March 2018 - tor-commits - lists.torproject.org

[tor/master] hs: Fix two typos in an inline comment.
by nickm＠torproject.org 23 Mar '18

23 Mar '18

commit fae525478370bb4834ac28fe06464a285b3d4a30 Author: Isis Lovecruft <isis(a)torproject.org> Date: Thu Mar 22 22:33:34 2018 +0000 hs: Fix two typos in an inline comment. * FIXES #25602: https://bugs.torproject.org/25602 --- src/or/hs_cell.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/or/hs_cell.c b/src/or/hs_cell.c index 5244cfa3d..ad92521d3 100644 --- a/src/or/hs_cell.c +++ b/src/or/hs_cell.c @@ -369,7 +369,7 @@ introduce1_encrypt_and_encode(trn_cell_introduce1_t *cell, crypto_cipher_free(cipher); offset += encoded_enc_cell_len; /* Compute MAC from the above and put it in the buffer. This function will - * make the adjustment to the encryptled_len to ommit the MAC length. */ + * make the adjustment to the encrypted_len to omit the MAC length. */ compute_introduce_mac(encoded_cell, encoded_cell_len, encrypted, encrypted_len, keys.mac_key, sizeof(keys.mac_key),

1 0

[translation/tor-launcher-properties_completed] Update translations for tor-launcher-properties_completed
by translation＠torproject.org 23 Mar '18

23 Mar '18

commit 38e26e205abbb72c891c9e7dc7026df6135543fd Author: Translation commit bot <translation(a)torproject.org> Date: Fri Mar 23 11:16:38 2018 +0000 Update translations for tor-launcher-properties_completed --- ru/torlauncher.properties | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/ru/torlauncher.properties b/ru/torlauncher.properties index 39defe18b..3ff6b62ee 100644 --- a/ru/torlauncher.properties +++ b/ru/torlauncher.properties @@ -26,11 +26,21 @@ torlauncher.error_proxy_addr_missing=Вы должны указать IP-адр torlauncher.error_proxy_type_missing=Необходимо выбрать тип прокси. torlauncher.error_bridges_missing=Необходимо указать один или несколько мостов. torlauncher.error_default_bridges_type_missing=Вы должны выбрать тип транспорта предопределенных мостов. +torlauncher.error_bridgedb_bridges_missing=Пожалуйста, запросите мост. torlauncher.error_bridge_bad_default_type=Предопределенные мосты не поддерживают тип транспорта %S. Пожалуйста, исправьте ваши настройки. torlauncher.bridge_suffix.meek-amazon=(работает в Китае) torlauncher.bridge_suffix.meek-azure=(работает в Китае) +torlauncher.request_a_bridge=Запрос моста… +torlauncher.request_a_new_bridge=Запрос нового моста… +torlauncher.contacting_bridgedb=Обращение к BridgeDB. Пожалуйста, подождите. +torlauncher.captcha_prompt=Решите CAPTCHA для запроса моста. +torlauncher.bad_captcha_solution=Решение не является правильным. Попробуйте ещё раз. +torlauncher.unable_to_get_bridge=Не удалось получить мост из BridgeDB.\n\n%S +torlauncher.no_meek=Этот браузер не настроен должным образом, что необходимо для получения мостов. +torlauncher.no_bridges_available=В настоящее время мостов не имеется. Извините. + torlauncher.connect=Соединиться torlauncher.restart_tor=Перезапустить Tor torlauncher.quit=Выйти @@ -62,3 +72,7 @@ torlauncher.bootstrapWarning.timeout=тайм-аут соединения torlauncher.bootstrapWarning.noroute=не указан путь к хосту torlauncher.bootstrapWarning.ioerror=ошибка чтения / записи torlauncher.bootstrapWarning.pt_missing=отсутствует подключаемый транспорт + +torlauncher.nsresult.NS_ERROR_NET_RESET=Соединение с сервером было потеряно. +torlauncher.nsresult.NS_ERROR_CONNECTION_REFUSED=Не удалось подключиться к серверу. +torlauncher.nsresult.NS_ERROR_PROXY_CONNECTION_REFUSED=Не удалось подключиться к прокси.

1 0

[translation/tor-launcher-properties] Update translations for tor-launcher-properties
by translation＠torproject.org 23 Mar '18

23 Mar '18

commit e7b25a81406f09f7c223c1242fee0767228bb6c1 Author: Translation commit bot <translation(a)torproject.org> Date: Fri Mar 23 11:16:33 2018 +0000 Update translations for tor-launcher-properties --- ru/torlauncher.properties | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/ru/torlauncher.properties b/ru/torlauncher.properties index 57c53610b..3ff6b62ee 100644 --- a/ru/torlauncher.properties +++ b/ru/torlauncher.properties @@ -26,20 +26,20 @@ torlauncher.error_proxy_addr_missing=Вы должны указать IP-адр torlauncher.error_proxy_type_missing=Необходимо выбрать тип прокси. torlauncher.error_bridges_missing=Необходимо указать один или несколько мостов. torlauncher.error_default_bridges_type_missing=Вы должны выбрать тип транспорта предопределенных мостов. -torlauncher.error_bridgedb_bridges_missing=Please request a bridge. +torlauncher.error_bridgedb_bridges_missing=Пожалуйста, запросите мост. torlauncher.error_bridge_bad_default_type=Предопределенные мосты не поддерживают тип транспорта %S. Пожалуйста, исправьте ваши настройки. torlauncher.bridge_suffix.meek-amazon=(работает в Китае) torlauncher.bridge_suffix.meek-azure=(работает в Китае) -torlauncher.request_a_bridge=Request a Bridge… -torlauncher.request_a_new_bridge=Request a New Bridge… -torlauncher.contacting_bridgedb=Contacting BridgeDB. Please wait. -torlauncher.captcha_prompt=Solve the CAPTCHA to request a bridge. -torlauncher.bad_captcha_solution=The solution is not correct. Please try again. -torlauncher.unable_to_get_bridge=Unable to obtain a bridge from BridgeDB.\n\n%S -torlauncher.no_meek=This browser is not configured for meek, which is needed to obtain bridges. -torlauncher.no_bridges_available=No bridges are available at this time. Sorry. +torlauncher.request_a_bridge=Запрос моста… +torlauncher.request_a_new_bridge=Запрос нового моста… +torlauncher.contacting_bridgedb=Обращение к BridgeDB. Пожалуйста, подождите. +torlauncher.captcha_prompt=Решите CAPTCHA для запроса моста. +torlauncher.bad_captcha_solution=Решение не является правильным. Попробуйте ещё раз. +torlauncher.unable_to_get_bridge=Не удалось получить мост из BridgeDB.\n\n%S +torlauncher.no_meek=Этот браузер не настроен должным образом, что необходимо для получения мостов. +torlauncher.no_bridges_available=В настоящее время мостов не имеется. Извините. torlauncher.connect=Соединиться torlauncher.restart_tor=Перезапустить Tor @@ -73,6 +73,6 @@ torlauncher.bootstrapWarning.noroute=не указан путь к хосту torlauncher.bootstrapWarning.ioerror=ошибка чтения / записи torlauncher.bootstrapWarning.pt_missing=отсутствует подключаемый транспорт -torlauncher.nsresult.NS_ERROR_NET_RESET=The connection to the server was lost. -torlauncher.nsresult.NS_ERROR_CONNECTION_REFUSED=Could not connect to the server. -torlauncher.nsresult.NS_ERROR_PROXY_CONNECTION_REFUSED=Could not connect to the proxy. +torlauncher.nsresult.NS_ERROR_NET_RESET=Соединение с сервером было потеряно. +torlauncher.nsresult.NS_ERROR_CONNECTION_REFUSED=Не удалось подключиться к серверу. +torlauncher.nsresult.NS_ERROR_PROXY_CONNECTION_REFUSED=Не удалось подключиться к прокси.

1 0

[tor-browser-build/master] Bug 25585: fetch dependencies using https instead of http when possible
by gk＠torproject.org 23 Mar '18

23 Mar '18

commit cd059a825f61d6ae514cfe823b3075819485f704 Author: Nicolas Vigier <boklm(a)torproject.org> Date: Thu Mar 22 11:54:44 2018 +0100 Bug 25585: fetch dependencies using https instead of http when possible --- projects/fonts/config | 2 +- projects/llvm/config | 12 ++++-------- projects/mingw-w64/config | 2 +- projects/nsis/config | 2 +- projects/winpython/config | 2 +- 5 files changed, 8 insertions(+), 12 deletions(-) diff --git a/projects/fonts/config b/projects/fonts/config index e939ad1..1547403 100644 --- a/projects/fonts/config +++ b/projects/fonts/config @@ -102,6 +102,6 @@ input_files: - URL: https://github.com/googlei18n/noto-cjk/raw/f36eda03dfa5582a6d49abbfb5c83d02… sha256sum: e6b82f7d3dab605c428161124ceb5e169cde93de632d800297b167cdd88e7baa enable: '[% c("var/linux") %]' - - URL: http://downloads.sourceforge.net/stixfonts/STIXv1.1.1-latex.zip + - URL: https://downloads.sourceforge.net/stixfonts/STIXv1.1.1-latex.zip sha256sum: e3b0f712e2644438eee2d0dcd2b10b2d54f1b972039de95b2f8e800bae1adbd8 enable: '[% c("var/linux") || c("var/osx") %]' diff --git a/projects/llvm/config b/projects/llvm/config index f0a803b..daa779d 100644 --- a/projects/llvm/config +++ b/projects/llvm/config @@ -10,26 +10,22 @@ input_files: - project: container-image - project: cmake name: cmake - - URL: 'http://releases.llvm.org/[% c("version") %]/llvm-[% c("version") %].src.tar.xz' - # no proper HTTPS + - URL: 'https://releases.llvm.org/[% c("version") %]/llvm-[% c("version") %].src.tar.xz' name: llvm sig_ext: sig file_gpg_id: 1 gpg_keyring: llvm.gpg - - URL: 'http://releases.llvm.org/[% c("version") %]/cfe-[% c("version") %].src.tar.xz' - # no proper HTTPS + - URL: 'https://releases.llvm.org/[% c("version") %]/cfe-[% c("version") %].src.tar.xz' name: cfe sig_ext: sig file_gpg_id: 1 gpg_keyring: llvm.gpg - - URL: 'http://releases.llvm.org/[% c("version") %]/libcxx-[% c("version") %].src.tar.xz' - # no proper HTTPS + - URL: 'https://releases.llvm.org/[% c("version") %]/libcxx-[% c("version") %].src.tar.xz' name: libcxx sig_ext: sig file_gpg_id: 1 gpg_keyring: llvm.gpg - - URL: 'http://releases.llvm.org/[% c("version") %]/libcxxabi-[% c("version") %].src.tar.xz' - # no proper HTTPS + - URL: 'https://releases.llvm.org/[% c("version") %]/libcxxabi-[% c("version") %].src.tar.xz' name: libcxxabi sig_ext: sig file_gpg_id: 1 diff --git a/projects/mingw-w64/config b/projects/mingw-w64/config index bb66167..73961e4 100644 --- a/projects/mingw-w64/config +++ b/projects/mingw-w64/config @@ -1,6 +1,6 @@ # vim: filetype=yaml sw=2 filename: '[% project %]-[% c("version") %]-[% c("var/build_id") %].tar.gz' -git_url: http://git.code.sf.net/p/mingw-w64/mingw-w64 +git_url: https://git.code.sf.net/p/mingw-w64/mingw-w64 git_hash: 1259532ff8f5a7ac625b2f28d499ee93a0c0841e version: '[% c("abbrev") %]' var: diff --git a/projects/nsis/config b/projects/nsis/config index 2812a22..7db7b60 100644 --- a/projects/nsis/config +++ b/projects/nsis/config @@ -15,7 +15,7 @@ var: input_files: - project: container-image - filename: 'nsis-[% c("version") %].tar.bz2' - URL: 'http://downloads.sourceforge.net/nsis/nsis-[% c("version") %]-src.tar.bz2' + URL: 'https://downloads.sourceforge.net/nsis/nsis-[% c("version") %]-src.tar.bz2' sha256sum: 43d4c9209847e35eb6e2c7cd5a7586e1445374c056c2c7899e40a080e17a1be7 - name: debian URL: 'http://http.debian.net/debian/pool/main/n/nsis/nsis_2.51-1.debian.tar.xz' diff --git a/projects/winpython/config b/projects/winpython/config index 9f884c0..124b3b6 100644 --- a/projects/winpython/config +++ b/projects/winpython/config @@ -47,7 +47,7 @@ input_files: gpg_keyring: winpython.gpg - URL: https://pypi.python.org/packages/source/s/setuptools/setuptools-1.4.tar.gz sha256sum: 75d288687066ed124311d6ca5f40ffa92a0e81adcd7fff318c6e84082713cf39 - - URL: http://downloads.sourceforge.net/py2exe/0.6.9/py2exe-0.6.9.win32-py2.7.exe + - URL: https://downloads.sourceforge.net/py2exe/0.6.9/py2exe-0.6.9.win32-py2.7.exe sha256sum: 610a8800de3d973ed5ed4ac505ab42ad058add18a68609ac09e6cf3598ef056c - name: '[% c("var/compiler") %]' project: '[% c("var/compiler") %]'

1 0

[sandboxed-tor-browser/master] fixup! Bug 25154: Fix a content process crash on JS heavy pages.
by yawning＠torproject.org 23 Mar '18

23 Mar '18

commit f1982a1f09a7d118f3964b40465c2eb812fd53d9 Author: Yawning Angel <yawning(a)schwanenlied.me> Date: Fri Mar 23 04:58:21 2018 +0000 fixup! Bug 25154: Fix a content process crash on JS heavy pages. --- src/tbb_stub/tbb_stub.c | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/src/tbb_stub/tbb_stub.c b/src/tbb_stub/tbb_stub.c index 7b57cbb..5cffde6 100644 --- a/src/tbb_stub/tbb_stub.c +++ b/src/tbb_stub/tbb_stub.c @@ -50,6 +50,7 @@ static void *(*real_dlopen)(const char *, int) = NULL; static int (*real_pthread_attr_getstack)(const pthread_attr_t *, void **, size_t *); static struct sockaddr_un socks_addr; static struct sockaddr_un control_addr; +static void *cached_environ; extern char **environ; #define SYSTEM_SOCKS_PORT 9050 @@ -282,16 +283,12 @@ pthread_attr_getstack(const pthread_attr_t *attr, void **stackaddr, size_t *stac * separate, so the result will be incorrect if more than a page * will be consumed, by up to 31 pages. */ - uintptr_t estimated_stackaddr = (uintptr_t)environ; + uintptr_t estimated_stackaddr = (uintptr_t)cached_environ; estimated_stackaddr &= ~(4096-1); estimated_stackaddr += 4096; estimated_stackaddr -= *stacksize; - /* And check to see if the derived value is sane. In the case of - * Firefox, it's total garbage and insanity for the main process, - * but correct for the content processes, which is where the crash - * will happen. - */ + /* And check to see if the derived value appears to be sane. */ uintptr_t p = (uintptr_t)&estimated_stackaddr; if (p > estimated_stackaddr && p < estimated_stackaddr+*stacksize) { *stackaddr = (void*)estimated_stackaddr; @@ -299,8 +296,8 @@ pthread_attr_getstack(const pthread_attr_t *attr, void **stackaddr, size_t *stac } #if 0 - fprintf(stderr, "tbb_stub: fallback stackaddr: %p\n", *stackaddr); - fprintf(stderr, "tbb_stub: fallback stacksize: %ld\n", *stacksize); + fprintf(stderr, "tbb_stub: Fallback stackaddr: %p\n", *stackaddr); + fprintf(stderr, "tbb_stub: Fallback stacksize: %ld\n", *stacksize); #endif return ret; @@ -363,6 +360,9 @@ stub_init(void) goto out; } + /* Save this since firefox at least will overwrite it. */ + cached_environ = environ; + return; out:

1 0

[sandboxed-tor-browser/master] fixup! dynlib: Search the system library path(s) as the last resort.
by yawning＠torproject.org 23 Mar '18

23 Mar '18

commit b5fdb8ecec423bd44fb93baa6974d092fc03d1ed Author: Yawning Angel <yawning(a)schwanenlied.me> Date: Fri Mar 23 02:55:27 2018 +0000 fixup! dynlib: Search the system library path(s) as the last resort. --- ChangeLog | 1 + 1 file changed, 1 insertion(+) diff --git a/ChangeLog b/ChangeLog index b7a8c94..204f13b 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,4 +1,5 @@ Changes in version 0.0.17 - UNRELEASED: + * dynlib: Search the system library path(s) as the last resort. Changes in version 0.0.16 - 2017-11-24: * Bug 24171: Create the `Caches` directory properly.

1 0

[sandboxed-tor-browser/master] Bug 25154: Fix a content process crash on JS heavy pages.
by yawning＠torproject.org 23 Mar '18

23 Mar '18

commit bec4340f2083dcc5779859cee26d6809f7def083 Author: Yawning Angel <yawning(a)schwanenlied.me> Date: Fri Mar 23 02:56:54 2018 +0000 Bug 25154: Fix a content process crash on JS heavy pages. This fixes ln5's test case. Couldn't reproduce arma's, but I'll admit I didn't try very hard since the other page was consistently crashing. --- ChangeLog | 1 + src/tbb_stub/tbb_stub.c | 30 +++++++++++++++++++++++++++--- 2 files changed, 28 insertions(+), 3 deletions(-) diff --git a/ChangeLog b/ChangeLog index 204f13b..c62066d 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,4 +1,5 @@ Changes in version 0.0.17 - UNRELEASED: + * Bug 25154: Fix a content process crash on JS heavy pages. * dynlib: Search the system library path(s) as the last resort. Changes in version 0.0.16 - 2017-11-24: diff --git a/src/tbb_stub/tbb_stub.c b/src/tbb_stub/tbb_stub.c index 01528fe..7b57cbb 100644 --- a/src/tbb_stub/tbb_stub.c +++ b/src/tbb_stub/tbb_stub.c @@ -42,6 +42,7 @@ #include <stdio.h> #include <stdlib.h> #include <unistd.h> +#include <inttypes.h> static int (*real_connect)(int, const struct sockaddr *, socklen_t) = NULL; static int (*real_socket)(int, int, int) = NULL; @@ -49,7 +50,7 @@ static void *(*real_dlopen)(const char *, int) = NULL; static int (*real_pthread_attr_getstack)(const pthread_attr_t *, void **, size_t *); static struct sockaddr_un socks_addr; static struct sockaddr_un control_addr; - +extern char **environ; #define SYSTEM_SOCKS_PORT 9050 #define SYSTEM_CONTROL_PORT 9051 @@ -234,7 +235,7 @@ pthread_attr_getstack(const pthread_attr_t *attr, void **stackaddr, size_t *stac #if 0 fprintf(stderr, "tbb_stub: pthread_attr_getstack(%p, %p, %p) = %d\n", attr, stackaddr, stacksize, ret); - fprintf(stderr, "tbb_stub: stackaddr: %p\n", stackaddr); + fprintf(stderr, "tbb_stub: stackaddr: %p\n", *stackaddr); fprintf(stderr, "tbb_stub: stacksize: %ld\n", *stacksize); #endif @@ -275,8 +276,31 @@ pthread_attr_getstack(const pthread_attr_t *attr, void **stackaddr, size_t *stac *stacksize = rl.rlim_cur; } + /* There is no easy way to derive this information, so do it the hard way. */ + if (*stackaddr == NULL) { + /* WARNING: The arguments/env vars live on the stack, and are not + * separate, so the result will be incorrect if more than a page + * will be consumed, by up to 31 pages. + */ + uintptr_t estimated_stackaddr = (uintptr_t)environ; + estimated_stackaddr &= ~(4096-1); + estimated_stackaddr += 4096; + estimated_stackaddr -= *stacksize; + + /* And check to see if the derived value is sane. In the case of + * Firefox, it's total garbage and insanity for the main process, + * but correct for the content processes, which is where the crash + * will happen. + */ + uintptr_t p = (uintptr_t)&estimated_stackaddr; + if (p > estimated_stackaddr && p < estimated_stackaddr+*stacksize) { + *stackaddr = (void*)estimated_stackaddr; + } + } + #if 0 - fprintf(stderr, "tbb_stub: Fallback stacksize: %ld\n", *stacksize); + fprintf(stderr, "tbb_stub: fallback stackaddr: %p\n", *stackaddr); + fprintf(stderr, "tbb_stub: fallback stacksize: %ld\n", *stacksize); #endif return ret;

1 0

[stem/master] Update manual cache
by atagar＠torproject.org 22 Mar '18

22 Mar '18

commit 40dc25f60a6d192b29d701d10c6f970bfbe4d4eb Author: Damian Johnson <atagar(a)torproject.org> Date: Thu Mar 22 12:55:28 2018 -0700 Update manual cache Recaching information from tor's manual. Ran into a couple interesting wrinkles while doing this... https://trac.torproject.org/projects/tor/ticket/25581 https://trac.torproject.org/projects/tor/ticket/25582 --- stem/cached_tor_manual.sqlite | Bin 227328 -> 238592 bytes stem/manual.py | 3 ++- stem/settings.cfg | 32 ++++++++++++++++++++++++-------- test/integ/control/controller.py | 18 +++++++++++------- test/integ/manual.py | 13 ++++++++----- 5 files changed, 45 insertions(+), 21 deletions(-) diff --git a/stem/cached_tor_manual.sqlite b/stem/cached_tor_manual.sqlite index 86050fe8..e8fe44cb 100644 Binary files a/stem/cached_tor_manual.sqlite and b/stem/cached_tor_manual.sqlite differ diff --git a/stem/manual.py b/stem/manual.py index 5e628ead..0bff9b68 100644 --- a/stem/manual.py +++ b/stem/manual.py @@ -79,7 +79,7 @@ try: except ImportError: import urllib2 as urllib -Category = stem.util.enum.Enum('GENERAL', 'CLIENT', 'RELAY', 'DIRECTORY', 'AUTHORITY', 'HIDDEN_SERVICE', 'TESTING', 'UNKNOWN') +Category = stem.util.enum.Enum('GENERAL', 'CLIENT', 'RELAY', 'DIRECTORY', 'AUTHORITY', 'HIDDEN_SERVICE', 'DENIAL_OF_SERVICE', 'TESTING', 'UNKNOWN') GITWEB_MANUAL_URL = 'https://gitweb.torproject.org/tor.git/plain/doc/tor.1.txt' CACHE_PATH = os.path.join(os.path.dirname(__file__), 'cached_tor_manual.sqlite') DATABASE = None # cache database connections @@ -104,6 +104,7 @@ CATEGORY_SECTIONS = OrderedDict(( ('DIRECTORY SERVER OPTIONS', Category.DIRECTORY), ('DIRECTORY AUTHORITY SERVER OPTIONS', Category.AUTHORITY), ('HIDDEN SERVICE OPTIONS', Category.HIDDEN_SERVICE), + ('DENIAL OF SERVICE MITIGATION OPTIONS', Category.DENIAL_OF_SERVICE), ('TESTING NETWORK OPTIONS', Category.TESTING), )) diff --git a/stem/settings.cfg b/stem/settings.cfg index 59d6650b..5ce1cfa0 100644 --- a/stem/settings.cfg +++ b/stem/settings.cfg @@ -73,6 +73,8 @@ manual.summary.ControlPortWriteToFile Path for a file tor writes containing its manual.summary.ControlPortFileGroupReadable Group read permissions for the control port file manual.summary.DataDirectory Location for storing runtime data (state, keys, etc) manual.summary.DataDirectoryGroupReadable Group read permissions for the data directory +manual.summary.CacheDirectory Directory where information is cached +manual.summary.CacheDirectoryGroupReadable Group read permissions for the cache directory manual.summary.FallbackDir Fallback when unable to retrieve descriptor information manual.summary.UseDefaultFallbackDirs Use hard-coded fallback directory authorities when needed manual.summary.DirAuthority Alternative directory authorities @@ -95,7 +97,7 @@ manual.summary.Socks4Proxy SOCKS 4 proxy for connecting to tor manual.summary.Socks5Proxy SOCKS 5 for connecting to tor manual.summary.Socks5ProxyUsername Username for connecting to the Socks5Proxy manual.summary.Socks5ProxyPassword Password for connecting to the Socks5Proxy -manual.summary.SocksSocketsGroupWritable Group write permissions for the socks socket +manual.summary.UnixSocksGroupWritable Group write permissions for the socks socket manual.summary.KeepalivePeriod Rate at which to send keepalive packets manual.summary.Log Runlevels and location for tor logging manual.summary.LogMessageDomains Includes a domain when logging messages @@ -109,6 +111,7 @@ manual.summary.RunAsDaemon Toggles if tor runs as a daemon process manual.summary.LogTimeGranularity limits granularity of log message timestamps manual.summary.TruncateLogFile Overwrites log file rather than appending when restarted manual.summary.SyslogIdentityTag Tag logs appended to the syslog as being from tor +manual.summary.AndroidIdentityTag Tag when logging to android subsystem manual.summary.SafeLogging Toggles if logs are scrubbed of sensitive information manual.summary.User UID for the process when started manual.summary.KeepBindCapabilities Retain permission for binding to low valued ports @@ -179,6 +182,7 @@ manual.summary.NATDPort Port for forwarding ipfw NATD connections manual.summary.AutomapHostsOnResolve Map addresses ending with special suffixes to virtual addresses manual.summary.AutomapHostsSuffixes Address suffixes recognized by AutomapHostsOnResolve manual.summary.DNSPort Port from which DNS responses are fetched instead of tor +manual.summary.ClientDNSRejectInternalAddresses Disregards anonymous DNS responses for internal addresses manual.summary.ClientRejectInternalAddresses Disables use of Tor for internal connections manual.summary.DownloadExtraInfo Toggles fetching of extra information about relays manual.summary.WarnPlaintextPorts Toggles warnings for using risky ports @@ -186,6 +190,8 @@ manual.summary.RejectPlaintextPorts Prevents connections on risky ports manual.summary.OptimisticData Use exits without confirmation that prior connections succeeded manual.summary.Tor2webMode Establish non-anonymous hidden service connections manual.summary.Tor2webRendezvousPoints Rendezvous points to use for hidden services when in Tor2webMode +manual.summary._HSLayer2Nodes # TODO: https://trac.torproject.org/projects/tor/ticket/25581 +manual.summary._HSLayer3Nodes # TODO: https://trac.torproject.org/projects/tor/ticket/25581 manual.summary.UseMicrodescriptors Retrieve microdescriptors rather than server descriptors manual.summary.PathBiasCircThreshold Number of circuits through a guard before applying bias checks manual.summary.PathBiasNoticeRate Fraction of circuits that must succeed before logging a notice @@ -205,8 +211,6 @@ manual.summary.PathsNeededToBuildCircuits Portion of relays to require informati manual.summary.ClientBootstrapConsensusAuthorityDownloadSchedule Schedule when bootstrapping for when to download resources from authorities manual.summary.ClientBootstrapConsensusFallbackDownloadSchedule Schedule when bootstrapping for when to download resources from fallback authorities manual.summary.ClientBootstrapConsensusAuthorityOnlyDownloadSchedule Schedule when bootstrapping for when to download resources from authorities when fallbacks unavailable -manual.summary.ClientBootstrapConsensusMaxDownloadTries Number of times to attempt downloading consensus -manual.summary.ClientBootstrapConsensusAuthorityOnlyMaxDownloadTries Number of times to attempt downloading consensus from authorities manual.summary.ClientBootstrapConsensusMaxInProgressTries Number of consensus download requests to allow in-flight at once # Server Config Options @@ -218,6 +222,7 @@ manual.summary.BridgeDistribution Distribution method BrideDB should provide our manual.summary.ContactInfo Contact information for this relay manual.summary.ExitRelay Allow relaying of exit traffic manual.summary.ExitPolicy Traffic destinations that can exit from this relay +manual.summary.ExitPolicyDefault # TODO: https://trac.torproject.org/projects/tor/ticket/25582 manual.summary.ExitPolicyRejectPrivate Prevent exiting on the local network manual.summary.ExitPolicyRejectLocalInterfaces More extensive prevention of exiting on the local network manual.summary.ReducedExitPolicy Customized reduced exit policy @@ -233,6 +238,7 @@ manual.summary.PublishServerDescriptor Types of descriptors published manual.summary.ShutdownWaitLength Delay before quitting after receiving a SIGINT signal manual.summary.SSLKeyLifetime Lifetime for our link certificate manual.summary.HeartbeatPeriod Rate at which an INFO level heartbeat message is sent +manual.summary.MainloopStats Include development information from the main loop with heartbeats manual.summary.AccountingMax Amount of traffic before hibernating manual.summary.AccountingRule Method to determine when the accounting limit is reached manual.summary.AccountingStart Duration of an accounting period @@ -260,6 +266,8 @@ manual.summary.MaxMemInQueues Threshold at which tor will terminate circuits to manual.summary.DisableOOSCheck Don't close connections when running out of sockets manual.summary.SigningKeyLifetime Duration the Ed25519 signing key is valid for manual.summary.OfflineMasterKey Don't generate the master secret key +manual.summary.KeyDirectory Directory where secret keys reside +manual.summary.KeyDirectoryGroupReadable Group read permissions for the secret key directory # Directory Server Options @@ -322,6 +330,19 @@ manual.summary.HiddenServiceNumIntroductionPoints Number of introduction points manual.summary.HiddenServiceSingleHopMode Allow non-anonymous single hop hidden services manual.summary.HiddenServiceNonAnonymousMode Enables HiddenServiceSingleHopMode to be set +# DoS Mitigation Options + +manual.summary.DoSCircuitCreationEnabled Enables circuit creation DoS mitigation +manual.summary.DoSCircuitCreationMinConnections Connection rate when clients are a suspected DoS +manual.summary.DoSCircuitCreationRate Acceptable rate for circuit creation +manual.summary.DoSCircuitCreationBurst Accept burst of circuit creation up to this rate +manual.summary.DoSCircuitCreationDefenseType Method for mitigating circuit creation DoS +manual.summary.DoSCircuitCreationDefenseTimePeriod Duration of DoS mitigation +manual.summary.DoSConnectionEnabled Enables connection DoS mitigation +manual.summary.DoSConnectionMaxConcurrentCount Acceptable number of connections +manual.summary.DoSConnectionDefenseType Method for mitigating connection DoS +manual.summary.DoSRefuseSingleHopClientRendezvous Prevent establishment of single hop rendezvous points + # Testing Network Options manual.summary.TestingTorNetwork Overrides other options to be a testing network @@ -340,10 +361,6 @@ manual.summary.TestingBridgeDownloadSchedule Schedule for when we should downloa manual.summary.TestingBridgeBootstrapDownloadSchedule Schedule for downloading bridge descriptors when started manual.summary.TestingClientMaxIntervalWithoutRequest Maximum time to wait to batch requests for missing descriptors manual.summary.TestingDirConnectionMaxStall Duration to let directory connections stall before timing out -manual.summary.TestingConsensusMaxDownloadTries Retries for downloading the consensus -manual.summary.TestingDescriptorMaxDownloadTries Retries for downloading server descriptors -manual.summary.TestingMicrodescMaxDownloadTries Retries for downloading microdescriptors -manual.summary.TestingCertMaxDownloadTries Retries for downloading authority certificates manual.summary.TestingDirAuthVoteExit Relays to give the Exit flag to manual.summary.TestingDirAuthVoteExitIsStrict Only grant the Exit flag to relays listed by TestingDirAuthVoteExit manual.summary.TestingDirAuthVoteGuard Relays to give the Guard flag to @@ -359,7 +376,6 @@ manual.summary.TestingAuthKeyLifetime Duration for our ed25519 signing key manual.summary.TestingLinkKeySlop Time before expiration that we replace our ed25519 link key manual.summary.TestingAuthKeySlop Time before expiration that we replace our ed25519 authentication key manual.summary.TestingSigningKeySlop Time before expiration that we replace our ed25519 signing key -manual.summary.TestingClientDNSRejectInternalAddresses Skips DNS resolutions of internal addresses # Brief description of tor events diff --git a/test/integ/control/controller.py b/test/integ/control/controller.py index 87d6e970..8042e858 100644 --- a/test/integ/control/controller.py +++ b/test/integ/control/controller.py @@ -1395,16 +1395,20 @@ class TestController(unittest.TestCase): """ with test.runner.get_runner().get_tor_controller() as controller: - self.assertEqual(None, controller.get_conf('OrPort')) + try: + controller.reset_conf('OrPort', 'DisableNetwork') + self.assertEqual(None, controller.get_conf('OrPort')) - # DisableNetwork ensures no port is actually opened - controller.set_options({'OrPort': '9090', 'DisableNetwork': '1'}) + # DisableNetwork ensures no port is actually opened + controller.set_options({'OrPort': '9090', 'DisableNetwork': '1'}) - # TODO once tor 0.2.7.x exists, test that we can generate a descriptor on demand. + # TODO once tor 0.2.7.x exists, test that we can generate a descriptor on demand. - self.assertEqual('9090', controller.get_conf('OrPort')) - controller.reset_conf('OrPort', 'DisableNetwork') - self.assertEqual(None, controller.get_conf('OrPort')) + self.assertEqual('9090', controller.get_conf('OrPort')) + controller.reset_conf('OrPort', 'DisableNetwork') + self.assertEqual(None, controller.get_conf('OrPort')) + finally: + controller.set_conf('OrPort', test.runner.ORPORT) def _get_router_status_entry(self, controller): """ diff --git a/test/integ/manual.py b/test/integ/manual.py index 1eb4fb76..b08179db 100644 --- a/test/integ/manual.py +++ b/test/integ/manual.py @@ -27,6 +27,7 @@ EXPECTED_CATEGORIES = set([ 'DIRECTORY SERVER OPTIONS', 'DIRECTORY AUTHORITY SERVER OPTIONS', 'HIDDEN SERVICE OPTIONS', + 'DENIAL OF SERVICE MITIGATION OPTIONS', 'TESTING NETWORK OPTIONS', 'NON-PERSISTENT OPTIONS', 'SIGNALS', @@ -66,7 +67,11 @@ Private addresses are rejected by default (at the beginning of your exit policy) This directive can be specified multiple times so you don't have to put it all on one line. -Policies are considered first to last, and the first match wins. If you want to allow the same ports on IPv4 and IPv6, write your rules using accept/reject *. If you want to allow different ports on IPv4 and IPv6, write your IPv6 rules using accept6/reject6 *6, and your IPv4 rules using accept/reject *4. If you want to _replace_ the default exit policy, end your exit policy with either a reject *:* or an accept *:*. Otherwise, you're _augmenting_ (prepending to) the default exit policy. The default exit policy is: +Policies are considered first to last, and the first match wins. If you want to allow the same ports on IPv4 and IPv6, write your rules using accept/reject *. If you want to allow different ports on IPv4 and IPv6, write your IPv6 rules using accept6/reject6 *6, and your IPv4 rules using accept/reject *4. If you want to _replace_ the default exit policy, end your exit policy with either a reject *:* or an accept *:*. Otherwise, you're _augmenting_ (prepending to) the default exit policy. + +If you want to use a reduced exit policy rather than the default exit policy, set "ReducedExitPolicy 1". If you want to replace the default exit policy with your custom exit policy, end your exit policy with either a reject : or an accept :. Otherwise, you're augmenting (prepending to) the default or reduced exit policy. + +The default exit policy is: reject *:25 reject *:119 @@ -79,8 +84,6 @@ Policies are considered first to last, and the first match wins. If you want to reject *:6699 reject *:6881-6999 accept *:* - -Since the default exit policy uses accept/reject *, it applies to both IPv4 and IPv6 addresses. """.strip() @@ -203,7 +206,7 @@ class TestManual(unittest.TestCase): assert_equal('signals', EXPECTED_SIGNALS, set(manual.signals.keys())) assert_equal('sighup description', 'Tor will catch this, clean up and sync to disk if necessary, and exit.', manual.signals['SIGTERM']) - assert_equal('number of files', 50, len(manual.files)) + assert_equal('number of files', 48, len(manual.files)) assert_equal('lib path description', 'The tor process stores keys and other data here.', manual.files['@LOCALSTATEDIR@/lib/tor/']) for category in Category: @@ -213,7 +216,7 @@ class TestManual(unittest.TestCase): unknown_options = [entry for entry in manual.config_options.values() if entry.category == Category.UNKNOWN] if unknown_options: - self.fail("We don't recognize the category for the %s options. Maybe a new man page section? If so then please update the Category enum in stem/manual.py." % ', '.join(unknown_options)) + self.fail("We don't recognize the category for the %s options. Maybe a new man page section? If so then please update the Category enum in stem/manual.py." % ', '.join([option.name for option in unknown_options])) option = manual.config_options['BandwidthRate'] self.assertEqual(Category.GENERAL, option.category)

1 0

[snowflake/master] Add a 5s delay between polls in proxy-go.
by dcf＠torproject.org 22 Mar '18

22 Mar '18

commit 07291a0136b8a01bd8761a14a51876f08ca0d578 Author: David Fifield <david(a)bamsoftware.com> Date: Wed Mar 21 22:52:30 2018 -0700 Add a 5s delay between polls in proxy-go. https://bugs.torproject.org/25344 5s matches DEFAULT_BROKER_POLL_INTERVAL in the JavaScript proxy. This is set up so as long as the actual HTTPS requests take less time than pollInterval, there will a steady one poll per pollInterval. If the HTTPS requests take longer than that, there will be no delay between polls. --- proxy-go/snowflake.go | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/proxy-go/snowflake.go b/proxy-go/snowflake.go index 5a5925e..7bb435c 100644 --- a/proxy-go/snowflake.go +++ b/proxy-go/snowflake.go @@ -25,6 +25,7 @@ import ( const defaultBrokerURL = "https://snowflake-reg.appspot.com/" const defaultRelayURL = "wss://snowflake.bamsoftware.com/" const defaultSTUNURL = "stun:stun.l.google.com:19302" +const pollInterval = 5 * time.Second var brokerURL *url.URL var relayURL string @@ -133,7 +134,19 @@ func genSessionID() string { func pollOffer(sid string) *webrtc.SessionDescription { broker := brokerURL.ResolveReference(&url.URL{Path: "proxy"}) + timeOfNextPoll := time.Now() for { + // Sleep until we're scheduled to poll again. + now := time.Now() + time.Sleep(timeOfNextPoll.Sub(now)) + // Compute the next time to poll -- if it's in the past, that + // means that the POST took longer than pollInterval, so we're + // allowed to do another one immediately. + timeOfNextPoll = timeOfNextPoll.Add(pollInterval) + if timeOfNextPoll.Before(now) { + timeOfNextPoll = now + } + req, _ := http.NewRequest("POST", broker.String(), bytes.NewBuffer([]byte(sid))) req.Header.Set("X-Session-ID", sid) resp, err := client.Do(req)

1 0

[translation/mat-gui_completed] Update translations for mat-gui_completed
by translation＠torproject.org 22 Mar '18

22 Mar '18

commit 5c64a08bb053d90c8388e019b69df3f863f7cc27 Author: Translation commit bot <translation(a)torproject.org> Date: Thu Mar 22 17:46:14 2018 +0000 Update translations for mat-gui_completed --- sv.po | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/sv.po b/sv.po index 31a0b118c..809169225 100644 --- a/sv.po +++ b/sv.po @@ -15,8 +15,8 @@ msgstr "" "Project-Id-Version: The Tor Project\n" "Report-Msgid-Bugs-To: \n" "POT-Creation-Date: 2016-02-10 23:06+0100\n" -"PO-Revision-Date: 2018-02-20 18:56+0000\n" -"Last-Translator: Martin Coborn <inactive+martincoborn(a)transifex.com>\n" +"PO-Revision-Date: 2018-03-22 17:28+0000\n" +"Last-Translator: Jacob Andersson <jacob.c.andersson(a)protonmail.com>\n" "Language-Team: Swedish (http://www.transifex.com/otf/torproject/language/sv/)\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n"

1 0