summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--ChangeLog16
-rw-r--r--configure.in2
-rw-r--r--contrib/polipo/README8
-rw-r--r--contrib/polipo/package.sh11
-rw-r--r--contrib/tor-exit-notice.html71
-rw-r--r--contrib/tor-mingw.nsi.in2
-rw-r--r--doc/spec/proposals/000-index.txt8
-rw-r--r--doc/spec/proposals/160-bandwidth-offset.txt2
-rw-r--r--doc/spec/proposals/161-computing-bandwidth-adjustments.txt2
-rw-r--r--doc/tor.1.txt14
-rw-r--r--src/or/config.c6
-rw-r--r--src/or/control.c2
-rw-r--r--src/or/rendcommon.c12
-rw-r--r--src/win32/orconfig.h2
14 files changed, 93 insertions, 65 deletions
diff --git a/ChangeLog b/ChangeLog
index bc8baf48b8..c8369fc382 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,4 +1,4 @@
-Changes in version 0.2.2.10-alpha - ??
+Changes in version 0.2.2.10-alpha - 2010-??-??
o Major features (performance):
- Alter the client path selection to use new consensus-generated
weightings to alter bandwidths when selecting Guard, Middle, Exit,
@@ -13,6 +13,20 @@ Changes in version 0.2.2.10-alpha - ??
circuits now only differ from fast ones in that they can use nodes
not marked with the Fast flag.
+ o Minor bugfixes:
+ - Fix a memleak in the EXTENDCIRCUIT logic. Spotted by coverity.
+ Bugfix on 0.2.2.9-alpha.
+ - Fix a dereference-then-NULL-check sequence when publishing
+ descriptors. Bugfix on tor-0.2.1.5-alpha. Discovered by ekir,
+ fixes bug 1255.
+ - Disallow values larger than INT32_MAX for PerConnBWRate|Burst
+ config option. Bugfix on 0.2.2.7-alpha.
+
+ o Code simplifications and refactoring:
+ - Fix some urls in the exit notice file and make it XHTML1.1 strict
+ compliant. Based on a patch from Christian Kujau.
+
+
Changes in version 0.2.2.9-alpha - 2010-02-22
o Directory authority changes:
- Change IP address for dannenberg (v3 directory authority), and
diff --git a/configure.in b/configure.in
index 0d82bb409b..e045c08b35 100644
--- a/configure.in
+++ b/configure.in
@@ -4,7 +4,7 @@ dnl Copyright (c) 2007-2008, The Tor Project, Inc.
dnl See LICENSE for licensing information
AC_INIT
-AM_INIT_AUTOMAKE(tor, 0.2.2.9-alpha)
+AM_INIT_AUTOMAKE(tor, 0.2.2.9-alpha-dev)
AM_CONFIG_HEADER(orconfig.h)
AC_CANONICAL_HOST
diff --git a/contrib/polipo/README b/contrib/polipo/README
index e05ab0ceec..8bc23a09d9 100644
--- a/contrib/polipo/README
+++ b/contrib/polipo/README
@@ -49,8 +49,10 @@ installation package.
---------------------------------------------
OSX Universal Binary and Installation package
---------------------------------------------
+You'll need the contrib/polipo directory from Tor's source distribution.
1) Copy Makefile.osx over Makefile.
2) Run 'make'.
-3) Copy the contents of this directory into a directory named "contrib".
-4) Run './contrib/package.sh'
-5) You should have a Polipo-version.dmg ready for installation.
+3) Copy the contents of contrib/polipo into a directory named "contrib".
+4) Run 'chmod +x ./contrib/package.sh'
+5) Run './contrib/package.sh'
+6) You should have a Polipo-version.dmg ready for installation.
diff --git a/contrib/polipo/package.sh b/contrib/polipo/package.sh
index 4ec72c81d8..61bd496f55 100644
--- a/contrib/polipo/package.sh
+++ b/contrib/polipo/package.sh
@@ -17,8 +17,9 @@ if [ -x /usr/bin/sw_vers ]; then
# the OS version
OSVER=`/usr/bin/sw_vers | grep ProductVersion | cut -f2 | cut -d"." -f1,2`
case "$OSVER" in
- "10.5") ARCH="universal";;
- "10.4") ARCH="universal";;
+ "10.6") ARCH="i386";;
+ "10.5") ARCH="i386";;
+ "10.4") ARCH="i386";;
"10.3") ARCH="ppc";;
"10.2") ARCH="ppc";;
"10.1") ARCH="ppc";;
@@ -62,7 +63,7 @@ EOF
### Assemble documentation
-groff polipo.man -T ps -m man | pstopdf -i -o $BUILD_DIR/polipo_packageroot/polipo.pdf
+groff polipo.man -T ps -m man | /usr/bin/pstopdf -i -o $BUILD_DIR/polipo_packageroot/polipo.pdf
texi2html polipo.texi && cp polipo.html $BUILD_DIR/polipo_packageroot/polipo.html
find $BUILD_DIR/polipo_packageroot -print0 |sudo xargs -0 chown root:wheel
@@ -77,8 +78,8 @@ $PACKAGEMAKER -build \
find $BUILD_DIR/output -print0 | sudo xargs -0 chown root:wheel
-mv $BUILD_DIR/output "$BUILD_DIR/Polipo-$VERSION-$ARCH"
-rm -f "Polipo-$VERSION-$ARCH-Bundle.dmg"
+sudo mv $BUILD_DIR/output "$BUILD_DIR/Polipo-$VERSION-$ARCH"
+sudo rm -f "Polipo-$VERSION-$ARCH-Bundle.dmg"
USER="`whoami`"
sudo hdiutil create -format UDZO -srcfolder "$BUILD_DIR/Polipo-$VERSION-$ARCH" "Polipo-$VERSION-$ARCH.dmg"
sudo chown "$USER" "Polipo-$VERSION-$ARCH.dmg"
diff --git a/contrib/tor-exit-notice.html b/contrib/tor-exit-notice.html
index 4ab028fc75..78a148ccc6 100644
--- a/contrib/tor-exit-notice.html
+++ b/contrib/tor-exit-notice.html
@@ -1,5 +1,9 @@
-<html>
+<?xml version="1.0"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
<head>
+<meta http-equiv="Content-Type" content="text/html;charset=utf-8" />
<title>This is a Tor Exit Router</title>
<!--
@@ -19,29 +23,30 @@ They are marked with FIXME.
-->
</head>
-<body bgcolor=white text=black>
+<body>
-<center><h1>This is a Tor Exit Router</h1></center>
+<p style="text-align:center; font-size:xx-large; font-weight:bold">This is a
+Tor Exit Router</p>
-<p>Most likely you are accessing this website because you had some issue with
+<p>
the traffic coming from this IP. This router is part of the <a
href="https://www.torproject.org/">Tor Anonymity Network</a>, which is
-dedicated to <a href="https://www.torproject.org/30seconds.html.en">providing
+dedicated to <a href="https://www.torproject.org/overview.html">providing
privacy</a> to people who need it most: average computer users. This
router IP should be generating no other traffic, unless it has been
-compromised.
-
-<p>
+compromised.</p>
<!-- FIXME: you should probably grab your own copy of how_tor_works_thumb.png
-and serve it locally -->
-<center><a href="https://www.torproject.org/overview.html">
-<img src="https://www.torproject.org/images/how_tor_works_thumb.png"></a></center>
+ and serve it locally -->
-<p>
+<p style="text-align:center">
+<a href="https://www.torproject.org/overview.html">
+<img src="https://www.torproject.org/images/how_tor_works_thumb.png" alt="How Tor works" style="border-style:none"/>
+</a></p>
-Tor sees use by <a href="https://www.torproject.org/torusers.html.en">many
+<p>
+Tor sees use by <a href="https://www.torproject.org/torusers.html">many
important segments of the population</a>, including whistle blowers,
journalists, Chinese dissidents skirting the Great Firewall and oppressive
censorship, abuse victims, stalker targets, the US military, and law
@@ -59,44 +64,41 @@ powerful networks</a> than Tor on a daily basis. Thus, in the mind of this
operator, the social need for easily accessible censorship-resistant private,
anonymous communication trumps the risk of unskilled bad actors, who are
almost always more easily uncovered by traditional police work than by
-extensive monitoring and surveillance anyway.
+extensive monitoring and surveillance anyway.</p>
<p>
-
In terms of applicable law, the best way to understand Tor is to consider it a
network of routers operating as common carriers, much like the Internet
backbone. However, unlike the Internet backbone routers, Tor routers
explicitly do not contain identifiable routing information about the source of
a packet, and no single Tor node can determine both the origin and destination
-of a given transmission.
+of a given transmission.</p>
<p>
-
As such, there is little the operator of this router can do to help you track
the connection further. This router maintains no logs of any of the Tor
traffic, so there is little that can be done to trace either legitimate or
illegitimate traffic (or to filter one from the other). Attempts to
-seize this router will accomplish nothing.
-<p>
+seize this router will accomplish nothing.</p>
-<!--- FIXME: US-Only section. Remove if you are a non-US operator -->
+<!-- FIXME: US-Only section. Remove if you are a non-US operator -->
+<p>
Furthermore, this machine also serves as a carrier of email, which means that
its contents are further protected under the ECPA. <a
href="http://www4.law.cornell.edu/uscode/html/uscode18/usc_sec_18_00002707----000-.html">18
USC 2707</a> explicitly allows for civil remedies ($1000/account
-<i><b><u>plus</u></b></i> legal fees)
+<i><b>plus</b></i> legal fees)
in the event of a seizure executed without good faith or probable cause (it
should be clear at this point that traffic with an originating IP address of
FIXME_DNS_NAME should not constitute probable cause to seize the
machine). Similar considerations exist for 1st amendment content on this
-machine.
-
-<p>
+machine.</p>
<!-- FIXME: May or may not be US-only. Some non-US tor nodes have in
-fact reported DMCA harassment... -->
+ fact reported DMCA harassment... -->
+<p>
If you are a representative of a company who feels that this router is being
used to violate the DMCA, please be aware that this machine does not host or
contain any illegal content. Also be aware that network infrastructure
@@ -106,35 +108,36 @@ href="http://www4.law.cornell.edu/uscode/html/uscode17/usc_sec_17_00000512----00
"safe harbor" provisions</a>. In other words, you will have just as much luck
sending a takedown notice to the Internet backbone providers. Please consult
<a href="https://www.torproject.org/eff/tor-dmca-response.html">EFF's prepared
-response</a> for more information on this matter.
+response</a> for more information on this matter.</p>
-<p>For more information, please consult the following documentation:
+<p>For more information, please consult the following documentation:</p>
<ol>
<li><a href="https://www.torproject.org/overview.html">Tor Overview</a></li>
<li><a href="https://www.torproject.org/faq-abuse.html">Tor Abuse FAQ</a></li>
<li><a href="https://www.torproject.org/eff/tor-legal-faq.html">Tor Legal FAQ</a></li>
</ol>
-<p>
+<p>
That being said, if you still have a complaint about the router, you may
email the <a href="mailto:FIXME_YOUR_EMAIL_ADDRESS">maintainer</a>. If
complaints are related to a particular service that is being abused, I will
consider removing that service from my exit policy, which would prevent my
router from allowing that traffic to exit through it. I can only do this on an
IP+destination port basis, however. Common P2P ports are
-already blocked.
+already blocked.</p>
-<p>You also have the option of blocking this IP address and others on
+<p>
+You also have the option of blocking this IP address and others on
the Tor network if you so desire. The Tor project provides a <a
-href="https://tor-svn.freehaven.net/svn/tor/trunk/contrib/exitlist">python script</a> to
-extract all IP addresses of Tor exit nodes, and an official <a
+href="https://check.torproject.org/cgi-bin/TorBulkExitList.py">web service</a>
+to fetch a list of all IP addresses of Tor exit nodes that allow exiting to a
+specified IP:port combination, and an official <a
href="https://www.torproject.org/tordnsel/">DNSRBL</a> is also available to
determine if a given IP address is actually a Tor exit server. Please
be considerate
when using these options. It would be unfortunate to deny all Tor users access
-to your site indefinitely simply because of a few bad apples.
+to your site indefinitely simply because of a few bad apples.</p>
</body>
</html>
-
diff --git a/contrib/tor-mingw.nsi.in b/contrib/tor-mingw.nsi.in
index e4fef69561..de382a78a6 100644
--- a/contrib/tor-mingw.nsi.in
+++ b/contrib/tor-mingw.nsi.in
@@ -9,7 +9,7 @@
!include "FileFunc.nsh"
!insertmacro GetParameters
-!define VERSION "0.2.2.9-alpha"
+!define VERSION "0.2.2.9-alpha-dev"
!define INSTALLER "tor-${VERSION}-win32.exe"
!define WEBSITE "https://www.torproject.org/"
!define LICENSE "LICENSE"
diff --git a/doc/spec/proposals/000-index.txt b/doc/spec/proposals/000-index.txt
index aa554d6a54..664c5654da 100644
--- a/doc/spec/proposals/000-index.txt
+++ b/doc/spec/proposals/000-index.txt
@@ -80,8 +80,8 @@ Proposals by number:
157 Make certificate downloads specific [ACCEPTED]
158 Clients download consensus + microdescriptors [OPEN]
159 Exit Scanning [OPEN]
-160 Authorities vote for bandwidth offsets in consensus [OPEN]
-161 Computing Bandwidth Adjustments [OPEN]
+160 Authorities vote for bandwidth offsets in consensus [FINISHED]
+161 Computing Bandwidth Adjustments [FINISHED]
162 Publish the consensus in multiple flavors [OPEN]
163 Detecting whether a connection comes from a client [OPEN]
164 Reporting the status of server votes [OPEN]
@@ -111,8 +111,6 @@ Proposals by status:
156 Tracking blocked ports on the client side [for 0.2.?]
158 Clients download consensus + microdescriptors
159 Exit Scanning
- 160 Authorities vote for bandwidth offsets in consensus [for 0.2.2.x]
- 161 Computing Bandwidth Adjustments [for 0.2.2.x]
162 Publish the consensus in multiple flavors [for 0.2.2]
163 Detecting whether a connection comes from a client [for 0.2.2]
164 Reporting the status of server votes [for 0.2.2]
@@ -135,6 +133,8 @@ Proposals by status:
121 Hidden Service Authentication [in 0.2.1.x]
151 Improving Tor Path Selection
155 Four Improvements of Hidden Service Performance [in 0.2.1.x]
+ 160 Authorities vote for bandwidth offsets in consensus [for 0.2.2.x]
+ 161 Computing Bandwidth Adjustments [for 0.2.2.x]
CLOSED:
101 Voting on the Tor Directory System [in 0.2.0.x]
102 Dropping "opt" from the directory format [in 0.2.0.x]
diff --git a/doc/spec/proposals/160-bandwidth-offset.txt b/doc/spec/proposals/160-bandwidth-offset.txt
index 7ca74dfae3..96935ade7d 100644
--- a/doc/spec/proposals/160-bandwidth-offset.txt
+++ b/doc/spec/proposals/160-bandwidth-offset.txt
@@ -2,7 +2,7 @@ Filename: 160-bandwidth-offset.txt
Title: Authorities vote for bandwidth offsets in consensus
Author: Roger Dingledine
Created: 4-May-2009
-Status: Open
+Status: Finished
Target: 0.2.2.x
1. Motivation
diff --git a/doc/spec/proposals/161-computing-bandwidth-adjustments.txt b/doc/spec/proposals/161-computing-bandwidth-adjustments.txt
index 786e1afebd..d219826668 100644
--- a/doc/spec/proposals/161-computing-bandwidth-adjustments.txt
+++ b/doc/spec/proposals/161-computing-bandwidth-adjustments.txt
@@ -3,7 +3,7 @@ Filename: 161-computing-bandwidth-adjustments.txt
Author: Mike Perry
Created: 12-May-2009
Target: 0.2.2.x
-Status: Open
+Status: Finished
1. Motivation
diff --git a/doc/tor.1.txt b/doc/tor.1.txt
index 04b764ad6d..d999344b48 100644
--- a/doc/tor.1.txt
+++ b/doc/tor.1.txt
@@ -66,40 +66,40 @@ Other options can be specified either on the command-line (--option
Options are case-insensitive. C-style escaped characters are allowed inside
quoted values.
-**BandwidthRate** __N__ **bytes**|**KB**|**MB**|**GB**|**TB**::
+**BandwidthRate** __N__ **bytes**|**KB**|**MB**|**GB**::
A token bucket limits the average incoming bandwidth usage on this node to
the specified number of bytes per second, and the average outgoing
bandwidth usage to that same value. (Default: 5 MB)
-**BandwidthBurst** __N__ **bytes**|**KB**|**MB**|**GB**|**TB**::
+**BandwidthBurst** __N__ **bytes**|**KB**|**MB**|**GB**::
Limit the maximum token bucket size (also known as the burst) to the given
number of bytes in each direction. (Default: 10 MB)
-**MaxAdvertisedBandwidth** __N__ **bytes**|**KB**|**MB**|**GB**|**TB**::
+**MaxAdvertisedBandwidth** __N__ **bytes**|**KB**|**MB**|**GB**::
If set, we will not advertise more than this amount of bandwidth for our
BandwidthRate. Server operators who want to reduce the number of clients
who ask to build circuits through them (since this is proportional to
advertised bandwidth rate) can thus reduce the CPU demands on their server
without impacting network performance.
-**RelayBandwidthRate** __N__ **bytes**|**KB**|**MB**|**GB**|**TB**::
+**RelayBandwidthRate** __N__ **bytes**|**KB**|**MB**|**GB**::
If defined, a separate token bucket limits the average incoming bandwidth
usage for \_relayed traffic_ on this node to the specified number of bytes
per second, and the average outgoing bandwidth usage to that same value.
Relayed traffic currently is calculated to include answers to directory
requests, but that may change in future versions. (Default: 0)
-**RelayBandwidthBurst** __N__ **bytes**|**KB**|**MB**|**GB**|**TB**::
+**RelayBandwidthBurst** __N__ **bytes**|**KB**|**MB**|**GB**::
Limit the maximum token bucket size (also known as the burst) for
\_relayed traffic_ to the given number of bytes in each direction.
(Default: 0)
-**PerConnBWRate** __N__ **bytes**|**KB**|**MB**|**GB**|**TB**::
+**PerConnBWRate** __N__ **bytes**|**KB**|**MB**|**GB**::
If set, do separate rate limiting for each connection from a non-relay.
You should never need to change this value, since a network-wide value is
published in the consensus and your relay will use that value. (Default: 0)
-**PerConnBWBurst** __N__ **bytes**|**KB**|**MB**|**GB**|**TB**::
+**PerConnBWBurst** __N__ **bytes**|**KB**|**MB**|**GB**::
If set, do separate rate limiting for each connection from a non-relay.
You should never need to change this value, since a network-wide value is
published in the consensus and your relay will use that value. (Default: 0)
diff --git a/src/or/config.c b/src/or/config.c
index 5ad1d3f446..c9ff92173b 100644
--- a/src/or/config.c
+++ b/src/or/config.c
@@ -3228,6 +3228,12 @@ options_validate(or_options_t *old_options, or_options_t *options,
if (ensure_bandwidth_cap(&options->RelayBandwidthBurst,
"RelayBandwidthBurst", msg) < 0)
return -1;
+ if (ensure_bandwidth_cap(&options->PerConnBWRate,
+ "PerConnBWRate", msg) < 0)
+ return -1;
+ if (ensure_bandwidth_cap(&options->PerConnBWBurst,
+ "PerConnBWBurst", msg) < 0)
+ return -1;
if (server_mode(options)) {
if (options->BandwidthRate < ROUTER_REQUIRED_MIN_BANDWIDTH) {
diff --git a/src/or/control.c b/src/or/control.c
index 0f71855286..5101fdef42 100644
--- a/src/or/control.c
+++ b/src/or/control.c
@@ -2121,6 +2121,8 @@ handle_control_extendcircuit(control_connection_t *conn, uint32_t len,
if (!zero_circ && !(circ = get_circ(smartlist_get(args,0)))) {
connection_printf_to_buf(conn, "552 Unknown circuit \"%s\"\r\n",
(char*)smartlist_get(args, 0));
+ SMARTLIST_FOREACH(args, char *, cp, tor_free(cp));
+ smartlist_free(args);
goto done;
}
diff --git a/src/or/rendcommon.c b/src/or/rendcommon.c
index e4dc5b3d3c..c42f834445 100644
--- a/src/or/rendcommon.c
+++ b/src/or/rendcommon.c
@@ -456,17 +456,17 @@ rend_encode_v2_descriptors(smartlist_t *descs_out,
size_t ipos_len = 0, ipos_encrypted_len = 0;
int k;
uint32_t seconds_valid;
- crypto_pk_env_t *service_key = auth_type == REND_STEALTH_AUTH ?
- client_key : desc->pk;
+ crypto_pk_env_t *service_key;
+ if (!desc) {
+ log_warn(LD_BUG, "Could not encode v2 descriptor: No desc given.");
+ return -1;
+ }
+ service_key = (auth_type == REND_STEALTH_AUTH) ? client_key : desc->pk;
tor_assert(service_key);
if (auth_type == REND_STEALTH_AUTH) {
descriptor_cookie = smartlist_get(client_cookies, 0);
tor_assert(descriptor_cookie);
}
- if (!desc) {
- log_warn(LD_REND, "Could not encode v2 descriptor: No desc given.");
- return -1;
- }
/* Obtain service_id from public key. */
crypto_pk_get_digest(service_key, service_id);
/* Calculate current time-period. */
diff --git a/src/win32/orconfig.h b/src/win32/orconfig.h
index ce1bcd4a3d..0075a5efe4 100644
--- a/src/win32/orconfig.h
+++ b/src/win32/orconfig.h
@@ -226,5 +226,5 @@
#define USING_TWOS_COMPLEMENT
/* Version number of package */
-#define VERSION "0.2.2.9-alpha"
+#define VERSION "0.2.2.9-alpha-dev"
7apu2bq3rhoylwmucxizk54afw5jyda7pho4j5zdcqpwkufke7zdzwad.onion