Commit Graph

4807 Commits

Author SHA1 Message Date
teor
38e3f91c63
When using exponential backoff in test networks, use a lower exponent
Lower exponents mean that delays do not vary as much. This helps test
networks bootstrap consistently.

Bugfix on 20499.
2016-11-08 16:42:26 +11:00
Nick Mathewson
e0311f6a36 Remove from master more changes files already merged in release-0.2.9 2016-11-07 16:32:30 -05:00
Nick Mathewson
3e3040a5d9 Merge branch 'maint-0.2.9'
Conflicts:
	src/or/rendservice.c
2016-11-07 16:31:40 -05:00
Nick Mathewson
9994404238 Make new changes files pass lintchanges 2016-11-07 16:19:05 -05:00
Nick Mathewson
c2fc0941a5 Merge remote-tracking branch 'teor/bug20484_029_v2' into maint-0.2.9 2016-11-07 16:12:13 -05:00
David Goulet
b0ea8b535f hs: Add changes file for HSDir v3 protocol feature
Signed-off-by: David Goulet <dgoulet@torproject.org>
2016-11-07 13:49:27 -05:00
Nick Mathewson
89edef6afb Treat bacoff/schedule mismatch as a bug. 2016-11-07 11:05:57 -05:00
Nick Mathewson
1934bf75ef Merge branch 'maint-0.2.9' 2016-11-07 11:02:15 -05:00
Nick Mathewson
864c42f4d6 Count HTTP 503 as a download failure.
Because as Teor puts it: "[Resetting on 503] is exactly what we
don't want when relays are busy - imagine clients doing an automatic
reset every time they DoS a relay..."

Fixes bug 20593.
2016-11-07 11:01:21 -05:00
Nick Mathewson
667ba776b1 Adjust download schedules per teor's #20534 recommendataions 2016-11-07 11:01:20 -05:00
Nick Mathewson
800dff1308 Merge branch 'maint-0.2.9' 2016-11-07 09:32:21 -05:00
Nick Mathewson
e4b793fe41 Merge branch 'maint-0.2.8' into maint-0.2.9 2016-11-07 09:32:00 -05:00
Nick Mathewson
2639fd08e7 Merge branch 'maint-0.2.7' into maint-0.2.8 2016-11-07 09:31:36 -05:00
Nick Mathewson
f5fdf188b9 Merge branch 'maint-0.2.6' into maint-0.2.7 2016-11-07 09:30:42 -05:00
Nick Mathewson
6c2174d44d Merge branch 'maint-0.2.5' into maint-0.2.6 2016-11-07 09:30:16 -05:00
Nick Mathewson
db2571be61 Merge branch 'maint-0.2.4' into maint-0.2.5 2016-11-07 09:29:54 -05:00
Nick Mathewson
d82ffb77f3 Merge branch '20499_part1_029_squashed', remote-tracking branches 'teor/bug20591_029' and 'teor/bug20533_029' into maint-0.2.9 2016-11-07 09:20:13 -05:00
Nick Mathewson
858867a31a Allow infinitely long delays in exponential-backoff downloads
It's only safe to remove the failure limit (per 20536) if we are in
fact waiting a bit longer each time we try to download.

Fixes bug 20534; bugfix on 0.2.9.1-alpha.
2016-11-07 09:19:35 -05:00
Nick Mathewson
a415fee58a Merge branch 'maint-0.2.9' 2016-11-07 09:09:06 -05:00
Karsten Loesing
ea597832e2 Update geoip and geoip6 to the November 3 2016 database. 2016-11-07 15:05:19 +01:00
teor
e819d420c5
When downloading certificates, check for related failures
If a consensus expires while we are waiting for certificates to download,
stop waiting for certificates.

If we stop waiting for certificates less than a minute after we started
downloading them, do not consider the certificate download failure a
separate failure.

Fixes bug 20533; bugfix on commit e0204f21 in 0.2.0.9-alpha.
2016-11-08 00:01:20 +11:00
teor
1bb28cecd9
Ensure relays don't make multiple connections during bootstrap
Relays do not deliberately launch multiple attempts, so the impact of this
bug should be minimal. This fix also defends against bugs like #20499.

Bugfix on 0.2.8.1-alpha.
2016-11-07 23:05:55 +11:00
Nick Mathewson
0bd55ed96a Always Use EVP_aes_*_ctr() with openssl 1.1
(OpenSSL 1.1 makes EVP_CIPHER_CTX opaque, _and_ adds acceleration
for counter mode on more architectures.  So it won't work if we try
the older approach, and it might help if we try the newer one.)

Fixes bug 20588.
2016-11-06 21:01:25 -05:00
Nick Mathewson
61612f980d Merge branch 'maint-0.2.9' 2016-11-06 20:24:29 -05:00
Nick Mathewson
def41e93bd In test_tortls_classify_client_ciphers(), s/ECDH/ECDHE/
(We weren't actually using these ciphers; we were just requing that
ciphers of that name existed.)

Patch from rubiate.  Fixes 20460
2016-11-06 20:23:40 -05:00
Nick Mathewson
5385a023e1 Do not apply 'max_failures' to random-exponential schedules.
Fixes bug 20536; bugfix on 0.2.9.1-alpha.
2016-11-06 20:08:11 -05:00
Nick Mathewson
1b22eae120 Fix get_delay() code to avoid TIME_MAX overflow, not INT_MAX.
Fixes bug 20587; bugfix on 35bbf2e4a4 in 0.2.8.1-alpha.
2016-11-06 19:50:08 -05:00
Nick Mathewson
b28d818423 Remove changes files that will appear in 0.2.9.5-alpha. 2016-11-06 16:57:38 -05:00
Nick Mathewson
c69bc895ca Fix lintchanges warnings in master. 2016-11-06 16:48:52 -05:00
Nick Mathewson
c8ec42de2f Merge branch 'maint-0.2.9' 2016-11-06 16:41:32 -05:00
Nick Mathewson
add164aa41 Fix warnings from lintChanges.py 2016-11-06 16:39:46 -05:00
Nick Mathewson
91053a072c changes file for 20526 2016-11-03 19:10:02 -04:00
Nick Mathewson
b96bb82a2a changes file for 19563 2016-11-03 18:41:40 -04:00
Nick Mathewson
59f4cae68c Merge branch 'maint-0.2.8' into maint-0.2.9 2016-11-03 18:36:43 -04:00
Nick Mathewson
61bdc452b0 Merge branch 'bug20551_028' into maint-0.2.8 2016-11-03 18:36:25 -04:00
Nick Mathewson
272572c3a2 Merge branch 'maint-0.2.9' 2016-11-03 15:45:16 -04:00
Nick Mathewson
3cd520a52d Merge branch 'maint-0.2.8' into maint-0.2.9 2016-11-03 15:44:46 -04:00
Nick Mathewson
7a45ef5a47 Merge remote-tracking branch 'arma/bug19969_028_squashed' into maint-0.2.8 2016-11-03 15:44:30 -04:00
Nick Mathewson
3bb49c0110 Merge branch 'maint-0.2.8' into maint-0.2.9 2016-11-03 15:41:04 -04:00
Nick Mathewson
957bdc4a42 Merge branch 'bug20553_028' 2016-11-03 10:52:21 -04:00
Nick Mathewson
9b18b215bb Work around a behavior change in openssl's BUF_MEM code
In our code to write public keys to a string, for some unfathomable
reason since 253f0f160e, we would allocate a memory BIO, then
set the NOCLOSE flag on it, extract its memory buffer, and free it.
Then a little while later we'd free the memory buffer with
BUF_MEM_free().

As of openssl 1.1 this doesn't work any more, since there is now a
BIO_BUF_MEM structure that wraps the BUF_MEM structure.  This
BIO_BUF_MEM doesn't get freed in our code.

So, we had a memory leak!

Is this an openssl bug?  Maybe.  But our code was already pretty
silly.  Why mess around with the NOCLOSE flag here when we can just
keep the BIO object around until we don't need the buffer any more?

Fixes bug 20553; bugfix on 0.0.2pre8
2016-11-03 10:51:10 -04:00
Nick Mathewson
b7a1e793e6 Declare a LINKAUTH subprotocol version for #15055 (ed link handshake)
Closes ticket 20552.
2016-11-03 10:01:40 -04:00
Nick Mathewson
1eef543f9d Merge branch 'bug20551_028' 2016-11-03 09:37:44 -04:00
Nick Mathewson
464783a8dc Use explicit casts to avoid warnings when building with openssl 1.1
fixes bug 20551; bugfix on 0.2.1.1-alpha
2016-11-03 09:35:41 -04:00
Nick Mathewson
d9ca4e20bd Merge branch 'feature_15055_v2' 2016-11-03 08:44:46 -04:00
Nick Mathewson
53656381df Changes file for 15055 branch. 2016-11-03 08:40:10 -04:00
Nick Mathewson
e64bac6eb4 Increase TLS RSA link key length to 2048 bits
Oddly, nothing broke.

Closes ticket 13752.
2016-11-03 08:39:30 -04:00
Nick Mathewson
0704fa8a63 Handle u32 overflow in ed25519 cert expiration time.
The impact here isn't too bad. First, the only affected certs that
expire after 32-bit signed time overflows in Y2038. Second, it could
only make it seem that a non-expired cert is expired: it could never
make it seem that an expired cert was still live.

Fixes bug 20027; bugfix on 0.2.7.2-alpha.
2016-11-03 08:37:22 -04:00
Nick Mathewson
e94f1b4e0d Free rsa_ed_crosscert at exit.
Fixes bug 17779; bugfix on 0.2.7.2-alpha.
2016-11-03 08:37:21 -04:00
teor
8f465808a0
Check for getpagesize before using it to mmap files
This fixes compilation in some MinGW environments.

Fixes bug 20530; bugfix on commit bf72878 in tor-0.1.2.1-alpha.
Reported by "ice".
2016-11-03 08:44:57 +11:00
teor
1747f28861
Check every hidden service directory's permissions when configuring
Previously, we would only check the last hidden service directory.

Fixes #20529, bugfix on ticket 13942 commit 85bfad1 in 0.2.6.2-alpha.
2016-11-02 14:32:04 +11:00
Roger Dingledine
d89804a69d Ask event_base_loop to finish when we add a pending stream
Fixes bug 19969; bugfix on b1d56fc58. We can fix this some more in
later Tors, but for now, this is probably the right fix for us.
2016-11-01 19:52:55 -04:00
Nick Mathewson
cb35a7c271 Merge branch 'maint-0.2.9' 2016-11-01 13:05:45 -04:00
Nick Mathewson
733b245283 Merge remote-tracking branch 'teor/bug20472-029-v2' into maint-0.2.9 2016-11-01 13:05:33 -04:00
Nick Mathewson
db67867a81 Merge remote-tracking branch 'pastly/ticket20486' 2016-11-01 12:55:14 -04:00
Nick Mathewson
e6d84ac04f Merge branch 'maint-0.2.9' 2016-11-01 12:49:13 -04:00
Nick Mathewson
9248466f0a Merge branch 'bug20487_029' into maint-0.2.9 2016-11-01 12:44:20 -04:00
Matt Traudt
d8d6d8c206 Update man page that HS directory does not need to exist 2016-11-01 12:32:50 -04:00
Nick Mathewson
68a27dad43 Merge branch 'maint-0.2.9' 2016-10-31 16:33:12 -04:00
Nick Mathewson
e712b5d784 Merge branch 'bug19968_029' into maint-0.2.9 2016-10-31 16:33:03 -04:00
Nick Mathewson
59a78187cd Merge branch 'maint-0.2.9' 2016-10-31 15:20:45 -04:00
Nick Mathewson
24b7b922ae Actually free the worker_state_t object when we do an update with it
Previously we freed the old "keys" object, but leaked the
worker_state_t that we had taken it from.

Fixes bug 20401; bugfix on 0.2.6.3-alpha.
2016-10-31 15:20:25 -04:00
Nick Mathewson
b858452f94 Add a sentence to the manpage about nonanonymous=>Socksport 0.
Closes 20487.
2016-10-31 15:13:27 -04:00
Nick Mathewson
d73c671d6d policy_is_reject_star():
ome policies are default-reject, some default-accept.  But
policy_is_reject_star() assumed they were all default_reject.  Fix
that!

Also, document that policy_is_reject_star() treats a NULL policy as
empty. This allows us to simplify the checks in
parse_reachable_addresses() by quite a bit.

Fxes bug 20306; bugfix on 0.2.8.2-alpha.
2016-10-31 15:05:56 -04:00
Nick Mathewson
8841a9e396 Create single-onion-service directory before poisoning it, if needed
(Also, refactor the code to create a hidden service directory into a
separate funcion, so we don't have to duplicate it.)

Fixes bug 20484; bugfix on 0.2.9.3-alpha.
2016-10-31 14:54:20 -04:00
Nick Mathewson
becc957839 Actually clamp the number of detected CPUs to 16.
Previously we said we did, but didn't.

Fixes #19968; bugfix on 0.2.3.1-alpha.
2016-10-31 14:19:39 -04:00
teor
26d7a07ad7
In circuit_pick_extend_handshake, assume all hops support EXTEND2 and ntor
This simplifies the function: if we have an ntor key, use ntor/EXTEND2,
otherwise, use TAP/EXTEND.

Bugfix on commit 10aa913 from 19163 in 0.2.9.3-alpha.
2016-10-31 17:01:04 +11:00
overcaffeinated
b8b8b6b70e Add implementation of smartlist_add_strdup
Add smartlist_add_strdup(sl, string) - replaces the use of
smartlist_add(sl, tor_strdup(string)). Fixes bug 20048.
2016-10-27 10:12:28 +01:00
Matt Traudt
6629c5c3fe Add historic bwweight tests, comments, line len fixes 2016-10-26 16:37:16 -04:00
Matt Traudt
7ba0ae9426 Add consensus weight calculation tests 2016-10-26 16:37:16 -04:00
Matt Traudt
909ee0e55f Fix default bw weights with new consensus method
See #14881
2016-10-26 16:33:54 -04:00
Nick Mathewson
39375db3dc Merge remote-tracking branch 'pastly/ticket20459' 2016-10-26 16:22:06 -04:00
Nick Mathewson
5a1779b7ff Merge branch 'maint-0.2.9' 2016-10-26 14:17:21 -04:00
Nick Mathewson
d288704023 Avoid tor_fragile_assert() failure with DNSPort on RESOLVED_TYPE_ERROR
The tor_fragile_assert() bug has existed here since c8a5e2d588
in tor-0.2.1.7-alpha forever, but tor_fragile_assert() was mostly a
no-op until 0.2.9.1-alpha.

Fixes bug 19869.
2016-10-26 14:16:40 -04:00
Matt Traudt
c09993fdf6 Fix ewma_cmp_cmux never considering policies different 2016-10-25 10:07:05 -04:00
Nick Mathewson
01482e30ad Merge remote-tracking branch 'pastly/ticket20273' 2016-10-24 12:47:29 -04:00
David Goulet
59247314d5 man: Fix default value of AuthDirGuardBWGuarantee to 2MB
Closes #20435

Signed-off-by: David Goulet <dgoulet@torproject.org>
2016-10-23 10:59:55 -04:00
Nick Mathewson
7010e85939 changes file for 20389 2016-10-19 18:07:02 -04:00
Nick Mathewson
df387b94e8 Merge remote-tracking branch 'chelseakomlo/master' 2016-10-19 17:17:12 -04:00
Nick Mathewson
12cf73c451 Merge remote-tracking branch 'andrea/ticket19858_v2'
Conflict in entrynodes.c: any_bridge_supports_microdescriptors was
removed in master, and modified in 19858_v2
2016-10-19 17:11:47 -04:00
Nick Mathewson
ec4142abdf Unify code in channel_write_*cell()
Patch from pingl; patch for 13827.
2016-10-19 17:07:23 -04:00
Nick Mathewson
87e4b9259a Merge remote-tracking branch 'arma/bug6769' 2016-10-19 17:04:44 -04:00
Chelsea H. Komlo
471b0c5175
Refactor purpose_needs_anonymity to use switch statement 2016-10-19 12:25:50 -05:00
Chelsea H. Komlo
195ccce94e
Refactor to use purpose_needs_anonymity and remove is_sensitive_dir_purpose 2016-10-18 18:40:50 -05:00
Nick Mathewson
9a3adb07c4 changes file for module docs 2016-10-18 19:35:10 -04:00
Nick Mathewson
52b2b2c82f Fold 20384 into changelog 2016-10-17 14:55:05 -04:00
Nick Mathewson
1a74881063 Merge branch 'maint-0.2.8' 2016-10-17 14:51:45 -04:00
Nick Mathewson
1df114330e Merge branch 'buf_sentinel_026_v2' into maint-0.2.8 2016-10-17 14:51:06 -04:00
Nick Mathewson
3cea86eb2f Add a one-word sentinel value of 0x0 at the end of each buf_t chunk
This helps protect against bugs where any part of a buf_t's memory
is passed to a function that expects a NUL-terminated input.

It also closes TROVE-2016-10-001 (aka bug 20384).
2016-10-17 14:49:54 -04:00
Nick Mathewson
20e9220d3d Start on an 0.2.9.4-alpha changelog 2016-10-17 10:57:50 -04:00
Nick Mathewson
efe6fc8b03 changes file for module docs 2016-10-17 10:18:45 -04:00
Nick Mathewson
af70e43131 Merge remote-tracking branch 'public/spaces_in_unix_addrs' 2016-10-14 10:21:41 -04:00
Nick Mathewson
d2ab58c48d Merge branch 'bug18357_v2' 2016-10-14 09:10:34 -04:00
Nick Mathewson
d25fed5174 Merge remote-tracking branch 'yawning-schwanenlied/bug20261' 2016-10-11 11:08:20 -04:00
paolo.ingls@gmail.com
ab78a4df93 torrc parsing b0rks on carriage-return
(Specifically, carriage return after a quoted value in a config
line. Fixes bug 19167; bugfix on 0.2.0.16-alpha when we introduced
support for quoted values. Unit tests, changes file, and this
parenthetical by nickm.)
2016-10-11 09:25:22 -04:00
Nick Mathewson
3328658728 Merge remote-tracking branch 'asn/bug19223' 2016-10-11 08:48:39 -04:00
George Kadianakis
e59f0d4cb9 Fix non-triggerable heap corruption at do_getpass(). 2016-10-10 12:03:39 -04:00
Nick Mathewson
850ec1e282 Stop implying that we support openssl 1.0.0; we don't.
Closes ticket 20303.

The LIBRESSL_VERSION_NUMBER check is needed because if our openssl
is really libressl, it will have an openssl version number we can't
really believe.
2016-10-06 12:58:49 -04:00
Nick Mathewson
7410adb330 Merge branch 'maint-0.2.8' 2016-10-06 09:59:49 -04:00
Nick Mathewson
ab98c4387e Merge branch 'maint-0.2.7' into maint-0.2.8 2016-10-06 09:59:42 -04:00
Nick Mathewson
ec718aa839 Merge branch 'maint-0.2.6' into maint-0.2.7 2016-10-06 09:59:18 -04:00
Nick Mathewson
12a7298376 Merge branch 'maint-0.2.5' into maint-0.2.6 2016-10-06 09:59:03 -04:00
Nick Mathewson
304d8f3bbb Merge branch 'maint-0.2.4' into maint-0.2.5 2016-10-06 09:58:54 -04:00
Nick Mathewson
6055bba8cc Only use -levent when checking functions if we will use it to link.
Fixes 19904; bugfix on b62abf9f21499ab; patch from Rubiate.
2016-10-06 09:16:21 -04:00
Nick Mathewson
785176e975 Clean up and fix exit policy check in connection_exit_connect().
Previously, we would reject even rendezvous connections to IPv6
addresses when IPv6Exit was false.  But that doesn't make sense; we
don't count that as "exit"ing.  I've corrected the logic and tried
to make it a lottle more clear.

Fixes bug 18357; this code has been wrong since 9016d9e829 in
0.2.4.7-alpha.
2016-10-05 12:44:53 -04:00
Karsten Loesing
1b4984f196 Update geoip and geoip6 to the October 6 2016 database. 2016-10-05 16:35:14 +02:00
Nick Mathewson
05aed5b635 Allow a unix: address to contain a C-style quoted string.
Feature 18753 -- all this to allow spaces.
2016-10-04 15:43:20 -04:00
Matt Traudt
5503eec3aa Change some dirvote.c comments to reflect reality 2016-10-03 20:43:50 -04:00
Nick Mathewson
a49fb1e2e5 Teach 'make tags' about MOCK_IMPL.
Patch from nherring; closes ticket 16869
2016-10-03 13:58:09 -04:00
cypherpunks
3b2f012e28 Avoid reordering IPv6 interface addresses
When deleting unsuitable addresses in get_interface_address6_list(), to
avoid reordering IPv6 interface addresses and keep the order returned by
the OS, use SMARTLIST_DEL_CURRENT_KEEPORDER() instead of
SMARTLIST_DEL_CURRENT().

This issue was reported by René Mayrhofer.

[Closes ticket 20163; changes file written by teor. This paragraph
added by nickm]
2016-10-03 13:50:27 -04:00
Paolo Inglese
ae4077916c Fix parse_virtual_addr_network minimum network size 2016-10-03 12:18:51 +01:00
Roger Dingledine
782b6ec288 Bridges and relays now use microdescriptors
(like clients do) rather than old-style router descriptors. Now bridges
will blend in with clients in terms of the circuits they build.

Fixes bug 6769; bugfix on 0.2.3.2-alpha.
2016-10-02 01:12:27 -04:00
Roger Dingledine
bfaded9143 Bridge-using clients now use their cached microdesc consensus
Clients that use bridges were ignoring their cached microdesc-flavor
consensus files, because they only thought they should use the microdesc
flavor once they had a known-working bridge that could offer microdescs,
and at first boot no bridges are known-working.

This bug caused bridge-using clients to download a new microdesc consensus
on each startup.

Fixes bug 20269; bugfix on 0.2.3.12-alpha.
2016-10-01 16:34:17 -04:00
Yawning Angel
847e001d28 Bug 20261: Disable IsolateClientAddr on AF_LOCAL SocksPorts.
The client addr is essentially meaningless in this context (yes, it is
possible to explicitly `bind()` AF_LOCAL client side sockets to a path,
but no one does it, and there are better ways to grant that sort of
feature if people want it like using `SO_PASSCRED`).
2016-09-30 18:43:31 +00:00
Nick Mathewson
ed5d2daba1 Merge remote-tracking branch 'public/ticket20001_v2' 2016-09-26 11:01:10 -07:00
Nick Mathewson
97337844b7 Merge branch 'protover_v2_squashed' 2016-09-26 11:00:08 -07:00
Nick Mathewson
78c07eeee1 Changes file for prop264 / ticket 19958. 2016-09-26 10:56:52 -07:00
Andrea Shepard
8b4d961f08 Changes file for ticket 19858 2016-09-25 02:13:02 +00:00
Nick Mathewson
a633baf632 Merge branch 'osx_sierra_028' 2016-09-24 13:33:09 -07:00
Nick Mathewson
39f51dfae3 changes file for osx sierra fixes 2016-09-24 13:29:20 -07:00
Nick Mathewson
eaf5950682 Remove changes files that we have folded in 2016-09-23 11:16:20 -04:00
Nick Mathewson
6a01164538 Merge branch 'maint-0.2.8' 2016-09-23 09:30:56 -04:00
Nick Mathewson
db6153e70c Merge remote-tracking branch 'teor/broken-028-fallbacks' into maint-0.2.8 2016-09-23 09:29:55 -04:00
Nick Mathewson
94989fdebb remove changes files that are also in 0.2.8.8 2016-09-22 18:14:29 -04:00
Nick Mathewson
077f6a4888 Merge branch 'maint-0.2.8' 2016-09-22 15:20:31 -04:00
Nick Mathewson
d78711c0ae LintChanges fix 2016-09-22 15:19:59 -04:00
Nick Mathewson
6e96eababe Merge branch 'bug20203_027_squashed' into maint-0.2.8 2016-09-22 15:17:00 -04:00
Nick Mathewson
e4aaf76660 When clearing cells from a circuit for OOM reasons, tell cmux we did so.
Not telling the cmux would sometimes cause an assertion failure in
relay.c when we tried to get an active circuit and found an "active"
circuit with no cells.

Additionally, replace that assert with a test and a log message.

Fix for bug 20203. This is actually probably a bugfix on
0.2.8.1-alpha, specifically my code in 8b4e5b7ee9 where I
made circuit_mark_for_close_() do less in order to simplify our call
graph. Thanks to "cypherpunks" for help diagnosing.
2016-09-22 15:16:07 -04:00
Nick Mathewson
6deeedb5e0 Merge branch 'maint-0.2.8' 2016-09-22 09:00:37 -04:00
Nick Mathewson
1edea87c2a Fix lintchanges warnings in 028 2016-09-22 09:00:16 -04:00
Nick Mathewson
20ce9f23dc Fix warnings from lintChanges.py 2016-09-22 08:48:05 -04:00
teor
df7b0011e3
Changes file for #20190: remove broken fallbacks 2016-09-22 08:08:59 +10:00
Nick Mathewson
62ee4f185f Merge branch 'maint-0.2.8' 2016-09-20 19:30:45 -04:00
Nick Mathewson
9b5a19c64b Don't look at any routerstatus_t when the networkstatus is inconsistent
For a brief moment in networkstatus_set_current_consensus(), the old
consensus has been freed, but the node_t objects still have dead
pointers to the routerstatus_t objects within it.  During that
interval, we absolutely must not do anything that would cause Tor to
look at those dangling pointers.

Unfortunately, calling the (badly labeled!) current_consensus macro
or anything else that calls into we_use_microdescriptors_for_circuits(),
can make us look at the nodelist.

The fix is to make sure we identify the main consensus flavor
_outside_ the danger zone, and to make the danger zone much much
smaller.

Fixes bug 20103.  This bug has been implicitly present for AGES; we
just got lucky for a very long time.  It became a crash bug in
0.2.8.2-alpha when we merged 35bbf2e4a4 to make
find_dl_schedule start looking at the consensus, and 4460feaf28
which made node_get_all_orports less (accidentally) tolerant of
nodes with a valid ri pointer but dangling rs pointer.
2016-09-20 10:43:58 -04:00
Nick Mathewson
144bd86570 Merge remote-tracking branch 'teor/bug20117' 2016-09-19 14:21:12 -04:00
Nick Mathewson
b88f918227 Remove an extraneous parenthesis in IF_BUG_OHNCE__
Fixes bug 20141; bugfix on 0.2.9.1-alpha.

Patch from Gisle Vanem.
2016-09-14 10:53:49 -04:00
Nick Mathewson
8b7922b282 Merge remote-tracking branch 'teor/feature20072' 2016-09-14 10:18:41 -04:00
Nick Mathewson
4f4e995d42 Merge branch 'bug20081' 2016-09-14 10:17:04 -04:00
teor
16085a8421
Add some chutney single onion networks to make test-network-all
This requires a recent version of chutney, with the single onion
network flavours (git c72a652 or later).

Closes ticket #20072.
2016-09-14 12:17:10 +10:00
Nick Mathewson
b488bd54ba Merge remote-tracking branch 'public/bug20063' 2016-09-13 11:25:59 -04:00
Nick Mathewson
9f0cb5af15 Merge branch 'feature-17178-v7-squashed-v2' 2016-09-13 10:20:08 -04:00
teor
f311c9ffa2 Replace OnionService* with HiddenService* in option names
And make consequential line-length adjustments.
2016-09-13 10:13:57 -04:00
teor
41f96078c2 Refactor UseEntryNodes so the original configured value is preserved
Parse the value to UseEntryNodes_option, then set UseEntryNodes before
validating options.

This way, Authorities, Tor2web, and Single Onion Services don't write
spurious "UseEntryNodes 0" lines to their configs. Document the fact that
these tor configurations ignore UseEntryNodes in the manual page.

Also reorder options validation so we modify UseEntryNodes first, then
check its value against EntryNodes.

And silence a warning about disabled UseEntryNodes for hidden services
when we're actually in non-anonymous single onion service mode.
2016-09-13 10:13:56 -04:00
teor
0285f4f34d Use CircuitBuildTimeout whenever circuit_build_times_disabled is true
Previously, we checked LearnCircuitBuildTimeout directly.

Fixes bug #20073 in commit 5b0b51ca3 on tor 0.2.4.12-alpha.
2016-09-13 10:13:56 -04:00
teor
e5ad00330c Make Tor2web work with ReachableAddresses and CRN_DIRECT_CONN
The changes in #19973 fixed ReachableAddresses being applied
too broadly, but they also broke Tor2web (somewhat unintentional)
compatibility with ReachableAddresses.

This patch restores that functionality, which makes intro and
rend point selection is consistent between Tor2web and Single Onion
Services.
2016-09-13 10:13:55 -04:00
teor (Tim Wilson-Brown)
b560f852f2 Implement Prop #260: Single Onion Services
Add experimental OnionServiceSingleHopMode and
OnionServiceNonAnonymousMode options. When both are set to 1, every
hidden service on a tor instance becomes a non-anonymous Single Onion
Service. Single Onions make one-hop (direct) connections to their
introduction and renzedvous points. One-hop circuits make Single Onion
servers easily locatable, but clients remain location-anonymous.
This is compatible with the existing hidden service implementation, and
works on the current tor network without any changes to older relays or
clients.

Implements proposal #260, completes ticket #17178. Patch by teor & asn.

squash! fixup! fixup! fixup! fixup! fixup! fixup! fixup! fixup! fixup! fixup! fixup! fixup! fixup! Implement Prop #260: Single Onion Services

Redesign single onion service poisoning.

When in OnionServiceSingleHopMode, each hidden service key is poisoned
(marked as non-anonymous) on creation by creating a poison file in the
hidden service directory.

Existing keys are considered non-anonymous if this file exists, and
anonymous if it does not.

Tor refuses to launch in OnionServiceSingleHopMode if any existing keys
are anonymous. Similarly, it refuses to launch in anonymous client mode
if any existing keys are non-anonymous.

Rewrite the unit tests to match and be more comprehensive.
Adds a bonus unit test for rend_service_load_all_keys().
2016-09-13 10:10:54 -04:00
Nick Mathewson
08d2d7c404 prop272: Believe that all routers are Valid and Running.
(We check consensus method when deciding whether to assume a node is
valid.  No need to check the consensus method for Running, since
we will never see a method before 13.)

Closes ticket 20001

g
2016-09-13 09:29:22 -04:00
Nick Mathewson
20c4b01694 Make preferred_chunk_size avoid overflow, handle big inputs better
Also, add tests for the function.

Closes 20081; bugfix on 0.2.0.16-alpha. This is a Guido Vranken
issue. Thanks, Guido!
2016-09-13 09:07:12 -04:00
Nick Mathewson
4b182dfc23 Merge remote-tracking branch 'public/ticket19998' 2016-09-13 08:54:43 -04:00
Nick Mathewson
9d84a6d998 changes file for 19767 2016-09-11 16:53:37 -04:00
teor
42a74f707c
Document the default PathsNeededToBuildCircuits value
... when the directory authorities don't set min_paths_for_circs_pct.

Fixes bug 20117; bugfix on 02c320916e in tor-0.2.4.10-alpha.
Reported by Jesse V.
2016-09-09 11:20:20 +10:00
Nick Mathewson
3269307daf Treat all nonfatal assertion failures as unit test failures.
Part of 19999.
2016-09-08 13:27:30 -04:00
Nick Mathewson
fe9cfeba6e Fix libevent linking on openbsd.
Closes ticket 19902; bugfix on 0.2.9.1-alpha; patch from rubiate
2016-09-08 10:09:34 -04:00
Nick Mathewson
f3cda3272a Disable -Wthread-safety.
See changes file; closes ticket 20110.
2016-09-08 09:37:40 -04:00
Nick Mathewson
08d1ac4f2a Patch from rubiate: disable openbsd memory protections in test-memwipe
Test-memwipe is *supposed* to invoke undefined behavior, alas.

Closes 20066.
2016-09-08 09:00:24 -04:00
Nick Mathewson
f028434a5f Merge branch 'maint-0.2.8' 2016-09-07 13:54:21 -04:00
Nick Mathewson
6494f3346b Merge branch 'maint-0.2.7' into maint-0.2.8 2016-09-07 13:54:12 -04:00
Nick Mathewson
11edbf4808 Merge branch 'maint-0.2.6' into maint-0.2.7 2016-09-07 13:54:03 -04:00
Nick Mathewson
52a99cb6c1 Merge branch 'maint-0.2.5' into maint-0.2.6 2016-09-07 13:53:53 -04:00
Nick Mathewson
e4d82da05b Merge branch 'maint-0.2.4' into maint-0.2.5 2016-09-07 13:53:43 -04:00
Nick Mathewson
e9b1d0619f Merge remote-tracking branch 'dgoulet/ticket18693_029_01' 2016-09-07 11:46:00 -04:00
Nick Mathewson
2a3b651790 Merge remote-tracking branch 'sebastian/bug20064' 2016-09-07 11:38:43 -04:00
Karsten Loesing
56f95ba94d Update geoip and geoip6 to the September 6 2016 database. 2016-09-07 11:08:04 +02:00
Nick Mathewson
2b39c927c7 Add !(...) to BUG() log messages
They use the same code as reporting assertion failures, so we should
invert the sense of what we're "asserting".

Fixes bug 20093.
2016-09-06 21:00:51 -04:00
Nick Mathewson
af58a89b86 Merge remote-tracking branch 'teor/bug20012' 2016-09-06 19:14:02 -04:00
Nick Mathewson
43092e21c1 Merge remote-tracking branch 'teor/feature20069' 2016-09-06 19:06:32 -04:00
Nick Mathewson
128f7ffbc0 Merge remote-tracking branch 'public/ticket20002' 2016-09-06 14:27:13 -04:00
Nick Mathewson
4e3f9c1f3a Merge remote-tracking branch 'pastly/ticket19122' 2016-09-06 11:56:46 -04:00
Matt Traudt
e90bd48c2f Change UID to Username in man page 2016-09-06 11:37:59 -04:00
teor
26b47f80dd
Add hs-ipv6 to the chutney IPv6 tests
Requires a recent version of chutney.

Also remove bridges+hs, as it's somewhat redundant.
2016-09-06 13:45:09 +10:00
Sebastian Hahn
74d710e7dc Give useful error if authority_signing_key doesn't exist 2016-09-06 00:14:20 +02:00
Sebastian Hahn
0d485fcfef Vote Exit correctly with DirAllowPrivateAddresses set
When allowing private addresses, mark Exits that only exit to private
locations as such. Fixes bug 20064; bugfix on 0.2.2.9-alpha.
2016-09-05 23:39:47 +02:00
Nick Mathewson
b9a43c8f43 For me, asan/ubsan require more syscalls.
Permit sched_yield() and sigaltstack() in the sandbox.

Closes ticket 20063
2016-09-05 14:25:58 -04:00
Nick Mathewson
c2d1356739 Change servers to never pick 3DES.
Closes ticket 19998.
2016-09-05 14:09:14 -04:00
Nick Mathewson
05c2db3f0b Changes file for log test improvements 2016-08-31 13:35:46 -04:00
Nick Mathewson
debe846cb8 Merge remote-tracking branch 'teor/bug19905' 2016-08-31 10:58:41 -04:00
Nick Mathewson
bbac9e1d0c Don't warn on unlink(bw_accounting) when errno == ENOENT
Patch from pastly; fixes bug 19964.
2016-08-31 10:57:09 -04:00
teor
b822c5891a
Fix the test network IPv6 check so it works on Linux 2016-08-31 15:22:34 +10:00
teor
0a3009bb85
Stop inadvertently upgrading client intro connections to ntor
Also stop logging the intro point details on error by default.

Fixes #20012, introduced with ntor in tor 0.2.4.8-alpha.
2016-08-31 15:10:58 +10:00
teor (Tim Wilson-Brown)
16386a8cd1
Count unix sockets when counting client listeners
Users can't run an anonymous client and non-anonymous single
onion service at the same time. We need to know whether we have
any client ports or sockets open to do this check.

When determining whether a client port (SOCKS, Trans, NATD, DNS)
is set, count unix sockets when counting client listeners. This
has no user-visible behaviour change, because these options are
set once and never read in the current tor codebase.

Don't count sockets when setting ControlPort_set, that's what
ControlSocket is for. (This will be reviewed in #19665.)

Don't count sockets when counting server listeners, because the code
that uses these options expects to count externally-visible ports.
(And it would change the behaviour of Tor.)
2016-08-31 13:41:31 +10:00
Nick Mathewson
bbaa7d09a0 Merge remote-tracking branch 'teor/reject-tap-v6' 2016-08-29 15:02:11 -04:00
David Goulet
f46ce6e3d8 test: Fix shared random unit test for big endian
Copying the integer 42 in a char buffer has a different representation
depending on the endianess of the system thus that unit test was failing on
big endian system.

This commit introduces a python script, like the one we have for SRV, that
computes a COMMIT/REVEAL from scratch so we can use it as a test vector for
our encoding unit tests.

With this, we use a random value of bytes instead of a number fixing the
endianess issue and making the whole test case more solid with an external
tool that builds the COMMIT and REVEAL according to the spec.

Fixes #19977

Signed-off-by: David Goulet <dgoulet@torproject.org>
2016-08-26 14:46:29 -04:00
Nick Mathewson
9b9fb63276 prop272: When voting, include no non-Valid relays in consensus
Implements ticket 20002, and part of proposal 272.
2016-08-26 14:14:34 -04:00
Nick Mathewson
90bcfa2274 changes file and docs for 18640. 2016-08-25 14:32:10 -04:00
teor (Tim Wilson-Brown)
41cc1f612b Parse *Port flags NoDNSRequest, NoOnionTraffic & OnionTrafficOnly
OnionTrafficOnly is equivalent to NoDNSRequest, NoIPv4Traffic,
and NoIPv6Traffic.

Add unit tests for parsing and checking option validity.
Add documentation for each flag to the man page.

Add changes file for all of #18693.

Parsing only: the flags do not change client behaviour (yet!)
2016-08-24 14:40:53 -04:00
Nick Mathewson
93731d6e37 Add last two entries (I hope) to 0292-alpha changelog 2016-08-24 10:57:47 -04:00
Nick Mathewson
5132905419 Merge branch 'maint-0.2.8' 2016-08-24 10:45:11 -04:00
Nick Mathewson
5280a700aa Changes file for bug19973 2016-08-24 10:34:00 -04:00
Nick Mathewson
297635f806 Merge branch 'maint-0.2.8' 2016-08-24 10:03:19 -04:00
Nick Mathewson
d3a975ea05 Merge branch 'maint-0.2.7' into maint-0.2.8 2016-08-24 10:02:52 -04:00
Nick Mathewson
f60da19211 Changes file for bifroest 2016-08-24 10:02:42 -04:00
teor (Tim Wilson-Brown)
10aa913acc
Client & HS ignore UseNTorHandshake, all non-HS handshakes use ntor
Rely on onion_populate_cpath to check that we're only using
TAP for the rare hidden service cases.

Check and log if handshakes only support TAP when they should support
ntor.
2016-08-24 11:02:00 +10:00
Nick Mathewson
8feb301413 Merge the rest of the changes into the 0.2.9.2-alpha changelog 2016-08-23 10:16:34 -04:00
Nick Mathewson
8fb49e4df2 fix 8625 description a little 2016-08-23 10:14:45 -04:00
Nick Mathewson
f009e1b32c Start 0.2.9.2-alpha changelog, fix some lintchanges issues 2016-08-23 10:13:13 -04:00
Nick Mathewson
6ca87e393b changes file for bug 17758 2016-08-23 10:00:54 -04:00
Nick Mathewson
bd45f7c668 Merge branch 'bug13953_squashed' 2016-08-23 09:22:04 -04:00
Nick Mathewson
62b239dd9c Merge branch 'maint-0.2.8' 2016-08-22 10:19:15 -04:00
Nick Mathewson
0ba05313d5 Do not pass NULL to log(%s) in dir_server_new.
This bug had existed since 0.2.4.7-alpha, but now that we have
FallbackDirs by default, it actually matters.

Fixes bug 19947; bugfix on 0.2.4.7-alpha or maybe 0.2.8.1-alpha.

Rubiate wrote the patch; teor wrote the changes file.
2016-08-22 01:22:19 -04:00
Nick Mathewson
675119d79a Changes file for deprecation features from #19820 2016-08-19 20:08:07 -04:00
Nick Mathewson
fdc2a91956 Merge remote-tracking branch 'public/bug19466' 2016-08-19 19:37:48 -04:00
Nick Mathewson
8f2f06c9b3 Merge branch 'maint-0.2.8' 2016-08-19 19:35:39 -04:00
Nick Mathewson
65cf5130ef Merge branch 'bug19903_028_v2' into maint-0.2.8 2016-08-19 19:35:26 -04:00
Nick Mathewson
49843c980a Avoid confusing GCC 4.2.1 by saying "int foo()... inline int foo() {...}"
Fixes bug 19903; bugfix on 0.2.8.1-alpha.
2016-08-19 19:34:39 -04:00
Nick Mathewson
5e571900b3 Fix a missing :: in an IPv6 addr in the documentation
Closes 19743.
2016-08-12 19:30:41 -04:00
Nick Mathewson
be820f41a3 Fix quite a few slow memory leaks in config.c
This bug was introduced in 8bbbbaf87b when we added a separate
or_options_free() function but didn't start using it everywhere.

Fixes bug 19466.
2016-08-12 18:47:35 -04:00
Nick Mathewson
7f145b54af Merge remote-tracking branch 'public/Fix_19450' 2016-08-12 16:11:28 -04:00
Nick Mathewson
14d58bbb4a Fix issue in 19168 changes file
This is an implementation-defined-behavior issue, not an
undefined-behavior issue.
2016-08-12 14:18:49 -04:00
cypherpunks
8d67c079b4 Fix integer overflows in the conversion tables 2016-08-12 14:18:01 -04:00
Nick Mathewson
06e82084d6 Merge remote-tracking branch 'andrea/bug8625_prod' 2016-08-12 12:44:06 -04:00
Nick Mathewson
a7e317927b Merge branch 'maint-0.2.8' 2016-08-12 10:27:23 -04:00
Nick Mathewson
459e5d705e Merge branch 'maint-0.2.7' into maint-0.2.8 2016-08-12 10:27:14 -04:00
Nick Mathewson
db372addc8 Merge branch 'maint-0.2.6' into maint-0.2.7 2016-08-12 10:27:08 -04:00
Nick Mathewson
742ff2cddb Merge branch 'maint-0.2.5' into maint-0.2.6 2016-08-12 10:27:01 -04:00
Nick Mathewson
46754d6081 Merge branch 'maint-0.2.4' into maint-0.2.5 2016-08-12 10:26:48 -04:00
Karsten Loesing
1410947351 Update geoip and geoip6 to the August 2 2016 database. 2016-08-12 11:53:38 +02:00
Nick Mathewson
e788c577f1 Only use evutil_secure_rng_add_bytes() when present.
OpenBSD removes this function, and now that Tor requires Libevent 2,
we should also support the OpenBSD Libevent 2.

Fixes bug 19904; bugfix on 0.2.5.4-alpha.
2016-08-11 20:37:18 -04:00
Nick Mathewson
60997a00e8 Fix a bug in the old-gcc version of ENABLE_GCC_WARNING
Fixes bug 19901; bugfix on 0.2.9.1-alpha.
2016-08-11 19:58:13 -04:00
Andrea Shepard
ab8679f2fd Changes file for bug 8625 2016-08-10 03:34:55 +00:00
Nick Mathewson
bbc9cbd958 changes file for 19450 2016-08-02 14:03:48 -04:00
Nick Mathewson
cbf3699b84 Start work on an 0.2.9.1-alpha changelog
(sort, fold, and reflow.)
2016-08-02 11:46:51 -04:00
Nick Mathewson
6f1a9e1d9b Remaining lintChanges fixes 2016-08-02 11:38:15 -04:00
Nick Mathewson
27e870cede Fix most lintChanges warnings
(Also remove changes/bug19530 since it was a bugfix on no released
version)
2016-08-02 11:32:08 -04:00
Nick Mathewson
679383fb07 Remove the changes files already merged in Tor 0.2.8.6 2016-08-02 11:18:29 -04:00
Nick Mathewson
f3575a45ce Merge branch 'maint-0.2.8' 2016-07-29 10:23:38 -04:00
teor (Tim Wilson-Brown)
1c4a2dd208 Remove a fallback that was on the hardcoded list, then opted-out
The fallback was added in 0.2.8.2-alpha.
2016-07-29 10:23:15 -04:00
Nick Mathewson
a8676b1ede Merge branch 'bug18902_squashed' 2016-07-28 06:59:03 -04:00
Nick Mathewson
f0488551e7 Merge branch 'bug19639_squashed' 2016-07-26 19:31:15 -04:00
teor (Tim Wilson-Brown)
64bf6b70a8 Check that extend_info_from_router is never called on a client 2016-07-26 19:31:05 -04:00
teor (Tim Wilson-Brown)
48d7dfb92f Changes file for feature 19116 2016-07-26 19:29:23 -04:00
Nick Mathewson
d70fac15ff Merge remote-tracking branch 'teor/bug19702' 2016-07-26 19:12:23 -04:00
Nick Mathewson
fb7f90c181 Tweaks on 19435 fix:
* Raise limit: 16k isn't all that high.
   * Don't log when limit exceded; log later on.
   * Say "over" when we log more than we say we log.
   * Add target version to changes file
2016-07-26 09:59:48 -04:00
Ivan Markin
77459b97aa Fix integer overflow in the rate-limiter (#19435). 2016-07-26 09:49:40 -04:00
Nick Mathewson
a31078a581 Merge branch 'maint-0.2.8' 2016-07-19 12:34:37 +02:00
Nick Mathewson
4d5b252f0f Merge branch 'maint-0.2.7' into maint-0.2.8 2016-07-19 12:34:27 +02:00
Nick Mathewson
4d70ed7be0 Merge branch 'maint-0.2.6' into maint-0.2.7 2016-07-19 12:32:14 +02:00
Nick Mathewson
210928f66a Merge branch 'maint-0.2.5' into maint-0.2.6 2016-07-19 12:31:54 +02:00
Nick Mathewson
d95c2809b3 Merge branch 'maint-0.2.4' into maint-0.2.5 2016-07-19 12:31:20 +02:00
Nick Mathewson
558f7d3701 Merge branch 'monotonic_v2_squashed' 2016-07-19 11:42:26 +02:00
Nick Mathewson
493142d91f Changes file for monotonic time branch. 2016-07-19 11:40:47 +02:00
Karsten Loesing
79939c6f11 Update geoip and geoip6 to the July 6 2016 database. 2016-07-18 08:40:22 +02:00
teor (Tim Wilson-Brown)
d8cd994ef6
Allow clients to retry HSDirs much faster in test networks 2016-07-18 13:25:15 +10:00
Nick Mathewson
c138c9a2be Merge branch 'maint-0.2.8' 2016-07-17 13:55:04 -04:00
Nick Mathewson
fbae15a856 Merge remote-tracking branch 'weasel/bug19660' into maint-0.2.8 2016-07-17 13:54:40 -04:00
Nick Mathewson
bec4e41f4b Fix warnings in test_util_formats.
Storing 255 into a char gives a warning when char is signed.

Fixes bug 19682; bugfix on 0.2.8.1-alpha, where these tests were added.
2016-07-17 13:51:45 -04:00
teor (Tim Wilson-Brown)
579a80d4ae
Clients avoid choosing nodes that can't do ntor
If we know a node's version, and it can't do ntor, consider it not running.
If we have a node's descriptor, and it doesn't have a valid ntor key,
consider it not running.

Refactor these checks so they're consistent between authorities and clients.
2016-07-15 09:55:49 +10:00
teor (Tim Wilson-Brown)
a76d528bec
Clients no longer download descriptors for relays without ntor 2016-07-15 09:55:49 +10:00
teor (Tim Wilson-Brown)
24e8bb2d83
Relays make sure their own descriptor has an ntor key 2016-07-15 09:55:49 +10:00
teor (Tim Wilson-Brown)
33da2abd05
Authorities reject descriptors without ntor keys
Before, they checked for version 0.2.4.18-rc or later, but this
would not catch relays without version lines, or buggy or malicious
relays missing an ntor key.
2016-07-15 09:55:49 +10:00
Nick Mathewson
9932544297 Merge branch 'maint-0.2.8' 2016-07-13 09:19:35 -04:00