Merge commit 'debian-tor-0.2.2.5-alpha-1'

5 files changed, 150 insertions, 4 deletions

diff --git a/debian/changelog b/debian/changelog
index 16eb6d5bad..45b6b910f0 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,19 @@
+tor (0.2.2.5-alpha-1) experimental; urgency=low
+
+  * New upstream version.
+  * Pick 0a58567ce3418f410cf1dd0143dd3e56b4a4bd1f from master git tree:
+    - work with libssl that has renegotiation disabled by default.
+    (debian/patches/0a58567c-work-with-reneg-ssl.dpatch)
+  * Therefore build-depend on libssl-dev >= 0.9.8k-6.  If we build against
+    earlier versions we will not work once libssl gets upgraded to a version
+    that disabled renegotiations.
+  * Change order of recommends from privoxy | polipo to polipo | privoxy.
+  * Allegedly echo -e is a bashism.  Remove it from debian/rules, we don't
+    need it anyways (closes: #478631).
+  * Change the dependency on tsocks to torsocks | tsocks (see: #554717).
+
+ -- Peter Palfrader <weasel@debian.org>  Sun, 15 Nov 2009 11:04:02 +0100
+
 tor (0.2.2.4-alpha-1) experimental; urgency=low
 
   * New upstream version.
diff --git a/debian/control b/debian/control
index 79ba422307..a2d7332a5c 100644
--- a/debian/control
+++ b/debian/control
@@ -2,15 +2,15 @@ Source: tor
 Section: comm
 Priority: optional
 Maintainer: Peter Palfrader <weasel@debian.org>
-Build-Depends: debhelper (>= 5), libssl-dev, dpatch, zlib1g-dev, libevent-dev (>= 1.1), texlive-base-bin, texlive-latex-base, texlive-fonts-recommended, transfig, ghostscript, binutils (>= 2.14.90.0.7)
+Build-Depends: debhelper (>= 5), libssl-dev (>= 0.9.8k-6), dpatch, zlib1g-dev, libevent-dev (>= 1.1), texlive-base-bin, texlive-latex-base, texlive-fonts-recommended, transfig, ghostscript, binutils (>= 2.14.90.0.7)
 Standards-Version: 3.8.1
 Homepage: https://www.torproject.org/
 
 Package: tor
 Architecture: any
-Depends: ${shlibs:Depends}, adduser, tsocks
+Depends: ${shlibs:Depends}, adduser, torsocks | tsocks
 Conflicts: libssl0.9.8 (<< 0.9.8g-9)
-Recommends: privoxy | polipo (>= 1), socat, logrotate, tor-geoipdb
+Recommends: polipo (>= 1) | privoxy, socat, logrotate, tor-geoipdb
 Suggests: mixmaster, mixminion, anon-proxy
 Description: anonymizing overlay network for TCP
  Tor is a connection-based low-latency anonymous communication system which
diff --git a/debian/patches/00list b/debian/patches/00list
index 9260bb7ed5..63c52165c8 100644
--- a/debian/patches/00list
+++ b/debian/patches/00list
@@ -3,3 +3,4 @@
 06_add_compile_time_defaults.dpatch
 07_log_to_file_by_default.dpatch
 14_fix_geoip_warning
+0a58567c-work-with-reneg-ssl.dpatch
diff --git a/debian/patches/0a58567c-work-with-reneg-ssl.dpatch b/debian/patches/0a58567c-work-with-reneg-ssl.dpatch
new file mode 100644
index 0000000000..886e2d18ae
--- /dev/null
+++ b/debian/patches/0a58567c-work-with-reneg-ssl.dpatch
@@ -0,0 +1,129 @@
+#! /bin/sh -e
+
+if [ $# -lt 1 ]; then
+    echo "`basename $0`: script expects -patch|-unpatch as argument" >&2
+    exit 1
+fi
+
+[ -f debian/patches/00patch-opts ] && . debian/patches/00patch-opts
+patch_opts="${patch_opts:--f --no-backup-if-mismatch} ${2:+-d $2}"
+
+case "$1" in
+    -patch) patch -p1 ${patch_opts} < $0;;
+    -unpatch) patch -R -p1 ${patch_opts} < $0;;
+    *)
+        echo "`basename $0`: script expects -patch|-unpatch as argument" >&2
+        exit 1;;
+esac
+
+exit 0
+
+#diff --git a/ChangeLog b/ChangeLog
+#index 0109ff5..679d576 100644
+#--- a/ChangeLog
+#+++ b/ChangeLog
+#@@ -311,6 +311,12 @@ Changes in version 0.2.2.1-alpha - 2009-08-26
+# 
+# 
+# Changes in Version 0.2.1.21 - 20??-??-??
+#+  o Major bugfixes:
+#+    - Work around a security feature in OpenSSL 0.9.8l that prevents our
+#+      handshake from working unless we explicitly tell OpenSSL that we are
+#+      using SSL renegotiation safely.  We are, of course, but OpenSSL
+#+      0.9.8l won't work unless we say we are.
+#+
+#   o Minor bugfixes:
+#     - Do not refuse to learn about authority certs and v2 networkstatus
+#       documents that are older than the latest consensus.  This bug might
+@DPATCH@
+diff --git a/src/common/tortls.c b/src/common/tortls.c
+index 6e09325..ff49ecf 100644
+--- a/src/common/tortls.c
++++ b/src/common/tortls.c
+@@ -154,6 +154,7 @@ static X509* tor_tls_create_certificate(crypto_pk_env_t *rsa,
+                                         const char *cname,
+                                         const char *cname_sign,
+                                         unsigned int lifetime);
++static void tor_tls_unblock_renegotiation(tor_tls_t *tls);
+ 
+ /** Global tls context. We keep it here because nobody else needs to
+  * touch it. */
+@@ -927,6 +928,36 @@ tor_tls_set_renegotiate_callback(tor_tls_t *tls,
+ #endif
+ }
+ 
++/** If this version of openssl requires it, turn on renegotiation on
++ * <b>tls</b>.  (Our protocol never requires this for security, but it's nice
++ * to use belt-and-suspenders here.)
++ */
++static void
++tor_tls_unblock_renegotiation(tor_tls_t *tls)
++{
++#ifdef SSL3_FLAGS_ALLOW_UNSAFE_LEGACY_RENEGOTIATION
++  /* Yes, we know what we are doing here.  No, we do not treat a renegotiation
++   * as authenticating any earlier-received data. */
++  tls->ssl->s3->flags |= SSL3_FLAGS_ALLOW_UNSAFE_LEGACY_RENEGOTIATION;
++#else
++  (void)tls;
++#endif
++}
++
++/** If this version of openssl supports it, turn off renegotiation on
++ * <b>tls</b>.  (Our protocol never requires this for security, but it's nice
++ * to use belt-and-suspenders here.)
++ */
++void
++tor_tls_block_renegotiation(tor_tls_t *tls)
++{
++#ifdef SSL3_FLAGS_ALLOW_UNSAFE_LEGACY_RENEGOTIATION
++  tls->ssl->s3->flags &= ~SSL3_FLAGS_ALLOW_UNSAFE_LEGACY_RENEGOTIATION;
++#else
++  (void)tls;
++#endif
++}
++
+ /** Return whether this tls initiated the connect (client) or
+  * received it (server). */
+ int
+@@ -1058,6 +1089,9 @@ tor_tls_handshake(tor_tls_t *tls)
+   if (oldstate != tls->ssl->state)
+     log_debug(LD_HANDSHAKE, "After call, %p was in state %s",
+               tls, ssl_state_to_string(tls->ssl->state));
++  /* We need to call this here and not earlier, since OpenSSL has a penchant
++   * for clearing its flags when you say accept or connect. */
++  tor_tls_unblock_renegotiation(tls);
+   r = tor_tls_get_error(tls,r,0, "handshaking", LOG_INFO, LD_HANDSHAKE);
+   if (ERR_peek_error() != 0) {
+     tls_log_errors(tls, tls->isServer ? LOG_INFO : LOG_WARN, LD_HANDSHAKE,
+diff --git a/src/common/tortls.h b/src/common/tortls.h
+index d006909..871fec3 100644
+--- a/src/common/tortls.h
++++ b/src/common/tortls.h
+@@ -65,6 +65,7 @@ int tor_tls_read(tor_tls_t *tls, char *cp, size_t len);
+ int tor_tls_write(tor_tls_t *tls, const char *cp, size_t n);
+ int tor_tls_handshake(tor_tls_t *tls);
+ int tor_tls_renegotiate(tor_tls_t *tls);
++void tor_tls_block_renegotiation(tor_tls_t *tls);
+ int tor_tls_shutdown(tor_tls_t *tls);
+ int tor_tls_get_pending_bytes(tor_tls_t *tls);
+ size_t tor_tls_get_forced_write_size(tor_tls_t *tls);
+diff --git a/src/or/connection_or.c b/src/or/connection_or.c
+index c3d35e1..bbd6439 100644
+--- a/src/or/connection_or.c
++++ b/src/or/connection_or.c
+@@ -799,6 +799,7 @@ connection_or_tls_renegotiated_cb(tor_tls_t *tls, void *_conn)
+ 
+   /* Don't invoke this again. */
+   tor_tls_set_renegotiate_callback(tls, NULL, NULL);
++  tor_tls_block_renegotiation(tls);
+ 
+   if (connection_tls_finish_handshake(conn) < 0) {
+     /* XXXX_TLS double-check that it's ok to do this from inside read. */
+@@ -1045,6 +1046,7 @@ connection_tls_finish_handshake(or_connection_t *conn)
+       connection_or_init_conn_from_address(conn, &conn->_base.addr,
+                                            conn->_base.port, digest_rcvd, 0);
+     }
++    tor_tls_block_renegotiation(conn->tls);
+     return connection_or_set_state_open(conn);
+   } else {
+     conn->_base.state = OR_CONN_STATE_OR_HANDSHAKING;
diff --git a/debian/rules b/debian/rules
index dc12c16943..28d7359521 100755
--- a/debian/rules
+++ b/debian/rules
@@ -103,7 +103,7 @@ build-stamp:  config.status
 			make check; \
 		fi; \
 	else \
-		echo -e "\n\nSkipping unittests\n\n"; \
+		echo; echo; echo "Skipping unittests"; echo; \
 	fi
 	@echo