Trac issueshttps://gitlab.torproject.org/legacy/trac/-/issues2020-06-13T15:47:16Zhttps://gitlab.torproject.org/legacy/trac/-/issues/32213Phase 0: Disable minimal dirauth and relay options when those modules are dis...2020-06-13T15:47:16ZteorPhase 0: Disable minimal dirauth and relay options when those modules are disabledWe should disable this minimal set of options:
* --disable-module-dirauth
* disable AuthoritativeDirectory
* --disable-module-relay
* disable DirPort, DirCache, ORPort, BridgeRelay
* set ClientOnly to 1
This is a serious UX bug,...We should disable this minimal set of options:
* --disable-module-dirauth
* disable AuthoritativeDirectory
* --disable-module-relay
* disable DirPort, DirCache, ORPort, BridgeRelay
* set ClientOnly to 1
This is a serious UX bug, so it must be fixed as part of Sponsor 31.Tor: 0.4.3.x-finalteorteorhttps://gitlab.torproject.org/legacy/trac/-/issues/32124Interpret --disable-module-dirauth=no correctly2020-06-13T15:46:50ZteorInterpret --disable-module-dirauth=no correctlyCurrently, we treat --disable-module-dirauth=no as enabling the C macro, but disabling the Makefile variable.
Apparently lots of people make this mistake:
```
The most common mistake for this macro is to consider the two actions as acti...Currently, we treat --disable-module-dirauth=no as enabling the C macro, but disabling the Makefile variable.
Apparently lots of people make this mistake:
```
The most common mistake for this macro is to consider the two actions as action-if-enabled and action-if-disabled.
This is not the case!
Since using --disable-foo or --enable-foo=no are equivalent, for the macro, you cannot really use this macro with those meanings.
```
https://autotools.io/autoconf/arguments.html
I don't know if we should backport this change, it just didn't work before, so maybe it should just go in master?Tor: 0.4.2.x-finalteorteorhttps://gitlab.torproject.org/legacy/trac/-/issues/32058mainloop: make periodic events restartable2020-06-13T15:46:33Zteormainloop: make periodic events restartableWhen we shut down tor, we disable periodic events, but leave their enabled flag set to 1.
See this PR for details:
https://github.com/torproject/tor/pull/1397
I'm not sure if this is the best solution, or how far we should backport.When we shut down tor, we disable periodic events, but leave their enabled flag set to 1.
See this PR for details:
https://github.com/torproject/tor/pull/1397
I'm not sure if this is the best solution, or how far we should backport.Tor: 0.3.5.x-finalDavid Gouletdgoulet@torproject.orgDavid Gouletdgoulet@torproject.orghttps://gitlab.torproject.org/legacy/trac/-/issues/31825Use the full name of optional modules, rather than an abbreviation2020-06-13T15:45:53ZteorUse the full name of optional modules, rather than an abbreviationSome Tor builders are confused by the optional module descriptions in Tor's configure script.
We should spell out abbreviations:
* dirauth = Directory AuthoritySome Tor builders are confused by the optional module descriptions in Tor's configure script.
We should spell out abbreviations:
* dirauth = Directory AuthorityTor: 0.4.2.x-finalteorteorhttps://gitlab.torproject.org/legacy/trac/-/issues/31482Avoid possible overflow when converting between coarse stamp to approx ms2020-06-13T15:44:27ZteorAvoid possible overflow when converting between coarse stamp to approx msOur coarse monotonic time conversion code can overflow on some platforms.
In particular, passing a large rate to a token bucket will overflow on iOS, and any other platform where monotime.numerator^2^ / monotime.denominator > 512.
I h...Our coarse monotonic time conversion code can overflow on some platforms.
In particular, passing a large rate to a token bucket will overflow on iOS, and any other platform where monotime.numerator^2^ / monotime.denominator > 512.
I have a fix that makes sure that token bucket's rate_per_sec_to_rate_per_sec() can't cause an overflow. I can do tests and a changes file after nickm answers some of my remaining questions.
Gaba, this is a fix on a refactor for #25766, which was originally for sponsor 8. Are refactor bug fixes covered by sponsor 31 now?Tor: 0.4.4.x-finalNick MathewsonNick Mathewsonhttps://gitlab.torproject.org/legacy/trac/-/issues/29645test.exe hangs on Appveyor CI2020-06-13T15:49:23Zteortest.exe hangs on Appveyor CITor's test.exe sometimes hangs on our Appveyor Windows CI.
I've seen this happen twice over the past few weeks.
Here is one example:
https://ci.appveyor.com/project/torproject/tor/builds/22791909/job/u0jd5tpr07mt2nv3
We've reduced the ...Tor's test.exe sometimes hangs on our Appveyor Windows CI.
I've seen this happen twice over the past few weeks.
Here is one example:
https://ci.appveyor.com/project/torproject/tor/builds/22791909/job/u0jd5tpr07mt2nv3
We've reduced the job time limit to 30 minutes to mitigate this issue.
But I am not sure how to debug it further.Tor: 0.4.4.x-finalAlexander Færøyahf@torproject.orgAlexander Færøyahf@torproject.orghttps://gitlab.torproject.org/legacy/trac/-/issues/28454Actually use zstd on Appveyor2020-06-13T15:34:12ZteorActually use zstd on AppveyorWe install zstd, but configure can't find it.We install zstd, but configure can't find it.Tor: 0.4.0.x-finalteorteorhttps://gitlab.torproject.org/legacy/trac/-/issues/28399Build is broken on Appveyor CI2020-06-13T15:52:21Zrl1987Build is broken on Appveyor CIhttps://ci.appveyor.com/project/torproject/tor/builds/20213306
```
bash.exe : ../src/lib/tls/tortls_openssl.c: In function 'tor_tls_context_new':
At line:2 char:5
+ & $commandPath $args 2>&1
+ ~~~~~~~~~~~~~~~~~~~~~~~~~
+ Cat...https://ci.appveyor.com/project/torproject/tor/builds/20213306
```
bash.exe : ../src/lib/tls/tortls_openssl.c: In function 'tor_tls_context_new':
At line:2 char:5
+ & $commandPath $args 2>&1
+ ~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (../src/lib/tls/...s_context_new'::String) [], RemoteException
+ FullyQualifiedErrorId : NativeCommandError
../src/lib/tls/tortls_openssl.c:545:35: error: implicit declaration of function 'TLS_method'; did you mean 'DTLS_method'? [-Werror=implicit-function-declaration]
if (!(result->ctx = SSL_CTX_new(TLS_method())))
^~~~~~~~~~
DTLS_method
../src/lib/tls/tortls_openssl.c:545:35: error: nested extern declaration of 'TLS_method' [-Werror=nested-externs]
../src/lib/tls/tortls_openssl.c:545:35: error: passing argument 1 of 'SSL_CTX_new' makes pointer from integer without a cast [-Werror=int-conversion]
In file included from ../src/lib/tls/tortls_openssl.c:48:0:
C:/OpenSSL-Win32/include/openssl/ssl.h:2131:10: note: expected 'const SSL_METHOD * {aka const struct ssl_method_st *}' but argument is of type 'int'
SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth);
^~~~~~~~~~~
../src/lib/tls/tortls_openssl.c:554:3: error: implicit declaration of function 'SSL_CTX_set_security_level'; did you mean 'SSL_CTX_set_verify_depth'? [-Werror=implicit-function-declaration]
SSL_CTX_set_security_level(result->ctx, 1);
^~~~~~~~~~~~~~~~~~~~~~~~~~
SSL_CTX_set_verify_depth
../src/lib/tls/tortls_openssl.c:554:3: error: nested extern declaration of 'SSL_CTX_set_security_level' [-Werror=nested-externs]
../src/lib/tls/tortls_openssl.c: In function 'prune_v2_cipher_list':
../src/lib/tls/tortls_openssl.c:810:25: error: initialization makes pointer from integer without a cast [-Werror=int-conversion]
const SSL_METHOD *m = TLS_method();
^~~~~~~~~~
../src/lib/tls/tortls_openssl.c: In function 'tor_tls_client_is_using_v2_ciphers':
../src/lib/tls/tortls_openssl.c:919:13: error: implicit declaration of function 'SSL_get_client_ciphers'; did you mean 'SSL_get_current_cipher'? [-Werror=implicit-function-declaration]
ciphers = SSL_get_client_ciphers(ssl);
^~~~~~~~~~~~~~~~~~~~~~
SSL_get_current_cipher
../src/lib/tls/tortls_openssl.c:919:13: error: nested extern declaration of 'SSL_get_client_ciphers' [-Werror=nested-externs]
../src/lib/tls/tortls_openssl.c:919:11: error: assignment makes pointer from integer without a cast [-Werror=int-conversion]
ciphers = SSL_get_client_ciphers(ssl);
^
../src/lib/tls/tortls_openssl.c: In function 'tor_tls_get_tlssecrets':
../src/lib/tls/tortls_openssl.c:1623:36: error: implicit declaration of function 'SSL_get_server_random'; did you mean 'SSL_get_servername'? [-Werror=implicit-function-declaration]
const size_t server_random_len = SSL_get_server_random(ssl, NULL, 0);
^~~~~~~~~~~~~~~~~~~~~
SSL_get_servername
../src/lib/tls/tortls_openssl.c:1623:36: error: nested extern declaration of 'SSL_get_server_random' [-Werror=nested-externs]
../src/lib/tls/tortls_openssl.c:1624:36: error: implicit declaration of function 'SSL_get_client_random'; did you mean 'SSL_get_client_CA_list'? [-Werror=implicit-function-declaration]
const size_t client_random_len = SSL_get_client_random(ssl, NULL, 0);
^~~~~~~~~~~~~~~~~~~~~
SSL_get_client_CA_list
../src/lib/tls/tortls_openssl.c:1624:36: error: nested extern declaration of 'SSL_get_client_random' [-Werror=nested-externs]
../src/lib/tls/tortls_openssl.c:1625:33: error: implicit declaration of function 'SSL_SESSION_get_master_key'; did you mean 'SSL_SESSION_get_time'? [-Werror=implicit-function-declaration]
const size_t master_key_len = SSL_SESSION_get_master_key(session, NULL, 0);
^~~~~~~~~~~~~~~~~~~~~~~~~~
SSL_SESSION_get_time
../src/lib/tls/tortls_openssl.c:1625:33: error: nested extern declaration of 'SSL_SESSION_get_master_key' [-Werror=nested-externs]
```Tor: 0.3.5.x-finalhttps://gitlab.torproject.org/legacy/trac/-/issues/28077remove unsafe block from cstr! macro2020-06-13T15:32:55ZTracremove unsafe block from cstr! macro```
.unwrap_or(
unsafe{
::std::ffi::CStr::from_bytes_with_nul_unchecked(b"\0")
}
)
```
**Trac**:
**Username**: cyberpunks```
.unwrap_or(
unsafe{
::std::ffi::CStr::from_bytes_with_nul_unchecked(b"\0")
}
)
```
**Trac**:
**Username**: cyberpunksTor: 0.4.0.x-finalhttps://gitlab.torproject.org/legacy/trac/-/issues/27921apparent DOS / impairment-of-service against FallbackDirs using DIR requests,...2020-06-13T15:32:23Zstarlightapparent DOS / impairment-of-service against FallbackDirs using DIR requests, please evaluate for possible mitigationEarly this year I noticed excessive DIR requests against my relay and also in the Relay Search usage graphs of other fallback directory nodes. Wrote an iptables rule and put an end to it.
The attacker enhanced their botware to request ...Early this year I noticed excessive DIR requests against my relay and also in the Relay Search usage graphs of other fallback directory nodes. Wrote an iptables rule and put an end to it.
The attacker enhanced their botware to request via OR port and the problem is back. In the previous 24-hour stats window DIR requests increased output load on the relay by 17%. In the current cycle the increase is 12%.
Opening this ticket to put the problem on the radar. When time permits (never enough time, I know) and/or the attack escalates please investigate an enhancement to DOS mitigation to address this issue.Tor: unspecifiedhttps://gitlab.torproject.org/legacy/trac/-/issues/27464Appveyor: stop reinstalling packages that haven't been updated2020-06-13T15:30:46ZteorAppveyor: stop reinstalling packages that haven't been updatedIf we give pacman the --needed argument, it will stop reinstalling identical packages.If we give pacman the --needed argument, it will stop reinstalling identical packages.Tor: 0.3.5.x-finalteorteorhttps://gitlab.torproject.org/legacy/trac/-/issues/27460Appveyor: --disable-gcc-hardening2020-06-13T15:30:44ZteorAppveyor: --disable-gcc-hardening--disable-gcc-hardening gets us further, but there are still more errors.--disable-gcc-hardening gets us further, but there are still more errors.Tor: 0.3.4.x-finalteorteorhttps://gitlab.torproject.org/legacy/trac/-/issues/27430Appveyor: tail config.log and cat test-suite.log on failure2020-06-13T15:30:38ZteorAppveyor: tail config.log and cat test-suite.log on failureDiagnostics for #27389.Diagnostics for #27389.Tor: 0.3.4.x-finalteorteorhttps://gitlab.torproject.org/legacy/trac/-/issues/27389Appveyor Windows 64-bit builds fail because the compiler is broken2020-06-13T15:30:31ZteorAppveyor Windows 64-bit builds fail because the compiler is brokenSince about 6 hours ago, all Appveyor 64-bit Windows builds fail the first C file they build with:
```
bash.exe : In file included from ../src/core/or/or.h:16,
At line:2 char:5
+ & $commandPath $args 2>&1
+ ~~~~~~~~~~~~~~~~~~~~~...Since about 6 hours ago, all Appveyor 64-bit Windows builds fail the first C file they build with:
```
bash.exe : In file included from ../src/core/or/or.h:16,
At line:2 char:5
+ & $commandPath $args 2>&1
+ ~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (In file include...ore/or/or.h:16,:String) [], RemoteException
+ FullyQualifiedErrorId : NativeCommandError
from ../src/app/main/ntmain.c:22:
../src/lib/cc/torint.h:52:2: error: #error "Seems that your platform doesn't use 2's complement arithmetic. Argh."
#error "Seems that your platform doesn't use 2's complement arithmetic. Argh."
^~~~~
In file included from ../src/core/or/or.h:26,
from ../src/app/main/ntmain.c:22:
../src/lib/cc/compat_compiler.h:28:2: error: #error "It seems your platform does not represent NULL as zero. We can't cope."
#error "It seems your platform does not represent NULL as zero. We can't cope."
^~~~~
../src/lib/cc/compat_compiler.h:32:2: error: #error "It seems your platform does not represent 0.0 as zeros. We can't cope."
#error "It seems your platform does not represent 0.0 as zeros. We can't cope."
^~~~~
In file included from ../src/core/or/or.h:16,
from ../src/feature/dirauth/dircollate.h:16,
from ../src/feature/dirauth/dircollate.c:25:
../src/lib/cc/torint.h:52:2: error: #error "Seems that your platform doesn't use 2's complement arithmetic. Argh."
#error "Seems that your platform doesn't use 2's complement arithmetic. Argh."
^~~~~
In file included from ../src/core/or/or.h:26,
from ../src/feature/dirauth/dircollate.h:16,
from ../src/feature/dirauth/dircollate.c:25:
../src/lib/cc/compat_compiler.h:28:2: error: #error "It seems your platform does not represent NULL as zero. We can't cope."
#error "It seems your platform does not represent NULL as zero. We can't cope."
^~~~~
../src/lib/cc/compat_compiler.h:32:2: error: #error "It seems your platform does not represent 0.0 as zeros. We can't cope."
#error "It seems your platform does not represent 0.0 as zeros. We can't cope."
^~~~~
```
https://ci.appveyor.com/project/teor2345/tor/build/1.0.113/job/ujbvwntcu1pdk2m6#L762
CC'ing mikeperry, because he's on CI rotation this week.
Which is weird, because configure seems to succeed.Tor: 0.3.5.x-finalteorteorhttps://gitlab.torproject.org/legacy/trac/-/issues/27302Duplicate votes on 0.3.4 and later2020-06-13T15:30:06ZteorDuplicate votes on 0.3.4 and laterTor 0.3.4 changed periodic event timings.
Occasionally, this means authorities send a duplicate vote:
```
Detail: chutney/tools/warnings.sh /Users/base/chutney/net/nodes.1535124133
Warning: Rejected vote from 127.0.0.1 ("Duplicate disca...Tor 0.3.4 changed periodic event timings.
Occasionally, this means authorities send a duplicate vote:
```
Detail: chutney/tools/warnings.sh /Users/base/chutney/net/nodes.1535124133
Warning: Rejected vote from 127.0.0.1 ("Duplicate discarded"). Number: 1
```
Maybe we should avoid sending the same vote twice?
(Or maybe not, if the remote authority restarts.)Tor: 0.3.4.x-finalteorteorhttps://gitlab.torproject.org/legacy/trac/-/issues/27275Stop reporting appveyor on_success, because it's noisy2020-06-13T15:29:59ZteorStop reporting appveyor on_success, because it's noisyAppveyor currently reports:
```
on_success:
- cmd: ... success
on_failure:
- cmd: ... failure
```
which is really noisy.
Travis currently reports:
```
irc:
...
on_success: change
on_failure: change
```
which seems ok.
We ...Appveyor currently reports:
```
on_success:
- cmd: ... success
on_failure:
- cmd: ... failure
```
which is really noisy.
Travis currently reports:
```
irc:
...
on_success: change
on_failure: change
```
which seems ok.
We should make Appveyor notifications more like Travis.Tor: 0.3.5.x-finalhttps://gitlab.torproject.org/legacy/trac/-/issues/27212Why do bridges run the retry_dns callback?2020-06-13T15:29:43ZteorWhy do bridges run the retry_dns callback?In a4fcdc5dec, the following roles seem inconsistent:
```
+ CALLBACK(retry_dns, PERIODIC_EVENT_ROLE_ROUTER),
+ CALLBACK(check_dns_honesty, PERIODIC_EVENT_ROLE_RELAY),
```
It's probably unrelated, but I don't think clients write stats...In a4fcdc5dec, the following roles seem inconsistent:
```
+ CALLBACK(retry_dns, PERIODIC_EVENT_ROLE_ROUTER),
+ CALLBACK(check_dns_honesty, PERIODIC_EVENT_ROLE_RELAY),
```
It's probably unrelated, but I don't think clients write stats:
```
+ CALLBACK(write_stats_file, PERIODIC_EVENT_ROLE_ALL),
```
(Do onion services write stats?)
From https://trac.torproject.org/projects/tor/ticket/27080#comment:4Tor: 0.3.4.x-finalhttps://gitlab.torproject.org/legacy/trac/-/issues/27088Pass MODULES_OPTIONS in DISTCHECK_CONFIGURE_FLAGS2020-06-13T15:29:12ZteorPass MODULES_OPTIONS in DISTCHECK_CONFIGURE_FLAGSOops, it seems we missed this one.Oops, it seems we missed this one.Tor: 0.3.5.x-finalteorteorhttps://gitlab.torproject.org/legacy/trac/-/issues/27080bridges fail on Tor 0.3.4.1-alpha and later2020-06-13T15:29:10Zteorbridges fail on Tor 0.3.4.1-alpha and laterWhen I run the chutney bridges-min and bridges+ipv6-min tests on my mac, they fail on every release from 0.3.4.1-alpha through to master (837f11a532). But they succeed on maint-0.3.3, maint-0.3.2, and maint-0.2.9.When I run the chutney bridges-min and bridges+ipv6-min tests on my mac, they fail on every release from 0.3.4.1-alpha through to master (837f11a532). But they succeed on maint-0.3.3, maint-0.3.2, and maint-0.2.9.Tor: 0.3.4.x-finalhttps://gitlab.torproject.org/legacy/trac/-/issues/26979Appveyor CI IRC shows the wrong branch for pull requests2020-06-13T15:28:52ZteorAppveyor CI IRC shows the wrong branch for pull requestsFor example, the branch that Neel opened a pull request for is b23588, based on master:
```
11:49 appveyor-ci: torproject/tor master 1752b17 - Neel Chauhan: Add changes file for Bug #23588
11:49 appveyor-ci: Build #1.0.450 failed. Detail...For example, the branch that Neel opened a pull request for is b23588, based on master:
```
11:49 appveyor-ci: torproject/tor master 1752b17 - Neel Chauhan: Add changes file for Bug #23588
11:49 appveyor-ci: Build #1.0.450 failed. Details: https://ci.appveyor.com/project/torproject/tor/build/1.0.450
```
If I can't fix this in a few minutes tomorrow, I'll leave it for later.Tor: 0.3.4.x-finalteorteor