| Commit message (Collapse) | Author | Age |
|---|
| ... | |
| | | | | | |
| | | | | |
| | | | | |
| | | | | | |
it anyways (closes: #478631)
|
| | | | | | | |
|
| | | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
libssl 0.9.8k-6 disabled autorenegotation, and the -dev package
introduced the SSL3_FLAGS_ALLOW_UNSAFE_LEGACY_RENEGOTIATION flag.
Since we now set that flag if available we want to make sure that it
*is* available when building.
Therefore build-depend on libssl-dev >= 0.9.8k-6.
If we build against earlier versions we will not work once libssl gets
upgraded to a version that disabled renegotiations.
|
| | | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
work with libssl that has renegotiation disabled by default.
(debian/patches/0a58567c-work-with-reneg-ssl.dpatch)
|
| | |\ \ \ \ \
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
* debian-merge:
New upstream version
fix compile on windows
bump to 0.2.2.5-alpha
Move dizum to an alternate IP address.
Ship test.h in release
|
| | | | | | | | |
|
| | | |\ \ \ \ \
| |/ / / / / /
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
* commit 'tor-0.2.2.5-alpha':
fix compile on windows
bump to 0.2.2.5-alpha
Move dizum to an alternate IP address.
Ship test.h in release
|
| | | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
This fixes bug 1147:
bionic doesn't have an actual implementation of mlockall();
mlockall() is merely in the headers but not actually in the library.
This prevents Tor compilation with the bionic libc for Android handsets.
|
| | | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
Fix a memory leak on directory authorities during voting that was
introduced in 0.2.2.1-alpha. Found via valgrind.
|
| | | | | | | | |
|
| | | | | | | | |
|
| |\ \ \ \ \ \ \
| | |_|/ / / /
| |/| | | | |
| | | | | | |
| | | | | | | |
Conflicts:
src/common/tortls.c
|
| | | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
To fix a major security problem related to incorrect use of
SSL/TLS renegotiation, OpenSSL has turned off renegotiation by
default. We are not affected by this security problem, however,
since we do renegotiation right. (Specifically, we never treat a
renegotiated credential as authenticating previous communication.)
Nevertheless, OpenSSL's new behavior requires us to explicitly
turn renegotiation back on in order to get our protocol working
again.
Amusingly, this is not so simple as "set the flag when you create
the SSL object" , since calling connect or accept seems to clear
the flags.
For belt-and-suspenders purposes, we clear the flag once the Tor
handshake is done. There's no way to exploit a second handshake
either, but we might as well not allow it.
|
| | | | | | | | |
|
| | | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
This commit implements a new config option: 'DisableAllSwap'
This option probably only works properly when Tor is started as root.
We added two new functions: tor_mlockall() and tor_set_max_memlock().
tor_mlockall() attempts to mlock() all current and all future memory pages.
For tor_mlockall() to work properly we set the process rlimits for memory to
RLIM_INFINITY (and beyond) inside of tor_set_max_memlock().
We behave differently from mlockall() by only allowing tor_mlockall() to be
called one single time. All other calls will result in a return code of 1.
It is not possible to change DisableAllSwap while running.
A sample configuration item was added to the torrc.complete.in config file.
A new item in the man page for DisableAllSwap was added.
Thanks to Moxie Marlinspike and Chris Palmer for their feedback on this patch.
Please note that we make no guarantees about the quality of your OS and its
mlock/mlockall implementation. It is possible that this will do nothing at all.
It is also possible that you can ulimit the mlock properties of a given user
such that root is not required. This has not been extensively tested and is
unsupported. I have included some comments for possible ways we can handle
this on win32.
|
| | | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
Bridges do not use the default exit policy, but reject *:* by default.
|
| |\ \ \ \ \ \ \ |
|
| | | |_|_|_|_|/
| |/| | | | | |
|
| |/ / / / / /
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
If your relay can't keep up with the number of incoming create cells, it
would log one warning per failure into your logs. Limit warnings to 1 per
minute.
|
| |\ \ \ \ \ \
| |/ / / / / |
|
| | | | | | | |
|
| | | | | | | |
|
| |\ \ \ \ \ \ |
|
| | | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
If all authorities restart at once right before a consensus vote, nobody
will vote about "Running", and clients will get a consensus with no usable
relays. Instead, authorities refuse to build a consensus if this happens.
|
| | | | | | | | |
|
| | | | | | | | |
|
| | | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
On any failing case in test_util_config_line, we would leak a couple
of strings.
|
| | | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
This was left over from an early draft of the microdescriptor code; it
began to populate the signatures array of a networkstatus vote, even
though there's no actual need to do that for a vote.
|
| | | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
In its zeal to keep me from saying memset(x, '0', sizeof(x)), Coverity
disallows memset(x, 48, sizeof(x)). Fine. I'll choose a different
magic number, see if I care!
|
| | | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
In C, the code "char x[10]; if (x) {...}" always takes the true branch of
the if statement. Coverity notices this now.
In some cases, we were testing arrays to make sure that an operation
we wanted to do would suceed. Those cases are now always-true.
In some cases, we were testing arrays to see if something was _set_.
Those caes are now tests for strlen(s), or tests for
!tor_mem_is_zero(d,len).
|
| | | | | | | | |
|
| | | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
Every or conn has an outbuf, but coverity has no way of knowing that.
Add an assert to ease its conscience.
|
| |\ \ \ \ \ \ \
| | |/ / / / /
| |/| | | | | |
|
| | | | | | | | |
|
| | | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
The first happens on an error case when a controller wants an
impossible directory object. The second happens when we can't write
our fingerprint file.
|
| | | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
The code for these was super-wrong, but will only break things when we
reset an option on a platform where sizeof(time_t) is different from
sizeof(int).
|
| |\ \ \ \ \ \ \
| |/ / / / / /
| | / / / / /
| |/ / / / /
|/| | | | | |
Conflicts:
ChangeLog
|
| | | |_|_|/
| |/| | |
| | | | |
| | | | |
| | | | | |
Spotted by xmux; bugfix on 0.2.0.10-alpha.
(Bug introduced by 20b10859)
|
| | | | | | |
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
See task 1114. The most plausible explanation for someone sending us weak
DH keys is that they experiment with their Tor code or implement a new Tor
client. Usually, we don't care about such events, especially not on warn
level. If we really care about someone not following the Tor protocol, we
can set ProtocolWarnings to 1.
|
| | | | | | |
|
| |\ \ \ \ \
| | |/ / /
| |/| | | |
|
| | |\ \ \ \
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
* debian-merge: (52 commits)
Ship debian source with src/test/test.h
New testsuite location
New upstream version
Fix testsuite call.
bump to 0.2.2.4-alpha
Don't set unreachable from dirvote unless we've been running a while.
correct the spec for the stream_bw event.
fix a bug where we were decrementing the wrong bucket
remove some dead code. some of it was tickling coverity.
add blurbs for recent alpha releases
Fix a memleak when throwing away some build times
amend changelog for recent commits, plus clean up
Tweak an assert that shouldn't fire either way.
Tweak values for when to discard all of our history.
Remove another overzealous assert.
try to stem the 'sea of fail'
fix the wiki link in doc pages. remove obsolete FAQ.
Ignore one-hop circuits for circuit timeout calc
Move Tonga to an alternate IP address
update spec to reflect change in Fast definition
...
|
| | | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
Upstream failed to ship src/test/test.h. Ship it in debian/ and
manually copy it in place during configure and clean up in clean. Let's
not use the patch system as this will most likely be rectified by next
release.
|
| | | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
The testsuite moved from src/or/test to src/test/test, but let's call it
using "make check" now.
|
| | | | | | | |
|
| | | |\ \ \ \
| |/ / / / /
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
* commit 'tor-0.2.2.4-alpha': (49 commits)
Fix testsuite call.
bump to 0.2.2.4-alpha
Don't set unreachable from dirvote unless we've been running a while.
correct the spec for the stream_bw event.
fix a bug where we were decrementing the wrong bucket
remove some dead code. some of it was tickling coverity.
add blurbs for recent alpha releases
Fix a memleak when throwing away some build times
amend changelog for recent commits, plus clean up
Tweak an assert that shouldn't fire either way.
Tweak values for when to discard all of our history.
Remove another overzealous assert.
try to stem the 'sea of fail'
fix the wiki link in doc pages. remove obsolete FAQ.
Ignore one-hop circuits for circuit timeout calc
Move Tonga to an alternate IP address
update spec to reflect change in Fast definition
Move moria1 to a nearby IP address
Dir auths reject relays running < Tor 0.1.2.14
Fix 1108: Handle corrupt or large build times state.
...
|
| | | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
One was a simple buffer overrun; the other was a high-speed pointer
collision. Both were introduced by my microdescs branch.
|
| |\ \ \ \ \ \ |
|
| | | | | | | | |
|
