Nick Mathewson
9bcb187387
Authorities reject insecure Tors.
...
This patch should make us reject every Tor that was vulnerable to
CVE-2011-0427. Additionally, it makes us reject every Tor that couldn't
handle RELAY_EARLY cells, which helps with proposal 110 (#4339 ).
2011-12-27 21:47:04 -05:00
Nick Mathewson
78f43c5d03
Require openssl 1.0.0a for using openssl's ctr-mode implementation
...
Previously we required 1.0.0, but there was a bug in the 1.0.0 counter
mode. Found by Pascal. Fixes bug 4779.
A more elegant solution would be good here if somebody has time to code
one.
2011-12-27 20:31:23 -05:00
Robert Ransom
836161c560
Add an option to close HS service-side rend circs on timeout
2011-12-27 08:02:43 -08:00
Robert Ransom
f88c8ca8c9
Don't close HS service-side rend circs on timeout
2011-12-27 08:02:43 -08:00
Robert Ransom
078e3e9dd5
Add an option to close 'almost-connected' HS client circs on timeout
2011-12-27 08:02:43 -08:00
Robert Ransom
4b13c33c0c
Don't close HS client circs which are 'almost connected' on timeout
2011-12-27 08:02:42 -08:00
Robert Ransom
c6a8ee36fb
Move description of HidServAuth out of the FascistFirewall group
2011-12-27 08:02:41 -08:00
Nick Mathewson
334a0513de
Downgrade relay_early-related warning
2011-12-26 18:11:41 -05:00
Nick Mathewson
85d7811456
Merge remote-tracking branch 'origin/maint-0.2.2'
2011-12-26 17:58:51 -05:00
Roger Dingledine
3aade2fab7
Merge remote-tracking branch 'nickm/prop110_v2'
2011-12-25 17:43:09 -05:00
Sebastian Hahn
da876aec63
Provide correct timeradd/timersup replacements
...
Bug caught and patch provided by Vektor. Fixes bug 4778.t
2011-12-25 23:19:08 +01:00
Roger Dingledine
86079a8757
update instructions on the exitlist script
2011-12-24 14:51:30 -05:00
Robert Ransom
4c3a23b283
Look up the rend circ whose INTRODUCE1 is being ACKed correctly
...
This change cannibalizes circuit_get_by_rend_query_and_purpose because it
had exactly one caller.
2011-12-22 23:46:09 -08:00
Nick Mathewson
7cb804343b
Merge remote-tracking branch 'rransom/feature2411-v4'
2011-12-22 10:51:39 -05:00
Nick Mathewson
782b7f49d8
Fix bug2571: warn on EntryNodes set and UseEntryGuards disabled
2011-12-22 10:31:52 -05:00
Nick Mathewson
8b4e7f9ac8
Merge branch 'bug1101_squashed'
2011-12-22 10:27:26 -05:00
Nick Mathewson
e0651bb108
Changes file for bug1101
2011-12-22 10:20:38 -05:00
Kamran Riaz Khan
a1c1fc72d1
Prepend cwd for relative config file paths.
...
Modifies filenames which do not start with '/' or '.' on non-Windows
platforms; uses _fullpath on Windows.
2011-12-22 10:17:48 -05:00
Nick Mathewson
2710a96ba4
Allow prop110 violations if AllowNonearlyExtend is set in consensus
2011-12-22 10:12:49 -05:00
Nick Mathewson
847541ce5d
Log what fraction of EXTEND cells have died for being non-early
2011-12-22 09:51:59 -05:00
Nick Mathewson
0187bd8728
Implement the last of proposal 110
...
Reject all EXTEND requests not received in a relay_early cell
2011-12-22 09:51:59 -05:00
Robert Ransom
66f77561c0
Mark each intro circ with the rend cookie sent in its INTRODUCE1 cell
...
Needed by fix for #4759 .
2011-12-22 06:45:45 -08:00
Nick Mathewson
878a684386
Merge remote-tracking branch 'public/bug4697'
2011-12-22 09:45:26 -05:00
Nick Mathewson
8cdeaedf86
Convert a couple of char[256]s into sockaddr_storage
2011-12-21 11:23:13 -05:00
Nick Mathewson
f75660958c
Merge remote-tracking branch 'origin/maint-0.2.2'
2011-12-21 11:20:56 -05:00
Nick Mathewson
b5e6bbc01d
Do not even try to keep going on a socket with socklen==0
...
Back in #1240 , r1eo linked to information about how this could happen
with older Linux kernels in response to nmap. Bugs #4545 and #4547
are about how our approach to trying to deal with this condition was
broken and stupid. Thanks to wanoskarnet for reminding us about #1240 .
This is a fix for the abovementioned bugs, and is a bugfix on
0.1.0.3-rc.
2011-12-21 11:19:41 -05:00
Nick Mathewson
d7531b2adc
duplicate changelog entry for 4531
2011-12-20 14:51:34 -05:00
Nick Mathewson
14127f226d
Merge remote-tracking branch 'asn-mytor/bug4531'
2011-12-20 14:40:16 -05:00
Nick Mathewson
26053bd7c9
Merge remote-tracking branch 'asn-mytor/bug4725_take2'
2011-12-20 14:28:31 -05:00
George Kadianakis
0cfdd88adb
Don't call tor_tls_set_logged_address till after checking conn->tls.
...
Fixes bug 4531.
2011-12-20 19:21:15 +01:00
Nick Mathewson
ba1766bc3f
Add explicit cast to make gcc happy
2011-12-20 11:19:57 -05:00
Nick Mathewson
4080ac9eee
Merge branch 'bug3825b-v8-squashed'
2011-12-20 11:15:49 -05:00
Robert Ransom
dae000735e
Adjust n_intro_points_wanted when a service's intro points are closed
2011-12-20 11:15:33 -05:00
Robert Ransom
46783eb6d7
Extract function to determine how many intros an intro point has handled
2011-12-20 11:15:31 -05:00
Nick Mathewson
ec18c8a06e
Merge branch 'haiku_port_rebase'
2011-12-19 11:29:29 -05:00
Nick Mathewson
9cabedd3eb
Explain why we are making gcc 3.3 work
2011-12-19 11:29:03 -05:00
Nick Mathewson
e535c8a460
Tweak the haiku-support patches
2011-12-19 11:27:08 -05:00
Martin Hebnes Pedersen
d5e964731c
Fixed build with GCC < 3.3
...
Preprocessor directives should not be put inside the arguments
of a macro. This is not supported on older GCC releases (< 3.3)
thus broke compilation on Haiku (running gcc2).
2011-12-19 11:27:08 -05:00
Martin Hebnes Pedersen
f783a326b8
-lm should not be hardcoded.
...
On some platforms (Haiku/BeOS) libm lives in libcore.
Also added 'network' to the list of libraries to search for connect().
2011-12-19 11:27:08 -05:00
George Kadianakis
d05bc02192
Add an informative header on the 'keys/dynamic_dh_params' file.
2011-12-19 16:06:22 +01:00
George Kadianakis
539cb627f7
Server transports should be instructed to bind on INADDR_ANY by default.
2011-12-18 13:21:58 +01:00
Nick Mathewson
e5e50d86ca
Ignore all bufferevent events on a marked connection
...
Bug 4697; fix on 0.2.3.1-alpha
2011-12-17 14:06:10 -05:00
Nick Mathewson
37504b5efa
Merge remote-tracking branch 'asn-mytor/bug4726'
2011-12-17 12:49:15 -05:00
Peter Palfrader
597e428df6
And a changes file for bug#4733
2011-12-17 12:21:56 -05:00
Peter Palfrader
f6b19ac79c
test_util_spawn_background_ok: fix expectation
...
test_util_spawn_background_ok() hardcoded the expected value
for ENOENT to 2. This isn't portable as error numbers are
platform specific, and particularly the hurd has ENOENT at
0x40000002.
Construct expected string at runtime, using the correct value
for ENOENT (closes : #4733 ).
2011-12-17 12:21:51 -05:00
Nick Mathewson
d37cb8f74a
Merge remote-tracking branch 'origin/maint-0.2.2'
2011-12-16 17:50:54 -05:00
Nick Mathewson
cefff11950
Merge remote-tracking branch 'sebastian/clang-3.0-fixes_022' into maint-0.2.2
2011-12-16 17:49:41 -05:00
Nick Mathewson
9df0bf7a40
Merge remote-tracking branch 'sebastian/clang-3.0-fixes_master'
2011-12-16 17:48:25 -05:00
Roger Dingledine
3ee5924d18
put the stable changelogs into master too
2011-12-16 12:52:58 -05:00
Roger Dingledine
41cb249b7f
retroactively reformat a little bit
2011-12-16 12:27:38 -05:00