Merge branch 'maint-0.2.2' into release-0.2.2
This commit is contained in:
commit
98402d0865
|
@ -0,0 +1,8 @@
|
|||
o Minor bugfixes:
|
||||
- When running with an older Linux kernel that erroneously responds
|
||||
to strange nmap behavior by having accept() return successfully
|
||||
with a zero-length socket, just close the connection. Previously,
|
||||
we would try harder to learn the remote address: but there was no
|
||||
such remote address to learn, and our method for trying to learn
|
||||
it was incorrect. Fixes bugs #1240, #4745, and #4747. Bugfix on
|
||||
0.1.0.3-rc. Reported and diagnosed by "r1eo".
|
|
@ -0,0 +1,9 @@
|
|||
- Feature removal:
|
||||
- When sending or relaying a RELAY_EARLY cell, we used to convert
|
||||
it to a RELAY cell if the connection was using the v1 link
|
||||
protocol. This was a workaround for older versions of Tor, which
|
||||
didn't handle RELAY_EARLY cells properly. Now that all supported
|
||||
versions can handle RELAY_EARLY cells, and now that we're
|
||||
enforcing the "no RELAY_EXTEND commands except in RELAY_EARLY
|
||||
cells" rule, we're removing this workaround. Addresses bug 4786.
|
||||
|
|
@ -0,0 +1,6 @@
|
|||
o Minor features (directory server):
|
||||
- Directory servers now reject versions of Tor older than 0.2.1.30,
|
||||
and Tor versions between 0.2.2.1-alpha and 0.2.2.20-alpha
|
||||
(inclusive). These versions accounted for only a small fraction of
|
||||
the Tor network, and have numerous known security issues. Resolves
|
||||
issue #4788.
|
|
@ -0,0 +1,4 @@
|
|||
o Minor bugfixes:
|
||||
- Correctly spell "connect" in a log message when creating a controlsocket
|
||||
fails. Fixes bug 4803; bugfix on 0.2.2.26-beta/0.2.3.2-alpha.
|
||||
|
|
@ -0,0 +1,5 @@
|
|||
o Code simplifications and refactoring:
|
||||
- During configure, detect when we're building with clang version 3.0 or
|
||||
lower and disable the -Wnormalized=id and -Woverride-init CFLAGS.
|
||||
clang doesn't support them yet.
|
||||
|
|
@ -0,0 +1,3 @@
|
|||
o Minor features:
|
||||
- Update to the January 3 2012 Maxmind GeoLite Country database.
|
||||
|
|
@ -0,0 +1,7 @@
|
|||
o Major bugfixes:
|
||||
- Provide correct replacements for the timeradd() and timersub() functions
|
||||
for platforms that lack them (for example, windows). The timersub()
|
||||
function is used when expiring circuits, timeradd() is currently unused.
|
||||
Patch written by Vektor, who also reported the bug. Thanks! Bugfix
|
||||
on 0.2.2.24-alpha/0.2.3.1-alpha, fixes bug 4778.
|
||||
|
10
configure.in
10
configure.in
|
@ -940,10 +940,10 @@ if test x$enable_gcc_warnings = xyes || test x$enable_gcc_warnings_advisory = xy
|
|||
#error
|
||||
#endif])], have_gcc43=yes, have_gcc43=no)
|
||||
|
||||
AC_COMPILE_IFELSE([AC_LANG_PROGRAM([], [
|
||||
#if !defined(__clang__) || (__clang_major__ > 2) || (__clang_major__ == 2 && __clang_minor__ > 9)
|
||||
AC_COMPILE_IFELSE([AC_LANG_PROGRAM([], [
|
||||
#if !defined(__clang__)
|
||||
#error
|
||||
#endif])], have_clang29orlower=yes, have_clang29orlower=no)
|
||||
#endif])], have_clang=yes, have_clang=no)
|
||||
|
||||
save_CFLAGS="$CFLAGS"
|
||||
CFLAGS="$CFLAGS -Wshorten-64-to-32"
|
||||
|
@ -980,10 +980,8 @@ if test x$enable_gcc_warnings = xyes || test x$enable_gcc_warnings_advisory = xy
|
|||
# We used to use -Wstrict-overflow=5, but that breaks us heavily under 4.3.
|
||||
fi
|
||||
|
||||
if test x$have_gcc42 = xyes && test x$have_clang29orlower = xno; then
|
||||
if test x$have_gcc42 = xyes && test x$have_clang = xno; then
|
||||
# These warnings break gcc 4.0.2 and clang, but work on gcc 4.2
|
||||
# We only disable these for clang 2.9 and lower, in case they are
|
||||
# supported in later versions.
|
||||
CFLAGS="$CFLAGS -Wnormalized=id -Woverride-init"
|
||||
fi
|
||||
|
||||
|
|
|
@ -334,7 +334,7 @@ struct tm *tor_gmtime_r(const time_t *timep, struct tm *result);
|
|||
#define timeradd(tv1,tv2,tvout) \
|
||||
do { \
|
||||
(tvout)->tv_sec = (tv1)->tv_sec + (tv2)->tv_sec; \
|
||||
(tvout)->tv_usec = (tv2)->tv_usec + (tv2)->tv_usec; \
|
||||
(tvout)->tv_usec = (tv1)->tv_usec + (tv2)->tv_usec; \
|
||||
if ((tvout)->tv_usec >= 1000000) { \
|
||||
(tvout)->tv_usec -= 1000000; \
|
||||
(tvout)->tv_sec++; \
|
||||
|
@ -348,7 +348,7 @@ struct tm *tor_gmtime_r(const time_t *timep, struct tm *result);
|
|||
#define timersub(tv1,tv2,tvout) \
|
||||
do { \
|
||||
(tvout)->tv_sec = (tv1)->tv_sec - (tv2)->tv_sec; \
|
||||
(tvout)->tv_usec = (tv2)->tv_usec - (tv2)->tv_usec; \
|
||||
(tvout)->tv_usec = (tv1)->tv_usec - (tv2)->tv_usec; \
|
||||
if ((tvout)->tv_usec < 0) { \
|
||||
(tvout)->tv_usec += 1000000; \
|
||||
(tvout)->tv_sec--; \
|
||||
|
|
9630
src/config/geoip
9630
src/config/geoip
File diff suppressed because it is too large
Load Diff
|
@ -880,7 +880,7 @@ check_location_for_unix_socket(or_options_t *options, const char *path)
|
|||
log_warn(LD_GENERAL, "Before Tor can create a control socket in %s, the "
|
||||
"directory %s needs to exist, and to be accessible only by the "
|
||||
"user%s account that is running Tor. (On some Unix systems, "
|
||||
"anybody who can list a socket can conect to it, so Tor is "
|
||||
"anybody who can list a socket can connect to it, so Tor is "
|
||||
"being careful.)", escpath, escdir,
|
||||
options->ControlSocketsGroupWritable ? " and group" : "");
|
||||
tor_free(escpath);
|
||||
|
@ -1076,7 +1076,12 @@ connection_create_listener(const struct sockaddr *listensockaddr,
|
|||
}
|
||||
|
||||
/** Do basic sanity checking on a newly received socket. Return 0
|
||||
* if it looks ok, else return -1. */
|
||||
* if it looks ok, else return -1.
|
||||
*
|
||||
* Notably, some TCP stacks can erroneously have accept() return successfully
|
||||
* with socklen 0, when the client sends an RST before the accept call (as
|
||||
* nmap does). We want to detect that, and not go on with the connection.
|
||||
*/
|
||||
static int
|
||||
check_sockaddr(struct sockaddr *sa, int len, int level)
|
||||
{
|
||||
|
@ -1142,7 +1147,7 @@ connection_handle_listener_read(connection_t *conn, int new_type)
|
|||
tor_socket_t news; /* the new socket */
|
||||
connection_t *newconn;
|
||||
/* information about the remote peer when connecting to other routers */
|
||||
char addrbuf[256];
|
||||
char addrbuf[256]; /*XXX023 use sockaddr_storage instead*/
|
||||
struct sockaddr *remote = (struct sockaddr*)addrbuf;
|
||||
/* length of the remote address. Must be whatever accept() needs. */
|
||||
socklen_t remotelen = (socklen_t)sizeof(addrbuf);
|
||||
|
@ -1186,21 +1191,9 @@ connection_handle_listener_read(connection_t *conn, int new_type)
|
|||
uint16_t port;
|
||||
if (check_sockaddr(remote, remotelen, LOG_INFO)<0) {
|
||||
log_info(LD_NET,
|
||||
"accept() returned a strange address; trying getsockname().");
|
||||
remotelen=sizeof(addrbuf);
|
||||
memset(addrbuf, 0, sizeof(addrbuf));
|
||||
if (getsockname(news, remote, &remotelen)<0) {
|
||||
int e = tor_socket_errno(news);
|
||||
log_warn(LD_NET, "getsockname() for new connection failed: %s",
|
||||
tor_socket_strerror(e));
|
||||
} else {
|
||||
if (check_sockaddr((struct sockaddr*)addrbuf, remotelen,
|
||||
LOG_WARN) < 0) {
|
||||
log_warn(LD_NET,"Something's wrong with this conn. Closing it.");
|
||||
tor_close_socket(news);
|
||||
return 0;
|
||||
}
|
||||
}
|
||||
"accept() returned a strange address; closing connection.");
|
||||
tor_close_socket(news);
|
||||
return 0;
|
||||
}
|
||||
|
||||
if (check_sockaddr_family_match(remote->sa_family, conn) < 0) {
|
||||
|
|
|
@ -388,19 +388,20 @@ dirserv_get_status_impl(const char *id_digest, const char *nickname,
|
|||
strmap_size(fingerprint_list->fp_by_name),
|
||||
digestmap_size(fingerprint_list->status_by_digest));
|
||||
|
||||
/* Tor 0.2.0.26-rc is the oldest version that currently caches the right
|
||||
* directory information. Once more of them die off, we should raise this
|
||||
* minimum. */
|
||||
if (platform && !tor_version_as_new_as(platform,"0.2.0.26-rc")) {
|
||||
/* Versions before Tor 0.2.1.30 have known security issues that
|
||||
* make them unsuitable for the current network. */
|
||||
if (platform && !tor_version_as_new_as(platform,"0.2.1.30")) {
|
||||
if (msg)
|
||||
*msg = "Tor version is far too old to work.";
|
||||
return FP_REJECT;
|
||||
} else if (platform && tor_version_as_new_as(platform,"0.2.1.3-alpha")
|
||||
&& !tor_version_as_new_as(platform, "0.2.1.19")) {
|
||||
/* These versions mishandled RELAY_EARLY cells on rend circuits. */
|
||||
if (msg)
|
||||
*msg = "Tor version is too buggy to work.";
|
||||
*msg = "Tor version is insecure. Please upgrade!";
|
||||
return FP_REJECT;
|
||||
} else if (platform && tor_version_as_new_as(platform,"0.2.2.1-alpha")) {
|
||||
/* Versions from 0.2.2.1-alpha...0.2.2.20-alpha have known security
|
||||
* issues that make them unusable for the current network */
|
||||
if (!tor_version_as_new_as(platform, "0.2.2.21-alpha")) {
|
||||
if (msg)
|
||||
*msg = "Tor version is insecure. Please upgrade!";
|
||||
return FP_REJECT;
|
||||
}
|
||||
}
|
||||
|
||||
result = dirserv_get_name_status(id_digest, nickname);
|
||||
|
|
|
@ -2423,10 +2423,6 @@ append_cell_to_circuit_queue(circuit_t *circ, or_connection_t *orconn,
|
|||
queue = &orcirc->p_conn_cells;
|
||||
streams_blocked = circ->streams_blocked_on_p_conn;
|
||||
}
|
||||
if (cell->command == CELL_RELAY_EARLY && orconn->link_proto < 2) {
|
||||
/* V1 connections don't understand RELAY_EARLY. */
|
||||
cell->command = CELL_RELAY;
|
||||
}
|
||||
|
||||
cell_queue_append_packed_copy(queue, cell);
|
||||
|
||||
|
|
Loading…
Reference in New Issue