1 files changed, 40 insertions, 17 deletions

diff --git a/configure.ac b/configure.ac
index 9c31ae28f2..3ef5cdd7d0 100644
--- a/configure.ac
+++ b/configure.ac
@@ -3,7 +3,7 @@ dnl Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson
 dnl Copyright (c) 2007-2013, The Tor Project, Inc.
 dnl See LICENSE for licensing information
 
-AC_INIT([tor],[0.2.5.1-alpha-dev])
+AC_INIT([tor],[0.2.5.4-alpha-dev])
 AC_CONFIG_SRCDIR([src/or/main.c])
 AC_CONFIG_MACRO_DIR([m4])
 AM_INIT_AUTOMAKE
@@ -129,13 +129,13 @@ AC_ARG_ENABLE(gcc-warnings,
 AC_ARG_ENABLE(gcc-warnings-advisory,
      AS_HELP_STRING(--enable-gcc-warnings-advisory, [enable verbose warnings, excluding -Werror]))
 
-dnl Adam shostack suggests the following for Windows:
-dnl -D_FORTIFY_SOURCE=2 -fstack-protector-all
 dnl Others suggest '/gs /safeseh /nxcompat /dynamicbase' for non-gcc on Windows
-dnl This requires that we use gcc and that we add -O2 to the CFLAGS.
 AC_ARG_ENABLE(gcc-hardening,
     AS_HELP_STRING(--disable-gcc-hardening, disable compiler security checks))
 
+AC_ARG_ENABLE(expensive-hardening,
+    AS_HELP_STRING(--enable-expensive-hardening, enable more expensive compiler hardening; makes Tor slower))
+
 dnl Linker hardening options
 dnl Currently these options are ELF specific - you can't use this with MacOSX
 AC_ARG_ENABLE(linker-hardening,
@@ -161,6 +161,9 @@ AC_ARG_ENABLE(bufferevents,
 AC_ARG_ENABLE(tool-name-check,
      AS_HELP_STRING(--disable-tool-name-check, check for sanely named toolchain when cross-compiling))
 
+AC_ARG_ENABLE(seccomp,
+     AS_HELP_STRING(--disable-seccomp, do not attempt to use libseccomp))
+
 dnl check for the correct "ar" when cross-compiling
 AN_MAKEVAR([AR], [AC_PROG_AR])
 AN_PROGRAM([ar], [AC_PROG_AR])
@@ -191,7 +194,7 @@ AC_CHECK_PROG([SED],[sed],[sed],[/bin/false])
 
 dnl check for asciidoc and a2x
 AC_PATH_PROG([ASCIIDOC], [asciidoc], none)
-AC_PATH_PROG([A2X], [a2x], none)
+AC_PATH_PROGS([A2X], [a2x a2x.py], none)
 
 AM_CONDITIONAL(USE_ASCIIDOC, test x$asciidoc = xtrue)
 
@@ -201,7 +204,7 @@ AM_CONDITIONAL(MINIUPNPC, test x$upnp = xtrue)
 AM_PROG_CC_C_O
 
 AC_ARG_VAR(PYTHON)
-AC_CHECK_PROGS(PYTHON, [python python2 python3])
+AC_CHECK_PROGS(PYTHON, [python python2 python2.7 python3 python3.3])
 if test "x$PYTHON" = "x"; then
   AC_MSG_WARN([Python unavailable; some tests will not be run.])
 fi
@@ -353,6 +356,7 @@ AC_CHECK_FUNCS(
         strtok_r \
         strtoull \
         sysconf \
+	sysctl \
         uname \
         vasprintf \
 	_vscprintf
@@ -435,6 +439,7 @@ AC_CHECK_FUNCS([event_get_version \
                 event_set_log_callback \
                 evdns_set_outgoing_bind_address \
                 evutil_secure_rng_set_urandom_device_file \
+                evutil_secure_rng_init \
                 event_base_loopexit])
 AC_CHECK_MEMBERS([struct event.min_heap_idx], , ,
 [#include <event.h>
@@ -628,6 +633,12 @@ if test x$enable_gcc_hardening != xno; then
     fi
 fi
 
+if test x$enable_expensive_hardening = xyes ; then
+   TOR_CHECK_CFLAGS([-fsanitize=address])
+   TOR_CHECK_CFLAGS([-fsanitize=undefined])
+   TOR_CHECK_CFLAGS([-fno-omit-frame-pointer])
+fi
+
 if test x$enable_linker_hardening != xno; then
     TOR_CHECK_LDFLAGS(-z relro -z now, "$all_ldflags_for_check", "$all_libs_for_check")
 fi
@@ -640,15 +651,23 @@ dnl Now see if we have a -fomit-frame-pointer compiler option.
 
 saved_CFLAGS="$CFLAGS"
 TOR_CHECK_CFLAGS(-fomit-frame-pointer)
+F_OMIT_FRAME_POINTER=''
 if test "$saved_CFLAGS" != "$CFLAGS"; then
-  F_OMIT_FRAME_POINTER='-fomit-frame-pointer'
-else
-  F_OMIT_FRAME_POINTER=''
+  if test x$enable_expensive_hardening != xyes ; then
+    F_OMIT_FRAME_POINTER='-fomit-frame-pointer'
+  fi
 fi
 CFLAGS="$saved_CFLAGS"
 AC_SUBST(F_OMIT_FRAME_POINTER)
 
 dnl ------------------------------------------------------
+dnl If we are adding -fomit-frame-pointer (or if the compiler's doing it
+dnl for us, as GCC 4.6 and later do at many optimization levels), then
+dnl we should try to add -fasynchronous-unwind-tables so that our backtrace
+dnl code will work.
+TOR_CHECK_CFLAGS(-fasynchronous-unwind-tables)
+
+dnl ------------------------------------------------------
 dnl Where do you live, libnatpmp?  And how do we call you?
 dnl There are no packages for Debian or Redhat as of this patch
 
@@ -710,8 +729,10 @@ fi
 dnl ============================================================
 dnl Check for libseccomp
 
-AC_CHECK_HEADERS([seccomp.h])
-AC_SEARCH_LIBS(seccomp_init, [seccomp])
+if test "x$enable_seccomp" != "xno"; then
+  AC_CHECK_HEADERS([seccomp.h])
+  AC_SEARCH_LIBS(seccomp_init, [seccomp])
+fi
 
 dnl ============================================================
 dnl We need an implementation of curve25519.
@@ -870,6 +891,7 @@ AC_CHECK_HEADERS(
         sys/prctl.h \
         sys/resource.h \
         sys/socket.h \
+	sys/sysctl.h \
         sys/syslimits.h \
         sys/time.h \
         sys/types.h \
@@ -1540,10 +1562,11 @@ CPPFLAGS="$CPPFLAGS $TOR_CPPFLAGS_libevent $TOR_CPPFLAGS_openssl $TOR_CPPFLAGS_z
 AC_CONFIG_FILES([
         Doxyfile
         Makefile
-        contrib/suse/tor.sh
-        contrib/tor.logrotate
-        contrib/tor.sh
-        contrib/torctl
+        contrib/dist/suse/tor.sh
+        contrib/operator-tools/tor.logrotate
+        contrib/dist/tor.sh
+        contrib/dist/torctl
+        contrib/dist/tor.service
         src/config/torrc.sample
 ])
 
@@ -1565,6 +1588,6 @@ fi
 
 AC_OUTPUT
 
-if test -x /usr/bin/perl && test -x ./contrib/updateVersions.pl ; then
-  ./contrib/updateVersions.pl
+if test -x /usr/bin/perl && test -x ./scripts/maint/updateVersions.pl ; then
+  ./scripts/maint/updateVersions.pl
 fi