Merge branch 'maint-0.2.6' into release-0.2.6
This commit is contained in:
commit
602e328dc3
|
@ -0,0 +1,3 @@
|
|||
o Minor bugfixes (tests):
|
||||
- Fix a crash in the unit tests on MSVC2013. Fixes bug 16030; bugfix on
|
||||
0.2.6.2-alpha. Patch from "NewEraCracker".
|
|
@ -0,0 +1,4 @@
|
|||
o Minor bugfixes (compilation):
|
||||
- Build with --enable-systemd correctly when libsystemd is installed,
|
||||
but systemd is not. Fixes bug 16164, bugfix on 0.2.6.3-alpha. Patch
|
||||
from Peter Palfrader.
|
|
@ -0,0 +1,5 @@
|
|||
o Minor bugfixes (sandbox, systemd):
|
||||
- Allow systemd connections to work with the Linux seccomp2 sandbox
|
||||
code. Fixes bug 16212; bugfix on 0.2.6.2-alpha.
|
||||
Patch by Peter Palfrader.
|
||||
|
|
@ -0,0 +1,7 @@
|
|||
o Minor bugfixes (sandbox, relay):
|
||||
- Fix sandboxing to work when running as a relay again. This
|
||||
includes correctly allowing renaming secret_id_key and
|
||||
allowing the eventfd2 and futex syscalls.
|
||||
Fixes bug 16244; bugfix on 0.2.6.1-alpha.
|
||||
Patch by Peter Palfrader.
|
||||
|
|
@ -0,0 +1,5 @@
|
|||
o Minor bugfixes (client-side privacy):
|
||||
- Properly separate out each SOCKSPort when applying stream isolation.
|
||||
The error occured because each port's session group was being
|
||||
overwritten by a default value. Fixes bug 16247; bugfix on
|
||||
0.2.6.3-alpha. Patch by "jojelino".
|
|
@ -0,0 +1,7 @@
|
|||
o Minor feature:
|
||||
- The HSDir flag given by authorities now requires the Stable flag. For
|
||||
the current network, this results in going from 2887 to 2806 HSDirs.
|
||||
Also, it makes it harder for an attacker to launch a sybil attack by
|
||||
raising the effort for a relay to become Stable which takes at the
|
||||
very least 7 days to do so and by keeping the 96 hours uptime
|
||||
requirement for HSDir. Implements ticket #8243.
|
|
@ -131,7 +131,7 @@ if test x$have_systemd = xyes; then
|
|||
AC_DEFINE(HAVE_SYSTEMD,1,[Have systemd])
|
||||
TOR_SYSTEMD_CFLAGS="${SYSTEMD_CFLAGS}"
|
||||
TOR_SYSTEMD_LIBS="${SYSTEMD_LIBS}"
|
||||
PKG_CHECK_MODULES(SYSTEMD209, [systemd >= 209],
|
||||
PKG_CHECK_MODULES(LIBSYSTEMD209, [libsystemd >= 209],
|
||||
[AC_DEFINE(HAVE_SYSTEMD_209,1,[Have systemd v209 or more])], [])
|
||||
fi
|
||||
AC_SUBST(TOR_SYSTEMD_CFLAGS)
|
||||
|
|
|
@ -129,11 +129,13 @@ static int filter_nopar_gen[] = {
|
|||
SCMP_SYS(clone),
|
||||
SCMP_SYS(epoll_create),
|
||||
SCMP_SYS(epoll_wait),
|
||||
SCMP_SYS(eventfd2),
|
||||
SCMP_SYS(fcntl),
|
||||
SCMP_SYS(fstat),
|
||||
#ifdef __NR_fstat64
|
||||
SCMP_SYS(fstat64),
|
||||
#endif
|
||||
SCMP_SYS(futex),
|
||||
SCMP_SYS(getdents64),
|
||||
SCMP_SYS(getegid),
|
||||
#ifdef __NR_getegid32
|
||||
|
@ -170,6 +172,7 @@ static int filter_nopar_gen[] = {
|
|||
SCMP_SYS(read),
|
||||
SCMP_SYS(rt_sigreturn),
|
||||
SCMP_SYS(sched_getaffinity),
|
||||
SCMP_SYS(sendmsg),
|
||||
SCMP_SYS(set_robust_list),
|
||||
#ifdef __NR_sigreturn
|
||||
SCMP_SYS(sigreturn),
|
||||
|
@ -547,6 +550,15 @@ sb_socket(scmp_filter_ctx ctx, sandbox_cfg_t *filter)
|
|||
SCMP_CMP(0, SCMP_CMP_EQ, PF_UNIX),
|
||||
SCMP_CMP_MASKED(1, SOCK_CLOEXEC|SOCK_NONBLOCK, SOCK_STREAM),
|
||||
SCMP_CMP(2, SCMP_CMP_EQ, 0));
|
||||
if (rc)
|
||||
return rc;
|
||||
|
||||
rc = seccomp_rule_add_3(ctx, SCMP_ACT_ALLOW, SCMP_SYS(socket),
|
||||
SCMP_CMP(0, SCMP_CMP_EQ, PF_UNIX),
|
||||
SCMP_CMP_MASKED(1, SOCK_CLOEXEC|SOCK_NONBLOCK, SOCK_DGRAM),
|
||||
SCMP_CMP(2, SCMP_CMP_EQ, 0));
|
||||
if (rc)
|
||||
return rc;
|
||||
|
||||
rc = seccomp_rule_add_3(ctx, SCMP_ACT_ALLOW, SCMP_SYS(socket),
|
||||
SCMP_CMP(0, SCMP_CMP_EQ, PF_NETLINK),
|
||||
|
|
|
@ -1284,6 +1284,8 @@ connection_listener_new(const struct sockaddr *listensockaddr,
|
|||
conn->port = gotPort;
|
||||
tor_addr_copy(&conn->addr, &addr);
|
||||
|
||||
memcpy(&lis_conn->entry_cfg, &port_cfg->entry_cfg, sizeof(entry_port_cfg_t));
|
||||
|
||||
if (port_cfg->entry_cfg.isolation_flags) {
|
||||
lis_conn->entry_cfg.isolation_flags = port_cfg->entry_cfg.isolation_flags;
|
||||
if (port_cfg->entry_cfg.session_group >= 0) {
|
||||
|
@ -1299,8 +1301,6 @@ connection_listener_new(const struct sockaddr *listensockaddr,
|
|||
}
|
||||
}
|
||||
|
||||
memcpy(&lis_conn->entry_cfg, &port_cfg->entry_cfg, sizeof(entry_port_cfg_t));
|
||||
|
||||
if (type != CONN_TYPE_AP_LISTENER) {
|
||||
lis_conn->entry_cfg.ipv4_traffic = 1;
|
||||
lis_conn->entry_cfg.ipv6_traffic = 1;
|
||||
|
|
|
@ -1278,8 +1278,9 @@ dirserv_thinks_router_is_unreliable(time_t now,
|
|||
}
|
||||
|
||||
/** Return true iff <b>router</b> should be assigned the "HSDir" flag.
|
||||
* Right now this means it advertises support for it, it has a high
|
||||
* uptime, it has a DirPort open, and it's currently considered Running.
|
||||
* Right now this means it advertises support for it, it has a high uptime,
|
||||
* it has a DirPort open, it has the Stable flag and it's currently
|
||||
* considered Running.
|
||||
*
|
||||
* This function needs to be called after router-\>is_running has
|
||||
* been set.
|
||||
|
@ -1306,6 +1307,7 @@ dirserv_thinks_router_is_hs_dir(const routerinfo_t *router,
|
|||
uptime = real_uptime(router, now);
|
||||
|
||||
return (router->wants_to_be_hs_dir && router->dir_port &&
|
||||
node->is_stable &&
|
||||
uptime >= get_options()->MinUptimeHidServDirectoryV2 &&
|
||||
router_is_active(router, node, now));
|
||||
}
|
||||
|
|
|
@ -2984,7 +2984,7 @@ sandbox_init_filter(void)
|
|||
// orport
|
||||
if (server_mode(get_options())) {
|
||||
|
||||
OPEN_DATADIR2_SUFFIX("keys", "secret_id_key", "tmp");
|
||||
OPEN_DATADIR2_SUFFIX("keys", "secret_id_key", ".tmp");
|
||||
OPEN_DATADIR2_SUFFIX("keys", "secret_onion_key", ".tmp");
|
||||
OPEN_DATADIR2_SUFFIX("keys", "secret_onion_key_ntor", ".tmp");
|
||||
OPEN_DATADIR2("keys", "secret_id_key.old");
|
||||
|
|
|
@ -420,6 +420,7 @@ new_fake_channel(void)
|
|||
|
||||
chan->close = chan_test_close;
|
||||
chan->get_overhead_estimate = chan_test_get_overhead_estimate;
|
||||
chan->get_remote_descr = chan_test_get_remote_descr;
|
||||
chan->num_bytes_queued = chan_test_num_bytes_queued;
|
||||
chan->num_cells_writeable = chan_test_num_cells_writeable;
|
||||
chan->write_cell = chan_test_write_cell;
|
||||
|
@ -615,7 +616,6 @@ test_channel_dumpstats(void *arg)
|
|||
/* Test channel_dump_statistics */
|
||||
ch->describe_transport = chan_test_describe_transport;
|
||||
ch->dumpstats = chan_test_dumpstats;
|
||||
ch->get_remote_descr = chan_test_get_remote_descr;
|
||||
ch->is_canonical = chan_test_is_canonical;
|
||||
old_count = test_dumpstats_calls;
|
||||
channel_dump_statistics(ch, LOG_DEBUG);
|
||||
|
|
Loading…
Reference in New Issue