Commit Graph

37774 Commits

Author SHA1 Message Date
Tor CI Release
955aa02c0d version: Bump version to 0.4.7.3-alpha 2021-12-16 09:27:29 -05:00
David Goulet
21d189d90e Merge branch 'maint-0.4.6' 2021-12-16 09:27:03 -05:00
Tor CI Release
faad5ded78 version: Bump version to 0.4.6.9 2021-12-16 09:23:30 -05:00
David Goulet
48e993be95 changes: Minor syntax editing fixes
Signed-off-by: David Goulet <dgoulet@torproject.org>
2021-12-15 10:53:32 -05:00
Alexander Færøy
193781e6ef Merge remote-tracking branch 'tor-gitlab/mr/500' into main 2021-12-15 12:46:18 +00:00
Alexander Færøy
48d778bc32 Merge remote-tracking branch 'tor-gitlab/mr/491' into main 2021-12-15 12:41:00 +00:00
Alexander Færøy
95b82c4fee Merge remote-tracking branch 'tor-gitlab/mr/497' into main 2021-12-15 12:38:30 +00:00
skaluzka
39848ca166
Correct typo in scripts/README file
Signed-off-by: skaluzka <skaluzka@protonmail.com>
2021-12-14 23:14:02 +01:00
David Goulet
eb06d52dae fixup! relay: Change DNS timeout label on MetricsPort
Signed-off-by: David Goulet <dgoulet@torproject.org>
2021-12-14 16:13:00 -05:00
David Goulet
b37674fec7 fixup! relay: Change DNS timeout label on MetricsPort
Signed-off-by: David Goulet <dgoulet@torproject.org>
2021-12-14 16:12:17 -05:00
David Goulet
122c60c323 fixup! relay: Change DNS timeout label on MetricsPort 2021-12-14 12:14:39 -05:00
David Goulet
bf1ed5c853 relay: Change DNS timeout label on MetricsPort
Change it from "timeout" to "tor_timeout" in order to indicate that the
DNS timeout is one from tor's DNS threshold and not the DNS server
itself.

Fixes #40527

Signed-off-by: David Goulet <dgoulet@torproject.org>
2021-12-13 10:49:00 -05:00
David Goulet
ad6a0ebb11 Merge branch 'ticket40527_046_01' into ticket40527_047_01 2021-12-13 10:48:54 -05:00
David Goulet
cda7acb35d relay: Don't make DNS timeout trigger an overload
Tor has configure libevent to attempt up to 3 times a DNS query for a
maximum of 5 seconds each. Once that 5 seconds has elapsed, it consider
the query "Timed Out" but tor only gets a timeout if all 3 attempts have
failed.

For example, using Unbound, it has a much higher threshold of timeout.
It is well defined in
https://www.nlnetlabs.nl/documentation/unbound/info-timeout/ and has
some complexity to it. But the gist is that if it times out, it will be
much more than 5 seconds.

And so the Tor DNS timeouts are more of a "UX issue" rather than a
"network issue". For this reason, we are removing this metric from the
overload general signal.

See https://gitlab.torproject.org/tpo/network-health/team/-/issues/139
for more information.

Fixes #40527

Signed-off-by: David Goulet <dgoulet@torproject.org>
2021-12-13 10:47:46 -05:00
Nick Mathewson
b8e6eb6236 Merge remote-tracking branch 'tor-gitlab/mr/498' 2021-12-13 10:47:39 -05:00
Nick Mathewson
86819229af Limit the number of elements in a consdiff hash line.
This avoids performing and then freeing a lot of small mallocs() if
the hash line has too many elements.

Fixes one case of bug 40472; resolves OSS-Fuzz 38363.  Bugfix on
0.3.1.1-alpha when the consdiff parsing code was introduced.
2021-12-06 12:35:08 -05:00
Nick Mathewson
b4c55f3a70 changes: Describe when bug 7362 began. 2021-11-23 11:28:30 -05:00
Cecylia Bocovich
0d3894dbbc
Add documentation on {C,S}METHOD parsing behaviour 2021-11-23 11:18:04 -05:00
Cecylia Bocovich
809b636b6e
Don't kill managed proxy on method error
Some PT applications support more than one transport. For example,
obfs4proxy supports obfs4, obfs3, and meek. If one or more transports
specified in the torrc file are supported, we shouldn't kill the managed
proxy on a {C,S}METHOD-ERROR. Instead, we should log a warning.

We were already logging warnings on method errors. This change just
makes sure that the managed proxy isn't killed, and then if no
transports are configured for the managed proxy, bumps the log level up
from a notice to a warning.

Closes #7362
2021-11-19 14:50:36 -05:00
Nick Mathewson
dd085d42f9 Do not count controller-selected paths towards path bias.
As a side effect, this fixes a "Bug" warning.

Closes #40515.  Bugfix on 0.2.4.10-alpha.
2021-11-15 08:55:47 -05:00
Alexander Færøy
a78dafbf7c Merge branch 'maint-0.4.5' into maint-0.4.6 2021-11-08 14:16:19 +00:00
Alexander Færøy
9d8b0c5bdc Merge branch 'maint-0.4.6' into main 2021-11-08 14:16:19 +00:00
Alexander Færøy
882fd1f0d4 Merge branch 'maint-0.3.5' into maint-0.4.5 2021-11-08 14:16:18 +00:00
Alexander Færøy
4a24673436 Merge remote-tracking branch 'tor-gitlab/mr/487' into maint-0.3.5 2021-11-08 14:15:59 +00:00
Alexander Færøy
4914e0e1cc Merge remote-tracking branch 'tor-gitlab/mr/486' into maint-0.3.5 2021-11-08 14:15:56 +00:00
Alexander Færøy
d1493f2f27 Merge remote-tracking branch 'tor-gitlab/mr/485' into main 2021-11-08 14:14:03 +00:00
Alexander Færøy
fe52c87652 Merge remote-tracking branch 'tor-gitlab/mr/480' into main 2021-11-08 14:12:22 +00:00
Alexander Færøy
32c45a8f94 Merge remote-tracking branch 'tor-gitlab/mr/479' into main 2021-11-08 14:10:29 +00:00
Nick Mathewson
cee6e7d9e1 Give an error message if LibreSSL's TLSv1.3 APIs aren't what we need
From LibreSSL versions 3.2.1 through 3.4.0, our configure script
would conclude that TLSv1.3 as supported, but it actually wasn't.
This led to annoying breakage like #40128 and #40445.

Now we give an error message if we try to build with one of those
versions.

Closes #40511.
2021-11-06 11:04:08 -04:00
Nick Mathewson
8beb560bfd Reverse the direction of the test for openssl 3.0.0
Previously the logic was reversed, and always gave the wrong answer.
This has no other effect than to change whether we suppress
deprecated API warnings.

Fixes #40429; bugfix on 0.3.5.13.
2021-11-05 13:23:05 -04:00
Nick Mathewson
c93114ec9e Prefer use of __MINGW_PRINTF/SCANF_FORMAT if available.
Mingw headers sometimes like to define alternative scanf/printf
format attributes depending on whether they're using clang, UCRT,
MINGW_ANSI_STDIO, or the microsoft version of printf/scanf.  This
change attempts to use the right one on the given platform.

This is an attempt to fix part of #40355.
2021-11-05 12:36:34 -04:00
David Goulet
77b265f96e Merge branch 'maint-0.4.5' into maint-0.4.6 2021-11-05 10:44:10 -04:00
David Goulet
1c77deca4f Merge branch 'maint-0.4.6' 2021-11-05 10:44:10 -04:00
David Goulet
a7fe37f1fa protover: Fix merge forward from 035
Signed-off-by: David Goulet <dgoulet@torproject.org>
2021-11-05 10:42:54 -04:00
David Goulet
47adba879c Merge branch 'maint-0.3.5' into maint-0.4.5 2021-11-05 10:35:08 -04:00
Nick Mathewson
439e17180c Light edit to protover warnings. 2021-11-05 10:30:57 -04:00
Simon South
94d82baeec changes: Add file for ticket 40505 2021-11-05 10:30:51 -04:00
Simon South
001d880d10 sandbox: Allow "statx" syscall on i386 for glibc 2.33
glibc versions 2.33 and newer use the modern "statx" system call in their
implementations of stat() and opendir() for Linux on i386.  Prevent failures in
the sandbox unit tests by modifying the sandbox to allow this system call
without restriction on i386 when it is available, and update the test suite to
skip the "sandbox/stat_filename" test in this case as it is certain to fail.
2021-11-05 10:30:51 -04:00
Simon South
d59f63f1c4 test: Skip sandbox/stat_filename where "stat64" syscall defined
On 32-bit architectures where Linux provides the "stat64" system call,
including i386, the sandbox is unable to filter calls to stat() as glibc uses
this system call itself internally and the sandbox must allow it without
restriction.

Update the sandbox unit tests to skip the "sandbox/stat_filename" test on
systems where the "stat64" system call is defined and the test is certain to
fail.  Also reorder the "#if" statement's clauses to correspond with the
comment preceding it, for clarity.
2021-11-05 10:30:51 -04:00
Simon South
f5980e60ed sandbox: Allow "clock_gettime64" syscall where defined
On 32-bit architectures where Linux provides the "clock_gettime64" system call,
including i386, glibc uses it in place of "clock_gettime".  Modify the sandbox
implementation to match, to prevent Tor's monotonic-time functions (in
src/lib/time/compat_time.c) failing when the sandbox is active.
2021-11-05 10:30:51 -04:00
Simon South
55571fc8d7 sandbox: Filter "chown32" syscall on i386
On i386 glibc uses the "chown32" system call instead of "chown".  Prevent
attempts to filter calls to chown() on this architecture from failing by
modifying the sandbox implementation to match.
2021-11-05 10:30:51 -04:00
David Goulet
f93cd5deb8 protover: Add a note on why LinkAuth is not recommended or required
Signed-off-by: David Goulet <dgoulet@torproject.org>
2021-11-05 10:16:08 -04:00
David Goulet
3d1a49908c protover: Move all hardcoded lists in one place
This also moves the warnings and add some theatrical effect around the
code so anyone modifying those list should notice the warnings signs and
read the comment accordingly.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2021-11-05 10:13:47 -04:00
Nick Mathewson
7c085490f5 Add scary warnings about changing the protover list.
Doing this in the wrong way has potential to cause serious havoc on
the network, so let's make it harder for future programmers to mess
it up.
2021-11-05 09:20:05 -04:00
Alexander Færøy
fb6bba1e42 Merge branch 'maint-0.4.5' into maint-0.4.6 2021-11-05 03:10:29 +00:00
Alexander Færøy
c363e2017f Merge branch 'maint-0.4.6' into main 2021-11-05 03:10:29 +00:00
Alexander Færøy
40e2106031 Merge branch 'maint-0.3.5' into maint-0.4.5 2021-11-05 03:10:28 +00:00
Alexander Færøy
cfd1482f78 Merge remote-tracking branch 'ahf/ahf/ci-i386' into maint-0.3.5 2021-11-05 03:10:12 +00:00
David Goulet
89ba63a619 Merge branch 'maint-0.4.6' 2021-11-03 09:54:14 -04:00
David Goulet
33fb0f1d8f shellcheck: Remove unused variable in ci-driver.sh
Signed-off-by: David Goulet <dgoulet@torproject.org>
2021-11-03 09:54:09 -04:00