Commit Graph

11579 Commits

Author SHA1 Message Date
Roger Dingledine
fdd58f3bd5 If somebody tries to overflow my dirport, don't log his IP by default.
aka Fix an instance where a Tor directory mirror might accidentally
log the IP address of a misbehaving Tor client. Bugfix on
0.1.0.1-rc.
2009-11-21 23:09:24 -05:00
Roger Dingledine
4f8b36a1e2 clobber connections with different number than we clobber circuits 2009-11-21 23:02:10 -05:00
Roger Dingledine
7b6b931ccc stop assuming that our downcasts have a struct offset of 0
shouldn't actually change anything, but who knows.
2009-11-21 22:59:18 -05:00
Roger Dingledine
01a9cc0413 bump to 0.2.2.6-alpha-dev 2009-11-21 22:57:05 -05:00
Nick Mathewson
2b1bb233b3 Use the same mlockall checks with tor_set_max_memlock 2009-11-20 14:45:29 -05:00
Nick Mathewson
444eff6286 Fix compilation on OSX 10.3.
On this OSX version, there is a stub mlockall() function
that doesn't work, *and* the declaration for it is hidden by
an '#ifdef _P1003_1B_VISIBLE'.  This would make autoconf
successfully find the function, but our code fail to build
when no declaration was found.

This patch adds an additional test for the declaration.
2009-11-20 13:28:16 -05:00
Roger Dingledine
1ee580407c bump to 0.2.2.6-alpha 2009-11-19 14:16:11 -05:00
Roger Dingledine
b5462efd60 remove the 0.2.1.20 debian changelog from master's changelog 2009-11-19 14:11:54 -05:00
Nick Mathewson
9be682942c Not everybody likes debugging printfs as much as I 2009-11-18 11:26:44 -05:00
Roger Dingledine
55cd2fa310 Merge commit 'origin/maint-0.2.1'
Conflicts:

	debian/changelog
2009-11-17 15:39:46 -05:00
Roger Dingledine
0656c12b07 add the 0.2.1.20 changelog blurb, plus update the releasenotes 2009-11-17 15:35:14 -05:00
Nick Mathewson
e722ffa605 Do not report a partially-successful detached signature add as failed.
Also, regenerate the detached-signature document whenever any signatures are
successfully added.
2009-11-17 14:24:59 -05:00
Roger Dingledine
2ebd22152e only complain when rejecting a descriptor if it has contact info 2009-11-17 07:39:15 -05:00
Roger Dingledine
2bcb90a308 clean up changelog for the 0.2.2.6-alpha release 2009-11-17 07:02:17 -05:00
Roger Dingledine
dabf4423b8 Merge commit 'debian-tor-0.2.2.5-alpha-1' 2009-11-15 10:36:30 -05:00
Peter Palfrader
327e4dfe2b Change the dependency on tsocks to torsocks | tsocks (see: #554717) 2009-11-15 11:04:15 +01:00
Peter Palfrader
fbe455fec3 Allegedly echo -e is a bashism. Remove it from debian/rules, we don't need it anyways (closes: #478631) 2009-11-15 11:03:04 +01:00
Peter Palfrader
b0430672ea Change order of recommends from privoxy | polipo to polipo | privoxy. 2009-11-15 10:56:06 +01:00
Peter Palfrader
a19140828d Build-Depend on libssl-dev >= 0.9.8k-6.
libssl 0.9.8k-6 disabled autorenegotation, and the -dev package
introduced the SSL3_FLAGS_ALLOW_UNSAFE_LEGACY_RENEGOTIATION flag.

Since we now set that flag if available we want to make sure that it
*is* available when building.

Therefore build-depend on libssl-dev >= 0.9.8k-6.

If we build against earlier versions we will not work once libssl gets
upgraded to a version that disabled renegotiations.
2009-11-15 10:51:08 +01:00
Peter Palfrader
a28b5628c2 Pick 0a58567ce3 from master git tree
work with libssl that has renegotiation disabled by default.
(debian/patches/0a58567c-work-with-reneg-ssl.dpatch)
2009-11-15 10:41:33 +01:00
Peter Palfrader
6d01081fb3 Merge branch 'debian-merge' into debian
* debian-merge:
  New upstream version
  fix compile on windows
  bump to 0.2.2.5-alpha
  Move dizum to an alternate IP address.
  Ship test.h in release
2009-11-15 10:37:48 +01:00
Peter Palfrader
0165f2765f New upstream version 2009-11-15 10:37:39 +01:00
Peter Palfrader
fa79ef3573 Merge commit 'tor-0.2.2.5-alpha' into debian-merge
* commit 'tor-0.2.2.5-alpha':
  fix compile on windows
  bump to 0.2.2.5-alpha
  Move dizum to an alternate IP address.
  Ship test.h in release
2009-11-15 10:37:34 +01:00
Jacob Appelbaum
6f1fe7e941 Fix compilation with with bionic libc.
This fixes bug 1147:

 bionic doesn't have an actual implementation of mlockall();
 mlockall() is merely in the headers but not actually in the library.
 This prevents Tor compilation with the bionic libc for Android handsets.
2009-11-14 16:45:14 -05:00
Nick Mathewson
0f212193a0 Merge commit 'debian-tor-0.2.1.20-1' into maint-0.2.1 2009-11-13 15:47:18 -05:00
Peter Palfrader
4db6e63c26 Merge branch 'debian-merge' into debian-0.2.1
* debian-merge: (37 commits)
  New upstream version
  bump to 0.2.1.20
  Move moria1 and Tonga to alternate IP addresses.
  read the "circwindow" parameter from the consensus
  Code to parse and access network parameters.
  Revert "Teach connection_ap_can_use_exit about Exclude*Nodes"
  Work around a memory leak in openssl 0.9.8g (and maybe others)
  Teach connection_ap_can_use_exit about Exclude*Nodes
  make some bug 1090 warnings go away
  Fix a memory leak when parsing a ns
  Fix obscure 64-bit big-endian hidserv bug
  turns out the packaging changes aren't in 0.2.1.20
  update changelog with bundle details
  Use an _actual_ fix for the byte-reverse warning.
  Use a simpler fix for the byte-reversing warning
  Fix compile warnings on Snow Leopard
  Add getinfo accepted-server-descriptor. Clean spec.
  Reduce log level for bug case that we now know really exists.
  Only send reachability status events on overall success/failure
  update the README instructions and OS X makefiles
  ...
2009-11-13 19:58:59 +01:00
Peter Palfrader
751e9b2bb6 New upstream version 2009-11-13 19:57:10 +01:00
Peter Palfrader
0e74939671 Merge commit 'tor-0.2.1.20' into debian-merge
* commit 'tor-0.2.1.20': (36 commits)
  bump to 0.2.1.20
  Move moria1 and Tonga to alternate IP addresses.
  read the "circwindow" parameter from the consensus
  Code to parse and access network parameters.
  Revert "Teach connection_ap_can_use_exit about Exclude*Nodes"
  Work around a memory leak in openssl 0.9.8g (and maybe others)
  Teach connection_ap_can_use_exit about Exclude*Nodes
  make some bug 1090 warnings go away
  Fix a memory leak when parsing a ns
  Fix obscure 64-bit big-endian hidserv bug
  turns out the packaging changes aren't in 0.2.1.20
  update changelog with bundle details
  Use an _actual_ fix for the byte-reverse warning.
  Use a simpler fix for the byte-reversing warning
  Fix compile warnings on Snow Leopard
  Add getinfo accepted-server-descriptor. Clean spec.
  Reduce log level for bug case that we now know really exists.
  Only send reachability status events on overall success/failure
  update the README instructions and OS X makefiles
  Avoid segfault when accessing hidden service.
  ...
2009-11-13 19:01:22 +01:00
Roger Dingledine
22f674fcb8 Fix a memory leak on directory authorities during voting
Fix a memory leak on directory authorities during voting that was
introduced in 0.2.2.1-alpha. Found via valgrind.
2009-11-12 01:31:26 -05:00
Nick Mathewson
69c0147ea6 Fix building from a separate build directory. 2009-11-08 00:38:46 -05:00
Nick Mathewson
2db0256372 Add changelog entry to 0.2.2.x about openssl 0.9.8l fix 2009-11-06 15:25:41 -05:00
Nick Mathewson
0a58567ce3 Merge commit 'origin/maint-0.2.1'
Conflicts:
	src/common/tortls.c
2009-11-06 15:24:52 -05:00
Nick Mathewson
ce0a89e262 Make Tor work with OpenSSL 0.9.8l
To fix a major security problem related to incorrect use of
SSL/TLS renegotiation, OpenSSL has turned off renegotiation by
default.  We are not affected by this security problem, however,
since we do renegotiation right.  (Specifically, we never treat a
renegotiated credential as authenticating previous communication.)
Nevertheless, OpenSSL's new behavior requires us to explicitly
turn renegotiation back on in order to get our protocol working
again.

Amusingly, this is not so simple as "set the flag when you create
the SSL object" , since calling connect or accept seems to clear
the flags.

For belt-and-suspenders purposes, we clear the flag once the Tor
handshake is done.  There's no way to exploit a second handshake
either, but we might as well not allow it.
2009-11-05 18:13:08 -05:00
Nick Mathewson
eb1faf8a0a Fix a URL in a log message. 2009-11-04 11:39:10 -05:00
Sebastian Hahn
f1b7295b27 Disallow command line keywords with more than two dashes as prefix.
This might help fix cid 422, where coverity fails to notice that
argv strings are null-escaped.
2009-10-27 17:50:24 +01:00
Sebastian Hahn
b0e8c33617 Make it more obvious for coverity that cid 404 is not dead code 2009-10-27 14:19:32 +01:00
Jacob Appelbaum
2aac39a779 Implement DisableAllSwap to avoid putting secret info in page files.
This commit implements a new config option: 'DisableAllSwap'
This option probably only works properly when Tor is started as root.
We added two new functions: tor_mlockall() and tor_set_max_memlock().
tor_mlockall() attempts to mlock() all current and all future memory pages.
For tor_mlockall() to work properly we set the process rlimits for memory to
RLIM_INFINITY (and beyond) inside of tor_set_max_memlock().
We behave differently from mlockall() by only allowing tor_mlockall() to be
called one single time. All other calls will result in a return code of 1.
It is not possible to change DisableAllSwap while running.
A sample configuration item was added to the torrc.complete.in config file.
A new item in the man page for DisableAllSwap was added.
Thanks to Moxie Marlinspike and Chris Palmer for their feedback on this patch.

Please note that we make no guarantees about the quality of your OS and its
mlock/mlockall implementation. It is possible that this will do nothing at all.
It is also possible that you can ulimit the mlock properties of a given user
such that root is not required. This has not been extensively tested and is
unsupported. I have included some comments for possible ways we can handle
this on win32.
2009-10-27 04:28:40 -04:00
Karsten Loesing
56c2385157 Fix bug 1113.
Bridges do not use the default exit policy, but reject *:* by default.
2009-10-27 01:03:41 -07:00
Roger Dingledine
8c34e79263 Merge commit 'karsten/log-1092' 2009-10-27 02:26:58 -04:00
Karsten Loesing
c8b27a8e9e Improve log statement when publishing v2 hs desc. 2009-10-26 23:09:10 -07:00
Karsten Loesing
19ddee5582 Fix bug 1042.
If your relay can't keep up with the number of incoming create cells, it
would log one warning per failure into your logs. Limit warnings to 1 per
minute.
2009-10-26 22:49:43 -07:00
Sebastian Hahn
70abd843fd crypto_cipher_set_key cannot fail
In 5e4d53d535 we made it so that
crypto_cipher_set_key cannot fail. The call will now
always succeed, to returning a boolean for success/failure makes
no sense.
2009-10-27 04:31:23 +01:00
Nick Mathewson
174be15c1a Merge commit 'origin/maint-0.2.1' 2009-10-26 23:15:37 -04:00
Nick Mathewson
54973a45a6 Fix an apparently bogus check; fortunately, it seems to be untriggered. 2009-10-26 23:14:53 -04:00
Nick Mathewson
311315e077 Fix an accidentally removed free in 385853a282, and repair a check. 2009-10-26 23:13:29 -04:00
Roger Dingledine
ad525685f6 Merge commit 'karsten/fix-1066-3' 2009-10-26 22:45:12 -04:00
Nick Mathewson
698aaeb178 Note coverity fixes in changelog. 2009-10-26 22:40:41 -04:00
Nick Mathewson
385853a282 Fix/annotate deadcode for CID 402,403 2009-10-26 22:40:41 -04:00
Nick Mathewson
134ac8059b Fix the very noisy unit test memory leak of CID 420-421.
On any failing case in test_util_config_line, we would leak a couple
of strings.
2009-10-26 22:40:41 -04:00
Nick Mathewson
caa141617f Fix dead code found by Coverity (CID 419).
This was left over from an early draft of the microdescriptor code; it
began to populate the signatures array of a networkstatus vote, even
though there's no actual need to do that for a vote.
2009-10-26 22:40:41 -04:00