Tor’s Bug Smash Fund: Progress Since January 2020
At the beginning of August 2019, we asked you to help us build our very first Bug Smash Fund. This fund will ensure that the Tor Project has a healthy reserve earmarked for maintenance work and smashing the bugs necessary to keep Tor Browser, the Tor network, and the many tools that rely on Tor strong, safe, and running smoothly. Together we raised $86,081.
We want to share a final update on the work the 2019 Bug Smash Fund made possible.
Over the last year, we’ve marked 93 tickets with BugSmashFund. As of today, 74 of those tickets have been closed, and 19 of them are still in progress. With this reserve, we’ve been able to fix bugs and complete necessary maintenance on our mechanisms for sending bridges via email and collecting metrics data. We’ve also been able to improve tor padding, testing, onion services, documentation, Tor Browser UX, and tooling for development.
With your support, we’ve been able to allocate time to important tickets, and we look forward to launching our second Bug Smash Fund campaign in August 2020!
For a list of the tickets we closed with the first half of the Bug Smash Fund, see our blog post from January. Below is a full list of the BugSmashFund tickets we’ve closed since that update.
The Bug Smash Fund helped the Tor Browser team complete the ESR 68 migration in late 2019, and has helped us close the following tickets since then:
- 32174 Replace XUL <textbox> with <html:input>
- 21549 Investigate wasm for linkability/fingerprint ability/disk avoidance issues
- 31395 Remove inline <script> in aboutTor.xhtml
Core Tor – Backport bug fixes, documentation, tests
The Bug Smash Fund has helped the Network team to accomplish quite a bit—from improving documentation and tests to backporting bug fixes.
- 32721 Allow chutney users to disable tor's sandbox at runtime
- 28992 Bug: ../src/feature/hs/hs_client.c:571: send_introduce1: Non-fatal assertion !(ip == NULL) failed
- 29819 Seccomp: sandbox crash on rt_sigaction with libseccomp 0.2.4
- 30344 conn_read_callback is called on connections that are marked for closed
- 31594 Close all the log fds before aborting
- 31614 Implement clean_up_backtrace_handler()
- 31736 Stop using mutex_destroy(), when multiple threads can still access the mutex
- 32298 Make pkg-config a hard requirement for Android builds, since lzma requires it
- 32315 Can't perform reverse DNS lookup for a (binary) IPv6 address
- 32363 tor_inet_aton parsing of IPv4 literals is too lax
- 32376 test: Possible NULL deref in free_fake_orcirc()
- 32706 Tried to establish rendezvous on non-edge circuit
- 32778 Initialise pubsub in Windows NT service mode
- 32868 crash: Assertion node->rs->is_possible_guard failed in compute_weighted_bandwidths at
- 32984 Revert #32883 for now and apply #32778 (so nt services can work in 0.4.3)
- 33103 LeakSanitizer is kicking in with tor being on 39c5e1b84994c2f226a8530b930f215cc5ffb877 when closing Tor Browser
- 33104 Minor issues when handling ACTIVE control signal
- 33192 Stop assuming that /usr/bin/python exists
Thank you to everybody who made a contribution to the Bug Smash Fund. This work is critical in helping us to provide safer tools for millions of people around the world exercising their human rights to privacy and freedom online.
If you’d like to make a contribution to the Bug Smash Fund, you can do so by making a gift at donate.torproject.org: just add “Bug Smash Fund” into the comment field, and we’ll make sure it’s directed to the right place.