Merge branch 'maint-0.2.2' into release-0.2.2
This commit is contained in:
commit
30d0319684
|
@ -0,0 +1,5 @@
|
|||
o Major bugfixes:
|
||||
- Fix build if path to sed, openssl or sha1sum contains spaces.
|
||||
This is pretty common on Windows. Fixes bug 5065; bugfix on
|
||||
0.2.2.1-alpha.
|
||||
|
|
@ -0,0 +1,5 @@
|
|||
o Minor bugfixes (usability):
|
||||
- Downgrade the "We're missing a certificate" message from notice
|
||||
to info: people kept mistaking it for a real problem, whereas it
|
||||
is only a problem when we are failing to bootstrap. Fixes bug
|
||||
5067; bugfix on 0.2.10-alpha.
|
|
@ -0,0 +1,3 @@
|
|||
o Minor features:
|
||||
- Update to the February 7 2012 Maxmind GeoLite Country database.
|
||||
|
|
@ -0,0 +1,3 @@
|
|||
o Directory authority changes:
|
||||
- Change IP address for maatuska (v3 directory authority).
|
||||
|
|
@ -20,9 +20,9 @@ noinst_HEADERS = address.h torlog.h crypto.h util.h compat.h aes.h torint.h tort
|
|||
|
||||
common_sha1.i: $(libor_SOURCES) $(libor_crypto_a_SOURCES) $(noinst_HEADERS)
|
||||
if test "@SHA1SUM@" != none; then \
|
||||
@SHA1SUM@ $(libor_SOURCES) $(libor_crypto_a_SOURCES) $(noinst_HEADERS) | @SED@ -n 's/^\(.*\)$$/"\1\\n"/p' > common_sha1.i; \
|
||||
"@SHA1SUM@" $(libor_SOURCES) $(libor_crypto_a_SOURCES) $(noinst_HEADERS) | "@SED@" -n 's/^\(.*\)$$/"\1\\n"/p' > common_sha1.i; \
|
||||
elif test "@OPENSSL@" != none; then \
|
||||
@OPENSSL@ sha1 $(libor_SOURCES) $(libor_crypto_a_SOURCES) $(noinst_HEADERS) | @SED@ -n 's/SHA1(\(.*\))= \(.*\)/"\2 \1\\n"/p' > common_sha1.i; \
|
||||
"@OPENSSL@" sha1 $(libor_SOURCES) $(libor_crypto_a_SOURCES) $(noinst_HEADERS) | "@SED@" -n 's/SHA1(\(.*\))= \(.*\)/"\2 \1\\n"/p' > common_sha1.i; \
|
||||
else \
|
||||
rm common_sha1.i; \
|
||||
touch common_sha1.i; \
|
||||
|
|
|
@ -72,7 +72,7 @@
|
|||
(OPENSSL_VERSION_NUMBER >= 0x00909000L && \
|
||||
OPENSSL_VERSION_NUMBER < 0x1000006fL))
|
||||
/* This is a version of OpenSSL before 0.9.8s/1.0.0f. It does not have
|
||||
* the CVE-2011-4657 fix, and as such it can't use RELEASE_BUFFERS and
|
||||
* the CVE-2011-4576 fix, and as such it can't use RELEASE_BUFFERS and
|
||||
* SSL3 safely at the same time.
|
||||
*/
|
||||
#define DISABLE_SSL3_HANDSHAKE
|
||||
|
@ -797,9 +797,9 @@ tor_tls_context_new(crypto_pk_env_t *identity, unsigned int key_lifetime,
|
|||
SSLeay() < 0x0090813fL ||
|
||||
(SSLeay() >= 0x00909000L &&
|
||||
SSLeay() < 0x1000006fL)) {
|
||||
/* And not SSL3 if it's subject to CVE-2011-4657. */
|
||||
/* And not SSL3 if it's subject to CVE-2011-4576. */
|
||||
log_info(LD_NET, "Disabling SSLv3 because this OpenSSL version "
|
||||
"might otherwise be vulnerable to CVE-2011-4657 "
|
||||
"might otherwise be vulnerable to CVE-2011-4576 "
|
||||
"(compile-time version %08lx (%s); "
|
||||
"runtime version %08lx (%s))",
|
||||
(unsigned long)OPENSSL_VERSION_NUMBER, OPENSSL_VERSION_TEXT,
|
||||
|
|
12782
src/config/geoip
12782
src/config/geoip
File diff suppressed because it is too large
Load Diff
|
@ -74,9 +74,9 @@ micro-revision.i: FORCE
|
|||
|
||||
or_sha1.i: $(tor_SOURCES)
|
||||
if test "@SHA1SUM@" != none; then \
|
||||
@SHA1SUM@ $(tor_SOURCES) | @SED@ -n 's/^\(.*\)$$/"\1\\n"/p' > or_sha1.i; \
|
||||
"@SHA1SUM@" $(tor_SOURCES) | "@SED@" -n 's/^\(.*\)$$/"\1\\n"/p' > or_sha1.i; \
|
||||
elif test "@OPENSSL@" != none; then \
|
||||
@OPENSSL@ sha1 $(tor_SOURCES) | @SED@ -n 's/SHA1(\(.*\))= \(.*\)/"\2 \1\\n"/p' > or_sha1.i; \
|
||||
"@OPENSSL@" sha1 $(tor_SOURCES) | "@SED@" -n 's/SHA1(\(.*\))= \(.*\)/"\2 \1\\n"/p' > or_sha1.i; \
|
||||
else \
|
||||
rm or_sha1.i; \
|
||||
touch or_sha1.i; \
|
||||
|
|
|
@ -820,7 +820,7 @@ add_default_trusted_dir_authorities(authority_type_t type)
|
|||
"208.83.223.34:443 0AD3 FA88 4D18 F89E EA2D 89C0 1937 9E0E 7FD9 4417",
|
||||
"maatuska orport=80 no-v2 "
|
||||
"v3ident=49015F787433103580E3B66A1707A00E60F2D15B "
|
||||
"213.115.239.118:443 BD6A 8292 55CB 08E6 6FBE 7D37 4836 3586 E46B 3810",
|
||||
"171.25.193.9:443 BD6A 8292 55CB 08E6 6FBE 7D37 4836 3586 E46B 3810",
|
||||
NULL
|
||||
};
|
||||
for (i=0; dirservers[i]; i++) {
|
||||
|
|
|
@ -504,9 +504,9 @@ authority_certs_fetch_missing(networkstatus_t *status, time_t now)
|
|||
if (download_status_is_ready(&cl->dl_status, now,
|
||||
MAX_CERT_DL_FAILURES) &&
|
||||
!digestmap_get(pending, voter->identity_digest)) {
|
||||
log_notice(LD_DIR, "We're missing a certificate from authority "
|
||||
"with signing key %s: launching request.",
|
||||
hex_str(sig->signing_key_digest, DIGEST_LEN));
|
||||
log_info(LD_DIR, "We're missing a certificate from authority "
|
||||
"with signing key %s: launching request.",
|
||||
hex_str(sig->signing_key_digest, DIGEST_LEN));
|
||||
smartlist_add(missing_digests, sig->identity_digest);
|
||||
}
|
||||
} SMARTLIST_FOREACH_END(sig);
|
||||
|
|
Loading…
Reference in New Issue