October 2013 - tor-commits - lists.torproject.org

[check/master] Some fixes for go1.0.x
by arlo＠torproject.org 26 Oct '13

26 Oct '13

commit cbd6b1b15723b531876d0c7d7b4e239bc9685116 Author: Arlo Breault <arlolra(a)gmail.com> Date: Fri Oct 25 16:28:41 2013 -0700 Some fixes for go1.0.x --- handlers.go | 4 ++-- public/index.html | 4 ++-- scripts/exitips.py | 8 +++++--- 3 files changed, 9 insertions(+), 7 deletions(-) diff --git a/handlers.go b/handlers.go index 57e82f8..f4a308f 100644 --- a/handlers.go +++ b/handlers.go @@ -18,7 +18,7 @@ var Locales = GetLocaleList() // page model type Page struct { IsTor bool - UpToDate bool + NotUpToDate bool Small bool Fingerprint string OnOff string @@ -74,7 +74,7 @@ func RootHandler(Layout *template.Template, Exits *Exits, domain *gettext.Domain // instance of your page model p := Page{ isTor, - UpToDate(r), + !UpToDate(r), Small(r), fingerprint, onOff, diff --git a/public/index.html b/public/index.html index 450c533..832ec99 100644 --- a/public/index.html +++ b/public/index.html @@ -4,7 +4,7 @@ {{ define "head" }} <form action="/" method="get" id="lang"> {{ if .Small }}<input type="hidden" name="small" value="1" />{{ end }} - {{ if And .IsTor (Not .UpToDate) }}<input type="hidden" name="uptodate" value="0" />{{ end }} + {{ if And .IsTor .NotUpToDate }}<input type="hidden" name="uptodate" value="0" />{{ end }} <label for="lang" class="small">{{ GetText .Lang "This page is also available in the following languages:" }}</label> <select id="cl" name="lang"> {{ $out := . }} @@ -28,7 +28,7 @@ {{ end }} </h1> <p>{{ GetText .Lang "Your IP address appears to be: " }} <strong>{{ .IP }}</strong></p> - {{ if And .IsTor (Not .UpToDate) }} + {{ if And .IsTor .NotUpToDate }} <p class="security"> {{ GetText .Lang "There is a security update available for the Tor Browser Bundle." }}<br /> {{ GetText .Lang "<a href=\"https://www.torproject.org/download/download-easy.html\">Click here to go to the download page</a>" | UnEscaped }} diff --git a/scripts/exitips.py b/scripts/exitips.py index 49b7f03..7a27b5d 100755 --- a/scripts/exitips.py +++ b/scripts/exitips.py @@ -56,6 +56,8 @@ def main(consensuses, exit_lists): for x in router.exit_policy._get_rules(): r.Rules.append({ "IsAddressWildcard": True, + "Address": "", + "Mask": "", "IsAccept": x.is_accept, "MinPort": x.min_port, "MaxPort": x.max_port @@ -83,7 +85,7 @@ def main(consensuses, exit_lists): rules = [] for x in descriptor.exit_policy._get_rules(): is_address_wildcard = x.is_address_wildcard() - mask = None + mask = "" if not is_address_wildcard: address_type = x.get_address_type() if (address_type == AddressType.IPv4 and @@ -93,8 +95,8 @@ def main(consensuses, exit_lists): mask = x.get_mask() rules.append({ "IsAddressWildcard": is_address_wildcard, - "Address": x.address, - "Mask": mask, + "Address": "" if x.address is None else x.address, + "Mask": "" if mask is None else mask, "IsAccept": x.is_accept, "MinPort": x.min_port, "MaxPort": x.max_port

1 0

[check/master] Only use descriptors from the past hour.
by arlo＠torproject.org 26 Oct '13

26 Oct '13

commit 2dfc37bcf51f1fbf634b768c873b9d1709f2230b Author: Arlo Breault <arlolra(a)gmail.com> Date: Fri Oct 25 16:30:40 2013 -0700 Only use descriptors from the past hour. Avoid repeats. --- Makefile | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/Makefile b/Makefile index 46a1f29..27cfa5a 100644 --- a/Makefile +++ b/Makefile @@ -36,11 +36,7 @@ data/exit-policies: data/consensus data/exit-addresses data/cached-descriptors data/cached-descriptors: descriptors @echo "Concatenating data/descriptors/* into data/cached-descriptors" @rm -f data/cached-descriptors - @touch data/cached-descriptors - @for f in 0 1 2 3 4 5 6 7 8 9 a b c d e f; \ - do \ - cat data/descriptors/$$f* >> data/cached-descriptors; \ - done + find data/descriptors -type f -mmin -60 | xargs cat > data/cached-descriptors @echo "Done" descriptors: data/descriptors/

1 0

[tor/master] clarify that DisableNetwork closes connections too
by arma＠torproject.org 25 Oct '13

25 Oct '13

commit 49278cd68a0d84727ae1131e677bc3481b3e2fc7 Author: Roger Dingledine <arma(a)torproject.org> Date: Fri Oct 25 16:56:20 2013 -0400 clarify that DisableNetwork closes connections too --- doc/tor.1.txt | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/doc/tor.1.txt b/doc/tor.1.txt index 215ea0c..ac33c59 100644 --- a/doc/tor.1.txt +++ b/doc/tor.1.txt @@ -211,7 +211,8 @@ GENERAL OPTIONS [[DisableNetwork]] **DisableNetwork** **0**|**1**:: When this option is set, we don't listen for or accept any connections - other than controller connections, and we don't make any outbound + other than controller connections, and we close (and don't reattempt) + any outbound connections. Controllers sometimes use this option to avoid using the network until Tor is fully configured. (Default: 0)

1 0

[torspec/master] Rename DUMP->DROP, add a warning
by nickm＠torproject.org 25 Oct '13

25 Oct '13

commit 7c6c7fc63264c57240e42ca2040dfc5b9fd82fed Author: Nick Mathewson <nickm(a)torproject.org> Date: Fri Oct 25 12:45:02 2013 -0400 Rename DUMP->DROP, add a warning --- control-spec.txt | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/control-spec.txt b/control-spec.txt index 2826876..beb6593 100644 --- a/control-spec.txt +++ b/control-spec.txt @@ -1150,16 +1150,17 @@ [AUTHCHALLENGE was added in Tor FIXME.] -3.25. DUMPGUARDS +3.25. DROPGUARDS The syntax is: - "DUMPGUARDS" CRLF + "DROPGUARDS" CRLF - Tells the server to drop all guard nodes. + Tells the server to drop all guard nodes. Do not invoke this command + lightly; it can increase vulnerability to tracking attacks over time. Tor replies with "250 OK" on success. - [DUMPGUARDS was added in Tor FIXME.] + [DROPGUARDS was added in Tor 0.2.5.1-alpha.] 4. Replies

1 0

[tor/master] DROPGUARDS controller command
by nickm＠torproject.org 25 Oct '13

25 Oct '13

commit 71bd10097677cd035bd97a6c36b85d07fdbafb62 Author: Nick Mathewson <nickm(a)torproject.org> Date: Mon Oct 21 13:02:25 2013 -0400 DROPGUARDS controller command Implements ticket 9934; patch from "ra" --- changes/bug9934 | 4 ++++ src/or/control.c | 27 +++++++++++++++++++++++++++ src/or/entrynodes.c | 19 +++++++++++++++++++ src/or/entrynodes.h | 2 ++ 4 files changed, 52 insertions(+) diff --git a/changes/bug9934 b/changes/bug9934 new file mode 100644 index 0000000..2a636db --- /dev/null +++ b/changes/bug9934 @@ -0,0 +1,4 @@ + o Minor features (controller): + - New DROPGUARDS command to forget all current entry guards. Not + recommended for ordinary use, since replacing guards too frequently + makes several attacks easier. Resolves ticket #9934; patch from "ra". diff --git a/src/or/control.c b/src/or/control.c index e97c18d..65c543a 100644 --- a/src/or/control.c +++ b/src/or/control.c @@ -3141,6 +3141,30 @@ handle_control_usefeature(control_connection_t *conn, return 0; } +/** Implementation for the DROPGUARDS command. */ +static int +handle_control_dropguards(control_connection_t *conn, + uint32_t len, + const char *body) +{ + smartlist_t *args; + (void) len; /* body is nul-terminated; it's safe to ignore the length */ + args = smartlist_new(); + smartlist_split_string(args, body, " ", + SPLIT_SKIP_SPACE|SPLIT_IGNORE_BLANK, 0); + + if (smartlist_len(args)) { + connection_printf_to_buf(conn, "512 Too many arguments to DROPGUARDS\r\n"); + } else { + remove_all_entry_guards(); + send_control_done(conn); + } + + SMARTLIST_FOREACH(args, char *, cp, tor_free(cp)); + smartlist_free(args); + return 0; +} + /** Called when <b>conn</b> has no more bytes left on its outbuf. */ int connection_control_finished_flushing(control_connection_t *conn) @@ -3440,6 +3464,9 @@ connection_control_process_inbuf(control_connection_t *conn) } else if (!strcasecmp(conn->incoming_cmd, "AUTHCHALLENGE")) { if (handle_control_authchallenge(conn, cmd_data_len, args)) return -1; + } else if (!strcasecmp(conn->incoming_cmd, "DROPGUARDS")) { + if (handle_control_dropguards(conn, cmd_data_len, args)) + return -1; } else { connection_printf_to_buf(conn, "510 Unrecognized command \"%s\"\r\n", conn->incoming_cmd); diff --git a/src/or/entrynodes.c b/src/or/entrynodes.c index b97b2ea..59cc9a3 100644 --- a/src/or/entrynodes.c +++ b/src/or/entrynodes.c @@ -598,6 +598,25 @@ remove_dead_entry_guards(time_t now) return changed ? 1 : 0; } +/** Remove all currently listed entry guards. So new ones will be chosen. */ +void +remove_all_entry_guards(void) +{ + char dbuf[HEX_DIGEST_LEN+1]; + + while (smartlist_len(entry_guards)) { + entry_guard_t *entry = smartlist_get(entry_guards, 0); + base16_encode(dbuf, sizeof(dbuf), entry->identity, DIGEST_LEN); + log_info(LD_CIRC, "Entry guard '%s' (%s) has been dropped.", + entry->nickname, dbuf); + control_event_guard(entry->nickname, entry->identity, "DROPPED"); + entry_guard_free(entry); + smartlist_del(entry_guards, 0); + } + log_entry_guards(LOG_INFO); + entry_guards_changed(); +} + /** A new directory or router-status has arrived; update the down/listed * status of the entry guards. * diff --git a/src/or/entrynodes.h b/src/or/entrynodes.h index 533f202..1f8cff7 100644 --- a/src/or/entrynodes.h +++ b/src/or/entrynodes.h @@ -77,6 +77,8 @@ int num_live_entry_guards(int for_directory); #endif +void remove_all_entry_guards(void); + void entry_guards_compute_status(const or_options_t *options, time_t now); int entry_guard_register_connect_status(const char *digest, int succeeded, int mark_relay_status, time_t now);

1 0

[tor/master] Merge remote-tracking branch 'public/bug9934_nm'
by nickm＠torproject.org 25 Oct '13

25 Oct '13

commit 7578606a2265466bc4546f0d08b9dbdf427e7c1c Merge: c95cc08 71bd100 Author: Nick Mathewson <nickm(a)torproject.org> Date: Fri Oct 25 12:15:31 2013 -0400 Merge remote-tracking branch 'public/bug9934_nm' changes/bug9934 | 4 ++++ src/or/control.c | 27 +++++++++++++++++++++++++++ src/or/entrynodes.c | 19 +++++++++++++++++++ src/or/entrynodes.h | 2 ++ 4 files changed, 52 insertions(+)

1 0

[torspec/master] add DUMPGUARDS command
by nickm＠torproject.org 25 Oct '13

25 Oct '13

commit 59048c31207d232307c197e17c7b1794b7280305 Author: r.a(a)posteo.net <r.a(a)posteo.net> Date: Wed Oct 9 00:55:12 2013 +0200 add DUMPGUARDS command --- control-spec.txt | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/control-spec.txt b/control-spec.txt index 06b97d0..2826876 100644 --- a/control-spec.txt +++ b/control-spec.txt @@ -1150,6 +1150,17 @@ [AUTHCHALLENGE was added in Tor FIXME.] +3.25. DUMPGUARDS + + The syntax is: + "DUMPGUARDS" CRLF + + Tells the server to drop all guard nodes. + + Tor replies with "250 OK" on success. + + [DUMPGUARDS was added in Tor FIXME.] + 4. Replies Reply codes follow the same 3-character format as used by SMTP, with the

1 0

[tor/master] No longer writing control ports to file if updating reversible options fail. Fixes #5605.
by nickm＠torproject.org 25 Oct '13

25 Oct '13

commit b336e8c74ef996045694ec9c60054729def721c4 Author: Kevin Butler <haqkrs(a)gmail.com> Date: Mon Sep 2 19:25:08 2013 +0100 No longer writing control ports to file if updating reversible options fail. Fixes #5605. --- changes/bug5605 | 2 ++ src/or/config.c | 6 +++--- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/changes/bug5605 b/changes/bug5605 new file mode 100644 index 0000000..ae66a6e --- /dev/null +++ b/changes/bug5605 @@ -0,0 +1,2 @@ +o Minor Bugfixes: + - No longer writing control ports to file if updating reversible options fail. Fixes #5605. \ No newline at end of file diff --git a/src/or/config.c b/src/or/config.c index 657bc60..cb3dc57 100644 --- a/src/or/config.c +++ b/src/or/config.c @@ -1115,9 +1115,6 @@ options_act_reversible(const or_options_t *old_options, char **msg) /* No need to roll back, since you can't change the value. */ } - /* Write control ports to disk as appropriate */ - control_ports_write_to_file(); - if (directory_caches_v2_dir_info(options)) { char *fn = NULL; tor_asprintf(&fn, "%s"PATH_SEPARATOR"cached-status", @@ -1315,6 +1312,9 @@ options_act(const or_options_t *old_options) } } + /* Write control ports to disk as appropriate */ + control_ports_write_to_file(); + if (running_tor && !have_lockfile()) { if (try_locking(options, 1) < 0) return -1;

1 0

[tor/master] Merge remote-tracking branch 'Ryman/bug5605'
by nickm＠torproject.org 25 Oct '13

25 Oct '13

commit f249074e419a7f7fe6d0943516cc5d53a88ed435 Merge: 4b8282e b336e8c Author: Nick Mathewson <nickm(a)torproject.org> Date: Fri Oct 25 12:03:42 2013 -0400 Merge remote-tracking branch 'Ryman/bug5605' changes/bug5605 | 2 ++ src/or/config.c | 6 +++--- 2 files changed, 5 insertions(+), 3 deletions(-)

1 0

[tor/master] Tweak 5605 changes file
by nickm＠torproject.org 25 Oct '13

25 Oct '13

commit c95cc088c1188cfd887b849af1e2eb45131fd68e Author: Nick Mathewson <nickm(a)torproject.org> Date: Fri Oct 25 12:07:15 2013 -0400 Tweak 5605 changes file --- changes/bug5605 | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/changes/bug5605 b/changes/bug5605 index ae66a6e..2144d96 100644 --- a/changes/bug5605 +++ b/changes/bug5605 @@ -1,2 +1,5 @@ o Minor Bugfixes: - - No longer writing control ports to file if updating reversible options fail. Fixes #5605. \ No newline at end of file + - No longer writing control ports to file if updating reversible + options fail. Fixes bug 5605; bugfix on 0.2.2.26-beta. Patch from + Ryman. +

1 0