| Age | Commit message (Collapse) | Author |
|---|
|
|
|
|
|
The logic was inverted. Introduced in commit
9155e08450fe7a609f8223202e8aa7dfbca20a6d.
This was reported through our bug bounty program on H1. It fixes the
TROVE-2022-002.
Fixes #40730
Signed-off-by: David Goulet <dgoulet@torproject.org>
|
|
|
|
|
|
|
|
|
|
We need the fallbackdir file to be the same so our release CI can
generate a new list and apply it uniformly on all series.
(Same as geoip)
Signed-off-by: David Goulet <dgoulet@torproject.org>
|
|
We need all geoip files to be the same so our release CI can generate a
new list and apply it uniformly on all series.
Signed-off-by: David Goulet <dgoulet@torproject.org>
|
|
Rotate the relay identity key and v3 identity key for moria1. They
have been online for more than a decade, there was a known potential
compromise, and anyway refreshing keys periodically is good practice.
Advertise new ports too, to avoid confusion.
Closes ticket 40722.
|
|
This change mitigates DNS-based website oracles by making the time that
a domain name is cached uncertain (+- 4 minutes of what's measurable).
Resolves TROVE-2021-009.
Fixes #40674
|
|
This change ensures that other parts of the code base always operate on
the same clipped TTL values, notably without being aware of clipping.
|
|
|
|
Closes #40688
Signed-off-by: David Goulet <dgoulet@torproject.org>
|
|
Closes #40687
Signed-off-by: David Goulet <dgoulet@torproject.org>
|
|
Bug 1: We were purporting to calculate milliseconds per tick, when we
*should* have been computing ticks per millisecond.
Bug 2: Instead of computing either one of those, we were _actually_
computing femtoseconds per tick.
These two bugs covered for one another on x86 hardware, where 1 tick
== 1 nanosecond. But on M1 OSX, 1 tick is about 41 nanoseconds,
causing surprising results.
Fixes bug 40684; bugfix on 0.3.3.1-alpha.
|
|
|
|
|
|
Fixes #40658
Signed-off-by: David Goulet <dgoulet@torproject.org>
|
|
|
|
|
|
|
|
|
|
Signed-off-by: David Goulet <dgoulet@torproject.org>
|
|
Signed-off-by: David Goulet <dgoulet@torproject.org>
|
|
|
|
Fixes #40649
Signed-off-by: David Goulet <dgoulet@torproject.org>
|
|
Fixes #40604
Signed-off-by: David Goulet <dgoulet@torproject.org>
|
|
|
|
Previously, `channelpadding_get_netflow_inactive_timeout_ms` would
crash with an assertion failure if `low_timeout` was greater than
`high_timeout`. That wasn't possible in practice because of checks
in `channelpadding_update_padding_for_channel`, but it's better not
to have a function whose correctness is this tricky to prove.
Fixes #40645. Bugfix on 0.3.1.1-alpha.
|
|
Fix from previous commit where a DESTROY cell is sent instead of a
TRUNCATED.
Related to #40623
Signed-off-by: David Goulet <dgoulet@torproject.org>
|
|
Note that with this commit, TRUNCATED cells won't be used anymore that
is client and relays won't emit them.
Fixes #40623
Signed-off-by: David Goulet <dgoulet@torproject.org>
|
|
This was found to be necessary in conjunction with glibc 2.35 on Linux.
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
|
|
|
|
|
|
|
|
Apparently glibc-2.34 uses clone3, when previously it just used
clone.
Closes ticket #40590.
|
|
Due to a possible Guard subsystem recursion, when the HS client gets
notified that the directory information has changed, it must run it in a
seperate mainloop event to avoid such issue.
See the ticket for more information on the recursion. This also fixes a
fatal assert.
Fixes #40579
Signed-off-by: David Goulet <dgoulet@torproject.org>
|
|
Prometheus needs unique labels and so this bug was causing an onion
service with multiple ports to have multiple "port=" label for the
metrics requiring a port label.
Fixes #40581
Signed-off-by: David Goulet <dgoulet@torproject.org>
|
|
It looks like our code actually assumes (by dereferencing it in a
log call) that ed_id will _not_ be NULL, but rather will be a bunch
of zero bytes. Refactor the code accordingly, and stop using NULL
tests on ed_id.
|
|
We expect ed_id == NULL here to indicate "no ed id", but other parts
of Tor sometimes use an all-0 ed_id. Here we detect that input and
replace it with what's expected.
|
|
The previous code would notice if we were changing from one identity
to another, but not if we were changing from no identity to having
an identity. This problem caused a bug (spotted by cypherpunks in
ticket #40563) where if we created a channel for a circuit request
that doesn't include an Ed25519 identity, we won't be able to use
that channel later for requests that _do_ list Ed25519.
Fix for 40563; bugfix on 0.3.0.1-alpha.
|
|
Previously we were using tor_assert() to enforce the documented
invariant here; this commit changes it to use BUG() instead. It
will protect us from crashes if the next commit (on #40563) turns
out to expose a bug somewhere.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Fixes #40552
Signed-off-by: David Goulet <dgoulet@torproject.org>
|
