Merge branch 'maint-0.2.2' into release-0.2.2

2012-02-02 02:33:03 -05:00 · 2012-02-02 02:33:03 -05:00 · 121ae29ed9
parent 6cd68895fb 688903e919
commit 121ae29ed9
6 changed files with 24 additions and 8 deletions
--- a/changes/bug4012_022
+++ b/changes/bug4012_022
@ -0,0 +1,3 @@
+  o Minor bugfixes (documentation):
+    - Document the GiveGuardFlagTo_CVE_2011_2768_VulnerableRelays
+      directory authority option (introduced in Tor 0.2.2.34).
--- a/changes/bug4533_part2
+++ b/changes/bug4533_part2
@ -0,0 +1,5 @@
+  o Major bugfixes:
+    - Fix the SOCKET_OK test that we use to tell when socket
+      creation fails so that it works on Win64. Fixes part of bug
+      4533; bugfix on 0.2.2.29-beta. Bug found by wanoskarnet.
+
--- a/changes/bug5005
+++ b/changes/bug5005
@ -0,0 +1,3 @@
+  o Minor bugfixes:
+    - Update "ClientOnly" man page entry to explain that there isn't
+      really any point to messing with it. Resolves ticket 5005.
--- a/doc/tor.1.txt
+++ b/doc/tor.1.txt
@ -499,11 +499,12 @@ The following options are useful only for clients (that is, if
    number like 60. (Default: 0)

 **ClientOnly** **0**|**1**::
-    If set to 1, Tor will under no circumstances run as a server or serve
-    directory requests. The default is to run as a client unless ORPort is
-    configured. (Usually, you don't need to set this; Tor is pretty smart at
-    figuring out whether you are reliable and high-bandwidth enough to be a
-    useful server.) (Default: 0)
+    If set to 1, Tor will under no circumstances run as a relay or serve
+    directory requests. This config option is mostly meaningless: we
+    added it back when we were considering having Tor clients auto-promote
+    themselves to being relays if they were stable and fast enough. The
+    current behavior is simply that Tor is a client unless ORPort or
+    DirPort are configured. (Default: 0)

 **ExcludeNodes** __node__,__node__,__...__::
    A list of identity fingerprints, nicknames, country codes and address
@ -1347,6 +1348,10 @@ DIRECTORY AUTHORITY SERVER OPTIONS
    votes on whether to accept relays as hidden service directories.
    (Default: 1)

+GiveGuardFlagTo_CVE_2011_2768_VulnerableRelays **0**|**1**::
+    When this option is set to 0, do not vote to give the Guard flag to any
+    version of Tor vulnerable to CVE-2011-2769. (Default: 0)
+
 HIDDEN SERVICE OPTIONS
 ----------------------

--- a/src/common/compat.h
+++ b/src/common/compat.h
@ -396,7 +396,7 @@ typedef int socklen_t;

 #ifdef MS_WINDOWS
 #define tor_socket_t intptr_t
-#define SOCKET_OK(s) ((unsigned)(s) != INVALID_SOCKET)
+#define SOCKET_OK(s) ((SOCKET)(s) != INVALID_SOCKET)
 #else
 #define tor_socket_t int
 #define SOCKET_OK(s) ((s) >= 0)
--- a/src/common/tortls.c
+++ b/src/common/tortls.c
@ -802,8 +802,8 @@ tor_tls_context_new(crypto_pk_env_t *identity, unsigned int key_lifetime,
             "might otherwise be vulnerable to CVE-2011-4657 "
             "(compile-time version %08lx (%s); "
             "runtime version %08lx (%s))",
-             OPENSSL_VERSION_NUMBER, OPENSSL_VERSION_TEXT,
-             SSLeay(), SSLeay_version(SSLEAY_VERSION));
+             (unsigned long)OPENSSL_VERSION_NUMBER, OPENSSL_VERSION_TEXT,
+             (unsigned long)SSLeay(), SSLeay_version(SSLEAY_VERSION));
    SSL_CTX_set_options(result->ctx, SSL_OP_NO_SSLv3);
  }