February 2014 - tor-commits - lists.torproject.org

[tor-browser-bundle/master] Remove a diff file.
by mikeperry＠torproject.org 28 Feb '14

28 Feb '14

commit ec7da09f018252ff92d3728eb22e27e0934f83d1 Author: Mike Perry <mikeperry-git(a)torproject.org> Date: Fri Feb 28 05:25:35 2014 -0800 Remove a diff file. It got added during a conflict resolution that got squashed. --- gitian/versions.diff | 45 --------------------------------------------- 1 file changed, 45 deletions(-) diff --git a/gitian/versions.diff b/gitian/versions.diff deleted file mode 100644 index 69001a8..0000000 --- a/gitian/versions.diff +++ /dev/null @@ -1,45 +0,0 @@ -diff --git a/gitian/versions.nightly b/gitian/versions.nightly -index b9b5835..f3dfe9d 100755 ---- a/gitian/versions.nightly -+++ b/gitian/versions.nightly -@@ -12,13 +12,14 @@ NSIS_TAG=v0.1 - ZLIB_TAG=v1.2.8 - LIBEVENT_TAG=release-2.0.21-stable - MINGW_REV=6184 --PYPTLIB_TAG=pyptlib-0.0.4 --OBFSPROXY_TAG=obfsproxy-0.2.3 -+PYPTLIB_TAG=pyptlib-0.0.5 -+OBFSPROXY_TAG=obfsproxy-0.2.4 - FLASHPROXY_TAG=1.6 - - GITIAN_TAG=tor-browser-builder-3.0-4 - - OPENSSL_VER=1.0.1f -+GMP_VER=5.1.3 - FIREFOX_LANG_VER=24.3.0esr - BINUTILS_VER=2.22 - GCC_VER=4.6.3 -@@ -33,6 +34,7 @@ SETUPTOOLS_VER=1.4 - - ## File names for the source packages - OPENSSL_PACKAGE=openssl-${OPENSSL_VER}.tar.gz -+GMP_PACKAGE=gmp-${GMP_VER}.tar.bz2 - NOSCRIPT_PACKAGE=noscript_security_suite-2.6.8.13-fn+sm+fx.xpi - TOOLCHAIN4_PACKAGE=x86_64-apple-darwin10.tar.xz - OSXSDK_PACKAGE=apple-uni-sdk-10.6_20110407-0.flosoft1_i386.deb -@@ -52,6 +54,7 @@ SETUPTOOLS_PACKAGE=setuptools-${SETUPTOOLS_VER}.tar.gz - - # Hashes for packages with weak sigs or no sigs - OPENSSL_HASH=6cc2a80b17d64de6b7bac985745fdaba971d54ffd7d38d3556f998d7c0c9cb5a -+GMP_HASH=752079520b4690531171d0f4532e40f08600215feefede70b24fabdc6f1ab160 - OSXSDK_HASH=6602d8d5ddb371fbc02e2a5967d9bd0cd7358d46f9417753c8234b923f2ea6fc - TOOLCHAIN4_HASH=7b71bfe02820409b994c5c33a7eab81a81c72550f5da85ff7af70da3da244645 - NOSCRIPT_HASH=0d90f283ee9e3be5bb1ebc315fab12994ff5a15380bd3a2fdff62750286b4ea1 -@@ -67,6 +70,7 @@ SETUPTOOLS_HASH=75d288687066ed124311d6ca5f40ffa92a0e81adcd7fff318c6e84082713cf39 - - ## Non-git package URLs - OPENSSL_URL=https://www.openssl.org/source/${OPENSSL_PACKAGE} -+GMP_URL=https://ftp.gnu.org/gnu/gmp/${GMP_PACKAGE} - TOOLCHAIN4_URL=https://people.torproject.org/~mikeperry/mirrors/sources/${T… - OSXSDK_URL=https://launchpad.net/~flosoft/+archive/cross-apple/+files/${OSX… - BINUTILS_URL=https://ftp.gnu.org/gnu/binutils/${BINUTILS_PACKAGE}

1 0

[tor-browser-bundle/master] Specify a tag for fteproxy for all builds.
by mikeperry＠torproject.org 28 Feb '14

28 Feb '14

commit d4470583ce2d681589e1f56b73fbbef83c3510be Author: Mike Perry <mikeperry-git(a)torproject.org> Date: Fri Feb 28 09:39:48 2014 -0800 Specify a tag for fteproxy for all builds. --- gitian/versions | 1 + gitian/versions.alpha | 1 + gitian/versions.nightly | 1 + 3 files changed, 3 insertions(+) diff --git a/gitian/versions b/gitian/versions index 389e3e1..11eb1db 100755 --- a/gitian/versions +++ b/gitian/versions @@ -15,6 +15,7 @@ MINGW_REV=6184 PYPTLIB_TAG=pyptlib-0.0.5 OBFSPROXY_TAG=obfsproxy-0.2.4 FLASHPROXY_TAG=1.6 +FTEPROXY_TAG=0.2.6 LIBDMG_TAG=dfd5e5cc3dc1191e37d3c3a6118975afdd1d7014 GITIAN_TAG=tor-browser-builder-3.x-5 diff --git a/gitian/versions.alpha b/gitian/versions.alpha index f190d5a..b6ee2c2 100755 --- a/gitian/versions.alpha +++ b/gitian/versions.alpha @@ -15,6 +15,7 @@ MINGW_REV=6184 PYPTLIB_TAG=pyptlib-0.0.5 OBFSPROXY_TAG=obfsproxy-0.2.4 FLASHPROXY_TAG=1.6 +FTEPROXY_TAG=0.2.6 LIBDMG_TAG=dfd5e5cc3dc1191e37d3c3a6118975afdd1d7014 GITIAN_TAG=tor-browser-builder-3.x-5 diff --git a/gitian/versions.nightly b/gitian/versions.nightly index 0c7f50d..436536e 100755 --- a/gitian/versions.nightly +++ b/gitian/versions.nightly @@ -15,6 +15,7 @@ MINGW_REV=6184 PYPTLIB_TAG=master OBFSPROXY_TAG=master FLASHPROXY_TAG=master +FTEPROXY_TAG=master LIBDMG_TAG=dfd5e5cc3dc1191e37d3c3a6118975afdd1d7014 GITIAN_TAG=tor-browser-builder-3.x-5

1 0

[torspec/master] prop229: another question
by nickm＠torproject.org 28 Feb '14

28 Feb '14

commit ff710b91e7062158c6f9ca07fd7ff507a1d89965 Author: Nick Mathewson <nickm(a)torproject.org> Date: Fri Feb 28 12:07:46 2014 -0500 prop229: another question --- proposals/229-further-socks5-extensions.txt | 2 ++ 1 file changed, 2 insertions(+) diff --git a/proposals/229-further-socks5-extensions.txt b/proposals/229-further-socks5-extensions.txt index d9519b0..0574751 100644 --- a/proposals/229-further-socks5-extensions.txt +++ b/proposals/229-further-socks5-extensions.txt @@ -145,6 +145,8 @@ Status: Draft [XXXX What should a client if it gets a value here it does not recognize? -NM] + [XXXX Should we recommend any namespace conventions for these? -NM] + 2.2. Tor Extended SOCKS5 Reply Codes

1 0

[torspec/master] prop229: more changelog
by nickm＠torproject.org 28 Feb '14

28 Feb '14

commit 533f6129cec74197aa88dfa0da2431723252b47a Author: Nick Mathewson <nickm(a)torproject.org> Date: Fri Feb 28 12:06:03 2014 -0500 prop229: more changelog --- proposals/229-further-socks5-extensions.txt | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/proposals/229-further-socks5-extensions.txt b/proposals/229-further-socks5-extensions.txt index c0a6762..d9519b0 100644 --- a/proposals/229-further-socks5-extensions.txt +++ b/proposals/229-further-socks5-extensions.txt @@ -243,3 +243,7 @@ Status: Draft predefined keys. * Change the auth method number to 0x97 + 2014-02-28 (nickm's fault) + * check it into git + * clean text a little, fix redundancy + * ask some questions

1 0

[torspec/master] Add some questions to proposal 229
by nickm＠torproject.org 28 Feb '14

28 Feb '14

commit f543cf5836c24dcba175e353f7ef4d3b82d2c77d Author: Nick Mathewson <nickm(a)torproject.org> Date: Fri Feb 28 12:04:54 2014 -0500 Add some questions to proposal 229 --- proposals/229-further-socks5-extensions.txt | 33 +++++++++++++++++++++++---- 1 file changed, 28 insertions(+), 5 deletions(-) diff --git a/proposals/229-further-socks5-extensions.txt b/proposals/229-further-socks5-extensions.txt index 400712c..c0a6762 100644 --- a/proposals/229-further-socks5-extensions.txt +++ b/proposals/229-further-socks5-extensions.txt @@ -114,6 +114,9 @@ Status: Draft If a server sends a response indicating failure (STATUS value other than X'00') it MUST close the connection. + [XXXX What should a client if it gets a value here it does + not recognize?] + NR PAIRS, KLEN, KEY, VLEN, VALUE: These fields have the same format as they do in Extended @@ -125,7 +128,23 @@ Status: Draft * "USERNAME" The username for authentication. * "PASSWD" The password for authentication. - [XXX - Add some more here, Stream isolation?] + [XXXX What do these do? What is their behavior? Are they + client-only? Right now, Tor uses SOCKS5 usernames and + passwords in two ways: + + 1) as a way to control isolation, when receiving them + from a SOCKS client. + 2) as a way to encode arbitrary data, when sending data + to a PT. + + Neither of these seem necessary any more. We can turn 1 into + a new KEY, and we can turn 2 into a new set of keys. -NM] + + [XXX - Add some more here, Stream isolation? -YA] + + [XXXX What should a client if it gets a value here it does + not recognize? -NM] + 2.2. Tor Extended SOCKS5 Reply Codes @@ -136,6 +155,9 @@ Status: Draft Authentication" as part of the version identifier/method selection SOCKS5 message. + [Actually, should this perhaps be controlled by additional KEY? + (I'm not sure.) -NM] + Where: * X'E0' Hidden Service Not Found @@ -190,9 +212,10 @@ Status: Draft Identical security considerations to RFC 1929 Username/Password authentication applies when doing Username/Password - authentication using the keys reserved for such. As the - USERNAME/PASSWD fields are carried in cleartext, this authentication - method MUST NOT be used in scenarios where sniffing is possible. + authentication using the keys reserved for such. As SOCKS5 is + sent in cleartext, this extension (like the rest of the SOCKS5 + protocol) MUST NOT be used in scenarios where sniffing is possible. + The authors of this proposal note that binding any of the Tor (and associated) SOCKS5 servers to non-loopback interfaces is strongly discouraged currently, so in the current model this is @@ -211,7 +234,7 @@ Status: Draft Appelbaum, J., Mathewson, N., "Pluggable Transport Specification", June 2012. -[XXX - Changelog (Remove when accepted)] +[XXX - Changelog (Remove when accepted) -YA] 2014-02-28 (Thanks to nickm/arma) * Generalize to also support tor

1 0

[torspec/master] Fix spelling, expand UNAME->USERNAME
by nickm＠torproject.org 28 Feb '14

28 Feb '14

commit 8f5b73e80649e7efe48c19487ce478402a409ce6 Author: Nick Mathewson <nickm(a)torproject.org> Date: Fri Feb 28 11:57:26 2014 -0500 Fix spelling, expand UNAME->USERNAME --- proposals/229-further-socks5-extensions.txt | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/proposals/229-further-socks5-extensions.txt b/proposals/229-further-socks5-extensions.txt index 0371f02..8090528 100644 --- a/proposals/229-further-socks5-extensions.txt +++ b/proposals/229-further-socks5-extensions.txt @@ -8,7 +8,7 @@ Status: Draft We propose extending the SOCKS5 protocol to allow passing more per-session metadata, and to allow returning more meaningful - reponse failure codes back to the client. + response failure codes back to the client. 1. Introduction @@ -76,7 +76,7 @@ Status: Draft VLEN: 16 bits (unsigned integer) This field specifies the length of the value in bytes. It - MUST be tramsmitted in network byte order. It MAY be + MUST be transmitted in network byte order. It MAY be X'0000', in which case the corresponding VALUE field is omitted. @@ -86,7 +86,7 @@ Status: Draft The responder will verify the contents of the Extended - Authentication request and send the followint response: + Authentication request and send the following response: +----+--------+----------+-------+-------------+-------+-------------+--- |VER | STATUS | NR PAIRS | KLEN1 | KEY1 | VLEN1 | VALUE1 | ... @@ -128,7 +128,7 @@ Status: Draft VLEN: 16 bits (unsigned integer) This field specifies the length of the value in bytes. It - MUST be tramsmitted in network byte order. It MAY be + MUST be transmitted in network byte order. It MAY be X'0000', in which case the corresponding VALUE field is omitted. @@ -138,7 +138,7 @@ Status: Draft The currently defined KEYs are: - * "UNAME" The username for authentication. + * "USERNAME" The username for authentication. * "PASSWD" The password for authentication. [XXX - Add some more here, Stream isolation?] @@ -207,7 +207,7 @@ Status: Draft Identical security considerations to RFC 1929 Username/Password authentication applies when doing Username/Password authentication using the keys reserved for such. As the - UNAME/PASSWD fields are carried in cleartext, this authentication + USERNAME/PASSWD fields are carried in cleartext, this authentication method MUST NOT be used in scenarios where sniffing is possible. The authors of this proposal note that binding any of the Tor (and associated) SOCKS5 servers to non-loopback interfaces is

1 0

[torspec/master] make proposal 229 a little more terse; add a meta-MUST
by nickm＠torproject.org 28 Feb '14

28 Feb '14

commit 6fdf4273d1b51bd2dceaf6225497b43d47521580 Author: Nick Mathewson <nickm(a)torproject.org> Date: Fri Feb 28 12:01:53 2014 -0500 make proposal 229 a little more terse; add a meta-MUST --- proposals/229-further-socks5-extensions.txt | 44 +++++++++------------------ 1 file changed, 14 insertions(+), 30 deletions(-) diff --git a/proposals/229-further-socks5-extensions.txt b/proposals/229-further-socks5-extensions.txt index 8090528..400712c 100644 --- a/proposals/229-further-socks5-extensions.txt +++ b/proposals/229-further-socks5-extensions.txt @@ -44,6 +44,13 @@ Status: Draft After the authentication method has been negotiated following the standard SOCKS5 protocol, the actual authentication phase begins. + If any requirement labeled with a "MUST" below in this protocol + is violated, the party receiving the violation MUST close the + connection. + + All multibyte numeric values in this protocol MUST be transmitted + in network (big-endian) byte order. + The initiator will send an Extended Authentication request: +----+----------+-------+-------------+-------+-------------+--- @@ -60,24 +67,21 @@ Status: Draft NR PAIRS: 16 bits (unsigned integer) This field specifies the number of key/value pairs to follow. - The NR PAIRS field MUST be transmitted in network byte order. KLEN: 16 bits (unsigned integer) This field specifies the length of the key in bytes. It MUST - be transmitted in network byte order, and MUST be greater - than 0. + be greater than 0. KEY: variable length This field contains the key associated with the subsequent - VALUE field as an ASCII string, without a NULL terminator. + VALUE field as an ASCII string, without a NUL terminator. VLEN: 16 bits (unsigned integer) - This field specifies the length of the value in bytes. It - MUST be transmitted in network byte order. It MAY be - X'0000', in which case the corresponding VALUE field is + This field specifies the length of the value in bytes. It MAY + be X'0000', in which case the corresponding VALUE field is omitted. VALUE: variable length, optional @@ -110,31 +114,11 @@ Status: Draft If a server sends a response indicating failure (STATUS value other than X'00') it MUST close the connection. - NR PAIRS: 16 bits (unsigned integer) - - This field specifies the number of key/value pairs to follow. - The NR PAIRS field MUST be transmitted in network byte order. - - KLEN: 16 bits (unsigned integer) - - This field specifies the length of the key in bytes. It MUST be - transmitted in network byte order, and MUST be greater than 0. - - KEY: variable length + NR PAIRS, KLEN, KEY, VLEN, VALUE: - This field contains the key associated with the subsequent - VALUE field as an ASCII string, without a NULL terminator. + These fields have the same format as they do in Extended + Authentication requests. - VLEN: 16 bits (unsigned integer) - - This field specifies the length of the value in bytes. It - MUST be transmitted in network byte order. It MAY be - X'0000', in which case the corresponding VALUE field is - omitted. - - VALUE: variable length, optional - - The value corresponding to the KEY. The currently defined KEYs are:

1 0

[translation/tails-perl5lib_completed] Update translations for tails-perl5lib_completed
by translation＠torproject.org 28 Feb '14

28 Feb '14

commit 899fe7da8a82638295240965826197ac44994797 Author: Translation commit bot <translation(a)torproject.org> Date: Fri Feb 28 16:46:10 2014 +0000 Update translations for tails-perl5lib_completed --- zh_TW.po | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/zh_TW.po b/zh_TW.po index 1cb8222..c4f6439 100644 --- a/zh_TW.po +++ b/zh_TW.po @@ -9,7 +9,7 @@ msgstr "" "Project-Id-Version: The Tor Project\n" "Report-Msgid-Bugs-To: Tails developers <tails(a)boum.org>\n" "POT-Creation-Date: 2013-11-28 11:56+0100\n" -"PO-Revision-Date: 2014-02-28 09:45+0000\n" +"PO-Revision-Date: 2014-02-28 16:35+0000\n" "Last-Translator: 修銘張 <cges30901(a)gmail.com>\n" "Language-Team: Chinese (Taiwan) (http://www.transifex.com/projects/p/torproject/language/zh_TW/)\n" "MIME-Version: 1.0\n"

1 0

[translation/tails-perl5lib] Update translations for tails-perl5lib
by translation＠torproject.org 28 Feb '14

28 Feb '14

commit d77e6b460504a83363ee9dd3c2bf1299aa682425 Author: Translation commit bot <translation(a)torproject.org> Date: Fri Feb 28 16:46:08 2014 +0000 Update translations for tails-perl5lib --- zh_TW.po | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/zh_TW.po b/zh_TW.po index 1cb8222..c4f6439 100644 --- a/zh_TW.po +++ b/zh_TW.po @@ -9,7 +9,7 @@ msgstr "" "Project-Id-Version: The Tor Project\n" "Report-Msgid-Bugs-To: Tails developers <tails(a)boum.org>\n" "POT-Creation-Date: 2013-11-28 11:56+0100\n" -"PO-Revision-Date: 2014-02-28 09:45+0000\n" +"PO-Revision-Date: 2014-02-28 16:35+0000\n" "Last-Translator: 修銘張 <cges30901(a)gmail.com>\n" "Language-Team: Chinese (Taiwan) (http://www.transifex.com/projects/p/torproject/language/zh_TW/)\n" "MIME-Version: 1.0\n"

1 0

[translation/tor-launcher-network-settings_completed] Update translations for tor-launcher-network-settings_completed
by translation＠torproject.org 28 Feb '14

28 Feb '14

commit 22f651d3bf28a5df927fe30c5826ea1f58559b4a Author: Translation commit bot <translation(a)torproject.org> Date: Fri Feb 28 16:45:49 2014 +0000 Update translations for tor-launcher-network-settings_completed --- pt_BR/network-settings.dtd | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/pt_BR/network-settings.dtd b/pt_BR/network-settings.dtd index 7b2b5ce..b84d542 100644 --- a/pt_BR/network-settings.dtd +++ b/pt_BR/network-settings.dtd @@ -22,7 +22,9 @@ <!ENTITY torSettings.firewallQuestion "A conexão Internet deste computador é filtrada por uma firewall que autoriza conexões somente para certas portas?"> <!ENTITY torSettings.firewallHelp "Se você não tiver certeza sobre como responder a esta questão, escolha Não. Em caso de dificuldades de conexão à rede Tor, modifique esta configuração."> <!ENTITY torSettings.enterFirewall "Insira, separando-a por vírgulas, uma lista de portas habilitadas pelo firewall. "> -<!ENTITY torSettings.bridgeQuestion "Se a conexão Internet deste computador tiver sido censurada, você precisará obter e utilizar retransmissores de pontes.&#160; Se não, clique em Conectar."> +<!ENTITY torSettings.bridgeQuestion "Seu provedor de serviços de internet (ISP) bloqueiam ou censuram conexões à rede Tor?"> +<!ENTITY torSettings.bridgeHelp "Se você não está seguro de como responder esta questão, escolha No.&#160; Se você escolher Sim, você será perguntado para configurar pontes Tor, que são relays não listados que dificultam o bloqueio a rede Tor."> +<!ENTITY torSettings.bridgeSettingsPrompt "Você pode usar as configurações padrões de pontes ou obter e entrar com uma configuração personalizada.">  @@ -44,13 +46,15 @@ <!ENTITY torsettings.firewall.checkbox "A conexão Internet deste computador é filtrada por uma firewall que autoriza conexões somente para determinadas portas."> <!ENTITY torsettings.firewall.allowedPorts "Portas habilitadas:"> <!ENTITY torsettings.useBridges.checkbox "Meu Provedor de Serviços Internet (ISP) bloqueia as conexões à rede Tor"> +<!ENTITY torsettings.useBridges.default "Usar pontes padrões do Tipo"> +<!ENTITY torsettings.useBridges.custom "Usar pontes personalizadas"> <!ENTITY torsettings.useBridges.label "Insira um ou mais retransmissores de pontes (um por linha)."> -<!ENTITY torsettings.useBridges.placeholder "endereço:porta OU endereço:porta de transporte"> +<!ENTITY torsettings.useBridges.placeholder "tipo endereço:porta"> <!ENTITY torsettings.copyLog "Copiar o Log do Tor na área de transferência"> <!ENTITY torsettings.bridgeHelpTitle "Ajuda Retransmissor de Ponte"> <!ENTITY torsettings.bridgeHelp1 "Se for impossível conectar-se à rede Tor, talvez o seu Provedor de Internet (ISP) ou outra instância esteja bloqueando o Tor.&#160; Normalmente, é possível contornar esse problema utilizando Pontes Tor, que são retransmissores ocultos, mais difíceis de bloquear."> -<!ENTITY torsettings.bridgeHelp1B "Veja três modos de se obter endereços de pontes:"> +<!ENTITY torsettings.bridgeHelp1B "Você pode usar uma faixa de endereços de ponte pré-configuradas ou pode obter uma faixa de endereços personalizados usando um desses três métodos:"> <!ENTITY torsettings.bridgeHelp2Heading "Através da Web"> <!ENTITY torsettings.bridgeHelp2 "Use um navegador de internet e visite "> <!ENTITY torsettings.bridgeHelp3Heading "Através do Email Autoresponder">

1 0