Commit Graph

12253 Commits

Author SHA1 Message Date
Jacob Appelbaum
04fa935e02 Add support for gcc compiler/linker hardening flags.
This patch adds support for two new configure options:
    '--enable-gcc-hardening'
    This sets CFLAGS to include:
        "-D_FORTIFY_SOURCE=2 -fstack-protector-all"
        "-fwrapv -fPIE -Wstack-protector -Wformat -Wformat-security"
        "-Wpointer-sign"
    It sets LDFLAGS to include:
        "-pie"

    '--enable-linker-hardening'
    This sets LDFLAGS to include:
        " -z relro -z now"
2010-05-07 16:15:26 +02:00
Roger Dingledine
89bb5fbce6 Merge branch 'maint-0.2.1' 2010-05-06 07:18:44 -04:00
Roger Dingledine
befcc84f43 move to maxmind geoip db 2010-05-06 07:15:22 -04:00
Roger Dingledine
c7114568c2 Merge branch 'maint-0.2.1' 2010-05-05 03:23:25 -04:00
Roger Dingledine
aec1daaed3 release notes entry for 0.2.1.26 2010-05-05 03:19:41 -04:00
Roger Dingledine
c359f10e29 bump to 0.2.2.13-alpha-dev 2010-05-05 03:12:33 -04:00
Roger Dingledine
ec3f576fbe put the blurb in 0.2.2.13-alpha 2010-05-05 03:12:26 -04:00
Sebastian Hahn
b3b2a57bbf Clarify the implications of the "Address" option
Fixes bug 1381
2010-05-02 00:38:22 +02:00
Sebastian Hahn
41c0d52810 check-speces is a typo. 2010-04-27 19:01:08 +02:00
Nick Mathewson
0c030b0b2f Merge branch 'hacking' 2010-04-27 12:29:03 -04:00
Nick Mathewson
8ec5f939a6 Add new sections to the HACKING file
The main changes are to explain how we use git branches, how we use
changes files, and what should go into a patch.  Putting these in
HACKING means that we shouldn't need to constantly refer to the or-dev
emails where we explain this stuff.
2010-04-27 12:24:35 -04:00
Roger Dingledine
feb8c1b5f6 bump to 0.2.2.13-alpha 2010-04-24 05:43:43 -04:00
Roger Dingledine
8afc7d563d prepare the 0.2.2.13-alpha changelog 2010-04-23 20:59:20 -04:00
Roger Dingledine
09be26dc51 Merge branch 'maint-0.2.1' 2010-04-23 20:44:31 -04:00
Roger Dingledine
95bc91cfc3 windows packaging cleanups from phobos 2010-04-23 20:43:40 -04:00
Roger Dingledine
e7bd97493c Merge branch 'maint-0.2.1' 2010-04-23 20:26:23 -04:00
Roger Dingledine
67b38d5068 close idle tls conns early 2010-04-23 20:23:00 -04:00
Roger Dingledine
b3019c6d2b Merge branch 'maint-0.2.1' 2010-04-23 19:46:29 -04:00
Roger Dingledine
45ab6959c9 blurbs for two recent alphas 2010-04-23 19:42:34 -04:00
Roger Dingledine
b264192083 finally get rid of "clique mode" 2010-04-23 19:39:42 -04:00
Roger Dingledine
cb31978adb close idle dir-fetch circs early 2010-04-23 18:35:11 -04:00
Roger Dingledine
573e1d40b3 finally get rid of "clique mode" 2010-04-21 21:35:18 -04:00
Roger Dingledine
6952b445cc stop authority reachability check on startup 2010-04-21 04:27:56 -04:00
Roger Dingledine
4f307e0382 immediate reachability check for new relays 2010-04-21 03:12:14 -04:00
Roger Dingledine
7231e289dd windows packaging cleanups from phobos 2010-04-20 20:17:28 -04:00
Roger Dingledine
92a6ae2b8d more logging when tracking missing descriptors 2010-04-20 18:02:23 -04:00
Roger Dingledine
2c1900ee5e bump to 0.2.2.12-alpha-dev 2010-04-20 17:56:28 -04:00
Roger Dingledine
3d8879a04d merge in the bug 1364 fix 2010-04-20 03:59:23 -04:00
Sebastian Hahn
0b82ce3eb6 Demote a warning about missing client ciphers 2010-04-20 03:57:33 -04:00
Roger Dingledine
18678e5f1e bump to 0.2.2.12-alpha 2010-04-20 03:56:15 -04:00
Roger Dingledine
ea6cdafee5 prepare for 0.2.2.12-alpha 2010-04-20 03:53:07 -04:00
Roger Dingledine
eaf5487d95 fetch descriptors from the authority that told us about them 2010-04-20 03:20:31 -04:00
Roger Dingledine
2e692bd8c9 fetch unknown descriptors if we see them in a vote 2010-04-20 03:03:33 -04:00
Roger Dingledine
77babb832a minor cleanups 2010-04-20 02:48:35 -04:00
Nick Mathewson
f2c30e97cc Switch geoip_get_request_history to asprintf; fix bug 1365 2010-04-20 01:09:40 -04:00
Roger Dingledine
de4a49adc2 fix "Got a certificate for ?? that we already have"
what's happening here is that we're fetching certs for obsolete
authorities -- probably legacy signers in this case. but try to
remain general in the log message.
2010-04-19 18:35:57 -04:00
Nick Mathewson
6ff471d814 Fix a compilation warning on compat_libevent.c on some versions of windows libevent 2010-04-19 16:41:25 -04:00
Nick Mathewson
e3cd535c7c Move the declaration of bandwidth_rate_rule_to_string
It's natural for the definition of bandwidth_rule_t to be with the functions
that actually care about its values.  Unfortunately, this means declaring
bandwidth_rate_rule_to_string() out of sequence.  Someday we'll just rename
reasons.c to strings.c, and put it at the end of or.h, and this will all be
better.
2010-04-19 16:39:29 -04:00
Nick Mathewson
af9dd4af02 Fix two compile-blockers in tor_vasprintf().
1) mingw doesn't have _vscprintf(); mingw instead has a working snprintf.

2) windows compilers that _do_ have a working _vscprintf spell it so; they do
   not spell it _vcsprintf().
2010-04-19 16:37:26 -04:00
Roger Dingledine
84924fcd30 bump to 0.2.2.11-alpha-dev 2010-04-19 06:09:06 -04:00
Roger Dingledine
c9573cf50b parameterize update_consensus_router_descriptor_downloads 2010-04-19 04:40:45 -04:00
Nick Mathewson
b92ef5fa0e Convert HACKING file to asciidoc: I am tired of re-numbering the sections. 2010-04-16 12:58:13 -04:00
Roger Dingledine
9cde5a4629 bump to 0.2.2.11-alpha 2010-04-15 11:02:31 -04:00
Roger Dingledine
eafbc3caa1 gather together the 0.2.2.11-alpha changelog 2010-04-15 10:48:33 -04:00
Nick Mathewson
c38fa93ad1 Merge commit 'origin/maint-0.2.1' 2010-04-15 10:35:09 -04:00
Roger Dingledine
c29977ce00 simplify a path in networkstatus 2010-04-15 10:13:35 -04:00
Sebastian Hahn
71fb687ddd Add --enable-static-zlib option
Works like the --enable-static-openssl/libevent options. Requires
--with-zlib-dir to be set. Note that other dependencies might still
pull in a dynamicly linked zlib, if you don't link them in statically
too.
2010-04-14 19:28:21 +02:00
Nick Mathewson
6ad09cc6af Fix renegotiation on OpenSSL versions that backport RFC5746.
Our code assumed that any version of OpenSSL before 0.9.8l could not
possibly require SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION.  This is
so... except that many vendors have backported the flag from later
versions of openssl when they backported the RFC5476 renegotiation
feature.

The new behavior is particularly annoying to detect.  Previously,
leaving SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION unset meant that
clients would fail to renegotiate.  People noticed that one fast!
Now, OpenSSL's RFC5476 support means that clients will happily talk to
any servers there are, but servers won't accept renegotiation requests
from unpatched clients unless SSL_OP_ALLOW_etc is set.  More fun:
servers send back a "no renegotiation for you!" error, which unpatched
clients respond to by stalling, and generally producing no useful
error message.

This might not be _the_ cause of bug 1346, but it is quite likely _a_
cause for bug 1346.
2010-04-13 15:05:03 -04:00
Nick Mathewson
fe57aab283 Merge branch 'correct_halflife' 2010-04-13 13:37:33 -04:00
Nick Mathewson
96a0edf373 Rename CircPriorityHalflifeMsec to CircuitPriorityHalflifeMsec
Everything that accepted the 'Circ' name handled it wrong, so even now
that we fixed the handling of the parameter, we wouldn't be able to
set it without making all the 0.2.2.7..0.2.2.10 relays act wonky.
This patch makes Tors accept the 'Circuit' name instead, so we can
turn on circuit priorities without confusing the versions that treated
the 'Circ' name as occasion to act weird.
2010-04-13 13:29:30 -04:00