Commit Graph

1330 Commits

Author SHA1 Message Date
Nick Mathewson
4aa0aa0300 Merge remote-tracking branch 'origin/maint-0.2.2'
Conflicts:
	src/common/Makefile.am
	src/or/Makefile.am
2012-02-12 23:27:31 -05:00
Robert Ransom
0e9663d439 Fix bug #5097: remove bogus envvar from managed proxies' environment 2012-02-12 19:12:51 -05:00
Roger Dingledine
db23aec6f2 fold in changes for 0.2.3.12-alpha 2012-02-11 22:14:59 -05:00
Sebastian Hahn
8ce6722d76 Properly protect paths to sed, sha1sum, openssl
in Makefile.am, we used it without quoting it, causing build failure if
your openssl/sed/sha1sum happened to live in a directory with a space in
it (very common on windows)
2012-02-10 20:12:03 +01:00
Nick Mathewson
64523609c9 Merge remote-tracking branch 'origin/maint-0.2.2' 2012-02-10 12:03:46 -05:00
Nick Mathewson
c8b855082b Downgrade "missing a certificate" from notice to info
It was apparently getting mistaken for a problem, even though it was
at notice.

Fixes 5067; fix on 0.2.0.10-alpha.
2012-02-10 12:01:56 -05:00
Nick Mathewson
34b9bc2829 Add a changes file for bug 5066.
(It appeared in 0.2.3.11-alpha, but never in a released 0.2.2 afaict)
2012-02-10 10:57:57 -05:00
Karsten Loesing
4aca55efd2 Count IPv6 connections in bridge and entry stats. 2012-02-09 11:12:30 +01:00
Roger Dingledine
ef0bc7f8f2 Merge branch 'maint-0.2.2' 2012-02-09 04:21:20 -05:00
Roger Dingledine
a70ff4b2cb Merge branch 'maint-0.2.1' into maint-0.2.2 2012-02-09 04:21:08 -05:00
Roger Dingledine
929ebde2b9 Merge branch 'maint-0.2.2' 2012-02-09 04:02:18 -05:00
Roger Dingledine
85c539009a Revert "add a "docs" to the manual URI as listed in torrc.sample.in"
This reverts commit 55e8cae815.

The conversation from irc:
> weasel: i had intended to leave torrc.sample.in alone in maint-0.2.2,
since i don't want to make all your stable users have to deal with
a torrc change. but nickm changed it. is it in fact the case that a
change in that file means a change in the deb?
<weasel> it means you'll prompt every single user who ever touched
their torrc
<weasel> and they will be asked if they like your new version better
than what they have right now
<weasel> so it's not great

Instead I changed the website to redirect requests for the tor-manual
URL listed in maint-0.2.2's torrc.sample.in so the link will still work.
2012-02-09 03:57:04 -05:00
Karsten Loesing
4180624a7d Update to the February 2012 GeoIP database. 2012-02-09 09:16:24 +01:00
Nick Mathewson
ca431c5400 Merge remote-tracking branch 'origin/maint-0.2.2' 2012-02-08 10:52:34 -05:00
Nick Mathewson
55e8cae815 add a "docs" to the manual URI as listed in torrc.sample.in 2012-02-08 10:52:05 -05:00
Sebastian Hahn
332e96d109 Fix fencepost error with HearbeatPeriod option
We'd only log every HeartbeatPeriod + 1 seconds. Discovered by Scott
Bennett, reported as bug 4942.
2012-02-08 04:44:15 -05:00
Roger Dingledine
9bcf315e9b Update sample torrc file for 0.2.3.x
Fix broken URLs.

Tell readers about the OutboundBindAddress, ExitPolicyRejectPrivate,
and PublishServerDescriptor options.
2012-02-08 04:40:26 -05:00
Roger Dingledine
92862c6d48 Merge branch 'maint-0.2.2' 2012-02-02 02:32:44 -05:00
Roger Dingledine
688903e919 Update "ClientOnly" man page entry
There isn't really any point to messing with it. Resolves ticket 5005.
2012-02-02 02:31:28 -05:00
Nick Mathewson
dd68d596cd Set IPV6_V6ONLY on listener sockets bound to IPv6 addresses.
If we don't do this, [::] can be interpreted to mean all v4 and all
v6 addresses.  Found by dcf.  Fixes bug 4760.  See RFC 3493 section
5.3 for more info.
2012-01-31 16:09:49 -05:00
Nick Mathewson
79a80c88ee Fix straggling MS_WINDOWS issues; add a changes file
There was one MS_WINDOWS that remained because it wasn't on a macro
line; a few remaining uses (and the definition!) in configure.in;
and a now-nonsensical stanza of eventdns_tor.h that previously
defined 'WIN32' if it didn't exist.
2012-01-31 15:48:47 -05:00
Nick Mathewson
2305454327 Merge remote-tracking branch 'arma/bug4013' 2012-01-31 11:25:29 -05:00
Nick Mathewson
48424772aa Actually enable the windows absolute-path code
Checking for "WINDOWS" is wrong; our magic macro is MS_WINDOWS

Fixes bug 4973; bugfix on 0.2.3.11-alpha.
2012-01-31 10:42:41 -05:00
Nick Mathewson
2b29c8f48f Merge remote-tracking branch 'sebastian/osx_deadstrip' 2012-01-27 11:49:34 -05:00
Roger Dingledine
a0f0897795 Allow 0.2.3.x clients to use 0.2.2.x bridges.
Previously the client would ask the bridge for microdescriptors, which are
only supported in 0.2.3.x and later, and then fail to bootstrap when it
didn't get the answers it wanted. Fixes bug 4013; bugfix on 0.2.3.2-alpha.

The fix here is to revert to using normal descriptors if any of our
bridges are known to not support microdescs. This is not ideal, a) because
we'll start downloading a microdesc consensus as soon as we get a bridge
descriptor, and that will waste time if we later get a bridge descriptor
that tells us we don't like microdescriptors; and b) by changing our mind
we're leaking to our other bridges that we have an old-version bridge.

The alternate fix would have been to change
we_use_microdescriptors_for_circuits() to ask if *any* of our bridges
can support microdescriptors, and then change the directory logic that
picks a bridge to only select from those that do. For people living in
the future, where 0.2.2.x is obsolete, there won't be a difference.

Note that in either of these potential fixes, we have risk of oscillation
if our one funny-looking bridges goes away / comes back.
2012-01-25 18:54:59 -05:00
Roger Dingledine
247a21379a set SO_REUSEADDR before we bind, not after
resolves bug 4950 (fixes a bug on commit aba7bb705a from #2850)
2012-01-23 15:54:02 -05:00
Roger Dingledine
110a953156 fold in recent changelog entries 2012-01-22 00:15:45 -05:00
Sebastian Hahn
1f5c5624f4 Use dead_strip to reduce binary size on OS X
This option seems to be supported all the way back to at least 10.4, so
enabling it for OS X in general should be fine. If not, someone will
yell.

With no libs statically linked, that's a 3% win in binary size, with
just libevent linked statically, this gives us an advantage of 5% in
terms of binary size, and with libevent and openssl statically linked,
we gain over 18% or over 500KB.

Implements ticket 2915.
2012-01-20 23:30:53 +01:00
Nick Mathewson
26e789fbfd Rename nonconformant identifiers.
Fixes bug 4893.

These changes are pure mechanical, and were generated with this
perl script:

  /usr/bin/perl -w -i.bak -p

  s/crypto_pk_env_t/crypto_pk_t/g;
  s/crypto_dh_env_t/crypto_dh_t/g;
  s/crypto_cipher_env_t/crypto_cipher_t/g;
  s/crypto_digest_env_t/crypto_digest_t/g;

  s/aes_free_cipher/aes_cipher_free/g;
  s/crypto_free_cipher_env/crypto_cipher_free/g;
  s/crypto_free_digest_env/crypto_digest_free/g;
  s/crypto_free_pk_env/crypto_pk_free/g;

  s/_crypto_dh_env_get_dh/_crypto_dh_get_dh/g;
  s/_crypto_new_pk_env_rsa/_crypto_new_pk_from_rsa/g;
  s/_crypto_pk_env_get_evp_pkey/_crypto_pk_get_evp_pkey/g;
  s/_crypto_pk_env_get_rsa/_crypto_pk_get_rsa/g;

  s/crypto_new_cipher_env/crypto_cipher_new/g;
  s/crypto_new_digest_env/crypto_digest_new/g;
  s/crypto_new_digest256_env/crypto_digest256_new/g;
  s/crypto_new_pk_env/crypto_pk_new/g;

  s/crypto_create_crypto_env/crypto_cipher_new/g;

  s/connection_create_listener/connection_listener_new/g;
  s/smartlist_create/smartlist_new/g;
  s/transport_create/transport_new/g;
2012-01-18 15:53:30 -05:00
Nick Mathewson
d1b40cf2e7 Merge remote-tracking branch 'public/bug4533_part1'
Conflicts:
	src/common/compat.h
2012-01-18 15:33:04 -05:00
Nick Mathewson
1772782e42 Merge remote-tracking branch 'origin/maint-0.2.2' 2012-01-18 15:29:41 -05:00
Nick Mathewson
6d595fa4cf Merge remote-tracking branch 'public/bug4533_part2' into maint-0.2.2 2012-01-18 15:29:25 -05:00
Nick Mathewson
b14ac10b7f Add missing documentation for some options introduced in 0.2.3.x 2012-01-18 14:50:13 -05:00
Nick Mathewson
93d3a917e8 Merge remote-tracking branch 'origin/maint-0.2.2' 2012-01-18 14:45:18 -05:00
Nick Mathewson
676bba8e0c Documentation for GiveGuardFlagTo... option 2012-01-18 14:44:29 -05:00
Nick Mathewson
ee717f35c4 Use tor_socket_t, not unsigned, in tor-fw-helper-natmp.c 2012-01-18 13:14:44 -05:00
Nick Mathewson
dd4b1a2ac6 Fix SOCKET_OK test on win64.
Bugfix on 0.2.2.29-beta; partial fix for 4533; found by wanoskarnet
2012-01-18 10:48:29 -05:00
Nick Mathewson
dea0720dad Warn if sizeof(tor_socket_t) != sizeof(SOCKET) 2012-01-17 16:38:47 -05:00
Nick Mathewson
6e8c2a3e46 Use SOCKET_OK macros in even more places
Add a TOR_INVALID_SOCKET macro to wrap -1/INVALID_SOCKET.

Partial work for bug4533.
2012-01-17 16:35:07 -05:00
Nick Mathewson
875a54dad3 Merge remote-tracking branch 'public/bug3325' 2012-01-16 15:10:38 -05:00
Nick Mathewson
5579bc0eaf whitespace fixes 2012-01-16 15:07:47 -05:00
Nick Mathewson
cc02823d7f Convert instances of tor_snprintf+strdup into tor_asprintf
These were found by looking for tor_snprintf() instances that were
followed closely by tor_strdup(), though I probably converted some
other snprintfs as well.
2012-01-16 15:03:13 -05:00
Nick Mathewson
edcc9981d8 Try to use smartlist_add_asprintf consistently
(To ensure correctness, in every case, make sure that the temporary
variable is deleted, renamed, or lowered in scope, so we can't have
any bugs related to accidentally relying on the no-longer-filled
variable.)
2012-01-16 15:02:51 -05:00
Nick Mathewson
125fba2e99 Provide consensus params to constrain the threshold for Fast
resolves ticket 3946
2012-01-16 14:50:13 -05:00
Nick Mathewson
938531773a Allow authorities to baddir/badexit/invalid/reject nodes by cc
Implements ticket #4207
2012-01-13 12:28:47 -05:00
Nick Mathewson
2cddd1d69f Move logging of bad hostnames into parse_extended_hostname
This fixes bug 3325, where a bad .exit would get logged as a bad .onion
2012-01-11 15:56:14 -05:00
Nick Mathewson
411cf8f714 Make openssl 0.9.8l log message accurate
fixes 4837
2012-01-11 15:41:46 -05:00
Nick Mathewson
f729e1e984 Merge branch 'feature3457-v4-nm-squashed'
Conflicts:
	src/or/rendclient.c
2012-01-11 12:10:14 -05:00
Nick Mathewson
5e9d349979 Merge remote-tracking branch 'public/bug4650_nm_squashed' 2012-01-10 17:59:49 -05:00
Nick Mathewson
eefe8857c2 changes file for bug4746 2012-01-10 16:53:27 -05:00
Nick Mathewson
8d74fba651 Merge branch 'absolute_cookie_file' 2012-01-10 15:00:02 -05:00
Nick Mathewson
3085b76a09 changes file for #4881 2012-01-10 14:59:49 -05:00
Nick Mathewson
d29a390733 Test for broken counter-mode at runtime
To solve bug 4779, we want to avoid OpenSSL 1.0.0's counter mode.
But Fedora (and maybe others) lie about the actual OpenSSL version,
so we can't trust the header to tell us if it's safe.

Instead, let's do a run-time test to see whether it's safe, and if
not, use our built-in version.

fermenthor contributed a pretty essential fixup to this patch. Thanks!
2012-01-10 11:15:35 -05:00
Nick Mathewson
5741aef3dc We no longer need to detect openssl without RAND_poll()
We require openssl 0.9.7 or later, and RAND_poll() was first added in
openssl 0.9.6.
2012-01-10 10:40:31 -05:00
Nick Mathewson
85c7d7659e Add macros to construct openssl version numbers
It's a pain to convert 0x0090813f to and from 0.9.8s-release on the
fly, so these macros should help.
2012-01-10 10:40:30 -05:00
Sebastian Hahn
6b9298ef72 Log which votes we still need to fetch
This might help us see which authorities are problematic in getting
their vote published the first time.
2012-01-10 16:13:30 +01:00
Sebastian Hahn
50a50392b7 Advertise dirport if accountingmax is large enough
When we have an effective bandwidthrate configured so that we cannot
exceed our bandwidth limit in one accounting interval, don't disable
advertising the dirport. Implements ticket 2434.
2012-01-10 09:59:36 -05:00
Nick Mathewson
489db38229 Revise bug4413 changes file 2012-01-09 19:18:48 -05:00
Stephen Palmateer
3fadc074ca Remove (untriggerable) overflow in crypto_random_hostname()
Fixes bug 4413; bugfix on xxxx.

Hostname components cannot be larger than 63 characters.
This simple check makes certain randlen cannot overflow rand_bytes_len.
2012-01-09 19:05:05 -05:00
Nick Mathewson
838ec086be Merge remote-tracking branch 'origin/maint-0.2.2' 2012-01-09 12:22:29 -05:00
Nick Mathewson
6fd61cf767 Fix a trivial log message error in renservice.c
Fixes bug 4856; bugfix on 0.0.6

This bug was introduced in 79fc5217, back in 2004.
2012-01-09 12:21:04 -05:00
Roger Dingledine
36721e940d fold in some new changelog stanzas 2012-01-07 07:42:07 -05:00
Nick Mathewson
37c90319e2 Add a changes file for bug4563 2012-01-06 11:42:00 -05:00
Nick Mathewson
ef69f2f2ab Merge remote-tracking branch 'origin/maint-0.2.2' 2012-01-05 14:17:44 -05:00
Nick Mathewson
ccd8289958 Merge remote-tracking branch 'origin/maint-0.2.1' into maint-0.2.2 2012-01-05 14:16:30 -05:00
Nick Mathewson
0a00678e56 Add a changes file for bug4822 2012-01-05 12:28:55 -05:00
Roger Dingledine
9bfb8af265 Merge branch 'maint-0.2.2' 2012-01-05 06:55:34 -05:00
Roger Dingledine
a1074c7aa2 Merge branch 'maint-0.2.1' into maint-0.2.2 2012-01-05 06:45:28 -05:00
Roger Dingledine
df17b62d54 add a changes file for ticket 4825 2012-01-05 06:42:26 -05:00
Nick Mathewson
ff282a1126 changes file for bug4650 2012-01-04 15:12:02 -05:00
Nick Mathewson
65420e4cb5 Merge remote-tracking branch 'rransom-tor/bug1297b-v2' 2012-01-04 13:50:24 -05:00
Nick Mathewson
47b7a27929 Merge remote-tracking branch 'origin/maint-0.2.2' 2012-01-03 13:22:34 -05:00
Sebastian Hahn
d861b4cc9d Fix spelling in a controlsocket log msg
Fixes bug 4803.
2011-12-30 23:27:02 +01:00
Nick Mathewson
bfae41328e Merge remote-tracking branch 'origin/maint-0.2.2' 2011-12-28 16:52:31 -05:00
Nick Mathewson
84bf8e3808 Merge remote-tracking branch 'public/bug4788' into maint-0.2.2 2011-12-28 16:50:45 -05:00
Nick Mathewson
f71d63ec9d changes file for bug1827 2011-12-28 16:40:15 -05:00
Nick Mathewson
e3a6493898 Merge remote-tracking branch 'origin/maint-0.2.2' 2011-12-28 15:57:48 -05:00
Nick Mathewson
c563551eef Merge remote-tracking branch 'origin/maint-0.2.1' into maint-0.2.2 2011-12-28 15:56:37 -05:00
Nick Mathewson
120a745346 Bug 4786 fix: don't convert EARLY to RELAY on v1 connections
We used to do this as a workaround for older Tors, but now it's never
the correct thing to do (especially since anything that didn't
understand RELAY_EARLY is now deprecated hard).
2011-12-28 15:54:06 -05:00
Robert Ransom
2b189a222b Don't exit when marking a newly created _C_INTRODUCING circ for close 2011-12-28 09:02:14 -08:00
Nick Mathewson
9bcb187387 Authorities reject insecure Tors.
This patch should make us reject every Tor that was vulnerable to
CVE-2011-0427.  Additionally, it makes us reject every Tor that couldn't
handle RELAY_EARLY cells, which helps with proposal 110 (#4339).
2011-12-27 21:47:04 -05:00
Nick Mathewson
78f43c5d03 Require openssl 1.0.0a for using openssl's ctr-mode implementation
Previously we required 1.0.0, but there was a bug in the 1.0.0 counter
mode. Found by Pascal. Fixes bug 4779.

A more elegant solution would be good here if somebody has time to code
one.
2011-12-27 20:31:23 -05:00
Robert Ransom
836161c560 Add an option to close HS service-side rend circs on timeout 2011-12-27 08:02:43 -08:00
Robert Ransom
f88c8ca8c9 Don't close HS service-side rend circs on timeout 2011-12-27 08:02:43 -08:00
Robert Ransom
078e3e9dd5 Add an option to close 'almost-connected' HS client circs on timeout 2011-12-27 08:02:43 -08:00
Robert Ransom
4b13c33c0c Don't close HS client circs which are 'almost connected' on timeout 2011-12-27 08:02:42 -08:00
Nick Mathewson
85d7811456 Merge remote-tracking branch 'origin/maint-0.2.2' 2011-12-26 17:58:51 -05:00
Roger Dingledine
3aade2fab7 Merge remote-tracking branch 'nickm/prop110_v2' 2011-12-25 17:43:09 -05:00
Sebastian Hahn
da876aec63 Provide correct timeradd/timersup replacements
Bug caught and patch provided by Vektor. Fixes bug 4778.t
2011-12-25 23:19:08 +01:00
Robert Ransom
4c3a23b283 Look up the rend circ whose INTRODUCE1 is being ACKed correctly
This change cannibalizes circuit_get_by_rend_query_and_purpose because it
had exactly one caller.
2011-12-22 23:46:09 -08:00
Nick Mathewson
7cb804343b Merge remote-tracking branch 'rransom/feature2411-v4' 2011-12-22 10:51:39 -05:00
Nick Mathewson
782b7f49d8 Fix bug2571: warn on EntryNodes set and UseEntryGuards disabled 2011-12-22 10:31:52 -05:00
Nick Mathewson
e0651bb108 Changes file for bug1101 2011-12-22 10:20:38 -05:00
Nick Mathewson
0187bd8728 Implement the last of proposal 110
Reject all EXTEND requests not received in a relay_early cell
2011-12-22 09:51:59 -05:00
Nick Mathewson
878a684386 Merge remote-tracking branch 'public/bug4697' 2011-12-22 09:45:26 -05:00
Nick Mathewson
f75660958c Merge remote-tracking branch 'origin/maint-0.2.2' 2011-12-21 11:20:56 -05:00
Nick Mathewson
b5e6bbc01d Do not even try to keep going on a socket with socklen==0
Back in #1240, r1eo linked to information about how this could happen
with older Linux kernels in response to nmap.  Bugs #4545 and #4547
are about how our approach to trying to deal with this condition was
broken and stupid.  Thanks to wanoskarnet for reminding us about #1240.

This is a fix for the abovementioned bugs, and is a bugfix on
0.1.0.3-rc.
2011-12-21 11:19:41 -05:00
Nick Mathewson
d7531b2adc duplicate changelog entry for 4531 2011-12-20 14:51:34 -05:00
Nick Mathewson
4080ac9eee Merge branch 'bug3825b-v8-squashed' 2011-12-20 11:15:49 -05:00
Robert Ransom
dae000735e Adjust n_intro_points_wanted when a service's intro points are closed 2011-12-20 11:15:33 -05:00