9 years ago · b2a53e8ca9
--- a/changes/bug16056
+++ b/changes/bug16056
@@ -0,0 +1,4 @@
 
				+  o Minor bugfixes (relay, IPv6):
			
 
				+    - When displaying an IPv6 exit policy, include the mask bits correctly
			
 
				+      even when the number is greater than 31. Fixes bug 16056; bugfix on
			
 
				+      0.2.4.7-alpha. Patch from "gturner".
			
--- a/changes/bug16702
+++ b/changes/bug16702
@@ -0,0 +1,4 @@
 
				+  o Minor bugfixes (hidden service)
			
 
				+    - The wrong list was used when looking up expired intro points in a rend
			
 
				+      service object causing what we think could be reachability issues and
			
 
				+      triggering a BUG log. Fixes 16702; bugfix on tor-0.2.7.2-alpha.
			
--- a/changes/bug17551
+++ b/changes/bug17551
@@ -0,0 +1,4 @@
 
				+  o Minor bugfixes (compilation):
			
 
				+    - When checking for net/pfvar.h, include netinet/in.h if possible.
			
 
				+      This fixes transparent proxy detection on OpenBSD. Fixes bug
			
 
				+      17551; bugfix on 0.1.2.1-alpha. Patch from "rubiate".
			
--- a/changes/bug17722
+++ b/changes/bug17722
@@ -0,0 +1,3 @@
 
				+  o Minor bugfixes (code correctness)
			
 
				+    - Fix undefined behavior in the tor_cert_checksig function. Fixes bug
			
 
				+      17722; bugfix on tor-0.2.7.2-alpha.
			
--- a/changes/bug17772
+++ b/changes/bug17772
@@ -0,0 +1,7 @@
 
				+  o Major bugfixes (guard selection):
			
 
				+    - Actually look at the Guard flag when selecting a new directory
			
 
				+      guard. When we implemented the directory guard design, we
			
 
				+      accidentally started treating all relays as if they have the Guard
			
 
				+      flag during guard selection, leading to weaker anonymity and worse
			
 
				+      performance. Fixes bug 17222; bugfix on 0.2.4.8-alpha. Discovered
			
 
				+      by Mohsen Imani.
			
--- a/changes/bug17781
+++ b/changes/bug17781
@@ -0,0 +1,3 @@
 
				+  o Compilation fixes:
			
 
				+    - Fix a compilation warning with Clang 3.6: Do not check the
			
 
				+      presence of an address which can never be NULL. Fixes bug 17781.
			
--- a/changes/geoip-december2015
+++ b/changes/geoip-december2015
@@ -0,0 +1,4 @@
 
				+  o Minor features:
			
 
				+    - Update geoip and geoip6 to the December 1 2015 Maxmind GeoLite2
			
 
				+      Country database.
			
 
				+
			
--- a/configure.ac
+++ b/configure.ac
@@ -971,6 +971,9 @@ AC_CHECK_HEADERS(net/pfvar.h, net_pfvar_found=1, net_pfvar_found=0,
 
				 #endif
			
 
				 #ifdef HAVE_NET_IF_H
			
 
				 #include <net/if.h>
			
 
				+#endif
			
 
				+#ifdef HAVE_NETINET_IN_H
			
 
				+#include <netinet/in.h>
			
 
				 #endif])
			
 
				 
			
 
				 AC_CHECK_HEADERS(linux/if.h,[],[],
			
--- a/src/config/geoip
+++ b/src/config/geoip
--- a/src/config/geoip6
+++ b/src/config/geoip6
--- a/src/or/policies.c
+++ b/src/or/policies.c
@@ -1391,9 +1391,9 @@ policy_write_item(char *buf, size_t buflen, addr_policy_t *policy,
 
				   if (result < 0)
			
 
				     return -1;
			
 
				   written += strlen(buf);
			
 
				-  /* If the maskbits is 32 we don't need to give it.  If the mask is 0,
			
 
				-   * we already wrote "*". */
			
 
				-  if (policy->maskbits < 32 && policy->maskbits > 0) {
			
 
				+  /* If the maskbits is 32 (IPv4) or 128 (IPv6) we don't need to give it.  If
			
 
				+     the mask is 0, we already wrote "*". */
			
 
				+  if (policy->maskbits < (is_ip6?128:32) && policy->maskbits > 0) {
			
 
				     if (tor_snprintf(buf+written, buflen-written, "/%d", policy->maskbits)<0)
			
 
				       return -1;
			
 
				     written += strlen(buf+written);
			
--- a/src/or/rendservice.c
+++ b/src/or/rendservice.c
@@ -3038,7 +3038,8 @@ find_expiring_intro_point(rend_service_t *service, origin_circuit_t *circ)
 
				   tor_assert(TO_CIRCUIT(circ)->purpose == CIRCUIT_PURPOSE_S_ESTABLISH_INTRO ||
			
 
				              TO_CIRCUIT(circ)->purpose == CIRCUIT_PURPOSE_S_INTRO);
			
 
				 
			
 
				-  SMARTLIST_FOREACH(service->intro_nodes, rend_intro_point_t *, intro_point,
			
 
				+  SMARTLIST_FOREACH(service->expiring_nodes, rend_intro_point_t *,
			
 
				+                    intro_point,
			
 
				     if (crypto_pk_eq_keys(intro_point->intro_key, circ->intro_key)) {
			
 
				       return intro_point;
			
 
				   });
			
--- a/src/or/routerlist.c
+++ b/src/or/routerlist.c
@@ -1501,8 +1501,14 @@ router_pick_directory_server_impl(dirinfo_type_t type, int flags,
 
				     if ((type & EXTRAINFO_DIRINFO) &&
			
 
				         !router_supports_extrainfo(node->identity, is_trusted_extrainfo))
			
 
				       continue;
			
 
				-    if (for_guard && node->using_as_guard)
			
 
				-      continue; /* Don't make the same node a guard twice. */
			
 
				+    /* Don't make the same node a guard twice */
			
 
				+    if (for_guard && node->using_as_guard) {
			
 
				+      continue;
			
 
				+    }
			
 
				+    /* Ensure that a directory guard is actually a guard node. */
			
 
				+    if (for_guard && !node->is_possible_guard) {
			
 
				+      continue;
			
 
				+    }
			
 
				     if (try_excluding &&
			
 
				         routerset_contains_routerstatus(options->ExcludeNodes, status,
			
 
				                                         country)) {
			
--- a/src/or/torcert.c
+++ b/src/or/torcert.c
@@ -206,7 +206,11 @@ tor_cert_checksig(tor_cert_t *cert,
 
				     return -1;
			
 
				   } else {
			
 
				     cert->sig_ok = 1;
			
 
				-    memcpy(cert->signing_key.pubkey, checkable.pubkey->pubkey, 32);
			
 
				+    /* Only copy the checkable public key when it is different from the signing
			
 
				+     * key of the certificate to avoid undefined behavior. */
			
 
				+    if (cert->signing_key.pubkey != checkable.pubkey->pubkey) {
			
 
				+      memcpy(cert->signing_key.pubkey, checkable.pubkey->pubkey, 32);
			
 
				+    }
			
 
				     cert->cert_valid = 1;
			
 
				     return 0;
			
 
				   }