[tor-commits] [translation/mat-gui_completed] Update translations for mat-gui_completed

[translation]

commit a93a252c61e776ecc05ca596947a17fced09ea5c
Author: Translation commit bot 
Date:   Thu Feb 11 09:46:58 2016 +

Update translations for mat-gui_completed
---
 mat-gui.pot | 132 ++--
 ru.po   |  15 +++
 2 files changed, 74 insertions(+), 73 deletions(-)

diff --git a/mat-gui.pot b/mat-gui.pot
index abeeb75..a24897c 100644
--- a/mat-gui.pot
+++ b/mat-gui.pot
@@ -7,8 +7,8 @@ msgid ""
 msgstr ""
 "Project-Id-Version: The Tor Project\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2015-12-16 15:03+0100\n"
-"PO-Revision-Date: 2015-12-17 09:29+\n"
+"POT-Creation-Date: 2016-02-10 23:06+0100\n"
+"PO-Revision-Date: 2016-02-11 09:31+\n"
 "Last-Translator: carolyn \n"
 "Language-Team: English 
(http://www.transifex.com/otf/torproject/language/en/)\n"
 "MIME-Version: 1.0\n"
@@ -17,171 +17,171 @@ msgstr ""
 "Language: en\n"
 "Plural-Forms: nplurals=2; plural=(n != 1);\n"
 
-#: mat-gui:64 mat-gui:415 mat-gui:438
+#: mat-gui:66 mat-gui:422 mat-gui:445
 msgid "Ready"
 msgstr "Ready"
 
-#: mat-gui:133
+#: mat-gui:136
 msgid "Choose files"
 msgstr "Choose files"
 
-#: mat-gui:141
-msgid "All files"
-msgstr "All files"
-
-#: mat-gui:147
+#: mat-gui:144
 msgid "Supported files"
 msgstr "Supported files"
 
-#: mat-gui:164 mat-gui:359 mat-gui:410 mat-gui:434 mat-gui:436
-#: data/mat.glade:480
+#: mat-gui:151
+msgid "All files"
+msgstr "All files"
+
+#: mat-gui:167 mat-gui:366 mat-gui:417 mat-gui:441 mat-gui:443
+#: data/mat.glade:200
 msgid "Clean"
 msgstr "Clean"
 
-#: mat-gui:165
+#: mat-gui:168
 msgid "No metadata found"
 msgstr "No metadata found"
 
-#: mat-gui:167 mat-gui:412
+#: mat-gui:170 mat-gui:419
 msgid "Dirty"
 msgstr "Dirty"
 
-#: mat-gui:172
+#: mat-gui:176
 #, python-format
 msgid "%s's metadata"
 msgstr "%s's metadata"
 
-#: mat-gui:183
+#: mat-gui:187
 msgid "Trash your meta, keep your data"
 msgstr "Trash your meta, keep your data"
 
-#: mat-gui:188
+#: mat-gui:192
 msgid "Website"
 msgstr "Website"
 
-#: mat-gui:214
+#: mat-gui:219
 msgid "Preferences"
 msgstr "Preferences"
 
-#: mat-gui:227
+#: mat-gui:232
 msgid "Reduce PDF quality"
 msgstr "Reduce PDF quality"
 
-#: mat-gui:230
+#: mat-gui:235
 msgid "Reduce the produced PDF size and quality"
 msgstr "Reduce the produced PDF size and quality"
 
-#: mat-gui:233
-msgid "Add unsupported file to archives"
-msgstr "Add unsupported file to archives"
+#: mat-gui:238
+msgid "Remove unsupported file from archives"
+msgstr "Remove unsupported file from archives"
 
-#: mat-gui:236
-msgid "Add non-supported (and so non-anonymised) file to output archive"
-msgstr "Add non-supported (and so non-anonymised) file to output archive"
+#: mat-gui:241
+msgid "Remove non-supported (and so non-anonymised) file from output archive"
+msgstr "Remove non-supported (and so non-anonymised) file from output archive"
 
-#: mat-gui:275
+#: mat-gui:280
 msgid "Unknown"
 msgstr "Unknown"
 
-#: mat-gui:318
+#: mat-gui:325
 msgid "Not-supported"
 msgstr "Not-supported"
 
-#: mat-gui:332
+#: mat-gui:339
 msgid "Harmless fileformat"
 msgstr "Harmless fileformat"
 
-#: mat-gui:334
+#: mat-gui:341
 msgid "Cant read file"
 msgstr "Cant read file"
 
-#: mat-gui:336
+#: mat-gui:343
 msgid "Fileformat not supported"
 msgstr "Fileformat not supported"
 
-#: mat-gui:339
+#: mat-gui:346
 msgid "These files can not be processed:"
 msgstr "These files can not be processed:"
 
-#: mat-gui:344 mat-gui:373 data/mat.glade:519
+#: mat-gui:351 mat-gui:380 data/mat.glade:239
 msgid "Filename"
 msgstr "Filename"
 
-#: mat-gui:346
+#: mat-gui:353
 msgid "Reason"
 msgstr "Reason"
 
-#: mat-gui:358
+#: mat-gui:365
 msgid "Non-supported files in archive"
 msgstr "Non-supported files in archive"
 
-#: mat-gui:372
+#: mat-gui:379
 msgid "Include"
 msgstr "Include"
 
-#: mat-gui:390
+#: mat-gui:397
 #, python-format
 msgid "MAT is not able to clean the following files, found in the %s archive"
 msgstr "MAT is not able to clean the following files, found in the %s archive"
 
-#: mat-gui:406
+#: mat-gui:413
 #, python-format
 msgid "Checking %s"
 msgstr "Checking %s"
 
-#: mat-gui:421
+#: mat-gui:428
 #, python-format
 msgid "Cleaning %s"
 msgstr "Cleaning %s"
 
-#: data/mat.glade:26 data/mat.glade:196
+#: data/mat.glade:46
+msgid "_File"
+msgstr "_File"
+
+#: data/mat.glade:95
+msgid "_Edit"
+msgstr "_Edit"
+
+#: data/mat.glade:141
+msgid "_Help"
+msgstr "_Help"
+
+#: data/mat.glade:187
+msgid "Add"
+msgstr "Add"
+
+#: data/mat.glade:256
+msgid "State"
+msgstr "State"
+
+#: data/mat.glade:294 data/mat.glade:467
 msgid "Metadata"
 msgstr "Metadata"
 
-#: data/mat.glade:85
+#: data/mat.glade:354
 msgid "Name"
 msgstr "Name"
 
-#: data/mat.glade:99
+#: data/mat.glade:368
 msgid "Content"
 msgstr "Content"
 
-#: data/mat.glade:129
+#: data/mat.glade:398
 msgid "Supported formats"
 msgstr "Supported formats"
 
-#: data/mat.glade:185
+#: data/mat.glade:456
 msgid "Support"
 msgstr "Support"

[tor-commits] [tor-browser-bundle/maint-5.5] Release preparations for 5.5.2

[gk]

commit 7a36dbece35a307675f396a019dccf6e431efb44
Author: Georg Koppen 
Date:   Thu Feb 11 08:58:38 2016 +

Release preparations for 5.5.2
---
 Bundle-Data/Docs/ChangeLog.txt|  5 +
 gitian/versions   |  8 
 tools/update-responses/config.yml | 12 ++--
 3 files changed, 15 insertions(+), 10 deletions(-)

diff --git a/Bundle-Data/Docs/ChangeLog.txt b/Bundle-Data/Docs/ChangeLog.txt
index 525d2b3..e257d11 100644
--- a/Bundle-Data/Docs/ChangeLog.txt
+++ b/Bundle-Data/Docs/ChangeLog.txt
@@ -1,3 +1,8 @@
+Tor Browser 5.5.2 -- February 12 2016
+ * All Platforms
+   * Update Firefox to 38.6.1esr
+   * Update NoScript to 2.9.0.3
+
 Tor Browser 5.5.1 -- February 4 2016
  * All Platforms
* Bug 18168: Don't clear an iframe's window.name (fix of #16620)
diff --git a/gitian/versions b/gitian/versions
index 26e8cd2..334b6cc 100755
--- a/gitian/versions
+++ b/gitian/versions
@@ -7,11 +7,11 @@ BUILD_PT_BUNDLES=1
 
 VERIFY_TAGS=1
 
-FIREFOX_VERSION=38.6.0esr
+FIREFOX_VERSION=38.6.1esr
 
 TORBROWSER_UPDATE_CHANNEL=release
 
-TORBROWSER_TAG=tor-browser-${FIREFOX_VERSION}-5.5-1-build3
+TORBROWSER_TAG=tor-browser-${FIREFOX_VERSION}-5.5-1-build1
 TOR_TAG=tor-0.2.7.6
 TORLAUNCHER_TAG=0.2.7.8
 TORBUTTON_TAG=1.9.4.3
@@ -59,7 +59,7 @@ GO_VER=1.4.2
 ## File names for the source packages
 OPENSSL_PACKAGE=openssl-${OPENSSL_VER}.tar.gz
 GMP_PACKAGE=gmp-${GMP_VER}.tar.bz2
-NOSCRIPT_PACKAGE=noscript_security_suite-2.9.0.2-sm+fx+fn.xpi
+NOSCRIPT_PACKAGE=noscript_security_suite-2.9.0.3-fx+fn+sm.xpi
 TOOLCHAIN4_PACKAGE=x86_64-apple-darwin10.tar.xz
 
TOOLCHAIN4_OLD_PACKAGE=multiarch-darwin11-cctools127.2-gcc42-5666.3-llvmgcc42-2336.1-Linux-120724.tar.xz
 OSXSDK_PACKAGE=MacOSX10.7.sdk.tar.gz
@@ -90,7 +90,7 @@ 
OSXSDK_HASH=da77bb0003fcca5ea8c4e8cb2da8828ded750c54afdcac29ec6f3b46ad5e3adf
 
OSXSDK_OLD_HASH=6602d8d5ddb371fbc02e2a5967d9bd0cd7358d46f9417753c8234b923f2ea6fc
 
TOOLCHAIN4_HASH=7b71bfe02820409b994c5c33a7eab81a81c72550f5da85ff7af70da3da244645
 
TOOLCHAIN4_OLD_HASH=65c1b2d302358a6b95a26c6828a66908a199276193bb0b268f2dcc1a997731e9
-NOSCRIPT_HASH=f3c9dec710e02d809fa85ac76750e5f074656105c1bde03d400cb597b2eb1fba
+NOSCRIPT_HASH=097298d5004c1f384f3af508cb1915921145f0f962e78c977a62f405bd7eb2d9
 MSVCR100_HASH=1221a09484964a6f38af5e34ee292b9afefccb3dc6e55435fd3aaf7c235d9067
 PYCRYPTO_HASH=f2ce1e989b272cfcb677616763e0a2e7ec659effa67a88aa92b3a65528f60a3c
 ARGPARSE_HASH=ddaf4b0a618335a32b6664d4ae038a1de8fbada3b25033f9021510ed2b3941a4
diff --git a/tools/update-responses/config.yml 
b/tools/update-responses/config.yml
index 470ee06..922cf7c 100644
--- a/tools/update-responses/config.yml
+++ b/tools/update-responses/config.yml
@@ -10,15 +10,15 @@ build_targets:
 osx64: Darwin_x86_64-gcc3
 channels:
 alpha: 5.5a6
-release: 5.5.1
+release: 5.5.2
 versions:
-5.5.1:
-platformVersion: 38.6.0
-detailsURL: https://blog.torproject.org/blog/tor-browser-551-released
-download_url: https://www.torproject.org/dist/torbrowser/5.5.1
+5.5.2:
+platformVersion: 38.6.1
+detailsURL: https://blog.torproject.org/blog/tor-browser-552-released
+download_url: https://www.torproject.org/dist/torbrowser/5.5.2
 incremental_from:
-  - 5.0.7
   - 5.5
+  - 5.5.1
 migrate_archs:
   osx32: osx64
 osx32:

___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [torspec/master] fixes from reading 266; and ask a question

[arma]

commit 585b1c34ebe238f8b1737e623fbb8ab3279a019a
Author: Roger Dingledine 
Date:   Fri Feb 12 01:25:03 2016 -0500

fixes from reading 266; and ask a question
---
 proposals/266-removing-current-obsolete-clients.txt | 11 ++-
 1 file changed, 6 insertions(+), 5 deletions(-)

diff --git a/proposals/266-removing-current-obsolete-clients.txt 
b/proposals/266-removing-current-obsolete-clients.txt
index 3d8a6c3..7a490be 100644
--- a/proposals/266-removing-current-obsolete-clients.txt
+++ b/proposals/266-removing-current-obsolete-clients.txt
@@ -101,7 +101,7 @@ Status: Draft
would be at their worst when they focus on authorities, or when
they act in synchrony to all strike at once.
 
-   One goal of this proposal is to ensure that future clients to not
+   One goal of this proposal is to ensure that future clients do not
become zombies at all; and that ancient clients become slow zombies
at worst.
 
@@ -130,7 +130,7 @@ Status: Draft
in 0.2.2, gabelmoo has moved and turtles has shut down.  The
authorities Faravahar and longclaw are new. The authorities moria1,
tor26, dizum, dannenberg, urras, maatuska and maatuska would all get
-   hit here.)
+   hit here.) [two maatuskas? -RD]
 
(We could simply remove the renegotiation-detection code entirely,
and reply to all connections with an immediate VERSIONS cell.  The
@@ -150,13 +150,13 @@ Status: Draft
we could detect these versions by:
 
 Looking for use of a TAP handshake from an IP not associated
-with with any known relay, or on a connection where the client
+with any known relay, or on a connection where the client
 did not authenticate.  (This could be from a bridge, but clients
 don't build circuits that go to an IntroPoint or RendPoint
 directly after a bridge.)
 
This would still result in clients not having directories, however,
-   and retrying once an hours.
+   and retrying once an hour.
 
 3. Ideas that might work
 
@@ -189,7 +189,7 @@ Status: Draft
consensus documents.  Later, if we want to disable all Tor versions
before today, we can change the consensus algorithm so that the
consensus (or perhaps only the microdesc consensus) is spelled with
-   'f' lines instead of 'f' lines.  This will create a consensus which
+   'f' lines instead of 's' lines.  This will create a consensus which
older clients and relays parse as having all nodes down, which will
make them not connect to the network at all.
 
@@ -202,3 +202,4 @@ Status: Draft
from downloading new consensuses.
 
[This proposal would result in the quietest shutdown.]
+

___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor-browser-bundle/hardened-builds] Bumping nightly versions

[gk]

commit 9290a2b337628c0059c8f07d2c3b5874ea643260
Author: Georg Koppen 
Date:   Thu Feb 11 10:54:50 2016 +

Bumping nightly versions
---
 gitian/versions.nightly | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/gitian/versions.nightly b/gitian/versions.nightly
index da44ecb..8ee7a2d 100755
--- a/gitian/versions.nightly
+++ b/gitian/versions.nightly
@@ -14,7 +14,7 @@ MULTI_LINGUAL=1
 
 VERIFY_TAGS=0
 
-FIREFOX_VERSION=38.6.0esr
+FIREFOX_VERSION=38.6.1esr
 
 TORBROWSER_UPDATE_CHANNEL=default
 
@@ -65,7 +65,7 @@ GO_VER=1.4.2
 ## File names for the source packages
 OPENSSL_PACKAGE=openssl-${OPENSSL_VER}.tar.gz
 GMP_PACKAGE=gmp-${GMP_VER}.tar.bz2
-NOSCRIPT_PACKAGE=noscript_security_suite-2.9.0.2-sm+fx+fn.xpi
+NOSCRIPT_PACKAGE=noscript_security_suite-2.9.0.3-fx+fn+sm.xpi
 TOOLCHAIN4_PACKAGE=x86_64-apple-darwin10.tar.xz
 
TOOLCHAIN4_OLD_PACKAGE=multiarch-darwin11-cctools127.2-gcc42-5666.3-llvmgcc42-2336.1-Linux-120724.tar.xz
 OSXSDK_PACKAGE=MacOSX10.7.sdk.tar.gz
@@ -94,7 +94,7 @@ 
OSXSDK_HASH=da77bb0003fcca5ea8c4e8cb2da8828ded750c54afdcac29ec6f3b46ad5e3adf
 
OSXSDK_OLD_HASH=6602d8d5ddb371fbc02e2a5967d9bd0cd7358d46f9417753c8234b923f2ea6fc
 
TOOLCHAIN4_HASH=7b71bfe02820409b994c5c33a7eab81a81c72550f5da85ff7af70da3da244645
 
TOOLCHAIN4_OLD_HASH=65c1b2d302358a6b95a26c6828a66908a199276193bb0b268f2dcc1a997731e9
-NOSCRIPT_HASH=f3c9dec710e02d809fa85ac76750e5f074656105c1bde03d400cb597b2eb1fba
+NOSCRIPT_HASH=097298d5004c1f384f3af508cb1915921145f0f962e78c977a62f405bd7eb2d9
 MSVCR100_HASH=1221a09484964a6f38af5e34ee292b9afefccb3dc6e55435fd3aaf7c235d9067
 PYCRYPTO_HASH=f2ce1e989b272cfcb677616763e0a2e7ec659effa67a88aa92b3a65528f60a3c
 ARGPARSE_HASH=ddaf4b0a618335a32b6664d4ae038a1de8fbada3b25033f9021510ed2b3941a4



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor-browser-bundle/hardened-builds] Release preparations for 6.0a2-hardened

[gk]

commit 7bc69717608f8be105594efa95d7bf7ccdc80077
Author: Georg Koppen 
Date:   Fri Feb 12 06:56:49 2016 +

Release preparations for 6.0a2-hardened
---
 Bundle-Data/Docs/ChangeLog.txt| 16 
 gitian/versions.alpha |  6 +++---
 tools/update-responses/config.yml | 12 ++--
 3 files changed, 25 insertions(+), 9 deletions(-)

diff --git a/Bundle-Data/Docs/ChangeLog.txt b/Bundle-Data/Docs/ChangeLog.txt
index 4210100..d2b7420 100644
--- a/Bundle-Data/Docs/ChangeLog.txt
+++ b/Bundle-Data/Docs/ChangeLog.txt
@@ -1,3 +1,19 @@
+Tor Browser 6.0a2-hardened -- February 15 2016
+ * All Platforms
+   * Update Firefox to 38.6.1esr
+   * Update NoScript to 2.9.0.3
+   * Bug 18168: Don't clear an iframe's window.name (fix of #16620)
+   * Bug 18137: Add two new obfs4 default bridges
+ * Windows
+   * Bug 18169: Whitelist zh-CN UI font
+ * OSX
+   * Bug 18172: Add Emoji support
+ * Linux
+   * Bug 18172: Add Emoji support
+ * Build System
+   * Linux
+ * Bug 15578: Switch to Debian Wheezy guest VMs (10.04 LTS is EOL)
+
 Tor Browser 6.0a1-hardened -- January 27 2016
  * All Platforms
* Update Firefox to 38.6.0esr
diff --git a/gitian/versions.alpha b/gitian/versions.alpha
index 2921df9..42468c3 100755
--- a/gitian/versions.alpha
+++ b/gitian/versions.alpha
@@ -11,7 +11,7 @@ MULTI_LINGUAL=1
 
 VERIFY_TAGS=1
 
-FIREFOX_VERSION=38.6.0esr
+FIREFOX_VERSION=38.6.1esr
 
 TORBROWSER_UPDATE_CHANNEL=hardened
 
@@ -62,7 +62,7 @@ GO_VER=1.4.2
 ## File names for the source packages
 OPENSSL_PACKAGE=openssl-${OPENSSL_VER}.tar.gz
 GMP_PACKAGE=gmp-${GMP_VER}.tar.bz2
-NOSCRIPT_PACKAGE=noscript_security_suite-2.9.0.2-sm+fx+fn.xpi
+NOSCRIPT_PACKAGE=noscript_security_suite-2.9.0.3-fx+fn+sm.xpi
 TOOLCHAIN4_PACKAGE=x86_64-apple-darwin10.tar.xz
 
TOOLCHAIN4_OLD_PACKAGE=multiarch-darwin11-cctools127.2-gcc42-5666.3-llvmgcc42-2336.1-Linux-120724.tar.xz
 OSXSDK_PACKAGE=MacOSX10.7.sdk.tar.gz
@@ -91,7 +91,7 @@ 
OSXSDK_HASH=da77bb0003fcca5ea8c4e8cb2da8828ded750c54afdcac29ec6f3b46ad5e3adf
 
OSXSDK_OLD_HASH=6602d8d5ddb371fbc02e2a5967d9bd0cd7358d46f9417753c8234b923f2ea6fc
 
TOOLCHAIN4_HASH=7b71bfe02820409b994c5c33a7eab81a81c72550f5da85ff7af70da3da244645
 
TOOLCHAIN4_OLD_HASH=65c1b2d302358a6b95a26c6828a66908a199276193bb0b268f2dcc1a997731e9
-NOSCRIPT_HASH=f3c9dec710e02d809fa85ac76750e5f074656105c1bde03d400cb597b2eb1fba
+NOSCRIPT_HASH=097298d5004c1f384f3af508cb1915921145f0f962e78c977a62f405bd7eb2d9
 MSVCR100_HASH=1221a09484964a6f38af5e34ee292b9afefccb3dc6e55435fd3aaf7c235d9067
 PYCRYPTO_HASH=f2ce1e989b272cfcb677616763e0a2e7ec659effa67a88aa92b3a65528f60a3c
 ARGPARSE_HASH=ddaf4b0a618335a32b6664d4ae038a1de8fbada3b25033f9021510ed2b3941a4
diff --git a/tools/update-responses/config.yml 
b/tools/update-responses/config.yml
index c66cec5..7b59296 100644
--- a/tools/update-responses/config.yml
+++ b/tools/update-responses/config.yml
@@ -9,7 +9,7 @@ build_targets:
 osx32: Darwin_x86-gcc3
 osx64: Darwin_x86_64-gcc3
 channels:
-hardened: 6.0a1-hardened
+hardened: 6.0a2-hardened
 release: 5.0
 versions:
 5.0:
@@ -23,12 +23,12 @@ versions:
 osx32:
 minSupportedOSVersion: 10.8
 detailsURL: 
https://blog.torproject.org/blog/end-life-plan-tor-browser-32-bit-macs#updating
-6.0a1-hardened:
-platformVersion: 38.6.0
-detailsURL: 
https://blog.torproject.org/blog/tor-browser-60a1-hardened-released
-download_url: https://www.torproject.org/dist/torbrowser/6.0a1-hardened
+6.0a2-hardened:
+platformVersion: 38.6.1
+detailsURL: 
https://blog.torproject.org/blog/tor-browser-60a2-hardened-released
+download_url: https://www.torproject.org/dist/torbrowser/6.0a2-hardened
 incremental_from:
-  - 5.5a6-hardened
+  - 6.0a1-hardened
 migrate_archs:
   osx32: osx64
 osx32:

___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor-browser-bundle/hardened-builds] Bumping NSIS_TAG due to git stupidity

[gk]

commit 7811605fe41861fb58f23aabd125767482aaee1d
Author: Georg Koppen 
Date:   Thu Feb 11 10:52:53 2016 +

Bumping NSIS_TAG due to git stupidity
---
 gitian/gpg/tbb-windows-installer.gpg | Bin 53000 -> 107882 bytes
 gitian/versions.alpha|   2 +-
 gitian/versions.nightly  |   2 +-
 3 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/gitian/gpg/tbb-windows-installer.gpg 
b/gitian/gpg/tbb-windows-installer.gpg
index 7193ea0..6923786 100644
Binary files a/gitian/gpg/tbb-windows-installer.gpg and 
b/gitian/gpg/tbb-windows-installer.gpg differ
diff --git a/gitian/versions.alpha b/gitian/versions.alpha
index ab6d062..2921df9 100755
--- a/gitian/versions.alpha
+++ b/gitian/versions.alpha
@@ -20,7 +20,7 @@ TOR_TAG=tor-0.2.7.6
 TORLAUNCHER_TAG=0.2.8.3
 TORBUTTON_TAG=1.9.5
 HTTPSE_TAG=5.1.2
-NSIS_TAG=v0.3
+NSIS_TAG=v0.3.1
 ZLIB_TAG=v1.2.8
 LIBEVENT_TAG=release-2.0.22-stable
 MINGW_TAG=a883b47a45ff74ced41dfbd9f748d5c2c61f3c01 # due to bug 1156131
diff --git a/gitian/versions.nightly b/gitian/versions.nightly
index 21838bc..da44ecb 100755
--- a/gitian/versions.nightly
+++ b/gitian/versions.nightly
@@ -23,7 +23,7 @@ TOR_TAG=master
 TORLAUNCHER_TAG=master
 TORBUTTON_TAG=master
 HTTPSE_TAG=master
-NSIS_TAG=v0.3
+NSIS_TAG=v0.3.1
 ZLIB_TAG=v1.2.8
 LIBEVENT_TAG=release-2.0.22-stable
 MINGW_TAG=a883b47a45ff74ced41dfbd9f748d5c2c61f3c01 # due to bug 1156131



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [torspec/master] typo fixes while reading 264

[arma]

commit 07677feb67dfe6bbefe515de0fbaf3c251edf2b4
Author: Roger Dingledine 
Date:   Fri Feb 12 02:06:16 2016 -0500

typo fixes while reading 264
---
 proposals/264-subprotocol-versions.txt | 10 +-
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/proposals/264-subprotocol-versions.txt 
b/proposals/264-subprotocol-versions.txt
index f8f5188..20174b9 100644
--- a/proposals/264-subprotocol-versions.txt
+++ b/proposals/264-subprotocol-versions.txt
@@ -17,7 +17,7 @@ Status: Open
live Tor relay implementations, and that means that tying "features"
to "tor version" won't work going forwards.
 
-   This proposal describes and alternative method that we can use to
+   This proposal describes an alternative method that we can use to
simplify the advertisement and discovery of features, and the
transition from one set of features to another.
 
@@ -93,7 +93,7 @@ Status: Open
Tor clients that want to use "v" lines should prefer those in
microdescriptors if present, and ignore those in the consensus.
 
-   (Existing maintined client versions can be adapted to never look at
+   (Existing maintained client versions can be adapted to never look at
"v" lines at all; the only versions that they still check for are
ones not allowed on the network.  The "v" line can be dropped
from the consensus entirely when current clients have upgraded.)
@@ -161,12 +161,12 @@ Status: Open
LinkAuth protocols correspond to varieties of Authenticate cells used
for the v3+ link protocools.
 
-   The currrent version is "1".
+   The current version is "1".
 
 5.3. "Relay"
 
The "relay" protocols are those used to handle CREATE cells, and
-   those that that handle the various RELAY cell types received after a
+   those that handle the various RELAY cell types received after a
CREATE cell.  (Except, relay cells used to manage introduction and
rendezvous points are managed with the "HSMid" protocols.)
 
@@ -219,7 +219,7 @@ Status: Open
 
Describes features present or absent in microdescriptors.
 
-   Most features in descriptors don't require a "MircoDesc" update --
+   Most features in descriptors don't require a "MicroDesc" update --
only those that need to someday be required.
These correspond more or less with consensus methods.
 

___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor-browser-bundle/master] Bumping NSIS_TAG due to git stupidity

[gk]

commit 4fdf888d8d829fe02ccbc3da5dba472c9d119dc9
Author: Georg Koppen 
Date:   Thu Feb 11 10:52:53 2016 +

Bumping NSIS_TAG due to git stupidity
---
 gitian/gpg/tbb-windows-installer.gpg | Bin 53000 -> 107882 bytes
 gitian/versions.alpha|   2 +-
 gitian/versions.nightly  |   2 +-
 3 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/gitian/gpg/tbb-windows-installer.gpg 
b/gitian/gpg/tbb-windows-installer.gpg
index 7193ea0..6923786 100644
Binary files a/gitian/gpg/tbb-windows-installer.gpg and 
b/gitian/gpg/tbb-windows-installer.gpg differ
diff --git a/gitian/versions.alpha b/gitian/versions.alpha
index f73c7f5..88cb0cb 100755
--- a/gitian/versions.alpha
+++ b/gitian/versions.alpha
@@ -16,7 +16,7 @@ TOR_TAG=tor-0.2.7.6
 TORLAUNCHER_TAG=0.2.9
 TORBUTTON_TAG=1.9.5
 HTTPSE_TAG=5.1.2
-NSIS_TAG=v0.3
+NSIS_TAG=v0.3.1
 ZLIB_TAG=v1.2.8
 LIBEVENT_TAG=release-2.0.22-stable
 MINGW_TAG=a883b47a45ff74ced41dfbd9f748d5c2c61f3c01 # due to bug 1156131
diff --git a/gitian/versions.nightly b/gitian/versions.nightly
index 85c103d..2344d40 100755
--- a/gitian/versions.nightly
+++ b/gitian/versions.nightly
@@ -23,7 +23,7 @@ TOR_TAG=master
 TORLAUNCHER_TAG=master
 TORBUTTON_TAG=master
 HTTPSE_TAG=master
-NSIS_TAG=v0.3
+NSIS_TAG=v0.3.1
 ZLIB_TAG=v1.2.8
 LIBEVENT_TAG=release-2.0.22-stable
 MINGW_TAG=a883b47a45ff74ced41dfbd9f748d5c2c61f3c01 # due to bug 1156131



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor-browser-bundle/master] Bumping nightly versions

[gk]

commit 49aa47ca2d1a975a5e25a791873da40fbef82336
Author: Georg Koppen 
Date:   Thu Feb 11 10:54:50 2016 +

Bumping nightly versions
---
 gitian/versions.nightly | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/gitian/versions.nightly b/gitian/versions.nightly
index 2344d40..419263f 100755
--- a/gitian/versions.nightly
+++ b/gitian/versions.nightly
@@ -14,7 +14,7 @@ MULTI_LINGUAL=1
 
 VERIFY_TAGS=0
 
-FIREFOX_VERSION=38.6.0esr
+FIREFOX_VERSION=38.6.1esr
 
 TORBROWSER_UPDATE_CHANNEL=default
 
@@ -65,7 +65,7 @@ GO_VER=1.4.2
 ## File names for the source packages
 OPENSSL_PACKAGE=openssl-${OPENSSL_VER}.tar.gz
 GMP_PACKAGE=gmp-${GMP_VER}.tar.bz2
-NOSCRIPT_PACKAGE=noscript_security_suite-2.9.0.2-sm+fx+fn.xpi
+NOSCRIPT_PACKAGE=noscript_security_suite-2.9.0.3-fx+fn+sm.xpi
 TOOLCHAIN4_PACKAGE=x86_64-apple-darwin10.tar.xz
 
TOOLCHAIN4_OLD_PACKAGE=multiarch-darwin11-cctools127.2-gcc42-5666.3-llvmgcc42-2336.1-Linux-120724.tar.xz
 OSXSDK_PACKAGE=MacOSX10.7.sdk.tar.gz
@@ -94,7 +94,7 @@ 
OSXSDK_HASH=da77bb0003fcca5ea8c4e8cb2da8828ded750c54afdcac29ec6f3b46ad5e3adf
 
OSXSDK_OLD_HASH=6602d8d5ddb371fbc02e2a5967d9bd0cd7358d46f9417753c8234b923f2ea6fc
 
TOOLCHAIN4_HASH=7b71bfe02820409b994c5c33a7eab81a81c72550f5da85ff7af70da3da244645
 
TOOLCHAIN4_OLD_HASH=65c1b2d302358a6b95a26c6828a66908a199276193bb0b268f2dcc1a997731e9
-NOSCRIPT_HASH=f3c9dec710e02d809fa85ac76750e5f074656105c1bde03d400cb597b2eb1fba
+NOSCRIPT_HASH=097298d5004c1f384f3af508cb1915921145f0f962e78c977a62f405bd7eb2d9
 MSVCR100_HASH=1221a09484964a6f38af5e34ee292b9afefccb3dc6e55435fd3aaf7c235d9067
 PYCRYPTO_HASH=f2ce1e989b272cfcb677616763e0a2e7ec659effa67a88aa92b3a65528f60a3c
 ARGPARSE_HASH=ddaf4b0a618335a32b6664d4ae038a1de8fbada3b25033f9021510ed2b3941a4

___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [metrics-web/master] Fix mismatched transport checkboxes.

[karsten]

commit 8ced93341c0ca57310326cbc4acacdd87067aff6
Author: Karsten Loesing 
Date:   Thu Feb 11 09:40:48 2016 +0100

Fix mismatched transport checkboxes.

Fixes #18301, found by dcf.
---
 website/src/org/torproject/metrics/web/GraphServlet.java | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/website/src/org/torproject/metrics/web/GraphServlet.java 
b/website/src/org/torproject/metrics/web/GraphServlet.java
index 4dfae9b..72f7f72 100644
--- a/website/src/org/torproject/metrics/web/GraphServlet.java
+++ b/website/src/org/torproject/metrics/web/GraphServlet.java
@@ -97,7 +97,8 @@ public class GraphServlet extends MetricServlet {
 { "websocket", "", "Flash proxy/websocket" },
 { "fte", "", "FTE" },
 { "meek", "", "meek" },
-{ "scramblesuit", "", "Unknown pluggable transport(s)" },
+{ "scramblesuit", "", "scramblesuit" },
+{ "", "", "Unknown pluggable transport(s)" },
 { "", "", "Default OR protocol" } });
 this.defaultParameters.put("version", new String[][] {
 { "v4", " selected", "IPv4" },

___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [translation/mat-gui] Update translations for mat-gui

[translation]

commit 0dea2bb9df348aa738b990913bc097e90bd176b9
Author: Translation commit bot 
Date:   Thu Feb 11 14:45:33 2016 +

Update translations for mat-gui
---
 tr.po | 10 +-
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/tr.po b/tr.po
index 8d49601..fcaebaa 100644
--- a/tr.po
+++ b/tr.po
@@ -4,7 +4,7 @@
 # 
 # Translators:
 # Güven ALBAYRAK , 2014
-# Kaya Zeren , 2015
+# Kaya Zeren , 2015-2016
 # Ozancan Karataş , 2015
 # Volkan Gezer , 2015-2016
 # Yasin Özel , 2013
@@ -13,8 +13,8 @@ msgstr ""
 "Project-Id-Version: The Tor Project\n"
 "Report-Msgid-Bugs-To: \n"
 "POT-Creation-Date: 2016-02-10 23:06+0100\n"
-"PO-Revision-Date: 2016-02-11 09:31+\n"
-"Last-Translator: carolyn \n"
+"PO-Revision-Date: 2016-02-11 14:25+\n"
+"Last-Translator: Kaya Zeren \n"
 "Language-Team: Turkish 
(http://www.transifex.com/otf/torproject/language/tr/)\n"
 "MIME-Version: 1.0\n"
 "Content-Type: text/plain; charset=UTF-8\n"
@@ -78,11 +78,11 @@ msgstr "Oluşturulan PDF dosyasının boyutunu ve 
kalitesini düşür"
 
 #: mat-gui:238
 msgid "Remove unsupported file from archives"
-msgstr ""
+msgstr "Desteklenmeyen dosyaları arşivden çıkar"
 
 #: mat-gui:241
 msgid "Remove non-supported (and so non-anonymised) file from output archive"
-msgstr ""
+msgstr "Desteklenmeyen (ve anonim olmayan) dosyaları çıkış arşivinden 
çıkar"
 
 #: mat-gui:280
 msgid "Unknown"

___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [translation/mat-gui_completed] Update translations for mat-gui_completed

[translation]

commit 0cae2b0d5e509f984ad728ee1b6dcd5caf5ea524
Author: Translation commit bot 
Date:   Thu Feb 11 14:45:38 2016 +

Update translations for mat-gui_completed
---
 tr.po | 16 
 1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/tr.po b/tr.po
index 63948d5..fcaebaa 100644
--- a/tr.po
+++ b/tr.po
@@ -4,7 +4,7 @@
 # 
 # Translators:
 # Güven ALBAYRAK , 2014
-# Kaya Zeren , 2015
+# Kaya Zeren , 2015-2016
 # Ozancan Karataş , 2015
 # Volkan Gezer , 2015-2016
 # Yasin Özel , 2013
@@ -12,9 +12,9 @@ msgid ""
 msgstr ""
 "Project-Id-Version: The Tor Project\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2016-01-03 20:54+0100\n"
-"PO-Revision-Date: 2016-01-07 20:07+\n"
-"Last-Translator: Volkan Gezer \n"
+"POT-Creation-Date: 2016-02-10 23:06+0100\n"
+"PO-Revision-Date: 2016-02-11 14:25+\n"
+"Last-Translator: Kaya Zeren \n"
 "Language-Team: Turkish 
(http://www.transifex.com/otf/torproject/language/tr/)\n"
 "MIME-Version: 1.0\n"
 "Content-Type: text/plain; charset=UTF-8\n"
@@ -77,12 +77,12 @@ msgid "Reduce the produced PDF size and quality"
 msgstr "Oluşturulan PDF dosyasının boyutunu ve kalitesini düşür"
 
 #: mat-gui:238
-msgid "Add unsupported file to archives"
-msgstr "Desteklenmeyen dosyaları arşive ekle"
+msgid "Remove unsupported file from archives"
+msgstr "Desteklenmeyen dosyaları arşivden çıkar"
 
 #: mat-gui:241
-msgid "Add non-supported (and so non-anonymised) file to output archive"
-msgstr "Desteklenmeyen (ve anonimleştirilmemiş) dosyaları çıkış 
arşivine ekle"
+msgid "Remove non-supported (and so non-anonymised) file from output archive"
+msgstr "Desteklenmeyen (ve anonim olmayan) dosyaları çıkış arşivinden 
çıkar"
 
 #: mat-gui:280
 msgid "Unknown"

___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [translation/tor-messenger-privproperties_completed] Update translations for tor-messenger-privproperties_completed

[translation]

commit 44624746225246d6bfe7e7ce8ecc368a1bad4007
Author: Translation commit bot 
Date:   Thu Feb 11 14:46:45 2016 +

Update translations for tor-messenger-privproperties_completed
---
 tr/priv.properties | 1 +
 1 file changed, 1 insertion(+)

diff --git a/tr/priv.properties b/tr/priv.properties
index fe4f340..1caf0e6 100644
--- a/tr/priv.properties
+++ b/tr/priv.properties
@@ -1 +1,2 @@
 priv.account=%S (%S) için kişisel anahtar oluşturuluyor ...
+priv.failed=Anahtar oluşturulamadı: %S

___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [translation/mat-gui] Update translations for mat-gui

[translation]

commit afbd8c21917f79d87678467369fa259b07829e8a
Author: Translation commit bot 
Date:   Thu Feb 11 11:15:32 2016 +

Update translations for mat-gui
---
 zh_TW.po | 9 +
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/zh_TW.po b/zh_TW.po
index e0b5e4e..16903e9 100644
--- a/zh_TW.po
+++ b/zh_TW.po
@@ -3,6 +3,7 @@
 # This file is distributed under the same license as the PACKAGE package.
 # 
 # Translators:
+# Agustín Wu , 2016
 # Bobby Ho , 2014
 # danfong , 2014
 # Wen-Gan Li , 2015
@@ -12,8 +13,8 @@ msgstr ""
 "Project-Id-Version: The Tor Project\n"
 "Report-Msgid-Bugs-To: \n"
 "POT-Creation-Date: 2016-02-10 23:06+0100\n"
-"PO-Revision-Date: 2016-02-11 09:31+\n"
-"Last-Translator: carolyn \n"
+"PO-Revision-Date: 2016-02-11 11:01+\n"
+"Last-Translator: Agustín Wu \n"
 "Language-Team: Chinese (Taiwan) 
(http://www.transifex.com/otf/torproject/language/zh_TW/)\n"
 "MIME-Version: 1.0\n"
 "Content-Type: text/plain; charset=UTF-8\n"
@@ -77,11 +78,11 @@ msgstr "減少產生的 PDF 檔案大小和品質"
 
 #: mat-gui:238
 msgid "Remove unsupported file from archives"
-msgstr ""
+msgstr "從檔案庫中移除已不被支援的檔案"
 
 #: mat-gui:241
 msgid "Remove non-supported (and so non-anonymised) file from output archive"
-msgstr ""
+msgstr "從輸出檔案庫中將不被支援(以及不å…
·åŒ¿åæ€§)的檔案移除"
 
 #: mat-gui:280
 msgid "Unknown"

___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor-browser-bundle/hardened-builds] Revert "Revert "Bug 15578: drop our Python build""

[gk]

commit faaed5b13cce8e4701fe3deb5894432415ed9cc9
Author: Georg Koppen 
Date:   Thu Feb 11 13:04:37 2016 +

Revert "Revert "Bug 15578: drop our Python build""

This reverts commit 92d04ecc79e97a3306e12807af289c434be5da00.
---
 gitian/descriptors/linux/gitian-bundle.yml  |  7 +--
 gitian/descriptors/linux/gitian-firefox.yml |  7 +--
 gitian/descriptors/linux/gitian-utils.yml   | 25 -
 gitian/fetch-inputs.sh  |  7 ++-
 gitian/mkbundle-linux.sh|  6 --
 gitian/verify-tags.sh   |  5 ++---
 gitian/versions |  5 -
 gitian/versions.alpha   |  5 -
 gitian/versions.beta|  5 -
 gitian/versions.nightly |  5 -
 10 files changed, 6 insertions(+), 71 deletions(-)

diff --git a/gitian/descriptors/linux/gitian-bundle.yml 
b/gitian/descriptors/linux/gitian-bundle.yml
index a9a0e36..ea754e7 100644
--- a/gitian/descriptors/linux/gitian-bundle.yml
+++ b/gitian/descriptors/linux/gitian-bundle.yml
@@ -13,6 +13,7 @@ packages:
 - "libxslt1.1"
 - "libxml2-utils"
 - "sqlite3"
+- "python-lxml"
 reference_datetime: "2000-01-01 00:00:00"
 remotes:
 - "url": "https://git.torproject.org/tor-launcher.git;
@@ -32,8 +33,6 @@ files:
 - "tor-browser-linux64-gbuilt.zip"
 - "tor-linux64-gbuilt.zip"
 - "pluggable-transports-linux64-gbuilt.zip"
-- "python-linux64-utils.zip"
-- "lxml-linux64-utils.zip"
 - "mar-tools-linux64.zip"
 - "torrc-defaults-appendix-linux"
 - "bridge_prefs.js"
@@ -78,10 +77,6 @@ script: |
   mkdir -p 
${TB_STAGE_DIR}/Browser/TorBrowser/Data/Browser/profile.meek-http-helper/extensions
   mkdir -p ${TB_STAGE_DIR}/Browser/TorBrowser/Data/Browser/Caches
   mkdir -p ${TB_STAGE_DIR}/Browser/TorBrowser/Docs/sources/
-  # Preparing Python for HTTPS-Everywhere.
-  unzip -d $INSTDIR python-linux$GBUILD_BITS-utils.zip
-  export PATH=$INSTDIR/python/bin:$PATH
-  unzip -d $INSTDIR/python/lib/python2.7 lxml-linux$GBUILD_BITS-utils.zip
   #
   # Extract the MAR tools.
   unzip -d ~/build ~/build/mar-tools-linux${GBUILD_BITS}.zip
diff --git a/gitian/descriptors/linux/gitian-firefox.yml 
b/gitian/descriptors/linux/gitian-firefox.yml
index a0fc8e3..c49636a 100644
--- a/gitian/descriptors/linux/gitian-firefox.yml
+++ b/gitian/descriptors/linux/gitian-firefox.yml
@@ -16,6 +16,7 @@ packages:
 - "libgstreamer-plugins-base0.10-dev"
 - "libxt-dev"
 - "hardening-wrapper"
+- "python-dev"
 # To pass configure since ESR 31.
 - "libpulse-dev"
 # We built GCC but not the libmpc2, thus we need to install it.
@@ -29,7 +30,6 @@ remotes:
 files:
 - "binutils-linux64-utils.zip"
 - "gcc-linux64-utils.zip"
-- "python-linux64-utils.zip"
 - "re-dzip.sh"
 - "dzip.sh"
 - "versions"
@@ -47,11 +47,6 @@ script: |
   export DEB_BUILD_HARDENING_FORMAT=1
   export DEB_BUILD_HARDENING_PIE=1
   #
-  # Preparing Python for Tor Browser
-  unzip -d $INSTDIR python-linux$GBUILD_BITS-utils.zip
-  # TODO: We might want to have a smarter solution than hard-coding the 
version.
-  ln -sf $INSTDIR/python/bin/python2.7 $INSTDIR/python/bin/python
-  export PATH=$INSTDIR/python/bin:$PATH
   # Preparing Binutils and GCC for Tor Browser
   unzip -d $INSTDIR binutils-linux$GBUILD_BITS-utils.zip
   # Make sure gold is used with the hardening wrapper for full RELRO, see
diff --git a/gitian/descriptors/linux/gitian-utils.yml 
b/gitian/descriptors/linux/gitian-utils.yml
index 1e04b36..72ead1b 100644
--- a/gitian/descriptors/linux/gitian-utils.yml
+++ b/gitian/descriptors/linux/gitian-utils.yml
@@ -32,8 +32,6 @@ files:
 - "binutils.tar.bz2"
 - "gcc.tar.bz2"
 - "openssl.tar.gz"
-- "python.tar.bz2"
-- "lxml.tar.gz"
 - "gmp.tar.bz2"
 - "versions"
 - "dzip.sh"
@@ -113,29 +111,7 @@ script: |
   make install
   cd ..
 
-  # Building Python
-  # Fx 24 ESR and HTTPS Everywhere >= 3.5 do not work with Python < 2.7 
anymore.
-  # But 10.04 does only ship with Python 2.6. Thus, we compile 2.7 ourselves...
-  tar xjf python.tar.bz2
-  cd Python-*
-  ./configure
-  make $MAKEOPTS altinstall prefix=$INSTDIR/python exec-prefix=$INSTDIR/python
-  cd ..
-
-  # Building lxml
-  export LD_PRELOAD=""
-  tar xzf lxml.tar.gz
-  cd lxml-*
-  # Make sure we use our freshly built python binary here. Otherwise bad things
-  # may happen when we do so in the bundle step assembling the HTTPS-Everywhere
-  # rules.
-  $INSTDIR/python/bin/python2.7 setup.py build
-  cd build/lib*
-  export LD_PRELOAD=/usr/lib/faketime/libfaketime.so.1
-  ~/build/dzip.sh lxml-$LXML_VER-linux$GBUILD_BITS-utils.zip lxml
   export LD_PRELOAD=""
-  cp *utils.zip $OUTDIR
-  cd ../../../
 
   # Building GMP
   tar xjf gmp.tar.bz2
@@ -157,6 +133,5 @@ script: |
   ~/build/dzip.sh gcc-$GCC_VER-linux$GBUILD_BITS-utils.zip gcc
   ~/build/dzip.sh openssl-$OPENSSL_VER-linux$GBUILD_BITS-utils.zip openssl
   ~/build/dzip.sh 
libevent-${LIBEVENT_TAG#release-}-linux$GBUILD_BITS-utils.zip libevent
-  ~/build/dzip.sh 

[tor-commits] [tor-browser-bundle/hardened-builds] Revert "Revert "Bug 15578: Switch Linux descriptors over to Wheezy""

[gk]

commit b429deeb6d6cd749d11855cfec058e168cddfc3c
Author: Georg Koppen 
Date:   Thu Feb 11 13:04:11 2016 +

Revert "Revert "Bug 15578: Switch Linux descriptors over to Wheezy""

This reverts commit a125e1c1bfc3babae9636750b4722b4ab7010ca3.
---
 gitian/Makefile|  2 +-
 gitian/README.build|  2 +-
 gitian/check-prerequisites.sh  | 41 +++---
 gitian/descriptors/linux/gitian-bundle.yml |  6 ++--
 gitian/descriptors/linux/gitian-firefox.yml|  9 +++--
 .../linux/gitian-pluggable-transports.yml  |  7 ++--
 gitian/descriptors/linux/gitian-tor.yml|  7 ++--
 gitian/descriptors/linux/gitian-utils.yml  | 38 +++-
 gitian/make-vms.sh | 29 +--
 9 files changed, 84 insertions(+), 57 deletions(-)

diff --git a/gitian/Makefile b/gitian/Makefile
index 5718d76..36b5ec3 100644
--- a/gitian/Makefile
+++ b/gitian/Makefile
@@ -119,7 +119,7 @@ clean-bundle:
 vmclean:
rm -rf ../../gitian-builder/*.qcow2
rm -rf ../../gitian-builder/base-*
-   rm -rf ../../gitian-builder/target-{lucid,precise}*
+   rm -rf ../../gitian-builder/target-{lucid,wheezy,precise}*
 
 distclean: vmclean
rm -rf ../../gitian-builder/inputs/*
diff --git a/gitian/README.build b/gitian/README.build
index f289791..4d01d6a 100644
--- a/gitian/README.build
+++ b/gitian/README.build
@@ -177,7 +177,7 @@ Known Issues and Quirks:
  where 'make vmclean' causes the rebuild of two VMs in a row.. This might
  trigger weird bugs in python-vm-builder.. To rebuild only one set of VMs,
  use either 'rm ../../gitian-builder/*precise*' (to remove the Windows/Mac
- VMs) or 'rm ../../gitian-builder/*lucid*' (to remove the Linux VMs).
+ VMs) or 'rm ../../gitian-builder/*wheezy*' (to remove the Linux VMs).
 
  You probably want to make sure you have no stray qemu processes before
  rebuilding the VMs or starting a new build, too. 'killall qemu-kvm' is
diff --git a/gitian/check-prerequisites.sh b/gitian/check-prerequisites.sh
index cc16d0e..a5f8393 100755
--- a/gitian/check-prerequisites.sh
+++ b/gitian/check-prerequisites.sh
@@ -17,7 +17,7 @@ then
   VERSION=`cat /etc/issue | grep -Eo '[0-9]{2}' | head -1`
   if [ "$VERSION" -ge "14" ];
   then
-dpkg -s ruby apache2 git apt-cacher-ng python-vm-builder qemu-kvm 
virt-what lxc lxctl fakeroot faketime zip unzip subversion torsocks tor 
2>/dev/null >/dev/null
+dpkg -s ruby apache2 git apt-cacher-ng qemu-kvm virt-what lxc lxctl 
fakeroot faketime zip unzip subversion torsocks tor 2>/dev/null >/dev/null
 
 if [ $? -ne 0 ];
 then
@@ -25,7 +25,7 @@ then
   echo
   echo "Please run:"
   echo " sudo apt-get install torsocks tor"
-  echo " sudo torsocks apt-get install ruby apache2 git apt-cacher-ng 
python-vm-builder qemu-kvm virt-what lxc lxctl fakeroot faketime zip unzip 
subversion"
+  echo " sudo torsocks apt-get install ruby apache2 git apt-cacher-ng 
qemu-kvm virt-what lxc lxctl fakeroot faketime zip unzip subversion"
   exit 1
 fi
   else
@@ -45,28 +45,29 @@ then
 echo " sudo torsocks apt-get install ruby git apt-cacher-ng qemu-kvm 
virt-what lxc lxctl fakeroot zip unzip python-cheetah debootstrap parted kpartx 
rsync"
 exit 1
   fi
-
-  # python-vm-builder is special as we don't have a Debian package for it.
-  vmbuilder --help 2>/dev/null >/dev/null
-  if [ $? -ne 0 ];
-  then
-echo "The VM tool python-vm-builder is missing."
-echo
-echo "Please run"
-echo 'torsocks wget -U "" 
http://archive.ubuntu.com/ubuntu/pool/universe/v/vm-builder/vm-builder_0.12.4+bzr489.orig.tar.gz'
-echo 'echo 
"ec12e0070a007989561bfee5862c89a32c301992dd2771c4d5078ef1b3014f03  
vm-builder_0.12.4+bzr489.orig.tar.gz" | sha256sum -c'
-echo "# (verification -- must return OK)"
-echo "tar -zxvf vm-builder_0.12.4+bzr489.orig.tar.gz"
-echo "cd vm-builder-0.12.4+bzr489"
-echo "sudo python setup.py install"
-echo "cd .."
-exit 1
-  fi
 else
   echo "We need Debian or Ubuntu which seem to be missing. Aborting."
   exit 1
 fi
 
+# vmbuilder is special as we don't have a package for it yet.
+# XXX: Make sure an already installed vmbuilder is recent enough.
+vmbuilder --help 2>/dev/null >/dev/null
+if [ $? -ne 0 ];
+then
+  echo "The VM tool python-vm-builder is missing."
+  echo
+  echo "Please run"
+  echo 'torsocks wget -U "" 
https://bugs.launchpad.net/ubuntu/+archive/primary/+files/vm-builder_0.12.4+bzr494.orig.tar.gz'
+  echo 'echo "76cbf8c52c391160b2641e7120dbade5afded713afaa6032f733a261f13e6a8e 
 vm-builder_0.12.4+bzr494.orig.tar.gz" | sha256sum -c'
+  echo "# (verification -- must return OK)"
+  echo "tar -zxvf vm-builder_0.12.4+bzr494.orig.tar.gz"
+  echo "cd vm-builder-0.12.4+bzr494"
+  echo "sudo python setup.py install"
+  echo "cd .."
+  exit 1
+fi
+
 

[tor-commits] [tor-browser-bundle/maint-5.5] Tag bump due to expired subkey

[gk]

commit cb2b281c633e0ac815340063b46c551496214024
Author: Georg Koppen 
Date:   Thu Feb 11 09:57:12 2016 +

Tag bump due to expired subkey
---
 gitian/gpg/tbb-windows-installer.gpg | Bin 53000 -> 107882 bytes
 gitian/versions  |   2 +-
 2 files changed, 1 insertion(+), 1 deletion(-)

diff --git a/gitian/gpg/tbb-windows-installer.gpg 
b/gitian/gpg/tbb-windows-installer.gpg
index 7193ea0..6923786 100644
Binary files a/gitian/gpg/tbb-windows-installer.gpg and 
b/gitian/gpg/tbb-windows-installer.gpg differ
diff --git a/gitian/versions b/gitian/versions
index 334b6cc..7be32ff 100755
--- a/gitian/versions
+++ b/gitian/versions
@@ -16,7 +16,7 @@ TOR_TAG=tor-0.2.7.6
 TORLAUNCHER_TAG=0.2.7.8
 TORBUTTON_TAG=1.9.4.3
 HTTPSE_TAG=5.1.2
-NSIS_TAG=v0.3
+NSIS_TAG=v0.3.1
 ZLIB_TAG=v1.2.8
 LIBEVENT_TAG=release-2.0.22-stable
 MINGW_TAG=a883b47a45ff74ced41dfbd9f748d5c2c61f3c01 # due to bug 1156131

___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [translation/tor-messenger-privproperties_completed] Update translations for tor-messenger-privproperties_completed

[translation]

commit 67eb12eade6050e59e52e802092dc9ca8b6a8a94
Author: Translation commit bot 
Date:   Thu Feb 11 10:46:45 2016 +

Update translations for tor-messenger-privproperties_completed
---
 en_GB/priv.properties | 1 +
 1 file changed, 1 insertion(+)

diff --git a/en_GB/priv.properties b/en_GB/priv.properties
index 98177ad..f8a9f15 100644
--- a/en_GB/priv.properties
+++ b/en_GB/priv.properties
@@ -1 +1,2 @@
 priv.account=Generating private key for %S (%S) ...
+priv.failed=Generating key failed: %S

___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [translation/mat-gui_completed] Update translations for mat-gui_completed

[translation]

commit 3d8a7b3ddb37c07dc570136d565f5459d2db40a4
Author: Translation commit bot 
Date:   Thu Feb 11 10:45:37 2016 +

Update translations for mat-gui_completed
---
 en_GB.po | 12 ++--
 es.po| 16 
 2 files changed, 14 insertions(+), 14 deletions(-)

diff --git a/en_GB.po b/en_GB.po
index e8fef15..eeb591d 100644
--- a/en_GB.po
+++ b/en_GB.po
@@ -9,8 +9,8 @@ msgid ""
 msgstr ""
 "Project-Id-Version: The Tor Project\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2016-01-03 20:54+0100\n"
-"PO-Revision-Date: 2016-02-01 12:46+\n"
+"POT-Creation-Date: 2016-02-10 23:06+0100\n"
+"PO-Revision-Date: 2016-02-11 10:21+\n"
 "Last-Translator: Andi Chandler \n"
 "Language-Team: English (United Kingdom) 
(http://www.transifex.com/otf/torproject/language/en_GB/)\n"
 "MIME-Version: 1.0\n"
@@ -74,12 +74,12 @@ msgid "Reduce the produced PDF size and quality"
 msgstr "Reduce the produced PDF size and quality"
 
 #: mat-gui:238
-msgid "Add unsupported file to archives"
-msgstr "Add unsupported file to archives"
+msgid "Remove unsupported file from archives"
+msgstr "Remove unsupported file from archives"
 
 #: mat-gui:241
-msgid "Add non-supported (and so non-anonymised) file to output archive"
-msgstr "Add non-supported (and so non-anonymised) file to output archive"
+msgid "Remove non-supported (and so non-anonymised) file from output archive"
+msgstr "Remove non-supported (and so non-anonymised) file from output archive"
 
 #: mat-gui:280
 msgid "Unknown"
diff --git a/es.po b/es.po
index af996c4..8ab72ff 100644
--- a/es.po
+++ b/es.po
@@ -5,14 +5,14 @@
 # Translators:
 # Edward Navarro, 2015
 # Noel Torres , 2013
-# strel, 2013-2014
+# strel, 2013-2014,2016
 msgid ""
 msgstr ""
 "Project-Id-Version: The Tor Project\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2016-01-03 20:54+0100\n"
-"PO-Revision-Date: 2015-12-18 18:36+\n"
-"Last-Translator: Edward Navarro\n"
+"POT-Creation-Date: 2016-02-10 23:06+0100\n"
+"PO-Revision-Date: 2016-02-11 10:18+\n"
+"Last-Translator: strel\n"
 "Language-Team: Spanish 
(http://www.transifex.com/otf/torproject/language/es/)\n"
 "MIME-Version: 1.0\n"
 "Content-Type: text/plain; charset=UTF-8\n"
@@ -75,12 +75,12 @@ msgid "Reduce the produced PDF size and quality"
 msgstr "Reduce el tamaño y calidad del PDF producido"
 
 #: mat-gui:238
-msgid "Add unsupported file to archives"
-msgstr "Añadir fichero no soportado a los archivos"
+msgid "Remove unsupported file from archives"
+msgstr "Eliminar fichero no soportado de los archivos"
 
 #: mat-gui:241
-msgid "Add non-supported (and so non-anonymised) file to output archive"
-msgstr "Añade fichero no soportado (y no anonimizado) al archivo de salida"
+msgid "Remove non-supported (and so non-anonymised) file from output archive"
+msgstr "Eliminar fichero no soportado (y no anonimizado) del archivo de salida"
 
 #: mat-gui:280
 msgid "Unknown"

___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [translation/bridgedb_completed] Update translations for bridgedb_completed

[translation]

commit 01849268da61849f18fe76555b555c7f0fe8acb5
Author: Translation commit bot 
Date:   Thu Feb 11 10:15:08 2016 +

Update translations for bridgedb_completed
---
 ru/LC_MESSAGES/bridgedb.po | 7 ---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/ru/LC_MESSAGES/bridgedb.po b/ru/LC_MESSAGES/bridgedb.po
index 5d88c24..50f7c7a 100644
--- a/ru/LC_MESSAGES/bridgedb.po
+++ b/ru/LC_MESSAGES/bridgedb.po
@@ -4,6 +4,7 @@
 # 
 # Translators:
 # Andrey Yoker Ogurchikov , 2014
+# Antony A. Tolmachev , 2016
 # Evgrafov Denis , 2014
 # Eugene, 2013
 # foo , 2014
@@ -20,8 +21,8 @@ msgstr ""
 "Project-Id-Version: The Tor Project\n"
 "Report-Msgid-Bugs-To: 
'https://trac.torproject.org/projects/tor/newticket?component=BridgeDB=bridgedb-reported,msgid=isis,sysrqb=isis'\n"
 "POT-Creation-Date: 2015-07-25 03:40+\n"
-"PO-Revision-Date: 2015-11-04 04:21+\n"
-"Last-Translator: vb[fbk \n"
+"PO-Revision-Date: 2016-02-11 09:56+\n"
+"Last-Translator: Antony A. Tolmachev \n"
 "Language-Team: Russian 
(http://www.transifex.com/otf/torproject/language/ru/)\n"
 "MIME-Version: 1.0\n"
 "Content-Type: text/plain; charset=UTF-8\n"
@@ -144,7 +145,7 @@ msgstr "%sП%sросто дайте мне адреса 
мостов!"
 
 #: bridgedb/https/templates/options.html:51
 msgid "Advanced Options"
-msgstr "Дополнительные настройки"
+msgstr "Расширенные настройки"
 
 #: bridgedb/https/templates/options.html:86
 msgid "No"

___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [translation/bridgedb] Update translations for bridgedb

[translation]

commit c646e20de967000e256a416e7798b8305f722c2d
Author: Translation commit bot 
Date:   Thu Feb 11 10:15:03 2016 +

Update translations for bridgedb
---
 ru/LC_MESSAGES/bridgedb.po | 7 ---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/ru/LC_MESSAGES/bridgedb.po b/ru/LC_MESSAGES/bridgedb.po
index 5d88c24..50f7c7a 100644
--- a/ru/LC_MESSAGES/bridgedb.po
+++ b/ru/LC_MESSAGES/bridgedb.po
@@ -4,6 +4,7 @@
 # 
 # Translators:
 # Andrey Yoker Ogurchikov , 2014
+# Antony A. Tolmachev , 2016
 # Evgrafov Denis , 2014
 # Eugene, 2013
 # foo , 2014
@@ -20,8 +21,8 @@ msgstr ""
 "Project-Id-Version: The Tor Project\n"
 "Report-Msgid-Bugs-To: 
'https://trac.torproject.org/projects/tor/newticket?component=BridgeDB=bridgedb-reported,msgid=isis,sysrqb=isis'\n"
 "POT-Creation-Date: 2015-07-25 03:40+\n"
-"PO-Revision-Date: 2015-11-04 04:21+\n"
-"Last-Translator: vb[fbk \n"
+"PO-Revision-Date: 2016-02-11 09:56+\n"
+"Last-Translator: Antony A. Tolmachev \n"
 "Language-Team: Russian 
(http://www.transifex.com/otf/torproject/language/ru/)\n"
 "MIME-Version: 1.0\n"
 "Content-Type: text/plain; charset=UTF-8\n"
@@ -144,7 +145,7 @@ msgstr "%sП%sросто дайте мне адреса 
мостов!"
 
 #: bridgedb/https/templates/options.html:51
 msgid "Advanced Options"
-msgstr "Дополнительные настройки"
+msgstr "Расширенные настройки"
 
 #: bridgedb/https/templates/options.html:86
 msgid "No"

___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [translation/mat-gui] Update translations for mat-gui

[translation]

commit f3ca2ce5fc9a2895c0bb4fb8abff42a3ebd224cb
Author: Translation commit bot 
Date:   Thu Feb 11 10:15:38 2016 +

Update translations for mat-gui
---
 lt.po | 12 ++--
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/lt.po b/lt.po
index e8b7c50..182fad5 100644
--- a/lt.po
+++ b/lt.po
@@ -3,14 +3,14 @@
 # This file is distributed under the same license as the PACKAGE package.
 # 
 # Translators:
-# Moo, 2015
+# Moo, 2015-2016
 msgid ""
 msgstr ""
 "Project-Id-Version: The Tor Project\n"
 "Report-Msgid-Bugs-To: \n"
 "POT-Creation-Date: 2016-02-10 23:06+0100\n"
-"PO-Revision-Date: 2016-02-11 09:31+\n"
-"Last-Translator: carolyn \n"
+"PO-Revision-Date: 2016-02-11 09:49+\n"
+"Last-Translator: Moo\n"
 "Language-Team: Lithuanian 
(http://www.transifex.com/otf/torproject/language/lt/)\n"
 "MIME-Version: 1.0\n"
 "Content-Type: text/plain; charset=UTF-8\n"
@@ -98,7 +98,7 @@ msgstr ""
 
 #: mat-gui:343
 msgid "Fileformat not supported"
-msgstr ""
+msgstr "Failo formatas nepalaikomas"
 
 #: mat-gui:346
 msgid "These files can not be processed:"
@@ -128,12 +128,12 @@ msgstr ""
 #: mat-gui:413
 #, python-format
 msgid "Checking %s"
-msgstr ""
+msgstr "Tikrinama %s"
 
 #: mat-gui:428
 #, python-format
 msgid "Cleaning %s"
-msgstr ""
+msgstr "IÅ¡valoma %s"
 
 #: data/mat.glade:46
 msgid "_File"

___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor-browser-bundle/master] Release preparations for 6.0a2

[gk]

commit 499fecf76524da8f312279baac71e71979fc6c4b
Author: Georg Koppen 
Date:   Thu Feb 11 10:49:11 2016 +

Release preparations for 6.0a2
---
 Bundle-Data/Docs/ChangeLog.txt| 24 
 gitian/versions.alpha |  6 +++---
 tools/update-responses/config.yml | 12 ++--
 3 files changed, 33 insertions(+), 9 deletions(-)

diff --git a/Bundle-Data/Docs/ChangeLog.txt b/Bundle-Data/Docs/ChangeLog.txt
index 5eabaa4..61df40c 100644
--- a/Bundle-Data/Docs/ChangeLog.txt
+++ b/Bundle-Data/Docs/ChangeLog.txt
@@ -1,3 +1,27 @@
+Tor Browser 6.0a2 -- February 15 2016
+ * All Platforms
+   * Update Firefox to 38.6.1esr
+   * Update NoScript to 2.9.0.3
+   * Bug 18168: Don't clear an iframe's window.name (fix of #16620)
+   * Bug 18137: Add two new obfs4 default bridges
+ * Windows
+   * Bug 18169: Whitelist zh-CN UI font
+ * OSX
+   * Bug 18172: Add Emoji support
+ * Linux
+   * Bug 18172: Add Emoji support
+
+Tor Browser 5.5.1 -- February 4 2016
+ * All Platforms
+   * Bug 18168: Don't clear an iframe's window.name (fix of #16620)
+   * Bug 18137: Add two new obfs4 default bridges
+ * Windows
+   * Bug 18169: Whitelist zh-CN UI font
+ * OS X
+   * Bug 18172: Add Emoji support
+ * Linux
+   * Bug 18172: Add Emoji support
+
 Tor Browser 6.0a1 -- January 27 2016
  * All Platforms
* Update Firefox to 38.6.0esr
diff --git a/gitian/versions.alpha b/gitian/versions.alpha
index 91854b8..f73c7f5 100755
--- a/gitian/versions.alpha
+++ b/gitian/versions.alpha
@@ -7,7 +7,7 @@ BUILD_PT_BUNDLES=1
 
 VERIFY_TAGS=1
 
-FIREFOX_VERSION=38.6.0esr
+FIREFOX_VERSION=38.6.1esr
 
 TORBROWSER_UPDATE_CHANNEL=alpha
 
@@ -58,7 +58,7 @@ GO_VER=1.4.2
 ## File names for the source packages
 OPENSSL_PACKAGE=openssl-${OPENSSL_VER}.tar.gz
 GMP_PACKAGE=gmp-${GMP_VER}.tar.bz2
-NOSCRIPT_PACKAGE=noscript_security_suite-2.9.0.2-sm+fx+fn.xpi
+NOSCRIPT_PACKAGE=noscript_security_suite-2.9.0.3-fx+fn+sm.xpi
 TOOLCHAIN4_PACKAGE=x86_64-apple-darwin10.tar.xz
 
TOOLCHAIN4_OLD_PACKAGE=multiarch-darwin11-cctools127.2-gcc42-5666.3-llvmgcc42-2336.1-Linux-120724.tar.xz
 OSXSDK_PACKAGE=MacOSX10.7.sdk.tar.gz
@@ -87,7 +87,7 @@ 
OSXSDK_HASH=da77bb0003fcca5ea8c4e8cb2da8828ded750c54afdcac29ec6f3b46ad5e3adf
 
OSXSDK_OLD_HASH=6602d8d5ddb371fbc02e2a5967d9bd0cd7358d46f9417753c8234b923f2ea6fc
 
TOOLCHAIN4_HASH=7b71bfe02820409b994c5c33a7eab81a81c72550f5da85ff7af70da3da244645
 
TOOLCHAIN4_OLD_HASH=65c1b2d302358a6b95a26c6828a66908a199276193bb0b268f2dcc1a997731e9
-NOSCRIPT_HASH=f3c9dec710e02d809fa85ac76750e5f074656105c1bde03d400cb597b2eb1fba
+NOSCRIPT_HASH=097298d5004c1f384f3af508cb1915921145f0f962e78c977a62f405bd7eb2d9
 MSVCR100_HASH=1221a09484964a6f38af5e34ee292b9afefccb3dc6e55435fd3aaf7c235d9067
 PYCRYPTO_HASH=f2ce1e989b272cfcb677616763e0a2e7ec659effa67a88aa92b3a65528f60a3c
 ARGPARSE_HASH=ddaf4b0a618335a32b6664d4ae038a1de8fbada3b25033f9021510ed2b3941a4
diff --git a/tools/update-responses/config.yml 
b/tools/update-responses/config.yml
index a0f5309..2827471 100644
--- a/tools/update-responses/config.yml
+++ b/tools/update-responses/config.yml
@@ -9,7 +9,7 @@ build_targets:
 osx32: Darwin_x86-gcc3
 osx64: Darwin_x86_64-gcc3
 channels:
-alpha: 6.0a1
+alpha: 6.0a2
 release: 5.5
 versions:
 5.5:
@@ -23,12 +23,12 @@ versions:
 osx32:
 minSupportedOSVersion: 10.8
 detailsURL: 
https://blog.torproject.org/blog/end-life-plan-tor-browser-32-bit-macs#updating
-6.0a1:
-platformVersion: 38.6.0
-detailsURL: https://blog.torproject.org/blog/tor-browser-60a1-released
-download_url: https://www.torproject.org/dist/torbrowser/6.0a1
+6.0a2:
+platformVersion: 38.6.1
+detailsURL: https://blog.torproject.org/blog/tor-browser-60a2-released
+download_url: https://www.torproject.org/dist/torbrowser/6.0a2
 incremental_from:
-  - 5.5a6
+  - 6.0a1
 migrate_archs:
   osx32: osx64
 osx32:

___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [translation/mat-gui_completed] Update translations for mat-gui_completed

[translation]

commit 0a6e018c42744be35fbcd7581c2decb5f932f219
Author: Translation commit bot 
Date:   Thu Feb 11 11:15:36 2016 +

Update translations for mat-gui_completed
---
 zh_TW.po | 15 ---
 1 file changed, 8 insertions(+), 7 deletions(-)

diff --git a/zh_TW.po b/zh_TW.po
index 396b0bc..16903e9 100644
--- a/zh_TW.po
+++ b/zh_TW.po
@@ -3,6 +3,7 @@
 # This file is distributed under the same license as the PACKAGE package.
 # 
 # Translators:
+# Agustín Wu , 2016
 # Bobby Ho , 2014
 # danfong , 2014
 # Wen-Gan Li , 2015
@@ -11,9 +12,9 @@ msgid ""
 msgstr ""
 "Project-Id-Version: The Tor Project\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2016-01-03 20:54+0100\n"
-"PO-Revision-Date: 2015-12-22 12:44+\n"
-"Last-Translator: Wen-Gan Li \n"
+"POT-Creation-Date: 2016-02-10 23:06+0100\n"
+"PO-Revision-Date: 2016-02-11 11:01+\n"
+"Last-Translator: Agustín Wu \n"
 "Language-Team: Chinese (Taiwan) 
(http://www.transifex.com/otf/torproject/language/zh_TW/)\n"
 "MIME-Version: 1.0\n"
 "Content-Type: text/plain; charset=UTF-8\n"
@@ -76,12 +77,12 @@ msgid "Reduce the produced PDF size and quality"
 msgstr "減少產生的 PDF 檔案大小和品質"
 
 #: mat-gui:238
-msgid "Add unsupported file to archives"
-msgstr "新增不支援的檔案到壓縮檔"
+msgid "Remove unsupported file from archives"
+msgstr "從檔案庫中移除已不被支援的檔案"
 
 #: mat-gui:241
-msgid "Add non-supported (and so non-anonymised) file to output archive"
-msgstr "新增未支援 (也沒有匿名的) 檔案到輸出壓縮檔"
+msgid "Remove non-supported (and so non-anonymised) file from output archive"
+msgstr "從輸出檔案庫中將不被支援(以及不å…
·åŒ¿åæ€§)的檔案移除"
 
 #: mat-gui:280
 msgid "Unknown"

___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [translation/mat-gui_completed] Update translations for mat-gui_completed

[translation]

commit ac25916d66c75bba238fe4f7c250eb5c629ba04c
Author: Translation commit bot 
Date:   Thu Feb 11 12:15:36 2016 +

Update translations for mat-gui_completed
---
 fr_CA.po | 12 ++--
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/fr_CA.po b/fr_CA.po
index c38f200..d93f961 100644
--- a/fr_CA.po
+++ b/fr_CA.po
@@ -10,8 +10,8 @@ msgid ""
 msgstr ""
 "Project-Id-Version: The Tor Project\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2016-01-03 20:54+0100\n"
-"PO-Revision-Date: 2016-01-06 19:31+\n"
+"POT-Creation-Date: 2016-02-10 23:06+0100\n"
+"PO-Revision-Date: 2016-02-11 12:02+\n"
 "Last-Translator: Trans-fr\n"
 "Language-Team: French (Canada) 
(http://www.transifex.com/otf/torproject/language/fr_CA/)\n"
 "MIME-Version: 1.0\n"
@@ -75,12 +75,12 @@ msgid "Reduce the produced PDF size and quality"
 msgstr "Réduire la taille et la qualité des PDF produits"
 
 #: mat-gui:238
-msgid "Add unsupported file to archives"
-msgstr "Ajouter le(s) fichier(s) non pris en charge aux archives"
+msgid "Remove unsupported file from archives"
+msgstr "Retirer les fichiers non pris en charge des archives"
 
 #: mat-gui:241
-msgid "Add non-supported (and so non-anonymised) file to output archive"
-msgstr "Ajouter le(s) fichier(s) non pris en charge (et donc non anonymisés) 
aux archives produites"
+msgid "Remove non-supported (and so non-anonymised) file from output archive"
+msgstr "Retirer les fichiers non pris en charge (et donc non anonymisés) du 
fichier compressé de sortie"
 
 #: mat-gui:280
 msgid "Unknown"

___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [translation/mat-gui] Update translations for mat-gui

[translation]

commit 4e79bc64b1c25e86a7fefa42e5efcd29323da3fe
Author: Translation commit bot 
Date:   Thu Feb 11 12:15:32 2016 +

Update translations for mat-gui
---
 fr_CA.po | 8 
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/fr_CA.po b/fr_CA.po
index 51d1480..d93f961 100644
--- a/fr_CA.po
+++ b/fr_CA.po
@@ -11,8 +11,8 @@ msgstr ""
 "Project-Id-Version: The Tor Project\n"
 "Report-Msgid-Bugs-To: \n"
 "POT-Creation-Date: 2016-02-10 23:06+0100\n"
-"PO-Revision-Date: 2016-02-11 09:31+\n"
-"Last-Translator: carolyn \n"
+"PO-Revision-Date: 2016-02-11 12:02+\n"
+"Last-Translator: Trans-fr\n"
 "Language-Team: French (Canada) 
(http://www.transifex.com/otf/torproject/language/fr_CA/)\n"
 "MIME-Version: 1.0\n"
 "Content-Type: text/plain; charset=UTF-8\n"
@@ -76,11 +76,11 @@ msgstr "Réduire la taille et la qualité des PDF produits"
 
 #: mat-gui:238
 msgid "Remove unsupported file from archives"
-msgstr ""
+msgstr "Retirer les fichiers non pris en charge des archives"
 
 #: mat-gui:241
 msgid "Remove non-supported (and so non-anonymised) file from output archive"
-msgstr ""
+msgstr "Retirer les fichiers non pris en charge (et donc non anonymisés) du 
fichier compressé de sortie"
 
 #: mat-gui:280
 msgid "Unknown"

___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor-browser/tor-browser-38.6.0esr-6.0-1] fixup! TB4: Tor Browser's Firefox preference overrides.

[gk]

commit c924c0643ff7ac6c074f0aa87f5f2597aca3b969
Author: Georg Koppen 
Date:   Thu Feb 4 09:15:10 2016 +

fixup! TB4: Tor Browser's Firefox preference overrides.

Bug 18172: Back out the Windows related part as we need a better fix
for it.
---
 browser/app/profile/000-tor-browser.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/browser/app/profile/000-tor-browser.js 
b/browser/app/profile/000-tor-browser.js
index c022719..791e0d2 100644
--- a/browser/app/profile/000-tor-browser.js
+++ b/browser/app/profile/000-tor-browser.js
@@ -283,7 +283,7 @@ pref("font.name.sans-serif.ar", "Arial");
 #endif
 
 #ifdef XP_WIN
-pref("font.system.whitelist", "Arial, Batang, 바탕, Cambria Math, Courier 
New, Euphemia, Gautami, Georgia, Gulim, 굴림, GulimChe, 굴림체, Iskoola 
Pota, Kalinga, Kartika, Latha, Lucida Console, MS Gothic, ＭＳ ゴシック, 
MS Mincho, ＭＳ 明朝, MS PGothic, ＭＳ Ｐゴシック, MS PMincho, 
ＭＳ Ｐ明朝, MV Boli, Malgun Gothic, Mangal, Meiryo, Meiryo UI, Microsoft 
Himalaya, Microsoft JhengHei, Microsoft JengHei UI, Microsoft YaHei, 微软雅
黑, Microsoft YaHei UI, MingLiU, 細明體, Noto Sans Buginese, Noto Sans 
Khmer, Noto Sans Lao, Noto Sans Myanmar, Noto Sans Yi, Nyala, PMingLiU, 
新細明體, Plantagenet Cherokee, Raavi, Segoe UI, Segoe UI Emoji, Shruti, 
SimSun, 宋体, Sylfaen, Tahoma, Times New Roman, Tunga, Verdana, Vrinda, Yu 
Gothic UI");
+pref("font.system.whitelist", "Arial, Batang, 바탕, Cambria Math, Courier 
New, Euphemia, Gautami, Georgia, Gulim, 굴림, GulimChe, 굴림체, Iskoola 
Pota, Kalinga, Kartika, Latha, Lucida Console, MS Gothic, ＭＳ ゴシック, 
MS Mincho, ＭＳ 明朝, MS PGothic, ＭＳ Ｐゴシック, MS PMincho, 
ＭＳ Ｐ明朝, MV Boli, Malgun Gothic, Mangal, Meiryo, Meiryo UI, Microsoft 
Himalaya, Microsoft JhengHei, Microsoft JengHei UI, Microsoft YaHei, 微软雅
黑, Microsoft YaHei UI, MingLiU, 細明體, Noto Sans Buginese, Noto Sans 
Khmer, Noto Sans Lao, Noto Sans Myanmar, Noto Sans Yi, Nyala, PMingLiU, 
新細明體, Plantagenet Cherokee, Raavi, Segoe UI, Shruti, SimSun, 宋体, 
Sylfaen, Tahoma, Times New Roman, Tunga, Verdana, Vrinda, Yu Gothic UI");
 #endif
 
 #ifdef XP_LINUX

___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [translation/mat-gui_completed] Update translations for mat-gui_completed

[translation]

commit feecc153f98e2ed608a84068359f48673c4a3358
Author: Translation commit bot 
Date:   Thu Feb 11 13:15:37 2016 +

Update translations for mat-gui_completed
---
 zh_CN.po | 134 +++
 1 file changed, 67 insertions(+), 67 deletions(-)

diff --git a/zh_CN.po b/zh_CN.po
index edc5c3b..bd783f5 100644
--- a/zh_CN.po
+++ b/zh_CN.po
@@ -4,13 +4,13 @@
 # 
 # Translators:
 # khi, 2013
-# YF , 2014-2015
+# YF , 2014-2016
 msgid ""
 msgstr ""
 "Project-Id-Version: The Tor Project\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2015-12-16 15:03+0100\n"
-"PO-Revision-Date: 2015-12-17 23:53+\n"
+"POT-Creation-Date: 2016-02-10 23:06+0100\n"
+"PO-Revision-Date: 2016-02-11 13:07+\n"
 "Last-Translator: YF \n"
 "Language-Team: Chinese (China) 
(http://www.transifex.com/otf/torproject/language/zh_CN/)\n"
 "MIME-Version: 1.0\n"
@@ -19,171 +19,171 @@ msgstr ""
 "Language: zh_CN\n"
 "Plural-Forms: nplurals=1; plural=0;\n"
 
-#: mat-gui:64 mat-gui:415 mat-gui:438
+#: mat-gui:66 mat-gui:422 mat-gui:445
 msgid "Ready"
 msgstr "准备"
 
-#: mat-gui:133
+#: mat-gui:136
 msgid "Choose files"
 msgstr "选择文件"
 
-#: mat-gui:141
-msgid "All files"
-msgstr "全部文件"
-
-#: mat-gui:147
+#: mat-gui:144
 msgid "Supported files"
 msgstr "支持文件"
 
-#: mat-gui:164 mat-gui:359 mat-gui:410 mat-gui:434 mat-gui:436
-#: data/mat.glade:480
+#: mat-gui:151
+msgid "All files"
+msgstr "全部文件"
+
+#: mat-gui:167 mat-gui:366 mat-gui:417 mat-gui:441 mat-gui:443
+#: data/mat.glade:200
 msgid "Clean"
 msgstr "清除"
 
-#: mat-gui:165
+#: mat-gui:168
 msgid "No metadata found"
 msgstr "未找到元数据"
 
-#: mat-gui:167 mat-gui:412
+#: mat-gui:170 mat-gui:419
 msgid "Dirty"
 msgstr "更新"
 
-#: mat-gui:172
+#: mat-gui:176
 #, python-format
 msgid "%s's metadata"
 msgstr "%s 的元数据"
 
-#: mat-gui:183
+#: mat-gui:187
 msgid "Trash your meta, keep your data"
 msgstr "丢弃元标签，保留数据"
 
-#: mat-gui:188
+#: mat-gui:192
 msgid "Website"
 msgstr "网站"
 
-#: mat-gui:214
+#: mat-gui:219
 msgid "Preferences"
 msgstr "首选项"
 
-#: mat-gui:227
+#: mat-gui:232
 msgid "Reduce PDF quality"
 msgstr "降低 PDF 质量"
 
-#: mat-gui:230
+#: mat-gui:235
 msgid "Reduce the produced PDF size and quality"
 msgstr "降低生成 PDF 的大小和质量"
 
-#: mat-gui:233
-msgid "Add unsupported file to archives"
-msgstr "将不支持的文件添加到存档"
+#: mat-gui:238
+msgid "Remove unsupported file from archives"
+msgstr "从存档中移除不支持的文件"
 
-#: mat-gui:236
-msgid "Add non-supported (and so non-anonymised) file to output archive"
-msgstr "将不支持（与非匿名化）的文件添加到输出存档"
+#: mat-gui:241
+msgid "Remove non-supported (and so non-anonymised) file from output archive"
+msgstr "从输出存档中移除不支持（与非匿名化）的文件"
 
-#: mat-gui:275
+#: mat-gui:280
 msgid "Unknown"
 msgstr "未知"
 
-#: mat-gui:318
+#: mat-gui:325
 msgid "Not-supported"
 msgstr "不支持"
 
-#: mat-gui:332
+#: mat-gui:339
 msgid "Harmless fileformat"
 msgstr "无害的文件格式"
 
-#: mat-gui:334
+#: mat-gui:341
 msgid "Cant read file"
 msgstr "无法读取文件"
 
-#: mat-gui:336
+#: mat-gui:343
 msgid "Fileformat not supported"
 msgstr "不支持的文件格式"
 
-#: mat-gui:339
+#: mat-gui:346
 msgid "These files can not be processed:"
 msgstr "这些文件不能被处理:"
 
-#: mat-gui:344 mat-gui:373 data/mat.glade:519
+#: mat-gui:351 mat-gui:380 data/mat.glade:239
 msgid "Filename"
 msgstr "文件名"
 
-#: mat-gui:346
+#: mat-gui:353
 msgid "Reason"
 msgstr "原因"
 
-#: mat-gui:358
+#: mat-gui:365
 msgid "Non-supported files in archive"
 msgstr "不支持压缩包内的文件"
 
-#: mat-gui:372
+#: mat-gui:379
 msgid "Include"
 msgstr "包括"
 
-#: mat-gui:390
+#: mat-gui:397
 #, python-format
 msgid "MAT is not able to clean the following files, found in the %s archive"
 msgstr "MAT 不能清除下列文件，发现于 %s 压缩文件"
 
-#: mat-gui:406
+#: mat-gui:413
 #, python-format
 msgid "Checking %s"
 msgstr "正在检查 %s"
 
-#: mat-gui:421
+#: mat-gui:428
 #, python-format
 msgid "Cleaning %s"
 msgstr "正在清除 %s"
 
-#: data/mat.glade:26 data/mat.glade:196
+#: data/mat.glade:46
+msgid "_File"
+msgstr "文件(_F)"
+
+#: data/mat.glade:95
+msgid "_Edit"
+msgstr "编辑(_E)"
+
+#: data/mat.glade:141
+msgid "_Help"
+msgstr "帮助(_H)"
+
+#: data/mat.glade:187
+msgid "Add"
+msgstr "添加"
+
+#: data/mat.glade:256
+msgid "State"
+msgstr "状态"
+
+#: data/mat.glade:294 data/mat.glade:467
 msgid "Metadata"
 msgstr "元数据"
 
-#: data/mat.glade:85
+#: data/mat.glade:354
 msgid "Name"
 msgstr "名字"
 
-#: data/mat.glade:99
+#: data/mat.glade:368
 msgid "Content"
 msgstr "内容"
 
-#: data/mat.glade:129
+#: data/mat.glade:398
 msgid "Supported formats"
 msgstr "支持格式"
 
-#: 

[tor-commits] [translation/mat-gui] Update translations for mat-gui

[translation]

commit 4089bb590ce182f2cf1fc4d38424707023c67333
Author: Translation commit bot 
Date:   Thu Feb 11 13:15:32 2016 +

Update translations for mat-gui
---
 zh_CN.po | 10 +-
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/zh_CN.po b/zh_CN.po
index d55307c..bd783f5 100644
--- a/zh_CN.po
+++ b/zh_CN.po
@@ -4,14 +4,14 @@
 # 
 # Translators:
 # khi, 2013
-# YF , 2014-2015
+# YF , 2014-2016
 msgid ""
 msgstr ""
 "Project-Id-Version: The Tor Project\n"
 "Report-Msgid-Bugs-To: \n"
 "POT-Creation-Date: 2016-02-10 23:06+0100\n"
-"PO-Revision-Date: 2016-02-11 09:31+\n"
-"Last-Translator: carolyn \n"
+"PO-Revision-Date: 2016-02-11 13:07+\n"
+"Last-Translator: YF \n"
 "Language-Team: Chinese (China) 
(http://www.transifex.com/otf/torproject/language/zh_CN/)\n"
 "MIME-Version: 1.0\n"
 "Content-Type: text/plain; charset=UTF-8\n"
@@ -75,11 +75,11 @@ msgstr "降低生成 PDF 的大小和质量"
 
 #: mat-gui:238
 msgid "Remove unsupported file from archives"
-msgstr ""
+msgstr "从存档中移除不支持的文件"
 
 #: mat-gui:241
 msgid "Remove non-supported (and so non-anonymised) file from output archive"
-msgstr ""
+msgstr "从输出存档中移除不支持（与非匿名化）的文件"
 
 #: mat-gui:280
 msgid "Unknown"

___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/master] Fix all doxygen warnings other than "X is not documented"

[nickm]

commit 1f679d4ae11cd976f5539bc4ddf36873132aeb00
Author: Nick Mathewson 
Date:   Thu Feb 11 22:06:44 2016 -0500

Fix all doxygen warnings other than "X is not documented"
---
 src/or/config.c  |  2 +-
 src/or/policies.c| 14 --
 src/or/routerparse.c |  2 +-
 3 files changed, 10 insertions(+), 8 deletions(-)

diff --git a/src/or/config.c b/src/or/config.c
index d71cf6d..5273d5a 100644
--- a/src/or/config.c
+++ b/src/or/config.c
@@ -2693,7 +2693,7 @@ options_validate_cb(void *old_options, void *options, 
void *default_options,
 
 /** Log a warning message iff filepath is not absolute.
  * Warning message must contain option name option and
- * an absolute path that filepath will resolve to.
+ * an absolute path that filepath will resolve to.
  *
  * In case filepath is absolute, do nothing.
  */
diff --git a/src/or/policies.c b/src/or/policies.c
index 984ab6a..179230b 100644
--- a/src/or/policies.c
+++ b/src/or/policies.c
@@ -1703,19 +1703,21 @@ exit_policy_remove_redundancies(smartlist_t *dest)
 /** Reject private helper for policies_parse_exit_policy_internal: rejects
  * publicly routable addresses on this exit relay.
  *
- * Add reject entries to the linked list *dest:
- *   - if configured_addresses is non-NULL, add entries that reject each
- * tor_addr_t* in the list as a destination.
- *   - if reject_interface_addresses is true, add entries that reject each
+ * Add reject entries to the linked list *dest:
+ * 
+ * if configured_addresses is non-NULL, add entries that reject each
+ * tor_addr_t in the list as a destination.
+ * if reject_interface_addresses is true, add entries that reject each
  * public IPv4 and IPv6 address of each interface on this machine.
- *   - if reject_configured_port_addresses is true, add entries that reject
+ * if reject_configured_port_addresses is true, add entries that reject
  * each IPv4 and IPv6 address configured for a port.
+ * 
  *
  * IPv6 entries are only added if ipv6_exit is true. (All IPv6 addresses are
  * already blocked by policies_parse_exit_policy_internal if ipv6_exit is
  * false.)
  *
- * The list *dest is created as needed.
+ * The list in dest is created as needed.
  */
 void
 policies_parse_exit_policy_reject_private(
diff --git a/src/or/routerparse.c b/src/or/routerparse.c
index fafba96..3be43dc 100644
--- a/src/or/routerparse.c
+++ b/src/or/routerparse.c
@@ -3679,7 +3679,7 @@ networkstatus_parse_detached_signatures(const char *s, 
const char *eos)
  *
  * Returns NULL on policy errors.
  *
- * Set *malformed_list>/b> to true if the entire policy list should be
+ * Set *malformed_list to true if the entire policy list should be
  * discarded. Otherwise, set it to false, and only this item should be ignored
  * on error - the rest of the policy list can continue to be processed and
  * used.

___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [torspec/master] tiny tweaks to proposal 255 after reading

[arma]

commit 0c14d27563e6cfb24ee2a11457f8b64b80512259
Author: Roger Dingledine 
Date:   Thu Feb 11 23:04:27 2016 -0500

tiny tweaks to proposal 255 after reading
---
 proposals/255-hs-load-balancing.txt | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/proposals/255-hs-load-balancing.txt 
b/proposals/255-hs-load-balancing.txt
index eaab035..a19949c 100644
--- a/proposals/255-hs-load-balancing.txt
+++ b/proposals/255-hs-load-balancing.txt
@@ -101,7 +101,7 @@ is the minimal amount of data required to process the 
INTRODUCE2 cell
 on another machine.
 
 Before proposal 224 is implemented, this could consist of the
-INTRODUCE2 cell payload, the key to decrypt the cell with if the cell
+INTRODUCE2 cell payload, the key to decrypt the cell if the cell
 is not already decrypted (which may be preferable, for performance
 reasons), and data necessary for other machines to recognize what to do
 with the cell.
@@ -136,7 +136,7 @@ INTRODUCE2 cell arrives at the node which published the 
descriptor, it
 does not immediately try to perform the rendezvous, but instead outputs
 this to the controller. Through an out-of-band process this message is
 relayed to a controller of another node of Bob's, and this transmits
-the "PERFORM-RENDEZVOUS" command to that node. This node finally
+the "PERFORM-RENDEZVOUS" command to that node. This node
 performs the rendezvous, and will continue to serve data to Alice,
 whose client will now not have to talk to the introduction point
 anymore.
@@ -155,3 +155,4 @@ and to leave the actual load-balancing algorithm to the 
implementor of
 the controller. The developer of the tor implementation should not
 have to choose between a round-robin algorithm and something that could
 pull CPU load averages from a centralized monitoring system.
+

___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [torspec/master] grammar/etc clarifications while reading proposal 260

[arma]

commit b6b2d248ca9b51876eb841c545c6641c1697aac0
Author: Roger Dingledine 
Date:   Thu Feb 11 23:11:35 2016 -0500

grammar/etc clarifications while reading proposal 260
---
 proposals/260-rend-single-onion.txt | 32 
 1 file changed, 16 insertions(+), 16 deletions(-)

diff --git a/proposals/260-rend-single-onion.txt 
b/proposals/260-rend-single-onion.txt
index fc01551..79990a8 100644
--- a/proposals/260-rend-single-onion.txt
+++ b/proposals/260-rend-single-onion.txt
@@ -29,10 +29,10 @@ Status: Draft
 2. Motivation
 
Rendezvous single onion services are best used by sites which:
-  * Don’t require location anonymity
+  * Don't require location anonymity
   * Would appreciate lower latency or self-authenticated addresses
   * Would like to work with existing tor clients and relays
-  * Can’t accept connections to an open ORPort
+  * Can't accept connections to an open ORPort
 
Rendezvous single onion services have a few benefits over double onion
services:
@@ -61,7 +61,7 @@ Status: Draft
 
   * Connection latency is higher, as one-hop circuits are built to the
 introduction and rendezvous points. Single onion services perform one
-extend to the single onion service’s ORPort only
+extend to the single onion service's ORPort only
 
It should also be noted that, while single onion services receive many
incoming connections from different relays, rendezvous single onion
@@ -99,8 +99,8 @@ Status: Draft
further discussion of security issues.)
 
(Please note that this proposal follows the hop counting conventions in the
-   tor source code. A circuit with a single connections between the client and
-   the endpoint is one-hop, a circuit with 4 connections (and 3 nodes) between
+   tor source code. A circuit with a single connection between the client and
+   the endpoint is one-hop; a circuit with 4 connections (and 3 nodes) between
the client and endpoint is four-hop.)
 
 5. Publishing a rendezvous single onion service
@@ -109,11 +109,11 @@ Status: Draft
group of tor instances) must:
 
   * Publish onion descriptors in the same manner as any onion service,
-using three-hop circuits. This avoids service blocking by IP address,
-proposal #224 (next-generation hidden services) avoids blocking by
+using three-hop circuits. This avoids service blocking by IP address.
+Proposal #224 (next-generation hidden services) avoids blocking by
 onion address.
   * Perform the rendezvous protocol in the same manner as a double
-onion service, but make the intro and rendezvous connections one-hop.
+onion service, but make the intro and rendezvous circuits one-hop.
 (This may allow intro and rendezvous points to block the service.)
 
 5.1. Configuration options
@@ -130,10 +130,10 @@ Status: Draft
 a Rendezvous Single Onion Service. (Default: 0)
 
Because of the grave consequences of misconfiguration here, we have added
-   ‘NonAnonymous’ to the name of the torrc option. Furthermore, Tor MUST 
issue
+   'NonAnonymous' to the name of the torrc option. Furthermore, Tor MUST issue
a startup warning message to operators of the onion service if this feature
is enabled.
-   [Should the name start with ‘NonAnonymous’ instead?]
+   [Should the name start with 'NonAnonymous' instead?]
 
As RendezvousSingleOnionServiceNonAnonymousServer modifies the behaviour
of every onion service on a tor instance, it is impossible to run hidden
@@ -271,7 +271,7 @@ Status: Draft
service, or continue with the rendezvous protocol.
 
Running a rendezvous single onion service and single onion service allows
-   older clients to connect via rendezvous, and newer clients to connenct via
+   older clients to connect via rendezvous, and newer clients to connect via
extend. This is useful for the transition period where not all clients
support single onion services.
 
@@ -319,7 +319,7 @@ Status: Draft
 6.4 Predicted circuits
 
We should look whether we can optimize further the predicted circuits that
-   Tor makes as a onion service for this mode.
+   Tor makes as an onion service for this mode.
 
 8. Security Implications
 
@@ -342,7 +342,7 @@ Status: Draft
single onion services due to their benefits. This could increase the
traffic on the tor network, therefore increasing anonymity overall.
However, the unique behaviour of each type of onion service may still be
-   distinguishable from both the client and server ends of the connection.
+   distinguishable on both the client and server ends of the connection.
 
 8.2 Hidden Service Designs can potentially be more secure
 
@@ -352,9 +352,9 @@ Status: Draft
 
 8.3 One-hop onion service paths may encourage more attacks
 
-   There's a possible second-order effect here since both encrypted
-   services and hidden services will have 

[tor-commits] [torspec/master] renumber 260

[arma]

commit 2d7a01399b49749a71d760818ef3f0c9c8799cf5
Author: Roger Dingledine 
Date:   Thu Feb 11 23:29:42 2016 -0500

renumber 260
---
 proposals/260-rend-single-onion.txt | 7 ---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/proposals/260-rend-single-onion.txt 
b/proposals/260-rend-single-onion.txt
index 79990a8..48aa794 100644
--- a/proposals/260-rend-single-onion.txt
+++ b/proposals/260-rend-single-onion.txt
@@ -200,7 +200,7 @@ Status: Draft
   And turning off hidden service server preemptive circuits, which is
   currently unimplemented (#17360)
 
-5.1.3 Recommended Additional Options: Security
+5.1.4 Recommended Additional Options: Security
 
We recommend that no other services are run on a rendezvous single onion
service tor instance. Since tor runs as a client (and not a relay) by
@@ -275,7 +275,7 @@ Status: Draft
extend. This is useful for the transition period where not all clients
support single onion services.
 
-6.5. Proposal 255 ("Hidden Service Load Balancing")
+6.6. Proposal 255 ("Hidden Service Load Balancing")
 
This proposal is compatible with proposal 255. The onion service will
perform the rendezvous protocol in the same manner as any other onion
@@ -316,7 +316,7 @@ Status: Draft
been performed. In addition, a potential drawback is overloading a busy
single onion service.
 
-6.4 Predicted circuits
+7.4 Predicted circuits
 
We should look whether we can optimize further the predicted circuits that
Tor makes as an onion service for this mode.
@@ -458,3 +458,4 @@ splitting described in section 8. Here are some initial 
ideas.
This option is disabled in Tor Browser by default. Perhaps some users would
be more comfortable enabling submission over an onion service, due to the
additional security benefits.
+

___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/master] Split a long line

[nickm]

commit 7f9ac4957ca8f75a5e72db1c8a967b45d092d125
Author: Nick Mathewson 
Date:   Thu Feb 11 12:13:02 2016 -0500

Split a long line
---
 src/or/connection.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/or/connection.c b/src/or/connection.c
index f459a1b..c012018 100644
--- a/src/or/connection.c
+++ b/src/or/connection.c
@@ -2397,7 +2397,8 @@ retry_listener_ports(smartlist_t *old_conns,
 /* We don't need to be root to create a UNIX socket, so defer until after
  * setuid. */
 const or_options_t *options = get_options();
-if (port->is_unix_addr && !geteuid() && (options->User) && 
strcmp(options->User, "root"))
+if (port->is_unix_addr && !geteuid() && (options->User) &&
+strcmp(options->User, "root"))
   continue;
 #endif
 



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/master] Merge remote-tracking branch 'weasel/bug18261'

[nickm]

commit bc7a5eeeda58c68b3c8434fd66c404aae269dbb0
Merge: c0a6c34 42e131e
Author: Nick Mathewson 
Date:   Thu Feb 11 12:12:02 2016 -0500

Merge remote-tracking branch 'weasel/bug18261'

 changes/bug18261| 6 ++
 src/or/connection.c | 2 +-
 2 files changed, 7 insertions(+), 1 deletion(-)




___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/master] Rename circuit_about_to_free_{terminal -> atexit}

[nickm]

commit cae59b913f7daa154c6b1eb9083d1f582c8d2a1e
Author: Nick Mathewson 
Date:   Thu Feb 11 12:15:12 2016 -0500

Rename circuit_about_to_free_{terminal -> atexit}
---
 src/or/circuitlist.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/or/circuitlist.c b/src/or/circuitlist.c
index 9b7df75..ade371d 100644
--- a/src/or/circuitlist.c
+++ b/src/or/circuitlist.c
@@ -53,7 +53,7 @@ static void cpath_ref_decref(crypt_path_reference_t 
*cpath_ref);
 //static void circuit_set_rend_token(or_circuit_t *circ, int is_rend_circ,
 //   const uint8_t *token);
 static void circuit_clear_rend_token(or_circuit_t *circ);
-static void circuit_about_to_free_terminal(circuit_t *circ);
+static void circuit_about_to_free_atexit(circuit_t *circ);
 static void circuit_about_to_free(circuit_t *circ);
 
 /* END VARIABLES /
@@ -902,7 +902,7 @@ circuit_free_all(void)
   }
 }
 tmp->global_circuitlist_idx = -1;
-circuit_about_to_free_terminal(tmp);
+circuit_about_to_free_atexit(tmp);
 circuit_free(tmp);
 SMARTLIST_DEL_CURRENT(lst, tmp);
   } SMARTLIST_FOREACH_END(tmp);
@@ -1752,7 +1752,7 @@ circuit_mark_for_close_, (circuit_t *circ, int reason, 
int line,
  * do circuitmux_detach_circuit() when appropriate.
  */
 static void
-circuit_about_to_free_terminal(circuit_t *circ)
+circuit_about_to_free_atexit(circuit_t *circ)
 {
 
   if (circ->n_chan) {

___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/master] Fix a segfault during startup

[nickm]

commit 42e131e9acca7c51fb220935deda5dc681004e3f
Author: Peter Palfrader 
Date:   Sat Feb 6 22:17:02 2016 +0100

Fix a segfault during startup

If unix socket was configured as listener (such as a ControlSocket or a
SocksPort unix socket), and tor was started as root but not configured
to switch to another user, tor would segfault while trying to string
compare a NULL value.  Fixes bug 18261; bugfix on 0.2.8.1-alpha. Patch
by weasel.
---
 changes/bug18261| 6 ++
 src/or/connection.c | 2 +-
 2 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/changes/bug18261 b/changes/bug18261
new file mode 100644
index 000..df4c74f
--- /dev/null
+++ b/changes/bug18261
@@ -0,0 +1,6 @@
+  o Minor features (crypto):
+- Fix a segfault during startup:  If unix socket was configured as
+  listener (such as a ControlSocket or a SocksPort unix socket), and
+  tor was started as root but not configured to switch to another
+  user, tor would segfault while trying to string compare a NULL
+  value.  Fixes bug 18261; bugfix on 0.2.8.1-alpha. Patch by weasel.
diff --git a/src/or/connection.c b/src/or/connection.c
index 123c33a..efd730f 100644
--- a/src/or/connection.c
+++ b/src/or/connection.c
@@ -2398,7 +2398,7 @@ retry_listener_ports(smartlist_t *old_conns,
 /* We don't need to be root to create a UNIX socket, so defer until after
  * setuid. */
 const or_options_t *options = get_options();
-if (port->is_unix_addr && !geteuid() && strcmp(options->User, "root"))
+if (port->is_unix_addr && !geteuid() && (options->User) && 
strcmp(options->User, "root"))
   continue;
 #endif
 



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/master] make check-spaces

[nickm]

commit 838d4dee121b311647ae4edd7e220436571c449c
Author: Nick Mathewson 
Date:   Thu Feb 11 12:50:55 2016 -0500

make check-spaces
---
 src/or/entrynodes.c|  5 +++--
 src/or/or.h|  4 ++--
 src/or/policies.c  | 15 ---
 src/test/test_policy.c |  1 -
 4 files changed, 13 insertions(+), 12 deletions(-)

diff --git a/src/or/entrynodes.c b/src/or/entrynodes.c
index a4b9350..95d9fec 100644
--- a/src/or/entrynodes.c
+++ b/src/or/entrynodes.c
@@ -2124,8 +2124,9 @@ launch_direct_bridge_descriptor_fetch(bridge_info_t 
*bridge)
* it. If we  */
   if (!fascist_firewall_allows_address_addr(>addr, bridge->port,
 FIREWALL_OR_CONNECTION, 0)) {
-log_notice(LD_CONFIG, "Tried to fetch a descriptor directly from a bridge, 
"
-   "but that bridge is not reachable through our firewall.");
+log_notice(LD_CONFIG, "Tried to fetch a descriptor directly from a "
+   "bridge, but that bridge is not reachable through our "
+   "firewall.");
 return;
   }
 
diff --git a/src/or/or.h b/src/or/or.h
index 04bd42a..f438212 100644
--- a/src/or/or.h
+++ b/src/or/or.h
@@ -4092,8 +4092,8 @@ typedef struct {
   int ClientUseIPv6;
   /** If true, prefer an IPv6 OR port over an IPv4 one for entry node
* connections. If auto, bridge clients prefer IPv6, and other clients
-   * prefer IPv4. Use fascist_firewall_prefer_ipv6_orport() instead of 
accessing
-   * this value directly. */
+   * prefer IPv4. Use fascist_firewall_prefer_ipv6_orport() instead of
+   * accessing this value directly. */
   int ClientPreferIPv6ORPort;
   /** If true, prefer an IPv6 directory port over an IPv4 one for direct
* directory connections. If auto, bridge clients prefer IPv6, and other
diff --git a/src/or/policies.c b/src/or/policies.c
index faa39ad..984ab6a 100644
--- a/src/or/policies.c
+++ b/src/or/policies.c
@@ -421,7 +421,8 @@ fascist_firewall_allows_address(const tor_addr_t *addr,
 
 /** Is this client configured to use IPv6?
  */
-int fascist_firewall_use_ipv6(const or_options_t *options)
+int
+fascist_firewall_use_ipv6(const or_options_t *options)
 {
   /* Clients use IPv6 if it's set, or they use bridges, or they don't use
* IPv4 */
@@ -513,14 +514,14 @@ fascist_firewall_allows_address_addr(const tor_addr_t 
*addr, uint16_t port,
 
   if (fw_connection == FIREWALL_OR_CONNECTION) {
 return fascist_firewall_allows_address(addr, port,
-reachable_or_addr_policy,
-pref_only,
-
fascist_firewall_prefer_ipv6_orport(options));
+   reachable_or_addr_policy,
+   pref_only,
+   fascist_firewall_prefer_ipv6_orport(options));
   } else if (fw_connection == FIREWALL_DIR_CONNECTION) {
 return fascist_firewall_allows_address(addr, port,
-reachable_dir_addr_policy,
-pref_only,
-
fascist_firewall_prefer_ipv6_dirport(options));
+   reachable_dir_addr_policy,
+   pref_only,
+   fascist_firewall_prefer_ipv6_dirport(options));
   } else {
 log_warn(LD_BUG, "Bad firewall_connection_t value %d.",
  fw_connection);
diff --git a/src/test/test_policy.c b/src/test/test_policy.c
index c044d9f..3688909 100644
--- a/src/test/test_policy.c
+++ b/src/test/test_policy.c
@@ -1546,7 +1546,6 @@ test_policies_fascist_firewall_choose_address(void *arg)
 FIREWALL_DIR_CONNECTION, 1)
 == _dir_ap);
 
-
   /* In the default configuration (Auto / IPv6 off), bridge clients should
* still use IPv6, and only prefer it for bridges configured with an IPv6
* address, regardless of ClientUseIPv6. */

___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/maint-0.2.4] Make ensure_capacity a bit more pedantically correct

[nickm]

commit c2fd64846978290b0e7c7165d7658a5e704eee8f
Author: Nick Mathewson 
Date:   Thu Feb 11 12:54:52 2016 -0500

Make ensure_capacity a bit more pedantically correct

Issues noted by cypherpunks on #18162
---
 src/common/container.c | 7 ++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/src/common/container.c b/src/common/container.c
index 46d9c2e..b1431df 100644
--- a/src/common/container.c
+++ b/src/common/container.c
@@ -58,11 +58,16 @@ smartlist_clear(smartlist_t *sl)
   sl->num_used = 0;
 }
 
+#if SIZE_MAX < INT_MAX
+#error "We don't support systems where size_t is smaller than int."
+#endif
+
 /** Make sure that sl can hold at least size entries. */
 static INLINE void
 smartlist_ensure_capacity(smartlist_t *sl, size_t size)
 {
-#if SIZEOF_SIZE_T > SIZEOF_INT
+  /* Set MAX_CAPACITY to MIN(INT_MAX, SIZE_MAX / sizeof(void*)) */
+#if (SIZE_MAX/SIZEOF_VOID_P) > INT_MAX
 #define MAX_CAPACITY (INT_MAX)
 #else
 #define MAX_CAPACITY (int)((SIZE_MAX / (sizeof(void*



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/maint-0.2.5] Make ensure_capacity a bit more pedantically correct

[nickm]

commit c2fd64846978290b0e7c7165d7658a5e704eee8f
Author: Nick Mathewson 
Date:   Thu Feb 11 12:54:52 2016 -0500

Make ensure_capacity a bit more pedantically correct

Issues noted by cypherpunks on #18162
---
 src/common/container.c | 7 ++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/src/common/container.c b/src/common/container.c
index 46d9c2e..b1431df 100644
--- a/src/common/container.c
+++ b/src/common/container.c
@@ -58,11 +58,16 @@ smartlist_clear(smartlist_t *sl)
   sl->num_used = 0;
 }
 
+#if SIZE_MAX < INT_MAX
+#error "We don't support systems where size_t is smaller than int."
+#endif
+
 /** Make sure that sl can hold at least size entries. */
 static INLINE void
 smartlist_ensure_capacity(smartlist_t *sl, size_t size)
 {
-#if SIZEOF_SIZE_T > SIZEOF_INT
+  /* Set MAX_CAPACITY to MIN(INT_MAX, SIZE_MAX / sizeof(void*)) */
+#if (SIZE_MAX/SIZEOF_VOID_P) > INT_MAX
 #define MAX_CAPACITY (INT_MAX)
 #else
 #define MAX_CAPACITY (int)((SIZE_MAX / (sizeof(void*



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/maint-0.2.6] Merge branch 'maint-0.2.5' into maint-0.2.6

[nickm]

commit 740421af194b890c24242a834ed03ffc5c4c16ab
Merge: 44ad3be ce289e2
Author: Nick Mathewson 
Date:   Thu Feb 11 12:57:28 2016 -0500

Merge branch 'maint-0.2.5' into maint-0.2.6

 changes/bug18162   |  7 +++
 src/common/container.c | 37 -
 2 files changed, 27 insertions(+), 17 deletions(-)

diff --cc src/common/container.c
index 864fd8a,c668068..76c129d
--- a/src/common/container.c
+++ b/src/common/container.c
@@@ -66,28 -71,22 +71,25 @@@ smartlist_ensure_capacity(smartlist_t *
  #define MAX_CAPACITY (INT_MAX)
  #else
  #define MAX_CAPACITY (int)((SIZE_MAX / (sizeof(void*
- #define ASSERT_CAPACITY
  #endif
-   if (size > sl->capacity) {
- int higher = sl->capacity;
++
+   tor_assert(size <= MAX_CAPACITY);
+ 
+   if (size > (size_t) sl->capacity) {
+ size_t higher = (size_t) sl->capacity;
  if (PREDICT_UNLIKELY(size > MAX_CAPACITY/2)) {
- #ifdef ASSERT_CAPACITY
-   /* We don't include this assertion when MAX_CAPACITY == INT_MAX,
-* since int size; (size <= INT_MAX) makes analysis tools think we're
-* doing something stupid. */
--  tor_assert(size <= MAX_CAPACITY);
- #endif
higher = MAX_CAPACITY;
  } else {
while (size > higher)
  higher *= 2;
  }
- sl->capacity = higher;
+ tor_assert(higher <= INT_MAX); /* Redundant */
+ sl->capacity = (int) higher;
 -sl->list = tor_realloc(sl->list, sizeof(void*)*((size_t)sl->capacity));
 +sl->list = tor_reallocarray(sl->list, sizeof(void *),
 +((size_t)sl->capacity));
}
 +#undef ASSERT_CAPACITY
 +#undef MAX_CAPACITY
  }
  
  /** Append element to the end of the list. */

___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/maint-0.2.5] Merge branch 'maint-0.2.4' into maint-0.2.5

[nickm]

commit ce289e2cb5099a4abe4468049dc0d262b65bfa17
Merge: f06d9a9 ad95d64
Author: Nick Mathewson 
Date:   Thu Feb 11 12:55:40 2016 -0500

Merge branch 'maint-0.2.4' into maint-0.2.5

 changes/bug18162   |  7 +++
 src/common/container.c | 29 +++--
 2 files changed, 26 insertions(+), 10 deletions(-)

___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/maint-0.2.6] Merge branch 'maint-0.2.4' into maint-0.2.5

[nickm]

commit ce289e2cb5099a4abe4468049dc0d262b65bfa17
Merge: f06d9a9 ad95d64
Author: Nick Mathewson 
Date:   Thu Feb 11 12:55:40 2016 -0500

Merge branch 'maint-0.2.4' into maint-0.2.5

 changes/bug18162   |  7 +++
 src/common/container.c | 29 +++--
 2 files changed, 26 insertions(+), 10 deletions(-)




___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/maint-0.2.6] Merge branch 'bug18162_024' into maint-0.2.4

[nickm]

commit ad95d64fece2c6d2eddffc8fa5178c3ffccc0cd7
Merge: d5ac79e c2fd648
Author: Nick Mathewson 
Date:   Thu Feb 11 12:55:25 2016 -0500

Merge branch 'bug18162_024' into maint-0.2.4

 changes/bug18162   |  7 +++
 src/common/container.c | 29 +++--
 2 files changed, 26 insertions(+), 10 deletions(-)



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/maint-0.2.4] Merge branch 'bug18162_024' into maint-0.2.4

[nickm]

commit ad95d64fece2c6d2eddffc8fa5178c3ffccc0cd7
Merge: d5ac79e c2fd648
Author: Nick Mathewson 
Date:   Thu Feb 11 12:55:25 2016 -0500

Merge branch 'bug18162_024' into maint-0.2.4

 changes/bug18162   |  7 +++
 src/common/container.c | 29 +++--
 2 files changed, 26 insertions(+), 10 deletions(-)

___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/maint-0.2.7] Merge branch 'maint-0.2.6' into maint-0.2.7

[nickm]

commit be6174f8f6aaaf8f990eb56c5cba16bc5ec0fcea
Merge: d920cbb 740421a
Author: Nick Mathewson 
Date:   Thu Feb 11 13:01:46 2016 -0500

Merge branch 'maint-0.2.6' into maint-0.2.7

 changes/bug18162   |  7 +++
 src/common/container.c | 37 -
 2 files changed, 27 insertions(+), 17 deletions(-)

___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/maint-0.2.4] avoid integer overflow in and around smartlist_ensure_capacity.

[nickm]

commit bca7083e8285e8e6a4377076a7e432417eafc6d2
Author: Nick Mathewson 
Date:   Wed Jan 27 12:26:02 2016 -0500

avoid integer overflow in and around smartlist_ensure_capacity.

This closes bug 18162; bugfix on a45b1315909c9, which fixed a related
issue long ago.

In addition to the #18162 issues, this fixes a signed integer overflow
in smarltist_add_all(), which is probably not so great either.
---
 changes/bug18162   |  7 +++
 src/common/container.c | 22 +-
 2 files changed, 20 insertions(+), 9 deletions(-)

diff --git a/changes/bug18162 b/changes/bug18162
new file mode 100644
index 000..0844d6f
--- /dev/null
+++ b/changes/bug18162
@@ -0,0 +1,7 @@
+  o Major bugfixes (security, pointers):
+
+- Avoid a difficult-to-trigger heap corruption attack when extending
+  a smartlist to contain over 16GB of pointers. Fixes bug #18162;
+  bugfix on Tor 0.1.1.11-alpha, which fixed a related bug
+  incompletely. Reported by Guido Vranken.
+
diff --git a/src/common/container.c b/src/common/container.c
index eec497a..46d9c2e 100644
--- a/src/common/container.c
+++ b/src/common/container.c
@@ -60,15 +60,17 @@ smartlist_clear(smartlist_t *sl)
 
 /** Make sure that sl can hold at least size entries. */
 static INLINE void
-smartlist_ensure_capacity(smartlist_t *sl, int size)
+smartlist_ensure_capacity(smartlist_t *sl, size_t size)
 {
 #if SIZEOF_SIZE_T > SIZEOF_INT
 #define MAX_CAPACITY (INT_MAX)
 #else
 #define MAX_CAPACITY (int)((SIZE_MAX / (sizeof(void*
 #endif
-  if (size > sl->capacity) {
-int higher = sl->capacity;
+  tor_assert(size <= MAX_CAPACITY);
+
+  if (size > (size_t) sl->capacity) {
+size_t higher = (size_t) sl->capacity;
 if (PREDICT_UNLIKELY(size > MAX_CAPACITY/2)) {
   tor_assert(size <= MAX_CAPACITY);
   higher = MAX_CAPACITY;
@@ -76,7 +78,8 @@ smartlist_ensure_capacity(smartlist_t *sl, int size)
   while (size > higher)
 higher *= 2;
 }
-sl->capacity = higher;
+tor_assert(higher <= INT_MAX); /* Redundant */
+sl->capacity = (int) higher;
 sl->list = tor_realloc(sl->list, sizeof(void*)*((size_t)sl->capacity));
   }
 }
@@ -85,7 +88,7 @@ smartlist_ensure_capacity(smartlist_t *sl, int size)
 void
 smartlist_add(smartlist_t *sl, void *element)
 {
-  smartlist_ensure_capacity(sl, sl->num_used+1);
+  smartlist_ensure_capacity(sl, ((size_t) sl->num_used)+1);
   sl->list[sl->num_used++] = element;
 }
 
@@ -93,11 +96,12 @@ smartlist_add(smartlist_t *sl, void *element)
 void
 smartlist_add_all(smartlist_t *s1, const smartlist_t *s2)
 {
-  int new_size = s1->num_used + s2->num_used;
-  tor_assert(new_size >= s1->num_used); /* check for overflow. */
+  size_t new_size = (size_t)s1->num_used + (size_t)s2->num_used;
+  tor_assert(new_size >= (size_t) s1->num_used); /* check for overflow. */
   smartlist_ensure_capacity(s1, new_size);
   memcpy(s1->list + s1->num_used, s2->list, s2->num_used*sizeof(void*));
-  s1->num_used = new_size;
+  tor_assert(new_size <= INT_MAX); /* redundant. */
+  s1->num_used = (int) new_size;
 }
 
 /** Remove all elements E from sl such that E==element.  Preserve
@@ -334,7 +338,7 @@ smartlist_insert(smartlist_t *sl, int idx, void *val)
   if (idx == sl->num_used) {
 smartlist_add(sl, val);
   } else {
-smartlist_ensure_capacity(sl, sl->num_used+1);
+smartlist_ensure_capacity(sl, ((size_t) sl->num_used)+1);
 /* Move other elements away */
 if (idx < sl->num_used)
   memmove(sl->list + idx + 1, sl->list + idx,



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/maint-0.2.6] Make ensure_capacity a bit more pedantically correct

[nickm]

commit c2fd64846978290b0e7c7165d7658a5e704eee8f
Author: Nick Mathewson 
Date:   Thu Feb 11 12:54:52 2016 -0500

Make ensure_capacity a bit more pedantically correct

Issues noted by cypherpunks on #18162
---
 src/common/container.c | 7 ++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/src/common/container.c b/src/common/container.c
index 46d9c2e..b1431df 100644
--- a/src/common/container.c
+++ b/src/common/container.c
@@ -58,11 +58,16 @@ smartlist_clear(smartlist_t *sl)
   sl->num_used = 0;
 }
 
+#if SIZE_MAX < INT_MAX
+#error "We don't support systems where size_t is smaller than int."
+#endif
+
 /** Make sure that sl can hold at least size entries. */
 static INLINE void
 smartlist_ensure_capacity(smartlist_t *sl, size_t size)
 {
-#if SIZEOF_SIZE_T > SIZEOF_INT
+  /* Set MAX_CAPACITY to MIN(INT_MAX, SIZE_MAX / sizeof(void*)) */
+#if (SIZE_MAX/SIZEOF_VOID_P) > INT_MAX
 #define MAX_CAPACITY (INT_MAX)
 #else
 #define MAX_CAPACITY (int)((SIZE_MAX / (sizeof(void*



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/maint-0.2.6] avoid integer overflow in and around smartlist_ensure_capacity.

[nickm]

commit bca7083e8285e8e6a4377076a7e432417eafc6d2
Author: Nick Mathewson 
Date:   Wed Jan 27 12:26:02 2016 -0500

avoid integer overflow in and around smartlist_ensure_capacity.

This closes bug 18162; bugfix on a45b1315909c9, which fixed a related
issue long ago.

In addition to the #18162 issues, this fixes a signed integer overflow
in smarltist_add_all(), which is probably not so great either.
---
 changes/bug18162   |  7 +++
 src/common/container.c | 22 +-
 2 files changed, 20 insertions(+), 9 deletions(-)

diff --git a/changes/bug18162 b/changes/bug18162
new file mode 100644
index 000..0844d6f
--- /dev/null
+++ b/changes/bug18162
@@ -0,0 +1,7 @@
+  o Major bugfixes (security, pointers):
+
+- Avoid a difficult-to-trigger heap corruption attack when extending
+  a smartlist to contain over 16GB of pointers. Fixes bug #18162;
+  bugfix on Tor 0.1.1.11-alpha, which fixed a related bug
+  incompletely. Reported by Guido Vranken.
+
diff --git a/src/common/container.c b/src/common/container.c
index eec497a..46d9c2e 100644
--- a/src/common/container.c
+++ b/src/common/container.c
@@ -60,15 +60,17 @@ smartlist_clear(smartlist_t *sl)
 
 /** Make sure that sl can hold at least size entries. */
 static INLINE void
-smartlist_ensure_capacity(smartlist_t *sl, int size)
+smartlist_ensure_capacity(smartlist_t *sl, size_t size)
 {
 #if SIZEOF_SIZE_T > SIZEOF_INT
 #define MAX_CAPACITY (INT_MAX)
 #else
 #define MAX_CAPACITY (int)((SIZE_MAX / (sizeof(void*
 #endif
-  if (size > sl->capacity) {
-int higher = sl->capacity;
+  tor_assert(size <= MAX_CAPACITY);
+
+  if (size > (size_t) sl->capacity) {
+size_t higher = (size_t) sl->capacity;
 if (PREDICT_UNLIKELY(size > MAX_CAPACITY/2)) {
   tor_assert(size <= MAX_CAPACITY);
   higher = MAX_CAPACITY;
@@ -76,7 +78,8 @@ smartlist_ensure_capacity(smartlist_t *sl, int size)
   while (size > higher)
 higher *= 2;
 }
-sl->capacity = higher;
+tor_assert(higher <= INT_MAX); /* Redundant */
+sl->capacity = (int) higher;
 sl->list = tor_realloc(sl->list, sizeof(void*)*((size_t)sl->capacity));
   }
 }
@@ -85,7 +88,7 @@ smartlist_ensure_capacity(smartlist_t *sl, int size)
 void
 smartlist_add(smartlist_t *sl, void *element)
 {
-  smartlist_ensure_capacity(sl, sl->num_used+1);
+  smartlist_ensure_capacity(sl, ((size_t) sl->num_used)+1);
   sl->list[sl->num_used++] = element;
 }
 
@@ -93,11 +96,12 @@ smartlist_add(smartlist_t *sl, void *element)
 void
 smartlist_add_all(smartlist_t *s1, const smartlist_t *s2)
 {
-  int new_size = s1->num_used + s2->num_used;
-  tor_assert(new_size >= s1->num_used); /* check for overflow. */
+  size_t new_size = (size_t)s1->num_used + (size_t)s2->num_used;
+  tor_assert(new_size >= (size_t) s1->num_used); /* check for overflow. */
   smartlist_ensure_capacity(s1, new_size);
   memcpy(s1->list + s1->num_used, s2->list, s2->num_used*sizeof(void*));
-  s1->num_used = new_size;
+  tor_assert(new_size <= INT_MAX); /* redundant. */
+  s1->num_used = (int) new_size;
 }
 
 /** Remove all elements E from sl such that E==element.  Preserve
@@ -334,7 +338,7 @@ smartlist_insert(smartlist_t *sl, int idx, void *val)
   if (idx == sl->num_used) {
 smartlist_add(sl, val);
   } else {
-smartlist_ensure_capacity(sl, sl->num_used+1);
+smartlist_ensure_capacity(sl, ((size_t) sl->num_used)+1);
 /* Move other elements away */
 if (idx < sl->num_used)
   memmove(sl->list + idx + 1, sl->list + idx,



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/maint-0.2.5] Merge branch 'bug18162_024' into maint-0.2.4

[nickm]

commit ad95d64fece2c6d2eddffc8fa5178c3ffccc0cd7
Merge: d5ac79e c2fd648
Author: Nick Mathewson 
Date:   Thu Feb 11 12:55:25 2016 -0500

Merge branch 'bug18162_024' into maint-0.2.4

 changes/bug18162   |  7 +++
 src/common/container.c | 29 +++--
 2 files changed, 26 insertions(+), 10 deletions(-)



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/maint-0.2.7] Make ensure_capacity a bit more pedantically correct

[nickm]

commit c2fd64846978290b0e7c7165d7658a5e704eee8f
Author: Nick Mathewson 
Date:   Thu Feb 11 12:54:52 2016 -0500

Make ensure_capacity a bit more pedantically correct

Issues noted by cypherpunks on #18162
---
 src/common/container.c | 7 ++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/src/common/container.c b/src/common/container.c
index 46d9c2e..b1431df 100644
--- a/src/common/container.c
+++ b/src/common/container.c
@@ -58,11 +58,16 @@ smartlist_clear(smartlist_t *sl)
   sl->num_used = 0;
 }
 
+#if SIZE_MAX < INT_MAX
+#error "We don't support systems where size_t is smaller than int."
+#endif
+
 /** Make sure that sl can hold at least size entries. */
 static INLINE void
 smartlist_ensure_capacity(smartlist_t *sl, size_t size)
 {
-#if SIZEOF_SIZE_T > SIZEOF_INT
+  /* Set MAX_CAPACITY to MIN(INT_MAX, SIZE_MAX / sizeof(void*)) */
+#if (SIZE_MAX/SIZEOF_VOID_P) > INT_MAX
 #define MAX_CAPACITY (INT_MAX)
 #else
 #define MAX_CAPACITY (int)((SIZE_MAX / (sizeof(void*



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/maint-0.2.7] avoid integer overflow in and around smartlist_ensure_capacity.

[nickm]

commit bca7083e8285e8e6a4377076a7e432417eafc6d2
Author: Nick Mathewson 
Date:   Wed Jan 27 12:26:02 2016 -0500

avoid integer overflow in and around smartlist_ensure_capacity.

This closes bug 18162; bugfix on a45b1315909c9, which fixed a related
issue long ago.

In addition to the #18162 issues, this fixes a signed integer overflow
in smarltist_add_all(), which is probably not so great either.
---
 changes/bug18162   |  7 +++
 src/common/container.c | 22 +-
 2 files changed, 20 insertions(+), 9 deletions(-)

diff --git a/changes/bug18162 b/changes/bug18162
new file mode 100644
index 000..0844d6f
--- /dev/null
+++ b/changes/bug18162
@@ -0,0 +1,7 @@
+  o Major bugfixes (security, pointers):
+
+- Avoid a difficult-to-trigger heap corruption attack when extending
+  a smartlist to contain over 16GB of pointers. Fixes bug #18162;
+  bugfix on Tor 0.1.1.11-alpha, which fixed a related bug
+  incompletely. Reported by Guido Vranken.
+
diff --git a/src/common/container.c b/src/common/container.c
index eec497a..46d9c2e 100644
--- a/src/common/container.c
+++ b/src/common/container.c
@@ -60,15 +60,17 @@ smartlist_clear(smartlist_t *sl)
 
 /** Make sure that sl can hold at least size entries. */
 static INLINE void
-smartlist_ensure_capacity(smartlist_t *sl, int size)
+smartlist_ensure_capacity(smartlist_t *sl, size_t size)
 {
 #if SIZEOF_SIZE_T > SIZEOF_INT
 #define MAX_CAPACITY (INT_MAX)
 #else
 #define MAX_CAPACITY (int)((SIZE_MAX / (sizeof(void*
 #endif
-  if (size > sl->capacity) {
-int higher = sl->capacity;
+  tor_assert(size <= MAX_CAPACITY);
+
+  if (size > (size_t) sl->capacity) {
+size_t higher = (size_t) sl->capacity;
 if (PREDICT_UNLIKELY(size > MAX_CAPACITY/2)) {
   tor_assert(size <= MAX_CAPACITY);
   higher = MAX_CAPACITY;
@@ -76,7 +78,8 @@ smartlist_ensure_capacity(smartlist_t *sl, int size)
   while (size > higher)
 higher *= 2;
 }
-sl->capacity = higher;
+tor_assert(higher <= INT_MAX); /* Redundant */
+sl->capacity = (int) higher;
 sl->list = tor_realloc(sl->list, sizeof(void*)*((size_t)sl->capacity));
   }
 }
@@ -85,7 +88,7 @@ smartlist_ensure_capacity(smartlist_t *sl, int size)
 void
 smartlist_add(smartlist_t *sl, void *element)
 {
-  smartlist_ensure_capacity(sl, sl->num_used+1);
+  smartlist_ensure_capacity(sl, ((size_t) sl->num_used)+1);
   sl->list[sl->num_used++] = element;
 }
 
@@ -93,11 +96,12 @@ smartlist_add(smartlist_t *sl, void *element)
 void
 smartlist_add_all(smartlist_t *s1, const smartlist_t *s2)
 {
-  int new_size = s1->num_used + s2->num_used;
-  tor_assert(new_size >= s1->num_used); /* check for overflow. */
+  size_t new_size = (size_t)s1->num_used + (size_t)s2->num_used;
+  tor_assert(new_size >= (size_t) s1->num_used); /* check for overflow. */
   smartlist_ensure_capacity(s1, new_size);
   memcpy(s1->list + s1->num_used, s2->list, s2->num_used*sizeof(void*));
-  s1->num_used = new_size;
+  tor_assert(new_size <= INT_MAX); /* redundant. */
+  s1->num_used = (int) new_size;
 }
 
 /** Remove all elements E from sl such that E==element.  Preserve
@@ -334,7 +338,7 @@ smartlist_insert(smartlist_t *sl, int idx, void *val)
   if (idx == sl->num_used) {
 smartlist_add(sl, val);
   } else {
-smartlist_ensure_capacity(sl, sl->num_used+1);
+smartlist_ensure_capacity(sl, ((size_t) sl->num_used)+1);
 /* Move other elements away */
 if (idx < sl->num_used)
   memmove(sl->list + idx + 1, sl->list + idx,



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/maint-0.2.5] avoid integer overflow in and around smartlist_ensure_capacity.

[nickm]

commit bca7083e8285e8e6a4377076a7e432417eafc6d2
Author: Nick Mathewson 
Date:   Wed Jan 27 12:26:02 2016 -0500

avoid integer overflow in and around smartlist_ensure_capacity.

This closes bug 18162; bugfix on a45b1315909c9, which fixed a related
issue long ago.

In addition to the #18162 issues, this fixes a signed integer overflow
in smarltist_add_all(), which is probably not so great either.
---
 changes/bug18162   |  7 +++
 src/common/container.c | 22 +-
 2 files changed, 20 insertions(+), 9 deletions(-)

diff --git a/changes/bug18162 b/changes/bug18162
new file mode 100644
index 000..0844d6f
--- /dev/null
+++ b/changes/bug18162
@@ -0,0 +1,7 @@
+  o Major bugfixes (security, pointers):
+
+- Avoid a difficult-to-trigger heap corruption attack when extending
+  a smartlist to contain over 16GB of pointers. Fixes bug #18162;
+  bugfix on Tor 0.1.1.11-alpha, which fixed a related bug
+  incompletely. Reported by Guido Vranken.
+
diff --git a/src/common/container.c b/src/common/container.c
index eec497a..46d9c2e 100644
--- a/src/common/container.c
+++ b/src/common/container.c
@@ -60,15 +60,17 @@ smartlist_clear(smartlist_t *sl)
 
 /** Make sure that sl can hold at least size entries. */
 static INLINE void
-smartlist_ensure_capacity(smartlist_t *sl, int size)
+smartlist_ensure_capacity(smartlist_t *sl, size_t size)
 {
 #if SIZEOF_SIZE_T > SIZEOF_INT
 #define MAX_CAPACITY (INT_MAX)
 #else
 #define MAX_CAPACITY (int)((SIZE_MAX / (sizeof(void*
 #endif
-  if (size > sl->capacity) {
-int higher = sl->capacity;
+  tor_assert(size <= MAX_CAPACITY);
+
+  if (size > (size_t) sl->capacity) {
+size_t higher = (size_t) sl->capacity;
 if (PREDICT_UNLIKELY(size > MAX_CAPACITY/2)) {
   tor_assert(size <= MAX_CAPACITY);
   higher = MAX_CAPACITY;
@@ -76,7 +78,8 @@ smartlist_ensure_capacity(smartlist_t *sl, int size)
   while (size > higher)
 higher *= 2;
 }
-sl->capacity = higher;
+tor_assert(higher <= INT_MAX); /* Redundant */
+sl->capacity = (int) higher;
 sl->list = tor_realloc(sl->list, sizeof(void*)*((size_t)sl->capacity));
   }
 }
@@ -85,7 +88,7 @@ smartlist_ensure_capacity(smartlist_t *sl, int size)
 void
 smartlist_add(smartlist_t *sl, void *element)
 {
-  smartlist_ensure_capacity(sl, sl->num_used+1);
+  smartlist_ensure_capacity(sl, ((size_t) sl->num_used)+1);
   sl->list[sl->num_used++] = element;
 }
 
@@ -93,11 +96,12 @@ smartlist_add(smartlist_t *sl, void *element)
 void
 smartlist_add_all(smartlist_t *s1, const smartlist_t *s2)
 {
-  int new_size = s1->num_used + s2->num_used;
-  tor_assert(new_size >= s1->num_used); /* check for overflow. */
+  size_t new_size = (size_t)s1->num_used + (size_t)s2->num_used;
+  tor_assert(new_size >= (size_t) s1->num_used); /* check for overflow. */
   smartlist_ensure_capacity(s1, new_size);
   memcpy(s1->list + s1->num_used, s2->list, s2->num_used*sizeof(void*));
-  s1->num_used = new_size;
+  tor_assert(new_size <= INT_MAX); /* redundant. */
+  s1->num_used = (int) new_size;
 }
 
 /** Remove all elements E from sl such that E==element.  Preserve
@@ -334,7 +338,7 @@ smartlist_insert(smartlist_t *sl, int idx, void *val)
   if (idx == sl->num_used) {
 smartlist_add(sl, val);
   } else {
-smartlist_ensure_capacity(sl, sl->num_used+1);
+smartlist_ensure_capacity(sl, ((size_t) sl->num_used)+1);
 /* Move other elements away */
 if (idx < sl->num_used)
   memmove(sl->list + idx + 1, sl->list + idx,



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/maint-0.2.7] Merge branch 'bug18162_024' into maint-0.2.4

[nickm]

commit ad95d64fece2c6d2eddffc8fa5178c3ffccc0cd7
Merge: d5ac79e c2fd648
Author: Nick Mathewson 
Date:   Thu Feb 11 12:55:25 2016 -0500

Merge branch 'bug18162_024' into maint-0.2.4

 changes/bug18162   |  7 +++
 src/common/container.c | 29 +++--
 2 files changed, 26 insertions(+), 10 deletions(-)



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/master] Merge branch 'bug18162_024' into maint-0.2.4

[nickm]

commit ad95d64fece2c6d2eddffc8fa5178c3ffccc0cd7
Merge: d5ac79e c2fd648
Author: Nick Mathewson 
Date:   Thu Feb 11 12:55:25 2016 -0500

Merge branch 'bug18162_024' into maint-0.2.4

 changes/bug18162   |  7 +++
 src/common/container.c | 29 +++--
 2 files changed, 26 insertions(+), 10 deletions(-)



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/master] Make ensure_capacity a bit more pedantically correct

[nickm]

commit c2fd64846978290b0e7c7165d7658a5e704eee8f
Author: Nick Mathewson 
Date:   Thu Feb 11 12:54:52 2016 -0500

Make ensure_capacity a bit more pedantically correct

Issues noted by cypherpunks on #18162
---
 src/common/container.c | 7 ++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/src/common/container.c b/src/common/container.c
index 46d9c2e..b1431df 100644
--- a/src/common/container.c
+++ b/src/common/container.c
@@ -58,11 +58,16 @@ smartlist_clear(smartlist_t *sl)
   sl->num_used = 0;
 }
 
+#if SIZE_MAX < INT_MAX
+#error "We don't support systems where size_t is smaller than int."
+#endif
+
 /** Make sure that sl can hold at least size entries. */
 static INLINE void
 smartlist_ensure_capacity(smartlist_t *sl, size_t size)
 {
-#if SIZEOF_SIZE_T > SIZEOF_INT
+  /* Set MAX_CAPACITY to MIN(INT_MAX, SIZE_MAX / sizeof(void*)) */
+#if (SIZE_MAX/SIZEOF_VOID_P) > INT_MAX
 #define MAX_CAPACITY (INT_MAX)
 #else
 #define MAX_CAPACITY (int)((SIZE_MAX / (sizeof(void*



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/master] Merge branch 'maint-0.2.4' into maint-0.2.5

[nickm]

commit ce289e2cb5099a4abe4468049dc0d262b65bfa17
Merge: f06d9a9 ad95d64
Author: Nick Mathewson 
Date:   Thu Feb 11 12:55:40 2016 -0500

Merge branch 'maint-0.2.4' into maint-0.2.5

 changes/bug18162   |  7 +++
 src/common/container.c | 29 +++--
 2 files changed, 26 insertions(+), 10 deletions(-)




___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/maint-0.2.7] Merge branch 'maint-0.2.4' into maint-0.2.5

[nickm]

commit ce289e2cb5099a4abe4468049dc0d262b65bfa17
Merge: f06d9a9 ad95d64
Author: Nick Mathewson 
Date:   Thu Feb 11 12:55:40 2016 -0500

Merge branch 'maint-0.2.4' into maint-0.2.5

 changes/bug18162   |  7 +++
 src/common/container.c | 29 +++--
 2 files changed, 26 insertions(+), 10 deletions(-)




___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/master] avoid integer overflow in and around smartlist_ensure_capacity.

[nickm]

commit bca7083e8285e8e6a4377076a7e432417eafc6d2
Author: Nick Mathewson 
Date:   Wed Jan 27 12:26:02 2016 -0500

avoid integer overflow in and around smartlist_ensure_capacity.

This closes bug 18162; bugfix on a45b1315909c9, which fixed a related
issue long ago.

In addition to the #18162 issues, this fixes a signed integer overflow
in smarltist_add_all(), which is probably not so great either.
---
 changes/bug18162   |  7 +++
 src/common/container.c | 22 +-
 2 files changed, 20 insertions(+), 9 deletions(-)

diff --git a/changes/bug18162 b/changes/bug18162
new file mode 100644
index 000..0844d6f
--- /dev/null
+++ b/changes/bug18162
@@ -0,0 +1,7 @@
+  o Major bugfixes (security, pointers):
+
+- Avoid a difficult-to-trigger heap corruption attack when extending
+  a smartlist to contain over 16GB of pointers. Fixes bug #18162;
+  bugfix on Tor 0.1.1.11-alpha, which fixed a related bug
+  incompletely. Reported by Guido Vranken.
+
diff --git a/src/common/container.c b/src/common/container.c
index eec497a..46d9c2e 100644
--- a/src/common/container.c
+++ b/src/common/container.c
@@ -60,15 +60,17 @@ smartlist_clear(smartlist_t *sl)
 
 /** Make sure that sl can hold at least size entries. */
 static INLINE void
-smartlist_ensure_capacity(smartlist_t *sl, int size)
+smartlist_ensure_capacity(smartlist_t *sl, size_t size)
 {
 #if SIZEOF_SIZE_T > SIZEOF_INT
 #define MAX_CAPACITY (INT_MAX)
 #else
 #define MAX_CAPACITY (int)((SIZE_MAX / (sizeof(void*
 #endif
-  if (size > sl->capacity) {
-int higher = sl->capacity;
+  tor_assert(size <= MAX_CAPACITY);
+
+  if (size > (size_t) sl->capacity) {
+size_t higher = (size_t) sl->capacity;
 if (PREDICT_UNLIKELY(size > MAX_CAPACITY/2)) {
   tor_assert(size <= MAX_CAPACITY);
   higher = MAX_CAPACITY;
@@ -76,7 +78,8 @@ smartlist_ensure_capacity(smartlist_t *sl, int size)
   while (size > higher)
 higher *= 2;
 }
-sl->capacity = higher;
+tor_assert(higher <= INT_MAX); /* Redundant */
+sl->capacity = (int) higher;
 sl->list = tor_realloc(sl->list, sizeof(void*)*((size_t)sl->capacity));
   }
 }
@@ -85,7 +88,7 @@ smartlist_ensure_capacity(smartlist_t *sl, int size)
 void
 smartlist_add(smartlist_t *sl, void *element)
 {
-  smartlist_ensure_capacity(sl, sl->num_used+1);
+  smartlist_ensure_capacity(sl, ((size_t) sl->num_used)+1);
   sl->list[sl->num_used++] = element;
 }
 
@@ -93,11 +96,12 @@ smartlist_add(smartlist_t *sl, void *element)
 void
 smartlist_add_all(smartlist_t *s1, const smartlist_t *s2)
 {
-  int new_size = s1->num_used + s2->num_used;
-  tor_assert(new_size >= s1->num_used); /* check for overflow. */
+  size_t new_size = (size_t)s1->num_used + (size_t)s2->num_used;
+  tor_assert(new_size >= (size_t) s1->num_used); /* check for overflow. */
   smartlist_ensure_capacity(s1, new_size);
   memcpy(s1->list + s1->num_used, s2->list, s2->num_used*sizeof(void*));
-  s1->num_used = new_size;
+  tor_assert(new_size <= INT_MAX); /* redundant. */
+  s1->num_used = (int) new_size;
 }
 
 /** Remove all elements E from sl such that E==element.  Preserve
@@ -334,7 +338,7 @@ smartlist_insert(smartlist_t *sl, int idx, void *val)
   if (idx == sl->num_used) {
 smartlist_add(sl, val);
   } else {
-smartlist_ensure_capacity(sl, sl->num_used+1);
+smartlist_ensure_capacity(sl, ((size_t) sl->num_used)+1);
 /* Move other elements away */
 if (idx < sl->num_used)
   memmove(sl->list + idx + 1, sl->list + idx,



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/master] Merge branch 'maint-0.2.7'

[nickm]

commit 7788ee43e519a8f39e3917c4161e7c635cd2ecd9
Merge: 838d4de be6174f
Author: Nick Mathewson 
Date:   Thu Feb 11 13:04:43 2016 -0500

Merge branch 'maint-0.2.7'

 changes/bug18162   |  7 +++
 src/common/container.c | 36 +++-
 2 files changed, 26 insertions(+), 17 deletions(-)

diff --cc src/common/container.c
index 9f40dfa,8c66bd8..2e42c9e
--- a/src/common/container.c
+++ b/src/common/container.c
@@@ -59,11 -58,16 +59,16 @@@ smartlist_clear(smartlist_t *sl
sl->num_used = 0;
  }
  
+ #if SIZE_MAX < INT_MAX
+ #error "We don't support systems where size_t is smaller than int."
+ #endif
+ 
  /** Make sure that sl can hold at least size entries. */
 -static INLINE void
 +static inline void
- smartlist_ensure_capacity(smartlist_t *sl, int size)
+ smartlist_ensure_capacity(smartlist_t *sl, size_t size)
  {
- #if SIZEOF_SIZE_T > SIZEOF_INT
+   /* Set MAX_CAPACITY to MIN(INT_MAX, SIZE_MAX / sizeof(void*)) */
+ #if (SIZE_MAX/SIZEOF_VOID_P) > INT_MAX
  #define MAX_CAPACITY (INT_MAX)
  #else
  #define MAX_CAPACITY (int)((SIZE_MAX / (sizeof(void*
@@@ -83,11 -83,10 +84,11 @@@
while (size > higher)
  higher *= 2;
  }
 -tor_assert(higher <= INT_MAX); /* Redundant */
 -sl->capacity = (int) higher;
  sl->list = tor_reallocarray(sl->list, sizeof(void *),
 -((size_t)sl->capacity));
 +((size_t)higher));
 +memset(sl->list + sl->capacity, 0,
 +   sizeof(void *) * (higher - sl->capacity));
- sl->capacity = higher;
++sl->capacity = (int) higher;
}
  #undef ASSERT_CAPACITY
  #undef MAX_CAPACITY

___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/maint-0.2.7] Merge branch 'maint-0.2.5' into maint-0.2.6

[nickm]

commit 740421af194b890c24242a834ed03ffc5c4c16ab
Merge: 44ad3be ce289e2
Author: Nick Mathewson 
Date:   Thu Feb 11 12:57:28 2016 -0500

Merge branch 'maint-0.2.5' into maint-0.2.6

 changes/bug18162   |  7 +++
 src/common/container.c | 37 -
 2 files changed, 27 insertions(+), 17 deletions(-)

diff --cc src/common/container.c
index 864fd8a,c668068..76c129d
--- a/src/common/container.c
+++ b/src/common/container.c
@@@ -66,28 -71,22 +71,25 @@@ smartlist_ensure_capacity(smartlist_t *
  #define MAX_CAPACITY (INT_MAX)
  #else
  #define MAX_CAPACITY (int)((SIZE_MAX / (sizeof(void*
- #define ASSERT_CAPACITY
  #endif
-   if (size > sl->capacity) {
- int higher = sl->capacity;
++
+   tor_assert(size <= MAX_CAPACITY);
+ 
+   if (size > (size_t) sl->capacity) {
+ size_t higher = (size_t) sl->capacity;
  if (PREDICT_UNLIKELY(size > MAX_CAPACITY/2)) {
- #ifdef ASSERT_CAPACITY
-   /* We don't include this assertion when MAX_CAPACITY == INT_MAX,
-* since int size; (size <= INT_MAX) makes analysis tools think we're
-* doing something stupid. */
--  tor_assert(size <= MAX_CAPACITY);
- #endif
higher = MAX_CAPACITY;
  } else {
while (size > higher)
  higher *= 2;
  }
- sl->capacity = higher;
+ tor_assert(higher <= INT_MAX); /* Redundant */
+ sl->capacity = (int) higher;
 -sl->list = tor_realloc(sl->list, sizeof(void*)*((size_t)sl->capacity));
 +sl->list = tor_reallocarray(sl->list, sizeof(void *),
 +((size_t)sl->capacity));
}
 +#undef ASSERT_CAPACITY
 +#undef MAX_CAPACITY
  }
  
  /** Append element to the end of the list. */



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/master] Merge branch 'maint-0.2.5' into maint-0.2.6

[nickm]

commit 740421af194b890c24242a834ed03ffc5c4c16ab
Merge: 44ad3be ce289e2
Author: Nick Mathewson 
Date:   Thu Feb 11 12:57:28 2016 -0500

Merge branch 'maint-0.2.5' into maint-0.2.6

 changes/bug18162   |  7 +++
 src/common/container.c | 37 -
 2 files changed, 27 insertions(+), 17 deletions(-)

diff --cc src/common/container.c
index 864fd8a,c668068..76c129d
--- a/src/common/container.c
+++ b/src/common/container.c
@@@ -66,28 -71,22 +71,25 @@@ smartlist_ensure_capacity(smartlist_t *
  #define MAX_CAPACITY (INT_MAX)
  #else
  #define MAX_CAPACITY (int)((SIZE_MAX / (sizeof(void*
- #define ASSERT_CAPACITY
  #endif
-   if (size > sl->capacity) {
- int higher = sl->capacity;
++
+   tor_assert(size <= MAX_CAPACITY);
+ 
+   if (size > (size_t) sl->capacity) {
+ size_t higher = (size_t) sl->capacity;
  if (PREDICT_UNLIKELY(size > MAX_CAPACITY/2)) {
- #ifdef ASSERT_CAPACITY
-   /* We don't include this assertion when MAX_CAPACITY == INT_MAX,
-* since int size; (size <= INT_MAX) makes analysis tools think we're
-* doing something stupid. */
--  tor_assert(size <= MAX_CAPACITY);
- #endif
higher = MAX_CAPACITY;
  } else {
while (size > higher)
  higher *= 2;
  }
- sl->capacity = higher;
+ tor_assert(higher <= INT_MAX); /* Redundant */
+ sl->capacity = (int) higher;
 -sl->list = tor_realloc(sl->list, sizeof(void*)*((size_t)sl->capacity));
 +sl->list = tor_reallocarray(sl->list, sizeof(void *),
 +((size_t)sl->capacity));
}
 +#undef ASSERT_CAPACITY
 +#undef MAX_CAPACITY
  }
  
  /** Append element to the end of the list. */



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/master] Merge branch 'maint-0.2.6' into maint-0.2.7

[nickm]

commit be6174f8f6aaaf8f990eb56c5cba16bc5ec0fcea
Merge: d920cbb 740421a
Author: Nick Mathewson 
Date:   Thu Feb 11 13:01:46 2016 -0500

Merge branch 'maint-0.2.6' into maint-0.2.7

 changes/bug18162   |  7 +++
 src/common/container.c | 37 -
 2 files changed, 27 insertions(+), 17 deletions(-)




___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [translation/tor_animation] Update translations for tor_animation

[translation]

commit e360afe2965e119c99018e9431be8756c6994979
Author: Translation commit bot 
Date:   Thu Feb 11 18:16:00 2016 +

Update translations for tor_animation
---
 tl_PH.srt | 56 
 1 file changed, 28 insertions(+), 28 deletions(-)

diff --git a/tl_PH.srt b/tl_PH.srt
index 5910259..61d0d6d 100644
--- a/tl_PH.srt
+++ b/tl_PH.srt
@@ -16,7 +16,7 @@ mga lugar na pinupuntahan natin, at mga binabasa natin.
 
 5
 00:00:13,280 --> 00:00:14,640
-Hayaan mo akong ipaliwanag ito sa iyo ng mas mabuti.
+Hayaan mong ipaliwanag ko ito sa iyo ng mas mabuti.
 
 6
 00:00:14,920 --> 00:00:17,740
@@ -38,106 +38,106 @@ ang browser na ginagamit mo para mag surf sa web,
 at kung ano-ano pa tungkol sa iyo at sobra-sobra pa tungkol sa iyo.
 
 10
-00:00:29,620 --> 00:00:32,460
+00:00:29,200 --> 00:00:31,500
 na hindi mo naman talagang sadyang ibahagi sa mga taong hindi mo kilala
 
 11
-00:00:32,920 --> 00:00:35,840
+00:00:31,700 --> 00:00:34,000
 - na maaring gamitin ang impormasyon mo na kanila'y pakikinabangan.
 
 12
-00:00:36,220 --> 00:00:38,120
-Pero lahat ng iyon ay maiiwasan sa pamamagitan ng Tor!
+00:00:34,500 --> 00:00:37,000
+Maliban kung gumagamit ka ng Tor!
 
 13
-00:00:39,140 --> 00:00:42,840
+00:00:37,140 --> 00:00:40,840
 Pinoprotektahan ng Tor Browser ang ating palihim (privacy) at pagkakakilanlan 
(identity) sa Internet.
 
 14
-00:00:43,560 --> 00:00:46,760
+00:00:41,560 --> 00:00:44,760
 Pinapatibay at sinisigurado ng Tor ang iyong koneksyon sa pamamagitan ng 
tatlong patong ng encryption
 
 15
-00:00:46,940 --> 00:00:51,760
+00:00:44,940 --> 00:00:49,760
 at idinadaan ito sa tatlong kinusang-loob na mga servers sa iba't-ibang sulok 
ng mundo,
 
 16
-00:00:52,280 --> 00:00:55,520
+00:00:50,280 --> 00:00:53,520
 para magkaroon tayong nang paliham na komunikasyon sa Internet.
 
 17
-00:00:58,560 --> 00:01:00,280
+00:00:56,560 --> 00:00:58,280
 Pinoprotektahan din ng Tor ang ating mga data
 
 18
-00:01:00,400 --> 00:01:03,900
+00:00:58,400 --> 00:01:01,900
 laban sa patamaang-gobyerno (government-targeted) o patamaang-korporasyon 
(corporate-targeted) at pang-masang pamamahala (mass surveillance).
 
 19
-00:01:04,880 --> 00:01:09,340
+00:01:02,880 --> 00:01:07,340
 Baka nakatira ka sa isang bansa na strikto sa kalayaan na sinusubukang 
kontrolin at imahala (surveil) ang Internet.
 
 20
-00:01:09,900 --> 00:01:13,800
+00:01:07,900 --> 00:01:11,800
 O kaya nama'y ayaw mong pakinabangan ng malalaking korporasyon ang iyong 
personal na impormasyon.
 
 21
-00:01:14,880 --> 00:01:17,640
+00:01:12,880 --> 00:01:15,640
 Ginagawa ng Tor na magkakamukha ang mga gumagamit nito
 
 22
-00:01:17,920 --> 00:01:20,800
+00:01:15,920 --> 00:01:18,800
 na nililito ang sinumang namamahala o nanonood, at sa pamamagitan nito ikaw ay 
nagiging anonimo o hindi nakikilala.
 
 23
-00:01:21,500 --> 00:01:24,980
+00:01:19,500 --> 00:01:22,980
 Kaya, kapag mas maraming taong gumagamit ng Tor network, mas lumalakas ito
 
 24
-00:01:25,140 --> 00:01:29,800
+00:01:23,140 --> 00:01:27,800
 sapagkat mas madaling magtago sa pangkat o grupo ng tao na magkakamukha.
 
 25
-00:01:30,700 --> 00:01:33,240
+00:01:28,700 --> 00:01:31,240
 Maaring mong iwasan o sikutan ang pagsensura ng hindi pagaalala
 
 26
-00:01:33,400 --> 00:01:36,100
+00:01:31,400 --> 00:01:34,100
 tungkol sa pagaalam ng sensura kung ano ang ginagawa mo sa Internet.
 
 27
-00:01:38,540 --> 00:01:41,440
+00:01:36,540 --> 00:01:39,440
 Hindi ka susundan ng mga ads kahit saan ng ilang buwan,
 
 28
-00:01:41,640 --> 00:01:43,300
+00:01:39,640 --> 00:01:41,300
 simula nung una kang pumindot sa isang produkto.
 
 29
-00:01:45,880 --> 00:01:49,380
+00:01:43,880 --> 00:01:47,380
 Sa pagamit ng Tor, hindi ka man lang malaman ng mga sites na binisita mo kung 
sino ka,
 
 30
-00:01:49,540 --> 00:01:51,760
+00:01:47,540 --> 00:01:49,760
 kung saang parte ng mundo mo sila binisita,
 
 31
-00:01:51,920 --> 00:01:53,920
+00:01:49,920 --> 00:01:51,920
 kung hindi ka mag lologin at magkukusang magsabi.
 
 32
-00:01:56,200 --> 00:01:57,840
+00:01:54,200 --> 00:01:55,840
 Sa pag-download at paggamit ng Tor,
 
 33
-00:01:58,200 --> 00:02:00,560
+00:01:56,200 --> 00:01:58,560
 maproprotektahan mo din ang pagiging anonimo ng mga nangangailangang tao,
 
 34
-00:02:00,880 --> 00:02:03,640
+00:01:58,880 --> 00:02:01,640
 tulad ng activists, journalists at bloggers.
 
 35
-00:02:04,000 --> 00:02:09,000
+00:02:02,000 --> 00:02:07,000
 Kaya'y i-download mo na ang Tor at gamitin! O kaya'y magpatakbo ng relay!
 

___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [translation/tor_animation_completed] Update translations for tor_animation_completed

[translation]

commit 3804c2f89578c92563545bad82c97af96a002cc2
Author: Translation commit bot 
Date:   Thu Feb 11 18:16:07 2016 +

Update translations for tor_animation_completed
---
 tl_PH.srt | 56 
 1 file changed, 28 insertions(+), 28 deletions(-)

diff --git a/tl_PH.srt b/tl_PH.srt
index 5910259..61d0d6d 100644
--- a/tl_PH.srt
+++ b/tl_PH.srt
@@ -16,7 +16,7 @@ mga lugar na pinupuntahan natin, at mga binabasa natin.
 
 5
 00:00:13,280 --> 00:00:14,640
-Hayaan mo akong ipaliwanag ito sa iyo ng mas mabuti.
+Hayaan mong ipaliwanag ko ito sa iyo ng mas mabuti.
 
 6
 00:00:14,920 --> 00:00:17,740
@@ -38,106 +38,106 @@ ang browser na ginagamit mo para mag surf sa web,
 at kung ano-ano pa tungkol sa iyo at sobra-sobra pa tungkol sa iyo.
 
 10
-00:00:29,620 --> 00:00:32,460
+00:00:29,200 --> 00:00:31,500
 na hindi mo naman talagang sadyang ibahagi sa mga taong hindi mo kilala
 
 11
-00:00:32,920 --> 00:00:35,840
+00:00:31,700 --> 00:00:34,000
 - na maaring gamitin ang impormasyon mo na kanila'y pakikinabangan.
 
 12
-00:00:36,220 --> 00:00:38,120
-Pero lahat ng iyon ay maiiwasan sa pamamagitan ng Tor!
+00:00:34,500 --> 00:00:37,000
+Maliban kung gumagamit ka ng Tor!
 
 13
-00:00:39,140 --> 00:00:42,840
+00:00:37,140 --> 00:00:40,840
 Pinoprotektahan ng Tor Browser ang ating palihim (privacy) at pagkakakilanlan 
(identity) sa Internet.
 
 14
-00:00:43,560 --> 00:00:46,760
+00:00:41,560 --> 00:00:44,760
 Pinapatibay at sinisigurado ng Tor ang iyong koneksyon sa pamamagitan ng 
tatlong patong ng encryption
 
 15
-00:00:46,940 --> 00:00:51,760
+00:00:44,940 --> 00:00:49,760
 at idinadaan ito sa tatlong kinusang-loob na mga servers sa iba't-ibang sulok 
ng mundo,
 
 16
-00:00:52,280 --> 00:00:55,520
+00:00:50,280 --> 00:00:53,520
 para magkaroon tayong nang paliham na komunikasyon sa Internet.
 
 17
-00:00:58,560 --> 00:01:00,280
+00:00:56,560 --> 00:00:58,280
 Pinoprotektahan din ng Tor ang ating mga data
 
 18
-00:01:00,400 --> 00:01:03,900
+00:00:58,400 --> 00:01:01,900
 laban sa patamaang-gobyerno (government-targeted) o patamaang-korporasyon 
(corporate-targeted) at pang-masang pamamahala (mass surveillance).
 
 19
-00:01:04,880 --> 00:01:09,340
+00:01:02,880 --> 00:01:07,340
 Baka nakatira ka sa isang bansa na strikto sa kalayaan na sinusubukang 
kontrolin at imahala (surveil) ang Internet.
 
 20
-00:01:09,900 --> 00:01:13,800
+00:01:07,900 --> 00:01:11,800
 O kaya nama'y ayaw mong pakinabangan ng malalaking korporasyon ang iyong 
personal na impormasyon.
 
 21
-00:01:14,880 --> 00:01:17,640
+00:01:12,880 --> 00:01:15,640
 Ginagawa ng Tor na magkakamukha ang mga gumagamit nito
 
 22
-00:01:17,920 --> 00:01:20,800
+00:01:15,920 --> 00:01:18,800
 na nililito ang sinumang namamahala o nanonood, at sa pamamagitan nito ikaw ay 
nagiging anonimo o hindi nakikilala.
 
 23
-00:01:21,500 --> 00:01:24,980
+00:01:19,500 --> 00:01:22,980
 Kaya, kapag mas maraming taong gumagamit ng Tor network, mas lumalakas ito
 
 24
-00:01:25,140 --> 00:01:29,800
+00:01:23,140 --> 00:01:27,800
 sapagkat mas madaling magtago sa pangkat o grupo ng tao na magkakamukha.
 
 25
-00:01:30,700 --> 00:01:33,240
+00:01:28,700 --> 00:01:31,240
 Maaring mong iwasan o sikutan ang pagsensura ng hindi pagaalala
 
 26
-00:01:33,400 --> 00:01:36,100
+00:01:31,400 --> 00:01:34,100
 tungkol sa pagaalam ng sensura kung ano ang ginagawa mo sa Internet.
 
 27
-00:01:38,540 --> 00:01:41,440
+00:01:36,540 --> 00:01:39,440
 Hindi ka susundan ng mga ads kahit saan ng ilang buwan,
 
 28
-00:01:41,640 --> 00:01:43,300
+00:01:39,640 --> 00:01:41,300
 simula nung una kang pumindot sa isang produkto.
 
 29
-00:01:45,880 --> 00:01:49,380
+00:01:43,880 --> 00:01:47,380
 Sa pagamit ng Tor, hindi ka man lang malaman ng mga sites na binisita mo kung 
sino ka,
 
 30
-00:01:49,540 --> 00:01:51,760
+00:01:47,540 --> 00:01:49,760
 kung saang parte ng mundo mo sila binisita,
 
 31
-00:01:51,920 --> 00:01:53,920
+00:01:49,920 --> 00:01:51,920
 kung hindi ka mag lologin at magkukusang magsabi.
 
 32
-00:01:56,200 --> 00:01:57,840
+00:01:54,200 --> 00:01:55,840
 Sa pag-download at paggamit ng Tor,
 
 33
-00:01:58,200 --> 00:02:00,560
+00:01:56,200 --> 00:01:58,560
 maproprotektahan mo din ang pagiging anonimo ng mga nangangailangang tao,
 
 34
-00:02:00,880 --> 00:02:03,640
+00:01:58,880 --> 00:02:01,640
 tulad ng activists, journalists at bloggers.
 
 35
-00:02:04,000 --> 00:02:09,000
+00:02:02,000 --> 00:02:07,000
 Kaya'y i-download mo na ang Tor at gamitin! O kaya'y magpatakbo ng relay!
 

___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/master] Add another admonishment to WritingTests.md

[nickm]

commit 5a164d50bbfd66ef51408794d03c8db8071ddabb
Author: Nick Mathewson 
Date:   Thu Feb 11 13:17:21 2016 -0500

Add another admonishment to WritingTests.md
---
 doc/HACKING/WritingTests.md | 42 ++
 1 file changed, 42 insertions(+)

diff --git a/doc/HACKING/WritingTests.md b/doc/HACKING/WritingTests.md
index 42fba2d..4e98d3d 100644
--- a/doc/HACKING/WritingTests.md
+++ b/doc/HACKING/WritingTests.md
@@ -206,6 +206,48 @@ For example, `crypto_curve25519.h` contains:
 The `crypto_curve25519.c` file and the `test_crypto.c` file both define
 `CRYPTO_CURVE25519_PRIVATE`, so they can see this declaration.
 
+### STOP!  Does this test really test?
+
+When writing tests, it's not enough to just generate coverage on all the
+lines of the code that you're testing:  It's important to make sure that
+the test _really tests_ the code.
+
+For example, here is a _bad_ test for the unlink() function (which is
+supposed to remove a file).
+
+static void
+test_unlink_badly(void *arg)
+{
+  (void) arg;
+  int r;
+
+  const char *fname = get_fname("tmpfile");
+
+  /* If the file isn't there, unlink returns -1 and sets ENOENT */
+  r = unlink(fname);
+  tt_int_op(n, OP_EQ, -1);
+  tt_int_op(errno, OP_EQ, ENOENT);
+
+  /* If the file DOES exist, unlink returns 0. */
+  write_str_to_file(fname, "hello world", 0);
+  r = unlink(fnme);
+  tt_int_op(r, OP_EQ, 0);
+
+done:
+  tor_free(contents);
+}
+
+
+This test might get very high coverage on unlink().  So why is it a
+bad test? Because it doesn't check that unlink() *actually removes the
+named file*!
+
+Remember, the purpose of a test is to succeed if the code does what
+it's supposed to do, and fail otherwise.  Try to design your tests so
+that they check for the code's intended and documented functionality
+as much as possible.
+
+
 ### Mock functions for testing in isolation
 
 Often we want to test that a function works right, but the function to

___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [translation/mat-gui] Update translations for mat-gui

[translation]

commit 8805899f2bcd9817b1456e6ecdcefb71d616b175
Author: Translation commit bot 
Date:   Thu Feb 11 10:45:32 2016 +

Update translations for mat-gui
---
 en_GB.po |  8 
 es.po| 10 +-
 2 files changed, 9 insertions(+), 9 deletions(-)

diff --git a/en_GB.po b/en_GB.po
index 8207355..eeb591d 100644
--- a/en_GB.po
+++ b/en_GB.po
@@ -10,8 +10,8 @@ msgstr ""
 "Project-Id-Version: The Tor Project\n"
 "Report-Msgid-Bugs-To: \n"
 "POT-Creation-Date: 2016-02-10 23:06+0100\n"
-"PO-Revision-Date: 2016-02-11 09:31+\n"
-"Last-Translator: carolyn \n"
+"PO-Revision-Date: 2016-02-11 10:21+\n"
+"Last-Translator: Andi Chandler \n"
 "Language-Team: English (United Kingdom) 
(http://www.transifex.com/otf/torproject/language/en_GB/)\n"
 "MIME-Version: 1.0\n"
 "Content-Type: text/plain; charset=UTF-8\n"
@@ -75,11 +75,11 @@ msgstr "Reduce the produced PDF size and quality"
 
 #: mat-gui:238
 msgid "Remove unsupported file from archives"
-msgstr ""
+msgstr "Remove unsupported file from archives"
 
 #: mat-gui:241
 msgid "Remove non-supported (and so non-anonymised) file from output archive"
-msgstr ""
+msgstr "Remove non-supported (and so non-anonymised) file from output archive"
 
 #: mat-gui:280
 msgid "Unknown"
diff --git a/es.po b/es.po
index ff5ecef..8ab72ff 100644
--- a/es.po
+++ b/es.po
@@ -5,14 +5,14 @@
 # Translators:
 # Edward Navarro, 2015
 # Noel Torres , 2013
-# strel, 2013-2014
+# strel, 2013-2014,2016
 msgid ""
 msgstr ""
 "Project-Id-Version: The Tor Project\n"
 "Report-Msgid-Bugs-To: \n"
 "POT-Creation-Date: 2016-02-10 23:06+0100\n"
-"PO-Revision-Date: 2016-02-11 09:31+\n"
-"Last-Translator: carolyn \n"
+"PO-Revision-Date: 2016-02-11 10:18+\n"
+"Last-Translator: strel\n"
 "Language-Team: Spanish 
(http://www.transifex.com/otf/torproject/language/es/)\n"
 "MIME-Version: 1.0\n"
 "Content-Type: text/plain; charset=UTF-8\n"
@@ -76,11 +76,11 @@ msgstr "Reduce el tamaño y calidad del PDF producido"
 
 #: mat-gui:238
 msgid "Remove unsupported file from archives"
-msgstr ""
+msgstr "Eliminar fichero no soportado de los archivos"
 
 #: mat-gui:241
 msgid "Remove non-supported (and so non-anonymised) file from output archive"
-msgstr ""
+msgstr "Eliminar fichero no soportado (y no anonimizado) del archivo de salida"
 
 #: mat-gui:280
 msgid "Unknown"

___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/master] Use fascist firewall and ClientUseIPv4 for bridge clients

[nickm]

commit 3b8216f2155f224bf66497c71de4cecb55cd83e6
Author: teor (Tim Wilson-Brown) 
Date:   Mon Jan 4 00:35:22 2016 +1100

Use fascist firewall and ClientUseIPv4 for bridge clients

Bridge clients ignore ClientUseIPv6, acting as if it is always 1.
This preserves existing behaviour.

Make ClientPreferIPv6OR/DirPort auto by default:
 * Bridge clients prefer IPv6 by default.
 * Other clients prefer IPv4 by default.
This preserves existing behaviour.
---
 doc/tor.1.txt  |  16 +--
 src/or/config.c|  49 ++--
 src/or/connection.c|  20 +--
 src/or/directory.c |  12 +-
 src/or/nodelist.c  | 156 +---
 src/or/nodelist.h  |   5 +-
 src/or/or.h|  10 +-
 src/or/policies.c  | 296 +++--
 src/or/policies.h  |  17 +--
 src/or/routerlist.c|   8 +-
 src/test/test_entrynodes.c |  45 ++-
 src/test/test_policy.c | 154 +--
 12 files changed, 403 insertions(+), 385 deletions(-)

diff --git a/doc/tor.1.txt b/doc/tor.1.txt
index 26abef1..f201a61 100644
--- a/doc/tor.1.txt
+++ b/doc/tor.1.txt
@@ -1500,19 +1500,21 @@ The following options are useful only for clients (that 
is, if
 in a **Bridge**, proxy, or pluggable transport line will try connecting
 over IPv6 even if **ClientUseIPv6** is set to 0. (Default: 0)
 
-[[ClientPreferIPv6DirPort]] **ClientPreferIPv6DirPort** **0**|**1**::
+[[ClientPreferIPv6DirPort]] **ClientPreferIPv6DirPort** **0**|**1**|**auto**::
 If this option is set to 1, Tor prefers a directory port with an IPv6
 address over one with IPv4, for direct connections, if a given directory
 server has both. (Tor also prefers an IPv6 DirPort if IPv4Client is set to
-0.) Other things may influence the choice. This option breaks a tie to the
-favor of IPv6. (Default: 0)
+0.) If this option is set to auto, Tor bridge clients prefer IPv6, and
+other clients prefer IPv4. Other things may influence the choice. This
+option breaks a tie to the favor of IPv6. (Default: auto)
 
-[[ClientPreferIPv6ORPort]] **ClientPreferIPv6ORPort** **0**|**1**::
+[[ClientPreferIPv6ORPort]] **ClientPreferIPv6ORPort** **0**|**1**|**auto**::
 If this option is set to 1, Tor prefers an OR port with an IPv6
 address over one with IPv4 if a given entry node has both. (Tor also
-prefers an IPv6 ORPort if IPv4Client is set to 0.) Other things may
-influence the choice. This option breaks a tie to the favor of IPv6.
-(Default: 0)
+prefers an IPv6 ORPort if IPv4Client is set to 0.) If this option is set
+to auto, Tor bridge clients prefer IPv6, and other clients prefer IPv4.
+Other things may influence the choice. This option breaks a tie to the
+favor of IPv6. (Default: auto)
 
 [[PathsNeededToBuildCircuits]] **PathsNeededToBuildCircuits** __NUM__::
 Tor clients don't build circuits for user traffic until they know
diff --git a/src/or/config.c b/src/or/config.c
index d676c6e..caa01d1 100644
--- a/src/or/config.c
+++ b/src/or/config.c
@@ -190,8 +190,8 @@ static config_var_t option_vars_[] = {
   V(CircuitPriorityHalflife, DOUBLE,  "-100.0"), /*negative:'Use default'*/
   V(ClientDNSRejectInternalAddresses, BOOL,"1"),
   V(ClientOnly,  BOOL, "0"),
-  V(ClientPreferIPv6ORPort,  BOOL, "0"),
-  V(ClientPreferIPv6DirPort, BOOL, "0"),
+  V(ClientPreferIPv6ORPort,  AUTOBOOL, "auto"),
+  V(ClientPreferIPv6DirPort, AUTOBOOL, "auto"),
   V(ClientRejectInternalAddresses, BOOL,   "1"),
   V(ClientTransportPlugin,   LINELIST, NULL),
   V(ClientUseIPv6,   BOOL, "0"),
@@ -3073,9 +3073,8 @@ options_validate(or_options_t *old_options, or_options_t 
*options,
 }
   }
 
-  /* Terminate Reachable*Addresses with reject *, but check if it has an
-   * IPv6 entry on the way through */
-  int reachable_knows_ipv6 = 0;
+  /* Terminate Reachable*Addresses with reject *
+   */
   for (i=0; i<3; i++) {
 config_line_t **linep =
   (i==0) ? >ReachableAddresses :
@@ -3085,20 +3084,6 @@ options_validate(or_options_t *old_options, or_options_t 
*options,
   continue;
 /* We need to end with a reject *:*, not an implicit accept *:* */
 for (;;) {
-  /* Check if the policy has an IPv6 entry, or uses IPv4-specific
-   * policies (and therefore we assume it's aware of IPv6). */
-  if (!strcmpstart((*linep)->value, "accept6") ||
-  !strcmpstart((*linep)->value, "reject6") ||
-  !strstr((*linep)->value, "*6") ||
-  strchr((*linep)->value, '[') ||
-  !strcmpstart((*linep)->value, "accept4") ||
-  !strcmpstart((*linep)->value, "reject4") ||
-  !strstr((*linep)->value, "*4"))
-reachable_knows_ipv6 = 1;
-   /* already has a reject all */
-  if (!strcmp((*linep)->value, "reject *:*") ||
-  

[tor-commits] [tor/master] Optimise reachability checks when iterating through relay lists

[nickm]

commit 772577b547aa5e6b13b89f465acf656cd08f2917
Author: teor (Tim Wilson-Brown) 
Date:   Thu Jan 21 13:30:57 2016 +1100

Optimise reachability checks when iterating through relay lists

Skip address checks on servers.

Skip allowed-only address checks on non-bridge clients with IPv4.
---
 src/or/policies.c   |  4 
 src/or/routerlist.c | 55 +
 2 files changed, 51 insertions(+), 8 deletions(-)

diff --git a/src/or/policies.c b/src/or/policies.c
index 506edec..0dc4f96 100644
--- a/src/or/policies.c
+++ b/src/or/policies.c
@@ -323,6 +323,8 @@ firewall_is_fascist_impl(void)
 
 /** Return true iff the firewall options, including ClientUseIPv4 0 and
  * ClientUseIPv6 0, might block any OR address:port combination.
+ * Address preferences may still change which address is selected even if
+ * this function returns false.
  */
 int
 firewall_is_fascist_or(void)
@@ -332,6 +334,8 @@ firewall_is_fascist_or(void)
 
 /** Return true iff the firewall options, including ClientUseIPv4 0 and
  * ClientUseIPv6 0, might block any Dir address:port combination.
+ * Address preferences may still change which address is selected even if
+ * this function returns false.
  */
 int
 firewall_is_fascist_dir(void)
diff --git a/src/or/routerlist.c b/src/or/routerlist.c
index 247818d..9b8885e 100644
--- a/src/or/routerlist.c
+++ b/src/or/routerlist.c
@@ -1623,6 +1623,30 @@ router_picked_poor_directory_log(const routerstatus_t 
*rs)
 } \
   STMT_END
 
+/* When iterating through the routerlist, can OR address/port preference
+ * and reachability checks be skipped?
+ */
+static int
+router_skip_or_reachability(const or_options_t *options, int try_ip_pref)
+{
+  /* Servers always have and prefer IPv4.
+   * And if clients are checking against the firewall for reachability only,
+   * but there's no firewall, don't bother checking */
+  return server_mode(options) || (!try_ip_pref && !firewall_is_fascist_or());
+}
+
+/* When iterating through the routerlist, can Dir address/port preference
+ * and reachability checks be skipped?
+ */
+static int
+router_skip_dir_reachability(const or_options_t *options, int try_ip_pref)
+{
+  /* Servers always have and prefer IPv4.
+   * And if clients are checking against the firewall for reachability only,
+   * but there's no firewall, don't bother checking */
+  return server_mode(options) || (!try_ip_pref && !firewall_is_fascist_dir());
+}
+
 /** Pick a random running valid directory server/mirror from our
  * routerlist.  Arguments are as for router_pick_directory_server(), except:
  *
@@ -1661,6 +1685,9 @@ router_pick_directory_server_impl(dirinfo_type_t type, 
int flags,
   overloaded_direct = smartlist_new();
   overloaded_tunnel = smartlist_new();
 
+  const int skip_or = router_skip_or_reachability(options, try_ip_pref);
+  const int skip_dir = router_skip_dir_reachability(options, try_ip_pref);
+
   /* Find all the running dirservers we know about. */
   SMARTLIST_FOREACH_BEGIN(nodelist_get_list(), const node_t *, node) {
 int is_trusted, is_trusted_extrainfo;
@@ -1704,18 +1731,20 @@ router_pick_directory_server_impl(dirinfo_type_t type, 
int flags,
 
 is_overloaded = status->last_dir_503_at + DIR_503_TIMEOUT > now;
 
-/* We use an IPv6 address if we have one and we prefer it.
+/* Clients use IPv6 addresses if the server has one and the client
+ * prefers IPv6.
  * Add the router if its preferred address and port are reachable.
  * If we don't get any routers, we'll try again with the non-preferred
  * address for each router (if any). (To ensure correct load-balancing
  * we try routers that only have one address both times.)
  */
-if (!fascistfirewall ||
+if (!fascistfirewall || skip_or ||
 fascist_firewall_allows_rs(status, FIREWALL_OR_CONNECTION,
try_ip_pref))
   smartlist_add(is_trusted ? trusted_tunnel :
 is_overloaded ? overloaded_tunnel : tunnel, (void*)node);
-else if (fascist_firewall_allows_rs(status, FIREWALL_DIR_CONNECTION,
+else if (skip_dir ||
+ fascist_firewall_allows_rs(status, FIREWALL_DIR_CONNECTION,
 try_ip_pref))
   smartlist_add(is_trusted ? trusted_direct :
 is_overloaded ? overloaded_direct : direct, (void*)node);
@@ -1820,6 +1849,9 @@ router_pick_trusteddirserver_impl(const smartlist_t 
*sourcelist,
   overloaded_direct = smartlist_new();
   overloaded_tunnel = smartlist_new();
 
+  const int skip_or = router_skip_or_reachability(options, try_ip_pref);
+  const int skip_dir = router_skip_dir_reachability(options, try_ip_pref);
+
   SMARTLIST_FOREACH_BEGIN(sourcelist, const dir_server_t *, d)
 {
   int is_overloaded =
@@ -1845,17 +1877,19 @@ router_pick_trusteddirserver_impl(const smartlist_t 

[tor-commits] [tor/master] Automatically use IPv6 when ClientUseIPv4 is 0

[nickm]

commit 77a9de0d48e61e6762e65f6099c9a424544eb0ad
Author: teor (Tim Wilson-Brown) 
Date:   Fri Jan 22 15:10:18 2016 +1100

Automatically use IPv6 when ClientUseIPv4 is 0

Consequential changes to log messages:
  * it's no longer possible to disable both IPv4 and IPv6,
  * refactor common string out of remaining log messages
---
 src/or/config.c| 16 
 src/or/policies.c  |  6 --
 src/test/test_entrynodes.c | 11 +++
 src/test/test_policy.c | 16 +---
 4 files changed, 28 insertions(+), 21 deletions(-)

diff --git a/src/or/config.c b/src/or/config.c
index caa01d1..b9d9fb2 100644
--- a/src/or/config.c
+++ b/src/or/config.c
@@ -3108,20 +3108,20 @@ options_validate(or_options_t *old_options, 
or_options_t *options,
 
   /* We check if Reachable*Addresses blocks all addresses in
* parse_reachable_addresses(). */
-  if (options->ClientUseIPv4 == 0 && !fascist_firewall_use_ipv6(options))
-REJECT("Tor cannot connect to the Internet if ClientUseIPv4 is 0 and "
-   "ClientUseIPv6 is 0. Please set at least one of these options "
-   "to 1, or configure bridges.");
+
+#define WARN_PLEASE_USE_IPV6_LOG_MSG \
+"ClientPreferIPv6%sPort 1 is ignored unless tor is using IPv6. " \
+"Please set ClientUseIPv6 1, ClientUseIPv4 0, or configure bridges."
 
   if (!fascist_firewall_use_ipv6(options)
   && options->ClientPreferIPv6ORPort == 1)
-log_warn(LD_CONFIG, "ClientPreferIPv6ORPort 1 is ignored unless "
- "ClientUseIPv6 is also 1, or bridges are configured.");
+log_warn(LD_CONFIG, WARN_PLEASE_USE_IPV6_LOG_MSG, "OR");
 
   if (!fascist_firewall_use_ipv6(options)
   && options->ClientPreferIPv6DirPort == 1)
-log_warn(LD_CONFIG, "ClientPreferIPv6DirPort 1 is ignored unless "
- "ClientUseIPv6 is also 1, or bridges are configured.");
+log_warn(LD_CONFIG, WARN_PLEASE_USE_IPV6_LOG_MSG, "Dir");
+
+#undef WARN_PLEASE_USE_IPV6_LOG_MSG
 
   if (options->UseBridges &&
   server_mode(options))
diff --git a/src/or/policies.c b/src/or/policies.c
index 0dc4f96..734558d 100644
--- a/src/or/policies.c
+++ b/src/or/policies.c
@@ -420,11 +420,13 @@ fascist_firewall_allows_address(const tor_addr_t *addr,
 }
 
 /** Is this client configured to use IPv6?
- * Clients use IPv6 if ClientUseIPv6 is 1, or UseBridges is 1.
  */
 int fascist_firewall_use_ipv6(const or_options_t *options)
 {
-  return (options->ClientUseIPv6 == 1 || options->UseBridges == 1);
+  /* Clients use IPv6 if it's set, or they use bridges, or they don't use
+   * IPv4 */
+  return (options->ClientUseIPv6 == 1 || options->UseBridges == 1
+  || options->ClientUseIPv4 == 0);
 }
 
 /** Do we prefer to connect to IPv6, ignoring ClientPreferIPv6ORPort and
diff --git a/src/test/test_entrynodes.c b/src/test/test_entrynodes.c
index a0208b9..14baa8c 100644
--- a/src/test/test_entrynodes.c
+++ b/src/test/test_entrynodes.c
@@ -215,20 +215,23 @@ test_choose_random_entry_one_possible_guard(void *arg)
* time, so we can't be sure we get the guard */
   tt_assert(chosen_entry);
 
-  /* Check that we get the guard if it passes preferred address settings when
-   * they're auto */
+  /* Check that we get a node if it is allowed but not preferred when settings
+   * are auto */
   memset(_options, 0, sizeof(mocked_options));
   mocked_options.ClientUseIPv4 = 1;
   mocked_options.ClientPreferIPv6ORPort = -1;
 
   chosen_entry = choose_random_entry(NULL);
-  tt_ptr_op(chosen_entry, OP_EQ, the_guard);
+
+  /* We disable the guard check and the preferred address check at the same
+   * time, so we can't be sure we get the guard */
+  tt_assert(chosen_entry);
 
   /* and with IPv6 active */
   mocked_options.ClientUseIPv6 = 1;
 
   chosen_entry = choose_random_entry(NULL);
-  tt_ptr_op(chosen_entry, OP_EQ, the_guard);
+  tt_assert(chosen_entry);
 
  done:
   memset(_options, 0, sizeof(mocked_options));
diff --git a/src/test/test_policy.c b/src/test/test_policy.c
index 1daa38e..2e87f13 100644
--- a/src/test/test_policy.c
+++ b/src/test/test_policy.c
@@ -1310,7 +1310,8 @@ test_policies_fascist_firewall_allows_address(void *arg)
   tt_assert(fascist_firewall_allows_address(_ipv6_addr, port, policy, 0, 0)
 == 0);
 
-  /* Test the function's address matching with everything off */
+  /* Test the function's address matching with ClientUseIPv4 0.
+   * This means "use IPv6" regardless of the other settings. */
   memset(_options, 0, sizeof(or_options_t));
   mock_options.ClientUseIPv4 = 0;
   mock_options.ClientUseIPv6 = 0;
@@ -1319,7 +1320,7 @@ test_policies_fascist_firewall_allows_address(void *arg)
   tt_assert(fascist_firewall_allows_address(_addr, port, policy, 0, 0)
 == 0);
   tt_assert(fascist_firewall_allows_address(_addr, port, policy, 0, 0)
-== 0);
+== 1);
   tt_assert(fascist_firewall_allows_address(_ipv4_addr, port, policy, 0, 0)
 == 0);
   

[tor-commits] [tor/master] Make bridge clients prefer the configured bridge address

[nickm]

commit c213f277cde00b258b159446f8d975026194c034
Author: teor (Tim Wilson-Brown) 
Date:   Wed Feb 3 23:52:39 2016 +1100

Make bridge clients prefer the configured bridge address

When ClientPreferIPv6ORPort is auto, bridges prefer the configured
bridge ORPort address. Otherwise, they use the value of the option.
Other clients prefer IPv4 ORPorts if ClientPreferIPv6ORPort is auto.

When ClientPreferIPv6DirPort is auto, all clients prefer IPv4 DirPorts.
---
 doc/tor.1.txt  | 12 ++--
 src/or/entrynodes.c| 22 --
 src/or/nodelist.c  | 24 +++-
 src/or/policies.c  | 18 +++---
 src/test/test_entrynodes.c | 10 ++
 src/test/test_policy.c | 25 +++--
 6 files changed, 61 insertions(+), 50 deletions(-)

diff --git a/doc/tor.1.txt b/doc/tor.1.txt
index 87d976b..4c9c53d 100644
--- a/doc/tor.1.txt
+++ b/doc/tor.1.txt
@@ -1504,17 +1504,17 @@ The following options are useful only for clients (that 
is, if
 If this option is set to 1, Tor prefers a directory port with an IPv6
 address over one with IPv4, for direct connections, if a given directory
 server has both. (Tor also prefers an IPv6 DirPort if IPv4Client is set to
-0.) If this option is set to auto, Tor bridge clients prefer IPv6, and
-other clients prefer IPv4. Other things may influence the choice. This
-option breaks a tie to the favor of IPv6. (Default: auto)
+0.) If this option is set to auto, clients prefer IPv4. Other things may
+influence the choice. This option breaks a tie to the favor of IPv6.
+(Default: auto)
 
 [[ClientPreferIPv6ORPort]] **ClientPreferIPv6ORPort** **0**|**1**|**auto**::
 If this option is set to 1, Tor prefers an OR port with an IPv6
 address over one with IPv4 if a given entry node has both. (Tor also
 prefers an IPv6 ORPort if IPv4Client is set to 0.) If this option is set
-to auto, Tor bridge clients prefer IPv6, and other clients prefer IPv4.
-Other things may influence the choice. This option breaks a tie to the
-favor of IPv6. (Default: auto)
+to auto, Tor bridge clients prefer the configured bridge address, and
+other clients prefer IPv4. Other things may influence the choice. This
+option breaks a tie to the favor of IPv6. (Default: auto)
 
 [[PathsNeededToBuildCircuits]] **PathsNeededToBuildCircuits** __NUM__::
 Tor clients don't build circuits for user traffic until they know
diff --git a/src/or/entrynodes.c b/src/or/entrynodes.c
index d6bef65..a4b9350 100644
--- a/src/or/entrynodes.c
+++ b/src/or/entrynodes.c
@@ -2240,6 +2240,7 @@ rewrite_node_address_for_bridge(const bridge_info_t 
*bridge, node_t *node)
*   does so through an address from any source other than node_get_addr().
*/
   tor_addr_t addr;
+  const or_options_t *options = get_options();
 
   if (node->ri) {
 routerinfo_t *ri = node->ri;
@@ -2272,9 +2273,15 @@ rewrite_node_address_for_bridge(const bridge_info_t 
*bridge, node_t *node)
   }
 }
 
-/* Mark which address to use based on which bridge_t we got. */
-node->ipv6_preferred = (tor_addr_family(>addr) == AF_INET6 &&
-!tor_addr_is_null(>ri->ipv6_addr));
+if (options->ClientPreferIPv6ORPort == -1) {
+  /* Mark which address to use based on which bridge_t we got. */
+  node->ipv6_preferred = (tor_addr_family(>addr) == AF_INET6 &&
+  !tor_addr_is_null(>ri->ipv6_addr));
+} else {
+  /* Mark which address to use based on user preference */
+  node->ipv6_preferred = (fascist_firewall_prefer_ipv6_orport(options) &&
+  !tor_addr_is_null(>ri->ipv6_addr));
+}
 
 /* XXXipv6 we lack support for falling back to another address for
the same relay, warn the user */
@@ -2283,10 +2290,13 @@ rewrite_node_address_for_bridge(const bridge_info_t 
*bridge, node_t *node)
   node_get_pref_orport(node, );
   log_notice(LD_CONFIG,
  "Bridge '%s' has both an IPv4 and an IPv6 address.  "
- "Will prefer using its %s address (%s).",
+ "Will prefer using its %s address (%s) based on %s.",
  ri->nickname,
- tor_addr_family() == AF_INET6 ? "IPv6" : "IPv4",
- fmt_addrport(, ap.port));
+ node->ipv6_preferred ? "IPv6" : "IPv4",
+ fmt_addrport(, ap.port),
+ options->ClientPreferIPv6ORPort == -1 ?
+ "the configured Bridge address" :
+ "ClientPreferIPv6ORPort");
 }
   }
   if (node->rs) {
diff --git a/src/or/nodelist.c b/src/or/nodelist.c
index d7cada9..23e9b0e 100644
--- a/src/or/nodelist.c
+++ b/src/or/nodelist.c
@@ -981,10 +981,6 @@ node_has_ipv6_dirport(const node_t *node)
  *  i) the node_t says that it prefers IPv6
  *  or
  *  ii) the router has no IPv4 OR 

[tor-commits] [tor/master] Choose OR Entry Guards using IPv4/IPv6 preferences

[nickm]

commit 268608c0a0605e596d1a884ee35d432c88bac38b
Author: teor (Tim Wilson-Brown) 
Date:   Fri Dec 18 11:28:54 2015 +1100

Choose OR Entry Guards using IPv4/IPv6 preferences

Update unit tests.
---
 src/or/circuitbuild.c  | 15 +++-
 src/or/or.h|  4 +-
 src/or/routerlist.c| 18 +++--
 src/or/routerlist.h|  3 +-
 src/test/test_entrynodes.c | 93 +-
 5 files changed, 108 insertions(+), 25 deletions(-)

diff --git a/src/or/circuitbuild.c b/src/or/circuitbuild.c
index d44fcd7..dcb9de3 100644
--- a/src/or/circuitbuild.c
+++ b/src/or/circuitbuild.c
@@ -1778,7 +1778,7 @@ pick_tor2web_rendezvous_node(router_crn_flags_t flags,
   router_add_running_nodes_to_smartlist(all_live_nodes,
 allow_invalid,
 0, 0, 0,
-need_desc);
+need_desc, 0);
 
   /* Filter all_live_nodes to only add live *and* whitelisted RPs to
* the list whitelisted_live_rps. */
@@ -2144,7 +2144,9 @@ choose_good_entry_server(uint8_t purpose, 
cpath_build_state_t *state)
   const node_t *choice;
   smartlist_t *excluded;
   const or_options_t *options = get_options();
-  router_crn_flags_t flags = CRN_NEED_GUARD|CRN_NEED_DESC;
+  /* If possible, choose an entry server with a preferred address,
+   * otherwise, choose one with an allowed address */
+  router_crn_flags_t flags = CRN_NEED_GUARD|CRN_NEED_DESC|CRN_PREF_ADDR;
   const node_t *node;
 
   if (state && options->UseEntryGuards &&
@@ -2161,12 +2163,6 @@ choose_good_entry_server(uint8_t purpose, 
cpath_build_state_t *state)
  * family. */
 nodelist_add_node_and_family(excluded, node);
   }
-  /* Exclude all ORs that we can't reach through our firewall */
-  smartlist_t *nodes = nodelist_get_list();
-  SMARTLIST_FOREACH(nodes, const node_t *, node, {
-if (!fascist_firewall_allows_node(node, FIREWALL_OR_CONNECTION, 0))
-  smartlist_add(excluded, (void*)node);
-  });
   /* and exclude current entry guards and their families,
* unless we're in a test network, and excluding guards
* would exclude all nodes (i.e. we're in an incredibly small tor network,
@@ -2332,8 +2328,9 @@ extend_info_from_node(const node_t *node, int 
for_direct_connect)
   if (node->ri == NULL && (node->rs == NULL || node->md == NULL))
 return NULL;
 
+  /* Choose a preferred address first, but fall back to an allowed address*/
   if (for_direct_connect)
-node_get_pref_orport(node, );
+fascist_firewall_choose_address_node(node, FIREWALL_OR_CONNECTION, 0, );
   else
 node_get_prim_orport(node, );
 
diff --git a/src/or/or.h b/src/or/or.h
index b1765d1..412789c 100644
--- a/src/or/or.h
+++ b/src/or/or.h
@@ -5221,7 +5221,9 @@ typedef enum {
   CRN_ALLOW_INVALID = 1<<3,
   /*  not used, apparently. */
   CRN_WEIGHT_AS_EXIT = 1<<5,
-  CRN_NEED_DESC = 1<<6
+  CRN_NEED_DESC = 1<<6,
+  /* On clients, only provide nodes that satisfy ClientPreferIPv6OR */
+  CRN_PREF_ADDR = 1<<7
 } router_crn_flags_t;
 
 /** Return value for router_add_to_routerlist() and dirserv_add_descriptor() */
diff --git a/src/or/routerlist.c b/src/or/routerlist.c
index c45854c..804ff29 100644
--- a/src/or/routerlist.c
+++ b/src/or/routerlist.c
@@ -1826,7 +1826,8 @@ routerlist_add_node_and_family(smartlist_t *sl, const 
routerinfo_t *router)
 void
 router_add_running_nodes_to_smartlist(smartlist_t *sl, int allow_invalid,
   int need_uptime, int need_capacity,
-  int need_guard, int need_desc)
+  int need_guard, int need_desc,
+  int pref_addr)
 { /*  MOVE */
   SMARTLIST_FOREACH_BEGIN(nodelist_get_list(), const node_t *, node) {
 if (!node->is_running ||
@@ -1838,6 +1839,9 @@ router_add_running_nodes_to_smartlist(smartlist_t *sl, 
int allow_invalid,
   continue;
 if (node_is_unreliable(node, need_uptime, need_capacity, need_guard))
   continue;
+/* Choose a node with a preferred OR address */
+if (!fascist_firewall_allows_node(node, FIREWALL_OR_CONNECTION, pref_addr))
+  continue;
 
 smartlist_add(sl, (void *)node);
   } SMARTLIST_FOREACH_END(node);
@@ -2299,6 +2303,10 @@ node_sl_choose_by_bandwidth(const smartlist_t *sl,
  * If CRN_NEED_DESC is set in flags, we only consider nodes that
  * have a routerinfo or microdescriptor -- that is, enough info to be
  * used to build a circuit.
+ * If CRN_PREF_ADDR is set in flags, we only consider nodes that
+ * have an address that is preferred by the ClientPreferIPv6ORPort setting
+ * (regardless of this flag, we exclude nodes that aren't allowed by the
+ * firewall, including ClientUseIPv4 0 and ClientUseIPv6 0).
  */
 const node_t *
 router_choose_random_node(smartlist_t *excludedsmartlist,
@@ -2311,6 +2319,7 @@ 

[tor-commits] [tor/master] Minor whitespace-only fix

[nickm]

commit 3a00215c35b01909a2db24132ab800298d61b647
Author: teor (Tim Wilson-Brown) 
Date:   Thu Jan 21 12:57:28 2016 +1100

Minor whitespace-only fix
---
 src/or/connection.c | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/src/or/connection.c b/src/or/connection.c
index 0420f26..63bfb2e 100644
--- a/src/or/connection.c
+++ b/src/or/connection.c
@@ -1732,8 +1732,7 @@ connection_connect_log_client_use_ip_version(const 
connection_t *conn)
 
   /* Only clients care about ClientUseIPv4/6, bail out early on servers, and
* on connections we don't care about */
-  if (server_mode(options) || !conn
-  || conn->type == CONN_TYPE_EXIT) {
+  if (server_mode(options) || !conn || conn->type == CONN_TYPE_EXIT) {
 return;
   }
 



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/master] Tor2Web: tell extend_info_from_node intro point connections are direct

[nickm]

commit 73fc67bc8906819a42ed44abe33179512f90a883
Author: teor (Tim Wilson-Brown) 
Date:   Fri Jan 22 18:05:28 2016 +1100

Tor2Web: tell extend_info_from_node intro point connections are direct
---
 src/or/rendclient.c | 12 ++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/src/or/rendclient.c b/src/or/rendclient.c
index d9cea53..dc05d6f 100644
--- a/src/or/rendclient.c
+++ b/src/or/rendclient.c
@@ -1366,11 +1366,19 @@ rend_client_get_random_intro_impl(const 
rend_cache_entry_t *entry,
   smartlist_del(usable_nodes, i);
   goto again;
 }
+#ifdef ENABLE_TOR2WEB_MODE
+new_extend_info = extend_info_from_node(node, options->Tor2webMode);
+#else
 new_extend_info = extend_info_from_node(node, 0);
+#endif
 if (!new_extend_info) {
+  const char *alternate_reason = "";
+#ifdef ENABLE_TOR2WEB_MODE
+  alternate_reason = ", or we cannot connect directly to it";
+#endif
   log_info(LD_REND, "We don't have a descriptor for the intro-point relay "
-   "'%s'; trying another.",
-   extend_info_describe(intro->extend_info));
+   "'%s'%s; trying another.",
+   extend_info_describe(intro->extend_info), alternate_reason);
   smartlist_del(usable_nodes, i);
   goto again;
 } else {



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/master] Consistently format addresses in node_get_address_string

[nickm]

commit 4db5a35e669a03db33d04632349ec95022de53cf
Author: teor (Tim Wilson-Brown) 
Date:   Wed Jan 20 13:17:08 2016 +1100

Consistently format addresses in node_get_address_string

Also, don't write to a buffer with length zero.
---
 src/or/nodelist.c | 10 +-
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/src/or/nodelist.c b/src/or/nodelist.c
index c8f93bf..28d8741 100644
--- a/src/or/nodelist.c
+++ b/src/or/nodelist.c
@@ -863,13 +863,13 @@ node_get_prim_addr_ipv4h(const node_t *node)
 void
 node_get_address_string(const node_t *node, char *buf, size_t len)
 {
-  if (node->ri) {
-strlcpy(buf, fmt_addr32(node->ri->addr), len);
-  } else if (node->rs) {
+  uint32_t ipv4_addr = node_get_prim_addr_ipv4h(node);
+
+  if (tor_addr_is_valid_ipv4h(ipv4_addr, 0)) {
 tor_addr_t addr;
-tor_addr_from_ipv4h(, node->rs->addr);
+tor_addr_from_ipv4h(, ipv4_addr);
 tor_addr_to_str(buf, , len, 0);
-  } else {
+  } else if (len > 0) {
 buf[0] = '\0';
   }
 }



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/master] Merge remote-tracking branch 'teor/feature17840-v11-merged-v2'

[nickm]

commit ba2be81fc36ba6140247873799b747605fb07bd4
Merge: cae59b9 c213f27
Author: Nick Mathewson 
Date:   Thu Feb 11 12:20:20 2016 -0500

Merge remote-tracking branch 'teor/feature17840-v11-merged-v2'

 changes/feature17840   |   9 +
 doc/tor.1.txt  |  37 ++-
 src/common/address.c   |  53 
 src/common/address.h   |  21 ++
 src/or/circuitbuild.c  |  48 ++--
 src/or/circuituse.c|   7 +-
 src/or/config.c|  30 +-
 src/or/connection.c|  74 -
 src/or/connection.h|   6 +-
 src/or/control.c   |  18 +-
 src/or/directory.c | 251 
 src/or/directory.h |   4 +-
 src/or/entrynodes.c|  48 +++-
 src/or/nodelist.c  | 307 +++-
 src/or/nodelist.h  |  12 +-
 src/or/or.h|  29 +-
 src/or/policies.c  | 695 +++--
 src/or/policies.h  |  54 +++-
 src/or/rendclient.c|  12 +-
 src/or/router.c|  31 +-
 src/or/routerlist.c| 332 +-
 src/or/routerlist.h|   5 +-
 src/test/test_entrynodes.c | 226 ++-
 src/test/test_policy.c | 536 ++
 src/test/test_routerlist.c |  73 +
 25 files changed, 2595 insertions(+), 323 deletions(-)

___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/master] Merge branch 'feature17840-v11-squashed' into feature17840-v11-merged

[nickm]

commit c4cb4706c9bb1087584c9813b0ca97c261e6fd77
Merge: 42dea56 73fc67b
Author: teor (Tim Wilson-Brown) 
Date:   Fri Jan 29 07:37:06 2016 +1100

Merge branch 'feature17840-v11-squashed' into feature17840-v11-merged

Conflicts:
src/or/directory.c
src/test/test_routerlist.c

Fix minor conflicts.

 changes/feature17840   |   9 +
 doc/tor.1.txt  |  39 ++-
 src/common/address.c   |  53 
 src/common/address.h   |  21 ++
 src/or/circuitbuild.c  |  48 ++--
 src/or/circuituse.c|   7 +-
 src/or/config.c|  30 +-
 src/or/connection.c|  74 -
 src/or/connection.h|   6 +-
 src/or/control.c   |  18 +-
 src/or/directory.c | 251 
 src/or/directory.h |   4 +-
 src/or/entrynodes.c|  26 +-
 src/or/nodelist.c  | 309 +++-
 src/or/nodelist.h  |  12 +-
 src/or/or.h|  29 +-
 src/or/policies.c  | 699 +++--
 src/or/policies.h  |  54 +++-
 src/or/rendclient.c|  12 +-
 src/or/router.c|  31 +-
 src/or/routerlist.c| 332 -
 src/or/routerlist.h|   5 +-
 src/test/test_entrynodes.c | 218 +-
 src/test/test_policy.c | 531 ++
 src/test/test_routerlist.c |  73 +
 25 files changed, 2576 insertions(+), 315 deletions(-)

diff --cc src/test/test_routerlist.c
index 090a607,7ec6525..193e3fa
--- a/src/test/test_routerlist.c
+++ b/src/test/test_routerlist.c
@@@ -1,35 -1,12 +1,36 @@@
  /* Copyright (c) 2014, The Tor Project, Inc. */
  /* See LICENSE for licensing information */
  
 +#include "orconfig.h"
 +#include 
 +#include 
 +
 +#define DIRVOTE_PRIVATE
 +#define NETWORKSTATUS_PRIVATE
  #define ROUTERLIST_PRIVATE
 +#define TOR_UNIT_TESTING
  #include "or.h"
 -#include "routerlist.h"
 -#include "directory.h"
 +#include "config.h"
+ #include "connection.h"
 +#include "container.h"
 +#include "directory.h"
 +#include "dirvote.h"
 +#include "networkstatus.h"
 +#include "nodelist.h"
 +#include "policies.h"
 +#include "routerlist.h"
 +#include "routerparse.h"
  #include "test.h"
 +#include "test_dir_common.h"
 +
 +extern const char AUTHORITY_CERT_1[];
 +extern const char AUTHORITY_SIGNKEY_1[];
 +extern const char AUTHORITY_CERT_2[];
 +extern const char AUTHORITY_SIGNKEY_2[];
 +extern const char AUTHORITY_CERT_3[];
 +extern const char AUTHORITY_SIGNKEY_3[];
 +
 +void construct_consensus(const char **consensus_text_md);
  
  /* 4 digests + 3 sep + pre + post + NULL */
  static char output[4*BASE64_DIGEST256_LEN+3+2+2+1];
@@@ -118,268 -95,84 +119,340 @@@ test_routerlist_launch_descriptor_downl
smartlist_free(downloadable);
  }
  
 +void
 +construct_consensus(const char **consensus_text_md)
 +{
 +  networkstatus_t *vote = NULL;
 +  networkstatus_t *v1 = NULL, *v2 = NULL, *v3 = NULL;
 +  networkstatus_voter_info_t *voter = NULL;
 +  authority_cert_t *cert1=NULL, *cert2=NULL, *cert3=NULL;
 +  crypto_pk_t *sign_skey_1=NULL, *sign_skey_2=NULL, *sign_skey_3=NULL;
 +  crypto_pk_t *sign_skey_leg=NULL;
 +  time_t now = time(NULL);
 +  smartlist_t *votes = NULL;
 +  addr_policy_t *pol1 = NULL, *pol2 = NULL, *pol3 = NULL;
 +  int n_vrs;
 +
 +  tt_assert(!dir_common_authority_pk_init(, , ,
 +  _skey_1, _skey_2,
 +  _skey_3));
 +  sign_skey_leg = pk_generate(4);
 +
 +  dir_common_construct_vote_1(, cert1, sign_skey_1,
 +  _common_gen_routerstatus_for_v3ns,
 +  , _vrs, now, 1);
 +
 +  tt_assert(v1);
 +  tt_int_op(n_vrs, ==, 4);
 +  tt_int_op(smartlist_len(v1->routerstatus_list), ==, 4);
 +
 +  dir_common_construct_vote_2(, cert2, sign_skey_2,
 +  _common_gen_routerstatus_for_v3ns,
 +  , _vrs, now, 1);
 +
 +  tt_assert(v2);
 +  tt_int_op(n_vrs, ==, 4);
 +  tt_int_op(smartlist_len(v2->routerstatus_list), ==, 4);
 +
 +  dir_common_construct_vote_3(, cert3, sign_skey_3,
 +  _common_gen_routerstatus_for_v3ns,
 +  , _vrs, now, 1);
 +
 +  tt_assert(v3);
 +  tt_int_op(n_vrs, ==, 4);
 +  tt_int_op(smartlist_len(v3->routerstatus_list), ==, 4);
 +
 +  votes = smartlist_new();
 +  smartlist_add(votes, v1);
 +  smartlist_add(votes, v2);
 +  smartlist_add(votes, v3);
 +
 +  *consensus_text_md = networkstatus_compute_consensus(votes, 3,
 +   cert1->identity_key,
 +   sign_skey_1,
 +   "",
 +   sign_skey_leg,
 +   FLAV_MICRODESC);
 +
 +  tt_assert(*consensus_text_md);
 +
 + done:
 +  if (vote)
 +

[tor-commits] [tor/master] Make entry_guard_set_status consistent with entry_is_live

[nickm]

commit 4528f893163ad7ab27915451caf23b3a722413ce
Author: teor (Tim Wilson-Brown) 
Date:   Sun Jan 3 23:16:06 2016 +1100

Make entry_guard_set_status consistent with entry_is_live

Check fascist_firewall_allows_node in entry_guard_set_status and
return the same message as entry_is_live.
---
 src/or/entrynodes.c | 5 -
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/src/or/entrynodes.c b/src/or/entrynodes.c
index 583b7ef..1ce44d1 100644
--- a/src/or/entrynodes.c
+++ b/src/or/entrynodes.c
@@ -87,7 +87,7 @@ get_entry_guards(void)
 
 /** Check whether the entry guard e is usable, given the directory
  * authorities' opinion about the router (stored in ri) and the user's
- * configuration (in options). Set e-bad_since
+ * configuration (in options). Set e->bad_since
  * accordingly. Return true iff the entry guard's status changes.
  *
  * If it's not usable, set *reason to a static string explaining why.
@@ -117,6 +117,9 @@ entry_guard_set_status(entry_guard_t *e, const node_t *node,
 *reason = "not recommended as a guard";
   else if (routerset_contains_node(options->ExcludeNodes, node))
 *reason = "excluded";
+  /* We only care about OR connection connectivity for entry guards. */
+  else if (!fascist_firewall_allows_node(node, FIREWALL_OR_CONNECTION, 0))
+*reason = "unreachable by config";
   else if (e->path_bias_disabled)
 *reason = "path-biased";
 



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/master] Choose directory servers by IPv4/IPv6 preferences

[nickm]

commit e72cbf7a4e346f0d379961520db8bea7e9249f88
Author: teor (Tim Wilson-Brown) 
Date:   Fri Dec 18 11:29:47 2015 +1100

Choose directory servers by IPv4/IPv6 preferences

Add unit tests, refactor pick_directory functions.
---
 src/or/connection.c|   6 +-
 src/or/connection.h|   6 +-
 src/or/directory.c | 180 +++-
 src/or/routerlist.c| 224 +++--
 src/or/routerlist.h|   2 +
 src/test/test_routerlist.c |  73 +++
 6 files changed, 375 insertions(+), 116 deletions(-)

diff --git a/src/or/connection.c b/src/or/connection.c
index 9765a8e..d59e07b 100644
--- a/src/or/connection.c
+++ b/src/or/connection.c
@@ -4252,10 +4252,10 @@ connection_write_to_buf_impl_,(const char *string, 
size_t len,
 /** Return a connection with given type, address, port, and purpose;
  * or NULL if no such connection exists (or if all such connections are marked
  * for close). */
-connection_t *
-connection_get_by_type_addr_port_purpose(int type,
+MOCK_IMPL(connection_t *,
+connection_get_by_type_addr_port_purpose,(int type,
  const tor_addr_t *addr, uint16_t port,
- int purpose)
+ int purpose))
 {
   CONN_GET_TEMPLATE(conn,
(conn->type == type &&
diff --git a/src/or/connection.h b/src/or/connection.h
index 59ea6d8..ec5c394 100644
--- a/src/or/connection.h
+++ b/src/or/connection.h
@@ -186,9 +186,9 @@ connection_get_outbuf_len(connection_t *conn)
 connection_t *connection_get_by_global_id(uint64_t id);
 
 connection_t *connection_get_by_type(int type);
-connection_t *connection_get_by_type_addr_port_purpose(int type,
-   const tor_addr_t *addr,
-   uint16_t port, int purpose);
+MOCK_DECL(connection_t *,connection_get_by_type_addr_port_purpose,(int type,
+  const tor_addr_t *addr,
+  uint16_t port, int purpose));
 connection_t *connection_get_by_type_state(int type, int state);
 connection_t *connection_get_by_type_state_rendquery(int type, int state,
  const char *rendquery);
diff --git a/src/or/directory.c b/src/or/directory.c
index d5531d8..438b5d8 100644
--- a/src/or/directory.c
+++ b/src/or/directory.c
@@ -82,18 +82,18 @@ static void dir_microdesc_download_failed(smartlist_t 
*failed,
 static void note_client_request(int purpose, int compressed, size_t bytes);
 static int client_likes_consensus(networkstatus_t *v, const char *want_url);
 
-static void directory_initiate_command_rend(const tor_addr_t *addr,
-uint16_t or_port,
-uint16_t dir_port,
-const char *digest,
-uint8_t dir_purpose,
-uint8_t router_purpose,
-dir_indirection_t indirection,
-const char *resource,
-const char *payload,
-size_t payload_len,
-time_t if_modified_since,
-const rend_data_t *rend_query);
+static void directory_initiate_command_rend(
+  const tor_addr_port_t *or_addr_port,
+  const tor_addr_port_t *dir_addr_port,
+  const char *digest,
+  uint8_t dir_purpose,
+  uint8_t router_purpose,
+  dir_indirection_t indirection,
+  const char *resource,
+  const char *payload,
+  size_t payload_len,
+  time_t if_modified_since,
+  const rend_data_t *rend_query);
 
 /* START VARIABLES **/
 
@@ -624,8 +624,10 @@ directory_initiate_command_routerstatus_rend(const 
routerstatus_t *status,
 {
   const or_options_t *options = get_options();
   const node_t *node;
-  tor_addr_t addr;
+  tor_addr_port_t use_or_ap, use_dir_ap;
   const int anonymized_connection = dirind_is_anon(indirection);
+  int have_or = 0, have_dir = 0;
+
   node = node_get_by_id(status->identity_digest);
 
   if (!node && anonymized_connection) {
@@ -634,7 +636,6 @@ directory_initiate_command_routerstatus_rend(const 
routerstatus_t *status,
  

[tor-commits] [tor/master] Fix *_get_all_orports to use ipv6_orport

[nickm]

commit 4460feaf2850ef0fb027a2d01786a5bbaee056dc
Author: teor (Tim Wilson-Brown) 
Date:   Tue Dec 22 10:42:09 2015 +1100

Fix *_get_all_orports to use ipv6_orport

node_get_all_orports and router_get_all_orports incorrectly used or_port
with IPv6 addresses. They now use ipv6_orport.

Also refactor and remove duplicated code.
---
 src/common/address.c | 53 
 src/common/address.h | 21 +++
 src/or/nodelist.c| 76 
 src/or/router.c  | 26 +-
 4 files changed, 140 insertions(+), 36 deletions(-)

diff --git a/src/common/address.c b/src/common/address.c
index 69a8098..19e9fdd 100644
--- a/src/common/address.c
+++ b/src/common/address.c
@@ -908,6 +908,59 @@ tor_addr_is_loopback(const tor_addr_t *addr)
   }
 }
 
+/* Is addr valid?
+ * Checks that addr is non-NULL and not tor_addr_is_null().
+ * If for_listening is true, IPv4 addr 0.0.0.0 is allowed.
+ * It means "bind to all addresses on the local machine". */
+int
+tor_addr_is_valid(const tor_addr_t *addr, int for_listening)
+{
+  /* NULL addresses are invalid regardless of for_listening */
+  if (addr == NULL) {
+return 0;
+  }
+
+  /* Only allow IPv4 0.0.0.0 for_listening. */
+  if (for_listening && addr->family == AF_INET
+  && tor_addr_to_ipv4h(addr) == 0) {
+return 1;
+  }
+
+  /* Otherwise, the address is valid if it's not tor_addr_is_null() */
+  return !tor_addr_is_null(addr);
+}
+
+/* Is the network-order IPv4 address v4n_addr valid?
+ * Checks that addr is not zero.
+ * Except if for_listening is true, where IPv4 addr 0.0.0.0 is allowed. */
+int
+tor_addr_is_valid_ipv4n(uint32_t v4n_addr, int for_listening)
+{
+  /* Any IPv4 address is valid with for_listening. */
+  if (for_listening) {
+return 1;
+  }
+
+  /* Otherwise, zero addresses are invalid. */
+  return v4n_addr != 0;
+}
+
+/* Is port valid?
+ * Checks that port is not 0.
+ * Except if for_listening is true, where port 0 is allowed.
+ * It means "OS chooses a port". */
+int
+tor_port_is_valid(uint16_t port, int for_listening)
+{
+  /* Any port value is valid with for_listening. */
+  if (for_listening) {
+return 1;
+  }
+
+  /* Otherwise, zero ports are invalid. */
+  return port != 0;
+}
+
 /** Set dest to equal the IPv4 address in v4addr (given in
  * network order). */
 void
diff --git a/src/common/address.h b/src/common/address.h
index 684ba65..918b024 100644
--- a/src/common/address.h
+++ b/src/common/address.h
@@ -267,6 +267,27 @@ void tor_addr_from_in6(tor_addr_t *dest, const struct 
in6_addr *in6);
 int tor_addr_is_null(const tor_addr_t *addr);
 int tor_addr_is_loopback(const tor_addr_t *addr);
 
+int tor_addr_is_valid(const tor_addr_t *addr, int for_listening);
+int tor_addr_is_valid_ipv4n(uint32_t v4n_addr, int for_listening);
+#define tor_addr_is_valid_ipv4h(v4h_addr, for_listening) \
+tor_addr_is_valid_ipv4n(htonl(v4h_addr), (for_listening))
+int tor_port_is_valid(uint16_t port, int for_listening);
+/* Are addr and port both valid? */
+#define tor_addr_port_is_valid(addr, port, for_listening) \
+(tor_addr_is_valid((addr), (for_listening)) &&\
+ tor_port_is_valid((port), (for_listening)))
+/* Are ap->addr and ap->port both valid? */
+#define tor_addr_port_is_valid_ap(ap, for_listening) \
+tor_addr_port_is_valid(&(ap)->addr, (ap)->port, (for_listening))
+/* Are the network-order v4addr and port both valid? */
+#define tor_addr_port_is_valid_ipv4n(v4n_addr, port, for_listening) \
+(tor_addr_is_valid_ipv4n((v4n_addr), (for_listening)) &&\
+ tor_port_is_valid((port), (for_listening)))
+/* Are the host-order v4addr and port both valid? */
+#define tor_addr_port_is_valid_ipv4h(v4h_addr, port, for_listening) \
+(tor_addr_is_valid_ipv4h((v4h_addr), (for_listening)) &&\
+ tor_port_is_valid((port), (for_listening)))
+
 int tor_addr_port_split(int severity, const char *addrport,
 char **address_out, uint16_t *port_out);
 
diff --git a/src/or/nodelist.c b/src/or/nodelist.c
index fc27207..a1d99e9 100644
--- a/src/or/nodelist.c
+++ b/src/or/nodelist.c
@@ -754,6 +754,40 @@ node_exit_policy_is_exact(const node_t *node, sa_family_t 
family)
   return 1;
 }
 
+/* Check if the "addr" and port_field fields from r are a valid non-listening
+ * address/port. If so, set valid to true and add a newly allocated
+ * tor_addr_port_t containing "addr" and port_field to sl.
+ * "addr" is an IPv4 host-order address and port_field is a uint16_t.
+ * r is typically a routerinfo_t or routerstatus_t.
+ */
+#define SL_ADD_NEW_IPV4_AP(r, port_field, sl, valid) \
+  STMT_BEGIN \
+if (tor_addr_port_is_valid_ipv4h((r)->addr, (r)->port_field, 0)) { \
+  valid = 1; \
+  tor_addr_port_t *ap = tor_malloc(sizeof(tor_addr_port_t)); \
+  tor_addr_from_ipv4h(>addr, (r)->addr); \
+  ap->port = (r)->port_field; \
+  

[tor-commits] [tor/master] Log when IPv4/IPv6 restrictions or preferences weren't met

[nickm]

commit c3cc8e16e9655ffcaead811675c360b6764f2992
Author: teor (Tim Wilson-Brown) 
Date:   Tue Dec 22 11:31:54 2015 +1100

Log when IPv4/IPv6 restrictions or preferences weren't met
---
 src/or/connection.c | 65 +
 src/or/directory.c  | 12 +++---
 src/or/routerlist.c | 49 
 3 files changed, 123 insertions(+), 3 deletions(-)

diff --git a/src/or/connection.c b/src/or/connection.c
index d59e07b..f252d2f 100644
--- a/src/or/connection.c
+++ b/src/or/connection.c
@@ -19,6 +19,7 @@
  */
 #define TOR_CHANNEL_INTERNAL_
 #define CONNECTION_PRIVATE
+#include "backtrace.h"
 #include "channel.h"
 #include "channeltls.h"
 #include "circuitbuild.h"
@@ -1721,6 +1722,66 @@ connection_connect_sockaddr,(connection_t *conn,
   return inprogress ? 0 : 1;
 }
 
+/* Log a message if connection violates ClientUseIPv4 0 or ClientUseIPv6 0.
+ * Log a less severe message if we couldn't conform to ClientPreferIPv6ORPort
+ * or ClientPreferIPv6ORPort. */
+static void
+connection_connect_log_client_use_ip_version(const connection_t *conn)
+{
+  const or_options_t *options = get_options();
+
+  /* Only non-bridge clients care about ClientUseIPv4/6, bail out early on
+   * servers and bridge clients */
+  if (options->UseBridges || server_mode(options) || !conn
+  || conn->type == CONN_TYPE_EXIT) {
+return;
+  }
+
+  /* We're only prepared to log OR and DIR connections here */
+  if (conn->type != CONN_TYPE_OR && conn->type != CONN_TYPE_DIR) {
+return;
+  }
+
+  const int must_ipv4 = (options->ClientUseIPv6 == 0);
+  const int must_ipv6 = (options->ClientUseIPv4 == 0);
+  const int pref_ipv6 = (conn->type == CONN_TYPE_OR
+ ? nodelist_prefer_ipv6_orport(options)
+ : nodelist_prefer_ipv6_dirport(options));
+  tor_addr_t real_addr;
+  tor_addr_make_null(_addr, AF_UNSPEC);
+
+  /* OR conns keep the original address in real_addr, as addr gets overwritten
+   * with the descriptor address */
+  if (conn->type == CONN_TYPE_OR) {
+const or_connection_t *or_conn = TO_OR_CONN((connection_t *)conn);
+tor_addr_copy(_addr, _conn->real_addr);
+  } else if (conn->type == CONN_TYPE_DIR) {
+tor_addr_copy(_addr, >addr);
+  }
+
+  /* Check if we broke a mandatory address family restriction */
+  if ((must_ipv4 && tor_addr_family(_addr) == AF_INET6)
+  || (must_ipv6 && tor_addr_family(_addr) == AF_INET)) {
+log_warn(LD_BUG, "%s connection to %s violated ClientUseIPv%s 0.",
+ conn->type == CONN_TYPE_OR ? "OR" : "Dir",
+ fmt_addr(_addr),
+ options->ClientUseIPv4 == 0 ? "4" : "6");
+log_backtrace(LOG_WARN, LD_BUG, "Address came from");
+  }
+
+  /* Check if we couldn't satisfy an address family preference */
+  if ((!pref_ipv6 && tor_addr_family(_addr) == AF_INET6)
+  || (pref_ipv6 && tor_addr_family(_addr) == AF_INET)) {
+log_info(LD_NET, "Connection to %s doesn't satisfy ClientPreferIPv6%sPort "
+ "%d, with ClientUseIPv4 %d and ClientUseIPv6 %d.",
+ fmt_addr(_addr),
+ conn->type == CONN_TYPE_OR ? "OR" : "Dir",
+ conn->type == CONN_TYPE_OR ? options->ClientPreferIPv6ORPort
+: options->ClientPreferIPv6DirPort,
+ options->ClientUseIPv4, options->ClientUseIPv4);
+  }
+}
+
 /** Take conn, make a nonblocking socket; try to connect to
  * addr:port (port arrives in *host order*). If fail, return -1 and if
  * applicable put your best guess about errno into *socket_error.
@@ -1745,6 +1806,10 @@ connection_connect(connection_t *conn, const char 
*address,
   const or_options_t *options = get_options();
   int protocol_family;
 
+  /* Log if we didn't stick to ClientUseIPv4/6 or ClientPreferIPv6OR/DirPort
+   */
+  connection_connect_log_client_use_ip_version(conn);
+
   if (tor_addr_family(addr) == AF_INET6)
 protocol_family = PF_INET6;
   else
diff --git a/src/or/directory.c b/src/or/directory.c
index 438b5d8..20ffcee 100644
--- a/src/or/directory.c
+++ b/src/or/directory.c
@@ -4,6 +4,7 @@
 /* See LICENSE for licensing information */
 
 #include "or.h"
+#include "backtrace.h"
 #include "buffers.h"
 #include "circuitbuild.h"
 #include "config.h"
@@ -692,11 +693,13 @@ directory_initiate_command_routerstatus_rend(const 
routerstatus_t *status,
 
   /* We rejected both addresses. This isn't great. */
   if (!have_or && !have_dir) {
-log_info(LD_DIR, "Rejected both the OR and Dir address when launching a "
- "directory connection to: IPv4 %s OR %d Dir %d IPv6 %s OR %d "
- "Dir %d", fmt_addr32(status->addr), status->or_port,
+log_warn(LD_BUG, "Rejected all OR and Dir addresses from %s when "
+ "launching a directory connection to: IPv4 %s OR %d Dir %d "
+ "IPv6 %s OR %d Dir %d", routerstatus_describe(status),
+ fmt_addr32(status->addr), status->or_port,
   

[tor-commits] [tor/master] Choose bridge addresses by IPv4/IPv6 preferences

[nickm]

commit 16486662038de53c482cd6f50a30505f2bf20453
Author: teor (Tim Wilson-Brown) 
Date:   Sun Jan 3 18:20:37 2016 +1100

Choose bridge addresses by IPv4/IPv6 preferences
---
 src/or/directory.c  | 176 
 src/or/directory.h  |   4 +-
 src/or/entrynodes.c |  13 +++-
 src/or/router.c |   5 +-
 4 files changed, 123 insertions(+), 75 deletions(-)

diff --git a/src/or/directory.c b/src/or/directory.c
index 20ffcee..665ba27 100644
--- a/src/or/directory.c
+++ b/src/or/directory.c
@@ -497,11 +497,14 @@ MOCK_IMPL(void, directory_get_from_dirserver, (
   const node_t *node = choose_random_dirguard(type);
   if (node && node->ri) {
 /* every bridge has a routerinfo. */
-tor_addr_t addr;
 routerinfo_t *ri = node->ri;
-node_get_addr(node, );
-directory_initiate_command(,
-   ri->or_port, 0/*no dirport*/,
+/* clients always make OR connections to bridges */
+tor_addr_port_t or_ap;
+/* we are willing to use a non-preferred address if we need to */
+fascist_firewall_choose_address_node(node, FIREWALL_OR_CONNECTION, 0,
+ _ap);
+directory_initiate_command(_ap.addr, or_ap.port,
+   NULL, 0, /*no dirport*/
ri->cache_info.identity_digest,
dir_purpose,
router_purpose,
@@ -610,6 +613,80 @@ dirind_is_anon(dir_indirection_t ind)
   return ind == DIRIND_ANON_DIRPORT || ind == DIRIND_ANONYMOUS;
 }
 
+/* Choose reachable OR and Dir addresses and ports from status, copying them
+ * into use_or_ap and use_dir_ap. If indirection is anonymous, then we're
+ * connecting via another relay, so choose the primary IPv4 address and ports.
+ *
+ * status should have at least one reachable address, if we can't choose a
+ * reachable address, warn and return -1. Otherwise, return 0.
+ */
+static int
+directory_choose_address_routerstatus(const routerstatus_t *status,
+  dir_indirection_t indirection,
+  tor_addr_port_t *use_or_ap,
+  tor_addr_port_t *use_dir_ap)
+{
+  tor_assert(status != NULL);
+  tor_assert(use_or_ap != NULL);
+  tor_assert(use_dir_ap != NULL);
+
+  const int anonymized_connection = dirind_is_anon(indirection);
+  int have_or = 0, have_dir = 0;
+
+  /* We expect status to have at least one reachable address if we're
+   * connecting to it directly.
+   *
+   * Therefore, we can simply use the other address if the one we want isn't
+   * allowed by the firewall.
+   *
+   * (When Tor uploads and downloads a hidden service descriptor, it uses
+   * DIRIND_ANONYMOUS, except for Tor2Web, which uses DIRIND_ONEHOP.
+   * So this code will only modify the address for Tor2Web's HS descriptor
+   * fetches. Even Single Onion Servers (NYI) use DIRIND_ANONYMOUS, to avoid
+   * HSDirs denying service by rejecting descriptors.)
+   */
+
+  /* Initialise the OR / Dir addresses */
+  tor_addr_make_null(_or_ap->addr, AF_UNSPEC);
+  use_or_ap->port = 0;
+  tor_addr_make_null(_dir_ap->addr, AF_UNSPEC);
+  use_dir_ap->port = 0;
+
+  if (anonymized_connection) {
+/* Use the primary (IPv4) OR address if we're making an indirect
+ * connection. */
+tor_addr_from_ipv4h(_or_ap->addr, status->addr);
+use_or_ap->port = status->or_port;
+have_or = 1;
+  } else {
+/* We use an IPv6 address if we have one and we prefer it.
+ * Use the preferred address and port if they are reachable, otherwise,
+ * use the alternate address and port (if any).
+ */
+have_or = fascist_firewall_choose_address_rs(status,
+ FIREWALL_OR_CONNECTION, 0,
+ use_or_ap);
+  }
+
+  have_dir = fascist_firewall_choose_address_rs(status,
+FIREWALL_DIR_CONNECTION, 0,
+use_dir_ap);
+
+  /* We rejected both addresses. This isn't great. */
+  if (!have_or && !have_dir) {
+log_warn(LD_BUG, "Rejected all OR and Dir addresses from %s when "
+ "launching a directory connection to: IPv4 %s OR %d Dir %d "
+ "IPv6 %s OR %d Dir %d", routerstatus_describe(status),
+ fmt_addr32(status->addr), status->or_port,
+ status->dir_port, fmt_addr(>ipv6_addr),
+ status->ipv6_orport, status->dir_port);
+log_backtrace(LOG_WARN, LD_BUG, "Addresses came from");
+return -1;
+  }
+
+  return 0;
+}
+
 /** Same as directory_initiate_command_routerstatus(), but accepts
  * rendezvous data to fetch a hidden service descriptor. */
 void
@@ -627,7 +704,8 @@ directory_initiate_command_routerstatus_rend(const 
routerstatus_t *status,
   const 

[tor-commits] [tor/master] Add firewall_is_fascist_dir()

[nickm]

commit e991d642ec14d41df9da70442d99861bdb5bfb5b
Author: teor (Tim Wilson-Brown) 
Date:   Thu Jan 21 12:58:59 2016 +1100

Add firewall_is_fascist_dir()

Refactor common parts of firewall_is_fascist_or().
---
 src/or/policies.c | 32 +---
 src/or/policies.h |  1 +
 2 files changed, 26 insertions(+), 7 deletions(-)

diff --git a/src/or/policies.c b/src/or/policies.c
index ecc89da..506edec 100644
--- a/src/or/policies.c
+++ b/src/or/policies.c
@@ -307,18 +307,36 @@ parse_reachable_addresses(void)
   return ret;
 }
 
-/** Return true iff the firewall options, including ClientUseIPv4 0 and
- * ClientUseIPv6 0, might block any address:port combination.
- */
-int
-firewall_is_fascist_or(void)
+/* Return true iff ClientUseIPv4 0 or ClientUseIPv6 0 might block any OR or Dir
+ * address:port combination. */
+static int
+firewall_is_fascist_impl(void)
 {
   const or_options_t *options = get_options();
   /* Assume every non-bridge relay has an IPv4 address.
* Clients which use bridges may only know the IPv6 address of their
* bridge. */
-  return (reachable_or_addr_policy != NULL || options->ClientUseIPv4 == 0
-  || (options->ClientUseIPv6 == 0 && options->UseBridges == 1));
+  return (options->ClientUseIPv4 == 0
+  || (!fascist_firewall_use_ipv6(options)
+  && options->UseBridges == 1));
+}
+
+/** Return true iff the firewall options, including ClientUseIPv4 0 and
+ * ClientUseIPv6 0, might block any OR address:port combination.
+ */
+int
+firewall_is_fascist_or(void)
+{
+  return (reachable_or_addr_policy != NULL || firewall_is_fascist_impl());
+}
+
+/** Return true iff the firewall options, including ClientUseIPv4 0 and
+ * ClientUseIPv6 0, might block any Dir address:port combination.
+ */
+int
+firewall_is_fascist_dir(void)
+{
+  return (reachable_dir_addr_policy != NULL || firewall_is_fascist_impl());
 }
 
 /** Return true iff policy (possibly NULL) will allow a
diff --git a/src/or/policies.h b/src/or/policies.h
index ac4f7ea..65f10e2 100644
--- a/src/or/policies.h
+++ b/src/or/policies.h
@@ -30,6 +30,7 @@ typedef enum firewall_connection_t {
 typedef int exit_policy_parser_cfg_t;
 
 int firewall_is_fascist_or(void);
+int firewall_is_fascist_dir(void);
 int fascist_firewall_use_ipv6(const or_options_t *options);
 int fascist_firewall_prefer_ipv6_orport(const or_options_t *options);
 int fascist_firewall_prefer_ipv6_dirport(const or_options_t *options);



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/master] Add ClientUseIPv4 and ClientPreferIPv6DirPort torrc options

[nickm]

commit 2d33d192fc4dd0da2a2e038dd87b277f8e9b90de
Author: teor (Tim Wilson-Brown) 
Date:   Mon Dec 14 17:23:10 2015 +1100

Add ClientUseIPv4 and ClientPreferIPv6DirPort torrc options

ClientUseIPv4 0 tells tor to avoid IPv4 client connections.
ClientPreferIPv6DirPort 1 tells tor to prefer IPv6 directory connections.

Refactor policy for IPv4/IPv6 preferences.

Fix a bug where node->ipv6_preferred could become stale if
ClientPreferIPv6ORPort was changed after the consensus was loaded.

Update documentation, existing code, add unit tests.
---
 changes/feature17840   |   9 +
 doc/tor.1.txt  |  33 +-
 src/or/circuitbuild.c  |  14 +-
 src/or/config.c|  51 +++-
 src/or/connection.c|   2 +
 src/or/directory.c |   8 +-
 src/or/entrynodes.c|   8 +-
 src/or/nodelist.c  | 263 +---
 src/or/nodelist.h  |  11 +-
 src/or/or.h|  21 +-
 src/or/policies.c  | 735 ++---
 src/or/policies.h  |  62 +++-
 src/test/test_entrynodes.c |  97 ++
 src/test/test_policy.c | 447 +++
 14 files changed, 1645 insertions(+), 116 deletions(-)

diff --git a/changes/feature17840 b/changes/feature17840
new file mode 100644
index 000..b8b3b7f
--- /dev/null
+++ b/changes/feature17840
@@ -0,0 +1,9 @@
+  o Minor feature (IPv6):
+- Add ClientUseIPv4, which is set to 1 by default. If set to 0, tor
+  avoids using IPv4 for client OR and directory connections.
+- Add ClientPreferIPv6DirPort, which is set to 0 by default. If set
+  to 1, tor prefers IPv6 directory addresses.
+- Try harder to fulfil IP version restrictions ClientUseIPv4 0 and
+  ClientUseIPv6 0; and the preferences ClientPreferIPv6ORPort and
+  ClientPreferIPv6DirPort.
+  Closes ticket 17840; patch by "teor".
diff --git a/doc/tor.1.txt b/doc/tor.1.txt
index f173a97..26abef1 100644
--- a/doc/tor.1.txt
+++ b/doc/tor.1.txt
@@ -367,6 +367,7 @@ GENERAL OPTIONS
 authorities.
 By default, the directory authorities are also FallbackDirs. Specifying a
 FallbackDir replaces Tor's default hard-coded FallbackDirs (if any).
+(See the **DirAuthority** entry for an explanation of each flag.)
 
 [[UseDefaultFallbackDirs]] **UseDefaultFallbackDirs** **0**|**1**::
 Use Tor's default hard-coded FallbackDirs (if any). (When a
@@ -391,6 +392,10 @@ GENERAL OPTIONS
 authority is listening for IPv6 connections on the indicated IPv6 address
 and OR Port. +
  +
+Tor will contact the authority at __address__:__port__ (the DirPort) to
+download directory documents. If an IPv6 address is supplied, Tor will
+also download directory documents at the IPv6 address on the DirPort. +
+ +
 If no **DirAuthority** line is given, Tor will use the default directory
 authorities. NOTE: this option is intended for setting up a private Tor
 network with its own directory authorities. If you use it, you will be
@@ -1483,17 +1488,31 @@ The following options are useful only for clients (that 
is, if
 If no defaults are available there, these options default to 20, .80,
 .60, and 100, respectively.
 
+[[ClientUseIPv4]] **ClientUseIPv4** **0**|**1**::
+If this option is set to 0, Tor will avoid connecting to directory servers
+and entry nodes over IPv4. Note that clients with an IPv4
+address in a **Bridge**, proxy, or pluggable transport line will try
+connecting over IPv4 even if **ClientUseIPv4** is set to 0. (Default: 1)
+
 [[ClientUseIPv6]] **ClientUseIPv6** **0**|**1**::
-If this option is set to 1, Tor might connect to entry nodes over
-IPv6. Note that clients configured with an IPv6 address in a
-**Bridge** line will try connecting over IPv6 even if
-**ClientUseIPv6** is set to 0. (Default: 0)
+If this option is set to 1, Tor might connect to directory servers or
+entry nodes over IPv6. Note that clients configured with an IPv6 address
+in a **Bridge**, proxy, or pluggable transport line will try connecting
+over IPv6 even if **ClientUseIPv6** is set to 0. (Default: 0)
+
+[[ClientPreferIPv6DirPort]] **ClientPreferIPv6DirPort** **0**|**1**::
+If this option is set to 1, Tor prefers a directory port with an IPv6
+address over one with IPv4, for direct connections, if a given directory
+server has both. (Tor also prefers an IPv6 DirPort if IPv4Client is set to
+0.) Other things may influence the choice. This option breaks a tie to the
+favor of IPv6. (Default: 0)
 
 [[ClientPreferIPv6ORPort]] **ClientPreferIPv6ORPort** **0**|**1**::
 If this option is set to 1, Tor prefers an OR port with an IPv6
-address over one with IPv4 if a given entry node has both. Other
-things may influence the choice. This option breaks a tie to the
-favor of IPv6. (Default: 0)
+address over one with IPv4 if a given entry node 

[tor-commits] [tor/master] Return NULL from extend_info_from_node if the node has no allowed address

[nickm]

commit 1401117ff2bc5fc90df51d19c3c0d7abc439c34e
Author: teor (Tim Wilson-Brown) 
Date:   Fri Jan 22 17:43:24 2016 +1100

Return NULL from extend_info_from_node if the node has no allowed address

Modify callers to correctly handle these new NULL returns:
* fix assert in onion_extend_cpath
* warn and discard circuit in circuit_get_open_circ_or_launch
* warn, discard circuit, and tell controller in handle_control_extendcircuit
---
 src/or/circuitbuild.c | 35 +++
 src/or/circuituse.c   |  7 ++-
 src/or/control.c  | 18 --
 3 files changed, 45 insertions(+), 15 deletions(-)

diff --git a/src/or/circuitbuild.c b/src/or/circuitbuild.c
index dcb9de3..daf0b2a 100644
--- a/src/or/circuitbuild.c
+++ b/src/or/circuitbuild.c
@@ -2241,9 +2241,11 @@ onion_extend_cpath(origin_circuit_t *circ)
 if (r) {
   /* If we're a client, use the preferred address rather than the
  primary address, for potentially connecting to an IPv6 OR
- port. */
-  info = extend_info_from_node(r, server_mode(get_options()) == 0);
-  tor_assert(info);
+ port. Servers always want the primary (IPv4) address. */
+  int client = (server_mode(get_options()) == 0);
+  info = extend_info_from_node(r, client);
+  /* Clients can fail to find an allowed address */
+  tor_assert(info || client);
 }
   } else {
 const node_t *r =
@@ -2318,34 +2320,43 @@ extend_info_new(const char *nickname, const char 
*digest,
  * for_direct_connect is true, in which case the preferred
  * address is used instead. May return NULL if there is not enough
  * info about node to extend to it--for example, if there is no
- * routerinfo_t or microdesc_t.
+ * routerinfo_t or microdesc_t, or if for_direct_connect is true and none of
+ * the node's addresses are allowed by tor's firewall and IP version config.
  **/
 extend_info_t *
 extend_info_from_node(const node_t *node, int for_direct_connect)
 {
   tor_addr_port_t ap;
+  int valid_addr = 0;
 
   if (node->ri == NULL && (node->rs == NULL || node->md == NULL))
 return NULL;
 
-  /* Choose a preferred address first, but fall back to an allowed address*/
+  /* Choose a preferred address first, but fall back to an allowed address.
+   * choose_address returns 1 on success, but get_prim_orport returns 0. */
   if (for_direct_connect)
-fascist_firewall_choose_address_node(node, FIREWALL_OR_CONNECTION, 0, );
+valid_addr = fascist_firewall_choose_address_node(node,
+  FIREWALL_OR_CONNECTION,
+  0, );
   else
-node_get_prim_orport(node, );
+valid_addr = !node_get_prim_orport(node, );
 
-  log_debug(LD_CIRC, "using %s for %s",
-fmt_addrport(, ap.port),
-node->ri ? node->ri->nickname : node->rs->nickname);
+  if (valid_addr)
+log_debug(LD_CIRC, "using %s for %s",
+  fmt_addrport(, ap.port),
+  node->ri ? node->ri->nickname : node->rs->nickname);
+  else
+log_warn(LD_CIRC, "Could not choose valid address for %s",
+  node->ri ? node->ri->nickname : node->rs->nickname);
 
-  if (node->ri)
+  if (valid_addr && node->ri)
 return extend_info_new(node->ri->nickname,
  node->identity,
  node->ri->onion_pkey,
  node->ri->onion_curve25519_pkey,
  ,
  ap.port);
-  else if (node->rs && node->md)
+  else if (valid_addr && node->rs && node->md)
 return extend_info_new(node->rs->nickname,
  node->identity,
  node->md->onion_pkey,
diff --git a/src/or/circuituse.c b/src/or/circuituse.c
index e742a56..4831f2b 100644
--- a/src/or/circuituse.c
+++ b/src/or/circuituse.c
@@ -2006,8 +2006,13 @@ circuit_get_open_circ_or_launch(entry_connection_t *conn,
 if (r && node_has_descriptor(r)) {
   /* We might want to connect to an IPv6 bridge for loading
  descriptors so we use the preferred address rather than
- the primary.  */
+ the primary. */
   extend_info = extend_info_from_node(r, conn->want_onehop ? 1 : 0);
+  if (!extend_info) {
+log_warn(LD_CIRC,"Could not make a one-hop connection to %s. "
+ "Discarding this circuit.", conn->chosen_exit_name);
+return -1;
+  }
 } else {
   log_debug(LD_DIR, "considering %d, %s",
 want_onehop, conn->chosen_exit_name);
diff --git a/src/or/control.c b/src/or/control.c
index 66182fe..2c0209e 100644
--- a/src/or/control.c
+++ b/src/or/control.c
@@ -2864,12 +2864,26 @@ handle_control_extendcircuit(control_connection_t 
*conn, uint32_t len,
   }
 
   /* now circ refers to something that is ready to be extended */
+  int 

[tor-commits] [tor/master] Add unit tests for ClientUseIPv[4, 6] and ClientPreferIPv6[OR, Dir]Port

[nickm]

commit 1dae4dac12de391a7aea7b375628a7898168cc12
Author: teor (Tim Wilson-Brown) 
Date:   Fri Jan 29 09:12:07 2016 +1100

Add unit tests for ClientUseIPv[4,6] and ClientPreferIPv6[OR,Dir]Port
---
 src/test/test_options.c | 98 +
 1 file changed, 98 insertions(+)

diff --git a/src/test/test_options.c b/src/test/test_options.c
index eb2d332..e15c881 100644
--- a/src/test/test_options.c
+++ b/src/test/test_options.c
@@ -1770,6 +1770,104 @@ test_options_validate__reachable_addresses(void 
*ignored)
   tt_str_op(msg, OP_EQ, SERVERS_REACHABLE_MSG);
   tor_free(msg);
 
+  free_options_test_data(tdata);
+  tdata = get_options_test_data("ClientUseIPv4 0\n"
+"ORListenAddress 127.0.0.1:\n"
+"ORPort 955\n"
+"MaxClientCircuitsPending 1\n"
+"ConnLimit 1\n"
+"SchedulerHighWaterMark__ 42\n"
+"SchedulerLowWaterMark__ 10\n");
+
+  ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, );
+  tt_int_op(ret, OP_EQ, -1);
+  tt_str_op(msg, OP_EQ, SERVERS_REACHABLE_MSG);
+  tor_free(msg);
+
+  /* Test IPv4-only clients setting IPv6 preferences */
+
+#define WARN_PLEASE_USE_IPV6_OR_LOG_MSG \
+"ClientPreferIPv6ORPort 1 is ignored unless tor is using IPv6. " \
+"Please set ClientUseIPv6 1, ClientUseIPv4 0, or configure bridges.\n"
+
+#define WARN_PLEASE_USE_IPV6_DIR_LOG_MSG \
+"ClientPreferIPv6DirPort 1 is ignored unless tor is using IPv6. " \
+"Please set ClientUseIPv6 1, ClientUseIPv4 0, or configure bridges.\n"
+
+  free_options_test_data(tdata);
+  tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
+"ClientUseIPv4 1\n"
+"ClientUseIPv6 0\n"
+"UseBridges 0\n"
+"ClientPreferIPv6ORPort 1\n");
+
+  ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, );
+  tt_int_op(ret, OP_EQ, 0);
+  expect_log_msg(WARN_PLEASE_USE_IPV6_OR_LOG_MSG);
+  tor_free(msg);
+
+  free_options_test_data(tdata);
+  tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
+"ClientUseIPv4 1\n"
+"ClientUseIPv6 0\n"
+"UseBridges 0\n"
+"ClientPreferIPv6DirPort 1\n");
+
+  ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, );
+  tt_int_op(ret, OP_EQ, 0);
+  expect_log_msg(WARN_PLEASE_USE_IPV6_DIR_LOG_MSG);
+  tor_free(msg);
+
+  /* Now test an IPv4/IPv6 client setting IPv6 preferences */
+
+  free_options_test_data(tdata);
+  tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
+"ClientUseIPv4 1\n"
+"ClientUseIPv6 1\n"
+"ClientPreferIPv6ORPort 1\n"
+"ClientPreferIPv6DirPort 1\n");
+
+  ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, );
+  tt_int_op(ret, OP_EQ, 0);
+  tt_ptr_op(msg, OP_EQ, NULL);
+
+  /* Now test an IPv6 client setting IPv6 preferences */
+
+  free_options_test_data(tdata);
+  tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
+"ClientUseIPv6 1\n"
+"ClientPreferIPv6ORPort 1\n"
+"ClientPreferIPv6DirPort 1\n");
+
+  ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, );
+  tt_int_op(ret, OP_EQ, 0);
+  tt_ptr_op(msg, OP_EQ, NULL);
+
+  /* And an implicit (IPv4 disabled) IPv6 client setting IPv6 preferences */
+
+  free_options_test_data(tdata);
+  tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
+"ClientUseIPv4 0\n"
+"ClientPreferIPv6ORPort 1\n"
+"ClientPreferIPv6DirPort 1\n");
+
+  ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, );
+  tt_int_op(ret, OP_EQ, 0);
+  tt_ptr_op(msg, OP_EQ, NULL);
+
+  /* And an implicit (bridge) client setting IPv6 preferences */
+
+  free_options_test_data(tdata);
+  tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
+"UseBridges 1\n"
+"Bridge 127.0.0.1:12345\n"
+"ClientPreferIPv6ORPort 1\n"
+"ClientPreferIPv6DirPort 1\n");
+
+  ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, );
+  tt_int_op(ret, OP_EQ, 0);
+  tt_ptr_op(msg, OP_EQ, NULL);
+
  done:
   teardown_capture_of_logs(previous_log);
   free_options_test_data(tdata);



___
tor-commits mailing list
tor-commits@lists.torproject.org

[tor-commits] [tor/master] Add a helper to search for strings in the log, and change option tests to use this helper instead of looking at specific indices in the log list

[nickm]

commit 8627a40fbab223386c9d13bb63e4e5d52a795286
Author: Ola Bini 
Date:   Fri Jan 29 11:38:54 2016 -0500

Add a helper to search for strings in the log, and change option tests to 
use this helper instead of looking at specific indices in the log list
---
 src/test/log_test_helpers.c |  17 +
 src/test/log_test_helpers.h |   1 +
 src/test/test_options.c | 159 ++--
 3 files changed, 97 insertions(+), 80 deletions(-)

diff --git a/src/test/log_test_helpers.c b/src/test/log_test_helpers.c
index 51b5f9b..88d28e1 100644
--- a/src/test/log_test_helpers.c
+++ b/src/test/log_test_helpers.c
@@ -83,6 +83,23 @@ mock_saved_logs(void)
   return saved_logs;
 }
 
+int
+mock_saved_log_has_message(const char *msg)
+{
+  int has_msg = 0;
+  if (saved_logs) {
+SMARTLIST_FOREACH(saved_logs, mock_saved_log_entry_t *, m,
+  {
+if (msg && m->generated_msg &&
+!strcmp(msg, m->generated_msg)) {
+  has_msg = 1;
+}
+  });
+  }
+
+  return has_msg;
+}
+
 void
 mock_saving_logv(int severity, log_domain_mask_t domain,
  const char *funcname, const char *suffix,
diff --git a/src/test/log_test_helpers.h b/src/test/log_test_helpers.h
index af8e8a6..3a565c6 100644
--- a/src/test/log_test_helpers.h
+++ b/src/test/log_test_helpers.h
@@ -26,6 +26,7 @@ void teardown_capture_of_logs(int prev);
 const char *mock_saved_log_at(int ix);
 int mock_saved_severity_at(int ix);
 int mock_saved_log_number(void);
+int mock_saved_log_has_message(const char *msg);
 
 #endif
 
diff --git a/src/test/test_options.c b/src/test/test_options.c
index e00c802..275fee2 100644
--- a/src/test/test_options.c
+++ b/src/test/test_options.c
@@ -367,6 +367,14 @@ free_options_test_data(options_test_data_t *td)
   tor_free(td);
 }
 
+#define expect_log_msg(str) \
+  tt_assert_msg(mock_saved_log_has_message(str), \
+"expected log to contain " # str);
+
+#define expect_no_log_msg(str)  \
+  tt_assert_msg(!mock_saved_log_has_message(str), \
+"expected log to not contain " # str);
+
 static void
 test_options_validate__uname_for_server(void *ignored)
 {
@@ -379,7 +387,7 @@ test_options_validate__uname_for_server(void *ignored)
   MOCK(get_uname, fixed_get_uname);
   fixed_get_uname_result = "Windows 95";
   options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, );
-  tt_str_op(mock_saved_log_at(0), OP_EQ, "Tor is running as a server, but you"
+  expect_log_msg("Tor is running as a server, but you"
" are running Windows 95; this probably won't work. See https://www;
".torproject.org/docs/faq.html#BestOSForRelay for details.\n");
   tor_free(msg);
@@ -387,7 +395,7 @@ test_options_validate__uname_for_server(void *ignored)
   fixed_get_uname_result = "Windows 98";
   mock_clean_saved_logs();
   options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, );
-  tt_str_op(mock_saved_log_at(0), OP_EQ, "Tor is running as a server, but you"
+  expect_log_msg("Tor is running as a server, but you"
" are running Windows 98; this probably won't work. See https://www;
".torproject.org/docs/faq.html#BestOSForRelay for details.\n");
   tor_free(msg);
@@ -395,7 +403,7 @@ test_options_validate__uname_for_server(void *ignored)
   fixed_get_uname_result = "Windows Me";
   mock_clean_saved_logs();
   options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, );
-  tt_str_op(mock_saved_log_at(0), OP_EQ, "Tor is running as a server, but you"
+  expect_log_msg("Tor is running as a server, but you"
" are running Windows Me; this probably won't work. See https://www;
".torproject.org/docs/faq.html#BestOSForRelay for details.\n");
   tor_free(msg);
@@ -512,7 +520,7 @@ test_options_validate__contactinfo(void *ignored)
 
   ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, );
   tt_int_op(ret, OP_EQ, -1);
-  tt_str_op(mock_saved_log_at(0), OP_EQ,
+  expect_log_msg(
 "Your ContactInfo config option is not"
 " set. Please consider setting it, so we can contact you if your"
 " server is misconfigured or something else goes wrong.\n");
@@ -524,7 +532,7 @@ test_options_validate__contactinfo(void *ignored)
   mock_clean_saved_logs();
   ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, );
   tt_int_op(ret, OP_EQ, -1);
-  tt_str_op(mock_saved_log_at(0), OP_NE,
+  expect_no_log_msg(
 "Your ContactInfo config option is not"
 " set. Please consider setting it, so we can contact you if your"
 " server is misconfigured or something else goes wrong.\n");
@@ -632,7 +640,7 @@ test_options_validate__authdir(void *ignored)
   tt_int_op(ret, OP_EQ, -1);
   tt_str_op(msg, OP_EQ, "Failed to resolve/guess local address. See logs for"
 " 

[tor-commits] [tor/master] Fix existing options_validate unit tests for ClientUseIPv4

[nickm]

commit 13db39b8563b42cdf47b1feb546d33217c30c824
Author: teor (Tim Wilson-Brown) 
Date:   Fri Jan 29 08:13:11 2016 +1100

Fix existing options_validate unit tests for ClientUseIPv4
---
 src/test/test_options.c | 18 +-
 1 file changed, 9 insertions(+), 9 deletions(-)

diff --git a/src/test/test_options.c b/src/test/test_options.c
index 275fee2..35f9f67 100644
--- a/src/test/test_options.c
+++ b/src/test/test_options.c
@@ -327,6 +327,7 @@ fixed_get_uname(void)
   "V3AuthVoteDelay 20\n"\
   "V3AuthDistDelay 20\n"\
   "V3AuthNIntervalsValid 3\n"   \
+  "ClientUseIPv4 1\n" \
   "VirtualAddrNetworkIPv4 127.192.0.0/10\n" \
   "VirtualAddrNetworkIPv6 [FE80::]/10\n"\
   "SchedulerHighWaterMark__ 42\n"   \
@@ -1698,6 +1699,10 @@ test_options_validate__reachable_addresses(void *ignored)
   tt_str_op(tdata->opt->ReachableAddresses->value, OP_EQ, "*:82");
   tor_free(msg);
 
+#define SERVERS_REACHABLE_MSG "Servers must be able to freely connect to" \
+  " the rest of the Internet, so they must not set Reachable*Addresses or" \
+  " FascistFirewall or FirewallPorts or ClientUseIPv4 0."
+
   free_options_test_data(tdata);
   tdata = get_options_test_data("ReachableAddresses *:82\n"
 "ORListenAddress 127.0.0.1:\n"
@@ -1709,9 +1714,7 @@ test_options_validate__reachable_addresses(void *ignored)
 
   ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, );
   tt_int_op(ret, OP_EQ, -1);
-  tt_str_op(msg, OP_EQ, "Servers must be able to freely connect to the rest of"
-" the Internet, so they must not set Reachable*Addresses or"
-" FascistFirewall.");
+  tt_str_op(msg, OP_EQ, SERVERS_REACHABLE_MSG);
   tor_free(msg);
 
   free_options_test_data(tdata);
@@ -1725,9 +1728,7 @@ test_options_validate__reachable_addresses(void *ignored)
 
   ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, );
   tt_int_op(ret, OP_EQ, -1);
-  tt_str_op(msg, OP_EQ, "Servers must be able to freely connect to the rest of"
-" the Internet, so they must not set Reachable*Addresses or"
-" FascistFirewall.");
+  tt_str_op(msg, OP_EQ, SERVERS_REACHABLE_MSG);
   tor_free(msg);
 
   free_options_test_data(tdata);
@@ -1741,9 +1742,7 @@ test_options_validate__reachable_addresses(void *ignored)
 
   ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, );
   tt_int_op(ret, OP_EQ, -1);
-  tt_str_op(msg, OP_EQ, "Servers must be able to freely connect to the rest of"
-" the Internet, so they must not set Reachable*Addresses or"
-" FascistFirewall.");
+  tt_str_op(msg, OP_EQ, SERVERS_REACHABLE_MSG);
   tor_free(msg);
 
  done:
@@ -1760,6 +1759,7 @@ test_options_validate__use_bridges(void *ignored)
   char *msg;
   options_test_data_t *tdata = get_options_test_data(
"UseBridges 1\n"
+   "ClientUseIPv4 1\n"
"ORListenAddress 127.0.0.1:\n"
"ORPort 955\n"
"MaxClientCircuitsPending 1\n"



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/master] Make bridge clients prefer the configured bridge address

[nickm]

commit b316c87bc90969b2bf724bc2dd695e3f362955b8
Author: teor (Tim Wilson-Brown) 
Date:   Wed Feb 3 23:52:39 2016 +1100

Make bridge clients prefer the configured bridge address

When ClientPreferIPv6ORPort is auto, bridges prefer the configured
bridge ORPort address. Otherwise, they use the value of the option.
Other clients prefer IPv4 ORPorts if ClientPreferIPv6ORPort is auto.

When ClientPreferIPv6DirPort is auto, all clients prefer IPv4 DirPorts.
---
 doc/tor.1.txt  | 12 ++--
 src/or/entrynodes.c| 22 --
 src/or/nodelist.c  | 24 +++-
 src/or/policies.c  | 18 +++---
 src/test/test_entrynodes.c | 10 ++
 src/test/test_policy.c | 25 +++--
 6 files changed, 61 insertions(+), 50 deletions(-)

diff --git a/doc/tor.1.txt b/doc/tor.1.txt
index 87d976b..4c9c53d 100644
--- a/doc/tor.1.txt
+++ b/doc/tor.1.txt
@@ -1504,17 +1504,17 @@ The following options are useful only for clients (that 
is, if
 If this option is set to 1, Tor prefers a directory port with an IPv6
 address over one with IPv4, for direct connections, if a given directory
 server has both. (Tor also prefers an IPv6 DirPort if IPv4Client is set to
-0.) If this option is set to auto, Tor bridge clients prefer IPv6, and
-other clients prefer IPv4. Other things may influence the choice. This
-option breaks a tie to the favor of IPv6. (Default: auto)
+0.) If this option is set to auto, clients prefer IPv4. Other things may
+influence the choice. This option breaks a tie to the favor of IPv6.
+(Default: auto)
 
 [[ClientPreferIPv6ORPort]] **ClientPreferIPv6ORPort** **0**|**1**|**auto**::
 If this option is set to 1, Tor prefers an OR port with an IPv6
 address over one with IPv4 if a given entry node has both. (Tor also
 prefers an IPv6 ORPort if IPv4Client is set to 0.) If this option is set
-to auto, Tor bridge clients prefer IPv6, and other clients prefer IPv4.
-Other things may influence the choice. This option breaks a tie to the
-favor of IPv6. (Default: auto)
+to auto, Tor bridge clients prefer the configured bridge address, and
+other clients prefer IPv4. Other things may influence the choice. This
+option breaks a tie to the favor of IPv6. (Default: auto)
 
 [[PathsNeededToBuildCircuits]] **PathsNeededToBuildCircuits** __NUM__::
 Tor clients don't build circuits for user traffic until they know
diff --git a/src/or/entrynodes.c b/src/or/entrynodes.c
index d6bef65..a4b9350 100644
--- a/src/or/entrynodes.c
+++ b/src/or/entrynodes.c
@@ -2240,6 +2240,7 @@ rewrite_node_address_for_bridge(const bridge_info_t 
*bridge, node_t *node)
*   does so through an address from any source other than node_get_addr().
*/
   tor_addr_t addr;
+  const or_options_t *options = get_options();
 
   if (node->ri) {
 routerinfo_t *ri = node->ri;
@@ -2272,9 +2273,15 @@ rewrite_node_address_for_bridge(const bridge_info_t 
*bridge, node_t *node)
   }
 }
 
-/* Mark which address to use based on which bridge_t we got. */
-node->ipv6_preferred = (tor_addr_family(>addr) == AF_INET6 &&
-!tor_addr_is_null(>ri->ipv6_addr));
+if (options->ClientPreferIPv6ORPort == -1) {
+  /* Mark which address to use based on which bridge_t we got. */
+  node->ipv6_preferred = (tor_addr_family(>addr) == AF_INET6 &&
+  !tor_addr_is_null(>ri->ipv6_addr));
+} else {
+  /* Mark which address to use based on user preference */
+  node->ipv6_preferred = (fascist_firewall_prefer_ipv6_orport(options) &&
+  !tor_addr_is_null(>ri->ipv6_addr));
+}
 
 /* XXXipv6 we lack support for falling back to another address for
the same relay, warn the user */
@@ -2283,10 +2290,13 @@ rewrite_node_address_for_bridge(const bridge_info_t 
*bridge, node_t *node)
   node_get_pref_orport(node, );
   log_notice(LD_CONFIG,
  "Bridge '%s' has both an IPv4 and an IPv6 address.  "
- "Will prefer using its %s address (%s).",
+ "Will prefer using its %s address (%s) based on %s.",
  ri->nickname,
- tor_addr_family() == AF_INET6 ? "IPv6" : "IPv4",
- fmt_addrport(, ap.port));
+ node->ipv6_preferred ? "IPv6" : "IPv4",
+ fmt_addrport(, ap.port),
+ options->ClientPreferIPv6ORPort == -1 ?
+ "the configured Bridge address" :
+ "ClientPreferIPv6ORPort");
 }
   }
   if (node->rs) {
diff --git a/src/or/nodelist.c b/src/or/nodelist.c
index d7cada9..23e9b0e 100644
--- a/src/or/nodelist.c
+++ b/src/or/nodelist.c
@@ -981,10 +981,6 @@ node_has_ipv6_dirport(const node_t *node)
  *  i) the node_t says that it prefers IPv6
  *  or
  *  ii) the router has no IPv4 OR 

[tor-commits] [tor/master] Merge branch 'feature17840-v11-tests_truncated'

[nickm]

commit 2b5ff5259408bf7dc17939c6f15eb9e1e68215fa
Merge: ba2be81 b316c87
Author: Nick Mathewson 
Date:   Thu Feb 11 12:45:51 2016 -0500

Merge branch 'feature17840-v11-tests_truncated'

 src/test/log_test_helpers.h |   1 +
 src/test/test_options.c | 124 
 2 files changed, 116 insertions(+), 9 deletions(-)

diff --cc src/test/log_test_helpers.h
index 298237d,3a565c6..02f31a5
--- a/src/test/log_test_helpers.h
+++ b/src/test/log_test_helpers.h
@@@ -23,33 -23,10 +23,34 @@@ void mock_clean_saved_logs(void)
  const smartlist_t *mock_saved_logs(void);
  int setup_capture_of_logs(int new_level);
  void teardown_capture_of_logs(int prev);
 -const char *mock_saved_log_at(int ix);
 -int mock_saved_severity_at(int ix);
 -int mock_saved_log_number(void);
++
  int mock_saved_log_has_message(const char *msg);
 +int mock_saved_log_has_severity(int severity);
 +int mock_saved_log_has_entry(void);
 +
 +#define expect_log_msg(str) \
 +  tt_assert_msg(mock_saved_log_has_message(str), \
 +"expected log to contain " # str);
 +
 +#define expect_no_log_msg(str) \
 +  tt_assert_msg(!mock_saved_log_has_message(str), \
 +"expected log to not contain " # str);
 +
 +#define expect_log_severity(severity) \
 +  tt_assert_msg(mock_saved_log_has_severity(severity), \
 +"expected log to contain severity " # severity);
 +
 +#define expect_no_log_severity(severity) \
 +  tt_assert_msg(!mock_saved_log_has_severity(severity), \
 +"expected log to not contain severity " # severity);
 +
 +#define expect_log_entry() \
 +  tt_assert_msg(mock_saved_log_has_entry(), \
 +"expected log to contain entries");
 +
 +#define expect_no_log_entry() \
 +  tt_assert_msg(!mock_saved_log_has_entry(), \
 +"expected log to not contain entries");
  
  #endif
  

___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/master] Report malformed options in options_validate unit tests

[nickm]

commit 26f68a771c2d3df12d0dce20f37ee6549e16c920
Author: teor (Tim Wilson-Brown) 
Date:   Fri Jan 29 08:15:14 2016 +1100

Report malformed options in options_validate unit tests
---
 src/test/test_options.c | 33 +
 1 file changed, 29 insertions(+), 4 deletions(-)

diff --git a/src/test/test_options.c b/src/test/test_options.c
index 35f9f67..eb2d332 100644
--- a/src/test/test_options.c
+++ b/src/test/test_options.c
@@ -339,22 +339,47 @@ typedef struct {
   or_options_t *def_opt;
 } options_test_data_t;
 
+static void free_options_test_data(options_test_data_t *td);
+
 static options_test_data_t *
 get_options_test_data(const char *conf)
 {
+  int rv = -1;
+  char *msg = NULL;
   config_line_t *cl=NULL;
   options_test_data_t *result = tor_malloc(sizeof(options_test_data_t));
   result->opt = options_new();
   result->old_opt = options_new();
   result->def_opt = options_new();
-  config_get_lines(conf, , 1);
-  config_assign(_format, result->opt, cl, 0, 0, NULL);
+  rv = config_get_lines(conf, , 1);
+  tt_assert(rv == 0);
+  rv = config_assign(_format, result->opt, cl, 0, 0, );
+  if (msg) {
+/* Display the parse error message by comparing it with an empty string */
+tt_str_op(msg, OP_EQ, "");
+  }
+  tt_assert(rv == 0);
   config_free_lines(cl);
   result->opt->LogTimeGranularity = 1;
   result->opt->TokenBucketRefillInterval = 1;
-  config_get_lines(TEST_OPTIONS_OLD_VALUES, , 1);
-  config_assign(_format, result->def_opt, cl, 0, 0, NULL);
+  rv = config_get_lines(TEST_OPTIONS_OLD_VALUES, , 1);
+  tt_assert(rv == 0);
+  rv = config_assign(_format, result->def_opt, cl, 0, 0, );
+  if (msg) {
+/* Display the parse error message by comparing it with an empty string */
+tt_str_op(msg, OP_EQ, "");
+  }
+  tt_assert(rv == 0);
+
+done:
   config_free_lines(cl);
+  if (rv != 0) {
+free_options_test_data(result);
+result = NULL;
+/* Callers expect a non-NULL result, so just die if we can't provide one.
+ */
+tor_assert(0);
+  }
   return result;
 }
 



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/master] Add an assertion to tor_libevent_get_base()

[nickm]

commit c595f6d25e9cda58f5327c5806e2c9a534c454f9
Author: Nick Mathewson 
Date:   Thu Feb 4 12:37:00 2016 -0500

Add an assertion to tor_libevent_get_base()

Closes ticket 18241.
---
 changes/assert_event_base| 5 +
 src/common/compat_libevent.c | 1 +
 2 files changed, 6 insertions(+)

diff --git a/changes/assert_event_base b/changes/assert_event_base
new file mode 100644
index 000..b887795
--- /dev/null
+++ b/changes/assert_event_base
@@ -0,0 +1,5 @@
+  o Minor features (robustness):
+- Exit immediately with an error message if the code attempts to
+  use libevent without having initialized it. This should resolve
+  some frequently-made mistakes in our unit tests. Closes ticket
+  18241.
diff --git a/src/common/compat_libevent.c b/src/common/compat_libevent.c
index 29e5c5f..c367ee4 100644
--- a/src/common/compat_libevent.c
+++ b/src/common/compat_libevent.c
@@ -247,6 +247,7 @@ tor_libevent_initialize(tor_libevent_cfg *torcfg)
 MOCK_IMPL(struct event_base *,
 tor_libevent_get_base, (void))
 {
+  tor_assert(the_event_base != NULL);
   return the_event_base;
 }
 



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/master] Check that the log mutex is initialised before trying to lock or unlock it

[nickm]

commit db72b509d17311d289b140afb3456376c5525ad7
Author: teor (Tim Wilson-Brown) 
Date:   Fri Feb 5 14:08:58 2016 +1100

Check that the log mutex is initialised before trying to lock or unlock it
---
 src/common/log.c | 8 +++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/src/common/log.c b/src/common/log.c
index 4a8a7b1..f71583f 100644
--- a/src/common/log.c
+++ b/src/common/log.c
@@ -149,10 +149,14 @@ static int pretty_fn_has_parens = 0;
 
 /** Lock the log_mutex to prevent others from changing the logfile_t list */
 #define LOCK_LOGS() STMT_BEGIN  \
+  tor_assert(log_mutex_initialized);\
   tor_mutex_acquire(_mutex);\
   STMT_END
 /** Unlock the log_mutex */
-#define UNLOCK_LOGS() STMT_BEGIN tor_mutex_release(_mutex); STMT_END
+#define UNLOCK_LOGS() STMT_BEGIN\
+  tor_assert(log_mutex_initialized);\
+  tor_mutex_release(_mutex);\
+  STMT_END
 
 /** What's the lowest log level anybody cares about?  Checking this lets us
  * bail out early from log_debug if we aren't debugging.  */
@@ -482,6 +486,8 @@ logv,(int severity, log_domain_mask_t domain, const char 
*funcname,
   /* check that severity is sane.  Overrunning the masks array leads to
* interesting and hard to diagnose effects */
   assert(severity >= LOG_ERR && severity <= LOG_DEBUG);
+  /* check that we've initialised the log mutex before we try to lock it */
+  assert(log_mutex_initialized);
   LOCK_LOGS();
 
   if ((! (domain & LD_NOCB)) && smartlist_len(pending_cb_messages))



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/master] Merge branch 'check_log_mutex_uncherrypicked'

[nickm]

commit fed8c5199a9fbc91a7476323c145c59e9e30e30c
Merge: 5a164d5 a7a98e2
Author: Nick Mathewson 
Date:   Thu Feb 11 13:41:31 2016 -0500

Merge branch 'check_log_mutex_uncherrypicked'

 changes/assert_event_base|  5 +
 src/common/compat_libevent.c |  1 +
 src/common/log.c | 13 ++---
 src/test/testing_common.c|  4 +++-
 4 files changed, 19 insertions(+), 4 deletions(-)

diff --cc src/test/testing_common.c
index 9c7fca0,fc4e05c..da9969d
--- a/src/test/testing_common.c
+++ b/src/test/testing_common.c
@@@ -238,13 -241,7 +241,12 @@@ main(int c, const char **v
update_approx_time(time(NULL));
options = options_new();
tor_threads_init();
 +
 +  struct tor_libevent_cfg cfg;
 +  memset(, 0, sizeof(cfg));
 +  tor_libevent_initialize();
 +
control_initialize_event_queue();
-   init_logging(1);
configure_backtrace_handler(get_version());
  
for (i_out = i = 1; i < c; ++i) {

___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/master] Avoid calling log functions in logv when SMARTLIST_DEBUG is defined

[nickm]

commit add8acf42882a13af610ace6005d52544509a823
Author: teor (Tim Wilson-Brown) 
Date:   Fri Feb 5 14:14:17 2016 +1100

Avoid calling log functions in logv when SMARTLIST_DEBUG is defined
---
 src/common/log.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/src/common/log.c b/src/common/log.c
index f71583f..4779751 100644
--- a/src/common/log.c
+++ b/src/common/log.c
@@ -490,7 +490,8 @@ logv,(int severity, log_domain_mask_t domain, const char 
*funcname,
   assert(log_mutex_initialized);
   LOCK_LOGS();
 
-  if ((! (domain & LD_NOCB)) && smartlist_len(pending_cb_messages))
+  if ((! (domain & LD_NOCB)) && pending_cb_messages
+  && smartlist_len(pending_cb_messages))
 flush_pending_log_callbacks();
 
   if (queue_startup_messages &&
@@ -945,7 +946,7 @@ flush_pending_log_callbacks(void)
   smartlist_t *messages, *messages_tmp;
 
   LOCK_LOGS();
-  if (0 == smartlist_len(pending_cb_messages)) {
+  if (!pending_cb_messages || 0 == smartlist_len(pending_cb_messages)) {
 UNLOCK_LOGS();
 return;
   }



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/master] Initialise logging before trying to use it in unit tests

[nickm]

commit a7a98e27eadff634655a7845976adc7a23dcdc3f
Author: teor (Tim Wilson-Brown) 
Date:   Fri Feb 5 14:28:53 2016 +1100

Initialise logging before trying to use it in unit tests
---
 src/test/testing_common.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/src/test/testing_common.c b/src/test/testing_common.c
index e20e9e6..fc4e05c 100644
--- a/src/test/testing_common.c
+++ b/src/test/testing_common.c
@@ -228,6 +228,9 @@ main(int c, const char **v)
   int loglevel = LOG_ERR;
   int accel_crypto = 0;
 
+  /* We must initialise logs before we call tor_assert() */
+  init_logging(1);
+
 #ifdef USE_DMALLOC
   {
 int r = CRYPTO_set_mem_ex_functions(tor_malloc_, tor_realloc_, tor_free_);
@@ -239,7 +242,6 @@ main(int c, const char **v)
   options = options_new();
   tor_threads_init();
   control_initialize_event_queue();
-  init_logging(1);
   configure_backtrace_handler(get_version());
 
   for (i_out = i = 1; i < c; ++i) {



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [translation/torbutton-aboutdialogdtd] Update translations for torbutton-aboutdialogdtd

[translation]

commit 719c203e1417a3b5a5e5be7ccd93c2649aa202ff
Author: Translation commit bot 
Date:   Thu Feb 11 18:46:05 2016 +

Update translations for torbutton-aboutdialogdtd
---
 tl_PH/aboutdialog.dtd | 20 ++--
 1 file changed, 10 insertions(+), 10 deletions(-)

diff --git a/tl_PH/aboutdialog.dtd b/tl_PH/aboutdialog.dtd
index 5099ad7..e957f74 100644
--- a/tl_PH/aboutdialog.dtd
+++ b/tl_PH/aboutdialog.dtd
@@ -1,19 +1,19 @@
-
+
 
-
+
 
 
-
+
 
-
-
+
+
 
-
+
 
 
-
+
 
-
+
 
-
-
+
+

___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [translation/tails-openpgp-applet] Update translations for tails-openpgp-applet

[translation]

commit 2f815869be34ac66970989732b264e737d69803e
Author: Translation commit bot 
Date:   Thu Feb 11 18:46:49 2016 +

Update translations for tails-openpgp-applet
---
 eu/openpgp-applet.pot | 13 +++--
 1 file changed, 7 insertions(+), 6 deletions(-)

diff --git a/eu/openpgp-applet.pot b/eu/openpgp-applet.pot
index 6dedc2c..235e795 100644
--- a/eu/openpgp-applet.pot
+++ b/eu/openpgp-applet.pot
@@ -3,13 +3,14 @@
 # This file is distributed under the same license as the PACKAGE package.
 # 
 # Translators:
+# Iban , 2016
 msgid ""
 msgstr ""
 "Project-Id-Version: The Tor Project\n"
 "Report-Msgid-Bugs-To: ta...@boum.org\n"
 "POT-Creation-Date: 2015-08-10 15:55+0200\n"
-"PO-Revision-Date: 2015-11-23 02:23+\n"
-"Last-Translator: FULL NAME \n"
+"PO-Revision-Date: 2016-02-11 18:28+\n"
+"Last-Translator: Iban \n"
 "Language-Team: Basque 
(http://www.transifex.com/otf/torproject/language/eu/)\n"
 "MIME-Version: 1.0\n"
 "Content-Type: text/plain; charset=UTF-8\n"
@@ -92,8 +93,8 @@ msgstr "Hatz-marka:"
 #: bin/openpgp-applet:447
 msgid "User ID:"
 msgid_plural "User IDs:"
-msgstr[0] ""
-msgstr[1] ""
+msgstr[0] "Erabiltzaile ID:"
+msgstr[1] "Erabiltzaile ID-ak:"
 
 #: bin/openpgp-applet:476
 msgid "None (Don't sign)"
@@ -128,8 +129,8 @@ msgstr "Gako hauetaz fidatzen zara?"
 #: bin/openpgp-applet:603
 msgid "The following selected key is not fully trusted:"
 msgid_plural "The following selected keys are not fully trusted:"
-msgstr[0] ""
-msgstr[1] ""
+msgstr[0] "Hurrengo gako aukeratua ez da guztiz fidagarria:"
+msgstr[1] "Hurrengo gako aukeratuak ez dira guztiz fidagarriak:"
 
 #: bin/openpgp-applet:621
 msgid "Do you trust this key enough to use it anyway?"

___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits