Trac issueshttps://gitlab.torproject.org/legacy/trac/-/issues2022-05-18T23:54:20Zhttps://gitlab.torproject.org/legacy/trac/-/issues/24421"Temporarily allow all this page" get inherited when New Identity is chosen.2022-05-18T23:54:20Zcypherpunks"Temporarily allow all this page" get inherited when New Identity is chosen.How to reproduce:
1. Open Tor Browser.
2. Select "High" Security Setting.
3. Go to https://github.com/
4. Click on NoScript icon and choose "Temporarilly allow all this page".
5. You can note that when the page gets refreshed the canvas...How to reproduce:
1. Open Tor Browser.
2. Select "High" Security Setting.
3. Go to https://github.com/
4. Click on NoScript icon and choose "Temporarilly allow all this page".
5. You can note that when the page gets refreshed the canvas prompt is displayed.
6. Select New Identity in the Torbutton.
7. Go to https://github.com/
8. You can notice that the canvas prompt is displayed (meaning JS is enabled, which in turn implies that "Temporarilly allow all this page" gets inherited when New Identity is chosen.)https://gitlab.torproject.org/legacy/trac/-/issues/19200HTML5 video not blocked with placeholder, plays automatically2022-05-18T23:36:09ZTracHTML5 video not blocked with placeholder, plays automaticallyIn Tor Browser 6.0a5, with security level set at Medium-Low or higher, HTML5 video that uses media source extensions (MSE) is able to load and play automatically, without being blocked by a click-to-play NoScript placeholder. The policy ...In Tor Browser 6.0a5, with security level set at Medium-Low or higher, HTML5 video that uses media source extensions (MSE) is able to load and play automatically, without being blocked by a click-to-play NoScript placeholder. The policy for the Medium-Low, Medium-High, and High security levels states that "HTML5 video and audio media become click-to-play via NoScript," but this bug breaks that security policy by allowing HTML5 MSE media to play unobstructed. The browser's attack surface may be increased due to exposure to this media.
I've tested on both OS X and Tails 2.4~rc1. The bug exists on both platforms. On OS X, I tested with a clean install of Tor Browser.
Regular HTML5 video that does not use MSE is unaffected by this bug and gets placeholder-blocked properly.
## Expected result:
HTML5 MSE video should not be allowed to play automatically in security level Medium-Low or higher, it should be replaced with a click-to-play placeholder by NoScript to block it until the user either clicks the placeholder or uses the NoScript toolbar button to allow it. This was the behavior in Tor Browser 5.5.5 and earlier.
## Steps to reproduce:
1. Click the Torbutton icon in the browser toolbar, select "Privacy and Security Settings..." and choose Medium-Low, Medium-High, or High security level.
2. Go to a site that has MSE video, such as any YouTube video, eg: https://www.youtube.com/watch?v=T07gkTc5Fcc
3. If Tor Browser is in High security mode, then allow scripts on the page via the NoScript toolbar button option "Temporarily allow all this page."
4. The video will start playing automatically. There is no NoScript placeholder that you click to start the video, it just starts playing.
**Trac**:
**Username**: potatohttps://gitlab.torproject.org/legacy/trac/-/issues/10416Tor won't start on Windows when path contains non-ascii characters2022-03-16T20:55:25ZTracTor won't start on Windows when path contains non-ascii charactersWhen trying to start the TBB from the following path:
C:\Users\kuncaŭščyna\Downloads\Tor Browser\
got the following error:
Vidalia detected that the Tor software exited unexpectedly.
Please check the message log for recent warning or ...When trying to start the TBB from the following path:
C:\Users\kuncaŭščyna\Downloads\Tor Browser\
got the following error:
Vidalia detected that the Tor software exited unexpectedly.
Please check the message log for recent warning or error messages.
Here's the log:
Dez 16 18:27:21.431 [Hinweis] Tor v0.2.3.25 (git-17c24b3118224d65) running on Windows 7.
Dez 16 18:27:21.431 [Hinweis] Tor can't help you if you use it wrong! Learn how to be safe at https://www.torproject.org/download/download#warning
Dez 16 18:27:21.431 [Warnung] Unable to open configuration file "C:\Users\kuncauscyna\Downloads\Tor Browser\Data\Tor\torrc".
Dez 16 18:27:21.431 [Fehler] Reading config failed--see warnings above.
Diacritics were obviously "simplified" which created inexisting path.
I know Windows is not recommened for anonymity. But some people use TBB on Win only for censorship circumvention. The easiest solution is simply to add a message to log like:
Unable to open configuration file "C:\Users\kuncauscyna\Downloads\Tor Browser\Data\Tor\torrc". Please check that the path contains only ascii symbols.
But much better would be to fix it to process correctly path in unicode.
**Trac**:
**Username**: iktsuarpokTor: unspecifiedAlexander Færøyahf@torproject.orgAlexander Færøyahf@torproject.orghttps://gitlab.torproject.org/legacy/trac/-/issues/24506Move some bandwidth authority servers to a CDN2022-03-10T10:27:40ZteorMove some bandwidth authority servers to a CDNWe've experimented with using fastly as a bandwidth server.
Once the bandwidth authority code is stable, we should test this in parallel for a week or two, then make the switch.We've experimented with using fastly as a bandwidth server.
Once the bandwidth authority code is stable, we should test this in parallel for a week or two, then make the switch.Tom Rittertom@ritter.vgTom Rittertom@ritter.vghttps://gitlab.torproject.org/legacy/trac/-/issues/30196Add the tor version to the sbws bandwidth file header2022-02-17T10:28:06ZteorAdd the tor version to the sbws bandwidth file headerSee #30184 for a situation where we wanted the tor version.See #30184 for a situation where we wanted the tor version.sbws: 1.2.x-finalhttps://gitlab.torproject.org/legacy/trac/-/issues/20250meek fails on macOS 10.12 when built with Go 1.4.3 or Go 1.6.32021-03-27T04:55:11ZTracmeek fails on macOS 10.12 when built with Go 1.4.3 or Go 1.6.3Having issues using the meek pluggable transports on macOS 10.12 installation with a fresh install of TorBrowser.
On the same machine running 10.11.6 before upgrade, TorBrowser with both of the meek transports worked fine.
With 10.12,...Having issues using the meek pluggable transports on macOS 10.12 installation with a fresh install of TorBrowser.
On the same machine running 10.11.6 before upgrade, TorBrowser with both of the meek transports worked fine.
With 10.12, (tested with admin and standard accounts), the initial tor connection UI completes, the browser opens and the initial meek connection is established. However, briefly after the browser window has opened with the successful about:tor page it is clear something is wrong. Monitoring internet traffic with a network monitor it is clear that the traffic to the meek server stops almost immediately after the browser has opened.
Having read some of the control port issues for other 10.12 users, I tested this issue with the extensions.torlauncher.control_port_use_socket pref set to false in prefs.js and without it, but it had no effect either way.
Attached are the tor, meek-client and meek-client-torbrowser logs. Really hope someone can help with this since meek is the only way to use tor in my country without having the police banging down the door.
Tor Log:
AUTHENTICATE <HASH>
250 OK
SETEVENTS STATUS_CLIENT NOTICE WARN ERR
250 OK
650 NOTICE Opening Socks listener on 127.0.0.1:9150
650 NOTICE Bootstrapped 5%: Connecting to directory server
650 STATUS_CLIENT NOTICE BOOTSTRAP PROGRESS=5 TAG=conn_dir SUMMARY="Connecting to directory server"
650 NOTICE Bootstrapped 10%: Finishing handshake with directory server
650 STATUS_CLIENT NOTICE BOOTSTRAP PROGRESS=10 TAG=handshake_dir SUMMARY="Finishing handshake with directory server"
650 NOTICE Bootstrapped 15%: Establishing an encrypted directory connection
650 STATUS_CLIENT NOTICE BOOTSTRAP PROGRESS=15 TAG=onehop_create SUMMARY="Establishing an encrypted directory connection"
650 NOTICE Bootstrapped 20%: Asking for networkstatus consensus
650 STATUS_CLIENT NOTICE BOOTSTRAP PROGRESS=20 TAG=requesting_status SUMMARY="Asking for networkstatus consensus"
650 NOTICE Bootstrapped 25%: Loading networkstatus consensus
650 STATUS_CLIENT NOTICE BOOTSTRAP PROGRESS=25 TAG=loading_status SUMMARY="Loading networkstatus consensus"
650 STATUS_CLIENT NOTICE CONSENSUS_ARRIVED
650 STATUS_CLIENT NOTICE ENOUGH_DIR_INFO
650 NOTICE Bootstrapped 80%: Connecting to the Tor network
650 STATUS_CLIENT NOTICE BOOTSTRAP PROGRESS=80 TAG=conn_or SUMMARY="Connecting to the Tor network"
650 NOTICE Bootstrapped 90%: Establishing a Tor circuit
650 STATUS_CLIENT NOTICE BOOTSTRAP PROGRESS=90 TAG=circuit_create SUMMARY="Establishing a Tor circuit"
650 NOTICE Tor has successfully opened a circuit. Looks like client functionality is working.
650 NOTICE Bootstrapped 100%: Done
650 STATUS_CLIENT NOTICE BOOTSTRAP PROGRESS=100 TAG=done SUMMARY="Done"
650 STATUS_CLIENT NOTICE CIRCUIT_ESTABLISHED
650 NOTICE New control connection opened from 127.0.0.1.
650 NOTICE New control connection opened from 127.0.0.1.
#NOTICE THE LINE BELOW:
650 WARN The connection to the SOCKS4 proxy server at 127.0.0.1:57343 just failed. Make sure that the proxy server is up and running.
650 NOTICE Delaying directory fetches: No running bridges
650 NOTICE Tried for 120 seconds to get a connection to [scrubbed]:443. Giving up. (waiting for circuit)
meek-client log:
0:05 using helper on 127.0.0.1:49193
0:05 listening on 127.0.0.1:49196
0:33 using helper on 127.0.0.1:49199
0:33 listening on 127.0.0.1:49202
meek-client-torbrowser log:
0:00 running firefox command ["/Applications/TorBrowser.app/Contents/MacOS/firefox" "--invisible" "-no-remote" "-profile" "/Applications/TorBrowser-Data/Tor/PluggableTransports/profile.meek-http-helper"]
0:00 firefox started with pid 3644
0:01 running meek-client command ["PluggableTransports/meek-client" "--log" "meek-client.txt" "--helper" "127.0.0.1:49193"]
0:01 meek-client started with pid 3646
0:27 sig terminated
0:27 sending signal terminated to PID 3646
0:27 killing PID 3646
0:27 killing PID 3644
0:32 running firefox command ["/Applications/TorBrowser.app/Contents/MacOS/firefox" "--invisible" "-no-remote" "-profile" "/Applications/TorBrowser-Data/Tor/PluggableTransports/profile.meek-http-helper"]
0:32 firefox started with pid 3660
0:33 running meek-client command ["PluggableTransports/meek-client" "--log" "meek-client.txt" "--helper" "127.0.0.1:49199"]
0:33 meek-client started with pid 3661
1:00 sig terminated
1:00 sending signal terminated to PID 3661
1:00 killing PID 3661
1:00 killing PID 3660
**Trac**:
**Username**: tordevSZ0David Fifielddcf@torproject.orgDavid Fifielddcf@torproject.orghttps://gitlab.torproject.org/legacy/trac/-/issues/21312Memory and file descriptor leaks in programs that use go-webrtc2021-03-27T04:55:11ZArlo BreaultMemory and file descriptor leaks in programs that use go-webrtc```
1:30:49 AM - arma5: 2017/01/24 18:57:44 candidate:3131354255 1 tcp 1518280447 192.168.1.154 36729 typ host tcptype passive generation 0 ufrag YXKXffPBBnA3SJ3K network-id 1
1:30:52 AM - arma5: this is the last line in its log
1:31:20 ...```
1:30:49 AM - arma5: 2017/01/24 18:57:44 candidate:3131354255 1 tcp 1518280447 192.168.1.154 36729 typ host tcptype passive generation 0 ufrag YXKXffPBBnA3SJ3K network-id 1
1:30:52 AM - arma5: this is the last line in its log
1:31:20 AM - arma5: and snowflake-client is pegged at 100% cpu
1:32:39 AM - arma5: % strace -p3074
1:32:39 AM - arma5: Process 3074 attached
1:32:39 AM - arma5: futex(0x1059710, FUTEX_WAIT, 0, NULL
```Arlo BreaultArlo Breaulthttps://gitlab.torproject.org/legacy/trac/-/issues/29677evaluate password management options2020-10-19T16:05:39Zanarcatevaluate password management optionsduring the [[org/meetings/2017Montreal/Notes/BusFactor]] session, one of the things that was discussed was the password management system that is (was?) stored in SVN. Specifically:
* We need a better password management solution than ...during the [[org/meetings/2017Montreal/Notes/BusFactor]] session, one of the things that was discussed was the password management system that is (was?) stored in SVN. Specifically:
* We need a better password management solution than the one we have in corporate SVN right now.
* We should look over if the password's in this database should be rotated.
* Figure out if the passwords for paypal have been rotated by Jon et al and ensure that it will be put in the password database. We should also look into the "paypal dongle" or 2-step authentication?
I have some experience reviewing password managers, so I might be able to provide some advice here if someone expands on the requirements and problems with the current approach.https://gitlab.torproject.org/legacy/trac/-/issues/29695The captcha displayed while authenticating connecting to a tor bridge is unre...2020-09-02T17:52:43ZTracThe captcha displayed while authenticating connecting to a tor bridge is unreadableSteps:
1. Open "Tor Network Settings"
2. Select "Request a tor bridge from torproject.org"
3. Click on button "Request a new bridge"
The captcha displayed for verification on connecting to tor bridges is not readable. It has letters an...Steps:
1. Open "Tor Network Settings"
2. Select "Request a tor bridge from torproject.org"
3. Click on button "Request a new bridge"
The captcha displayed for verification on connecting to tor bridges is not readable. It has letters and characters merged in such a way that the probability of getting it right is very low(I have had a success rate of 1 out of 10 times).
**Trac**:
**Username**: cskhttps://gitlab.torproject.org/legacy/trac/-/issues/30009consider trocla for secrets management in puppet2020-07-06T14:05:06Zanarcatconsider trocla for secrets management in puppetsecrets generated by puppet currently use a custom hkdf function that is homegrown. the ad-hoc standard for this in the puppet community i'm usually working with is [trocla](https://github.com/duritong/trocla) which is [well integrated w...secrets generated by puppet currently use a custom hkdf function that is homegrown. the ad-hoc standard for this in the puppet community i'm usually working with is [trocla](https://github.com/duritong/trocla) which is [well integrated with puppet](https://github.com/duritong/puppet-trocla).
Trocla generates, on the fly, a strong random password for each key you ask it. It also supports various hashing mechanisms (bcrypt, pgsql, x509, etc) so that the Puppet client never actually sees the cleartext. It seems like a better approach than sending the cleartext like we currently do.
So I'd like to start using this for new code and possibly convert existing code to this, if that's acceptable.anarcatanarcathttps://gitlab.torproject.org/legacy/trac/-/issues/33543GetTor fails to respond if you don't include a proper command2020-06-21T18:06:07ZCecylia BocovichGetTor fails to respond if you don't include a proper commandRight now GetTor will only respond to emails in the following circumstances:
- With a help message if the email (or subject) contains the keyword "help"
- With links if the email (or subject) contains the keyword "links" or a valid pla...Right now GetTor will only respond to emails in the following circumstances:
- With a help message if the email (or subject) contains the keyword "help"
- With links if the email (or subject) contains the keyword "links" or a valid platform
We should fix this to **always** send an email, defaulting to a help message if a platform or links aren't provided.Cecylia BocovichCecylia Bocovichhttps://gitlab.torproject.org/legacy/trac/-/issues/28152Gettor code refactor with Python Twisted2020-06-21T18:05:45ZIsrael LeivaGettor code refactor with Python TwistedCode refactor
Gettor needs some love. It should be more robust to make it: easier to maintain (by me or somebody else), to know when it is working or not, and to allow more developers to contribute to it.
For the above, I propose to re...Code refactor
Gettor needs some love. It should be more robust to make it: easier to maintain (by me or somebody else), to know when it is working or not, and to allow more developers to contribute to it.
For the above, I propose to refactor the current code and turn it into a twisted daemon [1, 2]. This would preserve the main logic of the current system and add all the benefits of having a daemonized application. This service approach considers two main parts:
1. Distribution channels. Whenever gettor receives a request or sends a reply it uses a channel (e.g. e-mail). Each channel could be handled by one or more services. These services would be constantly fetching and updating information in a SQLite database to know how to proceed.
In the case of e-mail, there should be a script that receives messages forwarded by the MTA, process them, and add a request with a given status to the SQLite database. On the other hand, a service running on background will be fetching ready-to-be-sent requests from the database and send e-mails with the requested information.
For a twitter bot, a single service that receives DMs, process them and send replies would be enough.
2. Tor Browser sync. A service constantly checking new Tor Browser releases, downloading the new packages and updating the SQLite database with the new links.
The logging system provided by twistd is easy to use and works very well. This will solve one of the problems with the current code and the use of logging, also providing useful information for debugging and statistics. Log rotation is automatic.
I have developed a similar service using twistd. Adapting it to gettor would be fairly easy and it would take me a few weeks of spare time.
Twisted is not installed on getulum, so I will collect all the needed packages and ask for them to be installed.
1: https://twistedmatrix.com/documents/current/core/howto/application.html.
2: https://twistedmatrix.com/documents/current/core/howto/basics.html#twistdHiroHirohttps://gitlab.torproject.org/legacy/trac/-/issues/27732New Identity does not reset NoScript's Temporarily Trusted settings2020-06-16T01:28:21ZTracNew Identity does not reset NoScript's Temporarily Trusted settingsSteps to reproduce:
1. Set any random website to Temporarily Trusted
2. Hit New Identity
3. Go back to the website later on, the temporarily permission to execute JavaScript is still preserved.
This can be solved by closing and re-openi...Steps to reproduce:
1. Set any random website to Temporarily Trusted
2. Hit New Identity
3. Go back to the website later on, the temporarily permission to execute JavaScript is still preserved.
This can be solved by closing and re-opening Tor Browser, however, from my understanding New Identity is supposed to handle that?
**Trac**:
**Username**: Yaelhttps://gitlab.torproject.org/legacy/trac/-/issues/18090Torcrazybutton eats all memory and crashes Tor Browser2020-06-16T01:27:53ZbugzillaTorcrazybutton eats all memory and crashes Tor BrowserWhen playing mp4 video not on whitelisted youtube, 2 tabs with videos are opened (autoplay, 'cause Temporary allow for site only by NoScript), one tab is closing by user, switch to another, no response, memory is growing, crash...
The mo...When playing mp4 video not on whitelisted youtube, 2 tabs with videos are opened (autoplay, 'cause Temporary allow for site only by NoScript), one tab is closing by user, switch to another, no response, memory is growing, crash...
The most suspicious component: NoScript (another one string-handling bug?)
Continuing investigation...
Log:
Faulting application name: firefox.exe, version: 38.5.0.0, time stamp: 0x00000000
Faulting module name: mozalloc.dll, version: 38.5.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00001582
Faulting process id: 0xf64
Faulting application path: C:\%REMOVED%\Tor Browser\Browser\firefox.exe
Faulting module path: C:\%REMOVED%\Tor Browser\Browser\mozalloc.dll
DynamicSig[1].Name=OS Version
DynamicSig[1].Value=6.1.7601.2.1.0.256.1
DynamicSig[22].Name=Additional Information 1
DynamicSig[22].Value=0a9e
DynamicSig[23].Name=Additional Information 2
DynamicSig[23].Value=0a9e372d3b4ad19135b953a78882e789
DynamicSig[24].Name=Additional Information 3
DynamicSig[24].Value=0a9e
DynamicSig[25].Name=Additional Information 4
DynamicSig[25].Value=0a9e372d3b4ad19135b953a78882e789https://gitlab.torproject.org/legacy/trac/-/issues/9521"new identity" leaks memory in eventSuppressor.suppressEventHandling()2020-06-16T01:27:35ZRoger Dingledine"new identity" leaks memory in eventSuppressor.suppressEventHandling()According to skruffy, each tab that's open when you click 'new identity' contributes to more lost memory.
For normal tabs, when you close them, eventually the memory from them garbage collects or otherwise returns to the system. For tab...According to skruffy, each tab that's open when you click 'new identity' contributes to more lost memory.
For normal tabs, when you close them, eventually the memory from them garbage collects or otherwise returns to the system. For tabs closed by new identity, it remains lost.https://gitlab.torproject.org/legacy/trac/-/issues/3600Prevent redirects from transmitting+storing cookies+identifiers2020-06-16T01:27:32ZMike PerryPrevent redirects from transmitting+storing cookies+identifiersI've been using RequestPolicy for so long I'd not realized that redirects have been getting more and more transparent. In Firefox 4/5, the loading indications are impossible to differentiate between redirects and 3rd party loads.
There ...I've been using RequestPolicy for so long I'd not realized that redirects have been getting more and more transparent. In Firefox 4/5, the loading indications are impossible to differentiate between redirects and 3rd party loads.
There does not appear to be any obvious about:config options to enable more prompting either. We may have to dig into the RequestPolicy source to see how they do this.
Redirect notification is important if we're going to try to keep 3rd party cookies disabled (or dual-keyed). If redirects are 100% transparent, there's little point in disabling 3rd party cookies.
NoScript has some options for notifying in the case of JS redirects. We'll probably want to enable those options in TBB, too.https://gitlab.torproject.org/legacy/trac/-/issues/18820Integrate code signing into the release process2020-06-16T01:26:54ZGeorg KoppenIntegrate code signing into the release processWe should integrate the OS X code signing as good as we can into our release process. We have the following pieces at the moment
1) We create a .dmg file as the result of our build process
2) We have a signing machine where these files ...We should integrate the OS X code signing as good as we can into our release process. We have the following pieces at the moment
1) We create a .dmg file as the result of our build process
2) We have a signing machine where these files need to get transferred to
3) We need to sign the TorBrowser.app inside the .dmg file
4) We need to ship the .dmg file with the signed app
Taking these into account it seems quite cumbersome to automate this even a bit. But maybe there is something I am missing.
This ticket is not about signing/removing the signature in a reproducible fashion. Getting this going is very likely a separate fun task.https://gitlab.torproject.org/legacy/trac/-/issues/32342Tor Browser for Android crashes when opening the locale pane in the settings2020-06-16T01:25:52ZGeorg KoppenTor Browser for Android crashes when opening the locale pane in the settingsTry changing the locale via the settings. The result is the app crashing:
```
10-30 11:06:17.176 18942 18942 D GeckoLocaleList: Building locales list. Current locale: sv_SE
10-30 11:06:17.191 18942 18942 E GeckoJarReader: !!! BUG 849589 ...Try changing the locale via the settings. The result is the app crashing:
```
10-30 11:06:17.176 18942 18942 D GeckoLocaleList: Building locales list. Current locale: sv_SE
10-30 11:06:17.191 18942 18942 E GeckoJarReader: !!! BUG 849589 !!! origUrl=jar:jar:file:/data/app/org.torproject.torbrowser-1/base.apk!/assets/omni.ja!/res/multilocale.txt
10-30 11:06:17.191 18942 18942 E GeckoJarReader: java.lang.IllegalArgumentException: Got class java.util.zip.InflaterInputStream, but expected ByteBufferInputStream!
10-30 11:06:17.191 18942 18942 E GeckoJarReader: at org.mozilla.gecko.mozglue.NativeZip.<init>(NativeZip.java:30)
10-30 11:06:17.191 18942 18942 E GeckoJarReader: at org.mozilla.gecko.util.GeckoJarReader.getStream(GeckoJarReader.java:208)
10-30 11:06:17.191 18942 18942 E GeckoJarReader: at org.mozilla.gecko.util.GeckoJarReader.getText(GeckoJarReader.java:86)
10-30 11:06:17.191 18942 18942 E GeckoJarReader: at org.mozilla.gecko.BrowserLocaleManager.getPackagedLocaleTags(BrowserLocaleManager.java:425)
10-30 11:06:17.191 18942 18942 E GeckoJarReader: at org.mozilla.gecko.preferences.LocaleListPreference.getUsableLocales(LocaleListPreference.java:222)
10-30 11:06:17.191 18942 18942 E GeckoJarReader: at org.mozilla.gecko.preferences.LocaleListPreference.buildList(LocaleListPreference.java:293)
10-30 11:06:17.191 18942 18942 E GeckoJarReader: at org.mozilla.gecko.preferences.LocaleListPreference.<init>(LocaleListPreference.java:110)
10-30 11:06:17.191 18942 18942 E GeckoJarReader: at java.lang.reflect.Constructor.newInstance(Native Method)
10-30 11:06:17.191 18942 18942 E GeckoJarReader: at android.preference.GenericInflater.createItem(GenericInflater.java:385)
10-30 11:06:17.191 18942 18942 E GeckoJarReader: at android.preference.GenericInflater.createItemFromTag(GenericInflater.java:432)
10-30 11:06:17.191 18942 18942 E GeckoJarReader: at android.preference.GenericInflater.rInflate(GenericInflater.java:483)
10-30 11:06:17.191 18942 18942 E GeckoJarReader: at android.preference.GenericInflater.rInflate(GenericInflater.java:495)
10-30 11:06:17.191 18942 18942 E GeckoJarReader: at android.preference.GenericInflater.inflate(GenericInflater.java:327)
10-30 11:06:17.191 18942 18942 E GeckoJarReader: at android.preference.GenericInflater.inflate(GenericInflater.java:264)
10-30 11:06:17.191 18942 18942 E GeckoJarReader: at android.preference.PreferenceManager.inflateFromResource(PreferenceManager.java:274)
10-30 11:06:17.191 18942 18942 E GeckoJarReader: at android.preference.PreferenceFragment.addPreferencesFromResource(PreferenceFragment.java:302)
10-30 11:06:17.191 18942 18942 E GeckoJarReader: at org.mozilla.gecko.preferences.GeckoPreferenceFragment.loadPreferences(GeckoPreferenceFragment.java:201)
10-30 11:06:17.191 18942 18942 E GeckoJarReader: at org.mozilla.gecko.preferences.GeckoPreferenceFragment.onCreate(GeckoPreferenceFragment.java:73)
10-30 11:06:17.191 18942 18942 E GeckoJarReader: at android.app.Fragment.performCreate(Fragment.java:2242)
10-30 11:06:17.191 18942 18942 E GeckoJarReader: at android.app.FragmentManagerImpl.moveToState(FragmentManager.java:948)
10-30 11:06:17.191 18942 18942 E GeckoJarReader: at android.app.FragmentManagerImpl.moveToState(FragmentManager.java:1164)
10-30 11:06:17.191 18942 18942 E GeckoJarReader: at android.app.BackStackRecord.run(BackStackRecord.java:793)
10-30 11:06:17.191 18942 18942 E GeckoJarReader: at android.app.FragmentManagerImpl.execPendingActions(FragmentManager.java:1557)
10-30 11:06:17.191 18942 18942 E GeckoJarReader: at android.app.FragmentController.execPendingActions(FragmentController.java:326)
10-30 11:06:17.191 18942 18942 E GeckoJarReader: at android.app.Activity.performStart(Activity.java:6942)
10-30 11:06:17.191 18942 18942 E GeckoJarReader: at android.app.ActivityThread.performLaunchActivity(ActivityThread.java:3276)
10-30 11:06:17.191 18942 18942 E GeckoJarReader: at android.app.ActivityThread.handleLaunchActivity(ActivityThread.java:3415)
10-30 11:06:17.191 18942 18942 E GeckoJarReader: at android.app.ActivityThread.access$1100(ActivityThread.java:229)
10-30 11:06:17.191 18942 18942 E GeckoJarReader: at android.app.ActivityThread$H.handleMessage(ActivityThread.java:1821)
10-30 11:06:17.191 18942 18942 E GeckoJarReader: at android.os.Handler.dispatchMessage(Handler.java:102)
10-30 11:06:17.191 18942 18942 E GeckoJarReader: at android.os.Looper.loop(Looper.java:148)
10-30 11:06:17.191 18942 18942 E GeckoJarReader: at android.app.ActivityThread.main(ActivityThread.java:7331)
10-30 11:06:17.191 18942 18942 E GeckoJarReader: at java.lang.reflect.Method.invoke(Native Method)
10-30 11:06:17.191 18942 18942 E GeckoJarReader: at com.android.internal.os.ZygoteInit$MethodAndArgsCaller.run(ZygoteInit.java:1230)
10-30 11:06:17.191 18942 18942 E GeckoJarReader: at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:1120)
10-30 11:06:17.191 18942 18942 D AndroidRuntime: Shutting down VM
10-30 11:06:17.191 18942 18942 E AndroidRuntime: FATAL EXCEPTION: main
10-30 11:06:17.191 18942 18942 E AndroidRuntime: Process: org.torproject.torbrowser, PID: 18942
10-30 11:06:17.191 18942 18942 E AndroidRuntime: java.lang.RuntimeException: Unable to start activity ComponentInfo{org.torproject.torbrowser/org.mozilla.gecko.preferences.GeckoPreferences}: android.view.InflateException: Binary XML file line #5: Error inflating class java.lang.reflect.Constructor
10-30 11:06:17.191 18942 18942 E AndroidRuntime: at android.app.ActivityThread.performLaunchActivity(ActivityThread.java:3319)
10-30 11:06:17.191 18942 18942 E AndroidRuntime: at android.app.ActivityThread.handleLaunchActivity(ActivityThread.java:3415)
10-30 11:06:17.191 18942 18942 E AndroidRuntime: at android.app.ActivityThread.access$1100(ActivityThread.java:229)
10-30 11:06:17.191 18942 18942 E AndroidRuntime: at android.app.ActivityThread$H.handleMessage(ActivityThread.java:1821)
10-30 11:06:17.191 18942 18942 E AndroidRuntime: at android.os.Handler.dispatchMessage(Handler.java:102)
10-30 11:06:17.191 18942 18942 E AndroidRuntime: at android.os.Looper.loop(Looper.java:148)
10-30 11:06:17.191 18942 18942 E AndroidRuntime: at android.app.ActivityThread.main(ActivityThread.java:7331)
10-30 11:06:17.191 18942 18942 E AndroidRuntime: at java.lang.reflect.Method.invoke(Native Method)
10-30 11:06:17.191 18942 18942 E AndroidRuntime: at com.android.internal.os.ZygoteInit$MethodAndArgsCaller.run(ZygoteInit.java:1230)
10-30 11:06:17.191 18942 18942 E AndroidRuntime: at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:1120)
10-30 11:06:17.191 18942 18942 E AndroidRuntime: Caused by: android.view.InflateException: Binary XML file line #5: Error inflating class java.lang.reflect.Constructor
10-30 11:06:17.191 18942 18942 E AndroidRuntime: at android.preference.GenericInflater.createItem(GenericInflater.java:399)
10-30 11:06:17.191 18942 18942 E AndroidRuntime: at android.preference.GenericInflater.createItemFromTag(GenericInflater.java:432)
10-30 11:06:17.191 18942 18942 E AndroidRuntime: at android.preference.GenericInflater.rInflate(GenericInflater.java:483)
10-30 11:06:17.191 18942 18942 E AndroidRuntime: at android.preference.GenericInflater.rInflate(GenericInflater.java:495)
10-30 11:06:17.191 18942 18942 E AndroidRuntime: at android.preference.GenericInflater.inflate(GenericInflater.java:327)
10-30 11:06:17.191 18942 18942 E AndroidRuntime: at android.preference.GenericInflater.inflate(GenericInflater.java:264)
10-30 11:06:17.191 18942 18942 E AndroidRuntime: at android.preference.PreferenceManager.inflateFromResource(PreferenceManager.java:274)
10-30 11:06:17.191 18942 18942 E AndroidRuntime: at android.preference.PreferenceFragment.addPreferencesFromResource(PreferenceFragment.java:302)
10-30 11:06:17.191 18942 18942 E AndroidRuntime: at org.mozilla.gecko.preferences.GeckoPreferenceFragment.loadPreferences(GeckoPreferenceFragment.java:201)
10-30 11:06:17.191 18942 18942 E AndroidRuntime: at org.mozilla.gecko.preferences.GeckoPreferenceFragment.onCreate(GeckoPreferenceFragment.java:73)
10-30 11:06:17.191 18942 18942 E AndroidRuntime: at android.app.Fragment.performCreate(Fragment.java:2242)
10-30 11:06:17.191 18942 18942 E AndroidRuntime: at android.app.FragmentManagerImpl.moveToState(FragmentManager.java:948)
10-30 11:06:17.191 18942 18942 E AndroidRuntime: at android.app.FragmentManagerImpl.moveToState(FragmentManager.java:1164)
10-30 11:06:17.191 18942 18942 E AndroidRuntime: at android.app.BackStackRecord.run(BackStackRecord.java:793)
10-30 11:06:17.191 18942 18942 E AndroidRuntime: at android.app.FragmentManagerImpl.execPendingActions(FragmentManager.java:1557)
10-30 11:06:17.191 18942 18942 E AndroidRuntime: at android.app.FragmentController.execPendingActions(FragmentController.java:326)
10-30 11:06:17.191 18942 18942 E AndroidRuntime: at android.app.Activity.performStart(Activity.java:6942)
10-30 11:06:17.191 18942 18942 E AndroidRuntime: at android.app.ActivityThread.performLaunchActivity(ActivityThread.java:3276)
10-30 11:06:17.191 18942 18942 E AndroidRuntime: ... 9 more
10-30 11:06:17.191 18942 18942 E AndroidRuntime: Caused by: java.lang.reflect.InvocationTargetException
10-30 11:06:17.191 18942 18942 E AndroidRuntime: at java.lang.reflect.Constructor.newInstance(Native Method)
10-30 11:06:17.191 18942 18942 E AndroidRuntime: at android.preference.GenericInflater.createItem(GenericInflater.java:385)
10-30 11:06:17.191 18942 18942 E AndroidRuntime: ... 26 more
10-30 11:06:17.191 18942 18942 E AndroidRuntime: Caused by: java.lang.IllegalArgumentException: !!! BUG 849589 !!! origUrl=jar:jar:file:/data/app/org.torproject.torbrowser-1/base.apk!/assets/omni.ja!/res/multilocale.txt
10-30 11:06:17.191 18942 18942 E AndroidRuntime: at org.mozilla.gecko.util.GeckoJarReader.getStream(GeckoJarReader.java:212)
10-30 11:06:17.191 18942 18942 E AndroidRuntime: at org.mozilla.gecko.util.GeckoJarReader.getText(GeckoJarReader.java:86)
10-30 11:06:17.191 18942 18942 E AndroidRuntime: at org.mozilla.gecko.BrowserLocaleManager.getPackagedLocaleTags(BrowserLocaleManager.java:425)
10-30 11:06:17.191 18942 18942 E AndroidRuntime: at org.mozilla.gecko.preferences.LocaleListPreference.getUsableLocales(LocaleListPreference.java:222)
10-30 11:06:17.191 18942 18942 E AndroidRuntime: at org.mozilla.gecko.preferences.LocaleListPreference.buildList(LocaleListPreference.java:293)
10-30 11:06:17.191 18942 18942 E AndroidRuntime: at org.mozilla.gecko.preferences.LocaleListPreference.<init>(LocaleListPreference.java:110)
10-30 11:06:17.191 18942 18942 E AndroidRuntime: ... 28 more
```https://gitlab.torproject.org/legacy/trac/-/issues/19410Incremental updates from 6.0 to 6.0.1 are not working on OS X2020-06-16T01:24:48ZGeorg KoppenIncremental updates from 6.0 to 6.0.1 are not working on OS XI tried to update from 6.0 to 6.0.1 and first it downloads the incremental update. Verification is fine it seems but then I get the following error:
```
AUS:SVC Downloader:_verifyDownload called
AUS:SVC Downloader:_verifyDownload downloa...I tried to update from 6.0 to 6.0.1 and first it downloads the incremental update. Verification is fine it seems but then I get the following error:
```
AUS:SVC Downloader:_verifyDownload called
AUS:SVC Downloader:_verifyDownload downloaded size == expected size.
AUS:SVC Downloader:_verifyDownload hashes match.
AUS:SVC Downloader:onStopRequest - setting state to: pending
AUS:SVC Downloader:onStopRequest - attempting to stage update: Tor Browser 6.0.1
AUS:SVC readStatusFile - status: failed: 2, path: /Users/release/Desktop/TorBrowser-Data/UpdateInfo/Users/release/Desktop/TorBrowser/updates/0/update.status
AUS:SVC handleFallbackToCompleteUpdate - install of partial patch failed, downloading complete patch
AUS:SVC Creating Downloader
AUS:SVC UpdateService:_downloadUpdate
AUS:SVC readStringFromFile - file doesn't exist: /Users/release/Desktop/TorBrowser-Data/UpdateInfo/Users/release/Desktop/TorBrowser/updates/0/update.status
AUS:SVC readStatusFile - status: null, path: /Users/release/Desktop/TorBrowser-Data/UpdateInfo/Users/release/Desktop/TorBrowser/updates/0/update.status
AUS:SVC Downloader:_selectPatch - found existing patch with state: null
AUS:SVC Downloader:downloadUpdate - downloading from https://www.torproject.org/dist/torbrowser/6.0.1/tor-browser-osx64-6.0.1_en-US.mar to /Users/release/Desktop/TorBrowser-Data/UpdateInfo/Users/release/Desktop/TorBrowser/updates/0/update.mar
AUS:SVC UpdateManager:refreshUpdateStatus - Notifying observers that the update was staged. state: downloading, status: failed: 2
```
And the browser is falling back to downloading and applying the full update successfully.boklmboklmhttps://gitlab.torproject.org/legacy/trac/-/issues/31383OpenSSL CVE-2019-15522020-06-16T01:12:57ZcypherpunksOpenSSL CVE-2019-1552https://github.com/openssl/openssl/pull/9400https://github.com/openssl/openssl/pull/9400