December 2016 - tor-commits - lists.torproject.org

[tor/master] fixup! Move encode_cert to torcert.c and rename it to tor_cert_encode_ed22519()
by nickm＠torproject.org 01 Dec '16

01 Dec '16

commit a3bbb9ce775d5ad250c50852785fcabdff155685 Author: David Goulet <dgoulet(a)torproject.org> Date: Thu Nov 10 11:00:59 2016 -0500 fixup! Move encode_cert to torcert.c and rename it to tor_cert_encode_ed22519() --- src/or/hs_descriptor.c | 1 + 1 file changed, 1 insertion(+) diff --git a/src/or/hs_descriptor.c b/src/or/hs_descriptor.c index 3a536e7..c48d717 100644 --- a/src/or/hs_descriptor.c +++ b/src/or/hs_descriptor.c @@ -134,6 +134,7 @@ desc_encrypted_data_free_contents(hs_desc_encrypted_data_t *desc) memwipe(desc, 0, sizeof(*desc)); } +/* === ENCODING === */ /* Encode the given link specifier objects into a newly allocated string. * This can't fail so caller can always assume a valid string being

1 0

[tor/master] Move encode_cert to torcert.c and rename it to tor_cert_encode_ed22519()
by nickm＠torproject.org 01 Dec '16

01 Dec '16

commit 9f74f8f732113ff1c63ed971e13229c523ed5a51 Author: Neel Chauhan <neel(a)neelc.org> Date: Wed Nov 9 20:01:26 2016 -0500 Move encode_cert to torcert.c and rename it to tor_cert_encode_ed22519() Signed-off-by: David Goulet <dgoulet(a)torproject.org> --- src/or/hs_descriptor.c | 47 ++++--------------------------------------- src/or/hs_descriptor.h | 1 - src/or/torcert.c | 41 +++++++++++++++++++++++++++++++++++++ src/or/torcert.h | 2 ++ src/test/test_hs_descriptor.c | 2 +- 5 files changed, 48 insertions(+), 45 deletions(-) diff --git a/src/or/hs_descriptor.c b/src/or/hs_descriptor.c index 1517ccb..3a536e7 100644 --- a/src/or/hs_descriptor.c +++ b/src/or/hs_descriptor.c @@ -15,6 +15,7 @@ #include "ed25519_cert.h" /* Trunnel interface. */ #include "parsecommon.h" #include "rendcache.h" +#include "torcert.h" /* tor_cert_encode_ed22519() */ /* Constant string value used for the descriptor format. */ #define str_hs_desc "hs-descriptor" @@ -133,46 +134,6 @@ desc_encrypted_data_free_contents(hs_desc_encrypted_data_t *desc) memwipe(desc, 0, sizeof(*desc)); } -/* === ENCODING === */ - -/* Encode the ed25519 certificate cert and put the newly allocated - * string in cert_str_out. Return 0 on success else a negative value. */ -STATIC int -encode_cert(const tor_cert_t *cert, char **cert_str_out) -{ - int ret = -1; - char *ed_cert_b64 = NULL; - size_t ed_cert_b64_len; - - tor_assert(cert); - tor_assert(cert_str_out); - - /* Get the encoded size and add the NUL byte. */ - ed_cert_b64_len = base64_encode_size(cert->encoded_len, - BASE64_ENCODE_MULTILINE) + 1; - ed_cert_b64 = tor_malloc_zero(ed_cert_b64_len); - - /* Base64 encode the encoded certificate. */ - if (base64_encode(ed_cert_b64, ed_cert_b64_len, - (const char *) cert->encoded, cert->encoded_len, - BASE64_ENCODE_MULTILINE) < 0) { - log_err(LD_BUG, "Couldn't base64-encode descriptor signing key cert!"); - goto err; - } - - /* Put everything together in a NUL terminated string. */ - tor_asprintf(cert_str_out, - "-----BEGIN ED25519 CERT-----\n" - "%s" - "-----END ED25519 CERT-----", - ed_cert_b64); - /* Success! */ - ret = 0; - - err: - tor_free(ed_cert_b64); - return ret; -} /* Encode the given link specifier objects into a newly allocated string. * This can't fail so caller can always assume a valid string being @@ -327,7 +288,7 @@ encode_enc_key(const ed25519_keypair_t *sig_key, if (!cross_cert) { goto err; } - ret = encode_cert(cross_cert, &encoded_cert); + ret = tor_cert_encode_ed22519(cross_cert, &encoded_cert); tor_cert_free(cross_cert); if (ret) { goto err; @@ -375,7 +336,7 @@ encode_intro_point(const ed25519_keypair_t *sig_key, /* Authentication key encoding. */ { char *encoded_cert; - if (encode_cert(ip->auth_key_cert, &encoded_cert) < 0) { + if (tor_cert_encode_ed22519(ip->auth_key_cert, &encoded_cert) < 0) { goto err; } smartlist_add_asprintf(lines, "%s\n%s", str_ip_auth_key, encoded_cert); @@ -769,7 +730,7 @@ desc_encode_v3(const hs_descriptor_t *desc, char **encoded_out) "(%d)", (int) desc->plaintext_data.signing_key_cert->cert_type); goto err; } - if (encode_cert(desc->plaintext_data.signing_key_cert, + if (tor_cert_encode_ed22519(desc->plaintext_data.signing_key_cert, &encoded_cert) < 0) { /* The function will print error logs. */ goto err; diff --git a/src/or/hs_descriptor.h b/src/or/hs_descriptor.h index 895bed2..083d353 100644 --- a/src/or/hs_descriptor.h +++ b/src/or/hs_descriptor.h @@ -216,7 +216,6 @@ size_t hs_desc_plaintext_obj_size(const hs_desc_plaintext_data_t *data); #ifdef HS_DESCRIPTOR_PRIVATE /* Encoding. */ -STATIC int encode_cert(const tor_cert_t *cert, char **cert_str_out); STATIC char *encode_link_specifiers(const smartlist_t *specs); STATIC size_t build_plaintext_padding(const char *plaintext, size_t plaintext_len, diff --git a/src/or/torcert.c b/src/or/torcert.c index 852def9..8560768 100644 --- a/src/or/torcert.c +++ b/src/or/torcert.c @@ -647,3 +647,44 @@ or_handshake_certs_check_both(int severity, } } +/* === ENCODING === */ + +/* Encode the ed25519 certificate cert and put the newly allocated + * string in cert_str_out. Return 0 on success else a negative value. */ +int +tor_cert_encode_ed22519(const tor_cert_t *cert, char **cert_str_out) +{ + int ret = -1; + char *ed_cert_b64 = NULL; + size_t ed_cert_b64_len; + + tor_assert(cert); + tor_assert(cert_str_out); + + /* Get the encoded size and add the NUL byte. */ + ed_cert_b64_len = base64_encode_size(cert->encoded_len, + BASE64_ENCODE_MULTILINE) + 1; + ed_cert_b64 = tor_malloc_zero(ed_cert_b64_len); + + /* Base64 encode the encoded certificate. */ + if (base64_encode(ed_cert_b64, ed_cert_b64_len, + (const char *) cert->encoded, cert->encoded_len, + BASE64_ENCODE_MULTILINE) < 0) { + log_err(LD_BUG, "Couldn't base64-encode ed22519 cert!"); + goto err; + } + + /* Put everything together in a NUL terminated string. */ + tor_asprintf(cert_str_out, + "-----BEGIN ED25519 CERT-----\n" + "%s" + "-----END ED25519 CERT-----", + ed_cert_b64); + /* Success! */ + ret = 0; + + err: + tor_free(ed_cert_b64); + return ret; +} + diff --git a/src/or/torcert.h b/src/or/torcert.h index 4bd816f..090f6b5 100644 --- a/src/or/torcert.h +++ b/src/or/torcert.h @@ -98,5 +98,7 @@ void or_handshake_certs_check_both(int severity, const ed25519_public_key_t **ed_id_out, const common_digests_t **rsa_id_out); +int tor_cert_encode_ed22519(const tor_cert_t *cert, char **cert_str_out); + #endif diff --git a/src/test/test_hs_descriptor.c b/src/test/test_hs_descriptor.c index 8af5cab..9749c3b 100644 --- a/src/test/test_hs_descriptor.c +++ b/src/test/test_hs_descriptor.c @@ -254,7 +254,7 @@ test_cert_encoding(void *arg) tt_assert(cert); /* Test the certificate encoding function. */ - ret = encode_cert(cert, &encoded); + ret = tor_cert_encode_ed22519(cert, &encoded); tt_int_op(ret, ==, 0); /* Validated the certificate string. */

1 0

[tor/master] Merge remote-tracking branch 'dgoulet/ticket20568_030_01'
by nickm＠torproject.org 01 Dec '16

01 Dec '16

commit a7762930c38a5bbd096ccc5ef2595b469a462d58 Merge: c1e8dfd a3bbb9c Author: Nick Mathewson <nickm(a)torproject.org> Date: Thu Dec 1 09:23:36 2016 -0500 Merge remote-tracking branch 'dgoulet/ticket20568_030_01' src/or/hs_descriptor.c | 46 ++++--------------------------------------- src/or/hs_descriptor.h | 1 - src/or/torcert.c | 41 ++++++++++++++++++++++++++++++++++++++ src/or/torcert.h | 2 ++ src/test/test_hs_descriptor.c | 2 +- 5 files changed, 48 insertions(+), 44 deletions(-)

1 0

[tor/master] Fix compilation
by nickm＠torproject.org 01 Dec '16

01 Dec '16

commit c1e8dfd6cf44caef6b612a4fd65bc6b91100ed73 Author: Nick Mathewson <nickm(a)torproject.org> Date: Thu Dec 1 09:20:04 2016 -0500 Fix compilation --- src/or/routerkeys.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/or/routerkeys.c b/src/or/routerkeys.c index ad62247..6c53c50 100644 --- a/src/or/routerkeys.c +++ b/src/or/routerkeys.c @@ -743,7 +743,7 @@ load_ed_keys(const or_options_t *options, time_t now) if (need_new_signing_key) { log_notice(LD_OR, "It looks like I need to generate and sign a new " "medium-term signing key, because %s. To do that, I " - "need to load the permanent master identity key. " + "need to load%s the permanent master identity key. " "If the master identity key was not moved or encrypted " "with a passphrase, this will be done automatically and " "no further action is required. Otherwise, provide the "

1 0

[tor/master] Improve log messages related to identity key
by nickm＠torproject.org 01 Dec '16

01 Dec '16

commit 215cc0d527d73461efaeeadb47e0a069d4895ca9 Author: s7r <s7r(a)sky-ip.org> Date: Sun Nov 27 13:07:43 2016 +0000 Improve log messages related to identity key Improve the messages logged when Tor wants or needs to load the master ed25519 identity key so the user is explicitly informed when further action is required or not. Fixes ticket #20650. --- src/or/routerkeys.c | 22 +++++++++++++++------- 1 file changed, 15 insertions(+), 7 deletions(-) diff --git a/src/or/routerkeys.c b/src/or/routerkeys.c index 8d9a132..ad62247 100644 --- a/src/or/routerkeys.c +++ b/src/or/routerkeys.c @@ -742,8 +742,12 @@ load_ed_keys(const or_options_t *options, time_t now) if (need_new_signing_key) { log_notice(LD_OR, "It looks like I need to generate and sign a new " - "medium-term signing key, because %s. To do that, I need to " - "load%s the permanent master identity key.", + "medium-term signing key, because %s. To do that, I " + "need to load the permanent master identity key. " + "If the master identity key was not moved or encrypted " + "with a passphrase, this will be done automatically and " + "no further action is required. Otherwise, provide the " + "necessary data using 'tor --keygen' to do it manually.", (NULL == use_signing) ? "I don't have one" : EXPIRES_SOON(check_signing_cert, 0) ? "the one I have is expired" : "you asked me to make one with --keygen", @@ -751,15 +755,19 @@ load_ed_keys(const or_options_t *options, time_t now) } else if (want_new_signing_key && !offline_master) { log_notice(LD_OR, "It looks like I should try to generate and sign a " "new medium-term signing key, because the one I have is " - "going to expire soon. To do that, I'm going to have to try to " - "load the permanent master identity key."); + "going to expire soon. To do that, I'm going to have to " + "try to load the permanent master identity key. " + "If the master identity key was not moved or encrypted " + "with a passphrase, this will be done automatically and " + "no further action is required. Otherwise, provide the " + "necessary data using 'tor --keygen' to do it manually."); } else if (want_new_signing_key) { log_notice(LD_OR, "It looks like I should try to generate and sign a " "new medium-term signing key, because the one I have is " "going to expire soon. But OfflineMasterKey is set, so I " - "won't try to load a permanent master identity key is set. " - "You will need to use 'tor --keygen' make a new signing key " - "and certificate."); + "won't try to load a permanent master identity key. You " + "will need to use 'tor --keygen' to make a new signing " + "key and certificate."); } {

1 0

[tor-browser-bundle/master] Bump versions for nightly builds
by gk＠torproject.org 01 Dec '16

01 Dec '16

commit 76ad999bf8560443f2f94fcacf551664ffd4020b Author: Georg Koppen <gk(a)torproject.org> Date: Thu Dec 1 14:02:21 2016 +0000 Bump versions for nightly builds --- gitian/versions.nightly | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/gitian/versions.nightly b/gitian/versions.nightly index 1a3bc8b..f487cb5 100755 --- a/gitian/versions.nightly +++ b/gitian/versions.nightly @@ -17,7 +17,7 @@ MULTI_LINGUAL=1 VERIFY_TAGS=0 -FIREFOX_VERSION=45.5.0esr +FIREFOX_VERSION=45.5.1esr TORBROWSER_UPDATE_CHANNEL=default @@ -75,7 +75,7 @@ NSIS_VER=2.51 ## File names for the source packages OPENSSL_PACKAGE=openssl-${OPENSSL_VER}.tar.gz GMP_PACKAGE=gmp-${GMP_VER}.tar.bz2 -NOSCRIPT_PACKAGE=noscript_security_suite-2.9.0.14-fx+fn+sm.xpi +NOSCRIPT_PACKAGE=noscript_security_suite-2.9.5.2-fx+sm.xpi TOOLCHAIN4_OLD_PACKAGE=multiarch-darwin11-cctools127.2-gcc42-5666.3-llvmgcc42-2336.1-Linux-120724.tar.xz CCTOOLS_PACKAGE=cctools.tar.gz OSXSDK_PACKAGE=MacOSX10.7.sdk.tar.gz @@ -109,7 +109,7 @@ GMP_HASH=752079520b4690531171d0f4532e40f08600215feefede70b24fabdc6f1ab160 OSXSDK_HASH=da77bb0003fcca5ea8c4e8cb2da8828ded750c54afdcac29ec6f3b46ad5e3adf OSXSDK_OLD_HASH=6602d8d5ddb371fbc02e2a5967d9bd0cd7358d46f9417753c8234b923f2ea6fc TOOLCHAIN4_OLD_HASH=65c1b2d302358a6b95a26c6828a66908a199276193bb0b268f2dcc1a997731e9 -NOSCRIPT_HASH=39bc71be20c318578239ea791c0341dbfcd13b33559af080cea386eeec08b337 +NOSCRIPT_HASH=ed71ca922790e81bc5e8c6a87bb81f394a38676ac37d1fba518a6a428d128dd5 CCTOOLS_HASH=e908fdebc2886ee5491ebfc7e7950af451b3c4e2439c2d7a923ed06ad05113e4 MSVCR100_HASH=1221a09484964a6f38af5e34ee292b9afefccb3dc6e55435fd3aaf7c235d9067 PYCRYPTO_HASH=f2ce1e989b272cfcb677616763e0a2e7ec659effa67a88aa92b3a65528f60a3c

1 0

[tor-browser-bundle/hardened-builds] Bump versions for nightly builds
by gk＠torproject.org 01 Dec '16

01 Dec '16

commit a59484051e96642c1ef5c72676caedf5f8f39bf3 Author: Georg Koppen <gk(a)torproject.org> Date: Thu Dec 1 14:02:21 2016 +0000 Bump versions for nightly builds --- gitian/versions.nightly | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/gitian/versions.nightly b/gitian/versions.nightly index 56af58d..0f4cae6 100755 --- a/gitian/versions.nightly +++ b/gitian/versions.nightly @@ -17,7 +17,7 @@ MULTI_LINGUAL=1 VERIFY_TAGS=0 -FIREFOX_VERSION=45.5.0esr +FIREFOX_VERSION=45.5.1esr TORBROWSER_UPDATE_CHANNEL=default @@ -77,7 +77,7 @@ ELFUTILS_VER=0.160 ## File names for the source packages OPENSSL_PACKAGE=openssl-${OPENSSL_VER}.tar.gz GMP_PACKAGE=gmp-${GMP_VER}.tar.bz2 -NOSCRIPT_PACKAGE=noscript_security_suite-2.9.0.14-fx+fn+sm.xpi +NOSCRIPT_PACKAGE=noscript_security_suite-2.9.5.2-fx+sm.xpi TOOLCHAIN4_OLD_PACKAGE=multiarch-darwin11-cctools127.2-gcc42-5666.3-llvmgcc42-2336.1-Linux-120724.tar.xz CCTOOLS_PACKAGE=cctools.tar.gz OSXSDK_PACKAGE=MacOSX10.7.sdk.tar.gz @@ -112,7 +112,7 @@ GMP_HASH=752079520b4690531171d0f4532e40f08600215feefede70b24fabdc6f1ab160 OSXSDK_HASH=da77bb0003fcca5ea8c4e8cb2da8828ded750c54afdcac29ec6f3b46ad5e3adf OSXSDK_OLD_HASH=6602d8d5ddb371fbc02e2a5967d9bd0cd7358d46f9417753c8234b923f2ea6fc TOOLCHAIN4_OLD_HASH=65c1b2d302358a6b95a26c6828a66908a199276193bb0b268f2dcc1a997731e9 -NOSCRIPT_HASH=39bc71be20c318578239ea791c0341dbfcd13b33559af080cea386eeec08b337 +NOSCRIPT_HASH=ed71ca922790e81bc5e8c6a87bb81f394a38676ac37d1fba518a6a428d128dd5 CCTOOLS_HASH=e908fdebc2886ee5491ebfc7e7950af451b3c4e2439c2d7a923ed06ad05113e4 MSVCR100_HASH=1221a09484964a6f38af5e34ee292b9afefccb3dc6e55435fd3aaf7c235d9067 PYCRYPTO_HASH=f2ce1e989b272cfcb677616763e0a2e7ec659effa67a88aa92b3a65528f60a3c

1 0

[webwml/master] Deprecate old Tor Browser version (6.0.6)
by gk＠torproject.org 01 Dec '16

01 Dec '16

commit 55e437ee25dd742fd85e6e7bb7961968b04d4dbe Author: Georg Koppen <gk(a)torproject.org> Date: Thu Dec 1 09:44:21 2016 +0000 Deprecate old Tor Browser version (6.0.6) --- projects/torbrowser/RecommendedTBBVersions | 4 ---- 1 file changed, 4 deletions(-) diff --git a/projects/torbrowser/RecommendedTBBVersions b/projects/torbrowser/RecommendedTBBVersions index 11f0e35..22a5328 100644 --- a/projects/torbrowser/RecommendedTBBVersions +++ b/projects/torbrowser/RecommendedTBBVersions @@ -1,8 +1,4 @@ [ -"6.0.6", -"6.0.6-Linux", -"6.0.6-MacOS", -"6.0.6-Windows", "6.0.7", "6.0.7-Linux", "6.0.7-MacOS",

1 0

[tor-browser-bundle/hardened-builds] Release preparations for 6.5a5-hardened
by gk＠torproject.org 01 Dec '16

01 Dec '16

commit ff778b8bf767d48db6bf2c55ff9715cb76f15e4c Author: Georg Koppen <gk(a)torproject.org> Date: Thu Dec 1 08:13:41 2016 +0000 Release preparations for 6.5a5-hardened --- Bundle-Data/Docs/ChangeLog.txt | 7 +++++++ gitian/versions.alpha | 8 ++++---- tools/update-responses/config.yml | 10 +++++----- 3 files changed, 16 insertions(+), 9 deletions(-) diff --git a/Bundle-Data/Docs/ChangeLog.txt b/Bundle-Data/Docs/ChangeLog.txt index fd5b60e..84eacc6 100644 --- a/Bundle-Data/Docs/ChangeLog.txt +++ b/Bundle-Data/Docs/ChangeLog.txt @@ -1,3 +1,10 @@ +Tor Browser 6.5a5-hardened -- December 1 2016 + * All Platforms + * Update Firefox to 45.5.1esr + * Update NoScript to 2.9.5.2 + * Linux + * Bug 20691: Updater breaks if unix domain sockets are used + Tor Browser 6.5a4-hardened -- November 16 2016 * All Platforms * Update Firefox to 45.5.0esr diff --git a/gitian/versions.alpha b/gitian/versions.alpha index c22ed9f..858597e 100755 --- a/gitian/versions.alpha +++ b/gitian/versions.alpha @@ -14,11 +14,11 @@ DATA_OUTSIDE_APP_DIR=1 VERIFY_TAGS=1 -FIREFOX_VERSION=45.5.0esr +FIREFOX_VERSION=45.5.1esr TORBROWSER_UPDATE_CHANNEL=hardened -TORBROWSER_TAG=tor-browser-${FIREFOX_VERSION}-6.5-1-build3 +TORBROWSER_TAG=tor-browser-${FIREFOX_VERSION}-6.5-1-build1 TOR_TAG=tor-0.2.9.5-alpha TORLAUNCHER_TAG=0.2.11.1 TORBUTTON_TAG=1.9.6.7 @@ -74,7 +74,7 @@ ELFUTILS_VER=0.160 ## File names for the source packages OPENSSL_PACKAGE=openssl-${OPENSSL_VER}.tar.gz GMP_PACKAGE=gmp-${GMP_VER}.tar.bz2 -NOSCRIPT_PACKAGE=noscript_security_suite-2.9.0.14-fx+fn+sm.xpi +NOSCRIPT_PACKAGE=noscript_security_suite-2.9.5.2-fx+sm.xpi TOOLCHAIN4_OLD_PACKAGE=multiarch-darwin11-cctools127.2-gcc42-5666.3-llvmgcc42-2336.1-Linux-120724.tar.xz CCTOOLS_PACKAGE=cctools.tar.gz OSXSDK_PACKAGE=MacOSX10.7.sdk.tar.gz @@ -109,7 +109,7 @@ GMP_HASH=752079520b4690531171d0f4532e40f08600215feefede70b24fabdc6f1ab160 OSXSDK_HASH=da77bb0003fcca5ea8c4e8cb2da8828ded750c54afdcac29ec6f3b46ad5e3adf OSXSDK_OLD_HASH=6602d8d5ddb371fbc02e2a5967d9bd0cd7358d46f9417753c8234b923f2ea6fc TOOLCHAIN4_OLD_HASH=65c1b2d302358a6b95a26c6828a66908a199276193bb0b268f2dcc1a997731e9 -NOSCRIPT_HASH=39bc71be20c318578239ea791c0341dbfcd13b33559af080cea386eeec08b337 +NOSCRIPT_HASH=ed71ca922790e81bc5e8c6a87bb81f394a38676ac37d1fba518a6a428d128dd5 CCTOOLS_HASH=e908fdebc2886ee5491ebfc7e7950af451b3c4e2439c2d7a923ed06ad05113e4 MSVCR100_HASH=1221a09484964a6f38af5e34ee292b9afefccb3dc6e55435fd3aaf7c235d9067 PYCRYPTO_HASH=f2ce1e989b272cfcb677616763e0a2e7ec659effa67a88aa92b3a65528f60a3c diff --git a/tools/update-responses/config.yml b/tools/update-responses/config.yml index 67d63c9..1fcbd57 100644 --- a/tools/update-responses/config.yml +++ b/tools/update-responses/config.yml @@ -20,7 +20,7 @@ build_targets: osx32: Darwin_x86-gcc3 osx64: Darwin_x86_64-gcc3 channels: - hardened: 6.5a4-hardened + hardened: 6.5a5-hardened release: 6.0.1 versions: 6.0.1: @@ -33,11 +33,11 @@ versions: osx32: minSupportedOSVersion: 10.8 detailsURL: https://blog.torproject.org/blog/end-life-plan-tor-browser-32-bit-macs#upda… - 6.5a4-hardened: - platformVersion: 45.5.0 - detailsURL: https://blog.torproject.org/blog/tor-browser-65a4-hardened-released + 6.5a5-hardened: + platformVersion: 45.5.1 + detailsURL: https://blog.torproject.org/blog/tor-browser-65a5-hardened-released incremental_from: - - 6.5a3-hardened + - 6.5a4-hardened migrate_archs: osx32: osx64 osx32:

1 0

[sandboxed-tor-browser/master] Bundle version handling improvements.
by yawning＠torproject.org 01 Dec '16

01 Dec '16

commit 27241df5207a293b8452e92bd0b030dad233547b Author: Yawning Angel <yawning(a)schwanenlied.me> Date: Thu Dec 1 01:39:59 2016 +0000 Bundle version handling improvements. * Add the ability to compare string formatted versions vs the installed version in the manifest. * On update, check to ensure that it will actually be an update, and not a sidegrade/downgrade. The code banks on alpha versioning starting at 1, eg: "7.0a1". --- .../internal/sandbox/application.go | 2 +- .../internal/ui/config/manifest.go | 84 +++++++++++++++++----- .../sandboxed-tor-browser/internal/ui/install.go | 11 ++- 3 files changed, 75 insertions(+), 22 deletions(-) diff --git a/src/cmd/sandboxed-tor-browser/internal/sandbox/application.go b/src/cmd/sandboxed-tor-browser/internal/sandbox/application.go index a431dac..7620802 100644 --- a/src/cmd/sandboxed-tor-browser/internal/sandbox/application.go +++ b/src/cmd/sandboxed-tor-browser/internal/sandbox/application.go @@ -287,7 +287,7 @@ func applyPaXAttributes(manif *config.Manifest, f string) error { // Strip off the attribute if this is a non-grsec kernel, or the bundle is // sufficiently recent to the point where the required W^X fixes are present // in the JIT. - if !IsGrsecKernel() || manif.BundleVersionAtLeast(7, 0) { + if !IsGrsecKernel() || manif.BundleVersionAtLeast("7.0a1") { if sz > 0 { log.Printf("sandbox: Removing Tor Browser PaX attributes.") syscall.Removexattr(f, paxAttr) diff --git a/src/cmd/sandboxed-tor-browser/internal/ui/config/manifest.go b/src/cmd/sandboxed-tor-browser/internal/ui/config/manifest.go index 4891d37..393a31e 100644 --- a/src/cmd/sandboxed-tor-browser/internal/ui/config/manifest.go +++ b/src/cmd/sandboxed-tor-browser/internal/ui/config/manifest.go @@ -71,38 +71,84 @@ func (m *Manifest) Sync() error { // BundleVersionAtLeast returns true if the bundle version is greater than or // equal to the specified version. -func (m *Manifest) BundleVersionAtLeast(major, minor int) bool { - vStr := strings.TrimSuffix(m.Version, "-hardened") - if m.Version == "" { +func (m *Manifest) BundleVersionAtLeast(vStr string) bool { + cmp, err := bundleVersionCompare(m.Version, vStr) + if err != nil { return false } - if m.Channel == "alpha" || m.Channel == "hardened" { - vStr = strings.Replace(vStr, "a", ".", 1) - } + return cmp >= 0 +} - // Split into major/minor/pl. - v := strings.Split(vStr, ".") - if len(v) < 2 { // Need at least a major/minor. +// BundleUpdateVersionValid returns true if the proposed update version is +// actually an update. +func (m *Manifest) BundleUpdateVersionValid(vStr string) bool { + cmp, err := bundleVersionCompare(m.Version, vStr) + if err != nil { return false } + return cmp < 0 +} + +func bundleVersionParse(vStr string) (*[4]int, error) { + vStr = strings.TrimSuffix(vStr, "-hardened") + vStr = strings.Replace(vStr, "a", ".0.", 1) + + var out [4]int + for idx, s := range strings.Split(vStr, ".") { + i, err := strconv.Atoi(s) + if err != nil { + return nil, err + } + out[idx] = i + } + out[3] = -out[3] // XXX: I hope there never is "7.0a" or "7.0a0" + + return &out, nil +} + +func bundleVersionCompare(a, b string) (int, error) { + a = strings.ToLower(strings.TrimSpace(a)) + b = strings.ToLower(strings.TrimSpace(b)) + + if a == b { + return 0, nil // Equal. + } - iMaj, err := strconv.Atoi(v[0]) + aVer, err := bundleVersionParse(a) if err != nil { - return false + return 0, err } - iMin, err := strconv.Atoi(v[1]) + bVer, err := bundleVersionParse(b) if err != nil { - return false + return 0, err + } + + for i := 0; i < 3; i++ { + if aVer[i] > bVer[i] { + return 1, nil + } + if aVer[i] < bVer[i] { + return -1, nil + } + } + + if aVer[3] < 0 && bVer[3] >= 0 { // Alpha vs Release. + return -1, nil + } + if aVer[3] >= 0 && bVer[3] < 0 { // Release vs Alpha. + return 1, nil } - // Do the version comparison. - if iMaj > major { - return true + // Alpha vs Alpha. + aVer[3], bVer[3] = -aVer[3], -bVer[3] + if aVer[3] < bVer[3] { + return -1, nil } - if iMaj == major && iMin >= minor { - return true + if bVer[3] < aVer[3] { + return 1, nil } - return false + + return 0, nil // One is probably hardened, the other isn't. } // Purge deletes the manifest. diff --git a/src/cmd/sandboxed-tor-browser/internal/ui/install.go b/src/cmd/sandboxed-tor-browser/internal/ui/install.go index 16bde15..5680319 100644 --- a/src/cmd/sandboxed-tor-browser/internal/ui/install.go +++ b/src/cmd/sandboxed-tor-browser/internal/ui/install.go @@ -210,11 +210,18 @@ func (c *Common) doUpdate(async *Async, dialFn dialFunc) { return } + // Ensure that the update entry version is actually neweer. + if !c.Manif.BundleUpdateVersionValid(update.AppVersion) { + log.Printf("launch: Update server provided a downgrade: '%v'", update.AppVersion) + async.Err = fmt.Errorf("update server provided a downgrade: '%v'", update.AppVersion) + return + } + // Figure out the best MAR to download. patches := make(map[string]*installer.Patch) for _, v := range update.Patch { if patches[v.Type] != nil { - async.Err = fmt.Errorf("duplicate patch entry for kind: %v", v.Type) + async.Err = fmt.Errorf("duplicate patch entry for kind: '%v'", v.Type) return } patches[v.Type] = &v @@ -253,7 +260,7 @@ func (c *Common) doUpdate(async *Async, dialFn dialFunc) { return } default: - async.Err = fmt.Errorf("unsupported hash function: %v", patch.HashFunction) + async.Err = fmt.Errorf("unsupported hash function: '%v'", patch.HashFunction) return }

1 0