Trac issueshttps://gitlab.torproject.org/legacy/trac/-/issues2020-06-16T01:09:54Zhttps://gitlab.torproject.org/legacy/trac/-/issues/32539'Security Level' heading in about:preferences#privacy is not styled correctly2020-06-16T01:09:54Zrichard'Security Level' heading in about:preferences#privacy is not styled correctlyLooks like the h2 style elements in about:preferences now need to be actual html:h2 child nodes of the root label element. Prior to ESR68 it seems like just using a label element was sufficient.Looks like the h2 style elements in about:preferences now need to be actual html:h2 child nodes of the root label element. Prior to ESR68 it seems like just using a label element was sufficient.richardrichardhttps://gitlab.torproject.org/legacy/trac/-/issues/32618Backport 1467970 and 15905262020-06-16T01:10:05ZMatthew FinkelBackport 1467970 and 1590526Mozilla landed a defense-in-depth security improvement, but they aren't planning on backporting it for esr68.
1467970 is the original patch and 1590526 corrects some regressions.
1467970: https://hg.mozilla.org/mozilla-central/rev/c8a2...Mozilla landed a defense-in-depth security improvement, but they aren't planning on backporting it for esr68.
1467970 is the original patch and 1590526 corrects some regressions.
1467970: https://hg.mozilla.org/mozilla-central/rev/c8a2c27a1128
1590526 (uplift on 71 beta): https://hg.mozilla.org/releases/mozilla-beta/rev/1542e80327c2Georg KoppenGeorg Koppenhttps://gitlab.torproject.org/legacy/trac/-/issues/32413Bump Go to the latest version in the 1.12 series2020-06-16T01:09:26ZGeorg KoppenBump Go to the latest version in the 1.12 seriesWe ship an older Go version in the 1.12 series and should pick up a newer one with all the security fixes.We ship an older Go version in the 1.12 series and should pick up a newer one with all the security fixes.https://gitlab.torproject.org/legacy/trac/-/issues/32220Change letterboxing color when dark theme is enabled2020-06-16T01:08:44ZcypherpunksChange letterboxing color when dark theme is enabledChange letterboxing color when dark theme is enabled
It is very white and should be changed to a dark colorChange letterboxing color when dark theme is enabled
It is very white and should be changed to a dark colorhttps://gitlab.torproject.org/legacy/trac/-/issues/30548Clean up keyring files2020-06-16T01:03:59ZboklmClean up keyring filesIn `keyring/*.gpg`, some of the keyring files include some old keys or subkeys that we don't need anymore. We should remove all the keys and subkeys that we don't need (including expired keys).In `keyring/*.gpg`, some of the keyring files include some old keys or subkeys that we don't need anymore. We should remove all the keys and subkeys that we don't need (including expired keys).https://gitlab.torproject.org/legacy/trac/-/issues/32498Consider updating MAR_CHANNEL_ID for nightly build (and maybe alpha too)2020-06-16T01:09:44ZboklmConsider updating MAR_CHANNEL_ID for nightly build (and maybe alpha too)In `browser/confvars.sh` (from `tor-browser.git`) we currently set `MAR_CHANNEL_ID` to `torbrowser-torproject-release` in all cases.
I see that Mozilla is using a different `MAR_CHANNEL_ID` for each of their channel (previously by updat...In `browser/confvars.sh` (from `tor-browser.git`) we currently set `MAR_CHANNEL_ID` to `torbrowser-torproject-release` in all cases.
I see that Mozilla is using a different `MAR_CHANNEL_ID` for each of their channel (previously by updating `browser/confvars.sh`, and now by setting it from taskcluster: https://hg.mozilla.org/releases/mozilla-release/rev/66f52bda7e14e26235bd0a43bb68ad11775046e4).
So I am wondering if we should do the same, and use a different `MAR_CHANNEL_ID` for nightly, and maybe for the alpha too.https://gitlab.torproject.org/legacy/trac/-/issues/32405Crash immediately after bootstrap on Android2020-06-16T01:09:24ZMatthew FinkelCrash immediately after bootstrap on AndroidOn Android, when bootstrapping completes we call an `onFinish` method. Unfortunately, in this method we assume a tab was already created. Apparently this is a bad assumption and the app crashes.
```
java.lang.NullPointerException:
at ...On Android, when bootstrapping completes we call an `onFinish` method. Unfortunately, in this method we assume a tab was already created. Apparently this is a bad assumption and the app crashes.
```
java.lang.NullPointerException:
at org.mozilla.gecko.BrowserApp$34.onFinish (BrowserApp.java:3021)
at org.mozilla.gecko.torbootstrap.TorBootstrapAnimationContainer.hide (TorBootstrapAnimationContainer.java:61)
at org.mozilla.gecko.torbootstrap.TorBootstrapAnimationContainer$1.onFinish (TorBootstrapAnimationContainer.java:53)
at org.mozilla.gecko.torbootstrap.TorBootstrapPager$1.finish (TorBootstrapPager.java:64)
at org.mozilla.gecko.firstrun.FirstrunPanel.close (FirstrunPanel.java:83)
at org.mozilla.gecko.torbootstrap.TorBootstrapPanel.updateStatus (TorBootstrapPanel.java:365)
at org.mozilla.gecko.torbootstrap.TorLogEventListener$2.handleMessage (TorLogEventListener.java:123)
at android.os.Handler.dispatchMessage (Handler.java:106)
at android.os.Looper.loop (Looper.java:216)
at android.app.ActivityThread.main (ActivityThread.java:7188)
at java.lang.reflect.Method.invoke (Native Method)
at com.android.internal.os.RuntimeInit$MethodAndArgsCaller.run (RuntimeInit.java:494)
at com.android.internal.os.ZygoteInit.main (ZygoteInit.java:975)
```Shane IsbellShane Isbellhttps://gitlab.torproject.org/legacy/trac/-/issues/32616disable GetSecureOutputDirectoryPath() functionality2020-06-16T01:10:04ZMark Smithdisable GetSecureOutputDirectoryPath() functionalityEven though the code paths that end in `GetSecureOutputDirectoryPath()` should not be taken in Tor Browser, we want to avoid any chance that the updater will create files under `C:\Program Files (x86)` or a similar location. Therefore we...Even though the code paths that end in `GetSecureOutputDirectoryPath()` should not be taken in Tor Browser, we want to avoid any chance that the updater will create files under `C:\Program Files (x86)` or a similar location. Therefore we will stub out the body of `GetSecureOutputDirectoryPath()` and have it return an error.Mark SmithMark Smithhttps://gitlab.torproject.org/legacy/trac/-/issues/27265In some cases, rbm will download files in the wrong project directory2020-06-13T17:39:28ZboklmIn some cases, rbm will download files in the wrong project directoryThe patch for #27045 is causing an error when starting the build with an empty `out/` directory:
https://trac.torproject.org/projects/tor/ticket/27045#comment:11
We can see in the logs that binutils is being downloaded in the `out/firef...The patch for #27045 is causing an error when starting the build with an empty `out/` directory:
https://trac.torproject.org/projects/tor/ticket/27045#comment:11
We can see in the logs that binutils is being downloaded in the `out/firefox` directory instead of `out/binutils`:
```
Saving to: '/media/ssd/Code/Tor/tor-browser-build/out/firefox/binutils-2.26.1.tar.bz2'
```
The reason is that we override `output_dir` when calling `build_pkg` in `input_files`:
```
} elsif ($input_file->{project} && $t->('project')) {
my $p = $t->('project');
print "Building project $p - $name\n";
my $run_save = $config->{run};
$config->{run} = { target => $input_file->{target} };
$config->{run}{target} //= $run_save->{target};
build_pkg($p, {%$options, origin_project => $project, %$input_file,
output_dir => $proj_out_dir});
$config->{run} = $run_save;
print "Finished build of project $p - $name\n";
} else {
```
The reason why we don't see this error in normal builds and only see it with #27045 is that in #27045 we are changing the `tor-browser` filename to remove `c("var/build_id")` from it, removing the need to download dependencies to compute the filename. In normal builds the binutils tarball is already downloaded (in the correct directory) when we start the firefox build, so we are not hitting this issue.boklmboklmhttps://gitlab.torproject.org/legacy/trac/-/issues/28803Integrate building pluggable transports for Android into tor-browser-build2020-06-16T01:25:56ZGeorg KoppenIntegrate building pluggable transports for Android into tor-browser-buildWe want to support Pluggable Transports in Tor Browser for Android. We should integrate those we support into our tor-browser-build process.We want to support Pluggable Transports in Tor Browser for Android. We should integrate those we support into our tor-browser-build process.https://gitlab.torproject.org/legacy/trac/-/issues/32365Localization is broken in Tor Browser 9 on Android2020-06-16T01:09:19ZGeorg KoppenLocalization is broken in Tor Browser 9 on AndroidTake a Tor Browser 8.5.6 on an Android system in locale `foo` (`foo` != `en-US` and `foo` is a locale we actually ship).
If you start Tor Browser for the first (and subsequent) times on that system you see e.g. the connect button in loc...Take a Tor Browser 8.5.6 on an Android system in locale `foo` (`foo` != `en-US` and `foo` is a locale we actually ship).
If you start Tor Browser for the first (and subsequent) times on that system you see e.g. the connect button in locale `foo` and the onboarding in locale `foo`, the whole browser UI in locale `foo`, and `about:tor` in locale `foo`.
Now, remove 8.5.6 and install 9.0 or 9.0.1 (I actually just tested with 9.0.1 but remember vaguely seeing this weirdness when testing 9.0aX builds even though I did not put 1 and 1 together back then :( ).
If you start Tor Browser for the first (and subsequent) times on that system you see e.g. the connect button in `en-US` and the onboarding in `en-US` and the browser UI in `en-US`. However, Torbutton related things like the slider and `about:tor` are still shown in locale `foo`
This bug has the nasty consquence, I think, that the locale for the donation campaign is not properly detected. Instead, just the default link is used.Matthew FinkelMatthew Finkelhttps://gitlab.torproject.org/legacy/trac/-/issues/32255Missing ORIGIN header breaks CORS in Tor Browser 9.02020-06-16T01:10:31ZTracMissing ORIGIN header breaks CORS in Tor Browser 9.0Looks like there is an issue on Tor Browser 9.0 which affects our CORS allowance setup, at least with the dependency django-cors-headers, because it fails to send the expected header ORIGIN in the OPTIONS preflight. It works fine using t...Looks like there is an issue on Tor Browser 9.0 which affects our CORS allowance setup, at least with the dependency django-cors-headers, because it fails to send the expected header ORIGIN in the OPTIONS preflight. It works fine using the latest 8 version. We've noticed this only happens when the CORS request source is a .onion address, otherwise it works as usual.
Example:
public.com XHR OPTIONS >> publicapi.com (ORIGIN HEADER INCLUDED, WORKS)
hidden.onion XHR OPTIONS >> publicapi.com (MISSING ORIGIN HEADER, BREAKS)
hidden.onion XHR OPTIONS >> hiddenapi.onion (MISSING ORIGIN HEADER, BREAKS)
**Trac**:
**Username**: complexparadoxAlex CatarineuAlex Catarineuhttps://gitlab.torproject.org/legacy/trac/-/issues/32303obfs4proxy incompatibility on Android Q2020-06-16T01:09:02ZMatthew Finkelobfs4proxy incompatibility on Android QWe received a report that obfs4proxy doesn't run on Android Q due to a run-time linker error.
```
WARN: Managed proxy at '/data/app/org.torproject.torbrowser-xxxxxxxx==/lib/arm64/libObfs4proxy.so' reported: error: "/data/app/org.torproj...We received a report that obfs4proxy doesn't run on Android Q due to a run-time linker error.
```
WARN: Managed proxy at '/data/app/org.torproject.torbrowser-xxxxxxxx==/lib/arm64/libObfs4proxy.so' reported: error: "/data/app/org.torproject.torbrowser-xxxxxxxx==/lib/arm64/libObfs4proxy.so": executable's TLS segment is underaligned: alignment is 8, needs to be at least 64 for ARM64 Bionic
```
This is a [bug](https://github.com/golang/go/issues/29674) that was [fixed](https://go-review.googlesource.com/c/go/+/169618/4/src/cmd/link/internal/ld/lib.go) in Golang 1.13https://gitlab.torproject.org/legacy/trac/-/issues/32508opening about:preferences#privacy from the security toolbar button leads to a...2020-06-16T01:09:48Zboklmopening about:preferences#privacy from the security toolbar button leads to adding about:preferences#tor items at the end of about:preferences#privacySomeone reported this on the blog:
https://blog.torproject.org/comment/285516#comment-285516
Using the icon on the toolbar to change the security level is showing the "Privacy & Security" and "Tor" settings in the same pane, while they ...Someone reported this on the blog:
https://blog.torproject.org/comment/285516#comment-285516
Using the icon on the toolbar to change the security level is showing the "Privacy & Security" and "Tor" settings in the same pane, while they are in two different ones when opening them through the hamburger menu and selecting "Preferences".
I am not sure if it is a bug, or if it is intentional.richardrichardhttps://gitlab.torproject.org/legacy/trac/-/issues/30683Properties in dom/locales/$lang/chrome/ allow detecting user locale2020-06-16T01:04:34ZGeorg KoppenProperties in dom/locales/$lang/chrome/ allow detecting user localez3t reported a bunch of issues on HackerOne regarding detection of user locale with the help of `dom/locales/$lang/chrome/` properties. PoCs done by z3t:
`dom/dom.properties`: https://people.torproject.org/~gk/tests/tor_form_locale_leak...z3t reported a bunch of issues on HackerOne regarding detection of user locale with the help of `dom/locales/$lang/chrome/` properties. PoCs done by z3t:
`dom/dom.properties`: https://people.torproject.org/~gk/tests/tor_form_locale_leak.html
`layout/xmlparser.properties`: https://people.torproject.org/~gk/tests/tor_domparser_locale_leak.html
`layout/MediaDocument.properties`: https://people.torproject.org/~gk/tests/tor_image_locale_leak.htmlhttps://gitlab.torproject.org/legacy/trac/-/issues/32527rbm downloads 0B sig file if network drops; rejects sig on next run2020-06-13T17:39:34ZJeremyRandrbm downloads 0B sig file if network drops; rejects sig on next runInstructions to reproduce:
1. Build Tor Browser via `tor-browser-build`.
2. Right before rbm tries to download a `.sig` file, shut off the network connection.
Expected results:
rbm should not write a `.sig` file. Future invocations o...Instructions to reproduce:
1. Build Tor Browser via `tor-browser-build`.
2. Right before rbm tries to download a `.sig` file, shut off the network connection.
Expected results:
rbm should not write a `.sig` file. Future invocations of rbm once network connection is restored should download the `.sig` file.
Observed results:
rbm writes a `.sig` file with size 0B. When the network connection is restored and rbm is run again, rbm does not retry downloading the `.sig` file, and instead says something like `Error: File llvm-8.0.0.src.tar.xz is not signed with a valid key`. Manually deleting the 0B `.sig` file allows rbm to function properly again.boklmboklmhttps://gitlab.torproject.org/legacy/trac/-/issues/31010Rebase Tor Browser mobile/ patches for Firefox ESR 682020-06-16T01:05:19ZMatthew FinkelRebase Tor Browser mobile/ patches for Firefox ESR 68This is the Android-specific patches for #30429.This is the Android-specific patches for #30429.https://gitlab.torproject.org/legacy/trac/-/issues/30429Rebase Tor Browser patches for Firefox ESR 682020-06-16T01:12:05ZGeorg KoppenRebase Tor Browser patches for Firefox ESR 68We need to start rebasing our patches against Firefox 68. This is the ticket that tracks the whole effort.
It's helpful how we did it the last time: comment:6:ticket:25543. As mentioned there https://torpat.ch/ is a very valuable resour...We need to start rebasing our patches against Firefox 68. This is the ticket that tracks the whole effort.
It's helpful how we did it the last time: comment:6:ticket:25543. As mentioned there https://torpat.ch/ is a very valuable resource. It might need updating, though (which we should do while we are at it, or point Arthur to the things that need to get fixed).https://gitlab.torproject.org/legacy/trac/-/issues/32475Reduce the number of locales we provide updates for in nightly2020-06-16T01:09:38ZboklmReduce the number of locales we provide updates for in nightlyMaking updates available for each locale is costing time on nightly build/signing machines:
- generating the .mar files
- generating the incremental .mar files
- transferring the mar files between hosts to sign them and publish them
Wit...Making updates available for each locale is costing time on nightly build/signing machines:
- generating the .mar files
- generating the incremental .mar files
- transferring the mar files between hosts to sign them and publish them
With the current resources we have, I think it risks increasing the time to provide updates on nightly builds too much. I think we could start by providing updates for a subset of locales only, and think about increasing that list later.boklmboklmhttps://gitlab.torproject.org/legacy/trac/-/issues/28746Remove torbutton_update_isolation_prefs() and torbutton_update_fingerprinting...2020-06-16T01:04:54ZGeorg KoppenRemove torbutton_update_isolation_prefs() and torbutton_update_fingerprinting_prefs()We should not mirror the isolation and fingerprinting prefs in Torbutton. Just set them in the browser and that's it. Those options are not exposed in the browser UI anymore and if a user wants to mess with them they should be on their own.We should not mirror the isolation and fingerprinting prefs in Torbutton. Just set them in the browser and that's it. Those options are not exposed in the browser UI anymore and if a user wants to mess with them they should be on their own.