June 2015 - tor-commits - lists.torproject.org

[bridgedb/develop] Remove extra whitespace from bridgedb.bridges.Bridge docstring.
by isis＠torproject.org 02 Jun '15

02 Jun '15

commit 7c142b4d3a6646f531574bba77c283ffc0a479d0 Author: Isis Lovecruft <isis(a)torproject.org> Date: Sun May 10 22:23:00 2015 +0000 Remove extra whitespace from bridgedb.bridges.Bridge docstring. Conflicts: lib/bridgedb/bridges.py --- lib/bridgedb/bridges.py | 13 ------------- 1 file changed, 13 deletions(-) diff --git a/lib/bridgedb/bridges.py b/lib/bridgedb/bridges.py index 65acbc7..37e17cd 100644 --- a/lib/bridgedb/bridges.py +++ b/lib/bridgedb/bridges.py @@ -775,16 +775,12 @@ class Bridge(BridgeBackwardsCompatibility): :type fingerprint: str or ``None`` :ivar fingerprint: This ``Bridge``'s fingerprint, in lowercased hexadecimal format. - :type nickname: str or ``None`` :ivar nickname: This ``Bridge``'s router nickname. - :type socksPort: int :ivar socksPort: This ``Bridge``'s SOCKSPort. Should always be ``0``. - :type dirPort: int :ivar dirPort: This ``Bridge``'s DirPort. Should always be ``0``. - :type orAddresses: list :ivar orAddresses: A list of 3-tuples in the form:: (ADDRESS, PORT, IP_VERSION) @@ -792,39 +788,30 @@ class Bridge(BridgeBackwardsCompatibility): * ADDRESS is an :class:`ipaddr.IPAddress`, * PORT is an ``int``, * IP_VERSION is either ``4`` or ``6``. - :type transports: list :ivar transports: A list of :class:`PluggableTransport`s, one for each transport that this :class:`Bridge` currently supports. - :type flags: :class:`~bridgedb.bridges.Flags` :ivar flags: All flags assigned by the BridgeAuthority to this :class:`Bridge`. - :type hibernating: bool :ivar hibernating: ``True`` if this :class:`Bridge` is hibernating and not currently serving clients (e.g. if the Bridge hit its configured ``RelayBandwidthLimit``); ``False`` otherwise. - :type _blockedIn: dict :ivar _blockedIn: A dictionary of ``ADDRESS:PORT`` pairs to lists of lowercased, two-letter country codes (e.g. ``"us"``, ``"gb"``, ``"cn"``, etc.) which that ``ADDRESS:PORT`` pair is blocked in. - :type contact: str or ``None`` :ivar contact: The contact information for the this Bridge's operator. - :type family: set or ``None`` :ivar family: The fingerprints of other Bridges related to this one. - :type platform: str or ``None`` :ivar platform: The ``platform`` line taken from the ``@type bridge-server-descriptor``, e.g. ``'Tor 0.2.5.4-alpha on Linux'``. - :type software: :api:`stem.version.Version` or ``None`` :ivar software: The OR version portion of the ``platform`` line. - :type os: str or None :ivar os: The OS portion of the ``platform`` line. """

1 0

[bridgedb/develop] Decrease logging in bridgedb.bridges.Flags.update().
by isis＠torproject.org 02 Jun '15

02 Jun '15

commit ce6bb3db25117178e38e4b418df48a9efdb35623 Author: Isis Lovecruft <isis(a)torproject.org> Date: Sun May 10 22:20:42 2015 +0000 Decrease logging in bridgedb.bridges.Flags.update(). --- lib/bridgedb/bridges.py | 5 ----- 1 file changed, 5 deletions(-) diff --git a/lib/bridgedb/bridges.py b/lib/bridgedb/bridges.py index 65a462c..65acbc7 100644 --- a/lib/bridgedb/bridges.py +++ b/lib/bridgedb/bridges.py @@ -120,11 +120,6 @@ class Flags(object): self.stable = 'Stable' in flags self.valid = 'Valid' in flags - if not self.running: - logging.debug("Bridge doesn't have the Running flag.") - if not self.stable: - logging.debug("Bridge doesn't have the Stable flag.") - class BridgeAddressBase(object): """A base class for describing one of a :class:`Bridge`'s or a

1 0

[bridgedb/develop] Add tests for Bridge.allVanillaAddresses idempotency and reentrancy.
by isis＠torproject.org 02 Jun '15

02 Jun '15

commit f8b5300f81aca52a6b34f36201fecf58ff817628 Author: Isis Lovecruft <isis(a)torproject.org> Date: Sun May 10 22:24:32 2015 +0000 Add tests for Bridge.allVanillaAddresses idempotency and reentrancy. --- lib/bridgedb/test/test_bridges.py | 113 +++++++++++++++++++++++++++++++++++++ 1 file changed, 113 insertions(+) diff --git a/lib/bridgedb/test/test_bridges.py b/lib/bridgedb/test/test_bridges.py index 7778b02..99fc458 100644 --- a/lib/bridgedb/test/test_bridges.py +++ b/lib/bridgedb/test/test_bridges.py @@ -988,6 +988,119 @@ class BridgeTests(unittest.TestCase): bridgePrefix=True) self.assertEqual(bridgeline, 'Bridge [6bf3:806b:78cd::4ced:cfad:dad4]:36488') + def test_Bridge_allVanillaAddresses_idempotency_self(self): + """Bridge.allVanillaAddresses should be idempotent, i.e. calling + allVanillaAddresses should not affect the results of subsequent calls. + """ + self.bridge.address = '1.1.1.1' + self.bridge.orPort = 443 + self.assertItemsEqual(self.bridge.allVanillaAddresses, + [(ipaddr.IPv4Address('1.1.1.1'), 443, 4)]) + self.assertItemsEqual(self.bridge.allVanillaAddresses, + [(ipaddr.IPv4Address('1.1.1.1'), 443, 4)]) + self.assertItemsEqual(self.bridge.allVanillaAddresses, + [(ipaddr.IPv4Address('1.1.1.1'), 443, 4)]) + + def test_Bridge_allVanillaAddresses_idempotency_others(self): + """Bridge.allVanillaAddresses should be idempotent, i.e. calling + allVanillaAddresses should not affect any of the Bridge's other + attributes (such as Bridge.orAddresses). + """ + self.bridge.address = '1.1.1.1' + self.bridge.orPort = 443 + self.assertItemsEqual(self.bridge.orAddresses, []) + self.assertItemsEqual(self.bridge.allVanillaAddresses, + [(ipaddr.IPv4Address('1.1.1.1'), 443, 4)]) + self.assertItemsEqual(self.bridge.orAddresses, []) + self.assertItemsEqual(self.bridge.allVanillaAddresses, + [(ipaddr.IPv4Address('1.1.1.1'), 443, 4)]) + self.assertItemsEqual(self.bridge.allVanillaAddresses, + [(ipaddr.IPv4Address('1.1.1.1'), 443, 4)]) + self.assertItemsEqual(self.bridge.allVanillaAddresses, + [(ipaddr.IPv4Address('1.1.1.1'), 443, 4)]) + self.assertItemsEqual(self.bridge.orAddresses, []) + + def test_Bridge_allVanillaAddresses_reentrancy_all(self): + """Bridge.allVanillaAddresses should be reentrant, i.e. updating the + Bridge's address, orPort, or orAddresses should update the value + returned by allVanillaAddresses. + """ + self.bridge.address = '1.1.1.1' + self.assertItemsEqual(self.bridge.allVanillaAddresses, + [(ipaddr.IPv4Address('1.1.1.1'), None, 4)]) + self.assertEqual(self.bridge.address, ipaddr.IPv4Address('1.1.1.1')) + self.assertEqual(self.bridge.orPort, None) + self.assertItemsEqual(self.bridge.orAddresses, []) + + self.bridge.orPort = 443 + self.assertItemsEqual(self.bridge.allVanillaAddresses, + [(ipaddr.IPv4Address('1.1.1.1'), 443, 4)]) + self.assertEqual(self.bridge.address, ipaddr.IPv4Address('1.1.1.1')) + self.assertEqual(self.bridge.orPort, 443) + self.assertItemsEqual(self.bridge.orAddresses, []) + + self.bridge.address = '2.2.2.2' + self.assertItemsEqual(self.bridge.allVanillaAddresses, + [(ipaddr.IPv4Address('2.2.2.2'), 443, 4)]) + self.assertEqual(self.bridge.address, ipaddr.IPv4Address('2.2.2.2')) + self.assertEqual(self.bridge.orPort, 443) + self.assertItemsEqual(self.bridge.orAddresses, []) + + self.bridge.orAddresses.append( + (ipaddr.IPv6Address('200::6ffb:11bb:a129'), 4443, 6)) + self.assertItemsEqual(self.bridge.allVanillaAddresses, + [(ipaddr.IPv4Address('2.2.2.2'), 443, 4), + (ipaddr.IPv6Address('200::6ffb:11bb:a129'), 4443, 6)]) + self.assertEqual(self.bridge.address, ipaddr.IPv4Address('2.2.2.2')) + self.assertEqual(self.bridge.orPort, 443) + self.assertItemsEqual(self.bridge.orAddresses, + [(ipaddr.IPv6Address('200::6ffb:11bb:a129'), 4443, 6)]) + + def test_Bridge_allVanillaAddresses_reentrancy_orPort(self): + """Calling Bridge.allVanillaAddresses before Bridge.orPort is set + should return ``None`` for the port value, and after Bridge.orPort is + set, it should return the orPort. + """ + self.bridge.address = '1.1.1.1' + self.assertItemsEqual(self.bridge.orAddresses, []) + self.assertItemsEqual(self.bridge.allVanillaAddresses, + [(ipaddr.IPv4Address('1.1.1.1'), None, 4)]) + self.assertItemsEqual(self.bridge.orAddresses, []) + + self.bridge.orPort = 443 + self.assertItemsEqual(self.bridge.allVanillaAddresses, + [(ipaddr.IPv4Address('1.1.1.1'), 443, 4)]) + self.assertItemsEqual(self.bridge.orAddresses, []) + + def test_Bridge_allVanillaAddresses_reentrancy_address(self): + """Calling Bridge.allVanillaAddresses before Bridge.address is set + should return ``None`` for the address value, and after Bridge.address + is set, it should return the address. + """ + self.bridge.orPort = 443 + self.assertItemsEqual(self.bridge.allVanillaAddresses, + [(None, 443, 4)]) + self.bridge.address = '1.1.1.1' + self.assertItemsEqual(self.bridge.allVanillaAddresses, + [(ipaddr.IPv4Address('1.1.1.1'), 443, 4)]) + + def test_Bridge_allVanillaAddresses_reentrancy_orAddresses(self): + """Calling Bridge.allVanillaAddresses before Bridge.orAddresses is set + should return only the Bridge's address and orPort. + """ + self.bridge.address = '1.1.1.1' + self.bridge.orPort = 443 + self.assertItemsEqual(self.bridge.allVanillaAddresses, + [(ipaddr.IPv4Address('1.1.1.1'), 443, 4)]) + self.assertItemsEqual(self.bridge.orAddresses, []) + self.bridge.orAddresses.append( + (ipaddr.IPv4Address('2.2.2.2'), 4443, 4)) + self.assertItemsEqual(self.bridge.orAddresses, + [(ipaddr.IPv4Address('2.2.2.2'), 4443, 4)]) + self.assertItemsEqual(self.bridge.allVanillaAddresses, + [(ipaddr.IPv4Address('2.2.2.2'), 4443, 4), + (ipaddr.IPv4Address('1.1.1.1'), 443, 4)]) + def test_Bridge_updateORAddresses_valid_and_invalid(self): """Bridge._updateORAddresses() called with a mixture of valid and invalid ORAddress tuples should only retain the valid ones.

1 0

[bridgedb/develop] Removed unused import of twisted.internet.defer from test_safelog.
by isis＠torproject.org 02 Jun '15

02 Jun '15

commit 57aa6d31d2c606e2cd3a0b8c6d97b9662236f675 Author: Isis Lovecruft <isis(a)torproject.org> Date: Sun May 10 22:16:03 2015 +0000 Removed unused import of twisted.internet.defer from test_safelog. --- lib/bridgedb/test/test_safelog.py | 1 - 1 file changed, 1 deletion(-) diff --git a/lib/bridgedb/test/test_safelog.py b/lib/bridgedb/test/test_safelog.py index bc92305..247db06 100644 --- a/lib/bridgedb/test/test_safelog.py +++ b/lib/bridgedb/test/test_safelog.py @@ -4,7 +4,6 @@ import re -from twisted.internet import defer from twisted.test.proto_helpers import StringTransport from twisted.trial import unittest

1 0

[bridgedb/develop] Spend even less time running benchmark tests.
by isis＠torproject.org 02 Jun '15

02 Jun '15

commit 80939644b8833243e64a7cb51783f83dc7603e73 Author: Isis Lovecruft <isis(a)torproject.org> Date: Sun May 10 22:09:01 2015 +0000 Spend even less time running benchmark tests. --- lib/bridgedb/test/test_parse_descriptors.py | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/lib/bridgedb/test/test_parse_descriptors.py b/lib/bridgedb/test/test_parse_descriptors.py index a7b22cf..46d86f1 100644 --- a/lib/bridgedb/test/test_parse_descriptors.py +++ b/lib/bridgedb/test/test_parse_descriptors.py @@ -499,6 +499,9 @@ class ParseDescriptorsTests(unittest.TestCase): def test_parse_descriptors_parseExtraInfoFiles_benchmark_1000_bridges(self): """Benchmark test for ``b.p.descriptors.parseExtraInfoFiles``.""" + raise SkipTest(("This test can take several minutes to complete. " + "Run it on your own free time.")) + print() for i in range(1, 6): descFiles = self.createDuplicatesForBenchmark(b=1000, n=i) @@ -509,7 +512,7 @@ class ParseDescriptorsTests(unittest.TestCase): """Benchmark test for ``b.p.descriptors.parseExtraInfoFiles``. The algorithm should grow linearly in the number of duplicates. """ - raise SkipTest(("This test takes ~7 minutes to complete. " + raise SkipTest(("This test can take several minutes to complete. " "Run it on your own free time.")) print()

1 0

[bridgedb/develop] Update copyright dates and version number for example bridgedb.conf.
by isis＠torproject.org 02 Jun '15

02 Jun '15

commit 8037df3a2d8475185175a22da66ba245f76fc934 Author: Isis Lovecruft <isis(a)torproject.org> Date: Sun May 10 22:05:44 2015 +0000 Update copyright dates and version number for example bridgedb.conf. --- bridgedb.conf | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/bridgedb.conf b/bridgedb.conf index 51d9047..2c83582 100644 --- a/bridgedb.conf +++ b/bridgedb.conf @@ -13,9 +13,9 @@ # :authors: The Tor Project, Inc. # :license: This file is freely distributed as part of BridgeDB, see LICENSE # for details. -# :copyright: (c) 2007-2014 The Tor Project, Inc. -# (c) 2007-2014, all sentient entities within the AUTHORS file -# :version: 0.0.14 +# :copyright: (c) 2007-2015 The Tor Project, Inc. +# (c) 2007-2015, all sentient entities within the AUTHORS file +# :version: 0.3.2 #=============================================================================== # # CHANGELOG:

1 0

[bridgedb/develop] Fix two typos in CHANGELOG entries and add description for #5463 entry.
by isis＠torproject.org 02 Jun '15

02 Jun '15

commit 4496bc7b895e8f81625dad6a237db53321bae832 Author: Isis Lovecruft <isis(a)torproject.org> Date: Sun May 10 22:03:52 2015 +0000 Fix two typos in CHANGELOG entries and add description for #5463 entry. --- CHANGELOG | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/CHANGELOG b/CHANGELOG index 6b428c5..4dc04f0 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -349,7 +349,7 @@ Changes in version 0.2.4 - 2015-02-03 * FIXES #13123 https://bugs.torproject.org/13123 Previously, there were two additional whitespace characters at the beginning of bridge lines handed out by BridgeDB's HTTPS - distributor, which would be annoying copy+pasted into TorLauncher + distributor, which would be annoyingly copy+pasted into TorLauncher and torrcs, etc. These are now gone. * FIXES #12664 https://bugs.torproject.org/12664 @@ -389,7 +389,7 @@ And includes the following general changes: Changes in version 0.2.3 - 2014-07-26 * FIXES #5463 https://bugs.torproject.org/5463 - XXX + BridgeDB can now OpenPGP sign outgoing emails. * FIXES #9385 https://bugs.torproject.org/9385 BridgeDB now has the ability to blacklist email addresses, and @@ -543,7 +543,7 @@ Changes in version 0.2.2 - 2014-06-06 If a user refreshed https://bridges.torproject.org/bridges after successfully solving a CAPTCHA, BridgeDB would reply with a new set of bridges for each page refresh. This was due to the use of - `getIterval()` in `IPBasedDistributor.getBridgesForIP()`.The + `getInterval()` in `IPBasedDistributor.getBridgesForIP()`. The correct function to use is `getIntervalStart()`. This had been noted in a "XXX FIXME" comment above the call for quite some time, however, when the `bridgedb.schedule` (previously called

1 0

[bridgedb/develop] Handle ConnectionRefusedError and DNSLookupError in get-tor-exits script.
by isis＠torproject.org 02 Jun '15

02 Jun '15

commit a3bcb12b281a3ffb23cf747991811d4f999a27a8 Author: Isis Lovecruft <isis(a)torproject.org> Date: Sun May 10 22:07:24 2015 +0000 Handle ConnectionRefusedError and DNSLookupError in get-tor-exits script. --- scripts/get-tor-exits | 17 ++++++++++++----- 1 file changed, 12 insertions(+), 5 deletions(-) diff --git a/scripts/get-tor-exits b/scripts/get-tor-exits index d4e59e3..fcd9fff 100755 --- a/scripts/get-tor-exits +++ b/scripts/get-tor-exits @@ -31,6 +31,8 @@ from twisted.internet import defer from twisted.internet import protocol from twisted.internet import reactor from twisted.internet import ssl +from twisted.internet.error import ConnectionRefusedError +from twisted.internet.error import DNSLookupError from twisted.internet.error import TimeoutError @@ -70,11 +72,16 @@ def getSelfIPAddress(): s.close() return ip.compressed -def handleTimeout(failure): - """Handle a **failure** due to a timedout connection attempt.""" - if failure.type == TimeoutError: +def handle(failure): + """Handle a **failure**.""" + if failure.type == ConnectionRefusedError: + log.msg("get-tor-exits: Could not download exitlist; connection was refused.") + elif failure.type == DNSLookupError: + log.msg("get-tor-exits: Could not download exitlist; domain resolution failed.") + elif failure.type == TimeoutError: log.msg("get-tor-exits: Could not download exitlist; connection timed out.") - failure.trap(TimeoutError) + + failure.trap(ConnectionRefusedError, DNSLookupError, TimeoutError) def writeToFile(response, filename): log.msg("get-tor-exits: Downloading list of Tor exit relays.") @@ -167,7 +174,7 @@ def main(filename=None, address=None, port=None): agent = client.Agent(reactor, contextFactory) d = agent.request("GET", check) d.addCallback(writeToFile, fh) - d.addErrback(handleTimeout) + d.addErrback(handle) d.addCallbacks(log.msg, log.err) if not reactor.running:

1 0

[tor/master] Merge remote-tracking branch 'public/bug15760_hard_026_v2'
by nickm＠torproject.org 02 Jun '15

02 Jun '15

commit e48f8e5e87603812a6b1844a5fa27bbc44a3543e Merge: 34edf17 8024f6a Author: Nick Mathewson <nickm(a)torproject.org> Date: Tue Jun 2 15:08:14 2015 -0400 Merge remote-tracking branch 'public/bug15760_hard_026_v2' configure.ac | 1 + src/common/tortls.c | 11 ++++++++++- 2 files changed, 11 insertions(+), 1 deletion(-)

1 0

[tor/master] A few more minor OpenSSL 1.1 fixes.
by nickm＠torproject.org 02 Jun '15

02 Jun '15

commit 8024f6a75f00044fd342323d26e9907fc571c283 Author: Yawning Angel <yawning(a)schwanenlied.me> Date: Tue Jun 2 18:58:57 2015 +0000 A few more minor OpenSSL 1.1 fixes. * Use `TLS_method()` instead of the deprecated `SSLv23_method()` * Fix one missed conversion to `SSL_CIPHER_get_id()` --- configure.ac | 1 + src/common/tortls.c | 11 ++++++++++- 2 files changed, 11 insertions(+), 1 deletion(-) diff --git a/configure.ac b/configure.ac index ab96c20..b8ca188 100644 --- a/configure.ac +++ b/configure.ac @@ -640,6 +640,7 @@ AC_CHECK_FUNCS([ \ SSL_get_client_ciphers \ SSL_get_client_random \ SSL_CIPHER_find \ + TLS_method ]) LIBS="$save_LIBS" LDFLAGS="$save_LDFLAGS" diff --git a/src/common/tortls.c b/src/common/tortls.c index deeee5f..1812e3f 100644 --- a/src/common/tortls.c +++ b/src/common/tortls.c @@ -1252,8 +1252,13 @@ tor_tls_context_new(crypto_pk_t *identity, unsigned int key_lifetime, #endif /* Tell OpenSSL to use TLS 1.0 or later but not SSL2 or SSL3. */ +#ifdef HAVE_TLS_METHOD + if (!(result->ctx = SSL_CTX_new(TLS_method()))) + goto error; +#else if (!(result->ctx = SSL_CTX_new(SSLv23_method()))) goto error; +#endif SSL_CTX_set_options(result->ctx, SSL_OP_NO_SSLv2); SSL_CTX_set_options(result->ctx, SSL_OP_NO_SSLv3); @@ -1497,7 +1502,7 @@ find_cipher_by_id(const SSL *ssl, const SSL_METHOD *m, uint16_t cipher) * cipher with the appropriate 3 bytes. */ c = SSL_CIPHER_find((SSL*)ssl, cipherid); if (c) - tor_assert((c->id & 0xffff) == cipher); + tor_assert((SSL_CIPHER_get_id(c) & 0xffff) == cipher); return c != NULL; } #elif defined(HAVE_STRUCT_SSL_METHOD_ST_GET_CIPHER_BY_CHAR) @@ -1540,7 +1545,11 @@ static void prune_v2_cipher_list(const SSL *ssl) { uint16_t *inp, *outp; +#ifdef HAVE_TLS_METHOD + const SSL_METHOD *m = TLS_method(); +#else const SSL_METHOD *m = SSLv23_method(); +#endif inp = outp = v2_cipher_list; while (*inp) {

1 0