[tor-commits] [translation/https_everywhere] Update translations for https_everywhere
commit 285cee8155f0d40be5735688b657c8df113aaa3d Author: Translation commit bot translat...@torproject.org Date: Wed May 28 06:15:16 2014 + Update translations for https_everywhere --- fi/ssl-observatory.dtd |6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/fi/ssl-observatory.dtd b/fi/ssl-observatory.dtd index 48a2857..86bb49d 100644 --- a/fi/ssl-observatory.dtd +++ b/fi/ssl-observatory.dtd @@ -42,10 +42,10 @@ to turn it on?-- Tämä noutaa ja lähettää verkkosi autonomisen järjestelmän numerotunnuksen (ASN). Näin pystymme paikantamaan HTTPS:ään kohdistuvat hyökkäykset ja voimme selvittää, ovatko havainnot Iranin ja Syyrian kaltaisten alueiden verkoista, joissa hyökkäykset ovat yleisiä. !ENTITY ssl-observatory.prefs.show_cert_warning -Show a warning when the Observatory detects a revoked certificate not caught by your browser +Näytä varoitus, kun Observatorio havaitsee suljetun varmenteen jotka eivät kuulu selaimeesi. !ENTITY ssl-observatory.prefs.show_cert_warning_tooltip -This will check submitted certificates against known Certificate Revocation Lists. Unfortunately we cannot guarantee that we will flag every revoked certificate, but if you do see a warning there's a good chance something is wrong. +Tämä tarkistaa toimitetut varmenteet tiedettyjen varmenteiden listasta. Valitettavasti emme voi taata että merkitsemme kaikki suljetut varmenteet, mutta jos näet varoituksen on hyvä mahdollisuus että jotain on vialla. !ENTITY ssl-observatory.prefs.done Valmis @@ -84,7 +84,7 @@ Mouseover the options for further details:-- !ENTITY ssl-observatory.warning.showcert Näytä palvelimen varmenneketju !ENTITY ssl-observatory.warning.okay Ymmärrän !ENTITY ssl-observatory.warning.text EFFin SSL Observatory on varoittanut tämän sivuston yhdestä tai useammasta HTTPS-varmenteesta: -!ENTITY ssl-observatory.warning.defense If you are logged in to this site, it may be advisable to change your password once you have a safe connection. (These warnings can be disabled in the quot;SSL Observatoryquot; tab of the HTTPS Everywhere preferences dialog.) +!ENTITY ssl-observatory.warning.defense Jos olet kirjautunut sivustolle, voi olla suositeltavaa vaihtaa salasana, kun sinulla on käytössä turvallinen yhteys. (Nämä varoitukset voidaan laittaa pois päältä ''SSL Observatoryssä'' klikkaa HTTPS Kaikkialla mieltymyksiä.) !ENTITY ssl-observatory.prefs.self_signed Lähetä ja tarkista sivuston itsensä allekirjoittama varmenne ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [translation/https_everywhere_completed] Update translations for https_everywhere_completed
commit 9eef11414d80a3ba25b372e47909baef5e01a82b Author: Translation commit bot translat...@torproject.org Date: Wed May 28 06:15:20 2014 + Update translations for https_everywhere_completed --- fi/ssl-observatory.dtd |8 +++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/fi/ssl-observatory.dtd b/fi/ssl-observatory.dtd index 9270c4f..86bb49d 100644 --- a/fi/ssl-observatory.dtd +++ b/fi/ssl-observatory.dtd @@ -41,6 +41,12 @@ to turn it on?-- !ENTITY ssl-observatory.prefs.asn_tooltip Tämä noutaa ja lähettää verkkosi autonomisen järjestelmän numerotunnuksen (ASN). Näin pystymme paikantamaan HTTPS:ään kohdistuvat hyökkäykset ja voimme selvittää, ovatko havainnot Iranin ja Syyrian kaltaisten alueiden verkoista, joissa hyökkäykset ovat yleisiä. +!ENTITY ssl-observatory.prefs.show_cert_warning +Näytä varoitus, kun Observatorio havaitsee suljetun varmenteen jotka eivät kuulu selaimeesi. + +!ENTITY ssl-observatory.prefs.show_cert_warning_tooltip +Tämä tarkistaa toimitetut varmenteet tiedettyjen varmenteiden listasta. Valitettavasti emme voi taata että merkitsemme kaikki suljetut varmenteet, mutta jos näet varoituksen on hyvä mahdollisuus että jotain on vialla. + !ENTITY ssl-observatory.prefs.done Valmis !ENTITY ssl-observatory.prefs.explanation @@ -78,7 +84,7 @@ Mouseover the options for further details:-- !ENTITY ssl-observatory.warning.showcert Näytä palvelimen varmenneketju !ENTITY ssl-observatory.warning.okay Ymmärrän !ENTITY ssl-observatory.warning.text EFFin SSL Observatory on varoittanut tämän sivuston yhdestä tai useammasta HTTPS-varmenteesta: -!ENTITY ssl-observatory.warning.defense Jos olet kirjautunut sivustolle, voi olla suositeltavaa vaihtaa salasana, sitten kun käytössäsi on turvallinen yhteys. +!ENTITY ssl-observatory.warning.defense Jos olet kirjautunut sivustolle, voi olla suositeltavaa vaihtaa salasana, kun sinulla on käytössä turvallinen yhteys. (Nämä varoitukset voidaan laittaa pois päältä ''SSL Observatoryssä'' klikkaa HTTPS Kaikkialla mieltymyksiä.) !ENTITY ssl-observatory.prefs.self_signed Lähetä ja tarkista sivuston itsensä allekirjoittama varmenne ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [meek/master] Factor out some code for setting a custom proxy per-request.
commit 0567884cb38b7b514abce8bc63370517d83b0682
Author: David Fifield da...@bamsoftware.com
Date: Sat May 24 19:15:32 2014 -0700
Factor out some code for setting a custom proxy per-request.
---
firefox/components/main.js | 42 ++
1 file changed, 38 insertions(+), 4 deletions(-)
diff --git a/firefox/components/main.js b/firefox/components/main.js
index bef833f..e1284f0 100644
--- a/firefox/components/main.js
+++ b/firefox/components/main.js
@@ -97,6 +97,16 @@ MeekHTTPHelper.prototype = {
MeekHTTPHelper.LOCAL_READ_TIMEOUT = 2.0;
MeekHTTPHelper.LOCAL_WRITE_TIMEOUT = 2.0;
+//
https://developer.mozilla.org/en-US/docs/XPCOM_Interface_Reference/nsIProtocolProxyService
+MeekHTTPHelper.proxyProtocolService =
Components.classes[@mozilla.org/network/protocol-proxy-service;1]
+.getService(Components.interfaces.nsIProtocolProxyService);
+
+//
https://developer.mozilla.org/en-US/docs/XPCOM_Interface_Reference/nsIIOService
+MeekHTTPHelper.ioService =
Components.classes[@mozilla.org/network/io-service;1]
+.getService(Components.interfaces.nsIIOService);
+MeekHTTPHelper.httpProtocolHandler =
MeekHTTPHelper.ioService.getProtocolHandler(http)
+.QueryInterface(Components.interfaces.nsIHttpProtocolHandler);
+
// Set the transport to time out at the given absolute deadline.
MeekHTTPHelper.refreshDeadline = function(transport, deadline) {
var timeout;
@@ -116,6 +126,20 @@ MeekHTTPHelper.lookupStatus = function(status) {
return null;
};
+// Return an nsIProxyInfo according to the given specification. Returns null on
+// error.
+//
https://developer.mozilla.org/en-US/docs/XPCOM_Interface_Reference/nsIProxyInfo
+// The specification may look like:
+// undefined
+MeekHTTPHelper.buildProxyInfo = function(spec) {
+//
https://developer.mozilla.org/en-US/docs/Mozilla/Tech/XPCOM/Reference/Interface/nsIProxyInfo#Constants
+if (spec === undefined) {
+// direct; i.e., no proxy. This is the default.
+return MeekHTTPHelper.proxyProtocolService.newProxyInfo(direct, ,
0, 0, 0x, null);
+}
+return null;
+};
+
// LocalConnectionHandler handles each new client connection received on the
// socket opened by MeekHTTPHelper. It reads a JSON request, makes the request
// on the Internet, and writes the result back to the socket. Error handling
@@ -138,10 +162,20 @@ MeekHTTPHelper.LocalConnectionHandler.prototype = {
this.transport.close(0);
return;
}
-//
https://developer.mozilla.org/en-US/docs/XPCOM_Interface_Reference/nsIIOService
-var ioService = Components.classes[@mozilla.org/network/io-service;1]
-.getService(Components.interfaces.nsIIOService);
-this.channel = ioService.newChannel(req.url, null, null)
+
+// Check what proxy to use, if any.
+// dump(using proxy + JSON.stringify(req.proxy) + \n);
+var proxyInfo = MeekHTTPHelper.buildProxyInfo(req.proxy);
+if (proxyInfo === null) {
+dump(can't create nsIProxyInfo from + JSON.stringify(req.proxy)
+ \n);
+this.transport.close(0);
+return;
+}
+
+// Construct an HTTP channel with the given nsIProxyInfo.
+//
https://developer.mozilla.org/en-US/docs/XPCOM_Interface_Reference/nsIHttpChannel
+var uri = MeekHTTPHelper.ioService.newURI(req.url, null, null);
+this.channel =
MeekHTTPHelper.httpProtocolHandler.newProxiedChannel(uri, proxyInfo, 0, null)
.QueryInterface(Components.interfaces.nsIHttpChannel);
if (req.header !== undefined) {
for (var key in req.header) {
___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [meek/master] Add Proxy configuration examples to torrc.
commit 1e099c54089b1ed1aef556069c2546709acb5cdf Author: David Fifield da...@bamsoftware.com Date: Sat May 24 23:00:33 2014 -0700 Add Proxy configuration examples to torrc. --- meek-client/torrc |5 + 1 file changed, 5 insertions(+) diff --git a/meek-client/torrc b/meek-client/torrc index 62f2c72..6ed137b 100644 --- a/meek-client/torrc +++ b/meek-client/torrc @@ -1,4 +1,9 @@ UseBridges 1 + +# Socks4Proxy localhost:1080 +# Socks5Proxy localhost:1080 +# HTTPSProxy localhost:8080 + # Bridge meek 0.0.2.0:1 url=https://meek-reflect.appspot.com/ front=www.google.com # ClientTransportPlugin meek exec ./meek-client --log meek-client.log Bridge meek 0.0.2.0:1 ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [meek/master] Add some proxy support functions.
commit daab1193f4234bd23e26f7a525356b67630c6ba2
Author: David Fifield da...@bamsoftware.com
Date: Sat May 24 20:25:49 2014 -0700
Add some proxy support functions.
These are candidates to move to goptlib for proposal 232 support.
I assumed that you should be able to give a proxy host as a domain name,
but it turns out that proposal 232 doesn't actually say that
(https://trac.torproject.org/projects/tor/ticket/12125#comment:3). Some
of the tests use IP addresses and some use host names.
---
meek-client/proxy.go | 53 ++
meek-client/proxy_test.go | 69 +
2 files changed, 122 insertions(+)
diff --git a/meek-client/proxy.go b/meek-client/proxy.go
new file mode 100644
index 000..56717a3
--- /dev/null
+++ b/meek-client/proxy.go
@@ -0,0 +1,53 @@
+package main
+
+import (
+ errors
+ fmt
+ net/url
+ os
+)
+
+import git.torproject.org/pluggable-transports/goptlib.git
+
+// The code in this file has to do with configuring an upstream proxy, whether
+// through the command line or the managed interface of proposal 232
+// (TOR_PT_PROXY).
+//
+//
https://gitweb.torproject.org/torspec.git/blob/HEAD:/proposals/232-pluggable-transports-through-proxy.txt
+
+// Get the upstream proxy URL. Returns nil if no proxy is requested. The
+// function ensures that the Scheme and Host fields are set; i.e., that the URL
+// is absolute. This function reads the environment variable TOR_PT_PROXY.
+//
+// This function doesn't check that the scheme is one of Tor's supported proxy
+// schemes; that is, one of http, socks5, or socks4a. The caller must be
+// able to handle any returned scheme (which may be by calling PtProxyError if
+// it doesn't know how to handle the scheme).
+func PtGetProxyURL() (*url.URL, error) {
+ rawurl := os.Getenv(TOR_PT_PROXY)
+ if rawurl == {
+ return nil, nil
+ }
+ u, err := url.Parse(rawurl)
+ if err != nil {
+ return nil, err
+ }
+ if u.Scheme == {
+ return nil, errors.New(missing scheme)
+ }
+ if u.Host == {
+ return nil, errors.New(missing host)
+ }
+ return u, nil
+}
+
+// Emit a PROXY-ERROR line with explanation text.
+func PtProxyError(msg string) {
+ fmt.Fprintf(pt.Stdout, PROXY-ERROR %s\n, msg)
+}
+
+// Emit a PROXY DONE line. Call this after parsing the return value of
+// PtGetProxyURL.
+func PtProxyDone() {
+ fmt.Fprintf(pt.Stdout, PROXY DONE\n)
+}
diff --git a/meek-client/proxy_test.go b/meek-client/proxy_test.go
new file mode 100644
index 000..9565101
--- /dev/null
+++ b/meek-client/proxy_test.go
@@ -0,0 +1,69 @@
+package main
+
+import (
+ os
+ testing
+)
+
+func TestGetProxyURL(t *testing.T) {
+ badTests := [...]string{
+ bogus,
+ http:,
+ ://127.0.0.1,
+ //127.0.0.1,
+ http:127.0.0.1,
+ ://[::1],
+ //[::1],
+ http:[::1],
+ ://localhost,
+ //localhost,
+ http:localhost,
+ }
+ goodTests := [...]struct {
+ input, expected string
+ }{
+ {http://127.0.0.1;, http://127.0.0.1},
+ {http://127.0.0.1:8080;, http://127.0.0.1:8080},
+ {http://127.0.0.1:8080/;, http://127.0.0.1:8080/},
+ {http://127.0.0.1:8080/path;, http://127.0.0.1:8080/path},
+ {http://[::1];, http://[::1]},
+ {http://[::1]:8080;, http://[::1]:8080},
+ {http://[::1]:8080/;, http://[::1]:8080/},
+ {http://[::1]:8080/path;, http://[::1]:8080/path},
+ {http://localhost;, http://localhost},
+ {http://localhost:8080;, http://localhost:8080},
+ {http://localhost:8080/;, http://localhost:8080/},
+ {http://localhost:8080/path;, http://localhost:8080/path},
+ {http://user@localhost:8080;, http://user@localhost:8080},
+ {http://user:password@localhost:8080;,
http://user:password@localhost:8080},
+ {unknown://localhost/whatever,
unknown://localhost/whatever},
+ }
+
+ os.Clearenv()
+ u, err := PtGetProxyURL()
+ if err != nil {
+ t.Errorf(empty environment unexpectedly returned an error:
%s, err)
+ }
+ if u != nil {
+ t.Errorf(empty environment returned %q, u)
+ }
+
+ for _, input := range badTests {
+ os.Setenv(TOR_PT_PROXY, input)
+ u, err = PtGetProxyURL()
+ if err == nil {
+ t.Errorf(TOR_PT_PROXY=%q unexpectedly succeeded and
returned %q, input, u)
+ }
+ }
+
+ for _, test := range goodTests {
+ os.Setenv(TOR_PT_PROXY, test.input)
+ u, err :=
[tor-commits] [meek/master] Honor a socks4a proxy when roundtripping through the helper.
commit 79e3e5ff285d698636d0ad4b797d89a3f56749e8
Author: David Fifield da...@bamsoftware.com
Date: Sat May 24 23:39:23 2014 -0700
Honor a socks4a proxy when roundtripping through the helper.
---
meek-client/helper.go |7 ---
meek-client/helper_test.go |8
meek-client/meek-client.go | 17 +
meek-client/proxy_test.go |1 +
4 files changed, 26 insertions(+), 7 deletions(-)
diff --git a/meek-client/helper.go b/meek-client/helper.go
index d85ac8d..d349ff7 100644
--- a/meek-client/helper.go
+++ b/meek-client/helper.go
@@ -58,9 +58,10 @@ func makeProxySpec(u *url.URL) (*ProxySpec, error) {
return nil, errors.New(proxy URLs with a username or password
can't be used with the helper)
}
- if u.Scheme == http {
- spec.Type = http
- } else {
+ switch u.Scheme {
+ case http, socks4a:
+ spec.Type = u.Scheme
+ default:
return nil, errors.New(unknown scheme)
}
diff --git a/meek-client/helper_test.go b/meek-client/helper_test.go
index 4a34e35..f33bb38 100644
--- a/meek-client/helper_test.go
+++ b/meek-client/helper_test.go
@@ -19,6 +19,10 @@ func TestMakeProxySpec(t *testing.T) {
url.URL{Scheme: http, User: url.UserPassword(username,
password), Host: localhost:8080},
url.URL{Scheme: http, Host: localhost:-1},
url.URL{Scheme: http, Host: localhost:65536},
+ url.URL{Scheme: socks4a, Host: :},
+ // socks and socks4 are unknown types.
+ url.URL{Scheme: socks, Host: localhost:1080},
+ url.URL{Scheme: socks4, Host: localhost:1080},
url.URL{Scheme: unknown, Host: localhost:},
}
goodTests := [...]struct {
@@ -29,6 +33,10 @@ func TestMakeProxySpec(t *testing.T) {
url.URL{Scheme: http, Host: localhost:8080},
ProxySpec{http, localhost, 8080},
},
+ {
+ url.URL{Scheme: socks4a, Host: localhost:1080},
+ ProxySpec{socks4a, localhost, 1080},
+ },
}
for _, input := range badTests {
diff --git a/meek-client/meek-client.go b/meek-client/meek-client.go
index 72e379f..b4f9dee 100644
--- a/meek-client/meek-client.go
+++ b/meek-client/meek-client.go
@@ -316,10 +316,19 @@ func acceptLoop(ln *pt.SocksListener) error {
// Return an error if this proxy URL doesn't work with the rest of the
// configuration.
func checkProxyURL(u *url.URL) error {
- if options.ProxyURL.Scheme != http {
- return errors.New(fmt.Sprintf(don't understand proxy URL
scheme %q, options.ProxyURL.Scheme))
- }
- if options.HelperAddr != nil {
+ if options.HelperAddr == nil {
+ // Without the helper we only support HTTP proxies.
+ if options.ProxyURL.Scheme != http {
+ return errors.New(fmt.Sprintf(don't understand proxy
URL scheme %q, options.ProxyURL.Scheme))
+ }
+ } else {
+ // With the helper we can use HTTP and SOCKS (because it is the
+ // browser that does the proxying, not us).
+ switch options.ProxyURL.Scheme {
+ case http, socks4a:
+ default:
+ return errors.New(fmt.Sprintf(don't understand proxy
URL scheme %q, options.ProxyURL.Scheme))
+ }
if options.ProxyURL.User != nil {
return errors.New(a proxy URL with a username or
password can't be used with --helper)
}
diff --git a/meek-client/proxy_test.go b/meek-client/proxy_test.go
index 9565101..7ce206f 100644
--- a/meek-client/proxy_test.go
+++ b/meek-client/proxy_test.go
@@ -36,6 +36,7 @@ func TestGetProxyURL(t *testing.T) {
{http://localhost:8080/path;, http://localhost:8080/path},
{http://user@localhost:8080;, http://user@localhost:8080},
{http://user:password@localhost:8080;,
http://user:password@localhost:8080},
+ {socks4a://localhost:1080, socks4a://localhost:1080},
{unknown://localhost/whatever,
unknown://localhost/whatever},
}
___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [meek/master] Enable meek-http-helper to use http, socks5, and socks4a proxies.
commit 5a354f9993a33c5e310141f18f61435c298119d7
Author: David Fifield da...@bamsoftware.com
Date: Sat May 24 19:17:12 2014 -0700
Enable meek-http-helper to use http, socks5, and socks4a proxies.
---
firefox/components/main.js | 16
1 file changed, 16 insertions(+)
diff --git a/firefox/components/main.js b/firefox/components/main.js
index e2a2484..4de9532 100644
--- a/firefox/components/main.js
+++ b/firefox/components/main.js
@@ -12,6 +12,11 @@
// header: {
// Host: meek-reflect.appspot.com,
// X-Session-Id: }
+// },
+// proxy: {
+// type: http,
+// host: proxy.example.com,
+// port: 8080
// }
// }
// The extension makes the request as commanded. It returns the response to the
@@ -131,12 +136,23 @@ MeekHTTPHelper.lookupStatus = function(status) {
//
https://developer.mozilla.org/en-US/docs/XPCOM_Interface_Reference/nsIProxyInfo
// The specification may look like:
// undefined
+// {type: http, host: example.com, port: 8080}
+// {type: socks5, host: example.com, port: 1080}
+// {type: socks4a, host: example.com, port: 1080}
MeekHTTPHelper.buildProxyInfo = function(spec) {
//
https://developer.mozilla.org/en-US/docs/Mozilla/Tech/XPCOM/Reference/Interface/nsIProxyInfo#Constants
var flags =
Components.interfaces.nsIProxyInfo.TRANSPARENT_PROXY_RESOLVES_HOST;
if (spec === undefined) {
// direct; i.e., no proxy. This is the default.
return MeekHTTPHelper.proxyProtocolService.newProxyInfo(direct, ,
0, flags, 0x, null);
+} else if (spec.type === http) {
+return MeekHTTPHelper.proxyProtocolService.newProxyInfo(http,
spec.host, spec.port, flags, 0x, null);
+} else if (spec.type === socks5) {
+// socks5 is tor's name. socks is XPCOM's name.
+return MeekHTTPHelper.proxyProtocolService.newProxyInfo(socks,
spec.host, spec.port, flags, 0x, null);
+} else if (spec.type === socks4a) {
+// socks4a is tor's name. socks4 is XPCOM's name.
+return MeekHTTPHelper.proxyProtocolService.newProxyInfo(socks4,
spec.host, spec.port, flags, 0x, null);
}
return null;
};
___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [meek/master] Add some commented test cases to think about.
commit 40007e4fa55f77e4657bbc8931f8d540c002057d
Author: David Fifield da...@bamsoftware.com
Date: Sun May 25 11:18:33 2014 -0700
Add some commented test cases to think about.
It may make sense for use to ensure that the proxy URL has a separable
host name and port. On the other hand, that's one of the error
conditions the application is going to have to check for anyway when it
goes to connect to the proxy.
---
meek-client/proxy_test.go | 10 ++
1 file changed, 10 insertions(+)
diff --git a/meek-client/proxy_test.go b/meek-client/proxy_test.go
index d26362d..77123b9 100644
--- a/meek-client/proxy_test.go
+++ b/meek-client/proxy_test.go
@@ -40,6 +40,16 @@ func TestGetProxyURL(t *testing.T) {
{socks4a://localhost:1080, socks4a://localhost:1080},
{unknown://localhost/whatever,
unknown://localhost/whatever},
}
+ /*
+ No port: reject; or infer from scheme?
+ http://localhost
+ socks4a://localhost
+ socks5://localhost
+ Port without host: probably reject?
+ http://:8080
+ socks4a://:1080
+ socks5://:1080
+ */
os.Clearenv()
u, err := PtGetProxyURL()
___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [meek/master] Honor an http proxy when roundtripping through the helper.
commit bb22b14120357f084d7e63d26c3ee493bc270236
Author: David Fifield da...@bamsoftware.com
Date: Sat May 24 22:37:17 2014 -0700
Honor an http proxy when roundtripping through the helper.
---
meek-client/helper.go | 55
meek-client/helper_test.go | 50
meek-client/meek-client.go |4 +++-
3 files changed, 108 insertions(+), 1 deletion(-)
diff --git a/meek-client/helper.go b/meek-client/helper.go
index 49423fb..d85ac8d 100644
--- a/meek-client/helper.go
+++ b/meek-client/helper.go
@@ -10,6 +10,8 @@ import (
io/ioutil
net
net/http
+ net/url
+ strconv
time
)
@@ -21,6 +23,7 @@ type JSONRequest struct {
URLstring`json:url,omitempty`
Header map[string]string `json:header,omitempty`
Body []byte`json:body,omitempty`
+ Proxy *ProxySpec`json:proxy,omitempty`
}
type JSONResponse struct {
@@ -29,6 +32,54 @@ type JSONResponse struct {
Body []byte `json:body`
}
+// ProxySpec encodes information we need to connect through a proxy.
+type ProxySpec struct {
+ // Acceptable values for Type are as in proposal 232: http, socks5,
+ // or socks4a.
+ Type string `json:type`
+ Host string `json:host`
+ Port int`json:port`
+}
+
+// Return a ProxySpec suitable for the proxy URL in u.
+func makeProxySpec(u *url.URL) (*ProxySpec, error) {
+ spec := new(ProxySpec)
+ var err error
+ var portStr string
+ var port uint64
+
+ if u == nil {
+ // No proxy.
+ return nil, nil
+ }
+
+ // Firefox's nsIProxyInfo doesn't allow credentials.
+ if u.User != nil {
+ return nil, errors.New(proxy URLs with a username or password
can't be used with the helper)
+ }
+
+ if u.Scheme == http {
+ spec.Type = http
+ } else {
+ return nil, errors.New(unknown scheme)
+ }
+
+ spec.Host, portStr, err = net.SplitHostPort(u.Host)
+ if err != nil {
+ return nil, err
+ }
+ if spec.Host == {
+ return nil, errors.New(missing host)
+ }
+ port, err = strconv.ParseUint(portStr, 10, 16)
+ if err != nil {
+ return nil, err
+ }
+ spec.Port = int(port)
+
+ return spec, nil
+}
+
// Do an HTTP roundtrip through the configured browser extension, using the
// payload data in buf and the request metadata in info.
func roundTripWithHelper(buf []byte, info *RequestInfo) (*http.Response,
error) {
@@ -49,6 +100,10 @@ func roundTripWithHelper(buf []byte, info *RequestInfo)
(*http.Response, error)
if info.Host != {
req.Header[Host] = info.Host
}
+ req.Proxy, err = makeProxySpec(options.ProxyURL)
+ if err != nil {
+ return nil, err
+ }
encReq, err := json.Marshal(req)
if err != nil {
return nil, err
diff --git a/meek-client/helper_test.go b/meek-client/helper_test.go
new file mode 100644
index 000..4a34e35
--- /dev/null
+++ b/meek-client/helper_test.go
@@ -0,0 +1,50 @@
+package main
+
+import (
+ net/url
+ testing
+)
+
+func TestMakeProxySpec(t *testing.T) {
+ badTests := [...]url.URL{
+ url.URL{Scheme: http},
+ url.URL{Scheme: http, Host: :},
+ url.URL{Scheme: http, Host: localhost},
+ url.URL{Scheme: http, Host: localhost:},
+ url.URL{Scheme: http, Host: :8080},
+ url.URL{Scheme: http, Host: localhost:https},
+ url.URL{Scheme: http, Host: localhost:8080, User:
url.User(username)},
+ url.URL{Scheme: http, Host: localhost:8080, User:
url.UserPassword(username, password)},
+ url.URL{Scheme: http, User: url.User(username), Host:
localhost:8080},
+ url.URL{Scheme: http, User: url.UserPassword(username,
password), Host: localhost:8080},
+ url.URL{Scheme: http, Host: localhost:-1},
+ url.URL{Scheme: http, Host: localhost:65536},
+ url.URL{Scheme: unknown, Host: localhost:},
+ }
+ goodTests := [...]struct {
+ inputurl.URL
+ expected ProxySpec
+ }{
+ {
+ url.URL{Scheme: http, Host: localhost:8080},
+ ProxySpec{http, localhost, 8080},
+ },
+ }
+
+ for _, input := range badTests {
+ _, err := makeProxySpec(input)
+ if err == nil {
+ t.Errorf(%q unexpectedly succeeded, input)
+ }
+ }
+
+ for _, test := range goodTests {
+ spec, err := makeProxySpec(test.input)
+ if err != nil {
+ t.Fatalf(%q unexpectedly returned an error:
[tor-commits] [meek/master] Set the TRANSPARENT_PROXY_RESOLVES_HOST proxy flag.
commit 529045fe726aa21dff052a00e57fabec6aa8cdc8
Author: David Fifield da...@bamsoftware.com
Date: Sat May 24 19:16:25 2014 -0700
Set the TRANSPARENT_PROXY_RESOLVES_HOST proxy flag.
This flag has no effect for the direct proxy type, but we'll want to
set it uniformly for all other proxy types.
---
firefox/components/main.js |3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/firefox/components/main.js b/firefox/components/main.js
index e1284f0..e2a2484 100644
--- a/firefox/components/main.js
+++ b/firefox/components/main.js
@@ -133,9 +133,10 @@ MeekHTTPHelper.lookupStatus = function(status) {
// undefined
MeekHTTPHelper.buildProxyInfo = function(spec) {
//
https://developer.mozilla.org/en-US/docs/Mozilla/Tech/XPCOM/Reference/Interface/nsIProxyInfo#Constants
+var flags =
Components.interfaces.nsIProxyInfo.TRANSPARENT_PROXY_RESOLVES_HOST;
if (spec === undefined) {
// direct; i.e., no proxy. This is the default.
-return MeekHTTPHelper.proxyProtocolService.newProxyInfo(direct, ,
0, 0, 0x, null);
+return MeekHTTPHelper.proxyProtocolService.newProxyInfo(direct, ,
0, flags, 0x, null);
}
return null;
};
___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [meek/master] Honor a socks5 proxy when roundtripping through the helper.
commit 3aab55c820d25a9881b66982589573057a67c5b1
Author: David Fifield da...@bamsoftware.com
Date: Sat May 24 23:39:57 2014 -0700
Honor a socks5 proxy when roundtripping through the helper.
---
meek-client/helper.go |2 +-
meek-client/helper_test.go |5 +
meek-client/meek-client.go |2 +-
meek-client/proxy_test.go |1 +
4 files changed, 8 insertions(+), 2 deletions(-)
diff --git a/meek-client/helper.go b/meek-client/helper.go
index d349ff7..872f401 100644
--- a/meek-client/helper.go
+++ b/meek-client/helper.go
@@ -59,7 +59,7 @@ func makeProxySpec(u *url.URL) (*ProxySpec, error) {
}
switch u.Scheme {
- case http, socks4a:
+ case http, socks5, socks4a:
spec.Type = u.Scheme
default:
return nil, errors.New(unknown scheme)
diff --git a/meek-client/helper_test.go b/meek-client/helper_test.go
index f33bb38..291ab11 100644
--- a/meek-client/helper_test.go
+++ b/meek-client/helper_test.go
@@ -19,6 +19,7 @@ func TestMakeProxySpec(t *testing.T) {
url.URL{Scheme: http, User: url.UserPassword(username,
password), Host: localhost:8080},
url.URL{Scheme: http, Host: localhost:-1},
url.URL{Scheme: http, Host: localhost:65536},
+ url.URL{Scheme: socks5, Host: :},
url.URL{Scheme: socks4a, Host: :},
// socks and socks4 are unknown types.
url.URL{Scheme: socks, Host: localhost:1080},
@@ -34,6 +35,10 @@ func TestMakeProxySpec(t *testing.T) {
ProxySpec{http, localhost, 8080},
},
{
+ url.URL{Scheme: socks5, Host: localhost:1080},
+ ProxySpec{socks5, localhost, 1080},
+ },
+ {
url.URL{Scheme: socks4a, Host: localhost:1080},
ProxySpec{socks4a, localhost, 1080},
},
diff --git a/meek-client/meek-client.go b/meek-client/meek-client.go
index b4f9dee..0093cc0 100644
--- a/meek-client/meek-client.go
+++ b/meek-client/meek-client.go
@@ -325,7 +325,7 @@ func checkProxyURL(u *url.URL) error {
// With the helper we can use HTTP and SOCKS (because it is the
// browser that does the proxying, not us).
switch options.ProxyURL.Scheme {
- case http, socks4a:
+ case http, socks5, socks4a:
default:
return errors.New(fmt.Sprintf(don't understand proxy
URL scheme %q, options.ProxyURL.Scheme))
}
diff --git a/meek-client/proxy_test.go b/meek-client/proxy_test.go
index 7ce206f..d26362d 100644
--- a/meek-client/proxy_test.go
+++ b/meek-client/proxy_test.go
@@ -36,6 +36,7 @@ func TestGetProxyURL(t *testing.T) {
{http://localhost:8080/path;, http://localhost:8080/path},
{http://user@localhost:8080;, http://user@localhost:8080},
{http://user:password@localhost:8080;,
http://user:password@localhost:8080},
+ {socks5://localhost:1080, socks5://localhost:1080},
{socks4a://localhost:1080, socks4a://localhost:1080},
{unknown://localhost/whatever,
unknown://localhost/whatever},
}
___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [meek/master] Read proxy from managed configuration.
commit c96a7cfd895ea7e273c2a21f8751238b289770e0
Author: David Fifield da...@bamsoftware.com
Date: Sat May 24 21:52:55 2014 -0700
Read proxy from managed configuration.
---
meek-client/meek-client.go | 41 -
1 file changed, 36 insertions(+), 5 deletions(-)
diff --git a/meek-client/meek-client.go b/meek-client/meek-client.go
index 441120f..5f7228e 100644
--- a/meek-client/meek-client.go
+++ b/meek-client/meek-client.go
@@ -277,7 +277,8 @@ func handler(conn *pt.SocksConn) error {
info.URL.Host = front
}
- // First check proxy= SOCKS arg, then --proxy option.
+ // First check proxy= SOCKS arg, then --proxy option/managed
+ // configuration.
proxy, ok := conn.Req.Args.Get(proxy)
if ok {
info.ProxyURL, err = url.Parse(proxy)
@@ -312,6 +313,18 @@ func acceptLoop(ln *pt.SocksListener) error {
return nil
}
+// Return an error if this proxy URL doesn't work with the rest of the
+// configuration.
+func checkProxyURL(u *url.URL) error {
+ if options.ProxyURL.Scheme != http {
+ return errors.New(fmt.Sprintf(don't understand proxy URL
scheme %q, options.ProxyURL.Scheme))
+ }
+ if options.HelperAddr != nil {
+ return errors.New(--helper can't be used with an upstream
proxy)
+ }
+ return nil
+}
+
func main() {
var helperAddr string
var logFilename string
@@ -334,10 +347,6 @@ func main() {
log.SetOutput(f)
}
- if helperAddr != proxy != {
- log.Fatalf(--helper and --http-proxy can't be used together)
- }
-
if helperAddr != {
options.HelperAddr, err = net.ResolveTCPAddr(tcp, helperAddr)
if err != nil {
@@ -357,6 +366,28 @@ func main() {
if err != nil {
log.Fatalf(error in ClientSetup: %s, err)
}
+ ptProxyURL, err := PtGetProxyURL()
+ if err != nil {
+ PtProxyError(err.Error())
+ log.Fatalf(can't get managed proxy configuration: %s, err)
+ }
+
+ // Command-line proxy overrides managed configuration.
+ if options.ProxyURL == nil {
+ options.ProxyURL = ptProxyURL
+ }
+ // Check whether we support this kind of proxy.
+ if options.ProxyURL != nil {
+ err = checkProxyURL(options.ProxyURL)
+ if err != nil {
+ PtProxyError(err.Error())
+ log.Fatal(fmt.Sprintf(proxy error: %s, err))
+ }
+ log.Printf(using proxy %s, options.ProxyURL.String())
+ if ptProxyURL != nil {
+ PtProxyDone()
+ }
+ }
listeners := make([]net.Listener, 0)
for _, methodName := range ptInfo.MethodNames {
___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [meek/master] Retry the HTTP roundtrip a few times if it fails the first time.
commit ff595f26a6be2c4ca58637e04c012b804e69617e
Author: David Fifield da...@bamsoftware.com
Date: Sat May 10 17:41:22 2014 -0700
Retry the HTTP roundtrip a few times if it fails the first time.
Try sending a request up to 10 times, with 30 seconds in between each
try.
App Engine seems to return a run of 500 errors a few times a day, for
reasons that are not obvious. It appears that most of the time, just
trying a request again after a few seconds makes it start working again.
Previously, we were giving up on a circuit the first time a request
failed.
Retrying a request doesn't make conceptual sense, because we don't know
if the remote server received the bytes we sent already. (We don't know
whether the error happened on the way out or on the way back.) But it
seems that in practice the error usually happens on the way out.
Retrying a few times is working better for me for long-lived
connections. My system tor is getting disconnected from IRC only about
zero or one time a day, rather than the five or six times it was getting
without retries.
A retry looks like this:
2014/05/27 08:58:07 status code was 500, not 200; trying again after 30
seconds (9)
Occasionally all the retries will still fail. It looks like:
2014/05/28 00:02:21 status code was 500, not 200; trying again after 30
seconds (9)
2014/05/28 00:02:51 status code was 500, not 200; trying again after 30
seconds (8)
2014/05/28 00:03:22 status code was 500, not 200; trying again after 30
seconds (7)
2014/05/28 00:03:54 status code was 500, not 200; trying again after 30
seconds (6)
2014/05/28 00:04:24 status code was 500, not 200; trying again after 30
seconds (5)
2014/05/28 00:04:54 status code was 500, not 200; trying again after 30
seconds (4)
2014/05/28 00:05:25 status code was 500, not 200; trying again after 30
seconds (3)
2014/05/28 00:05:55 status code was 500, not 200; trying again after 30
seconds (2)
2014/05/28 00:06:25 status code was 500, not 200; trying again after 30
seconds (1)
2014/05/28 00:06:55 error in handling request: status code was 500, not 200
---
meek-client/meek-client.go | 45 +++-
1 file changed, 36 insertions(+), 9 deletions(-)
diff --git a/meek-client/meek-client.go b/meek-client/meek-client.go
index 0093cc0..441348d 100644
--- a/meek-client/meek-client.go
+++ b/meek-client/meek-client.go
@@ -70,6 +70,10 @@ const (
// Geometric increase in the polling interval each time we fail to read
// data.
pollIntervalMultiplier = 1.5
+ // Try an HTTP roundtrip at most this many times.
+ maxTries = 10
+ // Wait this long between retries.
+ retryDelay = 30 * time.Second
// Safety limits on interaction with the HTTP helper.
maxHelperResponseLength = 1000
helperReadTimeout = 60 * time.Second
@@ -127,23 +131,46 @@ func roundTripWithHTTP(buf []byte, info *RequestInfo)
(*http.Response, error) {
return tr.RoundTrip(req)
}
-// Send the data in buf to the remote URL, wait for a reply, and feed the reply
-// body back into conn.
-func sendRecv(buf []byte, conn net.Conn, info *RequestInfo) (int64, error) {
+// Do a roundtrip, trying at most limit times if there is an HTTP status other
+// than 200. In case all tries result in error, returns the last error seen.
+//
+// Retrying the request immediately is a bit bogus, because we don't know if
the
+// remote server received our bytes or not, so we may be sending duplicates,
+// which will cause the connection to die. The alternative, though, is to just
+// kill the connection immediately. A better solution would be a system of
+// acknowledgements so we know what to resend after an error.
+func roundTripRetries(buf []byte, info *RequestInfo, limit int)
(*http.Response, error) {
roundTrip := roundTripWithHTTP
if options.HelperAddr != nil {
roundTrip = roundTripWithHelper
}
- resp, err := roundTrip(buf, info)
+ var resp *http.Response
+ var err error
+again:
+ limit--
+ resp, err = roundTrip(buf, info)
+ // Retry only if the HTTP roundtrip completed without error, but
+ // returned a status other than 200. Other kinds of errors and success
+ // with 200 always return immediately.
+ if err == nil resp.StatusCode != http.StatusOK {
+ err = errors.New(fmt.Sprintf(status code was %d, not %d,
resp.StatusCode, http.StatusOK))
+ if limit 0 {
+ log.Printf(%s; trying again after %.f seconds (%d),
err, retryDelay.Seconds(), limit)
+ time.Sleep(retryDelay);
+ goto again
+ }
+ }
+ return resp, err
+}
+
+// Send the data in buf to the remote URL, wait for a reply, and feed the reply
+// body back
[tor-commits] [user-manual/master] Enable out-of-source-tree builds
commit 44a3777eb38d94319871ba97b25af8b8aa60e50e Author: Lunar lu...@torproject.org Date: Wed May 28 09:22:25 2014 +0200 Enable out-of-source-tree builds One can now do: mkdir build-tree cd build-tree ../user-manual/configure --with-tor-browser-bundle=../tor-browser-bundle make html Easy part was sprinkling Makefile.am with appropriate $(srcdir). Symlinks to the media needs to be done to localized version or to C version as a fallback. Less funny was how to deal with xi:include / for the version number. We use the `-p` option of yelp-build to specify a search path. Works great. But there's no such option to `itstool` and it errors out if it's unable to find `type=text` includes (to get include them in translation strings, I presume). So we now include the Tor Browser version in an XML file instead. Gotcha: yelp rules uses the presence of the C directory to detect if it's an out-of-tree build. So we must not create a C directory when building. Let's also re-add a missing variable substitution in configure.ac. --- C/index.page |6 +- Makefile.am| 17 +++-- configure.ac |3 ++- include/tor-browser-version.xml.in |2 ++ tor-browser-version.txt.in |1 - 5 files changed, 20 insertions(+), 9 deletions(-) diff --git a/C/index.page b/C/index.page index 764fcde..191839f 100644 --- a/C/index.page +++ b/C/index.page @@ -6,6 +6,10 @@ titleTor Browser User Manual/title p its:locNote=lt;span/gt; will be replaced by current Tor Browser version Version: -span its:translate=noxi:include href=../tor-browser-version.txt parse=text//span +span its:translate=no + xi:include href=tor-browser-version.xml parse=xml xpointer=xpointer(//text())) +xi:fallbackUNKNOWN/xi:fallback + /xi:include +/span /p /page diff --git a/Makefile.am b/Makefile.am index a0dfb8d..672ae9e 100644 --- a/Makefile.am +++ b/Makefile.am @@ -6,8 +6,8 @@ MAL2LATEX = ../mal2latex TOR_AND_HTTPS = ../tor-and-https HELP_ID = tor-browser-user-manual -HELP_FILES = $(shell cd C git ls-files '*.page') -HELP_MEDIA = $(shell cd C git ls-files 'media') +HELP_FILES = $(shell cd $(srcdir)/C git ls-files '*.page') +HELP_MEDIA = $(shell cd $(srcdir)/C git ls-files 'media') HELP_PLATFORMS = windows macosx linux HELP_LINGUAS = @TOR_BROWSER_BUNDLE_LOCALES@ @@ -17,7 +17,8 @@ html: all media-symlinks.stamp for lc in C $(HELP_LINGUAS); do \ for platform in $(HELP_PLATFORMS); do \ mkdir -p html/$$platform/$$lc; \ - yelp-build html -x platform-$$platform.xslt \ + yelp-build html -p include \ + -x $(srcdir)/platform-$$platform.xslt \ -o html/$$platform/$$lc $$lc; \ done; \ done @@ -38,13 +39,17 @@ pdf: all media-symlinks.stamp done; \ done; -media-symlinks.stamp: all +media-symlinks.stamp: set -e \ - for lc in C $(HELP_LINGUAS); do \ + for lc in $(HELP_LINGUAS); do \ for media in $(HELP_MEDIA); do \ if ! [ -f $$lc/$$media ]; then \ mkdir -p $$(dirname $$lc/$$media); \ - ln -nsf ../../C/$$media $$lc/$$media; \ + if [ -f $(srcdir)/$$lc/$$media ]; then \ + ln -nsf $(abs_srcdir)/$$lc/$$media $$lc/$$media; \ + else \ + ln -nsf $(abs_srcdir)/C/$$media $$lc/$$media; \ + fi; \ fi; \ done; \ done diff --git a/configure.ac b/configure.ac index ed8bbcf..a1b12f7 100644 --- a/configure.ac +++ b/configure.ac @@ -19,11 +19,12 @@ if test x$TOR_BROWSER_VERSION = x; then fi TOR_BROWSER_BUNDLE_LOCALES=$(. $VERSIONS_PATH; echo $BUNDLE_LOCALES) +AC_SUBST(TOR_BROWSER_VERSION) AC_SUBST(TOR_BROWSER_BUNDLE_LOCALES) YELP_HELP_INIT AC_CONFIG_FILES([Makefile - tor-browser-version.txt]) + include/tor-browser-version.xml]) AC_OUTPUT diff --git a/include/tor-browser-version.xml.in b/include/tor-browser-version.xml.in new file mode 100644 index 000..8cf6628 --- /dev/null +++ b/include/tor-browser-version.xml.in @@ -0,0 +1,2 @@ +?xml version=1.0 encoding=UTF-8? +sys@TOR_BROWSER_VERSION@/sys diff --git a/tor-browser-version.txt.in b/tor-browser-version.txt.in deleted file mode 100644 index c675947..000 --- a/tor-browser-version.txt.in +++
[tor-commits] [tor-browser-bundle/master] Bug 10425: Adding the geoip6 files.
commit 1ace63b0a4f9d74206e72f25e389f0f8a82f5416 Author: Georg Koppen g...@torproject.org Date: Wed May 28 09:56:37 2014 + Bug 10425: Adding the geoip6 files. --- gitian/descriptors/linux/gitian-tor.yml |1 + gitian/descriptors/mac/gitian-tor.yml |8 +--- gitian/descriptors/windows/gitian-tor.yml |2 +- 3 files changed, 7 insertions(+), 4 deletions(-) diff --git a/gitian/descriptors/linux/gitian-tor.yml b/gitian/descriptors/linux/gitian-tor.yml index 2b0b9ab..27e242b 100644 --- a/gitian/descriptors/linux/gitian-tor.yml +++ b/gitian/descriptors/linux/gitian-tor.yml @@ -92,6 +92,7 @@ script: | make $MAKEOPTS make install cp $INSTDIR/share/tor/geoip $INSTDIR/Data/Tor/ + cp $INSTDIR/share/tor/geoip6 $INSTDIR/Data/Tor/ # Strip and generate debuginfo for libs cd $INSTDIR objcopy --only-keep-debug $INSTDIR/bin/tor $INSTDIR/Debug/Tor/tor diff --git a/gitian/descriptors/mac/gitian-tor.yml b/gitian/descriptors/mac/gitian-tor.yml index be4edd2..054e1a8 100644 --- a/gitian/descriptors/mac/gitian-tor.yml +++ b/gitian/descriptors/mac/gitian-tor.yml @@ -53,7 +53,8 @@ script: | unzip -d $INSTDIR libevent-mac32-utils.zip cp $INSTDIR/libevent/lib/libevent-*.dylib $INSTDIR/TorBrowserBundle.app/Tor/ LIBEVENT_FILE=`basename $INSTDIR/libevent/lib/libevent-*.dylib` - # + + # Building tor # XXX Clean up these flags? export CFLAGS=-I/usr/lib/apple/SDKs/MacOSX10.6.sdk/usr/include/ -I/usr/lib/gcc/i686-apple-darwin10/4.2.1/include/ -I. -L/usr/lib/apple/SDKs/MacOSX10.6.sdk/usr/lib/ -L/usr/lib/apple/SDKs/MacOSX10.6.sdk/usr/lib/system/ -mmacosx-version-min=10.5 export LDFLAGS=-L/usr/lib/apple/SDKs/MacOSX10.6.sdk/usr/lib/ -L/usr/lib/apple/SDKs/MacOSX10.6.sdk/usr/lib/system/ -mmacosx-version-min=10.5 @@ -89,10 +90,11 @@ script: | cd $INSTDIR cp bin/tor TorBrowserBundle.app/Tor/ cp share/tor/geoip TorBrowserBundle.app/Data/Tor/ + cp share/tor/geoip6 TorBrowserBundle.app/Data/Tor/ cd TorBrowserBundle.app/Tor/ i686-apple-darwin11-install_name_tool -change $INSTDIR/libevent/lib/$LIBEVENT_FILE @executable_path/$LIBEVENT_FILE tor - # XXX: Geoip files.. - # + + # Grabbing the result cd $INSTDIR ~/build/dzip.sh tor-mac32-gbuilt.zip TorBrowserBundle.app cp tor-mac32-gbuilt.zip $OUTDIR/ diff --git a/gitian/descriptors/windows/gitian-tor.yml b/gitian/descriptors/windows/gitian-tor.yml index d3f1d4e..aea69b9 100644 --- a/gitian/descriptors/windows/gitian-tor.yml +++ b/gitian/descriptors/windows/gitian-tor.yml @@ -94,7 +94,7 @@ script: | cd .. install -s $INSTDIR/bin/tor.exe $INSTDIR/Tor/ cp $INSTDIR/share/tor/geoip $INSTDIR/Data/Tor/ - # XXX: Geoip files.. + cp $INSTDIR/share/tor/geoip6 $INSTDIR/Data/Tor/ cp -a /usr/lib/gcc/i686-w64-mingw32/4.6/libgcc_s_sjlj-1.dll $INSTDIR/Tor/ cp -a /usr/lib/gcc/i686-w64-mingw32/4.6/libssp*.dll $INSTDIR/Tor/ ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [user-manual/master] Add missing build dependency to README
commit dc9826402be19fd8822932e79851364911555ef5 Author: Lunar lu...@torproject.org Date: Wed May 28 10:08:07 2014 +0200 Add missing build dependency to README --- README |2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README b/README index debf14e..17202cf 100644 --- a/README +++ b/README @@ -10,7 +10,7 @@ Building the HTML version Required dependencies on Debian: -autoconf yelp-tools yelp-xsl intltool +git autoconf yelp-tools yelp-xsl intltool Bootstrap: ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [user-manual/master] Restore compatibility with yelp-tools 3.4
commit 298acf26d0fdb323caf44355b332e1c2144f60ac Author: Lunar lu...@torproject.org Date: Wed May 28 14:44:00 2014 +0200 Restore compatibility with yelp-tools 3.4 Unfortunately, this requires us to add a en-US lingua (because we can't create a C directory without breaking out-of-tree builds). --- Makefile.am| 14 +- en-US/en-US.po | 451 2 files changed, 460 insertions(+), 5 deletions(-) diff --git a/Makefile.am b/Makefile.am index 9f11906..a45aac7 100644 --- a/Makefile.am +++ b/Makefile.am @@ -9,16 +9,20 @@ HELP_ID = tor-browser-user-manual HELP_FILES = $(shell cd $(srcdir)/C git ls-files '*.page') HELP_MEDIA = $(shell cd $(srcdir)/C git ls-files 'media') HELP_PLATFORMS = windows macosx linux -HELP_LINGUAS = @TOR_BROWSER_BUNDLE_LOCALES@ +HELP_LINGUAS = en-US @TOR_BROWSER_BUNDLE_LOCALES@ .PHONY: html html: all media-symlinks.stamp set -e \ - for lc in C $(HELP_LINGUAS); do \ + for lc in $(HELP_LINGUAS); do \ + includes=$$(find include -maxdepth 1 -type f) ; \ + for file in $$includes; do \ + mkdir -p $$(dirname $$file); \ + ln -nsf ../$$file $$lc/$$(basename $$file); \ + done; \ for platform in $(HELP_PLATFORMS); do \ mkdir -p html/$$platform/$$lc; \ - yelp-build html -p include \ - -x $(srcdir)/platform-$$platform.xslt \ + yelp-build html -x $(srcdir)/platform-$$platform.xslt \ -o html/$$platform/$$lc $$lc; \ for ttf in $$lc/media/*.ttf; do \ cp --preserve=timestamps $$ttf html/$$platform/$$lc/media; \ @@ -29,7 +33,7 @@ html: all media-symlinks.stamp .PHONY: pdf pdf: all media-symlinks.stamp set -e \ - for lc in C $(HELP_LINGUAS); do \ + for lc in $(HELP_LINGUAS); do \ for platform in $(HELP_PLATFORMS); do \ PDF_DIR=pdf/$$platform/$$lc; \ LATEX_FILE=$(HELP_ID)-$$lc.latex; \ diff --git a/en-US/en-US.po b/en-US/en-US.po new file mode 100644 index 000..12ef3eb --- /dev/null +++ b/en-US/en-US.po @@ -0,0 +1,451 @@ +msgid +msgstr +Project-Id-Version: PACKAGE VERSION\n +POT-Creation-Date: 2014-05-27 18:03+0200\n +PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n +Last-Translator: FULL NAME EMAIL@ADDRESS\n +Language-Team: LANGUAGE l...@li.org\n +MIME-Version: 1.0\n +Content-Type: text/plain; charset=UTF-8\n +Content-Transfer-Encoding: 8bit\n + +#. Put one translator per line, in the form NAME EMAIL, YEAR1, YEAR2 +msgctxt _ +msgid translator-credits +msgstr + +#. This is a reference to an external file such as an image or video. When +#. the file changes, the md5 hash will change to let you know you need to +#. update your localized copy. The msgstr is not used at all. Set it to +#. whatever you like once you have updated your copy of the file. +#: C/bridges.page:143(media) +msgctxt _ +msgid external ref='media/tor-launcher-custom-bridges_en-US.png' md5='93365c2aa3fb4d627497e83f28a39b7e' +msgstr + +#: C/bridges.page:7(info/desc) +msgid What bridges are and how to use them. +msgstr + +#: C/bridges.page:11(page/title) +msgid Bridges +msgstr + +#: C/bridges.page:13(page/p) +msgid Bridges are quiet gateways into the Tor Network. Like Tor relays, they are run by volunteers. Unlike relays, they are not listed publicly. Using bridges disguise the fact that one is using Tor. +msgstr + +#: C/bridges.page:19(page/p) +msgid Currently there are five bridge types, or transports, available. More are being developed. +msgstr + +#: C/bridges.page:26(td/p) +msgid ORPort +msgstr + +#: C/bridges.page:31(td/p) +msgid Requesting 'bridges' without specifying the bridge type, will return ORPort bridges, also called Vanilla bridges. ORPort bridges are NOT reliable for circumventing censorship or national firewalls. ORPort bridges can be useful as trusted entry points into the Tor network. +msgstr + +#: C/bridges.page:41(td/p) +msgid obfs2 +msgstr + +#: C/bridges.page:46(td/p) +msgid Censors have learned how to identify obfs2 bridges. This transport is being deprecated. +msgstr + +#: C/bridges.page:54(td/p) +msgid obfs3 +msgstr + +#: C/bridges.page:59(td/p) +msgid Obfsproxy disguises Tor traffic as random noise. obfs3 bridges work almost everywhere. A few obfs3 bridges have been blocked. +msgstr + +#: C/bridges.page:67(td/p) +msgid Scramblesuit +msgstr + +#: C/bridges.page:72(td/p) +msgid Scramblesuit is an additional tool for the obfsproxy transport. Scramblesuit bridges are designed to be hard to identify and hard to block. +msgstr + +#:
[tor-commits] [torspec/master] tweak proposal 220 based on comments from george, nick hopper
commit 3762272611aca1ffd0c5896d713c94ecf98b8f47 Author: Nick Mathewson ni...@torproject.org Date: Wed May 28 09:21:29 2014 -0400 tweak proposal 220 based on comments from george, nick hopper --- proposals/220-ecc-id-keys.txt | 42 ++--- 1 file changed, 23 insertions(+), 19 deletions(-) diff --git a/proposals/220-ecc-id-keys.txt b/proposals/220-ecc-id-keys.txt index 94ec9a3..6f60ca5 100644 --- a/proposals/220-ecc-id-keys.txt +++ b/proposals/220-ecc-id-keys.txt @@ -78,8 +78,8 @@ Status: Draft EXPIRATION_DATE [3 Bytes] CERT_KEY_TYPE [1 byte] CERTIFIED_KEY [32 Bytes] - EXTENSIONS [variable length, up to length of certificate - minus 64 bytes.] + N_EXTENSIONS[1 byte] + EXTENSIONS [N_EXTENSIONS times] SIGNATURE [64 Bytes] The VERSION field holds the value [01]. The CERT_TYPE field @@ -94,14 +94,19 @@ Status: Draft The EXTENSIONS field contains zero or more extensions, each of the format: - ExtLength [1 or 2 bytes] - ExtType [1 or 2 bytes] + ExtLength [2 bytes] + ExtType [1 byte] + ExtFlags [1 byte] ExtData [Length bytes] - The ExtLength and ExtType fields can represent values between 0 - and 2^15-1, representing values under 128 as 0xxx and - values over 128 as 1xxx . The meaning of the - ExtData field in an extension is type-dependent. + The meaning of the ExtData field in an extension is type-dependent. + + The ExtFlags field holds flags; this flag is currently defined: + + 1 -- AFFECTS_VALIDATION. If this flag is present, then the + extension affects whether the certificate is valid; clients + must not accept the certificate as valid unless they + understand the extension. It is an error for an extension to be truncated; such a certificate is invalid. @@ -142,8 +147,10 @@ Status: Draft SIGNATURE [64 Bytes] FIXED_PREFIX is REVOKEID or REVOKESK. VERSION is [01]. KEYTYPE is - [01] for revoking a signing key or [02] for revoking an identity key. - REVOKED_KEY is the key being revoked; IDENTITY_KEY is the node's + [01] for revoking a signing key, [02] for revoking an identity key, + or [03] for revoking an RSA identity key. + REVOKED_KEY is the key being revoked or a SHA256 hash of the key if + it is an RSA identity key; IDENTITY_KEY is the node's Ed25519 identity key. PUBLISHED is the time that the document was generated, in seconds since the epoch. REV_EXTENSIONS is left for a future version of this document. The SIGNATURE is generated with @@ -194,10 +201,11 @@ Status: Draft When an identity-ed25519 element is present, there must also be a router-signature-ed25519 element. It MUST be the next-to-last element in the descriptor, appearing immediately before the RSA - signature. It MUST contain an ed25519 signature of the entire - document, from the first character up to but not including the - router-signature-ed25519 element, prefixed with the string Tor - router descriptor signature v1. Its format is: + signature. (In future versions of the descriptor format that do not + require an RSA identity key, it MUST be last.) It MUST contain an + ed25519 signature of the entire document, from the first character up + to but not including the router-signature-ed25519 element, prefixed + with the string Tor router descriptor signature v1. Its format is: router-signature-ed25519 SP signature NL @@ -285,10 +293,6 @@ Status: Draft 0.2.4 without being de-listed from the consensus. - [XXX I could specify a way to do a signed I'm downgrading for a - while! statement, and kludge some code back into 0.2.4.x to better - support that?] - 3.2. Formats Vote and microdescriptor documents now contain an optional id @@ -404,7 +408,7 @@ Status: Draft certificate, and an authentication certificate signed with the identity key. The AUTHENTICATE cell contains a signature of various fields, including the contents of the AUTH_CHALLENGE - which the server sent cell, using the client's authentication + which the server sent, using the client's authentication key. These cells allow the client to authenticate to the server. ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [torspec/master] Remove an obsolete 220 question, spotted by George
commit 790f670db11ee4eab906bcc554bb1ec403242db7 Author: Nick Mathewson ni...@torproject.org Date: Wed May 28 09:42:48 2014 -0400 Remove an obsolete 220 question, spotted by George --- proposals/220-ecc-id-keys.txt |3 --- 1 file changed, 3 deletions(-) diff --git a/proposals/220-ecc-id-keys.txt b/proposals/220-ecc-id-keys.txt index 6f60ca5..d4ed4e8 100644 --- a/proposals/220-ecc-id-keys.txt +++ b/proposals/220-ecc-id-keys.txt @@ -309,9 +309,6 @@ Status: Draft a microdescriptor, a lack of id line means that the node has no ed25519 identity.) - [ Should the id entries in consensuses go into microdescriptors - instead? I think perhaps so. -NM] - A vote or consensus document is ill-formed if it includes the same ed25519 identity key twice. ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor-browser-bundle/master] Remove scamblesuit bridges for now.
commit 429309ce162a0e1c36c9d3ed9c5bd89ca4879fd8 Author: Mike Perry mikeperry-...@torproject.org Date: Wed May 28 09:14:02 2014 -0700 Remove scamblesuit bridges for now. They require Tor 0.2.5.x. Postpone adding them until we can branch off a maint-3.6 branch for TBB 3.6. --- Bundle-Data/PTConfigs/bridge_prefs.js |6 +++--- Bundle-Data/PTConfigs/linux/torrc-defaults-appendix |2 +- Bundle-Data/PTConfigs/mac/torrc-defaults-appendix |2 +- Bundle-Data/PTConfigs/windows/torrc-defaults-appendix |2 +- 4 files changed, 6 insertions(+), 6 deletions(-) diff --git a/Bundle-Data/PTConfigs/bridge_prefs.js b/Bundle-Data/PTConfigs/bridge_prefs.js index 8d2afed..6d8ac38 100644 --- a/Bundle-Data/PTConfigs/bridge_prefs.js +++ b/Bundle-Data/PTConfigs/bridge_prefs.js @@ -22,6 +22,6 @@ pref(extensions.torlauncher.default_bridge.fte.3, fte 128.105.214.163:8080 A1 pref(extensions.torlauncher.default_bridge.fte.4, fte 131.252.210.150:8080 0E858AC201BF0F3FA3C462F64844CBFFC7297A42); pref(extensions.torlauncher.default_bridge.fte.5, fte 79.125.3.12:8080 272465348803EE2546A9BB8EE37D462915531F09); -pref(extensions.torlauncher.default_bridge.scramblesuit.1, scramblesuit 188.40.121.112:39707 5DE8D363D8F150C99E1A2D7237368D614838132C password=L5POGQONBPS2HZUR6GXBIDS4CMIYYOTI); -pref(extensions.torlauncher.default_bridge.scramblesuit.2, scramblesuit 188.226.213.208:54278 AA5A86C1490296EF4FACA946CC5A182FCD1C5B1E password=MD2VRP7WXAMSG7MKIGMHI4CB4BMSNO7T); -pref(extensions.torlauncher.default_bridge.scramblesuit.3, scramblesuit 83.212.101.3:443 A09D536DD1752D542E1FBB3C9CE4449D51298239 password=XTCXLG2JAMJKZW2POLBAOWOQETQSMASH); +//pref(extensions.torlauncher.default_bridge.scramblesuit.1, scramblesuit 188.40.121.112:39707 5DE8D363D8F150C99E1A2D7237368D614838132C password=L5POGQONBPS2HZUR6GXBIDS4CMIYYOTI); +//pref(extensions.torlauncher.default_bridge.scramblesuit.2, scramblesuit 188.226.213.208:54278 AA5A86C1490296EF4FACA946CC5A182FCD1C5B1E password=MD2VRP7WXAMSG7MKIGMHI4CB4BMSNO7T); +//pref(extensions.torlauncher.default_bridge.scramblesuit.3, scramblesuit 83.212.101.3:443 A09D536DD1752D542E1FBB3C9CE4449D51298239 password=XTCXLG2JAMJKZW2POLBAOWOQETQSMASH); diff --git a/Bundle-Data/PTConfigs/linux/torrc-defaults-appendix b/Bundle-Data/PTConfigs/linux/torrc-defaults-appendix index 8327587..87108bd 100644 --- a/Bundle-Data/PTConfigs/linux/torrc-defaults-appendix +++ b/Bundle-Data/PTConfigs/linux/torrc-defaults-appendix @@ -2,7 +2,7 @@ ClientTransportPlugin fte exec ./Tor/PluggableTransports/fteproxy.bin --managed ## obfsproxy configuration -ClientTransportPlugin obfs2,obfs3,scramblesuit exec ./Tor/PluggableTransports/obfsproxy.bin managed +ClientTransportPlugin obfs2,obfs3 exec ./Tor/PluggableTransports/obfsproxy.bin managed ## flash proxy configuration # # Change the second number here (9000) to the number of a port that can diff --git a/Bundle-Data/PTConfigs/mac/torrc-defaults-appendix b/Bundle-Data/PTConfigs/mac/torrc-defaults-appendix index 19fc8e0..7c6e6a5 100644 --- a/Bundle-Data/PTConfigs/mac/torrc-defaults-appendix +++ b/Bundle-Data/PTConfigs/mac/torrc-defaults-appendix @@ -2,7 +2,7 @@ ClientTransportPlugin fte exec PluggableTransports/fteproxy.bin --managed ## obfsproxy configuration -ClientTransportPlugin obfs2,obfs3,scramblesuit exec PluggableTransports/obfsproxy.bin managed +ClientTransportPlugin obfs2,obfs3 exec PluggableTransports/obfsproxy.bin managed ## flash proxy configuration # diff --git a/Bundle-Data/PTConfigs/windows/torrc-defaults-appendix b/Bundle-Data/PTConfigs/windows/torrc-defaults-appendix index bc1399d..049d2ff 100644 --- a/Bundle-Data/PTConfigs/windows/torrc-defaults-appendix +++ b/Bundle-Data/PTConfigs/windows/torrc-defaults-appendix @@ -2,7 +2,7 @@ ClientTransportPlugin fte exec Tor\PluggableTransports\fteproxy --managed ## obfsproxy configuration -ClientTransportPlugin obfs2,obfs3,scramblesuit exec Tor\PluggableTransports\obfsproxy managed +ClientTransportPlugin obfs2,obfs3 exec Tor\PluggableTransports\obfsproxy managed ## flash proxy configuration # ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [stem/master] Changing Fedora link
commit 90843e507b381fef2579afee01e2b507a4fd505f Author: Damian Johnson ata...@torproject.org Date: Wed May 28 08:35:20 2014 -0700 Changing Fedora link For a while now our Fedora page has been getting an error response... https://github.com/fedora-infra/fedora-packages/issues/76 Juan suggested using this link instead until it gets sorted out. --- docs/download.rst |4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/download.rst b/docs/download.rst index f049da1..f46e644 100644 --- a/docs/download.rst +++ b/docs/download.rst @@ -98,10 +98,10 @@ Download % apt-get install python-stem * - .. image:: /_static/section/download/fedora.png - :target: https://apps.fedoraproject.org/packages/python-stem + :target: https://admin.fedoraproject.org/pkgdb/package/python-stem/ - .. image:: /_static/label/fedora.png - :target: https://apps.fedoraproject.org/packages/python-stem + :target: https://admin.fedoraproject.org/pkgdb/package/python-stem/ Packages maintained by Juan for Fedora. These include **python-stem** (Stem for Python 2.x), **python3-stem** (Stem for Python 3.x), and ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [stem/master] Adding DROPGUARDS support
commit 8ca253a974c7e6eec9038c2d39a98a245a1ff024
Author: Damian Johnson ata...@torproject.org
Date: Wed May 28 09:18:31 2014 -0700
Adding DROPGUARDS support
Adding a Controller method for tor's DROPGUARDS function...
https://trac.torproject.org/projects/tor/ticket/10032
https://gitweb.torproject.org/torspec.git/commitdiff/7c6c7fc
---
docs/change_log.rst |1 +
stem/control.py | 22 +++---
stem/version.py |2 ++
test/unit/control/controller.py | 13 +
4 files changed, 35 insertions(+), 3 deletions(-)
diff --git a/docs/change_log.rst b/docs/change_log.rst
index 0bff1b5..ac892d1 100644
--- a/docs/change_log.rst
+++ b/docs/change_log.rst
@@ -44,6 +44,7 @@ The following are only available within Stem's `git repository
* New, better :func:`~stem.connection.connect` function that deprecates
:func:`~stem.connection.connect_port` and
:func:`~stem.connection.connect_socket_file`
* Added :func:`~stem.control.Controller.is_newnym_available` and
:func:`~stem.control.Controller.get_newnym_wait` methods to the
:class:`~stem.control.Controller`
* Added :func:`~stem.control.Controller.get_ports` and
:func:`~stem.control.Controller.get_listeners` methods to the
:class:`~stem.control.Controller`
+ * Added :func:`~stem.control.Controller.drop_guards` (:trac:`10032`,
:spec:`7c6c7fc`)
* Added the id attribute to the :class:`~stem.response.events.ORConnEvent`
(:spec:`6f2919a`)
* Added `support for CONN_BW events
api/response.html#stem.response.events.ConnectionBandwidthEvent`_
(:spec:`6f2919a`)
* Added `support for CIRC_BW events
api/response.html#stem.response.events.CircuitBandwidthEvent`_
(:spec:`6f2919a`)
diff --git a/stem/control.py b/stem/control.py
index 27cce01..78e949c 100644
--- a/stem/control.py
+++ b/stem/control.py
@@ -122,7 +122,8 @@ If you're fine with allowing your script to raise
exceptions then this can be mo
|- is_newnym_available - true if tor would presently accept a NEWNYM signal
|- get_newnym_wait - seconds until tor would accept a NEWNYM signal
|- is_geoip_unavailable - true if we've discovered our geoip db to be
unavailable
-+- map_address - maps one address to another such that connections to the
original are replaced with the other
+|- map_address - maps one address to another such that connections to the
original are replaced with the other
++- drop_guards - drops our set of guard relays and picks a new set
BaseController - Base controller class asynchronous message handling
|- msg - communicates with the tor process
@@ -2450,8 +2451,9 @@ class Controller(BaseController):
:param stem.RelayEndReason reason: reason the stream is closing
:param str flag: not currently used
-:raises: :class:`stem.InvalidArguments` if the stream or reason are not
recognized
-:raises: :class:`stem.InvalidRequest` if the stream and/or reason are
missing
+:raises:
+ * :class:`stem.InvalidArguments` if the stream or reason are not
recognized
+ * :class:`stem.InvalidRequest` if the stream and/or reason are missing
# there's a single value offset between RelayEndReason.index_of() and the
@@ -2560,6 +2562,20 @@ class Controller(BaseController):
return response.entries
+ def drop_guards(self):
+
+Drops our present guard nodes and picks a new set.
+
+.. versionadded:: 1.2.0
+
+:raises: :class:`stem.ControllerError` if Tor couldn't fulfill the request
+
+
+if self.get_version() stem.version.Requirement.DROPGUARDS:
+ raise stem.UnsatisfiableRequest('DROPGUARDS was added in tor version %s'
% stem.version.Requirement.DROPGUARDS)
+
+self.msg('DROPGUARDS')
+
def _post_authentication(self):
super(Controller, self)._post_authentication()
diff --git a/stem/version.py b/stem/version.py
index e3ba69b..791ce7b 100644
--- a/stem/version.py
+++ b/stem/version.py
@@ -30,6 +30,7 @@ easily parsed and compared, for instance...
Requirement Description
= ===
**AUTH_SAFECOOKIE** SAFECOOKIE authentication method
+ **DROPGUARDS**DROPGUARDS requests
**EVENT_AUTHDIR_NEWDESCS**AUTHDIR_NEWDESC events
**EVENT_BUILDTIMEOUT_SET**BUILDTIMEOUT_SET events
**EVENT_CIRC_MINOR** CIRC_MINOR events
@@ -333,6 +334,7 @@ safecookie_req.greater_than(Version(0.2.3.13))
Requirement = stem.util.enum.Enum(
(AUTH_SAFECOOKIE, safecookie_req),
+ (DROPGUARDS, Version('0.2.5.1-alpha')),
(EVENT_AUTHDIR_NEWDESCS, Version('0.1.1.10-alpha')),
(EVENT_BUILDTIMEOUT_SET, Version('0.2.2.7-alpha')),
(EVENT_CIRC_MINOR, Version('0.2.3.11-alpha')),
diff --git a/test/unit/control/controller.py b/test/unit/control/controller.py
index 7422430..bc6711b 100644
--- a/test/unit/control/controller.py
+++
[tor-commits] [bridgedb/master] Call schedule.intervalStart() to get epoch for HTTPS bridge request.
commit f73deeace636c2ce91d81fc16d9d0097708b35f0 Author: Isis Lovecruft i...@torproject.org Date: Wed May 28 18:42:00 2014 + Call schedule.intervalStart() to get epoch for HTTPS bridge request. The ``epoch`` of a request is a value that is supposed to be the interval of time which the request occurred within, i.e. a request at 14:18 is in the 10-minute interval of 14:10-14:20. This ``epoch`` is used to obtain bridges in response to a client's request, specifically, it's a parameter to the ``bridgedb.Dist.getBridgesForIP()`` method, which does all the real work. In implementation (up until a couple weeks ago), there was an odd thing in that a request's ``epoch`` was always hardcoded to be ``1970``. I changed the part which returns ``1970`` to return an ISO-8601 timestamp, under the assumtion that anything asking for an interval would use the ``intervalStart()`` or ``nextIntervalStarts()`` methods to compare the curr ent timestamp to the interval it should reside within. My assumption was wrong; in ``bridgedb.Dist.getBridgesForIP()``, in the first line of that method, ``schedule.getInterval()`` is called instead. I had even made an XXX note a long time ago stating that this was a dumb thing to do. I forgot to change it. Oops. The fix is to change the first line of ``bridgedb.Dist.getBridgesForIP()`` from ``self.schedule.getInterval()`` to ``self.schedule.intervalStarts()` `. This was also preventing the CAPTCHA expiration from functioning correctly. After making this change, it exhibits the correct behaviour, which is, first, to only respond after determining that we're within the 10-minute interval in which the CAPTCHA was issued, and second, determine if the solution to the CATPCHA is correct (and if so give the bridges that we would give to that IP address cluster, ignoring time intervals altogether). * FIXES #12147 * THANKS to arma for forwarding to the original bug report to tor-assista...@lists.torproject.org. * THANKS TO Francisco on IRC for discovering and reporting the issue. --- lib/bridgedb/HTTPServer.py |2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/bridgedb/HTTPServer.py b/lib/bridgedb/HTTPServer.py index 9d76e28..6ece4d6 100644 --- a/lib/bridgedb/HTTPServer.py +++ b/lib/bridgedb/HTTPServer.py @@ -676,7 +676,7 @@ class WebResourceBridges(resource.Resource): # XXX why are we getting the interval if our distributor might be # using bridgedb.schedule.Unscheduled? -interval = self.schedule.getInterval(time.time()) +interval = self.schedule.intervalStart(time.time()) bridges = ( ) ip = None countryCode = None ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [bridgedb/master] Merge branch 'hotfix/11215_12147-intervalstart'
commit b7cd297c85d11a00ee94d2b41b46ddd9762154d1 Merge: f848aa9 f73deea Author: Isis Lovecruft i...@torproject.org Date: Wed May 28 21:01:37 2014 + Merge branch 'hotfix/11215_12147-intervalstart' lib/bridgedb/HTTPServer.py |2 +- 1 file changed, 1 insertion(+), 1 deletion(-) ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [bridgedb/develop] Fix scripts/make-ssl-cert to use `exit 1` after wrong number of args.
commit 2100e35252b1e828c173f3a2b38d364d8bfcc015
Author: Isis Lovecruft i...@torproject.org
Date: Tue May 20 18:12:55 2014 +
Fix scripts/make-ssl-cert to use `exit 1` after wrong number of args.
---
scripts/make-ssl-cert |3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/scripts/make-ssl-cert b/scripts/make-ssl-cert
index ea2fc39..ce8f7c2 100755
--- a/scripts/make-ssl-cert
+++ b/scripts/make-ssl-cert
@@ -40,7 +40,8 @@ function usage () {
printf for automation and CI tests.
printf \n
}
-if test $# -gt 1 ; then usage ; fi
+
+if test $# -ge 1 ; then usage ; exit 1 ; fi
# Go to the toplevel directory of the BridgeDB repo:
cd $REPO_PATH
___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [bridgedb/develop] Clarify comment string for EMAIL_SMTP_FROM_ADDR in config.
commit a56a5a2978179ae8a88a6c3f8a19eb1119fd6711 Author: Isis Lovecruft i...@torproject.org Date: Tue May 27 22:21:09 2014 + Clarify comment string for EMAIL_SMTP_FROM_ADDR in config. --- bridgedb.conf |2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bridgedb.conf b/bridgedb.conf index eaf82ed..eac6a34 100644 --- a/bridgedb.conf +++ b/bridgedb.conf @@ -279,7 +279,7 @@ EMAIL_DIST = True # EMAIL_FROM_ADDR goes in the 'From:' header on outgoing emails: EMAIL_FROM_ADDR = brid...@torproject.org -# EMAIL_SMTP_FROM_ADDR goes in the 'Mail-From:' header in outgoing SMTP: +# EMAIL_SMTP_FROM_ADDR goes in the 'MAIL FROM:' command in outgoing SMTP: EMAIL_SMTP_FROM_ADDR = brid...@torproject.org EMAIL_SMTP_HOST = 127.0.0.1 ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [bridgedb/develop] Fix GnuPG invalid armor header in email.templates.getFooter().
commit d05cd1e55da29d0f38fffb9b1c06a1ad9cbf67a0 Author: Isis Lovecruft i...@torproject.org Date: Sat May 17 02:24:39 2014 + Fix GnuPG invalid armor header in email.templates.getFooter(). --- lib/bridgedb/email/templates.py |4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/bridgedb/email/templates.py b/lib/bridgedb/email/templates.py index 8a7f4aa..901ba6b 100644 --- a/lib/bridgedb/email/templates.py +++ b/lib/bridgedb/email/templates.py @@ -106,7 +106,7 @@ def addFooter(template, clientAddress=None): -- 3 BridgeDB -- + Public Keys: https://bridges.torproject.org/keys This email was generated with rainbows, unicorns, and sparkles @@ -117,7 +117,7 @@ def addFooter(template, clientAddress=None): footer = u'--\n' footer += u' 3 BridgeDB\n\n' -footer += u'-' * 70 +footer += u'_' * 70 footer += u'\n' footer += template.gettext(strings.EMAIL_MISC_TEXT[8]) footer += u': https://bridges.torproject.org/keys\n' ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [bridgedb/develop] Change MailMessage.validateFrom() to respect internal proxy hosts.
commit add31550fb5d4ff1ab53d8e1079a89e2b4652336 Author: Isis Lovecruft i...@torproject.org Date: Sat May 17 02:13:21 2014 + Change MailMessage.validateFrom() to respect internal proxy hosts. The online server was getting `ORIGIN: bridges@ponticum' for the `origin` parameter to bridgedb.email.server.MailMessage.validateFrom(). In order to automatically allow forwarded emails from localhost, we passthrough on the first check on canonical domains in the validateFrom() method if the domain matches the one returned from a socket.gethostbyname() or socket.gethostname(), otherwise we fallback to canonicalizeEmailDomain() later. --- lib/bridgedb/email/server.py | 36 ++-- 1 file changed, 30 insertions(+), 6 deletions(-) diff --git a/lib/bridgedb/email/server.py b/lib/bridgedb/email/server.py index 8549e8a..5b7ceb2 100644 --- a/lib/bridgedb/email/server.py +++ b/lib/bridgedb/email/server.py @@ -19,6 +19,7 @@ from __future__ import unicode_literals import logging import io +import socket import time from twisted.internet import defer @@ -224,6 +225,8 @@ class MailContext(object): self.nBridges = config.EMAIL_N_BRIDGES_PER_ANSWER self.username = (config.EMAIL_USERNAME or bridges) +self.hostname = socket.gethostname() +self.hostaddr = socket.gethostbyname(self.hostname) self.fromAddr = (config.EMAIL_FROM_ADDR or brid...@torproject.org) self.smtpFromAddr = (config.EMAIL_SMTP_FROM_ADDR or self.fromAddr) self.smtpServerPort = (config.EMAIL_SMTP_PORT or 25) @@ -682,18 +685,39 @@ class MailDelivery(object): return hdr def validateFrom(self, helo, origin): +Validate the ``From:`` address on the incoming email. + +This is done at the SMTP layer. Meaning that if a Postfix or other +email server is proxying emails from the outside world to BridgeDB, +the ``origin.domain`` will be set to the local hostname. + +:type helo: tuple +:param helo: The lines received during SMTP client HELO. +:type origin: :api:`twisted.mail.smtp.Address` +:param origin: The email address we received this message from. +:raises: :api:`twisted.mail.smtp.SMTPBadSender` if the +``origin.domain`` was neither our local hostname, nor one of the +canonical domains listed in :ivar:`context.canon`. +:rtype: :api:`twisted.mail.smtp.Address` +:returns: The ``origin``. We *must* return some non-``None`` data from +this method, or else Twisted will reply to the sender with a 503 +error. + try: -logging.debug(ORIGIN: %r % repr(origin.addrstr)) -canonical = canonicalizeEmailDomain(origin.domain, -self.context.canon) +if ((origin.domain == self.context.hostname) or +(origin.domain == self.context.hostaddr)): +return origin +else: +logging.debug(ORIGIN DOMAIN: %r % origin.domain) +canonical = canonicalizeEmailDomain(origin.domain, +self.context.canon) +logging.debug(Got canonical domain: %r % canonical) +self.fromCanonical = canonical except UnsupportedDomain as error: logging.info(error) raise smtp.SMTPBadSender(origin.domain) except Exception as error: logging.exception(error) -else: -logging.debug(Got canonical domain: %r % canonical) -self.fromCanonical = canonical return origin # This method *cannot* return None, or it'll cause a 503. def validateTo(self, user): ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [bridgedb/develop] Fix Sphinx method link in b.e.server.generateResponse() docstring.
commit d2387ae03f1f3564ee7e8cccf76f5e4cf7851e0f Author: Isis Lovecruft i...@torproject.org Date: Wed May 28 18:12:58 2014 + Fix Sphinx method link in b.e.server.generateResponse() docstring. --- lib/bridgedb/email/server.py |2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/bridgedb/email/server.py b/lib/bridgedb/email/server.py index 2a2a66f..96527f5 100644 --- a/lib/bridgedb/email/server.py +++ b/lib/bridgedb/email/server.py @@ -173,7 +173,7 @@ def generateResponse(fromAddress, clientAddress, body, subject=None, :rtype: :class:`MailResponse` :returns: A ``MailResponse`` which contains the entire email. To obtain the contents of the email, including all headers, simply use -:meth:`MailResponse.read`. +:meth:`MailResponse.readContents`. response = MailResponse(gpgContext) response.writeHeaders(fromAddress, clientAddress, subject, ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [bridgedb/develop] Add more logging to b.e.server.checkDKIM() function.
commit 07ca1978ceb841e22d2c7389a0116f1d92677039 Author: Isis Lovecruft i...@torproject.org Date: Wed May 28 18:12:15 2014 + Add more logging to b.e.server.checkDKIM() function. --- lib/bridgedb/email/server.py |3 +++ 1 file changed, 3 insertions(+) diff --git a/lib/bridgedb/email/server.py b/lib/bridgedb/email/server.py index c0ea273..2a2a66f 100644 --- a/lib/bridgedb/email/server.py +++ b/lib/bridgedb/email/server.py @@ -65,6 +65,9 @@ def checkDKIM(message, rules): 2. Those headers were *not* okay. Otherwise, returns ``True``. +logging.info(Checking DKIM verification results...) +logging.debug(Domain has rules: %s % ', '.join(rules)) + if 'dkim' in rules: # getheader() returns the last of a given kind of header; we want # to get the first, so we use getheaders() instead. ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [bridgedb/develop] Whitespace fixes in lib/bridgedb/email/server.py.
commit 181f8eb6a71189edecc07e6fb2361f0aaedae9de Author: Isis Lovecruft i...@torproject.org Date: Mon May 19 20:03:10 2014 + Whitespace fixes in lib/bridgedb/email/server.py. --- lib/bridgedb/email/server.py |6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/lib/bridgedb/email/server.py b/lib/bridgedb/email/server.py index d011be4..dbc0c67 100644 --- a/lib/bridgedb/email/server.py +++ b/lib/bridgedb/email/server.py @@ -318,7 +318,7 @@ class MailResponse(object): def read(self, *args, **kwargs): self.mailfile.read(*args, **kwargs) read.__doc__ = mailfile.read.__doc__ - + def readline(self, *args, **kwargs): self.mailfile.readline(*args, **kwargs) readline.__doc__ = mailfile.readline.__doc__ @@ -330,11 +330,11 @@ class MailResponse(object): def seek(self, *args, **kwargs): self.mailfile.seek(*args, **kwargs) seek.__doc__ = mailfile.seek.__doc__ - + def tell(self, *args, **kwargs): self.mailfile.tell(*args, **kwargs) tell.__doc__ = mailfile.tell.__doc__ - + def truncate(self, *args, **kwargs): self.mailfile.truncate(*args, **kwargs) truncate.__doc__ = mailfile.truncate.__doc__ ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [bridgedb/develop] Whitespace fix for one line in scripts/make-ssl-cert.
commit 14ff79b443ca17f2b9140ee00ab3092c2647d180 Author: Isis Lovecruft i...@torproject.org Date: Tue May 20 18:11:43 2014 + Whitespace fix for one line in scripts/make-ssl-cert. --- scripts/make-ssl-cert |2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/make-ssl-cert b/scripts/make-ssl-cert index 77fd728..ea2fc39 100755 --- a/scripts/make-ssl-cert +++ b/scripts/make-ssl-cert @@ -27,7 +27,7 @@ while [ -h $THIS_FILE ]; do THIS_FILE=$(readlink $THIS_FILE) # if $THIS_FILE was a relative symlink, we need to resolve it relative to # the path where the symlink file was located: -[[ $THIS_FILE != /* ]] THIS_FILE=$THIS_PATH/$THIS_FILE +[[ $THIS_FILE != /* ]] THIS_FILE=$THIS_PATH/$THIS_FILE done THIS_PATH=$( cd -P $( dirname $THIS_FILE ) pwd ) ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [bridgedb/develop] Hush OpenSSL during key/cert creation in scripts/make-ssl-cert.
commit da121b3a5135d66095edb469b02c47f8ccb1adab
Author: Isis Lovecruft i...@torproject.org
Date: Tue May 20 18:14:41 2014 +
Hush OpenSSL during key/cert creation in scripts/make-ssl-cert.
---
scripts/make-ssl-cert | 47 +++
1 file changed, 27 insertions(+), 20 deletions(-)
diff --git a/scripts/make-ssl-cert b/scripts/make-ssl-cert
index ce8f7c2..76e4d70 100755
--- a/scripts/make-ssl-cert
+++ b/scripts/make-ssl-cert
@@ -34,27 +34,34 @@ THIS_PATH=$( cd -P $( dirname $THIS_FILE ) pwd )
REPO_PATH=${THIS_PATH%%/scripts}
function usage () {
-printf Usage: %s\n\n $NAME
-printf This script will create an SSL key and certificate ('privkey.pem'
and 'cert'\n
-printf respectively). The key has had it's password removed, and thus is
suitable\n
-printf for automation and CI tests.
-printf \n
+cat EOF
+Usage: $NAME
+
+This script will create an SSL key and certificate ('privkey.pem' and 'cert'
+respectively). The key has had it's password removed, and thus is suitable
+for automation and CI tests.
+
+EOF
}
if test $# -ge 1 ; then usage ; exit 1 ; fi
-# Go to the toplevel directory of the BridgeDB repo:
-cd $REPO_PATH
-#printf %s: Current working directory:\n\t%s\n $NAME $PWD
-
-openssl genrsa -des3 -passout pass:bridgedb -out privkey 4096
-openssl req -batch -passin pass:bridgedb -new -key privkey -out server.csr
-cp privkey privkey.nopasswd
-openssl rsa -passin pass:bridgedb -in privkey.nopasswd -out privkey.pem
-openssl x509 -req -days 365 -in server.csr -signkey privkey.pem -out cert
-test -f privkey.nopasswd rm -f privkey.nopasswd
-test -f privkey rm -f privkey
-test -f server.csr rm -f server.csr
-
-printf Done. Your private key was saved in ${REPO_PATH}/privkey.pem \n
-printf and your certificate is in ${REPO_PATH}/cert \n
+{
+# Go to the toplevel directory of the BridgeDB repo:
+cd $REPO_PATH
+
+openssl genrsa -des3 -passout pass:bridgedb -out privkey 4096
+openssl req -batch -passin pass:bridgedb -new -key privkey -out server.csr
+cp privkey privkey.nopasswd
+openssl rsa -passin pass:bridgedb -in privkey.nopasswd -out privkey.pem
+openssl x509 -req -days 365 -in server.csr -signkey privkey.pem -out cert
+
+test -f privkey.nopasswd rm -f privkey.nopasswd
+test -f privkey rm -f privkey
+test -f server.csr rm -f server.csr
+
+} 1/dev/null 21
+
+
+printf Created private key: ${REPO_PATH}/privkey.pem \n
+printf Created certificate: ${REPO_PATH}/cert \n
___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [bridgedb/develop] Fix Python2.7.3 UnicodeDecodeError in MailMessage.getIncoming().
commit a8daa33de3e35d8108a7a0ee358d0b968f95d820
Author: Isis Lovecruft i...@torproject.org
Date: Sat May 17 02:23:00 2014 +
Fix Python2.7.3 UnicodeDecodeError in MailMessage.getIncoming().
---
lib/bridgedb/email/server.py |3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/lib/bridgedb/email/server.py b/lib/bridgedb/email/server.py
index 5b7ceb2..d011be4 100644
--- a/lib/bridgedb/email/server.py
+++ b/lib/bridgedb/email/server.py
@@ -515,7 +515,8 @@ class MailMessage(object):
:returns: A ``Message`` comprised of all lines received thus far.
rawMessage = io.StringIO()
-rawMessage.writelines([unicode('{0}\n'.format(ln)) for ln in
self.lines])
+for ln in self.lines:
+rawMessage.writelines(unicode(ln) + unicode('\n'))
rawMessage.seek(0)
return smtp.rfc822.Message(rawMessage)
___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [bridgedb/develop] Update b.e.server.MailDelivery.validateFrom() docstring.
commit 180c1141123301764db43dfd435d8063048b1502 Author: Isis Lovecruft i...@torproject.org Date: Wed May 28 18:15:30 2014 + Update b.e.server.MailDelivery.validateFrom() docstring. --- lib/bridgedb/email/server.py | 12 ++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/lib/bridgedb/email/server.py b/lib/bridgedb/email/server.py index 96527f5..cdc1721 100644 --- a/lib/bridgedb/email/server.py +++ b/lib/bridgedb/email/server.py @@ -692,11 +692,19 @@ class MailDelivery(object): return hdr def validateFrom(self, helo, origin): -Validate the ``From:`` address on the incoming email. +Validate the ``MAIL FROM:`` address on the incoming SMTP connection. This is done at the SMTP layer. Meaning that if a Postfix or other email server is proxying emails from the outside world to BridgeDB, -the ``origin.domain`` will be set to the local hostname. +the :api:`origin.domain twisted.email.smtp.Address.domain` will be +set to the local hostname. Therefore, if the SMTP ``MAIL FROM:`` +domain name is our own hostname (as returned from +:func:`socket.gethostname`) or our own FQDN, allow the connection. + +Otherwise, if the ``MAIL FROM:`` domain has a canonical domain in our +mapping (taken from :ivar:`context.canon MailContext.canon`, which +is taken in turn from the ``EMAIL_DOMAIN_MAP``), then our +:ivar:`fromCanonicalSMTP` is set to that domain. :type helo: tuple :param helo: The lines received during SMTP client HELO. ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [bridgedb/develop] Fix ivar and incomplete items in email.server.MailContext docstring.
commit bb50b474c3f16c1061498b183f68d7846c58b1cc Author: Isis Lovecruft i...@torproject.org Date: Tue May 27 22:23:10 2014 + Fix ivar and incomplete items in email.server.MailContext docstring. --- lib/bridgedb/email/server.py | 43 ++ 1 file changed, 23 insertions(+), 20 deletions(-) diff --git a/lib/bridgedb/email/server.py b/lib/bridgedb/email/server.py index dbc0c67..c0ea273 100644 --- a/lib/bridgedb/email/server.py +++ b/lib/bridgedb/email/server.py @@ -189,32 +189,35 @@ def generateResponse(fromAddress, clientAddress, body, subject=None, class MailContext(object): -Helper object that holds information used by email subsystem. +Helper object that holds information used by email subsystem. + +:ivar str username: Reject any RCPT TO lines that aren't to this +user. See the ``EMAIL_USERNAME`` option in the config file. +(default: ``'bridges'``) +:ivar int maximumSize: Reject any incoming emails longer than +this size (in bytes). (default: 3084 bytes). +:ivar int smtpPort: The port to use for outgoing SMTP. +:ivar str smtpServer: The IP address to use for outgoing SMTP. +:ivar str smtpFromAddr: Use this address in the raw SMTP ``MAIL FROM`` +line for outgoing mail. (default: ``brid...@torproject.org``) +:ivar str fromAddr: Use this address in the email :header:`From:` +line for outgoing mail. (default: ``brid...@torproject.org``) +:ivar int nBridges: The number of bridges to send for each email. +:ivar gpgContext: A ``gpgme.GpgmeContext`` (as created by +:func:`bridgedb.crypto.getGPGContext`), or None if we couldn't create +a proper GPGME context for some reason. + def __init__(self, config, distributor, schedule): -DOCDOC - -:ivar str username: Reject any RCPT TO lines that aren't to this -user. See the ``EMAIL_USERNAME`` option in the config file. -(default: ``'bridges'``) -:ivar int maximumSize: Reject any incoming emails longer than -this size (in bytes). (default: 3084 bytes). -:ivar int smtpPort: The port to use for outgoing SMTP. -:ivar str smtpServer: The IP address to use for outgoing SMTP. -:ivar str smtpFromAddr: Use this address in the raw SMTP ``MAIL FROM`` -line for outgoing mail. (default: ``brid...@torproject.org``) -:ivar str fromAddr: Use this address in the email :header:`From:` -line for outgoing mail. (default: ``brid...@torproject.org``) -:ivar int nBridges: The number of bridges to send for each email. -:ivar gpgContext: A ``gpgme.GpgmeContext`` (as created by -:func:`bridgedb.crypto.getGPGContext`), or None if we couldn't -create a proper GPGME context for some reason. +Create a context for storing configs for email bridge distribution. :type config: :class:`bridgedb.persistent.Conf` :type distributor: :class:`bridgedb.Dist.EmailBasedDistributor`. -:param distributor: DOCDOC +:param distributor: The distributor will handle getting the correct +bridges (or none) for a client for us. :type schedule: :class:`bridgedb.schedule.ScheduledInterval`. -:param schedule: DOCDOC +:param schedule: An interval-based scheduler, used to help the +:ivar:`distributor` know if we should give bridges to a client. self.config = config self.distributor = distributor ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [bridgedb/develop] Update b.e.server.validateTo() docstring.
commit 5827bc9136d66bc5a97dc80995b6079cc5787890 Author: Isis Lovecruft i...@torproject.org Date: Wed May 28 18:18:13 2014 + Update b.e.server.validateTo() docstring. --- lib/bridgedb/email/server.py | 18 +++--- 1 file changed, 15 insertions(+), 3 deletions(-) diff --git a/lib/bridgedb/email/server.py b/lib/bridgedb/email/server.py index cdc1721..b7e90ef 100644 --- a/lib/bridgedb/email/server.py +++ b/lib/bridgedb/email/server.py @@ -736,9 +736,21 @@ class MailDelivery(object): return origin # This method *cannot* return None, or it'll cause a 503. def validateTo(self, user): -If the local user that was addressed isn't our configured local user -or doesn't contain a '+' with a prefix matching the local configured -user: Yell. +Validate the SMTP ``RCPT TO:`` address for the incoming connection. + +The local username and domain name to which this SMTP message is +addressed, after being stripped of any ``'+'`` aliases, **must** be +identical to those in the email address set our +``EMAIL_SMTP_FROM_ADDR`` configuration file option. + +:type user: :api:`twisted.mail.smtp.User` +:param user: Information about the user this SMTP message was +addressed to. +:raises: A :api:`twisted.mail.smtp.SMTPBadRcpt` if any of the above +conditions weren't met. +:rtype: callable +:returns: A parameterless function which returns an instance of +:class:`SMTPMessage`. u = user.dest.local # Hasplus? If yes, strip '+foo' ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [bridgedb/develop] Update b.e.server.addServer() docstring.
commit c053bffea4648e58568de961b4cf93005db10c75 Author: Isis Lovecruft i...@torproject.org Date: Wed May 28 18:18:55 2014 + Update b.e.server.addServer() docstring. --- lib/bridgedb/email/server.py |8 ++-- 1 file changed, 2 insertions(+), 6 deletions(-) diff --git a/lib/bridgedb/email/server.py b/lib/bridgedb/email/server.py index b7e90ef..03643dc 100644 --- a/lib/bridgedb/email/server.py +++ b/lib/bridgedb/email/server.py @@ -785,12 +785,8 @@ class MailFactory(smtp.SMTPFactory): def addServer(config, distributor, schedule): Set up a SMTP server for responding to requests for bridges. -:param config: A configuration object from Main. We use these -options:: -EMAIL_BIND_IP -EMAIL_PORT -EMAIL_N_BRIDGES_PER_ANSWER -EMAIL_DOMAIN_RULES +:type config: :class:`bridgedb.persistent.Conf` +:param config: A configuration object. :type distributor: :class:`bridgedb.Dist.EmailBasedDistributor` :param dist: A distributor which will handle database interactions, and will decide which bridges to give to who and when. ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [bridgedb/develop] Fix GnuPG 'invalid dash escaped line: --\n' error in templates.getFooter().
commit d78fe49acfadf945aa04584fb7517a81e1e9687b Author: Isis Lovecruft i...@torproject.org Date: Sat May 17 02:29:58 2014 + Fix GnuPG 'invalid dash escaped line: --\n' error in templates.getFooter(). --- lib/bridgedb/email/templates.py |7 +++ 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/lib/bridgedb/email/templates.py b/lib/bridgedb/email/templates.py index 901ba6b..eb5c528 100644 --- a/lib/bridgedb/email/templates.py +++ b/lib/bridgedb/email/templates.py @@ -103,9 +103,8 @@ def addHowto(template): def addFooter(template, clientAddress=None): Add a footer. --- + -- 3 BridgeDB - Public Keys: https://bridges.torproject.org/keys @@ -115,8 +114,8 @@ def addFooter(template, clientAddress=None): now = datetime.utcnow() clientAddr = clientAddress.addrstr -footer = u'--\n' -footer += u' 3 BridgeDB\n\n' +footer = u' --\n' +footer += u' 3 BridgeDB\n' footer += u'_' * 70 footer += u'\n' footer += template.gettext(strings.EMAIL_MISC_TEXT[8]) ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [bridgedb/develop] Call schedule.intervalStart() to get epoch for HTTPS bridge request.
commit f73deeace636c2ce91d81fc16d9d0097708b35f0 Author: Isis Lovecruft i...@torproject.org Date: Wed May 28 18:42:00 2014 + Call schedule.intervalStart() to get epoch for HTTPS bridge request. The ``epoch`` of a request is a value that is supposed to be the interval of time which the request occurred within, i.e. a request at 14:18 is in the 10-minute interval of 14:10-14:20. This ``epoch`` is used to obtain bridges in response to a client's request, specifically, it's a parameter to the ``bridgedb.Dist.getBridgesForIP()`` method, which does all the real work. In implementation (up until a couple weeks ago), there was an odd thing in that a request's ``epoch`` was always hardcoded to be ``1970``. I changed the part which returns ``1970`` to return an ISO-8601 timestamp, under the assumtion that anything asking for an interval would use the ``intervalStart()`` or ``nextIntervalStarts()`` methods to compare the curr ent timestamp to the interval it should reside within. My assumption was wrong; in ``bridgedb.Dist.getBridgesForIP()``, in the first line of that method, ``schedule.getInterval()`` is called instead. I had even made an XXX note a long time ago stating that this was a dumb thing to do. I forgot to change it. Oops. The fix is to change the first line of ``bridgedb.Dist.getBridgesForIP()`` from ``self.schedule.getInterval()`` to ``self.schedule.intervalStarts()` `. This was also preventing the CAPTCHA expiration from functioning correctly. After making this change, it exhibits the correct behaviour, which is, first, to only respond after determining that we're within the 10-minute interval in which the CAPTCHA was issued, and second, determine if the solution to the CATPCHA is correct (and if so give the bridges that we would give to that IP address cluster, ignoring time intervals altogether). * FIXES #12147 * THANKS to arma for forwarding to the original bug report to tor-assista...@lists.torproject.org. * THANKS TO Francisco on IRC for discovering and reporting the issue. --- lib/bridgedb/HTTPServer.py |2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/bridgedb/HTTPServer.py b/lib/bridgedb/HTTPServer.py index 9d76e28..6ece4d6 100644 --- a/lib/bridgedb/HTTPServer.py +++ b/lib/bridgedb/HTTPServer.py @@ -676,7 +676,7 @@ class WebResourceBridges(resource.Resource): # XXX why are we getting the interval if our distributor might be # using bridgedb.schedule.Unscheduled? -interval = self.schedule.getInterval(time.time()) +interval = self.schedule.intervalStart(time.time()) bridges = ( ) ip = None countryCode = None ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [bridgedb/develop] Merge branch 'hotfix/11215_12147-intervalstart' into develop
commit 625cbe8b6fd2153ae23be1c4a78e80a90b0b2348 Merge: da121b3 f73deea Author: Isis Lovecruft i...@torproject.org Date: Wed May 28 21:03:19 2014 + Merge branch 'hotfix/11215_12147-intervalstart' into develop lib/bridgedb/HTTPServer.py |2 +- 1 file changed, 1 insertion(+), 1 deletion(-) ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [bridgedb/develop] Merge branch 'hotfix/0.2.1-docstrings' into develop
commit e2de6afb4332452664b8ff7dbc707c3384ae7bf6 Merge: 625cbe8 c053bff Author: Isis Lovecruft i...@torproject.org Date: Wed May 28 21:18:43 2014 + Merge branch 'hotfix/0.2.1-docstrings' into develop bridgedb.conf|2 +- lib/bridgedb/email/server.py | 86 ++ 2 files changed, 55 insertions(+), 33 deletions(-) ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
