summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2011-02-23a blurb for 0.2.1.30tor-0.2.1.30Roger Dingledine
2011-02-22bump to 0.2.1.30Roger Dingledine
2011-02-22fold in last two changes filesRoger Dingledine
2011-02-22Merge branch 'maint-0.2.1' into release-0.2.1Roger Dingledine
2011-02-22Remove doc/spec/Makefile.in from list of generated filesNick Mathewson
2011-02-22Merge remote branch 'public/bug1859_021' into maint-0.2.1Nick Mathewson
2011-02-22Merge remote branch 'public/bug2402_nothing' into maint-0.2.1Nick Mathewson
2011-02-22fold in more changes filesRoger Dingledine
2011-02-22Merge branch 'maint-0.2.1' into release-0.2.1Roger Dingledine
2011-02-22changes file for removing torspec from the tarballRoger Dingledine
2011-02-22prefer https urlsRoger Dingledine
2011-02-21Remove specs from 0.2.1 branch: they have moved to a new repository.Nick Mathewson
2011-02-11Merge branch 'maint-0.2.1' into release-0.2.1Roger Dingledine
2011-02-11fold in changes files so farRoger Dingledine
2011-02-11Merge branch 'maint-0.2.1' into release-0.2.1Roger Dingledine
2011-02-10fix the other half of bug 1074Roger Dingledine
2011-02-10Make the DH parameter we use for TLS match the one from Apache's mod_sslNick Mathewson
Our regular DH parameters that we use for circuit and rendezvous crypto are unchanged. This is yet another small step on the path of protocol fingerprinting resistance. (Backport from 0.2.2's 5ed73e3807d90dd0a3)
2011-02-09Update documentation for PublishServerDescriptorRobert Ransom
2011-02-09Ignore and warn about "PublishServerDescriptor hidserv"Robert Ransom
Fixes #2408.
2011-02-07move the clause above the "if bw is too low" checkRoger Dingledine
2011-02-07dtrt when only relaybandwidthburst is setRoger Dingledine
fixes bug 2470
2011-02-07Update to the February 1 2011 Maxmind GeoLite Country database.Karsten Loesing
2011-01-26fix the links in the exit-list notice we give out to users.Andrew Lewman
2011-01-26Backport current tor-exit-notice to 0.2.1Nick Mathewson
2011-01-25Simplest fix to bug2402: do not include SVN versionsNick Mathewson
When we stopped using svn, 0.2.1.x lost the ability to notice its svn revision and report it in the version number. However, it kept looking at the micro-revision.i file... so if you switched to master, built tor, then switched to 0.2.1.x, you'd get a micro-revision.i file from master reported as an SVN tag. This patch takes out the "include the svn tag" logic entirely. Bugfix on 0.2.1.15-rc; fixes bug 2402.
2011-01-20Merge remote branch 'rransom/policy_summarize-assert' into maint-0.2.1Nick Mathewson
2011-01-20Fix bounds-checking in policy_summarizeRobert Ransom
Found by piebeer.
2011-01-19Oops; actually add the code to the last patch. :/Nick Mathewson
2011-01-19Fix two more SIZE_T_CEILING issuesNick Mathewson
This patch imposes (very long) limits on the length of a line in a directory document, and on the length of a certificate. I don't think it should actually be possible to overrun these remotely, since we already impose a maximum size on any directory object we're downloading, but a little defensive programming never hurt anybody. Roger emailed me that doorss reported these on IRC, but nobody seems to have put them on the bugtracker.
2011-01-18Merge branch 'maint-0.2.1' into release-0.2.1Roger Dingledine
2011-01-18be the winner, rewrite historyRoger Dingledine
2011-01-15Merge branch 'maint-0.2.1' into release-0.2.1tor-0.2.1.29Roger Dingledine
2011-01-150.2.1.29 changelog and blurbRoger Dingledine
2011-01-15final changelog cleanup. it'll do.Roger Dingledine
2011-01-15amend changelog for fixing --enable-openbsd-mallocRoger Dingledine
2011-01-15clean up changelog more, add blurbRoger Dingledine
2011-01-15start cleaning up 0.2.1.29 changelogRoger Dingledine
2011-01-15bump to 0.2.1.29Roger Dingledine
2011-01-15Merge branch 'maint-0.2.1' into release-0.2.1Roger Dingledine
2011-01-15Fix a couple of non-cleared key issues in hidden servicesNick Mathewson
we need to do more hunting, but this fixes the ones mentioned in 2385.
2011-01-15Zero out some more key data before freeing itNick Mathewson
Found by cypherpunks; fixes bug 2384.
2011-01-15Merge branch 'bug2352_obsize' into maint-0.2.1Nick Mathewson
2011-01-15Add missing check for hostname answer_len in dnsserv sizeNick Mathewson
This is checked elsewhere too, but let's be RFC-conformant.
2011-01-15Merge branch 'bug2332_part2' into maint-0.2.1Nick Mathewson
2011-01-15Merge branch 'bug2324_uncompress' into maint-0.2.1Nick Mathewson
2011-01-15clean up message; explain a magic number in a commentNick Mathewson
2011-01-15make the description of tolen_asserts more direNick Mathewson
We have a CVE # for this bug.
2011-01-15Fix a heap overflow found by debuger, and make it harder to make that ↵Nick Mathewson
mistake again Our public key functions assumed that they were always writing into a large enough buffer. In one case, they weren't. (Incorporates fixes from sebastian)
2011-01-15Always nul-terminate the result passed to evdns_server_add_ptr_replyNick Mathewson
In dnsserv_resolved(), we carefully made a nul-terminated copy of the answer in a PTR RESOLVED cell... then never used that nul-terminated copy. Ouch. Surprisingly this one isn't as huge a security problem as it could be. The only place where the input to dnsserv_resolved wasn't necessarily nul-terminated was when it was called indirectly from relay.c with the contents of a relay cell's payload. If the end of the payload was filled with junk, eventdns.c would take the strdup() of the name [This part is bad; we might crash there if the cell is in a bad part of the stack or the heap] and get a name of at least length 495[*]. eventdns.c then rejects any name of length over 255, so the bogus data would be neither transmitted nor altered. [*] If the name was less than 495 bytes long, the client wouldn't actually be reading off the end of the cell. Nonetheless this is a reasonably annoying bug. Better fix it. Found while looking at bug 2332, reported by doorss. Bugfix on 0.2.0.1-alpha.
2011-01-15catch another overlong malloc possibility. found by cypherpunksNick Mathewson
7apu2bq3rhoylwmucxizk54afw5jyda7pho4j5zdcqpwkufke7zdzwad.onion