November 2013 - tor-commits - lists.torproject.org

[torbrowser/maint-2.4] Update recommended versions for 3.0rc1.
by mikeperry＠torproject.org 22 Nov '13

22 Nov '13

commit aec6ab3a3b75e9b260982578ebf14cb520dd1290 Author: Mike Perry <mikeperry-git(a)torproject.org> Date: Thu Nov 21 21:22:57 2013 -0800 Update recommended versions for 3.0rc1. --- build-scripts/recommended-versions | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/build-scripts/recommended-versions b/build-scripts/recommended-versions index c3a9a94..f3aa129 100644 --- a/build-scripts/recommended-versions +++ b/build-scripts/recommended-versions @@ -10,7 +10,7 @@ "2.4.18-rc-1-Windows", "2.4.18-rc-1-Linux", "2.4.18-rc-2-Linux", -"3.0-beta-1-Linux", -"3.0-beta-1-MacOS", -"3.0-beta-1-Windows" +"3.0-rc-1-Linux", +"3.0-rc-1-MacOS", +"3.0-rc-1-Windows" ]

1 0

[tlsdate/master] Mention the recent FreeBSD-specific changes in the CHANGELOG
by ioerror＠torproject.org 21 Nov '13

21 Nov '13

commit add30296600ed6e1d2d3738b3dc879cb5d6c5723 Author: Fabian Keil <fk(a)fabiankeil.de> Date: Thu Nov 21 14:55:22 2013 +0100 Mention the recent FreeBSD-specific changes in the CHANGELOG --- CHANGELOG | 3 +++ 1 file changed, 3 insertions(+) diff --git a/CHANGELOG b/CHANGELOG index 2708a9f..e7d5287 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -1,3 +1,6 @@ +0.0.8 TBD + Fix build on FreeBSD 10 and 11. + Add FreeBSD 9.2 support for tlsdate and tlsdate-helper. 0.0.7 Sat 2 Nov, 2013 Add tentative -plan9.[ch] versions of tlsdate-helper. Add -x option to tlsdated to override source proxies.

1 0

[tlsdate/master] Use the strchrnul() replacement on FreeBSD versions that need it
by ioerror＠torproject.org 21 Nov '13

21 Nov '13

commit bf91ea96c63e885c0800bbc856459052a4f69207 Author: Fabian Keil <fk(a)fabiankeil.de> Date: Thu Nov 21 14:05:54 2013 +0100 Use the strchrnul() replacement on FreeBSD versions that need it This gets tlsdate and tlsdate-helper working on FreeBSD 9.2-RELEASE. --- configure.ac | 3 +++ src/conf.c | 6 ++++++ src/include.am | 6 ++++++ 3 files changed, 15 insertions(+) diff --git a/configure.ac b/configure.ac index 04ea89a..cdecdd5 100644 --- a/configure.ac +++ b/configure.ac @@ -160,6 +160,9 @@ AC_CHECK_TYPES([struct rtc_time], [], [], [ #endif ]) +AC_CHECK_FUNCS([strchrnul]) +AM_CONDITIONAL(HAVE_STRCHRNUL, [test "x${ac_cv_func_strchrnul}" = xyes]) + AC_CHECK_FUNCS([strnlen]) AM_CONDITIONAL(HAVE_STRNLEN, [test "x${ac_cv_func_strnlen}" = xyes]) diff --git a/src/conf.c b/src/conf.c index 6182650..27c56d1 100644 --- a/src/conf.c +++ b/src/conf.c @@ -27,6 +27,12 @@ #include "src/common/android.h" // XXX: Dirty hack - make this more generic later #endif +#ifdef TARGET_OS_FREEBSD +#ifndef HAVE_STRCHRNUL +#include "src/common/android.h" // XXX: Dirty hack - make this more generic later +#endif +#endif + #ifdef HAVE_ANDROID #include "src/common/android.h" #endif diff --git a/src/include.am b/src/include.am index 953bcd6..259d618 100644 --- a/src/include.am +++ b/src/include.am @@ -35,6 +35,9 @@ bin_PROGRAMS+= src/tlsdate-helper src_conf_unittest_SOURCES = src/conf.c src_conf_unittest_SOURCES+= src/conf-unittest.c +if !HAVE_STRCHRNUL +src_conf_unittest_SOURCES+= src/common/android.c +endif check_PROGRAMS+= src/conf_unittest noinst_PROGRAMS+= src/conf_unittest endif @@ -222,6 +225,9 @@ src_proxy_bio_unittest_SOURCES = src/proxy-bio.c src_proxy_bio_unittest_SOURCES+= src/proxy-bio-unittest.c src_proxy_bio_unittest_SOURCES+= src/test-bio.c src_proxy_bio_unittest_SOURCES+= src/util.c +if !HAVE_STRCHRNUL +src_proxy_bio_unittest_SOURCES+= src/common/android.c +endif check_PROGRAMS+= src/proxy-bio_unittest noinst_PROGRAMS+= src/proxy-bio_unittest endif

1 0

[tlsdate/master] Mention in INSTALL that tlsdate is expected to work on FreeBSD 9.2 and 11 as well
by ioerror＠torproject.org 21 Nov '13

21 Nov '13

commit 44fa3b79128df9cd1738a66ae80a5a0bde6d4603 Author: Fabian Keil <fk(a)fabiankeil.de> Date: Thu Nov 21 14:49:28 2013 +0100 Mention in INSTALL that tlsdate is expected to work on FreeBSD 9.2 and 11 as well --- INSTALL | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/INSTALL b/INSTALL index 285e147..768bc2d 100644 --- a/INSTALL +++ b/INSTALL @@ -6,7 +6,7 @@ tlsdate should build and work on the following Operating Systems: Fedora 17, 18 RedHat Enterprise Server 6.4 OpenSUSE 11.2, 12.3 - FreeBSD 10-CURRENT + FreeBSD 9.2, 10, 11 Mac OS X 10.8.2, 10.8.3 ChromeOS Release 25, 26, 27 and above Android with the Android NDK (use Makefile.android)

1 0

[flashproxy/master] Remove the README section on using a public flashproxy-client.
by dcf＠torproject.org 21 Nov '13

21 Nov '13

commit 3406eb1884f8032deb2ecafa49cc44b7f24a384e Author: David Fifield <david(a)bamsoftware.com> Date: Thu Nov 21 13:54:12 2013 -0800 Remove the README section on using a public flashproxy-client. This is less necessary than it was in the early days, when no one wanted to bother to download the client software. I probably won't run a public flashproxy-client on the next facilitator I set up. --- README | 10 ---------- 1 file changed, 10 deletions(-) diff --git a/README b/README index aa1dc6a..7888b22 100644 --- a/README +++ b/README @@ -62,16 +62,6 @@ computer into a flash proxy as long as the page is open. http://crypto.stanford.edu/flashproxy/ -== Using a public client transport plugin - -Rather than running flashproxy-client on your computer, you can use a -public instance of it. This way is not as realistic because all your Tor -traffic will first go to a fixed address and can be easily blocked. -However this is an easy way to try out the system without having to do -port forwarding. - $ tor ClientTransportPlugin "flashproxy socks4 fp-facilitator.org:9999" UseBridges 1 Bridge "flashproxy 0.0.1.0:1" LearnCircuitBuildTimeout 0 CircuitBuildTimeout 60 - - == Troubleshooting Make sure someone is viewing http://crypto.stanford.edu/flashproxy/, or

1 0

[tor-browser-bundle/master] Conceal useragent during downloads.
by mikeperry＠torproject.org 21 Nov '13

21 Nov '13

commit d423a3ed4163b4cdac53a21fcb2bed5914393ad9 Author: Mike Perry <mikeperry-git(a)torproject.org> Date: Thu Nov 21 13:26:15 2013 -0800 Conceal useragent during downloads. --- gitian/fetch-inputs.sh | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/gitian/fetch-inputs.sh b/gitian/fetch-inputs.sh index 19b3509..82a0b50 100755 --- a/gitian/fetch-inputs.sh +++ b/gitian/fetch-inputs.sh @@ -72,7 +72,7 @@ get() { local file="$1"; shift local url="$1"; shift - if ! wget -N "$url"; then + if ! wget -U "" -N "$url"; then echo >&2 "Error: Cannot download $url" mv "${file}" "${file}.DLFAILED" exit 1 @@ -155,7 +155,7 @@ for i in OSXSDK #OPENSSL do URL="${i}_URL" PACKAGE="${i}_PACKAGE" - if ! wget -N --no-remove-listing "${!URL}"; then + if ! wget -U "" -N --no-remove-listing "${!URL}"; then echo "$i url ${!URL} is broken!" mv "${!PACKAGE}" "${!PACKAGE}.removed" exit 1 @@ -168,7 +168,7 @@ done cd .. # NoScript and PDF.JS are magikal and special: -wget -N ${NOSCRIPT_URL} +wget -U "" -N ${NOSCRIPT_URL} # So is mingw: if [ ! -f mingw-w64-svn-snapshot.zip ]; @@ -199,13 +199,13 @@ cd langpacks-$FIREFOX_LANG_VER for i in $BUNDLE_LOCALES do cd linux-langpacks - wget -N "https://ftp.mozilla.org/pub/mozilla.org/firefox/releases/$FIREFOX_LANG_VER/…" + wget -U "" -N "https://ftp.mozilla.org/pub/mozilla.org/firefox/releases/$FIREFOX_LANG_VER/…" cd .. cd win32-langpacks - wget -N "https://ftp.mozilla.org/pub/mozilla.org/firefox/releases/$FIREFOX_LANG_VER/…" + wget -U "" -N "https://ftp.mozilla.org/pub/mozilla.org/firefox/releases/$FIREFOX_LANG_VER/…" cd .. cd mac-langpacks - wget -N "https://ftp.mozilla.org/pub/mozilla.org/firefox/releases/$FIREFOX_LANG_VER/…" + wget -U "" -N "https://ftp.mozilla.org/pub/mozilla.org/firefox/releases/$FIREFOX_LANG_VER/…" cd .. done

1 0

[tor-browser-bundle/master] Fix quoting and signature downloads during build comparison.
by mikeperry＠torproject.org 21 Nov '13

21 Nov '13

commit ef049610ab06af6942ee83026f2e887144904b7b Author: Mike Perry <mikeperry-git(a)torproject.org> Date: Thu Nov 21 13:24:45 2013 -0800 Fix quoting and signature downloads during build comparison. --- gitian/check-match.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/gitian/check-match.sh b/gitian/check-match.sh index 1958e4a..907fbfe 100755 --- a/gitian/check-match.sh +++ b/gitian/check-match.sh @@ -35,8 +35,8 @@ do mkdir -p $TORBROWSER_VERSION/$u cd $TORBROWSER_VERSION/$u - wget https://$HOST/~$u/builds/$TORBROWSER_VERSION/sha256sums.txt || continue - wget https://$HOST/~$u/builds/$TORBROWSER_VERSION/sha256sums.txt.asc || continue + wget -U "" -N https://$HOST/~$u/builds/$TORBROWSER_VERSION/sha256sums.txt || continue + wget -U "" -N https://$HOST/~$u/builds/$TORBROWSER_VERSION/sha256sums.txt.asc || continue keyring="../../gpg/$u.gpg" @@ -50,7 +50,7 @@ do VALID="$u $VALID" done -if [ -z $VALID ]; +if [ -z "$VALID" ]; then echo "No bundle hashes or sigs published for $TORBROWSER_VERSION." echo

1 0

[flashproxy/master] email-poller: move main loop inside a main() function
by infinity0＠torproject.org 21 Nov '13

21 Nov '13

commit 26db40e275804d75ecb86b0c1922f0af2a53aa2f Author: Ximin Luo <infinity0(a)gmx.com> Date: Thu Nov 21 21:19:26 2013 +0000 email-poller: move main loop inside a main() function - so we can import it without running it, useful for the upcoming help2man stuff --- facilitator/facilitator-email-poller | 254 +++++++++++++++++----------------- 1 file changed, 129 insertions(+), 125 deletions(-) diff --git a/facilitator/facilitator-email-poller b/facilitator/facilitator-email-poller index 8a5c972..b3b9b14 100755 --- a/facilitator/facilitator-email-poller +++ b/facilitator/facilitator-email-poller @@ -125,110 +125,136 @@ def log(msg): print >> options.log_file, (u"%s %s" % (time.strftime(LOG_DATE_FORMAT), msg)).encode("UTF-8") options.log_file.flush() -opts, args = getopt.gnu_getopt(sys.argv[1:], "de:hi:l:p:", [ - "debug", - "disable-pin", - "email=", - "help", - "imap=", - "imaplib-debug", - "log=", - "pass=", - "pidfile=", - "privdrop-user=", - "unsafe-logging", -]) -for o, a in opts: - if o == "-d" or o == "--debug": - options.daemonize = False - options.log_filename = None - elif o == "--disable-pin": - options.use_certificate_pin = False - elif o == "-h" or o == "--help": - usage() - sys.exit() - if o == "--imaplib-debug": - options.imaplib_debug = True - elif o == "-l" or o == "--log": - options.log_filename = a - elif o == "-p" or o == "--pass": - options.password_filename = a - elif o == "--pidfile": - options.pid_filename = a - elif o == "--privdrop-user": - options.privdrop_username = a - elif o == "--unsafe-logging": - options.safe_logging = False - -if len(args) != 0: - usage(sys.stderr) - sys.exit(1) - -# Load the email password. -if options.password_filename is None: - print >> sys.stderr, "The --pass option is required." - sys.exit(1) -try: - password_file = open(options.password_filename) -except Exception, e: - print >> sys.stderr, """\ -Failed to open password file "%s": %s.\ -""" % (options.password_filename, str(e)) - sys.exit(1) -try: - if not proc.check_perms(password_file.fileno()): - print >> sys.stderr, "Refusing to run with group- or world-readable password file. Try" - print >> sys.stderr, "\tchmod 600 %s" % options.password_filename +def main(): + opts, args = getopt.gnu_getopt(sys.argv[1:], "de:hi:l:p:", [ + "debug", + "disable-pin", + "email=", + "help", + "imap=", + "imaplib-debug", + "log=", + "pass=", + "pidfile=", + "privdrop-user=", + "unsafe-logging", + ]) + for o, a in opts: + if o == "-d" or o == "--debug": + options.daemonize = False + options.log_filename = None + elif o == "--disable-pin": + options.use_certificate_pin = False + elif o == "-h" or o == "--help": + usage() + sys.exit() + if o == "--imaplib-debug": + options.imaplib_debug = True + elif o == "-l" or o == "--log": + options.log_filename = a + elif o == "-p" or o == "--pass": + options.password_filename = a + elif o == "--pidfile": + options.pid_filename = a + elif o == "--privdrop-user": + options.privdrop_username = a + elif o == "--unsafe-logging": + options.safe_logging = False + + if len(args) != 0: + usage(sys.stderr) + sys.exit(1) + + # Load the email password. + if options.password_filename is None: + print >> sys.stderr, "The --pass option is required." + sys.exit(1) + try: + password_file = open(options.password_filename) + except Exception, e: + print >> sys.stderr, """\ + Failed to open password file "%s": %s.\ + """ % (options.password_filename, str(e)) sys.exit(1) - for (lineno0, line) in enumerate(password_file.readlines()): - line = line.strip("\n") - if not line or line.startswith('#'): continue - # we do this stricter regex match because passwords might have spaces in - res = re.match(r"(?:(\S+)\s)?(\S+@\S+)\s(.+)", line) - if not res: - raise ValueError("could not find email or password on line %s" % (lineno0+1)) - (imap_addr_spec, email_addr, email_password) = res.groups() - imap_addr = parse_addr_spec( - imap_addr_spec or "", DEFAULT_IMAP_HOST, DEFAULT_IMAP_PORT) - break - else: - raise ValueError("no email line found") -except Exception, e: - print >> sys.stderr, """\ -Failed to parse password file "%s": %s. -Syntax is [<imap_host>] <email> <password>. -""" % (options.password_filename, str(e)) - sys.exit(1) -finally: - password_file.close() - -if options.log_filename: - options.log_file = open(options.log_filename, "a") - # Send error tracebacks to the log. - sys.stderr = options.log_file -else: - options.log_file = sys.stdout - -if options.daemonize: - log(u"daemonizing") - pid = os.fork() - if pid != 0: - if options.pid_filename: - f = open(options.pid_filename, "w") - print >> f, pid - f.close() - sys.exit(0) - -if options.privdrop_username is not None: - log(u"dropping privileges to those of user %s" % options.privdrop_username) try: - proc.drop_privs(options.privdrop_username) - except BaseException, e: - print >> sys.stderr, "Can't drop privileges:", str(e) + if not proc.check_perms(password_file.fileno()): + print >> sys.stderr, "Refusing to run with group- or world-readable password file. Try" + print >> sys.stderr, "\tchmod 600 %s" % options.password_filename + sys.exit(1) + for (lineno0, line) in enumerate(password_file.readlines()): + line = line.strip("\n") + if not line or line.startswith('#'): continue + # we do this stricter regex match because passwords might have spaces in + res = re.match(r"(?:(\S+)\s)?(\S+@\S+)\s(.+)", line) + if not res: + raise ValueError("could not find email or password on line %s" % (lineno0+1)) + (imap_addr_spec, email_addr, email_password) = res.groups() + imap_addr = parse_addr_spec( + imap_addr_spec or "", DEFAULT_IMAP_HOST, DEFAULT_IMAP_PORT) + break + else: + raise ValueError("no email line found") + except Exception, e: + print >> sys.stderr, """\ + Failed to parse password file "%s": %s. + Syntax is [<imap_host>] <email> <password>. + """ % (options.password_filename, str(e)) sys.exit(1) + finally: + password_file.close() -if options.imaplib_debug: - imaplib.Debug = 4 + if options.log_filename: + options.log_file = open(options.log_filename, "a") + # Send error tracebacks to the log. + sys.stderr = options.log_file + else: + options.log_file = sys.stdout + + if options.daemonize: + log(u"daemonizing") + pid = os.fork() + if pid != 0: + if options.pid_filename: + f = open(options.pid_filename, "w") + print >> f, pid + f.close() + sys.exit(0) + + if options.privdrop_username is not None: + log(u"dropping privileges to those of user %s" % options.privdrop_username) + try: + proc.drop_privs(options.privdrop_username) + except BaseException, e: + print >> sys.stderr, "Can't drop privileges:", str(e) + sys.exit(1) + + if options.imaplib_debug: + imaplib.Debug = 4 + + login_limit = RateLimit() + while True: + try: + imap = imap_login(imap_addr, email_addr, email_password) + try: + imap_loop(imap) + except imaplib.IMAP4.error: + imap.close() + imap.logout() + except (imaplib.IMAP4.error, ssl.SSLError, SSL.SSLError, socket.error), e: + # Try again after a disconnection. + log(u"lost server connection: %s" % str(e)) + except KeyboardInterrupt: + break + + # Don't reconnect too fast. + t = login_limit.time_to_wait() + if t > 0: + log(u"waiting %.2f seconds before logging in again" % t) + time.sleep(t) + + log(u"closing") + imap.close() + imap.logout() def message_get_date(msg): """Get the datetime when the message was received by reading the X-Received @@ -342,7 +368,7 @@ def imap_loop(imap): time.sleep(POLL_INTERVAL) -def imap_login(): +def imap_login(imap_addr, email_addr, email_password): """Make an IMAP connection, check the certificate and public key, and log in.""" with keys.temp_cert(keys.PIN_GOOGLE_CA_CERT) as ca_certs_file: imap = IMAP4_SSL_REQUIRED( @@ -375,27 +401,5 @@ class RateLimit(object): self.interval = self.interval * math.exp(-self.DECAY * delta) * self.MULTIPLIER return wait -login_limit = RateLimit() -while True: - try: - imap = imap_login() - try: - imap_loop(imap) - except imaplib.IMAP4.error: - imap.close() - imap.logout() - except (imaplib.IMAP4.error, ssl.SSLError, SSL.SSLError, socket.error), e: - # Try again after a disconnection. - log(u"lost server connection: %s" % str(e)) - except KeyboardInterrupt: - break - - # Don't reconnect too fast. - t = login_limit.time_to_wait() - if t > 0: - log(u"waiting %.2f seconds before logging in again" % t) - time.sleep(t) - -log(u"closing") -imap.close() -imap.logout() +if __name__ == "__main__": + main()

1 0

[flashproxy/master] match facilitator version with rest of package.
by infinity0＠torproject.org 21 Nov '13

21 Nov '13

commit 324da7ea4263249a57e5085043ba447122b665cb Author: Ximin Luo <infinity0(a)gmx.com> Date: Thu Nov 21 19:11:22 2013 +0000 match facilitator version with rest of package. --- facilitator/configure.ac | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/facilitator/configure.ac b/facilitator/configure.ac index 9ed50bc..e5184a2 100644 --- a/facilitator/configure.ac +++ b/facilitator/configure.ac @@ -1,5 +1,5 @@ AC_PREREQ([2.68]) -AC_INIT([flashproxy-facilitator], [1.3]) +AC_INIT([flashproxy-facilitator], [1.4]) AM_INIT_AUTOMAKE([-Wall -Werror foreign]) AC_ARG_VAR(fpfacilitatoruser, [the user/group for the facilitator to run as])

1 0

[tor-browser-bundle/master] Fix signature generation issues.
by mikeperry＠torproject.org 21 Nov '13

21 Nov '13

commit bd182fcc4ad77fe9ec3f8995dfdf4f1675e2b748 Author: Mike Perry <mikeperry-git(a)torproject.org> Date: Thu Nov 21 12:52:47 2013 -0800 Fix signature generation issues. --- gitian/check-match.sh | 2 +- gitian/hash-bundles.sh | 5 ++++- gitian/upload-signature.sh | 6 ++++-- 3 files changed, 9 insertions(+), 4 deletions(-) diff --git a/gitian/check-match.sh b/gitian/check-match.sh index 90f2025..1958e4a 100755 --- a/gitian/check-match.sh +++ b/gitian/check-match.sh @@ -3,7 +3,7 @@ # XXX: Args? HOST=people.torproject.org BASE_DIR=public_html/builds/ -USERS="ln5 mikeperry helix gk" +USERS="ln5 mikeperry erinn gk" set -e set -u diff --git a/gitian/hash-bundles.sh b/gitian/hash-bundles.sh index cbc0539..20a26d0 100755 --- a/gitian/hash-bundles.sh +++ b/gitian/hash-bundles.sh @@ -23,4 +23,7 @@ sha256sum `ls -1 | sort` > sha256sums.txt echo echo "If this is an official build, you should now sign your result with: " -echo " cd $TORBROWSER_VERSION && gpg -abs sha256sums.txt" +echo " make sign" +echo +echo "In either case, you can check against any official builds with: " +echo " make match" diff --git a/gitian/upload-signature.sh b/gitian/upload-signature.sh index bdfa7db..ffb97fe 100755 --- a/gitian/upload-signature.sh +++ b/gitian/upload-signature.sh @@ -22,11 +22,13 @@ fi . $VERSIONS_FILE -if [ ! -f $TORBROWSER_VERSION/sha256sums.txt ]; +if [ ! -f $TORBROWSER_VERSION/sha256sums.txt.asc ]; then - cd $TORBROWSER_VERSION && gpg -abs sha256sums.txt + pushd $TORBROWSER_VERSION && gpg -abs sha256sums.txt + popd fi + ssh $HOST "mkdir -p $BASE_DIR/$TORBROWSER_VERSION" scp $TORBROWSER_VERSION/sha256sums.txt* $HOST:$BASE_DIR/$TORBROWSER_VERSION/ ssh $HOST "chmod 755 $BASE_DIR/$TORBROWSER_VERSION && chmod 644 $BASE_DIR/$TORBROWSER_VERSION/*"

1 0