[tor-project] Tor Browser team meeting notes 28 May 2019

Georg Koppen gk at torproject.org
Wed May 29 08:05:00 UTC 2019

Hi everyone!

Here come the meeting notes from our weekly Tor Browser meeting
yesterday (this time held on a Tuesday due to Memorial Day in the U.S.
on Monday). The IRC log can be found at:


and the contents of our pad are:

    - Tor Browser 8.5 fallout (GeKo: we track 8.5 bugs with the
tbb-8.5-issues keyword in Trac; we got some bugs and nice discussions
about our security settings redesign; we plan to address the most
pressing issues in upcoming 8.5.1 and 9.0a2 releases)

mcs and brade:
    Last week:
        - Worked on #30000 (Integrating client-side authorization to
onion services v3).
            - Reviewed and commented on SOCKS5 error code Tor proposal
            - Started to implement support for new SOCKS5 error codes in
the browser.
            - Implemented a prototype of the client auth prompt (#30237).
        - Helped with bug triage, e.g., #30565 (Linux update problem).
    This week:
        - #30565 (Linux update problem).
        - #30000 (Integrating client-side authorization to onion
services v3).
            - Continue design discussions and make more progress on the
client auth prompt implementation (#30237).
            - Continue to give feedback on SOCK5 error code proposal
        - Maybe: #29197 (remove use of overlays from Tor Launcher)
        - Maybe: #30429 (ESR 68 Rebase — updater patches).

    Last week:
        -worked on patches for
          - bug 30469 (ro bundles; about to post my patches)
          - bug 30541 (WebGL privacy (mcs/brade: could you have a look
at that one as well) (reply from mcs: yes))
          - bug 29969 (bumping NoScript version)
          - bug 30492 (switching to OpenSSL 1.1.x)
          - bug 28119 (arm64 builds for Android (sysrqb: could you test
the posted .apk?))
          - bug 30585 (clang 8 for ESR 68)
          - bug 30490 (cbindgen for ESR 68)
        -reviews: #30549, #30635, #30480, #30451, #30565, #26844
        -helped with releases and release fallout triaging
        -hackerone fun
        -feedback for s27 work: #30237, #30024
        -finished first pass on acat's proposal (for #10760)
        -filed #30639 (IPv6 issues on IPv4 network); mcs/brade: could
you comment on that ticket? reply from mcs: yes
        -started to look into GPOs interfering with Tor Browser proxy
settings on Windows (#30575)
    This week:
        -more hackerone fun
        -hopefully finish #30490
        -release prep for point releases and start building them
(probably Thursday/Friday)
        -patch for mingw-w64/clang toolchain (#28716)
        -first round of review of acat's rebase efforts (#30429)
        -reply to acat's #10760 prop mail
        -afk on Thursday

    Last week:
        Current status of #27503:
            COM Proxy dll (the point of entry screen-readers use to talk
ia2 to Firefox) is working except for certain classes of functions
(types that take T**)
            So the remaining issue is in the 'TypeFormatString' (a
binary blob which defines parameter marshaling behavior) generated by widl
            Good news: correct strings are generated when using a
separate set of compiler flags (but the surrounding code won't work for
us as it depends on SEH which mingw doesn't support)
    This week:
        Memorial-Day Monday
        Fix the final(?) widl issue affecting us
        Traveling to the wilderness (Kansas :p) Thursday through next
Monday, back online next Tuesday (June 4)
        Will try and get these widl patches broken apart in a way that
the wine devs will accept on Saturday

    Last week:
         - Rebasing patches (#30429).
         - Investigated 30565 - saved logins and tabs lost after tor
browser bundle upgrade (8.5)
    This week:
        - Review  #30541.
        - Get tbb-tests to run and pass.
        - Port onboarding for ESR68? (28822)
        - A bit of backlog (e.g. finish 30304 - Browser locale can be
obtained via DTD strings)

    Last week:
        - S27 and Tor Browser Release meetings
        - Responding to Season of Docs inquiries
        - Spoke with OKThanks and Nathan from Guardian Project regarding
branding of applications in the Tor ecosystem
        - Helped a Master's degree student with questions about Tor
Browser future
    This week:
        - S27 monthly report
        - Responding to Season of Docs inquiries
        - Speaking with HTTPS Everywhere people about joint project

  Last week:
   - #30607: Investigation in Tor not working on Android Q Beta. Works
on x86 emulator. Investigated Embedded API (simple wrapper around
command line). I’ll have device update to do testing in June.
   - #Worked on android-toolchain. Fixes around gradle starting. License
fix for Android build tools.
  This Week:
   - # 30665 Firefox working with 68 ESR - try to get working in offline
mode with android-toolchain, updated Rust 1.34.1

    Last week:
        Opened some post-release bug
        Made more progress on fastlane setup (#26844)
        Began investigating reported bug where Tor Browser is sent a URL
from another app (#30573)
        Read blog comments
        Opened ticket about leaking locale in HTTP header (#30607)
        Made more progress on F-Droid build
    This week:
        Continued investigation and worked on patch for #30573
        Created patch for bridges on Android
        Work on F-Droid build
        Work on fastlane repo
        68esr rebase

    Last week:
        - helped publish new releases
        - reviewed #25930 (Update gcc to 8.X) and #30491 (Move our macOS
builds to Debian Stretch)
        - worked on #28672 (Android reproducible build of Snowflake):
now able to build webrtc using our toolchain, but still using the clang
bundled with webrtc
        - made patch for #30549 (Add script to remove expired sub-keys
from a keyring file) to make it easier to do #30548 (Clean up keyring files)
        - updated patch for #30480 (Check that a signed tag object
contains the expected tag name)
    This week:
        - try to finish #28672 (Android reproducible build of Snowflake)
        - some reviews (#30492 #28119)
        - look at remaining failing testsuite tests
        - out of office on Thursday and Friday (but should be able to
get some internet to start a build in the morning)


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.torproject.org/pipermail/tor-project/attachments/20190529/0752d093/attachment-0001.sig>

More information about the tor-project mailing list