The Tor Project issueshttps://gitlab.torproject.org/groups/tpo/-/issues2022-02-21T19:13:04Zhttps://gitlab.torproject.org/tpo/core/torspec/-/issues/26torspec references UTC, but tor uses unix time (leap second handling)2022-02-21T19:13:04Zteortorspec references UTC, but tor uses unix time (leap second handling)When the various torspec documents specify time, they refer to UTC. But the implementations used by at least Linux, *BSD and OS X are based on the Unix time epoch.
This makes a difference to how leap seconds are handled: UTC includes le...When the various torspec documents specify time, they refer to UTC. But the implementations used by at least Linux, *BSD and OS X are based on the Unix time epoch.
This makes a difference to how leap seconds are handled: UTC includes leap seconds, but unix time excludes them.
We should:
* ensure that none of the security properties of tor depend on leap seconds either being present or absent, either individually or in aggregate:
* every minute is not 60 seconds long (and equivalently for hour, day, week)
* some epoch times can repeat or be missing
* UTC and Unix time differ by approximately 30 seconds
* check how the current Linux, BSD, Windows and OS X implementations handle leap seconds (in roughly that order of priority)
* consider and document tor's handling of leap seconds
See:
* https://en.wikipedia.org/wiki/Leap_second
* https://en.wikipedia.org/wiki/Unix_timehttps://gitlab.torproject.org/tpo/core/torspec/-/issues/27Tor control spec doesn't properly specify reply format2022-02-21T19:12:26ZcypherpunksTor control spec doesn't properly specify reply formatThe control spec does not sufficiently specify how to generically parse multi line replies from the controller. The intent seems to be that multi line response data is terminated by a '.' line.
However, this is not specified in the con...The control spec does not sufficiently specify how to generically parse multi line replies from the controller. The intent seems to be that multi line response data is terminated by a '.' line.
However, this is not specified in the control spec section 2.3 and the reply description there is insufficient to properly recognize multi-line reply packets leading to bugs like:
https://trac.torproject.org/projects/tor/ticket/16990https://gitlab.torproject.org/tpo/core/tor/-/issues/40087Log cannot be written when running a second instance on Ubuntu2020-09-24T08:37:24ZmitarLog cannot be written when running a second instance on UbuntuSo I have second instance of Tor configured on my Ubuntu system using torproject's Ubuntu package, version `0.4.3.6-1~focal+1`. I did that by running `tor-instance-create` which created `/etc/tor/instances/second/torrc` file. I edited it...So I have second instance of Tor configured on my Ubuntu system using torproject's Ubuntu package, version `0.4.3.6-1~focal+1`. I did that by running `tor-instance-create` which created `/etc/tor/instances/second/torrc` file. I edited it and configured:
```
Log notice file /var/log/tor2/notices.log
```
as the original location was `/var/log/tor/notices.log`. But now I have a problem that the instance does not start with the following error:
```
Aug 01 02:06:17.000 [warn] Couldn't open file for 'Log notice file /var/log/tor2/notices.log': Read-only file system
```
The issue is that tor is locked down where it can write. I fixed that by editing `/lib/systemd/system/tor@.service` and added:
```
ReadWriteDirectories=-/var/log/tor2
ReadWriteDirectories=-/var/log/tor
```
But now this is overridden every time the package gets updated. So I have not seen any instructions how to configure logging to files (instead of syslog, as what it is the default) in `tor-instance-create`'s man page. So, I think it would be useful if `tor-instance-create`'s man page include some information how to configure logging to a file which would be both writable and supported logrotate (I had to copy `/etc/logrotate.d/tor` to `/etc/logrotate.d/tor2` to configure rotation for the second instance as well). Even better, the `tor-instance-create` script could configure things accordingly based on the first instance's configuration?weasel (Peter Palfrader)weasel (Peter Palfrader)https://gitlab.torproject.org/tpo/core/torspec/-/issues/28Get working spec.torproject.org URLs for proposals.2022-02-21T19:12:26ZNick MathewsonGet working spec.torproject.org URLs for proposals.It would be great if spec.torproject.org would link to our proposal documents. There's been some preliminary discussion here in tpo/tpa/team#17467 , but the next steps are on our end. We should set up some mechanism so that proposal lin...It would be great if spec.torproject.org would link to our proposal documents. There's been some preliminary discussion here in tpo/tpa/team#17467 , but the next steps are on our end. We should set up some mechanism so that proposal links can be created in an automated way by number.https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/40215Review GeckoView ChangeLog for gv832020-11-13T15:45:27ZMatthew FinkelReview GeckoView ChangeLog for gv83https://gitlab.torproject.org/tpo/core/tor/-/issues/40089ONION_CLIENT_AUTH_ADD client names aren't persisted2021-06-23T17:22:08ZDamian JohnsonONION_CLIENT_AUTH_ADD client names aren't persistedONION_CLIENT_AUTH_ADD is documented as accepting a ClientName, but ONION_CLIENT_AUTH_VIEW is failing to echo these names back as proscribed by the spec...
```
Sent to tor: ONION_CLIENT_AUTH_ADD yvhz3ofkv7gwf5hpzqvhonpr3gbax2cc7dee3xcnt7...ONION_CLIENT_AUTH_ADD is documented as accepting a ClientName, but ONION_CLIENT_AUTH_VIEW is failing to echo these names back as proscribed by the spec...
```
Sent to tor: ONION_CLIENT_AUTH_ADD yvhz3ofkv7gwf5hpzqvhonpr3gbax2cc7dee3xcnt7dmtlx2gu7vyvid x25519:FCV0c0ELDKKDpSFgVIB8Yow8Evj5iD+GoiTtK878NkQ= ClientName=StemInteg
Received from tor: 250 OK
Sent to tor: ONION_CLIENT_AUTH_VIEW yvhz3ofkv7gwf5hpzqvhonpr3gbax2cc7dee3xcnt7dmtlx2gu7vyvid
Received from tor:
250-ONION_CLIENT_AUTH_VIEW yvhz3ofkv7gwf5hpzqvhonpr3gbax2cc7dee3xcnt7dmtlx2gu7vyvid
250-CLIENT yvhz3ofkv7gwf5hpzqvhonpr3gbax2cc7dee3xcnt7dmtlx2gu7vyvid x25519:FCV0c0ELDKKDpSFgVIB8Yow8Evj5iD+GoiTtK878NkQ=
250 OK
```Neel Chauhanneel@neelc.orgNeel Chauhanneel@neelc.orghttps://gitlab.torproject.org/tpo/core/tor/-/issues/40090ONION_CLIENT_AUTH_ADD persistence error unhelpfully vague2022-02-28T19:41:25ZDamian JohnsonONION_CLIENT_AUTH_ADD persistence error unhelpfully vagueI tried to add an integ test for persisting hidden service credentials to disk (calling ONION_CLIENT_AUTH_ADD with a "Permanent" flag) but the error response I received from tor is unhelpfully vague...
> Unable to store creds for "yvhz3...I tried to add an integ test for persisting hidden service credentials to disk (calling ONION_CLIENT_AUTH_ADD with a "Permanent" flag) but the error response I received from tor is unhelpfully vague...
> Unable to store creds for "yvhz3ofkv7gwf5hpzqvhonpr3gbax2cc7dee3xcnt7dmtlx2gu7vyvid"
It's possible that there's an issue on my end, or also possible that the feature doesn't work. Unfortunately this response is too nebulous for me to troubleshoot.https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/40217Disable SafeBrowser in GeckoView2020-11-11T04:25:39ZMatthew FinkelDisable SafeBrowser in GeckoViewTor Browser: 10.0https://gitlab.torproject.org/tpo/core/tor/-/issues/40091Remove AppVeyor VS2015 build2021-02-05T21:03:36ZGeorge KadianakisRemove AppVeyor VS2015 buildOur VS2015 AppVeyor has been failing and we decided to remove it.
I'll make an attempt at a patch.Our VS2015 AppVeyor has been failing and we decided to remove it.
I'll make an attempt at a patch.George KadianakisGeorge Kadianakishttps://gitlab.torproject.org/tpo/core/tor/-/issues/32306check-local target to enforce doxygen-correctness2022-06-17T13:03:34ZNick Mathewsoncheck-local target to enforce doxygen-correctnessWe should have a check-local target that makes sure we haven't regressed anything in Doxygen. I'm going to compile a list of what that means here, and then make the target later in November.
Current properties are:
* Every C and H f...We should have a check-local target that makes sure we haven't regressed anything in Doxygen. I'm going to compile a list of what that means here, and then make the target later in November.
Current properties are:
* Every C and H file (outside of ext, trunnel, and test) should have a @file or \file declaration.
* @file or \file declarations should match the actual name of the file.
* There should be no doxygen warnings (except for missing documentation).https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/40218Safest security level hides video controls2022-12-08T15:15:26ZtorrrrrrrrrrrrrrrrSafest security level hides video controlsTor Browser version: 10.0.2 (desktop) and 10.0.3 (Android)
Steps to reproduce:
- Go to about:preferences
- search for `security`
- change security level to safest
- open https://gnu.org
- click to authorize the medias
![image](/upload...Tor Browser version: 10.0.2 (desktop) and 10.0.3 (Android)
Steps to reproduce:
- Go to about:preferences
- search for `security`
- change security level to safest
- open https://gnu.org
- click to authorize the medias
![image](/uploads/55273e2e8ef4cbb2f470eb87807cfde3/image.png)https://gitlab.torproject.org/tpo/core/tor/-/issues/40092CONTROLLER_WAIT event is undocumented2020-08-11T22:41:50ZDamian JohnsonCONTROLLER_WAIT event is undocumentedRecently (somewhere between tor commit 9d922b8-67fc69c) tor added a new CONTROLLER_WAIT event type as advertised by...
```
GETINFO events/names
250-events/names=CIRC CIRC_MINOR STREAM ORCONN BW DEBUG INFO NOTICE WARN ERR NEWDESC ADDRMAP...Recently (somewhere between tor commit 9d922b8-67fc69c) tor added a new CONTROLLER_WAIT event type as advertised by...
```
GETINFO events/names
250-events/names=CIRC CIRC_MINOR STREAM ORCONN BW DEBUG INFO NOTICE WARN ERR NEWDESC ADDRMAP DESCCHANGED NS STATUS_GENERAL STATUS_CLIENT STATUS_SERVER GUARD STREAM_BW CLIENTS_SEEN NEWCONSENSUS BUILDTIMEOUT_SET SIGNAL CONF_CHANGED CONN_BW CELL_STATS CIRC_BW TRANSPORT_LAUNCHED HS_DESC HS_DESC_CONTENT NETWORK_LIVENESS CONTROLLER_WAIT
```
However, this event isn't in the control-spec.https://gitlab.torproject.org/tpo/core/tor/-/issues/40093Additional Bridge Guards for Private Network Bridges ("Tor Bridge Middlebox")2021-09-27T16:39:45Ztubby-torAdditional Bridge Guards for Private Network Bridges ("Tor Bridge Middlebox")When the only exit of a private network (either physical or virtual) is a Bridge, an additional Bridge Guard is required to effectively have a three node tor circuit.
Specific examples of such private networks are Whonix, Qubes OS or an...When the only exit of a private network (either physical or virtual) is a Bridge, an additional Bridge Guard is required to effectively have a three node tor circuit.
Specific examples of such private networks are Whonix, Qubes OS or any custom use of multiple VMs by one user. Other examples could be a lab or office, or simply a single user with multiple devices/computers in close proximity.
An even more concrete example is a Desktop with a tor middlebox setup using VMs. In this example, the tor middlebox VM is ONLY the gateway to the internet and another VM is running the Tor Browser. The Tor Browser's tor either requires a proxy or a Bridge. To use a proxy, the tor middlebox would have to expose a proxy that connects directly to the clear internet. If using the tor middlebox as a tor bridge, the user will effectively have a 2 node circuit, since the first circuit is only virtual between two local VMs.
Using a tor bridge as the ONLY exit from a private network would be a very powerful protection for certain de-anonymization risks, such as trojans or successful penetration of a VM or physical device, with the middlebox still secure. However, at the moment, the bridge must also be the guard, thus effectively imposing a two node circuit where the middle node is effectively also the entry and guard node.
Of course, a Socks5, Sock4 or HTTP/HTTPS proxy can be used to exit the network, thus permitting tor installations within the network to properly setup a three node circuit. However, having a proxy directly to the internet is a weak link because it is either unprotected or the authentication information would stored on a to-be-compromised system. This could be avoided if a Bridge could have a separate additional guard.
There are no available workarounds at the moment. MyFamily does not work, nor does it work to Exclude the Bridge Node. And even if tor cannot confirm that the Bridge is unreachable from the public internet, it does not get an extra guard.
There should be a mechanism to not count multiple MyFamily nodes that are a required part of a circuit, thus permitting multiple private network tor chaining when the nodes are TRULY controlled by the same entity. Or something similar. If the nodes are controlled by the same entity, using them as additional circuit nodes does risk overloading the tor network. Another option would be to not count toward the three node circuit any chain of unreachable tor nodes, regardless of how many private tor nodes are chained.
We could call this setup a "Tor Bridge Middlebox", which could be chainable
Here are some examples Tor Node Circuits, The same examples can be extended to private physical LANs.
Virtual Machine Tor Bridge Middlebox setup, as is, two node circuit:
VM1-Tor > VM2-Tor-Bridge-Guard > Tor-Middle > Tor-Exit
Virtual Machine Tor Bridge Middlebox setup, as it should be:
VM1-Tor > VM2-Tor-Bridge > Tor-Entry-Guard > Tor-Middle > Tor-Exit
Virtual Machine Socks/Proxy Middlebox setup:
VM1-Tor > VM2-Clear-Proxy > Tor-Entry-Guard > Tor-Middle > Tor-Exit
There has been extensive discussion and proposals for "Bridge Guards", however, it seems to have always been in the context of Bridge Enumeration, thus I am putting this as a separate issue, but that could be solved in a way similar to previous issues and proposals.
References:
https://www.qubes-os.org/
https://www.whonix.org/
https://gitlab.torproject.org/legacy/trac/-/issues/7144
https://gitlab.torproject.org/tpo/core/tor/-/issues/9500
https://gitweb.torproject.org/torspec.git/tree/proposals/188-bridge-guards.txthttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/40221Adapt nightly update URL2022-07-09T03:56:21ZGeorg KoppenAdapt nightly update URLWe patch the nightly update URL in `tor-browser-build` ad-hoc but we should move that out of `tor-browser-build` into a proper `tor-browser` patch.We patch the nightly update URL in `tor-browser-build` ad-hoc but we should move that out of `tor-browser-build` into a proper `tor-browser` patch.Tor Browser: 11.0 Issues with previous releasehttps://gitlab.torproject.org/tpo/core/tor/-/issues/40095run_check_subsystem_order.sh should use $PYTHON envvar2020-08-11T15:02:53ZNick Mathewsonrun_check_subsystem_order.sh should use $PYTHON envvarTor: 0.4.4.x-finalNick MathewsonNick Mathewsonhttps://gitlab.torproject.org/tpo/core/tor/-/issues/40096CI: Create AppVeyor build that uses 32-bits2022-06-17T13:04:28ZGeorge KadianakisCI: Create AppVeyor build that uses 32-bitsAs discussed in https://gitlab.torproject.org/tpo/core/tor/-/merge_requests/117 we need an AppVeyor build that does 32-bit builds.As discussed in https://gitlab.torproject.org/tpo/core/tor/-/merge_requests/117 we need an AppVeyor build that does 32-bit builds.https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/40224Symbols / Dingbats cannot be displayed2020-11-13T09:19:43Zkms2db0f6fSymbols / Dingbats cannot be displayedSymbols / Dingbats such as U+2715 (✕) [1] and U+2304 (⌄) [2] cannot be displayed in Tor Browser.
I guess Tor Browser's bundled fonts do not have those glyphs and as such users will see boxes with code point inside ("tofu").
[1] Used in...Symbols / Dingbats such as U+2715 (✕) [1] and U+2304 (⌄) [2] cannot be displayed in Tor Browser.
I guess Tor Browser's bundled fonts do not have those glyphs and as such users will see boxes with code point inside ("tofu").
[1] Used in Wikipedia's donation dialog (close button)
[2] Used in [XE.com](https://www.xe.com/currencycharts/?from=USD&to=JPY) (down arrow)https://gitlab.torproject.org/tpo/core/tor/-/issues/40097tor stops boostrapping on Android2022-07-07T00:48:31ZNathan Freitastor stops boostrapping on AndroidWe've been seeing an issue intermittently on Orbot / Android for awhile now, on tor 0.4.2.x and 0.4.3.x as well. After running just fine for weeks and months even, tor will just stop bootstrapping. The process starts successfully, the co...We've been seeing an issue intermittently on Orbot / Android for awhile now, on tor 0.4.2.x and 0.4.3.x as well. After running just fine for weeks and months even, tor will just stop bootstrapping. The process starts successfully, the control port is available, but nothing happens after that.
We have narrowed it down to some kind of corruption in the DataDirectory. If you change the path of that, it bootstraps fine. If you set it back to the original path, it is stuck again.
You can see more data and details on the DataDirectory state and control port events here:
https://github.com/guardianproject/orbot/issues/285
I am trying to get an export of the non-bootstrapping DataDirectory so we can look at the contents of each file.
Otherwise, is there a known issue with this type of corruption / non-bootstrapping state?Tor: 0.4.4.x-finalhttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/40225Tor Browser window size changes with Windows 10 display scaling (e.g. 125% -...2020-11-17T20:06:44ZfranzTor Browser window size changes with Windows 10 display scaling (e.g. 125% --> 998x999)Unfortunately, the reported Tor Browser Window size (i am using panopticlick.eff.org ) changes if i change the Windows 10 display scaling from 100% to e.g. 150%:
reported values:
100% --> 1000x1000x24
125% --> 998x999x24
150% --> 999...Unfortunately, the reported Tor Browser Window size (i am using panopticlick.eff.org ) changes if i change the Windows 10 display scaling from 100% to e.g. 150%:
reported values:
100% --> 1000x1000x24
125% --> 998x999x24
150% --> 999x800x24
this is bad because it reduces anonymity..https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/40226Tor Browser 10.0.4 Web Content always crashes on Fedora Workstation Rawhide G...2020-12-17T08:55:55ZMattiLinnanvuoriTor Browser 10.0.4 Web Content always crashes on Fedora Workstation Rawhide GNOMETor Browser 10.0.4 Web Content always crashes on Fedora Workstation Rawhide GNOME[coredump.gz](/uploads/7628d2027ab5bf73593868ae5e3b296d/coredump.gz).
```
PID: 4105 (Web Content)
UID: 1000 (mattilinnanvuori)
...Tor Browser 10.0.4 Web Content always crashes on Fedora Workstation Rawhide GNOME[coredump.gz](/uploads/7628d2027ab5bf73593868ae5e3b296d/coredump.gz).
```
PID: 4105 (Web Content)
UID: 1000 (mattilinnanvuori)
GID: 1000 (mattilinnanvuori)
Signal: 11 (SEGV)
Timestamp: Thu 2020-11-12 18:16:39 EET (20min ago)
Command Line: /home/mattilinnanvuori/Downloads/tor-browser_en-US/Browser/firefox.real -contentproc -childID 3 -isForBrowser -prefsLen 1073 -prefMapSize 256419 -parentBuildID 20200502050101 -appdir /home/mattilinnanvuori/Downloads/tor-browser_en-US/Browser/browser 3964 tab
Executable: /home/mattilinnanvuori/Downloads/tor-browser_en-US/Browser/firefox.real
Control Group: /user.slice/user-1000.slice/user@1000.service/app.slice/app-org.gnome.Terminal.slice/vte-spawn-0d070051-985a-4377-93e0-a93869ce1539.scope
Unit: user@1000.service
User Unit: vte-spawn-0d070051-985a-4377-93e0-a93869ce1539.scope
Slice: user-1000.slice
Owner UID: 1000 (mattilinnanvuori)
Boot ID: 5a950a665e8b4baf90b15e7ecce6d7aa
Machine ID: 946fcb0094414c2eb8d731245de958d6
Hostname: localhost.localdomain
Storage: /var/lib/systemd/coredump/core.Web\x20Content.1000.5a950a665e8b4baf90b15e7ecce6d7aa.4105.1605197799000000.zst
Message: Process 4105 (Web Content) of user 1000 dumped core.
Stack trace of thread 4105:
#0 0x00007f2061ae0bfb n/a (/home/mattilinnanvuori/Downloads/tor-browser_en-US/Browser/libxul.so + 0x14e1bfb)
#1 0x6120646e6966206f n/a (n/a + 0x0)
```Tor Browser: 10.0