aboutsummaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2023-01-12version: Bump version to 0.4.5.16-devTor CI Release
2023-01-12version: Bump version to 0.4.5.16Tor CI Release
2023-01-12fallbackdir: Update list generated on January 12, 2023Tor CI Release
2023-01-12Update geoip files to match ipfire location db, 2023/01/12.Tor CI Release
2023-01-12Merge branch 'ticket40730_045_01' into maint-0.4.5David Goulet
2023-01-11Merge branch 'tor-gitlab/mr/538' into maint-0.4.5David Goulet
2022-12-12socks: Make SafeSocks refuse SOCKS4 and accept SOCKS4aDavid Goulet
The logic was inverted. Introduced in commit 9155e08450fe7a609f8223202e8aa7dfbca20a6d. This was reported through our bug bounty program on H1. It fixes the TROVE-2022-002. Fixes #40730 Signed-off-by: David Goulet <dgoulet@torproject.org>
2022-12-06version: Bump version to 0.4.5.15-devTor CI Release
2022-12-06version: Bump version to 0.4.5.15Tor CI Release
2022-12-06fallbackdir: Update list generated on December 06, 2022Tor CI Release
2022-12-06Update geoip files to match ipfire location db, 2022/12/06.Tor CI Release
2022-12-06fallbackdir: Update files from latest 047 releaseDavid Goulet
We need the fallbackdir file to be the same so our release CI can generate a new list and apply it uniformly on all series. (Same as geoip) Signed-off-by: David Goulet <dgoulet@torproject.org>
2022-12-06geoip: Update files from latest 047 releaseDavid Goulet
We need all geoip files to be the same so our release CI can generate a new list and apply it uniformly on all series. Signed-off-by: David Goulet <dgoulet@torproject.org>
2022-11-29dirauth: rotate moria1 keys and portsRoger Dingledine
Rotate the relay identity key and v3 identity key for moria1. They have been online for more than a decade, there was a known potential compromise, and anyway refreshing keys periodically is good practice. Advertise new ports too, to avoid confusion. Closes ticket 40722.
2022-11-28changes: Add file for ticket 40674David Goulet
Signed-off-by: David Goulet <dgoulet@torproject.org>
2022-11-28dns: Make TTLs fuzzy at exit relaysRasmus Dahlberg
This change mitigates DNS-based website oracles by making the time that a domain name is cached uncertain (+- 4 minutes of what's measurable). Resolves TROVE-2021-009. Fixes #40674
2022-11-28Clip DNS TTL values once in event callbackRasmus Dahlberg
This change ensures that other parts of the code base always operate on the same clipped TTL values, notably without being aware of clipping.
2022-11-09build: fix -Wstrict-prototypes (Clang 16)Sam James
Clang 16 warns on -Wstrict-prototypes in preparation for C23 which can among other things, lead to some configure tests silently failing/returning the wrong result. Fixes this error: ``` -ignoreme: warning: a function declaration without a prototype is deprecated in all versions of C [-Wstrict-prototypes] +ignoreme: error: a function declaration without a prototype is deprecated in all versions of C [-Werror,-Wstrict-prototypes] main () ``` For more information, see LWN.net [0] or LLVM's Discourse [1], gentoo-dev@ [2], or the (new) c-std-porting mailing list [3]. [0] https://lwn.net/Articles/913505/ [1] https://discourse.llvm.org/t/configure-script-breakage-with-the-new-werror-implicit-function-declaration/65213 [2] https://archives.gentoo.org/gentoo-dev/message/dd9f2d3082b8b6f8dfbccb0639e6e240 [3] hosted at lists.linux.dev. Bug: https://bugs.gentoo.org/879747 Signed-off-by: Sam James <sam@gentoo.org> ---
2022-10-26Merge branch 'tor-gitlab/mr/631' into maint-0.4.5David Goulet
2022-10-26dirauth: Remove FaravaharDavid Goulet
Closes #40688 Signed-off-by: David Goulet <dgoulet@torproject.org>
2022-10-18dirauth: Change dizum IP addressDavid Goulet
Closes #40687 Signed-off-by: David Goulet <dgoulet@torproject.org>
2022-10-13Fix a completely wrong calculation in mach monotime_init_internal()Nick Mathewson
Bug 1: We were purporting to calculate milliseconds per tick, when we *should* have been computing ticks per millisecond. Bug 2: Instead of computing either one of those, we were _actually_ computing femtoseconds per tick. These two bugs covered for one another on x86 hardware, where 1 tick == 1 nanosecond. But on M1 OSX, 1 tick is about 41 nanoseconds, causing surprising results. Fixes bug 40684; bugfix on 0.3.3.1-alpha.
2022-08-12version: Bump version to 0.4.5.14-devTor CI Release
2022-08-12version: Bump version to 0.4.5.14tor-0.4.5.14Tor CI Release
2022-08-12geoip: Update geoip files with August 9th, 2022 databaseDavid Goulet
Fixes #40658 Signed-off-by: David Goulet <dgoulet@torproject.org>
2022-08-11version: Bump version to 0.4.5.13-devTor CI Release
2022-08-11version: Bump version to 0.4.5.13Tor CI Release
2022-08-11fallbackdir: Update list generated on August 11, 2022Tor CI Release
2022-08-11Update geoip files to match ipfire location db, 2022/08/11.Tor CI Release
2022-08-10fallbackdirs: Update list from maint-0.4.7David Goulet
Signed-off-by: David Goulet <dgoulet@torproject.org>
2022-08-10geoip: Update files from maint-0.4.7David Goulet
Signed-off-by: David Goulet <dgoulet@torproject.org>
2022-08-02Merge branch 'tor-gitlab/mr/608' into maint-0.4.5David Goulet
2022-08-02relay: Don't send DESTROY remote reason backward or forwardDavid Goulet
Fixes #40649 Signed-off-by: David Goulet <dgoulet@torproject.org>
2022-08-01conn: Notify btrack subsys on normal OR conn closeDavid Goulet
Fixes #40604 Signed-off-by: David Goulet <dgoulet@torproject.org>
2022-07-27Merge branch 'tor-gitlab/mr/605' into maint-0.4.5David Goulet
2022-07-27Fix a check, make a netflow padding function more safe.Nick Mathewson
Previously, `channelpadding_get_netflow_inactive_timeout_ms` would crash with an assertion failure if `low_timeout` was greater than `high_timeout`. That wasn't possible in practice because of checks in `channelpadding_update_padding_for_channel`, but it's better not to have a function whose correctness is this tricky to prove. Fixes #40645. Bugfix on 0.3.1.1-alpha.
2022-07-27relay: Use remote reason when sending back a DESTROYDavid Goulet
Fix from previous commit where a DESTROY cell is sent instead of a TRUNCATED. Related to #40623 Signed-off-by: David Goulet <dgoulet@torproject.org>
2022-07-26relay: Send DESTROY cell instead of TRUNCATED cellDavid Goulet
Note that with this commit, TRUNCATED cells won't be used anymore that is client and relays won't emit them. Fixes #40623 Signed-off-by: David Goulet <dgoulet@torproject.org>
2022-05-09Add changes entry to tor!575.Alexander Færøy
See: tpo/core/tor#40601.
2022-05-09sandbox: Permit rseq syscall as wellpmu-ipf
This was found to be necessary in conjunction with glibc 2.35 on Linux. Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
2022-04-14Merge branch 'tor-gitlab/mr/491' into maint-0.4.5David Goulet
2022-04-14Merge branch 'tor-gitlab/mr/497' into maint-0.4.5David Goulet
2022-03-28Merge branch 'tor-gitlab/mr/556' into maint-0.4.5David Goulet
2022-03-27Sandbox: Permit the clone3 system callNick Mathewson
Apparently glibc-2.34 uses clone3, when previously it just used clone. Closes ticket #40590.
2022-03-16Merge branch 'tor-gitlab/mr/533' into maint-0.4.5David Goulet
2022-03-10hs: Schedule mainloop event on dirinfo changeDavid Goulet
Due to a possible Guard subsystem recursion, when the HS client gets notified that the directory information has changed, it must run it in a seperate mainloop event to avoid such issue. See the ticket for more information on the recursion. This also fixes a fatal assert. Fixes #40579 Signed-off-by: David Goulet <dgoulet@torproject.org>
2022-03-08hs: Fix multiple port label on single metricDavid Goulet
Prometheus needs unique labels and so this bug was causing an onion service with multiple ports to have multiple "port=" label for the metrics requiring a port label. Fixes #40581 Signed-off-by: David Goulet <dgoulet@torproject.org>
2022-03-02connection_or_set_identity_digest(): handle zero ed_id betterNick Mathewson
It looks like our code actually assumes (by dereferencing it in a log call) that ed_id will _not_ be NULL, but rather will be a bunch of zero bytes. Refactor the code accordingly, and stop using NULL tests on ed_id.
2022-03-02Add a changes file for 40563.Nick Mathewson
2022-03-01connection_or_set_identity_digest: more defensive programmingNick Mathewson
We expect ed_id == NULL here to indicate "no ed id", but other parts of Tor sometimes use an all-0 ed_id. Here we detect that input and replace it with what's expected.