forked from larrycameron80/bridgedb-2
-
Notifications
You must be signed in to change notification settings - Fork 0
/
CHANGELOG
1504 lines (1209 loc) · 67.7 KB
/
CHANGELOG
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
Changes in version 0.11.0 - 2020-07-08
* FIXES https://bugs.torproject.org/31422
Make BridgeDB report internal metrics, like the median number of users that
bridges were handed out to.
* FIXES https://bugs.torproject.org/34260
Parse bridge blocking information from SQL database.
* FIXES https://gitlab.torproject.org/tpo/anti-censorship/bridgedb/-/issues/40001
Remove the --reload command line switch. It doesn't actually do anything.
* FIXES https://bugs.torproject.org/29184
Add a new configuration option, BLACKLISTED_TOR_VERSIONS, which contains a
list of Tor versions. BridgeDB won't hand out bridges whose Tor version
is present in this blacklist.
* FIXES https://bugs.torproject.org/19774
Add a favicon to BridgeDB's web UI.
Changes in version 0.10.1 - 2020-05-27
* FIXES https://bugs.torproject.org/33945
This patch fixes a bug that caused the email autoresponder to fail after
a while.
* FIXES https://bugs.torproject.org/34154
Add new fields to the SQLite table BlockedBridges in preparation for taking
into account OONI's bridge measurement results.
* FIXES https://bugs.torproject.org/31528
BridgeDB's UI uses a bunch of obscure "chatspeak" references in its UI. One
example is that it responds with "Uh oh, spaghettios!" if there are
currently no bridges available. While funny to some, this is difficult to
translate and shouldn't be part of software that's used by an international
audience. This patch removes such references.
* FIXES https://bugs.torproject.org/12802
Add a script that sends a bridge request over email, and then checks if it
received a response from BridgeDB. We use this script as part of our nagios
setup, so we notice when our autoresponder breaks.
* FIXES https://bugs.torproject.org/17548
This patch removes PGP support. BridgeDB's signing key expired on
2015-09-11. Nobody ever complained and maintaining the bits and pieces
necessary to sign emails isn't worth the effort, so this patch removes that
feature.
* FIXES https://bugs.torproject.org/30941
Make our email responder more usable. This patch removes the concept of
"valid" email commands and returns bridges (obfs4, for now) no matter what
the user sends. BridgeDB still supports email commands in case the user
needs a vanilla or IPv6 bridge.
* FIXES https://bugs.torproject.org/29686
Rename files that contain "Bridges" to "bridgerings", to eliminate headache
on file systems that are case insensitive.
Changes in version 0.10.0 - 2020-04-01
* FIXES https://bugs.torproject.org/30317
Update our "howto" box, which explains how one adds bridges to Tor Browser.
In addition to updating the instructions, this patch also links to
instructions for Android.
* FIXES https://bugs.torproject.org/33631
So far, BridgeDB remembered only the first distribution mechanism it ever
learned for a given bridge. That means that if a bridge would change its
mind and re-configure its distribution mechanism using BridgeDistribution,
BridgeDB would ignore it. This patch changes this behavior, so bridges can
actually change their distribution mechanism.
* FIXES https://bugs.torproject.org/31967
Use a CSPRNG for selecting cached CAPTCHAs.
* FIXES https://bugs.torproject.org/33008
Add an info page, available at bridges.torproject.org/info. Relay Search
links to this info page to explain to bridge operators what their bridge
distribution mechanism means.
Changes in version 0.9.4 - 2020-02-19
* FIXES https://bugs.torproject.org/30946
This patch ports BridgeDB to Python 3. Python 2 is no longer supported
since Jan 1, 2020.
Changes in version 0.9.3 - 2020-02-18
* FIXES <https://bugs.torproject.org/33299>
This patch disables the distribution of FTE, ScrambleSuit, and obfs3.
Changes in version 0.9.2 - 2020-02-04
* FIXES <https://bugs.torproject.org/31427>
This patch updates the AUTHORS file, HACKING.md, contact information, the
Trac URL to report bugs, our instructions on BridgeDB's landing page, and it
fixes a small bug in descriptor generation.
Changes in version 0.9.1 - 2019-10-29
* FIXES https://bugs.torproject.org/32203
The metrics code used to weed out vanilla bridges, so they did not show up
in our metrics. This patch fixes this issue.
* FIXES https://bugs.torproject.org/32134
While implementing our language switcher (#26543), we added a new string,
"Language", that requires translations. This patch adds a new translation
request and also updates our instructions on how to request new
translations.
* FIXES https://bugs.torproject.org/32105
Mention an undocumented OS-level dependency: python3-dkim.
Changes in version 0.9.0 - 2019-10-16
* FIXES https://bugs.torproject.org/26543
Implement a language switcher that allows users to override the locale that
BridgeDB automatically selects by inspecting the client's request headers.
Changes in version 0.8.3 - 2019-10-03
* FIXES https://bugs.torproject.org/31903
Update existing translations and request new translations. Thanks to all
volunteers who helped translate BridgeDB!
* FIXES https://bugs.torproject.org/31780
We implemented BridgeDB's metrics in #9316 but haven't specified its format
until now. In addition to adding a specification, this patch also makes our
implementation consistent with our (slightly updated) specification.
* FIXES https://bugs.torproject.org/29484
Update BridgeDB's requirements to the latest respective versions. Among
others, this patch set updates Twisted to 19.7.0, pyOpenSSL to 19.0.0, and
replaces (the abandoned) PyCrypto with PyCryptodome, which fixes security
vulnerabilities.
Changes in version 0.8.2 - 2019-09-20
Updated translations for the following languages:
bn, da, eo, fa, it, ko, nl, pt_BR, pt_PT, sr, zh_CN.
Changes in version 0.8.1 - 2019-09-11
* FIXES https://bugs.torproject.org/17626
BridgeDB gets confused when users reply to a "get help" email. The issue is
that BridgeDB interprets commands anywhere in the email body, even if it's
in quoted text. To fix this issue, we are ignoring commands whose email
body line starts with a '>' character, which is typically used for email
quotes.
* FIXES https://bugs.torproject.org/28533
The frontdesk is seeing plenty of empty bogus emails. This fix removes the
email links and instead encourages users to take a look at the Tor Browser
Manual and at our Support Portal.
Changes in version 0.8.0 - 2019-08-20
* FIXES https://bugs.torproject.org/9316
Make BridgeDB export usage metrics every 24 hours. At the end of each
24-hour measurement interval, BridgeDB will append usage metrics to the file
METRICS_FILE, which is configured in bridgedb.conf. Our metrics keep track
of the number of (un)successful requests per transport type per country code
(or email provider) per distribution method. This way, we get to learn
that, say, over the last 24 hours there were 31-40 users in Iran who
successfully requested an obfs4 bridge over Moat.
* FIXES #26542 https://bugs.torproject.org/26542
Make BridgeDB distribute vanilla IPv6 bridges again.
* FIXES #22755 https://bugs.torproject.org/22755
Use stem instead of leekspin to create test descriptors. We now don't need
to depend on leekspin anymore.
* FIXES #31252 https://bugs.torproject.org/31252
Add an anti-bot mechanism that allows us to detect bots by matching HTTP
request headers for blacklisted patterns. For example, bots may have their
Accept-Language set to "Klingon". Blacklisted patterns are configured in
BLACKLISTED_REQUEST_HEADERS_FILE. When BridgeDB detects a bot request, we
can answer their request with a decoy bridge that's only handed out to bots.
Decoy bridges are configured in DECOY_BRIDGES_FILE.
Changes in version 0.7.1 - 2019-06-07
* FIXES #28496 https://bugs.torproject.org/28496
Remove Yahoo from the list of allowed email domains. Yahoo allows you to
create up to 500 disposable email addresses, which BridgeDB interprets as
unique:
https://bugs.torproject.org/28496#comment:8
We could address this issue in BridgeDB but at this point we seem better off
dropping support for Yahoo because the provider likely also fell behind in
Sybil protection.
Changes in version 0.7.0 - 2019-06-07
* FIXES #28655 https://bugs.torproject.org/28655
When a bridge supports an active probing-resistant transport, it should not
give out flavors that are vulnerable to active probing. For example, if a
bridge supports obfs4 and obfs3, it should only give out obfs4.
* FIXES #30706 https://bugs.torproject.org/30706
Do some simple BridgeDB housekeeping: Add missing CHANGELOG entries, add
Philipp's contact info to the support section, fix a broken Trac URL, and
turn HTTP link into HTTPS.
* FIXES #30157: https://bugs.torproject.org/30157
Update BridgeDB translations. This ticket both adds new translations and
updates existing ones.
Changes in version 0.6.9 - 2018-11-20
* FIXES #23894 https://bugs.torproject.org/23894
Really change the contact address, in the correct place this time.
Changes in version 0.6.8 - 2018-11-19
* FIXES #28528 https://bugs.torproject.org/28528
Change maintainer info.
* FIXES #23894 https://bugs.torproject.org/23894
Change contact email address.
Changes in version 0.6.7 - 2018-05-21
Print fingerprints in hex thank you very much.
Changes in version 0.6.6 - 2018-05-21
* FIXES #26150 https://bugs.torproject.org/26150
Hotfix for strange bridges missing address fields.
Changes in version 0.6.5 - 2018-05-04
* FIXES #26023 https://bugs.torproject.org/26023
There's few bridges whose ed25519 certificates contain the year 491869,
which the datetime module (called from Stem) believes "out of range". So
instead we'll parse the descriptors one at a time and catch the errors as we
go.
* FIXES #25246 https://bugs.torproject.org/25246
Add script for assigning unallocated bridges to another distributor.
Changes in version 0.6.4 - 2018-02-13
* FIXES #24432 https://bugs.torproject.org/24432
Add config option to skip loopback addresses in X-Forwarded-For parsing.
Changes in version 0.6.3 - 2018-01-23
* FIXES #24432 https://bugs.torproject.org/24432
The production moat server had issues related to redirecting to resources
properly, which are now fixed.
* FIXES #24701 https://bugs.torproject.org/24701
Adds a special surprise for the special someone who has been automatedly
requesting bridges not through driving a browser, but through a script which
is so thoroughly stupid that it doesn't even send the URL parameters for the
CAPTCHA challenge and solution. Their script will now be delayed for quite
some time and then rickrolled. Mess with the best, die like the rest.
* FIXES #24704 https://bugs.torproject.org/24704
Bridges returned to a single request are now filtered such that there will
never be two bridges from the same IPv4 /16 or IPv6 /64.
And includes the following general changes:
* ADDS unittests for the legacy code in bridgedb/Bridges.py,
bringing the total test coverage above 90% for the first time.
Changes in version 0.6.2 - 2017-12-20
* FIXES #24636 https://bugs.torproject.org/24636
The moat API specification included an extra response type which could be
sent if there was no overlap between transports the client supported and
those which the server supported. This has been removed from the
specification, which now describes the behaviour moat has always exhibited:
if there is no overlap, the server responds with a CAPTCHA image response
which includes the list of transports it does support.
* FIXES #24637 https://bugs.torproject.org/24637
The moat server did not respond correctly with the specified JSON API error
type when there were no bridges available. It now responds correctly with a
404 error whose details describe why the request could not be fulfilled.
The moat server also now logs messages if there were not the configured
MOAT_BRIDGES_PER_RESPONSE number of bridges available.
Changes in version 0.6.1 - 2017-12-13
* ADDS a shell script, scripts/test-moat, for testing either a
locally-running moat server, or a remote one through a meek tunnel. Thanks
to David Fifield for his work on meek, assistance setting it up, and
providing the first version of this script.
* FIXES #24433 https://bugs.torproject.org/24433
The test-moat script wasn't sending an X-Forwarded-For header, which
triggered a bug in the moat server, since the CAPTCHA solution includes an
HMAC based on the client's IP (forwarded through all the several layers of
tunnels/proxies).
* FIXES #24443 https://bugs.torproject.org/24443
Due to a difference between how booleans are parsed by Python's json library
and normal Python booleans, the moat server was generating and returning
QRCodes… regardless of whether the remote client application asked for one.
This is now fixed.
* FIXES #24460 https://bugs.torproject.org/24460
There was an unhandled error when sending certain (what appears to be
possibly malicious? but in a very strange way) requests to BridgeDB's HTTPS
distributor. The robots making the requests were attempting to request
bridges, but were presenting a CAPTCHA solution without the correct HTML
form field parameters present, which isn't possible through normal usage of
the web interface. Whoever or whatever is doing this is now going to be
endlessly redirected so that they may forever spiral in their own private
internet hell. I reserve the right come up with a worse fate for them
later, should I get bored.
* FIXES #3015 https://bugs.torproject.org/3015
BridgeDB has had a partially-implemented concept of "buckets" since the age
of the dinosaurs: write some of the unallocated bridges to a file which
should (somehow) be manually distributed. In addition to be unused and
untested, there were several issues with the buckets, the most significant
of which were the inability to request pluggable transports in a bucket and
the fact that buckets were not persistent in any way (e.g. if i request a
bucket of 50 bridges for Gomez and another with 50 for Morticia, they might
end up with some of the same bridges, further, tomorrow they'll end up with
50 possibly different bridges than those they received today). All of this
code is now removed.
And includes the following general changes:
* FIXES issues with JSON quote syntax and a mistaken JSON API
"type" parameter in the specification of the moat server (in the README).
Thanks to Mark Smith and Kathy Brade for pointing out the issues.
Changes in version 0.6.0 - 2017-11-15
* ADDS a new JSON API distributor called "moat", which is intended
for use for Tor Launcher to use to build an in-browser UI for retrieving
bridges.
* CHANGES the organisation of code to add a new
bridgedb.distributors package as well as a bridgedb.distributors.common
package for code shared between multiple distributors.
Changes in version 0.5.0 - 2017-10-28
* FIXES #23957 https://bugs.torproject.org/23957
BridgeDB now supports bridge operators choosing how their bridge will be
distributed. See the "BridgeDistribution" torrc option in tor's manpage for
details.
* FIXES #16650 https://bugs.torproject.org/16650
BridgeDB is now accessible via select remote user interfaces through a meek
tunnel.
* FIXES #22998 https://bugs.torproject.org/23033
* FIXES #23033 https://bugs.torproject.org/23033
* FIXES #23034 https://bugs.torproject.org/23034
Upgrades BridgeDB to newer versions of Twisted and PyOpenSSL, and fixes
several issues due to non-backwards compatible changes within those
libraries.
Changes in version 0.4.0 - 2017-01-09
* FIXES #21162 https://bugs.torproject.org/21162
BridgeDB now supports arbitrarily blacklisting suspected bad bridges from
being distributed to clients. This is in response to a suspected sybil
attack by an unknown party. For more details, see:
https://lists.torproject.org/pipermail/tor-project/2016-December/000851.html
Changes in version 0.3.8 - 2016-09-22
* FIXES #20088 https://bugs.torproject.org/20088
BridgeDB now supports receiving descriptors from multiple Bridge
Authorities. See also #19690.
* FIXES #20087 https://bugs.torproject.org/20087
BridgeDB's version of Stem now supports parsing transport lines in bridge
extrainfo descriptors which contain IPv6 addresses contained within square
brackets.
Changes in version 0.3.7 - 2016-08-04
* FIXES #19691 https://bugs.torproject.org
BridgeDB (as running on Tor Project infrastructure) is now invocated with a
redirection of stdout and stderr to the flog utility, in order to ensure
that file handles are properly closed and reopened when BridgeDB receives a
SIGHUP.
And includes the following general changes:
* ADDS some files which were missing from BridgeDB PyPI packages
to the MANIFEST.in, so that they are now included.
Changes in version 0.3.6 - 2016-07-28
* FIXES #18237 https://bugs.torproject.org/18237
During descriptor parsing, BridgeDB saves copies of descriptor files which
couldn't be parsed, for later debugging purposes. To avoid filing up the
runtime directory with these files, we now delete files older than 24 hours,
every 24 hours.
* FIXES #18949 https://bugs.torproject.org/18949
Since we've upgraded the host machine which runs The Tor Project's BridgeDB
instance to Debian Jessie, this patch updates the testing configurations and
continuous integration infrastructure to run tests on versions of Python
dependencies in Debian Jessie and Stretch.
Changes in version 0.3.4 - 0.3.5 - 2015-11-30
* FIXES #14685 https://bugs.torproject.org/14685
This disables distribution of obfs2 bridges. This pluggable transport has
known distiguishers which allow adversaries to identify client connections
to obfs2 bridges, which in turn allows these connections to be
blocked/censored. With numerous obfs3 and obfs4 bridges both readily
available, users should not be presented with an easily-configurable choice
that is known to be unsafe for the majority of users.
And includes the following general changes:
* ADDS error pages to BridgeDB's web interface, to provide
friendlier explanations for downtime, missing pages, and internal server
errors. For example: https://bridges.torproject.org/404
Changes in version 0.3.3 - 2015-10-25
* FIXES #12029 https://bugs.torproject.org/12029
BridgeDB now has an API for creating Bridge Distributors. See the
bridgedb.distribute module, or its developer documentation at
https://pythonhosted.org/bridgedb/bridgedb.distribute.html.
* FIXES PART OF #12506 https://bugs.torproject.org/12506
BridgeDB's two Distributors (HTTPS and Email) are now entirely modularised
and self-contained within separate subdirectories in the source code. This
is the first step to redesigning these Distributors into their own separate
processes, which will allow the Distributors to remain functional while
BridgeDB is reparsing bridge descriptors.
* FIXES #15968 https://bugs.torproject.org/15968
BridgeDB now sends a Content-Security-Policy header which explicitly allows
Javascript, images, CSS, and fonts, from https://bridges.torproject.org.
All other types of content are forbidden, including:
- embedding https://bridges.torproject.org within
<iframe>, <embed>, or <object>, and attempting to source
additional resources into its embedded context
- inline Javascript, including Javascript within SVG files
- inline CSS
- externally hosted fonts
- inline SVG, e.g. via the HTML5 <svg> tag
- any and all connections made via Javascript XMLHttpRequests,
WebSockets, sendBeacon(), and Web Workers
- plugins
- applets
BridgeDB's Content-Security-Policy does not yet make use of certain newer,
lesser supported, Content-Security-Policy v2.0 directives, such as
"reflected-xss" and "frame-ancestors", but may someday.
* FIXES #16273 https://bugs.torproject.org/16273
Several links to Tor Project gitweb URLs within the developer documentation
were outdated in that they still used the old gitweb URL format. These are
now updated. Thanks to David Fifield for the bug report and patches.
* FIXES #16330 https://bugs.torproject.org/16330
BridgeDB can now handle bridge-server-descriptors with extra-info-digest
fields which have two values, as well as both bridge-server-descriptors and
bridge-extrainfo descriptors which contain Ed25519 key material and
signatures. See Tor proposals #220 and #228 for more information on the
changes to these descriptors. Note that BridgeDB can now parse this
information, but does not yet make use of any Ed25519 cryptographic material
within bridge descriptors.
https://gitweb.torproject.org/torspec.git/tree/proposals/220-ecc-id-keys.txt
https://gitweb.torproject.org/torspec.git/tree/proposals/228-cross-certification-onionkeys.txt
Thanks to Atagar for patching Stem.
* FIXES #16616 https://bugs.torproject.org/16616
The HSDir flag can now be included within bridge-networkstatus documents.
BridgeDB now has unittests which guarantee that its parsers safely ignore
this flag, as well as any flags unknown to BridgeDB which may appear in the
future. Thanks to Roger Dingledine for alerting me about the change.
* FIXES #16649 https://bugs.torproject.org/16649
Mobile users, and other users with small screen pixel ratios, will find that
the UI of BridgeDB's HTTPS Distributor has greatly increased in usability
and readability.
And includes the following general changes:
* FIXES an error when requesting the non-HTML version of the
bridges page (e.g. https://bridges.torproject.org/bridges?format=plain)
* REMOVES the `bridgedb test` commandline option.
BridgeDB's tests can be run via `python setup.py test` or `make test` (or
`make coverage` for generating HTML test coverage statistics).
* CHANGES the HTTPS Distributor to HTML-encode Bridge Lines.
Previously, a malicious Pluggable Transport Bridge could include in its PT
arguments something like "evil=<script>[…]</script>" and if such a Bridge
were to be distributed to a user, that user's web browser would execute the
script (if Javacript was enabled). Other characters, including non-ASCII,
control characters, double quotes, and backslashes, are also sanitised from
Bridge Lines. Thanks to Robert Ransom for the patches.
* CHANGES BridgeDB's module/package version numbers to be compliant with
PEP440.
* CHANGES the layout of BridgeDB's source code directories.
Rather than storing BridgeDB's source in "lib/bridgedb/", it is now kept in
"bridgedb/". Similarly, the directory containing BridgeDB's tests has been
moved from "lib/bridgedb/test/" to "test/", which means that the tests are
no longer installed when running `python setup.py install` or `make
install`.
* ADDS several improvements to the developer documentation at
https://pythonhosted.org/bridgedb.
* UPDATE English (en_US) translations.
* UPDATE English (en) translations.
* ADD Serbian (sr) translations.
Thanks to obj.petit.a, Ivan Radeljic, and Milenko Doder.
* UPDATE Arabic (ar) translations.
Thanks to A. Hassan, debo debo, KACIMI LAMINE, and Nudroid A.
* UPDATE Catalan (ca) translations.
Thanks to laia_.
* UPDATE Czech (cs) translations.
Thanks to Tomas Palik and Vlastimil Burián.
* UPDATE Danish (da) translations.
Thanks to Mogelbjerg.
* UPDATE German (de) translations.
Thanks to jschfr, Junge Limba, and Toralf Förster.
* UPDATE English (en_GB) translations.
Thanks to Andi Chandler.
* UPDATE Farsi (fa) translations.
Thanks to some awesome anonymous person for helping out.
* UPDATE Finish (fi) translations.
Thanks to Riku Viitanen.
* UPDATE French (fr) translations.
Thanks to elouann, Trans-fr, and Towinet.
* UPDATE French (fr_CA) translations.
Thanks to Trans-fr.
* UPDATE Croatian (hr_HR) translations.
Thanks to some awesome anonymous person for helping out.
* UPDATE Hungarian (hu) translations.
Thanks to some awesome anonymous person for helping out.
* UPDATE Indonesian (id) translations.
Thanks to Anthony Santana, Astryd Viandila Dahlan, cholif yulian,
constantius damar wicaksono, Dwi Cahyono, L1Nus, km242saya, and Zamani
Karmana.
* UPDATE Italian (it) translations.
Thanks to Random_R.
* UPDATE Japanese (ja) translations.
Thanks to ABE Tsunehiko.
* UPDATE Latvian (lv) translations.
Thanks to Ojārs Balcers.
* UPDATE Norwegian Bokmål (nb) translations.
Thanks to Erik Matson and Kristian Andre Henriksen.
* UPDATE Dutch (nl) translations.
Thanks to Mart3000.
* UPDATE Polish (pl) translations.
Thanks to Karol Obartuch.
* UPDATE Portuguese (pt) translations.
Thanks to Bruno D. Rodrigues and MMSRS.
* UPDATE Brazillian Portuguese (pt_BR) translations.
Thanks to Communia.
* UPDATE Romanian (ro) translations.
Thanks to Ana, axel_89, and Di N.
* UPDATE Russian (ru) translations.
Thanks to Ivan.
* UPDATE Slovak (sk_SK) translations.
Thanks to StefanH.
* UPDATE Albanian (sq) translations.
Thanks to some awesome unknown anonymous person who didn't add their name
to the list of translators.
* UPDATE Swedish (sv) translations.
Thanks to Peter Michanek.
* UPDATE Turkish (tr) translations.
Thanks to Bullgeschichte and Fomas.
* UPDATE Ukranian (uk) translations.
Thanks to Yasha.
* UPDATE Chinese Mandarin (zh_CN) translations.
Thanks to khi.
* UPDATE Taiwanese Mandarin (zh_TW) translations.
Thanks to x4r.
Changes in version 0.3.2 - 2015-05-01
* FIXES a problem with the calculation of Levenshtein distances
between blacklisted email addresses and those on incoming email. This fixes
a problem with the fuzzy matching implemented in #9385:
https://bugs.torproject.org/9385.
* FIXES #1839 https://bugs.torproject.org/1839
BridgeDB's distributors now rotate their hashrings at configurable scheduled
intervals.
* FIXES #4771 https://bugs.torproject.org/4771
BridgeDB now records which of the HTTPS Distributor's sub-hashrings are used
for clients coming from Tor Exit nodes and other known proxies.
* FIXES #12504 https://bugs.torproject.org/12504
Which Pluggable Transports BridgeDB distributes is now easily configurable
via the bridgedb.conf configuration file.
* FIXES #13202 https://bugs.torproject.org/13202
Old bridges running Tor-0.2.4.x with Pluggable Transports like scramblesuit
and obfs4proxy have a bug which causes them to not include the PT arguments
in the `transport` line they submit to the BridgeAuthority in their
extrainfo descriptors. This causes BridgeDB to have broken bridge lines for
these bridges. For example, scramblesuit requires a `password=` in the
`ClientTransportPlugin` for clients to connect to it. If BridgeDB receives
a line in that bridge's extrainfo which says `transport scramblesuit
1.2.3.4:1234` (without a password), then when BridgeDB gives clients a
bridge line for that bridge, it'll look like "Bridge scramblesuit
1.2.3.4:1234" - meaning that it won't work. This fixes the issue by
excluding broken transports from being distributed to clients.
* FIXES #15517 https://bugs.torproject.org/15517
For all clients who are coming from IPv6 addresses and are not using Tor,
who go to https://bridges.torproject.org, BridgeDB now groups these clients
together by /32. This "grouping" causes all IPv6 clients within the same
IPv6 /32 to get the same bridges. Previously, BridgeDB grouped IPv6 clients
by /64 (which is ridiculously small, considering standard IPv6 allocation
sizes).
For all clients who are coming from IPv4 addresses and are not using Tor,
BridgeDB now groups these clients together by /16. Previously, BridgeDB
grouped IPv4 clients by /24. (This latter change was technically made as
part of #4771.)
* FIXES #15464 https://bugs.torproject.org/15464
The setup procedure for creating a BridgeDB Continuous Integration build
machine is now simplified and generalised to include build environments like
Jenkins, not just TravisCI.
* FIXES #15866 https://bugs.torproject.org/15866
BridgeDB now ignores nearly all the information in the networkstatus-bridges
file created by the BridgeAuthority.
* ADDS benchmark tests to BridgeDB's test suite, and some of
BridgeDB's algorithms have been revised to improve their speed.
Changes in version 0.3.1 - 2015-03-24
* FIXES #14065 https://bugs.torproject.org/14065
When requesting vanilla IPv6 bridges from https://bridges.torproject.org,
BridgeDB would respond with IPv4 addresses. It now correctly responds with
IPv6 addresses.
And includes the following general changes:
* FIXES an issue with the filtering of hashrings while answering
requests for Pluggable Transports. (commit 3ef37df6)
* FIXES the return value from the GnuPG interface initialization
function (bridgedb.crypto.initializeGnuPG) when creating a test signature
has failed.
* CHANGES the way BridgeDB handles the case where it parses to
duplicate extrainfo descriptors (for the same Bridge) which also have
identical timestamps. Before, we assumed this wasn't possible. It turns
out that it not only is possible, but that usually every batch of
descriptors has at least one Bridge with such a set of perfectly identical
extrainfo descriptors. Even stranger, it appears that only Bridges started
for the first time quite recently (within the last eight hours) display this
behaviour. BridgeDB now logs these errors, rather than leaving them
unhandled. (commit a27d7905)
* ADDS an environment variable check to setup.py which controls
whether the setup.py script tries to install the dependencies listed in the
requirements.txt file with easy_install. If the environment variable
BRIDGEDB_INSTALL_DEPENDENCIES=0, then setup.py will not use easy_install.
When BridgeDB is installed via `make install` the default is to not use
easy_install; however, when installed via `python setup.py install`, the
default is to use easy_install to check for, find, and install dependencies.
(NOTE: the latter is *not* recommended.) (commit d035fe64)
Changes in version 0.3.0 - 2015-03-21
* FIXES #2895 https://bugs.torproject.org/2895
BridgeDB no longer assumes that any extrainfo descriptor files are in
chronological order.
* FIXES #4405 https://bugs.torproject.org/4405
BridgeDB now has a built-in timer mechanism for scheduling cronjobesque
events. This is now used to routinely download and parse the list of Tor
exit relays in a completely asynchronous manner.
* FIXES #9380 https://bugs.torproject.org/9380
BridgeDB now uses Stem (https://stem.torproject.org) for its parsers, and
has better classes for parsing and storing information on Bridges and their
Pluggable Transports. Additionally, all of BridgeDB's parses and the new
Bridge/PluggableTransport classes all have 100% unittest and integration
test coverage.
* FIXES #10385 https://bugs.torproject.org/10385
BridgeDB now uses python-gnupg (https://pypi.python.org/gnupg) instead of
GPGME (libgpgme11 and pygpgme). Previously, when using GPGME, BridgeDB was
unable to sign emails with a subkey whose master private key was not
present, causing all signing to be broken. Additionally, GPGME tried to
access and modify the BridgeDB users $HOME directory, and GPGME would also
try to create signatures with encryption-only subkeys, and try to
encrypt/decrypt with signing-only subkeys. All of these issues are no more,
because the writhing tangled mass of bugs known ad GPGME is gone for good.
* FIXES #11216 https://bugs.torproject.org/11216
BridgeDB no longer parses any extrainfo descriptor files cumulatively.
Before, a Bridge which had a descriptor in cached-extrainfo and in
cached-extrainfo.new and supported obfs3, obfs4, and scramblesuit transports
would be parsed twice, resulting in the Bridge having six transports. This
is no longer the case.
* HOTFIXES an issue with non-deterministic unittest failures in
the Mechanize-based integrations tests in lib/bridgedb/test/test_https.py.
hotfix/0.2.4-mechanize-tags
* FIXES part of #12507 https://bugs.torproject.org/12507
BridgeDB now has semi-automated developer documentation builds at
https://pythonhosted.org/bridgedb/.
* FIXES #12805 https://bugs.torproject.org/12805
BridgeDB is now packaged on PyPI, in the hopes that someday other
organisations will be able to run their own BridgeDBs.
* FIXES #12843 https://bugs.torproject.org/12843
BridgeDB will no longer distribute bridges which it believes are located in
Iran or Syria.
* FIXES #12872 https://bugs.torproject.org/12872
BridgeDB now has geolocational information for Bridges, telling it which
country each Bridge's primary ORAddress is within, as well as geolocational
information for each PluggableTransport address. Thanks to Alden S. Page
for the patches.
* FIXES #15155 https://bugs.torproject.org/15155
The instructions for obtaining a copy of Tor Browser should now be more
clear. Thanks to Jens Kubieziel, Nick Mathewson, and Peter Palfrader.
And includes the following general changes:
* CHANGES BridgeDB's continuous integration infrastructure to run
tests for:
- Twisted-13.2.0 (Debian Wheezy version),
- Twisted-14.0.2 (Debian Jessie version), and
- Twisted-15.0.0 (latest and greatest)
As well as testing both:
- pyOpenSSL-0.13.1 (Debian Wheezy version), and
- pyOpenSSL-0.14 (Debian Jessie version).
See https://travis-ci.org/isislovecruft/bridgedb/builds
* FIXES an issue with the $PYTHON_EGG_CACHE directory being group
writable on Travis-CI build machines.
* UPDATE English (en_US) translations.
* UPDATE English (en) translations.
* ADD Tamil (ta) translations.
Thanks to git12a.
* ADD Albanian (sq) translations.
Thanks to Bujar Tafili.
* ADD Slovenian (sl_SI) translations.
Thanks to Dušan, marko, and Nwolfy.
* ADD Slovak (sk_SK) translations.
Thanks to once.
* ADD Esperanto (eo) translations.
Thanks to identity, Rico Chan, and trio.
* ADD Bulgarian (bg) translations.
Thanks to aramaic.
* ADD Azerbaijani (az) translations.
Thanks to E.
* UPDATE Chinese (zh_TW) translations.
Thanks to LNDDYL.
* UPDATE Chinese (zh_CN) translations.
Thanks to Wu Ming Shi and YF.
* UPDATE Ukranian (uk) translations.
Thanks to Eugene ghostishev, LinuxChata, Oleksii Golub, and
Андрій Бандура.
* UPDATE Turkish (tr) translations.
Thanks to eromytsatiffird, Emir Sarı, Idil Yuksel, ozkansib,
Volkan Gezer, and zeki.
* UPDATE Swedish (sv) translations.
Thanks to Anders Jensen-Urstad, Emil Johansson, GabSeb, ph AA, phst,
and leveebreaks.
* UPDATE Slovak (sk) translations.
Thanks to elo, FooBar, Michal Slovák, Roman 'Kaktuxista' Benji, and
StefanH.
* UPDATE Russian (ru) translations.
Thanks to Andrey Yoker Ogurchikov, Evgrafov Denis, foo,
joshuaridney, Oleg, Sergey Briskin, Valid Olov, and Vitaliy Grishenko.
* UPDATE Romanian (ro) translations.
Thanks to Isus Satanescu, laura berindei, and clopotel.
* UPDATE Portuguese (pt_BR) translations.
Thanks to João Paulo S.S.
* UPDATE Portuguese (pt) translations.
Thanks to alfalb.as, André Monteiro, kagazz, Manuela Silva,
alfalb_mansil, Andrew_Melim, Pedro Albuquerque, Sérgio Marques, and
TiagoJMMC.
* UPDATE Polish (pl) translations.
Thanks to Aron, JerBen, bogdrozd, Dawid, Rikson, Krzysztof Łojowski,
oirpos, and seb.
* UPDATE Dutch (nl) translations.
Thanks to Adriaan Callaerts, Ann Boen, Cleveridge, Dick,
Johann Behrens, Shondoit Walker, Marco Brohet, guryman, Marco
Brohet, Tom Becht, Tonko Mulder, math1985, and BBLN.
* UPDATE Norwegian Bokmål (nb) translations.
Thanks to Allan Nordhøy, Harald, lateralus, Per Thorsheim,
and thor574.
* UPDATE Latvian (lv) translations.
Thanks to Ojārs Balcers and ThePirateDuck.
* UPDATE Khmer (km) translations.
Thanks to Seng Sutha, Sokhem Khoem, and Sok Sophea.
* UPDATE Japanese (ja) translations.
Thanks to brt, ABE Tsunehiko, タカハシ, Masaki Saito, and
藤前 甲.
* UPDATE Italian (it) translations.
Thanks to fetidyoo, Francesca Ciceri, HostFat, ironbishop, and
Jacob Appelbaum.
* UPDATE Hungarian (hu) translations.
Thanks to Blackywantscookies, Lajos Pasztor, Cerbo, and vargaviktor.
* UPDATE Croatian (hr) translations.
Thanks to Ana B, Armando Vega, skiddiep, Tomislav Siroglavić,
and gogo.
* UPDATE French (fr_CA) translations.
Thanks to Lunar, mehditaileb, Onizuka, and yahoe.001.
* UPDATE French (fr) translations.
Thanks to apaddlingduck, fayçal fatihi, Boubou, Cryptie,
Frisson Reynald, hpatte, Lucas Leroy, Lunar, Onizuka, and mehditaileb.
* UPDATE Finnish (fi) translations.
Thanks to Jorma Karvonen, Spacha, Ossi Kallunki, Sami Kuusisto,
viljaminojonen, and Finland355.
* UPDATE Farsi (fa) translations.
Thanks to arashaalaei, signal89, ardeshir, Gilberto, johnholzer,
Mohammad Hossein, perspolis, and Setareh.
* UPDATE Spanish (es) translations.
Thanks to dark_yoshi, toypurina, BL, NinjaTuna, Noel Torres,
Paola Falcon, strel, and Jonis.
* UPDATE English (en_GB) translations.
Thanks to Andi Chandler, Richard Shaylor, and ronnietse.
* UPDATE Greek (el) translations.
Thanks to Adrian Pappas, andromeas, oahanx, isv31, and kotkotkot.
* UPDATE German (de) translations.
Thanks to trantor, Ettore Atalan, unknwon_anonymous, konstibae,
Locke, Tobias Bannert, qbi, Sebastian, and debakel.
* UPDATE Danish (da) translations.
Thanks to Christian Villum, David Nielsen, OliverMller, torebjornson,
Thomas Pryds, and Tore Bjørnson.
* UPDATE Czech (cs) translations.
Thanks to A5h8d0wf0x, Adam Slovacek, Elisa, Sanky, Jiří Vírava,
mxsedlacek, and Radek Bensch.
* UPDATE Catalan (ca) translations.
Thanks to Albert, Assumpta Anglada, Eloi García i Fargas, Humbert,
and laia_.
* UPDATE Arabic (ar) translations.
Thanks to Ash and Valetudinarian.
Changes in version 0.2.4 - 2015-02-03
* HOTFIXES a UnicodeDecodeError resulting from patches for #12627.
https://bugs.torproject.org/12627
* FIXES #9874 https://bugs.torproject.org/9874
BridgeDB now has integration tests for all bridge distributors. Thanks to
trygve for the patches.
* FIXES #12871 https://bugs.torproject.org/12871
Bridge Buckets now work, even if the code for calculating Bridge stability
is disabled. Thanks to Matt Finkel for the patches.
* FIXES part of #12029 https://bugs.torproject.org/12029
Major sections of the bridgedb.Bridges module, which holds BridgeDB's main
data structures for storing and parsing Bridges, have been refactored in
preparation for upcoming changes to use Stem's parsers (see #9380
https://bugs.torproject.org/9380)
* FIXES #12932 https://bugs.torproject.org/12932
Arguments for Pluggable Transports in the bridge lines which BridgeDB
distributes to users are now properly space-separated. This issue was
affecting the deployment of the obfs4 PT (see #12130
https://bugs.torproject.org/12130).
* FIXES #13123 https://bugs.torproject.org/13123
Previously, there were two additional whitespace characters at the beginning
of bridge lines handed out by BridgeDB's HTTPS distributor, which would be
annoyingly copy+pasted into TorLauncher and torrcs, etc. These are now
gone.
* FIXES #12664 https://bugs.torproject.org/12664
Previously, for the bridge lines handed out by BridgeDB's HTTPS distributor,
the newlines were not properly pasted when a user would copy+paste the
lines. This is now fixed. Additionally, there is now a "Select All" button
(JS must be enabled) to select all text for the bridge lines, to attempt to
reduce user copy+paste errors. If the display area which contains the
bridge lines is clicked, and JS is enabled, it has the same effect as
clicking the "Select All" button.
* FIXES #14064 https://bugs.torproject.org/14064
The bridge lines handed out by BridgeDB's HTTPS distributor are now
displayed with a horizontal scrollbar if they are too long to fit into the
display area.
* FIXES #11345 https://bugs.torproject.org/11345
BridgeDB now supports giving users QRCodes for their bridge lines, to
facilitate getting bridges into Tails and onto mobile devices.
* FIXES #12130 https://bugs.torproject.org/12130
BridgeDB's distributors now have options to distribute obfs4 bridges.
And includes the following general changes:
* CHANGES the integration tests based on Mechanize to only run on
CI servers, not locally on developers laptops, since it requires the running
BridgeDB test/staging instance to offer a plaintext HTTP interface. See
commit 24acf6a72.
https://gitweb.torproject.org/bridgedb.git/commit/?id=24acf6a72931c602631c97dbbeb582c22cf446cb
* ADDS better installation instructions in README.rst for
developers who wish to test their changes to BridgeDB. Thanks to Alden Page
for the patch.
Changes in version 0.2.3 - 2014-07-26
* FIXES #5463 https://bugs.torproject.org/5463
BridgeDB can now OpenPGP sign outgoing emails.
* FIXES #9385 https://bugs.torproject.org/9385
BridgeDB now has the ability to blacklist email addresses, and configurable
options to fuzzy match and block addresses which are similar enough to those
in the blacklist.
* FIXES #11139 https://bugs.torproject.org/11139
You can now email BridgeDB from Riseup email addresses!
* FIXES #12147 https://bugs.torproject.org/12147
An additional issue with BridgeDB's code for scheduling actions was
identified by Robert Ransom, who also provided a unittest to demonstrate the