Tor issueshttps://gitlab.torproject.org/tpo/core/tor/-/issues2020-06-27T13:51:49Zhttps://gitlab.torproject.org/tpo/core/tor/-/issues/28192Work out why 0.3.5 and later fail chutney (but 0.3.4 and earlier do not)2020-06-27T13:51:49ZteorWork out why 0.3.5 and later fail chutney (but 0.3.4 and earlier do not)In legacy/trac#27912, I created a chutney travis config.
0.2.9, 0.3.3, and 0.3.4 fail less than 1% of the time.
0.3.5 and 0.3.6 fail about 90% of the time.In legacy/trac#27912, I created a chutney travis config.
0.2.9, 0.3.3, and 0.3.4 fail less than 1% of the time.
0.3.5 and 0.3.6 fail about 90% of the time.Tor: 0.3.5.x-finalhttps://gitlab.torproject.org/tpo/core/tor/-/issues/28184Reload is additive with regards to new v3 HS client authorizations but it won...2021-09-30T13:25:26ZTracReload is additive with regards to new v3 HS client authorizations but it won't subtract deleted onesSending a reload signal seems to add to authorizations not present before the reload but when the reload is issued after some authorizations have been deleted or the files in which they resided given invalid extensions it won't clear tho...Sending a reload signal seems to add to authorizations not present before the reload but when the reload is issued after some authorizations have been deleted or the files in which they resided given invalid extensions it won't clear those from memory in this running instance.
**Trac**:
**Username**: jchevaliTor: 0.3.5.x-finalhaxxpophaxxpophttps://gitlab.torproject.org/tpo/core/tor/-/issues/28183tor-0.3.5.3_alpha unexpected stop bug: (Sandbox) Caught a bad syscall attempt...2020-06-27T13:51:50ZTractor-0.3.5.3_alpha unexpected stop bug: (Sandbox) Caught a bad syscall attempt (syscall shutdown)tor -f ./torrc
Oct 24 08:10:51.726 [notice] Tor 0.3.5.3-alpha running on Linux with Libevent 2.1.8-stable, OpenSSL 1.0.2p, Zlib 1.2.11, Liblzma 5.2.4, and Libzstd N/A.
Oct 24 08:10:51.726 [notice] This version is not a stable Tor releas...tor -f ./torrc
Oct 24 08:10:51.726 [notice] Tor 0.3.5.3-alpha running on Linux with Libevent 2.1.8-stable, OpenSSL 1.0.2p, Zlib 1.2.11, Liblzma 5.2.4, and Libzstd N/A.
Oct 24 08:10:51.726 [notice] This version is not a stable Tor release. Expect more bugs than usual.
Oct 24 08:10:51.726 [notice] Read configuration file "/home/n05/./torrc".
Oct 24 08:10:51.730 [notice] Opening Socks listener on 127.0.0.1:7012
Oct 24 08:10:51.730 [notice] Opened Socks listener on 127.0.0.1:7012
Oct 24 08:10:51.000 [notice] Parsing GEOIP IPv4 file /usr/share/tor/geoip.
Oct 24 08:10:51.000 [notice] Parsing GEOIP IPv6 file /usr/share/tor/geoip6.
Oct 24 08:10:51.000 [notice] Bootstrapped 0%: Starting
Oct 24 08:10:52.000 [notice] Starting with guard context "default"
Oct 24 08:10:52.000 [notice] Bootstrapped 10%: Finishing handshake with directory server
Oct 24 08:10:52.000 [notice] Bootstrapped 80%: Connecting to the Tor network
Oct 24 08:10:52.000 [notice] Bootstrapped 90%: Establishing a Tor circuit
Oct 24 08:10:53.000 [notice] Bootstrapped 100%: Done
============================================================ T= 1540371205
(Sandbox) Caught a bad syscall attempt (syscall shutdown)
tor(+0x7cb9e)[0x559d07c0cb9e]
/lib64/libc.so.6(shutdown+0x7)[0x7f7b36b6ab97]
/lib64/libc.so.6(shutdown+0x7)[0x7f7b36b6ab97]
/usr/lib64/libcrypto.so.1.0.0(+0xf885d)[0x7f7b3738785d]
/usr/lib64/libcrypto.so.1.0.0(BIO_free+0x8a)[0x7f7b3733237a]
/usr/lib64/libcrypto.so.1.0.0(BIO_free_all+0x24)[0x7f7b373920e4]
/usr/lib64/libssl.so.1.0.0(SSL_free+0x97)[0x7f7b37c7ac87]
tor(tor_tls_free_+0x3c)[0x559d07c3f93c]
tor(+0x1c631a)[0x559d07d5631a]
tor(+0x1c1e34)[0x559d07d51e34]
tor(+0x1c228e)[0x559d07d5228e]
/usr/lib64/libevent-2.1.so.6(+0x20b45)[0x7f7b374fbb45]
/usr/lib64/libevent-2.1.so.6(event_base_loop+0x507)[0x7f7b374fc8a7]
tor(do_main_loop+0x74)[0x559d07d4a994]
tor(tor_run_main+0x11a6)[0x559d07d5a9b6]
tor(tor_main+0x26)[0x559d07d5bdc6]
tor(main+0x9)[0x559d07be1be9]
/lib64/libc.so.6(__libc_start_main+0xe7)[0x7f7b36a86ae7]
tor(_start+0x2a)[0x559d07be1c2a]
torrc:
Log notice
#SEC
SandBox 1
SafeLogging 1
NoExec 1
ClientOnly 1
SafeSocks 1
TestSocks 1
#NET
#8min keep-alive
KeepAlivePeriod 600
SOCKSPort 7012
#PERF
TruncateLogFile 1
HardwareAccel 1
#AccelName rdrand
AvoidDiskWrites 1
emerge --info
Portage 2.3.51 (python 3.6.6-final-0, default/linux/amd64/17.0, gcc-8.2.0, glibc-2.27-r6, 4.19.0-gentoo_intel x86_64)
=================================================================
System uname: Linux-4.19.0-gentoo_intel-x86_64-Intel-R-_Core-TM-_i7-2860QM_CPU_@_2.50GHz-with-gentoo-2.6
KiB Mem: 16211896 total, 328624 free
KiB Swap: 15625212 total, 15625212 free
Timestamp of repository gentoo: Wed, 24 Oct 2018 00:45:01 +0000
sh bash 4.4_p23
ld GNU ld (Gentoo 2.31.1 p3) 2.31.1
distcc 3.2rc1 x86_64-pc-linux-gnu [disabled]
ccache version 3.5 [disabled]
app-shells/bash: 4.4_p23::gentoo
dev-java/java-config: 2.2.0-r4::gentoo
dev-lang/perl: 5.26.2::gentoo
dev-lang/python: 2.7.15::gentoo, 3.6.6::gentoo
dev-util/ccache: 3.5::gentoo
dev-util/cmake: 3.12.3::gentoo
dev-util/pkgconfig: 0.29.2::gentoo
sys-apps/baselayout: 2.6-r1::gentoo
sys-apps/openrc: 0.39::gentoo
sys-apps/sandbox: 2.13::gentoo
sys-devel/autoconf: 2.13::gentoo, 2.69-r4::gentoo
sys-devel/automake: 1.16.1-r1::gentoo
sys-devel/binutils: 2.31.1-r1::gentoo
sys-devel/gcc: 8.2.0-r3::gentoo
sys-devel/gcc-config: 2.0::gentoo
sys-devel/libtool: 2.4.6-r5::gentoo
sys-devel/make: 4.2.1-r4::gentoo
sys-kernel/linux-headers: 4.19::gentoo (virtual/os-headers)
sys-libs/glibc: 2.27-r6::gentoo
Repositories:
gentoo
location: /usr/portage
sync-type: webrsync
sync-uri: rsync://rsync.gentoo.org/gentoo-portage
priority: -1000
ACCEPT_KEYWORDS="amd64 ~amd64"
ACCEPT_LICENSE="* -@EULA"
CBUILD="x86_64-pc-linux-gnu"
CFLAGS="-O2 -pipe -flto=8 -fuse-ld=gold -fomit-frame-pointer -ftree-vectorize -march=sandybridge -mtune=sandybridge -mmmx -msse -msse2 -msse3 -mssse3 -mcx16 -msahf -maes -mpclmul -mpopcnt -mavx -msse4.2 -msse4.1 -mfxsr -mxsave -mxsaveopt --param l1-cache-size=32 --param l1-cache-line-size=64 --param l2-cache-size=8192"
CHOST="x86_64-pc-linux-gnu"
CONFIG_PROTECT="/etc /usr/lib64/libreoffice/program/sofficerc /usr/share/gnupg/qualified.txt /var/lib/i2pd/certificates"
CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/dconf /etc/env.d /etc/fonts/fonts.conf /etc/gconf /etc/gentoo-release /etc/revdep-rebuild /etc/sandbox.d /etc/terminfo"
CXXFLAGS="-O2 -pipe -flto=8 -fuse-ld=gold -fomit-frame-pointer -ftree-vectorize -march=sandybridge -mtune=sandybridge -mmmx -msse -msse2 -msse3 -mssse3 -mcx16 -msahf -maes -mpclmul -mpopcnt -mavx -msse4.2 -msse4.1 -mfxsr -mxsave -mxsaveopt --param l1-cache-size=32 --param l1-cache-line-size=64 --param l2-cache-size=8192"
DISTDIR="/usr/portage/distfiles"
ENV_UNSET="DBUS_SESSION_BUS_ADDRESS DISPLAY PERL5LIB PERL5OPT PERLPREFIX PERL_CORE PERL_MB_OPT PERL_MM_OPT XAUTHORITY XDG_CACHE_HOME XDG_CONFIG_HOME XDG_DATA_HOME XDG_RUNTIME_DIR"
FCFLAGS="-O2 -pipe"
FEATURES="assume-digests binpkg-logs candy cgroup config-protect-if-modified distlocks ebuild-locks fixlafiles merge-sync multilib-strict news nodoc noinfo noman parallel-fetch parallel-install preserve-libs protect-owned sandbox sfperms strict unknown-features-warn unmerge-logs unmerge-orphans userfetch userpriv usersandbox usersync webrsync-gpg xattr"
FFLAGS="-O2 -pipe"
LANG="en_US.utf8"
LDFLAGS="-Wl,-O1 -Wl,--as-needed"
LINGUAS="en ru ua"
MAKEOPTS="-j8"
PKGDIR="/usr/portage/packages"
PORTAGE_CONFIGROOT="/"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --omit-dir-times --compress --force --whole-file --delete --stats --human-readable --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages --exclude=/.git"
PORTAGE_TMPDIR="/var/tmp"
USE="#chromium #graphite #link X a aac acl acpi adjust alsa amd64 avx based bash-completion berkdb branding break, bzip2 cairo can check cli consolekit crypt custom-cflags custom-optimization cxx dbus dri dri3 ffmpeg fortran gallium gdbm gif glamor gnome-keyring graphite gstreamer gtk gtk3 iconv icu intermediate jemalloc jit jpeg jpeg2k jumbo-build jumbo_file_merge_limit libnotify libsamplerate libtirpc llvm lm_sensors lock loop lto lzma lzo make matroska mime mmx mmxext mng mp3 mp4 multilib ncurses networkmanager nls nptl ntp on opengl openmp optimization optimizations pam pclmul pcre png policykit polyhedral popcnt rdesktop readline representation seccomp session shenandoah sndfile socks5 sound speedup, sqlite sse sse2 sse3 sse4_1 sse4_2 ssl ssse3 startup-notification svg system-bzip2 system-ffmpeg system-harfbuzz system-icu system-jpeg system-libevent system-libvpx system-libwebp system-lua system-sqlite system-zlib tcpd theora threads thunar tiff time truetype udev udisks unicode upower usb uvm v4l vaapi vdpau vorbis vpx vulkan webp wifi wmf x264 xa xattr xcb xpm xscreensaver xvid xvmc zlib" ABI_X86="64" ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m maestro3 trident usb-audio via82xx via82xx-modem ymfpci" APACHE2_MODULES="authn_core authz_core socache_shmcb unixd actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache cgi cgid dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias" CALLIGRA_FEATURES="karbon plan sheets stage words" COLLECTD_PLUGINS="df interface irq load memory rrdtool swap syslog" CPU_FLAGS_X86="aes avx mmx mmxext pclmul popcnt sse sse2 sse3 sse4_1 sse4_2 ssse3" ELIBC="glibc" GPSD_PROTOCOLS="ashtech aivdm earthmate evermore fv18 garmin garmintxt gpsclock isync itrax mtk3301 nmea ntrip navcom oceanserver oldstyle oncore rtcm104v2 rtcm104v3 sirf skytraq superstar2 timing tsip tripmate tnt ublox ubx" INPUT_DEVICES="evdev synaptics" KERNEL="linux" L10N="en ru ua" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LIBREOFFICE_EXTENSIONS="presenter-console presenter-minimizer" OFFICE_IMPLEMENTATION="libreoffice" PHP_TARGETS="php5-6 php7-1" POSTGRES_TARGETS="postgres9_5 postgres10" PYTHON_SINGLE_TARGET="python3_6" PYTHON_TARGETS="python2_7 python3_6" QEMU_SOFTMMU_TARGETS="arm" QEMU_USER_TARGETS="arm" RUBY_TARGETS="ruby25" USERLAND="GNU" VIDEO_CARDS="intel i965" XFCE_PLUGINS="brightness clock power trash" XTABLES_ADDONS="quota2 psd pknock lscan length2 ipv4options ipset ipp2p iface geoip fuzzy condition tee tarpit sysrq steal rawnat logmark ipmark dhcpmac delude chaos account"
Unset: CC, CPPFLAGS, CTARGET, CXX, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LC_ALL, PORTAGE_BINHOST, PORTAGE_BUNZIP2_COMMAND, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS
equery u tor
[ Legend : U - final flag setting for installation]
[ : I - package is installed with flag ]
[ Colors : set, unset ]
* Found these USE flags for net-vpn/tor-0.3.5.3_alpha:
U I
- - caps : Use Linux capabilities library to control privilege
- - libressl : Use dev-libs/libressl instead of dev-libs/openssl when applicable (see also the ssl useflag)
+ + lzma : Support for LZMA (de)compression algorithm
- - scrypt : Use app-crypt/libscrypt for the scrypt algorithm
+ + seccomp : Enable seccomp (secure computing mode) to perform system call filtering at runtime to increase security of programs
- - systemd : Enable use of systemd-specific libraries and features like socket activation or session tracking
- - test : Enable dependencies and/or preparations necessary to run tests (usually controlled by FEATURES=test but can be toggled independently)
- - tor-hardening : Compile tor with hardening on vanilla compilers/linkers
- - zstd : Use app-arch/zstd for compression
gentoo bug : bugs.gentoo.org/669510
**Trac**:
**Username**: n05Tor: 0.3.5.x-finalhttps://gitlab.torproject.org/tpo/core/tor/-/issues/28160outdated docs in rust/tor_log2021-07-22T16:20:37ZTracoutdated docs in rust/tor_log`torlog.c` was moved.
**Trac**:
**Username**: cyberpunks`torlog.c` was moved.
**Trac**:
**Username**: cyberpunksTor: 0.3.5.x-finalhttps://gitlab.torproject.org/tpo/core/tor/-/issues/28135Bad CERTS cells in mixed chutney network2020-06-27T13:51:51ZteorBad CERTS cells in mixed chutney networkYet another mixed network error - these race conditions really are exercising a whole lot of unusual code paths:
```
FAIL: mixed+hs-v2
Detail: chutney/tools/warnings.sh /Users/base/chutney/net/nodes.1537279328
Warning: Received a bad CER...Yet another mixed network error - these race conditions really are exercising a whole lot of unusual code paths:
```
FAIL: mixed+hs-v2
Detail: chutney/tools/warnings.sh /Users/base/chutney/net/nodes.1537279328
Warning: Received a bad CERTS cell from 127.0.0.1:5002: Problem setting or checking peer id Number: 1
Warning: Received a bad CERTS cell from 127.0.0.1:5003: Problem setting or checking peer id Number: 1
Warning: Tried connecting to router at 127.0.0.1:5002, but RSA identity key was not as expected: wanted F0F7644942E7570548AA9BB1763F643123CE40C5 + no ed25519 key but got 72658EEB1AB9F6326635849C1D33052FC0C0F551 + 95IoksCTUXVIyqHU+lPMR3ppCzj+AdT5Bpg6BTSKDzI. Number: 1
Warning: Tried connecting to router at 127.0.0.1:5003, but RSA identity key was not as expected: wanted 185EF19538055B8B6F591224A66F0516C204BE98 + no ed25519 key but got 945CD7D474D11CA2A6DBEF63715477BA17657E68 + RT2D7+9+F4bADlz7427uBoUrV3iKtSz31l7/xT/xTls. Number: 1
Warning: http status 400 ("Nonauthoritative directory does not accept posted server descriptors") response from dirserver '127.0.0.1:7002'. Please correct. Number: 3
Warning: http status 400 ("Nonauthoritative directory does not accept posted server descriptors") response from dirserver '127.0.0.1:7003'. Please correct. Number: 3
```Tor: 0.3.5.x-finalhttps://gitlab.torproject.org/tpo/core/tor/-/issues/28129reload v3 client authorization: Assertion !tor_mem_is_zero2021-09-30T13:25:26ZTracreload v3 client authorization: Assertion !tor_mem_is_zeroWhen a v3 hidden service exists and an authorized client is added, Tor fails to reload the configuration.
== Steps to Reproduce
1. create a hidden service:
```
HiddenServiceDir /var/lib/tor/hidden_service/
HiddenServicePort 22 127.0.0...When a v3 hidden service exists and an authorized client is added, Tor fails to reload the configuration.
== Steps to Reproduce
1. create a hidden service:
```
HiddenServiceDir /var/lib/tor/hidden_service/
HiddenServicePort 22 127.0.0.1
```
2. reload to create service (`systemctl reload tor@default`)
3. add a client
content of `ClientOnionAuthDir /var/lib/tor/client_auth`:
```
ClientOnionAuthDir /var/lib/tor/client_auth
}}}
4. reload again (`systemctl reload tor@default`)
resulting crash:
{{{
Oct 20 00:48:52 rust Tor[8823]: tor_assertion_failed_(): Bug: ../src/feature/hs/hs_descriptor.c:2897: hs_desc_build_authorized_client: Assertion !tor_mem_is_zero((char *) descriptor_cookie, HS_DESC_DESCRIPTOR_COOKIE_LEN) failed; aborting. (on Tor 0.3.5.3-alpha )
Oct 20 00:48:52 rust Tor[8823]: Bug: Assertion !tor_mem_is_zero((char *) descriptor_cookie, HS_DESC_DESCRIPTOR_COOKIE_LEN) failed in hs_desc_build_authorized_client at ../src/feature/hs/hs_descriptor.c:2897. Stack trace: (on Tor 0.3.5.3-alpha )
Oct 20 00:48:52 rust Tor[8823]: Bug: /usr/bin/tor(log_backtrace_impl+0x47) [0x55eec9b04d97] (on Tor 0.3.5.3-alpha )
Oct 20 00:48:52 rust Tor[8823]: Bug: /usr/bin/tor(tor_assertion_failed_+0x94) [0x55eec9b00344] (on Tor 0.3.5.3-alpha )
Oct 20 00:48:52 rust Tor[8823]: Bug: /usr/bin/tor(hs_desc_build_authorized_client+0x2c7) [0x55eec9a1b337] (on Tor 0.3.5.3-alpha )
Oct 20 00:48:52 rust Tor[8823]: Bug: /usr/bin/tor(+0x10707f) [0x55eec9a1d07f] (on Tor 0.3.5.3-alpha )
Oct 20 00:48:52 rust Tor[8823]: Bug: /usr/bin/tor(hs_service_load_all_keys+0x2a0) [0x55eec9a20a30] (on Tor 0.3.5.3-alpha )
Oct 20 00:48:52 rust Tor[8823]: Bug: /usr/bin/tor(set_options+0xeeb) [0x55eec9a8bcab] (on Tor 0.3.5.3-alpha )
Oct 20 00:48:52 rust Tor[8823]: Bug: /usr/bin/tor(options_init_from_string+0x39c) [0x55eec9a8d87c] (on Tor 0.3.5.3-alpha )
Oct 20 00:48:52 rust Tor[8823]: Bug: /usr/bin/tor(options_init_from_torrc+0x42e) [0x55eec9a8dece] (on Tor 0.3.5.3-alpha )
Oct 20 00:48:52 rust Tor[8823]: Bug: /usr/bin/tor(+0x57d99) [0x55eec996dd99] (on Tor 0.3.5.3-alpha )
Oct 20 00:48:52 rust Tor[8823]: Bug: /usr/lib/x86_64-linux-gnu/libevent-2.0.so.5(event_base_loop+0xef0) [0x7fe621423df0] (on Tor 0.3.5.3-alpha )
Oct 20 00:48:52 rust Tor[8823]: Bug: /usr/bin/tor(do_main_loop+0xc5) [0x55eec9982665] (on Tor 0.3.5.3-alpha )
Oct 20 00:48:52 rust Tor[8823]: Bug: /usr/bin/tor(tor_run_main+0x141e) [0x55eec997033e] (on Tor 0.3.5.3-alpha )
Oct 20 00:48:52 rust Tor[8823]: Bug: /usr/bin/tor(tor_main+0x3a) [0x55eec996d64a] (on Tor 0.3.5.3-alpha )
Oct 20 00:48:52 rust Tor[8823]: Bug: /usr/bin/tor(main+0x19) [0x55eec996d1c9] (on Tor 0.3.5.3-alpha )
Oct 20 00:48:52 rust Tor[8823]: Bug: /lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xf1) [0x7fe61fc7f2e1] (on Tor 0.3.5.3-alpha )
Oct 20 00:48:52 rust Tor[8823]: Bug: /usr/bin/tor(_start+0x2a) [0x55eec996d21a] (on Tor 0.3.5.3-alpha )
```
**Trac**:
**Username**: pegeTor: 0.3.5.x-finalhttps://gitlab.torproject.org/tpo/core/tor/-/issues/28128v3 client auth: No interned sandbox parameter found2021-09-30T13:25:26ZTracv3 client auth: No interned sandbox parameter found
Setting `ClientOnionAuthDir /var/lib/tor/client_auth` in combination with `Sandbox 1` leads to this error:
```
Oct 19 22:32:15 host tor[18554]: Oct 19 22:32:15.000 [warn] sandbox_intern_string(): Bug: No interned sandbox parameter foun...
Setting `ClientOnionAuthDir /var/lib/tor/client_auth` in combination with `Sandbox 1` leads to this error:
```
Oct 19 22:32:15 host tor[18554]: Oct 19 22:32:15.000 [warn] sandbox_intern_string(): Bug: No interned sandbox parameter found for /var/lib/tor/client_auth (on Tor 0.3.5.3-alpha )
Oct 19 22:32:15 host tor[18554]: Oct 19 22:32:15.000 [warn] Directory /var/lib/tor/client_auth cannot be read: Permission denied
```
When `Sandbox` is set the `0`, the everything works just fine.
**Trac**:
**Username**: pegeTor: 0.3.5.x-finalDavid Gouletdgoulet@torproject.orgDavid Gouletdgoulet@torproject.orghttps://gitlab.torproject.org/tpo/core/tor/-/issues/28127Hidden service option HiddenServiceAuthorizeClient is incompatible with versi...2021-09-30T13:25:26ZTracHidden service option HiddenServiceAuthorizeClient is incompatible with version 3When upgrading from 0.3.4 to 0.3.5 hidden services that have HiddenServiceAuthorizeClient set break. My understanding is that already created onion services should remain v2 and new services are created as v3. However, this doesn't appea...When upgrading from 0.3.4 to 0.3.5 hidden services that have HiddenServiceAuthorizeClient set break. My understanding is that already created onion services should remain v2 and new services are created as v3. However, this doesn't appear to be the case if client authorization is active.
== Steps to reproduce:
1. Create an a hidden service like this in 0.3.4:
```
HiddenServiceDir /var/lib/tor/hidden_service/
HiddenServiceAuthorizeClient stealth client1,client2
HiddenServicePort 45325 127.0.0.1:22
```
2. Upgrade to 0.3.5
3. You'll see this error:
```
Oct 19 18:18:35 rasp3-l5 systemd[1]: Starting Anonymizing overlay network for TCP...
Oct 19 18:18:36 rasp3-l5 tor[13098]: Oct 19 18:18:36.243 [notice] Tor 0.3.5.3-alpha running on Linux with Libevent 2.0.21-stable, OpenSSL 1.1.0f, Zlib 1.2.8, Liblzma 5.2.2, and Libzstd 1.1.2.
Oct 19 18:18:36 rasp3-l5 tor[13098]: Oct 19 18:18:36.243 [notice] Tor can't help you if you use it wrong! Learn how to be safe at https://www.torproject.org/download/download#warning
Oct 19 18:18:36 rasp3-l5 tor[13098]: Oct 19 18:18:36.243 [notice] This version is not a stable Tor release. Expect more bugs than usual.
Oct 19 18:18:36 rasp3-l5 tor[13098]: Oct 19 18:18:36.243 [notice] Read configuration file "/usr/share/tor/tor-service-defaults-torrc".
Oct 19 18:18:36 rasp3-l5 tor[13098]: Oct 19 18:18:36.243 [notice] Read configuration file "/etc/tor/torrc".
Oct 19 18:18:36 rasp3-l5 tor[13098]: Oct 19 18:18:36.254 [warn] Hidden service option HiddenServiceAuthorizeClient is incompatible with version 3 of service in /var/lib/tor/hidden_service/
Oct 19 18:18:36 rasp3-l5 tor[13098]: Oct 19 18:18:36.254 [warn] Failed to parse/validate config: Failed to configure rendezvous options. See logs for details.
Oct 19 18:18:36 rasp3-l5 tor[13098]: Oct 19 18:18:36.254 [err] Reading config failed--see warnings above.
```
In 0.3.5, setting `HiddenServiceVersion 2` and removing it again has the same effect.
**Trac**:
**Username**: pegeTor: 0.3.5.x-finalNeel Chauhanneel@neelc.orgNeel Chauhanneel@neelc.orghttps://gitlab.torproject.org/tpo/core/tor/-/issues/28123Missing description of ED25519-V3 private key format in rend-spec-v3.txt2020-06-27T13:51:52ZriastradhMissing description of ED25519-V3 private key format in rend-spec-v3.txtrend-spec-v3.txt does not specify the format of ED25519-V3 keys in enough detail to make an interoperable implementation. And in particular, the format is _different_ from typical Ed25519 implementations like ed25519/ref in SUPERCOP.
I...rend-spec-v3.txt does not specify the format of ED25519-V3 keys in enough detail to make an interoperable implementation. And in particular, the format is _different_ from typical Ed25519 implementations like ed25519/ref in SUPERCOP.
In contrast, the document does specify the format of RSA1024 (v2) keys in enough detail to make an interoperable implementation.Tor: 0.3.5.x-finalhttps://gitlab.torproject.org/tpo/core/tor/-/issues/28120hs_descriptor: CID 1440368: Incorrect expression (SIZEOF_MISMATCH)2021-09-30T13:25:26ZGeorge Kadianakishs_descriptor: CID 1440368: Incorrect expression (SIZEOF_MISMATCH)```
*** CID 1440368: Incorrect expression (SIZEOF_MISMATCH)
/src/feature/hs/hs_descriptor.c: 2954 in hs_desc_build_authorized_client()
2948 HS_DESC_COOKIE_KEY_BIT_SIZE);
2949 /* T...```
*** CID 1440368: Incorrect expression (SIZEOF_MISMATCH)
/src/feature/hs/hs_descriptor.c: 2954 in hs_desc_build_authorized_client()
2948 HS_DESC_COOKIE_KEY_BIT_SIZE);
2949 /* This can't fail. */
2950 crypto_cipher_encrypt(cipher, (char *) client_out->encrypted_cookie,
2951 (const char *) descriptor_cookie,
2952 HS_DESC_DESCRIPTOR_COOKIE_LEN);
2953
>>> CID 1440368: Incorrect expression (SIZEOF_MISMATCH)
>>> Passing argument "keystream" of type "uint8_t *" and argument "8UL /* sizeof (keystream) */" to function "memwipe" is suspicious.
2954 memwipe(keystream, 0, sizeof(keystream));
2955 tor_free(keystream);
```Tor: 0.3.5.x-finalhttps://gitlab.torproject.org/tpo/core/tor/-/issues/281150.3.5.3 FTBFS on mips and s3902020-06-27T13:51:52Zweasel (Peter Palfrader)0.3.5.3 FTBFS on mips and s390Tor 0.3.5.3-alpha-1 has failed to build on s390x and mips for Debian experimental. Other mips* platforms have not yet been tried.
For now,
https://buildd.debian.org/status/fetch.php?pkg=tor&arch=s390x&ver=0.3.5.3-alpha-1&stamp=15398446...Tor 0.3.5.3-alpha-1 has failed to build on s390x and mips for Debian experimental. Other mips* platforms have not yet been tried.
For now,
https://buildd.debian.org/status/fetch.php?pkg=tor&arch=s390x&ver=0.3.5.3-alpha-1&stamp=1539844680&raw=0
and
https://buildd.debian.org/status/fetch.php?pkg=tor&arch=mips&ver=0.3.5.3-alpha-1&stamp=1539846878&raw=0
have the full build logs.
```
crypto/ope/vectors:
FAIL ../src/test/test_crypto_ope.c:141: assert(crypto_ope_encrypt(ope, val) OP_EQ res): 3968478454 vs 3971694514
[vectors FAILED]
```
is common to both (same numbers too).
Additionally, on mips this happened:
```
storagedir/empty: [forking] OK
storagedir/basic: [forking] Oct 18 07:14:22.551 [err] tor_assertion_failed_(): Bug: ../src/test/testing_rsakeys.c:540: init_pregenerated_keys: Assertion r == 0 failed; aborting. (on Tor 0.3.5.3-alpha )
Oct 18 07:14:22.553 [err] Bug: Assertion r == 0 failed in init_pregenerated_keys at ../src/test/testing_rsakeys.c:540. Stack trace: (on Tor 0.3.5.3-alpha )
Oct 18 07:14:22.553 [err] Bug: ./src/test/test(log_backtrace_impl+0x84) [0x55cb65f8] (on Tor 0.3.5.3-alpha )
Oct 18 07:14:22.554 [err] Bug: ./src/test/test(tor_assertion_failed_+0xc4) [0x55cb1188] (on Tor 0.3.5.3-alpha )
Oct 18 07:14:22.554 [err] Bug: ./src/test/test(init_pregenerated_keys+0x198) [0x55a9b130] (on Tor 0.3.5.3-alpha )
Oct 18 07:14:22.554 [err] Bug: ./src/test/test(testcase_run_one+0x2d8) [0x55a9b530] (on Tor 0.3.5.3-alpha )
Oct 18 07:14:22.554 [err] Bug: ./src/test/test(tinytest_main+0x188) [0x55a9be64] (on Tor 0.3.5.3-alpha )
Oct 18 07:14:22.555 [err] Bug: ./src/test/test(main+0x3ec) [0x556ec43c] (on Tor 0.3.5.3-alpha )
Oct 18 07:14:22.555 [err] Bug: /lib/mips-linux-gnu/libc.so.6(__libc_start_main+0x108) [0x76f48cf8] (on Tor 0.3.5.3-alpha )
Oct 18 07:14:22.555 [err] Bug: ./src/test/test(+0x5f5b4) [0x556ec5b4] (on Tor 0.3.5.3-alpha )
```Tor: 0.3.5.x-finalNick MathewsonNick Mathewsonhttps://gitlab.torproject.org/tpo/core/tor/-/issues/28089Exhausting our bandwidth write limit stops the connection from reading2020-06-27T13:51:53ZDavid Gouletdgoulet@torproject.orgExhausting our bandwidth write limit stops the connection from readingIn commit `488e2b00bf881b97bcc8e4bbe304845ff1d79a03`, we've refactored the block the connection on bandwidth logic and *one* typo got in, probably bad copy paste:
```
void
connection_write_bw_exhausted(connection_t *conn, bool is_global...In commit `488e2b00bf881b97bcc8e4bbe304845ff1d79a03`, we've refactored the block the connection on bandwidth logic and *one* typo got in, probably bad copy paste:
```
void
connection_write_bw_exhausted(connection_t *conn, bool is_global_bw)
{
(void)is_global_bw;
conn->write_blocked_on_bw = 1;
connection_stop_reading(conn);
reenable_blocked_connection_schedule();
}
```
Notice the `connection_stop_reading()` call where it should be a _stop writing_ ... This has the really bad side effect of making tor stop reading on the socket if the write limit is reached, and because `read_blocked_on_bw` is not set to 1, it is never reenabled through our mainloop callback.
This fix is *critical* else bytes accumulate in the kernel TCP buffers which can lead to OOM but also lost of connectivity with >= 0.3.4.x relays. One way to accumulate is the keepalive cell that bypasses KIST scheduler so tor sends it regardless if the kernel thinks it is OK. I'll open a ticket for this which is another problem.
This is most likely fixing legacy/trac#27813.
Appeared in 0.3.4.1-alpha.Tor: 0.3.5.x-finalhttps://gitlab.torproject.org/tpo/core/tor/-/issues/28066Fix typo in hs_cell_parse_introduce2() comment2020-06-27T13:51:54ZNeel Chauhanneel@neelc.orgFix typo in hs_cell_parse_introduce2() commentThe comment says this:
```
/* Parsse the INTRODUCE2 cell using data which contains everything we need to
* do so and contains the destination buffers of information we extract and
* compute from the cell. Return 0 on success else a neg...The comment says this:
```
/* Parsse the INTRODUCE2 cell using data which contains everything we need to
* do so and contains the destination buffers of information we extract and
* compute from the cell. Return 0 on success else a negative value. The
* service and circ are only used for logging purposes. */
```
The "Parsse" should be "Parse".Tor: 0.3.5.x-finalNeel Chauhanneel@neelc.orgNeel Chauhanneel@neelc.orghttps://gitlab.torproject.org/tpo/core/tor/-/issues/28026make hs-v3 client auth configuration clearer in man page2021-09-30T13:25:25Zmtigasmake hs-v3 client auth configuration clearer in man pageRe: convo w/ asn yesterday on IRC (tor-dev).
Jumping off of legacy/trac#27547, this is my attempt at clearing up some things I thought should be made more explicit in the man page, such as not needing to set HiddenServiceAuthorizeClient...Re: convo w/ asn yesterday on IRC (tor-dev).
Jumping off of legacy/trac#27547, this is my attempt at clearing up some things I thought should be made more explicit in the man page, such as not needing to set HiddenServiceAuthorizeClient, ClientOnionAuthDir doesn't contain just one file literally named ".auth_private", it's "some_handle.auth_private", etc.
This depends on legacy/trac#25796 (& my patch in this comment https://trac.torproject.org/projects/tor/ticket/25796#comment:10 ), since I'm following the convention in other parts of the manpage to point to spec.torproject.org, but rend-spec-v3 is not yet on that page.Tor: 0.3.5.x-finalhttps://gitlab.torproject.org/tpo/core/tor/-/issues/28024tell us where that mystery core file came from2020-06-27T13:51:55ZTaylor Yutell us where that mystery core file came fromWhen running `make distcheck`, run `file` on the mystery core file that sometimes appears, so we can better diagnose it.When running `make distcheck`, run `file` on the mystery core file that sometimes appears, so we can better diagnose it.Tor: 0.3.5.x-finalTaylor YuTaylor Yuhttps://gitlab.torproject.org/tpo/core/tor/-/issues/27995hs v3 auth descriptor cookie validation: tor crash when parsing .auth file af...2021-09-30T13:25:25ZTrachs v3 auth descriptor cookie validation: tor crash when parsing .auth file after SIGHUPHello devs,
While running tor onion service v3 with client auth disabled, if a new client .auth file is put under the authorized_clients subdir and a SIGHUP is sent to tor, the main process crashes after a bad assertion.
######
Oct 10...Hello devs,
While running tor onion service v3 with client auth disabled, if a new client .auth file is put under the authorized_clients subdir and a SIGHUP is sent to tor, the main process crashes after a bad assertion.
######
Oct 10 16:29:42.000 [info] load_client_keys(): Loading a client authorization key file a.auth...
Oct 10 16:29:42.000 [info] load_client_keys(): Loaded a client authorization key file a.auth.
Oct 10 16:29:42.000 [err] tor_assertion_failed_(): Bug: ../tor-0.3.5.2-alpha/src/feature/hs/hs_descriptor.c:2883: hs_desc_build_authorized_client: Assertion !tor_mem_is_zero((char *) descriptor_cookie, HS_DESC_DESCRIPTOR_COOKIE_LEN) failed; aborting. (on Tor 0.3.5.2-alpha )
Oct 10 16:29:42.000 [err] Bug: Assertion !tor_mem_is_zero((char *) descriptor_cookie, HS_DESC_DESCRIPTOR_COOKIE_LEN) failed in hs_desc_build_authorized_client at ../tor-0.3.5.2-alpha/src/feature/hs/hs_descriptor.c:2883. Stack trace: (on Tor 0.3.5.2-alpha )
Oct 10 16:29:42.000 [err] Bug: tor(log_backtrace_impl+0x5a) [0x781307] (on Tor 0.3.5.2-alpha )
Oct 10 16:29:42.000 [err] Bug: tor(tor_assertion_failed_+0x105) [0x77bc33] (on Tor 0.3.5.2-alpha )
Oct 10 16:29:42.000 [err] Bug: tor(hs_desc_build_authorized_client+0x255) [0x58cfa8] (on Tor 0.3.5.2-alpha )
Oct 10 16:29:42.000 [err] Bug: tor(+0x1216c9) [0x5936c9] (on Tor 0.3.5.2-alpha )
Oct 10 16:29:42.000 [err] Bug: tor(+0x1207f5) [0x5927f5] (on Tor 0.3.5.2-alpha )
Oct 10 16:29:42.000 [err] Bug: tor(+0x11ed28) [0x590d28] (on Tor 0.3.5.2-alpha )
Oct 10 16:29:42.000 [err] Bug: tor(hs_service_load_all_keys+0xdc) [0x598fb8] (on Tor 0.3.5.2-alpha )
Oct 10 16:29:42.000 [err] Bug: tor(+0x1bf5ea) [0x6315ea] (on Tor 0.3.5.2-alpha )
Oct 10 16:29:42.000 [err] Bug: tor(set_options+0xb0) [0x62e9f5] (on Tor 0.3.5.2-alpha )
Oct 10 16:29:42.000 [err] Bug: tor(options_init_from_string+0x63d) [0x63b6d6] (on Tor 0.3.5.2-alpha )
Oct 10 16:29:42.000 [err] Bug: tor(options_init_from_torrc+0x4f8) [0x63ad2c] (on Tor 0.3.5.2-alpha )
Oct 10 16:29:42.000 [err] Bug: tor(+0x43a82) [0x4b5a82] (on Tor 0.3.5.2-alpha )
Oct 10 16:29:42.000 [err] Bug: tor(+0x44666) [0x4b6666] (on Tor 0.3.5.2-alpha )
Oct 10 16:29:42.000 [err] Bug: tor(+0x4443a) [0x4b643a] (on Tor 0.3.5.2-alpha )
Oct 10 16:29:42.000 [err] Bug: /usr/lib/i386-linux-gnu/libevent-2.1.so.6(+0x209db) [0xb7dfa9db] (on Tor 0.3.5.2-alpha )
Oct 10 16:29:42.000 [err] Bug: /usr/lib/i386-linux-gnu/libevent-2.1.so.6(event_base_loop+0x4d1) [0xb7dfb3b1] (on Tor 0.3.5.2-alpha )
Oct 10 16:29:42.000 [err] Bug: tor(tor_libevent_run_event_loop+0x4b) [0x67047e] (on Tor 0.3.5.2-alpha )
Oct 10 16:29:42.000 [err] Bug: tor(+0x4418c) [0x4b618c] (on Tor 0.3.5.2-alpha )
Oct 10 16:29:42.000 [err] Bug: tor(+0x443a2) [0x4b63a2] (on Tor 0.3.5.2-alpha )
Oct 10 16:29:42.000 [err] Bug: tor(do_main_loop+0x372) [0x4b60e6] (on Tor 0.3.5.2-alpha )
Oct 10 16:29:42.000 [err] Bug: tor(tor_run_main+0x256) [0x4bb6ac] (on Tor 0.3.5.2-alpha )
Oct 10 16:29:42.000 [err] Bug: tor(tor_main+0x8a) [0x4b00d5] (on Tor 0.3.5.2-alpha )
Oct 10 16:29:42.000 [err] Bug: tor(main+0x46) [0x4afc8f] (on Tor 0.3.5.2-alpha )
Oct 10 16:29:42.000 [err] Bug: /lib/i386-linux-gnu/libc.so.6(__libc_start_main+0xf1) [0xb791c9a1] (on Tor 0.3.5.2-alpha )
Oct 10 16:29:42.000 [err] Bug: tor(+0x3db41) [0x4afb41] (on Tor 0.3.5.2-alpha )
######
This crash happened while running a non-optimized tor version and this is the backtrace from gdb:
```
#0 0xb7f75b91 in __kernel_vsyscall ()
#1 0xb7931112 in __libc_signal_restore_set (set=0xbfe7a9fc) at ../sysdeps/unix/sysv/linux/nptl-signals.h:80
#2 __GI_raise (sig=6) at ../sysdeps/unix/sysv/linux/raise.c:48
#3 0xb7932531 in __GI_abort () at abort.c:79
#4 0x0058cfad in hs_desc_build_authorized_client ()
#5 0x005936c9 in build_service_desc_superencrypted ()
#6 0x005927f5 in move_descriptors ()
#7 0x00590d28 in register_all_services ()
#8 0x00598fb8 in hs_service_load_all_keys ()
#9 0x006315ea in options_act ()
#10 0x0062e9f5 in set_options ()
#11 0x0063b6d6 in options_init_from_string ()
#12 0x0063ad2c in options_init_from_torrc ()
#13 0x004b5a82 in do_hup ()
#14 0x004b6666 in process_signal ()
#15 0x004b643a in signal_callback ()
#16 0xb7dfa9db in ?? () from /usr/lib/i386-linux-gnu/libevent-2.1.so.6
#17 0xb7dfb3b1 in event_base_loop () from /usr/lib/i386-linux-gnu/libevent-2.1.so.6
#18 0x0067047e in tor_libevent_run_event_loop ()
#19 0x004b618c in run_main_loop_once ()
#20 0x004b63a2 in run_main_loop_until_done ()
#21 0x004b60e6 in do_main_loop ()
#22 0x004bb6ac in tor_run_main ()
#23 0x004b00d5 in tor_main ()
#24 0x004afc8f in main ()
```
######
If the process is restarted, there is no problem setting up the descriptor cookie.
I've coded a dirty patch that solves this problem:
On tor 0.3.5.2-alpha/src/feature/hs/hs_service.c
```
1764a1765,1771
> /* Test that descriptor_cookie is not zero because we will use it
> * bellow */
> if (tor_mem_is_zero((char*)desc->descriptor_cookie,
> HS_DESC_DESCRIPTOR_COOKIE_LEN)) {
> crypto_strongest_rand(desc->descriptor_cookie,
> sizeof(desc->descriptor_cookie));
> }
```
I don't know if this is the best course of action or if it would be wiser to check it elsewhere.
TODO: elaborate a unit test.
**Trac**:
**Username**: madageTor: 0.3.5.x-finalDavid Gouletdgoulet@torproject.orgDavid Gouletdgoulet@torproject.orghttps://gitlab.torproject.org/tpo/core/tor/-/issues/27990Missing sys/time.h include in procmon.c breaks netbsd compilation2020-06-27T13:51:58ZNick MathewsonMissing sys/time.h include in procmon.c breaks netbsd compilationTor: 0.3.5.x-finalNick MathewsonNick Mathewsonhttps://gitlab.torproject.org/tpo/core/tor/-/issues/27985Memory leak with Tor 0.3.4.8-1 and Linux 4.18.12.a-1-hardened2020-06-27T13:51:58ZTracMemory leak with Tor 0.3.4.8-1 and Linux 4.18.12.a-1-hardenedHi,
one of my nodes running Tor 0.3.4.8-1 and Linux 4.18.12.a-1-hardened has a heavy memory leak, which is related to Tor, but it does not show up on top that it is Tor causing this. I just found out by restarting services with "good lu...Hi,
one of my nodes running Tor 0.3.4.8-1 and Linux 4.18.12.a-1-hardened has a heavy memory leak, which is related to Tor, but it does not show up on top that it is Tor causing this. I just found out by restarting services with "good luck" that it's Tor causing this.
This is what the memory leak looks like: https://imgur.com/a/h4bzyhy
When oom_reaper killed Tor, it printed:
Oct 08 22:52:25 zepto.mcl.gg kernel: Out of memory: Kill process 2392 (tor) score 27 or sacrifice child
Oct 08 22:52:25 zepto.mcl.gg kernel: Killed process 2392 (tor) total-vm:1405252kB, anon-rss:888384kB, file-rss:0kB, shmem-rss:0kB
Oct 08 22:52:25 zepto.mcl.gg kernel: oom_reaper: reaped process 2392 (tor), now anon-rss:0kB, file-rss:0kB, shmem-rss:0kB
oom_reaper also killed a lot of processes before Tor, because even my Kernel seemed to be unsure where that memory usage came from. As I said, it does not appear as VIRT, RES or even SHR.
Only notable changes to torrc is to listen on the docker if (SocksPort 172.17.0.1:9050) and MaxCircuitDirtiness 120.
I'd be very happy if somebody could help troubleshooting this, thanks.
**Trac**:
**Username**: wrmsrTor: 0.3.5.x-finalhttps://gitlab.torproject.org/tpo/core/tor/-/issues/279830.3.2.x reached it's EOL date: remove version 0.3.2.x from recommended versions2020-06-27T13:51:58Znusenu0.3.2.x reached it's EOL date: remove version 0.3.2.x from recommended versionstor 0.3.2 reached end-of-life as of 2018-10-09
https://trac.torproject.org/projects/tor/wiki/org/teams/NetworkTeam/CoreTorReleases
let's remove these versions from the recommended versions list:
server-versions 0.2.9.14, 0.2.9.15, 0.2...tor 0.3.2 reached end-of-life as of 2018-10-09
https://trac.torproject.org/projects/tor/wiki/org/teams/NetworkTeam/CoreTorReleases
let's remove these versions from the recommended versions list:
server-versions 0.2.9.14, 0.2.9.15, 0.2.9.16, 0.2.9.17, ~~0.3.2.10, 0.3.2.11, 0.3.2.12~~, 0.3.3.2-alpha, 0.3.3.3-alpha, 0.3.3.4-alpha, 0.3.3.5-rc, 0.3.3.6, 0.3.3.7, 0.3.3.8, 0.3.3.9, 0.3.3.10, 0.3.4.1-alpha, 0.3.4.2-alpha, 0.3.4.3-alpha, 0.3.4.4-rc, 0.3.4.5-rc, 0.3.4.6-rc, 0.3.4.7-rc, 0.3.4.8, 0.3.5.1-alpha, 0.3.5.2-alphaTor: 0.3.5.x-finalhttps://gitlab.torproject.org/tpo/core/tor/-/issues/27968SIGNAL HALT race condition in test-rebind.py2020-06-27T13:51:58ZteorSIGNAL HALT race condition in test-rebind.pyIf tor exits due to SIGNAL HALT, before the python subprocess module terminates it, then test-rebind.py can fail with OSError 3 (no such process).
This race condition causes make check failures on my laptop running Windows Subsystem for...If tor exits due to SIGNAL HALT, before the python subprocess module terminates it, then test-rebind.py can fail with OSError 3 (no such process).
This race condition causes make check failures on my laptop running Windows Subsystem for Linux. It could potentially cause CI failures on busy machines.
I have a patch that rewrites test-rebind.py to be more reliable.Tor: 0.3.5.x-finalteorteor