Trac issueshttps://gitlab.torproject.org/legacy/trac/-/issues2020-06-16T01:26:05Zhttps://gitlab.torproject.org/legacy/trac/-/issues/33558Update TOPL To Use Updated Android Toolchain2020-06-16T01:26:05ZShane IsbellUpdate TOPL To Use Updated Android ToolchainWe need to upgrade android toolchain to support fenix. This requires update to TOPL build as well.We need to upgrade android toolchain to support fenix. This requires update to TOPL build as well.Georg KoppenGeorg Koppenhttps://gitlab.torproject.org/legacy/trac/-/issues/33557Update Android Toolchain for Fenix2020-06-16T01:26:05ZShane IsbellUpdate Android Toolchain for FenixFenix uses an updated Android SDK and NDK.Fenix uses an updated Android SDK and NDK.Georg KoppenGeorg Koppenhttps://gitlab.torproject.org/legacy/trac/-/issues/32895Improve marsigning_check.sh script to deal better with non-reproducible, sign...2020-06-16T01:25:57ZGeorg KoppenImprove marsigning_check.sh script to deal better with non-reproducible, signed macOS mar filesOur current mar-signing check script does two things:
1) It checks whether the SHA-256 sum from the signed .mar file is the same one as from the unsigned one and returns an error if so.
2) It strips the signature and compares the SHA-2...Our current mar-signing check script does two things:
1) It checks whether the SHA-256 sum from the signed .mar file is the same one as from the unsigned one and returns an error if so.
2) It strips the signature and compares the SHA-256 sum of the resulting .mar file with the unsigned one.
Step 2) essentially tries to do 2 checks in one: a) that there is a proper signature that can get stripped and b) that the resulting .mar file is the same as the unsigned one. That's cool in theory as we want to have both checks but it has a number of issues in practice. The most important ones are:
i) The script fails the mar-signing check for macOS as stripping the signatures from those files does not give us the unsigned .mar yet due to the content signing. (see: #20254)
ii) It's not clear we signed actually with the right key (although that is in practice not much of an issue) or whether the signature verifies later on (which is actually what we want to know).Georg KoppenGeorg Koppenhttps://gitlab.torproject.org/legacy/trac/-/issues/32355Tor Browser for Linux/ARMv7 (x86_64 build arch)2020-06-16T01:25:51ZJeremyRandTor Browser for Linux/ARMv7 (x86_64 build arch)The Tor Project should provide a Tor Browser compatible with the ARMv7 processor. This would provide a safe way of using Tor for users of the Samsung ARM Chromebook, the Samsung Chromebook 2, the Raspberry Pi, the Novena Open Laptop, and...The Tor Project should provide a Tor Browser compatible with the ARMv7 processor. This would provide a safe way of using Tor for users of the Samsung ARM Chromebook, the Samsung Chromebook 2, the Raspberry Pi, the Novena Open Laptop, and probably other platforms too.
This ticket is specifically for building Tor Browser for ARMv7 targets with the x86_64 build arch.https://gitlab.torproject.org/legacy/trac/-/issues/34379Fix learn more for Onion-Location2020-06-16T01:13:16ZAlex CatarineuFix learn more for Onion-LocationSimilar to #34369, we have to fix the learn more links in the doorhanger and in about:preferences to point to https://tb-manual.torproject.org/[locale]/onion-services/Similar to #34369, we have to fix the learn more links in the doorhanger and in about:preferences to point to https://tb-manual.torproject.org/[locale]/onion-services/Mark SmithMark Smithhttps://gitlab.torproject.org/legacy/trac/-/issues/34372Disable GeckoNetworkManager2020-06-16T01:13:15ZMatthew FinkelDisable GeckoNetworkManagerWe have [a patch](https://gitweb.torproject.org/tor-browser.git/commit/mobile/android/geckoview/src/main/java/org/mozilla/geckoview?h=tor-browser-68.9.0esr-10.0-1-build1&id=c010e1cb96eb1baa53e7a938b5af349d07a87b7d) from #25741 that claim...We have [a patch](https://gitweb.torproject.org/tor-browser.git/commit/mobile/android/geckoview/src/main/java/org/mozilla/geckoview?h=tor-browser-68.9.0esr-10.0-1-build1&id=c010e1cb96eb1baa53e7a938b5af349d07a87b7d) from #25741 that claims to disable the GeckoNetworkManager. GK noticed the logic is reversed.
Let's land this in an alpha and then backport it to stable after some testing. It should be mostly harmless.https://gitlab.torproject.org/legacy/trac/-/issues/34369Fix learn more link in Onion Auth prompt2020-06-16T01:13:14ZAntonelaantonela@torproject.orgFix learn more link in Onion Auth promptThe Learn more link in the "requesting your private key" dialogue leads to a 404 page:
https://2019.www.torproject.org/docs/tor-manual-dev.html.en-US#_client_…
It should go to
https://tb-manual.torproject.org/onion-services/
or
http...The Learn more link in the "requesting your private key" dialogue leads to a 404 page:
https://2019.www.torproject.org/docs/tor-manual-dev.html.en-US#_client_…
It should go to
https://tb-manual.torproject.org/onion-services/
or
https://support.torproject.org/onionservices/client-auth/
via https://blog.torproject.org/comment/288070#comment-288070Mark SmithMark Smithhttps://gitlab.torproject.org/legacy/trac/-/issues/34362Improve Onion Service Authentication prompt2020-06-16T01:13:13ZMatthew FinkelImprove Onion Service Authentication prompthttps://blog.torproject.org/comment/288030#comment-288030
pastly commented that the current phrasing implies Tor Browser will send the private key to the onion service (because the onion service "requested it").
pastly, subsequently, s...https://blog.torproject.org/comment/288030#comment-288030
pastly commented that the current phrasing implies Tor Browser will send the private key to the onion service (because the onion service "requested it").
pastly, subsequently, suggested something like "foo.onion requires you to authenticate. Please enter the private key for your identity with this onion service".
The message should imply that the private key is needed for authentication, but the key is only used locally to prove possession of it (via crypto magic), and the key is not actually sent to the onion service.
Related: #30237Mark SmithMark Smithhttps://gitlab.torproject.org/legacy/trac/-/issues/34361"Prioritize .onion sites when known" appears under General2020-06-16T01:13:12ZMatthew Finkel"Prioritize .onion sites when known" appears under Generalhttps://blog.torproject.org/comment/288024#comment-288024
When `about:preferences#general` is opened in a new tab, "Onion Services" appears at the bottom of the list.https://blog.torproject.org/comment/288024#comment-288024
When `about:preferences#general` is opened in a new tab, "Onion Services" appears at the bottom of the list.https://gitlab.torproject.org/legacy/trac/-/issues/27105Fix Tor Browser testsuite2020-06-16T01:13:09ZboklmFix Tor Browser testsuiteWe need to fix the Tor Browser testsuite to work with esr78 based Tor Browser.We need to fix the Tor Browser testsuite to work with esr78 based Tor Browser.Alex CatarineuAlex Catarineuhttps://gitlab.torproject.org/legacy/trac/-/issues/34250Fix torbutton noscript-control race condition2020-06-16T01:13:07ZAlex CatarineuFix torbutton noscript-control race conditionWhile debugging some testsuite tests, I saw some race condition with the noscript initialization which prevents some tests from running correctly.
We currently listen for both `startup` and `pageshow` events [here](https://gitweb.torpro...While debugging some testsuite tests, I saw some race condition with the noscript initialization which prevents some tests from running correctly.
We currently listen for both `startup` and `pageshow` events [here](https://gitweb.torproject.org/torbutton.git/tree/modules/noscript-control.js?id=36f8182a25818548d62b7fbc6be4d2472773b820#n149), and in some tests, `pageshow` events are being received before `startup`, which results in the configuration message being lost and noscript being initialized with the default settings, blocking scripts.
This was originally introduced in #27427, which added checks for the event types precisely because of these issues. However, "pageshow" in specific situations also seems to trigger those.
In that ticket, "pageshow" was added `for a slightly more graceful failure mode in case Torbutton somehow misses NoScript startup`. However, I don't think that can really happen, and I suggest we just listen to `startup`.Alex CatarineuAlex Catarineuhttps://gitlab.torproject.org/legacy/trac/-/issues/34209about:tor and about:tbupdate fail to load in debug build of Tor Browser2020-06-16T01:13:03ZMark Smithabout:tor and about:tbupdate fail to load in debug build of Tor BrowserWhen using a debug build based on acat's 33533+5 branch, trying to open about:tor or about:tbupdate leads to an assertion failure and a tab crash:
Assertion failure: foundObjectSrc (about: page must contain a CSP denying object-src), at...When using a debug build based on acat's 33533+5 branch, trying to open about:tor or about:tbupdate leads to an assertion failure and a tab crash:
Assertion failure: foundObjectSrc (about: page must contain a CSP denying object-src), at /.../dom/security/nsContentSecurityUtils.cpp:818
We need to add `object-src 'none'` to the CSP for those pages.Mark SmithMark Smithhttps://gitlab.torproject.org/legacy/trac/-/issues/33998stop using XUL <grid> soon2020-06-16T01:12:46ZMark Smithstop using XUL <grid> soonMozilla is removing support for XUL <grid>, probably in Firefox 78. References:
https://bugzilla.mozilla.org/show_bug.cgi?id=1525737
https://groups.google.com/forum/#!topic/mozilla.dev.platform/yDiT7nEWe2c
Our Tor Browser patches use it...Mozilla is removing support for XUL <grid>, probably in Firefox 78. References:
https://bugzilla.mozilla.org/show_bug.cgi?id=1525737
https://groups.google.com/forum/#!topic/mozilla.dev.platform/yDiT7nEWe2c
Our Tor Browser patches use it here:
https://gitweb.torproject.org/tor-browser.git/tree/browser/components/torpreferences/content/torPane.xul?h=tor-browser-68.7.0esr-9.5-1#n77
Tor Launcher uses it here:
https://gitweb.torproject.org/tor-launcher.git/tree/src/chrome/content/network-settings-shared.js#n15Mark SmithMark Smithhttps://gitlab.torproject.org/legacy/trac/-/issues/33962Uplift patch for 5741 (dns leak protection)2020-06-16T01:12:41ZAlex CatarineuUplift patch for 5741 (dns leak protection)This should probably be under the `--enable-proxy-bypass-protection` flag.This should probably be under the `--enable-proxy-bypass-protection` flag.Alex CatarineuAlex Catarineuhttps://gitlab.torproject.org/legacy/trac/-/issues/33890Rename .xul to .xhtml2020-06-16T01:12:33ZAlex CatarineuRename .xul to .xhtmlFirefox did a mass rename of all .xul files to .xhtml in https://bugzilla.mozilla.org/show_bug.cgi?id=1579952. We need to do the same in torbutton and tor-launcher, as well as in several Tor Browser patches that involve UI.Firefox did a mass rename of all .xul files to .xhtml in https://bugzilla.mozilla.org/show_bug.cgi?id=1579952. We need to do the same in torbutton and tor-launcher, as well as in several Tor Browser patches that involve UI.https://gitlab.torproject.org/legacy/trac/-/issues/33864Nightly Tor Browser updates are broken since at least 4/6/20202020-06-16T01:12:27ZGeorg KoppenNightly Tor Browser updates are broken since at least 4/6/2020I tried to update my Tor Browser nightly on 04/06/2020 that is still using the version from 04/02/2020. It said my Tor Browser is up-to-date. However, newer nightly binaries were available, e.g. from 04/06/2020.I tried to update my Tor Browser nightly on 04/06/2020 that is still using the version from 04/02/2020. It said my Tor Browser is up-to-date. However, newer nightly binaries were available, e.g. from 04/06/2020.https://gitlab.torproject.org/legacy/trac/-/issues/33862Fix usages of createTransport API2020-06-16T01:12:27ZAlex CatarineuFix usages of createTransport APIThere was a nsISocketTransportService breaking change in https://bugzilla.mozilla.org/show_bug.cgi?id=1558726. We have to fix those in torbutton and tor-launcher.There was a nsISocketTransportService breaking change in https://bugzilla.mozilla.org/show_bug.cgi?id=1558726. We have to fix those in torbutton and tor-launcher.https://gitlab.torproject.org/legacy/trac/-/issues/33851Patch out Parental Controls detection and logging2020-06-16T01:12:23ZrichardPatch out Parental Controls detection and loggingWe should remove the per-OS implementations of nsIParentalControlsService in `/toolkit/components/parentalcontrols` and always use the stubbed-out `nsParentalControlsServiceDefault.cpp` implementation.
When an implementation is present,...We should remove the per-OS implementations of nsIParentalControlsService in `/toolkit/components/parentalcontrols` and always use the stubbed-out `nsParentalControlsServiceDefault.cpp` implementation.
When an implementation is present, URIs are sent to an `isAllowed(...` function that parental control software presumably can hook in the OS to filter content, and a `log(...)` method also takes in URIs.Mark SmithMark Smithhttps://gitlab.torproject.org/legacy/trac/-/issues/33848Disable Enhanced Tracking Protection (assuming we want it disabled)2020-06-16T01:12:22ZrichardDisable Enhanced Tracking Protection (assuming we want it disabled)There doesn't seem to be a single pref that disables everything, here's the prefs we need to set to disable the functionality:
- network.cookie.cookieBehavior = 0
- privacy.trackingprotection.enabled = false
- privacy.trackingprotect...There doesn't seem to be a single pref that disables everything, here's the prefs we need to set to disable the functionality:
- network.cookie.cookieBehavior = 0
- privacy.trackingprotection.enabled = false
- privacy.trackingprotection.pbmode.enabled = false
- privacy.trackingprotection.socialtracking.enabled = false
- privacy.trackingprotection.cryptomining.enabled = false
- privacy.trackingprotection.fingerprinting.enabled = false
We would need to some code to remove the ETP UI from about:preferences, the urlbar, etc.Mark SmithMark Smithhttps://gitlab.torproject.org/legacy/trac/-/issues/30832Fix tor-browser tbb-tests2020-06-16T01:04:56ZAlex CatarineuFix tor-browser tbb-testsWith current rebased tor-browser ESR68 branch I can only run tbb-tests (with `run-tbb-tests` script) when `pref("network.file.path_blacklist", "/net")` is removed and `pref("extensions.torbutton.use_nontor_proxy", true);` is set, apart f...With current rebased tor-browser ESR68 branch I can only run tbb-tests (with `run-tbb-tests` script) when `pref("network.file.path_blacklist", "/net")` is removed and `pref("extensions.torbutton.use_nontor_proxy", true);` is set, apart from disabling tor-launcher. The second pref disables the domain isolator, which makes sense since it expects SOCKS5 proxies, but mochitests override that. For the other pref, not sure why `network.file.path_blacklist` needs to be unset (at least for Linux).
We could put these prefs in `testing/marionette/prefs/marionette.js` so that tests can be run (unless there is a simpler way to get the tests tor run that I'm missing).Alex CatarineuAlex Catarineu