Commit Graph

10449 Commits

Author SHA1 Message Date
David Goulet
d0d45a97d8 Merge branch 'maint-0.4.6' 2022-02-04 11:07:34 -05:00
David Goulet
728191fc2e Merge branch 'maint-0.4.5' into maint-0.4.6 2022-02-04 11:07:34 -05:00
Tor CI Release
6a6332a683 fallbackdir: Update list generated on February 04, 2022 2022-02-04 11:05:21 -05:00
Tor CI Release
5ab4fa9fd8 Update geoip files to match ipfire location db, 2022/02/04. 2022-02-04 11:05:13 -05:00
Tor CI Release
cfe022d01d Update geoip files to match ipfire location db, 2021/12/15. 2022-02-04 10:56:29 -05:00
Tor CI Release
f03cab5dbb fallbackdir: Update list generated on December 15, 2021 2022-02-04 10:17:10 -05:00
David Goulet
d6f643e4dd changes: Remove uneeded file due to empty merge forward
Signed-off-by: David Goulet <dgoulet@torproject.org>
2022-02-03 08:31:49 -05:00
David Goulet
6b06803e0d Merge branch 'maint-0.4.6' 2022-02-03 08:30:59 -05:00
David Goulet
a08b12568e Merge branch 'maint-0.4.5' into maint-0.4.6 2022-02-03 08:30:40 -05:00
David Goulet
3c73622f27 hs: Double quote the metrics label value
Fixes #40552

Signed-off-by: David Goulet <dgoulet@torproject.org>
2022-02-03 08:30:23 -05:00
David Goulet
28881d0a92 fallbackdir: Update list generated on January 24, 2022
Signed-off-by: David Goulet <dgoulet@torproject.org>
2022-01-24 10:35:18 -05:00
David Goulet
324ded93be geoip: Update to match ipfire location db, 2022/01/24.
Signed-off-by: David Goulet <dgoulet@torproject.org>
2022-01-24 10:31:43 -05:00
Nick Mathewson
935d7b5803 Resolve typedef conflict from congestion_control_t
Resumes being able to build on old / esoteric gcc versions.

Fixes bug 40550; bugfix on 0.4.7.1-alpha.
2022-01-20 14:22:00 -05:00
David Goulet
ec5611e876 Merge branch 'maint-0.4.5' into maint-0.4.6 2022-01-18 13:15:29 -05:00
David Goulet
e949586889 Merge branch 'maint-0.4.6' 2022-01-18 13:15:29 -05:00
David Goulet
49c758af47 Merge branch 'maint-0.3.5' into maint-0.4.5 2022-01-18 13:15:29 -05:00
David Goulet
e523480691 Merge branch 'tor-gitlab/mr/510' into maint-0.3.5 2022-01-18 13:15:23 -05:00
David Goulet
7d9d769123 Merge branch 'maint-0.4.5' into maint-0.4.6 2022-01-18 13:12:35 -05:00
David Goulet
a4510603f7 Merge branch 'maint-0.4.6' 2022-01-18 13:12:35 -05:00
David Goulet
aac5731f86 Merge branch 'maint-0.3.5' into maint-0.4.5 2022-01-18 13:12:13 -05:00
David Goulet
b9c06718a8 main: Update a dead URL in a log notice
Change https://www.torproject.org/download/download#warning to
https://support.torproject.org/faq/staying-anonymous/

Closes #40544

Signed-off-by: David Goulet <dgoulet@torproject.org>
2022-01-18 12:51:52 -05:00
David Goulet
72041c6306 relay: Don't advertise HSv2 protocol version
We removed HSIntro=3 and HSDir=1 that are v2 specific. Since 0.3.5.17,
we do not support introducing or being a directory for onion service v2.

Closes #40509

Signed-off-by: David Goulet <dgoulet@torproject.org>
2022-01-18 12:39:06 -05:00
Alexander Færøy
66e7ddb551 Merge remote-tracking branch 'tor-gitlab/mr/503' into main 2021-12-17 16:53:47 +00:00
Tor CI Release
adc0d49ef2 release: ChangeLog and ReleaseNotes for 0.4.7.3-alpha 2021-12-16 09:32:04 -05:00
David Goulet
7a8aa8e36d Merge branch 'maint-0.4.6' 2021-12-16 09:28:17 -05:00
Tor CI Release
9a4366b3e3 Update geoip files to match ipfire location db, 2021/12/15. 2021-12-16 09:27:46 -05:00
Tor CI Release
57e8a9b8cb fallbackdir: Update list generated on December 15, 2021 2021-12-16 09:27:39 -05:00
David Goulet
48e993be95 changes: Minor syntax editing fixes
Signed-off-by: David Goulet <dgoulet@torproject.org>
2021-12-15 10:53:32 -05:00
David Goulet
bf10206e9e Fix compiler warnings from ubuntu/jammy
Signed-off-by: David Goulet <dgoulet@torproject.org>
2021-12-15 09:00:15 -05:00
Alexander Færøy
193781e6ef Merge remote-tracking branch 'tor-gitlab/mr/500' into main 2021-12-15 12:46:18 +00:00
Alexander Færøy
48d778bc32 Merge remote-tracking branch 'tor-gitlab/mr/491' into main 2021-12-15 12:41:00 +00:00
Alexander Færøy
95b82c4fee Merge remote-tracking branch 'tor-gitlab/mr/497' into main 2021-12-15 12:38:30 +00:00
David Goulet
bf1ed5c853 relay: Change DNS timeout label on MetricsPort
Change it from "timeout" to "tor_timeout" in order to indicate that the
DNS timeout is one from tor's DNS threshold and not the DNS server
itself.

Fixes #40527

Signed-off-by: David Goulet <dgoulet@torproject.org>
2021-12-13 10:49:00 -05:00
David Goulet
ad6a0ebb11 Merge branch 'ticket40527_046_01' into ticket40527_047_01 2021-12-13 10:48:54 -05:00
David Goulet
cda7acb35d relay: Don't make DNS timeout trigger an overload
Tor has configure libevent to attempt up to 3 times a DNS query for a
maximum of 5 seconds each. Once that 5 seconds has elapsed, it consider
the query "Timed Out" but tor only gets a timeout if all 3 attempts have
failed.

For example, using Unbound, it has a much higher threshold of timeout.
It is well defined in
https://www.nlnetlabs.nl/documentation/unbound/info-timeout/ and has
some complexity to it. But the gist is that if it times out, it will be
much more than 5 seconds.

And so the Tor DNS timeouts are more of a "UX issue" rather than a
"network issue". For this reason, we are removing this metric from the
overload general signal.

See https://gitlab.torproject.org/tpo/network-health/team/-/issues/139
for more information.

Fixes #40527

Signed-off-by: David Goulet <dgoulet@torproject.org>
2021-12-13 10:47:46 -05:00
Nick Mathewson
86819229af Limit the number of elements in a consdiff hash line.
This avoids performing and then freeing a lot of small mallocs() if
the hash line has too many elements.

Fixes one case of bug 40472; resolves OSS-Fuzz 38363.  Bugfix on
0.3.1.1-alpha when the consdiff parsing code was introduced.
2021-12-06 12:35:08 -05:00
Nick Mathewson
b4c55f3a70 changes: Describe when bug 7362 began. 2021-11-23 11:28:30 -05:00
Cecylia Bocovich
0d3894dbbc
Add documentation on {C,S}METHOD parsing behaviour 2021-11-23 11:18:04 -05:00
Nick Mathewson
dd085d42f9 Do not count controller-selected paths towards path bias.
As a side effect, this fixes a "Bug" warning.

Closes #40515.  Bugfix on 0.2.4.10-alpha.
2021-11-15 08:55:47 -05:00
Nick Mathewson
96f1e69f24 Implement proposal 275: don't put "published" times in md consensus
When a new consensus method is negotiated, these values will all get
replaced with "2038-01-01 00:00:00".

This change should be safe because:

  * As of 0.2.9.11 / 0.3.0.7 / 0.3.1.1-alpha, Tor takes no action
    about published_on times in the future.

  * The only remaining parties relying on published_on values are (we
    believe) relays running 0.3.5.x, which rely on the values in a NS
    consensus to see whether their descriptors are out of date.  But
    this patch only changes microdesc consensuses.

  * The latest Tor no longer looks at this field in consensuses.

Why make this change?  In experiments, replacing these values with a
fixed value made the size of compressed consensus diffs much much
smaller.  (Like, by over 50%!)

Implements proposal 275; Implements #40130.
2021-11-09 13:43:48 -05:00
Alexander Færøy
a78dafbf7c Merge branch 'maint-0.4.5' into maint-0.4.6 2021-11-08 14:16:19 +00:00
Alexander Færøy
9d8b0c5bdc Merge branch 'maint-0.4.6' into main 2021-11-08 14:16:19 +00:00
Alexander Færøy
882fd1f0d4 Merge branch 'maint-0.3.5' into maint-0.4.5 2021-11-08 14:16:18 +00:00
Alexander Færøy
d1493f2f27 Merge remote-tracking branch 'tor-gitlab/mr/485' into main 2021-11-08 14:14:03 +00:00
Roger Dingledine
5ad126a51b don't cache connect failures from our own circuits
The connect failure cache had a bad interaction with retrying connections
to our guards or bridges when we go offline and then come back online --
while offline we would fail to connect and cache this result, and then
when we return we would decline to even attempt to connect, because our
failure cache said it wouldn't work.

Now only cache connect failures for relays when we connected to them
because of somebody else's EXTEND request.

Fixes bug 40499; bugfix on 0.3.3.4-alpha.
2021-11-08 05:37:02 -05:00
Nick Mathewson
cee6e7d9e1 Give an error message if LibreSSL's TLSv1.3 APIs aren't what we need
From LibreSSL versions 3.2.1 through 3.4.0, our configure script
would conclude that TLSv1.3 as supported, but it actually wasn't.
This led to annoying breakage like #40128 and #40445.

Now we give an error message if we try to build with one of those
versions.

Closes #40511.
2021-11-06 11:04:08 -04:00
Nick Mathewson
8beb560bfd Reverse the direction of the test for openssl 3.0.0
Previously the logic was reversed, and always gave the wrong answer.
This has no other effect than to change whether we suppress
deprecated API warnings.

Fixes #40429; bugfix on 0.3.5.13.
2021-11-05 13:23:05 -04:00
Nick Mathewson
c93114ec9e Prefer use of __MINGW_PRINTF/SCANF_FORMAT if available.
Mingw headers sometimes like to define alternative scanf/printf
format attributes depending on whether they're using clang, UCRT,
MINGW_ANSI_STDIO, or the microsoft version of printf/scanf.  This
change attempts to use the right one on the given platform.

This is an attempt to fix part of #40355.
2021-11-05 12:36:34 -04:00
Simon South
94d82baeec changes: Add file for ticket 40505 2021-11-05 10:30:51 -04:00
David Goulet
36e6ad6c7b Merge branch 'maint-0.4.6' 2021-11-03 09:53:35 -04:00
David Goulet
83f8fe05e8 Merge branch 'maint-0.4.5' into maint-0.4.6
Signed-off-by: David Goulet <dgoulet@torproject.org>
2021-11-03 09:53:31 -04:00
David Goulet
6e8e1a4e6f relay: Don't allow DirPort on non-IPv4
Our code doesn't allow it and so this prevents an assert() crash if the
DirPort is for instance IPv6 only.

Fixes #40494

Signed-off-by: David Goulet <dgoulet@torproject.org>
2021-11-03 09:51:46 -04:00
Alexander Færøy
f6600377b4 Merge remote-tracking branch 'tor-gitlab/mr/474' into main 2021-11-02 15:28:56 +00:00
Alexander Færøy
b109161c8f Merge branch 'maint-0.4.6' into main 2021-11-02 15:27:08 +00:00
David Goulet
6926c9192a man: Missing OverloadStatistics option in tor.1
Closes #40504

Signed-off-by: David Goulet <dgoulet@torproject.org>
2021-11-02 09:51:43 -04:00
David Goulet
77c47417f2 Merge branch 'maint-0.4.5' into maint-0.4.6 2021-10-29 09:20:21 -04:00
David Goulet
bec9c61f5b changes: Add file for ticket 26299
Signed-off-by: David Goulet <dgoulet@torproject.org>
2021-10-29 09:20:17 -04:00
David Goulet
f5bd575401 changes: Add file for ticket 26299
Signed-off-by: David Goulet <dgoulet@torproject.org>
2021-10-29 09:19:59 -04:00
David Goulet
92fedb9f44 changes: Add file for ticket 26299
Signed-off-by: David Goulet <dgoulet@torproject.org>
2021-10-29 09:19:21 -04:00
Roger Dingledine
7084ec8710 don't retry entry guards if they're bridges without descriptors
When we don't yet have a descriptor for one of our bridges, disable
the entry guard retry schedule on that bridge. The entry guard retry
schedule and the bridge descriptor retry schedule can conflict,
e.g. where we mark a bridge as "maybe up" yet we don't try to fetch
its descriptor yet, leading Tor to wait (refusing to do anything)
until it becomes time to fetch the descriptor.

Fixes bug 40497; bugfix on 0.3.0.3-alpha.
2021-10-28 20:57:28 -04:00
Roger Dingledine
f9cb7e3398 do notice-level log when we resume having enough dir info
we do a notice-level log when we decide we *don't* have enough dir
info, but in 0.3.5.1-alpha (see commit eee62e13d9, #14950) we lost our
corresponding notice-level log when things come back.

bugfix on 0.3.5.1-alpha; fixes bug 40496.
2021-10-28 20:57:28 -04:00
Roger Dingledine
3c8510e2c0 reassess minimum-dir-info when a bridge fails
When we try to fetch a bridge descriptor and we fail, we mark
the guard as failed, but we never scheduled a re-compute for
router_have_minimum_dir_info().

So if we had already decided we needed to wait for this new descriptor,
we would just wait forever -- even if, counterintuitively, *losing* the
bridge is just what we need to *resume* using the network, if we had it
in state GUARD_REACHABLE_MAYBE and we were stalling to learn this outcome.

See bug 40396 for more details.
2021-10-28 20:57:28 -04:00
David Goulet
5363d9b118 Merge branch 'maint-0.4.5' into maint-0.4.6 2021-10-28 14:26:35 -04:00
David Goulet
a80868c118 changes: Typo in file, wrong version was used
Signed-off-by: David Goulet <dgoulet@torproject.org>
2021-10-28 14:22:14 -04:00
Alexander Færøy
31fa3cc1a0 Fix compilation on systems with older compilers.
This patch fixes a build error with GCC 7.x which doesn't seem to accept
const int's as constants in macro initialization.

See: tpo/core/tor#40410
2021-10-28 10:37:45 -04:00
Alexander Færøy
0c521881f6 Add Changelog and ReleaseNotes entry for tor#40500. 2021-10-25 21:18:35 +00:00
Alexander Færøy
04788dcf40 Merge branch 'maint-0.4.6' into main 2021-10-25 21:03:14 +00:00
Alexander Færøy
0c5128eeb2 Merge branch 'maint-0.4.5' into maint-0.4.6 2021-10-25 21:02:55 +00:00
David Goulet
12c3787305 ci: Exclude HSv2 Stem tests
Signed-off-by: David Goulet <dgoulet@torproject.org>
2021-10-25 20:56:26 +00:00
David Goulet
78f5c96272 changelog: ChangeLog for 0.4.7.2-alpha release
Signed-off-by: David Goulet <dgoulet@torproject.org>
2021-10-25 10:19:44 -04:00
David Goulet
2f171f30c8 Merge branch 'maint-0.4.6' 2021-10-21 10:01:39 -04:00
David Goulet
d496a75026 Merge branch 'maint-0.4.5' into maint-0.4.6 2021-10-21 10:01:38 -04:00
David Goulet
1dab1c8ad5 Merge branch 'maint-0.3.5' into maint-0.4.5 2021-10-21 10:01:38 -04:00
David Goulet
66e8e0f71b fallbackdir: Regenerate the list for October 2021
Closes #40493

Signed-off-by: David Goulet <dgoulet@torproject.org>
2021-10-21 09:13:40 -04:00
Alexander Færøy
ae05f06597 Merge branch 'tor-gitlab/mr/452_squashed' into main 2021-10-21 12:57:37 +00:00
Nick Mathewson
54ab43d05e Prop335: Changes file and manual entries.
Closes #40448.
2021-10-21 12:57:20 +00:00
Alexander Færøy
d320f4d2a2 Merge remote-tracking branch 'tor-gitlab/mr/442' into main 2021-10-21 12:50:28 +00:00
Alexander Færøy
bd1c14f015 Merge branch 'maint-0.4.5' into maint-0.4.6 2021-10-21 12:35:36 +00:00
Alexander Færøy
0135fb028c Merge remote-tracking branch 'tor-gitlab/mr/338' into maint-0.4.5 2021-10-21 12:35:26 +00:00
Alexander Færøy
1e08efdb58 Merge branch 'maint-0.4.5' into maint-0.4.6 2021-10-20 21:47:26 +00:00
Alexander Færøy
059ea671ed Merge branch 'maint-0.4.6' into main 2021-10-20 21:47:26 +00:00
Alexander Færøy
5717b88bcb Merge branch 'maint-0.3.5' into maint-0.4.5 2021-10-20 21:47:17 +00:00
Alexander Færøy
7372739765 Announce URL to bridge status page when starting Tor as a bridge relay.
This patch makes Tor announce the relay specific bridge status page URL
when Tor is starting up before bootstrap occours.

See: tor#30477
2021-10-20 21:44:45 +00:00
Alexander Færøy
bae6780e70 Merge branch 'tor-gitlab/mr/464_squashed' into main 2021-10-20 18:39:07 +00:00
Nick Mathewson
bcc953307b Move "Didn't recognize cell, but circ stops here" into heartbeat.
When we looked, this was the third most frequent message at
PROTOCOL_WARN, and doesn't actually tell us what to do about it.
Now:
 * we just log it at info
 * we log it only once per circuit
 * we report, in the heartbeat, how many times it happens, how many
   cells it happens with per circuit, and how long these circuits
   have been alive (on average).

Fixes the final part of #40400.
2021-10-20 18:38:39 +00:00
Alexander Færøy
16cbbf04c4 Merge branch 'maint-0.4.5' into maint-0.4.6 2021-10-20 17:36:07 +00:00
Alexander Færøy
fdc7549b61 Merge branch 'maint-0.3.5' into maint-0.4.5 2021-10-20 17:36:06 +00:00
Alexander Færøy
db112329a0 Merge remote-tracking branch 'tor-gitlab/mr/369' into maint-0.3.5 2021-10-20 17:35:35 +00:00
David Goulet
e7abab8782 relay: For metrics, don't report DNS errors by query type
This is due to the libevent bug
https://github.com/libevent/libevent/issues/1219 that fails to return
back the DNS record type on error.

And so, the MetricsPort now only reports the errors as a global counter
and not a per record type.

Closes #40490

Signed-off-by: David Goulet <dgoulet@torproject.org>
2021-10-20 10:40:56 -04:00
David Goulet
7a8108ea87 relay: Overload state on DNS timeout is now X% over Y secs
With this commit, we will only report a general overload state if we've
seen more than X% of DNS timeout errors over Y seconds. Previous
behavior was to report when a single timeout occured which is really too
small of a threshold.

The value X is a consensus parameters called
"overload_dns_timeout_scale_percent" which is a scaled percentage
(factor of 1000) so we can represent decimal points for X like 0.5% for
instance. Its default is 1000 which ends up being 1%.

The value Y is a consensus parameters called
"overload_dns_timeout_period_secs" which is the time period for which
will gather DNS errors and once over, we assess if that X% has been
reached ultimately triggering a general overload signal.

Closes #40491

Signed-off-by: David Goulet <dgoulet@torproject.org>
2021-10-20 10:00:03 -04:00
David Goulet
caa305a5ad changes: Add file for ticket 40491
Signed-off-by: David Goulet <dgoulet@torproject.org>
2021-10-20 09:15:51 -04:00
David Goulet
d455f9e18a hs: v2 address are now considered a bad hostname
This means that at this commit, tor will stop logging that v2 is
deprecated and treat a v2 address as a bad hostname that we can't use.

Part of #40476

Signed-off-by: David Goulet <dgoulet@torproject.org>
2021-10-19 10:59:19 -04:00
David Goulet
af48f5736a hs: Fix merge conflicts after merging forward 40476
Signed-off-by: David Goulet <dgoulet@torproject.org>
2021-10-19 10:57:10 -04:00
David Goulet
2a705e81a3 Merge branch 'maint-0.4.6' 2021-10-19 10:35:40 -04:00
David Goulet
18b5630a7c changes: Add file for ticket 40476
Closes #40476

Signed-off-by: David Goulet <dgoulet@torproject.org>
2021-10-19 09:51:24 -04:00
David Goulet
3dd4b3316d changes: Add file for ticket 40476
Closes #40476

Signed-off-by: David Goulet <dgoulet@torproject.org>
2021-10-19 09:50:23 -04:00
David Goulet
f748a497c7 Merge branch 'ticket40476_045_01' into ticket40476_046_01 2021-10-19 09:48:13 -04:00
David Goulet
2a4a0c9012 changes: Add file for ticket 40476
Closes #40476

Signed-off-by: David Goulet <dgoulet@torproject.org>
2021-10-19 09:36:14 -04:00
Nick Mathewson
9ac1ed525f Changes file for new fuzzers 2021-10-16 10:51:41 -04:00
Alexander Færøy
8c18e9a949 Merge remote-tracking branch 'tor-gitlab/mr/459' into main 2021-10-14 19:19:32 +00:00
Alexander Færøy
b93af906c4 Merge remote-tracking branch 'tor-gitlab/mr/456' into main 2021-10-14 19:18:22 +00:00
David Goulet
1ea523c705 Merge branch 'tor-gitlab/mr/458' 2021-10-14 13:09:21 -04:00
Nick Mathewson
15ede0435f Lower maximum value for guard-extreme-restriction-percent to 100.
Values greater than 100 would have had the same effect as 100, so
this doesn't actually change Tor's behavior; it just makes the
intent clearer.  Fixes #40486; see also torspec#66.
2021-10-14 12:39:05 -04:00
Nick Mathewson
ed4b8ca74b Merge remote-tracking branch 'tor-gitlab/mr/457' 2021-10-14 12:25:22 -04:00
Nick Mathewson
75e195737e Correct a version number. 2021-10-14 12:23:36 -04:00
Nick Mathewson
d10ceb7165 Downgrade "Rejecting RENDEZVOUS1 cell with unrecognized cookie"
This is the loudest of our LOG_PROTOCOL_WARN messages, it can occur
naturally, and there doesn't seem to be a great response to it.

Partial fix for 40400; bugfix on 0.1.1.13-alpha.
2021-10-14 12:21:30 -04:00
David Goulet
aae40113c7 ci: Set 5MB data for all chutney tests
Closes #40485

Signed-off-by: David Goulet <dgoulet@torproject.org>
2021-10-14 11:43:28 -04:00
David Goulet
e0a6a0d085 hs: Fix memory leak if service failed to configure
Closes #40484

Signed-off-by: David Goulet <dgoulet@torproject.org>
2021-10-14 10:15:16 -04:00
Alexander Færøy
c81901fd39 Merge remote-tracking branch 'tor-gitlab/mr/433' into main 2021-10-14 13:01:41 +00:00
Alexander Færøy
d3c8008660 Merge remote-tracking branch 'tor-gitlab/mr/451' into main 2021-10-14 12:59:25 +00:00
Nick Mathewson
3da455de00 Downgrade a PROTOCOL_WARN log message.
This one happens every time we get a failure from
circuit_receive_relay_cell -- but for all the relevant failing cases
in that function, we already log in that function.

This resolves one case of #40400.  Two cases remain.
2021-10-13 16:51:46 -04:00
David Goulet
0f7e0d5f2f dirauth: Reject EOL relays
Series 0.4.2.x, 0.4.3.x and 0.4.4.x will all be rejected at the
authority level at this commit.

Futhermore, the 0.4.5.x alphas and rc will also be rejected.

Closes #40480

Signed-off-by: David Goulet <dgoulet@torproject.org>
2021-10-08 11:09:33 -04:00
David Goulet
ba5a71b913 Merge branch 'tor-gitlab/mr/447' 2021-10-08 10:43:53 -04:00
David Goulet
adcb094cb6 Merge branch 'tor-gitlab/mr/392' into maint-0.4.5 2021-10-06 15:45:13 -04:00
David Goulet
065ebd10c2 Merge branch 'tor-gitlab/mr/393' into maint-0.4.5 2021-10-06 15:41:12 -04:00
David Goulet
474c85a98d Merge branch 'maint-0.4.5' into maint-0.4.6 2021-10-06 15:35:43 -04:00
David Goulet
a53c949dcf Merge branch 'tor-gitlab/mr/420' into maint-0.4.5 2021-10-06 15:35:30 -04:00
David Goulet
ae9042abbf rust: Remove Rust support from tree
Closes #40469

Signed-off-by: David Goulet <dgoulet@torproject.org>
2021-10-06 15:12:04 -04:00
David Goulet
c3e50f0fde Merge branch 'maint-0.4.6' 2021-10-06 13:25:08 -04:00
David Goulet
602dcd8e37 hs-v2: Only log once the connection warning to v2
Closes #40474

Signed-off-by: David Goulet <dgoulet@torproject.org>
2021-10-06 13:22:02 -04:00
David Goulet
f0d1240a07 hs-v2: Only log once the connection warning to v2
Closes #40474

Signed-off-by: David Goulet <dgoulet@torproject.org>
2021-10-06 13:20:22 -04:00
David Goulet
3c13886317 changes: Fix file for ticket 40182
Signed-off-by: David Goulet <dgoulet@torproject.org>
2021-10-04 15:02:32 -04:00
David Goulet
e4e88c4b2e Merge branch 'tor-gitlab/mr/228' 2021-10-04 14:59:04 -04:00
David Goulet
4046b9f3ee edge: Remove wrong bug warn when processing pending streams
The connection_ap_attach_pending() function processes all pending
streams in the pending_entry_connections list. It first copy the pointer
and then allocates a brand new empty list.

It then iterates over that copy pointer to try to attach entry
connections onto any fitting circuits using
connection_ap_handshake_attach_circuit().

That very function, for onion service, can lead to flagging _all_
streams of the same onion service to be put in state RENDDESC_WAIT from
CIRCUIT_WAIT. By doing so, it also tries to remove them from the
pending_entry_connections but at that point it is already empty.

Problem is that the we are iterating over the previous
pending_entry_connections which contains the streams that have just
changed state and are no longer in CIRCUIT_WAIT.

This lead to this bug warning occuring a lot on busy services:

  May 01 08:55:43.000 [warn] connection_ap_attach_pending(): Bug:
  0x55d8764ae550 is no longer in circuit_wait. Its current state is
  waiting for rendezvous desc. Why is it on pending_entry_connections?
  (on Tor 0.4.4.0-alpha-dev )

This fix is minimal and basically allow a state to be not CIRCUIT_WAIT
and move on to the next one without logging a warning. Because the
pending_entry_connections is emptied before processing, there is no
chance for a streams to be stuck there forever thus it is OK to ignore
streams not in the right state.

Fixes #34083

Signed-off-by: David Goulet <dgoulet@torproject.org>
2021-10-04 14:11:18 -04:00
David Goulet
1873d4c14c Merge branch 'tor-gitlab/mr/444' 2021-10-04 10:49:27 -04:00
David Goulet
7005046bd2 changes: Add file for ticket 40450 (prop324)
Closes #40450

Signed-off-by: David Goulet <dgoulet@torproject.org>
2021-10-04 10:45:54 -04:00
Simon South
1a10948260 test: Add sandbox unit tests 2021-09-28 11:06:52 -04:00
Simon South
fbf2e7e921 sandbox: Allow use with fragile hardening
When building with --enable-fragile-hardening, add or relax Linux
seccomp rules to allow AddressSanitizer to execute normally if the
process terminates with the sandbox active.

Further resolves issue 11477.
2021-09-28 11:06:50 -04:00
Neel Chauhan
b7992d4f79 bwauth: Add AuthDirDontVoteOnDirAuthBandwidth option to avoid giving weights to dirauths 2021-09-27 08:58:00 -07:00
David Goulet
9a7fe5d131 changelog: ChangeLog for 0.4.7.1-alpha release
Signed-off-by: David Goulet <dgoulet@torproject.org>
2021-09-17 09:42:45 -04:00
Neel Chauhan
17ceeb7f92 tor.1 man page: Add mention of fingerprint-ed25519, and clarify differences 2021-09-14 11:10:11 -07:00
Guinness
bd68668ac0
Fix changes file 2021-09-13 19:02:23 +02:00
Daniel Pinto
7a06b8713d Fix compilation error when __NR_time is not defined. #40465 2021-09-09 23:55:49 +01:00
Neel Chauhan
8ead53330c Add spaces between the "and" when logging the "Your server has not managed to confirm reachability for its" on dual-stack relays 2021-08-26 13:40:53 -07:00
Nick Mathewson
29ec66fb39 Remove changes files that have already been in changelogs for 0.4.6 2021-08-26 11:21:38 -04:00
Nick Mathewson
984e3a9c6c Merge remote-tracking branch 'tor-gitlab/mr/420' 2021-08-18 08:43:31 -04:00
David Goulet
cac612af42 dir: Do not flag non-running failing HSDir
When a directory request fails, we flag the relay as non Running so we
don't use it anymore.

This can be problematic with onion services because there are cases
where a tor instance could have a lot of services, ephemeral ones, and
keeps failing to upload descriptors, let say due to a bad network, and
thus flag a lot of nodes as non Running which then in turn can not be
used for circuit building.

This commit makes it that we never flag nodes as non Running on a onion
service directory request (upload or fetch) failure as to keep the
hashring intact and not affect other parts of tor.

Fortunately, the onion service hashring is _not_ selected by looking at
the Running flag but since we do a 3-hop circuit to the HSDir, other
services on the same instance can influence each other by removing nodes
from the consensus for path selection.

This was made apparent with a small network that ran out of nodes to
used due to rapid succession of onion services uploading and failing.
See #40434 for details.

Fixes #40434

Signed-off-by: David Goulet <dgoulet@torproject.org>
2021-08-17 13:27:14 -04:00
David Goulet
4252744788 Merge branch 'maint-0.4.6' 2021-08-12 12:13:26 -04:00
David Goulet
4c3c40e70c Merge branch 'maint-0.4.5' into maint-0.4.6 2021-08-12 12:13:26 -04:00
David Goulet
33abeeab94 Merge branch 'maint-0.3.5' into maint-0.4.5 2021-08-12 12:13:25 -04:00
Alexander Færøy
eca5b62213 Update GeoIP files to match IPFire location DB as per 2021/08/12. 2021-08-12 15:38:11 +00:00
Alexander Færøy
2160697d14 Merge branch 'maint-0.4.6' into main 2021-08-11 13:15:59 +00:00
Alexander Færøy
b8660e384f Merge branch 'maint-0.4.5' into maint-0.4.6 2021-08-11 13:15:59 +00:00
Alexander Færøy
81635ec577 Merge branch 'maint-0.3.5' into maint-0.4.5 2021-08-11 13:15:58 +00:00
Alexander Færøy
7e0971d868 Merge remote-tracking branch 'tor-gitlab/mr/417' into maint-0.3.5 2021-08-11 13:15:35 +00:00
Alexander Færøy
ac254d5334 Merge branch 'maint-0.4.6' into main 2021-08-11 13:14:26 +00:00
Alexander Færøy
e3c2179f25 Merge branch 'maint-0.4.5' into maint-0.4.6 2021-08-11 13:14:26 +00:00
Alexander Færøy
c48d1c3f7c Merge branch 'maint-0.3.5' into maint-0.4.5 2021-08-11 13:14:26 +00:00
George Kadianakis
fe5a9db1e6 Disable ed25519-donna's batch verification.
Fixes bug 40078.

As reported by hdevalence our batch verification logic can cause an assert
crash.

The assert happens because when the batch verification of ed25519-donna fails,
the code in `ed25519_checksig_batch()` falls back to doing a single
verification for each signature.

The crash occurs because batch verification failed, but then all signatures
individually verified just fine.

That's because batch verification and single verification use a different
equation which means that there are sigs that can pass single verification
but fail batch verification.

Fixing this would require modding ed25519-donna which is not in scope for
this ticket, and will be soon deprecated in favor of arti and
ed25519-dalek, so my branch instead removes batch verification.
2021-08-11 13:14:05 +00:00
David Goulet
0e60b65f6c fallbackdir: Regenerate list
New list for all stable releases.

Closes #40447

Signed-off-by: David Goulet <dgoulet@torproject.org>
2021-08-11 09:07:05 -04:00
David Goulet
399518da02 relay: Reduce streaming compression ratio from HIGH to LOW
Fixes #40301

Signed-off-by: David Goulet <dgoulet@torproject.org>
2021-08-11 12:51:32 +00:00
Alexander Færøy
61c88fbec9 Merge branch 'maint-0.4.6' into main 2021-08-11 12:48:04 +00:00
Alexander Færøy
3d0b4c7c45 Merge branch 'maint-0.4.5' into maint-0.4.6 2021-08-11 12:48:04 +00:00
David Goulet
70d8fb3eab relay: Reduce streaming compression ratio from HIGH to LOW
Fixes #40301

Signed-off-by: David Goulet <dgoulet@torproject.org>
2021-08-11 12:47:20 +00:00
George Kadianakis
4f68fe3e6c Merge branch 'vanguards-lite-dev-rebased' 2021-07-28 12:00:37 +03:00
George Kadianakis
72aa23a9fd circpad: Be smarter on when to send back STOP cells. 2021-07-22 15:03:56 +03:00
George Kadianakis
43a725797b Update changes file with the new proposal number #333. 2021-07-21 12:43:52 +03:00
George Kadianakis
8b026b4eee Merge remote-tracking branch 'tor-gitlab/mr/406' into maint-0.4.6 2021-07-07 13:04:24 +03:00
George Kadianakis
e79d73de9b Merge remote-tracking branch 'tor-gitlab/mr/406' 2021-07-07 13:02:11 +03:00
George Kadianakis
6aff048978 Merge branch 'maint-0.4.6' 2021-07-06 13:42:53 +03:00
George Kadianakis
167f3bc4ec Merge branch 'maint-0.4.5' into maint-0.4.6 2021-07-06 13:42:53 +03:00
George Kadianakis
98b9df61f6 Merge branch 'mr/395' into maint-0.4.5 2021-07-06 13:42:29 +03:00
Nick Mathewson
c1d96358d4 Use native timegm when available.
Continue having a tor_gmtime_impl() unit test so that we can detect
any problems in our replacement function; add a new test function to
make sure that gmtime<->timegm are a round-trip on now-ish times.

This is a fix for bug #40383, wherein we ran into trouble because
tor_timegm() does not believe that time_t should include a count of
leap seconds, but FreeBSD's gmtime believes that it should.  This
disagreement meant that for a certain amount of time each day,
instead of calculating the most recent midnight, our voting-schedule
functions would calculate the second-most-recent midnight, and lead
to an assertion failure.

I am calling this a bugfix on 0.2.0.3-alpha when we first started
calculating our voting schedule in this way.
2021-07-06 13:33:05 +03:00
George Kadianakis
314a6b42c5 Introduce vanguards-lite subsystem and some of its entry points
Co-authored-by: Mike Perry <mikeperry-git@torproject.org>
2021-07-01 18:15:55 +03:00
Nick Mathewson
e71db3a4be Merge remote-tracking branch 'tor-gitlab/mr/405' 2021-07-01 09:56:35 -04:00
Nick Mathewson
1555646b36 Merge branch 'maint-0.4.6' 2021-06-30 08:15:41 -04:00
Nick Mathewson
4302c0b4a1 Merge branch 'maint-0.4.5' into maint-0.4.6 2021-06-30 08:15:41 -04:00
Nick Mathewson
e60d14bb6b Missing changes file for #40409 2021-06-30 08:14:57 -04:00
David Goulet
e9edcea0ca Merge branch 'tor-gitlab/mr/275' 2021-06-29 10:55:46 -04:00
David Goulet
301ffb71a6 hs: Send back 0xF6 for a v2 onion address
Fixes #40421

Signed-off-by: David Goulet <dgoulet@torproject.org>
2021-06-29 09:56:44 -04:00
Steven Engler
f944e46399 If TestingTorNetwork, skip perm check on the hs directory 2021-06-28 13:51:06 -04:00
Nick Mathewson
45c8d69cbb Merge branch 'maint-0.4.5' into maint-0.4.6 2021-06-26 10:04:38 -04:00
Nick Mathewson
45b5987115 Merge branch 'maint-0.4.6' 2021-06-26 10:04:38 -04:00
Alexander Færøy
83483bd4f6 Enable deterministic RNG for address set tests.
This patch enables the deterministic RNG for address set tests,
including the tests which uses address set indirectly via the nodelist
API.

This should prevent random test failures in the highly unlikely case of
a false positive which was seen in tor#40419.

See: tpo/core/tor#40419.
2021-06-25 16:43:10 +00:00
David Goulet
270398fa31 Merge branch 'maint-0.4.6' 2021-06-18 14:29:15 -04:00
Alexander Færøy
2c00ad36cd Fix compilation on systems with older compilers.
This patch fixes a build error with GCC 7.x which doesn't seem to accept
const int's as constants in macro initialization.

See: tpo/core/tor#40410
2021-06-18 18:14:07 +00:00
Nick Mathewson
d642da020e Merge remote-tracking branch 'tor-gitlab/mr/338' 2021-06-14 13:10:18 -04:00
Nick Mathewson
982829650c Merge remote-tracking branch 'tor-gitlab/mr/397' 2021-06-14 13:05:03 -04:00
Nick Mathewson
ec677c0c2e Merge branch 'maint-0.4.6' 2021-06-10 12:30:30 -04:00
Nick Mathewson
8e590992c4 Merge branch 'maint-0.4.5' into maint-0.4.6 2021-06-10 12:30:29 -04:00
Nick Mathewson
200e9a55e0 Merge branch 'maint-0.4.4' into maint-0.4.5 2021-06-10 12:30:29 -04:00
Nick Mathewson
0ae9fd62fd Merge branch 'maint-0.3.5' into maint-0.4.4 2021-06-10 12:30:11 -04:00
George Kadianakis
f57b5c48e0 Fix TROVE-2021-006: Out-of-bounds read on v3 desc parsing 2021-06-10 12:11:10 -04:00
Nick Mathewson
8734eea31b Merge branch 'maint-0.4.6' 2021-06-10 08:53:07 -04:00
Nick Mathewson
3260d323a6 Merge branch 'maint-0.4.5' into maint-0.4.6 2021-06-10 08:53:07 -04:00
Nick Mathewson
ec696a95e5 Merge branch 'maint-0.4.4' into maint-0.4.5 2021-06-10 08:53:07 -04:00
Nick Mathewson
0f2d45328d Merge branch 'maint-0.3.5' into maint-0.4.4
Conflicts resolved:
	src/core/or/relay.c
2021-06-10 08:52:39 -04:00
David Goulet
adb248b6d6 TROVE-2021-003: Check layer_hint before half-closed end and resolve cells
This issue was reported by Jann Horn part of Google's Project Zero.

Jann's one-sentence summary: entry/middle relays can spoof RELAY_END cells on
half-closed streams, which can lead to stream confusion between OP and
exit.

Fixes #40389
2021-06-10 08:50:05 -04:00
Nick Mathewson
d9edf143ab Merge branch 'maint-0.4.6' 2021-06-10 08:42:15 -04:00
Nick Mathewson
69bd4a8a2d Merge branch 'maint-0.4.5' into maint-0.4.6 2021-06-10 08:42:15 -04:00
Nick Mathewson
1da8621c0a Merge branch 'maint-0.4.4' into maint-0.4.5 2021-06-10 08:42:15 -04:00
Nick Mathewson
31eaa81f59 Merge branch 'maint-0.3.5' into maint-0.4.4 2021-06-10 08:42:15 -04:00
Nick Mathewson
d71bf986b4 Merge branch 'bug40391_035' into maint-0.3.5 2021-06-10 08:41:59 -04:00
Nick Mathewson
085bf61a35 Merge branch 'maint-0.4.6' 2021-06-10 08:37:34 -04:00
Nick Mathewson
1d11675adb Merge branch 'maint-0.4.5' into maint-0.4.6 2021-06-10 08:37:34 -04:00
Nick Mathewson
e2d01aac9e Merge branch 'maint-0.4.4' into maint-0.4.5 2021-06-10 08:37:34 -04:00
Nick Mathewson
7c19a4d924 Merge branch 'maint-0.3.5' into maint-0.4.4 2021-06-10 08:37:26 -04:00
Nick Mathewson
7fdfc2ea54 Merge branch 'bug40390_035_squashed' into maint-0.3.5 2021-06-10 08:34:25 -04:00
Nick Mathewson
c0aa9e0a1b Assert on _all_ failures from RAND_bytes().
Previously, we would detect errors from a missing RNG
implementation, but not failures from the RNG code itself.

Fortunately, it appears those failures do not happen in practice
when Tor is using OpenSSL's default RNG implementation.  Fixes bug
40390; bugfix on 0.2.8.1-alpha. This issue is also tracked as
TROVE-2021-004. Reported by Jann Horn at Google's Project Zero.
2021-06-10 08:33:57 -04:00
Nick Mathewson
a2e500f1ff Merge branch 'maint-0.4.6' 2021-06-10 08:21:49 -04:00
Nick Mathewson
cb38219664 Merge branch 'maint-0.4.5' into maint-0.4.6 2021-06-10 08:21:48 -04:00
Nick Mathewson
d60f8fe98a Merge branch 'maint-0.4.4' into maint-0.4.5 2021-06-10 08:21:48 -04:00
Nick Mathewson
57a41348ee Merge branch 'maint-0.3.5' into maint-0.4.4 2021-06-10 08:21:47 -04:00
Nick Mathewson
520d5c108f Update geoip files to match ipfire location db, 2021/06/10. 2021-06-10 08:20:13 -04:00
Nick Mathewson
d2256fe9ce Modernize our libfuzzer usage to close #40407
Additionally, remove lingering references to hsv2 fuzzers from the
fuzzing_include_am.py script.
2021-06-08 12:47:57 -04:00
Emily Bones
33e2c5962c Add links to original design paper and anonbib
Closes #33742
2021-06-07 20:33:15 +00:00
Nick Mathewson
6c82015959 Merge branch 'maint-0.4.6' 2021-06-01 12:16:42 -04:00
Nick Mathewson
f832b4bcee Merge branch 'bug40175_045' into maint-0.4.6 2021-06-01 12:16:35 -04:00
Nick Mathewson
9348b1b440 changes file for #40175 2021-06-01 12:16:06 -04:00
David Goulet
c29ba98ce8 Merge branch 'maint-0.4.6' 2021-05-27 10:01:49 -04:00
David Goulet
fd3678fa60 Merge branch 'tor-gitlab/mr/392' into maint-0.4.6 2021-05-27 10:01:44 -04:00
Nick Mathewson
d12b16614d Prefer mmap()ed consensus files over cached_dir_t entries.
Cached_dir_t is a somewhat "legacy" kind of storage when used for
consensus documents, and it appears that there are cases when
changing our settings causes us to stop updating those entries.

This can cause trouble, as @arma found out in #40375, where he
changed his settings around, and consensus diff application got
messed up: consensus diffs were being _requested_ based on the
latest consensus, but were being (incorrectly) applied to a
consensus that was no longer the latest one.

This patch is a minimal fix for backporting purposes: it has Tor do
the same search when applying consensus diffs as we use to request
them.  This should be sufficient for correct behavior.

There's a similar case in GETINFO handling; I've fixed that too.

Fixes #40375; bugfix on 0.3.1.1-alpha.
2021-05-26 13:02:56 -04:00
Alexander Færøy
1665d11942 Merge remote-tracking branch 'tor-gitlab/mr/388' into main 2021-05-25 14:17:12 +00:00
Alexander Færøy
11c7e65730 Merge branch 'maint-0.3.5' into maint-0.4.4 2021-05-25 13:25:23 +00:00
Alexander Færøy
4a7379b80a Merge branch 'maint-0.4.4' into maint-0.4.5 2021-05-25 13:25:23 +00:00
Alexander Færøy
bab2b29f89 Merge branch 'maint-0.4.5' into maint-0.4.6 2021-05-25 13:25:23 +00:00
Alexander Færøy
de5f94000c Merge branch 'maint-0.4.6' into main 2021-05-25 13:25:23 +00:00
Nick Mathewson
42ba87d964 Remove the function tor_tls_assert_renegotiation_unblocked.
It was used nowhere outside its own unit tests, and it was causing
compilation issues with recent OpenSSL 3.0.0 alphas.

Closes ticket 40399.
2021-05-25 07:38:31 -04:00
Neel Chauhan
96b59fc4d3 Fix the fencepost issue when we check stability_last_downrated 2021-05-20 11:06:50 -07:00
Nick Mathewson
4c06c619fa Use a more secure hash function for the circuitmux hashtable.
Fixes bug 40931; bugfix on 0.2.4.4-alpha. Also tracked as
TROVE-2021-005.

This issue was reported by Jann Horn from Google's Project Zero.
2021-05-18 08:40:09 -04:00
Nick Mathewson
debede5e50 Merge branch 'maint-0.4.5' into maint-0.4.6 2021-05-17 09:09:49 -04:00
Nick Mathewson
97b61e21a9 Merge remote-tracking branch 'tor-gitlab/mr/387' into maint-0.4.5 2021-05-17 09:09:42 -04:00
Nick Mathewson
fbd47a5078 Merge branch 'maint-0.4.5' into maint-0.4.6 2021-05-17 09:04:22 -04:00
Nick Mathewson
af560f21ec Merge branch 'maint-0.4.6' 2021-05-17 09:04:22 -04:00
Daniel Pinto
e0a8454691 Make SAVECONF keep only one backup and add sandbox rules for it. #40317
When seccomp sandbox is active, SAVECONF failed because it was not
able to save the backup files for torrc. This commit simplifies
the implementation of SAVECONF and sandbox by making it keep only
one backup of the configuration file.
2021-05-17 13:50:19 +02:00
David Goulet
5f009a59da conn: MetricsPort listener is a listener port
The connection type for the listener part was missing from the "is
connection a listener" function.

This lead to our periodic event that retries our listeners to keep
trying to bind() again on an already opened MetricsPort.

Closes #40370

Signed-off-by: David Goulet <dgoulet@torproject.org>
2021-05-12 15:13:50 -04:00
Nick Mathewson
265cca935a Ignore MAX_BANDWIDTH_CHANGE_FREQ on testing networks.
Part of the ever-growing 40337 fix.
2021-05-11 15:54:14 -04:00
Nick Mathewson
9d7fca2306 Make MinTimeToReportBandwidth a testing-only option (and rename it) 2021-05-11 15:49:00 -04:00
Nick Mathewson
0a915d9171 Missing changes file for #40330 2021-05-11 10:17:28 -04:00
Nick Mathewson
d82970c8c3 Merge branch 'maint-0.4.6' 2021-05-10 14:30:09 -04:00
Nick Mathewson
8851861ff0 Merge branch 'ticket40374_046' into maint-0.4.6 2021-05-10 14:30:00 -04:00
Alexander Færøy
a56ed0cfa4 Merge remote-tracking branch 'tor-gitlab/mr/369' 2021-05-10 10:58:29 +00:00
Nick Mathewson
e4f2b52deb Merge branch 'maint-0.4.5' into maint-0.4.6 2021-05-07 13:08:25 -04:00
Nick Mathewson
4e62c17114 Merge branch 'maint-0.4.6' 2021-05-07 13:08:25 -04:00
Nick Mathewson
f5acfe6723 Add a sandbox workaround for Glibc 2.33
This change permits the newfstatat() system call, and fixes issues
40382 (and 40381).

This isn't a free change.  From the commit:

    // Libc 2.33 uses this syscall to implement both fstat() and stat().
    //
    // The trouble is that to implement fstat(fd, &st), it calls:
    //     newfstatat(fs, "", &st, AT_EMPTY_PATH)
    // We can't detect this usage in particular, because "" is a pointer
    // we don't control.  And we can't just look for AT_EMPTY_PATH, since
    // AT_EMPTY_PATH only has effect when the path string is empty.
    //
    // So our only solution seems to be allowing all fstatat calls, which
    // means that an attacker can stat() anything on the filesystem. That's
    // not a great solution, but I can't find a better one.
2021-05-07 12:12:11 -04:00
Nick Mathewson
5acf18bfaa Merge branch 'maint-0.4.5' into maint-0.4.6 2021-05-07 10:41:34 -04:00
Nick Mathewson
a4c8591c35 Merge branch 'maint-0.4.6' 2021-05-07 10:41:34 -04:00
Nick Mathewson
7c86f34340 Merge branch 'maint-0.4.4' into maint-0.4.5 2021-05-07 10:41:34 -04:00
Nick Mathewson
48dd87933d Merge branch 'maint-0.3.5' into maint-0.4.4 2021-05-07 10:41:33 -04:00
Nick Mathewson
e2c1ac214c Reindent a few lines to fix a GCC warning.
As of GCC 11.1.1, the compiler warns us about code like this:

     if (a)
         b;
         c;

and that's a good thing: we wouldn't want to "goto fail".  But we
had an instance if this in circuituse.c, which was making our
compilation sad.

Fixes bug 40380; bugfix on 0.3.0.1-alpha.
2021-05-07 10:39:20 -04:00
Nick Mathewson
0397a9cb49 Merge branch 'maint-0.4.5' into maint-0.4.6 2021-05-07 09:53:58 -04:00
Nick Mathewson
1c9890bd31 Merge branch 'maint-0.4.6' 2021-05-07 09:53:58 -04:00
Nick Mathewson
7fe819c951 Merge branch 'maint-0.4.4' into maint-0.4.5 2021-05-07 09:53:58 -04:00
Nick Mathewson
f68aeda549 Merge branch 'maint-0.3.5' into maint-0.4.4 2021-05-07 09:53:57 -04:00
Nick Mathewson
621f8a304a Update geoip files to match ipfire location db, 2021/05/07. 2021-05-07 09:53:46 -04:00
David Goulet
93af8b1ad8 Merge branch 'maint-0.4.6' 2021-05-07 09:05:21 -04:00
George Kadianakis
80c404c4b7 Log warning when connecting to soon-to-be-deprecated v2 onions. 2021-05-07 08:44:36 -04:00
George Kadianakis
5e836eb80c Add warning when trying to connect to deprecated v2 onions. 2021-05-07 08:41:46 -04:00
George Kadianakis
d6e7fc00f3 Merge branch 'maint-0.4.6' 2021-05-05 10:21:48 +03:00
David Goulet
cf6e72b702 hs: Fix ADD_ONION with client authorization
Turns out that passing client authorization keys to ADD_ONION for v3 was
not working because we were not setting the "is_client_auth_enabled"
flag to true once the clients were configured. This lead to the
descriptor being encoded without the clients.

This patch removes that flag and instead adds an inline function that
can be used to check if a given service has client authorization
enabled.

This will be much less error prone of needing to keep in sync the client
list and a flag instead.

Fixes #40378

Signed-off-by: David Goulet <dgoulet@torproject.org>
2021-05-04 10:37:26 -04:00