The Tor Project issueshttps://gitlab.torproject.org/groups/tpo/-/issues2021-10-08T06:22:07Zhttps://gitlab.torproject.org/tpo/web/newsletter/-/issues/11https://newsletter.torproject.org overlaps text as width is too small on my p...2021-10-08T06:22:07ZGeorg Koppenhttps://newsletter.torproject.org overlaps text as width is too small on my phoneTesting on a Samsungs Galaxy S5 mini I realized there is overlapping text on https://newsletter.torproject.org in the Archive section (the dates overlap with text so that the result is hardly readable). See attachment for how this looks ...Testing on a Samsungs Galaxy S5 mini I realized there is overlapping text on https://newsletter.torproject.org in the Archive section (the dates overlap with text so that the result is hardly readable). See attachment for how this looks like.https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/18166TBB continuously updates its Custom Destinations file on Win72022-07-12T21:06:29ZbugzillaTBB continuously updates its Custom Destinations file on Win7TBB continuously updates its Custom Destinations (def.: https://blogs.microsoft.co.il/sasha/2009/02/24/windows-7-taskbar-custom-destinations/) file (in **%appdata%\Microsoft\Windows\Recent**) on Win7.
Example: https://chromium-build-logs...TBB continuously updates its Custom Destinations (def.: https://blogs.microsoft.co.il/sasha/2009/02/24/windows-7-taskbar-custom-destinations/) file (in **%appdata%\Microsoft\Windows\Recent**) on Win7.
Example: https://chromium-build-logs.appspot.com/viewlog/raw/AMIfv94tusHalcqStZPT2jxqjdP-9rOkCcqjhLf2xB1BZab1hYhBql2FfdQI6I-CItcqXjQ5xWu23OF5KODrhcUxEKW35Bv_riDt1L_YIboliQjkrH98p6cwGg8bRd6VQvqrHG9M6yk-LNQVA24NrtaJAisGjKCTcLmS8oQ3cHXtYpBlUGMOykshttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/18780Windows' numeric keyboard characters enter doesn't work.2022-11-29T13:53:49ZTracWindows' numeric keyboard characters enter doesn't work.Just tried to enter some extended characters into textarea using numeric keyboard as Windows allows it: pressing left Alt and typing char code, like: Alt-0151 enters m-dash, Alt-0171 for left double arrow quote, Alt-0187 for right quote,...Just tried to enter some extended characters into textarea using numeric keyboard as Windows allows it: pressing left Alt and typing char code, like: Alt-0151 enters m-dash, Alt-0171 for left double arrow quote, Alt-0187 for right quote, etc. No character appeared. But typing into location field does actually work, and I can type those chars in there and paste them into text fields and textareas in pages opened in TB.
Is this an intentional measure or a bug? Found two tickets possibly related to this: legacy/trac#16678, legacy/trac#15646.
OS: Windows 8
Tor Browser: 5.5.4
**Trac**:
**Username**: Unchquahttps://gitlab.torproject.org/tpo/core/tor/-/issues/6505GETINFO dir/status-vote/current/consensus returns "Unrecognized key" if no co...2022-02-07T19:38:59ZZack WeinbergGETINFO dir/status-vote/current/consensus returns "Unrecognized key" if no consensus availableIf there is no consensus available, issuing a GETINFO command for dir/status-vote/current/consensus will return an "Unrecognized key" error instead of an empty string, which will make pytorctl crash.
Patch attached.If there is no consensus available, issuing a GETINFO command for dir/status-vote/current/consensus will return an "Unrecognized key" error instead of an empty string, which will make pytorctl crash.
Patch attached.https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/21455newwin: Inconsistent New Window height on multiple monitors (Windows)2024-03-12T09:04:47ZTracnewwin: Inconsistent New Window height on multiple monitors (Windows)(1) "New Window" or Ctrl+N creates a new window slightly offset from the current window, but the size of the new window is determined by the primary display (instead of the display the window is on).
If the primary display is larger, th...(1) "New Window" or Ctrl+N creates a new window slightly offset from the current window, but the size of the new window is determined by the primary display (instead of the display the window is on).
If the primary display is larger, this can push part of the window off the top of the display (e.g. primary 1920x1200, secondary 1280x1024: New Window on secondary display gets pushed off the top so only half the URL bar is visible).
(2) Dragging a tab out of a window with multiple tabs creates a new window sized differently than "New Window", this new window is sized according to the display it is on.
This is in 6.5 and 7.0a1 but not 6.08
**Trac**:
**Username**: pjw0https://gitlab.torproject.org/tpo/core/tor/-/issues/8727ServerTransportListenAddr validation should validate that transport-name is w...2022-02-07T19:38:03ZGeorge KadianakisServerTransportListenAddr validation should validate that transport-name is well-formedSomeone put in his torrc:
```
ServerTransportListenAddr obfs2,obfs3 0.0.0.0:56831 0.0.0.0:56832
```
inspired by the format of ServerTransportPlugin. Unfortunately, this is not the correct way to use ServerTransportListenAddr. The correct...Someone put in his torrc:
```
ServerTransportListenAddr obfs2,obfs3 0.0.0.0:56831 0.0.0.0:56832
```
inspired by the format of ServerTransportPlugin. Unfortunately, this is not the correct way to use ServerTransportListenAddr. The correct way is:
```
ServerTransportListenAddr obfs2 0.0.0.0:56831
ServerTransportListenAddr obfs3 0.0.0.0:56832
```
We should at least validate that the first argument of the line is a pluggable transport name (C-identifier) to avoid stuff like "obfs2,obfs3".https://gitlab.torproject.org/tpo/core/tor/-/issues/9105make heartbeat messages describe hibernation consistently2024-03-13T19:13:54ZTracmake heartbeat messages describe hibernation consistentlyIf user have configured hibernation it looks like this:
```
03:02:02.000 [notice] Bandwidth soft limit reached; commencing hibernation. No new connections will be accepted
06:19:04.000 [notice] Heartbeat: Tor's uptime is 18:00 hours, wi...If user have configured hibernation it looks like this:
```
03:02:02.000 [notice] Bandwidth soft limit reached; commencing hibernation. No new connections will be accepted
06:19:04.000 [notice] Heartbeat: Tor's uptime is 18:00 hours, with 1 circuits open. I've sent 1.43 GB and received 1.45 GB. We are currently hibernating.
08:00:00.000 [notice] Configured hibernation. This interval began at 2013-06-20 08:00:00; the scheduled wake-up time was 2013-06-20 08:00:00; we expect to exhaust our quota for this interval around 2013-06-21 08:00:00; the next interval begins at 2013-06-21 08:00:00 (all times local)
08:00:00.000 [notice] Hibernation period ended. Resuming normal activity.
12:19:04.000 [notice] Heartbeat: Tor's uptime is 4:19 hours, with 45 circuits open. I've sent 1.58 GB and received 1.60 GB.
```
This is inconsistent. Upon hibernating Tor uptime is reset, but transferred GB are not. This does not make these messages useful.
It would be best to reset bw info on uptime reset after hibernation ended or report totals and current periods.
For example Running for XX hours (not reset on hibernation), total sent/received. Uptime is YY hours, sent/received data since last start.
If user have configured hibernation, i presume that he wants to know data sent/received in last hibernation interval.
**Trac**:
**Username**: hsnhttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/23660Handle exceptions in content sandboxing code for Tor Browser on Windows properly2022-11-30T14:58:29ZGeorg KoppenHandle exceptions in content sandboxing code for Tor Browser on Windows properlyAt the moment we just rip out the SEH parts of the content sandboxing code as mingw-w64 has trouble handling it. We should provide a proper fix for it, though.At the moment we just rip out the SEH parts of the content sandboxing code as mingw-w64 has trouble handling it. We should provide a proper fix for it, though.https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/24950"Restrict third party cookies and other tracking data" enabled = disables exc...2022-11-29T14:24:57ZTrac"Restrict third party cookies and other tracking data" enabled = disables exceptions list for popupsOptions -> Privacy -> Restrict third party cookies and other tracking data
When enabled, popup blocker ignores exceptions list and blocks popups from all websites.
**Trac**:
**Username**: vanowmOptions -> Privacy -> Restrict third party cookies and other tracking data
When enabled, popup blocker ignores exceptions list and blocks popups from all websites.
**Trac**:
**Username**: vanowmSponsor 131 - Phase 5 - Ongoing Maintenancehttps://gitlab.torproject.org/tpo/core/tor/-/issues/14854Document the hardlimit of HiddenServiceAuthorizeClient basic2022-02-07T19:38:03ZcypherpunksDocument the hardlimit of HiddenServiceAuthorizeClient basicI ran some tests on HiddenServiceAuthorizeClient basic auth-type and found that it stopped working when I created 49 or more clients.
I started with 10 clients and kept adding 10 more at a time. When I had 39 clients, the hidden service ...I ran some tests on HiddenServiceAuthorizeClient basic auth-type and found that it stopped working when I created 49 or more clients.
I started with 10 clients and kept adding 10 more at a time. When I had 39 clients, the hidden service worked, but when I added 10 more, the hostname and client_keys were generated as expected, but hidden service stopped working for all of the clients.
HiddenServiceDir /var/lib/tor/test_public/ # tlxnxx74fpmkw2qh.onion
HiddenServicePort 80 127.0.0.1:80
HiddenServiceAuthorizeClient basic \
tlx_cl01, \
tlx_cl02, \
tlx_cl03, \
...
tlx_cl47, \
tlx_cl48, \
tlx_cl49
According to the man page and the specs, the stealth mode doesn't work for more than 16 clients, but implied that the basic mode should work.https://gitlab.torproject.org/tpo/core/tor/-/issues/15661Same "non-loopback address" notice is printed twice2022-02-07T19:39:00Zyurivict271Same "non-loopback address" notice is printed twiceThe following command line produces each notice twice.
This is not a big deal, but something is wrong in the code and needs to be fixed.
```
/usr/local/bin/tor --ignore-missing-torrc -f /no/file --PidFile /var/tmp/vbox-to-tor/tap7/tor....The following command line produces each notice twice.
This is not a big deal, but something is wrong in the code and needs to be fixed.
```
/usr/local/bin/tor --ignore-missing-torrc -f /no/file --PidFile /var/tmp/vbox-to-tor/tap7/tor.pid --RunAsDaemon 1 --DataDirectory /var/tmp/vbox-to-tor/tap7/data --+Log "notice file /var/tmp/vbox-to-tor/tap7/tor.log" --DNSPort 53 --DNSListenAddress 172.16.7.1 --TransPort 9030 --TransListenAddress 172.16.7.1 --SocksPort 0
```
```
Apr 12 21:38:09.478 [notice] Tor v0.2.6.6 (git-bb8c4e69ca5c8bca) running on FreeBSD with Libevent 2.0.22-stable, OpenSSL 1.0.2a and Zlib 1.2.8.
Apr 12 21:38:09.478 [notice] Tor can't help you if you use it wrong! Learn how to be safe at https://www.torproject.org/download/download#warning
Apr 12 21:38:09.478 [notice] Configuration file "/no/file" not present, using reasonable defaults.
Apr 12 21:38:09.483 [notice] You configured a non-loopback address '172.16.7.1:53' for DNSPort. This allows everybody on your local network to use your machine as a proxy. Make sure this is what you wanted.
Apr 12 21:38:09.483 [notice] You configured a non-loopback address '172.16.7.1:9030' for TransPort. This allows everybody on your local network to use your machine as a proxy. Make sure this is what you wanted.
Apr 12 21:38:09.484 [notice] You configured a non-loopback address '172.16.7.1:53' for DNSPort. This allows everybody on your local network to use your machine as a proxy. Make sure this is what you wanted.
Apr 12 21:38:09.485 [notice] You configured a non-loopback address '172.16.7.1:9030' for TransPort. This allows everybody on your local network to use your machine as a proxy. Make sure this is what you wanted.
Apr 12 21:38:09.485 [notice] Opening DNS listener on 172.16.7.1:53
Apr 12 21:38:09.485 [notice] Opening Transparent pf/netfilter listener on 172.16.7.1:9030
Apr 12 21:38:09.485 [warn] Fixing permissions on directory /var/tmp/vbox-to-tor/tap7/data
```https://gitlab.torproject.org/tpo/core/tor/-/issues/16350tor.pid should be deleted on exit in every case possible, like assert termina...2022-02-07T19:38:03Zyurivict271tor.pid should be deleted on exit in every case possible, like assert termination, and catchable signalsI had tor fail with assertion, printing message into log and exiting, yet it left tor.pid. It could have easily delete it, since this wasn't the non-catchable signal.
It doesn't make sense to leave tor.pid when tor exited.
0.2.6.7 on F...I had tor fail with assertion, printing message into log and exiting, yet it left tor.pid. It could have easily delete it, since this wasn't the non-catchable signal.
It doesn't make sense to leave tor.pid when tor exited.
0.2.6.7 on FreeBSDhttps://gitlab.torproject.org/tpo/core/tor/-/issues/16564WIP: Reject bridge descriptors posted to non-bridge authorities2022-02-07T19:38:32ZRoger DingledineWIP: Reject bridge descriptors posted to non-bridge authoritiesRight now if my bridge descriptor gets uploaded to the directory authorities, poof I'm now a public relay, even if I didn't mean to be.
That's not the end of the world, since I am technically offering to be a relay already, and the only...Right now if my bridge descriptor gets uploaded to the directory authorities, poof I'm now a public relay, even if I didn't mean to be.
That's not the end of the world, since I am technically offering to be a relay already, and the only difference is that I didn't opt to publish my descriptor myself.
But still it seems like we should make the choice explicit inside the descriptor.https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/40579Check for `file` command in Tor Browser start script before using it2022-07-13T23:34:14ZGeorg KoppenCheck for `file` command in Tor Browser start script before using itIn `start-tor-browser` we do
```
SYSARCHITECTURE=$(getconf LONG_BIT)
TORARCHITECTURE=$(expr "$(file TorBrowser/Tor/tor)" : '.*ELF \([[:digit:]]*\)')
if [ $SYSARCHITECTURE -ne $TORARCHITECTURE ]; then
complain "Wrong architecture? 32-...In `start-tor-browser` we do
```
SYSARCHITECTURE=$(getconf LONG_BIT)
TORARCHITECTURE=$(expr "$(file TorBrowser/Tor/tor)" : '.*ELF \([[:digit:]]*\)')
if [ $SYSARCHITECTURE -ne $TORARCHITECTURE ]; then
complain "Wrong architecture? 32-bit vs. 64-bit."
exit 1
fi
```
to bail out early in case users have downloaded a bundle for the wrong architecture. Now, it turns out that there are Linux distros out there (NixOS seems to be one of those) that don't find `file` that way. A fix for that would be to check for the existence of `file` and if we can't find it to note that we assume the user knows what they are doing and proceed anyway.https://gitlab.torproject.org/tpo/core/tor/-/issues/16598fsync ed25519 master key files before closing them.2022-02-07T19:39:17ZNick Mathewsonfsync ed25519 master key files before closing them.Weasel says this is a good idea, and IMO it can't hurt.Weasel says this is a good idea, and IMO it can't hurt.https://gitlab.torproject.org/tpo/core/tor/-/issues/16824Emit a warning message about side channel leaks when using relays as clients2022-02-07T19:39:17ZstarlightEmit a warning message about side channel leaks when using relays as clientsAnalysis presented in bug legacy/trac#16585 demonstrates client circuit formation processing perturbs relay cell forwarding in a manner that may be susceptible to traffic confirmation analysis.
With the present code structure it is reco...Analysis presented in bug legacy/trac#16585 demonstrates client circuit formation processing perturbs relay cell forwarding in a manner that may be susceptible to traffic confirmation analysis.
With the present code structure it is recommended that simultaneous client and relay operation be aggressively discouraged with a new `torrc` configuration parameter to inhibit it--default value set to prevent. In addition log warnings should be generated when both client and relay functions are allowed to operate concurrently.
Correct support of simultaneous client and relay function requires segregation of the client function to a separate thread running on a different processor core than the relay function.
Correcting the current client implementation's deficit of transaction granularity is unlikely to eliminate the potential for a sophisticated advisory to detect perturbation of cell forwarding by client circuit creation activity.https://gitlab.torproject.org/tpo/core/tor/-/issues/16894Check all logging output is appropriately escaped / escaped_safe_str_client2022-02-07T19:38:03ZteorCheck all logging output is appropriately escaped / escaped_safe_str_clientSecurity bugs like legacy/trac#16891 show up every so often, where sensitive input is logged, rather than being obscured. Similarly, client input is sometimes logged unsanitised (I fixed one of these in the directory request logging code...Security bugs like legacy/trac#16891 show up every so often, where sensitive input is logged, rather than being obscured. Similarly, client input is sometimes logged unsanitised (I fixed one of these in the directory request logging code about 9-12 months ago.)
It would be great if someone could review all the strings that are logged by Tor, and categorise them into:
* static or calculated internally: trusted, log as-is
* externally provided: unsanitised, use escaped()
* sensitive client information: use escaped_safe_str_client()
Do we want this in 0.2.7, or should we leave it until 0.2.8?https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/29630TorBrowser creates empty directory in "/tmp"2022-11-29T15:16:51ZTracTorBrowser creates empty directory in "/tmp"I'm using the latest TBB on Linux.
After I start TorBrowser, the directory is created in temporary direcrory (in my case /tmp)
drwx------ 2 user user 4096 Mar 1 12:34 Temp-41d8a42b-5545-4af5-89c2-be2502af95c7
The directory is empt...I'm using the latest TBB on Linux.
After I start TorBrowser, the directory is created in temporary direcrory (in my case /tmp)
drwx------ 2 user user 4096 Mar 1 12:34 Temp-41d8a42b-5545-4af5-89c2-be2502af95c7
The directory is empty. After I close the TBB, this directory disappears. Not sure if it's OK behavior or not.
**Trac**:
**Username**: AxelFhttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/30668Mobile: Favicon is not used when making a shortcut on Home screen2022-07-20T14:52:54ZTracMobile: Favicon is not used when making a shortcut on Home screen- Tor Browser and Tor Broswer (Alpha):
- Press the three dotted button in the top right,
- Select "Page >",
- Select "Add to home screen".
- A button on the home screen appears, but is missing the favicon.
Would the proper behaviour be ...- Tor Browser and Tor Broswer (Alpha):
- Press the three dotted button in the top right,
- Select "Page >",
- Select "Add to home screen".
- A button on the home screen appears, but is missing the favicon.
Would the proper behaviour be to download the largest favicon possible and then resize it down on the client-side to avoid resquesting an icon dize that might identify the client os?
NOTE: Old Orfox appears to function correctly, in that the icon is used and it appears brilliant and sharp (ie. high-resolution).
**Trac**:
**Username**: torlovehttps://gitlab.torproject.org/tpo/core/tor/-/issues/18321Exclude our own vote from the consensus if we think our own vote is invalid2022-02-07T19:39:17ZteorExclude our own vote from the consensus if we think our own vote is invalidWe're creating a vote that is invalid, but try to make a consensus anyway like nothing's wrong. Then we fail doing that as described above.We're creating a vote that is invalid, but try to make a consensus anyway like nothing's wrong. Then we fail doing that as described above.