July 2011 - tor-commits - lists.torproject.org

[arm/master] fix: instructions for root tor setup truncated
by atagar＠torproject.org 13 Jul '11

13 Jul '11

commit cc4b1a801a8e5434e429c8f49781917891bf9510 Author: Damian Johnson <atagar(a)torproject.org> Date: Wed Jul 13 00:47:09 2011 -0700 fix: instructions for root tor setup truncated The default configuration had a limit that cropped part of the root tor setup instructions. --- armrc.sample | 2 +- src/cli/logPanel.py | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/armrc.sample b/armrc.sample index 0a7b0e1..1edd024 100644 --- a/armrc.sample +++ b/armrc.sample @@ -90,7 +90,7 @@ features.allowDetachedStartup true features.log.showDateDividers true features.log.showDuplicateEntries false features.log.entryDuration 7 -features.log.maxLinesPerEntry 4 +features.log.maxLinesPerEntry 6 features.log.prepopulate true features.log.prepopulateReadLimit 5000 features.log.maxRefreshRate 300 diff --git a/src/cli/logPanel.py b/src/cli/logPanel.py index 6da0901..2e0d038 100644 --- a/src/cli/logPanel.py +++ b/src/cli/logPanel.py @@ -44,7 +44,7 @@ DEFAULT_CONFIG = {"features.logFile": "", "features.log.showDateDividers": True, "features.log.showDuplicateEntries": False, "features.log.entryDuration": 7, - "features.log.maxLinesPerEntry": 4, + "features.log.maxLinesPerEntry": 6, "features.log.prepopulate": True, "features.log.prepopulateReadLimit": 5000, "features.log.maxRefreshRate": 300,

1 0

[arm/master] Remaining work for using tor with privileged ports
by atagar＠torproject.org 13 Jul '11

13 Jul '11

commit 21131c72f8b1e3e8605f5153dab1c779ef8f24f2 Author: Damian Johnson <atagar(a)torproject.org> Date: Wed Jul 13 00:35:07 2011 -0700 Remaining work for using tor with privileged ports Filling in the starter shell script and a variety of other fixes to make tor instances needing root startup permissions work nicely. --- src/cli/controller.py | 2 +- src/cli/wizard.py | 14 ++++++++------ src/resources/startTor | 38 ++++++++++++++++++++++++++------------ src/resources/torrcTemplate.txt | 7 ++++--- src/settings.cfg | 2 +- 5 files changed, 40 insertions(+), 23 deletions(-) diff --git a/src/cli/controller.py b/src/cli/controller.py index d4fcf2f..e8b28cc 100644 --- a/src/cli/controller.py +++ b/src/cli/controller.py @@ -523,7 +523,7 @@ class TorManager: torctlConn, authType, authValue = TorCtl.preauth_connect(controlPort = int(CONFIG["wizard.default"]["Control"])) if not torctlConn: - msg = "Unable to start tor, try running \"tor -f %s\" to see the error output" % torrcLoc + msg = "Unable to start tor, try running \"tor -f %s\" to see the error output" % self.getTorrcPath() raise IOError(msg) if authType == TorCtl.AUTH_TYPE.COOKIE: diff --git a/src/cli/wizard.py b/src/cli/wizard.py index 032cb92..08e9d0b 100644 --- a/src/cli/wizard.py +++ b/src/cli/wizard.py @@ -8,14 +8,13 @@ import os import sys import random import shutil +import getpass import functools import curses import cli.popups import cli.controller -from TorCtl import TorCtl - from util import connections, enum, log, sysTools, torConfig, torTools, uiTools # template used to generate the torrc @@ -384,7 +383,7 @@ def showWizard(): dst = "%sstartTor" % dataDir if not os.path.exists(dst): shutil.copy(src, dst) - msg = "Tor needs root permissions to start with this configuration (it will drop itself to a 'tor-arm' user afterward). To continue...\n- open another terminal\n- run \"sudo %s\"\n- press 'r' here to tell arm to reconnect" % dst + msg = "Tor needs root permissions to start with this configuration (it will drop itself to the current user afterward). To continue...\n- open another terminal\n- run \"sudo %s\"\n- press 'r' here to tell arm to reconnect" % dst log.log(log.NOTICE, msg) break @@ -590,7 +589,7 @@ def getTorrc(relayType, config, disabledOpt): templateOptions[key.upper()] = value templateOptions[relayType.upper()] = True - templateOptions["LOW_PORTS"] = config[Options.LOWPORTS] + templateOptions["LOW_PORTS"] = config[Options.LOWPORTS].getValue() # uses double the relay rate for bursts bwOpt = Options.BANDWIDTH.upper() @@ -599,10 +598,13 @@ def getTorrc(relayType, config, disabledOpt): relayRateComp = templateOptions[bwOpt].split(" ") templateOptions["BURST"] = "%i %s" % (int(relayRateComp[0]) * 2, " ".join(relayRateComp[1:])) - # exit notice will be in our data directory + # paths for our tor related resources + dataDir = cli.controller.getController().getDataDirectory() - templateOptions["NOTICE_PATH"] = dataDir + "exitNotice/index.html" + templateOptions["NOTICE_PATH"] = "%sexitNotice/index.html" % dataDir templateOptions["LOG_ENTRY"] = "notice file %stor_log" % dataDir + templateOptions["DATA_DIR"] = "%stor_data" % dataDir + templateOptions["USERNAME"] = getpass.getuser() policyCategories = [] if not config[Options.POLICY].getValue(): diff --git a/src/resources/startTor b/src/resources/startTor index c575c23..812a75a 100755 --- a/src/resources/startTor +++ b/src/resources/startTor @@ -1,14 +1,28 @@ #!/bin/sh -# -# When binding to privilaged ports the tor process needs to start with root -# permissions, then lower the user it's running as afterward. This script -# simply makes a "tor-arm" user if it doesn't already exist then starts the -# tor process. - -# TODO: check if the user's running as root -# TODO: check if the tor-arm user exists and if not, make it -# TODO: run arm -# TODO: bonus points: double check that the torrc in this directory has a -# "User tor-arm" entry - this would be a problem if they run the wizard -# without low ports, then use this script + +# When binding to privileged ports the tor process needs to start with root +# permissions, then lower the user it's running as afterward. + +# checks that we're running as root + +if [ "$(id -u)" != "0" ]; then + printf "This script needs root permissions to run. Try again with \"sudo ${0}\".\n\n" + exit 1 +fi + +# Checks that the torrc in this directory has a "User <username>" entry. If +# they ran the wizard multiple times then we might currently have a torrc +# without it, causing this to run tor as root (... not what we wanted). + +torrcLoc=$( dirname "$0" )/torrc +if ! `grep -q "^User " ${torrcLoc}`; then + printf "The tor configuration file (${torrcLoc}) doesn't lower its\n" + printf "permissions. You should only be using this script to run tor instances that\n" + printf "need root permissions to start.\n\n" + exit 1 +fi + +# starts the tor process + +tor --quiet -f $torrcLoc& diff --git a/src/resources/torrcTemplate.txt b/src/resources/torrcTemplate.txt index d23ed0b..20b2efa 100644 --- a/src/resources/torrcTemplate.txt +++ b/src/resources/torrcTemplate.txt @@ -4,7 +4,7 @@ # - run 'pkill -sighup tor' # - restart tor # -# Descriptions of all of these configuraiton attibutes (and many more) are +# Descriptions of all of these configuration attributes (and many more) are # available in the tor man page. [IF SHUTDOWN] @@ -14,15 +14,16 @@ [END IF] [NEWLINE] +DataDirectory [DATA_DIR] # location to store runtime data +Log [LOG_ENTRY] # location to log notices, warnings, and errors ControlPort 9052 # port controllers can connect to CookieAuthentication 1 # method for controller authentication -Log [LOG_ENTRY] # location to log notices, warnings, and errors [IF RELAY | EXIT | BRIDGE] RunAsDaemon 1 # runs as a background process [IF LOWPORTS] - User tor-arm # lowers our permissions to this user + User [USERNAME] # lowers our permissions to this user [END IF] [END IF] [NEWLINE] diff --git a/src/settings.cfg b/src/settings.cfg index c6d483d..7e13d19 100644 --- a/src/settings.cfg +++ b/src/settings.cfg @@ -447,7 +447,7 @@ wizard.description.opt Notify => Sends automated email notifications to the abov wizard.description.opt Bandwidth => Limit for the average rate at which you relay traffic. wizard.description.opt Limit => Maximum amount of traffic to relay each month. Some ISPs, like Comcast, cap their customer's Internet usage so this is an easy way of staying below that limit. wizard.description.opt Client => Enable this if you would like to use Tor yourself. This opens or closes the SOCKS port used by applications for connecting to Tor. -wizard.description.opt Lowports => Relays using port 443 rather than 9001. This helps some users that would otherwise be blocked, but requires that tor is started with root permissions (after that it lowers itself to those of a 'tor-arm' user). +wizard.description.opt Lowports => Relays using port 443 rather than 9001. This helps some users that would otherwise be blocked, but requires that tor is started with root permissions (after that it lowers itself to those of the current user). wizard.description.opt Portforward => If needed, attempts NAT traversal using UPnP and NAT-PMP. This allows for automatic port forwarding on most home routers. wizard.description.opt Startup => Runs Tor in the background when the system starts. wizard.description.opt Rshutdown => When you quit arm the Tor process is stopped thirty seconds later. This delay is so people using you can gracefully switch their circuits.

1 0

[torbrowser/master] bump tbb osx to 1.0.21 to fix incorrect https-everywhere version
by erinn＠torproject.org 12 Jul '11

12 Jul '11

commit cd046bcb6796af6efb9823513ee0b64bcb7d0762 Author: Erinn Clark <erinn(a)torproject.org> Date: Tue Jul 12 19:24:28 2011 -0300 bump tbb osx to 1.0.21 to fix incorrect https-everywhere version --- README.OSX | 4 ++++ build-scripts/osx.mk | 2 +- 2 files changed, 5 insertions(+), 1 deletions(-) diff --git a/README.OSX b/README.OSX index 6cd757c..3a05c7a 100644 --- a/README.OSX +++ b/README.OSX @@ -24,6 +24,10 @@ To exit, close Firefox and Vidalia. Changelog --------- +1.0.21: Released 2011-07-12 + The new HTTPS-Everywhere was missing from the last release. Actually + add it this time. + 1.0.20: Released 2011-07-10 Update Tor to 0.2.2.30-rc Update Firefox to 3.6.18 diff --git a/build-scripts/osx.mk b/build-scripts/osx.mk index 2fa0a4d..9096537 100644 --- a/build-scripts/osx.mk +++ b/build-scripts/osx.mk @@ -211,7 +211,7 @@ NAME=TorBrowser DISTDIR=tbbosx-dist ## Version and name of the compressed bundle (also used for source) -VERSION=1.0.20-dev +VERSION=1.0.21-dev DEFAULT_COMPRESSED_BASENAME=TorBrowser-$(VERSION)-osx-$(ARCH_TYPE)- IM_COMPRESSED_BASENAME=TorBrowser-IM-$(VERSION)- DEFAULT_COMPRESSED_NAME=$(DEFAULT_COMPRESSED_BASENAME)

1 0

[torbrowser/maint-2.2] update changelog and readme for osx tbb 2.2.30
by erinn＠torproject.org 12 Jul '11

12 Jul '11

commit cf28c99e8ef15655b16b2059ab2672f49778b751 Author: Erinn Clark <erinn(a)torproject.org> Date: Sun Jul 10 09:01:28 2011 -0300 update changelog and readme for osx tbb 2.2.30 --- README.OSX-2.2 | 10 +++++----- changelog.osx-2.2 | 10 ++++++++++ 2 files changed, 15 insertions(+), 5 deletions(-) diff --git a/README.OSX-2.2 b/README.OSX-2.2 index 949dd7e..73661e0 100644 --- a/README.OSX-2.2 +++ b/README.OSX-2.2 @@ -5,11 +5,11 @@ Included applications --------------------- Vidalia 0.2.12 (with Qt 4.6.2) -Tor 0.2.2.29-beta (with libevent-2.0.12-stable, zlib-1.2.5 and openssl-1.0.0d) -Firefox (Tumucumaque) 4.0.1 - \_ Torbutton 1.3.3-alpha - |_ NoScript 2.1.1.1 - |_ HTTPS-Everywhere 0.9.9.development.6 +Tor 0.2.2.30-rc (with libevent-2.0.12-stable, zlib-1.2.5 and openssl-1.0.0d) +Firefox (Aurora) 5.0 + \_ Torbutton 1.4.0 + |_ NoScript 2.1.1.2 + |_ HTTPS-Everywhere 1.0.0development.4 |_ BetterPrivacy 1.51 Usage diff --git a/changelog.osx-2.2 b/changelog.osx-2.2 index b4ab673..b5452de 100644 --- a/changelog.osx-2.2 +++ b/changelog.osx-2.2 @@ -1,3 +1,13 @@ +Tor Browser Bundle (2.2.30-1) alpha; suite=osx + + * Update Tor to 0.2.2.30-rc + * Update Firefox to 5.0 + * Update Torbutton to 1.4.0 + * Update HTTPS Everywhere to 1.0.0development.4 + * Update NoScript to 2.1.1.2 + + -- Erinn Clark <erinn(a)torproject.org> Sun Jul 10 08:59:52 ART 2011 + Tor Browser Bundle (2.2.29-1) alpha; suite=osx * Update Tor to 0.2.2.29-beta

1 0

[torbrowser/maint-2.2] update changelog and readme for tbb windows 2.2.30-1
by erinn＠torproject.org 12 Jul '11

12 Jul '11

commit 941430c279674d8c8a02d93b618a1ab95d3003a5 Author: Erinn Clark <erinn(a)torproject.org> Date: Tue Jul 12 19:30:32 2011 -0300 update changelog and readme for tbb windows 2.2.30-1 --- README.WIN-2.2 | 13 ++++++------- changelog.win-2.2 | 10 ++++++++++ 2 files changed, 16 insertions(+), 7 deletions(-) diff --git a/README.WIN-2.2 b/README.WIN-2.2 index cf382c8..0c16957 100644 --- a/README.WIN-2.2 +++ b/README.WIN-2.2 @@ -5,13 +5,12 @@ Included applications --------------------- Vidalia 0.2.12 (with Qt 4.6.2) -Tor 0.2.2.29-beta (with libevent-2.0.12-stable, zlib-1.2.5 and openssl-1.0.0d) -Polipo 1.0.4.1 -FirefoxPortable 4.0.1 - \_ Firefox 4.0.1 - \_ Torbutton 1.3.3-alpha - |_ NoScript 2.1.1.1 - |_ HTTPS-Everywhere 0.9.9.development.6 +Tor 0.2.2.30-rc (with libevent-2.0.12-stable, zlib-1.2.5 and openssl-1.0.0d) +FirefoxPortable 5.0 + \_ Firefox (Aurora) 5.0 + \_ Torbutton 1.4.0 + |_ NoScript 2.1.1.2 + |_ HTTPS-Everywhere 1.0.0development.4 |_ BetterPrivacy 1.51 Usage diff --git a/changelog.win-2.2 b/changelog.win-2.2 index 19c2e12..ba6ce71 100644 --- a/changelog.win-2.2 +++ b/changelog.win-2.2 @@ -1,3 +1,13 @@ +Tor Browser Bundle (2.2.30-1) alpha; suite=windows + + * Update Tor to 0.2.2.30-rc + * Update Firefox to 5.0 + * Update Torbutton to 1.4.0 + * Update HTTPS Everywhere to 1.0.0development.4 + * Update NoScript to 2.1.1.2 + + -- Erinn Clark <erinn(a)torproject.org> Tue Jul 12 19:26:17 ART 2011 + Tor Browser Bundle (2.2.29-1) alpha; suite=windows * Update Tor to 0.2.2.29-beta

1 0

[torbrowser/maint-2.2] update changelog and readme for tbb linux 2.2.30-1
by erinn＠torproject.org 12 Jul '11

12 Jul '11

commit bfcebf3f6e1bdfe3950bab680bec72396ad16960 Author: Erinn Clark <erinn(a)torproject.org> Date: Tue Jul 12 19:29:44 2011 -0300 update changelog and readme for tbb linux 2.2.30-1 --- README.LINUX-2.2 | 10 +++++----- changelog.linux-2.2 | 10 ++++++++++ 2 files changed, 15 insertions(+), 5 deletions(-) diff --git a/README.LINUX-2.2 b/README.LINUX-2.2 index 8455d06..ffb5a3a 100644 --- a/README.LINUX-2.2 +++ b/README.LINUX-2.2 @@ -5,11 +5,11 @@ Included applications --------------------- Vidalia 0.2.12 (with Qt 4.6.2) -Tor 0.2.2.29-beta (with libevent-2.0.12-stable, zlib-1.2.5 and openssl-1.0.0d) -Firefox (Tumucumaque) 4.0.1 - \_ Torbutton 1.3.3-alpha - |_ NoScript 2.1.1.1 - |_ HTTPS-Everywhere 0.9.9.development.6 +Tor 0.2.2.30-rc (with libevent-2.0.12-stable, zlib-1.2.5 and openssl-1.0.0d) +Firefox (Aurora) 5.0 + \_ Torbutton 1.4.0 + |_ NoScript 2.1.1.2 + |_ HTTPS-Everywhere 1.0.0development.4 |_ BetterPrivacy 1.51 Usage diff --git a/changelog.linux-2.2 b/changelog.linux-2.2 index e87f008..ab000f5 100644 --- a/changelog.linux-2.2 +++ b/changelog.linux-2.2 @@ -1,3 +1,13 @@ +Tor Browser Bundle (2.2.30-1) alpha; suite=linux + + * Update Tor to 0.2.2.30-rc + * Update Firefox to 5.0 + * Update Torbutton to 1.4.0 + * Update HTTPS Everywhere to 1.0.0development.4 + * Update NoScript to 2.1.1.2 + + -- Erinn Clark <erinn(a)torproject.org> Tue Jul 12 19:26:17 ART 2011 + Tor Browser Bundle (2.2.29-1) alpha; suite=linux * Update Tor to 0.2.2.29-beta

1 0

[torbrowser/maint-2.2] remove unnecessary file extension from https-everywhere version string
by erinn＠torproject.org 12 Jul '11

12 Jul '11

commit a89d9b1919f621918a874762fc9d57da50e768d5 Author: Erinn Clark <erinn(a)torproject.org> Date: Sun Jul 10 09:04:06 2011 -0300 remove unnecessary file extension from https-everywhere version string --- build-scripts/versions.mk | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-) diff --git a/build-scripts/versions.mk b/build-scripts/versions.mk index e7d092a..4dc8589 100644 --- a/build-scripts/versions.mk +++ b/build-scripts/versions.mk @@ -2,7 +2,7 @@ RELEASE_VER=2.2.30 -HTTPSEVERY_VER=1.0.0development.4.xpi +HTTPSEVERY_VER=1.0.0development.4 FIREFOX_VER=5.0 LIBEVENT_VER=2.0.12-stable LIBPNG_VER=1.4.3

1 0

[torbrowser/maint-2.2] re-enable addon update checking. closes #3554.
by erinn＠torproject.org 12 Jul '11

12 Jul '11

commit 726d52ef79a8c2d49ebca70d66c7731d5a0568dc Author: Erinn Clark <erinn(a)torproject.org> Date: Sun Jul 10 09:35:19 2011 -0300 re-enable addon update checking. closes #3554. --- build-scripts/config/no-polipo-4.0.js | 4 ++-- 1 files changed, 2 insertions(+), 2 deletions(-) diff --git a/build-scripts/config/no-polipo-4.0.js b/build-scripts/config/no-polipo-4.0.js index 06a8f4d..2437752 100644 --- a/build-scripts/config/no-polipo-4.0.js +++ b/build-scripts/config/no-polipo-4.0.js @@ -61,7 +61,7 @@ user_pref("extensions.bprivacy.donotaskforfolder", true); user_pref("extensions.bprivacy.donotaskonexit", true); user_pref("extensions.bprivacy.initiated", true); user_pref("extensions.checkCompatibility.4.*", false); -user_pref("extensions.checkUpdateSecurity", false); +user_pref("extensions.checkUpdateSecurity", true); user_pref("extensions.databaseSchema", 3); user_pref("extensions.enabledAddons", "https-everywhere@eff.org:0.9.9.development.4,{73a6fe31-595d-460b-a920-fcc0f8843232}:2.1.0.3,{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}:1.50,{e0204bd5-9d31-402b-a99d-a6aa8ffebdca}:1.3.3-alpha"); user_pref("extensions.enabledItems", "langpack-en-US@firefox.mozilla.org:,{73a6fe31-595d-460b-a920-fcc0f8843232}:1.9.9.57,{e0204bd5-9d31-402b-a99d-a6aa8ffebdca}:1.2.4,{972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.8"); @@ -80,7 +80,7 @@ user_pref("extensions.torbutton.socks_port", 9050); user_pref("extensions.torbutton.tor_enabled", true); user_pref("extensions.torbutton.tor_memory_jar", true); user_pref("extensions.torbutton.tz_string", "UTC+00:00"); -user_pref("extensions.update.enabled", false); +user_pref("extensions.update.enabled", true); user_pref("extensions.update.notifyUser", false); user_pref("general.appname.override", "Netscape"); user_pref("general.appversion.override", "5.0 (Windows; en-US)");

1 0

[torbrowser/maint-2.2] add torbutton target back to makefile now that I no longer need to change the privoxy setting
by erinn＠torproject.org 12 Jul '11

12 Jul '11

commit 350e140f1b3dbef7f2f6004961cb816013cc1089 Author: Erinn Clark <erinn(a)torproject.org> Date: Sun Jul 10 09:02:31 2011 -0300 add torbutton target back to makefile now that I no longer need to change the privoxy setting --- build-scripts/osx.mk | 4 ++-- 1 files changed, 2 insertions(+), 2 deletions(-) diff --git a/build-scripts/osx.mk b/build-scripts/osx.mk index 5f00421..e8303f1 100644 --- a/build-scripts/osx.mk +++ b/build-scripts/osx.mk @@ -315,8 +315,8 @@ strip-it-stripper: ## ## Torbutton development version -#torbutton.xpi: -# $(WGET) --no-check-certificate -O $@ $(TORBUTTON) +torbutton.xpi: + $(WGET) --no-check-certificate -O $@ $(TORBUTTON) ## BetterPrivacy betterprivacy.xpi:

1 0

[torbrowser/maint-2.2] Add missing header to intermediate cert store patch
by erinn＠torproject.org 12 Jul '11

12 Jul '11

commit 7e288fdc4bdac4e4533f2cdc09bd0a7ec47ffdac Author: Sebastian Hahn <sebastian(a)torproject.org> Date: Sun Jul 10 00:06:12 2011 +0200 Add missing header to intermediate cert store patch The patch omitted the changes necessary in nsNSSComponent.h and only contained the changes for nsNSSComponent.cpp. This would mean that the patch could be applied, but the build failed. Add the missing part of the patch. --- ...-Make-Intermediate-Cert-Store-memory-only.patch | 17 +++++++++++++++++ 1 files changed, 17 insertions(+), 0 deletions(-) diff --git a/src/current-patches/0002-Firefox5-Make-Intermediate-Cert-Store-memory-only.patch b/src/current-patches/0002-Firefox5-Make-Intermediate-Cert-Store-memory-only.patch index 17ad3a2..2bd11e8 100644 --- a/src/current-patches/0002-Firefox5-Make-Intermediate-Cert-Store-memory-only.patch +++ b/src/current-patches/0002-Firefox5-Make-Intermediate-Cert-Store-memory-only.patch @@ -278,6 +278,23 @@ index d3ae772..fa37ace 100644 } void +--- a/security/manager/ssl/src/nsNSSComponent.h ++++ b/security/manager/ssl/src/nsNSSComponent.h +@@ -321,10 +321,10 @@ + + // Methods that we use to handle the profile change notifications (and to + // synthesize a full profile change when we're just doing a profile startup): +- void DoProfileApproveChange(nsISupports* aSubject); ++ PRBool DoProfileApproveChange(nsISupports* aSubject); + void DoProfileChangeNetTeardown(); +- void DoProfileChangeTeardown(nsISupports* aSubject); +- void DoProfileBeforeChange(nsISupports* aSubject); ++ PRBool DoProfileChangeTeardown(nsISupports* aSubject); ++ PRBool DoProfileBeforeChange(nsISupports* aSubject); + void DoProfileChangeNetRestore(); + + Mutex mutex; + -- 1.7.3.4

1 0