aboutsummaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2021-03-15Clarify new intended strategy with TROVE-2021-001Nick Mathewson
We're going to disable this feature in all versions for now.
2021-03-15Merge branch 'bug40286_disable_min_035' into maint-0.3.5Nick Mathewson
2021-03-15Bump to 0.3.5.14Nick Mathewson
2021-03-12Remove maxmind license; add ipfire location database license (cc by-sa 4.0)Nick Mathewson
2021-03-12Use the right ticket number.Nick Mathewson
2021-03-12update geoip-2021-03-12 to mention provider transition.Nick Mathewson
2021-03-12Update geoip files to match ipfire location db, 2021/03/12.Nick Mathewson
2021-02-23Remove mallinfo() from codebaseDavid Goulet
Now deprecated in libc >= 2.33 Closes #40309 Signed-off-by: David Goulet <dgoulet@torproject.org>
2021-02-19Disable the dump_desc() function.Nick Mathewson
It can be called with strings that should have been length-delimited, but which in fact are not. This can cause a CPU-DoS bug or, in a worse case, a crash. Since this function isn't essential, the best solution for older Tors is to just turn it off. Fixes bug 40286; bugfix on 0.2.2.1-alpha when dump_desc() was introduced.
2021-02-03Bump to 0.3.5.13-dev.Nick Mathewson
2021-02-03Merge branch 'ticket40269_035_01' into maint-0.3.5David Goulet
2021-02-03Remove unused addr_port_set codeDavid Goulet
Signed-off-by: David Goulet <dgoulet@torproject.org>
2021-02-03Merge branch 'ticket40270_035_01' into maint-0.3.5David Goulet
2021-02-03node: Move reentry set to use a digestmap_tDavid Goulet
Any lookup now will be certain and not probabilistic as the bloomfilter. Closes #40269 Signed-off-by: David Goulet <dgoulet@torproject.org>
2021-02-03relay: Send back CONNECTION_REFUSED on reentryDavid Goulet
The TORPROTOCOL reason causes the client to close the circuit which is not what we want because other valid streams might be on it. Instead, CONNECTION_REFUSED will leave it open but will not allow more streams to be attached to it. The client then open a new circuit to the destination. Closes #40270 Signed-off-by: David Goulet <dgoulet@torproject.org>
2021-02-03relay: Double the size of the relay reentry setDavid Goulet
This is to minimize false positive and thus deny reentry to Exit connections that were in reality not re-entering. Helps with overall UX. Signed-off-by: David Goulet <dgoulet@torproject.org>
2021-02-03relay: Follow consensus parameter for network reentryDavid Goulet
Obey the "allow-network-reentry" consensus parameters in order to decide to allow it or not at the Exit. Closes #40268 Signed-off-by: David Goulet <dgoulet@torproject.org>
2021-01-29test: Add test for exits blocking reentry to the networkGeorge Kadianakis
Signed-off-by: David Goulet <dgoulet@torproject.org>
2021-01-29exit: Deny re-entry into the networkRoger Dingledine
Exit relays now reject exit attempts to known relay addresses + ORPort and also to authorities on the ORPort and DirPort. Closes #2667 Signed-off-by: David Goulet <dgoulet@torproject.org>
2021-01-29relay: Add bloomfiter of relay address + {OR|Dir}PortDavid Goulet
In order to deny re-entry in the network, we now keep a bloomfilter of relay ORPort + address and authorities ORPort + address and DirPort + address combinations. So when an Exit stream is handled, we deny anything connecting back into the network on the ORPorts for relays and on the ORPort+DirPort for the authorities. Related to #2667 Signed-off-by: David Goulet <dgoulet@torproject.org>
2021-01-28Merge branch 'tor-gitlab/mr/50' into maint-0.3.5David Goulet
2021-01-28Merge branch 'tor-gitlab/mr/239' into maint-0.3.5David Goulet
2021-01-28Merge branch 'tor-gitlab/mr/243' into maint-0.3.5David Goulet
2021-01-28Merge branch 'tor-gitlab/mr/254' into maint-0.3.5David Goulet
2021-01-28Merge remote-tracking branch 'tor-gitlab/mr/140' into maint-0.3.5David Goulet
2021-01-28Merge remote-tracking branch 'tor-gitlab/mr/186' into maint-0.3.5David Goulet
2021-01-28Bump to 0.3.5.13.Nick Mathewson
2021-01-21gitignore: don't ignore core directoryAlex Xu (Hello71)
otherwise src/core is ignored.
2021-01-21build: Add "make lsp" commandDavid Goulet
Generates the compile_commands.json file using the "bear" application so the ccls server can be more efficient with our code base. Closes #40227 Signed-off-by: David Goulet <dgoulet@torproject.org>
2021-01-19Merge remote-tracking branch 'tor-gitlab/mr/143' into maint-0.3.5Nick Mathewson
2021-01-19Merge remote-tracking branch 'tor-gitlab/mr/259' into maint-0.3.5Nick Mathewson
2021-01-13gitignore: Add Linux core file patternsDavid Goulet
Signed-off-by: David Goulet <dgoulet@torproject.org>
2021-01-13Better fix for #40241 (--enable-all-bugs-are-fatal and fallthrough)Nick Mathewson
This one should work on GCC _and_ on Clang. The previous version made Clang happier by not having unreachable "fallthrough" statements, but made GCC sad because GCC didn't think that the unconditional failures were really unconditional, and therefore _wanted_ a FALLTHROUGH. This patch adds a FALLTHROUGH_UNLESS_ALL_BUGS_ARE_FATAL macro that seems to please both GCC and Clang in this case: ordinarily it is a FALLTHROUGH, but when ALL_BUGS_ARE_FATAL is defined, it's an abort(). Fixes bug 40241 again. Bugfix on earlier fix for 40241, which was merged into maint-0.3.5 and forward, and released in 0.4.5.3-rc.
2021-01-12hs-v3: Require reasonably live consensusDavid Goulet
Some days before this commit, the network experienced a DDoS on the directory authorities that prevented them to generate a consensus for more than 5 hours straight. That in turn entirely disabled onion service v3, client and service side, due to the subsystem requiring a live consensus to function properly. We know require a reasonably live consensus which means that the HSv3 subsystem will to its job for using the best consensus tor can find. If the entire network is using an old consensus, than this should be alright. If the service happens to use a live consensus while a client is not, it should still work because the client will use the current SRV it sees which might be the previous SRV for the service for which it still publish descriptors for. If the service is using an old one and somehow can't get a new one while clients are on a new one, then reachability issues might arise. However, this is a situation we already have at the moment since the service will simply not work if it doesn't have a live consensus while a client has one. Fixes #40237 Signed-off-by: David Goulet <dgoulet@torproject.org>
2021-01-11Merge branch 'ticket40241_035' into maint-0.3.5Nick Mathewson
2021-01-11Fix warnings in current debian-hardened CI.Nick Mathewson
We're getting "fallback annotation annotation in unreachable code" warnings when we build with ALL_BUGS_ARE_FATAL. This patch fixes that. Fixes bug 40241. Bugfix on 0.3.5.4-alpha.
2020-12-17Fix Keccak undefined behavior on exotic platforms.George Kadianakis
Bug reported and diagnosed in: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=975977 Fixes bug #40210.
2020-12-14Socks5: handle truncated client requests correctlyNick Mathewson
Previously, our code would send back an error if the socks5 request parser said anything but DONE. But there are other non-error cases, like TRUNCATED: we shouldn't send back errors for them. This patch lowers the responsibility for setting the error message into the parsing code, since the actual type of the error message will depend on what problem was encountered. Fixes bug 40190; bugfix on 0.3.5.1-alpha.
2020-11-16Merge remote-tracking branch 'tor-gitlab/mr/195' into maint-0.3.5Nick Mathewson
2020-11-12Bump to 0.3.5.12-devNick Mathewson
2020-11-09Bump to 0.3.5.12Nick Mathewson
2020-11-09Merge remote-tracking branch 'tor-gitlab/mr/189' into maint-0.3.5Nick Mathewson
2020-11-05Handle a change in the implementation of hashlib in Python 3.9Nick Mathewson
Previously, hashlib.shake_256 was a class (if present); now it can also be a function. This change invalidated our old compatibility/workaround code, and made one of our tests fail. Fixes bug 40179; bugfix on 0.3.1.6-rc when the workaround code was added.
2020-10-28Fix a previously overstrict log message check.Nick Mathewson
OpenSSL doesn't seem to report error locations in the same way as before, which broke one of our tests. Fixes bug 40170; bugfix on 0.2.8.1-alpha.
2020-10-28Changes file for #40165 (openssl deprecation warnings)Nick Mathewson
2020-10-28Do not define OPENSSL_VERSION in compat_openssl.hNick Mathewson
Apparently it conflicts with definitions elsewhere in Openssl 3.0.0.
2020-10-28configure: disable OpenSSL deprecation warnings with OpenSSL >= 3Nick Mathewson
We can't do this in the C headers, since by the time we include `opensslv.h` in order to check the openssl version number, we will have included `openssl/macros.h`, which is the thing that checks whether we disabled deprecation warnings.
2020-10-28Include a more modest openssl header in crypto_openssl_mgt.hNick Mathewson
The "engines.h" header has lots of stuff; the "opensslv.h" header has the version number, which is all we actually need here. We need to do this because we're about to change this header to conditionally define OPENSSL_SUPPRESS_DEPRECATED, and it would be too late to do so if we'd already included "engines.h".
2020-10-14Implement proposal 318: Limit protovers to 0..63Nick Mathewson
In brief: we go through a lot of gymnastics to handle huge protover numbers, but after years of development we're not even close to 10 for any of our current versions. We also have a convenient workaround available in case we ever run out of protocols: if (for example) we someday need Link=64, we can just add Link2=0 or something. This patch is a minimal patch to change tor's behavior; it doesn't take advantage of the new restrictions. Implements #40133 and proposal 318.
2020-10-07Merge remote-tracking branch 'tor-github/pr/1827/head' into maint-0.3.5Nick Mathewson
7apu2bq3rhoylwmucxizk54afw5jyda7pho4j5zdcqpwkufke7zdzwad.onion