Trac issueshttps://gitlab.torproject.org/legacy/trac/-/issues2020-06-13T16:07:48Zhttps://gitlab.torproject.org/legacy/trac/-/issues/6038Enable full RELRO and PIE in tor.spec for building Tor RPMs2020-06-13T16:07:48ZOndrej MikleEnable full RELRO and PIE in tor.spec for building Tor RPMsAttached patch adds two flags, --enable-gcc-hardening --enable-linker-hardening, so that resulting executables have full RELRO and are position-independent.Attached patch adds two flags, --enable-gcc-hardening --enable-linker-hardening, so that resulting executables have full RELRO and are position-independent.Patrick McDonaldPatrick McDonaldhttps://gitlab.torproject.org/legacy/trac/-/issues/6690compare_tor_addr_to_addr_policy assertion error2020-06-13T14:22:03ZTraccompare_tor_addr_to_addr_policy assertion errorOccasionally, usually after tor fetches its directory microdescriptors or when I "wake" tor up after a long time of inactivity, I get the following error:
compare_tor_addr_to_addr_policy(): Bug: policies.c:716: compare_tor_addr_to_addr...Occasionally, usually after tor fetches its directory microdescriptors or when I "wake" tor up after a long time of inactivity, I get the following error:
compare_tor_addr_to_addr_policy(): Bug: policies.c:716: compare_tor_addr_to_addr_policy: Assertion port != 0 failed; aborting.
After which tor exits. This didn't happen before (and I have been with this version of tor for a long time), though I've had this error twice in a week now, so thought to report it.
**Trac**:
**Username**: mr-4Tor: 0.2.2.x-finalhttps://gitlab.torproject.org/legacy/trac/-/issues/6158TLS error while generating certificate: could not load the shared library2020-06-13T14:20:28ZTracTLS error while generating certificate: could not load the shared libraryRunning tor 0.2.15-alpha with openssl 1.0.1, a warning is displayed
```
Jun 14 07:35:09.000 [warn] TLS error while generating certificate: could not load the shared library (in DSO support routines:DLFCN_LOAD:---)
Jun 14 07:35:09.000 [...Running tor 0.2.15-alpha with openssl 1.0.1, a warning is displayed
```
Jun 14 07:35:09.000 [warn] TLS error while generating certificate: could not load the shared library (in DSO support routines:DLFCN_LOAD:---)
Jun 14 07:35:09.000 [warn] TLS error while generating certificate: could not load the shared library (in DSO support routines:DSO_load:---)
Jun 14 07:35:09.000 [warn] TLS error while generating certificate: dso not found (in engine routines:DYNAMIC_LOAD:---)
Jun 14 07:35:09.000 [warn] TLS error while generating certificate: no such engine (in engine routines:ENGINE_by_id:---)
```
This warning seems related to the lack of AES NI engine in 1.0.1.
```
/usr/lib64/engines/libaesni.so is not built in 1.0.1
openssl speed -engine aesni
invalid engine "aesni
```
**Trac**:
**Username**: librefreiheitTor: 0.2.3.x-finalhttps://gitlab.torproject.org/legacy/trac/-/issues/6033Tor v2 handshake does not work with openssl 1.0.12020-06-13T14:20:13ZTracTor v2 handshake does not work with openssl 1.0.1
Bridge configuration:
PublishServerDescriptor 0
BridgeRelay 1
ORPort 8443
ContactInfo IRC://murble@oftc
ExitPolicy reject *:*
on Linux 3.2.0-0.bpo.2-amd64 with wheezy userland
and tor 0.2.3.15-alpha-1~wheezy+1
openssl 1.0.1c-1
libev...
Bridge configuration:
PublishServerDescriptor 0
BridgeRelay 1
ORPort 8443
ContactInfo IRC://murble@oftc
ExitPolicy reject *:*
on Linux 3.2.0-0.bpo.2-amd64 with wheezy userland
and tor 0.2.3.15-alpha-1~wheezy+1
openssl 1.0.1c-1
libevent-2.0-5 2.0.19-stable-2
I'm using the standard 0.2.2.35 tor browser bundle I've
tested with both Win32 and Linux binaries.
0.2.3.12-alpha based tor browser bundles can connect
as can tor 0.2.3.15-alpha-1~wheezy+1
**Trac**:
**Username**: murbleTor: 0.2.2.x-finalhttps://gitlab.torproject.org/legacy/trac/-/issues/6029relay crash in libcrypto (tor_tls_handshake)2020-06-13T14:20:11ZLinus Nordberglinus@torproject.orgrelay crash in libcrypto (tor_tls_handshake)This is on a very fast relay (>200 mbit/s). Started happening day
before yesterday without any known changes to tor, libevent or
openssl. Reproducable within hours it seems.
$ uname -a
Linux tor 2.6.32-38-server #83-Ubuntu SMP Wed Jan...This is on a very fast relay (>200 mbit/s). Started happening day
before yesterday without any known changes to tor, libevent or
openssl. Reproducable within hours it seems.
$ uname -a
Linux tor 2.6.32-38-server #83-Ubuntu SMP Wed Jan 4 11:26:59 UTC 2012 x86_64 GNU/Linux
libevent is 2.0.19-stable.
```
Jun 01 08:49:46.000 [notice] Tor 0.2.3.15-alpha (git-2513a3e959b61612) opening log file.
Jun 01 08:49:46.000 [notice] This version of OpenSSL has a known-good EVP counter-mode implementation. Using it.
Jun 01 08:49:46.000 [notice] OpenSSL OpenSSL 1.0.1c 10 May 2012 looks like version 0.9.8m or later; I will try SSL_OP to enable renegotiation
Jun 01 08:49:46.000 [notice] Your Tor server's identity key fingerprint is 'ndnr1 6330CCF8FEED2EF9B12FCF6688E2577C65522BA4'
(gdb) bt full
#0 0x00007ffff6a02acd in write () from /lib/libc.so.6
No symbol table info available.
#1 0x00007ffff71a1035 in sock_write () from /home/linus/usr/lib/libcrypto.so.1.0.0
No symbol table info available.
#2 0x00007ffff719f1a7 in BIO_write () from /home/linus/usr/lib/libcrypto.so.1.0.0
No symbol table info available.
#3 0x00007ffff71a2389 in buffer_ctrl () from /home/linus/usr/lib/libcrypto.so.1.0.0
No symbol table info available.
#4 0x00007ffff74b6307 in ssl3_accept () from /home/linus/usr/lib/libssl.so.1.0.0
No symbol table info available.
#5 0x00007ffff74c2b05 in ssl23_get_client_hello () from /home/linus/usr/lib/libssl.so.1.0.0
No symbol table info available.
#6 0x00007ffff74c33e5 in ssl23_accept () from /home/linus/usr/lib/libssl.so.1.0.0
No symbol table info available.
#7 0x000000000052e3f9 in tor_tls_handshake (tls=0x7fffdc774b60) at tortls.c:1743
r = 0
oldstate = 24576
__PRETTY_FUNCTION__ = "tor_tls_handshake"
__func__ = "tor_tls_handshake"
#8 0x00000000004bd04e in connection_tls_continue_handshake (conn=0x7fffdc4507a0)
at connection_or.c:1182
result = 7
__PRETTY_FUNCTION__ = "connection_tls_continue_handshake"
__func__ = "connection_tls_continue_handshake"
#9 0x00000000004bcf01 in connection_tls_start_handshake (conn=0x7fffdc4507a0, receiving=1)
at connection_or.c:1139
__PRETTY_FUNCTION__ = "connection_tls_start_handshake"
__func__ = "connection_tls_start_handshake"
#10 0x00000000004a7b5b in connection_init_accepted_conn (conn=0x7fffdc4507a0, listener=0x7ac900)
at connection.c:1278
No locals.
#11 0x00000000004a7a7f in connection_handle_listener_read (conn=0x7ac900, new_type=4)
at connection.c:1256
news = 314
newconn = 0x7fffdc4507a0
addrbuf = {ss_family = 2, __ss_align = 0, __ss_padding = '\000' <repeats 111 times>}
remote = 0x7fffffffddd0
remotelen = 16
options = 0x7a9c80
__PRETTY_FUNCTION__ = "connection_handle_listener_read"
__func__ = "connection_handle_listener_read"
#12 0x00000000004aad5e in connection_handle_read_impl (conn=0x7ac900) at connection.c:2627
max_to_read = -1
try_to_read = 140737354119250
before = 140737488346864
n_read = 0
socket_error = 0
__PRETTY_FUNCTION__ = "connection_handle_read_impl"
__func__ = "connection_handle_read_impl"
#13 0x00000000004ab14e in connection_handle_read (conn=0x7ac900) at connection.c:2721
res = 32767
#14 0x000000000040a578 in conn_read_callback (fd=8, event=2, _conn=0x7ac900) at main.c:702
conn = 0x7ac900
__PRETTY_FUNCTION__ = "conn_read_callback"
#15 0x00007ffff771010c in event_process_active_single_queue (base=0x7ac110, flags=<value optimized out>)
at event.c:1346
ev = 0x7ac9d0
#16 event_process_active (base=0x7ac110, flags=<value optimized out>) at event.c:1416
activeq = 0x7ab9b0
i = 0
#17 event_base_loop (base=0x7ac110, flags=<value optimized out>) at event.c:1617
n = 1
evsel = 0x7ffff7940d80
tv = {tv_sec = 0, tv_usec = 53123}
tv_p = <value optimized out>
res = <value optimized out>
retval = <value optimized out>
__func__ = "event_base_loop"
#18 0x000000000040cf32 in do_main_loop () at main.c:1924
loop_result = 0
now = 1338533388
__PRETTY_FUNCTION__ = "do_main_loop"
__func__ = "do_main_loop"
#19 0x000000000040e4a7 in tor_main (argc=3, argv=0x7fffffffe1f8) at main.c:2619
result = 0
__PRETTY_FUNCTION__ = "tor_main"
#20 0x0000000000408b34 in main (argc=3, argv=0x7fffffffe1f8) at tor_main.c:30
No locals.
```Tor: 0.2.3.x-finalhttps://gitlab.torproject.org/legacy/trac/-/issues/58600.2.2.x -> 0.2.3.x upgrade breaks tor relay (failed: Function not implemented)2020-06-13T14:19:37Zcypherpunks0.2.2.x -> 0.2.3.x upgrade breaks tor relay (failed: Function not implemented)hi,
today I tried to upgrade from Tor v0.2.2.35 to v0.2.3.15 using your debian package repo, but since running 0.2.3.15 the relay is no longer working. (very simple config ORPort, DirPort, ExitPolicy)
The node is running Debian Squeeze....hi,
today I tried to upgrade from Tor v0.2.2.35 to v0.2.3.15 using your debian package repo, but since running 0.2.3.15 the relay is no longer working. (very simple config ORPort, DirPort, ExitPolicy)
The node is running Debian Squeeze.
```
[notice] Tor 0.2.3.15-alpha (git-d2fd67f30991cbc4) opening log file.
[notice] Parsing GEOIP file /usr/share/tor/geoip.
[notice] Configured to measure statistics. Look for the *-stats files that will first be written to the data directory in 24 hours from now.
[notice] No AES engine found; using AES_* functions.
[notice] This version of OpenSSL has a slow implementation of counter mode; not using it.
[notice] OpenSSL OpenSSL 0.9.8o 01 Jun 2010 looks like version 0.9.8m or later; I will try SSL_OP to enable renegotiation
[notice] Your Tor server's identity key fingerprint is [scrubbed]
[notice] Reloaded microdescriptor cache. Found 3544 descriptors.
[notice] We now have enough directory information to build circuits.
[notice] Bootstrapped 80%: Connecting to the Tor network.
[warn] accept() failed: Function not implemented. Closing listener.
[notice] Guessed our IP address as [scrubbed] (source: [scrubbed]).
[notice] Opening OR listener on [scrubbed]
[notice] Heartbeat: It seems like we are not in the cached consensus.
[notice] Heartbeat: Tor's uptime is 0:00 hours, with 1 circuits open. I've sent 14 kB and received 168 kB.
[notice] Bootstrapped 85%: Finishing handshake with first hop.
[notice] Bootstrapped 90%: Establishing a Tor circuit.
[notice] Tor has successfully opened a circuit. Looks like client functionality is working.
[notice] Bootstrapped 100%: Done.
[notice] Now checking whether ORPort [scrubbed] and DirPort [scrubbed] are reachable... (this may take up to 20 minutes -- look for log messages indicating success)
[warn] accept() failed: Function not implemented. Closing listener.
[warn] accept() failed: Function not implemented. Closing listener.
[notice] Opening Directory listener on [scrubbed]
[notice] Opening OR listener on [scrubbed]
[warn] accept() failed: Function not implemented. Closing listener.
[warn] accept() failed: Function not implemented. Closing listener.
[notice] Opening Directory listener on [scrubbed]
[notice] Opening OR listener on [scrubbed]
[warn] accept() failed: Function not implemented. Closing listener.
[notice] Opening OR listener on [scrubbed]
[warn] accept() failed: Function not implemented. Closing listener.
[notice] Opening OR listener on [scrubbed]
[warn] accept() failed: Function not implemented. Closing listener.
[notice] Opening OR listener on [scrubbed]
[warn] accept() failed: Function not implemented. Closing listener.
[notice] Opening OR listener on [scrubbed]
[warn] accept() failed: Function not implemented. Closing listener.
[notice] Opening OR listener on [scrubbed]
[warn] accept() failed: Function not implemented. Closing listener.
[warn] accept() failed: Function not implemented. Closing listener.
[notice] Opening Directory listener on [scrubbed]
[notice] Opening OR listener on [scrubbed]
[warn] accept() failed: Function not implemented. Closing listener.
```https://gitlab.torproject.org/legacy/trac/-/issues/5847Better error message on GETINFO desc/* when you only have MDs.2020-06-13T14:19:34ZTracBetter error message on GETINFO desc/* when you only have MDs.The "GETINFO desc/id/OR identity" and "GETINFO desc/name/OR nick" options don't seem to work on the Tor control port:
GETINFO desc/id/DD397148A4AB4D43E5E6CB9C5F45E922872CC2D3
552 Unrecognized key "desc/id/DD397148A4AB4D43E5E6CB9C5F45E92...The "GETINFO desc/id/OR identity" and "GETINFO desc/name/OR nick" options don't seem to work on the Tor control port:
GETINFO desc/id/DD397148A4AB4D43E5E6CB9C5F45E922872CC2D3
552 Unrecognized key "desc/id/DD397148A4AB4D43E5E6CB9C5F45E922872CC2D3"
If I replace "desc" with "md" I get the expected response, and they're both described in the spec as taking the same arguments...
**Trac**:
**Username**: mickeycTor: 0.3.2.x-finalhttps://gitlab.torproject.org/legacy/trac/-/issues/5796Crashing Tor with SETCIRCUITPURPOSE2020-06-13T14:19:28ZTracCrashing Tor with SETCIRCUITPURPOSEI seem to be able to consistently crash Tor, with nothing being added to the log file by doing the following:
alfa:~# telnet localhost 9051
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
AUTHENTICATE **********
25...I seem to be able to consistently crash Tor, with nothing being added to the log file by doing the following:
alfa:~# telnet localhost 9051
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
AUTHENTICATE **********
250 OK
EXTENDCIRCUIT 0
250 EXTENDED 24
SETCIRCUITPURPOSE 24 general
Connection closed by foreign host.
alfa:~# telnet localhost 9051
Trying 127.0.0.1...
telnet: Unable to connect to remote host: Connection refused
alfa:~#
**Trac**:
**Username**: mickeycTor: 0.2.2.x-finalAaron GibsonAaron Gibsonhttps://gitlab.torproject.org/legacy/trac/-/issues/5760Safe cookie authentication failure replies do not end with a CRLF2020-06-13T14:19:24ZneenaSafe cookie authentication failure replies do not end with a CRLFOn the control socket, AUTHCHALLENGE's failure replies do not end with a CRLF.
```
+12:29% nc localhost 9100
AUTHCHALLENGE SAFEOHJOIE
513 AUTHCHALLENGE only supports SAFECOOKIE authentication%
```
```
+1:43% nc localhost 9100
AUTHCHALLE...On the control socket, AUTHCHALLENGE's failure replies do not end with a CRLF.
```
+12:29% nc localhost 9100
AUTHCHALLENGE SAFEOHJOIE
513 AUTHCHALLENGE only supports SAFECOOKIE authentication%
```
```
+1:43% nc localhost 9100
AUTHCHALLENGE SAFECOOKIE FOOFA
513 Invalid base16 client nonce%
```
That is all.Tor: 0.2.2.x-finalneenaneenahttps://gitlab.torproject.org/legacy/trac/-/issues/6263Vidalia Bridge Bundle Logs DirPort Warnings2015-04-20T17:56:03ZTracVidalia Bridge Bundle Logs DirPort WarningsA fresh install of the Vidalia bridge bundle logs the following:
[Warning] Can't set a DirPort on a bridge relay; disabling DirPort
**Trac**:
**Username**: BarkerJrA fresh install of the Vidalia bridge bundle logs the following:
[Warning] Can't set a DirPort on a bridge relay; disabling DirPort
**Trac**:
**Username**: BarkerJrErinn ClarkErinn Clark