[tor-commits] [torspec/master] In addition to the content, explain the format too

[nickm]

commit f9e111ead769d48441d99b52039ef0ccbd3f2c62
Author: Sven Herzberg 
Date:   Wed Jan 13 17:43:53 2016 +0100

In addition to the content, explain the format too

The term “X509 certificate” actually only describes one part of the
format. Be more explicit to mean DER encoded certificates (in contrast to
PEM encoded certifcates).
---
 tor-spec.txt |3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/tor-spec.txt b/tor-spec.txt
index ee0e511..e85634d 100644
--- a/tor-spec.txt
+++ b/tor-spec.txt
@@ -559,7 +559,8 @@ see tor-design.pdf.
 2: RSA1024 Identity certificate
 3: RSA1024 AUTHENTICATE cell link certificate
 
-   The certificate format for the above certificate types is X509.
+   The certificate format for the above certificate types is DER encoded
+   X509.
 
A CERTS cell may have no more than one certificate of each CertType.
 

___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [webwml/master] add our 2014 financial docs

[arma]

commit 8f3e298978f7fe313ffaf210d4c45af68761a86f
Author: Roger Dingledine 
Date:   Thu Jan 14 06:49:51 2016 -0500

add our 2014 financial docs
---
 about/findoc/2014-TorProject-combined-Form990_PC_Audit_Results.pdf |  Bin 0 -> 
867206 bytes
 1 file changed, 0 insertions(+), 0 deletions(-)

diff --git a/about/findoc/2014-TorProject-combined-Form990_PC_Audit_Results.pdf 
b/about/findoc/2014-TorProject-combined-Form990_PC_Audit_Results.pdf
new file mode 100644
index 000..f471421
Binary files /dev/null and 
b/about/findoc/2014-TorProject-combined-Form990_PC_Audit_Results.pdf differ



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor-browser-bundle/master] Added missing changelogs

[gk]

commit 6480e726175af3f8a0e6496ee9457f07ad265f7c
Author: Georg Koppen 
Date:   Thu Jan 14 13:03:41 2016 +

Added missing changelogs
---
 Bundle-Data/Docs/ChangeLog.txt |   60 +++-
 1 file changed, 59 insertions(+), 1 deletion(-)

diff --git a/Bundle-Data/Docs/ChangeLog.txt b/Bundle-Data/Docs/ChangeLog.txt
index 2e4059e..dbb01bd 100644
--- a/Bundle-Data/Docs/ChangeLog.txt
+++ b/Bundle-Data/Docs/ChangeLog.txt
@@ -20,7 +20,40 @@ Tor Browser 5.0.7 -- January 7 2016
* Bug 17931: Tor Browser crashes in LogMessageToConsole()
* Bug 17875: Discourage editing of torrc-defaults
 
-Tor Browser 5.5a5 -- December 15 2015
+Tor Browser 5.5a5-hardened -- December 18 2015
+ * All Platforms
+   * Update Firefox to 38.5.0esr
+   * Update Tor to 0.2.7.6
+   * Update OpenSSL to 1.0.1q
+   * Update NoScript to 2.7
+   * Update Torbutton to 1.9.4.2
+ * Bug 16940: After update, load local change notes
+ * Bug 16990: Avoid matching '250 ' to the end of node name
+ * Bug 17565: Tor fundraising campaign donation banner
+ * Bug 17770: Fix alignments on donation banner
+ * Bug 17792: Include donation banner in some non en-US Tor Browsers
+ * Bug 17108: Polish about:tor appearance
+ * Bug 17568: Clean up tor-control-port.js
+ * Translation updates
+   * Update Tor Launcher to 0.2.8.1
+ * Bug 17344: Enumerate available language packs for language prompt
+ * Code clean-up
+ * Translation updates
+   * Bug 12516: Compile Tor Browser with -fwrapv
+   * Bug 9659: Avoid loop due to optimistic data SOCKS code (fix of #3875)
+   * Bug 15564: Isolate SharedWorkers by first-party domain
+   * Bug 16940: After update, load local change notes
+   * Bug 17759: Apply whitelist to local fonts in @font-face (fix of #13313)
+   * Bug 17747: Add ndnop3 as new default obfs4 bridge
+   * Bug 17009: Shift and Alt keys leak physical keyboard layout (fix of 
#15646)
+   * Bug 17369: Disable RC4 fallback
+   * Bug 17442: Remove custom updater certificate pinning
+   * Bug 16863: Avoid confusing error when loop.enabled is false
+   * Bug 17502: Add a preference for hiding "Open with" on download dialog
+   * Bug 17446: Prevent canvas extraction by third parties (fixup of #6253)
+   * Bug 16441: Suppress "Reset Tor Browser" prompt
+
+Tor Browser 5.5a5 -- December 18 2015
  * All Platforms
* Update Firefox to 38.5.0esr
* Update Tor to 0.2.7.6
@@ -53,6 +86,31 @@ Tor Browser 5.5a5 -- December 15 2015
  * OS X
* Bug 17661: Whitelist font .Helvetica Neue DeskInterface
 
+Tor Browser 5.0.6 -- December 18 2015
+  * All Platforms
+* Bug 17877: Tor Browser 5.0.5 is using the wrong Mozilla build tag
+
+Tor Browser 5.0.5 -- December 15 2015
+ * All Platforms
+   * Update Firefox to 38.5.0esr
+   * Update Tor to 0.2.7.6
+   * Update OpenSSL to 1.0.1q
+   * Update NoScript to 2.7
+   * Update HTTPS Everywhere to 5.1.1
+   * Update Torbutton to 1.9.3.7
+ * Bug 16990: Avoid matching '250 ' to the end of node name
+ * Bug 17565: Tor fundraising campaign donation banner
+ * Bug 17770: Fix alignments on donation banner
+ * Bug 17792: Include donation banner in some non en-US Tor Browsers
+ * Translation updates
+   * Bug 17207: Hide MIME types and plugins from websites
+   * Bug 16909+17383: Adapt to HTTPS-Everywhere build changes
+   * Bug 16863: Avoid confusing error when loop.enabled is false
+   * Bug 17502: Add a preference for hiding "Open with" on download dialog
+   * Bug 17446: Prevent canvas extraction by third parties (fixup of #6253)
+   * Bug 16441: Suppress "Reset Tor Browser" prompt
+   * Bug 17747: Add ndnop3 as new default obfs4 bridge
+
 Tor Browser 5.5a4 -- November 3 2015
  * All Platforms
* Update Firefox to 38.4.0esr

___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [webwml/master] and link to the new financial pdf too

[arma]

commit 61de6ff092051cebe5b2b8be753609a71768194c
Author: Roger Dingledine 
Date:   Thu Jan 14 06:50:06 2016 -0500

and link to the new financial pdf too
---
 about/en/financials.wml |2 ++
 1 file changed, 2 insertions(+)

diff --git a/about/en/financials.wml b/about/en/financials.wml
index d74ec5b..31e4eb0 100644
--- a/about/en/financials.wml
+++ b/about/en/financials.wml
@@ -13,6 +13,8 @@
   
 Tor: Financial Reports
   
+   Fiscal Year 2014
+2014 IRS 
Form 990, State of MA Form PC, and Independent Audit Results
Fiscal Year 2013
2013 IRS Form 
990
2013 State of MA Form 
PC

___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [torspec/master] Add my removing-obsolete-clients proposal as 266

[nickm]

commit 99acfe0bb19f0a0bcb7c1ec4866c817d91ade7c8
Author: Nick Mathewson 
Date:   Thu Jan 14 11:24:16 2016 -0500

Add my removing-obsolete-clients proposal as 266
---
 proposals/000-index.txt|2 +
 .../266-removing-current-obsolete-clients.txt  |  204 
 2 files changed, 206 insertions(+)

diff --git a/proposals/000-index.txt b/proposals/000-index.txt
index 718dd31..411093b 100644
--- a/proposals/000-index.txt
+++ b/proposals/000-index.txt
@@ -186,6 +186,7 @@ Proposals by number:
 263  Request to change key exchange protocol for handshake v1.1 [OPEN]
 264  Putting version numbers on the Tor subprotocols [OPEN]
 265  Load Balancing with Overhead Parameters [DRAFT]
+266  Removing current obsolete clients from the Tor network [DRAFT]
 
 
 Proposals by status:
@@ -213,6 +214,7 @@ Proposals by status:
259  New Guard Selection Behaviour
260  Rendezvous Single Onion Services
265  Load Balancing with Overhead Parameters
+   266  Removing current obsolete clients from the Tor network
  NEEDS-REVISION:
190  Bridge Client Authorization Based on a Shared Secret
  OPEN:
diff --git a/proposals/266-removing-current-obsolete-clients.txt 
b/proposals/266-removing-current-obsolete-clients.txt
new file mode 100644
index 000..3d8a6c3
--- /dev/null
+++ b/proposals/266-removing-current-obsolete-clients.txt
@@ -0,0 +1,204 @@
+Filename: 266-removing-current-obsolete-clients.txt
+Title: Removing current obsolete clients from the Tor network
+Author: Nick Mathewson
+Created: 14 Jan 2016
+Status: Draft
+
+
+1. Introduction
+
+   Frequently, we find that very old versions of Tor should no longer be
+   supported on the network.  To remove relays is easy enough: we
+   simply update the directory authorities to stop listing relays that
+   advertise versions that are too old.
+
+   But to disable clients is harder.
+
+   In another proposal I describe a system for letting future clients go
+   gracefully obsolete.  This proposal explains how we can safely
+   disable the obsolete clients we have today (and all other client
+   versions of Tor to date, assuming that they will someday become
+   obsolete).
+
+1.1. Why disable clients?
+
+   * Security.  Anybody who hasn't updated their Tor client in 5
+ years is probably vulnerable to who-knows-what attacks.  They
+ aren't likely to get much anonymity either.
+
+   * Withstand zombie installations. Some Tors out there were once
+ configured to start-on-boot systems that are now unmaintained.
+ (See 1.4 below.)  They put needless load on the network, and help
+ nobody.
+
+   * Be able to remove backward-compatibility code.  Currently, Tor
+ supports some truly ancient protocols in order to avoid breaking
+ ancient versions or Tor.  This code needs to be maintained and
+ tested. Some of it depends on undocumented or deprecated or
+ non-portable OpenSSL features, and makes it hard to produce a
+ conforming Tor server implementation.
+
+   * Make it easier to write a conforming Tor relay.  If a Tor relay
+ needs to support every Tor client back through the beginning of
+ time, that makes it harder to develop and test compatible
+ implementations.
+
+1.2. Is this dangerous?
+
+   I don't think so.  This proposal describes a way to make older
+   clients gracefully disconnect from the network only when a majority
+   of authorities agree that they should.  A majority of authorities
+   already have the ability to inflict arbitrary degrees of sabotage on
+   the consensus document.
+
+1.3. History
+
+   The earliest versions of Tor checked the recommended-versions field
+   in the directory to see whether they should keep running.  If they
+   saw that their version wasn't recommended, they'd shut down.  There
+   was an "IgnoreVersion" option that let you keep running anyway.
+
+   Later, around 2004, the rule changed to "shut down if the version is
+   _obsolete_", where obsolete was defined as "not recommended, and
+   older than a version that is recommended."
+
+   In 0.1.1.7-alpha, we made obsolete versions only produce a warning,
+   and removed IgnoreVersion.  (See 3ac34ae3293ceb0f2b8c49.)
+
+   We have still disabled old tor versions.  With Tor 0.2.0.5-alpha,
+   we disabled Tor versions before 0.1.1.6-alpha by having the v1
+   authorities begin publishing empty directories only.
+
+   In version 0.2.5.2-alpha, we completely removed support for the v2
+   directory protocol used before Tor 0.2.0; there are no longer any v2
+   authorities on the network.
+
+   Tor versions before 0.2.1 will currently not progress past fetching
+   an initial directory, because they believe in a number of directory
+   authority identity keys that no longer sign the directory.
+
+   Tor versions before 0.2.4 are (lightly) throttled in multihop
+   circuit creation, because we prioritize ntor CREATE cells over
+   TAP ones when under load.
+
+1.4. The 

[tor-commits] [translation/tor-messenger-facebookproperties] Update translations for tor-messenger-facebookproperties

[translation]

commit b1e665bc60f1b8110a23c1144119add4841a52cb
Author: Translation commit bot 
Date:   Thu Jan 14 19:16:17 2016 +

Update translations for tor-messenger-facebookproperties
---
 ca/facebook.properties |4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/ca/facebook.properties b/ca/facebook.properties
index aaf7cdc..3dc2124 100644
--- a/ca/facebook.properties
+++ b/ca/facebook.properties
@@ -2,6 +2,6 @@
 # License, v. 2.0. If a copy of the MPL was not distributed with this
 # file, You can obtain one at http://mozilla.org/MPL/2.0/.
 
-connection.error.useUsernameNotEmailAddress=Please use your Facebook username, 
not an email address
+connection.error.useUsernameNotEmailAddress=Feu servir el vostre nom d'usuari 
del Facebook, no el correu electrònic
 
-facebook.chat.name=Facebook Chat
+facebook.chat.name=Xat de Facebook

___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [translation/tor-messenger-privproperties_completed] Update translations for tor-messenger-privproperties_completed

[translation]

commit dbcfc0135cbae58d36844c88bdd801d7714a0cd2
Author: Translation commit bot 
Date:   Thu Jan 14 19:16:41 2016 +

Update translations for tor-messenger-privproperties_completed
---
 ca/priv.properties |1 +
 1 file changed, 1 insertion(+)

diff --git a/ca/priv.properties b/ca/priv.properties
new file mode 100644
index 000..53ac506
--- /dev/null
+++ b/ca/priv.properties
@@ -0,0 +1 @@
+priv.account=S'està generant una clau privada per a %S (%S)...

___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [translation/tor-messenger-facebookproperties_completed] Update translations for tor-messenger-facebookproperties_completed

[translation]

commit 142743df064a40537f0115fc2011410762b0d4cc
Author: Translation commit bot 
Date:   Thu Jan 14 19:16:24 2016 +

Update translations for tor-messenger-facebookproperties_completed
---
 ca/facebook.properties |7 +++
 1 file changed, 7 insertions(+)

diff --git a/ca/facebook.properties b/ca/facebook.properties
new file mode 100644
index 000..3dc2124
--- /dev/null
+++ b/ca/facebook.properties
@@ -0,0 +1,7 @@
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+connection.error.useUsernameNotEmailAddress=Feu servir el vostre nom d'usuari 
del Facebook, no el correu electrònic
+
+facebook.chat.name=Xat de Facebook

___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [translation/bridgedb] Update translations for bridgedb

[translation]

commit 9040dbd6c2cf067d5d47c529ae481cb575e15e30
Author: Translation commit bot 
Date:   Fri Jan 15 05:45:03 2016 +

Update translations for bridgedb
---
 mr/LC_MESSAGES/bridgedb.po |   12 ++--
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/mr/LC_MESSAGES/bridgedb.po b/mr/LC_MESSAGES/bridgedb.po
index 77b8bca..13a8011 100644
--- a/mr/LC_MESSAGES/bridgedb.po
+++ b/mr/LC_MESSAGES/bridgedb.po
@@ -3,13 +3,13 @@
 # This file is distributed under the same license as the BridgeDB project.
 # 
 # Translators:
-# Vikrant Korde , 2015
+# Vikrant Korde , 2015-2016
 msgid ""
 msgstr ""
 "Project-Id-Version: The Tor Project\n"
 "Report-Msgid-Bugs-To: 
'https://trac.torproject.org/projects/tor/newticket?component=BridgeDB=bridgedb-reported,msgid=isis,sysrqb=isis'\n"
 "POT-Creation-Date: 2015-07-25 03:40+\n"
-"PO-Revision-Date: 2015-12-24 11:15+\n"
+"PO-Revision-Date: 2016-01-15 05:25+\n"
 "Last-Translator: Vikrant Korde \n"
 "Language-Team: Marathi 
(http://www.transifex.com/otf/torproject/language/mr/)\n"
 "MIME-Version: 1.0\n"
@@ -95,7 +95,7 @@ msgstr ""
 #: bridgedb/https/templates/index.html:11
 #, python-format
 msgid "Step %s1%s"
-msgstr ""
+msgstr "पायरी %s1%s"
 
 #: bridgedb/https/templates/index.html:13
 #, python-format
@@ -105,7 +105,7 @@ msgstr ""
 #: bridgedb/https/templates/index.html:25
 #, python-format
 msgid "Step %s2%s"
-msgstr ""
+msgstr "पायरी %s2%s"
 
 #: bridgedb/https/templates/index.html:27
 #, python-format
@@ -115,7 +115,7 @@ msgstr ""
 #: bridgedb/https/templates/index.html:36
 #, python-format
 msgid "Step %s3%s"
-msgstr ""
+msgstr "पायरी %s3%s"
 
 #: bridgedb/https/templates/index.html:38
 #, python-format
@@ -192,7 +192,7 @@ msgstr ""
 #: bridgedb/strings.py:56
 #, python-format
 msgid "Hey, %s!"
-msgstr ""
+msgstr "ओय, %s!"
 
 #: bridgedb/strings.py:57
 msgid "Hello, friend!"

___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [torspec/master] add proposal 265: Load Balancing with Overhead Parameters

[nickm]

commit bee44ba05fc37191353177e57b7f6f1d42d8468e
Author: Nick Mathewson 
Date:   Thu Jan 14 11:21:40 2016 -0500

add proposal 265: Load Balancing with Overhead Parameters
---
 proposals/000-index.txt|6 +-
 proposals/265-load-balancing-with-overhead.txt |  320 
 2 files changed, 324 insertions(+), 2 deletions(-)

diff --git a/proposals/000-index.txt b/proposals/000-index.txt
index 7979244..718dd31 100644
--- a/proposals/000-index.txt
+++ b/proposals/000-index.txt
@@ -183,8 +183,9 @@ Proposals by number:
 260  Rendezvous Single Onion Services [DRAFT]
 261  AEZ for relay cryptography [OPEN]
 262  Re-keying live circuits with new cryptographic material [OPEN]
-263  Request to change key exchange protocol for handshake [OPEN]
+263  Request to change key exchange protocol for handshake v1.1 [OPEN]
 264  Putting version numbers on the Tor subprotocols [OPEN]
+265  Load Balancing with Overhead Parameters [DRAFT]
 
 
 Proposals by status:
@@ -211,6 +212,7 @@ Proposals by status:
257  Refactoring authorities and taking parts offline
259  New Guard Selection Behaviour
260  Rendezvous Single Onion Services
+   265  Load Balancing with Overhead Parameters
  NEEDS-REVISION:
190  Bridge Client Authorization Based on a Shared Secret
  OPEN:
@@ -240,7 +242,7 @@ Proposals by status:
258  Denial-of-service resistance for directory authorities
261  AEZ for relay cryptography
262  Re-keying live circuits with new cryptographic material
-   263  Request to change key exchange protocol for handshake
+   263  Request to change key exchange protocol for handshake v1.1
264  Putting version numbers on the Tor subprotocols
  ACCEPTED:
140  Provide diffs between consensuses
diff --git a/proposals/265-load-balancing-with-overhead.txt 
b/proposals/265-load-balancing-with-overhead.txt
new file mode 100644
index 000..b1d5af6
--- /dev/null
+++ b/proposals/265-load-balancing-with-overhead.txt
@@ -0,0 +1,320 @@
+Filename: 265-load-balancing-with-overhead.txt
+Title: Load Balancing with Overhead Parameters
+Authors: Mike Perry
+Created: 01 January 2016
+Status: Draft
+
+
+0. Motivation
+
+In order to properly load balance in the presence of padding and
+non-negligible amounts of directory and hidden service traffic, the load
+balancing equations in Section 3.8.3 of dir-spec.txt are in need of some
+modifications.
+
+In addition to supporting the idea of overhead, the load balancing
+equations can also be simplified by treating Guard+Exit nodes as Exit
+nodes in all cases. This causes the 9 sub-cases of the current load
+balancing equations to consolidate into a single solution, which also
+will greatly simplify the consensus process, and eliminate edge cases
+such as #16255[1].
+
+
+1. Overview
+
+For padding overhead due to Proposals 251 and 254, and changes to hidden
+service path selection in Proposal 247, it will be useful to be able to
+specify a pair of parameters that represents the additional traffic
+present on Guard and Middle nodes due to these changes.
+
+The current load balancing equations unfortunately make this excessively
+complicated. With overhead factors included, each of the 9 subcases goes
+from being a short solution to over a page of calculations for each
+subcase.
+
+Moreover, out of 8751 hourly consensus documents produced in 2015[2],
+only 78 of them had a non-zero weight for using Guard+Exit nodes in the
+Guard position (weight Wgd), and most of those were well under 1%. The
+highest weight for using Guard+Exits in the Guard position recorded in
+2015 was 2.62% (on December 10th, 2015). This means clients that chose a
+Guard node during that particular hour used only 2.62% of Guard+Exit
+flagged nodes' bandwidth when performing a bandwidth-weighted Guard
+selection. All clients that chose a Guard node during any other hour did
+not consider Guard+Exit nodes at all as potential candidates for their
+Guards.
+
+This indicates that we can greatly simplify these load balancing
+equations with little to no change in diversity to the network.
+
+
+2. Simplified Load Balancing Equations
+
+Recall that the point of the load balancing equations in section 3.8.3
+of dir-spec.txt is to ensure that an equal amount of client traffic is
+distributed between Guards, Middles, Exits, and Guard+Exits, where each
+flag type can occupy one or more positions in a path. This allocation is
+accomplished by solving a system of equations for weights for flag
+position selection to ensure equal allocation of client traffic for each
+position in a circuit.
+
+If we ignore overhead for the moment and treat Guard+Exit nodes as Exit
+nodes, then this allows the simplified system of equations to become:
+
+  Wgg*G == M + Wme*E + Wmg*G# Guard position == middle position
+  Wgg*G == Wee*E# Guard position == equals exit position
+  Wmg*G + Wgg*G == G# Guard allocation weights sum to 1
+  Wme*E + Wee*E