November 2016 - tor-commits - lists.torproject.org

[orbot/master] update changelog for RC4
by n8fr8＠torproject.org 03 Nov '16

03 Nov '16

commit 204b3f0441f66b22146bf019c583adb9fea6c74e Author: Nathan Freitas <nathan(a)freitas.net> Date: Thu Nov 3 12:24:12 2016 -0400 update changelog for RC4 --- CHANGELOG | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/CHANGELOG b/CHANGELOG index 5a7dd19..0c46df3 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -1,5 +1,18 @@ NOTE: Specific #s below correspond to Trac tickets logged and maintained at https://trac.torproject.org/projects/tor/ +/** 15.2.0 RC 4 / 3 November 2016 / 6b2679cac16782a7a36a79f90f2dd0d8e330742f **/ + +89f3fca make sure the binaries are cleanly installed (bump version number) +f5f544c update to latest badvpn for new torservice package +f21f14b make sure tun2socks is loaded properly +460f365 make sure Tun2Socks native library gets loaded +5927fb0 update the build to target all arm types +5ac21be use PIEFLAGS +0050bfe update JNI targets +1ae0c71 fixes github #59 for crash on app list UI +e9ece47 update gitignore to ignore binaries +37cd024 don't need to store this binary in the repo + /** 15.2.0 RC 3 / 2 November 2016 / 354ce24283790ef72601d3a512e2d16f34aeba91 **/ 41c9d2c lock in app item list row height

1 0

[torbutton/master] Bug 20414.1: Strings for 2016 Tor Browser donation banner
by gk＠torproject.org 03 Nov '16

03 Nov '16

commit 269031f7aba449312189f73753e616fb82e5af48 Author: Arthur Edelstein <arthuredelstein(a)gmail.com> Date: Fri Oct 28 12:49:15 2016 -0700 Bug 20414.1: Strings for 2016 Tor Browser donation banner --- src/chrome/locale/en/aboutTor.properties | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/src/chrome/locale/en/aboutTor.properties b/src/chrome/locale/en/aboutTor.properties index d607324..76192f4 100644 --- a/src/chrome/locale/en/aboutTor.properties +++ b/src/chrome/locale/en/aboutTor.properties @@ -19,3 +19,10 @@ aboutTor.searchDC.privacy=Search <a href="%1$S">securely</a> with <a href="%2$S" aboutTor.searchDC.privacy.link=https://disconnect.me/privacy # The following string is a link which replaces %2$S above. aboutTor.searchDC.search.link=https://search.disconnect.me/ + +aboutTor.donationBanner.donate=Donate Now! +aboutTor.donationBanner.heart=Tor is at the heart of Internet freedom +aboutTor.donationBanner.tagline1=Millions of People Depend on Tor for Online Security & Privacy +aboutTor.donationBanner.tagline2=A Network of People Protecting People +aboutTor.donationBanner.tagline3=Surveillance = Oppression +aboutTor.donationBanner.tagline4=Protecting Journalists, Activists & Whistleblowers Since 2006

1 0

[tor/master] Fix two warnings in test_link_handshake.c
by nickm＠torproject.org 03 Nov '16

03 Nov '16

commit 409984c6ae6b28b7f37aba3b137a37a069c65056 Author: Nick Mathewson <nickm(a)torproject.org> Date: Thu Nov 3 11:16:06 2016 -0400 Fix two warnings in test_link_handshake.c One is fixed by disabling the -Wredundant-decls warnings around openssl headers here, because of the old double-declaration of SSL_get_selected_srtp_profile(). One is fixed by including compat.h before or.h so that we get the winsock2.h include before the windows.h include. --- src/test/test_link_handshake.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/src/test/test_link_handshake.c b/src/test/test_link_handshake.c index 5273f33..9899e54 100644 --- a/src/test/test_link_handshake.c +++ b/src/test/test_link_handshake.c @@ -7,8 +7,16 @@ #define CONNECTION_PRIVATE #define TOR_CHANNEL_INTERNAL_ #define TORTLS_PRIVATE + +#include "compat.h" + +/* Some versions of OpenSSL declare SSL_get_selected_srtp_profile twice in + * srtp.h. Suppress the GCC warning so we can build with -Wredundant-decl. */ +DISABLE_GCC_WARNING(redundant-decls) #include <openssl/x509.h> #include <openssl/ssl.h> +ENABLE_GCC_WARNING(redundant-decls) + #include "or.h" #include "config.h" #include "connection.h"

1 0

[tor/master] Work around a behavior change in openssl's BUF_MEM code
by nickm＠torproject.org 03 Nov '16

03 Nov '16

commit 9b18b215bb34c4df1b94dec218c68a532c341e26 Author: Nick Mathewson <nickm(a)torproject.org> Date: Thu Nov 3 10:46:27 2016 -0400 Work around a behavior change in openssl's BUF_MEM code In our code to write public keys to a string, for some unfathomable reason since 253f0f160e1185c, we would allocate a memory BIO, then set the NOCLOSE flag on it, extract its memory buffer, and free it. Then a little while later we'd free the memory buffer with BUF_MEM_free(). As of openssl 1.1 this doesn't work any more, since there is now a BIO_BUF_MEM structure that wraps the BUF_MEM structure. This BIO_BUF_MEM doesn't get freed in our code. So, we had a memory leak! Is this an openssl bug? Maybe. But our code was already pretty silly. Why mess around with the NOCLOSE flag here when we can just keep the BIO object around until we don't need the buffer any more? Fixes bug 20553; bugfix on 0.0.2pre8 --- changes/bug20553 | 3 +++ src/common/crypto.c | 5 ++--- src/tools/tor-gencert.c | 5 ++--- 3 files changed, 7 insertions(+), 6 deletions(-) diff --git a/changes/bug20553 b/changes/bug20553 new file mode 100644 index 0000000..12a2780 --- /dev/null +++ b/changes/bug20553 @@ -0,0 +1,3 @@ + o Minor bugfixes (memory leak): + - Work around a memory leak in OpenSSL 1.1 when encoding public keys. + Fixes bug 20553; bugfix on 0.0.2pre8. diff --git a/src/common/crypto.c b/src/common/crypto.c index 2b96324..c5d07df 100644 --- a/src/common/crypto.c +++ b/src/common/crypto.c @@ -755,14 +755,13 @@ crypto_pk_write_key_to_string_impl(crypto_pk_t *env, char **dest, } BIO_get_mem_ptr(b, &buf); - (void)BIO_set_close(b, BIO_NOCLOSE); /* so BIO_free doesn't free buf */ - BIO_free(b); *dest = tor_malloc(buf->length+1); memcpy(*dest, buf->data, buf->length); (*dest)[buf->length] = 0; /* nul terminate it */ *len = buf->length; - BUF_MEM_free(buf); + + BIO_free(b); return 0; } diff --git a/src/tools/tor-gencert.c b/src/tools/tor-gencert.c index 5f2cd3a..ed6c066 100644 --- a/src/tools/tor-gencert.c +++ b/src/tools/tor-gencert.c @@ -429,12 +429,11 @@ key_to_string(EVP_PKEY *key) } BIO_get_mem_ptr(b, &buf); - (void) BIO_set_close(b, BIO_NOCLOSE); - BIO_free(b); result = tor_malloc(buf->length + 1); memcpy(result, buf->data, buf->length); result[buf->length] = 0; - BUF_MEM_free(buf); + + BIO_free(b); RSA_free(rsa); return result;

1 0

[tor/master] Merge branch 'bug20553_028'
by nickm＠torproject.org 03 Nov '16

03 Nov '16

commit 957bdc4a42eca62f0c2d687fe13db7de56c5cb7b Merge: 1eef543 9b18b21 Author: Nick Mathewson <nickm(a)torproject.org> Date: Thu Nov 3 10:52:21 2016 -0400 Merge branch 'bug20553_028' changes/bug20553 | 3 +++ src/common/crypto.c | 5 ++--- src/tools/tor-gencert.c | 5 ++--- 3 files changed, 7 insertions(+), 6 deletions(-)

1 0

[tor/master] Use explicit casts to avoid warnings when building with openssl 1.1
by nickm＠torproject.org 03 Nov '16

03 Nov '16

commit 464783a8dcc337c103801b8c551d1331baec1e9c Author: Nick Mathewson <nickm(a)torproject.org> Date: Thu Nov 3 09:35:41 2016 -0400 Use explicit casts to avoid warnings when building with openssl 1.1 fixes bug 20551; bugfix on 0.2.1.1-alpha --- changes/bug20551 | 3 +++ src/common/tortls.c | 8 ++++---- 2 files changed, 7 insertions(+), 4 deletions(-) diff --git a/changes/bug20551 b/changes/bug20551 new file mode 100644 index 0000000..1e0746b --- /dev/null +++ b/changes/bug20551 @@ -0,0 +1,3 @@ + o Minor bugfixes (compilation); + - Fix implicit conversion warnings under OpenSSL 1.1. + Fixes bug 20551; bugfix on 0.2.1.1-alpha. diff --git a/src/common/tortls.c b/src/common/tortls.c index 9507bb7..89ad6af 100644 --- a/src/common/tortls.c +++ b/src/common/tortls.c @@ -1656,8 +1656,8 @@ tor_tls_new(int sock, int isServer) result->state = TOR_TLS_ST_HANDSHAKE; result->isServer = isServer; result->wantwrite_n = 0; - result->last_write_count = BIO_number_written(bio); - result->last_read_count = BIO_number_read(bio); + result->last_write_count = (unsigned long) BIO_number_written(bio); + result->last_read_count = (unsigned long) BIO_number_read(bio); if (result->last_write_count || result->last_read_count) { log_warn(LD_NET, "Newly created BIO has read count %lu, write count %lu", result->last_read_count, result->last_write_count); @@ -2271,7 +2271,7 @@ tor_tls_get_n_raw_bytes(tor_tls_t *tls, size_t *n_read, size_t *n_written) { BIO *wbio, *tmpbio; unsigned long r, w; - r = BIO_number_read(SSL_get_rbio(tls->ssl)); + r = (unsigned long) BIO_number_read(SSL_get_rbio(tls->ssl)); /* We want the number of bytes actually for real written. Unfortunately, * sometimes OpenSSL replaces the wbio on tls->ssl with a buffering bio, * which makes the answer turn out wrong. Let's cope with that. Note @@ -2292,7 +2292,7 @@ tor_tls_get_n_raw_bytes(tor_tls_t *tls, size_t *n_read, size_t *n_written) if (wbio->method == BIO_f_buffer() && (tmpbio = BIO_next(wbio)) != NULL) wbio = tmpbio; #endif - w = BIO_number_written(wbio); + w = (unsigned long) BIO_number_written(wbio); /* We are ok with letting these unsigned ints go "negative" here: * If we wrapped around, this should still give us the right answer, unless

1 0

[tor/master] Merge branch 'bug20551_028'
by nickm＠torproject.org 03 Nov '16

03 Nov '16

commit 1eef543f9d9cde9754897047fb51ac7307b9827a Merge: 32854ae 464783a Author: Nick Mathewson <nickm(a)torproject.org> Date: Thu Nov 3 09:37:44 2016 -0400 Merge branch 'bug20551_028' changes/bug20551 | 3 +++ src/common/tortls.c | 8 ++++---- 2 files changed, 7 insertions(+), 4 deletions(-)

1 0

[tor-launcher/maint-0.2.9] Bug 19646: Mac OS: wrong location for meek browser profile
by gk＠torproject.org 03 Nov '16

03 Nov '16

commit 0082643cd0b88f34cb56501b6631307616b8cc1d Author: Kathy Brade <brade(a)pearlcrescent.com> Date: Wed Nov 2 11:41:12 2016 -0400 Bug 19646: Mac OS: wrong location for meek browser profile Set an TOR_BROWSER_TOR_DATA_DIR environment variable before starting tor. meek-client-torbrowser uses this on OSX to determine the location of the meek browser profile. --- src/components/tl-process.js | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/src/components/tl-process.js b/src/components/tl-process.js index 403bc56..a91059b 100644 --- a/src/components/tl-process.js +++ b/src/components/tl-process.js @@ -417,13 +417,18 @@ TorProcessService.prototype = args.push("1"); } + // Set an environment variable that points to the Tor data directory. + // This is used by meek-client-torbrowser to find the location for + // the meek browser profile. + let env = Cc["@mozilla.org/process/environment;1"] + .getService(Ci.nsIEnvironment); + env.set("TOR_BROWSER_TOR_DATA_DIR", dataDir.path); + // On Windows, prepend the Tor program directory to PATH. This is // needed so that pluggable transports can find OpenSSL DLLs, etc. // See https://trac.torproject.org/projects/tor/ticket/10845 if (TorLauncherUtil.isWindows) { - var env = Cc["@mozilla.org/process/environment;1"] - .getService(Ci.nsIEnvironment); var path = exeFile.parent.path; if (env.exists("PATH")) path += ";" + env.get("PATH");

1 0

[tor-launcher/maint-0.2.10] Bug 19646: Mac OS: wrong location for meek browser profile
by gk＠torproject.org 03 Nov '16

03 Nov '16

commit 4eee281bf774f8cf4f2d8a2549573b7a89f72407 Author: Kathy Brade <brade(a)pearlcrescent.com> Date: Wed Nov 2 11:41:12 2016 -0400 Bug 19646: Mac OS: wrong location for meek browser profile Set an TOR_BROWSER_TOR_DATA_DIR environment variable before starting tor. meek-client-torbrowser uses this on OSX to determine the location of the meek browser profile. --- src/components/tl-process.js | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/src/components/tl-process.js b/src/components/tl-process.js index 777a253..717c338 100644 --- a/src/components/tl-process.js +++ b/src/components/tl-process.js @@ -449,13 +449,18 @@ TorProcessService.prototype = args.push("1"); } + // Set an environment variable that points to the Tor data directory. + // This is used by meek-client-torbrowser to find the location for + // the meek browser profile. + let env = Cc["@mozilla.org/process/environment;1"] + .getService(Ci.nsIEnvironment); + env.set("TOR_BROWSER_TOR_DATA_DIR", dataDir.path); + // On Windows, prepend the Tor program directory to PATH. This is // needed so that pluggable transports can find OpenSSL DLLs, etc. // See https://trac.torproject.org/projects/tor/ticket/10845 if (TorLauncherUtil.isWindows) { - var env = Cc["@mozilla.org/process/environment;1"] - .getService(Ci.nsIEnvironment); var path = exeFile.parent.path; if (env.exists("PATH")) path += ";" + env.get("PATH");

1 0

[tor-launcher/master] Bug 19646: Mac OS: wrong location for meek browser profile
by gk＠torproject.org 03 Nov '16

03 Nov '16

commit 5ac452d86f93ee15ba3722afc606be862e8f3686 Author: Kathy Brade <brade(a)pearlcrescent.com> Date: Wed Nov 2 11:41:12 2016 -0400 Bug 19646: Mac OS: wrong location for meek browser profile Set an TOR_BROWSER_TOR_DATA_DIR environment variable before starting tor. meek-client-torbrowser uses this on OSX to determine the location of the meek browser profile. --- src/components/tl-process.js | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/src/components/tl-process.js b/src/components/tl-process.js index de71d45..3284049 100644 --- a/src/components/tl-process.js +++ b/src/components/tl-process.js @@ -445,13 +445,18 @@ TorProcessService.prototype = args.push("1"); } + // Set an environment variable that points to the Tor data directory. + // This is used by meek-client-torbrowser to find the location for + // the meek browser profile. + let env = Cc["@mozilla.org/process/environment;1"] + .getService(Ci.nsIEnvironment); + env.set("TOR_BROWSER_TOR_DATA_DIR", dataDir.path); + // On Windows, prepend the Tor program directory to PATH. This is // needed so that pluggable transports can find OpenSSL DLLs, etc. // See https://trac.torproject.org/projects/tor/ticket/10845 if (TorLauncherUtil.isWindows) { - var env = Cc["@mozilla.org/process/environment;1"] - .getService(Ci.nsIEnvironment); var path = exeFile.parent.path; if (env.exists("PATH")) path += ";" + env.get("PATH");

1 0