Nick Mathewson
3150c30351
Bump version to 0.3.5.10-dev
2020-03-18 12:15:32 -04:00
Nick Mathewson
0526801ed4
Port rsa_private_key_too_long() to work on OpenSSL 1.1.0.
2020-03-18 08:19:48 -04:00
Nick Mathewson
fe3d8ec38e
Merge branch 'trove_2020_002_035' into maint-0.3.5
2020-03-17 15:21:48 -04:00
George Kadianakis
089e57d22f
Fix TROVE-2020-003.
...
Given that ed25519 public key validity checks are usually not needed
and (so far) they are only necessary for onion addesses in the Tor
protocol, we decided to fix this specific bug instance without
modifying the rest of the codebase (see below for other fix
approaches).
In our minimal fix we check that the pubkey in
hs_service_add_ephemeral() is valid and error out otherwise.
2020-03-17 11:44:45 -04:00
George Kadianakis
c940b7cf13
Trivial bugfixes found during TROVE investigation.
2020-03-17 11:43:03 -04:00
Nick Mathewson
f958b537ab
Use >= consistently with max_bits.
2020-03-17 10:44:38 -04:00
Nick Mathewson
2328c79a5f
Add off-by-one checks for key length.
2020-03-17 10:44:38 -04:00
Nick Mathewson
8abdb39489
Extract key length check into a new function, and check more fields.
...
In the openssl that I have, it should be safe to only check the size
of n. But if I'm wrong, or if other openssls work differently, we
should check whether any of the fields are too large.
Issue spotted by Teor.
2020-03-17 10:44:38 -04:00
teor
1c688ba925
Travis: Produce detailed chutney diagnostics
...
When a Travis chutney job fails, use chutney's new "diagnostics.sh" tool
to produce detailed diagnostic output.
Closes ticket 32792.
2020-03-16 16:04:51 +10:00
Nick Mathewson
29c9675bde
Fix memory leak in crypto_pk_asn1_decode_private.
...
(Deep, deep thanks to Taylor for reminding me to test this!)
2020-03-14 14:17:37 -04:00
Nick Mathewson
ab2e66ccdc
Add a test for crypto_pk_asn1_decode_private maxbits.
2020-03-14 14:17:13 -04:00
Nick Mathewson
be064f77b9
Revise TROVE-2020-002 fix to work on older OpenSSL versions.
...
Although OpenSSL before 1.1.1 is no longer supported, it's possible
that somebody is still using it with 0.3.5, so we probably shouldn't
break it with this fix.
2020-03-14 13:38:53 -04:00
Nick Mathewson
d17108a187
Bump to 0.3.5.10
2020-03-13 16:56:31 -04:00
Nick Mathewson
b9d71f3848
Merge remote-tracking branch 'tor-github/pr/1693/head' into maint-0.3.5
2020-03-13 16:46:09 -04:00
Nick Mathewson
8dc7ad1275
Fix unit tests that look at contactinfo logs.
2020-03-12 13:42:17 -04:00
David Goulet
b755a489bd
config: Warn if ContactInfo is not set
...
Closes #33361
Signed-off-by: David Goulet <dgoulet@torproject.org>
2020-03-12 12:43:00 -04:00
Nick Mathewson
5721ec22d8
pem_decode(): Tolerate CRLF line endings
...
Fixes bug 33032; bugfix on 0.3.5.1-alpha when we introduced our own
PEM decoder.
2020-03-11 10:35:17 -04:00
David Goulet
894ff2dc84
dos: Pass transport name on new client connection
...
For a bridge configured with a pluggable transport, the transport name is
used, with the IP address, for the GeoIP client cache entry.
However, the DoS subsystem was not aware of it and always passing NULL when
doing a lookup into the GeoIP cache.
This resulted in bridges with a PT are never able to apply DoS defenses for
newly created connections.
Fixes #33491
Signed-off-by: David Goulet <dgoulet@torproject.org>
2020-03-10 14:45:13 -04:00
teor
add387c507
Travis: Sort jobs in order of speed
...
Putting the slowest jobs first takes full advantage of Travis
concurrency.
Closes 33194.
2020-02-13 13:52:41 +10:00
teor
fc3555100f
Travis: Remove a redundant distcheck job
...
Part of 33194.
2020-02-13 13:45:18 +10:00
teor
03650e0f60
Travis: Require the macOS IPv6 chutney job
...
The job was previously set to fast_finish / allow_failure, to
speed up the build.
Closes ticket 33195.
2020-02-13 13:43:59 +10:00
David Goulet
88489cd290
hs-v3: Remove BUG() that can occur normally
...
Fixes #28992
Signed-off-by: David Goulet <dgoulet@torproject.org>
2020-02-12 14:09:40 +10:00
Alexander Færøy
b9c7c61ea5
Lowercase the BridgeDistribution value from torrc in descriptors.
...
This patch ensures that we always lowercase the BridgeDistribution from
torrc in descriptors before submitting it.
See: https://bugs.torproject.org/32753
2020-02-12 12:21:41 +10:00
teor
88723ad169
Merge remote-tracking branch 'tor-github/pr/1689' into maint-0.3.5
2020-02-12 12:18:59 +10:00
Nick Mathewson
2b6df3da21
Merge branch 'bug33212_035' into maint-0.3.5
2020-02-10 14:17:03 -05:00
Nick Mathewson
99d044d553
Fix a Rust compilation warning; resolve bug 33212.
2020-02-10 13:32:09 -05:00
Nick Mathewson
d0bce65ce2
changes file for 33119 aka TROVE-2020-002
2020-02-05 12:02:32 -05:00
Nick Mathewson
f160212ee8
When parsing tokens, reject early on spurious keys.
2020-02-05 11:57:31 -05:00
Nick Mathewson
9e1085c924
When parsing, reject >1024-bit RSA private keys sooner.
...
Private-key validation is fairly expensive for long keys in openssl,
so we need to avoid it sooner.
2020-02-05 11:11:35 -05:00
teor
41d52e9cd8
Merge remote-tracking branch 'tor-github/pr/1614' into maint-0.3.5
2020-01-30 07:53:53 +10:00
Nick Mathewson
1f163fcbde
Change BUG() messages in buf_flush_to_tls() to IF_BUG_ONCE()
...
We introduced these BUG() checks in b0ddaac074
to prevent a
recurrence of bug 23690. But there's a report of the BUG() message
getting triggered and filling up the disk. Let's change it to
IF_BUG_ONCE().
Fixes bug 33093; bugfix on 0.3.2.2-alpha.
2020-01-29 08:31:22 -05:00
teor
9d771ccc86
Travis: Stop allowing stem test failures
...
Stop allowing failures on the Travis CI stem tests job. It looks like
all the stem hangs we were seeing are now fixed, but let's make sure we
see them if they happen again.
Closes ticket 33075.
2020-01-28 19:56:56 +10:00
teor
19954cffd7
Merge remote-tracking branch 'tor-github/pr/1513' into maint-0.3.5
2020-01-16 09:57:27 +10:00
Nick Mathewson
4f6901d7cc
When initializing pthreads, always set the main thread.
...
Fixes bug 32884. This is a bugfix on 0.3.3.1-alpha, when we started
allowing restart-in-process with tor_api.h.
2020-01-06 09:37:12 -05:00
Peter Gerber
0d64bafcfe
Correct how we use libseccomp
...
This fixes a startup crash with libseccomp v2.4.0 if Sandbox is
set to 1.
2019-12-17 09:47:28 -05:00
teor
0b3763612c
Merge remote-tracking branch 'tor-github/pr/1459' into bug32240_32242_035
2019-12-16 09:21:05 +10:00
teor
75096de4c7
Merge branch 'bug32240_029' into bug32240_035
...
Merge
* Chutney Trusty deletion in bug32240_029
* NSS addition in maint-0.3.5
2019-12-16 09:09:16 +10:00
teor
37b04aeed7
changes: file for 32240
2019-12-16 09:06:25 +10:00
teor
0f07d25243
Travis: Run Chutney jobs in Ubuntu Bionic images
...
Closes 32240.
2019-12-16 09:03:48 +10:00
teor
704f3224a2
Travis: Turn off Tor's Sandbox in Chutney jobs
...
We need to set "Sandbox 0", until we fix sandbox errors that are
triggered by Ubuntu Xenial and Bionic. See 32722.
Part of 32240.
2019-12-16 09:01:45 +10:00
teor
1cd20ff848
Merge branch 'maint-0.2.9' into maint-0.3.5
2019-12-16 08:15:55 +10:00
teor
05908d57f6
Merge remote-tracking branch 'tor-github/pr/1576' into maint-0.3.5
2019-12-16 08:14:04 +10:00
teor
7dd5946094
Merge remote-tracking branch 'tor-github/pr/1575' into maint-0.2.9
2019-12-16 08:13:38 +10:00
Nick Mathewson
0c4f0ec977
bump to 0.3.5.9-dev
2019-12-09 16:01:11 -05:00
Nick Mathewson
74cae547e5
Merge branch 'maint-0.2.9' into maint-0.3.5
2019-12-06 16:02:07 -05:00
Karsten Loesing
b7b467d3af
Update geoip and geoip6 to the December 3 2019 database.
2019-12-06 11:50:35 +01:00
teor
a277f28947
changes: file for 32629
2019-12-06 10:51:43 +10:00
teor
b84e7715da
changes: file for 32629
2019-12-06 10:51:05 +10:00
Nick Mathewson
c53567c36f
Bump version to 0.3.5.9
2019-12-05 13:29:49 -05:00
teor
aee966cb06
Merge remote-tracking branch 'tor-github/pr/1277' into maint-0.3.5
2019-12-05 10:11:18 +10:00