sarah
/
tor
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Merge branch 'master' of https://git.torproject.org/tor into bug13111-empty-key-files-fn-empty 

Conflicts:
  src/or/connection_edge.c
Merged in favour of origin.
This commit is contained in:
teor 2015-01-10 17:20:06 +11:00
parent debd7862bb 33df3e37ff
commit f8ffb57bc4
277 changed files with 3311 additions and 829 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

298
ChangeLog
View File

@ -1,4 +1,270 @@
Changes in version 0.2.6.2-alpha - 2014-1?-??
Changes in version 0.2.6.2-alpha - 2014-12-31
Tor 0.2.6.2-alpha is the second alpha release in the 0.2.6.x series.
It introduces a major new backend for deciding when to send cells on
channels, which should lead down the road to big performance
increases. It contains security and statistics features for better
work on hidden services, and numerous bugfixes.
This release contains many new unit tests, along with major
performance improvements for running testing networks using Chutney.
Thanks to a series of patches contributed by "teor", testing networks
should now bootstrap in seconds, rather than minutes.
o Major features (relay, infrastructure):
- Complete revision of the code that relays use to decide which cell
to send next. Formerly, we selected the best circuit to write on
each channel, but we didn't select among channels in any
sophisticated way. Now, we choose the best circuits globally from
among those whose channels are ready to deliver traffic.
This patch implements a new inter-cmux comparison API, a global
high/low watermark mechanism and a global scheduler loop for
transmission prioritization across all channels as well as among
circuits on one channel. This schedule is currently tuned to
(tolerantly) avoid making changes in network performance, but it
should form the basis for major circuit performance increases in
the future. Code by Andrea; tuning by Rob Jansen; implements
ticket 9262.
o Major features (hidden services):
- Make HS port scanning more difficult by immediately closing the
circuit when a user attempts to connect to a nonexistent port.
Closes ticket 13667.
- Add a HiddenServiceStatistics option that allows Tor relays to
gather and publish statistics about the overall size and volume of
hidden service usage. Specifically, when this option is turned on,
an HSDir will publish an approximate number of hidden services
that have published descriptors to it the past 24 hours. Also, if
a relay has acted as a hidden service rendezvous point, it will
publish the approximate amount of rendezvous cells it has relayed
the past 24 hours. The statistics themselves are obfuscated so
that the exact values cannot be derived. For more details see
proposal 238, "Better hidden service stats from Tor relays". This
feature is currently disabled by default. Implements feature 13192.
o Major bugfixes (client, automap):
- Repair automapping with IPv6 addresses. This automapping should
have worked previously, but one piece of debugging code that we
inserted to detect a regression actually caused the regression to
manifest itself again. Fixes bug 13811 and bug 12831; bugfix on
0.2.4.7-alpha. Diagnosed and fixed by Francisco Blas
Izquierdo Riera.
o Major bugfixes (hidden services):
- When closing an introduction circuit that was opened in parallel
with others, don't mark the introduction point as unreachable.
Previously, the first successful connection to an introduction
point would make the other introduction points get marked as
having timed out. Fixes bug 13698; bugfix on 0.0.6rc2.
o Directory authority changes:
- Remove turtles as a directory authority.
- Add longclaw as a new (v3) directory authority. This implements
ticket 13296. This keeps the directory authority count at 9.
o Major removed features:
- Tor clients no longer support connecting to hidden services
running on Tor 0.2.2.x and earlier; the Support022HiddenServices
option has been removed. (There shouldn't be any hidden services
running these versions on the network.) Closes ticket 7803.
o Minor features (client):
- Validate hostnames in SOCKS5 requests more strictly. If SafeSocks
is enabled, reject requests with IP addresses as hostnames.
Resolves ticket 13315.
o Minor features (controller):
- Add a "SIGNAL HEARTBEAT" controller command that tells Tor to
write an unscheduled heartbeat message to the log. Implements
feature 9503.
o Minor features (geoip):
- Update geoip and geoip6 to the November 15 2014 Maxmind GeoLite2
Country database.
o Minor features (hidden services):
- When re-enabling the network, don't try to build introduction
circuits until we have successfully built a circuit. This makes
hidden services come up faster when the network is re-enabled.
Patch from "akwizgran". Closes ticket 13447.
- When we fail to a retrieve hidden service descriptor, send the
controller an "HS_DESC FAILED" controller event. Implements
feature 13212.
- New HiddenServiceDirGroupReadable option to cause hidden service
directories and hostname files to be created group-readable. Patch
from "anon", David Stainton, and "meejah". Closes ticket 11291.
o Minor features (systemd):
- Where supported, when running with systemd, report successful
startup to systemd. Part of ticket 11016. Patch by Michael Scherer.
- When running with systemd, support systemd watchdog messages. Part
of ticket 11016. Patch by Michael Scherer.
o Minor features (transparent proxy):
- Update the transparent proxy option checks to allow for both ipfw
and pf on OS X. Closes ticket 14002.
- Use the correct option when using IPv6 with transparent proxy
support on Linux. Resolves 13808. Patch by Francisco Blas
Izquierdo Riera.
o Minor bugfixes (preventative security, C safety):
- When reading a hexadecimal, base-32, or base-64 encoded value from
a string, always overwrite the whole output buffer. This prevents
some bugs where we would look at (but fortunately, not reveal)
uninitialized memory on the stack. Fixes bug 14013; bugfix on all
versions of Tor.
- Clear all memory targetted by tor_addr_{to,from}_sockaddr(), not
just the part that's used. This makes it harder for data leak bugs
to occur in the event of other programming failures. Resolves
ticket 14041.
o Minor bugfixes (client, microdescriptors):
- Use a full 256 bits of the SHA256 digest of a microdescriptor when
computing which microdescriptors to download. This keeps us from
erroneous download behavior if two microdescriptor digests ever
have the same first 160 bits. Fixes part of bug 13399; bugfix
on 0.2.3.1-alpha.
- Reset a router's status if its microdescriptor digest changes,
even if the first 160 bits remain the same. Fixes part of bug
13399; bugfix on 0.2.3.1-alpha.
o Minor bugfixes (compilation):
- Silence clang warnings under --enable-expensive-hardening,
including implicit truncation of 64 bit values to 32 bit, const
char assignment to self, tautological compare, and additional
parentheses around equality tests. Fixes bug 13577; bugfix
on 0.2.5.4-alpha.
- Fix a clang warning about checking whether an address in the
middle of a structure is NULL. Fixes bug 14001; bugfix
on 0.2.1.2-alpha.
o Minor bugfixes (hidden services):
- Correctly send a controller event when we find that a rendezvous
circuit has finished. Fixes bug 13936; bugfix on 0.1.1.5-alpha.
- Pre-check directory permissions for new hidden-services to avoid
at least one case of "Bug: Acting on config options left us in a
broken state. Dying." Fixes bug 13942; bugfix on 0.0.6pre1.
- When adding a new hidden service (for example, via SETCONF), Tor
no longer congratulates the user for running a relay. Fixes bug
13941; bugfix on 0.2.6.1-alpha.
- When fetching hidden service descriptors, we now check not only
for whether we got the hidden service we had in mind, but also
whether we got the particular descriptors we wanted. This prevents
a class of inefficient but annoying DoS attacks by hidden service
directories. Fixes bug 13214; bugfix on 0.2.1.6-alpha. Reported
by "special".
o Minor bugfixes (Linux seccomp2 sandbox):
- Make transparent proxy support work along with the seccomp2
sandbox. Fixes part of bug 13808; bugfix on 0.2.5.1-alpha. Patch
by Francisco Blas Izquierdo Riera.
- Fix a memory leak in tor-resolve when running with the sandbox
enabled. Fixes bug 14050; bugfix on 0.2.5.9-rc.
o Minor bugfixes (logging):
- Downgrade warnings about RSA signature failures to info log level.
Emit a warning when an extra info document is found incompatible
with a corresponding router descriptor. Fixes bug 9812; bugfix
on 0.0.6rc3.
- Make connection_ap_handshake_attach_circuit() log the circuit ID
correctly. Fixes bug 13701; bugfix on 0.0.6.
o Minor bugfixes (misc):
- Stop allowing invalid address patterns like "*/24" that contain
both a wildcard address and a bit prefix length. This affects all
our address-range parsing code. Fixes bug 7484; bugfix
on 0.0.2pre14.
o Minor bugfixes (testing networks, fast startup):
- Allow Tor to build circuits using a consensus with no exits. If
the consensus has no exits (typical of a bootstrapping test
network), allow Tor to build circuits once enough descriptors have
been downloaded. This assists in bootstrapping a testing Tor
network. Fixes bug 13718; bugfix on 0.2.4.10-alpha. Patch
by "teor".
- When V3AuthVotingInterval is low, give a lower If-Modified-Since
header to directory servers. This allows us to obtain consensuses
promptly when the consensus interval is very short. This assists
in bootstrapping a testing Tor network. Fixes parts of bugs 13718
and 13963; bugfix on 0.2.0.3-alpha. Patch by "teor".
- Stop assuming that private addresses are local when checking
reachability in a TestingTorNetwork. Instead, when testing, assume
all OR connections are remote. (This is necessary due to many test
scenarios running all relays on localhost.) This assists in
bootstrapping a testing Tor network. Fixes bug 13924; bugfix on
0.1.0.1-rc. Patch by "teor".
- Avoid building exit circuits from a consensus with no exits. Now
thanks to our fix for 13718, we accept a no-exit network as not
wholly lost, but we need to remember not to try to build exit
circuits on it. Closes ticket 13814; patch by "teor".
- Stop requiring exits to have non-zero bandwithcapacity in a
TestingTorNetwork. Instead, when TestingMinExitFlagThreshold is 0,
ignore exit bandwidthcapacity. This assists in bootstrapping a
testing Tor network. Fixes parts of bugs 13718 and 13839; bugfix
on 0.2.0.3-alpha. Patch by "teor".
- Add "internal" to some bootstrap statuses when no exits are
available. If the consensus does not contain Exits, Tor will only
build internal circuits. In this case, relevant statuses will
contain the word "internal" as indicated in the Tor control-
spec.txt. When bootstrap completes, Tor will be ready to build
internal circuits. If a future consensus contains Exits, exit
circuits may become available. Fixes part of bug 13718; bugfix on
0.2.4.10-alpha. Patch by "teor".
- Decrease minimum consensus interval to 10 seconds when
TestingTorNetwork is set, or 5 seconds for the first consensus.
Fix assumptions throughout the code that assume larger intervals.
Fixes bugs 13718 and 13823; bugfix on 0.2.0.3-alpha. Patch
by "teor".
- Avoid excluding guards from path building in minimal test
networks, when we're in a test network and excluding guards would
exclude all relays. This typically occurs in incredibly small tor
networks, and those using "TestingAuthVoteGuard *". Fixes part of
bug 13718; bugfix on 0.1.1.11-alpha. Patch by "teor".
o Code simplification and refactoring:
- Stop using can_complete_circuits as a global variable; access it
with a function instead.
- Avoid using operators directly as macro arguments: this lets us
apply coccinelle transformations to our codebase more directly.
Closes ticket 13172.
- Combine the functions used to parse ClientTransportPlugin and
ServerTransportPlugin into a single function. Closes ticket 6456.
- Add inline functions and convenience macros for inspecting channel
state. Refactor the code to use convenience macros instead of
checking channel state directly. Fixes issue 7356.
- Document all members of was_router_added_t and rename
ROUTER_WAS_NOT_NEW to ROUTER_IS_ALREADY_KNOWN to make it less
confusable with ROUTER_WAS_TOO_OLD. Fixes issue 13644.
- In connection_exit_begin_conn(), use END_CIRC_REASON_TORPROTOCOL
constant instead of hardcoded value. Fixes issue 13840.
- Refactor our generic strmap and digestmap types into a single
implementation, so that we can add a new digest256map
type trivially.
o Documentation:
- Document the bridge-authority-only 'networkstatus-bridges' file.
Closes ticket 13713; patch from "tom".
- Fix typo in PredictedPortsRelevanceTime option description in
manpage. Resolves issue 13707.
- Stop suggesting that users specify relays by nickname: it isn't a
good idea. Also, properly cross-reference how to specify relays in
all parts of manual documenting options that take a list of
relays. Closes ticket 13381.
- Clarify the HiddenServiceDir option description in manpage to make
it clear that relative paths are taken with respect to the current
working directory. Also clarify that this behavior is not
guaranteed to remain indefinitely. Fixes issue 13913.
o Testing:
- New tests for many parts of channel, relay, and circuitmux
functionality. Code by Andrea; part of 9262.
- New tests for parse_transport_line(). Part of ticket 6456.
- In the unit tests, use chgrp() to change the group of the unit
test temporary directory to the current user, so that the sticky
bit doesn't interfere with tests that check directory groups.
Closes 13678.
- Add unit tests for resolve_my_addr(). Part of ticket 12376; patch
by 'rl1987'.
Changes in version 0.2.6.1-alpha - 2014-10-30
@ -193,7 +459,7 @@ Changes in version 0.2.6.1-alpha - 2014-10-30
Browser users to write "DirReqStatistics 0" in their torrc files
as if they had chosen to change the config. Fixes bug 4244; bugfix
on 0.2.3.1-alpha.
- When GeoIPExcludeUnkonwn is enabled, do not incorrectly decide
- When GeoIPExcludeUnknown is enabled, do not incorrectly decide
that our options have changed every time we SIGHUP. Fixes bug
9801; bugfix on 0.2.4.10-alpha. Patch from "qwerty1".
@ -270,7 +536,7 @@ Changes in version 0.2.6.1-alpha - 2014-10-30
ticket 12202.
- Refactor and unit-test entry_is_time_to_retry() in entrynodes.c.
Resolves ticket 12205.
- Use calloc and reallocarray functions in preference to multiply-
- Use calloc and reallocarray functions instead of multiply-
then-malloc. This makes it less likely for us to fall victim to an
integer overflow attack when allocating. Resolves ticket 12855.
- Use the standard macro name SIZE_MAX, instead of our
@ -279,7 +545,7 @@ Changes in version 0.2.6.1-alpha - 2014-10-30
functions which take them as arguments. Replace 0 with NO_DIRINFO
in a function call for clarity. Seeks to prevent future issues
like 13163.
- Avoid 4 null pointer errors under clang shallow analysis by using
- Avoid 4 null pointer errors under clang static analysis by using
tor_assert() to prove that the pointers aren't null. Fixes
bug 13284.
- Rework the API of policies_parse_exit_policy() to use a bitmask to
@ -295,23 +561,23 @@ Changes in version 0.2.6.1-alpha - 2014-10-30
operating system is allowing to use simultaneously. Resolves
ticket 9708.
o Removed code:
o Removed features:
- We no longer remind the user about configuration options that have
been obsolete since 0.2.3.x or earlier. Patch by Adrien Bak.
o Removed features:
- Remove our old, non-weighted bandwidth-based node selection code.
Previously, we used it as a fallback when we couldn't perform
weighted bandwidth-based node selection. But that would only
happen in the cases where we had no consensus, or when we had a
consensus generated by buggy or ancient directory authorities. In
either case, it's better to use the more modern, better maintained
algorithm, with reasonable defaults for the weights. Closes
ticket 13126.
- Remove the --disable-curve25519 configure option. Relays and
clients now are required to support curve25519 and the
ntor handshake.
- The old "StrictEntryNodes" and "StrictExitNodes" options, which
used to be deprecated synonyms for "StrictNodes", are now marked
obsolete. Resolves ticket 12226.
- The "AuthDirRejectUnlisted" option no longer has any effect, as
the fingerprints file (approved-routers) has been deprecated.
- Directory authorities do not support being Naming dirauths anymore.
The "NamingAuthoritativeDir" config option is now obsolete.
- Directory authorities do not support giving out the BadDirectory
flag anymore.
- Clients don't understand the BadDirectory flag in the consensus
anymore, and ignore it.
@ -348,6 +614,12 @@ Changes in version 0.2.6.1-alpha - 2014-10-30
affected by CVE-2011-2769 as guards. These relays are already
rejected altogether due to the minimum version requirement of
0.2.3.16-alpha. Closes ticket 13152.
- The "AuthDirRejectUnlisted" option no longer has any effect, as
the fingerprints file (approved-routers) has been deprecated.
- Directory authorities do not support being Naming dirauths anymore.
The "NamingAuthoritativeDir" config option is now obsolete.
- Directory authorities do not support giving out the BadDirectory
flag anymore.
- Directory authorities no longer advertise or support consensus
methods 1 through 12 inclusive. These consensus methods were
obsolete and/or insecure: maintaining the ability to support them

33
LICENSE
View File

@ -13,7 +13,7 @@ Tor is distributed under this license:
Copyright (c) 2001-2004, Roger Dingledine
Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson
Copyright (c) 2007-2014, The Tor Project, Inc.
Copyright (c) 2007-2015, The Tor Project, Inc.
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are
@ -191,7 +191,7 @@ ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
DATABASE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
===============================================================================
m4/pc_from_ucontext.m4 is available under the following license. Note that
it is *not* built into the Tor license.
it is *not* built into the Tor software.
Copyright (c) 2005, Google Inc.
All rights reserved.
@ -222,6 +222,35 @@ THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
===============================================================================
m4/pkg.m4 is available under the following license. Note that
it is *not* built into the Tor software.
pkg.m4 - Macros to locate and utilise pkg-config. -*- Autoconf -*-
serial 1 (pkg-config-0.24)
Copyright © 2004 Scott James Remnant <scott@netsplit.com>.
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
As a special exception to the GNU General Public License, if you
distribute this file as part of a program that contains a
configuration script generated by Autoconf, you may include it under
the same distribution terms that you use for the rest of that program.
===============================================================================
If you got Tor as a static binary with OpenSSL included, then you should know:
"This product includes software developed by the OpenSSL Project

15
Makefile.am
View File

@ -1,6 +1,6 @@
# Copyright (c) 2001-2004, Roger Dingledine
# Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson
# Copyright (c) 2007-2011, The Tor Project, Inc.
# Copyright (c) 2007-2015, The Tor Project, Inc.
# See LICENSE for licensing information
# "foreign" means we don't follow GNU package layout standards
@ -70,8 +70,17 @@ test: all
test-network: all
./src/test/test-network.sh
test-stem: $(TESTING_TOR_BINARY)
@if test -d "$$STEM_SOURCE_DIR"; then \
"$$STEM_SOURCE_DIR"/run_tests.py --tor $(TESTING_TOR_BINARY) --all --log notice --target RUN_ALL; \
else \
echo '$$STEM_SOURCE_DIR was not set.'; echo; \
echo "To run these tests, git clone https://git.torproject.org/stem.git/ ; export STEM_SOURCE_DIR=\`pwd\`/stem"; \
fi
reset-gcov:
rm -f src/*/*.gcda
rm -f src/*/*.gcda src/*/*/*.gcda
HTML_COVER_DIR=./coverage_html
coverage-html: all
@ -109,4 +118,4 @@ version:
fi
mostlyclean-local:
rm -f src/*/*.gc{da,no}
rm -f src/*/*.gc{da,no} src/*/*/*.gc{da,no}

2
acinclude.m4
View File

@ -2,7 +2,7 @@ dnl Helper macros for Tor configure.ac
dnl Copyright (c) 2001-2004, Roger Dingledine
dnl Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson
dnl Copyright (c) 2007-2008, Roger Dingledine, Nick Mathewson
dnl Copyright (c) 2007-2014, The Tor Project, Inc.
dnl Copyright (c) 2007-2015, The Tor Project, Inc.
dnl See LICENSE for licensing information
AC_DEFUN([TOR_EXTEND_CODEPATH],

4
changes/bug11791 Normal file
View File

@ -0,0 +1,4 @@
o Minor features (directory, memory usage):
- When we have recently been under memory pressure (over 3/4 of
MaxMemInQueues is allocated), then allocate smaller zlib objects for
small requests. Closes ticket 11791.

4
changes/bug12509 Normal file
View File

@ -0,0 +1,4 @@
o Minor bugfixes (automapping):
- Prevent changes to other optoins from removing the wildcard value "."
from "AutomapHostsSuffixes".

5
changes/bug12985 Normal file
View File

@ -0,0 +1,5 @@
o Minor bugfixes (shutdown):
- When shutting down, always call event_del() on lingering read or
write events before freeing them. Otherwise, we risk double-frees
or read-after-frees in event_base_free(). Fixes bug 12985; bugfix on
0.1.0.2-rc.

10
changes/bug13126
View File

@ -1,10 +0,0 @@
o Code simplification and refactoring:
- Remove our old, non-weighted bandwidth-based node selection code.
Previously, we used it as a fallback when we couldn't perform
weighted bandwidth-based node selection. But that would only
happen in the cases where we had no consensus, or when we had a
consensus generated by buggy or ancient directory authorities. In
either case, it's better to use the more modern, better maintained
algorithm, with reasonable defaults for the weights. Closes
ticket 13126.

7
changes/bug13214
View File

@ -1,7 +0,0 @@
o Minor bugfixes (hidden services):
- When fetching hidden service descriptors, check not only for
whether we got the hidden service we had in mind, but also
whether we got the particular descriptors we wanted. This
prevents a class of inefficient but annoying DoS attacks by
hidden service directories. Fixes bug 13214; bugfix on
0.2.1.6-alpha. Reported by "special".

5
changes/bug13296
View File

@ -1,5 +0,0 @@
o Directory authority changes:
- Remove turtles as a directory authority.
- Add longclaw as a new (v3) directory authority. This implements
ticket 13296. This keeps the directory authority count at 9.

5
changes/bug13315
View File

@ -1,5 +0,0 @@
o Minor features:
- Validate hostnames in SOCKS5 requests more strictly. If SafeSocks
is enabled, reject requests with IP addresses as hostnames. Resolves
ticket 13315.

12
changes/bug13399
View File

@ -1,12 +0,0 @@
o Minor bugfixes:
- Use a full 256 bits of the SHA256 digest of a microdescriptor when
computing which microdescriptors to download. This keeps us from
erroneous download behavior if two microdescriptor digests ever have
the same first 160 bits. Fixes part of bug 13399; bugfix on
0.2.3.1-alpha.
- Reset a router's status if its microdescriptor digest changes,
even if the first 160 bits remain the same. Fixes part of bug
13399; bugfix on 0.2.3.1-alpha.

3
changes/bug13399_part1
View File

@ -1,3 +0,0 @@
o Code simplifications and refactoring:
- Refactor our generic strmap and digestmap types into a single
implementation, so that we can add a new digest256map type trivially.

5
changes/bug13447
View File

@ -1,5 +0,0 @@
o Minor feature:
- When re-enabling the network, don't try to build introduction circuits
until we have successfully built a circuit. This makes hidden services
come up faster when the network is re-enabled. Patch from
"akwizgran". Closes ticket 13447.

4
changes/bug13644
View File

@ -1,4 +0,0 @@
o Code simplifications and refactoring:
- Document all members of was_router_added_t enum and rename
ROUTER_WAS_NOT_NEW to ROUTER_IS_ALREADY_KNOWN to make it less
confusable with ROUTER_WAS_TOO_OLD. Fixes issue 13644.

6
changes/bug13661 Normal file
View File

@ -0,0 +1,6 @@
o Minor bugfixes:
- Support two-number and three-number version numbers correctly, in
case we change the Tor versioning system in the future. Fixes bug
13661; bugfix on 0.0.8pre1.

6
changes/bug13678
View File

@ -1,6 +0,0 @@
o Testing:
- In the unit tests, use 'chgrp' to change the group of the unit test
temporary directory to the current user, so that the sticky bit doesn't
interfere with tests that check directory groups. Closes 13678.

6
changes/bug13698
View File

@ -1,6 +0,0 @@
o Major bugfixes:
- When closing an introduction circuit that was opened in
parallel, don't mark the introduction point as
unreachable. Previously, the first successful connection to an
introduction point would make the other uintroduction points get
marked as having timed out. Fixes bug 13698; bugfix on 0.0.6rc2.

4
changes/bug13701
View File

@ -1,4 +0,0 @@
o Minor bugfixes (logging):
- Log the circuit identifier correctly in
connection_ap_handshake_attach_circuit(). Fixes bug 13701;
bugfix on 0.0.6.

4
changes/bug13707
View File

@ -1,4 +0,0 @@
o Documentation:
- Fix typo in PredictedPortsRelevanceTime option description in
manpage. Resolves issue 13707.

3
changes/bug13713
View File

@ -1,3 +0,0 @@
o Documentation:
- Document the bridge-authority-only 'networkstatus-bridges'
file. Closes ticket 13713; patch from "tom".

3
changes/bug13840
View File

@ -1,3 +0,0 @@
o Code simplifications and refactoring:
- In connection_exit_begin_conn(), use END_CIRC_REASON_TORPROTOCOL
constant instead of hardcoded value. Fixes issue 13840.

6
changes/bug13941
View File

@ -1,6 +0,0 @@
o Minor bugfixes (hidden services):
- When adding a new hidden-service (for example, via SETCONF) Tor
no longer logs a congratulations for running a relay. Fixes bug
13941; bugfix on 0.2.6.1-alpha.

5
changes/bug13942
View File

@ -1,5 +0,0 @@
o Minor bugfixes (hidden services):
- Pre-check directory permissions for new hidden-services to avoid
at least one case of "Bug: Acting on config options left us in a
broken state. Dying." Fixes bug 13942.

3
changes/bug13988 Normal file
View File

@ -0,0 +1,3 @@
o Minor bugfixes (statistics):
- Increase period over which bandwidth observations are aggregated
from 15 minutes to 4 hours. Fixes bug 13988; bugfix on 0.0.8pre1.

3
changes/bug14072 Normal file
View File

@ -0,0 +1,3 @@
o Minor bugfixes (build):
- Avoid warnings when building with systemd 209 or later.
Fixes bug 14072; bugfix on 0.2.6.2-alpha. Patch from "h.venev".

4
changes/bug14106 Normal file
View File

@ -0,0 +1,4 @@
o Minor bugfixes (hidden services):
- Successfully launch Tor with a nonexistent hidden service directory.
Our fix for bug 13942 didn't catch this case. Fixes bug 14106;
bugfix on 0.2.6.2-alpha.

3
changes/bug14116_025 Normal file
View File

@ -0,0 +1,3 @@
o Minor bugfixes (controller):
- Avoid crashing on a malformed EXTENDCIRCUIT command. Fixes bug 14116;
bugfix on 0.2.2.9-alpha.

4
changes/bug14123 Normal file
View File

@ -0,0 +1,4 @@
o Minor bugfixes (small memory leaks):
- Avoid leaking memory when using IPv6 virtual address mappings.
Fixes bug 14123; bugfix on 0.2.4.7-alpha. Patch by Tom van der
Woerdt.

5
changes/bug14125 Normal file
View File

@ -0,0 +1,5 @@
o Minor bugfixes (dirauth):
- Enlarge the buffer to read bw-auth generated files to avoid an
issue when parsing the file in dirserv_read_measured_bandwidths().
Bugfix on 0.2.2.1-alpha, fixes #14125.

4
changes/bug7484
View File

@ -1,4 +0,0 @@
o Minor bugfixes:
- Stop allowing invalid address patterns containing both a wildcard
address and a bit prefix length. This affects all our
address-range parsing code. Fixes bug 7484; bugfix on 0.0.2pre14.

5
changes/bug7803
View File

@ -1,5 +0,0 @@
o Removed features:
- Tor clients no longer support connecting to hidden services running on
Tor 0.2.2.x and earlier; the Support022HiddenServices option has been
removed. (There shouldn't be any hidden services running these
versions on the network.)

4
changes/bug9286 Normal file
View File

@ -0,0 +1,4 @@
o Minor bugfixes (parsing):
- Stop accepting milliseconds (or other junk) at the end of
descriptor publication times. Fixes bug 9286; bugfix on
0.0.2pre25.

6
changes/bug9812
View File

@ -1,6 +0,0 @@
o Minor bugfixes (logging):
- Downgrade warnings about RSA signature failures to info log
level. Emit a warning when extra info document is found
incompatible with a corresponding router descriptor. Fixes bug
9812; bugfix on 0.0.6rc3.

5
changes/doc13381
View File

@ -1,5 +0,0 @@
o Documentation:
- Stop suggesting that users specify nodes by nickname: it isn't a
good idea. Also, properly cross-reference how to specify nodes
in all parts of the manual for options that take a list of
nodes. Closes ticket 13381.

12
changes/feature10067 Normal file
View File

@ -0,0 +1,12 @@
o Major features (changed defaults):
- Prevent relay operators from unintentionally running exits: When
a relay is configured as an exit node, we now warn the user
unless the 'ExitRelay' option is set to 1. We warn even more
loudly if the relay is configured with the default exit policy,
since this tends to indicate accidental misconfiguration.
Setting 'ExitRelay' to 0 stops Tor from running as an exit relay.
Closes ticket 10067.
o Removed features:
- To avoid confusion with the 'ExitRelay' option, 'ExitNode' is no
longer silently accepted as an alias for 'ExitNodes'.

4
changes/feature13212
View File

@ -1,4 +0,0 @@
o Minor features (hidden services):
- Inform Tor controller about nature of failure to retrieve
hidden service descriptor by sending reason string with HS_DESC
FAILED controller event. Implements feature 13212.

4
changes/feature9503
View File

@ -1,4 +0,0 @@
o Minor features (controller):
- Add a "SIGNAL HEARTBEAT" Tor controller command that provokes
writing unscheduled heartbeat message to the log. Implements
feature 9503.

4
changes/fix-test-cmdline-args Normal file
View File

@ -0,0 +1,4 @@
o Testing:
- Make the test_cmdline_args.py script work correctly on Windows.
Patch from Gisle Vanem.

3
changes/geoip-november2014
View File

@ -1,3 +0,0 @@
o Minor features:
- Update geoip to the November 15 2014 Maxmind GeoLite2 Country database.

3
changes/geoip6-november2014
View File

@ -1,3 +0,0 @@
o Minor features:
- Update geoip6 to the November 15 2014 Maxmind GeoLite2 Country database.

12
changes/global_scheduler
View File

@ -1,12 +0,0 @@
o Major features (relay, infrastructure):
- Implement a new inter-cmux comparison API, a global high/low watermark
mechanism and a global scheduler loop for transmission prioritization
across all channels as well as among circuits on one channel. This
schedule is currently tuned to (tolerantly) avoid making changes
in the current network performance, but it should form the basis
major circuit performance increases. Code by Andrea; implements
ticket 9262.
o Testing:
- New tests for many parts of channel, relay, and circuit mux
functionality. Code by Andrea; part of 9262.

3
changes/no_global_ccc
View File

@ -1,3 +0,0 @@
o Code Simplification and Refactoring:
- Stop using can_complete_circuits as a global variable; access it with
a function instead.

10
changes/spurious-clang-warnings
View File

@ -1,10 +0,0 @@
o Minor bugfixes:
- Silence clang warnings under --enable-expensive-hardening, including:
+ implicit truncation of 64 bit values to 32 bit;
+ const char assignment to self;
+ tautological compare; and
+ additional parentheses around equality tests. (gcc uses these to
silence assignment, so clang warns when they're present in an
equality test. But we need to use extra parentheses in macros to
isolate them from other code).
Fixes bug 13577.

4
changes/ticket-11291
View File

@ -1,4 +0,0 @@
o Minor features (hidden services):
- New HiddenServiceDirGroupReadable option to cause hidden service
directories and hostname files to be created group-readable.
Patch from "anon", David Stainton, and "meejah".

4
changes/ticket13172
View File

@ -1,4 +0,0 @@
o Code simplification and refactoring:
- Avoid using operators directly as macro arguments: this lets us
apply coccinelle transformations to our codebase more
directly. Closes ticket 13172.

6
changes/ticket14107 Normal file
View File

@ -0,0 +1,6 @@
o Testing:
- New "make test-stem" target to run stem integration tests.
Requires that the "STEM_SOURCE_DIR" environment variable be set.
Closes ticket 14107.

5
changes/ticket14128 Normal file
View File

@ -0,0 +1,5 @@
o Minor features (controller):
- New "GETINFO bw-event-cache" to get information about recent bandwidth
events. Closes ticket 14128. Useful for controllers to get recent
bandwidth history after the fix for 13988.

6
changes/tickets6456
View File

@ -1,6 +0,0 @@
o Code simplification and refactoring:
- Combine the functions used to parse ClientTransportPlugin and
ServerTransportPlugin into a single function. Closes ticket 6456.
o Testing:
- New tests for parse_transport_line(). Part of ticket 6456.

100
configure.ac
View File

@ -1,9 +1,9 @@
dnl Copyright (c) 2001-2004, Roger Dingledine
dnl Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson
dnl Copyright (c) 2007-2014, The Tor Project, Inc.
dnl Copyright (c) 2007-2015, The Tor Project, Inc.
dnl See LICENSE for licensing information
AC_INIT([tor],[0.2.6.1-alpha-dev])
AC_INIT([tor],[0.2.6.2-alpha-dev])
AC_CONFIG_SRCDIR([src/or/main.c])
AC_CONFIG_MACRO_DIR([m4])
AM_INIT_AUTOMAKE
@ -12,6 +12,8 @@ AC_CONFIG_HEADERS([orconfig.h])
AC_CANONICAL_HOST
PKG_PROG_PKG_CONFIG
if test -f /etc/redhat-release ; then
if test -f /usr/kerberos/include ; then
CPPFLAGS="$CPPFLAGS -I/usr/kerberos/include"
@ -105,6 +107,58 @@ AC_ARG_ENABLE(upnp,
* ) AC_MSG_ERROR(bad value for --enable-upnp) ;;
esac], [upnp=false])
# systemd notify support
AC_ARG_ENABLE(systemd,
AS_HELP_STRING(--enable-systemd, enable systemd notification support),
[case "${enableval}" in
yes) systemd=true ;;
no) systemd=false ;;
* ) AC_MSG_ERROR(bad value for --enable-systemd) ;;
esac], [systemd=auto])
# systemd support
if test x$enable_systemd = xfalse ; then
have_systemd=no;
else
PKG_CHECK_MODULES(SYSTEMD,
[libsystemd-daemon],
have_systemd=yes,
have_systemd=no)
fi
if test x$have_systemd = xyes; then
AC_DEFINE(HAVE_SYSTEMD,1,[Have systemd])
CFLAGS="${CFLAGS} ${SYSTEMD_CFLAGS}"
TOR_SYSTEMD_LIBS="${SYSTEMD_LIBS}"
fi
AC_SUBST(TOR_SYSTEMD_LIBS)
if test x$enable_systemd = xyes -a x$have_systemd != xyes ; then
AC_MSG_ERROR([Explicitly requested systemd support, but systemd not found])
fi
AC_ARG_ENABLE(threads,
AS_HELP_STRING(--disable-threads, disable multi-threading support))
if test x$enable_threads = x; then
case $host in
*-*-solaris* )
# Don't try multithreading on solaris -- cpuworkers seem to lock.
AC_MSG_NOTICE([You are running Solaris; Sometimes threading makes
cpu workers lock up here, so I will disable threads.])
enable_threads="no";;
*)
enable_threads="yes";;
esac
fi
ifdef([HAVE_SYSTEMD], [
AC_SEARCH_LIBS([sd_watchdog_enabled], [systemd-daemon],
[AC_DEFINE(HAVE_SYSTEMD_209,1,[Have systemd v209 or more])], [])
])
case $host in
*-*-solaris* )
AC_DEFINE(_REENTRANT, 1, [Define on some platforms to activate x_r() functions in time.h])
@ -618,7 +672,7 @@ dnl since sometimes the linker will like an option but not be willing to
dnl use it with a build of a library.
all_ldflags_for_check="$TOR_LDFLAGS_zlib $TOR_LDFLAGS_openssl $TOR_LDFLAGS_libevent"
all_libs_for_check="$TOR_ZLIB_LIBS $TOR_LIB_MATH $TOR_LIBEVENT_LIBS $TOR_OPENSSL_LIBS $TOR_LIB_WS32 $TOR_LIB_GDI"
all_libs_for_check="$TOR_ZLIB_LIBS $TOR_LIB_MATH $TOR_LIBEVENT_LIBS $TOR_OPENSSL_LIBS $TOR_SYSTEMD_LIBS $TOR_LIB_WS32 $TOR_LIB_GDI"
AC_COMPILE_IFELSE([AC_LANG_PROGRAM([], [
#if !defined(__clang__)
@ -937,6 +991,14 @@ AC_CHECK_HEADERS(net/pfvar.h, net_pfvar_found=1, net_pfvar_found=0,
#ifdef HAVE_NET_IF_H
#include <net/if.h>
#endif])
AC_CHECK_HEADERS(linux/if.h,[],[],
[
#ifdef HAVE_SYS_SOCKET_H
#include <sys/socket.h>
#endif
])
AC_CHECK_HEADERS(linux/netfilter_ipv4.h,
linux_netfilter_ipv4=1, linux_netfilter_ipv4=0,
[#ifdef HAVE_SYS_TYPES_H
@ -958,6 +1020,30 @@ AC_CHECK_HEADERS(linux/netfilter_ipv4.h,
#include <netinet/in.h>
#endif])
AC_CHECK_HEADERS(linux/netfilter_ipv6/ip6_tables.h,
linux_netfilter_ipv6_ip6_tables=1, linux_netfilter_ipv6_ip6_tables=0,
[#ifdef HAVE_SYS_TYPES_H
#include <sys/types.h>
#endif
#ifdef HAVE_SYS_SOCKET_H
#include <sys/socket.h>
#endif
#ifdef HAVE_LIMITS_H
#include <limits.h>
#endif
#ifdef HAVE_LINUX_TYPES_H
#include <linux/types.h>
#endif
#ifdef HAVE_NETINET_IN6_H
#include <netinet/in6.h>
#endif
#ifdef HAVE_NETINET_IN_H
#include <netinet/in.h>
#endif
#ifdef HAVE_LINUX_IF_H
#include <linux/if.h>
#endif])
if test x$transparent = xtrue ; then
transparent_ok=0
if test x$net_if_found = x1 && test x$net_pfvar_found = x1 ; then
@ -966,6 +1052,9 @@ if test x$transparent = xtrue ; then
if test x$linux_netfilter_ipv4 = x1 ; then
transparent_ok=1
fi
if test x$linux_netfilter_ipv6_ip6_tables = x1 ; then
transparent_ok=1
fi
if test x$transparent_ok = x1 ; then
AC_DEFINE(USE_TRANSPARENT, 1, "Define to enable transparent proxy support")
case $host in
@ -1454,10 +1543,9 @@ fi
if test "$GCC" = yes; then
# Disable GCC's strict aliasing checks. They are an hours-to-debug
# accident waiting to happen.
CFLAGS="$CFLAGS -Wall -fno-strict-aliasing"
CFLAGS="$CFLAGS -Wall -fno-strict-aliasing -g -O2"
else
# Autoconf sets -g -O2 by default. Override optimization level
# for non-gcc compilers
# Override optimization level for non-gcc compilers
CFLAGS="$CFLAGS -O"
enable_gcc_warnings=no
enable_gcc_warnings_advisory=no

2
contrib/win32build/tor-mingw.nsi.in
View File

@ -8,7 +8,7 @@
!include "LogicLib.nsh"
!include "FileFunc.nsh"
!insertmacro GetParameters
!define VERSION "0.2.6.1-alpha-dev"
!define VERSION "0.2.6.2-alpha-dev"
!define INSTALLER "tor-${VERSION}-win32.exe"
!define WEBSITE "https://www.torproject.org/"
!define LICENSE "LICENSE"

25
doc/tor.1.txt
View File

@ -1469,6 +1469,19 @@ is non-zero):
that it's an email address and/or generate a new address for this
purpose.
[[ExitRelay]] **ExitRelay** **0**|**1**|**auto**::
Tells Tor whether to run as an exit relay. If Tor is running as a
non-bridge server, and ExitRelay is set to 1, then Tor allows traffic to
exit according to the ExitPolicy option (or the default ExitPolicy if
none is specified).
+
If ExitRelay is set to 0, no traffic is allowed to
exit, and the ExitPolicy option is ignored. +
+
If ExitRelay is set to "auto", then Tor behaves as if it were set to 1, but
warns the user if this would cause traffic to exit. In a future version,
the default value will be 0. (Default: auto)
[[ExitPolicy]] **ExitPolicy** __policy__,__policy__,__...__::
Set an exit policy for this server. Each policy is of the form
"**accept**|**reject** __ADDR__[/__MASK__][:__PORT__]". If /__MASK__ is
@ -1764,6 +1777,13 @@ is non-zero):
When this option is enabled, Tor writes statistics on the bidirectional use
of connections to disk every 24 hours. (Default: 0)
[[HiddenServiceStatistics]] **HiddenServiceStatistics** **0**|**1**::
When this option is enabled, a Tor relay writes obfuscated
statistics on its role as hidden-service directory, introduction
point, or rendezvous point to disk every 24 hours. If
ExtraInfoStatistics is also enabled, these statistics are further
published to the directory authorities. (Default: 0)
[[ExtraInfoStatistics]] **ExtraInfoStatistics** **0**|**1**::
When this option is enabled, Tor includes previously gathered statistics in
its extra-info documents that it uploads to the directory authorities.
@ -2025,6 +2045,11 @@ The following options are used to configure a hidden service.
Store data files for a hidden service in DIRECTORY. Every hidden service
must have a separate directory. You may use this option multiple times to
specify multiple services. DIRECTORY must be an existing directory.
(Note: in current versions of Tor, if DIRECTORY is a relative path,
it will be relative to current
working directory of Tor instance, not to its DataDirectory. Do not
rely on this behavior; it is not guaranteed to remain the same in future
versions.)
[[HiddenServicePort]] **HiddenServicePort** __VIRTPORT__ [__TARGET__]::
Configure a virtual port VIRTPORT for a hidden service. You may use this

214
m4/pkg.m4 Normal file
View File

@ -0,0 +1,214 @@
# pkg.m4 - Macros to locate and utilise pkg-config. -*- Autoconf -*-
# serial 1 (pkg-config-0.24)
#
# Copyright © 2004 Scott James Remnant <scott@netsplit.com>.
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful, but
# WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
# General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
#
# As a special exception to the GNU General Public License, if you
# distribute this file as part of a program that contains a
# configuration script generated by Autoconf, you may include it under
# the same distribution terms that you use for the rest of that program.
# PKG_PROG_PKG_CONFIG([MIN-VERSION])
# ----------------------------------
AC_DEFUN([PKG_PROG_PKG_CONFIG],
[m4_pattern_forbid([^_?PKG_[A-Z_]+$])
m4_pattern_allow([^PKG_CONFIG(_(PATH|LIBDIR|SYSROOT_DIR|ALLOW_SYSTEM_(CFLAGS|LIBS)))?$])
m4_pattern_allow([^PKG_CONFIG_(DISABLE_UNINSTALLED|TOP_BUILD_DIR|DEBUG_SPEW)$])
AC_ARG_VAR([PKG_CONFIG], [path to pkg-config utility])
AC_ARG_VAR([PKG_CONFIG_PATH], [directories to add to pkg-config's search path])
AC_ARG_VAR([PKG_CONFIG_LIBDIR], [path overriding pkg-config's built-in search path])
if test "x$ac_cv_env_PKG_CONFIG_set" != "xset"; then
AC_PATH_TOOL([PKG_CONFIG], [pkg-config])
fi
if test -n "$PKG_CONFIG"; then
_pkg_min_version=m4_default([$1], [0.9.0])
AC_MSG_CHECKING([pkg-config is at least version $_pkg_min_version])
if $PKG_CONFIG --atleast-pkgconfig-version $_pkg_min_version; then
AC_MSG_RESULT([yes])
else
AC_MSG_RESULT([no])
PKG_CONFIG=""
fi
fi[]dnl
])# PKG_PROG_PKG_CONFIG
# PKG_CHECK_EXISTS(MODULES, [ACTION-IF-FOUND], [ACTION-IF-NOT-FOUND])
#
# Check to see whether a particular set of modules exists. Similar
# to PKG_CHECK_MODULES(), but does not set variables or print errors.
#
# Please remember that m4 expands AC_REQUIRE([PKG_PROG_PKG_CONFIG])
# only at the first occurence in configure.ac, so if the first place
# it's called might be skipped (such as if it is within an "if", you
# have to call PKG_CHECK_EXISTS manually
# --------------------------------------------------------------
AC_DEFUN([PKG_CHECK_EXISTS],
[AC_REQUIRE([PKG_PROG_PKG_CONFIG])dnl
if test -n "$PKG_CONFIG" && \
AC_RUN_LOG([$PKG_CONFIG --exists --print-errors "$1"]); then
m4_default([$2], [:])
m4_ifvaln([$3], [else
$3])dnl
fi])
# _PKG_CONFIG([VARIABLE], [COMMAND], [MODULES])
# ---------------------------------------------
m4_define([_PKG_CONFIG],
[if test -n "$$1"; then
pkg_cv_[]$1="$$1"
elif test -n "$PKG_CONFIG"; then
PKG_CHECK_EXISTS([$3],
[pkg_cv_[]$1=`$PKG_CONFIG --[]$2 "$3" 2>/dev/null`
test "x$?" != "x0" && pkg_failed=yes ],
[pkg_failed=yes])
else
pkg_failed=untried
fi[]dnl
])# _PKG_CONFIG
# _PKG_SHORT_ERRORS_SUPPORTED
# -----------------------------
AC_DEFUN([_PKG_SHORT_ERRORS_SUPPORTED],
[AC_REQUIRE([PKG_PROG_PKG_CONFIG])
if $PKG_CONFIG --atleast-pkgconfig-version 0.20; then
_pkg_short_errors_supported=yes
else
_pkg_short_errors_supported=no
fi[]dnl
])# _PKG_SHORT_ERRORS_SUPPORTED
# PKG_CHECK_MODULES(VARIABLE-PREFIX, MODULES, [ACTION-IF-FOUND],
# [ACTION-IF-NOT-FOUND])
#
#
# Note that if there is a possibility the first call to
# PKG_CHECK_MODULES might not happen, you should be sure to include an
# explicit call to PKG_PROG_PKG_CONFIG in your configure.ac
#
#
# --------------------------------------------------------------
AC_DEFUN([PKG_CHECK_MODULES],
[AC_REQUIRE([PKG_PROG_PKG_CONFIG])dnl
AC_ARG_VAR([$1][_CFLAGS], [C compiler flags for $1, overriding pkg-config])dnl
AC_ARG_VAR([$1][_LIBS], [linker flags for $1, overriding pkg-config])dnl
pkg_failed=no
AC_MSG_CHECKING([for $1])
_PKG_CONFIG([$1][_CFLAGS], [cflags], [$2])
_PKG_CONFIG([$1][_LIBS], [libs], [$2])
m4_define([_PKG_TEXT], [Alternatively, you may set the environment variables $1[]_CFLAGS
and $1[]_LIBS to avoid the need to call pkg-config.
See the pkg-config man page for more details.])
if test $pkg_failed = yes; then
AC_MSG_RESULT([no])
_PKG_SHORT_ERRORS_SUPPORTED
if test $_pkg_short_errors_supported = yes; then
$1[]_PKG_ERRORS=`$PKG_CONFIG --short-errors --print-errors --cflags --libs "$2" 2>&1`
else
$1[]_PKG_ERRORS=`$PKG_CONFIG --print-errors --cflags --libs "$2" 2>&1`
fi
# Put the nasty error message in config.log where it belongs
echo "$$1[]_PKG_ERRORS" >&AS_MESSAGE_LOG_FD
m4_default([$4], [AC_MSG_ERROR(
[Package requirements ($2) were not met:
$$1_PKG_ERRORS
Consider adjusting the PKG_CONFIG_PATH environment variable if you
installed software in a non-standard prefix.
_PKG_TEXT])[]dnl
])
elif test $pkg_failed = untried; then
AC_MSG_RESULT([no])
m4_default([$4], [AC_MSG_FAILURE(
[The pkg-config script could not be found or is too old. Make sure it
is in your PATH or set the PKG_CONFIG environment variable to the full
path to pkg-config.
_PKG_TEXT
To get pkg-config, see <http://pkg-config.freedesktop.org/>.])[]dnl
])
else
$1[]_CFLAGS=$pkg_cv_[]$1[]_CFLAGS
$1[]_LIBS=$pkg_cv_[]$1[]_LIBS
AC_MSG_RESULT([yes])
$3
fi[]dnl
])# PKG_CHECK_MODULES
# PKG_INSTALLDIR(DIRECTORY)
# -------------------------
# Substitutes the variable pkgconfigdir as the location where a module
# should install pkg-config .pc files. By default the directory is
# $libdir/pkgconfig, but the default can be changed by passing
# DIRECTORY. The user can override through the --with-pkgconfigdir
# parameter.
AC_DEFUN([PKG_INSTALLDIR],
[m4_pushdef([pkg_default], [m4_default([$1], ['${libdir}/pkgconfig'])])
m4_pushdef([pkg_description],
[pkg-config installation directory @<:@]pkg_default[@:>@])
AC_ARG_WITH([pkgconfigdir],
[AS_HELP_STRING([--with-pkgconfigdir], pkg_description)],,
[with_pkgconfigdir=]pkg_default)
AC_SUBST([pkgconfigdir], [$with_pkgconfigdir])
m4_popdef([pkg_default])
m4_popdef([pkg_description])
]) dnl PKG_INSTALLDIR
# PKG_NOARCH_INSTALLDIR(DIRECTORY)
# -------------------------
# Substitutes the variable noarch_pkgconfigdir as the location where a
# module should install arch-independent pkg-config .pc files. By
# default the directory is $datadir/pkgconfig, but the default can be
# changed by passing DIRECTORY. The user can override through the
# --with-noarch-pkgconfigdir parameter.
AC_DEFUN([PKG_NOARCH_INSTALLDIR],
[m4_pushdef([pkg_default], [m4_default([$1], ['${datadir}/pkgconfig'])])
m4_pushdef([pkg_description],
[pkg-config arch-independent installation directory @<:@]pkg_default[@:>@])
AC_ARG_WITH([noarch-pkgconfigdir],
[AS_HELP_STRING([--with-noarch-pkgconfigdir], pkg_description)],,
[with_noarch_pkgconfigdir=]pkg_default)
AC_SUBST([noarch_pkgconfigdir], [$with_noarch_pkgconfigdir])
m4_popdef([pkg_default])
m4_popdef([pkg_description])
]) dnl PKG_NOARCH_INSTALLDIR
# PKG_CHECK_VAR(VARIABLE, MODULE, CONFIG-VARIABLE,
# [ACTION-IF-FOUND], [ACTION-IF-NOT-FOUND])
# -------------------------------------------
# Retrieves the value of the pkg-config variable for the given module.
AC_DEFUN([PKG_CHECK_VAR],
[AC_REQUIRE([PKG_PROG_PKG_CONFIG])dnl
AC_ARG_VAR([$1], [value of $3 for $2, overriding pkg-config])dnl
_PKG_CONFIG([$1], [variable="][$3]["], [$2])
AS_VAR_COPY([$1], [pkg_cv_][$1])
AS_VAR_IF([$1], [""], [$5], [$4])dnl
])# PKG_CHECK_VAR

2
scripts/codegen/gen_server_ciphers.py
View File

@ -1,5 +1,5 @@
#!/usr/bin/python
# Copyright 2014, The Tor Project, Inc
# Copyright 2014-2015, The Tor Project, Inc
# See LICENSE for licensing information
# This script parses openssl headers to find ciphersuite names, determines

2
scripts/codegen/get_mozilla_ciphers.py
View File

@ -1,6 +1,6 @@
#!/usr/bin/python
# coding=utf-8
# Copyright 2011, The Tor Project, Inc
# Copyright 2011-2015, The Tor Project, Inc
# original version by Arturo Filastò
# See LICENSE for licensing information

2
scripts/codegen/makedesc.py
View File

@ -1,5 +1,5 @@
#!/usr/bin/python
# Copyright 2014, The Tor Project, Inc.
# Copyright 2014-2015, The Tor Project, Inc.
# See LICENSE for license information
# This is a kludgey python script that uses ctypes and openssl to sign

2
scripts/maint/format_changelog.py
View File

@ -1,5 +1,5 @@
#!/usr/bin/python
# Copyright (c) 2014, The Tor Project, Inc.
# Copyright (c) 2014-2015, The Tor Project, Inc.
# See LICENSE for licensing information
#
# This script reformats a section of the changelog to wrap everything to

52
scripts/maint/lintChanges.py Executable file
View File

@ -0,0 +1,52 @@
#!/usr/bin/python
import sys
import re
def lintfile(fname):
have_warned = []
def warn(s):
if not have_warned:
have_warned.append(1)
print fname,":"
print "\t",s
m = re.search(r'(\d{3,})', fname)
if m:
bugnum = m.group(1)
else:
bugnum = None
with open(fname) as f:
contents = f.read()
if bugnum and bugnum not in contents:
warn("bug number %s does not appear"%bugnum)
lines = contents.split("\n")
isBug = ("bug" in lines[0] or "fix" in lines[0])
if not re.match(r'^ +o (.*)', contents):
warn("header not in format expected")
contents = " ".join(contents.split())
if isBug and not re.search(r'(\d+)', contents):
warn("bugfix does not mention a number")
elif isBug and not re.search(r'Fixes ([a-z ]*)bug (\d+)', contents):
warn("bugfix does not say 'Fixes bug XXX'")
if re.search(r'[bB]ug (\d+)', contents):
if not re.search(r'[Bb]ugfix on ', contents):
warn("bugfix does not say 'bugfix on X.Y.Z'")
elif not re.search('[fF]ixes ([a-z ]*)bug (\d+); bugfix on ', contents):
warn("bugfix incant is not semicoloned")
if __name__=='__main__':
for fname in sys.argv[1:]:
if fname.endswith("~"):
continue
lintfile(fname)

2
scripts/maint/redox.py
View File

@ -1,6 +1,6 @@
#!/usr/bin/python
#
# Copyright (c) 2008-2013, The Tor Project, Inc.
# Copyright (c) 2008-2015, The Tor Project, Inc.
# See LICENSE for licensing information.
#
# Hi!

8
scripts/maint/sortChanges.py
View File

@ -1,5 +1,5 @@
#!/usr/bin/python
# Copyright (c) 2014, The Tor Project, Inc.
# Copyright (c) 2014-2015, The Tor Project, Inc.
# See LICENSE for licensing information
"""This script sorts a bunch of changes files listed on its command
@ -18,10 +18,10 @@ def fetch(fn):
s = "%s\n" % s.rstrip()
return s
def score(s):
def score(s,fname=None):
m = re.match(r'^ +o (.*)', s)
if not m:
print >>sys.stderr, "Can't score %r"%s
print >>sys.stderr, "Can't score %r from %s"%(s,fname)
lw = m.group(1).lower()
if lw.startswith("major feature"):
score = 0
@ -41,7 +41,7 @@ def score(s):
return (score, lw, s)
changes = [ score(fetch(fn)) for fn in sys.argv[1:] if not fn.endswith('~') ]
changes = [ score(fetch(fn),fn) for fn in sys.argv[1:] if not fn.endswith('~') ]
changes.sort()

7
scripts/maint/updateCopyright.pl Executable file
View File

@ -0,0 +1,7 @@
#!/usr/bin/perl -i -w -p
$NEWYEAR=2015;
s/Copyright(.*) (201[^5]), The Tor Project/Copyright$1 $2-${NEWYEAR}, The Tor Project/;
s/Copyright(.*)-(20..), The Tor Project/Copyright$1-${NEWYEAR}, The Tor Project/;

18
src/common/address.c
View File

@ -1,6 +1,6 @@
/* Copyright (c) 2003-2004, Roger Dingledine
* Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
* Copyright (c) 2007-2014, The Tor Project, Inc. */
* Copyright (c) 2007-2015, The Tor Project, Inc. */
/* See LICENSE for licensing information */
/**
@ -89,13 +89,14 @@ tor_addr_to_sockaddr(const tor_addr_t *a,
struct sockaddr *sa_out,
socklen_t len)
{
memset(sa_out, 0, len);
sa_family_t family = tor_addr_family(a);
if (family == AF_INET) {
struct sockaddr_in *sin;
if (len < (int)sizeof(struct sockaddr_in))
return 0;
sin = (struct sockaddr_in *)sa_out;
memset(sin, 0, sizeof(struct sockaddr_in));
#ifdef HAVE_STRUCT_SOCKADDR_IN_SIN_LEN
sin->sin_len = sizeof(struct sockaddr_in);
#endif
@ -108,7 +109,6 @@ tor_addr_to_sockaddr(const tor_addr_t *a,
if (len < (int)sizeof(struct sockaddr_in6))
return 0;
sin6 = (struct sockaddr_in6 *)sa_out;
memset(sin6, 0, sizeof(struct sockaddr_in6));
#ifdef HAVE_STRUCT_SOCKADDR_IN6_SIN6_LEN
sin6->sin6_len = sizeof(struct sockaddr_in6);
#endif
@ -129,6 +129,9 @@ tor_addr_from_sockaddr(tor_addr_t *a, const struct sockaddr *sa,
{
tor_assert(a);
tor_assert(sa);
memset(a, 0, sizeof(*a));
if (sa->sa_family == AF_INET) {
struct sockaddr_in *sin = (struct sockaddr_in *) sa;
tor_addr_from_ipv4n(a, sin->sin_addr.s_addr);
@ -1023,7 +1026,6 @@ tor_addr_compare_masked(const tor_addr_t *addr1, const tor_addr_t *addr2,
} else {
a2 = tor_addr_to_ipv4h(addr2);
}
if (mbits <= 0) return 0;
if (mbits > 32) mbits = 32;
a1 >>= (32-mbits);
a2 >>= (32-mbits);
@ -1369,8 +1371,8 @@ tor_addr_is_multicast(const tor_addr_t *a)
* connects to the Internet. This address should only be used in checking
* whether our address has changed. Return 0 on success, -1 on failure.
*/
int
get_interface_address6(int severity, sa_family_t family, tor_addr_t *addr)
MOCK_IMPL(int,
get_interface_address6,(int severity, sa_family_t family, tor_addr_t *addr))
{
/* XXX really, this function should yield a smartlist of addresses. */
smartlist_t *addrs;
@ -1699,8 +1701,8 @@ tor_dup_ip(uint32_t addr)
* checking whether our address has changed. Return 0 on success, -1 on
* failure.
*/
int
get_interface_address(int severity, uint32_t *addr)
MOCK_IMPL(int,
get_interface_address,(int severity, uint32_t *addr))
{
tor_addr_t local_addr;
int r;

7
src/common/address.h
View File

@ -1,6 +1,6 @@
/* Copyright (c) 2003-2004, Roger Dingledine
* Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
* Copyright (c) 2007-2014, The Tor Project, Inc. */
* Copyright (c) 2007-2015, The Tor Project, Inc. */
/* See LICENSE for licensing information */
/**
@ -159,7 +159,8 @@ char *tor_dup_addr(const tor_addr_t *addr) ATTR_MALLOC;
const char *fmt_addr_impl(const tor_addr_t *addr, int decorate);
const char *fmt_addrport(const tor_addr_t *addr, uint16_t port);
const char * fmt_addr32(uint32_t addr);
int get_interface_address6(int severity, sa_family_t family, tor_addr_t *addr);
MOCK_DECL(int,get_interface_address6,(int severity, sa_family_t family,
tor_addr_t *addr));
/** Flag to specify how to do a comparison between addresses. In an "exact"
* comparison, addresses are equivalent only if they are in the same family
@ -236,7 +237,7 @@ int addr_mask_get_bits(uint32_t mask);
#define INET_NTOA_BUF_LEN 16
int tor_inet_ntoa(const struct in_addr *in, char *buf, size_t buf_len);
char *tor_dup_ip(uint32_t addr) ATTR_MALLOC;
int get_interface_address(int severity, uint32_t *addr);
MOCK_DECL(int,get_interface_address,(int severity, uint32_t *addr));
tor_addr_port_t *tor_addr_port_new(const tor_addr_t *addr, uint16_t port);

2
src/common/aes.c
View File

@ -1,7 +1,7 @@
/* Copyright (c) 2001, Matej Pfajfar.
* Copyright (c) 2001-2004, Roger Dingledine.
* Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
* Copyright (c) 2007-2014, The Tor Project, Inc. */
* Copyright (c) 2007-2015, The Tor Project, Inc. */
/* See LICENSE for licensing information */
/**

2
src/common/aes.h
View File

@ -1,6 +1,6 @@
/* Copyright (c) 2003, Roger Dingledine
* Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
* Copyright (c) 2007-2014, The Tor Project, Inc. */
* Copyright (c) 2007-2015, The Tor Project, Inc. */
/* See LICENSE for licensing information */
/* Implements a minimal interface to counter-mode AES. */

2
src/common/backtrace.c
View File

@ -1,4 +1,4 @@
/* Copyright (c) 2013-2014, The Tor Project, Inc. */
/* Copyright (c) 2013-2015, The Tor Project, Inc. */
/* See LICENSE for licensing information */
#define __USE_GNU

2
src/common/backtrace.h
View File

@ -1,4 +1,4 @@
/* Copyright (c) 2013-2014, The Tor Project, Inc. */
/* Copyright (c) 2013-2015, The Tor Project, Inc. */
/* See LICENSE for licensing information */
#ifndef TOR_BACKTRACE_H

24
src/common/compat.c
View File

@ -1,6 +1,6 @@
/* Copyright (c) 2003-2004, Roger Dingledine
* Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
* Copyright (c) 2007-2014, The Tor Project, Inc. */
* Copyright (c) 2007-2015, The Tor Project, Inc. */
/* See LICENSE for licensing information */
/**
@ -2198,9 +2198,20 @@ get_environment(void)
#endif
}
/** Set *addr to the IP address (in dotted-quad notation) stored in c.
* Return 1 on success, 0 if c is badly formatted. (Like inet_aton(c,addr),
* but works on Windows and Solaris.)
/** Get name of current host and write it to <b>name</b> array, whose
* length is specified by <b>namelen</b> argument. Return 0 upon
* successfull completion; otherwise return return -1. (Currently,
* this function is merely a mockable wrapper for POSIX gethostname().)
*/
MOCK_IMPL(int,
tor_gethostname,(char *name, size_t namelen))
{
return gethostname(name,namelen);
}
/** Set *addr to the IP address (in dotted-quad notation) stored in *str.
* Return 1 on success, 0 if *str is badly formatted.
* (Like inet_aton(str,addr), but works on Windows and Solaris.)
*/
int
tor_inet_aton(const char *str, struct in_addr* addr)
@ -2420,8 +2431,9 @@ tor_inet_pton(int af, const char *src, void *dst)
* (This function exists because standard windows gethostbyname
* doesn't treat raw IP addresses properly.)
*/
int
tor_lookup_hostname(const char *name, uint32_t *addr)
MOCK_IMPL(int,
tor_lookup_hostname,(const char *name, uint32_t *addr))
{
tor_addr_t myaddr;
int ret;

5
src/common/compat.h
View File

@ -1,6 +1,6 @@
/* Copyright (c) 2003-2004, Roger Dingledine
* Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
* Copyright (c) 2007-2014, The Tor Project, Inc. */
* Copyright (c) 2007-2015, The Tor Project, Inc. */
/* See LICENSE for licensing information */
#ifndef TOR_COMPAT_H
@ -532,10 +532,11 @@ struct sockaddr_in6 {
};
#endif
MOCK_DECL(int,tor_gethostname,(char *name, size_t namelen));
int tor_inet_aton(const char *cp, struct in_addr *addr) ATTR_NONNULL((1,2));
const char *tor_inet_ntop(int af, const void *src, char *dst, size_t len);
int tor_inet_pton(int af, const char *src, void *dst);
int tor_lookup_hostname(const char *name, uint32_t *addr) ATTR_NONNULL((1,2));
MOCK_DECL(int,tor_lookup_hostname,(const char *name, uint32_t *addr));
int set_socket_nonblocking(tor_socket_t socket);
int tor_socketpair(int family, int type, int protocol, tor_socket_t fd[2]);
int network_init(void);

16
src/common/compat_libevent.c
View File

@ -1,4 +1,4 @@
/* Copyright (c) 2009-2014, The Tor Project, Inc. */
/* Copyright (c) 2009-2015, The Tor Project, Inc. */
/* See LICENSE for licensing information */
/**
@ -146,13 +146,25 @@ tor_evsignal_new(struct event_base * base, int sig,
{
return tor_event_new(base, sig, EV_SIGNAL|EV_PERSIST, cb, arg);
}
/** Work-alike replacement for event_free() on pre-Libevent-2.0 systems. */
/** Work-alike replacement for event_free() on pre-Libevent-2.0 systems,
* except tolerate tor_event_free(NULL). */
void
tor_event_free(struct event *ev)
{
if (ev == NULL)
return;
event_del(ev);
tor_free(ev);
}
#else
/* Wrapper for event_free() that tolerates tor_event_free(NULL) */
void
tor_event_free(struct event *ev)
{
if (ev == NULL)
return;
event_free(ev);
}
#endif
/** Global event base for use by the main thread. */

7
src/common/compat_libevent.h
View File

@ -1,4 +1,4 @@
/* Copyright (c) 2009-2014, The Tor Project, Inc. */
/* Copyright (c) 2009-2015, The Tor Project, Inc. */
/* See LICENSE for licensing information */
#ifndef TOR_COMPAT_LIBEVENT_H
@ -28,11 +28,9 @@ void suppress_libevent_log_msg(const char *msg);
#define tor_event_new event_new
#define tor_evtimer_new evtimer_new
#define tor_evsignal_new evsignal_new
#define tor_event_free event_free
#define tor_evdns_add_server_port(sock, tcp, cb, data) \
evdns_add_server_port_with_base(tor_libevent_get_base(), \
(sock),(tcp),(cb),(data));
#else
struct event *tor_event_new(struct event_base * base, evutil_socket_t sock,
short what, void (*cb)(evutil_socket_t, short, void *), void *arg);
@ -40,10 +38,11 @@ struct event *tor_evtimer_new(struct event_base * base,
void (*cb)(evutil_socket_t, short, void *), void *arg);
struct event *tor_evsignal_new(struct event_base * base, int sig,
void (*cb)(evutil_socket_t, short, void *), void *arg);
void tor_event_free(struct event *ev);
#define tor_evdns_add_server_port evdns_add_server_port
#endif
void tor_event_free(struct event *ev);
typedef struct periodic_timer_t periodic_timer_t;
periodic_timer_t *periodic_timer_new(struct event_base *base,

2
src/common/container.c
View File

@ -1,6 +1,6 @@
/* Copyright (c) 2003-2004, Roger Dingledine
* Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
* Copyright (c) 2007-2014, The Tor Project, Inc. */
* Copyright (c) 2007-2015, The Tor Project, Inc. */
/* See LICENSE for licensing information */
/**

2
src/common/container.h
View File

@ -1,6 +1,6 @@
/* Copyright (c) 2003-2004, Roger Dingledine
* Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
* Copyright (c) 2007-2014, The Tor Project, Inc. */
* Copyright (c) 2007-2015, The Tor Project, Inc. */
/* See LICENSE for licensing information */
#ifndef TOR_CONTAINER_H

10
src/common/crypto.c
View File

@ -1,7 +1,7 @@
/* Copyright (c) 2001, Matej Pfajfar.
* Copyright (c) 2001-2004, Roger Dingledine.
* Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
* Copyright (c) 2007-2014, The Tor Project, Inc. */
* Copyright (c) 2007-2015, The Tor Project, Inc. */
/* See LICENSE for licensing information */
/**
@ -1293,7 +1293,7 @@ crypto_pk_asn1_decode(const char *str, size_t len)
* Return 0 on success, -1 on failure.
*/
int
crypto_pk_get_digest(crypto_pk_t *pk, char *digest_out)
crypto_pk_get_digest(const crypto_pk_t *pk, char *digest_out)
{
unsigned char *buf = NULL;
int len;
@ -2752,6 +2752,8 @@ base64_decode(char *dest, size_t destlen, const char *src, size_t srclen)
if (destlen > SIZE_T_CEILING)
return -1;
memset(dest, 0, destlen);
EVP_DecodeInit(&ctx);
EVP_DecodeUpdate(&ctx, (unsigned char*)dest, &len,
(unsigned char*)src, srclen);
@ -2773,6 +2775,8 @@ base64_decode(char *dest, size_t destlen, const char *src, size_t srclen)
if (destlen > SIZE_T_CEILING)
return -1;
memset(dest, 0, destlen);
/* Iterate over all the bytes in src. Each one will add 0 or 6 bits to the
* value we're decoding. Accumulate bits in <b>n</b>, and whenever we have
* 24 bits, batch them into 3 bytes and flush those bytes to dest.
@ -2952,6 +2956,8 @@ base32_decode(char *dest, size_t destlen, const char *src, size_t srclen)
tor_assert((nbits/8) <= destlen); /* We need enough space. */
tor_assert(destlen < SIZE_T_CEILING);
memset(dest, 0, destlen);
/* Convert base32 encoded chars to the 5-bit values that they represent. */
tmp = tor_malloc_zero(srclen);
for (j = 0; j < srclen; ++j) {

4
src/common/crypto.h
View File

@ -1,7 +1,7 @@
/* Copyright (c) 2001, Matej Pfajfar.
* Copyright (c) 2001-2004, Roger Dingledine.
* Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
* Copyright (c) 2007-2014, The Tor Project, Inc. */
* Copyright (c) 2007-2015, The Tor Project, Inc. */
/* See LICENSE for licensing information */
/**
@ -180,7 +180,7 @@ int crypto_pk_private_hybrid_decrypt(crypto_pk_t *env, char *to,
int crypto_pk_asn1_encode(crypto_pk_t *pk, char *dest, size_t dest_len);
crypto_pk_t *crypto_pk_asn1_decode(const char *str, size_t len);
int crypto_pk_get_digest(crypto_pk_t *pk, char *digest_out);
int crypto_pk_get_digest(const crypto_pk_t *pk, char *digest_out);
int crypto_pk_get_all_digests(crypto_pk_t *pk, digests_t *digests_out);
int crypto_pk_get_fingerprint(crypto_pk_t *pk, char *fp_out,int add_space);
int crypto_pk_get_hashed_fingerprint(crypto_pk_t *pk, char *fp_out);

2
src/common/crypto_curve25519.c
View File

@ -1,4 +1,4 @@
/* Copyright (c) 2012-2014, The Tor Project, Inc. */
/* Copyright (c) 2012-2015, The Tor Project, Inc. */
/* See LICENSE for licensing information */
/* Wrapper code for a curve25519 implementation. */

2
src/common/crypto_curve25519.h
View File

@ -1,4 +1,4 @@
/* Copyright (c) 2012-2014, The Tor Project, Inc. */
/* Copyright (c) 2012-2015, The Tor Project, Inc. */
/* See LICENSE for licensing information */
#ifndef TOR_CRYPTO_CURVE25519_H

2
src/common/crypto_ed25519.c
View File

@ -1,4 +1,4 @@
/* Copyright (c) 2013-2014, The Tor Project, Inc. */
/* Copyright (c) 2013-2015, The Tor Project, Inc. */
/* See LICENSE for licensing information */
/* Wrapper code for an ed25519 implementation. */

2
src/common/crypto_ed25519.h
View File

@ -1,4 +1,4 @@
/* Copyright (c) 2012-2014, The Tor Project, Inc. */
/* Copyright (c) 2012-2015, The Tor Project, Inc. */
/* See LICENSE for licensing information */
#ifndef TOR_CRYPTO_ED25519_H

2
src/common/crypto_format.c
View File

@ -1,4 +1,4 @@
/* Copyright (c) 2012-2014, The Tor Project, Inc. */
/* Copyright (c) 2012-2015, The Tor Project, Inc. */
/* See LICENSE for licensing information */
/* Formatting and parsing code for crypto-related data structures. */

2
src/common/crypto_s2k.c
View File

@ -1,7 +1,7 @@
/* Copyright (c) 2001, Matej Pfajfar.
* Copyright (c) 2001-2004, Roger Dingledine.
* Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
* Copyright (c) 2007-2014, The Tor Project, Inc. */
* Copyright (c) 2007-2015, The Tor Project, Inc. */
/* See LICENSE for licensing information */
#define CRYPTO_S2K_PRIVATE

2
src/common/crypto_s2k.h
View File

@ -1,7 +1,7 @@
/* Copyright (c) 2001, Matej Pfajfar.
* Copyright (c) 2001-2004, Roger Dingledine.
* Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
* Copyright (c) 2007-2014, The Tor Project, Inc. */
* Copyright (c) 2007-2015, The Tor Project, Inc. */
/* See LICENSE for licensing information */
#ifndef TOR_CRYPTO_S2K_H_INCLUDED

2
src/common/di_ops.c
View File

@ -1,4 +1,4 @@
/* Copyright (c) 2011-2014, The Tor Project, Inc. */
/* Copyright (c) 2011-2015, The Tor Project, Inc. */
/* See LICENSE for licensing information */
/**

2
src/common/di_ops.h
View File

@ -1,6 +1,6 @@
/* Copyright (c) 2003-2004, Roger Dingledine
* Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
* Copyright (c) 2007-2014, The Tor Project, Inc. */
* Copyright (c) 2007-2015, The Tor Project, Inc. */
/* See LICENSE for licensing information */
/**

2
src/common/log.c
View File

@ -1,7 +1,7 @@
/* Copyright (c) 2001, Matej Pfajfar.
* Copyright (c) 2001-2004, Roger Dingledine.
* Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
* Copyright (c) 2007-2014, The Tor Project, Inc. */
* Copyright (c) 2007-2015, The Tor Project, Inc. */
/* See LICENSE for licensing information */
/**

2
src/common/memarea.c
View File

@ -1,4 +1,4 @@
/* Copyright (c) 2008-2014, The Tor Project, Inc. */
/* Copyright (c) 2008-2015, The Tor Project, Inc. */
/* See LICENSE for licensing information */
/** \file memarea.c

2
src/common/memarea.h
View File

@ -1,4 +1,4 @@
/* Copyright (c) 2008-2014, The Tor Project, Inc. */
/* Copyright (c) 2008-2015, The Tor Project, Inc. */
/* See LICENSE for licensing information */
/* Tor dependencies */

2
src/common/mempool.c
View File

@ -1,4 +1,4 @@
/* Copyright (c) 2007-2014, The Tor Project, Inc. */
/* Copyright (c) 2007-2015, The Tor Project, Inc. */
/* See LICENSE for licensing information */
#if 1
/* Tor dependencies */

2
src/common/mempool.h
View File

@ -1,4 +1,4 @@
/* Copyright (c) 2007-2014, The Tor Project, Inc. */
/* Copyright (c) 2007-2015, The Tor Project, Inc. */
/* See LICENSE for licensing information */
/**

2
src/common/procmon.c
View File

@ -1,4 +1,4 @@
/* Copyright (c) 2011-2014, The Tor Project, Inc. */
/* Copyright (c) 2011-2015, The Tor Project, Inc. */
/* See LICENSE for licensing information */
/**

2
src/common/procmon.h
View File

@ -1,4 +1,4 @@
/* Copyright (c) 2011-2014, The Tor Project, Inc. */
/* Copyright (c) 2011-2015, The Tor Project, Inc. */
/* See LICENSE for licensing information */
/**

35
src/common/sandbox.c
View File

@ -1,7 +1,7 @@
/* Copyright (c) 2001 Matej Pfajfar.
* Copyright (c) 2001-2004, Roger Dingledine.
* Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
* Copyright (c) 2007-2014, The Tor Project, Inc. */
* Copyright (c) 2007-2015, The Tor Project, Inc. */
/* See LICENSE for licensing information */
/**
@ -58,6 +58,16 @@
#include <time.h>
#include <poll.h>
#ifdef HAVE_LINUX_NETFILTER_IPV4_H
#include <linux/netfilter_ipv4.h>
#endif
#ifdef HAVE_LINUX_IF_H
#include <linux/if.h>
#endif
#ifdef HAVE_LINUX_NETFILTER_IPV6_IP6_TABLES_H
#include <linux/netfilter_ipv6/ip6_tables.h>
#endif
#if defined(HAVE_EXECINFO_H) && defined(HAVE_BACKTRACE) && \
defined(HAVE_BACKTRACE_SYMBOLS_FD) && defined(HAVE_SIGACTION)
#define USE_BACKTRACE
@ -634,6 +644,22 @@ sb_getsockopt(scmp_filter_ctx ctx, sandbox_cfg_t *filter)
if (rc)
return rc;
#ifdef HAVE_LINUX_NETFILTER_IPV4_H
rc = seccomp_rule_add_2(ctx, SCMP_ACT_ALLOW, SCMP_SYS(getsockopt),
SCMP_CMP(1, SCMP_CMP_EQ, SOL_IP),
SCMP_CMP(2, SCMP_CMP_EQ, SO_ORIGINAL_DST));
if (rc)
return rc;
#endif
#ifdef HAVE_LINUX_NETFILTER_IPV6_IP6_TABLES_H
rc = seccomp_rule_add_2(ctx, SCMP_ACT_ALLOW, SCMP_SYS(getsockopt),
SCMP_CMP(1, SCMP_CMP_EQ, SOL_IPV6),
SCMP_CMP(2, SCMP_CMP_EQ, IP6T_SO_ORIGINAL_DST));
if (rc)
return rc;
#endif
return 0;
}
@ -1309,6 +1335,13 @@ sandbox_disable_getaddrinfo_cache(void)
sandbox_getaddrinfo_cache_disabled = 1;
}
void
sandbox_freeaddrinfo(struct addrinfo *ai)
{
if (sandbox_getaddrinfo_cache_disabled)
freeaddrinfo(ai);
}
int
sandbox_getaddrinfo(const char *name, const char *servname,
const struct addrinfo *hints,

4
src/common/sandbox.h
View File

@ -1,7 +1,7 @@
/* Copyright (c) 2001 Matej Pfajfar.
* Copyright (c) 2001-2004, Roger Dingledine.
* Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
* Copyright (c) 2007-2014, The Tor Project, Inc. */
* Copyright (c) 2007-2015, The Tor Project, Inc. */
/* See LICENSE for licensing information */
/**
@ -115,7 +115,7 @@ struct addrinfo;
int sandbox_getaddrinfo(const char *name, const char *servname,
const struct addrinfo *hints,
struct addrinfo **res);
#define sandbox_freeaddrinfo(addrinfo) ((void)0)
void sandbox_freeaddrinfo(struct addrinfo *addrinfo);
void sandbox_free_getaddrinfo_cache(void);
#else
#define sandbox_getaddrinfo(name, servname, hints, res) \

6
src/common/testsupport.h
View File

@ -1,4 +1,4 @@
/* Copyright (c) 2013-2014, The Tor Project, Inc. */
/* Copyright (c) 2013-2015, The Tor Project, Inc. */
/* See LICENSE for licensing information */
#ifndef TOR_TESTSUPPORT_H
@ -20,8 +20,8 @@
*
* and implement it as:
*
* MOCK_IMPL(void
* writebuf,(size_t n, char *buf)
* MOCK_IMPL(void,
* writebuf,(size_t n, char *buf))
* {
* ...
* }

52
src/common/torgzip.c
View File

@ -1,6 +1,6 @@
/* Copyright (c) 2004, Roger Dingledine.
* Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
* Copyright (c) 2007-2014, The Tor Project, Inc. */
* Copyright (c) 2007-2015, The Tor Project, Inc. */
/* See LICENSE for licensing information */
/**
@ -92,10 +92,27 @@ tor_zlib_get_header_version_str(void)
/** Return the 'bits' value to tell zlib to use <b>method</b>.*/
static INLINE int
method_bits(compress_method_t method)
method_bits(compress_method_t method, zlib_compression_level_t level)
{
/* Bits+16 means "use gzip" in zlib >= 1.2 */
return method == GZIP_METHOD ? 15+16 : 15;
const int flag = method == GZIP_METHOD ? 16 : 0;
switch (level) {
default:
case HIGH_COMPRESSION: return flag + 15;
case MEDIUM_COMPRESSION: return flag + 13;
case LOW_COMPRESSION: return flag + 11;
}
}
static INLINE int
get_memlevel(zlib_compression_level_t level)
{
switch (level) {
default:
case HIGH_COMPRESSION: return 8;
case MEDIUM_COMPRESSION: return 7;
case LOW_COMPRESSION: return 6;
}
}
/** @{ */
@ -162,8 +179,9 @@ tor_gzip_compress(char **out, size_t *out_len,
stream->avail_in = (unsigned int)in_len;
if (deflateInit2(stream, Z_BEST_COMPRESSION, Z_DEFLATED,
method_bits(method),
8, Z_DEFAULT_STRATEGY) != Z_OK) {
method_bits(method, HIGH_COMPRESSION),
get_memlevel(HIGH_COMPRESSION),
Z_DEFAULT_STRATEGY) != Z_OK) {
log_warn(LD_GENERAL, "Error from deflateInit2: %s",
stream->msg?stream->msg:"<no message>");
goto err;
@ -289,7 +307,7 @@ tor_gzip_uncompress(char **out, size_t *out_len,
stream->avail_in = (unsigned int)in_len;
if (inflateInit2(stream,
method_bits(method)) != Z_OK) {
method_bits(method, HIGH_COMPRESSION)) != Z_OK) {
log_warn(LD_GENERAL, "Error from inflateInit2: %s",
stream->msg?stream->msg:"<no message>");
goto err;
@ -315,7 +333,8 @@ tor_gzip_uncompress(char **out, size_t *out_len,
log_warn(LD_BUG, "Error freeing gzip structures");
goto err;
}
if (inflateInit2(stream, method_bits(method)) != Z_OK) {
if (inflateInit2(stream,
method_bits(method,HIGH_COMPRESSION)) != Z_OK) {
log_warn(LD_GENERAL, "Error from second inflateInit2: %s",
stream->msg?stream->msg:"<no message>");
goto err;
@ -426,10 +445,11 @@ struct tor_zlib_state_t {
* <b>compress</b>, it's for compression; otherwise it's for
* decompression. */
tor_zlib_state_t *
tor_zlib_new(int compress, compress_method_t method)
tor_zlib_new(int compress, compress_method_t method,
zlib_compression_level_t compression_level)
{
tor_zlib_state_t *out;
int bits;
int bits, memlevel;
if (method == GZIP_METHOD && !is_gzip_supported()) {
/* Old zlib version don't support gzip in inflateInit2 */
@ -437,21 +457,29 @@ tor_zlib_new(int compress, compress_method_t method)
return NULL;
}
if (! compress) {
/* use this setting for decompression, since we might have the
* max number of window bits */
compression_level = HIGH_COMPRESSION;
}
out = tor_malloc_zero(sizeof(tor_zlib_state_t));
out->stream.zalloc = Z_NULL;
out->stream.zfree = Z_NULL;
out->stream.opaque = NULL;
out->compress = compress;
bits = method_bits(method);
bits = method_bits(method, compression_level);
memlevel = get_memlevel(compression_level);
if (compress) {
if (deflateInit2(&out->stream, Z_BEST_COMPRESSION, Z_DEFLATED,
bits, 8, Z_DEFAULT_STRATEGY) != Z_OK)
bits, memlevel,
Z_DEFAULT_STRATEGY) != Z_OK)
goto err;
} else {
if (inflateInit2(&out->stream, bits) != Z_OK)
goto err;
}
out->allocation = tor_zlib_state_size_precalc(!compress, bits, 8);
out->allocation = tor_zlib_state_size_precalc(!compress, bits, memlevel);
total_zlib_allocation += out->allocation;

14
src/common/torgzip.h
View File

@ -1,6 +1,6 @@
/* Copyright (c) 2003, Roger Dingledine
* Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
* Copyright (c) 2007-2014, The Tor Project, Inc. */
* Copyright (c) 2007-2015, The Tor Project, Inc. */
/* See LICENSE for licensing information */
/**
@ -19,6 +19,15 @@ typedef enum {
NO_METHOD=0, GZIP_METHOD=1, ZLIB_METHOD=2, UNKNOWN_METHOD=3
} compress_method_t;
/**
* Enumeration to define tradeoffs between memory usage and compression level.
* HIGH_COMPRESSION saves the most bandwidth; LOW_COMPRESSION saves the most
* memory.
**/
typedef enum {
HIGH_COMPRESSION, MEDIUM_COMPRESSION, LOW_COMPRESSION
} zlib_compression_level_t;
int
tor_gzip_compress(char **out, size_t *out_len,
const char *in, size_t in_len,
@ -47,7 +56,8 @@ typedef enum {
} tor_zlib_output_t;
/** Internal state for an incremental zlib compression/decompression. */
typedef struct tor_zlib_state_t tor_zlib_state_t;
tor_zlib_state_t *tor_zlib_new(int compress, compress_method_t method);
tor_zlib_state_t *tor_zlib_new(int compress, compress_method_t method,
zlib_compression_level_t level);
tor_zlib_output_t tor_zlib_process(tor_zlib_state_t *state,
char **out, size_t *out_len,

6
src/common/torint.h
View File

@ -1,6 +1,6 @@
/* Copyright (c) 2003, Roger Dingledine
* Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
* Copyright (c) 2007-2014, The Tor Project, Inc. */
* Copyright (c) 2007-2015, The Tor Project, Inc. */
/* See LICENSE for licensing information */
/**
@ -191,6 +191,10 @@ typedef unsigned __int64 uint64_t;
#endif
#endif
#ifndef INT64_MIN
#define INT64_MIN ((- INT64_MAX) - 1)
#endif
#ifndef SIZE_MAX
#if SIZEOF_SIZE_T == 8
#define SIZE_MAX UINT64_MAX

2
src/common/torlog.h
View File

@ -1,7 +1,7 @@
/* Copyright (c) 2001, Matej Pfajfar.
* Copyright (c) 2001-2004, Roger Dingledine.
* Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
* Copyright (c) 2007-2014, The Tor Project, Inc. */
* Copyright (c) 2007-2015, The Tor Project, Inc. */
/* See LICENSE for licensing information */
/**

2
src/common/tortls.c
View File

@ -1,6 +1,6 @@
/* Copyright (c) 2003, Roger Dingledine.
* Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
* Copyright (c) 2007-2014, The Tor Project, Inc. */
* Copyright (c) 2007-2015, The Tor Project, Inc. */
/* See LICENSE for licensing information */
/**

2
src/common/tortls.h
View File

@ -1,6 +1,6 @@
/* Copyright (c) 2003, Roger Dingledine
* Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
* Copyright (c) 2007-2014, The Tor Project, Inc. */
* Copyright (c) 2007-2015, The Tor Project, Inc. */
/* See LICENSE for licensing information */
#ifndef TOR_TORTLS_H

Some files were not shown because too many files have changed in this diff Show More