February 2015 - tor-commits - lists.torproject.org

[translation/https_everywhere] Update translations for https_everywhere
by translation＠torproject.org 20 Feb '15

20 Feb '15

commit d9ffc0ebba8a3bf40d328cc9caf5dbeaeab55b12 Author: Translation commit bot <translation(a)torproject.org> Date: Fri Feb 20 11:45:14 2015 +0000 Update translations for https_everywhere --- th/https-everywhere.dtd | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/th/https-everywhere.dtd b/th/https-everywhere.dtd index d652728..13dc10d 100644 --- a/th/https-everywhere.dtd +++ b/th/https-everywhere.dtd @@ -15,7 +15,7 @@ <!ENTITY https-everywhere.menu.observatory "ปรับแต่งหอสำรวจ SSL"> <!ENTITY https-everywhere.menu.globalEnable "เปิดใช้ HTTPS Everywhere"> <!ENTITY https-everywhere.menu.globalDisable "ปิดใช้ HTTPS Everywhere"> -<!ENTITY https-everywhere.menu.blockHttpRequests "Block all HTTP requests"> +<!ENTITY https-everywhere.menu.blockHttpRequests "หยุดการเชื่อมต่อผ่าน HTTP"> <!ENTITY https-everywhere.menu.showCounter "แสดงตัวนับ"> <!ENTITY https-everywhere.prefs.title "ปรับแต่ง HTTPS Everywhere"> @@ -44,6 +44,6 @@ <!ENTITY https-everywhere.popup.keep "คงอยู่ในรุ่นพัฒนา"> <!ENTITY https-everywhere.popup.revert "ดาวน์โหลดรุ่นเสถียรล่าสุด"> -<!ENTITY https-everywhere.ruleset-tests.status_title "HTTPS Everywhere Ruleset Tests"> +<!ENTITY https-everywhere.ruleset-tests.status_title "การทดสอบกฎ HTTPS"> <!ENTITY https-everywhere.ruleset-tests.status_cancel_button "ยกเลิก"> <!ENTITY https-everywhere.ruleset-tests.status_start_button "เริ่ม">

1 0

[translation/tor-launcher-properties] Update translations for tor-launcher-properties
by translation＠torproject.org 20 Feb '15

20 Feb '15

commit 6bfe994f914546bc918c727136473de440ef6aae Author: Translation commit bot <translation(a)torproject.org> Date: Fri Feb 20 11:15:30 2015 +0000 Update translations for tor-launcher-properties --- hi/torlauncher.properties | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hi/torlauncher.properties b/hi/torlauncher.properties index 2bea597..f093ec6 100644 --- a/hi/torlauncher.properties +++ b/hi/torlauncher.properties @@ -46,7 +46,7 @@ torlauncher.bootstrapStatus.loading_status=Loading network status torlauncher.bootstrapStatus.loading_keys=Loading authority certificates torlauncher.bootstrapStatus.requesting_descriptors=Requesting relay information torlauncher.bootstrapStatus.loading_descriptors=Loading relay information -torlauncher.bootstrapStatus.conn_or=Connecting to the Tor network +torlauncher.bootstrapStatus.conn_or=टोर संजाल से जुड़ रहा है torlauncher.bootstrapStatus.handshake_or=Establishing a Tor circuit torlauncher.bootstrapStatus.done=Connected to the Tor network!

1 0

[translation/tor-launcher-progress_completed] Update translations for tor-launcher-progress_completed
by translation＠torproject.org 20 Feb '15

20 Feb '15

commit 4f8a4e0bced7541c587e5a0ab3174b8b7b004938 Author: Translation commit bot <translation(a)torproject.org> Date: Fri Feb 20 10:45:35 2015 +0000 Update translations for tor-launcher-progress_completed --- hi/progress.dtd | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/hi/progress.dtd b/hi/progress.dtd new file mode 100644 index 0000000..87f2f41 --- /dev/null +++ b/hi/progress.dtd @@ -0,0 +1,4 @@ +<!ENTITY torprogress.dialog.title "टोर स्थिति"> +<!ENTITY torprogress.openSettings "व्यवस्था खोलें"> +<!ENTITY torprogress.heading "टोर संजाल से जुड़ रहा है"> +<!ENTITY torprogress.pleaseWait "टोर संजाल से संचार स्थापित होने तक प्रतीक्षा करें।">

1 0

[translation/tor-launcher-progress] Update translations for tor-launcher-progress
by translation＠torproject.org 20 Feb '15

20 Feb '15

commit 364f8038796007168f8733c25ceca85f5a52cd1f Author: Translation commit bot <translation(a)torproject.org> Date: Fri Feb 20 10:45:31 2015 +0000 Update translations for tor-launcher-progress --- hi/progress.dtd | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/hi/progress.dtd b/hi/progress.dtd index ebd9cef..87f2f41 100644 --- a/hi/progress.dtd +++ b/hi/progress.dtd @@ -1,4 +1,4 @@ -<!ENTITY torprogress.dialog.title "Tor Status"> -<!ENTITY torprogress.openSettings "Open Settings"> -<!ENTITY torprogress.heading "Connecting to the Tor network"> -<!ENTITY torprogress.pleaseWait "Please wait while we establish a connection to the Tor network."> +<!ENTITY torprogress.dialog.title "टोर स्थिति"> +<!ENTITY torprogress.openSettings "व्यवस्था खोलें"> +<!ENTITY torprogress.heading "टोर संजाल से जुड़ रहा है"> +<!ENTITY torprogress.pleaseWait "टोर संजाल से संचार स्थापित होने तक प्रतीक्षा करें।">

1 0

[tor/master] Rewrite the logic for deciding when to drop old/superseded certificates
by nickm＠torproject.org 20 Feb '15

20 Feb '15

commit 69df16e3765383bd59fd2fbedbb5301f3b58ab14 Author: Nick Mathewson <nickm(a)torproject.org> Date: Thu Jan 8 11:20:26 2015 -0500 Rewrite the logic for deciding when to drop old/superseded certificates Fixes bug 11454, where we would keep around a superseded descriptor if the descriptor replacing it wasn't at least a week later. Bugfix on 0.2.1.8-alpha. Fixes bug 11457, where a certificate with a publication time in the future could make us discard existing (and subsequent!) certificates with correct publication times. Bugfix on 0.2.0.3-alpha. --- changes/bug11454 | 6 ++++ changes/bug11457 | 5 ++++ src/common/container.h | 11 ++++++++ src/or/routerlist.c | 73 ++++++++++++++++++++++++++++++------------------ 4 files changed, 68 insertions(+), 27 deletions(-) diff --git a/changes/bug11454 b/changes/bug11454 new file mode 100644 index 0000000..da793de --- /dev/null +++ b/changes/bug11454 @@ -0,0 +1,6 @@ + o Minor bugfixes: + - Remove any old authority certificates that have been superseded + for at least two days. Previously, we would keep superseded + certificates until they expired, if they were published close + in time to the certificate that superseded them. + Fixes bug 11454; bugfix on 0.2.1.8-alpha. diff --git a/changes/bug11457 b/changes/bug11457 new file mode 100644 index 0000000..a8b76f6 --- /dev/null +++ b/changes/bug11457 @@ -0,0 +1,5 @@ + o Minor bugfixes: + - If an authority operator accidentally makes a signing certificate with + a future publication time, do not discard its real signing + certificates. Fixes bug 11457; bugfix on 0.2.0.3-alpha. + diff --git a/src/common/container.h b/src/common/container.h index 377cdf5..c704833 100644 --- a/src/common/container.h +++ b/src/common/container.h @@ -243,6 +243,17 @@ char *smartlist_join_strings2(smartlist_t *sl, const char *join, STMT_END /** Helper: While in a SMARTLIST_FOREACH loop over the list sl indexed + * with the variable var, remove the current element in a way that + * won't confuse the loop. */ +#define SMARTLIST_DEL_CURRENT_KEEPORDER(sl, var) \ + STMT_BEGIN \ + smartlist_del_keeporder(sl, var ## _sl_idx); \ + --var ## _sl_idx; \ + --var ## _sl_len; \ + STMT_END + + +/** Helper: While in a SMARTLIST_FOREACH loop over the list sl indexed * with the variable var, replace the current element with val. * Does not deallocate the current value of var. */ diff --git a/src/or/routerlist.c b/src/or/routerlist.c index 6cb052c..7112282 100644 --- a/src/or/routerlist.c +++ b/src/or/routerlist.c @@ -449,6 +449,19 @@ trusted_dirs_flush_certs_to_disk(void) trusted_dir_servers_certs_changed = 0; } +static int +compare_certs_by_pubdates(const void **_a, const void **_b) +{ + const authority_cert_t *cert1 = *_a, *cert2=*_b; + + if (cert1->cache_info.published_on < cert2->cache_info.published_on) + return -1; + else if (cert1->cache_info.published_on > cert2->cache_info.published_on) + return 1; + else + return 0; +} + /** Remove all expired v3 authority certificates that have been superseded for * more than 48 hours or, if not expired, that were published more than 7 days * before being superseded. (If the most recent cert was published more than 48 @@ -459,38 +472,44 @@ trusted_dirs_remove_old_certs(void) { time_t now = time(NULL); #define DEAD_CERT_LIFETIME (2*24*60*60) -#define OLD_CERT_LIFETIME (7*24*60*60) +#define SUPERSEDED_CERT_LIFETIME (2*24*60*60) if (!trusted_dir_certs) return; DIGESTMAP_FOREACH(trusted_dir_certs, key, cert_list_t *, cl) { - authority_cert_t *newest = NULL; - SMARTLIST_FOREACH(cl->certs, authority_cert_t *, cert, - if (!newest || (cert->cache_info.published_on > - newest->cache_info.published_on)) - newest = cert); - if (newest) { - const time_t newest_published = newest->cache_info.published_on; - SMARTLIST_FOREACH_BEGIN(cl->certs, authority_cert_t *, cert) { - int expired; - time_t cert_published; - if (newest == cert) - continue; - /* resolve spurious clang shallow analysis null pointer errors */ - tor_assert(cert); - expired = now > cert->expires; - cert_published = cert->cache_info.published_on; - /* Store expired certs for 48 hours after a newer arrives; + /* Sort the list from first-published to last-published */ + smartlist_sort(cl->certs, compare_certs_by_pubdates); + + SMARTLIST_FOREACH_BEGIN(cl->certs, authority_cert_t *, cert) { + if (cert_sl_idx == smartlist_len(cl->certs) - 1) { + /* This is the most recently published cert. Keep it. */ + continue; + } + authority_cert_t *next_cert = smartlist_get(cl->certs, cert_sl_idx+1); + const time_t next_cert_published = next_cert->cache_info.published_on; + if (next_cert_published > now) { + /* All later certs are published in the future. Keep everything + * we didn't discard. */ + break; + } + int should_remove = 0; + if (cert->expires + DEAD_CERT_LIFETIME < now) { + /* Certificate has been expired for at least DEAD_CERT_LIFETIME. + * Remove it. */ + should_remove = 1; + } else if (next_cert_published + SUPERSEDED_CERT_LIFETIME < now) { + /* Certificate has been superseded for OLD_CERT_LIFETIME. + * Remove it. */ - if (expired ? - (newest_published + DEAD_CERT_LIFETIME < now) : - (cert_published + OLD_CERT_LIFETIME < newest_published)) { - SMARTLIST_DEL_CURRENT(cl->certs, cert); - authority_cert_free(cert); - trusted_dir_servers_certs_changed = 1; - } - } SMARTLIST_FOREACH_END(cert); - } + should_remove = 1; + } + if (should_remove) { + SMARTLIST_DEL_CURRENT_KEEPORDER(cl->certs, cert); + authority_cert_free(cert); + trusted_dir_servers_certs_changed = 1; + } + } SMARTLIST_FOREACH_END(cert); + } DIGESTMAP_FOREACH_END; #undef DEAD_CERT_LIFETIME #undef OLD_CERT_LIFETIME

1 0

[tor/master] Merge remote-tracking branch 'public/bug11454_11457'
by nickm＠torproject.org 20 Feb '15

20 Feb '15

commit 8a9d86bf05110426e05c5dde4b22e45dfa99f8e9 Merge: 03a4e97 69df16e Author: Nick Mathewson <nickm(a)torproject.org> Date: Fri Feb 20 01:08:12 2015 -0500 Merge remote-tracking branch 'public/bug11454_11457' changes/bug11454 | 6 ++++ changes/bug11457 | 5 ++++ src/common/container.h | 11 ++++++++ src/or/routerlist.c | 73 ++++++++++++++++++++++++++++++------------------ 4 files changed, 68 insertions(+), 27 deletions(-)

1 0

[tor/master] Faravahar's New IP Address as of 2/20/2015
by nickm＠torproject.org 20 Feb '15

20 Feb '15

commit 8e61d38cf107560a55ebdb8397230f3d88548745 Author: Sina Rabbani <sina(a)redteam.net> Date: Fri Feb 13 09:47:43 2015 -0800 Faravahar's New IP Address as of 2/20/2015 --- changes/ticket14487 | 3 +++ src/or/config.c | 2 +- 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/changes/ticket14487 b/changes/ticket14487 new file mode 100644 index 0000000..577337f --- /dev/null +++ b/changes/ticket14487 @@ -0,0 +1,3 @@ + o Directory authority IP change: + - The directory authority Faravahar has a new IP address. Closes + ticket 14487. diff --git a/src/or/config.c b/src/or/config.c index 6a0d3da..fde88ad 100644 --- a/src/or/config.c +++ b/src/or/config.c @@ -809,7 +809,7 @@ add_default_trusted_dir_authorities(dirinfo_type_t type) "171.25.193.9:443 BD6A 8292 55CB 08E6 6FBE 7D37 4836 3586 E46B 3810", "Faravahar orport=443 no-v2 " "v3ident=EFCBE720AB3A82B99F9E953CD5BF50F7EEFC7B97 " - "154.35.32.5:80 CF6D 0AAF B385 BE71 B8E1 11FC 5CFF 4B47 9237 33BC", + "154.35.175.225:80 CF6D 0AAF B385 BE71 B8E1 11FC 5CFF 4B47 9237 33BC", "longclaw orport=443 no-v2 " "v3ident=23D15D965BC35114467363C165C4F724B64B4F66 " "199.254.238.52:80 74A9 1064 6BCE EFBC D2E8 74FC 1DC9 9743 0F96 8145",

1 0

[tor/master] Merge remote-tracking branch 'origin/maint-0.2.4' into maint-0.2.5
by nickm＠torproject.org 20 Feb '15

20 Feb '15

commit 1525eeeb49a4666069371a8300d6fa1c22c04de3 Merge: 7cbdec5 8e61d38 Author: Nick Mathewson <nickm(a)torproject.org> Date: Fri Feb 20 01:04:26 2015 -0500 Merge remote-tracking branch 'origin/maint-0.2.4' into maint-0.2.5 changes/ticket14487 | 3 +++ src/or/config.c | 2 +- 2 files changed, 4 insertions(+), 1 deletion(-) diff --cc src/or/config.c index 8921082,fde88ad..2a7237d --- a/src/or/config.c +++ b/src/or/config.c @@@ -856,23 -794,23 +856,23 @@@ add_default_trusted_dir_authorities(dir "86.59.21.38:80 847B 1F85 0344 D787 6491 A548 92F9 0493 4E4E B85D", "dizum orport=443 v3ident=E8A9C45EDE6D711294FADF8E7951F4DE6CA56B58 " "194.109.206.212:80 7EA6 EAD6 FD83 083C 538F 4403 8BBF A077 587D D755", - "Tonga orport=443 bridge no-v2 82.94.251.203:80 " + "Tonga orport=443 bridge 82.94.251.203:80 " "4A0C CD2D DC79 9508 3D73 F5D6 6710 0C8A 5831 F16D", - "gabelmoo orport=443 no-v2 " + "gabelmoo orport=443 " "v3ident=ED03BB616EB2F60BEC80151114BB25CEF515B226 " "131.188.40.189:80 F204 4413 DAC2 E02E 3D6B CF47 35A1 9BCA 1DE9 7281", - "dannenberg orport=443 no-v2 " + "dannenberg orport=443 " "v3ident=585769C78764D58426B8B52B6651A5A71137189A " "193.23.244.244:80 7BE6 83E6 5D48 1413 21C5 ED92 F075 C553 64AC 7123", - "urras orport=80 no-v2 v3ident=80550987E1D626E3EBA5E5E75A458DE0626D088C " + "urras orport=80 v3ident=80550987E1D626E3EBA5E5E75A458DE0626D088C " "208.83.223.34:443 0AD3 FA88 4D18 F89E EA2D 89C0 1937 9E0E 7FD9 4417", - "maatuska orport=80 no-v2 " + "maatuska orport=80 " "v3ident=49015F787433103580E3B66A1707A00E60F2D15B " "171.25.193.9:443 BD6A 8292 55CB 08E6 6FBE 7D37 4836 3586 E46B 3810", - "Faravahar orport=443 no-v2 " + "Faravahar orport=443 " "v3ident=EFCBE720AB3A82B99F9E953CD5BF50F7EEFC7B97 " - "154.35.32.5:80 CF6D 0AAF B385 BE71 B8E1 11FC 5CFF 4B47 9237 33BC", + "154.35.175.225:80 CF6D 0AAF B385 BE71 B8E1 11FC 5CFF 4B47 9237 33BC", - "longclaw orport=443 no-v2 " + "longclaw orport=443 " "v3ident=23D15D965BC35114467363C165C4F724B64B4F66 " "199.254.238.52:80 74A9 1064 6BCE EFBC D2E8 74FC 1DC9 9743 0F96 8145", NULL

1 0

[tor/master] Merge remote-tracking branch 'origin/maint-0.2.5'
by nickm＠torproject.org 20 Feb '15

20 Feb '15

commit 03a4e97c76b2021ec7246da03fb31d337fb50f9b Merge: 5334bcd 1525eee Author: Nick Mathewson <nickm(a)torproject.org> Date: Fri Feb 20 01:05:21 2015 -0500 Merge remote-tracking branch 'origin/maint-0.2.5' changes/ticket14487 | 3 +++ src/or/config.c | 2 +- 2 files changed, 4 insertions(+), 1 deletion(-)

1 0

[tor/maint-0.2.5] Faravahar's New IP Address as of 2/20/2015
by nickm＠torproject.org 20 Feb '15

20 Feb '15

commit 8e61d38cf107560a55ebdb8397230f3d88548745 Author: Sina Rabbani <sina(a)redteam.net> Date: Fri Feb 13 09:47:43 2015 -0800 Faravahar's New IP Address as of 2/20/2015 --- changes/ticket14487 | 3 +++ src/or/config.c | 2 +- 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/changes/ticket14487 b/changes/ticket14487 new file mode 100644 index 0000000..577337f --- /dev/null +++ b/changes/ticket14487 @@ -0,0 +1,3 @@ + o Directory authority IP change: + - The directory authority Faravahar has a new IP address. Closes + ticket 14487. diff --git a/src/or/config.c b/src/or/config.c index 6a0d3da..fde88ad 100644 --- a/src/or/config.c +++ b/src/or/config.c @@ -809,7 +809,7 @@ add_default_trusted_dir_authorities(dirinfo_type_t type) "171.25.193.9:443 BD6A 8292 55CB 08E6 6FBE 7D37 4836 3586 E46B 3810", "Faravahar orport=443 no-v2 " "v3ident=EFCBE720AB3A82B99F9E953CD5BF50F7EEFC7B97 " - "154.35.32.5:80 CF6D 0AAF B385 BE71 B8E1 11FC 5CFF 4B47 9237 33BC", + "154.35.175.225:80 CF6D 0AAF B385 BE71 B8E1 11FC 5CFF 4B47 9237 33BC", "longclaw orport=443 no-v2 " "v3ident=23D15D965BC35114467363C165C4F724B64B4F66 " "199.254.238.52:80 74A9 1064 6BCE EFBC D2E8 74FC 1DC9 9743 0F96 8145",

1 0