sarah
/
tor
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Merge branch 'maint-0.2.1' into release-0.2.1

This commit is contained in:
Roger Dingledine 2010-11-21 17:02:42 -05:00
parent 24c334e728 a9d2148f53
commit 64d1b8364e
58 changed files with 68862 additions and 31923 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

41
LICENSE
View File

@ -8,7 +8,6 @@
If you got this file as a part of a larger bundle,
there may be other license terms that you should be aware of.
===============================================================================
Tor is distributed under this license:
@ -72,14 +71,42 @@ under the following license:
* OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
* ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
===============================================================================
src/config/geoip is licensed under the following license:
OPEN DATA LICENSE (GeoLite Country and GeoLite City databases)
Copyright (c) 2008 MaxMind, Inc. All Rights Reserved.
All advertising materials and documentation mentioning features or use of
this database must display the following acknowledgment:
"This product includes GeoLite data created by MaxMind, available from
http://maxmind.com/"
Redistribution and use with or without modification, are permitted provided
that the following conditions are met:
1. Redistributions must retain the above copyright notice, this list of
conditions and the following disclaimer in the documentation and/or other
materials provided with the distribution.
2. All advertising materials and documentation mentioning features or use of
this database must display the following acknowledgement:
"This product includes GeoLite data created by MaxMind, available from
http://maxmind.com/"
3. "MaxMind" may not be used to endorse or promote products derived from this
database without specific prior written permission.
THIS DATABASE IS PROVIDED BY MAXMIND, INC ``AS IS'' AND ANY
EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
DISCLAIMED. IN NO EVENT SHALL MAXMIND BE LIABLE FOR ANY
DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
DATABASE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
===============================================================================
If you got Tor as a static binary with OpenSSL included, then you should know:
"This product includes software developed by the OpenSSL Project
for use in the OpenSSL Toolkit (http://www.openssl.org/)"
===============================================================================
"This program uses the IP-to-Country Database provided by
WebHosting.Info (http://www.webhosting.info), available from
http://ip-to-country.webhosting.info."
See the src/config/geoip file in particular.
===============================================================================

10
changes/annotations_fix Normal file
View File

@ -0,0 +1,10 @@
o Major bugfixes
- Do even more to reject (and not just ignore) annotations on
router descriptors received anywhere but from the cache.
Previously we would ignore such annotations at first, but cache
them to disk anyway. Bugfix on 0.2.0.8-alpha. Found by piebeer.
o Minor bugfixes
- Enforce multiplicity rules when parsing annotations. Bugfix on
0.2.0.8-alpha. Found by piebeer.

8
changes/bug1125 Normal file
View File

@ -0,0 +1,8 @@
o Major bugfixes
- Do not log messages to the controller while shrinking buffer
freelists. Doing so would sometimes make the controller
connection try to allocate a buffer chunk, which would mess
up the internals of the freelist and cause an assertion
failure. Fixes bug 1125; fixed by Robert Ransom. Bugfix on
Tor 0.2.0.16-alpha.

5
changes/bug1141 Normal file
View File

@ -0,0 +1,5 @@
o Minor bugfixes:
- Fix an assertion failure that could occur in caches or bridge users
when using a very short voting interval on a testing network.
Diagnosed by Robert Hogan. Fixes bug 1141; bugfix on 0.2.0.8-alpha.

7
changes/bug1840 Normal file
View File

@ -0,0 +1,7 @@
o Minor bugfixes:
- Allow handshaking OR connections to take a full KeepalivePeriod
seconds to handshake. Previously, we would close them after
IDLE_OR_CONN_TIMEOUT seconds, as if they were open. This is a
bugfix on 0.2.1.26. Thanks to mingw-san for analysis help. Fixes
bug 1840.

6
changes/bug1981 Normal file
View File

@ -0,0 +1,6 @@
o Major bugfixes:
- When you use bridges and your network goes away and your bridges
get marked as down, recover when you attempt a new socks connection
(if the network is back) rather than waiting up to an hour to try
fetching new descriptors for your bridges. Bugfix on 0.2.0.3-alpha;
fixes bug 1981.

5
changes/bug2050 Normal file
View File

@ -0,0 +1,5 @@
o Major bugfixes:
- Learn our external IP address when we're a relay or bridge, even if
we set PublishServerDescriptor to 0. Bugfix on 0.2.0.3-alpha,
where we introduced bridge relays that don't need to publish to
be useful. Fixes bug 2050.

7
changes/fix2204 Normal file
View File

@ -0,0 +1,7 @@
o Major bugfixes
- Do not set the tlsext_host_name extension on server SSL objects;
only on client SSL objects. We set it to immitate a browser, not a
vhosting server. This resolves an incompatibility with openssl 0.9.8p
and openssl 1.0.0b. Fixes bug 2204; bugfix on 0.2.1.1-alpha.

3
changes/geoip-oct2010 Normal file
View File

@ -0,0 +1,3 @@
o Minor features:
- Update to the October 1 2010 Maxmind GeoLite Country database.

3
changes/geoip-sep2010 Normal file
View File

@ -0,0 +1,3 @@
o Minor features:
- Update to the September 1 2010 Maxmind GeoLite Country database.

3
changes/geoip-update-august2010 Normal file
View File

@ -0,0 +1,3 @@
o Minor features
- Update to the August 1 2010 Maxmind GeoLite Country database.

2
changes/geoip-update-june2010 Normal file
View File

@ -0,0 +1,2 @@
o Minor features
- Update to the June 1 2010 Maxmind GeoLite Country database.

3
changes/maatuska-new-v3auth Normal file
View File

@ -0,0 +1,3 @@
o New directory authorities:
- Set up maatuska (run by Linus Nordberg) as the eighth v3 directory
authority.

3
changes/misc-reason Normal file
View File

@ -0,0 +1,3 @@
o Minor features:
- Have clients begin understanding the new END_STREAM_REASON_NOROUTE
error code.

5
changes/new-geoip-db Normal file
View File

@ -0,0 +1,5 @@
o Major features:
- Move to the Maxmind GeoIP db (rather than the June 2009
ip-to-country GeoIP db) for our statistics that count how many
users relays are seeing from each country. Now we have more accurate
data for many African countries.

4
changes/openbsd-sysheaders Normal file
View File

@ -0,0 +1,4 @@
o Minor bugfixes:
- When building with --enable-gcc-warnings on OpenBSD, disable
warnings in system headers. This makes --enable-gcc-warnings
pass on OpenBSD 4.8.

5
changes/remove-debian Normal file
View File

@ -0,0 +1,5 @@
o Removed files:
- Remove the old debian/ directory from the main Tor distribution.
The official Tor-for-debian git repository lives at the URL
https://git.torproject.org/debian/tor.git .

11
configure.in
View File

@ -819,6 +819,15 @@ if test x$enable_gcc_warnings = xyes || test x$enable_gcc_warnings_advisory = xy
have_shorten64_flag=no)
CFLAGS="$save_CFLAGS"
case $host in
*-*-openbsd*)
# Some OpenBSD versions (like 4.8) have -Wsystem-headers by default.
# That's fine, except that the headers don't pass -Wredundant-decls.
# Therefore, let's disable -Wsystem-headers when we're building
# with maximal warnings on OpenBSD.
CFLAGS="$CFLAGS -Wno-system-headers" ;;
esac
CFLAGS="$CFLAGS -W -Wfloat-equal -Wundef -Wpointer-arith -Wstrict-prototypes -Wmissing-prototypes -Wwrite-strings -Wredundant-decls -Wchar-subscripts -Wcomment -Wformat=2 -Wwrite-strings -Wmissing-declarations -Wredundant-decls -Wnested-externs -Wbad-function-cast -Wswitch-enum"
if test x$enable_gcc_warnings = xyes; then
CFLAGS="$CFLAGS -Werror"
@ -826,7 +835,7 @@ if test x$enable_gcc_warnings = xyes || test x$enable_gcc_warnings_advisory = xy
# Disabled, so we can use mallinfo(): -Waggregate-return
if test x$have_gcc4 = xyes ; then
if test x$have_gcc4 = xyes ; then
# These warnings break gcc 3.3.5 and work on gcc 4.0.2
CFLAGS="$CFLAGS -Winit-self -Wmissing-field-initializers -Wdeclaration-after-statement -Wold-style-definition"
fi

16
debian/README.Debian vendored
View File

@ -1,16 +0,0 @@
This is the Debian package for Tor, The Onion Router.
Some changes have been made to the Tor source to integrate it better into
Debian. If Tor is started as root or the 'debian-tor' user, then:
- RunAsDaemon is enabled,
- PidFile is set to /var/run/tor/tor.pid (No default upstream),
- default logging goes to /var/log/tor/log (instead of stdout),
- DataDirectory is set to /var/lib/tor (uses $HOME/.tor upstream),
- User is set to "debian-tor".
If Tor is started as any other user it behaves just like upstream's.
--
Peter Palfrader, Mon, 24 Jul 2006 05:20:30 +0200
Sat, 23 Feb 2008 13:44:40 +0100

18
debian/README.privoxy vendored
View File

@ -1,18 +0,0 @@
Tor only provides TCP layer anonymity. It does not do any protocol
cleaning, so if you are going to browse the web you still give away a
lot of information to servers.
The privoxy package provides a privacy enhancing HTTP proxy, which
is good at filtering headers, cookies, and much more. To view the
description of the Debian privoxy package just run "apt-cache show
privoxy". Please refer to the privoxy documentation for more details.
In order to use privoxy over tor, add the following line to your
privoxy configuration file:
forward-socks4a / localhost:9050 .
(the dot is important)
Then configure your browser to use privoxy as its HTTP proxy.
--
Peter Palfrader <weasel@debian.org>, Tue, 17 Feb 2004 02:15:36 +0100

10
debian/TODO vendored
View File

@ -1,10 +0,0 @@
Legend:
- Not done
* Top priority
. Partially done
o Done
D Deferred
X Abandoned
- don't enable coredumps by default
- fix shipped html docs to refer to local stylesheet

1310
debian/changelog vendored
View File

File diff suppressed because it is too large Load Diff

1
debian/compat vendored
View File

@ -1 +0,0 @@
5

74
debian/control vendored
View File

@ -1,74 +0,0 @@
Source: tor
Section: comm
Priority: optional
Maintainer: Peter Palfrader <weasel@debian.org>
Build-Depends: debhelper (>= 5), libssl-dev, dpatch, zlib1g-dev, libevent-dev (>= 1.1), texlive-base-bin, texlive-latex-base, texlive-fonts-recommended, transfig, ghostscript, binutils (>= 2.14.90.0.7)
Standards-Version: 3.8.1
Homepage: https://www.torproject.org/
Package: tor
Architecture: any
Depends: ${shlibs:Depends}, adduser, tsocks
Conflicts: libssl0.9.8 (<< 0.9.8g-9)
Recommends: privoxy | polipo (>= 1), socat, logrotate, tor-geoipdb
Suggests: mixmaster, mixminion, anon-proxy
Description: anonymizing overlay network for TCP
Tor is a connection-based low-latency anonymous communication system which
addresses many flaws in the original onion routing design.
.
In brief, Onion Routing is a connection-oriented anonymizing communication
service. Users choose a source-routed path through a set of nodes, and
negotiate a "virtual circuit" through the network, in which each node
knows its predecessor and successor, but no others. Traffic flowing down
the circuit is unwrapped by a symmetric key at each node, which reveals
the downstream node.
.
Basically Tor provides a distributed network of servers ("onion
routers"). Users bounce their tcp streams (web traffic, ftp, ssh, etc)
around the routers, and recipients, observers, and even the routers
themselves have difficulty tracking the source of the stream.
.
Note that Tor does no protocol cleaning. That means there is a danger that
application protocols and associated programs can be induced to reveal
information about the initiator. Tor depends on Privoxy and similar protocol
cleaners to solve this problem.
.
Client applications can use the Tor network by connecting to the local
onion proxy. If the application itself does not come with socks support
you can use a socks client such as tsocks. Some web browsers like mozilla
and web proxies like privoxy come with socks support, so you don't need an
extra socks client if you want to use Tor with them.
.
This package enables only the onion proxy by default, but it can be configured
as a relay (server) node.
.
Remember that this is development code -- don't rely on the current Tor
network if you really need strong anonymity.
.
The latest information can be found at https://www.torproject.org/, or on the
mailing lists, archived at http://archives.seul.org/or/talk/ or
http://archives.seul.org/or/announce/.
Package: tor-dbg
Architecture: any
Depends: tor (= ${binary:Version})
Suggests: gdb
Priority: extra
Section: debug
Description: debugging symbols for Tor
This package provides the debugging symbols for Tor, The Onion Router.
Those symbols allow your debugger to assign names to your backtraces, which
makes it somewhat easier to interpret core dumps.
Package: tor-geoipdb
Architecture: all
Priority: extra
Depends: tor (>= ${source:Version})
Description: geoIP database for Tor
This package provides a geoIP database for Tor, i.e. it maps IPv4 addresses
to countries.
.
Bridges (special Tor relays that aren't listed in the main Tor directory) use
this information to report which countries they get access from. This allows
the Tor network operators to learn if certain countries started blocking
access to bridges.

124
debian/copyright vendored
View File

@ -1,124 +0,0 @@
This package was debianized by Peter Palfrader <weasel@debian.org> on
Sat, 10 Jan 2004 11:20:06 +0100.
It was downloaded from https://www.torproject.org/
Upstream Authors: Roger Dingledine <arma@freehaven.net>
Nick Mathewson <nickm@freehaven.net>
Copyright (c) 2001 Matej Pfajfar
Copyright (c) 2001-2004, Roger Dingledine
Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson
Copyright (c) 2007-2008, The Tor Project, Inc.
strlcat, strlcpy: Copyright (c) 1998 Todd C. Miller <Todd.Miller@courtesan.com>
ht.h: Copyright (c) 2002, Christopher Clark, 2006 Nick Mathewson
OpenBSD_malloc_Linux.c: phk@FreeBSD.ORG
Modifications for Debian: Copyright (c) 2004, 2005, 2006, 2007, 2008 Peter Palfrader
Tor is distributed under this license:
===============================================================================
Copyright (c) 2001-2004, Roger Dingledine
Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson
Copyright (c) 2007-2008, The Tor Project, Inc.
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are
met:
* Redistributions of source code must retain the above copyright
notice, this list of conditions and the following disclaimer.
* Redistributions in binary form must reproduce the above
copyright notice, this list of conditions and the following disclaimer
in the documentation and/or other materials provided with the
distribution.
* Neither the names of the copyright owners nor the names of its
contributors may be used to endorse or promote products derived from
this software without specific prior written permission.
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
===============================================================================
strlcat and strlcpy by Todd C. Miller are licensed under the following license:
* Copyright (c) 1998 Todd C. Miller <Todd.Miller@courtesan.com>
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. The name of the author may not be used to endorse or promote products
* derived from this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
* INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
* AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL
* THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
* EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
* PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
* OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
* WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
* OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
* ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
===============================================================================
ht.h by Nick Mathewson is licensed as follows:
/*
* Copyright 2005, Nick Mathewson. Implementation logic is adapted from code
* by Cristopher Clark, retrofit to allow drop-in memory management, and to
* use the same interface as Niels Provos's HT_H. I'm not sure whether this
* is a derived work any more, but whether it is or not, the license below
* applies.
*
* Copyright (c) 2002, Christopher Clark
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* * Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* * Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* * Neither the name of the original author; nor the names of any contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER
* OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
* EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
* PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
* PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
* LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
* NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
===============================================================================
OpenBSD_malloc_Linux.c:
* "THE BEER-WARE LICENSE" (Revision 42):
* <phk@FreeBSD.ORG> wrote this file. As long as you retain this notice you
* can do whatever you want with this stuff. If we meet some day, and you think
* this stuff is worth it, you can buy me a beer in return. Poul-Henning Kamp

155
debian/hexdump-cell-struct.pdf vendored
View File

@ -1,155 +0,0 @@
255044462d312e330a25c7ec8fa20a362030206f626a0a3c3c2f4c656e6774682037203020522f46
696c746572202f466c6174654465636f64653e3e0a73747265616d0a789c5d90cd4ec3300cc7ef79
0adf188795384ddae638560e48e3c09617d84a988a56a47e48686f4f9cafc114b5b17ffedbb13d02
2f10389d7877031bd9d35ec27966b250f0c3107a5656356053c3e0ad1a2eecc0aa46444656601413
4a7017e030594748afb488991245ce0d94ac4443fc7f3e629d9ef66678075599299991d698299991
ea265332031d01fdd8e9ea0678366e70245234603e595808822a84ffccc056db7eea5edb47f3c5b0
74db4127fc602b41400807d691ecede578255aa2a3dcb3c332d9e310b2a5ceb8edcf765eeeb43bfb
4da42a9368633604d6024924b9fb11bff5535651ba7d6b8352dc35f8a73cfa097893fb4df57d92d9
51c64318312962599d4afa1214ccbd28aee1745dec1c22e8f791a35eef3d7e6b4926aff2b579f4a4
6ec87f31f0cee8fc02f62c8fb3656e6473747265616d0a656e646f626a0a372030206f626a0a3330
350a656e646f626a0a352030206f626a0a3c3c2f547970652f506167652f4d65646961426f78205b
302030203235342037345d0a2f506172656e742033203020520a2f5265736f75726365733c3c2f50
726f635365745b2f504446202f546578745d0a2f457874475374617465203132203020520a2f466f
6e74203133203020520a3e3e0a2f436f6e74656e74732036203020520a3e3e0a656e646f626a0a33
2030206f626a0a3c3c202f54797065202f5061676573202f4b696473205b0a35203020520a5d202f
436f756e7420310a3e3e0a656e646f626a0a312030206f626a0a3c3c2f54797065202f436174616c
6f67202f50616765732033203020520a3e3e0a656e646f626a0a342030206f626a0a3c3c2f547970
652f4578744753746174652f4e616d652f52342f54522f4964656e746974792f4f504d20312f534d
20302e30323e3e0a656e646f626a0a392030206f626a0a3c3c2f547970652f466f6e744465736372
6970746f722f466f6e744e616d652f524a464b46552b54696d65732d526f6d616e2f466f6e744242
6f785b2d313638202d3238312031303331203932345d2f466c6167732033340a2f417363656e7420
3932340a2f436170486569676874203637360a2f44657363656e74202d3238310a2f4974616c6963
416e676c6520300a2f5374656d56203131310a2f4d697373696e675769647468203235300a2f5848
6569676874203436310a2f43686172536574282f73706163652f7a65726f2f6f6e652f74776f2f66
6f75722f666976652f7369782f65696768742f6e696e652f412f432f442f492f4c2f4d2f522f532f
542f612f622f632f652f672f692f6c2f6d2f6e2f722f732f742f79290a2f466f6e7446696c653320
38203020523e3e0a656e646f626a0a382030206f626a0a3c3c2f537562747970652f547970653143
2f46696c7465722f466c6174654465636f64652f4c656e677468203131203020523e3e7374726561
6d0a789c6556695453e7bade31247b3b715a737304ac496aadf6d409ad56a8536570442b838c2a83
040886843109210904c2f83287210408934c822032aa200e60716aab56056d0fdada5b3b1ee939eb
7e9b7efcb83b9c75effd71d7cada2b6befef7bbeef7ddfe77d9e9745d82c20582c16cfebd0bec3fb
8eaff391c488133678c9634265d6d76be9152cfa9d05f44a36de89cfff59fda7236725e151cb5e5a
ff8eedc0325af8367af11734fa16c166b17aee7eeb2a8f4d8e974446258a3e38eee5f7b775ebd6ff
df9bcdcececea2b0e4fff922721327482265a235cc1f85582a8f8d11cb1277885c99d552a9e4b428
529a1c1b95200a0d0f17875bb7f9864ac56744fb2452496cac5c21fac0f56fa22d8e8e9b37308f2d
3b44479362c4f1f2f522892c42229324268b4265e1a2cf62c491a1a298d070b115c02d4692189f2c
daea2891fdefeea39298b0a404d17cb4a2a372679187c84b1c99240d8dffff5f0882107aec4d969d
3ee22a768b8f4cf04a9478fb1c9486c6846ddeb275dbc74ece224782d840ac220289cf08376223b1
9ad847bc4f781307081fe223e2387188d84a6c233e248e102ec451c2955846f0083ef1576239614f
38102ce26d42c45482b06100aeb076b0ce2fe02c885bf033fb20fba6cd2a0ec1a9e2aee62ab97748
093940bea13650f7176a174e2d122c4a5cd4bef8ddc5c54b784b3296642df91115dad2082caa8bf4
1bcbb2ef6696f362e907c885af166b1335eaa8709f6427a00e705d74255d423a8684875555cf8a29
0bee52918f334d5a70a7e68e91bc0be0aed5b864512a92d9dec5bd825c38b6b3116041017df4bb75
ac595f0bff54a1be3cea312ea0efd929b9387c2ef5305e939a12946baf4281163248696aad2cac2a
36092fa1851c64e6f6adab8c2d8d03ad3dc4ab337cf328153292733a54ce47246a45146ee5d8d239
5836435f31b36839edcbc72b34dc8eeaf494ecbccc1c83f043dc8649549259956d820a7ba835970e
1450661ca6259bb36bd28c6ac4c579768519e698d680ea48d0d88326d1431da38d4b52692113d20b
f4c5aa5275911aa844a53221ba23beff8b2b37d1eaeb42b4915e6feaa8286f2ab467ce0733ed7083
75771ab94db3abe955fc92c2f2fc0aa05acb3481429c4f82579ad63f9bd2a02833e95fa4a9846e0a
9d27af0c3554760235dc243d28c462123c74ea00eba2703319589c5a09c3144a267f0abeb9f7a454
7d78bfe0196928084c96a4f9a430271ed33fa2396d2c9864d3ab90233fc89da115508e879f23f28f
1b0fbfe936a545940b4b928cf2dae47ab06f6eb034de74bfbc3dd05f1919260c0896ef879d14feeb
b38d883dd45b7dae5bd0d2646969bf45d9feb9142cb33616d6af8374ed0c7bf663fa017f2e8004a7
54dd4ea6a6a8d342ba146babe021451f631860323d2e61181044e2b8b9029c42177070a08afb6d96
29155ca8b90f4958ad55396532fb522de4ee227523bca1e8b5242a9abbcc70d2767693769076aa47
cebd2c40147b96606a978e141c0537539192aa8474d0146a4a02ab038c27c0199ca4477cdc8f8837
025e001bdbb75df5fafcd08fe2df0171e0f74b13df50c9b57bdd0ec63881bd0778d785f4f80c4b7f
00c4a6d0c1d768217a7f6c5471ba57d071c62cb71ca2acc9fb0ac93a10d9cda2d723277ed09e10d9
61f0829036d958728fa13377824213dc8c7bfab6f88e98ee93f57e10002792c5921361b16ee04c61
c1a36d88fcf9c92d44f40bf0145acfaf983a7f610226a0496eda4acdd35d75817e71416559f6fd0c
cd45ace5bc9a7f22161f5c53757be65b438a2e701105ffeabc7df3dead0bafe057f82166cae7c6fe
af30ab1baf048a57831b55dc6786b274d84bcd74f279d27315c6be97f75224570453c7fbb6012600
2f0adbfec9097f9967ea56a04ea79675086dd14b30a37ffcc67a38cd2ea51df8558565f995409d2d
4b0916e24212020c86c3a90cbf0c66727fa1da0c63144a223b06465a4acab2f415826a6d45a609a8
26734d6ba7a24e122a4b740b14fe486615f82645ea8ea9ece7db6c0cdd398ba22f16b72e8307b2bf
23f7c99696e53c4c47d376fc8bbb49255332656992d12eb63cb6388e89036ddcebeae8d122be1f2d
542527ab33b3a2653a2528415199daa7a478d8cd2f363ac2c1772af8e72753cdfda3829e73351dd0
03b74ff4ef2dc4fc123bdf82f832a886baceae1663595e695e2158724d792570017acde75a3a5bcd
5d30026d598dda0e0a1be61cf89d86e799c340fd67a72ed2734f38e67ce4d936d8586aea1f11f250
317acdbfd5da75e95cb33aa65a501b557912c2296f59d4c9cf42effd22b0a5edf50d29f5f4e63a5d
c332b88d9c1f3055435fa22ff8bcf5d9e81d4e1a373737dd9097970df699a02f482b668a644c4a2a
8a5bb1d3cbdfd5bbe3f48b20e1787497b22601a4f6c167e4fe12a9a94125509c4d6fd48d51295c9e
07763491a5e5450595500655b98d990c40666b4b76ed8ac9bbe30f46123a3feb1662e2aebc5a7316
5aec7bcfb55e1a6b976c6914307d0216fa0f2b9b5ecc209d954d43b36b2d7c71a1b25c761e87a112
bb2f4ced959d2d1dcd967eb80c03ba0b716d146fb24fecd4bc61056f08b7a9b84f32cad3c08d9a73
675a599ffaa9b525db99962cd699e0118502c89b05281d4f70d036ee5c10fd92cf9b6cad30f6a2b7
c7433604284223558293715199eb72295b744e3f4a2fe9608d4db3919169d73588e296e715660a0c
e999e906bdd8272428253bcd9069802cc8c9cf2dcca5aee1ebdceded21b7867b9a463b05ba0a45bc
5a9f04f6119a963b4274f10dc94032da796786f58c8174a543f878930f47431af32b0b4cf96560df
344f5e0d09aefab47d5671d49bc983c519e5d67b23d21f29f8b18989727943626b5b63435b6b62a3
4c684b5fd3d52bbae823f5685ddfb2b69748fb66396f98f69e75e22bb8d98969696ad00323e9c688
aa08e31908816075b42c4a9a1c0a7eb063d01bd91c7b241e0d3b2b2ed3152b2081e2690e049c74d9
e27103d9060812b9bce1761cc569e0e65b2aabcc500135d916438fa637a3172844be7af6c7b73ef7
b0dd43e1aaf1d041b84edde8efb93dd4af8aec129c3b5315577d8c3acb9d3759fab77e16d2cfb051
e92cc19fcb21e1e3b43427abc20e5948e722ad09bea668e3751271a121b9112fa09ab8996837676e
829b8977739ab84d88d568413640595bfedf82cd6091568df95497ba3d87011a61800a53aaac408c
547f5d659a2e62a47a4445bec8aa4c6354653ef1d6ac5b66d9fc126e457e65be11a88e72ed09e15c
1c09c7b53a8f2c26dd6966d2a328b51c6e50f44f6476819f5aacdfa79ef79f71daae69197cbfef7b
f4de37cb79afe9a3f7f96a6d6a9686714a43d5a010f991309ad5a6694aea0eb11c63a46072c3de40
8fc43a6563537d5d43515e715ea930b72ccf08a5544b4743ef708becb8e02889371e5167848829de
eb24a55612ede031183c31d8573f3a2128f6ab55f4c179a8afeceaa1f0a6bff3419a95ae484dd0ca
d3154045c9cf0f088b48b8d5d78d960e321a6c6158b57294f5601a79587f6c0b63caa642a3d5949b
cb528284b8c41aa3c63b8f8931de4cfa16682ae02285ba4828309697969e6d1ca8e9026ab021ca5d
889961c73b2dcdcbcabe4433e995afa981db142a26db073a6b2f0135561beb24c4918cc96764781a
9845723319571053a0ab858bf6288c448bc23fdfede91fe7795c903c2669390ec120d73a79504f18
3ff757317eaeb14aabbe835e7c87757f1a29bf67a30db3bbf85905a19ad88c133a7b590627852cc9
2f8252a07acbd2438573d5a4f445f47364378316a0f7d05ff6fcb4f6a86764a052e06b73f172f7e8
d4c82e6c8bd941879dfd4e359e15cc4f27ac99976c34c874003ee0c8d19295c515454505b5a53545
e540d59769ce08ad2e1f9d919892ae49d7e6845ab3d2662677e6a794c3158afe95b4823ca51b1fb3
d0c44b362d472bf9bae2082f5dfa29b0c7195cb413b9bd7a7df1294cd9ffe393c9f77cfc924e4708
ce483467d46ef55976bdbf75777c05d4f498d7f65d27376edf22c4fbb0272795769847ad476beed2
bbea58e83c33ca48510aff7dda33988bbf98f3e41c46e7f18e49b46386c407eef2b1818b0ce817eb
b4473f7fc642530fd8e820fd9c8ffcb9d550545058daf3ca2ebd54a3d06729984b89b99885f579b9
9007b9f6594539c68e5e83ae4f80c8886b47e0036addd14f7729d5a50d3182338d89e50c8164dad4
78f1e58427d38f5aae8e082f0dd58fc15378a4ba1430123ce8d58817d53363438eb695b6b9c482d7
a8e80736ed35fb291f73f59e2a177f4cec3e86b9801d606bcb4703013dc1d7136e3372f0d6cb9f91
00fd87cb37980c5618c41ec216b40ed920026d6ea67018bec87f39e28adfc60bc28fba7f74fc27b4
e9aab1b5ce2cacaf3e57c6506ffeb8595bc6679fba3f46f2af7c9e2ee7bd420334c9a8f3efd7bafa
bf74f8d6f5f3b598f5c901c74316d9bf360978af30e19c24ddeff0e1b3fd8883964cdeff6352328c
97fe20485ecdffdaaf2912bca943a74e1ddae33ffedddd86fef1cb82e149066bcb78e4a59b0ee343
7d77be1c08dee7253fe5251664e50064e758af80f403b44d2b0b7e44865fd9b792f8c8c674c3f2e5
f03f9f4ea0b700ada090f326b410f3f1e22d6bf00a6cfbe81344dce8afeebb2608c3db315b84d7c7
51e8169ae583323b3d2d5d9e10a18b046a4fd013b478acfaf3fa66614dddd98a36a0be1bda867732
f34ba135eae6d965cd2cf805997eb1caa313df0742d511519ede624c025e0898d589175ef6be107c
35611caec2404d77d7f88d1e669a424b2914ea88dec5cb053971fce921ccc1622c0e166ddb16fc5f
281c450d21f64ba1adb28ef6ad433e75dcf6452f16b71b972c7951bb642941fc37bd8f00ed0a656e
6473747265616d0a656e646f626a0a31312030206f626a0a333531350a656e646f626a0a31322030
206f626a0a3c3c2f52340a34203020523e3e0a656e646f626a0a31332030206f626a0a3c3c2f5231
300a3130203020523e3e0a656e646f626a0a31302030206f626a0a3c3c2f537562747970652f5479
7065312f42617365466f6e742f524a464b46552b54696d65732d526f6d616e2f547970652f466f6e
742f4e616d652f5231302f466f6e7444657363726970746f722039203020522f4669727374436861
722033322f4c61737443686172203235312f5769647468735b0a3235302033333320343038203530
30203530302038333320373738203333332033333320333333203530302035363420323530203333
3320323530203237380a353030203530302035303020353030203530302035303020353030203530
3020353030203530302032373820323738203536342035363420353634203434340a393231203732
32203636372036363720373232203631312035353620373232203732322033333320333839203732
32203631312038383920373232203732320a35353620373232203636372035353620363131203732
32203732322039343420373232203732322036313120333333203237382033333320343639203530
300a3333332034343420353030203434342035303020343434203333332035303020353030203237
382032373820353030203237382037373820353030203530300a3530302035303020333333203338
39203237382035303020353030203732322035303020353030203434342034383020323030203438
3020353431203235300a323530203235302032353020323530203235302032353020323530203235
3020323530203235302032353020323530203235302032353020323530203235300a323530203235
30203235302032353020323530203235302032353020323530203235302032353020323530203235
30203235302032353020323530203235300a32353020333333203530302035303020313637203530
30203530302035303020353030203138302034343420353030203333332033333320353536203535
360a3235302035303020353030203530302032353020323530203435332033353020333333203434
3420343434203530302031303030203130303020323530203434340a323530203333332033333320
33333320333333203333332033333320333333203333332032353020333333203333332032353020
33333320333333203333330a31303030203235302032353020323530203235302032353020323530
2032353020323530203235302032353020323530203235302032353020323530203235300a323530
20383839203235302032373620323530203235302032353020323530203631312037323220383839
20333130203235302032353020323530203235300a32353020363637203235302032353020323530
203237382032353020323530203237382035303020373232203530305d0a3e3e0a656e646f626a0a
322030206f626a0a3c3c2f50726f6475636572284553502047686f737473637269707420372e3037
293e3e656e646f626a0a787265660a302031340a303030303030303030302036353533352066200a
30303030303030363138203030303030206e200a30303030303035373630203030303030206e200a
30303030303030353539203030303030206e200a30303030303030363636203030303030206e200a
30303030303030343039203030303030206e200a30303030303030303135203030303030206e200a
30303030303030333930203030303030206e200a30303030303031303535203030303030206e200a
30303030303030373335203030303030206e200a30303030303034373338203030303030206e200a
30303030303034363535203030303030206e200a30303030303034363736203030303030206e200a
30303030303034373036203030303030206e200a747261696c65720a3c3c202f53697a6520313420
2f526f6f74203120302052202f496e666f2032203020520a3e3e0a7374617274787265660a353831
300a2525454f460a

1031
debian/hexdump-interaction.pdf vendored
View File

File diff suppressed because it is too large Load Diff

5
debian/patches/00list vendored
View File

@ -1,5 +0,0 @@
# 02_add_debian_files_in_manpage.dpatch
03_tor_manpage_in_section_8.dpatch
06_add_compile_time_defaults.dpatch
07_log_to_file_by_default.dpatch
14_fix_geoip_warning

45
debian/patches/02_add_debian_files_in_manpage.dpatch vendored
View File

@ -1,45 +0,0 @@
#! /bin/sh -e
## 02_add_debian_files_in_manpage.dpatch by <weasel@debian.org>
##
## All lines beginning with `## DP:' are a description of the patch.
## DP: Change the FILES section of the manpage to properly describe the situation on Debian systems.
if [ $# -lt 1 ]; then
echo "`basename $0`: script expects -patch|-unpatch as argument" >&2
exit 1
fi
[ -f debian/patches/00patch-opts ] && . debian/patches/00patch-opts
patch_opts="${patch_opts:--f --no-backup-if-mismatch} ${2:+-d $2}"
case "$1" in
-patch) patch -p1 ${patch_opts} < $0;;
-unpatch) patch -R -p1 ${patch_opts} < $0;;
*)
echo "`basename $0`: script expects -patch|-unpatch as argument" >&2
exit 1;;
esac
exit 0
@DPATCH@
diff -urNad tor-0.1.1.5/doc/tor.1.in /tmp/dpep.E9VjWB/tor-0.1.1.5/doc/tor.1.in
--- tor-0.1.1.12/doc/tor.1.in
+++ /tmp/dpep.E9VjWB/tor-0.1.1.12/doc/tor.1.in
@@ -700,9 +700,15 @@
.TP
.B @LOCALSTATEDIR@/lib/tor/
The tor process stores keys and other data here.
+.TP
+.B /var/log/tor/
+The tor server logs to this directory.
+.TP
+.B /var/run/tor/tor.pid
+The PID of the tor (master) process is stored in this file.
.LP
.TP
-.B \fIDataDirectory\fP/approved-routers
+.B /var/lib/tor/approved-routers
Only for naming authoritative directory servers
(see \fBNamingAuthoritativeDirectory\fP).
This file lists nickname to identity bindings. Each line lists a

45
debian/patches/03_tor_manpage_in_section_8.dpatch vendored
View File

@ -1,45 +0,0 @@
#! /bin/sh -e
## 03_tor_manpage_in_section_8.dpatch by <weasel@debian.org>
##
## All lines beginning with `## DP:' are a description of the patch.
## DP: Move the Tor manpage from section 1 to section 8.
if [ $# -lt 1 ]; then
echo "`basename $0`: script expects -patch|-unpatch as argument" >&2
exit 1
fi
[ -f debian/patches/00patch-opts ] && . debian/patches/00patch-opts
patch_opts="${patch_opts:--f --no-backup-if-mismatch} ${2:+-d $2}"
case "$1" in
-patch) patch -p1 ${patch_opts} < $0;;
-unpatch) patch -R -p1 ${patch_opts} < $0;;
*)
echo "`basename $0`: script expects -patch|-unpatch as argument" >&2
exit 1;;
esac
exit 0
@DPATCH@
diff -urNad tor-0.1.1.5/contrib/torify.1 /tmp/dpep.fOA3Mm/tor-0.1.1.5/contrib/torify.1
--- tor-0.1.1.5/contrib/torify.1
+++ /tmp/dpep.fOA3Mm/tor-0.1.1.5/contrib/torify.1
@@ -18,6 +18,6 @@
to suid binaries.
.SH SEE ALSO
-.BR tor (1),
+.BR tor (8),
.BR tor-resolve (1),
.BR tsocks (1),
diff -urNad tor-0.1.1.5/doc/tor.1.in /tmp/dpep.fOA3Mm/tor-0.1.1.5/doc/tor.1.in
--- tor-0.1.1.5/doc/tor.1.in
+++ /tmp/dpep.fOA3Mm/tor-0.1.1.5/doc/tor.1.in
@@ -1,4 +1,4 @@
-.TH TOR 1 "January 2009" "TOR"
+.TH TOR 8 "January 2009" "TOR"
.SH NAME
tor \- The second-generation onion router
.SH SYNOPSIS

118
debian/patches/06_add_compile_time_defaults.dpatch vendored
View File

@ -1,118 +0,0 @@
#! /bin/sh -e
## 06_add_compile_time_defaults.dpatch by <weasel@debian.org>
##
## All lines beginning with `## DP:' are a description of the patch.
## DP: Change a few compile time defaults so that Tor is better integrated on a Debian system
if [ $# -lt 1 ]; then
echo "`basename $0`: script expects -patch|-unpatch as argument" >&2
exit 1
fi
[ -f debian/patches/00patch-opts ] && . debian/patches/00patch-opts
patch_opts="${patch_opts:--f --no-backup-if-mismatch} ${2:+-d $2}"
case "$1" in
-patch) patch -p1 ${patch_opts} < $0;;
-unpatch) patch -R -p1 ${patch_opts} < $0;;
*)
echo "`basename $0`: script expects -patch|-unpatch as argument" >&2
exit 1;;
esac
exit 0
@DPATCH@
diff -urNad tor-trunk~/src/or/config.c tor-trunk/src/or/config.c
--- tor-trunk~/src/or/config.c 2009-01-18 01:47:33.000000000 +0100
+++ tor-trunk/src/or/config.c 2009-02-05 00:25:17.614844812 +0100
@@ -12,6 +12,7 @@
#define CONFIG_PRIVATE
#include "or.h"
+#include <pwd.h>
#ifdef MS_WINDOWS
#include <shlobj.h>
#endif
@@ -711,6 +712,8 @@
#if defined(HAVE_EVENT_GET_VERSION) && defined(HAVE_EVENT_GET_METHOD)
static void check_libevent_version(const char *m, int server);
#endif
+static int debian_running_as_debiantor();
+static int debian_config_fix_defaults();
/** Magic value for or_options_t. */
#define OR_OPTIONS_MAGIC 9090909
@@ -3917,6 +3920,9 @@
char *command_arg = NULL;
char *errmsg=NULL;
+ if (debian_config_fix_defaults() < 0)
+ goto err;
+
if (argv) { /* first time we're called. save command line args */
backup_argv = argv;
backup_argc = argc;
@@ -5307,3 +5313,62 @@
return 0;
}
+/* Checks whether we are running as the debian-tor user.
+ * Returns -1 on error, 2 if we are root, 1 if we are debian-tor, 0 if we are any normal user */
+static int
+debian_running_as_debiantor()
+{
+ struct passwd *pw = NULL;
+ int uid;
+
+ uid = getuid();
+ /* If we run as root we also apply our debian defaults. */
+ if (uid == 0)
+ return 2;
+
+ pw = getpwuid(uid);
+ if (!pw) {
+ log(LOG_WARN, LD_GENERAL, "Could not get passwd information for uid %d.", uid);
+ return -1;
+ }
+ assert(pw->pw_name);
+ if (strcmp(pw->pw_name, "debian-tor") == 0)
+ return 1;
+ else
+ return 0;
+}
+
+static int
+debian_config_fix_defaults()
+{
+ config_var_t *var;
+ static int fixed = 0;
+ int running_as_debian;
+
+ if (fixed) return 0;
+ fixed = 1;
+
+ running_as_debian = debian_running_as_debiantor();
+ if (running_as_debian < 0) return -1;
+ if (!running_as_debian) return 0;
+
+ var = config_find_option(&options_format, "DataDirectory");
+ tor_assert(var);
+ var->initvalue = tor_strdup("/var/lib/tor");
+
+ var = config_find_option(&options_format, "PidFile");
+ tor_assert(var);
+ var->initvalue = tor_strdup("/var/run/tor/tor.pid");
+
+ var = config_find_option(&options_format, "RunAsDaemon");
+ tor_assert(var);
+ var->initvalue = tor_strdup("1");
+
+ if (running_as_debian == 2) {
+ var = config_find_option(&options_format, "User");
+ tor_assert(var);
+ var->initvalue = tor_strdup("debian-tor");
+ };
+
+ return 0;
+}

44
debian/patches/07_log_to_file_by_default.dpatch vendored
View File

@ -1,44 +0,0 @@
#! /bin/sh -e
## 07_log_to_file_by_default.dpatch by <weasel@debian.org>
##
## All lines beginning with `## DP:' are a description of the patch.
## DP: Change default logging target from stdout to a logfile
if [ $# -lt 1 ]; then
echo "`basename $0`: script expects -patch|-unpatch as argument" >&2
exit 1
fi
[ -f debian/patches/00patch-opts ] && . debian/patches/00patch-opts
patch_opts="${patch_opts:--f --no-backup-if-mismatch} ${2:+-d $2}"
case "$1" in
-patch) patch -p1 ${patch_opts} < $0;;
-unpatch) patch -R -p1 ${patch_opts} < $0;;
*)
echo "`basename $0`: script expects -patch|-unpatch as argument" >&2
exit 1;;
esac
exit 0
@DPATCH@
diff -urNad tor~/src/or/config.c tor/src/or/config.c
--- tor~/src/or/config.c 2006-07-24 05:15:02.576170550 +0200
+++ tor/src/or/config.c 2006-07-24 05:18:45.286651501 +0200
@@ -2118,8 +2118,13 @@
REJECT("Failed to normalize old Log options. See logs for details.");
/* Special case on first boot if no Log options are given. */
- if (!options->Logs && !options->RunAsDaemon && !from_setconf)
- config_line_append(&options->Logs, "Log", "notice stdout");
+ if (debian_running_as_debiantor()) {
+ if (!options->Logs && !from_setconf)
+ config_line_append(&options->Logs, "Log", "notice file /var/log/tor/log");
+ } else {
+ if (!options->Logs && !options->RunAsDaemon && !from_setconf)
+ config_line_append(&options->Logs, "Log", "notice stdout");
+ }
if (options_init_logs(options, 1)<0) /* Validate the log(s) */
REJECT("Failed to validate Log options. See logs for details.");

38
debian/patches/14_fix_geoip_warning.dpatch vendored
View File

@ -1,38 +0,0 @@
#! /bin/sh -e
## 14_fix_geoip_warning.dpatch by <weasel@debian.org>
##
## All lines beginning with `## DP:' are a description of the patch.
## DP: Change geoipdb open failed message
if [ $# -lt 1 ]; then
echo "`basename $0`: script expects -patch|-unpatch as argument" >&2
exit 1
fi
[ -f debian/patches/00patch-opts ] && . debian/patches/00patch-opts
patch_opts="${patch_opts:--f --no-backup-if-mismatch} ${2:+-d $2}"
case "$1" in
-patch) patch -p1 ${patch_opts} < $0;;
-unpatch) patch -R -p1 ${patch_opts} < $0;;
*)
echo "`basename $0`: script expects -patch|-unpatch as argument" >&2
exit 1;;
esac
exit 0
@DPATCH@
diff -urNad git-stable~/src/or/geoip.c git-stable/src/or/geoip.c
--- git-stable~/src/or/geoip.c 2008-06-06 01:00:41.000000000 +0200
+++ git-stable/src/or/geoip.c 2008-06-11 12:54:17.605150644 +0200
@@ -182,7 +182,8 @@
int severity = options_need_geoip_info(options, &msg) ? LOG_WARN : LOG_INFO;
clear_geoip_db();
if (!(f = fopen(filename, "r"))) {
- log_fn(severity, LD_GENERAL, "Failed to open GEOIP file %s. %s",
+ log_fn(severity, LD_GENERAL, "Failed to open GEOIP file %s. %s"
+ " Do you have the tor-geoipdb package installed?",
filename, msg);
return -1;
}

211
debian/rules vendored
View File

@ -1,211 +0,0 @@
#!/usr/bin/make -f
# -*- makefile -*-
# Sample debian/rules that uses debhelper.
# GNU copyright 1997 to 1999 by Joey Hess.
# Uncomment this to turn on verbose mode.
#export DH_VERBOSE=1
export PACKAGE=tor
include /usr/share/dpatch/dpatch.make
# These are used for cross-compiling and for saving the configure script
# from having to guess our platform (since we know it already)
#
# See /usr/share/doc/autotools-dev/README.Debian.gz which suggests
# this way of passing --build and --host. Also see the thread on
# debian-devel './configure in debian/rules' from February/March 2006,
# starting with <43FF212C.5020800@xs4all.nl> by Pjotr Kourzanov.
export DEB_HOST_GNU_TYPE ?= $(shell dpkg-architecture -qDEB_HOST_GNU_TYPE)
export DEB_BUILD_GNU_TYPE ?= $(shell dpkg-architecture -qDEB_BUILD_GNU_TYPE)
ifeq ($(DEB_BUILD_GNU_TYPE), $(DEB_HOST_GNU_TYPE))
confflags += --build $(DEB_HOST_GNU_TYPE)
else
confflags += --build $(DEB_BUILD_GNU_TYPE) --host $(DEB_HOST_GNU_TYPE)
endif
CFLAGS ?= -Wall -g
LOCALHOST_IP ?= $(shell getent hosts localhost | awk '{print $$1}')
# Do not optimize the build with "noopt"
ifneq (,$(findstring noopt,$(DEB_BUILD_OPTIONS)))
CFLAGS += -O0
else
CFLAGS += -O2
endif
# Do not strip the binary with "nostrip"
#ifeq (,$(findstring nostrip,$(DEB_BUILD_OPTIONS)))
# INSTALL_PROGRAM += -s
#endif
# Prevent the unit tests from being run with "nocheck"
ifneq (,$(findstring nocheck,$(DEB_BUILD_OPTIONS)))
RUN_TEST = no
endif
ifneq (,$(findstring notest,$(DEB_BUILD_OPTIONS)))
RUN_TEST = no
endif
# Support passing of parallel=<n> in build options
ifneq (,$(filter parallel=%,$(DEB_BUILD_OPTIONS)))
NUMJOBS = $(patsubst parallel=%,%,$(filter parallel=%,$(DEB_BUILD_OPTIONS)))
MAKEFLAGS += -j$(NUMJOBS)
endif
CONF_OPTIONS =
# build against libdmalloc4 - it better be installed
ifneq (,$(findstring with-dmalloc,$(DEB_BUILD_OPTIONS)))
CONF_OPTIONS += --with-dmalloc
endif
# allow building with --enable-openbsd-malloc
ifneq (,$(findstring enable-openbsd-malloc,$(DEB_BUILD_OPTIONS)))
CONF_OPTIONS += --enable-openbsd-malloc
endif
configure: patch-stamp
config.status: configure
@if [ "$(LOCALHOST_IP)" != "127.0.0.1" ]; then echo; echo; echo; echo; echo; echo "######################################################################"; echo "WARNING: This system does not think localhost is 127.0.0.1. Will ignore result of testsuite. Please fix your system/chroot."; echo "######################################################################"; echo; echo; echo; echo; echo "Note: 'getent hosts localhost' should return '127.0.0.1 localhost'"; echo; fi
dh_testdir
CFLAGS="$(CFLAGS)" ./configure \
$(confflags) \
--prefix=/usr \
--mandir=\$${prefix}/share/man \
--infodir=\$${prefix}/share/info \
--localstatedir=/var \
--sysconfdir=/etc \
$(CONF_OPTIONS)
build: build-stamp
build-stamp: config.status
dh_testdir
$(MAKE)
@echo
@echo
# Running unit tests
@if [ "$(RUN_TEST)" != "no" ]; then \
if [ "$(LOCALHOST_IP)" != "127.0.0.1" ]; then \
echo; echo; echo "######################################################################"; echo "WARNING: This system does not think localhost is 127.0.0.1. Will ignore result of testsuite. Please fix your system/chroot."; echo "######################################################################"; echo; echo; \
echo "src/or/test || true"; \
src/or/test || true; \
else \
echo "src/or/test"; \
src/or/test; \
fi; \
else \
echo -e "\n\nSkipping unittests\n\n"; \
fi
@echo
# XXX
# So, gs-gpl on s390 is broken (#457568) and fails to properly build
# .pdf files from .fig files using fig2dev. Therefore we ship them
# until this bug is fixed.
#
# of course we can always give it a try
#
# the hexdumps were built using something like
# perl -e 'while (<>) { print unpack ("H*", $_); }' interaction.pdf | fold > hexdump-interaction.pdf
#
# And it fails on a bunch of other archs too.
cd doc/design-paper; \
fig2dev -L pdf cell-struct.fig cell-struct.pdf || \
( echo "** Using shipped pdf file because fig2dev failed"; \
perl -e 'while (<>) { chomp; print pack ("H*", $$_); }' ../../debian/hexdump-cell-struct.pdf > cell-struct.pdf ); \
fig2dev -L pdf interaction.fig interaction.pdf || \
( echo "** Using shipped pdf file because fig2dev failed"; \
perl -e 'while (<>) { chomp; print pack ("H*", $$_); }' ../../debian/hexdump-interaction.pdf > interaction.pdf ); \
# XXX ends
make -C doc/design-paper tor-design.ps tor-design.pdf
touch build-stamp
clean: unpatch
dh_testdir
dh_testroot
rm -f build-stamp
[ ! -f Makefile ] || $(MAKE) distclean
dh_clean
install: build
dh_testdir
dh_testroot
dh_clean -k
dh_installdirs
$(MAKE) install DESTDIR=$(CURDIR)/debian/tor
# move tor to where it belongs
mv $(CURDIR)/debian/tor/etc/tor/torrc.sample $(CURDIR)/debian/tor/etc/tor/torrc
mv $(CURDIR)/debian/tor/usr/bin/tor $(CURDIR)/debian/tor/usr/sbin/tor
install -d $(CURDIR)/debian/tor/usr/share/man/man8
mv $(CURDIR)/debian/tor/usr/share/man/man1/tor.1 $(CURDIR)/debian/tor/usr/share/man/man8/tor.8
install -m 755 contrib/torify $(CURDIR)/debian/tor/usr/bin
install -m 644 contrib/torify.1 $(CURDIR)/debian/tor/usr/share/man/man1
install -m 644 contrib/tor-tsocks.conf $(CURDIR)/debian/tor/etc/tor
install -m 644 debian/tor.lintian-override $(CURDIR)/debian/tor/usr/share/lintian/overrides/tor
install -d -m 755 $(CURDIR)/debian/tor/usr/share/doc/tor/spec
for i in doc/spec/*txt; do \
install -m 644 $$i $(CURDIR)/debian/tor/usr/share/doc/tor/spec || exit 1; \
done
dh_link usr/share/man/man8/tor.8 usr/share/man/man5/torrc.5
rm -f $(CURDIR)/debian/tor/usr/bin/tor-control.py
# tor-dbg doc dir
install -d -m 755 $(CURDIR)/debian/tor-dbg/usr/share/doc
ln -s tor $(CURDIR)/debian/tor-dbg/usr/share/doc/tor-dbg
# tor-geoip
mv $(CURDIR)/debian/tor/usr/share/tor/geoip $(CURDIR)/debian/tor-geoipdb/usr/share/tor
rmdir $(CURDIR)/debian/tor/usr/share/tor || true
install -d -m 755 $(CURDIR)/debian/tor-geoipdb/usr/share/doc/tor-geoipdb
ln -s ../tor/changelog.gz $(CURDIR)/debian/tor-geoipdb/usr/share/doc/tor-geoipdb
ln -s ../tor/changelog.Debian.gz $(CURDIR)/debian/tor-geoipdb/usr/share/doc/tor-geoipdb
install -m 644 debian/tor-geoipdb.lintian-override $(CURDIR)/debian/tor-geoipdb/usr/share/lintian/overrides/tor-geoipdb
# Must not depend on anything. This is to be called by
# binary-arch/binary-indep
# in another 'make' thread.
binary-common:
dh_testdir
dh_testroot
dh_installchangelogs --package=tor ChangeLog
dh_installdocs
dh_installexamples
dh_installlogrotate
dh_installinit
dh_installman
dh_link
dh_strip --dbg-package=tor-dbg
dh_compress
dh_fixperms
dh_installdeb
dh_shlibdeps
dh_gencontrol
dh_md5sums
dh_builddeb
# Build architecture independant packages using the common target.
binary-indep: install
$(MAKE) -f debian/rules DH_OPTIONS=-i binary-common
# Build architecture dependant packages using the common target.
binary-arch: install
$(MAKE) -f debian/rules DH_OPTIONS=-s binary-common
@if [ "$(LOCALHOST_IP)" != "127.0.0.1" ]; then echo; echo; echo; echo; echo; echo "######################################################################"; echo "WARNING: This system does not think localhost is 127.0.0.1. Result of testsuite has been ignored. Please fix your system/chroot."; echo "######################################################################"; echo; echo; echo; echo; echo "Note: 'getent hosts localhost' should return '127.0.0.1 localhost'"; echo; fi
binary: binary-indep binary-arch
.PHONY: build clean binary-common binary-indep binary-arch binary install

35
debian/tor-geoipdb.copyright vendored
View File

@ -1,35 +0,0 @@
This geo-ip database was downloaded as part of the Tor distribution
from <URL:https://www.torproject.org/>.
It is the IP-to-Country Database provided by WebHosting.Info
(http://www.webhosting.info), available from
http://ip-to-country.webhosting.info.
Copyright (c) 2003 Direct Information Pvt. Ltd. All Rights Reserved.
All usage, reproduction, modification and derivative works created from, and
distribution and publication of the IP-to-Country Database and your derivative
works thereof must keep intact all copyright notices and give credit by
displaying the following acknowledgment by replacing 'work' with one of the
following: script, product, page, service or application:
"This 'work' uses the IP-to-Country Database
provided by WebHosting.Info (http://www.webhosting.info),
available from http://ip-to-country.webhosting.info."
BECAUSE THE DATABASE IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY FOR THE
DATABASE, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN OTHERWISE
STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES PROVIDE THE
DATABASE "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED,
INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND
FITNESS FOR A PARTICULAR PURPOSE OR ANY WARRANTIES REGARDING THE CONTENTS OR
ACCURACY OF THE WORK.
IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING WILL ANY
COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR REDISTRIBUTE THE
DATABASE AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY
GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR
INABILITY TO USE THE DATABASE, EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN
ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

2
debian/tor-geoipdb.dirs vendored
View File

@ -1,2 +0,0 @@
usr/share/tor
usr/share/lintian/overrides

1
debian/tor-geoipdb.lintian-override vendored
View File

@ -1 +0,0 @@
tor-geoipdb: debian-changelog-file-is-a-symlink

16
debian/tor.NEWS vendored
View File

@ -1,16 +0,0 @@
tor (0.2.0.26-rc-1) experimental; urgency=critical
* weak cryptographic keys
It has been discovered that the random number generator in Debian's
openssl package is predictable. This is caused by an incorrect
Debian-specific change to the openssl package (CVE-2008-0166). As a
result, cryptographic key material may be guessable.
See Debian Security Advisory number 1571 (DSA-1571) for more information:
http://lists.debian.org/debian-security-announce/2008/msg00152.html
If you run a Tor server using this package please see
/var/lib/tor/keys/moved-away-by-tor-package/README.REALLY
-- Peter Palfrader <weasel@debian.org> Tue, 13 May 2008 12:49:05 +0200

39
debian/tor.default vendored
View File

@ -1,39 +0,0 @@
# Defaults for tor initscript
# sourced by /etc/init.d/tor
# installed at /etc/default/tor by the maintainer scripts
#
# This is a bash shell fragment
#
RUN_DAEMON="yes"
#
# Servers sometimes may need more than the default 1024 file descriptors
# if they are very busy and have many clients connected to them. The top
# servers as of early 2008 regularly have more than 10000 connected
# clients.
# (ulimit -n)
#
# (the default varies as it depends on the number of available system-wide file
# descriptors. See the init script in /etc/init.d/tor for details.)
#
# MAX_FILEDESCRIPTORS=
#
# If tor is seriously hogging your CPU, taking away too much cycles from
# other system resources, then you can renice tor. See nice(1) for a
# bit more information. Another way to limit the CPU usage of an Onion
# Router is to set a lower BandwidthRate, as CPU usage is mostly a function
# of the amount of traffic flowing through your node. Consult the torrc(5)
# manual page for more information on setting BandwidthRate.
#
# NICE="--nicelevel 5"
# Additional arguments to pass on tor's command line.
#
# ARGS=""
#
# Uncomment this if you want to get coredumps
#
ulimit -c unlimited

6
debian/tor.dirs vendored
View File

@ -1,6 +0,0 @@
etc/tor
var/lib/tor
var/log/tor
usr/share/lintian/overrides
usr/bin
usr/sbin

9
debian/tor.docs vendored
View File

@ -1,9 +0,0 @@
AUTHORS
debian/README.Debian
debian/README.privoxy
doc/HACKING
doc/TODO
doc/design-paper/tor-design.pdf
doc/design-paper/tor-design.ps
doc/website/stylesheet.css
doc/website/tor-*

191
debian/tor.init vendored
View File

@ -1,191 +0,0 @@
#! /bin/bash
### BEGIN INIT INFO
# Provides: tor
# Required-Start: $local_fs $remote_fs $network $named $time
# Required-Stop: $local_fs $remote_fs $network $named $time
# Should-Start: $syslog
# Should-Stop: $syslog
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: Starts The Onion Router daemon processes
# Description: Start The Onion Router, a TCP overlay
# network client that provides anonymous
# transport.
### END INIT INFO
set -e
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
DAEMON=/usr/sbin/tor
NAME=tor
DESC="tor daemon"
TORPIDDIR=/var/run/tor
TORPID=$TORPIDDIR/tor.pid
DEFAULTSFILE=/etc/default/$NAME
WAITFORDAEMON=60
ARGS=""
# Let's try to figure our some sane defaults:
if [ -r /proc/sys/fs/file-max ]; then
system_max=`cat /proc/sys/fs/file-max`
if [ "$system_max" -gt "80000" ] ; then
MAX_FILEDESCRIPTORS=32768
elif [ "$system_max" -gt "40000" ] ; then
MAX_FILEDESCRIPTORS=16384
elif [ "$system_max" -gt "10000" ] ; then
MAX_FILEDESCRIPTORS=8192
else
MAX_FILEDESCRIPTORS=1024
cat << EOF
Warning: Your system has very few filedescriptors available in total.
Maybe you should try raising that by adding 'fs.file-max=100000' to your
/etc/sysctl.conf file. Feel free to pick any number that you deem appropriate.
Then run 'sysctl -p'. See /proc/sys/fs/file-max for the current value, and
file-nr in the same directory for how many of those are used at the moment.
EOF
fi
else
MAX_FILEDESCRIPTORS=8192
fi
NICE=""
test -x $DAEMON || exit 0
# Include tor defaults if available
if [ -f $DEFAULTSFILE ] ; then
. $DEFAULTSFILE
fi
wait_for_deaddaemon () {
pid=$1
sleep 1
if test -n "$pid"
then
if kill -0 $pid 2>/dev/null
then
echo -n "."
cnt=0
while kill -0 $pid 2>/dev/null
do
cnt=`expr $cnt + 1`
if [ $cnt -gt $WAITFORDAEMON ]
then
echo " FAILED."
return 1
fi
sleep 1
echo -n "."
done
fi
fi
return 0
}
check_torpiddir () {
if test ! -d $TORPIDDIR; then
#echo "There is no $TORPIDDIR directory. Creating one for you."
mkdir -m 02700 "$TORPIDDIR"
chown debian-tor:debian-tor "$TORPIDDIR"
fi
if test ! -x $TORPIDDIR; then
echo "Cannot access $TORPIDDIR directory, are you root?" >&2
exit 1
fi
}
check_config () {
if ! $DAEMON --verify-config > /dev/null; then
echo "ABORTED: Tor configuration invalid:" >&2
$DAEMON --verify-config >&2
exit 1
fi
}
case "$1" in
start)
if [ "$RUN_DAEMON" != "yes" ]; then
echo "Not starting $DESC (Disabled in $DEFAULTSFILE)."
exit 0
fi
if [ -n "$MAX_FILEDESCRIPTORS" ]; then
echo -n "Raising maximum number of filedescriptors (ulimit -n) to $MAX_FILEDESCRIPTORS"
if ulimit -n "$MAX_FILEDESCRIPTORS" ; then
echo "."
else
echo ": FAILED."
fi
fi
check_torpiddir
echo "Starting $DESC: $NAME..."
check_config
start-stop-daemon --start --quiet --oknodo \
--pidfile $TORPID \
$NICE \
--exec $DAEMON -- $ARGS
echo "done."
;;
stop)
echo -n "Stopping $DESC: "
pid=`cat $TORPID 2>/dev/null` || true
if test ! -f $TORPID -o -z "$pid"; then
echo "not running (there is no $TORPID)."
exit 0
fi
if start-stop-daemon --stop --signal INT --quiet --pidfile $TORPID --exec $DAEMON; then
wait_for_deaddaemon $pid
echo "$NAME."
elif kill -0 $pid 2>/dev/null
then
echo "FAILED (Is $pid not $NAME? Is $DAEMON a different binary now?)."
else
echo "FAILED ($DAEMON died: process $pid not running; or permission denied)."
fi
;;
reload|force-reload)
echo -n "Reloading $DESC configuration: "
pid=`cat $TORPID 2>/dev/null` || true
if test ! -f $TORPID -o -z "$pid"; then
echo "not running (there is no $TORPID)."
exit 0
fi
check_config
if start-stop-daemon --stop --signal 1 --quiet --pidfile $TORPID --exec $DAEMON
then
echo "$NAME."
elif kill -0 $pid 2>/dev/null
then
echo "FAILED (Is $pid not $NAME? Is $DAEMON a different binary now?)."
else
echo "FAILED ($DAEMON died: process $pid not running; or permission denied)."
fi
;;
restart)
check_config
$0 stop
sleep 1
$0 start
;;
*)
echo "Usage: $0 {start|stop|restart|reload|force-reload}" >&2
exit 1
;;
esac
exit 0

1
debian/tor.lintian-override vendored
View File

@ -1 +0,0 @@
tor: package-contains-upstream-install-documentation

13
debian/tor.logrotate vendored
View File

@ -1,13 +0,0 @@
/var/log/tor/*log {
daily
rotate 5
compress
delaycompress
missingok
notifempty
create 0640 debian-tor adm
sharedscripts
postrotate
/etc/init.d/tor reload > /dev/null
endscript
}

123
debian/tor.postinst vendored
View File

@ -1,123 +0,0 @@
#!/bin/sh -e
# checking debian-tor account
uid=`getent passwd debian-tor | cut -d ":" -f 3`
home=`getent passwd debian-tor | cut -d ":" -f 6`
# if there is the uid the account is there and we can do
# the sanit(ar)y checks otherwise we can safely create it.
if [ "$uid" ]; then
if [ "$home" = "/var/lib/tor" ]; then
:
#echo "debian-tor homedir check: ok"
else
echo "ERROR: debian-tor account has an unexpected home directory!"
echo "It should be '/var/lib/tor', but it is '$home'."
echo "Removing the debian-tor user might fix this, but the question"
echo "remains how you got into this mess to begin with."
exit 1
fi
else
adduser --quiet \
--system \
--disabled-password \
--home /var/lib/tor \
--no-create-home \
--shell /bin/bash \
--group \
debian-tor
fi
for i in lib run log; do
if ! [ -d "/var/$i/tor" ]; then
echo "Something or somebody made /var/$i/tor disappear."
echo "Creating one for you again."
mkdir "/var/$i/tor"
fi
done
find /var/lib/tor \( \( ! -user debian-tor \) -o \( ! -group debian-tor \) \) -print0 | xargs -0 --no-run-if-empty chown debian-tor:debian-tor
find /var/lib/tor -type d -print0 | xargs -0 --no-run-if-empty chmod 02700
find /var/lib/tor -type f -print0 | xargs -0 --no-run-if-empty chmod 00600
if [ -e /var/run/tor ]; then
find /var/run/tor \( \( ! -user debian-tor \) -o \( ! -group debian-tor \) \) -print0 | xargs -0 --no-run-if-empty chown debian-tor:debian-tor
find /var/run/tor -type d -print0 | xargs -0 --no-run-if-empty chmod 02750
find /var/run/tor -type f -print0 | xargs -0 --no-run-if-empty chmod 00600
fi
find /var/log/tor \( \( ! -user debian-tor \) -o \( ! -group adm \) \) -print0 | xargs -0 --no-run-if-empty chown debian-tor:adm
find /var/log/tor -type d -print0 | xargs -0 --no-run-if-empty chmod 02750
find /var/log/tor -type f -print0 | xargs -0 --no-run-if-empty chmod 00640
move_away_keys=0
if [ "$1" = "configure" ] &&
[ -e /var/lib/tor/keys ] &&
[ ! -z "$2" ]; then
if dpkg --compare-versions "$2" lt 0.1.2.19-2; then
move_away_keys=1
elif dpkg --compare-versions "$2" gt 0.2.0 &&
dpkg --compare-versions "$2" lt 0.2.0.26-rc; then
move_away_keys=1
fi
fi
if [ "$move_away_keys" = "1" ]; then
echo "Retiring possibly compromised keys. See /usr/share/doc/tor/NEWS.Debian.gz"
echo "and /var/lib/tor/keys/moved-away-by-tor-package/README.REALLY for"
echo "further information."
if ! [ -d /var/lib/tor/keys/moved-away-by-tor-package ]; then
mkdir /var/lib/tor/keys/moved-away-by-tor-package
cat > /var/lib/tor/keys/moved-away-by-tor-package/README.REALLY << EOF
It has been discovered that the random number generator in Debian's
openssl package is predictable. This is caused by an incorrect
Debian-specific change to the openssl package (CVE-2008-0166). As a
result, cryptographic key material may be guessable.
See Debian Security Advisory number 1571 (DSA-1571) for more information:
http://lists.debian.org/debian-security-announce/2008/msg00152.html
The Debian package for Tor has moved away the onion keys upon package
upgrade, and it will have moved away your identity key if it was created
in the affected timeframe. There is no sure way to automatically tell
if your key was created with an affected openssl library, so this move
is done unconditionally.
If you have restarted Tor since this change (and the package probably
did that for you already unless you configured your system differently)
then the Tor daemon already created new keys for itself and in all
likelyhood is already working just fine with new keys.
If you are absolutely certain that your identity key was created with
a non-affected version of openssl and for some reason you have to retain
the old identity, then you can move back the copy of secret_id_key to
/var/lib/tor/keys. Do not move back the onion keys, they were created
only recently since they are temporary keys with a lifetime of only a few
days anyway.
Sincerely,
Peter Palfrader, Tue, 13 May 2008 13:32:23 +0200
EOF
fi
for f in secret_onion_key secret_onion_key.old; do
if [ -e /var/lib/tor/keys/"$f" ]; then
mv -v /var/lib/tor/keys/"$f" /var/lib/tor/keys/moved-away-by-tor-package/"$f"
fi
done
if [ -e /var/lib/tor/keys/secret_id_key ]; then
id_mtime=`/usr/bin/stat -c %Y /var/lib/tor/keys/secret_id_key`
sept=`date -d '2006-09-10' +%s`
if [ "$id_mtime" -gt "$sept" ] ; then
mv -v /var/lib/tor/keys/secret_id_key /var/lib/tor/keys/moved-away-by-tor-package/secret_id_key
fi
fi
fi
#DEBHELPER#
exit 0

11
debian/tor.postrm vendored
View File

@ -1,11 +0,0 @@
#!/bin/sh -e
if [ "$1" = "purge" ]; then
# logs have to be removed according to policy.
rm -rf /var/log/tor/
rm -rf /var/lib/tor/
fi
#DEBHELPER#
exit 0

2
debian/watch vendored
View File

@ -1,2 +0,0 @@
version=2
http://tor.eff.org/dist/tor-(.*)\.tar\.gz

2
src/common/tortls.c
View File

@ -898,7 +898,7 @@ tor_tls_new(int sock, int isServer)
#ifdef SSL_set_tlsext_host_name
/* Browsers use the TLS hostname extension, so we should too. */
{
if (!isServer) {
char *fake_hostname = crypto_random_hostname(4,25, "www.",".com");
SSL_set_tlsext_host_name(result->ssl, fake_hostname);
tor_free(fake_hostname);

96871
src/config/geoip
View File

File diff suppressed because it is too large Load Diff

9
src/or/buffers.c
View File

@ -251,6 +251,7 @@ buf_shrink_freelists(int free_all)
{
#ifdef ENABLE_BUF_FREELISTS
int i;
disable_control_logging();
for (i = 0; freelists[i].alloc_size; ++i) {
int slack = freelists[i].slack;
assert_freelist_ok(&freelists[i]);
@ -259,12 +260,10 @@ buf_shrink_freelists(int free_all)
(freelists[i].lowest_length - slack);
int n_to_skip = freelists[i].cur_length - n_to_free;
int orig_n_to_free = n_to_free, n_freed=0;
int orig_n_to_skip = n_to_skip;
int new_length = n_to_skip;
chunk_t **chp = &freelists[i].head;
chunk_t *chunk;
log_info(LD_MM, "Cleaning freelist for %d-byte chunks: keeping %d, "
"dropping %d.",
(int)freelists[i].alloc_size, n_to_skip, n_to_free);
while (n_to_skip) {
tor_assert((*chp)->next);
chp = &(*chp)->next;
@ -291,10 +290,14 @@ buf_shrink_freelists(int free_all)
}
// tor_assert(!n_to_free);
freelists[i].cur_length = new_length;
log_info(LD_MM, "Cleaned freelist for %d-byte chunks: kept %d, "
"dropped %d.",
(int)freelists[i].alloc_size, orig_n_to_skip, orig_n_to_free);
}
freelists[i].lowest_length = freelists[i].cur_length;
assert_freelist_ok(&freelists[i]);
}
enable_control_logging();
#else
(void) free_all;
#endif

7
src/or/circuitbuild.c
View File

@ -3162,6 +3162,10 @@ learned_bridge_descriptor(routerinfo_t *ri, int from_cache)
add_an_entry_guard(ri, 1);
log_notice(LD_DIR, "new bridge descriptor '%s' (%s)", ri->nickname,
from_cache ? "cached" : "fresh");
/* set entry->made_contact so if it goes down we don't drop it from
* our entry node list */
entry_guard_register_connect_status(ri->cache_info.identity_digest,
1, 0, now);
if (first)
routerlist_retry_directory_downloads(now);
}
@ -3227,7 +3231,8 @@ bridges_retry_helper(int act)
}
}
});
log_debug(LD_DIR, "any_known %d, any_running %d", any_known, any_running);
log_debug(LD_DIR, "%d: any_known %d, any_running %d",
act, any_known, any_running);
return any_known && !any_running;
}

6
src/or/config.c
View File

@ -922,6 +922,9 @@ add_default_trusted_dir_authorities(authority_type_t type)
"193.23.244.244:80 7BE6 83E6 5D48 1413 21C5 ED92 F075 C553 64AC 7123",
"urras orport=80 no-v2 v3ident=80550987E1D626E3EBA5E5E75A458DE0626D088C "
"208.83.223.34:443 0AD3 FA88 4D18 F89E EA2D 89C0 1937 9E0E 7FD9 4417",
"maatuska orport=80 no-v2 "
"v3ident=49015F787433103580E3B66A1707A00E60F2D15B "
"213.115.239.118:443 BD6A 8292 55CB 08E6 6FBE 7D37 4836 3586 E46B 3810",
NULL
};
for (i=0; dirservers[i]; i++) {
@ -2425,8 +2428,7 @@ resolve_my_address(int warn_severity, or_options_t *options,
}
tor_inet_ntoa(&in,tmpbuf,sizeof(tmpbuf));
if (is_internal_IP(ntohl(in.s_addr), 0) &&
options->_PublishServerDescriptor) {
if (is_internal_IP(ntohl(in.s_addr), 0)) {
/* make sure we're ok with publishing an internal IP */
if (!options->DirServers && !options->AlternateDirAuthority) {
/* if they are using the default dirservers, disallow internal IPs

13
src/or/main.c
View File

@ -735,12 +735,13 @@ run_connection_housekeeping(int i, time_t now)
"Tor gave up on the connection");
connection_mark_for_close(conn);
conn->hold_open_until_flushed = 1;
} else if (past_keepalive && !connection_state_is_open(conn)) {
/* We never managed to actually get this connection open and happy. */
log_info(LD_OR,"Expiring non-open OR connection to fd %d (%s:%d).",
conn->s,conn->address, conn->port);
connection_mark_for_close(conn);
conn->hold_open_until_flushed = 1;
} else if (!connection_state_is_open(conn)) {
if (past_keepalive) {
/* We never managed to actually get this connection open and happy. */
log_info(LD_OR,"Expiring non-open OR connection to fd %d (%s:%d).",
conn->s,conn->address, conn->port);
connection_mark_for_close(conn);
}
} else if (we_are_hibernating() && !or_conn->n_circuits &&
!buf_datalen(conn->outbuf)) {
/* We're hibernating, there's no circuits, and nothing to flush.*/

17
src/or/networkstatus.c
View File

@ -1132,11 +1132,21 @@ update_consensus_networkstatus_fetch_time(time_t now)
if (c) {
long dl_interval;
long interval = c->fresh_until - c->valid_after;
long min_sec_before_caching = CONSENSUS_MIN_SECONDS_BEFORE_CACHING;
time_t start;
if (min_sec_before_caching > interval/16) {
/* Usually we allow 2-minutes slop factor in case clocks get
desynchronized a little. If we're on a private network with
a crazy-fast voting interval, though, 2 minutes may be too
much. */
min_sec_before_caching = interval/16;
}
if (directory_fetches_dir_info_early(options)) {
/* We want to cache the next one at some point after this one
* is no longer fresh... */
start = c->fresh_until + CONSENSUS_MIN_SECONDS_BEFORE_CACHING;
start = c->fresh_until + min_sec_before_caching;
/* But only in the first half-interval after that. */
dl_interval = interval/2;
} else {
@ -1150,10 +1160,9 @@ update_consensus_networkstatus_fetch_time(time_t now)
* to choose the rest of the interval *after* them. */
if (directory_fetches_dir_info_later(options)) {
/* Give all the *clients* enough time to download the consensus. */
start = start + dl_interval + CONSENSUS_MIN_SECONDS_BEFORE_CACHING;
start = start + dl_interval + min_sec_before_caching;
/* But try to get it before ours actually expires. */
dl_interval = (c->valid_until - start) -
CONSENSUS_MIN_SECONDS_BEFORE_CACHING;
dl_interval = (c->valid_until - start) - min_sec_before_caching;
}
}
if (dl_interval < 1)

2
src/or/or.h
View File

@ -544,7 +544,7 @@ typedef enum {
#define END_STREAM_REASON_DESTROY 5
#define END_STREAM_REASON_DONE 6
#define END_STREAM_REASON_TIMEOUT 7
/* 8 is unallocated for historical reasons. */
#define END_STREAM_REASON_NOROUTE 8
#define END_STREAM_REASON_HIBERNATING 9
#define END_STREAM_REASON_INTERNAL 10
#define END_STREAM_REASON_RESOURCELIMIT 11

12
src/or/reasons.c
View File

@ -26,6 +26,7 @@ stream_end_reason_to_control_string(int reason)
case END_STREAM_REASON_DESTROY: return "DESTROY";
case END_STREAM_REASON_DONE: return "DONE";
case END_STREAM_REASON_TIMEOUT: return "TIMEOUT";
case END_STREAM_REASON_NOROUTE: return "NOROUTE";
case END_STREAM_REASON_HIBERNATING: return "HIBERNATING";
case END_STREAM_REASON_INTERNAL: return "INTERNAL";
case END_STREAM_REASON_RESOURCELIMIT: return "RESOURCELIMIT";
@ -60,6 +61,7 @@ stream_end_reason_to_string(int reason)
case END_STREAM_REASON_DESTROY: return "destroyed";
case END_STREAM_REASON_DONE: return "closed normally";
case END_STREAM_REASON_TIMEOUT: return "gave up (timeout)";
case END_STREAM_REASON_NOROUTE: return "no route to host";
case END_STREAM_REASON_HIBERNATING: return "server is hibernating";
case END_STREAM_REASON_INTERNAL: return "internal error at server";
case END_STREAM_REASON_RESOURCELIMIT: return "server out of resources";
@ -102,6 +104,8 @@ stream_end_reason_to_socks5_response(int reason)
return SOCKS5_SUCCEEDED;
case END_STREAM_REASON_TIMEOUT:
return SOCKS5_TTL_EXPIRED;
case END_STREAM_REASON_NOROUTE:
return SOCKS5_HOST_UNREACHABLE;
case END_STREAM_REASON_RESOURCELIMIT:
return SOCKS5_GENERAL_ERROR;
case END_STREAM_REASON_HIBERNATING:
@ -162,6 +166,14 @@ errno_to_stream_end_reason(int e)
S_CASE(ENOTCONN):
S_CASE(ENETUNREACH):
return END_STREAM_REASON_INTERNAL;
E_CASE(EHOSTUNREACH):
/* XXXX022
* The correct behavior is END_STREAM_REASON_NOROUTE, but older
* clients don't recognize it. So we're going to continue sending
* "MISC" until 0.2.1.27 or later is "well established".
*/
/* return END_STREAM_REASON_NOROUTE; */
return END_STREAM_REASON_MISC;
S_CASE(ECONNREFUSED):
return END_STREAM_REASON_CONNECTREFUSED;
S_CASE(ECONNRESET):

4
src/or/relay.c
View File

@ -648,7 +648,8 @@ edge_reason_is_retriable(int reason)
reason == END_STREAM_REASON_RESOURCELIMIT ||
reason == END_STREAM_REASON_EXITPOLICY ||
reason == END_STREAM_REASON_RESOLVEFAILED ||
reason == END_STREAM_REASON_MISC;
reason == END_STREAM_REASON_MISC ||
reason == END_STREAM_REASON_NOROUTE;
}
/** Called when we receive an END cell on a stream that isn't open yet,
@ -743,6 +744,7 @@ connection_ap_process_end_not_open(
case END_STREAM_REASON_RESOLVEFAILED:
case END_STREAM_REASON_TIMEOUT:
case END_STREAM_REASON_MISC:
case END_STREAM_REASON_NOROUTE:
if (client_dns_incr_failures(conn->socks_request->address)
< MAX_RESOLVE_FAILURES) {
/* We haven't retried too many times; reattach the connection. */

17
src/or/routerparse.c
View File

@ -1177,10 +1177,16 @@ router_parse_entry_from_string(const char *s, const char *end,
s = cp+1;
}
if (allow_annotations && start_of_annotations != s) {
if (tokenize_string(area,start_of_annotations,s,tokens,
routerdesc_token_table,TS_NOCHECK)) {
log_warn(LD_DIR, "Error tokenizing router descriptor (annotations).");
if (start_of_annotations != s) { /* We have annotations */
if (allow_annotations) {
if (tokenize_string(area,start_of_annotations,s,tokens,
routerdesc_token_table,TS_NOCHECK)) {
log_warn(LD_DIR, "Error tokenizing router descriptor (annotations).");
goto err;
}
} else {
log_warn(LD_DIR, "Found unexpected annotations on router descriptor not "
"loaded from disk. Dropping it.");
goto err;
}
}
@ -3175,6 +3181,9 @@ tokenize_string(memarea_t *area,
end = start+strlen(start);
for (i = 0; i < _NIL; ++i)
counts[i] = 0;
SMARTLIST_FOREACH(out, const directory_token_t *, t, ++counts[t->tp]);
while (*s < end && (!tok || tok->tp != _EOF)) {
tok = get_next_token(area, s, end, table);
if (tok->tp == _ERR) {