Merge commit 'tor-0.2.1.20' into debian-merge

* commit 'tor-0.2.1.20': (36 commits) bump to 0.2.1.20 Move moria1 and Tonga to alternate IP addresses. read the "circwindow" parameter from the consensus Code to parse and access network parameters. Revert "Teach connection_ap_can_use_exit about Exclude*Nodes" Work around a memory leak in openssl 0.9.8g (and maybe others) Teach connection_ap_can_use_exit about Exclude*Nodes make some bug 1090 warnings go away Fix a memory leak when parsing a ns Fix obscure 64-bit big-endian hidserv bug turns out the packaging changes aren't in 0.2.1.20 update changelog with bundle details Use an _actual_ fix for the byte-reverse warning. Use a simpler fix for the byte-reversing warning Fix compile warnings on Snow Leopard Add getinfo accepted-server-descriptor. Clean spec. Reduce log level for bug case that we now know really exists. Only send reachability status events on overall success/failure update the README instructions and OS X makefiles Avoid segfault when accessing hidden service. ...
2024-11-27 22:03:31 +01:00 · 2009-11-13 19:01:22 +01:00 · 2009-11-13 19:01:22 +01:00 · 0e74939671
commit 0e74939671
parent 58ccdfccef 16dc543851
40 changed files with 527 additions and 186 deletions
--- a/110
+++ b/110
@ -1,7 +1,74 @@
-Changes in version 0.2.1.19 - 2009-07-28
+Changes in version 0.2.1.20 - 2009-10-15
  o Major bugfixes:
-    - Make accessing hidden services on 0.2.1.x work right
+    - Send circuit or stream sendme cells when our window has decreased
-      again. Bugfix on 0.2.1.3-alpha; workaround for bug 1038.
+      by 100 cells, not when it has decreased by 101 cells. Bug uncovered
      by Karsten when testing the "reduce circuit window" performance
      patch. Bugfix on the 54th commit on Tor -- from July 2002,
      before the release of Tor 0.0.0. This is the new winner of the
      oldest-bug prize.
    - Fix a remotely triggerable memory leak when a consensus document
      contains more than one signature from the same voter. Bugfix on
      0.2.0.3-alpha.
    - Avoid segfault in rare cases when finishing an introduction circuit
      as a client and finding out that we don't have an introduction key
      for it. Fixes bug 1073. Reported by Aaron Swartz.
  o Major features:
    - Tor now reads the "circwindow" parameter out of the consensus,
      and uses that value for its circuit package window rather than the
      default of 1000 cells. Begins the implementation of proposal 168.
  o New directory authorities:
    - Set up urras (run by Jacob Appelbaum) as the seventh v3 directory
      authority.
    - Move moria1 and tonga to alternate IP addresses.
  o Minor bugfixes:
    - Fix a signed/unsigned compile warning in 0.2.1.19.
    - Fix possible segmentation fault on directory authorities. Bugfix on
      0.2.1.14-rc.
    - Fix an extremely rare infinite recursion bug that could occur if
      we tried to log a message after shutting down the log subsystem.
      Found by Matt Edman. Bugfix on 0.2.0.16-alpha.
    - Fix an obscure bug where hidden services on 64-bit big-endian
      systems might mis-read the timestamp in v3 introduce cells, and
      refuse to connect back to the client. Discovered by "rotor".
      Bugfix on 0.2.1.6-alpha.
    - We were triggering a CLOCK_SKEW controller status event whenever
      we connect via the v2 connection protocol to any relay that has
      a wrong clock. Instead, we should only inform the controller when
      it's a trusted authority that claims our clock is wrong. Bugfix
      on 0.2.0.20-rc; starts to fix bug 1074. Reported by SwissTorExit.
    - We were telling the controller about CHECKING_REACHABILITY and
      REACHABILITY_FAILED status events whenever we launch a testing
      circuit or notice that one has failed. Instead, only tell the
      controller when we want to inform the user of overall success or
      overall failure. Bugfix on 0.1.2.6-alpha. Fixes bug 1075. Reported
      by SwissTorExit.
    - Don't warn when we're using a circuit that ends with a node
      excluded in ExcludeExitNodes, but the circuit is not used to access
      the outside world. This should help fix bug 1090. Bugfix on
      0.2.1.6-alpha.
    - Work around a small memory leak in some versions of OpenSSL that
      stopped the memory used by the hostname TLS extension from being
      freed.
  o Minor features:
    - Add a "getinfo status/accepted-server-descriptor" controller
      command, which is the recommended way for controllers to learn
      whether our server descriptor has been successfully received by at
      least on directory authority. Un-recommend good-server-descriptor
      getinfo and status events until we have a better design for them.
 Changes in version 0.2.1.19 - 2009-07-28
  Tor 0.2.1.19 fixes a major bug with accessing and providing hidden
  services on Tor 0.2.1.3-alpha through 0.2.1.18.
  o Major bugfixes:
    - Make accessing hidden services on 0.2.1.x work right again.
      Bugfix on 0.2.1.3-alpha; workaround for bug 1038. Diagnosis and
      part of patch provided by "optimist".
  o Minor features:
    - When a relay/bridge is writing out its identity key fingerprint to
@ -20,6 +87,12 @@ Changes in version 0.2.1.19 - 2009-07-28
 Changes in version 0.2.1.18 - 2009-07-24
  Tor 0.2.1.18 lays the foundations for performance improvements,
  adds status events to help users diagnose bootstrap problems, adds
  optional authentication/authorization for hidden services, fixes a
  variety of potential anonymity problems, and includes a huge pile of
  other features and bug fixes.
  o Build fixes:
    - Add LIBS=-lrt to Makefile.am so the Tor RPMs use a static libevent.
@ -82,6 +155,37 @@ Changes in version 0.2.1.17-rc - 2009-07-07
      further bugs for relays on dynamic IP addresses.
 Changes in version 0.2.0.35 - 2009-06-24
  o Security fix:
    - Avoid crashing in the presence of certain malformed descriptors.
      Found by lark, and by automated fuzzing.
    - Fix an edge case where a malicious exit relay could convince a
      controller that the client's DNS question resolves to an internal IP
      address. Bug found and fixed by "optimist"; bugfix on 0.1.2.8-beta.
  o Major bugfixes:
    - Finally fix the bug where dynamic-IP relays disappear when their
      IP address changes: directory mirrors were mistakenly telling
      them their old address if they asked via begin_dir, so they
      never got an accurate answer about their new address, so they
      just vanished after a day. For belt-and-suspenders, relays that
      don't set Address in their config now avoid using begin_dir for
      all direct connections. Should fix bugs 827, 883, and 900.
    - Fix a timing-dependent, allocator-dependent, DNS-related crash bug
      that would occur on some exit nodes when DNS failures and timeouts
      occurred in certain patterns. Fix for bug 957.
  o Minor bugfixes:
    - When starting with a cache over a few days old, do not leak
      memory for the obsolete router descriptors in it. Bugfix on
      0.2.0.33; fixes bug 672.
    - Hidden service clients didn't use a cached service descriptor that
      was older than 15 minutes, but wouldn't fetch a new one either,
      because there was already one in the cache. Now, fetch a v2
      descriptor unless the same descriptor was added to the cache within
      the last 15 minutes. Fixes bug 997; reported by Marcus Griep.
 Changes in version 0.2.1.16-rc - 2009-06-20
  Tor 0.2.1.16-rc speeds up performance for fast exit relays, and fixes
  a bunch of minor bugs.
--- a/31
+++ b/31
@ -3,7 +3,38 @@ This document summarizes new features and bugfixes in each stable release
 of Tor. If you want to see more detailed descriptions of the changes in
 each development snapshot, see the ChangeLog file.
 Changes in version 0.2.1.19 - 2009-07-28
  Tor 0.2.1.19 fixes a major bug with accessing and providing hidden
  services.
  o Major bugfixes:
    - Make accessing hidden services on 0.2.1.x work right again.
      Bugfix on 0.2.1.3-alpha; workaround for bug 1038. Diagnosis and
      part of patch provided by "optimist".
  o Minor features:
    - When a relay/bridge is writing out its identity key fingerprint to
      the "fingerprint" file and to its logs, write it without spaces. Now
      it will look like the fingerprints in our bridges documentation,
      and confuse fewer users.
  o Minor bugfixes:
    - Relays no longer publish a new server descriptor if they change
      their MaxAdvertisedBandwidth config option but it doesn't end up
      changing their advertised bandwidth numbers. Bugfix on 0.2.0.28-rc;
      fixes bug 1026. Patch from Sebastian.
    - Avoid leaking memory every time we get a create cell but we have
      so many already queued that we refuse it. Bugfix on 0.2.0.19-alpha;
      fixes bug 1034. Reported by BarkerJr.
 Changes in version 0.2.1.18 - 2009-07-24
  Tor 0.2.1.18 lays the foundations for performance improvements,
  adds status events to help users diagnose bootstrap problems, adds
  optional authentication/authorization for hidden services, fixes a
  variety of potential anonymity problems, and includes a huge pile of
  other features and bug fixes.
  o Major features (clients):
    - Start sending "bootstrap phase" status events to the controller,
      so it can keep the user informed of progress fetching directory
--- a/configure.in
+++ b/configure.in
@ -5,7 +5,7 @@ dnl Copyright (c) 2007-2008, The Tor Project, Inc.
 dnl See LICENSE for licensing information
 AC_INIT
-AM_INIT_AUTOMAKE(tor, 0.2.1.19)
+AM_INIT_AUTOMAKE(tor, 0.2.1.20)
 AM_CONFIG_HEADER(orconfig.h)
 AC_CANONICAL_HOST
--- a/contrib/directory-archive/fetch-all
+++ b/contrib/directory-archive/fetch-all
@ -30,8 +30,8 @@ DIRSERVERS=""
 DIRSERVERS="$DIRSERVERS 86.59.21.38:80"		# tor26
 DIRSERVERS="$DIRSERVERS 128.31.0.34:9031"	# moria1
 DIRSERVERS="$DIRSERVERS 128.31.0.34:9032"	# moria2
 #DIRSERVERS="$DIRSERVERS 140.247.60.64:80"	# lefkada
 DIRSERVERS="$DIRSERVERS 194.109.206.212:80"	# dizum
 DATEDIR=$(date "+%Y/%m/%d")
 TIME=$(date "+%Y%m%d-%H%M%S")
--- a/contrib/directory-archive/fetch-all-v3
+++ b/contrib/directory-archive/fetch-all-v3
@ -35,6 +35,7 @@ DIRSERVERS="$DIRSERVERS 80.190.246.100:80"	# gabelmoo
 DIRSERVERS="$DIRSERVERS 194.109.206.212:80"	# dizum
 #DIRSERVERS="$DIRSERVERS 128.31.0.34:9032"	# moria2
 DIRSERVERS="$DIRSERVERS 213.73.91.31:80"	# dannenberg
 DIRSERVERS="$DIRSERVERS 208.83.223.34:443"	# urras
 TIME=$(date "+%Y%m%d-%H%M%S")
 . fetch-all-functions
--- a/contrib/osx/uninstall_tor_bundle.sh
+++ b/contrib/osx/uninstall_tor_bundle.sh
@ -134,7 +134,7 @@ fi
 ## clean up
 echo ". Cleaning up"
 rm -rf $TEMP_BOM_CONTENTS
-rm -rf /Library/Privoxy/ /Library/StartupItems/Privoxy/ /Library/Tor/ /Library/StartupItems/Tor/ /Library/Torbutton/ 
+rm -rf /Library/Privoxy/ /Library/StartupItems/Privoxy/ /Library/Tor/ /Library/StartupItems/Tor/ /Library/Torbutton/ /Library/Receipts/Privoxy.pkg /Library/Receipts/torbutton.pkg /Library/Receipts/Tor.pkg /Library/Receipts/Vidalia.pkg /Library/Receipts/TorStartup.pkg
 echo ". Finished"
--- a/contrib/polipo/Makefile.osx
+++ b/contrib/polipo/Makefile.osx
@ -30,9 +30,13 @@ FILE_DEFINES = -DLOCAL_ROOT=\"$(LOCAL_ROOT)/\" \
 DEFINES = $(FILE_DEFINES) $(PLATFORM_DEFINES)
-UNIVERSAL = -O -g -mmacosx-version-min=10.4 -isysroot /Developer/SDKs/MacOSX10.4u.sdk -arch i386 -arch ppc
+# Uncomment the UNIVERSAL, LDFLAGS, CFLAGS lines if you want universal binaries, otherwise
-LDFLAGS = -Wl,-syslibroot,/Developer/SDKs/MacOSX10.4u.sdk
+# you'll produce a binary only for your architecture and version of OSX
-CFLAGS = $(MD5INCLUDES) $(CDEBUGFLAGS) $(DEFINES) $(EXTRA_DEFINES) $(UNIVERSAL)
+# UNIVERSAL = -O -g -mmacosx-version-min=10.4 -isysroot /Developer/SDKs/MacOSX10.4u.sdk -arch i386 -arch ppc
 # LDFLAGS = -Wl,-syslibroot,/Developer/SDKs/MacOSX10.4u.sdk
 # CFLAGS = $(MD5INCLUDES) $(CDEBUGFLAGS) $(DEFINES) $(EXTRA_DEFINES) $(UNIVERSAL)
 # If you uncommented the above CFLAGS, remove this next one.
 CFLAGS = $(MD5INCLUDES) $(CDEBUGFLAGS) $(DEFINES) $(EXTRA_DEFINES) 
 SRCS = util.c event.c io.c chunk.c atom.c object.c log.c diskcache.c main.c \
       config.c local.c http.c client.c server.c auth.c tunnel.c \
--- a/contrib/polipo/README
+++ b/contrib/polipo/README
@ -1,4 +1,6 @@
 Copyright 2007-2008 Andrew Lewman
 Copyright 2009 The Tor Project
 ----------------
 General Comments
 ----------------
--- a/contrib/tor-mingw.nsi.in
+++ b/contrib/tor-mingw.nsi.in
@ -9,7 +9,7 @@
 !include "FileFunc.nsh"
 !insertmacro GetParameters
-!define VERSION "0.2.1.19"
+!define VERSION "0.2.1.20"
 !define INSTALLER "tor-${VERSION}-win32.exe"
 !define WEBSITE "https://www.torproject.org/"
 !define LICENSE "LICENSE"
@ -216,6 +216,7 @@ Function un.InstallFiles
 	Delete "$INSTDIR\tor.ico"
 	Delete "$SMSTARTUP\Tor.lnk"
 	Delete "$INSTDIR\Uninstall.exe"
    Delete "$INSTDIR\geoip"
 FunctionEnd
 Function un.InstallDirectories
--- a/doc/spec/control-spec.txt
+++ b/doc/spec/control-spec.txt
@ -558,6 +558,7 @@ $Id$
    "status/circuit-established"
    "status/enough-dir-info"
    "status/good-server-descriptor"
    "status/accepted-server-descriptor"
    "status/..."
      These provide the current internal Tor values for various Tor
      states. See Section 4.1.10 for explanations. (Only a few of the
@ -1255,20 +1256,26 @@ $Id$
     CLOCK_SKEW
       SKEW="+" / "-" SECONDS
       MIN_SKEW="+" / "-" SECONDS.
-       SOURCE="DIRSERV:IP:Port" / "NETWORKSTATUS:IP:PORT" / "CONSENSUS"
+       SOURCE="DIRSERV:" IP ":" Port /
              "NETWORKSTATUS:" IP ":" Port /
              "OR:" IP ":" Port /
              "CONSENSUS"
         If "SKEW" is present, it's an estimate of how far we are from the
         time declared in the source.  (In other words, if we're an hour in
         the past, the value is -3600.)  "MIN_SKEW" is present, it's a lower
         bound.  If the source is a DIRSERV, we got the current time from a
         connection to a dirserver.  If the source is a NETWORKSTATUS, we
         decided we're skewed because we got a v2 networkstatus from far in
-         the future.  If the source is CONSENSUS, we decided we're skewed
+         the future.  If the source is OR, the skew comes from a NETINFO
-         because we got a networkstatus consensus from the future.
+         cell from a connection to another relay.  If the source is
         CONSENSUS, we decided we're skewed because we got a networkstatus
         consensus from the future.
-         {Controllers may want to warn the user if the skew is high, or if
+         {Tor should send this message to controllers when it thinks the
-         multiple skew messages appear at severity WARN.  Controllers
+         skew is so high that it will interfere with proper Tor operation.
-         shouldn't blindly adjust the clock, since the more accurate source
+         Controllers shouldn't blindly adjust the clock, since the more
-         of skew info (DIRSERV) is currently unauthenticated.}
+         accurate source of skew info (DIRSERV) is currently
         unauthenticated.}
     BAD_LIBEVENT
     "METHOD=" libevent method
@ -1482,18 +1489,22 @@ $Id$
       We successfully uploaded our server descriptor to at least one
       of the directory authorities, with no complaints.
-       {This event could affect the controller's idea of server status, but
+       {Originally, the goal of this event was to declare "every authority
-       the controller should not interrupt the user to tell them so.}
+       has accepted the descriptor, so there will be no complaints
       about it." But since some authorities might be offline, it's
       harder to get certainty than we had thought. As such, this event
       is equivalent to ACCEPTED_SERVER_DESCRIPTOR below. Controllers
       should just look at ACCEPTED_SERVER_DESCRIPTOR and should ignore
       this event for now.}
     NAMESERVER_STATUS
     "NS=addr"
     "STATUS=" "UP" / "DOWN"
     "ERR=" message
        One of our nameservers has changed status.
        // actually notice
-       {This event could affect the controller's idea of server status, but
+        {This event could affect the controller's idea of server status, but
-       the controller should not interrupt the user to tell them so.}
+        the controller should not interrupt the user to tell them so.}
     NAMESERVER_ALL_DOWN
        All of our nameservers have gone down.
--- a/doc/tor-osx-dmg-creation.txt
+++ b/doc/tor-osx-dmg-creation.txt
@ -1,24 +1,103 @@
 ## Instructions for building the official dmgs for OSX.
 ##
 ## The loose table of contents:
 ## Summary
 ## Single Architecture Binaries for PPC or X86, not both.
 ## Backwards compatible single-architecture binaries for OSX x86 10.4 from newer versions of OS X.
 ## Universal Binaries for OSX PPC and X86
 ## Each section is delineated by ###.
 The following steps are the exact steps used to produce the "official"
 OSX builds of tor.
-Summary:
+### Summary:
 1) Compile and install a static version of the latest release of
 libevent.
 2) Acquire and install your preferred version of tor. Extract.
 3) "make dist-osx"
 4) You now have a dmg from which you can install Tor.
-## Universal Binaries for OSX PPC and X86
+### Single Architecture Binaries for PPC or X86, not both.
-## This method works in OSX 10.4 (Tiger) and newer OSX versions.
+### This method works in all versions of OSX 10.3 through 10.6
-## See far below if you don't care about cross compiling for PPC and X86.
+
-## The single architecture process starts with "###"
+## Compiling libevent ##
 1)  Download the latest stable libevent from
 http://www.monkey.org/~provos/libevent/
 2) The first step of compiling libevent is to configure it as
 follows:
       ./configure --enable-static --disable-shared
 3) Complete the "make" and "make install".  You will need to be root,
 or sudo -s, to complete the "make install".
 ## Compiling Tor ##
 4) Get your preferred version of the tor source from https://www.torproject.org.  Extract the
 tarball.
 5) In the top level, this means /path/to/tor/, not tor/contrib/osx,
 do a configure with these parameters:
     CONFDIR=/Library/Tor ./configure --prefix=/Library/Tor \
     --bindir=/Library/Tor --sysconfdir=/Library
 6) In same top level dir, do a "make dist-osx".  There now exists a
 .dmg file in the same directory.  Install from this dmg.
 ### Backwards compatible single-architecture binaries for OSX x86 10.4 from newer versions of OS X.
 1) Install the latest XCode updates available from http://developer.apple.com.
-## Compiling libevent
+## Compiling libevent ##
 2)  Download latest stable libevent from
 http://www.monkey.org/~provos/libevent/
 3) The first step of compiling libevent is to configure it as
 follows:
 CFLAGS="-O -g -mmacosx-version-min=10.4 -isysroot /Developer/SDKs/MacOSX10.4u.sdk -arch i386" \
 LDFLAGS="-Wl,-syslibroot,/Developer/SDKs/MacOSX10.4u.sdk" \
 ./configure --enable-static --disable-shared --disable-dependency-tracking
 4) Complete the "make" and "make install".  You will need to be root,
 or sudo -s, to complete the "make install".
 5) Check for a successful universal binary of libevent.a in, by default,
 /usr/local/lib by using the following command:
 	"file /usr/local/lib/libevent.a"
 	Your output should be:
 /usr/local/lib/libevent.a (for architecture i386):      current ar archive random library
 6) Get your preferred version of the tor source from https://www.torproject.org/download.  
 Extract the tarball.
 7) In the top level, this means /path/to/tor/, not tor/contrib/osx,
 do a configure with these parameters:
 CFLAGS="-O -g -mmacosx-version-min=10.4 -isysroot /Developer/SDKs/MacOSX10.4u.sdk -arch i386" \
 LDFLAGS="-Wl,-syslibroot,/Developer/SDKs/MacOSX10.4u.sdk" \
 CONFDIR=/Library/Tor \
 ./configure --prefix=/Library/Tor --bindir=/Library/Tor \
 --sysconfdir=/Library --disable-dependency-tracking
 8) "make dist-osx"
 9) Confirm you have created a universal binary by issuing the follow command:
 "file src/or/tor".  Its output should be as follows:
 src/or/tor (for architecture i386):     Mach-O executable i386
 10) There should exist in the top-level directory a
 Tor-$VERSION-universal-Bundle.dmg
 11) Congrats.  You have a backwards-compatible binary. You are now ready to install Tor.
 ### Universal Binaries for OSX PPC and X86
 ### This method works in OSX 10.4 (Tiger) and newer OSX versions.
 1) Install the latest XCode updates available from http://developer.apple.com.
 ## Compiling libevent ##
 2)  Download latest stable libevent from
 http://www.monkey.org/~provos/libevent/
@ -64,31 +143,3 @@ src/or/tor (for architecture ppc):      Mach-O executable ppc
 Tor-$VERSION-universal-Bundle.dmg
 11) Congrats.  You have a universal binary. You are now ready to install Tor.
 ### Single Architecture Binaries for PPC or X86, not both.
 ### This method works in all versions of OSX 10.3 through 10.5
 ### Compiling libevent
 1)  Download the latest stable libevent from
 http://www.monkey.org/~provos/libevent/
 2) The first step of compiling libevent is to configure it as
 follows:
       ./configure --enable-static --disable-shared
 3) Complete the "make" and "make install".  You will need to be root,
 or sudo -s, to complete the "make install".
 ### Compiling Tor
 4) Get your preferred version of the tor source from https://www.torproject.org.  Extract the
 tarball.
 5) In the top level, this means /path/to/tor/, not tor/contrib/osx,
 do a configure with these parameters:
     CONFDIR=/Library/Tor ./configure --prefix=/Library/Tor \
     --bindir=/Library/Tor --sysconfdir=/Library
 6) In same top level dir, do a "make dist-osx".  There now exists a
 .dmg file in the same directory.  Install from this dmg.
--- a/doc/tor.1.in
+++ b/doc/tor.1.in
@ -476,13 +476,15 @@ used when \fBFascistFirewall\fR is set. This option is deprecated; use
 ReachableAddresses instead. (Default: 80, 443)
 .LP
 .TP
-\fBHidServAuth \fR\fIonion-address\fR \fIauth-cookie\fP \fIservice-name\fR 
+\fBHidServAuth \fR\fIonion-address\fR \fIauth-cookie\fP [\fIservice-name\fR]
 Client authorization for a hidden service. Valid onion addresses contain 16
 characters in a-z2-7 plus ".onion", and valid auth cookies contain 22
 characters in A-Za-z0-9+/. The service name is only used for internal
 purposes, e.g., for Tor controllers. This option may be used multiple times
 for different hidden services. If a hidden service uses authorization and
-this option is not set, the hidden service is not accessible.
+this option is not set, the hidden service is not accessible. Hidden
 services can be configured to require authorization using the
 \fBHiddenServiceAuthorizeClient\fR option.
 .LP
 .TP
 \fBReachableAddresses \fR\fIADDR\fP[\fB/\fP\fIMASK\fP][:\fIPORT\fP]...\fP
@ -1305,7 +1307,8 @@ listed here are authorized to access the hidden service. Valid client names
 are 1 to 19 characters long and only use characters in A-Za-z0-9+-_
 (no spaces). If this option is set, the hidden service is not accessible
 for clients without authorization any more. Generated authorization data
-can be found in the hostname file.
+can be found in the hostname file. Clients need to put this authorization
 data in their configuration file using \fBHidServAuth\fR.
 .LP
 .TP
 \fBRendPostPeriod \fR\fIN\fR \fBseconds\fR|\fBminutes\fR|\fBhours\fR|\fBdays\fR|\fBweeks\fP
--- a/src/common/address.c
+++ b/src/common/address.c
@ -373,10 +373,11 @@ tor_addr_parse_reverse_lookup_name(tor_addr_t *result, const char *address,
      return -1; /* malformed. */
    /* reverse the bytes */
-    inaddr.s_addr = (((inaddr.s_addr & 0x000000fful) << 24)
+    inaddr.s_addr = (uint32_t)
-                     |((inaddr.s_addr & 0x0000ff00ul) << 8)
+      (((inaddr.s_addr & 0x000000ff) << 24)
-                     |((inaddr.s_addr & 0x00ff0000ul) >> 8)
+       |((inaddr.s_addr & 0x0000ff00) << 8)
-                     |((inaddr.s_addr & 0xff000000ul) >> 24));
+       |((inaddr.s_addr & 0x00ff0000) >> 8)
       |((inaddr.s_addr & 0xff000000) >> 24));
    if (result) {
      tor_addr_from_in(result, &inaddr);
--- a/src/common/log.c
+++ b/src/common/log.c
@ -94,7 +94,8 @@ should_log_function_name(log_domain_mask_t domain, int severity)
 }
 /** A mutex to guard changes to logfiles and logging. */
-static tor_mutex_t *log_mutex = NULL;
+static tor_mutex_t log_mutex;
 static int log_mutex_initialized = 0;
 /** Linked list of logfile_t. */
 static logfile_t *logfiles = NULL;
@ -105,9 +106,9 @@ static int syslog_count = 0;
 #endif
 #define LOCK_LOGS() STMT_BEGIN                                          \
-  tor_mutex_acquire(log_mutex);                                         \
+  tor_mutex_acquire(&log_mutex);                                        \
  STMT_END
-#define UNLOCK_LOGS() STMT_BEGIN tor_mutex_release(log_mutex); STMT_END
+#define UNLOCK_LOGS() STMT_BEGIN tor_mutex_release(&log_mutex); STMT_END
 /** What's the lowest log level anybody cares about?  Checking this lets us
 * bail out early from log_debug if we aren't debugging.  */
@ -148,8 +149,8 @@ _log_prefix(char *buf, size_t buf_len, int severity)
  t = (time_t)now.tv_sec;
  n = strftime(buf, buf_len, "%b %d %H:%M:%S", tor_localtime_r(&t, &tm));
-  r = tor_snprintf(buf+n, buf_len-n, ".%.3ld [%s] ",
+  r = tor_snprintf(buf+n, buf_len-n, ".%.3i [%s] ",
-                   (long)now.tv_usec / 1000, sev_to_string(severity));
+                   (int)now.tv_usec / 1000, sev_to_string(severity));
  if (r<0)
    return buf_len-1;
  else
@ -448,8 +449,9 @@ logs_free_all(void)
    log_free(victim);
  }
  tor_free(appname);
-  tor_mutex_free(log_mutex);
+
-  log_mutex = NULL;
+  /* We _could_ destroy the log mutex here, but that would screw up any logs
   * that happened between here and the end of execution. */
 }
 /** Remove and free the log entry <b>victim</b> from the linked-list
@ -545,8 +547,10 @@ add_stream_log(const log_severity_list_t *severity,
 void
 init_logging(void)
 {
-  if (!log_mutex)
+  if (!log_mutex_initialized) {
-    log_mutex = tor_mutex_new();
+    tor_mutex_init(&log_mutex);
    log_mutex_initialized = 1;
  }
 }
 /** Add a log handler to receive messages during startup (before the real
--- a/src/common/torint.h
+++ b/src/common/torint.h
@ -119,6 +119,10 @@ typedef unsigned int uint32_t;
 #endif
 #endif
 #ifndef INT32_MIN
 #define INT32_MIN (-2147483647-1)
 #endif
 #if (SIZEOF_LONG == 4)
 #ifndef HAVE_INT32_T
 typedef signed long int32_t;
--- a/src/common/tortls.c
+++ b/src/common/tortls.c
@ -829,6 +829,9 @@ tor_tls_new(int sock, int isServer)
  if (!SSL_set_cipher_list(result->ssl,
                     isServer ? SERVER_CIPHER_LIST : CLIENT_CIPHER_LIST)) {
    tls_log_errors(NULL, LOG_WARN, "setting ciphers");
 #ifdef SSL_set_tlsext_host_name
    SSL_set_tlsext_host_name(result->ssl, NULL);
 #endif
    SSL_free(result->ssl);
    tor_free(result);
    return NULL;
@ -839,6 +842,9 @@ tor_tls_new(int sock, int isServer)
  bio = BIO_new_socket(sock, BIO_NOCLOSE);
  if (! bio) {
    tls_log_errors(NULL, LOG_WARN, "opening BIO");
 #ifdef SSL_set_tlsext_host_name
    SSL_set_tlsext_host_name(result->ssl, NULL);
 #endif
    SSL_free(result->ssl);
    tor_free(result);
    return NULL;
@ -919,6 +925,9 @@ tor_tls_free(tor_tls_t *tls)
  if (!removed) {
    log_warn(LD_BUG, "Freeing a TLS that was not in the ssl->tls map.");
  }
 #ifdef SSL_set_tlsext_host_name
  SSL_set_tlsext_host_name(tls->ssl, NULL);
 #endif
  SSL_free(tls->ssl);
  tls->ssl = NULL;
  tls->negotiated_callback = NULL;
@ -1443,8 +1452,8 @@ tor_tls_used_v1_handshake(tor_tls_t *tls)
 * buffer and *<b>wbuf_bytes</b> to the amount actually used. */
 void
 tor_tls_get_buffer_sizes(tor_tls_t *tls,
-                         int *rbuf_capacity, int *rbuf_bytes,
+                         size_t *rbuf_capacity, size_t *rbuf_bytes,
-                         int *wbuf_capacity, int *wbuf_bytes)
+                         size_t *wbuf_capacity, size_t *wbuf_bytes)
 {
  if (tls->ssl->s3->rbuf.buf)
    *rbuf_capacity = tls->ssl->s3->rbuf.len;
--- a/src/common/tortls.h
+++ b/src/common/tortls.h
@ -73,8 +73,8 @@ void tor_tls_get_n_raw_bytes(tor_tls_t *tls,
                             size_t *n_read, size_t *n_written);
 void tor_tls_get_buffer_sizes(tor_tls_t *tls,
-                              int *rbuf_capacity, int *rbuf_bytes,
+                              size_t *rbuf_capacity, size_t *rbuf_bytes,
-                              int *wbuf_capacity, int *wbuf_bytes);
+                              size_t *wbuf_capacity, size_t *wbuf_bytes);
 int tor_tls_used_v1_handshake(tor_tls_t *tls);
--- a/src/common/util.c
+++ b/src/common/util.c
@ -1816,7 +1816,8 @@ write_chunks_to_file_impl(const char *fname, const smartlist_t *chunks,
                          int open_flags)
 {
  open_file_t *file = NULL;
-  int fd, result;
+  int fd;
  ssize_t result;
  fd = start_writing_to_file(fname, open_flags, 0600, &file);
  if (fd<0)
    return -1;
@ -1901,7 +1902,7 @@ read_file_to_str(const char *filename, int flags, struct stat *stat_out)
  int fd; /* router file */
  struct stat statbuf;
  char *string;
-  int r;
+  ssize_t r;
  int bin = flags & RFTS_BIN;
  tor_assert(filename);
@ -1960,7 +1961,7 @@ read_file_to_str(const char *filename, int flags, struct stat *stat_out)
       * match for size. */
      int save_errno = errno;
      log_warn(LD_FS,"Could read only %d of %ld bytes of file \"%s\".",
-               r, (long)statbuf.st_size,filename);
+               (int)r, (long)statbuf.st_size,filename);
      tor_free(string);
      close(fd);
      errno = save_errno;
--- a/src/or/circuitbuild.c
+++ b/src/or/circuitbuild.c
@ -527,9 +527,16 @@ inform_testing_reachability(void)
  routerinfo_t *me = router_get_my_routerinfo();
  if (!me)
    return 0;
-  if (me->dir_port)
+  control_event_server_status(LOG_NOTICE,
                              "CHECKING_REACHABILITY ORADDRESS=%s:%d",
                              me->address, me->or_port);
  if (me->dir_port) {
    tor_snprintf(dirbuf, sizeof(dirbuf), " and DirPort %s:%d",
                 me->address, me->dir_port);
    control_event_server_status(LOG_NOTICE,
                                "CHECKING_REACHABILITY DIRADDRESS=%s:%d",
                                me->address, me->dir_port);
  }
  log(LOG_NOTICE, LD_OR, "Now checking whether ORPort %s:%d%s %s reachable... "
                         "(this may take up to %d minutes -- look for log "
                         "messages indicating success)",
@ -537,6 +544,7 @@ inform_testing_reachability(void)
      me->dir_port ? dirbuf : "",
      me->dir_port ? "are" : "is",
      TIMEOUT_UNTIL_UNREACHABILITY_COMPLAINT/60);
  return 1;
 }
@ -1436,13 +1444,16 @@ choose_good_exit_server(uint8_t purpose, routerlist_t *dir,
 /** Log a warning if the user specified an exit for the circuit that
 * has been excluded from use by ExcludeNodes or ExcludeExitNodes. */
 static void
-warn_if_last_router_excluded(uint8_t purpose, const extend_info_t *exit)
+warn_if_last_router_excluded(origin_circuit_t *circ, const extend_info_t *exit)
 {
  or_options_t *options = get_options();
  routerset_t *rs = options->ExcludeNodes;
  const char *description;
  int severity;
  int domain = LD_CIRC;
  uint8_t purpose = circ->_base.purpose;
  if (circ->build_state->onehop_tunnel)
    return;
  switch (purpose)
    {
@ -1455,48 +1466,40 @@ warn_if_last_router_excluded(uint8_t purpose, const extend_info_t *exit)
               (int)purpose);
      return;
    case CIRCUIT_PURPOSE_C_GENERAL:
      if (circ->build_state->is_internal)
        return;
      description = "Requested exit node";
      rs = options->_ExcludeExitNodesUnion;
      severity = LOG_WARN;
      break;
    case CIRCUIT_PURPOSE_C_INTRODUCING:
    case CIRCUIT_PURPOSE_C_INTRODUCE_ACK_WAIT:
    case CIRCUIT_PURPOSE_C_INTRODUCE_ACKED:
-      description = "Introduction point for hidden service";
+    case CIRCUIT_PURPOSE_S_ESTABLISH_INTRO:
-      severity = LOG_INFO;
+    case CIRCUIT_PURPOSE_S_CONNECT_REND:
-      break;
+    case CIRCUIT_PURPOSE_S_REND_JOINED:
    case CIRCUIT_PURPOSE_TESTING:
      return;
    case CIRCUIT_PURPOSE_C_ESTABLISH_REND:
    case CIRCUIT_PURPOSE_C_REND_READY:
    case CIRCUIT_PURPOSE_C_REND_READY_INTRO_ACKED:
    case CIRCUIT_PURPOSE_C_REND_JOINED:
      description = "Chosen rendezvous point";
      severity = LOG_WARN;
      domain = LD_BUG;
      break;
    case CIRCUIT_PURPOSE_S_ESTABLISH_INTRO:
      description = "Chosen introduction point";
      severity = LOG_INFO;
      break;
    case CIRCUIT_PURPOSE_S_CONNECT_REND:
    case CIRCUIT_PURPOSE_S_REND_JOINED:
      description = "Client-selected rendezvous point";
      severity = LOG_INFO;
      break;
    case CIRCUIT_PURPOSE_TESTING:
      description = "Target for testing circuit";
      severity = LOG_INFO;
      break;
    case CIRCUIT_PURPOSE_CONTROLLER:
      rs = options->_ExcludeExitNodesUnion;
      description = "Controller-selected circuit target";
      severity = LOG_WARN;
      break;
    }
-  if (routerset_contains_extendinfo(rs, exit))
+  if (routerset_contains_extendinfo(rs, exit)) {
-    log_fn(severity, domain, "%s '%s' is in ExcludeNodes%s.  Using anyway.",
+    log_fn(LOG_WARN, domain, "%s '%s' is in ExcludeNodes%s. Using anyway "
           "(circuit purpose %d).",
           description,exit->nickname,
-           rs==options->ExcludeNodes?"":" or ExcludeExitNodes.");
+           rs==options->ExcludeNodes?"":" or ExcludeExitNodes",
           (int)purpose);
    circuit_log_path(LOG_WARN, domain, circ);
  }
  return;
 }
@ -1521,7 +1524,7 @@ onion_pick_cpath_exit(origin_circuit_t *circ, extend_info_t *exit)
  }
  if (exit) { /* the circuit-builder pre-requested one */
-    warn_if_last_router_excluded(circ->_base.purpose, exit);
+    warn_if_last_router_excluded(circ, exit);
    log_info(LD_CIRC,"Using requested exit node '%s'", exit->nickname);
    exit = extend_info_dup(exit);
  } else { /* we have to decide one */
@ -1568,6 +1571,7 @@ int
 circuit_extend_to_new_exit(origin_circuit_t *circ, extend_info_t *exit)
 {
  int err_reason = 0;
  warn_if_last_router_excluded(circ, exit);
  circuit_append_new_exit(circ, exit);
  circuit_set_state(TO_CIRCUIT(circ), CIRCUIT_STATE_BUILDING);
  if ((err_reason = circuit_send_next_onion_skin(circ))<0) {
@ -1825,7 +1829,7 @@ onion_append_hop(crypt_path_t **head_ptr, extend_info_t *choice)
  hop->extend_info = extend_info_dup(choice);
-  hop->package_window = CIRCWINDOW_START;
+  hop->package_window = circuit_initial_package_window();
  hop->deliver_window = CIRCWINDOW_START;
  return 0;
--- a/src/or/circuitlist.c
+++ b/src/or/circuitlist.c
@ -361,6 +361,19 @@ circuit_purpose_to_controller_string(uint8_t purpose)
  }
 }
 /** Pick a reasonable package_window to start out for our circuits.
 * Originally this was hard-coded at 1000, but now the consensus votes
 * on the answer. See proposal 168. */
 int32_t
 circuit_initial_package_window(void)
 {
  int32_t num = networkstatus_get_param(NULL, "circwindow", CIRCWINDOW_START);
  /* If the consensus tells us a negative number, we'd assert. */
  if (num < 0)
    num = CIRCWINDOW_START;
  return num;
 }
 /** Initialize the common elements in a circuit_t, and add it to the global
 * list. */
 static void
@ -368,7 +381,7 @@ init_circuit_base(circuit_t *circ)
 {
  circ->timestamp_created = time(NULL);
-  circ->package_window = CIRCWINDOW_START;
+  circ->package_window = circuit_initial_package_window();
  circ->deliver_window = CIRCWINDOW_START;
  circuit_add(circ);
--- a/src/or/circuituse.c
+++ b/src/or/circuituse.c
@ -724,17 +724,12 @@ circuit_testing_opened(origin_circuit_t *circ)
 static void
 circuit_testing_failed(origin_circuit_t *circ, int at_last_hop)
 {
  routerinfo_t *me = router_get_my_routerinfo();
  if (server_mode(get_options()) && check_whether_orport_reachable())
    return;
  if (!me)
    return;
  log_info(LD_GENERAL,
           "Our testing circuit (to see if your ORPort is reachable) "
           "has failed. I'll try again later.");
  control_event_server_status(LOG_WARN, "REACHABILITY_FAILED ORADDRESS=%s:%d",
                             me->address, me->or_port);
  /* These aren't used yet. */
  (void)circ;
--- a/src/or/command.c
+++ b/src/or/command.c
@ -575,7 +575,7 @@ command_process_netinfo_cell(cell_t *cell, or_connection_t *conn)
    /* Consider all the other addresses; if any matches, this connection is
     * "canonical." */
    tor_addr_t addr;
-    const char *next = decode_address_from_payload(&addr, cp, end-cp);
+    const char *next = decode_address_from_payload(&addr, cp, (int)(end-cp));
    if (next == NULL) {
      log_fn(LOG_PROTOCOL_WARN,  LD_OR,
             "Bad address in netinfo cell; closing connection.");
@ -610,9 +610,11 @@ command_process_netinfo_cell(cell_t *cell, or_connection_t *conn)
           conn->_base.address, (int)conn->_base.port,
           apparent_skew>0 ? "ahead" : "behind", dbuf,
           apparent_skew>0 ? "behind" : "ahead");
-    control_event_general_status(LOG_WARN,
+    if (severity == LOG_WARN) /* only tell the controller if an authority */
-                        "CLOCK_SKEW SKEW=%ld SOURCE=OR:%s:%d",
+      control_event_general_status(LOG_WARN,
-                        apparent_skew, conn->_base.address, conn->_base.port);
+                          "CLOCK_SKEW SKEW=%ld SOURCE=OR:%s:%d",
                          apparent_skew,
                          conn->_base.address, conn->_base.port);
  }
  /* XXX maybe act on my_apparent_addr, if the source is sufficiently
--- a/src/or/config.c
+++ b/src/or/config.c
@ -904,14 +904,14 @@ add_default_trusted_dir_authorities(authority_type_t type)
  int i;
  const char *dirservers[] = {
    "moria1 v1 orport=9001 v3ident=E2A2AF570166665D738736D0DD58169CC61D8A8B "
-      "128.31.0.34:9031 FFCB 46DB 1339 DA84 674C 70D7 CB58 6434 C437 0441",
+      "128.31.0.39:9031 FFCB 46DB 1339 DA84 674C 70D7 CB58 6434 C437 0441",
    "moria2 v1 orport=9002 128.31.0.34:9032 "
      "719B E45D E224 B607 C537 07D0 E214 3E2D 423E 74CF",
    "tor26 v1 orport=443 v3ident=14C131DFC5C6F93646BE72FA1401C02A8DF2E8B4 "
      "86.59.21.38:80 847B 1F85 0344 D787 6491 A548 92F9 0493 4E4E B85D",
    "dizum orport=443 v3ident=E8A9C45EDE6D711294FADF8E7951F4DE6CA56B58 "
      "194.109.206.212:80 7EA6 EAD6 FD83 083C 538F 4403 8BBF A077 587D D755",
-    "Tonga orport=443 bridge no-v2 82.94.251.206:80 "
+    "Tonga orport=443 bridge no-v2 82.94.251.203:80 "
      "4A0C CD2D DC79 9508 3D73 F5D6 6710 0C8A 5831 F16D",
    "ides orport=9090 no-v2 v3ident=27B6B5996C426270A5C95488AA5BCEB6BCC86956 "
      "216.224.124.114:9030 F397 038A DC51 3361 35E7 B80B D99C A384 4360 292B",
@ -921,6 +921,8 @@ add_default_trusted_dir_authorities(authority_type_t type)
    "dannenberg orport=443 no-v2 "
      "v3ident=585769C78764D58426B8B52B6651A5A71137189A "
      "213.73.91.31:80 7BE6 83E6 5D48 1413 21C5 ED92 F075 C553 64AC 7123",
    "urras orport=80 no-v2 v3ident=80550987E1D626E3EBA5E5E75A458DE0626D088C "
      "208.83.223.34:443 0AD3 FA88 4D18 F89E EA2D 89C0 1937 9E0E 7FD9 4417",
    NULL
  };
  for (i=0; dirservers[i]; i++) {
@ -1224,26 +1226,29 @@ options_need_geoip_info(or_options_t *options, const char **reason_out)
 /** Return the bandwidthrate that we are going to report to the authorities
 * based on the config options. */
-int
+uint32_t
 get_effective_bwrate(or_options_t *options)
 {
-  int bw = (int)options->BandwidthRate;
+  uint64_t bw = options->BandwidthRate;
  if (bw > options->MaxAdvertisedBandwidth)
-    bw = (int)options->MaxAdvertisedBandwidth;
+    bw = options->MaxAdvertisedBandwidth;
  if (options->RelayBandwidthRate > 0 && bw > options->RelayBandwidthRate)
-    bw = (int)options->RelayBandwidthRate;
+    bw = options->RelayBandwidthRate;
-  return bw;
+
  /* ensure_bandwidth_cap() makes sure that this cast can't overflow. */
  return (uint32_t)bw;
 }
 /** Return the bandwidthburst that we are going to report to the authorities
 * based on the config options. */
-int
+uint32_t
 get_effective_bwburst(or_options_t *options)
 {
-  int bw = (int)options->BandwidthBurst;
+  uint64_t bw = options->BandwidthBurst;
  if (options->RelayBandwidthBurst > 0 && bw > options->RelayBandwidthBurst)
-    bw = (int)options->RelayBandwidthBurst;
+    bw = options->RelayBandwidthBurst;
-  return bw;
+  /* ensure_bandwidth_cap() makes sure that this cast can't overflow. */
  return (uint32_t)bw;
 }
 /** Fetch the active option list, and take actions based on it. All of the
@ -2499,7 +2504,8 @@ is_local_addr(const tor_addr_t *addr)
     * the same /24 as last_resolved_addr will be the same as checking whether
     * it was on net 0, which is already done by is_internal_IP.
     */
-    if ((last_resolved_addr & 0xffffff00ul) == (ip & 0xffffff00ul))
+    if ((last_resolved_addr & (uint32_t)0xffffff00ul)
        == (ip & (uint32_t)0xffffff00ul))
      return 1;
  }
  return 0;
@ -4182,7 +4188,7 @@ options_init_from_string(const char *cf,
 err:
  config_free(&options_format, newoptions);
  if (*msg) {
-    int len = strlen(*msg)+256;
+    int len = (int)strlen(*msg)+256;
    char *newmsg = tor_malloc(len);
    tor_snprintf(newmsg, len, "Failed to parse/validate config: %s", *msg);
--- a/src/or/control.c
+++ b/src/or/control.c
@ -1789,7 +1789,11 @@ getinfo_helper_events(control_connection_t *control_conn,
      *answer = tor_strdup(has_completed_circuit ? "1" : "0");
    } else if (!strcmp(question, "status/enough-dir-info")) {
      *answer = tor_strdup(router_have_minimum_dir_info() ? "1" : "0");
-    } else if (!strcmp(question, "status/good-server-descriptor")) {
+    } else if (!strcmp(question, "status/good-server-descriptor") ||
               !strcmp(question, "status/accepted-server-descriptor")) {
      /* They're equivalent for now, until we can figure out how to make
       * good-server-descriptor be what we want. See comment in
       * control-spec.txt. */
      *answer = tor_strdup(directories_have_accepted_server_descriptor()
                           ? "1" : "0");
    } else if (!strcmp(question, "status/reachability-succeeded/or")) {
@ -2597,7 +2601,7 @@ handle_control_resolve(control_connection_t *conn, uint32_t len,
  int is_reverse = 0;
  (void) len; /* body is nul-terminated; it's safe to ignore the length */
-  if (!(conn->event_mask & (1L<<EVENT_ADDRMAP))) {
+  if (!(conn->event_mask & ((uint32_t)1L<<EVENT_ADDRMAP))) {
    log_warn(LD_CONTROL, "Controller asked us to resolve an address, but "
             "isn't listening for ADDRMAP events.  It probably won't see "
             "the answer.");
--- a/src/or/directory.c
+++ b/src/or/directory.c
@ -554,11 +554,6 @@ void
 connection_dir_request_failed(dir_connection_t *conn)
 {
  if (directory_conn_is_self_reachability_test(conn)) {
    routerinfo_t *me = router_get_my_routerinfo();
    if (me)
      control_event_server_status(LOG_WARN,
                                  "REACHABILITY_FAILED DIRADDRESS=%s:%d",
                                  me->address, me->dir_port);
    return; /* this was a test fetch. don't retry. */
  }
  if (entry_list_can_grow(get_options()))
@ -877,7 +872,7 @@ static char *
 directory_get_consensus_url(int supports_conditional_consensus)
 {
  char *url;
-  int len;
+  size_t len;
  if (supports_conditional_consensus) {
    char *authority_id_list;
@ -2347,7 +2342,7 @@ client_likes_consensus(networkstatus_t *v, const char *want_url)
  need_at_least = smartlist_len(want_authorities)/2+1;
  SMARTLIST_FOREACH(want_authorities, const char *, d, {
    char want_digest[DIGEST_LEN];
-    int want_len = strlen(d)/2;
+    size_t want_len = strlen(d)/2;
    if (want_len > DIGEST_LEN)
      want_len = DIGEST_LEN;
--- a/src/or/dirserv.c
+++ b/src/or/dirserv.c
@ -652,8 +652,8 @@ dirserv_add_multiple_descriptors(const char *desc, uint8_t purpose,
 /** Examine the parsed server descriptor in <b>ri</b> and maybe insert it into
 * the list of server descriptors. Set *<b>msg</b> to a message that should be
- * passed back to the origin of this descriptor. Use <b>source</b> to produce
+ * passed back to the origin of this descriptor, or NULL if there is no such
- * better log messages.
+ * message. Use <b>source</b> to produce better log messages.
 *
 * Return the status of the operation
 *
@ -667,6 +667,7 @@ dirserv_add_descriptor(routerinfo_t *ri, const char **msg, const char *source)
  routerinfo_t *ri_old;
  char *desc, *nickname;
  size_t desclen = 0;
  *msg = NULL;
  /* If it's too big, refuse it now. Otherwise we'll cache it all over the
   * network and it'll clog everything up. */
@ -718,7 +719,7 @@ dirserv_add_descriptor(routerinfo_t *ri, const char **msg, const char *source)
      control_event_or_authdir_new_descriptor("REJECTED", desc, desclen, *msg);
    log_info(LD_DIRSERV,
             "Did not add descriptor from '%s' (source: %s): %s.",
-             nickname, source, *msg);
+             nickname, source, *msg ? *msg : "(no message)");
  } else {
    smartlist_t *changed;
    control_event_or_authdir_new_descriptor("ACCEPTED", desc, desclen, *msg);
--- a/src/or/eventdns.c
+++ b/src/or/eventdns.c
@ -2385,7 +2385,7 @@ out1:
 /* exported function */
 int
-evdns_nameserver_add(unsigned long int address) {
+evdns_nameserver_add(uint32_t address) {
 	struct sockaddr_in sin;
 	memset(&sin, 0, sizeof(sin));
 	sin.sin_family = AF_INET;
@ -2416,13 +2416,13 @@ evdns_nameserver_ip_add(const char *ip_as_string) {
 	cp = strchr(ip_as_string, ':');
 	if (*ip_as_string == '[') {
-		int len;
+		size_t len;
 		if (!(cp = strchr(ip_as_string, ']'))) {
 			log(EVDNS_LOG_DEBUG, "Nameserver missing closing ]");
 			return 4;
 		}
 		len = cp-(ip_as_string + 1);
-		if (len > (int)sizeof(buf)-1) {
+		if (len > sizeof(buf)-1) {
 			log(EVDNS_LOG_DEBUG, "[Nameserver] does not fit in buffer.");
 			return 4;
 		}
--- a/src/or/eventdns.h
+++ b/src/or/eventdns.h
@ -112,7 +112,7 @@
 *
 * API reference:
 *
- * int evdns_nameserver_add(unsigned long int address)
+ * int evdns_nameserver_add(uint32_t address)
 *	 Add a nameserver. The address should be an IP address in
 *	 network byte order. The type of address is chosen so that
 *	 it matches in_addr.s_addr.
@ -258,7 +258,7 @@ typedef void (*evdns_callback_type) (int result, char type, int count, int ttl,
 int evdns_init(void);
 void evdns_shutdown(int fail_requests);
 const char *evdns_err_to_string(int err);
-int evdns_nameserver_add(unsigned long int address);
+int evdns_nameserver_add(uint32_t address);
 int evdns_count_nameservers(void);
 int evdns_clear_nameservers_and_suspend(void);
 int evdns_resume(void);
--- a/src/or/main.c
+++ b/src/or/main.c
@ -1185,17 +1185,26 @@ second_elapsed_callback(int fd, short event, void *args)
        TIMEOUT_UNTIL_UNREACHABILITY_COMPLAINT) {
    /* every 20 minutes, check and complain if necessary */
    routerinfo_t *me = router_get_my_routerinfo();
-    if (me && !check_whether_orport_reachable())
+    if (me && !check_whether_orport_reachable()) {
      log_warn(LD_CONFIG,"Your server (%s:%d) has not managed to confirm that "
               "its ORPort is reachable. Please check your firewalls, ports, "
               "address, /etc/hosts file, etc.",
               me->address, me->or_port);
-    if (me && !check_whether_dirport_reachable())
+      control_event_server_status(LOG_WARN,
                                  "REACHABILITY_FAILED ORADDRESS=%s:%d",
                                  me->address, me->or_port);
    }
    if (me && !check_whether_dirport_reachable()) {
      log_warn(LD_CONFIG,
               "Your server (%s:%d) has not managed to confirm that its "
               "DirPort is reachable. Please check your firewalls, ports, "
               "address, /etc/hosts file, etc.",
               me->address, me->dir_port);
      control_event_server_status(LOG_WARN,
                                  "REACHABILITY_FAILED DIRADDRESS=%s:%d",
                                  me->address, me->dir_port);
    }
  }
 /** If more than this many seconds have elapsed, probably the clock
@ -1599,7 +1608,7 @@ dumpstats(int severity)
 {
  time_t now = time(NULL);
  time_t elapsed;
-  int rbuf_cap, wbuf_cap, rbuf_len, wbuf_len;
+  size_t rbuf_cap, wbuf_cap, rbuf_len, wbuf_len;
  log(severity, LD_GENERAL, "Dumping stats:");
@ -1635,7 +1644,7 @@ dumpstats(int severity)
          log(severity, LD_GENERAL,
              "Conn %d: %d/%d bytes used on OpenSSL read buffer; "
              "%d/%d bytes used on write buffer.",
-              i, rbuf_len, rbuf_cap, wbuf_len, wbuf_cap);
+              i, (int)rbuf_len, (int)rbuf_cap, (int)wbuf_len, (int)wbuf_cap);
        }
      }
    }
--- a/src/or/networkstatus.c
+++ b/src/or/networkstatus.c
@ -286,6 +286,10 @@ networkstatus_vote_free(networkstatus_t *ns)
    SMARTLIST_FOREACH(ns->known_flags, char *, c, tor_free(c));
    smartlist_free(ns->known_flags);
  }
  if (ns->net_params) {
    SMARTLIST_FOREACH(ns->net_params, char *, c, tor_free(c));
    smartlist_free(ns->net_params);
  }
  if (ns->supported_methods) {
    SMARTLIST_FOREACH(ns->supported_methods, char *, c, tor_free(c));
    smartlist_free(ns->supported_methods);
@ -1884,6 +1888,37 @@ networkstatus_dump_bridge_status_to_file(time_t now)
  tor_free(status);
 }
 /** Return the value of a integer parameter from the networkstatus <b>ns</b>
 * whose name is <b>param_name</b>.  If <b>ns</b> is NULL, try loading the
 * latest consensus ourselves. Return <b>default_val</b> if no latest
 * consensus, or if it has no parameter called <b>param_name</b>. */
 int32_t
 networkstatus_get_param(networkstatus_t *ns, const char *param_name,
                        int32_t default_val)
 {
  size_t name_len;
  if (!ns) /* if they pass in null, go find it ourselves */
    ns = networkstatus_get_latest_consensus();
  if (!ns || !ns->net_params)
    return default_val;
  name_len = strlen(param_name);
  SMARTLIST_FOREACH_BEGIN(ns->net_params, const char *, p) {
    if (!strcmpstart(p, param_name) && p[name_len] == '=') {
      int ok=0;
      long v = tor_parse_long(p+name_len+1, 10, INT32_MIN, INT32_MAX, &ok,
                              NULL);
      if (ok)
        return (int32_t) v;
    }
  } SMARTLIST_FOREACH_END(p);
  return default_val;
 }
 /** If <b>question</b> is a string beginning with "ns/" in a format the
 * control interface expects for a GETINFO question, set *<b>answer</b> to a
 * newly-allocated string containing networkstatus lines for the appropriate
--- a/src/or/or.h
+++ b/src/or/or.h
@ -1655,6 +1655,10 @@ typedef struct networkstatus_t {
   * not listed here, the voter has no opinion on what its value should be. */
  smartlist_t *known_flags;
  /** List of key=value strings for the parameters in this vote or
   * consensus, sorted by key. */
  smartlist_t *net_params;
  /** List of networkstatus_voter_info_t.  For a vote, only one element
   * is included.  For a consensus, one element is included for every voter
   * whose vote contributed to the consensus. */
@ -1849,9 +1853,9 @@ typedef struct crypt_path_t {
  struct crypt_path_t *prev; /**< Link to previous crypt_path_t in the
                              * circuit. */
-  int package_window; /**< How many bytes are we allowed to originate ending
+  int package_window; /**< How many cells are we allowed to originate ending
                       * at this step? */
-  int deliver_window; /**< How many bytes are we willing to deliver originating
+  int deliver_window; /**< How many cells are we willing to deliver originating
                       * at this step? */
 } crypt_path_t;
@ -2785,6 +2789,7 @@ void circuit_set_n_circid_orconn(circuit_t *circ, circid_t id,
                                 or_connection_t *conn);
 void circuit_set_state(circuit_t *circ, uint8_t state);
 void circuit_close_all_marked(void);
 int32_t circuit_initial_package_window(void);
 origin_circuit_t *origin_circuit_new(void);
 or_circuit_t *or_circuit_new(circid_t p_circ_id, or_connection_t *p_conn);
 circuit_t *circuit_get_by_circid_orconn(circid_t circ_id,
@ -2926,8 +2931,8 @@ int options_need_geoip_info(or_options_t *options, const char **reason_out);
 int getinfo_helper_config(control_connection_t *conn,
                          const char *question, char **answer);
-int get_effective_bwrate(or_options_t *options);
+uint32_t get_effective_bwrate(or_options_t *options);
-int get_effective_bwburst(or_options_t *options);
+uint32_t get_effective_bwburst(or_options_t *options);
 #ifdef CONFIG_PRIVATE
 /* Used only by config.c and test.c */
@ -3570,9 +3575,9 @@ dirserv_generate_networkstatus_vote_obj(crypto_pk_env_t *private_key,
                                        authority_cert_t *cert);
 #ifdef DIRVOTE_PRIVATE
-char *
+char *format_networkstatus_vote(crypto_pk_env_t *private_key,
-format_networkstatus_vote(crypto_pk_env_t *private_key,
+                                 networkstatus_t *v3_ns);
-                          networkstatus_t *v3_ns);
+char *dirvote_compute_params(smartlist_t *votes);
 #endif
 /********************************* dns.c ***************************/
@ -3787,6 +3792,8 @@ void signed_descs_update_status_from_consensus_networkstatus(
 char *networkstatus_getinfo_helper_single(routerstatus_t *rs);
 char *networkstatus_getinfo_by_purpose(const char *purpose_string, time_t now);
 void networkstatus_dump_bridge_status_to_file(time_t now);
 int32_t networkstatus_get_param(networkstatus_t *ns, const char *param_name,
                                int32_t default_val);
 int getinfo_helper_networkstatus(control_connection_t *conn,
                                 const char *question, char **answer);
 void networkstatus_free_all(void);
--- a/src/or/relay.c
+++ b/src/or/relay.c
@ -1358,7 +1358,7 @@ connection_edge_consider_sending_sendme(edge_connection_t *conn)
    return;
  }
-  while (conn->deliver_window < STREAMWINDOW_START - STREAMWINDOW_INCREMENT) {
+  while (conn->deliver_window <= STREAMWINDOW_START - STREAMWINDOW_INCREMENT) {
    log_debug(conn->cpath_layer?LD_APP:LD_EXIT,
              "Outbuf %d, Queuing stream sendme.",
              (int)conn->_base.outbuf_flushlen);
@ -1472,7 +1472,7 @@ circuit_consider_sending_sendme(circuit_t *circ, crypt_path_t *layer_hint)
 {
 //  log_fn(LOG_INFO,"Considering: layer_hint is %s",
 //         layer_hint ? "defined" : "null");
-  while ((layer_hint ? layer_hint->deliver_window : circ->deliver_window) <
+  while ((layer_hint ? layer_hint->deliver_window : circ->deliver_window) <=
          CIRCWINDOW_START - CIRCWINDOW_INCREMENT) {
    log_debug(LD_CIRC,"Queuing circuit sendme.");
    if (layer_hint)
--- a/src/or/rendclient.c
+++ b/src/or/rendclient.c
@ -94,9 +94,14 @@ rend_client_send_introduction(origin_circuit_t *introcirc,
      }
    });
    if (!intro_key) {
      /** XXX This case probably means that the intro point vanished while
       * we were building a circuit to it. In the future, we should find
       * out how that happened and whether we should kill the circuits to
       * removed intro points immediately. See task 1073. */
      int num_intro_points = smartlist_len(entry->parsed->intro_nodes);
      if (rend_cache_lookup_entry(introcirc->rend_data->onion_address,
          0, &entry) > 0) {
-        log_warn(LD_BUG, "We have both a v0 and a v2 rend desc for this "
+        log_info(LD_REND, "We have both a v0 and a v2 rend desc for this "
                 "service. The v2 desc doesn't contain the introduction "
                 "point (and key) to send an INTRODUCE1/2 cell to this "
                 "introduction point. Assuming the introduction point "
@ -107,9 +112,9 @@ rend_client_send_introduction(origin_circuit_t *introcirc,
        /* See flyspray task 1024. */
        intro_key = entry->parsed->pk;
      } else {
-        log_warn(LD_BUG, "Internal error: could not find intro key; we "
+        log_info(LD_REND, "Internal error: could not find intro key; we "
                 "only have a v2 rend desc with %d intro points.",
-                 smartlist_len(entry->parsed->intro_nodes));
+                 num_intro_points);
        goto err;
      }
    }
@ -146,7 +151,7 @@ rend_client_send_introduction(origin_circuit_t *introcirc,
             REND_DESC_COOKIE_LEN);
      v3_shift += 2+REND_DESC_COOKIE_LEN;
    }
-    set_uint32(tmp+v3_shift+1, htonl(time(NULL)));
+    set_uint32(tmp+v3_shift+1, htonl((uint32_t)time(NULL)));
    v3_shift += 4;
  } /* if version 2 only write version number */
  else if (entry->parsed->protocols & (1<<2)) {
@ -698,7 +703,7 @@ rend_client_receive_rendezvous(origin_circuit_t *circ, const char *request,
  /* set the windows to default. these are the windows
   * that alice thinks bob has.
   */
-  hop->package_window = CIRCWINDOW_START;
+  hop->package_window = circuit_initial_package_window();
  hop->deliver_window = CIRCWINDOW_START;
  onion_append_to_cpath(&circ->cpath, hop);
--- a/src/or/rendservice.c
+++ b/src/or/rendservice.c
@ -1011,13 +1011,12 @@ rend_service_introduce(origin_circuit_t *circuit, const char *request,
    }
    /* Check timestamp. */
-    memcpy((char*)&ts, buf+1+v3_shift, sizeof(uint32_t));
+    ts = ntohl(get_uint32(buf+1+v3_shift));
    v3_shift += 4;
    ts = ntohl(ts);
    if ((now - ts) < -1 * REND_REPLAY_TIME_INTERVAL / 2 ||
        (now - ts) > REND_REPLAY_TIME_INTERVAL / 2) {
      log_warn(LD_REND, "INTRODUCE2 cell is too %s. Discarding.",
-          (now - ts) < 0 ? "old" : "new");
+               (now - ts) < 0 ? "old" : "new");
      return -1;
    }
  }
@ -1557,7 +1556,7 @@ rend_service_rendezvous_has_opened(origin_circuit_t *circuit)
  /* set the windows to default. these are the windows
   * that bob thinks alice has.
   */
-  hop->package_window = CIRCWINDOW_START;
+  hop->package_window = circuit_initial_package_window();
  hop->deliver_window = CIRCWINDOW_START;
  onion_append_to_cpath(&circuit->cpath, hop);
--- a/src/or/router.c
+++ b/src/or/router.c
@ -544,7 +544,7 @@ init_keys(void)
  /* Must be called after keys are initialized. */
  mydesc = router_get_my_descriptor();
  if (authdir_mode(options)) {
-    const char *m;
+    const char *m = NULL;
    routerinfo_t *ri;
    /* We need to add our own fingerprint so it gets recognized. */
    if (dirserv_add_own_fingerprint(options->Nickname, get_identity_key())) {
@ -770,9 +770,6 @@ consider_testing_reachability(int test_or, int test_dir)
             me->address, me->or_port);
    circuit_launch_by_router(CIRCUIT_PURPOSE_TESTING, me,
                             CIRCLAUNCH_NEED_CAPACITY|CIRCLAUNCH_IS_INTERNAL);
    control_event_server_status(LOG_NOTICE,
                                "CHECKING_REACHABILITY ORADDRESS=%s:%d",
                                me->address, me->or_port);
  }
  tor_addr_from_ipv4h(&addr, me->addr);
@ -788,10 +785,6 @@ consider_testing_reachability(int test_or, int test_dir)
                               DIR_PURPOSE_FETCH_SERVERDESC,
                               ROUTER_PURPOSE_GENERAL,
                               1, "authority.z", NULL, 0, 0);
    control_event_server_status(LOG_NOTICE,
                                "CHECKING_REACHABILITY DIRADDRESS=%s:%d",
                                me->address, me->dir_port);
  }
 }
@ -807,8 +800,11 @@ router_orport_found_reachable(void)
                 " Publishing server descriptor." : "");
    can_reach_or_port = 1;
    mark_my_descriptor_dirty();
-    if (!me)
+    if (!me) { /* should never happen */
      log_warn(LD_BUG, "ORPort found reachable, but I have no routerinfo "
               "yet. Failing to inform controller of success.");
      return;
    }
    control_event_server_status(LOG_NOTICE,
                                "REACHABILITY_SUCCEEDED ORADDRESS=%s:%d",
                                me->address, me->or_port);
@ -826,8 +822,11 @@ router_dirport_found_reachable(void)
    can_reach_dir_port = 1;
    if (!me || decide_to_advertise_dirport(get_options(), me->dir_port))
      mark_my_descriptor_dirty();
-    if (!me)
+    if (!me) { /* should never happen */
      log_warn(LD_BUG, "DirPort found reachable, but I have no routerinfo "
               "yet. Failing to inform controller of success.");
      return;
    }
    control_event_server_status(LOG_NOTICE,
                                "REACHABILITY_SUCCEEDED DIRADDRESS=%s:%d",
                                me->address, me->dir_port);
--- a/src/or/routerparse.c
+++ b/src/or/routerparse.c
@ -77,6 +77,7 @@ typedef enum {
  K_VOTING_DELAY,
  K_KNOWN_FLAGS,
  K_PARAMS,
  K_VOTE_DIGEST,
  K_CONSENSUS_DIGEST,
  K_CONSENSUS_METHODS,
@ -383,6 +384,7 @@ static token_rule_t networkstatus_token_table[] = {
  T1("valid-until",            K_VALID_UNTIL,      CONCAT_ARGS, NO_OBJ ),
  T1("voting-delay",           K_VOTING_DELAY,     GE(2),       NO_OBJ ),
  T1("known-flags",            K_KNOWN_FLAGS,      ARGS,        NO_OBJ ),
  T01("params",                K_PARAMS,           ARGS,        NO_OBJ ),
  T( "fingerprint",            K_FINGERPRINT,      CONCAT_ARGS, NO_OBJ ),
  CERTIFICATE_MEMBERS
@ -420,6 +422,7 @@ static token_rule_t networkstatus_consensus_token_table[] = {
  T01("client-versions",     K_CLIENT_VERSIONS, CONCAT_ARGS, NO_OBJ ),
  T01("server-versions",     K_SERVER_VERSIONS, CONCAT_ARGS, NO_OBJ ),
  T01("consensus-method",    K_CONSENSUS_METHOD,    EQ(1),   NO_OBJ),
  T01("params",                K_PARAMS,           ARGS,        NO_OBJ ),
  END_OF_TABLE
 };
@ -1917,8 +1920,9 @@ routerstatus_parse_entry_from_string(memarea_t *area,
    for (i=0; i < tok->n_args; ++i) {
      if (!strcmpstart(tok->args[i], "Bandwidth=")) {
        int ok;
-        rs->bandwidth = tor_parse_ulong(strchr(tok->args[i], '=')+1, 10,
+        rs->bandwidth = (uint32_t)tor_parse_ulong(strchr(tok->args[i], '=')+1,
-                                        0, UINT32_MAX, &ok, NULL);
+                                                  10, 0, UINT32_MAX,
                                                  &ok, NULL);
        if (!ok) {
          log_warn(LD_DIR, "Invalid Bandwidth %s", escaped(tok->args[i]));
          goto err;
@ -2309,6 +2313,34 @@ networkstatus_parse_vote_from_string(const char *s, const char **eos_out,
    goto err;
  }
  tok = find_opt_by_keyword(tokens, K_PARAMS);
  if (tok) {
    inorder = 1;
    ns->net_params = smartlist_create();
    for (i = 0; i < tok->n_args; ++i) {
      int ok=0;
      char *eq = strchr(tok->args[i], '=');
      if (!eq) {
        log_warn(LD_DIR, "Bad element '%s' in params", escaped(tok->args[i]));
        goto err;
      }
      tor_parse_long(eq+1, 10, INT32_MIN, INT32_MAX, &ok, NULL);
      if (!ok) {
        log_warn(LD_DIR, "Bad element '%s' in params", escaped(tok->args[i]));
        goto err;
      }
      if (i > 0 && strcmp(tok->args[i-1], tok->args[i]) >= 0) {
        log_warn(LD_DIR, "%s >= %s", tok->args[i-1], tok->args[i]);
        inorder = 0;
      }
      smartlist_add(ns->net_params, tor_strdup(tok->args[i]));
    }
    if (!inorder) {
      log_warn(LD_DIR, "params not in order");
      goto err;
    }
  }
  ns->voters = smartlist_create();
  SMARTLIST_FOREACH_BEGIN(tokens, directory_token_t *, _tok) {
@ -2508,6 +2540,14 @@ networkstatus_parse_vote_from_string(const char *s, const char **eos_out,
    } else {
      if (tok->object_size >= INT_MAX)
        goto err;
      /* We already parsed a vote from this voter. Use the first one. */
      if (v->signature) {
        log_fn(LOG_PROTOCOL_WARN, LD_DIR, "We received a networkstatus "
                   "that contains two votes from the same voter. Ignoring "
                   "the second vote.");
        continue;
      }
      v->signature = tor_memdup(tok->object_body, tok->object_size);
      v->signature_len = (int) tok->object_size;
    }
--- a/src/or/test.c
+++ b/src/or/test.c
@ -410,7 +410,7 @@ test_crypto_dh(void)
  char p2[DH_BYTES];
  char s1[DH_BYTES];
  char s2[DH_BYTES];
-  int s1len, s2len;
+  ssize_t s1len, s2len;
  test_eq(crypto_dh_get_bytes(dh1), DH_BYTES);
  test_eq(crypto_dh_get_bytes(dh2), DH_BYTES);
--- a/src/tools/tor-gencert.c
+++ b/src/tools/tor-gencert.c
@ -70,7 +70,7 @@ show_help(void)
 static void
 crypto_log_errors(int severity, const char *doing)
 {
-  unsigned int err;
+  unsigned long err;
  const char *msg, *lib, *func;
  while ((err = ERR_get_error()) != 0) {
    msg = (const char*)ERR_reason_error_string(err);
@ -94,7 +94,7 @@ load_passphrase(void)
 {
  char *cp;
  char buf[1024]; /* "Ought to be enough for anybody." */
-  int n = read_all(passphrase_fd, buf, sizeof(buf), 0);
+  ssize_t n = read_all(passphrase_fd, buf, sizeof(buf), 0);
  if (n < 0) {
    log_err(LD_GENERAL, "Couldn't read from passphrase fd: %s",
            strerror(errno));
--- a/src/tools/tor-resolve.c
+++ b/src/tools/tor-resolve.c
@ -51,7 +51,7 @@ static void usage(void) ATTR_NORETURN;
 /** Set *<b>out</b> to a newly allocated SOCKS4a resolve request with
 * <b>username</b> and <b>hostname</b> as provided.  Return the number
 * of bytes in the request. */
-static int
+static ssize_t
 build_socks_resolve_request(char **out,
                            const char *username,
                            const char *hostname,
@ -184,7 +184,7 @@ do_resolve(const char *hostname, uint32_t sockshost, uint16_t socksport,
  int s;
  struct sockaddr_in socksaddr;
  char *req = NULL;
-  int len = 0;
+  ssize_t len = 0;
  tor_assert(hostname);
  tor_assert(result_addr);
--- a/src/win32/orconfig.h
+++ b/src/win32/orconfig.h
@ -226,6 +226,6 @@
 #define USING_TWOS_COMPLEMENT
 /* Version number of package */
-#define VERSION "0.2.1.19"
+#define VERSION "0.2.1.20"