tor/changes
David Goulet f5c9f6d432 hs: Don't overwrite DoS parameters on circuit with consensus params
Turns out that the HS DoS defenses parameters were overwritten by the
consensus parameters everytime a new consensus would arrive.

This means that a service operator can still enable the defenses but as soon
as the intro point relay would get a new consensus, they would be overwritten.
And at this commit, the network is entirely disabling DoS defenses.

Fix this by introducing an "explicit" flag that indicate if the
ESTABLISH_INTRO cell DoS extension set those parameters or not. If set, avoid
using the consenus at once.

We are not bumping the protover HSIntro value for this because 0.4.2.x series
is EOL in 1 month and thus 0.4.3.x would be the only series with this bug. We
are confident that a backport and then upgrade path to the latest 0.4.4.x
stable coming up soon is enough to mitigate this problem in the coming months.

It avoids the upgrade path on the service side by keeping the requirement for
protover HSIntro=5.

Fixes #40109

Signed-off-by: David Goulet <dgoulet@torproject.org>
2020-08-19 09:47:34 -04:00
..
.dummy Add a .dummy file in the changes directory to stop git from removing it 2015-05-11 11:41:48 -04:00
bug16016 Downgrade "Bug: No entry found in extrainfo map" message. 2020-06-30 11:54:13 -04:00
bug31036 Use _lseeki64() on windows. 2020-07-28 11:30:47 -04:00
bug31669 hs-v3: Relax severity of a log message when decoding descriptors. 2020-03-30 13:38:29 -04:00
bug32588 router: Stop advertising incorrect auto IPv6 ORPorts 2020-03-21 03:36:39 +10:00
bug33032 pem_decode(): Tolerate CRLF line endings 2020-03-11 10:35:17 -04:00
bug33087 err/log: Stop closing stderr and stdout during shutdown 2020-02-13 00:00:41 +10:00
bug33119 Fix out-of-bound memory read in tor_tls_cert_matches_key() for NSS. 2020-07-06 16:19:16 -04:00
bug33374 practracker: Read unicode files when using Python 2 2020-02-19 08:22:01 +10:00
bug33545 hs-v3: Don't allow registration of an all-zeroes client auth key. 2020-04-13 14:13:33 -04:00
bug33608 connection: Stop forcing some ports to prefer IPv6 2020-03-13 12:28:19 +10:00
bug33668 Set *have_low_ports_out from stub port_parse_ports_relay(). 2020-03-20 07:56:26 -04:00
bug33673 Appveyor: Copy required DLLs to test and app 2020-03-20 14:48:31 +10:00
bug33674 relay/dirauth: Set some output arguments in stubs 2020-03-20 07:56:26 -04:00
bug33782 changes: file for ticket 33782 2020-04-04 13:20:06 +10:00
bug33918 channeltls: Stop truncating IPv6 in logs 2020-04-21 12:22:30 -04:00
bug34077 Fix a GCC 10.0.1 compilation warning. 2020-04-30 22:56:31 -04:00
bug34078 changes file for bug 34078. 2020-05-06 16:58:06 -04:00
bug34130 Fix crash when tor is compiled with NSS and seccomp sandbox is enabled 2020-05-12 12:56:06 -04:00
bug34131 Fix a boolean logic error when logging about invalid hostnames. 2020-05-06 17:15:37 -04:00
bug34233 Add a changes file for 34233. 2020-05-15 10:27:49 -04:00
bug34299 Man page: MinUptimeHidServDirectoryV2 defaults to 96 hours 2020-05-23 04:37:57 -04:00
bug34303 Preemptive circs should work with UseEntryGuards 0 2020-05-30 02:20:48 -04:00
bug40028 Resolve a compiler warning from a 32-bit signed/unsigned comparison 2020-07-07 15:05:38 -04:00
bug40076 Fix a bug in buf_move_all() when the input buffer is empty. 2020-07-30 14:24:25 -04:00
bug40099 Fix allocation counting in clean_v2_descs_as_dir test. 2020-08-12 14:25:46 -04:00
doc32971 Document __OwningControllerProcess torrc option and mention polling interval 2020-03-10 09:13:19 -04:00
ticket28992 hs-v3: Remove BUG() that can occur normally 2020-02-12 14:09:40 +10:00
ticket32672 Reject 0.2.9 and 0.4.0 in dirserv_rejects_tor_version() 2020-03-16 10:40:14 -04:00
ticket32792 Travis: Produce detailed chutney diagnostics 2020-03-16 16:04:51 +10:00
ticket33029 dirauth: Resume sending 503 directory error code 2020-02-11 09:58:28 -05:00
ticket33119 changes file for 33119 aka TROVE-2020-002 2020-02-05 12:02:32 -05:00
ticket33188 changes file for ticket 33188 2020-02-12 12:28:35 -06:00
ticket33194 Travis: Sort jobs in order of speed 2020-02-13 13:52:41 +10:00
ticket33195 Travis: Require the macOS IPv6 chutney job 2020-02-13 13:43:59 +10:00
ticket33213 changes file for ticket 33213 2020-02-10 14:24:44 -06:00
ticket33290 Use more memory poisoning and better asserts around ewma code 2020-02-12 14:17:19 -05:00
ticket33361 config: Warn if ContactInfo is not set 2020-03-12 12:43:00 -04:00
ticket33458 changes: Add changes file for ticket 33458 2020-05-28 12:25:42 +03:00
ticket33460 changes file for ticket 33460. 2020-02-26 14:19:53 -05:00
ticket33491 dos: Pass transport name on new client connection 2020-03-10 14:45:13 -04:00
ticket33619 circpad_setup_machine_on_circ(): exit early on error. 2020-03-16 17:59:57 -04:00
ticket33623 sendme: Emit version 1 by default 2020-03-17 10:14:57 -04:00
ticket33643 Add a TOR_SKIP_TESTCASES environment variable for suppressing tests. 2020-03-19 18:36:36 -04:00
ticket33643_part2 Appveyor: disable crypto/openssl_version 2020-03-19 18:36:36 -04:00
ticket33646 configure: Fix enabled module variable expansion 2020-04-01 23:02:24 +10:00
ticket33678_043 practracker: Disable practracker in git hooks 2020-03-20 17:32:57 +10:00
ticket33804 client: Revert setting PreferIPv6 on by default 2020-04-09 11:05:32 +10:00
ticket34255_043 Doxygen: fix unbalanced groups. 2020-05-19 09:18:39 -04:00
ticket40026 CI: Fix Appveyor printf format error 2020-07-07 09:53:54 -04:00
ticket40030 Remove check-cocci from check-local target. 2020-07-13 09:24:26 -04:00
ticket40061 More info in the fallbackdir changes file 2020-07-23 10:08:42 -04:00
ticket40109 hs: Don't overwrite DoS parameters on circuit with consensus params 2020-08-19 09:47:34 -04:00
trove_2020_003 Fix TROVE-2020-003. 2020-03-17 11:44:45 -04:00