Hello!
Below come the notes from our weekly meeting which we had yesterday at
1730 UTC. The IRC log can be found at:
http://meetbot.debian.net/tor-meeting2/2019/tor-meeting2.2019-04-29-17.31.log.txt
and the items from our pad are
Discussion:
- Tor Browser team meeting slots for the dev meeting? (GeKo: I'll
ask for five, 2 roadmapping, 1 retrospective, 1 Tor Browser vision, 1
team capacity)
- migration to esr68 (GeKo: we started to think about it; will nail
down more detailed plan with action items either next week or the week
thereafter)
sisbell:
Last Week:
- #30280 - Wrong SHA-256 - due to use of jcenter which can proxy
different artifact repositories. Removed jcenter from dependencies
(ready for review). Also removed use of jcenter from
TOPL(#109)/android-tor-service(#23) projects (GeKo: are we good with
that bug or is there something left that needs to get fixed before
review)(sisbell: it's ready for review, no more work)
- #30162 - Bootstrap process stuck - implemented fix that takes
ownership of tor process so that tor will shut itself down when the
control connection dies (TOPL#59). Also implemented a fix for reusing an
open tor control connection (TOPL#111).
- #30166 - Custom bridges. The content of the textfield for
user-defined bridges is overloaded (it acts a filter for pre-defined
bridges OR it contains bridge information directly). Introduced fixes to
make this work with TOPL(#115) + tor-android-service(#26).
- Verified #30162 and #30166 work against an Orbot build.
- Self-feedback
This week:
- Add #30162 and #30166 fixes into tor-android-build. Test and fix
any issues.
mcs and brade:
Last week:
- #30000 (Integrating client-side authorization to onion
services v3).
- experimented with HTTP CONNECT for the browser/tor connection.
This week:
- #30000 (Integrating client-side authorization to onion
services v3).
- Finalize travel plans for the Stockholm meeting.
- Out of the office Thursday May 2 and Friday May 3.
GeKo:
Last week:
- work in localization/branding land (wrote patches for #30136
and #30069), helped with special characters in Android strings issue
(#30054)
- reviews (#29981, #30086, #30115, #28369, #30166)
- dealing with bug bounty issues
- looked into snowflake for android over the weekend (#28672)
but that's more involved than a (couple of) weekend activity(-ies), thus
301 -> boklm
This week:
- getting back to tjr's letterboxing email
- preparing 8.5 (GeKo: We still stick to the idea of building
8.5 this week)
- more work on tbb-8.5-must/tbb-8.5 items
- reviews
- start begin-of-the-month admin work
acat:
Last week:
- Revised patch for 30115: NoScript's XSS popup breaks circuit
display in some cases
- Looked into 26605: investigate window.requestIdleCallback()
for possible timing leaks
- Looked into 26607: verify that subpixel accuracy of window
scroll properties does not add fingerprinting risk
- Looked into 30304: Browser locale can be obtained via DTD
strings [tjr: what did you find?]
acat: Well, it leaks browser locale, yes (I understand there's
currently no other known way to get browser locale from website)
The suggested approach in
https://bugzilla.mozilla.org/show_bug.cgi?id=467035, creating hidden
iframe loading the xml and reading localized text works in Tor Browser.
The simple fix suggested in bugzilla (reverting
https://hg.mozilla.org/mozilla-central/rev/7ace0805c2d3) breaks
about:tor, the DTD for localization cannot be read
which makes sense, since the reason of that patch is to unbreak
addons (legacy, I assume)
it would work fine if about:tor was privileged (no
URI_SAFE_FOR_UNTRUSTED_CONTENT), but I think we don't want that
so I'm still investigating/understanding the relevant code and
trying to find the best way of not breaking it
I also want to test it in Android, because I suspect the code for
handling some about:* pages is not the same there
(mobile/android/components/AboutRedirector.js)
This week:
- Finish 30304 and 26607.
- Backlog: 26599, 26602, 26601,
https://bugzilla.mozilla.org/show_bug.cgi?id=1461454.
boklm:
Last week:
- Updated patch for #29981 (Add option to build without using
containers)
- started testing patches for #30325 (Remove bison from the list
of default packages on android and osx builds) and #30326 (Remove yasm
from the list of dependencies for the firefox android build)
- started disabling failing testsuite tests
- sent (late) self-feedback
This week:
- finish disabling all failing testsuite tests
- start looking at #28672 (Android reproducible build of Snowflake)
- review #29307 (Use Debian Stretch for cross-compiling our
Windows builds) and #29319 (Remove FTE support in Windows bundles)
- help with 8.5 build/release
- afk (holidays) on Wednesday and Thursday
tjr
- Started/tried backporting letterboxing to 60. Ran into a complex
refactor I need to work around, sent an email no response
- Someone also filed
https://bugzilla.mozilla.org/show_bug.cgi?id=1546832 which is a bit of a
problem. I'm not sure if it should block bringing it to TB Nightly.
(GeKo: I don't think so)
- Started working on mingw build stuff again.
- Getting tests running on Try: finding lots of crashes.Indicative of
real issues that could crash? Don't know!!
antonela:
Last week:
- #27399, #29955, in progress
- #30000, in progress
This week:
- #27399, #29955, in progress
- #30000, in progress
https://trac.torproject.org/projects/tor/ticket/30237#comment:1
pili:
Last week:
- All teams project planning
- Submitted google season of docs application
This week:
- S27
- first report
- work estimation and planning
- start thinking about dev meeting sessions
pospeselr:
Last week:
- Worked on wine bug #47035 for tor #27503
- got most of the way through this, should have a patch
ready for review tomorrowish
This week:
- See if swapping in pre-built MIDL Accessibility2 related bits
fixes our issues here
- continued work on widl patches
Georg
Attachment:
signature.asc
Description: OpenPGP digital signature
_______________________________________________ tor-project mailing list tor-project@xxxxxxxxxxxxxxxxxxxx https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-project