Commit Graph

31378 Commits

Author SHA1 Message Date
Nick Mathewson
86819229af Limit the number of elements in a consdiff hash line.
This avoids performing and then freeing a lot of small mallocs() if
the hash line has too many elements.

Fixes one case of bug 40472; resolves OSS-Fuzz 38363.  Bugfix on
0.3.1.1-alpha when the consdiff parsing code was introduced.
2021-12-06 12:35:08 -05:00
Alexander Færøy
4a24673436 Merge remote-tracking branch 'tor-gitlab/mr/487' into maint-0.3.5 2021-11-08 14:15:59 +00:00
Alexander Færøy
4914e0e1cc Merge remote-tracking branch 'tor-gitlab/mr/486' into maint-0.3.5 2021-11-08 14:15:56 +00:00
Nick Mathewson
cee6e7d9e1 Give an error message if LibreSSL's TLSv1.3 APIs aren't what we need
From LibreSSL versions 3.2.1 through 3.4.0, our configure script
would conclude that TLSv1.3 as supported, but it actually wasn't.
This led to annoying breakage like #40128 and #40445.

Now we give an error message if we try to build with one of those
versions.

Closes #40511.
2021-11-06 11:04:08 -04:00
Nick Mathewson
8beb560bfd Reverse the direction of the test for openssl 3.0.0
Previously the logic was reversed, and always gave the wrong answer.
This has no other effect than to change whether we suppress
deprecated API warnings.

Fixes #40429; bugfix on 0.3.5.13.
2021-11-05 13:23:05 -04:00
Nick Mathewson
439e17180c Light edit to protover warnings. 2021-11-05 10:30:57 -04:00
David Goulet
f93cd5deb8 protover: Add a note on why LinkAuth is not recommended or required
Signed-off-by: David Goulet <dgoulet@torproject.org>
2021-11-05 10:16:08 -04:00
David Goulet
3d1a49908c protover: Move all hardcoded lists in one place
This also moves the warnings and add some theatrical effect around the
code so anyone modifying those list should notice the warnings signs and
read the comment accordingly.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2021-11-05 10:13:47 -04:00
Nick Mathewson
7c085490f5 Add scary warnings about changing the protover list.
Doing this in the wrong way has potential to cause serious havoc on
the network, so let's make it harder for future programmers to mess
it up.
2021-11-05 09:20:05 -04:00
Alexander Færøy
cfd1482f78 Merge remote-tracking branch 'ahf/ahf/ci-i386' into maint-0.3.5 2021-11-05 03:10:12 +00:00
David Goulet
1902edaf52 shellcheck: Make it happy on couple scripts
Signed-off-by: David Goulet <dgoulet@torproject.org>
2021-11-03 09:47:30 -04:00
Alexander Færøy
d83c6bf80f Add i386 version of debian-minimal for 32-bit Gitlab CI builds.
See: tpo/core/tor#40505
2021-11-03 12:36:30 +00:00
Alexander Færøy
5c8deef9b6 Fix Windows build.
While trying to resolve our CI issues, the Windows build broke with an
unused function error:

   src/test/test_switch_id.c:37:1: error: ‘unprivileged_port_range_start’
   defined but not used [-Werror=unused-function]

We solve this by moving the `#if !defined(_WIN32)` test above the
`unprivileged_port_range_start()` function defintion such that it is
included in its body.

This is an unreviewed commit.

See: tor#40275
2021-10-29 16:52:18 +00:00
David Goulet
92fedb9f44 changes: Add file for ticket 26299
Signed-off-by: David Goulet <dgoulet@torproject.org>
2021-10-29 09:19:21 -04:00
David Goulet
8cf6f9183c makefile: Add a reproducible dist make job
Signed-off-by: David Goulet <dgoulet@torproject.org>
2021-10-28 16:29:22 -04:00
Alexander Færøy
d37273be0d release: Patches to make tarball reproducible
Closes #26299

Signed-off-by: David Goulet <dgoulet@torproject.org>
2021-10-28 13:42:02 -04:00
David Goulet
fa438b6cf0 version: Missing version update in couple files
Signed-off-by: David Goulet <dgoulet@torproject.org>
2021-10-28 09:40:50 -04:00
David Goulet
14385ce71e ci: Missing source dir when parsing configure.ac version
Signed-off-by: David Goulet <dgoulet@torproject.org>
2021-10-26 14:33:31 -04:00
David Goulet
66193ee708 version: Bump to 0.3.5.17-dev
Signed-off-by: David Goulet <dgoulet@torproject.org>
2021-10-26 11:30:56 -04:00
David Goulet
9280f32fc0 version: Bump to 0.3.5.17
Signed-off-by: David Goulet <dgoulet@torproject.org>
2021-10-26 09:16:17 -04:00
David Goulet
66e8e0f71b fallbackdir: Regenerate the list for October 2021
Closes #40493

Signed-off-by: David Goulet <dgoulet@torproject.org>
2021-10-21 09:13:40 -04:00
Alexander Færøy
7372739765 Announce URL to bridge status page when starting Tor as a bridge relay.
This patch makes Tor announce the relay specific bridge status page URL
when Tor is starting up before bootstrap occours.

See: tor#30477
2021-10-20 21:44:45 +00:00
Alexander Færøy
5a043825d0 Remove unused function: dns_randfn_() in dns.c.
This patch unbreaks the current build after tor!369 landed.

See: https://bugs.torproject.org/tpo/core/tor/40371
2021-10-20 17:35:52 +00:00
Alexander Færøy
db112329a0 Merge remote-tracking branch 'tor-gitlab/mr/369' into maint-0.3.5 2021-10-20 17:35:35 +00:00
David Goulet
44e105c27f hs: Improve warning for bad service version
Now that we don't have version 2, it gives us:

  [warn] HiddenServiceVersion must be between 3 and 3, not 2.

This commit changes it to:

  [warn] HiddenServiceVersion must be 3, not 2.

Part of #40476

Signed-off-by: David Goulet <dgoulet@torproject.org>
2021-10-19 09:51:24 -04:00
David Goulet
18b5630a7c changes: Add file for ticket 40476
Closes #40476

Signed-off-by: David Goulet <dgoulet@torproject.org>
2021-10-19 09:51:24 -04:00
David Goulet
f9750249ac test: Don't run HSv2 Chutney test networks
Part of #40476

Signed-off-by: David Goulet <dgoulet@torproject.org>
2021-10-19 09:51:24 -04:00
David Goulet
9a6c6e8ec5 test: Fix unit tests after disabling version 2
Some tests were removed because they were testing something not usable
anymore.

Some tests remains to make sure that things are indeed disabled.

Part of #40476

Signed-off-by: David Goulet <dgoulet@torproject.org>
2021-10-19 09:51:24 -04:00
David Goulet
ef7a64e3b8 hs-v2: Disable version 2 HSPOST and HSFETCH command
Part of #40476

Signed-off-by: David Goulet <dgoulet@torproject.org>
2021-09-30 11:18:08 -04:00
David Goulet
59bae7cbee hs-v2: Disable version 2 directory
Relay do not accept both stores and lookups of version 2 descriptor.
This effectively disable version 2 HSDir supports for relays.

Part of #40476

Signed-off-by: David Goulet <dgoulet@torproject.org>
2021-09-30 10:46:17 -04:00
David Goulet
ff3ac02702 hs-v2: Disable version 2 introduction point
Upon receiving a v2 introduction request, the relay will close the
circuit and send back a tor protocol error.

Part of #40476

Signed-off-by: David Goulet <dgoulet@torproject.org>
2021-09-30 10:40:19 -04:00
David Goulet
765bdb9c33 hs-v2: Disable version 2 service
The minimum service version is raised from 2 to 3 which effectively
disable loading or creating an onion service v2.

As for ADD_ONION, for version 2, a 551 error is returned:

  "551 Failed to add Onion Service"

Part of #40476

Signed-off-by: David Goulet <dgoulet@torproject.org>
2021-09-30 10:38:08 -04:00
David Goulet
13b2b1108f hs-v2: Disable SOCKS connection for v2 addresses
This effectively turns off the ability of tor to use HSv2 as a client by
invalidating the v2 onion hostname passed through a SOCKS request.

Part of #40476

Signed-off-by: David Goulet <dgoulet@torproject.org>
2021-09-30 10:26:37 -04:00
Alexander Færøy
fcef8e3f75 Only check for bindable ports if we are unsure if it will fail.
We currently assume that the only way for Tor to listen on ports in the
privileged port range (1 to 1023), on Linux, is if we are granted the
NET_BIND_SERVICE capability. Today on Linux, it's possible to specify
the beginning of the unprivileged port range using a sysctl
configuration option. Docker (and thus the CI service Tor uses) recently
changed this sysctl value to 0, which causes our tests to fail as they
assume that we should NOT be able to bind to a privileged port *without*
the NET_BIND_SERVICE capability.

In this patch, we read the value of the sysctl value via the /proc/sys/
filesystem iff it's present, otherwise we assume the default
unprivileged port range begins at port 1024.

See: tor#40275
2021-09-13 18:33:27 +02:00
Alexander Færøy
12b64845ae Use Debian bullseye for our hardened build. 2021-09-13 18:13:10 +02:00
Alexander Færøy
84d6f977e7 Force amd64 for CI builds. 2021-09-13 18:08:49 +02:00
David Goulet
a8ce645ab0 Bump version to -dev
Signed-off-by: David Goulet <dgoulet@torproject.org>
2021-08-16 16:33:58 -04:00
Alexander Færøy
b07cd2ee90 Use debian:buster instead of debian:stable for now. 2021-08-16 13:57:56 +00:00
Nick Mathewson
2984fba97a Make the version 0.3.6.16, not 0.3.6.16-dev. 2021-08-16 08:17:59 -04:00
David Goulet
041a0a362f Update version to 0.3.5.16
Signed-off-by: David Goulet <dgoulet@torproject.org>
2021-08-13 09:43:44 -04:00
Alexander Færøy
eca5b62213 Update GeoIP files to match IPFire location DB as per 2021/08/12. 2021-08-12 15:38:11 +00:00
Alexander Færøy
7e0971d868 Merge remote-tracking branch 'tor-gitlab/mr/417' into maint-0.3.5 2021-08-11 13:15:35 +00:00
George Kadianakis
fe5a9db1e6 Disable ed25519-donna's batch verification.
Fixes bug 40078.

As reported by hdevalence our batch verification logic can cause an assert
crash.

The assert happens because when the batch verification of ed25519-donna fails,
the code in `ed25519_checksig_batch()` falls back to doing a single
verification for each signature.

The crash occurs because batch verification failed, but then all signatures
individually verified just fine.

That's because batch verification and single verification use a different
equation which means that there are sigs that can pass single verification
but fail batch verification.

Fixing this would require modding ed25519-donna which is not in scope for
this ticket, and will be soon deprecated in favor of arti and
ed25519-dalek, so my branch instead removes batch verification.
2021-08-11 13:14:05 +00:00
David Goulet
0e60b65f6c fallbackdir: Regenerate list
New list for all stable releases.

Closes #40447

Signed-off-by: David Goulet <dgoulet@torproject.org>
2021-08-11 09:07:05 -04:00
David Goulet
399518da02 relay: Reduce streaming compression ratio from HIGH to LOW
Fixes #40301

Signed-off-by: David Goulet <dgoulet@torproject.org>
2021-08-11 12:51:32 +00:00
Nick Mathewson
87492154e0 Bump to 0.3.5.15-dev 2021-06-14 11:45:30 -04:00
George Kadianakis
f57b5c48e0 Fix TROVE-2021-006: Out-of-bounds read on v3 desc parsing 2021-06-10 12:11:10 -04:00
David Goulet
adb248b6d6 TROVE-2021-003: Check layer_hint before half-closed end and resolve cells
This issue was reported by Jann Horn part of Google's Project Zero.

Jann's one-sentence summary: entry/middle relays can spoof RELAY_END cells on
half-closed streams, which can lead to stream confusion between OP and
exit.

Fixes #40389
2021-06-10 08:50:05 -04:00
Nick Mathewson
d71bf986b4 Merge branch 'bug40391_035' into maint-0.3.5 2021-06-10 08:41:59 -04:00
Nick Mathewson
7fdfc2ea54 Merge branch 'bug40390_035_squashed' into maint-0.3.5 2021-06-10 08:34:25 -04:00