Trac issueshttps://gitlab.torproject.org/legacy/trac/-/issues2020-06-16T01:26:19Zhttps://gitlab.torproject.org/legacy/trac/-/issues/34011Bump clang version to 9.0.12020-06-16T01:26:19ZGeorg KoppenBump clang version to 9.0.1Let's go away from clang 8.0.1Let's go away from clang 8.0.1Georg KoppenGeorg Koppenhttps://gitlab.torproject.org/legacy/trac/-/issues/34001Can't finish install on Windows102020-06-16T01:12:46ZTracCan't finish install on Windows10I downloaded the Tor browser but can't find where it downloaded to on my laptop. Did a 2nd download and saved to my desktop but when I tried to open it I get a popup to download Microsoft Edge which I already have. Where does the downloa...I downloaded the Tor browser but can't find where it downloaded to on my laptop. Did a 2nd download and saved to my desktop but when I tried to open it I get a popup to download Microsoft Edge which I already have. Where does the download go, and how do I skirt the Microsoft Edge to complete the install and use my browser?
**Trac**:
**Username**: mfheffner58https://gitlab.torproject.org/legacy/trac/-/issues/33999I can't finish installing Tor - Using Windows10 OS2020-06-13T17:36:53ZTracI can't finish installing Tor - Using Windows10 OSI downloaded Tor browser on my new laptop, but when I try to open and install it I keep getting a window to download Microsoft Edge which I already have. How do I open my download and install it?
**Trac**:
**Username**: mfheffner58I downloaded Tor browser on my new laptop, but when I try to open and install it I keep getting a window to download Microsoft Edge which I already have. How do I open my download and install it?
**Trac**:
**Username**: mfheffner58GusGushttps://gitlab.torproject.org/legacy/trac/-/issues/33973Create fat .aar for geckoview2020-06-16T01:26:18ZGeorg KoppenCreate fat .aar for geckoviewDownstream consumers like `android-components` and `fenix` use fat .aar files. We need to create them out of ouf per-arch ones. https://bugzilla.mozilla.org/show_bug.cgi?id=1508976 is the bug where this got implemented on Mozilla's side.Downstream consumers like `android-components` and `fenix` use fat .aar files. We need to create them out of ouf per-arch ones. https://bugzilla.mozilla.org/show_bug.cgi?id=1508976 is the bug where this got implemented on Mozilla's side.Georg KoppenGeorg Koppenhttps://gitlab.torproject.org/legacy/trac/-/issues/33958fsn VMs lost connectivity this morning2020-06-13T17:01:48Zweasel (Peter Palfrader)fsn VMs lost connectivity this morningThis morning several of our VMs at fsn were without network.
The instances were still running, and `gnt-console` still got me a console that I could log into, but the machines were not reachable from the network, nor could they reach th...This morning several of our VMs at fsn were without network.
The instances were still running, and `gnt-console` still got me a console that I could log into, but the machines were not reachable from the network, nor could they reach the network. tcpdumping the bridge interface on the node did not show any network traffic for the instance.
Migrating them made them be online again (tried with vineale for instance). Rebooting also helped (tried with everything else).
Looking at the running openswitch config on a node when its instances did not have network looked like this:
```
root@fsn-node-04:~# ovs-vsctl show
ce[...]
Bridge "br0"
Port vlan-gntinet
tag: 4000
Interface vlan-gntinet
type: internal
Port "eth0"
Interface "eth0"
Port "br0"
Interface "br0"
type: internal
Port vlan-gntbe
tag: 4001
Interface vlan-gntbe
type: internal
ovs_version: "2.10.1"
```
When its working, it should look more like this:
```
root@fsn-node-04:~# ovs-vsctl show
ce[...]
Bridge "br0"
Port "tap3"
tag: 4000
trunks: [4000]
Interface "tap3"
Port vlan-gntinet
tag: 4000
Interface vlan-gntinet
type: internal
Port "eth0"
Interface "eth0"
Port "tap4"
tag: 4000
trunks: [4000]
Interface "tap4"
Port "br0"
Interface "br0"
type: internal
Port "tap5"
tag: 4000
trunks: [4000]
Interface "tap5"
Port "tap1"
tag: 4000
trunks: [4000]
Interface "tap1"
Port vlan-gntbe
tag: 4001
Interface vlan-gntbe
type: internal
Port "tap2"
tag: 4000
trunks: [4000]
Interface "tap2"
Port "tap0"
tag: 4000
trunks: [4000]
Interface "tap0"
ovs_version: "2.10.1"
```
My first guess was that migrating somehow had screwed up the network config, but that's probably not what happened, as the issue happened again shortly afterwards when I was running upgrades. So:
My current working theory is that the following happened:
- In the morning, once automaticallly and once manually, we ran package upgrades.
- Today this included an openssl update. And openvswitch is linked against openssl.
- `needrestart` restarted openvswitch.
- restarting openvswitch does not restore the dynamically added VM taps into the bridge.
I propose we blacklist openvswitch from being restarted by needrestart.HiroHirohttps://gitlab.torproject.org/legacy/trac/-/issues/33955Selecting "Copy image" from menu leaks the source URL to the clipboard. This ...2020-06-16T01:12:39ZTracSelecting "Copy image" from menu leaks the source URL to the clipboard. This data is often dereferenced by other applications.Right-clicking an image and selecting "Copy image" from the context-menu leaks the source URL to the clipboard. In many applications, pasting the image leads to the URL being dereferenced, and a clearnet web request can result, instead o...Right-clicking an image and selecting "Copy image" from the context-menu leaks the source URL to the clipboard. In many applications, pasting the image leads to the URL being dereferenced, and a clearnet web request can result, instead of the bitmap simply being pasted. This is dangerous and unexpected behaviour that stems from Firefox.
11 formats are placed on the clipboard during an image copy. 3 of these contain the URL, 2 of which contain further tag metadata:
49318 'HTML Format' - this contains the entire source HTML of the <img> element, inside a comment, wrapped in a minimal HTML document, and a header containing the offsets
49419 'text/html' - this also contains the source HTML of the <img> element
49426 'application/x-moz-file-promise-url' - this contains the plain source URL.
While some might argue that this is appropriate in Firefox, it's an unexpected information leak in the Tor Browser.
My suggestion would be to change the menu items to:
- Copy image
- Copy image location
- Copy image as HTML
**Copy image** would copy only raw image pixels as an uncompressed bitmap. This ensures there is no metadata in the image, and also ensures that increasingly common things like WebP don't break everything. It also fixes unexpected behaviour with respect to dynamically generated or uncached images, ensuring that what the user sees is exactly what ends up in the clipboard, without any extra web requests in the target application.
**Copy image location** would copy, in plaintext, the source URL of the image.
**Copy image as HTML** would copy or create a sanitised version of the <img> tag (i.e. onclick handlers etc would be stripped, leaving only alt text, width and height and perhaps eventually a filtered version of any embedded CSS).
I believe each of those menu options would behave as everyone would expect, without any unexpected information leakage issues.
(I have set severity as major and priority high, since this has the potential to deanonymise a user before they realise what's happened, but is probably a relatively easy fix. Presumably this would be regarded as the most important kind of bug, but I don't know the convention here.)
**Trac**:
**Username**: peskydanhttps://gitlab.torproject.org/legacy/trac/-/issues/33945Failed assertion breaks BridgeDB's email responder2020-06-13T18:30:02ZPhilipp Winterphw@torproject.orgFailed assertion breaks BridgeDB's email responderBridgeDB's email responder stops working after a while. The issue is probably related to the exception below but I don't know how exactly. As part of our Python 3 port, we [modifed the context manager](https://gitweb.torproject.org/bridg...BridgeDB's email responder stops working after a while. The issue is probably related to the exception below but I don't know how exactly. As part of our Python 3 port, we [modifed the context manager](https://gitweb.torproject.org/bridgedb.git/commit/?id=c1a48d1b568b00fab19a308e6497881f31d17680), which may be a good place to start debugging.
```
Unhandled Error
Traceback (most recent call last):
File "/home/bridgedb/virtualenvs/bridgedb/lib/python3.7/site-packages/twisted/python/log.py", line 103, in callWithLogger
return callWithContext({"system": lp}, func, *args, **kw)
File "/home/bridgedb/virtualenvs/bridgedb/lib/python3.7/site-packages/twisted/python/log.py", line 86, in callWithContext
return context.call({ILogContext: newCtx}, func, *args, **kw)
File "/home/bridgedb/virtualenvs/bridgedb/lib/python3.7/site-packages/twisted/python/context.py", line 122, in callWithContext
return self.currentContext().callWithContext(ctx, func, *args, **kw)
File "/home/bridgedb/virtualenvs/bridgedb/lib/python3.7/site-packages/twisted/python/context.py", line 85, in callWithContext
return func(*args,**kw)
--- <exception caught here> ---
File "/home/bridgedb/virtualenvs/bridgedb/lib/python3.7/site-packages/twisted/internet/posixbase.py", line 614, in _doReadOrWrite
why = selectable.doRead()
File "/home/bridgedb/virtualenvs/bridgedb/lib/python3.7/site-packages/twisted/internet/tcp.py", line 243, in doRead
return self._dataReceived(data)
File "/home/bridgedb/virtualenvs/bridgedb/lib/python3.7/site-packages/twisted/internet/tcp.py", line 249, in _dataReceived
rval = self.protocol.dataReceived(data)
File "/home/bridgedb/virtualenvs/bridgedb/lib/python3.7/site-packages/twisted/protocols/basic.py", line 454, in dataReceived
self.lineReceived(line)
File "/home/bridgedb/virtualenvs/bridgedb/lib/python3.7/site-packages/twisted/mail/smtp.py", line 445, in lineReceived
return getattr(self, 'state_' + self.mode)(line)
File "/home/bridgedb/virtualenvs/bridgedb/lib/python3.7/site-packages/twisted/mail/smtp.py", line 705, in dataLineReceived
m.eomReceived() for m in self.__messages
File "/home/bridgedb/virtualenvs/bridgedb/lib/python3.7/site-packages/twisted/mail/smtp.py", line 705, in <listcomp>
m.eomReceived() for m in self.__messages
File "/home/bridgedb/virtualenvs/bridgedb/lib/python3.7/site-packages/bridgedb-0.10.0+11.g4cdd6a61.dirty-py3.7.egg/bridgedb/distributors/email/server.py", line 230, in eomReceived
self.responder.reply()
File "/home/bridgedb/virtualenvs/bridgedb/lib/python3.7/site-packages/bridgedb-0.10.0+11.g4cdd6a61.dirty-py3.7.egg/bridgedb/distributors/email/autoresponder.py", line 574, in reply
response = self.getMailData()
File "/home/bridgedb/virtualenvs/bridgedb/lib/python3.7/site-packages/bridgedb-0.10.0+11.g4cdd6a61.dirty-py3.7.egg/bridgedb/distributors/email/autoresponder.py", line 392, in getMailData
client, lang)
File "/home/bridgedb/virtualenvs/bridgedb/lib/python3.7/site-packages/bridgedb-0.10.0+11.g4cdd6a61.dirty-py3.7.egg/bridgedb/distributors/email/autoresponder.py", line 101, in createResponseBody
bridges = context.distributor.getBridges(bridgeRequest, interval)
File "/home/bridgedb/virtualenvs/bridgedb/lib/python3.7/site-packages/bridgedb-0.10.0+11.g4cdd6a61.dirty-py3.7.egg/bridgedb/distributors/email/distributor.py", line 145, in getBridges
with bridgedb.Storage.getDB() as db:
File "/home/bridgedb/virtualenvs/bridgedb/lib/python3.7/site-packages/bridgedb-0.10.0+11.g4cdd6a61.dirty-py3.7.egg/bridgedb/Storage.py", line 352, in __enter__
return next(self.gen)
File "/home/bridgedb/virtualenvs/bridgedb/lib/python3.7/site-packages/bridgedb-0.10.0+11.g4cdd6a61.dirty-py3.7.egg/bridgedb/Storage.py", line 472, in getDB
assert _REFCOUNT == 0
builtins.AssertionError:
```Philipp Winterphw@torproject.orgPhilipp Winterphw@torproject.orghttps://gitlab.torproject.org/legacy/trac/-/issues/33939Decide which components of Fenix to rip out, disable, or use2020-06-15T23:01:23ZGeorg KoppenDecide which components of Fenix to rip out, disable, or useOne thing we are struggling with when trying to write proper patches for building various parts of Fenix is that it's not clear yet which components we want to rip out/disable/use.
E.g. there are a number of things we might want to rip ...One thing we are struggling with when trying to write proper patches for building various parts of Fenix is that it's not clear yet which components we want to rip out/disable/use.
E.g. there are a number of things we might want to rip out of `android-components` (comment:4:ticket:33156) or maybe not, it's not clear. We have already a separate bug (#33594) to figure out what we should do with Glean.
So, in this ticket we should look over the various components involved and decide
a) which to rip (fully) out at build time
b) disable at run time
and document the reasoning (maybe that could be part of our release prep process documentation).
I think by default we should enable everything for usability reasons and disable potentially fingerprinting/tracking features where we don't have patches (yet) and rip out outright dangerous ones if we don't find a better solution. That's a similar method we follow for desktop audits.https://gitlab.torproject.org/legacy/trac/-/issues/33931obfs4 bridges are used instead of meek if meek is selected in Tor Browser for...2020-06-16T01:12:35ZGeorg Koppenobfs4 bridges are used instead of meek if meek is selected in Tor Browser for Android alphaIn the 9.5 alpha series `meek` is not used anymore even if `meek` is selected as pluggable transport. Instead Tor Browser tries to use some `obfs4` bridge from the bridge list coming with Tor Browser. That's happening on 9.5a11. 9.0.9 is...In the 9.5 alpha series `meek` is not used anymore even if `meek` is selected as pluggable transport. Instead Tor Browser tries to use some `obfs4` bridge from the bridge list coming with Tor Browser. That's happening on 9.5a11. 9.0.9 is not affected.https://gitlab.torproject.org/legacy/trac/-/issues/33927Add tor-browser-build project for fenix2020-06-16T01:26:13ZGeorg KoppenAdd tor-browser-build project for fenixWe need an own project for FenixWe need an own project for FenixGeorg KoppenGeorg Koppenhttps://gitlab.torproject.org/legacy/trac/-/issues/33923Account registration rejected for ea5faa5po25cf7fb.onion2020-06-13T17:01:44ZcypherpunksAccount registration rejected for ea5faa5po25cf7fb.onionCan't register in trac. Tried multiple times to verify, before open ticket.
```
Trac Error
Submission rejected as potential spam
Maximum number of posts per hour for this IP exceeded
```
Steps to reproduce:
1. Start Tor Browser
2. ...Can't register in trac. Tried multiple times to verify, before open ticket.
```
Trac Error
Submission rejected as potential spam
Maximum number of posts per hour for this IP exceeded
```
Steps to reproduce:
1. Start Tor Browser
2. browse http://ea5faa5po25cf7fb.onion/projects/tor/register
3. type in new user info
4. receive error messageJens KubiezielJens Kubiezielhttps://gitlab.torproject.org/legacy/trac/-/issues/33898Stop modifying addr on connections, and delete real_addr2020-06-13T15:53:06ZteorStop modifying addr on connections, and delete real_addrIn connection_or_check_canonicity(), we overwrite conn.addr with the canonical address of the relay in the consensus. That makes accurate logging impossible.
And so we also need channel.real_addr, to store the actual address of the remo...In connection_or_check_canonicity(), we overwrite conn.addr with the canonical address of the relay in the consensus. That makes accurate logging impossible.
And so we also need channel.real_addr, to store the actual address of the remote peer. And for some reason, we also have conn.address, a string copy of the peer's canonical address and port.
See:
https://github.com/torproject/tor/blob/7f9eaec538b7d01e0d1b130dc4cf2ec634252d46/src/core/or/connection_or.c#L920
This is... a mess.
Here's the high-level interface I'd like to see:
* use a function to format a connection or channel addresses for loogging
* use exactly as many address and port variables as needed in connection and channel (no extras!)
* qualify each address and port variable's name with its purpose
For example, here's one possible design:
* delete addr, port, address, and real_addr
* add remote_ap, a tor_addr_port_t that is the remote address and port of the TCP connection to the remote peer
* implement connection_describe(), which:
* formats remote_ap,
* formats is_canonical (and any other useful info), and
* calls node_describe() to format the canonical IPv4 and IPv6 addresses and ports of the remote peer.
We may also need separate fields for reverse proxied addresses, see the comment at:
https://github.com/torproject/tor/blob/7517e1b5d31aada1f594c2594737a231d9d8e116/src/core/or/channeltls.c#L1339
If we need separate variables or functions for channels, we can use a similar design. (But ideally, re-using as many functions and variables as possible.)
This is important for Sponsor 55: getting accurate connection information will make diagnosing bugs much easier.Tor: 0.4.5.x-finalNick MathewsonNick Mathewsonhttps://gitlab.torproject.org/legacy/trac/-/issues/33874YouTube player interface broken2020-06-16T01:12:29ZcypherpunksYouTube player interface brokenYouTube player interface is broken so when it is shown a part of video is hidden by white block.YouTube player interface is broken so when it is shown a part of video is hidden by white block.https://gitlab.torproject.org/legacy/trac/-/issues/33869update spreadsheet after migrations2020-06-13T17:01:38Zanarcatupdate spreadsheet after migrationsi just updated the docs for this, but not before i migrated a bunch of machines without updating the spreadsheet, which is probably missing a bunch of hosts in the gnt-fsn cluster now.i just updated the docs for this, but not before i migrated a bunch of machines without updating the spreadsheet, which is probably missing a bunch of hosts in the gnt-fsn cluster now.anarcatanarcathttps://gitlab.torproject.org/legacy/trac/-/issues/33864Nightly Tor Browser updates are broken since at least 4/6/20202020-06-16T01:12:27ZGeorg KoppenNightly Tor Browser updates are broken since at least 4/6/2020I tried to update my Tor Browser nightly on 04/06/2020 that is still using the version from 04/02/2020. It said my Tor Browser is up-to-date. However, newer nightly binaries were available, e.g. from 04/06/2020.I tried to update my Tor Browser nightly on 04/06/2020 that is still using the version from 04/02/2020. It said my Tor Browser is up-to-date. However, newer nightly binaries were available, e.g. from 04/06/2020.https://gitlab.torproject.org/legacy/trac/-/issues/33861vanguards: circ_max_megabytes applied to all connection2020-06-13T15:53:00Zcypherpunksvanguards: circ_max_megabytes applied to all connection```
# This means that applications that require large data submission (eg
# SecureDrop or onionshare) should set this much higher
# (or set to 0 to disable):
circ_max_megabytes = 8
```
My site is less than 4MB so above config is okay.
...```
# This means that applications that require large data submission (eg
# SecureDrop or onionshare) should set this much higher
# (or set to 0 to disable):
circ_max_megabytes = 8
```
My site is less than 4MB so above config is okay.
I thought vanguards only applies this limit to:
1. My onion service <--- Tor user (incoming)
2. My onion service ---> Tor user (outgoing)
However your vanguards is breaking other connections such as:
1. apt with Tor[1]
2. wget download over Tor to clearnet site
3. curl POST something over Tor to clearnet site
Problem 1. I don't want to stop vanguards just for apt and other thing.
Problem 2. I don't want to increase circ_max value just for this.
So could you please add a switch to limit only my-onion-site related connection and ignore else?
say,
```
# If true, vanguards will not apply max_mega limit non-onion connections.
# If false(default) vanguards will apply max_mega limit to all Tor connections.
# If your circ_max_megabytes is already 0, this settings does nothing.
circ_max_mega_ignore_clearnet_destination = true
```Tor: unspecifiedhttps://gitlab.torproject.org/legacy/trac/-/issues/33859The word "bridge" appeared as my entry (guard) node, for no apparent reason2020-06-16T01:12:26ZTracThe word "bridge" appeared as my entry (guard) node, for no apparent reasonFor some reason, my Tor Circuit appeared strange recently -- normally, the Tor Circuit displays the entry (guard) node as having an IP Address and a country -- however, recently (in the Tor Circuit display) the entry (guard) node appeare...For some reason, my Tor Circuit appeared strange recently -- normally, the Tor Circuit displays the entry (guard) node as having an IP Address and a country -- however, recently (in the Tor Circuit display) the entry (guard) node appeared as the word "bridge", with no country and no IP address. What does this mean, and is it normal?
I haven't manually set up any bridges, so why is my entry (guard) node appearing simply as the word "bridge"? Netstat shows a familiar Tor entry (guard) node IP address as currently active.
Note that after I closed the browser and reopened it, the Tor Circuit went back to normal.
**Trac**:
**Username**: Tor235https://gitlab.torproject.org/legacy/trac/-/issues/33834nevii IP address change planned for Ganeti migration2020-06-13T17:01:36Zanarcatnevii IP address change planned for Ganeti migrationI'm migrating nevii, our primary DNS server, to the Ganeti cluster. this implies an IP address change, and therefore all sorts of shenanigans.
after inspection, the changes are fairly "minimal": glue records should not change as the pri...I'm migrating nevii, our primary DNS server, to the Ganeti cluster. this implies an IP address change, and therefore all sorts of shenanigans.
after inspection, the changes are fairly "minimal": glue records should not change as the primary DNS server is not publicly exposed. we will need to change all secondary servers, but most of those are in Puppet.
we did have to request extra address space from Hetzner, but this was done in ticket 2020032503025825.anarcatanarcathttps://gitlab.torproject.org/legacy/trac/-/issues/33833Upgrade Rust To Use Android NDK 202020-06-16T01:26:12ZShane IsbellUpgrade Rust To Use Android NDK 20Upgrade rust to use latest toolchainUpgrade rust to use latest toolchainGeorg KoppenGeorg Koppenhttps://gitlab.torproject.org/legacy/trac/-/issues/33807Namecoin eTLD patch conflicted with securedrop.tor.onion2020-06-16T01:12:17ZMatthew FinkelNamecoin eTLD patch conflicted with securedrop.tor.onion```
/tmp/tmp.EB97rs4a6X/z /var/tmp/dist/firefox
/var/tmp/dist/firefox
Starting build: Fri Apr 3 08:07:15 2020
/var/tmp/dist/gcc/bin ~
~
patching file mobile/android/app/src/main/assets/publicsuffixlist
patching file netwerk/dns/effectiv...```
/tmp/tmp.EB97rs4a6X/z /var/tmp/dist/firefox
/var/tmp/dist/firefox
Starting build: Fri Apr 3 08:07:15 2020
/var/tmp/dist/gcc/bin ~
~
patching file mobile/android/app/src/main/assets/publicsuffixlist
patching file netwerk/dns/effective_tld_names.dat
Hunk #1 FAILED at 5480.
1 out of 1 hunk FAILED -- saving rejects to file netwerk/dns/effective_tld_names.dat.rej
```
where the namecoin eTLD patch (`projects/firefox/namecoin-etld.patch`) does:
```
diff --git a/netwerk/dns/effective_tld_names.dat b/netwerk/dns/effective_tld_names.dat
index 9dd962a..3402b20 100644
--- a/netwerk/dns/effective_tld_names.dat
+++ b/netwerk/dns/effective_tld_names.dat
@@ -5480,6 +5480,7 @@ pro.om
// onion : https://tools.ietf.org/html/rfc7686
onion
+bit.onion
// org : https://en.wikipedia.org/wiki/.org
org
```
It's an easy fix.