July 2014 - tor-commits - lists.torproject.org

[tor-browser-bundle/maint-3.6] Bump 3.6 to Firefox 27.7.0.
by mikeperry＠torproject.org 16 Jul '14

16 Jul '14

commit aff7663db9ef47c782f5001ee9869157e6bd0816 Author: Mike Perry <mikeperry-git(a)torproject.org> Date: Wed Jul 16 11:51:36 2014 -0700 Bump 3.6 to Firefox 27.7.0. --- gitian/versions | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/gitian/versions b/gitian/versions index 37a0d66..a8a6fb7 100755 --- a/gitian/versions +++ b/gitian/versions @@ -1,12 +1,12 @@ -TORBROWSER_VERSION=3.6.2 +TORBROWSER_VERSION=3.6.3pre BUNDLE_LOCALES="ar de es-ES fa fr it ko nl pl pt-PT ru tr vi zh-CN" BUILD_PT_BUNDLES=1 VERIFY_TAGS=1 -FIREFOX_VERSION=24.6.0esr +FIREFOX_VERSION=24.7.0esr -TORBROWSER_TAG=tor-browser-${FIREFOX_VERSION}-3.x-1-build2 +TORBROWSER_TAG=tor-browser-${FIREFOX_VERSION}-3.x-1-build1 TOR_TAG=tor-0.2.4.22 TORLAUNCHER_TAG=0.2.5.5 TORBUTTON_TAG=1.6.10.0

1 0

[tor-browser-bundle/master] Update Firefox version to 27.7.0 in nightly and alpha.
by mikeperry＠torproject.org 16 Jul '14

16 Jul '14

commit 4afce310c0a633e9d285e6ae3ea0801d0e12d59e Author: Mike Perry <mikeperry-git(a)torproject.org> Date: Wed Jul 16 11:50:14 2014 -0700 Update Firefox version to 27.7.0 in nightly and alpha. --- Bundle-Data/Docs/ChangeLog.txt | 1 + gitian/versions.alpha | 2 +- gitian/versions.nightly | 2 +- 3 files changed, 3 insertions(+), 2 deletions(-) diff --git a/Bundle-Data/Docs/ChangeLog.txt b/Bundle-Data/Docs/ChangeLog.txt index 0ea1dc2..104a135 100644 --- a/Bundle-Data/Docs/ChangeLog.txt +++ b/Bundle-Data/Docs/ChangeLog.txt @@ -1,6 +1,7 @@ Tor Browser Bundle 4.0-alpha-1 -- Jul 9 2014 * All Platforms * Include the Meek Pluggable Transport (version 0.9) (Bug 10935) + * Update Firefox to 24.7.0esr * Update Tor to 0.2.5.5-alpha * Update NoScript to 2.6.8.31 * Script permissions now apply based on URL bar diff --git a/gitian/versions.alpha b/gitian/versions.alpha index e73d2ae..b406f45 100755 --- a/gitian/versions.alpha +++ b/gitian/versions.alpha @@ -4,7 +4,7 @@ BUILD_PT_BUNDLES=1 VERIFY_TAGS=1 -FIREFOX_VERSION=24.6.0esr +FIREFOX_VERSION=24.7.0esr TORBROWSER_TAG=tor-browser-${FIREFOX_VERSION}-4.x-1-build1 TOR_TAG=tor-0.2.5.5-alpha diff --git a/gitian/versions.nightly b/gitian/versions.nightly index 617c3dd..5398126 100755 --- a/gitian/versions.nightly +++ b/gitian/versions.nightly @@ -4,7 +4,7 @@ BUILD_PT_BUNDLES=1 VERIFY_TAGS=0 -FIREFOX_VERSION=24.6.0esr +FIREFOX_VERSION=24.7.0esr TORBROWSER_TAG=tor-browser-${FIREFOX_VERSION}-4.x-1 TOR_TAG=master

1 0

[tor-browser-bundle/master] Bug 12391: Get mingw-w64 compiled reliably.
by gk＠torproject.org 16 Jul '14

16 Jul '14

commit 5b71d6072028e0d582ad7405597fd615586a0734 Author: Georg Koppen <gk(a)torproject.org> Date: Wed Jul 16 19:24:48 2014 +0000 Bug 12391: Get mingw-w64 compiled reliably. It seems libfaketime is the culprit for the intermittent build failures (which might be nothing else than an instance of bug 11459). The workaround is to omit the compiler (and linker) from this restriction and to cross the fingers that the libgcc* etc. we ship, too, are still getting built deterministically. So far this seems to work out... --- gitian/descriptors/windows/gitian-utils.yml | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/gitian/descriptors/windows/gitian-utils.yml b/gitian/descriptors/windows/gitian-utils.yml index d9bf928..87a0bce 100644 --- a/gitian/descriptors/windows/gitian-utils.yml +++ b/gitian/descriptors/windows/gitian-utils.yml @@ -36,8 +36,6 @@ files: script: | INSTDIR="$HOME/install" source versions - export LD_PRELOAD=/usr/lib/faketime/libfaketime.so.1 - export FAKETIME=$REFERENCE_DATETIME export TZ=UTC export LC_ALL=C umask 0022 @@ -79,9 +77,7 @@ script: | # CFLAGS_FOR_TARGET. export CFLAGS_FOR_TARGET="-specs=/home/ubuntu/build/msvcr100.spec" gcc-*/configure --prefix=$INSTDIR/mingw-w64 --target=i686-w64-mingw32 --disable-multilib --enable-languages=c,c++ - # XXX: Using $MAKEOPTS (tested with -j4) breaks the build which does not - # happen in a non-gitian environment. This is probably related to bug 11459. - make all-gcc + make $MAKEOPTS all-gcc make install-gcc cd .. # @@ -104,6 +100,13 @@ script: | make install cd .. + # XXX: Build the libraries we include into the bundles deterministically. As + # libfaketime breaks the mingw-w64 build (probably due to bug 11459) we omit + # the compiler and linker from it. It seems we get away with this strategy + # and the libgcc* and libss* which we ship, too, are still built in a + # reproducible fashion. + export LD_PRELOAD=/usr/lib/faketime/libfaketime.so.1 + export FAKETIME=$REFERENCE_DATETIME # Building zlib export CFLAGS="-mwindows" export LDFLAGS="-mwindows"

1 0

[doctor/master] Noting the authority that's missing signatures
by atagar＠torproject.org 16 Jul '14

16 Jul '14

commit 560d6cd671cb602a362ff491eefe9718ea66bea2 Author: Damian Johnson <atagar(a)torproject.org> Date: Wed Jul 16 09:41:48 2014 -0700 Noting the authority that's missing signatures We recently had an issue where clock skew on urras resulted in consensuses missing signatures. DocTor made plenty of noise about this, but the messages didn't really help much in figuring out what was up since it didn't not *who's* consensus was missing the signatures. Including that in its notices... NOTICE: Consensus belonging to urras was missing the following authority signatures: maatuska --- consensus_health_checker.py | 19 +++++++++++-------- data/consensus_health.cfg | 2 +- 2 files changed, 12 insertions(+), 9 deletions(-) diff --git a/consensus_health_checker.py b/consensus_health_checker.py index dd77c2a..e85ece1 100755 --- a/consensus_health_checker.py +++ b/consensus_health_checker.py @@ -410,27 +410,30 @@ def consensuses_have_same_votes(latest_consensus, consensuses, votes): def has_all_signatures(latest_consensus, consensuses, votes): "Check that the consensuses have signatures for authorities that voted on it." - missing_authorities = set() + issues = [] - for consensus in consensuses.values(): - authority_signatures = set([authority.fingerprint for authority in consensus.directory_authorities]) - signature_signatures = set([sig.identity for sig in consensus.signatures]) + for consensus_of, consensus in consensuses.items(): + voting_authorities = set([authority.fingerprint for authority in consensus.directory_authorities]) + signing_authorities = set([sig.identity for sig in consensus.signatures]) + missing_authorities = set() - for missing_signature in authority_signatures.difference(signature_signatures): + for missing_signature in voting_authorities.difference(signing_authorities): # Attempt to translate the missing v3ident signatures into authority # nicknames, falling back to just notifying of the v3ident if not found. missing_authority = missing_signature - for authority in directory_authorities().values(): + for authority in DIRECTORY_AUTHORITIES.values(): if authority.v3ident == missing_signature: missing_authority = authority.nickname break missing_authorities.add(missing_authority) - if missing_authorities: - return Issue(Runlevel.NOTICE, 'MISSING_SIGNATURE', authorities = ', '.join(missing_authorities)) + if missing_authorities: + issues.append(Issue(Runlevel.NOTICE, 'MISSING_SIGNATURE', consensus_of = consensus_of, authorities = ', '.join(missing_authorities))) + + return issues def voting_bandwidth_scanners(latest_consensus, consensuses, votes): diff --git a/data/consensus_health.cfg b/data/consensus_health.cfg index f42ab30..2175d55 100644 --- a/data/consensus_health.cfg +++ b/data/consensus_health.cfg @@ -6,7 +6,7 @@ msg DIFFERENT_RECOMMENDED_VERSION => The following directory authorities recomme msg UNKNOWN_CONSENSUS_PARAMETERS => The following directory authorities set unknown consensus parameters: {parameters} msg MISMATCH_CONSENSUS_PARAMETERS => The following directory authorities set conflicting consensus parameters: {parameters} msg CERTIFICATE_ABOUT_TO_EXPIRE => The certificate of the following directory authority expires within the next {duration}: {authority} -msg MISSING_SIGNATURE => The signatures of the following, previously voting authorities are missing from at least one consensus: {authorities} +msg MISSING_SIGNATURE => Consensus belonging to {consensus_of} was missing the following authority signatures: {authorities} msg MISSING_BANDWIDTH_SCANNERS => The following directory authorities are not reporting bandwidth scanner results: {authorities} msg EXTRA_BANDWIDTH_SCANNERS => The following directory authorities were not expected to report bandwidth scanner results: {authorities} msg MISSING_VOTES => The consensuses downloaded from the following authorities are missing votes that are contained in consensuses downloaded from other authorities: {authorities}

1 0

[obfsproxy/master] Fix path joining in scramblesuit/state.py.
by asn＠torproject.org 16 Jul '14

16 Jul '14

commit ee185b8904a6463e925e27df7e18e3e64e77b9fc Author: George Kadianakis <desnacked(a)riseup.net> Date: Tue Jul 15 16:42:15 2014 +0300 Fix path joining in scramblesuit/state.py. --- obfsproxy/transports/scramblesuit/state.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/obfsproxy/transports/scramblesuit/state.py b/obfsproxy/transports/scramblesuit/state.py index 8068914..5158f5e 100644 --- a/obfsproxy/transports/scramblesuit/state.py +++ b/obfsproxy/transports/scramblesuit/state.py @@ -30,7 +30,7 @@ def load( ): state file is found, a new one is created and returned. """ - stateFile = const.STATE_LOCATION + const.SERVER_STATE_FILE + stateFile = os.path.join(const.STATE_LOCATION, const.SERVER_STATE_FILE) log.info("Attempting to load the server's state file from `%s'." % stateFile) @@ -153,7 +153,7 @@ class State( object ): Write the state object to a file using the `cPickle' module. """ - stateFile = const.STATE_LOCATION + const.SERVER_STATE_FILE + stateFile = os.path.join(const.STATE_LOCATION, const.SERVER_STATE_FILE) log.debug("Writing server's state file to `%s'." % stateFile)

1 0

[obfsproxy/master] Use temporary files instead of "/tmp" in scramblesuit unittests.
by asn＠torproject.org 16 Jul '14

16 Jul '14

commit 2296d90770fa6e67dde37228bd95492b79586a93 Author: George Kadianakis <desnacked(a)riseup.net> Date: Tue Jul 15 16:43:20 2014 +0300 Use temporary files instead of "/tmp" in scramblesuit unittests. Conflicts: obfsproxy/test/transports/test_scramblesuit.py --- obfsproxy/test/transports/test_scramblesuit.py | 51 ++++++++++++++++-------- 1 file changed, 34 insertions(+), 17 deletions(-) diff --git a/obfsproxy/test/transports/test_scramblesuit.py b/obfsproxy/test/transports/test_scramblesuit.py index 8481fab..0a71080 100644 --- a/obfsproxy/test/transports/test_scramblesuit.py +++ b/obfsproxy/test/transports/test_scramblesuit.py @@ -13,6 +13,7 @@ import obfsproxy.network.buffer as obfs_buf import obfsproxy.common.transport_config as transport_config import obfsproxy.transports.base as base +import obfsproxy.transports.scramblesuit.state as state import obfsproxy.transports.scramblesuit.util as util import obfsproxy.transports.scramblesuit.const as const import obfsproxy.transports.scramblesuit.mycrypto as mycrypto @@ -222,18 +223,16 @@ class UtilTest( unittest.TestCase ): def test4_setStateLocation( self ): name = (const.TRANSPORT_NAME).lower() - util.setStateLocation("/tmp") - self.failUnless(const.STATE_LOCATION == "/tmp/%s/" % name) - - # Nothing should change if we pass "None". - util.setStateLocation(None) - self.failUnless(const.STATE_LOCATION == "/tmp/%s/" % name) - # Check if function creates non-existant directories. d = tempfile.mkdtemp() util.setStateLocation(d) self.failUnless(const.STATE_LOCATION == "%s/%s/" % (d, name)) self.failUnless(os.path.exists("%s/%s/" % (d, name))) + + # Nothing should change if we pass "None". + util.setStateLocation(None) + self.failUnless(const.STATE_LOCATION == "%s/%s/" % (d, name)) + shutil.rmtree(d) def test5_getEpoch( self ): @@ -256,15 +255,14 @@ class UtilTest( unittest.TestCase ): self.failUnless(util.readFromFile("/etc/shadow") == None) class StateTest( unittest.TestCase ): - def setUp( self ): - const.STATE_LOCATION = "/tmp/" - self.stateFile = const.STATE_LOCATION + const.SERVER_STATE_FILE + const.STATE_LOCATION = tempfile.mkdtemp() + self.stateFile = os.path.join(const.STATE_LOCATION, const.SERVER_STATE_FILE) self.state = state.State() def tearDown( self ): try: - os.unlink(self.stateFile) + shutil.rmtree(const.STATE_LOCATION) except OSError: pass @@ -322,6 +320,14 @@ class ScrambleSuitTransportTest( unittest.TestCase ): self.validSecret = base64.b32encode( 'A' * const.SHARED_SECRET_LENGTH ) self.invalidSecret = 'a' * const.SHARED_SECRET_LENGTH + self.statefile = tempfile.mkdtemp() + + def tearDown( self ): + try: + shutil.rmtree(self.statefile) + except OSError: + pass + def test1_validateExternalModeCli( self ): """Test with valid scramblesuit args and valid obfsproxy args.""" self.args.uniformDHSecret = self.validSecret @@ -340,7 +346,10 @@ class ScrambleSuitTransportTest( unittest.TestCase ): self.suit.validate_external_mode_cli( self.args ) def test3_get_public_server_options( self ): - scramblesuit.ScrambleSuitTransport.setup(transport_config.TransportConfig()) + transCfg = transport_config.TransportConfig() + transCfg.setStateLocation(self.statefile) + + scramblesuit.ScrambleSuitTransport.setup(transCfg) options = scramblesuit.ScrambleSuitTransport.get_public_server_options("") self.failUnless("password" in options) @@ -388,13 +397,21 @@ class MessageTest( unittest.TestCase ): message.ProtocolMessage, "1", paddingLen=const.MPU) class TicketTest( unittest.TestCase ): + def setUp( self ): + const.STATE_LOCATION = tempfile.mkdtemp() + self.stateFile = os.path.join(const.STATE_LOCATION, const.SERVER_STATE_FILE) + self.state = state.State() + self.state.genState() - def test1_authentication( self ): - srvState = state.State() - srvState.genState() + def tearDown( self ): + try: + shutil.rmtree(const.STATE_LOCATION) + except OSError: + pass + def test1_authentication( self ): ss = scramblesuit.ScrambleSuitTransport() - ss.srvState = srvState + ss.srvState = self.state realEpoch = util.getEpoch @@ -404,7 +421,7 @@ class TicketTest( unittest.TestCase ): util.getEpoch = lambda: epoch # Prepare ticket message. - blurb = ticket.issueTicketAndKey(srvState) + blurb = ticket.issueTicketAndKey(self.state) rawTicket = blurb[const.MASTER_KEY_LENGTH:] masterKey = blurb[:const.MASTER_KEY_LENGTH] ss.deriveSecrets(masterKey)

1 0

[obfsproxy/master] Write password to a file, instead of the whole Bridge line.
by asn＠torproject.org 16 Jul '14

16 Jul '14

commit 52ffae96fbe3907644015be82de2b3a38f637ae2 Author: George Kadianakis <desnacked(a)riseup.net> Date: Fri May 9 15:32:55 2014 +0100 Write password to a file, instead of the whole Bridge line. Because of technical problems (see #10887:comment:11) it was not so easy to write the actual Bridge line that people were supposed to use. Let's just write the password for now. Conflicts: obfsproxy/transports/scramblesuit/const.py obfsproxy/transports/scramblesuit/state.py Conflicts: obfsproxy/transports/scramblesuit/scramblesuit.py --- ChangeLog | 3 +++ obfsproxy/transports/scramblesuit/const.py | 4 ++++ obfsproxy/transports/scramblesuit/scramblesuit.py | 13 ++++++++++- obfsproxy/transports/scramblesuit/state.py | 26 +++++++++++++++++++++ 4 files changed, 45 insertions(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index 93c47fd..b6a2ad4 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,4 +1,7 @@ Changes in version 0.2.11 - UNRELEASED: + - Write a 'server_password' file with the scramblesuit password to + make it easier for bridge operators to find their password. Patch + by Philipp Winter. Fixes #10887. - Add --password-file switch for providing scramblesuit passwords. Patch by irregulator. Fixes #8040. - Fix bug to prevent denial-of-service attacks targeting the diff --git a/obfsproxy/transports/scramblesuit/const.py b/obfsproxy/transports/scramblesuit/const.py index 8addabc..df4b0af 100644 --- a/obfsproxy/transports/scramblesuit/const.py +++ b/obfsproxy/transports/scramblesuit/const.py @@ -18,6 +18,10 @@ TICKET_AES_CBC_IV_LENGTH = 16 # directory but is later set by `setStateLocation()' in util.py. STATE_LOCATION = "" +# Contains a ready-to-use bridge descriptor (in managed mode) or simply the +# server's bind address together with the password (in external mode). +PASSWORD_FILE = "server_password" + # Divisor (in seconds) for the Unix epoch used to defend against replay # attacks. EPOCH_GRANULARITY = 3600 diff --git a/obfsproxy/transports/scramblesuit/scramblesuit.py b/obfsproxy/transports/scramblesuit/scramblesuit.py index 725c253..9f5daf5 100644 --- a/obfsproxy/transports/scramblesuit/scramblesuit.py +++ b/obfsproxy/transports/scramblesuit/scramblesuit.py @@ -133,7 +133,18 @@ class ScrambleSuitTransport( base.BaseTransport ): "'generate_password.py' to generate a good " \ "password." % cfg["password"]) - cls.uniformDHSecret = cls.uniformDHSecret.strip() + if cls.weAreServer: + if not hasattr(cls, "uniformDHSecret"): + log.debug("Using fallback password for descriptor file.") + srv = state.load() + cls.uniformDHSecret = srv.fallbackPassword + + if len(cls.uniformDHSecret) != const.SHARED_SECRET_LENGTH: + raise base.TransportSetupFailed( + "Wrong password length (%d instead of %d)" + % len(cls.uniformDHSecret), const.SHARED_SECRET_LENGTH) + + state.writeServerPassword(cls.uniformDHSecret) @classmethod def get_public_server_options( cls, transportOptions ): diff --git a/obfsproxy/transports/scramblesuit/state.py b/obfsproxy/transports/scramblesuit/state.py index 5158f5e..ce6a5d1 100644 --- a/obfsproxy/transports/scramblesuit/state.py +++ b/obfsproxy/transports/scramblesuit/state.py @@ -17,6 +17,7 @@ import const import replay import mycrypto import probdist +import base64 import obfsproxy.common.log as logging @@ -51,6 +52,31 @@ def load( ): return stateObject +def writeServerPassword( password ): + """ + Dump our ScrambleSuit server descriptor to file. + + The file should make it easy for bridge operators to obtain copy & + pasteable server descriptors. + """ + + assert len(password) == const.SHARED_SECRET_LENGTH + assert const.STATE_LOCATION != "" + + passwordFile = os.path.join(const.STATE_LOCATION, const.PASSWORD_FILE) + log.info("Writing server password to file `%s'." % passwordFile) + + password_str = "# You are supposed to give this password to your clients to append it to their Bridge line" + password_str = "# For example: Bridge scramblesuit 192.0.2.1:5555 EXAMPLEFINGERPRINTNOTREAL password=EXAMPLEPASSWORDNOTREAL" + password_str = "# Here is your password:" + password_str = "password=%s\n" % base64.b32encode(password) + try: + with open(passwordFile, 'w') as fd: + fd.write(password_str) + except IOError as err: + log.error("Error writing password file to `%s': %s" % + (passwordFile, err)) + class State( object ): """

1 0

[obfsproxy/master] Catch some exceptions in scramblesuit's setup() and fail gracefully.
by asn＠torproject.org 16 Jul '14

16 Jul '14

commit 879181dd50980a329f345b5784fc37cf1abecf6a Author: George Kadianakis <desnacked(a)riseup.net> Date: Fri May 9 15:39:58 2014 +0100 Catch some exceptions in scramblesuit's setup() and fail gracefully. Conflicts: obfsproxy/transports/scramblesuit/scramblesuit.py --- obfsproxy/managed/client.py | 8 +++++++- obfsproxy/managed/server.py | 8 +++++++- obfsproxy/transports/base.py | 3 +++ obfsproxy/transports/scramblesuit/scramblesuit.py | 18 +++++++++++------- 4 files changed, 28 insertions(+), 9 deletions(-) diff --git a/obfsproxy/managed/client.py b/obfsproxy/managed/client.py index f819e1a..8210a27 100644 --- a/obfsproxy/managed/client.py +++ b/obfsproxy/managed/client.py @@ -6,6 +6,7 @@ from twisted.internet import reactor, error import obfsproxy.network.launch_transport as launch_transport import obfsproxy.network.network as network import obfsproxy.transports.transports as transports +import obfsproxy.transports.base as base import obfsproxy.common.log as logging import obfsproxy.common.transport_config as transport_config @@ -53,7 +54,12 @@ def do_managed_client(): # Call setup() method for this transport. transport_class = transports.get_transport_class(transport, 'socks') - transport_class.setup(pt_config) + try: + transport_class.setup(pt_config) + except base.TransportSetupFailed, err: + log.warning("Transport '%s' failed during setup()." % transport) + ptclient.reportMethodError(transport, "setup() failed: %s." % (err)) + continue try: addrport = launch_transport.launch_transport_listener(transport, None, 'socks', None, pt_config) diff --git a/obfsproxy/managed/server.py b/obfsproxy/managed/server.py index eeca339..66c7fb5 100644 --- a/obfsproxy/managed/server.py +++ b/obfsproxy/managed/server.py @@ -7,6 +7,7 @@ from pyptlib.server import ServerTransportPlugin from pyptlib.config import EnvError import obfsproxy.transports.transports as transports +import obfsproxy.transports.base as base import obfsproxy.network.launch_transport as launch_transport import obfsproxy.common.log as logging import obfsproxy.common.transport_config as transport_config @@ -52,7 +53,12 @@ def do_managed_server(): # Call setup() method for this tranpsort. transport_class = transports.get_transport_class(transport, 'server') - transport_class.setup(pt_config) + try: + transport_class.setup(pt_config) + except base.TransportSetupFailed, err: + log.warning("Transport '%s' failed during setup()." % transport) + ptserver.reportMethodError(transport, "setup() failed: %s." % (err)) + continue try: if ext_orport: diff --git a/obfsproxy/transports/base.py b/obfsproxy/transports/base.py index b9140c0..a2b78f1 100644 --- a/obfsproxy/transports/base.py +++ b/obfsproxy/transports/base.py @@ -48,6 +48,8 @@ class BaseTransport(object): Receive Pluggable Transport Config, perform setup task and save state in class attributes. Called at obfsproxy startup. + + Raise TransportSetupFailed if something goes wrong. """ @classmethod @@ -153,3 +155,4 @@ class BaseTransport(object): class PluggableTransportError(Exception): pass class SOCKSArgsError(Exception): pass +class TransportSetupFailed(Exception): pass diff --git a/obfsproxy/transports/scramblesuit/scramblesuit.py b/obfsproxy/transports/scramblesuit/scramblesuit.py index 9f5daf5..1479f12 100644 --- a/obfsproxy/transports/scramblesuit/scramblesuit.py +++ b/obfsproxy/transports/scramblesuit/scramblesuit.py @@ -125,13 +125,12 @@ class ScrambleSuitTransport( base.BaseTransport ): if cfg and "password" in cfg: try: cls.uniformDHSecret = base64.b32decode(util.sanitiseBase32( - cfg["password"])) - except TypeError as error: - log.error(error.message) - raise base.PluggableTransportError("Given password '%s' " \ - "is not valid Base32! Run " \ - "'generate_password.py' to generate a good " \ - "password." % cfg["password"]) + cfg["password"])) + except (TypeError, AttributeError) as error: + raise base.TransportSetupFailed( + "Password could not be base32 decoded (%s)" % error) + + cls.uniformDHSecret = cls.uniformDHSecret.strip() if cls.weAreServer: if not hasattr(cls, "uniformDHSecret"): @@ -144,6 +143,11 @@ class ScrambleSuitTransport( base.BaseTransport ): "Wrong password length (%d instead of %d)" % len(cls.uniformDHSecret), const.SHARED_SECRET_LENGTH) + if not const.STATE_LOCATION: + raise base.TransportSetupFailed( + "No state location set. If you are using external mode, " \ + "please set it using the --data-dir switch.") + state.writeServerPassword(cls.uniformDHSecret) @classmethod

1 0

[obfsproxy/master] Remove a broken unittest.
by asn＠torproject.org 16 Jul '14

16 Jul '14

commit 7418e247a720de23131725629135234aba8a299a Author: George Kadianakis <desnacked(a)riseup.net> Date: Tue Jul 15 16:45:47 2014 +0300 Remove a broken unittest. --- obfsproxy/test/transports/test_scramblesuit.py | 7 ------- 1 file changed, 7 deletions(-) diff --git a/obfsproxy/test/transports/test_scramblesuit.py b/obfsproxy/test/transports/test_scramblesuit.py index 0a71080..9cb227f 100644 --- a/obfsproxy/test/transports/test_scramblesuit.py +++ b/obfsproxy/test/transports/test_scramblesuit.py @@ -239,13 +239,6 @@ class UtilTest( unittest.TestCase ): e = util.getEpoch() self.failUnless(isinstance(e, basestring)) - def test6_writeToFile( self ): - f = tempfile.mktemp() - content = "ThisIsATest\n" - util.writeToFile(content, f) - self.failUnless(util.readFromFile(f) == content) - os.unlink(f) - def test7_readFromFile( self ): # Read from non-existant file.

1 0

[obfsproxy/master] When in external mode, only call setup() of the transports we are launching.
by asn＠torproject.org 16 Jul '14

16 Jul '14

commit 3d636a9660ffef71f1ec3d5ecbe4179098ebcbd7 Author: George Kadianakis <desnacked(a)riseup.net> Date: Fri May 9 15:50:57 2014 +0100 When in external mode, only call setup() of the transports we are launching. --- ChangeLog | 2 ++ obfsproxy/pyobfsproxy.py | 7 ++++--- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/ChangeLog b/ChangeLog index b6a2ad4..bca3df6 100644 --- a/ChangeLog +++ b/ChangeLog @@ -14,6 +14,8 @@ Changes in version 0.2.11 - UNRELEASED: Thanks to Yawning Angel. - Improve scramblesuit's packet morphing algorithm. Fixes bug #10991. Thanks to Yawning Angel. + - When in external mode, only call the setup() method of the + transport we are going to launch, not of all transports. Changes in version 0.2.10 - 2014-06-05: diff --git a/obfsproxy/pyobfsproxy.py b/obfsproxy/pyobfsproxy.py index b91ccc1..90e5729 100755 --- a/obfsproxy/pyobfsproxy.py +++ b/obfsproxy/pyobfsproxy.py @@ -98,7 +98,7 @@ def do_external_mode(args): pt_config.setProxy(proxy) # Run setup() method. - run_transport_setup(pt_config) + run_transport_setup(pt_config, args.name) launch_transport.launch_transport_listener(args.name, args.listen_addr, args.mode, args.dest, pt_config, args.ext_cookie_file) log.info("Launched '%s' listener at '%s:%s' for transport '%s'." % \ @@ -143,10 +143,11 @@ def consider_cli_args(args): log.error("Failed to parse proxy specifier: %s", e) sys.exit(1) -def run_transport_setup(pt_config): +def run_transport_setup(pt_config, transport_name): """Run the setup() method for our transports.""" for transport, transport_class in transports.transports.items(): - transport_class['base'].setup(pt_config) + if transport == transport_name: + transport_class['base'].setup(pt_config) def pyobfsproxy(): """Actual pyobfsproxy entry-point."""

1 0