Commit Graph

4386 Commits

Author SHA1 Message Date
Karsten Loesing
c14c662758 Update geoip and geoip6 to the June 7 2016 database. 2016-06-12 11:35:50 +02:00
Nick Mathewson
ada5668c5e Merge remote-tracking branch 'public/bug19203_027' into maint-0.2.8 2016-06-11 10:16:00 -04:00
Nick Mathewson
6eeedc02d8 Use directory_must_use_begindir to predict we'll surely use begindir
Previously, we used !directory_fetches_from_authorities() to predict
that we would tunnel connections.  But the rules have changed
somewhat over the course of 0.2.8
2016-06-02 10:40:39 -04:00
Nick Mathewson
a32ca313c4 Merge branch 'maint-0.2.7' into maint-0.2.8 2016-06-02 10:12:56 -04:00
Nick Mathewson
5854b19816 Use tor_sscanf, not sscanf, in test_util.c.
Fixes the 0.2.7 case of bug #19213, which prevented mingw64 from
working.
2016-06-02 10:11:29 -04:00
Nick Mathewson
bdc59e33c1 Fix a warning on unnamed nodes in node_get_by_nickname().
There was a > that should have been an ==, and a missing !.  These
together prevented us from issuing a warning in the case that a
nickname matched an Unnamed node only.

Fixes bug 19203; bugfix on 0.2.3.1-alpha.
2016-05-30 12:03:03 -04:00
Nick Mathewson
36b2b48308 Merge branch 'bug18668_028' into maint-0.2.8 2016-05-25 16:58:43 -04:00
Nick Mathewson
6d375f17fc Merge branch 'bug19161_028_v2' into maint-0.2.8 2016-05-25 10:17:26 -04:00
Nick Mathewson
fdfc528f85 Merge branch 'bug19152_024_v2' into maint-0.2.8 2016-05-25 09:26:45 -04:00
Nick Mathewson
c4c4380a5e Fix a dangling pointer issue in our RSA keygen code
If OpenSSL fails to generate an RSA key, do not retain a dangling
pointer to the previous (uninitialized) key value. The impact here
should be limited to a difficult-to-trigger crash, if OpenSSL is
running an engine that makes key generation failures possible, or if
OpenSSL runs out of memory. Fixes bug 19152; bugfix on
0.2.1.10-alpha. Found by Yuan Jochen Kang, Suman Jana, and Baishakhi
Ray.

This is potentially scary stuff, so let me walk through my analysis.
I think this is a bug, and a backport candidate, but not remotely
triggerable in any useful way.

Observation 1a:

Looking over the OpenSSL code here, the only way we can really fail in
the non-engine case is if malloc() fails.  But if malloc() is failing,
then tor_malloc() calls should be tor_asserting -- the only way that an
attacker could do an exploit here would be to figure out some way to
make malloc() fail when openssl does it, but work whenever Tor does it.

(Also ordinary malloc() doesn't fail on platforms like Linux that
overcommit.)

Observation 1b:

Although engines are _allowed_ to fail in extra ways, I can't find much
evidence online  that they actually _do_ fail in practice. More evidence
would be nice, though.

Observation 2:

We don't call crypto_pk_generate*() all that often, and we don't do it
in response to external inputs. The only way to get it to happen
remotely would be by causing a hidden service to build new introduction
points.

Observation 3a:

So, let's assume that both of the above observations are wrong, and the
attacker can make us generate a crypto_pk_env_t with a dangling pointer
in its 'key' field, and not immediately crash.

This dangling pointer will point to what used to be an RSA structure,
with the fields all set to NULL.  Actually using this RSA structure,
before the memory is reused for anything else, will cause a crash.

In nearly every function where we call crypto_pk_generate*(), we quickly
use the RSA key pointer -- either to sign something, or to encode the
key, or to free the key.  The only exception is when we generate an
intro key in rend_consider_services_intro_points().  In that case, we
don't actually use the key until the intro circuit is opened -- at which
point we encode it, and use it to sign an introduction request.

So in order to exploit this bug to do anything besides crash Tor, the
attacker needs to make sure that by the time the introduction circuit
completes, either:
  * the e, d, and n BNs look valid, and at least one of the other BNs is
    still NULL.
OR
  * all 8 of the BNs must look valid.

To look like a valid BN, *they* all need to have their 'top' index plus
their 'd' pointer indicate an addressable region in memory.

So actually getting useful data of of this, rather than a crash, is
going to be pretty damn hard.  You'd have to force an introduction point
to be created (or wait for one to be created), and force that particular
crypto_pk_generate*() to fail, and then arrange for the memory that the
RSA points to to in turn point to 3...8 valid BNs, all by the time the
introduction circuit completes.

Naturally, the signature won't check as valid [*], so the intro point
will reject the ESTABLISH_INTRO cell.  So you need to _be_ the
introduction point, or you don't actually see this information.

[*] Okay, so if you could somehow make the 'rsa' pointer point to a
different valid RSA key, then you'd get a valid signature of an
ESTABLISH_INTRO cell using a key that was supposed to be used for
something else ... but nothing else looks like that, so you can't use
that signature elsewhere.

Observation 3b:

Your best bet as an attacker would be to make the dangling RSA pointer
actually contain a fake method, with a fake RSA_private_encrypt
function that actually pointed to code you wanted to execute.  You'd
still need to transit 3 or 4 pointers deep though in order to make that
work.

Conclusion:

By 1, you probably can't trigger this without Tor crashing from OOM.

By 2, you probably can't trigger this reliably.

By 3, even if I'm wrong about 1 and 2, you have to jump through a pretty
big array of hoops in order to get any kind of data leak or code
execution.

So I'm calling it a bug, but not a security hole. Still worth
patching.
2016-05-25 09:23:57 -04:00
Nick Mathewson
6abceca182 Merge branch 'memarea_overflow_027_squashed' into maint-0.2.8 2016-05-25 09:22:02 -04:00
Nick Mathewson
be2d37ad3c Fix a pointer arithmetic bug in memarea_alloc()
Fortunately, the arithmetic cannot actually overflow, so long as we
*always* check for the size of potentially hostile input before
copying it.  I think we do, though.  We do check each line against
MAX_LINE_LENGTH, and each object name or object against
MAX_UNPARSED_OBJECT_SIZE, both of which are 128k.  So to get this
overflow, we need to have our memarea allocated way way too high up
in RAM, which most allocators won't actually do.

Bugfix on 0.2.1.1-alpha, where memarea was introduced.

Found by Guido Vranken.
2016-05-25 09:20:37 -04:00
Nick Mathewson
be3875cda2 Make sure that libscrypt_scrypt actually exists before using it.
Previously, if the header was present, we'd proceed even if the
function wasn't there.

Easy fix for bug 19161.  A better fix would involve trying harder to
find libscrypt_scrypt.
2016-05-24 10:31:02 -04:00
Nick Mathewson
dd17df2253 lintchanges on 18809, and fix the bug number 2016-05-19 08:54:19 -04:00
Nick Mathewson
7c7d990704 changelog typo fix 2016-05-19 08:29:45 -04:00
Nick Mathewson
9f217c83b0 Merge branch 'bug18809_028_squashed' into maint-0.2.8 2016-05-19 08:17:02 -04:00
teor (Tim Wilson-Brown)
8dc8d71226 Changes file for bug 18809 2016-05-19 07:58:40 -04:00
Nick Mathewson
3f49474349 Merge branch 'bug17150_027_extra' into maint-0.2.8 2016-05-17 19:47:22 -04:00
Nick Mathewson
49ff09aef2 Fix another, more subtle, case of bug 17150.
We need to make sure that the corresponding sd and ei match in their
certificates.
2016-05-17 13:16:36 -04:00
Nick Mathewson
7d1eb0d570 When making sure digest256 matches in ei, look at sd, not ri.
The routerinfo we pass to routerinfo_incompatible_with_extrainfo is
the latest routerinfo for the relay.  The signed_descriptor_t, on
the other hand, is the signed_descriptor_t that corresponds to the
extrainfo.  That means we should be checking the digest256 match
with that signed_descriptor_t, not with the routerinfo.

Fixes bug 17150 (and 19017); bugfix on 0.2.7.2-alpha.
2016-05-17 12:57:03 -04:00
Nick Mathewson
d6a2fec05e Merge branch 'bug18616-v4-merged_028' into maint-0.2.8 2016-05-17 11:09:54 -04:00
Nick Mathewson
ff5eb7fc62 Fix remaining lintChanges warnings. 2016-05-17 11:06:41 -04:00
Nick Mathewson
e0fb75c349 Resolve lintChanges warnings. 2016-05-17 11:05:57 -04:00
Nick Mathewson
548d14247e Merge remote-tracking branch 'arma/bug18616-v4' into maint-0.2.8 2016-05-17 10:48:12 -04:00
Roger Dingledine
06031b441e touchups and refactorings on bug 18616 branch
no behavior changes
2016-05-16 17:43:47 -04:00
Nick Mathewson
0f9b0b8bfe Initialize networking _before_ initializing libevent in the tests
This prevents WSANOTINITIALISED errors and fixes bug 18668. Bugfix
on 0.2.8.1-alpha -- 1bac468882 specifically.
2016-05-16 14:30:04 -04:00
Nick Mathewson
e8cc9f3edf Merge branch 'maint-0.2.7' into maint-0.2.8 2016-05-12 15:33:47 -04:00
Nick Mathewson
4165b1a0da Merge branch 'bug18977_026_v2' into maint-0.2.7 2016-05-12 15:33:35 -04:00
Nick Mathewson
20b01cece8 Merge branch 'bug18977_024_v2' into bug18977_026_v2
Had conflicts related to other correct_tm bugs in 0.2.6.  Added wday
for another case.
2016-05-12 14:39:06 -04:00
Nick Mathewson
e57f26c135 Have correct_tm set tm_wday as well.
The tm_wday field had been left uninitialized, which was causing
some assertions to fail on Windows unit tests.

Fixes bug 18977.
2016-05-12 14:37:27 -04:00
Nick Mathewson
ce6f2d1c4d Merge remote-tracking branch 'arma/bug19003-try2' into maint-0.2.8 2016-05-12 11:09:33 -04:00
Roger Dingledine
4a62d7aabc minor touchups on nick's ticket 17621 changes 2016-05-11 16:35:36 -04:00
Nick Mathewson
af4b7d0405 Document the contents of $datadir/keys
Ticket 17621.
2016-05-11 14:03:34 -04:00
Nick Mathewson
8d962233f6 Merge remote-tracking branch 'teor/bug18816_simplify' into maint-0.2.8 2016-05-11 13:20:51 -04:00
Nick Mathewson
24fbb9a81b Merge branch 'maint-0.2.7' into maint-0.2.8 2016-05-11 13:15:17 -04:00
Nick Mathewson
4e94580591 Merge remote-tracking branch 'special/bug19032-027' into maint-0.2.7 2016-05-11 13:13:23 -04:00
John Brooks
bf3e32a452 Fix out-of-bounds write during voting with duplicate ed25519 keys
In dirserv_compute_performance_thresholds, we allocate arrays based
on the length of 'routers', a list of routerinfo_t, but loop over
the nodelist. The 'routers' list may be shorter when relays were
filtered by routers_make_ed_keys_unique, leading to an out-of-bounds
write on directory authorities.

This bug was originally introduced in 26e89742, but it doesn't look
possible to trigger until routers_make_ed_keys_unique was introduced
in 13a31e72.

Fixes bug 19032; bugfix on tor 0.2.8.2-alpha.
2016-05-11 13:11:03 -04:00
teor (Tim Wilson-Brown)
2cbad2aac7
Revert "Switch between fallback and authority when auth cert fetch fails"
This reverts commit 92d7ee08b8.
2016-05-11 13:06:13 -04:00
Nick Mathewson
28e1aa1118 Merge branch 'bug18761_028_squashed' into maint-0.2.8 2016-05-11 12:36:27 -04:00
Nick Mathewson
b59d79134e Log find_rp_for_intro_() failures at LOG_PROTOCOL_WARN.
Closes ticket 18761.

Also fix a whitespace issue.
2016-05-11 12:36:19 -04:00
Nick Mathewson
e71dfb6344 Merge remote-tracking branch 'teor/bug18816-squashed' into maint-0.2.8 2016-05-11 12:28:37 -04:00
Nick Mathewson
50249c7cd9 Merge branch 'maint-0.2.7' into maint-0.2.8 2016-05-11 12:23:20 -04:00
Nick Mathewson
039fc8427a Merge branch 'bug18841_1_025' into maint-0.2.7 2016-05-11 12:22:36 -04:00
Nick Mathewson
c662bef455 Undefine _FORTIFY_SOURCE before defining it.
This makes our compilation options checks in autoconf work better on
systems that already define _FORTIFY_SOURCE.

Fixes at least one case of bug 18841; bugfix on 0.2.3.17-beta. Patch
from "trudokal".
2016-05-11 12:15:37 -04:00
teor (Tim Wilson-Brown)
92d7ee08b8
Switch between fallback and authority when auth cert fetch fails 2016-05-10 11:25:55 -04:00
teor (Tim Wilson-Brown)
64b948f5fa
Use the consensus download schedule for authority certificates
Previously, we were using the generic schedule for some downloads,
and the consensus schedule for others.

Resolves ticket 18816; fix on fddb814fe in 0.2.4.13-alpha.
2016-05-10 11:25:50 -04:00
Nick Mathewson
5cd5979132 Merge branch 'maint-0.2.7' into maint-0.2.8 2016-05-09 18:14:44 -04:00
Nick Mathewson
85c698da72 Add "-c 1" to ping6 in test-network-all
Fixes bug 19008. bugfix on 0.2.7.3-rc
2016-05-09 18:12:59 -04:00
Nick Mathewson
55cf1970bc Merge branch 'maint-0.2.7' into maint-0.2.8 2016-05-09 14:59:18 -04:00
Nick Mathewson
7fe80c2905 Merge branch 'maint-0.2.6' into maint-0.2.7 2016-05-09 14:56:56 -04:00
Nick Mathewson
0b477bfd55 Merge branch 'maint-0.2.5' into maint-0.2.6 2016-05-09 14:55:45 -04:00
Nick Mathewson
368146370b Merge branch 'maint-0.2.4' into maint-0.2.5 2016-05-09 14:55:22 -04:00
teor (Tim Wilson-Brown)
c2817774c2
Allow directories in small networks to bootstrap
Skip DirPort checks when the consensus has no exits.

Resolves #19003, bugfix on #18050 in 0.2.8.1-alpha.
2016-05-09 14:29:07 -04:00
Karsten Loesing
3c2d4611ce Update geoip and geoip6 to the May 4 2016 database. 2016-05-09 17:51:15 +02:00
Nick Mathewson
68d913c49c Merge branch 'feature18483-028-v2-squashed' into maint-0.2.8 2016-05-05 08:16:36 -04:00
teor (Tim Wilson-Brown)
833b5f71a7 Make clients always use begindir for directory requests
This improves client anonymity and avoids directory header tampering.
The extra load on the authorities should be offset by the fallback
directories feature.

This also simplifies the fixes to #18809.
2016-05-05 08:16:28 -04:00
teor (Tim Wilson-Brown)
2e5b35db81
Make directory node selection more reliable
Delete an unnecessary check for non-preferred IP versions.

Allows clients which can't reach any directories of their
preferred IP address version to get directory documents.

Patch on #17840 in 0.2.8.1-alpha.
2016-05-05 11:54:53 +10:00
Nick Mathewson
01e7f42a09 Merge branch 'bug18921_squashed' into maint-0.2.8 2016-05-04 15:23:26 -04:00
teor (Tim Wilson-Brown)
0cf90bac2a Choose the correct address for one-hop connections
After #17840 in 0.2.8.1-alpha, we incorrectly chose an IPv4
address for all DIRIND_ONEHOP directory connections,
even if the routerstatus didn't have an IPv4 address.

This likely affected bridge clients with IPv6 bridges.

Resolves #18921.
2016-05-04 15:23:14 -04:00
Nick Mathewson
60274296c3 Merge branch 'doc18312' into maint-0.2.8 2016-05-04 15:13:07 -04:00
Nick Mathewson
b8e8910d60 Merge branch 'bug18686_025' into maint-0.2.8 2016-05-04 15:12:11 -04:00
Nick Mathewson
c7b9e0b8ed Report success when not terminating an already terminated process.
Also, document the actual behavior and return values of
tor_terminate_process.

Fixes bug18686; bugfix on 0.2.3.9-alpha.
2016-05-04 15:10:36 -04:00
Nick Mathewson
31332a878d Merge branch 'bug18710_025' into maint-0.2.8 2016-05-04 14:47:04 -04:00
Scott Dial
0ca3f495c6 Fix dnsserv.c assertion when no supported questions are requested.
The problem is that "q" is always set on the first iteration even
if the question is not a supported question. This set of "q" is
not necessary, and will be handled after exiting the loop if there
if a supported q->type was found.

    [Changes file by nickm]

lease enter the commit message for your changes. Lines starting
2016-05-04 14:45:09 -04:00
Yawning Angel
8f292f1c33 Fix keccak-tiny portability on exotic platforms.
* SHA-3/SHAKE use little endian for certain things, so byteswap as
   needed.

 * The code was written under the assumption that unaligned access to
   quadwords is allowed, which isn't true particularly on non-Intel.
2016-05-03 16:12:07 -04:00
s0rlxmh0
054d939853 (cherry-picked by nickm, with changes file from isis.) 2016-05-02 14:01:36 -04:00
teor (Tim Wilson-Brown)
d3c60f2bd7 Avoid checking ORPort reachability when the network is disabled
This is consistent with existing DirPort reachability checks.
2016-04-28 12:26:38 +10:00
teor (Tim Wilson-Brown)
2cfcf17cfc Changes file for #18616 2016-04-28 12:26:38 +10:00
Nick Mathewson
92615f608c Do not recommend use of nicknames in MapAddress manpage 2016-04-26 20:30:59 -04:00
teor (Tim Wilson-Brown)
ba7691071e Report fallback directory detail changes when rebuilding list
As well as the existing reports of IPv6 address additions or removals,
the script now warns when keys change but IPv4:ORPort or
IPv6:IPv6ORPort remain the same.

Existing checks for other whitelist detail changes have also
been re-worded and upgraded to warnings.

This makes it easier for changes to be identified so operators can
be contacted to confirm whether the change is stable.
2016-04-26 19:26:22 -04:00
teor (Tim Wilson-Brown)
de5def32a1 Changes for #17158, #17905, #18689, #18749 & April 2016 fallbacks 2016-04-26 19:26:22 -04:00
Nick Mathewson
7babf33239 Merge remote-tracking branch 'public/bug18716_027' into maint-0.2.8 2016-04-12 13:02:02 -04:00
Nick Mathewson
1a065cea46 Do not link tests against both libor.a and libor-testing.a
Also, put libor-testing.a at a better position in the list of
libraries, to avoid linker errors.

This is a fix, or part of a fix, for 18490.

Conflicts:
	src/test/include.am
2016-04-12 02:48:46 +00:00
Nick Mathewson
39c057d45a memarea: Don't assume that sizeof(ulong) >= sizeof(void*).
Fixes bug 18716; bugfix on 0.2.1.1-alpha where memarea.c was
introduced.  Found by wbenny.
2016-04-07 11:10:14 -04:00
David Goulet
40827da3bf Turn TestingClientBootstrap* into non-testing options
This changes simply renames them by removing "Testing" in front of them and
they do not require TestingTorNetwork to be enabled anymore.

Fixes #18481

Signed-off-by: David Goulet <dgoulet@ev0ke.net>
2016-04-07 10:57:59 -04:00
Nick Mathewson
d8a056daed Merge branch 'maint-0.2.7' into maint-0.2.8 2016-04-07 10:46:07 -04:00
Nick Mathewson
ad4ff7a5b9 Merge branch 'maint-0.2.6' into maint-0.2.7 2016-04-07 10:45:46 -04:00
Nick Mathewson
2ce99b9f48 Merge branch 'maint-0.2.5' into maint-0.2.6 2016-04-07 10:45:38 -04:00
Nick Mathewson
34a51d1621 Merge branch 'maint-0.2.4' into maint-0.2.5 2016-04-07 10:45:32 -04:00
Karsten Loesing
97c6e717b9 Update geoip and geoip6 to the April 5 2016 database. 2016-04-07 11:10:09 +02:00
Nick Mathewson
d7a0382ba3 Don't call the system toupper or tolower.
Yes, we could cast to unsigned char first, but it's probably safest
to just use our own (in test_util), or remove bad-idea features that
we don't use (in readpassphrase.c).

Fixes 18728.
2016-04-05 23:22:28 -04:00
Roger Dingledine
d037369e56 quiet debug logs from periodic_event_dispatch()
Stop blasting twelve lines per second from periodic_event_dispatch()
at loglevel debug.

Resolves ticket 18729; fix on 0.2.8.1-alpha.
2016-04-05 23:13:55 -04:00
Yawning Angel
92ae6b9524 Add a changes file for the OpenSSL 1.1.0 compilation fixes. 2016-04-05 10:03:25 -04:00
Nick Mathewson
fdb57db581 Merge branch 'bug18133_027' into maint-0.2.8 2016-04-01 08:17:56 -04:00
Nick Mathewson
e247093e0e Merge remote-tracking branch 'karsten/task-18460-2' into maint-0.2.8 2016-04-01 08:10:58 -04:00
Andrea Shepard
183d465f0e Merge branch 'bug15221_027' into maint-0.2.7 2016-03-30 12:23:42 +00:00
Andrea Shepard
0b45cab147 Merge branch 'bug18570_027' into maint-0.2.7 2016-03-29 15:01:36 +00:00
Andrea Shepard
1218d731d1 Merge branch 'bug16248_027' into maint-0.2.7 2016-03-29 14:33:45 +00:00
Nick Mathewson
f780d196a9 Merge branch 'bug18673_028_v2' into maint-0.2.8 2016-03-28 16:13:39 -04:00
Nick Mathewson
c8eb39d67f Remove a couple of redundant lines from the makefile
Fixes the last case of 17744.
2016-03-28 16:11:25 -04:00
Nick Mathewson
addd181721 Fix memory leak in TestingEnableCellStatsEvent
Only when we were actually flushing the cell stats to a controller
would we free them.  Thus, they could stay in RAM even after the
circuit was freed (eg if we didn't have any controllers).

Fixes bug 18673; bugfix on 0.2.5.1-alpha.
2016-03-28 11:12:15 -04:00
Nick Mathewson
301235fb2a Fold entries into changelog 2016-03-28 09:06:09 -04:00
Nick Mathewson
c4e5296892 Fix memory-counting error in rephist.c. Bug 18651. 2016-03-28 07:39:47 -04:00
Nick Mathewson
049445bca3 Merge branch 'bug18626_027' 2016-03-25 16:28:33 -04:00
Nick Mathewson
db1352703c Remove spurious exit() calls from configure.ac
We added these a while ago, but they do no actual good, and
cause implicit declaration warnings in some situations.  Rather than
just adding stdint.h, it's easier to remove the exit() calls
as redundant.

Fixes bug 18626; bugfix from "cypherpunks"
2016-03-25 16:26:13 -04:00
Karsten Loesing
b79d8590c9 Include IPv6 consensus downloads in dirreq stats.
Fixes #18460.
2016-03-25 20:56:29 +01:00
Nick Mathewson
e50b0b7532 Fold entries into changelog again 2016-03-24 11:13:31 -04:00
Nick Mathewson
6256c61d95 Merge branch 'timegm_overflow_squashed' 2016-03-24 10:18:00 -04:00
teor (Tim Wilson-Brown)
e71e8e005a Avoid overflow in tor_timegm on 32 bit platforms due to year 2038 2016-03-24 10:17:48 -04:00
Nick Mathewson
424af93ded Merge branch 'bug18517_squashed' 2016-03-24 10:14:05 -04:00
teor (Tim Wilson-Brown)
f2153f9716 Always allow OR connections to bridges on private addresses
Regardless of the setting of ExtendAllowPrivateAddresses.

This fixes a bug with pluggable transports that ignore the
(potentially private) address in their bridge line.

Fixes bug 18517; bugfix on 23b088907f in tor-0.2.8.1-alpha.
2016-03-24 10:13:58 -04:00
Nick Mathewson
54559e5845 Merge remote-tracking branch 'teor/bug18351' 2016-03-24 09:33:58 -04:00
Nick Mathewson
ea9472d085 Merge remote-tracking branch 'teor/bug18489' 2016-03-24 09:01:28 -04:00
teor (Tim Wilson-Brown)
b1569e39c8 Check if fallbacks support extrainfo descriptors before requesting them
When requesting extrainfo descriptors from a trusted directory
server, check whether it is an authority or a fallback directory
which supports extrainfo descriptors.

Fixes bug 18489; bugfix on 90f6071d8d in tor-0.2.4.7-alpha.

Reported by "atagar", patch by "teor".
2016-03-24 22:03:58 +11:00
teor (Tim Wilson-Brown)
f2a344e397 Downgrade IP version warnings to avoid filling logs
Downgrade logs and backtraces about IP versions to
info-level. Only log backtraces once each time tor runs.

Assists in diagnosing bug 18351; bugfix on c3cc8e16e in
tor-0.2.8.1-alpha.

Reported by "sysrqb" and "Christian", patch by "teor".
2016-03-24 10:39:23 +11:00
Nick Mathewson
316cfd77ce Fold more changes files into the changelog 2016-03-23 10:31:28 -04:00
Nick Mathewson
ca8423a703 Merge remote-tracking branch 'public/bug18253' 2016-03-22 10:08:50 -04:00
Nick Mathewson
778e8e604d make changes files pass lintChanges as appropriate 2016-03-22 09:59:51 -04:00
Nick Mathewson
6a91cab79c Merge branch 'maint-0.2.7' 2016-03-21 13:26:04 -04:00
Nick Mathewson
e1e62f9d57 Merge branch 'ed25519_voting_fixes_squashed' into maint-0.2.7 2016-03-21 13:25:12 -04:00
Nick Mathewson
fa07c60c67 Fix another case of 17668: Add NoEdConsensus
I had a half-built mechanism to track, during the voting process,
whether the Ed25519 value (or lack thereof) reflected a true
consensus among the authorities.  But we never actually inserted this
field in the consensus.

The key idea here is that we first attempt to match up votes by pairs
of <Ed,RSA>, where <Ed> can be NULL if we're told that there is no
Ed key.  If this succeeds, then we can treat all those votes as 'a
consensus for Ed'.  And we can include all other votes with a
matching RSA key and no statement about Ed keys as being "also about
the same relay."

After that, we look for RSA keys we haven't actually found an entry
for yet, and see if there are enough votes for them, NOT considering
Ed keys.  If there are, we match them as before, but we treat them
as "not a consensus about ed".

When we include an entry in a consensus, if it does not reflect a
consensus about ed keys, then we include a new NoEdConsensus flag on
it.

This is all only for consensus method 22 or later.

Also see corresponding dir-spec patch.
2016-03-21 13:24:09 -04:00
Nick Mathewson
13a31e72db Never vote for an ed key twice.
When generating a vote, and we have two routerinfos with the same ed
key, omit the one published earlier.

This was supposed to have been solved by key pinning, but when I
made key pinning optional, I didn't realize that this would jump up
and bite us.  It is part of bug 18318, and the root cause of 17668.
2016-03-21 13:23:32 -04:00
Nick Mathewson
c20e34e189 Fix log message subjects in networkstatus_parse_vote_from_string()
Some of these messages called the thing being parsed a "vote" whether
it is a vote or a consensus.

Fixes bug 18368.
2016-03-21 13:23:32 -04:00
Nick Mathewson
c83bcc3584 punctuate changes file better 2016-03-21 12:37:10 -04:00
Nick Mathewson
233180a9ab Merge remote-tracking branch 'public/bug18548' 2016-03-21 12:36:41 -04:00
Nick Mathewson
005a20ec85 Log a better message when OfflineMasterKey is set.
Fixes bug 18133; bugfix on 0.2.7.2-alpha.
2016-03-21 11:57:23 -04:00
Nick Mathewson
d567796946 Merge remote-tracking branch 'public/bug17443_v2' 2016-03-21 11:21:31 -04:00
Nick Mathewson
4bb432f633 Sort changes files into changelog. 2016-03-21 11:18:15 -04:00
Nick Mathewson
52bc921402 Fix (most) lintChanges warnings on master. 2016-03-21 11:14:57 -04:00
Nick Mathewson
3a547076b6 Merge branch 'maint-0.2.7' 2016-03-21 11:01:47 -04:00
Nick Mathewson
920e3d6a19 a couple more changes files issues. 2016-03-21 11:00:50 -04:00
Nick Mathewson
ee08f22489 Fix some warnings from lintchanges. 2016-03-21 10:58:29 -04:00
Nick Mathewson
ddd30f966a Merge remote-tracking branch 'arma/ticket18332-try3' 2016-03-21 10:41:23 -04:00
Nick Mathewson
70024ea6c4 changes file for 18600 2016-03-21 10:33:58 -04:00
Nick Mathewson
cb3f9bc2d4 Merge branch 'bug18570_027' 2016-03-21 10:20:16 -04:00
Nick Mathewson
72ebf41604 changes file for bug18570 2016-03-21 10:19:07 -04:00
Roger Dingledine
e28448a23e Bridges now refuse "rendezvous2" publish attempts
Suggested during review of ticket 18332.
2016-03-16 16:46:14 -04:00
Nick Mathewson
368825ff45 Sandbox: Don't preseed getaddrinfo(gethostname()) in client mode.
If we're a server with no address configured, resolve_my_hostname
will need this.  But not otherwise.  And the preseeding itself can
consume a few seconds if like tails we have no resolvers.

Fixes bug 18548.
2016-03-15 11:19:59 -04:00
Nick Mathewson
c9899ee640 Merge remote-tracking branch 'weasel/bug18458' 2016-03-15 09:18:24 -04:00
Nick Mathewson
4b02af452d Merge branch 'bug15221_027' 2016-03-14 14:10:47 -04:00
Nick Mathewson
f930824914 Changes file for bug18253 2016-03-14 14:09:43 -04:00
Nick Mathewson
725e0c76e3 Permit setrlimit, prlimit, prlimit64 calls.
We call setrlimit under some circumstances, and it can call prlimit
and prlimit64 under the hood.

Fixes bug 15221.
2016-03-14 13:21:16 -04:00
Nick Mathewson
a64be7eaa9 Merge remote-tracking branch 'public/bug16248_027' 2016-03-14 12:53:57 -04:00
David Goulet
d8b93b31a0 hs: Do not close desc fetch conn. if we can't pick an HSDir
Launching 7 descriptor fetches makes a connection to each HSDir that is 6
and the seventh one fails to pick an HSDir because they are all being used
already so it was killing all pending connections at once.

Fixes #15937

Signed-off-by: David Goulet <dgoulet@ev0ke.net>
2016-03-14 11:00:46 -04:00
Roger Dingledine
413b0c0ddb simplify the #18332 changes file based on feedback on ticket 2016-03-11 13:28:51 -05:00
Nick Mathewson
a86f78a9f2 Merge remote-tracking branch 'teor/bug17153' 2016-03-11 11:23:58 -05:00
Nick Mathewson
fe0d346a6d Merge remote-tracking branch 'teor/bug8976_01_028' 2016-03-11 11:11:38 -05:00
Nick Mathewson
91d7cf50c6 Change behavior on missing/present event to warn instead of asserting.
Add a changes file.
2016-03-11 10:50:36 -05:00
Roger Dingledine
e167910fce rip out hid_serv_responsible_for_desc_id()
This simplifies relay behavior, because the relay offers the hsdir
functionality independent of whether the directory authorities have
decided this relay is suitable for clients to use yet.

Implements ticket 18332.
2016-03-11 10:40:31 -05:00
Nick Mathewson
656e23171d Merge remote-tracking branch 'teor/bug18454' 2016-03-11 10:22:41 -05:00
Nick Mathewson
36ac47bd85 Merge remote-tracking branch 'public/bug18204_028' 2016-03-11 10:10:15 -05:00
Nick Mathewson
ef31c8862f Add changes file for 18448; refactor
(I've made it so FreeBSD || FreeBSD_kernel is enough to ensure that
we think you might have ipfw, and so that the logic is all in one
place.)
2016-03-11 10:05:28 -05:00
Nick Mathewson
82df3e70ac Do not link tests against both libor.a and libor-testing.a
Also, put libor-testing.a at a better position in the list of
libraries, to avoid linker errors.

This is a fix, or part of a fix, for 18490.
2016-03-11 09:53:25 -05:00
Nick Mathewson
ffc25bc908 Fedora Core->Fedora; yum->dnf.
Closes 18426 and 18459.
2016-03-11 09:13:33 -05:00
Nick Mathewson
58bcae37a2 Merge branch 'maint-0.2.7' 2016-03-09 10:37:00 -05:00
Nick Mathewson
17cfdb358c Merge branch 'maint-0.2.6' into maint-0.2.7 2016-03-09 10:36:50 -05:00
Nick Mathewson
443dddb749 Merge branch 'maint-0.2.5' into maint-0.2.6 2016-03-09 10:36:35 -05:00
Nick Mathewson
21f9829e79 Merge branch 'maint-0.2.4' into maint-0.2.5 2016-03-09 10:36:20 -05:00
teor (Tim Wilson-Brown)
2627299ef0 Avoid freeing an uninitialised pointer in get_interface_addresses_ioctl 2016-03-04 18:41:49 +01:00
teor (Tim Wilson-Brown)
7275dd4fd1 Add a changes file for bug 8976 2016-03-04 18:31:07 +01:00
Karsten Loesing
8e2640b15a Update geoip and geoip6 to the March 3 2016 database. 2016-03-04 10:56:51 +01:00
Peter Palfrader
3564443351 Add a changes file for #18458 2016-03-01 18:48:57 +01:00
teor (Tim Wilson-Brown)
2120e14009 Allow internal IPv6 addresses in descriptors in private networks 2016-03-01 16:48:16 +01:00
Nick Mathewson
88ad2f5fb2 Merge remote-tracking branch 'teor/bug18123' 2016-02-28 15:40:35 +01:00
teor (Tim Wilson-Brown)
8e103cb2d0 Set EXCLUSIVEADDRUSE on Win32 to avoid a local port-stealing attack 2016-02-26 10:53:57 +01:00
Nick Mathewson
3687526c66 Merge remote-tracking branch 'teor/bug18384' 2016-02-25 13:46:34 -05:00
teor (Tim Wilson-Brown)
b76b9d77d3 Changes file for bug 18384: bugfix on 0f3eeca9 in 0.2.7.2-alpha. 2016-02-25 13:57:04 +08:00
Nick Mathewson
73c433a48a Remove the freelist from memarea.c
This is in accordance with our usual policy against freelists,
now that working allocators are everywhere.

It should also make memarea.c's coverage higher.

I also doubt that this code ever helped performance.
2016-02-24 14:32:09 -05:00
Nick Mathewson
a7f303a481 Merge branch 'maint-0.2.7' 2016-02-23 14:05:54 -05:00
Nick Mathewson
67e5d49d8a Make clang asan work with FORTIFIED_SOURCE again.
Short version: clang asan hates the glibc strcmp macro in
bits/string2.h if you are passing it a constant string argument of
length two or less.  (I could be off by one here, but that's the
basic idea.)

Closes issue 14821.
2016-02-23 14:05:34 -05:00
Nick Mathewson
31c7a65d89 Document required autotools versions
CentOS 6 is roughly the oldest thing we care about developers still
using, and it has autoconf 2.63 / automake 1.11.  These are both
older than openssl 1.0.0, so anybody who can't upgrade past those
probably can't upgrade to a modern openssl either.  And since only
people building from git or editing configure.ac/Makefile.am need to
use autotools, I'm not totally enthused about keeping support for
old ones anyway.

Closes ticket 17732.
2016-02-23 11:08:04 -05:00
Nick Mathewson
d3af4f4e43 Merge remote-tracking branch 'arma/bug16825' 2016-02-23 10:45:39 -05:00
Nick Mathewson
e88686cb2c Merge remote-tracking branch 'teor/bug18348-v2' 2016-02-23 07:36:56 -05:00
Nick Mathewson
48c1c028ca Merge branch 'bug18296_squashed' 2016-02-23 07:32:18 -05:00
Nick Mathewson
21f72990db Simple fix for integer overflow in smartlist_heapify. 2016-02-23 07:31:58 -05:00
Nick Mathewson
bb431ad3df Add a missing free in parsing an :auto port
Fixes bug 18374; bugfix on 0.2.3.3-alpha.
2016-02-22 15:51:43 -05:00
Nick Mathewson
ef42c00cf0 asan does not like TO_CONN(NULL) 2016-02-22 15:45:37 -05:00
Nick Mathewson
a508119169 Update to trunnel 1.4.4 to fix 18373 2016-02-22 14:19:29 -05:00
Nick Mathewson
60efce445b Enable ed25519 collator in voting.
Previously, I had left in some debugging code with /*XXX*/ after it,
which nobody noticed.  Live and learn!  Next time I will use /*XXX
DO NOT COMMIT*/ or something.

We need to define a new consensus method for this; consensus method
21 shouldn't actually be used.

Fixes bug 17702; bugfix on 0.2.7.2-alpha.
2016-02-22 10:07:42 -05:00
Roger Dingledine
c6952f65ef new microdescs mean progress towards bootstrapping
Now, when a user who has set EntryNodes finishes bootstrapping, Tor
automatically repopulates the guard set based on this new directory
information. Fixes bug 16825; bugfix on 0.2.3.1-alpha.
2016-02-22 02:47:57 -05:00
teor (Tim Wilson-Brown)
0ba672a7fd Changes file for bug 18348. 2016-02-21 00:03:56 +11:00
David Goulet
13a8571834 Add onion address to the HS_DESC UPLOADED event
Fixes #16023

Signed-off-by: David Goulet <dgoulet@ev0ke.net>
2016-02-17 15:30:46 -05:00
Nick Mathewson
5cd6c577df Merge branch 'bug17852_revised' 2016-02-16 11:34:06 -05:00
Nick Mathewson
75daeb5c6d changes file for bug17852 2016-02-16 11:33:21 -05:00
Nick Mathewson
a874d66ea9 Handle the case where tor-gencert gets a passphrase with no NL
Closes ticket 17443.
2016-02-12 08:54:09 -05:00
Nick Mathewson
fed8c5199a Merge branch 'check_log_mutex_uncherrypicked' 2016-02-11 13:41:31 -05:00
Nick Mathewson
7788ee43e5 Merge branch 'maint-0.2.7' 2016-02-11 13:04:43 -05:00
Nick Mathewson
be6174f8f6 Merge branch 'maint-0.2.6' into maint-0.2.7 2016-02-11 13:01:46 -05:00
Nick Mathewson
740421af19 Merge branch 'maint-0.2.5' into maint-0.2.6 2016-02-11 13:00:25 -05:00
Nick Mathewson
ce289e2cb5 Merge branch 'maint-0.2.4' into maint-0.2.5 2016-02-11 12:55:40 -05:00
Nick Mathewson
ad95d64fec Merge branch 'bug18162_024' into maint-0.2.4 2016-02-11 12:55:25 -05:00
Nick Mathewson
ba2be81fc3 Merge remote-tracking branch 'teor/feature17840-v11-merged-v2' 2016-02-11 12:20:20 -05:00
Nick Mathewson
bc7a5eeeda Merge remote-tracking branch 'weasel/bug18261' 2016-02-11 12:12:02 -05:00
Nick Mathewson
c0a6c34652 Merge remote-tracking branch 'teor/bug18208' 2016-02-10 16:32:05 -05:00
zerosion
44ea7af686 Quotes added on configure script's string comparison.
Solves #17744

The syntax has been generalized too, so there are only double quotes.

Signed-off-by: zerosion <zerosion@protonmail.ch>
2016-02-10 15:46:39 -05:00
Nick Mathewson
ee75c02691 Merge remote-tracking branch 'andrea/bug18116' 2016-02-10 15:42:11 -05:00
Nick Mathewson
69c47ab5fd Merge remote-tracking branch 'sebastian/bug18242' 2016-02-10 15:38:52 -05:00
Nick Mathewson
4dc8dc4b89 Merge remote-tracking branch 'public/bug18184' 2016-02-10 15:36:48 -05:00
Andrea Shepard
ae0f858602 Properly detach circuits from cmuxes when calling circuit_free_all() on shutdown again 2016-02-10 05:35:03 +00:00
Nick Mathewson
0c4fa4a923 changes file for bug18051 2016-02-08 08:35:43 -05:00
Peter Palfrader
42e131e9ac Fix a segfault during startup
If unix socket was configured as listener (such as a ControlSocket or a
SocksPort unix socket), and tor was started as root but not configured
to switch to another user, tor would segfault while trying to string
compare a NULL value.  Fixes bug 18261; bugfix on 0.2.8.1-alpha. Patch
by weasel.
2016-02-06 22:17:02 +01:00
Nick Mathewson
0f5f6b8a41 Merge remote-tracking branch 'yawning/bug18221' 2016-02-06 15:30:22 -05:00
Nick Mathewson
928380e231 Credit the patch 2016-02-06 14:12:48 -05:00
Nick Mathewson
03371e3d3c Merge branch 'cleaned_aes_crypt' 2016-02-06 13:54:09 -05:00
Nick Mathewson
ef5f35971f changes file for bug 18258. 2016-02-06 13:51:46 -05:00
Nick Mathewson
f3a0de0c2c add a changes file 2016-02-06 12:37:56 -05:00
Nick Mathewson
1f5cdf2b6c Merge branch 'maint-0.2.7' 2016-02-05 08:13:47 -05:00
Nick Mathewson
d920cbb82c Merge branch 'maint-0.2.6' into maint-0.2.7 2016-02-05 08:13:35 -05:00
Nick Mathewson
44ad3be221 Merge branch 'maint-0.2.5' into maint-0.2.6 2016-02-05 08:13:24 -05:00
Nick Mathewson
f06d9a9cef Merge branch 'maint-0.2.4' into maint-0.2.5 2016-02-05 08:13:13 -05:00
Nick Mathewson
5d63cbf7f9 whoops, add a changes file for 18242. 2016-02-04 12:54:54 -05:00
Nick Mathewson
c595f6d25e Add an assertion to tor_libevent_get_base()
Closes ticket 18241.
2016-02-04 12:37:00 -05:00
Karsten Loesing
d5ac79e056 Update geoip and geoip6 to the February 2 2016 database. 2016-02-04 08:53:24 +01:00
Nick Mathewson
08788a81bc Revise some more changelog entries 2016-02-03 20:24:00 -05:00
Nick Mathewson
27582325dc Make Tor build happily with OpenSSL master and libressl.
Also tested with 1.0.0t and 1.0.2f.

Closes ticket 19784.

Closes most of 17921. (Still need to make some tests pass.)
2016-02-03 11:13:12 -05:00
Yawning Angel
c625ab9f5a Validate the DH parameters for correctness.
We use sensible parameters taken from common sources, and no longer
have dynamic DH groups as an option, but it feels prudent to have
OpenSSL validate p and g at initialization time.
2016-02-02 22:03:48 +00:00
teor (Tim Wilson-Brown)
92b1c3b604 Update ExitPolicy when interface addresses change
Tor exit relays reject local interface addresses in their exit policy.

Make sure those policies are updated when interface addresses change.
2016-02-02 15:05:59 +11:00
Nick Mathewson
f09d03c384 use sortChanges to fold changes files into changelog. No additional editing or formatting yet. 2016-02-01 16:56:20 -05:00
Nick Mathewson
d7a713a41e We can't do subbullets in changes files 2016-02-01 16:49:06 -05:00
Nick Mathewson
deea08c13f Fix all the warnings from lintChanges.py 2016-02-01 16:46:29 -05:00
Nick Mathewson
8ea48a5919 We don't include fixes for non-released bugs in the changelog 2016-02-01 16:06:55 -05:00
Nick Mathewson
93f3f4ae7a Merge branch 'maint-0.2.7' 2016-02-01 15:53:54 -05:00
Nick Mathewson
6352dde2a6 Make "lintchanges.py" pass on maint-0.2.7 2016-02-01 15:53:44 -05:00
Nick Mathewson
b860f82d56 Treat bt_test.py failures as "SKIP" on freebsd.
Closes #18204.
2016-02-01 14:11:45 -05:00
Nick Mathewson
5f7df92571 Remove support for unsigned time_t
We've never actually tested this support, and we should probably assume
it's broken.

To the best of my knowledge, only OpenVMS has this, and even on
OpenVMS it's a compile-time option to disable it.  And I don't think
we build on openvms anyway.  (Everybody else seems to be working
around the 2038 problem by using a 64-bit time_t, which won't expire
for roughly 292 billion years.)

Closes ticket 18184.
2016-01-29 09:18:59 -05:00
teor (Tim Wilson-Brown)
c4cb4706c9 Merge branch 'feature17840-v11-squashed' into feature17840-v11-merged
Conflicts:
	src/or/directory.c
	src/test/test_routerlist.c

Fix minor conflicts.
2016-01-29 07:37:06 +11:00
teor (Tim Wilson-Brown)
2d33d192fc Add ClientUseIPv4 and ClientPreferIPv6DirPort torrc options
ClientUseIPv4 0 tells tor to avoid IPv4 client connections.
ClientPreferIPv6DirPort 1 tells tor to prefer IPv6 directory connections.

Refactor policy for IPv4/IPv6 preferences.

Fix a bug where node->ipv6_preferred could become stale if
ClientPreferIPv6ORPort was changed after the consensus was loaded.

Update documentation, existing code, add unit tests.
2016-01-29 07:13:57 +11:00
Nick Mathewson
6b2087dbe4 Merge branch 'maint-0.2.7' 2016-01-28 10:22:06 -05:00
Nick Mathewson
fb64c55cf8 Add descriptions for --keygen to the manpage
Based on text from s7r
2016-01-28 10:19:29 -05:00
Nick Mathewson
bca7083e82 avoid integer overflow in and around smartlist_ensure_capacity.
This closes bug 18162; bugfix on a45b131590, which fixed a related
issue long ago.

In addition to the #18162 issues, this fixes a signed integer overflow
in smarltist_add_all(), which is probably not so great either.
2016-01-27 12:32:41 -05:00
Nick Mathewson
7b6d7aae09 Merge branch 'fallbacks-0281-squashed' 2016-01-18 20:16:05 -05:00
teor (Tim Wilson-Brown)
ab3c86479a Add default fallback directories for the 0.2.8 alpha releases
Allow fallback directories which have been stable for 30 days
to work around #18050, which causes relays to submit descriptors
with 0 DirPorts when restarted. (Particularly during Tor version
upgrades.)

Ignore low fallback directory count in alpha builds.
2016-01-18 20:15:59 -05:00
Nick Mathewson
ab58f60321 Merge branch 'maint-0.2.7' 2016-01-18 20:03:28 -05:00
Nick Mathewson
8335b1f9a9 Merge branch 'maint-0.2.6' into maint-0.2.7 2016-01-18 20:00:16 -05:00
teor (Tim Wilson-Brown)
db81565331 Make memwipe() do nothing when passed a NULL pointer or zero size
Check size argument to memwipe() for underflow.

Closes bug #18089. Reported by "gk", patch by "teor".
Bugfix on 0.2.3.25 and 0.2.4.6-alpha (#7352),
commit 49dd5ef3 on 7 Nov 2012.
2016-01-18 19:58:07 -05:00
Nick Mathewson
0ace22ef6d Merge remote-tracking branch 'origin/maint-0.2.7' 2016-01-18 19:52:34 -05:00
Nick Mathewson
83dfcfbc4a Merge remote-tracking branch 'teor/bug18050' into maint-0.2.7 2016-01-18 19:51:57 -05:00
teor (Tim Wilson-Brown)
6094a886cf Check ORPort and DirPort reachability before publishing a relay descriptor
Otherwise, relays publish a descriptor with DirPort 0 when the DirPort
reachability test takes longer than the ORPort reachability test.

Closes bug #18050. Reported by "starlight", patch by "teor".
Bugfix on 0.1.0.1-rc, commit a1f1fa6ab on 27 Feb 2005.
2016-01-18 14:00:29 +11:00
Nick Mathewson
f6ea7a6258 Make the new directory tests build and run again.
Had to disable a couple.

Also add changes file for 17003.
2016-01-15 11:20:14 -05:00
Nick Mathewson
d3e7803c1c Changes file for feature 17076 2016-01-15 10:59:28 -05:00
Fergus Dall
91077d3aca Update the limits in max_dl_per_request for IPv6 address length 2016-01-13 06:57:24 +10:30
Nick Mathewson
d062baac86 Merge remote-tracking branch 'teor/bug17888' 2016-01-12 12:26:06 -05:00
Nick Mathewson
7616922e81 Merge remote-tracking branch 'teor/bug17887-v2' 2016-01-12 10:47:54 -05:00
Nick Mathewson
3074b8365f Add another safe_str_client to fix bug 17419 2016-01-12 10:42:01 -05:00
Nick Mathewson
007eb3f8cb Tweak changes file to mention bug number 2016-01-12 10:12:08 -05:00
Nick Mathewson
91b3fa3636 Merge remote-tracking branch 'fergus-dall/log_heartbeat_test' 2016-01-12 10:11:45 -05:00
teor (Tim Wilson-Brown)
da968e558e Fix various issues with fallback directory data handling
* support maximum history age in _avg_generic_history()
* fix division-by-zero trap in _avg_generic_history()
* skip missing (i.e. null/None) intervals in _avg_generic_history()
* Python timedelta.total_seconds() function not available in 2.6;
  replace with equivalent expression
* set DEBUG logging level to make relay exclusion reasons visible
* move CUTOFF_GUARD test to end in order to expose more exclusion
  reasons

Patch by "starlight", merge modifications by "teor".
2016-01-12 10:10:05 -05:00
Fergus Dall
9e5a6f0293 Stop log_heartbeat test from failing in timezones with non-integer offsets
Instead of comparing the end of the time string against a constant,
compare it to the output of format_local_iso_time when given the
correct input.
2016-01-12 22:01:46 +10:30
teor (Tim Wilson-Brown)
bc2bed8979 Don't reduce the weight of exits selected as fallback directories
When selecting exits as fallback directories, don't reduce
their weights.

Closes ticket #17888.
2016-01-12 13:56:45 +11:00
teor (Tim Wilson-Brown)
430181fad2 Allow fallback directory selection to use day-old data
Allow cached or outdated Onionoo data to be used to choose
fallback directories, as long as it's less than a day old.

Modify last modified date checks in preparation for Onionoo change
2016-01-12 13:51:25 +11:00
Nick Mathewson
d10ea49588 Merge remote-tracking branch 'rl1987/feature17950' 2016-01-11 08:54:51 -05:00
Nick Mathewson
8fc27ac042 Give 18024 a bug number. 2016-01-08 15:55:49 -08:00
Nick Mathewson
95f5910810 Merge branch 'unixninja_ticket15989_squashed' 2016-01-08 15:52:22 -08:00
unixninja92
4f0e28977d Added AccountRule in and AccountingRule out options 2016-01-08 15:52:10 -08:00
Nick Mathewson
5b5abd8c03 Merge commit '110765f5564a588c5f019d32b5e6f66cc7806c41' 2016-01-08 15:08:28 -08:00
Nick Mathewson
a1019b82c1 Merge remote-tracking branch 'public/feature16794_more' 2016-01-08 14:54:51 -08:00
rl1987
fb373a9ef6 On win32, use SecureZeroMemory() to securely wipe buffers.
{Also tweak the comments. -nickm)
2016-01-07 14:25:31 -08:00
Nick Mathewson
3783046f3b Use memset_s or explicit_bzero when available. 2016-01-07 12:53:24 -08:00
Nick Mathewson
77bc95cb5e Merge remote-tracking branch 'public/17826_redux' 2016-01-07 09:52:09 -08:00
Nick Mathewson
55232e32c7 Merge branch 'maint-0.2.7' 2016-01-07 09:43:24 -08:00