October 2018 - tor-commits - lists.torproject.org

[tor/release-0.3.5] Merge branch 'tor-github/pr/438' into maint-0.3.5
by dgoulet＠torproject.org 30 Oct '18

30 Oct '18

commit 488969fe9c4279477b1ff6da34ccf44ed19da8c7 Merge: 95559279e a61473114 Author: David Goulet <dgoulet(a)torproject.org> Date: Tue Oct 30 11:43:54 2018 -0400 Merge branch 'tor-github/pr/438' into maint-0.3.5 changes/ticket27838 | 4 ++ src/feature/hs/hs_service.c | 134 ++++++++++++++++++++++++++++---------------- src/feature/hs/hs_service.h | 72 +++++++++++++++--------- src/test/test_hs_service.c | 4 +- 4 files changed, 135 insertions(+), 79 deletions(-)

1 0

[translation/donatepages-messagespot] Update translations for donatepages-messagespot
by translation＠torproject.org 30 Oct '18

30 Oct '18

commit d4b407fc1f20fffa2137f86d0a5f6b7d3bf76f4f Author: Translation commit bot <translation(a)torproject.org> Date: Tue Oct 30 15:45:21 2018 +0000 Update translations for donatepages-messagespot --- locale/el/LC_MESSAGES/messages.po | 32 ++++++++++++++++++++++++++++++++ 1 file changed, 32 insertions(+) diff --git a/locale/el/LC_MESSAGES/messages.po b/locale/el/LC_MESSAGES/messages.po index e241537a3..1babd1cb3 100644 --- a/locale/el/LC_MESSAGES/messages.po +++ b/locale/el/LC_MESSAGES/messages.po @@ -1350,6 +1350,11 @@ msgid "" "research, test, and implement ideas we have for making the Tor network even " "stronger." msgstr "" +"Όχι, όχι, όχι! Μεγαλύτερη χρηματοδότηση από εσάς σημαίνει ότι μπορούμε να " +"κάνουμε περισσότερα πράγματα που είμαστε ενθουσιασμένοι για να κάνουμε, όπως" +" η μίσθωση ενός ατόμου πλήρους απασχόλησης για να παρακολουθεί το δίκτυο Tor" +" ή να ερευνήσουμε, να δοκιμάσουμε και να εφαρμόσουμε ιδέες που έχουμε για να" +" κάνουμε το δίκτυο Tor ακόμα πιο ισχυρό." #: tmp/cache_locale/0e/0e65c68f2900f432bc062864e7bafc989d6286e272f5e98882a99f52ea4c5c89.php:359 msgid "Can I donate via bitcoin?" @@ -1409,6 +1414,8 @@ msgid "" "Is the Tor Project required to identify me as a donor to the United States " "government, or to any other authority?" msgstr "" +"Είναι απαραίτητο το Tor Project να με αναγνωρίσει ως δωρητή στην κυβέρνηση " +"των Ηνωμένων Πολιτειών ή σε οποιαδήποτε άλλη αρχή;" #: tmp/cache_locale/0e/0e65c68f2900f432bc062864e7bafc989d6286e272f5e98882a99f52ea4c5c89.php:390 msgid "" @@ -1416,6 +1423,10 @@ msgid "" "required to report the donation amount and your name and address (if we have" " it) to the IRS, on Schedule B of the Form 990, which is filed annually." msgstr "" +"Αν δωρίσετε 5.000 δολάρια ή περισσότερα στο Tor Project μέσα σε ένα έτος, " +"οφείλουμε να αναφέρουμε το ποσό της δωρεάς και το όνομα και τη διεύθυνσή σας" +" (αν τα έχουμε) στο IRS, στο Πρόγραμμα Β του Εντύπου 990, το οποίο " +"κατατίθεται ετησίως ." #: tmp/cache_locale/0e/0e65c68f2900f432bc062864e7bafc989d6286e272f5e98882a99f52ea4c5c89.php:392 msgid "" @@ -1429,18 +1440,24 @@ msgid "" "We are not required to identify donors to any other organization or " "authority, and we do not." msgstr "" +"Δεν είμαστε υποχρεωμένοι να δηλώσουμε την ταυτότητα των δωρητών μας σε " +"οποιονδήποτε άλλο οργανισμό ή αρχή και δεν το κάνουμε." #: tmp/cache_locale/0e/0e65c68f2900f432bc062864e7bafc989d6286e272f5e98882a99f52ea4c5c89.php:396 msgid "" "(Also, if you wanted, you could give us $4,999 in late 2016 and $4,999 in " "early 2017 ;)" msgstr "" +"(Επίσης, αν θέλατε, θα μπορούσατε να μας δώσετε 4.999 δολάρια στα τέλη του " +"2016 και 4.999 δολάρια στις αρχές του 2017)" #: tmp/cache_locale/0e/0e65c68f2900f432bc062864e7bafc989d6286e272f5e98882a99f52ea4c5c89.php:402 msgid "" "In your privacy policy, you say you will never publicly identify me as a " "donor without my permission." msgstr "" +"Στην πολιτική απορρήτου σας, λέτε ότι ποτέ δεν θα με αναφέρετε δημόσια ως " +"δωρητή χωρίς την άδειά μου." #: tmp/cache_locale/0e/0e65c68f2900f432bc062864e7bafc989d6286e272f5e98882a99f52ea4c5c89.php:404 msgid "What does that mean?" @@ -1489,12 +1506,16 @@ msgid "" "It's important to me that my donation be tax-deductible, but I don't pay " "taxes in the United States." msgstr "" +"Είναι σημαντικό για μένα η δωρεά μου να εκπίπτει από τη φορολογία, αλλά δεν " +"πληρώνω φόρους στις Ηνωμένες Πολιτείες." #: tmp/cache_locale/0e/0e65c68f2900f432bc062864e7bafc989d6286e272f5e98882a99f52ea4c5c89.php:426 msgid "" "Right now, we can only offer tax-deductibility to donors who pay taxes in " "the United States." msgstr "" +"Αυτή τη στιγμή, μπορούμε να προσφέρουμε φορολογική έκπτωση μόνο σε δωρητές " +"που πληρώνουν φόρους στις Ηνωμένες Πολιτείες." #: tmp/cache_locale/0e/0e65c68f2900f432bc062864e7bafc989d6286e272f5e98882a99f52ea4c5c89.php:428 msgid "" @@ -1502,6 +1523,9 @@ msgid "" "different country, let us know and we will try to offer tax-deductibility in" " your country in future." msgstr "" +"Εάν είναι σημαντικό για εσάς οι δωρεές σας να εκπίπτουν από τη φορολογία σε " +"μια άλλη χώρα, ενημερώστε μας και θα προσπαθήσουμε να προσφέρουμε φορολογική" +" έκπτωση στη χώρα σας στο μέλλον." #: tmp/cache_locale/0e/0e65c68f2900f432bc062864e7bafc989d6286e272f5e98882a99f52ea4c5c89.php:430 msgid "" @@ -1511,6 +1535,11 @@ msgid "" "organizations support the Tor network</a> and may be able to offer you tax-" "deductibility for your donation." msgstr "" +"Ή αν βρίσκεστε στη Γερμανία, τη Γαλλία ή τη Σουηδία, <a class=\"hyperlinks " +"links\" target=\"_blank\" " +"href=\"https://www.torproject.org/docs/faq.html.en#RelayDonations\">οι " +"οργανισμοί αυτοί υποστηρίζουν το δίκτυο Tor</a> και ίσως είναι σε θέση να " +"σας προσφέρουν φοροαπαλλαγή για τη δωρεά σας." #: tmp/cache_locale/0e/0e65c68f2900f432bc062864e7bafc989d6286e272f5e98882a99f52ea4c5c89.php:436 msgid "" @@ -1539,6 +1568,9 @@ msgid "" "Here is the Tor Project <a class=\"hyperlinks links\" target=\"_blank\" " "href=\"/%langcode%/privacy-policy\">donor privacy policy</a>." msgstr "" +"Αυτή είναι η <a class=\"hyperlinks links\" target=\"_blank\" " +"href=\"/%langcode%/privacy-policy\">πολιτική απορρήτου δωρητών</a> του Tor " +"Project." #: tmp/cache_locale/0e/0e65c68f2900f432bc062864e7bafc989d6286e272f5e98882a99f52ea4c5c89.php:457 msgid "What is your refund policy?"

1 0

[tor/maint-0.3.5] hs-v3: Always generate the descriptor cookie
by dgoulet＠torproject.org 30 Oct '18

30 Oct '18

commit 56f713b8a477b4203f3bfd8f3ad0952706dc9599 Author: David Goulet <dgoulet(a)torproject.org> Date: Thu Oct 18 11:44:26 2018 -0400 hs-v3: Always generate the descriptor cookie It won't be used if there are no authorized client configured. We do that so we can easily support the addition of a client with a HUP signal which allow us to avoid more complex code path to generate that cookie if we have at least one client auth and we had none before. Fixes #27995 Signed-off-by: David Goulet <dgoulet(a)torproject.org> --- changes/ticket27995 | 4 ++++ src/feature/hs/hs_service.c | 10 ++++------ 2 files changed, 8 insertions(+), 6 deletions(-) diff --git a/changes/ticket27995 b/changes/ticket27995 new file mode 100644 index 000000000..8c7542574 --- /dev/null +++ b/changes/ticket27995 @@ -0,0 +1,4 @@ + o Minor bugfixes (hidden service v3, client authorization): + - Fix an assert() when adding a client authorization for the first time + and then sending a HUP signal to the service. Before that, tor would + stop abruptly. Fixes bug 27995; bugfix on 0.3.5.1-alpha. diff --git a/src/feature/hs/hs_service.c b/src/feature/hs/hs_service.c index 78654bfb2..aec2aa438 100644 --- a/src/feature/hs/hs_service.c +++ b/src/feature/hs/hs_service.c @@ -1924,12 +1924,10 @@ build_service_desc_keys(const hs_service_t *service, goto end; } - /* Random a descriptor cookie to be used as a part of a key to encrypt the - * descriptor, if the client auth is enabled. */ - if (service->config.is_client_auth_enabled) { - crypto_strongest_rand(desc->descriptor_cookie, - sizeof(desc->descriptor_cookie)); - } + /* Random descriptor cookie to be used as a part of a key to encrypt the + * descriptor, only if the client auth is enabled will it be used. */ + crypto_strongest_rand(desc->descriptor_cookie, + sizeof(desc->descriptor_cookie)); /* Success. */ ret = 0;

1 0

[tor/maint-0.3.5] Merge branch 'tor-github/pr/415' into maint-0.3.5
by dgoulet＠torproject.org 30 Oct '18

30 Oct '18

commit 95559279e15393347c606eaaa323e0b6490782c2 Merge: 6c9d678ff 56f713b8a Author: David Goulet <dgoulet(a)torproject.org> Date: Tue Oct 30 11:36:36 2018 -0400 Merge branch 'tor-github/pr/415' into maint-0.3.5 changes/ticket27995 | 4 ++++ src/feature/hs/hs_service.c | 10 ++++------ 2 files changed, 8 insertions(+), 6 deletions(-)

1 0

[tor/master] hs-v3: Always generate the descriptor cookie
by dgoulet＠torproject.org 30 Oct '18

30 Oct '18

commit 56f713b8a477b4203f3bfd8f3ad0952706dc9599 Author: David Goulet <dgoulet(a)torproject.org> Date: Thu Oct 18 11:44:26 2018 -0400 hs-v3: Always generate the descriptor cookie It won't be used if there are no authorized client configured. We do that so we can easily support the addition of a client with a HUP signal which allow us to avoid more complex code path to generate that cookie if we have at least one client auth and we had none before. Fixes #27995 Signed-off-by: David Goulet <dgoulet(a)torproject.org> --- changes/ticket27995 | 4 ++++ src/feature/hs/hs_service.c | 10 ++++------ 2 files changed, 8 insertions(+), 6 deletions(-) diff --git a/changes/ticket27995 b/changes/ticket27995 new file mode 100644 index 000000000..8c7542574 --- /dev/null +++ b/changes/ticket27995 @@ -0,0 +1,4 @@ + o Minor bugfixes (hidden service v3, client authorization): + - Fix an assert() when adding a client authorization for the first time + and then sending a HUP signal to the service. Before that, tor would + stop abruptly. Fixes bug 27995; bugfix on 0.3.5.1-alpha. diff --git a/src/feature/hs/hs_service.c b/src/feature/hs/hs_service.c index 78654bfb2..aec2aa438 100644 --- a/src/feature/hs/hs_service.c +++ b/src/feature/hs/hs_service.c @@ -1924,12 +1924,10 @@ build_service_desc_keys(const hs_service_t *service, goto end; } - /* Random a descriptor cookie to be used as a part of a key to encrypt the - * descriptor, if the client auth is enabled. */ - if (service->config.is_client_auth_enabled) { - crypto_strongest_rand(desc->descriptor_cookie, - sizeof(desc->descriptor_cookie)); - } + /* Random descriptor cookie to be used as a part of a key to encrypt the + * descriptor, only if the client auth is enabled will it be used. */ + crypto_strongest_rand(desc->descriptor_cookie, + sizeof(desc->descriptor_cookie)); /* Success. */ ret = 0;

1 0

[tor/master] Merge branch 'tor-github/pr/415' into maint-0.3.5
by dgoulet＠torproject.org 30 Oct '18

30 Oct '18

commit 95559279e15393347c606eaaa323e0b6490782c2 Merge: 6c9d678ff 56f713b8a Author: David Goulet <dgoulet(a)torproject.org> Date: Tue Oct 30 11:36:36 2018 -0400 Merge branch 'tor-github/pr/415' into maint-0.3.5 changes/ticket27995 | 4 ++++ src/feature/hs/hs_service.c | 10 ++++------ 2 files changed, 8 insertions(+), 6 deletions(-)

1 0

[tor/master] Merge branch 'maint-0.3.5'
by dgoulet＠torproject.org 30 Oct '18

30 Oct '18

commit 124c43704c99a181001d471b8cb2071e66b42597 Merge: 1c5c3f353 95559279e Author: David Goulet <dgoulet(a)torproject.org> Date: Tue Oct 30 11:37:44 2018 -0400 Merge branch 'maint-0.3.5' changes/ticket27995 | 4 ++++ src/feature/hs/hs_service.c | 10 ++++------ 2 files changed, 8 insertions(+), 6 deletions(-)

1 0

[tor/release-0.3.5] Merge branch 'tor-github/pr/415' into maint-0.3.5
by dgoulet＠torproject.org 30 Oct '18

30 Oct '18

commit 95559279e15393347c606eaaa323e0b6490782c2 Merge: 6c9d678ff 56f713b8a Author: David Goulet <dgoulet(a)torproject.org> Date: Tue Oct 30 11:36:36 2018 -0400 Merge branch 'tor-github/pr/415' into maint-0.3.5 changes/ticket27995 | 4 ++++ src/feature/hs/hs_service.c | 10 ++++------ 2 files changed, 8 insertions(+), 6 deletions(-)

1 0

[tor/release-0.3.5] hs-v3: Always generate the descriptor cookie
by dgoulet＠torproject.org 30 Oct '18

30 Oct '18

commit 56f713b8a477b4203f3bfd8f3ad0952706dc9599 Author: David Goulet <dgoulet(a)torproject.org> Date: Thu Oct 18 11:44:26 2018 -0400 hs-v3: Always generate the descriptor cookie It won't be used if there are no authorized client configured. We do that so we can easily support the addition of a client with a HUP signal which allow us to avoid more complex code path to generate that cookie if we have at least one client auth and we had none before. Fixes #27995 Signed-off-by: David Goulet <dgoulet(a)torproject.org> --- changes/ticket27995 | 4 ++++ src/feature/hs/hs_service.c | 10 ++++------ 2 files changed, 8 insertions(+), 6 deletions(-) diff --git a/changes/ticket27995 b/changes/ticket27995 new file mode 100644 index 000000000..8c7542574 --- /dev/null +++ b/changes/ticket27995 @@ -0,0 +1,4 @@ + o Minor bugfixes (hidden service v3, client authorization): + - Fix an assert() when adding a client authorization for the first time + and then sending a HUP signal to the service. Before that, tor would + stop abruptly. Fixes bug 27995; bugfix on 0.3.5.1-alpha. diff --git a/src/feature/hs/hs_service.c b/src/feature/hs/hs_service.c index 78654bfb2..aec2aa438 100644 --- a/src/feature/hs/hs_service.c +++ b/src/feature/hs/hs_service.c @@ -1924,12 +1924,10 @@ build_service_desc_keys(const hs_service_t *service, goto end; } - /* Random a descriptor cookie to be used as a part of a key to encrypt the - * descriptor, if the client auth is enabled. */ - if (service->config.is_client_auth_enabled) { - crypto_strongest_rand(desc->descriptor_cookie, - sizeof(desc->descriptor_cookie)); - } + /* Random descriptor cookie to be used as a part of a key to encrypt the + * descriptor, only if the client auth is enabled will it be used. */ + crypto_strongest_rand(desc->descriptor_cookie, + sizeof(desc->descriptor_cookie)); /* Success. */ ret = 0;

1 0

[tor/maint-0.3.5] tweak manpage bits about v3 onion svc client auth
by dgoulet＠torproject.org 30 Oct '18

30 Oct '18

commit d023de945a7037bb4ec66f81aa83588d53184099 Author: Mike Tigas <mike.tigas(a)gmail.com> Date: Fri Oct 12 17:15:11 2018 -0400 tweak manpage bits about v3 onion svc client auth make a couple things more explicit, like not needing to set "HiddenServiceAuthorizeClient" & etc --- doc/tor.1.txt | 34 ++++++++++++++++++++++------------ 1 file changed, 22 insertions(+), 12 deletions(-) diff --git a/doc/tor.1.txt b/doc/tor.1.txt index 406372433..2d5237c84 100644 --- a/doc/tor.1.txt +++ b/doc/tor.1.txt @@ -1090,14 +1090,16 @@ The following options are useful only for clients (that is, if **HiddenServiceAuthorizeClient** option. [[ClientOnionAuthDir]] **ClientOnionAuthDir** __path__:: - Path to the directory containing the hidden service authorization file. The - files MUST have the suffix ".auth_private". Each file is for a single - onion address and their format is: + Path to the directory containing v3 hidden service authorization files. + Each file is for a single onion address, and the files MUST have the suffix + ".auth_private" (i.e. "bob_onion.auth_private"). The content format MUST be: + <onion-address>:descriptor:x25519:<base32-encoded-privkey> + - The <onion-address> MUST NOT have the ".onion" suffix. See the - rend-spec-v3.txt Appendix G for more information. + The <onion-address> MUST NOT have the ".onion" suffix. The + <base32-encoded-privkey> is the base32 representation of the raw key bytes + only (32 bytes for x25519). See Appendix G in the rend-spec-v3.txt file of + https://spec.torproject.org/[torspec] for more information. [[LongLivedPorts]] **LongLivedPorts** __PORTS__:: A list of ports for services that tend to have long-running connections @@ -2839,7 +2841,8 @@ The following options are used to configure a hidden service. clients without authorization any more. Generated authorization data can be found in the hostname file. Clients need to put this authorization data in their configuration file using **HidServAuth**. This option is only for v2 - services. + services; v3 services configure client authentication in a subdirectory of + HiddenServiceDir instead (see the **Client Authorization** section). [[HiddenServiceAllowUnknownPorts]] **HiddenServiceAllowUnknownPorts** **0**|**1**:: If set to 1, then connections to unrecognized ports do not cause the @@ -2941,19 +2944,26 @@ Client Authorization (Version 3 only) To configure client authorization on the service side, the -"<HiddenServiceDir>/authorized_clients/" needs to exists. Each file in that -directory should be suffixed with ".auth" (the file name is irrelevant) and -its content format MUST be: +"<HiddenServiceDir>/authorized_clients/" directory needs to exist. Each file +in that directory should be suffixed with ".auth" (i.e. "alice.auth"; the +file name is irrelevant) and its content format MUST be: <auth-type>:<key-type>:<base32-encoded-public-key> The supported <auth-type> are: "descriptor". The supported <key-type> are: -"x25519". Each file MUST contain one line only. Any malformed file will be -ignored. +"x25519". The <base32-encoded-privkey> is the base32 representation of the raw +key bytes only (32 bytes for x25519). + +Each file MUST contain one line only. Any malformed file will be +ignored. Client authorization will only be enabled for the service if tor +successfully loads at least one authorization file. Note that once you've configured client authorization, anyone else with the address won't be able to access it from this point on. If no authorization is -configured, the service will be accessible to all. +configured, the service will be accessible to anyone with the onion address. + +See the Appendix G in the rend-spec-v3.txt file of +https://spec.torproject.org/[torspec] for more information. TESTING NETWORK OPTIONS -----------------------

1 0