Return early when there is no suitable IPv6 ORPort.
Show the address and port on error, using a convenience function.

Code simplification and refactoring.

Cleanup after 32588.

When IPv6 ORPorts are set to "auto", tor relays and bridges would
advertise an incorrect port in their descriptor.

This may be a low-severity memory safety issue, because the published
port number may be derived from uninitialised or out-of-bounds memory
reads.

Fixes bug 32588; bugfix on 0.2.3.9-alpha.

For example, "TOR_SKIP_TESTCASES=crypto/.. ./src/test/test" will run
the tests and suppress all the "crypto/" tests.  You could get the
same effect by running "./src/test/test :crypto/..", but that can be
harder to arrange from CI.

Part of a fix/workaround for 33643.

George Kadianakis authored 5 years ago and Nick Mathewson committed 5 years ago

Given that ed25519 public key validity checks are usually not needed
and (so far) they are only necessary for onion addesses in the Tor
protocol, we decided to fix this specific bug instance without
modifying the rest of the codebase (see below for other fix
approaches).

In our minimal fix we check that the pubkey in
hs_service_add_ephemeral() is valid and error out otherwise.

In the openssl that I have, it should be safe to only check the size
of n.  But if I'm wrong, or if other openssls work differently, we
should check whether any of the fields are too large.

Issue spotted by Teor.

When a Travis chutney job fails, use chutney's new "diagnostics.sh" tool
to produce detailed diagnostic output.

Closes ticket 32792.

(Deep, deep thanks to Taylor for reminding me to test this!)

Although OpenSSL before 1.1.1 is no longer supported, it's possible
that somebody is still using it with 0.3.5, so we probably shouldn't
break it with this fix.

Putting the slowest jobs first takes full advantage of Travis
concurrency.

Closes 33194.

Part of 33194.

The job was previously set to fast_finish / allow_failure, to
speed up the build.

Closes ticket 33195.

Alexander Hansen Færøy authored 5 years ago and teor committed 5 years ago

This patch ensures that we always lowercase the BridgeDistribution from
torrc in descriptors before submitting it.

See: https://bugs.torproject.org/32753

Private-key validation is fairly expensive for long keys in openssl,
so we need to avoid it sooner.

We introduced these BUG() checks in b0ddaac0 to prevent a
recurrence of bug 23690.  But there's a report of the BUG() message
getting triggered and filling up the disk.  Let's change it to
IF_BUG_ONCE().

Fixes bug 33093; bugfix on 0.3.2.2-alpha.

Stop allowing failures on the Travis CI stem tests job. It looks like
all the stem hangs we were seeing are now fixed, but let's make sure we
see them if they happen again.

Closes ticket 33075.

Peter Gerber authored 5 years ago and Nick Mathewson committed 5 years ago

This fixes a startup crash with libseccomp v2.4.0 if Sandbox is
set to 1.

Merge
* Chutney Trusty deletion in bug32240_029
* NSS addition in maint-0.3.5

Closes 32240.

We need to set "Sandbox 0", until we fix sandbox errors that are
triggered by Ubuntu Xenial and Bionic. See 32722.

Part of 32240.