Tor Browser issueshttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues2024-03-11T14:40:50Zhttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41100Add unsupported OS warning UX when tor-browser upgrade cannot happen due to u...2024-03-11T14:40:50ZrichardAdd unsupported OS warning UX when tor-browser upgrade cannot happen due to user's device no longer meeting min-specWe have logic in UpdateService.jsm that detects when the user's OS version is incompatible with a pending update, but we don't have any UX to tell the user about it.
As part of this we should also add a debug pref for exercising this co...We have logic in UpdateService.jsm that detects when the user's OS version is incompatible with a pending update, but we don't have any UX to tell the user about it.
As part of this we should also add a debug pref for exercising this code path (similar to how we use `torbrowser.debug.censorship_level` in TorConnect.jsm)Sponsor 131 - Phase 2 - Privacy Browserhttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41045Phantom update notification in Tor Browser Alpha2022-11-30T15:26:53ZninaPhantom update notification in Tor Browser Alpha<!--
* Use this issue template for reporting a new bug.
-->
### Summary
After opening TB Alpha the browser informed about the existing update. However, failed to update automatically. So I deleted existing TB Alpha an re-installed from ...<!--
* Use this issue template for reporting a new bug.
-->
### Summary
After opening TB Alpha the browser informed about the existing update. However, failed to update automatically. So I deleted existing TB Alpha an re-installed from the TP web site. However, I started browser anew I got an update reminder again. Then I checked for updates in Settings. And it said the browser was up to date. The update notification dissipated
But after I restart the update notification showed up again. And it did not disappeared after checking for updates.
I restarted again and got the red screen. Then I restarted again and got new update notification
### Steps to reproduce:
**How one can reproduce the issue - this is very important.**
1. Open TB Alpha
### Environment
MacOS Monterey
TB Alpha 11.5a13
### Relevant logs and/or screenshots
![Screenshot_2022-07-06_at_11.48.10](/uploads/22295fbbcb7521a4c60026b0b6c21e5a/Screenshot_2022-07-06_at_11.48.10.png)
![Screenshot_2022-07-06_at_11.38.20](/uploads/572e815c141108d2e7f04b85b1031039/Screenshot_2022-07-06_at_11.38.20.png)https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/34319remove symlink support from the updater2023-05-13T09:51:57ZMark Smithremove symlink support from the updaterOur updater patch (legacy/trac#4234) adds support for handling symlinks during MAR file generation and in the updater itself. The original reason for adding this feature was to support meek's use of a second browser for its HTTP tunnel; ...Our updater patch (legacy/trac#4234) adds support for handling symlinks during MAR file generation and in the updater itself. The original reason for adding this feature was to support meek's use of a second browser for its HTTP tunnel; see legacy/trac#12647.
We no longer use symlinks on any platform. Kathy and I think we should remove the symlink portions of the legacy/trac#4234 patch (smaller patches == good).Sponsor 131 - Phase 3 - Major ESR 102 Migrationhttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/32394Update Progress Bar doesn't use translations2023-01-05T17:35:34ZTracUpdate Progress Bar doesn't use translationsWhile Tor Browser v9.0 (MK locale) is updating to v9.0.1 the **Update Progress Bar** doesn't use MK translation string(s).
![https://i.ibb.co/Xxhx0Kd/Update-Progress-Bar-not-use-MK-translations.png](https://i.ibb.co/Xxhx0Kd/Update-Progr...While Tor Browser v9.0 (MK locale) is updating to v9.0.1 the **Update Progress Bar** doesn't use MK translation string(s).
![https://i.ibb.co/Xxhx0Kd/Update-Progress-Bar-not-use-MK-translations.png](https://i.ibb.co/Xxhx0Kd/Update-Progress-Bar-not-use-MK-translations.png)
**Trac**:
**Username**: Zarko_Gjurovhttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/30977Make it possible to measure Tor performance while doing Tor Browser updates/u...2023-01-05T17:34:11ZGeorg KoppenMake it possible to measure Tor performance while doing Tor Browser updates/update pingsWhile being at All Hands ekr had the idea that we could make it possible to measure Tor performance when doing update pings and downloading updates. The idea is _not_ to send the data somewhere, rather being able to measure the time the ...While being at All Hands ekr had the idea that we could make it possible to measure Tor performance when doing update pings and downloading updates. The idea is _not_ to send the data somewhere, rather being able to measure the time the ping/updates take if one wants to look at that. We could emit a log message with the time it took for those actions and whether errors occurred (that e.g. led to retrying the whole thing).https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/29811Enable static PKP for aus12023-01-05T17:32:09ZGeorg KoppenEnable static PKP for aus1While we have HPKP for aus1 right now, we should try to add the pin to the static list to make sure that our update checks are not messed with right from the first start. That's a stopgap until we have proper .onion support for those.While we have HPKP for aus1 right now, we should try to add the pin to the static list to make sure that our update checks are not messed with right from the first start. That's a stopgap until we have proper .onion support for those.https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/29252Don't disable TLS 1.3 for update checks2023-01-05T17:31:54ZGeorg KoppenDon't disable TLS 1.3 for update checks**Original**:
> When constructing the request for the `update.xml` file TLS 1.3 is disabled:
> ```
> // Disable cutting edge features, like TLS 1.3, where middleboxes might brick us
> this._request.channel.QueryInterface(Ci.n...**Original**:
> When constructing the request for the `update.xml` file TLS 1.3 is disabled:
> ```
> // Disable cutting edge features, like TLS 1.3, where middleboxes might brick us
> this._request.channel.QueryInterface(Ci.nsIHttpChannelInternal).beConservative = true;
> ```
> The tests on the Internet maintain that the machines behind aus1 do not support TLS 1.3 (weasel tells me our machines behind aus1 *do* support TLS 1.3). Be that as it may, we should offer TLS 1.3. (This got mentioned as part of BLRG-PT-18-007 in the Firefox updater audit (https://bugzilla.mozilla.org/attachment.cgi?id=8985197) as well).
Per @lavamind ( https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/29252#note_2821144 ) we should be able to revert this now.https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/25064Don't record update history on the Tor Browser2023-06-28T08:16:00ZcypherpunksDon't record update history on the Tor Browser1. Open "about:support".
2. Click "Show update history".
My TBB shows long history.
Can you stop logging these(and clear existing history)?
The date/time information is useful to track Tor users.1. Open "about:support".
2. Click "Show update history".
My TBB shows long history.
Can you stop logging these(and clear existing history)?
The date/time information is useful to track Tor users.https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/19909Think about switching to Balrog for our server side Tor Browser update compon...2022-12-09T14:09:06ZGeorg KoppenThink about switching to Balrog for our server side Tor Browser update componentsWhile discussing legacy/trac#19890 with Mozilla engineers we came across the topic on how we handle our server-side update part. It turns out that they basically did back then what we are doing now. They recommended to look at Balrog onc...While discussing legacy/trac#19890 with Mozilla engineers we came across the topic on how we handle our server-side update part. It turns out that they basically did back then what we are doing now. They recommended to look at Balrog once we believe our needs do not scale anymore/or the system feels like being messed up etc. See: https://mozilla-balrog.readthedocs.io/en/latest/infrastructure.html for details.Sponsor 131 - Phase 4 - Browser Release Managementhttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/18292staged updates fail on Windows2023-10-11T20:42:52ZMark Smithstaged updates fail on WindowsOn Windows, staged updates currently fail (I am not sure if they ever worked correctly, but I think they have not been working at least since MAR signing was introduced). The good news is that typically users do not notice the failure be...On Windows, staged updates currently fail (I am not sure if they ever worked correctly, but I think they have not been working at least since MAR signing was introduced). The good news is that typically users do not notice the failure because the updater silently falls back to doing an in-place update. The failure occurs after the user restarts their browser to apply the update: switching to the staged copy that is under Browser/updated fails because files are in use under the Browser directory, and Windows does not allow a directory to be renamed if any open handles point to files within the directory or if any DLLs located in the directory are in use (at least that is my understanding based on my limited knowledge of system behavior on Windows).
To fix this we will need to do two things:
1) Copy updater.exe and the DLLs it uses into a temporary directory and run it from there.
2) Modify the updater.exe code to not open and hold onto a handle for a log file that is located under Browser/TorBrowser.
Because these changes will not be trivial to implement and test, I propose that for the stable branch of Tor Browser (5.5) we disable staged updates on Windows. That is a safe thing to do and it will speed up updates since currently updates are applied twice (one time to stage the update, which then fails, and a second time to do an in-place update, which succeeds). Of course we should fix this correctly for TB 6.0 and test it during one or more of our alpha cycles.
One challenge is knowing which of our bundled DLLs the updater depends on. The set of DLLs might change over time, and some components such as NSS load DLLs at runtime (so it is not just a matter of checking DLL dependencies by dumping linker info from updater.exe).
This ticket was split off from legacy/trac#18170.https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/17216Make Tor Browser's updater work over Hidden Services2022-11-30T16:46:33ZIsis LovecruftMake Tor Browser's updater work over Hidden ServicesThis would provide additional cover traffic for other HSes. Another proposal from the (second) HS guard discovery protections meeting at the 2015 Berlin Tor developer meeting was to only have clients check for new Tor Browser updates via...This would provide additional cover traffic for other HSes. Another proposal from the (second) HS guard discovery protections meeting at the 2015 Berlin Tor developer meeting was to only have clients check for new Tor Browser updates via some HS(es), and then do the actual download of the update over the regular non-HS mirrors.https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/14971Log certificate if there is a certificate error while checking for Tor Browse...2023-01-05T16:57:09ZGeorg KoppenLog certificate if there is a certificate error while checking for Tor Browser updatesYesterday, I saw a certificate error during the update check of Tor Browser. I was quite sad to not be able to see which certificate caused this issue. Maybe we can log all the relevant values if update logging is enabled in this case. B...Yesterday, I saw a certificate error during the update check of Tor Browser. I was quite sad to not be able to see which certificate caused this issue. Maybe we can log all the relevant values if update logging is enabled in this case. Bonus points if we can get the respective exit node for the connection.