Merge branch 'maint-0.2.5' into release-0.2.5
This commit is contained in:
commit
01d5921435
|
@ -0,0 +1,4 @@
|
|||
o Minor bugfixes (hidden service):
|
||||
- Fix an out-of-bounds read when parsing invalid INTRODUCE2 cells
|
||||
on a client authorized hidden service. Fixes bug 15823; bugfix
|
||||
on 0.2.1.6-alpha.
|
|
@ -0,0 +1,7 @@
|
|||
o Minor bugfixes (crypto error-handling):
|
||||
- If crypto_early_init fails, a typo in a return value from tor_init
|
||||
means that tor_main continues running, rather than returning
|
||||
an error value.
|
||||
Fixes bug 16360; bugfix on d3fb846d8c98 in 0.2.5.2-alpha,
|
||||
introduced when implementing #4900.
|
||||
Patch by "teor".
|
|
@ -0,0 +1,7 @@
|
|||
o Major bugfixes (guard selection):
|
||||
- Actually look at the Guard flag when selecting a new directory
|
||||
guard. When we implemented the directory guard design, we
|
||||
accidentally started treating all relays as if they have the Guard
|
||||
flag during guard selection, leading to weaker anonymity and worse
|
||||
performance. Fixes bug 17222; bugfix on 0.2.4.8-alpha. Discovered
|
||||
by Mohsen Imani.
|
|
@ -0,0 +1,3 @@
|
|||
o Compilation fixes:
|
||||
- Fix a compilation warning with Clang 3.6: Do not check the
|
||||
presence of an address which can never be NULL. Fixes bug 17781.
|
|
@ -0,0 +1,4 @@
|
|||
o Minor features (authorities):
|
||||
- Update the V3 identity key for dannenberg, it was changed on
|
||||
18 November 2015.
|
||||
Closes task #17906. Patch by "teor".
|
|
@ -0,0 +1,4 @@
|
|||
o Minor features:
|
||||
- Update geoip and geoip6 to the December 1 2015 Maxmind GeoLite2
|
||||
Country database.
|
||||
|
|
@ -0,0 +1,4 @@
|
|||
o Minor features:
|
||||
- Update geoip and geoip6 to the January 5 2016 Maxmind GeoLite2
|
||||
Country database.
|
||||
|
|
@ -0,0 +1,3 @@
|
|||
o Minor features:
|
||||
- Update geoip and geoip6 to the July 8 2015 Maxmind GeoLite2 Country database.
|
||||
|
|
@ -0,0 +1,3 @@
|
|||
o Minor features:
|
||||
- Update geoip to the June 3 2015 Maxmind GeoLite2 Country database.
|
||||
|
|
@ -0,0 +1,3 @@
|
|||
o Minor features:
|
||||
- Update geoip and geoip6 to the October 9 2015 Maxmind GeoLite2 Country database.
|
||||
|
|
@ -0,0 +1,3 @@
|
|||
o Minor features:
|
||||
- Update geoip and geoip6 to the September 3 2015 Maxmind GeoLite2 Country database.
|
||||
|
|
@ -0,0 +1,3 @@
|
|||
o Minor features:
|
||||
- Update geoip6 to the June 3 2015 Maxmind GeoLite2 Country database.
|
||||
|
28651
src/config/geoip
28651
src/config/geoip
File diff suppressed because it is too large
Load Diff
6441
src/config/geoip6
6441
src/config/geoip6
File diff suppressed because it is too large
Load Diff
|
@ -862,7 +862,7 @@ add_default_trusted_dir_authorities(dirinfo_type_t type)
|
|||
"v3ident=ED03BB616EB2F60BEC80151114BB25CEF515B226 "
|
||||
"131.188.40.189:80 F204 4413 DAC2 E02E 3D6B CF47 35A1 9BCA 1DE9 7281",
|
||||
"dannenberg orport=443 "
|
||||
"v3ident=585769C78764D58426B8B52B6651A5A71137189A "
|
||||
"v3ident=0232AF901C31A04EE9848595AF9BB7620D4C5B2E "
|
||||
"193.23.244.244:80 7BE6 83E6 5D48 1413 21C5 ED92 F075 C553 64AC 7123",
|
||||
"urras orport=80 v3ident=80550987E1D626E3EBA5E5E75A458DE0626D088C "
|
||||
"208.83.223.34:443 0AD3 FA88 4D18 F89E EA2D 89C0 1937 9E0E 7FD9 4417",
|
||||
|
|
|
@ -744,7 +744,7 @@ connection_ap_fail_onehop(const char *failed_digest,
|
|||
/* we don't know the digest; have to compare addr:port */
|
||||
tor_addr_t addr;
|
||||
if (!build_state || !build_state->chosen_exit ||
|
||||
!entry_conn->socks_request || !entry_conn->socks_request->address)
|
||||
!entry_conn->socks_request)
|
||||
continue;
|
||||
if (tor_addr_parse(&addr, entry_conn->socks_request->address)<0 ||
|
||||
!tor_addr_eq(&build_state->chosen_exit->addr, &addr) ||
|
||||
|
|
|
@ -2346,7 +2346,7 @@ tor_init(int argc, char *argv[])
|
|||
/* Set up the crypto nice and early */
|
||||
if (crypto_early_init() < 0) {
|
||||
log_err(LD_GENERAL, "Unable to initialize the crypto subsystem!");
|
||||
return 1;
|
||||
return -1;
|
||||
}
|
||||
|
||||
/* Initialize the history structures. */
|
||||
|
|
|
@ -969,11 +969,13 @@ rend_service_requires_uptime(rend_service_t *service)
|
|||
return 0;
|
||||
}
|
||||
|
||||
/** Check client authorization of a given <b>descriptor_cookie</b> for
|
||||
* <b>service</b>. Return 1 for success and 0 for failure. */
|
||||
/** Check client authorization of a given <b>descriptor_cookie</b> of
|
||||
* length <b>cookie_len</b> for <b>service</b>. Return 1 for success
|
||||
* and 0 for failure. */
|
||||
static int
|
||||
rend_check_authorization(rend_service_t *service,
|
||||
const char *descriptor_cookie)
|
||||
const char *descriptor_cookie,
|
||||
size_t cookie_len)
|
||||
{
|
||||
rend_authorized_client_t *auth_client = NULL;
|
||||
tor_assert(service);
|
||||
|
@ -984,6 +986,13 @@ rend_check_authorization(rend_service_t *service,
|
|||
return 0;
|
||||
}
|
||||
|
||||
if (cookie_len != REND_DESC_COOKIE_LEN) {
|
||||
log_info(LD_REND, "Descriptor cookie is %lu bytes, but we expected "
|
||||
"%lu bytes. Dropping cell.",
|
||||
(unsigned long)cookie_len, (unsigned long)REND_DESC_COOKIE_LEN);
|
||||
return 0;
|
||||
}
|
||||
|
||||
/* Look up client authorization by descriptor cookie. */
|
||||
SMARTLIST_FOREACH(service->clients, rend_authorized_client_t *, client, {
|
||||
if (tor_memeq(client->descriptor_cookie, descriptor_cookie,
|
||||
|
@ -1330,7 +1339,8 @@ rend_service_introduce(origin_circuit_t *circuit, const uint8_t *request,
|
|||
if (service->clients) {
|
||||
if (parsed_req->version == 3 && parsed_req->u.v3.auth_len > 0) {
|
||||
if (rend_check_authorization(service,
|
||||
(const char*)parsed_req->u.v3.auth_data)) {
|
||||
(const char*)parsed_req->u.v3.auth_data,
|
||||
parsed_req->u.v3.auth_len)) {
|
||||
log_info(LD_REND, "Authorization data in INTRODUCE2 cell are valid.");
|
||||
} else {
|
||||
log_info(LD_REND, "The authorization data that are contained in "
|
||||
|
|
|
@ -1459,8 +1459,14 @@ router_pick_directory_server_impl(dirinfo_type_t type, int flags)
|
|||
if ((type & MICRODESC_DIRINFO) && !is_trusted &&
|
||||
!node->rs->version_supports_microdesc_cache)
|
||||
continue;
|
||||
if (for_guard && node->using_as_guard)
|
||||
continue; /* Don't make the same node a guard twice. */
|
||||
/* Don't make the same node a guard twice */
|
||||
if (for_guard && node->using_as_guard) {
|
||||
continue;
|
||||
}
|
||||
/* Ensure that a directory guard is actually a guard node. */
|
||||
if (for_guard && !node->is_possible_guard) {
|
||||
continue;
|
||||
}
|
||||
if (try_excluding &&
|
||||
routerset_contains_routerstatus(options->ExcludeNodes, status,
|
||||
country)) {
|
||||
|
|
Loading…
Reference in New Issue