| Commit message (Expand) | Author | Age |
|---|
| * | Update to the June 2012 GeoIP database.•••Manually removed range 0.116.0.0 to 0.119.255.255 which Maxmind says is
assigned to AT. This is very likely a bug in their database, because
0.0.0.0/8 is a reserved range.
| Karsten Loesing | 2012-06-13 |
| * | Send a CRLF at the end of a STATUS_* event, not in the middle of it•••Fixes bug 6094; bugfix on commit 3a9351b57e528b1d0bd2e72bcf78db7c91b2ff8f.
| Robert Ransom | 2012-06-07 |
| * | Merge remote-tracking branch 'public/bug6007_strict_squashed' into maint-0.2.2 | Nick Mathewson | 2012-06-04 |
| |\ |
|
| | * | Kill non-open OR connections with any data on their inbufs.•••This fixes a DoS issue where a client could send so much data in 5
minutes that they exhausted the server's RAM. Fix for bug 5934 and
6007. Bugfix on 0.2.0.20-rc, which enabled the v2 handshake.
| Nick Mathewson | 2012-06-04 |
| * | | Merge remote-tracking branch 'public/bug6033' into maint-0.2.2 | Nick Mathewson | 2012-06-04 |
| |\ \ |
|
| | * | | Work around a bug in OpenSSL 1.0.1's TLS 1.1 and TLS 1.2 support•••It appears that when OpenSSL negotiates a 1.1 or 1.2 connection, and it
decides to renegotiate, the client will send a record with version "1.0"
rather than with the current TLS version. This would cause the
connection to fail whenever both sides had OpenSSL 1.0.1, and the v2 Tor
handshake was in use.
As a workaround, disable TLS 1.1 and TLS 1.2. When a later version of
OpenSSL is released, we can make this conditional on running a fixed
version of OpenSSL.
Alternatively, we could disable TLS 1.1 and TLS 1.2 only on the client
side. But doing it this way for now means that we not only fix TLS with
patched clients; we also fix TLS when the server has this patch and the
client does not. That could be important to keep the network running
well.
Fixes bug 6033.
| Nick Mathewson | 2012-06-02 |
| * | | | add changes file for bug 5283•••I called it a bugfix on 0.2.0.10-alpha, since git commit e5885deab is
where we introduced anonymized begin_dir connections.
| Roger Dingledine | 2012-05-31 |
| * | | | Make all begindir or one-hop circuits internal•••This solves bug 5283, where client traffic could get sent over the
same circuit as an anonymized connection to a directory, even if
that circuit used an exit node unsuitable for clients. By marking
the directory connection as needs_internal, we ensure that the
(non-internal!) client-traffic connection won't be sent over the
same circuit.
| Nick Mathewson | 2012-05-31 |
| | |/
|/| |
|
| * | | Fix more clang format-nonliteral warnings (bug 5969) | Nick Mathewson | 2012-05-30 |
| * | | Add __attribute__(format)s for our varargs printf/scanf wrappers•••It turns out that if you set the third argument of
__attribute__(format) to 0, GCC and Clang will check the format
argument without expecting to find variadic arguments. This is the
correct behavior for vsnprintf, vasprintf, and vscanf.
I'm hoping this will fix bug 5969 (a clang warning) by telling clang that
the format argument to tor_vasprintf is indeed a format string.
| Nick Mathewson | 2012-05-30 |
| |/ |
|
| * | Make the succeeding parse_http_time tests more obviously right•••(When the correct answer is given in terms of seconds since the
epoch, it's hard to be sure that it really is the right answer
just by reading the code.)
| Nick Mathewson | 2012-05-16 |
| * | Merge branch 'bug5346_squashed' into maint-0.2.2 | Nick Mathewson | 2012-05-16 |
| |\ |
|
| | * | Fix month check in parse_http_time, add test | Sebastian Hahn | 2012-05-16 |
| | * | Remove more dubiosity in struct tm handling. related to bug5346 | Nick Mathewson | 2012-05-16 |
| | * | changes file for branch bug5346 | Nick Mathewson | 2012-05-16 |
| | * | Reject an additional type of bad date in parse_http_time | Nick Mathewson | 2012-05-16 |
| | * | Fix parse_http_time and add tests•••* It seems parse_http_time wasn't parsing correctly any date with commas (RFCs
1123 and 850). Fix that.
* It seems parse_http_time was reporting the wrong month (they start at 0, not
1). Fix that.
* Add some tests for parse_http_time, covering all three formats.
| Esteban Manchado Velázquez | 2012-05-16 |
| |/ |
|
| * | Correct the bulletproofing of routerlist_insert()•••The original code updated some variables, but forgot to remove a
replaced old-routerdesc from rl->old_routers.
Related to bug 1776.
| Nick Mathewson | 2012-05-16 |
| * | Clarify MaxCircuitDirtiness behavior with hidden services. Bug 5259. | Nick Mathewson | 2012-05-15 |
| * | Merge branch 'bug5796_022_squashed' into maint-0.2.2 | Nick Mathewson | 2012-05-15 |
| |\ |
|
| | * | Fix a crash bug on SETCIRCUITPURPOSE. | Nick Mathewson | 2012-05-15 |
| * | | Merge remote-tracking branch 'karsten/geoip-may2012' into maint-0.2.2 | Nick Mathewson | 2012-05-15 |
| |\ \ |
|
| | * | | Update to the May 2012 GeoIP database. | Karsten Loesing | 2012-05-07 |
| | |/ |
|
| * | | fix over-wide line from f661747370 | Roger Dingledine | 2012-05-10 |
| * | | Merge branch 'bug5786_range_022' into maint-0.2.2 | Nick Mathewson | 2012-05-10 |
| |\ \ |
|
| | * | | Handle out-of-range values in tor_parse_* integer functions•••The underlying strtoX functions handle overflow by saturating and
setting errno to ERANGE. If the min/max arguments to the
tor_parse_* functions are equal to the minimum/maximum of the
underlying type, then with the old approach, we wouldn't treat a
too-large value as genuinely broken.
Found this while looking at bug 5786; bugfix on 19da1f36 (in Tor
0.0.9), which introduced these functions.
| Nick Mathewson | 2012-05-07 |
| | |/ |
|
| * | | Add changes/bug5760 | Ravi Chandra Padmala | 2012-05-10 |
| * | | Add missing CRLFs to AUTHCHALLENGE failure replies•••Fix #5760
| Ravi Chandra Padmala | 2012-05-10 |
| |/ |
|
| * | Fix a log-uninitialized-buffer bug.•••Fix for 5647; bugfix on 0.2.1.5-alpha.
| Nick Mathewson | 2012-04-18 |
| * | rend_service_introduce(): do protocol violation check before anything else.•••(Cherry-picked from 6ba13e4 by nickm)
| George Kadianakis | 2012-04-18 |
| * | Merge branch 'bug5593' into maint-0.2.2 | Nick Mathewson | 2012-04-11 |
| |\ |
|
| | * | Include a Host: header with any HTTP/1.1 proxy request•••Bugfix on 0.2.2.1-alpha, which added the orginal HTTP proxy
authentication code. Fix for bug 5593.
| Nick Mathewson | 2012-04-10 |
| * | | Update to the April 2012 GeoIP database. | Karsten Loesing | 2012-04-11 |
| |/ |
|
| * | Wrap long line; strlen("ides")<strlen("turtles"). | Nick Mathewson | 2012-04-04 |
| * | ides has become turtles, and gotten a new IP address•••As per ticket 5569
| Sebastian Hahn | 2012-04-05 |
| * | put a _ before or_options_t elements that aren't configurable•••it's fine with me if we change the current convention, but we should
actually decide to change it if we want to.
| Roger Dingledine | 2012-04-01 |
| * | BridgePassword was never for debugging•••It is for the not-yet-implemented bridge community design.
| Roger Dingledine | 2012-04-01 |
| * | Do not use strcmp() to compare an http authenticator to its expected value•••This fixes a side-channel attack on the (fortunately unused!)
BridgePassword option for bridge authorities. Fix for bug 5543;
bugfix on 0.2.0.14-alpha.
| Nick Mathewson | 2012-04-01 |
| * | Safe cookie authentication gets a changes file | Nick Mathewson | 2012-03-26 |
| * | Merge remote-tracking branch 'rransom-tor/safecookie-022-v3' into maint-0.2.2 | Nick Mathewson | 2012-03-26 |
| |\ |
|
| | * | Implement 'safe cookie authentication' | Robert Ransom | 2012-02-22 |
| * | | Merge commit 'a5704b1c624c9a808f52f3a125339f00e2b9a378' into maint-0.2.2 | Nick Mathewson | 2012-03-26 |
| |\| |
|
| | * | Add a sha256 hmac function, with tests•••(cherry picked from commit fdbb9cdf746bbf0c39c34188baa8872471183ff7)
| Nick Mathewson | 2012-02-22 |
| * | | Use a given name in the bug5090 message, at its holder's request. | Nick Mathewson | 2012-03-09 |
| * | | Never choose a bridge as an exit. Bug 5342. | Nick Mathewson | 2012-03-09 |
| * | | Revise "sufficient exit nodes" check to work with restrictive ExitNodes•••If you set ExitNodes so that only 1 exit node is accepted, the
previous patch would have made you unable to build circuits.
| Nick Mathewson | 2012-03-09 |
| * | | Merge branch 'bug5343' into maint-0.2.2 | Nick Mathewson | 2012-03-09 |
| |\ \ |
|
| | * | | Require a threshold of exit nodes before building circuits•••This mitigates an attack proposed by wanoskarnet, in which all of a
client's bridges collude to restrict the exit nodes that the client
knows about. Fixes bug 5343.
| Nick Mathewson | 2012-03-08 |
| * | | | Oops; credit bug5090 patch to flupzor. estebanm only found the bug. | Nick Mathewson | 2012-03-09 |
| * | | | Correctly handle broken escape sequences in torrc values•••Previously, malformatted torrc values could crash us.
Patch by Esteban Manchado. Fixes bug 5090; fix on 0.2.0.16-alpha.
| Nick Mathewson | 2012-03-09 |
| |/ / |
|