Bug#864488: unblock: tor/0.2.9.11-1
Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock
Please unblock package tor.
unblock tor/0.2.9.11-1
Version 0.2.9.11-1 contains fixes for an onion service related
denial of service issues, tracked as TROVE-2017-005, CVE-2017-0376,
Tor#22494, and Debian#864424. (Fix in stable and oldstable pending.)
While this is a new upstream version, I argue that the other fixes
are also sufficiently relevant and self-contained that we'd want them.
Please let me know if updating stretch through unstable is workable. If
not, I think the security team might be open to using this to test their
stretch release path. The latter would require an extra upload from me,
though.
diffstat:
ChangeLog | 74
ReleaseNotes | 74
configure.ac | 2
contrib/win32build/tor-mingw.nsi.in | 2
debian/changelog | 10
src/common/sandbox.c | 1
src/common/tortls.c | 30
src/common/tortls.h | 2
src/config/geoip |16029 +++++++++++++++++++++---------------
src/config/geoip6 | 2034 +++-
src/or/connection_or.c | 30
src/or/control.c | 2
src/or/dirserv.c | 18
src/or/fallback_dirs.inc | 179
src/or/geoip.c | 2
src/or/networkstatus.c | 5
src/or/relay.c | 3
src/test/test_link_handshake.c | 28
src/win32/orconfig.h | 2
19 files changed, 11644 insertions(+), 6883 deletions(-)
diff --git a/ChangeLog b/ChangeLog
index 203a21323..37e7dedca 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,77 @@
+Changes in version 0.2.9.11 - 2017-06-08
+ Tor 0.2.9.11 backports a fix for a bug that would allow an attacker to
+ remotely crash a hidden service with an assertion failure. Anyone
+ running a hidden service should upgrade to this version, or to some
+ other version with fixes for TROVE-2017-005. (Versions before 0.3.0
+ are not affected by TROVE-2017-004.)
+
+ Tor 0.2.9.11 also backports fixes for several key management bugs
+ that sometimes made relays unreliable, as well as several other
+ bugfixes described below.
+
+ o Major bugfixes (hidden service, relay, security, backport
+ from 0.3.1.3-alpha):
+ - Fix a remotely triggerable assertion failure caused by receiving a
+ BEGIN_DIR cell on a hidden service rendezvous circuit. Fixes bug
+ 22494, tracked as TROVE-2017-005 and CVE-2017-0376; bugfix
+ on 0.2.2.1-alpha.
+
+ o Major bugfixes (relay, link handshake, backport from 0.3.1.3-alpha):
+ - When performing the v3 link handshake on a TLS connection, report
+ that we have the x509 certificate that we actually used on that
+ connection, even if we have changed certificates since that
+ connection was first opened. Previously, we would claim to have
+ used our most recent x509 link certificate, which would sometimes
+ make the link handshake fail. Fixes one case of bug 22460; bugfix
+ on 0.2.3.6-alpha.
+
+ o Minor features (fallback directory list, backport from 0.3.1.3-alpha):
+ - Replace the 177 fallbacks originally introduced in Tor 0.2.9.8 in
+ December 2016 (of which ~126 were still functional) with a list of
+ 151 fallbacks (32 new, 119 unchanged, 58 removed) generated in May
+ 2017. Resolves ticket 21564.
+
+ o Minor features (future-proofing, backport from 0.3.0.7):
+ - Tor no longer refuses to download microdescriptors or descriptors if
+ they are listed as "published in the future". This change will
+ eventually allow us to stop listing meaningful "published" dates
+ in microdescriptor consensuses, and thereby allow us to reduce the
+ resources required to download consensus diffs by over 50%.
+ Implements part of ticket 21642; implements part of proposal 275.
+
+ o Minor features (directory authorities, backport from 0.3.0.4-rc)
+ - Directory authorities now reject relays running versions
+ 0.2.9.1-alpha through 0.2.9.4-alpha, because those relays
+ suffer from bug 20499 and don't keep their consensus cache
+ up-to-date. Resolves ticket 20509.
+
+ o Minor features (geoip):
+ - Update geoip and geoip6 to the May 2 2017 Maxmind GeoLite2
+ Country database.
+
+ o Minor bugfixes (control port, backport from 0.3.0.6):
+ - The GETINFO extra-info/digest/<digest> command was broken because
+ of a wrong base16 decode return value check, introduced when
+ refactoring that API. Fixes bug 22034; bugfix on 0.2.9.1-alpha.
+
+ o Minor bugfixes (correctness, backport from 0.3.1.3-alpha):
+ - Avoid undefined behavior when parsing IPv6 entries from the geoip6
+ file. Fixes bug 22490; bugfix on 0.2.4.6-alpha.
+
+ o Minor bugfixes (Linux seccomp2 sandbox, backport from 0.3.0.7):
+ - The getpid() system call is now permitted under the Linux seccomp2
+ sandbox, to avoid crashing with versions of OpenSSL (and other
+ libraries) that attempt to learn the process's PID by using the
+ syscall rather than the VDSO code. Fixes bug 21943; bugfix
+ on 0.2.5.1-alpha.
+
+ o Minor bugfixes (memory leak, directory authority, backport
+ from 0.3.1.2-alpha):
+ - When directory authorities reject a router descriptor due to
+ keypinning, free the router descriptor rather than leaking the
+ memory. Fixes bug 22370; bugfix on 0.2.7.2-alpha.
+
+
Changes in version 0.2.9.10 - 2017-03-01
Tor 0.2.9.10 backports a security fix for users who build Tor with
the --enable-expensive-hardening option. It also includes fixes for
diff --git a/ReleaseNotes b/ReleaseNotes
index 4c1bb3dd9..0057fbd44 100644
--- a/ReleaseNotes
+++ b/ReleaseNotes
[cut]
diff --git a/configure.ac b/configure.ac
index 095f37462..b295bf5a1 100644
--- a/configure.ac
+++ b/configure.ac
@@ -4,7 +4,7 @@ dnl Copyright (c) 2007-2015, The Tor Project, Inc.
dnl See LICENSE for licensing information
AC_PREREQ([2.63])
-AC_INIT([tor],[0.2.9.10])
+AC_INIT([tor],[0.2.9.11])
AC_CONFIG_SRCDIR([src/or/main.c])
AC_CONFIG_MACRO_DIR([m4])
diff --git a/contrib/win32build/tor-mingw.nsi.in b/contrib/win32build/tor-mingw.nsi.in
index 987aa01f2..1f7804638 100644
--- a/contrib/win32build/tor-mingw.nsi.in
+++ b/contrib/win32build/tor-mingw.nsi.in
@@ -8,7 +8,7 @@
!include "LogicLib.nsh"
!include "FileFunc.nsh"
!insertmacro GetParameters
-!define VERSION "0.2.9.10"
+!define VERSION "0.2.9.11"
!define INSTALLER "tor-${VERSION}-win32.exe"
!define WEBSITE "https://www.torproject.org/";
!define LICENSE "LICENSE"
diff --git a/debian/changelog b/debian/changelog
index 29cbbf0be..2387fc274 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,13 @@
+tor (0.2.9.11-1) unstable; urgency=high
+
+ * New upstream version.
+ - Fix a remotely triggerable assertion failure caused by receiving a
+ BEGIN_DIR cell on a hidden service rendezvous circuit. Fixes bug
+ 22494, tracked as TROVE-2017-005 and CVE-2017-0376; bugfix
+ on 0.2.2.1-alpha. (closes: #864424)
+
+ -- Peter Palfrader <weasel@debian.org> Thu, 08 Jun 2017 18:48:46 +0200
+
tor (0.2.9.10-1) unstable; urgency=medium
* New upstream version.
diff --git a/src/common/sandbox.c b/src/common/sandbox.c
index ebc843e13..95c9f83b8 100644
--- a/src/common/sandbox.c
+++ b/src/common/sandbox.c
@@ -155,6 +155,7 @@ static int filter_nopar_gen[] = {
#ifdef __NR_getgid32
SCMP_SYS(getgid32),
#endif
+ SCMP_SYS(getpid),
#ifdef __NR_getrlimit
SCMP_SYS(getrlimit),
#endif
diff --git a/src/common/tortls.c b/src/common/tortls.c
index 62ed5be34..d61cc2e58 100644
--- a/src/common/tortls.c
+++ b/src/common/tortls.c
@@ -677,6 +677,15 @@ MOCK_IMPL(STATIC tor_x509_cert_t *,
return cert;
}
+/** Return a new copy of <b>cert</b>. */
+tor_x509_cert_t *
+tor_x509_cert_dup(const tor_x509_cert_t *cert)
+{
+ tor_assert(cert);
+ X509 *x509 = cert->cert;
+ return tor_x509_cert_new(X509_dup(x509));
+}
+
/** Read a DER-encoded X509 cert, of length exactly <b>certificate_len</b>,
* from a <b>certificate</b>. Return a newly allocated tor_x509_cert_t on
* success and NULL on failure. */
@@ -2009,7 +2018,8 @@ tor_tls_peer_has_cert(tor_tls_t *tls)
return 1;
}
-/** Return the peer certificate, or NULL if there isn't one. */
+/** Return a newly allocated copy of the peer certificate, or NULL if there
+ * isn't one. */
MOCK_IMPL(tor_x509_cert_t *,
tor_tls_get_peer_cert,(tor_tls_t *tls))
{
@@ -2021,6 +2031,24 @@ tor_tls_get_peer_cert,(tor_tls_t *tls))
return tor_x509_cert_new(cert);
}
+/** Return a newly allocated copy of the cerficate we used on the connection,
+ * or NULL if somehow we didn't use one. */
+MOCK_IMPL(tor_x509_cert_t *,
+tor_tls_get_own_cert,(tor_tls_t *tls))
+{
+ X509 *cert = SSL_get_certificate(tls->ssl);
+ tls_log_errors(tls, LOG_WARN, LD_HANDSHAKE,
+ "getting own-connection certificate");
+ if (!cert)
+ return NULL;
+ /* Fun inconsistency: SSL_get_peer_certificate increments the reference
+ * count, but SSL_get_certificate does not. */
+ X509 *duplicate = X509_dup(cert);
+ if (BUG(duplicate == NULL))
+ return NULL;
+ return tor_x509_cert_new(duplicate);
+}
+
/** Warn that a certificate lifetime extends through a certain range. */
static void
log_cert_lifetime(int severity, const X509 *cert, const char *problem)
diff --git a/src/common/tortls.h b/src/common/tortls.h
index 7c035a2cd..f018c45c8 100644
--- a/src/common/tortls.h
+++ b/src/common/tortls.h
@@ -197,7 +197,9 @@ void tor_tls_set_renegotiate_callback(tor_tls_t *tls,
int tor_tls_is_server(tor_tls_t *tls);
void tor_tls_free(tor_tls_t *tls);
int tor_tls_peer_has_cert(tor_tls_t *tls);
+tor_x509_cert_t *tor_x509_cert_dup(const tor_x509_cert_t *cert);
MOCK_DECL(tor_x509_cert_t *,tor_tls_get_peer_cert,(tor_tls_t *tls));
+MOCK_DECL(tor_x509_cert_t *,tor_tls_get_own_cert,(tor_tls_t *tls));
int tor_tls_verify(int severity, tor_tls_t *tls, crypto_pk_t **identity);
int tor_tls_check_lifetime(int severity,
tor_tls_t *tls, int past_tolerance,
diff --git a/src/config/geoip b/src/config/geoip
index 90e7f4c43..02a4b3163 100644
--- a/src/config/geoip
+++ b/src/config/geoip
[cut]
diff --git a/src/config/geoip6 b/src/config/geoip6
index 70c6f965c..529dc8f8f 100644
--- a/src/config/geoip6
+++ b/src/config/geoip6
[cut]
diff --git a/src/or/connection_or.c b/src/or/connection_or.c
index 267c32dda..3b35d5e34 100644
--- a/src/or/connection_or.c
+++ b/src/or/connection_or.c
@@ -2137,7 +2137,9 @@ connection_or_send_netinfo,(or_connection_t *conn))
int
connection_or_send_certs_cell(or_connection_t *conn)
{
- const tor_x509_cert_t *link_cert = NULL, *id_cert = NULL;
+ const tor_x509_cert_t *global_link_cert = NULL, *id_cert = NULL,
+ *using_link_cert = NULL;
+ tor_x509_cert_t *own_link_cert = NULL;
const uint8_t *link_encoded = NULL, *id_encoded = NULL;
size_t link_len, id_len;
var_cell_t *cell;
@@ -2149,9 +2151,15 @@ connection_or_send_certs_cell(or_connection_t *conn)
if (! conn->handshake_state)
return -1;
const int conn_in_server_mode = ! conn->handshake_state->started_here;
- if (tor_tls_get_my_certs(conn_in_server_mode, &link_cert, &id_cert) < 0)
+ if (tor_tls_get_my_certs(conn_in_server_mode,
+ &global_link_cert, &id_cert) < 0)
return -1;
- tor_x509_cert_get_der(link_cert, &link_encoded, &link_len);
+ if (conn_in_server_mode) {
+ using_link_cert = own_link_cert = tor_tls_get_own_cert(conn->tls);
+ } else {
+ using_link_cert = global_link_cert;
+ }
+ tor_x509_cert_get_der(using_link_cert, &link_encoded, &link_len);
tor_x509_cert_get_der(id_cert, &id_encoded, &id_len);
cell_len = 1 /* 1 byte: num certs in cell */ +
@@ -2179,6 +2187,7 @@ connection_or_send_certs_cell(or_connection_t *conn)
connection_or_write_var_cell_to_buf(cell, conn);
var_cell_free(cell);
+ tor_x509_cert_free(own_link_cert);
return 0;
}
@@ -2258,10 +2267,10 @@ connection_or_compute_authenticate_cell_body(or_connection_t *conn,
memcpy(auth1_getarray_type(auth), "AUTH0001", 8);
{
- const tor_x509_cert_t *id_cert=NULL, *link_cert=NULL;
+ const tor_x509_cert_t *id_cert=NULL;
const common_digests_t *my_digests, *their_digests;
const uint8_t *my_id, *their_id, *client_id, *server_id;
- if (tor_tls_get_my_certs(server, &link_cert, &id_cert))
+ if (tor_tls_get_my_certs(server, NULL, &id_cert))
goto err;
my_digests = tor_x509_cert_get_id_digests(id_cert);
their_digests =
@@ -2300,13 +2309,11 @@ connection_or_compute_authenticate_cell_body(or_connection_t *conn,
{
/* Digest of cert used on TLS link : 32 octets. */
- const tor_x509_cert_t *cert = NULL;
- tor_x509_cert_t *freecert = NULL;
+ tor_x509_cert_t *cert = NULL;
if (server) {
- tor_tls_get_my_certs(1, &cert, NULL);
+ cert = tor_tls_get_own_cert(conn->tls);
} else {
- freecert = tor_tls_get_peer_cert(conn->tls);
- cert = freecert;
+ cert = tor_tls_get_peer_cert(conn->tls);
}
if (!cert) {
log_warn(LD_OR, "Unable to find cert when making AUTH1 data.");
@@ -2316,8 +2323,7 @@ connection_or_compute_authenticate_cell_body(or_connection_t *conn,
memcpy(auth->scert,
tor_x509_cert_get_cert_digests(cert)->d[DIGEST_SHA256], 32);
- if (freecert)
- tor_x509_cert_free(freecert);
+ tor_x509_cert_free(cert);
}
/* HMAC of clientrandom and serverrandom using master key : 32 octets */
diff --git a/src/or/control.c b/src/or/control.c
index c8c5062e8..1bf1e33bb 100644
--- a/src/or/control.c
+++ b/src/or/control.c
@@ -2055,7 +2055,7 @@ getinfo_helper_dir(control_connection_t *control_conn,
char d[DIGEST_LEN];
signed_descriptor_t *sd = NULL;
if (base16_decode(d, sizeof(d), question, strlen(question))
- != sizeof(d)) {
+ == sizeof(d)) {
/* XXXX this test should move into extrainfo_get_by_descriptor_digest,
* but I don't want to risk affecting other parts of the code,
* especially since the rules for using our own extrainfo (including
diff --git a/src/or/dirserv.c b/src/or/dirserv.c
index fa3938b5e..72441081c 100644
--- a/src/or/dirserv.c
+++ b/src/or/dirserv.c
@@ -383,6 +383,17 @@ dirserv_get_status_impl(const char *id_digest, const char *nickname,
return FP_REJECT;
}
+ /* Tor 0.2.9.x where x<5 suffers from bug #20499, where relays don't
+ * keep their consensus up to date so they make bad guards.
+ * The simple fix is to just drop them from the network. */
+ if (platform &&
+ tor_version_as_new_as(platform,"0.2.9.0-alpha") &&
+ !tor_version_as_new_as(platform,"0.2.9.5-alpha")) {
+ if (msg)
+ *msg = "Tor version contains bug 20499. Please upgrade!";
+ return FP_REJECT;
+ }
+
status_by_digest = digestmap_get(fingerprint_list->status_by_digest,
id_digest);
if (status_by_digest)
@@ -615,7 +626,11 @@ dirserv_add_multiple_descriptors(const char *desc, uint8_t purpose,
* passed back to the origin of this descriptor, or NULL if there is no such
* message. Use <b>source</b> to produce better log messages.
*
- * Return the status of the operation
+ * If <b>ri</b> is not added to the list of server descriptors, free it.
+ * That means the caller must not access <b>ri</b> after this function
+ * returns, since it might have been freed.
+ *
+ * Return the status of the operation.
*
* This function is only called when fresh descriptors are posted, not when
* we re-load the cache.
@@ -688,6 +703,7 @@ dirserv_add_descriptor(routerinfo_t *ri, const char **msg, const char *source)
"its key did not match an older RSA/Ed25519 keypair",
router_describe(ri), source);
*msg = "Looks like your keypair does not match its older value.";
+ routerinfo_free(ri);
return ROUTER_AUTHDIR_REJECTS;
}
diff --git a/src/or/fallback_dirs.inc b/src/or/fallback_dirs.inc
index be94ff50f..cc37e5f9a 100644
--- a/src/or/fallback_dirs.inc
+++ b/src/or/fallback_dirs.inc
@@ -1,54 +1,58 @@
-/* Whitelist & blacklist excluded 1177 of 1389 candidates. */
+/* Whitelist & blacklist excluded 1326 of 1513 candidates. */
/* To comment-out entries in this file, use C comments, and add * to the start of each line. (stem finds fallback entries using " at the start of a line.) */
/* Checked IPv4 DirPorts served a consensus within 15.0s. */
/*
-Final Count: 177 (Eligible 212, Target 392 (1963 * 0.20), Max 200)
-Excluded: 35 (Same Operator 35, Failed/Skipped Download 0, Excess 0)
-Bandwidth Range: 1.2 - 107.3 MByte/s
+Final Count: 151 (Eligible 187, Target 392 (1963 * 0.20), Max 200)
+Excluded: 36 (Same Operator 27, Failed/Skipped Download 9, Excess 0)
+Bandwidth Range: 1.3 - 40.0 MByte/s
*/
/*
-Onionoo Source: details Date: 2016-12-19 03:00:00 Version: 3.1
-URL: https:onionoo.torproject.orgdetails?fields=fingerprint%2Cnickname%2Ccontact%2Clast_changed_address_or_port%2Cconsensus_weight%2Cadvertised_bandwidth%2Cor_addresses%2Cdir_address%2Crecommended_version%2Cflags%2Ceffective_family%2Cplatform&flag=V2Dir&type=relay&last_seen_days=-0&first_seen_days=7-
+Onionoo Source: details Date: 2017-05-16 07:00:00 Version: 4.0
+URL: https:onionoo.torproject.orgdetails?fields=fingerprint%2Cnickname%2Ccontact%2Clast_changed_address_or_port%2Cconsensus_weight%2Cadvertised_bandwidth%2Cor_addresses%2Cdir_address%2Crecommended_version%2Cflags%2Ceffective_family%2Cplatform&flag=V2Dir&type=relay&last_seen_days=-0&first_seen_days=30-
*/
/*
-Onionoo Source: uptime Date: 2016-12-19 03:00:00 Version: 3.1
-URL: https:onionoo.torproject.orguptime?first_seen_days=7-&flag=V2Dir&type=relay&last_seen_days=-0
+Onionoo Source: uptime Date: 2017-05-16 07:00:00 Version: 4.0
+URL: https:onionoo.torproject.orguptime?first_seen_days=30-&flag=V2Dir&type=relay&last_seen_days=-0
*/
-"185.13.39.197:80 orport=443 id=001524DD403D729F08F7E5D77813EF12756CFA8D"
+"176.10.104.240:80 orport=443 id=0111BA9B604669E636FFD5B503F382A4B7AD6E80"
" weight=10",
-"185.100.85.61:80 orport=443 id=025B66CEBC070FCB0519D206CF0CF4965C20C96E"
+"193.171.202.146:9030 orport=9001 id=01A9258A46E97FF8B2CAC7910577862C14F2C524"
" weight=10",
-"62.210.92.11:9030 orport=9001 id=0266B0660F3F20A7D1F3D8335931C95EF50F6C6B"
-" ipv6=[2001:bc8:338c::1]:9001"
+"185.100.85.61:80 orport=443 id=025B66CEBC070FCB0519D206CF0CF4965C20C96E"
" weight=10",
"185.97.32.18:9030 orport=9001 id=04250C3835019B26AA6764E85D836088BE441088"
" weight=10",
-"92.222.20.130:80 orport=443 id=0639612FF149AA19DF3BCEA147E5B8FED6F3C87C"
+"5.9.110.236:9030 orport=9001 id=0756B7CD4DFC8182BE23143FAC0642F515182CEB"
+" ipv6=[2a01:4f8:162:51e2::2]:9001"
+" weight=10",
+"109.163.234.8:80 orport=443 id=0818DAE0E2DDF795AEDEAC60B15E71901084F281"
" weight=10",
"163.172.149.155:80 orport=443 id=0B85617241252517E8ECF2CFC7F4C1A32DCD153F"
" weight=10",
"5.39.92.199:80 orport=443 id=0BEA4A88D069753218EAAAD6D22EA87B9A1319D6"
" ipv6=[2001:41d0:8:b1c7::1]:443"
" weight=10",
-"163.172.25.118:80 orport=22 id=0CF8F3E6590F45D50B70F2F7DA6605ECA6CD408F"
-" weight=10",
"178.62.197.82:80 orport=443 id=0D3EBA17E1C78F1E9900BABDB23861D46FCAF163"
" weight=10",
"185.100.86.100:80 orport=443 id=0E8C0C8315B66DB5F703804B3889A1DD66C67CE0"
" weight=10",
-"5.9.159.14:9030 orport=9001 id=0F100F60C7A63BED90216052324D29B08CFCF797"
+"95.85.8.226:80 orport=443 id=1211AC1BBB8A1AF7CBA86BCE8689AA3146B86423"
" weight=10",
"193.11.114.43:9030 orport=9001 id=12AD30E5D25AA67F519780E2111E611A455FDC89"
" ipv6=[2001:6b0:30:1000::99]:9050"
" weight=10",
"37.157.195.87:8030 orport=443 id=12FD624EE73CEF37137C90D38B2406A66F68FAA2"
" weight=10",
+"178.16.208.59:80 orport=443 id=136F9299A5009A4E0E96494E723BDB556FB0A26B"
+" ipv6=[2a00:1c20:4089:1234:bff6:e1bb:1ce3:8dc6]:443"
+" weight=10",
+"144.76.14.145:110 orport=143 id=14419131033443AE6E21DA82B0D307F7CAE42BDB"
+" ipv6=[2a01:4f8:190:9490::dead]:443"
+" weight=10",
"178.62.60.37:80 orport=443 id=175921396C7C426309AB03775A9930B6F611F794"
" weight=10",
"204.11.50.131:9030 orport=9001 id=185F2A57B0C4620582602761097D17DB81654F70"
" weight=10",
-"92.222.4.102:9030 orport=9001 id=1A6B8B8272632D8AD38442027F822A367128405C"
-" weight=10",
"5.9.158.75:80 orport=443 id=1AF72E8906E6C49481A791A6F8F84F8DFEBBB2BA"
" ipv6=[2a01:4f8:190:514a::2]:443"
" weight=10",
@@ -56,31 +60,22 @@ URL: https:onionoo.torproject.orguptime?first_seen_days=7-&flag=V2Dir&type=relay
" weight=10",
"91.219.237.229:80 orport=443 id=1ECD73B936CB6E6B3CD647CC204F108D9DF2C9F7"
" weight=10",
-"5.9.146.203:80 orport=443 id=1F45542A24A61BF9408F1C05E0DCE4E29F2CBA11"
-" weight=10",
"212.47.229.2:9030 orport=9001 id=20462CBA5DA4C2D963567D17D0B7249718114A68"
" ipv6=[2001:bc8:4400:2100::f03]:9001"
" weight=10",
-"91.219.236.222:80 orport=443 id=20704E7DD51501DC303FA51B738D7B7E61397CF6"
-" weight=10",
"144.76.163.93:9030 orport=9001 id=22F08CF09764C4E8982640D77F71ED72FF26A9AC"
" weight=10",
"163.172.176.167:80 orport=443 id=230A8B2A8BA861210D9B4BA97745AEC217A94207"
" weight=10",
+"37.200.98.5:80 orport=443 id=231C2B9C8C31C295C472D031E06964834B745996"
+" ipv6=[2a00:1158:3::11a]:993"
+" weight=10",
"212.47.240.10:82 orport=443 id=2A4C448784F5A83AFE6C78DA357D5E31F7989DEB"
" weight=10",
"144.76.26.175:9012 orport=9011 id=2BA2C8E96B2590E1072AECE2BDB5C48921BF8510"
" weight=10",
-"178.16.208.56:80 orport=443 id=2CDCFED0142B28B002E89D305CBA2E26063FADE2"
-" ipv6=[2a00:1c20:4089:1234:cd49:b58a:9ebe:67ec]:443"
-" weight=10",
-"62.210.124.124:9130 orport=9101 id=2EBD117806EE43C3CC885A8F1E4DC60F207E7D3E"
-" ipv6=[2001:bc8:3f23:100::1]:9101"
-" weight=10",
"97.74.237.196:9030 orport=9001 id=2F0F32AB1E5B943CA7D062C03F18960C86E70D94"
" weight=10",
-"213.61.66.118:9031 orport=9001 id=30648BC64CEDB3020F4A405E4AB2A6347FB8FA22"
-" weight=10",
"107.170.101.39:9030 orport=443 id=30973217E70AF00EBE51797FF6D9AA720A902EAA"
" weight=10",
"64.113.32.29:9030 orport=9001 id=30C19B81981F450C402306E2E7CFB6C3F79CB6B2"
@@ -90,21 +85,16 @@ URL: https:onionoo.torproject.orguptime?first_seen_days=7-&flag=V2Dir&type=relay
"109.105.109.162:52860 orport=60784 id=32EE911D968BE3E016ECA572BB1ED0A9EE43FC2F"
" ipv6=[2001:948:7:2::163]:5001"
" weight=10",
-"185.100.84.212:80 orport=443 id=330CD3DB6AD266DC70CDB512B036957D03D9BC59"
-" ipv6=[2a06:1700:0:7::1]:443"
-" weight=10",
"163.172.13.165:9030 orport=9001 id=33DA0CAB7C27812EFF2E22C9705630A54D101FEB"
" ipv6=[2001:bc8:38cb:201::8]:9001"
" weight=10",
-"45.62.255.25:80 orport=443 id=3473ED788D9E63361D1572B7E82EC54338953D2A"
-" weight=10",
"217.79.190.25:9030 orport=9090 id=361D33C96D0F161275EE67E2C91EE10B276E778B"
" weight=10",
"37.187.22.87:9030 orport=9001 id=36B9E7AC1E36B62A9D6F330ABEB6012BA7F0D400"
" ipv6=[2001:41d0:a:1657::1]:9001"
" weight=10",
-"176.126.252.12:21 orport=8080 id=379FB450010D17078B3766C2273303C358C3A442"
-" ipv6=[2a02:59e0:0:7::12]:81"
+"62.210.92.11:9130 orport=9101 id=387B065A38E4DAA16D9D41C2964ECBC4B31D30FF"
+" ipv6=[2001:bc8:338c::1]:9101"
" weight=10",
"198.50.191.95:80 orport=443 id=39F096961ED2576975C866D450373A9913AFDC92"
" weight=10",
@@ -112,13 +102,11 @@ URL: https:onionoo.torproject.orguptime?first_seen_days=7-&flag=V2Dir&type=relay
" weight=10",
"212.47.230.49:9030 orport=9001 id=3D6D0771E54056AEFC28BB1DE816951F11826E97"
" weight=10",
+"176.10.107.180:9030 orport=9001 id=3D7E274A87D9A89AF064C13D1EE4CA1F184F2600"
+" weight=10",
"217.79.179.177:9030 orport=9001 id=3E53D3979DB07EFD736661C934A1DED14127B684"
" ipv6=[2001:4ba0:fff9:131:6c4f::90d3]:9001"
" weight=10",
-"212.47.237.95:9030 orport=9001 id=3F5D8A879C58961BB45A3D26AC41B543B40236D6"
-" weight=10",
-"185.100.85.101:9030 orport=9001 id=4061C553CA88021B8302F0814365070AAE617270"
-" weight=10",
"178.62.86.96:9030 orport=9001 id=439D0447772CB107B886F7782DBC201FA26B92D1"
" ipv6=[2a03:b0c0:1:d0::3cf:7001]:9050"
" weight=10",
@@ -143,8 +131,6 @@ URL: https:onionoo.torproject.orguptime?first_seen_days=7-&flag=V2Dir&type=relay
"81.7.16.182:80 orport=443 id=51E1CF613FD6F9F11FE24743C91D6F9981807D82"
" ipv6=[2a02:180:1:1::517:10b6]:993"
" weight=10",
-"138.201.130.32:9030 orport=9001 id=52AEA31188331F421B2EDB494DB65CD181E5B257"
-" weight=10",
"94.23.204.175:9030 orport=9001 id=5665A3904C89E22E971305EE8C1997BCA4123C69"
" weight=10",
"95.130.12.119:80 orport=443 id=587E0A9552E4274B251F29B5B2673D38442EE4BF"
@@ -154,37 +140,30 @@ URL: https:onionoo.torproject.orguptime?first_seen_days=7-&flag=V2Dir&type=relay
" weight=10",
"78.142.142.246:80 orport=443 id=5A5E03355C1908EBF424CAF1F3ED70782C0D2F74"
" weight=10",
-"46.28.207.19:80 orport=443 id=5B92FA5C8A49D46D235735504C72DBB3472BA321"
-" weight=10",
"120.29.217.46:80 orport=443 id=5E853C94AB1F655E9C908924370A0A6707508C62"
" weight=10",
+"109.163.234.5:80 orport=443 id=5EB8D862E70981B8690DEDEF546789E26AB2BD24"
+" weight=10",
"95.128.43.164:80 orport=443 id=616081EC829593AF4232550DE6FFAA1D75B37A90"
" ipv6=[2a02:ec0:209:10::4]:443"
" weight=10",
-"195.154.122.54:80 orport=443 id=64E99CB34C595A02A3165484BD1215E7389322C6"
-" weight=10",
"163.172.139.104:8080 orport=443 id=68F175CCABE727AA2D2309BCD8789499CEE36ED7"
" weight=10",
"85.214.62.48:80 orport=443 id=6A7551EEE18F78A9813096E82BF84F740D32B911"
" weight=10",
-"95.130.11.147:9030 orport=443 id=6B697F3FF04C26123466A5C0E5D1F8D91925967A"
-" weight=10",
-"91.121.84.137:4951 orport=4051 id=6DE61A6F72C1E5418A66BFED80DFB63E4C77668F"
-" ipv6=[2001:41d0:1:8989::1]:4051"
-" weight=10",
-"213.61.66.117:9032 orport=9002 id=6E44A52E3D1FF7683FE5C399C3FB5E912DE1C6B4"
-" weight=10",
"80.127.137.19:80 orport=443 id=6EF897645B79B6CB35E853B32506375014DE3621"
" ipv6=[2001:981:47c1:1::6]:443"
" weight=10",
"95.183.48.12:80 orport=443 id=7187CED1A3871F837D0E60AC98F374AC541CB0DA"
" weight=10",
-"163.172.35.247:80 orport=443 id=71AB4726D830FAE776D74AEF790CF04D8E0151B4"
+"85.214.151.72:9030 orport=9001 id=722D365140C8C52DBB3C9FF6986E3CEFFE2BA812"
" weight=10",
"85.235.250.88:80 orport=443 id=72B2B12A3F60408BDBC98C6DF53988D3A0B3F0EE"
" weight=10",
-"46.101.237.246:9030 orport=9001 id=75F1992FD3F403E9C082A5815EB5D12934CDF46C"
-" ipv6=[2a03:b0c0:3:d0::208:5001]:9050"
+"176.31.191.26:80 orport=443 id=7350AB9ED7568F22745198359373C04AC783C37C"
+" weight=10",
+"134.119.36.135:80 orport=443 id=763C9556602BD6207771A7A3D958091D44C43228"
+" ipv6=[2a00:1158:3::2a8]:993"
" weight=10",
"188.166.133.133:9030 orport=9001 id=774555642FDC1E1D4FDF2E0C31B7CA9501C5C9C7"
" ipv6=[2a03:b0c0:2:d0::5:f001]:9001"
@@ -192,12 +171,8 @@ URL: https:onionoo.torproject.orguptime?first_seen_days=7-&flag=V2Dir&type=relay
"81.30.158.213:9030 orport=9001 id=789EA6C9AE9ADDD8760903171CFA9AC5741B0C70"
" ipv6=[2001:4ba0:cafe:e84::1]:9001"
" weight=10",
-"185.11.180.67:80 orport=9001 id=794D8EA8343A4E820320265D05D4FA83AB6D1778"
-" weight=10",
"171.25.193.131:80 orport=443 id=79861CF8522FC637EF046F7688F5289E49D94576"
" weight=10",
-"62.210.129.246:80 orport=443 id=79E169B25E4C7CE99584F6ED06F379478F23E2B8"
-" weight=10",
"82.223.21.74:9030 orport=9001 id=7A32C9519D80CA458FC8B034A28F5F6815649A98"
" ipv6=[2001:470:53e0::cafe]:9050"
" weight=10",
@@ -210,9 +185,6 @@ URL: https:onionoo.torproject.orguptime?first_seen_days=7-&flag=V2Dir&type=relay
" weight=10",
"192.87.28.82:9030 orport=9001 id=844AE9CAD04325E955E2BE1521563B79FE7094B7"
" weight=10",
-"163.172.138.22:80 orport=443 id=8664DC892540F3C789DB37008236C096C871734D"
-" ipv6=[2001:bc8:4400:2100::1:3]:443"
-" weight=10",
"188.166.23.127:80 orport=443 id=8672E8A01B4D3FA4C0BBE21C740D4506302EA487"
" ipv6=[2a03:b0c0:2:d0::27b:7001]:9050"
" weight=10",
@@ -221,6 +193,7 @@ URL: https:onionoo.torproject.orguptime?first_seen_days=7-&flag=V2Dir&type=relay
"212.47.241.21:80 orport=443 id=892F941915F6A0C6E0958E52E0A9685C190CF45C"
" weight=10",
"163.172.194.53:9030 orport=9001 id=8C00FA7369A7A308F6A137600F0FA07990D9D451"
+" ipv6=[2001:bc8:225f:142:6c69:7461:7669:73]:9001"
" weight=10",
"178.254.44.135:9030 orport=9001 id=8FA37B93397015B2BC5A525C908485260BE9F422"
" weight=10",
@@ -238,12 +211,6 @@ URL: https:onionoo.torproject.orguptime?first_seen_days=7-&flag=V2Dir&type=relay
" weight=10",
"204.8.156.142:80 orport=443 id=94C4B7B8C50C86A92B6A20107539EE2678CF9A28"
" weight=10",
-"176.10.104.243:8080 orport=8443 id=95DA61AEF23A6C851028C1AA88AD8593F659E60F"
-" weight=10",
-"85.10.202.87:9030 orport=9001 id=971AFB23C168DCD8EDA17473C1C452B359DE3A5A"
-" weight=10",
-"85.214.206.219:9030 orport=9001 id=98F8D5F359949E41DE8DF3DBB1975A86E96A84A0"
-" weight=10",
"163.172.223.200:80 orport=443 id=998BF3ED7F70E33D1C307247B9626D9E7573C438"
" weight=10",
"81.7.10.93:31336 orport=31337 id=99E246DB480B313A3012BC3363093CC26CD209C7"
@@ -252,18 +219,20 @@ URL: https:onionoo.torproject.orguptime?first_seen_days=7-&flag=V2Dir&type=relay
" weight=10",
"66.111.2.20:9030 orport=9001 id=9A68B85A02318F4E7E87F2828039FBD5D75B0142"
" weight=10",
-"5.35.251.247:9030 orport=9001 id=9B1F5187DFBA89DC24B37EA7BF896C12B43A27AE"
+"185.100.86.128:9030 orport=9001 id=9B31F1F1C1554F9FFB3455911F82E818EF7C7883"
" weight=10",
"5.9.151.241:9030 orport=4223 id=9BF04559224F0F1C3C953D641F1744AF0192543A"
+" ipv6=[2a01:4f8:190:34f0::2]:4223"
" weight=10",
"86.105.212.130:9030 orport=443 id=9C900A7F6F5DD034CFFD192DAEC9CCAA813DB022"
" weight=10",
-"146.185.177.103:80 orport=9030 id=9EC5E097663862DF861A18C32B37C5F82284B27D"
-" weight=10",
"178.254.20.134:80 orport=443 id=9F5068310818ED7C70B0BC4087AB55CB12CB4377"
" weight=10",
"46.28.110.244:80 orport=443 id=9F7D6E6420183C2B76D3CE99624EBC98A21A967E"
" weight=10",
+"91.121.84.137:4952 orport=4052 id=9FBEB75E8BC142565F12CBBE078D63310236A334"
+" ipv6=[2001:41d0:1:8989::1]:4052"
+" weight=10",
"178.62.22.36:80 orport=443 id=A0766C0D3A667A3232C7D569DE94A28F9922FCB1"
" ipv6=[2a03:b0c0:1:d0::174:1]:9050"
" weight=10",
@@ -273,47 +242,38 @@ URL: https:onionoo.torproject.orguptime?first_seen_days=7-&flag=V2Dir&type=relay
"171.25.193.78:80 orport=443 id=A478E421F83194C114F41E94F95999672AED51FE"
" ipv6=[2001:67c:289c:3::78]:443"
" weight=10",
-"178.16.208.58:80 orport=443 id=A4C98CEA3F34E05299417E9F885A642C88EF6029"
-" ipv6=[2a00:1c20:4089:1234:cdae:1b3e:cc38:3d45]:443"
-" weight=10",
"163.172.149.122:80 orport=443 id=A9406A006D6E7B5DA30F2C6D4E42A338B5E340B2"
" weight=10",
-"213.61.66.116:9033 orport=9003 id=A9DEB920B42B4EC1DE6249034039B06D61F38690"
-" weight=10",
"192.34.63.137:9030 orport=443 id=ABCB4965F1FEE193602B50A365425105C889D3F8"
" weight=10",
-"195.154.164.243:80 orport=443 id=AC66FFA4AB35A59EBBF5BF4C70008BF24D8A7A5C"
+"109.163.234.9:80 orport=443 id=ABF7FBF389C9A747938B639B20E80620B460B2A9"
" weight=10",
"86.59.119.88:80 orport=443 id=ACD889D86E02EDDAB1AFD81F598C0936238DC6D0"
" weight=10",
"185.129.62.62:9030 orport=9001 id=ACDD9E85A05B127BA010466C13C8C47212E8A38F"
" ipv6=[2a06:d380:0:3700::62]:9001"
" weight=10",
-"188.40.128.246:9030 orport=9001 id=AD19490C7DBB26D3A68EFC824F67E69B0A96E601"
-" weight=10",
"163.172.131.88:80 orport=443 id=AD253B49E303C6AB1E048B014392AC569E8A7DAE"
" ipv6=[2001:bc8:4400:2100::2:1009]:443"
" weight=10",
-"176.10.104.240:8080 orport=8443 id=AD86CD1A49573D52A7B6F4A35750F161AAD89C88"
-" weight=10",
"31.185.104.20:80 orport=443 id=ADB2C26629643DBB9F8FE0096E7D16F9414B4F8D"
" weight=10",
"37.187.7.74:80 orport=443 id=AEA43CB1E47BE5F8051711B2BF01683DB1568E05"
" ipv6=[2001:41d0:a:74a::1]:443"
" weight=10",
-"176.126.252.11:443 orport=9001 id=B0279A521375F3CB2AE210BDBFC645FDD2E1973A"
-" ipv6=[2a02:59e0:0:7::11]:9003"
+"46.28.205.170:80 orport=443 id=AF322D83A4D2048B22F7F1AF5F38AFF4D09D0B76"
" weight=10",
-"212.129.62.232:80 orport=443 id=B143D439B72D239A419F8DCE07B8A8EB1B486FA7"
+"5.9.147.226:9030 orport=9001 id=B0553175AADB0501E5A61FC61CEA3970BE130FF2"
" weight=10",
-"185.66.250.141:9030 orport=9001 id=B1726B94885CE3AC3910CA8B60622B97B98E2529"
+"212.129.62.232:80 orport=443 id=B143D439B72D239A419F8DCE07B8A8EB1B486FA7"
" weight=10",
"198.199.64.217:80 orport=443 id=B1D81825CFD7209BD1B4520B040EF5653C204A23"
" ipv6=[2604:a880:400:d0::1a9:b001]:9050"
" weight=10",
"136.243.214.137:80 orport=443 id=B291D30517D23299AD7CEE3E60DFE60D0E3A4664"
" weight=10",
-"212.47.233.86:9030 orport=9001 id=B4CAFD9CBFB34EC5DAAC146920DC7DFAFE91EA20"
+"178.16.208.60:80 orport=443 id=B44FBE5366AD98B46D829754FA4AC599BAE41A6A"
+" ipv6=[2a00:1c20:4089:1234:67bc:79f3:61c0:6e49]:443"
" weight=10",
"93.115.97.242:9030 orport=9001 id=B5212DB685A2A0FCFBAE425738E478D12361710D"
" weight=10",
@@ -325,20 +285,14 @@ URL: https:onionoo.torproject.orguptime?first_seen_days=7-&flag=V2Dir&type=relay
"85.248.227.164:444 orport=9002 id=B84F248233FEA90CAD439F292556A3139F6E1B82"
" ipv6=[2a00:1298:8011:212::164]:9004"
" weight=10",
-"197.231.221.211:9030 orport=9001 id=BC630CBBB518BE7E9F4E09712AB0269E9DC7D626"
-" weight=10",
"89.163.247.43:9030 orport=9001 id=BC7ACFAC04854C77167C7D66B7E471314ED8C410"
+" ipv6=[2001:4ba0:fff7:25::5]:9001"
" weight=10",
"198.96.155.3:8080 orport=5001 id=BCEDF6C193AA687AE471B8A22EBF6BC57C2D285E"
" weight=10",
"128.199.55.207:9030 orport=9001 id=BCEF908195805E03E92CCFE669C48738E556B9C5"
" ipv6=[2a03:b0c0:2:d0::158:3001]:9001"
" weight=10",
-"148.251.190.229:9030 orport=9010 id=BF0FB582E37F738CD33C3651125F2772705BB8E8"
-" ipv6=[2a01:4f8:211:c68::2]:9010"
-" weight=10",
-"163.172.35.249:80 orport=443 id=C08DE49658E5B3CFC6F2A952B453C4B608C9A16A"
-" weight=10",
"185.35.202.221:9030 orport=9001 id=C13B91384CDD52A871E3ECECE4EF74A7AC7DCB08"
" ipv6=[2a02:ed06::221]:9001"
" weight=10",
@@ -347,16 +301,21 @@ URL: https:onionoo.torproject.orguptime?first_seen_days=7-&flag=V2Dir&type=relay
" weight=10",
"188.138.112.60:1433 orport=1521 id=C414F28FD2BEC1553024299B31D4E726BEB8E788"
" weight=10",
-"37.59.46.159:9030 orport=9001 id=CBD0D1BD110EC52963082D839AC6A89D0AE243E7"
+"85.248.227.163:443 orport=9001 id=C793AB88565DDD3C9E4C6F15CCB9D8C7EF964CE9"
+" ipv6=[2a00:1298:8011:212::163]:9003"
" weight=10",
"178.62.199.226:80 orport=443 id=CBEFF7BA4A4062045133C053F2D70524D8BBE5BE"
" ipv6=[2a03:b0c0:2:d0::b7:5001]:443"
" weight=10",
"134.119.3.164:9030 orport=9001 id=D1B8AAA98C65F3DF7D8BB3AF881CAEB84A33D8EE"
" weight=10",
-"185.13.38.75:9030 orport=9001 id=D2A1703758A0FBBA026988B92C2F88BAB59F9361"
+"31.171.155.108:9030 orport=9001 id=D3E5EDDBE5159388704D6785BE51930AAFACEC6F"
" weight=10",
-"37.221.162.226:9030 orport=9001 id=D64366987CB39F61AD21DBCF8142FA0577B92811"
+"37.187.115.157:9030 orport=9001 id=D5039E1EBFD96D9A3F9846BF99EC9F75EDDE902A"
+" weight=10",
+"166.82.21.200:9030 orport=9029 id=D5C33F3E203728EDF8361EA868B2939CCC43FAFB"
+" weight=10",
+"185.14.185.240:9030 orport=443 id=D62FB817B0288085FAC38A6DC8B36DCD85B70260"
" weight=10",
"46.101.169.151:9030 orport=9001 id=D760C5B436E42F93D77EF2D969157EEA14F9B39C"
" ipv6=[2a03:b0c0:3:d0::74f:a001]:9001"
@@ -371,34 +330,26 @@ URL: https:onionoo.torproject.orguptime?first_seen_days=7-&flag=V2Dir&type=relay
"178.62.173.203:9030 orport=9001 id=DD85503F2D1F52EF9EAD621E942298F46CD2FC10"
" ipv6=[2a03:b0c0:0:1010::a4:b001]:9001"
" weight=10",
-"83.212.99.68:80 orport=443 id=DDBB2A38252ADDA53E4492DDF982CA6CC6E10EC0"
-" ipv6=[2001:648:2ffc:1225:a800:bff:fe3d:67b5]:443"
-" weight=10",
"5.34.183.205:80 orport=443 id=DDD7871C1B7FA32CB55061E08869A236E61BDDF8"
" weight=10",
-"167.114.66.61:9696 orport=443 id=DE6CD5F09DF26076F26321B0BDFBE78ACD935C65"
-" ipv6=[2607:5300:100::78d]:443"
-" weight=10",
"78.24.75.53:9030 orport=9001 id=DEB73705B2929AE9BE87091607388939332EF123"
" weight=10",
"92.222.38.67:80 orport=443 id=DED6892FF89DBD737BA689698A171B2392EB3E82"
" weight=10",
-"217.12.199.208:80 orport=443 id=DF3AED4322B1824BF5539AE54B2D1B38E080FF05"
-" ipv6=[2a02:27a8:0:2::7e]:443"
+"166.70.207.2:9030 orport=9001 id=E3DB2E354B883B59E8DC56B3E7A353DDFD457812"
" weight=10",
-"167.114.35.28:9030 orport=9001 id=E65D300F11E1DB12C534B0146BDAB6972F1A8A48"
+"46.252.26.2:45212 orport=49991 id=E589316576A399C511A9781A73DA4545640B479D"
" weight=10",
-"212.47.244.38:8080 orport=443 id=E81EF60A73B3809F8964F73766B01BAA0A171E20"
+"167.114.35.28:9030 orport=9001 id=E65D300F11E1DB12C534B0146BDAB6972F1A8A48"
" weight=10",
"131.188.40.188:443 orport=80 id=EBE718E1A49EE229071702964F8DB1F318075FF8"
" weight=10",
-"89.40.71.149:8081 orport=8080 id=EC639EDAA5121B47DBDF3D6B01A22E48A8CB6CC7"
-" weight=10",
"192.87.28.28:9030 orport=9001 id=ED2338CAC2711B3E331392E1ED2831219B794024"
" weight=10",
-"212.83.40.238:9030 orport=9001 id=F409FA7902FD89270E8DE0D7977EA23BC38E5887"
+"192.99.212.139:80 orport=443 id=F10BDE279AE71515DDCCCC61DC19AC8765F8A3CC"
" weight=10",
-"5.199.142.236:9030 orport=9001 id=F4C0EDAA0BF0F7EC138746F8FEF1CE26C7860265"
+"212.238.208.48:9030 orport=9001 id=F406219CDD339026D160E53FCA0EF6857C70F109"
+" ipv6=[2001:984:a8fb:1:ba27:ebff:feac:c109]:9001"
" weight=10",
"46.28.207.141:80 orport=443 id=F69BED36177ED727706512BA6A97755025EEA0FB"
" weight=10",
@@ -408,14 +359,10 @@ URL: https:onionoo.torproject.orguptime?first_seen_days=7-&flag=V2Dir&type=relay
" weight=10",
"185.96.180.29:80 orport=443 id=F93D8F37E35C390BCAD9F9069E13085B745EC216"
" weight=10",
-"104.243.35.196:9030 orport=9001 id=FA3415659444AE006E7E9E5375E82F29700CFDFD"
-" weight=10",
"86.59.119.83:80 orport=443 id=FC9AC8EA0160D88BCCFDE066940D7DD9FA45495B"
" weight=10",
"192.187.124.98:9030 orport=9001 id=FD1871854BFC06D7B02F10742073069F0528B5CC"
" weight=10",
-"212.129.38.254:9030 orport=9001 id=FDF845FC159C0020E2BDDA120C30C5C5038F74B4"
-" weight=10",
"149.56.45.200:9030 orport=9001 id=FE296180018833AF03A8EACD5894A614623D3F76"
" weight=10",
"193.11.164.243:9030 orport=9001 id=FFA72BD683BC2FCF988356E6BEC1E490F313FB07"
diff --git a/src/or/geoip.c b/src/or/geoip.c
index ba65dfe56..00c055bbe 100644
--- a/src/or/geoip.c
+++ b/src/or/geoip.c
@@ -162,6 +162,7 @@ geoip_parse_entry(const char *line, sa_family_t family)
if (*line == '#')
return 0;
+ char buf[512];
if (family == AF_INET) {
unsigned int low, high;
if (tor_sscanf(line,"%u,%u,%2s", &low, &high, c) == 3 ||
@@ -172,7 +173,6 @@ geoip_parse_entry(const char *line, sa_family_t family)
goto fail;
country = c;
} else { /* AF_INET6 */
- char buf[512];
char *low_str, *high_str;
struct in6_addr low, high;
char *strtok_state;
diff --git a/src/or/networkstatus.c b/src/or/networkstatus.c
index 2d39c9038..991cf8012 100644
--- a/src/or/networkstatus.c
+++ b/src/or/networkstatus.c
@@ -2360,11 +2360,6 @@ client_would_use_router(const routerstatus_t *rs, time_t now,
* But, if we want to have a complete list, fetch it anyway. */
return 0;
}
- if (rs->published_on + options->TestingEstimatedDescriptorPropagationTime
- > now) {
- /* Most caches probably don't have this descriptor yet. */
- return 0;
- }
if (rs->published_on + OLD_ROUTER_DESC_MAX_AGE < now) {
/* We'd drop it immediately for being too old. */
return 0;
diff --git a/src/or/relay.c b/src/or/relay.c
index 179421537..4e9dadba1 100644
--- a/src/or/relay.c
+++ b/src/or/relay.c
@@ -1499,7 +1499,8 @@ connection_edge_process_relay_cell(cell_t *cell, circuit_t *circ,
"Begin cell for known stream. Dropping.");
return 0;
}
- if (rh.command == RELAY_COMMAND_BEGIN_DIR) {
+ if (rh.command == RELAY_COMMAND_BEGIN_DIR &&
+ circ->purpose != CIRCUIT_PURPOSE_S_REND_JOINED) {
/* Assign this circuit and its app-ward OR connection a unique ID,
* so that we can measure download times. The local edge and dir
* connection will be assigned the same ID when they are created
diff --git a/src/test/test_link_handshake.c b/src/test/test_link_handshake.c
index 6c0567098..ddf66f4d3 100644
--- a/src/test/test_link_handshake.c
+++ b/src/test/test_link_handshake.c
@@ -66,6 +66,14 @@ mock_send_authenticate(or_connection_t *conn, int type)
return 0;
}
+static tor_x509_cert_t *mock_own_cert = NULL;
+static tor_x509_cert_t *
+mock_get_own_cert(tor_tls_t *tls)
+{
+ (void)tls;
+ return tor_x509_cert_dup(mock_own_cert);
+}
+
/* Test good certs cells */
static void
test_link_handshake_certs_ok(void *arg)
@@ -84,6 +92,7 @@ test_link_handshake_certs_ok(void *arg)
MOCK(tor_tls_cert_matches_key, mock_tls_cert_matches_key);
MOCK(connection_or_write_var_cell_to_buf, mock_write_var_cell);
MOCK(connection_or_send_netinfo, mock_send_netinfo);
+ MOCK(tor_tls_get_own_cert, mock_get_own_cert);
key1 = pk_generate(2);
key2 = pk_generate(3);
@@ -94,6 +103,12 @@ test_link_handshake_certs_ok(void *arg)
tt_int_op(tor_tls_context_init(TOR_TLS_CTX_IS_PUBLIC_SERVER,
key1, key2, 86400), ==, 0);
+ {
+ const tor_x509_cert_t *link_cert = NULL;
+ tt_assert(!tor_tls_get_my_certs(1, &link_cert, NULL));
+ mock_own_cert = tor_x509_cert_dup(link_cert);
+ }
+
c1->base_.state = OR_CONN_STATE_OR_HANDSHAKING_V3;
c1->link_proto = 3;
tt_int_op(connection_init_or_handshake_state(c1, 1), ==, 0);
@@ -174,6 +189,9 @@ test_link_handshake_certs_ok(void *arg)
UNMOCK(tor_tls_cert_matches_key);
UNMOCK(connection_or_write_var_cell_to_buf);
UNMOCK(connection_or_send_netinfo);
+ UNMOCK(tor_tls_get_own_cert);
+ tor_x509_cert_free(mock_own_cert);
+ mock_own_cert = NULL;
memset(c1->identity_digest, 0, sizeof(c1->identity_digest));
memset(c2->identity_digest, 0, sizeof(c2->identity_digest));
connection_free_(TO_CONN(c1));
@@ -656,11 +674,12 @@ AUTHCHALLENGE_FAIL(nonzero_circid,
d->cell->circ_id = 1337)
static tor_x509_cert_t *mock_peer_cert = NULL;
+
static tor_x509_cert_t *
mock_get_peer_cert(tor_tls_t *tls)
{
(void)tls;
- return mock_peer_cert;
+ return tor_x509_cert_dup(mock_peer_cert);
}
static int
@@ -694,6 +713,7 @@ authenticate_data_cleanup(const struct testcase_t *test, void *arg)
(void) test;
UNMOCK(connection_or_write_var_cell_to_buf);
UNMOCK(tor_tls_get_peer_cert);
+ UNMOCK(tor_tls_get_own_cert);
UNMOCK(tor_tls_get_tlssecrets);
UNMOCK(connection_or_close_for_error);
UNMOCK(channel_set_circid_type);
@@ -710,7 +730,10 @@ authenticate_data_cleanup(const struct testcase_t *test, void *arg)
crypto_pk_free(d->key2);
tor_free(d);
}
+ tor_x509_cert_free(mock_peer_cert);
+ tor_x509_cert_free(mock_own_cert);
mock_peer_cert = NULL;
+ mock_own_cert = NULL;
return 1;
}
@@ -724,6 +747,7 @@ authenticate_data_setup(const struct testcase_t *test)
MOCK(connection_or_write_var_cell_to_buf, mock_write_var_cell);
MOCK(tor_tls_get_peer_cert, mock_get_peer_cert);
+ MOCK(tor_tls_get_own_cert, mock_get_own_cert);
MOCK(tor_tls_get_tlssecrets, mock_get_tlssecrets);
MOCK(connection_or_close_for_error, mock_close_for_err);
MOCK(channel_set_circid_type, mock_set_circid_type);
@@ -773,6 +797,8 @@ authenticate_data_setup(const struct testcase_t *test)
tor_x509_cert_get_der(link_cert, &der, &sz);
mock_peer_cert = tor_x509_cert_decode(der, sz);
tt_assert(mock_peer_cert);
+ mock_own_cert = tor_x509_cert_decode(der, sz);
+ tt_assert(mock_own_cert);
tt_assert(! tor_tls_get_my_certs(0, &auth_cert, &id_cert));
tor_x509_cert_get_der(auth_cert, &der, &sz);
d->c2->handshake_state->auth_cert = tor_x509_cert_decode(der, sz);
diff --git a/src/win32/orconfig.h b/src/win32/orconfig.h
index 540cfab40..b5ab2bf11 100644
--- a/src/win32/orconfig.h
+++ b/src/win32/orconfig.h
@@ -218,7 +218,7 @@
#define USING_TWOS_COMPLEMENT
/* Version number of package */
-#define VERSION "0.2.9.10"
+#define VERSION "0.2.9.11"
--
| .''`. ** Debian **
Peter Palfrader | : :' : The universal
https://www.palfrader.org/ | `. `' Operating System
| `- https://www.debian.org/
Reply to: