Merge remote-tracking branch 'origin/maint-0.2.5' into release-0.2.5
This commit is contained in:
commit
9f950d80c3
9
README
9
README
|
@ -10,17 +10,16 @@ Home page:
|
|||
https://www.torproject.org/
|
||||
|
||||
Download new versions:
|
||||
https://www.torproject.org/download.html
|
||||
https://www.torproject.org/download/download.html
|
||||
|
||||
Documentation, including links to installation and setup instructions:
|
||||
https://www.torproject.org/documentation.html
|
||||
https://www.torproject.org/docs/documentation.html
|
||||
|
||||
Making applications work with Tor:
|
||||
https://wiki.torproject.org/noreply/TheOnionRouter/TorifyHOWTO
|
||||
https://wiki.torproject.org/projects/tor/wiki/doc/TorifyHOWTO
|
||||
|
||||
Frequently Asked Questions:
|
||||
https://www.torproject.org/faq.html
|
||||
https://wiki.torproject.org/noreply/TheOnionRouter/TorFAQ
|
||||
https://www.torproject.org/docs/faq.html
|
||||
|
||||
|
||||
To get started working on Tor development:
|
||||
|
|
|
@ -0,0 +1,7 @@
|
|||
o Major bugfixes:
|
||||
- When Tor starts with DisabledNetwork set, it would correctly
|
||||
conclude that it shouldn't try making circuits, but it would
|
||||
mistakenly cache this conclusion and continue believing it even
|
||||
when DisableNetwork is set to 0. Fixes the bug introduced by the
|
||||
fix for bug 11200; bugfix on 0.2.5.4-alpha.
|
||||
|
|
@ -0,0 +1,3 @@
|
|||
o Distribution:
|
||||
- Verify configuration file via ExecStartPre in the systemd unit file.
|
||||
Patch from intrigeri; resolves ticket 12730.
|
|
@ -0,0 +1,9 @@
|
|||
o Distribution:
|
||||
- Explicitly disable RunAsDaemon in the systemd unit file.
|
||||
Our current systemd unit uses "Type = simple", so systemd does
|
||||
not expect tor to fork. If the user has "RunAsDaemon 1" in their
|
||||
torrc, then things won't work as expected. This is e.g. the case
|
||||
on Debian (and derivatives), since there we pass
|
||||
"--defaults-torrc /usr/share/tor/tor-service-defaults-torrc"
|
||||
(that contains "RunAsDaemon 1") by default.
|
||||
Patch by intrigeri; resolves ticket 12731.
|
|
@ -0,0 +1,4 @@
|
|||
o Documentation:
|
||||
- Adjust the URLs in the README to refer to the new locations of
|
||||
several documents on the website. Patch from Matt Pagan. Fixes
|
||||
bug 12830.
|
|
@ -0,0 +1,4 @@
|
|||
o Major bugfixes (relay):
|
||||
- Avoid queuing or sending destroy cells for circuit ID zero when
|
||||
we fail to send a CREATE cell. Fixes bug 12848; bugfix on
|
||||
0.0.8pre1. Found and fixed by "cypherpunks".
|
|
@ -0,0 +1,7 @@
|
|||
o Minor bugfixes:
|
||||
- Restore the functionality of CookieAuthFileGroupReadable. Fixes bug
|
||||
12864; bugfix on 0.2.5.1-alpha.
|
||||
|
||||
o Minor features:
|
||||
- Add an ExtORPortCookieAuthFileGroupReadable option to make the
|
||||
cookie file for the ExtORPort g+r by default.
|
|
@ -0,0 +1,3 @@
|
|||
o Minor features:
|
||||
- Update geoip to the August 7 2014 Maxmind GeoLite2 Country database.
|
||||
|
|
@ -0,0 +1,3 @@
|
|||
o Minor features:
|
||||
- Update geoip6 to the August 7 2014 Maxmind GeoLite2 Country database.
|
||||
|
|
@ -0,0 +1,3 @@
|
|||
o Minor bugfixes (compilation):
|
||||
- Fix compilation of test.h with MSVC. Patch from Gisle Vanem;
|
||||
bugfix on 0.2.5.5-alpha.
|
|
@ -4,7 +4,10 @@ After = syslog.target network.target nss-lookup.target
|
|||
|
||||
[Service]
|
||||
Type = simple
|
||||
ExecStart = @BINDIR@/tor -f @CONFDIR@/torrc
|
||||
ExecStartPre = @BINDIR@/tor -f @CONFDIR@/torrc --verify-config
|
||||
# A torrc that has "RunAsDaemon 1" won't work with the "simple" service type;
|
||||
# let's explicitly override it.
|
||||
ExecStart = @BINDIR@/tor -f @CONFDIR@/torrc --RunAsDaemon 0
|
||||
ExecReload = /bin/kill -HUP ${MAINPID}
|
||||
KillSignal = SIGINT
|
||||
TimeoutSec = 30
|
||||
|
|
|
@ -224,6 +224,13 @@ GENERAL OPTIONS
|
|||
for the Extended ORPort's cookie file -- the cookie file is needed
|
||||
for pluggable transports to communicate through the Extended ORPort.
|
||||
|
||||
[[ExtORPortCookieAuthFileGroupReadable]] **ExtORPortCookieAuthFileGroupReadable** **0**|**1**::
|
||||
If this option is set to 0, don't allow the filesystem group to read the
|
||||
Extended OR Port cookie file. If the option is set to 1, make the cookie
|
||||
file readable by the default GID. [Making the file readable by other
|
||||
groups is not yet implemented; let us know if you need this for some
|
||||
reason.] (Default: 0)
|
||||
|
||||
[[ConnLimit]] **ConnLimit** __NUM__::
|
||||
The minimum number of file descriptors that must be available to the Tor
|
||||
process before it will start. Tor will ask the OS for as many file
|
||||
|
@ -312,7 +319,7 @@ GENERAL OPTIONS
|
|||
If set, this option overrides the default location and file name
|
||||
for Tor's cookie file. (See CookieAuthentication above.)
|
||||
|
||||
[[CookieAuthFileGroupReadable]] **CookieAuthFileGroupReadable** **0**|**1**|__Groupname__::
|
||||
[[CookieAuthFileGroupReadable]] **CookieAuthFileGroupReadable** **0**|**1**::
|
||||
If this option is set to 0, don't allow the filesystem group to read the
|
||||
cookie file. If the option is set to 1, make the cookie file readable by
|
||||
the default GID. [Making the file readable by other groups is not yet
|
||||
|
@ -1694,7 +1701,7 @@ is non-zero):
|
|||
|
||||
[[BridgeRecordUsageByCountry]] **BridgeRecordUsageByCountry** **0**|**1**::
|
||||
When this option is enabled and BridgeRelay is also enabled, and we have
|
||||
GeoIP data, Tor keeps a keep a per-country count of how many client
|
||||
GeoIP data, Tor keeps a per-country count of how many client
|
||||
addresses have contacted it so that it can help the bridge authority guess
|
||||
which countries have blocked access to it. (Default: 1)
|
||||
|
||||
|
|
5217
src/config/geoip
5217
src/config/geoip
File diff suppressed because it is too large
Load Diff
2012
src/config/geoip6
2012
src/config/geoip6
File diff suppressed because it is too large
Load Diff
|
@ -2682,6 +2682,14 @@ int
|
|||
channel_send_destroy(circid_t circ_id, channel_t *chan, int reason)
|
||||
{
|
||||
tor_assert(chan);
|
||||
if (circ_id == 0) {
|
||||
log_warn(LD_BUG, "Attempted to send a destroy cell for circID 0 "
|
||||
"on a channel " U64_FORMAT " at %p in state %s (%d)",
|
||||
U64_PRINTF_ARG(chan->global_identifier),
|
||||
chan, channel_state_to_string(chan->state),
|
||||
chan->state);
|
||||
return 0;
|
||||
}
|
||||
|
||||
/* Check to make sure we can send on this channel first */
|
||||
if (!(chan->state == CHANNEL_STATE_CLOSING ||
|
||||
|
|
|
@ -549,6 +549,7 @@ circuit_handle_first_hop(origin_circuit_t *circ)
|
|||
log_debug(LD_CIRC,"Conn open. Delivering first onion skin.");
|
||||
if ((err_reason = circuit_send_next_onion_skin(circ)) < 0) {
|
||||
log_info(LD_CIRC,"circuit_send_next_onion_skin failed.");
|
||||
circ->base_.n_chan = NULL;
|
||||
return err_reason;
|
||||
}
|
||||
}
|
||||
|
@ -660,18 +661,18 @@ circuit_deliver_create_cell(circuit_t *circ, const create_cell_t *create_cell,
|
|||
static ratelim_t circid_warning_limit = RATELIM_INIT(9600);
|
||||
log_fn_ratelim(&circid_warning_limit, LOG_WARN, LD_CIRC,
|
||||
"failed to get unique circID.");
|
||||
return -1;
|
||||
goto error;
|
||||
}
|
||||
log_debug(LD_CIRC,"Chosen circID %u.", (unsigned)id);
|
||||
circuit_set_n_circid_chan(circ, id, circ->n_chan);
|
||||
|
||||
memset(&cell, 0, sizeof(cell_t));
|
||||
r = relayed ? create_cell_format_relayed(&cell, create_cell)
|
||||
: create_cell_format(&cell, create_cell);
|
||||
if (r < 0) {
|
||||
log_warn(LD_CIRC,"Couldn't format create cell");
|
||||
return -1;
|
||||
goto error;
|
||||
}
|
||||
log_debug(LD_CIRC,"Chosen circID %u.", (unsigned)id);
|
||||
circuit_set_n_circid_chan(circ, id, circ->n_chan);
|
||||
cell.circ_id = circ->n_circ_id;
|
||||
|
||||
append_cell_to_circuit_queue(circ, circ->n_chan, &cell,
|
||||
|
@ -695,6 +696,9 @@ circuit_deliver_create_cell(circuit_t *circ, const create_cell_t *create_cell,
|
|||
}
|
||||
|
||||
return 0;
|
||||
error:
|
||||
circ->n_chan = NULL;
|
||||
return -1;
|
||||
}
|
||||
|
||||
/** We've decided to start our reachability testing. If all
|
||||
|
|
|
@ -238,6 +238,7 @@ static config_var_t option_vars_[] = {
|
|||
V(ExtendAllowPrivateAddresses, BOOL, "0"),
|
||||
VPORT(ExtORPort, LINELIST, NULL),
|
||||
V(ExtORPortCookieAuthFile, STRING, NULL),
|
||||
V(ExtORPortCookieAuthFileGroupReadable, BOOL, "0"),
|
||||
V(ExtraInfoStatistics, BOOL, "1"),
|
||||
V(FallbackDir, LINELIST, NULL),
|
||||
|
||||
|
@ -6824,11 +6825,14 @@ config_maybe_load_geoip_files_(const or_options_t *options,
|
|||
* in <b>cookie_out</b>.
|
||||
* Then write it down to <b>fname</b> and prepend it with <b>header</b>.
|
||||
*
|
||||
* If <b>group_readable</b> is set, set <b>fname</b> to be readable
|
||||
* by the default GID.
|
||||
*
|
||||
* If the whole procedure was successful, set
|
||||
* <b>cookie_is_set_out</b> to True. */
|
||||
int
|
||||
init_cookie_authentication(const char *fname, const char *header,
|
||||
int cookie_len,
|
||||
int cookie_len, int group_readable,
|
||||
uint8_t **cookie_out, int *cookie_is_set_out)
|
||||
{
|
||||
char cookie_file_str_len = strlen(header) + cookie_len;
|
||||
|
@ -6861,6 +6865,14 @@ init_cookie_authentication(const char *fname, const char *header,
|
|||
goto done;
|
||||
}
|
||||
|
||||
#ifndef _WIN32
|
||||
if (group_readable) {
|
||||
if (chmod(fname, 0640)) {
|
||||
log_warn(LD_FS,"Unable to make %s group-readable.", escaped(fname));
|
||||
}
|
||||
}
|
||||
#endif
|
||||
|
||||
/* Success! */
|
||||
log_info(LD_GENERAL, "Generated auth cookie file in '%s'.", escaped(fname));
|
||||
*cookie_is_set_out = 1;
|
||||
|
|
|
@ -97,7 +97,7 @@ uint32_t get_effective_bwburst(const or_options_t *options);
|
|||
char *get_transport_bindaddr_from_config(const char *transport);
|
||||
|
||||
int init_cookie_authentication(const char *fname, const char *header,
|
||||
int cookie_len,
|
||||
int cookie_len, int group_readable,
|
||||
uint8_t **cookie_out, int *cookie_is_set_out);
|
||||
|
||||
or_options_t *options_new(void);
|
||||
|
|
|
@ -4666,6 +4666,7 @@ init_control_cookie_authentication(int enabled)
|
|||
fname = get_controller_cookie_file_name();
|
||||
retval = init_cookie_authentication(fname, "", /* no header */
|
||||
AUTHENTICATION_COOKIE_LEN,
|
||||
get_options()->CookieAuthFileGroupReadable,
|
||||
&authentication_cookie,
|
||||
&authentication_cookie_is_set);
|
||||
tor_free(fname);
|
||||
|
|
|
@ -349,7 +349,7 @@ should_use_directory_guards(const or_options_t *options)
|
|||
return 1;
|
||||
}
|
||||
|
||||
/** Pick an unconsetrained directory server from among our guards, the latest
|
||||
/** Pick an unconstrained directory server from among our guards, the latest
|
||||
* networkstatus, or the fallback dirservers, for use in downloading
|
||||
* information of type <b>type</b>, and return its routerstatus. */
|
||||
static const routerstatus_t *
|
||||
|
|
|
@ -143,6 +143,7 @@ init_ext_or_cookie_authentication(int is_enabled)
|
|||
fname = get_ext_or_auth_cookie_file_name();
|
||||
retval = init_cookie_authentication(fname, EXT_OR_PORT_AUTH_COOKIE_HEADER,
|
||||
EXT_OR_PORT_AUTH_COOKIE_HEADER_LEN,
|
||||
get_options()->ExtORPortCookieAuthFileGroupReadable,
|
||||
&ext_or_auth_cookie,
|
||||
&ext_or_auth_cookie_is_set);
|
||||
tor_free(fname);
|
||||
|
|
|
@ -1275,10 +1275,21 @@ static char dir_info_status[256] = "";
|
|||
int
|
||||
router_have_minimum_dir_info(void)
|
||||
{
|
||||
static int logged_delay=0;
|
||||
const char *delay_fetches_msg = NULL;
|
||||
if (should_delay_dir_fetches(get_options(), &delay_fetches_msg)) {
|
||||
if (!logged_delay)
|
||||
log_notice(LD_DIR, "Delaying directory fetches: %s", delay_fetches_msg);
|
||||
logged_delay=1;
|
||||
strlcpy(dir_info_status, delay_fetches_msg, sizeof(dir_info_status));
|
||||
return 0;
|
||||
}
|
||||
logged_delay = 0; /* reset it if we get this far */
|
||||
|
||||
if (PREDICT_UNLIKELY(need_to_update_have_min_dir_info)) {
|
||||
update_router_have_minimum_dir_info();
|
||||
need_to_update_have_min_dir_info = 0;
|
||||
}
|
||||
|
||||
return have_min_dir_info;
|
||||
}
|
||||
|
||||
|
@ -1498,7 +1509,6 @@ update_router_have_minimum_dir_info(void)
|
|||
const networkstatus_t *consensus =
|
||||
networkstatus_get_reasonably_live_consensus(now,usable_consensus_flavor());
|
||||
int using_md;
|
||||
const char *delay_fetches_msg = NULL;
|
||||
|
||||
if (!consensus) {
|
||||
if (!networkstatus_get_latest_consensus())
|
||||
|
@ -1511,13 +1521,6 @@ update_router_have_minimum_dir_info(void)
|
|||
goto done;
|
||||
}
|
||||
|
||||
if (should_delay_dir_fetches(get_options(), &delay_fetches_msg)) {
|
||||
log_notice(LD_DIR, "Delaying directory fetches: %s", delay_fetches_msg);
|
||||
strlcpy(dir_info_status, delay_fetches_msg, sizeof(dir_info_status));
|
||||
res = 0;
|
||||
goto done;
|
||||
}
|
||||
|
||||
using_md = consensus->flavor == FLAV_MICRODESC;
|
||||
|
||||
{
|
||||
|
|
|
@ -3801,6 +3801,8 @@ typedef struct {
|
|||
char *ExtORPortCookieAuthFile; /**< Filesystem location of Extended
|
||||
* ORPort authentication cookie. */
|
||||
int CookieAuthFileGroupReadable; /**< Boolean: Is the CookieAuthFile g+r? */
|
||||
int ExtORPortCookieAuthFileGroupReadable; /**< Boolean: Is the
|
||||
* ExtORPortCookieAuthFile g+r? */
|
||||
int LeaveStreamsUnattached; /**< Boolean: Does Tor attach new streams to
|
||||
* circuits itself (0), or does it expect a controller
|
||||
* to cope? (1) */
|
||||
|
|
|
@ -1365,7 +1365,7 @@ router_pick_trusteddirserver(dirinfo_type_t type, int flags)
|
|||
return router_pick_dirserver_generic(trusted_dir_servers, type, flags);
|
||||
}
|
||||
|
||||
/** Try to find a running fallback directory Flags are as for
|
||||
/** Try to find a running fallback directory. Flags are as for
|
||||
* router_pick_directory_server.
|
||||
*/
|
||||
const routerstatus_t *
|
||||
|
@ -1374,7 +1374,7 @@ router_pick_fallback_dirserver(dirinfo_type_t type, int flags)
|
|||
return router_pick_dirserver_generic(fallback_dir_servers, type, flags);
|
||||
}
|
||||
|
||||
/** Try to find a running fallback directory Flags are as for
|
||||
/** Try to find a running fallback directory. Flags are as for
|
||||
* router_pick_directory_server.
|
||||
*/
|
||||
static const routerstatus_t *
|
||||
|
|
|
@ -61,7 +61,7 @@
|
|||
|
||||
#ifdef _MSC_VER
|
||||
#define U64_PRINTF_TYPE uint64_t
|
||||
#define U64_PRINTF_TYPE int64_t
|
||||
#define I64_PRINTF_TYPE int64_t
|
||||
#else
|
||||
#define U64_PRINTF_TYPE unsigned long long
|
||||
#define I64_PRINTF_TYPE long long
|
||||
|
|
|
@ -684,14 +684,11 @@ test_buffers_zlib_fin_at_chunk_end(void *arg)
|
|||
headerjunk = buf->head->memlen - 7;
|
||||
write_to_buf(msg, headerjunk-1, buf);
|
||||
tt_uint_op(buf->head->datalen, ==, headerjunk);
|
||||
printf("<%u>\n", (unsigned)buf_datalen(buf));
|
||||
tt_uint_op(buf_datalen(buf), ==, headerjunk);
|
||||
/* Write an empty string, with finalization on. */
|
||||
zlib_state = tor_zlib_new(1, ZLIB_METHOD);
|
||||
tt_int_op(write_to_buf_zlib(buf, zlib_state, "", 0, 1), ==, 0);
|
||||
|
||||
printf("<%u>\n", (unsigned)buf_datalen(buf));
|
||||
|
||||
in_len = buf_datalen(buf);
|
||||
contents = tor_malloc(in_len);
|
||||
|
||||
|
|
Loading…
Reference in New Issue