Commit Graph

22145 Commits

Author SHA1 Message Date
Nick Mathewson
9c899dad31 Merge remote-tracking branch 'origin/maint-0.2.8' into maint-0.2.8 2016-12-08 09:07:28 -05:00
Nick Mathewson
4732e150e8 Bump to 0.2.8.11 2016-12-08 09:04:37 -05:00
Nick Mathewson
10baf2c684 Backport the other sierra fix in 20865.
They added clock_gettime(), but with tv_nsec as a long, whereas
tv_usec is a __darwin_suseconds_t (a.k.a. 'int').  Now, why would
they do that? Are they preparing for a world where there are more
than 2 billion nanoseconds per second?  Are they planning for having
int be less than 32 bits again?  Or are they just not paying
attention to the Darwin API?

Also, they forgot to mark clock_gettime() as Sierra-only, so even
if we fixed the issue here, we'd still be stick with portability
breakage like we were for 0.2.9.

So, just disable clock_gettime() on apple.
2016-12-07 18:24:28 -05:00
Nick Mathewson
cc34ba1cec Merge branch 'getentropy_028' into maint-0.2.8 2016-12-05 10:06:16 -05:00
Nick Mathewson
714aeedc52 20865: Don't use getentropy() on OSX Sierra.
Tor 0.2.9 has a broader range of fixes and workarounds here, but for
0.2.8, we're just going to maintain the existing behavior.

(The alternative would be to backport both
1eba088054 and
16fcbd21c9 , but the latter is kind of
a subtle kludge in the configure.ac script, and I'm not a fan of
backporting that kind of thing.)
2016-12-05 10:02:33 -05:00
Nick Mathewson
2a365413eb Always Use EVP_aes_*_ctr() with openssl 1.1
(OpenSSL 1.1 makes EVP_CIPHER_CTX opaque, _and_ adds acceleration
for counter mode on more architectures.  So it won't work if we try
the older approach, and it might help if we try the newer one.)

Fixes bug 20588.
2016-12-05 07:54:22 -05:00
Nick Mathewson
1122137fa0 Bump to 0.2.8.10-dev 2016-12-02 11:19:53 -05:00
Nick Mathewson
9157405c03 Bump to 0.2.8.10 2016-12-01 13:34:21 -05:00
Nick Mathewson
16fcbd21c9 Try to work around breakage in the OSX 10.12 SDK.
Apple is supposed to decorate their function declarations with
macros to indicate which OSX version introduced them, so that you
can tell the compiler that you want to build against certain
versions of OSX.  But they forgot to do that for clock_gettime() and
getentropy(), both of which they introduced in 10.12.

This patch adds a kludge to the configure.ac script where, if we
detect that we are targeting OSX 10.11 or earlier, we don't even probe
to see if the two offending functions are present.

Closes ticket 20235.
2016-11-22 19:24:13 -05:00
Nick Mathewson
2639fd08e7 Merge branch 'maint-0.2.7' into maint-0.2.8 2016-11-07 09:31:36 -05:00
Nick Mathewson
f5fdf188b9 Merge branch 'maint-0.2.6' into maint-0.2.7 2016-11-07 09:30:42 -05:00
Nick Mathewson
6c2174d44d Merge branch 'maint-0.2.5' into maint-0.2.6 2016-11-07 09:30:16 -05:00
Nick Mathewson
db2571be61 Merge branch 'maint-0.2.4' into maint-0.2.5 2016-11-07 09:29:54 -05:00
Karsten Loesing
ea597832e2 Update geoip and geoip6 to the November 3 2016 database. 2016-11-07 15:05:19 +01:00
Nick Mathewson
61bdc452b0 Merge branch 'bug20551_028' into maint-0.2.8 2016-11-03 18:36:25 -04:00
Nick Mathewson
7a45ef5a47 Merge remote-tracking branch 'arma/bug19969_028_squashed' into maint-0.2.8 2016-11-03 15:44:30 -04:00
Nick Mathewson
9b18b215bb Work around a behavior change in openssl's BUF_MEM code
In our code to write public keys to a string, for some unfathomable
reason since 253f0f160e, we would allocate a memory BIO, then
set the NOCLOSE flag on it, extract its memory buffer, and free it.
Then a little while later we'd free the memory buffer with
BUF_MEM_free().

As of openssl 1.1 this doesn't work any more, since there is now a
BIO_BUF_MEM structure that wraps the BUF_MEM structure.  This
BIO_BUF_MEM doesn't get freed in our code.

So, we had a memory leak!

Is this an openssl bug?  Maybe.  But our code was already pretty
silly.  Why mess around with the NOCLOSE flag here when we can just
keep the BIO object around until we don't need the buffer any more?

Fixes bug 20553; bugfix on 0.0.2pre8
2016-11-03 10:51:10 -04:00
Nick Mathewson
464783a8dc Use explicit casts to avoid warnings when building with openssl 1.1
fixes bug 20551; bugfix on 0.2.1.1-alpha
2016-11-03 09:35:41 -04:00
Nick Mathewson
b2f82d45b7 Always call connection_ap_attach_pending() once a second.
Fixes bug 19969; bugfix on b1d56fc58.  We can fix this some more in
later Tors, but for now, this is probably the simplest fix possible.

This is a belt-and-suspenders fix, where the earlier fix ("Ask
event_base_loop to finish when we add a pending stream") aims to respond
to new streams as soon as they arrive, and this one aims to make sure
that we definitely respond to all of the streams.
2016-11-01 20:09:44 -04:00
Roger Dingledine
d89804a69d Ask event_base_loop to finish when we add a pending stream
Fixes bug 19969; bugfix on b1d56fc58. We can fix this some more in
later Tors, but for now, this is probably the right fix for us.
2016-11-01 19:52:55 -04:00
Roger Dingledine
28b755e660 refactor out the tor_event_base_loopexit() call
no actual changes
2016-11-01 19:52:54 -04:00
Nick Mathewson
b0f1241a1d Bump to 0.2.8.9-dev 2016-10-17 16:32:11 -04:00
Nick Mathewson
0fa3811c78 bump to 0.2.8.9 2016-10-17 14:57:26 -04:00
Nick Mathewson
1df114330e Merge branch 'buf_sentinel_026_v2' into maint-0.2.8 2016-10-17 14:51:06 -04:00
Nick Mathewson
3cea86eb2f Add a one-word sentinel value of 0x0 at the end of each buf_t chunk
This helps protect against bugs where any part of a buf_t's memory
is passed to a function that expects a NUL-terminated input.

It also closes TROVE-2016-10-001 (aka bug 20384).
2016-10-17 14:49:54 -04:00
Nick Mathewson
ab98c4387e Merge branch 'maint-0.2.7' into maint-0.2.8 2016-10-06 09:59:42 -04:00
Nick Mathewson
ec718aa839 Merge branch 'maint-0.2.6' into maint-0.2.7 2016-10-06 09:59:18 -04:00
Nick Mathewson
12a7298376 Merge branch 'maint-0.2.5' into maint-0.2.6 2016-10-06 09:59:03 -04:00
Nick Mathewson
304d8f3bbb Merge branch 'maint-0.2.4' into maint-0.2.5 2016-10-06 09:58:54 -04:00
Karsten Loesing
1b4984f196 Update geoip and geoip6 to the October 6 2016 database. 2016-10-05 16:35:14 +02:00
Nick Mathewson
ec19ecce4b Bump to 0.2.8.8-dev. 2016-09-23 15:58:06 -04:00
Nick Mathewson
db6153e70c Merge remote-tracking branch 'teor/broken-028-fallbacks' into maint-0.2.8 2016-09-23 09:29:55 -04:00
teor
30275b048f
Remove another fallback whose operator opted-out 2016-09-22 16:38:04 -07:00
Nick Mathewson
ad1824f91d Update versions to 0.2.8.8 2016-09-22 15:37:06 -04:00
Nick Mathewson
d78711c0ae LintChanges fix 2016-09-22 15:19:59 -04:00
Nick Mathewson
6e96eababe Merge branch 'bug20203_027_squashed' into maint-0.2.8 2016-09-22 15:17:00 -04:00
Nick Mathewson
e4aaf76660 When clearing cells from a circuit for OOM reasons, tell cmux we did so.
Not telling the cmux would sometimes cause an assertion failure in
relay.c when we tried to get an active circuit and found an "active"
circuit with no cells.

Additionally, replace that assert with a test and a log message.

Fix for bug 20203. This is actually probably a bugfix on
0.2.8.1-alpha, specifically my code in 8b4e5b7ee9 where I
made circuit_mark_for_close_() do less in order to simplify our call
graph. Thanks to "cypherpunks" for help diagnosing.
2016-09-22 15:16:07 -04:00
Nick Mathewson
1edea87c2a Fix lintchanges warnings in 028 2016-09-22 09:00:16 -04:00
teor
df7b0011e3
Changes file for #20190: remove broken fallbacks 2016-09-22 08:08:59 +10:00
Nick Mathewson
9ebe202da0 Merge remote-tracking branch 'public/bug20103_028_v3' into maint-0.2.8 2016-09-20 19:30:24 -04:00
teor
19a9872be2
fixup! Update hard-coded fallback list based on pre-0.2.9 checks 2016-09-21 09:13:04 +10:00
Nick Mathewson
9b5a19c64b Don't look at any routerstatus_t when the networkstatus is inconsistent
For a brief moment in networkstatus_set_current_consensus(), the old
consensus has been freed, but the node_t objects still have dead
pointers to the routerstatus_t objects within it.  During that
interval, we absolutely must not do anything that would cause Tor to
look at those dangling pointers.

Unfortunately, calling the (badly labeled!) current_consensus macro
or anything else that calls into we_use_microdescriptors_for_circuits(),
can make us look at the nodelist.

The fix is to make sure we identify the main consensus flavor
_outside_ the danger zone, and to make the danger zone much much
smaller.

Fixes bug 20103.  This bug has been implicitly present for AGES; we
just got lucky for a very long time.  It became a crash bug in
0.2.8.2-alpha when we merged 35bbf2e4a4 to make
find_dl_schedule start looking at the consensus, and 4460feaf28
which made node_get_all_orports less (accidentally) tolerant of
nodes with a valid ri pointer but dangling rs pointer.
2016-09-20 10:43:58 -04:00
teor
c6d51b4577
Update hard-coded fallback list based on pre-0.2.9 checks 2016-09-20 16:49:45 +10:00
Nick Mathewson
6494f3346b Merge branch 'maint-0.2.7' into maint-0.2.8 2016-09-07 13:54:12 -04:00
Nick Mathewson
11edbf4808 Merge branch 'maint-0.2.6' into maint-0.2.7 2016-09-07 13:54:03 -04:00
Nick Mathewson
52a99cb6c1 Merge branch 'maint-0.2.5' into maint-0.2.6 2016-09-07 13:53:53 -04:00
Nick Mathewson
e4d82da05b Merge branch 'maint-0.2.4' into maint-0.2.5 2016-09-07 13:53:43 -04:00
Karsten Loesing
56f95ba94d Update geoip and geoip6 to the September 6 2016 database. 2016-09-07 11:08:04 +02:00
Nick Mathewson
e9124b8cc7 bump to 0.2.8.7-dev 2016-08-24 14:46:08 -04:00
Nick Mathewson
57ba7ab39a Bump to 0.2.8.7 2016-08-24 11:01:57 -04:00