December 2016 - tor-commits - lists.torproject.org

[tor-browser-bundle/master] Folding in stable and hardened changelogs
by gk＠torproject.org 02 Dec '16

02 Dec '16

commit 6bb0662bc1716438f5919c128ee24086544eec80 Author: Georg Koppen <gk(a)torproject.org> Date: Fri Dec 2 11:11:39 2016 +0000 Folding in stable and hardened changelogs --- Bundle-Data/Docs/ChangeLog.txt | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/Bundle-Data/Docs/ChangeLog.txt b/Bundle-Data/Docs/ChangeLog.txt index 38c27ef..ada0d52 100644 --- a/Bundle-Data/Docs/ChangeLog.txt +++ b/Bundle-Data/Docs/ChangeLog.txt @@ -1,3 +1,10 @@ +Tor Browser 6.5a5-hardened -- December 1 2016 + * All Platforms + * Update Firefox to 45.5.1esr + * Update NoScript to 2.9.5.2 + * Linux + * Bug 20691: Updater breaks if unix domain sockets are used + Tor Browser 6.5a5 -- December 1 2016 * All Platforms * Update Firefox to 45.5.1esr @@ -5,6 +12,11 @@ Tor Browser 6.5a5 -- December 1 2016 * Linux * Bug 20691: Updater breaks if unix domain sockets are used +Tor Browser 6.0.7 -- November 30 2016 + * All Platforms + * Update Firefox to 45.5.1esr + * Update NoScript to 2.9.5.2 + Tor Browser 6.5a4-hardened -- November 16 2016 * All Platforms * Update Firefox to 45.5.0esr

1 0

[sandboxed-tor-browser/master] fixup! Bug #20858: Make OpenGL work in the container with SW rendering.
by yawning＠torproject.org 02 Dec '16

02 Dec '16

commit f43c7ae0233b6ce9a38e768283a2d01bf3ebd481 Author: Yawning Angel <yawning(a)schwanenlied.me> Date: Fri Dec 2 09:47:17 2016 +0000 fixup! Bug #20858: Make OpenGL work in the container with SW rendering. i386 systems require waitpid() to be whitelisted for the firefox GLX test child process. --- data/torbrowser-launcher-whitelist-extras-i386.seccomp | 2 ++ 1 file changed, 2 insertions(+) diff --git a/data/torbrowser-launcher-whitelist-extras-i386.seccomp b/data/torbrowser-launcher-whitelist-extras-i386.seccomp index cf3d565..d00383f 100644 --- a/data/torbrowser-launcher-whitelist-extras-i386.seccomp +++ b/data/torbrowser-launcher-whitelist-extras-i386.seccomp @@ -15,3 +15,5 @@ set_thread_area: 1 recv: 1 send: 1 socketcall: 1 + +waitpid: 1

1 0

[sandboxed-tor-browser/master] Bug #20858: Make OpenGL work in the container with SW rendering.
by yawning＠torproject.org 02 Dec '16

02 Dec '16

commit a1c6e6063e7d912fd069c8ad5ee08797be521521 Author: Yawning Angel <yawning(a)schwanenlied.me> Date: Fri Dec 2 08:53:19 2016 +0000 Bug #20858: Make OpenGL work in the container with SW rendering. Tested and works on Debian x86_64, Fedora 25. Software rendering with unsandboxed TBB is busted on my Arch system. --- .../internal/sandbox/application.go | 46 +++++++++++++++++++--- 1 file changed, 40 insertions(+), 6 deletions(-) diff --git a/src/cmd/sandboxed-tor-browser/internal/sandbox/application.go b/src/cmd/sandboxed-tor-browser/internal/sandbox/application.go index f04e572..6ce948e 100644 --- a/src/cmd/sandboxed-tor-browser/internal/sandbox/application.go +++ b/src/cmd/sandboxed-tor-browser/internal/sandbox/application.go @@ -172,6 +172,9 @@ func RunTorBrowser(cfg *config.Config, manif *config.Manifest, tor *tor.Tor) (cm h.bind(tor.SocksSurrogatePath(), socksPath, false) h.assetFile(stubPath, "tbb_stub.so") + // Hardware accelerated OpenGL will not work, and never will. + h.setenv("LIBGL_ALWAYS_SOFTWARE", "1") + // Tor Browser currently is incompatible with PaX MPROTECT, apply the // override if needed. realFirefoxPath := filepath.Join(realBrowserHome, "firefox") @@ -210,10 +213,15 @@ func RunTorBrowser(cfg *config.Config, manif *config.Manifest, tor *tor.Tor) (cm // "libc.so", - Uhhhhh.... wtf? // "libcanberra.so.0", - Not ubiquitous. } + + glExtraLibs, glLibPaths := h.appendRestrictedOpenGL() + extraLibs = append(extraLibs, glExtraLibs...) + ldLibraryPath = ldLibraryPath + glLibPaths + if cfg.Sandbox.EnablePulseAudio && pulseAudioWorks { const libPulse = "libpulse.so.0" - paLibsPath := findDistributionDependentLibs("", "pulseaudio") + paLibsPath := findDistributionDependentLibs(nil, "", "pulseaudio") if paLibsPath != "" && cache.GetLibraryPath(libPulse) != "" { const restrictedPulseDir = "/usr/lib/pulseaudio" @@ -539,8 +547,12 @@ func newConsoleLogger(prefix string) *consoleLogger { return l } -func findDistributionDependentLibs(subDir, fn string) string { - for _, base := range distributionDependentLibSearchPath { +func findDistributionDependentLibs(extraSearch []string, subDir, fn string) string { + var searchPaths []string + searchPaths = append(searchPaths, extraSearch...) + searchPaths = append(searchPaths, distributionDependentLibSearchPath...) + + for _, base := range searchPaths { candidate := filepath.Join(base, subDir, fn) if FileExists(candidate) { return candidate @@ -549,6 +561,28 @@ func findDistributionDependentLibs(subDir, fn string) string { return "" } +func (h *hugbox) appendRestrictedOpenGL() ([]string, string) { + const ( + archXorgDir = "/usr/lib/xorg/modules" + swrastDri = "swrast_dri.so" + ) + + swrastPath := findDistributionDependentLibs([]string{archXorgDir}, "dri", swrastDri) + if swrastPath != "" { + // Debian needs libGL.so.1 explicitly specified. + retLibs := []string{swrastDri, "libGL.so.1"} + + driDir, _ := filepath.Split(swrastPath) + restrictedDriDir := filepath.Join(restrictedLibDir, "dri") + h.roBind(swrastPath, filepath.Join(restrictedDriDir, swrastDri), false) + h.setenv("LIBGL_DRIVERS_PATH", restrictedDriDir) + + return retLibs, ":" + driDir + } + + return nil, "" +} + func (h *hugbox) appendRestrictedGtk2() ([]string, string, error) { const ( libAdwaita = "libadwaita.so" @@ -567,7 +601,7 @@ func (h *hugbox) appendRestrictedGtk2() ([]string, string, error) { // Figure out where the system keeps the Gtk+-2.0 theme libraries, // and bind mount in Adwaita and Pixmap. - adwaitaPath := findDistributionDependentLibs(engineSubDir, libAdwaita) + adwaitaPath := findDistributionDependentLibs(nil, engineSubDir, libAdwaita) if adwaitaPath != "" { gtkEngineDir, _ := filepath.Split(adwaitaPath) normGtkEngineDir := filepath.Join(restrictedLibDir, "gtk-2.0", "2.10.0", "engines") @@ -583,7 +617,7 @@ func (h *hugbox) appendRestrictedGtk2() ([]string, string, error) { // Figure out where the system keeps the Gtk+-2.0 print backends, // and bind mount in the file one. - printFilePath := findDistributionDependentLibs(printSubDir, libPrintFile) + printFilePath := findDistributionDependentLibs(nil, printSubDir, libPrintFile) if printFilePath != "" { gtkPrintDir, _ := filepath.Split(printFilePath) normGtkPrintDir := filepath.Join(restrictedLibDir, "gtk-2.0", "2.10.0", "printbackends") @@ -603,7 +637,7 @@ func (h *hugbox) appendRestrictedGtk2() ([]string, string, error) { // Figure out if the system gdk-pixbuf-2.0 needs loaders for common // file formats. Arch and Fedora 25 do not. Debian does. As far as // I can tell, the only file format we actually care about is PNG. - pngLoaderPath := findDistributionDependentLibs(gdkSubDir, libPngLoader) + pngLoaderPath := findDistributionDependentLibs(nil, gdkSubDir, libPngLoader) if pngLoaderPath != "" { loaderDir, _ := filepath.Split(pngLoaderPath) normGdkPath := filepath.Join(restrictedLibDir, "gdk-pixbuf-2.0", "2.10.0")

1 0

[webwml/master] Add new Tor Browser alphas (6.5a5)
by gk＠torproject.org 02 Dec '16

02 Dec '16

commit f0af2274cb4b4fb9fcba1cd1b5c2343d8d9a446f Author: Georg Koppen <gk(a)torproject.org> Date: Fri Dec 2 07:49:01 2016 +0000 Add new Tor Browser alphas (6.5a5) --- include/versions.wmi | 18 +++++++++--------- projects/torbrowser/RecommendedTBBVersions | 8 +++++++- 2 files changed, 16 insertions(+), 10 deletions(-) diff --git a/include/versions.wmi b/include/versions.wmi index c1a5208..73cae23 100644 --- a/include/versions.wmi +++ b/include/versions.wmi @@ -5,28 +5,28 @@ <define-tag version-torbrowserdevelopbranch whitespace=delete>maint-6.0</define-tag> <define-tag version-torbrowserbundledir whitespace=delete>6.0.7</define-tag> -<define-tag version-torbrowserbundlebetadir whitespace=delete>6.5a4</define-tag> +<define-tag version-torbrowserbundlebetadir whitespace=delete>6.5a5</define-tag> <define-tag version-torbrowserbundle whitespace=delete>6.0.7</define-tag> <define-tag releasedate-torbrowserbundle whitespace=delete>2016-11-30</define-tag> -<define-tag version-torbrowserbundlebeta whitespace=delete>6.5a4</define-tag> -<define-tag releasedate-torbrowserbundlebeta whitespace=delete>2016-11-16</define-tag> +<define-tag version-torbrowserbundlebeta whitespace=delete>6.5a5</define-tag> +<define-tag releasedate-torbrowserbundlebeta whitespace=delete>2016-12-1</define-tag> <define-tag version-torbrowserbundlelinux32 whitespace=delete>6.0.7</define-tag> <define-tag releasedate-torbrowserbundlelinux32 whitespace=delete>2016-11-30</define-tag> <define-tag version-torbrowserbundlelinux64 whitespace=delete>6.0.7</define-tag> <define-tag releasedate-torbrowserbundlelinux64 whitespace=delete>2016-11-30</define-tag> -<define-tag version-torbrowserbundlelinux32beta whitespace=delete>6.5a4</define-tag> -<define-tag releasedate-torbrowserbundlelinux32beta whitespace=delete>2016-11-16</define-tag> -<define-tag version-torbrowserbundlelinux64beta whitespace=delete>6.5a4</define-tag> -<define-tag releasedate-torbrowserbundlelinux64beta whitespace=delete>2016-11-16</define-tag> +<define-tag version-torbrowserbundlelinux32beta whitespace=delete>6.5a5</define-tag> +<define-tag releasedate-torbrowserbundlelinux32beta whitespace=delete>2016-12-1</define-tag> +<define-tag version-torbrowserbundlelinux64beta whitespace=delete>6.5a5</define-tag> +<define-tag releasedate-torbrowserbundlelinux64beta whitespace=delete>2016-12-1</define-tag> <define-tag version-torbrowserbundleosx32 whitespace=delete>6.0.7</define-tag> <define-tag releasedate-torbrowserbundleosx32 whitespace=delete>2016-11-30</define-tag> <define-tag version-torbrowserbundleosx64 whitespace=delete>6.0.7</define-tag> <define-tag releasedate-torbrowserbundleosx64 whitespace=delete>2016-11-30</define-tag> -<define-tag version-torbrowserbundleosx64beta whitespace=delete>6.5a4</define-tag> -<define-tag releasedate-torbrowserbundleosx64beta whitespace=delete>2016-11-16</define-tag> +<define-tag version-torbrowserbundleosx64beta whitespace=delete>6.5a5</define-tag> +<define-tag releasedate-torbrowserbundleosx64beta whitespace=delete>2016-12-1</define-tag> <define-tag package-win32-stable whitespace=delete>../dist/torbrowser/<version-torbrowserbundledir>/tor-win32-<version-win32-stable>.zip</define-tag> diff --git a/projects/torbrowser/RecommendedTBBVersions b/projects/torbrowser/RecommendedTBBVersions index 22a5328..50feb9c 100644 --- a/projects/torbrowser/RecommendedTBBVersions +++ b/projects/torbrowser/RecommendedTBBVersions @@ -8,5 +8,11 @@ "6.5a4-MacOS", "6.5a4-Windows", "6.5a4-hardened", -"6.5a4-hardened-Linux" +"6.5a4-hardened-Linux", +"6.5a5", +"6.5a5-Linux", +"6.5a5-MacOS", +"6.5a5-Windows", +"6.5a5-hardened", +"6.5a5-hardened-Linux" ]

1 0

[sandboxed-tor-browser/master] Shutdown the old tor prior to installing the update.
by yawning＠torproject.org 02 Dec '16

02 Dec '16

commit 9a621397c46cbbc96bec85e129e53efb3521a1c1 Author: Yawning Angel <yawning(a)schwanenlied.me> Date: Fri Dec 2 06:50:45 2016 +0000 Shutdown the old tor prior to installing the update. --- src/cmd/sandboxed-tor-browser/internal/ui/install.go | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/src/cmd/sandboxed-tor-browser/internal/ui/install.go b/src/cmd/sandboxed-tor-browser/internal/ui/install.go index e8858b4..2ab7464 100644 --- a/src/cmd/sandboxed-tor-browser/internal/ui/install.go +++ b/src/cmd/sandboxed-tor-browser/internal/ui/install.go @@ -272,6 +272,13 @@ func (c *Common) doUpdate(async *Async, dialFn dialFunc) { return } + // Shutdown the old tor now. + if c.tor != nil { + log.Printf("update: Shutting down old tor.") + c.tor.Shutdown() + c.tor = nil + } + // Apply the update. log.Printf("update: Updating Tor Browser.") async.UpdateProgress("Updating Tor Browser.")

1 0

[sandboxed-tor-browser/master] Remove the old and out of date `doc/Architecture.txt` file.
by yawning＠torproject.org 02 Dec '16

02 Dec '16

commit f634e86cf37328389d2176dbe084065012954381 Author: Yawning Angel <yawning(a)schwanenlied.me> Date: Fri Dec 2 05:30:01 2016 +0000 Remove the old and out of date `doc/Architecture.txt` file. Better documentation is at: https://trac.torproject.org/projects/tor/wiki/doc/TorBrowser/Sandbox/Linux --- doc/Architecture.txt | 160 --------------------------------------------------- 1 file changed, 160 deletions(-) diff --git a/doc/Architecture.txt b/doc/Architecture.txt deleted file mode 100644 index 0a5c789..0000000 --- a/doc/Architecture.txt +++ /dev/null @@ -1,160 +0,0 @@ -sandboxed-tor-browser Architecture And Design -Yawning Angel (yawning at schwanenlied dot me) - -[Note: This started out as part of an e-mail thread with the Tor Browser - developers.] - -Design requirements: - - * Modern Linux kernels without USER_NS support MUST be capable of - supporting the sandboxed tor browser (basically, use bubblewrap - since it's less of a monstrosity than firejail is, both require - SUID root or additional capabilities for this use model which - complicates the installation process, but that's an orthogonal - issue). - - bubblewrap packages are available for Debian and Ubuntu which probably - covers the bulk of the user-base, though I am doing development on - neither. - - * Proxy bypass MUST BE impossible without a sandbox escape, even if - the adversary gets RCE capability. This is harder than it appears, - and influences a few other thoughts. - - * The firefox process's write access to the filesystem MUST be limited - to the user preferences, download directory and the bookmarks. The - firefox process's read access to the filesystem SHOULD be limited to - the Tor Browser bundle installation directory. - - There is a UX tradeoff here in that, without access to at least the - user's home directory, uploading things is difficult, but there's a - lot of data a potentially malicious firefox executable can get at - if it can read from the entire home directory. - - * The firefox process MUST NOT be responsible for launching the tor - instance. The tor process MUST live in a separate sandbox, with no - access to user data (ie: tor MUST only be able to see - Browser/Tor-Browser/Data). - - * The firefox process MUST NOT be responsible for updating Tor Browser. - The downloads MUST be fetched over tor, and a more permissive - sandbox spawned to handle updating. - - * I have no idea how to handle meek, I sort of don't care for the - 0.0.1 non-shit sandbox implementation. Something to keep in mind. - - * Audio is a mess. If the host system has PulseAudio, it can optionally be - exposed in the sandbox, but that is another attack vector. - - * This really needs Wayland, because the X11 security model is a - shitfest of total fail, and "firefox owned the X server and got out" - is a distinct possibility. - -Design: - -sandboxed-tor-browser is a Go application that handles: - - * Downloading and installing Tor Browser. - - * Fetches and installs the latest Tor Browser over Tor, or the normal - internet, depending on of Tor is already running as a system service. - * The TLS cert for the download metadata fetch (`downloads.json`) is - validated via static HPKP pins. The actual downloads can come from - anywhere (allowing the possibility for CDNs/mirrors). - * Validates the PGP signature with a hard coded copy of the PGP key. - - * Running a sandboxed instance of the tor daemon. - - * Launches the bundle's tor daemon inside a sandbox. - * A seccomp whitelist is used unless pluggable transports are enabled, in - which case a blacklist is used. - * This process has full network access, but an extremely limited view into - the host filesystem. - * For the initial release only pluggable transports supported by obfs4proxy - are enabled. - * Libraries are handled in a similar manner to how they are for the firefox - container (as in, only what is needed, nothing more). - - * Updating Tor Browser. - - * Version check over Tor on launch. Static HPKP pins are used to ensure - the remote update metadata server is trusted. - * Download MAR format updates over Tor. - * Validates the MAR signature with hard coded copies of the MAR signing - key(s). - * Apply the MAR updates using the `updater` excutable shipped with Tor, - supporting both incremental and complete updates. This process is in a - sandbox that does not allow external network access at all. - - * Run a sandboxed instance of Tor Browser. - - * A LD_PRELOAD stub is used to force firefox to use AF_LOCAL sockets for - the control and SOCKS ports, and to work around certain Firefox quirks - and bugs. - * Uses bubblewrap to instantiate a Linux container. - * seccomp2 system call filter, with whitelist/blacklist format that is - compatible with Subgraph. - * Separate PID table, mount table, etc. - * No external communication except via stdio, and path based AF_LOCAL - sockets. - * Normalized hostname, `/etc/passwd`, `/etc/group`, D-bus machine ID. - * Limited view of the host filesystem, all directories read-only unless - * otherwise specified. The sandboxed filesystem layout is normalized - as much as possible. - * System libraries are explcitly bind mounted into the container in - standardized locations to reduce attack surface and to make it hard - to use the installed libraries to gain much insight into the host - system. This is accomplished via reading the ELF dynamic section of - the binary to be executed, and then mounting a breadth-first-search - with the assistance of the `/etc/ld.so.cache` file. - * Gtk Theme related directories. - * The X11 AF_LOCAL socket. - * (Optionally) The PulseAudio socket. - * The browser directory. - * The browser caches directory (read/write, might be removed). - * The browser profile directory (read/write, extensions sub-dir - read-only unless overriden by the user). - * The browser downloads directory (read/write) - * The browser desktop directory (read/write) - * A runtime directory. - * A surrogate control port that gives "fake" responses to Tor - Browser. The bare minimum to get a fully functional circuit - display is implemented, and the surrogate ensures that responses - are filtered appropriately so that Tor Browser never sees streams - or circuits that it is not responsible for. - * A re-dispatching SOCKS proxy, required to identify which streams - and circuits should be visible to the control port surrogate. - -Sandbox weaknesses: - -Basically sandbox escape should require one of a kernel exploit, display server -exploit, or Tor SOCKS port based exploit in addition to the Firefox exploit, so -from a security standpoint things are vastly improved. - - * (Security, Privacy) X11 is a huge mess of utter fail, especially - considering the sandboxed processes get direct access to the host X server. - - * Vector for sandbox escape or exploits. - * X processes can easily become display server wide keyloggers and other - things that threaten user privacy. - * Certain applications set X root window properties that leak information - about the host system (eg: PulseAudio). - - Using a nested X solution such as Xephyr "just works", so that's a way to - mitigate this for those that want that. - - * (Security, Privacy) If the user opts to enable PulseAudio support, it opens - up another attack vector for exploits, government ultrasonic mind control, - the browser acting as a listening device, and etc. - - * (Security, Privacy) Firefox requires a `/proc` filesystem, which contains more - information than it should have access to. - - * (Security) The Firefox process can write bad things to the profile - directory if it choses to do so. - - * (Privacy) The Firefox process still can access the network over Tor to - exfiltrate data. - - * (Privacy) While the user name is re-written in the sandbox to - `amnesia`, the UID/GID are not.

1 0

[translation/torbutton-abouttorproperties_completed] Update translations for torbutton-abouttorproperties_completed
by translation＠torproject.org 02 Dec '16

02 Dec '16

commit 8794b87a90ab6f66d129caf6460661eca3bb7111 Author: Translation commit bot <translation(a)torproject.org> Date: Thu Dec 1 23:17:14 2016 +0000 Update translations for torbutton-abouttorproperties_completed --- zh_CN/abouttor.properties | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/zh_CN/abouttor.properties b/zh_CN/abouttor.properties index 39dbd19..7622354 100644 --- a/zh_CN/abouttor.properties +++ b/zh_CN/abouttor.properties @@ -2,12 +2,6 @@ # See LICENSE for licensing information. # vim: set sw=2 sts=2 ts=8 et: -aboutTor.searchSP.privacy=使用<a href="%2$S">Startpage</a><a href="%1$S">安全</a>搜索。 -# The following string is a link which replaces %1$S above. -aboutTor.searchSP.privacy.link=https://startpage.com/eng/protect-privacy.html -# The following string is a link which replaces %2$S above. -aboutTor.searchSP.search.link=https://startpage.com/ - aboutTor.searchDDG.privacy=使用<a href="%2$S">DuckDuckGo</a><a href="%1$S">安全</a>搜索。 # The following string is a link which replaces %1$S above. aboutTor.searchDDG.privacy.link=https://duckduckgo.com/privacy.html @@ -19,3 +13,10 @@ aboutTor.searchDC.privacy=使用<a href="%2$S">Disconnect.me</a><a href="%1$S"> aboutTor.searchDC.privacy.link=https://disconnect.me/privacy # The following string is a link which replaces %2$S above. aboutTor.searchDC.search.link=https://search.disconnect.me/ + +aboutTor.donationBanner.donate=立即捐助！ +aboutTor.donationBanner.heart=Tor 是互联网自由的核心 +aboutTor.donationBanner.tagline1=数百万人依靠 Tor 安全、私密地上网 +aboutTor.donationBanner.tagline2=人们互相保护组成的网络 +aboutTor.donationBanner.tagline3=监视即压迫 +aboutTor.donationBanner.tagline4=为记者、告密者及活动人士提供保护，专注匿名安全 10 年

1 0

[translation/torbutton-abouttorproperties] Update translations for torbutton-abouttorproperties
by translation＠torproject.org 02 Dec '16

02 Dec '16

commit 4be460ed7ca9955b0fa038248c04da251333dbb1 Author: Translation commit bot <translation(a)torproject.org> Date: Thu Dec 1 23:17:10 2016 +0000 Update translations for torbutton-abouttorproperties --- zh_CN/abouttor.properties | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/zh_CN/abouttor.properties b/zh_CN/abouttor.properties index e6ad6a0..7622354 100644 --- a/zh_CN/abouttor.properties +++ b/zh_CN/abouttor.properties @@ -17,6 +17,6 @@ aboutTor.searchDC.search.link=https://search.disconnect.me/ aboutTor.donationBanner.donate=立即捐助！ aboutTor.donationBanner.heart=Tor 是互联网自由的核心 aboutTor.donationBanner.tagline1=数百万人依靠 Tor 安全、私密地上网 -aboutTor.donationBanner.tagline2=A Network of People Protecting People +aboutTor.donationBanner.tagline2=人们互相保护组成的网络 aboutTor.donationBanner.tagline3=监视即压迫 aboutTor.donationBanner.tagline4=为记者、告密者及活动人士提供保护，专注匿名安全 10 年

1 0

[translation/bridgedb_completed] Update translations for bridgedb_completed
by translation＠torproject.org 02 Dec '16

02 Dec '16

commit 2223e812301ffe9053d6d38c56f4dcf3dee745a3 Author: Translation commit bot <translation(a)torproject.org> Date: Thu Dec 1 23:15:09 2016 +0000 Update translations for bridgedb_completed --- zh_CN/LC_MESSAGES/bridgedb.po | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/zh_CN/LC_MESSAGES/bridgedb.po b/zh_CN/LC_MESSAGES/bridgedb.po index 6b20564..b290e9c 100644 --- a/zh_CN/LC_MESSAGES/bridgedb.po +++ b/zh_CN/LC_MESSAGES/bridgedb.po @@ -11,6 +11,7 @@ # Meng San, 2014,2016 # leungsookfan <leung.sookfan(a)riseup.net>, 2014 # Meng San, 2016 +# Mingye Wang <arthur200126(a)gmail.com>, 2016 # khi, 2014-2015 # Y.F Yang <yfdyh000(a)gmail.com>, 2014-2015 msgid "" @@ -18,8 +19,8 @@ msgstr "" "Project-Id-Version: The Tor Project\n" "Report-Msgid-Bugs-To: 'https://trac.torproject.org/projects/tor/newticket?component=BridgeDB&keywo…'\n" "POT-Creation-Date: 2015-07-25 03:40+0000\n" -"PO-Revision-Date: 2016-10-10 17:55+0000\n" -"Last-Translator: Meng San\n" +"PO-Revision-Date: 2016-12-01 22:50+0000\n" +"Last-Translator: Mingye Wang <arthur200126(a)gmail.com>\n" "Language-Team: Chinese (China) (http://www.transifex.com/otf/torproject/language/zh_CN/)\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" @@ -233,7 +234,7 @@ msgid "" "difficult for anyone watching your internet traffic to determine that you are\n" "using Tor.\n" "\n" -msgstr "BridgeDB 提供多种 %s Pluggable Transports %s 网桥，可用于混淆 Tor 网络的连接，从而让网络监控者难以判断你在使用 Tor。\n" +msgstr "BridgeDB 提供多种%s可拔插传输%s网桥，用于混淆 Tor 网络的连接，从而让网络监控者难以判断你在使用 Tor。\n" #. TRANSLATORS: Please DO NOT translate "Pluggable Transports". #: bridgedb/strings.py:79

1 0

[translation/bridgedb] Update translations for bridgedb
by translation＠torproject.org 02 Dec '16

02 Dec '16

commit 909a5321df69fd584d04543145e59dcc3ca8998c Author: Translation commit bot <translation(a)torproject.org> Date: Thu Dec 1 23:15:03 2016 +0000 Update translations for bridgedb --- zh_CN/LC_MESSAGES/bridgedb.po | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/zh_CN/LC_MESSAGES/bridgedb.po b/zh_CN/LC_MESSAGES/bridgedb.po index 6b20564..b290e9c 100644 --- a/zh_CN/LC_MESSAGES/bridgedb.po +++ b/zh_CN/LC_MESSAGES/bridgedb.po @@ -11,6 +11,7 @@ # Meng San, 2014,2016 # leungsookfan <leung.sookfan(a)riseup.net>, 2014 # Meng San, 2016 +# Mingye Wang <arthur200126(a)gmail.com>, 2016 # khi, 2014-2015 # Y.F Yang <yfdyh000(a)gmail.com>, 2014-2015 msgid "" @@ -18,8 +19,8 @@ msgstr "" "Project-Id-Version: The Tor Project\n" "Report-Msgid-Bugs-To: 'https://trac.torproject.org/projects/tor/newticket?component=BridgeDB&keywo…'\n" "POT-Creation-Date: 2015-07-25 03:40+0000\n" -"PO-Revision-Date: 2016-10-10 17:55+0000\n" -"Last-Translator: Meng San\n" +"PO-Revision-Date: 2016-12-01 22:50+0000\n" +"Last-Translator: Mingye Wang <arthur200126(a)gmail.com>\n" "Language-Team: Chinese (China) (http://www.transifex.com/otf/torproject/language/zh_CN/)\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" @@ -233,7 +234,7 @@ msgid "" "difficult for anyone watching your internet traffic to determine that you are\n" "using Tor.\n" "\n" -msgstr "BridgeDB 提供多种 %s Pluggable Transports %s 网桥，可用于混淆 Tor 网络的连接，从而让网络监控者难以判断你在使用 Tor。\n" +msgstr "BridgeDB 提供多种%s可拔插传输%s网桥，用于混淆 Tor 网络的连接，从而让网络监控者难以判断你在使用 Tor。\n" #. TRANSLATORS: Please DO NOT translate "Pluggable Transports". #: bridgedb/strings.py:79

1 0