Roger Dingledine
fcbb21b414
bump to 0.2.4.23
2014-07-28 04:07:36 -04:00
Roger Dingledine
68a2e4ca4b
Warn and drop the circuit if we receive an inbound 'relay early' cell
...
Those used to be normal to receive on hidden service circuits due to bug
1038, but the buggy Tor versions are long gone from the network so we
can afford to resume watching for them. Resolves the rest of bug 1038;
bugfix on 0.2.1.19.
2014-07-28 02:44:05 -04:00
Roger Dingledine
8882dcfc59
add a changes file for bug 12718
2014-07-27 15:41:30 -04:00
Arlo Breault
8f70d756fb
Confusing log message when circuit can't be extended
2014-07-27 15:01:15 -04:00
Nick Mathewson
d5558f0072
circuit_build_failed: distinguish "first hop chan failed", "CREATE failed"
...
Roger spotted this on tor-dev in his comments on proposal 221.
(Actually, detect DESTROY vs everything else, since arma likes
network timeout indicating failure but not overload indicating failure.)
2014-07-25 11:59:00 -04:00
Nick Mathewson
e001610c99
Implement proposal 221: Stop sending CREATE_FAST
...
This makes FastFirstHopPK an AUTOBOOL; makes the default "auto"; and
makes the behavior of "auto" be "look at the consensus."
2014-07-25 11:59:00 -04:00
Nick Mathewson
1b551823de
Avoid illegal read off end of an array in prune_v2_cipher_list
...
This function is supposed to construct a list of all the ciphers in
the "v2 link protocol cipher list" that are supported by Tor's
openssl. It does this by invoking ssl23_get_cipher_by_char on each
two-byte ciphersuite ID to see which ones give a match. But when
ssl23_get_cipher_by_char cannot find a match for a two-byte SSL3/TLS
ciphersuite ID, it checks to see whether it has a match for a
three-byte SSL2 ciphersuite ID. This was causing a read off the end
of the 'cipherid' array.
This was probably harmless in practice, but we shouldn't be having
any uninitialized reads.
(Using ssl23_get_cipher_by_char in this way is a kludge, but then
again the entire existence of the v2 link protocol is kind of a
kludge. Once Tor 0.2.2 clients are all gone, we can drop this code
entirely.)
Found by starlight. Fix on 0.2.4.8-alpha. Fixes bug 12227.
2014-07-24 19:45:38 -04:00
Roger Dingledine
71c62b15ca
update manpage for numentryguards / numdirectoryguards
2014-07-24 16:19:48 -04:00
Roger Dingledine
9fc276a1c7
add a NumDirectoryGuards consensus param too
2014-07-24 16:19:47 -04:00
Roger Dingledine
56ee61b8ae
Add and use a new NumEntryGuards consensus parameter.
...
When specified, it overrides our default of 3 entry guards.
(By default, it overrides the number of directory guards too.)
Implements ticket 12688.
2014-07-24 16:19:47 -04:00
Nick Mathewson
303d7f55d9
Merge branch 'curve25519-donna32' into maint-0.2.4
2014-07-23 21:28:18 -04:00
Nick Mathewson
ad0cf550b7
Put the bug number and correct credits in the changes file for the new curve25519-donna32
2014-07-23 21:25:53 -04:00
Nick Mathewson
75501dbe4a
Merge remote-tracking branch 'karsten/geoip6-jul2014' into maint-0.2.4
2014-07-21 14:29:43 -04:00
Nick Mathewson
015f710f72
Merge remote-tracking branch 'origin/maint-0.2.3' into maint-0.2.4
2014-07-21 14:29:30 -04:00
Karsten Loesing
6345dfa1fe
Update geoip6 to the July 10 2014 database.
2014-07-18 16:31:25 +02:00
Karsten Loesing
6d5efbef22
Update geoip to the July 10 2014 database.
2014-07-18 16:28:50 +02:00
Nick Mathewson
391861311c
Small tweaks to make curve25519-donna32 compile with our warnings
2014-07-15 15:43:40 +02:00
Nick Mathewson
8cc0860592
Update to latest curve25519-donna32
2014-07-15 15:42:20 +02:00
Nick Mathewson
f5ce580bab
Fix changes file for geoip
2014-06-10 21:08:44 -04:00
Nick Mathewson
3bc28c4c04
Merge remote-tracking branch 'karsten/geoip6-jun2014' into maint-0.2.4
2014-06-10 21:08:12 -04:00
Nick Mathewson
ab774a8500
Merge remote-tracking branch 'origin/maint-0.2.3' into maint-0.2.4
2014-06-10 21:07:57 -04:00
Karsten Loesing
555c43cd03
Update geoip to the June 4 2014 database.
2014-06-10 21:33:52 +02:00
Karsten Loesing
40579cb6a5
Update geoip6 to the June 4 2014 database.
2014-06-10 21:32:24 +02:00
Nick Mathewson
8d9602c21c
Bump maint-0.2.4 version to 0.2.4.22-dev
...
(See discussion on #9553 )
2014-05-16 09:16:54 -04:00
Nick Mathewson
411c622906
Merge commit 'bb9b4c37f8e7f5cf78918f382e90d8b11ff42551' into maint-0.2.4
2014-05-07 23:11:32 -04:00
Nick Mathewson
0ad8133a7e
Merge remote-tracking branch 'public/ticket11528_024' into maint-0.2.4
2014-05-07 23:04:59 -04:00
Nick Mathewson
882893c8c3
Merge remote-tracking branch 'public/bug11513_024' into maint-0.2.4
2014-05-07 23:04:48 -04:00
Nick Mathewson
894c8b2266
Merge remote-tracking branch 'public/update_ciphers_ff28' into maint-0.2.4
2014-05-07 23:04:22 -04:00
Nick Mathewson
14bc6e8993
Merge remote-tracking branch 'origin/maint-0.2.3' into maint-0.2.4
...
Conflicts:
src/or/microdesc.c
2014-05-01 11:44:25 -04:00
Nick Mathewson
6a4f5d9b4d
Downgrade bug 7164 warning to INFO
...
The 0.2.5.x warning is the one that might help us track this down; the
warnings in stable are just annoying users over and over and over.
2014-05-01 11:42:02 -04:00
Nick Mathewson
efab3484e6
Merge remote-tracking branch 'origin/maint-0.2.3' into maint-0.2.4
2014-04-30 20:25:15 -04:00
Nick Mathewson
8828794dc2
Merge remote-tracking branch 'public/bug10849_023_bruteforce' into maint-0.2.3
2014-04-30 20:23:22 -04:00
Nick Mathewson
35699ef9f5
Drop the MaxMemInCellQueues lower limit down to 256 MB.
...
on #9686 , gmorehose reports that the 500 MB lower limit is too high
for raspberry pi users.
This is a backport of 647248729f
to 0.2.4.
Note that in 0.2.4, the option is called MaxMemInCellQueues.
2014-04-29 20:48:22 -04:00
Nick Mathewson
1d3ffc0ec9
Merge remote-tracking branch 'origin/maint-0.2.3' into maint-0.2.4
2014-04-29 13:02:18 -04:00
Nick Mathewson
65575b0755
Stop leaking memory in error cases of md parsing
...
When clearing a list of tokens, it's important to do token_clear()
on them first, or else any keys they contain will leak. This didn't
leak memory on any of the successful microdescriptor parsing paths,
but it does leak on some failing paths when the failure happens
during tokenization.
Fixes bug 11618; bugfix on 0.2.2.6-alpha.
2014-04-29 13:00:00 -04:00
Nick Mathewson
f8248abbd6
Forbid TunneledDirConns 0 and PreferTunneledDirConns 0 if being a HS
...
Fixes bug 10849; bugfix on 0.2.1.1-alpha (I believe)
2014-04-25 14:24:41 -04:00
Nick Mathewson
9e44df2c98
Merge remote-tracking branch 'public/bug9229_024' into maint-0.2.4
2014-04-23 11:01:39 -04:00
Nick Mathewson
bb9b4c37f8
Supply better and less frequent warnings on circID exhaustion
...
Fixes the surface behavior of #11553
2014-04-18 12:31:06 -04:00
Nick Mathewson
0b319de60f
Elevate server TLS cipher preferences over client
...
The server cipher list is (thanks to #11513 ) chosen systematically to
put the best choices for Tor first. The client cipher list is chosen
to resemble a browser. So let's set SSL_OP_CIPHER_SERVER_PREFERENCE
to have the servers pick according to their own preference order.
2014-04-17 10:33:04 -04:00
Nick Mathewson
3fc0f9efb8
Merge remote-tracking branch 'origin/maint-0.2.3' into maint-0.2.4
2014-04-16 14:57:14 -04:00
Nick Mathewson
ef3d7f2f97
remove note about dannenberg; it has upgraded.
2014-04-16 14:56:49 -04:00
Nick Mathewson
f050cf75b0
Merge remote-tracking branch 'origin/maint-0.2.3' into maint-0.2.4
2014-04-16 13:32:20 -04:00
Nick Mathewson
2ce0750d21
Update the authority signing key blacklist
...
Now it only has dannenberg
2014-04-16 13:31:40 -04:00
Nick Mathewson
f3c20a28ab
Merge remote-tracking branch 'origin/maint-0.2.3' into maint-0.2.4
...
Conflicts:
src/or/circuituse.c
2014-04-15 14:51:19 -04:00
Nick Mathewson
b0e1ddbd98
Merge remote-tracking branch 'public/bug11519_023' into maint-0.2.3
2014-04-15 14:48:00 -04:00
Nick Mathewson
b2106956e0
Don't send uninitialized stack to the controller and say it's a date.
...
Fixes bug 11519, apparently bugfix on 0.2.3.11-alpha.
2014-04-14 21:51:30 -04:00
Nick Mathewson
149931571a
Merge remote-tracking branch 'origin/maint-0.2.3' into maint-0.2.4
...
Conflicts:
src/or/routerlist.h
2014-04-14 18:00:38 -04:00
Nick Mathewson
75b4975d77
Merge branch 'bug11464_023_squashed' into maint-0.2.3
2014-04-14 17:59:01 -04:00
Nick Mathewson
09ed8a5dbb
Tweak changes file and comment dates.
2014-04-14 17:58:49 -04:00
Nick Mathewson
46cf63bb42
Fill in the list of blacklisted signing keys.
...
I used a list of certificate files from arma, and a little script,
both at 11464.
2014-04-14 17:57:39 -04:00