File: ChangeLog

package info (click to toggle)
flashproxy 1.7-4
  • links: PTS, VCS
  • area: main
  • in suites: bullseye, buster, sid, stretch
  • size: 936 kB
  • ctags: 876
  • sloc: python: 3,708; sh: 823; makefile: 246; lisp: 15
file content (296 lines) | stat: -rw-r--r-- 13,510 bytes parent folder | download | duplicates (2)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
Changes in version 1.7
  o Made the badge color reflect what's going on when it encounters a
    network error and tries to reconnect. Fixes bug 11400.

  o Renamed facilitator programs:
      facilitator              → fp-facilitator
      facilitator.cgi          → fp-registrar.cgi
      facilitator-email-poller → fp-registrar-email
      facilitator-reg          → fp-reg-decrypt
      facilitator-reg-daemon   → fp-reg-decryptd

  o Fixed a bug in the browser proxy which caused it to stop accepting
    new connections once it had failed 5 previous connections.

  o Updated the Tor Browser detection for the Firefox 24.0 User-Agent
    string. Patch by Arlo Breault. Fixes bug 11290.

Changes in version 1.6
  o Allowed the --port-forwarding option to work when the remote port
    number is given as 0.

  o Fixed registration on Mac OS X when the REMOTE address had an empty
    host part. A specification of ":9000", for example, would try to
    register "[]:9000".

  o Fixed registration on Windows with flashproxy-reg-appspot and
    flashproxy-reg-email. The certificate pinning code used a Python
    NamedTemporaryFile, which is not reopenable on Windows.

Changes in version 1.5
  o Add manpages for the facilitator and nodejs proxy, automatically
    generated by help2man.

  o Have nodejs flashproxy take GNU-style long command-line options.

  o Automate much of the configuration tasks involved in installing the
    facilitator using GNU autotools. See facilitator/INSTALL for details
    on the new process. Also move some common code here into the common
    python module. Patch by Ximin Luo. Fixes bug 9974.

  o Move common code to a separate flashproxy-common python module. Also
    split out some build scripts so distro packagers have an easier
    time. Patch by Ximin Luo. Fixes bug 6810.

  o Enabled binary frames (avoiding the overhead of base64 encoding) for
    Firefox 11 and later. Patch by Arlo Breault. Fixes bug 9069.

  o Removed a Python 2.7–dependent reference in flashproxy-reg-appspot.

Changes in version 1.4
  o Allowed websocket-server to gracefully handle SIGTERM.

  o Makefiles that install now obey DESTDIR to install relative to a
    different root.

  o Added a new observed Google public key pin for flashproxy-reg-email.

  o New --transport options in the client programs allow you to inform
    the facilitator that you want to receive connections of a certain
    kind. Transports other than the default "websocket" are
    experimental. Patch by George Kadianakis and David Fifield. Part of
    bug 9349.

  o Proxies now send a list of transport protocols they support
    (currently only "websocket"). This will allow the facilitator to
    assign proxies to clients that use matching transports. Patch by
    George Kadianakis. Part of bug 9349.

  o Allowed the facilitator to handle layered transports. For example, a
    client that register with the transport "obfs3|websocket" will
    receive a connection from a proxy using websocket, and will be
    connected to a relay that has an obfs3 server behind a websocket
    front end. Patch by Ximin Luo and George Kadianakis. Fixes bug 9349.

  o Changed to use the pluggable transport method name "flashproxy"
    rather than "websocket". Both names are equivalent and "websocket"
    continues to work. The reason for this change is to reduce confusion
    with a transport that simply makes a WebSocket connection to a
    "websocket" bridge, without receiving an inbound connection from a
    flash proxy. The default argument to the --transport option
    continues to be "websocket", because that option controls which
    particular protocol flash proxies should use to connect to you, and
    is distinct from the transport method name used by Tor.

  o Rearranged some files in the source tree. Facilitator documentation
    is now under facilitator/doc. The App Engine source code is under
    facilitator/appengine. The directory containing other ways to use
    the proxy moved from modules to proxy/modules. Patch by Ximin Luo.
    Fixes bug 9668.

Changes in version 1.3
  o Added a new observed Google public key pin.

Changes in version 1.2
  o The facilitator daemons have a --privdrop-user option that causes
    them to change to another user ID after reading keys and opening log
    files. facilitator-howto.txt shows how to configure them to use an
    unprivileged facilitator-nobody user. Patch by Alexandre Allaire and
    David Fifield. Fixes bug 8424.

  o Proxies now send the list of clients they are currently serving in
    their facilitator polling requests. This is meant to enable the
    facilitator to estimate the level of service each client is getting.
    Proxies send a protocol revision number "r=1" to signify the change.

  o The managed transport method name "flashproxy" is now recognized as
    a synonym for "websocket".

  o The badge localization now understands language subtags such as
    "ru-RU". Fixes bug 8828.

  o Language tags for badge localization are now case-insensitive.
    Patch by Eduardo Stalinho. Fixes bug 8829.

  o The badge localization is taken from the JavaScript property
    window.navigator.language when possible. Patch by Arlo Breault.
    Fixes bug 8827.

  o Proxies now attempt to connect to the client first, and only connect
    to the relay after the client connection is successful. This is
    meant to reduce the number of connections to the relay when clients
    haven't set up port forwarding. Introduced bug 9009, later fixed. 

  o A proxy no longer contacts the facilitator when it is given the
    "client" and "relay" parameters. It serves the one given client and
    then stops. Patch by Arlo Breault. Fixes bug 9006.

  o facilitator-email-poller ignores messages received a long time ago.
    This is to fix the situation where facilitator-email-poller stops
    running for some reason, comes back after some hours, and then
    flushes a lot of no-longer-relevant registrations out to proxies.
    Patch by Sukhbir Singh and David Fifield. Fixes bug 8285.

  o New --port-forwarding and friends options enable flashproxy-client
    to invoke tor-fw-helper to forward ports automatically. Patch by
    Arlo Breault and David Fifield. Fixes bug 9033.

  o The flash proxy, in debug mode, now hides potentially sensistive
    information like IP addresses. Patch by Arlo Breault. Fixes bug
    9170.

  o The new modules/nodejs allows running a standalone flash proxy
    (outside a browser) under Node.js. Patch by Arlo Breault. Fixes bug
    7944.

  o Registration helpers have a new --unsafe-logging option and helpers
    don't log IP addresses by default. Patch by Arlo Breault. Fixes bug
    9185.

  o Certificate pins now match against the public keys of intermediate
    certificates, not only those of leaves. This will help with
    flashproxy-reg-appspot, whose leaf key was often changing. It also
    allows us to copy pin digests directly from the Chromium source
    code. Patch by David Fifield. Fixes bug 9167.

Changes in version 1.1
  o Programs that use certificate pins now take a --disable-pin option
    that causes pins to be ignored.

Changes in version 1.0
  o The facilitator runs on a new domain name fp-facilitator.org. Fixes
    bug 7160.

  o Fixed badge rendering for a certain combination of Chrome and
    AdBlock Plus. Patch by Arlo Breault. Fixes bug 8300.

  o websocket-server sends the new TRANSPORT command of the extended OR
    port protocol to identify incoming connections as websocket.

  o There is now a 10-second HTTP request timeout in websocket-server.
    Fixes bug 8626.

  o The new --facilitator-pubkey option of flashproxy-client lets you
    configure a different facilitator public key, if you're using one
    other than the one at fp-facilitator.org. Patch by Arlo Breault.
    Fixes bug 8800.

  o The badge now has a "lang" parameter for localization. Translations
    exist for en, de, and ru. Patch by Peter Bourgelais.

  o Made facilitator-email-poller reconnect after some SSL and socket
    errors. Patch by Alexandre Allaire and David Fifield. Fixes bug
    8284.

  o Added flashproxy-reg-url to the py2exe instructions in setup.py;
    this lack meant that flashproxy-reg-url was missing from Windows
    bundles. Patch by Arlo Breault. Fixes bug 8840.

  o Enabled HTTP Strict Transport Security (HSTS) on the facilitator.
    Patch by Eduardo Stalinho. Fixes bug 8772.

  o Added a new "appspot" registration method, which is now the first
    registration method tried, ahead of "email". "appspot" sends
    registrations through Google App Engine. Patch by Arlo Breault and
    David Fifield. Fixes bug 8860.

Changes in version 0.12
  o The new flashproxy-reg-url program prints a URL which, when
    requested, causes an address to be registered with the facilitator.
    You can use this program if the other registration methods are
    blocked: pass the URL to a third party and ask them to request it.
    Patch by Alexandre Allaire. Fixes bug 7559.

  o The new websocket-server program is the server transport plugin that
    flash proxies talk to. It replaces the third-party websockify
    program that was used formerly. It works as a managed proxy and
    supports the extended ORPort protocol. Fixes bug 7620.

  o Added a line of JavaScript that you can use to put a proxy badge on
    MediaWiki sites that allow custom JavaScript. Follow the
    instructions in modules/mediawiki/custom.js. Contributed by
    Sathyanarayanan Gunasekaran.

  o Make flashproxy-client ignore errors in opening listeners, as long
    as at least one local and one remote listener can be opened. A user
    reported a problem with listening on IPv6, while being able to
    listen on IPv4. Fixes bug 8319.

  o The facilitator now returns a check-back-in parameter in its
    response, telling proxies how often to poll. Fixes bug 8171. Patch
    by Alexandre Allaire.

  o Updated the Tor Browser check to match the behavior of new Tor
    Browsers. Patch by Alexandre Allaire and Arlo Breault. Fixes bug
    8434.

Changes in version 0.11
  o Added -4 and -6 options to flashproxy-client and
    flashproxy-reg-http. (The options already existed in
    flashproxy-reg-email.) These options cause registrations helpers to
    use IPv4 or IPv6 only. Fixes bug 7622. Patch by Jorge Couchet.

  o The facilitator now gives only IPv4 clients to proxies requesting
    over IPv4, and IPv6 clients to proxies requesting over IPv6. This is
    to avoid the situation where an IPv4-only proxy is given an IPv6
    address it cannot connect to. Fixes bug 6124. Patch by Jorge Couchet
    and David Fifield.

  o The proxy now accepts a cookierequired parameter that controls
    whether users have to explicitly state their desire to be a proxy.
    The page at http://crypto.stanford.edu/flashproxy/options.html
    allows changing user preference.

  o Proxies now poll for clients every 60 seconds rather than 10
    seconds, and do not begin to poll immediately upon beginning to run.

  o There are new alpha Tor Browser Bundles for download at
    https://people.torproject.org/~dcf/flashproxy/.

Changes in version 0.10
  o Fixed a bug in flashproxy-client that made it susceptible to a
    denial of service (program crash) when receiving large WebSocket
    messages made up of many small fragmented frames.

  o Made the facilitator hand out more proxies by default, reducing a
    client's need to re-register.

Changes in version 0.9
  o There are executable Windows packages of the client programs, so
    that the programs can be run without Python being installed. Fixes
    bug 7283. Alexandre Allaire and David Fifield.

  o There are now man pages for the client programs (flashproxy-client,
    flashproxy-reg-email, and flashproxy-reg-http). Fixes bug 6453.
    Alexandre Allaire.

  o The proxy now tries to determine whether it is running in Tor
    Browser, and disables itself if so. Fixes bug 6293. Patch by Jorge
    Couchet.

Changes in version 0.8
  o flashproxy-client now operates as a managed proxy by default. This
    means that there is no longer a need to start flashproxy-client
    separately from Tor. Use a "ClientTransportPlugin websocket exec"
    line as in the included torrc. To use flashproxy-client as an
    external proxy (the way it worked before), use the --external
    option. Fixes bug 7016.

  o The proxy badge does more intelligent parsing of the boolean "debug"
    parameter. "0", "false", and other values are now interpreted as
    false and do not activate debug mode. Formerly any non-empty value
    was interpreted as true. Fixes bug 7110. Patch by Alexandre Allaire.

  o Fixed a runtime error in flashproxy-client on Windows:
    AttributeError: 'module' object has no attribute 'IPPROTO_IPV6'
    Fixes bug 7147. Patch by Alexandre Allaire.

  o Fixed an exception that happened in Windows in flashproxy-reg-email
    in reading the trusted CA list. The exception message was:
      Failed to register: [Errno 185090050] _ssl.c:340: error:0B084002:x509 certificate routines:X509_load_cert_crl_file:system lib
    Fixes bug 7271. Patch by Alexandre Allaire.

  o Fixed an exception that happened on Windows in flashproxy-client,
    relating to the use of nonblocking sockets:
      Socket error writing to local: '[Errno 10035] A non-blocking socket operation could not be completed immediately'
    Fixes bug 7272. Patch by Alexandre Allaire.