Trac issueshttps://gitlab.torproject.org/legacy/trac/-/issues2020-06-16T01:12:49Zhttps://gitlab.torproject.org/legacy/trac/-/issues/34032Use Securedrop's Official https-everywhere ruleset2020-06-16T01:12:49ZMatthew FinkelUse Securedrop's Official https-everywhere rulesetLet's create a fixup for #28005.
Official ruleset is now: https://securedrop.org/https-everywhere/
New signing key: https://github.com/freedomofpress/securedrop-https-everywhere-ruleset/blob/master/release-pubkey.jwk
(also in footer of...Let's create a fixup for #28005.
Official ruleset is now: https://securedrop.org/https-everywhere/
New signing key: https://github.com/freedomofpress/securedrop-https-everywhere-ruleset/blob/master/release-pubkey.jwk
(also in footer of securedrop.org)
The repository for storing the official HTTPS Everywhere ruleset channel is here:
https://github.com/freedomofpress/securedrop-https-everywhere-rulesethttps://gitlab.torproject.org/legacy/trac/-/issues/34006How to register .tor.onion ?2020-06-16T01:12:47ZcypherpunksHow to register .tor.onion ?I have 4+ years onion service so I"d like to have (short name).tor.onion.I have 4+ years onion service so I"d like to have (short name).tor.onion.https://gitlab.torproject.org/legacy/trac/-/issues/33993In input_files, target, target_prepend, target_append are silently ignored if...2020-06-13T17:39:37ZboklmIn input_files, target, target_prepend, target_append are silently ignored if they are not an arrayIn input_files, rbm expect `target`, `target_prepend`, `target_append` to be a list of strings. If they are not, they are silently ignored, which can be confusing. Instead it should probably exit with an error.In input_files, rbm expect `target`, `target_prepend`, `target_append` to be a list of strings. If they are not, they are silently ignored, which can be confusing. Instead it should probably exit with an error.boklmboklmhttps://gitlab.torproject.org/legacy/trac/-/issues/33990Make the showconf and other commands define step by default2020-06-13T17:39:36ZboklmMake the showconf and other commands define step by defaultWhile testing a patch for #33987, I noticed that the `showconf` command (and all other commands except `build`) have `rbm_init` as default step, unless the `--step` option is used.
I think it would be better if `step` was automatically ...While testing a patch for #33987, I noticed that the `showconf` command (and all other commands except `build`) have `rbm_init` as default step, unless the `--step` option is used.
I think it would be better if `step` was automatically initialized with the value from `pkg_type`, matching the behavior from the `build` command.boklmboklmhttps://gitlab.torproject.org/legacy/trac/-/issues/33987Make var/build_id_txt work in non-build steps2020-06-16T01:12:44ZboklmMake var/build_id_txt work in non-build stepsWe use `var/build_id_txt` (and `var/build_id`) to generate a hash that is changing when the build script or any dependencies is changing.
It includes this line:
```
[% c("build", { filename => 'f', output_dir => '/out', norec => {} }) %...We use `var/build_id_txt` (and `var/build_id`) to generate a hash that is changing when the build script or any dependencies is changing.
It includes this line:
```
[% c("build", { filename => 'f', output_dir => '/out', norec => {} }) %]
```
However, this won't work if we are in a step that is not `build`.https://gitlab.torproject.org/legacy/trac/-/issues/33952Document the process to update ssh keys and add/remove users from build-sunet...2020-06-16T01:12:38ZboklmDocument the process to update ssh keys and add/remove users from build-sunet-a.torproject.netWe should document the process to update ssh keys and add/remove users from build-sunet-a.torproject.net. Probably in `tools/ansible/README` in `tor-browser-build`.We should document the process to update ssh keys and add/remove users from build-sunet-a.torproject.net. Probably in `tools/ansible/README` in `tor-browser-build`.https://gitlab.torproject.org/legacy/trac/-/issues/33950Add instructions for rolling back already rolled out update in tor-browser-sp...2020-06-16T01:12:38ZboklmAdd instructions for rolling back already rolled out update in tor-browser-spec.git/processes/ReleaseProcessIn some cases we might want to disable an update after releasing it, for example after discovering an important issue. We should have instructions in `processes/ReleaseProcess` explaining how to do that.In some cases we might want to disable an update after releasing it, for example after discovering an important issue. We should have instructions in `processes/ReleaseProcess` explaining how to do that.https://gitlab.torproject.org/legacy/trac/-/issues/33926tor-browser-bundle-testsuite.git is missing is LICENSE file2020-06-16T01:12:34Zboklmtor-browser-bundle-testsuite.git is missing is LICENSE fileSimilarly to #32038, we should add a LICENSE file to `tor-browser-bundle-testsuite.git`.Similarly to #32038, we should add a LICENSE file to `tor-browser-bundle-testsuite.git`.https://gitlab.torproject.org/legacy/trac/-/issues/33877Disable Samples and Regression tests For Libevent Build2020-06-16T01:12:30ZShane IsbellDisable Samples and Regression tests For Libevent BuildLibevent flags for samples and regression tests aren't part of the final package so remove them from the build for all platforms
--disable-libevent-regress --disable-samplesLibevent flags for samples and regression tests aren't part of the final package so remove them from the build for all platforms
--disable-libevent-regress --disable-sampleshttps://gitlab.torproject.org/legacy/trac/-/issues/33845namecoin-torbutton.patch needs to be rebased2020-06-16T01:12:22Zboklmnamecoin-torbutton.patch needs to be rebasedLatest nightly build failed while applying `namecoin-torbutton.patch`:
```
Starting build: Wed Apr 8 03:33:01 2020
/var/tmp/dist/gcc/bin ~
~
patching file mobile/android/app/src/main/assets/publicsuffixlist
patching file netwerk/dns/eff...Latest nightly build failed while applying `namecoin-torbutton.patch`:
```
Starting build: Wed Apr 8 03:33:01 2020
/var/tmp/dist/gcc/bin ~
~
patching file mobile/android/app/src/main/assets/publicsuffixlist
patching file netwerk/dns/effective_tld_names.dat
Hunk #1 succeeded at 5499 (offset 2 lines).
/var/tmp/build/firefox-e09b2deb2169/toolkit/torproject/torbutton /var/tmp/build/firefox-e09b2deb2169
patching file chrome/content/tor-circuit-display.js
Hunk #1 succeeded at 48 (offset -1 lines).
Hunk #2 succeeded at 136 (offset 6 lines).
Hunk #3 succeeded at 171 (offset 6 lines).
Hunk #4 FAILED at 341.
Hunk #5 succeeded at 485 (offset 32 lines).
Hunk #6 succeeded at 498 (offset 32 lines).
Hunk #7 succeeded at 514 (offset 31 lines).
1 out of 7 hunks FAILED -- saving rejects to file chrome/content/tor-circuit-display.js.rej
```https://gitlab.torproject.org/legacy/trac/-/issues/33838Update Onion-Location in tor-browser-spec2020-06-16T01:12:20ZAlex CatarineuUpdate Onion-Location in tor-browser-specIn #21952 I updated the onion-location spec (https://github.com/acatarineu/torspec/blob/21952+1/proposals/ideas/onion-location.txt) based on https://gitweb.torproject.org/user/asn/torspec.git/commit/?h=onion-location&id=14fc750e3afcd759f...In #21952 I updated the onion-location spec (https://github.com/acatarineu/torspec/blob/21952+1/proposals/ideas/onion-location.txt) based on https://gitweb.torproject.org/user/asn/torspec.git/commit/?h=onion-location&id=14fc750e3afcd759f4235ab955535a07eed24286. I did not realize that this was already in the `tor-browser-spec` repo: https://gitweb.torproject.org/tor-browser-spec.git/tree/proposals/100-onion-location-header.txt.
In any case, I think we should update that spec in the upstream tor-browser-spec repo.https://gitlab.torproject.org/legacy/trac/-/issues/33807Namecoin eTLD patch conflicted with securedrop.tor.onion2020-06-16T01:12:17ZMatthew FinkelNamecoin eTLD patch conflicted with securedrop.tor.onion```
/tmp/tmp.EB97rs4a6X/z /var/tmp/dist/firefox
/var/tmp/dist/firefox
Starting build: Fri Apr 3 08:07:15 2020
/var/tmp/dist/gcc/bin ~
~
patching file mobile/android/app/src/main/assets/publicsuffixlist
patching file netwerk/dns/effectiv...```
/tmp/tmp.EB97rs4a6X/z /var/tmp/dist/firefox
/var/tmp/dist/firefox
Starting build: Fri Apr 3 08:07:15 2020
/var/tmp/dist/gcc/bin ~
~
patching file mobile/android/app/src/main/assets/publicsuffixlist
patching file netwerk/dns/effective_tld_names.dat
Hunk #1 FAILED at 5480.
1 out of 1 hunk FAILED -- saving rejects to file netwerk/dns/effective_tld_names.dat.rej
```
where the namecoin eTLD patch (`projects/firefox/namecoin-etld.patch`) does:
```
diff --git a/netwerk/dns/effective_tld_names.dat b/netwerk/dns/effective_tld_names.dat
index 9dd962a..3402b20 100644
--- a/netwerk/dns/effective_tld_names.dat
+++ b/netwerk/dns/effective_tld_names.dat
@@ -5480,6 +5480,7 @@ pro.om
// onion : https://tools.ietf.org/html/rfc7686
onion
+bit.onion
// org : https://en.wikipedia.org/wiki/.org
org
```
It's an easy fix.https://gitlab.torproject.org/legacy/trac/-/issues/33805While building tbb-9.0.8-build3 the build of openssl for Windows fails2020-06-16T01:12:16ZboklmWhile building tbb-9.0.8-build3 the build of openssl for Windows failsThe build of openssl fails with the following error:
```
*** Installing runtime libraries
install libcrypto-1_1.dll -> /var/tmp/dist/openssl/Program\ Files\ \(x86\)/OpenSSL/bin/libcrypto-1_1.dll
cp: cannot create regular file '/var/tmp/d...The build of openssl fails with the following error:
```
*** Installing runtime libraries
install libcrypto-1_1.dll -> /var/tmp/dist/openssl/Program\ Files\ \(x86\)/OpenSSL/bin/libcrypto-1_1.dll
cp: cannot create regular file '/var/tmp/dist/openssl/Program\ Files\ \(x86\)/OpenSSL/bin/libcrypto-1_1.dll.new': No such file or directory
make: *** [install_runtime_libs] Error 1
Makefile:456: recipe for target 'install_runtime_libs' failed
```https://gitlab.torproject.org/legacy/trac/-/issues/33802--enable-secure-api is not supported anymore in mingw-w642020-06-16T01:12:16ZGeorg Koppen--enable-secure-api is not supported anymore in mingw-w64Jacek removed the option to disable the secure API a while back (commit 3bef7c2206bb6f9552ea7e61315c4bf7af3aa6c9). So, now the configure part is emitting the following warning:
```
configure: WARNING: unrecognized options: --enable-secur...Jacek removed the option to disable the secure API a while back (commit 3bef7c2206bb6f9552ea7e61315c4bf7af3aa6c9). So, now the configure part is emitting the following warning:
```
configure: WARNING: unrecognized options: --enable-secure-api
```Georg KoppenGeorg Koppenhttps://gitlab.torproject.org/legacy/trac/-/issues/33771Missing LibEvent License2022-07-08T20:55:01ZMatthew FinkelMissing LibEvent LicenseUnless I missed the license somewhere, we are not distributing libevent (in binary form) along with its license. We should correct this.Unless I missed the license somewhere, we are not distributing libevent (in binary form) along with its license. We should correct this.https://gitlab.torproject.org/legacy/trac/-/issues/33761Remove unnecessary dependencies of Snowflake from Tor Browser2020-06-16T01:12:11ZCecylia BocovichRemove unnecessary dependencies of Snowflake from Tor Browserpion/webrtc brings in a lot of dependencies for Tor Browser, and many of these are for unused features. Specifically, we never use pion/quic, and its dependency on quic-go has the potential to cause us a lot of headache in the future (se...pion/webrtc brings in a lot of dependencies for Tor Browser, and many of these are for unused features. Specifically, we never use pion/quic, and its dependency on quic-go has the potential to cause us a lot of headache in the future (see #33745).https://gitlab.torproject.org/legacy/trac/-/issues/33749Stem is Outdated in Tor Browser's Namecoin Support2020-06-16T01:26:30ZJeremyRandStem is Outdated in Tor Browser's Namecoin SupportTor Browser is using Stem 1.7.1, which is impacted by #30882, for Namecoin support. We should upgrade it to Stem 1.8.0 so that users of Python 3.8+ don't run into problems.
Thanks to /u/OsrsNeedsF2P on /r/Namecoin for reporting this; o...Tor Browser is using Stem 1.7.1, which is impacted by #30882, for Namecoin support. We should upgrade it to Stem 1.8.0 so that users of Python 3.8+ don't run into problems.
Thanks to /u/OsrsNeedsF2P on /r/Namecoin for reporting this; original report is at https://old.reddit.com/r/Namecoin/comments/fjo3qq/we_need_more_testers_for_the_namecoin_tor_browser/fkobn93/ .https://gitlab.torproject.org/legacy/trac/-/issues/33726Fix patch for #23247: Communicating security expectations for .onion2020-06-16T01:12:05ZAlex CatarineuFix patch for #23247: Communicating security expectations for .onionWhile working on #33533 I realized that in the switch to ESR68 (#30429) the patch for #23247 was ported incorrectly. The original patch for ESR60 was `651e4ef7de3e` and the mistake was introduced in revision https://github.com/acatarineu...While working on #33533 I realized that in the switch to ESR68 (#30429) the patch for #23247 was ported incorrectly. The original patch for ESR60 was `651e4ef7de3e` and the mistake was introduced in revision https://github.com/acatarineu/tor-browser/commits/30429+6 (see comment in https://trac.torproject.org/projects/tor/ticket/30429#comment:26).
My understanding is that in the original patch, the block of `if (isHttpScheme && IsPotentiallyTrustworthyOnion(innerContentLocation)) {` was moved from https://github.com/acatarineu/tor-browser/commit/651e4ef7de3e#diff-b6c711bd6646bb39271394da3fc55d0cL754 to https://github.com/acatarineu/tor-browser/commit/651e4ef7de3e#diff-b6c711bd6646bb39271394da3fc55d0cR737 in order to allow mixed contents in workers for the .onion case (which would get disallowed otherwise).
However, in ESR68 there's `IsPotentiallyTrustworthyOrigin` with includes `IsPotentiallyTrustworthyOnion`. So, I think this block: https://github.com/acatarineu/tor-browser/commit/6301359f2742d070b1b4149d13c388e96b1b8080#diff-b6c711bd6646bb39271394da3fc55d0cL778 should not be removed, since it's not the same as the one that is added in https://github.com/acatarineu/tor-browser/commit/6301359f2742d070b1b4149d13c388e96b1b8080#diff-b6c711bd6646bb39271394da3fc55d0cR771.
I think this is not a security issue, the result of this bug is that we are not allowing cases that we should (all cases of `IsPotentiallyTrustworthyOrigin` that are not `.onion`).https://gitlab.torproject.org/legacy/trac/-/issues/33707Swap out onion icon in circuit display with new one2020-06-16T01:12:02ZrichardSwap out onion icon in circuit display with new onerichardrichardhttps://gitlab.torproject.org/legacy/trac/-/issues/33698Update "About Tor Browser" links in Tor Browser2020-06-16T01:12:01ZGusUpdate "About Tor Browser" links in Tor BrowserIn Tor Browser, in Help > About Tor Browser, we should update some links:
1. Donate to https://donate.torproject.org
2. Get involved to https://community.torproject.org
3. Questions to https://support.torproject.org
4. Help the Tor Netw...In Tor Browser, in Help > About Tor Browser, we should update some links:
1. Donate to https://donate.torproject.org
2. Get involved to https://community.torproject.org
3. Questions to https://support.torproject.org
4. Help the Tor Network Grow! to https://community.torproject.org/relayMark SmithMark Smith