Commit Graph

25515 Commits

Author SHA1 Message Date
Nick Mathewson
c9009ccf92 Merge branch 'maint-0.2.8' into maint-0.2.9
"ours" merge to avoid version bump.
2016-12-19 08:07:56 -05:00
Nick Mathewson
b838e1f927 Bump to 0.2.8.12 2016-12-19 08:07:30 -05:00
Nick Mathewson
f9f1e3c94b Merge branch 'maint-0.2.9' 2016-12-19 08:03:17 -05:00
Nick Mathewson
de65647461 Merge branch 'maint-0.2.8' into maint-0.2.9 2016-12-19 07:58:43 -05:00
Nick Mathewson
c11de4c45f Merge branch 'bug21018_024' into maint-0.2.8 2016-12-19 07:58:21 -05:00
Nick Mathewson
2dc5226644 Merge branch 'maint-0.2.9' 2016-12-19 07:31:19 -05:00
Nick Mathewson
169a93fff2 Merge branch 'maint-0.2.8' into maint-0.2.9 2016-12-19 07:30:42 -05:00
Nick Mathewson
e0306320b5 Merge remote-tracking branch 'teor/new-fallbacks-028-20161219' into maint-0.2.8 2016-12-19 07:27:39 -05:00
teor
e9b7308ea5
Blacklist a fallback that was removed by the operator 2016-12-19 18:15:06 +11:00
teor
4181e812c7
Update the fallback directory mirror list in December 2016
Replace the 81 remaining fallbacks of the 100 originally introduced
in Tor 0.2.8.3-alpha in March 2016, with a list of 177 fallbacks
(123 new, 54 existing, 27 removed) generated in December 2016.

Resolves ticket 20170.
2016-12-19 15:44:20 +11:00
teor
fcf19f8b54
Update fallback whitelist and blacklist
Based on:
* fallback directory mirror checks,
* operator emails and tickets, both before and after the Dec 2016 emails:
https://lists.torproject.org/pipermail/tor-relays/2016-December/011113.html
https://lists.torproject.org/pipermail/tor-relays/2016-December/011330.html
2016-12-19 15:06:46 +11:00
teor
53ec087450
Avoid an error in the fallback script when a fallback doesn't have any uptime
Sometimes, the fallback generation script doesn't add attributes to the
fallbacks in the list. If this happens, log an error, and avoid selecting
that fallback.

This is a rare issue: it should not change selection behaviour.

Fixes issue #20945.
2016-12-19 15:06:04 +11:00
teor
654367f026
Allow fallbacks serving consensuses that expired less than 24 hours ago
This works around #20909, where relays serve stale consensuses for a short
time, and then recover.

Update to the fix for #20539.
2016-12-19 15:06:00 +11:00
teor
2d2bbaf259
Avoid checking fallback candidates' DirPorts if they are down in OnionOO
Exclude relays that have been down for 1 or more days from the fallback
candidate list.

When a relay operator has multiple relays, this prioritises relays that are
up over relays that are down.

Fixes issue #20926.
2016-12-19 15:05:56 +11:00
teor
4c832bcfac
Be more tolerant of a decreased number of fallbacks 2016-12-19 15:05:53 +11:00
teor
124c342364
Reduce fallback bandwidth requirement to 1 MByte/s 2016-12-19 15:05:49 +11:00
teor
35da99a712
Allow 3 fallbacks per operator
This is safe now we are choosing 200 fallbacks.

Closes ticket 20912.
2016-12-19 15:05:45 +11:00
teor
ee3e8fc3e9
Require fallbacks to have 90% Running, V2Dir, and Guard flags
This allows 73% of clients to bootstrap in the first 5 seconds without
contacting an authority.

Part of #18828.
2016-12-19 15:05:40 +11:00
teor
396bddaa4c
Require fallback directories to have the same address and port for 7 days
7 days is a tradeoff between the expected time between major Tor releases,
which is 6 months, and the number of relays with enough stability.

Relays whose OnionOO stability timer is reset on restart by bug #18050
should upgrade to Tor 0.2.8.7 or later, which has a fix for this issue.

Closes ticket #20880; maintains short-term fix in e220214 in tor-0.2.8.2-alpha.
2016-12-19 15:05:36 +11:00
teor
9629a25d10
Display the fingerprint when downloading consensuses from fallbacks 2016-12-19 15:05:33 +11:00
teor
ced50aff7e
Update fallback whitelist based on relay descriptors
These updates assume that the changes were intentional and permanent.
The operators were emailed to confirm.
2016-12-19 15:05:29 +11:00
teor
c889bc2135
Changes file for #20539 2016-12-19 15:05:25 +11:00
teor
8381d928cf
Exclude relays that deliver an expired consensus from the fallback list
Part of #20539, based on #20501.
2016-12-19 15:05:21 +11:00
teor
243d6fa0c7
Exclude relay versions affected by #20499 from the fallback list
Part of #20539, based on #20509.
2016-12-19 15:05:18 +11:00
teor
225c3d57db
Changes file for #20877, #20878, #20880, #20881, #20882 2016-12-19 15:05:14 +11:00
teor (Tim Wilson-Brown)
49df83cc03
Update fallback whitelist and blacklist
Update fallback whitelist and blacklist based on:
* pre-0.2.9 checks
* operator opt-ins and opt-outs, via emails and tickets
2016-12-19 15:05:10 +11:00
teor
864a8eb283
Make fallback sort order configurable
Closes issue #20882.
2016-12-19 15:05:06 +11:00
teor
31e1439642
Select 200 fallback directories by default for each release
Closes ticket #20881.
2016-12-19 15:05:02 +11:00
teor
4eba30ca59
Provide bandwidth and consensus weight for each candidate fallback
And make it clear that updateFallbackDirs.py outputs bandwidth in
megabytes per second.

Closes #20878.
2016-12-19 15:04:58 +11:00
teor
6ed8e3764b
Add a missed return to fallbackdir_comment() in updateFallbackDirs.py
Closes ticket #20877.
2016-12-19 15:04:54 +11:00
Nick Mathewson
0fb3058ece Make log message warn about detected attempts to exploit 21018. 2016-12-18 20:17:28 -05:00
Nick Mathewson
d978216dea Fix parsing bug with unecognized token at EOS
In get_token(), we could read one byte past the end of the
region. This is only a big problem in the case where the region
itself is (a) potentially hostile, and (b) not explicitly
nul-terminated.

This patch fixes the underlying bug, and also makes sure that the
one remaining case of not-NUL-terminated potentially hostile data
gets NUL-terminated.

Fix for bug 21018, TROVE-2016-12-002, and CVE-2016-1254
2016-12-18 20:17:24 -05:00
Nick Mathewson
ae89d9745d Revert ticket 20982 changes.
They broke stem, and breaking application compatibility is usually a
bad idea.

This reverts commit 6e10130e18,
commit 78a13df158, and
commit 62f52a888a.

We might re-apply this later, if all the downstream tools can handle
it, and it turns out to be useful for some reason.
2016-12-18 10:04:36 -05:00
Roger Dingledine
51ee549a90 fix typos and trivial syntax problems 2016-12-18 04:06:02 -05:00
Roger Dingledine
f3d056ab16 clarify debug-level log while initializing entropy
I got confused when I saw my Tor saying it was opening a file
that doesn't exist. It turns out it isn't opening it, it's just
calling open() on it and then moving on when it's not there.
2016-12-18 03:48:31 -05:00
Roger Dingledine
9e0d3eea46 normalize version syntax in changelog 2016-12-18 03:45:52 -05:00
Nick Mathewson
ff08be56ac Fix another pointless stack-protector warning.
This is the same as we fixed in 39f4554687.
2016-12-16 14:06:25 -05:00
Nick Mathewson
762b799545 Rename 'remove' -> 'rmv' to avoid shadowing a libc global 2016-12-16 14:04:57 -05:00
J. Ryan Stinnett
19cf074f4d hs: Remove private keys from hs_desc_plaintext_data_t.
Since both the client and service will use that data structure to store the
descriptor decoded data, only the public keys are common to both.

Fixes #20572.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2016-12-16 12:48:33 -05:00
Nick Mathewson
698ed75e1a Resolve some coverity complaints in test_entrynodes.c 2016-12-16 12:23:46 -05:00
David Goulet
e76b072def test: fix the generate ESTABLISH_INTRO v3 cell
The "sig_len" fields was moved below the "end_sig_fields" in the trunnel
specification so when signing the cell content, the function generating such a
cell needed to be adjust.

Closes #20991

Signed-off-by: David Goulet <dgoulet@torproject.org>
2016-12-16 12:21:07 -05:00
David Goulet
db0e926849 hs: Remove a useless cast in verify_establish_intro_cell()
Signed-off-by: David Goulet <dgoulet@torproject.org>
2016-12-16 12:21:07 -05:00
David Goulet
b0ccb6bfa5 hs: Add an extra safety check on ESTABLISH_INTRO sig len
Signed-off-by: David Goulet <dgoulet@torproject.org>
2016-12-16 12:21:07 -05:00
David Goulet
e043b96887 trunnel: Move ESTABLISH_INTRO cell sig_len after the end_sig_fields
Signed-off-by: David Goulet <dgoulet@torproject.org>
2016-12-16 12:21:07 -05:00
Nick Mathewson
23c09b6bc2 Resolve a division-by-zero complaint from coverity. CID 1397272 2016-12-16 12:21:02 -05:00
Nick Mathewson
2a00110e5b Revert "Stop checking whether environ is declared."
This reverts commit 954eeda619.

Apparently, OpenBSD is what expects you to declare environ
yourself.  So 19142 is a wontfix.
2016-12-16 12:16:52 -05:00
Nick Mathewson
79a24750ba Fix broken entrynodes/retry_unreachable test
I broke this with 20292ec497 when I
changed the primary guard retry schedule.
2016-12-16 11:49:07 -05:00
Nick Mathewson
c52c47ae6f Disable the legacy guard algorithm. Code isn't removed yet.
(Keeping the code around in case I broke Tor in some unexpected
way.)
2016-12-16 11:42:34 -05:00
Nick Mathewson
990a863d7c Merge branch 'ticket20831_v2' 2016-12-16 11:40:19 -05:00
Nick Mathewson
506bd6d47c Make NumDirectoryGuards work with the new guard algorithm.
Now that we support NumEntryGuards, NumDirectoryGuards is pretty
easy to put back in.
2016-12-16 11:34:31 -05:00