mirror of
https://gitlab.torproject.org/tpo/core/tor.git
synced 2024-11-24 04:13:28 +01:00
Merge branch 'master' of https://git.torproject.org/tor into bug13111-empty-key-files-fn-empty
Conflicts: src/or/connection_edge.c Merged in favour of origin.
This commit is contained in:
commit
f8ffb57bc4
298
ChangeLog
298
ChangeLog
@ -1,4 +1,270 @@
|
||||
Changes in version 0.2.6.2-alpha - 2014-1?-??
|
||||
Changes in version 0.2.6.2-alpha - 2014-12-31
|
||||
Tor 0.2.6.2-alpha is the second alpha release in the 0.2.6.x series.
|
||||
It introduces a major new backend for deciding when to send cells on
|
||||
channels, which should lead down the road to big performance
|
||||
increases. It contains security and statistics features for better
|
||||
work on hidden services, and numerous bugfixes.
|
||||
|
||||
This release contains many new unit tests, along with major
|
||||
performance improvements for running testing networks using Chutney.
|
||||
Thanks to a series of patches contributed by "teor", testing networks
|
||||
should now bootstrap in seconds, rather than minutes.
|
||||
|
||||
o Major features (relay, infrastructure):
|
||||
- Complete revision of the code that relays use to decide which cell
|
||||
to send next. Formerly, we selected the best circuit to write on
|
||||
each channel, but we didn't select among channels in any
|
||||
sophisticated way. Now, we choose the best circuits globally from
|
||||
among those whose channels are ready to deliver traffic.
|
||||
|
||||
This patch implements a new inter-cmux comparison API, a global
|
||||
high/low watermark mechanism and a global scheduler loop for
|
||||
transmission prioritization across all channels as well as among
|
||||
circuits on one channel. This schedule is currently tuned to
|
||||
(tolerantly) avoid making changes in network performance, but it
|
||||
should form the basis for major circuit performance increases in
|
||||
the future. Code by Andrea; tuning by Rob Jansen; implements
|
||||
ticket 9262.
|
||||
|
||||
o Major features (hidden services):
|
||||
- Make HS port scanning more difficult by immediately closing the
|
||||
circuit when a user attempts to connect to a nonexistent port.
|
||||
Closes ticket 13667.
|
||||
- Add a HiddenServiceStatistics option that allows Tor relays to
|
||||
gather and publish statistics about the overall size and volume of
|
||||
hidden service usage. Specifically, when this option is turned on,
|
||||
an HSDir will publish an approximate number of hidden services
|
||||
that have published descriptors to it the past 24 hours. Also, if
|
||||
a relay has acted as a hidden service rendezvous point, it will
|
||||
publish the approximate amount of rendezvous cells it has relayed
|
||||
the past 24 hours. The statistics themselves are obfuscated so
|
||||
that the exact values cannot be derived. For more details see
|
||||
proposal 238, "Better hidden service stats from Tor relays". This
|
||||
feature is currently disabled by default. Implements feature 13192.
|
||||
|
||||
o Major bugfixes (client, automap):
|
||||
- Repair automapping with IPv6 addresses. This automapping should
|
||||
have worked previously, but one piece of debugging code that we
|
||||
inserted to detect a regression actually caused the regression to
|
||||
manifest itself again. Fixes bug 13811 and bug 12831; bugfix on
|
||||
0.2.4.7-alpha. Diagnosed and fixed by Francisco Blas
|
||||
Izquierdo Riera.
|
||||
|
||||
o Major bugfixes (hidden services):
|
||||
- When closing an introduction circuit that was opened in parallel
|
||||
with others, don't mark the introduction point as unreachable.
|
||||
Previously, the first successful connection to an introduction
|
||||
point would make the other introduction points get marked as
|
||||
having timed out. Fixes bug 13698; bugfix on 0.0.6rc2.
|
||||
|
||||
o Directory authority changes:
|
||||
- Remove turtles as a directory authority.
|
||||
- Add longclaw as a new (v3) directory authority. This implements
|
||||
ticket 13296. This keeps the directory authority count at 9.
|
||||
|
||||
o Major removed features:
|
||||
- Tor clients no longer support connecting to hidden services
|
||||
running on Tor 0.2.2.x and earlier; the Support022HiddenServices
|
||||
option has been removed. (There shouldn't be any hidden services
|
||||
running these versions on the network.) Closes ticket 7803.
|
||||
|
||||
o Minor features (client):
|
||||
- Validate hostnames in SOCKS5 requests more strictly. If SafeSocks
|
||||
is enabled, reject requests with IP addresses as hostnames.
|
||||
Resolves ticket 13315.
|
||||
|
||||
o Minor features (controller):
|
||||
- Add a "SIGNAL HEARTBEAT" controller command that tells Tor to
|
||||
write an unscheduled heartbeat message to the log. Implements
|
||||
feature 9503.
|
||||
|
||||
o Minor features (geoip):
|
||||
- Update geoip and geoip6 to the November 15 2014 Maxmind GeoLite2
|
||||
Country database.
|
||||
|
||||
o Minor features (hidden services):
|
||||
- When re-enabling the network, don't try to build introduction
|
||||
circuits until we have successfully built a circuit. This makes
|
||||
hidden services come up faster when the network is re-enabled.
|
||||
Patch from "akwizgran". Closes ticket 13447.
|
||||
- When we fail to a retrieve hidden service descriptor, send the
|
||||
controller an "HS_DESC FAILED" controller event. Implements
|
||||
feature 13212.
|
||||
- New HiddenServiceDirGroupReadable option to cause hidden service
|
||||
directories and hostname files to be created group-readable. Patch
|
||||
from "anon", David Stainton, and "meejah". Closes ticket 11291.
|
||||
|
||||
o Minor features (systemd):
|
||||
- Where supported, when running with systemd, report successful
|
||||
startup to systemd. Part of ticket 11016. Patch by Michael Scherer.
|
||||
- When running with systemd, support systemd watchdog messages. Part
|
||||
of ticket 11016. Patch by Michael Scherer.
|
||||
|
||||
o Minor features (transparent proxy):
|
||||
- Update the transparent proxy option checks to allow for both ipfw
|
||||
and pf on OS X. Closes ticket 14002.
|
||||
- Use the correct option when using IPv6 with transparent proxy
|
||||
support on Linux. Resolves 13808. Patch by Francisco Blas
|
||||
Izquierdo Riera.
|
||||
|
||||
o Minor bugfixes (preventative security, C safety):
|
||||
- When reading a hexadecimal, base-32, or base-64 encoded value from
|
||||
a string, always overwrite the whole output buffer. This prevents
|
||||
some bugs where we would look at (but fortunately, not reveal)
|
||||
uninitialized memory on the stack. Fixes bug 14013; bugfix on all
|
||||
versions of Tor.
|
||||
- Clear all memory targetted by tor_addr_{to,from}_sockaddr(), not
|
||||
just the part that's used. This makes it harder for data leak bugs
|
||||
to occur in the event of other programming failures. Resolves
|
||||
ticket 14041.
|
||||
|
||||
o Minor bugfixes (client, microdescriptors):
|
||||
- Use a full 256 bits of the SHA256 digest of a microdescriptor when
|
||||
computing which microdescriptors to download. This keeps us from
|
||||
erroneous download behavior if two microdescriptor digests ever
|
||||
have the same first 160 bits. Fixes part of bug 13399; bugfix
|
||||
on 0.2.3.1-alpha.
|
||||
- Reset a router's status if its microdescriptor digest changes,
|
||||
even if the first 160 bits remain the same. Fixes part of bug
|
||||
13399; bugfix on 0.2.3.1-alpha.
|
||||
|
||||
o Minor bugfixes (compilation):
|
||||
- Silence clang warnings under --enable-expensive-hardening,
|
||||
including implicit truncation of 64 bit values to 32 bit, const
|
||||
char assignment to self, tautological compare, and additional
|
||||
parentheses around equality tests. Fixes bug 13577; bugfix
|
||||
on 0.2.5.4-alpha.
|
||||
- Fix a clang warning about checking whether an address in the
|
||||
middle of a structure is NULL. Fixes bug 14001; bugfix
|
||||
on 0.2.1.2-alpha.
|
||||
|
||||
o Minor bugfixes (hidden services):
|
||||
- Correctly send a controller event when we find that a rendezvous
|
||||
circuit has finished. Fixes bug 13936; bugfix on 0.1.1.5-alpha.
|
||||
- Pre-check directory permissions for new hidden-services to avoid
|
||||
at least one case of "Bug: Acting on config options left us in a
|
||||
broken state. Dying." Fixes bug 13942; bugfix on 0.0.6pre1.
|
||||
- When adding a new hidden service (for example, via SETCONF), Tor
|
||||
no longer congratulates the user for running a relay. Fixes bug
|
||||
13941; bugfix on 0.2.6.1-alpha.
|
||||
- When fetching hidden service descriptors, we now check not only
|
||||
for whether we got the hidden service we had in mind, but also
|
||||
whether we got the particular descriptors we wanted. This prevents
|
||||
a class of inefficient but annoying DoS attacks by hidden service
|
||||
directories. Fixes bug 13214; bugfix on 0.2.1.6-alpha. Reported
|
||||
by "special".
|
||||
|
||||
o Minor bugfixes (Linux seccomp2 sandbox):
|
||||
- Make transparent proxy support work along with the seccomp2
|
||||
sandbox. Fixes part of bug 13808; bugfix on 0.2.5.1-alpha. Patch
|
||||
by Francisco Blas Izquierdo Riera.
|
||||
- Fix a memory leak in tor-resolve when running with the sandbox
|
||||
enabled. Fixes bug 14050; bugfix on 0.2.5.9-rc.
|
||||
|
||||
o Minor bugfixes (logging):
|
||||
- Downgrade warnings about RSA signature failures to info log level.
|
||||
Emit a warning when an extra info document is found incompatible
|
||||
with a corresponding router descriptor. Fixes bug 9812; bugfix
|
||||
on 0.0.6rc3.
|
||||
- Make connection_ap_handshake_attach_circuit() log the circuit ID
|
||||
correctly. Fixes bug 13701; bugfix on 0.0.6.
|
||||
|
||||
o Minor bugfixes (misc):
|
||||
- Stop allowing invalid address patterns like "*/24" that contain
|
||||
both a wildcard address and a bit prefix length. This affects all
|
||||
our address-range parsing code. Fixes bug 7484; bugfix
|
||||
on 0.0.2pre14.
|
||||
|
||||
o Minor bugfixes (testing networks, fast startup):
|
||||
- Allow Tor to build circuits using a consensus with no exits. If
|
||||
the consensus has no exits (typical of a bootstrapping test
|
||||
network), allow Tor to build circuits once enough descriptors have
|
||||
been downloaded. This assists in bootstrapping a testing Tor
|
||||
network. Fixes bug 13718; bugfix on 0.2.4.10-alpha. Patch
|
||||
by "teor".
|
||||
- When V3AuthVotingInterval is low, give a lower If-Modified-Since
|
||||
header to directory servers. This allows us to obtain consensuses
|
||||
promptly when the consensus interval is very short. This assists
|
||||
in bootstrapping a testing Tor network. Fixes parts of bugs 13718
|
||||
and 13963; bugfix on 0.2.0.3-alpha. Patch by "teor".
|
||||
- Stop assuming that private addresses are local when checking
|
||||
reachability in a TestingTorNetwork. Instead, when testing, assume
|
||||
all OR connections are remote. (This is necessary due to many test
|
||||
scenarios running all relays on localhost.) This assists in
|
||||
bootstrapping a testing Tor network. Fixes bug 13924; bugfix on
|
||||
0.1.0.1-rc. Patch by "teor".
|
||||
- Avoid building exit circuits from a consensus with no exits. Now
|
||||
thanks to our fix for 13718, we accept a no-exit network as not
|
||||
wholly lost, but we need to remember not to try to build exit
|
||||
circuits on it. Closes ticket 13814; patch by "teor".
|
||||
- Stop requiring exits to have non-zero bandwithcapacity in a
|
||||
TestingTorNetwork. Instead, when TestingMinExitFlagThreshold is 0,
|
||||
ignore exit bandwidthcapacity. This assists in bootstrapping a
|
||||
testing Tor network. Fixes parts of bugs 13718 and 13839; bugfix
|
||||
on 0.2.0.3-alpha. Patch by "teor".
|
||||
- Add "internal" to some bootstrap statuses when no exits are
|
||||
available. If the consensus does not contain Exits, Tor will only
|
||||
build internal circuits. In this case, relevant statuses will
|
||||
contain the word "internal" as indicated in the Tor control-
|
||||
spec.txt. When bootstrap completes, Tor will be ready to build
|
||||
internal circuits. If a future consensus contains Exits, exit
|
||||
circuits may become available. Fixes part of bug 13718; bugfix on
|
||||
0.2.4.10-alpha. Patch by "teor".
|
||||
- Decrease minimum consensus interval to 10 seconds when
|
||||
TestingTorNetwork is set, or 5 seconds for the first consensus.
|
||||
Fix assumptions throughout the code that assume larger intervals.
|
||||
Fixes bugs 13718 and 13823; bugfix on 0.2.0.3-alpha. Patch
|
||||
by "teor".
|
||||
- Avoid excluding guards from path building in minimal test
|
||||
networks, when we're in a test network and excluding guards would
|
||||
exclude all relays. This typically occurs in incredibly small tor
|
||||
networks, and those using "TestingAuthVoteGuard *". Fixes part of
|
||||
bug 13718; bugfix on 0.1.1.11-alpha. Patch by "teor".
|
||||
|
||||
o Code simplification and refactoring:
|
||||
- Stop using can_complete_circuits as a global variable; access it
|
||||
with a function instead.
|
||||
- Avoid using operators directly as macro arguments: this lets us
|
||||
apply coccinelle transformations to our codebase more directly.
|
||||
Closes ticket 13172.
|
||||
- Combine the functions used to parse ClientTransportPlugin and
|
||||
ServerTransportPlugin into a single function. Closes ticket 6456.
|
||||
- Add inline functions and convenience macros for inspecting channel
|
||||
state. Refactor the code to use convenience macros instead of
|
||||
checking channel state directly. Fixes issue 7356.
|
||||
- Document all members of was_router_added_t and rename
|
||||
ROUTER_WAS_NOT_NEW to ROUTER_IS_ALREADY_KNOWN to make it less
|
||||
confusable with ROUTER_WAS_TOO_OLD. Fixes issue 13644.
|
||||
- In connection_exit_begin_conn(), use END_CIRC_REASON_TORPROTOCOL
|
||||
constant instead of hardcoded value. Fixes issue 13840.
|
||||
- Refactor our generic strmap and digestmap types into a single
|
||||
implementation, so that we can add a new digest256map
|
||||
type trivially.
|
||||
|
||||
o Documentation:
|
||||
- Document the bridge-authority-only 'networkstatus-bridges' file.
|
||||
Closes ticket 13713; patch from "tom".
|
||||
- Fix typo in PredictedPortsRelevanceTime option description in
|
||||
manpage. Resolves issue 13707.
|
||||
- Stop suggesting that users specify relays by nickname: it isn't a
|
||||
good idea. Also, properly cross-reference how to specify relays in
|
||||
all parts of manual documenting options that take a list of
|
||||
relays. Closes ticket 13381.
|
||||
- Clarify the HiddenServiceDir option description in manpage to make
|
||||
it clear that relative paths are taken with respect to the current
|
||||
working directory. Also clarify that this behavior is not
|
||||
guaranteed to remain indefinitely. Fixes issue 13913.
|
||||
|
||||
o Testing:
|
||||
- New tests for many parts of channel, relay, and circuitmux
|
||||
functionality. Code by Andrea; part of 9262.
|
||||
- New tests for parse_transport_line(). Part of ticket 6456.
|
||||
- In the unit tests, use chgrp() to change the group of the unit
|
||||
test temporary directory to the current user, so that the sticky
|
||||
bit doesn't interfere with tests that check directory groups.
|
||||
Closes 13678.
|
||||
- Add unit tests for resolve_my_addr(). Part of ticket 12376; patch
|
||||
by 'rl1987'.
|
||||
|
||||
|
||||
Changes in version 0.2.6.1-alpha - 2014-10-30
|
||||
@ -193,7 +459,7 @@ Changes in version 0.2.6.1-alpha - 2014-10-30
|
||||
Browser users to write "DirReqStatistics 0" in their torrc files
|
||||
as if they had chosen to change the config. Fixes bug 4244; bugfix
|
||||
on 0.2.3.1-alpha.
|
||||
- When GeoIPExcludeUnkonwn is enabled, do not incorrectly decide
|
||||
- When GeoIPExcludeUnknown is enabled, do not incorrectly decide
|
||||
that our options have changed every time we SIGHUP. Fixes bug
|
||||
9801; bugfix on 0.2.4.10-alpha. Patch from "qwerty1".
|
||||
|
||||
@ -270,7 +536,7 @@ Changes in version 0.2.6.1-alpha - 2014-10-30
|
||||
ticket 12202.
|
||||
- Refactor and unit-test entry_is_time_to_retry() in entrynodes.c.
|
||||
Resolves ticket 12205.
|
||||
- Use calloc and reallocarray functions in preference to multiply-
|
||||
- Use calloc and reallocarray functions instead of multiply-
|
||||
then-malloc. This makes it less likely for us to fall victim to an
|
||||
integer overflow attack when allocating. Resolves ticket 12855.
|
||||
- Use the standard macro name SIZE_MAX, instead of our
|
||||
@ -279,7 +545,7 @@ Changes in version 0.2.6.1-alpha - 2014-10-30
|
||||
functions which take them as arguments. Replace 0 with NO_DIRINFO
|
||||
in a function call for clarity. Seeks to prevent future issues
|
||||
like 13163.
|
||||
- Avoid 4 null pointer errors under clang shallow analysis by using
|
||||
- Avoid 4 null pointer errors under clang static analysis by using
|
||||
tor_assert() to prove that the pointers aren't null. Fixes
|
||||
bug 13284.
|
||||
- Rework the API of policies_parse_exit_policy() to use a bitmask to
|
||||
@ -295,23 +561,23 @@ Changes in version 0.2.6.1-alpha - 2014-10-30
|
||||
operating system is allowing to use simultaneously. Resolves
|
||||
ticket 9708.
|
||||
|
||||
o Removed code:
|
||||
o Removed features:
|
||||
- We no longer remind the user about configuration options that have
|
||||
been obsolete since 0.2.3.x or earlier. Patch by Adrien Bak.
|
||||
|
||||
o Removed features:
|
||||
- Remove our old, non-weighted bandwidth-based node selection code.
|
||||
Previously, we used it as a fallback when we couldn't perform
|
||||
weighted bandwidth-based node selection. But that would only
|
||||
happen in the cases where we had no consensus, or when we had a
|
||||
consensus generated by buggy or ancient directory authorities. In
|
||||
either case, it's better to use the more modern, better maintained
|
||||
algorithm, with reasonable defaults for the weights. Closes
|
||||
ticket 13126.
|
||||
- Remove the --disable-curve25519 configure option. Relays and
|
||||
clients now are required to support curve25519 and the
|
||||
ntor handshake.
|
||||
- The old "StrictEntryNodes" and "StrictExitNodes" options, which
|
||||
used to be deprecated synonyms for "StrictNodes", are now marked
|
||||
obsolete. Resolves ticket 12226.
|
||||
- The "AuthDirRejectUnlisted" option no longer has any effect, as
|
||||
the fingerprints file (approved-routers) has been deprecated.
|
||||
- Directory authorities do not support being Naming dirauths anymore.
|
||||
The "NamingAuthoritativeDir" config option is now obsolete.
|
||||
- Directory authorities do not support giving out the BadDirectory
|
||||
flag anymore.
|
||||
- Clients don't understand the BadDirectory flag in the consensus
|
||||
anymore, and ignore it.
|
||||
|
||||
@ -348,6 +614,12 @@ Changes in version 0.2.6.1-alpha - 2014-10-30
|
||||
affected by CVE-2011-2769 as guards. These relays are already
|
||||
rejected altogether due to the minimum version requirement of
|
||||
0.2.3.16-alpha. Closes ticket 13152.
|
||||
- The "AuthDirRejectUnlisted" option no longer has any effect, as
|
||||
the fingerprints file (approved-routers) has been deprecated.
|
||||
- Directory authorities do not support being Naming dirauths anymore.
|
||||
The "NamingAuthoritativeDir" config option is now obsolete.
|
||||
- Directory authorities do not support giving out the BadDirectory
|
||||
flag anymore.
|
||||
- Directory authorities no longer advertise or support consensus
|
||||
methods 1 through 12 inclusive. These consensus methods were
|
||||
obsolete and/or insecure: maintaining the ability to support them
|
||||
|
33
LICENSE
33
LICENSE
@ -13,7 +13,7 @@ Tor is distributed under this license:
|
||||
|
||||
Copyright (c) 2001-2004, Roger Dingledine
|
||||
Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson
|
||||
Copyright (c) 2007-2014, The Tor Project, Inc.
|
||||
Copyright (c) 2007-2015, The Tor Project, Inc.
|
||||
|
||||
Redistribution and use in source and binary forms, with or without
|
||||
modification, are permitted provided that the following conditions are
|
||||
@ -191,7 +191,7 @@ ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
||||
DATABASE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
===============================================================================
|
||||
m4/pc_from_ucontext.m4 is available under the following license. Note that
|
||||
it is *not* built into the Tor license.
|
||||
it is *not* built into the Tor software.
|
||||
|
||||
Copyright (c) 2005, Google Inc.
|
||||
All rights reserved.
|
||||
@ -222,6 +222,35 @@ THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
||||
(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
|
||||
OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
|
||||
===============================================================================
|
||||
m4/pkg.m4 is available under the following license. Note that
|
||||
it is *not* built into the Tor software.
|
||||
|
||||
pkg.m4 - Macros to locate and utilise pkg-config. -*- Autoconf -*-
|
||||
serial 1 (pkg-config-0.24)
|
||||
|
||||
Copyright © 2004 Scott James Remnant <scott@netsplit.com>.
|
||||
|
||||
This program is free software; you can redistribute it and/or modify
|
||||
it under the terms of the GNU General Public License as published by
|
||||
the Free Software Foundation; either version 2 of the License, or
|
||||
(at your option) any later version.
|
||||
|
||||
This program is distributed in the hope that it will be useful, but
|
||||
WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
||||
General Public License for more details.
|
||||
|
||||
You should have received a copy of the GNU General Public License
|
||||
along with this program; if not, write to the Free Software
|
||||
Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
|
||||
|
||||
As a special exception to the GNU General Public License, if you
|
||||
distribute this file as part of a program that contains a
|
||||
configuration script generated by Autoconf, you may include it under
|
||||
the same distribution terms that you use for the rest of that program.
|
||||
|
||||
|
||||
===============================================================================
|
||||
If you got Tor as a static binary with OpenSSL included, then you should know:
|
||||
"This product includes software developed by the OpenSSL Project
|
||||
|
15
Makefile.am
15
Makefile.am
@ -1,6 +1,6 @@
|
||||
# Copyright (c) 2001-2004, Roger Dingledine
|
||||
# Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson
|
||||
# Copyright (c) 2007-2011, The Tor Project, Inc.
|
||||
# Copyright (c) 2007-2015, The Tor Project, Inc.
|
||||
# See LICENSE for licensing information
|
||||
|
||||
# "foreign" means we don't follow GNU package layout standards
|
||||
@ -70,8 +70,17 @@ test: all
|
||||
test-network: all
|
||||
./src/test/test-network.sh
|
||||
|
||||
test-stem: $(TESTING_TOR_BINARY)
|
||||
@if test -d "$$STEM_SOURCE_DIR"; then \
|
||||
"$$STEM_SOURCE_DIR"/run_tests.py --tor $(TESTING_TOR_BINARY) --all --log notice --target RUN_ALL; \
|
||||
else \
|
||||
echo '$$STEM_SOURCE_DIR was not set.'; echo; \
|
||||
echo "To run these tests, git clone https://git.torproject.org/stem.git/ ; export STEM_SOURCE_DIR=\`pwd\`/stem"; \
|
||||
fi
|
||||
|
||||
|
||||
reset-gcov:
|
||||
rm -f src/*/*.gcda
|
||||
rm -f src/*/*.gcda src/*/*/*.gcda
|
||||
|
||||
HTML_COVER_DIR=./coverage_html
|
||||
coverage-html: all
|
||||
@ -109,4 +118,4 @@ version:
|
||||
fi
|
||||
|
||||
mostlyclean-local:
|
||||
rm -f src/*/*.gc{da,no}
|
||||
rm -f src/*/*.gc{da,no} src/*/*/*.gc{da,no}
|
||||
|
@ -2,7 +2,7 @@ dnl Helper macros for Tor configure.ac
|
||||
dnl Copyright (c) 2001-2004, Roger Dingledine
|
||||
dnl Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson
|
||||
dnl Copyright (c) 2007-2008, Roger Dingledine, Nick Mathewson
|
||||
dnl Copyright (c) 2007-2014, The Tor Project, Inc.
|
||||
dnl Copyright (c) 2007-2015, The Tor Project, Inc.
|
||||
dnl See LICENSE for licensing information
|
||||
|
||||
AC_DEFUN([TOR_EXTEND_CODEPATH],
|
||||
|
4
changes/bug11791
Normal file
4
changes/bug11791
Normal file
@ -0,0 +1,4 @@
|
||||
o Minor features (directory, memory usage):
|
||||
- When we have recently been under memory pressure (over 3/4 of
|
||||
MaxMemInQueues is allocated), then allocate smaller zlib objects for
|
||||
small requests. Closes ticket 11791.
|
4
changes/bug12509
Normal file
4
changes/bug12509
Normal file
@ -0,0 +1,4 @@
|
||||
|
||||
o Minor bugfixes (automapping):
|
||||
- Prevent changes to other optoins from removing the wildcard value "."
|
||||
from "AutomapHostsSuffixes".
|
5
changes/bug12985
Normal file
5
changes/bug12985
Normal file
@ -0,0 +1,5 @@
|
||||
o Minor bugfixes (shutdown):
|
||||
- When shutting down, always call event_del() on lingering read or
|
||||
write events before freeing them. Otherwise, we risk double-frees
|
||||
or read-after-frees in event_base_free(). Fixes bug 12985; bugfix on
|
||||
0.1.0.2-rc.
|
@ -1,10 +0,0 @@
|
||||
o Code simplification and refactoring:
|
||||
|
||||
- Remove our old, non-weighted bandwidth-based node selection code.
|
||||
Previously, we used it as a fallback when we couldn't perform
|
||||
weighted bandwidth-based node selection. But that would only
|
||||
happen in the cases where we had no consensus, or when we had a
|
||||
consensus generated by buggy or ancient directory authorities. In
|
||||
either case, it's better to use the more modern, better maintained
|
||||
algorithm, with reasonable defaults for the weights. Closes
|
||||
ticket 13126.
|
@ -1,7 +0,0 @@
|
||||
o Minor bugfixes (hidden services):
|
||||
- When fetching hidden service descriptors, check not only for
|
||||
whether we got the hidden service we had in mind, but also
|
||||
whether we got the particular descriptors we wanted. This
|
||||
prevents a class of inefficient but annoying DoS attacks by
|
||||
hidden service directories. Fixes bug 13214; bugfix on
|
||||
0.2.1.6-alpha. Reported by "special".
|
@ -1,5 +0,0 @@
|
||||
o Directory authority changes:
|
||||
- Remove turtles as a directory authority.
|
||||
- Add longclaw as a new (v3) directory authority. This implements
|
||||
ticket 13296. This keeps the directory authority count at 9.
|
||||
|
@ -1,5 +0,0 @@
|
||||
o Minor features:
|
||||
- Validate hostnames in SOCKS5 requests more strictly. If SafeSocks
|
||||
is enabled, reject requests with IP addresses as hostnames. Resolves
|
||||
ticket 13315.
|
||||
|
@ -1,12 +0,0 @@
|
||||
o Minor bugfixes:
|
||||
- Use a full 256 bits of the SHA256 digest of a microdescriptor when
|
||||
computing which microdescriptors to download. This keeps us from
|
||||
erroneous download behavior if two microdescriptor digests ever have
|
||||
the same first 160 bits. Fixes part of bug 13399; bugfix on
|
||||
0.2.3.1-alpha.
|
||||
|
||||
- Reset a router's status if its microdescriptor digest changes,
|
||||
even if the first 160 bits remain the same. Fixes part of bug
|
||||
13399; bugfix on 0.2.3.1-alpha.
|
||||
|
||||
|
@ -1,3 +0,0 @@
|
||||
o Code simplifications and refactoring:
|
||||
- Refactor our generic strmap and digestmap types into a single
|
||||
implementation, so that we can add a new digest256map type trivially.
|
@ -1,5 +0,0 @@
|
||||
o Minor feature:
|
||||
- When re-enabling the network, don't try to build introduction circuits
|
||||
until we have successfully built a circuit. This makes hidden services
|
||||
come up faster when the network is re-enabled. Patch from
|
||||
"akwizgran". Closes ticket 13447.
|
@ -1,4 +0,0 @@
|
||||
o Code simplifications and refactoring:
|
||||
- Document all members of was_router_added_t enum and rename
|
||||
ROUTER_WAS_NOT_NEW to ROUTER_IS_ALREADY_KNOWN to make it less
|
||||
confusable with ROUTER_WAS_TOO_OLD. Fixes issue 13644.
|
6
changes/bug13661
Normal file
6
changes/bug13661
Normal file
@ -0,0 +1,6 @@
|
||||
o Minor bugfixes:
|
||||
|
||||
- Support two-number and three-number version numbers correctly, in
|
||||
case we change the Tor versioning system in the future. Fixes bug
|
||||
13661; bugfix on 0.0.8pre1.
|
||||
|
@ -1,6 +0,0 @@
|
||||
|
||||
o Testing:
|
||||
- In the unit tests, use 'chgrp' to change the group of the unit test
|
||||
temporary directory to the current user, so that the sticky bit doesn't
|
||||
interfere with tests that check directory groups. Closes 13678.
|
||||
|
@ -1,6 +0,0 @@
|
||||
o Major bugfixes:
|
||||
- When closing an introduction circuit that was opened in
|
||||
parallel, don't mark the introduction point as
|
||||
unreachable. Previously, the first successful connection to an
|
||||
introduction point would make the other uintroduction points get
|
||||
marked as having timed out. Fixes bug 13698; bugfix on 0.0.6rc2.
|
@ -1,4 +0,0 @@
|
||||
o Minor bugfixes (logging):
|
||||
- Log the circuit identifier correctly in
|
||||
connection_ap_handshake_attach_circuit(). Fixes bug 13701;
|
||||
bugfix on 0.0.6.
|
@ -1,4 +0,0 @@
|
||||
o Documentation:
|
||||
- Fix typo in PredictedPortsRelevanceTime option description in
|
||||
manpage. Resolves issue 13707.
|
||||
|
@ -1,3 +0,0 @@
|
||||
o Documentation:
|
||||
- Document the bridge-authority-only 'networkstatus-bridges'
|
||||
file. Closes ticket 13713; patch from "tom".
|
@ -1,3 +0,0 @@
|
||||
o Code simplifications and refactoring:
|
||||
- In connection_exit_begin_conn(), use END_CIRC_REASON_TORPROTOCOL
|
||||
constant instead of hardcoded value. Fixes issue 13840.
|
@ -1,6 +0,0 @@
|
||||
o Minor bugfixes (hidden services):
|
||||
- When adding a new hidden-service (for example, via SETCONF) Tor
|
||||
no longer logs a congratulations for running a relay. Fixes bug
|
||||
13941; bugfix on 0.2.6.1-alpha.
|
||||
|
||||
|
@ -1,5 +0,0 @@
|
||||
o Minor bugfixes (hidden services):
|
||||
- Pre-check directory permissions for new hidden-services to avoid
|
||||
at least one case of "Bug: Acting on config options left us in a
|
||||
broken state. Dying." Fixes bug 13942.
|
||||
|
3
changes/bug13988
Normal file
3
changes/bug13988
Normal file
@ -0,0 +1,3 @@
|
||||
o Minor bugfixes (statistics):
|
||||
- Increase period over which bandwidth observations are aggregated
|
||||
from 15 minutes to 4 hours. Fixes bug 13988; bugfix on 0.0.8pre1.
|
3
changes/bug14072
Normal file
3
changes/bug14072
Normal file
@ -0,0 +1,3 @@
|
||||
o Minor bugfixes (build):
|
||||
- Avoid warnings when building with systemd 209 or later.
|
||||
Fixes bug 14072; bugfix on 0.2.6.2-alpha. Patch from "h.venev".
|
4
changes/bug14106
Normal file
4
changes/bug14106
Normal file
@ -0,0 +1,4 @@
|
||||
o Minor bugfixes (hidden services):
|
||||
- Successfully launch Tor with a nonexistent hidden service directory.
|
||||
Our fix for bug 13942 didn't catch this case. Fixes bug 14106;
|
||||
bugfix on 0.2.6.2-alpha.
|
3
changes/bug14116_025
Normal file
3
changes/bug14116_025
Normal file
@ -0,0 +1,3 @@
|
||||
o Minor bugfixes (controller):
|
||||
- Avoid crashing on a malformed EXTENDCIRCUIT command. Fixes bug 14116;
|
||||
bugfix on 0.2.2.9-alpha.
|
4
changes/bug14123
Normal file
4
changes/bug14123
Normal file
@ -0,0 +1,4 @@
|
||||
o Minor bugfixes (small memory leaks):
|
||||
- Avoid leaking memory when using IPv6 virtual address mappings.
|
||||
Fixes bug 14123; bugfix on 0.2.4.7-alpha. Patch by Tom van der
|
||||
Woerdt.
|
5
changes/bug14125
Normal file
5
changes/bug14125
Normal file
@ -0,0 +1,5 @@
|
||||
o Minor bugfixes (dirauth):
|
||||
- Enlarge the buffer to read bw-auth generated files to avoid an
|
||||
issue when parsing the file in dirserv_read_measured_bandwidths().
|
||||
Bugfix on 0.2.2.1-alpha, fixes #14125.
|
||||
|
@ -1,4 +0,0 @@
|
||||
o Minor bugfixes:
|
||||
- Stop allowing invalid address patterns containing both a wildcard
|
||||
address and a bit prefix length. This affects all our
|
||||
address-range parsing code. Fixes bug 7484; bugfix on 0.0.2pre14.
|
@ -1,5 +0,0 @@
|
||||
o Removed features:
|
||||
- Tor clients no longer support connecting to hidden services running on
|
||||
Tor 0.2.2.x and earlier; the Support022HiddenServices option has been
|
||||
removed. (There shouldn't be any hidden services running these
|
||||
versions on the network.)
|
4
changes/bug9286
Normal file
4
changes/bug9286
Normal file
@ -0,0 +1,4 @@
|
||||
o Minor bugfixes (parsing):
|
||||
- Stop accepting milliseconds (or other junk) at the end of
|
||||
descriptor publication times. Fixes bug 9286; bugfix on
|
||||
0.0.2pre25.
|
@ -1,6 +0,0 @@
|
||||
o Minor bugfixes (logging):
|
||||
- Downgrade warnings about RSA signature failures to info log
|
||||
level. Emit a warning when extra info document is found
|
||||
incompatible with a corresponding router descriptor. Fixes bug
|
||||
9812; bugfix on 0.0.6rc3.
|
||||
|
@ -1,5 +0,0 @@
|
||||
o Documentation:
|
||||
- Stop suggesting that users specify nodes by nickname: it isn't a
|
||||
good idea. Also, properly cross-reference how to specify nodes
|
||||
in all parts of the manual for options that take a list of
|
||||
nodes. Closes ticket 13381.
|
12
changes/feature10067
Normal file
12
changes/feature10067
Normal file
@ -0,0 +1,12 @@
|
||||
o Major features (changed defaults):
|
||||
- Prevent relay operators from unintentionally running exits: When
|
||||
a relay is configured as an exit node, we now warn the user
|
||||
unless the 'ExitRelay' option is set to 1. We warn even more
|
||||
loudly if the relay is configured with the default exit policy,
|
||||
since this tends to indicate accidental misconfiguration.
|
||||
Setting 'ExitRelay' to 0 stops Tor from running as an exit relay.
|
||||
Closes ticket 10067.
|
||||
|
||||
o Removed features:
|
||||
- To avoid confusion with the 'ExitRelay' option, 'ExitNode' is no
|
||||
longer silently accepted as an alias for 'ExitNodes'.
|
@ -1,4 +0,0 @@
|
||||
o Minor features (hidden services):
|
||||
- Inform Tor controller about nature of failure to retrieve
|
||||
hidden service descriptor by sending reason string with HS_DESC
|
||||
FAILED controller event. Implements feature 13212.
|
@ -1,4 +0,0 @@
|
||||
o Minor features (controller):
|
||||
- Add a "SIGNAL HEARTBEAT" Tor controller command that provokes
|
||||
writing unscheduled heartbeat message to the log. Implements
|
||||
feature 9503.
|
4
changes/fix-test-cmdline-args
Normal file
4
changes/fix-test-cmdline-args
Normal file
@ -0,0 +1,4 @@
|
||||
o Testing:
|
||||
- Make the test_cmdline_args.py script work correctly on Windows.
|
||||
Patch from Gisle Vanem.
|
||||
|
@ -1,3 +0,0 @@
|
||||
o Minor features:
|
||||
- Update geoip to the November 15 2014 Maxmind GeoLite2 Country database.
|
||||
|
@ -1,3 +0,0 @@
|
||||
o Minor features:
|
||||
- Update geoip6 to the November 15 2014 Maxmind GeoLite2 Country database.
|
||||
|
@ -1,12 +0,0 @@
|
||||
o Major features (relay, infrastructure):
|
||||
- Implement a new inter-cmux comparison API, a global high/low watermark
|
||||
mechanism and a global scheduler loop for transmission prioritization
|
||||
across all channels as well as among circuits on one channel. This
|
||||
schedule is currently tuned to (tolerantly) avoid making changes
|
||||
in the current network performance, but it should form the basis
|
||||
major circuit performance increases. Code by Andrea; implements
|
||||
ticket 9262.
|
||||
|
||||
o Testing:
|
||||
- New tests for many parts of channel, relay, and circuit mux
|
||||
functionality. Code by Andrea; part of 9262.
|
@ -1,3 +0,0 @@
|
||||
o Code Simplification and Refactoring:
|
||||
- Stop using can_complete_circuits as a global variable; access it with
|
||||
a function instead.
|
@ -1,10 +0,0 @@
|
||||
o Minor bugfixes:
|
||||
- Silence clang warnings under --enable-expensive-hardening, including:
|
||||
+ implicit truncation of 64 bit values to 32 bit;
|
||||
+ const char assignment to self;
|
||||
+ tautological compare; and
|
||||
+ additional parentheses around equality tests. (gcc uses these to
|
||||
silence assignment, so clang warns when they're present in an
|
||||
equality test. But we need to use extra parentheses in macros to
|
||||
isolate them from other code).
|
||||
Fixes bug 13577.
|
@ -1,4 +0,0 @@
|
||||
o Minor features (hidden services):
|
||||
- New HiddenServiceDirGroupReadable option to cause hidden service
|
||||
directories and hostname files to be created group-readable.
|
||||
Patch from "anon", David Stainton, and "meejah".
|
@ -1,4 +0,0 @@
|
||||
o Code simplification and refactoring:
|
||||
- Avoid using operators directly as macro arguments: this lets us
|
||||
apply coccinelle transformations to our codebase more
|
||||
directly. Closes ticket 13172.
|
6
changes/ticket14107
Normal file
6
changes/ticket14107
Normal file
@ -0,0 +1,6 @@
|
||||
o Testing:
|
||||
|
||||
- New "make test-stem" target to run stem integration tests.
|
||||
Requires that the "STEM_SOURCE_DIR" environment variable be set.
|
||||
Closes ticket 14107.
|
||||
|
5
changes/ticket14128
Normal file
5
changes/ticket14128
Normal file
@ -0,0 +1,5 @@
|
||||
o Minor features (controller):
|
||||
- New "GETINFO bw-event-cache" to get information about recent bandwidth
|
||||
events. Closes ticket 14128. Useful for controllers to get recent
|
||||
bandwidth history after the fix for 13988.
|
||||
|
@ -1,6 +0,0 @@
|
||||
o Code simplification and refactoring:
|
||||
- Combine the functions used to parse ClientTransportPlugin and
|
||||
ServerTransportPlugin into a single function. Closes ticket 6456.
|
||||
|
||||
o Testing:
|
||||
- New tests for parse_transport_line(). Part of ticket 6456.
|
100
configure.ac
100
configure.ac
@ -1,9 +1,9 @@
|
||||
dnl Copyright (c) 2001-2004, Roger Dingledine
|
||||
dnl Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson
|
||||
dnl Copyright (c) 2007-2014, The Tor Project, Inc.
|
||||
dnl Copyright (c) 2007-2015, The Tor Project, Inc.
|
||||
dnl See LICENSE for licensing information
|
||||
|
||||
AC_INIT([tor],[0.2.6.1-alpha-dev])
|
||||
AC_INIT([tor],[0.2.6.2-alpha-dev])
|
||||
AC_CONFIG_SRCDIR([src/or/main.c])
|
||||
AC_CONFIG_MACRO_DIR([m4])
|
||||
AM_INIT_AUTOMAKE
|
||||
@ -12,6 +12,8 @@ AC_CONFIG_HEADERS([orconfig.h])
|
||||
|
||||
AC_CANONICAL_HOST
|
||||
|
||||
PKG_PROG_PKG_CONFIG
|
||||
|
||||
if test -f /etc/redhat-release ; then
|
||||
if test -f /usr/kerberos/include ; then
|
||||
CPPFLAGS="$CPPFLAGS -I/usr/kerberos/include"
|
||||
@ -105,6 +107,58 @@ AC_ARG_ENABLE(upnp,
|
||||
* ) AC_MSG_ERROR(bad value for --enable-upnp) ;;
|
||||
esac], [upnp=false])
|
||||
|
||||
# systemd notify support
|
||||
AC_ARG_ENABLE(systemd,
|
||||
AS_HELP_STRING(--enable-systemd, enable systemd notification support),
|
||||
[case "${enableval}" in
|
||||
yes) systemd=true ;;
|
||||
no) systemd=false ;;
|
||||
* ) AC_MSG_ERROR(bad value for --enable-systemd) ;;
|
||||
esac], [systemd=auto])
|
||||
|
||||
|
||||
|
||||
# systemd support
|
||||
if test x$enable_systemd = xfalse ; then
|
||||
have_systemd=no;
|
||||
else
|
||||
PKG_CHECK_MODULES(SYSTEMD,
|
||||
[libsystemd-daemon],
|
||||
have_systemd=yes,
|
||||
have_systemd=no)
|
||||
fi
|
||||
|
||||
if test x$have_systemd = xyes; then
|
||||
AC_DEFINE(HAVE_SYSTEMD,1,[Have systemd])
|
||||
CFLAGS="${CFLAGS} ${SYSTEMD_CFLAGS}"
|
||||
TOR_SYSTEMD_LIBS="${SYSTEMD_LIBS}"
|
||||
fi
|
||||
AC_SUBST(TOR_SYSTEMD_LIBS)
|
||||
|
||||
if test x$enable_systemd = xyes -a x$have_systemd != xyes ; then
|
||||
AC_MSG_ERROR([Explicitly requested systemd support, but systemd not found])
|
||||
fi
|
||||
|
||||
AC_ARG_ENABLE(threads,
|
||||
AS_HELP_STRING(--disable-threads, disable multi-threading support))
|
||||
|
||||
if test x$enable_threads = x; then
|
||||
case $host in
|
||||
*-*-solaris* )
|
||||
# Don't try multithreading on solaris -- cpuworkers seem to lock.
|
||||
AC_MSG_NOTICE([You are running Solaris; Sometimes threading makes
|
||||
cpu workers lock up here, so I will disable threads.])
|
||||
enable_threads="no";;
|
||||
*)
|
||||
enable_threads="yes";;
|
||||
esac
|
||||
fi
|
||||
|
||||
ifdef([HAVE_SYSTEMD], [
|
||||
AC_SEARCH_LIBS([sd_watchdog_enabled], [systemd-daemon],
|
||||
[AC_DEFINE(HAVE_SYSTEMD_209,1,[Have systemd v209 or more])], [])
|
||||
])
|
||||
|
||||
case $host in
|
||||
*-*-solaris* )
|
||||
AC_DEFINE(_REENTRANT, 1, [Define on some platforms to activate x_r() functions in time.h])
|
||||
@ -618,7 +672,7 @@ dnl since sometimes the linker will like an option but not be willing to
|
||||
dnl use it with a build of a library.
|
||||
|
||||
all_ldflags_for_check="$TOR_LDFLAGS_zlib $TOR_LDFLAGS_openssl $TOR_LDFLAGS_libevent"
|
||||
all_libs_for_check="$TOR_ZLIB_LIBS $TOR_LIB_MATH $TOR_LIBEVENT_LIBS $TOR_OPENSSL_LIBS $TOR_LIB_WS32 $TOR_LIB_GDI"
|
||||
all_libs_for_check="$TOR_ZLIB_LIBS $TOR_LIB_MATH $TOR_LIBEVENT_LIBS $TOR_OPENSSL_LIBS $TOR_SYSTEMD_LIBS $TOR_LIB_WS32 $TOR_LIB_GDI"
|
||||
|
||||
AC_COMPILE_IFELSE([AC_LANG_PROGRAM([], [
|
||||
#if !defined(__clang__)
|
||||
@ -937,6 +991,14 @@ AC_CHECK_HEADERS(net/pfvar.h, net_pfvar_found=1, net_pfvar_found=0,
|
||||
#ifdef HAVE_NET_IF_H
|
||||
#include <net/if.h>
|
||||
#endif])
|
||||
|
||||
AC_CHECK_HEADERS(linux/if.h,[],[],
|
||||
[
|
||||
#ifdef HAVE_SYS_SOCKET_H
|
||||
#include <sys/socket.h>
|
||||
#endif
|
||||
])
|
||||
|
||||
AC_CHECK_HEADERS(linux/netfilter_ipv4.h,
|
||||
linux_netfilter_ipv4=1, linux_netfilter_ipv4=0,
|
||||
[#ifdef HAVE_SYS_TYPES_H
|
||||
@ -958,6 +1020,30 @@ AC_CHECK_HEADERS(linux/netfilter_ipv4.h,
|
||||
#include <netinet/in.h>
|
||||
#endif])
|
||||
|
||||
AC_CHECK_HEADERS(linux/netfilter_ipv6/ip6_tables.h,
|
||||
linux_netfilter_ipv6_ip6_tables=1, linux_netfilter_ipv6_ip6_tables=0,
|
||||
[#ifdef HAVE_SYS_TYPES_H
|
||||
#include <sys/types.h>
|
||||
#endif
|
||||
#ifdef HAVE_SYS_SOCKET_H
|
||||
#include <sys/socket.h>
|
||||
#endif
|
||||
#ifdef HAVE_LIMITS_H
|
||||
#include <limits.h>
|
||||
#endif
|
||||
#ifdef HAVE_LINUX_TYPES_H
|
||||
#include <linux/types.h>
|
||||
#endif
|
||||
#ifdef HAVE_NETINET_IN6_H
|
||||
#include <netinet/in6.h>
|
||||
#endif
|
||||
#ifdef HAVE_NETINET_IN_H
|
||||
#include <netinet/in.h>
|
||||
#endif
|
||||
#ifdef HAVE_LINUX_IF_H
|
||||
#include <linux/if.h>
|
||||
#endif])
|
||||
|
||||
if test x$transparent = xtrue ; then
|
||||
transparent_ok=0
|
||||
if test x$net_if_found = x1 && test x$net_pfvar_found = x1 ; then
|
||||
@ -966,6 +1052,9 @@ if test x$transparent = xtrue ; then
|
||||
if test x$linux_netfilter_ipv4 = x1 ; then
|
||||
transparent_ok=1
|
||||
fi
|
||||
if test x$linux_netfilter_ipv6_ip6_tables = x1 ; then
|
||||
transparent_ok=1
|
||||
fi
|
||||
if test x$transparent_ok = x1 ; then
|
||||
AC_DEFINE(USE_TRANSPARENT, 1, "Define to enable transparent proxy support")
|
||||
case $host in
|
||||
@ -1454,10 +1543,9 @@ fi
|
||||
if test "$GCC" = yes; then
|
||||
# Disable GCC's strict aliasing checks. They are an hours-to-debug
|
||||
# accident waiting to happen.
|
||||
CFLAGS="$CFLAGS -Wall -fno-strict-aliasing"
|
||||
CFLAGS="$CFLAGS -Wall -fno-strict-aliasing -g -O2"
|
||||
else
|
||||
# Autoconf sets -g -O2 by default. Override optimization level
|
||||
# for non-gcc compilers
|
||||
# Override optimization level for non-gcc compilers
|
||||
CFLAGS="$CFLAGS -O"
|
||||
enable_gcc_warnings=no
|
||||
enable_gcc_warnings_advisory=no
|
||||
|
@ -8,7 +8,7 @@
|
||||
!include "LogicLib.nsh"
|
||||
!include "FileFunc.nsh"
|
||||
!insertmacro GetParameters
|
||||
!define VERSION "0.2.6.1-alpha-dev"
|
||||
!define VERSION "0.2.6.2-alpha-dev"
|
||||
!define INSTALLER "tor-${VERSION}-win32.exe"
|
||||
!define WEBSITE "https://www.torproject.org/"
|
||||
!define LICENSE "LICENSE"
|
||||
|
@ -1469,6 +1469,19 @@ is non-zero):
|
||||
that it's an email address and/or generate a new address for this
|
||||
purpose.
|
||||
|
||||
[[ExitRelay]] **ExitRelay** **0**|**1**|**auto**::
|
||||
Tells Tor whether to run as an exit relay. If Tor is running as a
|
||||
non-bridge server, and ExitRelay is set to 1, then Tor allows traffic to
|
||||
exit according to the ExitPolicy option (or the default ExitPolicy if
|
||||
none is specified).
|
||||
+
|
||||
If ExitRelay is set to 0, no traffic is allowed to
|
||||
exit, and the ExitPolicy option is ignored. +
|
||||
+
|
||||
If ExitRelay is set to "auto", then Tor behaves as if it were set to 1, but
|
||||
warns the user if this would cause traffic to exit. In a future version,
|
||||
the default value will be 0. (Default: auto)
|
||||
|
||||
[[ExitPolicy]] **ExitPolicy** __policy__,__policy__,__...__::
|
||||
Set an exit policy for this server. Each policy is of the form
|
||||
"**accept**|**reject** __ADDR__[/__MASK__][:__PORT__]". If /__MASK__ is
|
||||
@ -1764,6 +1777,13 @@ is non-zero):
|
||||
When this option is enabled, Tor writes statistics on the bidirectional use
|
||||
of connections to disk every 24 hours. (Default: 0)
|
||||
|
||||
[[HiddenServiceStatistics]] **HiddenServiceStatistics** **0**|**1**::
|
||||
When this option is enabled, a Tor relay writes obfuscated
|
||||
statistics on its role as hidden-service directory, introduction
|
||||
point, or rendezvous point to disk every 24 hours. If
|
||||
ExtraInfoStatistics is also enabled, these statistics are further
|
||||
published to the directory authorities. (Default: 0)
|
||||
|
||||
[[ExtraInfoStatistics]] **ExtraInfoStatistics** **0**|**1**::
|
||||
When this option is enabled, Tor includes previously gathered statistics in
|
||||
its extra-info documents that it uploads to the directory authorities.
|
||||
@ -2025,6 +2045,11 @@ The following options are used to configure a hidden service.
|
||||
Store data files for a hidden service in DIRECTORY. Every hidden service
|
||||
must have a separate directory. You may use this option multiple times to
|
||||
specify multiple services. DIRECTORY must be an existing directory.
|
||||
(Note: in current versions of Tor, if DIRECTORY is a relative path,
|
||||
it will be relative to current
|
||||
working directory of Tor instance, not to its DataDirectory. Do not
|
||||
rely on this behavior; it is not guaranteed to remain the same in future
|
||||
versions.)
|
||||
|
||||
[[HiddenServicePort]] **HiddenServicePort** __VIRTPORT__ [__TARGET__]::
|
||||
Configure a virtual port VIRTPORT for a hidden service. You may use this
|
||||
|
214
m4/pkg.m4
Normal file
214
m4/pkg.m4
Normal file
@ -0,0 +1,214 @@
|
||||
# pkg.m4 - Macros to locate and utilise pkg-config. -*- Autoconf -*-
|
||||
# serial 1 (pkg-config-0.24)
|
||||
#
|
||||
# Copyright © 2004 Scott James Remnant <scott@netsplit.com>.
|
||||
#
|
||||
# This program is free software; you can redistribute it and/or modify
|
||||
# it under the terms of the GNU General Public License as published by
|
||||
# the Free Software Foundation; either version 2 of the License, or
|
||||
# (at your option) any later version.
|
||||
#
|
||||
# This program is distributed in the hope that it will be useful, but
|
||||
# WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
||||
# General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with this program; if not, write to the Free Software
|
||||
# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
|
||||
#
|
||||
# As a special exception to the GNU General Public License, if you
|
||||
# distribute this file as part of a program that contains a
|
||||
# configuration script generated by Autoconf, you may include it under
|
||||
# the same distribution terms that you use for the rest of that program.
|
||||
|
||||
# PKG_PROG_PKG_CONFIG([MIN-VERSION])
|
||||
# ----------------------------------
|
||||
AC_DEFUN([PKG_PROG_PKG_CONFIG],
|
||||
[m4_pattern_forbid([^_?PKG_[A-Z_]+$])
|
||||
m4_pattern_allow([^PKG_CONFIG(_(PATH|LIBDIR|SYSROOT_DIR|ALLOW_SYSTEM_(CFLAGS|LIBS)))?$])
|
||||
m4_pattern_allow([^PKG_CONFIG_(DISABLE_UNINSTALLED|TOP_BUILD_DIR|DEBUG_SPEW)$])
|
||||
AC_ARG_VAR([PKG_CONFIG], [path to pkg-config utility])
|
||||
AC_ARG_VAR([PKG_CONFIG_PATH], [directories to add to pkg-config's search path])
|
||||
AC_ARG_VAR([PKG_CONFIG_LIBDIR], [path overriding pkg-config's built-in search path])
|
||||
|
||||
if test "x$ac_cv_env_PKG_CONFIG_set" != "xset"; then
|
||||
AC_PATH_TOOL([PKG_CONFIG], [pkg-config])
|
||||
fi
|
||||
if test -n "$PKG_CONFIG"; then
|
||||
_pkg_min_version=m4_default([$1], [0.9.0])
|
||||
AC_MSG_CHECKING([pkg-config is at least version $_pkg_min_version])
|
||||
if $PKG_CONFIG --atleast-pkgconfig-version $_pkg_min_version; then
|
||||
AC_MSG_RESULT([yes])
|
||||
else
|
||||
AC_MSG_RESULT([no])
|
||||
PKG_CONFIG=""
|
||||
fi
|
||||
fi[]dnl
|
||||
])# PKG_PROG_PKG_CONFIG
|
||||
|
||||
# PKG_CHECK_EXISTS(MODULES, [ACTION-IF-FOUND], [ACTION-IF-NOT-FOUND])
|
||||
#
|
||||
# Check to see whether a particular set of modules exists. Similar
|
||||
# to PKG_CHECK_MODULES(), but does not set variables or print errors.
|
||||
#
|
||||
# Please remember that m4 expands AC_REQUIRE([PKG_PROG_PKG_CONFIG])
|
||||
# only at the first occurence in configure.ac, so if the first place
|
||||
# it's called might be skipped (such as if it is within an "if", you
|
||||
# have to call PKG_CHECK_EXISTS manually
|
||||
# --------------------------------------------------------------
|
||||
AC_DEFUN([PKG_CHECK_EXISTS],
|
||||
[AC_REQUIRE([PKG_PROG_PKG_CONFIG])dnl
|
||||
if test -n "$PKG_CONFIG" && \
|
||||
AC_RUN_LOG([$PKG_CONFIG --exists --print-errors "$1"]); then
|
||||
m4_default([$2], [:])
|
||||
m4_ifvaln([$3], [else
|
||||
$3])dnl
|
||||
fi])
|
||||
|
||||
# _PKG_CONFIG([VARIABLE], [COMMAND], [MODULES])
|
||||
# ---------------------------------------------
|
||||
m4_define([_PKG_CONFIG],
|
||||
[if test -n "$$1"; then
|
||||
pkg_cv_[]$1="$$1"
|
||||
elif test -n "$PKG_CONFIG"; then
|
||||
PKG_CHECK_EXISTS([$3],
|
||||
[pkg_cv_[]$1=`$PKG_CONFIG --[]$2 "$3" 2>/dev/null`
|
||||
test "x$?" != "x0" && pkg_failed=yes ],
|
||||
[pkg_failed=yes])
|
||||
else
|
||||
pkg_failed=untried
|
||||
fi[]dnl
|
||||
])# _PKG_CONFIG
|
||||
|
||||
# _PKG_SHORT_ERRORS_SUPPORTED
|
||||
# -----------------------------
|
||||
AC_DEFUN([_PKG_SHORT_ERRORS_SUPPORTED],
|
||||
[AC_REQUIRE([PKG_PROG_PKG_CONFIG])
|
||||
if $PKG_CONFIG --atleast-pkgconfig-version 0.20; then
|
||||
_pkg_short_errors_supported=yes
|
||||
else
|
||||
_pkg_short_errors_supported=no
|
||||
fi[]dnl
|
||||
])# _PKG_SHORT_ERRORS_SUPPORTED
|
||||
|
||||
|
||||
# PKG_CHECK_MODULES(VARIABLE-PREFIX, MODULES, [ACTION-IF-FOUND],
|
||||
# [ACTION-IF-NOT-FOUND])
|
||||
#
|
||||
#
|
||||
# Note that if there is a possibility the first call to
|
||||
# PKG_CHECK_MODULES might not happen, you should be sure to include an
|
||||
# explicit call to PKG_PROG_PKG_CONFIG in your configure.ac
|
||||
#
|
||||
#
|
||||
# --------------------------------------------------------------
|
||||
AC_DEFUN([PKG_CHECK_MODULES],
|
||||
[AC_REQUIRE([PKG_PROG_PKG_CONFIG])dnl
|
||||
AC_ARG_VAR([$1][_CFLAGS], [C compiler flags for $1, overriding pkg-config])dnl
|
||||
AC_ARG_VAR([$1][_LIBS], [linker flags for $1, overriding pkg-config])dnl
|
||||
|
||||
pkg_failed=no
|
||||
AC_MSG_CHECKING([for $1])
|
||||
|
||||
_PKG_CONFIG([$1][_CFLAGS], [cflags], [$2])
|
||||
_PKG_CONFIG([$1][_LIBS], [libs], [$2])
|
||||
|
||||
m4_define([_PKG_TEXT], [Alternatively, you may set the environment variables $1[]_CFLAGS
|
||||
and $1[]_LIBS to avoid the need to call pkg-config.
|
||||
See the pkg-config man page for more details.])
|
||||
|
||||
if test $pkg_failed = yes; then
|
||||
AC_MSG_RESULT([no])
|
||||
_PKG_SHORT_ERRORS_SUPPORTED
|
||||
if test $_pkg_short_errors_supported = yes; then
|
||||
$1[]_PKG_ERRORS=`$PKG_CONFIG --short-errors --print-errors --cflags --libs "$2" 2>&1`
|
||||
else
|
||||
$1[]_PKG_ERRORS=`$PKG_CONFIG --print-errors --cflags --libs "$2" 2>&1`
|
||||
fi
|
||||
# Put the nasty error message in config.log where it belongs
|
||||
echo "$$1[]_PKG_ERRORS" >&AS_MESSAGE_LOG_FD
|
||||
|
||||
m4_default([$4], [AC_MSG_ERROR(
|
||||
[Package requirements ($2) were not met:
|
||||
|
||||
$$1_PKG_ERRORS
|
||||
|
||||
Consider adjusting the PKG_CONFIG_PATH environment variable if you
|
||||
installed software in a non-standard prefix.
|
||||
|
||||
_PKG_TEXT])[]dnl
|
||||
])
|
||||
elif test $pkg_failed = untried; then
|
||||
AC_MSG_RESULT([no])
|
||||
m4_default([$4], [AC_MSG_FAILURE(
|
||||
[The pkg-config script could not be found or is too old. Make sure it
|
||||
is in your PATH or set the PKG_CONFIG environment variable to the full
|
||||
path to pkg-config.
|
||||
|
||||
_PKG_TEXT
|
||||
|
||||
To get pkg-config, see <http://pkg-config.freedesktop.org/>.])[]dnl
|
||||
])
|
||||
else
|
||||
$1[]_CFLAGS=$pkg_cv_[]$1[]_CFLAGS
|
||||
$1[]_LIBS=$pkg_cv_[]$1[]_LIBS
|
||||
AC_MSG_RESULT([yes])
|
||||
$3
|
||||
fi[]dnl
|
||||
])# PKG_CHECK_MODULES
|
||||
|
||||
|
||||
# PKG_INSTALLDIR(DIRECTORY)
|
||||
# -------------------------
|
||||
# Substitutes the variable pkgconfigdir as the location where a module
|
||||
# should install pkg-config .pc files. By default the directory is
|
||||
# $libdir/pkgconfig, but the default can be changed by passing
|
||||
# DIRECTORY. The user can override through the --with-pkgconfigdir
|
||||
# parameter.
|
||||
AC_DEFUN([PKG_INSTALLDIR],
|
||||
[m4_pushdef([pkg_default], [m4_default([$1], ['${libdir}/pkgconfig'])])
|
||||
m4_pushdef([pkg_description],
|
||||
[pkg-config installation directory @<:@]pkg_default[@:>@])
|
||||
AC_ARG_WITH([pkgconfigdir],
|
||||
[AS_HELP_STRING([--with-pkgconfigdir], pkg_description)],,
|
||||
[with_pkgconfigdir=]pkg_default)
|
||||
AC_SUBST([pkgconfigdir], [$with_pkgconfigdir])
|
||||
m4_popdef([pkg_default])
|
||||
m4_popdef([pkg_description])
|
||||
]) dnl PKG_INSTALLDIR
|
||||
|
||||
|
||||
# PKG_NOARCH_INSTALLDIR(DIRECTORY)
|
||||
# -------------------------
|
||||
# Substitutes the variable noarch_pkgconfigdir as the location where a
|
||||
# module should install arch-independent pkg-config .pc files. By
|
||||
# default the directory is $datadir/pkgconfig, but the default can be
|
||||
# changed by passing DIRECTORY. The user can override through the
|
||||
# --with-noarch-pkgconfigdir parameter.
|
||||
AC_DEFUN([PKG_NOARCH_INSTALLDIR],
|
||||
[m4_pushdef([pkg_default], [m4_default([$1], ['${datadir}/pkgconfig'])])
|
||||
m4_pushdef([pkg_description],
|
||||
[pkg-config arch-independent installation directory @<:@]pkg_default[@:>@])
|
||||
AC_ARG_WITH([noarch-pkgconfigdir],
|
||||
[AS_HELP_STRING([--with-noarch-pkgconfigdir], pkg_description)],,
|
||||
[with_noarch_pkgconfigdir=]pkg_default)
|
||||
AC_SUBST([noarch_pkgconfigdir], [$with_noarch_pkgconfigdir])
|
||||
m4_popdef([pkg_default])
|
||||
m4_popdef([pkg_description])
|
||||
]) dnl PKG_NOARCH_INSTALLDIR
|
||||
|
||||
|
||||
# PKG_CHECK_VAR(VARIABLE, MODULE, CONFIG-VARIABLE,
|
||||
# [ACTION-IF-FOUND], [ACTION-IF-NOT-FOUND])
|
||||
# -------------------------------------------
|
||||
# Retrieves the value of the pkg-config variable for the given module.
|
||||
AC_DEFUN([PKG_CHECK_VAR],
|
||||
[AC_REQUIRE([PKG_PROG_PKG_CONFIG])dnl
|
||||
AC_ARG_VAR([$1], [value of $3 for $2, overriding pkg-config])dnl
|
||||
|
||||
_PKG_CONFIG([$1], [variable="][$3]["], [$2])
|
||||
AS_VAR_COPY([$1], [pkg_cv_][$1])
|
||||
|
||||
AS_VAR_IF([$1], [""], [$5], [$4])dnl
|
||||
])# PKG_CHECK_VAR
|
@ -1,5 +1,5 @@
|
||||
#!/usr/bin/python
|
||||
# Copyright 2014, The Tor Project, Inc
|
||||
# Copyright 2014-2015, The Tor Project, Inc
|
||||
# See LICENSE for licensing information
|
||||
|
||||
# This script parses openssl headers to find ciphersuite names, determines
|
||||
|
@ -1,6 +1,6 @@
|
||||
#!/usr/bin/python
|
||||
# coding=utf-8
|
||||
# Copyright 2011, The Tor Project, Inc
|
||||
# Copyright 2011-2015, The Tor Project, Inc
|
||||
# original version by Arturo Filastò
|
||||
# See LICENSE for licensing information
|
||||
|
||||
|
@ -1,5 +1,5 @@
|
||||
#!/usr/bin/python
|
||||
# Copyright 2014, The Tor Project, Inc.
|
||||
# Copyright 2014-2015, The Tor Project, Inc.
|
||||
# See LICENSE for license information
|
||||
|
||||
# This is a kludgey python script that uses ctypes and openssl to sign
|
||||
|
@ -1,5 +1,5 @@
|
||||
#!/usr/bin/python
|
||||
# Copyright (c) 2014, The Tor Project, Inc.
|
||||
# Copyright (c) 2014-2015, The Tor Project, Inc.
|
||||
# See LICENSE for licensing information
|
||||
#
|
||||
# This script reformats a section of the changelog to wrap everything to
|
||||
|
52
scripts/maint/lintChanges.py
Executable file
52
scripts/maint/lintChanges.py
Executable file
@ -0,0 +1,52 @@
|
||||
#!/usr/bin/python
|
||||
|
||||
import sys
|
||||
import re
|
||||
|
||||
|
||||
|
||||
def lintfile(fname):
|
||||
have_warned = []
|
||||
def warn(s):
|
||||
if not have_warned:
|
||||
have_warned.append(1)
|
||||
print fname,":"
|
||||
print "\t",s
|
||||
|
||||
m = re.search(r'(\d{3,})', fname)
|
||||
if m:
|
||||
bugnum = m.group(1)
|
||||
else:
|
||||
bugnum = None
|
||||
|
||||
with open(fname) as f:
|
||||
contents = f.read()
|
||||
|
||||
if bugnum and bugnum not in contents:
|
||||
warn("bug number %s does not appear"%bugnum)
|
||||
|
||||
lines = contents.split("\n")
|
||||
isBug = ("bug" in lines[0] or "fix" in lines[0])
|
||||
|
||||
if not re.match(r'^ +o (.*)', contents):
|
||||
warn("header not in format expected")
|
||||
|
||||
contents = " ".join(contents.split())
|
||||
|
||||
if isBug and not re.search(r'(\d+)', contents):
|
||||
warn("bugfix does not mention a number")
|
||||
elif isBug and not re.search(r'Fixes ([a-z ]*)bug (\d+)', contents):
|
||||
warn("bugfix does not say 'Fixes bug XXX'")
|
||||
|
||||
if re.search(r'[bB]ug (\d+)', contents):
|
||||
if not re.search(r'[Bb]ugfix on ', contents):
|
||||
warn("bugfix does not say 'bugfix on X.Y.Z'")
|
||||
elif not re.search('[fF]ixes ([a-z ]*)bug (\d+); bugfix on ', contents):
|
||||
warn("bugfix incant is not semicoloned")
|
||||
|
||||
|
||||
if __name__=='__main__':
|
||||
for fname in sys.argv[1:]:
|
||||
if fname.endswith("~"):
|
||||
continue
|
||||
lintfile(fname)
|
@ -1,6 +1,6 @@
|
||||
#!/usr/bin/python
|
||||
#
|
||||
# Copyright (c) 2008-2013, The Tor Project, Inc.
|
||||
# Copyright (c) 2008-2015, The Tor Project, Inc.
|
||||
# See LICENSE for licensing information.
|
||||
#
|
||||
# Hi!
|
||||
|
@ -1,5 +1,5 @@
|
||||
#!/usr/bin/python
|
||||
# Copyright (c) 2014, The Tor Project, Inc.
|
||||
# Copyright (c) 2014-2015, The Tor Project, Inc.
|
||||
# See LICENSE for licensing information
|
||||
|
||||
"""This script sorts a bunch of changes files listed on its command
|
||||
@ -18,10 +18,10 @@ def fetch(fn):
|
||||
s = "%s\n" % s.rstrip()
|
||||
return s
|
||||
|
||||
def score(s):
|
||||
def score(s,fname=None):
|
||||
m = re.match(r'^ +o (.*)', s)
|
||||
if not m:
|
||||
print >>sys.stderr, "Can't score %r"%s
|
||||
print >>sys.stderr, "Can't score %r from %s"%(s,fname)
|
||||
lw = m.group(1).lower()
|
||||
if lw.startswith("major feature"):
|
||||
score = 0
|
||||
@ -41,7 +41,7 @@ def score(s):
|
||||
return (score, lw, s)
|
||||
|
||||
|
||||
changes = [ score(fetch(fn)) for fn in sys.argv[1:] if not fn.endswith('~') ]
|
||||
changes = [ score(fetch(fn),fn) for fn in sys.argv[1:] if not fn.endswith('~') ]
|
||||
|
||||
changes.sort()
|
||||
|
||||
|
7
scripts/maint/updateCopyright.pl
Executable file
7
scripts/maint/updateCopyright.pl
Executable file
@ -0,0 +1,7 @@
|
||||
#!/usr/bin/perl -i -w -p
|
||||
|
||||
$NEWYEAR=2015;
|
||||
|
||||
s/Copyright(.*) (201[^5]), The Tor Project/Copyright$1 $2-${NEWYEAR}, The Tor Project/;
|
||||
|
||||
s/Copyright(.*)-(20..), The Tor Project/Copyright$1-${NEWYEAR}, The Tor Project/;
|
@ -1,6 +1,6 @@
|
||||
/* Copyright (c) 2003-2004, Roger Dingledine
|
||||
* Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
|
||||
* Copyright (c) 2007-2014, The Tor Project, Inc. */
|
||||
* Copyright (c) 2007-2015, The Tor Project, Inc. */
|
||||
/* See LICENSE for licensing information */
|
||||
|
||||
/**
|
||||
@ -89,13 +89,14 @@ tor_addr_to_sockaddr(const tor_addr_t *a,
|
||||
struct sockaddr *sa_out,
|
||||
socklen_t len)
|
||||
{
|
||||
memset(sa_out, 0, len);
|
||||
|
||||
sa_family_t family = tor_addr_family(a);
|
||||
if (family == AF_INET) {
|
||||
struct sockaddr_in *sin;
|
||||
if (len < (int)sizeof(struct sockaddr_in))
|
||||
return 0;
|
||||
sin = (struct sockaddr_in *)sa_out;
|
||||
memset(sin, 0, sizeof(struct sockaddr_in));
|
||||
#ifdef HAVE_STRUCT_SOCKADDR_IN_SIN_LEN
|
||||
sin->sin_len = sizeof(struct sockaddr_in);
|
||||
#endif
|
||||
@ -108,7 +109,6 @@ tor_addr_to_sockaddr(const tor_addr_t *a,
|
||||
if (len < (int)sizeof(struct sockaddr_in6))
|
||||
return 0;
|
||||
sin6 = (struct sockaddr_in6 *)sa_out;
|
||||
memset(sin6, 0, sizeof(struct sockaddr_in6));
|
||||
#ifdef HAVE_STRUCT_SOCKADDR_IN6_SIN6_LEN
|
||||
sin6->sin6_len = sizeof(struct sockaddr_in6);
|
||||
#endif
|
||||
@ -129,6 +129,9 @@ tor_addr_from_sockaddr(tor_addr_t *a, const struct sockaddr *sa,
|
||||
{
|
||||
tor_assert(a);
|
||||
tor_assert(sa);
|
||||
|
||||
memset(a, 0, sizeof(*a));
|
||||
|
||||
if (sa->sa_family == AF_INET) {
|
||||
struct sockaddr_in *sin = (struct sockaddr_in *) sa;
|
||||
tor_addr_from_ipv4n(a, sin->sin_addr.s_addr);
|
||||
@ -1023,7 +1026,6 @@ tor_addr_compare_masked(const tor_addr_t *addr1, const tor_addr_t *addr2,
|
||||
} else {
|
||||
a2 = tor_addr_to_ipv4h(addr2);
|
||||
}
|
||||
if (mbits <= 0) return 0;
|
||||
if (mbits > 32) mbits = 32;
|
||||
a1 >>= (32-mbits);
|
||||
a2 >>= (32-mbits);
|
||||
@ -1369,8 +1371,8 @@ tor_addr_is_multicast(const tor_addr_t *a)
|
||||
* connects to the Internet. This address should only be used in checking
|
||||
* whether our address has changed. Return 0 on success, -1 on failure.
|
||||
*/
|
||||
int
|
||||
get_interface_address6(int severity, sa_family_t family, tor_addr_t *addr)
|
||||
MOCK_IMPL(int,
|
||||
get_interface_address6,(int severity, sa_family_t family, tor_addr_t *addr))
|
||||
{
|
||||
/* XXX really, this function should yield a smartlist of addresses. */
|
||||
smartlist_t *addrs;
|
||||
@ -1699,8 +1701,8 @@ tor_dup_ip(uint32_t addr)
|
||||
* checking whether our address has changed. Return 0 on success, -1 on
|
||||
* failure.
|
||||
*/
|
||||
int
|
||||
get_interface_address(int severity, uint32_t *addr)
|
||||
MOCK_IMPL(int,
|
||||
get_interface_address,(int severity, uint32_t *addr))
|
||||
{
|
||||
tor_addr_t local_addr;
|
||||
int r;
|
||||
|
@ -1,6 +1,6 @@
|
||||
/* Copyright (c) 2003-2004, Roger Dingledine
|
||||
* Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
|
||||
* Copyright (c) 2007-2014, The Tor Project, Inc. */
|
||||
* Copyright (c) 2007-2015, The Tor Project, Inc. */
|
||||
/* See LICENSE for licensing information */
|
||||
|
||||
/**
|
||||
@ -159,7 +159,8 @@ char *tor_dup_addr(const tor_addr_t *addr) ATTR_MALLOC;
|
||||
const char *fmt_addr_impl(const tor_addr_t *addr, int decorate);
|
||||
const char *fmt_addrport(const tor_addr_t *addr, uint16_t port);
|
||||
const char * fmt_addr32(uint32_t addr);
|
||||
int get_interface_address6(int severity, sa_family_t family, tor_addr_t *addr);
|
||||
MOCK_DECL(int,get_interface_address6,(int severity, sa_family_t family,
|
||||
tor_addr_t *addr));
|
||||
|
||||
/** Flag to specify how to do a comparison between addresses. In an "exact"
|
||||
* comparison, addresses are equivalent only if they are in the same family
|
||||
@ -236,7 +237,7 @@ int addr_mask_get_bits(uint32_t mask);
|
||||
#define INET_NTOA_BUF_LEN 16
|
||||
int tor_inet_ntoa(const struct in_addr *in, char *buf, size_t buf_len);
|
||||
char *tor_dup_ip(uint32_t addr) ATTR_MALLOC;
|
||||
int get_interface_address(int severity, uint32_t *addr);
|
||||
MOCK_DECL(int,get_interface_address,(int severity, uint32_t *addr));
|
||||
|
||||
tor_addr_port_t *tor_addr_port_new(const tor_addr_t *addr, uint16_t port);
|
||||
|
||||
|
@ -1,7 +1,7 @@
|
||||
/* Copyright (c) 2001, Matej Pfajfar.
|
||||
* Copyright (c) 2001-2004, Roger Dingledine.
|
||||
* Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
|
||||
* Copyright (c) 2007-2014, The Tor Project, Inc. */
|
||||
* Copyright (c) 2007-2015, The Tor Project, Inc. */
|
||||
/* See LICENSE for licensing information */
|
||||
|
||||
/**
|
||||
|
@ -1,6 +1,6 @@
|
||||
/* Copyright (c) 2003, Roger Dingledine
|
||||
* Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
|
||||
* Copyright (c) 2007-2014, The Tor Project, Inc. */
|
||||
* Copyright (c) 2007-2015, The Tor Project, Inc. */
|
||||
/* See LICENSE for licensing information */
|
||||
|
||||
/* Implements a minimal interface to counter-mode AES. */
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* Copyright (c) 2013-2014, The Tor Project, Inc. */
|
||||
/* Copyright (c) 2013-2015, The Tor Project, Inc. */
|
||||
/* See LICENSE for licensing information */
|
||||
|
||||
#define __USE_GNU
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* Copyright (c) 2013-2014, The Tor Project, Inc. */
|
||||
/* Copyright (c) 2013-2015, The Tor Project, Inc. */
|
||||
/* See LICENSE for licensing information */
|
||||
|
||||
#ifndef TOR_BACKTRACE_H
|
||||
|
@ -1,6 +1,6 @@
|
||||
/* Copyright (c) 2003-2004, Roger Dingledine
|
||||
* Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
|
||||
* Copyright (c) 2007-2014, The Tor Project, Inc. */
|
||||
* Copyright (c) 2007-2015, The Tor Project, Inc. */
|
||||
/* See LICENSE for licensing information */
|
||||
|
||||
/**
|
||||
@ -2198,9 +2198,20 @@ get_environment(void)
|
||||
#endif
|
||||
}
|
||||
|
||||
/** Set *addr to the IP address (in dotted-quad notation) stored in c.
|
||||
* Return 1 on success, 0 if c is badly formatted. (Like inet_aton(c,addr),
|
||||
* but works on Windows and Solaris.)
|
||||
/** Get name of current host and write it to <b>name</b> array, whose
|
||||
* length is specified by <b>namelen</b> argument. Return 0 upon
|
||||
* successfull completion; otherwise return return -1. (Currently,
|
||||
* this function is merely a mockable wrapper for POSIX gethostname().)
|
||||
*/
|
||||
MOCK_IMPL(int,
|
||||
tor_gethostname,(char *name, size_t namelen))
|
||||
{
|
||||
return gethostname(name,namelen);
|
||||
}
|
||||
|
||||
/** Set *addr to the IP address (in dotted-quad notation) stored in *str.
|
||||
* Return 1 on success, 0 if *str is badly formatted.
|
||||
* (Like inet_aton(str,addr), but works on Windows and Solaris.)
|
||||
*/
|
||||
int
|
||||
tor_inet_aton(const char *str, struct in_addr* addr)
|
||||
@ -2420,8 +2431,9 @@ tor_inet_pton(int af, const char *src, void *dst)
|
||||
* (This function exists because standard windows gethostbyname
|
||||
* doesn't treat raw IP addresses properly.)
|
||||
*/
|
||||
int
|
||||
tor_lookup_hostname(const char *name, uint32_t *addr)
|
||||
|
||||
MOCK_IMPL(int,
|
||||
tor_lookup_hostname,(const char *name, uint32_t *addr))
|
||||
{
|
||||
tor_addr_t myaddr;
|
||||
int ret;
|
||||
|
@ -1,6 +1,6 @@
|
||||
/* Copyright (c) 2003-2004, Roger Dingledine
|
||||
* Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
|
||||
* Copyright (c) 2007-2014, The Tor Project, Inc. */
|
||||
* Copyright (c) 2007-2015, The Tor Project, Inc. */
|
||||
/* See LICENSE for licensing information */
|
||||
|
||||
#ifndef TOR_COMPAT_H
|
||||
@ -532,10 +532,11 @@ struct sockaddr_in6 {
|
||||
};
|
||||
#endif
|
||||
|
||||
MOCK_DECL(int,tor_gethostname,(char *name, size_t namelen));
|
||||
int tor_inet_aton(const char *cp, struct in_addr *addr) ATTR_NONNULL((1,2));
|
||||
const char *tor_inet_ntop(int af, const void *src, char *dst, size_t len);
|
||||
int tor_inet_pton(int af, const char *src, void *dst);
|
||||
int tor_lookup_hostname(const char *name, uint32_t *addr) ATTR_NONNULL((1,2));
|
||||
MOCK_DECL(int,tor_lookup_hostname,(const char *name, uint32_t *addr));
|
||||
int set_socket_nonblocking(tor_socket_t socket);
|
||||
int tor_socketpair(int family, int type, int protocol, tor_socket_t fd[2]);
|
||||
int network_init(void);
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* Copyright (c) 2009-2014, The Tor Project, Inc. */
|
||||
/* Copyright (c) 2009-2015, The Tor Project, Inc. */
|
||||
/* See LICENSE for licensing information */
|
||||
|
||||
/**
|
||||
@ -146,13 +146,25 @@ tor_evsignal_new(struct event_base * base, int sig,
|
||||
{
|
||||
return tor_event_new(base, sig, EV_SIGNAL|EV_PERSIST, cb, arg);
|
||||
}
|
||||
/** Work-alike replacement for event_free() on pre-Libevent-2.0 systems. */
|
||||
/** Work-alike replacement for event_free() on pre-Libevent-2.0 systems,
|
||||
* except tolerate tor_event_free(NULL). */
|
||||
void
|
||||
tor_event_free(struct event *ev)
|
||||
{
|
||||
if (ev == NULL)
|
||||
return;
|
||||
event_del(ev);
|
||||
tor_free(ev);
|
||||
}
|
||||
#else
|
||||
/* Wrapper for event_free() that tolerates tor_event_free(NULL) */
|
||||
void
|
||||
tor_event_free(struct event *ev)
|
||||
{
|
||||
if (ev == NULL)
|
||||
return;
|
||||
event_free(ev);
|
||||
}
|
||||
#endif
|
||||
|
||||
/** Global event base for use by the main thread. */
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* Copyright (c) 2009-2014, The Tor Project, Inc. */
|
||||
/* Copyright (c) 2009-2015, The Tor Project, Inc. */
|
||||
/* See LICENSE for licensing information */
|
||||
|
||||
#ifndef TOR_COMPAT_LIBEVENT_H
|
||||
@ -28,11 +28,9 @@ void suppress_libevent_log_msg(const char *msg);
|
||||
#define tor_event_new event_new
|
||||
#define tor_evtimer_new evtimer_new
|
||||
#define tor_evsignal_new evsignal_new
|
||||
#define tor_event_free event_free
|
||||
#define tor_evdns_add_server_port(sock, tcp, cb, data) \
|
||||
evdns_add_server_port_with_base(tor_libevent_get_base(), \
|
||||
(sock),(tcp),(cb),(data));
|
||||
|
||||
#else
|
||||
struct event *tor_event_new(struct event_base * base, evutil_socket_t sock,
|
||||
short what, void (*cb)(evutil_socket_t, short, void *), void *arg);
|
||||
@ -40,10 +38,11 @@ struct event *tor_evtimer_new(struct event_base * base,
|
||||
void (*cb)(evutil_socket_t, short, void *), void *arg);
|
||||
struct event *tor_evsignal_new(struct event_base * base, int sig,
|
||||
void (*cb)(evutil_socket_t, short, void *), void *arg);
|
||||
void tor_event_free(struct event *ev);
|
||||
#define tor_evdns_add_server_port evdns_add_server_port
|
||||
#endif
|
||||
|
||||
void tor_event_free(struct event *ev);
|
||||
|
||||
typedef struct periodic_timer_t periodic_timer_t;
|
||||
|
||||
periodic_timer_t *periodic_timer_new(struct event_base *base,
|
||||
|
@ -1,6 +1,6 @@
|
||||
/* Copyright (c) 2003-2004, Roger Dingledine
|
||||
* Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
|
||||
* Copyright (c) 2007-2014, The Tor Project, Inc. */
|
||||
* Copyright (c) 2007-2015, The Tor Project, Inc. */
|
||||
/* See LICENSE for licensing information */
|
||||
|
||||
/**
|
||||
|
@ -1,6 +1,6 @@
|
||||
/* Copyright (c) 2003-2004, Roger Dingledine
|
||||
* Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
|
||||
* Copyright (c) 2007-2014, The Tor Project, Inc. */
|
||||
* Copyright (c) 2007-2015, The Tor Project, Inc. */
|
||||
/* See LICENSE for licensing information */
|
||||
|
||||
#ifndef TOR_CONTAINER_H
|
||||
|
@ -1,7 +1,7 @@
|
||||
/* Copyright (c) 2001, Matej Pfajfar.
|
||||
* Copyright (c) 2001-2004, Roger Dingledine.
|
||||
* Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
|
||||
* Copyright (c) 2007-2014, The Tor Project, Inc. */
|
||||
* Copyright (c) 2007-2015, The Tor Project, Inc. */
|
||||
/* See LICENSE for licensing information */
|
||||
|
||||
/**
|
||||
@ -1293,7 +1293,7 @@ crypto_pk_asn1_decode(const char *str, size_t len)
|
||||
* Return 0 on success, -1 on failure.
|
||||
*/
|
||||
int
|
||||
crypto_pk_get_digest(crypto_pk_t *pk, char *digest_out)
|
||||
crypto_pk_get_digest(const crypto_pk_t *pk, char *digest_out)
|
||||
{
|
||||
unsigned char *buf = NULL;
|
||||
int len;
|
||||
@ -2752,6 +2752,8 @@ base64_decode(char *dest, size_t destlen, const char *src, size_t srclen)
|
||||
if (destlen > SIZE_T_CEILING)
|
||||
return -1;
|
||||
|
||||
memset(dest, 0, destlen);
|
||||
|
||||
EVP_DecodeInit(&ctx);
|
||||
EVP_DecodeUpdate(&ctx, (unsigned char*)dest, &len,
|
||||
(unsigned char*)src, srclen);
|
||||
@ -2773,6 +2775,8 @@ base64_decode(char *dest, size_t destlen, const char *src, size_t srclen)
|
||||
if (destlen > SIZE_T_CEILING)
|
||||
return -1;
|
||||
|
||||
memset(dest, 0, destlen);
|
||||
|
||||
/* Iterate over all the bytes in src. Each one will add 0 or 6 bits to the
|
||||
* value we're decoding. Accumulate bits in <b>n</b>, and whenever we have
|
||||
* 24 bits, batch them into 3 bytes and flush those bytes to dest.
|
||||
@ -2952,6 +2956,8 @@ base32_decode(char *dest, size_t destlen, const char *src, size_t srclen)
|
||||
tor_assert((nbits/8) <= destlen); /* We need enough space. */
|
||||
tor_assert(destlen < SIZE_T_CEILING);
|
||||
|
||||
memset(dest, 0, destlen);
|
||||
|
||||
/* Convert base32 encoded chars to the 5-bit values that they represent. */
|
||||
tmp = tor_malloc_zero(srclen);
|
||||
for (j = 0; j < srclen; ++j) {
|
||||
|
@ -1,7 +1,7 @@
|
||||
/* Copyright (c) 2001, Matej Pfajfar.
|
||||
* Copyright (c) 2001-2004, Roger Dingledine.
|
||||
* Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
|
||||
* Copyright (c) 2007-2014, The Tor Project, Inc. */
|
||||
* Copyright (c) 2007-2015, The Tor Project, Inc. */
|
||||
/* See LICENSE for licensing information */
|
||||
|
||||
/**
|
||||
@ -180,7 +180,7 @@ int crypto_pk_private_hybrid_decrypt(crypto_pk_t *env, char *to,
|
||||
|
||||
int crypto_pk_asn1_encode(crypto_pk_t *pk, char *dest, size_t dest_len);
|
||||
crypto_pk_t *crypto_pk_asn1_decode(const char *str, size_t len);
|
||||
int crypto_pk_get_digest(crypto_pk_t *pk, char *digest_out);
|
||||
int crypto_pk_get_digest(const crypto_pk_t *pk, char *digest_out);
|
||||
int crypto_pk_get_all_digests(crypto_pk_t *pk, digests_t *digests_out);
|
||||
int crypto_pk_get_fingerprint(crypto_pk_t *pk, char *fp_out,int add_space);
|
||||
int crypto_pk_get_hashed_fingerprint(crypto_pk_t *pk, char *fp_out);
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* Copyright (c) 2012-2014, The Tor Project, Inc. */
|
||||
/* Copyright (c) 2012-2015, The Tor Project, Inc. */
|
||||
/* See LICENSE for licensing information */
|
||||
|
||||
/* Wrapper code for a curve25519 implementation. */
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* Copyright (c) 2012-2014, The Tor Project, Inc. */
|
||||
/* Copyright (c) 2012-2015, The Tor Project, Inc. */
|
||||
/* See LICENSE for licensing information */
|
||||
|
||||
#ifndef TOR_CRYPTO_CURVE25519_H
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* Copyright (c) 2013-2014, The Tor Project, Inc. */
|
||||
/* Copyright (c) 2013-2015, The Tor Project, Inc. */
|
||||
/* See LICENSE for licensing information */
|
||||
|
||||
/* Wrapper code for an ed25519 implementation. */
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* Copyright (c) 2012-2014, The Tor Project, Inc. */
|
||||
/* Copyright (c) 2012-2015, The Tor Project, Inc. */
|
||||
/* See LICENSE for licensing information */
|
||||
|
||||
#ifndef TOR_CRYPTO_ED25519_H
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* Copyright (c) 2012-2014, The Tor Project, Inc. */
|
||||
/* Copyright (c) 2012-2015, The Tor Project, Inc. */
|
||||
/* See LICENSE for licensing information */
|
||||
|
||||
/* Formatting and parsing code for crypto-related data structures. */
|
||||
|
@ -1,7 +1,7 @@
|
||||
/* Copyright (c) 2001, Matej Pfajfar.
|
||||
* Copyright (c) 2001-2004, Roger Dingledine.
|
||||
* Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
|
||||
* Copyright (c) 2007-2014, The Tor Project, Inc. */
|
||||
* Copyright (c) 2007-2015, The Tor Project, Inc. */
|
||||
/* See LICENSE for licensing information */
|
||||
|
||||
#define CRYPTO_S2K_PRIVATE
|
||||
|
@ -1,7 +1,7 @@
|
||||
/* Copyright (c) 2001, Matej Pfajfar.
|
||||
* Copyright (c) 2001-2004, Roger Dingledine.
|
||||
* Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
|
||||
* Copyright (c) 2007-2014, The Tor Project, Inc. */
|
||||
* Copyright (c) 2007-2015, The Tor Project, Inc. */
|
||||
/* See LICENSE for licensing information */
|
||||
|
||||
#ifndef TOR_CRYPTO_S2K_H_INCLUDED
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* Copyright (c) 2011-2014, The Tor Project, Inc. */
|
||||
/* Copyright (c) 2011-2015, The Tor Project, Inc. */
|
||||
/* See LICENSE for licensing information */
|
||||
|
||||
/**
|
||||
|
@ -1,6 +1,6 @@
|
||||
/* Copyright (c) 2003-2004, Roger Dingledine
|
||||
* Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
|
||||
* Copyright (c) 2007-2014, The Tor Project, Inc. */
|
||||
* Copyright (c) 2007-2015, The Tor Project, Inc. */
|
||||
/* See LICENSE for licensing information */
|
||||
|
||||
/**
|
||||
|
@ -1,7 +1,7 @@
|
||||
/* Copyright (c) 2001, Matej Pfajfar.
|
||||
* Copyright (c) 2001-2004, Roger Dingledine.
|
||||
* Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
|
||||
* Copyright (c) 2007-2014, The Tor Project, Inc. */
|
||||
* Copyright (c) 2007-2015, The Tor Project, Inc. */
|
||||
/* See LICENSE for licensing information */
|
||||
|
||||
/**
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* Copyright (c) 2008-2014, The Tor Project, Inc. */
|
||||
/* Copyright (c) 2008-2015, The Tor Project, Inc. */
|
||||
/* See LICENSE for licensing information */
|
||||
|
||||
/** \file memarea.c
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* Copyright (c) 2008-2014, The Tor Project, Inc. */
|
||||
/* Copyright (c) 2008-2015, The Tor Project, Inc. */
|
||||
/* See LICENSE for licensing information */
|
||||
/* Tor dependencies */
|
||||
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* Copyright (c) 2007-2014, The Tor Project, Inc. */
|
||||
/* Copyright (c) 2007-2015, The Tor Project, Inc. */
|
||||
/* See LICENSE for licensing information */
|
||||
#if 1
|
||||
/* Tor dependencies */
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* Copyright (c) 2007-2014, The Tor Project, Inc. */
|
||||
/* Copyright (c) 2007-2015, The Tor Project, Inc. */
|
||||
/* See LICENSE for licensing information */
|
||||
|
||||
/**
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* Copyright (c) 2011-2014, The Tor Project, Inc. */
|
||||
/* Copyright (c) 2011-2015, The Tor Project, Inc. */
|
||||
/* See LICENSE for licensing information */
|
||||
|
||||
/**
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* Copyright (c) 2011-2014, The Tor Project, Inc. */
|
||||
/* Copyright (c) 2011-2015, The Tor Project, Inc. */
|
||||
/* See LICENSE for licensing information */
|
||||
|
||||
/**
|
||||
|
@ -1,7 +1,7 @@
|
||||
/* Copyright (c) 2001 Matej Pfajfar.
|
||||
* Copyright (c) 2001-2004, Roger Dingledine.
|
||||
* Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
|
||||
* Copyright (c) 2007-2014, The Tor Project, Inc. */
|
||||
* Copyright (c) 2007-2015, The Tor Project, Inc. */
|
||||
/* See LICENSE for licensing information */
|
||||
|
||||
/**
|
||||
@ -58,6 +58,16 @@
|
||||
#include <time.h>
|
||||
#include <poll.h>
|
||||
|
||||
#ifdef HAVE_LINUX_NETFILTER_IPV4_H
|
||||
#include <linux/netfilter_ipv4.h>
|
||||
#endif
|
||||
#ifdef HAVE_LINUX_IF_H
|
||||
#include <linux/if.h>
|
||||
#endif
|
||||
#ifdef HAVE_LINUX_NETFILTER_IPV6_IP6_TABLES_H
|
||||
#include <linux/netfilter_ipv6/ip6_tables.h>
|
||||
#endif
|
||||
|
||||
#if defined(HAVE_EXECINFO_H) && defined(HAVE_BACKTRACE) && \
|
||||
defined(HAVE_BACKTRACE_SYMBOLS_FD) && defined(HAVE_SIGACTION)
|
||||
#define USE_BACKTRACE
|
||||
@ -634,6 +644,22 @@ sb_getsockopt(scmp_filter_ctx ctx, sandbox_cfg_t *filter)
|
||||
if (rc)
|
||||
return rc;
|
||||
|
||||
#ifdef HAVE_LINUX_NETFILTER_IPV4_H
|
||||
rc = seccomp_rule_add_2(ctx, SCMP_ACT_ALLOW, SCMP_SYS(getsockopt),
|
||||
SCMP_CMP(1, SCMP_CMP_EQ, SOL_IP),
|
||||
SCMP_CMP(2, SCMP_CMP_EQ, SO_ORIGINAL_DST));
|
||||
if (rc)
|
||||
return rc;
|
||||
#endif
|
||||
|
||||
#ifdef HAVE_LINUX_NETFILTER_IPV6_IP6_TABLES_H
|
||||
rc = seccomp_rule_add_2(ctx, SCMP_ACT_ALLOW, SCMP_SYS(getsockopt),
|
||||
SCMP_CMP(1, SCMP_CMP_EQ, SOL_IPV6),
|
||||
SCMP_CMP(2, SCMP_CMP_EQ, IP6T_SO_ORIGINAL_DST));
|
||||
if (rc)
|
||||
return rc;
|
||||
#endif
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
@ -1309,6 +1335,13 @@ sandbox_disable_getaddrinfo_cache(void)
|
||||
sandbox_getaddrinfo_cache_disabled = 1;
|
||||
}
|
||||
|
||||
void
|
||||
sandbox_freeaddrinfo(struct addrinfo *ai)
|
||||
{
|
||||
if (sandbox_getaddrinfo_cache_disabled)
|
||||
freeaddrinfo(ai);
|
||||
}
|
||||
|
||||
int
|
||||
sandbox_getaddrinfo(const char *name, const char *servname,
|
||||
const struct addrinfo *hints,
|
||||
|
@ -1,7 +1,7 @@
|
||||
/* Copyright (c) 2001 Matej Pfajfar.
|
||||
* Copyright (c) 2001-2004, Roger Dingledine.
|
||||
* Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
|
||||
* Copyright (c) 2007-2014, The Tor Project, Inc. */
|
||||
* Copyright (c) 2007-2015, The Tor Project, Inc. */
|
||||
/* See LICENSE for licensing information */
|
||||
|
||||
/**
|
||||
@ -115,7 +115,7 @@ struct addrinfo;
|
||||
int sandbox_getaddrinfo(const char *name, const char *servname,
|
||||
const struct addrinfo *hints,
|
||||
struct addrinfo **res);
|
||||
#define sandbox_freeaddrinfo(addrinfo) ((void)0)
|
||||
void sandbox_freeaddrinfo(struct addrinfo *addrinfo);
|
||||
void sandbox_free_getaddrinfo_cache(void);
|
||||
#else
|
||||
#define sandbox_getaddrinfo(name, servname, hints, res) \
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* Copyright (c) 2013-2014, The Tor Project, Inc. */
|
||||
/* Copyright (c) 2013-2015, The Tor Project, Inc. */
|
||||
/* See LICENSE for licensing information */
|
||||
|
||||
#ifndef TOR_TESTSUPPORT_H
|
||||
@ -20,8 +20,8 @@
|
||||
*
|
||||
* and implement it as:
|
||||
*
|
||||
* MOCK_IMPL(void
|
||||
* writebuf,(size_t n, char *buf)
|
||||
* MOCK_IMPL(void,
|
||||
* writebuf,(size_t n, char *buf))
|
||||
* {
|
||||
* ...
|
||||
* }
|
||||
|
@ -1,6 +1,6 @@
|
||||
/* Copyright (c) 2004, Roger Dingledine.
|
||||
* Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
|
||||
* Copyright (c) 2007-2014, The Tor Project, Inc. */
|
||||
* Copyright (c) 2007-2015, The Tor Project, Inc. */
|
||||
/* See LICENSE for licensing information */
|
||||
|
||||
/**
|
||||
@ -92,10 +92,27 @@ tor_zlib_get_header_version_str(void)
|
||||
|
||||
/** Return the 'bits' value to tell zlib to use <b>method</b>.*/
|
||||
static INLINE int
|
||||
method_bits(compress_method_t method)
|
||||
method_bits(compress_method_t method, zlib_compression_level_t level)
|
||||
{
|
||||
/* Bits+16 means "use gzip" in zlib >= 1.2 */
|
||||
return method == GZIP_METHOD ? 15+16 : 15;
|
||||
const int flag = method == GZIP_METHOD ? 16 : 0;
|
||||
switch (level) {
|
||||
default:
|
||||
case HIGH_COMPRESSION: return flag + 15;
|
||||
case MEDIUM_COMPRESSION: return flag + 13;
|
||||
case LOW_COMPRESSION: return flag + 11;
|
||||
}
|
||||
}
|
||||
|
||||
static INLINE int
|
||||
get_memlevel(zlib_compression_level_t level)
|
||||
{
|
||||
switch (level) {
|
||||
default:
|
||||
case HIGH_COMPRESSION: return 8;
|
||||
case MEDIUM_COMPRESSION: return 7;
|
||||
case LOW_COMPRESSION: return 6;
|
||||
}
|
||||
}
|
||||
|
||||
/** @{ */
|
||||
@ -162,8 +179,9 @@ tor_gzip_compress(char **out, size_t *out_len,
|
||||
stream->avail_in = (unsigned int)in_len;
|
||||
|
||||
if (deflateInit2(stream, Z_BEST_COMPRESSION, Z_DEFLATED,
|
||||
method_bits(method),
|
||||
8, Z_DEFAULT_STRATEGY) != Z_OK) {
|
||||
method_bits(method, HIGH_COMPRESSION),
|
||||
get_memlevel(HIGH_COMPRESSION),
|
||||
Z_DEFAULT_STRATEGY) != Z_OK) {
|
||||
log_warn(LD_GENERAL, "Error from deflateInit2: %s",
|
||||
stream->msg?stream->msg:"<no message>");
|
||||
goto err;
|
||||
@ -289,7 +307,7 @@ tor_gzip_uncompress(char **out, size_t *out_len,
|
||||
stream->avail_in = (unsigned int)in_len;
|
||||
|
||||
if (inflateInit2(stream,
|
||||
method_bits(method)) != Z_OK) {
|
||||
method_bits(method, HIGH_COMPRESSION)) != Z_OK) {
|
||||
log_warn(LD_GENERAL, "Error from inflateInit2: %s",
|
||||
stream->msg?stream->msg:"<no message>");
|
||||
goto err;
|
||||
@ -315,7 +333,8 @@ tor_gzip_uncompress(char **out, size_t *out_len,
|
||||
log_warn(LD_BUG, "Error freeing gzip structures");
|
||||
goto err;
|
||||
}
|
||||
if (inflateInit2(stream, method_bits(method)) != Z_OK) {
|
||||
if (inflateInit2(stream,
|
||||
method_bits(method,HIGH_COMPRESSION)) != Z_OK) {
|
||||
log_warn(LD_GENERAL, "Error from second inflateInit2: %s",
|
||||
stream->msg?stream->msg:"<no message>");
|
||||
goto err;
|
||||
@ -426,10 +445,11 @@ struct tor_zlib_state_t {
|
||||
* <b>compress</b>, it's for compression; otherwise it's for
|
||||
* decompression. */
|
||||
tor_zlib_state_t *
|
||||
tor_zlib_new(int compress, compress_method_t method)
|
||||
tor_zlib_new(int compress, compress_method_t method,
|
||||
zlib_compression_level_t compression_level)
|
||||
{
|
||||
tor_zlib_state_t *out;
|
||||
int bits;
|
||||
int bits, memlevel;
|
||||
|
||||
if (method == GZIP_METHOD && !is_gzip_supported()) {
|
||||
/* Old zlib version don't support gzip in inflateInit2 */
|
||||
@ -437,21 +457,29 @@ tor_zlib_new(int compress, compress_method_t method)
|
||||
return NULL;
|
||||
}
|
||||
|
||||
if (! compress) {
|
||||
/* use this setting for decompression, since we might have the
|
||||
* max number of window bits */
|
||||
compression_level = HIGH_COMPRESSION;
|
||||
}
|
||||
|
||||
out = tor_malloc_zero(sizeof(tor_zlib_state_t));
|
||||
out->stream.zalloc = Z_NULL;
|
||||
out->stream.zfree = Z_NULL;
|
||||
out->stream.opaque = NULL;
|
||||
out->compress = compress;
|
||||
bits = method_bits(method);
|
||||
bits = method_bits(method, compression_level);
|
||||
memlevel = get_memlevel(compression_level);
|
||||
if (compress) {
|
||||
if (deflateInit2(&out->stream, Z_BEST_COMPRESSION, Z_DEFLATED,
|
||||
bits, 8, Z_DEFAULT_STRATEGY) != Z_OK)
|
||||
bits, memlevel,
|
||||
Z_DEFAULT_STRATEGY) != Z_OK)
|
||||
goto err;
|
||||
} else {
|
||||
if (inflateInit2(&out->stream, bits) != Z_OK)
|
||||
goto err;
|
||||
}
|
||||
out->allocation = tor_zlib_state_size_precalc(!compress, bits, 8);
|
||||
out->allocation = tor_zlib_state_size_precalc(!compress, bits, memlevel);
|
||||
|
||||
total_zlib_allocation += out->allocation;
|
||||
|
||||
|
@ -1,6 +1,6 @@
|
||||
/* Copyright (c) 2003, Roger Dingledine
|
||||
* Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
|
||||
* Copyright (c) 2007-2014, The Tor Project, Inc. */
|
||||
* Copyright (c) 2007-2015, The Tor Project, Inc. */
|
||||
/* See LICENSE for licensing information */
|
||||
|
||||
/**
|
||||
@ -19,6 +19,15 @@ typedef enum {
|
||||
NO_METHOD=0, GZIP_METHOD=1, ZLIB_METHOD=2, UNKNOWN_METHOD=3
|
||||
} compress_method_t;
|
||||
|
||||
/**
|
||||
* Enumeration to define tradeoffs between memory usage and compression level.
|
||||
* HIGH_COMPRESSION saves the most bandwidth; LOW_COMPRESSION saves the most
|
||||
* memory.
|
||||
**/
|
||||
typedef enum {
|
||||
HIGH_COMPRESSION, MEDIUM_COMPRESSION, LOW_COMPRESSION
|
||||
} zlib_compression_level_t;
|
||||
|
||||
int
|
||||
tor_gzip_compress(char **out, size_t *out_len,
|
||||
const char *in, size_t in_len,
|
||||
@ -47,7 +56,8 @@ typedef enum {
|
||||
} tor_zlib_output_t;
|
||||
/** Internal state for an incremental zlib compression/decompression. */
|
||||
typedef struct tor_zlib_state_t tor_zlib_state_t;
|
||||
tor_zlib_state_t *tor_zlib_new(int compress, compress_method_t method);
|
||||
tor_zlib_state_t *tor_zlib_new(int compress, compress_method_t method,
|
||||
zlib_compression_level_t level);
|
||||
|
||||
tor_zlib_output_t tor_zlib_process(tor_zlib_state_t *state,
|
||||
char **out, size_t *out_len,
|
||||
|
@ -1,6 +1,6 @@
|
||||
/* Copyright (c) 2003, Roger Dingledine
|
||||
* Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
|
||||
* Copyright (c) 2007-2014, The Tor Project, Inc. */
|
||||
* Copyright (c) 2007-2015, The Tor Project, Inc. */
|
||||
/* See LICENSE for licensing information */
|
||||
|
||||
/**
|
||||
@ -191,6 +191,10 @@ typedef unsigned __int64 uint64_t;
|
||||
#endif
|
||||
#endif
|
||||
|
||||
#ifndef INT64_MIN
|
||||
#define INT64_MIN ((- INT64_MAX) - 1)
|
||||
#endif
|
||||
|
||||
#ifndef SIZE_MAX
|
||||
#if SIZEOF_SIZE_T == 8
|
||||
#define SIZE_MAX UINT64_MAX
|
||||
|
@ -1,7 +1,7 @@
|
||||
/* Copyright (c) 2001, Matej Pfajfar.
|
||||
* Copyright (c) 2001-2004, Roger Dingledine.
|
||||
* Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
|
||||
* Copyright (c) 2007-2014, The Tor Project, Inc. */
|
||||
* Copyright (c) 2007-2015, The Tor Project, Inc. */
|
||||
/* See LICENSE for licensing information */
|
||||
|
||||
/**
|
||||
|
@ -1,6 +1,6 @@
|
||||
/* Copyright (c) 2003, Roger Dingledine.
|
||||
* Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
|
||||
* Copyright (c) 2007-2014, The Tor Project, Inc. */
|
||||
* Copyright (c) 2007-2015, The Tor Project, Inc. */
|
||||
/* See LICENSE for licensing information */
|
||||
|
||||
/**
|
||||
|
@ -1,6 +1,6 @@
|
||||
/* Copyright (c) 2003, Roger Dingledine
|
||||
* Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
|
||||
* Copyright (c) 2007-2014, The Tor Project, Inc. */
|
||||
* Copyright (c) 2007-2015, The Tor Project, Inc. */
|
||||
/* See LICENSE for licensing information */
|
||||
|
||||
#ifndef TOR_TORTLS_H
|
||||
|
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue
Block a user