Clients have ignored the Named flag since 0.3.2.

Fixes bug 28441; bugfix on 0.3.2.1-alpha.

Apparently some freebsd compilers can't tell that 'c' will never
be used uninitialized.

Fixes bug 28413; bugfix on 0.2.9.3-alpha when we added support for
longer AES keys to this function.

We don't use this syscall, but openssl apparently does.

(This syscall puts a socket into a half-closed state. Don't worry:
It doesn't shut down the system or anything.)

Fixes bug 28183; bugfix on 0.2.5.1-alpha where the sandbox was
introduced.

Apparently, even though the manpage says it returns an int, it
can return a long instead and cause a warning.

Bug not in any released Tor.  Part of #28399

Failing to do on clients was causing TLS 1.3 negotiation to fail.

Fixes bug 28245; bugfix on 0.2.9.15, when we added TLS 1.3 support.

Kris Katterjohn authored 6 years ago and Nick Mathewson committed 6 years ago

This fixes compilation on OpenBSD.

Signed-off-by: Kris Katterjohn <katterjohn@gmail.com>

Roger Dingledine authored 6 years ago and Alexander Hansen Færøy committed 6 years ago

Resume refusing to start with relative file paths and RunAsDaemon
set (regression from the fix for bug 22731).

Fixes bug 28298; bugfix on 0.3.3.1-alpha.

Fixes bug 28348; bugfix on 0.3.4.1-alpha

teor authored 6 years ago and Nick Mathewson committed 6 years ago

Cleanup after #27968.

teor authored 6 years ago and Nick Mathewson committed 6 years ago

Closes #27968.

teor authored 6 years ago and Nick Mathewson committed 6 years ago

Part of #27968.

teor authored 6 years ago and Nick Mathewson committed 6 years ago

If tor terminates due to SIGNAL HALT before test_rebind.py calls
tor_process.terminate(), an OSError 3 (no such process) is thrown.

Fixes part of bug 27968 on 0.3.5.1-alpha.

Neel Chauhan authored 6 years ago and David Goulet committed 6 years ago

Detect the onion service version and then check for invalid options unless we have set HiddenServiceVersion

This'll help retain test compatibility until 1.31.0 is released!

Related to fix for 28202.

Remember, you can't check to see if there are N bytes left in a
buffer by doing (buf + N < end), since the buf + N computation might
take you off the end of the buffer and result in undefined behavior.

Fixes 28202; bugfix on 0.2.0.3-alpha.

It is not enough to look at protover for v3 rendezvous support but also we
need to make sure that the curve25519 onion key is present or in other words
that the descriptor has been fetched and does contain it.

Fixes #27797.

Signed-off-by: David Goulet <dgoulet@torproject.org>

cypherpunks authored 6 years ago and Nick Mathewson committed 6 years ago

This file was moved in 97b15a1d
and moved again in e7f5f48d.

Move the elements around to concentrate mutable and immutable elements
together. This commit changes no code, check with --color-moved.

With the new refresh_service_descriptor() function we had both
refresh_service_descriptor() and update_service_descriptor() which is basically
the same thing.

This commit renames update_service_descriptor() to
update_service_descriptor_intro_points() to make it clear it's not a generic
refresh and it's only about intro points.

Commit changes no code.

Treat backtrace test failures as expected on NetBSD, OpenBSD, and
macOS/Darwin, until we solve bug 17808.

(FreeBSD failures have been treated as expected since 18204 in 0.2.8.)

Fixes bug 27948; bugfix on 0.2.5.2-alpha.

Before this commit, we would create the descriptor signing key certificate
when first building the descriptor.

In some extreme cases, it lead to the expiry of the certificate which triggers
a BUG() when encoding the descriptor before uploading.

Ticket #27838 details a possible scenario in which this can happen. It is an
edge case where tor losts internet connectivity, notices it and closes all
circuits. When it came back up, the HS subsystem noticed that it had no
introduction circuits, created them and tried to upload the descriptor.

However, in the meantime, if tor did lack a live consensus because it is
currently seeking to download one, we would consider that we don't need to
rotate the descriptors leading to using the expired signing key certificate.

That being said, this commit does a bit more to make this process cleaner.
There are a series of things that we need to "refresh" before uploading a
descriptor: signing key cert, intro points and revision counter.

A refresh function is added to deal with all mutable descriptor fields. It in
turn simplified a bit the code surrounding the creation of the plaintext data.

We keep creating the cert when building the descriptor in order to accomodate
the unit tests. However, it is replaced every single time the descriptor is
uploaded.

Fixes #27838

Signed-off-by: David Goulet <dgoulet@torproject.org>

We can't use htons()/ntohs() -- those are no-ops on exactly the
wrong platforms.

Fixes bug 28115; bugfix on 0.3.5.1-alpha.

It won't be used if there are no authorized client configured. We do that so
we can easily support the addition of a client with a HUP signal which allow
us to avoid more complex code path to generate that cookie if we have at least
one client auth and we had none before.

Fixes #27995

Signed-off-by: David Goulet <dgoulet@torproject.org>

Occasionally, key pinning doesn't catch a relay that shares an ed25519
ID with another relay.  Log the identity fingerprints and the shared
ed25519 ID when this happens, instead of making a BUG() warning.

Fixes bug 27800; bugfix on 0.3.2.1-alpha.

Commit 488e2b00 introduced an issue, most
likely introduced by a bad copy paste, that made us stop reading on the
connection if our write bandwidth limit was reached.

The problem is that because "read_blocked_on_bw" was never set, the connection
was never reenabled for reading.

This is most likely the cause of #27813 where bytes were accumulating in the
kernel TCP bufers because tor was not doing reads. Only relays with
RelayBandwidthRate would suffer from this but affecting all relays connecting
to them. And using that tor option is recommended and best practice so many
many relays have it enabled.

Fixes #28089.