Commit Graph

3771 Commits

Author SHA1 Message Date
Nick Mathewson
4da2f89f95 Merge remote-tracking branch 'origin/maint-0.2.7' 2015-10-09 10:18:42 -04:00
Nick Mathewson
7c3f210e70 Merge remote-tracking branch 'origin/maint-0.2.6' into maint-0.2.7 2015-10-09 10:14:59 -04:00
Nick Mathewson
552136668c Merge remote-tracking branch 'origin/maint-0.2.5' into maint-0.2.6 2015-10-09 10:14:46 -04:00
Nick Mathewson
3569cffe14 Merge remote-tracking branch 'origin/maint-0.2.4' into maint-0.2.5 2015-10-09 10:12:59 -04:00
Karsten Loesing
62b02a1941 Update geoip and geoip6 to the October 9 2015 database. 2015-10-09 15:27:55 +02:00
Nick Mathewson
cd14405a43 Merge remote-tracking branch 'origin/maint-0.2.7' 2015-10-07 15:21:23 -04:00
teor (Tim Wilson-Brown)
c464a36772 Make get_ifaddrs tests more tolerant of unusual network configs
* Don't assume that every test box has an IPv4 address
* Don't assume that every test box has a non-local address

Resolves issue #17255 released in unit tests in 0.2.7.3-rc.
2015-10-07 15:20:31 -04:00
Nick Mathewson
4e34ef87a4 changes file for 17078 2015-10-07 09:34:49 -04:00
Nick Mathewson
aaa27b995c changes file for #16563 2015-10-06 11:02:55 -04:00
Nick Mathewson
bfd9dccdb8 Merge remote-tracking branch 'origin/maint-0.2.7' 2015-10-06 09:06:57 -04:00
Nick Mathewson
1eb838b303 Work around openssl declaring x509_get_not{Before,After} as functions
Now that x509_get_not{Before,After} are functions in OpenSSL 1.1
(not yet releasesd), we need to define a variant that takes a const
pointer to X509 and returns a const pointer to ASN1_time.

Part of 17237. I'm not convinced this is an openssl bug or a tor
bug. It might be just one of those things.
2015-10-06 09:04:37 -04:00
Nick Mathewson
f7ce93d979 Fix 17251: avoid integer overflow in test_crypto_slow 2015-10-06 08:58:03 -04:00
Nick Mathewson
92c436ccbc Fix warnings. 2015-10-02 15:12:04 +02:00
Nick Mathewson
7bd2247483 changes file for 17082 2015-10-02 14:35:16 +02:00
Nick Mathewson
67182226f1 Merge remote-tracking branch 'teor/warn-when-time-goes-backwards' 2015-10-02 13:56:28 +02:00
Nick Mathewson
488e9a0502 Merge remote-tracking branch 'teor/routerset-parse-IPv6-literals'
(Minor conflicts)
2015-10-02 13:54:20 +02:00
Nick Mathewson
0b3190d4b7 Merge remote-tracking branch 'donncha/feature14846_4' 2015-10-02 13:40:26 +02:00
Nick Mathewson
3b09322c9b Merge remote-tracking branch 'sebastian/bug17026' 2015-10-02 13:15:36 +02:00
Nick Mathewson
ac8c5ec67a Clean up compat_libevent tests 2015-10-02 13:13:58 +02:00
Peter Palfrader
1cf0d82280 Add SyslogIdentityTag
When logging to syslog, allow a tag to be added to the syslog identity
("Tor"), i.e. the string prepended to every log message.  The tag can be
configured by setting SyslogIdentityTag and defaults to none.  Setting
it to "foo" will cause logs to be tagged as "Tor-foo".  Closes: #17194.
2015-09-30 18:34:15 +02:00
teor (Tim Wilson-Brown)
cd279ca7f5 Warn when the system clock is set back in time
Warn when the state file was last written in the future.
Tor doesn't know that consensuses have expired if the clock is in the past.

Patch by "teor". Implements ticket #17188.
2015-09-30 13:33:56 +02:00
Nick Mathewson
87dee5c651 Socks->SOCKS in torrcs. Fixes 15609 2015-09-29 10:20:31 +02:00
teor (Tim Wilson-Brown)
7fa102b487 Add checks and unit tests for get_interface_address* failure
Ensure that either a valid address is returned in address pointers,
or that the address data is zeroed on error.

Ensure that free_interface_address6_list handles NULL lists.

Add unit tests for get_interface_address* failure cases.

Fixes bug #17173.
Patch by fk/teor, not in any released version of tor.
2015-09-29 10:17:05 +02:00
Nick Mathewson
216a9f7aec Changes file for bug17154 2015-09-29 10:10:52 +02:00
Nick Mathewson
546d70dc7c Add changes file for bug17151 2015-09-29 10:08:02 +02:00
Nick Mathewson
2a902ae525 fold 17148 into changelog 2015-09-24 15:31:50 -04:00
Nick Mathewson
eb2188168e Stop trying to generate test scripts via autoconf substitution.
Use environment variables instead. This repairs 'make distcheck',
which was running into trouble when it tried to chmod the generated
scripts.

Fixes 17148.
2015-09-24 15:07:39 -04:00
Nick Mathewson
458ccd38dd fold 17135 into changelog 2015-09-24 11:56:00 -04:00
Nick Mathewson
a395d1aa46 Merge branch 'underpinning_squashed' 2015-09-24 11:29:14 -04:00
Nick Mathewson
51d18aeb42 changes file and manpage entry for AuthDirPinKeys 2015-09-24 11:29:05 -04:00
Nick Mathewson
2d139f77d7 Fold new entries into changelog 2015-09-24 11:00:30 -04:00
Nick Mathewson
09e272eb1e Merge remote-tracking branch 'origin/maint-0.2.6' 2015-09-24 10:06:36 -04:00
Nick Mathewson
fb5a858a35 Merge remote-tracking branch 'origin/maint-0.2.5' into maint-0.2.6 2015-09-24 10:06:15 -04:00
Nick Mathewson
809217e6f3 Merge remote-tracking branch 'origin/maint-0.2.4' into maint-0.2.5 2015-09-24 10:06:00 -04:00
Karsten Loesing
8b3e0b7729 Update geoip and geoip6 to the September 3 2015 database. 2015-09-24 15:08:15 +02:00
Nick Mathewson
df0b4f0342 Merge branch 'feature16769_squashed' 2015-09-22 09:26:30 -04:00
Nick Mathewson
8234fa0053 Remove --master-key form the changes file 2015-09-22 09:24:35 -04:00
Nick Mathewson
bca4211de5 Add a --master-key option
This lets the user override the default location for the master key
when used with --keygen

Part of 16769.
2015-09-22 09:24:35 -04:00
Nick Mathewson
d8f031aec2 Add a new --newpass option to add or remove secret key passphrases. 2015-09-22 09:24:35 -04:00
Nick Mathewson
e94ef30a2f Merge branch 'feature16944_v2' 2015-09-22 09:19:28 -04:00
Nick Mathewson
99f94feb6a Merge branch 'bug17109_v2_squashed' 2015-09-22 08:36:39 -04:00
Sebastian Hahn
ae98dd255b Check that openssl has ECC support during configure
This allows builds on machines with a crippled openssl to fail early
during configure. Bugfix on 0.2.7.1-alpha, which introduced the
requirement for ECC support. Fixes bug 17109.
2015-09-22 08:36:28 -04:00
teor (Tim Wilson-Brown)
249e82c906 Update docs with advice for separate IPv4 and IPv6 exit policies
Advise users how to configure separate IPv4 and IPv6 exit
policies in the manpage and sample torrcs.

Related to fixes in ticket #16069 and #17027. Patch by "teor".
Patch on 2eb7eafc9d and a96c0affcb (25 Oct 2012),
released in 0.2.4.7-alpha.
2015-09-22 11:41:16 +10:00
Nick Mathewson
d27534eeb5 fold new entries into changelog for 0.2.7.3 2015-09-21 13:58:20 -04:00
Nick Mathewson
c84f3c9177 Merge remote-tracking branch 'public/bug17047' 2015-09-16 08:46:13 -04:00
teor (Tim Wilson-Brown)
a659a3fced Merge branch 'bug17027-reject-private-all-interfaces-v2' into bug16069-bug17027
src/test/test_policy.c:
Merged calls to policies_parse_exit_policy by adding additional arguments.
fixup to remaining instance of ~EXIT_POLICY_IPV6_ENABLED.
Compacting logic test now produces previous list length of 4, corrected this.

src/config/torrc.sample.in:
src/config/torrc.minimal.in-staging:
Merged torrc modification dates in favour of latest.
2015-09-16 09:09:54 +10:00
teor (Tim Wilson-Brown)
098b82c7b2 ExitPolicyRejectPrivate rejects local IPv6 address and interface addresses
ExitPolicyRejectPrivate now rejects more local addresses by default:
 * the relay's published IPv6 address (if any), and
 * any publicly routable IPv4 or IPv6 addresses on any local interfaces.

This resolves a security issue for IPv6 Exits and multihomed Exits that
trust connections originating from localhost.

Resolves ticket 17027. Patch by "teor".
Patch on 42b8fb5a15 (11 Nov 2007), released in 0.2.0.11-alpha.
2015-09-16 02:56:50 +10:00
teor (Tim Wilson-Brown)
d3358a0a05 ExitPolicy accept6/reject6 produces IPv6 wildcard addresses only
In previous versions of Tor, ExitPolicy accept6/reject6 * produced
policy entries for IPv4 and IPv6 wildcard addresses.

To reduce operator confusion, change accept6/reject6 * to only produce
an IPv6 wildcard address.

Resolves bug #16069.

Patch on 2eb7eafc9d and a96c0affcb (25 Oct 2012),
released in 0.2.4.7-alpha.
2015-09-16 00:13:12 +10:00
teor (Tim Wilson-Brown)
36ad8d8fdc Warn about redundant torrc ExitPolicy lines due to accept/reject *:*
Tor now warns when ExitPolicy lines occur after accept/reject *:*
or variants. These lines are redundant, and were always ignored.

Partial fix for ticket 16069. Patch by "teor".
Patch on 2eb7eafc9d and a96c0affcb (25 Oct 2012),
released in 0.2.4.7-alpha.
2015-09-16 00:13:12 +10:00
teor (Tim Wilson-Brown)
e033d5e90b Ignore accept6/reject6 IPv4, warn about unexpected rule outcomes
When parsing torrc ExitPolicies, we now warn if:
  * an IPv4 address is used on an accept6 or reject6 line. The line is
    ignored, but the rest of the policy items in the list are used.
    (accept/reject continue to allow both IPv4 and IPv6 addresses in torrcs.)
  * a "private" address alias is used on an accept6 or reject6 line.
    The line filters both IPv4 and IPv6 private addresses, disregarding
    the 6 in accept6/reject6.

When parsing torrc ExitPolicies, we now issue an info-level message:
  * when expanding an accept/reject * line to include both IPv4 and IPv6
    wildcard addresses.

In each instance, usage advice is provided to avoid the message.

Partial fix for ticket 16069. Patch by "teor".
Patch on 2eb7eafc9d and a96c0affcb (25 Oct 2012),
released in 0.2.4.7-alpha.
2015-09-16 00:13:03 +10:00