Trac issueshttps://gitlab.torproject.org/legacy/trac/-/issues2020-06-13T18:30:05Zhttps://gitlab.torproject.org/legacy/trac/-/issues/34318BridgeDB doesn't like non-UTF8 encoded requests2020-06-13T18:30:05ZPhilipp Winterphw@torproject.orgBridgeDB doesn't like non-UTF8 encoded requestsI stumbled upon the following exception in BridgeDB's log:
```
Traceback (most recent call last):
File "/home/bridgedb/virtualenvs/bridgedb/lib/python3.7/site-packages/twisted/web/http.py", line 1755, in dataReceived
finishCallbac...I stumbled upon the following exception in BridgeDB's log:
```
Traceback (most recent call last):
File "/home/bridgedb/virtualenvs/bridgedb/lib/python3.7/site-packages/twisted/web/http.py", line 1755, in dataReceived
finishCallback(data[contentLength:])
File "/home/bridgedb/virtualenvs/bridgedb/lib/python3.7/site-packages/twisted/web/http.py", line 2171, in _finishRequestBody
self.allContentReceived()
File "/home/bridgedb/virtualenvs/bridgedb/lib/python3.7/site-packages/twisted/web/http.py", line 2284, in allContentReceived
req.requestReceived(command, path, version)
File "/home/bridgedb/virtualenvs/bridgedb/lib/python3.7/site-packages/twisted/web/http.py", line 946, in requestReceived
self.process()
--- <exception caught here> ---
File "/home/bridgedb/virtualenvs/bridgedb/lib/python3.7/site-packages/twisted/web/server.py", line 235, in process
self.render(resrc)
File "/home/bridgedb/virtualenvs/bridgedb/lib/python3.7/site-packages/twisted/web/server.py", line 302, in render
body = resrc.render(self)
File "/home/bridgedb/virtualenvs/bridgedb/lib/python3.7/site-packages/twisted/web/resource.py", line 265, in render
return m(request)
File "/home/bridgedb/virtualenvs/bridgedb/lib/python3.7/site-packages/bridgedb-0.10.0+34.ga6eb0d1c.dirty-py3.7.egg/bridgedb/distributors/https/server.py", line 722, in render_POST
return CaptchaProtectedResource.render_POST(self, request)
File "/home/bridgedb/virtualenvs/bridgedb/lib/python3.7/site-packages/bridgedb-0.10.0+34.ga6eb0d1c.dirty-py3.7.egg/bridgedb/distributors/https/server.py", line 573, in render_POST
request.args = stringifyRequestArgs(request.args)
File "/home/bridgedb/virtualenvs/bridgedb/lib/python3.7/site-packages/bridgedb-0.10.0+34.ga6eb0d1c.dirty-py3.7.egg/bridgedb/distributors/https/server.py", line 109, in stringifyRequestArgs
arg = arg if isinstance(arg, str) else arg.decode("utf-8")
builtins.UnicodeDecodeError: 'utf-8' codec can't decode byte 0xc2 in position 1: invalid continuation byte
```Armin HuremagicArmin Huremagichttps://gitlab.torproject.org/legacy/trac/-/issues/33707Swap out onion icon in circuit display with new one2020-06-16T01:12:02ZrichardSwap out onion icon in circuit display with new onerichardrichardhttps://gitlab.torproject.org/legacy/trac/-/issues/33007Bridge campaign retrospective2021-07-27T18:31:44ZRoger DingledineBridge campaign retrospectiveIn the S30 January meeting notes:
https://lists.torproject.org/pipermail/tor-project/2020-January/002655.html
we have this great phrase
```
We ran a bridge setup campaign resulting in approximately 100 new bridges (Obj 2.4) --phw
```
Bu...In the S30 January meeting notes:
https://lists.torproject.org/pipermail/tor-project/2020-January/002655.html
we have this great phrase
```
We ran a bridge setup campaign resulting in approximately 100 new bridges (Obj 2.4) --phw
```
But: how many of those bridges are still running, now that it's some months later?
This is especially a good time to do a retrospective, because we have contact info for each of the bridges, and we can send a "so, what changed?" mail to each of the bridges that are no longer up -- both to nudge them into putting the bridges back up, but also to solicit bug reports and ux issues for bridge operators.Philipp Winterphw@torproject.orgPhilipp Winterphw@torproject.orghttps://gitlab.torproject.org/legacy/trac/-/issues/32767Remove Disconnect search as it is discontinued2020-06-16T01:10:22ZcypherpunksRemove Disconnect search as it is discontinuedIt just forwards to DuckDuckGo, so it is useless.It just forwards to DuckDuckGo, so it is useless.https://gitlab.torproject.org/legacy/trac/-/issues/32636Clean up locales shipped with Tor Launcher2020-06-13T17:44:25ZGeorg KoppenClean up locales shipped with Tor LauncherNow that #29941 is basically fixed on the server-side we are getting all the new goodness with the next translations fetch. We should clean-up the locales we ship while doing so (removing the ones we don't support anymore etc.). Addition...Now that #29941 is basically fixed on the server-side we are getting all the new goodness with the next translations fetch. We should clean-up the locales we ship while doing so (removing the ones we don't support anymore etc.). Additionally, we should adapt all the scripts around translation update imports if that's needed. And, after checking everything is still working we need to backport the changes to a stable branch (as the locale updates that landed in 9.5a3 will ride the train).Kathleen BradeKathleen Bradehttps://gitlab.torproject.org/legacy/trac/-/issues/32539'Security Level' heading in about:preferences#privacy is not styled correctly2020-06-16T01:09:54Zrichard'Security Level' heading in about:preferences#privacy is not styled correctlyLooks like the h2 style elements in about:preferences now need to be actual html:h2 child nodes of the root label element. Prior to ESR68 it seems like just using a label element was sufficient.Looks like the h2 style elements in about:preferences now need to be actual html:h2 child nodes of the root label element. Prior to ESR68 it seems like just using a label element was sufficient.richardrichardhttps://gitlab.torproject.org/legacy/trac/-/issues/32331Tor Browser 9 on Lineage OS 14.1 stalls during start-up2020-06-16T01:09:11ZGeorg KoppenTor Browser 9 on Lineage OS 14.1 stalls during start-upA user on the blog [reported](https://blog.torproject.org/comment/284971#comment-284971) that Tor Browser is just stalling during start-up on their Lineage OS.
It seems the same issue is happening with Orbot (see: https://github.com/gua...A user on the blog [reported](https://blog.torproject.org/comment/284971#comment-284971) that Tor Browser is just stalling during start-up on their Lineage OS.
It seems the same issue is happening with Orbot (see: https://github.com/guardianproject/orbot/issues/276)Shane IsbellShane Isbellhttps://gitlab.torproject.org/legacy/trac/-/issues/32203BridgeDB doesn't create metrics for vanilla bridges2020-06-13T18:29:53ZPhilipp Winterphw@torproject.orgBridgeDB doesn't create metrics for vanilla bridgesThe metrics.py module uses code like the following to weed out invalid transport protocols. Unfortunately, this is also weeding out "vanilla", which results in BridgeDB not counting vanilla bridges:
```
if not isTransportSupported(bridg...The metrics.py module uses code like the following to weed out invalid transport protocols. Unfortunately, this is also weeding out "vanilla", which results in BridgeDB not counting vanilla bridges:
```
if not isTransportSupported(bridgeType):
logging.warning("User requested unsupported transport type %s "
"over HTTPS." % bridgeType)
return
```Philipp Winterphw@torproject.orgPhilipp Winterphw@torproject.orghttps://gitlab.torproject.org/legacy/trac/-/issues/31992Remove apktool workaround in #315642020-06-16T01:25:47ZGeorg KoppenRemove apktool workaround in #31564We found a reproducibility issue on Android with the switch to Firefox 68 ESR and the respective toolchain and fixed it by using an `apktool` downloaded from the Internet. We should remove that workaronud and replace it with a better one...We found a reproducibility issue on Android with the switch to Firefox 68 ESR and the respective toolchain and fixed it by using an `apktool` downloaded from the Internet. We should remove that workaronud and replace it with a better one (e.g. by switching our compile environment to Debian Buster and using the means the distro provides us with).Shane IsbellShane Isbellhttps://gitlab.torproject.org/legacy/trac/-/issues/31954Make sure -webkit-device-pixel-ratio is no fingerprinting risk2020-06-16T01:08:01ZGeorg KoppenMake sure -webkit-device-pixel-ratio is no fingerprinting riskIn Firefox 63 finally support landed for webkit prefixed device-pixel-ratio media queries (https://bugzilla.mozilla.org/show_bug.cgi?id=1444139). We should make sure this does not undermine our fingerprinting resistance.In Firefox 63 finally support landed for webkit prefixed device-pixel-ratio media queries (https://bugzilla.mozilla.org/show_bug.cgi?id=1444139). We should make sure this does not undermine our fingerprinting resistance.https://gitlab.torproject.org/legacy/trac/-/issues/31934Proxy or Kill BaseResource2020-06-16T01:07:59ZMatthew FinkelProxy or Kill BaseResourceMike asked me how we proxy connections from BaseResource. On 60esr, we used [a patch](https://gitweb.torproject.org/tor-browser.git/commit/?h=tor-browser-60.9.0esr-8.5-2&id=cb1bae328e04f7219b0fa9f200cd4815663b5982) for this. That patch w...Mike asked me how we proxy connections from BaseResource. On 60esr, we used [a patch](https://gitweb.torproject.org/tor-browser.git/commit/?h=tor-browser-60.9.0esr-8.5-2&id=cb1bae328e04f7219b0fa9f200cd4815663b5982) for this. That patch was dropped during the rebase becaues I incorrectly thought I neutered BaseResource in the [patch](https://gitweb.torproject.org/tor-browser.git/commit/mobile/android?h=tor-browser-68.1.0esr-9.0-2&id=662ebfc05416d2c0cd7769f864116581a1a78cad) for #28125.
I think we're still safe, and we disable all places where BaseResource is used, but let's re-land this patch (or we should kill BaseResource connections), just so we're more certain the app isn't bypassing the proxy.https://gitlab.torproject.org/legacy/trac/-/issues/31830tor-launcher string.trim()'s string elements in config UX, even passwords2020-06-13T17:44:22Zrichardtor-launcher string.trim()'s string elements in config UX, even passwordsnetwork-settings.js::getElemValue() trims string types, even the password field for proxy configuration.network-settings.js::getElemValue() trims string types, even the password field for proxy configuration.Kathleen BradeKathleen Bradehttps://gitlab.torproject.org/legacy/trac/-/issues/31731Upgrade to ESR 68-based browser makes description field of bookmarks empty2020-06-16T01:07:29ZGeorg KoppenUpgrade to ESR 68-based browser makes description field of bookmarks emptyAs reported on our blog (https://blog.torproject.org/comment/283838#comment-283838), starting with ESR 68 the description fields in bookmarks are empty. Switching back to 8.5.5 (hence ESR 60) solves that.As reported on our blog (https://blog.torproject.org/comment/283838#comment-283838), starting with ESR 68 the description fields in bookmarks are empty. Switching back to 8.5.5 (hence ESR 60) solves that.https://gitlab.torproject.org/legacy/trac/-/issues/31725Macedonian 9.0a6 bundles are missing localized strings2020-06-16T01:07:27ZGeorg KoppenMacedonian 9.0a6 bundles are missing localized stringsIt turns out that for some reason Macedonian is not properly localized on 9.0a6. Other locales don't suffer from this problem, though.It turns out that for some reason Macedonian is not properly localized on 9.0a6. Other locales don't suffer from this problem, though.https://gitlab.torproject.org/legacy/trac/-/issues/31702Backport patch for bug 1578075 for macOS Catalina2020-06-16T01:07:25ZGeorg KoppenBackport patch for bug 1578075 for macOS CatalinaWe are almost ready to ship macOS bundles compatible with Catalina. However, we need to backport at least the patch for https://bugzilla.mozilla.org/show_bug.cgi?id=1578075 as Mozilla does not seem to be making another esr60 release.We are almost ready to ship macOS bundles compatible with Catalina. However, we need to backport at least the patch for https://bugzilla.mozilla.org/show_bug.cgi?id=1578075 as Mozilla does not seem to be making another esr60 release.https://gitlab.torproject.org/legacy/trac/-/issues/31621Fix node bug that makes large writes to stdout fail2020-06-16T01:07:15ZGeorg KoppenFix node bug that makes large writes to stdout failWe wallpapered around a `node` bug that breaks compilation in case large writes are made to stdout (see: comment:7:ticket:30321 for context). This is biting us in cases where we actually *do* need those large write to debug problems like...We wallpapered around a `node` bug that breaks compilation in case large writes are made to stdout (see: comment:7:ticket:30321 for context). This is biting us in cases where we actually *do* need those large write to debug problems like in #31538.
We should provide a better fix/workaround.https://gitlab.torproject.org/legacy/trac/-/issues/31602Remove Pocket indicators in UI and disable it by default2020-06-16T01:07:08ZGeorg KoppenRemove Pocket indicators in UI and disable it by defaultWe should look at disabling Pocket as it is now integrated into Firefox directly. Might be enough just flipping extensions.pocket.enabled`.
(FPI might actually break the Pocket login flow and Mozilla recommends disabling it, so that it ...We should look at disabling Pocket as it is now integrated into Firefox directly. Might be enough just flipping extensions.pocket.enabled`.
(FPI might actually break the Pocket login flow and Mozilla recommends disabling it, so that it probably reason enough to disabled Pocket for the time being: https://help.getpocket.com/article/1046-trouble-saving-to-pocket-stuck-in-a-loop)https://gitlab.torproject.org/legacy/trac/-/issues/31601Don't let Mozilla recommend extensions again2020-06-16T01:07:08ZGeorg KoppenDon't let Mozilla recommend extensions againIt seems we need to ramp up our defense against the threat in #22899 again with ESR 68 as our users are getting shown recommended extensions again.It seems we need to ramp up our defense against the threat in #22899 again with ESR 68 as our users are getting shown recommended extensions again.https://gitlab.torproject.org/legacy/trac/-/issues/31568Update How to Create Gradle Dependencies2020-06-16T01:06:58ZShane IsbellUpdate How to Create Gradle DependenciesThe way to generate the dependencies list has changed in gradle 4.10The way to generate the dependencies list has changed in gradle 4.10https://gitlab.torproject.org/legacy/trac/-/issues/31457disable per-installation profiles2020-06-16T01:12:06ZMark Smithdisable per-installation profilesFirefox ESR68 includes installation-specific profiles. See: https://bugzilla.mozilla.org/show_bug.cgi?id=1474285
With our current nightly builds, this causes an extra profile directory to be created and used (and probably our bundled br...Firefox ESR68 includes installation-specific profiles. See: https://bugzilla.mozilla.org/show_bug.cgi?id=1474285
With our current nightly builds, this causes an extra profile directory to be created and used (and probably our bundled browser profile is not be used on Linux and Windows).
We should figure out how to disable this feature or modify it to be compatible with the way we crate and use browser profiles).