| Age | Commit message (Collapse) | Author |
|---|
|
Previously the dirserv_orconn_tls_done() function would skip routers
when they advertised an ed25519 key but didn't present it during the
link handshake. But that covers all versions between 0.2.7.2-alpha
and 0.2.9.x inclusive!
Fixes bug 21107; bugfix on 0.3.0.1-alpha.
|
|
|
|
|
|
Signed-off-by: David Goulet <dgoulet@torproject.org>
|
|
|
|
|
|
Because we don't allow client functionalities in non anonymous mode,
recommending Tor2web is a bad idea.
If a user wants to use Tor2web as a client (losing all anonymity), it should
run a second tor, not use it with a single onion service tor.
Fixes #21294.
Signed-off-by: David Goulet <dgoulet@torproject.org>
|
|
|
|
|
|
This patch adds checks for expected log messages for failure cases of
different ill-formed ESTABLISH_INTRO cell's.
See: https://bugs.torproject.org/21266
|
|
|
|
|
|
|
|
|
|
Determining if OpenSSL structures are opaque now uses an autoconf check
instead of comparing the version number. Some definitions have been
moved to their own check as assumptions which were true for OpenSSL
with opaque structures did not hold for LibreSSL. Closes ticket 21359.
|
|
It is renamed to --enable-fragile-hardening.
TROVE-2017-001 was triggerable only through the expensive hardening which is
making the tor daemon abort when the issue is detected. Thus, it makes tor
more at risk of remote crashes but safer against RCE or heartbleed bug
category.
Fixes #21290.
Signed-off-by: David Goulet <dgoulet@torproject.org>
|
|
|
|
This issue was triggered by 17027 in 0.2.8.1-alpha, which rejects a relay's
own IPv6 address.
Bugfix on commit 004f3f4e53 in 0.2.4.7-alpha.
|
|
This disregards anything smaller than an IPv6 /64, and rejects ports that
are rejected on an IPv6 /16 or larger.
Adjust existing unit tests, and add more to cover exceptional cases.
No IPv4 behaviour changes.
Fixes bug 21357
|
|
This interim fix results in too many IPv6 rejections.
No behaviour change for IPv4 counts, except for overflow fixes that
would require 4 billion redundant 0.0.0.0/0 policy entries to trigger.
Part of 21357
|
|
No behaviour change, apart from non-fatal assertions
Part of 21357
|
|
These tests currently fail due to bug 21357
|
|
|
|
|
|
|
|
Stop modifying the value of our torrc option HiddenServiceStatistics just
because we're not a bridge or relay. This bug was causing Tor Browser users to
write "HiddenServiceStatistics 0" in their torrc files as if they had chosen
to change the config.
Fixes #21150
Signed-off-by: David Goulet <dgoulet@torproject.org>
|
|
|
|
|
|
|
|
|
|
|
|
It's okay for guard_state to be null: we might have a fallback
circuit, or we might not be using guards.
Fixes bug 211228; bugfix on 0.3.0.1-alpha
|
|
Since we can call this function more than once before we update all
the confirmed_idx fields, we can't rely on all the relays having an
accurate confirmed_idx.
Fixes bug 21129; bugfix on 0.3.0.1-alpha
|
|
But do clear is_v2_dir.
Fixes bug 21108 -- bugfix on d95e7c7d67134b9b964d49cf8c2bdbf805a in
0.2.0.13-alpha.
|
|
We need to call it before nt_service_parse_options(), since
nt_service_parse_options() can call back into nt_service_main(),
which calls do_main_loop().
Fixes bug 21356; bugfix on 0.2.9.1-alpha.
|
|
|
|
In addition to not wanting to build circuits until we can see most
of the paths in the network, and in addition to not wanting to build
circuits until we have a consensus ... we shouldn't build circuits
till all of our (in-use) primary guards have descriptors that we can
use for them.
This is another bug 21242 fix.
|
|
Actually, it's _fine_ to use a descriptorless guard for fetching
directory info -- we just shouldn't use it when building circuits.
Fortunately, we already have a "usage" flag that we can use here.
Partial fix for bug 21242.
|
|
This relates to the 21242 fix -- entry_guard_pick_for_circuit()
should never yield nodes without descriptors when the node is going
to be used for traffic, since we won't be able to extend through
them.
|
|
This assertion triggered in the (error) case where we got a result
from guards_choose_guard() without a descriptor. That's not
supposed to be possible, but it's not worth crashing over.
|
|
|
|
They now have a ticket: #21349.
|
|
These commments were complaints about how I didn't like some aspects
of prop271. They have been superseded by ticket 20832.
|
|
|
|
|
|
In some cases, replace those comments with better ones.
|
|
I broke "GETCONF *Port" in 20956, when I made SocksPort a
subordinate option of the virtual option SocksPortLines, so that I
could make SocksPort and __SocksPort provide qthe same
functionality. The problem was that you can't pass a subordinate
option to GETCONF.
So, this patch fixes that by letting you fetch subordinate options.
It won't always be meaningful to consider these options
out-of-context, but that can be the controller-user's
responsibility to check.
Closes ticket 21300.
|
|
|
|
|
|
|
