Hi everyone!

Here come the meeting notes from our weekly Tor Browser meeting yesterday (this time held on a Tuesday due to Memorial Day in the U.S. on Monday). The IRC log can be found at:

http://meetbot.debian.net/tor-meeting2/2019/tor-meeting2.2019-05-28-17.30.lo...

and the contents of our pad are:

Discussion: - Tor Browser 8.5 fallout (GeKo: we track 8.5 bugs with the tbb-8.5-issues keyword in Trac; we got some bugs and nice discussions about our security settings redesign; we plan to address the most pressing issues in upcoming 8.5.1 and 9.0a2 releases)

mcs and brade: Last week: - Worked on #30000 (Integrating client-side authorization to onion services v3). - Reviewed and commented on SOCKS5 error code Tor proposal (#30382). - Started to implement support for new SOCKS5 error codes in the browser. - Implemented a prototype of the client auth prompt (#30237). - Helped with bug triage, e.g., #30565 (Linux update problem). This week: - #30565 (Linux update problem). - #30000 (Integrating client-side authorization to onion services v3). - Continue design discussions and make more progress on the client auth prompt implementation (#30237). - Continue to give feedback on SOCK5 error code proposal (#30382). - Maybe: #29197 (remove use of overlays from Tor Launcher) - Maybe: #30429 (ESR 68 Rebase — updater patches).

GeKo: Last week: -worked on patches for - bug 30469 (ro bundles; about to post my patches) - bug 30541 (WebGL privacy (mcs/brade: could you have a look at that one as well) (reply from mcs: yes)) - bug 29969 (bumping NoScript version) - bug 30492 (switching to OpenSSL 1.1.x) - bug 28119 (arm64 builds for Android (sysrqb: could you test the posted .apk?)) - bug 30585 (clang 8 for ESR 68) - bug 30490 (cbindgen for ESR 68) -reviews: #30549, #30635, #30480, #30451, #30565, #26844 -helped with releases and release fallout triaging -hackerone fun -feedback for s27 work: #30237, #30024 -finished first pass on acat's proposal (for #10760) -filed #30639 (IPv6 issues on IPv4 network); mcs/brade: could you comment on that ticket? reply from mcs: yes -started to look into GPOs interfering with Tor Browser proxy settings on Windows (#30575) This week: -more hackerone fun -hopefully finish #30490 -release prep for point releases and start building them (probably Thursday/Friday) -patch for mingw-w64/clang toolchain (#28716) -first round of review of acat's rebase efforts (#30429) -reply to acat's #10760 prop mail -afk on Thursday

pospeselr: Last week: Current status of #27503: COM Proxy dll (the point of entry screen-readers use to talk ia2 to Firefox) is working except for certain classes of functions (types that take T**) So the remaining issue is in the 'TypeFormatString' (a binary blob which defines parameter marshaling behavior) generated by widl Good news: correct strings are generated when using a separate set of compiler flags (but the surrounding code won't work for us as it depends on SEH which mingw doesn't support) This week: Memorial-Day Monday Fix the final(?) widl issue affecting us Traveling to the wilderness (Kansas :p) Thursday through next Monday, back online next Tuesday (June 4) Will try and get these widl patches broken apart in a way that the wine devs will accept on Saturday

acat: Last week: - Rebasing patches (#30429). - Investigated 30565 - saved logins and tabs lost after tor browser bundle upgrade (8.5) This week: - Review #30541. - Get tbb-tests to run and pass. - Port onboarding for ESR68? (28822) - A bit of backlog (e.g. finish 30304 - Browser locale can be obtained via DTD strings)

pili: Last week: - S27 and Tor Browser Release meetings - Responding to Season of Docs inquiries - Spoke with OKThanks and Nathan from Guardian Project regarding branding of applications in the Tor ecosystem - Helped a Master's degree student with questions about Tor Browser future This week: - S27 monthly report - Responding to Season of Docs inquiries - Speaking with HTTPS Everywhere people about joint project

sisbell: Last week: - #30607: Investigation in Tor not working on Android Q Beta. Works on x86 emulator. Investigated Embedded API (simple wrapper around command line). I’ll have device update to do testing in June. - #Worked on android-toolchain. Fixes around gradle starting. License fix for Android build tools. This Week: - # 30665 Firefox working with 68 ESR - try to get working in offline mode with android-toolchain, updated Rust 1.34.1

sysrqb: Last week: Opened some post-release bug Made more progress on fastlane setup (#26844) Began investigating reported bug where Tor Browser is sent a URL from another app (#30573) Read blog comments Opened ticket about leaking locale in HTTP header (#30607) Made more progress on F-Droid build This week: Continued investigation and worked on patch for #30573 Created patch for bridges on Android Work on F-Droid build Work on fastlane repo 68esr rebase

boklm: Last week: - helped publish new releases - reviewed #25930 (Update gcc to 8.X) and #30491 (Move our macOS builds to Debian Stretch) - worked on #28672 (Android reproducible build of Snowflake): now able to build webrtc using our toolchain, but still using the clang bundled with webrtc - made patch for #30549 (Add script to remove expired sub-keys from a keyring file) to make it easier to do #30548 (Clean up keyring files) - updated patch for #30480 (Check that a signed tag object contains the expected tag name) This week: - try to finish #28672 (Android reproducible build of Snowflake) - some reviews (#30492 #28119) - look at remaining failing testsuite tests - out of office on Thursday and Friday (but should be able to get some internet to start a build in the morning)

Georg