Commit Graph

864 Commits

Author SHA1 Message Date
Nick Mathewson
5da517e689 Bump version. (This is not yet the release.) 2016-02-04 10:07:06 -05:00
Nick Mathewson
551dba3290 Bump master to 0.2.8.0-alpha-dev 2015-09-25 09:27:39 -04:00
Nick Mathewson
4ce9b8f1ec Bump to 0.2.7.3-rc-dev 2015-09-25 09:26:35 -04:00
Nick Mathewson
744f8c8277 Increment version. 2015-09-24 12:19:33 -04:00
Nick Mathewson
cedc651deb Bump version to 0.2.7.2-alpha-dev 2015-07-27 13:59:49 -04:00
Nick Mathewson
a8accd55f2 Bump version (and explain how) 2015-07-23 13:48:13 -04:00
Nick Mathewson
0a329a7a05 Merge remote-tracking branch 'public/bug16162_026' 2015-07-20 11:01:58 -04:00
Nick Mathewson
6632a731fd Use a more recommended syntax for the systemd unit file
closes 16162.
2015-07-20 11:01:34 -04:00
Nick Mathewson
9d1801b4b9 Bump maint-0.2.6 to 0.2.6.10-dev 2015-07-12 16:37:20 -04:00
Nick Mathewson
3d0c09019f Bump maint-0.2.6 to 0.2.6.10 2015-07-12 13:33:47 -04:00
Andrea Shepard
1eb2c0cbd3 Bump version to 0.2.6.9 2015-06-10 15:02:04 +00:00
teor
3879c10162 Tweak clang sanitizer blacklist for out-of-tree builds, make, ccache
Avoid using file names and file paths for compatibility with
out-of-tree builds.

Note make and ccache don't track blacklist dependencies,
add workarounds.
2015-06-11 00:59:04 +10:00
teor
7f3b15a8ec Edit contrib/README to document the contrib/clang directory 2015-06-06 07:56:41 +10:00
teor
bc0a9843e5 Add instructions for clang sanitizers, static analyzer, and coverity
Document use of coverity, clang static analyzer, and clang dynamic
undefined behavior and address sanitizers in doc/HACKING.

Add clang dynamic sanitizer blacklist in
contrib/clang/sanitizer_blacklist.txt to exempt known undefined
behavior. Include detailed usage instructions in this blacklist file.

Patch by "teor".
2015-06-06 04:04:23 +10:00
Nick Mathewson
9fee289d24 Revert the broken part of 548b4be
Fixes 16152.
2015-05-21 13:18:51 -04:00
Nick Mathewson
b3a225fb13 Bump maint-0.2.6 to 0.2.6.8 2015-05-19 14:48:09 -04:00
Nick Mathewson
95a9920461 Bump version to 0.2.7.1-alpha-dev 2015-05-12 11:54:06 -04:00
Nick Mathewson
101fc13b99 Bump version to 0.2.7.1-alpha. (This is not the release yet.) 2015-05-11 10:10:29 -04:00
Nick Mathewson
f620b8f032 bump version to 0.2.6.7-dev 2015-04-06 10:02:59 -04:00
Nick Mathewson
eb41214dba bump version to 0.2.6.7 2015-04-06 10:00:30 -04:00
Nick Mathewson
dfd6cf9ea2 bump to 0.2.6.6 2015-03-24 10:23:34 -04:00
Nick Mathewson
ca03b10b0c bump to 0.2.6.5-rc.dev 2015-03-18 16:32:13 -04:00
Nick Mathewson
77c671b7dd bump to 0.2.6.5-rc 2015-03-18 09:10:48 -04:00
Nick Mathewson
548b4be163 Forward-port changelog and releasenotes 2015-03-17 10:54:38 -04:00
Nick Mathewson
0f628d6560 Added a comment to tor.service.in
This explains that if you change your torrc to do more, you might
need to change tor.service.in to allow it.  See #15195.
2015-03-12 13:11:53 -04:00
Nick Mathewson
99b59dee70 bump 0.2.6 to 0.2.6.4-rc-dev 2015-03-10 08:20:47 -04:00
Nick Mathewson
e49d63a7ce Bump master to 0.2.7 2015-02-24 10:31:05 -05:00
Nick Mathewson
5334bcd7e3 bump version to 0.2.6.3-alpha-dev 2015-02-19 17:20:40 -05:00
Nick Mathewson
cef802a041 Increment version to 0.2.6.3-alpha 2015-02-19 10:05:08 -05:00
Nick Mathewson
2dac77c041 Actually remove LOCALSTATEDIR@/run/tor line from tor.service.in 2015-01-11 20:49:19 -05:00
Nick Mathewson
96a407a243 systemd changes for 13805 as recommened by Tomasz on that ticket. 2015-01-11 11:26:08 -05:00
Nick Mathewson
c98e075ebc Merge remote-tracking branch 'candrews/issue13805' 2015-01-11 11:24:48 -05:00
Tomasz Torcz
a8999acc3b fix and enable systemd watchdog
There were following problems:
  - configure.ac wrongly checked for defined HAVE_SYSTEMD; this
    wasn't working, so the watchdog code was not compiled in.
    Replace library search with explicit version check
  - sd_notify() watchdog call was unsetting NOTIFY_SOCKET from env;
    this means only first "watchdog ping" was delivered, each
    subsequent one did not have socket to be sent to and systemd
    was killing service
  - after those fixes, enable Watchdog in systemd unit with one
    minute intervals
2015-01-11 11:14:32 -05:00
Tomasz Torcz
b17918726d send PID of the main daemon to supervisor
If running under systemd, notify the supervisor about current PID
of Tor daemon.  This makes systemd unit simpler and more robust:
it will do the right thing regardless of RunAsDaemon settings.
2015-01-11 11:14:08 -05:00
Nick Mathewson
563bb1ad81 Bump version to 0.2.6.2-alpha-dev 2014-12-31 13:24:12 -05:00
Nick Mathewson
a4193252e9 bump the version to 0.2.6.2-alpha 2014-12-31 08:58:26 -05:00
Craig Andrews
5bdf12ca8a Add ProtectSystem = full
See 13805
2014-11-28 12:41:23 -05:00
Craig Andrews
0c73bcd3ba Prefix ReadWriteDirectories with a "-" so if they don't exist it's not an error
See 13805
2014-11-28 12:38:40 -05:00
Craig Andrews
9c933b3635 Use ProtectHome instead of InaccessibleDirectories
See 13805
2014-11-28 12:36:56 -05:00
Craig Andrews
1ac3b74405 Use PrivateDevices instead of DeviceAllow
See 13805
2014-11-28 12:36:17 -05:00
Nick Mathewson
98ac48785b Bump version to 0.2.6.1-alpha-dev 2014-10-30 10:25:24 -04:00
Nick Mathewson
d8ced3b473 Bump version to 0.2.6.1-alpha 2014-10-30 08:58:58 -04:00
intrigeri
da384090f7 systemd unit file: set up /var/run/tor as writable for the Tor service.
For some strange reason, this was not needed with systemd v208.
But it's needed with systemd v215 on current Debian sid, and entirely
makes sense.
2014-09-19 16:10:39 +00:00
Nick Mathewson
54348201f7 Merge remote-tracking branch 'intrigeri/bug12939-systemd-no-new-privileges'
Conflicts:
	contrib/dist/tor.service.in
2014-09-03 13:29:43 -04:00
Nick Mathewson
f58cdb3be7 Merge remote-tracking branch 'intrigeri/bug12751-systemd-filesystem-sandbox' 2014-09-03 13:28:46 -04:00
intrigeri
b4170421cc systemd unit file: ensures that the process and all its children can never gain
new privileges (#12939).
2014-08-27 03:18:26 +00:00
intrigeri
c9f30c4512 systemd unit file: only allow tor to write to /var/lib/tor and /var/log/tor (#12751).
The rest of the filesystem is accessible for reading only. Still, quoting
systemd.exec(5):

  Note that restricting access with these options does not extend to submounts
  of a directory that are created later on.
2014-08-27 03:13:53 +00:00
Nick Mathewson
0edb9b0492 Merge remote-tracking branch 'origin/maint-0.2.5' 2014-07-30 14:18:11 -04:00
Nick Mathewson
74a8555d2b Merge remote-tracking branch 'intrigeri/bug12731-systemd-no-run-as-daemon' into maint-0.2.5
Conflicts:
	contrib/dist/tor.service.in
2014-07-30 14:00:21 -04:00
Nick Mathewson
88590ed3a6 Merge remote-tracking branch 'intrigeri/bug12730-systemd-verify-config' into maint-0.2.5 2014-07-30 13:59:39 -04:00