Trac issueshttps://gitlab.torproject.org/legacy/trac/-/issues2020-06-16T01:27:04Zhttps://gitlab.torproject.org/legacy/trac/-/issues/30036Remove Orfox patches that were related to Orbot communication2020-06-16T01:27:04ZGeorg KoppenRemove Orfox patches that were related to Orbot communicationWhile looking over the localization support I realized that we added a bunch of Orfox patches that dealt with Orbot being a separate app. This is obsolete now, so we should remove those patches to carry less baggage.While looking over the localization support I realized that we added a bunch of Orfox patches that dealt with Orbot being a separate app. This is obsolete now, so we should remove those patches to carry less baggage.https://gitlab.torproject.org/legacy/trac/-/issues/29916Group Policies for Firefox can bypass Tor Browser's proxy settings2020-06-16T01:08:05ZGeorg KoppenGroup Policies for Firefox can bypass Tor Browser's proxy settingsAssuming your Windows environment has a Firefox group policy (GPO) that specifies e.g. using system proxy settings then Tor Browser happily follows that and is ignoring its own proxy settings without notifying users.
What should actuall...Assuming your Windows environment has a Firefox group policy (GPO) that specifies e.g. using system proxy settings then Tor Browser happily follows that and is ignoring its own proxy settings without notifying users.
What should actually happen is that Tor Browser is ignoring those Firefox GPO settings instead.
This got tested with Tor Browser 8.0.8 on Win10 1709.
Thanks to Kit Chung for this report.https://gitlab.torproject.org/legacy/trac/-/issues/30571Point to https://tb-manual.torproject.org/security-settings/ for slider details2020-06-16T01:04:10ZGeorg KoppenPoint to https://tb-manual.torproject.org/security-settings/ for slider detailsWe are currently pointing to https://tb-manual.torproject.org/security-settings.html for more details about the security slider. However, that should have been https://tb-manual.torproject.org/security-settings/.We are currently pointing to https://tb-manual.torproject.org/security-settings.html for more details about the security slider. However, that should have been https://tb-manual.torproject.org/security-settings/.https://gitlab.torproject.org/legacy/trac/-/issues/30541webgl readPixels FP entropy2020-06-16T01:03:57ZThorinwebgl readPixels FP entropy**readPixels** is not covered by RFP (see https://bugzilla.mozilla.org/show_bug.cgi?id=1428034 ) and using my tests [1], on windows I get entropy. Not sure if unique or just OS.
- Windows 7 32bit `2ba61e7e8e370fdbcefb79456e7e944b060f342...**readPixels** is not covered by RFP (see https://bugzilla.mozilla.org/show_bug.cgi?id=1428034 ) and using my tests [1], on windows I get entropy. Not sure if unique or just OS.
- Windows 7 32bit `2ba61e7e8e370fdbcefb79456e7e944b060f34289af33732aa6eb75af61ff06c`
- Windows 7 64bit `ac9aa378cd16219ecbcb6ec46b57d8a484ac8ad61cbe63c810b40fb2c741e7f3`
- Windows10 64bit `c4ef81818ccaca2c4933f63c45bf5ffaaa7f2233f2761e3c6ba14a9e5cb82c25`
It seems to be consistent on Linux, and Mac i have no idea: here's some data
- Mint Cinnamon 32/64bit `not supported`
- Ubuntu GNOME `5abc446cce2558be83bfe60baeb6dc7ff2a17635057c4612fe835649e7c77329`
- Debian GNOME `5abc446cce2558be83bfe60baeb6dc7ff2a17635057c4612fe835649e7c77329`
- Mac 10.14 `96f2538daa8a0a180f77a13d80ad455a75ae17c5495ce90fa4fd4267cbfd5210`
So besides windows OS entropy, theres at least two buckets for Linux?
gk said
> Interestingly, I get your macOS one on one of my Linux boxes.https://gitlab.torproject.org/legacy/trac/-/issues/29641Tor Browser fails to bootstrap on IPv6-only access networks2020-06-16T01:03:50ZTracTor Browser fails to bootstrap on IPv6-only access networksMy internet connection is IPv6-only, although DNS64+NAT64 is available.
When I try to use Tor Browser, it fails to open correctly. It also prints log messages like this:
```
[NOTICE] Opened Socks listener on 127.0.0.1:9150
[WARN] Prob...My internet connection is IPv6-only, although DNS64+NAT64 is available.
When I try to use Tor Browser, it fails to open correctly. It also prints log messages like this:
```
[NOTICE] Opened Socks listener on 127.0.0.1:9150
[WARN] Problem bootstrapping. Stuck at 5%: Connecting to directory server. (Network is unreachable; NOROUTE; count 3; recommendation warn; host x at 1.2.3.4:9001)
[WARN] Problem bootstrapping. Stuck at 5%: Connecting to directory server. (Network is unreachable; NOROUTE; count 4; recommendation warn; host x at 2.3.4.5:443)
[NOTICE] Closing no-longer-configured Socks listener on 127.0.0.1:9150
```
Note that most (non-Tor) things work perfectly fine on my connection, as long as the application is capable of resolving AAAA records and/or connecting over AF_INET6.
I acknowledge that Tor tends not to be DNS-based (hence DNS64 doesn't help in this case). But I would expect Tor to have a list of IPv6 directory servers to try to connect to in lieu of IPv4.
Until Tor tries to connect to IPv6 directory servers, Tor Browser will be completely unusable for people on IPv6-only internet connections.
Version: Tor Browser 8.0.6 on mac OS 10.14.3.
**Trac**:
**Username**: jeremyvisserhttps://gitlab.torproject.org/legacy/trac/-/issues/30497Add Donate link in about:tor2020-06-16T01:03:48ZAntonelaantonela@torproject.orgAdd Donate link in about:torThe Fundraising Team suggested to include a Donate link in `about:tor`.
This ticket aims to track also its implementation.The Fundraising Team suggested to include a Donate link in `about:tor`.
This ticket aims to track also its implementation.https://gitlab.torproject.org/legacy/trac/-/issues/30492Switch to OpenSSL 1.1.1 series for Tor Browser2020-06-16T01:03:47ZGeorg KoppenSwitch to OpenSSL 1.1.1 series for Tor BrowserWe are currently on the 1.0.2 series but that is EOL at the end of this year. We should start testing OpenSSL 1.1.1 soon, so we are good using it with Tor Browser 9.We are currently on the 1.0.2 series but that is EOL at the end of this year. We should start testing OpenSSL 1.1.1 soon, so we are good using it with Tor Browser 9.https://gitlab.torproject.org/legacy/trac/-/issues/30491Move our macOS builds to Debian Stretch2020-06-16T01:03:47ZGeorg KoppenMove our macOS builds to Debian StretchIn #29307 we switched the host of our Windows builds from Debian Jessie to Stretch. We should do the same for macOS builds. We should have this done for Tor Browser 9, I think.In #29307 we switched the host of our Windows builds from Debian Jessie to Stretch. We should do the same for macOS builds. We should have this done for Tor Browser 9, I think.https://gitlab.torproject.org/legacy/trac/-/issues/30469Ship romanian Tor Browser in alpha series2020-06-16T01:03:42ZGeorg KoppenShip romanian Tor Browser in alpha seriesThe romanian translation is in good shape it seems. Let's ship a romanian Tor Browser in our alpha series.The romanian translation is in good shape it seems. Let's ship a romanian Tor Browser in our alpha series.https://gitlab.torproject.org/legacy/trac/-/issues/30464Update text for safer security level to include WebGL2020-06-16T01:03:41ZGeorg KoppenUpdate text for safer security level to include WebGLWe should make it explicit that WebGL is click-to-play on medium level (as it had been) already.We should make it explicit that WebGL is click-to-play on medium level (as it had been) already.https://gitlab.torproject.org/legacy/trac/-/issues/30425Revert changes for #30388 as needed2020-06-16T01:03:19ZGeorg KoppenRevert changes for #30388 as neededA better patch for #30388 landed on esr60 (https://hg.mozilla.org/releases/mozilla-esr60/rev/5749f5b42cbf5a972bc8c398ed377977da35dbd2). We should revert our patches where needed.A better patch for #30388 landed on esr60 (https://hg.mozilla.org/releases/mozilla-esr60/rev/5749f5b42cbf5a972bc8c398ed377977da35dbd2). We should revert our patches where needed.https://gitlab.torproject.org/legacy/trac/-/issues/30377Remove Selfrando from our build system2020-06-16T01:03:06ZGeorg KoppenRemove Selfrando from our build systemWe don't plan to move forward with Selfrando deployment as it is not much more work for a browser attacker to bypass it, it's not available on all platforms, and it has some issues (like delayed load in e10s mode, see: #26579). Additiona...We don't plan to move forward with Selfrando deployment as it is not much more work for a browser attacker to bypass it, it's not available on all platforms, and it has some issues (like delayed load in e10s mode, see: #26579). Additionally, it's work to fix build breakage (in `elfutils`) to make what we build with compatible with newer GCCs. And I expect another round of Firefox compilation issues when switching to ESR 68.
All in all I think the gains for our alphas are not worth the effort.https://gitlab.torproject.org/legacy/trac/-/issues/30372Backport Letterboxing2020-06-16T01:03:04ZTom Rittertom@ritter.vgBackport LetterboxingHere's the set of patches, in order, for the esr60 backport:
https://hg.mozilla.org/try/rev/744a475c948ee8c987d43a6348deca5e9a4a5a61
https://hg.mozilla.org/try/rev/feeb219584667f53e2c6cd2ddcfcaa89fb6ee243
https://hg.mozilla.org/try/rev/...Here's the set of patches, in order, for the esr60 backport:
https://hg.mozilla.org/try/rev/744a475c948ee8c987d43a6348deca5e9a4a5a61
https://hg.mozilla.org/try/rev/feeb219584667f53e2c6cd2ddcfcaa89fb6ee243
https://hg.mozilla.org/try/rev/a550c321f24c823efcb2e8033e6c802f9cd6e44b
https://hg.mozilla.org/try/rev/a5d945dd5b7070c810b93eddd0232d646b73fc2d
https://hg.mozilla.org/try/rev/b58bfc0bdc2451715ec895fbd06f40061fa301f9
https://hg.mozilla.org/try/rev/1b23145ed904be055bf0efe1000e03ec50c02cb3
https://hg.mozilla.org/try/rev/0b1eef9eeb06668fc06b3b4d877daaf957c3c1dahttps://gitlab.torproject.org/legacy/trac/-/issues/30319Drop FTE related bits in Tor Browser2020-06-16T01:02:55ZGeorg KoppenDrop FTE related bits in Tor BrowserFTE is unmaintained and hardly used by Tor Browser users. Moreover, it is not available on all platforms/architectures due to a bunch of reasons (see #24195 for 64bit Windows and #18495 for macOS). Windows is going away entirely as well ...FTE is unmaintained and hardly used by Tor Browser users. Moreover, it is not available on all platforms/architectures due to a bunch of reasons (see #24195 for 64bit Windows and #18495 for macOS). Windows is going away entirely as well shortly with the transition to Debian Stretch (see: #29319 and #29307 for the rationale). We should drop the remaining bits in Tor Browser while we are moving to Tor Browser 9 and close #28521 as well.
I had some hope for getting Marionette included into Tor Browser 9 which is why I wrote a patch for getting it tested in our nightly builds (see: #29623). However, it's not clear yet whether that happens or whether that would be a smart idea given its state, alas.https://gitlab.torproject.org/legacy/trac/-/issues/25930Update gcc to 8.X2020-06-16T00:45:52ZcypherpunksUpdate gcc to 8.XWe should build Tor Browser using gcc 7.3.0.
Firefox meta is https://bugzilla.mozilla.org/show_bug.cgi?id=1320654.
The only thing to check is https://hg.mozilla.org/mozilla-central/rev/48ff50f0db50.
Porting guide is https://gcc.gnu.org/g...We should build Tor Browser using gcc 7.3.0.
Firefox meta is https://bugzilla.mozilla.org/show_bug.cgi?id=1320654.
The only thing to check is https://hg.mozilla.org/mozilla-central/rev/48ff50f0db50.
Porting guide is https://gcc.gnu.org/gcc-7/porting_to.html.
LRA is the default https://gcc.gnu.org/wiki/LRAIsDefault.
`-mindirect-branch=thunk` is available.