[tor-project] Tor Browser team meeting notes, 1 July 2019

Georg Koppen gk at torproject.org
Tue Jul 2 12:19:00 UTC 2019


Here come the notes from our first weekly Tor Browser meeting in July.
The IRC log can be found at:


The items from our pad are copied below:

    - state of the onion at dev meeting, applications/browser part
(GeKo: pospeselr stepped up and will present Tor Browser things;
potential items are: mobile release, security settings, accessibility
support for Windows, looking forward to S27 onion services and esr68

    Last week:
        - reviews (#30549, #31041, #28672, #30863, #30577, #30683)
        - gave #10760 a first review pass while working on reviews for
        - patch for #30849 (backport of two sec-moderate bugs)
        - finally finished aarch64 support patch for mobile (#28119)
        - spent some time thinking about integrating the snowflake pt
for android (#30318) (GeKo: I'll ask the Guardian Project folks about a
way forward here)
        - wrote patches for macOS toolchain update for with esr68
(#30323): I got everything built I think (there was just a packaging
error in the firefox build step), we need to clean up things a bit, though
        - hackerone work
        - (mozilla all hands) backlog
        - filed https://bugzilla.mozilla.org/show_bug.cgi?id=1561589 for
getting a mozilla-esr68 branch on gecko-dev
    This week:
        - release prep (including patch for #30468)
        - reviews (above all first full pass on #30429, hopefully mobile
patches as well (#31010), and #27503 for the alpha)
        - begin of the month team admin stuff

mcs and brade:
    Last week:
        - Worked on #30000 (Integrating client-side authorization to
onion services v3).
            - Posted work-in-progress patches for the Onion Services
client auth prompt (#30237).
            - Made some test builds available that include this feature.
        - Reviewed and tried to test the #18101 patch (IP leak from
Windows/macOS UI dialog with URI).
        - Finally tested Snowflake on macOS 10.9 for #26251.
     This week:
        - Review for #30683 (Properties in dom/locales/$lang/chrome/
allow detecting user locale).
        - Prepare for travel to the Stockholm meeting.
        - Out of the office Thursday and Friday (U.S. Independence Day
        - Upcoming: #30126 (Make Tor Browser on macOS compatible with
Apple's notarization).
        - Upcoming: #29197 (remove use of overlays from Tor Launcher)
        - Upcoming: #30429 (ESR 68 Rebase — updater patches).

    Last week:
        - rebasing and integrating review feedback
        - discovered and worked on a fix for a bug introduced in my widl
patch-set where valid IDL would generate invalid headers
    This week:
        - hopefully finish fixing said issue today and then back on
track for getting patchset ready for second round of reviews later this week

  Last week:
   - Opened PR for Orbot Changes:
   - #31047: Resources Should Match Orbot (Issue also raised in #30199)
   - #31042 - VPN Module - lots of fixes since we ignored this code
previously/ (not needed for tor browser but need to keep in sync with Orbot)
   - Refactored tor android service and orbot code to make separation
easier to maintain.
  This Week
  - Orbot has moved to using info.pluggabletransports libraries. I need
to start looking into the code of this project.  If we go this route, it
will be done through TOPL, which contains the PT dependencies. (Do we
want to build these ourselves or are these precompiled native libraries
how we want to do it?) Also #31045 - JSocks now has prebuilt dependency
in Orbot.
  - #31049 - Orbot Using Tor Service - we should start looking into this
as soon as everything is in sync (Is this the direction we want?)
  - Work on Settings in TOPL. Orbot has introduced new settings that
could be useful. I also need to incorporate the ipv6 settings currently
in patch as part of this.
  - #30144 - Update tor binaries (What version do we target for next
release?) (GeKo: The latest and greatest. :) In general I like to move
as fast on mobile as desktop, to help the network team finding mobile
specific bugs; but that requires our own tor. We are not there yet,
though. :( )

    Last week:
        - updated patch for #30549 (Add script to remove expired
sub-keys from a keyring file)
        - fixed build reproducibility issues for #28672 (Android
reproducible build of Snowflake)
        - reviewed #28119 (Provide Tor Browser for Android for arm64-v8a
        - started looking at #30321 to try to build 32bit mar-tools
    This week:
        - Update patch for #28672 (Android reproducible build of
Snowflake) after review
        - Add android aarch64 nightly builds (#31054)
        - look how we can build 32bit mar-tools:
        - look at remaining failing testsuite tests
        - check that archive.tpo rsync scripts are working correctly on
the new machine for #29697
        - help with releases builds
        - Clean up keyring files (#30548), using the scripts added in #30549

    Last week:
        Backlog and ticket triage
        Laptop recovery
        68esr rebase (opened #31010)
        Looked into "interaction avec l'application Gmail sur Android"
(#30584) - multiple reports of this
    This week:
        Continuing mobile patch rebase
        More bug triage
        Preparing for travel
        AFK some parts of this week

    Last week:
        - Filed bugzilla tickets for #26514 and #24056. #21830 will
hopefully soon by fixed in
        - Add Fundraising Banner with next TBB security update (#30577).
        - Addressed review comments for #10760.
        - Small fix for #31041.

    This week:
        - Follow up bugzilla tickets, investigate/file tickets for
#23104 and #26353.
        - Continue torbutton cleanup/refactor (#28745)

   - Learned that the alloc/dealloc mismatch on Windows with jemalloc
also affects x64 too. Disabled jemalloc on -central :(
       We'll need to disable it on esr68 too, hasn't been landed yet.
Going to go back to Jacek/Martin and see if we can figure things out here
   - Temporarily disabled mingwclang builds on -central due to missing
APIs for a patch landing. Hopefully fixing that today/this week
   - Investigating AppContainer sandboxing. Seems possible to use this
to disable access to networking from Windows content processes
     although it will not be trivial work.
     Also seems like using it may write registry values or something
related to disk indicating the name of the profile. =/
   - I noticed Gary has a patch for the fingerprinting ftp:// timezone
issue \o/ [GeKo: Where?
(https://bugzilla.mozilla.org/show_bug.cgi?id=1560574) Could we test
that one in the upcoming 9.0a4 alpha?]


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.torproject.org/pipermail/tor-project/attachments/20190702/9ac276bb/attachment.sig>

More information about the tor-project mailing list