summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2024-02-01Update test stringsSebastian Hahn
2024-02-01Add a changes fileSebastian Hahn
2024-02-01dirauth: Warn when failing to post during a voteSebastian Hahn
The only way to figure out that posting a vote or signatures to another dirauth failed is by counting how many success messages there are on notice level, and noticing that it is fewer than the number of configured dirauths. Closes #40910.
2024-01-30dirauth: Reject 0.4.7.x series at the authority levelDavid Goulet
Signed-off-by: David Goulet <dgoulet@torproject.org>
2024-01-30bwauth: Allow "node_id" KeyValue without "$"juga
Allow "node_id" KeyValue without the dollar sign at the start of the hexdigit in the BandwidthFiles, in order to easier database queries combining Tor documents in which the relays fingerprint doesn't include it. Bugfix on all supported versions of Tor. Closes #40891
2024-01-09add release note and changelog entry for #40819trinity-1686a
2023-12-08version: Bump version to 0.4.8.10-devTor CI Release
2023-12-08version: Bump version to 0.4.8.10Tor CI Release
2023-12-08fallbackdir: Update list generated on December 08, 2023Tor CI Release
2023-12-08Update geoip files to match ipfire location db, 2023/12/08.Tor CI Release
2023-12-08Merge remote-tracking branch 'mikeperry-private/bug40897' into maint-0.4.8David Goulet
2023-12-07Merge remote-tracking branch 'origin/merge-requests/776' into maint-0.4.8Alexander Færøy
2023-12-07Bug 40897: Changes fileMike Perry
2023-12-07Bug 40897 Bug Bounty: Double the number of max conflux circsMike Perry
We strongly suspect that bug 40897 was caused by a custom Tor client that tried to use more than the default number of conflux circuits, for either performance or traffic analysis defense gains, or both. This entity hit a safety check on the exit side, which caused a UAF. Our "belt and suspenders" snapped off, and hit us in the face... again... Since there are good reasons to try more than 2 conflux legs, and research has found some traffic analysis benefits with as many as 5, we're going to raise and parameterize this limit as a form of bug bounty for finding this UAF, so that this entity can try out a little more confluxing. This should also make it easier for researchers to try things like gathering traces with larger amounts of confluxing than normal, to measure real-world traffic analysis impacts of conflux. Shine on, you yoloing anonymous diamond. Let us know if you find out anything interesting!
2023-12-07Bug 40897: Add more checks to free pathsMike Perry
Similar double-frees would be caught earlier by these, so long as the pointers remain nulled out.
2023-12-07Bug 40897: Move safety check to proper location and give it error handling.Mike Perry
2023-12-06update changes file with correct introduced versiontrinity-1686a
2023-11-09version: Bump version to 0.4.8.9-devTor CI Release
2023-11-09version: Bump version to 0.4.8.9Tor CI Release
2023-11-09fallbackdir: Update list generated on November 09, 2023Tor CI Release
2023-11-09Update geoip files to match ipfire location db, 2023/11/09.Tor CI Release
2023-11-09Merge branch 'ticket40883_048_01' into maint-0.4.8David Goulet
2023-11-09Merge branch 'tor-gitlab/mr/778' into maint-0.4.8David Goulet
2023-11-08hs: Always check if the hs_ident is available when processing a cellDavid Goulet
Signed-off-by: David Goulet <dgoulet@torproject.org>
2023-11-07hs: Fix assert in hs_metrics_update_by_ident()David Goulet
The hs_metrics_failed_rdv() macro could pass a NULL value for the identity key when a building circuit would end up in a failure path *before* the "hs_ident" was able to be set which leading to this assert. This was introduced in 0.4.8.1-alpha with the addition of rendezvous circuit failure metrics for the MetricsPort. This fixes TROVE-2023-006 for which its severity is considered high. Signed-off-by: David Goulet <dgoulet@torproject.org>
2023-11-03version: Bump version to 0.4.8.8-devTor CI Release
2023-11-03Merge branch 'maint-0.4.7' into maint-0.4.8David Goulet
2023-11-03version: Bump version to 0.4.7.16-devmaint-0.4.7Tor CI Release
2023-11-03Update geoip files to match ipfire location db, 2023/11/03.Tor CI Release
2023-11-03fallbackdir: Update list generated on November 03, 2023Tor CI Release
2023-11-03Merge branch 'maint-0.4.7' into maint-0.4.8David Goulet
2023-11-03version: Bump version to 0.4.8.8tor-0.4.8.8Tor CI Release
2023-11-03version: Bump version to 0.4.7.16tor-0.4.7.16Tor CI Release
2023-11-03fallbackdir: Update list generated on November 03, 2023Tor CI Release
2023-11-03Update geoip files to match ipfire location db, 2023/11/03.Tor CI Release
2023-11-03Merge branch 'maint-0.4.7' into maint-0.4.8David Goulet
2023-11-03Sync geoip and fallbackdir from maint 048 before releaseDavid Goulet
Signed-off-by: David Goulet <dgoulet@torproject.org>
2023-11-03Merge branch 'maint-0.4.7' into maint-0.4.8David Goulet
2023-11-03Fix TROVE-2023-004: Remote crash when compiled against OpenSSLAlexander Færøy
Fixes #40874 Signed-off-by: David Goulet <dgoulet@torproject.org>
2023-11-01Bug 40876 changes fileMike Perry
2023-11-01Bug 40876: Extra loggingMike Perry
2023-11-01Bug 40876: Don't reduce primary list for temporary restrictionsMike Perry
2023-10-30Changes file for bug 40878Mike Perry
2023-10-30Bug 40878: Count a valid conflux linked cell as valid dataMike Perry
For vanguards addon.
2023-10-12add change filetrinity-1686a
2023-10-12fix bridge transport statisticstrinity-1686a
2023-10-12configure: Bump version to 0.4.8.8-devDavid Goulet
Signed-off-by: David Goulet <dgoulet@torproject.org>
2023-10-11Merge branch 'bug40869_048' into 'maint-0.4.8'David Goulet
Fix the spelling of maxunmeasur(e)dbw (backport to 0.4.8) See merge request tpo/core/tor!774
2023-10-11Fix the spelling of maxunmeasur(e)dbw.Nick Mathewson
This has been misspelled when using consensus method 31 or later since 0.4.6.1-alpha. Fixes bug 40869. This commit is a backport of b9b0abd6c26d9b361923 to 0.4.8.
2023-09-25version: Bump version to 0.4.8.7-devDavid Goulet
Signed-off-by: David Goulet <dgoulet@torproject.org>
7apu2bq3rhoylwmucxizk54afw5jyda7pho4j5zdcqpwkufke7zdzwad.onion