aboutsummaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2015-06-09Update geoip to the June 3 2015 database.maint-0.2.3Karsten Loesing
2015-04-24Update geoip to the April 8 2015 database.Karsten Loesing
2015-03-09Update geoip to the March 3 2015 database.Karsten Loesing
2015-03-09Adjust changes headerNick Mathewson
2015-03-03Make the assert related to 15083 a tiny bit more tolerantNick Mathewson
2015-03-03Do not leave empty, invalid chunks in buffers during buf_pullupNick Mathewson
This fixes an assertion failure bug in 15083; bugfix on 0.2.0.10-alpha. Patch from 'cypherpunks'
2015-01-22Update geoip to the January 7 2015 database.Karsten Loesing
2014-11-24Update geoip to the November 15 2014 database.Karsten Loesing
2014-10-19Note that our #13426 fix is also a #13471 fix.Nick Mathewson
See also http://marc.info/?l=openssl-dev&m=141357408522028&w=2
2014-10-16Merge branch 'no_sslv3_023' into maint-0.2.3Nick Mathewson
2014-10-15Disable SSLv3 unconditionally. Closes ticket 13426.Nick Mathewson
The POODLE attack doesn't affect Tor, but there's no reason to tempt fate: SSLv3 isn't going to get any better.
2014-09-20gabelmoo's IPv4 address changedSebastian Hahn
2014-08-13Update geoip to the August 7 2014 database.Karsten Loesing
2014-07-18Update geoip to the July 10 2014 database.Karsten Loesing
2014-06-10Update geoip to the June 4 2014 database.Karsten Loesing
2014-05-01Downgrade bug 7164 warning to INFONick Mathewson
The 0.2.5.x warning is the one that might help us track this down; the warnings in stable are just annoying users over and over and over.
2014-04-30Merge remote-tracking branch 'public/bug10849_023_bruteforce' into maint-0.2.3Nick Mathewson
2014-04-29Stop leaking memory in error cases of md parsingNick Mathewson
When clearing a list of tokens, it's important to do token_clear() on them first, or else any keys they contain will leak. This didn't leak memory on any of the successful microdescriptor parsing paths, but it does leak on some failing paths when the failure happens during tokenization. Fixes bug 11618; bugfix on 0.2.2.6-alpha.
2014-04-25Forbid TunneledDirConns 0 and PreferTunneledDirConns 0 if being a HSNick Mathewson
Fixes bug 10849; bugfix on 0.2.1.1-alpha (I believe)
2014-04-16remove note about dannenberg; it has upgraded.Nick Mathewson
2014-04-16Update the authority signing key blacklistNick Mathewson
Now it only has dannenberg
2014-04-15Merge remote-tracking branch 'public/bug11519_023' into maint-0.2.3Nick Mathewson
2014-04-14Don't send uninitialized stack to the controller and say it's a date.Nick Mathewson
Fixes bug 11519, apparently bugfix on 0.2.3.11-alpha.
2014-04-14Merge branch 'bug11464_023_squashed' into maint-0.2.3Nick Mathewson
2014-04-14Tweak changes file and comment dates.Nick Mathewson
2014-04-14Fill in the list of blacklisted signing keys.Nick Mathewson
I used a list of certificate files from arma, and a little script, both at 11464.
2014-04-14Code to blacklist authority signing keysNick Mathewson
(I need a list of actual signing keys to blacklist.)
2014-02-25Fix geoip by falling back to registered countries.Karsten Loesing
See 1d2179bc900f1646a5491b65294e78b175e70056 in master for details. """ Fall back to registered country if necessary. When extracting geoip and geoip6 files from MaxMind's GeoLite2 Country database, we only look at country->iso_code which is the two-character ISO 3166-1 country code of the country where MaxMind believes the end user is located. But if MaxMind thinks a range belongs to anonymous proxies, they don't put anything there. Hence, we omit those ranges and resolve them all to '??'. That's not what we want. What we should do is first try country->iso_code, and if there's no such key, try registered_country->iso_code which is the country in which the ISP has registered the IP address. In short: let's fill all A1 entries with what ARIN et. al think. """
2014-02-15Merge remote-tracking branch 'karsten/geoip-feb2014' into maint-0.2.3Nick Mathewson
2014-02-08Update to the February 2014 GeoIP database.Karsten Loesing
2013-11-15Merge branch 'bug9093_023' into maint-0.2.3Nick Mathewson
2013-11-07Improved circuit queue out-of-memory handlerNick Mathewson
Previously, when we ran low on memory, we'd close whichever circuits had the most queued cells. Now, we close those that have the *oldest* queued cells, on the theory that those are most responsible for us running low on memory, and that those are the least likely to actually drain on their own if we wait a little longer. Based on analysis from a forthcoming paper by Jansen, Tschorsch, Johnson, and Scheuermann. Fixes bug 9093.
2013-10-11Merge remote-tracking branch 'origin/maint-0.2.2' into maint-0.2.3Nick Mathewson
2013-10-11Update to the October 2013 GeoIP database.maint-0.2.2Karsten Loesing
2013-10-10Fix unit test for format_helper_exit_statusNick Mathewson
Fix format_helper_exit_status to allow full HEX_ERRNO_SIZE answers, *and* increase the buffer length again.
2013-10-10Merge remote-tracking branch 'public/bug9928' into maint-0.2.3Nick Mathewson
2013-10-08Give credit to bug reporter for 9928Nick Mathewson
2013-10-08Raise buffer size, fix checks for format_exit_helper_status.Nick Mathewson
This is probably not an exploitable bug, since you would need to have errno be a large negative value in the unix pluggable-transport launcher case. Still, best avoided. Fixes bug 9928; bugfix on 0.2.3.18-rc.
2013-09-18Fix an assert when disabling ORPort with accounting disabled.Nick Mathewson
The problem was that the server_identity_key_is_set() function could return true under conditions where we don't really have an identity key -- specifically, where we used to have one, but we stopped being a server. This is a fix for 6979; bugfix on 0.2.2.18-alpha where we added that assertion to get_server_identity_key().
2013-09-16Merge remote-tracking branch 'origin/maint-0.2.2' into maint-0.2.3Nick Mathewson
2013-09-10Update to the September 2013 GeoIP database.Karsten Loesing
2013-09-04Merge branch 'bug9671_023' into maint-0.2.3Nick Mathewson
2013-09-04use !cbt_disabled in place of LearnCBT to avoid needless circsNick Mathewson
This would make us do testing circuits "even when cbt is disabled by consensus, or when we're a directory authority, or when we've failed to write cbt history to our state file lately." (Roger's words.) This is a fix for 9671 and an improvement in our fix for 5049. The original misbehavior was in 0.2.2.14-alpha; the incomplete fix was in 0.2.3.17-beta.
2013-08-25Merge remote-tracking branch 'public/bug9546_023_v2' into maint-0.2.3Nick Mathewson
2013-08-22Merge remote-tracking branch 'public/bug9564' into maint-0.2.3Nick Mathewson
2013-08-22Replace return with continue in update_consensus_networkstatus_downloadsNick Mathewson
Fix for bug 9564; bugfix on 0.2.3.14-alpha.
2013-08-21Make bridges send AUTH_CHALLENGE cellsNick Mathewson
The spec requires them to do so, and not doing so creates a situation where they can't send-test because relays won't extend to them because of the other part of bug 9546. Fixes bug 9546; bugfix on 0.2.3.6-alpha.
2013-08-21Send NETINFO on receiving a NETINFO if we have not yet sent one.Nick Mathewson
(Backport to Tor 0.2.3) Relays previously, when initiating a connection, would only send a NETINFO after sending an AUTHENTICATE. But bridges, when receiving a connection, would never send AUTH_CHALLENGE. So relays wouldn't AUTHENTICATE, and wouldn't NETINFO, and then bridges would be surprised to be receiving CREATE cells on a non-open circuit. Fixes bug 9546.
2013-08-12Merge remote-tracking branch 'origin/maint-0.2.2' into maint-0.2.3Nick Mathewson
2013-08-12Update to the August 2013 GeoIP database.Karsten Loesing
7apu2bq3rhoylwmucxizk54afw5jyda7pho4j5zdcqpwkufke7zdzwad.onion