The Tor Project issueshttps://gitlab.torproject.org/groups/tpo/-/issues2021-11-15T18:57:13Zhttps://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/trac/-/issues/16756Formalize and document what it takes for a PT to get deployed.2021-11-15T18:57:13ZYawning AngelFormalize and document what it takes for a PT to get deployed.It would be good to formalize what it takes to get a PT to be considered for deployment beyond the rough guidelines we have as part of our Sponsor S/T draft. I have some ideas here about things that should be considered that aren't, tha...It would be good to formalize what it takes to get a PT to be considered for deployment beyond the rough guidelines we have as part of our Sponsor S/T draft. I have some ideas here about things that should be considered that aren't, that other people are likely to disagree about, so discussion is needed.
The last 3 PTs that got deployed were FTE, ScrambleSuit and obfs4.
* What did we do?
* Out of what we did, what was right?
* Out of what we did, what was wrong?
* What did we consider that we should ignore in the future?
* What did we not consider that we should in the future?
* Who's going to do all the evaluation work?https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/trac/-/issues/16755Design a version 2 Pluggable Transport spec.2020-06-27T13:43:55ZYawning AngelDesign a version 2 Pluggable Transport spec.The current PT spec works, but has a few design flaws that require breaking compatibility to fix. While doing this process further thought should (maybe?) be given to making it even easier for other applications to adopt.
In addition t...The current PT spec works, but has a few design flaws that require breaking compatibility to fix. While doing this process further thought should (maybe?) be given to making it even easier for other applications to adopt.
In addition to the existing issues that will be re-parented to this ticket the new spec should:
* Maybe not prefix env vars with `TOR_`, since "Pluggable Transports aren't just a Tor thing". No strong opinion on this. If that's all that's kept people from using the spec, it's kind of silly.
* Your idea here.Yawning AngelYawning Angelhttps://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/trac/-/issues/16754Clean up the exisiting Pluggable Transport spec2020-06-27T13:43:55ZYawning AngelClean up the exisiting Pluggable Transport specThe current Pluggable Transport spec has gotten more and more Tor specific, which is bad for people that aren't Tor that wish to use the managed PT API. The current spec should be cleaned up to address:
* Why managed mode is a good id...The current Pluggable Transport spec has gotten more and more Tor specific, which is bad for people that aren't Tor that wish to use the managed PT API. The current spec should be cleaned up to address:
* Why managed mode is a good idea.
* Include the ExtORPort stuff.
* Make it abundantly clear that not just Tor can/should use this and managed mode.
* Other misc. spec clarifications as needed.
Note: This is entirely separate from writing a v2 of the Pluggable Transport spec that fixes the warts in the existing one (which will involve code).Yawning AngelYawning Angelhttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/16752TBB backspace not enabled?2020-06-27T14:40:24ZcypherpunksTBB backspace not enabled?Why has browser.backspace_action in about:config been set to 2 where in regular firefox releases it is set to 0?Why has browser.backspace_action in about:config been set to 2 where in regular firefox releases it is set to 0?https://gitlab.torproject.org/tpo/network-health/metrics/onionoo/-/issues/16750Add improved family measure to Onionoo2020-06-27T14:24:17ZvirgilAdd improved family measure to OnionooThis is a follow-up from the graphs I've posted before. Particularly,
* https://dl.dropboxusercontent.com/u/3308162/family_graph_uncolored.pdf
* https://dl.dropboxusercontent.com/u/3308162/family_graph_colored_by_effective_family.pdf
...This is a follow-up from the graphs I've posted before. Particularly,
* https://dl.dropboxusercontent.com/u/3308162/family_graph_uncolored.pdf
* https://dl.dropboxusercontent.com/u/3308162/family_graph_colored_by_effective_family.pdf
We want the above algorithm implemented in Onionoo. Here's how it works:
For each entry in the MyFamily list...
1. truncate all fingerprints to 40 characters
2. remove all fingerprints <40 characters.
3. Relays A and B are in the same effective_family if and only if, via *symmetric links only*, A can reach each relay B. You can use the standard iterative depth-first-search on: https://en.wikipedia.org/wiki/Depth-first_search
4. Finally, in Onionoo, each relay has a (sorted) list of the fingerprints of its effective_family.
Misc:
* If the relay's own fingerprint appears as part of its effective_family, remove the fingerprint.
* As far as I know no one is using the current effective_family measure. If not, I recommend replacing the previous effective_family with the above.
* If someone wants to keep the existing effective_family, I suggest doing the above but calling it the "extended_family". Either is fine by me.https://gitlab.torproject.org/tpo/core/tor/-/issues/16749Typo in better families proposal in torspec2020-06-27T14:00:54ZteorTypo in better families proposal in torspecThere's a minor typo in the better families proposal in torspec.
I've fixed it in:
**Branch:** typo-better-families
**Repository:** https://github.com/teor2345/torspec.git
(Placing this ticket in Tor, as there's no Torspec component A...There's a minor typo in the better families proposal in torspec.
I've fixed it in:
**Branch:** typo-better-families
**Repository:** https://github.com/teor2345/torspec.git
(Placing this ticket in Tor, as there's no Torspec component AFAICT.)https://gitlab.torproject.org/tpo/tpa/team/-/issues/16748Can't change LDAP password (GPG key invalid?)2020-06-27T14:19:47ZMike PerryCan't change LDAP password (GPG key invalid?)I sent the following message to the chpasswd alias as per https://db.torproject.org/password.html, but it is telling me that my signing key is invalid. I'm pretty sure I updated my GPG key recently, but I have no idea how to proceed at t...I sent the following message to the chpasswd alias as per https://db.torproject.org/password.html, but it is telling me that my signing key is invalid. I'm pretty sure I updated my GPG key recently, but I have no idea how to proceed at this point.
It replied:
```
Error: Unable to check the signature or the signature was invalid:
==> <class 'userdir_exceptions.UDFormatError'>: UDFormatError: Unable to verify signature, signing key missing.
```weasel (Peter Palfrader)weasel (Peter Palfrader)https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/16747Tor-browser downloads favicon twice (and over different circuits) on Windows2020-06-27T14:40:24ZcypherpunksTor-browser downloads favicon twice (and over different circuits) on WindowsWhen opening an image directly inside Tor-browser it ends up being downloaded twice.
Two HTTP GET requests get sent to the server.
The issue comes from the icon shown on the tabbar:
If I disable browser.chrome.favicons and browser.chrom...When opening an image directly inside Tor-browser it ends up being downloaded twice.
Two HTTP GET requests get sent to the server.
The issue comes from the icon shown on the tabbar:
If I disable browser.chrome.favicons and browser.chrome.site_icons then the double download does not happen.
Can this be prevented by for instance loading the tab icon from the cache?https://gitlab.torproject.org/tpo/network-health/metrics/library/-/issues/16746Use a better tool than just Ant and Debian's package manager to manage depend...2020-06-27T14:23:46ZKarsten LoesingUse a better tool than just Ant and Debian's package manager to manage dependenciesWe need a better way to handle dependencies. As of now we require developers to use Debian stable and install specific packages that add their jar files to `/usr/share/java/`. This approach already breaks as soon as there's a new Debia...We need a better way to handle dependencies. As of now we require developers to use Debian stable and install specific packages that add their jar files to `/usr/share/java/`. This approach already breaks as soon as there's a new Debian stable version, let alone the fact that developers might want to develop on a different operating system.
I started looking into Maven as an alternative to Ant. A few thoughts:
- I didn't find an "official" version of Apache Commons Codec in Maven Central, but I instead managed to get rid of that dependency. I did find recent versions of Apache Commons Compress and JUnit.
- I started working on a [branch that switches from Ant to Maven](https://gitweb.torproject.org/user/karsten/metrics-lib.git/log/?h=maven), though I'm considering to change that towards adding Maven while leaving Ant as an option. I don't see any reasons why that would fail, but I haven't tried it yet.
- One thing I'm yet unclear about is how we would switch other projects like Onionoo over to Maven, because Maven only produces one artifact and we're currently producing two artifacts: a .jar and a .war file. I could imagine changing that to a single .jar and putting in a command-line switch to run either the hourly updater or the webserver. Not sure about downsides here. If this seems doable, I'd try it out with ExoneraTor first, because that one is tiny compared to Onionoo.
- I also briefly looked into Apache Ivy which wouldn't force us to change as many things as Maven would, but figured that the forced Maven switch would also lead to a cleaner build process overall. Happy to reconsider if there are arguments in favor of Ivy.
Other thoughts? Things that I overlooked?Karsten LoesingKarsten Loesinghttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/16744Update TBB to ESR 38.1.1 (MFSA2015-78, CVE-2015-4495) - exploited in the wild2020-06-27T14:40:24ZcypherpunksUpdate TBB to ESR 38.1.1 (MFSA2015-78, CVE-2015-4495) - exploited in the wildpermalink.gmane.org/gmane.network.tor.user/37261permalink.gmane.org/gmane.network.tor.user/37261https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/16743Reconsider "Add Start Menu & Desktop shortcuts" option (Windows)2022-03-21T20:14:30ZTracReconsider "Add Start Menu & Desktop shortcuts" option (Windows)One of Tor Browser's stated objetives is leaving not too much traces in the user's computer; in particular, after deleting it from the desktop, it should be mostly gone.
The desktop shortcut is mostly useless when installing to the desk...One of Tor Browser's stated objetives is leaving not too much traces in the user's computer; in particular, after deleting it from the desktop, it should be mostly gone.
The desktop shortcut is mostly useless when installing to the desktop, you have another shortcut right inside the "Tor Browser" folder, so it looks a bit silly.
The more "scary" one is the start menu one, which resides inside "$HOMEPATH$\AppData\Roaming\Microsoft\Windows\Start Menu\Programs", and is more troubling. With no uninstaller, users have to remember to delete it manually and may miss it completely, specially on some newer versions of Windows where the list of programs is kind of hidden, and where deleting shortcuts is much more involved (can't right click -> delete directly).
So I think, at the very lest, the Start Menu shortcut shouldn't be created by default.
**Trac**:
**Username**: discerhttps://gitlab.torproject.org/tpo/core/tor/-/issues/16742Example 4GByte accountingmax is crazy low2020-06-27T14:00:54ZRoger DingledineExample 4GByte accountingmax is crazy lowIn the torrc sample, we have
```
## Set a maximum of 4 gigabytes each way per period.
#AccountingMax 4 GBytes
```
This translates to 46KBytes/s each way over the course of the day.
How about we change this number to 40 GBytes?
And sim...In the torrc sample, we have
```
## Set a maximum of 4 gigabytes each way per period.
#AccountingMax 4 GBytes
```
This translates to 46KBytes/s each way over the course of the day.
How about we change this number to 40 GBytes?
And similarly, we bump up the example rate limiting by adding another 0 to rate and burst.
(We should be mindful about changing what are effectively only comments, in torrc files that distros like Debian ship. That is, we should do this change at the right time. I'm not sure when the right time is.)Tor: 0.2.7.x-finalhttps://gitlab.torproject.org/tpo/core/tor/-/issues/16741recv_ni() and friends don't ask about errno the Windows way?2020-06-27T14:00:54ZRoger Dingledinerecv_ni() and friends don't ask about errno the Windows way?We have a report from a Windows relay operator about many failures in drain_fd():
https://lists.torproject.org/pipermail/tor-relays/2015-August/007557.html
A) Looking through src/common/compat_threads.c I see that sock_drain() (which is...We have a report from a Windows relay operator about many failures in drain_fd():
https://lists.torproject.org/pipermail/tor-relays/2015-August/007557.html
A) Looking through src/common/compat_threads.c I see that sock_drain() (which is what drain_fd uses if we decided socketpair was the best way to make a pipe) calls recv_ni() which flat-out just looks at errno, with none of the usual Windows wrapping to get at the errno. Is this a bug?
B) Can we please have some more comments in compat_threads.c? What is sock_drain for? Why does replyqueue_process() appear to read and then discard everything the worker has to say?
Thanks!Tor: 0.2.7.x-finalhttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/16740Font defense in 5.0a4 crashes OS X 10.6.82022-06-16T03:01:08ZGeorg KoppenFont defense in 5.0a4 crashes OS X 10.6.8The font fingerprinting defense in Tor Browser 5.0a4 crashes on OS X 10.6.8 reliably according to a user: https://blog.torproject.org/blog/tor-browser-50a4-released#comment-99750. Attached is the debug output that got posted on pastebin ...The font fingerprinting defense in Tor Browser 5.0a4 crashes on OS X 10.6.8 reliably according to a user: https://blog.torproject.org/blog/tor-browser-50a4-released#comment-99750. Attached is the debug output that got posted on pastebin (http://pastebin.com/eJSr0aKC).https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/16739Allowlist fonts by filename rather than font name2022-12-08T15:15:25ZArthur EdelsteinAllowlist fonts by filename rather than font nameIn legacy/trac#13313 we whitelisted fonts by file name. But as dcf points out, it would be ideal to whitelist bundled fonts only, using the font file path. As far as I can tell this will need to be implemented separately for Windows, Mac...In legacy/trac#13313 we whitelisted fonts by file name. But as dcf points out, it would be ideal to whitelist bundled fonts only, using the font file path. As far as I can tell this will need to be implemented separately for Windows, Mac, and Linux.https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/16738Tor Browser Bundle latest stable signing key not on signing keys page2020-06-27T14:40:24ZTracTor Browser Bundle latest stable signing key not on signing keys pagehttps://www.torproject.org/docs/signing-keys.html.en does not contain the signing key for the latest stable Tor Browser Bundle.
`$ gpg --verify torbsig.txt tor-browser-linux64-4.5.3_en-US.tar.xz
gpg: Signature made Tue 30 Jun 2015 03:09...https://www.torproject.org/docs/signing-keys.html.en does not contain the signing key for the latest stable Tor Browser Bundle.
`$ gpg --verify torbsig.txt tor-browser-linux64-4.5.3_en-US.tar.xz
gpg: Signature made Tue 30 Jun 2015 03:09:52 AM PDT using RSA key ID D40814E0
gpg: Can't check signature: public key not found`
**Trac**:
**Username**: gmorehousehttps://gitlab.torproject.org/tpo/core/tor/-/issues/16737echo "crash" | python /home/tfoerste/devel/tor/src/test/bt_test.py gives "BAD"2020-06-27T14:00:54Ztoralfecho "crash" | python /home/tfoerste/devel/tor/src/test/bt_test.py gives "BAD"which let "make test-full" fail in src/test/test_bt.sh
(tested at hardened 64 bit Gentoo) w/ python 2.7.1 and python 3.4.1
for completeness:
```
tfoerste@t44 ~/devel/tor $ ./src/test/test-bt-cl assert
Aug 05 22:38:04.706 [err] tor_asser...which let "make test-full" fail in src/test/test_bt.sh
(tested at hardened 64 bit Gentoo) w/ python 2.7.1 and python 3.4.1
for completeness:
```
tfoerste@t44 ~/devel/tor $ ./src/test/test-bt-cl assert
Aug 05 22:38:04.706 [err] tor_assertion_failed_(): Bug: src/test/test_bt_cl.c:42: crash: Assertion 1 == 0 failed; aborting. (on Tor 0.2.7.2-alpha-dev 1ccba302f77315b4)
Aug 05 22:38:04.706 [err] Bug: Assertion 1 == 0 failed in crash at src/test/test_bt_cl.c:42. Stack trace: (on Tor 0.2.7.2-alpha-dev 1ccba302f77315b4)
Aug 05 22:38:04.706 [err] Bug: ./src/test/test-bt-cl() [0x403ed9] (on Tor 0.2.7.2-alpha-dev 1ccba302f77315b4)
Aug 05 22:38:04.706 [err] Bug: ./src/test/test-bt-cl() [0x40e63a] (on Tor 0.2.7.2-alpha-dev 1ccba302f77315b4)
Aug 05 22:38:04.706 [err] Bug: ./src/test/test-bt-cl() [0x403d57] (on Tor 0.2.7.2-alpha-dev 1ccba302f77315b4)
Aug 05 22:38:04.706 [err] Bug: ./src/test/test-bt-cl() [0x403d6d] (on Tor 0.2.7.2-alpha-dev 1ccba302f77315b4)
Aug 05 22:38:04.706 [err] Bug: ./src/test/test-bt-cl() [0x403d8d] (on Tor 0.2.7.2-alpha-dev 1ccba302f77315b4)
Aug 05 22:38:04.706 [err] Bug: ./src/test/test-bt-cl() [0x403dbd] (on Tor 0.2.7.2-alpha-dev 1ccba302f77315b4)
Aug 05 22:38:04.706 [err] Bug: ./src/test/test-bt-cl() [0x403b89] (on Tor 0.2.7.2-alpha-dev 1ccba302f77315b4)
Aug 05 22:38:04.706 [err] Bug: /lib64/libc.so.6(__libc_start_main+0x11b) [0x34d4f385eab] (on Tor 0.2.7.2-alpha-dev 1ccba302f77315b4)
Aug 05 22:38:04.706 [err] Bug: ./src/test/test-bt-cl() [0x403c20] (on Tor 0.2.7.2-alpha-dev 1ccba302f77315b4)
tfoerste@t44 ~/devel/tor $ ./src/test/test-bt-cl crash
============================================================ T= 1438807087
Tor died: Caught signal 11
./src/test/test-bt-cl[0x403df5]
./src/test/test-bt-cl[0x403d20]
./src/test/test-bt-cl[0x403d20]
./src/test/test-bt-cl[0x403d6d]
./src/test/test-bt-cl[0x403d8d]
./src/test/test-bt-cl[0x403dbd]
./src/test/test-bt-cl[0x403b89]
/lib64/libc.so.6(__libc_start_main+0x11b)[0x2d17cd4ceab]
./src/test/test-bt-cl[0x403c20]
```Tor: 0.2.7.x-finalhttps://gitlab.torproject.org/tpo/tpa/team/-/issues/16736Add "berlin" queue to RT2020-06-27T14:19:48ZColin ChildsAdd "berlin" queue to RTPlease add:
rt-berlin: rtmailarchive+berlin, "|/usr/bin/rt-mailgate --queue berlin --action correspond --url https://rt.torproject.org/"
to /etc/aliases on rude.Please add:
rt-berlin: rtmailarchive+berlin, "|/usr/bin/rt-mailgate --queue berlin --action correspond --url https://rt.torproject.org/"
to /etc/aliases on rude.https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/16735about:tor should accommodate different fonts/font sizes2020-06-27T14:40:24ZMark Smithabout:tor should accommodate different fonts/font sizesThe about:tor page, which was contributed a long time ago (see legacy/trac#7494), uses some absolutely positioned elements. This causes the page to not layout well if fonts, font metrics, or font sizes are changed. We should fix it.
T...The about:tor page, which was contributed a long time ago (see legacy/trac#7494), uses some absolutely positioned elements. This causes the page to not layout well if fonts, font metrics, or font sizes are changed. We should fix it.
This came up recently; see ticket:16707#comment:1https://gitlab.torproject.org/tpo/core/tor/-/issues/16734Have a way to measure available disk space in DataDir2020-06-27T14:00:54ZNick MathewsonHave a way to measure available disk space in DataDirTo avoid disk-based DOS, we should have a way to limit our disk usage. But to do that, we ought to have a good default for it. To get that, we need to wrap statvfs (plus appropriate windows magic) to have a way to learn how much space ...To avoid disk-based DOS, we should have a way to limit our disk usage. But to do that, we ought to have a good default for it. To get that, we need to wrap statvfs (plus appropriate windows magic) to have a way to learn how much space is free on a device.Tor: 0.2.7.x-final