summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2021-03-16Copy 0.3.5.14 changelog to releasenotestor-0.3.5.14Nick Mathewson
2021-03-15changelog updates from armaNick Mathewson
2021-03-15Changelog for 0.3.5.14.Nick Mathewson
2021-03-15Merge branch 'maint-0.3.5' into release-0.3.5Nick Mathewson
2021-03-15Merge branch 'bug40316_035_v2' into maint-0.3.5Nick Mathewson
2021-03-15Fix detection of point to insert signatures on a pending consensus.Nick Mathewson
We were looking for the first instance of "directory-signature " when instead the correct behavior is to look for the first instance of "directory-signature " at the start of a line. Unfortunately, this can be exploited as to crash authorities while they're voting. Fixes #40316; bugfix on 0.2.2.4-alpha. This is TROVE-2021-002, also tracked as CVE-2021-28090.
2021-03-15Merge branch 'maint-0.3.5' into release-0.3.5Nick Mathewson
2021-03-15Clarify new intended strategy with TROVE-2021-001Nick Mathewson
We're going to disable this feature in all versions for now.
2021-03-15Merge branch 'maint-0.3.5' into release-0.3.5Nick Mathewson
2021-03-15Merge branch 'bug40286_disable_min_035' into maint-0.3.5Nick Mathewson
2021-03-15Merge branch 'maint-0.3.5' into release-0.3.5Nick Mathewson
2021-03-15Bump to 0.3.5.14Nick Mathewson
2021-03-12Merge branch 'maint-0.3.5' into release-0.3.5Nick Mathewson
2021-03-12Remove maxmind license; add ipfire location database license (cc by-sa 4.0)Nick Mathewson
2021-03-12Use the right ticket number.Nick Mathewson
2021-03-12Merge branch 'maint-0.3.5' into release-0.3.5Nick Mathewson
2021-03-12update geoip-2021-03-12 to mention provider transition.Nick Mathewson
2021-03-12Update geoip files to match ipfire location db, 2021/03/12.Nick Mathewson
2021-03-01Merge branch 'maint-0.3.5' into release-0.3.5David Goulet
2021-02-23Remove mallinfo() from codebaseDavid Goulet
Now deprecated in libc >= 2.33 Closes #40309 Signed-off-by: David Goulet <dgoulet@torproject.org>
2021-02-19Disable the dump_desc() function.Nick Mathewson
It can be called with strings that should have been length-delimited, but which in fact are not. This can cause a CPU-DoS bug or, in a worse case, a crash. Since this function isn't essential, the best solution for older Tors is to just turn it off. Fixes bug 40286; bugfix on 0.2.2.1-alpha when dump_desc() was introduced.
2021-02-03Merge branch 'maint-0.3.5' into release-0.3.5Nick Mathewson
2021-02-03Bump to 0.3.5.13-dev.Nick Mathewson
2021-02-03copy changelog into releasenotesNick Mathewson
2021-02-03Fold in the entry for 2667tor-0.3.5.13Nick Mathewson
2021-02-03Merge branch 'maint-0.3.5' into release-0.3.5David Goulet
2021-02-03Merge branch 'ticket40269_035_01' into maint-0.3.5David Goulet
2021-02-03Remove unused addr_port_set codeDavid Goulet
Signed-off-by: David Goulet <dgoulet@torproject.org>
2021-02-03Merge branch 'maint-0.3.5' into release-0.3.5David Goulet
2021-02-03Merge branch 'ticket40270_035_01' into maint-0.3.5David Goulet
2021-02-03Merge branch 'maint-0.3.5' into release-0.3.5David Goulet
2021-02-03node: Move reentry set to use a digestmap_tDavid Goulet
Any lookup now will be certain and not probabilistic as the bloomfilter. Closes #40269 Signed-off-by: David Goulet <dgoulet@torproject.org>
2021-02-03relay: Send back CONNECTION_REFUSED on reentryDavid Goulet
The TORPROTOCOL reason causes the client to close the circuit which is not what we want because other valid streams might be on it. Instead, CONNECTION_REFUSED will leave it open but will not allow more streams to be attached to it. The client then open a new circuit to the destination. Closes #40270 Signed-off-by: David Goulet <dgoulet@torproject.org>
2021-02-03Merge branch 'maint-0.3.5' into release-0.3.5David Goulet
2021-02-03relay: Double the size of the relay reentry setDavid Goulet
This is to minimize false positive and thus deny reentry to Exit connections that were in reality not re-entering. Helps with overall UX. Signed-off-by: David Goulet <dgoulet@torproject.org>
2021-02-03relay: Follow consensus parameter for network reentryDavid Goulet
Obey the "allow-network-reentry" consensus parameters in order to decide to allow it or not at the Exit. Closes #40268 Signed-off-by: David Goulet <dgoulet@torproject.org>
2021-02-03Merge branch 'maint-0.3.5' into release-0.3.5David Goulet
2021-02-020.3.5.13 changelog blurb.Nick Mathewson
2021-02-02start a changelog for 0.3.5.13.Nick Mathewson
2021-01-29test: Add test for exits blocking reentry to the networkGeorge Kadianakis
Signed-off-by: David Goulet <dgoulet@torproject.org>
2021-01-29exit: Deny re-entry into the networkRoger Dingledine
Exit relays now reject exit attempts to known relay addresses + ORPort and also to authorities on the ORPort and DirPort. Closes #2667 Signed-off-by: David Goulet <dgoulet@torproject.org>
2021-01-29relay: Add bloomfiter of relay address + {OR|Dir}PortDavid Goulet
In order to deny re-entry in the network, we now keep a bloomfilter of relay ORPort + address and authorities ORPort + address and DirPort + address combinations. So when an Exit stream is handled, we deny anything connecting back into the network on the ORPorts for relays and on the ORPort+DirPort for the authorities. Related to #2667 Signed-off-by: David Goulet <dgoulet@torproject.org>
2021-01-28Merge branch 'maint-0.3.5' into release-0.3.5David Goulet
2021-01-28Merge branch 'tor-gitlab/mr/50' into maint-0.3.5David Goulet
2021-01-28Merge branch 'maint-0.3.5' into release-0.3.5David Goulet
2021-01-28Merge branch 'tor-gitlab/mr/239' into maint-0.3.5David Goulet
2021-01-28Merge branch 'maint-0.3.5' into release-0.3.5David Goulet
2021-01-28Merge branch 'tor-gitlab/mr/243' into maint-0.3.5David Goulet
2021-01-28Merge branch 'maint-0.3.5' into release-0.3.5David Goulet
2021-01-28Merge branch 'tor-gitlab/mr/254' into maint-0.3.5David Goulet
7apu2bq3rhoylwmucxizk54afw5jyda7pho4j5zdcqpwkufke7zdzwad.onion