aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--.gitignore11
-rw-r--r--ChangeLog258
-rw-r--r--Doxyfile.in6
-rw-r--r--Makefile.am69
-rw-r--r--ReleaseNotes1112
-rw-r--r--acinclude.m42
-rw-r--r--changes/151883
-rw-r--r--changes/bug114546
-rw-r--r--changes/bug114575
-rw-r--r--changes/bug137365
-rw-r--r--changes/bug140184
-rw-r--r--changes/bug148063
-rw-r--r--changes/bug14848_redux5
-rw-r--r--changes/bug149223
-rw-r--r--changes/bug149503
-rw-r--r--changes/bug149804
-rw-r--r--changes/bug14987b-doc4
-rw-r--r--changes/bug149884
-rw-r--r--changes/bug149894
-rw-r--r--changes/bug149948
-rw-r--r--changes/bug150033
-rw-r--r--changes/bug150334
-rw-r--r--changes/bug150374
-rw-r--r--changes/bug150534
-rw-r--r--changes/bug150644
-rw-r--r--changes/bug1508310
-rw-r--r--changes/bug150884
-rw-r--r--changes/bug151513
-rw-r--r--changes/bug152055
-rw-r--r--changes/bug152116
-rw-r--r--changes/bug152406
-rw-r--r--changes/bug152455
-rw-r--r--changes/bug152697
-rw-r--r--changes/bug152963
-rw-r--r--changes/bug154364
-rw-r--r--changes/bug9495_redux4
-rw-r--r--changes/coverage6
-rw-r--r--changes/feature150064
-rw-r--r--changes/feature150265
-rw-r--r--changes/feature151803
-rw-r--r--changes/feature154355
-rw-r--r--changes/feature154715
-rw-r--r--changes/geoip-march20153
-rw-r--r--changes/geoip6-march20153
-rw-r--r--changes/no_digests5
-rw-r--r--changes/remove_old_version_checks5
-rw-r--r--changes/test-memwipe3
-rw-r--r--changes/ticket144873
-rw-r--r--changes/ticket1471010
-rw-r--r--changes/ticket150244
-rw-r--r--changes/ticket151763
-rw-r--r--changes/ticket152126
-rw-r--r--changes/ticket154316
-rw-r--r--configure.ac73
-rw-r--r--contrib/dist/tor.service.in20
-rw-r--r--contrib/win32build/tor-mingw.nsi.in2
-rw-r--r--doc/HACKING11
-rw-r--r--doc/include.am4
-rw-r--r--doc/tor.1.txt26
-rw-r--r--[-rwxr-xr-x]scripts/maint/checkOptionDocs.pl.in (renamed from scripts/maint/checkOptionDocs.pl)8
-rwxr-xr-xscripts/maint/lintChanges.py20
-rwxr-xr-xscripts/maint/updateVersions.pl.in (renamed from scripts/maint/updateVersions.pl)6
-rw-r--r--src/common/address.c99
-rw-r--r--src/common/address.h3
-rw-r--r--src/common/aes.c2
-rw-r--r--src/common/compat.c20
-rw-r--r--src/common/compat.h10
-rw-r--r--src/common/compat_pthreads.c11
-rw-r--r--src/common/crypto.c281
-rw-r--r--src/common/crypto.h4
-rw-r--r--src/common/include.am27
-rw-r--r--src/common/log.c26
-rw-r--r--src/common/tortls.c4
-rw-r--r--src/common/util.c109
-rw-r--r--src/common/util.h14
-rw-r--r--src/common/util_codedigest.c13
-rw-r--r--src/ext/eventdns.c2
-rw-r--r--src/or/buffers.c4
-rw-r--r--src/or/config.c99
-rw-r--r--src/or/config.h1
-rw-r--r--src/or/config_codedigest.c13
-rw-r--r--src/or/connection.c4
-rw-r--r--src/or/control.c6
-rw-r--r--src/or/control.h23
-rw-r--r--src/or/dns.c2
-rw-r--r--src/or/entrynodes.c70
-rw-r--r--src/or/include.am66
-rw-r--r--src/or/main.c9
-rw-r--r--src/or/or.h7
-rw-r--r--src/or/rendcommon.c1
-rw-r--r--src/or/rendservice.c7
-rw-r--r--src/or/routerlist.c5
-rw-r--r--src/or/routerparse.c11
-rw-r--r--src/or/routerparse.h1
-rw-r--r--src/or/transports.c5
-rw-r--r--src/test/include.am29
-rw-r--r--src/test/test-memwipe.c204
-rwxr-xr-xsrc/test/test-network.sh2
-rw-r--r--src/test/test_address.c176
-rwxr-xr-xsrc/test/test_cmdline_args.py311
-rw-r--r--src/test/test_controller_events.c99
-rw-r--r--src/test/test_entrynodes.c3
-rw-r--r--src/test/test_util.c21
-rw-r--r--src/test/test_util_slow.c2
-rw-r--r--src/test/test_workqueue.c4
-rw-r--r--src/test/testing_common.c2
-rw-r--r--src/tools/include.am28
-rw-r--r--src/tools/tor-checkkey.c2
-rw-r--r--src/tools/tor-gencert.c4
-rw-r--r--src/tools/tor-resolve.c4
-rw-r--r--src/trunnel/include.am2
-rw-r--r--src/win32/orconfig.h2
112 files changed, 2547 insertions, 1151 deletions
diff --git a/.gitignore b/.gitignore
index 0cdf2c4e61..912b06e2c5 100644
--- a/.gitignore
+++ b/.gitignore
@@ -110,6 +110,10 @@ cscope.*
/doc/spec/Makefile
/doc/spec/Makefile.in
+# /scripts
+/scripts/maint/checkOptionDocs.pl
+/scripts/maint/updateVersions.pl
+
# /src/
/src/Makefile
/src/Makefile.in
@@ -117,7 +121,6 @@ cscope.*
# /src/common/
/src/common/Makefile
/src/common/Makefile.in
-/src/common/common_sha1.i
/src/common/libor.a
/src/common/libor-testing.a
/src/common/libor.lib
@@ -145,7 +148,6 @@ cscope.*
# /src/or/
/src/or/Makefile
/src/or/Makefile.in
-/src/or/or_sha1.i
/src/or/tor
/src/or/tor.exe
/src/or/tor-cov
@@ -163,6 +165,7 @@ cscope.*
/src/test/test-slow
/src/test/test-bt-cl
/src/test/test-child
+/src/test/test-memwipe
/src/test/test-ntor-cl
/src/test/test_workqueue
/src/test/test.exe
@@ -175,10 +178,14 @@ cscope.*
# /src/tools/
/src/tools/tor-checkkey
/src/tools/tor-resolve
+/src/tools/tor-cov-resolve
/src/tools/tor-gencert
+/src/tools/tor-cov-gencert
/src/tools/tor-checkkey.exe
/src/tools/tor-resolve.exe
+/src/tools/tor-cov-resolve.exe
/src/tools/tor-gencert.exe
+/src/tools/tor-cov-gencert.exe
/src/tools/Makefile
/src/tools/Makefile.in
diff --git a/ChangeLog b/ChangeLog
index 4d93e1987e..22f3f6eaf4 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,6 +1,255 @@
-Changes in version 0.2.6.4-?? - 2015-0?-??
+Changes in version 0.2.7.1-alpha - 2015-0?-??
+Changes in version 0.2.6.6 - 2015-03-24
+ Tor 0.2.6.6 is the first stable release in the 0.2.6 series.
+
+ It adds numerous safety, security, correctness, and performance
+ improvements. Client programs can be configured to use more kinds of
+ sockets, AutomapHosts works better, the multithreading backend is
+ improved, cell transmission is refactored, test coverage is much
+ higher, more denial-of-service attacks are handled, guard selection is
+ improved to handle long-term guards better, pluggable transports
+ should work a bit better, and some annoying hidden service performance
+ bugs should be addressed.
+
+ o Minor bugfixes (portability):
+ - Use the correct datatype in the SipHash-2-4 function to prevent
+ compilers from assuming any sort of alignment. Fixes bug 15436;
+ bugfix on 0.2.5.3-alpha.
+
+Changes in version 0.2.6.5-rc - 2015-03-18
+ Tor 0.2.6.5-rc is the second and (hopefully) last release candidate in
+ the 0.2.6. It fixes a small number of bugs found in 0.2.6.4-rc.
+
+ o Major bugfixes (client):
+ - Avoid crashing when making certain configuration option changes on
+ clients. Fixes bug 15245; bugfix on 0.2.6.3-alpha. Reported
+ by "anonym".
+
+ o Major bugfixes (pluggable transports):
+ - Initialize the extended OR Port authentication cookie before
+ launching pluggable transports. This prevents a race condition
+ that occured when server-side pluggable transports would cache the
+ authentication cookie before it has been (re)generated. Fixes bug
+ 15240; bugfix on 0.2.5.1-alpha.
+
+ o Major bugfixes (portability):
+ - Do not crash on startup when running on Solaris. Fixes a bug
+ related to our fix for 9495; bugfix on 0.2.6.1-alpha. Reported
+ by "ruebezahl".
+
+ o Minor features (heartbeat):
+ - On relays, report how many connections we negotiated using each
+ version of the Tor link protocols. This information will let us
+ know if removing support for very old versions of the Tor
+ protocols is harming the network. Closes ticket 15212.
+
+ o Code simplification and refactoring:
+ - Refactor main loop to extract the 'loop' part. This makes it
+ easier to run Tor under Shadow. Closes ticket 15176.
+
+
+Changes in version 0.2.5.11 - 2015-03-17
+ Tor 0.2.5.11 is the second stable release in the 0.2.5 series.
+
+ It backports several bugfixes from the 0.2.6 branch, including a
+ couple of medium-level security fixes for relays and exit nodes.
+ It also updates the list of directory authorities.
+
+ o Directory authority changes:
+ - Remove turtles as a directory authority.
+ - Add longclaw as a new (v3) directory authority. This implements
+ ticket 13296. This keeps the directory authority count at 9.
+ - The directory authority Faravahar has a new IP address. This
+ closes ticket 14487.
+
+ o Major bugfixes (crash, OSX, security):
+ - Fix a remote denial-of-service opportunity caused by a bug in
+ OSX's _strlcat_chk() function. Fixes bug 15205; bug first appeared
+ in OSX 10.9.
+
+ o Major bugfixes (relay, stability, possible security):
+ - Fix a bug that could lead to a relay crashing with an assertion
+ failure if a buffer of exactly the wrong layout was passed to
+ buf_pullup() at exactly the wrong time. Fixes bug 15083; bugfix on
+ 0.2.0.10-alpha. Patch from 'cypherpunks'.
+ - Do not assert if the 'data' pointer on a buffer is advanced to the
+ very end of the buffer; log a BUG message instead. Only assert if
+ it is past that point. Fixes bug 15083; bugfix on 0.2.0.10-alpha.
+
+ o Major bugfixes (exit node stability):
+ - Fix an assertion failure that could occur under high DNS load.
+ Fixes bug 14129; bugfix on Tor 0.0.7rc1. Found by "jowr";
+ diagnosed and fixed by "cypherpunks".
+
+ o Major bugfixes (Linux seccomp2 sandbox):
+ - Upon receiving sighup with the seccomp2 sandbox enabled, do not
+ crash during attempts to call wait4. Fixes bug 15088; bugfix on
+ 0.2.5.1-alpha. Patch from "sanic".
+
+ o Minor features (controller):
+ - New "GETINFO bw-event-cache" to get information about recent
+ bandwidth events. Closes ticket 14128. Useful for controllers to
+ get recent bandwidth history after the fix for ticket 13988.
+
+ o Minor features (geoip):
+ - Update geoip to the March 3 2015 Maxmind GeoLite2 Country database.
+ - Update geoip6 to the March 3 2015 Maxmind GeoLite2
+ Country database.
+
+ o Minor bugfixes (client, automapping):
+ - Avoid crashing on torrc lines for VirtualAddrNetworkIPv[4|6] when
+ no value follows the option. Fixes bug 14142; bugfix on
+ 0.2.4.7-alpha. Patch by "teor".
+ - Fix a memory leak when using AutomapHostsOnResolve. Fixes bug
+ 14195; bugfix on 0.1.0.1-rc.
+
+ o Minor bugfixes (compilation):
+ - Build without warnings with the stock OpenSSL srtp.h header, which
+ has a duplicate declaration of SSL_get_selected_srtp_profile().
+ Fixes bug 14220; this is OpenSSL's bug, not ours.
+
+ o Minor bugfixes (directory authority):
+ - Allow directory authorities to fetch more data from one another if
+ they find themselves missing lots of votes. Previously, they had
+ been bumping against the 10 MB queued data limit. Fixes bug 14261;
+ bugfix on 0.1.2.5-alpha.
+ - Enlarge the buffer to read bwauth generated files to avoid an
+ issue when parsing the file in dirserv_read_measured_bandwidths().
+ Fixes bug 14125; bugfix on 0.2.2.1-alpha.
+
+ o Minor bugfixes (statistics):
+ - Increase period over which bandwidth observations are aggregated
+ from 15 minutes to 4 hours. Fixes bug 13988; bugfix on 0.0.8pre1.
+
+ o Minor bugfixes (preventative security, C safety):
+ - When reading a hexadecimal, base-32, or base-64 encoded value from
+ a string, always overwrite the whole output buffer. This prevents
+ some bugs where we would look at (but fortunately, not reveal)
+ uninitialized memory on the stack. Fixes bug 14013; bugfix on all
+ versions of Tor.
+
+
+Changes in version 0.2.4.26 - 2015-03-17
+ Tor 0.2.4.26 includes an updated list of directory authorities. It
+ also backports a couple of stability and security bugfixes from 0.2.5
+ and beyond.
+
+ o Directory authority changes:
+ - Remove turtles as a directory authority.
+ - Add longclaw as a new (v3) directory authority. This implements
+ ticket 13296. This keeps the directory authority count at 9.
+ - The directory authority Faravahar has a new IP address. This
+ closes ticket 14487.
+
+ o Major bugfixes (exit node stability, also in 0.2.6.3-alpha):
+ - Fix an assertion failure that could occur under high DNS load.
+ Fixes bug 14129; bugfix on Tor 0.0.7rc1. Found by "jowr";
+ diagnosed and fixed by "cypherpunks".
+
+ o Major bugfixes (relay, stability, possible security, also in 0.2.6.4-rc):
+ - Fix a bug that could lead to a relay crashing with an assertion
+ failure if a buffer of exactly the wrong layout was passed to
+ buf_pullup() at exactly the wrong time. Fixes bug 15083; bugfix on
+ 0.2.0.10-alpha. Patch from 'cypherpunks'.
+ - Do not assert if the 'data' pointer on a buffer is advanced to the
+ very end of the buffer; log a BUG message instead. Only assert if
+ it is past that point. Fixes bug 15083; bugfix on 0.2.0.10-alpha.
+
+ o Minor features (geoip):
+ - Update geoip to the March 3 2015 Maxmind GeoLite2 Country database.
+ - Update geoip6 to the March 3 2015 Maxmind GeoLite2
+ Country database.
+
+Changes in version 0.2.6.4-rc - 2015-03-09
+ Tor 0.2.6.4-alpha fixes an issue in the directory code that an
+ attacker might be able to use in order to crash certain Tor
+ directories. It also resolves some minor issues left over from, or
+ introduced in, Tor 0.2.6.3-alpha or earlier.
+
+ o Major bugfixes (crash, OSX, security):
+ - Fix a remote denial-of-service opportunity caused by a bug in
+ OSX's _strlcat_chk() function. Fixes bug 15205; bug first appeared
+ in OSX 10.9.
+
+ o Major bugfixes (relay, stability, possible security):
+ - Fix a bug that could lead to a relay crashing with an assertion
+ failure if a buffer of exactly the wrong layout is passed to
+ buf_pullup() at exactly the wrong time. Fixes bug 15083; bugfix on
+ 0.2.0.10-alpha. Patch from "cypherpunks".
+ - Do not assert if the 'data' pointer on a buffer is advanced to the
+ very end of the buffer; log a BUG message instead. Only assert if
+ it is past that point. Fixes bug 15083; bugfix on 0.2.0.10-alpha.
+
+ o Major bugfixes (FreeBSD IPFW transparent proxy):
+ - Fix address detection with FreeBSD transparent proxies, when
+ "TransProxyType ipfw" is in use. Fixes bug 15064; bugfix
+ on 0.2.5.4-alpha.
+
+ o Major bugfixes (Linux seccomp2 sandbox):
+ - Pass IPPROTO_TCP rather than 0 to socket(), so that the Linux
+ seccomp2 sandbox doesn't fail. Fixes bug 14989; bugfix
+ on 0.2.6.3-alpha.
+ - Allow AF_UNIX hidden services to be used with the seccomp2
+ sandbox. Fixes bug 15003; bugfix on 0.2.6.3-alpha.
+ - Upon receiving sighup with the seccomp2 sandbox enabled, do not
+ crash during attempts to call wait4. Fixes bug 15088; bugfix on
+ 0.2.5.1-alpha. Patch from "sanic".
+
+ o Minor features (controller):
+ - Messages about problems in the bootstrap process now include
+ information about the server we were trying to connect to when we
+ noticed the problem. Closes ticket 15006.
+
+ o Minor features (geoip):
+ - Update geoip to the March 3 2015 Maxmind GeoLite2 Country database.
+ - Update geoip6 to the March 3 2015 Maxmind GeoLite2
+ Country database.
+
+ o Minor features (logs):
+ - Quiet some log messages in the heartbeat and at startup. Closes
+ ticket 14950.
+
+ o Minor bugfixes (certificate handling):
+ - If an authority operator accidentally makes a signing certificate
+ with a future publication time, do not discard its real signing
+ certificates. Fixes bug 11457; bugfix on 0.2.0.3-alpha.
+ - Remove any old authority certificates that have been superseded
+ for at least two days. Previously, we would keep superseded
+ certificates until they expired, if they were published close in
+ time to the certificate that superseded them. Fixes bug 11454;
+ bugfix on 0.2.1.8-alpha.
+
+ o Minor bugfixes (compilation):
+ - Fix a compilation warning on s390. Fixes bug 14988; bugfix
+ on 0.2.5.2-alpha.
+ - Fix a compilation warning on FreeBSD. Fixes bug 15151; bugfix
+ on 0.2.6.2-alpha.
+
+ o Minor bugfixes (testing):
+ - Fix endianness issues in unit test for resolve_my_address() to
+ have it pass on big endian systems. Fixes bug 14980; bugfix on
+ Tor 0.2.6.3-alpha.
+ - Avoid a side-effect in a tor_assert() in the unit tests. Fixes bug
+ 15188; bugfix on 0.1.2.3-alpha. Patch from Tom van der Woerdt.
+ - When running the new 'make test-stem' target, use the configured
+ python binary. Fixes bug 15037; bugfix on 0.2.6.3-alpha. Patch
+ from "cypherpunks".
+ - When running the zero-length-keys tests, do not use the default
+ torrc file. Fixes bug 15033; bugfix on 0.2.6.3-alpha. Reported
+ by "reezer".
+
+ o Directory authority IP change:
+ - The directory authority Faravahar has a new IP address. This
+ closes ticket 14487.
+
+ o Removed code:
+ - Remove some lingering dead code that once supported mempools.
+ Mempools were disabled by default in 0.2.5, and removed entirely
+ in 0.2.6.3-alpha. Closes more of ticket 14848; patch
+ by "cypherpunks".
+
Changes in version 0.2.6.3-alpha - 2015-02-19
Tor 0.2.6.3-alpha is the third (and hopefully final) alpha release in
@@ -49,6 +298,13 @@ Changes in version 0.2.6.3-alpha - 2015-02-19
notified of updates and their correct digests. Implements proposal
227. Closes ticket 10395.
+ o Major features (guards):
+ - Introduce the Guardfraction feature to improves load balancing on
+ guard nodes. Specifically, it aims to reduce the traffic gap that
+ guard nodes experience when they first get the Guard flag. This is
+ a required step if we want to increase the guard lifetime to 9
+ months or greater. Closes ticket 9321.
+
o Major features (performance):
- Make the CPU worker implementation more efficient by avoiding the
kernel and lengthening pipelines. The original implementation used
diff --git a/Doxyfile.in b/Doxyfile.in
index 344ee27149..a39348f2cb 100644
--- a/Doxyfile.in
+++ b/Doxyfile.in
@@ -38,7 +38,7 @@ PROJECT_NUMBER = @VERSION@
# If a relative path is entered, it will be relative to the location
# where doxygen was started. If left blank the current directory will be used.
-OUTPUT_DIRECTORY = ./doc/doxygen
+OUTPUT_DIRECTORY = @top_builddir@/doc/doxygen
# If the CREATE_SUBDIRS tag is set to YES, then doxygen will create
# 4096 sub-directories (in 2 levels) under the output directory of each output
@@ -534,8 +534,8 @@ WARN_LOGFILE =
# directories like "/usr/src/myproject". Separate the files or directories
# with spaces.
-INPUT = src/common \
- src/or
+INPUT = @top_srcdir@/src/common \
+ @top_srcdir@/src/or
# This tag can be used to specify the character encoding of the source files
# that doxygen parses. Internally doxygen uses the UTF-8 encoding, which is
diff --git a/Makefile.am b/Makefile.am
index b1f92f5b34..316086c1e1 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -20,6 +20,7 @@ DISTCLEANFILES=
bin_SCRIPTS=
AM_CPPFLAGS=
AM_CFLAGS = @TOR_SYSTEMD_CFLAGS@
+SHELL = @SHELL@
include src/include.am
include doc/include.am
include contrib/include.am
@@ -34,8 +35,10 @@ EXTRA_DIST+= \
if COVERAGE_ENABLED
TEST_CFLAGS=-fno-inline -fprofile-arcs -ftest-coverage
+TEST_CPPFLAGS=-DTOR_UNIT_TESTS -DTOR_COVERAGE
else
TEST_CFLAGS=
+TEST_CPPFLAGS=-DTOR_UNIT_TESTS
endif
#install-data-local:
@@ -64,12 +67,12 @@ doxygen:
doxygen && cd doc/doxygen/latex && make
test: all
- ./src/test/test
+ $(top_builddir)/src/test/test
# Note that test-network requires a copy of Chutney in $CHUTNEY_PATH.
# Chutney can be cloned from https://git.torproject.org/chutney.git .
test-network: all
- ./src/test/test-network.sh
+ $(top_srcdir)/src/test/test-network.sh
test-stem: $(TESTING_TOR_BINARY)
@if test -d "$$STEM_SOURCE_DIR"; then \
@@ -79,17 +82,41 @@ test-stem: $(TESTING_TOR_BINARY)
echo "To run these tests, git clone https://git.torproject.org/stem.git/ ; export STEM_SOURCE_DIR=\`pwd\`/stem"; \
fi
+test-stem-full: $(TESTING_TOR_BINARY)
+ @if test -d "$$STEM_SOURCE_DIR"; then \
+ "$$STEM_SOURCE_DIR"/run_tests.py --tor $(TESTING_TOR_BINARY) --all --log notice --target RUN_ALL,ONLINE -v; \
+ else \
+ echo '$$STEM_SOURCE_DIR was not set.'; echo; \
+ echo "To run these tests, git clone https://git.torproject.org/stem.git/ ; export STEM_SOURCE_DIR=\`pwd\`/stem"; \
+ fi
reset-gcov:
- rm -f src/*/*.gcda src/*/*/*.gcda
+ rm -f $(top_builddir)/src/*/*.gcda $(top_builddir)/src/*/*/*.gcda
-HTML_COVER_DIR=./coverage_html
+HTML_COVER_DIR=$(top_builddir)/coverage_html
coverage-html: all
+if COVERAGE_ENABLED
+ test -e "`which lcov`" || (echo "lcov must be installed. See <http://ltp.sourceforge.net/coverage/lcov.php>." && false)
+ test -d "$(HTML_COVER_DIR)" || $(MKDIR_P) "$(HTML_COVER_DIR)"
+ lcov --rc lcov_branch_coverage=1 --directory $(top_builddir)/src --zerocounters
+ $(MAKE) reset-gcov
+ $(MAKE) check
+ lcov --capture --rc lcov_branch_coverage=1 --no-external --directory $(top_builddir) --base-directory $(top_srcdir) --output-file "$(HTML_COVER_DIR)/lcov.tmp"
+ lcov --remove "$(HTML_COVER_DIR)/lcov.tmp" --rc lcov_branch_coverage=1 'test/*' 'ext/tinytest*' '/usr/*' --output-file "$(HTML_COVER_DIR)/lcov.info"
+ genhtml --branch-coverage -o "$(HTML_COVER_DIR)" "$(HTML_COVER_DIR)/lcov.info"
+else
+ @printf "Not configured with --enable-coverage, run ./configure --enable-coverage\n"
+endif
+
+coverage-html-full: all
test -e "`which lcov`" || (echo "lcov must be installed. See <http://ltp.sourceforge.net/coverage/lcov.php>." && false)
test -d "$(HTML_COVER_DIR)" || mkdir -p "$(HTML_COVER_DIR)"
lcov --rc lcov_branch_coverage=1 --directory ./src --zerocounters
$(MAKE) reset-gcov
$(MAKE) check
+ $(MAKE) test-stem-full
+ CHUTNEY_TOR=tor-cov CHUTNEY_TOR_GENCERT=tor-cov-gencert $(top_srcdir)/src/test/test-network.sh
+ CHUTNEY_TOR=tor-cov CHUTNEY_TOR_GENCERT=tor-cov-gencert $(top_srcdir)/src/test/test-network.sh --flavor hs
lcov --capture --rc lcov_branch_coverage=1 --no-external --directory . --output-file "$(HTML_COVER_DIR)/lcov.tmp"
lcov --remove "$(HTML_COVER_DIR)/lcov.tmp" --rc lcov_branch_coverage=1 'test/*' 'ext/tinytest*' '/usr/*' --output-file "$(HTML_COVER_DIR)/lcov.info"
genhtml --branch-coverage -o "$(HTML_COVER_DIR)" "$(HTML_COVER_DIR)/lcov.info"
@@ -97,19 +124,29 @@ coverage-html: all
# Avoid strlcpy.c, strlcat.c, aes.c, OpenBSD_malloc_Linux.c, sha256.c,
# eventdns.[hc], tinytest*.[ch]
check-spaces:
- ./scripts/maint/checkSpace.pl -C \
- src/common/*.[ch] \
- src/or/*.[ch] \
- src/test/*.[ch] \
- src/tools/*.[ch] \
- src/tools/tor-fw-helper/*.[ch]
+ $(top_srcdir)/scripts/maint/checkSpace.pl -C \
+ $(top_srcdir)/src/common/*.[ch] \
+ $(top_srcdir)/src/or/*.[ch] \
+ $(top_srcdir)/src/test/*.[ch] \
+ $(top_srcdir)/src/tools/*.[ch] \
+ $(top_srcdir)/src/tools/tor-fw-helper/*.[ch]
-check-docs:
- ./scripts/maint/checkOptionDocs.pl
+check-docs: all
+ $(PERL) $(top_builddir)/scripts/maint/checkOptionDocs.pl
check-logs:
- ./scripts/maint/checkLogs.pl \
- src/*/*.[ch] | sort -n
+ $(top_srcdir)/scripts/maint/checkLogs.pl \
+ $(top_srcdir)/src/*/*.[ch] | sort -n
+
+.PHONY: check-changes
+check-changes:
+ @if test -d "$(top_srcdir)/changes"; then \
+ $(PYTHON) $(top_srcdir)/scripts/maint/lintChanges.py $(top_srcdir)/changes/*; \
+ fi
+
+.PHONY: update-versions
+update-versions:
+ $(PERL) $(top_builddir)/scripts/maint/updateVersions.pl
version:
@echo "Tor @VERSION@"
@@ -119,4 +156,6 @@ version:
fi
mostlyclean-local:
- rm -f src/*/*.gc{da,no} src/*/*/*.gc{da,no}
+ rm -f $(top_builddir)/src/*/*.gc{da,no} $(top_builddir)/src/*/*/*.gc{da,no}
+ rm -rf $(HTML_COVER_DIR)
+ rm -rf $(top_builddir)/doc/doxygen
diff --git a/ReleaseNotes b/ReleaseNotes
index a9c8ceefdd..18bb8f20f5 100644
--- a/ReleaseNotes
+++ b/ReleaseNotes
@@ -3,6 +3,1118 @@ This document summarizes new features and bugfixes in each stable release
of Tor. If you want to see more detailed descriptions of the changes in
each development snapshot, see the ChangeLog file.
+
+Changes in version 0.2.6.6 - 2015-03-24
+ Tor 0.2.6.6 is the first stable release in the 0.2.6 series.
+
+ It adds numerous safety, security, correctness, and performance
+ improvements. Client programs can be configured to use more kinds of
+ sockets, AutomapHosts works better, the multithreading backend is
+ improved, cell transmission is refactored, test coverage is much
+ higher, more denial-of-service attacks are handled, guard selection is
+ improved to handle long-term guards better, pluggable transports
+ should work a bit better, and some annoying hidden service performance
+ bugs should be addressed.
+
+ o New compiler and system requirements:
+ - Tor 0.2.6.x requires that your compiler support more of the C99
+ language standard than before. The 'configure' script now detects
+ whether your compiler supports C99 mid-block declarations and
+ designated initializers. If it does not, Tor will not compile.
+
+ We may revisit this requirement if it turns out that a significant
+ number of people need to build Tor with compilers that don't
+ bother implementing a 15-year-old standard. Closes ticket 13233.
+ - Tor no longer supports systems without threading support. When we
+ began working on Tor, there were several systems that didn't have
+ threads, or where the thread support wasn't able to run the
+ threads of a single process on multiple CPUs. That no longer
+ holds: every system where Tor needs to run well now has threading
+ support. Resolves ticket 12439.
+
+ o Deprecated versions and removed support:
+ - Tor relays older than 0.2.4.18-rc are no longer allowed to
+ advertise themselves on the network. Closes ticket 13555.
+ - Tor clients no longer support connecting to hidden services
+ running on Tor 0.2.2.x and earlier; the Support022HiddenServices
+ option has been removed. (There shouldn't be any hidden services
+ running these versions on the network.) Closes ticket 7803.
+
+ o Directory authority changes:
+ - The directory authority Faravahar has a new IP address. This
+ closes ticket 14487.
+ - Remove turtles as a directory authority.
+ - Add longclaw as a new (v3) directory authority. This implements
+ ticket 13296. This keeps the directory authority count at 9.
+
+ o Major features (bridges):
+ - Expose the outgoing upstream HTTP/SOCKS proxy to pluggable
+ transports if they are configured via the "TOR_PT_PROXY"
+ environment variable. Implements proposal 232. Resolves
+ ticket 8402.
+
+ o Major features (changed defaults):
+ - Prevent relay operators from unintentionally running exits: When a
+ relay is configured as an exit node, we now warn the user unless
+ the "ExitRelay" option is set to 1. We warn even more loudly if
+ the relay is configured with the default exit policy, since this
+ can indicate accidental misconfiguration. Setting "ExitRelay 0"
+ stops Tor from running as an exit relay. Closes ticket 10067.
+
+ o Major features (client performance, hidden services):
+ - Allow clients to use optimistic data when connecting to a hidden
+ service, which should remove a round-trip from hidden service
+ initialization. See proposal 181 for details. Implements
+ ticket 13211.
+
+ o Major features (directory system):
+ - Upon receiving an unparseable directory object, if its digest
+ matches what we expected, then don't try to download it again.
+ Previously, when we got a descriptor we didn't like, we would keep
+ trying to download it over and over. Closes ticket 11243.
+ - When downloading server- or microdescriptors from a directory
+ server, we no longer launch multiple simultaneous requests to the
+ same server. This reduces load on the directory servers,
+ especially when directory guards are in use. Closes ticket 9969.
+ - When downloading server- or microdescriptors over a tunneled
+ connection, do not limit the length of our requests to what the
+ Squid proxy is willing to handle. Part of ticket 9969.
+ - Authorities can now vote on the correct digests and latest
+ versions for different software packages. This allows packages
+ that include Tor to use the Tor authority system as a way to get
+ notified of updates and their correct digests. Implements proposal
+ 227. Closes ticket 10395.
+
+ o Major features (guards):
+ - Introduce the Guardfraction feature to improves load balancing on
+ guard nodes. Specifically, it aims to reduce the traffic gap that
+ guard nodes experience when they first get the Guard flag. This is
+ a required step if we want to increase the guard lifetime to 9
+ months or greater. Closes ticket 9321.
+
+ o Major features (hidden services):
+ - Make HS port scanning more difficult by immediately closing the
+ circuit when a user attempts to connect to a nonexistent port.
+ Closes ticket 13667.
+ - Add a HiddenServiceStatistics option that allows Tor relays to
+ gather and publish statistics about the overall size and volume of
+ hidden service usage. Specifically, when this option is turned on,
+ an HSDir will publish an approximate number of hidden services
+ that have published descriptors to it the past 24 hours. Also, if
+ a relay has acted as a hidden service rendezvous point, it will
+ publish the approximate amount of rendezvous cells it has relayed
+ the past 24 hours. The statistics themselves are obfuscated so
+ that the exact values cannot be derived. For more details see
+ proposal 238, "Better hidden service stats from Tor relays". This
+ feature is currently disabled by default. Implements feature 13192.
+
+ o Major features (performance):
+ - Make the CPU worker implementation more efficient by avoiding the
+ kernel and lengthening pipelines. The original implementation used
+ sockets to transfer data from the main thread to the workers, and
+ didn't allow any thread to be assigned more than a single piece of
+ work at once. The new implementation avoids communications
+ overhead by making requests in shared memory, avoiding kernel IO
+ where possible, and keeping more requests in flight at once.
+ Implements ticket 9682.
+
+ o Major features (relay):
+ - Raise the minimum acceptable configured bandwidth rate for bridges
+ to 50 KiB/sec and for relays to 75 KiB/sec. (The old values were
+ 20 KiB/sec.) Closes ticket 13822.
+ - Complete revision of the code that relays use to decide which cell
+ to send next. Formerly, we selected the best circuit to write on
+ each channel, but we didn't select among channels in any
+ sophisticated way. Now, we choose the best circuits globally from
+ among those whose channels are ready to deliver traffic.
+
+ This patch implements a new inter-cmux comparison API, a global
+ high/low watermark mechanism and a global scheduler loop for
+ transmission prioritization across all channels as well as among
+ circuits on one channel. This schedule is currently tuned to
+ (tolerantly) avoid making changes in network performance, but it
+ should form the basis for major circuit performance increases in
+ the future. Code by Andrea; tuning by Rob Jansen; implements
+ ticket 9262.
+
+ o Major features (sample torrc):
+ - Add a new, infrequently-changed "torrc.minimal". This file is
+ similar to torrc.sample, but it will change as infrequently as
+ possible, for the benefit of users whose systems prompt them for
+ intervention whenever a default configuration file is changed.
+ Making this change allows us to update torrc.sample to be a more
+ generally useful "sample torrc".
+
+ o Major features (security, unix domain sockets):
+ - Allow SocksPort to be an AF_UNIX Unix Domain Socket. Now high risk
+ applications can reach Tor without having to create AF_INET or
+ AF_INET6 sockets, meaning they can completely disable their
+ ability to make non-Tor network connections. To create a socket of
+ this type, use "SocksPort unix:/path/to/socket". Implements
+ ticket 12585.
+ - Support mapping hidden service virtual ports to AF_UNIX sockets.
+ The syntax is "HiddenServicePort 80 unix:/path/to/socket".
+ Implements ticket 11485.
+
+ o Major bugfixes (client, automap):
+ - Repair automapping with IPv6 addresses. This automapping should
+ have worked previously, but one piece of debugging code that we
+ inserted to detect a regression actually caused the regression to
+ manifest itself again. Fixes bug 13811 and bug 12831; bugfix on
+ 0.2.4.7-alpha. Diagnosed and fixed by Francisco Blas
+ Izquierdo Riera.
+
+ o Major bugfixes (crash, OSX, security):
+ - Fix a remote denial-of-service opportunity caused by a bug in
+ OSX's _strlcat_chk() function. Fixes bug 15205; bug first appeared
+ in OSX 10.9.
+
+ o Major bugfixes (directory authorities):
+ - Do not assign the HSDir flag to relays if they are not Valid, or
+ currently hibernating. Fixes 12573; bugfix on 0.2.0.10-alpha.
+
+ o Major bugfixes (directory bandwidth performance):
+ - Don't flush the zlib buffer aggressively when compressing
+ directory information for clients. This should save about 7% of
+ the bandwidth currently used for compressed descriptors and
+ microdescriptors. Fixes bug 11787; bugfix on 0.1.1.23.
+
+ o Major bugfixes (exit node stability):
+ - Fix an assertion failure that could occur under high DNS load.
+ Fixes bug 14129; bugfix on Tor 0.0.7rc1. Found by "jowr";
+ diagnosed and fixed by "cypherpunks".
+
+ o Major bugfixes (FreeBSD IPFW transparent proxy):
+ - Fix address detection with FreeBSD transparent proxies, when
+ "TransProxyType ipfw" is in use. Fixes bug 15064; bugfix
+ on 0.2.5.4-alpha.
+
+ o Major bugfixes (hidden services):
+ - When closing an introduction circuit that was opened in parallel
+ with others, don't mark the introduction point as unreachable.
+ Previously, the first successful connection to an introduction
+ point would make the other introduction points get marked as
+ having timed out. Fixes bug 13698; bugfix on 0.0.6rc2.
+
+ o Major bugfixes (Linux seccomp2 sandbox):
+ - Upon receiving sighup with the seccomp2 sandbox enabled, do not
+ crash during attempts to call wait4. Fixes bug 15088; bugfix on
+ 0.2.5.1-alpha. Patch from "sanic".
+
+ o Major bugfixes (mixed relay-client operation):
+ - When running as a relay and client at the same time (not
+ recommended), if we decide not to use a new guard because we want
+ to retry older guards, only close the locally-originating circuits
+ passing through that guard. Previously we would close all the
+ circuits through that guard. Fixes bug 9819; bugfix on
+ 0.2.1.1-alpha. Reported by "skruffy".
+
+ o Major bugfixes (pluggable transports):
+ - Initialize the extended OR Port authentication cookie before
+ launching pluggable transports. This prevents a race condition
+ that occured when server-side pluggable transports would cache the
+ authentication cookie before it has been (re)generated. Fixes bug
+ 15240; bugfix on 0.2.5.1-alpha.
+
+ o Major bugfixes (relay, stability, possible security):
+ - Fix a bug that could lead to a relay crashing with an assertion
+ failure if a buffer of exactly the wrong layout is passed to
+ buf_pullup() at exactly the wrong time. Fixes bug 15083; bugfix on
+ 0.2.0.10-alpha. Patch from "cypherpunks".
+ - Do not assert if the 'data' pointer on a buffer is advanced to the
+ very end of the buffer; log a BUG message instead. Only assert if
+ it is past that point. Fixes bug 15083; bugfix on 0.2.0.10-alpha.
+
+ o Minor features (build):
+ - New --disable-system-torrc compile-time option to prevent Tor from
+ looking for the system-wide torrc or torrc-defaults files.
+ Resolves ticket 13037.
+
+ o Minor features (client):
+ - Clients are now willing to send optimistic data (before they
+ receive a 'connected' cell) to relays of any version. (Relays
+ without support for optimistic data are no longer supported on the
+ Tor network.) Resolves ticket 13153.
+
+ o Minor features (client):
+ - Validate hostnames in SOCKS5 requests more strictly. If SafeSocks
+ is enabled, reject requests with IP addresses as hostnames.
+ Resolves ticket 13315.
+
+ o Minor features (controller):
+ - Add a "SIGNAL HEARTBEAT" controller command that tells Tor to
+ write an unscheduled heartbeat message to the log. Implements
+ feature 9503.
+ - Include SOCKS_USERNAME and SOCKS_PASSWORD values in controller
+ events so controllers can observe circuit isolation inputs. Closes
+ ticket 8405.
+ - ControlPort now supports the unix:/path/to/socket syntax as an
+ alternative to the ControlSocket option, for consistency with
+ SocksPort and HiddenServicePort. Closes ticket 14451.
+ - New "GETINFO bw-event-cache" to get information about recent
+ bandwidth events. Closes ticket 14128. Useful for controllers to
+ get recent bandwidth history after the fix for ticket 13988.
+ - Messages about problems in the bootstrap process now include
+ information about the server we were trying to connect to when we
+ noticed the problem. Closes ticket 15006.
+
+ o Minor features (Denial of service resistance):
+ - Count the total number of bytes used storing hidden service
+ descriptors against the value of MaxMemInQueues. If we're low on
+ memory, and more than 20% of our memory is used holding hidden
+ service descriptors, free them until no more than 10% of our
+ memory holds hidden service descriptors. Free the least recently
+ fetched descriptors first. Resolves ticket 13806.
+ - When we have recently been under memory pressure (over 3/4 of
+ MaxMemInQueues is allocated), then allocate smaller zlib objects
+ for small requests. Closes ticket 11791.
+
+ o Minor features (directory authorities):
+ - Don't list relays with a bandwidth estimate of 0 in the consensus.
+ Implements a feature proposed during discussion of bug 13000.
+ - In tor-gencert, report an error if the user provides the same
+ argument more than once.
+ - If a directory authority can't find a best consensus method in the
+ votes that it holds, it now falls back to its favorite consensus
+ method. Previously, it fell back to method 1. Neither of these is
+ likely to get enough signatures, but "fall back to favorite"
+ doesn't require us to maintain support an obsolete consensus
+ method. Implements part of proposal 215.
+
+ o Minor features (geoip):
+ - Update geoip to the March 3 2015 Maxmind GeoLite2 Country database.
+ - Update geoip6 to the March 3 2015 Maxmind GeoLite2
+ Country database.
+
+ o Minor features (guard nodes):
+ - Reduce the time delay before saving guard status to disk from 10
+ minutes to 30 seconds (or from one hour to 10 minutes if
+ AvoidDiskWrites is set). Closes ticket 12485.
+
+ o Minor features (heartbeat):
+ - On relays, report how many connections we negotiated using each
+ version of the Tor link protocols. This information will let us
+ know if removing support for very old versions of the Tor
+ protocols is harming the network. Closes ticket 15212.
+
+ o Minor features (hidden service):
+ - Make Sybil attacks against hidden services harder by changing the
+ minimum time required to get the HSDir flag from 25 hours up to 96
+ hours. Addresses ticket 14149.
+ - New option "HiddenServiceAllowUnknownPorts" to allow hidden
+ services to disable the anti-scanning feature introduced in
+ 0.2.6.2-alpha. With this option not set, a connection to an
+ unlisted port closes the circuit. With this option set, only a
+ RELAY_DONE cell is sent. Closes ticket 14084.
+ - When re-enabling the network, don't try to build introduction
+ circuits until we have successfully built a circuit. This makes
+ hidden services come up faster when the network is re-enabled.
+ Patch from "akwizgran". Closes ticket 13447.
+ - When we fail to retrieve a hidden service descriptor, send the
+ controller an "HS_DESC FAILED" controller event. Implements
+ feature 13212.
+ - New HiddenServiceDirGroupReadable option to cause hidden service
+ directories and hostname files to be created group-readable. Patch
+ from "anon", David Stainton, and "meejah". Closes ticket 11291.
+
+ o Minor features (interface):
+ - Implement "-f -" command-line option to read torrc configuration
+ from standard input, if you don't want to store the torrc file in
+ the file system. Implements feature 13865.
+
+ o Minor features (logging):
+ - Add a count of unique clients to the bridge heartbeat message.
+ Resolves ticket 6852.
+ - Suppress "router info incompatible with extra info" message when
+ reading extrainfo documents from cache. (This message got loud
+ around when we closed bug 9812 in 0.2.6.2-alpha.) Closes
+ ticket 13762.
+ - Elevate hidden service authorized-client message from DEBUG to
+ INFO. Closes ticket 14015.
+ - On Unix-like systems, you can now use named pipes as the target of
+ the Log option, and other options that try to append to files.
+ Closes ticket 12061. Patch from "carlo von lynX".
+ - When opening a log file at startup, send it every log message that
+ we generated between startup and opening it. Previously, log
+ messages that were generated before opening the log file were only
+ logged to stdout. Closes ticket 6938.
+ - Add a TruncateLogFile option to overwrite logs instead of
+ appending to them. Closes ticket 5583.
+ - Quiet some log messages in the heartbeat and at startup. Closes
+ ticket 14950.
+
+ o Minor features (portability, Solaris):
+ - Threads are no longer disabled by default on Solaris; we believe
+ that the versions of Solaris with broken threading support are all
+ obsolete by now. Resolves ticket 9495.
+
+ o Minor features (relay):
+ - Re-check our address after we detect a changed IP address from
+ getsockname(). This ensures that the controller command "GETINFO
+ address" will report the correct value. Resolves ticket 11582.
+ Patch from "ra".
+ - A new AccountingRule option lets Relays set whether they'd like
+ AccountingMax to be applied separately to inbound and outbound
+ traffic, or applied to the sum of inbound and outbound traffic.
+ Resolves ticket 961. Patch by "chobe".
+ - When identity keypair is generated for first time, log a
+ congratulatory message that links to the new relay lifecycle
+ document. Implements feature 10427.
+
+ o Minor features (security, memory wiping):
+ - Ensure we securely wipe keys from memory after
+ crypto_digest_get_digest and init_curve25519_keypair_from_file
+ have finished using them. Resolves ticket 13477.
+
+ o Minor features (security, out-of-memory handling):
+ - When handling an out-of-memory condition, allocate less memory for
+ temporary data structures. Fixes issue 10115.
+ - When handling an out-of-memory condition, consider more types of
+ buffers, including those on directory connections, and zlib
+ buffers. Resolves ticket 11792.
+
+ o Minor features (stability):
+ - Add assertions in our hash-table iteration code to check for
+ corrupted values that could cause infinite loops. Closes
+ ticket 11737.
+
+ o Minor features (systemd):
+ - Various improvements and modernizations in systemd hardening
+ support. Closes ticket 13805. Patch from Craig Andrews.
+ - Where supported, when running with systemd, report successful
+ startup to systemd. Part of ticket 11016. Patch by Michael Scherer.
+ - When running with systemd, support systemd watchdog messages. Part
+ of ticket 11016. Patch by Michael Scherer.
+
+ o Minor features (testing networks):
+ - Add the TestingDirAuthVoteExit option, which lists nodes to assign
+ the "Exit" flag regardless of their uptime, bandwidth, or exit
+ policy. TestingTorNetwork must be set for this option to have any
+ effect. Previously, authorities would take up to 35 minutes to
+ give nodes the Exit flag in a test network. Partially implements
+ ticket 13161.
+ - Drop the minimum RendPostPeriod on a testing network to 5 seconds,
+ and the default on a testing network to 2 minutes. Drop the
+ MIN_REND_INITIAL_POST_DELAY on a testing network to 5 seconds, but
+ keep the default on a testing network at 30 seconds. This reduces
+ HS bootstrap time to around 25 seconds. Also, change the default
+ time in test-network.sh to match. Closes ticket 13401. Patch
+ by "teor".
+ - Create TestingDirAuthVoteHSDir to correspond to
+ TestingDirAuthVoteExit/Guard. Ensures that authorities vote the
+ HSDir flag for the listed relays regardless of uptime or ORPort
+ connectivity. Respects the value of VoteOnHidServDirectoriesV2.
+ Partial implementation for ticket 14067. Patch by "teor".
+
+ o Minor features (tor2web mode):
+ - Introduce the config option Tor2webRendezvousPoints, which allows
+ clients in Tor2webMode to select a specific Rendezvous Point to be
+ used in HS circuits. This might allow better performance for
+ Tor2Web nodes. Implements ticket 12844.
+
+ o Minor features (transparent proxy):
+ - Update the transparent proxy option checks to allow for both ipfw
+ and pf on OS X. Closes ticket 14002.
+ - Use the correct option when using IPv6 with transparent proxy
+ support on Linux. Resolves 13808. Patch by Francisco Blas
+ Izquierdo Riera.
+
+ o Minor features (validation):
+ - Check all date/time values passed to tor_timegm and
+ parse_rfc1123_time for validity, taking leap years into account.
+ Improves HTTP header validation. Implemented with bug 13476.
+ - In correct_tm(), limit the range of values returned by system
+ localtime(_r) and gmtime(_r) to be between the years 1 and 8099.
+ This means we don't have to deal with negative or too large dates,
+ even if a clock is wrong. Otherwise we might fail to read a file
+ written by us which includes such a date. Fixes bug 13476.
+ - Stop allowing invalid address patterns like "*/24" that contain
+ both a wildcard address and a bit prefix length. This affects all
+ our address-range parsing code. Fixes bug 7484; bugfix
+ on 0.0.2pre14.
+
+ o Minor bugfixes (bridge clients):
+ - When configured to use a bridge without an identity digest (not
+ recommended), avoid launching an extra channel to it when
+ bootstrapping. Fixes bug 7733; bugfix on 0.2.4.4-alpha.
+
+ o Minor bugfixes (bridges):
+ - When DisableNetwork is set, do not launch pluggable transport
+ plugins, and if any are running, terminate them. Fixes bug 13213;
+ bugfix on 0.2.3.6-alpha.
+
+ o Minor bugfixes (C correctness):
+ - Fix several instances of possible integer overflow/underflow/NaN.
+ Fixes bug 13104; bugfix on 0.2.3.1-alpha and later. Patches
+ from "teor".
+ - In circuit_build_times_calculate_timeout() in circuitstats.c,
+ avoid dividing by zero in the pareto calculations. This traps
+ under clang's "undefined-trap" sanitizer. Fixes bug 13290; bugfix
+ on 0.2.2.2-alpha.
+ - Fix an integer overflow in format_time_interval(). Fixes bug
+ 13393; bugfix on 0.2.0.10-alpha.
+ - Set the correct day of year value when the system's localtime(_r)
+ or gmtime(_r) functions fail to set struct tm. Not externally
+ visible. Fixes bug 13476; bugfix on 0.0.2pre14.
+ - Avoid unlikely signed integer overflow in tor_timegm on systems
+ with 32-bit time_t. Fixes bug 13476; bugfix on 0.0.2pre14.
+
+ o Minor bugfixes (certificate handling):
+ - If an authority operator accidentally makes a signing certificate
+ with a future publication time, do not discard its real signing
+ certificates. Fixes bug 11457; bugfix on 0.2.0.3-alpha.
+ - Remove any old authority certificates that have been superseded
+ for at least two days. Previously, we would keep superseded
+ certificates until they expired, if they were published close in
+ time to the certificate that superseded them. Fixes bug 11454;
+ bugfix on 0.2.1.8-alpha.
+
+ o Minor bugfixes (client):
+ - Fix smartlist_choose_node_by_bandwidth() so that relays with the
+ BadExit flag are not considered worthy candidates. Fixes bug
+ 13066; bugfix on 0.1.2.3-alpha.
+ - Use the consensus schedule for downloading consensuses, and not
+ the generic schedule. Fixes bug 11679; bugfix on 0.2.2.6-alpha.
+ - Handle unsupported or malformed SOCKS5 requests properly by
+ responding with the appropriate error message before closing the
+ connection. Fixes bugs 12971 and 13314; bugfix on 0.0.2pre13.
+
+ o Minor bugfixes (client, automapping):
+ - Avoid crashing on torrc lines for VirtualAddrNetworkIPv[4|6] when
+ no value follows the option. Fixes bug 14142; bugfix on
+ 0.2.4.7-alpha. Patch by "teor".
+ - Fix a memory leak when using AutomapHostsOnResolve. Fixes bug
+ 14195; bugfix on 0.1.0.1-rc.
+ - Prevent changes to other options from removing the wildcard value
+ "." from "AutomapHostsSuffixes". Fixes bug 12509; bugfix
+ on 0.2.0.1-alpha.
+ - Allow MapAddress and AutomapHostsOnResolve to work together when
+ an address is mapped into another address type (like .onion) that
+ must be automapped at resolve time. Fixes bug 7555; bugfix
+ on 0.2.0.1-alpha.
+
+ o Minor bugfixes (client, bridges):
+ - When we are using bridges and we had a network connectivity
+ problem, only retry connecting to our currently configured
+ bridges, not all bridges we know about and remember using. Fixes
+ bug 14216; bugfix on 0.2.2.17-alpha.
+
+ o Minor bugfixes (client, DNS):
+ - Report the correct cached DNS expiration times on SOCKS port or in
+ DNS replies. Previously, we would report everything as "never
+ expires." Fixes bug 14193; bugfix on 0.2.3.17-beta.
+ - Avoid a small memory leak when we find a cached answer for a
+ reverse DNS lookup in a client-side DNS cache. (Remember, client-
+ side DNS caching is off by default, and is not recommended.) Fixes
+ bug 14259; bugfix on 0.2.0.1-alpha.
+
+ o Minor bugfixes (client, IPv6):
+ - Reject socks requests to literal IPv6 addresses when IPv6Traffic
+ flag is not set; and not because the NoIPv4Traffic flag was set.
+ Previously we'd looked at the NoIPv4Traffic flag for both types of
+ literal addresses. Fixes bug 14280; bugfix on 0.2.4.7-alpha.
+
+ o Minor bugfixes (client, microdescriptors):
+ - Use a full 256 bits of the SHA256 digest of a microdescriptor when
+ computing which microdescriptors to download. This keeps us from
+ erroneous download behavior if two microdescriptor digests ever
+ have the same first 160 bits. Fixes part of bug 13399; bugfix
+ on 0.2.3.1-alpha.
+ - Reset a router's status if its microdescriptor digest changes,
+ even if the first 160 bits remain the same. Fixes part of bug
+ 13399; bugfix on 0.2.3.1-alpha.
+
+ o Minor bugfixes (client, torrc):
+ - Stop modifying the value of our DirReqStatistics torrc option just
+ because we're not a bridge or relay. This bug was causing Tor
+ Browser users to write "DirReqStatistics 0" in their torrc files
+ as if they had chosen to change the config. Fixes bug 4244; bugfix
+ on 0.2.3.1-alpha.
+ - When GeoIPExcludeUnknown is enabled, do not incorrectly decide
+ that our options have changed every time we SIGHUP. Fixes bug
+ 9801; bugfix on 0.2.4.10-alpha. Patch from "qwerty1".
+
+ o Minor bugfixes (compilation):
+ - Fix a compilation warning on s390. Fixes bug 14988; bugfix
+ on 0.2.5.2-alpha.
+ - Silence clang warnings under --enable-expensive-hardening,
+ including implicit truncation of 64 bit values to 32 bit, const
+ char assignment to self, tautological compare, and additional
+ parentheses around equality tests. Fixes bug 13577; bugfix
+ on 0.2.5.4-alpha.
+ - Fix a clang warning about checking whether an address in the
+ middle of a structure is NULL. Fixes bug 14001; bugfix
+ on 0.2.1.2-alpha.
+ - The address of an array in the middle of a structure will always
+ be non-NULL. clang recognises this and complains. Disable the
+ tautologous and redundant check to silence this warning. Fixes bug
+ 14001; bugfix on 0.2.1.2-alpha.
+ - Compile correctly with (unreleased) OpenSSL 1.1.0 headers.
+ Addresses ticket 14188.
+ - Build without warnings with the stock OpenSSL srtp.h header, which
+ has a duplicate declaration of SSL_get_selected_srtp_profile().
+ Fixes bug 14220; this is OpenSSL's bug, not ours.
+ - Do not compile any code related to Tor2Web mode when Tor2Web mode
+ is not enabled at compile time. Previously, this code was included
+ in a disabled state. See discussion on ticket 12844.
+ - Allow our configure script to build correctly with autoconf 2.62
+ again. Fixes bug 12693; bugfix on 0.2.5.2-alpha.
+ - Improve the error message from ./configure to make it clear that
+ when asciidoc has not been found, the user will have to either add
+ --disable-asciidoc argument or install asciidoc. Resolves
+ ticket 13228.
+
+ o Minor bugfixes (controller):
+ - Report "down" in response to the "GETINFO entry-guards" command
+ when relays are down with an unreachable_since value. Previously,
+ we would report "up". Fixes bug 14184; bugfix on 0.1.2.2-alpha.
+ - Avoid crashing on a malformed EXTENDCIRCUIT command. Fixes bug
+ 14116; bugfix on 0.2.2.9-alpha.
+
+ o Minor bugfixes (controller):
+ - Return an error when the second or later arguments of the
+ "setevents" controller command are invalid events. Previously we
+ would return success while silently skipping invalid events. Fixes
+ bug 13205; bugfix on 0.2.3.2-alpha. Reported by "fpxnns".
+
+ o Minor bugfixes (directory authority):
+ - Allow directory authorities to fetch more data from one another if
+ they find themselves missing lots of votes. Previously, they had
+ been bumping against the 10 MB queued data limit. Fixes bug 14261;
+ bugfix on 0.1.2.5-alpha.
+ - Do not attempt to download extrainfo documents which we will be
+ unable to validate with a matching server descriptor. Fixes bug
+ 13762; bugfix on 0.2.0.1-alpha.
+ - Fix a bug that was truncating AUTHDIR_NEWDESC events sent to the
+ control port. Fixes bug 14953; bugfix on 0.2.0.1-alpha.
+ - Enlarge the buffer to read bwauth generated files to avoid an
+ issue when parsing the file in dirserv_read_measured_bandwidths().
+ Fixes bug 14125; bugfix on 0.2.2.1-alpha.
+ - When running as a v3 directory authority, advertise that you serve
+ extra-info documents so that clients who want them can find them
+ from you too. Fixes part of bug 11683; bugfix on 0.2.0.1-alpha.
+
+ o Minor bugfixes (directory system):
+ - Always believe that v3 directory authorities serve extra-info
+ documents, whether they advertise "caches-extra-info" or not.
+ Fixes part of bug 11683; bugfix on 0.2.0.1-alpha.
+ - Check the BRIDGE_DIRINFO flag bitwise rather than using equality.
+ Previously, directories offering BRIDGE_DIRINFO and some other
+ flag (i.e. microdescriptors or extrainfo) would be ignored when
+ looking for bridges. Partially fixes bug 13163; bugfix
+ on 0.2.0.7-alpha.
+
+ o Minor bugfixes (file handling):
+ - Stop failing when key files are zero-length. Instead, generate new
+ keys, and overwrite the empty key files. Fixes bug 13111; bugfix
+ on all versions of Tor. Patch by "teor".
+ - Stop generating a fresh .old RSA onion key file when the .old file
+ is missing. Fixes part of 13111; bugfix on 0.0.6rc1.
+ - Avoid overwriting .old key files with empty key files.
+ - Skip loading zero-length extrainfo store, router store, stats,
+ state, and key files.
+ - Avoid crashing when trying to reload a torrc specified as a
+ relative path with RunAsDaemon turned on. Fixes bug 13397; bugfix
+ on 0.2.3.11-alpha.
+
+ o Minor bugfixes (hidden services):
+ - Close the introduction circuit when we have no more usable intro
+ points, instead of waiting for it to time out. This also ensures
+ that no follow-up HS descriptor fetch is triggered when the
+ circuit eventually times out. Fixes bug 14224; bugfix on 0.0.6.
+ - When fetching a hidden service descriptor for a down service that
+ was recently up, do not keep refetching until we try the same
+ replica twice in a row. Fixes bug 14219; bugfix on 0.2.0.10-alpha.
+ - Correctly send a controller event when we find that a rendezvous
+ circuit has finished. Fixes bug 13936; bugfix on 0.1.1.5-alpha.
+ - Pre-check directory permissions for new hidden-services to avoid
+ at least one case of "Bug: Acting on config options left us in a
+ broken state. Dying." Fixes bug 13942; bugfix on 0.0.6pre1.
+ - When fetching hidden service descriptors, we now check not only
+ for whether we got the hidden service we had in mind, but also
+ whether we got the particular descriptors we wanted. This prevents
+ a class of inefficient but annoying DoS attacks by hidden service
+ directories. Fixes bug 13214; bugfix on 0.2.1.6-alpha. Reported
+ by "special".
+
+ o Minor bugfixes (Linux seccomp2 sandbox):
+ - Make transparent proxy support work along with the seccomp2
+ sandbox. Fixes part of bug 13808; bugfix on 0.2.5.1-alpha. Patch
+ by Francisco Blas Izquierdo Riera.
+ - Fix a memory leak in tor-resolve when running with the sandbox
+ enabled. Fixes bug 14050; bugfix on 0.2.5.9-rc.
+ - Allow glibc fatal errors to be sent to stderr before Tor exits.
+ Previously, glibc would try to write them to /dev/tty, and the
+ sandbox would trap the call and make Tor exit prematurely. Fixes
+ bug 14759; bugfix on 0.2.5.1-alpha.
+
+ o Minor bugfixes (logging):
+ - Avoid crashing when there are more log domains than entries in
+ domain_list. Bugfix on 0.2.3.1-alpha.
+ - Downgrade warnings about RSA signature failures to info log level.
+ Emit a warning when an extra info document is found incompatible
+ with a corresponding router descriptor. Fixes bug 9812; bugfix
+ on 0.0.6rc3.
+ - Make connection_ap_handshake_attach_circuit() log the circuit ID
+ correctly. Fixes bug 13701; bugfix on 0.0.6.
+
+ o Minor bugfixes (networking):
+ - Check for orconns and use connection_or_close_for_error() rather
+ than connection_mark_for_close() directly in the getsockopt()
+ failure case of connection_handle_write_impl(). Fixes bug 11302;
+ bugfix on 0.2.4.4-alpha.
+
+ o Minor bugfixes (parsing):
+ - Stop accepting milliseconds (or other junk) at the end of
+ descriptor publication times. Fixes bug 9286; bugfix on 0.0.2pre25.
+ - Support two-number and three-number version numbers correctly, in
+ case we change the Tor versioning system in the future. Fixes bug
+ 13661; bugfix on 0.0.8pre1.
+
+ o Minor bugfixes (portability):
+ - Fix the ioctl()-based network interface lookup code so that it
+ will work on systems that have variable-length struct ifreq, for
+ example Mac OS X.
+ - Use the correct datatype in the SipHash-2-4 function to prevent
+ compilers from assuming any sort of alignment. Fixes bug 15436;
+ bugfix on 0.2.5.3-alpha.
+
+ o Minor bugfixes (preventative security, C safety):
+ - When reading a hexadecimal, base-32, or base-64 encoded value from
+ a string, always overwrite the whole output buffer. This prevents
+ some bugs where we would look at (but fortunately, not reveal)
+ uninitialized memory on the stack. Fixes bug 14013; bugfix on all
+ versions of Tor.
+ - Clear all memory targetted by tor_addr_{to,from}_sockaddr(), not
+ just the part that's used. This makes it harder for data leak bugs
+ to occur in the event of other programming failures. Resolves
+ ticket 14041.
+
+ o Minor bugfixes (relay):
+ - When generating our family list, remove spaces from around the
+ entries. Fixes bug 12728; bugfix on 0.2.1.7-alpha.
+ - If our previous bandwidth estimate was 0 bytes, allow publishing a
+ new relay descriptor immediately. Fixes bug 13000; bugfix
+ on 0.1.1.6-alpha.
+
+ o Minor bugfixes (shutdown):
+ - When shutting down, always call event_del() on lingering read or
+ write events before freeing them. Otherwise, we risk double-frees
+ or read-after-frees in event_base_free(). Fixes bug 12985; bugfix
+ on 0.1.0.2-rc.
+
+ o Minor bugfixes (small memory leaks):
+ - Avoid leaking memory when using IPv6 virtual address mappings.
+ Fixes bug 14123; bugfix on 0.2.4.7-alpha. Patch by Tom van
+ der Woerdt.
+
+ o Minor bugfixes (statistics):
+ - Increase period over which bandwidth observations are aggregated
+ from 15 minutes to 4 hours. Fixes bug 13988; bugfix on 0.0.8pre1.
+
+ o Minor bugfixes (systemd support):
+ - Run correctly under systemd with the RunAsDaemon option set. Fixes
+ part of bug 14141; bugfix on 0.2.5.7-rc. Patch from Tomasz Torcz.
+ - Inform the systemd supervisor about more changes in the Tor
+ process status. Implements part of ticket 14141. Patch from
+ Tomasz Torcz.
+
+ o Minor bugfixes (testing networks):
+ - Fix TestingDirAuthVoteGuard to properly give out Guard flags in a
+ testing network. Fixes bug 13064; bugfix on 0.2.5.2-alpha.
+ - Stop using the default authorities in networks which provide both
+ AlternateDirAuthority and AlternateBridgeAuthority. Partially
+ fixes bug 13163; bugfix on 0.2.0.13-alpha.
+
+ o Minor bugfixes (testing networks, fast startup):
+ - Allow Tor to build circuits using a consensus with no exits. If
+ the consensus has no exits (typical of a bootstrapping test
+ network), allow Tor to build circuits once enough descriptors have
+ been downloaded. This assists in bootstrapping a testing Tor
+ network. Fixes bug 13718; bugfix on 0.2.4.10-alpha. Patch
+ by "teor".
+ - When V3AuthVotingInterval is low, give a lower If-Modified-Since
+ header to directory servers. This allows us to obtain consensuses
+ promptly when the consensus interval is very short. This assists
+ in bootstrapping a testing Tor network. Fixes parts of bugs 13718
+ and 13963; bugfix on 0.2.0.3-alpha. Patch by "teor".
+ - Stop assuming that private addresses are local when checking
+ reachability in a TestingTorNetwork. Instead, when testing, assume
+ all OR connections are remote. (This is necessary due to many test
+ scenarios running all relays on localhost.) This assists in
+ bootstrapping a testing Tor network. Fixes bug 13924; bugfix on
+ 0.1.0.1-rc. Patch by "teor".
+ - Avoid building exit circuits from a consensus with no exits. Now
+ thanks to our fix for 13718, we accept a no-exit network as not
+ wholly lost, but we need to remember not to try to build exit
+ circuits on it. Closes ticket 13814; patch by "teor".
+ - Stop requiring exits to have non-zero bandwithcapacity in a
+ TestingTorNetwork. Instead, when TestingMinExitFlagThreshold is 0,
+ ignore exit bandwidthcapacity. This assists in bootstrapping a
+ testing Tor network. Fixes parts of bugs 13718 and 13839; bugfix
+ on 0.2.0.3-alpha. Patch by "teor".
+ - Add "internal" to some bootstrap statuses when no exits are
+ available. If the consensus does not contain Exits, Tor will only
+ build internal circuits. In this case, relevant statuses will
+ contain the word "internal" as indicated in the Tor control-
+ spec.txt. When bootstrap completes, Tor will be ready to build
+ internal circuits. If a future consensus contains Exits, exit
+ circuits may become available. Fixes part of bug 13718; bugfix on
+ 0.2.4.10-alpha. Patch by "teor".
+ - Decrease minimum consensus interval to 10 seconds when
+ TestingTorNetwork is set, or 5 seconds for the first consensus.
+ Fix assumptions throughout the code that assume larger intervals.
+ Fixes bugs 13718 and 13823; bugfix on 0.2.0.3-alpha. Patch
+ by "teor".
+ - Avoid excluding guards from path building in minimal test
+ networks, when we're in a test network and excluding guards would
+ exclude all relays. This typically occurs in incredibly small tor
+ networks, and those using "TestingAuthVoteGuard *". Fixes part of
+ bug 13718; bugfix on 0.1.1.11-alpha. Patch by "teor".
+
+ o Minor bugfixes (testing):
+ - Avoid a side-effect in a tor_assert() in the unit tests. Fixes bug
+ 15188; bugfix on 0.1.2.3-alpha. Patch from Tom van der Woerdt.
+ - Stop spawn test failures due to a race condition between the
+ SIGCHLD handler updating the process status, and the test reading
+ it. Fixes bug 13291; bugfix on 0.2.3.3-alpha.
+ - Avoid passing an extra backslash when creating a temporary
+ directory for running the unit tests on Windows. Fixes bug 12392;
+ bugfix on 0.2.2.25-alpha. Patch from Gisle Vanem.
+
+ o Minor bugfixes (TLS):
+ - Check more thoroughly throughout the TLS code for possible
+ unlogged TLS errors. Possible diagnostic or fix for bug 13319.
+
+ o Minor bugfixes (transparent proxy):
+ - Use getsockname, not getsockopt, to retrieve the address for a
+ TPROXY-redirected connection. Fixes bug 13796; bugfix
+ on 0.2.5.2-alpha.
+
+ o Minor bugfixes (windows):
+ - Remove code to special-case handling of NTE_BAD_KEYSET when
+ acquiring windows CryptoAPI context. This error can't actually
+ occur for the parameters we're providing. Fixes bug 10816; bugfix
+ on 0.0.2pre26.
+
+ o Minor bugfixes (zlib):
+ - Avoid truncating a zlib stream when trying to finalize it with an
+ empty output buffer. Fixes bug 11824; bugfix on 0.1.1.23.
+
+ o Code simplification and refactoring:
+ - Change the entry_is_live() function to take named bitfield
+ elements instead of an unnamed list of booleans. Closes
+ ticket 12202.
+ - Refactor and unit-test entry_is_time_to_retry() in entrynodes.c.
+ Resolves ticket 12205.
+ - Use calloc and reallocarray functions instead of multiply-
+ then-malloc. This makes it less likely for us to fall victim to an
+ integer overflow attack when allocating. Resolves ticket 12855.
+ - Use the standard macro name SIZE_MAX, instead of our
+ own SIZE_T_MAX.
+ - Document usage of the NO_DIRINFO and ALL_DIRINFO flags clearly in
+ functions which take them as arguments. Replace 0 with NO_DIRINFO
+ in a function call for clarity. Seeks to prevent future issues
+ like 13163.
+ - Avoid 4 null pointer errors under clang static analysis by using
+ tor_assert() to prove that the pointers aren't null. Fixes
+ bug 13284.
+ - Rework the API of policies_parse_exit_policy() to use a bitmask to
+ represent parsing options, instead of a confusing mess of
+ booleans. Resolves ticket 8197.
+ - Introduce a helper function to parse ExitPolicy in
+ or_options_t structure.
+ - Move fields related to isolating and configuring client ports into
+ a shared structure. Previously, they were duplicated across
+ port_cfg_t, listener_connection_t, and edge_connection_t. Failure
+ to copy them correctly had been the cause of at least one bug in
+ the past. Closes ticket 8546.
+ - Refactor the get_interface_addresses_raw() doom-function into
+ multiple smaller and simpler subfunctions. Cover the resulting
+ subfunctions with unit-tests. Fixes a significant portion of
+ issue 12376.
+ - Remove workaround in dirserv_thinks_router_is_hs_dir() that was
+ only for version <= 0.2.2.24 which is now deprecated. Closes
+ ticket 14202.
+ - Remove a test for a long-defunct broken version-one
+ directory server.
+ - Refactor main loop to extract the 'loop' part. This makes it
+ easier to run Tor under Shadow. Closes ticket 15176.
+ - Stop using can_complete_circuits as a global variable; access it
+ with a function instead.
+ - Avoid using operators directly as macro arguments: this lets us
+ apply coccinelle transformations to our codebase more directly.
+ Closes ticket 13172.
+ - Combine the functions used to parse ClientTransportPlugin and
+ ServerTransportPlugin into a single function. Closes ticket 6456.
+ - Add inline functions and convenience macros for inspecting channel
+ state. Refactor the code to use convenience macros instead of
+ checking channel state directly. Fixes issue 7356.
+ - Document all members of was_router_added_t and rename
+ ROUTER_WAS_NOT_NEW to ROUTER_IS_ALREADY_KNOWN to make it less
+ confusable with ROUTER_WAS_TOO_OLD. Fixes issue 13644.
+ - In connection_exit_begin_conn(), use END_CIRC_REASON_TORPROTOCOL
+ constant instead of hardcoded value. Fixes issue 13840.
+ - Refactor our generic strmap and digestmap types into a single
+ implementation, so that we can add a new digest256map
+ type trivially.
+
+ o Documentation:
+ - Add a doc/TUNING document with tips for handling large numbers of
+ TCP connections when running busy Tor relay. Update the warning
+ message to point to this file when running out of sockets
+ operating system is allowing to use simultaneously. Resolves
+ ticket 9708.
+ - Adding section on OpenBSD to our TUNING document. Thanks to mmcc
+ for writing the OpenBSD-specific tips. Resolves ticket 13702.
+ - Make the tor-resolve documentation match its help string and its
+ options. Resolves part of ticket 14325.
+ - Log a more useful error message from tor-resolve when failing to
+ look up a hidden service address. Resolves part of ticket 14325.
+ - Document the bridge-authority-only 'networkstatus-bridges' file.
+ Closes ticket 13713; patch from "tom".
+ - Fix typo in PredictedPortsRelevanceTime option description in
+ manpage. Resolves issue 13707.
+ - Stop suggesting that users specify relays by nickname: it isn't a
+ good idea. Also, properly cross-reference how to specify relays in
+ all parts of manual documenting options that take a list of
+ relays. Closes ticket 13381.
+ - Clarify the HiddenServiceDir option description in manpage to make
+ it clear that relative paths are taken with respect to the current
+ working directory. Also clarify that this behavior is not
+ guaranteed to remain indefinitely. Fixes issue 13913.
+
+ o Distribution (systemd):
+ - systemd unit file: only allow tor to write to /var/lib/tor and
+ /var/log/tor. The rest of the filesystem is accessible for reading
+ only. Patch by intrigeri; resolves ticket 12751.
+ - systemd unit file: ensure that the process and all its children
+ can never gain new privileges. Patch by intrigeri; resolves
+ ticket 12939.
+ - systemd unit file: set up /var/run/tor as writable for the Tor
+ service. Patch by intrigeri; resolves ticket 13196.
+
+ o Downgraded warnings:
+ - Don't warn when we've attempted to contact a relay using the wrong
+ ntor onion key. Closes ticket 9635.
+
+ o Removed code:
+ - Remove some lingering dead code that once supported mempools.
+ Mempools were disabled by default in 0.2.5, and removed entirely
+ in 0.2.6.3-alpha. Closes more of ticket 14848; patch
+ by "cypherpunks".
+
+ o Removed features (directory authorities):
+ - Remove code that prevented authorities from listing Tor relays
+ affected by CVE-2011-2769 as guards. These relays are already
+ rejected altogether due to the minimum version requirement of
+ 0.2.3.16-alpha. Closes ticket 13152.
+ - The "AuthDirRejectUnlisted" option no longer has any effect, as
+ the fingerprints file (approved-routers) has been deprecated.
+ - Directory authorities do not support being Naming dirauths anymore.
+ The "NamingAuthoritativeDir" config option is now obsolete.
+ - Directory authorities do not support giving out the BadDirectory
+ flag anymore.
+ - Directory authorities no longer advertise or support consensus
+ methods 1 through 12 inclusive. These consensus methods were
+ obsolete and/or insecure: maintaining the ability to support them
+ served no good purpose. Implements part of proposal 215; closes
+ ticket 10163.
+
+ o Removed features:
+ - To avoid confusion with the "ExitRelay" option, "ExitNode" is no
+ longer silently accepted as an alias for "ExitNodes".
+ - The --enable-mempool and --enable-buf-freelists options, which
+ were originally created to work around bad malloc implementations,
+ no longer exist. They were off-by-default in 0.2.5. Closes
+ ticket 14848.
+ - We no longer remind the user about configuration options that have
+ been obsolete since 0.2.3.x or earlier. Patch by Adrien Bak.
+ - Remove our old, non-weighted bandwidth-based node selection code.
+ Previously, we used it as a fallback when we couldn't perform
+ weighted bandwidth-based node selection. But that would only
+ happen in the cases where we had no consensus, or when we had a
+ consensus generated by buggy or ancient directory authorities. In
+ either case, it's better to use the more modern, better maintained
+ algorithm, with reasonable defaults for the weights. Closes
+ ticket 13126.
+ - Remove the --disable-curve25519 configure option. Relays and
+ clients now are required to support curve25519 and the
+ ntor handshake.
+ - The old "StrictEntryNodes" and "StrictExitNodes" options, which
+ used to be deprecated synonyms for "StrictNodes", are now marked
+ obsolete. Resolves ticket 12226.
+ - Clients don't understand the BadDirectory flag in the consensus
+ anymore, and ignore it.
+
+ o Removed platform support:
+ - We no longer include special code to build on Windows CE; as far
+ as we know, nobody has used Tor on Windows CE in a very long time.
+ Closes ticket 11446.
+
+ o Testing (test-network.sh):
+ - Stop using "echo -n", as some shells' built-in echo doesn't
+ support "-n". Instead, use "/bin/echo -n". Partially fixes
+ bug 13161.
+ - Stop an apparent test-network hang when used with make -j2. Fixes
+ bug 13331.
+ - Add a --delay option to test-network.sh, which configures the
+ delay before the chutney network tests for data transmission.
+ Partially implements ticket 13161.
+
+ o Testing:
+ - Test that tor does not fail when key files are zero-length. Check
+ that tor generates new keys, and overwrites the empty key files.
+ - Test that tor generates new keys when keys are missing
+ (existing behavior).
+ - Test that tor does not overwrite key files that already contain
+ data (existing behavior). Tests bug 13111. Patch by "teor".
+ - New "make test-stem" target to run stem integration tests.
+ Requires that the "STEM_SOURCE_DIR" environment variable be set.
+ Closes ticket 14107.
+ - Make the test_cmdline_args.py script work correctly on Windows.
+ Patch from Gisle Vanem.
+ - Move the slower unit tests into a new "./src/test/test-slow"
+ binary that can be run independently of the other tests. Closes
+ ticket 13243.
+ - New tests for many parts of channel, relay, and circuitmux
+ functionality. Code by Andrea; part of 9262.
+ - New tests for parse_transport_line(). Part of ticket 6456.
+ - In the unit tests, use chgrp() to change the group of the unit
+ test temporary directory to the current user, so that the sticky
+ bit doesn't interfere with tests that check directory groups.
+ Closes 13678.
+ - Add unit tests for resolve_my_addr(). Part of ticket 12376; patch
+ by 'rl1987'.
+ - Refactor the function that chooses guard nodes so that it can more
+ easily be tested; write some tests for it.
+ - Fix and re-enable the fgets_eagain unit test. Fixes bug 12503;
+ bugfix on 0.2.3.1-alpha. Patch from "cypherpunks."
+ - Create unit tests for format_time_interval(). With bug 13393.
+ - Add unit tests for tor_timegm signed overflow, tor_timegm and
+ parse_rfc1123_time validity checks, correct_tm year clamping. Unit
+ tests (visible) fixes in bug 13476.
+ - Add a "coverage-html" make target to generate HTML-visualized
+ coverage results when building with --enable-coverage. (Requires
+ lcov.) Patch from Kevin Murray.
+ - Enable the backtrace handler (where supported) when running the
+ unit tests.
+ - Revise all unit tests that used the legacy test_* macros to
+ instead use the recommended tt_* macros. This patch was generated
+ with coccinelle, to avoid manual errors. Closes ticket 13119.
+
+Changes in version 0.2.5.11 - 2015-03-17
+ Tor 0.2.5.11 is the second stable release in the 0.2.5 series.
+
+ It backports several bugfixes from the 0.2.6 branch, including a
+ couple of medium-level security fixes for relays and exit nodes.
+ It also updates the list of directory authorities.
+
+ o Directory authority changes:
+ - Remove turtles as a directory authority.
+ - Add longclaw as a new (v3) directory authority. This implements
+ ticket 13296. This keeps the directory authority count at 9.
+ - The directory authority Faravahar has a new IP address. This
+ closes ticket 14487.
+
+ o Major bugfixes (crash, OSX, security):
+ - Fix a remote denial-of-service opportunity caused by a bug in
+ OSX's _strlcat_chk() function. Fixes bug 15205; bug first appeared
+ in OSX 10.9.
+
+ o Major bugfixes (relay, stability, possible security):
+ - Fix a bug that could lead to a relay crashing with an assertion
+ failure if a buffer of exactly the wrong layout was passed to
+ buf_pullup() at exactly the wrong time. Fixes bug 15083; bugfix on
+ 0.2.0.10-alpha. Patch from 'cypherpunks'.
+ - Do not assert if the 'data' pointer on a buffer is advanced to the
+ very end of the buffer; log a BUG message instead. Only assert if
+ it is past that point. Fixes bug 15083; bugfix on 0.2.0.10-alpha.
+
+ o Major bugfixes (exit node stability):
+ - Fix an assertion failure that could occur under high DNS load.
+ Fixes bug 14129; bugfix on Tor 0.0.7rc1. Found by "jowr";
+ diagnosed and fixed by "cypherpunks".
+
+ o Major bugfixes (Linux seccomp2 sandbox):
+ - Upon receiving sighup with the seccomp2 sandbox enabled, do not
+ crash during attempts to call wait4. Fixes bug 15088; bugfix on
+ 0.2.5.1-alpha. Patch from "sanic".
+
+ o Minor features (controller):
+ - New "GETINFO bw-event-cache" to get information about recent
+ bandwidth events. Closes ticket 14128. Useful for controllers to
+ get recent bandwidth history after the fix for ticket 13988.
+
+ o Minor features (geoip):
+ - Update geoip to the March 3 2015 Maxmind GeoLite2 Country database.
+ - Update geoip6 to the March 3 2015 Maxmind GeoLite2
+ Country database.
+
+ o Minor bugfixes (client, automapping):
+ - Avoid crashing on torrc lines for VirtualAddrNetworkIPv[4|6] when
+ no value follows the option. Fixes bug 14142; bugfix on
+ 0.2.4.7-alpha. Patch by "teor".
+ - Fix a memory leak when using AutomapHostsOnResolve. Fixes bug
+ 14195; bugfix on 0.1.0.1-rc.
+
+ o Minor bugfixes (compilation):
+ - Build without warnings with the stock OpenSSL srtp.h header, which
+ has a duplicate declaration of SSL_get_selected_srtp_profile().
+ Fixes bug 14220; this is OpenSSL's bug, not ours.
+
+ o Minor bugfixes (directory authority):
+ - Allow directory authorities to fetch more data from one another if
+ they find themselves missing lots of votes. Previously, they had
+ been bumping against the 10 MB queued data limit. Fixes bug 14261;
+ bugfix on 0.1.2.5-alpha.
+ - Enlarge the buffer to read bwauth generated files to avoid an
+ issue when parsing the file in dirserv_read_measured_bandwidths().
+ Fixes bug 14125; bugfix on 0.2.2.1-alpha.
+
+ o Minor bugfixes (statistics):
+ - Increase period over which bandwidth observations are aggregated
+ from 15 minutes to 4 hours. Fixes bug 13988; bugfix on 0.0.8pre1.
+
+ o Minor bugfixes (preventative security, C safety):
+ - When reading a hexadecimal, base-32, or base-64 encoded value from
+ a string, always overwrite the whole output buffer. This prevents
+ some bugs where we would look at (but fortunately, not reveal)
+ uninitialized memory on the stack. Fixes bug 14013; bugfix on all
+ versions of Tor.
+
+
+Changes in version 0.2.4.26 - 2015-03-17
+ Tor 0.2.4.26 includes an updated list of directory authorities. It
+ also backports a couple of stability and security bugfixes from 0.2.5
+ and beyond.
+
+ o Directory authority changes:
+ - Remove turtles as a directory authority.
+ - Add longclaw as a new (v3) directory authority. This implements
+ ticket 13296. This keeps the directory authority count at 9.
+ - The directory authority Faravahar has a new IP address. This
+ closes ticket 14487.
+
+ o Major bugfixes (exit node stability, also in 0.2.6.3-alpha):
+ - Fix an assertion failure that could occur under high DNS load.
+ Fixes bug 14129; bugfix on Tor 0.0.7rc1. Found by "jowr";
+ diagnosed and fixed by "cypherpunks".
+
+ o Major bugfixes (relay, stability, possible security, also in 0.2.6.4-rc):
+ - Fix a bug that could lead to a relay crashing with an assertion
+ failure if a buffer of exactly the wrong layout was passed to
+ buf_pullup() at exactly the wrong time. Fixes bug 15083; bugfix on
+ 0.2.0.10-alpha. Patch from 'cypherpunks'.
+ - Do not assert if the 'data' pointer on a buffer is advanced to the
+ very end of the buffer; log a BUG message instead. Only assert if
+ it is past that point. Fixes bug 15083; bugfix on 0.2.0.10-alpha.
+
+ o Minor features (geoip):
+ - Update geoip to the March 3 2015 Maxmind GeoLite2 Country database.
+ - Update geoip6 to the March 3 2015 Maxmind GeoLite2
+ Country database.
+
Changes in version 0.2.5.10 - 2014-10-24
Tor 0.2.5.10 is the first stable release in the 0.2.5 series.
diff --git a/acinclude.m4 b/acinclude.m4
index 8782a3eeaa..72593881ed 100644
--- a/acinclude.m4
+++ b/acinclude.m4
@@ -137,7 +137,7 @@ dnl
AC_DEFUN([TOR_SEARCH_LIBRARY], [
try$1dir=""
AC_ARG_WITH($1-dir,
- [ --with-$1-dir=PATH Specify path to $1 installation ],
+ AS_HELP_STRING(--with-$1-dir=PATH, [specify path to $1 installation]),
[
if test x$withval != xno ; then
try$1dir="$withval"
diff --git a/changes/15188 b/changes/15188
deleted file mode 100644
index 2065b3974c..0000000000
--- a/changes/15188
+++ /dev/null
@@ -1,3 +0,0 @@
- o Minor bugfixes (testing):
- - Avoid a side-effect in a tor_assert() in the unit tests. Fixes bug
- 15188; bugfix on 0.1.2.3-alpha. Patch from Tom van der Woerdt.
diff --git a/changes/bug11454 b/changes/bug11454
deleted file mode 100644
index b37a7d9728..0000000000
--- a/changes/bug11454
+++ /dev/null
@@ -1,6 +0,0 @@
- o Minor bugfixes (certificate handling):
- - Remove any old authority certificates that have been superseded
- for at least two days. Previously, we would keep superseded
- certificates until they expired, if they were published close
- in time to the certificate that superseded them.
- Fixes bug 11454; bugfix on 0.2.1.8-alpha.
diff --git a/changes/bug11457 b/changes/bug11457
deleted file mode 100644
index cf64c1d10d..0000000000
--- a/changes/bug11457
+++ /dev/null
@@ -1,5 +0,0 @@
- o Minor bugfixes (certificate handling):
- - If an authority operator accidentally makes a signing certificate with
- a future publication time, do not discard its real signing
- certificates. Fixes bug 11457; bugfix on 0.2.0.3-alpha.
-
diff --git a/changes/bug13736 b/changes/bug13736
new file mode 100644
index 0000000000..686d2f1fa2
--- /dev/null
+++ b/changes/bug13736
@@ -0,0 +1,5 @@
+ o Removed features:
+ - Remove the (seldom-used) DynamicDHGroups feature. For
+ anti-fingerprinting we now recommend pluggable transports; for
+ forward-secrecy in TLS, we now use the P-256 group.
+ Closes ticket 13736.
diff --git a/changes/bug14018 b/changes/bug14018
new file mode 100644
index 0000000000..165e0427f5
--- /dev/null
+++ b/changes/bug14018
@@ -0,0 +1,4 @@
+ o Minor features:
+ - Complain (i.e. print a warning) whenever we find a relative
+ file path being used as torrc option. Resolves issue 14018.
+
diff --git a/changes/bug14806 b/changes/bug14806
new file mode 100644
index 0000000000..dd85e785ce
--- /dev/null
+++ b/changes/bug14806
@@ -0,0 +1,3 @@
+ o Minor bugfixes (testing):
+ - Commandline argument tests moved to Stem. Fixes bug 14806.
+
diff --git a/changes/bug14848_redux b/changes/bug14848_redux
deleted file mode 100644
index c10320fb23..0000000000
--- a/changes/bug14848_redux
+++ /dev/null
@@ -1,5 +0,0 @@
- o Removed code:
- - Remove some lingering dead code that once supported mempools. Mempools
- were disabled by default in 0.2.5, and removed entirely in
- 0.2.6.3-alpha. Closes more of ticket 14848; patch by "cypherpunks".
-
diff --git a/changes/bug14922 b/changes/bug14922
new file mode 100644
index 0000000000..65396e4d8f
--- /dev/null
+++ b/changes/bug14922
@@ -0,0 +1,3 @@
+ o Removed code:
+ - Remove the 'tor_strclear()' function; use memwipe() instead.
+ Closes ticket 14922. \ No newline at end of file
diff --git a/changes/bug14950 b/changes/bug14950
deleted file mode 100644
index 33cea9cb58..0000000000
--- a/changes/bug14950
+++ /dev/null
@@ -1,3 +0,0 @@
- o Minor features (logs):
- - Quiet some log messages in the heartbeat and at startup. Closes
- ticket 14950. \ No newline at end of file
diff --git a/changes/bug14980 b/changes/bug14980
deleted file mode 100644
index b873bb009c..0000000000
--- a/changes/bug14980
+++ /dev/null
@@ -1,4 +0,0 @@
- o Minor bugfixes (testing):
- - Fix endianness issues in unit test for resolve_my_address() to
- have it pass on big endian systems. Fixes bug 14980; bugfix on
- Tor 0.2.6.3-alpha.
diff --git a/changes/bug14987b-doc b/changes/bug14987b-doc
new file mode 100644
index 0000000000..b8b239292e
--- /dev/null
+++ b/changes/bug14987b-doc
@@ -0,0 +1,4 @@
+ o Documentation:
+ - Standardize on the term "server descriptor" in the manual page.
+ Previously, we had used "router descriptor", "server descriptor",
+ and "relay descriptor" interchangeably. Part of ticket 14987.
diff --git a/changes/bug14988 b/changes/bug14988
deleted file mode 100644
index 67dc96e443..0000000000
--- a/changes/bug14988
+++ /dev/null
@@ -1,4 +0,0 @@
- o Minor bugfixes (compilation):
- - Fix a compilation warning on s390. Fixes bug 14988; bugfix on
- 0.2.5.2-alpha.
-
diff --git a/changes/bug14989 b/changes/bug14989
deleted file mode 100644
index f4432d468b..0000000000
--- a/changes/bug14989
+++ /dev/null
@@ -1,4 +0,0 @@
- o Major bugfixes (Linux seccomp2 sandbox):
- - Pass IPPROTO_TCP rather than 0 to socket(), so that the
- Linux seccomp2 sandbox doesn't fail. Fixes bug 14989;
- bugfix on 0.2.6.3-alpha.
diff --git a/changes/bug14994 b/changes/bug14994
new file mode 100644
index 0000000000..aafeac4b2a
--- /dev/null
+++ b/changes/bug14994
@@ -0,0 +1,8 @@
+ o Minor bugfixes (command-line interface):
+ - When "--quiet" is provided along with "--validate-config", do not
+ write anything to stdout on success. Fixes bug 14994; bugfix on
+ 0.2.3.3-alpha.
+ - When complaining about bad arguments to "--dump-config", use
+ stderr, not stdout.
+
+
diff --git a/changes/bug15003 b/changes/bug15003
deleted file mode 100644
index 2dcce74dfe..0000000000
--- a/changes/bug15003
+++ /dev/null
@@ -1,3 +0,0 @@
- o Major bugfixes (linux seccomp2 sandbox):
- - Allow AF_UNIX hidden services to be used with the seccomp2 sandbox.
- Fixes bug 15003; bugfix on 0.2.6.3-alpha.
diff --git a/changes/bug15033 b/changes/bug15033
deleted file mode 100644
index 953e6c3d59..0000000000
--- a/changes/bug15033
+++ /dev/null
@@ -1,4 +0,0 @@
- o Minor bugfixes (tests):
- - When running the zero-length-keys check, do not use the default
- torrc file. Fixes bug 15033; bugfix on 0.2.6.3-alpha. Reported
- by "reezer".
diff --git a/changes/bug15037 b/changes/bug15037
deleted file mode 100644
index 587d63186e..0000000000
--- a/changes/bug15037
+++ /dev/null
@@ -1,4 +0,0 @@
- o Minor bugfixes (testing):
- - When running the new 'make test-stem' target, use the configured
- python binary. Fixes bug 15037; bugfix on 0.2.6.3-alpha. Patch
- from "cypherpunks".
diff --git a/changes/bug15053 b/changes/bug15053
new file mode 100644
index 0000000000..5dde9d7a97
--- /dev/null
+++ b/changes/bug15053
@@ -0,0 +1,4 @@
+ o Minor bugfixes (build):
+ - Improve out-of-tree builds by making non-standard rules work and clean up
+ additional files and directories. Fixes bug 15053; bugfix on
+ 0.2.7.0-alpha.
diff --git a/changes/bug15064 b/changes/bug15064
deleted file mode 100644
index e6bd747b1f..0000000000
--- a/changes/bug15064
+++ /dev/null
@@ -1,4 +0,0 @@
- o Major bugfixes (FreeBSD IPFW transparent proxy):
- - Fix address detection with FreeBSD transparent proxies,
- when "TransProxyType ipfw" is in use.
- Fixes bug 15064; bugfix on 0.2.5.4-alpha.
diff --git a/changes/bug15083 b/changes/bug15083
deleted file mode 100644
index 5cc79b5ba1..0000000000
--- a/changes/bug15083
+++ /dev/null
@@ -1,10 +0,0 @@
- o Major bugfixes (relay, stability, possible security):
- - Fix a bug that could lead to a relay crashing with an assertion
- failure if a buffer of exactly the wrong layout was passed
- to buf_pullup() at exactly the wrong time. Fixes bug 15083;
- bugfix on 0.2.0.10-alpha. Patch from 'cypherpunks'.
-
- - Do not assert if the 'data' pointer on a buffer is advanced to the very
- end of the buffer; log a BUG message instead. Only assert if it is
- past that point. Fixes bug 15083; bugfix on 0.2.0.10-alpha.
-
diff --git a/changes/bug15088 b/changes/bug15088
deleted file mode 100644
index 95878bdb39..0000000000
--- a/changes/bug15088
+++ /dev/null
@@ -1,4 +0,0 @@
- o Minor bugfixes (Linux seccomp2 sandbox):
- - Upon receiving sighup, do not crash during attempts to call
- wait4. Fixes bug 15088; bugfix on 0.2.5.1-alpha. Patch from
- "sanic".
diff --git a/changes/bug15151 b/changes/bug15151
deleted file mode 100644
index b9c3061554..0000000000
--- a/changes/bug15151
+++ /dev/null
@@ -1,3 +0,0 @@
- o Minor bugfixes (compilation):
- - Fix a compilation warning on FreeBSD. Fixes bug 15151; bugfix on
- 0.2.6.2-alpha.
diff --git a/changes/bug15205 b/changes/bug15205
deleted file mode 100644
index 0cb9f3f4bc..0000000000
--- a/changes/bug15205
+++ /dev/null
@@ -1,5 +0,0 @@
- o Major bugfixes (crash, OSX, security):
- - Fix a remote denial-of-service opportunity caused by a bug
- in OSX's _strlcat_chk() function. Fixes bug 15205; bug first
- appeared in OSX 10.9.
-
diff --git a/changes/bug15211 b/changes/bug15211
new file mode 100644
index 0000000000..24c189dbfd
--- /dev/null
+++ b/changes/bug15211
@@ -0,0 +1,6 @@
+ o Minor bugfixes:
+ - Remove side-effects from tor_assert() calls. This was harmless,
+ because we never disable assertions, but it is bad style and
+ unnecessary. Fixes bug 15211; bugfix on 0.2.5.5, 0.2.2.36, and
+ 0.2.0.10.
+
diff --git a/changes/bug15240 b/changes/bug15240
deleted file mode 100644
index e11f804a12..0000000000
--- a/changes/bug15240
+++ /dev/null
@@ -1,6 +0,0 @@
- o Minor bugfixes (pluggable transports):
- - Initialize the extended OR Port authentication cookie before launching
- pluggable transports. This prevents a race condition that occured when
- server-side pluggable transports would cache the authentication cookie
- before it has been (re)generated. Fixes bug 15240; bugfix on
- 0.2.5.1-alpha.
diff --git a/changes/bug15245 b/changes/bug15245
deleted file mode 100644
index 520a370eeb..0000000000
--- a/changes/bug15245
+++ /dev/null
@@ -1,5 +0,0 @@
- o Major bugfixes:
- - Avoid crashing when making certain configuration option changes
- on clients. Fixes bug 15245; bugfix on 0.2.6.3-alpha. Reported
- by "anonym".
-
diff --git a/changes/bug15269 b/changes/bug15269
new file mode 100644
index 0000000000..e6b2b24221
--- /dev/null
+++ b/changes/bug15269
@@ -0,0 +1,7 @@
+ o Minor bugfixes (logs):
+ - When building Tor under Clang, do not include an extra set of
+ parentheses in log messages that include function names.
+ Fixes bug 15053; bugfix on every released version of Tor when
+ compiled with recent enough Clang.
+
+
diff --git a/changes/bug15296 b/changes/bug15296
new file mode 100644
index 0000000000..5230a419c1
--- /dev/null
+++ b/changes/bug15296
@@ -0,0 +1,3 @@
+ o Minor bugfixes (hidden service):
+ - Remove an extraneous newline character from the end of hidden
+ service descriptors. Fixes bug 15296; bugfix on 0.2.0.10-alpha.
diff --git a/changes/bug15436 b/changes/bug15436
deleted file mode 100644
index 4fa44d1e16..0000000000
--- a/changes/bug15436
+++ /dev/null
@@ -1,4 +0,0 @@
- o Minor bugfixes (portability):
- - Use the correct datatype in the SipHash-2-4 function to prevent compilers
- from assuming any sort of alignment. Fixes bug 15436; bugfix on
- 0.2.5.3-alpha.
diff --git a/changes/bug9495_redux b/changes/bug9495_redux
deleted file mode 100644
index 74b0cdf2a8..0000000000
--- a/changes/bug9495_redux
+++ /dev/null
@@ -1,4 +0,0 @@
- o Major bugfixes (portability):
- - Do not crash on startup when running on Solaris. Fixes a bug
- related to our fix for 9495; bugfix on 0.2.6.1-alpha. Reported
- by "ruebezahl".
diff --git a/changes/coverage b/changes/coverage
new file mode 100644
index 0000000000..bb7c7cf97a
--- /dev/null
+++ b/changes/coverage
@@ -0,0 +1,6 @@
+ o Minor features:
+ - Remove assertions during builds to determine Tor's test coverage.
+ We don't want to trigger these even in assertions, so including
+ them artificially makes our branch coverage look worse than it is.
+ This patch provides the new test-stem-full and coverage-html-full
+ configure options. Implements ticket 15400.
diff --git a/changes/feature15006 b/changes/feature15006
deleted file mode 100644
index 168a440ba0..0000000000
--- a/changes/feature15006
+++ /dev/null
@@ -1,4 +0,0 @@
- o Minor features (controller):
- - Messages about problems in the bootstrap process now include
- information about the server we were trying to connect to when we
- noticed the problem. Closes ticket 15006.
diff --git a/changes/feature15026 b/changes/feature15026
new file mode 100644
index 0000000000..c732b41e5d
--- /dev/null
+++ b/changes/feature15026
@@ -0,0 +1,5 @@
+ o Minor features (logging):
+ - Include the Tor version in all LD_BUG log messages, since people
+ tend to cut and paste those into the bugtracker. Implements
+ ticket 15026.
+
diff --git a/changes/feature15180 b/changes/feature15180
new file mode 100644
index 0000000000..f73ab965e5
--- /dev/null
+++ b/changes/feature15180
@@ -0,0 +1,3 @@
+ o Minor features (testing):
+ - Add make rule `check-changes` to verify the format of changes files.
+ Closes ticket 15180.
diff --git a/changes/feature15435 b/changes/feature15435
new file mode 100644
index 0000000000..afe36032c3
--- /dev/null
+++ b/changes/feature15435
@@ -0,0 +1,5 @@
+ o Minor features (pluggable Transports):
+ - When launching managed pluggable transports, setup a valid open stdin
+ in the child process that can be used to detect if tor has terminated.
+ The "TOR_PT_EXIT_ON_STDIN_CLOSE" enviornment variable can be used by
+ implementations to detect this new behavior. Resolves ticket 15435.
diff --git a/changes/feature15471 b/changes/feature15471
new file mode 100644
index 0000000000..594adf0f54
--- /dev/null
+++ b/changes/feature15471
@@ -0,0 +1,5 @@
+ o Minor features (pluggable transports):
+ - When launching managed pluggable transports on linux systems,
+ attempt to have the kernel deliver a SIGTERM on tor exit if
+ the pluggable transport process is still running. Resolves
+ ticket 15471.
diff --git a/changes/geoip-march2015 b/changes/geoip-march2015
deleted file mode 100644
index 565781280a..0000000000
--- a/changes/geoip-march2015
+++ /dev/null
@@ -1,3 +0,0 @@
- o Minor features:
- - Update geoip to the March 3 2015 Maxmind GeoLite2 Country database.
-
diff --git a/changes/geoip6-march2015 b/changes/geoip6-march2015
deleted file mode 100644
index 9a38c65e62..0000000000
--- a/changes/geoip6-march2015
+++ /dev/null
@@ -1,3 +0,0 @@
- o Minor features:
- - Update geoip6 to the March 3 2015 Maxmind GeoLite2 Country database.
-
diff --git a/changes/no_digests b/changes/no_digests
new file mode 100644
index 0000000000..1327ac3e77
--- /dev/null
+++ b/changes/no_digests
@@ -0,0 +1,5 @@
+ o Removed features:
+ - Remove the undocumented "--digests" command-line option. It
+ complicated our build process, caused subtle build issues
+ on multiple platforms, and is now redundant since we started
+ including git version identifiers. Closes ticket 14742.
diff --git a/changes/remove_old_version_checks b/changes/remove_old_version_checks
new file mode 100644
index 0000000000..fe4dab9e19
--- /dev/null
+++ b/changes/remove_old_version_checks
@@ -0,0 +1,5 @@
+ o Removed features:
+ - Tor no longer contains workarounds for stat files generated by
+ super-old versions of Tor that didn't choose guards sensibly.
+ - Tor no longer contains checks for ancient directory cache versions
+ that didn't know about microdescriptors.
diff --git a/changes/test-memwipe b/changes/test-memwipe
new file mode 100644
index 0000000000..04a21f75f1
--- /dev/null
+++ b/changes/test-memwipe
@@ -0,0 +1,3 @@
+ o Testing:
+ - Add a test to verify that the compiler does not eliminate our
+ memwipe() implementation. Closes ticket 15377.
diff --git a/changes/ticket14487 b/changes/ticket14487
deleted file mode 100644
index 577337ff24..0000000000
--- a/changes/ticket14487
+++ /dev/null
@@ -1,3 +0,0 @@
- o Directory authority IP change:
- - The directory authority Faravahar has a new IP address. Closes
- ticket 14487.
diff --git a/changes/ticket14710 b/changes/ticket14710
new file mode 100644
index 0000000000..2b6cb2060f
--- /dev/null
+++ b/changes/ticket14710
@@ -0,0 +1,10 @@
+ o Code simplification and refactoring:
+ - Move the hacky fallback code out of get_interface_address6()
+ into separate function and get it covered with unit-tests. Resolves
+ ticket 14710.
+
+ o Minor bugfixes:
+ - When attempting to use fallback technique for network interface
+ lookup, disregard loopback and multicast addresses since they are
+ unsuitable for public communications.
+
diff --git a/changes/ticket15024 b/changes/ticket15024
new file mode 100644
index 0000000000..908177142e
--- /dev/null
+++ b/changes/ticket15024
@@ -0,0 +1,4 @@
+ o Documentation:
+ - Improve the layout and formatting of ./configure --help messages.
+ Closes ticket 15024. Patch from "cypherpunks".
+
diff --git a/changes/ticket15176 b/changes/ticket15176
deleted file mode 100644
index 6d12723728..0000000000
--- a/changes/ticket15176
+++ /dev/null
@@ -1,3 +0,0 @@
- o Code simplification and refactoring:
- - Refactor main loop to extract the 'loop' part. This makes it easier
- to run Tor under Shadow. Closes ticket 15176.
diff --git a/changes/ticket15212 b/changes/ticket15212
deleted file mode 100644
index 2c41e3865c..0000000000
--- a/changes/ticket15212
+++ /dev/null
@@ -1,6 +0,0 @@
- o Minor features (heartbeat):
-
- - On relays, report how many connections we negotiated using each
- version of the Tor link protocols. This information will let us
- know if removing support for very old versions of the Tor
- protocols is harming the network. Closes ticket 15212.
diff --git a/changes/ticket15431 b/changes/ticket15431
new file mode 100644
index 0000000000..ea6821afdf
--- /dev/null
+++ b/changes/ticket15431
@@ -0,0 +1,6 @@
+ o Minor features (testing):
+ - Add unit tests for control_event_is_interesting().
+ Add a compile-time check that the number of events doesn't exceed
+ the capacity of control_event_t.event_mask.
+ Closes ticket 15431, checks for bugs similar to 13085.
+ Patch by "teor".
diff --git a/configure.ac b/configure.ac
index 5ea7708f7d..2c9c7a343f 100644
--- a/configure.ac
+++ b/configure.ac
@@ -3,7 +3,7 @@ dnl Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson
dnl Copyright (c) 2007-2015, The Tor Project, Inc.
dnl See LICENSE for licensing information
-AC_INIT([tor],[0.2.6.6-dev])
+AC_INIT([tor],[0.2.7.0-alpha-dev])
AC_CONFIG_SRCDIR([src/or/main.c])
AC_CONFIG_MACRO_DIR([m4])
AM_INIT_AUTOMAKE
@@ -26,23 +26,23 @@ CPPFLAGS="$CPPFLAGS -I\${top_srcdir}/src/common"
#XXXX020 We should make these enabled or not, before 0.2.0.x-final
AC_ARG_ENABLE(openbsd-malloc,
- AS_HELP_STRING(--enable-openbsd-malloc, Use malloc code from openbsd. Linux only))
+ AS_HELP_STRING(--enable-openbsd-malloc, [use malloc code from OpenBSD. Linux only]))
AC_ARG_ENABLE(instrument-downloads,
- AS_HELP_STRING(--enable-instrument-downloads, Instrument downloads of directory resources etc.))
+ AS_HELP_STRING(--enable-instrument-downloads, [instrument downloads of directory resources etc.]))
AC_ARG_ENABLE(static-openssl,
- AS_HELP_STRING(--enable-static-openssl, Link against a static openssl library. Requires --with-openssl-dir))
+ AS_HELP_STRING(--enable-static-openssl, [link against a static openssl library. Requires --with-openssl-dir]))
AC_ARG_ENABLE(static-libevent,
- AS_HELP_STRING(--enable-static-libevent, Link against a static libevent library. Requires --with-libevent-dir))
+ AS_HELP_STRING(--enable-static-libevent, [link against a static libevent library. Requires --with-libevent-dir]))
AC_ARG_ENABLE(static-zlib,
- AS_HELP_STRING(--enable-static-zlib, Link against a static zlib library. Requires --with-zlib-dir))
+ AS_HELP_STRING(--enable-static-zlib, [link against a static zlib library. Requires --with-zlib-dir]))
AC_ARG_ENABLE(static-tor,
- AS_HELP_STRING(--enable-static-tor, Create an entirely static Tor binary. Requires --with-openssl-dir and --with-libevent-dir and --with-zlib-dir))
+ AS_HELP_STRING(--enable-static-tor, [create an entirely static Tor binary. Requires --with-openssl-dir and --with-libevent-dir and --with-zlib-dir]))
AC_ARG_ENABLE(unittests,
- AS_HELP_STRING(--disable-unittests, [Don't build unit tests for Tor. Risky!]))
+ AS_HELP_STRING(--disable-unittests, [don't build unit tests for Tor. Risky!]))
AC_ARG_ENABLE(coverage,
- AS_HELP_STRING(--enable-coverage, [Enable coverage support in the unit-test build]))
+ AS_HELP_STRING(--enable-coverage, [enable coverage support in the unit-test build]))
AC_ARG_ENABLE(system-torrc,
- AS_HELP_STRING(--disable-system-torrc, [Don't look for a system-wide torrc file]))
+ AS_HELP_STRING(--disable-system-torrc, [don't look for a system-wide torrc file]))
AM_CONDITIONAL(UNITTESTS_ENABLED, test x$enable_unittests != xno)
AM_CONDITIONAL(COVERAGE_ENABLED, test x$enable_coverage = xyes)
@@ -66,7 +66,7 @@ if test x$enable_instrument_downloads = xyes; then
fi
AC_ARG_ENABLE(transparent,
- AS_HELP_STRING(--disable-transparent, disable transparent proxy support),
+ AS_HELP_STRING(--disable-transparent, [disable transparent proxy support]),
[case "${enableval}" in
yes) transparent=true ;;
no) transparent=false ;;
@@ -74,7 +74,7 @@ AC_ARG_ENABLE(transparent,
esac], [transparent=true])
AC_ARG_ENABLE(asciidoc,
- AS_HELP_STRING(--disable-asciidoc, don't use asciidoc (disables building of manpages)),
+ AS_HELP_STRING(--disable-asciidoc, [don't use asciidoc (disables building of manpages)]),
[case "${enableval}" in
yes) asciidoc=true ;;
no) asciidoc=false ;;
@@ -83,7 +83,7 @@ AC_ARG_ENABLE(asciidoc,
# By default, we're not ready to ship a NAT-PMP aware Tor
AC_ARG_ENABLE(nat-pmp,
- AS_HELP_STRING(--enable-nat-pmp, enable NAT-PMP support),
+ AS_HELP_STRING(--enable-nat-pmp, [enable NAT-PMP support]),
[case "${enableval}" in
yes) natpmp=true ;;
no) natpmp=false ;;
@@ -92,7 +92,7 @@ AC_ARG_ENABLE(nat-pmp,
# By default, we're not ready to ship a UPnP aware Tor
AC_ARG_ENABLE(upnp,
- AS_HELP_STRING(--enable-upnp, enable UPnP support),
+ AS_HELP_STRING(--enable-upnp, [enable UPnP support]),
[case "${enableval}" in
yes) upnp=true ;;
no) upnp=false ;;
@@ -101,7 +101,7 @@ AC_ARG_ENABLE(upnp,
# systemd notify support
AC_ARG_ENABLE(systemd,
- AS_HELP_STRING(--enable-systemd, enable systemd notification support),
+ AS_HELP_STRING(--enable-systemd, [enable systemd notification support]),
[case "${enableval}" in
yes) systemd=true ;;
no) systemd=false ;;
@@ -148,24 +148,24 @@ case $host in
esac
AC_ARG_ENABLE(gcc-warnings,
- AS_HELP_STRING(--enable-gcc-warnings, enable verbose warnings))
+ AS_HELP_STRING(--enable-gcc-warnings, [enable verbose warnings]))
AC_ARG_ENABLE(gcc-warnings-advisory,
AS_HELP_STRING(--enable-gcc-warnings-advisory, [enable verbose warnings, excluding -Werror]))
dnl Others suggest '/gs /safeseh /nxcompat /dynamicbase' for non-gcc on Windows
AC_ARG_ENABLE(gcc-hardening,
- AS_HELP_STRING(--disable-gcc-hardening, disable compiler security checks))
+ AS_HELP_STRING(--disable-gcc-hardening, [disable compiler security checks]))
AC_ARG_ENABLE(expensive-hardening,
- AS_HELP_STRING(--enable-expensive-hardening, enable more expensive compiler hardening; makes Tor slower))
+ AS_HELP_STRING(--enable-expensive-hardening, [enable more expensive compiler hardening; makes Tor slower]))
dnl Linker hardening options
dnl Currently these options are ELF specific - you can't use this with MacOSX
AC_ARG_ENABLE(linker-hardening,
- AS_HELP_STRING(--disable-linker-hardening, disable linker security fixups))
+ AS_HELP_STRING(--disable-linker-hardening, [disable linker security fixups]))
AC_ARG_ENABLE(local-appdata,
- AS_HELP_STRING(--enable-local-appdata, default to host local application data paths on Windows))
+ AS_HELP_STRING(--enable-local-appdata, [default to host local application data paths on Windows]))
if test "$enable_local_appdata" = "yes"; then
AC_DEFINE(ENABLE_LOCAL_APPDATA, 1,
[Defined if we default to host local appdata paths on Windows])
@@ -173,22 +173,22 @@ fi
# Tor2web mode flag
AC_ARG_ENABLE(tor2web-mode,
- AS_HELP_STRING(--enable-tor2web-mode, support tor2web non-anonymous mode),
+ AS_HELP_STRING(--enable-tor2web-mode, [support tor2web non-anonymous mode]),
[if test x$enableval = xyes; then
CFLAGS="$CFLAGS -D ENABLE_TOR2WEB_MODE=1"
fi])
AC_ARG_ENABLE(bufferevents,
- AS_HELP_STRING(--enable-bufferevents, use Libevent's buffered IO.))
+ AS_HELP_STRING(--enable-bufferevents, [use Libevent's buffered IO]))
AC_ARG_ENABLE(tool-name-check,
- AS_HELP_STRING(--disable-tool-name-check, check for sanely named toolchain when cross-compiling))
+ AS_HELP_STRING(--disable-tool-name-check, [check for sanely named toolchain when cross-compiling]))
AC_ARG_ENABLE(seccomp,
- AS_HELP_STRING(--disable-seccomp, do not attempt to use libseccomp))
+ AS_HELP_STRING(--disable-seccomp, [do not attempt to use libseccomp]))
AC_ARG_ENABLE(libscrypt,
- AS_HELP_STRING(--disable-libscrypt, do not attempt to use libscrypt))
+ AS_HELP_STRING(--disable-libscrypt, [do not attempt to use libscrypt]))
dnl check for the correct "ar" when cross-compiling
AN_MAKEVAR([AR], [AC_PROG_AR])
@@ -215,6 +215,8 @@ AC_PROG_CPP
AC_PROG_MAKE_SET
AC_PROG_RANLIB
+AC_PATH_PROG([PERL], [perl])
+
dnl autoconf 2.59 appears not to support AC_PROG_SED
AC_CHECK_PROG([SED],[sed],[sed],[/bin/false])
@@ -281,12 +283,9 @@ if test "$tor_cv_c_c99_designated_init" != "yes"; then
AC_MSG_ERROR([Your compiler doesn't support c99 designated initializers. This is required as of Tor 0.2.6.x])
fi
-AC_PATH_PROG([SHA1SUM], [sha1sum], none)
-AC_PATH_PROG([OPENSSL], [openssl], none)
-
TORUSER=_tor
AC_ARG_WITH(tor-user,
- [ --with-tor-user=NAME Specify username for tor daemon ],
+ AS_HELP_STRING(--with-tor-user=NAME, [specify username for tor daemon]),
[
TORUSER=$withval
]
@@ -295,7 +294,7 @@ AC_SUBST(TORUSER)
TORGROUP=_tor
AC_ARG_WITH(tor-group,
- [ --with-tor-group=NAME Specify group name for tor daemon ],
+ AS_HELP_STRING(--with-tor-group=NAME, [specify group name for tor daemon]),
[
TORGROUP=$withval
]
@@ -597,7 +596,7 @@ tor_openssl_devpkg_debian="libssl-dev"
ALT_openssl_WITHVAL=""
AC_ARG_WITH(ssl-dir,
- [ --with-ssl-dir=PATH Obsolete alias for --with-openssl-dir ],
+ AS_HELP_STRING(--with-ssl-dir=PATH, [obsolete alias for --with-openssl-dir]),
[
if test "x$withval" != xno && test "x$withval" != "x" ; then
ALT_openssl_WITHVAL="$withval"
@@ -1315,7 +1314,7 @@ fi
# Whether we should use the dmalloc memory allocation debugging library.
AC_MSG_CHECKING(whether to use dmalloc (debug memory allocation library))
AC_ARG_WITH(dmalloc,
-[ --with-dmalloc Use debug memory allocation library. ],
+AS_HELP_STRING(--with-dmalloc, [use debug memory allocation library]),
[if [[ "$withval" = "yes" ]]; then
dmalloc=1
AC_MSG_RESULT(yes)
@@ -1333,7 +1332,7 @@ if [[ $dmalloc -eq 1 ]]; then
fi
AC_ARG_WITH(tcmalloc,
-[ --with-tcmalloc Use tcmalloc memory allocation library. ],
+AS_HELP_STRING(--with-tcmalloc, [use tcmalloc memory allocation library]),
[ tcmalloc=yes ], [ tcmalloc=no ])
if test x$tcmalloc = xyes ; then
@@ -1363,7 +1362,7 @@ AC_CHECK_DECLS([mlockall], , , [
# Allow user to specify an alternate syslog facility
AC_ARG_WITH(syslog-facility,
-[ --with-syslog-facility=LOG syslog facility to use (default=LOG_DAEMON)],
+AS_HELP_STRING(--with-syslog-facility=LOG, [syslog facility to use (default=LOG_DAEMON)]),
syslog_facility="$withval", syslog_facility="LOG_DAEMON")
AC_DEFINE_UNQUOTED(LOGFACILITY,$syslog_facility,[name of the syslog facility])
AC_SUBST(LOGFACILITY)
@@ -1661,6 +1660,8 @@ AC_CONFIG_FILES([
contrib/dist/tor.service
src/config/torrc.sample
src/config/torrc.minimal
+ scripts/maint/checkOptionDocs.pl
+ scripts/maint/updateVersions.pl
])
if test x$asciidoc = xtrue && test "$ASCIIDOC" = "none" ; then
@@ -1682,7 +1683,3 @@ if test x$asciidoc = xtrue && test "$ASCIIDOC" = "none" ; then
fi
AC_OUTPUT
-
-if test -x /usr/bin/perl && test -x ./scripts/maint/updateVersions.pl ; then
- ./scripts/maint/updateVersions.pl
-fi
diff --git a/contrib/dist/tor.service.in b/contrib/dist/tor.service.in
index c251158d9a..8ed5ad227a 100644
--- a/contrib/dist/tor.service.in
+++ b/contrib/dist/tor.service.in
@@ -1,17 +1,17 @@
+# tor.service -- this systemd configuration file for Tor sets up a
+# relatively conservative, hardened Tor service. You may need to
+# edit it if you are making changes to your Tor configuration that it
+# does not allow. Package maintainers: this should be a starting point
+# for your tor.service; it is not the last point.
+
[Unit]
Description = Anonymizing overlay network for TCP
After = syslog.target network.target nss-lookup.target
-[Service]
-Type = notify
-NotifyAccess = all
-ExecStartPre = @BINDIR@/tor -f @CONFDIR@/torrc --verify-config
-ExecStart = @BINDIR@/tor -f @CONFDIR@/torrc
-ExecReload = /bin/kill -HUP ${MAINPID}
-KillSignal = SIGINT
-TimeoutSec = 30
-Restart = on-failure
-WatchdogSec = 1m
+[Service] Type = notify NotifyAccess = all ExecStartPre = @BINDIR@/tor
+-f @CONFDIR@/torrc --verify-config ExecStart = @BINDIR@/tor -f
+@CONFDIR@/torrc ExecReload = /bin/kill -HUP ${MAINPID} KillSignal =
+SIGINT TimeoutSec = 30 Restart = on-failure WatchdogSec = 1m
LimitNOFILE = 32768
# Hardening
diff --git a/contrib/win32build/tor-mingw.nsi.in b/contrib/win32build/tor-mingw.nsi.in
index dda8244485..7729703579 100644
--- a/contrib/win32build/tor-mingw.nsi.in
+++ b/contrib/win32build/tor-mingw.nsi.in
@@ -8,7 +8,7 @@
!include "LogicLib.nsh"
!include "FileFunc.nsh"
!insertmacro GetParameters
-!define VERSION "0.2.6.6"
+!define VERSION "0.2.7.0-alpha-dev"
!define INSTALLER "tor-${VERSION}-win32.exe"
!define WEBSITE "https://www.torproject.org/"
!define LICENSE "LICENSE"
diff --git a/doc/HACKING b/doc/HACKING
index 5c71b74bd1..bd5290305c 100644
--- a/doc/HACKING
+++ b/doc/HACKING
@@ -61,9 +61,10 @@ it's a bugfix, mention what bug it fixes and when the bug was
introduced. To find out which Git tag the change was introduced in,
you can use "git describe --contains <sha1 of commit>".
-If at all possible, try to create this file in the same commit where
-you are making the change. Please give it a distinctive name that no
-other branch will use for the lifetime of your change.
+If at all possible, try to create this file in the same commit where you are
+making the change. Please give it a distinctive name that no other branch will
+use for the lifetime of your change. To verify the format of the changes file,
+you can use "make check-changes".
When we go to make a release, we will concatenate all the entries
in changes to make a draft changelog, and clear the directory. We'll
@@ -563,6 +564,10 @@ on dist-master.
8b) Edit "include/versions.wmi" and "Makefile" to note the new version.
9) Email the packagers (cc'ing tor-assistants) that a new tarball is up.
+ The current list of packagers is:
+ {weasel,gk,mikeperry} at torproject dot org
+ {blueness} at gentoo dot org
+ {paul} at invizbox dot io
10) Add the version number to Trac. To do this, go to Trac, log in,
select "Admin" near the top of the screen, then select "Versions" from
diff --git a/doc/include.am b/doc/include.am
index 30d3e20d83..783aa95c4e 100644
--- a/doc/include.am
+++ b/doc/include.am
@@ -64,14 +64,14 @@ doc/tor-gencert.html.in: doc/tor-gencert.1.txt
doc/tor-resolve.html.in: doc/tor-resolve.1.txt
doc/tor-fw-helper.html.in: doc/tor-fw-helper.1.txt
-# use ../config.status to swap all machine-specific magic strings
+# use config.status to swap all machine-specific magic strings
# in the asciidoc with their replacements.
$(asciidoc_product) :
$(AM_V_GEN)$(MKDIR_P) $(@D)
$(AM_V_at)if test -e $(top_srcdir)/$@.in && ! test -e $@.in ; then \
cp $(top_srcdir)/$@.in $@; \
fi
- $(AM_V_at)./config.status -q --file=$@;
+ $(AM_V_at)$(top_builddir)/config.status -q --file=$@;
doc/tor.html: doc/tor.html.in
doc/tor-gencert.html: doc/tor-gencert.html.in
diff --git a/doc/tor.1.txt b/doc/tor.1.txt
index e136bd0f7e..ed7cff9866 100644
--- a/doc/tor.1.txt
+++ b/doc/tor.1.txt
@@ -371,12 +371,6 @@ GENERAL OPTIONS
chosen with their regular weights, multiplied by this number, which
should be 1.0 or less. (Default: 1.0)
-[[DynamicDHGroups]] **DynamicDHGroups** **0**|**1**::
- If this option is set to 1, when running as a server, generate our
- own Diffie-Hellman group instead of using the one from Apache's mod_ssl.
- This option may help circumvent censorship based on static
- Diffie-Hellman parameters. (Default: 0)
-
[[AlternateDirAuthority]] **AlternateDirAuthority** [__nickname__] [**flags**] __address__:__port__ __fingerprint__ +
[[AlternateBridgeAuthority]] **AlternateBridgeAuthority** [__nickname__] [**flags**] __address__:__port__ __ fingerprint__::
@@ -1311,7 +1305,7 @@ The following options are useful only for clients (that is, if
[[DownloadExtraInfo]] **DownloadExtraInfo** **0**|**1**::
If true, Tor downloads and caches "extra-info" documents. These documents
contain information about servers other than the information in their
- regular router descriptors. Tor does not use this information for anything
+ regular server descriptors. Tor does not use this information for anything
itself; to save bandwidth, leave this option turned off. (Default: 0)
[[WarnPlaintextPorts]] **WarnPlaintextPorts** __port__,__port__,__...__::
@@ -1490,8 +1484,8 @@ is non-zero):
[[BridgeRelay]] **BridgeRelay** **0**|**1**::
Sets the relay to act as a "bridge" with respect to relaying connections
from bridge users to the Tor network. It mainly causes Tor to publish a
- server descriptor to the bridge database, rather than publishing a relay
- descriptor to the public directory authorities.
+ server descriptor to the bridge database, rather than
+ to the public directory authorities.
[[ContactInfo]] **ContactInfo** __email_address__::
Administrative contact information for this relay or bridge. This line
@@ -1929,7 +1923,7 @@ on the public Tor network.
[[BridgeAuthoritativeDir]] **BridgeAuthoritativeDir** **0**|**1**::
When this option is set in addition to **AuthoritativeDirectory**, Tor
- accepts and serves router descriptors, but it caches and serves the main
+ accepts and serves server descriptors, but it caches and serves the main
networkstatus documents rather than generating its own. (Default: 0)
[[MinUptimeHidServDirectoryV2]] **MinUptimeHidServDirectoryV2** __N__ **seconds**|**minutes**|**hours**|**days**|**weeks**::
@@ -1948,9 +1942,9 @@ on the public Tor network.
in the "params" line of its networkstatus vote.
[[DirAllowPrivateAddresses]] **DirAllowPrivateAddresses** **0**|**1**::
- If set to 1, Tor will accept router descriptors with arbitrary "Address"
+ If set to 1, Tor will accept server descriptors with arbitrary "Address"
elements. Otherwise, if the address is not an IP address or is a private IP
- address, it will reject the router descriptor. (Default: 0)
+ address, it will reject the server descriptor. (Default: 0)
[[AuthDirBadExit]] **AuthDirBadExit** __AddressPattern...__::
Authoritative directories only. A set of address patterns for servers that
@@ -2212,7 +2206,7 @@ The following options are used for running a testing Tor network.
that **TestingTorNetwork** is set. (Default: 30 minutes)
[[TestingEstimatedDescriptorPropagationTime]] **TestingEstimatedDescriptorPropagationTime** __N__ **minutes**|**hours**::
- Clients try downloading router descriptors from directory caches after this
+ Clients try downloading server descriptors from directory caches after this
time. Changing this requires that **TestingTorNetwork** is set. (Default:
10 minutes)
@@ -2260,7 +2254,7 @@ The following options are used for running a testing Tor network.
this requires that **TestingTorNetwork** is set. (Default: 8)
[[TestingDescriptorMaxDownloadTries]] **TestingDescriptorMaxDownloadTries** __NUM__::
- Try this often to download a router descriptor before giving up.
+ Try this often to download a server descriptor before giving up.
Changing this requires that **TestingTorNetwork** is set. (Default: 8)
[[TestingMicrodescMaxDownloadTries]] **TestingMicrodescMaxDownloadTries** __NUM__::
@@ -2402,7 +2396,7 @@ __DataDirectory__**/state**::
below).
- When the file was last written
- What version of Tor generated the state file
- - A short history of bandwidth usage, as produced in the router
+ - A short history of bandwidth usage, as produced in the server
descriptors.
__DataDirectory__**/bw_accounting**::
@@ -2447,7 +2441,7 @@ __DataDirectory__**/unverified-microdesc-consensus**::
to check yet.
__DataDirectory__**/unparseable-desc**::
- Onion router descriptors that Tor was unable to parse are dumped to this
+ Onion server descriptors that Tor was unable to parse are dumped to this
file. Only used for debugging.
__DataDirectory__**/router-stability**::
diff --git a/scripts/maint/checkOptionDocs.pl b/scripts/maint/checkOptionDocs.pl.in
index 94307c6cef..1f53adf099 100755..100644
--- a/scripts/maint/checkOptionDocs.pl
+++ b/scripts/maint/checkOptionDocs.pl.in
@@ -7,7 +7,7 @@ my %torrcSampleOptions = ();
my %manPageOptions = ();
# Load the canonical list as actually accepted by Tor.
-open(F, "./src/or/tor --list-torrc-options |") or die;
+open(F, "@abs_top_builddir@/src/or/tor --list-torrc-options |") or die;
while (<F>) {
next if m!\[notice\] Tor v0\.!;
if (m!^([A-Za-z0-9_]+)!) {
@@ -34,12 +34,12 @@ sub loadTorrc {
0;
}
-loadTorrc("./src/config/torrc.sample.in", \%torrcSampleOptions);
+loadTorrc("@abs_top_srcdir@/src/config/torrc.sample.in", \%torrcSampleOptions);
# Try to figure out what's in the man page.
my $considerNextLine = 0;
-open(F, "./doc/tor.1.txt") or die;
+open(F, "@abs_top_srcdir@/doc/tor.1.txt") or die;
while (<F>) {
if (m!^(?:\[\[([A-za-z0-9_]+)\]\] *)?\*\*([A-Za-z0-9_]+)\*\*!) {
$manPageOptions{$2} = 1;
@@ -67,5 +67,3 @@ subtractHashes("Orphaned in torrc.sample.in", \%torrcSampleOptions, \%options);
subtractHashes("Not in man page", \%options, \%manPageOptions);
subtractHashes("Orphaned in man page", \%manPageOptions, \%options);
-
-
diff --git a/scripts/maint/lintChanges.py b/scripts/maint/lintChanges.py
index 69963aea28..c2fc01d2bf 100755
--- a/scripts/maint/lintChanges.py
+++ b/scripts/maint/lintChanges.py
@@ -1,19 +1,22 @@
#!/usr/bin/python
+from __future__ import print_function
+from __future__ import with_statement
import sys
import re
-
+import os
def lintfile(fname):
have_warned = []
+
def warn(s):
if not have_warned:
have_warned.append(1)
- print fname,":"
- print "\t",s
+ print("{}:".format(fname))
+ print("\t{}".format(s))
- m = re.search(r'(\d{3,})', fname)
+ m = re.search(r'(\d{3,})', os.path.basename(fname))
if m:
bugnum = m.group(1)
else:
@@ -23,12 +26,12 @@ def lintfile(fname):
contents = f.read()
if bugnum and bugnum not in contents:
- warn("bug number %s does not appear"%bugnum)
+ warn("bug number {} does not appear".format(bugnum))
lines = contents.split("\n")
isBug = ("bug" in lines[0] or "fix" in lines[0])
- if not re.match(r'^ +o (.*)', contents):
+ if not re.match(r'^[ ]{2}o (.*)', contents):
warn("header not in format expected")
contents = " ".join(contents.split())
@@ -44,11 +47,12 @@ def lintfile(fname):
if re.search(r'[bB]ug (\d+)', contents):
if not re.search(r'[Bb]ugfix on ', contents):
warn("bugfix does not say 'bugfix on X.Y.Z'")
- elif not re.search('[fF]ixes ([a-z ]*)bug (\d+); bugfix on ', contents):
+ elif not re.search('[fF]ixes ([a-z ]*)bug (\d+); bugfix on ',
+ contents):
warn("bugfix incant is not semicoloned")
-if __name__=='__main__':
+if __name__ == '__main__':
for fname in sys.argv[1:]:
if fname.endswith("~"):
continue
diff --git a/scripts/maint/updateVersions.pl b/scripts/maint/updateVersions.pl.in
index 15c83b80a7..65c51a1f2d 100755
--- a/scripts/maint/updateVersions.pl
+++ b/scripts/maint/updateVersions.pl.in
@@ -1,8 +1,8 @@
#!/usr/bin/perl -w
-$CONFIGURE_IN = './configure.ac';
-$ORCONFIG_H = './src/win32/orconfig.h';
-$TOR_NSI = './contrib/win32build/tor-mingw.nsi.in';
+$CONFIGURE_IN = '@abs_top_srcdir@/configure.ac';
+$ORCONFIG_H = '@abs_top_srcdir@/src/win32/orconfig.h';
+$TOR_NSI = '@abs_top_srcdir@/contrib/win32build/tor-mingw.nsi.in';
$quiet = 1;
diff --git a/src/common/address.c b/src/common/address.c
index 42a116a91e..6bd107889a 100644
--- a/src/common/address.c
+++ b/src/common/address.c
@@ -1504,47 +1504,22 @@ tor_addr_is_multicast(const tor_addr_t *a)
return 0;
}
-/** Set *<b>addr</b> to the IP address (if any) of whatever interface
- * connects to the Internet. This address should only be used in checking
- * whether our address has changed. Return 0 on success, -1 on failure.
+/** Attempt to retrieve IP address of current host by utilizing some
+ * UDP socket trickery. Only look for address of given <b>family</b>.
+ * Set result to *<b>addr</b>. Return 0 on success, -1 on failure.
*/
-MOCK_IMPL(int,
-get_interface_address6,(int severity, sa_family_t family, tor_addr_t *addr))
+STATIC int
+get_interface_address6_via_udp_socket_hack(int severity,
+ sa_family_t family,
+ tor_addr_t *addr)
{
- /* XXX really, this function should yield a smartlist of addresses. */
- smartlist_t *addrs;
- int sock=-1, r=-1;
struct sockaddr_storage my_addr, target_addr;
+ int sock=-1, r=-1;
socklen_t addr_len;
- tor_assert(addr);
-
- /* Try to do this the smart way if possible. */
- if ((addrs = get_interface_addresses_raw(severity))) {
- int rv = -1;
- SMARTLIST_FOREACH_BEGIN(addrs, tor_addr_t *, a) {
- if (family != AF_UNSPEC && family != tor_addr_family(a))
- continue;
- if (tor_addr_is_loopback(a) ||
- tor_addr_is_multicast(a))
- continue;
- tor_addr_copy(addr, a);
- rv = 0;
-
- /* If we found a non-internal address, declare success. Otherwise,
- * keep looking. */
- if (!tor_addr_is_internal(a, 0))
- break;
- } SMARTLIST_FOREACH_END(a);
-
- SMARTLIST_FOREACH(addrs, tor_addr_t *, a, tor_free(a));
- smartlist_free(addrs);
- return rv;
- }
-
- /* Okay, the smart way is out. */
memset(addr, 0, sizeof(tor_addr_t));
memset(&target_addr, 0, sizeof(target_addr));
+
/* Don't worry: no packets are sent. We just need to use a real address
* on the actual Internet. */
if (family == AF_INET6) {
@@ -1566,6 +1541,7 @@ get_interface_address6,(int severity, sa_family_t family, tor_addr_t *addr))
} else {
return -1;
}
+
if (sock < 0) {
int e = tor_socket_errno(-1);
log_fn(severity, LD_NET, "unable to create socket: %s",
@@ -1573,27 +1549,74 @@ get_interface_address6,(int severity, sa_family_t family, tor_addr_t *addr))
goto err;
}
- if (connect(sock,(struct sockaddr *)&target_addr, addr_len) < 0) {
+ if (tor_connect_socket(sock,(struct sockaddr *)&target_addr,
+ addr_len) < 0) {
int e = tor_socket_errno(sock);
log_fn(severity, LD_NET, "connect() failed: %s", tor_socket_strerror(e));
goto err;
}
- if (getsockname(sock,(struct sockaddr*)&my_addr, &addr_len)) {
+ if (tor_getsockname(sock,(struct sockaddr*)&my_addr, &addr_len)) {
int e = tor_socket_errno(sock);
log_fn(severity, LD_NET, "getsockname() to determine interface failed: %s",
tor_socket_strerror(e));
goto err;
}
- tor_addr_from_sockaddr(addr, (struct sockaddr*)&my_addr, NULL);
- r=0;
+ if (tor_addr_from_sockaddr(addr, (struct sockaddr*)&my_addr, NULL) == 0) {
+ if (tor_addr_is_loopback(addr) || tor_addr_is_multicast(addr)) {
+ log_fn(severity, LD_NET, "Address that we determined via UDP socket"
+ " magic is unsuitable for public comms.");
+ } else {
+ r=0;
+ }
+ }
+
err:
if (sock >= 0)
tor_close_socket(sock);
return r;
}
+/** Set *<b>addr</b> to the IP address (if any) of whatever interface
+ * connects to the Internet. This address should only be used in checking
+ * whether our address has changed. Return 0 on success, -1 on failure.
+ */
+MOCK_IMPL(int,
+get_interface_address6,(int severity, sa_family_t family, tor_addr_t *addr))
+{
+ /* XXX really, this function should yield a smartlist of addresses. */
+ smartlist_t *addrs;
+ tor_assert(addr);
+
+ /* Try to do this the smart way if possible. */
+ if ((addrs = get_interface_addresses_raw(severity))) {
+ int rv = -1;
+ SMARTLIST_FOREACH_BEGIN(addrs, tor_addr_t *, a) {
+ if (family != AF_UNSPEC && family != tor_addr_family(a))
+ continue;
+ if (tor_addr_is_loopback(a) ||
+ tor_addr_is_multicast(a))
+ continue;
+
+ tor_addr_copy(addr, a);
+ rv = 0;
+
+ /* If we found a non-internal address, declare success. Otherwise,
+ * keep looking. */
+ if (!tor_addr_is_internal(a, 0))
+ break;
+ } SMARTLIST_FOREACH_END(a);
+
+ SMARTLIST_FOREACH(addrs, tor_addr_t *, a, tor_free(a));
+ smartlist_free(addrs);
+ return rv;
+ }
+
+ /* Okay, the smart way is out. */
+ return get_interface_address6_via_udp_socket_hack(severity,family,addr);
+}
+
/* ======
* IPv4 helpers
* XXXX024 IPv6 deprecate some of these.
diff --git a/src/common/address.h b/src/common/address.h
index df835e917a..cd80615f93 100644
--- a/src/common/address.h
+++ b/src/common/address.h
@@ -274,6 +274,9 @@ tor_addr_port_t *tor_addr_port_new(const tor_addr_t *addr, uint16_t port);
#ifdef ADDRESS_PRIVATE
STATIC smartlist_t *get_interface_addresses_raw(int severity);
+STATIC int get_interface_address6_via_udp_socket_hack(int severity,
+ sa_family_t family,
+ tor_addr_t *addr);
#ifdef HAVE_IFADDRS_TO_SMARTLIST
STATIC smartlist_t *ifaddrs_to_smartlist(const struct ifaddrs *ifa);
diff --git a/src/common/aes.c b/src/common/aes.c
index 7651f1d93a..95026ddf6e 100644
--- a/src/common/aes.c
+++ b/src/common/aes.c
@@ -331,7 +331,7 @@ static void
aes_set_key(aes_cnt_cipher_t *cipher, const char *key, int key_bits)
{
if (should_use_EVP) {
- const EVP_CIPHER *c;
+ const EVP_CIPHER *c = 0;
switch (key_bits) {
case 128: c = EVP_aes_128_ecb(); break;
case 192: c = EVP_aes_192_ecb(); break;
diff --git a/src/common/compat.c b/src/common/compat.c
index 1788e32ee3..8da7ef3f69 100644
--- a/src/common/compat.c
+++ b/src/common/compat.c
@@ -1156,12 +1156,20 @@ mark_socket_open(tor_socket_t s)
/** @} */
/** As socket(), but counts the number of open sockets. */
-tor_socket_t
-tor_open_socket(int domain, int type, int protocol)
+MOCK_IMPL(tor_socket_t,
+tor_open_socket,(int domain, int type, int protocol))
{
return tor_open_socket_with_extensions(domain, type, protocol, 1, 0);
}
+/** Mockable wrapper for connect(). */
+MOCK_IMPL(tor_socket_t,
+tor_connect_socket,(tor_socket_t socket,const struct sockaddr *address,
+ socklen_t address_len))
+{
+ return connect(socket,address,address_len);
+}
+
/** As socket(), but creates a nonblocking socket and
* counts the number of open sockets. */
tor_socket_t
@@ -1308,6 +1316,14 @@ get_n_open_sockets(void)
return n;
}
+/** Mockable wrapper for getsockname(). */
+MOCK_IMPL(int,
+tor_getsockname,(tor_socket_t socket, struct sockaddr *address,
+ socklen_t *address_len))
+{
+ return getsockname(socket, address, address_len);
+}
+
/** Turn <b>socket</b> into a nonblocking socket. Return 0 on success, -1
* on failure.
*/
diff --git a/src/common/compat.h b/src/common/compat.h
index 11b41cded9..5189b7e056 100644
--- a/src/common/compat.h
+++ b/src/common/compat.h
@@ -463,7 +463,8 @@ int tor_close_socket(tor_socket_t s);
tor_socket_t tor_open_socket_with_extensions(
int domain, int type, int protocol,
int cloexec, int nonblock);
-tor_socket_t tor_open_socket(int domain, int type, int protocol);
+MOCK_DECL(tor_socket_t,
+tor_open_socket,(int domain, int type, int protocol));
tor_socket_t tor_open_socket_nonblocking(int domain, int type, int protocol);
tor_socket_t tor_accept_socket(tor_socket_t sockfd, struct sockaddr *addr,
socklen_t *len);
@@ -474,8 +475,15 @@ tor_socket_t tor_accept_socket_with_extensions(tor_socket_t sockfd,
struct sockaddr *addr,
socklen_t *len,
int cloexec, int nonblock);
+MOCK_DECL(tor_socket_t,
+tor_connect_socket,(tor_socket_t socket,const struct sockaddr *address,
+ socklen_t address_len));
int get_n_open_sockets(void);
+MOCK_DECL(int,
+tor_getsockname,(tor_socket_t socket, struct sockaddr *address,
+ socklen_t *address_len));
+
#define tor_socket_send(s, buf, len, flags) send(s, buf, len, flags)
#define tor_socket_recv(s, buf, len, flags) recv(s, buf, len, flags)
diff --git a/src/common/compat_pthreads.c b/src/common/compat_pthreads.c
index 246076b276..fdc504690b 100644
--- a/src/common/compat_pthreads.c
+++ b/src/common/compat_pthreads.c
@@ -91,10 +91,9 @@ static pthread_mutexattr_t attr_recursive;
void
tor_mutex_init(tor_mutex_t *mutex)
{
- int err;
if (PREDICT_UNLIKELY(!threads_initialized))
tor_threads_init();
- err = pthread_mutex_init(&mutex->mutex, &attr_recursive);
+ const int err = pthread_mutex_init(&mutex->mutex, &attr_recursive);
if (PREDICT_UNLIKELY(err)) {
log_err(LD_GENERAL, "Error %d creating a mutex.", err);
tor_fragile_assert();
@@ -278,12 +277,14 @@ tor_threads_init(void)
if (!threads_initialized) {
pthread_mutexattr_init(&attr_recursive);
pthread_mutexattr_settype(&attr_recursive, PTHREAD_MUTEX_RECURSIVE);
- tor_assert(0==pthread_attr_init(&attr_detached));
+ const int ret1 = pthread_attr_init(&attr_detached);
+ tor_assert(ret1 == 0);
#ifndef PTHREAD_CREATE_DETACHED
#define PTHREAD_CREATE_DETACHED 1
#endif
- tor_assert(0==pthread_attr_setdetachstate(&attr_detached,
- PTHREAD_CREATE_DETACHED));
+ const int ret2 =
+ pthread_attr_setdetachstate(&attr_detached, PTHREAD_CREATE_DETACHED);
+ tor_assert(ret2 == 0);
threads_initialized = 1;
set_main_thread();
}
diff --git a/src/common/crypto.c b/src/common/crypto.c
index 218c7bea1e..f05be2e8bf 100644
--- a/src/common/crypto.c
+++ b/src/common/crypto.c
@@ -51,9 +51,9 @@
#define CRYPTO_PRIVATE
#include "crypto.h"
-#include "../common/torlog.h"
+#include "torlog.h"
#include "aes.h"
-#include "../common/util.h"
+#include "util.h"
#include "container.h"
#include "compat.h"
#include "sandbox.h"
@@ -1768,235 +1768,12 @@ static BIGNUM *dh_param_p_tls = NULL;
/** Shared G parameter for our DH key exchanges. */
static BIGNUM *dh_param_g = NULL;
-/** Generate and return a reasonable and safe DH parameter p. */
-static BIGNUM *
-crypto_generate_dynamic_dh_modulus(void)
-{
- BIGNUM *dynamic_dh_modulus;
- DH *dh_parameters;
- int r, dh_codes;
- char *s;
-
- dynamic_dh_modulus = BN_new();
- tor_assert(dynamic_dh_modulus);
-
- dh_parameters = DH_new();
- tor_assert(dh_parameters);
-
- r = DH_generate_parameters_ex(dh_parameters,
- DH_BYTES*8, DH_GENERATOR, NULL);
- tor_assert(r == 0);
-
- r = DH_check(dh_parameters, &dh_codes);
- tor_assert(r && !dh_codes);
-
- BN_copy(dynamic_dh_modulus, dh_parameters->p);
- tor_assert(dynamic_dh_modulus);
-
- DH_free(dh_parameters);
-
- { /* log the dynamic DH modulus: */
- s = BN_bn2hex(dynamic_dh_modulus);
- tor_assert(s);
- log_info(LD_OR, "Dynamic DH modulus generated: [%s]", s);
- OPENSSL_free(s);
- }
-
- return dynamic_dh_modulus;
-}
-
-/** Store our dynamic DH modulus (and its group parameters) to
- <b>fname</b> for future use. */
-static int
-crypto_store_dynamic_dh_modulus(const char *fname)
-{
- int len, new_len;
- DH *dh = NULL;
- unsigned char *dh_string_repr = NULL;
- char *base64_encoded_dh = NULL;
- char *file_string = NULL;
- int retval = -1;
- static const char file_header[] = "# This file contains stored Diffie-"
- "Hellman parameters for future use.\n# You *do not* need to edit this "
- "file.\n\n";
-
- tor_assert(fname);
-
- if (!dh_param_p_tls) {
- log_info(LD_CRYPTO, "Tried to store a DH modulus that does not exist.");
- goto done;
- }
-
- if (!(dh = DH_new()))
- goto done;
- if (!(dh->p = BN_dup(dh_param_p_tls)))
- goto done;
- if (!(dh->g = BN_new()))
- goto done;
- if (!BN_set_word(dh->g, DH_GENERATOR))
- goto done;
-
- len = i2d_DHparams(dh, &dh_string_repr);
- if ((len < 0) || (dh_string_repr == NULL)) {
- log_warn(LD_CRYPTO, "Error occured while DER encoding DH modulus (2).");
- goto done;
- }
-
- base64_encoded_dh = tor_calloc(len, 2); /* should be enough */
- new_len = base64_encode(base64_encoded_dh, len * 2,
- (char *)dh_string_repr, len);
- if (new_len < 0) {
- log_warn(LD_CRYPTO, "Error occured while base64-encoding DH modulus.");
- goto done;
- }
-
- /* concatenate file header and the dh parameters blob */
- new_len = tor_asprintf(&file_string, "%s%s", file_header, base64_encoded_dh);
-
- /* write to file */
- if (write_bytes_to_new_file(fname, file_string, new_len, 0) < 0) {
- log_info(LD_CRYPTO, "'%s' was already occupied.", fname);
- goto done;
- }
-
- retval = 0;
-
- done:
- if (dh)
- DH_free(dh);
- if (dh_string_repr)
- OPENSSL_free(dh_string_repr);
- tor_free(base64_encoded_dh);
- tor_free(file_string);
-
- return retval;
-}
-
-/** Return the dynamic DH modulus stored in <b>fname</b>. If there is no
- dynamic DH modulus stored in <b>fname</b>, return NULL. */
-static BIGNUM *
-crypto_get_stored_dynamic_dh_modulus(const char *fname)
-{
- int retval;
- char *contents = NULL;
- const char *contents_tmp = NULL;
- int dh_codes;
- DH *stored_dh = NULL;
- BIGNUM *dynamic_dh_modulus = NULL;
- int length = 0;
- unsigned char *base64_decoded_dh = NULL;
- const unsigned char *cp = NULL;
-
- tor_assert(fname);
-
- contents = read_file_to_str(fname, RFTS_IGNORE_MISSING, NULL);
- if (!contents) {
- log_info(LD_CRYPTO, "Could not open file '%s'", fname);
- goto done; /*usually means that ENOENT. don't try to move file to broken.*/
- }
-
- /* skip the file header */
- contents_tmp = eat_whitespace(contents);
- if (!*contents_tmp) {
- log_warn(LD_CRYPTO, "Stored dynamic DH modulus file "
- "seems corrupted (eat_whitespace).");
- goto err;
- }
-
- /* 'fname' contains the DH parameters stored in base64-ed DER
- * format. We are only interested in the DH modulus.
- * NOTE: We allocate more storage here than we need. Since we're already
- * doing that, we can also add 1 byte extra to appease Coverity's
- * scanner. */
-
- cp = base64_decoded_dh = tor_malloc_zero(strlen(contents_tmp) + 1);
- length = base64_decode((char *)base64_decoded_dh, strlen(contents_tmp),
- contents_tmp, strlen(contents_tmp));
- if (length < 0) {
- log_warn(LD_CRYPTO, "Stored dynamic DH modulus seems corrupted (base64).");
- goto err;
- }
-
- stored_dh = d2i_DHparams(NULL, &cp, length);
- if ((!stored_dh) || (cp - base64_decoded_dh != length)) {
- log_warn(LD_CRYPTO, "Stored dynamic DH modulus seems corrupted (d2i).");
- goto err;
- }
-
- { /* check the cryptographic qualities of the stored dynamic DH modulus: */
- retval = DH_check(stored_dh, &dh_codes);
- if (!retval || dh_codes) {
- log_warn(LD_CRYPTO, "Stored dynamic DH modulus is not a safe prime.");
- goto err;
- }
-
- retval = DH_size(stored_dh);
- if (retval < DH_BYTES) {
- log_warn(LD_CRYPTO, "Stored dynamic DH modulus is smaller "
- "than '%d' bits.", DH_BYTES*8);
- goto err;
- }
-
- if (!BN_is_word(stored_dh->g, 2)) {
- log_warn(LD_CRYPTO, "Stored dynamic DH parameters do not use '2' "
- "as the group generator.");
- goto err;
- }
- }
-
- { /* log the dynamic DH modulus: */
- char *s = BN_bn2hex(stored_dh->p);
- tor_assert(s);
- log_info(LD_OR, "Found stored dynamic DH modulus: [%s]", s);
- OPENSSL_free(s);
- }
-
- goto done;
-
- err:
-
- {
- /* move broken prime to $filename.broken */
- char *fname_new=NULL;
- tor_asprintf(&fname_new, "%s.broken", fname);
-
- log_warn(LD_CRYPTO, "Moving broken dynamic DH prime to '%s'.", fname_new);
-
- if (replace_file(fname, fname_new))
- log_notice(LD_CRYPTO, "Error while moving '%s' to '%s'.",
- fname, fname_new);
-
- tor_free(fname_new);
- }
-
- if (stored_dh) {
- DH_free(stored_dh);
- stored_dh = NULL;
- }
-
- done:
- tor_free(contents);
- tor_free(base64_decoded_dh);
-
- if (stored_dh) {
- dynamic_dh_modulus = BN_dup(stored_dh->p);
- DH_free(stored_dh);
- }
-
- return dynamic_dh_modulus;
-}
-
-/** Set the global TLS Diffie-Hellman modulus.
- * If <b>dynamic_dh_modulus_fname</b> is set, try to read a dynamic DH modulus
- * off it and use it as the DH modulus. If that's not possible,
- * generate a new dynamic DH modulus.
- * If <b>dynamic_dh_modulus_fname</b> is NULL, use the Apache mod_ssl DH
+/** Set the global TLS Diffie-Hellman modulus. Use the Apache mod_ssl DH
* modulus. */
void
-crypto_set_tls_dh_prime(const char *dynamic_dh_modulus_fname)
+crypto_set_tls_dh_prime(void)
{
BIGNUM *tls_prime = NULL;
- int store_dh_prime_afterwards = 0;
int r;
/* If the space is occupied, free the previous TLS DH prime */
@@ -2005,44 +1782,24 @@ crypto_set_tls_dh_prime(const char *dynamic_dh_modulus_fname)
dh_param_p_tls = NULL;
}
- if (dynamic_dh_modulus_fname) { /* use dynamic DH modulus: */
- log_info(LD_OR, "Using stored dynamic DH modulus.");
- tls_prime = crypto_get_stored_dynamic_dh_modulus(dynamic_dh_modulus_fname);
-
- if (!tls_prime) {
- log_notice(LD_OR, "Generating fresh dynamic DH modulus. "
- "This might take a while...");
- tls_prime = crypto_generate_dynamic_dh_modulus();
+ tls_prime = BN_new();
+ tor_assert(tls_prime);
- store_dh_prime_afterwards++;
- }
- } else { /* use the static DH prime modulus used by Apache in mod_ssl: */
- tls_prime = BN_new();
- tor_assert(tls_prime);
-
- /* This is the 1024-bit safe prime that Apache uses for its DH stuff; see
- * modules/ssl/ssl_engine_dh.c; Apache also uses a generator of 2 with this
- * prime.
- */
- r =BN_hex2bn(&tls_prime,
- "D67DE440CBBBDC1936D693D34AFD0AD50C84D239A45F520BB88174CB98"
- "BCE951849F912E639C72FB13B4B4D7177E16D55AC179BA420B2A29FE324A"
- "467A635E81FF5901377BEDDCFD33168A461AAD3B72DAE8860078045B07A7"
- "DBCA7874087D1510EA9FCC9DDD330507DD62DB88AEAA747DE0F4D6E2BD68"
- "B0E7393E0F24218EB3");
- tor_assert(r);
- }
+ /* This is the 1024-bit safe prime that Apache uses for its DH stuff; see
+ * modules/ssl/ssl_engine_dh.c; Apache also uses a generator of 2 with this
+ * prime.
+ */
+ r = BN_hex2bn(&tls_prime,
+ "D67DE440CBBBDC1936D693D34AFD0AD50C84D239A45F520BB88174CB98"
+ "BCE951849F912E639C72FB13B4B4D7177E16D55AC179BA420B2A29FE324A"
+ "467A635E81FF5901377BEDDCFD33168A461AAD3B72DAE8860078045B07A7"
+ "DBCA7874087D1510EA9FCC9DDD330507DD62DB88AEAA747DE0F4D6E2BD68"
+ "B0E7393E0F24218EB3");
+ tor_assert(r);
tor_assert(tls_prime);
dh_param_p_tls = tls_prime;
-
- if (store_dh_prime_afterwards)
- /* save the new dynamic DH modulus to disk. */
- if (crypto_store_dynamic_dh_modulus(dynamic_dh_modulus_fname)) {
- log_notice(LD_CRYPTO, "Failed while storing dynamic DH modulus. "
- "Make sure your data directory is sane.");
- }
}
/** Initialize dh_param_p and dh_param_g if they are not already
@@ -2079,10 +1836,8 @@ init_dh_param(void)
dh_param_p = circuit_dh_prime;
dh_param_g = generator;
- /* Ensure that we have TLS DH parameters set up, too, even if we're
- going to change them soon. */
if (!dh_param_p_tls) {
- crypto_set_tls_dh_prime(NULL);
+ crypto_set_tls_dh_prime();
}
}
diff --git a/src/common/crypto.h b/src/common/crypto.h
index d305bc17a0..440ff23ee8 100644
--- a/src/common/crypto.h
+++ b/src/common/crypto.h
@@ -122,8 +122,7 @@ int crypto_global_cleanup(void);
crypto_pk_t *crypto_pk_new(void);
void crypto_pk_free(crypto_pk_t *env);
-void crypto_set_tls_dh_prime(const char *dynamic_dh_modulus_fname);
-
+void crypto_set_tls_dh_prime(void);
crypto_cipher_t *crypto_cipher_new(const char *key);
crypto_cipher_t *crypto_cipher_new_with_iv(const char *key, const char *iv);
void crypto_cipher_free(crypto_cipher_t *env);
@@ -297,4 +296,3 @@ struct dh_st *crypto_dh_get_dh_(crypto_dh_t *dh);
void crypto_add_spaces_to_fp(char *out, size_t outlen, const char *in);
#endif
-
diff --git a/src/common/include.am b/src/common/include.am
index 5b63392541..b782310663 100644
--- a/src/common/include.am
+++ b/src/common/include.am
@@ -11,9 +11,7 @@ noinst_LIBRARIES += \
src/common/libor-event-testing.a
endif
-EXTRA_DIST+= \
- src/common/common_sha1.i \
- src/common/Makefile.nmake
+EXTRA_DIST += src/common/Makefile.nmake
#CFLAGS = -Wall -Wpointer-arith -O2
AM_CPPFLAGS += -I$(srcdir)/src/common -Isrc/common -I$(srcdir)/src/ext/trunnel -I$(srcdir)/src/trunnel
@@ -63,7 +61,6 @@ LIBOR_A_SOURCES = \
src/common/log.c \
src/common/memarea.c \
src/common/util.c \
- src/common/util_codedigest.c \
src/common/util_process.c \
src/common/sandbox.c \
src/common/workqueue.c \
@@ -72,6 +69,8 @@ LIBOR_A_SOURCES = \
$(libor_extra_source) \
$(threads_impl_source)
+src/common/log.o: micro-revision.i
+
LIBOR_CRYPTO_A_SOURCES = \
src/common/aes.c \
src/common/crypto.c \
@@ -96,9 +95,9 @@ src_common_libor_testing_a_SOURCES = $(LIBOR_A_SOURCES)
src_common_libor_crypto_testing_a_SOURCES = $(LIBOR_CRYPTO_A_SOURCES)
src_common_libor_event_testing_a_SOURCES = $(LIBOR_EVENT_A_SOURCES)
-src_common_libor_testing_a_CPPFLAGS = -DTOR_UNIT_TESTS $(AM_CPPFLAGS)
-src_common_libor_crypto_testing_a_CPPFLAGS = -DTOR_UNIT_TESTS $(AM_CPPFLAGS)
-src_common_libor_event_testing_a_CPPFLAGS = -DTOR_UNIT_TESTS $(AM_CPPFLAGS)
+src_common_libor_testing_a_CPPFLAGS = $(AM_CPPFLAGS) $(TEST_CPPFLAGS)
+src_common_libor_crypto_testing_a_CPPFLAGS = $(AM_CPPFLAGS) $(TEST_CPPFLAGS)
+src_common_libor_event_testing_a_CPPFLAGS = $(AM_CPPFLAGS) $(TEST_CPPFLAGS)
src_common_libor_testing_a_CFLAGS = $(AM_CFLAGS) $(TEST_CFLAGS)
src_common_libor_crypto_testing_a_CFLAGS = $(AM_CFLAGS) $(TEST_CFLAGS)
src_common_libor_event_testing_a_CFLAGS = $(AM_CFLAGS) $(TEST_CFLAGS)
@@ -133,17 +132,3 @@ COMMONHEADERS = \
noinst_HEADERS+= $(COMMONHEADERS)
-DISTCLEANFILES+= src/common/common_sha1.i
-
-src/common/common_sha1.i: $(libor_SOURCES) $(libor_crypto_a_SOURCES) $(COMMONHEADERS)
- $(AM_V_GEN)if test "@SHA1SUM@" != none; then \
- (cd "$(srcdir)" && "@SHA1SUM@" $(src_common_libor_SOURCES) $(src_common_libor_crypto_a_SOURCES) $(COMMONHEADERS)) | "@SED@" -n 's/^\(.*\)$$/"\1\\n"/p' > $@; \
- elif test "@OPENSSL@" != none; then \
- (cd "$(srcdir)" && "@OPENSSL@" sha1 $(src_common_libor_SOURCES) $(src_Common_libor_crypto_a_SOURCES) $(COMMONHEADERS)) | "@SED@" -n 's/SHA1(\(.*\))= \(.*\)/"\2 \1\\n"/p' > $@; \
- else \
- rm $@; \
- touch $@; \
- fi
-
-src/common/util_codedigest.o: src/common/common_sha1.i
-
diff --git a/src/common/log.c b/src/common/log.c
index e8cc30c312..4ad0bc3697 100644
--- a/src/common/log.c
+++ b/src/common/log.c
@@ -140,6 +140,9 @@ static size_t pending_startup_messages_len;
* configured. */
static int queue_startup_messages = 1;
+/** True iff __PRETTY_FUNCTION__ includes parenthesized arguments. */
+static int pretty_fn_has_parens = 0;
+
/** Don't store more than this many bytes of messages while waiting for the
* logs to get configured. */
#define MAX_STARTUP_MSG_LEN (1<<16)
@@ -263,6 +266,13 @@ log_tor_version(logfile_t *lf, int reset)
return 0;
}
+const char bug_suffix[] = " (on Tor " VERSION
+#ifndef _MSC_VER
+ " "
+#include "micro-revision.i"
+#endif
+ ")";
+
/** Helper: Format a log message into a fixed-sized buffer. (This is
* factored out of <b>logv</b> so that we never format a message more
* than once.) Return a pointer to the first character of the message
@@ -306,7 +316,9 @@ format_msg(char *buf, size_t buf_len,
}
if (funcname && should_log_function_name(domain, severity)) {
- r = tor_snprintf(buf+n, buf_len-n, "%s(): ", funcname);
+ r = tor_snprintf(buf+n, buf_len-n,
+ pretty_fn_has_parens ? "%s: " : "%s(): ",
+ funcname);
if (r<0)
n = strlen(buf);
else
@@ -341,6 +353,13 @@ format_msg(char *buf, size_t buf_len,
}
}
}
+
+ if (domain == LD_BUG &&
+ buf_len - n > strlen(bug_suffix)+1) {
+ memcpy(buf+n, bug_suffix, strlen(bug_suffix));
+ n += strlen(bug_suffix);
+ }
+
buf[n]='\n';
buf[n+1]='\0';
*msg_len_out = n+1;
@@ -925,6 +944,11 @@ init_logging(int disable_startup_queue)
tor_mutex_init(&log_mutex);
log_mutex_initialized = 1;
}
+#ifdef __GNUC__
+ if (strchr(__PRETTY_FUNCTION__, '(')) {
+ pretty_fn_has_parens = 1;
+ }
+#endif
if (pending_cb_messages == NULL)
pending_cb_messages = smartlist_new();
if (disable_startup_queue)
diff --git a/src/common/tortls.c b/src/common/tortls.c
index 97a82bf6e1..32106eb2df 100644
--- a/src/common/tortls.c
+++ b/src/common/tortls.c
@@ -789,7 +789,7 @@ const char UNRESTRICTED_SERVER_CIPHER_LIST[] =
/** List of ciphers that clients should advertise, omitting items that
* our OpenSSL doesn't know about. */
static const char CLIENT_CIPHER_LIST[] =
-#include "./ciphers.inc"
+#include "ciphers.inc"
/* Tell it not to use SSLv2 ciphers, so that it can select an SSLv3 version
* of any cipher we say. */
"!SSLv2"
@@ -804,7 +804,7 @@ typedef struct cipher_info_t { unsigned id; const char *name; } cipher_info_t;
static const cipher_info_t CLIENT_CIPHER_INFO_LIST[] = {
#define CIPHER(id, name) { id, name },
#define XCIPHER(id, name) { id, #name },
-#include "./ciphers.inc"
+#include "ciphers.inc"
#undef CIPHER
#undef XCIPHER
};
diff --git a/src/common/util.c b/src/common/util.c
index 442d57a2cf..f8d1b7be4b 100644
--- a/src/common/util.c
+++ b/src/common/util.c
@@ -95,6 +95,9 @@
#ifdef HAVE_SYS_WAIT_H
#include <sys/wait.h>
#endif
+#if defined(HAVE_SYS_PRCTL_H) && defined(__linux__)
+#include <sys/prctl.h>
+#endif
#ifdef __clang_analyzer__
#undef MALLOC_ZERO_WORKS
@@ -771,16 +774,6 @@ fast_memcmpstart(const void *mem, size_t memlen,
return fast_memcmp(mem, prefix, plen);
}
-/** Given a nul-terminated string s, set every character before the nul
- * to zero. */
-void
-tor_strclear(char *s)
-{
- while (*s) {
- *s++ = '\0';
- }
-}
-
/** Return a pointer to the first char of s that is not whitespace and
* not a comment, or to the terminating NUL if no such character exists.
*/
@@ -3949,9 +3942,11 @@ process_handle_new(void)
process_handle_t *out = tor_malloc_zero(sizeof(process_handle_t));
#ifdef _WIN32
+ out->stdin_pipe = INVALID_HANDLE_VALUE;
out->stdout_pipe = INVALID_HANDLE_VALUE;
out->stderr_pipe = INVALID_HANDLE_VALUE;
#else
+ out->stdin_pipe = -1;
out->stdout_pipe = -1;
out->stderr_pipe = -1;
#endif
@@ -3991,7 +3986,7 @@ process_handle_waitpid_cb(int status, void *arg)
#define CHILD_STATE_FORK 3
#define CHILD_STATE_DUPOUT 4
#define CHILD_STATE_DUPERR 5
-#define CHILD_STATE_REDIRECT 6
+#define CHILD_STATE_DUPIN 6
#define CHILD_STATE_CLOSEFD 7
#define CHILD_STATE_EXEC 8
#define CHILD_STATE_FAILEXEC 9
@@ -4025,6 +4020,8 @@ tor_spawn_background(const char *const filename, const char **argv,
HANDLE stdout_pipe_write = NULL;
HANDLE stderr_pipe_read = NULL;
HANDLE stderr_pipe_write = NULL;
+ HANDLE stdin_pipe_read = NULL;
+ HANDLE stdin_pipe_write = NULL;
process_handle_t *process_handle;
int status;
@@ -4070,6 +4067,20 @@ tor_spawn_background(const char *const filename, const char **argv,
return status;
}
+ /* Set up pipe for stdin */
+ if (!CreatePipe(&stdin_pipe_read, &stdin_pipe_write, &saAttr, 0)) {
+ log_warn(LD_GENERAL,
+ "Failed to create pipe for stdin communication with child process: %s",
+ format_win32_error(GetLastError()));
+ return status;
+ }
+ if (!SetHandleInformation(stdin_pipe_write, HANDLE_FLAG_INHERIT, 0)) {
+ log_warn(LD_GENERAL,
+ "Failed to configure pipe for stdin communication with child "
+ "process: %s", format_win32_error(GetLastError()));
+ return status;
+ }
+
/* Create the child process */
/* Windows expects argv to be a whitespace delimited string, so join argv up
@@ -4084,7 +4095,7 @@ tor_spawn_background(const char *const filename, const char **argv,
siStartInfo.cb = sizeof(STARTUPINFO);
siStartInfo.hStdError = stderr_pipe_write;
siStartInfo.hStdOutput = stdout_pipe_write;
- siStartInfo.hStdInput = NULL;
+ siStartInfo.hStdInput = stdin_pipe_read;
siStartInfo.dwFlags |= STARTF_USESTDHANDLES;
/* Create the child process */
@@ -4114,6 +4125,7 @@ tor_spawn_background(const char *const filename, const char **argv,
/* TODO: Close hProcess and hThread in process_handle->pid? */
process_handle->stdout_pipe = stdout_pipe_read;
process_handle->stderr_pipe = stderr_pipe_read;
+ process_handle->stdin_pipe = stdin_pipe_write;
status = process_handle->status = PROCESS_STATUS_RUNNING;
}
@@ -4124,6 +4136,7 @@ tor_spawn_background(const char *const filename, const char **argv,
pid_t pid;
int stdout_pipe[2];
int stderr_pipe[2];
+ int stdin_pipe[2];
int fd, retval;
ssize_t nbytes;
process_handle_t *process_handle;
@@ -4148,7 +4161,7 @@ tor_spawn_background(const char *const filename, const char **argv,
child_state = CHILD_STATE_PIPE;
- /* Set up pipe for redirecting stdout and stderr of child */
+ /* Set up pipe for redirecting stdout, stderr, and stdin of child */
retval = pipe(stdout_pipe);
if (-1 == retval) {
log_warn(LD_GENERAL,
@@ -4169,6 +4182,20 @@ tor_spawn_background(const char *const filename, const char **argv,
return status;
}
+ retval = pipe(stdin_pipe);
+ if (-1 == retval) {
+ log_warn(LD_GENERAL,
+ "Failed to set up pipe for stdin communication with child process: %s",
+ strerror(errno));
+
+ close(stdout_pipe[0]);
+ close(stdout_pipe[1]);
+ close(stderr_pipe[0]);
+ close(stderr_pipe[1]);
+
+ return status;
+ }
+
child_state = CHILD_STATE_MAXFD;
#ifdef _SC_OPEN_MAX
@@ -4190,6 +4217,15 @@ tor_spawn_background(const char *const filename, const char **argv,
if (0 == pid) {
/* In child */
+#if defined(HAVE_SYS_PRCTL_H) && defined(__linux__)
+ /* Attempt to have the kernel issue a SIGTERM if the parent
+ * goes away. Certain attributes of the binary being execve()ed
+ * will clear this during the execve() call, but it's better
+ * than nothing.
+ */
+ prctl(PR_SET_PDEATHSIG, SIGTERM);
+#endif
+
child_state = CHILD_STATE_DUPOUT;
/* Link child stdout to the write end of the pipe */
@@ -4204,13 +4240,11 @@ tor_spawn_background(const char *const filename, const char **argv,
if (-1 == retval)
goto error;
- child_state = CHILD_STATE_REDIRECT;
+ child_state = CHILD_STATE_DUPIN;
- /* Link stdin to /dev/null */
- fd = open("/dev/null", O_RDONLY); /* NOT cloexec, obviously. */
- if (fd != -1)
- dup2(fd, STDIN_FILENO);
- else
+ /* Link child stdin to the read end of the pipe */
+ retval = dup2(stdin_pipe[0], STDIN_FILENO);
+ if (-1 == retval)
goto error;
child_state = CHILD_STATE_CLOSEFD;
@@ -4219,7 +4253,8 @@ tor_spawn_background(const char *const filename, const char **argv,
close(stderr_pipe[1]);
close(stdout_pipe[0]);
close(stdout_pipe[1]);
- close(fd);
+ close(stdin_pipe[0]);
+ close(stdin_pipe[1]);
/* Close all other fds, including the read end of the pipe */
/* XXX: We should now be doing enough FD_CLOEXEC setting to make
@@ -4235,8 +4270,10 @@ tor_spawn_background(const char *const filename, const char **argv,
does not modify the arguments */
if (env)
execve(filename, (char *const *) argv, env->unixoid_environment_block);
- else
- execvp(filename, (char *const *) argv);
+ else {
+ static char *new_env[] = { NULL };
+ execve(filename, (char *const *) argv, new_env);
+ }
/* If we got here, the exec or open(/dev/null) failed */
@@ -4269,6 +4306,8 @@ tor_spawn_background(const char *const filename, const char **argv,
if (-1 == pid) {
log_warn(LD_GENERAL, "Failed to fork child process: %s", strerror(errno));
+ close(stdin_pipe[0]);
+ close(stdin_pipe[1]);
close(stdout_pipe[0]);
close(stdout_pipe[1]);
close(stderr_pipe[0]);
@@ -4305,16 +4344,28 @@ tor_spawn_background(const char *const filename, const char **argv,
strerror(errno));
}
+ /* Return write end of the stdin pipe to caller, and close the read end */
+ process_handle->stdin_pipe = stdin_pipe[1];
+ retval = close(stdin_pipe[0]);
+
+ if (-1 == retval) {
+ log_warn(LD_GENERAL,
+ "Failed to close read end of stdin pipe in parent process: %s",
+ strerror(errno));
+ }
+
status = process_handle->status = PROCESS_STATUS_RUNNING;
- /* Set stdout/stderr pipes to be non-blocking */
+ /* Set stdin/stdout/stderr pipes to be non-blocking */
if (fcntl(process_handle->stdout_pipe, F_SETFL, O_NONBLOCK) < 0 ||
- fcntl(process_handle->stderr_pipe, F_SETFL, O_NONBLOCK) < 0) {
- log_warn(LD_GENERAL, "Failed to set stderror/stdout pipes nonblocking "
- "in parent process: %s", strerror(errno));
+ fcntl(process_handle->stderr_pipe, F_SETFL, O_NONBLOCK) < 0 ||
+ fcntl(process_handle->stdin_pipe, F_SETFL, O_NONBLOCK) < 0) {
+ log_warn(LD_GENERAL, "Failed to set stderror/stdout/stdin pipes "
+ "nonblocking in parent process: %s", strerror(errno));
}
/* Open the buffered IO streams */
process_handle->stdout_handle = fdopen(process_handle->stdout_pipe, "r");
process_handle->stderr_handle = fdopen(process_handle->stderr_pipe, "r");
+ process_handle->stdin_handle = fdopen(process_handle->stdin_pipe, "r");
*process_handle_out = process_handle;
return process_handle->status;
@@ -4357,6 +4408,9 @@ tor_process_handle_destroy,(process_handle_t *process_handle,
if (process_handle->stderr_pipe)
CloseHandle(process_handle->stderr_pipe);
+
+ if (process_handle->stdin_pipe)
+ CloseHandle(process_handle->stdin_pipe);
#else
if (process_handle->stdout_handle)
fclose(process_handle->stdout_handle);
@@ -4364,6 +4418,9 @@ tor_process_handle_destroy,(process_handle_t *process_handle,
if (process_handle->stderr_handle)
fclose(process_handle->stderr_handle);
+ if (process_handle->stdin_handle)
+ fclose(process_handle->stdin_handle);
+
clear_waitpid_callback(process_handle->waitpid_cb);
#endif
diff --git a/src/common/util.h b/src/common/util.h
index ea774bd9bd..30ac248b30 100644
--- a/src/common/util.h
+++ b/src/common/util.h
@@ -45,6 +45,13 @@
#error "Sorry; we don't support building with NDEBUG."
#endif
+/* Don't use assertions during coverage. It leads to tons of unreached
+ * branches which in reality are only assertions we didn't hit. */
+#ifdef TOR_COVERAGE
+#define tor_assert(a) STMT_BEGIN \
+ (void)(a); \
+ STMT_END
+#else
/** Like assert(3), but send assertion failures to the log as well as to
* stderr. */
#define tor_assert(expr) STMT_BEGIN \
@@ -52,6 +59,7 @@
tor_assertion_failed_(SHORT_FILE__, __LINE__, __func__, #expr); \
abort(); \
} STMT_END
+#endif
void tor_assertion_failed_(const char *fname, unsigned int line,
const char *func, const char *expr);
@@ -209,7 +217,6 @@ int strcasecmpstart(const char *s1, const char *s2) ATTR_NONNULL((1,2));
int strcmpend(const char *s1, const char *s2) ATTR_NONNULL((1,2));
int strcasecmpend(const char *s1, const char *s2) ATTR_NONNULL((1,2));
int fast_memcmpstart(const void *mem, size_t memlen, const char *prefix);
-void tor_strclear(char *s);
void tor_strstrip(char *s, const char *strip) ATTR_NONNULL((1,2));
long tor_parse_long(const char *s, int base, long min,
@@ -467,12 +474,15 @@ struct process_handle_t {
/** One of the PROCESS_STATUS_* values */
int status;
#ifdef _WIN32
+ HANDLE stdin_pipe;
HANDLE stdout_pipe;
HANDLE stderr_pipe;
PROCESS_INFORMATION pid;
#else
+ int stdin_pipe;
int stdout_pipe;
int stderr_pipe;
+ FILE *stdin_handle;
FILE *stdout_handle;
FILE *stderr_handle;
pid_t pid;
@@ -563,8 +573,6 @@ STATIC int format_helper_exit_status(unsigned char child_state,
#endif
-const char *libor_get_digests(void);
-
#define ARRAY_LENGTH(x) ((sizeof(x)) / sizeof(x[0]))
#endif
diff --git a/src/common/util_codedigest.c b/src/common/util_codedigest.c
deleted file mode 100644
index 7384f7dc1a..0000000000
--- a/src/common/util_codedigest.c
+++ /dev/null
@@ -1,13 +0,0 @@
-
-#include "util.h"
-
-/** Return a string describing the digest of the source files in src/common/
- */
-const char *
-libor_get_digests(void)
-{
- return ""
-#include "common_sha1.i"
- ;
-}
-
diff --git a/src/ext/eventdns.c b/src/ext/eventdns.c
index 2b2988f1ec..a0c7ff29fa 100644
--- a/src/ext/eventdns.c
+++ b/src/ext/eventdns.c
@@ -37,7 +37,7 @@
*/
#include "eventdns_tor.h"
-#include "../common/util.h"
+#include "util.h"
#include <sys/types.h>
/* #define NDEBUG */
diff --git a/src/or/buffers.c b/src/or/buffers.c
index be9974418d..8ef3279fde 100644
--- a/src/or/buffers.c
+++ b/src/or/buffers.c
@@ -20,8 +20,8 @@
#include "control.h"
#include "reasons.h"
#include "ext_orport.h"
-#include "../common/util.h"
-#include "../common/torlog.h"
+#include "util.h"
+#include "torlog.h"
#ifdef HAVE_UNISTD_H
#include <unistd.h>
#endif
diff --git a/src/or/config.c b/src/or/config.c
index fca350c203..d65d35dfc2 100644
--- a/src/or/config.c
+++ b/src/or/config.c
@@ -225,7 +225,7 @@ static config_var_t option_vars_[] = {
V(DisableDebuggerAttachment, BOOL, "1"),
V(DisableIOCP, BOOL, "1"),
OBSOLETE("DisableV2DirectoryInfo_"),
- V(DynamicDHGroups, BOOL, "0"),
+ OBSOLETE("DynamicDHGroups"),
VPORT(DNSPort, LINELIST, NULL),
V(DNSListenAddress, LINELIST, NULL),
V(DownloadExtraInfo, BOOL, "0"),
@@ -1318,10 +1318,6 @@ options_transition_requires_fresh_tls_context(const or_options_t *old_options,
if (!old_options)
return 0;
- if ((old_options->DynamicDHGroups != new_options->DynamicDHGroups)) {
- return 1;
- }
-
if (!opt_streq(old_options->TLSECGroup, new_options->TLSECGroup))
return 1;
@@ -1503,24 +1499,6 @@ options_act(const or_options_t *old_options)
finish_daemon(options->DataDirectory);
}
- /* If needed, generate a new TLS DH prime according to the current torrc. */
- if (server_mode(options) && options->DynamicDHGroups) {
- char *keydir = get_datadir_fname("keys");
- if (check_private_dir(keydir, CPD_CREATE, options->User)) {
- tor_free(keydir);
- return -1;
- }
- tor_free(keydir);
-
- if (!old_options || !old_options->DynamicDHGroups) {
- char *fname = get_datadir_fname2("keys", "dynamic_dh_params");
- crypto_set_tls_dh_prime(fname);
- tor_free(fname);
- }
- } else { /* clients don't need a dynamic DH prime. */
- crypto_set_tls_dh_prime(NULL);
- }
-
/* We want to reinit keys as needed before we do much of anything else:
keys are important, and other things can depend on them. */
if (transition_affects_workers ||
@@ -1909,7 +1887,6 @@ static const struct {
{ "-h", 0 },
{ "--help", 0 },
{ "--list-torrc-options", 0 },
- { "--digests", 0 },
{ "--nt-service", 0 },
{ "-nt-service", 0 },
{ NULL, 0 },
@@ -2566,6 +2543,59 @@ options_validate_cb(void *old_options, void *options, void *default_options,
from_setconf, msg);
}
+#define REJECT(arg) \
+ STMT_BEGIN *msg = tor_strdup(arg); return -1; STMT_END
+#define COMPLAIN(args...) \
+ STMT_BEGIN log_warn(LD_CONFIG, args); STMT_END
+
+/** Log a warning message iff <b>filepath</b> is not absolute.
+ * Warning message must contain option name <b>option</b> and
+ * an absolute path that <b>filepath<b> will resolve to.
+ *
+ * In case <b>filepath</b> is absolute, do nothing.
+ */
+static void
+warn_if_option_path_is_relative(const char *option,
+ char *filepath)
+{
+ if (filepath &&path_is_relative(filepath))
+ COMPLAIN("Path for %s (%s) is relative and will resolve to %s."
+ " Is this what you wanted?",option,filepath,
+ make_path_absolute(filepath));
+}
+
+/** Scan <b>options</b> for occurances of relative file/directory
+ * path and log a warning whenever it is found.
+ */
+static void
+warn_about_relative_paths(or_options_t *options)
+{
+ tor_assert(options);
+
+ warn_if_option_path_is_relative("CookieAuthFile",
+ options->CookieAuthFile);
+ warn_if_option_path_is_relative("ExtORPortCookieAuthFile",
+ options->ExtORPortCookieAuthFile);
+ warn_if_option_path_is_relative("DirPortFrontPage",
+ options->DirPortFrontPage);
+ warn_if_option_path_is_relative("V3BandwidthsFile",
+ options->V3BandwidthsFile);
+ warn_if_option_path_is_relative("ControlPortWriteToFile",
+ options->ControlPortWriteToFile);
+ warn_if_option_path_is_relative("GeoIPFile",options->GeoIPFile);
+ warn_if_option_path_is_relative("GeoIPv6File",options->GeoIPv6File);
+ warn_if_option_path_is_relative("Log",options->DebugLogFile);
+ warn_if_option_path_is_relative("AccelDir",options->AccelDir);
+ warn_if_option_path_is_relative("DataDirectory",options->DataDirectory);
+ warn_if_option_path_is_relative("PidFile",options->PidFile);
+
+ for (config_line_t *hs_line = options->RendConfigLines; hs_line;
+ hs_line = hs_line->next) {
+ if (!strcasecmp(hs_line->key, "HiddenServiceDir"))
+ warn_if_option_path_is_relative("HiddenServiceDir",hs_line->value);
+ }
+}
+
/** Return 0 if every setting in <b>options</b> is reasonable, is a
* permissible transition from <b>old_options</b>, and none of the
* testing-only settings differ from <b>default_options</b> unless in
@@ -2587,13 +2617,12 @@ options_validate(or_options_t *old_options, or_options_t *options,
config_line_t *cl;
const char *uname = get_uname();
int n_ports=0;
-#define REJECT(arg) \
- STMT_BEGIN *msg = tor_strdup(arg); return -1; STMT_END
-#define COMPLAIN(arg) STMT_BEGIN log_warn(LD_CONFIG, arg); STMT_END
tor_assert(msg);
*msg = NULL;
+ warn_about_relative_paths(options);
+
if (server_mode(options) &&
(!strcmpstart(uname, "Windows 95") ||
!strcmpstart(uname, "Windows 98") ||
@@ -3755,9 +3784,10 @@ options_validate(or_options_t *old_options, or_options_t *options,
"combination.");
return 0;
+}
+
#undef REJECT
#undef COMPLAIN
-}
/* Given the value that the user has set for MaxMemInQueues, compute the
* actual maximum value. We clip this value if it's too low, and autodetect
@@ -4333,13 +4363,6 @@ options_init_from_torrc(int argc, char **argv)
exit(0);
}
- if (config_line_find(cmdline_only_options, "--digests")) {
- printf("Tor version %s.\n",get_version());
- printf("%s", libor_get_digests());
- printf("%s", tor_get_digests());
- exit(0);
- }
-
if (config_line_find(cmdline_only_options, "--library-versions")) {
printf("Tor version %s. \n", get_version());
printf("Library versions\tCompiled\t\tRuntime\n");
@@ -5934,7 +5957,8 @@ parse_port_config(smartlist_t *out,
port = 1;
} else if (!strcmp(addrport, "auto")) {
port = CFG_AUTO_PORT;
- tor_addr_parse(&addr, defaultaddr);
+ int af = tor_addr_parse(&addr, defaultaddr);
+ tor_assert(af >= 0);
} else if (!strcasecmpend(addrport, ":auto")) {
char *addrtmp = tor_strndup(addrport, strlen(addrport)-5);
port = CFG_AUTO_PORT;
@@ -5949,7 +5973,8 @@ parse_port_config(smartlist_t *out,
"9050" might be a valid address. */
port = (int) tor_parse_long(addrport, 10, 0, 65535, &ok, NULL);
if (ok) {
- tor_addr_parse(&addr, defaultaddr);
+ int af = tor_addr_parse(&addr, defaultaddr);
+ tor_assert(af >= 0);
} else if (tor_addr_port_lookup(addrport, &addr, &ptmp) == 0) {
if (ptmp == 0) {
log_warn(LD_CONFIG, "%sPort line has address but no port", portname);
diff --git a/src/or/config.h b/src/or/config.h
index b064f05321..b0b23bcfbd 100644
--- a/src/or/config.h
+++ b/src/or/config.h
@@ -91,7 +91,6 @@ int getinfo_helper_config(control_connection_t *conn,
const char *question, char **answer,
const char **errmsg);
-const char *tor_get_digests(void);
uint32_t get_effective_bwrate(const or_options_t *options);
uint32_t get_effective_bwburst(const or_options_t *options);
diff --git a/src/or/config_codedigest.c b/src/or/config_codedigest.c
deleted file mode 100644
index 86d14bacef..0000000000
--- a/src/or/config_codedigest.c
+++ /dev/null
@@ -1,13 +0,0 @@
-
-const char *tor_get_digests(void);
-
-/** Return a string describing the digest of the source files in src/or/
- */
-const char *
-tor_get_digests(void)
-{
- return ""
-#include "or_sha1.i"
- ;
-}
-
diff --git a/src/or/connection.c b/src/or/connection.c
index 7db0238b3d..369df67363 100644
--- a/src/or/connection.c
+++ b/src/or/connection.c
@@ -1407,7 +1407,7 @@ static int
connection_handle_listener_read(connection_t *conn, int new_type)
{
tor_socket_t news; /* the new socket */
- connection_t *newconn;
+ connection_t *newconn = 0;
/* information about the remote peer when connecting to other routers */
struct sockaddr_storage addrbuf;
struct sockaddr *remote = (struct sockaddr*)&addrbuf;
@@ -3774,7 +3774,7 @@ connection_fetch_from_buf_line(connection_t *conn, char *data,
}
}
-/** As fetch_from_buf_http, but fetches from a conncetion's input buffer_t or
+/** As fetch_from_buf_http, but fetches from a connection's input buffer_t or
* its bufferevent as appropriate. */
int
connection_fetch_from_buf_http(connection_t *conn,
diff --git a/src/or/control.c b/src/or/control.c
index e25c3b2954..5ec97bd9af 100644
--- a/src/or/control.c
+++ b/src/or/control.c
@@ -72,7 +72,7 @@ static int disable_log_messages = 0;
/** Macro: true if any control connection is interested in events of type
* <b>e</b>. */
#define EVENT_IS_INTERESTING(e) \
- (!! (global_event_mask & (((uint64_t)1)<<(e))))
+ (!! (global_event_mask & EVENT_MASK_(e)))
/** If we're using cookie-type authentication, how long should our cookies be?
*/
@@ -3102,8 +3102,8 @@ handle_control_authchallenge(control_connection_t *conn, uint32_t len,
tor_free(client_nonce);
return -1;
}
-
- tor_assert(!crypto_rand(server_nonce, SAFECOOKIE_SERVER_NONCE_LEN));
+ const int fail = crypto_rand(server_nonce, SAFECOOKIE_SERVER_NONCE_LEN);
+ tor_assert(!fail);
/* Now compute and send the server-to-controller response, and the
* server's nonce. */
diff --git a/src/or/control.h b/src/or/control.h
index 47a601817a..dbb80b1f20 100644
--- a/src/or/control.h
+++ b/src/or/control.h
@@ -123,6 +123,7 @@ void control_free_all(void);
* because it is used both as a list of v0 event types, and as indices
* into the bitfield to determine which controllers want which events.
*/
+/* This bitfield has no event zero 0x0000 */
#define EVENT_MIN_ 0x0001
#define EVENT_CIRCUIT_STATUS 0x0001
#define EVENT_STREAM_STATUS 0x0002
@@ -158,9 +159,29 @@ void control_free_all(void);
#define EVENT_TRANSPORT_LAUNCHED 0x0020
#define EVENT_HS_DESC 0x0021
#define EVENT_MAX_ 0x0021
-/* If EVENT_MAX_ ever hits 0x003F, we need to make the mask into a
+
+/* sizeof(control_connection_t.event_mask) in bits, currently a uint64_t */
+#define EVENT_CAPACITY_ 0x0040
+
+/* If EVENT_MAX_ ever hits 0x0040, we need to make the mask into a
* different structure, as it can only handle a maximum left shift of 1<<63. */
+#if EVENT_MAX_ >= EVENT_CAPACITY_
+#error control_connection_t.event_mask has an event greater than its capacity
+#endif
+
+#define EVENT_MASK_(e) (((uint64_t)1)<<(e))
+
+#define EVENT_MASK_NONE_ ((uint64_t)0x0)
+
+#define EVENT_MASK_ABOVE_MIN_ ((~((uint64_t)0x0)) << EVENT_MIN_)
+#define EVENT_MASK_BELOW_MAX_ ((~((uint64_t)0x0)) \
+ >> (EVENT_CAPACITY_ - EVENT_MAX_ \
+ - EVENT_MIN_))
+
+#define EVENT_MASK_ALL_ (EVENT_MASK_ABOVE_MIN_ \
+ & EVENT_MASK_BELOW_MAX_)
+
/* Used only by control.c and test.c */
STATIC size_t write_escaped_data(const char *data, size_t len, char **out);
STATIC size_t read_escaped_data(const char *data, size_t len, char **out);
diff --git a/src/or/dns.c b/src/or/dns.c
index cc4a169422..db77d20783 100644
--- a/src/or/dns.c
+++ b/src/or/dns.c
@@ -24,7 +24,7 @@
#include "relay.h"
#include "router.h"
#include "ht.h"
-#include "../common/sandbox.h"
+#include "sandbox.h"
#ifdef HAVE_EVENT2_DNS_H
#include <event2/event.h>
#include <event2/dns.h>
diff --git a/src/or/entrynodes.c b/src/or/entrynodes.c
index 30108b6041..9663f34002 100644
--- a/src/or/entrynodes.c
+++ b/src/or/entrynodes.c
@@ -141,8 +141,7 @@ entry_guard_set_status(entry_guard_t *e, const node_t *node,
}
if (node) {
- int is_dir = node_is_dir(node) && node->rs &&
- node->rs->version_supports_microdesc_cache;
+ int is_dir = node_is_dir(node);
if (options->UseBridges && node_is_a_configured_bridge(node))
is_dir = 1;
if (e->is_dir_cache != is_dir) {
@@ -398,10 +397,10 @@ add_an_entry_guard(const node_t *chosen, int reset_status, int prepend,
entry->bad_since = 0;
entry->can_retry = 1;
}
- entry->is_dir_cache = node->rs &&
- node->rs->version_supports_microdesc_cache;
+ entry->is_dir_cache = node_is_dir(node);
if (get_options()->UseBridges && node_is_a_configured_bridge(node))
entry->is_dir_cache = 1;
+
return NULL;
}
} else if (!for_directory) {
@@ -432,8 +431,7 @@ add_an_entry_guard(const node_t *chosen, int reset_status, int prepend,
node_describe(node));
strlcpy(entry->nickname, node_get_nickname(node), sizeof(entry->nickname));
memcpy(entry->identity, node->identity, DIGEST_LEN);
- entry->is_dir_cache = node_is_dir(node) && node->rs &&
- node->rs->version_supports_microdesc_cache;
+ entry->is_dir_cache = node_is_dir(node);
if (get_options()->UseBridges && node_is_a_configured_bridge(node))
entry->is_dir_cache = 1;
@@ -571,22 +569,6 @@ remove_obsolete_entry_guards(time_t now)
} else if (tor_version_parse(ver, &v)) {
msg = "does not seem to be from any recognized version of Tor";
version_is_bad = 1;
- } else {
- char *tor_ver = NULL;
- tor_asprintf(&tor_ver, "Tor %s", ver);
- if ((tor_version_as_new_as(tor_ver, "0.1.0.10-alpha") &&
- !tor_version_as_new_as(tor_ver, "0.1.2.16-dev")) ||
- (tor_version_as_new_as(tor_ver, "0.2.0.0-alpha") &&
- !tor_version_as_new_as(tor_ver, "0.2.0.6-alpha")) ||
- /* above are bug 440; below are bug 1217 */
- (tor_version_as_new_as(tor_ver, "0.2.1.3-alpha") &&
- !tor_version_as_new_as(tor_ver, "0.2.1.23")) ||
- (tor_version_as_new_as(tor_ver, "0.2.2.0-alpha") &&
- !tor_version_as_new_as(tor_ver, "0.2.2.7-alpha"))) {
- msg = "was selected without regard for guard bandwidth";
- version_is_bad = 1;
- }
- tor_free(tor_ver);
}
if (!version_is_bad && entry->chosen_on_date + guard_lifetime < now) {
/* It's been too long since the date listed in our state file. */
@@ -989,39 +971,6 @@ entry_list_is_constrained(const or_options_t *options)
return 0;
}
-/** Return true iff this node can answer directory questions about
- * microdescriptors. */
-static int
-node_understands_microdescriptors(const node_t *node)
-{
- tor_assert(node);
- if (node->rs && node->rs->version_supports_microdesc_cache)
- return 1;
- if (node->ri && tor_version_supports_microdescriptors(node->ri->platform))
- return 1;
- return 0;
-}
-
-/** Return true iff <b>node</b> is able to answer directory questions
- * of type <b>dirinfo</b>. Always returns true if <b>dirinfo</b> is
- * NO_DIRINFO (zero). */
-static int
-node_can_handle_dirinfo(const node_t *node, dirinfo_type_t dirinfo)
-{
- /* Checking dirinfo for any type other than microdescriptors isn't required
- yet, since we only choose directory guards that can support microdescs,
- routerinfos, and networkstatuses, AND we don't use directory guards if
- we're configured to do direct downloads of anything else. The only case
- where we might have a guard that doesn't know about a type of directory
- information is when we're retrieving directory information from a
- bridge. */
-
- if ((dirinfo & MICRODESC_DIRINFO) &&
- !node_understands_microdescriptors(node))
- return 0;
- return 1;
-}
-
/** Pick a live (up and listed) entry guard from entry_guards. If
* <b>state</b> is non-NULL, this is for a specific circuit --
* make sure not to pick this circuit's exit or any node in the
@@ -1077,6 +1026,8 @@ populate_live_entry_guards(smartlist_t *live_entry_guards,
int retval = 0;
entry_is_live_flags_t entry_flags = 0;
+ (void) dirinfo_type;
+
{ /* Set the flags we want our entry node to have */
if (need_uptime) {
entry_flags |= ENTRY_NEED_UPTIME;
@@ -1108,9 +1059,6 @@ populate_live_entry_guards(smartlist_t *live_entry_guards,
continue; /* don't pick the same node for entry and exit */
if (smartlist_contains(exit_family, node))
continue; /* avoid relays that are family members of our exit */
- if (dirinfo_type != NO_DIRINFO &&
- !node_can_handle_dirinfo(node, dirinfo_type))
- continue; /* this node won't be able to answer our dir questions */
smartlist_add(live_entry_guards, (void*)node);
if (!entry->made_contact) {
/* Always start with the first not-yet-contacted entry
@@ -2484,11 +2432,9 @@ any_bridge_supports_microdescriptors(void)
SMARTLIST_FOREACH_BEGIN(entry_guards, entry_guard_t *, e) {
node = node_get_by_id(e->identity);
if (node && node->is_running &&
- node_is_bridge(node) && node_is_a_configured_bridge(node) &&
- node_understands_microdescriptors(node)) {
+ node_is_bridge(node) && node_is_a_configured_bridge(node)) {
/* This is one of our current bridges, and we know enough about
- * it to know that it will be able to answer our microdescriptor
- * questions. */
+ * it to know that it will be able to answer our questions. */
return 1;
}
} SMARTLIST_FOREACH_END(e);
diff --git a/src/or/include.am b/src/or/include.am
index b44e1099dc..e315caebeb 100644
--- a/src/or/include.am
+++ b/src/or/include.am
@@ -15,7 +15,7 @@ else
tor_platform_source=
endif
-EXTRA_DIST+= src/or/ntmain.c src/or/or_sha1.i src/or/Makefile.nmake
+EXTRA_DIST+= src/or/ntmain.c src/or/Makefile.nmake
if USE_EXTERNAL_EVDNS
evdns_source=
@@ -79,14 +79,14 @@ LIBTOR_A_SOURCES = \
src/or/status.c \
src/or/onion_ntor.c \
$(evdns_source) \
- $(tor_platform_source) \
- src/or/config_codedigest.c
+ $(tor_platform_source)
src_or_libtor_a_SOURCES = $(LIBTOR_A_SOURCES)
src_or_libtor_testing_a_SOURCES = $(LIBTOR_A_SOURCES)
-#libtor_a_LIBADD = ../common/libor.a ../common/libor-crypto.a \
-# ../common/libor-event.a
+#libtor_a_LIBADD = $(top_builddir)/common/libor.a \
+# $(top_builddir)/common/libor-crypto.a \
+# $(top_builddir)/common/libor-event.a
src_or_tor_SOURCES = src/or/tor_main.c
@@ -98,7 +98,7 @@ AM_CPPFLAGS += -DSHARE_DATADIR="\"$(datadir)\"" \
-DLOCALSTATEDIR="\"$(localstatedir)\"" \
-DBINDIR="\"$(bindir)\""
-src_or_libtor_testing_a_CPPFLAGS = -DTOR_UNIT_TESTS $(AM_CPPFLAGS)
+src_or_libtor_testing_a_CPPFLAGS = $(AM_CPPFLAGS) $(TEST_CPPFLAGS)
src_or_libtor_testing_a_CFLAGS = $(AM_CFLAGS) $(TEST_CFLAGS)
# -L flags need to go in LDFLAGS. -l flags need to go in LDADD.
@@ -115,7 +115,7 @@ src_or_tor_LDADD = src/or/libtor.a src/common/libor.a \
if COVERAGE_ENABLED
src_or_tor_cov_SOURCES = src/or/tor_main.c
-src_or_tor_cov_CPPFLAGS = -DTOR_UNIT_TESTS $(AM_CPPFLAGS)
+src_or_tor_cov_CPPFLAGS = $(AM_CPPFLAGS) $(TEST_CPPFLAGS)
src_or_tor_cov_CFLAGS = $(AM_CFLAGS) $(TEST_CFLAGS)
src_or_tor_cov_LDFLAGS = @TOR_LDFLAGS_zlib@ @TOR_LDFLAGS_openssl@ @TOR_LDFLAGS_libevent@
src_or_tor_cov_LDADD = src/or/libtor-testing.a src/common/libor-testing.a \
@@ -123,9 +123,9 @@ src_or_tor_cov_LDADD = src/or/libtor-testing.a src/common/libor-testing.a \
src/common/libor-event-testing.a \
@TOR_ZLIB_LIBS@ @TOR_LIB_MATH@ @TOR_LIBEVENT_LIBS@ @TOR_OPENSSL_LIBS@ \
@TOR_LIB_WS32@ @TOR_LIB_GDI@ @CURVE25519_LIBS@ @TOR_SYSTEMD_LIBS@
-TESTING_TOR_BINARY = ./src/or/tor-cov
+TESTING_TOR_BINARY = $(top_builddir)/src/or/tor-cov
else
-TESTING_TOR_BINARY = ./src/or/tor
+TESTING_TOR_BINARY = $(top_builddir)/src/or/tor
endif
ORHEADERS = \
@@ -189,36 +189,24 @@ ORHEADERS = \
noinst_HEADERS+= $(ORHEADERS) micro-revision.i
-src/or/config_codedigest.o: src/or/or_sha1.i
-
micro-revision.i: FORCE
- @rm -f micro-revision.tmp; \
- if test -d "$(top_srcdir)/.git" && \
- test -x "`which git 2>&1;true`"; then \
- HASH="`cd "$(top_srcdir)" && git rev-parse --short=16 HEAD`"; \
- echo \"$$HASH\" > micro-revision.tmp; \
- fi; \
- if test ! -f micro-revision.tmp ; then \
- if test ! -f micro-revision.i ; then \
- echo '""' > micro-revision.i; \
- fi; \
- elif test ! -f micro-revision.i || \
- test x"`cat micro-revision.tmp`" != x"`cat micro-revision.i`"; then \
- mv micro-revision.tmp micro-revision.i; \
- fi; true
-
-src/or/or_sha1.i: $(src_or_tor_SOURCES) $(src_or_libtor_a_SOURCES) $(ORHEADERS)
- $(AM_V_GEN)if test "@SHA1SUM@" != none; then \
- (cd "$(srcdir)" && "@SHA1SUM@" $(src_or_tor_SOURCES) $(src_or_libtor_a_SOURCES) $(ORHEADERS) ) | \
- "@SED@" -n 's/^\(.*\)$$/"\1\\n"/p' > src/or/or_sha1.i; \
- elif test "@OPENSSL@" != none; then \
- (cd "$(srcdir)" && "@OPENSSL@" sha1 $(src_or_tor_SOURCES) $(src_or_libtor_a_SOURCES) $(ORHEADERS)) | \
- "@SED@" -n 's/SHA1(\(.*\))= \(.*\)/"\2 \1\\n"/p' > src/or/or_sha1.i; \
- else \
- rm src/or/or_sha1.i; \
- touch src/or/or_sha1.i; \
- fi
-
-CLEANFILES+= micro-revision.i src/or/micro-revision.i
+ $(AM_V_GEN)rm -f micro-revision.tmp; \
+ if test -d "$(top_srcdir)/.git" && \
+ test -x "`which git 2>&1;true`"; then \
+ HASH="`cd "$(top_srcdir)" && git rev-parse --short=16 HEAD`"; \
+ echo \"$$HASH\" > micro-revision.tmp; \
+ fi; \
+ if test ! -f micro-revision.tmp; then \
+ if test ! -f micro-revision.i; then \
+ echo '""' > micro-revision.i; \
+ fi; \
+ elif test ! -f micro-revision.i || \
+ test x"`cat micro-revision.tmp`" != x"`cat micro-revision.i`"; then \
+ mv micro-revision.tmp micro-revision.i; \
+ fi; \
+ rm -f micro-revision.tmp; \
+ true
+
+CLEANFILES+= micro-revision.i src/or/micro-revision.i micro-revision.tmp
FORCE:
diff --git a/src/or/main.c b/src/or/main.c
index d0fe8cbc00..a816fad2bb 100644
--- a/src/or/main.c
+++ b/src/or/main.c
@@ -63,7 +63,7 @@
#include <openssl/crypto.h>
#endif
#include "memarea.h"
-#include "../common/sandbox.h"
+#include "sandbox.h"
#ifdef HAVE_EVENT2_EVENT_H
#include <event2/event.h>
@@ -2810,8 +2810,8 @@ do_dump_config(void)
} else if (!strcmp(arg, "full")) {
how = OPTIONS_DUMP_ALL;
} else {
- printf("%s is not a recognized argument to --dump-config. "
- "Please select 'short', 'non-builtin', or 'full'", arg);
+ fprintf(stderr, "%s is not a recognized argument to --dump-config. "
+ "Please select 'short', 'non-builtin', or 'full'", arg);
return -1;
}
@@ -3112,7 +3112,8 @@ tor_main(int argc, char *argv[])
result = 0;
break;
case CMD_VERIFY_CONFIG:
- printf("Configuration was valid\n");
+ if (quiet_level == 0)
+ printf("Configuration was valid\n");
result = 0;
break;
case CMD_DUMP_CONFIG:
diff --git a/src/or/or.h b/src/or/or.h
index 0d81b54d94..d548aeabb6 100644
--- a/src/or/or.h
+++ b/src/or/or.h
@@ -88,7 +88,7 @@
#include "crypto.h"
#include "tortls.h"
-#include "../common/torlog.h"
+#include "torlog.h"
#include "container.h"
#include "torgzip.h"
#include "address.h"
@@ -2131,9 +2131,6 @@ typedef struct routerstatus_t {
* if the number of traits we care about ever becomes incredibly big. */
unsigned int version_known:1;
- /** True iff this router is a version that, if it caches directory info,
- * we can get microdescriptors from. */
- unsigned int version_supports_microdesc_cache:1;
/** True iff this router has a version that allows it to accept EXTEND2
* cells */
unsigned int version_supports_extend2_cells:1;
@@ -3387,8 +3384,6 @@ typedef struct {
char *Address; /**< OR only: configured address for this onion router. */
char *PidFile; /**< Where to store PID of Tor process. */
- int DynamicDHGroups; /**< Dynamic generation of prime moduli for use in DH.*/
-
routerset_t *ExitNodes; /**< Structure containing nicknames, digests,
* country codes and IP address patterns of ORs to
* consider as exits. */
diff --git a/src/or/rendcommon.c b/src/or/rendcommon.c
index 866f4fb026..174f1c4b04 100644
--- a/src/or/rendcommon.c
+++ b/src/or/rendcommon.c
@@ -646,7 +646,6 @@ rend_encode_v2_descriptors(smartlist_t *descs_out,
rend_encoded_v2_service_descriptor_free(enc);
goto err;
}
- desc_str[written++] = '\n';
desc_str[written++] = 0;
/* Check if we can parse our own descriptor. */
if (!rend_desc_v2_is_parsable(enc)) {
diff --git a/src/or/rendservice.c b/src/or/rendservice.c
index 4ae06dfb90..0cad66da6d 100644
--- a/src/or/rendservice.c
+++ b/src/or/rendservice.c
@@ -173,7 +173,7 @@ rend_authorized_client_free(rend_authorized_client_t *client)
return;
if (client->client_key)
crypto_pk_free(client->client_key);
- tor_strclear(client->client_name);
+ memwipe(client->client_name, 0, strlen(client->client_name));
tor_free(client->client_name);
memwipe(client->descriptor_cookie, 0, sizeof(client->descriptor_cookie));
tor_free(client);
@@ -1052,7 +1052,7 @@ rend_service_load_auth_keys(rend_service_t *s, const char *hfname)
abort_writing_to_file(open_hfile);
done:
if (client_keys_str) {
- tor_strclear(client_keys_str);
+ memwipe(client_keys_str, 0, strlen(client_keys_str));
tor_free(client_keys_str);
}
strmap_free(parsed_clients, rend_authorized_client_strmap_item_free);
@@ -3320,7 +3320,8 @@ rend_services_introduce(void)
intro = tor_malloc_zero(sizeof(rend_intro_point_t));
intro->extend_info = extend_info_from_node(node, 0);
intro->intro_key = crypto_pk_new();
- tor_assert(!crypto_pk_generate_key(intro->intro_key));
+ const int fail = crypto_pk_generate_key(intro->intro_key);
+ tor_assert(!fail);
intro->time_published = -1;
intro->time_to_expire = -1;
intro->time_expiring = -1;
diff --git a/src/or/routerlist.c b/src/or/routerlist.c
index f4f6200bbc..fd096799de 100644
--- a/src/or/routerlist.c
+++ b/src/or/routerlist.c
@@ -37,7 +37,7 @@
#include "routerlist.h"
#include "routerparse.h"
#include "routerset.h"
-#include "../common/sandbox.h"
+#include "sandbox.h"
// #define DEBUG_ROUTERLIST
/****************************************************************************/
@@ -1498,9 +1498,6 @@ router_pick_directory_server_impl(dirinfo_type_t type, int flags,
if ((type & EXTRAINFO_DIRINFO) &&
!router_supports_extrainfo(node->identity, is_trusted_extrainfo))
continue;
- if ((type & MICRODESC_DIRINFO) && !is_trusted &&
- !node->rs->version_supports_microdesc_cache)
- continue;
if (for_guard && node->using_as_guard)
continue; /* Don't make the same node a guard twice. */
if (try_excluding &&
diff --git a/src/or/routerparse.c b/src/or/routerparse.c
index 5a9626f0a2..6a477470c4 100644
--- a/src/or/routerparse.c
+++ b/src/or/routerparse.c
@@ -2015,10 +2015,7 @@ routerstatus_parse_entry_from_string(memarea_t *area,
tor_assert(tok->n_args == 1);
rs->version_known = 1;
if (strcmpstart(tok->args[0], "Tor ")) {
- rs->version_supports_microdesc_cache = 1;
} else {
- rs->version_supports_microdesc_cache =
- tor_version_supports_microdescriptors(tok->args[0]);
rs->version_supports_extend2_cells =
tor_version_as_new_as(tok->args[0], "0.2.4.8-alpha");
}
@@ -4263,14 +4260,6 @@ microdescs_parse_from_string(const char *s, const char *eos,
return result;
}
-/** Return true iff this Tor version can answer directory questions
- * about microdescriptors. */
-int
-tor_version_supports_microdescriptors(const char *platform)
-{
- return tor_version_as_new_as(platform, "0.2.3.1-alpha");
-}
-
/** Parse the Tor version of the platform string <b>platform</b>,
* and compare it to the version in <b>cutoff</b>. Return 1 if
* the router is at least as new as the cutoff, else return 0.
diff --git a/src/or/routerparse.h b/src/or/routerparse.h
index fc21cb1041..e294d95391 100644
--- a/src/or/routerparse.h
+++ b/src/or/routerparse.h
@@ -44,7 +44,6 @@ MOCK_DECL(addr_policy_t *, router_parse_addr_policy_item_from_string,
(const char *s, int assume_action));
version_status_t tor_version_is_obsolete(const char *myversion,
const char *versionlist);
-int tor_version_supports_microdescriptors(const char *platform);
int tor_version_as_new_as(const char *platform, const char *cutoff);
int tor_version_parse(const char *s, tor_version_t *out);
int tor_version_compare(tor_version_t *a, tor_version_t *b);
diff --git a/src/or/transports.c b/src/or/transports.c
index 6f07054ea8..ba2c784c2c 100644
--- a/src/or/transports.c
+++ b/src/or/transports.c
@@ -1388,6 +1388,11 @@ create_managed_proxy_environment(const managed_proxy_t *mp)
} else {
smartlist_add_asprintf(envs, "TOR_PT_EXTENDED_SERVER_PORT=");
}
+
+ /* All new versions of tor will keep stdin open, so PTs can use it
+ * as a reliable termination detection mechanism.
+ */
+ smartlist_add_asprintf(envs, "TOR_PT_EXIT_ON_STDIN_CLOSE=1");
} else {
/* If ClientTransportPlugin has a HTTPS/SOCKS proxy configured, set the
* TOR_PT_PROXY line.
diff --git a/src/test/include.am b/src/test/include.am
index d20d2f66b9..c857ec2f89 100644
--- a/src/test/include.am
+++ b/src/test/include.am
@@ -1,10 +1,11 @@
-TESTS += src/test/test src/test/test-slow
+TESTS += src/test/test src/test/test-slow src/test/test-memwipe
noinst_PROGRAMS+= src/test/bench
if UNITTESTS_ENABLED
noinst_PROGRAMS+= \
src/test/test \
src/test/test-slow \
+ src/test/test-memwipe \
src/test/test-child \
src/test/test_workqueue
endif
@@ -73,10 +74,13 @@ src_test_test_slow_SOURCES = \
src/test/testing_common.c \
src/ext/tinytest.c
+src_test_test_memwipe_SOURCES = \
+ src/test/test-memwipe.c
+
src_test_test_CFLAGS = $(AM_CFLAGS) $(TEST_CFLAGS)
-src_test_test_CPPFLAGS= $(src_test_AM_CPPFLAGS)
+src_test_test_CPPFLAGS= $(src_test_AM_CPPFLAGS) $(TEST_CPPFLAGS)
src_test_bench_SOURCES = \
src/test/bench.c
@@ -89,7 +93,7 @@ src_test_test_workqueue_CFLAGS = $(AM_CFLAGS) $(TEST_CFLAGS)
src_test_test_LDFLAGS = @TOR_LDFLAGS_zlib@ @TOR_LDFLAGS_openssl@ \
@TOR_LDFLAGS_libevent@
src_test_test_LDADD = src/or/libtor-testing.a src/common/libor-testing.a \
- src/common/libor-crypto-testing.a $(LIBDONNA) \
+ src/common/libor-crypto-testing.a $(LIBDONNA) src/common/libor.a \
src/common/libor-event-testing.a src/trunnel/libor-trunnel-testing.a \
@TOR_ZLIB_LIBS@ @TOR_LIB_MATH@ @TOR_LIBEVENT_LIBS@ \
@TOR_OPENSSL_LIBS@ @TOR_LIB_WS32@ @TOR_LIB_GDI@ @CURVE25519_LIBS@ \
@@ -100,6 +104,11 @@ src_test_test_slow_CFLAGS = $(src_test_test_CFLAGS)
src_test_test_slow_LDADD = $(src_test_test_LDADD)
src_test_test_slow_LDFLAGS = $(src_test_test_LDFLAGS)
+src_test_test_memwipe_CPPFLAGS = $(src_test_test_CPPFLAGS)
+src_test_test_memwipe_CFLAGS = $(src_test_test_CFLAGS)
+src_test_test_memwipe_LDADD = $(src_test_test_LDADD)
+src_test_test_memwipe_LDFLAGS = $(src_test_test_LDFLAGS)
+
src_test_bench_LDFLAGS = @TOR_LDFLAGS_zlib@ @TOR_LDFLAGS_openssl@ \
@TOR_LDFLAGS_libevent@
src_test_bench_LDADD = src/or/libtor.a src/common/libor.a \
@@ -140,9 +149,9 @@ src_test_test_ntor_cl_AM_CPPFLAGS = \
NTOR_TEST_DEPS=src/test/test-ntor-cl
if COVERAGE_ENABLED
-CMDLINE_TEST_TOR = ./src/or/tor-cov
+CMDLINE_TEST_TOR = $(top_builddir)/src/or/tor-cov
else
-CMDLINE_TEST_TOR = ./src/or/tor
+CMDLINE_TEST_TOR = $(top_builddir)/src/or/tor
endif
noinst_PROGRAMS += src/test/test-bt-cl
@@ -151,22 +160,20 @@ src_test_test_bt_cl_LDADD = src/common/libor-testing.a \
@TOR_LIB_MATH@ \
@TOR_LIB_WS32@ @TOR_LIB_GDI@
src_test_test_bt_cl_CFLAGS = $(AM_CFLAGS) $(TEST_CFLAGS)
-src_test_test_bt_cl_CPPFLAGS= $(src_test_AM_CPPFLAGS)
+src_test_test_bt_cl_CPPFLAGS= $(src_test_AM_CPPFLAGS) $(TEST_CPPFLAGS)
check-local: $(NTOR_TEST_DEPS) $(CMDLINE_TEST_TOR)
if USEPYTHON
- $(PYTHON) $(top_srcdir)/src/test/test_cmdline_args.py $(CMDLINE_TEST_TOR) "${top_srcdir}"
$(PYTHON) $(top_srcdir)/src/test/ntor_ref.py test-tor
$(PYTHON) $(top_srcdir)/src/test/ntor_ref.py self-test
- ./src/test/test-bt-cl assert | $(PYTHON) $(top_srcdir)/src/test/bt_test.py
- ./src/test/test-bt-cl crash | $(PYTHON) $(top_srcdir)/src/test/bt_test.py
+ $(top_builddir)/src/test/test-bt-cl assert | $(PYTHON) $(top_srcdir)/src/test/bt_test.py
+ $(top_builddir)/src/test/test-bt-cl crash | $(PYTHON) $(top_srcdir)/src/test/bt_test.py
endif
- $(top_srcdir)/src/test/zero_length_keys.sh
+ $(SHELL) $(top_srcdir)/src/test/zero_length_keys.sh
EXTRA_DIST += \
src/test/bt_test.py \
src/test/ntor_ref.py \
src/test/slownacl_curve25519.py \
- src/test/test_cmdline_args.py \
src/test/zero_length_keys.sh
diff --git a/src/test/test-memwipe.c b/src/test/test-memwipe.c
new file mode 100644
index 0000000000..a721a8e728
--- /dev/null
+++ b/src/test/test-memwipe.c
@@ -0,0 +1,204 @@
+#include <string.h>
+#include <stdio.h>
+#include <sys/types.h>
+#include <stdlib.h>
+
+#include "crypto.h"
+#include "compat.h"
+
+#undef MIN
+#define MIN(a,b) ( ((a)<(b)) ? (a) : (b) )
+
+static unsigned fill_a_buffer_memset(void) __attribute__((noinline));
+static unsigned fill_a_buffer_memwipe(void) __attribute__((noinline));
+static unsigned fill_a_buffer_nothing(void) __attribute__((noinline));
+static unsigned fill_heap_buffer_memset(void) __attribute__((noinline));
+static unsigned fill_heap_buffer_memwipe(void) __attribute__((noinline));
+static unsigned fill_heap_buffer_nothing(void) __attribute__((noinline));
+static unsigned check_a_buffer(void) __attribute__((noinline));
+
+const char *s = NULL;
+
+#define FILL_BUFFER_IMPL() \
+ unsigned int i; \
+ unsigned sum = 0; \
+ \
+ /* Fill up a 1k buffer with a recognizable pattern. */ \
+ for (i = 0; i < 2048; i += strlen(s)) { \
+ memcpy(buf+i, s, MIN(strlen(s), 2048-i)); \
+ } \
+ \
+ /* Use the buffer as input to a computation so the above can't get */ \
+ /* optimized away. */ \
+ for (i = 0; i < 2048; ++i) { \
+ sum += (unsigned char)buf[i]; \
+ }
+
+static unsigned
+fill_a_buffer_memset(void)
+{
+ char buf[2048];
+ FILL_BUFFER_IMPL()
+ memset(buf, 0, sizeof(buf));
+ return sum;
+}
+
+static unsigned
+fill_a_buffer_memwipe(void)
+{
+ char buf[2048];
+ FILL_BUFFER_IMPL()
+ memwipe(buf, 0, sizeof(buf));
+ return sum;
+}
+
+static unsigned
+fill_a_buffer_nothing(void)
+{
+ char buf[2048];
+ FILL_BUFFER_IMPL()
+ return sum;
+}
+
+static INLINE int
+vmemeq(volatile char *a, const char *b, size_t n)
+{
+ while (n--) {
+ if (*a++ != *b++)
+ return 0;
+ }
+ return 1;
+}
+
+static unsigned
+check_a_buffer(void)
+{
+ unsigned int i;
+ volatile char buf[1024];
+ unsigned sum = 0;
+
+ /* See if this buffer has the string in it.
+
+ YES, THIS DOES INVOKE UNDEFINED BEHAVIOR BY READING FROM AN UNINITIALIZED
+ BUFFER.
+
+ If you know a better way to figure out whether the compiler eliminated
+ the memset/memwipe calls or not, please let me know.
+ */
+ for (i = 0; i < sizeof(buf); ++i) {
+ if (vmemeq(buf+i, s, strlen(s)))
+ ++sum;
+ }
+
+ return sum;
+}
+
+static char *heap_buf = NULL;
+
+static unsigned
+fill_heap_buffer_memset(void)
+{
+ char *buf = heap_buf = malloc(2048);
+ FILL_BUFFER_IMPL()
+ memset(buf, 0, 2048);
+ free(buf);
+ return sum;
+}
+
+static unsigned
+fill_heap_buffer_memwipe(void)
+{
+ char *buf = heap_buf = malloc(2048);
+ FILL_BUFFER_IMPL()
+ memwipe(buf, 0, 2048);
+ free(buf);
+ return sum;
+}
+
+static unsigned
+fill_heap_buffer_nothing(void)
+{
+ char *buf = heap_buf = malloc(2048);
+ FILL_BUFFER_IMPL()
+ free(buf);
+ return sum;
+}
+
+static unsigned
+check_heap_buffer(void)
+{
+ unsigned int i;
+ unsigned sum = 0;
+ volatile char *buf = heap_buf;
+
+ /* See if this buffer has the string in it.
+
+ YES, THIS DOES INVOKE UNDEFINED BEHAVIOR BY READING FROM A FREED BUFFER.
+
+ If you know a better way to figure out whether the compiler eliminated
+ the memset/memwipe calls or not, please let me know.
+ */
+ for (i = 0; i < sizeof(buf); ++i) {
+ if (vmemeq(buf+i, s, strlen(s)))
+ ++sum;
+ }
+
+ return sum;
+}
+
+static struct testcase {
+ const char *name;
+ unsigned (*fill_fn)(void);
+ unsigned (*check_fn)(void);
+} testcases[] = {
+ { "nil", fill_a_buffer_nothing, check_a_buffer },
+ { "nil-heap", fill_heap_buffer_nothing, check_heap_buffer },
+ { "memset", fill_a_buffer_memset, check_a_buffer },
+ { "memset-heap", fill_heap_buffer_memset, check_heap_buffer },
+ { "memwipe", fill_a_buffer_memwipe, check_a_buffer },
+ { "memwipe-heap", fill_heap_buffer_memwipe, check_heap_buffer },
+ { NULL, NULL, NULL }
+};
+
+int
+main(int argc, char **argv)
+{
+ unsigned x, x2;
+ int i;
+ int working = 1;
+ unsigned found[6];
+ (void) argc; (void) argv;
+
+ s = "squamous haberdasher gallimaufry";
+
+ memset(found, 0, sizeof(found));
+
+ for (i = 0; testcases[i].name; ++i) {
+ x = testcases[i].fill_fn();
+ found[i] = testcases[i].check_fn();
+
+ x2 = fill_a_buffer_nothing();
+
+ if (x != x2) {
+ working = 0;
+ }
+ }
+
+ if (!working || !found[0] || !found[1]) {
+ printf("It appears that this test case may not give you reliable "
+ "information. Sorry.\n");
+ }
+
+ if (!found[2] && !found[3]) {
+ printf("It appears that memset is good enough on this platform. Good.\n");
+ }
+
+ if (found[4] || found[5]) {
+ printf("ERROR: memwipe does not wipe data!\n");
+ return 1;
+ } else {
+ printf("OKAY: memwipe seems to work.");
+ return 0;
+ }
+}
+
diff --git a/src/test/test-network.sh b/src/test/test-network.sh
index be57cafb7f..ccfb5df424 100755
--- a/src/test/test-network.sh
+++ b/src/test/test-network.sh
@@ -13,7 +13,7 @@ do
export TOR_DIR="$2"
shift
;;
- --flavo?r|--network-flavo?r)
+ --flavor|--flavour|--network-flavor|--network-flavour)
export NETWORK_FLAVOUR="$2"
shift
;;
diff --git a/src/test/test_address.c b/src/test/test_address.c
index 424a6352b0..317119c52f 100644
--- a/src/test/test_address.c
+++ b/src/test/test_address.c
@@ -130,8 +130,8 @@ test_address_ifaddrs_to_smartlist(void *arg)
ipv6_sockaddr = tor_malloc(sizeof(struct sockaddr_in6));
ipv6_sockaddr->sin6_family = AF_INET6;
ipv6_sockaddr->sin6_port = 0;
- inet_pton(AF_INET6, "2001:db8:8714:3a90::12",
- &(ipv6_sockaddr->sin6_addr));
+ tor_inet_pton(AF_INET6, "2001:db8:8714:3a90::12",
+ &(ipv6_sockaddr->sin6_addr));
ifa = tor_malloc(sizeof(struct ifaddrs));
ifa_ipv4 = tor_malloc(sizeof(struct ifaddrs));
@@ -452,10 +452,182 @@ test_address_get_if_addrs_ioctl(void *arg)
#endif
+#define FAKE_SOCKET_FD (42)
+
+static tor_socket_t
+fake_open_socket(int domain, int type, int protocol)
+{
+ (void)domain;
+ (void)type;
+ (void)protocol;
+
+ return FAKE_SOCKET_FD;
+}
+
+static int last_connected_socket_fd = 0;
+
+static int connect_retval = 0;
+
+static tor_socket_t
+pretend_to_connect(tor_socket_t socket, const struct sockaddr *address,
+ socklen_t address_len)
+{
+ (void)address;
+ (void)address_len;
+
+ last_connected_socket_fd = socket;
+
+ return connect_retval;
+}
+
+static struct sockaddr *mock_addr = NULL;
+
+static int
+fake_getsockname(tor_socket_t socket, struct sockaddr *address,
+ socklen_t *address_len)
+{
+ socklen_t bytes_to_copy = 0;
+ (void) socket;
+
+ if (!mock_addr)
+ return -1;
+
+ if (mock_addr->sa_family == AF_INET) {
+ bytes_to_copy = sizeof(struct sockaddr_in);
+ } else if (mock_addr->sa_family == AF_INET6) {
+ bytes_to_copy = sizeof(struct sockaddr_in6);
+ } else {
+ return -1;
+ }
+
+ if (*address_len < bytes_to_copy) {
+ return -1;
+ }
+
+ memcpy(address,mock_addr,bytes_to_copy);
+ *address_len = bytes_to_copy;
+
+ return 0;
+}
+
+static void
+test_address_udp_socket_trick_whitebox(void *arg)
+{
+ int hack_retval;
+ tor_addr_t *addr_from_hack = tor_malloc_zero(sizeof(tor_addr_t));
+ struct sockaddr_in6 *mock_addr6;
+ struct sockaddr_in6 *ipv6_to_check =
+ tor_malloc_zero(sizeof(struct sockaddr_in6));
+
+ (void)arg;
+
+ MOCK(tor_open_socket,fake_open_socket);
+ MOCK(tor_connect_socket,pretend_to_connect);
+ MOCK(tor_getsockname,fake_getsockname);
+
+ mock_addr = tor_malloc_zero(sizeof(struct sockaddr_storage));
+ sockaddr_in_from_string("23.32.246.118",(struct sockaddr_in *)mock_addr);
+
+ hack_retval =
+ get_interface_address6_via_udp_socket_hack(LOG_DEBUG,
+ AF_INET, addr_from_hack);
+
+ tt_int_op(hack_retval,==,0);
+ tt_assert(tor_addr_eq_ipv4h(addr_from_hack, 0x1720f676));
+
+ /* Now, lets do an IPv6 case. */
+ memset(mock_addr,0,sizeof(struct sockaddr_storage));
+
+ mock_addr6 = (struct sockaddr_in6 *)mock_addr;
+ mock_addr6->sin6_family = AF_INET6;
+ mock_addr6->sin6_port = 0;
+ tor_inet_pton(AF_INET6,"2001:cdba::3257:9652",&(mock_addr6->sin6_addr));
+
+ hack_retval =
+ get_interface_address6_via_udp_socket_hack(LOG_DEBUG,
+ AF_INET6, addr_from_hack);
+
+ tt_int_op(hack_retval,==,0);
+
+ tor_addr_to_sockaddr(addr_from_hack,0,(struct sockaddr *)ipv6_to_check,
+ sizeof(struct sockaddr_in6));
+
+ tt_assert(sockaddr_in6_are_equal(mock_addr6,ipv6_to_check));
+
+ UNMOCK(tor_open_socket);
+ UNMOCK(tor_connect_socket);
+ UNMOCK(tor_getsockname);
+
+ done:
+ tor_free(ipv6_to_check);
+ tor_free(mock_addr);
+ tor_free(addr_from_hack);
+ return;
+}
+
+static void
+test_address_udp_socket_trick_blackbox(void *arg)
+{
+ /* We want get_interface_address6_via_udp_socket_hack() to yield
+ * the same valid address that get_interface_address6() returns.
+ * If the latter is unable to find a valid address, we want
+ * _hack() to fail and return-1.
+ *
+ * Furthermore, we want _hack() never to crash, even if
+ * get_interface_addresses_raw() is returning NULL.
+ */
+
+ tor_addr_t addr4;
+ tor_addr_t addr4_to_check;
+ tor_addr_t addr6;
+ tor_addr_t addr6_to_check;
+ int retval, retval_reference;
+
+ (void)arg;
+
+ retval_reference = get_interface_address6(LOG_DEBUG,AF_INET,&addr4);
+ retval = get_interface_address6_via_udp_socket_hack(LOG_DEBUG,
+ AF_INET,
+ &addr4_to_check);
+
+ tt_int_op(retval,==,retval_reference);
+ tt_assert( (retval == -1 && retval_reference == -1) ||
+ (tor_addr_compare(&addr4,&addr4_to_check,CMP_EXACT) == 0) );
+
+ //[XXX: Skipping the AF_INET6 case because bug #12377 makes it fail.]
+ (void)addr6_to_check;
+ (void)addr6;
+#if 0
+ retval_reference = get_interface_address6(LOG_DEBUG,AF_INET6,&addr6);
+ retval = get_interface_address6_via_udp_socket_hack(LOG_DEBUG,
+ AF_INET6,
+ &addr6_to_check);
+
+ tt_int_op(retval,==,retval_reference);
+ tt_assert( (retval == -1 && retval_reference == -1) ||
+ (tor_addr_compare(&addr6,&addr6_to_check,CMP_EXACT) == 0) );
+
+#endif
+
+ /* When family is neither AF_INET nor AF_INET6, we want _hack to
+ * fail and return -1.
+ */
+
+ retval = get_interface_address6_via_udp_socket_hack(LOG_DEBUG,
+ AF_INET+AF_INET6,&addr4);
+
+ tt_assert(retval == -1);
+
+ done:
+ return;
+}
+
#define ADDRESS_TEST(name, flags) \
{ #name, test_address_ ## name, flags, NULL, NULL }
struct testcase_t address_tests[] = {
+ ADDRESS_TEST(udp_socket_trick_whitebox, TT_FORK),
+ ADDRESS_TEST(udp_socket_trick_blackbox, TT_FORK),
#ifdef HAVE_IFADDRS_TO_SMARTLIST
ADDRESS_TEST(get_if_addrs_ifaddrs, TT_FORK),
ADDRESS_TEST(ifaddrs_to_smartlist, 0),
diff --git a/src/test/test_cmdline_args.py b/src/test/test_cmdline_args.py
deleted file mode 100755
index 57641974db..0000000000
--- a/src/test/test_cmdline_args.py
+++ /dev/null
@@ -1,311 +0,0 @@
-#!/usr/bin/python
-
-import binascii
-import hashlib
-import os
-import re
-import shutil
-import subprocess
-import sys
-import tempfile
-import unittest
-
-TOR = "./src/or/tor"
-TOP_SRCDIR = "."
-
-if len(sys.argv) > 1:
- TOR = sys.argv[1]
- del sys.argv[1]
-
-if len(sys.argv) > 1:
- TOP_SRCDIR = sys.argv[1]
- del sys.argv[1]
-
-class UnexpectedSuccess(Exception):
- pass
-
-class UnexpectedFailure(Exception):
- pass
-
-if sys.version < '3':
- def b2s(b):
- return b
- def s2b(s):
- return s
- def NamedTemporaryFile():
- return tempfile.NamedTemporaryFile(delete=False)
-else:
- def b2s(b):
- return str(b, 'ascii')
- def s2b(s):
- return s.encode('ascii')
- def NamedTemporaryFile():
- return tempfile.NamedTemporaryFile(mode="w",delete=False,encoding="ascii")
-
-def contents(fn):
- f = open(fn)
- try:
- return f.read()
- finally:
- f.close()
-
-def run_tor(args, failure=False, stdin=None):
- kwargs = {}
- if stdin != None:
- kwargs['stdin'] = subprocess.PIPE
- p = subprocess.Popen([TOR] + args, stdout=subprocess.PIPE, **kwargs)
- output, _ = p.communicate(input=stdin)
- result = p.poll()
- if result and not failure:
- raise UnexpectedFailure()
- elif not result and failure:
- raise UnexpectedSuccess()
- return b2s(output.replace('\r\n','\n'))
-
-def spaceify_fp(fp):
- for i in range(0, len(fp), 4):
- yield fp[i:i+4]
-
-def lines(s):
- out = s.splitlines()
- if out and out[-1] == '':
- del out[-1]
- return out
-
-def strip_log_junk(line):
- m = re.match(r'([^\[]+\[[a-z]*\] *)(.*)', line)
- if not m:
- return ""+line
- return m.group(2).strip()
-
-def randstring(entropy_bytes):
- s = os.urandom(entropy_bytes)
- return b2s(binascii.b2a_hex(s))
-
-def findLineContaining(lines, s):
- for ln in lines:
- if s in ln:
- return True
- return False
-
-class CmdlineTests(unittest.TestCase):
-
- def test_version(self):
- out = run_tor(["--version"])
- self.assertTrue(out.startswith("Tor version "))
- self.assertEqual(len(lines(out)), 1)
-
- def test_quiet(self):
- out = run_tor(["--quiet", "--quumblebluffin", "1"], failure=True)
- self.assertEqual(out, "")
-
- def test_help(self):
- out = run_tor(["--help"], failure=False)
- out2 = run_tor(["-h"], failure=False)
- self.assertTrue(out.startswith("Copyright (c) 2001"))
- self.assertTrue(out.endswith(
- "tor -f <torrc> [args]\n"
- "See man page for options, or https://www.torproject.org/ for documentation.\n"))
- self.assertTrue(out == out2)
-
- def test_hush(self):
- torrc = NamedTemporaryFile()
- torrc.close()
- try:
- out = run_tor(["--hush", "-f", torrc.name,
- "--quumblebluffin", "1"], failure=True)
- finally:
- os.unlink(torrc.name)
- self.assertEqual(len(lines(out)), 2)
- ln = [ strip_log_junk(l) for l in lines(out) ]
- self.assertEqual(ln[0], "Failed to parse/validate config: Unknown option 'quumblebluffin'. Failing.")
- self.assertEqual(ln[1], "Reading config failed--see warnings above.")
-
- def test_missing_argument(self):
- out = run_tor(["--hush", "--hash-password"], failure=True)
- self.assertEqual(len(lines(out)), 2)
- ln = [ strip_log_junk(l) for l in lines(out) ]
- self.assertEqual(ln[0], "Command-line option '--hash-password' with no value. Failing.")
-
- def test_hash_password(self):
- out = run_tor(["--hash-password", "woodwose"])
- result = lines(out)[-1]
- self.assertEqual(result[:3], "16:")
- self.assertEqual(len(result), 61)
- r = binascii.a2b_hex(result[3:])
- self.assertEqual(len(r), 29)
-
- salt, how, hashed = r[:8], r[8], r[9:]
- self.assertEqual(len(hashed), 20)
- if type(how) == type("A"):
- how = ord(how)
-
- count = (16 + (how & 15)) << ((how >> 4) + 6)
- stuff = salt + s2b("woodwose")
- repetitions = count // len(stuff) + 1
- inp = stuff * repetitions
- inp = inp[:count]
-
- self.assertEqual(hashlib.sha1(inp).digest(), hashed)
-
- def test_digests(self):
- main_c = os.path.join(TOP_SRCDIR, "src", "or", "main.c")
-
- if os.stat(TOR).st_mtime < os.stat(main_c).st_mtime:
- self.skipTest(TOR+" not up to date")
- out = run_tor(["--digests"])
- main_line = [ l for l in lines(out) if l.endswith("/main.c") or l.endswith(" main.c") ]
- digest, name = main_line[0].split()
- f = open(main_c, 'rb')
- actual = hashlib.sha1(f.read()).hexdigest()
- f.close()
- self.assertEqual(digest, actual)
-
- def test_dump_options(self):
- default_torrc = NamedTemporaryFile()
- torrc = NamedTemporaryFile()
- torrc.write("SocksPort 9999")
- torrc.close()
- default_torrc.write("SafeLogging 0")
- default_torrc.close()
- out_sh = out_nb = out_fl = None
- opts = [ "-f", torrc.name,
- "--defaults-torrc", default_torrc.name ]
- try:
- out_sh = run_tor(["--dump-config", "short"]+opts)
- out_nb = run_tor(["--dump-config", "non-builtin"]+opts)
- out_fl = run_tor(["--dump-config", "full"]+opts)
- out_nr = run_tor(["--dump-config", "bliznert"]+opts,
- failure=True)
-
- out_verif = run_tor(["--verify-config"]+opts)
- finally:
- os.unlink(torrc.name)
- os.unlink(default_torrc.name)
-
- self.assertEqual(len(lines(out_sh)), 2)
- self.assertTrue(lines(out_sh)[0].startswith("DataDirectory "))
- self.assertEqual(lines(out_sh)[1:],
- [ "SocksPort 9999" ])
-
- self.assertEqual(len(lines(out_nb)), 2)
- self.assertEqual(lines(out_nb),
- [ "SafeLogging 0",
- "SocksPort 9999" ])
-
- out_fl = lines(out_fl)
- self.assertTrue(len(out_fl) > 100)
- self.assertTrue("SocksPort 9999" in out_fl)
- self.assertTrue("SafeLogging 0" in out_fl)
- self.assertTrue("ClientOnly 0" in out_fl)
-
- self.assertTrue(out_verif.endswith("Configuration was valid\n"))
-
- def test_list_fingerprint(self):
- tmpdir = tempfile.mkdtemp(prefix='ttca_')
- torrc = NamedTemporaryFile()
- torrc.write("ORPort 9999\n")
- torrc.write("DataDirectory %s\n"%tmpdir)
- torrc.write("Nickname tippi")
- torrc.close()
- opts = ["-f", torrc.name]
- try:
- out = run_tor(["--list-fingerprint"]+opts)
- fp = contents(os.path.join(tmpdir, "fingerprint"))
- finally:
- os.unlink(torrc.name)
- shutil.rmtree(tmpdir)
-
- out = lines(out)
- lastlog = strip_log_junk(out[-2])
- lastline = out[-1]
- fp = fp.strip()
- nn_fp = fp.split()[0]
- space_fp = " ".join(spaceify_fp(fp.split()[1]))
- self.assertEqual(lastlog,
- "Your Tor server's identity key fingerprint is '%s'"%fp)
- self.assertEqual(lastline, "tippi %s"%space_fp)
- self.assertEqual(nn_fp, "tippi")
-
- def test_list_options(self):
- out = lines(run_tor(["--list-torrc-options"]))
- self.assertTrue(len(out)>100)
- self.assertTrue(out[0] <= 'AccountingMax')
- self.assertTrue("UseBridges" in out)
- self.assertTrue("SocksPort" in out)
-
- def test_cmdline_args(self):
- default_torrc = NamedTemporaryFile()
- torrc = NamedTemporaryFile()
- contents = ("SocksPort 9999\n"
- "SocksPort 9998\n"
- "ORPort 9000\n"
- "ORPort 9001\n"
- "Nickname eleventeen\n"
- "ControlPort 9500\n")
- torrc.write(contents)
- default_torrc.write("")
- default_torrc.close()
- torrc.close()
- out_sh = out_nb = out_fl = None
-
- opts_stdin = [ "-f", "-",
- "--defaults-torrc", default_torrc.name,
- "--dump-config", "short" ]
- opts = [ "-f", torrc.name,
- "--defaults-torrc", default_torrc.name,
- "--dump-config", "short" ]
- try:
- out_0 = run_tor(opts_stdin,stdin=contents)
- out_1 = run_tor(opts)
- out_2 = run_tor(opts+["+ORPort", "9003",
- "SocksPort", "9090",
- "/ControlPort",
- "/TransPort",
- "+ExtORPort", "9005"])
- finally:
- os.unlink(torrc.name)
- os.unlink(default_torrc.name)
-
- out_0 = [ l for l in lines(out_0) if not l.startswith("DataDir") ]
- out_1 = [ l for l in lines(out_1) if not l.startswith("DataDir") ]
- out_2 = [ l for l in lines(out_2) if not l.startswith("DataDir") ]
-
- self.assertEqual(out_0,
- ["ControlPort 9500",
- "Nickname eleventeen",
- "ORPort 9000",
- "ORPort 9001",
- "SocksPort 9999",
- "SocksPort 9998"])
-
- self.assertEqual(out_1,
- ["ControlPort 9500",
- "Nickname eleventeen",
- "ORPort 9000",
- "ORPort 9001",
- "SocksPort 9999",
- "SocksPort 9998"])
-
- self.assertEqual(out_2,
- ["ExtORPort 9005",
- "Nickname eleventeen",
- "ORPort 9000",
- "ORPort 9001",
- "ORPort 9003",
- "SocksPort 9090"])
-
- def test_missing_torrc(self):
- fname = "nonexistent_file_"+randstring(8)
- out = run_tor(["-f", fname, "--verify-config"], failure=True)
- ln = [ strip_log_junk(l) for l in lines(out) ]
- self.assertTrue("Unable to open configuration file" in ln[-2])
- self.assertTrue("Reading config failed" in ln[-1])
-
- out = run_tor(["-f", fname, "--verify-config", "--ignore-missing-torrc"])
- ln = [ strip_log_junk(l) for l in lines(out) ]
- self.assertTrue(findLineContaining(ln, ", using reasonable defaults"))
- self.assertTrue("Configuration was valid" in ln[-1])
-
-if __name__ == '__main__':
- unittest.main()
diff --git a/src/test/test_controller_events.c b/src/test/test_controller_events.c
index e36314da45..bd91aecd94 100644
--- a/src/test/test_controller_events.c
+++ b/src/test/test_controller_events.c
@@ -293,6 +293,104 @@ test_cntev_format_cell_stats(void *arg)
tor_free(n_chan);
}
+static void
+test_cntev_event_mask(void *arg)
+{
+ unsigned int test_event, selected_event;
+ (void)arg;
+
+ /* Check that nothing is interesting when no events are set */
+ control_testing_set_global_event_mask(EVENT_MASK_NONE_);
+
+ /* Check that nothing is interesting between EVENT_MIN_ and EVENT_MAX_ */
+ for (test_event = EVENT_MIN_; test_event <= EVENT_MAX_; test_event++)
+ tt_assert(!control_event_is_interesting(test_event));
+
+ /* Check that nothing is interesting outside EVENT_MIN_ to EVENT_MAX_
+ * This will break if control_event_is_interesting() checks its arguments */
+ for (test_event = 0; test_event < EVENT_MIN_; test_event++)
+ tt_assert(!control_event_is_interesting(test_event));
+ for (test_event = EVENT_MAX_ + 1;
+ test_event < EVENT_CAPACITY_;
+ test_event++)
+ tt_assert(!control_event_is_interesting(test_event));
+
+ /* Check that all valid events are interesting when all events are set */
+ control_testing_set_global_event_mask(EVENT_MASK_ALL_);
+
+ /* Check that everything is interesting between EVENT_MIN_ and EVENT_MAX_ */
+ for (test_event = EVENT_MIN_; test_event <= EVENT_MAX_; test_event++)
+ tt_assert(control_event_is_interesting(test_event));
+
+ /* Check that nothing is interesting outside EVENT_MIN_ to EVENT_MAX_
+ * This will break if control_event_is_interesting() checks its arguments */
+ for (test_event = 0; test_event < EVENT_MIN_; test_event++)
+ tt_assert(!control_event_is_interesting(test_event));
+ for (test_event = EVENT_MAX_ + 1;
+ test_event < EVENT_CAPACITY_;
+ test_event++)
+ tt_assert(!control_event_is_interesting(test_event));
+
+ /* Check that only that event is interesting when a single event is set */
+ for (selected_event = EVENT_MIN_;
+ selected_event <= EVENT_MAX_;
+ selected_event++) {
+ control_testing_set_global_event_mask(EVENT_MASK_(selected_event));
+
+ /* Check that only this event is interesting
+ * between EVENT_MIN_ and EVENT_MAX_ */
+ for (test_event = EVENT_MIN_; test_event <= EVENT_MAX_; test_event++) {
+ if (test_event == selected_event) {
+ tt_assert(control_event_is_interesting(test_event));
+ } else {
+ tt_assert(!control_event_is_interesting(test_event));
+ }
+ }
+
+ /* Check that nothing is interesting outside EVENT_MIN_ to EVENT_MAX_
+ * This will break if control_event_is_interesting checks its arguments */
+ for (test_event = 0; test_event < EVENT_MIN_; test_event++)
+ tt_assert(!control_event_is_interesting(test_event));
+ for (test_event = EVENT_MAX_ + 1;
+ test_event < EVENT_CAPACITY_;
+ test_event++)
+ tt_assert(!control_event_is_interesting(test_event));
+ }
+
+ /* Check that only that event is not-interesting
+ * when a single event is un-set */
+ for (selected_event = EVENT_MIN_;
+ selected_event <= EVENT_MAX_;
+ selected_event++) {
+ control_testing_set_global_event_mask(
+ EVENT_MASK_ALL_
+ & ~(EVENT_MASK_(selected_event))
+ );
+
+ /* Check that only this event is not-interesting
+ * between EVENT_MIN_ and EVENT_MAX_ */
+ for (test_event = EVENT_MIN_; test_event <= EVENT_MAX_; test_event++) {
+ if (test_event == selected_event) {
+ tt_assert(!control_event_is_interesting(test_event));
+ } else {
+ tt_assert(control_event_is_interesting(test_event));
+ }
+ }
+
+ /* Check that nothing is interesting outside EVENT_MIN_ to EVENT_MAX_
+ * This will break if control_event_is_interesting checks its arguments */
+ for (test_event = 0; test_event < EVENT_MIN_; test_event++)
+ tt_assert(!control_event_is_interesting(test_event));
+ for (test_event = EVENT_MAX_ + 1;
+ test_event < EVENT_CAPACITY_;
+ test_event++)
+ tt_assert(!control_event_is_interesting(test_event));
+ }
+
+ done:
+ ;
+}
+
#define TEST(name, flags) \
{ #name, test_cntev_ ## name, flags, 0, NULL }
@@ -302,6 +400,7 @@ struct testcase_t controller_event_tests[] = {
TEST(sum_up_cell_stats, 0),
TEST(append_cell_stats, 0),
TEST(format_cell_stats, 0),
+ TEST(event_mask, 0),
END_OF_TESTCASES
};
diff --git a/src/test/test_entrynodes.c b/src/test/test_entrynodes.c
index 17cb9d9329..0011d3698a 100644
--- a/src/test/test_entrynodes.c
+++ b/src/test/test_entrynodes.c
@@ -162,9 +162,6 @@ populate_live_entry_guards_test_helper(int num_needed)
False, all guards should have made_contact enabled. */
tt_int_op(entry->made_contact, OP_EQ, 1);
- /* Since we don't have a routerstatus, all of the entry guards are
- not directory servers. */
- tt_int_op(entry->is_dir_cache, OP_EQ, 0);
} SMARTLIST_FOREACH_END(entry);
/* First, try to get some fast guards. This should fail. */
diff --git a/src/test/test_util.c b/src/test/test_util.c
index 51e9e761ab..6a4c3ec072 100644
--- a/src/test/test_util.c
+++ b/src/test/test_util.c
@@ -4111,26 +4111,6 @@ test_util_laplace(void *arg)
;
}
-static void
-test_util_strclear(void *arg)
-{
- static const char *vals[] = { "", "a", "abcdef", "abcdefgh", NULL };
- int i;
- char *v = NULL;
- (void)arg;
-
- for (i = 0; vals[i]; ++i) {
- size_t n;
- v = tor_strdup(vals[i]);
- n = strlen(v);
- tor_strclear(v);
- tt_assert(tor_mem_is_zero(v, n+1));
- tor_free(v);
- }
- done:
- tor_free(v);
-}
-
#define UTIL_LEGACY(name) \
{ #name, test_util_ ## name , 0, NULL, NULL }
@@ -4348,7 +4328,6 @@ struct testcase_t util_tests[] = {
UTIL_LEGACY(di_ops),
UTIL_TEST(round_to_next_multiple_of, 0),
UTIL_TEST(laplace, 0),
- UTIL_TEST(strclear, 0),
UTIL_TEST(find_str_at_start_of_line, 0),
UTIL_TEST(string_is_C_identifier, 0),
UTIL_TEST(asprintf, 0),
diff --git a/src/test/test_util_slow.c b/src/test/test_util_slow.c
index a597ef3cbc..dcd0c9af36 100644
--- a/src/test/test_util_slow.c
+++ b/src/test/test_util_slow.c
@@ -107,9 +107,11 @@ run_util_spawn_background(const char *argv[], const char *expected_out,
#ifdef _WIN32
tt_assert(process_handle->stdout_pipe != INVALID_HANDLE_VALUE);
tt_assert(process_handle->stderr_pipe != INVALID_HANDLE_VALUE);
+ tt_assert(process_handle->stdin_pipe != INVALID_HANDLE_VALUE);
#else
tt_assert(process_handle->stdout_pipe >= 0);
tt_assert(process_handle->stderr_pipe >= 0);
+ tt_assert(process_handle->stdin_pipe >= 0);
#endif
/* Check stdout */
diff --git a/src/test/test_workqueue.c b/src/test/test_workqueue.c
index aaff5069be..83f6f3e215 100644
--- a/src/test/test_workqueue.c
+++ b/src/test/test_workqueue.c
@@ -18,6 +18,8 @@
#include <event.h>
#endif
+#define MAX_INFLIGHT (1<<16)
+
static int opt_verbose = 0;
static int opt_n_threads = 8;
static int opt_n_items = 10000;
@@ -348,7 +350,7 @@ main(int argc, char **argv)
}
if (opt_n_threads < 1 ||
opt_n_items < 1 || opt_n_inflight < 1 || opt_n_lowwater < 0 ||
- opt_n_cancel > opt_n_inflight ||
+ opt_n_cancel > opt_n_inflight || opt_n_inflight > MAX_INFLIGHT ||
opt_ratio_rsa < 0) {
help();
return 1;
diff --git a/src/test/testing_common.c b/src/test/testing_common.c
index 403c83bdd2..60be460660 100644
--- a/src/test/testing_common.c
+++ b/src/test/testing_common.c
@@ -269,7 +269,7 @@ main(int c, const char **v)
printf("Can't initialize crypto subsystem; exiting.\n");
return 1;
}
- crypto_set_tls_dh_prime(NULL);
+ crypto_set_tls_dh_prime();
crypto_seed_rng(1);
rep_hist_init();
network_init();
diff --git a/src/tools/include.am b/src/tools/include.am
index 54b150a80c..5d778c1143 100644
--- a/src/tools/include.am
+++ b/src/tools/include.am
@@ -1,21 +1,45 @@
bin_PROGRAMS+= src/tools/tor-resolve src/tools/tor-gencert
noinst_PROGRAMS+= src/tools/tor-checkkey
+if COVERAGE_ENABLED
+noinst_PROGRAMS+= src/tools/tor-cov-resolve src/tools/tor-cov-gencert
+endif
+
src_tools_tor_resolve_SOURCES = src/tools/tor-resolve.c
src_tools_tor_resolve_LDFLAGS =
src_tools_tor_resolve_LDADD = src/common/libor.a @TOR_LIB_MATH@ @TOR_LIB_WS32@
+if COVERAGE_ENABLED
+src_tools_tor_cov_resolve_SOURCES = src/tools/tor-resolve.c
+src_tools_tor_cov_resolve_CPPFLAGS = $(AM_CPPFLAGS) $(TEST_CPPFLAGS)
+src_tools_tor_cov_resolve_CFLAGS = $(AM_CFLAGS) $(TEST_CFLAGS)
+src_tools_tor_cov_resolve_LDADD = src/common/libor-testing.a \
+ @TOR_LIB_MATH@ @TOR_LIB_WS32@
+endif
+
src_tools_tor_gencert_SOURCES = src/tools/tor-gencert.c
src_tools_tor_gencert_LDFLAGS = @TOR_LDFLAGS_zlib@ @TOR_LDFLAGS_openssl@
src_tools_tor_gencert_LDADD = src/common/libor.a src/common/libor-crypto.a \
- $(LIBDONNA) \
+ $(LIBDONNA) \
+ @TOR_LIB_MATH@ @TOR_ZLIB_LIBS@ @TOR_OPENSSL_LIBS@ \
+ @TOR_LIB_WS32@ @TOR_LIB_GDI@ @CURVE25519_LIBS@
+
+if COVERAGE_ENABLED
+src_tools_tor_cov_gencert_SOURCES = src/tools/tor-gencert.c
+src_tools_tor_cov_gencert_CPPFLAGS = $(AM_CPPFLAGS) $(TEST_CPPFLAGS)
+src_tools_tor_cov_gencert_CFLAGS = $(AM_CFLAGS) $(TEST_CFLAGS)
+src_tools_tor_cov_gencert_LDFLAGS = @TOR_LDFLAGS_zlib@ @TOR_LDFLAGS_openssl@
+src_tools_tor_cov_gencert_LDADD = src/common/libor-testing.a \
+ src/common/libor-crypto-testing.a \
+ $(LIBDONNA) \
@TOR_LIB_MATH@ @TOR_ZLIB_LIBS@ @TOR_OPENSSL_LIBS@ \
@TOR_LIB_WS32@ @TOR_LIB_GDI@ @CURVE25519_LIBS@
+endif
src_tools_tor_checkkey_SOURCES = src/tools/tor-checkkey.c
src_tools_tor_checkkey_LDFLAGS = @TOR_LDFLAGS_zlib@ @TOR_LDFLAGS_openssl@
src_tools_tor_checkkey_LDADD = src/common/libor.a src/common/libor-crypto.a \
- $(LIBDONNA) \
+ $(LIBDONNA) \
@TOR_LIB_MATH@ @TOR_ZLIB_LIBS@ @TOR_OPENSSL_LIBS@ \
@TOR_LIB_WS32@ @TOR_LIB_GDI@ @CURVE25519_LIBS@
diff --git a/src/tools/tor-checkkey.c b/src/tools/tor-checkkey.c
index e404b682cf..ed68bdf52c 100644
--- a/src/tools/tor-checkkey.c
+++ b/src/tools/tor-checkkey.c
@@ -7,7 +7,7 @@
#include <stdlib.h>
#include "crypto.h"
#include "torlog.h"
-#include "../common/util.h"
+#include "util.h"
#include "compat.h"
#include <openssl/bn.h>
#include <openssl/rsa.h>
diff --git a/src/tools/tor-gencert.c b/src/tools/tor-gencert.c
index c599822e07..5ae155609a 100644
--- a/src/tools/tor-gencert.c
+++ b/src/tools/tor-gencert.c
@@ -28,8 +28,8 @@
#endif
#include "compat.h"
-#include "../common/util.h"
-#include "../common/torlog.h"
+#include "util.h"
+#include "torlog.h"
#include "crypto.h"
#include "address.h"
diff --git a/src/tools/tor-resolve.c b/src/tools/tor-resolve.c
index 04815a63f7..19e3a554fa 100644
--- a/src/tools/tor-resolve.c
+++ b/src/tools/tor-resolve.c
@@ -5,9 +5,9 @@
#include "orconfig.h"
#include "compat.h"
-#include "../common/util.h"
+#include "util.h"
#include "address.h"
-#include "../common/torlog.h"
+#include "torlog.h"
#include "sandbox.h"
#include <stdio.h>
diff --git a/src/trunnel/include.am b/src/trunnel/include.am
index c7ac1679d0..54e3db287e 100644
--- a/src/trunnel/include.am
+++ b/src/trunnel/include.am
@@ -23,7 +23,7 @@ src_trunnel_libor_trunnel_a_SOURCES = $(TRUNNELSOURCES)
src_trunnel_libor_trunnel_a_CPPFLAGS = -DTRUNNEL_LOCAL_H $(AM_CPPFLAGS)
src_trunnel_libor_trunnel_testing_a_SOURCES = $(TRUNNELSOURCES)
-src_trunnel_libor_trunnel_testing_a_CPPFLAGS = -DTOR_UNIT_TESTS -DTRUNNEL_LOCAL_H $(AM_CPPFLAGS)
+src_trunnel_libor_trunnel_testing_a_CPPFLAGS = -DTRUNNEL_LOCAL_H $(AM_CPPFLAGS) $(TEST_CPPFLAGS)
src_trunnel_libor_trunnel_testing_a_CFLAGS = $(AM_CFLAGS) $(TEST_CFLAGS)
noinst_HEADERS+= $(TRUNNELHEADERS)
diff --git a/src/win32/orconfig.h b/src/win32/orconfig.h
index 9b2a9b054a..6745bcc9f5 100644
--- a/src/win32/orconfig.h
+++ b/src/win32/orconfig.h
@@ -232,7 +232,7 @@
#define USING_TWOS_COMPLEMENT
/* Version number of package */
-#define VERSION "0.2.6.6"
+#define VERSION "0.2.7.0-alpha-dev"