Trac issueshttps://gitlab.torproject.org/legacy/trac/-/issues2020-06-16T01:24:45Zhttps://gitlab.torproject.org/legacy/trac/-/issues/18405Check that MAR signing is done properly2020-06-16T01:24:45ZGeorg KoppenCheck that MAR signing is done properlyWe are checking that the authenticode signing got done properly with a script. We should do the same with our MAR files.We are checking that the authenticode signing got done properly with a script. We should do the same with our MAR files.Georg KoppenGeorg Koppenhttps://gitlab.torproject.org/legacy/trac/-/issues/18127Add LXC support for building with Debian guest VMs2020-06-15T23:34:15ZGeorg KoppenAdd LXC support for building with Debian guest VMsNow that #15578 is fixed we need to add LXC support for building with Debian guest VMs as well.Now that #15578 is fixed we need to add LXC support for building with Debian guest VMs as well.boklmboklmhttps://gitlab.torproject.org/legacy/trac/-/issues/18631Rewritten #1517 patch for TBB/ESR452020-06-15T23:34:11ZArthur EdelsteinRewritten #1517 patch for TBB/ESR45Our patch, "Reduce precision of time for Javascript." needed re-writing because a lot of the underlying code changed in mozilla-central. Here it is for review:
https://github.com/arthuredelstein/tor-browser/commit/29474920f53107547ed342...Our patch, "Reduce precision of time for Javascript." needed re-writing because a lot of the underlying code changed in mozilla-central. Here it is for review:
https://github.com/arthuredelstein/tor-browser/commit/29474920f53107547ed34263cc292a43f4c305edhttps://gitlab.torproject.org/legacy/trac/-/issues/18622Tor Browser workaround for tor 0.2.8.1-alpha bridge private address issue2020-06-15T23:34:10ZteorTor Browser workaround for tor 0.2.8.1-alpha bridge private address issuedcf wrote a Tor Browser 6.0a3 patch to workaround #18517, where bridges with private addresses don't work in tor 0.2.8.1-alpha.
It might only be needed for a short time, if we get a patch for #18517 into tor-0.2.8.2-alpha.
Please see t...dcf wrote a Tor Browser 6.0a3 patch to workaround #18517, where bridges with private addresses don't work in tor 0.2.8.1-alpha.
It might only be needed for a short time, if we get a patch for #18517 into tor-0.2.8.2-alpha.
Please see the patch I'm about to attach.https://gitlab.torproject.org/legacy/trac/-/issues/18536Make Mosaddegh and MaBishomarim available on port 80 and 4432020-06-15T23:33:52ZNima FatemiMake Mosaddegh and MaBishomarim available on port 80 and 443I don't know why it took me so long to realize the reason these two bridges are not being used at their capacity is probably because they're serving obfs4 on a random port. So I thought maybe making them available on these two ports migh...I don't know why it took me so long to realize the reason these two bridges are not being used at their capacity is probably because they're serving obfs4 on a random port. So I thought maybe making them available on these two ports might help the situation.https://gitlab.torproject.org/legacy/trac/-/issues/18455modify Tor Browser packaging to avoid language prompt2020-06-15T23:33:44ZMark Smithmodify Tor Browser packaging to avoid language promptWe use a Tor Launcher with the language prompt feature included for hardened builds but must be careful not to included that feature in regular builds. I suspect this is causing some pain for Georg at least.
Kathy and I tried to modify ...We use a Tor Launcher with the language prompt feature included for hardened builds but must be careful not to included that feature in regular builds. I suspect this is causing some pain for Georg at least.
Kathy and I tried to modify Tor Launcher to skip the language prompt if there is only one choice of language, but that turns out to be difficult to do because (1) the language prompt is the first dialog opened, (2) we need to keep a modal dialog open to prevent Firefox from starting all the way, and (3) the API to enumerate the installed language packs is asynchronous (so we cannot call it until after we have a modal dialog open).
We thought of another, simpler solution: modify the gitian descriptors for the bundle step to add these two preferences to the extension-overrides.js file:
intl.locale.matchOS = false
extensions.torlauncher.prompt_for_locale = false
If other people think this is a good idea I will create a patch.Mark SmithMark Smithhttps://gitlab.torproject.org/legacy/trac/-/issues/18371TorBrowser.app.meek-http-helper symlinks incompatible with Gatekeeper signing2020-06-15T23:33:39ZMark SmithTorBrowser.app.meek-http-helper symlinks incompatible with Gatekeeper signingExperimentation shows that the symlink approach that we currently use to create a meek-specific "copy" of Tor Browser on Mac OS is not compatible with Apple's Gatekeeper code signing. Apple's codesign command complains about an invalid I...Experimentation shows that the symlink approach that we currently use to create a meek-specific "copy" of Tor Browser on Mac OS is not compatible with Apple's Gatekeeper code signing. Apple's codesign command complains about an invalid Info.plist because it is checking that the application binary (firefox) is where the Info.plist says it is and symlinks are apparently not traversed.
One possible solution is to eliminate the TorBrowser.app.meek-http-helper linked app bundle and add support to firefox for a command line option that causes the application to run as a background app. See https://trac.torproject.org/projects/tor/ticket/11429#comment:8 for more info.
Perhaps if we make the call to TransformProcessType() very early during firefox startup the problem that occurred before (dock icon appearing briefly during startup of the meek browser) will not occur. Another possibility is to change the Info.plist for Tor Browser so that the dock icon is hidden by default and then un-hide it when *not* running as the meek helper browser.Mark SmithMark Smithhttps://gitlab.torproject.org/legacy/trac/-/issues/16917Support torified torsocks ssh -D socks proxy ports (for wingnuts)2020-06-15T23:29:10ZMike PerrySupport torified torsocks ssh -D socks proxy ports (for wingnuts)When Tor is blocked by a website, wingnuts sometimes resort to using ssh -D proxies in combination with torsocks (so that the connection to the ssh server goes over Tor, and then when you connect to the SSH proxy port on localhost, it ge...When Tor is blocked by a website, wingnuts sometimes resort to using ssh -D proxies in combination with torsocks (so that the connection to the ssh server goes over Tor, and then when you connect to the SSH proxy port on localhost, it gets routed through Tor and then it uses your SSH server as your exit IP).
Unfortunately, in TBB 4.5 we added socks username+password isolation to Torbutton, and there is no way to disable this easily. For example, see this sad panda: https://superuser.com/questions/941136/how-can-i-bypass-proxy-using-tunneling (though that guy is still doing it wrong. ssh -D is way more flexible, if TBB 4.5+ supported it).
The following Torbutton patch works to completely disable the use of SOCKS auth in TBB (which also disables circuit isolation):
```
--- a/src/components/domain-isolator.js
+++ b/src/components/domain-isolator.js
@@ -71,8 +71,8 @@ tor.socksProxyCredentials = function (originalProxy, domain) {
return mozilla.protocolProxyService
.newSOCKSProxyInfo(proxy.host,
proxy.port,
- domain, // username
- tor.noncesForDomains[domain].toString(), // password
+ null, //domain, // username
+ null, //tor.noncesForDomains[domain].toString(), // password
proxy.flags,
proxy.failoverTimeout,
proxy.failoverProxy);
```
You also need to set the following about:config prefs to false: **extensions.torbutton.local_tor_check** and **extensions.torbutton.test_enabled**.
You also need to start TBB with TOR_SOCKS_PORT=4444, or whatever your ssh -D SOCKS port is.
Finally, you need to set 'AllowInbound 1' in /etc/tor/torsocks.conf (or wherever torsocks.conf lives).
If some random cypherpunk(s) want to turn that Torbutton patch into a Torbutton pref and either script the rest of this or document this process better, I would merge the patch and add a link to the script to the TBB Hacking Guide. We should also put the answer on a few stackoverflow questions like the one I linked. There probably are more.
The following Hacking Guide sections may be useful in this process:
https://trac.torproject.org/projects/tor/wiki/doc/TorBrowser/Hacking#BuildingJustTorLauncherOrTorbutton
https://trac.torproject.org/projects/tor/wiki/doc/TorBrowser/Hacking#UsinganExistingTorProcesscypherpunkscypherpunkshttps://gitlab.torproject.org/legacy/trac/-/issues/16725TorBrowser fails maximizing while using diffrent homepage2020-06-15T23:28:01ZTracTorBrowser fails maximizing while using diffrent homepageI installed the latest version 4.5.3 on my Windows 7 x64. As soon as I change the default homepage to anything else than "about:tor" the window-maximizing of TBB doesnt work. The Window jumps back to its original position and size while ...I installed the latest version 4.5.3 on my Windows 7 x64. As soon as I change the default homepage to anything else than "about:tor" the window-maximizing of TBB doesnt work. The Window jumps back to its original position and size while manual (drag and drop) maximizing works. Tested with search.disconnect.me and check.torproject.org.
**Trac**:
**Username**: kleftGeorg KoppenGeorg Koppenhttps://gitlab.torproject.org/legacy/trac/-/issues/16444Update audit process for Firefox ESR2020-06-15T23:27:04ZGeorg KoppenUpdate audit process for Firefox ESRIn #16090 it occurred to me that we can be smarter about our Firefox feature review process. This ticket is to remind us to update the tor-browser-spec repo with the findings.In #16090 it occurred to me that we can be smarter about our Firefox feature review process. This ticket is to remind us to update the tor-browser-spec repo with the findings.Georg KoppenGeorg Koppenhttps://gitlab.torproject.org/legacy/trac/-/issues/15538begin signing Windows packages the Linux way2016-04-04T14:13:30ZGeorg Koppenbegin signing Windows packages the Linux wayIn #3861 we started signing Windows packages the Windows way. But what we really want is being able to do that on a Linux box in order to be able to distribute this signing task as well.In #3861 we started signing Windows packages the Windows way. But what we really want is being able to do that on a Linux box in order to be able to distribute this signing task as well.Georg KoppenGeorg Koppen