The Tor Project issueshttps://gitlab.torproject.org/groups/tpo/-/issues2020-06-27T14:02:56Zhttps://gitlab.torproject.org/tpo/core/tor/-/issues/12194rend_client_note_connection_attempt_ended() gets called redundantly2020-06-27T14:02:56ZAndrea Shepardrend_client_note_connection_attempt_ended() gets called redundantlyWhen hidden service connection attempts fail, rend_client_note_connection_attempt_ended() can get called once from connection_mark_unattached_ap() and then again from rend_client_desc_trynow() after it returns. See the log snippet in le...When hidden service connection attempts fail, rend_client_note_connection_attempt_ended() can get called once from connection_mark_unattached_ap() and then again from rend_client_desc_trynow() after it returns. See the log snippet in legacy/trac#10616 for an example.Tor: 0.2.6.x-finalhttps://gitlab.torproject.org/tpo/anti-censorship/bridgedb/-/issues/12091BridgeDB still isn't checking DKIM verification results properly2020-06-27T13:43:12ZIsis LovecruftBridgeDB still isn't checking DKIM verification results properlyFrom [this commit message](https://gitweb.torproject.org/user/isis/bridgedb.git/commitdiff/4c18a4e2b89872c5731d4301665642065980086e) for [this unittest](https://gitweb.torproject.org/user/isis/bridgedb.git/blob/4c18a4e2b89872c5731d430166...From [this commit message](https://gitweb.torproject.org/user/isis/bridgedb.git/commitdiff/4c18a4e2b89872c5731d4301665642065980086e) for [this unittest](https://gitweb.torproject.org/user/isis/bridgedb.git/blob/4c18a4e2b89872c5731d4301665642065980086e:/lib/bridgedb/test/test_email_server.py#l326):
> Also, "dunno" certainly isn't a valid DKIM signature.
See the ticket description for legacy/trac#12086 for how
```
15:30:31 DEBUG L495:server.lineReceived() > X-DKIM-Authentication-Results: dunno
```
ended up in the headers on an incoming email in the first place.Isis LovecruftIsis Lovecrufthttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/11884Tor Browser: add DuckDuckGo hidden service into default search engines list2020-06-27T14:42:11ZTracTor Browser: add DuckDuckGo hidden service into default search engines listSince DuckDuckGo main website is already in the default install, why not add an engine which searches on the hidden service (http://3g2upl4pq6kufc4m.onion/) as well?
Now I have to add it to bookmarks and assign a keyword to it and it al...Since DuckDuckGo main website is already in the default install, why not add an engine which searches on the hidden service (http://3g2upl4pq6kufc4m.onion/) as well?
Now I have to add it to bookmarks and assign a keyword to it and it always displays the HTML 5 canvas warning (there is no such warning with Tor Browser's normal DDG engine). I don't know any other way to add it (I guess it would be some customization of about:config)
Adding the hidden service to default search engines would be a great usability improvement.
**Trac**:
**Username**: bioshhttps://gitlab.torproject.org/tpo/core/tor/-/issues/11679Download status for consensus scheduled as generic2020-06-27T14:03:03ZcypherpunksDownload status for consensus scheduled as genericCurrently download status scheduled as generic (DL_SCHED_GENERIC = 0);
```
/** Download status for the current consensus networkstatus. */
static download_status_t consensus_dl_status[N_CONSENSUS_FLAVORS];
```
Before [implementing](https...Currently download status scheduled as generic (DL_SCHED_GENERIC = 0);
```
/** Download status for the current consensus networkstatus. */
static download_status_t consensus_dl_status[N_CONSENSUS_FLAVORS];
```
Before [implementing](https://gitweb.torproject.org/tor.git/commitdiff/851a980065e6b2df8d7cb35a22d0675b8918214b) of consensus for md it was DL_SCHED_CONSENSUS:
```
static download_status_t consensus_dl_status = { 0, 0, DL_SCHED_CONSENSUS };
```
That means unfriendly schedule for client with fragile network connection.
```
/** Schedule for when clients should download things in general. */
static const int client_dl_schedule[] = {
0, 0, 60, 60*5, 60*10, INT_MAX
};
```
vs.
```
/** Schedule for when clients should download consensuses. */
static const int client_consensus_dl_schedule[] = {
0, 0, 60, 60*5, 60*10, 60*30, 60*60, 60*60, 60*60, 60*60*3, 60*60*6, 60*60*12
};
```
Tor will reset download status by `networkstatus_reset_download_failures` once a hour so client will have a chance to retry, so no unresolved state actually.
Is it worth to initialize download status for consensus schedule? Or to rename schedule if planned to use it for certs only?Tor: 0.2.6.x-finalhttps://gitlab.torproject.org/tpo/core/tor/-/issues/11543Clarify libseccomp "platform not supported" warning.2020-06-27T14:03:07ZNick MathewsonClarify libseccomp "platform not supported" warning.Here's an unhelpful thing: "Sandboxing is not implemented for your platform. The feature is currently disabled".
Probably better to distinguish whether sandboxing would work if we had a different kernel (old linux), or if we had libsecc...Here's an unhelpful thing: "Sandboxing is not implemented for your platform. The feature is currently disabled".
Probably better to distinguish whether sandboxing would work if we had a different kernel (old linux), or if we had libseccomp (new linux, built without libseccomp), or not at all (freebsd etc).Tor: 0.2.5.x-finalhttps://gitlab.torproject.org/tpo/core/tor/-/issues/11542Add a new logging domain for transport proxies2020-06-27T14:03:07ZwfnAdd a new logging domain for transport proxiesvelope suggested (and nickm is not against the idea of) adding a new logging domain for all the stuff to do with transport proxies / PTs. It would sure be nice to have transport proxy output like legacy/trac#9957 go to that specific doma...velope suggested (and nickm is not against the idea of) adding a new logging domain for all the stuff to do with transport proxies / PTs. It would sure be nice to have transport proxy output like legacy/trac#9957 go to that specific domain; it would make debugging PT things easier, I think.
Does this make sense, or is there simply no need for it, really?Tor: 0.4.0.x-finalYawning AngelYawning Angelhttps://gitlab.torproject.org/tpo/core/tor/-/issues/11452undef DEAD_CERT_LIFETIME too in trusted_dirs_remove_old_certs()2020-06-27T14:03:12ZRoger Dingledineundef DEAD_CERT_LIFETIME too in trusted_dirs_remove_old_certs()In trusted_dirs_remove_old_certs() we have
```
#define DEAD_CERT_LIFETIME (2*24*60*60)
#define OLD_CERT_LIFETIME (7*24*60*60)
[...use them...]
#undef OLD_CERT_LIFETIME
```
Shouldn't we undef both (or neither)?
Introduced in git commit ...In trusted_dirs_remove_old_certs() we have
```
#define DEAD_CERT_LIFETIME (2*24*60*60)
#define OLD_CERT_LIFETIME (7*24*60*60)
[...use them...]
#undef OLD_CERT_LIFETIME
```
Shouldn't we undef both (or neither)?
Introduced in git commit 8157b8b7.Tor: unspecifiedhttps://gitlab.torproject.org/tpo/anti-censorship/bridgedb/-/issues/11377New BridgeDB GimpCaptcha should be case insensitive (or should say it's sensi...2020-06-27T13:43:13ZwfnNew BridgeDB GimpCaptcha should be case insensitive (or should say it's sensitive)Sherief reports that the new captcha is case sensitive (it is), whereas the previous (re)captcha was not (the check was done remotely, remote resource must have implicitly done case-insensitive check.)
I assume this is the relevant line...Sherief reports that the new captcha is case sensitive (it is), whereas the previous (re)captcha was not (the check was done remotely, remote resource must have implicitly done case-insensitive check.)
I assume this is the relevant line: https://gitweb.torproject.org/bridgedb.git/blob/HEAD:/lib/bridgedb/captcha.py#l206
Should probably either do a case-insensitive comparison, or should tell users it's case sensitive (I suppose the former makes more sense.)Isis LovecruftIsis Lovecrufthttps://gitlab.torproject.org/tpo/core/tor/-/issues/11360Listen on IPv6 by default for SocksPort *:Port2021-06-18T18:20:31ZDavid Gouletdgoulet@torproject.orgListen on IPv6 by default for SocksPort *:PortThat would be very useful if tor could listen on both IPv4 and IPv6 for the SocksPort. One use case is for Torsocks to work seamlessly with v4 and v6 without having to configure a v6 port in the configuration file and restart the daemon....That would be very useful if tor could listen on both IPv4 and IPv6 for the SocksPort. One use case is for Torsocks to work seamlessly with v4 and v6 without having to configure a v6 port in the configuration file and restart the daemon.
One way to fix that would be to change the function parse_port_config() in _src/or/config.c_ to allow multiple default values adding v6 defaults (which would benefit other ports as well).
Else, having a check somewhere that adds other defaults for specific ports but not sure that it's a good idea nor makes sense in the long run in terms of maintainability.
I thought also about bringing back legacy/trac#4760 by default and setting the ipv6 only option only and only if the user has defined an option in the torrc explicitly. For instance, this in the torrc would ONLY allow v6 (remove dual stack).
```
SocksPort [::1]:9050
```
Thoughts?https://gitlab.torproject.org/tpo/network-health/metrics/relay-search/-/issues/11348Add new graphs on average users per bridge and fractional uptime per relay/br...2020-06-27T14:25:25ZKarsten LoesingAdd new graphs on average users per bridge and fractional uptime per relay/bridge to AtlasOnionoo has two new document types:
- https://onionoo.torproject.org/#clients
- https://onionoo.torproject.org/#uptime
These documents contain graph data that can be displayed by Atlas in the same way as bandwidth and weights data ar...Onionoo has two new document types:
- https://onionoo.torproject.org/#clients
- https://onionoo.torproject.org/#uptime
These documents contain graph data that can be displayed by Atlas in the same way as bandwidth and weights data are displayed. Want to add graphs for them?Philipp Winterphw@torproject.orgPhilipp Winterphw@torproject.orghttps://gitlab.torproject.org/tpo/anti-censorship/bridgedb/-/issues/11346BridgeDB should link to the BridgeDB homepage somewhere2020-06-27T13:43:14ZIsis LovecruftBridgeDB should link to the BridgeDB homepage somewhereProbably on the "BridgeDB" logo at the top of every page.Probably on the "BridgeDB" logo at the top of every page.Isis LovecruftIsis Lovecrufthttps://gitlab.torproject.org/tpo/core/tor/-/issues/11325RFE: Adhere to XDB base directory specification2020-06-27T14:03:15ZTracRFE: Adhere to XDB base directory specificationAs noted by a Fedora user [1], when running Tor as a regular user it creates "$HOME/.tor" instead of "$XDG_CACHE_HOME/.tor", which is advised by the XDG specification [2] for user-specific non-essential (cached) data. Would you consider ...As noted by a Fedora user [1], when running Tor as a regular user it creates "$HOME/.tor" instead of "$XDG_CACHE_HOME/.tor", which is advised by the XDG specification [2] for user-specific non-essential (cached) data. Would you consider adhering to this specification?
[1] https://bugzilla.redhat.com/show_bug.cgi?id=968163
[2] http://standards.freedesktop.org/basedir-spec/basedir-spec-latest.html
**Trac**:
**Username**: jamielinuxTor: unspecifiedhttps://gitlab.torproject.org/tpo/core/tor/-/issues/11279Quiet some warns for protocol errors setting rendezvous points2020-06-27T14:03:17ZRoger DingledineQuiet some warns for protocol errors setting rendezvous pointsIn https://lists.torproject.org/pipermail/tor-relays/2014-March/004031.html we see a relay operator reporting lots of "Invalid length on ESTABLISH_RENDEZVOUS" errors.
The code in question is in rend_mid_establish_rendezvous():
```
if ...In https://lists.torproject.org/pipermail/tor-relays/2014-March/004031.html we see a relay operator reporting lots of "Invalid length on ESTABLISH_RENDEZVOUS" errors.
The code in question is in rend_mid_establish_rendezvous():
```
if (request_len != REND_COOKIE_LEN) {
log_warn(LD_PROTOCOL, "Invalid length on ESTABLISH_RENDEZVOUS.");
```
Seems to me that log_warn should be a log_protocol_warn, since there's nothing the relay operator should do about some client not obeying the protocol.
Are there other log_warns in this vicinity that we should change also? I looked around a bit and didn't see others.Tor: 0.2.5.x-finalhttps://gitlab.torproject.org/tpo/anti-censorship/bridgedb/-/issues/11219BridgeDB's twisted version doesn´t have a `t.w.client.HTTPConnectionPool` class2020-06-27T13:43:14ZIsis LovecruftBridgeDB's twisted version doesn´t have a `t.w.client.HTTPConnectionPool` classAnd as such, bridgedb-0.1.5 with the patches for legacy/trac#11127 will not run, because it uses `twisted.web.client.HTTPConnectionPool` to kill disable persistent connections to the reCaptcha API server. While waiting for it to get upda...And as such, bridgedb-0.1.5 with the patches for legacy/trac#11127 will not run, because it uses `twisted.web.client.HTTPConnectionPool` to kill disable persistent connections to the reCaptcha API server. While waiting for it to get updated, we need to patch this out to that the `HTTPConnectionPool` isn't called.Isis LovecruftIsis Lovecrufthttps://gitlab.torproject.org/tpo/anti-censorship/bridgedb/-/issues/11218bridgedb.HTTPServer.ReCaptchaProtectedResource.checkSolution() doesn't expect...2020-06-27T13:43:14ZIsis Lovecruftbridgedb.HTTPServer.ReCaptchaProtectedResource.checkSolution() doesn't expect a deferredFrom bridgedb-0.1.5, `bridgedb.HTTPServer.ReCaptchaProtectedResource.checkSolution()` expects a `bool` for the `solution` internal variable, not a `t.i.defer.Deferred`:
```
Unhandled Error
Traceback (most recent call last):
File "/usr...From bridgedb-0.1.5, `bridgedb.HTTPServer.ReCaptchaProtectedResource.checkSolution()` expects a `bool` for the `solution` internal variable, not a `t.i.defer.Deferred`:
```
Unhandled Error
Traceback (most recent call last):
File "/usr/lib/python2.7/dist-packages/twisted/web/http.py", line 1349, in dataReceived
finishCallback(data[contentLength:])
File "/usr/lib/python2.7/dist-packages/twisted/web/http.py", line 1563, in _finishRequestBody
self.allContentReceived()
File "/usr/lib/python2.7/dist-packages/twisted/web/http.py", line 1618, in allContentReceived
req.requestReceived(command, path, version)
File "/usr/lib/python2.7/dist-packages/twisted/web/http.py", line 773, in requestReceived
self.process()
--- <exception caught here> ---
File "/usr/lib/python2.7/dist-packages/twisted/web/server.py", line 132, in process
self.render(resrc)
File "/usr/lib/python2.7/dist-packages/twisted/web/server.py", line 167, in render
body = resrc.render(self)
File "/usr/lib/python2.7/dist-packages/twisted/web/resource.py", line 216, in render
return m(request)
File "/srv/bridges.torproject.org/local/lib/python2.7/site-packages/bridgedb-0.1.5_dirty-py2.7.egg/bridgedb/HTTPServer.py", line 470, in render_POST
return CaptchaProtectedResource.render_POST(self, request)
File "/srv/bridges.torproject.org/local/lib/python2.7/site-packages/bridgedb-0.1.5_dirty-py2.7.egg/bridgedb/HTTPServer.py", line 220, in render_POST
if self.checkSolution(request):
File "/srv/bridges.torproject.org/local/lib/python2.7/site-packages/bridgedb-0.1.5_dirty-py2.7.egg/bridgedb/HTTPServer.py", line 432, in checkSolution
if solution.is_valid:
exceptions.AttributeError: Deferred instance has no attribute 'is_valid'
```
Should be easy, just reorder the current code to make `solution.is_valid` be checked inside a callback function on the deferred returned from `txrecaptcha.submit()`. See the `test_submit_resultIsRecaptchaResponse()` unittest for an example of how it was designed to work.Isis LovecruftIsis Lovecrufthttps://gitlab.torproject.org/tpo/anti-censorship/bridgedb/-/issues/11215Add timestamp/expiry to HMAC verification code in BridgeDB's local CAPTCHAs2020-06-27T13:43:15ZIsis LovecruftAdd timestamp/expiry to HMAC verification code in BridgeDB's local CAPTCHAsThe CAPTCHAs created in legacy/trac#10809 are in the form:
```
HMACFn := HMAC(HMAC_KEY, REQUEST_IP_ADDR)
CAPTCHA_VERIFICATION := HMACFn(RSA_ENC(CAPTCHA_ANSWER))
```
When they really should be more like:
```
HMACFn := HMAC(HMAC_KEY, REQ...The CAPTCHAs created in legacy/trac#10809 are in the form:
```
HMACFn := HMAC(HMAC_KEY, REQUEST_IP_ADDR)
CAPTCHA_VERIFICATION := HMACFn(RSA_ENC(CAPTCHA_ANSWER))
```
When they really should be more like:
```
HMACFn := HMAC(HMAC_KEY, REQUEST_IP_ADDR)
CAPTCHA_VERIFICATION := HMACFn(TIMESTAMP, RSA_ENC(CAPTCHA_ANSWER))
```
See [this commit message](https://gitweb.torproject.org/bridgedb.git/commitdiff/eeb6956ed7f7ddd0f2592c17f4a5d58a580fb878) from the original branch. After adding the timestamp to the `CAPTCHA_VERIFICATION` creation in `bridgedb.captcha.GimpCaptcha.createChallenge()`, said timestamp should obviously be checked that it is not expired (according to some easily configurable expiration period) in `bridgedb.captcha.GimpCaptcha.checkSolution()`.Isis LovecruftIsis Lovecrufthttps://gitlab.torproject.org/tpo/core/tor/-/issues/11060socks-extensions.txt says username/password are ignored2021-07-22T16:26:02ZRoger Dingledinesocks-extensions.txt says username/password are ignoredIn torspec's socks-extensions.txt, we say
```
and as of Tor 0.2.3.2-alpha, the "USERNAME/PASSWORD" (SOCKS5)
authentication method [02] is supported too. Any credentials passed to
the latter are ignored.
```
But don't we use ...In torspec's socks-extensions.txt, we say
```
and as of Tor 0.2.3.2-alpha, the "USERNAME/PASSWORD" (SOCKS5)
authentication method [02] is supported too. Any credentials passed to
the latter are ignored.
```
But don't we use them for stream isolation now?
Also (hit-and-run two-bugs-in-one-ticket faux pas, sorry), the Tor man page says:
```
IsolateSOCKSAuth
Don’t share circuits with streams for which different SOCKS
authentication was provided. (On by default; you can disable it
with NoIsolateSOCKSAuth.)
```
which makes it sound like we look at SOCKS4 username too -- maybe we should change SOCKS to SOCKS5 in this man page stanza?Tor: 0.2.5.x-finalhttps://gitlab.torproject.org/tpo/core/tor/-/issues/11059Nodes' country codes should be "definite" and "possible"2021-06-18T18:21:29ZNick MathewsonNodes' country codes should be "definite" and "possible"It would maybe be a good idea if nodes' country codes could have different statues, like "definitely in CC" or "possibly in CC". For example, if a country is "possibly in CC", then "ExcludeNodes {CC}" should exclude it, but "EntryNodes ...It would maybe be a good idea if nodes' country codes could have different statues, like "definitely in CC" or "possibly in CC". For example, if a country is "possibly in CC", then "ExcludeNodes {CC}" should exclude it, but "EntryNodes {CC}" should not include it.
This would also let us provide the feature that some operators have asked for of being able to specify their country. (I'd say that if you specify that you are in C1, but geoip says you are in C2, then you should count as "maybe in C1" and "maybe in C2" but not as definitely in either.)
See legacy/trac#11054 for another motivating example.
Is this a good idea?https://gitlab.torproject.org/tpo/core/tor/-/issues/11010add ClientConnectPolicy config option2021-06-18T18:21:28Zcypherpunksadd ClientConnectPolicy config optionThere should be a config option called ClientExitPolicy which specifies which destinations clients are allowed to build circuits to. The default value should be "accept *:*".
This will deprecate the RejectPlaintextPorts option as it wil...There should be a config option called ClientExitPolicy which specifies which destinations clients are allowed to build circuits to. The default value should be "accept *:*".
This will deprecate the RejectPlaintextPorts option as it will be able to provide the same functionality.
I am beginning to work on a patch for this.https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/10720NSIS scripts can request Windows to avoid registry writes?2020-06-27T14:42:20ZMike PerryNSIS scripts can request Windows to avoid registry writes?In https://trac.torproject.org/projects/tor/ticket/7842#comment:20, Runa mentioned that NSIS scripts can request to avoid writing to the Windows registry.
We should figure out how to do this and use those settings in the TBB Windows NSI...In https://trac.torproject.org/projects/tor/ticket/7842#comment:20, Runa mentioned that NSIS scripts can request to avoid writing to the Windows registry.
We should figure out how to do this and use those settings in the TBB Windows NSIS scripts (which live at https://github.com/moba/tbb-windows-installer).Erinn ClarkErinn Clark