This is an "ours" merge to avoid taking the maint-0.4.2 version of the 34078
fix.

GCC added an implicit-fallthrough warning a while back, where it
would complain if you had a nontrivial "case:" block that didn't end
with break, return, or something like that.  Clang recently added
the same thing.

GCC, however, would let you annotate a fall-through as intended by
any of various magic "/* fall through */" comments.  Clang, however,
only seems to like "__attribute__((fallthrough))".  Fortunately, GCC
accepts that too.

A previous commit in this branch defined a FALLTHROUGH macro to do
the right thing if GNUC is defined; here we replace all of our "fall
through" comments with uses of that macro.

This is an automated commit, made with the following perl one-liner:

  #!/usr/bin/perl -i -p
  s#/\* *falls? ?thr.*?\*/#FALLTHROUGH;#i;

(In order to avoid conflicts, I'm applying this script separately to
each maint branch. This is the 0.4.2 version.)

This is an "ours" merge to avoid taking the 0.4.1 version of the 34078 fix.

GCC added an implicit-fallthrough warning a while back, where it
would complain if you had a nontrivial "case:" block that didn't end
with break, return, or something like that.  Clang recently added
the same thing.

GCC, however, would let you annotate a fall-through as intended by
any of various magic "/* fall through */" comments.  Clang, however,
only seems to like "__attribute__((fallthrough))".  Fortunately, GCC
accepts that too.

A previous commit in this branch defined a FALLTHROUGH macro to do
the right thing if GNUC is defined; here we replace all of our "fall
through" comments with uses of that macro.

This is an automated commit, made with the following perl one-liner:

  #!/usr/bin/perl -i -p
  s#/\* *falls? ?thr.*?\*/#FALLTHROUGH;#i;

(In order to avoid conflicts, I'm applying this script separately to
each maint branch. This is the 0.4.1 version.)

This is an "ours" merge to avoid taking the 0.3.5 fix for 34078.

GCC added an implicit-fallthrough warning a while back, where it
would complain if you had a nontrivial "case:" block that didn't end
with break, return, or something like that.  Clang recently added
the same thing.

GCC, however, would let you annotate a fall-through as intended by
any of various magic "/* fall through */" comments.  Clang, however,
only seems to like "__attribute__((fallthrough))".  Fortunately, GCC
accepts that too.

A previous commit in this branch defined a FALLTHROUGH macro to do
the right thing if GNUC is defined; here we replace all of our "fall
through" comments with uses of that macro.

This is an automated commit, made with the following perl one-liner:

  #!/usr/bin/perl -i -p
  s#/\* *falls? ?thr.*?\*/#FALLTHROUGH;#i;

There's nothing wrong with the comment, but the script I'm about to
apply wouldn't like it.

This macro defers to __attribute__((fallthrough)) on GCC (and
clang).  Previously we had been using GCC's magic /* fallthrough */
comments, but clang very sensibly doesn't accept those.

Since not all compiler recognize it, we only define it when our
configure script detects that it works.

Part of a fix for 34078.

Do not try to stuff "HS_DESC_DECODE_GENERIC_ERROR" (-1) into a
socks5_reply_status_t (enum).  It doesn't actually make sense, and
isn't one of our documented extensions.

(This can only happen on a nonfatal assertion that we haven't seen,
so it probably isn't happening in practice.)

Fixes another case of bug 34077; bugfix on 0.4.3.1-alpha.

Fixes 34077 for 0.4.1; bugfix on 0.4.0.3-alpha. (Specifically, GCC
first gives this warning for 9eeff921)

teor authored Apr 15, 2020 and Nick Mathewson committed Apr 21, 2020

Stop truncating IPv6 addresses and ports in channel and connection logs.

Fixes bug 33918; bugfix on 0.2.4.4-alpha.

George Kadianakis authored Mar 30, 2020 and Nick Mathewson committed Apr 13, 2020

And also disallow all-zeroes keys from the filesystem; add a test for it too.

George Kadianakis authored Mar 30, 2020 and Nick Mathewson committed Apr 13, 2020

The client auth protocol allows attacker-controlled x25519 private keys being
passed around, which allows an attacker to potentially trigger the all-zeroes
assert for client_auth_sk in hs_descriptor.c:decrypt_descriptor_cookie().

We fixed that by making sure that an all-zeroes client auth key will not be
used.

There are no guidelines for validating x25519 private keys, and the assert was
there as a sanity check for code flow issues (we don't want to enter that
function with an unitialized key if client auth is being used). To avoid such
crashes in the future, we also changed the assert to a BUG-and-err.

(Our fix for 33087 requires this, I believe.)

Remove check-best-practices from check-local in maint-0.4.3.
(The check-local jobs are all on separate lines in 0.4.3.)

Nick Mathewson authored Jun 19, 2019 and teor committed Apr 09, 2020

practracker shouldn't be running in release or maint branches.

Squashed PR 1854, and fixed a minor typo (IPv4 -> IPv6).

David Goulet authored Apr 07, 2020 and teor committed Apr 09, 2020

This change broke torsocks that by default is expecting an IPv4 for hostname
resolution because it can't ask tor for a specific IP version with the SOCKS5
extension.

PreferIPv6 made it that sometimes the IPv6 could be returned to torsocks that
was expecting an IPv4.

Torsocks is probably a very unique case because the runtime flow is that it
hijacks DNS resolution (ex: getaddrinfo()), gets an IP and then sends it back
for the connect() to happen.

The libc has DNS resolution functions that allows the caller to request a
specific INET family but torsocks can't tell tor to resolve the hostname only
to an IPv4 or IPv6 and thus by default fallsback to IPv4.

Reverting this change into 0.4.3.x series but we'll keep it in the 0.4.4.x
series in the hope that we add this SOCKS5 extension to tor for DNS resolution
and then change torsocks to use that.

Fixes #33804
Signed-off-by: David Goulet <dgoulet@torproject.org>