[tor-commits] [torspec/master] dir-spec, rend-spec-v3: typos and simplifications
commit ae8d5de13ba64238bc24b841e6269af72b86460a Author: Filippo ValsordaDate: Fri Nov 17 15:22:17 2017 -0500 dir-spec, rend-spec-v3: typos and simplifications --- dir-spec.txt | 24 rend-spec-v3.txt | 2 +- 2 files changed, 13 insertions(+), 13 deletions(-) diff --git a/dir-spec.txt b/dir-spec.txt index 1c63b21..54e122f 100644 --- a/dir-spec.txt +++ b/dir-spec.txt @@ -285,11 +285,13 @@ [arguments] NL SIGNATURE NL The "SIGNATURE" Object contains a signature (using the signing key) of - the PKCS1-padded digest of the entire document, taken from the + the PKCS#1 1.5 padded digest of the entire document, taken from the beginning of the Initial item, through the newline after the Signature Item's keyword and its arguments. - Unless otherwise, the digest algorithm is SHA-1. + The signature does not include the algorithmIdentifier specified in PKCS #1. + + Unless specified otherwise, the digest algorithm is SHA-1. All documents are invalid unless signed with the correct signing key. @@ -2102,7 +2104,7 @@ See shared-rand-current-value decription above. - The authority section of a consensus contains groups the following items, + The authority section of a consensus contains groups of the following items, in the order given, with one group for each authority that contributed to the consensus, with groups sorted by authority identity digest: @@ -2144,7 +2146,8 @@ "Nickname" is the OR's nickname. "Identity" is a hash of its identity key, encoded in base64, with trailing equals sign(s) removed. "Digest" is a hash of its most recent descriptor as -signed (that is, not including the signature), encoded in base64. +signed (that is, not including the signature) by the RSA identity +key (see section 1.3.), encoded in base64. "Publication" is the publication time of its most recent descriptor, in the form -MM-DD HH:MM:SS, in UTC. Implementations MAY base @@ -3398,7 +3401,7 @@ prefer fallbacks to authorities, trying them earlier and more frequently. In all other cases, the client downloads from caches randomly chosen from among those believed to be V3 directory servers. (This information comes - from the network-status documents; see 6 below.) + from the network-status documents.) After receiving any response client MUST discard any network-status documents that it did not request. @@ -3484,8 +3487,8 @@ After choosing mirrors, the client divides the descriptors among them randomly. - After receiving any response client MUST discard any descriptors that it - did not request. + After receiving any response the client MUST discard any descriptors that + it did not request. When a descriptor download fails, the client notes it, and does not consider the descriptor downloadable again until a certain amount of time @@ -3847,11 +3850,8 @@ D. Inferring missing proto lines. Cons=1-2 Desc=1-2 DirCache=1 HSDir=1 HSIntro=3 HSRend=1-2 Link=1-4 LinkAuth=1 Microdesc=1-2 Relay=1-2 - For Desc, Tor versions before 0.2.7.stable should be taken to have Desc=1 - and versions 0.2.7.stable or later should have Desc=1-2. - - For Microdesc and Cons, Tor versions before 0.2.7.stable should be taken to - support version 1; 0.2.7.stable and later should have 1-2. + For Desc, Microdesc and Cons, Tor versions before 0.2.7.stable should be + taken to only support version 1. E. Limited ed diff format diff --git a/rend-spec-v3.txt b/rend-spec-v3.txt index e408e8b..ebe05d8 100644 --- a/rend-spec-v3.txt +++ b/rend-spec-v3.txt @@ -2232,7 +2232,7 @@ Appendix C. Recommendations for searching for vanity .onions [VANITY] While pk does not satisfy X: Add the number 8 to sk -Add the scalar 8*B to pk +Add the point 8*B to pk Return sk, pk. ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [torspec/master] dir-spec: remove 5.4.4. Warning about a router's status.
commit ab22bd1dce3b62b6120300fdead958c6924fe553 Author: Filippo ValsordaDate: Fri Nov 17 15:23:32 2017 -0500 dir-spec: remove 5.4.4. Warning about a router's status. It is obsolete as authorities do not assign nicknames anymore. --- dir-spec.txt | 13 + 1 file changed, 1 insertion(+), 12 deletions(-) diff --git a/dir-spec.txt b/dir-spec.txt index 54e122f..b5bc50b 100644 --- a/dir-spec.txt +++ b/dir-spec.txt @@ -3587,18 +3587,7 @@ 5.4.4. Warning about a router's status. - If a router tries to publish its descriptor to a Naming authority - that has its nickname mapped to another key, the router SHOULD - warn the operator that it is either using the wrong key or is using - an already claimed nickname. - - If a router has fetched a consensus document,, and the - authorities do not publish a binding for the router's nickname, the - router MAY remind the operator that the chosen nickname is not - bound to this key at the authorities, and suggest contacting the - authority operators. - - ... + (This section is removed; authorities no longer assign the 'Named' flag.) 6. Standards compliance ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [torspec/master] Merge remote-tracking branch 'filippo/master'
commit 10d5417f9d8c1503394c8bca0f97c772f02f808f Merge: e2145ba ab22bd1 Author: Nick MathewsonDate: Mon Apr 2 19:12:25 2018 -0400 Merge remote-tracking branch 'filippo/master' dir-spec.txt | 37 + rend-spec-v3.txt | 18 ++ 2 files changed, 27 insertions(+), 28 deletions(-) ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [torspec/master] rend-spec-v3: add details to blinding implementation (A.2.)
commit 42e31d525b38fd8810006d7deacc8f41ef34db8d Author: Filippo ValsordaDate: Fri Nov 17 15:19:45 2017 -0500 rend-spec-v3: add details to blinding implementation (A.2.) In particular, document how to derive the second half of the private key. --- rend-spec-v3.txt | 14 -- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/rend-spec-v3.txt b/rend-spec-v3.txt index d595268..e408e8b 100644 --- a/rend-spec-v3.txt +++ b/rend-spec-v3.txt @@ -2162,6 +2162,7 @@ A.2. Tor's key derivation scheme h = H(BLIND_STRING | A | s | B | N) BLIND_STRING = "Derive temporary signing key" | INT_1(0) N = "key-blind" | INT_8(period-number) | INT_8(period_length) + B = "(1511[...]2202, 4631[...]5960)" then clamp the blinding factor 'h' according to the ed25519 spec: @@ -2171,8 +2172,15 @@ A.2. Tor's key derivation scheme and do the key derivation as follows: - private key for the period: a' = h a - public key for the period:A' = h A = (ha)B + private key for the period: + + a' = h a mod l + RH' = SHA-512(RH_BLIND_STRING | RH)[:32] + RH_BLIND_STRING = "Derive temporary signing key hash input" + + public key for the period: + + A' = h A = (ha)B Generating a signature of M: given a deterministic random-looking r (see EdDSA paper), take R=rB, S=r+hash(R,A',M)ah mod l. Send signature @@ -2185,6 +2193,8 @@ A.2. Tor's key derivation scheme = rB + (hash(R,A',M)ah)B = R + hash(R,A',M)A' ) + This boils down to regular Ed25519 with key pair (a', A'). + See [KEYBLIND-REFS] for an extensive discussion on this scheme and possible alternatives. Also, see [KEYBLIND-PROOF] for a security proof of this scheme. ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [torspec/master] rend-spec-v3: document trailing zero byte in BLIND_STRING (A.2.)
commit 73f26437470e4b4b360a484daaa1ce94efad317f Author: Filippo ValsordaDate: Fri Nov 17 15:18:57 2017 -0500 rend-spec-v3: document trailing zero byte in BLIND_STRING (A.2.) The implementation uses sizeof instead of strlen, so the C string NUL byte is hashed. --- rend-spec-v3.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rend-spec-v3.txt b/rend-spec-v3.txt index ef5f940..d595268 100644 --- a/rend-spec-v3.txt +++ b/rend-spec-v3.txt @@ -2160,7 +2160,7 @@ A.2. Tor's key derivation scheme blinding factor like this: h = H(BLIND_STRING | A | s | B | N) - BLIND_STRING = "Derive temporary signing key" + BLIND_STRING = "Derive temporary signing key" | INT_1(0) N = "key-blind" | INT_8(period-number) | INT_8(period_length) then clamp the blinding factor 'h' according to the ed25519 spec: ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [translation/tor-launcher-properties_completed] Update translations for tor-launcher-properties_completed
commit 0c72655aa909b8f9aece450ef2be0fe85d2796b6 Author: Translation commit botDate: Mon Apr 2 22:46:22 2018 + Update translations for tor-launcher-properties_completed --- pt_BR/torlauncher.properties | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pt_BR/torlauncher.properties b/pt_BR/torlauncher.properties index afdcf8ccb..21d01062d 100644 --- a/pt_BR/torlauncher.properties +++ b/pt_BR/torlauncher.properties @@ -32,8 +32,8 @@ torlauncher.error_bridge_bad_default_type=Entre as pontes fornecidas que têm o torlauncher.bridge_suffix.meek-amazon=(funciona na China) torlauncher.bridge_suffix.meek-azure=(funciona na China) -torlauncher.request_a_bridge=Solicitar uma Ponte... -torlauncher.request_a_new_bridge=Solicitar uma Nova Ponte +torlauncher.request_a_bridge=Solicitar uma ponte... +torlauncher.request_a_new_bridge=Solicitar uma nova ponte torlauncher.contacting_bridgedb=Entrando em contato com BridgeDB. Por favor, aguarde. torlauncher.captcha_prompt=Resolva o CAPTCHA para solicitar uma ponte. torlauncher.bad_captcha_solution=A solução não está correta. Por favor, tente novamente. ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [translation/tor-launcher-properties] Update translations for tor-launcher-properties
commit f88e80162e6efa9a5337f13f000d38949b204c8d Author: Translation commit botDate: Mon Apr 2 22:46:16 2018 + Update translations for tor-launcher-properties --- pt_BR/torlauncher.properties | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pt_BR/torlauncher.properties b/pt_BR/torlauncher.properties index afdcf8ccb..21d01062d 100644 --- a/pt_BR/torlauncher.properties +++ b/pt_BR/torlauncher.properties @@ -32,8 +32,8 @@ torlauncher.error_bridge_bad_default_type=Entre as pontes fornecidas que têm o torlauncher.bridge_suffix.meek-amazon=(funciona na China) torlauncher.bridge_suffix.meek-azure=(funciona na China) -torlauncher.request_a_bridge=Solicitar uma Ponte... -torlauncher.request_a_new_bridge=Solicitar uma Nova Ponte +torlauncher.request_a_bridge=Solicitar uma ponte... +torlauncher.request_a_new_bridge=Solicitar uma nova ponte torlauncher.contacting_bridgedb=Entrando em contato com BridgeDB. Por favor, aguarde. torlauncher.captcha_prompt=Resolva o CAPTCHA para solicitar uma ponte. torlauncher.bad_captcha_solution=A solução não está correta. Por favor, tente novamente. ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [torbirdy/master] Release version 0.2.4
commit a99de97022ceb3c575b14ea355f4ae3f86acb04d Author: Sukhbir SinghDate: Mon Apr 2 16:31:59 2018 -0400 Release version 0.2.4 --- ChangeLog | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index 77d8ce6..0f773d3 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,4 +1,4 @@ -0.2.4, +0.2.4, 02 April 2018 * Bug 22484: TB 52+ leaks installed dictionary * Bug 22944: Disable fetching site icons * Bug 23148: Invalid GPG keyserver options in Enigmail ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [nyx/master] Python3 stacktrace when dates are on a year boundary
commit f2bbbf74e144a635738e122631cf02c855c1246e Author: Damian JohnsonDate: Mon Apr 2 11:35:08 2018 -0700 Python3 stacktrace when dates are on a year boundary Oops, python3 compatibility issue... https://trac.torproject.org/projects/tor/ticket/24820 >>> import time >>> time.mktime(list(time.strptime('2017', '%Y'))) Traceback (most recent call last): File "", line 1, in TypeError: Tuple or struct_time argument required As above, this needs to be swapped to a tuple. I'm a tad tempted to simply subtract 31536000 (the number of seconds in a year) from the unix timestamp instead, but on reflection there's leap years, leap seconds, and god knows what else so... meh. --- nyx/log.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nyx/log.py b/nyx/log.py index 08a4878..37db680 100644 --- a/nyx/log.py +++ b/nyx/log.py @@ -494,7 +494,7 @@ def read_tor_log(path, read_limit = None): if timestamp > time.time(): # log entry is from before a year boundary timestamp_comp[0] -= 1 -timestamp = int(time.mktime(timestamp_comp)) +timestamp = int(time.mktime(tuple(timestamp_comp))) except ValueError: raise ValueError("Log located at %s has a timestamp we don't recognize: %s" % (path, ' '.join(line_comp[:3]))) ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [webwml/master] Update OpenBSD instruction in download-easy
commit 58a458b1370d641aea493e1fced5d4aeb9ee4352 Author: hiroDate: Mon Apr 2 19:51:23 2018 +0200 Update OpenBSD instruction in download-easy --- download/en/download-easy.wml | 5 + 1 file changed, 5 insertions(+) diff --git a/download/en/download-easy.wml b/download/en/download-easy.wml index 62d9d205..3fd71967 100644 --- a/download/en/download-easy.wml +++ b/download/en/download-easy.wml @@ -131,6 +131,11 @@ pkg_add tor-browser + Sometimes the most recent version of Tor Browser on OpenBSD is behind the current release. The available version of TB on OpenBSD should be checked with: + + pkg_info -Q tor-browser + + If provided version is not the current Tor Browser version, it is not recommended. To install the Tor Browser port from an updated ports tree, run: ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [webwml/master] Provide a note regarding debian Tor LTS
commit d0fc61a229713520207ad6a04c806a24b228411a Author: hiroDate: Mon Apr 2 19:42:01 2018 +0200 Provide a note regarding debian Tor LTS --- docs/en/debian.wml | 8 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/docs/en/debian.wml b/docs/en/debian.wml index b420a0ad..22cc7c53 100644 --- a/docs/en/debian.wml +++ b/docs/en/debian.wml @@ -25,10 +25,10 @@ If you're using Debian, just run as root. - -Note that this might not always give you the latest stable Tor version, but -you will receive important security fixes. To make sure that you're running -the latest stable version of Tor, see option two below. +Debian provides the https://packages.debian.org/stretch/tor;>LTS +version of Tor. Note that this might not always give you the latest stable +Tor version, but you will receive important security fixes. To make sure +that you're running the latest stable version of Tor, see option two below. ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [webwml/master] Reworded the sentence raspbian is not debian
commit f272d489e36623016ef84cc7f15f4c2331a26610 Author: hiroDate: Mon Apr 2 19:33:06 2018 +0200 Reworded the sentence raspbian is not debian --- docs/en/debian.wml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/en/debian.wml b/docs/en/debian.wml index 6f86bd28..b420a0ad 100644 --- a/docs/en/debian.wml +++ b/docs/en/debian.wml @@ -52,8 +52,8 @@ and security fixes. -Raspbian is not Debian. These packages will be confusingly broken -for Raspbian users, since Raspbian called their architecture armhf but +Raspbian is not Debian. Tor might run fine on the Raspberry Pi 2 / 3 but not the first generation Pi. +These packages might be confusingly broken for Raspbian users, since Raspbian called their architecture armhf but Debian already has an armhf. See http://tor.stackexchange.com/questions/242/how-to-run-tor-on-raspbian-on-the-raspberry-pi;>this post for details. ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [webwml/master] Change Onionoo links to point to new location (Fixes: #23802)
commit ffc651dff413db0ec78b4fb644b7b5800abb656c Author: Iain R. LearmonthDate: Mon Oct 9 21:14:46 2017 +0100 Change Onionoo links to point to new location (Fixes: #23802) Signed-off-by: hiro --- getinvolved/en/volunteer.wml | 2 +- projects/en/projects.wml | 4 ++-- projects/en/sidenav.wmi | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/getinvolved/en/volunteer.wml b/getinvolved/en/volunteer.wml index 100d5ba7..7981a08e 100644 --- a/getinvolved/en/volunteer.wml +++ b/getinvolved/en/volunteer.wml @@ -575,7 +575,7 @@ meetings around the world. -https://onionoo.torproject.org/;>Onionoo (https://metrics.torproject.org/onionoo.html;>Onionoo (https://gitweb.torproject.org/onionoo.git;>code, https://trac.torproject.org/projects/tor/query?status=accepted=assigned=needs_review=new=reopened=Metrics%2FOnionoo=priority;>bug tracker) diff --git a/projects/en/projects.wml b/projects/en/projects.wml index d6fd6aba..f8cec800 100644 --- a/projects/en/projects.wml +++ b/projects/en/projects.wml @@ -64,11 +64,11 @@ instead of the actual Tor traffic. -https://onionoo.torproject.org/;>https://metrics.torproject.org/onionoo.html;> https://onionoo.torproject.org/;>Onionoo +href="https://metrics.torproject.org/onionoo.html;>Onionoo Web-based protocol to learn about currently running Tor relays and bridges. diff --git a/projects/en/sidenav.wmi b/projects/en/sidenav.wmi index 63dbcd39..f80ab167 100644 --- a/projects/en/sidenav.wmi +++ b/projects/en/sidenav.wmi @@ -41,7 +41,7 @@ {'url' => 'https://trac.torproject.org/projects/tor/wiki/torbirdy', 'txt' => 'TorBirdy', }, - {'url' => 'https://onionoo.torproject.org/', + {'url' => 'https://metrics.torproject.org/onionoo.html', 'txt' => 'Onionoo', }, {'url' => 'https://metrics.torproject.org/', ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [webwml/master] Bug 23917: Update gk's GPG subbkeys on website
commit 21cc591e2edc1785b12788f90fadd3182da054f6 Author: Georg KoppenDate: Fri Oct 20 08:24:02 2017 + Bug 23917: Update gk's GPG subbkeys on website Signed-off-by: hiro --- docs/en/signing-keys.wml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/docs/en/signing-keys.wml b/docs/en/signing-keys.wml index 4b8e6d45..8a868aed 100644 --- a/docs/en/signing-keys.wml +++ b/docs/en/signing-keys.wml @@ -110,11 +110,11 @@ uid Linus Nordberg li...@torproject.org sub 4096R/B5F7D1B1 2016-04-14 [expires: 2017-04-14] -pub 4096R/4B7C3223 2013-07-30 +pub rsa4096/0x94373AA94B7C3223 2013-07-30 Key fingerprint = 35CD 74C2 4A9B 15A1 9E1A 81A1 9437 3AA9 4B7C 3223 uid Georg Koppen g...@torproject.org -sub 4096R/0x2F7477373D6B000D 2016-08-01 [expires: 2017-09-11] -sub 4096R/0xAA602CC00C257CF7 2016-08-01 [expires: 2017-09-11] +sub rsa4096/0x5778071EE2DE675B 2017-09-11 [expires: 2018-09-11] +sub rsa4096/0x72E841BB93148AD2 2017-09-11 [expires: 2018-09-11] pub 4096R/D0220E4B 2014-03-19 Key fingerprint = 4A90 646C 0BAE D9D4 56AB 3111 E5B8 1856 D022 0E4B ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [webwml/master] Use English "singular they" where appropriate
commit 536ce69287ce17e09938623fcbb2227fda1dc2ff Author: Ingo BlechschmidtDate: Sun Dec 10 14:20:39 2017 +0100 Use English "singular they" where appropriate Signed-off-by: hiro --- docs/en/faq-abuse.wml | 4 ++-- docs/en/faq.wml| 16 docs/en/onion-services.wml | 4 ++-- 3 files changed, 12 insertions(+), 12 deletions(-) diff --git a/docs/en/faq-abuse.wml b/docs/en/faq-abuse.wml index d916bf97..c9cac5ba 100644 --- a/docs/en/faq-abuse.wml +++ b/docs/en/faq-abuse.wml @@ -204,8 +204,8 @@ using technology? But the real answer is to implement application-level auth systems, to let in well-behaving users and keep out badly-behaving users. This -needs to be based on some property of the human (such as a password he -knows), not some property of the way his packets are transported. +needs to be based on some property of the human (such as a password they +know), not some property of the way their packets are transported. Of course, not all IRC networks are trying to ban Tor nodes. After all, quite a few people use Tor to IRC in privacy in order to carry diff --git a/docs/en/faq.wml b/docs/en/faq.wml index 4a63ccb3..0a9b38ee 100644 --- a/docs/en/faq.wml +++ b/docs/en/faq.wml @@ -2453,8 +2453,8 @@ exit policies are propagated to Tor clients via the directory, so clients will automatically avoid picking exit relays that would refuse to exit to their intended destination. This way each relay can decide -the services, hosts, and networks he wants to allow connections to, -based on abuse potential and his own situation. Read the FAQ entry +the services, hosts, and networks it wants to allow connections to, +based on abuse potential and its own situation. Read the FAQ entry on issues you might encounter @@ -2931,14 +2931,14 @@ Yes, you do get better anonymity against some attacks. The simplest example is an attacker who owns a small number of Tor relays. -He will see a connection from you, but he won't be able to know whether +They will see a connection from you, but they won't be able to know whether the connection originated at your computer or was relayed from somebody else. There are some cases where it doesn't seem to help: if an attacker can -watch all of your incoming and outgoing traffic, then it's easy for him +watch all of your incoming and outgoing traffic, then it's easy for them to learn which connections were relayed and which started at you. (In -this case he still doesn't know your destinations unless he is watching +this case they still don't know your destinations unless they are watching them too, but you're no better off than if you were an ordinary client.) @@ -2948,7 +2948,7 @@ signal to an attacker that you place a high value on your anonymity. Second, there are some more esoteric attacks that are not as well-understood or well-tested that involve making use of the knowledge that you're running a relay -- for example, an attacker may be able to -"observe" whether you're sending traffic even if he can't actually watch +"observe" whether you're sending traffic even if they can't actually watch your network, by relaying traffic through your Tor relay and noticing changes in traffic timing. @@ -3475,7 +3475,7 @@ keys, locations, exit policies, and so on. So unless the adversary can control a majority of the directory authorities (as of 2012 there are 8 -directory authorities), he can't trick the Tor client into using +directory authorities), they can't trick the Tor client into using other Tor relays. @@ -4213,7 +4213,7 @@ only solution is to have no opinion. Like all anonymous communication networks that are fast enough for web browsing, Tor is vulnerable to statistical "traffic confirmation" attacks, where the adversary watches traffic at both ends of a circuit -and confirms his guess that they're communicating. It would be really +and confirms their guess that those endpoints are communicating. It would be really nice if we could use cover traffic to confuse this attack. But there are three problems here: diff --git a/docs/en/onion-services.wml b/docs/en/onion-services.wml index a73ff7d3..c35b76c3 100644 --- a/docs/en/onion-services.wml +++ b/docs/en/onion-services.wml @@ -107,9 +107,9 @@ the same set of entry guards when creating new circuits. Otherwise an attacker -could run his own relay and force an onion service to create an arbitrary +could run their own relay and force an onion service to create an arbitrary number of circuits in the hope that the corrupt relay is picked as entry -node and he learns the onion server's IP address via timing analysis. This +node and they learn the onion server's IP address via timing analysis. This attack was described by
[tor-commits] [webwml/master] Updates all Relay Search URLs to new location (Fixes: #25286)
commit 7390385a3e746535758c45a5a7a8943ecac7872b Author: Iain R. LearmonthDate: Sat Feb 17 13:41:06 2018 + Updates all Relay Search URLs to new location (Fixes: #25286) Signed-off-by: hiro --- about/en/corepeople.wml | 4 ++-- docs/en/documentation.wml| 2 +- en/index.wml | 5 +++-- getinvolved/en/volunteer.wml | 2 +- 4 files changed, 7 insertions(+), 6 deletions(-) diff --git a/about/en/corepeople.wml b/about/en/corepeople.wml index cfa4f925..e3f3a46c 100644 --- a/about/en/corepeople.wml +++ b/about/en/corepeople.wml @@ -115,7 +115,7 @@ https://db.torproject.org/fetchkey.cgi?fingerprint=67EF3966509986E96ACEE84E5D67CD18702287F4;> Arturo Filastò IRC: hellais - Project leader for https://ooni.torproject.org/;>OONI, has helped with http://tor2web.org/;>tor2web, wrote Atlas which later became https://atlas.torproject.org/;>Relay Search, and helps improve security. + Project leader for https://ooni.torproject.org/;>OONI, has helped with http://tor2web.org/;>tor2web, wrote Atlas which later became https://metrics.torproject.org/rs.html;>Relay Search, and helps improve security. @@ -271,7 +271,7 @@ https://db.torproject.org/fetchkey.cgi?fingerprint=A8F7BA5041E19CBA169676D58093F540ABCD;> Iain Learmonth IRC: irl - https://metrics.torproject.org;>Metrics team member and maintainer of https://atlas.torproject.org/;>Relay Search. + https://metrics.torproject.org;>Metrics team member and maintainer of https://metrics.torproject.org/rs.html;>Relay Search. diff --git a/docs/en/documentation.wml b/docs/en/documentation.wml index 1aa4e0ce..edfd4780 100644 --- a/docs/en/documentation.wml +++ b/docs/en/documentation.wml @@ -224,7 +224,7 @@ https://check.torproject.org/;>The Tor detector tries to guess if you're using Tor or not. Check out Tor network status information using https://atlas.torproject.org/;>Relay Search. +href="https://metrics.torproject.org/rs.html;>Relay Search. Remember that these lists may not be as accurate as what your Tor client uses, because your client fetches its own directory information and examines it locally. diff --git a/en/index.wml b/en/index.wml index 0a7cba7e..fc675683 100644 --- a/en/index.wml +++ b/en/index.wml @@ -107,9 +107,10 @@ --> -https://atlas.torproject.org/;>https://metrics.torproject.org/rs.html;> -https://atlas.torproject.org/;>Relay Search +https://metrics.torproject.org/rs.html;>Relay +Search Site providing an overview of the Tor network. diff --git a/getinvolved/en/volunteer.wml b/getinvolved/en/volunteer.wml index 5ece2ca8..100d5ba7 100644 --- a/getinvolved/en/volunteer.wml +++ b/getinvolved/en/volunteer.wml @@ -555,7 +555,7 @@ meetings around the world. -https://atlas.torproject.org/;>Relay Search (https://metrics.torproject.org/rs.html;>Relay Search (https://gitweb.torproject.org/atlas.git;>code) ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [webwml/master] FAQ (relay section): new entry: Can I used IPv6 on my relay?
commit 8ba2d867a69b29b04e73c397a1a9f0e5fb171cf1 Author: nusenuDate: Sat Feb 10 17:13:09 2018 + FAQ (relay section): new entry: Can I used IPv6 on my relay? --- docs/en/faq.wml | 13 + 1 file changed, 13 insertions(+) diff --git a/docs/en/faq.wml b/docs/en/faq.wml index d96f33c3..4a63ccb3 100644 --- a/docs/en/faq.wml +++ b/docs/en/faq.wml @@ -148,6 +148,7 @@ country) Why isn't my relay being used more? Can I run a Tor relay using a dynamic IP address? +Can I use IPv6 on my relay? Why do I get portscanned more often when I run a Tor relay? How can I get Tor to fully @@ -2163,6 +2164,18 @@ the program iptables (for *nix) useful. + +Can I use IPv6 on my relay? + + +Tor has partial support for IPv6 and we +encourage every relay operator to enable IPv6 functionality + in their torrc configuration files when IPv6 connectivity is available. +For the time being Tor will require IPv4 addresses on relays, you can not run a Tor relay +on a host with IPv6 addresses only. + + + Why do I get portscanned more often when I run a Tor relay? ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [webwml/master] FAQ (relay section): link to new relay guide; link to obfs4 bridge guide
commit b42016e8ae7826b5ac457ec4d9e213cca3662394 Author: nusenuDate: Sat Feb 10 16:55:34 2018 + FAQ (relay section): link to new relay guide; link to obfs4 bridge guide --- docs/en/faq.wml | 9 + 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/docs/en/faq.wml b/docs/en/faq.wml index a5c3038d..d96f33c3 100644 --- a/docs/en/faq.wml +++ b/docs/en/faq.wml @@ -2556,7 +2556,7 @@ relay or bridge relay? Bridge relays (or "bridges" for short) -are Tor relays that aren't +are Tor relays that aren't listed in the public Tor directory. That means that ISPs or governments trying to block access to the Tor network can't simply block all bridges. @@ -2586,9 +2586,10 @@ lots of bandwidth, you should definitely run a normal relay. If you're willing to be an exit, you should definitely -run a normal relay, since we need more exits. If you can't be an -exit and only have a little bit of bandwidth, be a bridge. Thanks -for volunteering! +run an exit relay, since we need more exits. If you can't be an +exit and only have a little bit of bandwidth, setup an +obfs4 bridge. +Thanks for volunteering! ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [webwml/master] FAQ (relay section): move two questions out of the relay section
commit 6d5896ac66201bd8d640f28196c0216ef0283fa9 Author: nusenuDate: Sat Feb 10 16:37:13 2018 + FAQ (relay section): move two questions out of the relay section the following two questions have been moved from the relay to the "Advanced Tor usage" section as they are more client related: I want to run my Tor client on a different computer than my applications. Can I install Tor on a central server, and have my clients connect to it? --- docs/en/faq.wml | 156 1 file changed, 78 insertions(+), 78 deletions(-) diff --git a/docs/en/faq.wml b/docs/en/faq.wml index fa763adb..a5c3038d 100644 --- a/docs/en/faq.wml +++ b/docs/en/faq.wml @@ -132,6 +132,10 @@ country) worry? How do I check if my application that uses SOCKS is leaking DNS requests? +I want to run my Tor client on a +different computer than my applications. +Can I install Tor on a central server, and +have my clients connect to it? @@ -167,10 +171,6 @@ be? Why did that happen? My relay recently got the Guard flag and traffic dropped by half. -I want to run my Tor client on a -different computer than my applications. -Can I install Tor on a central server, and -have my clients connect to it? So I can just configure a nickname and ORPort and join the network? Should I be a normal relay or bridge @@ -2027,6 +2027,80 @@ from the source code release tor-0.2.4.16-rc is: + +I +want to run my Tor client on a different computer than my applications. + + +By default, your Tor client only listens for applications that +connect from localhost. Connections from other computers are +refused. If you want to torify applications on different computers +than the Tor client, you should edit your torrc to define +SocksListenAddress 0.0.0.0 and then restart (or hup) Tor. If you +want to get more advanced, you can configure your Tor client on a +firewall to bind to your internal IP but not your external IP. + + + + + +Can I install Tor on a +central server, and have my clients connect to it? + + Yes. Tor can be configured as a client or a relay on another + machine, and allow other machines to be able to connect to it + for anonymity. This is most useful in an environment where many + computers want a gateway of anonymity to the rest of the world. + However, be forwarned that with this configuration, anyone within + your private network (existing between you and the Tor + client/relay) can see what traffic you are sending in clear text. + The anonymity doesn't start until you get to the Tor relay. + Because of this, if you are the controller of your domain and you + know everything's locked down, you will be OK, but this configuration + may not be suitable for large private networks where security is + key all around. + + +Configuration is simple, editing your torrc file's SocksListenAddress +according to the following examples: + + + + #This provides local interface access only, + #needs SocksPort to be greater than 0 + SocksListenAddress 127.0.0.1 + + #This provides access to Tor on a specified interface + SocksListenAddress 192.168.x.x:9100 + + #Accept from all interfaces + SocksListenAddress 0.0.0.0:9100 + + +You can state multiple listen addresses, in the case that you are +part of several networks or subnets. + + + SocksListenAddress 192.168.x.x:9100 #eth0 + SocksListenAddress 10.x.x.x:9100 #eth1 + + +After this, your clients on their respective networks/subnets would specify +a socks proxy with the address and port you specified SocksListenAddress +to be. + + +Please note that the SocksPort configuration option gives the port ONLY for +localhost (127.0.0.1). When setting up your SocksListenAddress(es), you need +to give the port with the address, as shown above. + +If you are interested in forcing all outgoing data through the central Tor +client/relay, instead of the server only being an optional proxy, you may find +the program iptables (for *nix) useful. + + + + Running a Tor relay: @@ -2476,80 +2550,6 @@ users - -I -want to run my Tor client on a different computer than my applications. - - -By default, your Tor client only listens for applications that -connect from localhost. Connections from other computers are -refused. If you want to torify applications on different computers -than the Tor client, you should edit your torrc to define -SocksListenAddress 0.0.0.0 and then restart (or hup) Tor. If you -want to get more advanced, you can configure your Tor client on a -firewall to bind to your internal IP but not your external IP. - - - - - -Can I install Tor on a -
[tor-commits] [webwml/master] FAQ (relay section): update BadExit question (wiki is obsolete, add email address)
commit 4913c11c3a1839928fe8ec53ad353a4604c9e91e Author: nusenuDate: Sat Feb 10 15:58:14 2018 + FAQ (relay section): update BadExit question (wiki is obsolete, add email address) --- docs/en/faq.wml | 10 -- 1 file changed, 4 insertions(+), 6 deletions(-) diff --git a/docs/en/faq.wml b/docs/en/faq.wml index 05eb799e..fa763adb 100644 --- a/docs/en/faq.wml +++ b/docs/en/faq.wml @@ -2454,12 +2454,10 @@ users the BadExit flag why did that happen? If you got this flag then we either discovered a problem or suspicious -activity coming from your exit and weren't able to contact you. The reason -for most flaggings are documented on the https://trac.torproject.org/projects/tor/wiki/doc/badRelays;>bad -relays wiki. Please contact us so -we can sort out the issue. +activity when routing traffic through your exit and weren't able to contact you. +Please reach out to the mailto:bad-rel...@lists.torproject.org;>bad-relays team +so we can sort out the issue. + ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [webwml/master] FAQ (relay section): bw shaping is covered in its own section (this section is about stability)
commit aef4bb669457c4596c5c5c14f5720878a22166f1 Author: nusenuDate: Sat Feb 10 14:40:02 2018 + FAQ (relay section): bw shaping is covered in its own section (this section is about stability) --- docs/en/faq.wml | 10 -- 1 file changed, 10 deletions(-) diff --git a/docs/en/faq.wml b/docs/en/faq.wml index 4dc00320..0bd4eb5e 100644 --- a/docs/en/faq.wml +++ b/docs/en/faq.wml @@ -2141,16 +2141,6 @@ need to be? sure it's not too often, since connections using the relay when it disconnects will break. -Tor has built-in support for -rate limiting. Further, if you have a fast -link but want to limit the number of bytes per -day (or week or month) that you donate, check out the -hibernation -feature. - Each Tor relay has an exit policy that specifies what sort of outbound connections are allowed or refused ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [webwml/master] FAQ (relay section): NAT is covered in its own section (this section is about stability)
commit 546a9e38e3785e3f0be6e0c7618559aa530454ae Author: nusenuDate: Sat Feb 10 14:41:19 2018 + FAQ (relay section): NAT is covered in its own section (this section is about stability) --- docs/en/faq.wml | 6 -- 1 file changed, 6 deletions(-) diff --git a/docs/en/faq.wml b/docs/en/faq.wml index 0bd4eb5e..6c113eb3 100644 --- a/docs/en/faq.wml +++ b/docs/en/faq.wml @@ -2150,12 +2150,6 @@ your relay, you can set it up to only allow connections to other Tor relays. -If your relay is behind a NAT and it doesn't know its public -IP (e.g. it has an IP of 192.168.x.y), you'll need to set up port -forwarding. Forwarding TCP connections is system dependent but -this FAQ entry -offers some examples on how to do this. - Your relay will passively estimate and advertise its recent bandwidth capacity, so high-bandwidth relays will attract more users than ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [webwml/master] FAQ (relay section): put most relevant answer in this question at the beginning
commit 8b81e16dc15de36ddea985d55a4324ec3afa69e8 Author: nusenuDate: Sat Feb 10 14:00:25 2018 + FAQ (relay section): put most relevant answer in this question at the beginning --- docs/en/faq.wml | 10 +- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/docs/en/faq.wml b/docs/en/faq.wml index ba7d9854..4dc00320 100644 --- a/docs/en/faq.wml +++ b/docs/en/faq.wml @@ -2136,6 +2136,11 @@ need to be? +It's fine if the relay goes offline sometimes. The directories +notice this quickly and stop advertising the relay. Just try to make +sure it's not too often, since connections using the relay when it +disconnects will break. + Tor has built-in support for rate limiting. Further, if you have a fast @@ -2155,11 +2160,6 @@ your relay, you can set it up to only allow connections to other Tor relays. -It's fine if the relay goes offline sometimes. The directories -notice this quickly and stop advertising the relay. Just try to make -sure it's not too often, since connections using the relay when it -disconnects will break. - If your relay is behind a NAT and it doesn't know its public IP (e.g. it has an IP of 192.168.x.y), you'll need to set up port forwarding. Forwarding TCP connections is system dependent but ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [webwml/master] FAQ (relay section): refrase static IP section into a question
commit 60dd405a39149835a104429b811b56b1e3d388c2 Author: nusenuDate: Sat Feb 10 14:46:06 2018 + FAQ (relay section): refrase static IP section into a question --- docs/en/faq.wml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/docs/en/faq.wml b/docs/en/faq.wml index 6c113eb3..05eb799e 100644 --- a/docs/en/faq.wml +++ b/docs/en/faq.wml @@ -143,7 +143,7 @@ country) What type of relays are most needed? Why isn't my relay being used more? -I don't have a static IP. +Can I run a Tor relay using a dynamic IP address? Why do I get portscanned more often when I run a Tor relay? How can I get Tor to fully @@ -2079,8 +2079,8 @@ from the source code release tor-0.2.4.16-rc is: -I don't have a static -IP. +Can I run a Tor relay using a +dynamic IP address? Tor can handle relays with dynamic IP addresses just fine. Just leave ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [webwml/master] FAQ (relay section): new entry: most wanted relay type
commit fbd1ac8776c556a94be2669a0f6c206b3e355c09 Author: nusenuDate: Sat Feb 10 13:55:07 2018 + FAQ (relay section): new entry: most wanted relay type --- docs/en/faq.wml | 14 ++ 1 file changed, 14 insertions(+) diff --git a/docs/en/faq.wml b/docs/en/faq.wml index 9165a7cd..bef1beed 100644 --- a/docs/en/faq.wml +++ b/docs/en/faq.wml @@ -140,6 +140,7 @@ country) How do I decide if I should run a relay? +What type of relays are most needed? Why isn't my relay being used more? I don't have a static IP. @@ -2043,6 +2044,19 @@ from the source code release tor-0.2.4.16-rc is: + +What type of relays are most needed? + + +The exit relay is the most needed relay type but it also comes with the highest legal exposure and risk (and you +should NOT run them from your home). +If you are looking to run a relay with minimal effort, fast guard relays are also very useful +followed by bridges. + + + + + Why isn't my relay being used more? ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [webwml/master] FAQ (relay section): dynamic IPs are covered in a dedicated answer already
commit 881b6370b5419794a7e4d72f78027be072c2425a Author: nusenuDate: Sat Feb 10 13:58:10 2018 + FAQ (relay section): dynamic IPs are covered in a dedicated answer already --- docs/en/faq.wml | 3 --- 1 file changed, 3 deletions(-) diff --git a/docs/en/faq.wml b/docs/en/faq.wml index bef1beed..ba7d9854 100644 --- a/docs/en/faq.wml +++ b/docs/en/faq.wml @@ -2160,9 +2160,6 @@ relays. sure it's not too often, since connections using the relay when it disconnects will break. -We can handle relays with dynamic IPs just fine simply -leave the Address config option blank, and Tor will try to guess. - If your relay is behind a NAT and it doesn't know its public IP (e.g. it has an IP of 192.168.x.y), you'll need to set up port forwarding. Forwarding TCP connections is system dependent but ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [webwml/master] FAQ (relay section): increase min. bw from 2 to 8 MBit/s and add bridge info
commit 660b94dc904c73bdbfa4884ad02f5f488531f7c6 Author: nusenuDate: Sat Feb 10 13:11:47 2018 + FAQ (relay section): increase min. bw from 2 to 8 MBit/s and add bridge info --- docs/en/faq.wml | 8 +--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/docs/en/faq.wml b/docs/en/faq.wml index b15de6f2..9165a7cd 100644 --- a/docs/en/faq.wml +++ b/docs/en/faq.wml @@ -2034,9 +2034,11 @@ from the source code release tor-0.2.4.16-rc is: run a relay? We're looking for people with reasonably reliable Internet connections, -that have at least 250 kilobytes/second each way. If that's you, please -consider https://www.torproject.org/docs/tor-relay-debian;>helping -out. +that have at least 1 MByte/second (that is 8 MBit/second) available bandwidth each way. If that's you, please +consider running a Tor relay. + + +Even if you do not have at least 8 MBit/s of available bandwidth you can still help the Tor network by running a Tor bridge with obfs4 support. In that case you should have at least 1 MBit/s of available bandwidth. ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [webwml/master] fix youtube url: "This channel does not exist."
commit 397cbcdbccd7e438582ab431df5f56a4bd89f517 Author: nusenuDate: Sat Feb 10 11:25:13 2018 + fix youtube url: "This channel does not exist." --- getinvolved/en/volunteer.wml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/getinvolved/en/volunteer.wml b/getinvolved/en/volunteer.wml index 22eeaa38..5ece2ca8 100644 --- a/getinvolved/en/volunteer.wml +++ b/getinvolved/en/volunteer.wml @@ -64,7 +64,7 @@ meetings around the world. href="https://media.torproject.org/video/;>Tor's Media server, http://www.howcast.com/videos/90601-How-To-Circumvent-an-Internet-Proxy/;>Howcast, -and http://www.youtube.com/c/thetorproject;>YouTube. +and https://www.youtube.com/user/TheTorProject;>YouTube. Create a poster around a theme, such as "Tor for Freedom!" Create a t-shirt design that incorporates "https://check.torproject.org/;>Congratulations! You are using ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [stem/master] Don't create + publish exit relay in integ tests (Fixes: #25631)
commit 3bba5030a3eb6312415f7fa9d4b862be46926032 Author: Dave RolekDate: Sat Mar 24 00:56:19 2018 + Don't create + publish exit relay in integ tests (Fixes: #25631) --- test/runner.py | 2 ++ 1 file changed, 2 insertions(+) diff --git a/test/runner.py b/test/runner.py index 472002d5..09b70fe8 100644 --- a/test/runner.py +++ b/test/runner.py @@ -64,6 +64,8 @@ BASE_TORRC = """# configuration for stem integration tests DataDirectory %%s SocksPort %i ORPort %i +ExitRelay 0 +PublishServerDescriptor 0 DownloadExtraInfo 1 Log notice stdout Log notice file %%s/tor_log ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [stem/master] Additionally set 'AssumeReachable 1' for integ tests (see: #25631)
commit 7a9968422bed0f00e92c584894d4a0644451deb1 Author: Dave RolekDate: Tue Mar 27 06:00:15 2018 + Additionally set 'AssumeReachable 1' for integ tests (see: #25631) Per suggestion from Tim --- test/runner.py | 1 + 1 file changed, 1 insertion(+) diff --git a/test/runner.py b/test/runner.py index 09b70fe8..67d12dd7 100644 --- a/test/runner.py +++ b/test/runner.py @@ -66,6 +66,7 @@ SocksPort %i ORPort %i ExitRelay 0 PublishServerDescriptor 0 +AssumeReachable 1 DownloadExtraInfo 1 Log notice stdout Log notice file %%s/tor_log ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [webwml/master] Update debian-selector.js and fix default text in page
commit 7bf85595ea1e22e2af5306c587e62234455970ba Author: hiroDate: Mon Apr 2 18:20:56 2018 +0200 Update debian-selector.js and fix default text in page --- docs/debian-selector.js | 4 ++-- docs/en/debian.wml | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/docs/debian-selector.js b/docs/debian-selector.js index 12554c19..493fd235 100644 --- a/docs/debian-selector.js +++ b/docs/debian-selector.js @@ -132,7 +132,7 @@ function update() { package = package.split(' ')[0]; source_install = true; } -txt += "http://deb.torproject.org/torproject.org;; +txt += "https://deb.torproject.org/torproject.org;; txt += " "; txt += keys[i]; txt += " main"; @@ -140,7 +140,7 @@ function update() { target = keys[i]; txt = "deb " + txt + "\ndeb-src " + txt; if (version != 'stable') { -txt2 = "http://deb.torproject.org/torproject.org;; +txt2 = "https://deb.torproject.org/torproject.org;; txt2 += " "; txt2 += package; txt2 += "-"; diff --git a/docs/en/debian.wml b/docs/en/debian.wml index 1fe14dfa..6f86bd28 100644 --- a/docs/en/debian.wml +++ b/docs/en/debian.wml @@ -89,7 +89,7 @@ version You need to add the following entry in /etc/apt/sources.list or a new file in /etc/apt/sources.list.d/: -deb https://deb.torproject.org/torproject.org stretch main +deb https://deb.torproject.org/torproject.org jessie main ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [webwml/master] Allow https in version of deb.torproject.org repository install instructions
commit 09ab345a7f3690270dece384693e8b81417d63a0 Author: hiroDate: Mon Apr 2 18:08:36 2018 +0200 Allow https in version of deb.torproject.org repository install instructions --- docs/en/debian.wml | 6 -- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/docs/en/debian.wml b/docs/en/debian.wml index acdec1f4..b0f27fa5 100644 --- a/docs/en/debian.wml +++ b/docs/en/debian.wml @@ -63,7 +63,7 @@ post for details. You'll need to set up our package repository before you can fetch Tor. First, you need to figure out the name of your distribution. A quick command to run is lsb_release -c or cat /etc/debian_version. -If in doubt about your Debian version, check http://www.debian.org/releases/;>the Debian website. +If in doubt about your Debian version, check https://www.debian.org/releases/;>the Debian website. For Ubuntu, ask https://en.wikipedia.org/wiki/List_of_Ubuntu_releases#Table_of_versions;>Wikipedia. @@ -89,10 +89,12 @@ version You need to add the following entry in /etc/apt/sources.list or a new file in /etc/apt/sources.list.d/: -deb http://deb.torproject.org/torproject.org jessie main +deb https://deb.torproject.org/torproject.org stretch main +Please not that the https://packages.debian.org/stretch/apt-transport-https;>apt-transport-https package is required to enable the usage of 'deb https://foo distro main' lines in the /etc/apt/sources.list so that all package managers using the libapt-pkg library can access metadata and packages available in sources accessible over https (Hypertext Transfer Protocol Secure). + Then add the gpg key used to sign the packages by running the following commands at your command prompt: ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [webwml/master] Fix small typo
commit 4fcb5df531cc7e05eb9876d892528f0cefa19a3b Author: hiroDate: Mon Apr 2 18:09:35 2018 +0200 Fix small typo --- docs/en/debian.wml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/en/debian.wml b/docs/en/debian.wml index b0f27fa5..1fe14dfa 100644 --- a/docs/en/debian.wml +++ b/docs/en/debian.wml @@ -93,7 +93,7 @@ version -Please not that the https://packages.debian.org/stretch/apt-transport-https;>apt-transport-https package is required to enable the usage of 'deb https://foo distro main' lines in the /etc/apt/sources.list so that all package managers using the libapt-pkg library can access metadata and packages available in sources accessible over https (Hypertext Transfer Protocol Secure). +Please note that the https://packages.debian.org/stretch/apt-transport-https;>apt-transport-https package is required to enable the usage of 'deb https://foo distro main' lines in the /etc/apt/sources.list so that all package managers using the libapt-pkg library can access metadata and packages available in sources accessible over https (Hypertext Transfer Protocol Secure). Then add the gpg key used to sign the packages by running the following commands at your command prompt: ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [torbirdy/master] Update ChangeLog for bug 23148
commit e14bf88d12f126addf2b646c76d73d7958e57828 Author: Sukhbir SinghDate: Mon Apr 2 10:07:12 2018 -0400 Update ChangeLog for bug 23148 --- ChangeLog | 1 + 1 file changed, 1 insertion(+) diff --git a/ChangeLog b/ChangeLog index 935e39d..77d8ce6 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,6 +1,7 @@ 0.2.4, * Bug 22484: TB 52+ leaks installed dictionary * Bug 22944: Disable fetching site icons + * Bug 23148: Invalid GPG keyserver options in Enigmail * Added support for Thunderbird 58 and Thunderbird 59 * Update translations, adding all supported languages from Transifex ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/master] dir auths no longer vote Guard if they're not voting V2Dir
commit 961d2ad597134df0171dbbed2e035ae93e2215c6 Author: Roger DingledineDate: Mon Apr 2 00:20:01 2018 -0400 dir auths no longer vote Guard if they're not voting V2Dir Directory authorities no longer vote in favor of the Guard flag for relays that don't advertise directory support. Starting in Tor 0.3.0.1-alpha, Tor clients have been avoiding using such relays in the Guard position, leading to increasingly broken load balancing for the 5%-or-so of Guards that don't advertise directory support. Fixes bug 22310; bugfix on 0.3.0.6. --- changes/bug22310 | 8 src/or/dirserv.c | 1 + 2 files changed, 9 insertions(+) diff --git a/changes/bug22310 b/changes/bug22310 new file mode 100644 index 0..c8017daff --- /dev/null +++ b/changes/bug22310 @@ -0,0 +1,8 @@ + o Major bugfixes (performance, load balancing): +- Directory authorities no longer vote in favor of the Guard flag + for relays that don't advertise directory support. Starting in Tor + 0.3.0.1-alpha, Tor clients have been avoiding using such relays in + the Guard position, leading to increasingly broken load balancing + for the 5%-or-so of Guards that don't advertise directory support. + Fixes bug 22310; bugfix on 0.3.0.6. + diff --git a/src/or/dirserv.c b/src/or/dirserv.c index 0f47a8398..f0333e288 100644 --- a/src/or/dirserv.c +++ b/src/or/dirserv.c @@ -2266,6 +2266,7 @@ set_routerstatus_from_routerinfo(routerstatus_t *rs, rs->is_valid = node->is_valid; if (node->is_fast && node->is_stable && + ri->supports_tunnelled_dir_requests && ((options->AuthDirGuardBWGuarantee && routerbw_kb >= options->AuthDirGuardBWGuarantee/1000) || routerbw_kb >= MIN(guard_bandwidth_including_exits_kb, ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/maint-0.3.3] dir auths no longer vote Guard if they're not voting V2Dir
commit 961d2ad597134df0171dbbed2e035ae93e2215c6 Author: Roger DingledineDate: Mon Apr 2 00:20:01 2018 -0400 dir auths no longer vote Guard if they're not voting V2Dir Directory authorities no longer vote in favor of the Guard flag for relays that don't advertise directory support. Starting in Tor 0.3.0.1-alpha, Tor clients have been avoiding using such relays in the Guard position, leading to increasingly broken load balancing for the 5%-or-so of Guards that don't advertise directory support. Fixes bug 22310; bugfix on 0.3.0.6. --- changes/bug22310 | 8 src/or/dirserv.c | 1 + 2 files changed, 9 insertions(+) diff --git a/changes/bug22310 b/changes/bug22310 new file mode 100644 index 0..c8017daff --- /dev/null +++ b/changes/bug22310 @@ -0,0 +1,8 @@ + o Major bugfixes (performance, load balancing): +- Directory authorities no longer vote in favor of the Guard flag + for relays that don't advertise directory support. Starting in Tor + 0.3.0.1-alpha, Tor clients have been avoiding using such relays in + the Guard position, leading to increasingly broken load balancing + for the 5%-or-so of Guards that don't advertise directory support. + Fixes bug 22310; bugfix on 0.3.0.6. + diff --git a/src/or/dirserv.c b/src/or/dirserv.c index 0f47a8398..f0333e288 100644 --- a/src/or/dirserv.c +++ b/src/or/dirserv.c @@ -2266,6 +2266,7 @@ set_routerstatus_from_routerinfo(routerstatus_t *rs, rs->is_valid = node->is_valid; if (node->is_fast && node->is_stable && + ri->supports_tunnelled_dir_requests && ((options->AuthDirGuardBWGuarantee && routerbw_kb >= options->AuthDirGuardBWGuarantee/1000) || routerbw_kb >= MIN(guard_bandwidth_including_exits_kb, ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/master] Merge branch 'maint-0.3.3'
commit 3df954549232bf5516ba5fce13c66a3ac91524a4 Merge: 619059325 961d2ad59 Author: Nick MathewsonDate: Mon Apr 2 08:51:47 2018 -0400 Merge branch 'maint-0.3.3' changes/bug22310 | 8 src/or/dirserv.c | 1 + 2 files changed, 9 insertions(+) ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/release-0.3.3] Merge branch 'maint-0.3.3' into release-0.3.3
commit 5bdc18b2df68804efa47aa6085de81085686e631 Merge: e47080a4d 961d2ad59 Author: Nick MathewsonDate: Mon Apr 2 08:51:47 2018 -0400 Merge branch 'maint-0.3.3' into release-0.3.3 changes/bug22310 | 8 src/or/dirserv.c | 1 + 2 files changed, 9 insertions(+) ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/release-0.3.3] dir auths no longer vote Guard if they're not voting V2Dir
commit 961d2ad597134df0171dbbed2e035ae93e2215c6 Author: Roger DingledineDate: Mon Apr 2 00:20:01 2018 -0400 dir auths no longer vote Guard if they're not voting V2Dir Directory authorities no longer vote in favor of the Guard flag for relays that don't advertise directory support. Starting in Tor 0.3.0.1-alpha, Tor clients have been avoiding using such relays in the Guard position, leading to increasingly broken load balancing for the 5%-or-so of Guards that don't advertise directory support. Fixes bug 22310; bugfix on 0.3.0.6. --- changes/bug22310 | 8 src/or/dirserv.c | 1 + 2 files changed, 9 insertions(+) diff --git a/changes/bug22310 b/changes/bug22310 new file mode 100644 index 0..c8017daff --- /dev/null +++ b/changes/bug22310 @@ -0,0 +1,8 @@ + o Major bugfixes (performance, load balancing): +- Directory authorities no longer vote in favor of the Guard flag + for relays that don't advertise directory support. Starting in Tor + 0.3.0.1-alpha, Tor clients have been avoiding using such relays in + the Guard position, leading to increasingly broken load balancing + for the 5%-or-so of Guards that don't advertise directory support. + Fixes bug 22310; bugfix on 0.3.0.6. + diff --git a/src/or/dirserv.c b/src/or/dirserv.c index 0f47a8398..f0333e288 100644 --- a/src/or/dirserv.c +++ b/src/or/dirserv.c @@ -2266,6 +2266,7 @@ set_routerstatus_from_routerinfo(routerstatus_t *rs, rs->is_valid = node->is_valid; if (node->is_fast && node->is_stable && + ri->supports_tunnelled_dir_requests && ((options->AuthDirGuardBWGuarantee && routerbw_kb >= options->AuthDirGuardBWGuarantee/1000) || routerbw_kb >= MIN(guard_bandwidth_including_exits_kb, ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [translation/tor-browser-manual_completed] Update translations for tor-browser-manual_completed
commit 6d386a7950e6573a28d426f16d11a413abc44c5b Author: Translation commit botDate: Mon Apr 2 12:49:46 2018 + Update translations for tor-browser-manual_completed --- fr/fr.po | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/fr/fr.po b/fr/fr.po index 805843988..142fc5353 100644 --- a/fr/fr.po +++ b/fr/fr.po @@ -1635,8 +1635,8 @@ msgid "" "antivirus software if you do not know how to do this." msgstr "" "Assurez-vous quâun antivirus que vous avez installé nâempêche pas Tor de " -"fonctionner. Si vous ne savez pas comment le faire, consultez la " -"documentation de votre antivirus." +"fonctionner. Si vous ne savez pas comment faire, consultez la documentation " +"de votre antivirus." #: troubleshooting.page:49 msgid "Temporarily disable your firewall." ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [translation/tor-browser-manual] Update translations for tor-browser-manual
commit a01f6f68e131ade6f3d12cd0525a30571eecb36c Author: Translation commit botDate: Mon Apr 2 12:49:41 2018 + Update translations for tor-browser-manual --- fr/fr.po | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/fr/fr.po b/fr/fr.po index 805843988..142fc5353 100644 --- a/fr/fr.po +++ b/fr/fr.po @@ -1635,8 +1635,8 @@ msgid "" "antivirus software if you do not know how to do this." msgstr "" "Assurez-vous quâun antivirus que vous avez installé nâempêche pas Tor de " -"fonctionner. Si vous ne savez pas comment le faire, consultez la " -"documentation de votre antivirus." +"fonctionner. Si vous ne savez pas comment faire, consultez la documentation " +"de votre antivirus." #: troubleshooting.page:49 msgid "Temporarily disable your firewall." ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/master] use channel_is_client for create cell counts
commit 61905932565a8ff426981d77bf162f85e7f6c3ea Author: Roger DingledineDate: Mon Apr 2 01:00:31 2018 -0400 use channel_is_client for create cell counts When a relay is collecting internal statistics about how many create cell requests it has seen of each type, accurately count the requests from relays that temporarily fall out of the consensus. (To be extra conservative, we were already ignoring requests from clients in our counts, and we continue ignoring them here.) Fixes bug 24910; bugfix on 0.2.4.17-rc. --- changes/bug24910 | 7 +++ src/or/command.c | 4 +++- src/or/cpuworker.c | 2 +- 3 files changed, 11 insertions(+), 2 deletions(-) diff --git a/changes/bug24910 b/changes/bug24910 new file mode 100644 index 0..58574c006 --- /dev/null +++ b/changes/bug24910 @@ -0,0 +1,7 @@ + o Minor bugfixes (relay statistics): +- When a relay is collecting internal statistics about how many + create cell requests it has seen of each type, accurately count the + requests from relays that temporarily fall out of the consensus. (To + be extra conservative, we were already ignoring requests from + clients in our counts, and we continue ignoring them here.) Fixes + bug 24910; bugfix on 0.2.4.17-rc. diff --git a/src/or/command.c b/src/or/command.c index 7280be139..4f99462f3 100644 --- a/src/or/command.c +++ b/src/or/command.c @@ -339,7 +339,9 @@ command_process_create_cell(cell_t *cell, channel_t *chan) return; } - if (connection_or_digest_is_known_relay(chan->identity_digest)) { + if (!channel_is_client(chan)) { +/* remember create types we've seen, but don't remember them from + * clients, to be extra conservative about client statistics. */ rep_hist_note_circuit_handshake_requested(create_cell->handshake_type); } diff --git a/src/or/cpuworker.c b/src/or/cpuworker.c index 50761dd4d..7da7dc5f8 100644 --- a/src/or/cpuworker.c +++ b/src/or/cpuworker.c @@ -547,7 +547,7 @@ assign_onionskin_to_cpuworker(or_circuit_t *circ, return 0; } - if (connection_or_digest_is_known_relay(circ->p_chan->identity_digest)) + if (!channel_is_client(circ->p_chan)) rep_hist_note_circuit_handshake_assigned(onionskin->handshake_type); should_time = should_time_request(onionskin->handshake_type); ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [translation/tails-perl5lib_completed] Update translations for tails-perl5lib_completed
commit b4083627807d3a2e2441472f3fe1841066f2655f Author: Translation commit botDate: Mon Apr 2 12:47:35 2018 + Update translations for tails-perl5lib_completed --- fr.po | 12 ++-- 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/fr.po b/fr.po index 0d187c7d9..b07eb51fa 100644 --- a/fr.po +++ b/fr.po @@ -11,8 +11,8 @@ msgid "" msgstr "" "Project-Id-Version: The Tor Project\n" "Report-Msgid-Bugs-To: Tails developers \n" -"POT-Creation-Date: 2017-05-20 10:59+0200\n" -"PO-Revision-Date: 2018-03-26 19:54+\n" +"POT-Creation-Date: 2018-03-15 12:15+\n" +"PO-Revision-Date: 2018-04-02 12:43+\n" "Last-Translator: French language coordinator \n" "Language-Team: French (http://www.transifex.com/otf/torproject/language/fr/)\n" "MIME-Version: 1.0\n" @@ -27,12 +27,12 @@ msgstr "Erreur" #: ../lib/Tails/RunningSystem.pm:161 msgid "" -"The device Tails is running from cannot be found. Maybe you used the `toram'" +"The device Tails is running from cannot be found. Maybe you used the 'toram'" " option?" -msgstr "Le périphérique à partir duquel Tails fonctionne est introuvable. Auriez-vous utilisé lâoption `toram'â?" +msgstr "Le périphérique sur lequel Tails tourne ne peut pas être trouvé. Peut-être avez-vous utilisée l'option 'toram'â?" #: ../lib/Tails/RunningSystem.pm:192 msgid "" -"The drive Tails is running from cannot be found. Maybe you used the `toram' " +"The drive Tails is running from cannot be found. Maybe you used the 'toram' " "option?" -msgstr "Le lecteur à partir duquel Tails fonctionne est introuvable. Auriez-vous utilisé lâoption `toram'â?" +msgstr "Le périphérique sur lequel Tails tourne ne peut pas être trouvé. Peut-être avez-vous utilisée l'option 'toram'â?" ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [translation/tails-perl5lib] Update translations for tails-perl5lib
commit 35dfe7668d13684daef74a27558f405b968e5c4f Author: Translation commit botDate: Mon Apr 2 12:47:28 2018 + Update translations for tails-perl5lib --- fr.po | 8 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/fr.po b/fr.po index f12f28479..b07eb51fa 100644 --- a/fr.po +++ b/fr.po @@ -12,8 +12,8 @@ msgstr "" "Project-Id-Version: The Tor Project\n" "Report-Msgid-Bugs-To: Tails developers \n" "POT-Creation-Date: 2018-03-15 12:15+\n" -"PO-Revision-Date: 2018-03-31 13:21+\n" -"Last-Translator: carolyn \n" +"PO-Revision-Date: 2018-04-02 12:43+\n" +"Last-Translator: French language coordinator \n" "Language-Team: French (http://www.transifex.com/otf/torproject/language/fr/)\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" @@ -29,10 +29,10 @@ msgstr "Erreur" msgid "" "The device Tails is running from cannot be found. Maybe you used the 'toram'" " option?" -msgstr "" +msgstr "Le périphérique sur lequel Tails tourne ne peut pas être trouvé. Peut-être avez-vous utilisée l'option 'toram'â?" #: ../lib/Tails/RunningSystem.pm:192 msgid "" "The drive Tails is running from cannot be found. Maybe you used the 'toram' " "option?" -msgstr "" +msgstr "Le périphérique sur lequel Tails tourne ne peut pas être trouvé. Peut-être avez-vous utilisée l'option 'toram'â?" ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits