Nick Mathewson
1fe5097132
Sort changelog in release-0.2.7-redux
2017-02-28 10:11:45 -05:00
Nick Mathewson
680d940298
Adjust 0.2.7.7 changelog entry from 0.3.0.4-rc to match
2017-02-28 10:05:23 -05:00
Nick Mathewson
9da2c9954d
whoops; missed one
2017-02-23 16:08:20 -05:00
Nick Mathewson
4496301aa7
Begin an 0.2.7.7 changelog
...
To build this changelog, I've gone through the entries in
release-0.2.4's changes subdirectory, and looked up the ChangeLog
entry for each. I have not sorted them yet.
2017-02-23 16:02:41 -05:00
Nick Mathewson
aec45bc0b1
Merge branch 'maint-0.2.6' into maint-0.2.7-redux
2017-02-17 17:10:47 -05:00
Nick Mathewson
f7ed4a7d8f
Merge branch 'maint-0.2.5' into maint-0.2.6
2017-02-15 07:52:33 -05:00
Nick Mathewson
6e7ff9ee31
Merge branch 'maint-0.2.6' of git-rw.torproject.org:/tor into maint-0.2.6
2017-02-15 07:51:41 -05:00
Nick Mathewson
aeb299ba6d
Merge branch 'maint-0.2.5' of git-rw.torproject.org:/tor into maint-0.2.5
2017-02-15 07:51:33 -05:00
Nick Mathewson
3781f24b80
Merge branch 'maint-0.2.5' into maint-0.2.6
2017-02-15 07:47:12 -05:00
Nick Mathewson
a452b71395
Merge branch 'maint-0.2.4' into maint-0.2.5
2017-02-15 07:47:04 -05:00
Nick Mathewson
194e31057f
Avoid integer underflow in tor_version_compare.
...
Fix for TROVE-2017-001 and bug 21278.
(Note: Instead of handling signed ints "correctly", we keep the old
behavior, except for the part where we would crash with -ftrapv.)
2017-02-14 16:10:27 -05:00
Roger Dingledine
e778a411b9
Merge branch 'maint-0.2.5' into maint-0.2.6
2017-02-13 15:27:57 -05:00
Roger Dingledine
144ec3d58c
Merge branch 'maint-0.2.4' into maint-0.2.5
2017-02-13 15:23:50 -05:00
Roger Dingledine
635c5a8a92
be sure to remember the changes file for #20384
2017-02-13 15:22:36 -05:00
Nick Mathewson
43c18b1b7a
Merge branch 'maint-0.2.5' into maint-0.2.6
2017-02-13 14:37:42 -05:00
Nick Mathewson
124062e843
Merge branch 'maint-0.2.4' into maint-0.2.5
2017-02-13 14:37:01 -05:00
Karsten Loesing
f6016058b4
Update geoip and geoip6 to the February 8 2017 database.
2017-02-12 15:56:31 +01:00
Nick Mathewson
8a1f0876ed
Merge branch 'maint-0.2.6' into maint-0.2.7-redux
2017-02-07 10:38:05 -05:00
Nick Mathewson
f2a30413a3
Merge branch 'maint-0.2.5' into maint-0.2.6
2017-02-07 10:37:53 -05:00
Nick Mathewson
2ce4330249
Merge remote-tracking branch 'public/bug18710_025' into maint-0.2.5
2017-02-07 10:37:43 -05:00
Nick Mathewson
c056d19323
Merge branch 'maint-0.2.4' into maint-0.2.5
2017-02-07 10:37:31 -05:00
Nick Mathewson
3f5a710958
Revert "Revert "Add hidserv-stats filname to our sandbox filter""
...
This reverts commit 5446cb8d3d
.
The underlying revert was done in 0.2.6, since we aren't backporting
seccomp2 loosening fixes to 0.2.6. But the fix (for 17354) already
went out in 0.2.7.4-rc, so we shouldn't revert it in 0.2.7.
2017-02-07 10:13:20 -05:00
Nick Mathewson
5b60bd84f2
Bump the version to 0.2.7.6-dev again
2017-02-07 09:59:54 -05:00
Nick Mathewson
e91bb84a91
Merge branch 'maint-0.2.6' into maint-0.2.7-redux
...
maint-0.2.7-redux is an attempt to try to re-create a plausible
maint-0.2.7 branch. I've started from the tor-0.2.7.6, and then I
merged maint-0.2.6 into the branch.
This has produced 2 conflicts: one related to the
rendcommon->rendcache move, and one to the authority refactoring.
2017-02-07 09:59:12 -05:00
Nick Mathewson
85a2487f97
Disable a log_backtrace (which 0.2.4 does not have) in 16248 fix
2017-02-07 09:49:23 -05:00
Nick Mathewson
cfeb1db2fb
Add comments to connection_check_event().
2017-02-07 09:48:24 -05:00
Nick Mathewson
457d38a6e9
Change behavior on missing/present event to warn instead of asserting.
...
Add a changes file.
2017-02-07 09:48:19 -05:00
Nick Mathewson
650c03127a
If we start/stop reading on a dnsserv connection, don't assert.
...
Fixes bug 16248. Patch from cypherpunks. Bugfix on 0.2.0.1-alpha.
2017-02-07 09:48:13 -05:00
Nick Mathewson
5446cb8d3d
Revert "Add hidserv-stats filname to our sandbox filter"
...
Reverting this in 0.2.6 only -- we're no backporting
seccomp2-loosening fixes to 0.2.6.
This reverts commit 2ec5e24c58
.
2017-02-07 09:28:50 -05:00
Nick Mathewson
c6f2ae514e
Merge branch 'maint-0.2.5' into maint-0.2.6
2017-02-07 09:18:54 -05:00
Nick Mathewson
b9ef21cf56
Merge branch 'maint-0.2.4' into maint-0.2.5
2017-02-07 09:17:59 -05:00
Nick Mathewson
e4a42242ea
Backport the tonga->bifroest move to 0.2.4.
...
This is a backport of 19728 and 19690
2017-02-07 09:15:21 -05:00
Nick Mathewson
e6965f78b8
Merge branch 'maint-0.2.5' into maint-0.2.6
2017-02-07 08:54:54 -05:00
Nick Mathewson
6b37512dc7
Merge branch 'maint-0.2.4' into maint-0.2.5
2017-02-07 08:54:47 -05:00
Nick Mathewson
d6eae78e29
Merge remote-tracking branch 'public/bug19152_024_v2' into maint-0.2.4
2017-02-07 08:47:11 -05:00
Nick Mathewson
8936c50d83
Merge branch 'maint-0.2.5' into maint-0.2.6
2017-02-07 08:39:07 -05:00
Nick Mathewson
05ec055c41
Merge branch 'maint-0.2.4' into maint-0.2.5
2017-02-07 08:38:59 -05:00
Nick Mathewson
51675f97d3
Merge remote-tracking branch 'public/bug17404_024' into maint-0.2.4
2017-02-07 08:37:07 -05:00
Nick Mathewson
da0d5ad983
Merge branch 'maint-0.2.5' into maint-0.2.6
2017-02-07 08:34:37 -05:00
Nick Mathewson
332543baed
Merge branch 'maint-0.2.4' into maint-0.2.5
2017-02-07 08:34:08 -05:00
Nick Mathewson
6cb8c0fd4e
Refine the memwipe() arguments check for 18089 a little more.
...
We still silently ignore
memwipe(NULL, ch, 0);
and
memwipe(ptr, ch, 0); /* for ptr != NULL */
But we now assert on:
memwipe(NULL, ch, 30);
2017-02-07 08:33:51 -05:00
teor (Tim Wilson-Brown)
fb7d1f41b4
Make memwipe() do nothing when passed a NULL pointer or zero size
...
Check size argument to memwipe() for underflow.
Closes bug #18089 . Reported by "gk", patch by "teor".
Bugfix on 0.2.3.25 and 0.2.4.6-alpha (#7352 ),
commit 49dd5ef3
on 7 Nov 2012.
2017-02-07 08:33:39 -05:00
Nick Mathewson
640b402232
Merge branch 'maint-0.2.4' into maint-0.2.5
2017-02-07 08:32:10 -05:00
John Brooks
053e11f397
Fix out-of-bounds read in INTRODUCE2 client auth
...
The length of auth_data from an INTRODUCE2 cell is checked when the
auth_type is recognized (1 or 2), but not for any other non-zero
auth_type. Later, auth_data is assumed to have at least
REND_DESC_COOKIE_LEN bytes, leading to a client-triggered out of bounds
read.
Fixed by checking auth_len before comparing the descriptor cookie
against known clients.
Fixes #15823 ; bugfix on 0.2.1.6-alpha.
2017-02-07 08:31:37 -05:00
Nick Mathewson
54771bcaba
Merge branch 'maint-0.2.5' into maint-0.2.6
2017-01-11 09:12:21 -05:00
Nick Mathewson
34fdd510ef
Merge branch 'maint-0.2.4' into maint-0.2.5
2017-01-11 09:11:58 -05:00
Karsten Loesing
3833f67dd2
Update geoip and geoip6 to the January 4 2017 database.
2017-01-04 10:19:52 +01:00
Nick Mathewson
b6227edae1
Add a one-word sentinel value of 0x0 at the end of each buf_t chunk
...
This helps protect against bugs where any part of a buf_t's memory
is passed to a function that expects a NUL-terminated input.
It also closes TROVE-2016-10-001 (aka bug 20384).
2016-12-20 18:22:53 -05:00
Nick Mathewson
746c51b613
Merge branch 'maint-0.2.5' into maint-0.2.6
...
("ours" merge because there is a separate 20384 patch for 026)
2016-12-20 18:22:27 -05:00
Nick Mathewson
39ef343523
Add a one-word sentinel value of 0x0 at the end of each buf_t chunk
...
This helps protect against bugs where any part of a buf_t's memory
is passed to a function that expects a NUL-terminated input.
2016-12-20 18:20:01 -05:00