6 files changed, 54 insertions, 20 deletions

diff --git a/changes/bug17419 b/changes/bug17419
new file mode 100644
index 0000000000..8ad8edd37b
--- /dev/null
+++ b/changes/bug17419
@@ -0,0 +1,4 @@
+
+  o Minor bugfixes:
+    - When logging a malformed hostname received through socks4, scrub it
+      if SafeLogging says we should. Fixes bug 17419; bugfix on 0.1.1.16-rc.
diff --git a/changes/bug18035 b/changes/bug18035
new file mode 100644
index 0000000000..31889f5723
--- /dev/null
+++ b/changes/bug18035
@@ -0,0 +1,6 @@
+  o Minor fixes (fallback directories):
+    - Work around an issue where OnionOO supplies the entire history,
+      rather than the requested 120 days. Activate debug logging by
+      default. Fix other minor calculation and compatibility issues.
+      Closes ticket #18035. Patch by "starlight", merge fixes by
+      "teor". Not in any released version of tor.
diff --git a/changes/log_heartbeat_test b/changes/log_heartbeat_test
new file mode 100644
index 0000000000..7db97ed03c
--- /dev/null
+++ b/changes/log_heartbeat_test
@@ -0,0 +1,6 @@
+  o Minor bugfix (testing):
+    - The test for log_heartbeat was incorrectly failing in timezones
+      with non-integer offsets. Instead of comparing the end of the
+      time string against a constant, compare it to the output of
+      format_local_iso_time when given the correct input.
+      Fixes bug 18039.
diff --git a/scripts/maint/updateFallbackDirs.py b/scripts/maint/updateFallbackDirs.py
index 316962b2b3..3e8a22bc12 100755
--- a/scripts/maint/updateFallbackDirs.py
+++ b/scripts/maint/updateFallbackDirs.py
@@ -27,7 +27,7 @@ import dateutil.parser
 #from bson import json_util
 
 import logging
-logging.basicConfig(level=logging.INFO)
+logging.basicConfig(level=logging.DEBUG)
 
 ## Top-Level Configuration
 
@@ -91,7 +91,7 @@ PERMITTED_BADEXIT = .00
 FALLBACK_PROPORTION_OF_GUARDS = None if OUTPUT_CANDIDATES else 0.2
 
 # Limit the number of fallbacks (eliminating lowest by weight)
-MAX_FALLBACK_COUNT = 500
+MAX_FALLBACK_COUNT = None if OUTPUT_CANDIDATES else 500
 # Emit a C #error if the number of fallbacks is below
 MIN_FALLBACK_COUNT = 100
 
@@ -595,9 +595,15 @@ class Candidate(object):
                      %(p, which))
       for v in reversed(h['values']):
         if (this_ts <= newest):
+          agt1 = now - this_ts
+          agt2 = interval
+          agetmp1 = (agt1.microseconds + (agt1.seconds + agt1.days * 24 * 3600)
+                     * 10**6) / 10**6
+          agetmp2 = (agt2.microseconds + (agt2.seconds + agt2.days * 24 * 3600)
+                     * 10**6) / 10**6
           generic_history.append(
-            { 'age': (now - this_ts).total_seconds(),
-              'length': interval.total_seconds(),
+            { 'age': agetmp1,
+              'length': agetmp2,
               'value': v
             })
           newest = this_ts
@@ -615,6 +621,8 @@ class Candidate(object):
   def _avg_generic_history(generic_history):
     a = []
     for i in generic_history:
+      if i['age'] > (ADDRESS_AND_PORT_STABLE_DAYS * 24 * 3600):
+        continue
       if (i['length'] is not None
           and i['age'] is not None
           and i['value'] is not None):
@@ -624,7 +632,11 @@ class Candidate(object):
     sv = math.fsum(map(lambda x: x[0], a))
     sw = math.fsum(map(lambda x: x[1], a))
 
-    return sv/sw
+    if sw == 0.0:
+      svw = 0.0
+    else:
+      svw = sv/sw
+    return svw
 
   def _add_generic_history(self, history):
     periods = r['read_history'].keys()
@@ -675,10 +687,6 @@ class Candidate(object):
       logging.debug('%s not a candidate: running avg too low (%lf)',
                     self._fpr, self._running)
       return False
-    if self._guard < CUTOFF_GUARD:
-      logging.debug('%s not a candidate: guard avg too low (%lf)',
-                    self._fpr, self._guard)
-      return False
     if self._v2dir < CUTOFF_V2DIR:
       logging.debug('%s not a candidate: v2dir avg too low (%lf)',
                     self._fpr, self._v2dir)
@@ -691,6 +699,10 @@ class Candidate(object):
     if (not self._data.has_key('recommended_version')
         or not self._data['recommended_version']):
       return False
+    if self._guard < CUTOFF_GUARD:
+      logging.debug('%s not a candidate: guard avg too low (%lf)',
+                    self._fpr, self._guard)
+      return False
     return True
 
   def is_in_whitelist(self, relaylist):
@@ -1014,7 +1026,8 @@ class CandidateList(dict):
   # starting with the lowest-weighted fallbacks
   # total_weight should be recalculated after calling this
   def exclude_excess_fallbacks(self):
-    self.fallbacks = self.fallbacks[:MAX_FALLBACK_COUNT]
+    if MAX_FALLBACK_COUNT is not None:
+      self.fallbacks = self.fallbacks[:MAX_FALLBACK_COUNT]
 
   # Clamp the weight of all fallbacks to MAX_WEIGHT_FRACTION * total_weight
   # fallbacks are kept sorted, but since excessive weights are reduced to
@@ -1085,15 +1098,15 @@ class CandidateList(dict):
     else:
       fallback_proportion = ' (%d * %f)'%(guard_count,
                                           FALLBACK_PROPORTION_OF_GUARDS)
-    s += 'Final Count:  %d (Eligible %d, Usable %d, Target %d%s, '%(
+    s += 'Final Count:  %d (Eligible %d, Usable %d, Target %d%s'%(
             min(max_count, fallback_count),
             eligible_count,
             fallback_count,
             target_count,
             fallback_proportion)
-    s += 'Clamped to %d)'%(
-            MAX_FALLBACK_COUNT)
-    s += '\n'
+    if MAX_FALLBACK_COUNT is not None:
+      s += ', Clamped to %d'%(MAX_FALLBACK_COUNT)
+    s += ')\n'
     if fallback_count < MIN_FALLBACK_COUNT:
       s += '*/'
       s += '\n'
@@ -1163,13 +1176,16 @@ def list_fallbacks():
 
   guard_count = candidates.count_guards()
   if FALLBACK_PROPORTION_OF_GUARDS is None:
-    target_count = MAX_FALLBACK_COUNT
+    target_count = guard_count
   else:
     target_count = int(guard_count * FALLBACK_PROPORTION_OF_GUARDS)
   # the maximum number of fallbacks is the least of:
   # - the target fallback count (FALLBACK_PROPORTION_OF_GUARDS * guard count)
   # - the maximum fallback count (MAX_FALLBACK_COUNT)
-  max_count = min(target_count, MAX_FALLBACK_COUNT)
+  if MAX_FALLBACK_COUNT is None:
+    max_count = guard_count
+  else:
+    max_count = min(target_count, MAX_FALLBACK_COUNT)
 
   candidates.compute_fallbacks()
 
diff --git a/src/or/buffers.c b/src/or/buffers.c
index 4696bec8f4..cdb499b8da 100644
--- a/src/or/buffers.c
+++ b/src/or/buffers.c
@@ -1945,7 +1945,7 @@ parse_socks(const char *data, size_t datalen, socks_request_t *req,
         log_warn(LD_PROTOCOL,
                  "Your application (using socks4 to port %d) gave Tor "
                  "a malformed hostname: %s. Rejecting the connection.",
-                 req->port, escaped(req->address));
+                 req->port, escaped_safe_str_client(req->address));
         return -1;
       }
       if (authend != authstart) {
diff --git a/src/test/test_status.c b/src/test/test_status.c
index 57d69b1cc3..84a0f6c024 100644
--- a/src/test/test_status.c
+++ b/src/test/test_status.c
@@ -714,9 +714,11 @@ NS(logv)(int severity, log_domain_mask_t domain,
       tt_str_op(va_arg(ap, char *), OP_EQ, "0 kB");  /* acc_used */
       tt_str_op(va_arg(ap, char *), OP_EQ, "0 kB");  /* acc_max */
       tt_str_op(va_arg(ap, char *), OP_EQ, "max");  /* acc_rule */
-      /* format_local_iso_time uses local tz, just check mins and secs. */
-      tt_ptr_op(strstr(va_arg(ap, char *), ":01:00"),
-                OP_NE, NULL); /* end_buf */
+      /* format_local_iso_time uses local tz, so we can't just compare
+       * the string against a constant */
+      char datetime[ISO_TIME_LEN+1];
+      format_local_iso_time(datetime, 60);
+      tt_str_op(va_arg(ap, char *), OP_EQ, datetime); /* end_buf */
       tt_str_op(va_arg(ap, char *), OP_EQ, "0:01 hours");   /* remaining */
       break;
     case 2: