Libevent uses an arc4random implementation (I know, I know) to
generate DNS transaction IDs and capitalization. But it liked to
initialize it either with opening /dev/urandom (which won't work
under the sandbox if it doesn't use the right pointer), or with
sysctl({CTL_KERN,KERN_RANDOM,RANDOM_UUIC}). To make _that_ work, we
were permitting sysctl unconditionally. That's not such a great
idea.
Instead, we try to initialize the libevent PRNG _before_ installing
the sandbox, and make sysctl always fail with EPERM under the
sandbox.
This should make more platforms (in particular, ones with compilers
where -fomit-frame-pointer is on by default but table generation
isn't) support backtrace generation. Thanks to cypherpunks for this
one.
Fixes bug 11047; bugfix on 0.2.5.2-alpha.
This M4 module lets us learn the right way (out of at least 18
possibilities) to extract the current PC for stack-trace-fixup-in-signal
purposes. The Google Performance Tools license is 3-clause BSD.
On platforms with the backtrace/backtrace_symbols_fd interface, Tor
can now dump stack traces on assertion failure. By default, I log
them to DataDir/stack_dump and to stderr.
If you pass the --enable-coverage flag on the command line, we build
our testing binaries with appropriate options eo enable coverage
testing. We also build a "tor-cov" binary that has coverage enabled,
for integration tests.
On recent OSX versions, test coverage only works with clang, not gcc.
So we warn about that.
Also add a contrib/coverage script to actually run gcov with the
appropriate options to generate useful .gcov files. (Thanks to
automake, the .o files will not have the names that gcov expects to
find.)
Also, remove generated gcda and gcno files on clean.
This is mainly a matter of automake trickery: we build each static
library in two versions now: one with the TOR_UNIT_TESTS macro
defined, and one without. When TOR_UNIT_TESTS is defined, we can
enable mocking and expose more functions. When it's not defined, we
can lock the binary down more.
The alternatives would be to have alternate build modes: a "testing
configuration" for building the libraries with test support, and a
"production configuration" for building them without. I don't favor
that approach, since I think it would mean more people runnning
binaries build for testing, or more people not running unit tests.
This is a bashism; on systems where sh is not bash (eg., non-Linux, or
Ubuntu using dash), this breaks with a syntax error. This also doesn't
work properly in bash: only the first item is iterated on.
If USE_ASCIIDOC is enabled but asciidoc isn't present and manpages
aren't already generated, it'll throw a warning during configure.
Works with the current git / tarball split.
Caveat: regular_mans are listed in the configure.ac
See #6506
Clang 3.2 does constant-folding and variable substitution to determine
that the program is equivalent to "return 1". Splitting the 128-bit
math into a new function seems sufficient to fix this.
Nick Mathewson
dana koch
Roger Dingledine
guilhem
Kevin Butler
Cristian Toader
dana koch
Arlo Breault