Merge remote-tracking branch 'origin/maint-0.2.5' into release-0.2.5

README

@@ -10,17 +10,16 @@ Home page:
         https://www.torproject.org/
 
 Download new versions:
-        https://www.torproject.org/download.html
+        https://www.torproject.org/download/download.html
 
 Documentation, including links to installation and setup instructions:
-        https://www.torproject.org/documentation.html
+        https://www.torproject.org/docs/documentation.html
 
 Making applications work with Tor:
-        https://wiki.torproject.org/noreply/TheOnionRouter/TorifyHOWTO
+        https://wiki.torproject.org/projects/tor/wiki/doc/TorifyHOWTO
 
 Frequently Asked Questions:
-        https://www.torproject.org/faq.html
-        https://wiki.torproject.org/noreply/TheOnionRouter/TorFAQ
+        https://www.torproject.org/docs/faq.html
 
 
 To get started working on Tor development:

changes/bug11200-caching

@@ -0,0 +1,7 @@
+  o Major bugfixes:
+    - When Tor starts with DisabledNetwork set, it would correctly
+      conclude that it shouldn't try making circuits, but it would
+      mistakenly cache this conclusion and continue believing it even
+      when DisableNetwork is set to 0. Fixes the bug introduced by the
+      fix for bug 11200; bugfix on 0.2.5.4-alpha.
+

changes/bug12730-systemd-verify-config

@@ -0,0 +1,3 @@
+  o Distribution:
+    - Verify configuration file via ExecStartPre in the systemd unit file.
+      Patch from intrigeri; resolves ticket 12730.

changes/bug12731-systemd-no-run-as-daemon

@@ -0,0 +1,9 @@
+  o Distribution:
+    - Explicitly disable RunAsDaemon in the systemd unit file.
+      Our current systemd unit uses "Type = simple", so systemd does
+      not expect tor to fork. If the user has "RunAsDaemon 1" in their
+      torrc, then things won't work as expected. This is e.g. the case
+      on Debian (and derivatives), since there we pass
+      "--defaults-torrc /usr/share/tor/tor-service-defaults-torrc"
+      (that contains "RunAsDaemon 1") by default.
+      Patch by intrigeri; resolves ticket 12731.

changes/bug12830

@@ -0,0 +1,4 @@
+  o Documentation:
+    - Adjust the URLs in the README to refer to the new locations of
+      several documents on the website. Patch from Matt Pagan. Fixes
+      bug 12830.

changes/bug12848

@@ -0,0 +1,4 @@
+  o Major bugfixes (relay):
+    - Avoid queuing or sending destroy cells for circuit ID zero when
+      we fail to send a CREATE cell. Fixes bug 12848; bugfix on
+      0.0.8pre1. Found and fixed by "cypherpunks".

changes/bug12864

@@ -0,0 +1,7 @@
+  o Minor bugfixes:
+    - Restore the functionality of CookieAuthFileGroupReadable. Fixes bug
+      12864; bugfix on 0.2.5.1-alpha.
+
+  o Minor features:
+    - Add an ExtORPortCookieAuthFileGroupReadable option to make the
+      cookie file for the ExtORPort g+r by default.

changes/geoip-august2014

@@ -0,0 +1,3 @@
+  o Minor features:
+    - Update geoip to the August 7 2014 Maxmind GeoLite2 Country database.
+

changes/geoip6-august2014

@@ -0,0 +1,3 @@
+  o Minor features:
+    - Update geoip6 to the August 7 2014 Maxmind GeoLite2 Country database.
+

changes/test.h_msvc

@@ -0,0 +1,3 @@
+  o Minor bugfixes (compilation):
+    - Fix compilation of test.h with MSVC. Patch from Gisle Vanem;
+      bugfix on 0.2.5.5-alpha.

contrib/dist/tor.service.in

@@ -4,7 +4,10 @@ After = syslog.target network.target nss-lookup.target
 
 [Service]
 Type = simple
-ExecStart = @BINDIR@/tor -f @CONFDIR@/torrc
+ExecStartPre = @BINDIR@/tor -f @CONFDIR@/torrc --verify-config
+# A torrc that has "RunAsDaemon 1" won't work with the "simple" service type;
+# let's explicitly override it.
+ExecStart = @BINDIR@/tor -f @CONFDIR@/torrc --RunAsDaemon 0
 ExecReload = /bin/kill -HUP ${MAINPID}
 KillSignal = SIGINT
 TimeoutSec = 30

doc/tor.1.txt

@@ -224,6 +224,13 @@ GENERAL OPTIONS
     for the Extended ORPort's cookie file -- the cookie file is needed
     for pluggable transports to communicate through the Extended ORPort.
 
+[[ExtORPortCookieAuthFileGroupReadable]] **ExtORPortCookieAuthFileGroupReadable** **0**|**1**::
+    If this option is set to 0, don't allow the filesystem group to read the
+    Extended OR Port cookie file. If the option is set to 1, make the cookie
+    file readable by the default GID. [Making the file readable by other
+    groups is not yet implemented; let us know if you need this for some
+    reason.] (Default: 0)
+
 [[ConnLimit]] **ConnLimit** __NUM__::
     The minimum number of file descriptors that must be available to the Tor
     process before it will start. Tor will ask the OS for as many file
@@ -312,7 +319,7 @@ GENERAL OPTIONS
     If set, this option overrides the default location and file name
     for Tor's cookie file. (See CookieAuthentication above.)
 
-[[CookieAuthFileGroupReadable]] **CookieAuthFileGroupReadable** **0**|**1**|__Groupname__::
+[[CookieAuthFileGroupReadable]] **CookieAuthFileGroupReadable** **0**|**1**::
     If this option is set to 0, don't allow the filesystem group to read the
     cookie file. If the option is set to 1, make the cookie file readable by
     the default GID. [Making the file readable by other groups is not yet
@@ -1694,7 +1701,7 @@ is non-zero):
 
 [[BridgeRecordUsageByCountry]] **BridgeRecordUsageByCountry** **0**|**1**::
     When this option is enabled and BridgeRelay is also enabled, and we have
-    GeoIP data, Tor keeps a keep a per-country count of how many client
+    GeoIP data, Tor keeps a per-country count of how many client
     addresses have contacted it so that it can help the bridge authority guess
     which countries have blocked access to it. (Default: 1)
 

src/or/channel.c

@@ -2682,6 +2682,14 @@ int
 channel_send_destroy(circid_t circ_id, channel_t *chan, int reason)
 {
   tor_assert(chan);
+  if (circ_id == 0) {
+    log_warn(LD_BUG, "Attempted to send a destroy cell for circID 0 "
+             "on a channel " U64_FORMAT " at %p in state %s (%d)",
+             U64_PRINTF_ARG(chan->global_identifier),
+             chan, channel_state_to_string(chan->state),
+             chan->state);
+    return 0;
+  }
 
   /* Check to make sure we can send on this channel first */
   if (!(chan->state == CHANNEL_STATE_CLOSING ||

src/or/circuitbuild.c

@@ -549,6 +549,7 @@ circuit_handle_first_hop(origin_circuit_t *circ)
     log_debug(LD_CIRC,"Conn open. Delivering first onion skin.");
     if ((err_reason = circuit_send_next_onion_skin(circ)) < 0) {
       log_info(LD_CIRC,"circuit_send_next_onion_skin failed.");
+      circ->base_.n_chan = NULL;
       return err_reason;
     }
   }
@@ -660,18 +661,18 @@ circuit_deliver_create_cell(circuit_t *circ, const create_cell_t *create_cell,
     static ratelim_t circid_warning_limit = RATELIM_INIT(9600);
     log_fn_ratelim(&circid_warning_limit, LOG_WARN, LD_CIRC,
                    "failed to get unique circID.");
-    return -1;
+    goto error;
   }
-  log_debug(LD_CIRC,"Chosen circID %u.", (unsigned)id);
-  circuit_set_n_circid_chan(circ, id, circ->n_chan);
 
   memset(&cell, 0, sizeof(cell_t));
   r = relayed ? create_cell_format_relayed(&cell, create_cell)
               : create_cell_format(&cell, create_cell);
   if (r < 0) {
     log_warn(LD_CIRC,"Couldn't format create cell");
-    return -1;
+    goto error;
   }
+  log_debug(LD_CIRC,"Chosen circID %u.", (unsigned)id);
+  circuit_set_n_circid_chan(circ, id, circ->n_chan);
   cell.circ_id = circ->n_circ_id;
 
   append_cell_to_circuit_queue(circ, circ->n_chan, &cell,
@@ -695,6 +696,9 @@ circuit_deliver_create_cell(circuit_t *circ, const create_cell_t *create_cell,
   }
 
   return 0;
+ error:
+  circ->n_chan = NULL;
+  return -1;
 }
 
 /** We've decided to start our reachability testing. If all

src/or/config.c

@@ -238,6 +238,7 @@ static config_var_t option_vars_[] = {
   V(ExtendAllowPrivateAddresses, BOOL,     "0"),
   VPORT(ExtORPort,               LINELIST, NULL),
   V(ExtORPortCookieAuthFile,     STRING,   NULL),
+  V(ExtORPortCookieAuthFileGroupReadable, BOOL, "0"),
   V(ExtraInfoStatistics,         BOOL,     "1"),
   V(FallbackDir,                 LINELIST, NULL),
 
@@ -6824,11 +6825,14 @@ config_maybe_load_geoip_files_(const or_options_t *options,
  *  in <b>cookie_out</b>.
  *  Then write it down to <b>fname</b> and prepend it with <b>header</b>.
  *
+ *  If <b>group_readable</b> is set, set <b>fname</b> to be readable
+ *  by the default GID.
+ *
  *  If the whole procedure was successful, set
  *  <b>cookie_is_set_out</b> to True. */
 int
 init_cookie_authentication(const char *fname, const char *header,
-                           int cookie_len,
+                           int cookie_len, int group_readable,
                            uint8_t **cookie_out, int *cookie_is_set_out)
 {
   char cookie_file_str_len = strlen(header) + cookie_len;
@@ -6861,6 +6865,14 @@ init_cookie_authentication(const char *fname, const char *header,
     goto done;
   }
 
+#ifndef _WIN32
+  if (group_readable) {
+    if (chmod(fname, 0640)) {
+      log_warn(LD_FS,"Unable to make %s group-readable.", escaped(fname));
+    }
+  }
+#endif
+
   /* Success! */
   log_info(LD_GENERAL, "Generated auth cookie file in '%s'.", escaped(fname));
   *cookie_is_set_out = 1;

src/or/config.h

@@ -97,7 +97,7 @@ uint32_t get_effective_bwburst(const or_options_t *options);
 char *get_transport_bindaddr_from_config(const char *transport);
 
 int init_cookie_authentication(const char *fname, const char *header,
-                               int cookie_len,
+                               int cookie_len, int group_readable,
                                uint8_t **cookie_out, int *cookie_is_set_out);
 
 or_options_t *options_new(void);

src/or/control.c

@@ -4666,6 +4666,7 @@ init_control_cookie_authentication(int enabled)
   fname = get_controller_cookie_file_name();
   retval = init_cookie_authentication(fname, "", /* no header */
                                       AUTHENTICATION_COOKIE_LEN,
+                                   get_options()->CookieAuthFileGroupReadable,
                                       &authentication_cookie,
                                       &authentication_cookie_is_set);
   tor_free(fname);

src/or/directory.c

@@ -349,7 +349,7 @@ should_use_directory_guards(const or_options_t *options)
   return 1;
 }
 
-/** Pick an unconsetrained directory server from among our guards, the latest
+/** Pick an unconstrained directory server from among our guards, the latest
  * networkstatus, or the fallback dirservers, for use in downloading
  * information of type <b>type</b>, and return its routerstatus. */
 static const routerstatus_t *

src/or/ext_orport.c

@@ -143,6 +143,7 @@ init_ext_or_cookie_authentication(int is_enabled)
   fname = get_ext_or_auth_cookie_file_name();
   retval = init_cookie_authentication(fname, EXT_OR_PORT_AUTH_COOKIE_HEADER,
                                       EXT_OR_PORT_AUTH_COOKIE_HEADER_LEN,
+                           get_options()->ExtORPortCookieAuthFileGroupReadable,
                                       &ext_or_auth_cookie,
                                       &ext_or_auth_cookie_is_set);
   tor_free(fname);

src/or/nodelist.c

@@ -1275,10 +1275,21 @@ static char dir_info_status[256] = "";
 int
 router_have_minimum_dir_info(void)
 {
+  static int logged_delay=0;
+  const char *delay_fetches_msg = NULL;
+  if (should_delay_dir_fetches(get_options(), &delay_fetches_msg)) {
+    if (!logged_delay)
+      log_notice(LD_DIR, "Delaying directory fetches: %s", delay_fetches_msg);
+    logged_delay=1;
+    strlcpy(dir_info_status, delay_fetches_msg,  sizeof(dir_info_status));
+    return 0;
+  }
+  logged_delay = 0; /* reset it if we get this far */
+
   if (PREDICT_UNLIKELY(need_to_update_have_min_dir_info)) {
     update_router_have_minimum_dir_info();
-    need_to_update_have_min_dir_info = 0;
   }
+
   return have_min_dir_info;
 }
 
@@ -1498,7 +1509,6 @@ update_router_have_minimum_dir_info(void)
   const networkstatus_t *consensus =
     networkstatus_get_reasonably_live_consensus(now,usable_consensus_flavor());
   int using_md;
-  const char *delay_fetches_msg = NULL;
 
   if (!consensus) {
     if (!networkstatus_get_latest_consensus())
@@ -1511,13 +1521,6 @@ update_router_have_minimum_dir_info(void)
     goto done;
   }
 
-  if (should_delay_dir_fetches(get_options(), &delay_fetches_msg)) {
-    log_notice(LD_DIR, "Delaying directory fetches: %s", delay_fetches_msg);
-    strlcpy(dir_info_status, delay_fetches_msg,  sizeof(dir_info_status));
-    res = 0;
-    goto done;
-  }
-
   using_md = consensus->flavor == FLAV_MICRODESC;
 
   {

src/or/or.h

@@ -3801,6 +3801,8 @@ typedef struct {
   char *ExtORPortCookieAuthFile; /**< Filesystem location of Extended
                                  *   ORPort authentication cookie. */
   int CookieAuthFileGroupReadable; /**< Boolean: Is the CookieAuthFile g+r? */
+  int ExtORPortCookieAuthFileGroupReadable; /**< Boolean: Is the
+                                             * ExtORPortCookieAuthFile g+r? */
   int LeaveStreamsUnattached; /**< Boolean: Does Tor attach new streams to
                           * circuits itself (0), or does it expect a controller
                           * to cope? (1) */

src/or/routerlist.c

@@ -1365,7 +1365,7 @@ router_pick_trusteddirserver(dirinfo_type_t type, int flags)
   return router_pick_dirserver_generic(trusted_dir_servers, type, flags);
 }
 
-/** Try to find a running fallback directory Flags are as for
+/** Try to find a running fallback directory. Flags are as for
  * router_pick_directory_server.
  */
 const routerstatus_t *
@@ -1374,7 +1374,7 @@ router_pick_fallback_dirserver(dirinfo_type_t type, int flags)
   return router_pick_dirserver_generic(fallback_dir_servers, type, flags);
 }
 
-/** Try to find a running fallback directory Flags are as for
+/** Try to find a running fallback directory. Flags are as for
  * router_pick_directory_server.
  */
 static const routerstatus_t *

src/test/test.h

@@ -61,7 +61,7 @@
 
 #ifdef _MSC_VER
 #define U64_PRINTF_TYPE uint64_t
-#define U64_PRINTF_TYPE int64_t
+#define I64_PRINTF_TYPE int64_t
 #else
 #define U64_PRINTF_TYPE unsigned long long
 #define I64_PRINTF_TYPE long long

src/test/test_buffers.c

@@ -684,14 +684,11 @@ test_buffers_zlib_fin_at_chunk_end(void *arg)
   headerjunk = buf->head->memlen - 7;
   write_to_buf(msg, headerjunk-1, buf);
   tt_uint_op(buf->head->datalen, ==, headerjunk);
-  printf("<%u>\n", (unsigned)buf_datalen(buf));
   tt_uint_op(buf_datalen(buf), ==, headerjunk);
   /* Write an empty string, with finalization on. */
   zlib_state = tor_zlib_new(1, ZLIB_METHOD);
   tt_int_op(write_to_buf_zlib(buf, zlib_state, "", 0, 1), ==, 0);
 
-  printf("<%u>\n", (unsigned)buf_datalen(buf));
-
   in_len = buf_datalen(buf);
   contents = tor_malloc(in_len);