Commit Graph

10184 Commits

Author SHA1 Message Date
Nick Mathewson
1555646b36 Merge branch 'maint-0.4.6' 2021-06-30 08:15:41 -04:00
Nick Mathewson
4302c0b4a1 Merge branch 'maint-0.4.5' into maint-0.4.6 2021-06-30 08:15:41 -04:00
Nick Mathewson
e60d14bb6b Missing changes file for #40409 2021-06-30 08:14:57 -04:00
David Goulet
e9edcea0ca Merge branch 'tor-gitlab/mr/275' 2021-06-29 10:55:46 -04:00
David Goulet
301ffb71a6 hs: Send back 0xF6 for a v2 onion address
Fixes #40421

Signed-off-by: David Goulet <dgoulet@torproject.org>
2021-06-29 09:56:44 -04:00
Steven Engler
f944e46399 If TestingTorNetwork, skip perm check on the hs directory 2021-06-28 13:51:06 -04:00
Nick Mathewson
45c8d69cbb Merge branch 'maint-0.4.5' into maint-0.4.6 2021-06-26 10:04:38 -04:00
Nick Mathewson
45b5987115 Merge branch 'maint-0.4.6' 2021-06-26 10:04:38 -04:00
Alexander Færøy
83483bd4f6 Enable deterministic RNG for address set tests.
This patch enables the deterministic RNG for address set tests,
including the tests which uses address set indirectly via the nodelist
API.

This should prevent random test failures in the highly unlikely case of
a false positive which was seen in tor#40419.

See: tpo/core/tor#40419.
2021-06-25 16:43:10 +00:00
David Goulet
270398fa31 Merge branch 'maint-0.4.6' 2021-06-18 14:29:15 -04:00
Alexander Færøy
2c00ad36cd Fix compilation on systems with older compilers.
This patch fixes a build error with GCC 7.x which doesn't seem to accept
const int's as constants in macro initialization.

See: tpo/core/tor#40410
2021-06-18 18:14:07 +00:00
Nick Mathewson
d642da020e Merge remote-tracking branch 'tor-gitlab/mr/338' 2021-06-14 13:10:18 -04:00
Nick Mathewson
982829650c Merge remote-tracking branch 'tor-gitlab/mr/397' 2021-06-14 13:05:03 -04:00
Nick Mathewson
ec677c0c2e Merge branch 'maint-0.4.6' 2021-06-10 12:30:30 -04:00
Nick Mathewson
8e590992c4 Merge branch 'maint-0.4.5' into maint-0.4.6 2021-06-10 12:30:29 -04:00
Nick Mathewson
200e9a55e0 Merge branch 'maint-0.4.4' into maint-0.4.5 2021-06-10 12:30:29 -04:00
Nick Mathewson
0ae9fd62fd Merge branch 'maint-0.3.5' into maint-0.4.4 2021-06-10 12:30:11 -04:00
George Kadianakis
f57b5c48e0 Fix TROVE-2021-006: Out-of-bounds read on v3 desc parsing 2021-06-10 12:11:10 -04:00
Nick Mathewson
8734eea31b Merge branch 'maint-0.4.6' 2021-06-10 08:53:07 -04:00
Nick Mathewson
3260d323a6 Merge branch 'maint-0.4.5' into maint-0.4.6 2021-06-10 08:53:07 -04:00
Nick Mathewson
ec696a95e5 Merge branch 'maint-0.4.4' into maint-0.4.5 2021-06-10 08:53:07 -04:00
Nick Mathewson
0f2d45328d Merge branch 'maint-0.3.5' into maint-0.4.4
Conflicts resolved:
	src/core/or/relay.c
2021-06-10 08:52:39 -04:00
David Goulet
adb248b6d6 TROVE-2021-003: Check layer_hint before half-closed end and resolve cells
This issue was reported by Jann Horn part of Google's Project Zero.

Jann's one-sentence summary: entry/middle relays can spoof RELAY_END cells on
half-closed streams, which can lead to stream confusion between OP and
exit.

Fixes #40389
2021-06-10 08:50:05 -04:00
Nick Mathewson
d9edf143ab Merge branch 'maint-0.4.6' 2021-06-10 08:42:15 -04:00
Nick Mathewson
69bd4a8a2d Merge branch 'maint-0.4.5' into maint-0.4.6 2021-06-10 08:42:15 -04:00
Nick Mathewson
1da8621c0a Merge branch 'maint-0.4.4' into maint-0.4.5 2021-06-10 08:42:15 -04:00
Nick Mathewson
31eaa81f59 Merge branch 'maint-0.3.5' into maint-0.4.4 2021-06-10 08:42:15 -04:00
Nick Mathewson
d71bf986b4 Merge branch 'bug40391_035' into maint-0.3.5 2021-06-10 08:41:59 -04:00
Nick Mathewson
085bf61a35 Merge branch 'maint-0.4.6' 2021-06-10 08:37:34 -04:00
Nick Mathewson
1d11675adb Merge branch 'maint-0.4.5' into maint-0.4.6 2021-06-10 08:37:34 -04:00
Nick Mathewson
e2d01aac9e Merge branch 'maint-0.4.4' into maint-0.4.5 2021-06-10 08:37:34 -04:00
Nick Mathewson
7c19a4d924 Merge branch 'maint-0.3.5' into maint-0.4.4 2021-06-10 08:37:26 -04:00
Nick Mathewson
7fdfc2ea54 Merge branch 'bug40390_035_squashed' into maint-0.3.5 2021-06-10 08:34:25 -04:00
Nick Mathewson
c0aa9e0a1b Assert on _all_ failures from RAND_bytes().
Previously, we would detect errors from a missing RNG
implementation, but not failures from the RNG code itself.

Fortunately, it appears those failures do not happen in practice
when Tor is using OpenSSL's default RNG implementation.  Fixes bug
40390; bugfix on 0.2.8.1-alpha. This issue is also tracked as
TROVE-2021-004. Reported by Jann Horn at Google's Project Zero.
2021-06-10 08:33:57 -04:00
Nick Mathewson
a2e500f1ff Merge branch 'maint-0.4.6' 2021-06-10 08:21:49 -04:00
Nick Mathewson
cb38219664 Merge branch 'maint-0.4.5' into maint-0.4.6 2021-06-10 08:21:48 -04:00
Nick Mathewson
d60f8fe98a Merge branch 'maint-0.4.4' into maint-0.4.5 2021-06-10 08:21:48 -04:00
Nick Mathewson
57a41348ee Merge branch 'maint-0.3.5' into maint-0.4.4 2021-06-10 08:21:47 -04:00
Nick Mathewson
520d5c108f Update geoip files to match ipfire location db, 2021/06/10. 2021-06-10 08:20:13 -04:00
Nick Mathewson
d2256fe9ce Modernize our libfuzzer usage to close #40407
Additionally, remove lingering references to hsv2 fuzzers from the
fuzzing_include_am.py script.
2021-06-08 12:47:57 -04:00
Emily Bones
33e2c5962c Add links to original design paper and anonbib
Closes #33742
2021-06-07 20:33:15 +00:00
Nick Mathewson
6c82015959 Merge branch 'maint-0.4.6' 2021-06-01 12:16:42 -04:00
Nick Mathewson
f832b4bcee Merge branch 'bug40175_045' into maint-0.4.6 2021-06-01 12:16:35 -04:00
Nick Mathewson
9348b1b440 changes file for #40175 2021-06-01 12:16:06 -04:00
David Goulet
c29ba98ce8 Merge branch 'maint-0.4.6' 2021-05-27 10:01:49 -04:00
David Goulet
fd3678fa60 Merge branch 'tor-gitlab/mr/392' into maint-0.4.6 2021-05-27 10:01:44 -04:00
Nick Mathewson
d12b16614d Prefer mmap()ed consensus files over cached_dir_t entries.
Cached_dir_t is a somewhat "legacy" kind of storage when used for
consensus documents, and it appears that there are cases when
changing our settings causes us to stop updating those entries.

This can cause trouble, as @arma found out in #40375, where he
changed his settings around, and consensus diff application got
messed up: consensus diffs were being _requested_ based on the
latest consensus, but were being (incorrectly) applied to a
consensus that was no longer the latest one.

This patch is a minimal fix for backporting purposes: it has Tor do
the same search when applying consensus diffs as we use to request
them.  This should be sufficient for correct behavior.

There's a similar case in GETINFO handling; I've fixed that too.

Fixes #40375; bugfix on 0.3.1.1-alpha.
2021-05-26 13:02:56 -04:00
Alexander Færøy
1665d11942 Merge remote-tracking branch 'tor-gitlab/mr/388' into main 2021-05-25 14:17:12 +00:00
Alexander Færøy
11c7e65730 Merge branch 'maint-0.3.5' into maint-0.4.4 2021-05-25 13:25:23 +00:00
Alexander Færøy
4a7379b80a Merge branch 'maint-0.4.4' into maint-0.4.5 2021-05-25 13:25:23 +00:00
Alexander Færøy
bab2b29f89 Merge branch 'maint-0.4.5' into maint-0.4.6 2021-05-25 13:25:23 +00:00
Alexander Færøy
de5f94000c Merge branch 'maint-0.4.6' into main 2021-05-25 13:25:23 +00:00
Nick Mathewson
42ba87d964 Remove the function tor_tls_assert_renegotiation_unblocked.
It was used nowhere outside its own unit tests, and it was causing
compilation issues with recent OpenSSL 3.0.0 alphas.

Closes ticket 40399.
2021-05-25 07:38:31 -04:00
Neel Chauhan
96b59fc4d3 Fix the fencepost issue when we check stability_last_downrated 2021-05-20 11:06:50 -07:00
Nick Mathewson
4c06c619fa Use a more secure hash function for the circuitmux hashtable.
Fixes bug 40931; bugfix on 0.2.4.4-alpha. Also tracked as
TROVE-2021-005.

This issue was reported by Jann Horn from Google's Project Zero.
2021-05-18 08:40:09 -04:00
Nick Mathewson
debede5e50 Merge branch 'maint-0.4.5' into maint-0.4.6 2021-05-17 09:09:49 -04:00
Nick Mathewson
97b61e21a9 Merge remote-tracking branch 'tor-gitlab/mr/387' into maint-0.4.5 2021-05-17 09:09:42 -04:00
Nick Mathewson
fbd47a5078 Merge branch 'maint-0.4.5' into maint-0.4.6 2021-05-17 09:04:22 -04:00
Nick Mathewson
af560f21ec Merge branch 'maint-0.4.6' 2021-05-17 09:04:22 -04:00
Daniel Pinto
e0a8454691 Make SAVECONF keep only one backup and add sandbox rules for it. #40317
When seccomp sandbox is active, SAVECONF failed because it was not
able to save the backup files for torrc. This commit simplifies
the implementation of SAVECONF and sandbox by making it keep only
one backup of the configuration file.
2021-05-17 13:50:19 +02:00
David Goulet
5f009a59da conn: MetricsPort listener is a listener port
The connection type for the listener part was missing from the "is
connection a listener" function.

This lead to our periodic event that retries our listeners to keep
trying to bind() again on an already opened MetricsPort.

Closes #40370

Signed-off-by: David Goulet <dgoulet@torproject.org>
2021-05-12 15:13:50 -04:00
Nick Mathewson
265cca935a Ignore MAX_BANDWIDTH_CHANGE_FREQ on testing networks.
Part of the ever-growing 40337 fix.
2021-05-11 15:54:14 -04:00
Nick Mathewson
9d7fca2306 Make MinTimeToReportBandwidth a testing-only option (and rename it) 2021-05-11 15:49:00 -04:00
Nick Mathewson
0a915d9171 Missing changes file for #40330 2021-05-11 10:17:28 -04:00
Nick Mathewson
d82970c8c3 Merge branch 'maint-0.4.6' 2021-05-10 14:30:09 -04:00
Nick Mathewson
8851861ff0 Merge branch 'ticket40374_046' into maint-0.4.6 2021-05-10 14:30:00 -04:00
Alexander Færøy
a56ed0cfa4 Merge remote-tracking branch 'tor-gitlab/mr/369' 2021-05-10 10:58:29 +00:00
Nick Mathewson
e4f2b52deb Merge branch 'maint-0.4.5' into maint-0.4.6 2021-05-07 13:08:25 -04:00
Nick Mathewson
4e62c17114 Merge branch 'maint-0.4.6' 2021-05-07 13:08:25 -04:00
Nick Mathewson
f5acfe6723 Add a sandbox workaround for Glibc 2.33
This change permits the newfstatat() system call, and fixes issues
40382 (and 40381).

This isn't a free change.  From the commit:

    // Libc 2.33 uses this syscall to implement both fstat() and stat().
    //
    // The trouble is that to implement fstat(fd, &st), it calls:
    //     newfstatat(fs, "", &st, AT_EMPTY_PATH)
    // We can't detect this usage in particular, because "" is a pointer
    // we don't control.  And we can't just look for AT_EMPTY_PATH, since
    // AT_EMPTY_PATH only has effect when the path string is empty.
    //
    // So our only solution seems to be allowing all fstatat calls, which
    // means that an attacker can stat() anything on the filesystem. That's
    // not a great solution, but I can't find a better one.
2021-05-07 12:12:11 -04:00
Nick Mathewson
5acf18bfaa Merge branch 'maint-0.4.5' into maint-0.4.6 2021-05-07 10:41:34 -04:00
Nick Mathewson
a4c8591c35 Merge branch 'maint-0.4.6' 2021-05-07 10:41:34 -04:00
Nick Mathewson
7c86f34340 Merge branch 'maint-0.4.4' into maint-0.4.5 2021-05-07 10:41:34 -04:00
Nick Mathewson
48dd87933d Merge branch 'maint-0.3.5' into maint-0.4.4 2021-05-07 10:41:33 -04:00
Nick Mathewson
e2c1ac214c Reindent a few lines to fix a GCC warning.
As of GCC 11.1.1, the compiler warns us about code like this:

     if (a)
         b;
         c;

and that's a good thing: we wouldn't want to "goto fail".  But we
had an instance if this in circuituse.c, which was making our
compilation sad.

Fixes bug 40380; bugfix on 0.3.0.1-alpha.
2021-05-07 10:39:20 -04:00
Nick Mathewson
0397a9cb49 Merge branch 'maint-0.4.5' into maint-0.4.6 2021-05-07 09:53:58 -04:00
Nick Mathewson
1c9890bd31 Merge branch 'maint-0.4.6' 2021-05-07 09:53:58 -04:00
Nick Mathewson
7fe819c951 Merge branch 'maint-0.4.4' into maint-0.4.5 2021-05-07 09:53:58 -04:00
Nick Mathewson
f68aeda549 Merge branch 'maint-0.3.5' into maint-0.4.4 2021-05-07 09:53:57 -04:00
Nick Mathewson
621f8a304a Update geoip files to match ipfire location db, 2021/05/07. 2021-05-07 09:53:46 -04:00
David Goulet
93af8b1ad8 Merge branch 'maint-0.4.6' 2021-05-07 09:05:21 -04:00
George Kadianakis
80c404c4b7 Log warning when connecting to soon-to-be-deprecated v2 onions. 2021-05-07 08:44:36 -04:00
George Kadianakis
5e836eb80c Add warning when trying to connect to deprecated v2 onions. 2021-05-07 08:41:46 -04:00
George Kadianakis
d6e7fc00f3 Merge branch 'maint-0.4.6' 2021-05-05 10:21:48 +03:00
David Goulet
cf6e72b702 hs: Fix ADD_ONION with client authorization
Turns out that passing client authorization keys to ADD_ONION for v3 was
not working because we were not setting the "is_client_auth_enabled"
flag to true once the clients were configured. This lead to the
descriptor being encoded without the clients.

This patch removes that flag and instead adds an inline function that
can be used to check if a given service has client authorization
enabled.

This will be much less error prone of needing to keep in sync the client
list and a flag instead.

Fixes #40378

Signed-off-by: David Goulet <dgoulet@torproject.org>
2021-05-04 10:37:26 -04:00
Nick Mathewson
8d0d7a665a Remove NEED_SKEY_1024 parsing.
Only v2 onion services needed this, and they are now gone.

Closes #40374.
2021-04-23 15:55:51 -04:00
George Kadianakis
973fcf056a Merge branch 'maint-0.4.6' 2021-04-23 13:00:24 +03:00
George Kadianakis
f0260c4cea Merge branch 'maint-0.4.5' into maint-0.4.6 2021-04-23 13:00:23 +03:00
David Goulet
8c29729916 hs: Fix memory leak in client cache
Fixes #40356

Signed-off-by: David Goulet <dgoulet@torproject.org>
2021-04-21 11:37:46 -04:00
Nick Mathewson
cbf71c4fa7 Merge branch 'maint-0.4.6' 2021-04-19 11:43:39 -04:00
Nick Mathewson
0ceacb5482 Merge branch 'mr_347_squashed' into maint-0.4.6 2021-04-19 11:40:44 -04:00
David Goulet
6281c90885 relay: Emit log warning if Address is internal and can't be used
Signed-off-by: David Goulet <dgoulet@torproject.org>
2021-04-19 11:40:30 -04:00
Nick Mathewson
07237b484e Merge remote-tracking branch 'jigsaw/fix-40317_046-saveconf-sandbox-one-backup' 2021-04-19 11:32:21 -04:00
Nick Mathewson
d162b98548 Merge branch 'maint-0.4.5' into maint-0.4.6 2021-04-19 11:30:00 -04:00
Nick Mathewson
de33be6e32 Merge branch 'maint-0.4.6' 2021-04-19 11:30:00 -04:00
Nick Mathewson
cd75eac743 Tweak changes/ticket40369 to be a bug. 2021-04-19 11:29:46 -04:00
Emery Hemingway
f47c6c3d1b scripts/build/combine_libs: use $AR rather than ar
Using a custom ar at $AR may be necessary for cross-compilation.

Closes #40369

Signed-off-by: David Goulet <dgoulet@torproject.org>
2021-04-19 11:28:20 -04:00
George Kadianakis
7080e748e5 Merge remote-tracking branch 'tor-gitlab/mr/364' 2021-04-19 17:38:16 +03:00
George Kadianakis
461a3c732b Merge branch 'maint-0.4.5' into maint-0.4.6 2021-04-19 17:33:46 +03:00
George Kadianakis
925ec0e0ea Merge remote-tracking branch 'tor-gitlab/mr/355' into maint-0.4.5 2021-04-19 17:32:56 +03:00
Nick Mathewson
f20f5a4e37 Stop calling evdns_set_random_bytes_fn()
This function has been a no-op since Libevent 2.0.4-alpha, when
libevent got an arc4random() implementation.  Libevent has finally
removed it, which will break our compilation unless we stop calling
it.  (This is currently breaking compilation in OSS-fuzz.)

Closes #40371.
2021-04-16 17:26:59 -04:00
Nick Mathewson
33ca927a8e Start a changes file for 0.4.6.2-alpha 2021-04-14 10:58:15 -04:00
Nick Mathewson
8b22c80f56 Clean up the CONNECTION_TESTCASE_ARG macro. 2021-04-13 17:34:03 -04:00
Nick Mathewson
2815721243 Merge branch 'maint-0.4.5' 2021-04-13 17:00:56 -04:00
Nick Mathewson
59bc377dce Merge branch 'maint-0.4.4' into maint-0.4.5 2021-04-13 16:59:16 -04:00
Nick Mathewson
59f6248e09 Merge branch 'maint-0.3.5' into maint-0.4.4 2021-04-13 16:59:15 -04:00
David Goulet
ee7c50b8a7 fallbackdir: Renegerate list with 200 relays
Signed-off-by: David Goulet <dgoulet@torproject.org>
2021-04-13 15:15:58 -04:00
Alexander Færøy
705ea32c6e relay: Move "overload-general" from extra-info to server descriptor.
Fixes #40364

Signed-off-by: David Goulet <dgoulet@torproject.org>
2021-04-13 15:11:03 -04:00
Nick Mathewson
1f21b6e6a7 Merge branch 'maint-0.4.4' into maint-0.4.5 2021-04-13 10:36:01 -04:00
Nick Mathewson
1b48a28a74 Merge branch 'maint-0.4.5' 2021-04-13 10:36:01 -04:00
Nick Mathewson
b323e6b8c2 Merge branch 'maint-0.3.5' into maint-0.4.4 2021-04-13 10:36:00 -04:00
Nick Mathewson
32f5ad7665 Update geoip files to match ipfire location db, 2021/04/13. 2021-04-13 10:35:50 -04:00
Nick Mathewson
0d63b19afa Merge branch 'maint-0.4.5' 2021-04-13 09:41:13 -04:00
David Goulet
218f9f90fb guard: Don't check bridge transport name when selecting eligible guards
This is related to ticket #40360 which found this problem when a Bridge entry
with a transport name (let say obfs4) is set without a fingerprint:

  Bridge obfs4 <IP>:<PORT> cert=<...> iat-mode=0

(Notice, no fingerprint between PORT and "cert=")

Problem: commit 09c6d03246 added a check in
get_sampled_guard_for_bridge() that would return NULL if the selected bridge
did not have a valid transport name (that is the Bridge transport name that
corresponds to a ClientTransportPlugin).

Unfortuantely, this function is also used when selecting our eligible guards
which is done *before* the transport list is populated and so the added check
for the bridge<->transport name is querying an empty list of transports
resulting in always returning NULL.

For completion, the logic is: Pick eligible guards (use bridge(s) if need be)
then for those, initiate a connection to the pluggable transport proxy and
then populate the transport list once we've connected.

Back to get_sampled_guard_for_bridge(). As said earlier, it is used when
selecting our eligible guards in a way that prevents us from selecting
duplicates. In other words, if that function returns non-NULL, the selection
continues considering the bridge was sampled before. But if it returns NULL,
the relay is added to the eligible list.

This bug made it that our eligible guard list was populated with the *same*
bridge 3 times like so (remember no fingerprint):

  [info] entry_guards_update_primary(): Primary entry guards have changed. New primary guard list is:
  [info] entry_guards_update_primary():   1/3: [bridge] ($0000000000000000000000000000000000000000)
  [info] entry_guards_update_primary():   2/3: [bridge] ($0000000000000000000000000000000000000000)
  [info] entry_guards_update_primary():   3/3: [bridge] ($0000000000000000000000000000000000000000)

When tor starts, it will find the bridge fingerprint by connecting to it and
will then update the primary guard list by calling
entry_guard_learned_bridge_identity() which then goes and update only 1 single
entry resulting in this list:

  [debug] sampled_guards_update_consensus_presence(): Sampled guard [bridge] ($<FINGERPRINT>) is still listed.
  [debug] sampled_guards_update_consensus_presence(): Sampled guard [bridge] ($0000000000000000000000000000000000000000) is still listed.
  [debug] sampled_guards_update_consensus_presence(): Sampled guard [bridge] ($0000000000000000000000000000000000000000) is still listed.

And here lies the problem, now tor is stuck attempting to wait for a valid
descriptor for at least 2 guards where the second one is a bunch of zeroes and
thus tor will never fully bootstraps:

  [info] I learned some more directory information, but not enough to build a
  circuit: We're missing descriptors for 1/2 of our primary entry guards
  (total microdescriptors: 6671/6703). That's ok. We will try to fetch missing
  descriptors soon.

Now, why passing the fingerprint then works? This is because the list of
guards contains 3 times the same bridge but they all have a fingerprint and so
the descriptor can be found and tor can bootstraps.

The solution here is to entirely remove the transport name check in
get_sampled_guard_for_bridge() since the transport_list is empty at that
point. That way, the eligible guard list only gets 1 entry, the bridge, and
can then go on to bootstrap properly.

It is OK to do so since when launching a bridge descriptor fetch, we validate
that the bridge transport name is OK and thus avoid connecting to a bridge
without a ClientTransportPlugin. If we wanted to keep the check in place, we
would need to populate the transport_list much earlier and this would require
a much bigger refactoring.

Fixes #40360

Signed-off-by: David Goulet <dgoulet@torproject.org>
2021-04-08 14:08:28 -04:00
George Kadianakis
62614f0b3f Merge remote-tracking branch 'tor-gitlab/mr/354' 2021-04-08 14:37:30 +03:00
George Kadianakis
e0b8a79b2e Merge branch 'maint-0.4.5' 2021-04-08 14:29:08 +03:00
George Kadianakis
b07ed22cbb Merge remote-tracking branch 'tor-gitlab/mr/273' 2021-04-08 14:20:53 +03:00
Daniel Pinto
bbd558a6eb Make SAVECONF keep only one backup and add sandbox rules for it. #40317
When seccomp sandbox is active, SAVECONF failed because it was not
able to save the backup files for torrc. This commit simplifies
the implementation of SAVECONF and sandbox by making it keep only
one backup of the configuration file.
2021-04-07 23:53:06 +01:00
Nick Mathewson
02816d6059 Try making our configure.ac script build with AC 2.70.
In versions <=2.69, according to the autoconf docs, AC_PROG_CC_C99
is needed with some compilers, if they require extra arguments to
build C99 programs.  In versions >=2.70, AC_PROG_CC checks for these
compilers automatically, and so the AC_PROG_CC_C99 macro is
obsolete.

So, what can you do if you want your script to work right with both
autoconf versions?  IIUC, neither including AC_PROG_CC_C99 macro nor
leaving it out will give you the right behavior with both versions.
It looks like you need to look at the autoconf version explicitly.

(Now, the autoconf manual implies that it's "against autoconf
philosophy" to look at the autoconf version rather than trying the
behavior to see if it works, but they don't actually tell you how to
detect recoverably at autoconf-time whether a macro is obsolete or
not, and I can't find a way to do that.)

So, is it safe to use m4_version_prereq, like I do here?  It isn't
listed in the autoconf 2.63 manual (which is the oldest version we
support).  But a mailing list message [1] (which added the
documentation back in 2008) implies that m4_version_prereq has been
there since "at least back to autoconf 2.59".

https://lists.gnu.org/archive/html/autoconf-patches/2008-12/msg00025.html

So I think this will work.

I am basing this patch against Tor 0.3.5 since, if autoconf 2.70
becomes widespread before 0.3.5 is unsupported, we might need this
patch to continue 0.3.5 development.  But I don't think we should
backport farther than 0.4.5 until/unless that actually happens.

This is part of a fix for #40355.
2021-04-07 10:18:44 -04:00
Daniel Pinto
ce60454afd Add long format name --torrc-file for command line option -f. #40324 2021-03-28 03:56:31 +01:00
Daniel Pinto
36768b5756 Fix glob processing on BSD systems. #40318
On Linux systems, glob automatically ignores the errors ENOENT and
ENOTDIR because they are expected during glob expansion. But BSD
systems do not ignore these, resulting in glob failing when globs
expand to invalid paths. This is fixed by adding a custom error
handler that ignores only these two errors and removing the
GLOB_ERR flag as it makes glob fail even if the error handler
ignores the error and is unnecessary as the error handler will
make glob fail on all other errors anyway.
2021-03-26 01:56:07 +00:00
Daniel Pinto
272cb803df Avoid unused function warnings on libc's without GLOB_ALTDIRFUNC #40354 2021-03-24 22:26:39 +00:00
Nick Mathewson
c359c3056b Merge branch 'maint-0.4.4' into maint-0.4.5 2021-03-24 12:25:05 -04:00
Nick Mathewson
f6af8e2021 Merge branch 'maint-0.4.5' 2021-03-24 12:25:05 -04:00
Nick Mathewson
37b16d7e19 Merge remote-tracking branch 'tor-gitlab/mr/339' 2021-03-24 12:23:30 -04:00
George Kadianakis
f1c673fa54 Merge remote-tracking branch 'tor-gitlab/mr/343' 2021-03-24 13:17:27 +02:00
David Goulet
0cf3ab54f6 Merge branch 'tor-gitlab/mr/337' 2021-03-23 09:42:21 -04:00
Nick Mathewson
08a1b4d6b1 Add a DormantTimeoutEnabled to disable dormant mode entirely
(If you need to do this in an older version you can just set
DormantClientTimeout to something huge.)

Closes #40228.
2021-03-23 09:40:58 -04:00
David Goulet
9ca2394d6b channel: Fix use after free in channel_do_open_actions()
Fortunately, our tor_free() is setting the variable to NULL after so we were
in a situation where NULL was always used instead of the transport name.

This first appeared in 894ff2dc84 and results in
basically no bridge with a transport being able to use DoS defenses.

Fixes #40345

Signed-off-by: David Goulet <dgoulet@torproject.org>
2021-03-23 09:19:41 -04:00
David Goulet
3a2593710b man: HiddenServiceStatistics applies for bridges
Closes #40346

Signed-off-by: David Goulet <dgoulet@torproject.org>
2021-03-23 08:32:26 -04:00
Nick Mathewson
5c7f9844e4 manpage:Move BridgeRecordUsageByCountry to statistics section
patch from cypherpunks; closes #40323
2021-03-22 14:09:22 -04:00
Nick Mathewson
0229d5f818 Add "Heartbeat" to the start of several heartbeat messages.
Closes #40322.
2021-03-19 13:33:56 -04:00
Nick Mathewson
2dfa19a871 Move ServerTransport* options to 'Server Options' section.
Patch from 'cypherpunks'. Closes #40331.
2021-03-19 13:23:29 -04:00
Nick Mathewson
ded8f9b378 Fold new entries into 0.4.6.1-alpha ChangeLog 2021-03-18 09:51:37 -04:00
Roger Dingledine
6de09642f0 warn and reject reentering streams at client too
Clients now check whether their streams are attempting to re-enter
the Tor network (i.e. to send Tor traffic over Tor), and they close
them preemptively if they think exit relays will refuse them.

See bug 2667 for details. Resolves ticket 40271.
2021-03-17 13:04:23 -04:00
George Kadianakis
29f07a4e9d Merge branch 'mr/334' 2021-03-17 18:23:18 +02:00
George Kadianakis
0a5ecb3342 Implement backbone of overload statistics.
- Implement overload statistics structure.
- Implement function that keeps track of overload statistics.
- Implement function that writes overload statistics to descriptor.
- Unittest for the whole logic.
2021-03-17 18:22:38 +02:00
David Goulet
15a95df376 Merge branch 'tor-gitlab/mr/337' 2021-03-17 11:53:14 -04:00
Nick Mathewson
066748c9cd Add a DormantTimeoutEnabled to disable dormant mode entirely
(If you need to do this in an older version you can just set
DormantClientTimeout to something huge.)

Closes #40228.
2021-03-17 11:53:09 -04:00
Nick Mathewson
2ae24d003d Add a MinTimeToReportBandwidth option; make it 0 for testing networks.
This option changes the time for which a bandwidth measurement period
must have been in progress before we include it when reporting our
observed bandwidth in our descriptors.  Without this option, we only
consider a time period towards our maximum if it has been running
for a full day.  Obviously, that's unacceptable for testing
networks, where we'd like to get results as soon as possible.

For non-testing networks, I've put a (somewhat arbitrary) 2-hour
minimum on the option, since there are traffic analysis concerns
with immediate reporting here.

Closes #40337.
2021-03-17 08:45:37 -04:00
George Kadianakis
0ac03390e4 Merge branch 'maint-0.4.5' 2021-03-17 13:43:48 +02:00
George Kadianakis
59bbf8cde9 Merge remote-tracking branch 'tor-gitlab/mr/333' into maint-0.4.5 2021-03-17 13:43:38 +02:00
Nick Mathewson
2022d974af Fold ticket40314 into ChangeLog. 2021-03-15 09:35:56 -04:00
Nick Mathewson
fcd42982b2 Remove changes files that will appear in 0.4.5.7
(0.4.6.1-alpha will come out after the stable releases.)
2021-03-15 09:03:37 -04:00
Nick Mathewson
61731e3550 Merge branch 'maint-0.4.4' into maint-0.4.5 2021-03-15 09:01:59 -04:00
Nick Mathewson
5ec579610a Merge branch 'maint-0.3.5' into maint-0.4.4 2021-03-15 09:01:59 -04:00
Nick Mathewson
3268403ba1 Merge branch 'maint-0.4.5' 2021-03-15 09:01:59 -04:00
Nick Mathewson
f078aab71e Merge branch 'bug40316_035_v2' into maint-0.3.5 2021-03-15 08:58:54 -04:00
Nick Mathewson
890ae4fb1a Fix detection of point to insert signatures on a pending consensus.
We were looking for the first instance of "directory-signature "
when instead the correct behavior is to look for the first instance
of "directory-signature " at the start of a line.

Unfortunately, this can be exploited as to crash authorities while
they're voting.

Fixes #40316; bugfix on 0.2.2.4-alpha.  This is TROVE-2021-002,
also tracked as CVE-2021-28090.
2021-03-15 08:56:58 -04:00
Nick Mathewson
a6533af9e8 Merge branch 'maint-0.4.4' into maint-0.4.5 2021-03-15 08:54:00 -04:00