[tor-dev] BridgeDB 0.3.3 is released
isis
isis at torproject.org
Tue Dec 1 02:48:35 UTC 2015
Hello!
I released BridgeDB 0.3.3 a few weeks ago, and deployed it on the production
server. However, I completely forgot to email the list to notify you all of
the changes. Oops, sorry!
For those who are curious, BridgeDB-0.3.3 brought about the following changes
(and, as always, the current changelog is available at
https://gitweb.torproject.org/bridgedb.git/tree/CHANGELOG):
Changes in version 0.3.3 - 2015-10-25
* FIXES #12029 https://bugs.torproject.org/12029
BridgeDB now has an API for creating Bridge Distributors.
See the bridgedb.distribute module, or its developer documentation
at https://pythonhosted.org/bridgedb/bridgedb.distribute.html.
* FIXES PART OF #12506 https://bugs.torproject.org/12506
BridgeDB's two Distributors (HTTPS and Email) are now entirely
modularised and self-contained within separate subdirectories in
the source code. This is the first step to redesigning these
Distributors into their own separate processes, which will allow
the Distributors to remain functional while BridgeDB is reparsing
bridge descriptors.
* FIXES #15968 https://bugs.torproject.org/15968
BridgeDB now sends a Content-Security-Policy header which
explicitly allows Javascript, images, CSS, and fonts, from
https://bridges.torproject.org. All other types of content are
forbidden, including:
- embedding https://bridges.torproject.org within
<iframe>, <embed>, or <object>, and attempting to source
additional resources into its embedded context
- inline Javascript, including Javascript within SVG files
- inline CSS
- externally hosted fonts
- inline SVG, e.g. via the HTML5 <svg> tag
- any and all connections made via Javascript XMLHttpRequests,
WebSockets, sendBeacon(), and Web Workers
- plugins
- applets
BridgeDB's Content-Security-Policy does not yet make use of
certain newer, lesser supported, Content-Security-Policy v2.0
directives, such as "reflected-xss" and "frame-ancestors", but may
someday.
* FIXES #16273 https://bugs.torproject.org/16273
Several links to Tor Project gitweb URLs within the developer
documentation were outdated in that they still used the old gitweb
URL format. These are now updated.
Thanks to David Fifield for the bug report and patches.
* FIXES #16330 https://bugs.torproject.org/16330
BridgeDB can now handle bridge-server-descriptors with
extra-info-digest fields which have two values, as well as both
bridge-server-descriptors and bridge-extrainfo descriptors which
contain Ed25519 key material and signatures. See Tor proposals
#220 and #228 for more information on the changes to these
descriptors. Note that BridgeDB can now parse this information,
but does not yet make use of any Ed25519 cryptographic material
within bridge descriptors.
https://gitweb.torproject.org/torspec.git/tree/proposals/220-ecc-id-keys.txt
https://gitweb.torproject.org/torspec.git/tree/proposals/228-cross-certification-onionkeys.txt
Thanks to Atagar for patching Stem.
* FIXES #16616 https://bugs.torproject.org/16616
The HSDir flag can now be included within bridge-networkstatus
documents. BridgeDB now has unittests which guarantee that its
parsers safely ignore this flag, as well as any flags unknown to
BridgeDB which may appear in the future.
Thanks to Roger Dingledine for alerting me about the change.
* FIXES #16649 https://bugs.torproject.org/16649
Mobile users, and other users with small screen pixel ratios, will
find that the UI of BridgeDB's HTTPS Distributor has greatly
increased in usability and readability.
And includes the following general changes:
* FIXES an error when requesting the non-HTML version of the
bridges page (e.g. https://bridges.torproject.org/bridges?format=plain)
* REMOVES the `bridgedb test` commandline option.
BridgeDB's tests can be run via `python setup.py test` or `make
test` (or `make coverage` for generating HTML test coverage
statistics).
* CHANGES the HTTPS Distributor to HTML-encode Bridge Lines.
Previously, a malicious Pluggable Transport Bridge could include
in its PT arguments something like "evil=<script>[…]</script>" and
if such a Bridge were to be distributed to a user, that user's web
browser would execute the script (if Javacript was enabled).
Other characters, including non-ASCII, control characters, double
quotes, and backslashes, are also sanitised from Bridge Lines.
Thanks to Robert Ransom for the patches.
* CHANGES BridgeDB's module/package version numbers to be
compliant with PEP440.
* CHANGES the layout of BridgeDB's source code directories.
Rather than storing BridgeDB's source in "lib/bridgedb/", it is
now kept in "bridgedb/". Similarly, the directory containing
BridgeDB's tests has been moved from "lib/bridgedb/test/" to
"test/", which means that the tests are no longer installed when
running `python setup.py install` or `make install`.
* ADDS several improvements to the developer documentation at
https://pythonhosted.org/bridgedb.
* UPDATE English (en_US) translations.
* UPDATE English (en) translations.
* ADD Serbian (sr) translations.
Thanks to obj.petit.a, Ivan Radeljic, and Milenko Doder.
* UPDATE Arabic (ar) translations.
Thanks to A. Hassan, debo debo, KACIMI LAMINE, and Nudroid A.
* UPDATE Catalan (ca) translations.
Thanks to laia_.
* UPDATE Czech (cs) translations.
Thanks to Tomas Palik and Vlastimil Burián.
* UPDATE Danish (da) translations.
Thanks to Mogelbjerg.
* UPDATE German (de) translations.
Thanks to jschfr, Junge Limba, and Toralf Förster.
* UPDATE English (en_GB) translations.
Thanks to Andi Chandler.
* UPDATE Farsi (fa) translations.
Thanks to some awesome anonymous person for helping out.
* UPDATE Finish (fi) translations.
Thanks to Riku Viitanen.
* UPDATE French (fr) translations.
Thanks to elouann, Trans-fr, and Towinet.
* UPDATE French (fr_CA) translations.
Thanks to Trans-fr.
* UPDATE Croatian (hr_HR) translations.
Thanks to some awesome anonymous person for helping out.
* UPDATE Hungarian (hu) translations.
Thanks to some awesome anonymous person for helping out.
* UPDATE Indonesian (id) translations.
Thanks to Anthony Santana, Astryd Viandila Dahlan, cholif yulian,
constantius damar wicaksono, Dwi Cahyono, L1Nus, km242saya, and
Zamani Karmana.
* UPDATE Italian (it) translations.
Thanks to Random_R.
* UPDATE Japanese (ja) translations.
Thanks to ABE Tsunehiko.
* UPDATE Latvian (lv) translations.
Thanks to Ojārs Balcers.
* UPDATE Norwegian Bokmål (nb) translations.
Thanks to Erik Matson and Kristian Andre Henriksen.
* UPDATE Dutch (nl) translations.
Thanks to Mart3000.
* UPDATE Polish (pl) translations.
Thanks to Karol Obartuch.
* UPDATE Portuguese (pt) translations.
Thanks to Bruno D. Rodrigues and MMSRS.
* UPDATE Brazillian Portuguese (pt_BR) translations.
Thanks to Communia.
* UPDATE Romanian (ro) translations.
Thanks to Ana, axel_89, and Di N.
* UPDATE Russian (ru) translations.
Thanks to Ivan.
* UPDATE Slovak (sk_SK) translations.
Thanks to StefanH.
* UPDATE Albanian (sq) translations.
Thanks to some awesome unknown anonymous person who didn't add their
name to the list of translators.
* UPDATE Swedish (sv) translations.
Thanks to Peter Michanek.
* UPDATE Turkish (tr) translations.
Thanks to Bullgeschichte and Fomas.
* UPDATE Ukranian (uk) translations.
Thanks to Yasha.
* UPDATE Chinese Mandarin (zh_CN) translations.
Thanks to khi.
* UPDATE Taiwanese Mandarin (zh_TW) translations.
Thanks to x4r.
--
♥Ⓐ isis agora lovecruft
_________________________________________________________
OpenPGP: 4096R/0A6A58A14B5946ABDE18E207A3ADB67A2CDB8B35
Current Keys: https://blog.patternsinthevoid.net/isis.txt
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1240 bytes
Desc: Digital signature
URL: <http://lists.torproject.org/pipermail/tor-dev/attachments/20151201/28cb05e7/attachment.sig>
More information about the tor-dev
mailing list