Nick Mathewson
70c17134c7
Rate-limit the warnings as a client when asked to connect a private addr
...
Partial fix for ticket 2822.
2012-03-28 03:06:25 -04:00
Nick Mathewson
d20c6d2a37
Keep separate time-to-downloads for each consensus flavor
...
This is a fix for bug 4011, where if we have a recent ns consensus we
won't even try fetching a microdesc consensus. Fix on 0.2.3.1-alpha,
I believe.
2012-03-28 02:55:33 -04:00
Nick Mathewson
01905a6ef9
Excise PK_NO_PADDING entirely: Unpadded RSA is silly.
...
We never use it, so having it around is pointless.
Suggested by Sebastian
2012-03-27 22:38:06 -04:00
Nick Mathewson
55c3e29669
Use OpenSSL 1.0.1's EVP aes_ctr implementation when available
...
This should be really fast on Intel chips.
2012-03-27 22:38:06 -04:00
Nick Mathewson
de0dca0de7
Refactor the API for setting up a block cipher.
...
It allows us more flexibility on the backend if the user needs to
specify the key and IV at setup time.
2012-03-27 22:37:56 -04:00
Nick Mathewson
fc35674567
Changelog for torify changes
...
Also reinstate the part of the torify script that checks for torsocks
being installed, so that we can give a more useful message in case it
isn't.
2012-03-27 18:46:47 -04:00
Nick Mathewson
80b2756b53
Log statement to help track down bug4091
2012-03-27 18:28:39 -04:00
Nick Mathewson
342e753d31
Merge remote-tracking branch 'karsten/bug5053'
2012-03-27 11:22:32 -04:00
Sebastian Hahn
582f747049
Provide large enough buffer in test_util_sscanf()
...
This was causing crashes during unit test runs, as stack smashing
protections got triggered. Issue spotted by weasel
2012-03-27 15:16:22 +02:00
Roger Dingledine
de73e3692a
merge in the safecookie changelog entry too
2012-03-26 22:15:02 -04:00
Nick Mathewson
5a2d0fbe64
Merge remote-tracking branch 'origin/maint-0.2.2'
...
Conflicts:
src/or/control.c
2012-03-26 18:51:37 -04:00
Nick Mathewson
9740f067c4
Safe cookie authentication gets a changes file
2012-03-26 14:06:27 -04:00
Roger Dingledine
a5c78639ae
fold in latest changes entries
2012-03-25 23:19:44 -04:00
Sebastian Hahn
fe2b177cfb
Never disable debugger attachment for the unit tests
2012-03-22 12:50:44 +01:00
Christian Kujau
d95efdd860
Shorten links to law.cornell.edu for exit-note file
...
The links we have currently redirect to those new files now.
2012-03-20 11:36:16 +01:00
Roger Dingledine
4ade55ecb9
merge in the changes files so far
2012-03-14 23:54:26 -04:00
Roger Dingledine
12594f27db
Stop discarding command-line arguments when TestingTorNetwork is set
...
Discovered by Kevin Bauer. Fixes bug 5373; bugfix on 0.2.3.9-alpha,
where task 4552 added support for two layers of torrc files.
2012-03-14 02:40:04 -04:00
Nick Mathewson
fecb341d6b
Fix spelling of Esteban Manchado Velázquez.
2012-03-12 13:12:13 -04:00
George Kadianakis
aae570b493
Close fds on pipe() error in tor_spawn_background().
2012-03-12 12:41:29 -04:00
Nick Mathewson
ec1bc8a979
Use a given name in the bug5090 message, at its holder's request.
2012-03-09 14:50:46 -05:00
Nick Mathewson
9f88c1e14f
Merge remote-tracking branch 'origin/maint-0.2.2'
...
Conflicts:
src/or/circuitbuild.c
2012-03-09 14:30:12 -05:00
Nick Mathewson
99bd5400e8
Never choose a bridge as an exit. Bug 5342.
2012-03-09 14:27:50 -05:00
Nick Mathewson
d4526e1d4a
Merge remote-tracking branch 'origin/maint-0.2.2'
...
Conflicts:
src/or/routerlist.c
2012-03-09 13:57:32 -05:00
Nick Mathewson
a574f7f3fe
Merge branch 'bug5343' into maint-0.2.2
2012-03-09 13:54:04 -05:00
Nick Mathewson
c13dc5170f
Merge remote-tracking branch 'origin/maint-0.2.2'
2012-03-09 11:54:45 -05:00
Nick Mathewson
31f253ae6a
Oops; credit bug5090 patch to flupzor. estebanm only found the bug.
2012-03-09 11:54:27 -05:00
Nick Mathewson
be0535f00b
Correctly handle broken escape sequences in torrc values
...
Previously, malformatted torrc values could crash us.
Patch by Esteban Manchado. Fixes bug 5090; fix on 0.2.0.16-alpha.
2012-03-09 11:50:22 -05:00
Nick Mathewson
0f7e96038d
changes file for extra-tests branch
2012-03-08 21:16:46 -05:00
Nick Mathewson
ec8a06c5a1
Require a threshold of exit nodes before building circuits
...
This mitigates an attack proposed by wanoskarnet, in which all of a
client's bridges collude to restrict the exit nodes that the client
knows about. Fixes bug 5343.
2012-03-08 15:42:54 -05:00
Nick Mathewson
3fc3ed50a1
Merge remote-tracking branch 'public/bug4361'
...
Conflicts:
src/or/command.c
2012-03-08 14:23:52 -05:00
Nick Mathewson
5daa765bd1
Merge remote-tracking branch 'origin/maint-0.2.2'
2012-03-08 14:15:18 -05:00
Sebastian Hahn
fe50b676bc
Fix compile warnings in openbsd malloc
2012-03-08 19:28:59 +01:00
Nick Mathewson
57ed8fbbdd
Merge remote-tracking branch 'origin/maint-0.2.2'
2012-03-08 10:50:33 -05:00
Nick Mathewson
9d5d3a7fd4
Merge remote-tracking branch 'karsten/geoip-march2012' into maint-0.2.2
2012-03-08 10:50:03 -05:00
Karsten Loesing
c5d7ee714f
Update to the March 2012 GeoIP database.
2012-03-08 09:35:15 +01:00
Nick Mathewson
298e08132f
Merge remote-tracking branch 'public/bug4760'
2012-03-05 10:44:48 -05:00
Nick Mathewson
6a0d809f44
Merge remote-tracking branch 'sebastian/bug5231'
2012-02-29 15:16:15 -05:00
Roger Dingledine
406bc95271
Merge branch 'maint-0.2.2'
2012-02-29 13:23:23 -05:00
Roger Dingledine
e21756908f
new ip address for maatuska
2012-02-29 13:22:41 -05:00
Sebastian Hahn
2755b09c52
Don't cannibalize already cannibalized circuits
...
This ensures we don't build circuits that have 5 hops or more. Patch
contributed by wanoskarnet, thanks!
2012-02-25 17:59:21 +01:00
Daniel Bryg
f7e87f41f7
When not fetching v2 dir info, don't require it for cleaning descriptors
...
Bugfix on 0.2.2.26-beta, which introduced the idea of caches not
cacheing v2 info. Fixes bug 4838.
2012-02-23 13:59:37 -05:00
Nick Mathewson
eaedcba493
Merge branch 'bug5105-v2-squashed'
...
Conflicts:
src/or/transports.c
2012-02-17 11:50:10 -05:00
Robert Ransom
bf1ce3f53d
Rewrite managed proxy environment setup code
...
Now, the environment setup is entirely OS-independent, as well as less
hacky and brittle.
2012-02-17 11:42:20 -05:00
Nick Mathewson
3cdc46457f
Merge remote-tracking branch 'asn/bug4725_take2'
2012-02-16 15:22:15 -05:00
George Kadianakis
c79aa8f3ac
Add a belated changes file for #4725 .
2012-02-15 01:25:39 +02:00
Sebastian Hahn
19b4df0d46
Include compat.h from natpmp-helper to fix build
...
This means tor_socket_t is declared.
2012-02-14 23:36:39 +01:00
Nick Mathewson
077b9f19a4
If SOCK_CLOEXEC and friends fail, fall back to regular socket() calls
...
Since 0.2.3.1-alpha, we've supported the Linux extensions to socket(),
open(), socketpair(), and accept() that enable us to create an fd and
make it close-on-exec with a single syscall. This not only saves us a
syscall (big deal), but makes us less vulnerable to race conditions
where we open a socket and then exec before we can make it
close-on-exec.
But these extensions are not supported on all Linuxes: They were added
between 2.6.23 or so and 2.6.28 or so. If you were to build your Tor
against a recent Linux's kernel headers, and then run it with a older
kernel, you would find yourselve unable to open sockets. Ouch!
The solution here is that, when one of these syscalls fails with
EINVAL, we should try again in the portable way. This adds an extra
syscall in the case where we built with new headers and are running
with old ones, but it will at least allow Tor to work.
Fixes bug 5112; bugfix on 0.2.3.1-alpha.
2012-02-14 10:34:06 -05:00
Nick Mathewson
9efee31fae
Synchronize with upstream tinytest again: remove _identifiers
2012-02-13 17:45:15 -05:00
Nick Mathewson
3b47a11654
Synchronize with upstream tinytest.
...
The big change here is a patch (first added to Libevent by Ed Day)
to make sure that the CreateProcess forked-test trick works even
when the main test program is invoked without its .exe suffix.
2012-02-13 17:29:31 -05:00
Roger Dingledine
b08ba1cb6c
integrate recent changes files
2012-02-12 23:39:30 -05:00
Sebastian Hahn
9857ef0fb5
Properly set up environment for managed-mode obfsproxy
2012-02-12 23:39:58 -05:00
Nick Mathewson
01acce62b9
Add a changes file for bug5084
2012-02-12 23:32:31 -05:00
Nick Mathewson
4aa0aa0300
Merge remote-tracking branch 'origin/maint-0.2.2'
...
Conflicts:
src/common/Makefile.am
src/or/Makefile.am
2012-02-12 23:27:31 -05:00
Nick Mathewson
b3abf15342
Fix --enable-static-tor on OpenBSD
...
Previously we'd been using "we have clock_gettime()" as a proxy for
"we need -lrt to link a static libevent". But that's not really
accurate: we should only add -lrt if searching for clock_gettime
function adds -lrt to our libraries.
2012-02-12 19:54:13 -05:00
Robert Ransom
0e9663d439
Fix bug #5097 : remove bogus envvar from managed proxies' environment
2012-02-12 19:12:51 -05:00
Roger Dingledine
db23aec6f2
fold in changes for 0.2.3.12-alpha
2012-02-11 22:14:59 -05:00
Sebastian Hahn
8ce6722d76
Properly protect paths to sed, sha1sum, openssl
...
in Makefile.am, we used it without quoting it, causing build failure if
your openssl/sed/sha1sum happened to live in a directory with a space in
it (very common on windows)
2012-02-10 20:12:03 +01:00
Nick Mathewson
64523609c9
Merge remote-tracking branch 'origin/maint-0.2.2'
2012-02-10 12:03:46 -05:00
Nick Mathewson
c8b855082b
Downgrade "missing a certificate" from notice to info
...
It was apparently getting mistaken for a problem, even though it was
at notice.
Fixes 5067; fix on 0.2.0.10-alpha.
2012-02-10 12:01:56 -05:00
Nick Mathewson
34b9bc2829
Add a changes file for bug 5066.
...
(It appeared in 0.2.3.11-alpha, but never in a released 0.2.2 afaict)
2012-02-10 10:57:57 -05:00
Karsten Loesing
4aca55efd2
Count IPv6 connections in bridge and entry stats.
2012-02-09 11:12:30 +01:00
Roger Dingledine
ef0bc7f8f2
Merge branch 'maint-0.2.2'
2012-02-09 04:21:20 -05:00
Roger Dingledine
a70ff4b2cb
Merge branch 'maint-0.2.1' into maint-0.2.2
2012-02-09 04:21:08 -05:00
Roger Dingledine
929ebde2b9
Merge branch 'maint-0.2.2'
2012-02-09 04:02:18 -05:00
Roger Dingledine
85c539009a
Revert "add a "docs" to the manual URI as listed in torrc.sample.in"
...
This reverts commit 55e8cae815
.
The conversation from irc:
> weasel: i had intended to leave torrc.sample.in alone in maint-0.2.2,
since i don't want to make all your stable users have to deal with
a torrc change. but nickm changed it. is it in fact the case that a
change in that file means a change in the deb?
<weasel> it means you'll prompt every single user who ever touched
their torrc
<weasel> and they will be asked if they like your new version better
than what they have right now
<weasel> so it's not great
Instead I changed the website to redirect requests for the tor-manual
URL listed in maint-0.2.2's torrc.sample.in so the link will still work.
2012-02-09 03:57:04 -05:00
Karsten Loesing
4180624a7d
Update to the February 2012 GeoIP database.
2012-02-09 09:16:24 +01:00
Nick Mathewson
ca431c5400
Merge remote-tracking branch 'origin/maint-0.2.2'
2012-02-08 10:52:34 -05:00
Nick Mathewson
55e8cae815
add a "docs" to the manual URI as listed in torrc.sample.in
2012-02-08 10:52:05 -05:00
Sebastian Hahn
332e96d109
Fix fencepost error with HearbeatPeriod option
...
We'd only log every HeartbeatPeriod + 1 seconds. Discovered by Scott
Bennett, reported as bug 4942.
2012-02-08 04:44:15 -05:00
Roger Dingledine
9bcf315e9b
Update sample torrc file for 0.2.3.x
...
Fix broken URLs.
Tell readers about the OutboundBindAddress, ExitPolicyRejectPrivate,
and PublishServerDescriptor options.
2012-02-08 04:40:26 -05:00
Roger Dingledine
92862c6d48
Merge branch 'maint-0.2.2'
2012-02-02 02:32:44 -05:00
Roger Dingledine
688903e919
Update "ClientOnly" man page entry
...
There isn't really any point to messing with it. Resolves ticket 5005.
2012-02-02 02:31:28 -05:00
Nick Mathewson
dd68d596cd
Set IPV6_V6ONLY on listener sockets bound to IPv6 addresses.
...
If we don't do this, [::] can be interpreted to mean all v4 and all
v6 addresses. Found by dcf. Fixes bug 4760. See RFC 3493 section
5.3 for more info.
2012-01-31 16:09:49 -05:00
Nick Mathewson
79a80c88ee
Fix straggling MS_WINDOWS issues; add a changes file
...
There was one MS_WINDOWS that remained because it wasn't on a macro
line; a few remaining uses (and the definition!) in configure.in;
and a now-nonsensical stanza of eventdns_tor.h that previously
defined 'WIN32' if it didn't exist.
2012-01-31 15:48:47 -05:00
Nick Mathewson
2305454327
Merge remote-tracking branch 'arma/bug4013'
2012-01-31 11:25:29 -05:00
Nick Mathewson
48424772aa
Actually enable the windows absolute-path code
...
Checking for "WINDOWS" is wrong; our magic macro is MS_WINDOWS
Fixes bug 4973; bugfix on 0.2.3.11-alpha.
2012-01-31 10:42:41 -05:00
Nick Mathewson
2b29c8f48f
Merge remote-tracking branch 'sebastian/osx_deadstrip'
2012-01-27 11:49:34 -05:00
Roger Dingledine
a0f0897795
Allow 0.2.3.x clients to use 0.2.2.x bridges.
...
Previously the client would ask the bridge for microdescriptors, which are
only supported in 0.2.3.x and later, and then fail to bootstrap when it
didn't get the answers it wanted. Fixes bug 4013; bugfix on 0.2.3.2-alpha.
The fix here is to revert to using normal descriptors if any of our
bridges are known to not support microdescs. This is not ideal, a) because
we'll start downloading a microdesc consensus as soon as we get a bridge
descriptor, and that will waste time if we later get a bridge descriptor
that tells us we don't like microdescriptors; and b) by changing our mind
we're leaking to our other bridges that we have an old-version bridge.
The alternate fix would have been to change
we_use_microdescriptors_for_circuits() to ask if *any* of our bridges
can support microdescriptors, and then change the directory logic that
picks a bridge to only select from those that do. For people living in
the future, where 0.2.2.x is obsolete, there won't be a difference.
Note that in either of these potential fixes, we have risk of oscillation
if our one funny-looking bridges goes away / comes back.
2012-01-25 18:54:59 -05:00
Roger Dingledine
247a21379a
set SO_REUSEADDR before we bind, not after
...
resolves bug 4950 (fixes a bug on commit aba7bb705a
from #2850 )
2012-01-23 15:54:02 -05:00
Roger Dingledine
110a953156
fold in recent changelog entries
2012-01-22 00:15:45 -05:00
Sebastian Hahn
1f5c5624f4
Use dead_strip to reduce binary size on OS X
...
This option seems to be supported all the way back to at least 10.4, so
enabling it for OS X in general should be fine. If not, someone will
yell.
With no libs statically linked, that's a 3% win in binary size, with
just libevent linked statically, this gives us an advantage of 5% in
terms of binary size, and with libevent and openssl statically linked,
we gain over 18% or over 500KB.
Implements ticket 2915.
2012-01-20 23:30:53 +01:00
Nick Mathewson
26e789fbfd
Rename nonconformant identifiers.
...
Fixes bug 4893.
These changes are pure mechanical, and were generated with this
perl script:
/usr/bin/perl -w -i.bak -p
s/crypto_pk_env_t/crypto_pk_t/g;
s/crypto_dh_env_t/crypto_dh_t/g;
s/crypto_cipher_env_t/crypto_cipher_t/g;
s/crypto_digest_env_t/crypto_digest_t/g;
s/aes_free_cipher/aes_cipher_free/g;
s/crypto_free_cipher_env/crypto_cipher_free/g;
s/crypto_free_digest_env/crypto_digest_free/g;
s/crypto_free_pk_env/crypto_pk_free/g;
s/_crypto_dh_env_get_dh/_crypto_dh_get_dh/g;
s/_crypto_new_pk_env_rsa/_crypto_new_pk_from_rsa/g;
s/_crypto_pk_env_get_evp_pkey/_crypto_pk_get_evp_pkey/g;
s/_crypto_pk_env_get_rsa/_crypto_pk_get_rsa/g;
s/crypto_new_cipher_env/crypto_cipher_new/g;
s/crypto_new_digest_env/crypto_digest_new/g;
s/crypto_new_digest256_env/crypto_digest256_new/g;
s/crypto_new_pk_env/crypto_pk_new/g;
s/crypto_create_crypto_env/crypto_cipher_new/g;
s/connection_create_listener/connection_listener_new/g;
s/smartlist_create/smartlist_new/g;
s/transport_create/transport_new/g;
2012-01-18 15:53:30 -05:00
Nick Mathewson
d1b40cf2e7
Merge remote-tracking branch 'public/bug4533_part1'
...
Conflicts:
src/common/compat.h
2012-01-18 15:33:04 -05:00
Nick Mathewson
1772782e42
Merge remote-tracking branch 'origin/maint-0.2.2'
2012-01-18 15:29:41 -05:00
Nick Mathewson
6d595fa4cf
Merge remote-tracking branch 'public/bug4533_part2' into maint-0.2.2
2012-01-18 15:29:25 -05:00
Nick Mathewson
b14ac10b7f
Add missing documentation for some options introduced in 0.2.3.x
2012-01-18 14:50:13 -05:00
Nick Mathewson
93d3a917e8
Merge remote-tracking branch 'origin/maint-0.2.2'
2012-01-18 14:45:18 -05:00
Nick Mathewson
676bba8e0c
Documentation for GiveGuardFlagTo... option
2012-01-18 14:44:29 -05:00
Nick Mathewson
ee717f35c4
Use tor_socket_t, not unsigned, in tor-fw-helper-natmp.c
2012-01-18 13:14:44 -05:00
Nick Mathewson
dd4b1a2ac6
Fix SOCKET_OK test on win64.
...
Bugfix on 0.2.2.29-beta; partial fix for 4533; found by wanoskarnet
2012-01-18 10:48:29 -05:00
Nick Mathewson
dea0720dad
Warn if sizeof(tor_socket_t) != sizeof(SOCKET)
2012-01-17 16:38:47 -05:00
Nick Mathewson
6e8c2a3e46
Use SOCKET_OK macros in even more places
...
Add a TOR_INVALID_SOCKET macro to wrap -1/INVALID_SOCKET.
Partial work for bug4533.
2012-01-17 16:35:07 -05:00
Nick Mathewson
875a54dad3
Merge remote-tracking branch 'public/bug3325'
2012-01-16 15:10:38 -05:00
Nick Mathewson
5579bc0eaf
whitespace fixes
2012-01-16 15:07:47 -05:00
Nick Mathewson
cc02823d7f
Convert instances of tor_snprintf+strdup into tor_asprintf
...
These were found by looking for tor_snprintf() instances that were
followed closely by tor_strdup(), though I probably converted some
other snprintfs as well.
2012-01-16 15:03:13 -05:00
Nick Mathewson
edcc9981d8
Try to use smartlist_add_asprintf consistently
...
(To ensure correctness, in every case, make sure that the temporary
variable is deleted, renamed, or lowered in scope, so we can't have
any bugs related to accidentally relying on the no-longer-filled
variable.)
2012-01-16 15:02:51 -05:00
Nick Mathewson
125fba2e99
Provide consensus params to constrain the threshold for Fast
...
resolves ticket 3946
2012-01-16 14:50:13 -05:00
Nick Mathewson
938531773a
Allow authorities to baddir/badexit/invalid/reject nodes by cc
...
Implements ticket #4207
2012-01-13 12:28:47 -05:00
Nick Mathewson
2cddd1d69f
Move logging of bad hostnames into parse_extended_hostname
...
This fixes bug 3325, where a bad .exit would get logged as a bad .onion
2012-01-11 15:56:14 -05:00
Nick Mathewson
411cf8f714
Make openssl 0.9.8l log message accurate
...
fixes 4837
2012-01-11 15:41:46 -05:00
Nick Mathewson
f729e1e984
Merge branch 'feature3457-v4-nm-squashed'
...
Conflicts:
src/or/rendclient.c
2012-01-11 12:10:14 -05:00
Nick Mathewson
5e9d349979
Merge remote-tracking branch 'public/bug4650_nm_squashed'
2012-01-10 17:59:49 -05:00
Nick Mathewson
eefe8857c2
changes file for bug4746
2012-01-10 16:53:27 -05:00
Nick Mathewson
8d74fba651
Merge branch 'absolute_cookie_file'
2012-01-10 15:00:02 -05:00
Nick Mathewson
3085b76a09
changes file for #4881
2012-01-10 14:59:49 -05:00
Nick Mathewson
d29a390733
Test for broken counter-mode at runtime
...
To solve bug 4779, we want to avoid OpenSSL 1.0.0's counter mode.
But Fedora (and maybe others) lie about the actual OpenSSL version,
so we can't trust the header to tell us if it's safe.
Instead, let's do a run-time test to see whether it's safe, and if
not, use our built-in version.
fermenthor contributed a pretty essential fixup to this patch. Thanks!
2012-01-10 11:15:35 -05:00
Nick Mathewson
5741aef3dc
We no longer need to detect openssl without RAND_poll()
...
We require openssl 0.9.7 or later, and RAND_poll() was first added in
openssl 0.9.6.
2012-01-10 10:40:31 -05:00
Nick Mathewson
85c7d7659e
Add macros to construct openssl version numbers
...
It's a pain to convert 0x0090813f to and from 0.9.8s-release on the
fly, so these macros should help.
2012-01-10 10:40:30 -05:00
Sebastian Hahn
6b9298ef72
Log which votes we still need to fetch
...
This might help us see which authorities are problematic in getting
their vote published the first time.
2012-01-10 16:13:30 +01:00
Sebastian Hahn
50a50392b7
Advertise dirport if accountingmax is large enough
...
When we have an effective bandwidthrate configured so that we cannot
exceed our bandwidth limit in one accounting interval, don't disable
advertising the dirport. Implements ticket 2434.
2012-01-10 09:59:36 -05:00
Nick Mathewson
489db38229
Revise bug4413 changes file
2012-01-09 19:18:48 -05:00
Stephen Palmateer
3fadc074ca
Remove (untriggerable) overflow in crypto_random_hostname()
...
Fixes bug 4413; bugfix on xxxx.
Hostname components cannot be larger than 63 characters.
This simple check makes certain randlen cannot overflow rand_bytes_len.
2012-01-09 19:05:05 -05:00
Nick Mathewson
838ec086be
Merge remote-tracking branch 'origin/maint-0.2.2'
2012-01-09 12:22:29 -05:00
Nick Mathewson
6fd61cf767
Fix a trivial log message error in renservice.c
...
Fixes bug 4856; bugfix on 0.0.6
This bug was introduced in 79fc5217
, back in 2004.
2012-01-09 12:21:04 -05:00
Roger Dingledine
36721e940d
fold in some new changelog stanzas
2012-01-07 07:42:07 -05:00
Nick Mathewson
37c90319e2
Add a changes file for bug4563
2012-01-06 11:42:00 -05:00
Nick Mathewson
ef69f2f2ab
Merge remote-tracking branch 'origin/maint-0.2.2'
2012-01-05 14:17:44 -05:00
Nick Mathewson
ccd8289958
Merge remote-tracking branch 'origin/maint-0.2.1' into maint-0.2.2
2012-01-05 14:16:30 -05:00
Nick Mathewson
0a00678e56
Add a changes file for bug4822
2012-01-05 12:28:55 -05:00
Roger Dingledine
9bfb8af265
Merge branch 'maint-0.2.2'
2012-01-05 06:55:34 -05:00
Roger Dingledine
a1074c7aa2
Merge branch 'maint-0.2.1' into maint-0.2.2
2012-01-05 06:45:28 -05:00
Roger Dingledine
df17b62d54
add a changes file for ticket 4825
2012-01-05 06:42:26 -05:00
Nick Mathewson
ff282a1126
changes file for bug4650
2012-01-04 15:12:02 -05:00
Nick Mathewson
65420e4cb5
Merge remote-tracking branch 'rransom-tor/bug1297b-v2'
2012-01-04 13:50:24 -05:00
Nick Mathewson
47b7a27929
Merge remote-tracking branch 'origin/maint-0.2.2'
2012-01-03 13:22:34 -05:00
Sebastian Hahn
d861b4cc9d
Fix spelling in a controlsocket log msg
...
Fixes bug 4803.
2011-12-30 23:27:02 +01:00
Nick Mathewson
bfae41328e
Merge remote-tracking branch 'origin/maint-0.2.2'
2011-12-28 16:52:31 -05:00
Nick Mathewson
84bf8e3808
Merge remote-tracking branch 'public/bug4788' into maint-0.2.2
2011-12-28 16:50:45 -05:00
Nick Mathewson
f71d63ec9d
changes file for bug1827
2011-12-28 16:40:15 -05:00
Nick Mathewson
e3a6493898
Merge remote-tracking branch 'origin/maint-0.2.2'
2011-12-28 15:57:48 -05:00
Nick Mathewson
c563551eef
Merge remote-tracking branch 'origin/maint-0.2.1' into maint-0.2.2
2011-12-28 15:56:37 -05:00
Nick Mathewson
120a745346
Bug 4786 fix: don't convert EARLY to RELAY on v1 connections
...
We used to do this as a workaround for older Tors, but now it's never
the correct thing to do (especially since anything that didn't
understand RELAY_EARLY is now deprecated hard).
2011-12-28 15:54:06 -05:00
Robert Ransom
2b189a222b
Don't exit when marking a newly created _C_INTRODUCING circ for close
2011-12-28 09:02:14 -08:00
Nick Mathewson
9bcb187387
Authorities reject insecure Tors.
...
This patch should make us reject every Tor that was vulnerable to
CVE-2011-0427. Additionally, it makes us reject every Tor that couldn't
handle RELAY_EARLY cells, which helps with proposal 110 (#4339 ).
2011-12-27 21:47:04 -05:00
Nick Mathewson
78f43c5d03
Require openssl 1.0.0a for using openssl's ctr-mode implementation
...
Previously we required 1.0.0, but there was a bug in the 1.0.0 counter
mode. Found by Pascal. Fixes bug 4779.
A more elegant solution would be good here if somebody has time to code
one.
2011-12-27 20:31:23 -05:00
Robert Ransom
836161c560
Add an option to close HS service-side rend circs on timeout
2011-12-27 08:02:43 -08:00
Robert Ransom
f88c8ca8c9
Don't close HS service-side rend circs on timeout
2011-12-27 08:02:43 -08:00
Robert Ransom
078e3e9dd5
Add an option to close 'almost-connected' HS client circs on timeout
2011-12-27 08:02:43 -08:00
Robert Ransom
4b13c33c0c
Don't close HS client circs which are 'almost connected' on timeout
2011-12-27 08:02:42 -08:00
Nick Mathewson
85d7811456
Merge remote-tracking branch 'origin/maint-0.2.2'
2011-12-26 17:58:51 -05:00
Roger Dingledine
3aade2fab7
Merge remote-tracking branch 'nickm/prop110_v2'
2011-12-25 17:43:09 -05:00
Sebastian Hahn
da876aec63
Provide correct timeradd/timersup replacements
...
Bug caught and patch provided by Vektor. Fixes bug 4778.t
2011-12-25 23:19:08 +01:00
Robert Ransom
4c3a23b283
Look up the rend circ whose INTRODUCE1 is being ACKed correctly
...
This change cannibalizes circuit_get_by_rend_query_and_purpose because it
had exactly one caller.
2011-12-22 23:46:09 -08:00
Nick Mathewson
7cb804343b
Merge remote-tracking branch 'rransom/feature2411-v4'
2011-12-22 10:51:39 -05:00
Nick Mathewson
782b7f49d8
Fix bug2571: warn on EntryNodes set and UseEntryGuards disabled
2011-12-22 10:31:52 -05:00
Nick Mathewson
e0651bb108
Changes file for bug1101
2011-12-22 10:20:38 -05:00
Nick Mathewson
0187bd8728
Implement the last of proposal 110
...
Reject all EXTEND requests not received in a relay_early cell
2011-12-22 09:51:59 -05:00
Nick Mathewson
878a684386
Merge remote-tracking branch 'public/bug4697'
2011-12-22 09:45:26 -05:00
Nick Mathewson
f75660958c
Merge remote-tracking branch 'origin/maint-0.2.2'
2011-12-21 11:20:56 -05:00
Nick Mathewson
b5e6bbc01d
Do not even try to keep going on a socket with socklen==0
...
Back in #1240 , r1eo linked to information about how this could happen
with older Linux kernels in response to nmap. Bugs #4545 and #4547
are about how our approach to trying to deal with this condition was
broken and stupid. Thanks to wanoskarnet for reminding us about #1240 .
This is a fix for the abovementioned bugs, and is a bugfix on
0.1.0.3-rc.
2011-12-21 11:19:41 -05:00