Hello! I released BridgeDB 0.3.3 a few weeks ago, and deployed it on the production server. However, I completely forgot to email the list to notify you all of the changes. Oops, sorry! For those who are curious, BridgeDB-0.3.3 brought about the following changes (and, as always, the current changelog is available at https://gitweb.torproject.org/bridgedb.git/tree/CHANGELOG): Changes in version 0.3.3 - 2015-10-25 * FIXES #12029 https://bugs.torproject.org/12029 BridgeDB now has an API for creating Bridge Distributors. See the bridgedb.distribute module, or its developer documentation at https://pythonhosted.org/bridgedb/bridgedb.distribute.html. * FIXES PART OF #12506 https://bugs.torproject.org/12506 BridgeDB's two Distributors (HTTPS and Email) are now entirely modularised and self-contained within separate subdirectories in the source code. This is the first step to redesigning these Distributors into their own separate processes, which will allow the Distributors to remain functional while BridgeDB is reparsing bridge descriptors. * FIXES #15968 https://bugs.torproject.org/15968 BridgeDB now sends a Content-Security-Policy header which explicitly allows Javascript, images, CSS, and fonts, from https://bridges.torproject.org. All other types of content are forbidden, including: - embedding https://bridges.torproject.org within <iframe>, <embed>, or <object>, and attempting to source additional resources into its embedded context - inline Javascript, including Javascript within SVG files - inline CSS - externally hosted fonts - inline SVG, e.g. via the HTML5 <svg> tag - any and all connections made via Javascript XMLHttpRequests, WebSockets, sendBeacon(), and Web Workers - plugins - applets BridgeDB's Content-Security-Policy does not yet make use of certain newer, lesser supported, Content-Security-Policy v2.0 directives, such as "reflected-xss" and "frame-ancestors", but may someday. * FIXES #16273 https://bugs.torproject.org/16273 Several links to Tor Project gitweb URLs within the developer documentation were outdated in that they still used the old gitweb URL format. These are now updated. Thanks to David Fifield for the bug report and patches. * FIXES #16330 https://bugs.torproject.org/16330 BridgeDB can now handle bridge-server-descriptors with extra-info-digest fields which have two values, as well as both bridge-server-descriptors and bridge-extrainfo descriptors which contain Ed25519 key material and signatures. See Tor proposals #220 and #228 for more information on the changes to these descriptors. Note that BridgeDB can now parse this information, but does not yet make use of any Ed25519 cryptographic material within bridge descriptors. https://gitweb.torproject.org/torspec.git/tree/proposals/220-ecc-id-keys.txt https://gitweb.torproject.org/torspec.git/tree/proposals/228-cross-certification-onionkeys.txt Thanks to Atagar for patching Stem. * FIXES #16616 https://bugs.torproject.org/16616 The HSDir flag can now be included within bridge-networkstatus documents. BridgeDB now has unittests which guarantee that its parsers safely ignore this flag, as well as any flags unknown to BridgeDB which may appear in the future. Thanks to Roger Dingledine for alerting me about the change. * FIXES #16649 https://bugs.torproject.org/16649 Mobile users, and other users with small screen pixel ratios, will find that the UI of BridgeDB's HTTPS Distributor has greatly increased in usability and readability. And includes the following general changes: * FIXES an error when requesting the non-HTML version of the bridges page (e.g. https://bridges.torproject.org/bridges?format=plain) * REMOVES the `bridgedb test` commandline option. BridgeDB's tests can be run via `python setup.py test` or `make test` (or `make coverage` for generating HTML test coverage statistics). * CHANGES the HTTPS Distributor to HTML-encode Bridge Lines. Previously, a malicious Pluggable Transport Bridge could include in its PT arguments something like "evil=<script>[â]</script>" and if such a Bridge were to be distributed to a user, that user's web browser would execute the script (if Javacript was enabled). Other characters, including non-ASCII, control characters, double quotes, and backslashes, are also sanitised from Bridge Lines. Thanks to Robert Ransom for the patches. * CHANGES BridgeDB's module/package version numbers to be compliant with PEP440. * CHANGES the layout of BridgeDB's source code directories. Rather than storing BridgeDB's source in "lib/bridgedb/", it is now kept in "bridgedb/". Similarly, the directory containing BridgeDB's tests has been moved from "lib/bridgedb/test/" to "test/", which means that the tests are no longer installed when running `python setup.py install` or `make install`. * ADDS several improvements to the developer documentation at https://pythonhosted.org/bridgedb. * UPDATE English (en_US) translations. * UPDATE English (en) translations. * ADD Serbian (sr) translations. Thanks to obj.petit.a, Ivan Radeljic, and Milenko Doder. * UPDATE Arabic (ar) translations. Thanks to A. Hassan, debo debo, KACIMI LAMINE, and Nudroid A. * UPDATE Catalan (ca) translations. Thanks to laia_. * UPDATE Czech (cs) translations. Thanks to Tomas Palik and Vlastimil BuriÃn. * UPDATE Danish (da) translations. Thanks to Mogelbjerg. * UPDATE German (de) translations. Thanks to jschfr, Junge Limba, and Toralf FÃrster. * UPDATE English (en_GB) translations. Thanks to Andi Chandler. * UPDATE Farsi (fa) translations. Thanks to some awesome anonymous person for helping out. * UPDATE Finish (fi) translations. Thanks to Riku Viitanen. * UPDATE French (fr) translations. Thanks to elouann, Trans-fr, and Towinet. * UPDATE French (fr_CA) translations. Thanks to Trans-fr. * UPDATE Croatian (hr_HR) translations. Thanks to some awesome anonymous person for helping out. * UPDATE Hungarian (hu) translations. Thanks to some awesome anonymous person for helping out. * UPDATE Indonesian (id) translations. Thanks to Anthony Santana, Astryd Viandila Dahlan, cholif yulian, constantius damar wicaksono, Dwi Cahyono, L1Nus, km242saya, and Zamani Karmana. * UPDATE Italian (it) translations. Thanks to Random_R. * UPDATE Japanese (ja) translations. Thanks to ABE Tsunehiko. * UPDATE Latvian (lv) translations. Thanks to OjÄrs Balcers. * UPDATE Norwegian BokmÃl (nb) translations. Thanks to Erik Matson and Kristian Andre Henriksen. * UPDATE Dutch (nl) translations. Thanks to Mart3000. * UPDATE Polish (pl) translations. Thanks to Karol Obartuch. * UPDATE Portuguese (pt) translations. Thanks to Bruno D. Rodrigues and MMSRS. * UPDATE Brazillian Portuguese (pt_BR) translations. Thanks to Communia. * UPDATE Romanian (ro) translations. Thanks to Ana, axel_89, and Di N. * UPDATE Russian (ru) translations. Thanks to Ivan. * UPDATE Slovak (sk_SK) translations. Thanks to StefanH. * UPDATE Albanian (sq) translations. Thanks to some awesome unknown anonymous person who didn't add their name to the list of translators. * UPDATE Swedish (sv) translations. Thanks to Peter Michanek. * UPDATE Turkish (tr) translations. Thanks to Bullgeschichte and Fomas. * UPDATE Ukranian (uk) translations. Thanks to Yasha. * UPDATE Chinese Mandarin (zh_CN) translations. Thanks to khi. * UPDATE Taiwanese Mandarin (zh_TW) translations. Thanks to x4r. -- ââ isis agora lovecruft _________________________________________________________ OpenPGP: 4096R/0A6A58A14B5946ABDE18E207A3ADB67A2CDB8B35 Current Keys: https://blog.patternsinthevoid.net/isis.txt
Attachment:
signature.asc
Description: Digital signature
_______________________________________________ tor-dev mailing list tor-dev@xxxxxxxxxxxxxxxxxxxx https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev