April 2014 - tor-commits - lists.torproject.org

[meek/master] const blocks.
by dcf＠torproject.org 26 Apr '14

26 Apr '14

commit b2393bc809411f23a3057c111bfa11ed24fff9d7 Author: David Fifield <david(a)bamsoftware.com> Date: Sat Apr 26 11:54:06 2014 -0700 const blocks. --- appengine/reflect.go | 9 ++++++--- latencytest/latencytest.go | 6 ++++-- meek-client-torbrowser/linux.go | 6 ++++-- meek-client-torbrowser/mac.go | 6 ++++-- meek-client-torbrowser/windows.go | 6 ++++-- meek-client/meek-client.go | 20 +++++++++++--------- meek-server/meek-server.go | 20 +++++++++++--------- 7 files changed, 44 insertions(+), 29 deletions(-) diff --git a/appengine/reflect.go b/appengine/reflect.go index f0755dc..863a738 100644 --- a/appengine/reflect.go +++ b/appengine/reflect.go @@ -10,9 +10,12 @@ import ( "appengine/urlfetch" ) -const forwardURL = "http://meek.bamsoftware.com:7002/" -// A timeout of 0 means to use the App Engine default (5 seconds). -const urlFetchTimeout = 10 * time.Second +const ( + forwardURL = "http://meek.bamsoftware.com:7002/" + // A timeout of 0 means to use the App Engine default (5 seconds). + urlFetchTimeout = 10 * time.Second +) + var context appengine.Context func pathJoin(a, b string) string { diff --git a/latencytest/latencytest.go b/latencytest/latencytest.go index c2768eb..0244bd6 100644 --- a/latencytest/latencytest.go +++ b/latencytest/latencytest.go @@ -19,8 +19,10 @@ var urls = [...]string{ "https://www.googleusercontent.com/", } -const urlFetchTimeout = 10 * time.Second -const numTrials = 5 +const ( + urlFetchTimeout = 10 * time.Second + numTrials = 5 +) var context appengine.Context diff --git a/meek-client-torbrowser/linux.go b/meek-client-torbrowser/linux.go index a5634b2..6e8d847 100644 --- a/meek-client-torbrowser/linux.go +++ b/meek-client-torbrowser/linux.go @@ -5,5 +5,7 @@ package main -var firefoxPath = "Browser/firefox" -var firefoxProfilePath = "Data/Browser/profile.meek-http-helper" +const ( + firefoxPath = "Browser/firefox" + firefoxProfilePath = "Data/Browser/profile.meek-http-helper" +) diff --git a/meek-client-torbrowser/mac.go b/meek-client-torbrowser/mac.go index 9588512..6a11695 100644 --- a/meek-client-torbrowser/mac.go +++ b/meek-client-torbrowser/mac.go @@ -5,5 +5,7 @@ package main -var firefoxPath = "../Contents/MacOS/TorBrowser.app/Contents/MacOS/firefox" -var firefoxProfilePath = "../Data/Browser/profile.meek-http-helper" +const ( + firefoxPath = "../Contents/MacOS/TorBrowser.app/Contents/MacOS/firefox" + firefoxProfilePath = "../Data/Browser/profile.meek-http-helper" +) diff --git a/meek-client-torbrowser/windows.go b/meek-client-torbrowser/windows.go index 4dbdb47..3ac9113 100644 --- a/meek-client-torbrowser/windows.go +++ b/meek-client-torbrowser/windows.go @@ -5,5 +5,7 @@ package main -var firefoxPath string = "Browser/firefox.exe" -var firefoxProfilePath = "Data/Browser/profile.meek-http-helper" +const ( + firefoxPath string = "Browser/firefox.exe" + firefoxProfilePath = "Data/Browser/profile.meek-http-helper" +) diff --git a/meek-client/meek-client.go b/meek-client/meek-client.go index 1300474..d6b095f 100644 --- a/meek-client/meek-client.go +++ b/meek-client/meek-client.go @@ -20,15 +20,17 @@ import ( import "git.torproject.org/pluggable-transports/goptlib.git" -const ptMethodName = "meek" -const sessionIdLength = 32 -const maxPayloadLength = 0x10000 -const initPollInterval = 100 * time.Millisecond -const maxPollInterval = 5 * time.Second -const pollIntervalMultiplier = 1.5 -const maxHelperResponseLength = 10000000 -const helperReadTimeout = 60 * time.Second -const helperWriteTimeout = 2 * time.Second +const ( + ptMethodName = "meek" + sessionIdLength = 32 + maxPayloadLength = 0x10000 + initPollInterval = 100 * time.Millisecond + maxPollInterval = 5 * time.Second + pollIntervalMultiplier = 1.5 + maxHelperResponseLength = 10000000 + helperReadTimeout = 60 * time.Second + helperWriteTimeout = 2 * time.Second +) var ptInfo pt.ClientInfo diff --git a/meek-server/meek-server.go b/meek-server/meek-server.go index c7d7e41..3ea445f 100644 --- a/meek-server/meek-server.go +++ b/meek-server/meek-server.go @@ -19,15 +19,17 @@ import ( import "git.torproject.org/pluggable-transports/goptlib.git" -const ptMethodName = "meek" -const minSessionIdLength = 32 -const maxPayloadLength = 0x10000 -// How long we try to read something back from the ORPort before returning the -// response. -const turnaroundTimeout = 10 * time.Millisecond -// Passed as ReadTimeout and WriteTimeout when constructing the http.Server. -const readWriteTimeout = 10 * time.Second -const maxSessionStaleness = 120 * time.Second +const ( + ptMethodName = "meek" + minSessionIdLength = 32 + maxPayloadLength = 0x10000 + // How long we try to read something back from the ORPort before returning the + // response. + turnaroundTimeout = 10 * time.Millisecond + // Passed as ReadTimeout and WriteTimeout when constructing the http.Server. + readWriteTimeout = 10 * time.Second + maxSessionStaleness = 120 * time.Second +) var ptInfo pt.ServerInfo

1 0

[obfsproxy/master] Make sure that AES-CTR counter of obfs{2, 3} won't overflow.
by asn＠torproject.org 26 Apr '14

26 Apr '14

commit 7b562f53fb02f930b3c43f1571a90f6634df0664 Author: George Kadianakis <desnacked(a)riseup.net> Date: Sat Apr 26 19:14:51 2014 +0100 Make sure that AES-CTR counter of obfs{2,3} won't overflow. --- ChangeLog | 4 ++++ obfsproxy/common/aes.py | 11 ++++++++--- obfsproxy/transports/obfs2.py | 6 ++++-- obfsproxy/transports/obfs3.py | 3 ++- 4 files changed, 18 insertions(+), 6 deletions(-) diff --git a/ChangeLog b/ChangeLog index 6cf2400..8c2e76c 100644 --- a/ChangeLog +++ b/ChangeLog @@ -7,6 +7,10 @@ Changes in version 0.2.9 - UNRELEASED: explicitly picks python2. Makes obfsproxy work in platforms like Linux Arch where python3 is the default. Fixes part of #11190. Patch by Yawning Angel. + - The AES-CTR counter of obfs2 and obfs3 now wraps around to 0. + Since, the counter value was derived from the protocol, there + was an unlikely chance that PyCrypto would raise an OverflowError + exception. Spotted by Yawning Angel. Fixes #11611. Changes in version 0.2.8 - 2014-03-28: diff --git a/obfsproxy/common/aes.py b/obfsproxy/common/aes.py index 3f29346..777fad0 100644 --- a/obfsproxy/common/aes.py +++ b/obfsproxy/common/aes.py @@ -9,13 +9,18 @@ from Crypto.Util import Counter class AES_CTR_128(object): """An AES-CTR-128 PyCrypto wrapper.""" - def __init__(self, key, iv): - """Initialize AES with the given key and IV.""" + def __init__(self, key, iv, counter_wraparound=False): + """Initialize AES with the given key and IV. + + If counter_wraparound is set to True, the AES-CTR counter will + wraparound to 0 when it overflows. + """ assert(len(key) == 16) assert(len(iv) == 16) - self.ctr = Counter.new(128, initial_value=long(iv.encode('hex'), 16)) + self.ctr = Counter.new(128, initial_value=long(iv.encode('hex'), 16), + allow_wraparound=counter_wraparound) self.cipher = AES.new(key, AES.MODE_CTR, counter=self.ctr) def crypt(self, data): diff --git a/obfsproxy/transports/obfs2.py b/obfsproxy/transports/obfs2.py index f8ba7c9..23a60d4 100644 --- a/obfsproxy/transports/obfs2.py +++ b/obfsproxy/transports/obfs2.py @@ -257,7 +257,8 @@ class Obfs2Transport(base.BaseTransport): secret = self.mac(pad_string, self.initiator_seed + self.responder_seed, self.shared_secret) - return aes.AES_CTR_128(secret[:KEYLEN], secret[KEYLEN:]) + return aes.AES_CTR_128(secret[:KEYLEN], secret[KEYLEN:], + counter_wraparound=True) def _derive_padding_crypto(self, seed, pad_string): # XXX consider secret_seed """ @@ -266,7 +267,8 @@ class Obfs2Transport(base.BaseTransport): secret = self.mac(pad_string, seed, self.shared_secret) - return aes.AES_CTR_128(secret[:KEYLEN], secret[KEYLEN:]) + return aes.AES_CTR_128(secret[:KEYLEN], secret[KEYLEN:], + counter_wraparound=True) def mac(self, s, x, secret): """ diff --git a/obfsproxy/transports/obfs3.py b/obfsproxy/transports/obfs3.py index 6a4df6b..ba45da1 100644 --- a/obfsproxy/transports/obfs3.py +++ b/obfsproxy/transports/obfs3.py @@ -221,7 +221,8 @@ class Obfs3Transport(base.BaseTransport): Derive and return an obfs3 key using the pad string in 'pad_string'. """ secret = hmac_sha256.hmac_sha256_digest(self.shared_secret, pad_string) - return aes.AES_CTR_128(secret[:KEYLEN], secret[KEYLEN:]) + return aes.AES_CTR_128(secret[:KEYLEN], secret[KEYLEN:], + counter_wraparound=True) class Obfs3Client(Obfs3Transport):

1 0

[tor-browser-bundle/master] Bump HTTPS-Everywhere version to 3.5.1.
by gk＠torproject.org 26 Apr '14

26 Apr '14

commit 13e785546c9197c1b8698a42e3e4c1909824545f Author: Georg Koppen <gk(a)torproject.org> Date: Sat Apr 26 14:05:19 2014 +0000 Bump HTTPS-Everywhere version to 3.5.1. --- Bundle-Data/Docs/ChangeLog.txt | 2 +- gitian/versions | 2 +- gitian/versions.alpha | 2 +- gitian/versions.beta | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/Bundle-Data/Docs/ChangeLog.txt b/Bundle-Data/Docs/ChangeLog.txt index 28e1ba2..52610c4 100644 --- a/Bundle-Data/Docs/ChangeLog.txt +++ b/Bundle-Data/Docs/ChangeLog.txt @@ -7,7 +7,7 @@ Tor Browser Bundle 3.6 -- Apr 29 2014 * Update Torbutton to 1.6.9.0 * Bug 7439: Improve download warning dialog text. * Bug 11384: Completely remove hidden toggle menu item. - * Update HTTPS-Everywhere to 3.5 + * Update HTTPS-Everywhere to 3.5.1 * Update NoScript to 2.6.8.20 * Update obfs3 transport to 0.2.8 * Update fte transport to 0.2.13 diff --git a/gitian/versions b/gitian/versions index c699242..81ec1e8 100755 --- a/gitian/versions +++ b/gitian/versions @@ -9,7 +9,7 @@ TORBROWSER_TAG=tor-browser-${FIREFOX_VERSION}-1-build3 TOR_TAG=tor-0.2.4.21 TORLAUNCHER_TAG=0.2.4.4 TORBUTTON_TAG=1.6.7.0 -HTTPSE_TAG=3.5 +HTTPSE_TAG=3.5.1 NSIS_TAG=v0.1 ZLIB_TAG=v1.2.8 LIBEVENT_TAG=release-2.0.21-stable diff --git a/gitian/versions.alpha b/gitian/versions.alpha index cb0551c..4ede6e6 100755 --- a/gitian/versions.alpha +++ b/gitian/versions.alpha @@ -10,7 +10,7 @@ TORBROWSER_TAG=tor-browser-${FIREFOX_VERSION}-1-build3 TOR_TAG=tor-0.2.5.3-alpha TORLAUNCHER_TAG=0.2.5.4 TORBUTTON_TAG=1.6.9.0 -HTTPSE_TAG=3.5 +HTTPSE_TAG=3.5.1 NSIS_TAG=v0.1 ZLIB_TAG=v1.2.8 LIBEVENT_TAG=release-2.0.21-stable diff --git a/gitian/versions.beta b/gitian/versions.beta index 91c4a2c..2560de3 100755 --- a/gitian/versions.beta +++ b/gitian/versions.beta @@ -10,7 +10,7 @@ TORBROWSER_TAG=tor-browser-${FIREFOX_VERSION}-1-build3 TOR_TAG=tor-0.2.4.21 TORLAUNCHER_TAG=0.2.5.4 TORBUTTON_TAG=1.6.9.0 -HTTPSE_TAG=3.5 +HTTPSE_TAG=3.5.1 NSIS_TAG=v0.1 ZLIB_TAG=v1.2.8 LIBEVENT_TAG=release-2.0.21-stable

1 0

[meek/master] Add missing semicolon.
by dcf＠torproject.org 26 Apr '14

26 Apr '14

commit baef666e1681b1d3129582cab9ac60692e1ee4c0 Author: David Fifield <david(a)bamsoftware.com> Date: Fri Apr 25 21:12:58 2014 -0700 Add missing semicolon. Found by gk in https://trac.torproject.org/projects/tor/ticket/11183#comment:20. --- firefox/components/main.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/firefox/components/main.js b/firefox/components/main.js index 3db395c..d1283e7 100644 --- a/firefox/components/main.js +++ b/firefox/components/main.js @@ -54,7 +54,7 @@ MeekHTTPHelper.prototype = { // nsIObserver implementation. observe: function(subject, topic, data) { if (topic !== "profile-after-change") - return + return; try { // https://developer.mozilla.org/en-US/docs/XPCOM_Interface_Reference/nsIServe…

1 0

[meek/master] More rigidly follow the camelcase convention.
by dcf＠torproject.org 26 Apr '14

26 Apr '14

commit eab44b4fbaf3aabc7077a06d92ee02ce61b57932 Author: David Fifield <david(a)bamsoftware.com> Date: Fri Apr 25 21:40:49 2014 -0700 More rigidly follow the camelcase convention. Suggested by gk in https://trac.torproject.org/projects/tor/ticket/11183#comment:20. --- firefox/components/main.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/firefox/components/main.js b/firefox/components/main.js index d8b40f4..b07ed84 100644 --- a/firefox/components/main.js +++ b/firefox/components/main.js @@ -122,14 +122,14 @@ MeekHTTPHelper.lookupStatus = function(status) { // happens within callbacks. MeekHTTPHelper.LocalConnectionHandler = function(transport) { this.transport = transport; - this.requestreader = null; + this.requestReader = null; this.channel = null; this.listener = null; this.readRequest(this.makeRequest.bind(this)); }; MeekHTTPHelper.LocalConnectionHandler.prototype = { readRequest: function(callback) { - this.requestreader = new MeekHTTPHelper.RequestReader(this.transport, callback); + this.requestReader = new MeekHTTPHelper.RequestReader(this.transport, callback); }, makeRequest: function(req) {

1 0

[meek/master] Actually use the callback arg.
by dcf＠torproject.org 26 Apr '14

26 Apr '14

commit f0083e5e5b9b4d05bb9da8f7180b53c7758aaba2 Author: David Fifield <david(a)bamsoftware.com> Date: Fri Apr 25 21:13:27 2014 -0700 Actually use the callback arg. Previously it was hardcoded to the same value that happened to be passed as an argument, so it worked the same but was confusing. Found by gk in https://trac.torproject.org/projects/tor/ticket/11183#comment:20. --- firefox/components/main.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/firefox/components/main.js b/firefox/components/main.js index d1283e7..d8b40f4 100644 --- a/firefox/components/main.js +++ b/firefox/components/main.js @@ -129,7 +129,7 @@ MeekHTTPHelper.LocalConnectionHandler = function(transport) { }; MeekHTTPHelper.LocalConnectionHandler.prototype = { readRequest: function(callback) { - this.requestreader = new MeekHTTPHelper.RequestReader(this.transport, this.makeRequest.bind(this)); + this.requestreader = new MeekHTTPHelper.RequestReader(this.transport, callback); }, makeRequest: function(req) {

1 0

[tor/master] Bump version to 0.2.5.4-alpha-dev
by nickm＠torproject.org 26 Apr '14

26 Apr '14

commit 3a3ed2abb225f5534d1931e5549c6acb638d3de7 Author: Nick Mathewson <nickm(a)torproject.org> Date: Fri Apr 25 23:38:12 2014 -0400 Bump version to 0.2.5.4-alpha-dev --- configure.ac | 2 +- contrib/tor-mingw.nsi.in | 2 +- src/win32/orconfig.h | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/configure.ac b/configure.ac index 30feda6..edfe2f8 100644 --- a/configure.ac +++ b/configure.ac @@ -3,7 +3,7 @@ dnl Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson dnl Copyright (c) 2007-2013, The Tor Project, Inc. dnl See LICENSE for licensing information -AC_INIT([tor],[0.2.5.4-alpha]) +AC_INIT([tor],[0.2.5.4-alpha-dev]) AC_CONFIG_SRCDIR([src/or/main.c]) AC_CONFIG_MACRO_DIR([m4]) AM_INIT_AUTOMAKE diff --git a/contrib/tor-mingw.nsi.in b/contrib/tor-mingw.nsi.in index 1d9274a..0e1594d 100644 --- a/contrib/tor-mingw.nsi.in +++ b/contrib/tor-mingw.nsi.in @@ -8,7 +8,7 @@ !include "LogicLib.nsh" !include "FileFunc.nsh" !insertmacro GetParameters -!define VERSION "0.2.5.4-alpha" +!define VERSION "0.2.5.4-alpha-dev" !define INSTALLER "tor-${VERSION}-win32.exe" !define WEBSITE "https://www.torproject.org/" !define LICENSE "LICENSE" diff --git a/src/win32/orconfig.h b/src/win32/orconfig.h index c865d56..7b5877c 100644 --- a/src/win32/orconfig.h +++ b/src/win32/orconfig.h @@ -241,7 +241,7 @@ #define USING_TWOS_COMPLEMENT /* Version number of package */ -#define VERSION "0.2.5.4-alpha" +#define VERSION "0.2.5.4-alpha-dev"

1 0

[meek/master] Update comment that claimed we listen on a fixed port.
by dcf＠torproject.org 26 Apr '14

26 Apr '14

commit feb40572ec394664569e28176542bf13fb9de226 Author: David Fifield <david(a)bamsoftware.com> Date: Fri Apr 25 20:35:37 2014 -0700 Update comment that claimed we listen on a fixed port. That used to be the case but no longer. Noticed by gk in https://trac.torproject.org/projects/tor/ticket/11183#comment:20. --- firefox/components/main.js | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/firefox/components/main.js b/firefox/components/main.js index 2890b37..3db395c 100644 --- a/firefox/components/main.js +++ b/firefox/components/main.js @@ -1,10 +1,11 @@ // This is an extension that allows external programs to make HTTP requests // using the browser's networking libraries. // -// The extension opens a TCP socket listening on localhost (port 7000). When it -// receives a connection, it reads a 4-byte big-endian length field, then tries -// to read that many bytes of data. The data is UTF-8–encoded JSON, having the -// format +// The extension opens a TCP socket listening on localhost on an ephemeral port. +// It writes the port number in a recognizable format to stdout so that a parent +// process can read it and connect. When the extension receives a connection, it +// reads a 4-byte big-endian length field, then tries to read that many bytes of +// data. The data is UTF-8–encoded JSON, having the format // { // "method": "POST", // "url": "https://www.google.com/",

1 0

r26740: {website} ready for new tarball if only we could push the website (in website/trunk: . include)
by Roger Dingledine 26 Apr '14

26 Apr '14

Author: arma Date: 2014-04-26 03:25:40 +0000 (Sat, 26 Apr 2014) New Revision: 26740 Modified: website/trunk/Makefile website/trunk/include/versions.wmi Log: ready for new tarball if only we could push the website Modified: website/trunk/Makefile =================================================================== --- website/trunk/Makefile 2014-04-26 02:26:35 UTC (rev 26739) +++ website/trunk/Makefile 2014-04-26 03:25:40 UTC (rev 26740) @@ -11,7 +11,7 @@ # 5. ./publish export STABLETAG=tor-0.2.4.21 -export DEVTAG=tor-0.2.5.3-alpha +export DEVTAG=tor-0.2.5.4-alpha WMLBASE=. SUBDIRS=docs eff projects press about download getinvolved donate docs/torbutton Modified: website/trunk/include/versions.wmi =================================================================== --- website/trunk/include/versions.wmi 2014-04-26 02:26:35 UTC (rev 26739) +++ website/trunk/include/versions.wmi 2014-04-26 03:25:40 UTC (rev 26740) @@ -1,5 +1,5 @@ <define-tag version-stable whitespace=delete>0.2.4.21</define-tag> -<define-tag version-alpha whitespace=delete>0.2.5.3-alpha</define-tag> +<define-tag version-alpha whitespace=delete>0.2.5.4-alpha</define-tag> <define-tag version-win32-stable whitespace=delete>0.2.4.21</define-tag> <define-tag version-win32-alpha whitespace=delete>0.2.4.21</define-tag>

1 0

[translation/tails-misc] Update translations for tails-misc
by translation＠torproject.org 26 Apr '14

26 Apr '14

commit 1861bbf5d758c6091d13b52bc6c0ec3eeb388558 Author: Translation commit bot <translation(a)torproject.org> Date: Sat Apr 26 02:45:37 2014 +0000 Update translations for tails-misc --- zh_HK.po | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/zh_HK.po b/zh_HK.po index 78e104c..a0992a7 100644 --- a/zh_HK.po +++ b/zh_HK.po @@ -8,7 +8,7 @@ msgstr "" "Project-Id-Version: The Tor Project\n" "Report-Msgid-Bugs-To: \n" "POT-Creation-Date: 2014-03-23 08:55+0100\n" -"PO-Revision-Date: 2014-04-26 02:10+0000\n" +"PO-Revision-Date: 2014-04-26 02:20+0000\n" "Last-Translator: runasand <runa.sandvik(a)gmail.com>\n" "Language-Team: Chinese (Hong Kong) (http://www.transifex.com/projects/p/torproject/language/zh_HK/)\n" "MIME-Version: 1.0\n"

1 0