Hi!

We had our weekly Tor Browser team meeting yesterday. As usual our IRC log can be found on meetbot.debian.net:

http://meetbot.debian.net/tor-meeting2/2019/tor-meeting2.2019-05-20-17.30.lo...

The meeting notes are pasted below:

Discussion: - Meeting next week? (on next Monday is public holiday in the US)

- Same time (17:30UTC) on Tuesday 28th May

GeKo: Last week: - reviews (#29982, #30489, #30162, #30166, #30518, #30404, #30284) - release prep - feedback mails - work on toolchain update for esr68 (Go update (#30536), macOS building on Stretch (#30491), Windows toolchain update for Firefox (#28238)) - work on getting ro and mk bundles in alpha series (#30468, #30469) - work on adding donation link to about:tor page (#30497) - work on testing IPv6 support on alpha (#29641) - work on getting letterboxing support into alpha (#30372) - Stockholm Internet Forum - HackerOne admin work - looked into WebGL-related bug reports (#30531, #30537) This week: - help with the release (sysrqb: the 8.5 bundles are signed in my build dir; I'd need *.apks signed with the shiny new key for the website to GPG sign them) - Windows toolchain update (#28238) - monitor potential 8.5 issues - look over acat's proposal for #10760 - work on ro and mk bundles in alpha series (#30468, #30469) - reviews

sysrqb: Last week: Discussed a little the Final Orfox update with n8fr8 (#29955) Debugged white screen Preference bug on older android versions (#29982) Patched TOPL with additional torrc options (#30518) Reviewed GeKo's patch for empty control file on Android 4.4 (#30284) Reviewed BridgeDB ticket Extended lifetime of Tor Browser stable apk signing certificate (#26536) Tested Tor Browser 8.5 stable Uplifted bugs 1480877 and 1478438 Created internal testing release for Tor Browser on Google Play This week Tor Browser 8.5 release Followup on bmo bugs F-Droid deployment (#27539) Fastlane deployment (#26844) Maybe begin creating final Orfox update (#29955) Add a link for the new stable version (#30540)

sisbell: Last week: - #30284: Tor startup was broken on KitKat. Provided and tested fix - Reviewed last 6 months of Orbot commits. Only one affected tor-android-service and it was addressed by sysrqb in #30518 - missing command line options - Opened #30501 BridgesList is overload field (in tor-android-service) - Submitted PR for TOPL changes (Accepted on 14th) - Had laptop failure that required reinstall and backup - Submitted feedback This Week: - #30460, #30461 Use new Android Toolchain - Submit PR to TOPL with KitKat fix

mcs and brade: Last week: - Worked on #30000 (Integrating client-side authorization to onion services v3). - Investigated adding new NS_ERROR codes for the SOCKS5 errors that tor will soon return (#14389). - Researched various ways of implementing the client auth prompt (#30237). - Reviewed and commented on the Torbutton integration proposal (#10760). - Code reviews. - Submitted peer and team lead feedback. - Took a couple of days off for family things. This week: - #30000 (Integrating client-side authorization to onion services v3). - Start to implement support for new SOCKS5 error codes in the browser. - Make more progress on the client auth prompt implementation. Please read and respond to https://trac.torproject.org/projects/tor/ticket/30237#comment:6 if you care about this kind of thing. - More thoroughly review the UX proposal in #30237.

tjr - Have a patch for the letterboxing FindBar/DevTools, will land and request uplift to 68: https://bugzilla.mozilla.org/show_bug.cgi?id=1546832 - r+ on the binutils removal, will land and request uplift to 68: https://bugzilla.mozilla.org/show_bug.cgi?id=1471698 - Investigated RDD process failures in MinGW. Didn't get far. - I think I am going to disable the (stronger) security mitigations for MinGW, get the process working. - Then have bugs for investigating and fixing the mitigations - Read acat's proposal. No comments.

acat: Last week: - Finished and sent draft proposal for Torbutton integration. - Some reviews. - Started rebasing patches for ESR68 (#30429). This week: - Keep rebasing patches (#30429).

boklm: Last week: - made a patch for #30480 (rbm should check that a signed tag object contains the expected tag name) - helped with building new releases - worked on #28672 (Android reproducible build of Snowflake) - sent feedback emails This week: - help with publishing new releases - continue work on #28672 (Android reproducible build of Snowflake) - look at remaining failing testsuite tests - some reviews - look at #29697 (archive.tpo running out of space)

pili: Last week: - not much Tor Browser related :) This week: - Talking with Okthanks about Tor brand usage for iOS apps - S27bi-weekly meeting

antonela Last week: - #30024 - #30497 - `about:tor` Donate link This week: - waiting for review at #30237 - #30024 - first approach on suggesting Onions -> https://trac.torproject.org/projects/tor/ticket/30024#comment:4 - should review the UX impact on #28044 and #10760 - Tor Browser 8.5 stable: - make sure that https://tb-manual.torproject.org/ gets updated with security settings docs - provide gifs/images for the announcement

pospeselr: Last week: finished (?) widl patches fixing the 5 bugs blocking valid tlb generation made a quick windows build, demonstrated ia2 interfaces are now being exposed cross process (so the tlb seem to be working) some of the interface methods are causing tabs to crash, NVDA causes tab to crash immediately on mouse-over - IA2 Table related methods for sure cause crash, but not sure why This week: figure out which methods are crashing and why - odds are this is an issue with some of widl's generated code - will do a quick comparison of the generated .h/.c files and see if anything obvious stands out - failing that, will create a test harness to walk the IA2 'DOM' to track down what specifically is triggering the crash

Georg