Trac issueshttps://gitlab.torproject.org/legacy/trac/-/issues2020-06-13T15:42:54Zhttps://gitlab.torproject.org/legacy/trac/-/issues/30958Stop removing the ed25519 signature when the extra-info file is too big2020-06-13T15:42:54ZteorStop removing the ed25519 signature when the extra-info file is too bigIn #30956, I discovered that the ed25519 signature extra-info line is
split across two chunks.
If the extra-info file gets too big, tor removes one chunk at a time. So each chunk needs to be a complete line.
Edit: but in this case, we ...In #30956, I discovered that the ed25519 signature extra-info line is
split across two chunks.
If the extra-info file gets too big, tor removes one chunk at a time. So each chunk needs to be a complete line.
Edit: but in this case, we should just stop removing the signatureTor: 0.4.2.x-finalteorteorhttps://gitlab.torproject.org/legacy/trac/-/issues/30967Make shellcheck ignore user-created directories, and run it during pre-commit2020-06-13T15:42:56ZteorMake shellcheck ignore user-created directories, and run it during pre-commitAt the moment, we shellcheck all the directories inside the tor directory, even user directories like .git, user-specified build directories, and directories that are added during tests.
This change will conflict with #30963, so it shou...At the moment, we shellcheck all the directories inside the tor directory, even user directories like .git, user-specified build directories, and directories that are added during tests.
This change will conflict with #30963, so it should be based on that branch.Tor: 0.4.2.x-finalteorteorhttps://gitlab.torproject.org/legacy/trac/-/issues/31089Consider using data-URI to embed how_tor_works_thumb.png image into tor-exit-...2020-06-13T15:43:25Zrl1987Consider using data-URI to embed how_tor_works_thumb.png image into tor-exit-notice.htmlWe can only serve a single HTML file with `DirPortFrontPage` configuration option. Currently we provide an exit notice file in tor-exit-notice.html, which embeds an image with basic Tor network schematics from Tor website. We may want to...We can only serve a single HTML file with `DirPortFrontPage` configuration option. Currently we provide an exit notice file in tor-exit-notice.html, which embeds an image with basic Tor network schematics from Tor website. We may want to use data-URI format (as described in RFC 2397) to hardcode this image into HTML and avoid loading it from external webserver.Tor: 0.2.9.x-finalhttps://gitlab.torproject.org/legacy/trac/-/issues/31406new ip-address for tor.dizum.com (auth-dir)2020-06-13T15:44:16ZAlex de Joodenew ip-address for tor.dizum.com (auth-dir)```
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi Guys,
tor.dizum.com has changed it's IP address. As tor.dizum.com is a directory server, it's ip address is hardcoded in the source code.
Please update the ip.
OLD: 194.109.206.212...```
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi Guys,
tor.dizum.com has changed it's IP address. As tor.dizum.com is a directory server, it's ip address is hardcoded in the source code.
Please update the ip.
OLD: 194.109.206.212
NEW: 45.66.33.45
You can verify and validate this change by either
1) retrieving the ip for tor.dizum.com.
2) contact alex, by email or by phone or on irc to verify this change.
3) you could read the announcement at the dir-auth list.
-----BEGIN PGP SIGNATURE-----
Version: BCPG v1.47
iGYEARECACYFAl1RuckfHEFsZXggZGUgSm9vZGUgPGFsZXhAaWRnYXJhLm5sPgAK
CRB4AD5zEX0r0DQsAJwN+/zRHTRgIiiXps8Lw0NieQgFpACgoz/YHdlt/X2YMQQL
bpY/OwGavRE=
=SFAn
-----END PGP SIGNATURE-----
```Tor: 0.2.9.x-finalhttps://gitlab.torproject.org/legacy/trac/-/issues/31427Update BridgeDB's documentation2020-06-13T18:29:43ZPhilipp Winterphw@torproject.orgUpdate BridgeDB's documentationParts of BridgeDB's documentation is out-of-date. We should:
* Update the AUTHORS file.
* Update HACKING.md.
* Update contact info and the trac URL to file bugs.
I'll push a patch set in a minute.Parts of BridgeDB's documentation is out-of-date. We should:
* Update the AUTHORS file.
* Update HACKING.md.
* Update contact info and the trac URL to file bugs.
I'll push a patch set in a minute.Philipp Winterphw@torproject.orgPhilipp Winterphw@torproject.orghttps://gitlab.torproject.org/legacy/trac/-/issues/31461Fix some typos in the 0.4.1 ReleaseNotes and ChangeLog2020-06-13T15:44:21ZteorFix some typos in the 0.4.1 ReleaseNotes and ChangeLogTor: 0.4.2.x-finalteorteorhttps://gitlab.torproject.org/legacy/trac/-/issues/31462Remove duplicate call to practracker in pre-commit hook2020-06-13T15:44:22ZteorRemove duplicate call to practracker in pre-commit hook#30051 added practracker to the pre-push and pre-commit hooks, but the pre-push hook already calls the pre-commit hook.
I'm just opening this ticket for the bug number, the fix PR is in #30979.
gaba, I think tooling can be part of spon...#30051 added practracker to the pre-push and pre-commit hooks, but the pre-push hook already calls the pre-commit hook.
I'm just opening this ticket for the bug number, the fix PR is in #30979.
gaba, I think tooling can be part of sponsor 31?Tor: 0.4.2.x-finalteorteorhttps://gitlab.torproject.org/legacy/trac/-/issues/31548hs-v3: Service can pick more than HiddenServiceNumIntroductionPoints intro po...2020-06-13T15:46:40ZDavid Gouletdgoulet@torproject.orghs-v3: Service can pick more than HiddenServiceNumIntroductionPoints intro pointsDuring my testing of #30200, I ended up with service descriptor with 4 intro points even though `HiddenServiceNumIntroductionPoints` is set to 3 (default).
Further investigation confirmed this by adding a log in the `decode_intro_points...During my testing of #30200, I ended up with service descriptor with 4 intro points even though `HiddenServiceNumIntroductionPoints` is set to 3 (default).
Further investigation confirmed this by adding a log in the `decode_intro_points()` function which showed me 4 intro points.
I haven't found out why but one feature of HS is that we launch `HiddenServiceNumIntroductionPoints` + 2 intro circuits in parallel and the first one to finish are picked.
It appears that more than the defined value can finish at the same time and will be picked.Tor: 0.3.5.x-finalDavid Gouletdgoulet@torproject.orgDavid Gouletdgoulet@torproject.orghttps://gitlab.torproject.org/legacy/trac/-/issues/31554Restrict "make test-stem" to tests that actually use tor2020-06-13T15:44:51ZteorRestrict "make test-stem" to tests that actually use torIn #30694, we restricted the travis stem job to tests that actually use tor.
But we should lower that change to "make test-stem".
Gaba, this is sponsor 27 can, because it makes refactoring easier to test.In #30694, we restricted the travis stem job to tests that actually use tor.
But we should lower that change to "make test-stem".
Gaba, this is sponsor 27 can, because it makes refactoring easier to test.Tor: 0.3.5.x-finalteorteorhttps://gitlab.torproject.org/legacy/trac/-/issues/31598Properly enable letterboxing (again)2020-06-16T01:07:07ZGeorg KoppenProperly enable letterboxing (again)It seems while rebasing in #30429 we did not realize that the letterboxing patches made it into ESR 68 yet the pref to enabled the functionality needs still to get set.It seems while rebasing in #30429 we did not realize that the letterboxing patches made it into ESR 68 yet the pref to enabled the functionality needs still to get set.https://gitlab.torproject.org/legacy/trac/-/issues/31601Don't let Mozilla recommend extensions again2020-06-16T01:07:08ZGeorg KoppenDon't let Mozilla recommend extensions againIt seems we need to ramp up our defense against the threat in #22899 again with ESR 68 as our users are getting shown recommended extensions again.It seems we need to ramp up our defense against the threat in #22899 again with ESR 68 as our users are getting shown recommended extensions again.https://gitlab.torproject.org/legacy/trac/-/issues/31692Upgrade obfs4 Docker image to Debian buster2020-06-13T18:33:12ZPhilipp Winterphw@torproject.orgUpgrade obfs4 Docker image to Debian busterVersion 0.1 of [our obfs4 Docker image](https://dip.torproject.org/torproject/anti-censorship/docker-obfs4-bridge) is using stretch, which is Debian's old stable. Let's upgrade it to Debian buster.Version 0.1 of [our obfs4 Docker image](https://dip.torproject.org/torproject/anti-censorship/docker-obfs4-bridge) is using stretch, which is Debian's old stable. Let's upgrade it to Debian buster.Philipp Winterphw@torproject.orgPhilipp Winterphw@torproject.orghttps://gitlab.torproject.org/legacy/trac/-/issues/31734Add accessor functions for cb_buf, which enforce locking and unlocking2020-06-13T15:45:35ZteorAdd accessor functions for cb_buf, which enforce locking and unlockingPart of #31614Part of #31614Tor: 0.4.2.x-finalteorteorhttps://gitlab.torproject.org/legacy/trac/-/issues/31807Update outdated documentation note for "bridge-distribution"2020-06-13T15:45:49ZPhilipp Winterphw@torproject.orgUpdate outdated documentation note for "bridge-distribution"Tor's man page currently documents the `BridgeDistribution` option as:
```
BridgeDistribution string
If set along with BridgeRelay, Tor will include a new line in its bridge descriptor which indicates to the BridgeDB se...Tor's man page currently documents the `BridgeDistribution` option as:
```
BridgeDistribution string
If set along with BridgeRelay, Tor will include a new line in its bridge descriptor which indicates to the BridgeDB service how it would
like its bridge address to be given out. Set it to "none" if you want BridgeDB to avoid distributing your bridge address, or "any" to let
BridgeDB decide. (Default: any)
Note: as of Oct 2017, the BridgeDB part of this option is not yet implemented. Until BridgeDB is updated to obey this option, your bridge
will make this request, but it will not (yet) be obeyed.
```
Similarly, dir-spec.txt says about `bridge-distribution-request`:
```
All bridges SHOULD include this line. Non-bridges MUST NOT include
it. (It is currently ignored by Bridge DB.)
```
BridgeDB however implements this option since 0.5.0, see #23957. I'll push a fix for these issues in a second.Tor: 0.4.2.x-finalhttps://gitlab.torproject.org/legacy/trac/-/issues/31851Allow Tor to be compiled without support for relay mode2020-06-13T15:46:01ZteorAllow Tor to be compiled without support for relay modeLet's make some more optional modules.
Our target set of modules might include:
* dirauth - the code only used by directory authorities (including bridge authorities)
* dircache - the code only used by directory caches and directory aut...Let's make some more optional modules.
Our target set of modules might include:
* dirauth - the code only used by directory authorities (including bridge authorities)
* dircache - the code only used by directory caches and directory authorities
* relay - the code only used by relays and directory authorities
* common - the code used by all roles
I'll do a design, and a proposed CI build strategy, and then get it reviewed.Tor: unspecifiedhttps://gitlab.torproject.org/legacy/trac/-/issues/31854In tests and log.c, stop using ~0 a log domain mask2020-06-13T15:46:02ZNick MathewsonIn tests and log.c, stop using ~0 a log domain maskThere are a few places in the tests where we use ~0 or ~0u to indicate a log domain mask that covers all domains. We also do this in log.c.
But back in #31080, we made the log_domain_mask_t into a 64-bit value, probably one defined by ...There are a few places in the tests where we use ~0 or ~0u to indicate a log domain mask that covers all domains. We also do this in log.c.
But back in #31080, we made the log_domain_mask_t into a 64-bit value, probably one defined by a macro like LD_ALL_DOMAINS.
Additionally, we should _not_ use ~(uint64_t)0 for the definition of this value, since we don't want to include LD_NO_MOCK, LD_NOCB, and LD_NOFUNCNAME.
Found while looking at #31334; this should be done after #31334 is merged.
No backport needed, since we do not yet have any logging domains that use the high 32 bits of this type.Tor: 0.4.2.x-finalteorteorhttps://gitlab.torproject.org/legacy/trac/-/issues/31910replace meek_lite with meek in circuit display2020-06-16T01:07:52ZMark Smithreplace meek_lite with meek in circuit displaySince #29430 was fixed, the Tor Browser circuit display shows "meek_lite" instead of "meek" (this is because the circuit display code gets the PT name from the Tor configuration and obfs4proxy uses "meek_lite" as the name for its meek im...Since #29430 was fixed, the Tor Browser circuit display shows "meek_lite" instead of "meek" (this is because the circuit display code gets the PT name from the Tor configuration and obfs4proxy uses "meek_lite" as the name for its meek implementation).
I think it would be better and less confusing if the circuit display showed "meek" as it did in previous versions of Tor Browser. The "lite" part is somewhat misleading given obfs4proxy's use of utls to mimic common TLS ClientHello messages.
Antonela, do you agree? Any other opinions?
(I included the tbb-9.0-must-alpha keyword so we remember to decide about this before we ship Tor Browser 9.0 stable).Mark SmithMark Smithhttps://gitlab.torproject.org/legacy/trac/-/issues/31995test fail: assert(ip->time_to_expire OP_GE now + INTRO_POINT_LIFETIME_MIN_SEC...2020-06-13T15:46:23ZGeorge Kadianakistest fail: assert(ip->time_to_expire OP_GE now + INTRO_POINT_LIFETIME_MIN_SECONDSweasel reported a test failing for debian:
https://buildd.debian.org/status/fetch.php?pkg=tor&arch=mipsel&ver=0.4.2.1-alpha-1&stamp=1569200155&raw=0
```
hs_service/service_intro_point: [forking]
FAIL ../src/test/test_hs_service.c:694...weasel reported a test failing for debian:
https://buildd.debian.org/status/fetch.php?pkg=tor&arch=mipsel&ver=0.4.2.1-alpha-1&stamp=1569200155&raw=0
```
hs_service/service_intro_point: [forking]
FAIL ../src/test/test_hs_service.c:694: assert(ip->time_to_expire OP_GE now + INTRO_POINT_LIFETIME_MIN_SECONDS - 500): 1569262226 vs 1569262632
[service_intro_point FAILED]
```
this seems to have occured before in #25450 and #27810 and it's still unfixed :/Tor: 0.4.2.x-finalGeorge KadianakisGeorge Kadianakishttps://gitlab.torproject.org/legacy/trac/-/issues/32124Interpret --disable-module-dirauth=no correctly2020-06-13T15:46:50ZteorInterpret --disable-module-dirauth=no correctlyCurrently, we treat --disable-module-dirauth=no as enabling the C macro, but disabling the Makefile variable.
Apparently lots of people make this mistake:
```
The most common mistake for this macro is to consider the two actions as acti...Currently, we treat --disable-module-dirauth=no as enabling the C macro, but disabling the Makefile variable.
Apparently lots of people make this mistake:
```
The most common mistake for this macro is to consider the two actions as action-if-enabled and action-if-disabled.
This is not the case!
Since using --disable-foo or --enable-foo=no are equivalent, for the macro, you cannot really use this macro with those meanings.
```
https://autotools.io/autoconf/arguments.html
I don't know if we should backport this change, it just didn't work before, so maybe it should just go in master?Tor: 0.4.2.x-finalteorteorhttps://gitlab.torproject.org/legacy/trac/-/issues/32134Request new translation and update i18n instructions2020-06-13T18:29:52ZPhilipp Winterphw@torproject.orgRequest new translation and update i18n instructionsWhile implementing our language switcher (#26543), we added a new string, "Language", that requires translations. We should also update our instructions on how to request new translations.While implementing our language switcher (#26543), we added a new string, "Language", that requires translations. We should also update our instructions on how to request new translations.Philipp Winterphw@torproject.orgPhilipp Winterphw@torproject.org