Trac issueshttps://gitlab.torproject.org/legacy/trac/-/issues2020-06-15T23:15:04Zhttps://gitlab.torproject.org/legacy/trac/-/issues/7561Contents of FTP requests are cached and not isolated to the URL bar origin2020-06-15T23:15:04ZGeorg KoppenContents of FTP requests are cached and not isolated to the URL bar originContents of FTP requests can get cached but are currently not isolated to the URL bar origin which contradicts the goal of section 3.5.2 of the Tor Browser design documentation. The relevant code is here: https://mxr.mozilla.org/mozilla-...Contents of FTP requests can get cached but are currently not isolated to the URL bar origin which contradicts the goal of section 3.5.2 of the Tor Browser design documentation. The relevant code is here: https://mxr.mozilla.org/mozilla-central/source/netwerk/protocol/ftp/nsFtpConnectionThread.cpp
There are two things to note:
1) This caching is working a bit differently than the familiar HTTP caching. E.g. are there no E-Tags, no headers involved which makes a scalable exploitation much harder (that's the only reason why I think the prio is normal) IMO.
2) Furthermore, only directory listings can get cached, not "normal" files like CSS or JS files loaded via FTP.Georg KoppenGeorg Koppenhttps://gitlab.torproject.org/legacy/trac/-/issues/12761Switch to OS X 10.7 SDK in our Tor Browser Mac builds2020-06-15T23:19:30ZGeorg KoppenSwitch to OS X 10.7 SDK in our Tor Browser Mac buildsSince https://bugzilla.mozilla.org/show_bug.cgi?id=941296 landed we can't build with the OS X 10.6 SDK anymore we currently use.Since https://bugzilla.mozilla.org/show_bug.cgi?id=941296 landed we can't build with the OS X 10.6 SDK anymore we currently use.Georg KoppenGeorg Koppenhttps://gitlab.torproject.org/legacy/trac/-/issues/14387improve TB MAR signing process when incorrect password entered2020-06-15T23:23:25ZMark Smithimprove TB MAR signing process when incorrect password enteredCurrently, if an incorrect NSS password is entered during the MAR file signing process, no error is reported and the NSS "get password" function consumes all available CPU. I believe this happens because NSS continues to try to read a p...Currently, if an incorrect NSS password is entered during the MAR file signing process, no error is reported and the NSS "get password" function consumes all available CPU. I believe this happens because NSS continues to try to read a password (retry) even though stdin has been closed.
gk encountered this problem when generating some signed MAR files for testing. We should either fix the underlying bug or at the very least change signmars.sh to provide more feedback during the signing process (so the fact that no real progress is being made is obvious). gk said:
"Maybe adding some echo commands just saying something like "Starting the signing process..." and "Signed MAR file $COUNT." would already be enough?"https://gitlab.torproject.org/legacy/trac/-/issues/15990Get Windows cross-compilation working with Fx38 in Gitian2020-06-15T23:26:00ZGeorg KoppenGet Windows cross-compilation working with Fx38 in GitianUnsurprisingly, there are again issues when trying to compile Fx38 for Windows using our current toolchain. This bug is tracking them and the fixes.Unsurprisingly, there are again issues when trying to compile Fx38 for Windows using our current toolchain. This bug is tracking them and the fixes.https://gitlab.torproject.org/legacy/trac/-/issues/16014Windows: staged update fails if Meek is enabled2020-06-15T23:26:07ZMark SmithWindows: staged update fails if Meek is enabledOn Windows, if Meek is enabled, the updater fails while trying to copy files to the staged "update applied" directory. Failure occurs because the file Browser/TorBrowser/Data/Browser/profile.meek-http-helper/parent.lock is in use. The ...On Windows, if Meek is enabled, the updater fails while trying to copy files to the staged "update applied" directory. Failure occurs because the file Browser/TorBrowser/Data/Browser/profile.meek-http-helper/parent.lock is in use. The updater will fallback to an unstaged update and users will be prompted to restart to apply the update. This works but a large updated/ directory is left behind which will not be deleted until another update is staged.
We can fix this problem by skipping this parent.lock file inside the updater when copying files.https://gitlab.torproject.org/legacy/trac/-/issues/16150ESR 38 contains filenames with spaces which breaks our Gitian builds2020-06-15T23:26:21ZGeorg KoppenESR 38 contains filenames with spaces which breaks our Gitian builds`find -type f | xargs touch --date="$REFERENCE_DATETIME"` is broken if we have files with spaces in their filenames.`find -type f | xargs touch --date="$REFERENCE_DATETIME"` is broken if we have files with spaces in their filenames.https://gitlab.torproject.org/legacy/trac/-/issues/16200Torbutton changes for ESR 382020-06-15T23:26:24ZMark SmithTorbutton changes for ESR 38Kathy and I have some Torbutton ESR 38 compatibility fixes. We will make them available on the user/brade/torbutton repo. Note that we have not yet run Tor Launcher and Torbutton with a fully-patched Tor Browser tree.Kathy and I have some Torbutton ESR 38 compatibility fixes. We will make them available on the user/brade/torbutton repo. Note that we have not yet run Tor Launcher and Torbutton with a fully-patched Tor Browser tree.https://gitlab.torproject.org/legacy/trac/-/issues/16206set security.cert_pinning.enforcement_level to 2 ("Strict. Pinning is always ...2020-06-15T23:26:24Zdkgset security.cert_pinning.enforcement_level to 2 ("Strict. Pinning is always enforced")see: https://wiki.mozilla.org/SecurityEngineering/Public_Key_Pinning
Please set security.cert_pinning.enforcement_level to 2 ("Strict. Pinning is always enforced").
This will become more relevant as Tor moves to a more recent version o...see: https://wiki.mozilla.org/SecurityEngineering/Public_Key_Pinning
Please set security.cert_pinning.enforcement_level to 2 ("Strict. Pinning is always enforced").
This will become more relevant as Tor moves to a more recent version of firefox (31 only has minimal built-in pinning support, and 35 introduces HPKP), but without setting the level to 2, users who are phished with an external root CA (admittedly a bad situation, but not uncommon) will lose all pinning protection against that root CA (see https://bugzilla.mozilla.org/show_bug.cgi?id=1168603 for more details about this risk and circumstances where it might legitimately arise)https://gitlab.torproject.org/legacy/trac/-/issues/16210Get Linux compilation work with ESR 38 in our Gitian environment2020-06-15T23:26:25ZGeorg KoppenGet Linux compilation work with ESR 38 in our Gitian environmentWhile we don't need additional Tor Browser patches or a different compiler there are some things broken while packaging the binaries.While we don't need additional Tor Browser patches or a different compiler there are some things broken while packaging the binaries.https://gitlab.torproject.org/legacy/trac/-/issues/16222Review networking code for Firefox 382020-06-15T23:26:27ZMike PerryReview networking code for Firefox 38I need to do the usual networking system call review for FF38.
Along the way, #16221 is worth investigating.I need to do the usual networking system call review for FF38.
Along the way, #16221 is worth investigating.Mike PerryMike Perryhttps://gitlab.torproject.org/legacy/trac/-/issues/16253Tor Browser menu on OS X is broken with ESR 382020-06-15T23:26:29ZGeorg KoppenTor Browser menu on OS X is broken with ESR 38In my test builds there is only one item in the Tor Browser menu on OS X: the quit option. All the other ones are missingIn my test builds there is only one item in the Tor Browser menu on OS X: the quit option. All the other ones are missinghttps://gitlab.torproject.org/legacy/trac/-/issues/16283Bump VM_MEMORY to 4000 by default for Gitian builds2020-06-15T23:26:32ZGeorg KoppenBump VM_MEMORY to 4000 by default for Gitian buildstjr ran into the issue that Tor Browser does not build anymore with the default value (2000) for `VM_MEMORY` (see: https://lists.torproject.org/pipermail/tbb-dev/2015-June/000277.html). We should bump it to 4000 I'd say.tjr ran into the issue that Tor Browser does not build anymore with the default value (2000) for `VM_MEMORY` (see: https://lists.torproject.org/pipermail/tbb-dev/2015-June/000277.html). We should bump it to 4000 I'd say.https://gitlab.torproject.org/legacy/trac/-/issues/16300Make sure the BroadcastChannel API adheres to our URL bar domain isolation2020-06-15T23:26:35ZGeorg KoppenMake sure the BroadcastChannel API adheres to our URL bar domain isolationThe BroadcastChannel API allows cross-site communication within the same origin. We have a stronger notion of "same origin": the same URL bar domain. Thus, we must restrain this API to make it adhere to our URL bar isolation scheme.The BroadcastChannel API allows cross-site communication within the same origin. We have a stronger notion of "same origin": the same URL bar domain. Thus, we must restrain this API to make it adhere to our URL bar isolation scheme.Mark SmithMark Smithhttps://gitlab.torproject.org/legacy/trac/-/issues/16315New media queries in picture element may need alteration2020-06-15T23:26:37ZMike PerryNew media queries in picture element may need alterationThe picture element added in Firefox 33 has the ability to perform media queries: https://developer.mozilla.org/en-US/docs/Web/HTML/Element/picture.
We should verify that these media queries use the content window resolution, rather tha...The picture element added in Firefox 33 has the ability to perform media queries: https://developer.mozilla.org/en-US/docs/Web/HTML/Element/picture.
We should verify that these media queries use the content window resolution, rather than the desktop resolution.Arthur EdelsteinArthur Edelsteinhttps://gitlab.torproject.org/legacy/trac/-/issues/16357Wipe permissions using Mozilla API2020-06-15T23:26:49ZArthur EdelsteinWipe permissions using Mozilla APIMozilla accepted our patch from #2950 (a pref to make Permissions manager DB memory-only), with the restriction that the pref, "permissions.memory_only" be read only at startup. In torbutton, we use the pref at runtime, but this is unnec...Mozilla accepted our patch from #2950 (a pref to make Permissions manager DB memory-only), with the restriction that the pref, "permissions.memory_only" be read only at startup. In torbutton, we use the pref at runtime, but this is unnecessary. To wipe permissions, we can call `Services.perms.removeAll();`https://gitlab.torproject.org/legacy/trac/-/issues/16397Tor Browser crashes on some SVG images2020-06-15T23:26:55ZTracTor Browser crashes on some SVG imagesHello,
When I visit this link http://www.theplantlist.org/browse/B/Sphagnaceae/Sphagnum/ Tor Browser just closes even if I have multiple tabs/windows open.
**Trac**:
**Username**: mcapHello,
When I visit this link http://www.theplantlist.org/browse/B/Sphagnaceae/Sphagnum/ Tor Browser just closes even if I have multiple tabs/windows open.
**Trac**:
**Username**: mcapMark SmithMark Smithhttps://gitlab.torproject.org/legacy/trac/-/issues/16427Use internal update URL for Torbutton2020-06-15T23:26:59ZGeorg KoppenUse internal update URL for TorbuttonIn #10682 we disabled update pings by setting the update URL to https://127.0.0.1 which caused #13129. We can do something more clever without sending pings AND causing #13129 as shown in comment:13:ticket:16200.In #10682 we disabled update pings by setting the update URL to https://127.0.0.1 which caused #13129. We can do something more clever without sending pings AND causing #13129 as shown in comment:13:ticket:16200.https://gitlab.torproject.org/legacy/trac/-/issues/16428Use internal update URL for TorLauncher2020-06-15T23:27:03ZGeorg KoppenUse internal update URL for TorLauncherIn #10682 we disabled update pings by setting the update URL to https://127.0.0.1 which caused #13129. We can do something more clever without sending pings AND causing #13129 as shown in comment:13:ticket:16200.In #10682 we disabled update pings by setting the update URL to https://127.0.0.1 which caused #13129. We can do something more clever without sending pings AND causing #13129 as shown in comment:13:ticket:16200.Kathleen BradeKathleen Bradehttps://gitlab.torproject.org/legacy/trac/-/issues/16439remove screencasting code2020-06-15T23:43:12ZMark Smithremove screencasting codeWe should remove the Roku and SimpleServiceDiscovery JS modules since they will not be used (disabled via pref.) and we do not want there to be any chance that the code could be executed. See: ticket:16222#comment:7We should remove the Roku and SimpleServiceDiscovery JS modules since they will not be used (disabled via pref.) and we do not want there to be any chance that the code could be executed. See: ticket:16222#comment:7Mark SmithMark Smith