9 files changed, 69 insertions, 8 deletions

diff --git a/acinclude.m4 b/acinclude.m4
index af1505156c..2943734143 100644
--- a/acinclude.m4
+++ b/acinclude.m4
@@ -43,6 +43,8 @@ AC_DEFUN([TOR_DEFINE_CODEPATH],
 ])
 
 dnl 1:flags
+dnl 2:also try to link (yes: non-empty string)
+dnl   will set yes or no in $tor_can_link_$1 (as modified by AS_VAR_PUSHDEF)
 AC_DEFUN([TOR_CHECK_CFLAGS], [
   AS_VAR_PUSHDEF([VAR],[tor_cv_cflags_$1])
   AC_CACHE_CHECK([whether the compiler accepts $1], VAR, [
@@ -51,6 +53,13 @@ AC_DEFUN([TOR_CHECK_CFLAGS], [
     AC_TRY_COMPILE([], [return 0;],
                    [AS_VAR_SET(VAR,yes)],
                    [AS_VAR_SET(VAR,no)])
+    if test x$2 != x; then
+      AS_VAR_PUSHDEF([can_link],[tor_can_link_$1])
+      AC_TRY_LINK([], [return 0;],
+                  [AS_VAR_SET(can_link,yes)],
+                  [AS_VAR_SET(can_link,no)])
+      AS_VAR_POPDEF([can_link])
+    fi
     CFLAGS="$tor_saved_CFLAGS"
   ])
   if test x$VAR = xyes; then
diff --git a/changes/bug5605 b/changes/bug5605
new file mode 100644
index 0000000000..2144d968fd
--- /dev/null
+++ b/changes/bug5605
@@ -0,0 +1,5 @@
+o Minor Bugfixes:
+  - No longer writing control ports to file if updating reversible
+    options fail. Fixes bug 5605; bugfix on 0.2.2.26-beta.  Patch from
+    Ryman.
+
diff --git a/changes/bug9698 b/changes/bug9698
new file mode 100644
index 0000000000..ee5c4f64a5
--- /dev/null
+++ b/changes/bug9698
@@ -0,0 +1,3 @@
+  o Minor features:
+    - When receiving a new controller connection, log the origin address.
+      Resolves ticket 9698; patch from "sigpipe".
diff --git a/changes/bug9869 b/changes/bug9869
new file mode 100644
index 0000000000..d67156d384
--- /dev/null
+++ b/changes/bug9869
@@ -0,0 +1,7 @@
+  o Minor features (build):
+
+    - Assume that a user using configure --host wants to cross-
+      compile and error if we cannot find a properly named tool-
+      chain. Add --disable-tool-name-check to enable the user
+      to build nevertheless. Addresses ticket 9869. Patch by
+      Benedikt Gollatz.
diff --git a/changes/bug9948 b/changes/bug9948
new file mode 100644
index 0000000000..6a673c0548
--- /dev/null
+++ b/changes/bug9948
@@ -0,0 +1,6 @@
+  o Minor features (build):
+
+    - Check in configure whether we can link an executable when
+      stack protection is enabled so we can warn the user about a
+      potentially missing libssp. Addresses ticket 9948. Patch
+      from Benedikt Gollatz. 
diff --git a/configure.ac b/configure.ac
index 77767c52a6..8d21661f84 100644
--- a/configure.ac
+++ b/configure.ac
@@ -158,12 +158,29 @@ fi])
 AC_ARG_ENABLE(bufferevents,
      AS_HELP_STRING(--enable-bufferevents, use Libevent's buffered IO.))
 
+AC_ARG_ENABLE(tool-name-check,
+     AS_HELP_STRING(--disable-tool-name-check, check for sanely named toolchain when cross-compiling))
+
 dnl check for the correct "ar" when cross-compiling
 AN_MAKEVAR([AR], [AC_PROG_AR])
 AN_PROGRAM([ar], [AC_PROG_AR])
 AC_DEFUN([AC_PROG_AR], [AC_CHECK_TOOL([AR], [ar], [ar])])
 AC_PROG_AR
 
+dnl Check whether the above macro has settled for a simply named tool even
+dnl though we're cross compiling. We must do this before running AC_PROG_CC,
+dnl because that will find any cc on the system, not only the cross-compiler,
+dnl and then verify that a binary built with this compiler runs on the
+dnl build system. It will then come to the false conclusion that we're not
+dnl cross-compiling.
+if test x$enable_tool_name_check != xno; then
+    if test x$ac_tool_warned = xyes; then
+        AC_MSG_ERROR([We are cross compiling but could not find a properly named toolchain. Do you have your cross-compiling toolchain in PATH? (You can --disable-tool-name-check to ignore this.)])
+	elif test "x$ac_ct_AR" != x -a x$cross_compiling = xmaybe; then
+		AC_MSG_ERROR([We think we are cross compiling but could not find a properly named toolchain. Do you have your cross-compiling toolchain in PATH? (You can --disable-tool-name-check to ignore this.)])
+	fi
+fi
+
 AC_PROG_CC
 AC_PROG_CPP
 AC_PROG_MAKE_SET
@@ -589,7 +606,16 @@ if test x$enable_gcc_hardening != xno; then
     if test x$have_clang = xyes; then
         TOR_CHECK_CFLAGS(-Qunused-arguments)
     fi
-    TOR_CHECK_CFLAGS(-fstack-protector-all)
+    TOR_CHECK_CFLAGS(-fstack-protector-all, also_link)
+    AS_VAR_PUSHDEF([can_compile], [tor_cv_cflags_-fstack-protector-all])
+    AS_VAR_PUSHDEF([can_link], [tor_can_link_-fstack-protector-all])
+    AS_VAR_IF(can_compile, [yes],
+        AS_VAR_IF(can_link, [yes],
+                  [],
+                  AC_MSG_ERROR([We tried to build with stack protection; it looks like your compiler supports it but your libc does not provide it. Are you missing libssp? (You can --disable-gcc-hardening to ignore this error.)]))
+        )
+    AS_VAR_POPDEF([can_link])
+    AS_VAR_POPDEF([can_compile])
     TOR_CHECK_CFLAGS(-Wstack-protector)
     TOR_CHECK_CFLAGS(-fwrapv)
     TOR_CHECK_CFLAGS(--param ssp-buffer-size=1)
diff --git a/src/or/config.c b/src/or/config.c
index 14e8f9ab37..95cede0153 100644
--- a/src/or/config.c
+++ b/src/or/config.c
@@ -1129,9 +1129,6 @@ options_act_reversible(const or_options_t *old_options, char **msg)
     /* No need to roll back, since you can't change the value. */
   }
 
-  /* Write control ports to disk as appropriate */
-  control_ports_write_to_file();
-
   if (directory_caches_v2_dir_info(options)) {
     char *fn = NULL;
     tor_asprintf(&fn, "%s"PATH_SEPARATOR"cached-status",
@@ -1330,6 +1327,9 @@ options_act(const or_options_t *old_options)
     }
   }
 
+  /* Write control ports to disk as appropriate */
+  control_ports_write_to_file();
+
   if (running_tor && !have_lockfile()) {
     if (try_locking(options, 1) < 0)
       return -1;
diff --git a/src/or/connection.c b/src/or/connection.c
index 8cf23ab0ef..648fa32703 100644
--- a/src/or/connection.c
+++ b/src/or/connection.c
@@ -334,7 +334,6 @@ control_connection_new(int socket_family)
     tor_malloc_zero(sizeof(control_connection_t));
   connection_init(time(NULL),
                   TO_CONN(control_conn), CONN_TYPE_CONTROL, socket_family);
-  log_notice(LD_CONTROL, "New control connection opened.");
   return control_conn;
 }
 
@@ -1377,11 +1376,17 @@ connection_handle_listener_read(connection_t *conn, int new_type)
       TO_ENTRY_CONN(newconn)->socks_request->socks_prefer_no_auth =
         TO_LISTENER_CONN(conn)->socks_prefer_no_auth;
     }
+    if (new_type == CONN_TYPE_CONTROL) {
+      log_notice(LD_CONTROL, "New control connection opened from %s.",
+                 fmt_and_decorate_addr(&addr));
+    }
 
   } else if (conn->socket_family == AF_UNIX) {
     /* For now only control ports can be Unix domain sockets
      * and listeners at the same time */
     tor_assert(conn->type == CONN_TYPE_CONTROL_LISTENER);
+    tor_assert(new_type == CONN_TYPE_CONTROL);
+    log_notice(LD_CONTROL, "New control connection opened.");
 
     newconn = connection_new(new_type, conn->socket_family);
     newconn->s = news;
diff --git a/src/test/test_cmdline_args.py b/src/test/test_cmdline_args.py
index 1b0963f6b9..2213bb5702 100755
--- a/src/test/test_cmdline_args.py
+++ b/src/test/test_cmdline_args.py
@@ -163,9 +163,9 @@ class CmdlineTests(unittest.TestCase):
 
         out_fl = lines(out_fl)
         self.assert_(len(out_fl) > 100)
-        self.assertIn("SocksPort 9999", out_fl)
-        self.assertIn("SafeLogging 0", out_fl)
-        self.assertIn("ClientOnly 0", out_fl)
+        self.assert_("SocksPort 9999" in out_fl)
+        self.assert_("SafeLogging 0" in out_fl)
+        self.assert_("ClientOnly 0" in out_fl)
 
         self.assert_(out_verif.endswith("Configuration was valid\n"))