Actual Points:
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-
Changes (by gk):

 * keywords:  size-reduction, needs-triage => size-reduction
 * status:  needs_information => closed
 * resolution:   => worksforme


Comment:

 I think it's okay if we ship all locales. The user might install an
 additional locale in their browser and stripping down the locales to, say,
 spanish and english would suddenly break Tor Browser in interesting ways.
 We'll see how we solve this once we move Torbutton closer to the browser
 core...

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #25578 [Applications/Tor Browser]: Package and distribute Tor Browser using Flatpak

[Tor Bug Tracker & Wiki]

#25578: Package and distribute Tor Browser using Flatpak
--+--
 Reporter:  mjog  |  Owner:  tbb-team
 Type:  enhancement   | Status:  new
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:
 Keywords:|  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+--

Comment (by gk):

 That reminds me of https://flatkill.org/ which is talking about Flatpak
 security.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #28125 [Applications/Tor Browser]: Don't let Android leak DNS queries

[Tor Bug Tracker & Wiki]

#28125: Don't let Android leak DNS queries
--+--
 Reporter:  sysrqb|  Owner:  tbb-team
 Type:  defect| Status:  new
 Priority:  Very High |  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:
 Keywords:  tbb-mobile|  Actual Points:
Parent ID:  #5709 | Points:
 Reviewer:|Sponsor:
--+--

Comment (by new_user):

 -I made comment in #27822 and indeed i was using android o sdk 27
 -so again i tested tor on android 7.1
 -dns leaks on 7.1
 -latest alpha leaks dns
 -but orfox is running fine does not leaks dns at all

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #21900 [Core Tor/Tor]: evdns fails when resolv.conf is missing, but succeeds when resolv.conf is empty

[Tor Bug Tracker & Wiki]

#21900: evdns fails when resolv.conf is missing, but succeeds when resolv.conf 
is
empty
-+-
 Reporter:  teor |  Owner:  rl1987
 Type:  defect   | Status:
 |  needs_review
 Priority:  Medium   |  Milestone:  Tor:
 |  0.3.6.x-final
Component:  Core Tor/Tor |Version:
 Severity:  Normal   | Resolution:
 Keywords:  technical-debt, dns, crash, tor- |  Actual Points:
  relay, macos, 032-unreached|
Parent ID:   | Points:  2
 Reviewer:  nickm|Sponsor:
-+-
Changes (by rl1987):

 * status:  needs_revision => needs_review


Comment:

 https://github.com/torproject/tor/pull/425

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #27827 [Obfuscation/Snowflake]: Reproducibility issue of the snowflake osx64 build

[Tor Bug Tracker & Wiki]

#27827: Reproducibility issue of the snowflake osx64 build
---+--
 Reporter:  boklm  |  Owner:  tbb-team
 Type:  defect | Status:  reopened
 Priority:  Very High  |  Milestone:
Component:  Obfuscation/Snowflake  |Version:
 Severity:  Normal | Resolution:
 Keywords:  tbb-rbm, TorBrowserTeam201810  |  Actual Points:
Parent ID: | Points:
 Reviewer: |Sponsor:
---+--

Comment (by dcf):

 Sorry for not checking the linux build. I'll have a little time to look at
 this on Tuesday, but if I can't figure it out then, it'll be another week
 before I can look at it.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #26167 [Applications/Torbutton]: Make Torbutton security settings more customizable

[Tor Bug Tracker & Wiki]

#26167: Make Torbutton security settings more customizable
--+-
 Reporter:  indigotime|  Owner:  (none)
 Type:  enhancement   | Status:  closed
 Priority:  Medium|  Milestone:
Component:  Applications/Torbutton|Version:
 Severity:  Normal| Resolution:  wontfix
 Keywords:  settings, security level  |  Actual Points:
Parent ID:  #20843| Points:
 Reviewer:|Sponsor:
--+-

Comment (by traumschule):

 Replying to [comment:4 indigotime]:
 > In general, adding more customizations won't make browser more
 fingerprintable.
 Is this statement backed by anything?

 If so i'm interested to read your answer to
 https://www.torproject.org/projects/torbrowser/design/#fingerprinting-
 linkability

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #27896 [Core Tor/Tor]: base32 padding inconsistency between client and server in HS v3 client auth preview

[Tor Bug Tracker & Wiki]

#27896: base32 padding inconsistency between client and server in HS v3 client 
auth
preview
-+
 Reporter:  jchevali |  Owner:  (none)
 Type:  defect   | Status:  needs_information
 Priority:  Medium   |  Milestone:  Tor: unspecified
Component:  Core Tor/Tor |Version:  Tor: 0.3.5.1-alpha
 Severity:  Normal   | Resolution:
 Keywords:  tor-hs, hs-auth  |  Actual Points:
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+

Comment (by jchevali):

 Perhaps you'd like to deal with the assertion failed issue in the ticket
 that pege's opened, #28129 (although that same stack trace was presented
 here earlier), and leave this ticket for the other issues, namely, how
 should we investigate invalid descriptors (by the server that doesn't
 crash -- i.e., if given its characteristics, e.g., no GCC, no IPv4, etc.,
 you still deem it worthy of testing), and whether padded content should be
 allowed (after all under the base32 definition I believe it's legal), and
 whether padded entries or otherwise invalid entries (except comments)
 should, when they're not among otherwise valid entries, result in an
 unsecured service or a secured (closed) one.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #22089 [Applications/Tor Browser]: Add Decentraleyes to slighten off a bit Exit traffic and work around some CDNs blocking of Tor

[Tor Bug Tracker & Wiki]

#22089: Add Decentraleyes to slighten off a bit Exit traffic and work around 
some
CDNs blocking of Tor
-+-
 Reporter:  imageverif   |  Owner:  tbb-
 |  team
 Type:  enhancement  | Status:
 |  needs_review
 Priority:  Medium   |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tbb-usability-website, tbb-  |  Actual Points:
  performance|
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-
Changes (by indigotime):

 * cc: indigotime (added)


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #22058 [Applications/Quality Assurance and Testing]: Provide better testing for Tor Browser not breaking important websites (Twitter/Github etc.)

[Tor Bug Tracker & Wiki]

#22058: Provide better testing for Tor Browser not breaking important websites
(Twitter/Github etc.)
-+-
 Reporter:  gk   |  Owner:
 |  cypherpunks
 Type:  enhancement  | Status:  new
 Priority:  Medium   |  Milestone:
Component:  Applications/Quality Assurance and   |Version:
  Testing|
 Severity:  Normal   | Resolution:
 Keywords:   |  Actual Points:
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-

Comment (by indigotime):

 Currently, it's impossible to sign up to Github with Tor Browser.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #26167 [Applications/Torbutton]: Make Torbutton security settings more customizable

[Tor Bug Tracker & Wiki]

#26167: Make Torbutton security settings more customizable
--+-
 Reporter:  indigotime|  Owner:  (none)
 Type:  enhancement   | Status:  closed
 Priority:  Medium|  Milestone:
Component:  Applications/Torbutton|Version:
 Severity:  Normal| Resolution:  wontfix
 Keywords:  settings, security level  |  Actual Points:
Parent ID:  #20843| Points:
 Reviewer:|Sponsor:
--+-

Comment (by indigotime):

 Replying to [comment:3 arma]:
 > the more options there are, the more distinguishable people become
 This is a false statement.
 The same browser may have different options at different time. In general,
 adding more customizations won't make browser more fingerprintable.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #25578 [Applications/Tor Browser]: Package and distribute Tor Browser using Flatpak

[Tor Bug Tracker & Wiki]

#25578: Package and distribute Tor Browser using Flatpak
--+--
 Reporter:  mjog  |  Owner:  tbb-team
 Type:  enhancement   | Status:  new
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:
 Keywords:|  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+--

Comment (by rugk):

 I'd also +1 this here. As the OP mentioned the added sandbox/isolation
 won't hurt and you can easily distribute it yourself, too. It does not
 have to be on Flathub.

 And Firefox itself is possible to run in flatpak, already. E.g. in
 https://gitlab.gnome.org/gbraad/flatpak-firefox there was some stuff, but
 it seems to be outdated.
 https://firefox-flatpak.mojefedora.cz/ has some working Firefox packages.
 Since Firefox 62 it can also read files from other dirs than "~/Downloads"
 properly, see https://bugzilla.mozilla.org/show_bug.cgi?id=1490186. Thus
 it also does not need "host" permission or so, so files in the user's dir
 are protected.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #26212 [Applications/Tor Browser]: Use digital signature verification to prevent modification of omni.ja

[Tor Bug Tracker & Wiki]

#26212: Use digital signature verification to prevent modification of omni.ja
--+---
 Reporter:  indigotime|  Owner:  tbb-team
 Type:  enhancement   | Status:  needs_information
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:
 Keywords:|  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+---

Comment (by indigotime):

 Replying to [comment:4 gk]:
 > Rather you seem to be worried about an attacker taking one our our
 bundles (e.g. the Linux one), extracting the `omni.ja` files, inserting a
 backdoor and then redistributing that as Tor Browser? Is that reading of
 your bug report correct?
 Yes, that reading of my bug report is correct.

 > And why just the `omni.ja` files because the Firefox binary or any
 library could get corrupted as well serving malware?
 1) It's easier to modify omni.ja JavaScript modules rather than patching
 binaries/DLLs.
 2) For antivirus scanners, it's easier to detect malware in binary files.
 But you're right, DLL's signatures also should be verified at Tor Browser
 startup.

 >And as a side-effect: messing with those files will invalidate the GPG
 signature.
 I assume that many Tor Browser users are often ignorant about GPG
 signatures, and I don't see any way to make them verify those signatures.
 > So, I am not seeing how we win anything by deploying some elaborate
 signature scheme for omni.ja files.
 We can't protect Tor Browser executable from modification, but we can make
 Tor Browser files modification harder.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #28132 [Internal Services/Tor Sysadmin Team]: Add 'linus' to 'adm'

[Tor Bug Tracker & Wiki]

#28132: Add 'linus' to 'adm'
+-
 Reporter:  ln5 |  Owner:  tpa
 Type:  defect  | Status:  new
 Priority:  Medium  |  Component:  Internal Services/Tor Sysadmin Team
  Version:  |   Severity:  Normal
 Keywords:  |  Actual Points:
Parent ID:  | Points:
 Reviewer:  |Sponsor:
+-
 For transparency, here's a ticket asking 'adm' to add 'linus' to the
 group.
 Someone from 'adm' should approve with a PGP-signed message, or simply
 just make the change.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #27896 [Core Tor/Tor]: base32 padding inconsistency between client and server in HS v3 client auth preview

[Tor Bug Tracker & Wiki]

#27896: base32 padding inconsistency between client and server in HS v3 client 
auth
preview
-+
 Reporter:  jchevali |  Owner:  (none)
 Type:  defect   | Status:  needs_information
 Priority:  Medium   |  Milestone:  Tor: unspecified
Component:  Core Tor/Tor |Version:  Tor: 0.3.5.1-alpha
 Severity:  Normal   | Resolution:
 Keywords:  tor-hs, hs-auth  |  Actual Points:
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+

Comment (by jchevali):

 I think I'm starting to question the wisdom of rend-spec-v3.txt, para
 6.1.2, "Tor SHOULD ignore lines it does not recognize."

 Probably the procedure should be, if there aren't otherwise any valid
 lines, unless all invalid lines are comments, assume if there's an invalid
 entry in an .auth file a valid entry was meant and a mistake was made, and
 access should be denied by default instead of being granted by default.

 Because presumably if there were other valid entries access would be
 denied except to those, and failure to parse a further entry would not
 result in unrestricted access.  But where there's only one entry, or a
 bunch of unparseable entries, a failure to parse in this case in practice
 would result in unrestricted access, which perhaps wasn't what was meant.
 In this case probably failure to parse should mean no one gets in, until
 those are corrected.

 On the principle that failure to access a service would be noticed and
 probably soon corrected, but failure to set up security might not get
 noticed, and as a result overall security compromised.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #15949 [Internal Services/Service - git]: Can we migrate internal SVN to a document store, wiki, or set of git repositories?

[Tor Bug Tracker & Wiki]

#15949: Can we migrate internal SVN to a document store, wiki, or set of git
repositories?
-+-
 Reporter:  nickm|  Owner:  tor-gitadm
 Type:  defect   | Status:
 |  needs_information
 Priority:  Medium   |  Milestone:
Component:  Internal Services/Service - git  |Version:
 Severity:  Normal   | Resolution:
 Keywords:   |  Actual Points:
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-

Comment (by hiro):

 This system is used for legal document and other related things. Some of
 the things mentioned in the ticket are handled somewhere else at the
 moment. Not sure we should just close this. Maybe we should move it as a
 service ticket.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #27750 [Core Tor/Tor]: conn_close_if_marked: Non-fatal assertion !(connection_is_writing(conn))

[Tor Bug Tracker & Wiki]

#27750: conn_close_if_marked: Non-fatal assertion !(connection_is_writing(conn))
--+
 Reporter:  dgoulet   |  Owner:  dgoulet
 Type:  defect| Status:
  |  needs_information
 Priority:  Very High |  Milestone:  Tor:
  |  0.3.5.x-final
Component:  Core Tor/Tor  |Version:  Tor: 0.3.4.8
 Severity:  Normal| Resolution:
 Keywords:  regression, assert, 035-must  |  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+

Comment (by udo):

 We still see some bug:


 {{{
 Oct 20 04:05:03.000 [notice] New control connection opened from 127.0.0.1.
 Oct 20 04:10:03.000 [notice] New control connection opened from 127.0.0.1.
 Oct 20 04:12:32.000 [warn] tor_bug_occurred_(): Bug:
 src/core/mainloop/mainloop.c:1022: conn_close_if_marked: Non-fatal
 assertion !(connection_is_reading(conn)) failed. (on Tor 0.3.5.3-alpha )
 Oct 20 04:12:32.000 [warn] Bug: Non-fatal assertion
 !(connection_is_reading(conn)) failed in conn_close_if_marked at
 src/core/mainloop/mainloop.c:1022. Stack trace: (on Tor 0.3.5.3-alpha )
 Oct 20 04:12:32.000 [warn] Bug: /usr/bin/tor(log_backtrace_impl+0x46)
 [0x561eb63d4636] (on Tor 0.3.5.3-alpha )
 Oct 20 04:12:32.000 [warn] Bug: /usr/bin/tor(tor_bug_occurred_+0xc0)
 [0x561eb63cfd30] (on Tor 0.3.5.3-alpha )
 Oct 20 04:12:32.000 [warn] Bug: /usr/bin/tor(+0x68d25)
 [0x561eb624dd25] (on Tor 0.3.5.3-alpha )
 Oct 20 04:12:32.000 [warn] Bug: /lib64/libevent-2.1.so.6(+0x235b1)
 [0x7ff1c8dcf5b1] (on Tor 0.3.5.3-alpha )
 Oct 20 04:12:32.000 [warn] Bug:
 /lib64/libevent-2.1.so.6(event_base_loop+0x537) [0x7ff1c8dcfd47] (on Tor
 0.3.5.3-alpha )
 Oct 20 04:12:32.000 [warn] Bug: /usr/bin/tor(do_main_loop+0xb0)
 [0x561eb624f780] (on Tor 0.3.5.3-alpha )
 Oct 20 04:12:32.000 [warn] Bug: /usr/bin/tor(tor_run_main+0x147f)
 [0x561eb623d56f] (on Tor 0.3.5.3-alpha )
 Oct 20 04:12:32.000 [warn] Bug: /usr/bin/tor(tor_main+0x3a)
 [0x561eb623a7da] (on Tor 0.3.5.3-alpha )
 Oct 20 04:12:32.000 [warn] Bug: /usr/bin/tor(main+0x19)
 [0x561eb623a399] (on Tor 0.3.5.3-alpha )
 Oct 20 04:12:32.000 [warn] Bug:
 /lib64/libc.so.6(__libc_start_main+0xeb) [0x7ff1c734d11b] (on Tor
 0.3.5.3-alpha )
 Oct 20 04:12:32.000 [warn] Bug: /usr/bin/tor(_start+0x2a)
 [0x561eb623a3ea] (on Tor 0.3.5.3-alpha )
 Oct 20 04:12:40.000 [warn] tor_bug_occurred_(): Bug:
 src/core/mainloop/mainloop.c:1022: conn_close_if_marked: Non-fatal
 assertion !(connection_is_reading(conn)) failed. (on Tor 0.3.5.3-alpha )
 Oct 20 04:12:40.000 [warn] Bug: Non-fatal assertion
 !(connection_is_reading(conn)) failed in conn_close_if_marked at
 src/core/mainloop/mainloop.c:1022. Stack trace: (on Tor 0.3.5.3-alpha )
 Oct 20 04:12:40.000 [warn] Bug: /usr/bin/tor(log_backtrace_impl+0x46)
 [0x561eb63d4636] (on Tor 0.3.5.3-alpha )
 Oct 20 04:12:40.000 [warn] Bug: /usr/bin/tor(tor_bug_occurred_+0xc0)
 [0x561eb63cfd30] (on Tor 0.3.5.3-alpha )
 Oct 20 04:12:40.000 [warn] Bug: /usr/bin/tor(+0x68d25)
 [0x561eb624dd25] (on Tor 0.3.5.3-alpha )
 Oct 20 04:12:40.000 [warn] Bug: /lib64/libevent-2.1.so.6(+0x235b1)
 [0x7ff1c8dcf5b1] (on Tor 0.3.5.3-alpha )
 Oct 20 04:12:40.000 [warn] Bug:
 /lib64/libevent-2.1.so.6(event_base_loop+0x537) [0x7ff1c8dcfd47] (on Tor
 0.3.5.3-alpha )
 Oct 20 04:12:40.000 [warn] Bug: /usr/bin/tor(do_main_loop+0xb0)
 [0x561eb624f780] (on Tor 0.3.5.3-alpha )
 Oct 20 04:12:40.000 [warn] Bug: /usr/bin/tor(tor_run_main+0x147f)
 [0x561eb623d56f] (on Tor 0.3.5.3-alpha )
 Oct 20 04:12:40.000 [warn] Bug: /usr/bin/tor(tor_main+0x3a)
 [0x561eb623a7da] (on Tor 0.3.5.3-alpha )
 Oct 20 04:12:40.000 [warn] Bug: /usr/bin/tor(main+0x19)
 [0x561eb623a399] (on Tor 0.3.5.3-alpha )
 Oct 20 04:12:40.000 [warn] Bug:
 /lib64/libc.so.6(__libc_start_main+0xeb) [0x7ff1c734d11b] (on Tor
 0.3.5.3-alpha )
 Oct 20 04:12:40.000 [warn] Bug: /usr/bin/tor(_start+0x2a)
 [0x561eb623a3ea] (on Tor 0.3.5.3-alpha )
 Oct 20 04:12:47.000 [warn] tor_bug_occurred_(): Bug:
 src/core/mainloop/mainloop.c:1022: conn_close_if_marked: Non-fatal
 assertion !(connection_is_reading(conn)) failed. (on Tor 0.3.5.3-alpha )
 Oct 20 04:12:47.000 [warn] Bug: Non-fatal assertion
 !(connection_is_reading(conn)) failed in conn_close_if_marked at
 src/core/mainloop/mainloop.c:1022. Stack trace: (on Tor 0.3.5.3-alpha )
 Oct 20 04:12:47.000 [warn] Bug: /usr/bin/tor(log_backtrace_impl+0x46)
 [0x561eb63d4636] (on Tor 0.3.5.3-alpha )
 Oct 20 04:12:47.000 [warn] Bug: /usr/bin/tor(tor_bug_occurred_+0xc0)
 [0x561eb63cfd30] (on Tor 0.3.5.3-alpha )
 Oct 20 04:12:47.000 [warn] Bug: /usr/bin/tor(+0x68d25)
 

Re: [tor-bugs] #28109 [Community/Tor Support]: envio de directorio

[Tor Bug Tracker & Wiki]

#28109: envio de directorio
---+---
 Reporter:  carlaherrera30 |  Owner:  freered@…
 Type:  defect | Status:  assigned
 Priority:  Medium |  Milestone:
Component:  Community/Tor Support  |Version:
 Severity:  Normal | Resolution:
 Keywords: |  Actual Points:
Parent ID: | Points:
 Reviewer: |Sponsor:
---+---
Changes (by rl1987):

 * component:  - Select a component => Community/Tor Support


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #28067 [Core Tor/Tor]: Annotations should be documented in dir-spec.txt

[Tor Bug Tracker & Wiki]

#28067: Annotations should be documented in dir-spec.txt
--+--
 Reporter:  rl1987|  Owner:  (none)
 Type:  enhancement   | Status:  new
 Priority:  Medium|  Milestone:  Tor: unspecified
Component:  Core Tor/Tor  |Version:
 Severity:  Normal| Resolution:
 Keywords:|  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+--

Comment (by rl1987):

 Perhaps dir-spec.txt should have an appendix that documents the
 annotations?

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs