Unverified Commit cb8b01bc authored by Isis Lovecruft's avatar Isis Lovecruft
Browse files

Merge branch 'release-0.2.2'

parents b7cd297c 136ff6cc
......@@ -4,11 +4,11 @@ notifications:
- "irc.oftc.net#tor-bots"
- "%{repository}#%{build_number} (%{branch} - %{commit} : %{author}): %{message}"
- "Build details : %{build_url}"
on_success: always
on_failure: always
- "%{repository}#%{build_number} (%{branch} - %{commit} : %{author}): %{message}"
- "Build details : %{build_url}"
- isis@torproject.org
......@@ -16,17 +16,40 @@ notifications:
on_success: never
on_failure: change
- sudo apt-get update
# Distro development header/library/resource/buildtime dependencies
- sudo apt-get install --no-install-suggests --no-install-recommends build-essential openssl sqlite3 libgpgme11 libgpgme11-dev python-dev python-setuptools
- "2.7"
- "pypy"
- bridges.torproject.org
- python: "2.7"
- python: "pypy"
fast_finish: true
- sudo apt-get update
- pip install -r requirements.txt
- pip install --no-use-wheel leekspin==0.1.3 coverage==3.7 coveralls==0.3 sure==1.2.2
- sudo apt-get install -qq --no-install-suggests --no-install-recommends build-essential openssl sqlite3 libgpgme11 libgpgme11-dev python-dev python-setuptools
- pip install -q -r .travis.requirements.txt
- pip install -q --no-use-wheel leekspin==$LEEKSPIN_VERSION sure==$SURE_VERSION
- pip install -q --no-use-wheel coverage==$COVERAGE_VERSION coveralls==$COVERALLS_VERSION
- pip install -q --no-use-wheel Twisted==$TWISTED_VERSION pyOpenSSL==$PYOPENSSL_VERSION
- make install
Changes in version 0.2.2 - 2014-06-XXX
* FIXES #9874 https://trac.torproject.org/projects/tor/ticket/9874
BridgeDB's email and HTTPS distributors were written in a manner
that makes them largely impossible to write unittests for. Since
the recent rewrite of BridgeDB's email distributor server backends
for version 0.2.1, BridgeDB email distributor is now testable and
has near 100% code coverage, see
* FIXES #12086 https://trac.torproject.org/projects/tor/ticket/12086
BridgeDB was found to accept incoming emails sent to any email
address whose local part included the word bridges, e.g. emails
sent to 'givemebridges@serious.ly' would be responded to as if
they were destined for BridgeDB's real email address.
- BridgeDB now strictly checks that the local part of the email
address that an incoming email was sent to (after removing plus
aliases, i.e. '+es_ES', '+fa', etc.) exactly matches BridgeDB
configured email address username.
- BridgeDB now checks that the domain name portion of the email
address that an incoming email was sent to either matches the
domain name portion of BridgeDB's configured email address, or
is a subdomain of that domain.
* FIXES #12089 https://trac.torproject.org/projects/tor/ticket/12089
There has been a bug for quite some time now where BridgeDB could
be used to email arbitrary email addresses (as long as these
addresses were ones which BridgeDB allows, i.e. Gmail or Yahoo
email addresses). This was due to BridgeDB not checking that the
email address used in the SMTP 'MAIL FROM:' command on an incoming
message matched the one used in that email's 'From:'
- BridgeDB now checks that the email addresses in the SMTP 'MAIL
FROM:' and the 'From:' header on that incoming email match, in
addition to the previous checks that the email address' domain
is in the set of allowed domains.
* FIXES #12090 https://trac.torproject.org/projects/tor/ticket/12090
BridgeDB has been replying with an empty email. I don't actually
know for sure if this one is fixed. Before deploying version
0.2.1, the continuous integration tests showed email responses
being correctly generated, and I was also able to receive
correctly formed email responses from BridgeDB on a local testing
instance on my laptop. It appears that this bug occurs only on the
deployment server at ponticum.torproject.org, possibly due to the
outdated Python version in Debian Wheezy. I have not been able to
reproduce this bug on any other machine.
* FIXES #12091 https://trac.torproject.org/projects/tor/ticket/12091
BridgeDB wasn't properly ignoring emails whose DKIM signature
verification header read "X-DKIM-Authentication-Results: dunno".
- Bridgedb now marks incoming emails which have a
"X-DKIM-Authentication-Results: dunno" header as invalid and
ignores them.
* FIXES #12147 https://trac.torproject.org/projects/tor/ticket/12147
If a user refreshed https://bridges.torproject.org/bridges after
successfully solving a CAPTCHA, BridgeDB would reply with a new
set of bridges for each page refresh. This was due to the use of
`getIterval()` in `IPBasedDistributor.getBridgesForIP()`.The
correct function to use is `getIntervalStart()`. This had been
noted in a "XXX FIXME" comment above the call for quite some time,
however, when the `bridgedb.schedule` (previously called
`bridgedb.Time`) module was revised to support CAPTCHA timeouts
(#11215), the call to `getInterval()` was mistakenly not replaced
with the correct function.
- BridgeDB CAPTCHAs must be solved within 10 minutes.
- Hashring rotation for bridges in BridgeDB HTTPS distributor
occurs every 3 hours. Refreshing the page with bridges on it
will return these same bridges for that time period, and
afterwards redirect back to the CAPTCHA page.
THANKS TO francisco on IRC and arma for reporting the bug.
* FIXES #12212 https://trac.torproject.org/projects/tor/ticket/12122
TRANSLATOR comments are now properly extracted into the gettext PO
template file.
And include the following general changes:
* FIXES an issue where, when verifying GnuPG signatures made by
BridgeDB's email distributor, GnuPG would error, saying, "invalid
armor header".
* ADD Korean (ko) translations.
Thanks to ilbe123, cwt96, Dr.what, and pCsOrI.
* UPDATE Ukranian (uk) translations.
Thanks to LinuxChata and ghostishev.
* UPDATE Turkish (tr) translations.
Thanks to volkangezer.
* UPDATE Brazilian Portuguese (pt_BR) translations.
Thanks to Communia, Humberto Sartini, Anastasia01, and recognitium.
* UPDATE Polish (pl) translations.
Thanks to hoek, yodaa, maxxx, and sebx.
* UPDATE Dutch (nl) translations.
Thanks to Ann Boen, erwindelaat, guryman, and BBLN.
You guys are extra awesome for translating the phrase:
"Uh oh, spaghettios!"
into the Dutch:
"Helaas pindakaas!"
which, in English, literally means:
"Unfortunately, peanut butter!"
You guys totally just made my day. Thanks.
* UPDATE Japanese (ja) translations.
Thanks to plazmism, who is extra awesome for translating the phrase:
"Uh oh, spaghettios!"
into the Japanese:
which apparently the literal English translation is:
"Husband spaghetti!"
* UPDATE Italian (it) translations.
Thanks to Random_R.
* UPDATE Canadian French (fr_CA) translations.
Thanks to Lunar.
* UPDATE Spanish (es) translations.
Thanks to dark_yoshi and strel.
* UPDATE Greek (el) translations.
Thanks to pappasadrian.
* UPDATE German (de) translations.
Thanks to trantor and unknwon_anonymous.
* UPDATE Danish (da) translations.
Thanks to autofunk78 and DavidNielsen.
Changes in version 0.2.1 - 2014-05-16
* FIXES #5463 https://trac.torproject.org/projects/tor/ticket/5463
Emails sent from BridgeDB's email distributor should now be signed.
......@@ -279,7 +279,7 @@ EMAIL_DIST = True
# EMAIL_FROM_ADDR goes in the 'From:' header on outgoing emails:
EMAIL_FROM_ADDR = "bridges@torproject.org"
# EMAIL_SMTP_FROM_ADDR goes in the 'Mail-From:' header in outgoing SMTP:
# EMAIL_SMTP_FROM_ADDR goes in the 'MAIL FROM:' command in outgoing SMTP:
EMAIL_SMTP_FROM_ADDR = "bridges@torproject.org"
.. automodule:: bridgedb.email.autoresponder
.. automodule:: bridgedb.EmailServer
.. automodule:: bridgedb.email.dkim
.. automodule:: bridgedb.email.request
.. automodule:: bridgedb.email.server
.. automodule:: bridgedb.email.templates
......@@ -11,7 +11,12 @@ BridgeDB Package and Module Documentation
......@@ -32,7 +32,12 @@ import bridgedb.Bridges
import bridgedb.Bucket
import bridgedb.crypto
import bridgedb.Dist
import bridgedb.EmailServer
import bridgedb.email
import bridgedb.email.autoresponder
import bridgedb.email.dkim
import bridgedb.email.request
import bridgedb.email.server
import bridgedb.email.templates
import bridgedb.Filters
import bridgedb.HTTPServer
import bridgedb.Main
......@@ -108,18 +108,15 @@ def replaceErrorPage(error, template_name=None):
# TRANSLATORS: Please DO NOT translate the following words and/or phrases in
# any string (regardless of capitalization and/or punctuation):
# "bridge"
# "bridges"
# "BridgeDB"
# "pluggable transport"
# "pluggable transports"
# "obfs2"
# "obfs3"
# "scramblesuit"
# "fte"
# "fteproxy"
# "Tor"
# "Tor Browser"
# "TBB"
errmsg = _("Sorry! Something went wrong with your request.")
rendered = """<html>
"""Servers for BridgeDB's email bridge distributor."""
This diff is collapsed.
# -*- coding: utf-8 ; test-case-name: bridgedb.test.test_email_dkim -*-
# This file is part of BridgeDB, a Tor bridge distribution system.
# :authors: Nick Mathewson <nickm@torproject.org>
# Isis Lovecruft <isis@torproject.org> 0xA3ADB67A2CDB8B35
# Matthew Finkel <sysrqb@torproject.org>
# please also see AUTHORS file
# :copyright: (c) 2007-2014, The Tor Project, Inc.
# (c) 2013-2014, Isis Lovecruft
# :license: see LICENSE for licensing information
"""Functions for checking DKIM verification results in email headers."""
from __future__ import unicode_literals
import logging
def checkDKIM(message, rules):
"""Check the DKIM verification results header.
This check is only run if the incoming email, **message**, originated from
a domain for which we're configured (in the ``EMAIL_DOMAIN_RULES``
dictionary in the config file) to check DKIM verification results for.
:type message: :api:`twisted.mail.smtp.rfc822.Message`
:param message: The incoming client request email, including headers.
:param dict rules: The list of configured ``EMAIL_DOMAIN_RULES`` for the
canonical domain which the client's email request originated from.
:rtype: bool
:returns: ``False`` if:
1. We're supposed to expect and check the DKIM headers for the
client's email provider domain.
2. Those headers were *not* okay.
Otherwise, returns ``True``.
logging.info("Checking DKIM verification results...")
logging.debug("Domain has rules: %s" % ', '.join(rules))
if 'dkim' in rules:
# getheader() returns the last of a given kind of header; we want
# to get the first, so we use getheaders() instead.
dkimHeaders = message.getheaders("X-DKIM-Authentication-Results")
dkimHeader = "<no header>"
if dkimHeaders:
dkimHeader = dkimHeaders[0]
if not dkimHeader.startswith("pass"):
logging.info("Rejecting bad DKIM header on incoming email: %r "
% dkimHeader)
return False
return True
This diff is collapsed.
......@@ -103,10 +103,9 @@ def addHowto(template):
def addFooter(template, clientAddress=None):
"""Add a footer.
<3 BridgeDB
Public Keys: https://bridges.torproject.org/keys
This email was generated with rainbows, unicorns, and sparkles
......@@ -115,9 +114,9 @@ def addFooter(template, clientAddress=None):
now = datetime.utcnow()
clientAddr = clientAddress.addrstr
footer = u'--\n'
footer += u' <3 BridgeDB\n\n'
footer += u'-' * 70
footer = u' --\n'
footer += u' <3 BridgeDB\n'
footer += u'_' * 70
footer += u'\n'
footer += template.gettext(strings.EMAIL_MISC_TEXT[8])
footer += u': https://bridges.torproject.org/keys\n'
# Translations template for BridgeDB.
# Copyright (C) 2013 ORGANIZATION
# Copyright (C) 2014 'The Tor Project, Inc.'
# This file is distributed under the same license as the BridgeDB project.
# Translators:
# Translators:
# autofunk78 <villum@autofunk.dk>, 2014
# DavidNielsen <gnomeuser@gmail.com>, 2014
# OliverMller <theoliver@live.co.uk>, 2011
# torebjornson <tore.bjornson@gmail.com>, 2013
msgid ""
msgstr ""
"Project-Id-Version: The Tor Project\n"
"Report-Msgid-Bugs-To: https://trac.torproject.org/projects/tor\n"
"POT-Creation-Date: 2013-03-27 21:41+0000\n"
"PO-Revision-Date: 2013-06-30 06:20+0000\n"
"Last-Translator: torebjornson <tore.bjornson@gmail.com>\n"
"Report-Msgid-Bugs-To: 'https://trac.torproject.org/projects/tor/newticket?component=BridgeDB&keywords=bridgedb-reported,msgid&cc=isis,sysrqb&owner=isis'\n"
"POT-Creation-Date: 2014-05-16 18:39+0000\n"
"PO-Revision-Date: 2014-06-06 18:13+0000\n"
"Last-Translator: autofunk78 <villum@autofunk.dk>\n"
"Language-Team: Danish (http://www.transifex.com/projects/p/torproject/language/da/)\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
......@@ -21,82 +22,348 @@ msgstr ""
"Language: da\n"
"Plural-Forms: nplurals=2; plural=(n != 1);\n"
#: lib/bridgedb/templates/base.html:33
#. TRANSLATORS: Please DO NOT translate the following words and/or phrases in
#. any string (regardless of capitalization and/or punctuation):
#. "bridge"
#. "bridges"
#. "BridgeDB"
#. "pluggable transport"
#. "pluggable transports"
#. "obfs2"
#. "obfs3"
#. "scramblesuit"
#. "fte"
#. "Tor"
#. "Tor Browser"
#. "TBB"
#: lib/bridgedb/HTTPServer.py:124
msgid "Sorry! Something went wrong with your request."
msgstr "Undskyld, noget gik galt med din anmodning."
#: lib/bridgedb/strings.py:18
msgid "[This is an automated message; please do not reply.]"
msgstr "[Dette er en automatisk meddelelse; Svar venligst ikke.]"
#: lib/bridgedb/strings.py:20
msgid "Here are your bridges:"
msgstr "Her er dine broer:"
#: lib/bridgedb/strings.py:22
#, python-format
msgid ""
"You have exceeded the rate limit. Please slow down! The minimum time between\n"
"emails is %s hours. All further emails during this time period will be ignored."
msgstr ""
"Du har overskredet ratebegrænsningen. Sænk venligst hastigheden! Den minimale\n"
"tid mellem emails er %s timer. Yderligere emails sendt i denne period vil\n"
"blive ignoreret."
#: lib/bridgedb/strings.py:25
msgid ""
"COMMANDs: (combine COMMANDs to specify multiple options simultaneously)"
msgstr "COMMANDs: (Kombiner COMMANDs for at specifierer adskillige valgmuligheder på en gang)"
#: lib/bridgedb/strings.py:27
msgid "Welcome to BridgeDB!"
msgstr "Velkommen til BridgeDB!"
#. TRANSLATORS: Please DO NOT translate the words "transport" or "TYPE".
#: lib/bridgedb/strings.py:29
msgid "Currently supported transport TYPEs:"
msgstr "Transport TYPEs som er understøttet i øjeblikket:"
#: lib/bridgedb/strings.py:30
#, python-format
msgid "Hey, %s!"
msgstr "Hej %s!"
#: lib/bridgedb/strings.py:31
msgid "Hello, friend!"
msgstr "Hej min ven!"
#: lib/bridgedb/strings.py:32 lib/bridgedb/templates/base.html:100
msgid "Public Keys"
msgstr "Offentlige nøgler"
#. TRANSLATORS: This string will end up saying something like:
#. "This email was generated with rainbows, unicorns, and sparkles
#. for alice@example.com on Friday, 09 May, 2014 at 18:59:39."
#: lib/bridgedb/strings.py:36
#, python-format
msgid ""
"This email was generated with rainbows, unicorns, and sparkles\n"
"for %s on %s at %s."
msgstr ""
"Denne email til %s blev skabt ved hjælp af regnbuer,\n"
"enhjørninger og glitter %s klokken %s."
#: lib/bridgedb/strings.py:42
#, python-format
msgid ""
"BridgeDB can provide bridges with several %stypes of Pluggable Transports%s,\n"
"which can help obfuscate your connections to the Tor Network, making it more\n"
"difficult for anyone watching your internet traffic to determine that you are\n"
"using Tor.\n"
msgstr ""
"BridgeDB kan formidle broer med adskillige typer %sPluggable Transports%s\n"
"som kan hjælpe med at sløre dine forbindelser til Tor netværket, og dermed\n"
"gøre det vanskeligere for nogen som kan se din internet trafik at bestemme\n"
"at du bruger Tor.\n"
#: lib/bridgedb/strings.py:48
msgid ""
"Some bridges with IPv6 addresses are also available, though some Pluggable\n"
"Transports aren't IPv6 compatible.\n"
msgstr ""
"Nogle broer med IPv6 adresser er også tilgængelige, men ikke alle Pluggable\n"
"Transports understøtter IPv6.\n"
#: lib/bridgedb/strings.py:52
#, python-format
msgid ""
"Additionally, BridgeDB has plenty of plain-ol'-vanilla bridges %s without any\n"
"Pluggable Transports %s which maybe doesn't sound as cool, but they can still\n"
"help to circumvent internet censorship in many cases.\n"
msgstr ""
"BridgeDB har ydermere masser af konventionelle broer %s uden nogen\n"
"Pluggable Transports %s hvilket måske ikke lyder så smart, men de\n"
"kan stadigvæk hjælpe med at omgå internet censur i mange tilfælde.\n"
#: lib/bridgedb/strings.py:65
msgid "What are bridges?"
msgstr "Hvad er broer?"
#: lib/bridgedb/templates/base.html:34
#: lib/bridgedb/strings.py:66
#, python-format
msgid ""
"%s Bridge relays %s are Tor relays that help you circumvent censorship."
msgstr "%s Bro relæer %s er Tor relæer der hjælper Dem med at undgå censur."
msgid "%s Bridges %s are Tor relays that help you circumvent censorship."
msgstr "%s broer %s er Tor relæer som hjælper dig med at omgå censur."
#: lib/bridgedb/templates/base.html:39
#: lib/bridgedb/strings.py:71
msgid "I need an alternative way of getting bridges!"
msgstr "Jeg har brug for en alternativ metode til at få broer på!"
#: lib/bridgedb/templates/base.html:40
#: lib/bridgedb/strings.py:72
#, python-format
msgid ""
"Another way to find public bridge addresses is to send an email (from a %s "
"or a %s address) to %s with the line 'get bridges' by itself in the body of "
"the mail."
msgstr "En anden måde at finde offentlige bro adresser på, er at sende en email (fra en %s eller en %s adresse) til %s kun indeholdende linjen 'få broer' i selve mailen."
"Another way to get bridges is to send an email to %s. Please note that you must\n"
"send the email using an address from one of the following email providers:\n"
"%s or %s."
msgstr ""
"En anden måde at finde broer er at sende en email til %s. Bemærk venligst\n"
"at du skal sende emailen fra en konto hos en af de følgende email udbydere:\n"
"%s eller %s."
#: lib/bridgedb/templates/base.html:48
#: lib/bridgedb/strings.py:79
msgid "My bridges don't work! I need help!"
msgstr "Mine broer virker ikke! Jeg har brug for hjælp!"
#: lib/bridgedb/templates/base.html:49
#: lib/bridgedb/strings.py:80
#, python-format
msgid "If your Tor doesn't work, you should email %s."
msgstr "Hvis Tor ikke virker for dig kan du sende en email til %s."
#: lib/bridgedb/strings.py:81
msgid ""
"Try including as much info about your case as you can, including the list of\n"
"bridges and Pluggable Transports you tried to use, your Tor Browser version,\n"
"and any messages which Tor gave out, etc."
msgstr ""
"Prøv at inkluderer så meget information om din sag som muligt, der i blandt:\n"
"En liste af broer og Pluggable Transports du har prøvet at bruge, din Tor\n"
"Browser version, hvilke beskeder Tor gav, etc."
#: lib/bridgedb/strings.py:88
msgid "Here are your bridge lines:"
msgstr "Her er dine bro linjer:"
#: lib/bridgedb/strings.py:89
msgid "Get Bridges!"
msgstr "Find broer!"
#: lib/bridgedb/strings.py:93
msgid "Please select options for bridge type:"
msgstr "Vælg venligst brotype muligheder:"
#: lib/bridgedb/strings.py:94
msgid "Do you need IPv6 addresses?"
msgstr "Har du brug for IPv6 adresser?"
#: lib/bridgedb/strings.py:95
#, python-format
msgid "Do you need a %s?"
msgstr "Har du brug for en %s?"
#: lib/bridgedb/strings.py:99
msgid "Your browser is not displaying images properly."
msgstr "Din browser kan ikke vise billeder korrekt."