Trac issueshttps://gitlab.torproject.org/legacy/trac/-/issues2020-06-16T01:25:49Zhttps://gitlab.torproject.org/legacy/trac/-/issues/28764OpenSSL Build for Android2020-06-16T01:25:49ZShane IsbellOpenSSL Build for AndroidShane IsbellShane Isbellhttps://gitlab.torproject.org/legacy/trac/-/issues/32645Update URL bar onion indicators2020-12-11T13:05:04ZAntonelaantonela@torproject.orgUpdate URL bar onion indicatorsSince FF70, the green locks at the URL bar are gone. The current Firefox approach to security indicators is detailed here[1]. Chrome is leading towards this intention, too[2].
As part of S27, I'm working on unifying (and simplifying) t...Since FF70, the green locks at the URL bar are gone. The current Firefox approach to security indicators is detailed here[1]. Chrome is leading towards this intention, too[2].
As part of S27, I'm working on unifying (and simplifying) the brand presence of onions in Tor Browser, either for referring to the network or to the onion services.
I'm opening this ticket to discuss the following:
- are we ok following the Firefox approach and removing green icons from the URL bar?
- are we ok unifying the visual anchor for onions and onion routing at the URL bar and also at the circuit display?
- are we ok removing EV label from the URL bar and leave it at the identity doorhanger?
[1]FF70 https://blog.mozilla.org/security/2019/10/15/improved-security-and-privacy-indicators-in-firefox-70/
[2]CH69 https://blog.chromium.org/2018/05/evolving-chromes-security-indicators.html
[*]TB8 https://trac.torproject.org/projects/tor/wiki/org/teams/UxTeam/Misc/OnionSecurityIndicatorrichardrichardhttps://gitlab.torproject.org/legacy/trac/-/issues/32991TBB Project For ZSTD2020-06-16T01:10:45ZShane IsbellTBB Project For ZSTDCreate a tbb project to build source code targeting the android platform.
Source is at
!https://github.com/facebook/zstd
Zstandard - Fast real-time compression algorithm. This is used to compress data sent over tor. This compression ...Create a tbb project to build source code targeting the android platform.
Source is at
!https://github.com/facebook/zstd
Zstandard - Fast real-time compression algorithm. This is used to compress data sent over tor. This compression is useful over slower mobile networks.
We will compile this into tor with _--enable-zstd_ flag.https://gitlab.torproject.org/legacy/trac/-/issues/32992TBB Project for LZMA2020-06-16T01:10:45ZShane IsbellTBB Project for LZMACreate a tbb project to build source code targeting the android platform.
Source code: https://git.tukaani.org/xz.gitCreate a tbb project to build source code targeting the android platform.
Source code: https://git.tukaani.org/xz.githttps://gitlab.torproject.org/legacy/trac/-/issues/33216Add Android Host and ABI Info to RBM.conf2020-06-16T01:11:09ZShane IsbellAdd Android Host and ABI Info to RBM.confAdd Android Host and ABI Info to RBM.conf
_configure_host_: this will be used for native projects to be able to configure the correct host triplets for android builds
_abi_: This will match the names that Android uses for architectures...Add Android Host and ABI Info to RBM.conf
_configure_host_: this will be used for native projects to be able to configure the correct host triplets for android builds
_abi_: This will match the names that Android uses for architectures within an app or library. This will be used by projects when packaging apks and android libraries.https://gitlab.torproject.org/legacy/trac/-/issues/33402Set app.update.url for nightly builds2020-06-16T01:11:19ZboklmSet app.update.url for nightly buildsWe won't use the same `app.update.url` for releases and nightly builds. So we need to change this pref in the nightly builds.
https://nightlies.tbb.torproject.org/nightly-updates/updates/ is where the updates xml for nightly builds are ...We won't use the same `app.update.url` for releases and nightly builds. So we need to change this pref in the nightly builds.
https://nightlies.tbb.torproject.org/nightly-updates/updates/ is where the updates xml for nightly builds are located.boklmboklmhttps://gitlab.torproject.org/legacy/trac/-/issues/33403Add nightly mar key to tor-browser2020-06-16T01:11:19ZboklmAdd nightly mar key to tor-browserIn #31988 I created a mar signing key for nightly builds. We should add it to tor-browser nightly builds.
It seems the path used by nightly build is `toolkit/mozapps/update/updater/nightly_aurora_level3_primary.der` (and `nightly_aurora...In #31988 I created a mar signing key for nightly builds. We should add it to tor-browser nightly builds.
It seems the path used by nightly build is `toolkit/mozapps/update/updater/nightly_aurora_level3_primary.der` (and `nightly_aurora_level3_secondary.der`).boklmboklmhttps://gitlab.torproject.org/legacy/trac/-/issues/33430Disable downloadable fonts on Safest security level2020-06-16T01:11:21ZTracDisable downloadable fonts on Safest security levelWebsites can circumvent measures by Tor Browser / NoScript to reject fonts.
Fonts can be injected as “application/font” data in base64 format, directly into the CSS! I discovered this at [CSS Tricks](https://css-tricks.com/snippets/css/...Websites can circumvent measures by Tor Browser / NoScript to reject fonts.
Fonts can be injected as “application/font” data in base64 format, directly into the CSS! I discovered this at [CSS Tricks](https://css-tricks.com/snippets/css/a-guide-to-flexbox/)... go figure. I've noticed this on another website since.
To replicate, go to the above site in Tor's highest security setting.
You'll see that the fonts are not your usual fonts.
Inspect the CSS and you'll see code like this to "import" the fonts:
@font-face {
font-family:sentinel ssm a;
src:url(data:application/x-font-woff2;base64,d09GMgABAAAAAFKQABIAAAAArzgAAFIsAAFNDgAAAAA etc etc);
font-weight:400;
font-style:normal
}
The thing that struck me is that the embedded mime type is ‘application/x-font-woff2’. What other “application” types might be embed-able and usable/executable?
I did a search and didn't see this as a ticket.
**Trac**:
**Username**: dcenthttps://gitlab.torproject.org/legacy/trac/-/issues/33482Update about:tor donate string2020-06-16T01:11:26ZAntonelaantonela@torproject.orgUpdate about:tor donate stringSarah suggested:
"On about:Tor instead of “Keep Tor Strong” how about something like, “Tor is free to use because of donations from people like you. Donate Now.”?" [i like it! -steph]
I attached a mockup.Sarah suggested:
"On about:Tor instead of “Keep Tor Strong” how about something like, “Tor is free to use because of donations from people like you. Donate Now.”?" [i like it! -steph]
I attached a mockup.Mark SmithMark Smithhttps://gitlab.torproject.org/legacy/trac/-/issues/33523release process: Rename the update responses directory to .old to make it eas...2020-06-16T01:11:29Zboklmrelease process: Rename the update responses directory to .old to make it easier to revert in case of problemIn order to make it easier to quickly disable an update in case of issue, I think it is useful to keep a copy of the previous update responses directory available.
I think we can do that by renaming `{alpha,release}` to `{alpha,release}...In order to make it easier to quickly disable an update in case of issue, I think it is useful to keep a copy of the previous update responses directory available.
I think we can do that by renaming `{alpha,release}` to `{alpha,release}.old` instead of just removing it.https://gitlab.torproject.org/legacy/trac/-/issues/33535openssl (for Windows) is including the year it was built on, causing the buil...2020-06-16T01:11:40Zboklmopenssl (for Windows) is including the year it was built on, causing the built to be unreproducible if built on different yearsMy build of 9.5a7-build2 is not matching with the build from Richard:
https://people.torproject.org/~richard/builds/9.5a7-build2/
https://people.torproject.org/~boklm/builds/9.5a7-build2/My build of 9.5a7-build2 is not matching with the build from Richard:
https://people.torproject.org/~richard/builds/9.5a7-build2/
https://people.torproject.org/~boklm/builds/9.5a7-build2/https://gitlab.torproject.org/legacy/trac/-/issues/33578Bump Snowflake version to 58b52eb9f72020-06-16T01:11:45ZCecylia BocovichBump Snowflake version to 58b52eb9f7This includes:
- refactoring changes to the Snowflake code
- removal of erroneous logging
- a bug fix for SOCKS handling
- removal of local LAN ICE candidates, and
- go.mod and go.sum files
Some additional changes were needed to h...This includes:
- refactoring changes to the Snowflake code
- removal of erroneous logging
- a bug fix for SOCKS handling
- removal of local LAN ICE candidates, and
- go.mod and go.sum files
Some additional changes were needed to handle this last change (see #33330).https://gitlab.torproject.org/legacy/trac/-/issues/33672Force include https-everywhere in incremental mar update2020-06-16T01:11:57ZMatthew FinkelForce include https-everywhere in incremental mar updateWe should include an older version of https-everywhere in the upcoming release. This won't be a problem for new installations. However, any recently run instance of Tor Browser mostlikely automatically upgraded to the newest https-e vers...We should include an older version of https-everywhere in the upcoming release. This won't be a problem for new installations. However, any recently run instance of Tor Browser mostlikely automatically upgraded to the newest https-e version (2020.3.16), so we should include the older version (2019.11.7) in our incremental mar files.
2019.11.7 is the version we included in the last Tor Browser version, so it won't be included in the incrementals. It seems like we can force inclusion in `make_incremental_update.sh`.
I see two options:
1. (tor-browser) Patch `tools/update-packaging/make_incremental_update.sh` so it always include https-everywhere (and then we revert/drop that patch at the next rebase)
1. (tor-browser-build) Patch `tools/update-responses/gen_incrementals` so it passes `-f $ext_path/$https_everywhere_dir/* $packed_https_e_path` (with appropriate paths) when it calls `make_incremental_update.sh`?
If there are alternatives, we can consider those, too.