Add new liblzma enums (LZMA_SEEK_NEEDED and LZMA_RET_INTERNAL*)
conditional to the API version they arrived in. The first stable
version of liblzma this affects is 5.4.0
Fixes #40741
Signed-off-by: Micah Elizabeth Scott <beth@torproject.org>
Roger Dingledine [Wed, 30 Nov 2022 01:33:58 +0000 (20:33 -0500)]
dirauth: rotate moria1 keys and ports
Rotate the relay identity key and v3 identity key for moria1. They
have been online for more than a decade, there was a known potential
compromise, and anyway refreshing keys periodically is good practice.
Sam James [Tue, 8 Nov 2022 06:42:59 +0000 (06:42 +0000)]
build: fix -Wstrict-prototypes (Clang 16)
Clang 16 warns on -Wstrict-prototypes in preparation for C23 which can
among other things, lead to some configure tests silently failing/returning the wrong result.
Fixes this error:
```
-ignoreme: warning: a function declaration without a prototype is deprecated in all versions of C [-Wstrict-prototypes]
+ignoreme: error: a function declaration without a prototype is deprecated in all versions of C [-Werror,-Wstrict-prototypes]
main ()
```
For more information, see LWN.net [0] or LLVM's Discourse [1], gentoo-dev@ [2],
or the (new) c-std-porting mailing list [3].
[0] https://lwn.net/Articles/913505/
[1] https://discourse.llvm.org/t/configure-script-breakage-with-the-new-werror-implicit-function-declaration/65213
[2] https://archives.gentoo.org/gentoo-dev/message/dd9f2d3082b8b6f8dfbccb0639e6e240
[3] hosted at lists.linux.dev.
Bug: https://bugs.gentoo.org/879747 Signed-off-by: Sam James <sam@gentoo.org>
---
Nick Mathewson [Thu, 13 Oct 2022 17:40:10 +0000 (13:40 -0400)]
Fix a completely wrong calculation in mach monotime_init_internal()
Bug 1: We were purporting to calculate milliseconds per tick, when we
*should* have been computing ticks per millisecond.
Bug 2: Instead of computing either one of those, we were _actually_
computing femtoseconds per tick.
These two bugs covered for one another on x86 hardware, where 1 tick
== 1 nanosecond. But on M1 OSX, 1 tick is about 41 nanoseconds,
causing surprising results.
Nick Mathewson [Wed, 27 Jul 2022 13:16:50 +0000 (09:16 -0400)]
Fix a check, make a netflow padding function more safe.
Previously, `channelpadding_get_netflow_inactive_timeout_ms` would
crash with an assertion failure if `low_timeout` was greater than
`high_timeout`. That wasn't possible in practice because of checks
in `channelpadding_update_padding_for_channel`, but it's better not
to have a function whose correctness is this tricky to prove.
David Goulet [Wed, 9 Mar 2022 18:47:27 +0000 (13:47 -0500)]
hs: Schedule mainloop event on dirinfo change
Due to a possible Guard subsystem recursion, when the HS client gets
notified that the directory information has changed, it must run it in a
seperate mainloop event to avoid such issue.
See the ticket for more information on the recursion. This also fixes a
fatal assert.
Fixes #40579
Signed-off-by: David Goulet <dgoulet@torproject.org>
David Goulet [Tue, 8 Mar 2022 18:50:34 +0000 (13:50 -0500)]
hs: Fix multiple port label on single metric
Prometheus needs unique labels and so this bug was causing an onion
service with multiple ports to have multiple "port=" label for the
metrics requiring a port label.
Fixes #40581
Signed-off-by: David Goulet <dgoulet@torproject.org>
Nick Mathewson [Wed, 2 Mar 2022 14:38:58 +0000 (09:38 -0500)]
connection_or_set_identity_digest(): handle zero ed_id better
It looks like our code actually assumes (by dereferencing it in a
log call) that ed_id will _not_ be NULL, but rather will be a bunch
of zero bytes. Refactor the code accordingly, and stop using NULL
tests on ed_id.
Nick Mathewson [Tue, 1 Mar 2022 16:55:40 +0000 (11:55 -0500)]
connection_or_set_identity_digest: more defensive programming
We expect ed_id == NULL here to indicate "no ed id", but other parts
of Tor sometimes use an all-0 ed_id. Here we detect that input and
replace it with what's expected.
Nick Mathewson [Tue, 1 Mar 2022 16:53:10 +0000 (11:53 -0500)]
Fix logic for whether a channel's Ed25519 ID is changing
The previous code would notice if we were changing from one identity
to another, but not if we were changing from no identity to having
an identity. This problem caused a bug (spotted by cypherpunks in
ticket #40563) where if we created a channel for a circuit request
that doesn't include an Ed25519 identity, we won't be able to use
that channel later for requests that _do_ list Ed25519.
Nick Mathewson [Tue, 1 Mar 2022 16:22:34 +0000 (11:22 -0500)]
connection_or_set_identity_digest(): Make errors nonfatal.
Previously we were using tor_assert() to enforce the documented
invariant here; this commit changes it to use BUG() instead. It
will protect us from crashes if the next commit (on #40563) turns
out to expose a bug somewhere.
Nick Mathewson [Sat, 6 Nov 2021 15:04:08 +0000 (11:04 -0400)]
Give an error message if LibreSSL's TLSv1.3 APIs aren't what we need
From LibreSSL versions 3.2.1 through 3.4.0, our configure script
would conclude that TLSv1.3 as supported, but it actually wasn't.
This led to annoying breakage like #40128 and #40445.
Now we give an error message if we try to build with one of those
versions.
Nick Mathewson [Fri, 5 Nov 2021 17:23:05 +0000 (13:23 -0400)]
Reverse the direction of the test for openssl 3.0.0
Previously the logic was reversed, and always gave the wrong answer.
This has no other effect than to change whether we suppress
deprecated API warnings.
David Goulet [Fri, 5 Nov 2021 14:10:24 +0000 (10:10 -0400)]
protover: Move all hardcoded lists in one place
This also moves the warnings and add some theatrical effect around the
code so anyone modifying those list should notice the warnings signs and
read the comment accordingly.
Signed-off-by: David Goulet <dgoulet@torproject.org>
Alexander Færøy [Fri, 5 Feb 2021 17:12:52 +0000 (17:12 +0000)]
Fix Windows build.
While trying to resolve our CI issues, the Windows build broke with an
unused function error:
src/test/test_switch_id.c:37:1: error: ‘unprivileged_port_range_start’
defined but not used [-Werror=unused-function]
We solve this by moving the `#if !defined(_WIN32)` test above the
`unprivileged_port_range_start()` function defintion such that it is
included in its body.
projects / thirdparty / tor.git / log
