February 2014 - tor-commits - lists.torproject.org

[tor/master] Apply StrictNodes to hidden service directories early
by nickm＠torproject.org 11 Feb '14

11 Feb '14

commit bb21d14255c2f5c94173dda2ba30c83478044779 Author: Nick Mathewson <nickm(a)torproject.org> Date: Fri Jan 24 12:56:10 2014 -0500 Apply StrictNodes to hidden service directories early Previously, we would sometimes decide in directory_get_from_hs_dir() to connect to an excluded node, and then later in directory_initiate_command_routerstatus_rend() notice that it was excluded and strictnodes was set, and catch it as a stopgap. Additionally, this patch preferentially tries to fetch from non-excluded nodes even when StrictNodes is off. Fix for bug #10722. Bugfix on 0.2.0.10-alpha (the v2 hidserv directory system was introduced in e136f00ca). Reported by "mr-4". --- changes/bug10722 | 8 ++++++++ src/or/rendclient.c | 27 +++++++++++++++++++++++---- 2 files changed, 31 insertions(+), 4 deletions(-) diff --git a/changes/bug10722 b/changes/bug10722 new file mode 100644 index 0000000..dd4711f --- /dev/null +++ b/changes/bug10722 @@ -0,0 +1,8 @@ + o Minor bugfixes: + - Consider non-excluded hidden service directory servers before + excluded ones. Do not consider excluded hidden service directory + servers at all if StrictNodes was set. (Previously, we would + sometimes decide to connect to those servers, and then realize + before we initiated a connection that we had excluded them.) + Fix for bug #10722. Bugfix on 0.2.0.10-alpha. Reported by + "mr-4". diff --git a/src/or/rendclient.c b/src/or/rendclient.c index bb4bd9b..634a98c 100644 --- a/src/or/rendclient.c +++ b/src/or/rendclient.c @@ -617,11 +617,14 @@ static int directory_get_from_hs_dir(const char *desc_id, const rend_data_t *rend_query) { smartlist_t *responsible_dirs = smartlist_new(); + smartlist_t *usable_responsible_dirs = smartlist_new(); + const or_options_t *options = get_options(); routerstatus_t *hs_dir; char desc_id_base32[REND_DESC_ID_V2_LEN_BASE32 + 1]; time_t now = time(NULL); char descriptor_cookie_base64[3*REND_DESC_COOKIE_LEN_BASE64]; - int tor2web_mode = get_options()->Tor2webMode; + const int tor2web_mode = options->Tor2webMode; + int excluded_some; tor_assert(desc_id); tor_assert(rend_query); /* Determine responsible dirs. Even if we can't get all we want, @@ -642,16 +645,32 @@ directory_get_from_hs_dir(const char *desc_id, const rend_data_t *rend_query) dir, desc_id_base32, rend_query, 0, 0); const node_t *node = node_get_by_id(dir->identity_digest); if (last + REND_HID_SERV_DIR_REQUERY_PERIOD >= now || - !node || !node_has_descriptor(node)) - SMARTLIST_DEL_CURRENT(responsible_dirs, dir); + !node || !node_has_descriptor(node)) { + SMARTLIST_DEL_CURRENT(responsible_dirs, dir); + continue; + } + if (! routerset_contains_node(options->ExcludeNodes, node)) { + smartlist_add(usable_responsible_dirs, dir); + } }); - hs_dir = smartlist_choose(responsible_dirs); + excluded_some = + smartlist_len(usable_responsible_dirs) < smartlist_len(responsible_dirs); + + hs_dir = smartlist_choose(usable_responsible_dirs); + if (! hs_dir && ! options->StrictNodes) + hs_dir = smartlist_choose(responsible_dirs); + smartlist_free(responsible_dirs); + smartlist_free(usable_responsible_dirs); if (!hs_dir) { log_info(LD_REND, "Could not pick one of the responsible hidden " "service directories, because we requested them all " "recently without success."); + if (options->StrictNodes && excluded_some) { + log_info(LD_REND, "There are others that we could have tried, but " + "they are all excluded, and StrictNodes is set."); + } return 0; }

1 0

[obfs-flash/master] note that this is a temp workaround
by infinity0＠torproject.org 11 Feb '14

11 Feb '14

commit 7e2a1fbbee1b0941aaea197d1fedfd35f8560cc9 Author: Ximin Luo <infinity0(a)torproject.org> Date: Tue Feb 11 14:29:06 2014 +0000 note that this is a temp workaround --- obfs-flash-client | 1 + 1 file changed, 1 insertion(+) diff --git a/obfs-flash-client b/obfs-flash-client index 4f44bbc..32c0c9c 100755 --- a/obfs-flash-client +++ b/obfs-flash-client @@ -7,6 +7,7 @@ import sys from collections import namedtuple from functools import partial +# TODO(infinity0): this is temporary workaround until we do #10047 if sys.platform == 'win32': os.environ["KILL_CHILDREN_ON_DEATH"] = "1" from pyptlib.util import parse_addr_spec

1 0

[obfs-flash/master] Merge branch 'fix-w32-kill'
by infinity0＠torproject.org 11 Feb '14

11 Feb '14

commit c2ecc7e035a81bcd9cc23784d4be5dfac963beac Merge: a5bb87f 951616c Author: Ximin Luo <infinity0(a)torproject.org> Date: Tue Feb 11 14:28:38 2014 +0000 Merge branch 'fix-w32-kill' obfs-flash-client | 2 ++ setup.py | 14 ++++++++++++-- 2 files changed, 14 insertions(+), 2 deletions(-)

1 0

[obfs-flash/master] add txsocksx to direct deps, and zope.interface to indirect deps, in py2exe setup script
by infinity0＠torproject.org 11 Feb '14

11 Feb '14

commit 951616c9789689d572d52ee2764b0a3ca2bd0bb3 Author: Ximin Luo <infinity0(a)gmx.com> Date: Fri Nov 1 18:04:25 2013 +0000 add txsocksx to direct deps, and zope.interface to indirect deps, in py2exe setup script - works around py2exe on wine silently not finding them --- setup.py | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/setup.py b/setup.py index 2046d96..66f2262 100644 --- a/setup.py +++ b/setup.py @@ -1,13 +1,23 @@ from distutils.core import setup import py2exe +# if py2exe complains "can't find P", try one of the following workarounds: +# +# a. py2exe doesn't support zipped eggs - http://www.py2exe.org/index.cgi/ExeWithEggs +# You should give the --always-unzip option to easy_install, or you can use setup.py directly +# $ python setup.py install --record install.log --single-version-externally-managed +# Don't forget to remove the previous zipped egg. +# +# b. Add an empty __init__.py to the P/ top-level directory, if it's missing +# - this is due to a bug (or misleading documentation) in python's imp.find_module() + setup( console=["obfs-flash-client"], zipfile="py2exe-obfs-flash-client.zip", options={ "py2exe": { - "includes": ["pyptlib", "twisted"], - "packages": ["ometa", "terml"], + "includes": ["pyptlib", "twisted", "txsocksx"], + "packages": ["ometa", "terml", "zope.interface"], }, }, )

1 0

[obfs-flash/master] use the autokill workaround mentioned in 10006
by infinity0＠torproject.org 11 Feb '14

11 Feb '14

commit 14f5823a0965b29aa8b41682295b1a75ab78c152 Author: Ximin Luo <infinity0(a)gmx.com> Date: Tue Oct 29 21:09:57 2013 +0000 use the autokill workaround mentioned in 10006 --- obfs-flash-client | 2 ++ 1 file changed, 2 insertions(+) diff --git a/obfs-flash-client b/obfs-flash-client index 93d2223..4f44bbc 100755 --- a/obfs-flash-client +++ b/obfs-flash-client @@ -7,6 +7,8 @@ import sys from collections import namedtuple from functools import partial +if sys.platform == 'win32': + os.environ["KILL_CHILDREN_ON_DEATH"] = "1" from pyptlib.util import parse_addr_spec from pyptlib.util.subproc import auto_killall, Popen from pyptlib.client import ClientTransportPlugin

1 0

[tor/release-0.2.4] fold in changes entries
by arma＠torproject.org 11 Feb '14

11 Feb '14

commit cf2a78248f7cad2c129628653080329f4c7ad129 Author: Roger Dingledine <arma(a)torproject.org> Date: Tue Feb 11 06:23:41 2014 -0500 fold in changes entries --- ChangeLog | 26 ++++++++++++++++++++++++++ changes/bug10470 | 4 ---- changes/bug10485 | 4 ---- changes/bug10793 | 4 ---- changes/bug10835 | 4 ---- changes/bug9602 | 5 ----- changes/bug9716 | 4 ---- 7 files changed, 26 insertions(+), 25 deletions(-) diff --git a/ChangeLog b/ChangeLog index 595e259..876152d 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,29 @@ +Changes in version 0.2.4.21 - 2014-02-1? + + o Minor features: + - Always clear OpenSSL bignums before freeing them -- even bignums + that don't contain secrets. Resolves ticket 10793. Patch by + Florent Daigniere. + + o Minor bugfixes: + - Set the listen() backlog limit to the largest actually supported + on the system, not to the value in a header file. Fixes bug 9716; + bugfix on every released Tor. + - Avoid a segfault on SIGUSR1, where we had freed a connection but did + not entirely remove it from the connection lists. Fixes bug 9602; + bugfix on 0.2.4.4-alpha. + - Fix a segmentation fault in our benchmark code when running with + Fedora's OpenSSL package, or any other OpenSSL that provides + ECDH but not P224. Fixes bug 10835; bugfix on 0.2.4.8-alpha. + - Move log message about circuit handshake counts into the heartbeat + message where it belongs, instead of logging it once per hour + unconditionally. Fixes bug 10485; bugfix on 0.2.4.17-rc. + + o Documentation fixes: + - Document that all but one DirPort entry must have the NoAdvertise + flag set. Fixes bug 10470; bugfix on 0.2.3.3-alpha / 0.2.3.16-alpha. + + Changes in version 0.2.4.20 - 2013-12-22 Tor 0.2.4.20 fixes potentially poor random number generation for users who 1) use OpenSSL 1.0.0 or later, 2) set "HardwareAccel 1" in their diff --git a/changes/bug10470 b/changes/bug10470 deleted file mode 100644 index 2b75343..0000000 --- a/changes/bug10470 +++ /dev/null @@ -1,4 +0,0 @@ - o Documentation fixes: - - Note that all but one DirPort entry must have the NoAdvertise flag - set. Fix for #10470. - diff --git a/changes/bug10485 b/changes/bug10485 deleted file mode 100644 index 7e5fa53..0000000 --- a/changes/bug10485 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes: - - Move message about circuit handshake counts into the heartbeat - message where it belongs, instead of logging it once per hour - unconditionally. Fixes bug 10485; bugfix on 0.2.4.17-rc. diff --git a/changes/bug10793 b/changes/bug10793 deleted file mode 100644 index 24c4025..0000000 --- a/changes/bug10793 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor features (security): - - Always clear OpenSSL bignums before freeing them--even bignums - that don't contain secrets. Resolves ticket 10793. Patch by - Florent Daigniere. diff --git a/changes/bug10835 b/changes/bug10835 deleted file mode 100644 index 9df7bdd..0000000 --- a/changes/bug10835 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (testing): - - Fix a segmentation fault in our benchmark code when running with - Fedora's OpenSSL package, or any other OpenSSL that provides - ECDH but not P224. Fixes bug 10835; bugfix on 0.2.4.8-alpha. diff --git a/changes/bug9602 b/changes/bug9602 deleted file mode 100644 index 2dc13c4..0000000 --- a/changes/bug9602 +++ /dev/null @@ -1,5 +0,0 @@ - o Bugfixes - - Null out orconn->chan->conn when closing orconn in case orconn is freed - before channel_run_cleanup() gets to orconn->chan, and handle the null - conn edge case correctly in channel_tls_t methods. Fixes bug #9602; - bugfix on 0.2.4.4-alpha. diff --git a/changes/bug9716 b/changes/bug9716 deleted file mode 100644 index 5e39077..0000000 --- a/changes/bug9716 +++ /dev/null @@ -1,4 +0,0 @@ - o Bugfixes (performance): - - Set the listen() backlog limit to the largest actually supported - on the system, not to the value in a header file. Fixes bug 9716; - bugfix on every released Tor.

1 0

[tor-browser-bundle/master] Bug 10323: Omit libgcc and libstdc++ in TorBrowser
by gk＠torproject.org 11 Feb '14

11 Feb '14

commit 2a6f554fefd4768e8adb769c72d43770a1278ab2 Author: Georg Koppen <gk(a)torproject.org> Date: Tue Feb 11 09:51:30 2014 +0100 Bug 10323: Omit libgcc and libstdc++ in TorBrowser Since https://bugzilla.mozilla.org/show_bug.cgi?id=831707 and https://bugzilla.mozilla.org/show_bug.cgi?id=876416 landed Firefox code is linked statically against libgcc and libstdc++ when building with mingw-w64. We can therefore stop shipping both in Tor Browser Bundles based on Firefox 24 ESR. Relanding the backed out patch. --- gitian/descriptors/windows/gitian-firefox.yml | 2 -- 1 file changed, 2 deletions(-) diff --git a/gitian/descriptors/windows/gitian-firefox.yml b/gitian/descriptors/windows/gitian-firefox.yml index f985b56..1c151ea 100644 --- a/gitian/descriptors/windows/gitian-firefox.yml +++ b/gitian/descriptors/windows/gitian-firefox.yml @@ -164,8 +164,6 @@ script: | # make -C obj-* package INNER_MAKE_PACKAGE=true cp -a obj-*/dist/firefox/* $INSTDIR/Browser/ - cp -a /usr/i686-w64-mingw32/lib/libgcc_s_sjlj-1.dll $INSTDIR/Browser/ - cp -a /usr/i686-w64-mingw32/lib/libstdc*dll $INSTDIR/Browser/ cp -a ~/build/msvcr100.dll $INSTDIR/Browser/ # # What the hell are these three bytes anyways?

1 0

[tor-browser-bundle/master] Bug 10858: Fix error in TBB 3.5.1's changelog
by gk＠torproject.org 11 Feb '14

11 Feb '14

commit 7157aac5638432570d14dcd385e144a44ef2c4bf Author: Georg Koppen <gk(a)torproject.org> Date: Tue Feb 11 09:41:35 2014 +0100 Bug 10858: Fix error in TBB 3.5.1's changelog Change the changelog to match the corrected version on https://blog.torproject.org. --- Bundle-Data/Docs/ChangeLog.txt | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/Bundle-Data/Docs/ChangeLog.txt b/Bundle-Data/Docs/ChangeLog.txt index 2a8c15d..dfa7e1d 100644 --- a/Bundle-Data/Docs/ChangeLog.txt +++ b/Bundle-Data/Docs/ChangeLog.txt @@ -20,11 +20,12 @@ Tor Browser Bundle 3.5.1 -- Jan 22 2014 * All Platforms * Bug 10447: Remove SocksListenAddress to allow multiple socks ports. * Bug 10464: Remove addons.mozilla.org from NoScript whitelist + * Bug 10537: Build an Arabic version of TBB 3.5 * Update Torbutton to 1.6.5.5 * Bug 9486: Clear NoScript Temporary Permissions on New Identity - * Bug 10403: Include Arabic translations + * Include Arabic translations * Update Tor Launcher to 0.2.4.3 - * Bug 10403: Include Arabic translations + * Include Arabic translations * Update Tor to 0.2.4.20 * Update OpenSSL to 1.0.1f * Update NoScript to 2.6.8.12

1 0

r26607: {website} put new tbb on frontpage (website/trunk/en)
by Roger Dingledine 11 Feb '14

11 Feb '14

Author: arma Date: 2014-02-11 08:20:11 +0000 (Tue, 11 Feb 2014) New Revision: 26607 Modified: website/trunk/en/index.wml Log: put new tbb on frontpage Modified: website/trunk/en/index.wml =================================================================== --- website/trunk/en/index.wml 2014-02-11 03:08:54 UTC (rev 26606) +++ website/trunk/en/index.wml 2014-02-11 08:20:11 UTC (rev 26607) @@ -158,8 +158,8 @@ <table> <tr> <td> - <div class="calendar"><span class="month">Jan</span><br><span class="day">27</span></div> - <p>Tor Browser Bundle 3.5.1 Released. Read the <a href="https://blog.torproject.org/blog/tor-browser-351-released">release notice</a>. Please see the <a href="https://www.torproject.org/docs/faq.html.en#TBBFlash">FAQ listing</a> before contacting support or filing tickets.</p> + <div class="calendar"><span class="month">Feb</span><br><span class="day">10</span></div> + <p>Tor Browser Bundle 3.5.2 Released. Read the <a href="https://blog.torproject.org/blog/tor-browser-352-released">release notice</a>. Please see the <a href="https://trac.torproject.org/projects/tor/wiki/doc/TorBrowserBundle3FAQ">transition FAQ</a> before contacting support or filing tickets.</p> </td> </tr> <tr>

1 0

[torbirdy/master] Make sure we restore all preferences (closes #10588)
by sukhbir＠torproject.org 11 Feb '14

11 Feb '14

commit 8b1538c35410c456afccc13335366652bd811aa2 Author: Sukhbir Singh <sukhbir(a)torproject.org> Date: Sat Jan 11 20:40:28 2014 -0500 Make sure we restore all preferences (closes #10588) --- components/torbirdy.js | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/components/torbirdy.js b/components/torbirdy.js index b12bd41..475dcde 100644 --- a/components/torbirdy.js +++ b/components/torbirdy.js @@ -449,7 +449,10 @@ TorBirdy.prototype = { setAccountPrefs: function() { if (this.prefs.getBoolPref("extensions.torbirdy.first_run")) { // Save the current proxy settings so that the settings can be restored in case - // TorBirdy is uninstalled or disabled. (TorBirdyOldPrefs) + // TorBirdy is uninstalled or disabled. (TorBirdyOldPrefs). + // First copy TorBirdyPrefs to TorBirdyOldPrefs. + TorBirdyOldPrefs.push.apply(TorBirdyOldPrefs, Object.keys(TorBirdyPrefs)); + for (var i = 0; i < TorBirdyOldPrefs.length; i++) { var oldPref = TorBirdyOldPrefs[i]; var type = this.prefs.getPrefType(oldPref);

1 0