* origin/jb/aes-siv-fix:
tests: updates aes-siv regression test comment
pill: updates solid
zuse: propagates fix to aes-128-siv and aes-192-siv as well
Revert "test: disable aes-siv jets to demonstrate test failure"
pill: updates solid
zuse: fixes bug in aes-256-siv iv calculation (+s2vc:aes:crypto)
test: disable aes-siv jets to demonstrate test failure
test: add test case for aes-256-siv jet mismatch, observed in the wild
Signed-off-by: Philip Monk <phil@pcmonk.me>
Turns out that having these pop up on every tab-press is really annoying,
and you usually only want them when it didn't manage to autocomplete anything.
The card type has changed, so we need a state upgrade. As I understand
it, these existed for a particular upgrade to get around the fact that
Ford Turbo updates apps in random order. In Ford Fusion, all apps are
started in parallel before any of their moves are emitted, so this is
no longer a problem.
Since these will no longer be needed and they don't load properly when
+card changes, we deleted them. While trying to find a bug that I
introduced, I refactored +on-load a little bit -- I can revert this if
it's confusing.
Adds +mure to run a trap in a separate road. This should eventually be
just a hint.
Vega was running inside a mule, but since +load was called within vega,
the new kernel was all run within the same mule, so it didn't actually
get to reclaim the space after hoon compiled.
We verified this with printfs in u3m_fall. On the test ship (from
mainnet) which had 800MB used, vega was taking interior free space from
950MB to 450 over the course of compiling hoon, then each vane would go
from about 450 to 350 and then back to 450 once it finished (which
proves they were correctly isolated). With this change, after hoon
compiles the free space goes back up to 950MB. This gives us a lot more
space to compile OTAs.
We had to slightly refactor the logic for doubly-recompiling hoon, since
+mure as written produces a ?(!! _trap), and you can't find faces in the
result of the trap. We could bake mure, but that's rather awkward. I
wonder if there's a way to fix this as a wet gate.
Attempt to convert the scry result to the mark that was asked for,
failing the scry (with ~) if the conversion fails.
Eyre's scry logic, then, can pass the requested mark directly into gall.
Exposes a scry endpoint. Any requests made to the /app/scry.mark url
under the endpoint will scry into %app using a %gx scry, at the
/scry/noun path, and attempt to convert the scry result into the %mark,
before converting that into the %mime mark, and sending that as an http
response.
In addition to producing the action bound for a given request, now also
produces the subset of the request url that comes _after_ the path at
which the binding has been established.
Will allow some bindings to more easily dispatch off the relevant part
of the url.
If we failed the password check, the login page served to us would never
include any redirect details, even if they were there in the original request.
Now we simply (attempt to) parse out the redirect field a little earlier.
The +command-parser must now produce both a flag and a command noun.
If the flag is true, instantly runs the command from the noun.
If false, maintains standard behavior and only runs it on-return.
* origin/release/next-vere:
vere: bump version to 0.10.5
dawn: switch default eth node
jets: patch cleanup
jets: switch openssl to the loom allocator.
serf: disable automatic |pack
vere: handle failed cue of private key file
u3: switches GMP import assert to conditional
u3: fixes rock:load size printf
vere: bypass terminal logging on lmdb worker thread
vere: prevents term.c from retrying tcsetattr() indefinitely
jets: jet decryption of aes-siv mode.
jets: jet encryption of aes-siv mode.
aes_siv: vendors libaes_siv since it isn't in nix.
vere: refactors $quay serialization to iterate without recursion
cttp: do not add ampersand before first url query var
u3: fixes bug in +rub jet (unsafe coercion from c3_w to noun)
Signed-off-by: Fang <git@fang.io>
Fixes an issue where only the first ship would receive the updated files
from webpack. Enables watch mode. If herb is set to true in the urbitrc,
then webpack will commit the desk for each change on every ship.
Associates channels with the authentication sessions that opened them,
and deletes the channel when its associated session expires.
Also updates the debug dashboard to display channel counts per session.
Turns +on-channel-timeout into +discard-channel, which cleans up the
entirety of the channel, based on its current state. This allows us to
simplify the %delete channel request into a simple function call.
Changes the HTTP status code of the redirect that occurs upon a
successful login from 307 to 303. 307 preserves the method of the
original request, so the redirected request is a POST. With the new SPA,
this causes a 404 as app/file-server validates the method of the
request, something that did not happen in earlier versions of landscape.
303 instead changes the method to always produce a GET request.
Set up, by default, on /~/logout.
Sending a POST request to this expires the current session and redirects
to the login page. If the "all" key is set in the request body, expires
all open sessions.
We build a reef for each desk but use the compiler from our kernel. At
some point we should use the compiler from the desk, but then we need to
validate any results we get from it.
For request transparency, HTTP proxies may set the Forwarded header to
specify who the original requester is.
For requests from localhost only, we make Eyre respect the Forwarded
header, and adjust the handled ip address accordingly.
Note that we do not support X-Forwarded or other non-standard variants.
The header remains in the request, so server applications can handle
them as desired.
Fixes#2723.
When sending a response to an authenticated request, update the session
to last for +session-timeout again, and send an updated cookie to match.
Assuming the user makes an actual HTTP request at least once a week,
this will make sure they don't get logged out automatically. Simply
keeping a channel open, unfortunately, doesn't count.
This:
- uses OPENSSL_malloc() in libaes_siv
- fixes a case where our jet code was not freeing ssl objects.
- sets the openssl allocator to the loom allocator.
Instead of setting a timer for every session, we set a single expiry
timer when the first session is created. On the subsequent wake event,
we clear all cookies that have expired at that time, then set a timer
for when the next session expires.
This approach gives us flexibility wrt sessions going forward, allowing
extending or early deleting of sessions without having to care about the
related timers.
Note that in +load, we clear all existing sessions. We would start the
expiry timer flow there, but can't. Forcing the user to login again
post-ota once isn't the end of the world.