Commit Graph

5284 Commits

Author SHA1 Message Date
Nick Mathewson
784b29a2bf Merge branch 'bug22356_029' into maint-0.3.1 2017-06-21 13:54:02 -04:00
Nick Mathewson
72b132e2a4 changes file for ticket22311 2017-06-21 13:49:17 -04:00
Kevin Butler
0a96d11539 Better error message for GETINFO desc/(id|name) whenever microdescriptors are in use. Fixes #5847. 2017-06-21 12:19:01 -04:00
Nick Mathewson
884c0ffe3b Merge branch 'maint-0.3.1' 2017-06-20 20:29:00 -04:00
Nick Mathewson
e51e7bd38b Merge branch 'bug22502_redux_031' into maint-0.3.1 2017-06-20 20:27:48 -04:00
Nick Mathewson
c999e84436 Merge branch 'bug22672_031' into maint-0.3.1 2017-06-20 20:26:45 -04:00
Nick Mathewson
3830599a63 Merge branch 'maint-0.3.1' 2017-06-20 14:18:35 -04:00
Nick Mathewson
c4152a25e3 Note that bw_accounting is obsoleted by values in the state file
Closes ticket 16082.
2017-06-20 14:18:10 -04:00
Nick Mathewson
fa2bd196b4 Merge branch 'maint-0.3.1' 2017-06-20 13:54:35 -04:00
Nick Mathewson
fecc66d1e6 Note that pkgconfig is now needed, and has been for a few releases. 2017-06-20 13:54:30 -04:00
Nick Mathewson
9328bd524e Enforce the rule that COMPRESS_OK means progress was made.
If COMPRESS_OK occurs but data is neither consumed nor generated,
treat it as a BUG and a COMPRESS_ERROR.

This change is meant to prevent infinite loops in the case where
we've made a mistake in one of our compression backends.

Closes ticket 22672.
2017-06-20 12:26:57 -04:00
Nick Mathewson
5537e1fc45 If we successfully decompress an HTTP body, return immediately.
This prevents us from calling
allowed_anonymous_connection_compression_method() on the unused
guessed method (if any), and rejecting something that was already
safe to use.
2017-06-20 12:08:12 -04:00
Nick Mathewson
d8cd68caf1 If a _guessed_ compression method fails, it is never PROTOCOL_WARN.
Rationale: When use a guessed compression method, we already gave a
PROTOCOL_WARN when our guess differed from the declared method,
AND we gave a PROTOCOL_WARN when the declared method failed.  It is
not a protocol problem that the guessed method failed too; it's just
a recovery attempt that failed.
2017-06-20 12:08:11 -04:00
Nick Mathewson
7b3161f008 It should be a PROTOCOL_WARN when we have an incorrect content-encoding.
Rationale: The server did not obey the protocol, and its
content-encoding got munged. That's what PROTOCOL_WARN is for.
2017-06-20 12:08:11 -04:00
Nick Mathewson
782eb02b79 Send the correct content-encoding when serving cached_dir_t objects
A cached_dir_t object (for now) is always compressed with
DEFLATE_METHOD, but in handle_get_status_vote() to we were using the
general compression-negotiation code decide what compression to
claim we were using.

This was one of the reasons behind 22502.

Fixes bug 22669; bugfix on 0.3.1.1-alpha
2017-06-20 11:26:51 -04:00
Nick Mathewson
dd9f255e5b Merge branch 'maint-0.3.1' 2017-06-20 10:12:47 -04:00
Nick Mathewson
c1c938e80c add a changes file for 22626, 22628, and 22629 (parts of 22502) 2017-06-20 10:12:40 -04:00
Nick Mathewson
32e486de97 Don't expand guard sample set unless consensus is "reasonably live"
Fixes what I think is the main root cause of 22400. Bugfix on
0.3.0.1-alpha.
2017-06-19 15:48:47 -04:00
Nick Mathewson
c2e546aa23 Merge remote-tracking branch 'argonblue/bug22410' 2017-06-19 15:30:23 -04:00
Nick Mathewson
e3efc076c5 Downgrade "assign_to_cpuworker failed" to INFO.
Closes ticket 22356
2017-06-19 15:24:33 -04:00
Taylor Yu
027614c263 Ensure that uint8_t is unsigned char
Many places in our code assume that uint8_t is the same type as
unsigned char.  Test this assumption in the configure script.  This is
important because of the privileged aliasing properties of character
types in C.

Fixes #22410.
2017-06-19 14:28:36 -04:00
Nick Mathewson
e01e4e0146 Merge branch 'ticket20575_031_01_squashed' 2017-06-19 14:16:21 -04:00
David Goulet
3f807ec058 config: Deprecate HTTPProxy option
Move the HTTPProxy option to the deprecated list so for now it will only warn
users but feature is still in the code which will be removed in a future
stable version.

Fixes #20575

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-06-19 14:14:17 -04:00
Nick Mathewson
eff5e29404 Merge branch 'maint-0.3.0' into maint-0.3.1 2017-06-19 13:52:19 -04:00
Nick Mathewson
71c701927a Merge branch 'maint-0.2.9' into maint-0.3.0 2017-06-19 13:52:19 -04:00
Nick Mathewson
5641e27ffb Document more files in the datadirectory.
This improved list comes from the ls -R results that weasel and ln5
sent me.  Thanks!
2017-06-19 09:57:57 -04:00
Nick Mathewson
b4c9eb0aab Document sr-random and diff-cache. 2017-06-16 14:44:04 -04:00
Nick Mathewson
a73d0fe9a8 Document key-pinning-journal
Closes 22347
2017-06-16 14:26:50 -04:00
Nick Mathewson
59f29970fa Permit the fchmod system call.
Fixes bug 22516; bugfix on 0.2.5.4-alpha.
2017-06-16 14:03:02 -04:00
Nick Mathewson
493d9cd17b Merge branch 'maint-0.2.9' into maint-0.3.0 2017-06-09 09:58:46 -04:00
Nick Mathewson
cd7d006e08 Merge branch 'maint-0.2.8' into maint-0.2.9 2017-06-09 09:58:46 -04:00
Nick Mathewson
3f40d9ec20 Merge branch 'maint-0.3.0' 2017-06-09 09:58:46 -04:00
Nick Mathewson
307be8d4a7 Merge branch 'maint-0.2.7-redux' into maint-0.2.8 2017-06-09 09:58:45 -04:00
Nick Mathewson
24ee8595bf Merge branch 'maint-0.2.6' into maint-0.2.7-redux 2017-06-09 09:58:45 -04:00
Nick Mathewson
3913f959e3 Merge branch 'maint-0.2.5' into maint-0.2.6 2017-06-09 09:58:45 -04:00
Nick Mathewson
325c507a09 Merge branch 'maint-0.2.4' into maint-0.2.5 2017-06-09 09:58:45 -04:00
Karsten Loesing
104e8fa751 Update geoip and geoip6 to the June 8 2017 database. 2017-06-09 15:47:49 +02:00
Nick Mathewson
d2839eeac9 Fold TROVE-2017-00[45] into changelog 2017-06-08 09:32:00 -04:00
Nick Mathewson
a0664fd0c3 bump to 0.3.0.8 2017-06-08 09:24:28 -04:00
Nick Mathewson
d15d09a968 Merge branch 'maint-0.2.7-redux' into maint-0.2.8 2017-06-08 09:21:15 -04:00
Nick Mathewson
c1646d6e89 Merge branch 'maint-0.2.6' into maint-0.2.7-redux 2017-06-08 09:21:15 -04:00
Nick Mathewson
40bccc2004 Merge branch 'maint-0.2.5' into maint-0.2.6 2017-06-08 09:21:15 -04:00
Nick Mathewson
dec7998f5c Merge branch 'maint-0.2.4' into maint-0.2.5 2017-06-08 09:21:15 -04:00
Nick Mathewson
987c7cae70 Merge branch 'maint-0.2.8' into maint-0.2.9 2017-06-08 09:21:15 -04:00
Nick Mathewson
53011e3e54 Merge branch 'maint-0.2.9' into maint-0.3.0 2017-06-08 09:21:15 -04:00
Nick Mathewson
83135d75a3 Merge branch 'maint-0.3.0' 2017-06-08 09:21:15 -04:00
David Goulet
56a7c5bc15 TROVE-2017-005: Fix assertion failure in connection_edge_process_relay_cell
On an hidden service rendezvous circuit, a BEGIN_DIR could be sent
(maliciously) which would trigger a tor_assert() because
connection_edge_process_relay_cell() thought that the circuit is an
or_circuit_t but is an origin circuit in reality.

Fixes #22494

Reported-by: Roger Dingledine <arma@torproject.org>
Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-06-08 09:21:10 -04:00
Nick Mathewson
eb5d05f696 Another changes fix. 2017-06-08 09:20:53 -04:00
Nick Mathewson
9acca04025 Merge branch 'maint-0.3.0' 2017-06-08 09:17:32 -04:00
Nick Mathewson
0c46dc8097 tweak changes file. 2017-06-08 09:16:33 -04:00
David Goulet
79b59a2dfc TROVE-2017-004: Fix assertion failure in relay_send_end_cell_from_edge_
This fixes an assertion failure in relay_send_end_cell_from_edge_() when an
origin circuit and a cpath_layer = NULL were passed.

A service rendezvous circuit could do such a thing when a malformed BEGIN cell
is received but shouldn't in the first place because the service needs to send
an END cell on the circuit for which it can not do without a cpath_layer.

Fixes #22493

Reported-by: Roger Dingledine <arma@torproject.org>
Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-06-08 09:14:10 -04:00
Nick Mathewson
5955b63a9a Start on a changelog for 0.3.1.3-alpha 2017-06-07 09:36:12 -04:00
Nick Mathewson
e3b1573be6 Merge branch 'maint-0.3.0' 2017-06-05 15:52:06 -04:00
Nick Mathewson
d5acdadaef Merge branch 'bug22460_030_01' into maint-0.3.0 2017-06-05 15:44:36 -04:00
Nick Mathewson
d1c1dc229e Merge branch 'maint-0.2.9' into maint-0.3.0 2017-06-05 15:44:12 -04:00
Nick Mathewson
9fea00928c Merge branch 'bug22460_case2_029_01_squashed' into maint-0.2.9 2017-06-05 15:28:13 -04:00
Nick Mathewson
01878fa309 Changes file for the x509 link certificate case of bug22460 2017-06-05 15:27:33 -04:00
Nick Mathewson
db2f18b1f9 Merge branch 'maint-0.3.0' 2017-06-05 12:02:47 -04:00
Nick Mathewson
578a4392e9 Merge branch 'maint-0.2.9' into maint-0.3.0 2017-06-05 12:02:26 -04:00
Nick Mathewson
d75be189df Merge branch 'maint-0.2.8' into maint-0.2.9 2017-06-05 12:02:15 -04:00
Nick Mathewson
33fcc0f61d Merge branch 'maint-0.2.7-redux' into maint-0.2.8 2017-06-05 12:01:17 -04:00
Nick Mathewson
3f2d1f7f07 Merge branch 'maint-0.2.6' into maint-0.2.7-redux 2017-06-05 12:00:41 -04:00
Nick Mathewson
9ea3d0877a Merge branch 'maint-0.2.5' into maint-0.2.6 2017-06-05 12:00:27 -04:00
Nick Mathewson
1a540b5792 Merge branch 'maint-0.2.4' into maint-0.2.5 2017-06-05 12:00:08 -04:00
Nick Mathewson
e3ebae4804 Fix undefined behavior in geoip_parse_entry().
Fixes bug 22490; bugfix on 6a241ff3ff in 0.2.4.6-alpha.

Found by teor using clang-5.0's AddressSanitizer stack-use-after-scope.
2017-06-05 10:09:39 -04:00
Nick Mathewson
26d9fffae4 Merge branch 'bug22466_diagnostic_030' 2017-06-05 09:52:09 -04:00
Nick Mathewson
be741d7e63 Merge branch 'maint-0.3.0' 2017-06-05 09:51:57 -04:00
rl1987
7f05f89663 Don't reject SOCKS5 requests that contain IP strings 2017-06-04 13:14:55 +02:00
rl1987
9e2f780923 Refrain from needless SOCKS5 warning 2017-06-03 18:04:47 +02:00
Nick Mathewson
41ed9e978b Regenerate RSA->ed25519 identity crosscertificate as needed 2017-06-01 10:04:52 -04:00
Nick Mathewson
f2068ef862 Use tor_assert_nonfatal() to try to detect #22466 2017-06-01 09:42:32 -04:00
Nick Mathewson
34a6755b94 Fix ed25519 link certificate race on tls context rotation
Whenever we rotate our TLS context, we change our Ed25519
Signing->Link certificate.  But if we've already started a TLS
connection, then we've already sent the old X509 link certificate,
so the new Ed25519 Signing->Link certificate won't match it.

To fix this, we now store a copy of the Signing->Link certificate
when we initialize the handshake state, and send that certificate
as part of our CERTS cell.

Fixes one case of bug22460; bugfix on 0.3.0.1-alpha.
2017-06-01 09:26:24 -04:00
Nick Mathewson
a9be768959 Bugfix: Regenerate more certificates when appropriate
Previously we could sometimes change our signing key, but not
regenerate the certificates (signing->link and signing->auth) that
were signed with it.  Also, we would regularly replace our TLS x.509
link certificate (by rotating our TLS context) but not replace our
signing->link ed25519 certificate.  In both cases, the resulting
inconsistency would make other relays reject our link handshakes.

Fixes two cases of bug 22460; bugfix on 0.3.0.1-alpha.
2017-05-31 18:45:35 -04:00
Nick Mathewson
5860f0a7c8 Update the torify.1 manpage
I went into this to fix 6892 and say "we don't do anything for
circuit isolation."  But instead I did a fair amount of text-removal
to stop implying that torify does anything more than call torsocks.
2017-05-30 14:15:42 -04:00
Nick Mathewson
4a15b31696 Merge remote-tracking branch 'argonblue/bug22413' 2017-05-30 13:33:49 -04:00
Taylor Yu
90dd7dc92a Check for libzstd >= 1.1
The consensus compression code depends on a streaming compression API
that is new in libzstd-1.1.

Fixes #22413.
2017-05-30 13:25:34 -04:00
Nick Mathewson
9d59769db7 Improve error message when all permitted Exits are down
The old "No specified non-excluded exit routers seem to be running"
message was somewhat confusing.

Fix for 7890.
2017-05-30 10:59:04 -04:00
David Goulet
5b33d95a3d hs: Correctly validate v3 descriptor encrypted length
The encrypted_data_length_is_valid() function wasn't validating correctly the
length of the encrypted data of a v3 descriptor. The side effect of this is
that an HSDir was rejecting the descriptor and ultimately not storing it.

Fixes #22447

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-05-30 10:27:42 -04:00
Nick Mathewson
671c5dcde3 Merge remote-tracking branch 'public/bug6298' 2017-05-30 10:27:37 -04:00
Nick Mathewson
0fbe1a2c6f Merge remote-tracking branch 'teor/bug22424' 2017-05-30 08:50:45 -04:00
Nick Mathewson
6bc9ff87b8 changes file for 22417 2017-05-30 08:48:50 -04:00
Nick Mathewson
167e5be056 changes file for 22446 2017-05-30 08:33:27 -04:00
teor
af891e7f2c
Changes file for bug 22424 2017-05-28 22:34:56 +10:00
Nick Mathewson
159a8061cf Mock tor_addr_lookup() during part of addr/basic test.
If this function isn't mocked, then our unit tests break on stupid
networks where localhost is broken or absent. Fixes bug 6298; bugfix
on 0.0.9pre2.
2017-05-26 13:53:32 -04:00
Nick Mathewson
8cd01f5e5b Start an 0.3.1.2-alpha mini-changelog 2017-05-26 09:00:38 -04:00
Nick Mathewson
ab9976b724 Merge remote-tracking branch 'arma/bug22368' 2017-05-25 08:54:51 -04:00
Roger Dingledine
657297a9f8 Merge branch 'maint-0.3.0' 2017-05-25 00:28:11 -04:00
Roger Dingledine
83439e78cc Merge branch 'maint-0.2.9' into maint-0.3.0 2017-05-25 00:27:27 -04:00
teor
ec61ae59a5 Stop leaking keypin-rejected routerinfos on directory authorities
When directory authorities reject a router descriptor due to keypinning,
free the router descriptor rather than leaking the memory.

Fixes bug 22370; bugfix on 0.2.7.2-alpha.
2017-05-25 00:09:40 -04:00
Roger Dingledine
d22d565331 add copy of MyFamily element to the descriptor, not the element itself
If we add the element itself, we will later free it when we free the
descriptor, and the next time we go to look at MyFamily, things will
go badly.

Fixes the rest of bug 22368; bugfix on 0.3.1.1-alpha.
2017-05-24 23:37:00 -04:00
Nick Mathewson
b80a35e683 Improve the message we log on unexpected dirauth status code
It's still not great, but should be less confusing what's wrong
here.

Closes ticket 1121.
2017-05-24 09:08:59 -04:00
Nick Mathewson
94754c5414 Fold new entries into changelog 2017-05-22 11:40:52 -04:00
Nick Mathewson
3d27954f2e amend changes file to note that one case is still unfixed 2017-05-22 09:10:00 -04:00
Nick Mathewson
b2e9a107b7 Merge remote-tracking branch 'asn/bug21969_bridges' 2017-05-22 09:09:16 -04:00
George Kadianakis
52498b8183 Set guard state on bridge descriptor fetches.
We used to not set the guard state in launch_direct_bridge_descriptor_fetch().
So when a bridge descriptor fetch failed, the guard subsystem would never
learn about the fail (and hence the guard's reachability state would not
be updated).
2017-05-22 15:57:33 +03:00
George Kadianakis
6009c89165 Set guard state on bridge descriptor fetches.
We used to not set the guard state in launch_direct_bridge_descriptor_fetch().
So when a bridge descriptor fetch failed, the guard subsystem would never
learn about the fail (and hence the guard's reachability state would not
be updated).
2017-05-22 15:56:32 +03:00
Nick Mathewson
90894c87a5 Merge branch 'maint-0.3.0' 2017-05-22 08:32:18 -04:00
Nick Mathewson
5c52d3c2c0 Merge branch 'maint-0.2.9' into maint-0.3.0 2017-05-22 08:32:07 -04:00
Roger Dingledine
6e5486b11a dir auths reject 0.2.9.x for x<5, due to bug 20499
Directory authorities now reject relays running versions
0.2.9.1-alpha through 0.2.9.4-alpha, because those relays
suffer from bug 20499 and don't keep their consensus cache
up-to-date.

Resolves ticket 20509.
2017-05-22 08:31:39 -04:00
Nick Mathewson
8410f47b6e start changelog for 0.3.1.1-alpha by sorting entries 2017-05-19 10:00:54 -04:00