The Tor Project issueshttps://gitlab.torproject.org/groups/tpo/-/issues2023-06-14T20:37:24Zhttps://gitlab.torproject.org/tpo/onion-services/onionspray-log-parser/-/issues/1Provide logrotate examples2023-06-14T20:37:24ZSilvio RhattoProvide logrotate examplesProvide a logrotate configuration file example (with and without S3 storage).Provide a logrotate configuration file example (with and without S3 storage).https://gitlab.torproject.org/tpo/core/tor/-/issues/40619Typo in microdesc.c2022-07-21T19:19:42ZcypherpunksTypo in microdesc.cThe file src/feature/nodelist/microdesc.c currently has the following strings:
<code>
if (tor_memeq(node->rs->descriptor_digest,
(*mdp)->digest, DIGEST256_LEN)) {
rs_match = "Microdesc digest in RS...The file src/feature/nodelist/microdesc.c currently has the following strings:
<code>
if (tor_memeq(node->rs->descriptor_digest,
(*mdp)->digest, DIGEST256_LEN)) {
rs_match = "Microdesc digest in RS matches";
} else {
rs_match = "Microdesc digest in RS does match";
}
</code>
It looks like a typo that should read "digest in RS does *not* match".Tor: 0.4.8.x-freezeNick MathewsonNick Mathewsonhttps://gitlab.torproject.org/tpo/core/tor/-/issues/40613Remove socket_failed_from_resource_exhaustion heuristic2022-12-12T20:12:55ZAlex XuRemove socket_failed_from_resource_exhaustion heuristicsocket_failed_from_resource_exhaustion says:
```
/**
* A socket failed from resource exhaustion.
*
* Among other actions, warn that an accept or a connect has failed because
* we're running out of TCP sockets we can use on current s...socket_failed_from_resource_exhaustion says:
```
/**
* A socket failed from resource exhaustion.
*
* Among other actions, warn that an accept or a connect has failed because
* we're running out of TCP sockets we can use on current system. Rate-limit
* these warnings so that we don't spam the log. */
static void
socket_failed_from_resource_exhaustion(void)
{
/* When we get to this point we know that a socket could not be
* established. However the kernel does not let us know whether the reason is
* because we ran out of TCP source ports, or because we exhausted all the
* FDs on this system, or for any other reason.
*
* For this reason, we are going to use the following heuristic: If our
* system supports a lot of sockets, we will assume that it's a problem of
* TCP port exhaustion. Otherwise, if our system does not support many
* sockets, we will assume that this is because of file descriptor
* exhaustion.
*/
```
The first part of the second comment is wrong for two reasons:
1. the kernel returns EADDRINUSE if TCP ports were exhausted, EMFILE if the process reached its FD limit, and ENFILE if the system reached its FD limit; and
2. we know in advance which failure condition could apply based on the system call: socket and accept can't fail due to lack of TCP ports, and bind and connect can't fail due to lack of FDs. actually, socket_failed_from_resource_exhaustion isn't even called when bind or connect fails anyways, so it's not currently possible for it to fail due to lack of TCP ports. The second part of the first comment is misleading: socket_failed_from_resource_exhaustion is not called when connect fails, it is called when connection_connect_sockaddr fails due to socket failing. This is probably fine anyways though: if connect fails due to EADDRINUSE, then it is because thousands of connections have been made to the same destination, which is not a relay overload.
Therefore, as far as I can tell, the heuristic is not necessary and should be replaced with either or both of the preceding rules.https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/40947Make sure the controller password used in Torbutton is conforming to the spec2022-07-09T21:26:16ZGeorg KoppenMake sure the controller password used in Torbutton is conforming to the spec```
var auth_cmd = "AUTHENTICATE "+m_tb_control_pass+"\r\n";
```
is basically just taking `m_tb_control_pass` and passing it along to tor. We should do some checks that it is actually conforming to the spec (it must be comprised of `HEXI...```
var auth_cmd = "AUTHENTICATE "+m_tb_control_pass+"\r\n";
```
is basically just taking `m_tb_control_pass` and passing it along to tor. We should do some checks that it is actually conforming to the spec (it must be comprised of `HEXIDIGIT`s or be a `QuotedString`).Sponsor 131 - Phase 5 - Ongoing Maintenancehttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/40943Disable bookmark backups2022-11-30T18:34:03ZcypherpunksDisable bookmark backupsTor browser shouldn't backup bookmarks at all and even when bookmarks are deleted, old backups remain in:
/Browser/TorBrowser/Data/Browser/profile.default/bookmarkbackupsTor browser shouldn't backup bookmarks at all and even when bookmarks are deleted, old backups remain in:
/Browser/TorBrowser/Data/Browser/profile.default/bookmarkbackupshttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/40932torrc-defaults is not optional2022-07-09T21:47:55Zcypherpunkstorrc-defaults is not optional```
var torrcDefaultsFile =
TorLauncherUtil.getTorFile("torrc-defaults", false);
```
```
var geoipFile = torrcDefaultsFile.clone();
geoipFile.leafName = "geoip";
var geoip6File = torrcDefaults...```
var torrcDefaultsFile =
TorLauncherUtil.getTorFile("torrc-defaults", false);
```
```
var geoipFile = torrcDefaultsFile.clone();
geoipFile.leafName = "geoip";
var geoip6File = torrcDefaultsFile.clone();
geoip6File.leafName = "geoip6";
var args = [];
if (torrcDefaultsFile)
{
args.push("--defaults-torrc");
args.push(torrcDefaultsFile.path);
}
```
Missed "optional" torrc-defaults file leads to exception and failed Tor start with unclear reason for user.Sponsor 131 - Phase 5 - Ongoing Maintenancehttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/40930Make Tor Browser follow the Tor Friendly Applications Best Practices doc2023-08-30T15:20:06ZRoger DingledineMake Tor Browser follow the Tor Friendly Applications Best Practices docIf I want to run two TBB 3.5's at once, I'm out of luck because the Tor ports conflict and they're hard-coded.
Vidalia solved this by having a checkbox for 'choose ports automatically', which starts Tor with "socksport auto" and "contro...If I want to run two TBB 3.5's at once, I'm out of luck because the Tor ports conflict and they're hard-coded.
Vidalia solved this by having a checkbox for 'choose ports automatically', which starts Tor with "socksport auto" and "controlport auto" and then reads the file specified to Tor by ControlPortWriteToFile to learn what control port it picked.
Should we teach Tor Launcher to do something similar?
Maybe a reasonable place for the interface toggle is in the proxy settings window?Sponsor 131 - Phase 5 - Ongoing Maintenancehttps://gitlab.torproject.org/tpo/anti-censorship/docker-snowflake-proxy/-/issues/9Timestamp in logfile doesn't use system timezone2022-05-24T18:19:45ZLordOfTheSnowTimestamp in logfile doesn't use system timezoneI am running a Snowflake docker container. The host has it's timezone set to CEST (= UTC+2).
However the output in the logfile is always in UTC, even when setting the container's TZ explicitly to CEST (Europe/Berlin) too. Moreover there...I am running a Snowflake docker container. The host has it's timezone set to CEST (= UTC+2).
However the output in the logfile is always in UTC, even when setting the container's TZ explicitly to CEST (Europe/Berlin) too. Moreover there is not output of the logfile's TZ so it's not immediately clear what the real time of the output was.
`2022/05/18 14:03:18 In the last 1h0m0s, there are 5 connections. Traffic Relayed ↑ 121 MB, ↓ 121 MB.`
It would make things easier if the container uses the host's TZ or at least the one set in the container by an environment variable.https://gitlab.torproject.org/tpo/web/community/-/issues/275some subtitles are not being translated in relay/setup/bridge/ but they are t...2022-06-16T20:36:57Zemmapeelsome subtitles are not being translated in relay/setup/bridge/ but they are translated in transifexIf you see the different cards for operating systems at https://tor-www@review.torproject.net/tpo/web/community/l10n/ru/relay/setup/bridge/ you can see that
FreeBSD, NetBSD, OpenBSD, DragonFlyBSD and Windows subtitles are not translated...If you see the different cards for operating systems at https://tor-www@review.torproject.net/tpo/web/community/l10n/ru/relay/setup/bridge/ you can see that
FreeBSD, NetBSD, OpenBSD, DragonFlyBSD and Windows subtitles are not translated.
But the translation in transifex is complete. The same happens in all languages.https://gitlab.torproject.org/tpo/web/community/-/issues/273[Snowflake] Update the standalone instructions2022-08-18T15:17:12ZGus[Snowflake] Update the standalone instructionsFrom https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/40125
If I may I'd point out that the NAT behaviour tool page linked at https://community.torproject.org/relay/setup/snowflake/standalone/ ne...From https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/40125
If I may I'd point out that the NAT behaviour tool page linked at https://community.torproject.org/relay/setup/snowflake/standalone/ needs updating as well. Currently the syntax uses 'go get' which is deprecated in favour of 'go install'. I only had success with "go install github.com/pion/stun/cmd/stun-nat-behaviour@latest".Sponsor 96: Rapid Expansion of Access to the Uncensored Internet through Tor in China, Hong Kong, & Tibethttps://gitlab.torproject.org/tpo/web/team/-/issues/38Broken link on archive.torproject.org2022-05-12T16:23:06ZsreadyBroken link on archive.torproject.orgIn README.txt of archive.torproject.org, there is a link to https://metrics.torproject.org/data.html. It should probably be changed to https://metrics.torproject.org/sources.html?In README.txt of archive.torproject.org, there is a link to https://metrics.torproject.org/data.html. It should probably be changed to https://metrics.torproject.org/sources.html?anarcatanarcathttps://gitlab.torproject.org/tpo/web/tpo/-/issues/299Should Contact page point to Matrix rooms?2022-07-01T04:45:13ZJim NewsomeShould Contact page point to Matrix rooms?https://www.torproject.org/contact/ still only mentions IRC. AFAICT the only pointer to our matrix rooms is from the blog post https://blog.torproject.org/entering-the-matrix/https://www.torproject.org/contact/ still only mentions IRC. AFAICT the only pointer to our matrix rooms is from the blog post https://blog.torproject.org/entering-the-matrix/https://gitlab.torproject.org/tpo/web/community/-/issues/272Redesign the main menu on mobile devices2023-05-02T17:00:27ZGusRedesign the main menu on mobile devicesThe main menu on mobile devices is taking up a good part of the page and it's also covering up the internal menus.
![community portal main menu](/uploads/bceaf486dcd9892900e1036fdfe2e36a/community-portal-menu.jpeg)The main menu on mobile devices is taking up a good part of the page and it's also covering up the internal menus.
![community portal main menu](/uploads/bceaf486dcd9892900e1036fdfe2e36a/community-portal-menu.jpeg)https://gitlab.torproject.org/tpo/web/tpo/-/issues/297Incorrect Recommended Version Displayed2023-11-30T19:09:57Zpyrodie18Incorrect Recommended Version Displayed<!--
* Use this issue template for reporting a new bug.
-->
### Summary
**Summarize the bug encountered concisely.**
### Steps to reproduce:
**How one can reproduce the issue - this is very important.**
1. Navigate to https://www.tor...<!--
* Use this issue template for reporting a new bug.
-->
### Summary
**Summarize the bug encountered concisely.**
### Steps to reproduce:
**How one can reproduce the issue - this is very important.**
1. Navigate to https://www.torproject.org/projects/torbrowser/RecommendedTBBVersions/
### What is the current bug behavior?
Results are `[ "10.0.5", "10.0.5-MacOS", "10.0.5-Linux", "10.0.5-Windows", "10.5a4", "10.5a4-MacOS", "10.5a4-Linux", "10.5a4-Windows" ]`
### What is the expected behavior?
The correct version is 11.0.10 according to the direct download links on the page.
### Environment
Windows system using Chrome
### Relevant logs and/or screenshots
N/Ahttps://gitlab.torproject.org/tpo/onion-services/onionmine/-/issues/11Support for other key generator implementations2023-05-17T15:46:59ZSilvio RhattoSupport for other key generator implementationsMake Onionmine support other vanity generators such as:
* [ciehanski/oniongen-hs: v3 onion vanity URL generator written in Haskell](https://github.com/ciehanski/oniongen-hs)
* [rdkr/oniongen-go: 🔑 v3 .onion vanity URL generator written ...Make Onionmine support other vanity generators such as:
* [ciehanski/oniongen-hs: v3 onion vanity URL generator written in Haskell](https://github.com/ciehanski/oniongen-hs)
* [rdkr/oniongen-go: 🔑 v3 .onion vanity URL generator written in Go](https://github.com/rdkr/oniongen-go)
Full compatibility might now be support, given that each implementation has it's own set of parameters, but that's something that can be solved with proper configuration and with some business logic.https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/40134Log messages from client NAT check failures are confusing2022-05-31T22:11:07ZDavid Fifielddcf@torproject.orgLog messages from client NAT check failures are confusingWhen [`CheckIfRestrictedNAT`](https://gitweb.torproject.org/pluggable-transports/snowflake.git/tree/common/nat/nat.go?h=v2.1.0#n34) fails with an error, it logs a message like `Error: no response from server`. But in context, the message...When [`CheckIfRestrictedNAT`](https://gitweb.torproject.org/pluggable-transports/snowflake.git/tree/common/nat/nat.go?h=v2.1.0#n34) fails with an error, it logs a message like `Error: no response from server`. But in context, the messages confusingly appear to refer to the broker rendezvous, not the STUN server connection:
```
Target URL: snowflake-broker.torproject.net.global.prod.fastly.net
Front URL: cdn.sstatic.net
Error: no response from server
Error: no response from server
Error: no response from server
```
In this situation, communication with the broker has succeeded and a proxy has been assigned, but the client is having trouble checking its own NAT type. These log messages should say "STUN" or "NAT" somewhere in them, and ideally also the address of the server that failed (possibly subject to safe-log scrubbing).
Refactoring suggestion: instead of having a log call at every return of `isRestrictedMapping`, you can use [`fmt.Errorf("...: %w")`](https://pkg.go.dev/errors) to wrap the underlying error with additional context, and just return the error. That way, the logging can be consolidated in [`updateNATType`](https://gitweb.torproject.org/pluggable-transports/snowflake.git/tree/client/lib/snowflake.go?h=v2.1.0#n239), which is also where the STUN server address can be added and displayed.itchyonionitchyonionhttps://gitlab.torproject.org/tpo/web/support/-/issues/300Search bar with fixed width2022-07-26T20:57:11ZGusSearch bar with fixed widthKeeping the search bar a fixed width (like \~600px) before the mobile breakpoint would be great too, otherwise it gets a little short at tablet sizes.
https://gitlab.torproject.org/tpo/web/support/-/merge_requests/108#note_2799154Keeping the search bar a fixed width (like \~600px) before the mobile breakpoint would be great too, otherwise it gets a little short at tablet sizes.
https://gitlab.torproject.org/tpo/web/support/-/merge_requests/108#note_2799154Sponsor 9 - Phase 6 - Usability and Community Intervention on Support for Democracy and Human Rightshttps://gitlab.torproject.org/tpo/onion-services/onionmine/-/issues/10Make development contribution easier2023-06-14T20:17:41ZSilvio RhattoMake development contribution easier* [ ] Add a [Contributing guidelines](https://en.wikipedia.org/wiki/Contributing_guidelines) file.
* [ ] Make explicit that contributions are not just welcomed but needed.
* [ ] Tag some issues as "First contribution".* [ ] Add a [Contributing guidelines](https://en.wikipedia.org/wiki/Contributing_guidelines) file.
* [ ] Make explicit that contributions are not just welcomed but needed.
* [ ] Tag some issues as "First contribution".https://gitlab.torproject.org/tpo/web/community/-/issues/267[Relay] Warn about the risk of ending up on blocklists2023-01-18T18:32:39ZGus[Relay] Warn about the risk of ending up on blocklistsSome relay operators running non-exits on their residential connections are having a bad time with blocklists. [This isn't a new thing](https://twitter.com/FiloSottile/status/1257714275763851264). In the tor-relays mailing list and the T...Some relay operators running non-exits on their residential connections are having a bad time with blocklists. [This isn't a new thing](https://twitter.com/FiloSottile/status/1257714275763851264). In the tor-relays mailing list and the Tor Forum, we've been asking relay operators to avoid running public nodes on their residential connections, for example, running a Snowflake proxy or a bridge will avoid your IP ending up on blocklists.https://gitlab.torproject.org/tpo/anti-censorship/bridgestrap/-/issues/33bridges.torproject.org retuns odd time for "Last tested: "2023-01-24T18:54:37Ztoralfbridges.torproject.org retuns odd time for "Last tested: "Yesterday I queried https://bridges.torproject.org/status?id=662D4E4DE2C883625C543DFA3C4EE466899E6C85 for the status of a new relay with nickname "hoppel" and got:
```
Last tested: 2022-04-01 01:22:29.996384489 +0000 UTC (17h20m3.267273...Yesterday I queried https://bridges.torproject.org/status?id=662D4E4DE2C883625C543DFA3C4EE466899E6C85 for the status of a new relay with nickname "hoppel" and got:
```
Last tested: 2022-04-01 01:22:29.996384489 +0000 UTC (17h20m3.267273954s ago)
```
The "time ago" looks odd b/c the public bridge was setup about just 2-3 hours ago (using ansible, accidently I run the setup few times in a row at different VPS ip addresses and forgot to not publish the bridge distributor for those tests).