Merge branch 'maint-0.2.7' into release-0.2.7
This commit is contained in:
commit
5fb49e51eb
|
@ -0,0 +1,4 @@
|
|||
o Major bugfixes (compilation):
|
||||
- Correctly repair hardened builds under the clang compiler. Previously,
|
||||
our use of _FORTIFY_SOURCE would conflict with clang's address
|
||||
sanitizer. Closes ticket 14821.
|
|
@ -0,0 +1,4 @@
|
|||
o Documentation:
|
||||
- Add a description of the correct use of the '--keygen' command-line
|
||||
option. Closes ticket 17583; based on text by 's7r'.
|
||||
|
|
@ -0,0 +1,7 @@
|
|||
o Minor fixes (relays):
|
||||
- Check that both the ORPort and DirPort (if present) are reachable
|
||||
before publishing a relay descriptor. Otherwise, relays publish a
|
||||
descriptor with DirPort 0 when the DirPort reachability test takes
|
||||
longer than the ORPort reachability test.
|
||||
Closes bug #18050. Reported by "starlight", patch by "teor".
|
||||
Bugfix on 0.1.0.1-rc, commit a1f1fa6ab on 27 Feb 2005.
|
|
@ -0,0 +1,6 @@
|
|||
o Minor fixes (security):
|
||||
- Make memwipe() do nothing when passed a NULL pointer
|
||||
or zero size. Check size argument to memwipe() for underflow.
|
||||
Closes bug #18089. Reported by "gk", patch by "teor".
|
||||
Bugfix on 0.2.3.25 and 0.2.4.6-alpha (#7352),
|
||||
commit 49dd5ef3 on 7 Nov 2012.
|
|
@ -0,0 +1,7 @@
|
|||
o Major bugfixes (security, pointers):
|
||||
|
||||
- Avoid a difficult-to-trigger heap corruption attack when extending
|
||||
a smartlist to contain over 16GB of pointers. Fixes bug #18162;
|
||||
bugfix on Tor 0.1.1.11-alpha, which fixed a related bug
|
||||
incompletely. Reported by Guido Vranken.
|
||||
|
|
@ -0,0 +1,4 @@
|
|||
o Minor features:
|
||||
- Update geoip and geoip6 to the February 2 2016 Maxmind GeoLite2
|
||||
Country database.
|
||||
|
|
@ -0,0 +1,4 @@
|
|||
o Minor features:
|
||||
- Update geoip and geoip6 to the March 3 2016 Maxmind GeoLite2
|
||||
Country database.
|
||||
|
|
@ -95,6 +95,29 @@ COMMAND-LINE OPTIONS
|
|||
which tells Tor to only send warnings and errors to the console, or with
|
||||
the **--quiet** option, which tells Tor not to log to the console at all.
|
||||
|
||||
[[opt-keygen]] **--keygen** [**--newpass**]::
|
||||
Running "tor --keygen" creates a new ed25519 master identity key for a
|
||||
relay, or only a fresh temporary signing key and certificate, if you
|
||||
already have a master key. Optionally you can encrypt the master identity
|
||||
key with a passphrase: Tor will ask you for one. If you don't want to
|
||||
encrypt the master key, just don't enter any passphrase when asked. +
|
||||
+
|
||||
The **--newpass** option should be used with --keygen only when you need
|
||||
to add, change, or remove a passphrase on an existing ed25519 master
|
||||
identity key. You will be prompted for the old passphase (if any),
|
||||
and the new passphrase (if any). +
|
||||
+
|
||||
When generating a master key, you will probably want to use
|
||||
**--DataDirectory** to control where the keys
|
||||
and certificates will be stored, and **--SigningKeyLifetime** to
|
||||
control their lifetimes. Their behavior is as documented in the
|
||||
server options section below. (You must have write access to the specified
|
||||
DataDirectory.) +
|
||||
+
|
||||
To use the generated files, you must copy them to the DataDirectory/keys
|
||||
directory of your Tor daemon, and make sure that they are owned by the
|
||||
user actually running the Tor daemon on your system.
|
||||
|
||||
Other options can be specified on the command-line in the format "--option
|
||||
value", in the format "option value", or in a configuration file. For
|
||||
instance, you can tell Tor to start listening for SOCKS connections on port
|
||||
|
@ -1908,8 +1931,9 @@ is non-zero):
|
|||
|
||||
[[OfflineMasterKey]] **OfflineMasterKey** **0**|**1**::
|
||||
If non-zero, the Tor relay will never generate or load its master secret
|
||||
key. Instead, you'll have to use "tor --keygen" to manage the master
|
||||
secret key. (Default: 0)
|
||||
key. Instead, you'll have to use "tor --keygen" to manage the permanent
|
||||
ed25519 master identity key, as well as the corresponding temporary
|
||||
signing keys and certificates. (Default: 0)
|
||||
|
||||
DIRECTORY SERVER OPTIONS
|
||||
------------------------
|
||||
|
|
|
@ -42,6 +42,15 @@
|
|||
#include <netinet6/in6.h>
|
||||
#endif
|
||||
|
||||
#if defined(__has_feature)
|
||||
# if __has_feature(address_sanitizer)
|
||||
/* Some of the fancy glibc strcmp() macros include references to memory that
|
||||
* clang rejects because it is off the end of a less-than-3. Clang hates this,
|
||||
* even though those references never actually happen. */
|
||||
# undef strcmp
|
||||
# endif
|
||||
#endif
|
||||
|
||||
#include <stdio.h>
|
||||
#include <errno.h>
|
||||
|
||||
|
|
|
@ -58,31 +58,33 @@ smartlist_clear(smartlist_t *sl)
|
|||
sl->num_used = 0;
|
||||
}
|
||||
|
||||
#if SIZE_MAX < INT_MAX
|
||||
#error "We don't support systems where size_t is smaller than int."
|
||||
#endif
|
||||
|
||||
/** Make sure that <b>sl</b> can hold at least <b>size</b> entries. */
|
||||
static INLINE void
|
||||
smartlist_ensure_capacity(smartlist_t *sl, int size)
|
||||
smartlist_ensure_capacity(smartlist_t *sl, size_t size)
|
||||
{
|
||||
#if SIZEOF_SIZE_T > SIZEOF_INT
|
||||
/* Set MAX_CAPACITY to MIN(INT_MAX, SIZE_MAX / sizeof(void*)) */
|
||||
#if (SIZE_MAX/SIZEOF_VOID_P) > INT_MAX
|
||||
#define MAX_CAPACITY (INT_MAX)
|
||||
#else
|
||||
#define MAX_CAPACITY (int)((SIZE_MAX / (sizeof(void*))))
|
||||
#define ASSERT_CAPACITY
|
||||
#endif
|
||||
if (size > sl->capacity) {
|
||||
int higher = sl->capacity;
|
||||
|
||||
tor_assert(size <= MAX_CAPACITY);
|
||||
|
||||
if (size > (size_t) sl->capacity) {
|
||||
size_t higher = (size_t) sl->capacity;
|
||||
if (PREDICT_UNLIKELY(size > MAX_CAPACITY/2)) {
|
||||
#ifdef ASSERT_CAPACITY
|
||||
/* We don't include this assertion when MAX_CAPACITY == INT_MAX,
|
||||
* since int size; (size <= INT_MAX) makes analysis tools think we're
|
||||
* doing something stupid. */
|
||||
tor_assert(size <= MAX_CAPACITY);
|
||||
#endif
|
||||
higher = MAX_CAPACITY;
|
||||
} else {
|
||||
while (size > higher)
|
||||
higher *= 2;
|
||||
}
|
||||
sl->capacity = higher;
|
||||
tor_assert(higher <= INT_MAX); /* Redundant */
|
||||
sl->capacity = (int) higher;
|
||||
sl->list = tor_reallocarray(sl->list, sizeof(void *),
|
||||
((size_t)sl->capacity));
|
||||
}
|
||||
|
@ -94,7 +96,7 @@ smartlist_ensure_capacity(smartlist_t *sl, int size)
|
|||
void
|
||||
smartlist_add(smartlist_t *sl, void *element)
|
||||
{
|
||||
smartlist_ensure_capacity(sl, sl->num_used+1);
|
||||
smartlist_ensure_capacity(sl, ((size_t) sl->num_used)+1);
|
||||
sl->list[sl->num_used++] = element;
|
||||
}
|
||||
|
||||
|
@ -102,11 +104,12 @@ smartlist_add(smartlist_t *sl, void *element)
|
|||
void
|
||||
smartlist_add_all(smartlist_t *s1, const smartlist_t *s2)
|
||||
{
|
||||
int new_size = s1->num_used + s2->num_used;
|
||||
tor_assert(new_size >= s1->num_used); /* check for overflow. */
|
||||
size_t new_size = (size_t)s1->num_used + (size_t)s2->num_used;
|
||||
tor_assert(new_size >= (size_t) s1->num_used); /* check for overflow. */
|
||||
smartlist_ensure_capacity(s1, new_size);
|
||||
memcpy(s1->list + s1->num_used, s2->list, s2->num_used*sizeof(void*));
|
||||
s1->num_used = new_size;
|
||||
tor_assert(new_size <= INT_MAX); /* redundant. */
|
||||
s1->num_used = (int) new_size;
|
||||
}
|
||||
|
||||
/** Remove all elements E from sl such that E==element. Preserve
|
||||
|
@ -375,7 +378,7 @@ smartlist_insert(smartlist_t *sl, int idx, void *val)
|
|||
if (idx == sl->num_used) {
|
||||
smartlist_add(sl, val);
|
||||
} else {
|
||||
smartlist_ensure_capacity(sl, sl->num_used+1);
|
||||
smartlist_ensure_capacity(sl, ((size_t) sl->num_used)+1);
|
||||
/* Move other elements away */
|
||||
if (idx < sl->num_used)
|
||||
memmove(sl->list + idx + 1, sl->list + idx,
|
||||
|
|
|
@ -2556,6 +2556,7 @@ smartlist_shuffle(smartlist_t *sl)
|
|||
/**
|
||||
* Destroy the <b>sz</b> bytes of data stored at <b>mem</b>, setting them to
|
||||
* the value <b>byte</b>.
|
||||
* If <b>mem</b> is NULL or <b>sz</b> is zero, nothing happens.
|
||||
*
|
||||
* This function is preferable to memset, since many compilers will happily
|
||||
* optimize out memset() when they can convince themselves that the data being
|
||||
|
@ -2573,6 +2574,15 @@ smartlist_shuffle(smartlist_t *sl)
|
|||
void
|
||||
memwipe(void *mem, uint8_t byte, size_t sz)
|
||||
{
|
||||
if (sz == 0) {
|
||||
return;
|
||||
}
|
||||
/* If sz is nonzero, then mem must not be NULL. */
|
||||
tor_assert(mem != NULL);
|
||||
|
||||
/* Data this large is likely to be an underflow. */
|
||||
tor_assert(sz < SIZE_T_CEILING);
|
||||
|
||||
/* Because whole-program-optimization exists, we may not be able to just
|
||||
* have this function call "memset". A smart compiler could inline it, then
|
||||
* eliminate dead memsets, and declare itself to be clever. */
|
||||
|
|
10424
src/config/geoip
10424
src/config/geoip
File diff suppressed because it is too large
Load Diff
2690
src/config/geoip6
2690
src/config/geoip6
File diff suppressed because it is too large
Load Diff
|
@ -1795,8 +1795,9 @@ second_elapsed_callback(periodic_timer_t *timer, void *arg)
|
|||
if (me && !check_whether_orport_reachable()) {
|
||||
char *address = tor_dup_ip(me->addr);
|
||||
log_warn(LD_CONFIG,"Your server (%s:%d) has not managed to confirm that "
|
||||
"its ORPort is reachable. Please check your firewalls, ports, "
|
||||
"address, /etc/hosts file, etc.",
|
||||
"its ORPort is reachable. Relays do not publish descriptors "
|
||||
"until their ORPort and DirPort are reachable. Please check "
|
||||
"your firewalls, ports, address, /etc/hosts file, etc.",
|
||||
address, me->or_port);
|
||||
control_event_server_status(LOG_WARN,
|
||||
"REACHABILITY_FAILED ORADDRESS=%s:%d",
|
||||
|
@ -1808,8 +1809,9 @@ second_elapsed_callback(periodic_timer_t *timer, void *arg)
|
|||
char *address = tor_dup_ip(me->addr);
|
||||
log_warn(LD_CONFIG,
|
||||
"Your server (%s:%d) has not managed to confirm that its "
|
||||
"DirPort is reachable. Please check your firewalls, ports, "
|
||||
"address, /etc/hosts file, etc.",
|
||||
"DirPort is reachable. Relays do not publish descriptors "
|
||||
"until their ORPort and DirPort are reachable. Please check "
|
||||
"your firewalls, ports, address, /etc/hosts file, etc.",
|
||||
address, me->dir_port);
|
||||
control_event_server_status(LOG_WARN,
|
||||
"REACHABILITY_FAILED DIRADDRESS=%s:%d",
|
||||
|
|
|
@ -1267,7 +1267,8 @@ router_orport_found_reachable(void)
|
|||
char *address = tor_dup_ip(me->addr);
|
||||
log_notice(LD_OR,"Self-testing indicates your ORPort is reachable from "
|
||||
"the outside. Excellent.%s",
|
||||
get_options()->PublishServerDescriptor_ != NO_DIRINFO ?
|
||||
get_options()->PublishServerDescriptor_ != NO_DIRINFO
|
||||
&& check_whether_dirport_reachable() ?
|
||||
" Publishing server descriptor." : "");
|
||||
can_reach_or_port = 1;
|
||||
mark_my_descriptor_dirty("ORPort found reachable");
|
||||
|
@ -1291,7 +1292,10 @@ router_dirport_found_reachable(void)
|
|||
if (!can_reach_dir_port && me) {
|
||||
char *address = tor_dup_ip(me->addr);
|
||||
log_notice(LD_DIRSERV,"Self-testing indicates your DirPort is reachable "
|
||||
"from the outside. Excellent.");
|
||||
"from the outside. Excellent.%s",
|
||||
get_options()->PublishServerDescriptor_ != NO_DIRINFO
|
||||
&& check_whether_orport_reachable() ?
|
||||
" Publishing server descriptor." : "");
|
||||
can_reach_dir_port = 1;
|
||||
if (decide_to_advertise_dirport(get_options(), me->dir_port)) {
|
||||
mark_my_descriptor_dirty("DirPort found reachable");
|
||||
|
@ -1494,7 +1498,8 @@ proxy_mode(const or_options_t *options)
|
|||
* and
|
||||
* - We have ORPort set
|
||||
* and
|
||||
* - We believe we are reachable from the outside; or
|
||||
* - We believe both our ORPort and DirPort (if present) are reachable from
|
||||
* the outside; or
|
||||
* - We are an authoritative directory server.
|
||||
*/
|
||||
static int
|
||||
|
@ -1513,7 +1518,7 @@ decide_if_publishable_server(void)
|
|||
if (!router_get_advertised_or_port(options))
|
||||
return 0;
|
||||
|
||||
return check_whether_orport_reachable();
|
||||
return check_whether_orport_reachable() && check_whether_dirport_reachable();
|
||||
}
|
||||
|
||||
/** Initiate server descriptor upload as reasonable (if server is publishable,
|
||||
|
|
|
@ -269,8 +269,10 @@ test_address_get_if_addrs_ifaddrs(void *arg)
|
|||
results = get_interface_addresses_ifaddrs(LOG_ERR);
|
||||
|
||||
tt_int_op(smartlist_len(results),>=,1);
|
||||
#ifndef __FreeBSD__
|
||||
/* FreeBSD doesn't have a localhost in jails sometimes. */
|
||||
tt_assert(smartlist_contains_localhost_tor_addr(results));
|
||||
|
||||
#endif
|
||||
done:
|
||||
SMARTLIST_FOREACH(results, tor_addr_t *, t, tor_free(t));
|
||||
smartlist_free(results);
|
||||
|
@ -484,8 +486,10 @@ test_address_get_if_addrs_ioctl(void *arg)
|
|||
tt_assert(result);
|
||||
tt_int_op(smartlist_len(result),>=,1);
|
||||
|
||||
#ifndef __FreeBSD__
|
||||
/* FreeBSD doesn't have a localhost in jails sometimes. */
|
||||
tt_assert(smartlist_contains_localhost_tor_addr(result));
|
||||
|
||||
#endif
|
||||
done:
|
||||
if (result) {
|
||||
SMARTLIST_FOREACH(result, tor_addr_t *, t, tor_free(t));
|
||||
|
|
Loading…
Reference in New Issue