[tor-commits] [tor/master] credit tvdw

2015-11-13 Thread nickm 
commit 22471026574b3384e9919529a37c56548ea4c293
Author: Nick Mathewson 
Date:   Wed Oct 7 10:25:00 2015 -0400

credit tvdw
---
 changes/11150 |8 
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/changes/11150 b/changes/11150
index 7160b94..b4d40ed 100644
--- a/changes/11150
+++ b/changes/11150
@@ -1,6 +1,6 @@
   o Removed features:
 - Remove client-side support for connecting to Tor servers running
-  versions of Tor before 0.2.3.6-alpha. These servers didn't support
-  the v3 TLS handshake protocol, and
-  are no longer allowed on the Tor network.
-  Implements the client side of ticket 11150.
+  versions of Tor before 0.2.3.6-alpha. These servers didn't
+  support the v3 TLS handshake protocol, and are no longer allowed
+  on the Tor network.  Implements the client side of ticket
+  11150. Based on patches by Tom van der Woerdt.



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/master] Remove client-side support for detecting v1 handshake

2015-11-13 Thread nickm 
commit 6505d529a5cc669ee723d818a614fe7663e5c0ea
Author: Nick Mathewson 
Date:   Wed Oct 7 10:10:08 2015 -0400

Remove client-side support for detecting v1 handshake

Fixes more of 11150
---
 src/common/tortls.c|   22 +++---
 src/or/connection_or.c |7 +++
 2 files changed, 6 insertions(+), 23 deletions(-)

diff --git a/src/common/tortls.c b/src/common/tortls.c
index 62d8cab..4321330 100644
--- a/src/common/tortls.c
+++ b/src/common/tortls.c
@@ -1941,25 +1941,9 @@ tor_tls_finish_handshake(tor_tls_t *tls)
   tls->wasV2Handshake = 0;
 }
   } else {
-#if 
-/*  remove v1 detection support, NM! */
-/* If we got no ID cert, we're a v2 handshake. */
-X509 *cert = SSL_get_peer_certificate(tls->ssl);
-STACK_OF(X509) *chain = SSL_get_peer_cert_chain(tls->ssl);
-int n_certs = sk_X509_num(chain);
-if (n_certs > 1 || (n_certs == 1 && cert != sk_X509_value(chain, 0))) {
-  log_debug(LD_HANDSHAKE, "Server sent back multiple certificates; it "
-"looks like a v1 handshake on %p", tls);
-  tls->wasV2Handshake = 0;
-} else {
-  log_debug(LD_HANDSHAKE,
-"Server sent back a single certificate; looks like "
-"a v2 handshake on %p.", tls);
-  tls->wasV2Handshake = 1;
-}
-if (cert)
-  X509_free(cert);
-#endif
+/* Client-side */
+tls->wasV2Handshake = 1;
+/*  this can move, probably? -NM */
 if (SSL_set_cipher_list(tls->ssl, SERVER_CIPHER_LIST) == 0) {
   tls_log_errors(NULL, LOG_WARN, LD_HANDSHAKE, "re-setting ciphers");
   r = TOR_TLS_ERROR_MISC;
diff --git a/src/or/connection_or.c b/src/or/connection_or.c
index 8e12aa0..c08dc4b 100644
--- a/src/or/connection_or.c
+++ b/src/or/connection_or.c
@@ -1783,11 +1783,10 @@ connection_tls_finish_handshake(or_connection_t *conn)
   circuit_build_times_network_is_live(get_circuit_build_times_mutable());
 
   if (tor_tls_used_v1_handshake(conn->tls)) {
+tor_assert(!started_here);
 conn->link_proto = 1;
-if (!started_here) {
-  connection_or_init_conn_from_address(conn, >base_.addr,
-   conn->base_.port, digest_rcvd, 0);
-}
+connection_or_init_conn_from_address(conn, >base_.addr,
+ conn->base_.port, digest_rcvd, 0);
 tor_tls_block_renegotiation(conn->tls);
 rep_hist_note_negotiated_link_proto(1, started_here);
 return connection_or_set_state_open(conn);



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/master] Merge remote-tracking branch 'public/ticket11150_client_only'

2015-11-13 Thread nickm 
commit d4672273233d539889f85cad1676395e46e48ef7
Merge: accb726 9d019a7
Author: Nick Mathewson 
Date:   Fri Nov 13 09:58:16 2015 -0500

Merge remote-tracking branch 'public/ticket11150_client_only'

 changes/11150  |6 ++
 src/common/tortls.c|  213 +--
 src/common/tortls.h|3 -
 src/or/connection_or.c |   70 
 src/test/test_tortls.c |  216 
 5 files changed, 28 insertions(+), 480 deletions(-)

diff --cc src/test/test_tortls.c
index dceecf4,5f20269..b1d91a6
--- a/src/test/test_tortls.c
+++ b/src/test/test_tortls.c
@@@ -2309,66 -2104,64 +2168,8 @@@ test_tortls_write(void *ignored
teardown_capture_of_logs(previous_log);
tor_free(tls->ssl);
tor_free(tls);
 -}
 -
 -static int fixed_ssl_renegotiate_result;
 -
 -static int
 -fixed_ssl_renegotiate(SSL *s)
 -{
 -  (void) s;
 -  return fixed_ssl_renegotiate_result;
 -}
 -
 -static void
 -test_tortls_renegotiate(void *ignored)
 -{
 -  (void)ignored;
 -  int ret;
 -  tor_tls_t *tls;
 -  SSL_CTX *ctx;
 -  SSL_METHOD *method = give_me_a_test_method();
 -  int previous_log = setup_capture_of_logs(LOG_WARN);
 -
 -  SSL_library_init();
 -  SSL_load_error_strings();
 -
 -  ctx = SSL_CTX_new(TLSv1_method());
 -
 -  tls = tor_malloc_zero(sizeof(tor_tls_t));
 -  tls->ssl = SSL_new(ctx);
 -  tls->state = TOR_TLS_ST_OPEN;
 -
 -  ret = tor_tls_renegotiate(tls);
 -  tt_int_op(ret, OP_EQ, -9);
 -
 -  tls->ssl->method = method;
 -  method->ssl_renegotiate = fixed_ssl_renegotiate;
 -  fixed_ssl_renegotiate_result = 0;
 -  ERR_clear_error();
 -  ret = tor_tls_renegotiate(tls);
 -  tt_int_op(ret, OP_EQ, -9);
 -
 -  ERR_clear_error();
 -  tls->ssl->handshake_func = dummy_handshake_func;
 -  tls->state = TOR_TLS_ST_RENEGOTIATE;
 -  ret = tor_tls_renegotiate(tls);
 -  tt_int_op(ret, OP_EQ, TOR_TLS_DONE);
 -
 -  ERR_clear_error();
 -  tls->state = TOR_TLS_ST_OPEN;
 -  fixed_ssl_renegotiate_result = -1;
 -  ret = tor_tls_renegotiate(tls);
 -  tt_int_op(ret, OP_EQ, -9);
 -
 - done:
 -  teardown_capture_of_logs(previous_log);
 -  SSL_free(tls->ssl);
 -  SSL_CTX_free(ctx);
 -  tor_free(tls);
 +  tor_free(method);
  }
- 
- static int fixed_ssl_renegotiate_result;
- 
- static int
- fixed_ssl_renegotiate(SSL *s)
- {
-   (void) s;
-   return fixed_ssl_renegotiate_result;
- }
- 
- static void
- test_tortls_renegotiate(void *ignored)
- {
-   (void)ignored;
-   int ret;
-   tor_tls_t *tls;
-   SSL_CTX *ctx;
-   SSL_METHOD *method = give_me_a_test_method();
-   int previous_log = setup_capture_of_logs(LOG_WARN);
- 
-   SSL_library_init();
-   SSL_load_error_strings();
- 
-   ctx = SSL_CTX_new(TLSv1_method());
- 
-   tls = tor_malloc_zero(sizeof(tor_tls_t));
-   tls->ssl = SSL_new(ctx);
-   tls->state = TOR_TLS_ST_OPEN;
- 
-   ret = tor_tls_renegotiate(tls);
-   tt_int_op(ret, OP_EQ, -9);
- 
-   tls->ssl->method = method;
-   method->ssl_renegotiate = fixed_ssl_renegotiate;
-   fixed_ssl_renegotiate_result = 0;
-   ERR_clear_error();
-   ret = tor_tls_renegotiate(tls);
-   tt_int_op(ret, OP_EQ, -9);
- 
-   ERR_clear_error();
-   tls->ssl->handshake_func = dummy_handshake_func;
-   tls->state = TOR_TLS_ST_RENEGOTIATE;
-   ret = tor_tls_renegotiate(tls);
-   tt_int_op(ret, OP_EQ, TOR_TLS_DONE);
- 
-   ERR_clear_error();
-   tls->state = TOR_TLS_ST_OPEN;
-   fixed_ssl_renegotiate_result = -1;
-   ret = tor_tls_renegotiate(tls);
-   tt_int_op(ret, OP_EQ, -9);
- 
-  done:
-   teardown_capture_of_logs(previous_log);
-   SSL_free(tls->ssl);
-   SSL_CTX_free(ctx);
-   tor_free(tls);
-   tor_free(method);
- }
  #endif
  
  #ifndef OPENSSL_OPAQUE
@@@ -2496,8 -2288,7 +2297,7 @@@ test_tortls_finish_handshake(void *igno
SSL_load_error_strings();
  
X509 *c1 = read_cert_from(validCertString);
--  X509 *c2 = read_cert_from(caCertString);
 +  SESS_CERT_local *sess = NULL;
  
ctx = SSL_CTX_new(method);
  
@@@ -2537,33 -2328,25 +2337,20 @@@
tt_int_op(ret, OP_EQ, 0);
tt_int_op(tls->wasV2Handshake, OP_EQ, 1);
  
--  tls->ssl->session->peer = c2;
--  tls->wasV2Handshake = 1;
--  ret = tor_tls_finish_handshake(tls);
--  tt_int_op(ret, OP_EQ, 0);
--  tt_int_op(tls->wasV2Handshake, OP_EQ, 0);
--
--  sk_X509_push(sess->cert_chain, c2);
--  tls->wasV2Handshake = 1;
--  ret = tor_tls_finish_handshake(tls);
--  tt_int_op(ret, OP_EQ, 0);
--  tt_int_op(tls->wasV2Handshake, OP_EQ, 0);
--
method->num_ciphers = fake_num_ciphers;
ret = tor_tls_finish_handshake(tls);
tt_int_op(ret, OP_EQ, -9);
  
   done:
 -  SSL_CTX_free(ctx);
 +  if (sess)
 +sk_X509_free(sess->cert_chain);
 +  if (tls->ssl && tls->ssl->session) {
 +tor_free(tls->ssl->session->sess_cert);
 +  }
 +  SSL_free(tls->ssl);
tor_free(tls);
 +  SSL_CTX_free(ctx);
 +  tor_free(method);
-   X509_free(c1);
  }
  #endif
  
@@@ -3037,7 -2786,7 +2822,6 @@@ struct testcase_t tortls_tests[] = 
INTRUSIVE_TEST_CASE(get_peer_cert, 0),
INTRUSIVE_TEST_CASE(peer_has_cert,

[tor-commits] [tor/master] Make the mis-named V2_HANDSHAKE_SERVER/CLIENT macros always-on.

2015-11-13 Thread nickm 
commit 2ad6e1bb0eeec88e8a2580a9b33a5dbadc995ba2
Author: Nick Mathewson 
Date:   Wed Oct 7 10:07:29 2015 -0400

Make the mis-named V2_HANDSHAKE_SERVER/CLIENT macros always-on.

They selected the V2 handshake *and* the V3 handshake, in a strange
mixture.  Both handshakes have been mandatory for a long time.
---
 src/common/tortls.c |   35 +++
 1 file changed, 3 insertions(+), 32 deletions(-)

diff --git a/src/common/tortls.c b/src/common/tortls.c
index eda65a9..62d8cab 100644
--- a/src/common/tortls.c
+++ b/src/common/tortls.c
@@ -83,11 +83,6 @@
 #define X509_get_notAfter_const(cert) \
   ((const ASN1_TIME*) X509_get_notAfter((X509 *)cert))
 
-/* Enable the "v2" TLS handshake.
- */
-#define V2_HANDSHAKE_SERVER
-#define V2_HANDSHAKE_CLIENT
-
 /* Copied from or.h */
 #define LEGAL_NICKNAME_CHARACTERS \
   "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789"
@@ -1288,8 +1283,6 @@ tor_tls_get_ciphersuite_name(tor_tls_t *tls)
   return SSL_get_cipher(tls->ssl);
 }
 
-#ifdef V2_HANDSHAKE_SERVER
-
 /* Here's the old V2 cipher list we sent from 0.2.1.1-alpha up to
  * 0.2.3.17-beta. If a client is using this list, we can't believe the ciphers
  * that it claims to support.  We'll prune this list to remove the ciphers
@@ -1569,7 +1562,6 @@ tor_tls_server_info_callback(const SSL *ssl, int type, 
int val)
 }
   }
 }
-#endif
 
 /** Callback to get invoked on a server after we've read the list of ciphers
  * the client supports, but before we pick our own ciphersuite.
@@ -1679,12 +1671,9 @@ tor_tls_new(int sock, int isServer)
 log_warn(LD_NET, "Newly created BIO has read count %lu, write count %lu",
  result->last_read_count, result->last_write_count);
   }
-#ifdef V2_HANDSHAKE_SERVER
   if (isServer) {
 SSL_set_info_callback(result->ssl, tor_tls_server_info_callback);
-  } else
-#endif
-  {
+  } else {
 SSL_set_info_callback(result->ssl, tor_tls_debug_state_callback);
   }
 
@@ -1723,13 +1712,11 @@ tor_tls_set_renegotiate_callback(tor_tls_t *tls,
   tls->negotiated_callback = cb;
   tls->callback_arg = arg;
   tls->got_renegotiate = 0;
-#ifdef V2_HANDSHAKE_SERVER
   if (cb) {
 SSL_set_info_callback(tls->ssl, tor_tls_server_info_callback);
   } else {
 SSL_set_info_callback(tls->ssl, tor_tls_debug_state_callback);
   }
-#endif
 }
 
 /** If this version of openssl requires it, turn on renegotiation on
@@ -1816,7 +1803,6 @@ tor_tls_read,(tor_tls_t *tls, char *cp, size_t len))
   tor_assert(lenssl, cp, (int)len);
   if (r > 0) {
-#ifdef V2_HANDSHAKE_SERVER
 if (tls->got_renegotiate) {
   /* Renegotiation happened! */
   log_info(LD_NET, "Got a TLS renegotiation from %s", ADDR(tls));
@@ -1824,7 +1810,6 @@ tor_tls_read,(tor_tls_t *tls, char *cp, size_t len))
 tls->negotiated_callback(tls, tls->callback_arg);
   tls->got_renegotiate = 0;
 }
-#endif
 return r;
   }
   err = tor_tls_get_error(tls, r, CATCH_ZERO, "reading", LOG_DEBUG, LD_NET);
@@ -1941,7 +1926,6 @@ tor_tls_finish_handshake(tor_tls_t *tls)
 SSL_set_info_callback(tls->ssl, NULL);
 SSL_set_verify(tls->ssl, SSL_VERIFY_PEER, always_accept_verify_cb);
 SSL_clear_mode(tls->ssl, SSL_MODE_NO_AUTO_CHAIN);
-#ifdef V2_HANDSHAKE_SERVER
 if (tor_tls_client_is_using_v2_ciphers(tls->ssl)) {
   /* This check is redundant, but back when we did it in the callback,
* we might have not been able to look up the tor_tls_t if the code
@@ -1956,9 +1940,9 @@ tor_tls_finish_handshake(tor_tls_t *tls)
 } else {
   tls->wasV2Handshake = 0;
 }
-#endif
   } else {
-#ifdef V2_HANDSHAKE_CLIENT
+#if 
+/*  remove v1 detection support, NM! */
 /* If we got no ID cert, we're a v2 handshake. */
 X509 *cert = SSL_get_peer_certificate(tls->ssl);
 STACK_OF(X509) *chain = SSL_get_peer_cert_chain(tls->ssl);
@@ -2362,20 +2346,7 @@ check_no_tls_errors_(const char *fname, int line)
 int
 tor_tls_used_v1_handshake(tor_tls_t *tls)
 {
-#if defined(V2_HANDSHAKE_SERVER) && defined(V2_HANDSHAKE_CLIENT)
   return ! tls->wasV2Handshake;
-#else
-  if (tls->isServer) {
-# ifdef V2_HANDSHAKE_SERVER
-return ! tls->wasV2Handshake;
-# endif
-  } else {
-# ifdef V2_HANDSHAKE_CLIENT
-return ! tls->wasV2Handshake;
-# endif
-  }
-  return 1;
-#endif
 }
 
 /** Return the number of server handshakes that we've noticed doing on



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/master] tor_tls_finish_handshake is server-side only.

2015-11-13 Thread nickm 
commit 9d019a7db725dca3dfdbf8d4dbc3b51835e0b49e
Author: Nick Mathewson 
Date:   Wed Oct 7 10:32:54 2015 -0400

tor_tls_finish_handshake is server-side only.
---
 src/or/connection_or.c |   17 -
 1 file changed, 8 insertions(+), 9 deletions(-)

diff --git a/src/or/connection_or.c b/src/or/connection_or.c
index c08dc4b..59dea37 100644
--- a/src/or/connection_or.c
+++ b/src/or/connection_or.c
@@ -1464,11 +1464,10 @@ connection_tls_continue_handshake(or_connection_t *conn)
 case TOR_TLS_DONE:
   if (! tor_tls_used_v1_handshake(conn->tls)) {
 if (!tor_tls_is_server(conn->tls)) {
-  if (conn->base_.state == OR_CONN_STATE_TLS_HANDSHAKING) {
-return connection_or_launch_v3_or_handshake(conn);
-  }
+  tor_assert(conn->base_.state == OR_CONN_STATE_TLS_HANDSHAKING);
+  return connection_or_launch_v3_or_handshake(conn);
 } else {
-  /* v2/v3 handshake, but not a client. */
+  /* v2/v3 handshake, but we are not a client. */
   log_debug(LD_OR, "Done with initial SSL handshake (server-side). "
"Expecting renegotiation or VERSIONS cell");
   tor_tls_set_renegotiate_callback(conn->tls,
@@ -1481,6 +1480,7 @@ connection_tls_continue_handshake(or_connection_t *conn)
   return 0;
 }
   }
+  tor_assert(!tor_tls_is_server(conn->tls));
   return connection_tls_finish_handshake(conn);
 case TOR_TLS_WANTWRITE:
   connection_start_writing(TO_CONN(conn));
@@ -1769,6 +1769,8 @@ connection_tls_finish_handshake(or_connection_t *conn)
   char digest_rcvd[DIGEST_LEN];
   int started_here = connection_or_nonopen_was_started_here(conn);
 
+  tor_assert(!started_here);
+
   log_debug(LD_HANDSHAKE,"%s tls handshake on %p with %s done, using "
 "ciphersuite %s. verifying.",
 started_here?"outgoing":"incoming",
@@ -1783,7 +1785,6 @@ connection_tls_finish_handshake(or_connection_t *conn)
   circuit_build_times_network_is_live(get_circuit_build_times_mutable());
 
   if (tor_tls_used_v1_handshake(conn->tls)) {
-tor_assert(!started_here);
 conn->link_proto = 1;
 connection_or_init_conn_from_address(conn, >base_.addr,
  conn->base_.port, digest_rcvd, 0);
@@ -1794,10 +1795,8 @@ connection_tls_finish_handshake(or_connection_t *conn)
 connection_or_change_state(conn, OR_CONN_STATE_OR_HANDSHAKING_V2);
 if (connection_init_or_handshake_state(conn, started_here) < 0)
   return -1;
-if (!started_here) {
-  connection_or_init_conn_from_address(conn, >base_.addr,
-   conn->base_.port, digest_rcvd, 0);
-}
+connection_or_init_conn_from_address(conn, >base_.addr,
+ conn->base_.port, digest_rcvd, 0);
 return connection_or_send_versions(conn, 0);
   }
 }



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/master] Remove workaround code for broken client-side renegotiation

2015-11-13 Thread nickm 
commit 5bd3290df3254e6ffb3ac80150f8c8217fd0ac66
Author: Nick Mathewson 
Date:   Wed Oct 7 10:16:37 2015 -0400

Remove workaround code for broken client-side renegotiation

Since 11150 removed client-side support for renegotiation, we no
longer need to make sure we have an openssl/TLSvX combination that
supports it (client-side)
---
 src/common/tortls.c |   17 -
 1 file changed, 17 deletions(-)

diff --git a/src/common/tortls.c b/src/common/tortls.c
index 4321330..86f48a4 100644
--- a/src/common/tortls.c
+++ b/src/common/tortls.c
@@ -1124,23 +1124,6 @@ tor_tls_context_new(crypto_pk_t *identity, unsigned int 
key_lifetime,
   * historically been chosen for fingerprinting resistance. */
   SSL_CTX_set_options(result->ctx, SSL_OP_CIPHER_SERVER_PREFERENCE);
 
-  /* Disable TLS1.1 and TLS1.2 if they exist.  We need to do this to
-   * workaround a bug present in all OpenSSL 1.0.1 versions (as of 1
-   * June 2012), wherein renegotiating while using one of these TLS
-   * protocols will cause the client to send a TLS 1.0 ServerHello
-   * rather than a ServerHello written with the appropriate protocol
-   * version.  Once some version of OpenSSL does TLS1.1 and TLS1.2
-   * renegotiation properly, we can turn them back on when built with
-   * that version. */
-#if OPENSSL_VERSION_NUMBER < OPENSSL_V(1,0,1,'e')
-#ifdef SSL_OP_NO_TLSv1_2
-  SSL_CTX_set_options(result->ctx, SSL_OP_NO_TLSv1_2);
-#endif
-#ifdef SSL_OP_NO_TLSv1_1
-  SSL_CTX_set_options(result->ctx, SSL_OP_NO_TLSv1_1);
-#endif
-#endif
-
   /* Disable TLS tickets if they're supported.  We never want to use them;
* using them can make our perfect forward secrecy a little worse, *and*
* create an opportunity to fingerprint us (since it's unusual to use them



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/master] appease check-spaces

2015-11-13 Thread nickm 
commit 7a940fac1c7f0ff81f58ed26350fed57e26b2642
Author: Nick Mathewson 
Date:   Fri Nov 13 13:46:47 2015 -0500

appease check-spaces
---
 src/common/util.c|4 +++-
 src/or/circuitlist.c |5 ++---
 2 files changed, 5 insertions(+), 4 deletions(-)

diff --git a/src/common/util.c b/src/common/util.c
index 6a5b13e..ce3646c 100644
--- a/src/common/util.c
+++ b/src/common/util.c
@@ -5415,7 +5415,8 @@ tor_weak_random_range(tor_weak_rng_t *rng, int32_t top)
 /** Cast a given double value to a int64_t. Return 0 if number is NaN.
  * Returns either INT64_MIN or INT64_MAX if number is outside of the int64_t
  * range. */
-int64_t clamp_double_to_int64(double number)
+int64_t
+clamp_double_to_int64(double number)
 {
   int exp;
 
@@ -5445,3 +5446,4 @@ int64_t clamp_double_to_int64(double number)
   /* Handle infinities and finite numbers with magnitude >= 2^63. */
   return signbit(number) ? INT64_MIN : INT64_MAX;
 }
+
diff --git a/src/or/circuitlist.c b/src/or/circuitlist.c
index 324f9f3..c4992d4 100644
--- a/src/or/circuitlist.c
+++ b/src/or/circuitlist.c
@@ -44,8 +44,8 @@ static smartlist_t *global_circuitlist = NULL;
 /** A list of all the circuits in CIRCUIT_STATE_CHAN_WAIT. */
 static smartlist_t *circuits_pending_chans = NULL;
 
-/** A list of all the circuits that have been marked with 
circuit_mark_for_close
- * and which are waiting for circuit_about_to_free(). */
+/** A list of all the circuits that have been marked with
+ * circuit_mark_for_close and which are waiting for circuit_about_to_free. */
 static smartlist_t *circuits_pending_close = NULL;
 
 static void circuit_free_cpath_node(crypt_path_t *victim);
@@ -1860,7 +1860,6 @@ circuit_about_to_free(circuit_t *circ)
   connection_edge_destroy(circ->n_circ_id, conn);
 ocirc->p_streams = NULL;
   }
-
 }
 
 /** Given a marked circuit circ, aggressively free its cell queues to

___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [translation/torcheck] Update translations for torcheck

2015-11-13 Thread translation 
commit 075e6f3cf24a926355afed58f0cf18636cc29cf0
Author: Translation commit bot 
Date:   Sat Nov 14 07:45:08 2015 +

Update translations for torcheck
---
 de/torcheck.po |9 +
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/de/torcheck.po b/de/torcheck.po
index 95e3e9a..b6c95ba 100644
--- a/de/torcheck.po
+++ b/de/torcheck.po
@@ -6,6 +6,7 @@
 # annskaja , 2014
 # axcer , 2014
 # axcer , 2014
+# Christian Kaindl , 2015
 # Frank Anonima , 2015
 # gerhard , 2014
 # LaKoon , 2011
@@ -26,8 +27,8 @@ msgid ""
 msgstr ""
 "Project-Id-Version: The Tor Project\n"
 "POT-Creation-Date: 2012-02-16 20:28+PDT\n"
-"PO-Revision-Date: 2015-08-27 20:25+\n"
-"Last-Translator: Thomas Moser \n"
+"PO-Revision-Date: 2015-11-14 07:27+\n"
+"Last-Translator: Christian Kaindl \n"
 "Language-Team: German 
(http://www.transifex.com/otf/torproject/language/de/)\n"
 "MIME-Version: 1.0\n"
 "Content-Type: text/plain; charset=UTF-8\n"
@@ -78,7 +79,7 @@ msgid "Are you using Tor?"
 msgstr "Benutzen Sie Tor?"
 
 msgid "This page is also available in the following languages:"
-msgstr "Diese Seite ist auch in folgenden Sprachen verfügbar:"
+msgstr "Diese Seite ist ebenfalls in folgenden Sprachen verfügbar:"
 
 msgid "For more information about this exit relay, see:"
 msgstr "Weitere Informationen zu diesem Ausgangsrelais:"
@@ -104,7 +105,7 @@ msgid "Tor Q Site"
 msgstr "Fragen & Antworten"
 
 msgid "Volunteer"
-msgstr "Mithelfen"
+msgstr "Freiwillige"
 
 msgid "JavaScript is enabled."
 msgstr "JavaScript ist aktiviert."

___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [translation/abouttor-homepage] Update translations for abouttor-homepage

2015-11-13 Thread translation 
commit 9453287eae54318b2d64b503e04aad89d68e7d79
Author: Translation commit bot 
Date:   Sat Nov 14 07:45:54 2015 +

Update translations for abouttor-homepage
---
 de/aboutTor.dtd |2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/de/aboutTor.dtd b/de/aboutTor.dtd
index 2c9535d..33b14ba 100644
--- a/de/aboutTor.dtd
+++ b/de/aboutTor.dtd
@@ -7,7 +7,7 @@
 
 
 
-
+
 
 
 

___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [translation/liveusb-creator] Update translations for liveusb-creator

2015-11-13 Thread translation 
commit 8def58de975662286ad7adff5e440cf76da46dae
Author: Translation commit bot 
Date:   Sat Nov 14 07:45:25 2015 +

Update translations for liveusb-creator
---
 de/de.po |7 ---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/de/de.po b/de/de.po
index 2d59a1b..a0aff8d 100644
--- a/de/de.po
+++ b/de/de.po
@@ -9,6 +9,7 @@
 # cyberfork , 2012
 # Berkan , 2013
 # Christian Fröhlich , 2013
+# Christian Kaindl , 2015
 # Christoph Engler , 2015
 # trantor , 2014
 # tbull , 2009
@@ -38,8 +39,8 @@ msgstr ""
 "Project-Id-Version: The Tor Project\n"
 "Report-Msgid-Bugs-To: \n"
 "POT-Creation-Date: 2015-11-02 21:23+0100\n"
-"PO-Revision-Date: 2015-11-09 09:55+\n"
-"Last-Translator: max weber\n"
+"PO-Revision-Date: 2015-11-14 07:39+\n"
+"Last-Translator: Christian Kaindl \n"
 "Language-Team: German 
(http://www.transifex.com/otf/torproject/language/de/)\n"
 "MIME-Version: 1.0\n"
 "Content-Type: text/plain; charset=UTF-8\n"
@@ -53,7 +54,7 @@ msgstr "\"Klonen & Installieren\""
 
 #: ../liveusb/gui.py:453
 msgid "\"Install from ISO\""
-msgstr "\"Aus ISO installieren\""
+msgstr "\"Von ISO installieren\""
 
 #: ../liveusb/dialog.py:157 ../liveusb/launcher_ui.py:153
 #, python-format

___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [translation/liveusb-creator_completed] Update translations for liveusb-creator_completed

2015-11-13 Thread translation 
commit 0d80c4e775cf6509a18388bfacfe126a714c361b
Author: Translation commit bot 
Date:   Sat Nov 14 07:45:30 2015 +

Update translations for liveusb-creator_completed
---
 de/de.po |7 ---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/de/de.po b/de/de.po
index 2d59a1b..a0aff8d 100644
--- a/de/de.po
+++ b/de/de.po
@@ -9,6 +9,7 @@
 # cyberfork , 2012
 # Berkan , 2013
 # Christian Fröhlich , 2013
+# Christian Kaindl , 2015
 # Christoph Engler , 2015
 # trantor , 2014
 # tbull , 2009
@@ -38,8 +39,8 @@ msgstr ""
 "Project-Id-Version: The Tor Project\n"
 "Report-Msgid-Bugs-To: \n"
 "POT-Creation-Date: 2015-11-02 21:23+0100\n"
-"PO-Revision-Date: 2015-11-09 09:55+\n"
-"Last-Translator: max weber\n"
+"PO-Revision-Date: 2015-11-14 07:39+\n"
+"Last-Translator: Christian Kaindl \n"
 "Language-Team: German 
(http://www.transifex.com/otf/torproject/language/de/)\n"
 "MIME-Version: 1.0\n"
 "Content-Type: text/plain; charset=UTF-8\n"
@@ -53,7 +54,7 @@ msgstr "\"Klonen & Installieren\""
 
 #: ../liveusb/gui.py:453
 msgid "\"Install from ISO\""
-msgstr "\"Aus ISO installieren\""
+msgstr "\"Von ISO installieren\""
 
 #: ../liveusb/dialog.py:157 ../liveusb/launcher_ui.py:153
 #, python-format

___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [translation/abouttor-homepage_completed] Update translations for abouttor-homepage_completed

2015-11-13 Thread translation 
commit 5ad49e2728744a07ad5f4f3e1da208210bb66ab6
Author: Translation commit bot 
Date:   Sat Nov 14 07:45:58 2015 +

Update translations for abouttor-homepage_completed
---
 de/aboutTor.dtd |2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/de/aboutTor.dtd b/de/aboutTor.dtd
index 2c9535d..33b14ba 100644
--- a/de/aboutTor.dtd
+++ b/de/aboutTor.dtd
@@ -7,7 +7,7 @@
 
 
 
-
+
 
 
 

___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [translation/tor_animation_completed] Update translations for tor_animation_completed

2015-11-13 Thread translation 
commit 90f08ad0718eea759b68b1d8f5524957afc3ecf1
Author: Translation commit bot 
Date:   Sat Nov 14 07:46:24 2015 +

Update translations for tor_animation_completed
---
 de.srt |2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/de.srt b/de.srt
index 382efd9..f1134cd 100644
--- a/de.srt
+++ b/de.srt
@@ -146,5 +146,5 @@ Wie beispielsweise Aktivisten, Journalisten und Blogger.
 
 35
 00:02:02,000 --> 00:02:07,000
-Download und benutze Tor! Oder erzähle anderen davon!
+Downloade und benutze Tor! Oder erzähle anderen davon!
 

___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [translation/tor_animation] Update translations for tor_animation

2015-11-13 Thread translation 
commit a4f522d774071c55d410e83cf6c90864d3e7c2db
Author: Translation commit bot 
Date:   Sat Nov 14 07:46:19 2015 +

Update translations for tor_animation
---
 de.srt |2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/de.srt b/de.srt
index 382efd9..f1134cd 100644
--- a/de.srt
+++ b/de.srt
@@ -146,5 +146,5 @@ Wie beispielsweise Aktivisten, Journalisten und Blogger.
 
 35
 00:02:02,000 --> 00:02:07,000
-Download und benutze Tor! Oder erzähle anderen davon!
+Downloade und benutze Tor! Oder erzähle anderen davon!
 

___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [translation/torcheck_completed] Update translations for torcheck_completed

2015-11-13 Thread translation 
commit ae1c13b75dcc995e95ed35d43f0aacd620983f85
Author: Translation commit bot 
Date:   Sat Nov 14 07:45:13 2015 +

Update translations for torcheck_completed
---
 de/torcheck.po |9 +
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/de/torcheck.po b/de/torcheck.po
index 95e3e9a..b6c95ba 100644
--- a/de/torcheck.po
+++ b/de/torcheck.po
@@ -6,6 +6,7 @@
 # annskaja , 2014
 # axcer , 2014
 # axcer , 2014
+# Christian Kaindl , 2015
 # Frank Anonima , 2015
 # gerhard , 2014
 # LaKoon , 2011
@@ -26,8 +27,8 @@ msgid ""
 msgstr ""
 "Project-Id-Version: The Tor Project\n"
 "POT-Creation-Date: 2012-02-16 20:28+PDT\n"
-"PO-Revision-Date: 2015-08-27 20:25+\n"
-"Last-Translator: Thomas Moser \n"
+"PO-Revision-Date: 2015-11-14 07:27+\n"
+"Last-Translator: Christian Kaindl \n"
 "Language-Team: German 
(http://www.transifex.com/otf/torproject/language/de/)\n"
 "MIME-Version: 1.0\n"
 "Content-Type: text/plain; charset=UTF-8\n"
@@ -78,7 +79,7 @@ msgid "Are you using Tor?"
 msgstr "Benutzen Sie Tor?"
 
 msgid "This page is also available in the following languages:"
-msgstr "Diese Seite ist auch in folgenden Sprachen verfügbar:"
+msgstr "Diese Seite ist ebenfalls in folgenden Sprachen verfügbar:"
 
 msgid "For more information about this exit relay, see:"
 msgstr "Weitere Informationen zu diesem Ausgangsrelais:"
@@ -104,7 +105,7 @@ msgid "Tor Q Site"
 msgstr "Fragen & Antworten"
 
 msgid "Volunteer"
-msgstr "Mithelfen"
+msgstr "Freiwillige"
 
 msgid "JavaScript is enabled."
 msgstr "JavaScript ist aktiviert."

___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [translation/torbutton-aboutdialogdtd_completed] Update translations for torbutton-aboutdialogdtd_completed

2015-11-13 Thread translation 
commit 868b86f1550996b967b5811037d14af820608f93
Author: Translation commit bot 
Date:   Sat Nov 14 07:46:33 2015 +

Update translations for torbutton-aboutdialogdtd_completed
---
 de/aboutdialog.dtd |2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/de/aboutdialog.dtd b/de/aboutdialog.dtd
index 6adb998..80ea294 100644
--- a/de/aboutdialog.dtd
+++ b/de/aboutdialog.dtd
@@ -3,7 +3,7 @@
 
 
 
-
+
 
 
 

___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [translation/torbutton-aboutdialogdtd] Update translations for torbutton-aboutdialogdtd

2015-11-13 Thread translation 
commit 7816eb2a47f9c25d919988bb3f3768c63875f424
Author: Translation commit bot 
Date:   Sat Nov 14 07:46:28 2015 +

Update translations for torbutton-aboutdialogdtd
---
 de/aboutdialog.dtd |2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/de/aboutdialog.dtd b/de/aboutdialog.dtd
index 6adb998..80ea294 100644
--- a/de/aboutdialog.dtd
+++ b/de/aboutdialog.dtd
@@ -3,7 +3,7 @@
 
 
 
-
+
 
 
 

___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/master] Remove a little duplicated code in TAP key expansion

2015-11-13 Thread nickm 
commit accb726db6ebd7cf55df719a254b7681402c2aa9
Author: Nick Mathewson 
Date:   Fri Nov 13 09:46:32 2015 -0500

Remove a little duplicated code in TAP key expansion

patch from pfrankw; closes 17587.
---
 changes/cleanup_17587 |3 +++
 src/common/crypto.c   |   13 +
 2 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/changes/cleanup_17587 b/changes/cleanup_17587
new file mode 100644
index 000..05e00fd
--- /dev/null
+++ b/changes/cleanup_17587
@@ -0,0 +1,3 @@
+  o Code simplifications and refactorings:
+- Clean up a little duplicated code in crypto_expand_key_material_TAP.
+  Closes ticket 17587; patch from "pfrankw".
diff --git a/src/common/crypto.c b/src/common/crypto.c
index 4c41d44..ffbeb81 100644
--- a/src/common/crypto.c
+++ b/src/common/crypto.c
@@ -2159,7 +2159,7 @@ int
 crypto_expand_key_material_TAP(const uint8_t *key_in, size_t key_in_len,
uint8_t *key_out, size_t key_out_len)
 {
-  int i;
+  int i, r = -1;
   uint8_t *cp, *tmp = tor_malloc(key_in_len+1);
   uint8_t digest[DIGEST_LEN];
 
@@ -2171,19 +2171,16 @@ crypto_expand_key_material_TAP(const uint8_t *key_in, 
size_t key_in_len,
++i, cp += DIGEST_LEN) {
 tmp[key_in_len] = i;
 if (crypto_digest((char*)digest, (const char *)tmp, key_in_len+1))
-  goto err;
+  goto exit;
 memcpy(cp, digest, MIN(DIGEST_LEN, key_out_len-(cp-key_out)));
   }
-  memwipe(tmp, 0, key_in_len+1);
-  tor_free(tmp);
-  memwipe(digest, 0, sizeof(digest));
-  return 0;
 
- err:
+  r = 0;
+ exit:
   memwipe(tmp, 0, key_in_len+1);
   tor_free(tmp);
   memwipe(digest, 0, sizeof(digest));
-  return -1;
+  return r;
 }
 
 /** Expand some secret key material according to RFC5869, using SHA256 as the

___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [translation/torbutton-branddtd] Update translations for torbutton-branddtd

2015-11-13 Thread translation 
commit 09ddf835c12b197c51ccbd79b48bcb0012e42465
Author: Translation commit bot 
Date:   Fri Nov 13 13:15:54 2015 +

Update translations for torbutton-branddtd
---
 hi/brand.dtd |6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/hi/brand.dtd b/hi/brand.dtd
index 8ee1c24..af9fd69 100644
--- a/hi/brand.dtd
+++ b/hi/brand.dtd
@@ -2,10 +2,10 @@
- License, v. 2.0. If a copy of the MPL was not distributed with this
- file, You can obtain one at http://mozilla.org/MPL/2.0/. -->
 
-
+
 
-
-
+
+
 
 
 

___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [translation/torbutton-brandproperties] Update translations for torbutton-brandproperties

2015-11-13 Thread translation 
commit 93734078c6b364ddfe7ec271fa1459b615de0d87
Author: Translation commit bot 
Date:   Fri Nov 13 13:15:48 2015 +

Update translations for torbutton-brandproperties
---
 hi/brand.properties |4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/hi/brand.properties b/hi/brand.properties
index d35ff82..d9f258f 100644
--- a/hi/brand.properties
+++ b/hi/brand.properties
@@ -2,10 +2,10 @@
 # License, v. 2.0. If a copy of the MPL was not distributed with this
 # file, You can obtain one at http://mozilla.org/MPL/2.0/.
 
-brandShorterName=Tor Browser
+brandShorterName=टॉर विचरक
 brandShortName=टॉर ब्राउज़र
 brandFullName=टॉर ब्राउज़र
-vendorShortName=Tor Project
+vendorShortName=टोर  परियोजना
 
 homePageSingleStartMain=Firefox Start, a fast home page with built-in search
 homePageImport=Import your home page from %S

___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [translation/tails-misc] Update translations for tails-misc

2015-11-13 Thread translation 
commit 84cba26d766a3743ea9a48e3fa53e4ac8d9760fc
Author: Translation commit bot 
Date:   Fri Nov 13 13:15:41 2015 +

Update translations for tails-misc
---
 hi.po |   28 ++--
 1 file changed, 14 insertions(+), 14 deletions(-)

diff --git a/hi.po b/hi.po
index 0bab9d0..149751c 100644
--- a/hi.po
+++ b/hi.po
@@ -8,8 +8,8 @@ msgid ""
 msgstr ""
 "Project-Id-Version: The Tor Project\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2015-09-20 19:32+0200\n"
-"PO-Revision-Date: 2015-09-21 09:20+\n"
+"POT-Creation-Date: 2015-11-03 01:06+0100\n"
+"PO-Revision-Date: 2015-11-13 13:01+\n"
 "Last-Translator: carolyn \n"
 "Language-Team: Hindi (http://www.transifex.com/otf/torproject/language/hi/)\n"
 "MIME-Version: 1.0\n"
@@ -306,23 +306,23 @@ msgstr ""
 msgid "This version of Tails has known security issues:"
 msgstr ""
 
-#: config/chroot_local-includes/usr/local/sbin/tails-spoof-mac:45
+#: config/chroot_local-includes/usr/local/sbin/tails-spoof-mac:50
 #, sh-format
 msgid "Network card ${nic} disabled"
 msgstr ""
 
-#: config/chroot_local-includes/usr/local/sbin/tails-spoof-mac:46
+#: config/chroot_local-includes/usr/local/sbin/tails-spoof-mac:51
 #, sh-format
 msgid ""
 "MAC spoofing failed for network card ${nic_name} (${nic}) so it is 
temporarily disabled.\n"
 "You might prefer to restart Tails and disable MAC spoofing. See the documentation."
 msgstr ""
 
-#: config/chroot_local-includes/usr/local/sbin/tails-spoof-mac:55
+#: config/chroot_local-includes/usr/local/sbin/tails-spoof-mac:60
 msgid "All networking disabled"
 msgstr ""
 
-#: config/chroot_local-includes/usr/local/sbin/tails-spoof-mac:56
+#: config/chroot_local-includes/usr/local/sbin/tails-spoof-mac:61
 #, sh-format
 msgid ""
 "MAC spoofing failed for network card ${nic_name} (${nic}). The error recovery 
also failed so all networking is disabled.\n"
@@ -453,40 +453,40 @@ msgstr ""
 msgid "Failed to run browser."
 msgstr ""
 
-#: config/chroot_local-includes/usr/local/sbin/tails-i2p:31
+#: config/chroot_local-includes/usr/local/sbin/tails-i2p:35
 msgid "I2P failed to start"
 msgstr ""
 
-#: config/chroot_local-includes/usr/local/sbin/tails-i2p:32
+#: config/chroot_local-includes/usr/local/sbin/tails-i2p:36
 msgid ""
 "Something went wrong when I2P was starting. Check the logs in /var/log/i2p "
 "for more information."
 msgstr ""
 
-#: config/chroot_local-includes/usr/local/sbin/tails-i2p:43
+#: config/chroot_local-includes/usr/local/sbin/tails-i2p:53
 msgid "I2P's router console is ready"
 msgstr ""
 
-#: config/chroot_local-includes/usr/local/sbin/tails-i2p:44
+#: config/chroot_local-includes/usr/local/sbin/tails-i2p:54
 msgid "You can now access I2P's router console in the I2P Browser."
 msgstr ""
 
-#: config/chroot_local-includes/usr/local/sbin/tails-i2p:49
+#: config/chroot_local-includes/usr/local/sbin/tails-i2p:59
 msgid "I2P is not ready"
 msgstr ""
 
-#: config/chroot_local-includes/usr/local/sbin/tails-i2p:50
+#: config/chroot_local-includes/usr/local/sbin/tails-i2p:60
 msgid ""
 "Eepsite tunnel not built within six minutes. Check the router console in the"
 " I2P Browser or the logs in /var/log/i2p for more information. Reconnect to "
 "the network to try again."
 msgstr ""
 
-#: config/chroot_local-includes/usr/local/sbin/tails-i2p:60
+#: config/chroot_local-includes/usr/local/sbin/tails-i2p:72
 msgid "I2P is ready"
 msgstr ""
 
-#: config/chroot_local-includes/usr/local/sbin/tails-i2p:61
+#: config/chroot_local-includes/usr/local/sbin/tails-i2p:73
 msgid "You can now access services on I2P."
 msgstr ""
 

___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/release-0.2.7] add a dedication paragraph; reflow another.

2015-11-13 Thread nickm 
commit 0549c019675840171fb764c8bb593309534ccadc
Author: Nick Mathewson 
Date:   Fri Nov 13 08:58:18 2015 -0500

add a dedication paragraph; reflow another.
---
 ReleaseNotes |   23 ++-
 1 file changed, 18 insertions(+), 5 deletions(-)

diff --git a/ReleaseNotes b/ReleaseNotes
index ef173af..3540497 100644
--- a/ReleaseNotes
+++ b/ReleaseNotes
@@ -1,19 +1,32 @@
-
 This document summarizes new features and bugfixes in each stable release
 of Tor. If you want to see more detailed descriptions of the changes in
 each development snapshot, see the ChangeLog file.
 
 Changes in version 0.2.7.5 - 2015-11-1?
+  The Tor 0.2.7 release series is dedicated to the memory of Tor user
+  and privacy advocate Caspar Bowden (1961-2015). Caspar worked
+  tirelessly to advocate human rights regardless of national borders,
+  and oppose the encroachments of mass surveillance. He opposed national
+  exceptionalism; he brought clarity to legal and policy debates; he
+  understood and predicted the impact of mass surveillance on the world;
+  and he laid the groundwork for resisting it. While serving on the Tor
+  Project's board of directors, he brought us his uncompromising focus
+  on technical excellence in the service of humankind. Caspar was an
+  inimitable force for good and a wonderful friend. He was kind,
+  humorous, generous, gallant, and believed we should protect one
+  another without exception. We honor him here for his ideals, his
+  efforts, and his accomplishments. Please honor his memory with works
+  that would make him proud.
+
   Tor 0.2.7.5 is the first stable release in the Tor 0.2.7 series.
 
   The 0.2.7 series adds a more secure identity key type for relays,
   improves cryptography performance, resolves several longstanding
   hidden-service performance issues, improves controller support for
   hidden services, and includes small bugfixes and performance
-  improvements throughout the program.  This release series also
-  includes more tests than before, and significant simplifications
-  to which parts of Tor invoke which others.  For a full list of
-  changes, see below.
+  improvements throughout the program. This release series also includes
+  more tests than before, and significant simplifications to which parts
+  of Tor invoke which others. For a full list of changes, see below.
 
   o New system requirements:
 - Tor no longer includes workarounds to support Libevent versions

___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/master] fix an email address in doc/HACKING/ReleasingTor.md

2015-11-13 Thread nickm 
commit 43609fba77ec99d73bc18b9f7368c4840c4f338a
Author: Nick Mathewson 
Date:   Fri Nov 13 09:01:55 2015 -0500

fix an email address in doc/HACKING/ReleasingTor.md
---
 doc/HACKING/ReleasingTor.md |2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/doc/HACKING/ReleasingTor.md b/doc/HACKING/ReleasingTor.md
index c58e349..d2ac870 100644
--- a/doc/HACKING/ReleasingTor.md
+++ b/doc/HACKING/ReleasingTor.md
@@ -114,7 +114,7 @@ Here are the steps Roger takes when putting out a new Tor 
release:
- {paul} at invizbox dot io
- {ondrej.mikle} at gmail dot com
- {lfleischer} at archlinux dot org
-   - {tails-dev} at doum dot org
+   - {tails-dev} at boum dot org
 
 10. Add the version number to Trac.  To do this, go to Trac, log in,
 select "Admin" near the top of the screen, then select "Versions" from

___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [translation/whisperback] Update translations for whisperback

2015-11-13 Thread translation 
commit 48c2ce78498b3d20971ee07c5d329bbc61451e5b
Author: Translation commit bot 
Date:   Fri Nov 13 14:15:11 2015 +

Update translations for whisperback
---
 mn/mn.po |8 
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/mn/mn.po b/mn/mn.po
index 28688c3..eda7605 100644
--- a/mn/mn.po
+++ b/mn/mn.po
@@ -6,11 +6,11 @@
 msgid ""
 msgstr ""
 "Project-Id-Version: The Tor Project\n"
-"Report-Msgid-Bugs-To: https://trac.torproject.org/projects/tor\n;
-"POT-Creation-Date: 2013-08-01 15:36+0200\n"
-"PO-Revision-Date: 2013-09-17 13:13+\n"
+"Report-Msgid-Bugs-To: \n"
+"POT-Creation-Date: 2014-03-17 17:40+0100\n"
+"PO-Revision-Date: 2015-11-13 14:02+\n"
 "Last-Translator: Tor Project \n"
-"Language-Team: Mongolian 
(http://www.transifex.com/projects/p/torproject/language/mn/)\n"
+"Language-Team: Mongolian 
(http://www.transifex.com/otf/torproject/language/mn/)\n"
 "MIME-Version: 1.0\n"
 "Content-Type: text/plain; charset=UTF-8\n"
 "Content-Transfer-Encoding: 8bit\n"

___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [translation/torbutton-torbuttondtd] Update translations for torbutton-torbuttondtd

2015-11-13 Thread translation 
commit a4f2c062c4f2f4efe526bcffd0ecdd02ac042392
Author: Translation commit bot 
Date:   Fri Nov 13 14:15:56 2015 +

Update translations for torbutton-torbuttondtd
---
 mn/torbutton.dtd |4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/mn/torbutton.dtd b/mn/torbutton.dtd
index 927d1b9..f801acd 100644
--- a/mn/torbutton.dtd
+++ b/mn/torbutton.dtd
@@ -11,7 +11,7 @@
 
 
 
-
+
 
 
 
@@ -20,7 +20,7 @@
 
 
 
-
+
 
 
 

___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [translation/tor-messenger-authdtd] Update translations for tor-messenger-authdtd

2015-11-13 Thread translation 
commit 00217e939734532c84618253515c4f4b5b134e37
Author: Translation commit bot 
Date:   Fri Nov 13 14:16:16 2015 +

Update translations for tor-messenger-authdtd
---
 mn/auth.dtd |2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/mn/auth.dtd b/mn/auth.dtd
index 8df5727..9cd42ea 100644
--- a/mn/auth.dtd
+++ b/mn/auth.dtd
@@ -1,7 +1,7 @@
 
 
 
-
+
 
 
 

___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/master] Merge commit '741d2dc685a0e380bc4d8fbcda5a33b70272b3f7'

2015-11-13 Thread nickm 
commit 14d2ff1a3eb212afd75089920e080da193def379
Merge: 7bdbcda 741d2dc
Author: Nick Mathewson 
Date:   Fri Nov 13 08:42:31 2015 -0500

Merge commit '741d2dc685a0e380bc4d8fbcda5a33b70272b3f7'

___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/maint-0.2.7] Bump to 0.2.7.5

2015-11-13 Thread nickm 
commit 741d2dc685a0e380bc4d8fbcda5a33b70272b3f7
Author: Nick Mathewson 
Date:   Fri Nov 13 08:41:30 2015 -0500

Bump to 0.2.7.5
---
 configure.ac|2 +-
 contrib/win32build/tor-mingw.nsi.in |2 +-
 src/win32/orconfig.h|2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/configure.ac b/configure.ac
index 3def8df..43b848c 100644
--- a/configure.ac
+++ b/configure.ac
@@ -3,7 +3,7 @@ dnl Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson
 dnl Copyright (c) 2007-2015, The Tor Project, Inc.
 dnl See LICENSE for licensing information
 
-AC_INIT([tor],[0.2.7.4-rc])
+AC_INIT([tor],[0.2.7.5])
 AC_CONFIG_SRCDIR([src/or/main.c])
 AC_CONFIG_MACRO_DIR([m4])
 AM_INIT_AUTOMAKE
diff --git a/contrib/win32build/tor-mingw.nsi.in 
b/contrib/win32build/tor-mingw.nsi.in
index d15cd5c..49d86be 100644
--- a/contrib/win32build/tor-mingw.nsi.in
+++ b/contrib/win32build/tor-mingw.nsi.in
@@ -8,7 +8,7 @@
 !include "LogicLib.nsh"
 !include "FileFunc.nsh"
 !insertmacro GetParameters
-!define VERSION "0.2.7.4-rc"
+!define VERSION "0.2.7.5"
 !define INSTALLER "tor-${VERSION}-win32.exe"
 !define WEBSITE "https://www.torproject.org/;
 !define LICENSE "LICENSE"
diff --git a/src/win32/orconfig.h b/src/win32/orconfig.h
index ac9ce80..0b39221 100644
--- a/src/win32/orconfig.h
+++ b/src/win32/orconfig.h
@@ -232,7 +232,7 @@
 #define USING_TWOS_COMPLEMENT
 
 /* Version number of package */
-#define VERSION "0.2.7.4-rc"
+#define VERSION "0.2.7.5"
 
 
 

___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/master] Note that you can use a unix domain socket for hsport

2015-11-13 Thread nickm 
commit 7b859fd8c558c9cf08add79db87fb1cb76537535
Author: Nick Mathewson 
Date:   Wed Oct 21 12:22:05 2015 -0400

Note that you can use a unix domain socket for hsport
---
 changes/bug17364 |3 +++
 doc/tor.1.txt|4 ++--
 2 files changed, 5 insertions(+), 2 deletions(-)

diff --git a/changes/bug17364 b/changes/bug17364
new file mode 100644
index 000..dd9ff12
--- /dev/null
+++ b/changes/bug17364
@@ -0,0 +1,3 @@
+  o Documentation:
+- Note that HiddenServicePorts can take a unix domain socket.
+  Closes ticket 17364.
diff --git a/doc/tor.1.txt b/doc/tor.1.txt
index 954c8fa..5ea5623 100644
--- a/doc/tor.1.txt
+++ b/doc/tor.1.txt
@@ -2176,8 +2176,8 @@ The following options are used to configure a hidden 
service.
 option multiple times; each time applies to the service using the most
 recent HiddenServiceDir. By default, this option maps the virtual port to
 the same port on 127.0.0.1 over TCP. You may override the target port,
-address, or both by specifying a target of addr, port, or addr:port.
-(You can specify an IPv6 target as [addr]:port.)
+address, or both by specifying a target of addr, port, addr:port, or
+**unix:**__path__.  (You can specify an IPv6 target as [addr]:port.)
 You may also have multiple lines with  the same VIRTPORT: when a user
 connects to that VIRTPORT, one of the TARGETs from those lines will be
 chosen at random.



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/release-0.2.7] Bump to 0.2.7.5

2015-11-13 Thread nickm 
commit 741d2dc685a0e380bc4d8fbcda5a33b70272b3f7
Author: Nick Mathewson 
Date:   Fri Nov 13 08:41:30 2015 -0500

Bump to 0.2.7.5
---
 configure.ac|2 +-
 contrib/win32build/tor-mingw.nsi.in |2 +-
 src/win32/orconfig.h|2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/configure.ac b/configure.ac
index 3def8df..43b848c 100644
--- a/configure.ac
+++ b/configure.ac
@@ -3,7 +3,7 @@ dnl Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson
 dnl Copyright (c) 2007-2015, The Tor Project, Inc.
 dnl See LICENSE for licensing information
 
-AC_INIT([tor],[0.2.7.4-rc])
+AC_INIT([tor],[0.2.7.5])
 AC_CONFIG_SRCDIR([src/or/main.c])
 AC_CONFIG_MACRO_DIR([m4])
 AM_INIT_AUTOMAKE
diff --git a/contrib/win32build/tor-mingw.nsi.in 
b/contrib/win32build/tor-mingw.nsi.in
index d15cd5c..49d86be 100644
--- a/contrib/win32build/tor-mingw.nsi.in
+++ b/contrib/win32build/tor-mingw.nsi.in
@@ -8,7 +8,7 @@
 !include "LogicLib.nsh"
 !include "FileFunc.nsh"
 !insertmacro GetParameters
-!define VERSION "0.2.7.4-rc"
+!define VERSION "0.2.7.5"
 !define INSTALLER "tor-${VERSION}-win32.exe"
 !define WEBSITE "https://www.torproject.org/;
 !define LICENSE "LICENSE"
diff --git a/src/win32/orconfig.h b/src/win32/orconfig.h
index ac9ce80..0b39221 100644
--- a/src/win32/orconfig.h
+++ b/src/win32/orconfig.h
@@ -232,7 +232,7 @@
 #define USING_TWOS_COMPLEMENT
 
 /* Version number of package */
-#define VERSION "0.2.7.4-rc"
+#define VERSION "0.2.7.5"
 
 
 



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/release-0.2.7] Merge branch 'maint-0.2.7' into release-0.2.7

2015-11-13 Thread nickm 
commit e46ea4a75da3fafcb74e8d50faa3df116e1c8eda
Merge: 4dd7a55 741d2dc
Author: Nick Mathewson 
Date:   Fri Nov 13 08:41:42 2015 -0500

Merge branch 'maint-0.2.7' into release-0.2.7

 configure.ac|2 +-
 contrib/win32build/tor-mingw.nsi.in |2 +-
 src/win32/orconfig.h|2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor-browser/tor-browser-38.4.0esr-5.5-1] Bug 920750 - Disable update xml certificate checks on Mac OS X. r=bbondy

2015-11-13 Thread gk 
commit f90a87efb57f9e2fd7f3b23e812af721f092a733
Author: Robert Strong 
Date:   Wed Apr 8 00:34:57 2015 -0700

Bug 920750 - Disable update xml certificate checks on Mac OS X. r=bbondy
---
 browser/app/profile/firefox.js |9 +
 1 file changed, 9 insertions(+)

diff --git a/browser/app/profile/firefox.js b/browser/app/profile/firefox.js
index 7d9677a..9944a82 100644
--- a/browser/app/profile/firefox.js
+++ b/browser/app/profile/firefox.js
@@ -99,6 +99,14 @@ pref("app.update.log", false);
 // the failure.
 pref("app.update.backgroundMaxErrors", 10);
 
+// The aus update xml certificate checks for application update are disabled on
+// Windows and Mac OS X since the mar signature check are implemented on these
+// platforms and is sufficient to prevent us from applying a mar that is not
+// valid.
+#if defined(XP_WIN) || defined(XP_MACOSX)
+pref("app.update.cert.requireBuiltIn", false);
+pref("app.update.cert.checkAttributes", false);
+#else
 // When |app.update.cert.requireBuiltIn| is true or not specified the
 // final certificate and all certificates the connection is redirected to 
before
 // the final certificate for the url specified in the |app.update.url|
@@ -136,6 +144,7 @@ pref("app.update.cert.maxErrors", 5);
 
 pref("app.update.certs.1.issuerName", "CN=DigiCert SHA2 High Assurance Server 
CA,OU=www.digicert.com,O=DigiCert Inc,C=US");
 pref("app.update.certs.1.commonName", "*.torproject.org");
+#endif
 
 // Whether or not app updates are enabled
 pref("app.update.enabled", true);



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor-browser/tor-browser-38.4.0esr-5.5-1] Bug 1151485 - Disable app update xml certificate checks on Linux now that there is mar signing on Linux. r=bbondy

2015-11-13 Thread gk 
commit c429e391927b9f6462274c5a7b51cf66cd253ddf
Author: Robert Strong 
Date:   Wed Jul 29 12:39:56 2015 -0700

Bug 1151485 - Disable app update xml certificate checks on Linux now that 
there is mar signing on Linux. r=bbondy
---
 browser/app/profile/firefox.js |   47 
 1 file changed, 4 insertions(+), 43 deletions(-)

diff --git a/browser/app/profile/firefox.js b/browser/app/profile/firefox.js
index 9944a82..a827f52 100644
--- a/browser/app/profile/firefox.js
+++ b/browser/app/profile/firefox.js
@@ -100,51 +100,12 @@ pref("app.update.log", false);
 pref("app.update.backgroundMaxErrors", 10);
 
 // The aus update xml certificate checks for application update are disabled on
-// Windows and Mac OS X since the mar signature check are implemented on these
-// platforms and is sufficient to prevent us from applying a mar that is not
-// valid.
-#if defined(XP_WIN) || defined(XP_MACOSX)
+// Windows, Mac OS X, and Linux since the mar signature check are implemented 
on
+// these platforms and is sufficient to prevent us from applying a mar that is
+// not valid. Bug 1182352 will remove the update xml certificate checks and the
+// following two preferences.
 pref("app.update.cert.requireBuiltIn", false);
 pref("app.update.cert.checkAttributes", false);
-#else
-// When |app.update.cert.requireBuiltIn| is true or not specified the
-// final certificate and all certificates the connection is redirected to 
before
-// the final certificate for the url specified in the |app.update.url|
-// preference must be built-in.
-pref("app.update.cert.requireBuiltIn", true);
-
-// When |app.update.cert.checkAttributes| is true or not specified the
-// certificate attributes specified in the |app.update.certs.| preference 
branch
-// are checked against the certificate for the url specified by the
-// |app.update.url| preference.
-pref("app.update.cert.checkAttributes", true);
-
-// The number of certificate attribute check failures to allow for background
-// update checks before notifying the user of the failure. User initiated 
update
-// checks always notify the user of the certificate attribute check failure.
-pref("app.update.cert.maxErrors", 5);
-
-// The |app.update.certs.| preference branch contains branches that are
-// sequentially numbered starting at 1 that contain attribute name / value
-// pairs for the certificate used by the server that hosts the update xml file
-// as specified in the |app.update.url| preference. When these preferences are
-// present the following conditions apply for a successful update check:
-// 1. the uri scheme must be https
-// 2. the preference name must exist as an attribute name on the certificate 
and
-//the value for the name must be the same as the value for the attribute 
name
-//on the certificate.
-// If these conditions aren't met it will be treated the same as when there is
-// no update available. This validation will not be performed when the
-// |app.update.url.override| user preference has been set for testing updates 
or
-// when the |app.update.cert.checkAttributes| preference is set to false. Also,
-// the |app.update.url.override| preference should ONLY be used for testing.
-// IMPORTANT! metro.js should also be updated for updates to certs.X.issuerName
-// IMPORTANT! media.gmp-manager.certs.* prefs should also be updated if these
-// are updated.
-
-pref("app.update.certs.1.issuerName", "CN=DigiCert SHA2 High Assurance Server 
CA,OU=www.digicert.com,O=DigiCert Inc,C=US");
-pref("app.update.certs.1.commonName", "*.torproject.org");
-#endif
 
 // Whether or not app updates are enabled
 pref("app.update.enabled", true);

___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/master] Merge commit '7b859fd8c558c9cf08add79db87fb1cb76537535'

2015-11-13 Thread nickm 
commit 7bdbcdaed8ed95986de854488572b6b822ab8435
Merge: f7ccc9b 7b859fd
Author: Nick Mathewson 
Date:   Fri Nov 13 08:42:20 2015 -0500

Merge commit '7b859fd8c558c9cf08add79db87fb1cb76537535'

 changes/bug17364 |3 +++
 doc/tor.1.txt|4 ++--
 2 files changed, 5 insertions(+), 2 deletions(-)




___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/master] Bump to 0.2.7.5

2015-11-13 Thread nickm 
commit 741d2dc685a0e380bc4d8fbcda5a33b70272b3f7
Author: Nick Mathewson 
Date:   Fri Nov 13 08:41:30 2015 -0500

Bump to 0.2.7.5
---
 configure.ac|2 +-
 contrib/win32build/tor-mingw.nsi.in |2 +-
 src/win32/orconfig.h|2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/configure.ac b/configure.ac
index 3def8df..43b848c 100644
--- a/configure.ac
+++ b/configure.ac
@@ -3,7 +3,7 @@ dnl Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson
 dnl Copyright (c) 2007-2015, The Tor Project, Inc.
 dnl See LICENSE for licensing information
 
-AC_INIT([tor],[0.2.7.4-rc])
+AC_INIT([tor],[0.2.7.5])
 AC_CONFIG_SRCDIR([src/or/main.c])
 AC_CONFIG_MACRO_DIR([m4])
 AM_INIT_AUTOMAKE
diff --git a/contrib/win32build/tor-mingw.nsi.in 
b/contrib/win32build/tor-mingw.nsi.in
index d15cd5c..49d86be 100644
--- a/contrib/win32build/tor-mingw.nsi.in
+++ b/contrib/win32build/tor-mingw.nsi.in
@@ -8,7 +8,7 @@
 !include "LogicLib.nsh"
 !include "FileFunc.nsh"
 !insertmacro GetParameters
-!define VERSION "0.2.7.4-rc"
+!define VERSION "0.2.7.5"
 !define INSTALLER "tor-${VERSION}-win32.exe"
 !define WEBSITE "https://www.torproject.org/;
 !define LICENSE "LICENSE"
diff --git a/src/win32/orconfig.h b/src/win32/orconfig.h
index ac9ce80..0b39221 100644
--- a/src/win32/orconfig.h
+++ b/src/win32/orconfig.h
@@ -232,7 +232,7 @@
 #define USING_TWOS_COMPLEMENT
 
 /* Version number of package */
-#define VERSION "0.2.7.4-rc"
+#define VERSION "0.2.7.5"
 
 
 



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits