December 2016 - tor-commits - lists.torproject.org

[tor/release-0.2.8] put the 0.2.8.10 changelog in the releasenotes too
by arma＠torproject.org 02 Dec '16

02 Dec '16

commit 74d091887c5405585e67694cd890c91766e87864 Author: Roger Dingledine <arma(a)torproject.org> Date: Fri Dec 2 09:43:52 2016 -0500 put the 0.2.8.10 changelog in the releasenotes too --- ReleaseNotes | 35 +++++++++++++++++++++++++++++++++++ 1 file changed, 35 insertions(+) diff --git a/ReleaseNotes b/ReleaseNotes index 3984363..f65a692 100644 --- a/ReleaseNotes +++ b/ReleaseNotes @@ -2,6 +2,41 @@ This document summarizes new features and bugfixes in each stable release of Tor. If you want to see more detailed descriptions of the changes in each development snapshot, see the ChangeLog file. +Changes in version 0.2.8.10 - 2016-12-02 + Tor 0.2.8.10 backports a fix for a bug that would sometimes make clients + unusable after they left standby mode. It also backports fixes for + a few portability issues and a small but problematic memory leak. + + o Major bugfixes (client reliability, backport from 0.2.9.5-alpha): + - When Tor leaves standby because of a new application request, open + circuits as needed to serve that request. Previously, we would + potentially wait a very long time. Fixes part of bug 19969; bugfix + on 0.2.8.1-alpha. + + o Major bugfixes (client performance, backport from 0.2.9.5-alpha): + - Clients now respond to new application stream requests immediately + when they arrive, rather than waiting up to one second before + starting to handle them. Fixes part of bug 19969; bugfix + on 0.2.8.1-alpha. + + o Minor bugfixes (portability, backport from 0.2.9.6-rc): + - Work around a bug in the OSX 10.12 SDK that would prevent us from + successfully targeting earlier versions of OSX. Resolves + ticket 20235. + + o Minor bugfixes (portability, backport from 0.2.9.5-alpha): + - Fix implicit conversion warnings under OpenSSL 1.1. Fixes bug + 20551; bugfix on 0.2.1.1-alpha. + + o Minor bugfixes (relay, backport from 0.2.9.5-alpha): + - Work around a memory leak in OpenSSL 1.1 when encoding public + keys. Fixes bug 20553; bugfix on 0.0.2pre8. + + o Minor features (geoip): + - Update geoip and geoip6 to the November 3 2016 Maxmind GeoLite2 + Country database. + + Changes in version 0.2.8.9 - 2016-10-17 Tor 0.2.8.9 backports a fix for a security hole in previous versions of Tor that would allow a remote attacker to crash a Tor client,

1 0

[tor/release-0.2.8] fix typo
by arma＠torproject.org 02 Dec '16

02 Dec '16

commit 357d7f172a3b96334c92a2c585f7e60c6080371d Author: Roger Dingledine <arma(a)torproject.org> Date: Fri Dec 2 09:42:43 2016 -0500 fix typo also reorder a stanza to put the more exciting bug first --- ChangeLog | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/ChangeLog b/ChangeLog index c458fcc..af70681 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,20 +1,20 @@ Changes in version 0.2.8.10 - 2016-12-02 Tor 0.2.8.10 backports a fix for a bug that would sometimes make clients - unusable after they left stanbdy mode. It also backports fixes for + unusable after they left standby mode. It also backports fixes for a few portability issues and a small but problematic memory leak. - o Major bugfixes (client performance, backport from 0.2.9.5-alpha): - - Clients now respond to new application stream requests immediately - when they arrive, rather than waiting up to one second before - starting to handle them. Fixes part of bug 19969; bugfix - on 0.2.8.1-alpha. - o Major bugfixes (client reliability, backport from 0.2.9.5-alpha): - When Tor leaves standby because of a new application request, open circuits as needed to serve that request. Previously, we would potentially wait a very long time. Fixes part of bug 19969; bugfix on 0.2.8.1-alpha. + o Major bugfixes (client performance, backport from 0.2.9.5-alpha): + - Clients now respond to new application stream requests immediately + when they arrive, rather than waiting up to one second before + starting to handle them. Fixes part of bug 19969; bugfix + on 0.2.8.1-alpha. + o Minor bugfixes (portability, backport from 0.2.9.6-rc): - Work around a bug in the OSX 10.12 SDK that would prevent us from successfully targeting earlier versions of OSX. Resolves

1 0

[tor/release-0.2.8] Pick a release date.
by nickm＠torproject.org 02 Dec '16

02 Dec '16

commit 081fb705182ea326e93ab703b02881a13aff5172 Author: Nick Mathewson <nickm(a)torproject.org> Date: Fri Dec 2 08:23:29 2016 -0500 Pick a release date. --- ChangeLog | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index a36c576..c458fcc 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,4 +1,4 @@ -Changes in version 0.2.8.10 - 2016-12-0? +Changes in version 0.2.8.10 - 2016-12-02 Tor 0.2.8.10 backports a fix for a bug that would sometimes make clients unusable after they left stanbdy mode. It also backports fixes for a few portability issues and a small but problematic memory leak.

1 0

[tor/release-0.2.9] Pick a release date.
by nickm＠torproject.org 02 Dec '16

02 Dec '16

commit 9bc0593a8493bf2593803640c77b7a419a94411f Author: Nick Mathewson <nickm(a)torproject.org> Date: Fri Dec 2 08:23:33 2016 -0500 Pick a release date. --- ChangeLog | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index a012045..b008ce0 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,4 +1,4 @@ -Changes in version 0.2.9.6-rc - 2016-12-0? +Changes in version 0.2.9.6-rc - 2016-12-02 Tor 0.2.9.6-rc fixes a few remaining bugs found in the previous alpha version. We hope that it will be ready to become stable soon, and we encourage everyone to test this release. If no showstopper bugs are

1 0

[tor/master] Add an extra warning message to check_private_dir
by nickm＠torproject.org 02 Dec '16

02 Dec '16

commit 1e8f68a9c7fa20884de06a37109df558268e57f8 Author: teor <teor2345(a)gmail.com> Date: Fri Nov 18 14:34:42 2016 +1100 Add an extra warning message to check_private_dir --- src/common/util.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/src/common/util.c b/src/common/util.c index 3421d11..417aa89 100644 --- a/src/common/util.c +++ b/src/common/util.c @@ -2270,10 +2270,14 @@ check_private_dir,(const char *dirname, cpd_check_t check, * permissions on the directory will be checked again below.*/ fd = open(sandbox_intern_string(dirname), O_NOFOLLOW); - if (fd == -1) + if (fd == -1) { + log_warn(LD_FS, "Could not reopen recently created directory %s: %s", + dirname, + strerror(errno)); return -1; - else + } else { close(fd); + } } else if (!(check & CPD_CHECK)) { log_warn(LD_FS, "Directory %s does not exist.", dirname);

1 0

[tor/master] Refactor rend_service_list substitute list selection code
by nickm＠torproject.org 02 Dec '16

02 Dec '16

commit 36bb900def44e1d9e519fa68e6c46def5051e46e Author: teor <teor2345(a)gmail.com> Date: Fri Nov 18 11:50:34 2016 +1100 Refactor rend_service_list substitute list selection code Remove duplicate code. No behaviour change. --- src/or/rendservice.c | 87 ++++++++++++++++++++++++++++++---------------------- 1 file changed, 50 insertions(+), 37 deletions(-) diff --git a/src/or/rendservice.c b/src/or/rendservice.c index 457821c..5f13b6a 100644 --- a/src/or/rendservice.c +++ b/src/or/rendservice.c @@ -79,6 +79,10 @@ static int rend_service_check_private_dir(const or_options_t *options, static int rend_service_check_private_dir_impl(const or_options_t *options, const rend_service_t *s, int create); +static const smartlist_t* rend_get_service_list( + const smartlist_t* substitute_service_list); +static smartlist_t* rend_get_service_list_mutable( + smartlist_t* substitute_service_list); /** Represents the mapping from a virtual port of a rendezvous service to * a real port on some IP. @@ -124,8 +128,44 @@ static const char *hostname_fname = "hostname"; static const char *client_keys_fname = "client_keys"; static const char *sos_poison_fname = "onion_service_non_anonymous"; +/** A list of rend_service_t's for services run on this OP. + */ +static smartlist_t *rend_service_list = NULL; + +/* Like rend_get_service_list_mutable, but returns a read-only list. */ +static const smartlist_t* +rend_get_service_list(const smartlist_t* substitute_service_list) +{ + /* It is safe to cast away the const here, because + * rend_get_service_list_mutable does not actually modify the list */ + return rend_get_service_list_mutable((smartlist_t*)substitute_service_list); +} + +/* Return a mutable list of hidden services. + * If substitute_service_list is not NULL, return it. + * Otherwise, check if the global rend_service_list is non-NULL, and if so, + * return it. + * Otherwise, return NULL. + * */ +static smartlist_t* +rend_get_service_list_mutable(smartlist_t* substitute_service_list) +{ + if (substitute_service_list) { + return substitute_service_list; + } + + /* If no special service list is provided, then just use the global one. */ + + if (BUG(!rend_service_list)) { + /* No global HS list, which is a programmer error. */ + return NULL; + } + + return rend_service_list; +} + /** Tells if onion service <b>s</b> is ephemeral. -*/ + */ static unsigned int rend_service_is_ephemeral(const struct rend_service_t *s) { @@ -140,10 +180,6 @@ rend_service_escaped_dir(const struct rend_service_t *s) return rend_service_is_ephemeral(s) ? "[EPHEMERAL]" : escaped(s->directory); } -/** A list of rend_service_t's for services run on this OP. - */ -static smartlist_t *rend_service_list = NULL; - /** Return the number of rendezvous services we have configured. */ int num_rend_services(void) @@ -239,17 +275,10 @@ rend_add_service(smartlist_t *service_list, rend_service_t *service) int i; rend_service_port_config_t *p; - smartlist_t *s_list; - /* If no special service list is provided, then just use the global one. */ - if (!service_list) { - if (BUG(!rend_service_list)) { - /* No global HS list, which is a failure. */ - return -1; - } - - s_list = rend_service_list; - } else { - s_list = service_list; + /* Use service_list for unit tests */ + smartlist_t *s_list = rend_get_service_list_mutable(service_list); + if (BUG(!s_list)) { + return -1; } service->intro_nodes = smartlist_new(); @@ -502,18 +531,7 @@ rend_service_check_dir_and_add(smartlist_t *service_list, return 0; } else { /* Use service_list for unit tests */ - smartlist_t *s_list = NULL; - /* If no special service list is provided, then just use the global one. */ - if (!service_list) { - if (BUG(!rend_service_list)) { - /* No global HS list, which is a failure, because we plan on adding to - * it */ - return -1; - } - s_list = rend_service_list; - } else { - s_list = service_list; - } + smartlist_t *s_list = rend_get_service_list_mutable(service_list); /* s_list can not be NULL here - if both service_list and rend_service_list * are NULL, and validate_only is false, we exit earlier in the function */ @@ -1261,15 +1279,10 @@ rend_service_poison_new_single_onion_dir(const rend_service_t *s, int rend_service_load_all_keys(const smartlist_t *service_list) { - const smartlist_t *s_list = NULL; - /* If no special service list is provided, then just use the global one. */ - if (!service_list) { - if (BUG(!rend_service_list)) { - return -1; - } - s_list = rend_service_list; - } else { - s_list = service_list; + /* Use service_list for unit tests */ + const smartlist_t *s_list = rend_get_service_list(service_list); + if (BUG(!s_list)) { + return -1; } SMARTLIST_FOREACH_BEGIN(s_list, rend_service_t *, s) {

1 0

[tor/master] Stop ignoring misconfigured hidden services
by nickm＠torproject.org 02 Dec '16

02 Dec '16

commit b917b3875e1cf19ec5b9c733afbfb1a48dead086 Author: teor <teor2345(a)gmail.com> Date: Fri Nov 4 16:37:57 2016 +1100 Stop ignoring misconfigured hidden services Instead, refuse to start tor until the misconfigurations have been corrected. Fixes bug 20559; bugfix on multiple commits in 0.2.7.1-alpha and earlier. --- changes/bug20559 | 4 ++++ src/or/rendservice.c | 28 +++++++++++++--------------- 2 files changed, 17 insertions(+), 15 deletions(-) diff --git a/changes/bug20559 b/changes/bug20559 new file mode 100644 index 0000000..f117162 --- /dev/null +++ b/changes/bug20559 @@ -0,0 +1,4 @@ + o Minor bugfixes (hidden services): + - Stop ignoring misconfigured hidden services. Instead, refuse to start + tor until the misconfigurations have been corrected. + Fixes bug 20559; bugfix on multiple commits in 0.2.7.1-alpha and earlier. diff --git a/src/or/rendservice.c b/src/or/rendservice.c index 5f13b6a..457c2a0 100644 --- a/src/or/rendservice.c +++ b/src/or/rendservice.c @@ -286,7 +286,7 @@ rend_add_service(smartlist_t *service_list, rend_service_t *service) if (service->max_streams_per_circuit < 0) { log_warn(LD_CONFIG, "Hidden service (%s) configured with negative max " - "streams per circuit; ignoring.", + "streams per circuit.", rend_service_escaped_dir(service)); rend_service_free(service); return -1; @@ -295,7 +295,7 @@ rend_add_service(smartlist_t *service_list, rend_service_t *service) if (service->max_streams_close_circuit < 0 || service->max_streams_close_circuit > 1) { log_warn(LD_CONFIG, "Hidden service (%s) configured with invalid " - "max streams handling; ignoring.", + "max streams handling.", rend_service_escaped_dir(service)); rend_service_free(service); return -1; @@ -305,15 +305,14 @@ rend_add_service(smartlist_t *service_list, rend_service_t *service) (!service->clients || smartlist_len(service->clients) == 0)) { log_warn(LD_CONFIG, "Hidden service (%s) with client authorization but no " - "clients; ignoring.", + "clients.", rend_service_escaped_dir(service)); rend_service_free(service); return -1; } if (!service->ports || !smartlist_len(service->ports)) { - log_warn(LD_CONFIG, "Hidden service (%s) with no ports configured; " - "ignoring.", + log_warn(LD_CONFIG, "Hidden service (%s) with no ports configured.", rend_service_escaped_dir(service)); rend_service_free(service); return -1; @@ -341,13 +340,12 @@ rend_add_service(smartlist_t *service_list, rend_service_t *service) !strcmp(ptr->directory, service->directory)); if (dupe) { log_warn(LD_REND, "Another hidden service is already configured for " - "directory %s, ignoring.", + "directory %s.", rend_service_escaped_dir(service)); rend_service_free(service); return -1; } } - smartlist_add(s_list, service); log_debug(LD_REND,"Configuring service with directory %s", rend_service_escaped_dir(service)); for (i = 0; i < smartlist_len(service->ports); ++i) { @@ -363,14 +361,16 @@ rend_add_service(smartlist_t *service_list, rend_service_t *service) "Service maps port %d to socket at \"%s\"", p->virtual_port, p->unix_addr); #else - log_debug(LD_REND, - "Service maps port %d to an AF_UNIX socket, but we " - "have no AF_UNIX support on this platform. This is " - "probably a bug.", - p->virtual_port); + log_warn(LD_BUG, + "Service maps port %d to an AF_UNIX socket, but we " + "have no AF_UNIX support on this platform. This is " + "probably a bug.", + p->virtual_port); + return -1; #endif /* defined(HAVE_SYS_UN_H) */ } } + smartlist_add(s_list, service); return 0; } /* NOTREACHED */ @@ -538,9 +538,7 @@ rend_service_check_dir_and_add(smartlist_t *service_list, if (BUG(!s_list)) { return -1; } - /* Ignore service failures until 030 */ - rend_add_service(s_list, service); - return 0; + return rend_add_service(s_list, service); } }

1 0

[tor/master] Merge branch 'bug20599_030_v4'
by nickm＠torproject.org 02 Dec '16

02 Dec '16

commit e317a9cb7c91fac7b3583a86361d6bd613f18ee4 Merge: 6f101f9 b917b38 Author: Nick Mathewson <nickm(a)torproject.org> Date: Fri Dec 2 07:47:32 2016 -0500 Merge branch 'bug20599_030_v4' changes/bug20559 | 4 ++ src/common/util.c | 8 +++- src/or/rendservice.c | 115 ++++++++++++++++++++++++++++----------------------- 3 files changed, 73 insertions(+), 54 deletions(-)

1 0

[tor/maint-0.2.9] test_single_onion_poisoning: Free dir[12] on all paths
by nickm＠torproject.org 02 Dec '16

02 Dec '16

commit 1221c5aa02c0a9789de92d16935cf74da5365822 Author: Nick Mathewson <nickm(a)torproject.org> Date: Fri Dec 2 07:39:14 2016 -0500 test_single_onion_poisoning: Free dir[12] on all paths Coverity doesn't like it when there are paths to the end of the function where something doesn't get freed, even when those paths are only reachable on unit test failure. Fixes CID 1372899 and CID 1372900. Bug not in any released Tor. --- src/test/test_hs.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/test/test_hs.c b/src/test/test_hs.c index fc8ce97..f4ba7f9 100644 --- a/src/test/test_hs.c +++ b/src/test/test_hs.c @@ -765,6 +765,8 @@ test_single_onion_poisoning(void *arg) tt_assert(ret == 0); done: + tor_free(dir1); + tor_free(dir2); /* The test harness deletes the directories at exit */ smartlist_free(services); rend_service_free(service_1);

1 0

[tor/master] test_single_onion_poisoning: Free dir[12] on all paths
by nickm＠torproject.org 02 Dec '16

02 Dec '16

commit 1221c5aa02c0a9789de92d16935cf74da5365822 Author: Nick Mathewson <nickm(a)torproject.org> Date: Fri Dec 2 07:39:14 2016 -0500 test_single_onion_poisoning: Free dir[12] on all paths Coverity doesn't like it when there are paths to the end of the function where something doesn't get freed, even when those paths are only reachable on unit test failure. Fixes CID 1372899 and CID 1372900. Bug not in any released Tor. --- src/test/test_hs.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/test/test_hs.c b/src/test/test_hs.c index fc8ce97..f4ba7f9 100644 --- a/src/test/test_hs.c +++ b/src/test/test_hs.c @@ -765,6 +765,8 @@ test_single_onion_poisoning(void *arg) tt_assert(ret == 0); done: + tor_free(dir1); + tor_free(dir2); /* The test harness deletes the directories at exit */ smartlist_free(services); rend_service_free(service_1);

1 0