Merge branch 'maint-0.2.7' into release-0.2.7

2015-12-10 04:12:10 -05:00 · 2015-12-10 04:12:10 -05:00 · b2a53e8ca9
parent e0fa07c06f c6a337557a
commit b2a53e8ca9
14 changed files with 5558 additions and 1626 deletions
--- a/changes/bug16056
+++ b/changes/bug16056
@ -0,0 +1,4 @@
+  o Minor bugfixes (relay, IPv6):
+    - When displaying an IPv6 exit policy, include the mask bits correctly
+      even when the number is greater than 31. Fixes bug 16056; bugfix on
+      0.2.4.7-alpha. Patch from "gturner".
--- a/changes/bug16702
+++ b/changes/bug16702
@ -0,0 +1,4 @@
+  o Minor bugfixes (hidden service)
+    - The wrong list was used when looking up expired intro points in a rend
+      service object causing what we think could be reachability issues and
+      triggering a BUG log. Fixes 16702; bugfix on tor-0.2.7.2-alpha.
--- a/changes/bug17551
+++ b/changes/bug17551
@ -0,0 +1,4 @@
+  o Minor bugfixes (compilation):
+    - When checking for net/pfvar.h, include netinet/in.h if possible.
+      This fixes transparent proxy detection on OpenBSD. Fixes bug
+      17551; bugfix on 0.1.2.1-alpha. Patch from "rubiate".
--- a/changes/bug17722
+++ b/changes/bug17722
@ -0,0 +1,3 @@
+  o Minor bugfixes (code correctness)
+    - Fix undefined behavior in the tor_cert_checksig function. Fixes bug
+      17722; bugfix on tor-0.2.7.2-alpha.
--- a/changes/bug17772
+++ b/changes/bug17772
@ -0,0 +1,7 @@
+  o Major bugfixes (guard selection):
+    - Actually look at the Guard flag when selecting a new directory
+      guard. When we implemented the directory guard design, we
+      accidentally started treating all relays as if they have the Guard
+      flag during guard selection, leading to weaker anonymity and worse
+      performance. Fixes bug 17222; bugfix on 0.2.4.8-alpha. Discovered
+      by Mohsen Imani.
--- a/changes/bug17781
+++ b/changes/bug17781
@ -0,0 +1,3 @@
+  o Compilation fixes:
+    - Fix a compilation warning with Clang 3.6: Do not check the
+      presence of an address which can never be NULL. Fixes bug 17781.
--- a/changes/geoip-december2015
+++ b/changes/geoip-december2015
@ -0,0 +1,4 @@
+  o Minor features:
+    - Update geoip and geoip6 to the December 1 2015 Maxmind GeoLite2
+      Country database.
+
--- a/configure.ac
+++ b/configure.ac
@ -971,6 +971,9 @@ AC_CHECK_HEADERS(net/pfvar.h, net_pfvar_found=1, net_pfvar_found=0,
 #endif
 #ifdef HAVE_NET_IF_H
 #include <net/if.h>
+#endif
+#ifdef HAVE_NETINET_IN_H
+#include <netinet/in.h>
 #endif])

 AC_CHECK_HEADERS(linux/if.h,[],[],
--- a/src/config/geoip
+++ b/src/config/geoip
--- a/src/config/geoip6
+++ b/src/config/geoip6
--- a/src/or/policies.c
+++ b/src/or/policies.c
@ -1391,9 +1391,9 @@ policy_write_item(char *buf, size_t buflen, addr_policy_t *policy,
  if (result < 0)
    return -1;
  written += strlen(buf);
-  /* If the maskbits is 32 we don't need to give it.  If the mask is 0,
-   * we already wrote "*". */
-  if (policy->maskbits < 32 && policy->maskbits > 0) {
+  /* If the maskbits is 32 (IPv4) or 128 (IPv6) we don't need to give it.  If
+     the mask is 0, we already wrote "*". */
+  if (policy->maskbits < (is_ip6?128:32) && policy->maskbits > 0) {
    if (tor_snprintf(buf+written, buflen-written, "/%d", policy->maskbits)<0)
      return -1;
    written += strlen(buf+written);
--- a/src/or/rendservice.c
+++ b/src/or/rendservice.c
@ -3038,7 +3038,8 @@ find_expiring_intro_point(rend_service_t *service, origin_circuit_t *circ)
  tor_assert(TO_CIRCUIT(circ)->purpose == CIRCUIT_PURPOSE_S_ESTABLISH_INTRO ||
             TO_CIRCUIT(circ)->purpose == CIRCUIT_PURPOSE_S_INTRO);

-  SMARTLIST_FOREACH(service->intro_nodes, rend_intro_point_t *, intro_point,
+  SMARTLIST_FOREACH(service->expiring_nodes, rend_intro_point_t *,
+                    intro_point,
    if (crypto_pk_eq_keys(intro_point->intro_key, circ->intro_key)) {
      return intro_point;
  });
--- a/src/or/routerlist.c
+++ b/src/or/routerlist.c
@ -1501,8 +1501,14 @@ router_pick_directory_server_impl(dirinfo_type_t type, int flags,
    if ((type & EXTRAINFO_DIRINFO) &&
        !router_supports_extrainfo(node->identity, is_trusted_extrainfo))
      continue;
-    if (for_guard && node->using_as_guard)
-      continue; /* Don't make the same node a guard twice. */
+    /* Don't make the same node a guard twice */
+    if (for_guard && node->using_as_guard) {
+      continue;
+    }
+    /* Ensure that a directory guard is actually a guard node. */
+    if (for_guard && !node->is_possible_guard) {
+      continue;
+    }
    if (try_excluding &&
        routerset_contains_routerstatus(options->ExcludeNodes, status,
                                        country)) {
--- a/src/or/torcert.c
+++ b/src/or/torcert.c
@ -206,7 +206,11 @@ tor_cert_checksig(tor_cert_t *cert,
    return -1;
  } else {
    cert->sig_ok = 1;
-    memcpy(cert->signing_key.pubkey, checkable.pubkey->pubkey, 32);
+    /* Only copy the checkable public key when it is different from the signing
+     * key of the certificate to avoid undefined behavior. */
+    if (cert->signing_key.pubkey != checkable.pubkey->pubkey) {
+      memcpy(cert->signing_key.pubkey, checkable.pubkey->pubkey, 32);
+    }
    cert->cert_valid = 1;
    return 0;
  }