Age | Commit message (Collapse) | Author |
|
|
|
|
|
|
|
The POODLE attack doesn't affect Tor, but there's no reason to tempt
fate: SSLv3 isn't going to get any better.
|
|
|
|
Also, make sure we will compile correctly on systems where they
finally rip it out.
Fixes issue #13325. Caused by this openbsd commit:
http://marc.info/?l=openbsd-cvs&m=140768179627976&w=2
Reported by Fredzupy.
|
|
|
|
Fixes bug 13295; bugfix on 0.2.5.3-alpha.
The alternative here is to call crypto_global_init() from tor-resolve,
but let's avoid linking openssl into tor-resolve for as long as we
can.
|
|
Conflicts:
src/or/config.c
|
|
|
|
|
|
|
|
Clients now send the correct address for their chosen rendezvous point
when trying to access a hidden service. They used to send the wrong
address, which would still work some of the time because they also
sent the identity digest of the rendezvous point, and if the hidden
service happened to try connecting to the rendezvous point from a relay
that already had a connection open to it, the relay would reuse that
connection. Now connections to hidden services should be more robust
and faster. Also, this bug meant that clients were leaking to the hidden
service whether they were on a little-endian (common) or big-endian (rare)
system, which for some users might have reduced their anonymity.
Fixes bug 13151; bugfix on 0.2.1.5-alpha.
|
|
|
|
Tor Browser includes several ClientTransportPlugin lines in its
torrc-defaults file, leading every Tor Browser user who looks at her
logs to see these notices and wonder if they're dangerous.
Resolves bug 13124; bugfix on 0.2.5.3-alpha.
|
|
Technically, we're not allowed to take the address of a member can't
exist relative to the null pointer. That makes me wonder how any sane
compliant system implements the offsetof macro, but let's let sleeping
balrogs lie.
Fixes 13096; patch on 0.1.1.9-alpha; patch from "teor", who was using
clang -fsanitize=undefined-trap -fsanitize-undefined-trap-on-error -ftrapv
|
|
|
|
|
|
|
|
Fixes bug 13081; bugfix on 0.2.5.1-alpha. Patch from "NewEraCracker."
|
|
Patch from teor to fix 13071.
|
|
Back in 078d6bcd, we added an event number 0x20, but we didn't make
the event_mask field big enough to compensate.
Patch by "teor". Fixes 13085; bugfix on 0.2.5.1-alpha.
|
|
Closes #13092; patch from dgoulet.
|
|
changes after handshake; fixes bug #12160
|
|
|
|
Most of these are in somewhat non-obvious code where it is probably
a good idea to initialize variables and add extra assertions anyway.
Closes 13036. Patches from "teor".
|
|
|
|
|
|
It's now a protocol-warn, since there's nothing relay operators can
do about a client that sends them a malformed create cell.
Resolves bug 12996; bugfix on 0.0.6rc1.
|
|
Instead of putting it all in one warning message, log what exactly
was wrong with the circuit.
Resolves ticket 12997.
|
|
The fix for bug 4647 accidentally removed our hack from bug 586 that
rewrote HashedControlPassword to __HashedControlSessionPassword when
it appears on the commandline (which allowed the user to set her own
HashedControlPassword in the torrc file while the controller generates
a fresh session password for each run).
Fixes bug 12948; bugfix on 0.2.5.1-alpha.
|
|
Closes 12908; see #8742
|
|
Two bugs here:
1) We didn't add EXTEND2/EXTENDED2 to relay_command_to_string().
2) relay_command_to_string() didn't log the value of unrecognized
commands.
Both fixed here.
|
|
This will fix the warning
"/src/or/config.c:6854:48: error: unused parameter 'group_readable'"
that I introduced while fixing 12864.
Bug not in any released version of Tor.
|
|
|
|
|
|
These got committed by mistake.
|
|
We don't actually allow a group name, but the documentation implied
that we did.
|
|
When we merged the cookieauthfile creation logic in 33c3e60a37, we
accidentally took out this feature. Fixes bug 12864, bugfix on
0.2.5.1-alpha.
Also adds an ExtORPortCookieAuthFileGroupReadable, since there's no
reason not to.
|
|
Conflicts:
src/or/circuitbuild.c
|
|
This fixes a double-define introduced in 28538069b2f1909a7600ec6d
|
|
|
|
|
|
|
|
|
|
|
|
I looked for other places where we set circ->n_chan early, and found
one in circuit_handle_first_hop() right before it calls
circuit_send_next_onion_skin(). If onion_skin_create() fails there,
then n_chan will still be set when circuit_send_next_onion_skin()
returns. We should probably fix that too.
|
|
Prevents other cases of 12848.
|
|
Cypherpunks found this and wrote this patch.
Fix for 12848; fix on (I think) d58d4c0d, which went into 0.0.8pre1
|
|
patch from mttp; fixes 12830
|