February 2014 - tor-commits - lists.torproject.org

[tor/master] Add changes file for ticket 10842.
by nickm＠torproject.org 11 Feb '14

11 Feb '14

commit aae4ebf63f4da02ff35b063bbaa744379fbfc1e1 Author: Karsten Loesing <karsten.loesing(a)gmx.net> Date: Tue Feb 11 08:44:35 2014 +0100 Add changes file for ticket 10842. This is a bugfix on 0.2.2.26-beta, because 6b83b3b made directory authorities remove themselves from the list of directory authorities to upload to, but didn't suppress the warning in case they're the only directory authority in the network. --- changes/bug10842 | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/changes/bug10842 b/changes/bug10842 new file mode 100644 index 0000000..0ead9e7 --- /dev/null +++ b/changes/bug10842 @@ -0,0 +1,4 @@ + o Minor bugfixes: + - Suppress a warning that votes and signatures cannot be uploaded to + other directory authorities if there's only one directory authority + in the network. Bugfix on 0.2.2.26-beta. Resolves ticket 10842.

1 0

[tor/master] Apply StrictNodes to hidden service directories early
by nickm＠torproject.org 11 Feb '14

11 Feb '14

commit bb21d14255c2f5c94173dda2ba30c83478044779 Author: Nick Mathewson <nickm(a)torproject.org> Date: Fri Jan 24 12:56:10 2014 -0500 Apply StrictNodes to hidden service directories early Previously, we would sometimes decide in directory_get_from_hs_dir() to connect to an excluded node, and then later in directory_initiate_command_routerstatus_rend() notice that it was excluded and strictnodes was set, and catch it as a stopgap. Additionally, this patch preferentially tries to fetch from non-excluded nodes even when StrictNodes is off. Fix for bug #10722. Bugfix on 0.2.0.10-alpha (the v2 hidserv directory system was introduced in e136f00ca). Reported by "mr-4". --- changes/bug10722 | 8 ++++++++ src/or/rendclient.c | 27 +++++++++++++++++++++++---- 2 files changed, 31 insertions(+), 4 deletions(-) diff --git a/changes/bug10722 b/changes/bug10722 new file mode 100644 index 0000000..dd4711f --- /dev/null +++ b/changes/bug10722 @@ -0,0 +1,8 @@ + o Minor bugfixes: + - Consider non-excluded hidden service directory servers before + excluded ones. Do not consider excluded hidden service directory + servers at all if StrictNodes was set. (Previously, we would + sometimes decide to connect to those servers, and then realize + before we initiated a connection that we had excluded them.) + Fix for bug #10722. Bugfix on 0.2.0.10-alpha. Reported by + "mr-4". diff --git a/src/or/rendclient.c b/src/or/rendclient.c index bb4bd9b..634a98c 100644 --- a/src/or/rendclient.c +++ b/src/or/rendclient.c @@ -617,11 +617,14 @@ static int directory_get_from_hs_dir(const char *desc_id, const rend_data_t *rend_query) { smartlist_t *responsible_dirs = smartlist_new(); + smartlist_t *usable_responsible_dirs = smartlist_new(); + const or_options_t *options = get_options(); routerstatus_t *hs_dir; char desc_id_base32[REND_DESC_ID_V2_LEN_BASE32 + 1]; time_t now = time(NULL); char descriptor_cookie_base64[3*REND_DESC_COOKIE_LEN_BASE64]; - int tor2web_mode = get_options()->Tor2webMode; + const int tor2web_mode = options->Tor2webMode; + int excluded_some; tor_assert(desc_id); tor_assert(rend_query); /* Determine responsible dirs. Even if we can't get all we want, @@ -642,16 +645,32 @@ directory_get_from_hs_dir(const char *desc_id, const rend_data_t *rend_query) dir, desc_id_base32, rend_query, 0, 0); const node_t *node = node_get_by_id(dir->identity_digest); if (last + REND_HID_SERV_DIR_REQUERY_PERIOD >= now || - !node || !node_has_descriptor(node)) - SMARTLIST_DEL_CURRENT(responsible_dirs, dir); + !node || !node_has_descriptor(node)) { + SMARTLIST_DEL_CURRENT(responsible_dirs, dir); + continue; + } + if (! routerset_contains_node(options->ExcludeNodes, node)) { + smartlist_add(usable_responsible_dirs, dir); + } }); - hs_dir = smartlist_choose(responsible_dirs); + excluded_some = + smartlist_len(usable_responsible_dirs) < smartlist_len(responsible_dirs); + + hs_dir = smartlist_choose(usable_responsible_dirs); + if (! hs_dir && ! options->StrictNodes) + hs_dir = smartlist_choose(responsible_dirs); + smartlist_free(responsible_dirs); + smartlist_free(usable_responsible_dirs); if (!hs_dir) { log_info(LD_REND, "Could not pick one of the responsible hidden " "service directories, because we requested them all " "recently without success."); + if (options->StrictNodes && excluded_some) { + log_info(LD_REND, "There are others that we could have tried, but " + "they are all excluded, and StrictNodes is set."); + } return 0; }

1 0

[obfs-flash/master] note that this is a temp workaround
by infinity0＠torproject.org 11 Feb '14

11 Feb '14

commit 7e2a1fbbee1b0941aaea197d1fedfd35f8560cc9 Author: Ximin Luo <infinity0(a)torproject.org> Date: Tue Feb 11 14:29:06 2014 +0000 note that this is a temp workaround --- obfs-flash-client | 1 + 1 file changed, 1 insertion(+) diff --git a/obfs-flash-client b/obfs-flash-client index 4f44bbc..32c0c9c 100755 --- a/obfs-flash-client +++ b/obfs-flash-client @@ -7,6 +7,7 @@ import sys from collections import namedtuple from functools import partial +# TODO(infinity0): this is temporary workaround until we do #10047 if sys.platform == 'win32': os.environ["KILL_CHILDREN_ON_DEATH"] = "1" from pyptlib.util import parse_addr_spec

1 0

[obfs-flash/master] Merge branch 'fix-w32-kill'
by infinity0＠torproject.org 11 Feb '14

11 Feb '14

commit c2ecc7e035a81bcd9cc23784d4be5dfac963beac Merge: a5bb87f 951616c Author: Ximin Luo <infinity0(a)torproject.org> Date: Tue Feb 11 14:28:38 2014 +0000 Merge branch 'fix-w32-kill' obfs-flash-client | 2 ++ setup.py | 14 ++++++++++++-- 2 files changed, 14 insertions(+), 2 deletions(-)

1 0

[obfs-flash/master] add txsocksx to direct deps, and zope.interface to indirect deps, in py2exe setup script
by infinity0＠torproject.org 11 Feb '14

11 Feb '14

commit 951616c9789689d572d52ee2764b0a3ca2bd0bb3 Author: Ximin Luo <infinity0(a)gmx.com> Date: Fri Nov 1 18:04:25 2013 +0000 add txsocksx to direct deps, and zope.interface to indirect deps, in py2exe setup script - works around py2exe on wine silently not finding them --- setup.py | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/setup.py b/setup.py index 2046d96..66f2262 100644 --- a/setup.py +++ b/setup.py @@ -1,13 +1,23 @@ from distutils.core import setup import py2exe +# if py2exe complains "can't find P", try one of the following workarounds: +# +# a. py2exe doesn't support zipped eggs - http://www.py2exe.org/index.cgi/ExeWithEggs +# You should give the --always-unzip option to easy_install, or you can use setup.py directly +# $ python setup.py install --record install.log --single-version-externally-managed +# Don't forget to remove the previous zipped egg. +# +# b. Add an empty __init__.py to the P/ top-level directory, if it's missing +# - this is due to a bug (or misleading documentation) in python's imp.find_module() + setup( console=["obfs-flash-client"], zipfile="py2exe-obfs-flash-client.zip", options={ "py2exe": { - "includes": ["pyptlib", "twisted"], - "packages": ["ometa", "terml"], + "includes": ["pyptlib", "twisted", "txsocksx"], + "packages": ["ometa", "terml", "zope.interface"], }, }, )

1 0

[obfs-flash/master] use the autokill workaround mentioned in 10006
by infinity0＠torproject.org 11 Feb '14

11 Feb '14

commit 14f5823a0965b29aa8b41682295b1a75ab78c152 Author: Ximin Luo <infinity0(a)gmx.com> Date: Tue Oct 29 21:09:57 2013 +0000 use the autokill workaround mentioned in 10006 --- obfs-flash-client | 2 ++ 1 file changed, 2 insertions(+) diff --git a/obfs-flash-client b/obfs-flash-client index 93d2223..4f44bbc 100755 --- a/obfs-flash-client +++ b/obfs-flash-client @@ -7,6 +7,8 @@ import sys from collections import namedtuple from functools import partial +if sys.platform == 'win32': + os.environ["KILL_CHILDREN_ON_DEATH"] = "1" from pyptlib.util import parse_addr_spec from pyptlib.util.subproc import auto_killall, Popen from pyptlib.client import ClientTransportPlugin

1 0

[tor/release-0.2.4] fold in changes entries
by arma＠torproject.org 11 Feb '14

11 Feb '14

commit cf2a78248f7cad2c129628653080329f4c7ad129 Author: Roger Dingledine <arma(a)torproject.org> Date: Tue Feb 11 06:23:41 2014 -0500 fold in changes entries --- ChangeLog | 26 ++++++++++++++++++++++++++ changes/bug10470 | 4 ---- changes/bug10485 | 4 ---- changes/bug10793 | 4 ---- changes/bug10835 | 4 ---- changes/bug9602 | 5 ----- changes/bug9716 | 4 ---- 7 files changed, 26 insertions(+), 25 deletions(-) diff --git a/ChangeLog b/ChangeLog index 595e259..876152d 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,29 @@ +Changes in version 0.2.4.21 - 2014-02-1? + + o Minor features: + - Always clear OpenSSL bignums before freeing them -- even bignums + that don't contain secrets. Resolves ticket 10793. Patch by + Florent Daigniere. + + o Minor bugfixes: + - Set the listen() backlog limit to the largest actually supported + on the system, not to the value in a header file. Fixes bug 9716; + bugfix on every released Tor. + - Avoid a segfault on SIGUSR1, where we had freed a connection but did + not entirely remove it from the connection lists. Fixes bug 9602; + bugfix on 0.2.4.4-alpha. + - Fix a segmentation fault in our benchmark code when running with + Fedora's OpenSSL package, or any other OpenSSL that provides + ECDH but not P224. Fixes bug 10835; bugfix on 0.2.4.8-alpha. + - Move log message about circuit handshake counts into the heartbeat + message where it belongs, instead of logging it once per hour + unconditionally. Fixes bug 10485; bugfix on 0.2.4.17-rc. + + o Documentation fixes: + - Document that all but one DirPort entry must have the NoAdvertise + flag set. Fixes bug 10470; bugfix on 0.2.3.3-alpha / 0.2.3.16-alpha. + + Changes in version 0.2.4.20 - 2013-12-22 Tor 0.2.4.20 fixes potentially poor random number generation for users who 1) use OpenSSL 1.0.0 or later, 2) set "HardwareAccel 1" in their diff --git a/changes/bug10470 b/changes/bug10470 deleted file mode 100644 index 2b75343..0000000 --- a/changes/bug10470 +++ /dev/null @@ -1,4 +0,0 @@ - o Documentation fixes: - - Note that all but one DirPort entry must have the NoAdvertise flag - set. Fix for #10470. - diff --git a/changes/bug10485 b/changes/bug10485 deleted file mode 100644 index 7e5fa53..0000000 --- a/changes/bug10485 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes: - - Move message about circuit handshake counts into the heartbeat - message where it belongs, instead of logging it once per hour - unconditionally. Fixes bug 10485; bugfix on 0.2.4.17-rc. diff --git a/changes/bug10793 b/changes/bug10793 deleted file mode 100644 index 24c4025..0000000 --- a/changes/bug10793 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor features (security): - - Always clear OpenSSL bignums before freeing them--even bignums - that don't contain secrets. Resolves ticket 10793. Patch by - Florent Daigniere. diff --git a/changes/bug10835 b/changes/bug10835 deleted file mode 100644 index 9df7bdd..0000000 --- a/changes/bug10835 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (testing): - - Fix a segmentation fault in our benchmark code when running with - Fedora's OpenSSL package, or any other OpenSSL that provides - ECDH but not P224. Fixes bug 10835; bugfix on 0.2.4.8-alpha. diff --git a/changes/bug9602 b/changes/bug9602 deleted file mode 100644 index 2dc13c4..0000000 --- a/changes/bug9602 +++ /dev/null @@ -1,5 +0,0 @@ - o Bugfixes - - Null out orconn->chan->conn when closing orconn in case orconn is freed - before channel_run_cleanup() gets to orconn->chan, and handle the null - conn edge case correctly in channel_tls_t methods. Fixes bug #9602; - bugfix on 0.2.4.4-alpha. diff --git a/changes/bug9716 b/changes/bug9716 deleted file mode 100644 index 5e39077..0000000 --- a/changes/bug9716 +++ /dev/null @@ -1,4 +0,0 @@ - o Bugfixes (performance): - - Set the listen() backlog limit to the largest actually supported - on the system, not to the value in a header file. Fixes bug 9716; - bugfix on every released Tor.

1 0

[tor-browser-bundle/master] Bug 10323: Omit libgcc and libstdc++ in TorBrowser
by gk＠torproject.org 11 Feb '14

11 Feb '14

commit 2a6f554fefd4768e8adb769c72d43770a1278ab2 Author: Georg Koppen <gk(a)torproject.org> Date: Tue Feb 11 09:51:30 2014 +0100 Bug 10323: Omit libgcc and libstdc++ in TorBrowser Since https://bugzilla.mozilla.org/show_bug.cgi?id=831707 and https://bugzilla.mozilla.org/show_bug.cgi?id=876416 landed Firefox code is linked statically against libgcc and libstdc++ when building with mingw-w64. We can therefore stop shipping both in Tor Browser Bundles based on Firefox 24 ESR. Relanding the backed out patch. --- gitian/descriptors/windows/gitian-firefox.yml | 2 -- 1 file changed, 2 deletions(-) diff --git a/gitian/descriptors/windows/gitian-firefox.yml b/gitian/descriptors/windows/gitian-firefox.yml index f985b56..1c151ea 100644 --- a/gitian/descriptors/windows/gitian-firefox.yml +++ b/gitian/descriptors/windows/gitian-firefox.yml @@ -164,8 +164,6 @@ script: | # make -C obj-* package INNER_MAKE_PACKAGE=true cp -a obj-*/dist/firefox/* $INSTDIR/Browser/ - cp -a /usr/i686-w64-mingw32/lib/libgcc_s_sjlj-1.dll $INSTDIR/Browser/ - cp -a /usr/i686-w64-mingw32/lib/libstdc*dll $INSTDIR/Browser/ cp -a ~/build/msvcr100.dll $INSTDIR/Browser/ # # What the hell are these three bytes anyways?

1 0

[tor-browser-bundle/master] Bug 10858: Fix error in TBB 3.5.1's changelog
by gk＠torproject.org 11 Feb '14

11 Feb '14

commit 7157aac5638432570d14dcd385e144a44ef2c4bf Author: Georg Koppen <gk(a)torproject.org> Date: Tue Feb 11 09:41:35 2014 +0100 Bug 10858: Fix error in TBB 3.5.1's changelog Change the changelog to match the corrected version on https://blog.torproject.org. --- Bundle-Data/Docs/ChangeLog.txt | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/Bundle-Data/Docs/ChangeLog.txt b/Bundle-Data/Docs/ChangeLog.txt index 2a8c15d..dfa7e1d 100644 --- a/Bundle-Data/Docs/ChangeLog.txt +++ b/Bundle-Data/Docs/ChangeLog.txt @@ -20,11 +20,12 @@ Tor Browser Bundle 3.5.1 -- Jan 22 2014 * All Platforms * Bug 10447: Remove SocksListenAddress to allow multiple socks ports. * Bug 10464: Remove addons.mozilla.org from NoScript whitelist + * Bug 10537: Build an Arabic version of TBB 3.5 * Update Torbutton to 1.6.5.5 * Bug 9486: Clear NoScript Temporary Permissions on New Identity - * Bug 10403: Include Arabic translations + * Include Arabic translations * Update Tor Launcher to 0.2.4.3 - * Bug 10403: Include Arabic translations + * Include Arabic translations * Update Tor to 0.2.4.20 * Update OpenSSL to 1.0.1f * Update NoScript to 2.6.8.12

1 0

r26607: {website} put new tbb on frontpage (website/trunk/en)
by Roger Dingledine 11 Feb '14

11 Feb '14

Author: arma Date: 2014-02-11 08:20:11 +0000 (Tue, 11 Feb 2014) New Revision: 26607 Modified: website/trunk/en/index.wml Log: put new tbb on frontpage Modified: website/trunk/en/index.wml =================================================================== --- website/trunk/en/index.wml 2014-02-11 03:08:54 UTC (rev 26606) +++ website/trunk/en/index.wml 2014-02-11 08:20:11 UTC (rev 26607) @@ -158,8 +158,8 @@ <table> <tr> <td> - <div class="calendar"><span class="month">Jan</span><br><span class="day">27</span></div> - <p>Tor Browser Bundle 3.5.1 Released. Read the <a href="https://blog.torproject.org/blog/tor-browser-351-released">release notice</a>. Please see the <a href="https://www.torproject.org/docs/faq.html.en#TBBFlash">FAQ listing</a> before contacting support or filing tickets.</p> + <div class="calendar"><span class="month">Feb</span><br><span class="day">10</span></div> + <p>Tor Browser Bundle 3.5.2 Released. Read the <a href="https://blog.torproject.org/blog/tor-browser-352-released">release notice</a>. Please see the <a href="https://trac.torproject.org/projects/tor/wiki/doc/TorBrowserBundle3FAQ">transition FAQ</a> before contacting support or filing tickets.</p> </td> </tr> <tr>

1 0