George Kadianakis
2d276ab9d9
rend_service_introduce(): do protocol violation check before anything else.
...
(Cherry-picked from 6ba13e4 by nickm)
2012-04-18 22:26:06 -04:00
Nick Mathewson
86c4b750da
Merge branch 'bug5593' into maint-0.2.2
2012-04-11 10:04:31 -04:00
Karsten Loesing
b395b59353
Update to the April 2012 GeoIP database.
2012-04-11 14:15:49 +02:00
Nick Mathewson
dd3f4f1bdb
Include a Host: header with any HTTP/1.1 proxy request
...
Bugfix on 0.2.2.1-alpha, which added the orginal HTTP proxy
authentication code. Fix for bug 5593.
2012-04-10 12:00:20 -04:00
Nick Mathewson
439fc704f1
Wrap long line; strlen("ides")<strlen("turtles").
2012-04-04 21:05:19 -04:00
Sebastian Hahn
b24487d106
ides has become turtles, and gotten a new IP address
...
As per ticket 5569
2012-04-05 01:53:04 +02:00
Roger Dingledine
5fed1ccd90
put a _ before or_options_t elements that aren't configurable
...
it's fine with me if we change the current convention, but we should
actually decide to change it if we want to.
2012-04-01 15:59:38 -04:00
Roger Dingledine
40ab832c4e
BridgePassword was never for debugging
...
It is for the not-yet-implemented bridge community design.
2012-04-01 15:59:00 -04:00
Nick Mathewson
9a69c24150
Do not use strcmp() to compare an http authenticator to its expected value
...
This fixes a side-channel attack on the (fortunately unused!)
BridgePassword option for bridge authorities. Fix for bug 5543;
bugfix on 0.2.0.14-alpha.
2012-04-01 00:42:04 -04:00
Nick Mathewson
9740f067c4
Safe cookie authentication gets a changes file
2012-03-26 14:06:27 -04:00
Nick Mathewson
6dcbfec82d
Merge remote-tracking branch 'rransom-tor/safecookie-022-v3' into maint-0.2.2
2012-03-26 14:03:29 -04:00
Nick Mathewson
650e2aac46
Merge commit 'a5704b1c624c9a808f52f3a125339f00e2b9a378' into maint-0.2.2
2012-03-26 13:59:49 -04:00
Nick Mathewson
ec1bc8a979
Use a given name in the bug5090 message, at its holder's request.
2012-03-09 14:50:46 -05:00
Nick Mathewson
99bd5400e8
Never choose a bridge as an exit. Bug 5342.
2012-03-09 14:27:50 -05:00
Nick Mathewson
8abfcc0804
Revise "sufficient exit nodes" check to work with restrictive ExitNodes
...
If you set ExitNodes so that only 1 exit node is accepted, the
previous patch would have made you unable to build circuits.
2012-03-09 14:23:23 -05:00
Nick Mathewson
a574f7f3fe
Merge branch 'bug5343' into maint-0.2.2
2012-03-09 13:54:04 -05:00
Nick Mathewson
31f253ae6a
Oops; credit bug5090 patch to flupzor. estebanm only found the bug.
2012-03-09 11:54:27 -05:00
Nick Mathewson
be0535f00b
Correctly handle broken escape sequences in torrc values
...
Previously, malformatted torrc values could crash us.
Patch by Esteban Manchado. Fixes bug 5090; fix on 0.2.0.16-alpha.
2012-03-09 11:50:22 -05:00
Nick Mathewson
ec8a06c5a1
Require a threshold of exit nodes before building circuits
...
This mitigates an attack proposed by wanoskarnet, in which all of a
client's bridges collude to restrict the exit nodes that the client
knows about. Fixes bug 5343.
2012-03-08 15:42:54 -05:00
Sebastian Hahn
fe50b676bc
Fix compile warnings in openbsd malloc
2012-03-08 19:28:59 +01:00
Nick Mathewson
9d5d3a7fd4
Merge remote-tracking branch 'karsten/geoip-march2012' into maint-0.2.2
2012-03-08 10:50:03 -05:00
Karsten Loesing
c5d7ee714f
Update to the March 2012 GeoIP database.
2012-03-08 09:35:15 +01:00
Roger Dingledine
e21756908f
new ip address for maatuska
2012-02-29 13:22:41 -05:00
Robert Ransom
e111e371b4
Implement 'safe cookie authentication'
2012-02-22 05:46:09 -08:00
Nick Mathewson
a5704b1c62
Add a sha256 hmac function, with tests
...
(cherry picked from commit fdbb9cdf74
)
2012-02-22 05:46:08 -08:00
Sebastian Hahn
8ce6722d76
Properly protect paths to sed, sha1sum, openssl
...
in Makefile.am, we used it without quoting it, causing build failure if
your openssl/sed/sha1sum happened to live in a directory with a space in
it (very common on windows)
2012-02-10 20:12:03 +01:00
Nick Mathewson
c8b855082b
Downgrade "missing a certificate" from notice to info
...
It was apparently getting mistaken for a problem, even though it was
at notice.
Fixes 5067; fix on 0.2.0.10-alpha.
2012-02-10 12:01:56 -05:00
Nick Mathewson
2da0efb547
Use correct CVE number for CVE-2011-4576. Found by fermenthor. bug 5066
2012-02-10 10:55:39 -05:00
Roger Dingledine
a70ff4b2cb
Merge branch 'maint-0.2.1' into maint-0.2.2
2012-02-09 04:21:08 -05:00
Roger Dingledine
85c539009a
Revert "add a "docs" to the manual URI as listed in torrc.sample.in"
...
This reverts commit 55e8cae815
.
The conversation from irc:
> weasel: i had intended to leave torrc.sample.in alone in maint-0.2.2,
since i don't want to make all your stable users have to deal with
a torrc change. but nickm changed it. is it in fact the case that a
change in that file means a change in the deb?
<weasel> it means you'll prompt every single user who ever touched
their torrc
<weasel> and they will be asked if they like your new version better
than what they have right now
<weasel> so it's not great
Instead I changed the website to redirect requests for the tor-manual
URL listed in maint-0.2.2's torrc.sample.in so the link will still work.
2012-02-09 03:57:04 -05:00
Karsten Loesing
4180624a7d
Update to the February 2012 GeoIP database.
2012-02-09 09:16:24 +01:00
Nick Mathewson
55e8cae815
add a "docs" to the manual URI as listed in torrc.sample.in
2012-02-08 10:52:05 -05:00
Roger Dingledine
688903e919
Update "ClientOnly" man page entry
...
There isn't really any point to messing with it. Resolves ticket 5005.
2012-02-02 02:31:28 -05:00
Nick Mathewson
6d595fa4cf
Merge remote-tracking branch 'public/bug4533_part2' into maint-0.2.2
2012-01-18 15:29:25 -05:00
Nick Mathewson
676bba8e0c
Documentation for GiveGuardFlagTo... option
2012-01-18 14:44:29 -05:00
Nick Mathewson
dd4b1a2ac6
Fix SOCKET_OK test on win64.
...
Bugfix on 0.2.2.29-beta; partial fix for 4533; found by wanoskarnet
2012-01-18 10:48:29 -05:00
Nick Mathewson
0126150c2d
Merge remote-tracking branch 'origin/maint-0.2.1' into maint-0.2.2
2012-01-11 11:07:13 -05:00
Nick Mathewson
8d5c0e58ea
Fix a compilation warning for our bug4822 fix on 64-bit linux
2012-01-11 11:06:31 -05:00
Nick Mathewson
c78a314e95
Fix comment about TLSv1_method() per comments by wanoskarnet
2012-01-09 16:40:21 -05:00
Nick Mathewson
6fd61cf767
Fix a trivial log message error in renservice.c
...
Fixes bug 4856; bugfix on 0.0.6
This bug was introduced in 79fc5217
, back in 2004.
2012-01-09 12:21:04 -05:00
Roger Dingledine
cc1580dbe0
when the consensus fails, list which dir auths were in or out
2012-01-08 12:14:44 -05:00
Roger Dingledine
04bf17c50c
nickname, not identity fingerprint, will help more
2012-01-08 12:09:01 -05:00
Roger Dingledine
78e95b7b71
tell me who votes are actually for, not just where they're from
2012-01-08 10:03:46 -05:00
Roger Dingledine
1416dd47a9
add a note from wanoskarnet
...
he disagrees about what the code that we decided not to use would do
2012-01-08 09:03:03 -05:00
Nick Mathewson
ccd8289958
Merge remote-tracking branch 'origin/maint-0.2.1' into maint-0.2.2
2012-01-05 14:16:30 -05:00
Nick Mathewson
b839ace7d0
Merge branch 'bug4822_021_v2_squashed' into maint-0.2.1
2012-01-05 14:11:42 -05:00
Robert Ransom
4752b34879
Log at info level when disabling SSLv3
2012-01-05 12:28:56 -05:00
Nick Mathewson
0a00678e56
Add a changes file for bug4822
2012-01-05 12:28:55 -05:00
Nick Mathewson
db78fe4589
Disable SSLv3 when using a not-up-to-date openssl
...
This is to address bug 4822, and CVE-2011-4576.
2012-01-05 12:28:55 -05:00
Roger Dingledine
a1074c7aa2
Merge branch 'maint-0.2.1' into maint-0.2.2
2012-01-05 06:45:28 -05:00