Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Security] Bundle torrc-defaults #17851

Closed
darkdh opened this issue Sep 2, 2021 · 5 comments · Fixed by brave/brave-core#11406
Closed

[Security] Bundle torrc-defaults #17851

darkdh opened this issue Sep 2, 2021 · 5 comments · Fixed by brave/brave-core#11406
Assignees
@darkdh
Labels
feature/tor OS/Desktop QA Pass-Linux QA Pass-macOS QA Pass-Win64 QA/Test-All-Platforms QA/Test-Plan-Specified QA/Yes release-notes/include security
Milestone
1.35.x - Release

Comments

@darkdh
Copy link
Member

darkdh commented Sep 2, 2021

https://hackerone.com/reports/1327794
@darkdh darkdh self-assigned this Sep 2, 2021
@darkdh darkdh mentioned this issue Dec 3, 2021
Merged
25 tasks
@darkdh darkdh added this to the 1.35.x - Nightly milestone Dec 4, 2021
@stephendonner
Copy link

@darkdh mind checking my results here? essentially, we're just regression-testing and should have identical results as your steps say?

Both of my TorClientUpdaters are at 1.0.22, and I noticed the testplan says >=1.10.22, so I wasn't sure. 🙏

release

example example example example
17851-1 17851-2 17851-3 17851-4

1.35.56

example example example example
17851-5 17851-6 17851-8 17851-7

@darkdh
Copy link
Member Author

darkdh commented Dec 25, 2021

I can't predict what QA would test on what version of the TorClientUpdaters but it has to be greater than 1.0.22
The result is correct, 1.35.56 has the fix works and release which doesn't have the fix but updated TorClientUpdaters works too.

@stephendonner
Copy link

stephendonner commented Dec 25, 2021
edited
Loading

Verified PASSED using the testplan from brave/brave-core#11406 with build

Brave 1.35.59 Chromium: 97.0.4692.56 (Official Build) nightly (x86_64)
Revision 04da6c66398ca50e603cc236a07dc7dfd3bbc750-refs/branch-heads/4692@{#990}
OS macOS Version 12.2 (Build 21D5025f)

Steps:

  1. launch Brave release (1.33.106) and opened a Private Browsing with Tor window
  2. made sure TorClientUpdater is >= 1.10.22
  3. Navigate to https://check.torproject.org/, confirmed I successfully connected to the Tor network
  4. launch Brave with this fix and open a Tor window
  5. make sure TorClientUpdater is >= 1.10.22
  6. navigated to https://check.torproject.org/, confirmed I successfully connected to the Tor network

release - 1.33.106

example example example example
Screen Shot 2021-12-24 at 9 37 51 PM Screen Shot 2021-12-24 at 9 36 21 PM Screen Shot 2021-12-24 at 9 36 43 PM Screen Shot 2021-12-24 at 9 36 37 PM

1.35.59

example example example example
Screen Shot 2021-12-24 at 9 32 17 PM Screen Shot 2021-12-24 at 9 32 33 PM Screen Shot 2021-12-24 at 9 33 20 PM Screen Shot 2021-12-24 at 9 33 12 PM

@LaurenWags LaurenWags changed the title Bundle torrc-defaults [Security] Bundle torrc-defaults Jan 7, 2022
@stephendonner
Copy link

stephendonner commented Jan 10, 2022
edited
Loading

Verified PASSED using

Brave 1.35.77 Chromium: 97.0.4692.71 (Official Build) beta (64-bit)
Revision adefa7837d02a07a604c1e6eff0b3a09422ab88d-refs/branch-heads/4692@{#1247}
OS Windows 10 Version 20H2 (Build 19042.1415)

Steps:

  1. launch Brave release (1.34.80) and opened a Private Browsing with Tor window
  2. made sure TorClientUpdater is >= 1.10.22
  3. Navigate to https://check.torproject.org/, confirmed I successfully connected to the Tor network
  4. launch Brave with this fix and open a Tor window
  5. make sure TorClientUpdater is >= 1.10.22
  6. navigated to https://check.torproject.org/, confirmed I successfully connected to the Tor network

release - 1.34.80

example example example example
17851-1 17851-2 17851-3 17851-4

1.35.77

example example example example
17851-5 17851-6 17851-7 17851-8

@stephendonner
Copy link

Verification PASSED using

Brave 1.35.78 Chromium: 97.0.4692.71 (Official Build) beta (64-bit)
Revision adefa7837d02a07a604c1e6eff0b3a09422ab88d-refs/branch-heads/4692@{#1247}
OS Linux

Steps:

  1. launch Brave release (1.34.80) and opened a Private Browsing with Tor window
  2. made sure TorClientUpdater is >= 1.10.22
  3. Navigate to https://check.torproject.org/, confirmed I successfully connected to the Tor network
  4. launch Brave with this fix and open a Tor window
  5. make sure TorClientUpdater is >= 1.10.22
  6. navigated to https://check.torproject.org/, confirmed I successfully connected to the Tor network

release - 1.34.80

example example example example
Screen Shot 2022-01-10 at 1 09 06 PM Screen Shot 2022-01-10 at 1 09 31 PM Screen Shot 2022-01-10 at 1 10 04 PM Screen Shot 2022-01-10 at 1 10 07 PM

1.35.77

example example example example
Screen Shot 2022-01-10 at 1 13 51 PM Screen Shot 2022-01-10 at 1 10 44 PM Screen Shot 2022-01-10 at 1 10 52 PM Screen Shot 2022-01-10 at 1 11 11 PM

@kjozwiak kjozwiak mentioned this issue Feb 1, 2022
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@darkdh darkdh

Labels
feature/tor OS/Desktop QA Pass-Linux QA Pass-macOS QA Pass-Win64 QA/Test-All-Platforms QA/Test-Plan-Specified QA/Yes release-notes/include security
Projects
None yet
Milestone
1.35.x - Release
Development

Successfully merging a pull request may close this issue.

Use bundled torrc brave/brave-core
3 participants
@stephendonner @darkdh @LaurenWags