Commit Graph

37278 Commits

Author SHA1 Message Date
Nick Mathewson
b3ca2faf46 Merge branch 'maint-0.4.4' into maint-0.4.5
"ours" to avoid version bump.
2021-06-07 13:30:36 -04:00
Nick Mathewson
1956f63d6b Bump to 0.4.4.9 2021-06-07 13:30:18 -04:00
Nick Mathewson
6bcb0fb881 Merge branch 'maint-0.3.5' into maint-0.4.4 2021-06-07 13:29:49 -04:00
Nick Mathewson
ed7f4ad4a9 Bump to 0.3.5.15. 2021-06-07 13:29:35 -04:00
Nick Mathewson
f832b4bcee Merge branch 'bug40175_045' into maint-0.4.6 2021-06-01 12:16:35 -04:00
Nick Mathewson
9348b1b440 changes file for #40175 2021-06-01 12:16:06 -04:00
David Goulet
83009f8003 Merge branch 'tor-gitlab/mr/393' into maint-0.4.6 2021-06-01 08:47:56 -04:00
Nick Mathewson
6ccb858058 Bump to 0.4.6.4-rc-dev 2021-05-28 12:20:48 -04:00
Nick Mathewson
aaf062119e Bump to 0.4.6.4-rc. 2021-05-28 08:04:42 -04:00
Nick Mathewson
e1f0b9fb1e Merge branch 'maint-0.4.5' into maint-0.4.6 2021-05-28 08:03:43 -04:00
Nick Mathewson
8b6e919086 Stop using the "x$FOO" idiom in git-resquash.sh
The new version of shellcheck says that that this idiom is
unnecessary, and its presence here is making the shellcheck tests
fail.

No changes file needed, since this is not user-facing code.
2021-05-28 08:02:08 -04:00
Nick Mathewson
fc3d4e4c2f Upgrade and rate-limit compression failure message.
Without this message getting logged at 'WARN', it's hard to
contextualize the messages we get about compression bombs, so this
message should fix #40175.

I'm rate-limiting this, however, since it _could_ get spammy if
somebody on the network starts acting up.  (Right now it should be
very quiet; I've asked Sebastian to check it, and he says that he
doesn't hit this message in practice.)

Closes #40175.
2021-05-27 10:49:37 -04:00
David Goulet
fd3678fa60 Merge branch 'tor-gitlab/mr/392' into maint-0.4.6 2021-05-27 10:01:44 -04:00
Nick Mathewson
d12b16614d Prefer mmap()ed consensus files over cached_dir_t entries.
Cached_dir_t is a somewhat "legacy" kind of storage when used for
consensus documents, and it appears that there are cases when
changing our settings causes us to stop updating those entries.

This can cause trouble, as @arma found out in #40375, where he
changed his settings around, and consensus diff application got
messed up: consensus diffs were being _requested_ based on the
latest consensus, but were being (incorrectly) applied to a
consensus that was no longer the latest one.

This patch is a minimal fix for backporting purposes: it has Tor do
the same search when applying consensus diffs as we use to request
them.  This should be sufficient for correct behavior.

There's a similar case in GETINFO handling; I've fixed that too.

Fixes #40375; bugfix on 0.3.1.1-alpha.
2021-05-26 13:02:56 -04:00
Alexander Færøy
11c7e65730 Merge branch 'maint-0.3.5' into maint-0.4.4 2021-05-25 13:25:23 +00:00
Alexander Færøy
4a7379b80a Merge branch 'maint-0.4.4' into maint-0.4.5 2021-05-25 13:25:23 +00:00
Alexander Færøy
bab2b29f89 Merge branch 'maint-0.4.5' into maint-0.4.6 2021-05-25 13:25:23 +00:00
Nick Mathewson
42ba87d964 Remove the function tor_tls_assert_renegotiation_unblocked.
It was used nowhere outside its own unit tests, and it was causing
compilation issues with recent OpenSSL 3.0.0 alphas.

Closes ticket 40399.
2021-05-25 07:38:31 -04:00
Nick Mathewson
4c06c619fa Use a more secure hash function for the circuitmux hashtable.
Fixes bug 40931; bugfix on 0.2.4.4-alpha. Also tracked as
TROVE-2021-005.

This issue was reported by Jann Horn from Google's Project Zero.
2021-05-18 08:40:09 -04:00
Nick Mathewson
debede5e50 Merge branch 'maint-0.4.5' into maint-0.4.6 2021-05-17 09:09:49 -04:00
Nick Mathewson
97b61e21a9 Merge remote-tracking branch 'tor-gitlab/mr/387' into maint-0.4.5 2021-05-17 09:09:42 -04:00
Nick Mathewson
fbd47a5078 Merge branch 'maint-0.4.5' into maint-0.4.6 2021-05-17 09:04:22 -04:00
Daniel Pinto
e0a8454691 Make SAVECONF keep only one backup and add sandbox rules for it. #40317
When seccomp sandbox is active, SAVECONF failed because it was not
able to save the backup files for torrc. This commit simplifies
the implementation of SAVECONF and sandbox by making it keep only
one backup of the configuration file.
2021-05-17 13:50:19 +02:00
David Goulet
5f009a59da conn: MetricsPort listener is a listener port
The connection type for the listener part was missing from the "is
connection a listener" function.

This lead to our periodic event that retries our listeners to keep
trying to bind() again on an already opened MetricsPort.

Closes #40370

Signed-off-by: David Goulet <dgoulet@torproject.org>
2021-05-12 15:13:50 -04:00
Nick Mathewson
8851861ff0 Merge branch 'ticket40374_046' into maint-0.4.6 2021-05-10 14:30:00 -04:00
Nick Mathewson
af6da4a36b Bump to 0.4.6.3-rc-dev 2021-05-10 10:53:39 -04:00
Nick Mathewson
0db0c5c739 Merge branch 'maint-0.4.5' into maint-0.4.6
"ours" to avoid version bump.
2021-05-10 10:53:10 -04:00
Nick Mathewson
ce8d6d143c Update to 0.4.5.8-dev 2021-05-10 10:53:00 -04:00
Nick Mathewson
e4f2b52deb Merge branch 'maint-0.4.5' into maint-0.4.6 2021-05-07 13:08:25 -04:00
Nick Mathewson
d85ef0d5e0 Merge branch 'ticket40382_045' into maint-0.4.5 2021-05-07 13:08:14 -04:00
Nick Mathewson
f5acfe6723 Add a sandbox workaround for Glibc 2.33
This change permits the newfstatat() system call, and fixes issues
40382 (and 40381).

This isn't a free change.  From the commit:

    // Libc 2.33 uses this syscall to implement both fstat() and stat().
    //
    // The trouble is that to implement fstat(fd, &st), it calls:
    //     newfstatat(fs, "", &st, AT_EMPTY_PATH)
    // We can't detect this usage in particular, because "" is a pointer
    // we don't control.  And we can't just look for AT_EMPTY_PATH, since
    // AT_EMPTY_PATH only has effect when the path string is empty.
    //
    // So our only solution seems to be allowing all fstatat calls, which
    // means that an attacker can stat() anything on the filesystem. That's
    // not a great solution, but I can't find a better one.
2021-05-07 12:12:11 -04:00
Nick Mathewson
5acf18bfaa Merge branch 'maint-0.4.5' into maint-0.4.6 2021-05-07 10:41:34 -04:00
Nick Mathewson
7c86f34340 Merge branch 'maint-0.4.4' into maint-0.4.5 2021-05-07 10:41:34 -04:00
Nick Mathewson
48dd87933d Merge branch 'maint-0.3.5' into maint-0.4.4 2021-05-07 10:41:33 -04:00
Nick Mathewson
e2c1ac214c Reindent a few lines to fix a GCC warning.
As of GCC 11.1.1, the compiler warns us about code like this:

     if (a)
         b;
         c;

and that's a good thing: we wouldn't want to "goto fail".  But we
had an instance if this in circuituse.c, which was making our
compilation sad.

Fixes bug 40380; bugfix on 0.3.0.1-alpha.
2021-05-07 10:39:20 -04:00
Nick Mathewson
0397a9cb49 Merge branch 'maint-0.4.5' into maint-0.4.6 2021-05-07 09:53:58 -04:00
Nick Mathewson
7fe819c951 Merge branch 'maint-0.4.4' into maint-0.4.5 2021-05-07 09:53:58 -04:00
Nick Mathewson
f68aeda549 Merge branch 'maint-0.3.5' into maint-0.4.4 2021-05-07 09:53:57 -04:00
Nick Mathewson
621f8a304a Update geoip files to match ipfire location db, 2021/05/07. 2021-05-07 09:53:46 -04:00
Nick Mathewson
8142b368e7 Bump to 0.4.6.3-rc 2021-05-07 09:42:18 -04:00
Nick Mathewson
3483d6aab5 Merge branch 'maint-0.4.5' into maint-0.4.6
"ours" to avoid version bump.
2021-05-07 09:39:45 -04:00
Nick Mathewson
ec0b4bdafd Bump to 0.4.5.8. 2021-05-07 09:39:33 -04:00
David Goulet
a42e58a284 Merge branch 'tor-gitlab/mr/375' into maint-0.4.6 2021-05-07 09:05:16 -04:00
David Goulet
b1b4c05fb3 Merge branch 'maint-0.4.5' into maint-0.4.6 2021-05-07 09:03:39 -04:00
George Kadianakis
80c404c4b7 Log warning when connecting to soon-to-be-deprecated v2 onions. 2021-05-07 08:44:36 -04:00
George Kadianakis
5e836eb80c Add warning when trying to connect to deprecated v2 onions. 2021-05-07 08:41:46 -04:00
George Kadianakis
f230beadf4 Prepare for #40373: Re-introduce parsing for v2 onion addresses.
Welcome back ONION_V2_HOSTNAME! :)
2021-05-05 11:05:45 +03:00
David Goulet
cf6e72b702 hs: Fix ADD_ONION with client authorization
Turns out that passing client authorization keys to ADD_ONION for v3 was
not working because we were not setting the "is_client_auth_enabled"
flag to true once the clients were configured. This lead to the
descriptor being encoded without the clients.

This patch removes that flag and instead adds an inline function that
can be used to check if a given service has client authorization
enabled.

This will be much less error prone of needing to keep in sync the client
list and a flag instead.

Fixes #40378

Signed-off-by: David Goulet <dgoulet@torproject.org>
2021-05-04 10:37:26 -04:00
Nick Mathewson
8d0d7a665a Remove NEED_SKEY_1024 parsing.
Only v2 onion services needed this, and they are now gone.

Closes #40374.
2021-04-23 15:55:51 -04:00
George Kadianakis
f0260c4cea Merge branch 'maint-0.4.5' into maint-0.4.6 2021-04-23 13:00:23 +03:00