1. 22 Nov, 2009 2 commits
  2. 20 Nov, 2009 1 commit
    • Nick Mathewson's avatar
      Fix compilation on OSX 10.3. · 444eff62
      Nick Mathewson authored
      On this OSX version, there is a stub mlockall() function
      that doesn't work, *and* the declaration for it is hidden by
      an '#ifdef _P1003_1B_VISIBLE'.  This would make autoconf
      successfully find the function, but our code fail to build
      when no declaration was found.
      
      This patch adds an additional test for the declaration.
      444eff62
  3. 19 Nov, 2009 1 commit
  4. 17 Nov, 2009 2 commits
  5. 12 Nov, 2009 1 commit
  6. 06 Nov, 2009 1 commit
  7. 05 Nov, 2009 1 commit
    • Nick Mathewson's avatar
      Make Tor work with OpenSSL 0.9.8l · ce0a89e2
      Nick Mathewson authored
      To fix a major security problem related to incorrect use of
      SSL/TLS renegotiation, OpenSSL has turned off renegotiation by
      default.  We are not affected by this security problem, however,
      since we do renegotiation right.  (Specifically, we never treat a
      renegotiated credential as authenticating previous communication.)
      Nevertheless, OpenSSL's new behavior requires us to explicitly
      turn renegotiation back on in order to get our protocol working
      again.
      
      Amusingly, this is not so simple as "set the flag when you create
      the SSL object" , since calling connect or accept seems to clear
      the flags.
      
      For belt-and-suspenders purposes, we clear the flag once the Tor
      handshake is done.  There's no way to exploit a second handshake
      either, but we might as well not allow it.
      ce0a89e2
  8. 27 Oct, 2009 7 commits
    • Jacob Appelbaum's avatar
      Implement DisableAllSwap to avoid putting secret info in page files. · 2aac39a7
      Jacob Appelbaum authored and Roger Dingledine's avatar Roger Dingledine committed
      This commit implements a new config option: 'DisableAllSwap'
      This option probably only works properly when Tor is started as root.
      We added two new functions: tor_mlockall() and tor_set_max_memlock().
      tor_mlockall() attempts to mlock() all current and all future memory pages.
      For tor_mlockall() to work properly we set the process rlimits for memory to
      RLIM_INFINITY (and beyond) inside of tor_set_max_memlock().
      We behave differently from mlockall() by only allowing tor_mlockall() to be
      called one single time. All other calls will result in a return code of 1.
      It is not possible to change DisableAllSwap while running.
      A sample configuration item was added to the torrc.complete.in config file.
      A new item in the man page for DisableAllSwap was added.
      Thanks to Moxie Marlinspike and Chris Palmer for their feedback on this patch.
      
      Please note that we make no guarantees about the quality of your OS and its
      mlock/mlockall implementation. It is possible that this will do nothing at all.
      It is also possible that you can ulimit the mlock properties of a given user
      such that root is not required. This has not been extensively tested and is
      unsupported. I have included some comments for possible ways we can handle
      this on win32.
      2aac39a7
    • Karsten Loesing's avatar
      Fix bug 1113. · 56c23851
      Karsten Loesing authored
      Bridges do not use the default exit policy, but reject *:* by default.
      56c23851
    • Karsten Loesing's avatar
      Fix bug 1042. · 19ddee55
      Karsten Loesing authored
      If your relay can't keep up with the number of incoming create cells, it
      would log one warning per failure into your logs. Limit warnings to 1 per
      minute.
      19ddee55
    • Nick Mathewson's avatar
      Note coverity fixes in changelog. · 698aaeb1
      Nick Mathewson authored
      698aaeb1
    • Nick Mathewson's avatar
      e50e7395
    • Karsten Loesing's avatar
      Fix bug 1066. · 4256a964
      Karsten Loesing authored
      If all authorities restart at once right before a consensus vote, nobody
      will vote about "Running", and clients will get a consensus with no usable
      relays. Instead, authorities refuse to build a consensus if this happens.
      4256a964
    • Nick Mathewson's avatar
      Only send the if_modified_since header for a v3 consensus. · 56048637
      Nick Mathewson authored
      Spotted by xmux; bugfix on 0.2.0.10-alpha.
      (Bug introduced by 20b10859)
      56048637
  9. 26 Oct, 2009 1 commit
  10. 19 Oct, 2009 1 commit
  11. 15 Oct, 2009 2 commits
  12. 14 Oct, 2009 2 commits
  13. 13 Oct, 2009 1 commit
    • Nick Mathewson's avatar
      Fix a crash when using evdns from Libevent 2. · 81eee0ec
      Nick Mathewson authored
      When we tried to use the deprecated non-threadsafe evdns
      interfaces in Libevent 2 without using the also-deprecated
      event_init() interface, Libevent 2 would sensibly crash, since it
      has no guess where to find the Libevent library.
      
      Here we use the evdns_base_*() functions instead if they're
      present, and fake them if they aren't.
      81eee0ec
  14. 12 Oct, 2009 2 commits
  15. 11 Oct, 2009 1 commit
  16. 10 Oct, 2009 4 commits
  17. 07 Oct, 2009 1 commit
  18. 01 Oct, 2009 2 commits
  19. 30 Sep, 2009 2 commits
  20. 29 Sep, 2009 2 commits
  21. 27 Sep, 2009 2 commits
  22. 24 Sep, 2009 1 commit