```
src/feature/stats/rephist.c: In function ‘overload_happened_recently’:
src/feature/stats/rephist.c:215:21: error: comparison between signed and unsigned integer expressions [-Werror=sign-compare]
   if (overload_time > approx_time() - 3600 * n_hours) {
```
from tpo/core/tor#40341 (comment 2729364)

This uses a heuristic that came up after a discussion with David.

I'm leaving this as a separate commit so that it can be discussed further if
needed.

- OOM metric
- onionskin overload metric
- DNS timeout metric

- Implement overload statistics structure.
- Implement function that keeps track of overload statistics.
- Implement function that writes overload statistics to descriptor.
- Unittest for the whole logic.

Nick Mathewson authored 4 years ago and David Goulet committed 4 years ago

(If you need to do this in an older version you can just set
DormantClientTimeout to something huge.)

Closes #40228.

"ours" to avoid version bump.

"ours" to avoid version bump.

"ours" to avoid version bump.

(0.4.6.1-alpha will come out after the stable releases.)

We were looking for the first instance of "directory-signature "
when instead the correct behavior is to look for the first instance
of "directory-signature " at the start of a line.

Unfortunately, this can be exploited as to crash authorities while
they're voting.

Fixes #40316; bugfix on 0.2.2.4-alpha.  This is TROVE-2021-002,
also tracked as CVE-2021-28090.

We're going to disable this feature in all versions for now.