Commit Graph

4796 Commits

Author SHA1 Message Date
Nick Mathewson
0ef5b8de74 Remove changes files got merged in 0.2.9.6-rc and earlier
These won't appear in the 0.3.0.1-alpha changelog, so we don't want
to keep them around here.

List generated with ./scripts/maint/findMergedChanges.pl
2016-12-02 11:26:41 -05:00
Nick Mathewson
e317a9cb7c Merge branch 'bug20599_030_v4' 2016-12-02 07:47:32 -05:00
overcaffeinated
3b6da3f90c Fix memory leak in bug 20716
newconn->address is strdup'ed twice when new_type == CONN_TYPE_AP
and conn->socket_family == AF_UNIX. Whilst here, juggle code to
make sure newconn->port is assigned from an initialised value in
the above case.
2016-12-01 10:14:42 -05:00
Nick Mathewson
fc47cc3ed9 Merge branch 'maint-0.2.9' 2016-12-01 10:06:17 -05:00
Nick Mathewson
52cb1edda6 Merge branch 'maint-0.2.8' into maint-0.2.9 2016-12-01 10:05:44 -05:00
teor
b917b3875e Stop ignoring misconfigured hidden services
Instead, refuse to start tor until the misconfigurations have been corrected.

Fixes bug 20559; bugfix on multiple commits in 0.2.7.1-alpha and earlier.
2016-12-01 09:51:33 -05:00
Nick Mathewson
5efbd41daa Merge branch 'maint-0.2.9' 2016-12-01 09:50:17 -05:00
Nick Mathewson
f8a7972b29 Merge branch 'bug20638_029_v2_squashed' into maint-0.2.9 2016-12-01 09:45:14 -05:00
teor
f80a43d16f Stop ignoring hidden service key anonymity when first starting tor
Instead, refuse to start tor if any hidden service key has been used in
a different hidden service anonymity mode.

Fixes bug 20638; bugfix on 17178 in 0.2.9.3-alpha; reported by ahf.

The original single onion service poisoning code checked poisoning state
in options_validate, and poisoned in options_act. This was problematic,
because the global array of hidden services had not been populated in
options_validate (and there were ordrering issues with hidden service
directory creation).

This patch fixes this issue in rend_service_check_dir_and_add, which:
* creates the directory, or checks permissions on an existing directory, then
* checks the poisoning state of the directory, then
* poisons the directory.

When validating, only the permissions checks and the poisoning state checks
are perfomed (the directory is not modified).
2016-12-01 09:44:53 -05:00
teor
04f7944891
Stop discarding downloaded full descriptors when using microdescs for circuits
This affects clients with FetchUselessDescriptors 1.

It might also cause subtle bugs on directory mirrors and authorities,
causing them to consider all full descriptors as failed or old.
2016-11-30 12:20:28 +11:00
teor
24e293c3c6
Man page update and changes file for 20667 2016-11-30 11:18:38 +11:00
Chelsea H. Komlo
1ca777474b
adds changes file 2016-11-24 12:15:00 -05:00
Chelsea H. Komlo
118bba7622
Refactor to remove unnecessary check in circuit_is_available_for_use 2016-11-24 08:12:33 -05:00
Chelsea H. Komlo
cfb8363da9
extract magic numbers in circuituse.c 2016-11-24 08:12:32 -05:00
Chelsea H. Komlo
afb6ae7b0f
Refactor circuit_predict_and_launch_new 2016-11-24 08:12:30 -05:00
Chelsea H. Komlo
b95998ef0c
moving useful test helper to test_helpers.h 2016-11-24 08:12:27 -05:00
Nick Mathewson
16fcbd21c9 Try to work around breakage in the OSX 10.12 SDK.
Apple is supposed to decorate their function declarations with
macros to indicate which OSX version introduced them, so that you
can tell the compiler that you want to build against certain
versions of OSX.  But they forgot to do that for clock_gettime() and
getentropy(), both of which they introduced in 10.12.

This patch adds a kludge to the configure.ac script where, if we
detect that we are targeting OSX 10.11 or earlier, we don't even probe
to see if the two offending functions are present.

Closes ticket 20235.
2016-11-22 19:24:13 -05:00
Nick Mathewson
4614f8e681 Merge remote-tracking branch 'teor/fix-mingw-pagesize' 2016-11-22 18:29:50 -05:00
Nick Mathewson
c35d481f56 Merge branch 'maint-0.2.9' 2016-11-21 12:44:21 -05:00
Nick Mathewson
e2c881487c Merge remote-tracking branch 'arma/bug20423' into maint-0.2.9 2016-11-21 12:40:08 -05:00
Nick Mathewson
427dcb29b5 Merge branch 'maint-0.2.9' 2016-11-17 20:08:15 -05:00
Nick Mathewson
8a767ba7fb Merge remote-tracking branch 'teor/bug20634_029' into maint-0.2.9 2016-11-17 20:02:59 -05:00
Roger Dingledine
f12aad7f09 don't attempt a resolve when the cached answer will do
For relays that don't know their own address, avoid attempting
a local hostname resolve for each descriptor we download. Also cut
down on the number of "Success: chose address 'x.x.x.x'" log lines.

Fixes bugs 20423 and 20610; bugfix on 0.2.8.1-alpha.
2016-11-16 16:22:11 -05:00
David Goulet
6b13612eef doc: Add change file for bug #20646
Signed-off-by: David Goulet <dgoulet@torproject.org>
2016-11-16 11:28:24 -05:00
teor
44f3563d87
Changes file for bug 20634 2016-11-16 13:14:03 +11:00
Nick Mathewson
b6164e1604 Merge remote-tracking branch 'public/feature20552' 2016-11-10 09:25:11 -05:00
Nick Mathewson
f82f0c3eb1 Merge remote-tracking branch 'dgoulet/bug20574_030_01' 2016-11-10 09:22:34 -05:00
Matt Nordhoff
7dee70c3e1 Add "TByte" and "TBytes" units; also add "TBits" to man page 2016-11-10 09:13:27 -05:00
Nick Mathewson
0f4f63b7b8 Merge branch 'maint-0.2.9' 2016-11-10 09:11:35 -05:00
Nick Mathewson
e8e7a8f3db Merge remote-tracking branch 'teor/bug20613' into maint-0.2.9 2016-11-10 09:10:55 -05:00
rubiate
d46c1b49a4 Do not serve a consensus if it is too old
Closes ticket 20511.
2016-11-10 10:16:18 +13:00
Nick Mathewson
d564187dee Merge branch 'maint-0.2.9' 2016-11-08 19:25:44 -05:00
teor
0ec94588ab
Stop logging single onion and Tor2web long-term one-hop circuits
Single onion services and Tor2web deliberately create long-term one-hop
circuits to their intro and rend points, respectively.

These log messages are intended to diagnose issue 8387, which relates to
circuits hanging around forever for no reason.

Fixes bug 20613; bugfix on 0.2.9.1-alpha. Reported by "pastly".
2016-11-09 11:23:51 +11:00
Nick Mathewson
e4ef9f7491 In torrc.sample.in, note that bandwidth must be >=75 KB.
Queue a corresponding change for torrc.minimal.in.

Closes ticket 20085.
2016-11-08 19:23:49 -05:00
Nick Mathewson
c58592e658 Merge branch 'maint-0.2.9' 2016-11-08 18:51:19 -05:00
Nick Mathewson
89ec191b68 Merge remote-tracking branch 'public/bug20306_029' into maint-0.2.9 2016-11-08 18:51:07 -05:00
Nick Mathewson
31f41fe096 Merge branch 'maint-0.2.9' 2016-11-08 18:45:10 -05:00
Nick Mathewson
286fa94064 Use va_copy() in pure-windows version of tor_asprintf().
It's not okay to use the same varargs list twice, and apparently
some windows build environments produce code here that would leave
tor_asprintf() broken. Fix for bug 20560; bugfix on 0.2.2.11-alpha
when tor_asprintf() was introduced.
2016-11-08 18:44:06 -05:00
Nick Mathewson
d1a0f2e7e4 Merge branch 'maint-0.2.9' 2016-11-08 07:12:16 -05:00
teor
38e3f91c63
When using exponential backoff in test networks, use a lower exponent
Lower exponents mean that delays do not vary as much. This helps test
networks bootstrap consistently.

Bugfix on 20499.
2016-11-08 16:42:26 +11:00
Nick Mathewson
e0311f6a36 Remove from master more changes files already merged in release-0.2.9 2016-11-07 16:32:30 -05:00
Nick Mathewson
3e3040a5d9 Merge branch 'maint-0.2.9'
Conflicts:
	src/or/rendservice.c
2016-11-07 16:31:40 -05:00
Nick Mathewson
9994404238 Make new changes files pass lintchanges 2016-11-07 16:19:05 -05:00
Nick Mathewson
c2fc0941a5 Merge remote-tracking branch 'teor/bug20484_029_v2' into maint-0.2.9 2016-11-07 16:12:13 -05:00
David Goulet
b0ea8b535f hs: Add changes file for HSDir v3 protocol feature
Signed-off-by: David Goulet <dgoulet@torproject.org>
2016-11-07 13:49:27 -05:00
Nick Mathewson
89edef6afb Treat bacoff/schedule mismatch as a bug. 2016-11-07 11:05:57 -05:00
Nick Mathewson
1934bf75ef Merge branch 'maint-0.2.9' 2016-11-07 11:02:15 -05:00
Nick Mathewson
864c42f4d6 Count HTTP 503 as a download failure.
Because as Teor puts it: "[Resetting on 503] is exactly what we
don't want when relays are busy - imagine clients doing an automatic
reset every time they DoS a relay..."

Fixes bug 20593.
2016-11-07 11:01:21 -05:00
Nick Mathewson
667ba776b1 Adjust download schedules per teor's #20534 recommendataions 2016-11-07 11:01:20 -05:00
Nick Mathewson
800dff1308 Merge branch 'maint-0.2.9' 2016-11-07 09:32:21 -05:00
Nick Mathewson
e4b793fe41 Merge branch 'maint-0.2.8' into maint-0.2.9 2016-11-07 09:32:00 -05:00
Nick Mathewson
2639fd08e7 Merge branch 'maint-0.2.7' into maint-0.2.8 2016-11-07 09:31:36 -05:00
Nick Mathewson
f5fdf188b9 Merge branch 'maint-0.2.6' into maint-0.2.7 2016-11-07 09:30:42 -05:00
Nick Mathewson
6c2174d44d Merge branch 'maint-0.2.5' into maint-0.2.6 2016-11-07 09:30:16 -05:00
Nick Mathewson
db2571be61 Merge branch 'maint-0.2.4' into maint-0.2.5 2016-11-07 09:29:54 -05:00
Nick Mathewson
d82ffb77f3 Merge branch '20499_part1_029_squashed', remote-tracking branches 'teor/bug20591_029' and 'teor/bug20533_029' into maint-0.2.9 2016-11-07 09:20:13 -05:00
Nick Mathewson
858867a31a Allow infinitely long delays in exponential-backoff downloads
It's only safe to remove the failure limit (per 20536) if we are in
fact waiting a bit longer each time we try to download.

Fixes bug 20534; bugfix on 0.2.9.1-alpha.
2016-11-07 09:19:35 -05:00
Nick Mathewson
a415fee58a Merge branch 'maint-0.2.9' 2016-11-07 09:09:06 -05:00
Karsten Loesing
ea597832e2 Update geoip and geoip6 to the November 3 2016 database. 2016-11-07 15:05:19 +01:00
teor
e819d420c5
When downloading certificates, check for related failures
If a consensus expires while we are waiting for certificates to download,
stop waiting for certificates.

If we stop waiting for certificates less than a minute after we started
downloading them, do not consider the certificate download failure a
separate failure.

Fixes bug 20533; bugfix on commit e0204f21 in 0.2.0.9-alpha.
2016-11-08 00:01:20 +11:00
teor
1bb28cecd9
Ensure relays don't make multiple connections during bootstrap
Relays do not deliberately launch multiple attempts, so the impact of this
bug should be minimal. This fix also defends against bugs like #20499.

Bugfix on 0.2.8.1-alpha.
2016-11-07 23:05:55 +11:00
Nick Mathewson
0bd55ed96a Always Use EVP_aes_*_ctr() with openssl 1.1
(OpenSSL 1.1 makes EVP_CIPHER_CTX opaque, _and_ adds acceleration
for counter mode on more architectures.  So it won't work if we try
the older approach, and it might help if we try the newer one.)

Fixes bug 20588.
2016-11-06 21:01:25 -05:00
Nick Mathewson
61612f980d Merge branch 'maint-0.2.9' 2016-11-06 20:24:29 -05:00
Nick Mathewson
def41e93bd In test_tortls_classify_client_ciphers(), s/ECDH/ECDHE/
(We weren't actually using these ciphers; we were just requing that
ciphers of that name existed.)

Patch from rubiate.  Fixes 20460
2016-11-06 20:23:40 -05:00
Nick Mathewson
5385a023e1 Do not apply 'max_failures' to random-exponential schedules.
Fixes bug 20536; bugfix on 0.2.9.1-alpha.
2016-11-06 20:08:11 -05:00
Nick Mathewson
1b22eae120 Fix get_delay() code to avoid TIME_MAX overflow, not INT_MAX.
Fixes bug 20587; bugfix on 35bbf2e4a4 in 0.2.8.1-alpha.
2016-11-06 19:50:08 -05:00
Nick Mathewson
b28d818423 Remove changes files that will appear in 0.2.9.5-alpha. 2016-11-06 16:57:38 -05:00
Nick Mathewson
c69bc895ca Fix lintchanges warnings in master. 2016-11-06 16:48:52 -05:00
Nick Mathewson
c8ec42de2f Merge branch 'maint-0.2.9' 2016-11-06 16:41:32 -05:00
Nick Mathewson
add164aa41 Fix warnings from lintChanges.py 2016-11-06 16:39:46 -05:00
Nick Mathewson
91053a072c changes file for 20526 2016-11-03 19:10:02 -04:00
Nick Mathewson
b96bb82a2a changes file for 19563 2016-11-03 18:41:40 -04:00
Nick Mathewson
59f4cae68c Merge branch 'maint-0.2.8' into maint-0.2.9 2016-11-03 18:36:43 -04:00
Nick Mathewson
61bdc452b0 Merge branch 'bug20551_028' into maint-0.2.8 2016-11-03 18:36:25 -04:00
Nick Mathewson
272572c3a2 Merge branch 'maint-0.2.9' 2016-11-03 15:45:16 -04:00
Nick Mathewson
3cd520a52d Merge branch 'maint-0.2.8' into maint-0.2.9 2016-11-03 15:44:46 -04:00
Nick Mathewson
7a45ef5a47 Merge remote-tracking branch 'arma/bug19969_028_squashed' into maint-0.2.8 2016-11-03 15:44:30 -04:00
Nick Mathewson
3bb49c0110 Merge branch 'maint-0.2.8' into maint-0.2.9 2016-11-03 15:41:04 -04:00
Nick Mathewson
957bdc4a42 Merge branch 'bug20553_028' 2016-11-03 10:52:21 -04:00
Nick Mathewson
9b18b215bb Work around a behavior change in openssl's BUF_MEM code
In our code to write public keys to a string, for some unfathomable
reason since 253f0f160e, we would allocate a memory BIO, then
set the NOCLOSE flag on it, extract its memory buffer, and free it.
Then a little while later we'd free the memory buffer with
BUF_MEM_free().

As of openssl 1.1 this doesn't work any more, since there is now a
BIO_BUF_MEM structure that wraps the BUF_MEM structure.  This
BIO_BUF_MEM doesn't get freed in our code.

So, we had a memory leak!

Is this an openssl bug?  Maybe.  But our code was already pretty
silly.  Why mess around with the NOCLOSE flag here when we can just
keep the BIO object around until we don't need the buffer any more?

Fixes bug 20553; bugfix on 0.0.2pre8
2016-11-03 10:51:10 -04:00
Nick Mathewson
b7a1e793e6 Declare a LINKAUTH subprotocol version for #15055 (ed link handshake)
Closes ticket 20552.
2016-11-03 10:01:40 -04:00
Nick Mathewson
1eef543f9d Merge branch 'bug20551_028' 2016-11-03 09:37:44 -04:00
Nick Mathewson
464783a8dc Use explicit casts to avoid warnings when building with openssl 1.1
fixes bug 20551; bugfix on 0.2.1.1-alpha
2016-11-03 09:35:41 -04:00
Nick Mathewson
d9ca4e20bd Merge branch 'feature_15055_v2' 2016-11-03 08:44:46 -04:00
Nick Mathewson
53656381df Changes file for 15055 branch. 2016-11-03 08:40:10 -04:00
Nick Mathewson
e64bac6eb4 Increase TLS RSA link key length to 2048 bits
Oddly, nothing broke.

Closes ticket 13752.
2016-11-03 08:39:30 -04:00
Nick Mathewson
0704fa8a63 Handle u32 overflow in ed25519 cert expiration time.
The impact here isn't too bad. First, the only affected certs that
expire after 32-bit signed time overflows in Y2038. Second, it could
only make it seem that a non-expired cert is expired: it could never
make it seem that an expired cert was still live.

Fixes bug 20027; bugfix on 0.2.7.2-alpha.
2016-11-03 08:37:22 -04:00
Nick Mathewson
e94f1b4e0d Free rsa_ed_crosscert at exit.
Fixes bug 17779; bugfix on 0.2.7.2-alpha.
2016-11-03 08:37:21 -04:00
teor
8f465808a0
Check for getpagesize before using it to mmap files
This fixes compilation in some MinGW environments.

Fixes bug 20530; bugfix on commit bf72878 in tor-0.1.2.1-alpha.
Reported by "ice".
2016-11-03 08:44:57 +11:00
teor
1747f28861
Check every hidden service directory's permissions when configuring
Previously, we would only check the last hidden service directory.

Fixes #20529, bugfix on ticket 13942 commit 85bfad1 in 0.2.6.2-alpha.
2016-11-02 14:32:04 +11:00
Roger Dingledine
d89804a69d Ask event_base_loop to finish when we add a pending stream
Fixes bug 19969; bugfix on b1d56fc58. We can fix this some more in
later Tors, but for now, this is probably the right fix for us.
2016-11-01 19:52:55 -04:00
Nick Mathewson
cb35a7c271 Merge branch 'maint-0.2.9' 2016-11-01 13:05:45 -04:00
Nick Mathewson
733b245283 Merge remote-tracking branch 'teor/bug20472-029-v2' into maint-0.2.9 2016-11-01 13:05:33 -04:00
Nick Mathewson
db67867a81 Merge remote-tracking branch 'pastly/ticket20486' 2016-11-01 12:55:14 -04:00
Nick Mathewson
e6d84ac04f Merge branch 'maint-0.2.9' 2016-11-01 12:49:13 -04:00
Nick Mathewson
9248466f0a Merge branch 'bug20487_029' into maint-0.2.9 2016-11-01 12:44:20 -04:00
Matt Traudt
d8d6d8c206 Update man page that HS directory does not need to exist 2016-11-01 12:32:50 -04:00
Nick Mathewson
68a27dad43 Merge branch 'maint-0.2.9' 2016-10-31 16:33:12 -04:00
Nick Mathewson
e712b5d784 Merge branch 'bug19968_029' into maint-0.2.9 2016-10-31 16:33:03 -04:00
Nick Mathewson
59a78187cd Merge branch 'maint-0.2.9' 2016-10-31 15:20:45 -04:00
Nick Mathewson
24b7b922ae Actually free the worker_state_t object when we do an update with it
Previously we freed the old "keys" object, but leaked the
worker_state_t that we had taken it from.

Fixes bug 20401; bugfix on 0.2.6.3-alpha.
2016-10-31 15:20:25 -04:00
Nick Mathewson
b858452f94 Add a sentence to the manpage about nonanonymous=>Socksport 0.
Closes 20487.
2016-10-31 15:13:27 -04:00
Nick Mathewson
d73c671d6d policy_is_reject_star():
ome policies are default-reject, some default-accept.  But
policy_is_reject_star() assumed they were all default_reject.  Fix
that!

Also, document that policy_is_reject_star() treats a NULL policy as
empty. This allows us to simplify the checks in
parse_reachable_addresses() by quite a bit.

Fxes bug 20306; bugfix on 0.2.8.2-alpha.
2016-10-31 15:05:56 -04:00
Nick Mathewson
8841a9e396 Create single-onion-service directory before poisoning it, if needed
(Also, refactor the code to create a hidden service directory into a
separate funcion, so we don't have to duplicate it.)

Fixes bug 20484; bugfix on 0.2.9.3-alpha.
2016-10-31 14:54:20 -04:00
Nick Mathewson
becc957839 Actually clamp the number of detected CPUs to 16.
Previously we said we did, but didn't.

Fixes #19968; bugfix on 0.2.3.1-alpha.
2016-10-31 14:19:39 -04:00
teor
26d7a07ad7
In circuit_pick_extend_handshake, assume all hops support EXTEND2 and ntor
This simplifies the function: if we have an ntor key, use ntor/EXTEND2,
otherwise, use TAP/EXTEND.

Bugfix on commit 10aa913 from 19163 in 0.2.9.3-alpha.
2016-10-31 17:01:04 +11:00
overcaffeinated
b8b8b6b70e Add implementation of smartlist_add_strdup
Add smartlist_add_strdup(sl, string) - replaces the use of
smartlist_add(sl, tor_strdup(string)). Fixes bug 20048.
2016-10-27 10:12:28 +01:00
Matt Traudt
6629c5c3fe Add historic bwweight tests, comments, line len fixes 2016-10-26 16:37:16 -04:00
Matt Traudt
7ba0ae9426 Add consensus weight calculation tests 2016-10-26 16:37:16 -04:00
Matt Traudt
909ee0e55f Fix default bw weights with new consensus method
See #14881
2016-10-26 16:33:54 -04:00
Nick Mathewson
39375db3dc Merge remote-tracking branch 'pastly/ticket20459' 2016-10-26 16:22:06 -04:00
Nick Mathewson
5a1779b7ff Merge branch 'maint-0.2.9' 2016-10-26 14:17:21 -04:00
Nick Mathewson
d288704023 Avoid tor_fragile_assert() failure with DNSPort on RESOLVED_TYPE_ERROR
The tor_fragile_assert() bug has existed here since c8a5e2d588
in tor-0.2.1.7-alpha forever, but tor_fragile_assert() was mostly a
no-op until 0.2.9.1-alpha.

Fixes bug 19869.
2016-10-26 14:16:40 -04:00
Matt Traudt
c09993fdf6 Fix ewma_cmp_cmux never considering policies different 2016-10-25 10:07:05 -04:00
Nick Mathewson
01482e30ad Merge remote-tracking branch 'pastly/ticket20273' 2016-10-24 12:47:29 -04:00
David Goulet
59247314d5 man: Fix default value of AuthDirGuardBWGuarantee to 2MB
Closes #20435

Signed-off-by: David Goulet <dgoulet@torproject.org>
2016-10-23 10:59:55 -04:00
Nick Mathewson
7010e85939 changes file for 20389 2016-10-19 18:07:02 -04:00
Nick Mathewson
df387b94e8 Merge remote-tracking branch 'chelseakomlo/master' 2016-10-19 17:17:12 -04:00
Nick Mathewson
12cf73c451 Merge remote-tracking branch 'andrea/ticket19858_v2'
Conflict in entrynodes.c: any_bridge_supports_microdescriptors was
removed in master, and modified in 19858_v2
2016-10-19 17:11:47 -04:00
Nick Mathewson
ec4142abdf Unify code in channel_write_*cell()
Patch from pingl; patch for 13827.
2016-10-19 17:07:23 -04:00
Nick Mathewson
87e4b9259a Merge remote-tracking branch 'arma/bug6769' 2016-10-19 17:04:44 -04:00
Chelsea H. Komlo
471b0c5175
Refactor purpose_needs_anonymity to use switch statement 2016-10-19 12:25:50 -05:00
Chelsea H. Komlo
195ccce94e
Refactor to use purpose_needs_anonymity and remove is_sensitive_dir_purpose 2016-10-18 18:40:50 -05:00
Nick Mathewson
9a3adb07c4 changes file for module docs 2016-10-18 19:35:10 -04:00
Nick Mathewson
52b2b2c82f Fold 20384 into changelog 2016-10-17 14:55:05 -04:00
Nick Mathewson
1a74881063 Merge branch 'maint-0.2.8' 2016-10-17 14:51:45 -04:00
Nick Mathewson
1df114330e Merge branch 'buf_sentinel_026_v2' into maint-0.2.8 2016-10-17 14:51:06 -04:00
Nick Mathewson
3cea86eb2f Add a one-word sentinel value of 0x0 at the end of each buf_t chunk
This helps protect against bugs where any part of a buf_t's memory
is passed to a function that expects a NUL-terminated input.

It also closes TROVE-2016-10-001 (aka bug 20384).
2016-10-17 14:49:54 -04:00
Nick Mathewson
20e9220d3d Start on an 0.2.9.4-alpha changelog 2016-10-17 10:57:50 -04:00
Nick Mathewson
efe6fc8b03 changes file for module docs 2016-10-17 10:18:45 -04:00
Nick Mathewson
af70e43131 Merge remote-tracking branch 'public/spaces_in_unix_addrs' 2016-10-14 10:21:41 -04:00
Nick Mathewson
d2ab58c48d Merge branch 'bug18357_v2' 2016-10-14 09:10:34 -04:00
Nick Mathewson
d25fed5174 Merge remote-tracking branch 'yawning-schwanenlied/bug20261' 2016-10-11 11:08:20 -04:00
paolo.ingls@gmail.com
ab78a4df93 torrc parsing b0rks on carriage-return
(Specifically, carriage return after a quoted value in a config
line. Fixes bug 19167; bugfix on 0.2.0.16-alpha when we introduced
support for quoted values. Unit tests, changes file, and this
parenthetical by nickm.)
2016-10-11 09:25:22 -04:00
Nick Mathewson
3328658728 Merge remote-tracking branch 'asn/bug19223' 2016-10-11 08:48:39 -04:00
George Kadianakis
e59f0d4cb9 Fix non-triggerable heap corruption at do_getpass(). 2016-10-10 12:03:39 -04:00
Nick Mathewson
850ec1e282 Stop implying that we support openssl 1.0.0; we don't.
Closes ticket 20303.

The LIBRESSL_VERSION_NUMBER check is needed because if our openssl
is really libressl, it will have an openssl version number we can't
really believe.
2016-10-06 12:58:49 -04:00
Nick Mathewson
7410adb330 Merge branch 'maint-0.2.8' 2016-10-06 09:59:49 -04:00
Nick Mathewson
ab98c4387e Merge branch 'maint-0.2.7' into maint-0.2.8 2016-10-06 09:59:42 -04:00
Nick Mathewson
ec718aa839 Merge branch 'maint-0.2.6' into maint-0.2.7 2016-10-06 09:59:18 -04:00
Nick Mathewson
12a7298376 Merge branch 'maint-0.2.5' into maint-0.2.6 2016-10-06 09:59:03 -04:00
Nick Mathewson
304d8f3bbb Merge branch 'maint-0.2.4' into maint-0.2.5 2016-10-06 09:58:54 -04:00
Nick Mathewson
6055bba8cc Only use -levent when checking functions if we will use it to link.
Fixes 19904; bugfix on b62abf9f21499ab; patch from Rubiate.
2016-10-06 09:16:21 -04:00
Nick Mathewson
785176e975 Clean up and fix exit policy check in connection_exit_connect().
Previously, we would reject even rendezvous connections to IPv6
addresses when IPv6Exit was false.  But that doesn't make sense; we
don't count that as "exit"ing.  I've corrected the logic and tried
to make it a lottle more clear.

Fixes bug 18357; this code has been wrong since 9016d9e829 in
0.2.4.7-alpha.
2016-10-05 12:44:53 -04:00
Karsten Loesing
1b4984f196 Update geoip and geoip6 to the October 6 2016 database. 2016-10-05 16:35:14 +02:00
Nick Mathewson
05aed5b635 Allow a unix: address to contain a C-style quoted string.
Feature 18753 -- all this to allow spaces.
2016-10-04 15:43:20 -04:00
Matt Traudt
5503eec3aa Change some dirvote.c comments to reflect reality 2016-10-03 20:43:50 -04:00
Nick Mathewson
a49fb1e2e5 Teach 'make tags' about MOCK_IMPL.
Patch from nherring; closes ticket 16869
2016-10-03 13:58:09 -04:00
cypherpunks
3b2f012e28 Avoid reordering IPv6 interface addresses
When deleting unsuitable addresses in get_interface_address6_list(), to
avoid reordering IPv6 interface addresses and keep the order returned by
the OS, use SMARTLIST_DEL_CURRENT_KEEPORDER() instead of
SMARTLIST_DEL_CURRENT().

This issue was reported by René Mayrhofer.

[Closes ticket 20163; changes file written by teor. This paragraph
added by nickm]
2016-10-03 13:50:27 -04:00
Paolo Inglese
ae4077916c Fix parse_virtual_addr_network minimum network size 2016-10-03 12:18:51 +01:00
Roger Dingledine
782b6ec288 Bridges and relays now use microdescriptors
(like clients do) rather than old-style router descriptors. Now bridges
will blend in with clients in terms of the circuits they build.

Fixes bug 6769; bugfix on 0.2.3.2-alpha.
2016-10-02 01:12:27 -04:00
Roger Dingledine
bfaded9143 Bridge-using clients now use their cached microdesc consensus
Clients that use bridges were ignoring their cached microdesc-flavor
consensus files, because they only thought they should use the microdesc
flavor once they had a known-working bridge that could offer microdescs,
and at first boot no bridges are known-working.

This bug caused bridge-using clients to download a new microdesc consensus
on each startup.

Fixes bug 20269; bugfix on 0.2.3.12-alpha.
2016-10-01 16:34:17 -04:00
Yawning Angel
847e001d28 Bug 20261: Disable IsolateClientAddr on AF_LOCAL SocksPorts.
The client addr is essentially meaningless in this context (yes, it is
possible to explicitly `bind()` AF_LOCAL client side sockets to a path,
but no one does it, and there are better ways to grant that sort of
feature if people want it like using `SO_PASSCRED`).
2016-09-30 18:43:31 +00:00
Nick Mathewson
ed5d2daba1 Merge remote-tracking branch 'public/ticket20001_v2' 2016-09-26 11:01:10 -07:00
Nick Mathewson
97337844b7 Merge branch 'protover_v2_squashed' 2016-09-26 11:00:08 -07:00
Nick Mathewson
78c07eeee1 Changes file for prop264 / ticket 19958. 2016-09-26 10:56:52 -07:00
Andrea Shepard
8b4d961f08 Changes file for ticket 19858 2016-09-25 02:13:02 +00:00
Nick Mathewson
a633baf632 Merge branch 'osx_sierra_028' 2016-09-24 13:33:09 -07:00
Nick Mathewson
39f51dfae3 changes file for osx sierra fixes 2016-09-24 13:29:20 -07:00
Nick Mathewson
eaf5950682 Remove changes files that we have folded in 2016-09-23 11:16:20 -04:00
Nick Mathewson
6a01164538 Merge branch 'maint-0.2.8' 2016-09-23 09:30:56 -04:00
Nick Mathewson
db6153e70c Merge remote-tracking branch 'teor/broken-028-fallbacks' into maint-0.2.8 2016-09-23 09:29:55 -04:00
Nick Mathewson
94989fdebb remove changes files that are also in 0.2.8.8 2016-09-22 18:14:29 -04:00
Nick Mathewson
077f6a4888 Merge branch 'maint-0.2.8' 2016-09-22 15:20:31 -04:00
Nick Mathewson
d78711c0ae LintChanges fix 2016-09-22 15:19:59 -04:00
Nick Mathewson
6e96eababe Merge branch 'bug20203_027_squashed' into maint-0.2.8 2016-09-22 15:17:00 -04:00
Nick Mathewson
e4aaf76660 When clearing cells from a circuit for OOM reasons, tell cmux we did so.
Not telling the cmux would sometimes cause an assertion failure in
relay.c when we tried to get an active circuit and found an "active"
circuit with no cells.

Additionally, replace that assert with a test and a log message.

Fix for bug 20203. This is actually probably a bugfix on
0.2.8.1-alpha, specifically my code in 8b4e5b7ee9 where I
made circuit_mark_for_close_() do less in order to simplify our call
graph. Thanks to "cypherpunks" for help diagnosing.
2016-09-22 15:16:07 -04:00
Nick Mathewson
6deeedb5e0 Merge branch 'maint-0.2.8' 2016-09-22 09:00:37 -04:00
Nick Mathewson
1edea87c2a Fix lintchanges warnings in 028 2016-09-22 09:00:16 -04:00
Nick Mathewson
20ce9f23dc Fix warnings from lintChanges.py 2016-09-22 08:48:05 -04:00
teor
df7b0011e3
Changes file for #20190: remove broken fallbacks 2016-09-22 08:08:59 +10:00
Nick Mathewson
62ee4f185f Merge branch 'maint-0.2.8' 2016-09-20 19:30:45 -04:00
Nick Mathewson
9b5a19c64b Don't look at any routerstatus_t when the networkstatus is inconsistent
For a brief moment in networkstatus_set_current_consensus(), the old
consensus has been freed, but the node_t objects still have dead
pointers to the routerstatus_t objects within it.  During that
interval, we absolutely must not do anything that would cause Tor to
look at those dangling pointers.

Unfortunately, calling the (badly labeled!) current_consensus macro
or anything else that calls into we_use_microdescriptors_for_circuits(),
can make us look at the nodelist.

The fix is to make sure we identify the main consensus flavor
_outside_ the danger zone, and to make the danger zone much much
smaller.

Fixes bug 20103.  This bug has been implicitly present for AGES; we
just got lucky for a very long time.  It became a crash bug in
0.2.8.2-alpha when we merged 35bbf2e4a4 to make
find_dl_schedule start looking at the consensus, and 4460feaf28
which made node_get_all_orports less (accidentally) tolerant of
nodes with a valid ri pointer but dangling rs pointer.
2016-09-20 10:43:58 -04:00
Nick Mathewson
144bd86570 Merge remote-tracking branch 'teor/bug20117' 2016-09-19 14:21:12 -04:00
Nick Mathewson
b88f918227 Remove an extraneous parenthesis in IF_BUG_OHNCE__
Fixes bug 20141; bugfix on 0.2.9.1-alpha.

Patch from Gisle Vanem.
2016-09-14 10:53:49 -04:00
Nick Mathewson
8b7922b282 Merge remote-tracking branch 'teor/feature20072' 2016-09-14 10:18:41 -04:00
Nick Mathewson
4f4e995d42 Merge branch 'bug20081' 2016-09-14 10:17:04 -04:00
teor
16085a8421
Add some chutney single onion networks to make test-network-all
This requires a recent version of chutney, with the single onion
network flavours (git c72a652 or later).

Closes ticket #20072.
2016-09-14 12:17:10 +10:00
Nick Mathewson
b488bd54ba Merge remote-tracking branch 'public/bug20063' 2016-09-13 11:25:59 -04:00
Nick Mathewson
9f0cb5af15 Merge branch 'feature-17178-v7-squashed-v2' 2016-09-13 10:20:08 -04:00
teor
f311c9ffa2 Replace OnionService* with HiddenService* in option names
And make consequential line-length adjustments.
2016-09-13 10:13:57 -04:00
teor
41f96078c2 Refactor UseEntryNodes so the original configured value is preserved
Parse the value to UseEntryNodes_option, then set UseEntryNodes before
validating options.

This way, Authorities, Tor2web, and Single Onion Services don't write
spurious "UseEntryNodes 0" lines to their configs. Document the fact that
these tor configurations ignore UseEntryNodes in the manual page.

Also reorder options validation so we modify UseEntryNodes first, then
check its value against EntryNodes.

And silence a warning about disabled UseEntryNodes for hidden services
when we're actually in non-anonymous single onion service mode.
2016-09-13 10:13:56 -04:00
teor
0285f4f34d Use CircuitBuildTimeout whenever circuit_build_times_disabled is true
Previously, we checked LearnCircuitBuildTimeout directly.

Fixes bug #20073 in commit 5b0b51ca3 on tor 0.2.4.12-alpha.
2016-09-13 10:13:56 -04:00
teor
e5ad00330c Make Tor2web work with ReachableAddresses and CRN_DIRECT_CONN
The changes in #19973 fixed ReachableAddresses being applied
too broadly, but they also broke Tor2web (somewhat unintentional)
compatibility with ReachableAddresses.

This patch restores that functionality, which makes intro and
rend point selection is consistent between Tor2web and Single Onion
Services.
2016-09-13 10:13:55 -04:00
teor (Tim Wilson-Brown)
b560f852f2 Implement Prop #260: Single Onion Services
Add experimental OnionServiceSingleHopMode and
OnionServiceNonAnonymousMode options. When both are set to 1, every
hidden service on a tor instance becomes a non-anonymous Single Onion
Service. Single Onions make one-hop (direct) connections to their
introduction and renzedvous points. One-hop circuits make Single Onion
servers easily locatable, but clients remain location-anonymous.
This is compatible with the existing hidden service implementation, and
works on the current tor network without any changes to older relays or
clients.

Implements proposal #260, completes ticket #17178. Patch by teor & asn.

squash! fixup! fixup! fixup! fixup! fixup! fixup! fixup! fixup! fixup! fixup! fixup! fixup! fixup! Implement Prop #260: Single Onion Services

Redesign single onion service poisoning.

When in OnionServiceSingleHopMode, each hidden service key is poisoned
(marked as non-anonymous) on creation by creating a poison file in the
hidden service directory.

Existing keys are considered non-anonymous if this file exists, and
anonymous if it does not.

Tor refuses to launch in OnionServiceSingleHopMode if any existing keys
are anonymous. Similarly, it refuses to launch in anonymous client mode
if any existing keys are non-anonymous.

Rewrite the unit tests to match and be more comprehensive.
Adds a bonus unit test for rend_service_load_all_keys().
2016-09-13 10:10:54 -04:00
Nick Mathewson
08d2d7c404 prop272: Believe that all routers are Valid and Running.
(We check consensus method when deciding whether to assume a node is
valid.  No need to check the consensus method for Running, since
we will never see a method before 13.)

Closes ticket 20001

g
2016-09-13 09:29:22 -04:00
Nick Mathewson
20c4b01694 Make preferred_chunk_size avoid overflow, handle big inputs better
Also, add tests for the function.

Closes 20081; bugfix on 0.2.0.16-alpha. This is a Guido Vranken
issue. Thanks, Guido!
2016-09-13 09:07:12 -04:00
Nick Mathewson
4b182dfc23 Merge remote-tracking branch 'public/ticket19998' 2016-09-13 08:54:43 -04:00
Nick Mathewson
9d84a6d998 changes file for 19767 2016-09-11 16:53:37 -04:00
teor
42a74f707c
Document the default PathsNeededToBuildCircuits value
... when the directory authorities don't set min_paths_for_circs_pct.

Fixes bug 20117; bugfix on 02c320916e in tor-0.2.4.10-alpha.
Reported by Jesse V.
2016-09-09 11:20:20 +10:00
Nick Mathewson
3269307daf Treat all nonfatal assertion failures as unit test failures.
Part of 19999.
2016-09-08 13:27:30 -04:00
Nick Mathewson
fe9cfeba6e Fix libevent linking on openbsd.
Closes ticket 19902; bugfix on 0.2.9.1-alpha; patch from rubiate
2016-09-08 10:09:34 -04:00
Nick Mathewson
f3cda3272a Disable -Wthread-safety.
See changes file; closes ticket 20110.
2016-09-08 09:37:40 -04:00
Nick Mathewson
08d1ac4f2a Patch from rubiate: disable openbsd memory protections in test-memwipe
Test-memwipe is *supposed* to invoke undefined behavior, alas.

Closes 20066.
2016-09-08 09:00:24 -04:00
Nick Mathewson
f028434a5f Merge branch 'maint-0.2.8' 2016-09-07 13:54:21 -04:00
Nick Mathewson
6494f3346b Merge branch 'maint-0.2.7' into maint-0.2.8 2016-09-07 13:54:12 -04:00
Nick Mathewson
11edbf4808 Merge branch 'maint-0.2.6' into maint-0.2.7 2016-09-07 13:54:03 -04:00
Nick Mathewson
52a99cb6c1 Merge branch 'maint-0.2.5' into maint-0.2.6 2016-09-07 13:53:53 -04:00
Nick Mathewson
e4d82da05b Merge branch 'maint-0.2.4' into maint-0.2.5 2016-09-07 13:53:43 -04:00
Nick Mathewson
e9b1d0619f Merge remote-tracking branch 'dgoulet/ticket18693_029_01' 2016-09-07 11:46:00 -04:00