--- Begin Message ---
Package: release.debian.org
Severity: normal
Tags: stretch
User: release.debian....@packages.debian.org
Usertags: pu
Hi!
I'd like to update Tor in stable from 0.2.9.15 to 0.2.9.16.
Primary reason is the update of the bridge authority. The old
one went away, and it's the place that bridges report to so we can
tell clients about them.
https://gitweb.torproject.org/tor.git/tree/ChangeLog?h=tor-0.2.9.16
has the full upstream changelog.
If you agree, I can prepare a package, and either upload it directly
or present again for review.
Ideally, we'd make the updated package available via -updates before
the next point release already.
Cheers,
Upstream diff:
[git|release-0.2.9] weasel@orinoco:~/projects/tor/tor$ diffstat d
.editorconfig | 33
.travis.yml | 42
ChangeLog | 95
Makefile.am | 9
ReleaseNotes | 93
configure.ac | 8
contrib/win32build/tor-mingw.nsi.in | 2
scripts/maint/checkSpace.pl | 6
src/common/address.c | 4
src/common/crypto.c | 7
src/common/sandbox.c | 26
src/config/geoip |32959 ++++++++++++++++++++----------------
src/config/geoip6 | 8206 ++++----
src/or/auth_dirs.inc | 34
src/or/config.c | 34
src/or/dirserv.c | 13
src/or/include.am | 1
src/or/networkstatus.c | 1
src/or/nodelist.c | 13
src/or/protover.c | 13
src/or/relay.c | 1
src/or/router.c | 15
src/or/routerlist.c | 2
src/or/shared_random_state.c | 1
src/test/ntor_ref.py | 9
src/test/test_crypto.c | 41
src/test/test_dir.c | 20
src/test/test_hs.c | 7
src/test/test_shared_random.c | 2
src/win32/orconfig.h | 2
30 files changed, 23657 insertions(+), 18042 deletions(-)
[abridged diff attached]
--
| .''`. ** Debian **
Peter Palfrader | : :' : The universal
https://www.palfrader.org/ | `. `' Operating System
| `- https://www.debian.org/
diff --git a/ChangeLog b/ChangeLog
index 0934ae786..9b3906ab1 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,4 +1,97 @@
- Changes in version 0.2.9.15 - 2018-03-03
+Changes in version 0.2.9.16 - 2018-07-13
+ Tor 0.2.9.16 moves to a new bridge authority, meaning people running
+ bridge relays should upgrade. We also take this opportunity to backport
+ other minor fixes.
+
+ o Directory authority changes:
+ - The "Bifroest" bridge authority has been retired; the new bridge
+ authority is "Serge", and it is operated by George from the
+ TorBSD project. Closes ticket 26771.
+
+ o Directory authority changes (backport from 0.3.3.7):
+ - Add an IPv6 address for the "dannenberg" directory authority.
+ Closes ticket 26343.
+
+ o Major bugfixes (directory authorities, backport from 0.3.4.1-alpha):
+ - When directory authorities read a zero-byte bandwidth file, they
+ would previously log a warning with the contents of an
+ uninitialised buffer. They now log a warning about the empty file
+ instead. Fixes bug 26007; bugfix on 0.2.2.1-alpha.
+
+ o Minor features (sandbox, backport from 0.3.3.4-alpha):
+ - Explicitly permit the poll() system call when the Linux
+ seccomp2-based sandbox is enabled: apparently, some versions of
+ libc use poll() when calling getpwnam(). Closes ticket 25313.
+
+ o Minor features (continuous integration, backport from 0.3.4.1-alpha):
+ - Our .travis.yml configuration now includes support for testing the
+ results of "make distcheck". (It's not uncommon for "make check"
+ to pass but "make distcheck" to fail.) Closes ticket 25814.
+ - Our Travis CI configuration now integrates with the Coveralls
+ coverage analysis tool. Closes ticket 25818.
+
+ o Minor features (compilation, backport from 0.3.4.4-rc):
+ - When building Tor, prefer to use Python 3 over Python 2, and more
+ recent (contemplated) versions over older ones. Closes
+ ticket 26372.
+
+ o Minor features (geoip):
+ - Update geoip and geoip6 to the July 3 2018 Maxmind GeoLite2
+ Country database. Closes ticket 26674.
+
+ o Minor bugfixes (correctness, client, backport from 0.3.4.1-alpha):
+ - Upon receiving a malformed connected cell, stop processing the
+ cell immediately. Previously we would mark the connection for
+ close, but continue processing the cell as if the connection were
+ open. Fixes bug 26072; bugfix on 0.2.4.7-alpha.
+
+ o Minor bugfixes (Linux seccomp2 sandbox, backport from 0.3.4.1-alpha):
+ - Allow the nanosleep() system call, which glibc uses to implement
+ sleep() and usleep(). Fixes bug 24969; bugfix on 0.2.5.1-alpha.
+
+ o Minor bugfixes (testing, compatibility, backport from 0.3.4.4-rc):
+ - When running the ntor_ref.py test, make sure only to pass strings
+ (rather than "bytes" objects) to the Python subprocess module.
+ Python 3 on Windows seems to require this. Fixes bug 26535; bugfix
+ on 0.2.5.5-alpha.
+
+ o Minor bugfixes (compatibility, openssl, backport from 0.3.4.2-alpha):
+ - Work around a change in OpenSSL 1.1.1 where return values that
+ would previously indicate "no password" now indicate an empty
+ password. Without this workaround, Tor instances running with
+ OpenSSL 1.1.1 would accept descriptors that other Tor instances
+ would reject. Fixes bug 26116; bugfix on 0.2.5.16.
+
+ o Minor bugfixes (compilation, backport from 0.3.4.4-rc):
+ - Fix a compilation warning on some versions of GCC when building
+ code that calls routerinfo_get_my_routerinfo() twice, assuming
+ that the second call will succeed if the first one did. Fixes bug
+ 26269; bugfix on 0.2.8.2-alpha.
+
+ o Minor bugfixes (client, backport from 0.3.4.1-alpha):
+ - Don't consider Tor running as a client if the ControlPort is open,
+ but no actual client ports are open. Fixes bug 26062; bugfix
+ on 0.2.9.4-alpha.
+
+ o Minor bugfixes (hardening, backport from 0.3.4.2-alpha):
+ - Prevent a possible out-of-bounds smartlist read in
+ protover_compute_vote(). Fixes bug 26196; bugfix on 0.2.9.4-alpha.
+
+ o Minor bugfixes (C correctness, backport from 0.3.3.4-alpha):
+ - Fix a very unlikely (impossible, we believe) null pointer
+ dereference. Fixes bug 25629; bugfix on 0.2.9.15. Found by
+ Coverity; this is CID 1430932.
+
+ o Minor bugfixes (memory, correctness, backport from 0.3.4.4-rc):
+ - Fix a number of small memory leaks identified by coverity. Fixes
+ bug 26467; bugfix on numerous Tor versions.
+
+ o Code simplification and refactoring (backport from 0.3.3.5-rc):
+ - Move the list of default directory authorities to its own file.
+ Closes ticket 24854. Patch by "beastr0".
+
+
+Changes in version 0.2.9.15 - 2018-03-03
Tor 0.2.9.15 backports important security and stability bugfixes from
later Tor releases.
diff --git a/Makefile.am b/Makefile.am
index f400728ba..f06d0e373 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -216,3 +216,12 @@ mostlyclean-local:
rm -rf $(HTML_COVER_DIR)
rm -rf $(top_builddir)/doc/doxygen
rm -rf $(TEST_NETWORK_ALL_LOG_DIR)
+
+# This relies on some internal details of how automake implements
+# distcheck. We check two directories because automake-1.15 changed
+# from $(distdir)/_build to $(distdir)/_build/sub.
+show-distdir-testlog:
+ @if test -d "$(distdir)/_build/sub"; then \
+ cat $(distdir)/_build/sub/$(TEST_SUITE_LOG); \
+ else \
+ cat $(distdir)/_build/$(TEST_SUITE_LOG); fi
diff --git a/ReleaseNotes b/ReleaseNotes
index c874583c9..d3c914679 100644
--- a/ReleaseNotes
+++ b/ReleaseNotes
@@ -2,6 +2,99 @@ This document summarizes new features and bugfixes in each
stable release
of Tor. If you want to see more detailed descriptions of the changes in
each development snapshot, see the ChangeLog file.
+Changes in version 0.2.9.16 - 2018-07-13
+ Tor 0.2.9.16 moves to a new bridge authority, meaning people running
+ bridge relays should upgrade. We also take this opportunity to backport
+ other minor fixes.
+
+ o Directory authority changes:
+ - The "Bifroest" bridge authority has been retired; the new bridge
+ authority is "Serge", and it is operated by George from the
+ TorBSD project. Closes ticket 26771.
+
+ o Directory authority changes (backport from 0.3.3.7):
+ - Add an IPv6 address for the "dannenberg" directory authority.
+ Closes ticket 26343.
+
+ o Major bugfixes (directory authorities, backport from 0.3.4.1-alpha):
+ - When directory authorities read a zero-byte bandwidth file, they
+ would previously log a warning with the contents of an
+ uninitialised buffer. They now log a warning about the empty file
+ instead. Fixes bug 26007; bugfix on 0.2.2.1-alpha.
+
+ o Minor features (sandbox, backport from 0.3.3.4-alpha):
+ - Explicitly permit the poll() system call when the Linux
+ seccomp2-based sandbox is enabled: apparently, some versions of
+ libc use poll() when calling getpwnam(). Closes ticket 25313.
+
+ o Minor features (continuous integration, backport from 0.3.4.1-alpha):
+ - Our .travis.yml configuration now includes support for testing the
+ results of "make distcheck". (It's not uncommon for "make check"
+ to pass but "make distcheck" to fail.) Closes ticket 25814.
+ - Our Travis CI configuration now integrates with the Coveralls
+ coverage analysis tool. Closes ticket 25818.
+
+ o Minor features (compilation, backport from 0.3.4.4-rc):
+ - When building Tor, prefer to use Python 3 over Python 2, and more
+ recent (contemplated) versions over older ones. Closes
+ ticket 26372.
+
+ o Minor features (geoip):
+ - Update geoip and geoip6 to the July 3 2018 Maxmind GeoLite2
+ Country database. Closes ticket 26674.
+
+ o Minor bugfixes (correctness, client, backport from 0.3.4.1-alpha):
+ - Upon receiving a malformed connected cell, stop processing the
+ cell immediately. Previously we would mark the connection for
+ close, but continue processing the cell as if the connection were
+ open. Fixes bug 26072; bugfix on 0.2.4.7-alpha.
+
+ o Minor bugfixes (Linux seccomp2 sandbox, backport from 0.3.4.1-alpha):
+ - Allow the nanosleep() system call, which glibc uses to implement
+ sleep() and usleep(). Fixes bug 24969; bugfix on 0.2.5.1-alpha.
+
+ o Minor bugfixes (testing, compatibility, backport from 0.3.4.4-rc):
+ - When running the ntor_ref.py test, make sure only to pass strings
+ (rather than "bytes" objects) to the Python subprocess module.
+ Python 3 on Windows seems to require this. Fixes bug 26535; bugfix
+ on 0.2.5.5-alpha.
+
+ o Minor bugfixes (compatibility, openssl, backport from 0.3.4.2-alpha):
+ - Work around a change in OpenSSL 1.1.1 where return values that
+ would previously indicate "no password" now indicate an empty
+ password. Without this workaround, Tor instances running with
+ OpenSSL 1.1.1 would accept descriptors that other Tor instances
+ would reject. Fixes bug 26116; bugfix on 0.2.5.16.
+
+ o Minor bugfixes (compilation, backport from 0.3.4.4-rc):
+ - Fix a compilation warning on some versions of GCC when building
+ code that calls routerinfo_get_my_routerinfo() twice, assuming
+ that the second call will succeed if the first one did. Fixes bug
+ 26269; bugfix on 0.2.8.2-alpha.
+
+ o Minor bugfixes (client, backport from 0.3.4.1-alpha):
+ - Don't consider Tor running as a client if the ControlPort is open,
+ but no actual client ports are open. Fixes bug 26062; bugfix
+ on 0.2.9.4-alpha.
+
+ o Minor bugfixes (hardening, backport from 0.3.4.2-alpha):
+ - Prevent a possible out-of-bounds smartlist read in
+ protover_compute_vote(). Fixes bug 26196; bugfix on 0.2.9.4-alpha.
+
+ o Minor bugfixes (C correctness, backport from 0.3.3.4-alpha):
+ - Fix a very unlikely (impossible, we believe) null pointer
+ dereference. Fixes bug 25629; bugfix on 0.2.9.15. Found by
+ Coverity; this is CID 1430932.
+
+ o Minor bugfixes (memory, correctness, backport from 0.3.4.4-rc):
+ - Fix a number of small memory leaks identified by coverity. Fixes
+ bug 26467; bugfix on numerous Tor versions.
+
+ o Code simplification and refactoring (backport from 0.3.3.5-rc):
+ - Move the list of default directory authorities to its own file.
+ Closes ticket 24854. Patch by "beastr0".
+
+
Changes in version 0.2.9.15 - 2018-03-03
Tor 0.2.9.15 backports important security and stability bugfixes from
later Tor releases.
diff --git a/configure.ac b/configure.ac
index baf6ea3ca..f90480cd7 100644
--- a/configure.ac
+++ b/configure.ac
@@ -4,7 +4,7 @@ dnl Copyright (c) 2007-2015, The Tor Project, Inc.
dnl See LICENSE for licensing information
AC_PREREQ([2.63])
-AC_INIT([tor],[0.2.9.15])
+AC_INIT([tor],[0.2.9.16])
AC_CONFIG_SRCDIR([src/or/main.c])
AC_CONFIG_MACRO_DIR([m4])
@@ -213,7 +213,11 @@ AM_PROG_CC_C_O
AC_PROG_CC_C99
AC_ARG_VAR([PYTHON], [path to Python binary])
-AC_CHECK_PROGS(PYTHON, [python python2 python2.7 python3 python3.3])
+AC_CHECK_PROGS(PYTHON, [ \
+ python3 \
+ python3.8 python3.7 python3.6 python3.5 python3.4 \
+ python \
+ python2 python2.7])
if test "x$PYTHON" = "x"; then
AC_MSG_WARN([Python unavailable; some tests will not be run.])
fi
diff --git a/contrib/win32build/tor-mingw.nsi.in
b/contrib/win32build/tor-mingw.nsi.in
index f8e571cb0..3a45741d8 100644
--- a/contrib/win32build/tor-mingw.nsi.in
+++ b/contrib/win32build/tor-mingw.nsi.in
@@ -8,7 +8,7 @@
!include "LogicLib.nsh"
!include "FileFunc.nsh"
!insertmacro GetParameters
-!define VERSION "0.2.9.15"
+!define VERSION "0.2.9.15-dev"
!define INSTALLER "tor-${VERSION}-win32.exe"
!define WEBSITE "https://www.torproject.org/";
!define LICENSE "LICENSE"
diff --git a/scripts/maint/checkSpace.pl b/scripts/maint/checkSpace.pl
index e90f5b330..5af95a27e 100755
--- a/scripts/maint/checkSpace.pl
+++ b/scripts/maint/checkSpace.pl
@@ -177,11 +177,5 @@ for $fn (@ARGV) {
}
}
}
- ## Warn if the file doesn't end with a blank line.
- # (End each file with a single blank line.)
- if (! $lastnil) {
- print " EOL\@EOF:$fn:$.\n";
- }
close(F);
}
-
diff --git a/src/common/address.c b/src/common/address.c
index 68ad63941..96b99fa08 100644
--- a/src/common/address.c
+++ b/src/common/address.c
@@ -1199,7 +1199,7 @@ tor_addr_hash(const tor_addr_t *addr)
/* LCOV_EXCL_START */
tor_fragile_assert();
return 0;
- /* LCOV_EXCL_END */
+ /* LCOV_EXCL_STOP */
}
}
@@ -1221,7 +1221,7 @@ tor_addr_keyed_hash(const struct sipkey *key, const
tor_addr_t *addr)
/* LCOV_EXCL_START */
tor_fragile_assert();
return 0;
- /* LCOV_EXCL_END */
+ /* LCOV_EXCL_STOP */
}
}
diff --git a/src/common/crypto.c b/src/common/crypto.c
index 39c8cc2b0..f8495bb10 100644
--- a/src/common/crypto.c
+++ b/src/common/crypto.c
@@ -653,7 +653,12 @@ pem_no_password_cb(char *buf, int size, int rwflag, void
*u)
(void)size;
(void)rwflag;
(void)u;
- return 0;
+ /* The openssl documentation says that a callback "must" return 0 if an
+ * error occurred. But during the 1.1.1 series (commit c82c3462267afdbbaa5
+ * they changed the interpretation so that 0 indicates an empty password and
+ * -1 indicates an error. We want to reject any encrypted PEM buffers, so we
+ * return -1. This will work on older OpenSSL versions and LibreSSL too. */
+ return -1;
}
/** Read a PEM-encoded private key from the <b>len</b>-byte string <b>s</b>
diff --git a/src/common/sandbox.c b/src/common/sandbox.c
index b90ae0257..3d27ea66b 100644
--- a/src/common/sandbox.c
+++ b/src/common/sandbox.c
@@ -185,6 +185,9 @@ static int filter_nopar_gen[] = {
SCMP_SYS(mmap),
#endif
SCMP_SYS(munmap),
+#ifdef __NR_nanosleep
+ SCMP_SYS(nanosleep),
+#endif
#ifdef __NR_prlimit
SCMP_SYS(prlimit),
#endif
@@ -247,7 +250,8 @@ static int filter_nopar_gen[] = {
SCMP_SYS(recvmsg),
SCMP_SYS(recvfrom),
SCMP_SYS(sendto),
- SCMP_SYS(unlink)
+ SCMP_SYS(unlink),
+ SCMP_SYS(poll)
};
/* These macros help avoid the error where the number of filters we add on a
@@ -1062,25 +1066,6 @@ sb_mremap(scmp_filter_ctx ctx, sandbox_cfg_t *filter)
return 0;
}
-/**
- * Function responsible for setting up the poll syscall for
- * the seccomp filter sandbox.
- */
-static int
-sb_poll(scmp_filter_ctx ctx, sandbox_cfg_t *filter)
-{
- int rc = 0;
- (void) filter;
-
- rc = seccomp_rule_add_2(ctx, SCMP_ACT_ALLOW, SCMP_SYS(poll),
- SCMP_CMP(1, SCMP_CMP_EQ, 1),
- SCMP_CMP(2, SCMP_CMP_EQ, 10));
- if (rc)
- return rc;
-
- return 0;
-}
-
#ifdef __NR_stat64
/**
* Function responsible for setting up the stat64 syscall for
@@ -1155,7 +1140,6 @@ static sandbox_filter_func_t filter_func[] = {
sb_flock,
sb_futex,
sb_mremap,
- sb_poll,
#ifdef __NR_stat64
sb_stat64,
#endif
diff --git a/src/config/geoip b/src/config/geoip
index 756a68a48..07c11d685 100644
--- a/src/config/geoip
+++ b/src/config/geoip
[cut]
diff --git a/src/config/geoip6 b/src/config/geoip6
index 51fc4eedf..936a95c3c 100644
--- a/src/config/geoip6
+++ b/src/config/geoip6
[cut]
diff --git a/src/or/auth_dirs.inc b/src/or/auth_dirs.inc
new file mode 100644
index 000000000..08a919b05
--- /dev/null
+++ b/src/or/auth_dirs.inc
@@ -0,0 +1,34 @@
+"moria1 orport=9101 "
+ "v3ident=D586D18309DED4CD6D57C18FDB97EFA96D330566 "
+ "128.31.0.39:9131 9695 DFC3 5FFE B861 329B 9F1A B04C 4639 7020 CE31",
+"tor26 orport=443 "
+ "v3ident=14C131DFC5C6F93646BE72FA1401C02A8DF2E8B4 "
+ "ipv6=[2001:858:2:2:aabb:0:563b:1526]:443 "
+ "86.59.21.38:80 847B 1F85 0344 D787 6491 A548 92F9 0493 4E4E B85D",
+"dizum orport=443 "
+ "v3ident=E8A9C45EDE6D711294FADF8E7951F4DE6CA56B58 "
+ "194.109.206.212:80 7EA6 EAD6 FD83 083C 538F 4403 8BBF A077 587D D755",
+"Serge orport=9001 bridge "
+ "66.111.2.131:9030 BA44 A889 E64B 93FA A2B1 14E0 2C2A 279A 8555 C533",
+"gabelmoo orport=443 "
+ "v3ident=ED03BB616EB2F60BEC80151114BB25CEF515B226 "
+ "ipv6=[2001:638:a000:4140::ffff:189]:443 "
+ "131.188.40.189:80 F204 4413 DAC2 E02E 3D6B CF47 35A1 9BCA 1DE9 7281",
+"dannenberg orport=443 "
+ "v3ident=0232AF901C31A04EE9848595AF9BB7620D4C5B2E "
+ "ipv6=[2001:678:558:1000::244]:443 "
+ "193.23.244.244:80 7BE6 83E6 5D48 1413 21C5 ED92 F075 C553 64AC 7123",
+"maatuska orport=80 "
+ "v3ident=49015F787433103580E3B66A1707A00E60F2D15B "
+ "ipv6=[2001:67c:289c::9]:80 "
+ "171.25.193.9:443 BD6A 8292 55CB 08E6 6FBE 7D37 4836 3586 E46B 3810",
+"Faravahar orport=443 "
+ "v3ident=EFCBE720AB3A82B99F9E953CD5BF50F7EEFC7B97 "
+ "154.35.175.225:80 CF6D 0AAF B385 BE71 B8E1 11FC 5CFF 4B47 9237 33BC",
+"longclaw orport=443 "
+ "v3ident=23D15D965BC35114467363C165C4F724B64B4F66 "
+ "199.58.81.140:80 74A9 1064 6BCE EFBC D2E8 74FC 1DC9 9743 0F96 8145",
+"bastet orport=443 "
+ "v3ident=27102BC123E7AF1D4741AE047E160C91ADC76B21 "
+ "ipv6=[2620:13:4000:6000::1000:118]:443 "
+ "204.13.164.118:80 24E2 F139 121D 4394 C54B 5BCC 368B 3B41 1857 C413",
diff --git a/src/or/config.c b/src/or/config.c
index 3b4027433..75e406585 100644
--- a/src/or/config.c
+++ b/src/or/config.c
@@ -967,39 +967,7 @@ escaped_safe_str(const char *address)
/** List of default directory authorities */
static const char *default_authorities[] = {
- "moria1 orport=9101 "
- "v3ident=D586D18309DED4CD6D57C18FDB97EFA96D330566 "
- "128.31.0.39:9131 9695 DFC3 5FFE B861 329B 9F1A B04C 4639 7020 CE31",
- "tor26 orport=443 "
- "v3ident=14C131DFC5C6F93646BE72FA1401C02A8DF2E8B4 "
- "ipv6=[2001:858:2:2:aabb:0:563b:1526]:443 "
- "86.59.21.38:80 847B 1F85 0344 D787 6491 A548 92F9 0493 4E4E B85D",
- "dizum orport=443 "
- "v3ident=E8A9C45EDE6D711294FADF8E7951F4DE6CA56B58 "
- "194.109.206.212:80 7EA6 EAD6 FD83 083C 538F 4403 8BBF A077 587D D755",
- "Bifroest orport=443 bridge "
- "37.218.247.217:80 1D8F 3A91 C37C 5D1C 4C19 B1AD 1D0C FBE8 BF72 D8E1",
- "gabelmoo orport=443 "
- "v3ident=ED03BB616EB2F60BEC80151114BB25CEF515B226 "
- "ipv6=[2001:638:a000:4140::ffff:189]:443 "
- "131.188.40.189:80 F204 4413 DAC2 E02E 3D6B CF47 35A1 9BCA 1DE9 7281",
- "dannenberg orport=443 "
- "v3ident=0232AF901C31A04EE9848595AF9BB7620D4C5B2E "
- "193.23.244.244:80 7BE6 83E6 5D48 1413 21C5 ED92 F075 C553 64AC 7123",
- "maatuska orport=80 "
- "v3ident=49015F787433103580E3B66A1707A00E60F2D15B "
- "ipv6=[2001:67c:289c::9]:80 "
- "171.25.193.9:443 BD6A 8292 55CB 08E6 6FBE 7D37 4836 3586 E46B 3810",
- "Faravahar orport=443 "
- "v3ident=EFCBE720AB3A82B99F9E953CD5BF50F7EEFC7B97 "
- "154.35.175.225:80 CF6D 0AAF B385 BE71 B8E1 11FC 5CFF 4B47 9237 33BC",
- "longclaw orport=443 "
- "v3ident=23D15D965BC35114467363C165C4F724B64B4F66 "
- "199.58.81.140:80 74A9 1064 6BCE EFBC D2E8 74FC 1DC9 9743 0F96 8145",
- "bastet orport=443 "
- "v3ident=27102BC123E7AF1D4741AE047E160C91ADC76B21 "
- "ipv6=[2620:13:4000:6000::1000:118]:443 "
- "204.13.164.118:80 24E2 F139 121D 4394 C54B 5BCC 368B 3B41 1857 C413",
+#include "auth_dirs.inc"
NULL
};
diff --git a/src/or/dirserv.c b/src/or/dirserv.c
index 41c6bf3dc..94290d5dd 100644
--- a/src/or/dirserv.c
+++ b/src/or/dirserv.c
@@ -2750,14 +2750,23 @@ dirserv_read_measured_bandwidths(const char *from_file,
time_t file_time, now;
int ok;
+ /* Initialise line, so that we can't possibly run off the end. */
+ memset(line, 0, sizeof(line));
+
if (fp == NULL) {
log_warn(LD_CONFIG, "Can't open bandwidth file at configured location: %s",
from_file);
return -1;
}
- if (!fgets(line, sizeof(line), fp)
- || !strlen(line) || line[strlen(line)-1] != '\n') {
+ /* If fgets fails, line is either unmodified, or indeterminate. */
+ if (!fgets(line, sizeof(line), fp)) {
+ log_warn(LD_DIRSERV, "Empty bandwidth file");
+ fclose(fp);
+ return -1;
+ }
+
+ if (!strlen(line) || line[strlen(line)-1] != '\n') {
log_warn(LD_DIRSERV, "Long or truncated time in bandwidth file: %s",
escaped(line));
fclose(fp);
diff --git a/src/or/include.am b/src/or/include.am
index 5108a08e5..19cf00264 100644
--- a/src/or/include.am
+++ b/src/or/include.am
@@ -127,6 +127,7 @@ endif
ORHEADERS = \
src/or/addressmap.h \
+ src/or/auth_dirs.inc \
src/or/buffers.h \
src/or/channel.h \
src/or/channeltls.h \
diff --git a/src/or/networkstatus.c b/src/or/networkstatus.c
index d9ae32560..d8e2c0027 100644
--- a/src/or/networkstatus.c
+++ b/src/or/networkstatus.c
@@ -1584,7 +1584,6 @@ any_client_port_set(const or_options_t *options)
return (options->SocksPort_set ||
options->TransPort_set ||
options->NATDPort_set ||
- options->ControlPort_set ||
options->DNSPort_set);
}
diff --git a/src/or/nodelist.c b/src/or/nodelist.c
index 5a02648c5..26f990b08 100644
--- a/src/or/nodelist.c
+++ b/src/or/nodelist.c
@@ -263,13 +263,12 @@ nodelist_add_microdesc(microdesc_t *md)
if (rs == NULL)
return NULL;
node = node_get_mutable_by_id(rs->identity_digest);
- if (node) {
- if (node->md)
- node->md->held_by_nodes--;
- node->md = md;
- md->held_by_nodes++;
- }
-
+ if (node == NULL)
+ return NULL;
+ if (node->md)
+ node->md->held_by_nodes--;
+ node->md = md;
+ md->held_by_nodes++;
node_add_to_address_set(node);
return node;
diff --git a/src/or/protover.c b/src/or/protover.c
index 0c79037f6..31ca13fe6 100644
--- a/src/or/protover.c
+++ b/src/or/protover.c
@@ -453,6 +453,10 @@ cmp_single_ent_by_version(const void **a_, const void **b_)
static char *
contract_protocol_list(const smartlist_t *proto_strings)
{
+ if (smartlist_len(proto_strings) == 0) {
+ return tor_strdup("");
+ }
+
// map from name to list of single-version entries
strmap_t *entry_lists_by_name = strmap_new();
// list of protocol names
@@ -561,6 +565,10 @@ char *
protover_compute_vote(const smartlist_t *list_of_proto_strings,
int threshold)
{
+ if (smartlist_len(list_of_proto_strings) == 0) {
+ return tor_strdup("");
+ }
+
smartlist_t *all_entries = smartlist_new();
// First, parse the inputs and break them into singleton entries.
@@ -587,6 +595,11 @@ protover_compute_vote(const smartlist_t
*list_of_proto_strings,
smartlist_free(unexpanded);
} SMARTLIST_FOREACH_END(vote);
+ if (smartlist_len(all_entries) == 0) {
+ smartlist_free(all_entries);
+ return tor_strdup("");
+ }
+
// Now sort the singleton entries
smartlist_sort_strings(all_entries);
diff --git a/src/or/relay.c b/src/or/relay.c
index 22ce76752..1c791e02c 100644
--- a/src/or/relay.c
+++ b/src/or/relay.c
@@ -1323,6 +1323,7 @@ connection_edge_process_relay_cell_not_open(
"Got a badly formatted connected cell. Closing.");
connection_edge_end(conn, END_STREAM_REASON_TORPROTOCOL);
connection_mark_unattached_ap(entry_conn, END_STREAM_REASON_TORPROTOCOL);
+ return 0;
}
if (tor_addr_family(&addr) != AF_UNSPEC) {
const sa_family_t family = tor_addr_family(&addr);
diff --git a/src/or/router.c b/src/or/router.c
index 31f2ff00d..35b6bd203 100644
--- a/src/or/router.c
+++ b/src/or/router.c
@@ -1859,10 +1859,11 @@ router_compare_to_my_exit_policy(const tor_addr_t
*addr, uint16_t port)
MOCK_IMPL(int,
router_my_exit_policy_is_reject_star,(void))
{
- if (!router_get_my_routerinfo()) /* make sure routerinfo exists */
+ const routerinfo_t *me = router_get_my_routerinfo();
+ if (!me) /* make sure routerinfo exists */
return -1;
- return router_get_my_routerinfo()->policy_is_reject_star;
+ return me->policy_is_reject_star;
}
/** Return true iff I'm a server and <b>digest</b> is equal to
@@ -2432,10 +2433,11 @@ check_descriptor_bandwidth_changed(time_t now)
{
static time_t last_changed = 0;
uint64_t prev, cur;
- if (!router_get_my_routerinfo())
+ const routerinfo_t *my_ri = router_get_my_routerinfo();
+ if (!my_ri) /* make sure routerinfo exists */
return;
- prev = router_get_my_routerinfo()->bandwidthcapacity;
+ prev = my_ri->bandwidthcapacity;
cur = we_are_hibernating() ? 0 : rep_hist_bandwidth_assess();
if ((prev != cur && (!prev || !cur)) ||
cur > prev*2 ||
@@ -2486,14 +2488,15 @@ check_descriptor_ipaddress_changed(time_t now)
const or_options_t *options = get_options();
const char *method = NULL;
char *hostname = NULL;
+ const routerinfo_t *my_ri = router_get_my_routerinfo();
(void) now;
- if (router_get_my_routerinfo() == NULL)
+ if (my_ri == NULL) /* make sure routerinfo exists */
return;
/* XXXX ipv6 */
- prev = router_get_my_routerinfo()->addr;
+ prev = my_ri->addr;
if (resolve_my_address(LOG_INFO, options, &cur, &method, &hostname) < 0) {
log_info(LD_CONFIG,"options->Address didn't resolve into an IP.");
return;
diff --git a/src/or/routerlist.c b/src/or/routerlist.c
index f21a222cd..f73ec9baa 100644
--- a/src/or/routerlist.c
+++ b/src/or/routerlist.c
@@ -2765,6 +2765,8 @@ frac_nodes_with_descriptors(const smartlist_t *sl,
if (node_has_descriptor(node))
n_with_descs++;
});
+
+ tor_free(bandwidths);
return ((double)n_with_descs) / (double)smartlist_len(sl);
}
diff --git a/src/or/shared_random_state.c b/src/or/shared_random_state.c
index 87db9031e..8438d4640 100644
--- a/src/or/shared_random_state.c
+++ b/src/or/shared_random_state.c
@@ -409,6 +409,7 @@ disk_state_parse_commits(sr_state_t *state,
if (commit == NULL) {
/* Ignore badly formed commit. It could also be a authority
* fingerprint that we don't know about so it shouldn't be used. */
+ smartlist_free(args);
continue;
}
/* We consider parseable commit from our disk state to be valid because
diff --git a/src/test/ntor_ref.py b/src/test/ntor_ref.py
index df065853f..5ec117f2b 100755
--- a/src/test/ntor_ref.py
+++ b/src/test/ntor_ref.py
@@ -336,13 +336,16 @@ def test_tor():
Call the test-ntor-cl command-line program to make sure we can
interoperate with Tor's ntor program
"""
- enhex=lambda s: binascii.b2a_hex(s)
+ if sys.version_info[0] >= 3:
+ enhex=lambda s: binascii.b2a_hex(s).decode("ascii")
+ else:
+ enhex=lambda s: binascii.b2a_hex(s)
dehex=lambda s: binascii.a2b_hex(s.strip())
- PROG = b"./src/test/test-ntor-cl"
+ PROG = "./src/test/test-ntor-cl"
def tor_client1(node_id, pubkey_B):
" returns (msg, state) "
- p = subprocess.Popen([PROG, b"client1", enhex(node_id),
+ p = subprocess.Popen([PROG, "client1", enhex(node_id),
enhex(pubkey_B.serialize())],
stdout=subprocess.PIPE)
return map(dehex, p.stdout.readlines())
diff --git a/src/test/test_crypto.c b/src/test/test_crypto.c
index 64a46f791..8fd9ca767 100644
--- a/src/test/test_crypto.c
+++ b/src/test/test_crypto.c
@@ -1349,6 +1349,46 @@ test_crypto_pk_base64(void *arg)
tor_free(encoded);
}
+static void
+test_crypto_pk_pem_encrypted(void *arg)
+{
+ crypto_pk_t *pk = NULL;
+ (void)arg;
+
+ pk = crypto_pk_new();
+ /* we need to make sure that we won't stall if somebody gives us a key
+ that's encrypted with a password. */
+ {
+ const char *s =
+ "-----BEGIN RSA PRIVATE KEY-----\n"
+ "Proc-Type: 4,ENCRYPTED\n"
+ "DEK-Info: AES-128-CBC,EFA86BB9D2AB11E80B4E3DCD97782B16\n"
+ "\n"
+ "Z2Je4m0cFepc6coQkVbGcvNCHxTf941N2XYEVE6kn0CqWqoUH4tlwV6for5D91np\n"
+ "5NiEFTkWj31EhrvrYcuiJtQ/iEbABxZULFWFeJ058rb+1izBz5rScqnEacIS/3Go\n"
+ "YntnROBDwiKmUnue6PJVYg==\n"
+ "-----END RSA PRIVATE KEY-----\n";
+ tt_int_op(-1, OP_EQ,
+ crypto_pk_read_private_key_from_string(pk, s, strlen(s)));
+ }
+ /* For fun, make sure we aren't hit by OpenSSL issue
+ https://github.com/openssl/openssl/issues/6347 , where we get in trouble
+ if a cipher doesn't use an IV.
+ */
+ {
+ const char *s =
+ "-----BEGIN RSA PUBLIC KEY-----\n"
+ "Proc-Type:4,ENCRYPTED\n"
+ "DEK-Info:des-ede -\n"
+ "\n"
+ "iRqK\n"
+ "-----END RSA PUBLIC KEY-----\n";
+ tt_int_op(-1, OP_EQ,
+ crypto_pk_read_public_key_from_string(pk, s, strlen(s)));
+ }
+ done:
+ crypto_pk_free(pk);
+}
#ifdef HAVE_TRUNCATE
#define do_truncate truncate
#else
@@ -2914,6 +2954,7 @@ struct testcase_t crypto_tests[] = {
CRYPTO_LEGACY(pk),
{ "pk_fingerprints", test_crypto_pk_fingerprints, TT_FORK, NULL, NULL },
{ "pk_base64", test_crypto_pk_base64, TT_FORK, NULL, NULL },
+ { "pk_pem_encrypted", test_crypto_pk_pem_encrypted, TT_FORK, NULL, NULL },
CRYPTO_LEGACY(digests),
{ "digest_names", test_crypto_digest_names, 0, NULL, NULL },
{ "sha3", test_crypto_sha3, TT_FORK, NULL, NULL},
diff --git a/src/test/test_dir.c b/src/test/test_dir.c
index cdc56acb8..ad5f08643 100644
--- a/src/test/test_dir.c
+++ b/src/test/test_dir.c
@@ -1368,6 +1368,25 @@ test_dir_measured_bw_kb(void *arg)
return;
}
+/* Test dirserv_read_measured_bandwidths */
+static void
+test_dir_dirserv_read_measured_bandwidths(void *arg)
+{
+ char *fname=NULL;
+ (void)arg;
+
+ fname = tor_strdup(get_fname("V3BandwidthsFile"));
+ /* Test an empty file */
+ write_str_to_file(fname, "", 0);
+ setup_capture_of_logs(LOG_WARN);
+ tt_int_op(-1, OP_EQ, dirserv_read_measured_bandwidths(fname, NULL));
+ expect_log_msg("Empty bandwidth file\n");
+
+ done:
+ tor_free(fname);
+ teardown_capture_of_logs();
+}
+
#define MBWC_INIT_TIME 1000
/** Do the measured bandwidth cache unit test */
@@ -5458,6 +5477,7 @@ struct testcase_t dir_tests[] = {
DIR_LEGACY(versions),
DIR_LEGACY(fp_pairs),
DIR(split_fps, 0),
+ DIR_LEGACY(dirserv_read_measured_bandwidths),
DIR_LEGACY(measured_bw_kb),
DIR_LEGACY(measured_bw_kb_cache),
DIR_LEGACY(param_voting),
diff --git a/src/test/test_hs.c b/src/test/test_hs.c
index 8237bbc50..d572dd8d2 100644
--- a/src/test/test_hs.c
+++ b/src/test/test_hs.c
@@ -446,10 +446,10 @@ test_hs_auth_cookies(void *arg)
#define TEST_COOKIE_ENCODED_STEALTH "YWJjZGVmZ2hpamtsbW5vcB"
#define TEST_COOKIE_ENCODED_INVALID "YWJjZGVmZ2hpamtsbW5vcD"
- char *encoded_cookie;
+ char *encoded_cookie = NULL;
uint8_t raw_cookie[REND_DESC_COOKIE_LEN];
rend_auth_type_t auth_type;
- char *err_msg;
+ char *err_msg = NULL;
int re;
(void)arg;
@@ -495,6 +495,9 @@ test_hs_auth_cookies(void *arg)
tor_free(err_msg);
done:
+ tor_free(encoded_cookie);
+ tor_free(err_msg);
+
return;
}
diff --git a/src/test/test_shared_random.c b/src/test/test_shared_random.c
index 056f199b9..6a8c1abaf 100644
--- a/src/test/test_shared_random.c
+++ b/src/test/test_shared_random.c
@@ -780,6 +780,7 @@ test_sr_setup_commits(void)
/* Now during REVEAL phase save commit D by restoring its reveal. */
set_sr_phase(SR_PHASE_REVEAL);
save_commit_to_state(place_holder);
+ place_holder = NULL;
tt_str_op(commit_d->encoded_reveal, OP_EQ,
"DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDD");
/* Go back to an empty encoded reveal value. */
@@ -788,6 +789,7 @@ test_sr_setup_commits(void)
tt_assert(!commit_has_reveal_value(commit_d));
done:
+ tor_free(place_holder);
authority_cert_free(auth_cert);
}
diff --git a/src/win32/orconfig.h b/src/win32/orconfig.h
index fc6366535..badfab787 100644
--- a/src/win32/orconfig.h
+++ b/src/win32/orconfig.h
@@ -218,7 +218,7 @@
#define USING_TWOS_COMPLEMENT
/* Version number of package */
-#define VERSION "0.2.9.15"
+#define VERSION "0.2.9.15-dev"
--- End Message ---
