Custom Query (4697 matches)

Filters
 
Or
 
  
 
Columns

Show under each result:


Results (901 - 1000 of 4697)

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20
Ticket Summary Status Owner Type Priority Milestone
#12863 The http_requests test sometimes only performs one request new hellais defect Medium
Description

It has been reported by some users of ooniprobe [1] that in some circumstances (it is unclear currently exactly how to reproduce this) the report for a http_requests test will only contain one request instead of two. Moreover when this occurs the headers_match and body_length_match keys will be wrongly set to true.

Here is a sample report entry that exhibits this behavior:

---
agent: agent
body_length_match: true
body_proportion: 1.0
control_failure: null
experiment_failure: null
factor: 0.8
headers_diff: !!set {}
headers_match: true
input: http://www.scratchgames.com/
requests:
- request:
    body: null
    headers:
    - - User-Agent
      - ['Mozilla/5.0 (Windows; U; Windows NT 5.1; de; rv:1.9.2) Gecko/20100115 Firefox/3.6']
    method: GET
    tor: {is_tor: false}
    url: http://www.scratchgames.com/
  response:
    body: <h1>Bad Request (Invalid Hostname)</h1>
    code: 400
    headers:
    - - Date
      - ['Mon, 23 Jun 2014 13:03:09 GMT']
    - - Connection
      - [close]
    - - Content-Type
      - [text/html]
    - - Content-Length
      - ['39']
socksproxy: null
...

[1] https://lists.torproject.org/pipermail/ooni-dev/2014-August/000139.html

#12865 Two installer construction instructions is one too many. assigned mttp defect Medium
Description

Tor includes two different NSI files for building the the Tor Expert Bundle installer. One is contrib/win32build/tor.nsi.in, and the other is contrib/win32build/tor-mingw.nsi.in. The former file says right at the top:

; NOTE: This file might be obsolete. Look at tor-mingw.nsi.in instead.

Right now tor-mingw.nsi.in is the only file being used to build the actual NSI. I suspect tor.nsi.in is just dead weight.

< armadev> yeah, you should confirm with erinn that nobody has any use for anything in that file, and then remove it

#12870 Not loading rulesets from HTTPSEverywhereUserRules on Firefox 31.0 / OS X 10.9.4 new zyan defect Medium
Description

HTTPS Everywhere 5.0 development 0, does not load rulesets from XML files in the HTTPSEverywhereUserRules subdirectory in the Firefox profile directory. The same for the latest stable version 3.5.3.

#12879 Obfsproxy has incorrect Error type assigned asn defect Medium
Description

In the socks.py file of obfsproxy there is a small bug with the csv reader.

in line 133: except csvError, err: should be except csv.Error, err:. csvError does not exist and I think its just missing the period.

#12885 Windows Jump Lists fail for Tor Browser new mcs defect Medium
Description

This ticket is a spinoff of #6062 (which I am going to close).

Windows 7 and 8 include a jump lists feature which is used by Firefox to provide a menu of tasks that may be accessed from the Start Menu or Taskbar ("Open new tab", "Open new window", etc.) These task items fail in Tor Browser because we have disabled remoting. Similarly, clicking the main "Tor Browser" pinned item fails for the same reason if Tor Browser is already running.

For now, we should change things so we do not show the jump list items. We can do so by setting these two prefs to false:

browser.taskbar.lists.frequent.enabled browser.taskbar.lists.tasks.enabled

(we also want browser.taskbar.lists.recent.enabled = false but that is already done by default).

Also – although one would think that setting browser.taskbar.lists.enabled = false would be sufficient to turn everything off, doing that may leave old jump list menu items around. So it is better to turn off the three more specific prefs. See:

http://mxr.mozilla.org/mozilla-esr24/source/browser/modules/WindowsJumpLists.jsm#219

#12900 Remove config related naming stuff assigned Sebastian defect Low Tor: unspecified
Description

We should warn users when they specify nicknames anywhere in their Tor config except for the Nickname option

#12901 Remove client-related naming stuff assigned Sebastian defect Low Tor: unspecified
Description

Recognizing the Named flag in a consensus, related data structures.

#12902 ScribD breaks with the rule enabled new zyan defect Medium
Description

ScribD.Com breaks when viewing a page

Using version 3.5.3, on Firefox

This bug appears, for me, when viewing a full page: this was the particular URL: http://www.scribd.com/fullscreen/237238876?access_key=key-dyYcG9f5ue4x6lBrAdmd&allow_share=true&escape=false&view_mode=scroll

#12906 Google image search "redirect notice new zyan defect Medium
Description

I've been using HTTPS Everywhere almost since it first came out, but one thing that has always annoyed me, a lot is how it seems to break parts of google image search. If I on the main page google.com write something I want an image of, it comes up with the most likely image results and a load of text results.

If I then click on one of the image results, it no longer takes me directly to that result, instead it just takes me to the image search result page and I'll have to find the specific image again manually.

If I then find said image and click on it and then click "visit page" or "view image" I'm taken to a redirect notice, and this happens 100% of the time without fail.

I don't actually know if this is something you guys can fix, or if it's on googles end, it's just been annoying me for a long time so I finally decided to report it to someone. Apart from this I love HTTPS Everywhere. Have a nice day =)

P.S. my current version is 3.5.3 but I couldn't find it in the versions thingy, and my browser is firefox 31, and I'm on windows 7 if that helps anythin too.

#12911 Cloudfront Ruleset Breaks IKEA Online Catalogue new zyan defect Medium HTTPS-E next Firefox dev release
Description

When trying to view the IKEA Online Catalogue at http://onlinecatalogue.ikea.com/IE/en/IKEA_Catalogue/ the Cloudfront ruleset is invoked and it prevents the catalogue interface from loading.

Using HTTS-E 5.0dev on Firefox 31

#12930 Someone, somewhere needs to unescape pluggable transport "SMETHOD ARGS" arguments. new asn defect Medium
Description

Per pt-spec.txt:

      - ARGS:K=V,K=V,K=V

        If this option is set, the K=V arguments are added to Tor's
        extrainfo document. Equal signs and commas must be escaped
        with a backslash.

All of obfs4's server (extra info) document arguments end with a number of equal signs because they are Base64 strings.

goptlib does the right thing here and escapes the args, so the trailing Base64 padding passed to tor as part of SMETHOD ARGS ends with \\=. The fun here is that, tor does not unescape the ARGS line, so \\= is what ends up in the extrainfo document on BridgeDB.

The arguments that appear on obfs4 bridge lines should not be escaped, so someone, somewhere between little-t tor, and the place where the arguments appear on whatever BridgeDB frontend the end user sees, needs to unescape the arguments.

#12936 CloudFlare rule breaks wunderground.com new zyan defect Medium
Description

The CloudFlare redirection rule breaks wunderground.com - the weather maps and 10 day forecast no longer display.

Fedora 19 Firefox 31.0 Https Everywhere 4.0.0

#12937 httpse-ruleset-bug : Zencoder flash video not playing new zyan defect Medium HTTPS-E 4 stable
Description

The video doesn't start, it can found here http://www.therealfoodchannel.com/videos/the-food-industry/100-lemon-juice---not.html

#12938 https://members.bet365.com/ stops loading with blank screen new zyan defect Medium
Description

Chrome Version 36.0.1985.143 m Win 8.1 EN 64 bit HTTPS Everywhere 2014.8.22

Go to https://members.bet365.com/ The page stops loading with a blank screen.

Disable by unchecking "bet365 Group (partial)"

Page loads ok: http://www.bet365.com/home/FlashGen4/WebConsoleApp.asp?&cb=xxxxxxxxx

#12941 Firefox is already running. new tbb-team defect Medium
Description

The full error message is reported as "Firefox is already running, but is not responding. To open a new window, you must first close the existing Firefox process, or restart your system." This happens when the user tries to Start Tor Browser after previously closing it normally. The error blocks Tor Browser from launching.

This error has been reported on both Windows and Mac.

Tor Browser is on the Desktop.

User reports that they can indeed find a lingering Firefox.exe process in task manager after Tor Browser has already been closed, and that killing the process allows them to start Tor Browser successfully.

The contents of the Data/Browser/profile.default folder are listed below:

bookmarkbackups File folder 8/22/2014 9:52:45 PM 5/22/2014 6:40:12 AM extensions File folder 8/23/2014 9:40:31 AM 5/22/2014 6:36:45 AM HTTPSEverywhereUserRules File folder 5/22/2014 6:39:55 AM 5/22/2014 6:39:55 AM preferences File folder 5/22/2014 6:36:46 AM 5/22/2014 6:36:46 AM safebrowsing File folder 8/23/2014 9:34:28 AM 8/23/2014 9:34:28 AM startupCache File folder 8/23/2014 9:38:53 AM 8/1/2014 5:02:52 AM thumbnails File folder 5/22/2014 6:40:13 AM 5/22/2014 6:40:13 AM webapps File folder 8/23/2014 9:34:24 AM 5/22/2014 6:40:12 AM blocklist.xml xml 131 KB XML Document 8/23/2014 9:42:27 AM 5/22/2014 6:46:15 AM bookmarks.html html 4 KB Opera Web Document 12/31/1999 8:00:00 PM 12/31/1999 8:00:00 PM cert8.db db 64 KB Data Base File 8/22/2014 9:52:45 PM 5/22/2014 6:39:55 AM compatibility.ini ini 1 KB Configuration settings 8/1/2014 5:02:51 AM 5/22/2014 6:39:55 AM cookies.sqlite sqlite 512 KB SQLITE File 5/22/2014 6:49:22 AM 5/22/2014 6:39:56 AM cookies.sqlite-shm sqlite-shm 32 KB SQLITE-SHM File 8/23/2014 9:34:20 AM 8/23/2014 8:35:09 AM cookies.sqlite-wal sqlite-wal 0 SQLITE-WAL File 8/23/2014 8:35:09 AM 8/23/2014 8:35:09 AM downloads.sqlite sqlite 96 KB SQLITE File 5/22/2014 6:40:24 AM 5/22/2014 6:40:24 AM extensions.ini ini 1 KB Configuration settings 7/31/2014 7:23:44 AM 7/31/2014 7:23:40 AM extensions.sqlite sqlite 448 KB SQLITE File 7/31/2014 7:23:40 AM 5/22/2014 6:39:55 AM formhistory.sqlite sqlite 192 KB SQLITE File 6/29/2014 9:30:11 AM 6/29/2014 9:30:11 AM key3.db db 16 KB Data Base File 8/22/2014 9:52:45 PM 5/22/2014 6:39:55 AM localstore.rdf rdf 3 KB RDF File 8/23/2014 6:50:53 PM 8/23/2014 6:50:53 PM marionette.log log 1 KB Text Document 8/23/2014 9:34:23 AM 5/22/2014 6:39:59 AM mimeTypes.rdf rdf 4 KB RDF File 5/22/2014 6:40:12 AM 5/22/2014 6:40:12 AM parent.lock lock 0 LOCK File 8/23/2014 9:34:19 AM 5/22/2014 6:39:55 AM places.sqlite sqlite 10,240 KB SQLITE File 8/22/2014 10:54:40 AM 5/22/2014 6:40:12 AM places.sqlite-shm sqlite-shm 32 KB SQLITE-SHM File 8/23/2014 9:34:24 AM 8/23/2014 8:35:15 AM places.sqlite-wal sqlite-wal 65 KB SQLITE-WAL File 8/23/2014 10:00:13 AM 8/23/2014 8:35:15 AM pluginreg.dat dat 1 KB DAT File 7/10/2014 8:13:56 AM 7/10/2014 8:13:56 AM prefs.js js 6 KB JScript Script File 8/23/2014 7:10:30 PM 8/23/2014 7:10:30 PM search.json json 21 KB JSON File 5/22/2014 6:40:13 AM 5/22/2014 6:40:13 AM secmod.db db 16 KB Data Base File 5/22/2014 6:39:55 AM 5/22/2014 6:39:55 AM Telemetry.FailedProfileLocks.txt txt 1 KB Text Document 8/23/2014 9:33:58 AM 7/27/2014 4:10:19 PM webappsstore.sqlite sqlite 96 KB SQLITE File 5/22/2014 6:49:22 AM 5/22/2014 6:40:14 AM webappsstore.sqlite-shm sqlite-shm 32 KB SQLITE-SHM File 8/23/2014 9:34:25 AM 8/23/2014 9:34:25 AM webappsstore.sqlite-wal sqlite-wal 0 SQLITE-WAL File 8/23/2014 9:34:25 AM 8/23/2014 9:34:25 AM

#12945 The formatting tools dissappear from this forum platform with this extension. new zyan defect Medium
Description

Example this page:

http://www.overclock.net/t/1509086/i-cant-see-the-formatting-tools-in-chrome-or-give-rep/0_100#post_22752686

But it needs an account to see the issue (since it's the posting formatting tools of the forum).

#12952 PBS Video broken 6 months, "Crossdomain loading denied" assigned ivanovpetr defect Medium
Description

All PBS video has been broken here since March when I installed HTTPS Everywhere... (I never connected the events.) Recently PBS began including an error message - "Error loading skin: Crossdomain loading denied." Disable HTTPS Everywhere and the same video works.

Chrome Version 38.0.2125.8 dev-m, Win7, HTTPS Everywhere 2014.8.22

I can't tell you what your toolbar menu rules show, because every time I click it you get disabled - "This extension may have been corrupted by malware." Makes it rather hard to discover what is blocking pages...

#12959 Google APIs breaks www.mojasvadba.sk new zyan defect Medium
Description

Try for example www.mojasvadba.sk/blog/miriem/album/svadobne-pismena-2asfwq/ Clicking on a photo should display a big photo on the same page. With HTTPS-E Google APIs enabled, it goes to a new page. And on the whole site no "JS" links work ("like" button, showing comments, ...). Firefox 31, HTTPS-E 4.0.0

#12965 Amazon CloudFront compatibility (FF / Chrome) new zyan defect Medium
Description

Some sites fail to load external data unless EFF-HTTPS Everywhere is disabled for the CloudFront service.

#12976 Orbot's new identity feature is not mentioned anywhere in app or documentation new n8fr8 defect Medium
Description

Nowhere in the app UI, wizard or websites can I find any mention of the Orbot's new identity feature. I only discovered it by accident and I'm sure other users will be in a similar position. I thought I'd seen a bug of someone actually requesting for a new identity feature to be added because they didn't know it already existed, but I can't seem to find it now.

I think a simple mention in the UI would be enough. Just like we already have Orbot is deactivated - long press to start -, we could simply change the string Connected to the Tor network to something like Connected to the Tor network - Swipe for new circuit -. A mention in the in-app wizard and/or in the interactive how-to on the Guardian Project website also wouldn't go a miss.

#12977 Fix Firefox's Full Screen Permissions Prompt new tbb-team defect High
Description

It looks like it may be slightly tricky but not impossible to fix the full screen permissions prompt. The full screen code lives in nsDocument::RequestFullScreen(). It actually registers an observer ("fullscreen-approved") topic for reacting to the prompt, but then goes ahead and reparents the element and full screens anyway.

We might be able to refactor this code such that it gets called from the observer callback, after the user has interacted with the dialog.

Probably best done after FF31-ESR though.

#12987 www.MapMyRide.com not fully loading new zyan defect Medium
Description

This site suddenly started failing for all the graphical parts, hover menus and the like. There were per observation no updates to https everywhere add-on 4.0 or firefox 31.0. Reported to mapmyride, but they vain ignorance. Effectively, if https everywhere is disabled, both on android tablet and windows pc, the site loads properly. Enable the add-in and is does the endless wheel spinning again where graphics or lists are supposed to appear. Dev version 5.0.0 of add-in made no difference.

Thx

#12990 route certificate errors assigned defect Medium
Description

So on August 17th, I experienced a weird error and haven't noticed it since, but thought I'd try to determine the cause. I was using the latest TBB (3.6.4) on Ubuntu 14.04 x64. Figure this was just an uber glitch, but wanted to report it just in case it happens for someone else also:

Aug 17 00:45:22.000 [warn] Tried connecting to router at 185.13.39.135:443, but identity key was not as expected: wanted 2F7C841C58F475EDE7C5D69393D07617BF387E99 but got 4279541B61CD552B3E63D53C4857F59FFB45CE4A.

Full session below:

griffin@mercurius:~/Downloads/tor-browser_en-US$ ./start-tor-browser

Launching Tor Browser Bundle for Linux in /home/griffin/Downloads/tor-browser_en-US

(process:29067): GLib-CRITICAL **: g_slice_set_config: assertion 'sys_page_size == 0' failed

(firefox:29067): Gtk-WARNING **: Unable to locate theme engine in module_path: "adwaita",

(firefox:29067): GLib-GObject-WARNING **: Attempt to add property GnomeProgram::sm-connect after class was initialised

(firefox:29067): GLib-GObject-WARNING **: Attempt to add property GnomeProgram::show-crash-dialog after class was initialised

(firefox:29067): GLib-GObject-WARNING **: Attempt to add property GnomeProgram::display after class was initialised

(firefox:29067): GLib-GObject-WARNING **: Attempt to add property GnomeProgram::default-icon after class was initialised
Aug 17 00:43:30.909 [notice] Tor v0.2.4.23 (git-a9ea51dc0bd48126) running on Linux with Libevent 2.0.21-stable and OpenSSL 1.0.1i.
Aug 17 00:43:30.910 [notice] Tor can't help you if you use it wrong! Learn how to be safe at https://www.torproject.org/download/download#warning
Aug 17 00:43:30.910 [notice] Read configuration file "/home/griffin/Downloads/tor-browser_en-US/Data/Tor/torrc-defaults".
Aug 17 00:43:30.910 [notice] Read configuration file "/home/griffin/Downloads/tor-browser_en-US/Data/Tor/torrc".
Aug 17 00:43:30.916 [notice] Opening Socks listener on 127.0.0.1:9150
Aug 17 00:43:30.916 [notice] Opening Control listener on 127.0.0.1:9151
Aug 17 00:43:30.000 [notice] Pluggable transport proxy (fte exec ./Tor/PluggableTransports/fteproxy.bin --managed) does not provide any needed transports and will not be launched.
Aug 17 00:43:30.000 [notice] Pluggable transport proxy (obfs2,obfs3 exec ./Tor/PluggableTransports/obfsproxy.bin managed) does not provide any needed transports and will not be launched.
Aug 17 00:43:30.000 [notice] Pluggable transport proxy (flashproxy exec ./Tor/PluggableTransports/flashproxy-client --register :0 :9000) does not provide any needed transports and will not be launched.
Aug 17 00:43:30.000 [notice] Parsing GEOIP IPv4 file /home/griffin/Downloads/tor-browser_en-US/Data/Tor/geoip.
Aug 17 00:43:30.000 [notice] Parsing GEOIP IPv6 file /home/griffin/Downloads/tor-browser_en-US/Data/Tor/geoip6.
Aug 17 00:43:31.000 [notice] We now have enough directory information to build circuits.
Aug 17 00:43:31.000 [notice] Bootstrapped 80%: Connecting to the Tor network.
Aug 17 00:43:31.000 [notice] New control connection opened.
Aug 17 00:43:31.000 [notice] Pluggable transport proxy (fte exec ./Tor/PluggableTransports/fteproxy.bin --managed) does not provide any needed transports and will not be launched.
Aug 17 00:43:31.000 [notice] Pluggable transport proxy (obfs2,obfs3 exec ./Tor/PluggableTransports/obfsproxy.bin managed) does not provide any needed transports and will not be launched.
Aug 17 00:43:31.000 [notice] Pluggable transport proxy (flashproxy exec ./Tor/PluggableTransports/flashproxy-client --register :0 :9000) does not provide any needed transports and will not be launched.
Aug 17 00:43:31.000 [notice] New control connection opened.
Aug 17 00:43:31.000 [notice] Bootstrapped 85%: Finishing handshake with first hop.
Aug 17 00:43:32.000 [notice] Bootstrapped 90%: Establishing a Tor circuit.
Aug 17 00:43:33.000 [notice] Tor has successfully opened a circuit. Looks like client functionality is working.
Aug 17 00:43:33.000 [notice] Bootstrapped 100%: Done.
Aug 17 00:43:34.000 [notice] New control connection opened.
Aug 17 00:45:22.000 [warn] Tried connecting to router at 185.13.39.135:443, but identity key was not as expected: wanted 2F7C841C58F475EDE7C5D69393D07617BF387E99 but got 4279541B61CD552B3E63D53C4857F59FFB45CE4A.
Aug 17 00:45:27.000 [warn] Tried connecting to router at 77.109.141.139:443, but identity key was not as expected: wanted 527ED954F9E7800AB00BCE366542CB074B42DD2A but got 4279541B61CD552B3E63D53C4857F59FFB45CE4A.
Aug 17 00:45:29.000 [warn] Tried connecting to router at 5.34.183.205:443, but identity key was not as expected: wanted DDD7871C1B7FA32CB55061E08869A236E61BDDF8 but got 4279541B61CD552B3E63D53C4857F59FFB45CE4A.
Aug 17 00:45:30.000 [warn] Tried connecting to router at 88.198.100.230:443, but identity key was not as expected: wanted 093E76DE8EF51256E0FDC51B41237989ADA4AC2E but got 4279541B61CD552B3E63D53C4857F59FFB45CE4A.
Aug 17 00:45:31.000 [warn] Tried connecting to router at 5.39.80.135:443, but identity key was not as expected: wanted AB73816E5D7BC52664CBB9D005FF579BAFEAFE87 but got 4279541B61CD552B3E63D53C4857F59FFB45CE4A.
Aug 17 00:45:34.000 [warn] Tried connecting to router at 86.59.119.83:443, but identity key was not as expected: wanted FC9AC8EA0160D88BCCFDE066940D7DD9FA45495B but got 4279541B61CD552B3E63D53C4857F59FFB45CE4A.
Aug 17 00:45:35.000 [warn] Tried connecting to router at 62.210.84.20:443, but identity key was not as expected: wanted 5A16F7E31B26F286889F20027F57A5E253AF3F23 but got 4279541B61CD552B3E63D53C4857F59FFB45CE4A.
Aug 17 00:45:38.000 [warn] Tried connecting to router at 96.44.189.102:443, but identity key was not as expected: wanted 3B486DEC5A22694C0960B4A97A3665C617C89B1C but got 4279541B61CD552B3E63D53C4857F59FFB45CE4A.
Aug 17 00:45:38.000 [warn] Tried connecting to router at 188.165.138.55:443, but identity key was not as expected: wanted 95A3BC167A575964F40F251B850ABB47960A530D but got 4279541B61CD552B3E63D53C4857F59FFB45CE4A.
Aug 17 00:47:02.000 [warn] Tried connecting to router at 62.210.82.177:443, but identity key was not as expected: wanted 7663AD93B561AA11F40982BBDB3D3063AD28E3C7 but got 4279541B61CD552B3E63D53C4857F59FFB45CE4A.
Aug 17 00:47:04.000 [notice] Owning controller connection has closed -- exiting now.

Tor Browser exited cleanly.
griffin@mercurius:~/Downloads/tor-browser_en-US$ cd
#12993 Fastly breaks www.whitepages.com new zyan defect Medium
Description

The Fastly rule prevents proper rendering of pages on whitepages.com website.

Versions in use: Firefox 31 on Mac OS 10.6.8 HTTPS Everywhere 4.0.0

To reproduce:

Install HTTPS Everywhere. Browse to http://www.whitepages.com

Expected results:

The web page should display as is does w/o HTTPS Everywhere, with an image and dialog boxes for data entry.

Observed results:

The web page shows text only, as if all the Javascript has been lost/blocked.

Workaround: Disable the Fastly rule in HTTPS Everywhere and reload the page.

#12995 default font seems seems to leak system locale information new tbb-team defect Medium
Description

I recently changed the default system locale on my GNU Linux system, and I noticed that afterwards the default font used on web pages in Tor Browser had changed (I didn't change the version/language of Tor Browser).

I suppose that this means that an attacker can guess a user's locale based on the font used to display a page.

#13001 HTTPS Everywhere breaks eloconcursos.com.br new zyan defect High
Description

When HTTPS Everywhere is activated, I can't properly load videos from that website.

Usually, when trying to load videos from eloconcursos.com.br, several rules are marked with the green mark:

YouTube (partial) Google Services AppNexus (partial) Amazon Web Services Cloudfront

One is marked with a lighter green color: Facebook

And one is marked with a red mark: Doubleclick.net (testing)

I don't know how to troubleshoot the issue with HTTPS Everywhere enabled.

It disappears if I click at disable HTTPS Everywhere.

#13005 Please document Tor Browser environment variables new tbb-team defect Medium
Description

It's not uncommon for users to want Tor Browser to use their already running system Tor. Doing this requires familiarity with the TOR_SKIP_LAUNCH environment variable. Rather than only documenting one or some of the env variables, they should all be documented in one place. Users should be able to visit a single document, FAQ entry, or wiki page where they can read the functionality of

TOR_SKIP_LAUNCH TOR_FORCE_NET_CONFIG TOR_CONFIGURE_ONLY TOR_CONTROL_HOST TOR_CONTROL_PORT TOR_CONTROL_PASSWD TOR_CONTROL_COOKIE_AUTH_FILE TOR_SOCKS_HOST TOR_SOCKS_PORT TOR_TRANSPROXY

and how to set each. (Did I miss any?)

#13012 Reviewing Bug #3229: Make content pref service memory-only + clearable assigned boklm defect Medium
Description

I noticed that nsContentPrefService.js can be expected to store prefs in memory, providing that any provided "loading context" has "usePrivateBrowsing" set to true, an assumption that may or may not hold for Firefox's Private Browsing (PB) mode. The patch for #3229 in addition applies to non-PB mode. Since Tor Browser uses PB mode by default, it's not entirely clear whether or not #3229 is needed.

To complicate matters, nsContentPrefService.js has been deprecated in favor of ContentPrefService2.jsm, at least in ESR31. In this new implementation, it looks like PB mode will also use an in-memory store, provided we make the same possibly dangerous assumption that loading contexts will always have "usePrivateBrowsing" set to true.

So my question is: should we drop the #3229 patch (assuming Firefox gets the loading contexts right), or should we be extra defensive and write a similar patch to apply to ContentPrefService2.jsm? Perhaps Mike has some insight here.

#13014 copy and paste trick could be used to deanonymise users new tbb-team defect Medium
Description

This website demonstrates a trick that could easily be used to deanonymise users by tricking them into copying malicious commands into the clipboard.

Mitigating this threat might be difficult, one way would be to display a notification containing the contents of the clipboard whenever something is copied.

#13018 Math routines are OS fingerprintable new tbb-team defect Medium
Description

The Math class now exposes high-precision versions of several mathematical functions. If these are OS-specific, they may be fingerprintable.

https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Math

OS-level fingerprinting probably is not a terribly high priority. The only situation where this is high priority is if different OS versions and library versions end up producing different results for these functions.

#13030 Tor unexpectedly exited needs_information erinn defect Medium
Description

OS: Windows Vista Home premium sp2

Just downloaded Tor browser 3.6.4, installed it fine but everytime I click 'Start Tor Browser' I get the error message

"Tor unexpectedly exited Please restart this application"

But restarting only leads to the same message being given again. I have tried uninstalling and reinstalling.

#13043 torspec lies about accepting both IPv4 and IPv6 for ORAddress lines new massar defect Medium Tor: 0.3.3.x-final
Description

(From this comment on #9380)

tl;dr: The "a"/"or-address" lines, in implementation, only happen once each per router, and only ever contain IPv6 addresses, despite what dir-spec.txt says. The spec says:

     "a" SP address ":" port NL

        [Any number]

        The "or-address" element as specified in section 2.1.1.

and:

   "or-address" SP ADDRESS ":" PORT NL

       [Any number]
      
       ADDRESS = IP6ADDR | IP4ADDR
       IPV6ADDR = an ipv6 address, surrounded by square brackets.
       IPV4ADDR = an ipv4 address, represented as a dotted quad.
       PORT = a number between 1 and 65535 inclusive.                
       An alternative for the address and ORPort of the "router" line, but with
       two added capabilities:  
      
         * or-address can be either an IPv4 or IPv6 address
         * or-address allows for multiple ORPorts and addresses

       A descriptor SHOULD NOT include an or-address line that does nothing but
       duplicate the address:port pair from its "router" line.

       The ordering of or-address lines and their PORT entries matter because
       Tor MAY accept a limited number of addresses or ports. As of Tor 0.2.3.x
       only the first address and the first port are used.

  • In terms of how many "a"/"or-address" lines there may be, the spec is only correct if you pay super close attention to the last sentence (this is actually the first time I've noticed it :) ).
  • In terms of whether IPv4 and/or IPv6 addresses are acceptable, the spec is currently wrong, according to the functions router_rebuild_descriptor() [source] and router_dump_router_to_string() [source] in src/or/router.c in tor's source code.

#13051 TBB 3.6.5 is ignoring ExcludeNodes and ExcludeExitNodes settings new tbb-team defect Medium
Description

Okay, I have TBB set up to Exclude certain nodes based on country, name of node, and IP addresses. Since upgrading to the TBB 3.6.5 new version, TOR has been ignoring my settings completely. It connected to nodes in countries that I have totally blacklisted (based on nodes from them filtering things that are legal in my nation) and nodes that I specifically blacklisted by IP and name.

#13052 Torbrowser window size/rendering issue new tbb-team defect Medium
Description

Hello,

I'm using the dwm window manager (Version 6.0). If I start the Torbrowser, the window is not properly rendered (picture). As soon as I resize the window manually with my cursor, everything works properly.

I'm using the TB 3.6.5.

Kind regards, oierror

#13056 Some stack canaries are still missing on Tor Browser binaries needs_information tbb-team defect Medium
Description

It seems that the following binaries have missing stack canaries:

libmozalloc.so libnssckbi.so libplc4.so libplds4.so TorBrowser/Tor/libgmpxx.so TorBrowser/Tor/libgmpxx.so.4 TorBrowser/Tor/libgmpxx.so.4.3.3 TorBrowser/Tor/PluggableTransports/Crypto/Cipher/_ARC4.so TorBrowser/Tor/PluggableTransports/Crypto/Cipher/_XOR.so TorBrowser/Tor/PluggableTransports/Crypto/Util/_counter.so TorBrowser/Tor/PluggableTransports/meek-client-torbrowser TorBrowser/Tor/PluggableTransports/twisted/python/_initgroups.so TorBrowser/Tor/PluggableTransports/twisted/runner/portmap.so TorBrowser/Tor/PluggableTransports/twisted/test/raiser.so TorBrowser/Tor/PluggableTransports/zope/interface/_zope_interface_coptimizations.so

#13059 Create bad-relays file needs_revision defect Medium Tor: unspecified
Description

In the wake of #12899, it became apparent that redoing the approved-routers file is a good idea. It'll be replaced by a torrc-style file called bad-relays.

#13065 counter downgrade / stale mirror attacks on RecommendedTBBVersions - sign / verify tbb versions file new tbb-team defect Medium
Description

Securely downloading https://www.torproject.org/projects/torbrowser/RecommendedTBBVersions solely relies on SSL, is currently neither signed, nor gets verified by Tor Button.

This is problematic, because should torproject.org's web server or CA be compromised one day, applications such as Tor Button and torbrowser-launcher could be fooled into using an outdated and/or malicious RecommendedTBBVersions file.

Suggestion: could you please, 1) provide a signed version of RecommendedTBBVersions, 2) verify RecommendedTBBVersions in Tor Button.

To prevent downgrade and stale mirror attacks, the signature would have to be renewed after every X weeks, and rejected by the verification mechanism [+ user notification] if is is too old. (Similar to Valid-Until / #9810.)

#13081 Fix build with Visual Studio in Windows needs_review defect Medium Tor: unspecified
Description

I have attached a patch to fix the missing objects during compilation.

The build process itself will have to be better documented in the future.

#13083 HTTPS Everywhere Breaks Video new zyan defect Medium
Description

HTTPS Everywhere for Chrome v 35, 36, & 37, breaks Videos on www.usatoday websites.

Any article that has an embedded javascript video, it will fail to play unless HTTPS Everywhere is disabled. I believe it may be responsible for similar problems on other sites with embedded videos, if and when I can confirm this, I will report those issues here.

I'm not a developer, so I'm just reporting the issue to you folks.

Thanks,

Chuck B. 27463331 [@] opayq.com

#13086 Causing wrong rendering of openstreetmap in Pale Moon new zyan defect Medium
Description

Using the Pale Moon browser the edit page of openstreetmap.org is not properly rendered:

The background sat imagery is not shown and the dropdown menu is empty (see attachments: firefox vs palemoon)

I'm using Palemoon 24.7.1 (x86) on Windows 7 Professional SP 1.

Also reported in Pale Moon forum under https://forum.palemoon.org/viewtopic.php?f=29&t=5622

#13095 Countdown on Apple.com not working new zyan defect Medium
Description

The Apple live event countdown doesn't show numbers on http://www.apple.com/live/.

From dev console:

Tested with HTTPS Everywhere 2014.8.22 in Chrome for Mac 37.0.2062.94. Temporary plugin deactivation solves the problem.

#13110 HTTPS Everywhere with Chrome: display error on www.id.unibe.ch new zyan defect Medium
Description

When HTTPS Everywhere is enable in Chrome/Chromium, some subdomains of unibe.ch are not properly displayed. Examples are www.id.unibe.ch and www.philnat.unibe.ch. I will attach a screenshots of the page with http and with https.

#13112 Some things are probably broken when we advertise multiple ORPorts and only some are reachable new defect Medium Tor: unspecified
Description

Observations on reachability testing made while fixing #12160:

  • We only have a 1-bit notion of reachability; if we get an incoming non-local connection, we assume reachability in onionskin_answer() and call router_orport_found_reachable() to publish a descriptor.
  • We should have a reachability bit per *advertised* ORPort to determine its inclusion in the published descriptor, and publish if and only if we have one or more reachable ORPorts.
  • To implement this, we need a way to link incoming testing circuits to a particular advertised ORPort; we don't know this from the port the underlying channel was listening on because reverse proxies might make this not one-to-one in general.
  • Arma suggests in IRC that netinfo cells know the IP the connection was attempted on and if they were extended with a port number they might provide a sufficient mechanism.
#13121 App Conflict new n8fr8 defect Low
Description

Please disable this app in Android: -> settings-> Apps if you are having problems with Orbot: com.sec.msc.nts.android.proxy

#13140 ooniprobe should realise that the system is out of memory needs_review hellais defect Medium
Description

Currently if you run a test like bridge_reachability and the system runs out of memory the kernel will start randomly killing tor processes. ooniprobe should detect that it is running out of memory and:

1) Print a warning message

2) Stop starting new measurements until the memory usage goes below the critical level

#13147 Curious debian hurd unit test failure new defect Medium Tor: unspecified
Description

0.2.5.7-rc and master fail unit tests on the hurd.

The failing test is util/spawn_background_fail, the reported error is (line 2832 in current master): assert((expected_status) == (process_handle->status)): 1 vs 0.

This only happens when running all unit tests, when I just say src/test/test util/spawn_background_fail, the test passes.

I'm setting this for 0.2.5.x-final because it would be nice to build there for the next release (it's a regression to fail tests against 0.2.4-stable), but if nobody has any ideas I guess we'll defer it

Originally reported by weasel

#13155 I can use an extend cell to remotely determine whether two relays have a connection open new defect Medium Tor: unspecified
Description

Send an extend cell to relay A, listing the address and identity key of relay B but the wrong port.

Relay A calls circuit_extend() for the new cell, which calls channel_get_for_extend(), which tries to figure out if there's a canonical connection already established. To do that, it asks

    if (!channel_is_canonical(chan) &&
         channel_is_canonical_is_reliable(chan) &&
        !channel_matches_target_addr_for_extend(chan, target_addr)) {
      ++n_noncanonical;
      continue;
    }

and channel_matches_target_addr_for_extend() turns into channel_tls_matches_target_method() which basically is

  return tor_addr_eq(&(tlschan->conn->real_addr), target);

It doesn't consider the port. So if there is a canonical channel open, bingo we use it.

But if there isn't one open, then off we go to make one:

      n_chan = channel_connect_for_circuit(&ec.orport_ipv4.addr,
                                           ec.orport_ipv4.port,
                                           (const char*)ec.node_id);

where ec.orport_ipv4.port was set from extend_cell_parse(), i.e. it came from our extend cell. If we specify the wrong port, that connect attempt will fail. Now we can distinguish, remotely, which situation we're in.

#13160 make a deb of meek and get into Debian new dcf defect Medium
Description

aka

apt-get install meek

Speaking for Whonix, this would be very useful. Perhaps for Tails as well, but I am not speaking for them.

#13167 Export dirauth files via directory protocol new defect Medium Tor: unspecified
Description

Metrics downloads a few files (consensus, descriptors, extrainfo, v3 votes) from dirauths for further processing. It'd be good if all these files could be served by Tor directly, as this would alleviate the need for the dirauth ops to take special steps to make these files available.

#13170 network.allow-experiments ~~ FALSE would be better (sane) default new tbb-team defect Medium
Description

trac provides a "version" field, yet I don't see a suitable option

installed: torbrowser-install-3.6.5_en-US.exe help-}aboutTorBrowser: 24.8.0

I'm questioning about:config: network.allow-experiment = true which seems to be an undesirable default

#13185 Orbot still accesses the public Tor network with bridges configured new n8fr8 defect High
Description

I configured Orbot 14.0.8.1 to use bridges, and then set up my upstream firewall to block all connection attempts except to that bridge, yet Orbot still seems to try to connect to many other nodes in the public directory.

Note I have the same configuration on my laptop, and tor does not do this. If bridges are configured, Tor only connects to those IPs.

It should also be possible to observe by inspecting Orbot's connections on your Android device in OS Monitor app's "Connections" tab: https://play.google.com/store/apps/details?id=com.eolwral.osmonitor&hl=en https://f-droid.org/repository/browse/?fdid=com.eolwral.osmonitor

#13198 clean up torbutton use of Mozilla services new tbb-team defect Medium
Description

Most of the invocations to Cc...getService in the torbutton JS code are unnecessary. Writing a patch to clean it up.

#13204 TOR Browser Bundle interprets 'mailto' links as downloads new tbb-team defect Medium
Description

If a 'mailto' link (e.g. mailto:user@…) is clicked, instead of starting a new email in an email client, the TOR Browser Bundle gives the warning:

Tor Browser cannot display this file. You will need to open it with another application. Some types of files can cause applications to connect to the internet without using Tor. To be safe, you should only open downloaded files while offline, or use a Tor live CD such as Tails.

mailto: addresses are not files, and no data can be leaked from clicking on one. To be fixed, this warning should be removed for mailto: addresses and an attempt should be made to open the address in the default system mail client.

#13220 Remember window size and position new tbb-team defect Medium
Description

Hi. Seriously, resizing it everyday gets kinda boring already. So what I'm asking is that you would resize it as you want it and next time you launch Tor Browser it stays like that.

Now it just resets to its jerky default position and size.

#13221 Misleading error messages about bind_ipv4_only and bind_ipv6_only? new defect Low Tor: unspecified
Description
      if (bind_ipv4_only && tor_addr_family(&addr) == AF_INET6) {
        log_warn(LD_CONFIG, "Could not interpret %sPort address as IPv6",
                 portname);
        goto err;
      }

Is this warn mixed up? Same with the one below it.

#13231 Tor(Windows) don't close ports when killed from service control new defect Medium Tor: unspecified
Description

Reproduce steps:

  1. Extract Tor Browser bundle, and copy "Tor" folder to any directory.
  2. Install tor.exe as a service. Wait about 1 minute.
  3. Open "services.msc". Restart "Tor Win32 service".
  4. Tor failed to restart.

tor.exe was closed, but these sockets are still opened. So Tor can't open its ports. <unknown> PID:xxx Prot:TCP LocalP:9150

Expected result: Tor should close its ports when services.msc order him to stop.

#13234 Consensus Algorithm Causes Flip-Flopping new defect Medium Tor: unspecified
Description

I had a relay running on 94.23.214.156. It's an unmetered VPS that is NATed with other VPSes, so everyone ends up with the same IPv4 address, but on different ports with port forwarding. Everyone gets their own IPv6 address, but AFAIK, you can't run a relay without IPv4.

This was fine initially, as my relay just ran on a high-numbered port. Currently, there are two other relays using the same IP. This apparently causes the consensus algorithm to flip-flop, keeping any of the relays from becoming stable.

To mitigate this, I've disabled my relay, but this is a less than ideal situation, especially if someone else starts running a relay.

Relevant IRC discussion:

<Sebastian> well, this situation totally sucks.
<Sebastian> I think it is a Tor bug, too.
<Sebastian> because the dirauths disagree on who they think should go in the consensus
<Sebastian> so there's flopping
<pipeep> Ouch.
<Sebastian> so of the three relays doing potentially useful things, zero are useful atm
<pipeep> Sebastian, well, I can shut down my relay for now, so at least there won't be any flip-flopping.
<pipeep> And I can contact one of the two other relay operators, and we can decide based on who has the beefier box
* galex-713 has quit (Ping timeout: 480 seconds)
<pipeep> The other one didn't appear to put valid contact information
<Sebastian> that would be nice. You can also file a Tor bug with the information so other people can see that this is an issue

...

<pipeep> Sebastian, what's the issue exactly? That the consensus algorithm is unstable?
<Sebastian> that's one of the issues, the other issue is imo the restriction to two relays/IP itself
#13236 investigate Firefox SSL for things that might allow user tracking new tbb-team defect Medium
Description

From a comment by Patrick McManus:

(In reply to David Keeler (:keeler) [use needinfo?] from comment #5)

mcmanus, are there other TLS features that are enabled by default that would allow tracking users? (The aim of this bug is to add an option that would prevent that sort of thing.)

sure - at various levels of granularity. None as extreme as session tickets. Anything that keeps state, right?

some that come to mind:

  • the version intolerance cache
  • our false start behavior involves "have I seen this algorithm before"
  • the hsts database
#13260 Transform code to cleaner c99 style new defect Low Tor: unspecified
Description

For #13233, we added a loose c99 requirement for building Tor. If we decide to keep it through the 0.2.6.x series, we can beautify our code a little.

#13270 spam in torproject.org wiki / consider automated spam prevention assigned hiro defect Medium
Description

https://trac.torproject.org/projects/tor/wiki/doc/TorifyHOWTO?action=diff&version=515

Removed this two or three times already. Manually repeating this is getting boring.

Looks like a manual rather than automated spam.

Maybe for start it would be sufficient to ban the erictenne user account.

#13297 compute_weighted_bandwidths() broken for dirauths new defect Medium Tor: unspecified
Description

I suspect that compute_weighted_bandwidths() is broken for dirauths. All the booleans is_guard, is_exit, etc. are populated according to the node_t.

However, nodelist_set_consensus() which creates those node_ts does not fill in those fields if we are a dirauth:

    if (!authdir) {
      node->is_valid = rs->is_valid;
      node->is_running = rs->is_flagged_running;
      node->is_fast = rs->is_fast;
      node->is_stable = rs->is_stable;
      node->is_possible_guard = rs->is_possible_guard;
...

I don't think this has any big implications, but dirauths are probably doing the wrong path selection. Maybe it's more important if someone is doing bwauth measurements using the dirauth code (if that even makes sense).

#13304 AWS Ruleset Breaks Amazon Previews and Cart new zyan defect Medium
Description

Enabling the Amazon Web Services ruleset breaks Amazon.com/.ca in the following ways:

  • cannot select different preview pictures or bring up the pictures overlay
  • quantity selection in the cart is broken
  • cannot get estimates for shipping/tax

Tested on Firefox 28.0 (HTTPS-E 4.0.1) and Chrome 37.0.2062 (HTTPS-E 2014.9.1).

#13305 joomla.org infinite redirect loop new zyan defect Medium
Description

http://extensions.joomla.org/extensions/e-commerce/paid-downloads/18146

extension redirects to https, server redirects to http, and so it goes

#13307 Tor Browser might crash on Windows if opened from a USB drive. needs_information tbb-team defect Medium
Description

A Windows user reported to the help desk that they experienced a crash when opening Tor Browser from a USB drive, complete with "Windows is searching for a solution to the problem..." dialog (this is the default message Window gives out when any running program crashes). This person said that opening Tor Browser from the Desktop worked fine for them, and they only experienced the problem opening Tor Browser from USB. It sounded like they got this message before TorLauncher started.

#13308 Partial Rule for CNBC breaks the controld on flash video new zyan defect Medium
Description

The partial rule for CNBC ("CNBC - partial") breaks the controls for the Flash object video. With the rule enabled, the flash video appears and starts up, but does not contain the controls, and there is no way to pause the video

Using HTTPS-Everywhere 4.0.1

Disabling the rule allows the control panel to appear

Discovered with: URL: http://www.cnbc.com/id/102035634

The video is a round table discussion

The object reports the player as

thePlatform PDK

with a version:

5.5.3.359507 (2014-08-28 10:04 am)

I am using updated flash:

15.0.0.152

#13309 Make it clearer that the Tor Browser update download is happening over Tor new tbb-team defect Medium
Description

The new update download dialog in Tor Browser 4.0 looks like an operating system dialog that is making a network connection. Normally when one sees an operating system dialog making a network connection, whatever update or whatever is happening doesn't happen over Tor. With Tor Browser, that's not true, as the download does indeed take place over Tor. We should make this clear to our users to assuage doubt.

#13330 citizenaudit.org doesn't work in Tor Browser new tbb-team defect Medium
Description

It's possible to visit the citizenaudit.org website and login, search, etc, but in Tor Browser it's not possible to download files. When clicking on the link to a file, it launches the pricing page. If you right click on a file and save as, it just downloads some html page. I tried disabling HTTPS-E in case it was some issue there, but it persists. I'm not sure if the website itself is broken, if this is specific Tor (network) behavior, or what, but the same actions do work as expected in Chrome.

(Unfortunately, I'm not sure how to give steps to reproduce this unless someone is in possession of a functional login for this website.)

#13332 Cannot log in to lang-8.com (SNS for language learners) using Tor Browser. new tbb-team defect Medium
Description

I am trying to use the website Lang-8 (a social networking site for language learning) with tor browser. I can create an account but I cannot log in. Whenever I enter my user name and password on the lang-8 login page, I am redirected back to the welcome page of the site and I do not appear to be logged in.

I do not get any kind of error message, so I don't think that the site is deliberately blocking tor.

I have tried both Tor Browser version 3.6.6 and 4.0-alpha-3; the problem occurs with both versions.

First I thought that maybe https-everywhere is to blame, but disabling it does not solve the problem.

After some experimentation, I discovered that if I disable the NoScript extension in Tor Browser (via the Addons menu item in Firefox), I can log in to lang-8 successfully. So it seems that NoScript is causing the problem.

Of course, turning off NoScript is not a viable long-term solution. I tried turning on NoScript again, but adding a regexp matching lang-8 urls to the NoScript XSS protection whitelist, but this didn't help.

See also this question on tor stackexchange.

#13333 Android users visiting sites using Tor leave all kinds of incriminating evidence in the logs assigned n8fr8 defect Medium
Description

People using Tor on Android use User-Agents with all kinds of incriminating evidence such as:

"Mozilla/5.0 (Linux; Android 4.1; Nexus 7 Build/JRN84D) AppleWebKit/535.19 (KHTML, like Gecko) Chrome/18.0.1025.166 Safari/535.19"

"Mozilla/5.0 (Linux; U; Android 4.2.2; es-us; HUAWEI Y320-U151 Build/HUAWEIY320-U151) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30"

"Mozilla/5.0 (Linux; U; Android 2.3; en-us; GT-I9100 Build/GRH78) AppleWebKit/533.1 (KHTML, like Gecko) Version/4.0 Mobile Safari/533.1"

These are examples with the least personal information in them and they may or may not be from a popular hidden service.

I am not sure who's software or project is responsible for this but it does not exactly make these people "blend in"

#13347 TicketMaster stadium view does not load new zyan defect Medium
Description

Tried to buy tickets to FC Dallas soccer game. Most of the page loads, but the fancy graphics section that shows you the stadium map and lets you click on the seats did not load.

Disabled only HTTPS Everywhere extension and stadium view loaded fine.

Link is below. (It may not work after the game occurs on Oct 12th, 2014)

http://www.ticketmaster.com/fc-dallas-vs-la-galaxy-frisco-texas-10-12-2014/event/0C004C309CF4AC40?artistid=805930&majorcatid=10004&minorcatid=11

Or click under "Single Game Tickets" on http://www.fcdallas.com/tickets

HTTPS Everywhere 2014.9.11 Chrome Version 37.0.2062.124 OSX 10.9.5

#13367 Rate limit gyroscope sampling frequency on FF mobile new tbb-team defect Medium
Description

By the time we get around to an official mobile port, we should double-check that Mozilla has reduced the sampling rate of the gyroscope on Android: http://crypto.stanford.edu/gyrophone/files/gyromic.pdf

#13378 Addon icons get added/reordered in the toolbar reopened tbb-team defect Medium
Description

In #13318, we tried to set a specific ordering of our addons by setting browser.uiCustomization.state. Unfortunately, because our addons get installed at browser first run, this pref is getting altered and addons are installing themselves into the toolbar anyway, and in an order we do not control. This causes the browser.uiCustomization.state pref to get reset.

Ideally, we'd be able to enforce this pref's original values upon addons after their installation. Unfortunately, resetting this pref to its original default value does not take effect until after browser restart. We need to somehow tell the browser to reorganize the addons back to this default state after their installation.

#13383 Building Tor-Browser fails on mac (using vagrant) because of locale parsing issue new tbb-team defect Medium
Description

When building TorBrowser on a Mac, after building the the VM and fetching all the prerequisites, calling USE_LXC=1 TORSOCKS='' ./mkbundle-mac.sh reliably fails with an error like this:

+ sudo vmbuilder kvm ubuntu --rootsize 15360 --arch=i386 --suite=lucid --addpkg=openssh-server,pciutils,build-essential,git-core,subversion --removepkg=cron --ssh-key=var/id_dsa.pub --ssh-user-key=var/id_dsa.pub --mirror=http://127.0.0.1:3142/archive.ubuntu.com/ubuntu --security-mirror=http://127.0.0.1:3142/security.ubuntu.com/ubuntu --dest=base-lucid-i386 --flavour=virtual --firstboot=/home/vagrant/gitian-builder/target-bin/bootstrap-fixup
2014-10-11 12:42:16,499 INFO    : Calling hook: preflight_check
2014-10-11 12:42:16,507 INFO    : Calling hook: set_defaults
2014-10-11 12:42:16,509 INFO    : Calling hook: bootstrap
2014-10-11 12:44:25,274 INFO    : Calling hook: configure_os
Extracting templates from packages: 100%
2014-10-11 12:44:59,169 INFO    : update-alternatives: error: no alternatives for rsh.
2014-10-11 12:44:59,298 INFO    : update-alternatives: error: no alternatives for rlogin.
2014-10-11 12:44:59,420 INFO    : update-alternatives: error: no alternatives for rcp.
2014-10-11 12:45:02,231 INFO    : Creating SSH2 RSA key; this may take some time ...
2014-10-11 12:45:02,940 INFO    : Creating SSH2 DSA key; this may take some time ...
2014-10-11 12:45:03,329 INFO    : 
2014-10-11 12:45:03,330 INFO    : Warning: Fake initctl called, doing nothing
2014-10-11 12:45:03,338 INFO    : 
2014-10-11 12:45:03,339 INFO    : Warning: Fake initctl called, doing nothing
2014-10-11 12:45:06,154 INFO    : 
2014-10-11 12:45:06,158 INFO    : Current default time zone: 'Etc/UTC'
2014-10-11 12:45:06,179 INFO    : Local time is now:      Sat Oct 11 12:45:06 UTC 2014.
2014-10-11 12:45:06,179 INFO    : Universal Time is now:  Sat Oct 11 12:45:06 UTC 2014.
2014-10-11 12:45:06,180 INFO    : 
2014-10-11 12:45:06,298 INFO    : Cleaning up
2014-10-11 12:45:07,416 ERROR   : Process (['chroot', '/tmp/tmpvvfwM9', 'locale-gen', 'de_DE.utf-8']) returned 1. stdout: , stderr: 
Traceback (most recent call last):
  File "/usr/bin/vmbuilder", line 24, in <module>
    cli.main()
  File "/usr/lib/python2.7/dist-packages/VMBuilder/contrib/cli.py", line 216, in main
    distro.build_chroot()
  File "/usr/lib/python2.7/dist-packages/VMBuilder/distro.py", line 84, in build_chroot
    self.call_hooks('configure_os')
  File "/usr/lib/python2.7/dist-packages/VMBuilder/distro.py", line 67, in call_hooks
    call_hooks(self, *args, **kwargs)
  File "/usr/lib/python2.7/dist-packages/VMBuilder/util.py", line 165, in call_hooks
    getattr(context, func, log_no_such_method)(*args, **kwargs)
  File "/usr/lib/python2.7/dist-packages/VMBuilder/plugins/ubuntu/distro.py", line 149, in configure_os
    self.suite.set_locale()
  File "/usr/lib/python2.7/dist-packages/VMBuilder/plugins/ubuntu/dapper.py", line 351, in set_locale
    self.run_in_target('locale-gen', lang)
  File "/usr/lib/python2.7/dist-packages/VMBuilder/plugins/ubuntu/dapper.py", line 327, in run_in_target
    return self.context.run_in_target(*args, **kwargs)
  File "/usr/lib/python2.7/dist-packages/VMBuilder/plugins/__init__.py", line 86, in run_in_target
    return util.run_cmd('chroot', self.chroot_dir, *args, **kwargs)
  File "/usr/lib/python2.7/dist-packages/VMBuilder/util.py", line 120, in run_cmd
    raise VMBuilderException, "Process (%s) returned %d. stdout: %s, stderr: %s" % (args.__repr__(), status, mystdout.buf, mystderr.buf)
VMBuilder.exception.VMBuilderException: Process (['chroot', '/tmp/tmpvvfwM9', 'locale-gen', 'de_DE.utf-8']) returned 1. stdout: , stderr: 
cp: cannot stat `base-lucid-i386': No such file or directory
i386 lucid VM creation failed

Turns out that this is an instance of bug https://bugs.launchpad.net/vmbuilder/+bug/338317 cropping up, where a locale (in my case) of 'de_DE.utf-8' was the reason for the problem, as 'locale-gen' needs the locale to be 'de_DE.UTF-8'.

Now I'm not entirely sure what the correct fix for this is. My understanding is that the whole point of gitian is to not contaminate the build system with any of the settings from the host system. In that respect it might be the right course of action to actually filter out environment variables like this when creating the gitian images?

Or it might be that proper casing for LANG variables should be enforced? (Not sure what that means) or perhaps changing the locale parser of locale-gen to accent de_DE.utf-8 as the same as de_DE.UTF-8 might be best?

Some more info, I'm building on Darwin 13.4.0 Darwin Kernel Version 13.4.0: Sun Aug 17 19:50:11 PDT 2014; root:xnu-2422.115.4~1/RELEASE_X86_64 x86_64 via vagrant. Env shows this (filtered to lang relevant environment variables) on the virtual machine which generates the containers to build tbb inside:

$ env
LC_ALL=en_US
LANG=de_DE.utf-8
LC_CTYPE=de_DE.UTF-8

which seems inconsistent at least.

#13386 "opening new log file" line goes to err-logfile despite being at loglevel notice new defect Low Tor: unspecified
Description

Although I might image the rationale behind it, it is still confusing, that lines like

[notice] Tor 0.2.5.8-rc (git-a64f3ab3ee5c433c) opening log file.

are in the err log file for a torrc config like this :

# logging # Log notice file /var/log/tor/notice.log Log warn file /var/log/tor/warn.log Log err file /var/log/tor/err.log

Either the prefix "[notice]" should be changed to "[err]" or probably scrubbed away completely.

#13388 HTTPS-E v4.0.1 breaks Amazon dynamic images (FF 32) new zyan defect Medium
Description

For example, on page: www.amazon.com/gp/product/B00HLSTYNS/

With HTTPS-E enabled, clicking on the small images to the left of the main image does nothing. Mousing over the main image does nothing. Disable HTTPS-E and functionality is restored.

#13396 Enabling Amazon Web Services rule breaks Amazon Instant Video new zyan defect Medium
Description

You should be able to see this at

http://www.amazon.com/gp/product/B00I3MPZUW/ref=aivhp_th_piv_trans_a_TH_s_l_0?pf_rd_p=1947241082&pf_rd_s=center-2&pf_rd_t=101&pf_rd_i=2858778011&pf_rd_m=ATVPDKIKX0DER&pf_rd_r=0TCJSCE24FK3D3SQC2Z3

You'll need an Amazon account. It's the first thing that comes up on the Instant Video page: Transparent Episode 1.

#13400 Canvas Fingerprinting: fonts needs_information tbb-team defect High
Description

As I know, TBB blocks ctx.getImageData. But I think it is not enough. Look at this. https://web.archive.org/web/20141016035848/https://gist.github.com/KOLANICH/00b9145743d841cff4d7 I tried this, the fingerprint survives restart of TBB. I don't know, wheither this fingerprint can be used to identify user's OS (at least it can be used to identify fonts) and hardware, but it is differen than the one generated with the browser in the OS.

#13405 sina weibo login may be break new zyan defect Medium
Description

Sina Weibo.com login will to http://login.sina.com.cn/crossdomain2.php?action=login&entry=miniblog ..., the be to https by Sina.xml. but the page required http://js.t.sinajs.cn/t35/miniblog/static/js/sso.js?version=622145aeb50028e8, it may blocked due to "Blocked loading mixed active content" in Firefox web console, and the got a blank page.

#13410 Disable self-signed certificate warnings when visiting .onion sites reopened tbb-team defect Very High
Description

I suspect it's fairly common (or at least, we hope it's common) for users to type https:// instead of http://.

If an onion site doesn't support HTTPS, the user gets an error page because it can't connect. If it does, the user gets an invalid certificate or mismatched certificate warning. CAs do not (yet?) issue certificates for .onion domains, so there are no valid certificates.

But the security of the .onion URL ensures we're talking to the valid so, so ignoring SSL mis-configurations _should_ be safe, as we already have authenticity, integrity, and confidentiality. Right? Or am I missing something?

#13427 CloudFlare captchas often will not load (TBB Beta 4.0-alpha-3) new tbb-team defect Medium
Description

In TorBrowser Beta (4.0-alpha-3), captchas on CloudFlare's 'confirmation' page fail to be displayed.

IRC exchange in #tor-dev: <sssheep> tor browser people: on many sites, I'm now seeing the cloudflare prompt but without captcha <sssheep> this is on the latest TBB beta <sssheep> I can't even use a captcha to prove my innocence, that part simply isn't there <sssheep> it asks me to enter text when I couldn't possibly <sssheep> indepdendently, it sometimes won't even have that part though. Just "leave a message for the site owner?" <sssheep> it is making it seriously hard to use tor. I'm used to captchas, but not being denied the chance to even use them. Google can sometimes relentlessly throw them at me, even if I answer them correctly, but this CloudFlare-screw-you-even-if-you-are-human policy is entirely new to me <sssheep> is this a TBB bug? <helix> sssheep: I think athena was complaining about that the other day <Benjojo> sssheep: This is not us going against Tor users <sssheep> It certainly feels like it? I don't see this behaviour when I use a non-torified browser, and you're not letting me even have a captcha to prove I'm not a zombie. <Benjojo> This our own security that is trying to protect our users <sssheep> You could at least allow me to fill in a captcha, not taunt by leaving it out but including the input field.. <sssheep> Explain, or something. <sssheep> "You are blocked" is better than beating around the bush and making it look like a one-off bug that can be fixed by refreshing

Attached is a screenshot of the behaviour. Is this a TorBrowser bug, CloudFlare bug, Google reCaptcha bug, or somebody else?

#13429 Can't add exception for unverified SSL certificates in Tor Browser 4.0-alpha-3 new tbb-team defect Medium
Description

Clicking on "Confirm Security Exception" doesn't seem to do anything, and won't add me a security exception, thus can't access a website that requires SSL and has a unverified, or self-signed certificate.

#13433 "Update failed" from 4.0-alpha-3 on 32-bit when I have a large file in my browser tree new tbb-team defect Medium
Description

In Tor Browser 4.0-alpha-3, tonight I clicked Help -> About Tor Browser and then clicked to find updates, and it did, and it downloaded the thing, and then when I went back to the update download window it said "Update Failed. Download the latest version." where the second sentence is a link to https://www.torproject.org/download/download-easy.html

Mike told me I should report it, so here we are.

As a good bug reporter, I should also tell you that I was using the default obfs3 bridges at the time. (Mike says this shouldn't be relevant, but, here we are.)

#13449 bwauth takes a long time to scan the network new aagbsn defect Medium
Description

Hey there, this is from a newly set up bwauth's cron.log file:

NOTICE[Wed Sep 03 00:45:02 2014]:No previous vote data.
NOTICE[Wed Sep 03 00:45:08 2014]:Did not measure 60% of nodes yet (0.9%)
NOTICE[Wed Sep 03 01:45:02 2014]:No previous vote data.
NOTICE[Wed Sep 03 01:45:07 2014]:Did not measure 60% of nodes yet (9.6%)
NOTICE[Wed Sep 03 02:45:02 2014]:No previous vote data.
NOTICE[Wed Sep 03 02:45:07 2014]:Did not measure 60% of nodes yet (18.9%)
NOTICE[Wed Sep 03 03:45:02 2014]:No previous vote data.
NOTICE[Wed Sep 03 03:45:06 2014]:Did not measure 60% of nodes yet (24.7%)
NOTICE[Wed Sep 03 04:45:02 2014]:No previous vote data.
NOTICE[Wed Sep 03 04:45:06 2014]:Did not measure 60% of nodes yet (31.1%)
NOTICE[Wed Sep 03 05:45:02 2014]:No previous vote data.
NOTICE[Wed Sep 03 05:45:05 2014]:Did not measure 60% of nodes yet (34.9%)
NOTICE[Wed Sep 03 06:45:02 2014]:No previous vote data.
NOTICE[Wed Sep 03 06:45:06 2014]:Did not measure 60% of nodes yet (41.0%)
NOTICE[Wed Sep 03 07:45:02 2014]:No previous vote data.
NOTICE[Wed Sep 03 07:45:05 2014]:Did not measure 60% of nodes yet (45.5%)
NOTICE[Wed Sep 03 08:45:02 2014]:No previous vote data.
NOTICE[Wed Sep 03 08:45:05 2014]:Did not measure 60% of nodes yet (50.5%)
NOTICE[Wed Sep 03 09:45:03 2014]:No previous vote data.
NOTICE[Wed Sep 03 09:45:05 2014]:Did not measure 60% of nodes yet (52.6%)
NOTICE[Wed Sep 03 10:45:02 2014]:No previous vote data.
NOTICE[Wed Sep 03 10:45:04 2014]:Did not measure 60% of nodes yet (59.1%)
NOTICE[Wed Sep 03 11:45:03 2014]:No previous vote data.
NOTICE[Wed Sep 03 11:45:05 2014]:Only measured 93.900000 of the previous consensus bandwidth despite measuring 61.800000 of the nodes
NOTICE[Wed Sep 03 12:45:05 2014]:Only measured 94.800000 of the previous consensus bandwidth despite measuring 61.600000 of the nodes
NOTICE[Wed Sep 03 13:45:05 2014]:Only measured 94.900000 of the previous consensus bandwidth despite measuring 62.500000 of the nodes
NOTICE[Wed Sep 03 15:45:05 2014]:Only measured 94.700000 of the previous consensus bandwidth despite measuring 64.900000 of the nodes
NOTICE[Wed Sep 03 16:45:05 2014]:Only measured 94.500000 of the previous consensus bandwidth despite measuring 63.300000 of the nodes

Can you help me interpret the ouput? Are we really taking that long to measure the network once we get close to 60% of nodes?

#13450 BwAuth is leaving ~10% of relays unmeasured new aagbsn defect Very High
Description

From Sebastian:

I started a new relay last night. As of now it is still
Unmeasured in the consensus, even tho a full scan of the network should
have occurred by now. This is concerning, because we have a large
fraction of relays (~500) which are all Unmeasured. Many of these have
the HSDir flag, indicating at least a day of uptime, some even have the
stable flag.

Damian wrote a script to parse votes and calculate the nubmer of unmeasured:

% python scrap.py
Getting gabelmoo's vote from
http://212.112.245.170:80/tor/status-vote/current/authority:
  5935 measured entries and 1332 unmeasured
Getting tor26's vote from
http://86.59.21.38:80/tor/status-vote/current/authority:
  5735 measured entries and 1690 unmeasured
Getting moria1's vote from
http://128.31.0.39:9131/tor/status-vote/current/authority:
  6647 measured entries and 625 unmeasured
Getting maatuska's vote from
http://171.25.193.9:443/tor/status-vote/current/authority:
  6313 measured entries and 1112 unmeasured
#13451 Inacurate download information new tbb-team defect Medium
Description

When viewing the download page for a file that has not stoped downloading prematurely, the file size shown shows the total size of the file and not the amount actually downloaded. This can cause someone to think the download was completed successfully when it fact it wasn't. This is new to tor 4.0. Previous versions showed that actual amount downloaded

#13452 Tor Browser 4.0 (Windows) unable to import new CA certificates from file new tbb-team defect Medium
Description

Attempting to import a new CA certificate from a .CER file fails.

The script console reports NS_ERROR_FAILURE: Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsIX509CertDB.importCertsFromFile] certManager.js:510

Regression from Tor Browser Bundle 3.6.6 and all prior versions (which imported the same cert without error).

Firefox 34.0 has no problem importing the CA certificate either.

#13453 circular link, outdated info on orbot info page new n8fr8 defect Low
Description

page I'm referencing is: https://guardianproject.info/apps/orbot/

fixes should be made in the 4th paragraph, the section outlining features after the screenshot:

★ PRIVATE CHAT MESSAGING: Use Gibberbot with Orbot to chat confidentially with anyone, anywhere for free. Get Gibberbot: https://goo.gl/O3FfS!

been awhile since it was called gibberbot, hasn't it? should probably change that to chatsecure

★ PRIVACY FOR APPS: Any installed app can use Tor if it has a proxy feature, using the settings found here: https://goo.gl/2OA1y

The short url unmasks to the exact page it's on. Seeing as there are multiple possibilities (localhost: 9050, localhost 9040, localhost 8118, and http/https/socks4/socks4a/socks5) and no real explanation of the proper proxy configuration, there should be at least a section with that info and how they are connected to each other, because sending everything through tor doesn't work, and there is a bug in the individual apps selection I will detsail in a separate ticket if it hasn't yet been reported that makes the option virtually unusable.

#13454 ignore rule backup files new zyan defect Low
Description

please ignore *~ etc backups at profile dir HTTPSEverywhereUserRules. Who knows, maybe it first loads the old version and then whines about the latest edit because it is duplicate.

#13456 Tor Launcher should start centered on all OSes new brade defect Very Low
Description

Tor Launcher starts on Windows and Mac top left but on Linux it starts centered. For the sake of consistency it should choose one.

#13459 About Tor Button Window Too Short on OS X Mavericks new tbb-team defect Very Low
Description

The Tor Browser 4.0 About Tor Button Window appears around 10-20 pixels too short (vertically) on OS X Mavericks. See the attacked screenshot.

#13467 makes DNS query of your own hostname new tbb-team defect Medium
Description

on startup torbrowser 4.0 does DNS query of your own hostname. should not be needed.

(Linux x86_64, queried hostname is output of /bin/hostname, nameserver 127.0.0.1 in /etc/resolv.conf) I have denied with iptables connections to 127.0.0.0/8 except to 127.0.0.1 tcp 9150:9151. This is why I noticed packets to udp port 53.

#13469 Windows installer is missing many languages from the NSIS file new tbb-team defect Medium
Description

The installer file lists 56 languages,

but the installer only shows 26.

It looks like these are the 30 languages that are missing, notably including TBB official languages Arabic, Farsi, Korean, Polish, Russian, Turkish, and Chinese.

  !insertmacro MUI_LANGUAGE "SimpChinese"
  !insertmacro MUI_LANGUAGE "TradChinese"
  !insertmacro MUI_LANGUAGE "Japanese"
  !insertmacro MUI_LANGUAGE "Korean"
  !insertmacro MUI_LANGUAGE "Greek"
  !insertmacro MUI_LANGUAGE "Russian"
  !insertmacro MUI_LANGUAGE "Polish"
  !insertmacro MUI_LANGUAGE "Ukrainian"
  !insertmacro MUI_LANGUAGE "Czech"
  !insertmacro MUI_LANGUAGE "Slovak"
  !insertmacro MUI_LANGUAGE "Croatian"
  !insertmacro MUI_LANGUAGE "Bulgarian"
  !insertmacro MUI_LANGUAGE "Hungarian"
  !insertmacro MUI_LANGUAGE "Thai"
  !insertmacro MUI_LANGUAGE "Romanian"
  !insertmacro MUI_LANGUAGE "Latvian"
  !insertmacro MUI_LANGUAGE "Macedonian"
  !insertmacro MUI_LANGUAGE "Estonian"
  !insertmacro MUI_LANGUAGE "Turkish"
  !insertmacro MUI_LANGUAGE "Lithuanian"
  !insertmacro MUI_LANGUAGE "Slovenian"
  !insertmacro MUI_LANGUAGE "Serbian"
  !insertmacro MUI_LANGUAGE "SerbianLatin"
  !insertmacro MUI_LANGUAGE "Arabic"
  !insertmacro MUI_LANGUAGE "Farsi"
  !insertmacro MUI_LANGUAGE "Hebrew"
  !insertmacro MUI_LANGUAGE "Mongolian"
  !insertmacro MUI_LANGUAGE "Albanian"
  !insertmacro MUI_LANGUAGE "Belarusian"
  !insertmacro MUI_LANGUAGE "Bosnian"
#13470 Windows installer is missing Vietnamese as a language option new tbb-team defect Medium
Description

Vietnamese is one of the TBB packaged languages, but it's not one of the language options in the installer:

According to http://nsis.sourceforge.net/Examples/Modern%20UI/MultiLanguage.nsi, it should be possible just by adding a line:

  !insertmacro MUI_LANGUAGE "Vietnamese"

But Vietnamese probably requires #13469 to be fixed first, before it will show up in the installer's dropdown list.

#13479 Malware being served from thetorproject.org and tor-chat.org new defect Medium
Description

Someone has set up a pretty believable copy of the torproject.org site which is providing links to a binary hosted on another malicious domain tor-chat.org

Links to this domain are being spread on some .onion forums and on Reddit. I'll update the ticket when I get some more information.

#13485 Torbutton icon is squashed and ugly in TBB 4.0 needs_information tbb-team defect Medium
Description

In the new Tor Browser 4.0, the new Firefox chrome has changed the sizes and so on of the icons.

Our little green onion appears to have the bottom and top cut off of it, and also it's been shrunk.

What are some good fixes?

#13495 Warning thrown on Linux when opening TBB 4.0 for the first time new tbb-team defect Low
Description
OS: Debian Wheezy (64bit)
uname -a: 3.2.0-4-amd64 #1 SMP Debian 3.2.60-1+deb7u3 x86_64 GNU/Linux

When I opened TBB 4.0 for the first time I saw the following error:

1413809714781   addons.xpi-utils        ERROR   Unable to read anything useful from the database

TBB 4.0 worked fine, my guess is, it couldn't read anything useful from the database because the browser hasn't been started before?

#13498 Problem with scapy based tests inside of a virtualbox VM new hellais defect Medium
Description

When I run the fast.deck from inside of a virtualbox debian unstable 64 bit VM I get the following error:

Unhandled error in Deferred:
Unhandled Error
Traceback (most recent call last):
  File "/usr/local/lib/python2.7/dist-packages/Twisted-14.0.2-py2.7-linux-x86_64.egg/twisted/internet/defer.py", line 1099, in _inlineCallbacks
    result = g.send(result)
  File "/usr/local/lib/python2.7/dist-packages/ooniprobe-1.2.2-py2.7.egg/ooni/nettests/manipulation/traceroute.py", line 62, in run_traceroute
    yield traceroute(self.localOptions['backend'])
  File "/usr/local/lib/python2.7/dist-packages/ooniprobe-1.2.2-py2.7.egg/ooni/utils/txscapy.py", line 432, in UDPTraceroute
    IP(dst=host, ttl=(self.ttl_min, self.ttl_max), id=RandShort()) / UDP(dport=dst_port, sport=RandShort()))
  File "/usr/local/lib/python2.7/dist-packages/Twisted-14.0.2-py2.7-linux-x86_64.egg/twisted/internet/defer.py", line 1237, in unwindGenerator
    return _inlineCallbacks(None, gen, Deferred())
--- <exception caught here> ---
  File "/usr/local/lib/python2.7/dist-packages/Twisted-14.0.2-py2.7-linux-x86_64.egg/twisted/internet/defer.py", line 1099, in _inlineCallbacks
    result = g.send(result)
  File "/usr/local/lib/python2.7/dist-packages/ooniprobe-1.2.2-py2.7.egg/ooni/utils/txscapy.py", line 462, in sendPackets
    self.factory.super_socket.send(packet)
  File "/usr/local/lib/python2.7/dist-packages/scapy_real-2.2.0_dev-py2.7.egg/scapy/arch/pcapdnet.py", line 244, in send
    sx = str(cls()/x)
  File "/usr/local/lib/python2.7/dist-packages/scapy_real-2.2.0_dev-py2.7.egg/scapy/packet.py", line 263, in __str__
    return self.build()
  File "/usr/local/lib/python2.7/dist-packages/scapy_real-2.2.0_dev-py2.7.egg/scapy/packet.py", line 321, in build
    p = self.do_build()
  File "/usr/local/lib/python2.7/dist-packages/scapy_real-2.2.0_dev-py2.7.egg/scapy/packet.py", line 310, in do_build
    pkt = self.self_build()
  File "/usr/local/lib/python2.7/dist-packages/scapy_real-2.2.0_dev-py2.7.egg/scapy/packet.py", line 301, in self_build
    p = f.addfield(self, p, val)
  File "/usr/local/lib/python2.7/dist-packages/scapy_real-2.2.0_dev-py2.7.egg/scapy/fields.py", line 70, in addfield
    return s+struct.pack(self.fmt, self.i2m(pkt,val))
  File "/usr/local/lib/python2.7/dist-packages/scapy_real-2.2.0_dev-py2.7.egg/scapy/layers/l2.py", line 94, in i2m
    return MACField.i2m(self, pkt, self.i2h(pkt, x))
  File "/usr/local/lib/python2.7/dist-packages/scapy_real-2.2.0_dev-py2.7.egg/scapy/layers/l2.py", line 88, in i2h
    x = conf.neighbor.resolve(pkt,pkt.payload)
  File "/usr/local/lib/python2.7/dist-packages/scapy_real-2.2.0_dev-py2.7.egg/scapy/layers/l2.py", line 38, in resolve
    return self.resolvers[k](l2inst,l3inst)
  File "/usr/local/lib/python2.7/dist-packages/scapy_real-2.2.0_dev-py2.7.egg/scapy/layers/inet.py", line 727, in <lambda>
    conf.neighbor.register_l3(Ether, IP, lambda l2,l3: getmacbyip(l3.dst))
  File "/usr/local/lib/python2.7/dist-packages/scapy_real-2.2.0_dev-py2.7.egg/scapy/layers/l2.py", line 72, in getmacbyip
    nofilter=1)
  File "/usr/local/lib/python2.7/dist-packages/scapy_real-2.2.0_dev-py2.7.egg/scapy/sendrecv.py", line 375, in srp1
    a,b=srp(*args,**kargs)
  File "/usr/local/lib/python2.7/dist-packages/scapy_real-2.2.0_dev-py2.7.egg/scapy/sendrecv.py", line 358, in srp
    a,b=sndrcv(s ,x,*args,**kargs)
  File "/usr/local/lib/python2.7/dist-packages/scapy_real-2.2.0_dev-py2.7.egg/scapy/sendrecv.py", line 129, in sndrcv
    inp, out, err = select(inmask,[],[], remaintime)
select.error: (4, 'Interrupted system call')

#13510 Master password can't be changed from default new tbb-team defect Medium
Description

Starting TorBrowser 3.6.6 (also in 4.0), the master password can't be set.

I trying to set the master password (the current setting indicates as "not set"), yet it not allowing me to set one, by popping the following message: "Unable to change Master Password".

#13543 HTML5 media support may lead to OS fingerprinting new tbb-team defect Medium
Description

I have found out that Tor Browser 4.0 can play videos that older versions of TBB couldn't. It's because the new firefox can load gstreamer plugins into the browser and play mp4 files (inside what I believe to be HTML5 player). I fear this means that gstreamer is able to connect directly or send sensitive information to the server where the video file is hosted. If you change "media.gstreamer,enabled" to "false", it prevents gstreamer from being loaded, but it might cause fingerprinting problems.

Any thoughts on this? Should this be enabled? Or maybe change it in later versions.

It could still be used maybe in TAILS, to make vimeo and other websites able to play videos (using gstreamer in a more secure environment).

#13552 TorBrowser 4 Default screen size seems off again new tbb-team defect Medium
Description

In TBB 3.6.6 - Windows_Browser Spy DK shows my default starting screen size 1000x800. Now it shows TBB 4.0 default size 1000x729 (that's 71px < TBB 3.6.6).

The nav bar background & tab bar is taller in TBB 4.0 than in 3.6.6.

  • My measurements: From Top of TBB 4 browser border to bottom nav bar = 100px.
  • TBB 3.6.6_Top of browser border to bottom nav bar measures 93px.
  • Measured browser desktop (less borders & toolbars): TBB 3.6.6 = 917px; TBB 4.0 = 842px.
  • 842 - 917 = 75px  (while Browser Spy showed 71px screen size difference).
  • The 4px variance between Browser Spy's & my measured screen sizes for 3.6.6 vs. 4.0 could be my measuring program; exactly how Browser Spy measures or the thickness of a border (that Browser Spy included but I did not or vice versa).
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20
Note: See TracQuery for help on using queries.