The Tor Project issueshttps://gitlab.torproject.org/groups/tpo/-/issues2022-04-20T17:33:35Zhttps://gitlab.torproject.org/tpo/web/manual/-/issues/120Create an alpha branch and environment2022-04-20T17:33:35ZGusCreate an alpha branch and environmentFor #119 we will need to push the new documentation for the website, so Duncan and others can make the TB-manual offline version.
This ticket we should create an alpha branch and have a review environment (like we have for l10n).
Or we c...For #119 we will need to push the new documentation for the website, so Duncan and others can make the TB-manual offline version.
This ticket we should create an alpha branch and have a review environment (like we have for l10n).
Or we can use 'staging', but it will deploy to prod if we aren't careful.https://gitlab.torproject.org/tpo/core/torspec/-/issues/116Incorrect (or confusing) documentation of ADD_ONION command2022-04-28T23:01:29ZrichardIncorrect (or confusing) documentation of ADD_ONION commandIn `control-spec.txt`:
Under the `ADD_ONION` section, the `V3Key` value definition ( https://gitlab.torproject.org/tpo/core/torspec/-/blob/main/control-spec.txt#L1808 ) says it is:
>>>
V3Key = The client's base32-encoded ed25519 public...In `control-spec.txt`:
Under the `ADD_ONION` section, the `V3Key` value definition ( https://gitlab.torproject.org/tpo/core/torspec/-/blob/main/control-spec.txt#L1808 ) says it is:
>>>
V3Key = The client's base32-encoded ed25519 public key, using only the key part of rend-spec-v3.txt section G.1.2 (v3 only).
>>>
Some experimentation suggests this is actually supposed to be the base32-encoded x25519 public key counterpart to the base64-encoded x25519 private key given to `ONION_CLIENT_AUTH_ADD`. This would also seem to agree with the reference to `rend-spec-v3.txt` ( https://gitlab.torproject.org/tpo/core/torspec/-/blob/main/rend-spec-v3.txt#L2471 ) which only refers to x25519 keys, not ed25519 keys.richardrichardhttps://gitlab.torproject.org/tpo/anti-censorship/gettor-project/OnionSproutsBot/-/issues/14in-bot documentation2023-01-24T20:38:55Zn0toosein-bot documentationThe bot currently has two options providing some additional documentation about the project.
One of them shows links to alternative software mirrors. The other one explains what Tor is, in a general kind of sense. Considering that this ...The bot currently has two options providing some additional documentation about the project.
One of them shows links to alternative software mirrors. The other one explains what Tor is, in a general kind of sense. Considering that this bot is meant for those that really need it, it may be a good idea to find out how we can relay as much useful information to those people as possible. Bridges? How to stay safe? Additional instructions revolving around deleting the conversations? Allowing people to browse the entire documentation available on the web?n0toosen0toosehttps://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/40129Distributed Snowflake Server Support2024-02-28T14:02:57ZshelikhooDistributed Snowflake Server SupportWe are currently working on making Snowflake more [distrubuted](https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/28651#note_2787394). And this ticket will be used to track the progress of implemen...We are currently working on making Snowflake more [distrubuted](https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/28651#note_2787394). And this ticket will be used to track the progress of implementing the proposal made in the respective ticket.
- [x] Implementing Client Bridge Fingerprint Indication [MR](https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/merge_requests/81)
- [x] Implementing Bridge List Definition Parser
- [x] Implementing Relay Host Name Pattern Matcher
- [x] Implementing Proxy(forwarder) Distributed Snowflake Server Support Indication Messaging Format Support
- [x] Implementing Broker Relay URL Indication to Proxy(forwarder)
- [x] Implementing Proxy(forwarder) Custom Relay URL Support
- [x] Implementing Proxy(forwarder) Custom Relay URL Hostname Pattern Matching Guard
- [x] Implementing Proxy(forwarder) Side Allowed Relay Hostname Pattern Indication
- [x] Creating Testing Environment for Distributed Snowflake Server
- [x] Implementing Broker Side Allowed Relay Hostname Pattern Indication Rejection for Proxy
- [x] Implementing Broker Side Allowed Relay Hostname Pattern Indication Rejection for Proxy - Better Error Message
- [x] Make sure legacy client will still work
- [x] Make sure legacy client config on new client will still work
- [x] Make sure legacy proxy will still work(to a limited degree)
- [x] Add Metrics for Proxy Relay URL Extension Support Status.
- [ ] Implementing Broker Side Allowed Relay Hostname Pattern Indication Rejection for Server
- [x] Implementing Web Proxy(forwarder) Custom Relay URL Support
- [x] Implementing Web Proxy(forwarder) Custom Relay URL Hostname Pattern Matching Guard
- [x] Implementing Web Proxy(forwarder) Side Allowed Relay Hostname Pattern Indication
- [ ] Implementing Web Proxy(forwarder) Relay URL Hostname Pattern UI
- [ ] User Document for Distributed Snowflake Server - Proxy Operators
- [ ] User Document for Distributed Snowflake Server - Client Users
- [x] Setup a Second Snowflake Bridge
### WIP Branch ###
Distributed Snowflake Testing Environment: https://github.com/xiaokangwang/snowflake-mu-docker
Distributed Snowflake: https://gitlab.torproject.org/shelikhoo/snowflake/-/commits/dev-mubrokershelikhooshelikhoohttps://gitlab.torproject.org/tpo/community/l10n/-/issues/40065add screenshots to transifex for new Tor Browser UI2022-09-29T15:47:43Zemmapeeladd screenshots to transifex for new Tor Browser UIthere are many changes for the next release, and new strings to translate.
- [x] pieroV has already given me the screenshots
- [ ] i need to add them to transifex and
- [ ] map all the stringsthere are many changes for the next release, and new strings to translate.
- [x] pieroV has already given me the screenshots
- [ ] i need to add them to transifex and
- [ ] map all the stringsemmapeelemmapeelhttps://gitlab.torproject.org/tpo/community/l10n/-/issues/40064update docs with new user requirement for previews2022-10-03T09:35:53Zemmapeelupdate docs with new user requirement for previewsnow you need to add a user and an empty password to see the language previews.
i need to document this.now you need to add a user and an empty password to see the language previews.
i need to document this.emmapeelemmapeelhttps://gitlab.torproject.org/tpo/onion-services/onion-support/-/issues/64Organize documentation about Onion Services UX improvements2022-11-02T17:51:03ZSilvio RhattoOrganize documentation about Onion Services UX improvements* [x] Compile existing proposals related to Onion Services usability.
* [x] Merge wiki pages/discussions in a single, canonical place.
* [x] Organize and summarize.
* [x] Discuss how proposals can be compared.
* [x] Discuss how proposals...* [x] Compile existing proposals related to Onion Services usability.
* [x] Merge wiki pages/discussions in a single, canonical place.
* [x] Organize and summarize.
* [x] Discuss how proposals can be compared.
* [x] Discuss how proposals can be combined in incremental roadmaps.Sponsor 123: Tor Secure Access Package for USAGM [First Phase]Silvio RhattoSilvio Rhatto2022-10-31https://gitlab.torproject.org/tpo/network-health/metrics/website/-/issues/40044Update BridgeDB's Bridge Pool Assignments documentation2022-09-05T16:56:14ZGeorg KoppenUpdate BridgeDB's Bridge Pool Assignments documentationLooking over a recent bridge pool assignment file one can see:
```
005fd4d7decbb250055b861579e6fdc79ad17bee email transport=obfs4 ip=4 blocklist=ru
00782946f4c54ce1d028f21e541ef8440ecaa0ee settings ip=4 blocklist=ru
00a4295a8477453d6afe1...Looking over a recent bridge pool assignment file one can see:
```
005fd4d7decbb250055b861579e6fdc79ad17bee email transport=obfs4 ip=4 blocklist=ru
00782946f4c54ce1d028f21e541ef8440ecaa0ee settings ip=4 blocklist=ru
00a4295a8477453d6afe1ca4c2f19e3708e63fc4 email ip=4
00afd5ca2f89305b89171450cf34f247858f14e8 settings transport=obfs4 ip=4 blocklist=ru
00e1ae6cb75e47e363e6aef9f67a49c0e854fde7 moat transport=obfs4 ip=4
00e6f1d633d4e29db31f43d1e6e3e928e5c1810d moat transport=obfs4 ip=4 blocklist=ru
0110a6cf41a07637808fff79c0783ff37462b525 email ip=4 blocklist=ru
01292375ae04f41e7453d8e85df446c22a8d7101 settings ip=4 port=443 blocklist=ru
01341c9b4bc01b3a11e80a645a0bde45db02f04b moat transport=obfs4 ip=4
01436ef5b118fd95004a75f4616a6094d4aa4748 moat transport=obfs4 ip=4
0145c4524211a250519864627e4ae31eecccd39f moat transport=obfs4 ip=4
01520c1bb2c46bf0f54969b71217be04c1f8eb58 telegram transport=obfs4 ip=4 port=443
```
. However, our website does not know anything about `settings` or `telegram` or `ip` or `blocklist` or `transport` etc.https://gitlab.torproject.org/tpo/core/team/-/issues/25Build static website for arti.torproject.org2022-03-20T22:18:48ZAlexander Færøyahf@torproject.orgBuild static website for arti.torproject.orgAs part of building some hype and creating a good, early, developer experience story for the Arti project we need to setup a static website for it.
This page will be used to post news and updates about the project in a way such that peo...As part of building some hype and creating a good, early, developer experience story for the Arti project we need to setup a static website for it.
This page will be used to post news and updates about the project in a way such that people who are ONLY interested in Arti/Rust Tor development wont have to scout for the information in our general news streams.
The website should have the following functionality:
- A simple news/blog page, where people can contribute articles about Arti. Code syntax highlighting and maybe maths would be nice to have. RSS/Atom a plus.
- A page about "Getting involved" with information on how to contribute via Tor's Gitlab.
- Information about our communication forms: IRC/Matrix and Mailing Lists.
- API documentation for all Arti crates (like on src-ref today).
- Technical documentation that isn't API documentation: "How do I build Arti on FreeBSD/whatever", "How do I integrate Arti in my cool new Android app".
Ideally, everything should be using Markdown where possible so most people wont have to think about HTML/CSS things.Alexander Færøyahf@torproject.orgAlexander Færøyahf@torproject.orghttps://gitlab.torproject.org/tpo/web/support/-/issues/296Discourage VPN usage when running a snowflake proxy2024-02-27T13:16:51ZGusDiscourage VPN usage when running a snowflake proxyFeedback from the [Tor forum](https://forum.torproject.net/t/discourage-vpn-usage-when-running-a-snowflake-proxy/2408):
"For instance just a simple sentence like “Due to censorship of VPN servers in some countries, we kindly ask you to...Feedback from the [Tor forum](https://forum.torproject.net/t/discourage-vpn-usage-when-running-a-snowflake-proxy/2408):
"For instance just a simple sentence like “Due to censorship of VPN servers in some countries, we kindly ask you to not run a snowflake proxy while connected to a VPN”."
We could add this sentence here:
https://support.torproject.org/censorship/how-to-help-running-snowflake/Sponsor 96: Rapid Expansion of Access to the Uncensored Internet through Tor in China, Hong Kong, & Tibethttps://gitlab.torproject.org/tpo/network-health/team/-/issues/201Create bandwidth authority specification2023-12-11T09:56:45ZGeorg KoppenCreate bandwidth authority specificationWe have:
* https://research.torproject.org/techreports/torflow-2009-08-07.pdf
* https://gitlab.torproject.org/tpo/network-health/torflow/-/blob/main/NetworkScanners/BwAuthority/README.spec.txt
* https://gitlab.torproject.org/tpo/network...We have:
* https://research.torproject.org/techreports/torflow-2009-08-07.pdf
* https://gitlab.torproject.org/tpo/network-health/torflow/-/blob/main/NetworkScanners/BwAuthority/README.spec.txt
* https://gitlab.torproject.org/tpo/network-health/torflow/-/blob/main/NetworkScanners/BwAuthority/README.BwAuthorities
* https://gitlab.torproject.org/tpo/network-health/torflow/-/blob/main/README
* https://gitlab.torproject.org/tpo/core/torspec/-/blob/main/bandwidth-file-spec.txt
We should create a single "bandwidth authority spec" including data from those documents and the current implementations.jugajugahttps://gitlab.torproject.org/tpo/network-health/team/-/issues/199Clarify the bandwidth authority spec to include client and server/service paths2022-03-11T18:19:35ZteorClarify the bandwidth authority spec to include client and server/service pathsIt's unclear whether the "average stream capacity regardless of path" includes the path from the client to the entry, and the exit to the internet server. Pragmatically, in the current design, it has to include client and internet server...It's unclear whether the "average stream capacity regardless of path" includes the path from the client to the entry, and the exit to the internet server. Pragmatically, in the current design, it has to include client and internet server. (Or, in the case of onion services, client and service.)
I don't know if this affects our design at all, but it should be clarified in the spec.https://gitlab.torproject.org/tpo/web/support/-/issues/292Add a page/FAQ about bad Tor Browsers2022-06-02T20:38:03ZPier Angelo VendrameAdd a page/FAQ about bad Tor BrowsersWe are reviewing Tor Browser docs, and we would like to have this page about [fake Tor Browser](https://gitlab.torproject.org/tpo/applications/tor-browser/-/wikis/Bad_TorBrowsers) moved to support pages.
We think that users are not like...We are reviewing Tor Browser docs, and we would like to have this page about [fake Tor Browser](https://gitlab.torproject.org/tpo/applications/tor-browser/-/wikis/Bad_TorBrowsers) moved to support pages.
We think that users are not likely finding it in the TB Wiki.
I think it would be worth telling also that Chrome extensions that route traffic through Tor are not as good as Tor Browser because they do not help in decreasing fingerprinting.GusGushttps://gitlab.torproject.org/tpo/network-health/onbasca/-/issues/109Decide what labels to use for this project2022-03-16T07:03:55ZjugaDecide what labels to use for this projectonbasca: 1.0https://gitlab.torproject.org/tpo/applications/tor-browser-spec/-/issues/40026FF99 Audit2022-10-25T22:48:05ZaguestuserFF99 Audit# General
The audit begins at the commit hash where the previous audit ended. Use code_audit.sh for creating the diff and highlighting potentially problematic code. The audit is scoped to a specific language (currently C/C++, Rust, Java...# General
The audit begins at the commit hash where the previous audit ended. Use code_audit.sh for creating the diff and highlighting potentially problematic code. The audit is scoped to a specific language (currently C/C++, Rust, Java/Kotlin, and Javascript).
The output includes the entire patch where the new problematic code was introduced. Search for `XXX MATCH XXX` to find the next potential violation.
`code_audit.sh` contains the list of known problematic APIs. New usage of these functions are documented and analyzed in this audit.
## Firefox: https://github.com/mozilla/gecko-dev.git
- Start: `99300ebd4a4a6440b6a11a80108f1ed6d867cdb4` ( `FIREFOX_RELEASE_99_BASE` )
- End: `cd4dcd48476d8cb29f4770f6fb659e440ff84345` ( `FIREFOX_RELEASE_100_BASE` )
### Languages:
- [x] java
- [x] cpp
- [x] js
- [x] rust
Nothing of interest (using `code_audit.sh`)
---
## Application Services: https://github.com/mozilla/application-services.git
- Start: `1fcdb5984be6e0cc460d00cde44c49b7e3ac1ec6` ( `v92.0.0` )
- End: `21f2904245a956366cae798e16035156c8232cad` ( `v93.0.2` )
### Languages:
- [x] java
- [x] cpp
- [x] js
- [x] rust
Nothing of interest (using `code_audit.sh`)
## Android Components: https://github.com/mozilla-mobile/android-components.git
- Start: `4154c161f0949fdf3e94780c8b5ac360722e909c` ( `v99.0.0` )
- End: `2cf4dbe50f6810d373aeb550e722fabfc6816f56` ( `v99.0.10` )
### Languages:
- [x] java
- [x] cpp
- [x] js
- [x] rust
Nothing of interest (using `code_audit.sh`)
## Fenix: https://github.com/mozilla-mobile/fenix.git
- Start: `f4a5a4e471d17be791d73fddc63ebdfb734368e4` ( `v99.0.0-beta.1` )
- End: `2421d3731e49faf5e2b9d3d4aa41bdbf3e81459a` ( `releases_v99.0.0` )
### Languages:
- [x] java
- [x] cpp
- [x] js
- [x] rust
Nothing of interest (using `code_audit.sh`)
## Ticket Review ##
### 99 https://bugzilla.mozilla.org/buglist.cgi?query_format=advanced&resolution=FIXED&target_milestone=99%20Branch&order=priority%2Cbug_severity&limit=0
- https://bugzilla.mozilla.org/show_bug.cgi?id=1755354 @dan https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41138
- https://bugzilla.mozilla.org/show_bug.cgi?id=1637922 @richard https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41139
- https://bugzilla.mozilla.org/show_bug.cgi?id=1751366 @ma1 https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41140
- https://bugzilla.mozilla.org/show_bug.cgi?id=1675054 @dan https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41141
Nothing of interest (manual inspection)
**OR** (foreach)**
### foreach PROBLEMATIC_TICKET:
#### $(PROBLEMATIC_TICKET)
- Summary
- Review Result: (SAFE|BAD)
## Regression/Prior Vuln Review ##
Review proxy bypass bugs; check for new vectors to look for:
- https://gitlab.torproject.org/groups/tpo/applications/-/issues?scope=all&utf8=%E2%9C%93&state=opened&label_name[]=Proxy%20Bypass
- Look for new features like these. Especially external app launch vectors
## Export
- [ ] Export Report and save to `tor-browser-spec/audits`Sponsor 131 - Phase 3 - Major ESR 102 Migrationrichardrichardhttps://gitlab.torproject.org/tpo/applications/tor-browser-spec/-/issues/40025FF98 Audit2022-10-24T20:33:26ZaguestuserFF98 Audit# General
The audit begins at the commit hash where the previous audit ended. Use code_audit.sh for creating the diff and highlighting potentially problematic code. The audit is scoped to a specific language (currently C/C++, Rust, Java...# General
The audit begins at the commit hash where the previous audit ended. Use code_audit.sh for creating the diff and highlighting potentially problematic code. The audit is scoped to a specific language (currently C/C++, Rust, Java/Kotlin, and Javascript).
The output includes the entire patch where the new problematic code was introduced. Search for `XXX MATCH XXX` to find the next potential violation.
`code_audit.sh` contains the list of known problematic APIs. New usage of these functions are documented and analyzed in this audit.
## Firefox: https://github.com/mozilla/gecko-dev.git
- Start: `82764d45153d175f4686ead7aac977810fe1fd1b` ( `FIREFOX_RELEASE_98_BASE` )
- End: `99300ebd4a4a6440b6a11a80108f1ed6d867cdb4` ( `FIREFOX_RELEASE_99_BASE` )
### Languages:
- [x] java
- [x] cpp
- [x] js
- [x] rust
Nothing of interest (using `code_audit.sh`)
---
## Application Services: https://github.com/mozilla/application-services.git
- Start: `17942945873cdb8be56a9316d3cb8a611b3ef321` ( `v91.1.0` )
- End: `1fcdb5984be6e0cc460d00cde44c49b7e3ac1ec6` ( `v92.0.0` )
### Languages:
- [x] java
- [x] cpp
- [x] js
- [x] rust
Nothing of interest (using `code_audit.sh`)
## Android Components: https://github.com/mozilla-mobile/android-components.git
- Start: `6f6ed0ca80410e42e8781bcf856e686ecbff2f63` ( `v98.0.0` )
- End: `a31f2c481a7e220ca87affd8cd88fcb42b1624c1` ( `v98.0.13` )
### Languages:
- [x] java
- [x] cpp
- [x] js
- [x] rust
Nothing of interest (using `code_audit.sh`)
## Fenix: https://github.com/mozilla-mobile/fenix.git
- Start: `6c290430adc9af36e5123a78360a602bb5509c6c` ( `v98.0.0-beta.1` )
- End: `0df2c648ab38682569e823b2140b945a0d7d6a9b` ( `releases_v98.0.0` )
### Languages:
- [x] java
- [x] cpp
- [x] js
- [x] rust
Nothing of interest (using `code_audit.sh`)
## Ticket Review ##
### 98 https://bugzilla.mozilla.org/buglist.cgi?query_format=advanced&resolution=FIXED&target_milestone=98%20Branch&order=priority%2Cbug_severity&limit=0
- https://bugzilla.mozilla.org/show_bug.cgi?id=1749501 : @ma1 https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41134
- https://bugzilla.mozilla.org/show_bug.cgi?id=1749323 : @dan https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41135
- https://bugzilla.mozilla.org/show_bug.cgi?id=1749635 : @pierov https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41136
- https://bugzilla.mozilla.org/show_bug.cgi?id=1751170 : @pierov https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41137
Nothing of interest (manual inspection)
**OR** (foreach)**
### foreach PROBLEMATIC_TICKET:
#### $(PROBLEMATIC_TICKET)
- Summary
- Review Result: (SAFE|BAD)
## Regression/Prior Vuln Review ##
Review proxy bypass bugs; check for new vectors to look for:
- https://gitlab.torproject.org/groups/tpo/applications/-/issues?scope=all&utf8=%E2%9C%93&state=opened&label_name[]=Proxy%20Bypass
- Look for new features like these. Especially external app launch vectors
## Export
- [ ] Export Report and save to `tor-browser-spec/audits`Sponsor 131 - Phase 3 - Major ESR 102 Migrationrichardrichardhttps://gitlab.torproject.org/tpo/applications/tor-browser-spec/-/issues/40024FF96 Audit2022-10-24T20:28:29ZaguestuserFF96 Audit# General
The audit begins at the commit hash where the previous audit ended. Use code_audit.sh for creating the diff and highlighting potentially problematic code. The audit is scoped to a specific language (currently C/C++, Rust, Java...# General
The audit begins at the commit hash where the previous audit ended. Use code_audit.sh for creating the diff and highlighting potentially problematic code. The audit is scoped to a specific language (currently C/C++, Rust, Java/Kotlin, and Javascript).
The output includes the entire patch where the new problematic code was introduced. Search for `XXX MATCH XXX` to find the next potential violation.
`code_audit.sh` contains the list of known problematic APIs. New usage of these functions are documented and analyzed in this audit.
## Firefox: https://github.com/mozilla/gecko-dev.git
- Start: `6a277ae5bdf6554793cd0da292a9c9ea804b4ed9` ( `FIREFOX_RELEASE_96_BASE` )
- End: `e6b83e1727b7e9a6847e6e15bdb935d9937099e4` ( `FIREFOX_RELEASE_97_BASE` )
### Languages:
- [x] java
- [x] cpp
- [x] js
- [x] rust
#### e88ab3dace9ad1c671c6c37a5aa1a3652e754544
- Some windows proxy stuff we need to check
- Review Result: (SAFE|BAD)
---
## Application Services: https://github.com/mozilla/application-services.git
- Start: `5ceeb43598871a7d8550acc574a6a3fb93803ad7` ( `v87.3.0` )
- End: `df53ad867be7d79899e05797533cd624f1eeb2a2` ( `v90.0.1` )
### Languages:
- [x] java
- [x] cpp
- [x] js
- [x] rust
Nothing of interest (using `code_audit.sh`)
## Android Components: https://github.com/mozilla-mobile/android-components.git
- Start: `ea5bd2687c9b64245ea8e3cdcb84faa5d87d540a` ( `v96.0.0` )
- End: `0178a6fde98fa8c76885d67a2362f2ca310b67fd` ( `v96.0.15` )
### Languages:
- [x] java
- [x] cpp
- [x] js
- [x] rust
Nothing of interest (using `code_audit.sh`)
**OR**
## Fenix: https://github.com/mozilla-mobile/fenix.git
- Start: `a7afdb776ca202bf5eafc29d6a84f047c1609e0f` ( `v96.0.0-beta.1` )
- End: `abe11c163d14fab17bdcf8aebbef2de2a3360032` ( `releases_v96.0.0` )
### Languages:
- [x] java
- [x] cpp
- [x] js
- [x] rust
Nothing of interest (using `code_audit.sh`)
**OR**
## Ticket Review ##
### Review List
#### 96 https://bugzilla.mozilla.org/buglist.cgi?query_format=advanced&resolution=FIXED&target_milestone=96%20Branch&order=priority%2Cbug_severity&limit=0
- https://bugzilla.mozilla.org/show_bug.cgi?id=1740840 : @ma1 https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41129
### foreach PROBLEMATIC_TICKET:
#### $(PROBLEMATIC_TICKET)
- Summary
- Review Result: (SAFE|BAD)
## Regression/Prior Vuln Review ##
Review proxy bypass bugs; check for new vectors to look for:
- https://gitlab.torproject.org/groups/tpo/applications/-/issues?scope=all&utf8=%E2%9C%93&state=opened&label_name[]=Proxy%20Bypass
- Look for new features like these. Especially external app launch vectors
## Export
- [x] Export Report and save to `tor-browser-spec/audits`Sponsor 131 - Phase 3 - Major ESR 102 Migrationrichardrichardhttps://gitlab.torproject.org/tpo/applications/tor-browser-spec/-/issues/40023FF94 Audit2022-10-12T20:13:07ZaguestuserFF94 Audit# General
The audit begins at the commit hash where the previous audit ended. Use code_audit.sh for creating the diff and highlighting potentially problematic code. The audit is scoped to a specific language (currently C/C++, Rust, Java...# General
The audit begins at the commit hash where the previous audit ended. Use code_audit.sh for creating the diff and highlighting potentially problematic code. The audit is scoped to a specific language (currently C/C++, Rust, Java/Kotlin, and Javascript).
The output includes the entire patch where the new problematic code was introduced. Search for `XXX MATCH XXX` to find the next potential violation.
code_audit.sh contains the list of known problematic APIs. New usage of these functions are documented and analyzed in this audit.
## Firefox
### Repo: https://github.com/mozilla/gecko-dev.git
- Start: `5f4358c1c5bc2ca87d60eadebeab439562c90495` ( `FIREFOX_RELEASE_94_BASE` )
- End: `6c9b6e1483551f220cd409e4e584349bc74a8231` ( `FIREFOX_RELEASE_95_BASE` )
### Languages:
- [x] java
- [x] cpp
- [x] js
- [x] rust
Nothing of interest (using `code_audit.sh`)
(mostly) only tests triggered matches or false positives
---
## Application Services
### Repo: https://github.com/mozilla/application-services.git
- Start: `b1f371719ca20db642b64a0e860b4ecb0aaf316f` ( v86.1.0 )
- End: `df1a47fde89f49201b1e839f960e8f16eb95a55d` ( v87.1.0 )
### Languages:
- [x] java
- [x] cpp
- [x] js
- [x] rust
## Android Components
### Repo: https://github.com/mozilla-mobile/android-components.git
- Start: `fce7eb5cff2d56acd3195bf1d9a89386c63dc3d5` ( `v94.0.0` )
- End: `28c1b7db40105dcaea09caa0b5108554a83959cd` ( `v94.0.15` )
### Languages:
- [x] java
- [x] cpp
- [x] js
- [x] rust
Nothing of interest (using `code_audit.sh`)
## Fenix
### Repo: https://github.com/mozilla-mobile/fenix.git
- Start: 54d80751bfc9a4aa4341e78221060940a36e3d17 ( v94.0.0-beta.1 )
- End: cb5708f88847601426833067f93d16d25d36451f ( v94.1.2 )
### Languages:
- [x] java
- [x] cpp
- [x] js
- [x] rust
Nothing of interest (using `code_audit.sh`)
## Ticket Review ##
### Review List
#### 94 https://bugzilla.mozilla.org/buglist.cgi?query_format=advanced&resolution=FIXED&target_milestone=94%20Branch&order=priority%2Cbug_severity&limit=0
- https://bugzilla.mozilla.org/show_bug.cgi?id=1730418 : @ma1 https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41123
- https://bugzilla.mozilla.org/show_bug.cgi?id=1732388: @dan https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41124
## Regression/Prior Vuln Review ##
Review proxy bypass bugs; check for new vectors to look for:
- https://gitlab.torproject.org/groups/tpo/applications/-/issues?scope=all&utf8=%E2%9C%93&state=opened&label_name[]=Proxy%20Bypass
- Look for new features like these. Especially external app launch vectorsSponsor 131 - Phase 3 - Major ESR 102 Migrationrichardrichardhttps://gitlab.torproject.org/tpo/network-health/onbasca/-/issues/107Move all or part of the documentation about Tor and the bandwidth scanner2023-12-11T09:51:28ZjugaMove all or part of the documentation about Tor and the bandwidth scannerI've writing documentation in https://onbasca.readthedocs.io/ that i didn't know where else could go.
Some of it might be useful only for me but some might be useful for other people and should be in Tor project domain.I've writing documentation in https://onbasca.readthedocs.io/ that i didn't know where else could go.
Some of it might be useful only for me but some might be useful for other people and should be in Tor project domain.jugajugahttps://gitlab.torproject.org/tpo/web/community/-/issues/260dead link in fedora bridge setup guide2022-06-03T17:58:29Ztrinity-1686adead link in fedora bridge setup guidesomeone on IRC reported [the link here](https://gitlab.torproject.org/tpo/web/community/-/blob/main/content/relay/setup/bridge/fedora/contents.lr#L12) points to [nothing](https://community.torproject.org/relay/setup/bridge/fedora/updates...someone on IRC reported [the link here](https://gitlab.torproject.org/tpo/web/community/-/blob/main/content/relay/setup/bridge/fedora/contents.lr#L12) points to [nothing](https://community.torproject.org/relay/setup/bridge/fedora/updates).
A correct target could be [`/relay/setup/guard/fedora/updates/`](https://community.torproject.org/relay/setup/guard/fedora/updates/)