[tor-dev] BridgeDB 0.3.3 is released

isis isis at torproject.org
Tue Dec 1 02:48:35 UTC 2015


I released BridgeDB 0.3.3 a few weeks ago, and deployed it on the production
server.  However, I completely forgot to email the list to notify you all of
the changes.  Oops, sorry!

For those who are curious, BridgeDB-0.3.3 brought about the following changes
(and, as always, the current changelog is available at

Changes in version 0.3.3 - 2015-10-25

        * FIXES #12029 https://bugs.torproject.org/12029
        BridgeDB now has an API for creating Bridge Distributors.
        See the bridgedb.distribute module, or its developer documentation
        at https://pythonhosted.org/bridgedb/bridgedb.distribute.html.

        * FIXES PART OF #12506  https://bugs.torproject.org/12506
        BridgeDB's two Distributors (HTTPS and Email) are now entirely
        modularised and self-contained within separate subdirectories in
        the source code.  This is the first step to redesigning these
        Distributors into their own separate processes, which will allow
        the Distributors to remain functional while BridgeDB is reparsing
        bridge descriptors.

        * FIXES #15968 https://bugs.torproject.org/15968
        BridgeDB now sends a Content-Security-Policy header which
        explicitly allows Javascript, images, CSS, and fonts, from
        https://bridges.torproject.org.  All other types of content are
        forbidden, including:
          - embedding https://bridges.torproject.org within
            <iframe>, <embed>, or <object>, and attempting to source
            additional resources into its embedded context
          - inline Javascript, including Javascript within SVG files
          - inline CSS
          - externally hosted fonts
          - inline SVG, e.g. via the HTML5 <svg> tag
          - any and all connections made via Javascript XMLHttpRequests,
            WebSockets, sendBeacon(), and Web Workers
          - plugins
          - applets
        BridgeDB's Content-Security-Policy does not yet make use of
        certain newer, lesser supported, Content-Security-Policy v2.0
        directives, such as "reflected-xss" and "frame-ancestors", but may

        * FIXES #16273 https://bugs.torproject.org/16273
        Several links to Tor Project gitweb URLs within the developer
        documentation were outdated in that they still used the old gitweb
        URL format.  These are now updated.
        Thanks to David Fifield for the bug report and patches.

        * FIXES #16330 https://bugs.torproject.org/16330
        BridgeDB can now handle bridge-server-descriptors with
        extra-info-digest fields which have two values, as well as both
        bridge-server-descriptors and bridge-extrainfo descriptors which
        contain Ed25519 key material and signatures.  See Tor proposals
        #220 and #228 for more information on the changes to these
        descriptors.  Note that BridgeDB can now parse this information,
        but does not yet make use of any Ed25519 cryptographic material
        within bridge descriptors.
        Thanks to Atagar for patching Stem.

        * FIXES #16616 https://bugs.torproject.org/16616
        The HSDir flag can now be included within bridge-networkstatus
        documents.  BridgeDB now has unittests which guarantee that its
        parsers safely ignore this flag, as well as any flags unknown to
        BridgeDB which may appear in the future.
        Thanks to Roger Dingledine for alerting me about the change.

        * FIXES #16649 https://bugs.torproject.org/16649
        Mobile users, and other users with small screen pixel ratios, will
        find that the UI of BridgeDB's HTTPS Distributor has greatly
        increased in usability and readability.

And includes the following general changes:

        * FIXES an error when requesting the non-HTML version of the
        bridges page (e.g. https://bridges.torproject.org/bridges?format=plain)

        * REMOVES the `bridgedb test` commandline option.
        BridgeDB's tests can be run via `python setup.py test` or `make
        test` (or `make coverage` for generating HTML test coverage

        * CHANGES the HTTPS Distributor to HTML-encode Bridge Lines.
        Previously, a malicious Pluggable Transport Bridge could include
        in its PT arguments something like "evil=<script>[…]</script>" and
        if such a Bridge were to be distributed to a user, that user's web
        browser would execute the script (if Javacript was enabled).
        Other characters, including non-ASCII, control characters, double
        quotes, and backslashes, are also sanitised from Bridge Lines.
        Thanks to Robert Ransom for the patches.

        * CHANGES BridgeDB's module/package version numbers to be
        compliant with PEP440.

        * CHANGES the layout of BridgeDB's source code directories.
        Rather than storing BridgeDB's source in "lib/bridgedb/", it is
        now kept in "bridgedb/".  Similarly, the directory containing
        BridgeDB's tests has been moved from "lib/bridgedb/test/" to
        "test/", which means that the tests are no longer installed when
        running `python setup.py install` or `make install`.

        * ADDS several improvements to the developer documentation at

        * UPDATE English (en_US) translations.

        * UPDATE English (en) translations.

        * ADD Serbian (sr) translations.
          Thanks to obj.petit.a, Ivan Radeljic, and Milenko Doder.

        * UPDATE Arabic (ar) translations.
          Thanks to  A. Hassan, debo debo, KACIMI LAMINE, and Nudroid A.

        * UPDATE Catalan (ca) translations.
          Thanks to laia_.

        * UPDATE Czech (cs) translations.
          Thanks to Tomas Palik and Vlastimil Burián.

        * UPDATE Danish (da) translations.
          Thanks to Mogelbjerg.

        * UPDATE German (de) translations.
          Thanks to jschfr, Junge Limba, and Toralf Förster.

        * UPDATE English (en_GB) translations.
          Thanks to Andi Chandler.

        * UPDATE Farsi (fa) translations.
          Thanks to some awesome anonymous person for helping out.

        * UPDATE Finish (fi) translations.
          Thanks to Riku Viitanen.

        * UPDATE French (fr) translations.
          Thanks to elouann, Trans-fr, and Towinet.

        * UPDATE French (fr_CA) translations.
          Thanks to Trans-fr.

        * UPDATE Croatian (hr_HR) translations.
          Thanks to some awesome anonymous person for helping out.

        * UPDATE Hungarian (hu) translations.
          Thanks to some awesome anonymous person for helping out.

        * UPDATE Indonesian (id) translations.
          Thanks to Anthony Santana, Astryd Viandila Dahlan, cholif yulian,
          constantius damar wicaksono, Dwi Cahyono, L1Nus, km242saya, and
          Zamani Karmana.

        * UPDATE Italian (it) translations.
          Thanks to Random_R.

        * UPDATE Japanese (ja) translations.
          Thanks to ABE Tsunehiko.

        * UPDATE Latvian (lv) translations.
          Thanks to Ojārs Balcers.

        * UPDATE Norwegian Bokmål (nb) translations.
          Thanks to Erik Matson and Kristian Andre Henriksen.

        * UPDATE Dutch (nl) translations.
          Thanks to Mart3000.

        * UPDATE Polish (pl) translations.
          Thanks to Karol Obartuch.

        * UPDATE Portuguese (pt) translations.
          Thanks to Bruno D. Rodrigues and MMSRS.

        * UPDATE Brazillian Portuguese (pt_BR) translations.
          Thanks to Communia.

        * UPDATE Romanian (ro) translations.
          Thanks to  Ana, axel_89, and Di N.

        * UPDATE Russian (ru) translations.
          Thanks to Ivan.

        * UPDATE Slovak (sk_SK) translations.
          Thanks to StefanH.

        * UPDATE Albanian (sq) translations.
          Thanks to  some awesome unknown anonymous person who didn't add their
          name to the list of translators.

        * UPDATE Swedish (sv) translations.
          Thanks to Peter Michanek.

        * UPDATE Turkish (tr) translations.
          Thanks to Bullgeschichte and Fomas.

        * UPDATE Ukranian (uk) translations.
          Thanks to Yasha.

        * UPDATE Chinese Mandarin (zh_CN) translations.
          Thanks to khi.

        * UPDATE Taiwanese Mandarin (zh_TW) translations.
          Thanks to x4r.

 ♥Ⓐ isis agora lovecruft
OpenPGP: 4096R/0A6A58A14B5946ABDE18E207A3ADB67A2CDB8B35
Current Keys: https://blog.patternsinthevoid.net/isis.txt
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1240 bytes
Desc: Digital signature
URL: <http://lists.torproject.org/pipermail/tor-dev/attachments/20151201/28cb05e7/attachment.sig>

More information about the tor-dev mailing list