aboutsummaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAge
* Move circuit-id-in-use check for CREATE cells to before all other checksNick Mathewson2014-06-10
| | | | | This means that we never send a DESTROY cell in response to an attempt to CREATE an existing circuit. Fixes bug 12191.
* Merge remote-tracking branch 'origin/maint-0.2.4'Nick Mathewson2014-06-10
|\
| * Fix changes file for geoipNick Mathewson2014-06-10
| |
| * Merge remote-tracking branch 'karsten/geoip6-jun2014' into maint-0.2.4Nick Mathewson2014-06-10
| |\
| | * Update geoip6 to the June 4 2014 database.Karsten Loesing2014-06-10
| | |
| * | Merge remote-tracking branch 'origin/maint-0.2.3' into maint-0.2.4Nick Mathewson2014-06-10
| |\ \ | | |/ | |/|
| | * Update geoip to the June 4 2014 database.Karsten Loesing2014-06-10
| | |
* | | Merge remote-tracking branch 'public/bug12227_024'Nick Mathewson2014-06-10
|\ \ \
| * | | Avoid illegal read off end of an array in prune_v2_cipher_listNick Mathewson2014-06-10
| |/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This function is supposed to construct a list of all the ciphers in the "v2 link protocol cipher list" that are supported by Tor's openssl. It does this by invoking ssl23_get_cipher_by_char on each two-byte ciphersuite ID to see which ones give a match. But when ssl23_get_cipher_by_char cannot find a match for a two-byte SSL3/TLS ciphersuite ID, it checks to see whether it has a match for a three-byte SSL2 ciphersuite ID. This was causing a read off the end of the 'cipherid' array. This was probably harmless in practice, but we shouldn't be having any uninitialized reads. (Using ssl23_get_cipher_by_char in this way is a kludge, but then again the entire existence of the v2 link protocol is kind of a kludge. Once Tor 0.2.2 clients are all gone, we can drop this code entirely.) Found by starlight. Fix on 0.2.4.8-alpha. Fixes bug 12227.
* | | Spell getrlimit correctly.Nick Mathewson2014-06-08
| | | | | | | | | | | | | | | Fixes bug in b0c1c700114aa8d4dfc180d85870c5bbe15fcacb; bug 12229. Bugfix not in any released Tor. Patch from "alphawolf".
* | | Merge remote-tracking branch 'public/bug12169_relay_check'Nick Mathewson2014-06-04
|\ \ \
| * | | Use uint32 !=, not tor_memneq, for relay cell integrity checkingNick Mathewson2014-06-01
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | tor_memeq has started to show up on profiles, and this is one of the most frequent callers of that function, appearing as it does on every cell handled for entry or exit. 59f9097d5c3dc010847c359888d31757d1c97904 introduced tor_memneq here; it went into Tor 0.2.1.31. Fixes part of 12169.
* | | | Merge remote-tracking branch 'andrea/bug10616'Nick Mathewson2014-06-04
|\ \ \ \
| * | | | Add changes file for bug10616Andrea Shepard2014-06-03
| | | | |
| * | | | Squelch spurious LD_BUG message in connection_ap_handshake_socks_reply()Andrea Shepard2014-06-03
| |/ / /
* | | | Merge remote-tracking branch 'public/bug12195'Nick Mathewson2014-06-04
|\ \ \ \
| * | | | Fix ancient code that only checked circ_id, not circ_id and chanNick Mathewson2014-06-03
| | |/ / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This code mis-handled the case where a circuit got the same circuit ID in both directions. I found three instances of it in the codebase, by grepping for [pn]_circ_id. Because of the issue in command_process_relay_cell(), this would have made roughly one circuit in a million completely nonfunctional. Fixes bug 12195.
* | | | fix #10405's changes fileRoger Dingledine2014-06-02
| | | |
* | | | remove a stray " while warning about missing packages on redhatRoger Dingledine2014-06-02
| | | |
* | | | Don't try to fetch bridge descriptors when DisableNetwork is setNick Mathewson2014-06-02
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Patch from Roger; changes file by me. Fixes 10405; bugfix on 0.2.3.9-alpha, where DisableNetwork was introduced.
* | | | Merge remote-tracking branch 'public/bug12170_024_v2'Nick Mathewson2014-06-02
|\ \ \ \ | |_|/ / |/| | |
| * | | Avoid needless router_dir_info_has_changed from router_set_statusNick Mathewson2014-06-02
| |/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | On some profiles of Andrea's from #11332, I found that a great deal of time can still be attributed to functions called from update_router_have_minimum_dir_info(). This is making our digestmap, tor_memeq, and siphash functions take a much bigger portion of runtime than they really should. If we're calling update_router_have_minimum_dir_info() too often, that's because we're calling router_dir_info_changed() too often. And it looks like most of the callers of router_dir_info_changed() are coming as tail-calls from router_set_status() as invoked by channel_do_open_actions(). But we don't need to call router_dir_info_changed() so much! (I'm not quite sure we need to call it from here at all, but...) Surely we don't need to call it from router_set_status when the router's status has not actually changed. This patch makes us call router_dir_info_changed() from router_set_status only when we are changing the router's status. Fix for bug 12170. This is leftover from our fix back in 273ee3e81 in 0.1.2.1-alpha, where we started caching the value of update_router_have_minimum_dir_info().
* | | label all unlabeled bugfixes sections; lightly sort moreNick Mathewson2014-05-29
| | |
* | | Remove duplicate changelog entry for 8368Nick Mathewson2014-05-29
| | |
* | | Sort unlabeled 'minor features' entries in 0255 changelogNick Mathewson2014-05-29
| | |
* | | Reformat 0255 changelog. Tweak formatter script.Nick Mathewson2014-05-29
| | |
* | | Start on the 0.2.5.5-alpha changelog.Nick Mathewson2014-05-29
| | | | | | | | | | | | | | | | | | | | | | | | | | | I've copied the entries from changes/, labeled the ones that also appeared in 0.2.4.22, sorted them lightly with a python script (added to maint), and combined sections with the same name. I didn't combine sections without a description (e.g. "Minor bugfixes:"), since we'll probably add a description to those.
* | | sandbox: allow enough setsockopt to make ConstrainedSockets workNick Mathewson2014-05-29
| | | | | | | | | | | | fixes bug 12139; bugfix on 0.2.5.1-alpha
* | | sandbox: permit listen(2)Nick Mathewson2014-05-27
| | | | | | | | | | | | Fix for 12115; bugfix on 0.2.5.1-alpha
* | | sandbox: Allow DirPortFrontPage unconditionally if it's setNick Mathewson2014-05-27
| | | | | | | | | | | | | | | | | | fixes 12114; bug not in any release. Improves fix for 12028
* | | Merge branch 'bug11622'Nick Mathewson2014-05-27
|\ \ \
| * | | Log the errno value if seccomp_load() fails.Nick Mathewson2014-05-27
| | | | | | | | | | | | | | | | | | | | (This is how I found out I was trying to test with a kernel too old for seccomp. I think.)
| * | | Make sandbox.c compile on armNick Mathewson2014-05-27
|/ / / | | | | | | | | | | | | This is a minimal set of changes for compilation; I need a more recent kernel to test this stuff.
* | | sandbox: Correct fix for hs part of 12064Nick Mathewson2014-05-23
| | | | | | | | | | | | Bugfix on cfd0ee514c279bc6c7b; bug not in any released version of tor
* | | Merge branch 'bug11965_v2'Nick Mathewson2014-05-23
|\ \ \
| * | | Postpone fetches based on should_delay_dir_fetch(), not DisableNetworkNick Mathewson2014-05-23
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Without this fix, when running with bridges, we would try fetching directory info far too early, and have up to a 60 second delay if we started with bridge descriptors available. Fixes bug 11965. Fix on 0.2.3.6-alpha, arma thinks.
* | | | sandbox: allow reading of hidden service configuration files.Nick Mathewson2014-05-22
| | | | | | | | | | | | | | | | fixes part of 12064
* | | | sandbox: refactor string-based option-unchanged tests to use a macroNick Mathewson2014-05-22
| | | | | | | | | | | | | | | | | | | | There was too much code duplication in doing it the old way, and I nearly made a copy-and-paste error in the last commit.
* | | | sandbox: allow access to cookie files, approved-routersNick Mathewson2014-05-22
| | | | | | | | | | | | | | | | fixes part of 12064
* | | | changes file for 12064_part1Nick Mathewson2014-05-22
| | | |
* | | | sandbox: allow access to various stats/*-stats filesMichael Wolf2014-05-22
| | | | | | | | | | | | | | | | Fix for 12064 part 1
* | | | Documentation fix: DataDir/status/* -> DataDir/stats/*Nick Mathewson2014-05-22
| | | | | | | | | | | | | | | | Our documentation had the name of this directory wrong.
* | | | Merge remote-tracking branch 'andrea/bug11476'Nick Mathewson2014-05-22
|\ \ \ \ | |/ / / |/| | |
| * | | Eliminate #ifdef ENABLE_MEMPOOLS in packed_cell_new/free()Andrea Shepard2014-05-21
| | | |
| * | | Add changes file for bug11476Andrea Shepard2014-05-16
| | | |
| * | | Turn --enable-mempools off by defaultAndrea Shepard2014-05-16
| | | |
| * | | Add --disable-mempools configure optionAndrea Shepard2014-05-12
| | | |
| * | | Turn --enable-buf-freelists off by defaultAndrea Shepard2014-05-12
| | | |
* | | | sandbox: permit gettid, sched_getaffinityNick Mathewson2014-05-20
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | These are needed under some circumstances if we are running with expensive-hardening and sandbox at the same time. fixes 11477, bugfix on 0.2.5.4-alpha (where we introduced expensive-hardening)
* | | | fix a wide lineNick Mathewson2014-05-20
| | | |