sarah
/
tor
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
21,132 Commits 31 Branches 486 Tags 66 MiB
Commit Graph

21132 Commits

Author SHA1 Message Date
Nick Mathewson 1fe5097132 Sort changelog in release-0.2.7-redux 2017-02-28 10:11:45 -05:00
Nick Mathewson 680d940298 Adjust 0.2.7.7 changelog entry from 0.3.0.4-rc to match 2017-02-28 10:05:23 -05:00
Nick Mathewson 9da2c9954d whoops; missed one 2017-02-23 16:08:20 -05:00
Nick Mathewson 4496301aa7 Begin an 0.2.7.7 changelog 
To build this changelog, I've gone through the entries in
release-0.2.4's changes subdirectory, and looked up the ChangeLog
entry for each.  I have not sorted them yet.
 2017-02-23 16:02:41 -05:00
Nick Mathewson aec45bc0b1 Merge branch 'maint-0.2.6' into maint-0.2.7-redux 2017-02-17 17:10:47 -05:00
Nick Mathewson f7ed4a7d8f Merge branch 'maint-0.2.5' into maint-0.2.6 2017-02-15 07:52:33 -05:00
Nick Mathewson 6e7ff9ee31 Merge branch 'maint-0.2.6' of git-rw.torproject.org:/tor into maint-0.2.6 2017-02-15 07:51:41 -05:00
Nick Mathewson aeb299ba6d Merge branch 'maint-0.2.5' of git-rw.torproject.org:/tor into maint-0.2.5 2017-02-15 07:51:33 -05:00
Nick Mathewson 3781f24b80 Merge branch 'maint-0.2.5' into maint-0.2.6 2017-02-15 07:47:12 -05:00
Nick Mathewson a452b71395 Merge branch 'maint-0.2.4' into maint-0.2.5 2017-02-15 07:47:04 -05:00
Nick Mathewson 194e31057f Avoid integer underflow in tor_version_compare. 
Fix for TROVE-2017-001 and bug 21278.

(Note: Instead of handling signed ints "correctly", we keep the old
behavior, except for the part where we would crash with -ftrapv.)
 2017-02-14 16:10:27 -05:00
Roger Dingledine e778a411b9 Merge branch 'maint-0.2.5' into maint-0.2.6 2017-02-13 15:27:57 -05:00
Roger Dingledine 144ec3d58c Merge branch 'maint-0.2.4' into maint-0.2.5 2017-02-13 15:23:50 -05:00
Roger Dingledine 635c5a8a92 be sure to remember the changes file for #20384 2017-02-13 15:22:36 -05:00
Nick Mathewson 43c18b1b7a Merge branch 'maint-0.2.5' into maint-0.2.6 2017-02-13 14:37:42 -05:00
Nick Mathewson 124062e843 Merge branch 'maint-0.2.4' into maint-0.2.5 2017-02-13 14:37:01 -05:00
Karsten Loesing f6016058b4 Update geoip and geoip6 to the February 8 2017 database. 2017-02-12 15:56:31 +01:00
Nick Mathewson 8a1f0876ed Merge branch 'maint-0.2.6' into maint-0.2.7-redux 2017-02-07 10:38:05 -05:00
Nick Mathewson f2a30413a3 Merge branch 'maint-0.2.5' into maint-0.2.6 2017-02-07 10:37:53 -05:00
Nick Mathewson 2ce4330249 Merge remote-tracking branch 'public/bug18710_025' into maint-0.2.5 2017-02-07 10:37:43 -05:00
Nick Mathewson c056d19323 Merge branch 'maint-0.2.4' into maint-0.2.5 2017-02-07 10:37:31 -05:00
Nick Mathewson 3f5a710958 Revert "Revert "Add hidserv-stats filname to our sandbox filter"" 
This reverts commit 5446cb8d3d.

The underlying revert was done in 0.2.6, since we aren't backporting
seccomp2 loosening fixes to 0.2.6.  But the fix (for 17354) already
went out in 0.2.7.4-rc, so we shouldn't revert it in 0.2.7.
 2017-02-07 10:13:20 -05:00
Nick Mathewson 5b60bd84f2 Bump the version to 0.2.7.6-dev again 2017-02-07 09:59:54 -05:00
Nick Mathewson e91bb84a91 Merge branch 'maint-0.2.6' into maint-0.2.7-redux 
maint-0.2.7-redux is an attempt to try to re-create a plausible
maint-0.2.7 branch.  I've started from the tor-0.2.7.6, and then I
merged maint-0.2.6 into the branch.

This has produced 2 conflicts: one related to the
rendcommon->rendcache move, and one to the authority refactoring.
 2017-02-07 09:59:12 -05:00
Nick Mathewson 85a2487f97 Disable a log_backtrace (which 0.2.4 does not have) in 16248 fix 2017-02-07 09:49:23 -05:00
Nick Mathewson cfeb1db2fb Add comments to connection_check_event(). 2017-02-07 09:48:24 -05:00
Nick Mathewson 457d38a6e9 Change behavior on missing/present event to warn instead of asserting. 
Add a changes file.
 2017-02-07 09:48:19 -05:00
Nick Mathewson 650c03127a If we start/stop reading on a dnsserv connection, don't assert. 
Fixes bug 16248. Patch from cypherpunks.  Bugfix on 0.2.0.1-alpha.
 2017-02-07 09:48:13 -05:00
Nick Mathewson 5446cb8d3d Revert "Add hidserv-stats filname to our sandbox filter" 
Reverting this in 0.2.6 only -- we're no backporting
seccomp2-loosening fixes to 0.2.6.

This reverts commit 2ec5e24c58.
 2017-02-07 09:28:50 -05:00
Nick Mathewson c6f2ae514e Merge branch 'maint-0.2.5' into maint-0.2.6 2017-02-07 09:18:54 -05:00
Nick Mathewson b9ef21cf56 Merge branch 'maint-0.2.4' into maint-0.2.5 2017-02-07 09:17:59 -05:00
Nick Mathewson e4a42242ea Backport the tonga->bifroest move to 0.2.4. 
This is a backport of 19728 and 19690
 2017-02-07 09:15:21 -05:00
Nick Mathewson e6965f78b8 Merge branch 'maint-0.2.5' into maint-0.2.6 2017-02-07 08:54:54 -05:00
Nick Mathewson 6b37512dc7 Merge branch 'maint-0.2.4' into maint-0.2.5 2017-02-07 08:54:47 -05:00
Nick Mathewson d6eae78e29 Merge remote-tracking branch 'public/bug19152_024_v2' into maint-0.2.4 2017-02-07 08:47:11 -05:00
Nick Mathewson 8936c50d83 Merge branch 'maint-0.2.5' into maint-0.2.6 2017-02-07 08:39:07 -05:00
Nick Mathewson 05ec055c41 Merge branch 'maint-0.2.4' into maint-0.2.5 2017-02-07 08:38:59 -05:00
Nick Mathewson 51675f97d3 Merge remote-tracking branch 'public/bug17404_024' into maint-0.2.4 2017-02-07 08:37:07 -05:00
Nick Mathewson da0d5ad983 Merge branch 'maint-0.2.5' into maint-0.2.6 2017-02-07 08:34:37 -05:00
Nick Mathewson 332543baed Merge branch 'maint-0.2.4' into maint-0.2.5 2017-02-07 08:34:08 -05:00
Nick Mathewson 6cb8c0fd4e Refine the memwipe() arguments check for 18089 a little more. 
We still silently ignore
     memwipe(NULL, ch, 0);
and
     memwipe(ptr, ch, 0);  /* for ptr != NULL */

But we now assert on:
     memwipe(NULL, ch, 30);
 2017-02-07 08:33:51 -05:00
teor (Tim Wilson-Brown) fb7d1f41b4 Make memwipe() do nothing when passed a NULL pointer or zero size 
Check size argument to memwipe() for underflow.

Closes bug #18089. Reported by "gk", patch by "teor".
Bugfix on 0.2.3.25 and 0.2.4.6-alpha (#7352),
commit 49dd5ef3 on 7 Nov 2012.
 2017-02-07 08:33:39 -05:00
Nick Mathewson 640b402232 Merge branch 'maint-0.2.4' into maint-0.2.5 2017-02-07 08:32:10 -05:00
John Brooks 053e11f397 Fix out-of-bounds read in INTRODUCE2 client auth 
The length of auth_data from an INTRODUCE2 cell is checked when the
auth_type is recognized (1 or 2), but not for any other non-zero
auth_type. Later, auth_data is assumed to have at least
REND_DESC_COOKIE_LEN bytes, leading to a client-triggered out of bounds
read.

Fixed by checking auth_len before comparing the descriptor cookie
against known clients.

Fixes #15823; bugfix on 0.2.1.6-alpha.
 2017-02-07 08:31:37 -05:00
Nick Mathewson 54771bcaba Merge branch 'maint-0.2.5' into maint-0.2.6 2017-01-11 09:12:21 -05:00
Nick Mathewson 34fdd510ef Merge branch 'maint-0.2.4' into maint-0.2.5 2017-01-11 09:11:58 -05:00
Karsten Loesing 3833f67dd2 Update geoip and geoip6 to the January 4 2017 database. 2017-01-04 10:19:52 +01:00
Nick Mathewson b6227edae1 Add a one-word sentinel value of 0x0 at the end of each buf_t chunk 
This helps protect against bugs where any part of a buf_t's memory
is passed to a function that expects a NUL-terminated input.

It also closes TROVE-2016-10-001 (aka bug 20384).
 2016-12-20 18:22:53 -05:00
Nick Mathewson 746c51b613 Merge branch 'maint-0.2.5' into maint-0.2.6 
("ours" merge because there is a separate 20384 patch for 026)
 2016-12-20 18:22:27 -05:00
Nick Mathewson 39ef343523 Add a one-word sentinel value of 0x0 at the end of each buf_t chunk 
This helps protect against bugs where any part of a buf_t's memory
is passed to a function that expects a NUL-terminated input.
 2016-12-20 18:20:01 -05:00