tor - Transit encryption and privacy out of the box

Age	Commit message (Collapse)	Author
2017-02-07	Merge branch 'maint-0.2.4' into maint-0.2.5	Nick Mathewson

2017-02-07	Refine the memwipe() arguments check for 18089 a little more.	Nick Mathewson
	We still silently ignore memwipe(NULL, ch, 0); and memwipe(ptr, ch, 0); /* for ptr != NULL */ But we now assert on: memwipe(NULL, ch, 30);
2017-02-07	Make memwipe() do nothing when passed a NULL pointer or zero size	teor (Tim Wilson-Brown)
	Check size argument to memwipe() for underflow. Closes bug #18089. Reported by "gk", patch by "teor". Bugfix on 0.2.3.25 and 0.2.4.6-alpha (#7352), commit 49dd5ef3 on 7 Nov 2012.
2017-02-07	Merge branch 'maint-0.2.4' into maint-0.2.5	Nick Mathewson

2017-02-07	Fix out-of-bounds read in INTRODUCE2 client auth	John Brooks
	The length of auth_data from an INTRODUCE2 cell is checked when the auth_type is recognized (1 or 2), but not for any other non-zero auth_type. Later, auth_data is assumed to have at least REND_DESC_COOKIE_LEN bytes, leading to a client-triggered out of bounds read. Fixed by checking auth_len before comparing the descriptor cookie against known clients. Fixes #15823; bugfix on 0.2.1.6-alpha.
2017-01-11	Merge branch 'maint-0.2.4' into maint-0.2.5	Nick Mathewson

2017-01-04	Update geoip and geoip6 to the January 4 2017 database.	Karsten Loesing

2016-12-20	Add a one-word sentinel value of 0x0 at the end of each buf_t chunk	Nick Mathewson
	This helps protect against bugs where any part of a buf_t's memory is passed to a function that expects a NUL-terminated input.
2016-12-20	Merge branch 'maint-0.2.4' into maint-0.2.5	Nick Mathewson
	(ours merge -- there is a separate 0.2.5 patch for 20384.)
2016-12-20	Add a one-word sentinel value of 0x0 at the end of each buf_t chunk	Nick Mathewson
	This helps protect against bugs where any part of a buf_t's memory is passed to a function that expects a NUL-terminated input.
2016-12-20	Merge branch 'maint-0.2.4' into maint-0.2.5	Nick Mathewson

2016-12-18	Make log message warn about detected attempts to exploit 21018.	Nick Mathewson

2016-12-18	Fix parsing bug with unecognized token at EOS	Nick Mathewson
	In get_token(), we could read one byte past the end of the region. This is only a big problem in the case where the region itself is (a) potentially hostile, and (b) not explicitly nul-terminated. This patch fixes the underlying bug, and also makes sure that the one remaining case of not-NUL-terminated potentially hostile data gets NUL-terminated. Fix for bug 21018, TROVE-2016-12-002, and CVE-2016-1254
2016-12-09	Merge branch 'maint-0.2.4' into maint-0.2.5	Nick Mathewson

2016-12-09	Update geoip and geoip6 to the December 7 2016 database.	Karsten Loesing

2016-11-07	Merge branch 'maint-0.2.4' into maint-0.2.5	Nick Mathewson

2016-11-07	Update geoip and geoip6 to the November 3 2016 database.	Karsten Loesing

2016-10-06	Merge branch 'maint-0.2.4' into maint-0.2.5	Nick Mathewson

2016-10-05	Update geoip and geoip6 to the October 6 2016 database.	Karsten Loesing

2016-09-07	Merge branch 'maint-0.2.4' into maint-0.2.5	Nick Mathewson

2016-09-07	Update geoip and geoip6 to the September 6 2016 database.	Karsten Loesing

2016-08-12	Merge branch 'maint-0.2.4' into maint-0.2.5	Nick Mathewson

2016-08-12	Update geoip and geoip6 to the August 2 2016 database.	Karsten Loesing

2016-07-19	Merge branch 'maint-0.2.4' into maint-0.2.5	Nick Mathewson

2016-07-18	Update geoip and geoip6 to the July 6 2016 database.	Karsten Loesing

2016-07-05	Merge branch 'maint-0.2.4' into maint-0.2.5	Nick Mathewson

2016-07-05	whoops. changelog file for 19271.	Nick Mathewson

2016-07-05	Merge branch 'maint-0.2.4' into maint-0.2.5	Nick Mathewson

2016-07-03	Remove urras as a default trusted directory authority	Sebastian Hahn
	It had been a directory authority since 0.2.1.20.
2016-06-13	Merge branch 'maint-0.2.4' into maint-0.2.5	Nick Mathewson

2016-06-12	Update geoip and geoip6 to the June 7 2016 database.	Karsten Loesing

2016-05-09	Merge branch 'maint-0.2.4' into maint-0.2.5	Nick Mathewson

2016-05-09	Update geoip and geoip6 to the May 4 2016 database.	Karsten Loesing

2016-04-07	Merge branch 'maint-0.2.4' into maint-0.2.5	Nick Mathewson

2016-04-07	Update geoip and geoip6 to the April 5 2016 database.	Karsten Loesing

2016-03-09	Merge branch 'maint-0.2.4' into maint-0.2.5	Nick Mathewson

2016-03-04	Update geoip and geoip6 to the March 3 2016 database.	Karsten Loesing

2016-02-11	Merge branch 'maint-0.2.4' into maint-0.2.5	Nick Mathewson

2016-02-11	Merge branch 'bug18162_024' into maint-0.2.4	Nick Mathewson

2016-02-11	Make ensure_capacity a bit more pedantically correct	Nick Mathewson
	Issues noted by cypherpunks on #18162
2016-02-05	Merge branch 'maint-0.2.4' into maint-0.2.5	Nick Mathewson

2016-02-04	Update geoip and geoip6 to the February 2 2016 database.	Karsten Loesing

2016-01-27	avoid integer overflow in and around smartlist_ensure_capacity.	Nick Mathewson
	This closes bug 18162; bugfix on a45b1315909c9, which fixed a related issue long ago. In addition to the #18162 issues, this fixes a signed integer overflow in smarltist_add_all(), which is probably not so great either.
2016-01-07	Merge branch 'maint-0.2.4' into maint-0.2.5	Nick Mathewson
	Conflicts: src/or/config.c
2016-01-07	Update dannenberg's V3 authority identity fingerprint	teor (Tim Wilson-Brown)
	This new identity key was changed on 18 November 2015.
2016-01-07	Merge branch 'maint-0.2.4' into maint-0.2.5	Nick Mathewson

2016-01-07	Update geoip and geoip6 to the January 5 2016 database.	Karsten Loesing

2015-12-08	Merge branch 'maint-0.2.4' into maint-0.2.5	Nick Mathewson

2015-12-08	Merge branch 'bug17772_024' into maint-0.2.4	Nick Mathewson

2015-12-08	Ensure node is a guard candidate when picking a directory guard	Arlo Breault