The Tor Project issueshttps://gitlab.torproject.org/groups/tpo/-/issues2022-02-07T19:38:32Zhttps://gitlab.torproject.org/tpo/core/tor/-/issues/20986Gracefully handle build configurations on systems without AsciiDoc2022-02-07T19:38:32ZcypherpunksGracefully handle build configurations on systems without AsciiDocOn systems without AsciiDoc the build configuration aborts telling users to pass `--disable-asciidoc`. This requires users to restart the build configuration which is annoying.
Instead the build configuration should handle these cases g...On systems without AsciiDoc the build configuration aborts telling users to pass `--disable-asciidoc`. This requires users to restart the build configuration which is annoying.
Instead the build configuration should handle these cases gracefully and show a message without aborting the configuration. In these cases i would also show a less verbose message and change it to something similar to systems without Python, see https://gitweb.torproject.org/tor.git/tree/configure.ac?id=4098bfa26073551fe3f525ada7fc9079a49fd4bb#n218.https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/20772src="data:&lt;;base64 images rendered when "Show images"="Blocked"2023-01-05T17:04:10Zcypherpunkssrc="data:<;base64 images rendered when "Show images"="Blocked"Any webpages (e.g. ht tp://defensivepatentlicense.org/) that use base64 encoding thwart people's disabling of images.
Due to there not being enough software writers to go around, TBB and its derivatives e.f. Orfox(ht tps://dev.guardianpr...Any webpages (e.g. ht tp://defensivepatentlicense.org/) that use base64 encoding thwart people's disabling of images.
Due to there not being enough software writers to go around, TBB and its derivatives e.f. Orfox(ht tps://dev.guardianproject.info/issues/8039) often leave remote code execution vulnerabilities in the image parser.
Disabling images would protect against this vector of infection, but they can't be disabled. Due to the almost identical codebase for everything but the menus and window borders, I think that this is likely a bug in the TBb source code rather than in the tiny delta that is Orfox.https://gitlab.torproject.org/tpo/core/chutney/-/issues/20068Chutney tests for IPv6-only bridge clients2021-11-15T16:54:04ZteorChutney tests for IPv6-only bridge clientsI think this is working already, but we should check that chutney bridge clients are using IPv6, and not falling back to IPv4.I think this is working already, but we should check that chutney bridge clients are using IPv6, and not falling back to IPv4.https://gitlab.torproject.org/tpo/core/tor/-/issues/19853ServerDNSAllowNonRFC953Hostnames affects clients, and AllowNonRFC953Hostnames...2022-02-07T19:38:32ZteorServerDNSAllowNonRFC953Hostnames affects clients, and AllowNonRFC953Hostnames affects serversIt looks like the code and man page entry for ServerDNSAllowNonRFC953Hostnames was copied straight from AllowNonRFC953Hostnames, which is the equivalent client option.
I think this is ok as-is, because even though both options affect bo...It looks like the code and man page entry for ServerDNSAllowNonRFC953Hostnames was copied straight from AllowNonRFC953Hostnames, which is the equivalent client option.
I think this is ok as-is, because even though both options affect both client and server, tor instances typically only run as clients or servers, not both.
However, the manual page entries could be updated to clarify that the options are synonyms, and affect both clients and exits.https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/19741favicon in searchbar popup uses catchall circuit2023-01-05T17:03:13ZArthur Edelsteinfavicon in searchbar popup uses catchall circuitTo reproduce:
* Set "torbutton.loglevel" to 3.
* Enter the word "test" in the searchbar. Click on the DuckDuckGo icon in the popup menu below to cause a search for "test" to be performed on DuckDuckGo. After the search is performed, a g...To reproduce:
* Set "torbutton.loglevel" to 3.
* Enter the word "test" in the searchbar. Click on the DuckDuckGo icon in the popup menu below to cause a search for "test" to be performed on DuckDuckGo. After the search is performed, a green "plus" symbol appears on the searchbar magnifying glass icon.
* Open the browser console, and clear it.
* Click on the searchbar again. An additional menu item appears, which contains the text `Add "DuckDuckGo (HTML)"` and a DuckDuckGo favicon.
* Examine the browser console. Log messages should appear as follows:
```
[07-22 22:38:01] Torbutton INFO: tor SOCKS: http://3g2upl4pq6kufc4m.onion/favicon.ico via --NoFirstPartyHost-chrome-browser.xul--:9bb8a61534faf1f952647a3537560fb0
GET
http://3g2upl4pq6kufc4m.onion/favicon.ico [HTTP/1.1 200 OK 0ms]
getFirstPartyURI failed for chrome://browser/content/browser.xul: 0x80070057
[07-22 22:38:02] Torbutton INFO: controlPort >> 650 STREAM 264 NEW 0 3g2upl4pq6kufc4m.onion:80 SOURCE_ADDR=127.0.0.1:52895 PURPOSE=USER
[07-22 22:38:02] Torbutton INFO: controlPort >> 650 STREAM 264 SENTCONNECT 15 3g2upl4pq6kufc4m.onion:80
getFirstPartyURI failed for chrome://browser/content/browser.xul: 0x80070057
[07-22 22:38:02] Torbutton INFO: controlPort >> 650 STREAM 264 SUCCEEDED 15 3g2upl4pq6kufc4m.onion:80
```
should be visible. I believe these messages are caused by
So it appears that the favicon display inside "add-engines" vbox of the search popup is being sent over the catchall circuit.https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/19181Firefox >= 48 ships with an ICU pre-compiled blob2023-01-05T14:10:02ZGeorg KoppenFirefox >= 48 ships with an ICU pre-compiled blobIn https://bugzilla.mozilla.org/show_bug.cgi?id=1239083 Mozilla implemented build changes that resulted in an ICU related binary being shipped in the source tree. It is a pre-compiled thing to avoid generating it twice e.g. in a cross-co...In https://bugzilla.mozilla.org/show_bug.cgi?id=1239083 Mozilla implemented build changes that resulted in an ICU related binary being shipped in the source tree. It is a pre-compiled thing to avoid generating it twice e.g. in a cross-compilation scenario. We should investigate whether we want to ship that blob.https://gitlab.torproject.org/tpo/core/chutney/-/issues/19019When chutney fails because of ports, tell the user2021-11-15T16:53:51ZteorWhen chutney fails because of ports, tell the userChutney can fail because old tors (or other processes) are already occupying the ports it wants to use.
We should make this more obvious, so developers don't blame tor code.Chutney can fail because old tors (or other processes) are already occupying the ports it wants to use.
We should make this more obvious, so developers don't blame tor code.https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/18866Rip mozTCPSocket out of Tor Browser2023-01-05T16:06:48ZGeorg KoppenRip mozTCPSocket out of Tor BrowserIn legacy/trac#18863 we disabled the usage of mozTCPSocket per preference. We might want to rip out that code as a defense in depth.In legacy/trac#18863 we disabled the usage of mozTCPSocket per preference. We might want to rip out that code as a defense in depth.https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/18813Tor Browser breaks rendering of fonts in applications launched from Tor Browser2022-11-30T16:47:36ZadrelanosTor Browser breaks rendering of fonts in applications launched from Tor BrowserTor Browser adds few additional environment variables which breaks `kdialog` and likely other applications also:
```
FONTCONFIG_PATH=/home/user/tor-browser_en-US/Browser/TorBrowser/Data/fontconfig
LD_LIBRARY_PATH=/home/user/tor-browser_...Tor Browser adds few additional environment variables which breaks `kdialog` and likely other applications also:
```
FONTCONFIG_PATH=/home/user/tor-browser_en-US/Browser/TorBrowser/Data/fontconfig
LD_LIBRARY_PATH=/home/user/tor-browser_en-US/Browser/TorBrowser/Tor/
```
screenshot:
https://i.imgur.com/1ItY3jR.png
([This issue was originally reported against QubesOS.](https://github.com/QubesOS/qubes-issues/issues/1892))
Perhaps do not modify environment variables for applications launched from Tor Browser?https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/18780Windows' numeric keyboard characters enter doesn't work.2022-11-29T13:53:49ZTracWindows' numeric keyboard characters enter doesn't work.Just tried to enter some extended characters into textarea using numeric keyboard as Windows allows it: pressing left Alt and typing char code, like: Alt-0151 enters m-dash, Alt-0171 for left double arrow quote, Alt-0187 for right quote,...Just tried to enter some extended characters into textarea using numeric keyboard as Windows allows it: pressing left Alt and typing char code, like: Alt-0151 enters m-dash, Alt-0171 for left double arrow quote, Alt-0187 for right quote, etc. No character appeared. But typing into location field does actually work, and I can type those chars in there and paste them into text fields and textareas in pages opened in TB.
Is this an intentional measure or a bug? Found two tickets possibly related to this: legacy/trac#16678, legacy/trac#15646.
OS: Windows 8
Tor Browser: 5.5.4
**Trac**:
**Username**: Unchquahttps://gitlab.torproject.org/tpo/core/tor/-/issues/18321Exclude our own vote from the consensus if we think our own vote is invalid2022-02-07T19:39:17ZteorExclude our own vote from the consensus if we think our own vote is invalidWe're creating a vote that is invalid, but try to make a consensus anyway like nothing's wrong. Then we fail doing that as described above.We're creating a vote that is invalid, but try to make a consensus anyway like nothing's wrong. Then we fail doing that as described above.https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/18166TBB continuously updates its Custom Destinations file on Win72022-07-12T21:06:29ZbugzillaTBB continuously updates its Custom Destinations file on Win7TBB continuously updates its Custom Destinations (def.: https://blogs.microsoft.co.il/sasha/2009/02/24/windows-7-taskbar-custom-destinations/) file (in **%appdata%\Microsoft\Windows\Recent**) on Win7.
Example: https://chromium-build-logs...TBB continuously updates its Custom Destinations (def.: https://blogs.microsoft.co.il/sasha/2009/02/24/windows-7-taskbar-custom-destinations/) file (in **%appdata%\Microsoft\Windows\Recent**) on Win7.
Example: https://chromium-build-logs.appspot.com/viewlog/raw/AMIfv94tusHalcqStZPT2jxqjdP-9rOkCcqjhLf2xB1BZab1hYhBql2FfdQI6I-CItcqXjQ5xWu23OF5KODrhcUxEKW35Bv_riDt1L_YIboliQjkrH98p6cwGg8bRd6VQvqrHG9M6yk-LNQVA24NrtaJAisGjKCTcLmS8oQ3cHXtYpBlUGMOykshttps://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/18130Fold in pre 3.0 Tor Browser changelogs2023-02-09T09:50:44ZGeorg KoppenFold in pre 3.0 Tor Browser changelogsWe should fold in the pre 3.0 Tor Browser changelogs for reference purposes. They are right here: https://gitweb.torproject.org/torbrowser.git/tree/?h=maint-2.4. Might be a bit of work to sort all the things out and get that into the for...We should fold in the pre 3.0 Tor Browser changelogs for reference purposes. They are right here: https://gitweb.torproject.org/torbrowser.git/tree/?h=maint-2.4. Might be a bit of work to sort all the things out and get that into the format we use today, but it's worthwhile.https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/18087security.nocertdb -> false breaks mochitest https pages2023-01-05T17:47:45ZArthur Edelsteinsecurity.nocertdb -> false breaks mochitest https pagesWhen the `security.nocertdb` pref is enabled, mochitests that attempt to connect to `https://example.com` run into a "This connection is untrusted" error. We should try to fix this (and upstream to mozilla).When the `security.nocertdb` pref is enabled, mochitests that attempt to connect to `https://example.com` run into a "This connection is untrusted" error. We should try to fix this (and upstream to mozilla).https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/40943Disable bookmark backups2022-11-30T18:34:03ZcypherpunksDisable bookmark backupsTor browser shouldn't backup bookmarks at all and even when bookmarks are deleted, old backups remain in:
/Browser/TorBrowser/Data/Browser/profile.default/bookmarkbackupsTor browser shouldn't backup bookmarks at all and even when bookmarks are deleted, old backups remain in:
/Browser/TorBrowser/Data/Browser/profile.default/bookmarkbackupshttps://gitlab.torproject.org/tpo/core/chutney/-/issues/17282Chutney could use a HOWTO for writing new test cases, network tests, etc2022-02-07T19:32:12ZNick MathewsonChutney could use a HOWTO for writing new test cases, network tests, etcDue April 2016Due April 2016https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/17123Request for certificate is sent over the catch-all circuit2023-01-05T16:36:14ZGeorg KoppenRequest for certificate is sent over the catch-all circuitThe request made to fetch a certificate of a page showing a certificate warning is sent over the catch-all circuit. I think it should be sent over the circuit of the page the user tried to visit originally instead.The request made to fetch a certificate of a page showing a certificate warning is sent over the catch-all circuit. I think it should be sent over the circuit of the page the user tried to visit originally instead.https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/40571Windows copyright notices should contain Tor Project2023-08-25T23:13:38ZMark SmithWindows copyright notices should contain Tor ProjectWhile working on legacy/trac#16910, Kathy and I noticed that the copyright notices embedded within the browser executables on Windows (firefox.exe, updater.exe) have the same text as in Firefox. For consistency with Mac OS, we should use...While working on legacy/trac#16910, Kathy and I noticed that the copyright notices embedded within the browser executables on Windows (firefox.exe, updater.exe) have the same text as in Firefox. For consistency with Mac OS, we should use text like:
Copyright 2015 The Tor Project
or maybe we should change both platforms to use:
Copyright (c) 2015, The Tor Project, Inc.
For reference, the file Bundle-Data/Docs/Licenses/Tor.txt within our builders/tor-browser-bundle repo. contains the following copyright text:
Copyright (c) 2001-2004, Roger Dingledine
Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson
Copyright (c) 2007-2013, The Tor Project, Inc.
(we we are at it, we should also update the year there).Sponsor 131 - Phase 3 - Major ESR 102 Migrationhttps://gitlab.torproject.org/tpo/core/tor/-/issues/16894Check all logging output is appropriately escaped / escaped_safe_str_client2022-02-07T19:38:03ZteorCheck all logging output is appropriately escaped / escaped_safe_str_clientSecurity bugs like legacy/trac#16891 show up every so often, where sensitive input is logged, rather than being obscured. Similarly, client input is sometimes logged unsanitised (I fixed one of these in the directory request logging code...Security bugs like legacy/trac#16891 show up every so often, where sensitive input is logged, rather than being obscured. Similarly, client input is sometimes logged unsanitised (I fixed one of these in the directory request logging code about 9-12 months ago.)
It would be great if someone could review all the strings that are logged by Tor, and categorise them into:
* static or calculated internally: trusted, log as-is
* externally provided: unsanitised, use escaped()
* sensitive client information: use escaped_safe_str_client()
Do we want this in 0.2.7, or should we leave it until 0.2.8?https://gitlab.torproject.org/tpo/core/tor/-/issues/16824Emit a warning message about side channel leaks when using relays as clients2022-02-07T19:39:17ZstarlightEmit a warning message about side channel leaks when using relays as clientsAnalysis presented in bug legacy/trac#16585 demonstrates client circuit formation processing perturbs relay cell forwarding in a manner that may be susceptible to traffic confirmation analysis.
With the present code structure it is reco...Analysis presented in bug legacy/trac#16585 demonstrates client circuit formation processing perturbs relay cell forwarding in a manner that may be susceptible to traffic confirmation analysis.
With the present code structure it is recommended that simultaneous client and relay operation be aggressively discouraged with a new `torrc` configuration parameter to inhibit it--default value set to prevent. In addition log warnings should be generated when both client and relay functions are allowed to operate concurrently.
Correct support of simultaneous client and relay function requires segregation of the client function to a separate thread running on a different processor core than the relay function.
Correcting the current client implementation's deficit of transaction granularity is unlikely to eliminate the potential for a sophisticated advisory to detect perturbation of cell forwarding by client circuit creation activity.