Compare commits
72 Commits
tor-0.3.4.
...
master
Author | SHA1 | Date |
---|---|---|
Nick Mathewson | f399887cfe | |
Nick Mathewson | 307008e869 | |
Nick Mathewson | a141127435 | |
Nick Mathewson | aef0607f38 | |
Nick Mathewson | dd63033fcb | |
Nick Mathewson | c27bb4072c | |
Nick Mathewson | 1ef8023e00 | |
rl1987 | 719b5c1d27 | |
Nick Mathewson | 3716ddf1b4 | |
Nick Mathewson | 9f884a38e3 | |
Nick Mathewson | f15f90e2ca | |
Mike Perry | fe5764012a | |
Nick Mathewson | 00e150a0e4 | |
David Goulet | 66e76066e0 | |
rl1987 | f8d549db7b | |
Mike Perry | 2b734944af | |
Mike Perry | 93ee227e18 | |
Nick Mathewson | d7bbfd0f62 | |
Nick Mathewson | aff49cc52d | |
Nick Mathewson | fa1890e97f | |
Nick Mathewson | 3f3739c6e0 | |
Nick Mathewson | f48fb8a720 | |
Nick Mathewson | f42739e746 | |
Nick Mathewson | 0ef432d457 | |
Nick Mathewson | c000763f1e | |
Nick Mathewson | c380562aed | |
Nick Mathewson | aeb4be1d5a | |
Nick Mathewson | 7fb941e9f2 | |
Nick Mathewson | 36a107855b | |
Nick Mathewson | ff27b7ce60 | |
Roger Dingledine | 68680a2391 | |
Nick Mathewson | c5c227e140 | |
Nick Mathewson | e185cac6f6 | |
Roger Dingledine | 5b1f330766 | |
Roger Dingledine | 123f8a18f2 | |
Nick Mathewson | 38f8b3c63d | |
Nick Mathewson | 80d673ccea | |
Nick Mathewson | 7483aef896 | |
Nick Mathewson | cde5c9d0c3 | |
Nick Mathewson | a5d4ce2b39 | |
Nick Mathewson | b858f576c3 | |
Nick Mathewson | 6e8e005b53 | |
Nick Mathewson | 240bb17714 | |
Nick Mathewson | 740b8bb79c | |
Nick Mathewson | 074b182baa | |
Nick Mathewson | a789578889 | |
Nick Mathewson | 1afdb5b6cc | |
Nick Mathewson | 6442417fde | |
Nick Mathewson | e5541996b7 | |
Isis Lovecruft | 3283619acf | |
Isis Lovecruft | 701c2b69f5 | |
Isis Lovecruft | 056be68b1b | |
Isis Lovecruft | 569b4e57e2 | |
Nick Mathewson | a3a8d80beb | |
Nick Mathewson | d2bc019053 | |
Nick Mathewson | bc2d6876b3 | |
Isis Lovecruft | b681438daf | |
Isis Lovecruft | eb96692842 | |
Nick Mathewson | 48d752407b | |
Nick Mathewson | e053c71e3e | |
Nick Mathewson | 0c81bdc9ef | |
Nick Mathewson | 406366c540 | |
Nick Mathewson | add00045aa | |
Nick Mathewson | 87a7748a84 | |
Nick Mathewson | d2aefffe2f | |
Nick Mathewson | 3d12663243 | |
Nick Mathewson | 459ab3650c | |
Nick Mathewson | 943291d7ae | |
Nick Mathewson | 3b42b14979 | |
Nick Mathewson | ddc3eb20b7 | |
Nick Mathewson | 881f7157f6 | |
Nick Mathewson | db94d7fed2 |
|
@ -0,0 +1,62 @@
|
|||
version: 1.0.{build}
|
||||
|
||||
clone_depth: 50
|
||||
|
||||
environment:
|
||||
compiler: mingw
|
||||
|
||||
matrix:
|
||||
- target: i686-w64-mingw32
|
||||
compiler_path: mingw32
|
||||
openssl_path: /c/OpenSSL-Win32
|
||||
- target: x86_64-w64-mingw32
|
||||
compiler_path: mingw64
|
||||
openssl_path: /c/OpenSSL-Win64
|
||||
|
||||
install:
|
||||
- ps: >-
|
||||
Function Execute-Command ($commandPath)
|
||||
{
|
||||
& $commandPath $args 2>&1
|
||||
if ( $LastExitCode -ne 0 ) {
|
||||
$host.SetShouldExit( $LastExitCode )
|
||||
}
|
||||
}
|
||||
Function Execute-Bash ()
|
||||
{
|
||||
Execute-Command 'c:\msys64\usr\bin\bash' '-e' '-c' $args
|
||||
}
|
||||
Execute-Command "C:\msys64\usr\bin\pacman" -Sy --noconfirm openssl-devel openssl libevent-devel libevent mingw-w64-i686-libevent mingw-w64-x86_64-libevent mingw-w64-i686-openssl mingw-w64-x86_64-openssl mingw-w64-i686-zstd mingw-w64-x86_64-zstd
|
||||
|
||||
build_script:
|
||||
- ps: >-
|
||||
if ($env:compiler -eq "mingw") {
|
||||
$oldpath = ${env:Path} -split ';'
|
||||
$buildpath = @("C:\msys64\${env:compiler_path}\bin", "C:\msys64\usr\bin") + $oldpath
|
||||
$env:Path = @($buildpath) -join ';'
|
||||
$env:build = @("${env:APPVEYOR_BUILD_FOLDER}", $env:target) -join '\'
|
||||
Set-Location "${env:APPVEYOR_BUILD_FOLDER}"
|
||||
Execute-Bash 'autoreconf -i'
|
||||
mkdir "${env:build}"
|
||||
Set-Location "${env:build}"
|
||||
Execute-Bash "../configure --prefix=/${env:compiler_path} --build=${env:target} --host=${env:target} --disable-asciidoc --enable-fatal-warnings --with-openssl-dir=${env:openssl_path}"
|
||||
Execute-Bash "V=1 make -j2"
|
||||
Execute-Bash "V=1 make -j2 install"
|
||||
}
|
||||
|
||||
test_script:
|
||||
- ps: >-
|
||||
if ($env:compiler -eq "mingw") {
|
||||
$oldpath = ${env:Path} -split ';'
|
||||
$buildpath = @("C:\msys64\${env:compiler_path}\bin") + $oldpath
|
||||
$env:Path = $buildpath -join ';'
|
||||
Set-Location "${env:build}"
|
||||
Execute-Bash "VERBOSE=1 make -j2 check"
|
||||
}
|
||||
|
||||
on_success:
|
||||
- cmd: C:\Python27\python.exe %APPVEYOR_BUILD_FOLDER%\scripts\test\appveyor-irc-notify.py irc.oftc.net:6697 tor-ci success
|
||||
|
||||
on_failure:
|
||||
- cmd: C:\Python27\python.exe %APPVEYOR_BUILD_FOLDER%\scripts\test\appveyor-irc-notify.py irc.oftc.net:6697 tor-ci failure
|
||||
|
677
ChangeLog
677
ChangeLog
|
@ -1,3 +1,102 @@
|
|||
Changes in version 0.3.3.6 - 2018-05-22
|
||||
Tor 0.3.3.6 is the first stable release in the 0.3.3 series. It
|
||||
backports several important fixes from the 0.3.4.1-alpha.
|
||||
|
||||
The Tor 0.3.3 series includes controller support and other
|
||||
improvements for v3 onion services, official support for embedding Tor
|
||||
within other applications, and our first non-trivial module written in
|
||||
the Rust programming language. (Rust is still not enabled by default
|
||||
when building Tor.) And as usual, there are numerous other smaller
|
||||
bugfixes, features, and improvements.
|
||||
|
||||
Below are the changes since 0.3.3.5-rc. For a list of all changes
|
||||
since 0.3.2.10, see the ReleaseNotes file.
|
||||
|
||||
o Major bugfixes (directory authorities, security, backport from 0.3.4.1-alpha):
|
||||
- When directory authorities read a zero-byte bandwidth file, they
|
||||
would previously log a warning with the contents of an
|
||||
uninitialised buffer. They now log a warning about the empty file
|
||||
instead. Fixes bug 26007; bugfix on 0.2.2.1-alpha.
|
||||
|
||||
o Major bugfixes (security, directory authority, denial-of-service):
|
||||
- Fix a bug that could have allowed an attacker to force a directory
|
||||
authority to use up all its RAM by passing it a maliciously
|
||||
crafted protocol versions string. Fixes bug 25517; bugfix on
|
||||
0.2.9.4-alpha. This issue is also tracked as TROVE-2018-005.
|
||||
|
||||
o Major bugfixes (crash, backport from 0.3.4.1-alpha):
|
||||
- Avoid a rare assertion failure in the circuit build timeout code
|
||||
if we fail to allow any circuits to actually complete. Fixes bug
|
||||
25733; bugfix on 0.2.2.2-alpha.
|
||||
|
||||
o Major bugfixes (directory authorities, backport from 0.3.4.1-alpha):
|
||||
- Avoid a crash when testing router reachability on a router that
|
||||
could have an ed25519 ID, but which does not. Fixes bug 25415;
|
||||
bugfix on 0.3.3.2-alpha.
|
||||
|
||||
o Major bugfixes (onion service, backport from 0.3.4.1-alpha):
|
||||
- Correctly detect when onion services get disabled after HUP. Fixes
|
||||
bug 25761; bugfix on 0.3.2.1.
|
||||
|
||||
o Major bugfixes (relay, denial of service, backport from 0.3.4.1-alpha):
|
||||
- Impose a limit on circuit cell queue size. The limit can be
|
||||
controlled by a consensus parameter. Fixes bug 25226; bugfix
|
||||
on 0.2.4.14-alpha.
|
||||
|
||||
o Minor features (compatibility, backport from 0.3.4.1-alpha):
|
||||
- Avoid some compilation warnings with recent versions of LibreSSL.
|
||||
Closes ticket 26006.
|
||||
|
||||
o Minor features (continuous integration, backport from 0.3.4.1-alpha):
|
||||
- Our .travis.yml configuration now includes support for testing the
|
||||
results of "make distcheck". (It's not uncommon for "make check"
|
||||
to pass but "make distcheck" to fail.) Closes ticket 25814.
|
||||
- Our Travis CI configuration now integrates with the Coveralls
|
||||
coverage analysis tool. Closes ticket 25818.
|
||||
|
||||
o Minor features (geoip):
|
||||
- Update geoip and geoip6 to the May 1 2018 Maxmind GeoLite2 Country
|
||||
database. Closes ticket 26104.
|
||||
|
||||
o Minor bugfixes (client, backport from 0.3.4.1-alpha):
|
||||
- Don't consider Tor running as a client if the ControlPort is open,
|
||||
but no actual client ports are open. Fixes bug 26062; bugfix
|
||||
on 0.2.9.4-alpha.
|
||||
|
||||
o Minor bugfixes (correctness, client, backport from 0.3.4.1-alpha):
|
||||
- Upon receiving a malformed connected cell, stop processing the
|
||||
cell immediately. Previously we would mark the connection for
|
||||
close, but continue processing the cell as if the connection were
|
||||
open. Fixes bug 26072; bugfix on 0.2.4.7-alpha.
|
||||
|
||||
o Minor bugfixes (documentation, backport from 0.3.4.1-alpha):
|
||||
- Stop saying in the manual that clients cache ipv4 dns answers from
|
||||
exit relays. We haven't used them since 0.2.6.3-alpha, and in
|
||||
ticket 24050 we stopped even caching them as of 0.3.2.6-alpha, but
|
||||
we forgot to say so in the man page. Fixes bug 26052; bugfix
|
||||
on 0.3.2.6-alpha.
|
||||
|
||||
o Minor bugfixes (Linux seccomp2 sandbox, backport from 0.3.4.1-alpha):
|
||||
- Allow the nanosleep() system call, which glibc uses to implement
|
||||
sleep() and usleep(). Fixes bug 24969; bugfix on 0.2.5.1-alpha.
|
||||
|
||||
o Minor bugfixes (onion service, backport from 0.3.4.1-alpha):
|
||||
- Fix a memory leak when a v3 onion service is configured and gets a
|
||||
SIGHUP signal. Fixes bug 25901; bugfix on 0.3.2.1-alpha.
|
||||
- When parsing the descriptor signature, look for the token plus an
|
||||
extra white-space at the end. This is more correct but also will
|
||||
allow us to support new fields that might start with "signature".
|
||||
Fixes bug 26069; bugfix on 0.3.0.1-alpha.
|
||||
|
||||
o Minor bugfixes (relay, crash, backport from 0.3.4.1-alpha):
|
||||
- Avoid a crash when running with DirPort set but ORPort tuned off.
|
||||
Fixes a case of bug 23693; bugfix on 0.3.1.1-alpha.
|
||||
|
||||
o Documentation (backport from 0.3.4.1-alpha):
|
||||
- Correct an IPv6 error in the documentation for ExitPolicy. Closes
|
||||
ticket 25857. Patch from "CTassisF".
|
||||
|
||||
|
||||
Changes in version 0.3.4.1-alpha - 2018-05-17
|
||||
Tor 0.3.4.1-alpha is the first release in the 0.3.4.x series. It
|
||||
includes refactoring to begin reducing Tor's binary size and idle CPU
|
||||
|
@ -226,6 +325,12 @@ Changes in version 0.3.4.1-alpha - 2018-05-17
|
|||
counting bug when STREAM_BW events were enabled. Fixes bug 25400;
|
||||
bugfix on 0.2.5.2-alpha.
|
||||
|
||||
o Minor bugfixes (correctness, client):
|
||||
- Upon receiving a malformed connected cell, stop processing the cell
|
||||
immediately. Previously we would mark the connection for close, but
|
||||
continue processing the cell as if the connection were open. Fixes bug
|
||||
26072; bugfix on 0.2.4.7-alpha.
|
||||
|
||||
o Minor bugfixes (directory client):
|
||||
- When unverified-consensus is verified, rename it to cached-
|
||||
consenus. Fixes bug 4187; bugfix on 0.2.0.3-alpha.
|
||||
|
@ -507,7 +612,7 @@ Changes in version 0.3.3.5-rc - 2018-04-15
|
|||
- Revert a misformatting issue in the ExitPolicy documentation.
|
||||
Fixes bug 25582; bugfix on 0.3.3.1-alpha.
|
||||
|
||||
o Minor bugfixes (exit node DNS retries):
|
||||
o Minor bugfixes (exit relay DNS retries):
|
||||
- Re-attempt timed-out DNS queries 3 times before failure, since our
|
||||
timeout is 5 seconds for them, but clients wait 10-15. Also allow
|
||||
slightly more timeouts per resolver when an exit has multiple
|
||||
|
@ -534,7 +639,7 @@ Changes in version 0.3.3.5-rc - 2018-04-15
|
|||
Changes in version 0.3.3.4-alpha - 2018-03-29
|
||||
Tor 0.3.3.4-alpha includes various bugfixes for issues found during
|
||||
the alpha testing of earlier releases in its series. We are
|
||||
approaching a stable 0.3.3 release: more testing is welcome!
|
||||
approaching a stable 0.3.3.4-alpha release: more testing is welcome!
|
||||
|
||||
o New system requirements:
|
||||
- When built with Rust, Tor now depends on version 0.2.39 of the
|
||||
|
@ -579,15 +684,17 @@ Changes in version 0.3.3.4-alpha - 2018-03-29
|
|||
circuit from the controller to become a multihop circuit. Fixes
|
||||
bug 24903; bugfix on 0.2.5.2-alpha.
|
||||
|
||||
o Minor bugfixes (networking):
|
||||
o Major bugfixes (networking):
|
||||
- Tor will no longer reject IPv6 address strings from Tor Browser
|
||||
when they are passed as hostnames in SOCKS5 requests. Fixes bug
|
||||
25036, bugfix on Tor 0.3.1.2.
|
||||
|
||||
o Minor bugfixes (networking):
|
||||
- string_is_valid_hostname() will not consider IP strings to be
|
||||
valid hostnames. Fixes bug 25055; bugfix on Tor 0.2.5.5.
|
||||
|
||||
o Minor bugfixes (onion service v3):
|
||||
- Avoid an assertion failure when the next the next onion service
|
||||
- Avoid an assertion failure when the next onion service
|
||||
descriptor rotation type is out of sync with the consensus's
|
||||
valid-after time. Instead, log a warning message with extra
|
||||
information, so we can better hunt down the cause of this
|
||||
|
@ -627,265 +734,6 @@ Changes in version 0.3.3.4-alpha - 2018-03-29
|
|||
logging domains. Closes ticket 25378.
|
||||
|
||||
|
||||
Changes in version 0.3.3.3-alpha - 2018-03-03
|
||||
Tor 0.3.3.3-alpha is the third alpha release for the 0.3.3.x series.
|
||||
It includes an important security fix for a remote crash attack
|
||||
against directory authorities tracked as TROVE-2018-001.
|
||||
|
||||
Additionally, with this release, we are upgrading the severity of a
|
||||
bug fixed in 0.3.3.2-alpha. Bug 24700, which was fixed in
|
||||
0.3.3.2-alpha, can be remotely triggered in order to crash relays with
|
||||
a use-after-free pattern. As such, we are now tracking that bug as
|
||||
TROVE-2018-002 and CVE-2018-0491. This bug affected versions
|
||||
0.3.2.1-alpha through 0.3.2.9, as well as 0.3.3.1-alpha.
|
||||
|
||||
This release also fixes several minor bugs and annoyances from
|
||||
earlier releases.
|
||||
|
||||
Relays running 0.3.2.x should upgrade to one of the versions released
|
||||
today, for the fix to TROVE-2018-002. Directory authorities should
|
||||
also upgrade. (Relays on earlier versions might want to update too for
|
||||
the DoS mitigations.)
|
||||
|
||||
o Major bugfixes (denial-of-service, directory authority):
|
||||
- Fix a protocol-list handling bug that could be used to remotely crash
|
||||
directory authorities with a null-pointer exception. Fixes bug 25074;
|
||||
bugfix on 0.2.9.4-alpha. Also tracked as TROVE-2018-001 and
|
||||
CVE-2018-0490.
|
||||
|
||||
o Minor features (compatibility, OpenSSL):
|
||||
- Tor will now support TLS1.3 once OpenSSL 1.1.1 is released.
|
||||
Previous versions of Tor would not have worked with OpenSSL 1.1.1,
|
||||
since they neither disabled TLS 1.3 nor enabled any of the
|
||||
ciphersuites it requires. Now we enable the TLS 1.3 ciphersuites.
|
||||
Closes ticket 24978.
|
||||
|
||||
o Minor features (logging):
|
||||
- Clarify the log messages produced when getrandom() or a related
|
||||
entropy-generation mechanism gives an error. Closes ticket 25120.
|
||||
|
||||
o Minor features (testing):
|
||||
- Add a "make test-rust" target to run the rust tests only. Closes
|
||||
ticket 25071.
|
||||
|
||||
o Minor bugfixes (denial-of-service):
|
||||
- Fix a possible crash on malformed consensus. If a consensus had
|
||||
contained an unparseable protocol line, it could have made clients
|
||||
and relays crash with a null-pointer exception. To exploit this
|
||||
issue, however, an attacker would need to be able to subvert the
|
||||
directory authority system. Fixes bug 25251; bugfix on
|
||||
0.2.9.4-alpha. Also tracked as TROVE-2018-004.
|
||||
|
||||
o Minor bugfixes (DoS mitigation):
|
||||
- Add extra safety checks when refilling the circuit creation bucket
|
||||
to ensure we never set a value above the allowed maximum burst.
|
||||
Fixes bug 25202; bugfix on 0.3.3.2-alpha.
|
||||
- When a new consensus arrives, don't update our DoS-mitigation
|
||||
parameters if we aren't a public relay. Fixes bug 25223; bugfix
|
||||
on 0.3.3.2-alpha.
|
||||
|
||||
o Minor bugfixes (man page, SocksPort):
|
||||
- Remove dead code from the old "SocksSocket" option, and rename
|
||||
SocksSocketsGroupWritable to UnixSocksGroupWritable. The old option
|
||||
still works, but is deprecated. Fixes bug 24343; bugfix on 0.2.6.3.
|
||||
|
||||
o Minor bugfixes (performance):
|
||||
- Reduce the number of circuits that will be opened at once during
|
||||
the circuit build timeout phase. This is done by increasing the
|
||||
idle timeout to 3 minutes, and lowering the maximum number of
|
||||
concurrent learning circuits to 10. Fixes bug 24769; bugfix
|
||||
on 0.3.1.1-alpha.
|
||||
|
||||
o Minor bugfixes (spec conformance):
|
||||
- Forbid "-0" as a protocol version. Fixes part of bug 25249; bugfix on
|
||||
0.2.9.4-alpha.
|
||||
- Forbid UINT32_MAX as a protocol version. Fixes part of bug 25249;
|
||||
bugfix on 0.2.9.4-alpha.
|
||||
|
||||
o Minor bugfixes (spec conformance, rust):
|
||||
- Resolve a denial-of-service issue caused by an infinite loop in
|
||||
the rust protover code. Fixes bug 25250, bugfix on 0.3.3.1-alpha.
|
||||
Also tracked as TROVE-2018-003.
|
||||
|
||||
o Code simplification and refactoring:
|
||||
- Update the "rust dependencies" submodule to be a project-level
|
||||
repository, rather than a user repository. Closes ticket 25323.
|
||||
|
||||
|
||||
Changes in version 0.3.2.10 - 2018-03-03
|
||||
Tor 0.3.2.10 is the second stable release in the 0.3.2 series. It
|
||||
backports a number of bugfixes, including important fixes for security
|
||||
issues.
|
||||
|
||||
It includes an important security fix for a remote crash attack
|
||||
against directory authorities, tracked as TROVE-2018-001.
|
||||
|
||||
Additionally, it backports a fix for a bug whose severity we have
|
||||
upgraded: Bug 24700, which was fixed in 0.3.3.2-alpha, can be remotely
|
||||
triggered in order to crash relays with a use-after-free pattern. As
|
||||
such, we are now tracking that bug as TROVE-2018-002 and
|
||||
CVE-2018-0491, and backporting it to earlier releases. This bug
|
||||
affected versions 0.3.2.1-alpha through 0.3.2.9, as well as version
|
||||
0.3.3.1-alpha.
|
||||
|
||||
This release also backports our new system for improved resistance to
|
||||
denial-of-service attacks against relays.
|
||||
|
||||
This release also fixes several minor bugs and annoyances from
|
||||
earlier releases.
|
||||
|
||||
Relays running 0.3.2.x SHOULD upgrade to one of the versions released
|
||||
today, for the fix to TROVE-2018-002. Directory authorities should
|
||||
also upgrade. (Relays on earlier versions might want to update too for
|
||||
the DoS mitigations.)
|
||||
|
||||
o Major bugfixes (denial-of-service, directory authority, backport from 0.3.3.3-alpha):
|
||||
- Fix a protocol-list handling bug that could be used to remotely crash
|
||||
directory authorities with a null-pointer exception. Fixes bug 25074;
|
||||
bugfix on 0.2.9.4-alpha. Also tracked as TROVE-2018-001 and
|
||||
CVE-2018-0490.
|
||||
|
||||
o Major bugfixes (scheduler, KIST, denial-of-service, backport from 0.3.3.2-alpha):
|
||||
- Avoid adding the same channel twice in the KIST scheduler pending
|
||||
list, which could lead to remote denial-of-service use-after-free
|
||||
attacks against relays. Fixes bug 24700; bugfix on 0.3.2.1-alpha.
|
||||
|
||||
o Major features (denial-of-service mitigation, backport from 0.3.3.2-alpha):
|
||||
- Give relays some defenses against the recent network overload. We
|
||||
start with three defenses (default parameters in parentheses).
|
||||
First: if a single client address makes too many concurrent
|
||||
connections (>100), hang up on further connections. Second: if a
|
||||
single client address makes circuits too quickly (more than 3 per
|
||||
second, with an allowed burst of 90) while also having too many
|
||||
connections open (3), refuse new create cells for the next while
|
||||
(1-2 hours). Third: if a client asks to establish a rendezvous
|
||||
point to you directly, ignore the request. These defenses can be
|
||||
manually controlled by new torrc options, but relays will also
|
||||
take guidance from consensus parameters, so there's no need to
|
||||
configure anything manually. Implements ticket 24902.
|
||||
|
||||
o Major bugfixes (onion services, retry behavior, backport from 0.3.3.1-alpha):
|
||||
- Fix an "off by 2" error in counting rendezvous failures on the
|
||||
onion service side. While we thought we would stop the rendezvous
|
||||
attempt after one failed circuit, we were actually making three
|
||||
circuit attempts before giving up. Now switch to a default of 2,
|
||||
and allow the consensus parameter "hs_service_max_rdv_failures" to
|
||||
override. Fixes bug 24895; bugfix on 0.0.6.
|
||||
- New-style (v3) onion services now obey the "max rendezvous circuit
|
||||
attempts" logic. Previously they would make as many rendezvous
|
||||
circuit attempts as they could fit in the MAX_REND_TIMEOUT second
|
||||
window before giving up. Fixes bug 24894; bugfix on 0.3.2.1-alpha.
|
||||
|
||||
o Major bugfixes (protocol versions, backport from 0.3.3.2-alpha):
|
||||
- Add Link protocol version 5 to the supported protocols list. Fixes
|
||||
bug 25070; bugfix on 0.3.1.1-alpha.
|
||||
|
||||
o Major bugfixes (relay, backport from 0.3.3.1-alpha):
|
||||
- Fix a set of false positives where relays would consider
|
||||
connections to other relays as being client-only connections (and
|
||||
thus e.g. deserving different link padding schemes) if those
|
||||
relays fell out of the consensus briefly. Now we look only at the
|
||||
initial handshake and whether the connection authenticated as a
|
||||
relay. Fixes bug 24898; bugfix on 0.3.1.1-alpha.
|
||||
|
||||
o Major bugfixes (scheduler, consensus, backport from 0.3.3.2-alpha):
|
||||
- The scheduler subsystem was failing to promptly notice changes in
|
||||
consensus parameters, making it harder to switch schedulers
|
||||
network-wide. Fixes bug 24975; bugfix on 0.3.2.1-alpha.
|
||||
|
||||
o Minor features (denial-of-service avoidance, backport from 0.3.3.2-alpha):
|
||||
- Make our OOM handler aware of the geoip client history cache so it
|
||||
doesn't fill up the memory. This check is important for IPv6 and
|
||||
our DoS mitigation subsystem. Closes ticket 25122.
|
||||
|
||||
o Minor features (compatibility, OpenSSL, backport from 0.3.3.3-alpha):
|
||||
- Tor will now support TLS1.3 once OpenSSL 1.1.1 is released.
|
||||
Previous versions of Tor would not have worked with OpenSSL 1.1.1,
|
||||
since they neither disabled TLS 1.3 nor enabled any of the
|
||||
ciphersuites it requires. Now we enable the TLS 1.3 ciphersuites.
|
||||
Closes ticket 24978.
|
||||
|
||||
o Minor features (geoip):
|
||||
- Update geoip and geoip6 to the February 7 2018 Maxmind GeoLite2
|
||||
Country database.
|
||||
|
||||
o Minor features (logging, diagnostic, backport from 0.3.3.2-alpha):
|
||||
- When logging a failure to check a hidden service's certificate,
|
||||
also log what the problem with the certificate was. Diagnostic
|
||||
for ticket 24972.
|
||||
|
||||
o Minor bugfix (channel connection, backport from 0.3.3.2-alpha):
|
||||
- Use the actual observed address of an incoming relay connection,
|
||||
not the canonical address of the relay from its descriptor, when
|
||||
making decisions about how to handle the incoming connection.
|
||||
Fixes bug 24952; bugfix on 0.2.4.11-alpha. Patch by "ffmancera".
|
||||
|
||||
o Minor bugfixes (denial-of-service, backport from 0.3.3.3-alpha):
|
||||
- Fix a possible crash on malformed consensus. If a consensus had
|
||||
contained an unparseable protocol line, it could have made clients
|
||||
and relays crash with a null-pointer exception. To exploit this
|
||||
issue, however, an attacker would need to be able to subvert the
|
||||
directory authority system. Fixes bug 25251; bugfix on
|
||||
0.2.9.4-alpha. Also tracked as TROVE-2018-004.
|
||||
|
||||
o Minor bugfix (directory authority, backport from 0.3.3.2-alpha):
|
||||
- Directory authorities, when refusing a descriptor from a rejected
|
||||
relay, now explicitly tell the relay (in its logs) to set a valid
|
||||
ContactInfo address and contact the bad-relays@ mailing list.
|
||||
Fixes bug 25170; bugfix on 0.2.9.1.
|
||||
|
||||
o Minor bugfixes (build, rust, backport from 0.3.3.1-alpha):
|
||||
- When building with Rust on OSX, link against libresolv, to work
|
||||
around the issue at https://github.com/rust-lang/rust/issues/46797.
|
||||
Fixes bug 24652; bugfix on 0.3.1.1-alpha.
|
||||
|
||||
o Minor bugfixes (onion services, backport from 0.3.3.2-alpha):
|
||||
- Remove a BUG() statement when a client fetches an onion descriptor
|
||||
that has a lower revision counter than the one in its cache. This
|
||||
can happen in normal circumstances due to HSDir desync. Fixes bug
|
||||
24976; bugfix on 0.3.2.1-alpha.
|
||||
|
||||
o Minor bugfixes (logging, backport from 0.3.3.2-alpha):
|
||||
- Don't treat inability to store a cached consensus object as a bug:
|
||||
it can happen normally when we are out of disk space. Fixes bug
|
||||
24859; bugfix on 0.3.1.1-alpha.
|
||||
|
||||
o Minor bugfixes (performance, fragile-hardening, backport from 0.3.3.1-alpha):
|
||||
- Improve the performance of our consensus-diff application code
|
||||
when Tor is built with the --enable-fragile-hardening option set.
|
||||
Fixes bug 24826; bugfix on 0.3.1.1-alpha.
|
||||
|
||||
o Minor bugfixes (OSX, backport from 0.3.3.1-alpha):
|
||||
- Don't exit the Tor process if setrlimit() fails to change the file
|
||||
limit (which can happen sometimes on some versions of OSX). Fixes
|
||||
bug 21074; bugfix on 0.0.9pre5.
|
||||
|
||||
o Minor bugfixes (spec conformance, backport from 0.3.3.3-alpha):
|
||||
- Forbid "-0" as a protocol version. Fixes part of bug 25249; bugfix on
|
||||
0.2.9.4-alpha.
|
||||
- Forbid UINT32_MAX as a protocol version. Fixes part of bug 25249;
|
||||
bugfix on 0.2.9.4-alpha.
|
||||
|
||||
o Minor bugfixes (testing, backport from 0.3.3.1-alpha):
|
||||
- Fix a memory leak in the scheduler/loop_kist unit test. Fixes bug
|
||||
25005; bugfix on 0.3.2.7-rc.
|
||||
|
||||
o Minor bugfixes (v3 onion services, backport from 0.3.3.2-alpha):
|
||||
- Look at the "HSRend" protocol version, not the "HSDir" protocol
|
||||
version, when deciding whether a consensus entry can support the
|
||||
v3 onion service protocol as a rendezvous point. Fixes bug 25105;
|
||||
bugfix on 0.3.2.1-alpha.
|
||||
|
||||
o Code simplification and refactoring (backport from 0.3.3.3-alpha):
|
||||
- Update the "rust dependencies" submodule to be a project-level
|
||||
repository, rather than a user repository. Closes ticket 25323.
|
||||
|
||||
o Documentation (backport from 0.3.3.1-alpha)
|
||||
- Document that operators who run more than one relay or bridge are
|
||||
expected to set MyFamily and ContactInfo correctly. Closes
|
||||
ticket 24526.
|
||||
|
||||
|
||||
Changes in version 0.3.1.10 - 2018-03-03
|
||||
Tor 0.3.1.10 backports a number of bugfixes, including important fixes for
|
||||
security issues.
|
||||
|
@ -1293,6 +1141,265 @@ Changes in version 0.2.9.15 - 2018-03-03
|
|||
bugfix on 0.2.9.4-alpha.
|
||||
|
||||
|
||||
Changes in version 0.3.2.10 - 2018-03-03
|
||||
Tor 0.3.2.10 is the second stable release in the 0.3.2 series. It
|
||||
backports a number of bugfixes, including important fixes for security
|
||||
issues.
|
||||
|
||||
It includes an important security fix for a remote crash attack
|
||||
against directory authorities, tracked as TROVE-2018-001.
|
||||
|
||||
Additionally, it backports a fix for a bug whose severity we have
|
||||
upgraded: Bug 24700, which was fixed in 0.3.3.2-alpha, can be remotely
|
||||
triggered in order to crash relays with a use-after-free pattern. As
|
||||
such, we are now tracking that bug as TROVE-2018-002 and
|
||||
CVE-2018-0491, and backporting it to earlier releases. This bug
|
||||
affected versions 0.3.2.1-alpha through 0.3.2.9, as well as version
|
||||
0.3.3.1-alpha.
|
||||
|
||||
This release also backports our new system for improved resistance to
|
||||
denial-of-service attacks against relays.
|
||||
|
||||
This release also fixes several minor bugs and annoyances from
|
||||
earlier releases.
|
||||
|
||||
Relays running 0.3.2.x SHOULD upgrade to one of the versions released
|
||||
today, for the fix to TROVE-2018-002. Directory authorities should
|
||||
also upgrade. (Relays on earlier versions might want to update too for
|
||||
the DoS mitigations.)
|
||||
|
||||
o Major bugfixes (denial-of-service, directory authority, backport from 0.3.3.3-alpha):
|
||||
- Fix a protocol-list handling bug that could be used to remotely crash
|
||||
directory authorities with a null-pointer exception. Fixes bug 25074;
|
||||
bugfix on 0.2.9.4-alpha. Also tracked as TROVE-2018-001 and
|
||||
CVE-2018-0490.
|
||||
|
||||
o Major bugfixes (scheduler, KIST, denial-of-service, backport from 0.3.3.2-alpha):
|
||||
- Avoid adding the same channel twice in the KIST scheduler pending
|
||||
list, which could lead to remote denial-of-service use-after-free
|
||||
attacks against relays. Fixes bug 24700; bugfix on 0.3.2.1-alpha.
|
||||
|
||||
o Major features (denial-of-service mitigation, backport from 0.3.3.2-alpha):
|
||||
- Give relays some defenses against the recent network overload. We
|
||||
start with three defenses (default parameters in parentheses).
|
||||
First: if a single client address makes too many concurrent
|
||||
connections (>100), hang up on further connections. Second: if a
|
||||
single client address makes circuits too quickly (more than 3 per
|
||||
second, with an allowed burst of 90) while also having too many
|
||||
connections open (3), refuse new create cells for the next while
|
||||
(1-2 hours). Third: if a client asks to establish a rendezvous
|
||||
point to you directly, ignore the request. These defenses can be
|
||||
manually controlled by new torrc options, but relays will also
|
||||
take guidance from consensus parameters, so there's no need to
|
||||
configure anything manually. Implements ticket 24902.
|
||||
|
||||
o Major bugfixes (onion services, retry behavior, backport from 0.3.3.1-alpha):
|
||||
- Fix an "off by 2" error in counting rendezvous failures on the
|
||||
onion service side. While we thought we would stop the rendezvous
|
||||
attempt after one failed circuit, we were actually making three
|
||||
circuit attempts before giving up. Now switch to a default of 2,
|
||||
and allow the consensus parameter "hs_service_max_rdv_failures" to
|
||||
override. Fixes bug 24895; bugfix on 0.0.6.
|
||||
- New-style (v3) onion services now obey the "max rendezvous circuit
|
||||
attempts" logic. Previously they would make as many rendezvous
|
||||
circuit attempts as they could fit in the MAX_REND_TIMEOUT second
|
||||
window before giving up. Fixes bug 24894; bugfix on 0.3.2.1-alpha.
|
||||
|
||||
o Major bugfixes (protocol versions, backport from 0.3.3.2-alpha):
|
||||
- Add Link protocol version 5 to the supported protocols list. Fixes
|
||||
bug 25070; bugfix on 0.3.1.1-alpha.
|
||||
|
||||
o Major bugfixes (relay, backport from 0.3.3.1-alpha):
|
||||
- Fix a set of false positives where relays would consider
|
||||
connections to other relays as being client-only connections (and
|
||||
thus e.g. deserving different link padding schemes) if those
|
||||
relays fell out of the consensus briefly. Now we look only at the
|
||||
initial handshake and whether the connection authenticated as a
|
||||
relay. Fixes bug 24898; bugfix on 0.3.1.1-alpha.
|
||||
|
||||
o Major bugfixes (scheduler, consensus, backport from 0.3.3.2-alpha):
|
||||
- The scheduler subsystem was failing to promptly notice changes in
|
||||
consensus parameters, making it harder to switch schedulers
|
||||
network-wide. Fixes bug 24975; bugfix on 0.3.2.1-alpha.
|
||||
|
||||
o Minor features (denial-of-service avoidance, backport from 0.3.3.2-alpha):
|
||||
- Make our OOM handler aware of the geoip client history cache so it
|
||||
doesn't fill up the memory. This check is important for IPv6 and
|
||||
our DoS mitigation subsystem. Closes ticket 25122.
|
||||
|
||||
o Minor features (compatibility, OpenSSL, backport from 0.3.3.3-alpha):
|
||||
- Tor will now support TLS1.3 once OpenSSL 1.1.1 is released.
|
||||
Previous versions of Tor would not have worked with OpenSSL 1.1.1,
|
||||
since they neither disabled TLS 1.3 nor enabled any of the
|
||||
ciphersuites it requires. Now we enable the TLS 1.3 ciphersuites.
|
||||
Closes ticket 24978.
|
||||
|
||||
o Minor features (geoip):
|
||||
- Update geoip and geoip6 to the February 7 2018 Maxmind GeoLite2
|
||||
Country database.
|
||||
|
||||
o Minor features (logging, diagnostic, backport from 0.3.3.2-alpha):
|
||||
- When logging a failure to create an onion service's descriptor,
|
||||
also log what the problem with the descriptor was. Diagnostic
|
||||
for ticket 24972.
|
||||
|
||||
o Minor bugfix (channel connection, backport from 0.3.3.2-alpha):
|
||||
- Use the actual observed address of an incoming relay connection,
|
||||
not the canonical address of the relay from its descriptor, when
|
||||
making decisions about how to handle the incoming connection.
|
||||
Fixes bug 24952; bugfix on 0.2.4.11-alpha. Patch by "ffmancera".
|
||||
|
||||
o Minor bugfixes (denial-of-service, backport from 0.3.3.3-alpha):
|
||||
- Fix a possible crash on malformed consensus. If a consensus had
|
||||
contained an unparseable protocol line, it could have made clients
|
||||
and relays crash with a null-pointer exception. To exploit this
|
||||
issue, however, an attacker would need to be able to subvert the
|
||||
directory authority system. Fixes bug 25251; bugfix on
|
||||
0.2.9.4-alpha. Also tracked as TROVE-2018-004.
|
||||
|
||||
o Minor bugfix (directory authority, backport from 0.3.3.2-alpha):
|
||||
- Directory authorities, when refusing a descriptor from a rejected
|
||||
relay, now explicitly tell the relay (in its logs) to set a valid
|
||||
ContactInfo address and contact the bad-relays@ mailing list.
|
||||
Fixes bug 25170; bugfix on 0.2.9.1.
|
||||
|
||||
o Minor bugfixes (build, rust, backport from 0.3.3.1-alpha):
|
||||
- When building with Rust on OSX, link against libresolv, to work
|
||||
around the issue at https://github.com/rust-lang/rust/issues/46797.
|
||||
Fixes bug 24652; bugfix on 0.3.1.1-alpha.
|
||||
|
||||
o Minor bugfixes (onion services, backport from 0.3.3.2-alpha):
|
||||
- Remove a BUG() statement when a client fetches an onion descriptor
|
||||
that has a lower revision counter than the one in its cache. This
|
||||
can happen in normal circumstances due to HSDir desync. Fixes bug
|
||||
24976; bugfix on 0.3.2.1-alpha.
|
||||
|
||||
o Minor bugfixes (logging, backport from 0.3.3.2-alpha):
|
||||
- Don't treat inability to store a cached consensus object as a bug:
|
||||
it can happen normally when we are out of disk space. Fixes bug
|
||||
24859; bugfix on 0.3.1.1-alpha.
|
||||
|
||||
o Minor bugfixes (performance, fragile-hardening, backport from 0.3.3.1-alpha):
|
||||
- Improve the performance of our consensus-diff application code
|
||||
when Tor is built with the --enable-fragile-hardening option set.
|
||||
Fixes bug 24826; bugfix on 0.3.1.1-alpha.
|
||||
|
||||
o Minor bugfixes (OSX, backport from 0.3.3.1-alpha):
|
||||
- Don't exit the Tor process if setrlimit() fails to change the file
|
||||
limit (which can happen sometimes on some versions of OSX). Fixes
|
||||
bug 21074; bugfix on 0.0.9pre5.
|
||||
|
||||
o Minor bugfixes (spec conformance, backport from 0.3.3.3-alpha):
|
||||
- Forbid "-0" as a protocol version. Fixes part of bug 25249; bugfix on
|
||||
0.2.9.4-alpha.
|
||||
- Forbid UINT32_MAX as a protocol version. Fixes part of bug 25249;
|
||||
bugfix on 0.2.9.4-alpha.
|
||||
|
||||
o Minor bugfixes (testing, backport from 0.3.3.1-alpha):
|
||||
- Fix a memory leak in the scheduler/loop_kist unit test. Fixes bug
|
||||
25005; bugfix on 0.3.2.7-rc.
|
||||
|
||||
o Minor bugfixes (v3 onion services, backport from 0.3.3.2-alpha):
|
||||
- Look at the "HSRend" protocol version, not the "HSDir" protocol
|
||||
version, when deciding whether a consensus entry can support the
|
||||
v3 onion service protocol as a rendezvous point. Fixes bug 25105;
|
||||
bugfix on 0.3.2.1-alpha.
|
||||
|
||||
o Code simplification and refactoring (backport from 0.3.3.3-alpha):
|
||||
- Update the "rust dependencies" submodule to be a project-level
|
||||
repository, rather than a user repository. Closes ticket 25323.
|
||||
|
||||
o Documentation (backport from 0.3.3.1-alpha)
|
||||
- Document that operators who run more than one relay or bridge are
|
||||
expected to set MyFamily and ContactInfo correctly. Closes
|
||||
ticket 24526.
|
||||
|
||||
|
||||
Changes in version 0.3.3.3-alpha - 2018-03-03
|
||||
Tor 0.3.3.3-alpha is the third alpha release for the 0.3.3.x series.
|
||||
It includes an important security fix for a remote crash attack
|
||||
against directory authorities tracked as TROVE-2018-001.
|
||||
|
||||
Additionally, with this release, we are upgrading the severity of a
|
||||
bug fixed in 0.3.3.2-alpha. Bug 24700, which was fixed in
|
||||
0.3.3.2-alpha, can be remotely triggered in order to crash relays with
|
||||
a use-after-free pattern. As such, we are now tracking that bug as
|
||||
TROVE-2018-002 and CVE-2018-0491. This bug affected versions
|
||||
0.3.2.1-alpha through 0.3.2.9, as well as 0.3.3.1-alpha.
|
||||
|
||||
This release also fixes several minor bugs and annoyances from
|
||||
earlier releases.
|
||||
|
||||
Relays running 0.3.2.x should upgrade to one of the versions released
|
||||
today, for the fix to TROVE-2018-002. Directory authorities should
|
||||
also upgrade. (Relays on earlier versions might want to update too for
|
||||
the DoS mitigations.)
|
||||
|
||||
o Major bugfixes (denial-of-service, directory authority):
|
||||
- Fix a protocol-list handling bug that could be used to remotely crash
|
||||
directory authorities with a null-pointer exception. Fixes bug 25074;
|
||||
bugfix on 0.2.9.4-alpha. Also tracked as TROVE-2018-001 and
|
||||
CVE-2018-0490.
|
||||
|
||||
o Minor features (compatibility, OpenSSL):
|
||||
- Tor will now support TLS1.3 once OpenSSL 1.1.1 is released.
|
||||
Previous versions of Tor would not have worked with OpenSSL 1.1.1,
|
||||
since they neither disabled TLS 1.3 nor enabled any of the
|
||||
ciphersuites it requires. Now we enable the TLS 1.3 ciphersuites.
|
||||
Closes ticket 24978.
|
||||
|
||||
o Minor features (logging):
|
||||
- Clarify the log messages produced when getrandom() or a related
|
||||
entropy-generation mechanism gives an error. Closes ticket 25120.
|
||||
|
||||
o Minor features (testing):
|
||||
- Add a "make test-rust" target to run the rust tests only. Closes
|
||||
ticket 25071.
|
||||
|
||||
o Minor bugfixes (denial-of-service):
|
||||
- Fix a possible crash on malformed consensus. If a consensus had
|
||||
contained an unparseable protocol line, it could have made clients
|
||||
and relays crash with a null-pointer exception. To exploit this
|
||||
issue, however, an attacker would need to be able to subvert the
|
||||
directory authority system. Fixes bug 25251; bugfix on
|
||||
0.2.9.4-alpha. Also tracked as TROVE-2018-004.
|
||||
|
||||
o Minor bugfixes (DoS mitigation):
|
||||
- Add extra safety checks when refilling the circuit creation bucket
|
||||
to ensure we never set a value above the allowed maximum burst.
|
||||
Fixes bug 25202; bugfix on 0.3.3.2-alpha.
|
||||
- When a new consensus arrives, don't update our DoS-mitigation
|
||||
parameters if we aren't a public relay. Fixes bug 25223; bugfix
|
||||
on 0.3.3.2-alpha.
|
||||
|
||||
o Minor bugfixes (man page, SocksPort):
|
||||
- Remove dead code from the old "SocksSocket" option, and rename
|
||||
SocksSocketsGroupWritable to UnixSocksGroupWritable. The old option
|
||||
still works, but is deprecated. Fixes bug 24343; bugfix on 0.2.6.3.
|
||||
|
||||
o Minor bugfixes (performance):
|
||||
- Reduce the number of circuits that will be opened at once during
|
||||
the circuit build timeout phase. This is done by increasing the
|
||||
idle timeout to 3 minutes, and lowering the maximum number of
|
||||
concurrent learning circuits to 10. Fixes bug 24769; bugfix
|
||||
on 0.3.1.1-alpha.
|
||||
|
||||
o Minor bugfixes (spec conformance):
|
||||
- Forbid "-0" as a protocol version. Fixes part of bug 25249; bugfix on
|
||||
0.2.9.4-alpha.
|
||||
- Forbid UINT32_MAX as a protocol version. Fixes part of bug 25249;
|
||||
bugfix on 0.2.9.4-alpha.
|
||||
|
||||
o Minor bugfixes (spec conformance, rust):
|
||||
- Resolve a denial-of-service issue caused by an infinite loop in
|
||||
the rust protover code. Fixes bug 25250, bugfix on 0.3.3.1-alpha.
|
||||
Also tracked as TROVE-2018-003.
|
||||
|
||||
o Code simplification and refactoring:
|
||||
- Update the "rust dependencies" submodule to be a project-level
|
||||
repository, rather than a user repository. Closes ticket 25323.
|
||||
|
||||
|
||||
Changes in version 0.3.3.2-alpha - 2018-02-10
|
||||
Tor 0.3.3.2-alpha is the second alpha in the 0.3.3.x series. It
|
||||
introduces a mechanism to handle the high loads that many relay
|
||||
|
@ -1466,12 +1573,12 @@ Changes in version 0.3.3.1-alpha - 2018-01-25
|
|||
o Major features (IPv6, directory documents):
|
||||
- Add consensus method 27, which adds IPv6 ORPorts to the microdesc
|
||||
consensus. This information makes it easier for IPv6 clients to
|
||||
bootstrap and choose reachable entry guards. Implements 23826.
|
||||
bootstrap and choose reachable entry guards. Implements ticket 23826.
|
||||
- Add consensus method 28, which removes IPv6 ORPorts from
|
||||
microdescriptors. Now that the consensus contains IPv6 ORPorts,
|
||||
they are redundant in microdescs. This change will be used by Tor
|
||||
clients on 0.2.8.x and later. (That is to say, with all Tor
|
||||
clients having IPv6 bootstrap and guard support.) Implements 23828.
|
||||
microdescriptors. Now that the consensus contains IPv6 ORPorts, they
|
||||
are redundant in microdescs. This change will be used by Tor clients
|
||||
on 0.2.8.x and later. (That is to say, with all Tor clients that
|
||||
have IPv6 bootstrap and guard support.) Implements ticket 23828.
|
||||
- Expand the documentation for AuthDirHasIPv6Connectivity when it is
|
||||
set by different numbers of authorities. Fixes 23870
|
||||
on 0.2.4.1-alpha.
|
||||
|
@ -1501,7 +1608,7 @@ Changes in version 0.3.3.1-alpha - 2018-01-25
|
|||
experience with Rust, and plan future Rust integration work.
|
||||
Implementation by Chelsea Komlo. Closes ticket 22840.
|
||||
|
||||
o Major features (storage, configuration):
|
||||
o Minor features (storage, configuration):
|
||||
- Users can store cached directory documents somewhere other than
|
||||
the DataDirectory by using the CacheDirectory option. Similarly,
|
||||
the storage location for relay's keys can be overridden with the
|
||||
|
@ -1538,10 +1645,10 @@ Changes in version 0.3.3.1-alpha - 2018-01-25
|
|||
o Minor feature (IPv6):
|
||||
- Make IPv6-only clients wait for microdescs for relays, even if we
|
||||
were previously using descriptors (or were using them as a bridge)
|
||||
and have a cached descriptor for them. Implements 23827.
|
||||
and have a cached descriptor for them. Implements ticket 23827.
|
||||
- When a consensus has IPv6 ORPorts, make IPv6-only clients use
|
||||
them, rather than waiting to download microdescriptors.
|
||||
Implements 23827.
|
||||
Implements ticket 23827.
|
||||
|
||||
o Minor features (cleanup):
|
||||
- Tor now deletes the CookieAuthFile and ExtORPortCookieAuthFile
|
||||
|
@ -1555,14 +1662,8 @@ Changes in version 0.3.3.1-alpha - 2018-01-25
|
|||
- Where possible, the tor_free() macro now only evaluates its input
|
||||
once. Part of ticket 24337.
|
||||
- Check that microdesc ed25519 ids are non-zero in
|
||||
node_get_ed25519_id() before returning them. Implements 24001,
|
||||
patch by "aruna1234".
|
||||
|
||||
o Minor features (directory authority):
|
||||
- Make the "Exit" flag assignment only depend on whether the exit
|
||||
policy allows connections to ports 80 and 443. Previously relays
|
||||
would get the Exit flag if they allowed connections to one of
|
||||
these ports and also port 6667. Resolves ticket 23637.
|
||||
node_get_ed25519_id() before returning them. Implements ticket
|
||||
24001, patch by "aruna1234".
|
||||
|
||||
o Minor features (embedding):
|
||||
- Tor can now start with a preauthenticated control connection
|
||||
|
@ -1574,7 +1675,7 @@ Changes in version 0.3.3.1-alpha - 2018-01-25
|
|||
- On most errors that would cause Tor to exit, it now tries to
|
||||
return from the tor_main() function, rather than calling the
|
||||
system exit() function. Most users won't notice a difference here,
|
||||
but it should make a significant for programs that run Tor inside
|
||||
but it should be significant for programs that run Tor inside
|
||||
a separate thread: they should now be able to survive Tor's exit
|
||||
conditions rather than having Tor shut down the entire process.
|
||||
Closes ticket 23848.
|
||||
|
@ -1674,7 +1775,7 @@ Changes in version 0.3.3.1-alpha - 2018-01-25
|
|||
SIO_IDEAL_SEND_BACKLOG_QUERY. Closes ticket 22798. Patch
|
||||
from Vort.
|
||||
|
||||
o Minor features (relay):
|
||||
o Major features (relay):
|
||||
- Implement an option, ReducedExitPolicy, to allow an Tor exit relay
|
||||
operator to use a more reasonable ("reduced") exit policy, rather
|
||||
than the default one. If you want to run an exit node without
|
||||
|
@ -1834,7 +1935,7 @@ Changes in version 0.3.3.1-alpha - 2018-01-25
|
|||
adding very little except for unit test.
|
||||
|
||||
o Code simplification and refactoring (circuit rendezvous):
|
||||
- Split the client-size rendezvous circuit lookup into two
|
||||
- Split the client-side rendezvous circuit lookup into two
|
||||
functions: one that returns only established circuits and another
|
||||
that returns all kinds of circuits. Closes ticket 23459.
|
||||
|
||||
|
@ -3035,7 +3136,7 @@ Changes in version 0.3.2.2-alpha - 2017-09-29
|
|||
include better testing and logging.
|
||||
|
||||
The following comprises the complete list of changes included
|
||||
in tor-0.3.2.2-alpha:
|
||||
in 0.3.2.2-alpha:
|
||||
|
||||
o Major bugfixes (relay, crash, assertion failure):
|
||||
- Fix a timing-based assertion failure that could occur when the
|
||||
|
@ -5643,7 +5744,7 @@ Changes in version 0.3.0.4-rc - 2017-03-01
|
|||
|
||||
o Major bugfixes (hidden service directory v3):
|
||||
- Stop crashing on a failed v3 hidden service descriptor lookup
|
||||
failure. Fixes bug 21471; bugfixes on tor-0.3.0.1-alpha.
|
||||
failure. Fixes bug 21471; bugfixes on 0.3.0.1-alpha.
|
||||
|
||||
o Major bugfixes (parsing):
|
||||
- When parsing a malformed content-length field from an HTTP
|
||||
|
@ -5728,7 +5829,7 @@ Changes in version 0.3.0.4-rc - 2017-03-01
|
|||
|
||||
o Minor bugfixes (testing):
|
||||
- Fix Raspbian build issues related to missing socket errno in
|
||||
test_util.c. Fixes bug 21116; bugfix on tor-0.2.8.2. Patch
|
||||
test_util.c. Fixes bug 21116; bugfix on 0.2.8.2. Patch
|
||||
by "hein".
|
||||
- Rename "make fuzz" to "make test-fuzz-corpora", since it doesn't
|
||||
actually fuzz anything. Fixes bug 21447; bugfix on 0.3.0.3-alpha.
|
||||
|
@ -6362,7 +6463,7 @@ Changes in version 0.3.0.1-alpha - 2016-12-19
|
|||
- When finishing writing a file to disk, if we were about to replace
|
||||
the file with the temporary file created before and we fail to
|
||||
replace it, remove the temporary file so it doesn't stay on disk.
|
||||
Fixes bug 20646; bugfix on tor-0.2.0.7-alpha. Patch by fk.
|
||||
Fixes bug 20646; bugfix on 0.2.0.7-alpha. Patch by fk.
|
||||
|
||||
o Minor bugfixes (Windows):
|
||||
- Check for getpagesize before using it to mmap files. This fixes
|
||||
|
@ -6398,13 +6499,13 @@ Changes in version 0.3.0.1-alpha - 2016-12-19
|
|||
|
||||
o Documentation:
|
||||
- Include the "TBits" unit in Tor's man page. Fixes part of bug
|
||||
20622; bugfix on tor-0.2.5.1-alpha.
|
||||
20622; bugfix on 0.2.5.1-alpha.
|
||||
- Change '1' to 'weight_scale' in consensus bw weights calculation
|
||||
comments, as that is reality. Closes ticket 20273. Patch
|
||||
from pastly.
|
||||
- Correct the value for AuthDirGuardBWGuarantee in the manpage, from
|
||||
250 KBytes to 2 MBytes. Fixes bug 20435; bugfix
|
||||
on tor-0.2.5.6-alpha.
|
||||
on 0.2.5.6-alpha.
|
||||
- Stop the man page from incorrectly stating that HiddenServiceDir
|
||||
must already exist. Fixes 20486.
|
||||
- Clarify that when ClientRejectInternalAddresses is enabled (which
|
||||
|
|
924
ReleaseNotes
924
ReleaseNotes
|
@ -1,179 +1,640 @@
|
|||
This document summarizes new features and bugfixes in each stable release
|
||||
of Tor. If you want to see more detailed descriptions of the changes in
|
||||
each development snapshot, see the ChangeLog file.
|
||||
This document summarizes new features and bugfixes in each stable
|
||||
release of Tor. If you want to see more detailed descriptions of the
|
||||
changes in each development snapshot, see the ChangeLog file.
|
||||
|
||||
Changes in version 0.3.2.10 - 2018-03-03
|
||||
Tor 0.3.2.10 is the second stable release in the 0.3.2 series. It
|
||||
backports a number of bugfixes, including important fixes for security
|
||||
issues.
|
||||
Changes in version 0.3.3.6 - 2018-05-22
|
||||
Tor 0.3.3.6 is the first stable release in the 0.3.3 series. It
|
||||
backports several important fixes from the 0.3.4.1-alpha.
|
||||
|
||||
It includes an important security fix for a remote crash attack
|
||||
against directory authorities, tracked as TROVE-2018-001.
|
||||
The Tor 0.3.3 series includes controller support and other
|
||||
improvements for v3 onion services, official support for embedding Tor
|
||||
within other applications, and our first non-trivial module written in
|
||||
the Rust programming language. (Rust is still not enabled by default
|
||||
when building Tor.) And as usual, there are numerous other smaller
|
||||
bugfixes, features, and improvements.
|
||||
|
||||
Additionally, it backports a fix for a bug whose severity we have
|
||||
upgraded: Bug 24700, which was fixed in 0.3.3.2-alpha, can be remotely
|
||||
triggered in order to crash relays with a use-after-free pattern. As
|
||||
such, we are now tracking that bug as TROVE-2018-002 and
|
||||
CVE-2018-0491, and backporting it to earlier releases. This bug
|
||||
affected versions 0.3.2.1-alpha through 0.3.2.9, as well as version
|
||||
0.3.3.1-alpha.
|
||||
Below are the changes since 0.3.2.10. For a list of only the changes
|
||||
since 0.3.3.5-rc, see the ChangeLog file.
|
||||
|
||||
This release also backports our new system for improved resistance to
|
||||
denial-of-service attacks against relays.
|
||||
o New system requirements:
|
||||
- When built with Rust, Tor now depends on version 0.2.39 of the
|
||||
libc crate. Closes tickets 25310 and 25664.
|
||||
|
||||
This release also fixes several minor bugs and annoyances from
|
||||
earlier releases.
|
||||
o Major features (embedding):
|
||||
- There is now a documented stable API for programs that need to
|
||||
embed Tor. See tor_api.h for full documentation and known bugs.
|
||||
Closes ticket 23684.
|
||||
- Tor now has support for restarting in the same process.
|
||||
Controllers that run Tor using the "tor_api.h" interface can now
|
||||
restart Tor after Tor has exited. This support is incomplete,
|
||||
however: we fixed crash bugs that prevented it from working at
|
||||
all, but many bugs probably remain, including a possibility of
|
||||
security issues. Implements ticket 24581.
|
||||
|
||||
Relays running 0.3.2.x SHOULD upgrade to one of the versions released
|
||||
today, for the fix to TROVE-2018-002. Directory authorities should
|
||||
also upgrade. (Relays on earlier versions might want to update too for
|
||||
the DoS mitigations.)
|
||||
o Major features (IPv6, directory documents):
|
||||
- Add consensus method 27, which adds IPv6 ORPorts to the microdesc
|
||||
consensus. This information makes it easier for IPv6 clients to
|
||||
bootstrap and choose reachable entry guards. Implements
|
||||
ticket 23826.
|
||||
- Add consensus method 28, which removes IPv6 ORPorts from
|
||||
microdescriptors. Now that the consensus contains IPv6 ORPorts,
|
||||
they are redundant in microdescs. This change will be used by Tor
|
||||
clients on 0.2.8.x and later. (That is to say, with all Tor
|
||||
clients that have IPv6 bootstrap and guard support.) Implements
|
||||
ticket 23828.
|
||||
- Expand the documentation for AuthDirHasIPv6Connectivity when it is
|
||||
set by different numbers of authorities. Fixes 23870
|
||||
on 0.2.4.1-alpha.
|
||||
|
||||
o Major bugfixes (denial-of-service, directory authority, backport from 0.3.3.3-alpha):
|
||||
- Fix a protocol-list handling bug that could be used to remotely crash
|
||||
directory authorities with a null-pointer exception. Fixes bug 25074;
|
||||
bugfix on 0.2.9.4-alpha. Also tracked as TROVE-2018-001 and
|
||||
CVE-2018-0490.
|
||||
o Major features (onion service v3, control port):
|
||||
- The control port now supports commands and events for v3 onion
|
||||
services. It is now possible to create ephemeral v3 services using
|
||||
ADD_ONION. Additionally, several events (HS_DESC, HS_DESC_CONTENT,
|
||||
CIRC and CIRC_MINOR) and commands (GETINFO, HSPOST, ADD_ONION and
|
||||
DEL_ONION) have been extended to support v3 onion services. Closes
|
||||
ticket 20699; implements proposal 284.
|
||||
|
||||
o Major bugfixes (scheduler, KIST, denial-of-service, backport from 0.3.3.2-alpha):
|
||||
- Avoid adding the same channel twice in the KIST scheduler pending
|
||||
list, which could lead to remote denial-of-service use-after-free
|
||||
attacks against relays. Fixes bug 24700; bugfix on 0.3.2.1-alpha.
|
||||
o Major features (onion services):
|
||||
- Provide torrc options to pin the second and third hops of onion
|
||||
service circuits to a list of nodes. The option HSLayer2Guards
|
||||
pins the second hop, and the option HSLayer3Guards pins the third
|
||||
hop. These options are for use in conjunction with experiments
|
||||
with "vanguards" for preventing guard enumeration attacks. Closes
|
||||
ticket 13837.
|
||||
- When v3 onion service clients send introduce cells, they now
|
||||
include the IPv6 address of the rendezvous point, if it has one.
|
||||
Current v3 onion services running 0.3.2 ignore IPv6 addresses, but
|
||||
in future Tor versions, IPv6-only v3 single onion services will be
|
||||
able to use IPv6 addresses to connect directly to the rendezvous
|
||||
point. Closes ticket 23577. Patch by Neel Chauhan.
|
||||
|
||||
o Major features (denial-of-service mitigation, backport from 0.3.3.2-alpha):
|
||||
- Give relays some defenses against the recent network overload. We
|
||||
start with three defenses (default parameters in parentheses).
|
||||
First: if a single client address makes too many concurrent
|
||||
connections (>100), hang up on further connections. Second: if a
|
||||
single client address makes circuits too quickly (more than 3 per
|
||||
second, with an allowed burst of 90) while also having too many
|
||||
connections open (3), refuse new create cells for the next while
|
||||
(1-2 hours). Third: if a client asks to establish a rendezvous
|
||||
point to you directly, ignore the request. These defenses can be
|
||||
manually controlled by new torrc options, but relays will also
|
||||
take guidance from consensus parameters, so there's no need to
|
||||
configure anything manually. Implements ticket 24902.
|
||||
o Major features (relay):
|
||||
- Implement an option, ReducedExitPolicy, to allow an Tor exit relay
|
||||
operator to use a more reasonable ("reduced") exit policy, rather
|
||||
than the default one. If you want to run an exit node without
|
||||
thinking too hard about which ports to allow, this one is for you.
|
||||
Closes ticket 13605. Patch from Neel Chauhan.
|
||||
|
||||
o Major bugfixes (onion services, retry behavior, backport from 0.3.3.1-alpha):
|
||||
- Fix an "off by 2" error in counting rendezvous failures on the
|
||||
onion service side. While we thought we would stop the rendezvous
|
||||
attempt after one failed circuit, we were actually making three
|
||||
circuit attempts before giving up. Now switch to a default of 2,
|
||||
and allow the consensus parameter "hs_service_max_rdv_failures" to
|
||||
override. Fixes bug 24895; bugfix on 0.0.6.
|
||||
- New-style (v3) onion services now obey the "max rendezvous circuit
|
||||
attempts" logic. Previously they would make as many rendezvous
|
||||
circuit attempts as they could fit in the MAX_REND_TIMEOUT second
|
||||
window before giving up. Fixes bug 24894; bugfix on 0.3.2.1-alpha.
|
||||
o Major features (rust, portability, experimental):
|
||||
- Tor now ships with an optional implementation of one of its
|
||||
smaller modules (protover.c) in the Rust programming language. To
|
||||
try it out, install a Rust build environment, and configure Tor
|
||||
with "--enable-rust --enable-cargo-online-mode". This should not
|
||||
cause any user-visible changes, but should help us gain more
|
||||
experience with Rust, and plan future Rust integration work.
|
||||
Implementation by Chelsea Komlo. Closes ticket 22840.
|
||||
|
||||
o Major bugfixes (protocol versions, backport from 0.3.3.2-alpha):
|
||||
- Add Link protocol version 5 to the supported protocols list. Fixes
|
||||
bug 25070; bugfix on 0.3.1.1-alpha.
|
||||
o Major bugfixes (directory authorities, security, backport from 0.3.4.1-alpha):
|
||||
- When directory authorities read a zero-byte bandwidth file, they
|
||||
would previously log a warning with the contents of an
|
||||
uninitialised buffer. They now log a warning about the empty file
|
||||
instead. Fixes bug 26007; bugfix on 0.2.2.1-alpha.
|
||||
|
||||
o Major bugfixes (relay, backport from 0.3.3.1-alpha):
|
||||
- Fix a set of false positives where relays would consider
|
||||
connections to other relays as being client-only connections (and
|
||||
thus e.g. deserving different link padding schemes) if those
|
||||
relays fell out of the consensus briefly. Now we look only at the
|
||||
initial handshake and whether the connection authenticated as a
|
||||
relay. Fixes bug 24898; bugfix on 0.3.1.1-alpha.
|
||||
o Major bugfixes (security, directory authority, denial-of-service):
|
||||
- Fix a bug that could have allowed an attacker to force a directory
|
||||
authority to use up all its RAM by passing it a maliciously
|
||||
crafted protocol versions string. Fixes bug 25517; bugfix on
|
||||
0.2.9.4-alpha. This issue is also tracked as TROVE-2018-005.
|
||||
|
||||
o Major bugfixes (scheduler, consensus, backport from 0.3.3.2-alpha):
|
||||
- The scheduler subsystem was failing to promptly notice changes in
|
||||
consensus parameters, making it harder to switch schedulers
|
||||
network-wide. Fixes bug 24975; bugfix on 0.3.2.1-alpha.
|
||||
o Major bugfixes (crash, backport from 0.3.4.1-alpha):
|
||||
- Avoid a rare assertion failure in the circuit build timeout code
|
||||
if we fail to allow any circuits to actually complete. Fixes bug
|
||||
25733; bugfix on 0.2.2.2-alpha.
|
||||
|
||||
o Minor features (denial-of-service avoidance, backport from 0.3.3.2-alpha):
|
||||
- Make our OOM handler aware of the geoip client history cache so it
|
||||
doesn't fill up the memory. This check is important for IPv6 and
|
||||
our DoS mitigation subsystem. Closes ticket 25122.
|
||||
o Major bugfixes (netflow padding):
|
||||
- Stop adding unneeded channel padding right after we finish
|
||||
flushing to a connection that has been trying to flush for many
|
||||
seconds. Instead, treat all partial or complete flushes as
|
||||
activity on the channel, which will defer the time until we need
|
||||
to add padding. This fix should resolve confusing and scary log
|
||||
messages like "Channel padding timeout scheduled 221453ms in the
|
||||
past." Fixes bug 22212; bugfix on 0.3.1.1-alpha.
|
||||
|
||||
o Minor features (compatibility, OpenSSL, backport from 0.3.3.3-alpha):
|
||||
- Tor will now support TLS1.3 once OpenSSL 1.1.1 is released.
|
||||
Previous versions of Tor would not have worked with OpenSSL 1.1.1,
|
||||
since they neither disabled TLS 1.3 nor enabled any of the
|
||||
ciphersuites it requires. Now we enable the TLS 1.3 ciphersuites.
|
||||
Closes ticket 24978.
|
||||
o Major bugfixes (networking):
|
||||
- Tor will no longer reject IPv6 address strings from Tor Browser
|
||||
when they are passed as hostnames in SOCKS5 requests. Fixes bug
|
||||
25036, bugfix on Tor 0.3.1.2.
|
||||
|
||||
o Major bugfixes (onion service, backport from 0.3.4.1-alpha):
|
||||
- Correctly detect when onion services get disabled after HUP. Fixes
|
||||
bug 25761; bugfix on 0.3.2.1.
|
||||
|
||||
o Major bugfixes (performance, load balancing):
|
||||
- Directory authorities no longer vote in favor of the Guard flag
|
||||
for relays without directory support. Starting in Tor
|
||||
0.3.0.1-alpha, clients have been avoiding using such relays in the
|
||||
Guard position, leading to increasingly broken load balancing for
|
||||
the 5%-or-so of Guards that don't advertise directory support.
|
||||
Fixes bug 22310; bugfix on 0.3.0.6.
|
||||
|
||||
o Major bugfixes (relay):
|
||||
- If we have failed to connect to a relay and received a connection
|
||||
refused, timeout, or similar error (at the TCP level), do not try
|
||||
that same address/port again for 60 seconds after the failure has
|
||||
occurred. Fixes bug 24767; bugfix on 0.0.6.
|
||||
|
||||
o Major bugfixes (relay, denial of service, backport from 0.3.4.1-alpha):
|
||||
- Impose a limit on circuit cell queue size. The limit can be
|
||||
controlled by a consensus parameter. Fixes bug 25226; bugfix
|
||||
on 0.2.4.14-alpha.
|
||||
|
||||
o Minor features (cleanup):
|
||||
- Tor now deletes the CookieAuthFile and ExtORPortCookieAuthFile
|
||||
when it stops. Closes ticket 23271.
|
||||
|
||||
o Minor features (compatibility, backport from 0.3.4.1-alpha):
|
||||
- Avoid some compilation warnings with recent versions of LibreSSL.
|
||||
Closes ticket 26006.
|
||||
|
||||
o Minor features (config options):
|
||||
- Change the way the default value for MaxMemInQueues is calculated.
|
||||
We now use 40% of the hardware RAM if the system has 8 GB RAM or
|
||||
more. Otherwise we use the former value of 75%. Closes
|
||||
ticket 24782.
|
||||
|
||||
o Minor features (continuous integration):
|
||||
- Update the Travis CI configuration to use the stable Rust channel,
|
||||
now that we have decided to require that. Closes ticket 25714.
|
||||
|
||||
o Minor features (continuous integration, backport from 0.3.4.1-alpha):
|
||||
- Our .travis.yml configuration now includes support for testing the
|
||||
results of "make distcheck". (It's not uncommon for "make check"
|
||||
to pass but "make distcheck" to fail.) Closes ticket 25814.
|
||||
- Our Travis CI configuration now integrates with the Coveralls
|
||||
coverage analysis tool. Closes ticket 25818.
|
||||
|
||||
o Minor features (defensive programming):
|
||||
- Most of the functions in Tor that free objects have been replaced
|
||||
with macros that free the objects and set the corresponding
|
||||
pointers to NULL. This change should help prevent a large class of
|
||||
dangling pointer bugs. Closes ticket 24337.
|
||||
- Where possible, the tor_free() macro now only evaluates its input
|
||||
once. Part of ticket 24337.
|
||||
- Check that microdesc ed25519 ids are non-zero in
|
||||
node_get_ed25519_id() before returning them. Implements ticket
|
||||
24001, patch by "aruna1234".
|
||||
|
||||
o Minor features (directory authority):
|
||||
- When directory authorities are unable to add signatures to a
|
||||
pending consensus, log the reason why. Closes ticket 24849.
|
||||
|
||||
o Minor features (embedding):
|
||||
- Tor can now start with a preauthenticated control connection
|
||||
created by the process that launched it. This feature is meant for
|
||||
use by programs that want to launch and manage a Tor process
|
||||
without allowing other programs to manage it as well. For more
|
||||
information, see the __OwningControllerFD option documented in
|
||||
control-spec.txt. Closes ticket 23900.
|
||||
- On most errors that would cause Tor to exit, it now tries to
|
||||
return from the tor_main() function, rather than calling the
|
||||
system exit() function. Most users won't notice a difference here,
|
||||
but it should be significant for programs that run Tor inside a
|
||||
separate thread: they should now be able to survive Tor's exit
|
||||
conditions rather than having Tor shut down the entire process.
|
||||
Closes ticket 23848.
|
||||
- Applications that want to embed Tor can now tell Tor not to
|
||||
register any of its own POSIX signal handlers, using the
|
||||
__DisableSignalHandlers option. Closes ticket 24588.
|
||||
|
||||
o Minor features (fallback directory list):
|
||||
- Avoid selecting fallbacks that change their IP addresses too
|
||||
often. Select more fallbacks by ignoring the Guard flag, and
|
||||
allowing lower cutoffs for the Running and V2Dir flags. Also allow
|
||||
a lower bandwidth, and a higher number of fallbacks per operator
|
||||
(5% of the list). Implements ticket 24785.
|
||||
- Update the fallback whitelist and blacklist based on opt-ins and
|
||||
relay changes. Closes tickets 22321, 24678, 22527, 24135,
|
||||
and 24695.
|
||||
|
||||
o Minor features (fallback directory mirror configuration):
|
||||
- Add a nickname to each fallback in a C comment. This makes it
|
||||
easier for operators to find their relays, and allows stem to use
|
||||
nicknames to identify fallbacks. Implements ticket 24600.
|
||||
- Add a type and version header to the fallback directory mirror
|
||||
file. Also add a delimiter to the end of each fallback entry. This
|
||||
helps external parsers like stem and Relay Search. Implements
|
||||
ticket 24725.
|
||||
- Add an extrainfo cache flag for each fallback in a C comment. This
|
||||
allows stem to use fallbacks to fetch extra-info documents, rather
|
||||
than using authorities. Implements ticket 22759.
|
||||
- Add the generateFallbackDirLine.py script for automatically
|
||||
generating fallback directory mirror lines from relay fingerprints.
|
||||
No more typos! Add the lookupFallbackDirContact.py script for
|
||||
automatically looking up operator contact info from relay
|
||||
fingerprints. Implements ticket 24706, patch by teor and atagar.
|
||||
- Reject any fallback directory mirror that serves an expired
|
||||
consensus. Implements ticket 20942, patch by "minik".
|
||||
- Remove commas and equals signs from external string inputs to the
|
||||
fallback list. This avoids format confusion attacks. Implements
|
||||
ticket 24726.
|
||||
- Remove the "weight=10" line from fallback directory mirror
|
||||
entries. Ticket 24681 will maintain the current fallback weights
|
||||
by changing Tor's default fallback weight to 10. Implements
|
||||
ticket 24679.
|
||||
- Stop logging excessive information about fallback netblocks.
|
||||
Implements ticket 24791.
|
||||
|
||||
o Minor features (forward-compatibility):
|
||||
- If a relay supports some link authentication protocol that we do
|
||||
not recognize, then include that relay's ed25519 key when telling
|
||||
other relays to extend to it. Previously, we treated future
|
||||
versions as if they were too old to support ed25519 link
|
||||
authentication. Closes ticket 20895.
|
||||
|
||||
o Minor features (geoip):
|
||||
- Update geoip and geoip6 to the February 7 2018 Maxmind GeoLite2
|
||||
Country database.
|
||||
- Update geoip and geoip6 to the May 1 2018 Maxmind GeoLite2 Country
|
||||
database. Closes ticket 26104.
|
||||
|
||||
o Minor features (logging, diagnostic, backport from 0.3.3.2-alpha):
|
||||
- When logging a failure to check a hidden service's certificate,
|
||||
also log what the problem with the certificate was. Diagnostic
|
||||
for ticket 24972.
|
||||
o Minor features (heartbeat):
|
||||
- Add onion service information to our heartbeat logs, displaying
|
||||
stats about the activity of configured onion services. Closes
|
||||
ticket 24896.
|
||||
|
||||
o Minor bugfix (channel connection, backport from 0.3.3.2-alpha):
|
||||
- Use the actual observed address of an incoming relay connection,
|
||||
not the canonical address of the relay from its descriptor, when
|
||||
making decisions about how to handle the incoming connection.
|
||||
Fixes bug 24952; bugfix on 0.2.4.11-alpha. Patch by "ffmancera".
|
||||
o Minor features (instrumentation, development):
|
||||
- Add the MainloopStats option to allow developers to get
|
||||
instrumentation information from the main event loop via the
|
||||
heartbeat messages. We hope to use this to improve Tor's behavior
|
||||
when it's trying to sleep. Closes ticket 24605.
|
||||
|
||||
o Minor bugfixes (denial-of-service, backport from 0.3.3.3-alpha):
|
||||
- Fix a possible crash on malformed consensus. If a consensus had
|
||||
contained an unparseable protocol line, it could have made clients
|
||||
and relays crash with a null-pointer exception. To exploit this
|
||||
issue, however, an attacker would need to be able to subvert the
|
||||
directory authority system. Fixes bug 25251; bugfix on
|
||||
0.2.9.4-alpha. Also tracked as TROVE-2018-004.
|
||||
o Minor features (IPv6):
|
||||
- Make IPv6-only clients wait for microdescs for relays, even if we
|
||||
were previously using descriptors (or were using them as a bridge)
|
||||
and have a cached descriptor for them. Implements ticket 23827.
|
||||
- When a consensus has IPv6 ORPorts, make IPv6-only clients use
|
||||
them, rather than waiting to download microdescriptors. Implements
|
||||
ticket 23827.
|
||||
|
||||
o Minor bugfix (directory authority, backport from 0.3.3.2-alpha):
|
||||
- Directory authorities, when refusing a descriptor from a rejected
|
||||
relay, now explicitly tell the relay (in its logs) to set a valid
|
||||
ContactInfo address and contact the bad-relays@ mailing list.
|
||||
Fixes bug 25170; bugfix on 0.2.9.1.
|
||||
o Minor features (log messages):
|
||||
- Improve log message in the out-of-memory handler to include
|
||||
information about memory usage from the different compression
|
||||
backends. Closes ticket 25372.
|
||||
- Improve a warning message that happens when we fail to re-parse an
|
||||
old router because of an expired certificate. Closes ticket 20020.
|
||||
- Make the log more quantitative when we hit MaxMemInQueues
|
||||
threshold exposing some values. Closes ticket 24501.
|
||||
|
||||
o Minor bugfixes (build, rust, backport from 0.3.3.1-alpha):
|
||||
- When building with Rust on OSX, link against libresolv, to work
|
||||
around the issue at https://github.com/rust-lang/rust/issues/46797.
|
||||
Fixes bug 24652; bugfix on 0.3.1.1-alpha.
|
||||
o Minor features (logging):
|
||||
- Clarify the log messages produced when getrandom() or a related
|
||||
entropy-generation mechanism gives an error. Closes ticket 25120.
|
||||
- Added support for the Android logging subsystem. Closes
|
||||
ticket 24362.
|
||||
|
||||
o Minor bugfixes (onion services, backport from 0.3.3.2-alpha):
|
||||
- Remove a BUG() statement when a client fetches an onion descriptor
|
||||
that has a lower revision counter than the one in its cache. This
|
||||
can happen in normal circumstances due to HSDir desync. Fixes bug
|
||||
24976; bugfix on 0.3.2.1-alpha.
|
||||
o Minor features (performance):
|
||||
- Support predictive circuit building for onion service circuits
|
||||
with multiple layers of guards. Closes ticket 23101.
|
||||
- Use stdatomic.h where available, rather than mutexes, to implement
|
||||
atomic_counter_t. Closes ticket 23953.
|
||||
|
||||
o Minor bugfixes (logging, backport from 0.3.3.2-alpha):
|
||||
- Don't treat inability to store a cached consensus object as a bug:
|
||||
it can happen normally when we are out of disk space. Fixes bug
|
||||
24859; bugfix on 0.3.1.1-alpha.
|
||||
o Minor features (performance, 32-bit):
|
||||
- Improve performance on 32-bit systems by avoiding 64-bit division
|
||||
when calculating the timestamp in milliseconds for channel padding
|
||||
computations. Implements ticket 24613.
|
||||
- Improve performance on 32-bit systems by avoiding 64-bit division
|
||||
when timestamping cells and buffer chunks for OOM calculations.
|
||||
Implements ticket 24374.
|
||||
|
||||
o Minor bugfixes (performance, fragile-hardening, backport from 0.3.3.1-alpha):
|
||||
- Improve the performance of our consensus-diff application code
|
||||
when Tor is built with the --enable-fragile-hardening option set.
|
||||
Fixes bug 24826; bugfix on 0.3.1.1-alpha.
|
||||
o Minor features (performance, OSX, iOS):
|
||||
- Use the mach_approximate_time() function (when available) to
|
||||
implement coarse monotonic time. Having a coarse time function
|
||||
should avoid a large number of system calls, and improve
|
||||
performance slightly, especially under load. Closes ticket 24427.
|
||||
|
||||
o Minor bugfixes (OSX, backport from 0.3.3.1-alpha):
|
||||
- Don't exit the Tor process if setrlimit() fails to change the file
|
||||
limit (which can happen sometimes on some versions of OSX). Fixes
|
||||
bug 21074; bugfix on 0.0.9pre5.
|
||||
o Minor features (performance, windows):
|
||||
- Improve performance on Windows Vista and Windows 7 by adjusting
|
||||
TCP send window size according to the recommendation from
|
||||
SIO_IDEAL_SEND_BACKLOG_QUERY. Closes ticket 22798. Patch
|
||||
from Vort.
|
||||
|
||||
o Minor bugfixes (spec conformance, backport from 0.3.3.3-alpha):
|
||||
- Forbid "-0" as a protocol version. Fixes part of bug 25249; bugfix on
|
||||
0.2.9.4-alpha.
|
||||
- Forbid UINT32_MAX as a protocol version. Fixes part of bug 25249;
|
||||
bugfix on 0.2.9.4-alpha.
|
||||
o Minor features (sandbox):
|
||||
- Explicitly permit the poll() system call when the Linux
|
||||
seccomp2-based sandbox is enabled: apparently, some versions of
|
||||
libc use poll() when calling getpwnam(). Closes ticket 25313.
|
||||
|
||||
o Minor bugfixes (testing, backport from 0.3.3.1-alpha):
|
||||
- Fix a memory leak in the scheduler/loop_kist unit test. Fixes bug
|
||||
25005; bugfix on 0.3.2.7-rc.
|
||||
o Minor features (storage, configuration):
|
||||
- Users can store cached directory documents somewhere other than
|
||||
the DataDirectory by using the CacheDirectory option. Similarly,
|
||||
the storage location for relay's keys can be overridden with the
|
||||
KeyDirectory option. Closes ticket 22703.
|
||||
|
||||
o Minor bugfixes (v3 onion services, backport from 0.3.3.2-alpha):
|
||||
- Look at the "HSRend" protocol version, not the "HSDir" protocol
|
||||
version, when deciding whether a consensus entry can support the
|
||||
v3 onion service protocol as a rendezvous point. Fixes bug 25105;
|
||||
o Minor features (testing):
|
||||
- Add a "make test-rust" target to run the rust tests only. Closes
|
||||
ticket 25071.
|
||||
|
||||
o Minor features (testing, debugging, embedding):
|
||||
- For development purposes, Tor now has a mode in which it runs for
|
||||
a few seconds, then stops, and starts again without exiting the
|
||||
process. This mode is meant to help us debug various issues with
|
||||
ticket 23847. To use this feature, compile with
|
||||
--enable-restart-debugging, and set the TOR_DEBUG_RESTART
|
||||
environment variable. This is expected to crash a lot, and is
|
||||
really meant for developers only. It will likely be removed in a
|
||||
future release. Implements ticket 24583.
|
||||
|
||||
o Minor bugfixes (build, rust):
|
||||
- Fix output of autoconf checks to display success messages for Rust
|
||||
dependencies and a suitable rustc compiler version. Fixes bug
|
||||
24612; bugfix on 0.3.1.3-alpha.
|
||||
- Don't pass the --quiet option to cargo: it seems to suppress some
|
||||
errors, which is not what we want to do when building. Fixes bug
|
||||
24518; bugfix on 0.3.1.7.
|
||||
- Build correctly when building from outside Tor's source tree with
|
||||
the TOR_RUST_DEPENDENCIES option set. Fixes bug 22768; bugfix
|
||||
on 0.3.1.7.
|
||||
|
||||
o Minor bugfixes (C correctness):
|
||||
- Fix a very unlikely (impossible, we believe) null pointer
|
||||
dereference. Fixes bug 25629; bugfix on 0.2.9.15. Found by
|
||||
Coverity; this is CID 1430932.
|
||||
|
||||
o Minor bugfixes (channel, client):
|
||||
- Better identify client connection when reporting to the geoip
|
||||
client cache. Fixes bug 24904; bugfix on 0.3.1.7.
|
||||
|
||||
o Minor bugfixes (circuit, cannibalization):
|
||||
- Don't cannibalize preemptively-built circuits if we no longer
|
||||
recognize their first hop. This situation can happen if our Guard
|
||||
relay went off the consensus after the circuit was created. Fixes
|
||||
bug 24469; bugfix on 0.0.6.
|
||||
|
||||
o Minor bugfixes (client, backport from 0.3.4.1-alpha):
|
||||
- Don't consider Tor running as a client if the ControlPort is open,
|
||||
but no actual client ports are open. Fixes bug 26062; bugfix
|
||||
on 0.2.9.4-alpha.
|
||||
|
||||
o Minor bugfixes (compilation):
|
||||
- Fix a C99 compliance issue in our configuration script that caused
|
||||
compilation issues when compiling Tor with certain versions of
|
||||
xtools. Fixes bug 25474; bugfix on 0.3.2.5-alpha.
|
||||
|
||||
o Minor bugfixes (controller):
|
||||
- Restore the correct operation of the RESOLVE command, which had
|
||||
been broken since we added the ability to enable/disable DNS on
|
||||
specific listener ports. Fixes bug 25617; bugfix on 0.2.9.3-alpha.
|
||||
- Avoid a (nonfatal) assertion failure when extending a one-hop
|
||||
circuit from the controller to become a multihop circuit. Fixes
|
||||
bug 24903; bugfix on 0.2.5.2-alpha.
|
||||
|
||||
o Minor bugfixes (correctness):
|
||||
- Remove a nonworking, unnecessary check to see whether a circuit
|
||||
hop's identity digest was set when the circuit failed. Fixes bug
|
||||
24927; bugfix on 0.2.4.4-alpha.
|
||||
|
||||
o Minor bugfixes (correctness, client, backport from 0.3.4.1-alpha):
|
||||
- Upon receiving a malformed connected cell, stop processing the
|
||||
cell immediately. Previously we would mark the connection for
|
||||
close, but continue processing the cell as if the connection were
|
||||
open. Fixes bug 26072; bugfix on 0.2.4.7-alpha.
|
||||
|
||||
o Minor bugfixes (directory authorities, IPv6):
|
||||
- When creating a routerstatus (vote) from a routerinfo (descriptor),
|
||||
set the IPv6 address to the unspecified IPv6 address, and
|
||||
explicitly initialize the port to zero. Fixes bug 24488; bugfix
|
||||
on 0.2.4.1-alpha.
|
||||
|
||||
o Minor bugfixes (documentation):
|
||||
- Document that the PerConnBW{Rate,Burst} options will fall back to
|
||||
their corresponding consensus parameters only if those parameters
|
||||
are set. Previously we had claimed that these values would always
|
||||
be set in the consensus. Fixes bug 25296; bugfix on 0.2.2.7-alpha.
|
||||
|
||||
o Minor bugfixes (documentation, backport from 0.3.4.1-alpha):
|
||||
- Stop saying in the manual that clients cache ipv4 dns answers from
|
||||
exit relays. We haven't used them since 0.2.6.3-alpha, and in
|
||||
ticket 24050 we stopped even caching them as of 0.3.2.6-alpha, but
|
||||
we forgot to say so in the man page. Fixes bug 26052; bugfix
|
||||
on 0.3.2.6-alpha.
|
||||
|
||||
o Minor bugfixes (exit relay DNS retries):
|
||||
- Re-attempt timed-out DNS queries 3 times before failure, since our
|
||||
timeout is 5 seconds for them, but clients wait 10-15. Also allow
|
||||
slightly more timeouts per resolver when an exit has multiple
|
||||
resolvers configured. Fixes bug 21394; bugfix on 0.3.1.9.
|
||||
|
||||
o Minor bugfixes (fallback directory mirrors):
|
||||
- Make updateFallbackDirs.py search harder for python. (Some OSs
|
||||
don't put it in /usr/bin.) Fixes bug 24708; bugfix
|
||||
on 0.2.8.1-alpha.
|
||||
|
||||
o Minor bugfixes (hibernation, bandwidth accounting, shutdown):
|
||||
- When hibernating, close connections normally and allow them to
|
||||
flush. Fixes bug 23571; bugfix on 0.2.4.7-alpha. Also fixes
|
||||
bug 7267.
|
||||
- Do not attempt to launch self-reachability tests when entering
|
||||
hibernation. Fixes a case of bug 12062; bugfix on 0.0.9pre5.
|
||||
- Resolve several bugs related to descriptor fetching on bridge
|
||||
clients with bandwidth accounting enabled. (This combination is
|
||||
not recommended!) Fixes a case of bug 12062; bugfix
|
||||
on 0.2.0.3-alpha.
|
||||
- When hibernating, do not attempt to launch DNS checks. Fixes a
|
||||
case of bug 12062; bugfix on 0.1.2.2-alpha.
|
||||
- When hibernating, do not try to upload or download descriptors.
|
||||
Fixes a case of bug 12062; bugfix on 0.0.9pre5.
|
||||
|
||||
o Minor bugfixes (IPv6, bridges):
|
||||
- Tor now always sets IPv6 preferences for bridges. Fixes bug 24573;
|
||||
bugfix on 0.2.8.2-alpha.
|
||||
- Tor now sets IPv6 address in the routerstatus as well as in the
|
||||
router descriptors when updating addresses for a bridge. Closes
|
||||
ticket 24572; bugfix on 0.2.4.5-alpha. Patch by "ffmancera".
|
||||
|
||||
o Minor bugfixes (Linux seccomp2 sandbox):
|
||||
- When running with the sandbox enabled, reload configuration files
|
||||
correctly even when %include was used. Previously we would crash.
|
||||
Fixes bug 22605; bugfix on 0.3.1. Patch from Daniel Pinto.
|
||||
|
||||
o Minor bugfixes (Linux seccomp2 sandbox, backport from 0.3.4.1-alpha):
|
||||
- Allow the nanosleep() system call, which glibc uses to implement
|
||||
sleep() and usleep(). Fixes bug 24969; bugfix on 0.2.5.1-alpha.
|
||||
|
||||
o Minor bugfixes (logging):
|
||||
- Fix a (mostly harmless) race condition when invoking
|
||||
LOG_PROTOCOL_WARN message from a subthread while the torrc options
|
||||
are changing. Fixes bug 23954; bugfix on 0.1.1.9-alpha.
|
||||
|
||||
o Minor bugfixes (man page, SocksPort):
|
||||
- Remove dead code from the old "SocksSocket" option, and rename
|
||||
SocksSocketsGroupWritable to UnixSocksGroupWritable. The old
|
||||
option still works, but is deprecated. Fixes bug 24343; bugfix
|
||||
on 0.2.6.3.
|
||||
|
||||
o Minor bugfixes (memory leaks):
|
||||
- Avoid possible at-exit memory leaks related to use of Libevent's
|
||||
event_base_once() function. (This function tends to leak memory if
|
||||
the event_base is closed before the event fires.) Fixes bug 24584;
|
||||
bugfix on 0.2.8.1-alpha.
|
||||
- Fix a harmless memory leak in tor-resolve. Fixes bug 24582; bugfix
|
||||
on 0.2.1.1-alpha.
|
||||
|
||||
o Minor bugfixes (network IPv6 test):
|
||||
- Tor's test scripts now check if "ping -6 ::1" works when the user
|
||||
runs "make test-network-all". Fixes bug 24677; bugfix on
|
||||
0.2.9.3-alpha. Patch by "ffmancera".
|
||||
|
||||
o Minor bugfixes (networking):
|
||||
- string_is_valid_hostname() will not consider IP strings to be
|
||||
valid hostnames. Fixes bug 25055; bugfix on Tor 0.2.5.5.
|
||||
|
||||
o Minor bugfixes (onion service v3):
|
||||
- Avoid an assertion failure when the next onion service descriptor
|
||||
rotation type is out of sync with the consensus's valid-after
|
||||
time. Instead, log a warning message with extra information, so we
|
||||
can better hunt down the cause of this assertion. Fixes bug 25306;
|
||||
bugfix on 0.3.2.1-alpha.
|
||||
|
||||
o Code simplification and refactoring (backport from 0.3.3.3-alpha):
|
||||
- Update the "rust dependencies" submodule to be a project-level
|
||||
repository, rather than a user repository. Closes ticket 25323.
|
||||
o Minor bugfixes (onion service, backport from 0.3.4.1-alpha):
|
||||
- Fix a memory leak when a v3 onion service is configured and gets a
|
||||
SIGHUP signal. Fixes bug 25901; bugfix on 0.3.2.1-alpha.
|
||||
- When parsing the descriptor signature, look for the token plus an
|
||||
extra white-space at the end. This is more correct but also will
|
||||
allow us to support new fields that might start with "signature".
|
||||
Fixes bug 26069; bugfix on 0.3.0.1-alpha.
|
||||
|
||||
o Documentation (backport from 0.3.3.1-alpha)
|
||||
- Document that operators who run more than one relay or bridge are
|
||||
expected to set MyFamily and ContactInfo correctly. Closes
|
||||
ticket 24526.
|
||||
o Minor bugfixes (onion services):
|
||||
- If we are configured to offer a single onion service, don't log
|
||||
long-term established one hop rendezvous points in the heartbeat.
|
||||
Fixes bug 25116; bugfix on 0.2.9.6-rc.
|
||||
|
||||
o Minor bugfixes (performance):
|
||||
- Reduce the number of circuits that will be opened at once during
|
||||
the circuit build timeout phase. This is done by increasing the
|
||||
idle timeout to 3 minutes, and lowering the maximum number of
|
||||
concurrent learning circuits to 10. Fixes bug 24769; bugfix
|
||||
on 0.3.1.1-alpha.
|
||||
- Avoid calling protocol_list_supports_protocol() from inside tight
|
||||
loops when running with cached routerinfo_t objects. Instead,
|
||||
summarize the relevant protocols as flags in the routerinfo_t, as
|
||||
we do for routerstatus_t objects. This change simplifies our code
|
||||
a little, and saves a large amount of short-term memory allocation
|
||||
operations. Fixes bug 25008; bugfix on 0.2.9.4-alpha.
|
||||
|
||||
o Minor bugfixes (performance, timeouts):
|
||||
- Consider circuits for timeout as soon as they complete a hop. This
|
||||
is more accurate than applying the timeout in
|
||||
circuit_expire_building() because that function is only called
|
||||
once per second, which is now too slow for typical timeouts on the
|
||||
current network. Fixes bug 23114; bugfix on 0.2.2.2-alpha.
|
||||
- Use onion service circuits (and other circuits longer than 3 hops)
|
||||
to calculate a circuit build timeout. Previously, Tor only
|
||||
calculated its build timeout based on circuits that planned to be
|
||||
exactly 3 hops long. With this change, we include measurements
|
||||
from all circuits at the point where they complete their third
|
||||
hop. Fixes bug 23100; bugfix on 0.2.2.2-alpha.
|
||||
|
||||
o Minor bugfixes (relay, crash, backport from 0.3.4.1-alpha):
|
||||
- Avoid a crash when running with DirPort set but ORPort tuned off.
|
||||
Fixes a case of bug 23693; bugfix on 0.3.1.1-alpha.
|
||||
|
||||
o Minor bugfixes (Rust FFI):
|
||||
- Fix a minor memory leak which would happen whenever the C code
|
||||
would call the Rust implementation of
|
||||
protover_get_supported_protocols(). This was due to the C version
|
||||
returning a static string, whereas the Rust version newly allocated
|
||||
a CString to pass across the FFI boundary. Consequently, the C
|
||||
code was not expecting to need to free() what it was given. Fixes
|
||||
bug 25127; bugfix on 0.3.2.1-alpha.
|
||||
|
||||
o Minor bugfixes (spelling):
|
||||
- Use the "misspell" tool to detect and fix typos throughout the
|
||||
source code. Fixes bug 23650; bugfix on various versions of Tor.
|
||||
Patch from Deepesh Pathak.
|
||||
|
||||
o Minor bugfixes (testing):
|
||||
- Avoid intermittent test failures due to a test that had relied on
|
||||
onion service introduction point creation finishing within 5
|
||||
seconds of real clock time. Fixes bug 25450; bugfix
|
||||
on 0.3.1.3-alpha.
|
||||
- Give out Exit flags in bootstrapping networks. Fixes bug 24137;
|
||||
bugfix on 0.2.3.1-alpha.
|
||||
|
||||
o Minor bugfixes (unit test, monotonic time):
|
||||
- Increase a constant (1msec to 10msec) in the monotonic time test
|
||||
that makes sure the nsec/usec/msec times read are synchronized.
|
||||
This change was needed to accommodate slow systems like armel or
|
||||
when the clock_gettime() is not a VDSO on the running kernel.
|
||||
Fixes bug 25113; bugfix on 0.2.9.1.
|
||||
|
||||
o Code simplification and refactoring:
|
||||
- Move the list of default directory authorities to its own file.
|
||||
Closes ticket 24854. Patch by "beastr0".
|
||||
- Remove the old (deterministic) directory retry logic entirely:
|
||||
We've used exponential backoff exclusively for some time. Closes
|
||||
ticket 23814.
|
||||
- Remove the unused nodelist_recompute_all_hsdir_indices(). Closes
|
||||
ticket 25108.
|
||||
- Remove a series of counters used to track circuit extend attempts
|
||||
and connection status but that in reality we aren't using for
|
||||
anything other than stats logged by a SIGUSR1 signal. Closes
|
||||
ticket 25163.
|
||||
- Remove /usr/athena from search path in configure.ac. Closes
|
||||
ticket 24363.
|
||||
- Remove duplicate code in node_has_curve25519_onion_key() and
|
||||
node_get_curve25519_onion_key(), and add a check for a zero
|
||||
microdesc curve25519 onion key. Closes ticket 23966, patch by
|
||||
"aruna1234" and teor.
|
||||
- Rewrite channel_rsa_id_group_set_badness to reduce temporary
|
||||
memory allocations with large numbers of OR connections (e.g.
|
||||
relays). Closes ticket 24119.
|
||||
- Separate the function that deletes ephemeral files when Tor
|
||||
stops gracefully.
|
||||
- Small changes to Tor's buf_t API to make it suitable for use as a
|
||||
general-purpose safe string constructor. Closes ticket 22342.
|
||||
- Switch -Wnormalized=id to -Wnormalized=nfkc in configure.ac to
|
||||
avoid source code identifier confusion. Closes ticket 24467.
|
||||
- The tor_git_revision[] constant no longer needs to be redeclared
|
||||
by everything that links against the rest of Tor. Done as part of
|
||||
ticket 23845, to simplify our external API.
|
||||
- We make extend_info_from_node() use node_get_curve25519_onion_key()
|
||||
introduced in ticket 23577 to access the curve25519 public keys
|
||||
rather than accessing it directly. Closes ticket 23760. Patch by
|
||||
Neel Chauhan.
|
||||
- Add a function to log channels' scheduler state changes to aid
|
||||
debugging efforts. Closes ticket 24531.
|
||||
|
||||
o Documentation:
|
||||
- Improved the documentation of AccountingStart parameter. Closes
|
||||
ticket 23635.
|
||||
- Update the documentation for "Log" to include the current list of
|
||||
logging domains. Closes ticket 25378.
|
||||
- Add documentation on how to build tor with Rust dependencies
|
||||
without having to be online. Closes ticket 22907; bugfix
|
||||
on 0.3.0.3-alpha.
|
||||
- Clarify the behavior of RelayBandwidth{Rate,Burst} with client
|
||||
traffic. Closes ticket 24318.
|
||||
- Document that OutboundBindAddress doesn't apply to DNS requests.
|
||||
Closes ticket 22145. Patch from Aruna Maurya.
|
||||
|
||||
o Code simplification and refactoring (channels):
|
||||
- Remove the incoming and outgoing channel queues. These were never
|
||||
used, but still took up a step in our fast path.
|
||||
- The majority of the channel unit tests have been rewritten and the
|
||||
code coverage has now been raised to 83.6% for channel.c. Closes
|
||||
ticket 23709.
|
||||
- Remove other dead code from the channel subsystem: All together,
|
||||
this cleanup has removed more than 1500 lines of code overall and
|
||||
adding very little except for unit test.
|
||||
|
||||
o Code simplification and refactoring (circuit rendezvous):
|
||||
- Split the client-side rendezvous circuit lookup into two
|
||||
functions: one that returns only established circuits and another
|
||||
that returns all kinds of circuits. Closes ticket 23459.
|
||||
|
||||
o Code simplification and refactoring (controller):
|
||||
- Make most of the variables in networkstatus_getinfo_by_purpose()
|
||||
const. Implements ticket 24489.
|
||||
|
||||
o Documentation (backport from 0.3.4.1-alpha):
|
||||
- Correct an IPv6 error in the documentation for ExitPolicy. Closes
|
||||
ticket 25857. Patch from "CTassisF".
|
||||
|
||||
o Documentation (man page):
|
||||
- The HiddenServiceVersion torrc option accepts only one number:
|
||||
either version 2 or 3. Closes ticket 25026; bugfix
|
||||
on 0.3.2.2-alpha.
|
||||
|
||||
o Documentation (manpage, denial of service):
|
||||
- Provide more detail about the denial-of-service options, by
|
||||
listing each mitigation and explaining how they relate. Closes
|
||||
ticket 25248.
|
||||
|
||||
|
||||
Changes in version 0.3.1.10 - 2018-03-03
|
||||
|
@ -405,6 +866,7 @@ Changes in version 0.3.1.10 - 2018-03-03
|
|||
- Update the "rust dependencies" submodule to be a project-level
|
||||
repository, rather than a user repository. Closes ticket 25323.
|
||||
|
||||
|
||||
Changes in version 0.2.9.15 - 2018-03-03
|
||||
Tor 0.2.9.15 backports important security and stability bugfixes from
|
||||
later Tor releases.
|
||||
|
@ -582,6 +1044,180 @@ Changes in version 0.2.9.15 - 2018-03-03
|
|||
bugfix on 0.2.9.4-alpha.
|
||||
|
||||
|
||||
Changes in version 0.3.2.10 - 2018-03-03
|
||||
Tor 0.3.2.10 is the second stable release in the 0.3.2 series. It
|
||||
backports a number of bugfixes, including important fixes for security
|
||||
issues.
|
||||
|
||||
It includes an important security fix for a remote crash attack
|
||||
against directory authorities, tracked as TROVE-2018-001.
|
||||
|
||||
Additionally, it backports a fix for a bug whose severity we have
|
||||
upgraded: Bug 24700, which was fixed in 0.3.3.2-alpha, can be remotely
|
||||
triggered in order to crash relays with a use-after-free pattern. As
|
||||
such, we are now tracking that bug as TROVE-2018-002 and
|
||||
CVE-2018-0491, and backporting it to earlier releases. This bug
|
||||
affected versions 0.3.2.1-alpha through 0.3.2.9, as well as version
|
||||
0.3.3.1-alpha.
|
||||
|
||||
This release also backports our new system for improved resistance to
|
||||
denial-of-service attacks against relays.
|
||||
|
||||
This release also fixes several minor bugs and annoyances from
|
||||
earlier releases.
|
||||
|
||||
Relays running 0.3.2.x SHOULD upgrade to one of the versions released
|
||||
today, for the fix to TROVE-2018-002. Directory authorities should
|
||||
also upgrade. (Relays on earlier versions might want to update too for
|
||||
the DoS mitigations.)
|
||||
|
||||
o Major bugfixes (denial-of-service, directory authority, backport from 0.3.3.3-alpha):
|
||||
- Fix a protocol-list handling bug that could be used to remotely crash
|
||||
directory authorities with a null-pointer exception. Fixes bug 25074;
|
||||
bugfix on 0.2.9.4-alpha. Also tracked as TROVE-2018-001 and
|
||||
CVE-2018-0490.
|
||||
|
||||
o Major bugfixes (scheduler, KIST, denial-of-service, backport from 0.3.3.2-alpha):
|
||||
- Avoid adding the same channel twice in the KIST scheduler pending
|
||||
list, which could lead to remote denial-of-service use-after-free
|
||||
attacks against relays. Fixes bug 24700; bugfix on 0.3.2.1-alpha.
|
||||
|
||||
o Major features (denial-of-service mitigation, backport from 0.3.3.2-alpha):
|
||||
- Give relays some defenses against the recent network overload. We
|
||||
start with three defenses (default parameters in parentheses).
|
||||
First: if a single client address makes too many concurrent
|
||||
connections (>100), hang up on further connections. Second: if a
|
||||
single client address makes circuits too quickly (more than 3 per
|
||||
second, with an allowed burst of 90) while also having too many
|
||||
connections open (3), refuse new create cells for the next while
|
||||
(1-2 hours). Third: if a client asks to establish a rendezvous
|
||||
point to you directly, ignore the request. These defenses can be
|
||||
manually controlled by new torrc options, but relays will also
|
||||
take guidance from consensus parameters, so there's no need to
|
||||
configure anything manually. Implements ticket 24902.
|
||||
|
||||
o Major bugfixes (onion services, retry behavior, backport from 0.3.3.1-alpha):
|
||||
- Fix an "off by 2" error in counting rendezvous failures on the
|
||||
onion service side. While we thought we would stop the rendezvous
|
||||
attempt after one failed circuit, we were actually making three
|
||||
circuit attempts before giving up. Now switch to a default of 2,
|
||||
and allow the consensus parameter "hs_service_max_rdv_failures" to
|
||||
override. Fixes bug 24895; bugfix on 0.0.6.
|
||||
- New-style (v3) onion services now obey the "max rendezvous circuit
|
||||
attempts" logic. Previously they would make as many rendezvous
|
||||
circuit attempts as they could fit in the MAX_REND_TIMEOUT second
|
||||
window before giving up. Fixes bug 24894; bugfix on 0.3.2.1-alpha.
|
||||
|
||||
o Major bugfixes (protocol versions, backport from 0.3.3.2-alpha):
|
||||
- Add Link protocol version 5 to the supported protocols list. Fixes
|
||||
bug 25070; bugfix on 0.3.1.1-alpha.
|
||||
|
||||
o Major bugfixes (relay, backport from 0.3.3.1-alpha):
|
||||
- Fix a set of false positives where relays would consider
|
||||
connections to other relays as being client-only connections (and
|
||||
thus e.g. deserving different link padding schemes) if those
|
||||
relays fell out of the consensus briefly. Now we look only at the
|
||||
initial handshake and whether the connection authenticated as a
|
||||
relay. Fixes bug 24898; bugfix on 0.3.1.1-alpha.
|
||||
|
||||
o Major bugfixes (scheduler, consensus, backport from 0.3.3.2-alpha):
|
||||
- The scheduler subsystem was failing to promptly notice changes in
|
||||
consensus parameters, making it harder to switch schedulers
|
||||
network-wide. Fixes bug 24975; bugfix on 0.3.2.1-alpha.
|
||||
|
||||
o Minor features (denial-of-service avoidance, backport from 0.3.3.2-alpha):
|
||||
- Make our OOM handler aware of the geoip client history cache so it
|
||||
doesn't fill up the memory. This check is important for IPv6 and
|
||||
our DoS mitigation subsystem. Closes ticket 25122.
|
||||
|
||||
o Minor features (compatibility, OpenSSL, backport from 0.3.3.3-alpha):
|
||||
- Tor will now support TLS1.3 once OpenSSL 1.1.1 is released.
|
||||
Previous versions of Tor would not have worked with OpenSSL 1.1.1,
|
||||
since they neither disabled TLS 1.3 nor enabled any of the
|
||||
ciphersuites it requires. Now we enable the TLS 1.3 ciphersuites.
|
||||
Closes ticket 24978.
|
||||
|
||||
o Minor features (geoip):
|
||||
- Update geoip and geoip6 to the February 7 2018 Maxmind GeoLite2
|
||||
Country database.
|
||||
|
||||
o Minor features (logging, diagnostic, backport from 0.3.3.2-alpha):
|
||||
- When logging a failure to create an onion service's descriptor,
|
||||
also log what the problem with the descriptor was. Diagnostic
|
||||
for ticket 24972.
|
||||
|
||||
o Minor bugfix (channel connection, backport from 0.3.3.2-alpha):
|
||||
- Use the actual observed address of an incoming relay connection,
|
||||
not the canonical address of the relay from its descriptor, when
|
||||
making decisions about how to handle the incoming connection.
|
||||
Fixes bug 24952; bugfix on 0.2.4.11-alpha. Patch by "ffmancera".
|
||||
|
||||
o Minor bugfixes (denial-of-service, backport from 0.3.3.3-alpha):
|
||||
- Fix a possible crash on malformed consensus. If a consensus had
|
||||
contained an unparseable protocol line, it could have made clients
|
||||
and relays crash with a null-pointer exception. To exploit this
|
||||
issue, however, an attacker would need to be able to subvert the
|
||||
directory authority system. Fixes bug 25251; bugfix on
|
||||
0.2.9.4-alpha. Also tracked as TROVE-2018-004.
|
||||
|
||||
o Minor bugfix (directory authority, backport from 0.3.3.2-alpha):
|
||||
- Directory authorities, when refusing a descriptor from a rejected
|
||||
relay, now explicitly tell the relay (in its logs) to set a valid
|
||||
ContactInfo address and contact the bad-relays@ mailing list.
|
||||
Fixes bug 25170; bugfix on 0.2.9.1.
|
||||
|
||||
o Minor bugfixes (build, rust, backport from 0.3.3.1-alpha):
|
||||
- When building with Rust on OSX, link against libresolv, to work
|
||||
around the issue at https://github.com/rust-lang/rust/issues/46797.
|
||||
Fixes bug 24652; bugfix on 0.3.1.1-alpha.
|
||||
|
||||
o Minor bugfixes (onion services, backport from 0.3.3.2-alpha):
|
||||
- Remove a BUG() statement when a client fetches an onion descriptor
|
||||
that has a lower revision counter than the one in its cache. This
|
||||
can happen in normal circumstances due to HSDir desync. Fixes bug
|
||||
24976; bugfix on 0.3.2.1-alpha.
|
||||
|
||||
o Minor bugfixes (logging, backport from 0.3.3.2-alpha):
|
||||
- Don't treat inability to store a cached consensus object as a bug:
|
||||
it can happen normally when we are out of disk space. Fixes bug
|
||||
24859; bugfix on 0.3.1.1-alpha.
|
||||
|
||||
o Minor bugfixes (performance, fragile-hardening, backport from 0.3.3.1-alpha):
|
||||
- Improve the performance of our consensus-diff application code
|
||||
when Tor is built with the --enable-fragile-hardening option set.
|
||||
Fixes bug 24826; bugfix on 0.3.1.1-alpha.
|
||||
|
||||
o Minor bugfixes (OSX, backport from 0.3.3.1-alpha):
|
||||
- Don't exit the Tor process if setrlimit() fails to change the file
|
||||
limit (which can happen sometimes on some versions of OSX). Fixes
|
||||
bug 21074; bugfix on 0.0.9pre5.
|
||||
|
||||
o Minor bugfixes (spec conformance, backport from 0.3.3.3-alpha):
|
||||
- Forbid "-0" as a protocol version. Fixes part of bug 25249; bugfix on
|
||||
0.2.9.4-alpha.
|
||||
- Forbid UINT32_MAX as a protocol version. Fixes part of bug 25249;
|
||||
bugfix on 0.2.9.4-alpha.
|
||||
|
||||
o Minor bugfixes (testing, backport from 0.3.3.1-alpha):
|
||||
- Fix a memory leak in the scheduler/loop_kist unit test. Fixes bug
|
||||
25005; bugfix on 0.3.2.7-rc.
|
||||
|
||||
o Minor bugfixes (v3 onion services, backport from 0.3.3.2-alpha):
|
||||
- Look at the "HSRend" protocol version, not the "HSDir" protocol
|
||||
version, when deciding whether a consensus entry can support the
|
||||
v3 onion service protocol as a rendezvous point. Fixes bug 25105;
|
||||
bugfix on 0.3.2.1-alpha.
|
||||
|
||||
o Code simplification and refactoring (backport from 0.3.3.3-alpha):
|
||||
- Update the "rust dependencies" submodule to be a project-level
|
||||
repository, rather than a user repository. Closes ticket 25323.
|
||||
|
||||
o Documentation (backport from 0.3.3.1-alpha)
|
||||
- Document that operators who run more than one relay or bridge are
|
||||
expected to set MyFamily and ContactInfo correctly. Closes
|
||||
ticket 24526.
|
||||
|
||||
|
||||
Changes in version 0.3.2.9 - 2018-01-09
|
||||
Tor 0.3.2.9 is the first stable release in the 0.3.2 series.
|
||||
|
||||
|
|
|
@ -0,0 +1,6 @@
|
|||
o Major bugfixes (security, directory authority, denial-of-service):
|
||||
- Fix a bug that could have allowed an attacker to force a
|
||||
directory authority to use up all its RAM by passing it a
|
||||
maliciously crafted protocol versions string. Fixes bug 25517;
|
||||
bugfix on 0.2.9.4-alpha. This issue is also tracked as
|
||||
TROVE-2018-005.
|
|
@ -0,0 +1,3 @@
|
|||
o Minor bugfixes (onion services):
|
||||
- Fix a bug that blocked the creation of ephemeral v3 onion services. Fixes
|
||||
bug 25939; bugfix on 0.3.4.1-alpha.
|
|
@ -1,5 +0,0 @@
|
|||
o Minor bugfixes (correctness, client):
|
||||
- Upon receiving a malformed connected cell, stop processing the cell
|
||||
immediately. Previously we would mark the connection for close, but
|
||||
continue processing the cell as if the connection were open. Fixes bug
|
||||
26072; bugfix on 0.2.4.7-alpha.
|
|
@ -0,0 +1,5 @@
|
|||
o Minor bugfixes (test coverage tools):
|
||||
- Update our "cov-diff" script to handle output from the latest
|
||||
version of gcov, and to remove extraneous timestamp information
|
||||
from its output. Fixes bugs 26101 and 26102; bugfix on
|
||||
0.2.5.1-alpha.
|
|
@ -0,0 +1,7 @@
|
|||
o Minor bugfixes (compatibility, openssl):
|
||||
- Work around a change in OpenSSL 1.1.1 where
|
||||
return values that would previously indicate "no password" now
|
||||
indicate an empty password. Without this workaround, Tor instances
|
||||
running with OpenSSL 1.1.1 would accept descriptors that other Tor
|
||||
instances would reject. Fixes bug 26116; bugfix on 0.2.5.16.
|
||||
|
|
@ -0,0 +1,6 @@
|
|||
o Minor bugfixes (controller):
|
||||
- Improve accuracy of the BUILDTIMEOUT_SET control port event's
|
||||
TIMEOUT_RATE and CLOSE_RATE fields. (We were previously miscounting
|
||||
the total number of circuits for these field values.) Fixes bug
|
||||
26121; bugfix on 0.3.3.1-alpha.
|
||||
|
|
@ -0,0 +1,3 @@
|
|||
o Minor bugfixes (compilation):
|
||||
- Fix compilation when building with OpenSSL 1.1.0 with the
|
||||
"no-deprecated" flag enabled. Fixes bug 26156; bugfix on 0.3.4.1-alpha.
|
|
@ -0,0 +1,4 @@
|
|||
o Minor bugfixes (hardening):
|
||||
- Prevent a possible out-of-bounds smartlist read in
|
||||
protover_compute_vote(). Fixes bug 26196; bugfix on
|
||||
0.2.9.4-alpha.
|
|
@ -0,0 +1,4 @@
|
|||
o Minor bugfixes (control port):
|
||||
- Do not count 0-length RELAY_COMMAND_DATA cells as valid data in CIRC_BW
|
||||
events. Previously, such cells were counted entirely in the OVERHEAD
|
||||
field. Now they are not. Fixes bug 26259; bugfix on 0.3.4.1-alpha.
|
|
@ -0,0 +1,4 @@
|
|||
o Documentation:
|
||||
- In code comment, point the reader to the exact section
|
||||
in Tor specification that specifies circuit close error
|
||||
code values. Resolves ticket 25237.
|
|
@ -0,0 +1,4 @@
|
|||
o Minor features (continuous integration):
|
||||
- Add the necessary configuration files for continuous integration
|
||||
testing on Windows, via the Appveyor platform. Closes ticket 25549.
|
||||
Patches from Marcin Cieślak and Isis Lovecruft.
|
|
@ -4,7 +4,7 @@ dnl Copyright (c) 2007-2017, The Tor Project, Inc.
|
|||
dnl See LICENSE for licensing information
|
||||
|
||||
AC_PREREQ([2.63])
|
||||
AC_INIT([tor],[0.3.4.1-alpha])
|
||||
AC_INIT([tor],[0.3.4.1-alpha-dev])
|
||||
AC_CONFIG_SRCDIR([src/or/main.c])
|
||||
AC_CONFIG_MACRO_DIR([m4])
|
||||
|
||||
|
|
|
@ -8,7 +8,7 @@
|
|||
!include "LogicLib.nsh"
|
||||
!include "FileFunc.nsh"
|
||||
!insertmacro GetParameters
|
||||
!define VERSION "0.3.4.1-alpha"
|
||||
!define VERSION "0.3.4.1-alpha-dev"
|
||||
!define INSTALLER "tor-${VERSION}-win32.exe"
|
||||
!define WEBSITE "https://www.torproject.org/"
|
||||
!define LICENSE "LICENSE"
|
||||
|
|
|
@ -0,0 +1,192 @@
|
|||
# coding=utf8
|
||||
# Copyright (C) 2015-2016 Christopher R. Wood
|
||||
# Copyright (c) 2018 The Tor Project
|
||||
# Copyright (c) 2018 isis agora lovecruft
|
||||
#
|
||||
# From: https://raw.githubusercontent.com/gridsync/gridsync/def54f8166089b733d166665fdabcad4cdc526d8/misc/irc-notify.py
|
||||
# and: https://github.com/gridsync/gridsync
|
||||
#
|
||||
# Modified by nexB on October 2016:
|
||||
# - rework the handling of environment variables.
|
||||
# - made the script use functions
|
||||
# - support only Appveyor loading its environment variable to craft IRC notices.
|
||||
#
|
||||
# Modified by isis agora lovecruft <isis@torproject.org> in 2018:
|
||||
# - Make IRC server configurable.
|
||||
# - Make bot IRC nick deterministic.
|
||||
# - Make bot join the channel rather than sending NOTICE messages externally.
|
||||
# - Fix a bug which always caused sys.exit() to be logged as a traceback.
|
||||
# - Actually reset the IRC colour codes after printing.
|
||||
#
|
||||
# Modified by Marcin Cieślak in 2018:
|
||||
# - Accept UTF-8
|
||||
# - only guess github URLs
|
||||
# - stop using ANSI colors
|
||||
|
||||
# This program is free software; you can redistribute it and/or modify it under the
|
||||
# terms of the GNU General Public License as published by the Free Software Foundation;
|
||||
# either version 2 of the License, or (at your option) any later version.
|
||||
#
|
||||
# This program is distributed in the hope that it will be useful, but WITHOUT ANY
|
||||
# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
|
||||
# PARTICULAR PURPOSE. See the GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License along with this
|
||||
# program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street,
|
||||
# Fifth Floor, Boston, MA 02110-1301 USA.
|
||||
|
||||
"""Simple AppVeyor IRC notification script.
|
||||
|
||||
The first argument is an IRC server and port; the second is the channel. Other
|
||||
arguments passed to the script will be sent as notice messages content and any
|
||||
{var}-formatted environment variables will be expanded automatically, replaced
|
||||
with a corresponding Appveyor environment variable value. Use commas to
|
||||
delineate multiple messages.
|
||||
|
||||
|
||||
Example:
|
||||
export APPVEYOR_URL=https://ci.appveyor.com
|
||||
export APPVEYOR_PROJECT_NAME=tor
|
||||
export APPVEYOR_REPO_COMMIT_AUTHOR=isislovecruft
|
||||
export APPVEYOR_REPO_COMMIT_TIMESTAMP=2018-04-23
|
||||
export APPVEYOR_REPO_PROVIDER=gihub
|
||||
export APPVEYOR_REPO_BRANCH=repo_branch
|
||||
export APPVEYOR_PULL_REQUEST_TITLE=pull_request_title
|
||||
export APPVEYOR_BUILD_VERSION=1
|
||||
export APPVEYOR_REPO_COMMIT=22c95b72e29248dc4de9b85e590ee18f6f587de8
|
||||
export APPVEYOR_REPO_COMMIT_MESSAGE="some IRC test"
|
||||
export APPVEYOR_ACCOUNT_NAME=isislovecruft
|
||||
export APPVEYOR_PULL_REQUEST_NUMBER=pull_request_number
|
||||
export APPVEYOR_REPO_NAME=isislovecruft/tor
|
||||
python ./appveyor-irc-notify.py irc.oftc.net:6697 tor-ci '{repo_name} {repo_branch} {short_commit} - {repo_commit_author}: {repo_commit_message}','Build #{build_version} passed. Details: {build_url} | Commit: {commit_url}
|
||||
|
||||
See also https://github.com/gridsync/gridsync/blob/master/appveyor.yml for examples
|
||||
in Appveyor's YAML:
|
||||
|
||||
on_success:
|
||||
- "python scripts/test/appveyor-irc-notify.py irc.oftc.net:6697 tor-ci success
|
||||
on_failure:
|
||||
- "python scripts/test/appveyor-irc-notify.py irc.oftc.net:6697 tor-ci failure
|
||||
"""
|
||||
|
||||
from __future__ import print_function
|
||||
from __future__ import absolute_import
|
||||
|
||||
import os
|
||||
import random
|
||||
import socket
|
||||
import ssl
|
||||
import sys
|
||||
import time
|
||||
|
||||
|
||||
def appveyor_vars():
|
||||
"""
|
||||
Return a dict of key value carfted from appveyor environment variables.
|
||||
"""
|
||||
|
||||
vars = dict([
|
||||
(
|
||||
v.replace('APPVEYOR_', '').lower(),
|
||||
os.getenv(v, '').decode('utf-8')
|
||||
) for v in [
|
||||
'APPVEYOR_URL',
|
||||
'APPVEYOR_REPO_COMMIT_MESSAGE_EXTENDED',
|
||||
'APPVEYOR_REPO_BRANCH',
|
||||
'APPVEYOR_REPO_COMMIT_AUTHOR',
|
||||
'APPVEYOR_REPO_COMMIT_AUTHOR_EMAIL',
|
||||
'APPVEYOR_REPO_COMMIT_TIMESTAMP',
|
||||
'APPVEYOR_REPO_PROVIDER',
|
||||
'APPVEYOR_PROJECT_NAME',
|
||||
'APPVEYOR_PULL_REQUEST_TITLE',
|
||||
'APPVEYOR_BUILD_VERSION',
|
||||
'APPVEYOR_REPO_COMMIT',
|
||||
'APPVEYOR_REPO_COMMIT_MESSAGE',
|
||||
'APPVEYOR_ACCOUNT_NAME',
|
||||
'APPVEYOR_PULL_REQUEST_NUMBER',
|
||||
'APPVEYOR_REPO_NAME'
|
||||
]
|
||||
])
|
||||
|
||||
BUILD_FMT = u'{url}/project/{account_name}/{project_name}/build/{build_version}'
|
||||
|
||||
if vars["repo_provider"] == 'github':
|
||||
COMMIT_FMT = u'https://{repo_provider}.com/{repo_name}/commit/{repo_commit}'
|
||||
vars.update(commit_url=COMMIT_FMT.format(**vars))
|
||||
|
||||
vars.update(
|
||||
build_url=BUILD_FMT.format(**vars),
|
||||
short_commit=vars["repo_commit"][:7],
|
||||
)
|
||||
return vars
|
||||
|
||||
|
||||
def notify():
|
||||
"""
|
||||
Send IRC notification
|
||||
"""
|
||||
apvy_vars = appveyor_vars()
|
||||
|
||||
server, port = sys.argv[1].rsplit(":", 1)
|
||||
channel = sys.argv[2]
|
||||
success = sys.argv[3] == "success"
|
||||
failure = sys.argv[3] == "failure"
|
||||
|
||||
if success or failure:
|
||||
messages = []
|
||||
messages.append(u"{repo_name} {repo_branch} {short_commit} - {repo_commit_author}: {repo_commit_message}")
|
||||
|
||||
if success:
|
||||
m = u"Build #{build_version} passed. Details: {build_url}"
|
||||
if failure:
|
||||
m = u"Build #{build_version} failed. Details: {build_url}"
|
||||
|
||||
if "commit_url" in apvy_vars:
|
||||
m += " Commit: {commit_url}"
|
||||
|
||||
messages.append(m)
|
||||
else:
|
||||
messages = sys.argv[3:]
|
||||
messages = ' '.join(messages)
|
||||
messages = messages.decode("utf-8").split(',')
|
||||
|
||||
print(repr(apvy_vars))
|
||||
messages = [msg.format(**apvy_vars).strip() for msg in messages]
|
||||
|
||||
irc_username = 'appveyor-ci'
|
||||
irc_nick = irc_username
|
||||
|
||||
# establish connection
|
||||
irc_sock = ssl.wrap_socket(socket.socket(socket.AF_INET, socket.SOCK_STREAM))
|
||||
irc_sock.connect((socket.gethostbyname(server), int(port)))
|
||||
irc_sock.send('NICK {0}\r\nUSER {0} * 0 :{0}\r\n'.format(irc_username).encode())
|
||||
irc_sock.send('JOIN #{0}\r\n'.format(channel).encode())
|
||||
irc_file = irc_sock.makefile()
|
||||
|
||||
while irc_file:
|
||||
line = irc_file.readline()
|
||||
print(line.rstrip())
|
||||
response = line.split()
|
||||
|
||||
if response[0] == 'PING':
|
||||
irc_file.send('PONG {}\r\n'.format(response[1]).encode())
|
||||
|
||||
elif response[1] == '433':
|
||||
irc_sock.send('NICK {}\r\n'.format(irc_nick).encode())
|
||||
|
||||
elif response[1] == '001':
|
||||
time.sleep(5)
|
||||
# send notification
|
||||
for msg in messages:
|
||||
print(u'PRIVMSG #{} :{}'.format(channel, msg).encode("utf-8"))
|
||||
irc_sock.send(u'PRIVMSG #{} :{}\r\n'.format(channel, msg).encode("utf-8"))
|
||||
time.sleep(5)
|
||||
return
|
||||
|
||||
|
||||
if __name__ == '__main__':
|
||||
try:
|
||||
notify()
|
||||
except:
|
||||
import traceback
|
||||
print('ERROR: Failed to send notification: \n' + traceback.format_exc())
|
|
@ -10,12 +10,12 @@ DIRB="$2"
|
|||
for B in $DIRB/*; do
|
||||
A=$DIRA/`basename $B`
|
||||
if [ -f $A ]; then
|
||||
perl -pe 's/^\s*\!*\d+:/ 1:/; s/^([^:]+:)[\d\s]+:/$1/; s/^ *-:(Runs|Programs):.*//;' "$A" > "$A.tmp"
|
||||
perl -pe 's/^\s*\!*\d+(\*?):/ 1$1:/; s/^([^:]+:)[\d\s]+:/$1/; s/^ *-:(Runs|Programs):.*//;' "$A" > "$A.tmp"
|
||||
else
|
||||
cat /dev/null > "$A.tmp"
|
||||
fi
|
||||
perl -pe 's/^\s*\!*\d+:/ 1:/; s/^([^:]+:)[\d\s]+:/$1/; s/^ *-:(Runs|Programs):.*//;' "$B" > "$B.tmp"
|
||||
diff -u "$A.tmp" "$B.tmp"
|
||||
perl -pe 's/^\s*\!*\d+(\*?):/ 1$1:/; s/^([^:]+:)[\d\s]+:/$1/; s/^ *-:(Runs|Programs):.*//;' "$B" > "$B.tmp"
|
||||
diff -u "$A.tmp" "$B.tmp" |perl -pe 's/^((?:\+\+\+|---)(?:.*tmp))\s+.*/$1/;'
|
||||
rm "$A.tmp" "$B.tmp"
|
||||
done
|
||||
|
||||
|
|
|
@ -16,6 +16,7 @@
|
|||
#include <ws2tcpip.h>
|
||||
#endif
|
||||
|
||||
#include "compat_openssl.h"
|
||||
#include <openssl/opensslv.h>
|
||||
#include "crypto_openssl_mgt.h"
|
||||
|
||||
|
|
|
@ -7,7 +7,7 @@
|
|||
/**
|
||||
* \file crypto_rand.h
|
||||
*
|
||||
* \brief Common functions for using (psuedo-)random number generators.
|
||||
* \brief Common functions for using (pseudo-)random number generators.
|
||||
**/
|
||||
|
||||
#ifndef TOR_CRYPTO_RAND_H
|
||||
|
|
|
@ -239,7 +239,7 @@ pem_no_password_cb(char *buf, int size, int rwflag, void *u)
|
|||
(void)size;
|
||||
(void)rwflag;
|
||||
(void)u;
|
||||
return 0;
|
||||
return -1;
|
||||
}
|
||||
|
||||
/** Read a PEM-encoded private key from the <b>len</b>-byte string <b>s</b>
|
||||
|
|
|
@ -1910,13 +1910,20 @@ cbt_control_event_buildtimeout_set(const circuit_build_times_t *cbt,
|
|||
|
||||
/* The timeout rate is the ratio of the timeout count over
|
||||
* the total number of circuits attempted. The total number of
|
||||
* circuits is (timeouts+succeeded+closed), since a circuit can
|
||||
* either timeout, close, or succeed. We cast the denominator
|
||||
* circuits is (timeouts+succeeded), since every circuit
|
||||
* either succeeds, or times out. "Closed" circuits are
|
||||
* MEASURE_TIMEOUT circuits whose measurement period expired.
|
||||
* All MEASURE_TIMEOUT circuits are counted in the timeouts stat
|
||||
* before transitioning to MEASURE_TIMEOUT (in
|
||||
* circuit_build_times_mark_circ_as_measurement_only()).
|
||||
* MEASURE_TIMEOUT circuits that succeed are *not* counted as
|
||||
* "succeeded". See circuit_build_times_handle_completed_hop().
|
||||
*
|
||||
* We cast the denominator
|
||||
* to promote it to double before the addition, to avoid int32
|
||||
* overflow. */
|
||||
const double total_circuits =
|
||||
((double)cbt->num_circ_timeouts) + cbt->num_circ_succeeded
|
||||
+ cbt->num_circ_closed;
|
||||
((double)cbt->num_circ_timeouts) + cbt->num_circ_succeeded;
|
||||
if (total_circuits >= 1.0) {
|
||||
timeout_rate = cbt->num_circ_timeouts / total_circuits;
|
||||
close_rate = cbt->num_circ_closed / total_circuits;
|
||||
|
|
|
@ -4358,6 +4358,12 @@ dirserv_generate_networkstatus_vote_obj(crypto_pk_t *private_key,
|
|||
microdescriptors = smartlist_new();
|
||||
|
||||
SMARTLIST_FOREACH_BEGIN(routers, routerinfo_t *, ri) {
|
||||
/* If it has a protover list and contains a protocol name greater than
|
||||
* MAX_PROTOCOL_NAME_LENGTH, skip it. */
|
||||
if (ri->protocol_list &&
|
||||
protover_contains_long_protocol_names(ri->protocol_list)) {
|
||||
continue;
|
||||
}
|
||||
if (ri->cache_info.published_on >= cutoff) {
|
||||
routerstatus_t *rs;
|
||||
vote_routerstatus_t *vrs;
|
||||
|
|
|
@ -3062,6 +3062,12 @@ hs_service_add_ephemeral(ed25519_secret_key_t *sk, smartlist_t *ports,
|
|||
goto err;
|
||||
}
|
||||
|
||||
/* Build the onion address for logging purposes but also the control port
|
||||
* uses it for the HS_DESC event. */
|
||||
hs_build_address(&service->keys.identity_pk,
|
||||
(uint8_t) service->config.version,
|
||||
service->onion_address);
|
||||
|
||||
/* The only way the registration can fail is if the service public key
|
||||
* already exists. */
|
||||
if (BUG(register_service(hs_service_map, service) < 0)) {
|
||||
|
@ -3071,14 +3077,10 @@ hs_service_add_ephemeral(ed25519_secret_key_t *sk, smartlist_t *ports,
|
|||
goto err;
|
||||
}
|
||||
|
||||
/* Last step is to build the onion address. */
|
||||
hs_build_address(&service->keys.identity_pk,
|
||||
(uint8_t) service->config.version,
|
||||
service->onion_address);
|
||||
*address_out = tor_strdup(service->onion_address);
|
||||
|
||||
log_info(LD_CONFIG, "Added ephemeral v3 onion service: %s",
|
||||
safe_str_client(service->onion_address));
|
||||
|
||||
*address_out = tor_strdup(service->onion_address);
|
||||
ret = RSAE_OKAY;
|
||||
goto end;
|
||||
|
||||
|
|
|
@ -728,8 +728,8 @@ typedef enum {
|
|||
/** Catch-all "other" reason for closing origin circuits. */
|
||||
#define END_CIRC_AT_ORIGIN -1
|
||||
|
||||
/* Reasons why we (or a remote OR) might close a circuit. See tor-spec.txt for
|
||||
* documentation of these. */
|
||||
/* Reasons why we (or a remote OR) might close a circuit. See tor-spec.txt
|
||||
* section 5.4 for documentation of these. */
|
||||
#define END_CIRC_REASON_MIN_ 0
|
||||
#define END_CIRC_REASON_NONE 0
|
||||
#define END_CIRC_REASON_TORPROTOCOL 1
|
||||
|
|
|
@ -53,6 +53,11 @@ static const struct {
|
|||
|
||||
#define N_PROTOCOL_NAMES ARRAY_LENGTH(PROTOCOL_NAMES)
|
||||
|
||||
/* Maximum allowed length of any single subprotocol name. */
|
||||
// C_RUST_COUPLED: src/rust/protover/protover.rs
|
||||
// `MAX_PROTOCOL_NAME_LENGTH`
|
||||
static const unsigned MAX_PROTOCOL_NAME_LENGTH = 100;
|
||||
|
||||
/**
|
||||
* Given a protocol_type_t, return the corresponding string used in
|
||||
* descriptors.
|
||||
|
@ -198,6 +203,15 @@ parse_single_entry(const char *s, const char *end_of_entry)
|
|||
if (equals == s)
|
||||
goto error;
|
||||
|
||||
/* The name must not be longer than MAX_PROTOCOL_NAME_LENGTH. */
|
||||
if (equals - s > (int)MAX_PROTOCOL_NAME_LENGTH) {
|
||||
log_warn(LD_NET, "When parsing a protocol entry, I got a very large "
|
||||
"protocol name. This is possibly an attack or a bug, unless "
|
||||
"the Tor network truly supports protocol names larger than "
|
||||
"%ud characters. The offending string was: %s",
|
||||
MAX_PROTOCOL_NAME_LENGTH, escaped(out->name));
|
||||
goto error;
|
||||
}
|
||||
out->name = tor_strndup(s, equals-s);
|
||||
|
||||
tor_assert(equals < end_of_entry);
|
||||
|
@ -262,6 +276,18 @@ parse_protocol_list(const char *s)
|
|||
return NULL;
|
||||
}
|
||||
|
||||
/**
|
||||
* Return true if the unparsed protover in <b>s</b> would contain a protocol
|
||||
* name longer than MAX_PROTOCOL_NAME_LENGTH, and false otherwise.
|
||||
*/
|
||||
bool
|
||||
protover_contains_long_protocol_names(const char *s)
|
||||
{
|
||||
if (!parse_protocol_list(s))
|
||||
return true;
|
||||
return false;
|
||||
}
|
||||
|
||||
/**
|
||||
* Given a protocol type and version number, return true iff we know
|
||||
* how to speak that protocol.
|
||||
|
@ -439,6 +465,14 @@ expand_protocol_list(const smartlist_t *protos)
|
|||
|
||||
SMARTLIST_FOREACH_BEGIN(protos, const proto_entry_t *, ent) {
|
||||
const char *name = ent->name;
|
||||
if (strlen(name) > MAX_PROTOCOL_NAME_LENGTH) {
|
||||
log_warn(LD_NET, "When expanding a protocol entry, I got a very large "
|
||||
"protocol name. This is possibly an attack or a bug, unless "
|
||||
"the Tor network truly supports protocol names larger than "
|
||||
"%ud characters. The offending string was: %s",
|
||||
MAX_PROTOCOL_NAME_LENGTH, escaped(name));
|
||||
continue;
|
||||
}
|
||||
SMARTLIST_FOREACH_BEGIN(ent->ranges, const proto_range_t *, range) {
|
||||
uint32_t u;
|
||||
for (u = range->low; u <= range->high; ++u) {
|
||||
|
@ -495,6 +529,10 @@ cmp_single_ent_by_version(const void **a_, const void **b_)
|
|||
static char *
|
||||
contract_protocol_list(const smartlist_t *proto_strings)
|
||||
{
|
||||
if (smartlist_len(proto_strings) == 0) {
|
||||
return tor_strdup("");
|
||||
}
|
||||
|
||||
// map from name to list of single-version entries
|
||||
strmap_t *entry_lists_by_name = strmap_new();
|
||||
// list of protocol names
|
||||
|
@ -603,6 +641,10 @@ char *
|
|||
protover_compute_vote(const smartlist_t *list_of_proto_strings,
|
||||
int threshold)
|
||||
{
|
||||
if (smartlist_len(list_of_proto_strings) == 0) {
|
||||
return tor_strdup("");
|
||||
}
|
||||
|
||||
smartlist_t *all_entries = smartlist_new();
|
||||
|
||||
// First, parse the inputs and break them into singleton entries.
|
||||
|
@ -629,6 +671,11 @@ protover_compute_vote(const smartlist_t *list_of_proto_strings,
|
|||
smartlist_free(unexpanded);
|
||||
} SMARTLIST_FOREACH_END(vote);
|
||||
|
||||
if (smartlist_len(all_entries) == 0) {
|
||||
smartlist_free(all_entries);
|
||||
return tor_strdup("");
|
||||
}
|
||||
|
||||
// Now sort the singleton entries
|
||||
smartlist_sort_strings(all_entries);
|
||||
|
||||
|
|
|
@ -42,6 +42,7 @@ typedef enum protocol_type_t {
|
|||
PRT_CONS,
|
||||
} protocol_type_t;
|
||||
|
||||
bool protover_contains_long_protocol_names(const char *s);
|
||||
int protover_all_supported(const char *s, char **missing);
|
||||
int protover_is_supported_here(protocol_type_t pr, uint32_t ver);
|
||||
const char *protover_get_supported_protocols(void);
|
||||
|
|
|
@ -13,7 +13,22 @@
|
|||
#ifdef HAVE_RUST
|
||||
|
||||
/* Define for compatibility, used in main.c */
|
||||
void protover_free_all(void) {}
|
||||
void
|
||||
protover_free_all(void)
|
||||
{
|
||||
}
|
||||
|
||||
int protover_contains_long_protocol_names_(const char *s);
|
||||
|
||||
/**
|
||||
* Return true if the unparsed protover in <b>s</b> would contain a protocol
|
||||
* name longer than MAX_PROTOCOL_NAME_LENGTH, and false otherwise.
|
||||
*/
|
||||
bool
|
||||
protover_contains_long_protocol_names(const char *s)
|
||||
{
|
||||
return protover_contains_long_protocol_names_(s) != 0;
|
||||
}
|
||||
|
||||
#endif /* defined(HAVE_RUST) */
|
||||
|
||||
|
|
|
@ -1556,7 +1556,7 @@ connection_edge_process_relay_cell(cell_t *cell, circuit_t *circ,
|
|||
return -END_CIRC_REASON_TORPROTOCOL;
|
||||
}
|
||||
/* Total all valid application bytes delivered */
|
||||
if (CIRCUIT_IS_ORIGIN(circ)) {
|
||||
if (CIRCUIT_IS_ORIGIN(circ) && rh.length > 0) {
|
||||
circuit_read_valid_data(TO_ORIGIN_CIRCUIT(circ), rh.length);
|
||||
}
|
||||
|
||||
|
|
|
@ -56,7 +56,8 @@ pub extern "C" fn protover_all_supported(
|
|||
Err(_) => return 1,
|
||||
};
|
||||
|
||||
let relay_proto_entry: UnvalidatedProtoEntry = match relay_version.parse() {
|
||||
let relay_proto_entry: UnvalidatedProtoEntry =
|
||||
match UnvalidatedProtoEntry::from_str_any_len(relay_version) {
|
||||
Ok(n) => n,
|
||||
Err(_) => return 1,
|
||||
};
|
||||
|
@ -112,6 +113,32 @@ pub extern "C" fn protocol_list_supports_protocol(
|
|||
}
|
||||
}
|
||||
|
||||
#[no_mangle]
|
||||
pub extern "C" fn protover_contains_long_protocol_names_(
|
||||
c_protocol_list: *const c_char
|
||||
) -> c_int {
|
||||
if c_protocol_list.is_null() {
|
||||
return 1;
|
||||
}
|
||||
|
||||
// Require an unsafe block to read the version from a C string. The pointer
|
||||
// is checked above to ensure it is not null.
|
||||
let c_str: &CStr = unsafe { CStr::from_ptr(c_protocol_list) };
|
||||
|
||||
let protocol_list = match c_str.to_str() {
|
||||
Ok(n) => n,
|
||||
Err(_) => return 1
|
||||
};
|
||||
|
||||
let protocol_entry : Result<UnvalidatedProtoEntry,_> =
|
||||
protocol_list.parse();
|
||||
|
||||
match protocol_entry {
|
||||
Ok(_) => 0,
|
||||
Err(_) => 1,
|
||||
}
|
||||
}
|
||||
|
||||
/// Provide an interface for C to translate arguments and return types for
|
||||
/// protover::list_supports_protocol_or_later
|
||||
#[no_mangle]
|
||||
|
@ -167,6 +194,7 @@ pub extern "C" fn protover_get_supported_protocols() -> *const c_char {
|
|||
pub extern "C" fn protover_compute_vote(
|
||||
list: *const Stringlist,
|
||||
threshold: c_int,
|
||||
allow_long_proto_names: bool,
|
||||
) -> *mut c_char {
|
||||
|
||||
if list.is_null() {
|
||||
|
@ -181,9 +209,13 @@ pub extern "C" fn protover_compute_vote(
|
|||
let mut proto_entries: Vec<UnvalidatedProtoEntry> = Vec::new();
|
||||
|
||||
for datum in data {
|
||||
let entry: UnvalidatedProtoEntry = match datum.parse() {
|
||||
Ok(x) => x,
|
||||
Err(_) => continue,
|
||||
let entry: UnvalidatedProtoEntry = match allow_long_proto_names {
|
||||
true => match UnvalidatedProtoEntry::from_str_any_len(datum.as_str()) {
|
||||
Ok(n) => n,
|
||||
Err(_) => continue},
|
||||
false => match datum.parse() {
|
||||
Ok(n) => n,
|
||||
Err(_) => continue},
|
||||
};
|
||||
proto_entries.push(entry);
|
||||
}
|
||||
|
|
|
@ -28,6 +28,9 @@ const FIRST_TOR_VERSION_TO_ADVERTISE_PROTOCOLS: &'static str = "0.2.9.3-alpha";
|
|||
/// C_RUST_COUPLED: src/or/protover.c `MAX_PROTOCOLS_TO_EXPAND`
|
||||
const MAX_PROTOCOLS_TO_EXPAND: usize = (1<<16);
|
||||
|
||||
/// The maximum size an `UnknownProtocol`'s name may be.
|
||||
pub(crate) const MAX_PROTOCOL_NAME_LENGTH: usize = 100;
|
||||
|
||||
/// Known subprotocols in Tor. Indicates which subprotocol a relay supports.
|
||||
///
|
||||
/// C_RUST_COUPLED: src/or/protover.h `protocol_type_t`
|
||||
|
@ -90,6 +93,18 @@ impl FromStr for UnknownProtocol {
|
|||
type Err = ProtoverError;
|
||||
|
||||
fn from_str(s: &str) -> Result<Self, Self::Err> {
|
||||
if s.len() <= MAX_PROTOCOL_NAME_LENGTH {
|
||||
Ok(UnknownProtocol(s.to_string()))
|
||||
} else {
|
||||
Err(ProtoverError::ExceedsNameLimit)
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
impl UnknownProtocol {
|
||||
/// Create an `UnknownProtocol`, ignoring whether or not it
|
||||
/// exceeds MAX_PROTOCOL_NAME_LENGTH.
|
||||
fn from_str_any_len(s: &str) -> Result<Self, ProtoverError> {
|
||||
Ok(UnknownProtocol(s.to_string()))
|
||||
}
|
||||
}
|
||||
|
@ -417,6 +432,49 @@ impl UnvalidatedProtoEntry {
|
|||
};
|
||||
supported_versions.iter().any(|v| v.1 >= *vers)
|
||||
}
|
||||
|
||||
/// Split a string containing (potentially) several protocols and their
|
||||
/// versions into a `Vec` of tuples of string in `(protocol, versions)`
|
||||
/// form.
|
||||
///
|
||||
/// # Inputs
|
||||
///
|
||||
/// A &str in the form `"Link=3-4 Cons=5"`.
|
||||
///
|
||||
/// # Returns
|
||||
///
|
||||
/// A `Result` whose `Ok` variant is a `Vec<(&str, &str)>` of `(protocol,
|
||||
/// versions)`, or whose `Err` variant is a `ProtoverError`.
|
||||
///
|
||||
/// # Errors
|
||||
///
|
||||
/// This will error with a `ProtoverError::Unparseable` if any of the
|
||||
/// following are true:
|
||||
///
|
||||
/// * If a protocol name is an empty string, e.g. `"Cons=1,3 =3-5"`.
|
||||
/// * If a protocol name cannot be parsed as utf-8.
|
||||
/// * If the version numbers are an empty string, e.g. `"Cons="`.
|
||||
fn parse_protocol_and_version_str<'a>(protocol_string: &'a str)
|
||||
-> Result<Vec<(&'a str, &'a str)>, ProtoverError>
|
||||
{
|
||||
let mut protovers: Vec<(&str, &str)> = Vec::new();
|
||||
|
||||
for subproto in protocol_string.split(' ') {
|
||||
let mut parts = subproto.splitn(2, '=');
|
||||
|
||||
let name = match parts.next() {
|
||||
Some("") => return Err(ProtoverError::Unparseable),
|
||||
Some(n) => n,
|
||||
None => return Err(ProtoverError::Unparseable),
|
||||
};
|
||||
let vers = match parts.next() {
|
||||
Some(n) => n,
|
||||
None => return Err(ProtoverError::Unparseable),
|
||||
};
|
||||
protovers.push((name, vers));
|
||||
}
|
||||
Ok(protovers)
|
||||
}
|
||||
}
|
||||
|
||||
impl FromStr for UnvalidatedProtoEntry {
|
||||
|
@ -449,19 +507,10 @@ impl FromStr for UnvalidatedProtoEntry {
|
|||
/// * If the version string is malformed. See `impl FromStr for ProtoSet`.
|
||||
fn from_str(protocol_string: &str) -> Result<UnvalidatedProtoEntry, ProtoverError> {
|
||||
let mut parsed: UnvalidatedProtoEntry = UnvalidatedProtoEntry::default();
|
||||
let parts: Vec<(&str, &str)> =
|
||||
UnvalidatedProtoEntry::parse_protocol_and_version_str(protocol_string)?;
|
||||
|
||||
for subproto in protocol_string.split(' ') {
|
||||
let mut parts = subproto.splitn(2, '=');
|
||||
|
||||
let name = match parts.next() {
|
||||
Some("") => return Err(ProtoverError::Unparseable),
|
||||
Some(n) => n,
|
||||
None => return Err(ProtoverError::Unparseable),
|
||||
};
|
||||
let vers = match parts.next() {
|
||||
Some(n) => n,
|
||||
None => return Err(ProtoverError::Unparseable),
|
||||
};
|
||||
for &(name, vers) in parts.iter() {
|
||||
let versions = ProtoSet::from_str(vers)?;
|
||||
let protocol = UnknownProtocol::from_str(name)?;
|
||||
|
||||
|
@ -471,6 +520,26 @@ impl FromStr for UnvalidatedProtoEntry {
|
|||
}
|
||||
}
|
||||
|
||||
impl UnvalidatedProtoEntry {
|
||||
/// Create an `UnknownProtocol`, ignoring whether or not it
|
||||
/// exceeds MAX_PROTOCOL_NAME_LENGTH.
|
||||
pub(crate) fn from_str_any_len(protocol_string: &str)
|
||||
-> Result<UnvalidatedProtoEntry, ProtoverError>
|
||||
{
|
||||
let mut parsed: UnvalidatedProtoEntry = UnvalidatedProtoEntry::default();
|
||||
let parts: Vec<(&str, &str)> =
|
||||
UnvalidatedProtoEntry::parse_protocol_and_version_str(protocol_string)?;
|
||||
|
||||
for &(name, vers) in parts.iter() {
|
||||
let versions = ProtoSet::from_str(vers)?;
|
||||
let protocol = UnknownProtocol::from_str_any_len(name)?;
|
||||
|
||||
parsed.insert(protocol, versions);
|
||||
}
|
||||
Ok(parsed)
|
||||
}
|
||||
}
|
||||
|
||||
/// Pretend a `ProtoEntry` is actually an `UnvalidatedProtoEntry`.
|
||||
impl From<ProtoEntry> for UnvalidatedProtoEntry {
|
||||
fn from(proto_entry: ProtoEntry) -> UnvalidatedProtoEntry {
|
||||
|
|
|
@ -1470,7 +1470,7 @@ test_download_status_bridge(void *arg)
|
|||
return;
|
||||
}
|
||||
|
||||
/** Set timeval to a mock date and time. This is neccessary
|
||||
/** Set timeval to a mock date and time. This is necessary
|
||||
* to make tor_gettimeofday() mockable. */
|
||||
static void
|
||||
mock_tor_gettimeofday(struct timeval *timeval)
|
||||
|
|
|
@ -1363,6 +1363,46 @@ test_crypto_pk_base64(void *arg)
|
|||
tor_free(encoded);
|
||||
}
|
||||
|
||||
static void
|
||||
test_crypto_pk_pem_encrypted(void *arg)
|
||||
{
|
||||
crypto_pk_t *pk = NULL;
|
||||
(void)arg;
|
||||
|
||||
pk = crypto_pk_new();
|
||||
/* we need to make sure that we won't stall if somebody gives us a key
|
||||
that's encrypted with a password. */
|
||||
{
|
||||
const char *s =
|
||||
"-----BEGIN RSA PRIVATE KEY-----\n"
|
||||
"Proc-Type: 4,ENCRYPTED\n"
|
||||
"DEK-Info: AES-128-CBC,EFA86BB9D2AB11E80B4E3DCD97782B16\n"
|
||||
"\n"
|
||||
"Z2Je4m0cFepc6coQkVbGcvNCHxTf941N2XYEVE6kn0CqWqoUH4tlwV6for5D91np\n"
|
||||
"5NiEFTkWj31EhrvrYcuiJtQ/iEbABxZULFWFeJ058rb+1izBz5rScqnEacIS/3Go\n"
|
||||
"YntnROBDwiKmUnue6PJVYg==\n"
|
||||
"-----END RSA PRIVATE KEY-----\n";
|
||||
tt_int_op(-1, OP_EQ,
|
||||
crypto_pk_read_private_key_from_string(pk, s, strlen(s)));
|
||||
}
|
||||
/* For fun, make sure we aren't hit by OpenSSL issue
|
||||
https://github.com/openssl/openssl/issues/6347 , where we get in trouble
|
||||
if a cipher doesn't use an IV.
|
||||
*/
|
||||
{
|
||||
const char *s =
|
||||
"-----BEGIN RSA PUBLIC KEY-----\n"
|
||||
"Proc-Type:4,ENCRYPTED\n"
|
||||
"DEK-Info:des-ede -\n"
|
||||
"\n"
|
||||
"iRqK\n"
|
||||
"-----END RSA PUBLIC KEY-----\n";
|
||||
tt_int_op(-1, OP_EQ,
|
||||
crypto_pk_read_public_key_from_string(pk, s, strlen(s)));
|
||||
}
|
||||
done:
|
||||
crypto_pk_free(pk);
|
||||
}
|
||||
#ifdef HAVE_TRUNCATE
|
||||
#define do_truncate truncate
|
||||
#else
|
||||
|
@ -2991,6 +3031,7 @@ struct testcase_t crypto_tests[] = {
|
|||
CRYPTO_LEGACY(pk),
|
||||
{ "pk_fingerprints", test_crypto_pk_fingerprints, TT_FORK, NULL, NULL },
|
||||
{ "pk_base64", test_crypto_pk_base64, TT_FORK, NULL, NULL },
|
||||
{ "pk_pem_encrypted", test_crypto_pk_pem_encrypted, TT_FORK, NULL, NULL },
|
||||
CRYPTO_LEGACY(digests),
|
||||
{ "digest_names", test_crypto_digest_names, 0, NULL, NULL },
|
||||
{ "sha3", test_crypto_sha3, TT_FORK, NULL, NULL},
|
||||
|
|
|
@ -125,6 +125,13 @@ test_protover_parse_fail(void *arg)
|
|||
/* Broken range */
|
||||
elts = parse_protocol_list("Link=1,9-8,3");
|
||||
tt_ptr_op(elts, OP_EQ, NULL);
|
||||
|
||||
/* Protocol name too long */
|
||||
elts = parse_protocol_list("DoSaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
|
||||
"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
|
||||
"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa");
|
||||
tt_ptr_op(elts, OP_EQ, NULL);
|
||||
|
||||
#endif
|
||||
done:
|
||||
;
|
||||
|
@ -219,6 +226,15 @@ test_protover_vote(void *arg)
|
|||
tt_str_op(result, OP_EQ, "");
|
||||
tor_free(result);
|
||||
|
||||
/* Protocol name too long */
|
||||
smartlist_clear(lst);
|
||||
smartlist_add(lst, (void*) "DoSaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
|
||||
"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
|
||||
"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa");
|
||||
result = protover_compute_vote(lst, 1);
|
||||
tt_str_op(result, OP_EQ, "");
|
||||
tor_free(result);
|
||||
|
||||
done:
|
||||
tor_free(result);
|
||||
smartlist_free(lst);
|
||||
|
@ -300,6 +316,17 @@ test_protover_all_supported(void *arg)
|
|||
tt_assert(protover_all_supported("Sleen=0-4294967295", &msg));
|
||||
tor_end_capture_bugs_();
|
||||
|
||||
/* Protocol name too long */
|
||||
#ifndef HAVE_RUST // XXXXXX ?????
|
||||
tor_capture_bugs_(1);
|
||||
tt_assert(protover_all_supported(
|
||||
"DoSaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
|
||||
"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
|
||||
"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
|
||||
"aaaaaaaaaaaa=1-65536", &msg));
|
||||
tor_end_capture_bugs_();
|
||||
#endif
|
||||
|
||||
done:
|
||||
tor_end_capture_bugs_();
|
||||
tor_free(msg);
|
||||
|
|
|
@ -233,6 +233,13 @@ test_circbw_relay(void *arg)
|
|||
circ->cpath);
|
||||
ASSERT_COUNTED_BW();
|
||||
|
||||
/* Empty Data cell on open connection: not counted */
|
||||
ENTRY_TO_CONN(entryconn)->marked_for_close = 0;
|
||||
PACK_CELL(1, RELAY_COMMAND_DATA, "");
|
||||
connection_edge_process_relay_cell(&cell, TO_CIRCUIT(circ), edgeconn,
|
||||
circ->cpath);
|
||||
ASSERT_UNCOUNTED_BW();
|
||||
|
||||
/* Sendme on stream: not counted */
|
||||
ENTRY_TO_CONN(entryconn)->outbuf_flushlen = 0;
|
||||
PACK_CELL(1, RELAY_COMMAND_SENDME, "Data1234");
|
||||
|
|
|
@ -218,7 +218,7 @@
|
|||
#define USING_TWOS_COMPLEMENT
|
||||
|
||||
/* Version number of package */
|
||||
#define VERSION "0.3.4.1-alpha"
|
||||
#define VERSION "0.3.4.1-alpha-dev"
|
||||
|
||||
|
||||
|
||||
|
|
Loading…
Reference in New Issue