Trac issueshttps://gitlab.torproject.org/legacy/trac/-/issues2020-06-15T23:23:39Zhttps://gitlab.torproject.org/legacy/trac/-/issues/8405Provide a control port command to query the circuit used for SOCKS u+p2020-06-15T23:23:39ZMike PerryProvide a control port command to query the circuit used for SOCKS u+pOnce we start isolating streams by domain in the browser, it will be useful to have a way to ask Tor what circuit it is currently using for a given SOCKS username+password, so we can provide a tooltip or other indication directly in the ...Once we start isolating streams by domain in the browser, it will be useful to have a way to ask Tor what circuit it is currently using for a given SOCKS username+password, so we can provide a tooltip or other indication directly in the browser UI.Tor: 0.2.6.x-finalMike PerryMike Perryhttps://gitlab.torproject.org/legacy/trac/-/issues/3455Tor Browser should set SOCKS username for a request based on first party domain2020-06-15T23:33:20ZMike PerryTor Browser should set SOCKS username for a request based on first party domainOnce Proposal 171 is implemented (#1865), Tor Browser should set the Proposal 171 SOCKS username to a function of the hostname in the referer header (possibly caching the first referer for subsequent link navigation).
If the referer is...Once Proposal 171 is implemented (#1865), Tor Browser should set the Proposal 171 SOCKS username to a function of the hostname in the referer header (possibly caching the first referer for subsequent link navigation).
If the referer is blank, we should use a function of the request URL hostname. This policy should effectively give us the same top-level origin isolation for circuit use that we want for other identifiers.
Lunar also points out that if this function introduces a hashed nonce that is changed on "New Identity" invocations, we can then do without the control port and control auth/password inside torbutton but still provide New Identity. This would simplify a lot of setups, and potentially allow us to remove more code from Torbutton.TorBrowserBundle 2.3.x-stableArthur EdelsteinArthur Edelsteinhttps://gitlab.torproject.org/legacy/trac/-/issues/13472Tor Browser 4.0 not able to talk with tor2020-06-15T23:21:26ZSheriefTor Browser 4.0 not able to talk with torSupport is getting a wave of emails about Tor Browser connecting successfully but ends up with the "Something Went Wrong! Tor is not working in this browser." message.Support is getting a wave of emails about Tor Browser connecting successfully but ends up with the "Something Went Wrong! Tor is not working in this browser." message.https://gitlab.torproject.org/legacy/trac/-/issues/13443TB v4.0 (xul.dll) crashes on Windows2020-06-15T23:21:20ZcypherpunksTB v4.0 (xul.dll) crashes on WindowsHi,
I tried out the 4.0 TB bundle today on Windows 7 SP1 64-bit and it consistently crashed after logging into gmail. Gmail would authenticate and the page would begin to load (I could see emails), but when the page load completed, the ...Hi,
I tried out the 4.0 TB bundle today on Windows 7 SP1 64-bit and it consistently crashed after logging into gmail. Gmail would authenticate and the page would begin to load (I could see emails), but when the page load completed, the entire browser crashed. I went back to 3.6.6, which works fine on this machine.https://gitlab.torproject.org/legacy/trac/-/issues/13432TBB on Linux just asked me if I wanted to update2020-06-15T23:21:14ZMike PerryTBB on Linux just asked me if I wanted to updateMy TBB 4.0-alpha-3 just popped up a window asking me if I wanted to upgrade (I just uploaded the manifest files).
I had previously clicked on the "Help->About Tor Browser" tab, but I had closed that window several minutes prior.
This ...My TBB 4.0-alpha-3 just popped up a window asking me if I wanted to upgrade (I just uploaded the manifest files).
I had previously clicked on the "Help->About Tor Browser" tab, but I had closed that window several minutes prior.
This probably shouldn't have happened, and it especially shouldn't happen for our stable users. We want them to explicitly navigate to the Help window to upgrade if they want to. At least, until we get #11955 and #13379 fixed.https://gitlab.torproject.org/legacy/trac/-/issues/13366Don't disable the certdb if we're storing disk history2020-06-15T23:25:34ZMike PerryDon't disable the certdb if we're storing disk historyUsers are reporting that if they are storing disk history, they cannot add certificate exceptions. This is due to #12998 setting the security.nocertdb pref.
A simple fix is to update Torbutton to disable this pref if disk history is ena...Users are reporting that if they are storing disk history, they cannot add certificate exceptions. This is due to #12998 setting the security.nocertdb pref.
A simple fix is to update Torbutton to disable this pref if disk history is enabled.https://gitlab.torproject.org/legacy/trac/-/issues/13356symlinks missing after complete MAR file update2020-06-15T23:20:54ZMark Smithsymlinks missing after complete MAR file updateWhile testing using MAR files from our own nightly build, brade and I discovered that the meek symlinks (present on Mac OS) are removed after a complete MAR update is applied to TB 4.0-alpha-3. The problem is in the MAR file generation ...While testing using MAR files from our own nightly build, brade and I discovered that the meek symlinks (present on Mac OS) are removed after a complete MAR update is applied to TB 4.0-alpha-3. The problem is in the MAR file generation – specifically, we neglected to include the addsymlink directives in the updatev2.manifest file (we only put them in the new updatev3.manifest file that is used by ESR31 and newer browsers).Mark SmithMark Smithhttps://gitlab.torproject.org/legacy/trac/-/issues/13324Generation of incremental MAR files2020-06-15T23:20:49ZboklmGeneration of incremental MAR filesThe branch update-responses-2 from my git repository at https://git.torproject.org/user/boklm/tor-browser-bundle.git contains a few changes to:
- make the generated response files deterministic
- use MAR files from gitian/$version instea...The branch update-responses-2 from my git repository at https://git.torproject.org/user/boklm/tor-browser-bundle.git contains a few changes to:
- make the generated response files deterministic
- use MAR files from gitian/$version instead of a releases subdir
- generate incremental MAR files
To be able to generate the incremental MAR files, it requires the tools from mar-tools-$os.zip (in directory gitian-builder/inputs after a build) to be extracted in a directory that is in the PATH.
To speed up the generation of the MAR files, it will generate them in parallel, as many as there are CPUs, or the number in the NUM_PROCS environment variable if it is defined.
The versions from which we generate incremental updates are defined in the config.yml file, in 'incremental_from'.
If you have been running the previous version of the script, you may need to install a few additional perl modules to run this one:
File::Temp IO::CaptureOutput File::Which Parallel::ForkManager
(on Debian: libio-captureoutput-perl libfile-which-perl libparallel-forkmanager-perl)
If everything is working as expected, the files generated in the htdocs directory (which include shasums of the mar files) should match exactly the ones I generated. I will attach to this ticket the content of my htdocs directory.https://gitlab.torproject.org/legacy/trac/-/issues/13318Firefox31's toolbar is too busy2020-06-15T23:20:48ZMike PerryFirefox31's toolbar is too busyWith NoScript, HTTPS-Everywhere, Torbutton, the bookmarks widget (which is two icons), the download manager, the home button, and the "vent"/menu all on the toolbar, things are getting ridiculously crowded.
I played around with the cust...With NoScript, HTTPS-Everywhere, Torbutton, the bookmarks widget (which is two icons), the download manager, the home button, and the "vent"/menu all on the toolbar, things are getting ridiculously crowded.
I played around with the customization pref, and I think that if we move everything but NoScript and Torbutton into the vent, it's less cluttered and encourages people to click on the vent rather than simply being terrified of everything.
I am going to commit this pref into our git repo. There's probably a better way to do this customization, but this seems expedient and easier, especially given that I want to ensure that NoScript and Torbutton always have the same positioning.Mike PerryMike Perryhttps://gitlab.torproject.org/legacy/trac/-/issues/13301Update from 4.0-alpha-2 to 4.0-alpha-3 told me all my extensions were incompa...2020-06-15T23:20:42ZRoger DingledineUpdate from 4.0-alpha-2 to 4.0-alpha-3 told me all my extensions were incompatibleMy TBB 4.0-alpha-2 (32-bit Linux) popped up a thing saying there was an update ready. I said 'ok get it'. A while later it popped up a window with the title "Software Update" which said that the following extensions were incompatible wit...My TBB 4.0-alpha-2 (32-bit Linux) popped up a thing saying there was an update ready. I said 'ok get it'. A while later it popped up a window with the title "Software Update" which said that the following extensions were incompatible with this new version, and they would be disabled until they were fixed to be compatible: Torbutton, Tor Launcher, HTTPS Everywhere.
My network here is really crappy -- is it possible there's some "try to reach the thing to check compatibility, if you time out, assume they're not compatible" logic somewhere?
(I'm assuming that the extensions do indeed self-identify as being compatible with all TBB 4.x.)Mark SmithMark Smithhttps://gitlab.torproject.org/legacy/trac/-/issues/13142Bottom and right side of browser window does not match inner window2020-06-15T23:20:23ZGeorg KoppenBottom and right side of browser window does not match inner windowOn Windows with the upcoming ESR the inner window does not fit into the browser window neatly anymore. (See attachment for the issue) It is a bit smaller which might confuse users. This is not visible on Linux.On Windows with the upcoming ESR the inner window does not fit into the browser window neatly anymore. (See attachment for the issue) It is a bit smaller which might confuse users. This is not visible on Linux.Georg KoppenGeorg Koppenhttps://gitlab.torproject.org/legacy/trac/-/issues/13091Use "Tor Browser" everywhere (space included)2020-06-15T23:27:21ZMark SmithUse "Tor Browser" everywhere (space included)This is a spinoff of bug #13087. We should change our .mozconfig files to have:
```
mk_add_options MOZ_APP_DISPLAYNAME="Tor Browser"
```
and see if that causes any problems. If not, this is a simple change.This is a spinoff of bug #13087. We should change our .mozconfig files to have:
```
mk_add_options MOZ_APP_DISPLAYNAME="Tor Browser"
```
and see if that causes any problems. If not, this is a simple change.Mark SmithMark Smithhttps://gitlab.torproject.org/legacy/trac/-/issues/13034Review individual rebased patches for Firefox 312020-06-15T23:20:08ZMike PerryReview individual rebased patches for Firefox 31Arthur has rebased all of our patches already (see #12620), but the original authors should still review them to check for correctness, and to see if we might need to do anything additional for Firefox 31. In particular, the DOM Storage ...Arthur has rebased all of our patches already (see #12620), but the original authors should still review them to check for correctness, and to see if we might need to do anything additional for Firefox 31. In particular, the DOM Storage and Canvas APIs may have grown/changed to add new functionality that escapes our modifications.Mike PerryMike Perryhttps://gitlab.torproject.org/legacy/trac/-/issues/13020Audit gstreamer usage for proxy safety2020-06-15T23:20:00ZMike PerryAudit gstreamer usage for proxy safetyIn Firefox30, the Linux builds began using gstreamer by default for displaying HTML5 video. We need to make sure gstreamer is just used for codecs, and not any network activity.In Firefox30, the Linux builds began using gstreamer by default for displaying HTML5 video. We need to make sure gstreamer is just used for codecs, and not any network activity.Mike PerryMike Perryhttps://gitlab.torproject.org/legacy/trac/-/issues/5752Isolate browser streams by url bar domain rather than by time interval2022-03-22T13:00:32ZRoger DingledineIsolate browser streams by url bar domain rather than by time intervalI'm creating this parent project ticket for all the components of Mike's "use the prop171 support in Tor to stop putting unrelated streams onto the same circuit" plan.I'm creating this parent project ticket for all the components of Mike's "use the prop171 support in Tor to stop putting unrelated streams onto the same circuit" plan.