summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2016-12-01Stop ignoring hidden service key anonymity when first starting torteor
Instead, refuse to start tor if any hidden service key has been used in a different hidden service anonymity mode. Fixes bug 20638; bugfix on 17178 in 0.2.9.3-alpha; reported by ahf. The original single onion service poisoning code checked poisoning state in options_validate, and poisoned in options_act. This was problematic, because the global array of hidden services had not been populated in options_validate (and there were ordrering issues with hidden service directory creation). This patch fixes this issue in rend_service_check_dir_and_add, which: * creates the directory, or checks permissions on an existing directory, then * checks the poisoning state of the directory, then * poisons the directory. When validating, only the permissions checks and the poisoning state checks are perfomed (the directory is not modified).
2016-12-01Update unit tests for 20484, 20529teor
Add extra logging and extra validity checks for hidden services.
2016-11-18Refactor rend_service_check_dir_and_addteor
Make the function flatter, and prepare for #20559. No behaviour change.
2016-11-18Refactor duplicate code out of rend_config_servicesteor
Put that code in rend_service_check_dir_and_add. No behaviour change. This is a defence in depth measure against similar bugs to 20529.
2016-11-18Create HS directories in rend_config_services, then check before useteor
(We only create HS directories if we are acting on the config.) Log a BUG warning if the directories aren't present immediately before they are used, then fail.
2016-11-17Merge remote-tracking branch 'teor/bug20634_029' into maint-0.2.9Nick Mathewson
2016-11-16Changes file for bug 20634teor
2016-11-16fixup! Add expect_log_msg_containing_either3() and ↵teor
expect_log_msg_containing_either4() Fix typos: * extra '(' * use assert_log_predicate (without 3 or 4 at the end) Tidy whitespace. Wrap long lines.
2016-11-16Add all four error messages to test_address_get_if_addrs6_list_no_internal()Neel Chauhan
2016-11-16Add all four error messages to test_address_get_if_addrs6_list_internal()Neel Chauhan
2016-11-16Add expect_log_msg_containing_either3() and expect_log_msg_containing_either4()Neel Chauhan
2016-11-14Fix grammar in HiddenServiceSingleHopMode descriptionFabian Keil
2016-11-10Merge remote-tracking branch 'teor/bug20613' into maint-0.2.9Nick Mathewson
2016-11-09Stop logging single onion and Tor2web long-term one-hop circuitsteor
Single onion services and Tor2web deliberately create long-term one-hop circuits to their intro and rend points, respectively. These log messages are intended to diagnose issue 8387, which relates to circuits hanging around forever for no reason. Fixes bug 20613; bugfix on 0.2.9.1-alpha. Reported by "pastly".
2016-11-08In torrc.sample.in, note that bandwidth must be >=75 KB.Nick Mathewson
Queue a corresponding change for torrc.minimal.in. Closes ticket 20085.
2016-11-09Call get_options() once at the top of circuit_log_ancient_one_hop_circuits()teor
Refactoring, no behaviour change.
2016-11-08Merge remote-tracking branch 'public/bug20306_029' into maint-0.2.9Nick Mathewson
2016-11-08Use va_copy() in pure-windows version of tor_asprintf().Nick Mathewson
It's not okay to use the same varargs list twice, and apparently some windows build environments produce code here that would leave tor_asprintf() broken. Fix for bug 20560; bugfix on 0.2.2.11-alpha when tor_asprintf() was introduced.
2016-11-08Bump version to 0.2.9.5-alpha-devNick Mathewson
2016-11-08When using exponential backoff in test networks, use a lower exponentteor
Lower exponents mean that delays do not vary as much. This helps test networks bootstrap consistently. Bugfix on 20499.
2016-11-07bump version to 0.2.9.5-alphaNick Mathewson
2016-11-07Make new changes files pass lintchangesNick Mathewson
2016-11-07Merge remote-tracking branch 'teor/bug20484_029_v2' into maint-0.2.9Nick Mathewson
2016-11-07Fix another 20499-broken testNick Mathewson
2016-11-07Fix a unit test (broken by recent 20499 hacking)Nick Mathewson
2016-11-08Add onion_service_non_anonymous file to man pageteor
2016-11-07Merge branch 'bug20534_029_squashed' into maint-0.2.9Nick Mathewson
2016-11-07Reduce multiplier to 3, per teor's recommendation on #20534Nick Mathewson
(Three _is_ a good number for anonymity!)
2016-11-07Always increment delays by at least 1.Nick Mathewson
2016-11-07Avoid integer overflow in delay calculation.Nick Mathewson
2016-11-07Count HTTP 503 as a download failure.Nick Mathewson
Because as Teor puts it: "[Resetting on 503] is exactly what we don't want when relays are busy - imagine clients doing an automatic reset every time they DoS a relay..." Fixes bug 20593.
2016-11-07Adjust download schedules per teor's #20534 recommendataionsNick Mathewson
2016-11-07Merge branch 'maint-0.2.8' into maint-0.2.9Nick Mathewson
2016-11-07Merge branch 'maint-0.2.7' into maint-0.2.8Nick Mathewson
2016-11-07Merge branch 'maint-0.2.6' into maint-0.2.7Nick Mathewson
2016-11-07Merge branch 'maint-0.2.5' into maint-0.2.6Nick Mathewson
2016-11-07Merge branch 'maint-0.2.4' into maint-0.2.5Nick Mathewson
2016-11-07Merge branch '20499_part1_029_squashed', remote-tracking branches ↵Nick Mathewson
'teor/bug20591_029' and 'teor/bug20533_029' into maint-0.2.9
2016-11-07Allow infinitely long delays in exponential-backoff downloadsNick Mathewson
It's only safe to remove the failure limit (per 20536) if we are in fact waiting a bit longer each time we try to download. Fixes bug 20534; bugfix on 0.2.9.1-alpha.
2016-11-07Merge branch 'bug20588' into maint-0.2.9Nick Mathewson
2016-11-07Update geoip and geoip6 to the November 3 2016 database.Karsten Loesing
2016-11-08When downloading certificates, check for related failuresteor
If a consensus expires while we are waiting for certificates to download, stop waiting for certificates. If we stop waiting for certificates less than a minute after we started downloading them, do not consider the certificate download failure a separate failure. Fixes bug 20533; bugfix on commit e0204f21 in 0.2.0.9-alpha.
2016-11-07Ensure relays don't make multiple connections during bootstrapteor
Relays do not deliberately launch multiple attempts, so the impact of this bug should be minimal. This fix also defends against bugs like #20499. Bugfix on 0.2.8.1-alpha.
2016-11-06Always Use EVP_aes_*_ctr() with openssl 1.1Nick Mathewson
(OpenSSL 1.1 makes EVP_CIPHER_CTX opaque, _and_ adds acceleration for counter mode on more architectures. So it won't work if we try the older approach, and it might help if we try the newer one.) Fixes bug 20588.
2016-11-06Finish a sentence in a comment. Close 20576.Nick Mathewson
2016-11-06In test_tortls_classify_client_ciphers(), s/ECDH/ECDHE/Nick Mathewson
(We weren't actually using these ciphers; we were just requing that ciphers of that name existed.) Patch from rubiate. Fixes 20460
2016-11-06Do not apply 'max_failures' to random-exponential schedules.Nick Mathewson
Fixes bug 20536; bugfix on 0.2.9.1-alpha.
2016-11-06Change a BUG warning to be a warning, not an info.Nick Mathewson
2016-11-06Fix get_delay() code to avoid TIME_MAX overflow, not INT_MAX.Nick Mathewson
Fixes bug 20587; bugfix on 35bbf2e4a4e8ccb in 0.2.8.1-alpha.
2016-11-06Fix warnings from lintChanges.pyNick Mathewson
7apu2bq3rhoylwmucxizk54afw5jyda7pho4j5zdcqpwkufke7zdzwad.onion