[tor-commits] [translation/tails-misc] Update translations for tails-misc

2016-05-05 Thread translation 
commit aaa7768c3f982d65b94516e5381c2d919ec22243
Author: Translation commit bot 
Date:   Thu May 5 15:45:42 2016 +

Update translations for tails-misc
---
 de.po | 8 
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/de.po b/de.po
index e3749bd..0273344 100644
--- a/de.po
+++ b/de.po
@@ -9,7 +9,7 @@
 # trantor , 2014
 # DoKnGH26" 21 , 2015
 # D P, 2015
-# Ettore Atalan , 2014-2015
+# Ettore Atalan , 2014-2016
 # gerhard , 2013
 # konstibae, 2015
 # Larson März , 2013
@@ -29,8 +29,8 @@ msgstr ""
 "Project-Id-Version: The Tor Project\n"
 "Report-Msgid-Bugs-To: \n"
 "POT-Creation-Date: 2016-04-25 14:02+0200\n"
-"PO-Revision-Date: 2016-04-26 09:06+\n"
-"Last-Translator: carolyn \n"
+"PO-Revision-Date: 2016-05-05 15:19+\n"
+"Last-Translator: Ettore Atalan \n"
 "Language-Team: German 
(http://www.transifex.com/otf/torproject/language/de/)\n"
 "MIME-Version: 1.0\n"
 "Content-Type: text/plain; charset=UTF-8\n"
@@ -263,7 +263,7 @@ msgid ""
 "If you already migrated your emails to Icedove, you should delete"
 " all your Claws Mail data to remove this warning."
-msgstr ""
+msgstr "Wenn Sie Ihre E-Mails bereits auf Icedove migriert haben, 
sollten Sie Ihre kompletten Claws
 Mail-Daten löschen, um diese Warnung zu entfernen."
 
 #: 
config/chroot_local-includes/usr/share/gnome-shell/extensions/shutdown-hel...@tails.boum.org/extension.js:71
 msgid "Restart"

___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [translation/tails-misc_completed] Update translations for tails-misc_completed

2016-05-05 Thread translation 
commit c0a1284dc5d0e777fed31197fb2b6af4b733a60e
Author: Translation commit bot 
Date:   Thu May 5 15:45:45 2016 +

Update translations for tails-misc_completed
---
 de.po | 23 +++
 1 file changed, 15 insertions(+), 8 deletions(-)

diff --git a/de.po b/de.po
index 991ab90..0273344 100644
--- a/de.po
+++ b/de.po
@@ -9,7 +9,7 @@
 # trantor , 2014
 # DoKnGH26" 21 , 2015
 # D P, 2015
-# Ettore Atalan , 2014-2015
+# Ettore Atalan , 2014-2016
 # gerhard , 2013
 # konstibae, 2015
 # Larson März , 2013
@@ -28,9 +28,9 @@ msgid ""
 msgstr ""
 "Project-Id-Version: The Tor Project\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2016-03-17 15:03+0100\n"
-"PO-Revision-Date: 2016-03-21 16:27+\n"
-"Last-Translator: Christian Spaan \n"
+"POT-Creation-Date: 2016-04-25 14:02+0200\n"
+"PO-Revision-Date: 2016-05-05 15:19+\n"
+"Last-Translator: Ettore Atalan \n"
 "Language-Team: German 
(http://www.transifex.com/otf/torproject/language/de/)\n"
 "MIME-Version: 1.0\n"
 "Content-Type: text/plain; charset=UTF-8\n"
@@ -79,13 +79,13 @@ msgid "Do you want to start Electrum anyway?"
 msgstr "Wollen Sie Electrum trotzdem starten?"
 
 #: config/chroot_local-includes/usr/local/bin/electrum:23
-#: config/chroot_local-includes/usr/local/bin/icedove:23
+#: config/chroot_local-includes/usr/local/bin/icedove:30
 #: config/chroot_local-includes/usr/local/sbin/unsafe-browser:41
 msgid "_Launch"
 msgstr "_Start"
 
 #: config/chroot_local-includes/usr/local/bin/electrum:24
-#: config/chroot_local-includes/usr/local/bin/icedove:24
+#: config/chroot_local-includes/usr/local/bin/icedove:31
 #: config/chroot_local-includes/usr/local/sbin/unsafe-browser:42
 msgid "_Exit"
 msgstr "_Beenden"
@@ -247,17 +247,24 @@ msgstr "Ausgabe von GnuPG:"
 msgid "Other messages provided by GnuPG:"
 msgstr "Andere Nachrichten von GnuPG:"
 
-#: config/chroot_local-includes/usr/local/bin/icedove:19
+#: config/chroot_local-includes/usr/local/bin/icedove:20
 msgid "The Claws Mail persistence feature is activated."
 msgstr "Die Persistenzfunktion von Claws Mail ist aktiviert."
 
-#: config/chroot_local-includes/usr/local/bin/icedove:21
+#: config/chroot_local-includes/usr/local/bin/icedove:22
 msgid ""
 "If you have emails saved in Claws Mail, you should migrate"
 " your data before starting Icedove."
 msgstr "Falls Sie gespeicherte E-Mails in Claws Mail haben, sollten Sie 
noch vor dem Start von Icedove Ihre 
Daten migrieren."
 
+#: config/chroot_local-includes/usr/local/bin/icedove:27
+msgid ""
+"If you already migrated your emails to Icedove, you should delete"
+" all your Claws Mail data to remove this warning."
+msgstr "Wenn Sie Ihre E-Mails bereits auf Icedove migriert haben, 
sollten Sie Ihre kompletten Claws
 Mail-Daten löschen, um diese Warnung zu entfernen."
+
 #: 
config/chroot_local-includes/usr/share/gnome-shell/extensions/shutdown-hel...@tails.boum.org/extension.js:71
 msgid "Restart"
 msgstr "Neustart"

___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [translation/tails-misc] Update translations for tails-misc

2016-05-05 Thread translation 
commit 7e476c6cad08fb69ff8e662957b5a6e86ba0ceac
Author: Translation commit bot 
Date:   Thu May 5 15:15:44 2016 +

Update translations for tails-misc
---
 hu.po | 7 ---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/hu.po b/hu.po
index 480cb8b..5665a36 100644
--- a/hu.po
+++ b/hu.po
@@ -4,6 +4,7 @@
 # 
 # Translators:
 # benewfy , 2015-2016
+# Falu, 2016
 # Blackywantscookies , 2014
 # Blackywantscookies , 2014
 # iskr , 2013
@@ -15,8 +16,8 @@ msgstr ""
 "Project-Id-Version: The Tor Project\n"
 "Report-Msgid-Bugs-To: \n"
 "POT-Creation-Date: 2016-04-25 14:02+0200\n"
-"PO-Revision-Date: 2016-04-26 09:06+\n"
-"Last-Translator: carolyn \n"
+"PO-Revision-Date: 2016-05-05 15:14+\n"
+"Last-Translator: Falu\n"
 "Language-Team: Hungarian 
(http://www.transifex.com/otf/torproject/language/hu/)\n"
 "MIME-Version: 1.0\n"
 "Content-Type: text/plain; charset=UTF-8\n"
@@ -249,7 +250,7 @@ msgid ""
 "If you already migrated your emails to Icedove, you should delete"
 " all your Claws Mail data to remove this warning."
-msgstr ""
+msgstr "Ha a levelezés migrálása Icedove-ra már megtörtént, akkor 
minden
 Claws Mail adatod törlése után ez a figyelmeztetés nem fog 
megjelenni."
 
 #: 
config/chroot_local-includes/usr/share/gnome-shell/extensions/shutdown-hel...@tails.boum.org/extension.js:71
 msgid "Restart"

___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [translation/tails-misc_completed] Update translations for tails-misc_completed

2016-05-05 Thread translation 
commit 7236a4465f4686270612283f4bd2641b94918912
Author: Translation commit bot 
Date:   Thu May 5 15:15:47 2016 +

Update translations for tails-misc_completed
---
 hu.po | 22 +++---
 1 file changed, 15 insertions(+), 7 deletions(-)

diff --git a/hu.po b/hu.po
index c59415c..5665a36 100644
--- a/hu.po
+++ b/hu.po
@@ -4,6 +4,7 @@
 # 
 # Translators:
 # benewfy , 2015-2016
+# Falu, 2016
 # Blackywantscookies , 2014
 # Blackywantscookies , 2014
 # iskr , 2013
@@ -14,9 +15,9 @@ msgid ""
 msgstr ""
 "Project-Id-Version: The Tor Project\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2016-03-17 15:03+0100\n"
-"PO-Revision-Date: 2016-03-21 16:27+\n"
-"Last-Translator: Robert Zsolt \n"
+"POT-Creation-Date: 2016-04-25 14:02+0200\n"
+"PO-Revision-Date: 2016-05-05 15:14+\n"
+"Last-Translator: Falu\n"
 "Language-Team: Hungarian 
(http://www.transifex.com/otf/torproject/language/hu/)\n"
 "MIME-Version: 1.0\n"
 "Content-Type: text/plain; charset=UTF-8\n"
@@ -65,13 +66,13 @@ msgid "Do you want to start Electrum anyway?"
 msgstr "Mindenképp el szeretné indítani az Electum-ot?"
 
 #: config/chroot_local-includes/usr/local/bin/electrum:23
-#: config/chroot_local-includes/usr/local/bin/icedove:23
+#: config/chroot_local-includes/usr/local/bin/icedove:30
 #: config/chroot_local-includes/usr/local/sbin/unsafe-browser:41
 msgid "_Launch"
 msgstr "_Indítás"
 
 #: config/chroot_local-includes/usr/local/bin/electrum:24
-#: config/chroot_local-includes/usr/local/bin/icedove:24
+#: config/chroot_local-includes/usr/local/bin/icedove:31
 #: config/chroot_local-includes/usr/local/sbin/unsafe-browser:42
 msgid "_Exit"
 msgstr "_Kilépés"
@@ -233,17 +234,24 @@ msgstr "GnuPG kimenet:"
 msgid "Other messages provided by GnuPG:"
 msgstr "Egyéb üzenetek a GnuPG-től:"
 
-#: config/chroot_local-includes/usr/local/bin/icedove:19
+#: config/chroot_local-includes/usr/local/bin/icedove:20
 msgid "The Claws Mail persistence feature is activated."
 msgstr "A Claws Mail perzisztencia aktiválva."
 
-#: config/chroot_local-includes/usr/local/bin/icedove:21
+#: config/chroot_local-includes/usr/local/bin/icedove:22
 msgid ""
 "If you have emails saved in Claws Mail, you should migrate"
 " your data before starting Icedove."
 msgstr "Ha vannak elmentett emailjei a Claws Mail-ben, akkor másolja
 át az adatait az Icedove indítása előtt."
 
+#: config/chroot_local-includes/usr/local/bin/icedove:27
+msgid ""
+"If you already migrated your emails to Icedove, you should delete"
+" all your Claws Mail data to remove this warning."
+msgstr "Ha a levelezés migrálása Icedove-ra már megtörtént, akkor 
minden
 Claws Mail adatod törlése után ez a figyelmeztetés nem fog 
megjelenni."
+
 #: 
config/chroot_local-includes/usr/share/gnome-shell/extensions/shutdown-hel...@tails.boum.org/extension.js:71
 msgid "Restart"
 msgstr "Újraindítás"

___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/release-0.2.8] Make clients always use begindir for directory requests

2016-05-05 Thread nickm 
commit 833b5f71a72394c02ef633ba0f78d7011fef6181
Author: teor (Tim Wilson-Brown) 
Date:   Thu Apr 28 15:37:59 2016 +1000

Make clients always use begindir for directory requests

This improves client anonymity and avoids directory header tampering.
The extra load on the authorities should be offset by the fallback
directories feature.

This also simplifies the fixes to #18809.
---
 changes/feature18483 |  4 
 src/or/directory.c   | 61 +---
 src/or/directory.h   |  6 --
 3 files changed, 61 insertions(+), 10 deletions(-)

diff --git a/changes/feature18483 b/changes/feature18483
new file mode 100644
index 000..b3c42e6
--- /dev/null
+++ b/changes/feature18483
@@ -0,0 +1,4 @@
+  o Minor features (clients):
+- Make clients, onion services, and bridge relays always
+  use an encrypted begindir connection for directory requests.
+  Resolves #18483. Patch by "teor".
diff --git a/src/or/directory.c b/src/or/directory.c
index ca3b3e3..a03283e 100644
--- a/src/or/directory.c
+++ b/src/or/directory.c
@@ -964,6 +964,16 @@ connection_dir_download_cert_failed(dir_connection_t 
*conn, int status)
   update_certificate_downloads(time(NULL));
 }
 
+/* Should this tor instance only use begindir for all its directory requests?
+ */
+int
+directory_must_use_begindir(const or_options_t *options)
+{
+  /* Clients, onion services, and bridges must use begindir,
+   * relays and authorities do not have to */
+  return !public_server_mode(options);
+}
+
 /** Evaluate the situation and decide if we should use an encrypted
  * "begindir-style" connection for this directory request.
  * 1) If or_port is 0, or it's a direct conn and or_port is firewalled
@@ -971,23 +981,48 @@ connection_dir_download_cert_failed(dir_connection_t 
*conn, int status)
  * 2) If we prefer to avoid begindir conns, and we're not fetching or
  *publishing a bridge relay descriptor, no.
  * 3) Else yes.
+ * If returning 0, return in *reason why we can't use begindir.
+ * reason must not be NULL.
  */
 static int
 directory_command_should_use_begindir(const or_options_t *options,
   const tor_addr_t *addr,
   int or_port, uint8_t router_purpose,
-  dir_indirection_t indirection)
+  dir_indirection_t indirection,
+  const char **reason)
 {
   (void) router_purpose;
-  if (!or_port)
+  tor_assert(reason);
+  *reason = NULL;
+
+  /* Reasons why we can't possibly use begindir */
+  if (!or_port) {
+*reason = "directory with unknown ORPort";
 return 0; /* We don't know an ORPort -- no chance. */
-  if (indirection == DIRIND_DIRECT_CONN || indirection == DIRIND_ANON_DIRPORT)
+  }
+  if (indirection == DIRIND_DIRECT_CONN ||
+  indirection == DIRIND_ANON_DIRPORT) {
+*reason = "DirPort connection";
 return 0;
-  if (indirection == DIRIND_ONEHOP)
+  }
+  if (indirection == DIRIND_ONEHOP) {
+/* We're firewalled and want a direct OR connection */
 if (!fascist_firewall_allows_address_addr(addr, or_port,
-  FIREWALL_OR_CONNECTION, 0, 0) ||
-directory_fetches_from_authorities(options))
-  return 0; /* We're firewalled or are acting like a relay -- also no. */
+  FIREWALL_OR_CONNECTION, 0, 0)) {
+  *reason = "ORPort not reachable";
+  return 0;
+}
+  }
+  /* Reasons why we want to avoid using begindir */
+  if (indirection == DIRIND_ONEHOP) {
+if (!directory_must_use_begindir(options)) {
+  *reason = "in relay mode";
+  return 0;
+}
+  }
+  /* DIRIND_ONEHOP on a client, or DIRIND_ANONYMOUS
+   */
+  *reason = "(using begindir)";
   return 1;
 }
 
@@ -1070,11 +1105,13 @@ directory_initiate_command_rend(const tor_addr_port_t 
*or_addr_port,
   dir_connection_t *conn;
   const or_options_t *options = get_options();
   int socket_error = 0;
+  const char *begindir_reason = NULL;
   /* Should the connection be to a relay's OR port (and inside that we will
* send our directory request)? */
   const int use_begindir = directory_command_should_use_begindir(options,
  _addr_port->addr, or_addr_port->port,
- router_purpose, indirection);
+ router_purpose, indirection,
+ _reason);
   /* Will the connection go via a three-hop Tor circuit? Note that this
* is separate from whether it will use_begindir. */
   const int anonymized_connection = dirind_is_anon(indirection);
@@ -1100,6 +1137,14 @@ directory_initiate_command_rend(const tor_addr_port_t 
*or_addr_port,
   (void)is_sensitive_dir_purpose;
 #endif
 
+  /* use encrypted begindir connections for everything except relays
+   * this

[tor-commits] [tor/release-0.2.8] Report success when not terminating an already terminated process.

2016-05-05 Thread nickm 
commit c7b9e0b8ed7076525da185e25c2142b18b4d43e3
Author: Nick Mathewson 
Date:   Wed May 4 15:10:36 2016 -0400

Report success when not terminating an already terminated process.

Also, document the actual behavior and return values of
tor_terminate_process.

Fixes bug18686; bugfix on 0.2.3.9-alpha.
---
 changes/bug18686  |  5 +
 src/common/util.c | 11 ---
 2 files changed, 13 insertions(+), 3 deletions(-)

diff --git a/changes/bug18686 b/changes/bug18686
new file mode 100644
index 000..23547d2
--- /dev/null
+++ b/changes/bug18686
@@ -0,0 +1,5 @@
+  o Minor bugfixes (pluggable transports):
+- Avoid reporting a spurious error when we decide that we don't
+  need to terminate a pluggable transport because it has already
+  exited. Fixes bug 18686; bugfix on 0.2.5.5-alpha.
+
diff --git a/src/common/util.c b/src/common/util.c
index 04cc6b1..65af8a6 100644
--- a/src/common/util.c
+++ b/src/common/util.c
@@ -3626,8 +3626,13 @@ format_helper_exit_status(unsigned char child_state, int 
saved_errno,
 /* Maximum number of file descriptors, if we cannot get it via sysconf() */
 #define DEFAULT_MAX_FD 256
 
-/** Terminate the process of process_handle.
- *  Code borrowed from Python's os.kill. */
+/** Terminate the process of process_handle, if that process has not
+ * already exited.
+ *
+ * Return 0 if we succeeded in terminating the process (or if the process
+ * already exited), and -1 if we tried to kill the process but failed.
+ *
+ * Based on code originally borrowed from Python's os.kill. */
 int
 tor_terminate_process(process_handle_t *process_handle)
 {
@@ -3647,7 +3652,7 @@ tor_terminate_process(process_handle_t *process_handle)
   }
 #endif
 
-  return -1;
+  return 0; /* We didn't need to kill the process, so report success */
 }
 
 /** Return the Process ID of process_handle. */



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/release-0.2.8] Refactor router_pick_directory_server_impl to use node functions

2016-05-05 Thread nickm 
commit 03fc4cf04caf240fa4e285c3b483c60587456e9b
Author: teor (Tim Wilson-Brown) 
Date:   Sat Apr 30 11:00:50 2016 +1000

Refactor router_pick_directory_server_impl to use node functions

No behavioural change

This makes the use of the node explicit in the function, rather
than hiding the node lookup in fascist_firewall_allows_rs.
---
 src/or/routerlist.c | 8 
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/src/or/routerlist.c b/src/or/routerlist.c
index 13739a7..1c275a6 100644
--- a/src/or/routerlist.c
+++ b/src/or/routerlist.c
@@ -1740,13 +1740,13 @@ router_pick_directory_server_impl(dirinfo_type_t type, 
int flags,
  * we try routers that only have one address both times.)
  */
 if (!fascistfirewall || skip_or_fw ||
-fascist_firewall_allows_rs(status, FIREWALL_OR_CONNECTION,
-   try_ip_pref))
+fascist_firewall_allows_node(node, FIREWALL_OR_CONNECTION,
+ try_ip_pref))
   smartlist_add(is_trusted ? trusted_tunnel :
 is_overloaded ? overloaded_tunnel : tunnel, (void*)node);
 else if (!must_have_or && (skip_dir_fw ||
- fascist_firewall_allows_rs(status, FIREWALL_DIR_CONNECTION,
-try_ip_pref)))
+ fascist_firewall_allows_node(node, FIREWALL_DIR_CONNECTION,
+  try_ip_pref)))
   smartlist_add(is_trusted ? trusted_direct :
 is_overloaded ? overloaded_direct : direct, (void*)node);
   } SMARTLIST_FOREACH_END(node);

___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/release-0.2.8] Merge branch 'feature18483-028-v2-squashed' into maint-0.2.8

2016-05-05 Thread nickm 
commit 68d913c49c7aff441fc6671406aee5137f36f620
Merge: 2e5b35d 9aa280c
Author: Nick Mathewson 
Date:   Thu May 5 08:16:36 2016 -0400

Merge branch 'feature18483-028-v2-squashed' into maint-0.2.8

 changes/feature18483 |  4 
 src/or/directory.c   | 67 
 src/or/directory.h   |  6 +++--
 src/or/routerlist.c  | 10 
 4 files changed, 71 insertions(+), 16 deletions(-)

diff --cc src/or/routerlist.c
index 2167ae2,6a293b7..97512d7
--- a/src/or/routerlist.c
+++ b/src/or/routerlist.c
@@@ -1743,11 -1746,13 +1744,11 @@@ router_pick_directory_server_impl(dirin
 try_ip_pref))
smartlist_add(is_trusted ? trusted_tunnel :
  is_overloaded ? overloaded_tunnel : tunnel, (void*)node);
- else if (skip_dir ||
+ else if (!must_have_or && (skip_dir ||
   fascist_firewall_allows_rs(status, FIREWALL_DIR_CONNECTION,
- try_ip_pref))
+ try_ip_pref)))
smartlist_add(is_trusted ? trusted_direct :
  is_overloaded ? overloaded_direct : direct, (void*)node);
 -else if (!tor_addr_is_null(>ipv6_addr))
 -  ++n_not_preferred;
} SMARTLIST_FOREACH_END(node);
  
if (smartlist_len(tunnel)) {
@@@ -1888,10 -1894,12 +1890,10 @@@ router_pick_trusteddirserver_impl(cons
fascist_firewall_allows_dir_server(d, FIREWALL_OR_CONNECTION,
   try_ip_pref))
  smartlist_add(is_overloaded ? overloaded_tunnel : tunnel, (void*)d);
-   else if (skip_dir ||
+   else if (!must_have_or && (skip_dir ||
 fascist_firewall_allows_dir_server(d, FIREWALL_DIR_CONNECTION,
-   try_ip_pref))
+   try_ip_pref)))
  smartlist_add(is_overloaded ? overloaded_direct : direct, (void*)d);
 -  else if (!tor_addr_is_null(>ipv6_addr))
 -++n_not_preferred;
  }
SMARTLIST_FOREACH_END(d);
  



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/release-0.2.8] Choose the correct address for one-hop connections

2016-05-05 Thread nickm 
commit 0cf90bac2a7136e0abb9fed160f70c543ad8b88a
Author: teor (Tim Wilson-Brown) 
Date:   Thu Apr 28 16:03:23 2016 +1000

Choose the correct address for one-hop connections

After #17840 in 0.2.8.1-alpha, we incorrectly chose an IPv4
address for all DIRIND_ONEHOP directory connections,
even if the routerstatus didn't have an IPv4 address.

This likely affected bridge clients with IPv6 bridges.

Resolves #18921.
---
 changes/bug18921   |  4 
 src/or/directory.c | 30 +++---
 2 files changed, 23 insertions(+), 11 deletions(-)

diff --git a/changes/bug18921 b/changes/bug18921
new file mode 100644
index 000..934a604
--- /dev/null
+++ b/changes/bug18921
@@ -0,0 +1,4 @@
+  o Major bugfixes (IPv6 bridges):
+- Fix directory address selection for IPv6 bridges.
+  Resolves #18921, bugfix on #17840 in 0.2.8.1-alpha.
+  Patch by "teor".
diff --git a/src/or/directory.c b/src/or/directory.c
index ab9f738..ca3b3e3 100644
--- a/src/or/directory.c
+++ b/src/or/directory.c
@@ -630,7 +630,6 @@ directory_choose_address_routerstatus(const routerstatus_t 
*status,
   tor_assert(use_or_ap != NULL);
   tor_assert(use_dir_ap != NULL);
 
-  const int anonymized_connection = dirind_is_anon(indirection);
   int have_or = 0, have_dir = 0;
 
   /* We expect status to have at least one reachable address if we're
@@ -652,13 +651,16 @@ directory_choose_address_routerstatus(const 
routerstatus_t *status,
   tor_addr_make_null(_dir_ap->addr, AF_UNSPEC);
   use_dir_ap->port = 0;
 
-  if (anonymized_connection) {
-/* Use the primary (IPv4) OR address if we're making an indirect
- * connection. */
-tor_addr_from_ipv4h(_or_ap->addr, status->addr);
-use_or_ap->port = status->or_port;
-have_or = 1;
-  } else {
+  /* ORPort connections */
+  if (indirection == DIRIND_ANONYMOUS) {
+if (status->addr) {
+  /* Since we're going to build a 3-hop circuit and ask the 2nd relay
+   * to extend to this address, always use the primary (IPv4) OR address */
+  tor_addr_from_ipv4h(_or_ap->addr, status->addr);
+  use_or_ap->port = status->or_port;
+  have_or = 1;
+}
+  } else if (indirection == DIRIND_ONEHOP) {
 /* We use an IPv6 address if we have one and we prefer it.
  * Use the preferred address and port if they are reachable, otherwise,
  * use the alternate address and port (if any).
@@ -668,9 +670,15 @@ directory_choose_address_routerstatus(const routerstatus_t 
*status,
  use_or_ap);
   }
 
-  have_dir = fascist_firewall_choose_address_rs(status,
-FIREWALL_DIR_CONNECTION, 0,
-use_dir_ap);
+  /* DirPort connections
+   * DIRIND_ONEHOP uses ORPort, but may fall back to the DirPort */
+  if (indirection == DIRIND_DIRECT_CONN ||
+  indirection == DIRIND_ANON_DIRPORT ||
+  indirection == DIRIND_ONEHOP) {
+have_dir = fascist_firewall_choose_address_rs(status,
+  FIREWALL_DIR_CONNECTION, 0,
+  use_dir_ap);
+  }
 
   /* We rejected all addresses in the relay's status. This means we can't
* connect to it. */



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/release-0.2.8] Comment-only change to clarify routerstatus_t IPv4 byte order

2016-05-05 Thread nickm 
commit 225448ad34a75b6eea9ab17e306e67578ce86760
Author: teor (Tim Wilson-Brown) 
Date:   Fri Apr 29 11:03:59 2016 +1000

Comment-only change to clarify routerstatus_t IPv4 byte order
---
 src/or/or.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/or/or.h b/src/or/or.h
index 592f295..6694bb4 100644
--- a/src/or/or.h
+++ b/src/or/or.h
@@ -2215,7 +2215,7 @@ typedef struct routerstatus_t {
   /** Digest of the router's most recent descriptor or microdescriptor.
* If it's a descriptor, we only use the first DIGEST_LEN bytes. */
   char descriptor_digest[DIGEST256_LEN];
-  uint32_t addr; /**< IPv4 address for this router. */
+  uint32_t addr; /**< IPv4 address for this router, in host order. */
   uint16_t or_port; /**< OR port for this router. */
   uint16_t dir_port; /**< Directory port for this router. */
   tor_addr_t ipv6_addr; /**< IPv6 address for this router. */



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/release-0.2.8] Rename skip_or and skip_dir to avoid confusion

2016-05-05 Thread nickm 
commit 7ec273bd4a3c82d9bddc9aef373b4f99396198c9
Author: teor (Tim Wilson-Brown) 
Date:   Thu Apr 28 15:44:31 2016 +1000

Rename skip_or and skip_dir to avoid confusion

Variable rename only
---
 src/or/routerlist.c | 16 
 1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/src/or/routerlist.c b/src/or/routerlist.c
index 97512d7..13739a7 100644
--- a/src/or/routerlist.c
+++ b/src/or/routerlist.c
@@ -1685,8 +1685,8 @@ router_pick_directory_server_impl(dirinfo_type_t type, 
int flags,
   overloaded_direct = smartlist_new();
   overloaded_tunnel = smartlist_new();
 
-  const int skip_or = router_skip_or_reachability(options, try_ip_pref);
-  const int skip_dir = router_skip_dir_reachability(options, try_ip_pref);
+  const int skip_or_fw = router_skip_or_reachability(options, try_ip_pref);
+  const int skip_dir_fw = router_skip_dir_reachability(options, try_ip_pref);
   const int must_have_or = directory_must_use_begindir(options);
 
   /* Find all the running dirservers we know about. */
@@ -1739,12 +1739,12 @@ router_pick_directory_server_impl(dirinfo_type_t type, 
int flags,
  * address for each router (if any). (To ensure correct load-balancing
  * we try routers that only have one address both times.)
  */
-if (!fascistfirewall || skip_or ||
+if (!fascistfirewall || skip_or_fw ||
 fascist_firewall_allows_rs(status, FIREWALL_OR_CONNECTION,
try_ip_pref))
   smartlist_add(is_trusted ? trusted_tunnel :
 is_overloaded ? overloaded_tunnel : tunnel, (void*)node);
-else if (!must_have_or && (skip_dir ||
+else if (!must_have_or && (skip_dir_fw ||
  fascist_firewall_allows_rs(status, FIREWALL_DIR_CONNECTION,
 try_ip_pref)))
   smartlist_add(is_trusted ? trusted_direct :
@@ -1848,8 +1848,8 @@ router_pick_trusteddirserver_impl(const smartlist_t 
*sourcelist,
   overloaded_direct = smartlist_new();
   overloaded_tunnel = smartlist_new();
 
-  const int skip_or = router_skip_or_reachability(options, try_ip_pref);
-  const int skip_dir = router_skip_dir_reachability(options, try_ip_pref);
+  const int skip_or_fw = router_skip_or_reachability(options, try_ip_pref);
+  const int skip_dir_fw = router_skip_dir_reachability(options, try_ip_pref);
   const int must_have_or = directory_must_use_begindir(options);
 
   SMARTLIST_FOREACH_BEGIN(sourcelist, const dir_server_t *, d)
@@ -1886,11 +1886,11 @@ router_pick_trusteddirserver_impl(const smartlist_t 
*sourcelist,
* address for each router (if any). (To ensure correct load-balancing
* we try routers that only have one address both times.)
*/
-  if (!fascistfirewall || skip_or ||
+  if (!fascistfirewall || skip_or_fw ||
   fascist_firewall_allows_dir_server(d, FIREWALL_OR_CONNECTION,
  try_ip_pref))
 smartlist_add(is_overloaded ? overloaded_tunnel : tunnel, (void*)d);
-  else if (!must_have_or && (skip_dir ||
+  else if (!must_have_or && (skip_dir_fw ||
fascist_firewall_allows_dir_server(d, FIREWALL_DIR_CONNECTION,
   try_ip_pref)))
 smartlist_add(is_overloaded ? overloaded_direct : direct, (void*)d);



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/release-0.2.8] Merge branch 'bug18686_025' into maint-0.2.8

2016-05-05 Thread nickm 
commit b8e8910d60e41844ce4ab37d9306cb8e8b5aec91
Merge: 31332a8 c7b9e0b
Author: Nick Mathewson 
Date:   Wed May 4 15:12:11 2016 -0400

Merge branch 'bug18686_025' into maint-0.2.8

 changes/bug18686  |  5 +
 src/common/util.c | 11 ---
 2 files changed, 13 insertions(+), 3 deletions(-)




___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/release-0.2.8] Merge branch 'bug18921_squashed' into maint-0.2.8

2016-05-05 Thread nickm 
commit 01e7f42a09108e71cede46d4a038c4b1253a3d42
Merge: 6027429 0cf90ba
Author: Nick Mathewson 
Date:   Wed May 4 15:23:26 2016 -0400

Merge branch 'bug18921_squashed' into maint-0.2.8

 changes/bug18921   |  4 
 src/or/directory.c | 30 +++---
 2 files changed, 23 insertions(+), 11 deletions(-)



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/release-0.2.8] Fix keccak-tiny portability on `exotic` platforms.

2016-05-05 Thread nickm 
commit 8f292f1c33b033f36e17969f206c9332c0241e9a
Author: Yawning Angel 
Date:   Mon May 2 10:24:35 2016 +

Fix keccak-tiny portability on `exotic` platforms.

 * SHA-3/SHAKE use little endian for certain things, so byteswap as
   needed.

 * The code was written under the assumption that unaligned access to
   quadwords is allowed, which isn't true particularly on non-Intel.
---
 changes/bug18943   |  6 +++
 src/ext/keccak-tiny/keccak-tiny-unrolled.c | 72 +-
 2 files changed, 57 insertions(+), 21 deletions(-)

diff --git a/changes/bug18943 b/changes/bug18943
new file mode 100644
index 000..53569f0
--- /dev/null
+++ b/changes/bug18943
@@ -0,0 +1,6 @@
+  o Major bugfixes (crypto, portability):
+- The SHA3 and SHAKE routines now produce the correct output on
+  Big Endian systems, unbreaking the unit tests.  No code calls
+  either algorithm family yet, so this is primarily a build fix.
+  Closes ticket 18943.
+
diff --git a/src/ext/keccak-tiny/keccak-tiny-unrolled.c 
b/src/ext/keccak-tiny/keccak-tiny-unrolled.c
index 4b4f51c..d1342c3 100644
--- a/src/ext/keccak-tiny/keccak-tiny-unrolled.c
+++ b/src/ext/keccak-tiny/keccak-tiny-unrolled.c
@@ -11,6 +11,29 @@
 #include 
 #include "crypto.h"
 
+/ Endianness conversion helpers /
+
+static inline uint64_t
+loadu64le(const unsigned char *x) {
+  uint64_t r = 0;
+  size_t i;
+
+  for (i = 0; i < 8; ++i) {
+r |= (uint64_t)x[i] << 8 * i;
+  }
+  return r;
+}
+
+static inline void
+storeu64le(uint8_t *x, uint64_t u) {
+  size_t i;
+
+  for(i=0; i<8; ++i) {
+x[i] = u;
+u >>= 8;
+  }
+}
+
 / The Keccak-f[1600] permutation /
 
 /*** Constants. ***/
@@ -80,24 +103,26 @@ static inline void keccakf(void* state) {
 
 /*** Some helper macros. ***/
 
-#define _(S) do { S } while (0)
-#define FOR(i, ST, L, S) \
-  _(for (size_t i = 0; i < L; i += ST) { S; })
-#define mkapply_ds(NAME, S)  \
-  static inline void NAME(uint8_t* dst,  \
-  const uint8_t* src,\
-  size_t len) {  \
-FOR(i, 1, len, S);   \
-  }
-#define mkapply_sd(NAME, S)  \
-  static inline void NAME(const uint8_t* src,\
-  uint8_t* dst,  \
-  size_t len) {  \
-FOR(i, 1, len, S);   \
+// `xorin` modified to handle Big Endian systems, `buf` being unaligned on
+// systems that care about such things.  Assumes that len is a multiple of 8,
+// which is always true for the rates we use, and the modified finalize.
+static inline void
+xorin8(uint8_t *dst, const uint8_t *src, size_t len) {
+  uint64_t* a = (uint64_t*)dst; // Always aligned.
+  for (size_t i = 0; i < len; i += 8) {
+a[i/8] ^= loadu64le(src + i);
   }
+}
 
-mkapply_ds(xorin, dst[i] ^= src[i])  // xorin
-mkapply_sd(setout, dst[i] = src[i])  // setout
+// `setout` likewise modified to handle Big Endian systems.  Assumes that len
+// is a multiple of 8, which is true for every rate we use.
+static inline void
+setout8(const uint8_t *src, uint8_t *dst, size_t len) {
+  const uint64_t *si = (const uint64_t*)src; // Always aligned.
+  for (size_t i = 0; i < len; i+= 8) {
+storeu64le(dst+i, si[i/8]);
+  }
+}
 
 #define P keccakf
 #define Plen KECCAK_MAX_RATE
@@ -118,7 +143,7 @@ static inline void
 keccak_absorb_blocks(keccak_state *s, const uint8_t *buf, size_t nr_blocks)
 {
   size_t blen = nr_blocks * s->rate;
-  foldP(buf, blen, xorin);
+  foldP(buf, blen, xorin8);
 }
 
 static int
@@ -161,10 +186,14 @@ static void
 keccak_finalize(keccak_state *s)
 {
   // Xor in the DS and pad frame.
-  s->a[s->offset] ^= s->delim;
-  s->a[s->rate - 1] ^= 0x80;
+  s->block[s->offset++] = s->delim; // DS.
+  for (size_t i = s->offset; i < s->rate; i++) {
+s->block[i] = 0;
+  }
+  s->block[s->rate - 1] |= 0x80; // Pad frame.
+
   // Xor in the last block.
-  xorin(s->a, s->block, s->offset);
+  xorin8(s->a, s->block, s->rate);
 
   memwipe(s->block, 0, sizeof(s->block));
   s->finalized = 1;
@@ -176,7 +205,7 @@ keccak_squeeze_blocks(keccak_state *s, uint8_t *out, size_t 
nr_blocks)
 {
   for (size_t n = 0; n < nr_blocks; n++) {
 keccakf(s->a);
-setout(s->a, out, s->rate);
+setout8(s->a, out, s->rate);
 out += s->rate;
   }
 }
@@ -321,6 +350,7 @@ static inline int hash(uint8_t* out, size_t outlen,
 
   int ret = 0;
   keccak_state s;
+  keccak_cleanse();
 
   switch (delim) {
 case KECCAK_DELIM_DIGEST:



___
tor-commits mailing list
tor-commits@lists.torproject.org

[tor-commits] [tor/release-0.2.8] Only choose directory DirPorts on relays

2016-05-05 Thread nickm 
commit 9aa280cc0c105bc282c3c1c0dee385387251ab12
Author: teor (Tim Wilson-Brown) 
Date:   Thu Apr 28 16:07:47 2016 +1000

Only choose directory DirPorts on relays
---
 src/or/directory.c | 6 --
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/src/or/directory.c b/src/or/directory.c
index a03283e..8dc018a 100644
--- a/src/or/directory.c
+++ b/src/or/directory.c
@@ -630,6 +630,7 @@ directory_choose_address_routerstatus(const routerstatus_t 
*status,
   tor_assert(use_or_ap != NULL);
   tor_assert(use_dir_ap != NULL);
 
+  const or_options_t *options = get_options();
   int have_or = 0, have_dir = 0;
 
   /* We expect status to have at least one reachable address if we're
@@ -671,10 +672,11 @@ directory_choose_address_routerstatus(const 
routerstatus_t *status,
   }
 
   /* DirPort connections
-   * DIRIND_ONEHOP uses ORPort, but may fall back to the DirPort */
+   * DIRIND_ONEHOP uses ORPort, but may fall back to the DirPort on relays */
   if (indirection == DIRIND_DIRECT_CONN ||
   indirection == DIRIND_ANON_DIRPORT ||
-  indirection == DIRIND_ONEHOP) {
+  (indirection == DIRIND_ONEHOP
+   && !directory_must_use_begindir(options))) {
 have_dir = fascist_firewall_choose_address_rs(status,
   FIREWALL_DIR_CONNECTION, 0,
   use_dir_ap);



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/release-0.2.8] Make directory node selection more reliable

2016-05-05 Thread nickm 
commit 2e5b35db81e867e782086e3d714fcc7882c9c171
Author: teor (Tim Wilson-Brown) 
Date:   Thu May 5 11:51:37 2016 +1000

Make directory node selection more reliable

Delete an unnecessary check for non-preferred IP versions.

Allows clients which can't reach any directories of their
preferred IP address version to get directory documents.

Patch on #17840 in 0.2.8.1-alpha.
---
 changes/bug18929|  5 +
 src/or/routerlist.c | 12 +++-
 2 files changed, 8 insertions(+), 9 deletions(-)

diff --git a/changes/bug18929 b/changes/bug18929
new file mode 100644
index 000..f79baca
--- /dev/null
+++ b/changes/bug18929
@@ -0,0 +1,5 @@
+  o Minor bugfixes (IPv6):
+- Make directory node selection more reliable, mainly for
+  IPv6-only clients and clients with few reachable addresses.
+  Resolves #18929, bugfix on #17840 in 0.2.8.1-alpha.
+  Patch by "teor".
diff --git a/src/or/routerlist.c b/src/or/routerlist.c
index 3c9023e..2167ae2 100644
--- a/src/or/routerlist.c
+++ b/src/or/routerlist.c
@@ -1597,11 +1597,10 @@ router_picked_poor_directory_log(const routerstatus_t 
*rs)
   STMT_BEGIN  \
 if (result == NULL && try_ip_pref && options->ClientUseIPv4   \
 && fascist_firewall_use_ipv6(options) && !server_mode(options)\
-&& n_not_preferred && !n_busy) {  \
+&& !n_busy) { \
   n_excluded = 0; \
   n_busy = 0; \
   try_ip_pref = 0;\
-  n_not_preferred = 0;\
   goto retry_label;   \
 } \
   STMT_END\
@@ -1620,7 +1619,6 @@ router_picked_poor_directory_log(const routerstatus_t *rs)
   n_excluded = 0; \
   n_busy = 0; \
   try_ip_pref = 1;\
-  n_not_preferred = 0;\
   goto retry_label;   \
 } \
   STMT_END
@@ -1673,7 +1671,7 @@ router_pick_directory_server_impl(dirinfo_type_t type, 
int flags,
   const int no_microdesc_fetching = (flags & PDS_NO_EXISTING_MICRODESC_FETCH);
   const int for_guard = (flags & PDS_FOR_GUARD);
   int try_excluding = 1, n_excluded = 0, n_busy = 0;
-  int try_ip_pref = 1, n_not_preferred = 0;
+  int try_ip_pref = 1;
 
   if (!consensus)
 return NULL;
@@ -1750,8 +1748,6 @@ router_pick_directory_server_impl(dirinfo_type_t type, 
int flags,
 try_ip_pref))
   smartlist_add(is_trusted ? trusted_direct :
 is_overloaded ? overloaded_direct : direct, (void*)node);
-else if (!tor_addr_is_null(>ipv6_addr))
-  ++n_not_preferred;
   } SMARTLIST_FOREACH_END(node);
 
   if (smartlist_len(tunnel)) {
@@ -1839,7 +1835,7 @@ router_pick_trusteddirserver_impl(const smartlist_t 
*sourcelist,
   smartlist_t *pick_from;
   int n_busy = 0;
   int try_excluding = 1, n_excluded = 0;
-  int try_ip_pref = 1, n_not_preferred = 0;
+  int try_ip_pref = 1;
 
   if (!sourcelist)
 return NULL;
@@ -1896,8 +1892,6 @@ router_pick_trusteddirserver_impl(const smartlist_t 
*sourcelist,
fascist_firewall_allows_dir_server(d, FIREWALL_DIR_CONNECTION,
   try_ip_pref))
 smartlist_add(is_overloaded ? overloaded_direct : direct, (void*)d);
-  else if (!tor_addr_is_null(>ipv6_addr))
-++n_not_preferred;
 }
   SMARTLIST_FOREACH_END(d);
 



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/release-0.2.8] Merge branch 'bug18710_025' into maint-0.2.8

2016-05-05 Thread nickm 
commit 31332a878db0d8f8d53fe4e535ec9ae812675315
Merge: 8f292f1 0ca3f49
Author: Nick Mathewson 
Date:   Wed May 4 14:47:04 2016 -0400

Merge branch 'bug18710_025' into maint-0.2.8

 changes/bug18710 | 6 ++
 src/or/dnsserv.c | 4 +---
 2 files changed, 7 insertions(+), 3 deletions(-)




___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/release-0.2.8] Make clients only select directories with reachable ORPorts

2016-05-05 Thread nickm 
commit 88deb52d559fbec17be4a634137ac4b6c207ce06
Author: teor (Tim Wilson-Brown) 
Date:   Thu Apr 28 15:40:04 2016 +1000

Make clients only select directories with reachable ORPorts

This makes sure clients will only select relays which support
begindir over ORPort.
---
 src/or/routerlist.c | 10 ++
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/src/or/routerlist.c b/src/or/routerlist.c
index 3c9023e..6a293b7 100644
--- a/src/or/routerlist.c
+++ b/src/or/routerlist.c
@@ -1689,6 +1689,7 @@ router_pick_directory_server_impl(dirinfo_type_t type, 
int flags,
 
   const int skip_or = router_skip_or_reachability(options, try_ip_pref);
   const int skip_dir = router_skip_dir_reachability(options, try_ip_pref);
+  const int must_have_or = directory_must_use_begindir(options);
 
   /* Find all the running dirservers we know about. */
   SMARTLIST_FOREACH_BEGIN(nodelist_get_list(), const node_t *, node) {
@@ -1745,9 +1746,9 @@ router_pick_directory_server_impl(dirinfo_type_t type, 
int flags,
try_ip_pref))
   smartlist_add(is_trusted ? trusted_tunnel :
 is_overloaded ? overloaded_tunnel : tunnel, (void*)node);
-else if (skip_dir ||
+else if (!must_have_or && (skip_dir ||
  fascist_firewall_allows_rs(status, FIREWALL_DIR_CONNECTION,
-try_ip_pref))
+try_ip_pref)))
   smartlist_add(is_trusted ? trusted_direct :
 is_overloaded ? overloaded_direct : direct, (void*)node);
 else if (!tor_addr_is_null(>ipv6_addr))
@@ -1853,6 +1854,7 @@ router_pick_trusteddirserver_impl(const smartlist_t 
*sourcelist,
 
   const int skip_or = router_skip_or_reachability(options, try_ip_pref);
   const int skip_dir = router_skip_dir_reachability(options, try_ip_pref);
+  const int must_have_or = directory_must_use_begindir(options);
 
   SMARTLIST_FOREACH_BEGIN(sourcelist, const dir_server_t *, d)
 {
@@ -1892,9 +1894,9 @@ router_pick_trusteddirserver_impl(const smartlist_t 
*sourcelist,
   fascist_firewall_allows_dir_server(d, FIREWALL_OR_CONNECTION,
  try_ip_pref))
 smartlist_add(is_overloaded ? overloaded_tunnel : tunnel, (void*)d);
-  else if (skip_dir ||
+  else if (!must_have_or && (skip_dir ||
fascist_firewall_allows_dir_server(d, FIREWALL_DIR_CONNECTION,
-  try_ip_pref))
+  try_ip_pref)))
 smartlist_add(is_overloaded ? overloaded_direct : direct, (void*)d);
   else if (!tor_addr_is_null(>ipv6_addr))
 ++n_not_preferred;



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/release-0.2.8] Merge branch 'doc18312' into maint-0.2.8

2016-05-05 Thread nickm 
commit 60274296c3e012bb0ca5ad3214e2b8aa0fe19e82
Merge: b8e8910 92615f6
Author: Nick Mathewson 
Date:   Wed May 4 15:13:07 2016 -0400

Merge branch 'doc18312' into maint-0.2.8

 changes/bug18312 | 4 
 doc/tor.1.txt| 4 ++--
 2 files changed, 6 insertions(+), 2 deletions(-)



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/release-0.2.8] Fix dnsserv.c assertion when no supported questions are requested.

2016-05-05 Thread nickm 
commit 0ca3f495c6fad074606ab75942b64738ed61926a
Author: Scott Dial 
Date:   Wed May 4 14:45:09 2016 -0400

Fix dnsserv.c assertion when no supported questions are requested.

The problem is that "q" is always set on the first iteration even
if the question is not a supported question. This set of "q" is
not necessary, and will be handled after exiting the loop if there
if a supported q->type was found.

[Changes file by nickm]

lease enter the commit message for your changes. Lines starting
---
 changes/bug18710 | 6 ++
 src/or/dnsserv.c | 4 +---
 2 files changed, 7 insertions(+), 3 deletions(-)

diff --git a/changes/bug18710 b/changes/bug18710
new file mode 100644
index 000..2693955
--- /dev/null
+++ b/changes/bug18710
@@ -0,0 +1,6 @@
+  o Major bugfixes (DNS proxy):
+- Stop a crash that could occur when a client running with DNSPort
+  received a query with multiple address types, where the first
+  address type was not supported. Found and fixed by Scott Dial.
+  Fixes bug 18710; bugfix on 0.2.5.4-alpha.
+
diff --git a/src/or/dnsserv.c b/src/or/dnsserv.c
index ecd45be..9b0368d 100644
--- a/src/or/dnsserv.c
+++ b/src/or/dnsserv.c
@@ -87,8 +87,6 @@ evdns_server_callback(struct evdns_server_request *req, void 
*data_)
   for (i = 0; i < req->nquestions; ++i) {
 if (req->questions[i]->dns_question_class != EVDNS_CLASS_INET)
   continue;
-if (! q)
-  q = req->questions[i];
 switch (req->questions[i]->type) {
   case EVDNS_TYPE_A:
   case EVDNS_TYPE_:
@@ -96,7 +94,7 @@ evdns_server_callback(struct evdns_server_request *req, void 
*data_)
 /* We always pick the first one of these questions, if there is
one. */
 if (! supported_q)
-  supported_q = q;
+  supported_q = req->questions[i];
 break;
   default:
 break;



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/release-0.2.8] Do not recommend use of nicknames in MapAddress manpage

2016-05-05 Thread nickm 
commit 92615f608c2fd1b5da29068498c5fe473105e88f
Author: Nick Mathewson 
Date:   Tue Apr 26 20:30:59 2016 -0400

Do not recommend use of nicknames in MapAddress manpage
---
 changes/bug18312 | 4 
 doc/tor.1.txt| 4 ++--
 2 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/changes/bug18312 b/changes/bug18312
new file mode 100644
index 000..7dcb326
--- /dev/null
+++ b/changes/bug18312
@@ -0,0 +1,4 @@
+  o Documentation:
+- Stop recommending use of nicknames to identify relays in our
+  MapAddress documentation. Closes ticket 18312.
+
diff --git a/doc/tor.1.txt b/doc/tor.1.txt
index 262a36e..787223d 100644
--- a/doc/tor.1.txt
+++ b/doc/tor.1.txt
@@ -961,12 +961,12 @@ The following options are useful only for clients (that 
is, if
 When a request for address arrives to Tor, it will transform to newaddress
 before processing it. For example, if you always want connections to
 www.example.com to exit via __torserver__ (where __torserver__ is the
-nickname of the server), use "MapAddress www.example.com
+fingerprint of the server), use "MapAddress www.example.com
 www.example.com.torserver.exit". If the value is prefixed with a
 "\*.", matches an entire domain. For example, if you
 always want connections to example.com and any if its subdomains
 to exit via
-__torserver__ (where __torserver__ is the nickname of the server), use
+__torserver__ (where __torserver__ is the fingerprint of the server), use
 "MapAddress \*.example.com \*.example.com.torserver.exit". (Note the
 leading "*." in each part of the directive.) You can also redirect all
 subdomains of a domain to a single address. For example, "MapAddress



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/release-0.2.8] (cherry-picked by nickm, with changes file from isis.)

2016-05-05 Thread nickm 
commit 054d9398531b148d8b41c382da36c83c0381e09e
Author: s0rlxmh0 
Date:   Mon May 2 14:01:36 2016 -0400

(cherry-picked by nickm, with changes file from isis.)
---
 changes/bug18920 | 5 +
 src/or/control.c | 5 +
 2 files changed, 10 insertions(+)

diff --git a/changes/bug18920 b/changes/bug18920
new file mode 100644
index 000..1babfd6
--- /dev/null
+++ b/changes/bug18920
@@ -0,0 +1,5 @@
+  o Minor bugfixes (controller, microdescriptors):
+- Make GETINFO dir/status-vote/current/consensus conform to the control
+  specification by returning "551 Could not open cached consensus..."
+  when not caching consensuses.
+  Fixes bug 18920; bugfix on 0.2.2.6-alpha.
diff --git a/src/or/control.c b/src/or/control.c
index 655b4dd..e06d7d2 100644
--- a/src/or/control.c
+++ b/src/or/control.c
@@ -2011,6 +2011,11 @@ getinfo_helper_dir(control_connection_t *control_conn,
   char *filename = get_datadir_fname("cached-consensus");
   *answer = read_file_to_str(filename, RFTS_IGNORE_MISSING, NULL);
   tor_free(filename);
+  if (!*answer) { /* generate an error */
+*errmsg = "Could not open cached consensus. "
+  "Make sure FetchUselessDescriptors is set to 1.";
+return -1;
+  }
 }
   } else if (!strcmp(question, "network-status")) { /* v1 */
 routerlist_t *routerlist = router_get_routerlist();



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [translation/tails-persistence-setup_completed] Update translations for tails-persistence-setup_completed

2016-05-05 Thread translation 
commit fcabf93af4c8371186ca1043e937343eaa31751c
Author: Translation commit bot 
Date:   Thu May 5 12:45:26 2016 +

Update translations for tails-persistence-setup_completed
---
 sv/sv.po | 19 ++-
 1 file changed, 14 insertions(+), 5 deletions(-)

diff --git a/sv/sv.po b/sv/sv.po
index 6121504..c0e31b4 100644
--- a/sv/sv.po
+++ b/sv/sv.po
@@ -3,7 +3,8 @@
 # This file is distributed under the same license as the PACKAGE package.
 # 
 # Translators:
-# Anders Nilsson , 2015
+# Anders Nilsson , 2016
+# Anders Nilsson , 2015
 # Filip Nyquist , 2015
 # Michael Cavén, 2014
 # phst , 2014
@@ -14,9 +15,9 @@ msgid ""
 msgstr ""
 "Project-Id-Version: The Tor Project\n"
 "Report-Msgid-Bugs-To: Tails developers \n"
-"POT-Creation-Date: 2016-01-25 17:34+0100\n"
-"PO-Revision-Date: 2016-03-21 16:32+\n"
-"Last-Translator: carolyn \n"
+"POT-Creation-Date: 2016-04-24 16:40+0200\n"
+"PO-Revision-Date: 2016-05-05 12:18+\n"
+"Last-Translator: Anders Nilsson \n"
 "Language-Team: Swedish 
(http://www.transifex.com/otf/torproject/language/sv/)\n"
 "MIME-Version: 1.0\n"
 "Content-Type: text/plain; charset=UTF-8\n"
@@ -121,10 +122,18 @@ msgid "Lists downloaded by APT"
 msgstr "Listor hämtade av APT"
 
 #: ../lib/Tails/Persistence/Configuration/Presets.pm:168
+msgid "Mumble server"
+msgstr "Mumble-server"
+
+#: ../lib/Tails/Persistence/Configuration/Presets.pm:170
+msgid "Mumble server configuration and its Tor Hidden Service address"
+msgstr "Mumble-serverkonfiguration och dess Tor Hidden Service-adress"
+
+#: ../lib/Tails/Persistence/Configuration/Presets.pm:178
 msgid "Dotfiles"
 msgstr "Punktfiler"
 
-#: ../lib/Tails/Persistence/Configuration/Presets.pm:170
+#: ../lib/Tails/Persistence/Configuration/Presets.pm:180
 msgid ""
 "Symlink into $HOME every file or directory found in the `dotfiles' directory"
 msgstr "Länka in i $HOME varje fil och katalog som finns i `dotfiles' 
katalogen"

___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [translation/tor-launcher-network-settings] Update translations for tor-launcher-network-settings

2016-05-05 Thread translation 
commit f85c03faee9f5fe260b1d4697e25bb9a52588e08
Author: Translation commit bot 
Date:   Thu May 5 12:45:43 2016 +

Update translations for tor-launcher-network-settings
---
 sv/network-settings.dtd | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/sv/network-settings.dtd b/sv/network-settings.dtd
index 5c398b3..aab93e0 100644
--- a/sv/network-settings.dtd
+++ b/sv/network-settings.dtd
@@ -65,7 +65,7 @@
 
 
 
-
+
 
 https://bridges.torproject.org;>
 

___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [translation/tails-misc_completed] Update translations for tails-misc_completed

2016-05-05 Thread translation 
commit c10d03be5b63a7da445f88937553fb1d74471057
Author: Translation commit bot 
Date:   Thu May 5 12:45:52 2016 +

Update translations for tails-misc_completed
---
 sv.po | 24 
 1 file changed, 16 insertions(+), 8 deletions(-)

diff --git a/sv.po b/sv.po
index 8734e18..fba8b46 100644
--- a/sv.po
+++ b/sv.po
@@ -3,7 +3,8 @@
 # This file is distributed under the same license as the PACKAGE package.
 # 
 # Translators:
-# Anders Nilsson , 2015
+# Anders Nilsson , 2016
+# Anders Nilsson , 2015
 # Emil Johansson , 2015
 # Filip Nyquist , 2015
 # Gabor Sebastiani, 2014
@@ -18,9 +19,9 @@ msgid ""
 msgstr ""
 "Project-Id-Version: The Tor Project\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2016-03-17 15:03+0100\n"
-"PO-Revision-Date: 2016-03-21 16:27+\n"
-"Last-Translator: pilino1234 \n"
+"POT-Creation-Date: 2016-04-25 14:02+0200\n"
+"PO-Revision-Date: 2016-05-05 12:15+\n"
+"Last-Translator: Anders Nilsson \n"
 "Language-Team: Swedish 
(http://www.transifex.com/otf/torproject/language/sv/)\n"
 "MIME-Version: 1.0\n"
 "Content-Type: text/plain; charset=UTF-8\n"
@@ -69,13 +70,13 @@ msgid "Do you want to start Electrum anyway?"
 msgstr "Vill du starta Electrum ändå?"
 
 #: config/chroot_local-includes/usr/local/bin/electrum:23
-#: config/chroot_local-includes/usr/local/bin/icedove:23
+#: config/chroot_local-includes/usr/local/bin/icedove:30
 #: config/chroot_local-includes/usr/local/sbin/unsafe-browser:41
 msgid "_Launch"
 msgstr "_Starta"
 
 #: config/chroot_local-includes/usr/local/bin/electrum:24
-#: config/chroot_local-includes/usr/local/bin/icedove:24
+#: config/chroot_local-includes/usr/local/bin/icedove:31
 #: config/chroot_local-includes/usr/local/sbin/unsafe-browser:42
 msgid "_Exit"
 msgstr "_Avsluta"
@@ -237,17 +238,24 @@ msgstr "Utmatning från GnuPG:"
 msgid "Other messages provided by GnuPG:"
 msgstr "Andra meddelanden givna av GnuPG:"
 
-#: config/chroot_local-includes/usr/local/bin/icedove:19
+#: config/chroot_local-includes/usr/local/bin/icedove:20
 msgid "The Claws Mail persistence feature is activated."
 msgstr "Claws Mail persistens funktionen är aktiverad."
 
-#: config/chroot_local-includes/usr/local/bin/icedove:21
+#: config/chroot_local-includes/usr/local/bin/icedove:22
 msgid ""
 "If you have emails saved in Claws Mail, you should migrate"
 " your data before starting Icedove."
 msgstr "Om du har sparat e-postmeddelanden i Claws Mail borde du migrera
 din data innan du startar Icedove."
 
+#: config/chroot_local-includes/usr/local/bin/icedove:27
+msgid ""
+"If you already migrated your emails to Icedove, you should delete"
+" all your Claws Mail data to remove this warning."
+msgstr "Om du redan har flyttat din e-post till Icedove, borde du radera
 all din Claws Mail-data för att ta bort den här varningen."
+
 #: 
config/chroot_local-includes/usr/share/gnome-shell/extensions/shutdown-hel...@tails.boum.org/extension.js:71
 msgid "Restart"
 msgstr "Starta om"

___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [translation/tor-launcher-network-settings_completed] Update translations for tor-launcher-network-settings_completed

2016-05-05 Thread translation 
commit add148fc2cf7226c0cb5ea9cc8db2ca316c08ec5
Author: Translation commit bot 
Date:   Thu May 5 12:45:46 2016 +

Update translations for tor-launcher-network-settings_completed
---
 sv/network-settings.dtd | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/sv/network-settings.dtd b/sv/network-settings.dtd
index 31b3ac3..aab93e0 100644
--- a/sv/network-settings.dtd
+++ b/sv/network-settings.dtd
@@ -65,7 +65,7 @@
 
 
 
-
+
 
 https://bridges.torproject.org;>
 

___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [translation/tails-misc] Update translations for tails-misc

2016-05-05 Thread translation 
commit 449a5a51d766d1ce68743eb775f8fcefd6bb77d5
Author: Translation commit bot 
Date:   Thu May 5 12:45:49 2016 +

Update translations for tails-misc
---
 sv.po | 9 +
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/sv.po b/sv.po
index a9c2aef..fba8b46 100644
--- a/sv.po
+++ b/sv.po
@@ -3,7 +3,8 @@
 # This file is distributed under the same license as the PACKAGE package.
 # 
 # Translators:
-# Anders Nilsson , 2015
+# Anders Nilsson , 2016
+# Anders Nilsson , 2015
 # Emil Johansson , 2015
 # Filip Nyquist , 2015
 # Gabor Sebastiani, 2014
@@ -19,8 +20,8 @@ msgstr ""
 "Project-Id-Version: The Tor Project\n"
 "Report-Msgid-Bugs-To: \n"
 "POT-Creation-Date: 2016-04-25 14:02+0200\n"
-"PO-Revision-Date: 2016-04-26 09:06+\n"
-"Last-Translator: carolyn \n"
+"PO-Revision-Date: 2016-05-05 12:15+\n"
+"Last-Translator: Anders Nilsson \n"
 "Language-Team: Swedish 
(http://www.transifex.com/otf/torproject/language/sv/)\n"
 "MIME-Version: 1.0\n"
 "Content-Type: text/plain; charset=UTF-8\n"
@@ -253,7 +254,7 @@ msgid ""
 "If you already migrated your emails to Icedove, you should delete"
 " all your Claws Mail data to remove this warning."
-msgstr ""
+msgstr "Om du redan har flyttat din e-post till Icedove, borde du radera
 all din Claws Mail-data för att ta bort den här varningen."
 
 #: 
config/chroot_local-includes/usr/share/gnome-shell/extensions/shutdown-hel...@tails.boum.org/extension.js:71
 msgid "Restart"

___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [translation/tails-persistence-setup] Update translations for tails-persistence-setup

2016-05-05 Thread translation 
commit 2bace857df8e8d576fc2e102a78368cd51c4eca3
Author: Translation commit bot 
Date:   Thu May 5 12:45:23 2016 +

Update translations for tails-persistence-setup
---
 sv/sv.po | 11 ++-
 1 file changed, 6 insertions(+), 5 deletions(-)

diff --git a/sv/sv.po b/sv/sv.po
index 38bffc6..c0e31b4 100644
--- a/sv/sv.po
+++ b/sv/sv.po
@@ -3,7 +3,8 @@
 # This file is distributed under the same license as the PACKAGE package.
 # 
 # Translators:
-# Anders Nilsson , 2015
+# Anders Nilsson , 2016
+# Anders Nilsson , 2015
 # Filip Nyquist , 2015
 # Michael Cavén, 2014
 # phst , 2014
@@ -15,8 +16,8 @@ msgstr ""
 "Project-Id-Version: The Tor Project\n"
 "Report-Msgid-Bugs-To: Tails developers \n"
 "POT-Creation-Date: 2016-04-24 16:40+0200\n"
-"PO-Revision-Date: 2016-04-25 08:33+\n"
-"Last-Translator: carolyn \n"
+"PO-Revision-Date: 2016-05-05 12:18+\n"
+"Last-Translator: Anders Nilsson \n"
 "Language-Team: Swedish 
(http://www.transifex.com/otf/torproject/language/sv/)\n"
 "MIME-Version: 1.0\n"
 "Content-Type: text/plain; charset=UTF-8\n"
@@ -122,11 +123,11 @@ msgstr "Listor hämtade av APT"
 
 #: ../lib/Tails/Persistence/Configuration/Presets.pm:168
 msgid "Mumble server"
-msgstr ""
+msgstr "Mumble-server"
 
 #: ../lib/Tails/Persistence/Configuration/Presets.pm:170
 msgid "Mumble server configuration and its Tor Hidden Service address"
-msgstr ""
+msgstr "Mumble-serverkonfiguration och dess Tor Hidden Service-adress"
 
 #: ../lib/Tails/Persistence/Configuration/Presets.pm:178
 msgid "Dotfiles"

___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/maint-0.2.8] Comment-only change to clarify routerstatus_t IPv4 byte order

2016-05-05 Thread nickm 
commit 225448ad34a75b6eea9ab17e306e67578ce86760
Author: teor (Tim Wilson-Brown) 
Date:   Fri Apr 29 11:03:59 2016 +1000

Comment-only change to clarify routerstatus_t IPv4 byte order
---
 src/or/or.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/or/or.h b/src/or/or.h
index 592f295..6694bb4 100644
--- a/src/or/or.h
+++ b/src/or/or.h
@@ -2215,7 +2215,7 @@ typedef struct routerstatus_t {
   /** Digest of the router's most recent descriptor or microdescriptor.
* If it's a descriptor, we only use the first DIGEST_LEN bytes. */
   char descriptor_digest[DIGEST256_LEN];
-  uint32_t addr; /**< IPv4 address for this router. */
+  uint32_t addr; /**< IPv4 address for this router, in host order. */
   uint16_t or_port; /**< OR port for this router. */
   uint16_t dir_port; /**< Directory port for this router. */
   tor_addr_t ipv6_addr; /**< IPv6 address for this router. */



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/master] Make clients always use begindir for directory requests

2016-05-05 Thread nickm 
commit 833b5f71a72394c02ef633ba0f78d7011fef6181
Author: teor (Tim Wilson-Brown) 
Date:   Thu Apr 28 15:37:59 2016 +1000

Make clients always use begindir for directory requests

This improves client anonymity and avoids directory header tampering.
The extra load on the authorities should be offset by the fallback
directories feature.

This also simplifies the fixes to #18809.
---
 changes/feature18483 |  4 
 src/or/directory.c   | 61 +---
 src/or/directory.h   |  6 --
 3 files changed, 61 insertions(+), 10 deletions(-)

diff --git a/changes/feature18483 b/changes/feature18483
new file mode 100644
index 000..b3c42e6
--- /dev/null
+++ b/changes/feature18483
@@ -0,0 +1,4 @@
+  o Minor features (clients):
+- Make clients, onion services, and bridge relays always
+  use an encrypted begindir connection for directory requests.
+  Resolves #18483. Patch by "teor".
diff --git a/src/or/directory.c b/src/or/directory.c
index ca3b3e3..a03283e 100644
--- a/src/or/directory.c
+++ b/src/or/directory.c
@@ -964,6 +964,16 @@ connection_dir_download_cert_failed(dir_connection_t 
*conn, int status)
   update_certificate_downloads(time(NULL));
 }
 
+/* Should this tor instance only use begindir for all its directory requests?
+ */
+int
+directory_must_use_begindir(const or_options_t *options)
+{
+  /* Clients, onion services, and bridges must use begindir,
+   * relays and authorities do not have to */
+  return !public_server_mode(options);
+}
+
 /** Evaluate the situation and decide if we should use an encrypted
  * "begindir-style" connection for this directory request.
  * 1) If or_port is 0, or it's a direct conn and or_port is firewalled
@@ -971,23 +981,48 @@ connection_dir_download_cert_failed(dir_connection_t 
*conn, int status)
  * 2) If we prefer to avoid begindir conns, and we're not fetching or
  *publishing a bridge relay descriptor, no.
  * 3) Else yes.
+ * If returning 0, return in *reason why we can't use begindir.
+ * reason must not be NULL.
  */
 static int
 directory_command_should_use_begindir(const or_options_t *options,
   const tor_addr_t *addr,
   int or_port, uint8_t router_purpose,
-  dir_indirection_t indirection)
+  dir_indirection_t indirection,
+  const char **reason)
 {
   (void) router_purpose;
-  if (!or_port)
+  tor_assert(reason);
+  *reason = NULL;
+
+  /* Reasons why we can't possibly use begindir */
+  if (!or_port) {
+*reason = "directory with unknown ORPort";
 return 0; /* We don't know an ORPort -- no chance. */
-  if (indirection == DIRIND_DIRECT_CONN || indirection == DIRIND_ANON_DIRPORT)
+  }
+  if (indirection == DIRIND_DIRECT_CONN ||
+  indirection == DIRIND_ANON_DIRPORT) {
+*reason = "DirPort connection";
 return 0;
-  if (indirection == DIRIND_ONEHOP)
+  }
+  if (indirection == DIRIND_ONEHOP) {
+/* We're firewalled and want a direct OR connection */
 if (!fascist_firewall_allows_address_addr(addr, or_port,
-  FIREWALL_OR_CONNECTION, 0, 0) ||
-directory_fetches_from_authorities(options))
-  return 0; /* We're firewalled or are acting like a relay -- also no. */
+  FIREWALL_OR_CONNECTION, 0, 0)) {
+  *reason = "ORPort not reachable";
+  return 0;
+}
+  }
+  /* Reasons why we want to avoid using begindir */
+  if (indirection == DIRIND_ONEHOP) {
+if (!directory_must_use_begindir(options)) {
+  *reason = "in relay mode";
+  return 0;
+}
+  }
+  /* DIRIND_ONEHOP on a client, or DIRIND_ANONYMOUS
+   */
+  *reason = "(using begindir)";
   return 1;
 }
 
@@ -1070,11 +1105,13 @@ directory_initiate_command_rend(const tor_addr_port_t 
*or_addr_port,
   dir_connection_t *conn;
   const or_options_t *options = get_options();
   int socket_error = 0;
+  const char *begindir_reason = NULL;
   /* Should the connection be to a relay's OR port (and inside that we will
* send our directory request)? */
   const int use_begindir = directory_command_should_use_begindir(options,
  _addr_port->addr, or_addr_port->port,
- router_purpose, indirection);
+ router_purpose, indirection,
+ _reason);
   /* Will the connection go via a three-hop Tor circuit? Note that this
* is separate from whether it will use_begindir. */
   const int anonymized_connection = dirind_is_anon(indirection);
@@ -1100,6 +1137,14 @@ directory_initiate_command_rend(const tor_addr_port_t 
*or_addr_port,
   (void)is_sensitive_dir_purpose;
 #endif
 
+  /* use encrypted begindir connections for everything except relays
+   * this

[tor-commits] [tor/master] Merge branch 'maint-0.2.8'

2016-05-05 Thread nickm 
commit 641cdc345c7a0e8123cee9a7b3864b63ba389afa
Merge: 2da2718 03fc4cf
Author: Nick Mathewson 
Date:   Thu May 5 08:25:27 2016 -0400

Merge branch 'maint-0.2.8'

 changes/bug18929 |  5 
 changes/feature18483 |  4 
 src/or/directory.c   | 67 
 src/or/directory.h   |  6 +++--
 src/or/or.h  |  2 +-
 src/or/routerlist.c  | 40 ++-
 6 files changed, 89 insertions(+), 35 deletions(-)

___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/maint-0.2.8] Refactor router_pick_directory_server_impl to use node functions

2016-05-05 Thread nickm 
commit 03fc4cf04caf240fa4e285c3b483c60587456e9b
Author: teor (Tim Wilson-Brown) 
Date:   Sat Apr 30 11:00:50 2016 +1000

Refactor router_pick_directory_server_impl to use node functions

No behavioural change

This makes the use of the node explicit in the function, rather
than hiding the node lookup in fascist_firewall_allows_rs.
---
 src/or/routerlist.c | 8 
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/src/or/routerlist.c b/src/or/routerlist.c
index 13739a7..1c275a6 100644
--- a/src/or/routerlist.c
+++ b/src/or/routerlist.c
@@ -1740,13 +1740,13 @@ router_pick_directory_server_impl(dirinfo_type_t type, 
int flags,
  * we try routers that only have one address both times.)
  */
 if (!fascistfirewall || skip_or_fw ||
-fascist_firewall_allows_rs(status, FIREWALL_OR_CONNECTION,
-   try_ip_pref))
+fascist_firewall_allows_node(node, FIREWALL_OR_CONNECTION,
+ try_ip_pref))
   smartlist_add(is_trusted ? trusted_tunnel :
 is_overloaded ? overloaded_tunnel : tunnel, (void*)node);
 else if (!must_have_or && (skip_dir_fw ||
- fascist_firewall_allows_rs(status, FIREWALL_DIR_CONNECTION,
-try_ip_pref)))
+ fascist_firewall_allows_node(node, FIREWALL_DIR_CONNECTION,
+  try_ip_pref)))
   smartlist_add(is_trusted ? trusted_direct :
 is_overloaded ? overloaded_direct : direct, (void*)node);
   } SMARTLIST_FOREACH_END(node);

___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/master] Refactor router_pick_directory_server_impl to use node functions

2016-05-05 Thread nickm 
commit 03fc4cf04caf240fa4e285c3b483c60587456e9b
Author: teor (Tim Wilson-Brown) 
Date:   Sat Apr 30 11:00:50 2016 +1000

Refactor router_pick_directory_server_impl to use node functions

No behavioural change

This makes the use of the node explicit in the function, rather
than hiding the node lookup in fascist_firewall_allows_rs.
---
 src/or/routerlist.c | 8 
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/src/or/routerlist.c b/src/or/routerlist.c
index 13739a7..1c275a6 100644
--- a/src/or/routerlist.c
+++ b/src/or/routerlist.c
@@ -1740,13 +1740,13 @@ router_pick_directory_server_impl(dirinfo_type_t type, 
int flags,
  * we try routers that only have one address both times.)
  */
 if (!fascistfirewall || skip_or_fw ||
-fascist_firewall_allows_rs(status, FIREWALL_OR_CONNECTION,
-   try_ip_pref))
+fascist_firewall_allows_node(node, FIREWALL_OR_CONNECTION,
+ try_ip_pref))
   smartlist_add(is_trusted ? trusted_tunnel :
 is_overloaded ? overloaded_tunnel : tunnel, (void*)node);
 else if (!must_have_or && (skip_dir_fw ||
- fascist_firewall_allows_rs(status, FIREWALL_DIR_CONNECTION,
-try_ip_pref)))
+ fascist_firewall_allows_node(node, FIREWALL_DIR_CONNECTION,
+  try_ip_pref)))
   smartlist_add(is_trusted ? trusted_direct :
 is_overloaded ? overloaded_direct : direct, (void*)node);
   } SMARTLIST_FOREACH_END(node);



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/master] Rename skip_or and skip_dir to avoid confusion

2016-05-05 Thread nickm 
commit 7ec273bd4a3c82d9bddc9aef373b4f99396198c9
Author: teor (Tim Wilson-Brown) 
Date:   Thu Apr 28 15:44:31 2016 +1000

Rename skip_or and skip_dir to avoid confusion

Variable rename only
---
 src/or/routerlist.c | 16 
 1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/src/or/routerlist.c b/src/or/routerlist.c
index 97512d7..13739a7 100644
--- a/src/or/routerlist.c
+++ b/src/or/routerlist.c
@@ -1685,8 +1685,8 @@ router_pick_directory_server_impl(dirinfo_type_t type, 
int flags,
   overloaded_direct = smartlist_new();
   overloaded_tunnel = smartlist_new();
 
-  const int skip_or = router_skip_or_reachability(options, try_ip_pref);
-  const int skip_dir = router_skip_dir_reachability(options, try_ip_pref);
+  const int skip_or_fw = router_skip_or_reachability(options, try_ip_pref);
+  const int skip_dir_fw = router_skip_dir_reachability(options, try_ip_pref);
   const int must_have_or = directory_must_use_begindir(options);
 
   /* Find all the running dirservers we know about. */
@@ -1739,12 +1739,12 @@ router_pick_directory_server_impl(dirinfo_type_t type, 
int flags,
  * address for each router (if any). (To ensure correct load-balancing
  * we try routers that only have one address both times.)
  */
-if (!fascistfirewall || skip_or ||
+if (!fascistfirewall || skip_or_fw ||
 fascist_firewall_allows_rs(status, FIREWALL_OR_CONNECTION,
try_ip_pref))
   smartlist_add(is_trusted ? trusted_tunnel :
 is_overloaded ? overloaded_tunnel : tunnel, (void*)node);
-else if (!must_have_or && (skip_dir ||
+else if (!must_have_or && (skip_dir_fw ||
  fascist_firewall_allows_rs(status, FIREWALL_DIR_CONNECTION,
 try_ip_pref)))
   smartlist_add(is_trusted ? trusted_direct :
@@ -1848,8 +1848,8 @@ router_pick_trusteddirserver_impl(const smartlist_t 
*sourcelist,
   overloaded_direct = smartlist_new();
   overloaded_tunnel = smartlist_new();
 
-  const int skip_or = router_skip_or_reachability(options, try_ip_pref);
-  const int skip_dir = router_skip_dir_reachability(options, try_ip_pref);
+  const int skip_or_fw = router_skip_or_reachability(options, try_ip_pref);
+  const int skip_dir_fw = router_skip_dir_reachability(options, try_ip_pref);
   const int must_have_or = directory_must_use_begindir(options);
 
   SMARTLIST_FOREACH_BEGIN(sourcelist, const dir_server_t *, d)
@@ -1886,11 +1886,11 @@ router_pick_trusteddirserver_impl(const smartlist_t 
*sourcelist,
* address for each router (if any). (To ensure correct load-balancing
* we try routers that only have one address both times.)
*/
-  if (!fascistfirewall || skip_or ||
+  if (!fascistfirewall || skip_or_fw ||
   fascist_firewall_allows_dir_server(d, FIREWALL_OR_CONNECTION,
  try_ip_pref))
 smartlist_add(is_overloaded ? overloaded_tunnel : tunnel, (void*)d);
-  else if (!must_have_or && (skip_dir ||
+  else if (!must_have_or && (skip_dir_fw ||
fascist_firewall_allows_dir_server(d, FIREWALL_DIR_CONNECTION,
   try_ip_pref)))
 smartlist_add(is_overloaded ? overloaded_direct : direct, (void*)d);



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/master] Comment-only change to clarify routerstatus_t IPv4 byte order

2016-05-05 Thread nickm 
commit 225448ad34a75b6eea9ab17e306e67578ce86760
Author: teor (Tim Wilson-Brown) 
Date:   Fri Apr 29 11:03:59 2016 +1000

Comment-only change to clarify routerstatus_t IPv4 byte order
---
 src/or/or.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/or/or.h b/src/or/or.h
index 592f295..6694bb4 100644
--- a/src/or/or.h
+++ b/src/or/or.h
@@ -2215,7 +2215,7 @@ typedef struct routerstatus_t {
   /** Digest of the router's most recent descriptor or microdescriptor.
* If it's a descriptor, we only use the first DIGEST_LEN bytes. */
   char descriptor_digest[DIGEST256_LEN];
-  uint32_t addr; /**< IPv4 address for this router. */
+  uint32_t addr; /**< IPv4 address for this router, in host order. */
   uint16_t or_port; /**< OR port for this router. */
   uint16_t dir_port; /**< Directory port for this router. */
   tor_addr_t ipv6_addr; /**< IPv6 address for this router. */



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/master] Make clients only select directories with reachable ORPorts

2016-05-05 Thread nickm 
commit 88deb52d559fbec17be4a634137ac4b6c207ce06
Author: teor (Tim Wilson-Brown) 
Date:   Thu Apr 28 15:40:04 2016 +1000

Make clients only select directories with reachable ORPorts

This makes sure clients will only select relays which support
begindir over ORPort.
---
 src/or/routerlist.c | 10 ++
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/src/or/routerlist.c b/src/or/routerlist.c
index 3c9023e..6a293b7 100644
--- a/src/or/routerlist.c
+++ b/src/or/routerlist.c
@@ -1689,6 +1689,7 @@ router_pick_directory_server_impl(dirinfo_type_t type, 
int flags,
 
   const int skip_or = router_skip_or_reachability(options, try_ip_pref);
   const int skip_dir = router_skip_dir_reachability(options, try_ip_pref);
+  const int must_have_or = directory_must_use_begindir(options);
 
   /* Find all the running dirservers we know about. */
   SMARTLIST_FOREACH_BEGIN(nodelist_get_list(), const node_t *, node) {
@@ -1745,9 +1746,9 @@ router_pick_directory_server_impl(dirinfo_type_t type, 
int flags,
try_ip_pref))
   smartlist_add(is_trusted ? trusted_tunnel :
 is_overloaded ? overloaded_tunnel : tunnel, (void*)node);
-else if (skip_dir ||
+else if (!must_have_or && (skip_dir ||
  fascist_firewall_allows_rs(status, FIREWALL_DIR_CONNECTION,
-try_ip_pref))
+try_ip_pref)))
   smartlist_add(is_trusted ? trusted_direct :
 is_overloaded ? overloaded_direct : direct, (void*)node);
 else if (!tor_addr_is_null(>ipv6_addr))
@@ -1853,6 +1854,7 @@ router_pick_trusteddirserver_impl(const smartlist_t 
*sourcelist,
 
   const int skip_or = router_skip_or_reachability(options, try_ip_pref);
   const int skip_dir = router_skip_dir_reachability(options, try_ip_pref);
+  const int must_have_or = directory_must_use_begindir(options);
 
   SMARTLIST_FOREACH_BEGIN(sourcelist, const dir_server_t *, d)
 {
@@ -1892,9 +1894,9 @@ router_pick_trusteddirserver_impl(const smartlist_t 
*sourcelist,
   fascist_firewall_allows_dir_server(d, FIREWALL_OR_CONNECTION,
  try_ip_pref))
 smartlist_add(is_overloaded ? overloaded_tunnel : tunnel, (void*)d);
-  else if (skip_dir ||
+  else if (!must_have_or && (skip_dir ||
fascist_firewall_allows_dir_server(d, FIREWALL_DIR_CONNECTION,
-  try_ip_pref))
+  try_ip_pref)))
 smartlist_add(is_overloaded ? overloaded_direct : direct, (void*)d);
   else if (!tor_addr_is_null(>ipv6_addr))
 ++n_not_preferred;



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/master] Make directory node selection more reliable

2016-05-05 Thread nickm 
commit 2e5b35db81e867e782086e3d714fcc7882c9c171
Author: teor (Tim Wilson-Brown) 
Date:   Thu May 5 11:51:37 2016 +1000

Make directory node selection more reliable

Delete an unnecessary check for non-preferred IP versions.

Allows clients which can't reach any directories of their
preferred IP address version to get directory documents.

Patch on #17840 in 0.2.8.1-alpha.
---
 changes/bug18929|  5 +
 src/or/routerlist.c | 12 +++-
 2 files changed, 8 insertions(+), 9 deletions(-)

diff --git a/changes/bug18929 b/changes/bug18929
new file mode 100644
index 000..f79baca
--- /dev/null
+++ b/changes/bug18929
@@ -0,0 +1,5 @@
+  o Minor bugfixes (IPv6):
+- Make directory node selection more reliable, mainly for
+  IPv6-only clients and clients with few reachable addresses.
+  Resolves #18929, bugfix on #17840 in 0.2.8.1-alpha.
+  Patch by "teor".
diff --git a/src/or/routerlist.c b/src/or/routerlist.c
index 3c9023e..2167ae2 100644
--- a/src/or/routerlist.c
+++ b/src/or/routerlist.c
@@ -1597,11 +1597,10 @@ router_picked_poor_directory_log(const routerstatus_t 
*rs)
   STMT_BEGIN  \
 if (result == NULL && try_ip_pref && options->ClientUseIPv4   \
 && fascist_firewall_use_ipv6(options) && !server_mode(options)\
-&& n_not_preferred && !n_busy) {  \
+&& !n_busy) { \
   n_excluded = 0; \
   n_busy = 0; \
   try_ip_pref = 0;\
-  n_not_preferred = 0;\
   goto retry_label;   \
 } \
   STMT_END\
@@ -1620,7 +1619,6 @@ router_picked_poor_directory_log(const routerstatus_t *rs)
   n_excluded = 0; \
   n_busy = 0; \
   try_ip_pref = 1;\
-  n_not_preferred = 0;\
   goto retry_label;   \
 } \
   STMT_END
@@ -1673,7 +1671,7 @@ router_pick_directory_server_impl(dirinfo_type_t type, 
int flags,
   const int no_microdesc_fetching = (flags & PDS_NO_EXISTING_MICRODESC_FETCH);
   const int for_guard = (flags & PDS_FOR_GUARD);
   int try_excluding = 1, n_excluded = 0, n_busy = 0;
-  int try_ip_pref = 1, n_not_preferred = 0;
+  int try_ip_pref = 1;
 
   if (!consensus)
 return NULL;
@@ -1750,8 +1748,6 @@ router_pick_directory_server_impl(dirinfo_type_t type, 
int flags,
 try_ip_pref))
   smartlist_add(is_trusted ? trusted_direct :
 is_overloaded ? overloaded_direct : direct, (void*)node);
-else if (!tor_addr_is_null(>ipv6_addr))
-  ++n_not_preferred;
   } SMARTLIST_FOREACH_END(node);
 
   if (smartlist_len(tunnel)) {
@@ -1839,7 +1835,7 @@ router_pick_trusteddirserver_impl(const smartlist_t 
*sourcelist,
   smartlist_t *pick_from;
   int n_busy = 0;
   int try_excluding = 1, n_excluded = 0;
-  int try_ip_pref = 1, n_not_preferred = 0;
+  int try_ip_pref = 1;
 
   if (!sourcelist)
 return NULL;
@@ -1896,8 +1892,6 @@ router_pick_trusteddirserver_impl(const smartlist_t 
*sourcelist,
fascist_firewall_allows_dir_server(d, FIREWALL_DIR_CONNECTION,
   try_ip_pref))
 smartlist_add(is_overloaded ? overloaded_direct : direct, (void*)d);
-  else if (!tor_addr_is_null(>ipv6_addr))
-++n_not_preferred;
 }
   SMARTLIST_FOREACH_END(d);
 



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/master] Only choose directory DirPorts on relays

2016-05-05 Thread nickm 
commit 9aa280cc0c105bc282c3c1c0dee385387251ab12
Author: teor (Tim Wilson-Brown) 
Date:   Thu Apr 28 16:07:47 2016 +1000

Only choose directory DirPorts on relays
---
 src/or/directory.c | 6 --
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/src/or/directory.c b/src/or/directory.c
index a03283e..8dc018a 100644
--- a/src/or/directory.c
+++ b/src/or/directory.c
@@ -630,6 +630,7 @@ directory_choose_address_routerstatus(const routerstatus_t 
*status,
   tor_assert(use_or_ap != NULL);
   tor_assert(use_dir_ap != NULL);
 
+  const or_options_t *options = get_options();
   int have_or = 0, have_dir = 0;
 
   /* We expect status to have at least one reachable address if we're
@@ -671,10 +672,11 @@ directory_choose_address_routerstatus(const 
routerstatus_t *status,
   }
 
   /* DirPort connections
-   * DIRIND_ONEHOP uses ORPort, but may fall back to the DirPort */
+   * DIRIND_ONEHOP uses ORPort, but may fall back to the DirPort on relays */
   if (indirection == DIRIND_DIRECT_CONN ||
   indirection == DIRIND_ANON_DIRPORT ||
-  indirection == DIRIND_ONEHOP) {
+  (indirection == DIRIND_ONEHOP
+   && !directory_must_use_begindir(options))) {
 have_dir = fascist_firewall_choose_address_rs(status,
   FIREWALL_DIR_CONNECTION, 0,
   use_dir_ap);



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/master] Merge branch 'feature18483-028-v2-squashed' into maint-0.2.8

2016-05-05 Thread nickm 
commit 68d913c49c7aff441fc6671406aee5137f36f620
Merge: 2e5b35d 9aa280c
Author: Nick Mathewson 
Date:   Thu May 5 08:16:36 2016 -0400

Merge branch 'feature18483-028-v2-squashed' into maint-0.2.8

 changes/feature18483 |  4 
 src/or/directory.c   | 67 
 src/or/directory.h   |  6 +++--
 src/or/routerlist.c  | 10 
 4 files changed, 71 insertions(+), 16 deletions(-)

diff --cc src/or/routerlist.c
index 2167ae2,6a293b7..97512d7
--- a/src/or/routerlist.c
+++ b/src/or/routerlist.c
@@@ -1743,11 -1746,13 +1744,11 @@@ router_pick_directory_server_impl(dirin
 try_ip_pref))
smartlist_add(is_trusted ? trusted_tunnel :
  is_overloaded ? overloaded_tunnel : tunnel, (void*)node);
- else if (skip_dir ||
+ else if (!must_have_or && (skip_dir ||
   fascist_firewall_allows_rs(status, FIREWALL_DIR_CONNECTION,
- try_ip_pref))
+ try_ip_pref)))
smartlist_add(is_trusted ? trusted_direct :
  is_overloaded ? overloaded_direct : direct, (void*)node);
 -else if (!tor_addr_is_null(>ipv6_addr))
 -  ++n_not_preferred;
} SMARTLIST_FOREACH_END(node);
  
if (smartlist_len(tunnel)) {
@@@ -1888,10 -1894,12 +1890,10 @@@ router_pick_trusteddirserver_impl(cons
fascist_firewall_allows_dir_server(d, FIREWALL_OR_CONNECTION,
   try_ip_pref))
  smartlist_add(is_overloaded ? overloaded_tunnel : tunnel, (void*)d);
-   else if (skip_dir ||
+   else if (!must_have_or && (skip_dir ||
 fascist_firewall_allows_dir_server(d, FIREWALL_DIR_CONNECTION,
-   try_ip_pref))
+   try_ip_pref)))
  smartlist_add(is_overloaded ? overloaded_direct : direct, (void*)d);
 -  else if (!tor_addr_is_null(>ipv6_addr))
 -++n_not_preferred;
  }
SMARTLIST_FOREACH_END(d);
  



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/maint-0.2.8] Make clients only select directories with reachable ORPorts

2016-05-05 Thread nickm 
commit 88deb52d559fbec17be4a634137ac4b6c207ce06
Author: teor (Tim Wilson-Brown) 
Date:   Thu Apr 28 15:40:04 2016 +1000

Make clients only select directories with reachable ORPorts

This makes sure clients will only select relays which support
begindir over ORPort.
---
 src/or/routerlist.c | 10 ++
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/src/or/routerlist.c b/src/or/routerlist.c
index 3c9023e..6a293b7 100644
--- a/src/or/routerlist.c
+++ b/src/or/routerlist.c
@@ -1689,6 +1689,7 @@ router_pick_directory_server_impl(dirinfo_type_t type, 
int flags,
 
   const int skip_or = router_skip_or_reachability(options, try_ip_pref);
   const int skip_dir = router_skip_dir_reachability(options, try_ip_pref);
+  const int must_have_or = directory_must_use_begindir(options);
 
   /* Find all the running dirservers we know about. */
   SMARTLIST_FOREACH_BEGIN(nodelist_get_list(), const node_t *, node) {
@@ -1745,9 +1746,9 @@ router_pick_directory_server_impl(dirinfo_type_t type, 
int flags,
try_ip_pref))
   smartlist_add(is_trusted ? trusted_tunnel :
 is_overloaded ? overloaded_tunnel : tunnel, (void*)node);
-else if (skip_dir ||
+else if (!must_have_or && (skip_dir ||
  fascist_firewall_allows_rs(status, FIREWALL_DIR_CONNECTION,
-try_ip_pref))
+try_ip_pref)))
   smartlist_add(is_trusted ? trusted_direct :
 is_overloaded ? overloaded_direct : direct, (void*)node);
 else if (!tor_addr_is_null(>ipv6_addr))
@@ -1853,6 +1854,7 @@ router_pick_trusteddirserver_impl(const smartlist_t 
*sourcelist,
 
   const int skip_or = router_skip_or_reachability(options, try_ip_pref);
   const int skip_dir = router_skip_dir_reachability(options, try_ip_pref);
+  const int must_have_or = directory_must_use_begindir(options);
 
   SMARTLIST_FOREACH_BEGIN(sourcelist, const dir_server_t *, d)
 {
@@ -1892,9 +1894,9 @@ router_pick_trusteddirserver_impl(const smartlist_t 
*sourcelist,
   fascist_firewall_allows_dir_server(d, FIREWALL_OR_CONNECTION,
  try_ip_pref))
 smartlist_add(is_overloaded ? overloaded_tunnel : tunnel, (void*)d);
-  else if (skip_dir ||
+  else if (!must_have_or && (skip_dir ||
fascist_firewall_allows_dir_server(d, FIREWALL_DIR_CONNECTION,
-  try_ip_pref))
+  try_ip_pref)))
 smartlist_add(is_overloaded ? overloaded_direct : direct, (void*)d);
   else if (!tor_addr_is_null(>ipv6_addr))
 ++n_not_preferred;



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/maint-0.2.8] Make clients always use begindir for directory requests

2016-05-05 Thread nickm 
commit 833b5f71a72394c02ef633ba0f78d7011fef6181
Author: teor (Tim Wilson-Brown) 
Date:   Thu Apr 28 15:37:59 2016 +1000

Make clients always use begindir for directory requests

This improves client anonymity and avoids directory header tampering.
The extra load on the authorities should be offset by the fallback
directories feature.

This also simplifies the fixes to #18809.
---
 changes/feature18483 |  4 
 src/or/directory.c   | 61 +---
 src/or/directory.h   |  6 --
 3 files changed, 61 insertions(+), 10 deletions(-)

diff --git a/changes/feature18483 b/changes/feature18483
new file mode 100644
index 000..b3c42e6
--- /dev/null
+++ b/changes/feature18483
@@ -0,0 +1,4 @@
+  o Minor features (clients):
+- Make clients, onion services, and bridge relays always
+  use an encrypted begindir connection for directory requests.
+  Resolves #18483. Patch by "teor".
diff --git a/src/or/directory.c b/src/or/directory.c
index ca3b3e3..a03283e 100644
--- a/src/or/directory.c
+++ b/src/or/directory.c
@@ -964,6 +964,16 @@ connection_dir_download_cert_failed(dir_connection_t 
*conn, int status)
   update_certificate_downloads(time(NULL));
 }
 
+/* Should this tor instance only use begindir for all its directory requests?
+ */
+int
+directory_must_use_begindir(const or_options_t *options)
+{
+  /* Clients, onion services, and bridges must use begindir,
+   * relays and authorities do not have to */
+  return !public_server_mode(options);
+}
+
 /** Evaluate the situation and decide if we should use an encrypted
  * "begindir-style" connection for this directory request.
  * 1) If or_port is 0, or it's a direct conn and or_port is firewalled
@@ -971,23 +981,48 @@ connection_dir_download_cert_failed(dir_connection_t 
*conn, int status)
  * 2) If we prefer to avoid begindir conns, and we're not fetching or
  *publishing a bridge relay descriptor, no.
  * 3) Else yes.
+ * If returning 0, return in *reason why we can't use begindir.
+ * reason must not be NULL.
  */
 static int
 directory_command_should_use_begindir(const or_options_t *options,
   const tor_addr_t *addr,
   int or_port, uint8_t router_purpose,
-  dir_indirection_t indirection)
+  dir_indirection_t indirection,
+  const char **reason)
 {
   (void) router_purpose;
-  if (!or_port)
+  tor_assert(reason);
+  *reason = NULL;
+
+  /* Reasons why we can't possibly use begindir */
+  if (!or_port) {
+*reason = "directory with unknown ORPort";
 return 0; /* We don't know an ORPort -- no chance. */
-  if (indirection == DIRIND_DIRECT_CONN || indirection == DIRIND_ANON_DIRPORT)
+  }
+  if (indirection == DIRIND_DIRECT_CONN ||
+  indirection == DIRIND_ANON_DIRPORT) {
+*reason = "DirPort connection";
 return 0;
-  if (indirection == DIRIND_ONEHOP)
+  }
+  if (indirection == DIRIND_ONEHOP) {
+/* We're firewalled and want a direct OR connection */
 if (!fascist_firewall_allows_address_addr(addr, or_port,
-  FIREWALL_OR_CONNECTION, 0, 0) ||
-directory_fetches_from_authorities(options))
-  return 0; /* We're firewalled or are acting like a relay -- also no. */
+  FIREWALL_OR_CONNECTION, 0, 0)) {
+  *reason = "ORPort not reachable";
+  return 0;
+}
+  }
+  /* Reasons why we want to avoid using begindir */
+  if (indirection == DIRIND_ONEHOP) {
+if (!directory_must_use_begindir(options)) {
+  *reason = "in relay mode";
+  return 0;
+}
+  }
+  /* DIRIND_ONEHOP on a client, or DIRIND_ANONYMOUS
+   */
+  *reason = "(using begindir)";
   return 1;
 }
 
@@ -1070,11 +1105,13 @@ directory_initiate_command_rend(const tor_addr_port_t 
*or_addr_port,
   dir_connection_t *conn;
   const or_options_t *options = get_options();
   int socket_error = 0;
+  const char *begindir_reason = NULL;
   /* Should the connection be to a relay's OR port (and inside that we will
* send our directory request)? */
   const int use_begindir = directory_command_should_use_begindir(options,
  _addr_port->addr, or_addr_port->port,
- router_purpose, indirection);
+ router_purpose, indirection,
+ _reason);
   /* Will the connection go via a three-hop Tor circuit? Note that this
* is separate from whether it will use_begindir. */
   const int anonymized_connection = dirind_is_anon(indirection);
@@ -1100,6 +1137,14 @@ directory_initiate_command_rend(const tor_addr_port_t 
*or_addr_port,
   (void)is_sensitive_dir_purpose;
 #endif
 
+  /* use encrypted begindir connections for everything except relays
+   * this

[tor-commits] [tor/maint-0.2.8] Rename skip_or and skip_dir to avoid confusion

2016-05-05 Thread nickm 
commit 7ec273bd4a3c82d9bddc9aef373b4f99396198c9
Author: teor (Tim Wilson-Brown) 
Date:   Thu Apr 28 15:44:31 2016 +1000

Rename skip_or and skip_dir to avoid confusion

Variable rename only
---
 src/or/routerlist.c | 16 
 1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/src/or/routerlist.c b/src/or/routerlist.c
index 97512d7..13739a7 100644
--- a/src/or/routerlist.c
+++ b/src/or/routerlist.c
@@ -1685,8 +1685,8 @@ router_pick_directory_server_impl(dirinfo_type_t type, 
int flags,
   overloaded_direct = smartlist_new();
   overloaded_tunnel = smartlist_new();
 
-  const int skip_or = router_skip_or_reachability(options, try_ip_pref);
-  const int skip_dir = router_skip_dir_reachability(options, try_ip_pref);
+  const int skip_or_fw = router_skip_or_reachability(options, try_ip_pref);
+  const int skip_dir_fw = router_skip_dir_reachability(options, try_ip_pref);
   const int must_have_or = directory_must_use_begindir(options);
 
   /* Find all the running dirservers we know about. */
@@ -1739,12 +1739,12 @@ router_pick_directory_server_impl(dirinfo_type_t type, 
int flags,
  * address for each router (if any). (To ensure correct load-balancing
  * we try routers that only have one address both times.)
  */
-if (!fascistfirewall || skip_or ||
+if (!fascistfirewall || skip_or_fw ||
 fascist_firewall_allows_rs(status, FIREWALL_OR_CONNECTION,
try_ip_pref))
   smartlist_add(is_trusted ? trusted_tunnel :
 is_overloaded ? overloaded_tunnel : tunnel, (void*)node);
-else if (!must_have_or && (skip_dir ||
+else if (!must_have_or && (skip_dir_fw ||
  fascist_firewall_allows_rs(status, FIREWALL_DIR_CONNECTION,
 try_ip_pref)))
   smartlist_add(is_trusted ? trusted_direct :
@@ -1848,8 +1848,8 @@ router_pick_trusteddirserver_impl(const smartlist_t 
*sourcelist,
   overloaded_direct = smartlist_new();
   overloaded_tunnel = smartlist_new();
 
-  const int skip_or = router_skip_or_reachability(options, try_ip_pref);
-  const int skip_dir = router_skip_dir_reachability(options, try_ip_pref);
+  const int skip_or_fw = router_skip_or_reachability(options, try_ip_pref);
+  const int skip_dir_fw = router_skip_dir_reachability(options, try_ip_pref);
   const int must_have_or = directory_must_use_begindir(options);
 
   SMARTLIST_FOREACH_BEGIN(sourcelist, const dir_server_t *, d)
@@ -1886,11 +1886,11 @@ router_pick_trusteddirserver_impl(const smartlist_t 
*sourcelist,
* address for each router (if any). (To ensure correct load-balancing
* we try routers that only have one address both times.)
*/
-  if (!fascistfirewall || skip_or ||
+  if (!fascistfirewall || skip_or_fw ||
   fascist_firewall_allows_dir_server(d, FIREWALL_OR_CONNECTION,
  try_ip_pref))
 smartlist_add(is_overloaded ? overloaded_tunnel : tunnel, (void*)d);
-  else if (!must_have_or && (skip_dir ||
+  else if (!must_have_or && (skip_dir_fw ||
fascist_firewall_allows_dir_server(d, FIREWALL_DIR_CONNECTION,
   try_ip_pref)))
 smartlist_add(is_overloaded ? overloaded_direct : direct, (void*)d);



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/maint-0.2.8] Only choose directory DirPorts on relays

2016-05-05 Thread nickm 
commit 9aa280cc0c105bc282c3c1c0dee385387251ab12
Author: teor (Tim Wilson-Brown) 
Date:   Thu Apr 28 16:07:47 2016 +1000

Only choose directory DirPorts on relays
---
 src/or/directory.c | 6 --
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/src/or/directory.c b/src/or/directory.c
index a03283e..8dc018a 100644
--- a/src/or/directory.c
+++ b/src/or/directory.c
@@ -630,6 +630,7 @@ directory_choose_address_routerstatus(const routerstatus_t 
*status,
   tor_assert(use_or_ap != NULL);
   tor_assert(use_dir_ap != NULL);
 
+  const or_options_t *options = get_options();
   int have_or = 0, have_dir = 0;
 
   /* We expect status to have at least one reachable address if we're
@@ -671,10 +672,11 @@ directory_choose_address_routerstatus(const 
routerstatus_t *status,
   }
 
   /* DirPort connections
-   * DIRIND_ONEHOP uses ORPort, but may fall back to the DirPort */
+   * DIRIND_ONEHOP uses ORPort, but may fall back to the DirPort on relays */
   if (indirection == DIRIND_DIRECT_CONN ||
   indirection == DIRIND_ANON_DIRPORT ||
-  indirection == DIRIND_ONEHOP) {
+  (indirection == DIRIND_ONEHOP
+   && !directory_must_use_begindir(options))) {
 have_dir = fascist_firewall_choose_address_rs(status,
   FIREWALL_DIR_CONNECTION, 0,
   use_dir_ap);



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/maint-0.2.8] Merge branch 'feature18483-028-v2-squashed' into maint-0.2.8

2016-05-05 Thread nickm 
commit 68d913c49c7aff441fc6671406aee5137f36f620
Merge: 2e5b35d 9aa280c
Author: Nick Mathewson 
Date:   Thu May 5 08:16:36 2016 -0400

Merge branch 'feature18483-028-v2-squashed' into maint-0.2.8

 changes/feature18483 |  4 
 src/or/directory.c   | 67 
 src/or/directory.h   |  6 +++--
 src/or/routerlist.c  | 10 
 4 files changed, 71 insertions(+), 16 deletions(-)

diff --cc src/or/routerlist.c
index 2167ae2,6a293b7..97512d7
--- a/src/or/routerlist.c
+++ b/src/or/routerlist.c
@@@ -1743,11 -1746,13 +1744,11 @@@ router_pick_directory_server_impl(dirin
 try_ip_pref))
smartlist_add(is_trusted ? trusted_tunnel :
  is_overloaded ? overloaded_tunnel : tunnel, (void*)node);
- else if (skip_dir ||
+ else if (!must_have_or && (skip_dir ||
   fascist_firewall_allows_rs(status, FIREWALL_DIR_CONNECTION,
- try_ip_pref))
+ try_ip_pref)))
smartlist_add(is_trusted ? trusted_direct :
  is_overloaded ? overloaded_direct : direct, (void*)node);
 -else if (!tor_addr_is_null(>ipv6_addr))
 -  ++n_not_preferred;
} SMARTLIST_FOREACH_END(node);
  
if (smartlist_len(tunnel)) {
@@@ -1888,10 -1894,12 +1890,10 @@@ router_pick_trusteddirserver_impl(cons
fascist_firewall_allows_dir_server(d, FIREWALL_OR_CONNECTION,
   try_ip_pref))
  smartlist_add(is_overloaded ? overloaded_tunnel : tunnel, (void*)d);
-   else if (skip_dir ||
+   else if (!must_have_or && (skip_dir ||
 fascist_firewall_allows_dir_server(d, FIREWALL_DIR_CONNECTION,
-   try_ip_pref))
+   try_ip_pref)))
  smartlist_add(is_overloaded ? overloaded_direct : direct, (void*)d);
 -  else if (!tor_addr_is_null(>ipv6_addr))
 -++n_not_preferred;
  }
SMARTLIST_FOREACH_END(d);
  



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/maint-0.2.8] Make directory node selection more reliable

2016-05-05 Thread nickm 
commit 2e5b35db81e867e782086e3d714fcc7882c9c171
Author: teor (Tim Wilson-Brown) 
Date:   Thu May 5 11:51:37 2016 +1000

Make directory node selection more reliable

Delete an unnecessary check for non-preferred IP versions.

Allows clients which can't reach any directories of their
preferred IP address version to get directory documents.

Patch on #17840 in 0.2.8.1-alpha.
---
 changes/bug18929|  5 +
 src/or/routerlist.c | 12 +++-
 2 files changed, 8 insertions(+), 9 deletions(-)

diff --git a/changes/bug18929 b/changes/bug18929
new file mode 100644
index 000..f79baca
--- /dev/null
+++ b/changes/bug18929
@@ -0,0 +1,5 @@
+  o Minor bugfixes (IPv6):
+- Make directory node selection more reliable, mainly for
+  IPv6-only clients and clients with few reachable addresses.
+  Resolves #18929, bugfix on #17840 in 0.2.8.1-alpha.
+  Patch by "teor".
diff --git a/src/or/routerlist.c b/src/or/routerlist.c
index 3c9023e..2167ae2 100644
--- a/src/or/routerlist.c
+++ b/src/or/routerlist.c
@@ -1597,11 +1597,10 @@ router_picked_poor_directory_log(const routerstatus_t 
*rs)
   STMT_BEGIN  \
 if (result == NULL && try_ip_pref && options->ClientUseIPv4   \
 && fascist_firewall_use_ipv6(options) && !server_mode(options)\
-&& n_not_preferred && !n_busy) {  \
+&& !n_busy) { \
   n_excluded = 0; \
   n_busy = 0; \
   try_ip_pref = 0;\
-  n_not_preferred = 0;\
   goto retry_label;   \
 } \
   STMT_END\
@@ -1620,7 +1619,6 @@ router_picked_poor_directory_log(const routerstatus_t *rs)
   n_excluded = 0; \
   n_busy = 0; \
   try_ip_pref = 1;\
-  n_not_preferred = 0;\
   goto retry_label;   \
 } \
   STMT_END
@@ -1673,7 +1671,7 @@ router_pick_directory_server_impl(dirinfo_type_t type, 
int flags,
   const int no_microdesc_fetching = (flags & PDS_NO_EXISTING_MICRODESC_FETCH);
   const int for_guard = (flags & PDS_FOR_GUARD);
   int try_excluding = 1, n_excluded = 0, n_busy = 0;
-  int try_ip_pref = 1, n_not_preferred = 0;
+  int try_ip_pref = 1;
 
   if (!consensus)
 return NULL;
@@ -1750,8 +1748,6 @@ router_pick_directory_server_impl(dirinfo_type_t type, 
int flags,
 try_ip_pref))
   smartlist_add(is_trusted ? trusted_direct :
 is_overloaded ? overloaded_direct : direct, (void*)node);
-else if (!tor_addr_is_null(>ipv6_addr))
-  ++n_not_preferred;
   } SMARTLIST_FOREACH_END(node);
 
   if (smartlist_len(tunnel)) {
@@ -1839,7 +1835,7 @@ router_pick_trusteddirserver_impl(const smartlist_t 
*sourcelist,
   smartlist_t *pick_from;
   int n_busy = 0;
   int try_excluding = 1, n_excluded = 0;
-  int try_ip_pref = 1, n_not_preferred = 0;
+  int try_ip_pref = 1;
 
   if (!sourcelist)
 return NULL;
@@ -1896,8 +1892,6 @@ router_pick_trusteddirserver_impl(const smartlist_t 
*sourcelist,
fascist_firewall_allows_dir_server(d, FIREWALL_DIR_CONNECTION,
   try_ip_pref))
 smartlist_add(is_overloaded ? overloaded_direct : direct, (void*)d);
-  else if (!tor_addr_is_null(>ipv6_addr))
-++n_not_preferred;
 }
   SMARTLIST_FOREACH_END(d);
 



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [translation/tor-launcher-properties] Update translations for tor-launcher-properties

2016-05-05 Thread translation 
commit 708921ad026b603b067c826dcd0dad5a08c88c01
Author: Translation commit bot 
Date:   Thu May 5 12:15:35 2016 +

Update translations for tor-launcher-properties
---
 sv/torlauncher.properties | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/sv/torlauncher.properties b/sv/torlauncher.properties
index a49b83f..3345deb 100644
--- a/sv/torlauncher.properties
+++ b/sv/torlauncher.properties
@@ -36,7 +36,7 @@ torlauncher.quit_win=Stäng
 torlauncher.done=Klar
 
 torlauncher.forAssistance=För assistans, kontakta %S
-torlauncher.forAssistance2=For assistance, visit %S
+torlauncher.forAssistance2=För hjälp, besök %S
 
 torlauncher.copiedNLogMessages=Kopieringen är färdig. %S meddelanden från 
Tor-loggen som du kan klistra in i en textredigerare eller ett e-postmeddelande.
 

___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [translation/tor-launcher-properties_completed] Update translations for tor-launcher-properties_completed

2016-05-05 Thread translation 
commit 57d3bb6aed1a744a2b90be8cbb24408459009379
Author: Translation commit bot 
Date:   Thu May 5 12:15:39 2016 +

Update translations for tor-launcher-properties_completed
---
 sv/torlauncher.properties | 1 +
 1 file changed, 1 insertion(+)

diff --git a/sv/torlauncher.properties b/sv/torlauncher.properties
index cb7b8f5..3345deb 100644
--- a/sv/torlauncher.properties
+++ b/sv/torlauncher.properties
@@ -36,6 +36,7 @@ torlauncher.quit_win=Stäng
 torlauncher.done=Klar
 
 torlauncher.forAssistance=För assistans, kontakta %S
+torlauncher.forAssistance2=För hjälp, besök %S
 
 torlauncher.copiedNLogMessages=Kopieringen är färdig. %S meddelanden från 
Tor-loggen som du kan klistra in i en textredigerare eller ett e-postmeddelande.
 

___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [translation/torbutton-torbuttonproperties] Update translations for torbutton-torbuttonproperties

2016-05-05 Thread translation 
commit d6170785c4dfc4ac3a72129c96fa1c6e62167e48
Author: Translation commit bot 
Date:   Thu May 5 09:45:53 2016 +

Update translations for torbutton-torbuttonproperties
---
 lo/torbutton.properties | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lo/torbutton.properties b/lo/torbutton.properties
index 48b154b..1a443ff 100644
--- a/lo/torbutton.properties
+++ b/lo/torbutton.properties
@@ -76,4 +76,4 @@ profileProblemTitle=ລາຍລະອຽດບັນຫາ %S
 profileReadOnly=ທ່ານບໍ່ສາມາດແລ່ນ %S 
ຈາກລະບົບຟາຍລ໌ອ່ານໄດ້ຢ່າງດຽວ.
 ກະລຸນາ ກ່າຍເອົາ %S 
ໄປໃສ່ບ່ອນອື່ນກ່ອນ 
ກ່ອນຈະພະຍາຍາມໃຊ້ມັນ.
 profileReadOnlyMac=ທ່ານບໍ່ສາມາດແລ່ນ %S 
ຈາກລະບົບຟາຍລ໌ອ່ານໄດ້ຢ່າງດຽວ.
 ກະລຸນາ ກ່າຍເອົາ %S ໄປໃສ່ 
ໜ້າຈໍຂອງທ່ານກ່ອນ ຫຼື 
ໃສ່ຕູ້ແອັບພຼີເຄຊັນ 
ກ່ອນຈະພະຍາຍາມໃຊ້ມັນ.
 profileAccessDenied=%S 
ບໍ່ມີອະນຸຍາດໃຫ້ເຂົ້າເຖິງລາຍລະອຽດນີ້ໄດ້.
 ກະລຸນາ ປັບ ລະດັບອະນຸຍາດ 
ຟາຍລ໌ ລະບົບກ່ອນ ແລ້ວຈຶ່ງ 
ລອງໃໝ່ອີກ.
-profileMigrationFailed=Migration of your existing %S profile failed.\nNew 
settings will be used.
+profileMigrationFailed=ການເຄື່ອນຍ້າຍລາຍລະອຽດ
 %S ຂອງ ທ່ານ ທີ່ມີຢູ່ 
ຖືກລົ້ມເຫຼວ.\nການຄັ້ງຄ່າໃໝ່ຈະຖຶກນໍາໃຊ້ແທນ.

___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits