Merge remote-tracking branch 'origin/maint-0.2.3' into release-0.2.3

We should still make sure mlp approves it.

.appveyor.yml

@@ -1,62 +0,0 @@
-version: 1.0.{build}
-
-clone_depth: 50
-
-environment:
-  compiler: mingw
-
-  matrix:
-  - target: i686-w64-mingw32
-    compiler_path: mingw32
-    openssl_path: /c/OpenSSL-Win32
-  - target: x86_64-w64-mingw32
-    compiler_path: mingw64
-    openssl_path: /c/OpenSSL-Win64
-
-install:
-- ps: >-
-    Function Execute-Command ($commandPath)
-    {
-        & $commandPath $args 2>&1
-        if ( $LastExitCode -ne 0 ) {
-            $host.SetShouldExit( $LastExitCode )
-        }
-    }
-    Function Execute-Bash ()
-    {
-        Execute-Command 'c:\msys64\usr\bin\bash' '-e' '-c' $args
-    }
-    Execute-Command "C:\msys64\usr\bin\pacman" -Sy --noconfirm openssl-devel openssl libevent-devel libevent mingw-w64-i686-libevent mingw-w64-x86_64-libevent mingw-w64-i686-openssl mingw-w64-x86_64-openssl mingw-w64-i686-zstd mingw-w64-x86_64-zstd
-
-build_script:
-- ps: >-
-    if ($env:compiler -eq "mingw") {
-            $oldpath = ${env:Path} -split ';'
-            $buildpath = @("C:\msys64\${env:compiler_path}\bin", "C:\msys64\usr\bin") + $oldpath
-            $env:Path = @($buildpath) -join ';'
-            $env:build = @("${env:APPVEYOR_BUILD_FOLDER}", $env:target) -join '\'
-            Set-Location "${env:APPVEYOR_BUILD_FOLDER}"
-            Execute-Bash 'autoreconf -i'
-            mkdir "${env:build}"
-            Set-Location "${env:build}"
-            Execute-Bash "../configure --prefix=/${env:compiler_path} --build=${env:target} --host=${env:target} --disable-asciidoc --enable-fatal-warnings --with-openssl-dir=${env:openssl_path}"
-            Execute-Bash "V=1 make -j2"
-            Execute-Bash "V=1 make -j2 install"
-     }
-
-test_script:
-- ps: >-
-    if ($env:compiler -eq "mingw") {
-            $oldpath = ${env:Path} -split ';'
-            $buildpath = @("C:\msys64\${env:compiler_path}\bin") + $oldpath
-            $env:Path = $buildpath -join ';'
-            Set-Location "${env:build}"
-            Execute-Bash "VERBOSE=1 make -j2 check"
-    }
-
-on_success:
-- cmd: C:\Python27\python.exe %APPVEYOR_BUILD_FOLDER%\scripts\test\appveyor-irc-notify.py irc.oftc.net:6697 tor-ci success
-
-on_failure:
-- cmd: C:\Python27\python.exe %APPVEYOR_BUILD_FOLDER%\scripts\test\appveyor-irc-notify.py irc.oftc.net:6697 tor-ci failure
-

.gitignore

@@ -3,7 +3,6 @@
 .#*
 *~
 *.swp
-*.swo
 # C stuff
 *.o
 *.obj
@@ -14,34 +13,21 @@
 *.gcno
 *.gcov
 *.gcda
+# latex stuff
+*.aux
+*.dvi
+*.blg
+*.bbl
+*.log
 # Autotools stuff
 .deps
-.dirstamp
-*.trs
-*.log
-# Calltool stuff
-.*.graph
 # Stuff made by our makefiles
 *.bak
-# Python droppings
-*.pyc
-*.pyo
-# Cscope
-cscope.*
-# OSX junk
-*.dSYM
-.DS_Store
-# updateFallbackDirs.py temp files
-details-*.json
-uptime-*.json
-*.full_url
-*.last_modified
 
 # /
 /Makefile
 /Makefile.in
 /aclocal.m4
-/ar-lib
 /autom4te.cache
 /build-stamp
 /compile
@@ -55,13 +41,10 @@ uptime-*.json
 /config.guess
 /config.sub
 /conftest*
-/micro-revision.*
 /patch-stamp
 /stamp-h
 /stamp-h.in
 /stamp-h1
-/TAGS
-/test-driver
 /tor.sh
 /tor.spec
 /depcomp
@@ -70,15 +53,22 @@ uptime-*.json
 /mkinstalldirs
 /Tor*Bundle.dmg
 /tor-*-win32.exe
-/coverage_html/
-/callgraph/
 
 # /contrib/
-/contrib/dist/tor.sh
-/contrib/dist/torctl
-/contrib/dist/tor.service
-/contrib/operator-tools/tor.logrotate
-/contrib/dist/suse/tor.sh
+/contrib/Makefile
+/contrib/Makefile.in
+/contrib/tor.sh
+/contrib/torctl
+/contrib/torify
+/contrib/*.pyc
+/contrib/*.pyo
+/contrib/tor.logrotate
+/contrib/tor.wxs
+
+# /contrib/suse/
+/contrib/suse/tor.sh
+/contrib/suse/Makefile.in
+/contrib/suse/Makefile
 
 # /debian/
 /debian/files
@@ -99,6 +89,11 @@ uptime-*.json
 /doc/tor.html
 /doc/tor.html.in
 /doc/tor.1.xml
+/doc/tor-fw-helper.1
+/doc/tor-fw-helper.1.in
+/doc/tor-fw-helper.html
+/doc/tor-fw-helper.html.in
+/doc/tor-fw-helper.1.xml
 /doc/tor-gencert.1
 /doc/tor-gencert.1.in
 /doc/tor-gencert.html
@@ -119,34 +114,20 @@ uptime-*.json
 /doc/spec/Makefile
 /doc/spec/Makefile.in
 
-# /scripts
-/scripts/maint/checkOptionDocs.pl
-/scripts/maint/updateVersions.pl
-
 # /src/
 /src/Makefile
 /src/Makefile.in
 
-# /src/trace
-/src/trace/libor-trace.a
-
 # /src/common/
 /src/common/Makefile
 /src/common/Makefile.in
+/src/common/common_sha1.i
 /src/common/libor.a
-/src/common/libor-testing.a
 /src/common/libor.lib
-/src/common/libor-ctime.a
-/src/common/libor-ctime-testing.a
-/src/common/libor-ctime.lib
 /src/common/libor-crypto.a
-/src/common/libor-crypto-testing.a
 /src/common/libor-crypto.lib
 /src/common/libor-event.a
-/src/common/libor-event-testing.a
 /src/common/libor-event.lib
-/src/common/libcurve25519_donna.a
-/src/common/libcurve25519_donna.lib
 
 # /src/config/
 /src/config/Makefile
@@ -154,81 +135,43 @@ uptime-*.json
 /src/config/sample-server-torrc
 /src/config/torrc
 /src/config/torrc.sample
-/src/config/torrc.minimal
-
-# /src/ext/
-/src/ext/ed25519/ref10/libed25519_ref10.a
-/src/ext/ed25519/ref10/libed25519_ref10.lib
-/src/ext/ed25519/donna/libed25519_donna.a
-/src/ext/ed25519/donna/libed25519_donna.lib
-/src/ext/keccak-tiny/libkeccak-tiny.a
-/src/ext/keccak-tiny/libkeccak-tiny.lib
 
 # /src/or/
 /src/or/Makefile
 /src/or/Makefile.in
+/src/or/or_sha1.i
+/src/or/micro-revision.*
 /src/or/tor
 /src/or/tor.exe
-/src/or/tor-cov
-/src/or/tor-cov.exe
 /src/or/libtor.a
-/src/or/libtor-testing.a
 /src/or/libtor.lib
 
-# /src/rust
-/src/rust/.cargo/config
-/src/rust/.cargo/registry
-/src/rust/target
-/src/rust/registry
-
 # /src/test
 /src/test/Makefile
 /src/test/Makefile.in
 /src/test/bench
 /src/test/bench.exe
 /src/test/test
-/src/test/test-slow
-/src/test/test-bt-cl
 /src/test/test-child
-/src/test/test-memwipe
-/src/test/test-ntor-cl
-/src/test/test-hs-ntor-cl
-/src/test/test-switch-id
-/src/test/test-timers
-/src/test/test_workqueue
 /src/test/test.exe
-/src/test/test-slow.exe
-/src/test/test-bt-cl.exe
 /src/test/test-child.exe
-/src/test/test-ntor-cl.exe
-/src/test/test-hs-ntor-cl.exe
-/src/test/test-memwipe.exe
-/src/test/test-switch-id.exe
-/src/test/test-timers.exe
-/src/test/test_workqueue.exe
 
-# /src/test/fuzz
-/src/test/fuzz/fuzz-*
-/src/test/fuzz/lf-fuzz-*
 
 # /src/tools/
-/src/tools/libtorrunner.a
 /src/tools/tor-checkkey
 /src/tools/tor-resolve
-/src/tools/tor-cov-resolve
 /src/tools/tor-gencert
-/src/tools/tor-cov-gencert
 /src/tools/tor-checkkey.exe
 /src/tools/tor-resolve.exe
-/src/tools/tor-cov-resolve.exe
 /src/tools/tor-gencert.exe
-/src/tools/tor-cov-gencert.exe
 /src/tools/Makefile
 /src/tools/Makefile.in
 
-# /src/trunnel/
-/src/trunnel/libor-trunnel-testing.a
-/src/trunnel/libor-trunnel.a
+# /src/tools/tor-fw-helper/
+/src/tools/tor-fw-helper/tor-fw-helper
+/src/tools/tor-fw-helper/tor-fw-helper.exe
+/src/tools/tor-fw-helper/Makefile
+/src/tools/tor-fw-helper/Makefile.in
 
 # /src/win32/
 /src/win32/Makefile

.gitlab-ci.yml

@@ -1,45 +0,0 @@
-before_script:
-    - apt-get update -qq
-    - apt-get upgrade -qy
-
-build:
-  script:
-    - apt-get install -qy --fix-missing automake build-essential
-      libevent-dev libssl-dev zlib1g-dev
-      libseccomp-dev liblzma-dev libscrypt-dev
-    - ./autogen.sh
-    - ./configure --disable-asciidoc --enable-fatal-warnings
-      --disable-silent-rules
-    - make check || (e=$?; cat test-suite.log; exit $e)
-    - make install
-
-update:
-  only:
-    - schedules
-  script: 
-    - "apt-get install -y --fix-missing git openssh-client"
-    
-    # Run ssh-agent (inside the build environment)
-    - eval $(ssh-agent -s)
-
-    # Add the SSH key stored in SSH_PRIVATE_KEY variable to the agent store
-    - ssh-add <(echo "$DEPLOY_KEY")
-
-    # For Docker builds disable host key checking. Be aware that by adding that
-    # you are susceptible to man-in-the-middle attacks.
-    # WARNING: Use this only with the Docker executor, if you use it with shell
-    # you will overwrite your user's SSH config.
-    - mkdir -p ~/.ssh
-    - '[[ -f /.dockerenv ]] && echo -e "Host *\n\tStrictHostKeyChecking no\n\n" > ~/.ssh/config'
-    # In order to properly check the server's host key, assuming you created the
-    # SSH_SERVER_HOSTKEYS variable previously, uncomment the following two lines
-    # instead.
-    - mkdir -p ~/.ssh
-    - '[[ -f /.dockerenv ]] && echo "$SSH_SERVER_HOSTKEYS" > ~/.ssh/known_hosts'
-    - echo "merging from torgit"
-    - git config --global user.email "labadmin@oniongit.eu"
-    - git config --global user.name "gitadmin"
-    - "mkdir tor"
-    - "cd tor" 
-    - git clone --bare https://git.torproject.org/tor.git
-    - git push --mirror git@oniongit.eu:network/tor.git

.gitmodules

@@ -1,3 +0,0 @@
-[submodule "src/ext/rust"]
-	path = src/ext/rust
-	url = https://git.torproject.org/tor-rust-dependencies

.travis.yml

@@ -1,169 +0,0 @@
-language: c
-
-## Comment out the compiler list for now to allow an explicit build
-## matrix.
-# compiler:
-#   - gcc
-#   - clang
-
-notifications:
-  irc:
-    channels:
-      - "irc.oftc.net#tor-ci"
-    template:
-      - "%{repository} %{branch} %{commit} - %{author}: %{commit_subject}"
-      - "Build #%{build_number} %{result}. Details: %{build_url}"
-    on_success: change
-    on_failure: change
-  email:
-    on_success: never
-    on_failure: change
-
-os:
-  - linux
-  ## Uncomment the following line to also run the entire build matrix on OSX.
-  ## This will make your CI builds take roughly ten times longer to finish.
-  # - osx
-
-## Use the Ubuntu Trusty images.
-dist: trusty
-
-## We don't need sudo. (The "apt:" stanza after this allows us to not need sudo;
-## otherwise, we would need it for getting dependencies.)
-##
-## We override this in the explicit build matrix to work around a
-## Travis CI environment regression
-## https://github.com/travis-ci/travis-ci/issues/9033
-sudo: false
-
-## (Linux only) Download our dependencies
-addons:
-  apt:
-    packages:
-      ## Required dependencies
-      - libevent-dev
-      - libseccomp2
-      - zlib1g-dev
-      ## Optional dependencies
-      - liblzma-dev
-      - libscrypt-dev
-      ## zstd doesn't exist in Ubuntu Trusty
-      #- libzstd
-
-## The build matrix in the following two stanzas expands into four builds (per OS):
-##
-##  * with GCC, with Rust
-##  * with GCC, without Rust
-##  * with Clang, with Rust
-##  * with Clang, without Rust
-env:
-  global:
-    ## The Travis CI environment allows us two cores, so let's use both.
-    - MAKEFLAGS="-j 2"
-  matrix:
-    ## Leave at least one entry here or Travis seems to generate a
-    ## matrix entry with empty matrix environment variables.  Leaving
-    ## more than one entry causes unwanted matrix entries with
-    ## unspecified compilers.
-    - RUST_OPTIONS="--enable-rust --enable-cargo-online-mode"
-    # - RUST_OPTIONS="--enable-rust" TOR_RUST_DEPENDENCIES=true
-    # - RUST_OPTIONS=""
-
-matrix:
-  ## Uncomment to allow the build to report success (with non-required
-  ## sub-builds continuing to run) if all required sub-builds have
-  ## succeeded.  This is somewhat buggy currently: it can cause
-  ## duplicate notifications and prematurely report success if a
-  ## single sub-build has succeeded.  See
-  ## https://github.com/travis-ci/travis-ci/issues/1696
-  # fast_finish: true
-
-  ## Uncomment the appropriate lines below to allow the build to
-  ## report success even if some less-critical sub-builds fail and it
-  ## seems likely to take a while for someone to fix it.  Currently
-  ## Travis CI doesn't distinguish "all builds succeeded" from "some
-  ## non-required sub-builds failed" except on the individual build's
-  ## page, which makes it somewhat annoying to detect from the
-  ## branches and build history pages.  See
-  ## https://github.com/travis-ci/travis-ci/issues/8716
-  allow_failures:
-    # - env: RUST_OPTIONS="--enable-rust" TOR_RUST_DEPENDENCIES=true
-    # - env: RUST_OPTIONS="--enable-rust --enable-cargo-online-mode
-    # - compiler: clang
-
-  ## Create explicit matrix entries to work around a Travis CI
-  ## environment issue.  Missing keys inherit from the first list
-  ## entry under that key outside the "include" clause.
-  include:
-    - compiler: gcc
-    - compiler: gcc
-      env: RUST_OPTIONS="--enable-rust" TOR_RUST_DEPENDENCIES=true
-    - compiler: gcc
-      env: RUST_OPTIONS=""
-    - compiler: gcc
-      env: COVERAGE_OPTIONS="--enable-coverage"
-    - compiler: gcc
-      env: DISTCHECK="yes" RUST_OPTIONS=""
-    - compiler: gcc
-      env: DISTCHECK="yes" RUST_OPTIONS="--enable-rust --enable-cargo-online-mode"
-    - compiler: gcc
-      env: MODULES_OPTIONS="--disable-module-dirauth"
-    ## The "sudo: required" forces non-containerized builds, working
-    ## around a Travis CI environment issue: clang LeakAnalyzer fails
-    ## because it requires ptrace and the containerized environment no
-    ## longer allows ptrace.
-    - compiler: clang
-      sudo: required
-    - compiler: clang
-      sudo: required
-      env: RUST_OPTIONS="--enable-rust" TOR_RUST_DEPENDENCIES=true
-    - compiler: clang
-      sudo: required
-      env: RUST_OPTIONS=""
-    - compiler: clang
-      sudo: required
-      env: MODULES_OPTIONS="--disable-module-dirauth"
-
-before_install:
-  ## If we're on OSX, homebrew usually needs to updated first
-  - if [[ "$TRAVIS_OS_NAME" == "osx" ]]; then brew update ; fi
-  ## Download rustup
-  - if [[ "$RUST_OPTIONS" != "" ]]; then curl -Ssf -o rustup.sh https://sh.rustup.rs; fi
-  - if [[ "$COVERAGE_OPTIONS" != "" ]]; then pip install --user cpp-coveralls; fi
-
-install:
-  ## If we're on OSX use brew to install required dependencies (for Linux, see the "apt:" section above)
-  - if [[ "$TRAVIS_OS_NAME" == "osx" ]]; then { brew outdated openssl    || brew upgrade openssl;    }; fi
-  - if [[ "$TRAVIS_OS_NAME" == "osx" ]]; then { brew outdated libevent   || brew upgrade libevent;   }; fi
-  - if [[ "$TRAVIS_OS_NAME" == "osx" ]]; then { brew outdated pkg-config || brew upgrade pkg-config; }; fi
-  ## If we're on OSX also install the optional dependencies
-  - if [[ "$TRAVIS_OS_NAME" == "osx" ]]; then { brew outdated xz         || brew upgrade xz;         }; fi
-  - if [[ "$TRAVIS_OS_NAME" == "osx" ]]; then { brew outdated libscrypt  || brew upgrade libscrypt;  }; fi
-  - if [[ "$TRAVIS_OS_NAME" == "osx" ]]; then { brew outdated zstd       || brew upgrade zstd;       }; fi
-  ## Install the stable channels of rustc and cargo and setup our toolchain environment
-  - if [[ "$RUST_OPTIONS" != "" ]]; then sh rustup.sh -y --default-toolchain stable; fi
-  - if [[ "$RUST_OPTIONS" != "" ]]; then source $HOME/.cargo/env; fi
-  ## Get some info about rustc and cargo
-  - if [[ "$RUST_OPTIONS" != "" ]]; then which rustc; fi
-  - if [[ "$RUST_OPTIONS" != "" ]]; then which cargo; fi
-  - if [[ "$RUST_OPTIONS" != "" ]]; then rustc --version; fi
-  - if [[ "$RUST_OPTIONS" != "" ]]; then cargo --version; fi
-  ## If we're testing rust builds in offline-mode, then set up our vendored dependencies
-  - if [[ "$TOR_RUST_DEPENDENCIES" == "true" ]]; then export TOR_RUST_DEPENDENCIES=$PWD/src/ext/rust/crates; fi
-
-script:
-  - ./autogen.sh
-  - ./configure $RUST_OPTIONS $COVERAGE_OPTIONS $MODULES_OPTIONS --disable-asciidoc --enable-fatal-warnings --disable-silent-rules --enable-fragile-hardening
-  ## We run `make check` because that's what https://jenkins.torproject.org does.
-  - if [[ "$DISTCHECK" == "" ]]; then make check; fi
-  - if [[ "$DISTCHECK" != "" ]]; then make distcheck DISTCHECK_CONFIGURE_FLAGS="$RUST_OPTIONS $COVERAGE_OPTIONS --disable-asciidoc --enable-fatal-warnings --disable-silent-rules --enable-fragile-hardening"; fi
-
-after_failure:
-  ## `make check` will leave a log file with more details of test failures.
-  - if [[ "$DISTCHECK" == "" ]]; then cat test-suite.log; fi
-  ## `make distcheck` puts it somewhere different.
-  - if [[ "$DISTCHECK" != "" ]]; then make show-distdir-testlog; fi
-
-after_success:
-  ## If this build was one that produced coverage, upload it.
-  - if [[ "$COVERAGE_OPTIONS" != "" ]]; then coveralls -b . --exclude src/test --exclude src/trunnel --gcov-options '\-p'; fi

CONTRIBUTING

@@ -1,39 +0,0 @@
-Contributing to Tor
--------------------
-
-### Getting started
-
-Welcome!
-
-We have a bunch of documentation about how to develop Tor in the
-doc/HACKING/ directory.  We recommend that you start with
-doc/HACKING/README.1st.md , and then go from there.  It will tell
-you how to find your way around the source code, how to get
-involved with the Tor community, how to write patches, and much
-more!
-
-You don't have to be a C developer to help with Tor: have a look
-at https://www.torproject.org/getinvolved/volunteer !
-
-The Tor Project is committed to fostering a inclusive community
-where people feel safe to engage, share their points of view, and
-participate. For the latest version of our Code of Conduct, please
-see
-
-https://gitweb.torproject.org/community/policies.git/plain/code_of_conduct.txt
-
-
-
-### License issues
-
-Tor is distributed under the license terms in the LICENSE -- in
-brief, the "3-clause BSD license".  If you send us code to
-distribute with Tor, it needs to be code that we can distribute
-under those terms.  Please don't send us patches unless you agree
-to allow this.
-
-Some compatible licenses include:
-
-  - 3-clause BSD
-  - 2-clause BSD
-  - CC0 Public Domain Dedication

Doxyfile.in

@@ -38,7 +38,7 @@ PROJECT_NUMBER         = @VERSION@
 # If a relative path is entered, it will be relative to the location 
 # where doxygen was started. If left blank the current directory will be used.
 
-OUTPUT_DIRECTORY       = @top_builddir@/doc/doxygen
+OUTPUT_DIRECTORY       = ./doc/doxygen
 
 # If the CREATE_SUBDIRS tag is set to YES, then doxygen will create 
 # 4096 sub-directories (in 2 levels) under the output directory of each output 
@@ -446,6 +446,12 @@ MAX_INITIALIZER_LINES  = 30
 
 SHOW_USED_FILES        = YES
 
+# If the sources in your project are distributed over multiple directories 
+# then setting the SHOW_DIRECTORIES tag to YES will show the directory hierarchy 
+# in the documentation. The default is NO.
+
+SHOW_DIRECTORIES       = NO
+
 # Set the SHOW_FILES tag to NO to disable the generation of the Files page.
 # This will remove the Files entry from the Quick Index and from the 
 # Folder Tree View (if specified). The default is YES.
@@ -528,8 +534,8 @@ WARN_LOGFILE           =
 # directories like "/usr/src/myproject". Separate the files or directories 
 # with spaces.
 
-INPUT                  = @top_srcdir@/src/common \
-                         @top_srcdir@/src/or
+INPUT                  = src/common \
+                         src/or
 
 # This tag can be used to specify the character encoding of the source files 
 # that doxygen parses. Internally doxygen uses the UTF-8 encoding, which is 
@@ -754,6 +760,12 @@ HTML_FOOTER            =
 
 HTML_STYLESHEET        = 
 
+# If the HTML_ALIGN_MEMBERS tag is set to YES, the members of classes, 
+# files or namespaces will be aligned in HTML using tables. If set to 
+# NO a bullet list will be used.
+
+HTML_ALIGN_MEMBERS     = YES
+
 # If the GENERATE_HTMLHELP tag is set to YES, additional index files 
 # will be generated that can be used as input for tools like the 
 # Microsoft HTML help workshop to generate a compiled HTML help file (.chm) 
@@ -1035,6 +1047,18 @@ GENERATE_XML           = NO
 
 XML_OUTPUT             = xml
 
+# The XML_SCHEMA tag can be used to specify an XML schema, 
+# which can be used by a validating XML parser to check the 
+# syntax of the XML files.
+
+XML_SCHEMA             = 
+
+# The XML_DTD tag can be used to specify an XML DTD, 
+# which can be used by a validating XML parser to check the 
+# syntax of the XML files.
+
+XML_DTD                = 
+
 # If the XML_PROGRAMLISTING tag is set to YES Doxygen will 
 # dump the program listings (including syntax highlighting 
 # and cross-referencing information) to the XML output. Note that 
@@ -1240,7 +1264,7 @@ HAVE_DOT               = NO
 # DOTFONTPATH environment variable or by setting DOT_FONTPATH to the directory 
 # containing the font.
 
-DOT_FONTNAME           =
+DOT_FONTNAME           = FreeSans
 
 # By default doxygen will tell dot to use the output directory to look for the 
 # FreeSans.ttf font (which doxygen will put there itself). If you specify a 

LICENSE

@@ -13,7 +13,7 @@ Tor is distributed under this license:
 
 Copyright (c) 2001-2004, Roger Dingledine
 Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson
-Copyright (c) 2007-2017, The Tor Project, Inc.
+Copyright (c) 2007-2012, The Tor Project, Inc.
 
 Redistribution and use in source and binary forms, with or without
 modification, are permitted provided that the following conditions are
@@ -43,7 +43,7 @@ THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
 (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
 OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 ===============================================================================
-src/ext/strlcat.c and src/ext/strlcpy.c by Todd C. Miller are licensed
+src/common/strlcat.c and src/common/strlcpy.c by Todd C. Miller are licensed
 under the following license:
 
  * Copyright (c) 1998 Todd C. Miller <Todd.Miller@courtesan.com>
@@ -70,90 +70,6 @@ under the following license:
  * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
  * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
  * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-===============================================================================
-src/ext/tor_queue.h is licensed under the following license:
-
- * Copyright (c) 1991, 1993
- *      The Regents of the University of California.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. Neither the name of the University nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
-
-===============================================================================
-src/ext/csiphash.c is licensed under the following license:
-
- Copyright (c) 2013  Marek Majkowski <marek@popcount.org>
-
- Permission is hereby granted, free of charge, to any person obtaining a copy
- of this software and associated documentation files (the "Software"), to deal
- in the Software without restriction, including without limitation the rights
- to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
- copies of the Software, and to permit persons to whom the Software is
- furnished to do so, subject to the following conditions:
-
- The above copyright notice and this permission notice shall be included in
- all copies or substantial portions of the Software.
-
- THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
- AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
- THE SOFTWARE.
-===============================================================================
-Trunnel is distributed under this license:
-
-Copyright 2014  The Tor Project, Inc.
-
-Redistribution and use in source and binary forms, with or without
-modification, are permitted provided that the following conditions are
-met:
-
-    * Redistributions of source code must retain the above copyright
-notice, this list of conditions and the following disclaimer.
-
-    * Redistributions in binary form must reproduce the above
-copyright notice, this list of conditions and the following disclaimer
-in the documentation and/or other materials provided with the
-distribution.
-
-    * Neither the names of the copyright owners nor the names of its
-contributors may be used to endorse or promote products derived from
-this software without specific prior written permission.
-
-THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
-"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
-LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
-A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
-OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
-LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
-DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
-THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
-(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
-OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 
 ===============================================================================
 src/config/geoip is licensed under the following license:
@@ -189,191 +105,6 @@ LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
 ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
 (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
 DATABASE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-===============================================================================
-m4/pc_from_ucontext.m4 is available under the following license.  Note that
-it is *not* built into the Tor software.
-
-Copyright (c) 2005, Google Inc.
-All rights reserved.
-
-Redistribution and use in source and binary forms, with or without
-modification, are permitted provided that the following conditions are
-met:
-
-    * Redistributions of source code must retain the above copyright
-notice, this list of conditions and the following disclaimer.
-    * Redistributions in binary form must reproduce the above
-copyright notice, this list of conditions and the following disclaimer
-in the documentation and/or other materials provided with the
-distribution.
-    * Neither the name of Google Inc. nor the names of its
-contributors may be used to endorse or promote products derived from
-this software without specific prior written permission.
-
-THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
-"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
-LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
-A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
-OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
-LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
-DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
-THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
-(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
-OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-
-===============================================================================
-m4/pkg.m4 is available under the following license.  Note that
-it is *not* built into the Tor software.
-
-pkg.m4 - Macros to locate and utilise pkg-config.            -*- Autoconf -*-
-serial 1 (pkg-config-0.24)
-
-Copyright © 2004 Scott James Remnant <scott@netsplit.com>.
-
-This program is free software; you can redistribute it and/or modify
-it under the terms of the GNU General Public License as published by
-the Free Software Foundation; either version 2 of the License, or
-(at your option) any later version.
-
-This program is distributed in the hope that it will be useful, but
-WITHOUT ANY WARRANTY; without even the implied warranty of
-MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-General Public License for more details.
-
-You should have received a copy of the GNU General Public License
-along with this program; if not, write to the Free Software
-Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
-
-As a special exception to the GNU General Public License, if you
-distribute this file as part of a program that contains a
-configuration script generated by Autoconf, you may include it under
-the same distribution terms that you use for the rest of that program.
-===============================================================================
-src/ext/readpassphrase.[ch] are distributed under this license:
-
-  Copyright (c) 2000-2002, 2007 Todd C. Miller <Todd.Miller@courtesan.com>
-
-  Permission to use, copy, modify, and distribute this software for any
-  purpose with or without fee is hereby granted, provided that the above
-  copyright notice and this permission notice appear in all copies.
-
-  THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
-  WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
-  MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
-  ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
-  WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
-  ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
-  OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
-
-  Sponsored in part by the Defense Advanced Research Projects
-  Agency (DARPA) and Air Force Research Laboratory, Air Force
-  Materiel Command, USAF, under agreement number F39502-99-1-0512.
-
-===============================================================================
-src/ext/mulodi4.c is distributed under this license:
-
-     =========================================================================
-     compiler_rt License
-     =========================================================================
-
-     The compiler_rt library is dual licensed under both the
-     University of Illinois "BSD-Like" license and the MIT license.
-     As a user of this code you may choose to use it under either
-     license.  As a contributor, you agree to allow your code to be
-     used under both.
-
-     Full text of the relevant licenses is included below.
-
-     =========================================================================
-
-     University of Illinois/NCSA
-     Open Source License
-
-     Copyright (c) 2009-2016 by the contributors listed in CREDITS.TXT
-
-     All rights reserved.
-
-     Developed by:
-
-         LLVM Team
-
-         University of Illinois at Urbana-Champaign
-
-         http://llvm.org
-
-     Permission is hereby granted, free of charge, to any person
-     obtaining a copy of this software and associated documentation
-     files (the "Software"), to deal with the Software without
-     restriction, including without limitation the rights to use,
-     copy, modify, merge, publish, distribute, sublicense, and/or sell
-     copies of the Software, and to permit persons to whom the
-     Software is furnished to do so, subject to the following
-     conditions:
-
-         * Redistributions of source code must retain the above
-           copyright notice, this list of conditions and the following
-           disclaimers.
-
-         * Redistributions in binary form must reproduce the above
-           copyright notice, this list of conditions and the following
-           disclaimers in the documentation and/or other materials
-           provided with the distribution.
-
-         * Neither the names of the LLVM Team, University of Illinois
-           at Urbana-Champaign, nor the names of its contributors may
-           be used to endorse or promote products derived from this
-           Software without specific prior written permission.
-
-     THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
-     EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES
-     OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
-     NONINFRINGEMENT.  IN NO EVENT SHALL THE CONTRIBUTORS OR COPYRIGHT
-     HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
-     WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
-     FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
-     OTHER DEALINGS WITH THE SOFTWARE.
-
-     =========================================================================
-
-     Copyright (c) 2009-2015 by the contributors listed in CREDITS.TXT
-
-     Permission is hereby granted, free of charge, to any person
-     obtaining a copy of this software and associated documentation
-     files (the "Software"), to deal in the Software without
-     restriction, including without limitation the rights to use,
-     copy, modify, merge, publish, distribute, sublicense, and/or sell
-     copies of the Software, and to permit persons to whom the
-     Software is furnished to do so, subject to the following
-     conditions:
-
-     The above copyright notice and this permission notice shall be
-     included in all copies or substantial portions of the Software.
-
-     THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
-     EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES
-     OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
-     NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
-     HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
-     WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
-     FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
-     OTHER DEALINGS IN THE SOFTWARE.
-
-     =========================================================================
-     Copyrights and Licenses for Third Party Software Distributed with LLVM:
-     =========================================================================
-
-     The LLVM software contains code written by third parties.  Such
-     software will have its own individual LICENSE.TXT file in the
-     directory in which it appears.  This file will describe the
-     copyrights, license, and restrictions which apply to that code.
-
-     The disclaimer of warranty in the University of Illinois Open
-     Source License applies to all code in the LLVM Distribution, and
-     nothing in any of the other licenses gives permission to use the
-     names of the LLVM Team or the University of Illinois to endorse
-     or promote products derived from this Software.
-
 ===============================================================================
 If you got Tor as a static binary with OpenSSL included, then you should know:
  "This product includes software developed by the OpenSSL Project

Makefile.am

@@ -1,76 +1,25 @@
 # Copyright (c) 2001-2004, Roger Dingledine
 # Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson
-# Copyright (c) 2007-2017, The Tor Project, Inc.
+# Copyright (c) 2007-2011, The Tor Project, Inc.
 # See LICENSE for licensing information
 
-ACLOCAL_AMFLAGS = -I m4
+# "foreign" means we don't follow GNU package layout standards
+# 1.7 means we require automake vesion 1.7
+AUTOMAKE_OPTIONS = foreign 1.7
 
-noinst_LIBRARIES=
-EXTRA_DIST=
-noinst_HEADERS=
-bin_PROGRAMS=
-EXTRA_PROGRAMS=
-CLEANFILES=
-TESTS=
-noinst_PROGRAMS=
-DISTCLEANFILES=
-bin_SCRIPTS=
-AM_CPPFLAGS=
-AM_CFLAGS=@TOR_SYSTEMD_CFLAGS@ @CFLAGS_BUGTRAP@ @TOR_LZMA_CFLAGS@ @TOR_ZSTD_CFLAGS@
-SHELL=@SHELL@
+SUBDIRS = src doc contrib
 
-if COVERAGE_ENABLED
-TESTING_TOR_BINARY=$(top_builddir)/src/or/tor-cov$(EXEEXT)
-else
-TESTING_TOR_BINARY=$(top_builddir)/src/or/tor$(EXEEXT)
-endif
+DIST_SUBDIRS = src doc contrib
 
-if USE_RUST
-rust_ldadd=$(top_builddir)/src/rust/target/release/@TOR_RUST_STATIC_NAME@ \
-	@TOR_RUST_EXTRA_LIBS@
-else
-rust_ldadd=
-endif
-
-include src/include.am
-include doc/include.am
-include contrib/include.am
-
-EXTRA_DIST+= \
+EXTRA_DIST = \
 	ChangeLog					\
-	CONTRIBUTING					\
 	INSTALL						\
 	LICENSE						\
 	Makefile.nmake					\
 	README						\
 	ReleaseNotes					\
-	scripts/maint/checkSpace.pl
-
-## This tells etags how to find mockable function definitions.
-AM_ETAGSFLAGS=--regex='{c}/MOCK_IMPL([^,]+,\W*\([a-zA-Z0-9_]+\)\W*,/\1/s'
-
-if COVERAGE_ENABLED
-TEST_CFLAGS=-fno-inline -fprofile-arcs -ftest-coverage
-if DISABLE_ASSERTS_IN_UNIT_TESTS
-TEST_CPPFLAGS=-DTOR_UNIT_TESTS -DTOR_COVERAGE -DDISABLE_ASSERTS_IN_UNIT_TESTS @TOR_MODULES_ALL_ENABLED@
-else
-TEST_CPPFLAGS=-DTOR_UNIT_TESTS -DTOR_COVERAGE @TOR_MODULES_ALL_ENABLED@
-endif
-TEST_NETWORK_FLAGS=--coverage --hs-multi-client 1
-else
-TEST_CFLAGS=
-TEST_CPPFLAGS=-DTOR_UNIT_TESTS @TOR_MODULES_ALL_ENABLED@
-TEST_NETWORK_FLAGS=--hs-multi-client 1
-endif
-TEST_NETWORK_WARNING_FLAGS=--quiet --only-warnings
-
-if LIBFUZZER_ENABLED
-TEST_CFLAGS += -fsanitize-coverage=trace-pc-guard,trace-cmp,trace-div
-# not "edge"
-endif
-
-TEST_NETWORK_ALL_LOG_DIR=$(top_builddir)/test_network_log
-TEST_NETWORK_ALL_DRIVER_FLAGS=--color-tests yes
+	tor.spec					\
+	tor.spec.in
 
 #install-data-local:
 #	$(INSTALL) -m 755 -d $(LOCALSTATEDIR)/lib/tor
@@ -92,167 +41,34 @@ dist-rpm: dist-gzip
 	echo "RPM build finished";						\
 	#end of dist-rpm
 
+dist: check
+
 doxygen:
 	doxygen && cd doc/doxygen/latex && make
 
 test: all
-	$(top_builddir)/src/test/test
-
-check-local: check-spaces check-changes
-
-need-chutney-path:
-	@if test ! -d "$$CHUTNEY_PATH"; then \
-		echo '$$CHUTNEY_PATH was not set.'; \
-		if test -d $(top_srcdir)/../chutney -a -x $(top_srcdir)/../chutney/chutney; then \
-			echo "Assuming test-network.sh will find" $(top_srcdir)/../chutney; \
-		else \
-			echo; \
-			echo "To run these tests, git clone https://git.torproject.org/chutney.git ; export CHUTNEY_PATH=\`pwd\`/chutney"; \
-			exit 1; \
-		fi \
-	fi
-
-# Note that test-network requires a copy of Chutney in $CHUTNEY_PATH.
-# Chutney can be cloned from https://git.torproject.org/chutney.git .
-test-network: need-chutney-path $(TESTING_TOR_BINARY) src/tools/tor-gencert
-	$(top_srcdir)/src/test/test-network.sh $(TEST_NETWORK_FLAGS)
-
-# Run all available tests using automake's test-driver
-# only run IPv6 tests if we can ping6 ::1 (localhost)
-# only run IPv6 tests if we can ping ::1 (localhost)
-# some IPv6 tests will fail without an IPv6 DNS server (see #16971 and #17011)
-# only run mixed tests if we have a tor-stable binary
-# Try the syntax for BSD ping6, Linux ping6, and Linux ping -6,
-# because they're incompatible
-test-network-all: need-chutney-path test-driver $(TESTING_TOR_BINARY) src/tools/tor-gencert
-	mkdir -p $(TEST_NETWORK_ALL_LOG_DIR)
-	@flavors="$(TEST_CHUTNEY_FLAVORS)"; \
-	if ping6 -q -c 1 -o ::1 >/dev/null 2>&1 || ping6 -q -c 1 -W 1 ::1 >/dev/null 2>&1 || ping -6 -c 1 -W 1 ::1 >/dev/null 2>&1; then \
-		echo "ping6 ::1 or ping ::1 succeeded, running IPv6 flavors: $(TEST_CHUTNEY_FLAVORS_IPV6)."; \
-		flavors="$$flavors $(TEST_CHUTNEY_FLAVORS_IPV6)"; \
-	else \
-		echo "ping6 ::1 and ping ::1 failed, skipping IPv6 flavors: $(TEST_CHUTNEY_FLAVORS_IPV6)."; \
-		skip_flavors="$$skip_flavors $(TEST_CHUTNEY_FLAVORS_IPV6)"; \
-	fi; \
-	if command -v tor-stable >/dev/null 2>&1; then \
-		echo "tor-stable found, running mixed flavors: $(TEST_CHUTNEY_FLAVORS_MIXED)."; \
-		flavors="$$flavors $(TEST_CHUTNEY_FLAVORS_MIXED)"; \
-	else \
-		echo "tor-stable not found, skipping mixed flavors: $(TEST_CHUTNEY_FLAVORS_MIXED)."; \
-		skip_flavors="$$skip_flavors $(TEST_CHUTNEY_FLAVORS_MIXED)"; \
-	fi; \
-	for f in $$skip_flavors; do \
-		echo "SKIP: $$f"; \
-	done; \
-	for f in $$flavors; do \
-		$(SHELL) $(top_srcdir)/test-driver --test-name $$f --log-file $(TEST_NETWORK_ALL_LOG_DIR)/$$f.log --trs-file $(TEST_NETWORK_ALL_LOG_DIR)/$$f.trs $(TEST_NETWORK_ALL_DRIVER_FLAGS) $(top_srcdir)/src/test/test-network.sh --flavor $$f $(TEST_NETWORK_FLAGS); \
-		$(top_srcdir)/src/test/test-network.sh $(TEST_NETWORK_WARNING_FLAGS); \
-	done; \
-	echo "Log and result files are available in $(TEST_NETWORK_ALL_LOG_DIR)."; \
-	! grep -q FAIL test_network_log/*.trs
-
-need-stem-path:
-	@if test ! -d "$$STEM_SOURCE_DIR"; then \
-		echo '$$STEM_SOURCE_DIR was not set.'; echo; \
-		echo "To run these tests, git clone https://git.torproject.org/stem.git/ ; export STEM_SOURCE_DIR=\`pwd\`/stem"; \
-		exit 1; \
-	fi
-
-test-stem: need-stem-path $(TESTING_TOR_BINARY)
-	@$(PYTHON) "$$STEM_SOURCE_DIR"/run_tests.py --tor "$(TESTING_TOR_BINARY)" --all --log notice --target RUN_ALL;
-
-test-stem-full: need-stem-path $(TESTING_TOR_BINARY)
-	@$(PYTHON) "$$STEM_SOURCE_DIR"/run_tests.py --tor "$(TESTING_TOR_BINARY)" --all --log notice --target RUN_ALL,ONLINE -v;
-
-test-full: need-stem-path need-chutney-path check test-network test-stem
-
-test-full-online: need-stem-path need-chutney-path check test-network test-stem-full
-
-reset-gcov:
-	rm -f $(top_builddir)/src/*/*.gcda $(top_builddir)/src/*/*/*.gcda
-
-HTML_COVER_DIR=$(top_builddir)/coverage_html
-coverage-html: all
-if COVERAGE_ENABLED
-	test -e "`which lcov`" || (echo "lcov must be installed. See <http://ltp.sourceforge.net/coverage/lcov.php>." && false)
-	test -d "$(HTML_COVER_DIR)" || $(MKDIR_P) "$(HTML_COVER_DIR)"
-	lcov --rc lcov_branch_coverage=1 --directory $(top_builddir)/src --zerocounters
-	$(MAKE) reset-gcov
-	$(MAKE) check
-	lcov --capture --rc lcov_branch_coverage=1 --no-external --directory $(top_builddir) --base-directory $(top_srcdir) --output-file "$(HTML_COVER_DIR)/lcov.tmp"
-	lcov --remove "$(HTML_COVER_DIR)/lcov.tmp" --rc lcov_branch_coverage=1 'test/*' 'ext/tinytest*' '/usr/*' --output-file "$(HTML_COVER_DIR)/lcov.info"
-	genhtml --branch-coverage -o "$(HTML_COVER_DIR)" "$(HTML_COVER_DIR)/lcov.info"
-else
-	@printf "Not configured with --enable-coverage, run ./configure --enable-coverage\n"
-endif
-
-coverage-html-full: all
-	test -e "`which lcov`" || (echo "lcov must be installed. See <http://ltp.sourceforge.net/coverage/lcov.php>." && false)
-	test -d "$(HTML_COVER_DIR)" || mkdir -p "$(HTML_COVER_DIR)"
-	lcov --rc lcov_branch_coverage=1 --directory ./src --zerocounters
-	$(MAKE) reset-gcov
-	$(MAKE) check
-	$(MAKE) test-stem-full
-	CHUTNEY_TOR=tor-cov CHUTNEY_TOR_GENCERT=tor-cov-gencert $(top_srcdir)/src/test/test-network.sh
-	CHUTNEY_TOR=tor-cov CHUTNEY_TOR_GENCERT=tor-cov-gencert $(top_srcdir)/src/test/test-network.sh --flavor hs
-	lcov --capture --rc lcov_branch_coverage=1 --no-external --directory . --output-file "$(HTML_COVER_DIR)/lcov.tmp"
-	lcov --remove "$(HTML_COVER_DIR)/lcov.tmp" --rc lcov_branch_coverage=1 'test/*' 'ext/tinytest*' '/usr/*' --output-file "$(HTML_COVER_DIR)/lcov.info"
-	genhtml --branch-coverage -o "$(HTML_COVER_DIR)" "$(HTML_COVER_DIR)/lcov.info"
+	./src/test/test
 
 # Avoid strlcpy.c, strlcat.c, aes.c, OpenBSD_malloc_Linux.c, sha256.c,
-# tinytest*.[ch]
+# eventdns.[hc], tinytest*.[ch]
 check-spaces:
-if USE_PERL
-	$(PERL) $(top_srcdir)/scripts/maint/checkSpace.pl -C \
-		$(top_srcdir)/src/common/*.[ch] \
-		$(top_srcdir)/src/or/*.[ch] \
-		$(top_srcdir)/src/test/*.[ch] \
-		$(top_srcdir)/src/test/*/*.[ch] \
-		$(top_srcdir)/src/tools/*.[ch]
-endif
+	./contrib/checkSpace.pl -C                    \
+		src/common/*.h			      \
+		src/common/[^asO]*.c		      \
+		src/common/address.c		      \
+		src/or/[^e]*.[ch]		      \
+		src/or/eventdns_tor.h		      \
+		src/test/test*.[ch]		      \
+		src/test/[^t]*.[ch]		      \
+		src/tools/*.[ch]		      \
+		src/tools/tor-fw-helper/*.[ch]
 
-check-docs: all
-	$(PERL) $(top_builddir)/scripts/maint/checkOptionDocs.pl
+check-docs:
+	./contrib/checkOptionDocs.pl
 
 check-logs:
-	$(top_srcdir)/scripts/maint/checkLogs.pl \
-		$(top_srcdir)/src/*/*.[ch] | sort -n
-
-.PHONY: check-typos
-check-typos:
-	@if test -x "`which misspell 2>&1;true`"; then \
-		echo "Checking for Typos ..."; \
-		(misspell \
-			$(top_srcdir)/src/[^e]*/*.[ch] \
-			$(top_srcdir)/doc \
-			$(top_srcdir)/contrib \
-			$(top_srcdir)/scripts \
-			$(top_srcdir)/README \
-			$(top_srcdir)/ChangeLog \
-			$(top_srcdir)/INSTALL \
-			$(top_srcdir)/ReleaseNotes \
-			$(top_srcdir)/LICENSE); \
-	else \
-		echo "Tor can use misspell to check for typos."; \
-		echo "It seems that you don't have misspell installed."; \
-		echo "You can install the latest version of misspell here: https://github.com/client9/misspell#install"; \
-	fi
-
-.PHONY: check-changes
-check-changes:
-if USEPYTHON
-	@if test -d "$(top_srcdir)/changes"; then \
-		$(PYTHON) $(top_srcdir)/scripts/maint/lintChanges.py $(top_srcdir)/changes; \
-		fi
-endif
-
-.PHONY: update-versions
-update-versions:
-	$(PERL) $(top_builddir)/scripts/maint/updateVersions.pl
-
-.PHONY: callgraph
-callgraph:
-	$(top_builddir)/scripts/maint/run_calltool.sh
+	./contrib/checkLogs.pl                        \
+		src/*/*.[ch] | sort -n
 
 version:
 	@echo "Tor @VERSION@"
@@ -261,25 +77,3 @@ version:
 	   (cd "$(top_srcdir)" && git rev-parse --short=16 HEAD); \
 	fi
 
-mostlyclean-local:
-	rm -f $(top_builddir)/src/*/*.gc{da,no} $(top_builddir)/src/*/*/*.gc{da,no}
-	rm -rf $(HTML_COVER_DIR)
-	rm -rf $(top_builddir)/doc/doxygen
-	rm -rf $(TEST_NETWORK_ALL_LOG_DIR)
-
-clean-local:
-	rm -rf $(top_builddir)/src/rust/target
-	rm -rf $(top_builddir)/src/rust/.cargo/registry
-
-if USE_RUST
-distclean-local: distclean-rust
-endif
-
-# This relies on some internal details of how automake implements
-# distcheck.  We check two directories because automake-1.15 changed
-# from $(distdir)/_build to $(distdir)/_build/sub.
-show-distdir-testlog:
-	@if test -d "$(distdir)/_build/sub"; then \
-	  cat $(distdir)/_build/sub/$(TEST_SUITE_LOG); \
-	else \
-	  cat $(distdir)/_build/$(TEST_SUITE_LOG); fi

Makefile.nmake

@@ -1,19 +1,5 @@
 all:
 	cd src/common
 	$(MAKE) /F Makefile.nmake
-	cd ../../src/ext
-	$(MAKE) /F Makefile.nmake
 	cd ../../src/or
 	$(MAKE) /F Makefile.nmake
-	cd ../../src/test
-	$(MAKE) /F Makefile.nmake
-
-clean:
-	cd src/common
-	$(MAKE) /F Makefile.nmake clean
-	cd ../../src/ext
-	$(MAKE) /F Makefile.nmake clean
-	cd ../../src/or
-	$(MAKE) /F Makefile.nmake clean
-	cd ../../src/test
-	$(MAKE) /F Makefile.nmake clean

README

@@ -6,27 +6,19 @@ configure it properly.
 To build Tor from source:
         ./configure && make && make install
 
-To build Tor from a just-cloned git repository:
-        sh autogen.sh && ./configure && make && make install
-
 Home page:
         https://www.torproject.org/
 
 Download new versions:
-        https://www.torproject.org/download/download.html
+        https://www.torproject.org/download.html
 
 Documentation, including links to installation and setup instructions:
-        https://www.torproject.org/docs/documentation.html
+        https://www.torproject.org/documentation.html
 
 Making applications work with Tor:
-        https://wiki.torproject.org/projects/tor/wiki/doc/TorifyHOWTO
+        https://wiki.torproject.org/noreply/TheOnionRouter/TorifyHOWTO
 
 Frequently Asked Questions:
-        https://www.torproject.org/docs/faq.html
+        https://www.torproject.org/faq.html
+        https://wiki.torproject.org/noreply/TheOnionRouter/TorFAQ
 
-
-To get started working on Tor development:
-        See the doc/HACKING directory.
-
-Release timeline:
-         https://trac.torproject.org/projects/tor/wiki/org/teams/NetworkTeam/CoreTorReleases

acinclude.m4

@@ -1,8 +1,8 @@
-dnl Helper macros for Tor configure.ac
+dnl Helper macros for Tor configure.in
 dnl Copyright (c) 2001-2004, Roger Dingledine
 dnl Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson
 dnl Copyright (c) 2007-2008, Roger Dingledine, Nick Mathewson
-dnl Copyright (c) 2007-2017, The Tor Project, Inc.
+dnl Copyright (c) 2007-2012, The Tor Project, Inc.
 dnl See LICENSE for licensing information
 
 AC_DEFUN([TOR_EXTEND_CODEPATH],
@@ -42,42 +42,23 @@ AC_DEFUN([TOR_DEFINE_CODEPATH],
   AC_SUBST(TOR_LDFLAGS_$2)
 ])
 
-dnl 1: flags
-dnl 2: try to link too if this is nonempty.
-dnl 3: what to do on success compiling
-dnl 4: what to do on failure compiling
-AC_DEFUN([TOR_TRY_COMPILE_WITH_CFLAGS], [
+dnl 1:flags
+AC_DEFUN([TOR_CHECK_CFLAGS], [
   AS_VAR_PUSHDEF([VAR],[tor_cv_cflags_$1])
   AC_CACHE_CHECK([whether the compiler accepts $1], VAR, [
     tor_saved_CFLAGS="$CFLAGS"
     CFLAGS="$CFLAGS -pedantic -Werror $1"
-    AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[]], [[]])],
+    AC_TRY_COMPILE([], [return 0;],
                    [AS_VAR_SET(VAR,yes)],
                    [AS_VAR_SET(VAR,no)])
-    if test x$2 != x; then
-      AS_VAR_PUSHDEF([can_link],[tor_can_link_$1])
-      AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [[]])],
-                  [AS_VAR_SET(can_link,yes)],
-                  [AS_VAR_SET(can_link,no)])
-      AS_VAR_POPDEF([can_link])
-    fi
     CFLAGS="$tor_saved_CFLAGS"
   ])
   if test x$VAR = xyes; then
-     $3
-  else
-     $4
+    CFLAGS="$CFLAGS $1"
   fi
   AS_VAR_POPDEF([VAR])
 ])
 
-dnl 1:flags
-dnl 2:also try to link (yes: non-empty string)
-dnl   will set yes or no in $tor_can_link_$1 (as modified by AS_VAR_PUSHDEF)
-AC_DEFUN([TOR_CHECK_CFLAGS], [
-  TOR_TRY_COMPILE_WITH_CFLAGS($1, $2, CFLAGS="$CFLAGS $1", true)
-])
-
 dnl 1:flags
 dnl 2:extra ldflags
 dnl 3:extra libraries
@@ -93,7 +74,7 @@ AC_DEFUN([TOR_CHECK_LDFLAGS], [
     AC_RUN_IFELSE([AC_LANG_PROGRAM([#include <stdio.h>], [fputs("", stdout)])],
                   [AS_VAR_SET(VAR,yes)],
                   [AS_VAR_SET(VAR,no)],
-                  [AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [[]])],
+	          [AC_TRY_LINK([], [return 0;],
                                    [AS_VAR_SET(VAR,yes)],
                                    [AS_VAR_SET(VAR,no)])])
     CFLAGS="$tor_saved_CFLAGS"
@@ -113,21 +94,21 @@ if test x$2 = xdevpkg; then
   h=" headers for"
 fi
 if test -f /etc/debian_version && test x"$tor_$1_$2_debian" != x; then
-  AC_MSG_WARN([On Debian, you can install$h $1 using "apt-get install $tor_$1_$2_debian"])
+  AC_WARN([On Debian, you can install$h $1 using "apt-get install $tor_$1_$2_debian"])
   if test x"$tor_$1_$2_debian" != x"$tor_$1_devpkg_debian"; then 
-    AC_MSG_WARN([   You will probably need $tor_$1_devpkg_debian too.])
+    AC_WARN([   You will probably need $tor_$1_devpkg_debian too.])
   fi 
 fi
 if test -f /etc/fedora-release && test x"$tor_$1_$2_redhat" != x; then
-  AC_MSG_WARN([On Fedora, you can install$h $1 using "dnf install $tor_$1_$2_redhat"])
+  AC_WARN([On Fedora Core, you can install$h $1 using "yum install $tor_$1_$2_redhat"])
   if test x"$tor_$1_$2_redhat" != x"$tor_$1_devpkg_redhat"; then 
-    AC_MSG_WARN([   You will probably need to install $tor_$1_devpkg_redhat too.])
+    AC_WARN([   You will probably need to install $tor_$1_devpkg_redhat too.])
   fi 
 else
   if test -f /etc/redhat-release && test x"$tor_$1_$2_redhat" != x; then
-    AC_MSG_WARN([On most Redhat-based systems, you can get$h $1 by installing the $tor_$1_$2_redhat RPM package])
+    AC_WARN([On most Redhat-based systems, you can get$h $1 by installing the $tor_$1_$2_redhat" RPM package])
     if test x"$tor_$1_$2_redhat" != x"$tor_$1_devpkg_redhat"; then 
-      AC_MSG_WARN([   You will probably need to install $tor_$1_devpkg_redhat too.])
+      AC_WARN([   You will probably need to install $tor_$1_devpkg_redhat too.])
     fi 
   fi
 fi
@@ -147,7 +128,7 @@ dnl
 AC_DEFUN([TOR_SEARCH_LIBRARY], [
 try$1dir=""
 AC_ARG_WITH($1-dir,
-  AS_HELP_STRING(--with-$1-dir=PATH, [specify path to $1 installation]),
+  [  --with-$1-dir=PATH    Specify path to $1 installation ],
   [
      if test x$withval != xno ; then
         try$1dir="$withval"
@@ -245,10 +226,7 @@ if test "$cross_compiling" != yes; then
        LDFLAGS="$tor_tryextra $orig_LDFLAGS"
      fi
      AC_RUN_IFELSE([AC_LANG_PROGRAM([$5], [$6])],
-                   [runnable=yes], [runnable=no],
-                   [AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [[]])],
-                                   [runnable=yes],
-                                   [runnable=no])])
+                   [runnable=yes], [runnable=no])
      if test "$runnable" = yes; then
         tor_cv_library_$1_linker_option=$tor_tryextra
         break

autogen.sh

@@ -1,23 +1,13 @@
 #!/bin/sh
 
 if [ -x "`which autoreconf 2>/dev/null`" ] ; then
-  opt="-i -f -W all,error"
-
-  for i in $@; do
-    case "$i" in
-      -v)
-        opt="${opt} -v"
-        ;;
-    esac
-  done
-
-  exec autoreconf $opt
+  exec autoreconf -ivf
 fi
 
 set -e
 
 # Run this to generate all the initial makefiles, etc.
-aclocal -I m4 && \
+aclocal && \
 	autoheader && \
 	autoconf && \
 	automake --add-missing --copy

changes/.dummy

@@ -1,37 +0,0 @@
-This file is here to keep git from removing the changes directory when
-all the changes files have been merged.
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-"I'm Nobody! Who are you?
- Are you--Nobody--too?
- Then there's a pair of us!
- Don’t tell! they'd advertise--you know!
-
- How dreary--to be--Somebody!
- How public--like a Frog--
- To tell one's name--the livelong June--
- To an admiring Bog!"
-    -- Emily Dickinson
-

changes/TROVE-2018-005

@@ -1,6 +0,0 @@
-  o Major bugfixes (security, directory authority, denial-of-service):
-    - Fix a bug that could have allowed an attacker to force a
-      directory authority to use up all its RAM by passing it a
-      maliciously crafted protocol versions string. Fixes bug 25517;
-      bugfix on 0.2.9.4-alpha.  This issue is also tracked as
-      TROVE-2018-005.

changes/bug10849_023

@@ -0,0 +1,6 @@
+  o Major bugfixes:
+    - When running a hidden service, do not allow TunneledDirConns 0;
+      this will keep the hidden service from running, and also
+      make it publish its descriptors directly over HTTP. Fixes bug 10849;
+      bugfix on 0.2.1.1-alpha.
+

changes/bug11464_023

@@ -0,0 +1,5 @@
+  o Major features (security):
+    - Block authority signing keys that were used on an authorities
+      vulnerable to the "heartbleed" bug in openssl (CVE-2014-0160).
+      (We don't have any evidence that these keys _were_ compromised;
+      we're doing this to be prudent.) Resolves ticket 11464.

changes/bug11519

@@ -0,0 +1,3 @@
+  o Minor bugfixes:
+    - Avoid sending an garbage value to the controller when a circuit is
+      cannibalized. Fixes bug 11519; bugfix on 0.2.3.11-alpha.

changes/bug13100

@@ -0,0 +1,3 @@
+  o Directory authority changes:
+    - Change IP address for gabelmoo (v3 directory authority).
+

changes/bug25939

@@ -1,3 +0,0 @@
-  o Minor bugfixes (onion services):
-    - Fix a bug that blocked the creation of ephemeral v3 onion services. Fixes
-      bug 25939; bugfix on 0.3.4.1-alpha.

changes/bug26101_26102

@@ -1,5 +0,0 @@
-  o Minor bugfixes (test coverage tools):
-    - Update our "cov-diff" script to handle output from the latest
-      version of gcov, and to remove extraneous timestamp information
-      from its output. Fixes bugs 26101 and 26102; bugfix on
-      0.2.5.1-alpha.

changes/bug26116

@@ -1,7 +0,0 @@
-  o Minor bugfixes (compatibility, openssl):
-    - Work around a change in OpenSSL 1.1.1 where
-      return values that would previously indicate "no password" now
-      indicate an empty password. Without this workaround, Tor instances
-      running with OpenSSL 1.1.1 would accept descriptors that other Tor
-      instances would reject. Fixes bug 26116; bugfix on 0.2.5.16.
-      

changes/bug26121

@@ -1,6 +0,0 @@
-  o Minor bugfixes (controller):
-    - Improve accuracy of the BUILDTIMEOUT_SET control port event's
-      TIMEOUT_RATE and CLOSE_RATE fields. (We were previously miscounting
-      the total number of circuits for these field values.) Fixes bug
-      26121; bugfix on 0.3.3.1-alpha.
-

changes/bug26156

@@ -1,3 +0,0 @@
-  o Minor bugfixes (compilation):
-    - Fix compilation when building with OpenSSL 1.1.0 with the
-      "no-deprecated" flag enabled. Fixes bug 26156; bugfix on 0.3.4.1-alpha.

changes/bug26196

@@ -1,4 +0,0 @@
-  o Minor bugfixes (hardening):
-    - Prevent a possible out-of-bounds smartlist read in
-      protover_compute_vote(). Fixes bug 26196; bugfix on
-      0.2.9.4-alpha.

changes/bug26259

@@ -1,4 +0,0 @@
-  o Minor bugfixes (control port):
-    - Do not count 0-length RELAY_COMMAND_DATA cells as valid data in CIRC_BW
-      events. Previously, such cells were counted entirely in the OVERHEAD
-      field. Now they are not. Fixes bug 26259; bugfix on 0.3.4.1-alpha.

changes/bug5650

@@ -0,0 +1,5 @@
+  o Major bugfixes:
+    - Avoid a bug where our response to TLS renegotation under certain
+      network conditions could lead to a busy-loop, with 100% CPU
+      consumption. Fixes bug 5650; bugfix on 0.2.0.16-alpha.
+

changes/bug6979

@@ -0,0 +1,4 @@
+  o Minor bugfixes:
+    - Fix an assertion failure that would occur when disabling the
+      ORPort setting on a running Tor process while accounting was
+      enabled. Fixes bug 6979; bugfix on 0.2.2.18-alpha.

changes/bug7164_downgrade

@@ -0,0 +1,6 @@
+  o Minor bugfixes:
+    - Downgrade the warning severity for the the "md was still referenced 1
+      node(s)" warning. Tor 0.2.5.4-alpha has better code for trying to
+      diagnose this bug, and the current warning in earlier versions of
+      tor achieves nothing useful. Addresses warning from bug 7164.
+

changes/bug8844

@@ -0,0 +1,6 @@
+  o Major bugfixes:
+    - Prevent the get_freelists() function from running off the end of
+      the list of freelists if it somehow gets an unrecognized
+      allocation. Fixes bug 8844; bugfix on 0.2.0.16-alpha. Reported by
+      eugenis.
+

changes/bug9002

@@ -0,0 +1,4 @@
+  o Major bugfixes:
+    - Limit hidden service descriptors to at most ten introduction
+      points, to slow one kind of guard enumeration. Fixes bug 9002;
+      bugfix on 0.1.1.11-alpha.

changes/bug9017

@@ -0,0 +1,6 @@
+  o Major bugfixes:
+    - Avoid an assertion failure on OpenBSD (and perhaps other BSDs)
+      when an exit connection with optimistic data succeeds immediately
+      rather than returning EINPROGRESS. Fixes bug 9017; bugfix on
+      0.2.3.1-alpha.
+

changes/bug9063

@@ -0,0 +1,3 @@
+  o Normal bugfixes:
+    - Close any circuit that has more cells queued than the spec permits.
+      Fixes bug #9063; bugfix on 0.2.3.25.

changes/bug9063_redux

@@ -0,0 +1,15 @@
+  o Major bugfixes:
+    - When we have too much memory queued in circuits (according to a new
+      MaxMemInCellQueues option), close the circuits consuming the most
+      memory.  This prevents us from running out of memory as a relay if
+      circuits fill up faster than they can be drained.  Fixes
+      bug 9063; bugfix on the 54th commit of Tor. This bug is a further
+      fix beyond bug 6252, whose fix was merged into 0.2.3.21-rc.
+
+      Also fixes an earlier approach taken in 0.2.4.13-alpha, where we
+      tried to solve this issue simply by imposing an upper limit on the
+      number of queued cells for a single circuit.  That approach proved to
+      be problematic, since there are ways to provoke clients to send a
+      number of cells in excess of any such reasonable limit.
+      Fixes bug 9072; bugfix on 0.2.4.13-alpha.
+

changes/bug9072

@@ -0,0 +1,3 @@
+  o Critical bugfixes:
+    - Disable middle relay queue overfill detection code due to possible
+      guard discovery attack, pending further analysis.  Fixes bug #9072.

changes/bug9093

@@ -0,0 +1,7 @@
+  o Minor features:
+    - Improve the circuit queue out-of-memory handler. Previously, when
+      we ran low on memory, we'd close whichever circuits had the most
+      queued cells. Now, we close those that have the *oldest* queued
+      cells, on the theory that those are most responsible for us
+      running low on memory. Based on analysis from a forthcoming paper
+      by Jansen, Tschorsch, Johnson, and Scheuermann. Fixes bug 9093.

changes/bug9546

@@ -0,0 +1,11 @@
+  o Major bugfixes:
+
+    - When a relay is extending a circuit to a bridge, it needs to send a
+      NETINFO cell, even when the bridge hasn't sent an AUTH_CHALLENGE
+      cell. Fixes bug 9546; bugfix on 0.2.3.6-alpha.
+
+    - Bridges send AUTH_CHALLENGE cells during their handshakes; previously
+      they did not, which prevented relays from successfully connecting
+      to a bridge for self-test or bandwidth testing. Fixes bug 9546;
+      bugfix on 0.2.3.6-alpha.
+

changes/bug9564

@@ -0,0 +1,5 @@
+  o Minor bugfixes:
+    - If the time to download the next old-style networkstatus is in
+      the future, do not decline to consider whether to download the
+      next microdescriptor networkstatus. Fixes bug 9564. Bugfix on
+      0.2.3.14-alpha.

changes/bug9671_023

@@ -0,0 +1,5 @@
+  o Major bugfixes:
+    - If the circuit build timeout logic is disabled (via the consensus,
+      or because we are an authority), then don't build testing circuits.
+      Fixes bug 9657; bugfix on 0.2.2.14-alpha.
+

changes/bug9928

@@ -0,0 +1,6 @@
+  o Minor bugfixes:
+    - Avoid an off-by-one error when checking buffer boundaries when
+      formatting the exit status of a pluggable transport helper.
+      This is probably not an exploitable bug, but better safe than
+      sorry. Fixes bug 9928; bugfix on 0.2.3.18-rc. Bug found by
+      Pedro Ribeiro.

changes/disable_sslv3

@@ -0,0 +1,4 @@
+  o Major security fixes:
+    - Disable support for SSLv3. All versions of OpenSSL in use with
+      Tor today support TLS 1.0 or later, so we can safely turn off
+      support for this old (and insecure) protocol. Fixes bug 13426.

changes/doc25237

@@ -1,4 +0,0 @@
-  o Documentation:
-    - In code comment, point the reader to the exact section
-      in Tor specification that specifies circuit close error
-      code values. Resolves ticket 25237.

changes/geoip-august2013

@@ -0,0 +1,3 @@
+  o Minor features:
+    - Update to the August 7 2013 Maxmind GeoLite Country database.
+

changes/geoip-august2014

@@ -0,0 +1,3 @@
+  o Minor features:
+    - Update geoip to the August 7 2014 Maxmind GeoLite2 Country database.
+

changes/geoip-february2014

@@ -0,0 +1,3 @@
+  o Minor features:
+    - Update to the February 7 2014 Maxmind GeoLite2 Country database.
+

changes/geoip-february2014-regcountry

@@ -0,0 +1,3 @@
+  o Minor features:
+    - Fix our version of the February 7 2014 Maxmind GeoLite2 Country database.
+

changes/geoip-july2013

@@ -0,0 +1,3 @@
+  o Minor features:
+    - Update to the July 3 2013 Maxmind GeoLite Country database.
+

changes/geoip-july2014

@@ -0,0 +1,3 @@
+  o Minor features:
+    - Update geoip to the July 10 2014 Maxmind GeoLite2 Country database.
+

changes/geoip-june2013

@@ -0,0 +1,3 @@
+  o Minor features:
+    - Update to the June 5 2013 Maxmind GeoLite Country database.
+

changes/geoip-may2013

@@ -0,0 +1,3 @@
+  o Minor features:
+    - Update to the May 9 2013 Maxmind GeoLite Country database.
+

changes/geoip-october2013

@@ -0,0 +1,3 @@
+  o Minor features:
+    - Update to the October 2 2013 Maxmind GeoLite Country database.
+

changes/geoip-september2013

@@ -0,0 +1,3 @@
+  o Minor features:
+    - Update to the September 4 2013 Maxmind GeoLite Country database.
+

changes/md_leak_bug

@@ -0,0 +1,5 @@
+  o Major bugfixes (security, OOM)
+    - Fix a memory leak that could occur if a microdescriptor parse
+      fails during the tokenizing step. This could enable a memory
+      exhaustion attack by directory servers. Fixes bug #11649; bugfix
+      on 0.2.2.6-alpha.

changes/ticket25549

@@ -1,4 +0,0 @@
-  o Minor features (continuous integration):
-    - Add the necessary configuration files for continuous integration
-      testing on Windows, via the Appveyor platform. Closes ticket 25549.
-      Patches from Marcin Cieślak and Isis Lovecruft.

contrib/Makefile.am

@@ -0,0 +1,23 @@
+SUBDIRS = suse
+DIST_SUBDIRS = suse
+
+confdir = $(sysconfdir)/tor
+
+EXTRA_DIST = \
+	cross.sh				\
+	exitlist				\
+	linux-tor-prio.sh			\
+	package_nsis-mingw.sh			\
+	rc.subr					\
+	tor-ctrl.sh				\
+	tor-exit-notice.html			\
+	tor-mingw.nsi.in			\
+	tor-tsocks.conf				\
+	tor.ico					\
+	tor.nsi.in				\
+	tor.sh					\
+	torctl
+
+conf_DATA = tor-tsocks.conf
+
+bin_SCRIPTS = torify

contrib/README

@@ -1,68 +0,0 @@
-The contrib/ directory contains small tools that might be useful for using
-with Tor.  A few of them are included in the Tor source distribution; you can
-find the others in the main Tor repository.  We don't guarantee that they're
-particularly useful.
-
-dirauth-tools/ -- Tools useful for directory authority administrators
----------------------------------------------------------------------
-
-add-tor is an old script to manipulate the approved-routers file.
-
-nagios-check-tor-authority-cert is a nagios script to check when Tor
-authority certificates are expired or nearly expired.
-
-clang/ -- Files for use with the clang compiler
------------------------------------------------
-
-sanitize_blacklist.txt is used to build Tor with clang's dynamic
-AddressSanitizer and UndefinedBehaviorSanitizer. It contains detailed
-instructions on configuration, build, and testing with clang's sanitizers.
-
-client-tools/ -- Tools for use with Tor clients
------------------------------------------------
-
-torify is a small wrapper script around torsocks.
-
-tor-resolve.py uses Tor's SOCKS port extensions to perform DNS lookups.  You
-should probably use src/tools/tor-resolve instead.
-
-dist/ -- Scripts and files for use when packaging Tor
------------------------------------------------------
-
-torctl, rc.subr, and tor.sh are init scripts for use with SysV-style init
-tools.  Everybody likes to write init scripts differently, it seems.
-
-tor.service is a sample service file for use with systemd.
-
-The suse/ subdirectory contains files used by the suse distribution.
-
-operator-tools/ -- Tools for Tor relay operators
-------------------------------------------------
-
-tor-exit-notice.html is an HTML file for use with the DirPortFrontPage
-option.  It tells visitors that your relay is a Tor exit node, and that they
-shouldn't assume you're the origin for the traffic that you're delivering.
-
-tor.logrotate is a configuration file for use with the logrotate tool.  You
-may need to edit it to work for you.
-
-linux-tor-prio.sh uses Linux iptables tools to traffic-shape your Tor relay's
-traffic. If it breaks, you get to keep both pieces.
-
-or-tools/ -- Tools for interacting with relays
-----------------------------------------------
-
-checksocks.pl is a tool to scan relays to see if any of them have advertised
-public SOCKS ports, so we can tell them not to.
-
-check-tor is a quick shell script to try doing a TLS handshake with a router
-or to try fetching a directory from it.
-
-exitlist is a precursor of check.torproject.org: it parses a bunch of cached
-server descriptors to determine which can connect to a given address:port.
-
-win32build -- Old files for windows packaging
----------------------------------------------
-
-You shouldn't need these unless you're building some of the older Windows
-packages.

contrib/auto-naming/README

@@ -0,0 +1,6 @@
+Tor directory authorities may maintain a binding of server identities
+(their long term identity key) and nicknames.
+
+The auto-naming scripts have been moved to svn in
+projects/tor-naming/auto-naming/trunk/
+

contrib/bundle.nsi

@@ -0,0 +1,67 @@
+!include "MUI.nsh"
+!include "LogicLib.nsh"
+!include "FileFunc.nsh"
+  
+!define VERSION "0.2.1.13"
+!define INSTALLER "TorBundle.exe"
+!define WEBSITE "https://www.torproject.org/"
+!define LICENSE "LICENSE"
+ 
+SetCompressor /SOLID BZIP2
+RequestExecutionLevel user
+OutFile ${INSTALLER}
+InstallDir "$LOCALAPPDATA\TorInstPkgs"
+SetOverWrite on
+Name "Tor ${VERSION} Bundle"
+Caption "Tor ${VERSION} Bundle Setup"
+BrandingText "Tor Bundle Installer"
+CRCCheck on
+XPStyle on
+ShowInstDetails hide
+VIProductVersion "${VERSION}"
+VIAddVersionKey "ProductName" "Tor"
+VIAddVersionKey "Comments" "${WEBSITE}"
+VIAddVersionKey "LegalTrademarks" "Three line BSD"
+VIAddVersionKey "LegalCopyright" "©2004-2011, Roger Dingledine, Nick Mathewson, The Tor Project, Inc."
+VIAddVersionKey "FileDescription" "Tor is an implementation of Onion Routing. You can read more at ${WEBSITE}"
+VIAddVersionKey "FileVersion" "${VERSION}"
+
+!define MUI_ICON "torinst32.ico"
+!define MUI_HEADERIMAGE_BITMAP "${NSISDIR}\Contrib\Graphics\Header\win.bmp"
+!insertmacro MUI_PAGE_INSTFILES
+!insertmacro MUI_LANGUAGE "English"
+
+Section "Tor" Tor
+	SectionIn RO
+	SetOutPath $INSTDIR
+	Call ExtractPackages
+        Call RunInstallers
+	Call LaunchVidalia
+SectionEnd
+
+Function ExtractPackages
+	File "license.msi"
+	File "tor.msi"
+	File "torbutton.msi"
+	File "thandy.msi"
+	File "polipo.msi"
+	File "vidalia.msi"
+        File "tbcheck.bat"
+FunctionEnd
+
+Function RunInstallers
+	ExecWait 'msiexec /i "$INSTDIR\license.msi" /qn'
+	ExecWait 'msiexec /i "$INSTDIR\tor.msi" NOSC=1 /qn'
+	ExecWait 'msiexec /i "$INSTDIR\thandy.msi" NOSC=1 /qn'
+	ExecWait 'msiexec /i "$INSTDIR\polipo.msi" NOSC=1 /qn'
+	ExecWait 'msiexec /i "$INSTDIR\torbutton.msi" /qn'
+	ExecWait 'msiexec /i "$INSTDIR\vidalia.msi" /qn'
+        ExpandEnvStrings $0 %COMSPEC%
+        Exec '"$0" /C "$INSTDIR\tbcheck.bat"'
+FunctionEnd
+
+Function LaunchVidalia
+	SetOutPath "$LOCALAPPDATA\Programs\Vidalia"
+	Exec 'vidalia.exe -loglevel info -logfile log.txt'
+FunctionEnd
+

contrib/checkOptionDocs.pl

@@ -7,7 +7,7 @@ my %torrcSampleOptions = ();
 my %manPageOptions = ();
 
 # Load the canonical list as actually accepted by Tor.
-open(F, "@abs_top_builddir@/src/or/tor --list-torrc-options |") or die;
+open(F, "./src/or/tor --list-torrc-options |") or die;
 while (<F>) {
     next if m!\[notice\] Tor v0\.!;
     if (m!^([A-Za-z0-9_]+)!) {
@@ -34,16 +34,15 @@ sub loadTorrc {
     0;
 }
 
-loadTorrc("@abs_top_srcdir@/src/config/torrc.sample.in", \%torrcSampleOptions);
+loadTorrc("./src/config/torrc.sample.in", \%torrcSampleOptions);
 
 # Try to figure out what's in the man page.
 
 my $considerNextLine = 0;
-open(F, "@abs_top_srcdir@/doc/tor.1.txt") or die;
+open(F, "./doc/tor.1.txt") or die;
 while (<F>) {
-    if (m!^(?:\[\[([A-za-z0-9_]+)\]\] *)?\*\*([A-Za-z0-9_]+)\*\*!) {
-        $manPageOptions{$2} = 1;
-	print "Missing an anchor: $2\n" unless (defined $1 or $2 eq 'tor');
+    if (m!^\*\*([A-Za-z0-9_]+)\*\*!) {
+        $manPageOptions{$1} = 1;
     }
 }
 close F;
@@ -67,3 +66,5 @@ subtractHashes("Orphaned in torrc.sample.in", \%torrcSampleOptions, \%options);
 
 subtractHashes("Not in man page", \%options, \%manPageOptions);
 subtractHashes("Orphaned in man page", \%manPageOptions, \%options);
+
+

contrib/checkSpace.pl

@@ -0,0 +1,138 @@
+#!/usr/bin/perl -w
+
+if ($ARGV[0] =~ /^-/) {
+    $lang = shift @ARGV;
+    $C = ($lang eq '-C');
+#    $TXT = ($lang eq '-txt');
+}
+
+for $fn (@ARGV) {
+    open(F, "$fn");
+    $lastnil = 0;
+    $lastline = "";
+    $incomment = 0;
+    while (<F>) {
+        ## Warn about windows-style newlines.
+        if (/\r/) {
+            print "       CR:$fn:$.\n";
+        }
+        ## Warn about tabs.
+        if (/\t/) {
+            print "      TAB:$fn:$.\n";
+        }
+        ## Warn about markers that don't have a space in front of them
+        if (/^[a-zA-Z_][a-zA-Z_0-9]*:/) {
+            print "nosplabel:$fn:$.\n";
+        }
+        ## Warn about trailing whitespace.
+        if (/ +$/) {
+            print "Space\@EOL:$fn:$.\n";
+        }
+        ## Warn about control keywords without following space.
+        if ($C && /\s(?:if|while|for|switch)\(/) {
+            print "      KW(:$fn:$.\n";
+        }
+        ## Warn about #else #if instead of #elif.
+        if (($lastline =~ /^\# *else/) and ($_ =~ /^\# *if/)) {
+            print " #else#if:$fn:$.\n";
+        }
+        ## Warn about some K&R violations
+        if (/^\s+\{/ and $lastline =~ /^\s*(if|while|for|else if)/ and
+	    $lastline !~ /\{$/) {
+            print "non-K&R {:$fn:$.\n";
+	}
+        if (/^\s*else/ and $lastline =~ /\}$/) {
+	    print "  }\\nelse:$fn:$.\n";
+	}
+        $lastline = $_;
+        ## Warn about unnecessary empty lines.
+        if ($lastnil && /^\s*}\n/) {
+            print "  UnnecNL:$fn:$.\n";
+        }
+        ## Warn about multiple empty lines.
+        if ($lastnil && /^$/) {
+            print " DoubleNL:$fn:$.\n";
+        } elsif (/^$/) {
+            $lastnil = 1;
+        } else {
+            $lastnil = 0;
+        }
+        ## Terminals are still 80 columns wide in my world.  I refuse to
+        ## accept double-line lines.
+        if (/^.{80}/) {
+            print "     Wide:$fn:$.\n";
+        }
+        ### Juju to skip over comments and strings, since the tests
+        ### we're about to do are okay there.
+        if ($C) {
+            if ($incomment) {
+                if (m!\*/!) {
+                    s!.*?\*/!!;
+                    $incomment = 0;
+                } else {
+                    next;
+                }
+            }
+            if (m!/\*.*?\*/!) {
+                s!\s*/\*.*?\*/!!;
+            } elsif (m!/\*!) {
+                s!\s*/\*!!;
+                $incomment = 1;
+                next;
+            }
+            s!"(?:[^\"]+|\\.)*"!"X"!g;
+            next if /^\#/;
+            ## Warn about C++-style comments.
+            if (m!//!) {
+                #    print "       //:$fn:$.\n";
+                s!//.*!!;
+            }
+            ## Warn about unquoted braces preceded by non-space.
+            if (/([^\s'])\{/) {
+                print "       $1\{:$fn:$.\n";
+            }
+            ## Warn about multiple internal spaces.
+            #if (/[^\s,:]\s{2,}[^\s\\=]/) {
+            #    print "     X  X:$fn:$.\n";
+            #}
+            ## Warn about { with stuff after.
+            #s/\s+$//;
+            #if (/\{[^\}\\]+$/) {
+            #    print "     {X:$fn:$.\n";
+            #}
+            ## Warn about function calls with space before parens.
+            if (/(\w+)\s\(([A-Z]*)/) {
+                if ($1 ne "if" and $1 ne "while" and $1 ne "for" and
+                    $1 ne "switch" and $1 ne "return" and $1 ne "int" and
+                    $1 ne "elsif" and $1 ne "WINAPI" and $2 ne "WINAPI" and
+                    $1 ne "void" and $1 ne "__attribute__" and $1 ne "op") {
+                    print "     fn ():$fn:$.\n";
+                }
+            }
+            ## Warn about functions not declared at start of line.
+            if ($in_func_head ||
+                ($fn !~ /\.h$/ && /^[a-zA-Z0-9_]/ &&
+                 ! /^(?:const |static )*(?:typedef|struct|union)[^\(]*$/ &&
+                 ! /= *\{$/ && ! /;$/)) {
+                if (/.\{$/){
+                    print "fn() {:$fn:$.\n";
+                    $in_func_head = 0;
+                } elsif (/^\S[^\(]* +\**[a-zA-Z0-9_]+\(/) {
+                    $in_func_head = -1; # started with tp fn
+                } elsif (/;$/) {
+                    $in_func_head = 0;
+                } elsif (/\{/) {
+                    if ($in_func_head == -1) {
+                        print "tp fn():$fn:$.\n";
+                    }
+                    $in_func_head = 0;
+                }
+            }
+        }
+    }
+    if (! $lastnil) {
+        print "  EOL\@EOF:$fn:$.\n";
+    }
+    close(F);
+}
+

contrib/clang/sanitize_blacklist.txt

@@ -1,103 +0,0 @@
-# clang sanitizer special case list
-# syntax specified in http://clang.llvm.org/docs/SanitizerSpecialCaseList.html
-# for more info see http://clang.llvm.org/docs/AddressSanitizer.html
-
-#
-# Tor notes: This file is obsolete!
-#
-# It was necessary in order to apply the sanitizers to all of tor.  But
-# we don't believe that's a good idea: some parts of tor need constant-time
-# behavior that is hard to guarantee with these sanitizers.
-#
-# If you need this behavior, then please consider --enable-expensive-hardening,
-# and report bugs as needed.
-#
-
-# usage:
-# 1. configure tor build:
-#    ./configure \
-#    CC=clang \
-#    CFLAGS="-fsanitize-blacklist=contrib/clang/sanitize_blacklist.txt -fsanitize=undefined -fsanitize=address -fno-sanitize-recover=all -fno-omit-frame-pointer -fno-optimize-sibling-calls -fno-inline" \
-#    LDFLAGS="-fsanitize=address" \
-#    --disable-gcc-hardening
-# and any other flags required to build tor on your OS.
-#
-# 2. build tor:
-#    make
-#
-# 3. test tor:
-#    ASAN_OPTIONS=allow_user_segv_handler=1 make test
-#    ASAN_OPTIONS=allow_user_segv_handler=1 make check
-#    make test-network # requires chutney
-#
-# 4. the tor binary is now instrumented with clang sanitizers,
-#    and can be run just like a standard tor binary
-
-# Compatibility:
-# This blacklist has been tested with clang 3.7's UndefinedBehaviorSanitizer
-# and AddressSanitizer on OS X 10.10 Yosemite, with all tests passing
-# on both x86_64 and i386 (using CC="clang -arch i386")
-# It has not been tested with ThreadSanitizer or MemorySanitizer
-# Success report and patches for other sanitizers or OSs are welcome
-
-# ccache and make don't account for the sanitizer blacklist as a dependency
-# you might need to set CCACHE_DISABLE=1 and/or use make clean to workaround
-
-# Configuration Flags:
-# -fno-sanitize-recover=all
-# causes clang to crash on undefined behavior, rather than printing
-# a warning and continuing (the AddressSanitizer always crashes)
-# -fno-omit-frame-pointer -fno-optimize-sibling-calls -fno-inline
-# make clang backtraces easier to read
-# --disable-gcc-hardening
-# disables warnings about the redefinition of _FORTIFY_SOURCE
-# (it conflicts with the sanitizers)
-
-# Turning the sanitizers off for particular functions:
-# (Unfortunately, exempting functions doesn't work for the blacklisted
-# functions below, and we can't turn the code off because it's essential)
-#
-# #if defined(__has_feature)
-# #if __has_feature(address_sanitizer)
-# /* tell clang AddressSanitizer not to instrument this function */
-# #define NOASAN __attribute__((no_sanitize_address))
-# #define _CLANG_ASAN_
-# #else
-# #define NOASAN
-# #endif
-# #else
-# #define NOASAN
-# #endif
-#
-# /* Telling AddressSanitizer to not instrument a function */
-# void func(void) NOASAN;
-#
-# /* Including or excluding sections of code */
-# #ifdef _CLANG_ASAN_
-# /* code that only runs under address sanitizer */
-# #else
-# /* code that doesn't run under address sanitizer */
-# #endif
-
-# Blacklist Entries:
-
-# test-memwipe.c checks if a freed buffer was properly wiped
-fun:vmemeq
-fun:check_a_buffer
-
-# we need to allow the tor bt handler to catch SIGSEGV
-# otherwise address sanitizer munges the expected output and the test fails
-# we can do this by setting an environmental variable
-# See https://code.google.com/p/address-sanitizer/wiki/Flags
-# ASAN_OPTIONS=allow_user_segv_handler=1
-
-# test_bt_cl.c stores to a NULL pointer to trigger a crash
-fun:crash
-
-# curve25519-donna.c left-shifts 1 bits into and past the sign bit of signed
-# integers. Until #13538 is resolved, we exempt functions that do left shifts.
-# Note that x86_64 uses curve25519-donna-c64.c instead of curve25519-donna.c
-fun:freduce_coefficients
-fun:freduce_degree
-fun:s32_eq
-fun:fcontract

contrib/cross.sh

@@ -0,0 +1,195 @@
+#!/bin/bash
+# Copyright 2006 Michael Mohr with modifications by Roger Dingledine
+# See LICENSE for licensing information.
+
+#######################################################################
+#  Tor-cross: a tool to help cross-compile Tor
+#
+#  The purpose of a cross-compiler is to produce an executable for
+#  one system (CPU) on another.  This is useful, for example, when
+#  the target system does not have a native compiler available.
+#  You might, for example, wish to cross-compile a program on your
+#  host (the computer you're working on now) for a target such as
+#  a router or handheld computer.
+#
+#  A number of environment variables must be set in order for this
+#  script to work:
+#        $PREFIX, $CROSSPATH, $HOST_TRIPLET, $HOST,
+#        and (optionally) $BUILD
+#  Please run the script for a description of each one.  If automated
+#  builds are desired, the above variables can be exported at the top
+#  of this script.
+#
+#  Recent releases of Tor include test programs in configure. Normally
+#  this is a good thing, since it catches a number of problems.
+#  However, this also presents a problem when cross compiling, since
+#  you can't run binary images for the target system on the host.
+#
+#  Tor-cross assumes that you know what you're doing and removes a
+#  number of checks known to cause problems with this process.
+#  Note that this does not guarantee that the program will run or
+#  even compile; it simply allows configure to generate the Makefiles.
+#
+#  Stripping the binaries should almost always be done for an
+#  embedded environment where space is at an exacting premium.
+#  However, the default is NOT to strip them since they are useful for
+#  debugging.  If you do not plan to do any debugging and you
+#  don't care about the debugging symbols, set $STRIP to "yes" before
+#  running this script.
+#
+#  Tor-cross was written by Michael Mohr.  He can be contacted at
+#  m(dot)mohr(at)laposte(dot)net.  Comments are appreciated, but
+#  flames go to /dev/null.
+#
+#  The target with which this script is tested is little-endian
+#  MIPS Linux, built on an Athlon-based Linux desktop.
+#
+#######################################################################
+
+# disable the platform-specific tests in configure
+export CROSS_COMPILE=yes
+
+# for error conditions
+EXITVAL=0
+
+if [ ! -f autogen.sh ]
+then
+  echo "Please run this script from the root of the Tor distribution"
+  exit -1
+fi
+
+if [ ! -f configure ]
+then
+  if [ -z $GEN_BUILD ]
+  then
+    echo "To automatically generate the build environment, set \$GEN_BUILD"
+    echo "to yes; for example,"
+    echo "	export GEN_BUILD=yes"
+    EXITVAL=-1
+  fi
+fi
+
+if [ -z $PREFIX ]
+then
+  echo "You must define \$PREFIX since you are cross-compiling."
+  echo "Select a non-system location (i.e. /tmp/tor-cross):"
+  echo "	export PREFIX=/tmp/tor-cross"
+  EXITVAL=-1
+fi
+
+if [ -z $CROSSPATH ]
+then
+  echo "You must define the location of your cross-compiler's"
+  echo "directory using \$CROSSPATH; for example,"
+  echo "	export CROSSPATH=/opt/cross/staging_dir_mipsel/bin"
+  EXITVAL=-1
+fi
+
+if [ -z $HOST_TRIPLET ]
+then
+  echo "You must define \$HOST_TRIPLET to continue.  For example,"
+  echo "if you normally cross-compile applications using"
+  echo "mipsel-linux-uclibc-gcc, you would set \$HOST_TRIPLET like so:"
+  echo "	export HOST_TRIPLET=mipsel-linux-uclibc-"
+  EXITVAL=-1
+fi
+
+if [ -z $HOST ]
+then
+  echo "You must specify a target processor with \$HOST; for example:"
+  echo "	export HOST=mipsel-unknown-elf"
+  EXITVAL=-1
+fi
+
+if [ -z $BUILD ]
+then
+  echo "You should specify the host machine's type with \$BUILD; for example:"
+  echo "	export BUILD=i686-pc-linux-gnu"
+  echo "If you wish to let configure autodetect the host, set \$BUILD to 'auto':"
+  echo "	export BUILD=auto"
+  EXITVAL=-1
+fi
+
+if [ ! -x $CROSSPATH/$HOST_TRIPLETgcc ]
+then
+  echo "The specified toolchain does not contain an executable C compiler."
+  echo "Please double-check your settings and rerun cross.sh."
+  EXITVAL=-1
+fi
+
+if [ $EXITVAL -ne 0 ]
+then
+  echo "Remember, you can hard-code these values in cross.sh if needed."
+  exit $EXITVAL
+fi
+
+if [ ! -z "$GEN_BUILD" -a ! -f configure ]
+then
+  export NOCONF=yes
+  ./autogen.sh
+fi
+
+# clean up any existing object files
+if [ -f src/or/tor ]
+then
+  make clean
+fi
+
+# Set up the build environment and try to run configure
+export PATH=$PATH:$CROSSPATH
+export RANLIB=${HOST_TRIPLET}ranlib
+export CC=${HOST_TRIPLET}gcc
+
+if [ $BUILD == "auto" ]
+then
+  ./configure \
+	--enable-debug \
+	--enable-eventdns \
+	--prefix=$PREFIX \
+	--host=$HOST
+else
+  ./configure \
+	--enable-debug \
+	--enable-eventdns \
+	--prefix=$PREFIX \
+	--host=$HOST \
+	--build=$BUILD
+fi
+
+# has a problem occurred?
+if [ $? -ne 0 ]
+then
+  echo ""
+  echo "A problem has been detected with configure."
+  echo "Please check the output above and rerun cross.sh"
+  echo ""
+  exit -1
+fi
+
+# Now we're cookin'
+
+make
+
+# has a problem occurred?
+if [ $? -ne 0 ]
+then
+  echo ""
+  echo "A problem has been detected with make."
+  echo "Please check the output above and rerun make."
+  echo ""
+  exit -1
+fi
+
+# if $STRIP has length (i.e. STRIP=yes), strip the binaries
+if [ ! -z $STRIP ]
+then
+${HOST_TRIPLET}strip \
+	src/or/tor \
+	src/test/test \
+	src/tools/tor-resolve
+fi
+
+echo ""
+echo "Tor should be compiled at this point.  Now run 'make install' to"
+echo "install to $PREFIX"
+echo ""

contrib/directory-archive/crontab.sample

@@ -0,0 +1,3 @@
+10 * * * * cd projects/tor-v2dir && ./fetch-all-v3
+40 * * * * cd projects/tor-v2dir && ./fetch-all
+15 3 6 * * cd projects/tor-v2dir && ./sort-into-month-folder > /dev/null && ./tar-them-up last > /dev/null

contrib/directory-archive/fetch-all

@@ -0,0 +1,77 @@
+#!/bin/bash
+
+# Download all current v2 directory status documents, then download
+# the descriptors and extra info documents.
+
+# Copyright (c) 2005, 2006, 2007, 2008 Peter Palfrader
+#
+# Permission is hereby granted, free of charge, to any person obtaining a copy
+# of this software and associated documentation files (the "Software"), to deal
+# in the Software without restriction, including without limitation the rights
+# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+# copies of the Software, and to permit persons to whom the Software is
+# furnished to do so, subject to the following conditions:
+#
+# The above copyright notice and this permission notice shall be included in
+# all copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+# SOFTWARE.
+
+TZ=UTC
+export TZ
+
+DIRSERVERS=""
+DIRSERVERS="$DIRSERVERS 86.59.21.38:80"		# tor26
+DIRSERVERS="$DIRSERVERS 128.31.0.34:9031"	# moria1
+DIRSERVERS="$DIRSERVERS 128.31.0.34:9032"	# moria2
+DIRSERVERS="$DIRSERVERS 194.109.206.212:80"	# dizum
+
+DATEDIR=$(date "+%Y/%m/%d")
+TIME=$(date "+%Y%m%d-%H%M%S")
+
+. fetch-all-functions
+
+statuses=""
+for dirserver in $DIRSERVERS; do
+	authorities=$(wget -q -O - http://$dirserver/tor/status/all | egrep '^fingerprint ' | awk '{print $2}')
+	if [ "$authorities" == "" ]; then
+		echo "Did not get a list of authorities from $dirserver, going to next" 2>&1
+		continue
+	fi
+
+	dir="status/$DATEDIR"
+	[ -d "$dir" ] || mkdir -p "$dir"
+
+	authprefix="$dir/$TIME-"
+	for fp in $authorities; do
+		wget -q -O "$authprefix$fp" http://$dirserver/tor/status/fp/"$fp"
+		bzip2 "$authprefix$fp"
+		statuses="$statuses $authprefix$fp.bz2"
+	done
+	if [ "$statuses" == "" ]; then
+		echo "Did not get any statuses from $dirserver, going to next" 2>&1
+		continue
+	else
+		break
+	fi
+done
+
+if [ "$statuses" = "" ]; then
+	echo "No statuses available" 2>&1
+	exit 1
+fi
+
+digests=$( for i in ` bzcat $statuses | awk '$1 == "r" {printf "%s=\n", $4}' | sort -u `; do
+		echo $i | \
+		base64-decode | \
+		perl -e 'undef $/; $a=<>; print unpack("H\*", $a),"\n";';
+	done )
+for digest in $digests; do
+	fetch_digest "$digest" "server-descriptor"
+done

contrib/directory-archive/fetch-all-functions

@@ -0,0 +1,82 @@
+#!/bin/bash
+
+# function used by fetch-all* to download server descriptors and
+# extra info documents
+
+# Copyright (c) 2005, 2006, 2007, 2008 Peter Palfrader
+#
+# Permission is hereby granted, free of charge, to any person obtaining a copy
+# of this software and associated documentation files (the "Software"), to deal
+# in the Software without restriction, including without limitation the rights
+# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+# copies of the Software, and to permit persons to whom the Software is
+# furnished to do so, subject to the following conditions:
+#
+# The above copyright notice and this permission notice shall be included in
+# all copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+# SOFTWARE.
+
+
+fetch_digest() {
+	local digest
+	local objecttype
+	local urlpart
+	local pathpart
+	local target
+	local targetdir
+	local dirserver
+	local ei
+
+	digest="$1"
+	objecttype="$2"
+	if [ "$objecttype" = "server-descriptor" ] ; then
+		urlpart="server"
+		pathpart="server-descriptor"
+	elif [ "$objecttype" = "extra-info" ] ; then
+		urlpart="extra"
+		pathpart="extra-info"
+	else
+		echo "Called fetch_digest with illegal objecttype '$objecttype'" >&2
+		exit 1
+	fi
+	target=$( echo $digest | sed -e 's#^\(.\)\(.\)#'"$pathpart"'/\1/\2/\1\2#' )
+	targetdir=$( dirname $target )
+	[ -d "$targetdir" ] || mkdir -p "$targetdir"
+	if ! [ -e "$target" ]; then
+		for dirserver in $DIRSERVERS; do
+			wget -q -O "$target" http://$dirserver/tor/$urlpart/d/"$digest" || rm -f "$target"
+			if [ -s "$target" ]; then
+				if egrep '^opt extra-info-digest ' "$target" > /dev/null; then
+					ei=$( egrep '^opt extra-info-digest ' "$target" | awk '{print $3}' | tr 'A-F' 'a-f' )
+					fetch_digest "$ei" "extra-info"
+				elif egrep '^extra-info-digest ' "$target" > /dev/null; then
+					ei=$( egrep '^extra-info-digest ' "$target" | awk '{print $2}' | tr 'A-F' 'a-f' )
+					fetch_digest "$ei" "extra-info"
+				fi
+				break
+			else
+				rm -f "$target"
+			fi
+		done
+	fi
+	#if ! [ -e "$target" ]; then
+	#	echo "$objecttype $digest" >> failed
+	#fi
+}
+
+if [ -x /usr/bin/base64 ] ; then
+	base64-decode() {
+		/usr/bin/base64 -d
+	}
+else
+	base64-decode() {
+		perl -MMIME::Base64 -e 'print decode_base64(<>)'
+	}
+fi

contrib/directory-archive/fetch-all-v3

@@ -0,0 +1,111 @@
+#!/bin/bash
+
+# Download all current v3 directory status votes and the consensus document,
+# then download the descriptors and extra info documents.
+
+# Copyright (c) 2005, 2006, 2007, 2008 Peter Palfrader
+#
+# Permission is hereby granted, free of charge, to any person obtaining a copy
+# of this software and associated documentation files (the "Software"), to deal
+# in the Software without restriction, including without limitation the rights
+# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+# copies of the Software, and to permit persons to whom the Software is
+# furnished to do so, subject to the following conditions:
+#
+# The above copyright notice and this permission notice shall be included in
+# all copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+# SOFTWARE.
+
+TZ=UTC
+export TZ
+
+DIRSERVERS=""
+DIRSERVERS="$DIRSERVERS 86.59.21.38:80"		# tor26
+DIRSERVERS="$DIRSERVERS 128.31.0.34:9031"	# moria1
+DIRSERVERS="$DIRSERVERS 216.224.124.114:9030"	# ides
+DIRSERVERS="$DIRSERVERS 80.190.246.100:80"	# gabelmoo
+#DIRSERVERS="$DIRSERVERS 140.247.60.64:80"	# lefkada
+DIRSERVERS="$DIRSERVERS 194.109.206.212:80"	# dizum
+#DIRSERVERS="$DIRSERVERS 128.31.0.34:9032"	# moria2
+DIRSERVERS="$DIRSERVERS 213.73.91.31:80"	# dannenberg
+DIRSERVERS="$DIRSERVERS 208.83.223.34:443"	# urras
+TIME=$(date "+%Y%m%d-%H%M%S")
+
+. fetch-all-functions
+
+consensus=""
+tmpdir="consensus/tmp"
+[ -d "$tmpdir" ] || mkdir -p "$tmpdir"
+for dirserver in $DIRSERVERS; do
+	wget -q -O "$tmpdir/$TIME-consensus" http://$dirserver/tor/status-vote/current/consensus
+	if [ "$?" != 0 ]; then
+		rm -f "$tmpdir/$TIME-consensus"
+		continue
+	fi
+
+	freshconsensus="$tmpdir/$TIME-consensus"
+
+	timestamp=$(awk '$1=="valid-after" {printf "%s-%s", $2, $3}' < "$freshconsensus")
+	datedir=$(awk '$1=="valid-after" {printf "%s", $2}' < "$freshconsensus" | tr '-' '/')
+	dir="consensus/$datedir"
+	[ -d "$dir" ] || mkdir -p "$dir"
+
+
+	consensus="$dir/$timestamp-consensus.bz2"
+	if ! [ -e "$consensus" ]; then
+		# the consensus is new, or at least we don't have it yet
+		bzip2 "$freshconsensus"
+		mv "$freshconsensus.bz2" "$consensus"
+		break
+	fi
+
+	rm -f "$freshconsensus"
+	echo "Consensus from $timestamp (gotten from $dirserver) already exists!" >&2
+	# maybe there is a newer one on a different authority, so try again.
+done
+
+if [ "$consensus" = "" ]; then
+	echo "No consensus available" 2>&1
+	exit 1
+fi
+
+
+votes=$(bzcat $consensus | awk '$1 == "vote-digest" {print $2}')
+for vote in $votes; do
+	for dirserver in $DIRSERVERS; do
+		wget -q -O "$dir/$TIME-vote-$vote" http://$dirserver/tor/status-vote/current/d/$vote
+		if [ "$?" != 0 ]; then
+			rm -f "$dir/$TIME-vote-$vote"
+			continue
+		fi
+		break
+	done
+	if [ -e "$dir/$TIME-vote-$vote" ]; then
+		voteridentity=$(awk '$1=="fingerprint" {print $2}' < "$dir/$TIME-vote-$vote")
+		if [ -e "$dir/$timestamp-vote-$voteridentity-$vote.bz2" ]; then
+			echo "Vote $vote from $voteridentity already exists!" >&2
+			rm -f "$dir/$TIME-vote-$vote"
+			continue;
+		fi
+		mv "$dir/$TIME-vote-$vote"  "$dir/$timestamp-vote-$voteridentity-$vote"
+		bzip2 "$dir/$timestamp-vote-$voteridentity-$vote"
+	else
+		echo "Failed to get vote $vote!" >&2
+	fi
+done
+
+digests=$( for i in ` bzcat $consensus | awk '$1 == "r" {printf "%s=\n", $4}' | sort -u `; do
+		echo $i | \
+		base64-decode | \
+		perl -e 'undef $/; $a=<>; print unpack("H\*", $a),"\n";';
+	done )
+for digest in $digests; do
+	fetch_digest "$digest" "server-descriptor"
+done

contrib/directory-archive/sort-into-month-folder

@@ -0,0 +1,74 @@
+#!/usr/bin/perl -w
+
+# Sort dumped consensuses, statuses, descriptors etc into per-month folders.
+
+# Copyright (c) 2006, 2007, 2008 Peter Palfrader
+#
+# Permission is hereby granted, free of charge, to any person obtaining a copy
+# of this software and associated documentation files (the "Software"), to deal
+# in the Software without restriction, including without limitation the rights
+# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+# copies of the Software, and to permit persons to whom the Software is
+# furnished to do so, subject to the following conditions:
+#
+# The above copyright notice and this permission notice shall be included in
+# all copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+# SOFTWARE.
+
+use strict;
+use File::Find;
+use File::Basename;
+use File::stat;
+use Time::Local;
+
+
+my $cutofftime;
+
+
+sub wanted() {
+	return unless -f;
+	my $mtime = stat($_)->mtime;
+	return if $mtime >= $cutofftime;
+
+	my (undef,undef,undef,undef,$mon,$year,undef,undef,undef) = gmtime $mtime;
+
+	my $bn = basename $_;
+	my $dn = dirname $_;
+	my @path = split /\//, $dn;
+	$path[0] .= sprintf 's-%4d-%02d', 1900+$year, $mon+1;
+	$dn = join '/', @path;
+
+	if (! -d $dn) {
+		my $p = '.';
+		for my $component (@path) {
+			$p .= '/'.$component;
+			if (! -d $p) {
+				mkdir $p or die ("Cannot mkdir $p: $!\n");
+			};
+		};
+	};
+
+	print "$_ -> $dn/$bn\n";
+	rename $_, $dn.'/'.$bn or die ("Cannot rename $_ to $dn/$bn: $!\n");
+};
+
+my (undef,undef,undef,undef,$mon,$year,undef,undef,undef) = gmtime(time - 5*24*3600);
+$cutofftime = timegm(0,0,0,1,$mon,$year);
+find(	{
+		wanted		=> \&wanted,
+		no_chdir	=> 1
+	},
+	'server-descriptor');
+
+find(	{
+		wanted		=> \&wanted,
+		no_chdir	=> 1
+	},
+	'extra-info');

contrib/directory-archive/tar-them-up

@@ -0,0 +1,127 @@
+#!/bin/sh
+
+# Tar up dumped consensuses, statuses, descriptors etc from per-month folders
+# into per-month tarballs.
+
+# Copyright (c) 2006, 2007, 2008 Peter Palfrader
+#
+# Permission is hereby granted, free of charge, to any person obtaining a copy
+# of this software and associated documentation files (the "Software"), to deal
+# in the Software without restriction, including without limitation the rights
+# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+# copies of the Software, and to permit persons to whom the Software is
+# furnished to do so, subject to the following conditions:
+#
+# The above copyright notice and this permission notice shall be included in
+# all copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+# SOFTWARE.
+
+set -e
+set -x
+set -u
+
+usage() {
+	echo "Usage: $0 <year> <month>" >&2
+	echo "       $0 last            (does last month)" >&2
+	exit 1
+}
+
+if [ -z "${1:-}" ]; then
+	usage
+fi
+
+if [ "$1" = "last" ]; then
+	year=`date --date="last month" +'%Y'`
+	month=`date --date="last month" +'%m'`
+elif [ -z "${2:-}" ]; then
+	usage
+else
+	year="$1"
+	month="$2"
+fi
+
+if [ "$year" -lt 2000 ] || [ "$year" -gt 2020 ] ||
+   [ "$month" -lt 1 ] || [ "$month" -gt 12 ] ||
+   [ "`echo -n $month | wc -c`" != 2 ]; then
+	usage
+fi
+
+
+this_year=`date --utc +'%Y'`
+this_month=`date --utc +'%m'`
+
+if [ "`date -d $this_year-$this_month-01 +%s`" -le "`date -d $year-$month-01 +%s`" ]; then
+	echo "Date in the future or current month?" >&2
+	exit 1
+fi
+
+
+
+
+
+for file in \
+	"extra-infos-$year-$month.tar.bz2"		\
+	"server-descriptors-$year-$month.tar.bz2"	\
+	"consensuses-$year-$month.tar.bz2"		\
+	"statuses-$year-$month.tar.bz2"			\
+	; do
+	if [ -e "$file" ]; then
+		echo "$file already exists" >&2
+		exit 1
+	fi
+done
+
+for dir in \
+	"extra-infos-$year-$month"		\
+	"server-descriptors-$year-$month"	\
+	"consensus/$year/$month"		\
+	"status/$year/$month"			\
+	; do
+	if ! [ -d "$dir" ]; then
+		echo "$dir not found" >&2
+		exit 1
+	fi
+done
+
+for dir in \
+	"consensuses-$year-$month"		\
+	"statuses-$year-$month"			\
+	; do
+	if [ -e "$dir" ]; then
+		echo "$dir already exists" >&2
+		exit 1
+	fi
+done
+
+for kind in consensus status; do
+	mv "$kind"/$year/$month "$kind"es-$year-$month
+	find "$kind"es-$year-$month -type f -name '*.bz2' -print0 | xargs -0 bunzip2 -v
+	tar cjvf "$kind"es-$year-$month.tar.bz2 "$kind"es-$year-$month
+	rm -rf "$kind"es-$year-$month
+done
+
+for kind in extra-infos server-descriptors; do
+	tar cjvf "$kind"-$year-$month.tar.bz2 "$kind"-$year-$month
+	rm -rf "$kind"-$year-$month
+done
+
+
+
+[ -d Archive ] || mkdir Archive
+
+for kind in consensus status; do
+	t="$kind"es-$year-$month.tar.bz2
+	! [ -e Archive/"$t" ] && mv "$t" Archive/"$t"
+done
+
+for kind in extra-infos server-descriptors; do
+	t="$kind"-$year-$month.tar.bz2
+	! [ -e Archive/"$t" ] && mv "$t" Archive/"$t"
+done

contrib/dist/tor.service.in

@@ -1,35 +0,0 @@
-# tor.service -- this systemd configuration file for Tor sets up a
-# relatively conservative, hardened Tor service.  You may need to
-# edit it if you are making changes to your Tor configuration that it
-# does not allow.  Package maintainers: this should be a starting point
-# for your tor.service; it is not the last point.
-
-[Unit]
-Description=Anonymizing overlay network for TCP
-After=syslog.target network.target nss-lookup.target
-
-[Service]
-Type=notify
-NotifyAccess=all
-ExecStartPre=@BINDIR@/tor -f @CONFDIR@/torrc --verify-config
-ExecStart=@BINDIR@/tor -f @CONFDIR@/torrc
-ExecReload=/bin/kill -HUP ${MAINPID}
-KillSignal=SIGINT
-TimeoutSec=30
-Restart=on-failure
-WatchdogSec=1m
-LimitNOFILE=32768
-
-# Hardening
-PrivateTmp=yes
-PrivateDevices=yes
-ProtectHome=yes
-ProtectSystem=full
-ReadOnlyDirectories=/
-ReadWriteDirectories=-@LOCALSTATEDIR@/lib/tor
-ReadWriteDirectories=-@LOCALSTATEDIR@/log/tor
-NoNewPrivileges=yes
-CapabilityBoundingSet=CAP_SETUID CAP_SETGID CAP_NET_BIND_SERVICE
-
-[Install]
-WantedBy=multi-user.target

contrib/findMergedChanges.pl

@@ -8,7 +8,7 @@ sub nChanges {
     local *F;
     # requires perl 5.8.  Avoids shell issues if we ever get a changes
     # file named by the parents of Little Johnny Tables.
-    open F, "-|", "git", "log", "--no-merges", "--pretty=format:%H", $branches, "--", $fname
+    open F, "-|", "git", "log", "--pretty=format:%H", $branches, "--", $fname
 	or die "$!";
     my @changes = <F>;
     return scalar @changes
@@ -19,15 +19,15 @@ my $look_for_type = "merged";
 if (! @ARGV) {
     print <<EOF
 Usage:
-   findMergedChanges.pl [--merged/--unmerged/--weird/--list] [--branch=<branchname] [--head=<branchname>] changes/*
+   findMergedChanges.pl [--merged/--unmerged/--weird/--list] changes/*
 
-A change is "merged" if it has ever been merged to release-0.2.4 and it has had
+A change is "merged" if it has ever been merged to release-0.2.2 and it has had
 no subsequent changes in master.
 
-A change is "unmerged" if it has never been merged to release-0.2.4 and it
+A change is "unmerged" if it has never been merged to release-0.2.2 and it
 has had changes in master.
 
-A change is "weird" if it has been merged to release-0.2.4 and it *has* had
+A change is "weird" if it has been merged to release-0.2.2 and it *has* had
 subsequent changes in master.
 
 Suggested application:
@@ -36,8 +36,7 @@ Suggested application:
 EOF
 }
 
-my $target_branch = "origin/release-0.2.4";
-my $head = "origin/master";
+my $target_branch = "origin/release-0.2.2";
 
 while (@ARGV and $ARGV[0] =~ /^--/) {
     my $flag = shift @ARGV;
@@ -45,8 +44,6 @@ while (@ARGV and $ARGV[0] =~ /^--/) {
 	$look_for_type = $1;
     } elsif ($flag =~ /^--branch=(\S+)/) {
         $target_branch = $1;
-    } elsif ($flag =~ /^--head=(\S+)/) {
-        $head = $1;
     } else {
 	die "Unrecognized flag $flag";
     }
@@ -54,7 +51,7 @@ while (@ARGV and $ARGV[0] =~ /^--/) {
 
 for my $changefile (@ARGV) {
     my $n_merged = nChanges($target_branch, $changefile);
-    my $n_postmerged = nChanges("${target_branch}..${head}", $changefile);
+    my $n_postmerged = nChanges("${target_branch}..origin/master", $changefile);
     my $type;
 
     if ($n_merged != 0 and $n_postmerged == 0) {

contrib/id_to_fp.c

@@ -0,0 +1,77 @@
+/* Copyright 2006 Nick Mathewson; see LICENSE for licensing information */
+
+/* id_to_fp.c : Helper for directory authority ops.  When somebody sends us
+ * a private key, this utility converts the private key into a fingerprint
+ * so you can de-list that fingerprint.
+ */
+
+#include <openssl/rsa.h>
+#include <openssl/bio.h>
+#include <openssl/sha.h>
+#include <openssl/pem.h>
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#define die(s) do { fprintf(stderr, "%s\n", s); goto err; } while (0)
+
+int
+main(int argc, char **argv)
+{
+  BIO *b = NULL;
+  RSA *key = NULL;
+  unsigned char *buf = NULL, *bufp;
+  int len, i;
+  unsigned char digest[20];
+  int status = 1;
+
+  if (argc < 2) {
+    fprintf(stderr, "Reading key from stdin...\n");
+    if (!(b = BIO_new_fp(stdin, BIO_NOCLOSE)))
+      die("couldn't read from stdin");
+  } else if (argc == 2) {
+    if (strcmp(argv[1], "-h") == 0 ||
+        strcmp(argv[1], "--help") == 0) {
+      fprintf(stdout, "Usage: %s [keyfile]\n", argv[0]);
+      status = 0;
+      goto err;
+    } else {
+      if (!(b = BIO_new_file(argv[1], "r")))
+        die("couldn't open file");
+    }
+  } else {
+    fprintf(stderr, "Usage: %s [keyfile]\n", argv[0]);
+    goto err;
+  }
+  if (!(key = PEM_read_bio_RSAPrivateKey(b, NULL, NULL, NULL)))
+    die("couldn't parse key");
+
+  len = i2d_RSAPublicKey(key, NULL);
+  if (len < 0)
+    die("Bizarre key");
+  bufp = buf = malloc(len+1);
+  if (!buf)
+    die("Out of memory");
+  len = i2d_RSAPublicKey(key, &bufp);
+  if (len < 0)
+    die("Bizarre key");
+
+  SHA1(buf, len, digest);
+  for (i=0; i < 20; i += 2) {
+    printf("%02X%02X ", (int)digest[i], (int)digest[i+1]);
+  }
+  printf("\n");
+
+  status = 0;
+
+err:
+  if (buf)
+    free(buf);
+  if (key)
+    RSA_free(key);
+  if (b)
+    BIO_free(b);
+  return status;
+}
+

contrib/include.am

@@ -1,18 +0,0 @@
-
-EXTRA_DIST+= \
-	contrib/README					\
-	contrib/client-tools/torify			\
-	contrib/dist/rc.subr				\
-	contrib/dist/suse/tor.sh.in			\
-	contrib/dist/tor.sh				\
-	contrib/dist/torctl				\
-	contrib/dist/tor.service.in			\
-	contrib/operator-tools/linux-tor-prio.sh	\
-	contrib/operator-tools/tor-exit-notice.html	\
-	contrib/or-tools/exitlist			\
-	contrib/win32build/package_nsis-mingw.sh	\
-	contrib/win32build/tor-mingw.nsi.in		\
-	contrib/win32build/tor.ico			\
-	contrib/win32build/tor.nsi.in
-
-bin_SCRIPTS+= contrib/client-tools/torify

contrib/linux-tor-prio.sh

@@ -87,7 +87,7 @@ RATE_UP=5000
 # machine does any other network activity. That is not very fun.
 RATE_UP_TOR=1500
 
-# RATE_UP_TOR_CEIL is the maximum rate allowed for all Tor traffic in
+# RATE_UP_TOR_CEIL is the maximum rate allowed for all Tor trafic in
 # kbits/sec.
 RATE_UP_TOR_CEIL=5000
 

contrib/make-signature.sh

@@ -0,0 +1,79 @@
+#!/bin/sh
+
+set -eu
+
+if test "$1" = "" ; then
+    echo "I need a package as an argument."
+    exit 1
+fi
+
+PACKAGEFILE=$1
+
+if test ! -f "$PACKAGEFILE" ; then
+    echo "$PACKAGEFILE is not a file."
+    exit 1
+fi
+
+DIGESTNAME=sha256
+DIGESTOUTPUT=`gpg --print-md $DIGESTNAME $PACKAGEFILE`
+
+RAWDIGEST=`gpg --print-md $DIGESTNAME $PACKAGEFILE | sed -e 's/^[^ ]*: //' `
+
+# These regexes are a little fragile, but I think they work for us.
+VERSION=`echo $PACKAGEFILE | sed -e 's/^[a-z\-]*//' -e 's/\.[\.a-z]*$//' `
+PACKAGE=`echo $PACKAGEFILE | sed -e 's/-[0-9].*//'`
+SIGFILE_UNSIGNED="$PACKAGE-$VERSION-signature"
+SIGNATUREFILE="$SIGFILE_UNSIGNED.asc"
+
+cat >$SIGFILE_UNSIGNED <<EOF
+This is the signature file for "$PACKAGEFILE",
+which contains version "$VERSION" of "$PACKAGE".
+
+Here's how to check this signature.
+
+1) Make sure that this is really a signature file, and not a forgery,
+   with:
+
+     "gpg --verify $SIGNATUREFILE"
+
+   The key should be one of the keys that signs the Tor release; the
+   official Tor website has more information on those.
+
+   If this step fails, then either you are missing the correct key, or
+   this signature file was not really signed by a Tor packager.
+   Beware!
+
+2) Make sure that the package you wanted is indeed "$PACKAGE", and that
+   its version you wanted is indeed "$VERSION".  If you wanted a
+   different package, or a different version, this signature file is
+   not the right one!
+
+3) Now that you're sure you have the right signature file, make sure
+   that you got the right package.  Check its $DIGESTNAME digest with
+
+     "gpg --print-md $DIGESTNAME $PACKAGEFILE"
+
+   The output should match this, exactly:
+
+$DIGESTOUTPUT
+
+   Make sure that every part of the output matches: don't just check the
+   first few characters.  If the digest does not match, you do not have
+   the right package file.  It could even be a forgery.
+
+Frequently asked questions:
+
+Q: Why not just sign the package file, like you used to do?
+A: GPG signatures authenticate file contents, but not file names.  If
+   somebody gave you a renamed file with a matching renamed signature
+   file, the signature would still be given as "valid".
+
+-- 
+FILENAME: $PACKAGEFILE
+PACKAGE: $PACKAGE
+VERSION: $VERSION
+DIGESTALG: $DIGESTNAME
+DIGEST: $RAWDIGEST
+EOF
+
+gpg --clearsign $SIGFILE_UNSIGNED

contrib/mdd.py

@@ -0,0 +1,169 @@
+#!/usr/bin/env python2.3
+
+import re, sys
+import textwrap
+
+files = sys.argv[1:]
+funcDeclaredIn = {}
+fileDeclares = {}
+functionCalls = {}
+funcCalledByFile = {}
+funcCalledByFunc = {}
+
+cpp_re = re.compile(r'//.*$')
+c_re = re.compile(r'/[*]+(?:[^*]+|[*]+[^/*])*[*]+/', re.M|re.S)
+
+for fname in files:
+    f = open(fname, 'r')
+    curFunc = "???"
+    functionCalls.setdefault(curFunc,{})
+    lineno = 0
+    body = f.read()
+    body = cpp_re.sub(" ",body)
+    body = c_re.sub(" ",body)
+    #if fname == 'dns.c': print body
+    for line in body.split("\n"):
+        lineno += 1
+        m = re.match(r'^[^\s/].*\s(\w+)\([^;]*$', line)
+        if m:
+            #print line, "->", m.group(1)
+            curFunc = m.group(1)
+            if curFunc[0] == '_': curFunc = curFunc[1:]
+            functionCalls.setdefault(curFunc,{})
+            funcDeclaredIn[m.group(1)] = fname
+            fileDeclares.setdefault(fname, {})[m.group(1)] = 1
+            continue
+        m = re.match(r'^(\w+)\([^;]', line)
+        if m:
+            #print line, "->", m.group(1)
+            curFunc = m.group(1)
+            if curFunc[0] == '_': curFunc = curFunc[1:]
+            functionCalls.setdefault(curFunc,{})
+            funcDeclaredIn[m.group(1)] = fname
+            fileDeclares.setdefault(fname, {})[m.group(1)] = 1
+            continue
+        while line:
+            m = re.search(r'(\w+)\(', line)
+            if not m: break
+            #print fname, line, curFunc, "->", m.group(1)
+            fn = m.group(1)
+            if fn[0] == '_':
+                fn = fn[1:]
+            functionCalls[curFunc][m.group(1)] = 1
+            #if curFunc == "???":
+            #    print ">>!!!!! at %s:%s"%(fname,lineno)
+            funcCalledByFunc.setdefault(m.group(1), {})[curFunc]=1
+            funcCalledByFile.setdefault(m.group(1), {})[fname]=1
+            line = line[m.end():]
+
+    f.close()
+
+fileUsers = {}
+fileUses = {}
+
+for fname in files:
+    print "%s:"%fname
+    users = {}
+    for func in fileDeclares[fname]:
+        cb = funcCalledByFile.get(func,{}).keys()
+        for f in cb: users[f] = 1
+        #print "users[%s] = %s"%(f,users[f])
+    users = users.keys()
+    users.sort()
+    fileUsers[fname] = users
+    for user in users:
+        fileUses.setdefault(user,[]).append(fname)
+        if user == fname: continue
+        print "  from %s:"%user
+        for func in fileDeclares[fname]:
+            if funcCalledByFile.get(func,{}).get(user,0):
+                print "    %s()"%func
+
+def wrap(s, pre):
+    return textwrap.fill(s,
+                         width=77, initial_indent=pre,
+                         subsequent_indent=" "*len(pre))
+
+for fname in files:
+    print
+    print "===== %s"%fname
+    print wrap(" ".join(fileUses[fname]),
+               "        Calls: ")
+    print wrap(" ".join(fileUsers[fname]),
+              "    Called by: ")
+
+print "=============================="
+
+funcnames = functionCalls.keys()
+funcnames.sort()
+
+if 1:
+    for func in funcnames:
+        print "===== %s"%func
+        callers = [c for c in funcCalledByFunc.get(func,{}).keys()
+                   if c != "???"]
+        callers.sort()
+        called = [c for c in functionCalls[func].keys() if c != "???" and
+                  c in funcnames]
+        called.sort()
+        print wrap(" ".join(callers),
+                   "  Called by:")
+        print wrap(" ".join(called),
+                   "      Calls:")
+
+# simple topological sort.
+functionDepth = {}
+while 1:
+    BIG = 1000000
+    any = 0
+    for func in funcnames:
+        if functionDepth.has_key(func):
+            continue
+        called = [c for c in functionCalls[func] if c != func and
+                  functionCalls.has_key(c)]
+        if len(called) == 0:
+            functionDepth[func] = 0
+            #print "Depth(%s)=%s"%(func,0)
+            any = 1
+            continue
+        calledDepths = [ functionDepth.get(c,BIG) for c in called ]
+        if max(calledDepths) < BIG:
+            d = functionDepth[func] = max(calledDepths)+1
+            #print "Depth(%s)=%s"%(func,d)
+            any = 1
+            continue
+    if not any:
+        break
+
+# compute lexical closure.
+cycCalls = {}
+for func in funcnames:
+    if not functionDepth.has_key(func):
+        calls = [ c for c in functionCalls[func] if c != func and
+                  functionCalls.has_key(c) and not functionDepth.has_key(c)]
+        cycCalls[func] = d = {}
+        for c in calls:
+            d[c]=1
+
+cycNames = cycCalls.keys()
+while 1:
+    any = 0
+    for func in cycNames:
+        L = len(cycCalls[func])
+        for called in cycCalls[func].keys():
+            cycCalls[func].update(cycCalls[called])
+        if L != len(cycCalls[func]):
+            any = 1
+    if not any:
+        break
+
+depthList = [ (v,k) for k,v in functionDepth.items() ]
+depthList.sort()
+cycList = [ (len(v),k) for k,v in cycCalls.items() ]
+cycList.sort()
+for depth,name in depthList:
+    print "Depth[%s]=%s"%(name,depth)
+for bredth,name in cycList:
+    print "Width[%s]=%s"%(name,bredth)
+
+print "Sorted %s / %s"%(len(functionDepth),len(funcnames))

contrib/netinst.nsi

@@ -0,0 +1,74 @@
+!include "MUI.nsh"
+!include "LogicLib.nsh"
+!include "FileFunc.nsh"
+  
+!define VERSION "0.2.1.13"
+!define INSTALLER "TorNetInstaller.exe"
+!define WEBSITE "https://www.torproject.org/"
+!define LICENSE "LICENSE"
+ 
+SetCompressor /SOLID BZIP2
+RequestExecutionLevel user
+OutFile ${INSTALLER}
+InstallDir "$TEMP\TorInstTmp"
+SetOverWrite on
+Name "Tor Network Installer"
+Caption "Tor Network Installer"
+BrandingText "Tor Network Installer"
+CRCCheck on
+XPStyle on
+ShowInstDetails hide
+VIProductVersion "${VERSION}"
+VIAddVersionKey "ProductName" "Tor"
+VIAddVersionKey "Comments" "${WEBSITE}"
+VIAddVersionKey "LegalTrademarks" "Three line BSD"
+VIAddVersionKey "LegalCopyright" "©2004-2011, Roger Dingledine, Nick Mathewson, The Tor Project, Inc."
+VIAddVersionKey "FileDescription" "Tor is an implementation of Onion Routing. You can read more at ${WEBSITE}"
+VIAddVersionKey "FileVersion" "${VERSION}"
+
+!define MUI_ICON "torinst32.ico"
+!define MUI_HEADERIMAGE_BITMAP "${NSISDIR}\Contrib\Graphics\Header\win.bmp"
+!insertmacro MUI_PAGE_INSTFILES
+!insertmacro MUI_LANGUAGE "English"
+
+Section "Tor" Tor
+	SectionIn RO
+	SetOutPath $INSTDIR
+	Call ExtractPackages
+        Call RunInstallers
+        Call LaunchVidalia
+	Call CleanUpTemp
+SectionEnd
+
+Function ExtractPackages
+	File "license.msi"
+	File "thandy.msi"
+FunctionEnd
+
+Function RunInstallers
+	ExecWait 'msiexec /i "$INSTDIR\license.msi" /qn'
+	ExecWait 'msiexec /i "$INSTDIR\thandy.msi" NOSC=1 /qn'
+	ExecWait '"$LOCALAPPDATA\Programs\Thandy\thandy.exe" update "--repo=$LOCALAPPDATA\Thandy\Tor Updates" /bundleinfo/tor/win32/'
+	ExecWait '"$LOCALAPPDATA\Programs\Thandy\thandy.exe" update "--repo=$LOCALAPPDATA\Thandy\Polipo Updates" /bundleinfo/polipo/win32/'
+	ExecWait '"$LOCALAPPDATA\Programs\Thandy\thandy.exe" update "--repo=$LOCALAPPDATA\Thandy\TorButton Updates" /bundleinfo/torbutton/win32/'
+	ExecWait '"$LOCALAPPDATA\Programs\Thandy\thandy.exe" update "--repo=$LOCALAPPDATA\Thandy\Vidalia Updates" /bundleinfo/vidalia/win32/'
+	ExecWait '"$LOCALAPPDATA\Programs\Thandy\thandy.exe" update --install "--repo=$LOCALAPPDATA\Thandy\Tor Updates" /bundleinfo/tor/win32/'
+	ExecWait '"$LOCALAPPDATA\Programs\Thandy\thandy.exe" update --install "--repo=$LOCALAPPDATA\Thandy\Polipo Updates" /bundleinfo/polipo/win32/'
+	ExecWait '"$LOCALAPPDATA\Programs\Thandy\thandy.exe" update --install "--repo=$LOCALAPPDATA\Thandy\TorButton Updates" /bundleinfo/torbutton/win32/'
+	ExecWait '"$LOCALAPPDATA\Programs\Thandy\thandy.exe" update --install "--repo=$LOCALAPPDATA\Thandy\Vidalia Updates" /bundleinfo/vidalia/win32/'
+        ExpandEnvStrings $0 %COMSPEC%
+        Exec '"$0" /C "$INSTDIR\tbcheck.bat"'
+FunctionEnd
+
+Function LaunchVidalia
+	SetOutPath "$LOCALAPPDATA\Programs\Vidalia"
+	Exec 'vidalia.exe -loglevel info -logfile log.txt'
+FunctionEnd
+
+Function CleanUpTemp
+	ExecWait '"del" "$INSTDIR\license.msi"'
+	ExecWait '"del" "$INSTDIR\thandy.msi"'
+	SetOutPath $TEMP
+	RMDir /r $TEMP\TorInstTmp
+FunctionEnd
+

contrib/package_nsis-mingw.sh

@@ -40,7 +40,7 @@
 # you know what you are doing.
 
 # Start in the tor source directory after you've compiled tor.exe
-# This means start as ./contrib/win32build/package_nsis-mingw.sh
+# This means start as ./contrib/package_nsis-mingw.sh
 
 rm -rf win_tmp
 mkdir win_tmp
@@ -56,7 +56,7 @@ mkdir win_tmp/tmp
 
 cp src/or/tor.exe win_tmp/bin/
 cp src/tools/tor-resolve.exe win_tmp/bin/
-cp contrib/win32build/tor.ico win_tmp/bin/
+cp contrib/tor.ico win_tmp/bin/
 cp src/config/geoip win_tmp/bin/
 strip win_tmp/bin/*.exe
 
@@ -88,7 +88,7 @@ done
 
 clean_localstatedir src/config/torrc.sample.in win_tmp/src/config/torrc.sample
 
-cp contrib/win32build/tor-mingw.nsi.in win_tmp/contrib/
+cp contrib/tor-mingw.nsi.in win_tmp/contrib/
 
 cd win_tmp
 makensis.exe contrib/tor-mingw.nsi.in

contrib/package_nsis-weasel.sh

@@ -0,0 +1,90 @@
+#!/bin/sh
+
+set -e
+
+#
+# Script to package a Tor installer on win32.  This script assumes that
+# you have already built Tor, that you are running cygwin, and that your
+# environment is basically exactly the same as Nick's.
+
+if ! [ -d Win32Build ] || ! [ -d contrib ]; then
+	echo "No Win32Build and/or no contrib directory here.  Are we in the right place?" >&2
+	exit 1
+fi
+
+rm -rf win_tmp
+mkdir win_tmp
+mkdir win_tmp/bin
+mkdir win_tmp/contrib
+mkdir win_tmp/doc
+mkdir win_tmp/doc/website
+mkdir win_tmp/doc/design-paper
+mkdir win_tmp/doc/contrib
+mkdir win_tmp/src
+mkdir win_tmp/src/config
+mkdir win_tmp/tmp
+
+cp Win32Build/vc7/Tor/Debug/Tor.exe win_tmp/bin/tor.exe
+cp Win32Build/vc7/tor_resolve/Debug/tor_resolve.exe win_tmp/bin
+cp ../c-windows-system32/libeay32.dll win_tmp/bin
+cp ../c-windows-system32/ssleay32.dll win_tmp/bin
+
+man2html doc/tor.1.in > win_tmp/tmp/tor-reference.html
+man2html doc/tor-resolve.1 > win_tmp/tmp/tor-resolve.html
+
+clean_newlines() {
+    perl -pe 's/^\n$/\r\n/mg; s/([^\r])\n$/\1\r\n/mg;' $1 >$2
+}
+
+clean_localstatedir() {
+    perl -pe 's/^\n$/\r\n/mg; s/([^\r])\n$/\1\r\n/mg; s{\@LOCALSTATEDIR\@/(lib|log)/tor/}{C:\\Documents and Settings\\Application Data\\Tor\\}' $1 >$2
+}
+
+for fn in \
+	doc/HACKING \
+	doc/control-spec.txt \
+	doc/dir-spec.txt \
+	doc/rend-spec.txt \
+	doc/socks-extensions.txt \
+	doc/tor-spec.txt \
+	doc/version-spec.txt \
+	\
+	doc/website/* \
+	; do
+    clean_newlines "$fn" win_tmp/"$fn"
+done
+mmv win_tmp/doc/website/"*.html.*" win_tmp/doc/website/"#1.#2.html"
+
+cp doc/design-paper/tor-design.pdf win_tmp/doc/design-paper/tor-design.pdf
+
+for fn in tor-reference.html tor-resolve.html; do \
+    clean_newlines win_tmp/tmp/$fn win_tmp/doc/$fn
+done
+
+for fn in README AUTHORS ChangeLog LICENSE; do \
+    clean_newlines $fn win_tmp/$fn
+done
+
+clean_localstatedir src/config/torrc.sample.in win_tmp/src/config/torrc.sample
+
+cp contrib/tor.nsi.in win_tmp/contrib/tor.nsi
+(
+	echo '/WEBSITE-FILES-HERE/'
+	echo 'a' # append
+	for fn in win_tmp/doc/website/*; do
+		echo -n 'File "..\doc\website\'
+		echo -n "`basename $fn`"
+		echo '"'
+	done
+	echo "." # end input
+	echo "w" # write
+	echo "q" # quit
+) | ed win_tmp/contrib/tor.nsi
+
+cd win_tmp/contrib
+
+echo "Now run"
+echo '  t:'
+echo '  cd \tor\win_tmp\contrib'
+echo '  c:\programme\nsis\makensis tor.nsi'
+echo '  move tor-*.exe ../../..'

contrib/package_nsis.sh

@@ -0,0 +1,57 @@
+#!/bin/sh
+#
+# Script to package a Tor installer on win32.  This script assumes that
+# you have already built Tor, that you are running cygwin, and that your
+# environment is basically exactly the same as Nick's.
+
+# This file is obsolete.
+
+rm -rf win_tmp
+mkdir win_tmp
+mkdir win_tmp/bin
+mkdir win_tmp/contrib
+mkdir win_tmp/doc
+mkdir win_tmp/doc/design-paper
+mkdir win_tmp/doc/contrib
+mkdir win_tmp/src
+mkdir win_tmp/src/config
+mkdir win_tmp/tmp
+
+cp Win32Build/vc7/Tor/Debug/Tor.exe win_tmp/bin/tor.exe
+cp Win32Build/vc7/tor_resolve/Debug/tor_resolve.exe win_tmp/bin
+cp c:/windows/system32/libeay32.dll win_tmp/bin
+cp c:/windows/system32/ssleay32.dll win_tmp/bin
+
+man2html doc/tor.1.in > win_tmp/tmp/tor-reference.html
+man2html doc/tor-resolve.1 > win_tmp/tmp/tor-resolve.html
+
+clean_newlines() {
+    perl -pe 's/^\n$/\r\n/mg; s/([^\r])\n$/\1\r\n/mg;' $1 >$2
+}
+
+clean_localstatedir() {
+    perl -pe 's/^\n$/\r\n/mg; s/([^\r])\n$/\1\r\n/mg; s{\@LOCALSTATEDIR\@/(lib|log)/tor/}{C:\\Documents and Settings\\Application Data\\Tor\\}' $1 >$2
+}
+
+for fn in tor-spec.txt HACKING rend-spec.txt control-spec.txt \
+   tor-doc.html tor-doc.css version-spec.txt; do
+    clean_newlines doc/$fn win_tmp/doc/$fn
+done
+
+cp doc/design-paper/tor-design.pdf win_tmp/doc/design-paper/tor-design.pdf
+
+for fn in tor-reference.html tor-resolve.html; do \
+    clean_newlines win_tmp/tmp/$fn win_tmp/doc/$fn
+done
+
+for fn in README AUTHORS ChangeLog LICENSE; do \
+    clean_newlines $fn win_tmp/$fn
+done
+
+clean_localstatedir src/config/torrc.sample.in win_tmp/src/config/torrc.sample
+
+cp contrib/tor.nsi win_tmp/contrib
+
+cd win_tmp/contrib
+makensis tor.nsi
+mv tor-*.exe ../..

contrib/polipo/Makefile.mingw

@@ -0,0 +1,100 @@
+PREFIX = Polipo
+BINDIR = $(PREFIX)\bin
+MANDIR = $(PREFIX)\man
+INFODIR = $(PREFIX)\info
+LOCAL_ROOT = $(PREFIX)
+DISK_CACHE_ROOT = $(PREFIX)\cache
+
+# To compile with Unix CC:
+
+# CDEBUGFLAGS=-O
+
+# To compile with GCC:
+
+# CC = gcc
+# CDEBUGFLAGS = -Os -g -Wall -std=gnu99
+CDEBUGFLAGS = -Os -g -Wall
+# CDEBUGFLAGS = -Os -Wall
+# CDEBUGFLAGS = -g -Wall
+
+# To compile on a pure POSIX system:
+
+# CC = c89
+# CC = c99
+# CDEBUGFLAGS=-O
+
+# To compile with icc 7, you need -restrict.  (Their bug.)
+
+# CC=icc
+# CDEBUGFLAGS = -O -restrict
+
+# On System V (Solaris, HP/UX) you need the following:
+
+# PLATFORM_DEFINES = -DSVR4
+
+# On Solaris, you need the following:
+
+# LDLIBS = -lsocket -lnsl -lresolv
+
+# On mingw, you need
+
+ EXE=.exe
+ LDLIBS = -lwsock32 -lregex
+
+FILE_DEFINES = -DHAVE_REGEX
+
+# You may optionally also add any of the following to DEFINES:
+#
+#  -DNO_DISK_CACHE to compile out the on-disk cache and local web server;
+#  -DNO_IPv6 to avoid using the RFC 3493 API and stick to stock
+#      Berkeley sockets;
+#  -DHAVE_IPv6 to force the use of the RFC 3493 API on systems other
+#      than GNU/Linux and BSD (let me know if it works);
+#  -DNO_FANCY_RESOLVER to compile out the asynchronous name resolution
+#      code;
+#  -DNO_STANDARD_RESOLVER to compile out the code that falls back to
+#      gethostbyname/getaddrinfo when DNS requests fail;
+#  -DNO_TUNNEL to compile out the code that handles CONNECT requests;
+#  -DNO_SOCKS to compile out the SOCKS gateway code.
+#  -DNO_FORBIDDEN to compile out the all of the forbidden URL code
+#  -DNO_REDIRECTOR to compile out the Squid-style redirector code
+#  -DNO_SYSLOG to compile out logging to syslog
+
+DEFINES = $(FILE_DEFINES) $(PLATFORM_DEFINES)
+
+CFLAGS = $(MD5INCLUDES) $(CDEBUGFLAGS) $(DEFINES) $(EXTRA_DEFINES)
+
+SRCS = util.c event.c io.c chunk.c atom.c object.c log.c diskcache.c main.c \
+       config.c local.c http.c client.c server.c auth.c tunnel.c \
+       http_parse.c parse_time.c dns.c forbidden.c \
+       md5import.c md5.c ftsimport.c fts_compat.c socks.c mingw.c
+
+OBJS = util.o event.o io.o chunk.o atom.o object.o log.o diskcache.o main.o \
+       config.o local.o http.o client.o server.o auth.o tunnel.o \
+       http_parse.o parse_time.o dns.o forbidden.o \
+       md5import.o ftsimport.o socks.o mingw.o
+
+polipo$(EXE): $(OBJS)
+	$(CC) $(CFLAGS) $(LDFLAGS) -o polipo$(EXE) $(OBJS) $(MD5LIBS) $(LDLIBS)
+
+ftsimport.o: ftsimport.c fts_compat.c
+
+md5import.o: md5import.c md5.c
+
+.PHONY: all install install.binary install.man
+
+all: polipo$(EXE) polipo.info html/index.html localindex.html
+
+TAGS: $(SRCS)
+	etags $(SRCS)
+
+.PHONY: clean
+
+clean:
+	-rm -f polipo$(EXE) *.o *~ core TAGS gmon.out
+	-rm -f polipo.cp polipo.fn polipo.log polipo.vr
+	-rm -f polipo.cps polipo.info* polipo.pg polipo.toc polipo.vrs
+	-rm -f polipo.aux polipo.dvi polipo.ky polipo.ps polipo.tp
+	-rm -f polipo.dvi polipo.ps polipo.ps.gz polipo.pdf polipo.html
+	-rm -rf ./html/
+	-rm -f polipo.man.html

contrib/polipo/README

@@ -0,0 +1,47 @@
+Copyright 2007-2008, Andrew Lewman
+Copyright 2009-2011, The Tor Project
+
+----------------
+General Comments
+----------------
+
+These are some hacks for making polipo work and install a package native
+to Windows.
+
+They need some work before they can be committed upstream:
+  - Change the Makefile so it has a specific build such as "make
+    dist-win32"
+  - Configure the options for tor in polipo config, just leave them
+    commented out for easy activation.
+  - Work out better polipo config options for Tor.
+
+As always, I'm happy to accept patches.
+
+--------------------------
+Pre-requisites for Windows
+--------------------------
+
+Polipo for Win32 requires the mingw gnu regex library and dlls at
+http://sourceforge.net/project/showfiles.php?group_id=2435&package_id=73286&release_id=140957
+
+You'll need to download the -bin and -dev tarballs.  And extract them
+into your MinGW directory.
+
+Instructions for building polipo under mingw32 for Windows:
+1) Copy Makefile.mingw over Makefile.
+2) Run 'make'. 
+
+You should have a polipo.exe in the current directory.
+
+-------------------------------------------
+Creating an installation package in Windows
+-------------------------------------------
+
+If you want to build an installer using the Nullsoft Installer, install
+the NSI Compiler.  In Windows Explorer, navigate to the directory in
+which you placed polipo-mingw.nsi.  Right click on polipo-mingw.nsi and
+choose Compile NSIS Script.  You'll then create a polipo installer.
+
+The Polipo NSI installer assumes libgnurx-0.dll is in the same directory as polipo.exe.
+You'll need to copy libgnurx-0.dll into "./" in order to make the
+installation package.

contrib/polipo/polipo-mingw.nsi

@@ -0,0 +1,172 @@
+;polipo-mingw.nsi - A basic win32 installer for Polipo
+; Originally written by J Doe.
+; Modified by Andrew Lewman
+; This is licensed under a Modified BSD license.
+;-----------------------------------------
+;
+!include "MUI.nsh"
+
+!define VERSION "1.0.4.0-forbidden-1"
+!define INSTALLER "polipo-${VERSION}-win32.exe"
+!define WEBSITE "http://www.pps.jussieu.fr/~jch/software/polipo/"
+
+!define LICENSE "COPYING"
+;BIN is where it expects to find polipo.exe
+!define BIN "."
+
+SetCompressor lzma
+OutFile ${INSTALLER}
+InstallDir $PROGRAMFILES\Polipo
+SetOverWrite ifnewer
+
+Name "Polipo"
+Caption "Polipo ${VERSION} Setup"
+BrandingText "A Caching Web Proxy"
+CRCCheck on
+XPStyle on
+VIProductVersion "${VERSION}"
+VIAddVersionKey "ProductName" "Polipo: A caching web proxy"
+VIAddVersionKey "Comments" "http://www.pps.jussieu.fr/~jch/software/polipo/"
+VIAddVersionKey "LegalTrademarks" "See COPYING"
+VIAddVersionKey "LegalCopyright" "©2008, Juliusz Chroboczek"
+VIAddVersionKey "FileDescription" "Polipo is a caching web proxy."
+VIAddVersionKey "FileVersion" "${VERSION}"
+
+!define MUI_WELCOMEPAGE_TITLE "Welcome to the Polipo ${VERSION} Setup Wizard"
+!define MUI_WELCOMEPAGE_TEXT "This wizard will guide you through the installation of Polipo ${VERSION}.\r\n\r\nIf you have previously installed Polipo and it is currently running, please exit Polipo first before continuing this installation.\r\n\r\n$_CLICK"
+!define MUI_ABORTWARNING
+!define MUI_ICON "${NSISDIR}\Contrib\Graphics\Icons\win-install.ico"
+!define MUI_UNICON "${NSISDIR}\Contrib\Graphics\Icons\win-uninstall.ico"
+!define MUI_HEADERIMAGE_BITMAP "${NSISDIR}\Contrib\Graphics\Header\win.bmp"
+!define MUI_HEADERIMAGE
+;!define MUI_FINISHPAGE_RUN 
+!define MUI_FINISHPAGE_LINK "Visit the Polipo website for the latest updates."
+!define MUI_FINISHPAGE_LINK_LOCATION ${WEBSITE}
+
+!insertmacro MUI_PAGE_WELCOME
+!insertmacro MUI_PAGE_COMPONENTS
+!insertmacro MUI_PAGE_DIRECTORY
+!insertmacro MUI_PAGE_INSTFILES
+!insertmacro MUI_PAGE_FINISH
+!insertmacro MUI_UNPAGE_WELCOME
+!insertmacro MUI_UNPAGE_CONFIRM
+!insertmacro MUI_UNPAGE_INSTFILES
+!insertmacro MUI_UNPAGE_FINISH
+!insertmacro MUI_LANGUAGE "English"
+
+Var configfile
+Var forbiddenfile
+
+;Sections
+;--------
+
+Section "Polipo" Polipo
+;Files that have to be installed for polipo to run and that the user
+;cannot choose not to install
+   SectionIn RO
+   SetOutPath $INSTDIR
+   File "${BIN}\polipo.exe"
+   File "${BIN}\COPYING"
+   File "${BIN}\CHANGES"
+   File "${BIN}\config.sample"
+   File "${BIN}\forbidden.sample"
+   File "${BIN}\README.Windows"
+   File "${BIN}\libgnurx-0.dll"
+   WriteIniStr "$INSTDIR\Polipo Website.url" "InternetShortcut" "URL" ${WEBSITE}
+
+   StrCpy $configfile "config"
+   StrCpy $forbiddenfile "forbidden"
+   SetOutPath $INSTDIR
+   ;If there's already a polipo config file, ask if they want to
+   ;overwrite it with the new one.
+   IfFileExists "$INSTDIR\config" "" endifconfig
+      MessageBox MB_ICONQUESTION|MB_YESNO "You already have a Polipo config file.$\r$\nDo you want to overwrite it with the default sample config file?" IDNO yesreplace
+      Delete $INSTDIR\config
+      Goto endifconfig
+     yesreplace:
+      StrCpy $configfile ".\config.sample"
+   endifconfig:
+   File /oname=$configfile ".\config.sample"
+   ;If there's already a polipo forbidden file, ask if they want to
+   ;overwrite it with the new one.
+   IfFileExists "$INSTDIR\forbidden" "" endifforbidden
+      MessageBox MB_ICONQUESTION|MB_YESNO "You already have a Polipo forbidden file.$\r$\nDo you want to overwrite it with the default sample forbidden file?" IDNO forbidyesreplace
+      Delete $INSTDIR\forbidden
+      Goto endifforbidden
+     forbidyesreplace:
+      StrCpy $forbiddenfile ".\forbidden.sample"
+   endifforbidden:
+   File /oname=$forbiddenfile ".\forbidden.sample"
+   IfFileExists "$INSTDIR\bin\*.*" "" endifbinroot
+	CreateDirectory "$INSTDIR\bin"
+   endifbinroot:
+   CopyFiles "${BIN}\localindex.html" $INSTDIR\index.html
+   IfFileExists "$INSTDIR\cache\*.*" "" endifcache
+	CreateDirectory "$INSTDIR\cache"
+   endifcache:
+SectionEnd
+
+SubSection /e "Shortcuts" Shortcuts
+
+Section "Start Menu" StartMenu
+   SetOutPath $INSTDIR
+   IfFileExists "$SMPROGRAMS\Polipo\*.*" "" +2
+      RMDir /r "$SMPROGRAMS\Polipo"
+   CreateDirectory "$SMPROGRAMS\Polipo"
+   CreateShortCut "$SMPROGRAMS\Polipo\Polipo.lnk" "$INSTDIR\polipo.exe" "-c config" 
+   CreateShortCut "$SMPROGRAMS\Polipo\Poliporc.lnk" "Notepad.exe" "$INSTDIR\config"
+   CreateShortCut "$SMPROGRAMS\Polipo\Polipo Documentation.lnk" "$INSTDIR\www\index.html"
+   CreateShortCut "$SMPROGRAMS\Polipo\Polipo Website.lnk" "$INSTDIR\Polipo Website.url"
+   CreateShortCut "$SMPROGRAMS\Polipo\Uninstall.lnk" "$INSTDIR\Uninstall.exe"
+SectionEnd
+
+Section "Desktop" Desktop
+   SetOutPath $INSTDIR
+   CreateShortCut "$DESKTOP\Polipo.lnk" "$INSTDIR\polipo.exe" "-c config" 
+SectionEnd
+
+Section /o "Run at startup" Startup
+   SetOutPath $INSTDIR
+   CreateShortCut "$SMSTARTUP\Polipo.lnk" "$INSTDIR\polipo.exe" "-c config -f forbidden" "" "" "" SW_SHOWMINIMIZED
+SectionEnd
+
+SubSectionEnd
+
+Section "Uninstall"
+   Delete "$DESKTOP\Polipo.lnk"
+   Delete "$INSTDIR\polipo.exe"
+   Delete "$INSTDIR\Polipo Website.url"
+   Delete "$INSTDIR\config"
+   Delete "$INSTDIR\config.sample"
+   Delete "$INSTDIR\forbidden.sample"
+   Delete "$INSTDIR\libgnurx-0.dll"
+   Delete "$INSTDIR\COPYING"
+   Delete "$INSTDIR\CHANGES"
+   Delete "$INSTDIR\README.Windows"
+   StrCmp $INSTDIR $INSTDIR +2 ""
+      RMDir /r $INSTDIR
+   Delete "$INSTDIR\Uninstall.exe"
+   RMDir /r "$INSTDIR\Documents"
+   RMDir $INSTDIR
+   RMDir /r "$SMPROGRAMS\Polipo"
+   RMDir /r "$APPDATA\Polipo"
+   Delete "$SMSTARTUP\Polipo.lnk"
+   DeleteRegKey HKLM "SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Polipo"
+SectionEnd
+
+Section -End
+    WriteUninstaller "$INSTDIR\Uninstall.exe"
+    ;The registry entries simply add the Polipo uninstaller to the Windows
+    ;uninstall list.
+    WriteRegStr HKLM "Software\Microsoft\Windows\CurrentVersion\Uninstall\Polipo" "DisplayName" "Polipo (remove only)"
+    WriteRegStr HKLM "Software\Microsoft\Windows\CurrentVersion\Uninstall\Polipo" "UninstallString" '"$INSTDIR\Uninstall.exe"'
+SectionEnd
+
+!insertmacro MUI_FUNCTION_DESCRIPTION_BEGIN
+  !insertmacro MUI_DESCRIPTION_TEXT ${Polipo} "The core executable and config files needed for Polipo to run."
+  !insertmacro MUI_DESCRIPTION_TEXT ${ShortCuts} "Shortcuts to easily start Polipo"
+  !insertmacro MUI_DESCRIPTION_TEXT ${StartMenu} "Shortcuts to access Polipo and it's documentation from the Start Menu"
+  !insertmacro MUI_DESCRIPTION_TEXT ${Desktop} "A shortcut to start Polipo from the desktop"
+  !insertmacro MUI_DESCRIPTION_TEXT ${Startup} "Launches Polipo automatically at startup in a minimized window"
+!insertmacro MUI_FUNCTION_DESCRIPTION_END
+

contrib/redox.py

@@ -1,6 +1,6 @@
 #!/usr/bin/python
 #
-#  Copyright (c) 2008-2017, The Tor Project, Inc.
+#  Copyright (c) 2008-2012 The Tor Project, Inc.
 #  See LICENSE for licensing information.
 #
 # Hi!
@@ -10,7 +10,7 @@
 #   to tell you where documentation should go!
 # To use me, edit the stuff below...
 #  ...and run 'make doxygen 2>doxygen.stderr' ...
-#  ...and run ./scripts/maint/redox.py < doxygen.stderr !
+#  ...and run ./contrib/redox.py < doxygen.stderr !
 # I'll make a bunch of new files by adding missing DOCDOC comments to your
 #    source.  Those files will have names like ./src/common/util.c.newdoc.
 # You will want to look over the changes by hand before checking them in.
@@ -21,7 +21,7 @@
 # 1. make doxygen 1>doxygen.stdout 2>doxygen.stderr.
 # 2. grep Warning doxygen.stderr | grep -v 'is not documented' | less
 #      [This will tell you about all the bogus doxygen output you have]
-# 3. python ./scripts/maint/redox.py <doxygen.stderr
+# 3. python ./contrib/redox.py <doxygen.stderr
 #      [This will make lots of .newdoc files with DOCDOC comments for
 #       whatever was missing documentation.]
 # 4. Look over those .newdoc files, and see which docdoc comments you
@@ -33,6 +33,8 @@
 # files that we've snarfed in from somebody else, whose C we do no intend
 # to document for them.
 SKIP_FILES = [ "OpenBSD_malloc_Linux.c",
+               "eventdns.c",
+               "eventdns.h",
                "strlcat.c",
                "strlcpy.c",
                "sha256.c",
@@ -60,7 +62,7 @@ KINDS = [ "type", "field", "typedef", "define", "function", "variable",
 
 NODOC_LINE_RE = re.compile(r'^([^:]+):(\d+): (\w+): (.*) is not documented\.$')
 
-THING_RE = re.compile(r'^Member ([a-zA-Z0-9_]+).*\((typedef|define|function|variable|enumeration|macro definition)\) of (file|class) ')
+THING_RE = re.compile(r'^Member ([a-zA-Z0-9_]+).*\((typedef|define|function|variable|enumeration)\) of (file|class) ')
 
 SKIP_NAMES = [re.compile(s) for s in SKIP_NAME_PATTERNS]
 
@@ -101,15 +103,11 @@ def read():
 
 def findline(lines, lineno, ident):
     """Given a list of all the lines in the file (adjusted so 1-indexing works),
-       a line number that ident is allegedly on, and ident, I figure out
+       a line number that ident is alledgedly on, and ident, I figure out
        the line where ident was really declared."""
-    lno = lineno
     for lineno in xrange(lineno, 0, -1):
-        try:
-            if ident in lines[lineno]:
-                return lineno
-        except IndexError:
-            continue
+        if ident in lines[lineno]:
+            return lineno
 
     return None
 
@@ -128,16 +126,8 @@ def hascomment(lines, lineno, kind):
 def hasdocdoc(lines, lineno, kind):
     """I return true if it looks like there's already a docdoc comment about
        the thing on lineno of lines of type kind."""
-    try:
-        if "DOCDOC" in lines[lineno]:
-            return True
-    except IndexError:
-        pass
-    try:
-        if "DOCDOC" in lines[lineno-1]:
-            return True
-    except IndexError:
-        pass
+    if "DOCDOC" in lines[lineno] or "DOCDOC" in lines[lineno-1]:
+        return True
     if kind == 'function' and FUNC_PAT.match(lines[lineno]):
         if "DOCDOC" in lines[lineno-2]:
             return True
@@ -220,7 +210,6 @@ def applyComments(fn, entries):
 e = read()
 
 for fn, errs in e.iteritems():
-    print `(fn, errs)`
     comments = checkf(fn, errs)
     if comments:
         applyComments(fn, comments)

contrib/sd

@@ -0,0 +1,84 @@
+#!/bin/bash
+#
+# Copyright (c) 2005, 2006, 2007, 2008 Peter Palfrader <peter@palfrader.org>
+# Copyright (c) 2008, 2009 Jacob Appelbaum <jacob@appelbaum.net>
+#
+# Permission is hereby granted, free of charge, to any person obtaining
+# a copy of this software and associated documentation files (the
+# "Software"), to deal in the Software without restriction, including
+# without limitation the rights to use, copy, modify, merge, publish,
+# distribute, sublicense, and/or sell copies of the Software, and to
+# permit persons to whom the Software is furnished to do so, subject to
+# the following conditions:
+#
+# The above copyright notice and this permission notice shall be
+# included in all copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+# LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+# OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+# WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+# 
+# This small script fetches information about a server when given a nickname.
+# It currently uses the v2 dir information and not the v3 consensus by default.
+# It requires wget, perl, awk to function properly. This is based on a zsh
+# dotfile from weasel and adapted to be a small bash utility.
+# 
+
+# Feel free to set any authority you desire, we're using weasel's by default
+# You could also try the v3 directory infomation in weasel's dir authority:
+# http://tor.noreply.org/tor/status-vote/current/consensus
+#
+
+# Users can select between the two
+v3authority="http://tor.noreply.org/tor/status-vote/current/consensus";
+v2authority="http://tor.noreply.org:80/tor/status/authority";
+authority=$v2authority;
+
+function usage {
+    echo "Usage: $0 [-2|-3] nodenickname";
+}
+
+if [ -z "$1" ];
+then
+    usage;
+    exit;
+fi
+
+# Are we switching between v2 or v3?
+if [ "$1" == "-2" -o "$1" == "-3" ];
+then
+    if [ "$1" == "-2" -a -n "$2" ]; 
+    then    
+        authority=$v2authority;
+        nickname="$2";
+    elif [ "$1" == "-3" -a -n "$2" ];
+    then
+        authority=$v3authority;
+        nickname="$2";
+    else
+        usage;
+        exit;
+    fi
+else
+    nickname="$1";
+fi
+
+# Fetch it and decode the fingerprint 
+fp=`wget -q -O - $authority | \
+	awk '$1 == "r" && $2 == "'$nickname'" {printf "%s===", $3}' | \
+	perl -MMIME::Base64 -e "print unpack(\"H*\", decode_base64(<>)),\"\n\"";`
+
+# If we don't have a fingerprint, we don't have a match
+if [ "$fp" != "" ];
+then
+	wget -q -O - http://tor.noreply.org:80/tor/server/fp/$fp;
+	exit $?;	
+else
+	echo "It appears the nickname is not currently known by the directory" \
+         "authority."
+	exit 1;
+fi

contrib/suse/Makefile.am

@@ -0,0 +1,3 @@
+confdir = $(sysconfdir)/tor
+
+EXTRA_DIST = tor.sh

contrib/tor-ctrl.sh

@@ -0,0 +1,212 @@
+#!/bin/bash
+#
+# tor-ctrl is a commandline tool for executing commands on a tor server via
+# the controlport.  In order to get this to work, add "ControlPort 9051" and
+# "CookieAuthentication 1" to your torrc and reload tor.  Or - if you want a
+# fixed password - leave out "CookieAuthentication 1" and use the following
+# line to create the appropriate HashedControlPassword entry for your torrc
+# (you need to change yourpassword, of course):
+#
+# echo "HashedControlPassword $(tor --hash-password yourpassword | tail -n 1)"
+#
+# tor-ctrl will return 0 if it was successful and 1 if not, 2 will be returned
+# if something (telnet, xxd) is missing.  4 will be returned if it executed
+# several commands from a file.
+#
+# For setting the bandwidth for specific times of the day, I suggest calling
+# tor-ctrl via cron, e.g.:
+#
+# 0 22 * * * /path/to/tor-ctrl -c "SETCONF bandwidthrate=1mb"
+# 0 7 * * *  /path/to/tor-ctrl -c "SETCONF bandwidthrate=100kb"
+#
+# This would set the bandwidth to 100kb at 07:00 and to 1mb at 22:00.  You can
+# use notations like 1mb, 1kb or the number of bytes.
+#
+# Many, many other things are possible, see
+#              https://www.torproject.org/svn/trunk/doc/spec/control-spec.txt
+#
+# Copyright (c) 2007 by Stefan Behte
+#
+# tor-ctrl is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# tor-ctrl is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with tor-ctrl; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
+#
+# Written by Stefan Behte
+#
+# Please send bugs, comments, wishes, thanks and success stories to:
+# Stefan dot Behte at gmx dot net
+#
+# Also have a look at my page:
+# http://ge.mine.nu/
+#
+# 2007-10-03: First version, only changing bandwidth possible.
+# 2007-10-04: Renaming to "tor-ctrl", added a lot of functions, it's now a
+#             general-purpose tool.
+#             Added control_auth_cookie/controlpassword auth, getopts,
+#             program checks, reading from file etc.
+
+VERSION=v1
+TORCTLIP=127.0.0.1
+TORCTLPORT=9051
+TOR_COOKIE="/var/lib/tor/data/control_auth_cookie"
+SLEEP_AFTER_CMD=1
+VERBOSE=0
+
+usage()
+{
+cat <<EOF
+
+tor-ctrl $VERSION by Stefan Behte (http://ge.mine.nu)
+You should have a look at 
+https://www.torproject.org/svn/trunk/doc/spec/control-spec.txt
+
+usage: tor-ctrl [-switch] [variable]
+
+       [-c] [command] = command to execute
+                        notice: always "quote" your command
+
+       [-f] [file]    = file to execute commands from
+                        notice: only one command per line
+
+       [-a] [path]    = path to tor's control_auth_cookie
+                        default: /var/lib/tor/data/control_auth_cookie
+                        notice: do not forget to adjust your torrc
+
+       [-s] [time]    = sleep [var] seconds after each command sent
+                        default: 1 second
+                        notice: for GETCONF, you can use smaller pause times
+                        than for SETCONF; this is due to telnet's behaviour.
+
+       [-p] [pwd]     = Use password [var] instead of tor's control_auth_cookie
+                        default: not used
+                        notice: do not forget to adjust your torrc
+                                
+       [-P] [port]     = Tor ControlPort
+                        default: 9051
+
+       [-v]           = verbose
+                        default: not set
+                        notice: the default output is the return code ;)
+                        You propably want to set -v when running manually
+
+       Examples:      $0 -c "SETCONF bandwidthrate=1mb"
+                      $0 -v -c "GETINFO version"
+                      $0 -v -s 0 -P 9051 -p foobar -c "GETCONF bandwidthrate"
+
+EOF
+exit 2
+}
+
+checkprogs()
+{
+        programs="telnet"
+        if [ "$PASSWORD" = "" ]   
+        then
+                # you only need xxd when using control_auth_cookie
+                programs="$programs xxd"
+        fi
+
+        for p in $programs
+        do
+                which $p &>/dev/null            # are you there?
+                if [ "$?" != "0" ]
+                then
+                        echo "$p is missing."
+                        exit 2
+                fi
+        done
+}
+
+sendcmd()
+{
+        echo "$@"
+        sleep ${SLEEP_AFTER_CMD}
+}
+
+login()
+{
+        if [ "$PASSWORD" = "" ]
+        then
+                sendcmd "AUTHENTICATE $(xxd -c 32 -g 0 ${TOR_COOKIE} | awk '{print $2}')"
+        else
+                sendcmd "AUTHENTICATE \"${PASSWORD}\""
+        fi
+}
+
+cmdpipe()
+{
+        login
+        sendcmd "$@"
+        sendcmd "QUIT"
+}
+
+vecho()
+{
+        if [ $VERBOSE -ge 1 ]
+        then
+                echo "$@"
+        fi
+}
+
+myecho()
+{
+        STR=$(cat)
+        vecho "$STR"
+
+        echo "$STR" | if [ "$(grep -c ^"250 ")" = 3 ]
+        then
+                exit 0
+        else
+                exit 1
+        fi
+}
+
+filepipe()
+{
+        login
+        cat "$1" | while read line
+        do
+                sendcmd "$line"
+        done
+        sendcmd "QUIT"
+}
+
+while getopts ":a:c:s:p:P:f:vh" Option
+do
+        case $Option in
+                a) TOR_COOKIE="${OPTARG}";;
+                c) CMD="${OPTARG}";;
+                s) SLEEP_AFTER_CMD="${OPTARG}";;
+                p) PASSWORD="${OPTARG}";;
+                P) TORCTLPORT="${OPTARG}";;
+                f) FILE="${OPTARG}";;
+                v) VERBOSE=1;;
+                h) usage;;
+                *) usage;;
+        esac
+done
+
+if [ -e "$FILE" ]
+then
+        checkprogs
+        filepipe "$FILE" | telnet $TORCTLIP $TORCTLPORT 2>/dev/null | myecho
+        exit 4
+fi
+
+if [ "$CMD" != "" ]
+then
+        checkprogs
+        cmdpipe $CMD | telnet $TORCTLIP $TORCTLPORT 2>/dev/null | myecho
+else
+        usage
+fi

contrib/tor-mingw.nsi.in

@@ -8,7 +8,7 @@
 !include "LogicLib.nsh"
 !include "FileFunc.nsh"
 !insertmacro GetParameters
-!define VERSION "0.3.4.1-alpha-dev"
+!define VERSION "0.2.3.25"
 !define INSTALLER "tor-${VERSION}-win32.exe"
 !define WEBSITE "https://www.torproject.org/"
 !define LICENSE "LICENSE"
@@ -147,7 +147,7 @@ SectionEnd
 !insertmacro MUI_DESCRIPTION_TEXT ${Tor} "The core executable and config files needed for Tor to run."
 !insertmacro MUI_DESCRIPTION_TEXT ${Docs} "Documentation about Tor."
 !insertmacro MUI_DESCRIPTION_TEXT ${ShortCuts} "Shortcuts to easily start Tor"
-!insertmacro MUI_DESCRIPTION_TEXT ${StartMenu} "Shortcuts to access Tor and its documentation from the Start Menu"
+!insertmacro MUI_DESCRIPTION_TEXT ${StartMenu} "Shortcuts to access Tor and it's documentation from the Start Menu"
 !insertmacro MUI_DESCRIPTION_TEXT ${Desktop} "A shortcut to start Tor from the desktop"
 !insertmacro MUI_DESCRIPTION_TEXT ${Startup} "Launches Tor automatically at startup in a minimized window"
 !insertmacro MUI_FUNCTION_DESCRIPTION_END