Merge branch 'maint-0.2.6' into release-0.2.6

12 files changed, 52 insertions, 7 deletions

diff --git a/changes/bug16030 b/changes/bug16030
new file mode 100644
index 0000000000..c14fd62303
--- /dev/null
+++ b/changes/bug16030
@@ -0,0 +1,3 @@
+  o Minor bugfixes (tests):
+    - Fix a crash in the unit tests on MSVC2013.  Fixes bug 16030; bugfix on
+      0.2.6.2-alpha.  Patch from "NewEraCracker".
\ No newline at end of file
diff --git a/changes/bug16164 b/changes/bug16164
new file mode 100644
index 0000000000..fbb383c26d
--- /dev/null
+++ b/changes/bug16164
@@ -0,0 +1,4 @@
+  o Minor bugfixes (compilation):
+    - Build with --enable-systemd correctly when libsystemd is installed,
+      but systemd is not. Fixes bug 16164, bugfix on 0.2.6.3-alpha. Patch
+      from Peter Palfrader.
diff --git a/changes/bug16212 b/changes/bug16212
new file mode 100644
index 0000000000..bc1246376d
--- /dev/null
+++ b/changes/bug16212
@@ -0,0 +1,5 @@
+  o Minor bugfixes (sandbox, systemd):
+    - Allow systemd connections to work with the Linux seccomp2 sandbox
+      code.  Fixes bug 16212; bugfix on 0.2.6.2-alpha.
+      Patch by Peter Palfrader.
+
diff --git a/changes/bug16244 b/changes/bug16244
new file mode 100644
index 0000000000..00bc557983
--- /dev/null
+++ b/changes/bug16244
@@ -0,0 +1,7 @@
+  o Minor bugfixes (sandbox, relay):
+    - Fix sandboxing to work when running as a relay again.  This
+      includes correctly allowing renaming secret_id_key and
+      allowing the eventfd2 and futex syscalls.
+      Fixes bug 16244; bugfix on 0.2.6.1-alpha.
+      Patch by Peter Palfrader.
+
diff --git a/changes/bug16247 b/changes/bug16247
new file mode 100644
index 0000000000..9464b1cb24
--- /dev/null
+++ b/changes/bug16247
@@ -0,0 +1,5 @@
+  o Minor bugfixes (client-side privacy):
+    - Properly separate out each SOCKSPort when applying stream isolation.
+      The error occured because each port's session group was being
+      overwritten by a default value. Fixes bug 16247; bugfix on
+      0.2.6.3-alpha. Patch by "jojelino".
diff --git a/changes/ticket8243 b/changes/ticket8243
new file mode 100644
index 0000000000..8946a21a59
--- /dev/null
+++ b/changes/ticket8243
@@ -0,0 +1,7 @@
+  o Minor feature:
+    - The HSDir flag given by authorities now requires the Stable flag. For
+      the current network, this results in going from 2887 to 2806 HSDirs.
+      Also, it makes it harder for an attacker to launch a sybil attack by
+      raising the effort for a relay to become Stable which takes at the
+      very least 7 days to do so and by keeping the 96 hours uptime
+      requirement for HSDir. Implements ticket #8243.
diff --git a/configure.ac b/configure.ac
index 81ef2c7649..156bb3f548 100644
--- a/configure.ac
+++ b/configure.ac
@@ -131,7 +131,7 @@ if test x$have_systemd = xyes; then
     AC_DEFINE(HAVE_SYSTEMD,1,[Have systemd])
     TOR_SYSTEMD_CFLAGS="${SYSTEMD_CFLAGS}"
     TOR_SYSTEMD_LIBS="${SYSTEMD_LIBS}"
-    PKG_CHECK_MODULES(SYSTEMD209, [systemd >= 209],
+    PKG_CHECK_MODULES(LIBSYSTEMD209, [libsystemd >= 209],
          [AC_DEFINE(HAVE_SYSTEMD_209,1,[Have systemd v209 or more])], [])
 fi
 AC_SUBST(TOR_SYSTEMD_CFLAGS)
diff --git a/src/common/sandbox.c b/src/common/sandbox.c
index 49316c6193..cdb4521c82 100644
--- a/src/common/sandbox.c
+++ b/src/common/sandbox.c
@@ -129,11 +129,13 @@ static int filter_nopar_gen[] = {
     SCMP_SYS(clone),
     SCMP_SYS(epoll_create),
     SCMP_SYS(epoll_wait),
+    SCMP_SYS(eventfd2),
     SCMP_SYS(fcntl),
     SCMP_SYS(fstat),
 #ifdef __NR_fstat64
     SCMP_SYS(fstat64),
 #endif
+    SCMP_SYS(futex),
     SCMP_SYS(getdents64),
     SCMP_SYS(getegid),
 #ifdef __NR_getegid32
@@ -170,6 +172,7 @@ static int filter_nopar_gen[] = {
     SCMP_SYS(read),
     SCMP_SYS(rt_sigreturn),
     SCMP_SYS(sched_getaffinity),
+    SCMP_SYS(sendmsg),
     SCMP_SYS(set_robust_list),
 #ifdef __NR_sigreturn
     SCMP_SYS(sigreturn),
@@ -547,6 +550,15 @@ sb_socket(scmp_filter_ctx ctx, sandbox_cfg_t *filter)
       SCMP_CMP(0, SCMP_CMP_EQ, PF_UNIX),
       SCMP_CMP_MASKED(1, SOCK_CLOEXEC|SOCK_NONBLOCK, SOCK_STREAM),
       SCMP_CMP(2, SCMP_CMP_EQ, 0));
+  if (rc)
+    return rc;
+
+  rc = seccomp_rule_add_3(ctx, SCMP_ACT_ALLOW, SCMP_SYS(socket),
+      SCMP_CMP(0, SCMP_CMP_EQ, PF_UNIX),
+      SCMP_CMP_MASKED(1, SOCK_CLOEXEC|SOCK_NONBLOCK, SOCK_DGRAM),
+      SCMP_CMP(2, SCMP_CMP_EQ, 0));
+  if (rc)
+    return rc;
 
   rc = seccomp_rule_add_3(ctx, SCMP_ACT_ALLOW, SCMP_SYS(socket),
       SCMP_CMP(0, SCMP_CMP_EQ, PF_NETLINK),
diff --git a/src/or/connection.c b/src/or/connection.c
index 7db0238b3d..721ee20d27 100644
--- a/src/or/connection.c
+++ b/src/or/connection.c
@@ -1284,6 +1284,8 @@ connection_listener_new(const struct sockaddr *listensockaddr,
   conn->port = gotPort;
   tor_addr_copy(&conn->addr, &addr);
 
+  memcpy(&lis_conn->entry_cfg, &port_cfg->entry_cfg, sizeof(entry_port_cfg_t));
+
   if (port_cfg->entry_cfg.isolation_flags) {
     lis_conn->entry_cfg.isolation_flags = port_cfg->entry_cfg.isolation_flags;
     if (port_cfg->entry_cfg.session_group >= 0) {
@@ -1299,8 +1301,6 @@ connection_listener_new(const struct sockaddr *listensockaddr,
     }
   }
 
-  memcpy(&lis_conn->entry_cfg, &port_cfg->entry_cfg, sizeof(entry_port_cfg_t));
-
   if (type != CONN_TYPE_AP_LISTENER) {
     lis_conn->entry_cfg.ipv4_traffic = 1;
     lis_conn->entry_cfg.ipv6_traffic = 1;
diff --git a/src/or/dirserv.c b/src/or/dirserv.c
index a024be8342..65bfafba6c 100644
--- a/src/or/dirserv.c
+++ b/src/or/dirserv.c
@@ -1278,8 +1278,9 @@ dirserv_thinks_router_is_unreliable(time_t now,
 }
 
 /** Return true iff <b>router</b> should be assigned the "HSDir" flag.
- * Right now this means it advertises support for it, it has a high
- * uptime, it has a DirPort open, and it's currently considered Running.
+ * Right now this means it advertises support for it, it has a high uptime,
+ * it has a DirPort open, it has the Stable flag and it's currently
+ * considered Running.
  *
  * This function needs to be called after router-\>is_running has
  * been set.
@@ -1306,6 +1307,7 @@ dirserv_thinks_router_is_hs_dir(const routerinfo_t *router,
     uptime = real_uptime(router, now);
 
   return (router->wants_to_be_hs_dir && router->dir_port &&
+          node->is_stable &&
           uptime >= get_options()->MinUptimeHidServDirectoryV2 &&
           router_is_active(router, node, now));
 }
diff --git a/src/or/main.c b/src/or/main.c
index d0fe8cbc00..8aa9a15fc5 100644
--- a/src/or/main.c
+++ b/src/or/main.c
@@ -2984,7 +2984,7 @@ sandbox_init_filter(void)
   // orport
   if (server_mode(get_options())) {
 
-    OPEN_DATADIR2_SUFFIX("keys", "secret_id_key", "tmp");
+    OPEN_DATADIR2_SUFFIX("keys", "secret_id_key", ".tmp");
     OPEN_DATADIR2_SUFFIX("keys", "secret_onion_key", ".tmp");
     OPEN_DATADIR2_SUFFIX("keys", "secret_onion_key_ntor", ".tmp");
     OPEN_DATADIR2("keys", "secret_id_key.old");
diff --git a/src/test/test_channel.c b/src/test/test_channel.c
index 6cf66493a8..e11ac3f3cc 100644
--- a/src/test/test_channel.c
+++ b/src/test/test_channel.c
@@ -420,6 +420,7 @@ new_fake_channel(void)
 
   chan->close = chan_test_close;
   chan->get_overhead_estimate = chan_test_get_overhead_estimate;
+  chan->get_remote_descr = chan_test_get_remote_descr;
   chan->num_bytes_queued = chan_test_num_bytes_queued;
   chan->num_cells_writeable = chan_test_num_cells_writeable;
   chan->write_cell = chan_test_write_cell;
@@ -615,7 +616,6 @@ test_channel_dumpstats(void *arg)
   /* Test channel_dump_statistics */
   ch->describe_transport = chan_test_describe_transport;
   ch->dumpstats = chan_test_dumpstats;
-  ch->get_remote_descr = chan_test_get_remote_descr;
   ch->is_canonical = chan_test_is_canonical;
   old_count = test_dumpstats_calls;
   channel_dump_statistics(ch, LOG_DEBUG);