| Age | Commit message (Collapse) | Author |
|---|
|
Some *_free functions threw asserts when passed NULL. Now all of them
accept NULL as input and perform no action when called that way.
This gains us consistence for our free functions, and allows some
code simplifications where an explicit null check is no longer necessary.
|
|
|
|
|
|
It turns out that OpenSSL 0.9.8m is likely to take a completely
different approach for reenabling renegotiation than OpenSSL 0.9.8l
did, so we need to work with both. :p Fixes bug 1158.
(patch by coderman; commit message by nickm)
|
|
|
|
* debian-merge: (81 commits)
Drop debian/patches/0a58567c-work-with-reneg-ssl.dpatch (part of upstream)
New upstream version
bump to 0.2.2.6-alpha
remove the 0.2.1.20 debian changelog from master's changelog
Not everybody likes debugging printfs as much as I
add the 0.2.1.20 changelog blurb, plus update the releasenotes
Do not report a partially-successful detached signature add as failed.
only complain when rejecting a descriptor if it has contact info
clean up changelog for the 0.2.2.6-alpha release
Fix compilation with with bionic libc.
New upstream version
Fix a memory leak on directory authorities during voting
Fix building from a separate build directory.
Add changelog entry to 0.2.2.x about openssl 0.9.8l fix
Make Tor work with OpenSSL 0.9.8l
Fix a URL in a log message.
Implement DisableAllSwap to avoid putting secret info in page files.
Fix bug 1113.
Improve log statement when publishing v2 hs desc.
Fix bug 1042.
...
|
|
|
|
|
|
* commit 'tor-0.2.2.6-alpha': (79 commits)
bump to 0.2.2.6-alpha
remove the 0.2.1.20 debian changelog from master's changelog
Not everybody likes debugging printfs as much as I
add the 0.2.1.20 changelog blurb, plus update the releasenotes
Do not report a partially-successful detached signature add as failed.
only complain when rejecting a descriptor if it has contact info
clean up changelog for the 0.2.2.6-alpha release
Fix compilation with with bionic libc.
New upstream version
Fix a memory leak on directory authorities during voting
Fix building from a separate build directory.
Add changelog entry to 0.2.2.x about openssl 0.9.8l fix
Make Tor work with OpenSSL 0.9.8l
Fix a URL in a log message.
Implement DisableAllSwap to avoid putting secret info in page files.
Fix bug 1113.
Improve log statement when publishing v2 hs desc.
Fix bug 1042.
Fix an apparently bogus check; fortunately, it seems to be untriggered.
Fix an accidentally removed free in 385853a282138a61, and repair a check.
...
|
|
|
|
Avoid crashing if the client is trying to upload many bytes and the
circuit gets torn down at the same time, or if the flip side
happens on the exit relay. Bugfix on 0.2.0.1-alpha; fixes bug 1150.
|
|
plus some other unrelated touchups that have been sitting in my
sandbox
|
|
New config option "CircuitStreamTimeout" to override our internal
timeout schedule for how many seconds until we detach a stream from
a circuit and try a new circuit. If your network is particularly
slow, you might want to set this to a number like 60.
|
|
aka Fix an instance where a Tor directory mirror might accidentally
log the IP address of a misbehaving Tor client. Bugfix on
0.1.0.1-rc.
|
|
|
|
shouldn't actually change anything, but who knows.
|
|
|
|
|
|
On this OSX version, there is a stub mlockall() function
that doesn't work, *and* the declaration for it is hidden by
an '#ifdef _P1003_1B_VISIBLE'. This would make autoconf
successfully find the function, but our code fail to build
when no declaration was found.
This patch adds an additional test for the declaration.
|
|
|
|
|
|
|
|
Conflicts:
debian/changelog
|
|
|
|
Also, regenerate the detached-signature document whenever any signatures are
successfully added.
|
|
|
|
|
|
|
|
|
|
it anyways (closes: #478631)
|
|
|
|
libssl 0.9.8k-6 disabled autorenegotation, and the -dev package
introduced the SSL3_FLAGS_ALLOW_UNSAFE_LEGACY_RENEGOTIATION flag.
Since we now set that flag if available we want to make sure that it
*is* available when building.
Therefore build-depend on libssl-dev >= 0.9.8k-6.
If we build against earlier versions we will not work once libssl gets
upgraded to a version that disabled renegotiations.
|
|
work with libssl that has renegotiation disabled by default.
(debian/patches/0a58567c-work-with-reneg-ssl.dpatch)
|
|
* debian-merge:
New upstream version
fix compile on windows
bump to 0.2.2.5-alpha
Move dizum to an alternate IP address.
Ship test.h in release
|
|
|
|
* commit 'tor-0.2.2.5-alpha':
fix compile on windows
bump to 0.2.2.5-alpha
Move dizum to an alternate IP address.
Ship test.h in release
|
|
This fixes bug 1147:
bionic doesn't have an actual implementation of mlockall();
mlockall() is merely in the headers but not actually in the library.
This prevents Tor compilation with the bionic libc for Android handsets.
|
|
|
|
* debian-merge: (37 commits)
New upstream version
bump to 0.2.1.20
Move moria1 and Tonga to alternate IP addresses.
read the "circwindow" parameter from the consensus
Code to parse and access network parameters.
Revert "Teach connection_ap_can_use_exit about Exclude*Nodes"
Work around a memory leak in openssl 0.9.8g (and maybe others)
Teach connection_ap_can_use_exit about Exclude*Nodes
make some bug 1090 warnings go away
Fix a memory leak when parsing a ns
Fix obscure 64-bit big-endian hidserv bug
turns out the packaging changes aren't in 0.2.1.20
update changelog with bundle details
Use an _actual_ fix for the byte-reverse warning.
Use a simpler fix for the byte-reversing warning
Fix compile warnings on Snow Leopard
Add getinfo accepted-server-descriptor. Clean spec.
Reduce log level for bug case that we now know really exists.
Only send reachability status events on overall success/failure
update the README instructions and OS X makefiles
...
|
|
|
|
* commit 'tor-0.2.1.20': (36 commits)
bump to 0.2.1.20
Move moria1 and Tonga to alternate IP addresses.
read the "circwindow" parameter from the consensus
Code to parse and access network parameters.
Revert "Teach connection_ap_can_use_exit about Exclude*Nodes"
Work around a memory leak in openssl 0.9.8g (and maybe others)
Teach connection_ap_can_use_exit about Exclude*Nodes
make some bug 1090 warnings go away
Fix a memory leak when parsing a ns
Fix obscure 64-bit big-endian hidserv bug
turns out the packaging changes aren't in 0.2.1.20
update changelog with bundle details
Use an _actual_ fix for the byte-reverse warning.
Use a simpler fix for the byte-reversing warning
Fix compile warnings on Snow Leopard
Add getinfo accepted-server-descriptor. Clean spec.
Reduce log level for bug case that we now know really exists.
Only send reachability status events on overall success/failure
update the README instructions and OS X makefiles
Avoid segfault when accessing hidden service.
...
|
|
Fix a memory leak on directory authorities during voting that was
introduced in 0.2.2.1-alpha. Found via valgrind.
|
|
|
|
|
|
Conflicts:
src/common/tortls.c
|
|
To fix a major security problem related to incorrect use of
SSL/TLS renegotiation, OpenSSL has turned off renegotiation by
default. We are not affected by this security problem, however,
since we do renegotiation right. (Specifically, we never treat a
renegotiated credential as authenticating previous communication.)
Nevertheless, OpenSSL's new behavior requires us to explicitly
turn renegotiation back on in order to get our protocol working
again.
Amusingly, this is not so simple as "set the flag when you create
the SSL object" , since calling connect or accept seems to clear
the flags.
For belt-and-suspenders purposes, we clear the flag once the Tor
handshake is done. There's no way to exploit a second handshake
either, but we might as well not allow it.
|
|
|
|
This commit implements a new config option: 'DisableAllSwap'
This option probably only works properly when Tor is started as root.
We added two new functions: tor_mlockall() and tor_set_max_memlock().
tor_mlockall() attempts to mlock() all current and all future memory pages.
For tor_mlockall() to work properly we set the process rlimits for memory to
RLIM_INFINITY (and beyond) inside of tor_set_max_memlock().
We behave differently from mlockall() by only allowing tor_mlockall() to be
called one single time. All other calls will result in a return code of 1.
It is not possible to change DisableAllSwap while running.
A sample configuration item was added to the torrc.complete.in config file.
A new item in the man page for DisableAllSwap was added.
Thanks to Moxie Marlinspike and Chris Palmer for their feedback on this patch.
Please note that we make no guarantees about the quality of your OS and its
mlock/mlockall implementation. It is possible that this will do nothing at all.
It is also possible that you can ulimit the mlock properties of a given user
such that root is not required. This has not been extensively tested and is
unsupported. I have included some comments for possible ways we can handle
this on win32.
|
|
Bridges do not use the default exit policy, but reject *:* by default.
|
|
|
