Merge branch 'master' of https://git.torproject.org/tor into bug13111-empty-key-files-fn-empty

Conflicts:
  src/or/connection_edge.c
Merged in favour of origin.

ChangeLog

@@ -1,4 +1,270 @@
-Changes in version 0.2.6.2-alpha - 2014-1?-??
+Changes in version 0.2.6.2-alpha - 2014-12-31
+  Tor 0.2.6.2-alpha is the second alpha release in the 0.2.6.x series.
+  It introduces a major new backend for deciding when to send cells on
+  channels, which should lead down the road to big performance
+  increases. It contains security and statistics features for better
+  work on hidden services, and numerous bugfixes.
+
+  This release contains many new unit tests, along with major
+  performance improvements for running testing networks using Chutney.
+  Thanks to a series of patches contributed by "teor", testing networks
+  should now bootstrap in seconds, rather than minutes.
+
+  o Major features (relay, infrastructure):
+    - Complete revision of the code that relays use to decide which cell
+      to send next. Formerly, we selected the best circuit to write on
+      each channel, but we didn't select among channels in any
+      sophisticated way. Now, we choose the best circuits globally from
+      among those whose channels are ready to deliver traffic.
+
+      This patch implements a new inter-cmux comparison API, a global
+      high/low watermark mechanism and a global scheduler loop for
+      transmission prioritization across all channels as well as among
+      circuits on one channel. This schedule is currently tuned to
+      (tolerantly) avoid making changes in network performance, but it
+      should form the basis for major circuit performance increases in
+      the future. Code by Andrea; tuning by Rob Jansen; implements
+      ticket 9262.
+
+  o Major features (hidden services):
+    - Make HS port scanning more difficult by immediately closing the
+      circuit when a user attempts to connect to a nonexistent port.
+      Closes ticket 13667.
+    - Add a HiddenServiceStatistics option that allows Tor relays to
+      gather and publish statistics about the overall size and volume of
+      hidden service usage. Specifically, when this option is turned on,
+      an HSDir will publish an approximate number of hidden services
+      that have published descriptors to it the past 24 hours. Also, if
+      a relay has acted as a hidden service rendezvous point, it will
+      publish the approximate amount of rendezvous cells it has relayed
+      the past 24 hours. The statistics themselves are obfuscated so
+      that the exact values cannot be derived. For more details see
+      proposal 238, "Better hidden service stats from Tor relays". This
+      feature is currently disabled by default. Implements feature 13192.
+
+  o Major bugfixes (client, automap):
+    - Repair automapping with IPv6 addresses. This automapping should
+      have worked previously, but one piece of debugging code that we
+      inserted to detect a regression actually caused the regression to
+      manifest itself again. Fixes bug 13811 and bug 12831; bugfix on
+      0.2.4.7-alpha. Diagnosed and fixed by Francisco Blas
+      Izquierdo Riera.
+
+  o Major bugfixes (hidden services):
+    - When closing an introduction circuit that was opened in parallel
+      with others, don't mark the introduction point as unreachable.
+      Previously, the first successful connection to an introduction
+      point would make the other introduction points get marked as
+      having timed out. Fixes bug 13698; bugfix on 0.0.6rc2.
+
+  o Directory authority changes:
+    - Remove turtles as a directory authority.
+    - Add longclaw as a new (v3) directory authority. This implements
+      ticket 13296. This keeps the directory authority count at 9.
+
+  o Major removed features:
+    - Tor clients no longer support connecting to hidden services
+      running on Tor 0.2.2.x and earlier; the Support022HiddenServices
+      option has been removed. (There shouldn't be any hidden services
+      running these versions on the network.) Closes ticket 7803.
+
+  o Minor features (client):
+    - Validate hostnames in SOCKS5 requests more strictly. If SafeSocks
+      is enabled, reject requests with IP addresses as hostnames.
+      Resolves ticket 13315.
+
+  o Minor features (controller):
+    - Add a "SIGNAL HEARTBEAT" controller command that tells Tor to
+      write an unscheduled heartbeat message to the log. Implements
+      feature 9503.
+
+  o Minor features (geoip):
+    - Update geoip and geoip6 to the November 15 2014 Maxmind GeoLite2
+      Country database.
+
+  o Minor features (hidden services):
+    - When re-enabling the network, don't try to build introduction
+      circuits until we have successfully built a circuit. This makes
+      hidden services come up faster when the network is re-enabled.
+      Patch from "akwizgran". Closes ticket 13447.
+    - When we fail to a retrieve hidden service descriptor, send the
+      controller an "HS_DESC FAILED" controller event. Implements
+      feature 13212.
+    - New HiddenServiceDirGroupReadable option to cause hidden service
+      directories and hostname files to be created group-readable. Patch
+      from "anon", David Stainton, and "meejah". Closes ticket 11291.
+
+  o Minor features (systemd):
+    - Where supported, when running with systemd, report successful
+      startup to systemd. Part of ticket 11016. Patch by Michael Scherer.
+    - When running with systemd, support systemd watchdog messages. Part
+      of ticket 11016. Patch by Michael Scherer.
+
+  o Minor features (transparent proxy):
+    - Update the transparent proxy option checks to allow for both ipfw
+      and pf on OS X. Closes ticket 14002.
+    - Use the correct option when using IPv6 with transparent proxy
+      support on Linux. Resolves 13808. Patch by Francisco Blas
+      Izquierdo Riera.
+
+  o Minor bugfixes (preventative security, C safety):
+    - When reading a hexadecimal, base-32, or base-64 encoded value from
+      a string, always overwrite the whole output buffer. This prevents
+      some bugs where we would look at (but fortunately, not reveal)
+      uninitialized memory on the stack. Fixes bug 14013; bugfix on all
+      versions of Tor.
+    - Clear all memory targetted by tor_addr_{to,from}_sockaddr(), not
+      just the part that's used. This makes it harder for data leak bugs
+      to occur in the event of other programming failures. Resolves
+      ticket 14041.
+
+  o Minor bugfixes (client, microdescriptors):
+    - Use a full 256 bits of the SHA256 digest of a microdescriptor when
+      computing which microdescriptors to download. This keeps us from
+      erroneous download behavior if two microdescriptor digests ever
+      have the same first 160 bits. Fixes part of bug 13399; bugfix
+      on 0.2.3.1-alpha.
+    - Reset a router's status if its microdescriptor digest changes,
+      even if the first 160 bits remain the same. Fixes part of bug
+      13399; bugfix on 0.2.3.1-alpha.
+
+  o Minor bugfixes (compilation):
+    - Silence clang warnings under --enable-expensive-hardening,
+      including implicit truncation of 64 bit values to 32 bit, const
+      char assignment to self, tautological compare, and additional
+      parentheses around equality tests. Fixes bug 13577; bugfix
+      on 0.2.5.4-alpha.
+    - Fix a clang warning about checking whether an address in the
+      middle of a structure is NULL. Fixes bug 14001; bugfix
+      on 0.2.1.2-alpha.
+
+  o Minor bugfixes (hidden services):
+    - Correctly send a controller event when we find that a rendezvous
+      circuit has finished. Fixes bug 13936; bugfix on 0.1.1.5-alpha.
+    - Pre-check directory permissions for new hidden-services to avoid
+      at least one case of "Bug: Acting on config options left us in a
+      broken state. Dying." Fixes bug 13942; bugfix on 0.0.6pre1.
+    - When adding a new hidden service (for example, via SETCONF), Tor
+      no longer congratulates the user for running a relay. Fixes bug
+      13941; bugfix on 0.2.6.1-alpha.
+    - When fetching hidden service descriptors, we now check not only
+      for whether we got the hidden service we had in mind, but also
+      whether we got the particular descriptors we wanted. This prevents
+      a class of inefficient but annoying DoS attacks by hidden service
+      directories. Fixes bug 13214; bugfix on 0.2.1.6-alpha. Reported
+      by "special".
+
+  o Minor bugfixes (Linux seccomp2 sandbox):
+    - Make transparent proxy support work along with the seccomp2
+      sandbox. Fixes part of bug 13808; bugfix on 0.2.5.1-alpha. Patch
+      by Francisco Blas Izquierdo Riera.
+    - Fix a memory leak in tor-resolve when running with the sandbox
+      enabled. Fixes bug 14050; bugfix on 0.2.5.9-rc.
+
+  o Minor bugfixes (logging):
+    - Downgrade warnings about RSA signature failures to info log level.
+      Emit a warning when an extra info document is found incompatible
+      with a corresponding router descriptor. Fixes bug 9812; bugfix
+      on 0.0.6rc3.
+    - Make connection_ap_handshake_attach_circuit() log the circuit ID
+      correctly. Fixes bug 13701; bugfix on 0.0.6.
+
+  o Minor bugfixes (misc):
+    - Stop allowing invalid address patterns like "*/24" that contain
+      both a wildcard address and a bit prefix length. This affects all
+      our address-range parsing code. Fixes bug 7484; bugfix
+      on 0.0.2pre14.
+
+  o Minor bugfixes (testing networks, fast startup):
+    - Allow Tor to build circuits using a consensus with no exits. If
+      the consensus has no exits (typical of a bootstrapping test
+      network), allow Tor to build circuits once enough descriptors have
+      been downloaded. This assists in bootstrapping a testing Tor
+      network. Fixes bug 13718; bugfix on 0.2.4.10-alpha. Patch
+      by "teor".
+    - When V3AuthVotingInterval is low, give a lower If-Modified-Since
+      header to directory servers. This allows us to obtain consensuses
+      promptly when the consensus interval is very short. This assists
+      in bootstrapping a testing Tor network. Fixes parts of bugs 13718
+      and 13963; bugfix on 0.2.0.3-alpha. Patch by "teor".
+    - Stop assuming that private addresses are local when checking
+      reachability in a TestingTorNetwork. Instead, when testing, assume
+      all OR connections are remote. (This is necessary due to many test
+      scenarios running all relays on localhost.) This assists in
+      bootstrapping a testing Tor network. Fixes bug 13924; bugfix on
+      0.1.0.1-rc. Patch by "teor".
+    - Avoid building exit circuits from a consensus with no exits. Now
+      thanks to our fix for 13718, we accept a no-exit network as not
+      wholly lost, but we need to remember not to try to build exit
+      circuits on it. Closes ticket 13814; patch by "teor".
+    - Stop requiring exits to have non-zero bandwithcapacity in a
+      TestingTorNetwork. Instead, when TestingMinExitFlagThreshold is 0,
+      ignore exit bandwidthcapacity. This assists in bootstrapping a
+      testing Tor network. Fixes parts of bugs 13718 and 13839; bugfix
+      on 0.2.0.3-alpha. Patch by "teor".
+    - Add "internal" to some bootstrap statuses when no exits are
+      available. If the consensus does not contain Exits, Tor will only
+      build internal circuits. In this case, relevant statuses will
+      contain the word "internal" as indicated in the Tor control-
+       spec.txt. When bootstrap completes, Tor will be ready to build
+      internal circuits. If a future consensus contains Exits, exit
+      circuits may become available. Fixes part of bug 13718; bugfix on
+      0.2.4.10-alpha. Patch by "teor".
+    - Decrease minimum consensus interval to 10 seconds when
+      TestingTorNetwork is set, or 5 seconds for the first consensus.
+      Fix assumptions throughout the code that assume larger intervals.
+      Fixes bugs 13718 and 13823; bugfix on 0.2.0.3-alpha. Patch
+      by "teor".
+    - Avoid excluding guards from path building in minimal test
+      networks, when we're in a test network and excluding guards would
+      exclude all relays. This typically occurs in incredibly small tor
+      networks, and those using "TestingAuthVoteGuard *". Fixes part of
+      bug 13718; bugfix on 0.1.1.11-alpha. Patch by "teor".
+
+  o Code simplification and refactoring:
+    - Stop using can_complete_circuits as a global variable; access it
+      with a function instead.
+    - Avoid using operators directly as macro arguments: this lets us
+      apply coccinelle transformations to our codebase more directly.
+      Closes ticket 13172.
+    - Combine the functions used to parse ClientTransportPlugin and
+      ServerTransportPlugin into a single function. Closes ticket 6456.
+    - Add inline functions and convenience macros for inspecting channel
+      state. Refactor the code to use convenience macros instead of
+      checking channel state directly. Fixes issue 7356.
+    - Document all members of was_router_added_t and rename
+      ROUTER_WAS_NOT_NEW to ROUTER_IS_ALREADY_KNOWN to make it less
+      confusable with ROUTER_WAS_TOO_OLD. Fixes issue 13644.
+    - In connection_exit_begin_conn(), use END_CIRC_REASON_TORPROTOCOL
+      constant instead of hardcoded value. Fixes issue 13840.
+    - Refactor our generic strmap and digestmap types into a single
+      implementation, so that we can add a new digest256map
+      type trivially.
+
+  o Documentation:
+    - Document the bridge-authority-only 'networkstatus-bridges' file.
+      Closes ticket 13713; patch from "tom".
+    - Fix typo in PredictedPortsRelevanceTime option description in
+      manpage. Resolves issue 13707.
+    - Stop suggesting that users specify relays by nickname: it isn't a
+      good idea. Also, properly cross-reference how to specify relays in
+      all parts of manual documenting options that take a list of
+      relays. Closes ticket 13381.
+    - Clarify the HiddenServiceDir option description in manpage to make
+      it clear that relative paths are taken with respect to the current
+      working directory. Also clarify that this behavior is not
+      guaranteed to remain indefinitely. Fixes issue 13913.
+
+  o Testing:
+    - New tests for many parts of channel, relay, and circuitmux
+      functionality. Code by Andrea; part of 9262.
+    - New tests for parse_transport_line(). Part of ticket 6456.
+    - In the unit tests, use chgrp() to change the group of the unit
+      test temporary directory to the current user, so that the sticky
+      bit doesn't interfere with tests that check directory groups.
+      Closes 13678.
+    - Add unit tests for resolve_my_addr(). Part of ticket 12376; patch
+      by 'rl1987'.
 
 
 Changes in version 0.2.6.1-alpha - 2014-10-30
@@ -193,7 +459,7 @@ Changes in version 0.2.6.1-alpha - 2014-10-30
       Browser users to write "DirReqStatistics 0" in their torrc files
       as if they had chosen to change the config. Fixes bug 4244; bugfix
       on 0.2.3.1-alpha.
-    - When GeoIPExcludeUnkonwn is enabled, do not incorrectly decide
+    - When GeoIPExcludeUnknown is enabled, do not incorrectly decide
       that our options have changed every time we SIGHUP. Fixes bug
       9801; bugfix on 0.2.4.10-alpha. Patch from "qwerty1".
 
@@ -270,7 +536,7 @@ Changes in version 0.2.6.1-alpha - 2014-10-30
       ticket 12202.
     - Refactor and unit-test entry_is_time_to_retry() in entrynodes.c.
       Resolves ticket 12205.
-    - Use calloc and reallocarray functions in preference to multiply-
+    - Use calloc and reallocarray functions instead of multiply-
       then-malloc. This makes it less likely for us to fall victim to an
       integer overflow attack when allocating. Resolves ticket 12855.
     - Use the standard macro name SIZE_MAX, instead of our
@@ -279,7 +545,7 @@ Changes in version 0.2.6.1-alpha - 2014-10-30
       functions which take them as arguments. Replace 0 with NO_DIRINFO
       in a function call for clarity. Seeks to prevent future issues
       like 13163.
-    - Avoid 4 null pointer errors under clang shallow analysis by using
+    - Avoid 4 null pointer errors under clang static analysis by using
       tor_assert() to prove that the pointers aren't null. Fixes
       bug 13284.
     - Rework the API of policies_parse_exit_policy() to use a bitmask to
@@ -295,23 +561,23 @@ Changes in version 0.2.6.1-alpha - 2014-10-30
       operating system is allowing to use simultaneously. Resolves
       ticket 9708.
 
-  o Removed code:
+  o Removed features:
     - We no longer remind the user about configuration options that have
       been obsolete since 0.2.3.x or earlier. Patch by Adrien Bak.
-
-  o Removed features:
+    - Remove our old, non-weighted bandwidth-based node selection code.
+      Previously, we used it as a fallback when we couldn't perform
+      weighted bandwidth-based node selection. But that would only
+      happen in the cases where we had no consensus, or when we had a
+      consensus generated by buggy or ancient directory authorities. In
+      either case, it's better to use the more modern, better maintained
+      algorithm, with reasonable defaults for the weights. Closes
+      ticket 13126.
     - Remove the --disable-curve25519 configure option. Relays and
       clients now are required to support curve25519 and the
       ntor handshake.
     - The old "StrictEntryNodes" and "StrictExitNodes" options, which
       used to be deprecated synonyms for "StrictNodes", are now marked
       obsolete. Resolves ticket 12226.
-    - The "AuthDirRejectUnlisted" option no longer has any effect, as
-      the fingerprints file (approved-routers) has been deprecated.
-    - Directory authorities do not support being Naming dirauths anymore.
-      The "NamingAuthoritativeDir" config option is now obsolete.
-    - Directory authorities do not support giving out the BadDirectory
-      flag anymore.
     - Clients don't understand the BadDirectory flag in the consensus
       anymore, and ignore it.
 
@@ -348,6 +614,12 @@ Changes in version 0.2.6.1-alpha - 2014-10-30
       affected by CVE-2011-2769 as guards. These relays are already
       rejected altogether due to the minimum version requirement of
       0.2.3.16-alpha. Closes ticket 13152.
+    - The "AuthDirRejectUnlisted" option no longer has any effect, as
+      the fingerprints file (approved-routers) has been deprecated.
+    - Directory authorities do not support being Naming dirauths anymore.
+      The "NamingAuthoritativeDir" config option is now obsolete.
+    - Directory authorities do not support giving out the BadDirectory
+      flag anymore.
     - Directory authorities no longer advertise or support consensus
       methods 1 through 12 inclusive. These consensus methods were
       obsolete and/or insecure: maintaining the ability to support them

LICENSE

@@ -13,7 +13,7 @@ Tor is distributed under this license:
 
 Copyright (c) 2001-2004, Roger Dingledine
 Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson
-Copyright (c) 2007-2014, The Tor Project, Inc.
+Copyright (c) 2007-2015, The Tor Project, Inc.
 
 Redistribution and use in source and binary forms, with or without
 modification, are permitted provided that the following conditions are
@@ -191,7 +191,7 @@ ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
 DATABASE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 ===============================================================================
 m4/pc_from_ucontext.m4 is available under the following license.  Note that
-it is *not* built into the Tor license.
+it is *not* built into the Tor software.
 
 Copyright (c) 2005, Google Inc.
 All rights reserved.
@@ -222,6 +222,35 @@ THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
 (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
 OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 
+===============================================================================
+m4/pkg.m4 is available under the following license.  Note that
+it is *not* built into the Tor software.
+
+pkg.m4 - Macros to locate and utilise pkg-config.            -*- Autoconf -*-
+serial 1 (pkg-config-0.24)
+
+Copyright © 2004 Scott James Remnant <scott@netsplit.com>.
+
+This program is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2 of the License, or
+(at your option) any later version.
+
+This program is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with this program; if not, write to the Free Software
+Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
+
+As a special exception to the GNU General Public License, if you
+distribute this file as part of a program that contains a
+configuration script generated by Autoconf, you may include it under
+the same distribution terms that you use for the rest of that program.
+
+
 ===============================================================================
 If you got Tor as a static binary with OpenSSL included, then you should know:
  "This product includes software developed by the OpenSSL Project

Makefile.am

@@ -1,6 +1,6 @@
 # Copyright (c) 2001-2004, Roger Dingledine
 # Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson
-# Copyright (c) 2007-2011, The Tor Project, Inc.
+# Copyright (c) 2007-2015, The Tor Project, Inc.
 # See LICENSE for licensing information
 
 # "foreign" means we don't follow GNU package layout standards
@@ -70,8 +70,17 @@ test: all
 test-network: all
 	./src/test/test-network.sh
 
+test-stem: $(TESTING_TOR_BINARY)
+	@if test -d "$$STEM_SOURCE_DIR"; then \
+		"$$STEM_SOURCE_DIR"/run_tests.py --tor $(TESTING_TOR_BINARY) --all --log notice --target RUN_ALL; \
+	else \
+		echo '$$STEM_SOURCE_DIR was not set.'; echo; \
+		echo "To run these tests, git clone https://git.torproject.org/stem.git/ ; export STEM_SOURCE_DIR=\`pwd\`/stem"; \
+	fi
+
+
 reset-gcov:
-	rm -f src/*/*.gcda
+	rm -f src/*/*.gcda src/*/*/*.gcda
 
 HTML_COVER_DIR=./coverage_html
 coverage-html: all
@@ -109,4 +118,4 @@ version:
 	fi
 
 mostlyclean-local:
-	rm -f src/*/*.gc{da,no}
+	rm -f src/*/*.gc{da,no} src/*/*/*.gc{da,no}

acinclude.m4

@@ -2,7 +2,7 @@ dnl Helper macros for Tor configure.ac
 dnl Copyright (c) 2001-2004, Roger Dingledine
 dnl Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson
 dnl Copyright (c) 2007-2008, Roger Dingledine, Nick Mathewson
-dnl Copyright (c) 2007-2014, The Tor Project, Inc.
+dnl Copyright (c) 2007-2015, The Tor Project, Inc.
 dnl See LICENSE for licensing information
 
 AC_DEFUN([TOR_EXTEND_CODEPATH],

changes/bug11791

@@ -0,0 +1,4 @@
+  o Minor features (directory, memory usage):
+    - When we have recently been under memory pressure (over 3/4 of
+      MaxMemInQueues is allocated), then allocate smaller zlib objects for
+      small requests. Closes ticket 11791.

changes/bug12509

@@ -0,0 +1,4 @@
+
+  o Minor bugfixes (automapping):
+    - Prevent changes to other optoins from removing the wildcard value "."
+      from "AutomapHostsSuffixes".

changes/bug12985

@@ -0,0 +1,5 @@
+  o Minor bugfixes (shutdown):
+    - When shutting down, always call event_del() on lingering read or
+      write events before freeing them. Otherwise, we risk double-frees
+      or read-after-frees in event_base_free(). Fixes bug 12985; bugfix on
+      0.1.0.2-rc.

changes/bug13126

@@ -1,10 +0,0 @@
-  o Code simplification and refactoring:
-
-    - Remove our old, non-weighted bandwidth-based node selection code.
-      Previously, we used it as a fallback when we couldn't perform
-      weighted bandwidth-based node selection.  But that would only
-      happen in the cases where we had no consensus, or when we had a
-      consensus generated by buggy or ancient directory authorities.  In
-      either case, it's better to use the more modern, better maintained
-      algorithm, with reasonable defaults for the weights. Closes
-      ticket 13126.

changes/bug13214

@@ -1,7 +0,0 @@
-  o Minor bugfixes (hidden services):
-    - When fetching hidden service descriptors, check not only for
-      whether we got the hidden service we had in mind, but also
-      whether we got the particular descriptors we wanted. This
-      prevents a class of inefficient but annoying DoS attacks by
-      hidden service directories. Fixes bug 13214; bugfix on
-      0.2.1.6-alpha. Reported by "special".

changes/bug13296

@@ -1,5 +0,0 @@
-  o Directory authority changes:
-    - Remove turtles as a directory authority.
-    - Add longclaw as a new (v3) directory authority. This implements
-      ticket 13296. This keeps the directory authority count at 9.
-

changes/bug13315

@@ -1,5 +0,0 @@
-  o Minor features:
-    - Validate hostnames in SOCKS5 requests more strictly. If SafeSocks
-      is enabled, reject requests with IP addresses as hostnames. Resolves
-      ticket 13315.
-

changes/bug13399

@@ -1,12 +0,0 @@
-  o Minor bugfixes:
-    - Use a full 256 bits of the SHA256 digest of a microdescriptor when
-      computing which microdescriptors to download.  This keeps us from
-      erroneous download behavior if two microdescriptor digests ever have
-      the same first 160 bits. Fixes part of bug 13399; bugfix on
-      0.2.3.1-alpha.
-
-    - Reset a router's status if its microdescriptor digest changes,
-      even if the first 160 bits remain the same.  Fixes part of bug
-      13399; bugfix on 0.2.3.1-alpha.
-
-

changes/bug13399_part1

@@ -1,3 +0,0 @@
-  o Code simplifications and refactoring:
-    - Refactor our generic strmap and digestmap types into a single
-      implementation, so that we can add a new digest256map type trivially.

changes/bug13447

@@ -1,5 +0,0 @@
-  o Minor feature:
-    - When re-enabling the network, don't try to build introduction circuits
-      until we have successfully built a circuit.  This makes hidden services
-      come up faster when the network is re-enabled. Patch from
-      "akwizgran". Closes ticket 13447.

changes/bug13644

@@ -1,4 +0,0 @@
-  o Code simplifications and refactoring:
-    - Document all members of was_router_added_t enum and rename 
-      ROUTER_WAS_NOT_NEW to ROUTER_IS_ALREADY_KNOWN to make it less
-      confusable with ROUTER_WAS_TOO_OLD. Fixes issue 13644.

changes/bug13661

@@ -0,0 +1,6 @@
+  o Minor bugfixes:
+
+    - Support two-number and three-number version numbers correctly, in
+      case we change the Tor versioning system in the future.  Fixes bug
+      13661; bugfix on 0.0.8pre1.
+

changes/bug13678

@@ -1,6 +0,0 @@
-
-  o Testing:
-    - In the unit tests, use 'chgrp' to change the group of the unit test
-      temporary directory to the current user, so that the sticky bit doesn't
-      interfere with tests that check directory groups. Closes 13678.
-

changes/bug13698

@@ -1,6 +0,0 @@
-  o Major bugfixes:
-    - When closing an introduction circuit that was opened in
-      parallel, don't mark the introduction point as
-      unreachable. Previously, the first successful connection to an
-      introduction point would make the other uintroduction points get
-      marked as having timed out. Fixes bug 13698; bugfix on 0.0.6rc2.

changes/bug13701

@@ -1,4 +0,0 @@
-  o Minor bugfixes (logging):
-    - Log the circuit identifier correctly in
-      connection_ap_handshake_attach_circuit().  Fixes bug 13701;
-      bugfix on 0.0.6.

changes/bug13707

@@ -1,4 +0,0 @@
-  o Documentation:
-    - Fix typo in PredictedPortsRelevanceTime option description in 
-      manpage. Resolves issue 13707.
-

changes/bug13713

@@ -1,3 +0,0 @@
-  o Documentation:
-    - Document the bridge-authority-only 'networkstatus-bridges'
-      file. Closes ticket 13713; patch from "tom".

changes/bug13840

@@ -1,3 +0,0 @@
-  o Code simplifications and refactoring:
-    - In connection_exit_begin_conn(), use END_CIRC_REASON_TORPROTOCOL
-      constant instead of hardcoded value. Fixes issue 13840.

changes/bug13941

@@ -1,6 +0,0 @@
-  o Minor bugfixes (hidden services):
-    - When adding a new hidden-service (for example, via SETCONF) Tor
-      no longer logs a congratulations for running a relay. Fixes bug
-      13941; bugfix on 0.2.6.1-alpha.
-
-

changes/bug13942

@@ -1,5 +0,0 @@
-  o Minor bugfixes (hidden services):
-    - Pre-check directory permissions for new hidden-services to avoid
-      at least one case of "Bug: Acting on config options left us in a
-      broken state. Dying." Fixes bug 13942.
-

changes/bug13988

@@ -0,0 +1,3 @@
+  o Minor bugfixes (statistics):
+    - Increase period over which bandwidth observations are aggregated
+      from 15 minutes to 4 hours. Fixes bug 13988; bugfix on 0.0.8pre1.

changes/bug14072

@@ -0,0 +1,3 @@
+  o Minor bugfixes (build):
+    - Avoid warnings when building with systemd 209 or later.
+      Fixes bug 14072; bugfix on 0.2.6.2-alpha. Patch from "h.venev".

changes/bug14106

@@ -0,0 +1,4 @@
+  o Minor bugfixes (hidden services):
+    - Successfully launch Tor with a nonexistent hidden service directory.
+      Our fix for bug 13942 didn't catch this case. Fixes bug 14106;
+      bugfix on 0.2.6.2-alpha.

changes/bug14116_025

@@ -0,0 +1,3 @@
+  o Minor bugfixes (controller):
+    - Avoid crashing on a malformed EXTENDCIRCUIT command. Fixes bug 14116;
+      bugfix on 0.2.2.9-alpha.

changes/bug14123

@@ -0,0 +1,4 @@
+  o Minor bugfixes (small memory leaks):
+    - Avoid leaking memory when using IPv6 virtual address mappings.
+      Fixes bug 14123; bugfix on 0.2.4.7-alpha. Patch by Tom van der
+      Woerdt.

changes/bug14125

@@ -0,0 +1,5 @@
+  o Minor bugfixes (dirauth):
+    - Enlarge the buffer to read bw-auth generated files to avoid an
+      issue when parsing the file in dirserv_read_measured_bandwidths().
+      Bugfix on 0.2.2.1-alpha, fixes #14125.
+

changes/bug7484

@@ -1,4 +0,0 @@
-  o Minor bugfixes:
-    - Stop allowing invalid address patterns containing both a wildcard
-      address and a bit prefix length. This affects all our
-      address-range parsing code. Fixes bug 7484; bugfix on 0.0.2pre14.

changes/bug7803

@@ -1,5 +0,0 @@
-  o Removed features:
-    - Tor clients no longer support connecting to hidden services running on
-      Tor 0.2.2.x and earlier; the Support022HiddenServices option has been
-      removed.  (There shouldn't be any hidden services running these
-      versions on the network.)

changes/bug9286

@@ -0,0 +1,4 @@
+  o Minor bugfixes (parsing):
+    - Stop accepting milliseconds (or other junk) at the end of
+      descriptor publication times. Fixes bug 9286; bugfix on
+      0.0.2pre25.

changes/bug9812

@@ -1,6 +0,0 @@
-  o Minor bugfixes (logging):
-    - Downgrade warnings about RSA signature failures to info log
-      level. Emit a warning when extra info document is found 
-      incompatible with a corresponding router descriptor. Fixes bug
-      9812; bugfix on 0.0.6rc3.
-

changes/doc13381

@@ -1,5 +0,0 @@
-  o Documentation:
-    - Stop suggesting that users specify nodes by nickname: it isn't a
-      good idea. Also, properly cross-reference how to specify nodes
-      in all parts of the manual for options that take a list of
-      nodes. Closes ticket 13381.

changes/feature10067

@@ -0,0 +1,12 @@
+  o Major features (changed defaults):
+    - Prevent relay operators from unintentionally running exits: When
+      a relay is configured as an exit node, we now warn the user
+      unless the 'ExitRelay' option is set to 1. We warn even more
+      loudly if the relay is configured with the default exit policy,
+      since this tends to indicate accidental misconfiguration.
+      Setting 'ExitRelay' to 0 stops Tor from running as an exit relay.
+      Closes ticket 10067.
+
+  o Removed features:
+    - To avoid confusion with the 'ExitRelay' option, 'ExitNode' is no
+      longer silently accepted as an alias for 'ExitNodes'.

changes/feature13212

@@ -1,4 +0,0 @@
-  o Minor features (hidden services):
-    - Inform Tor controller about nature of failure to retrieve
-      hidden service descriptor by sending reason string with HS_DESC
-      FAILED controller event. Implements feature 13212.

changes/feature9503

@@ -1,4 +0,0 @@
-  o Minor features (controller):
-    - Add a "SIGNAL HEARTBEAT" Tor controller command that provokes
-      writing unscheduled heartbeat message to the log. Implements
-      feature 9503.

changes/fix-test-cmdline-args

@@ -0,0 +1,4 @@
+  o Testing:
+    - Make the test_cmdline_args.py script work correctly on Windows.
+      Patch from Gisle Vanem.
+      

changes/geoip-november2014

@@ -1,3 +0,0 @@
-  o Minor features:
-    - Update geoip to the November 15 2014 Maxmind GeoLite2 Country database.
-

changes/geoip6-november2014

@@ -1,3 +0,0 @@
-  o Minor features:
-    - Update geoip6 to the November 15 2014 Maxmind GeoLite2 Country database.
-

changes/global_scheduler

@@ -1,12 +0,0 @@
- o Major features (relay, infrastructure):
-   - Implement a new inter-cmux comparison API, a global high/low watermark
-     mechanism and a global scheduler loop for transmission prioritization
-     across all channels as well as among circuits on one channel. This
-     schedule is currently tuned to (tolerantly) avoid making changes
-     in the current network performance, but it should form the basis
-     major circuit performance increases.  Code by Andrea; implements
-     ticket 9262.
-
- o Testing:
-   - New tests for many parts of channel, relay, and circuit mux
-     functionality.  Code by Andrea; part of 9262.

changes/no_global_ccc

@@ -1,3 +0,0 @@
-  o Code Simplification and Refactoring:
-    - Stop using can_complete_circuits as a global variable; access it with
-      a function instead.

changes/spurious-clang-warnings

@@ -1,10 +0,0 @@
-  o Minor bugfixes:
-    - Silence clang warnings under --enable-expensive-hardening, including:
-        + implicit truncation of 64 bit values to 32 bit;
-        + const char assignment to self;
-        + tautological compare; and
-        + additional parentheses around equality tests. (gcc uses these to
-          silence assignment, so clang warns when they're present in an
-          equality test. But we need to use extra parentheses in macros to
-          isolate them from other code).
-      Fixes bug 13577.

changes/ticket-11291

@@ -1,4 +0,0 @@
-  o Minor features (hidden services):
-    - New HiddenServiceDirGroupReadable option to cause hidden service
-      directories and hostname files to be created group-readable.
-      Patch from "anon", David Stainton, and "meejah".

changes/ticket13172

@@ -1,4 +0,0 @@
-  o Code simplification and refactoring:
-    - Avoid using operators directly as macro arguments: this lets us
-      apply coccinelle transformations to our codebase more
-      directly. Closes ticket 13172.

changes/ticket14107

@@ -0,0 +1,6 @@
+  o Testing:
+
+    - New "make test-stem" target to run stem integration tests.
+      Requires that the "STEM_SOURCE_DIR" environment variable be set.
+      Closes ticket 14107.
+

changes/ticket14128

@@ -0,0 +1,5 @@
+  o Minor features (controller):
+    - New "GETINFO bw-event-cache" to get information about recent bandwidth
+      events. Closes ticket 14128. Useful for controllers to get recent
+      bandwidth history after the fix for 13988.
+

changes/tickets6456

@@ -1,6 +0,0 @@
-  o Code simplification and refactoring:
-    - Combine the functions used to parse ClientTransportPlugin and
-      ServerTransportPlugin into a single function. Closes ticket 6456.
-
-  o Testing:
-    - New tests for parse_transport_line(). Part of ticket 6456.

configure.ac

@@ -1,9 +1,9 @@
 dnl Copyright (c) 2001-2004, Roger Dingledine
 dnl Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson
-dnl Copyright (c) 2007-2014, The Tor Project, Inc.
+dnl Copyright (c) 2007-2015, The Tor Project, Inc.
 dnl See LICENSE for licensing information
 
-AC_INIT([tor],[0.2.6.1-alpha-dev])
+AC_INIT([tor],[0.2.6.2-alpha-dev])
 AC_CONFIG_SRCDIR([src/or/main.c])
 AC_CONFIG_MACRO_DIR([m4])
 AM_INIT_AUTOMAKE
@@ -12,6 +12,8 @@ AC_CONFIG_HEADERS([orconfig.h])
 
 AC_CANONICAL_HOST
 
+PKG_PROG_PKG_CONFIG
+
 if test -f /etc/redhat-release ; then
   if test -f /usr/kerberos/include ; then
     CPPFLAGS="$CPPFLAGS -I/usr/kerberos/include"
@@ -105,6 +107,58 @@ AC_ARG_ENABLE(upnp,
         * ) AC_MSG_ERROR(bad value for --enable-upnp) ;;
       esac], [upnp=false])
 
+# systemd notify support
+AC_ARG_ENABLE(systemd,
+      AS_HELP_STRING(--enable-systemd, enable systemd notification support),
+      [case "${enableval}" in
+        yes) systemd=true ;;
+        no)  systemd=false ;;
+        * ) AC_MSG_ERROR(bad value for --enable-systemd) ;;
+      esac], [systemd=auto])
+
+
+
+# systemd support
+if test x$enable_systemd = xfalse ; then
+    have_systemd=no;
+else
+    PKG_CHECK_MODULES(SYSTEMD,
+        [libsystemd-daemon],
+        have_systemd=yes,
+        have_systemd=no)
+fi
+
+if test x$have_systemd = xyes; then
+    AC_DEFINE(HAVE_SYSTEMD,1,[Have systemd])
+    CFLAGS="${CFLAGS} ${SYSTEMD_CFLAGS}"
+    TOR_SYSTEMD_LIBS="${SYSTEMD_LIBS}"
+fi
+AC_SUBST(TOR_SYSTEMD_LIBS)
+
+if test x$enable_systemd = xyes -a x$have_systemd != xyes ; then
+    AC_MSG_ERROR([Explicitly requested systemd support, but systemd not found])
+fi
+
+AC_ARG_ENABLE(threads,
+     AS_HELP_STRING(--disable-threads, disable multi-threading support))
+
+if test x$enable_threads = x; then
+   case $host in
+    *-*-solaris* )
+     # Don't try multithreading on solaris -- cpuworkers seem to lock.
+     AC_MSG_NOTICE([You are running Solaris; Sometimes threading makes
+cpu workers lock up here, so I will disable threads.])
+     enable_threads="no";;
+    *)
+     enable_threads="yes";;
+   esac
+fi
+
+ifdef([HAVE_SYSTEMD], [
+AC_SEARCH_LIBS([sd_watchdog_enabled], [systemd-daemon],
+    [AC_DEFINE(HAVE_SYSTEMD_209,1,[Have systemd v209 or more])], [])
+])
+
 case $host in
    *-*-solaris* )
      AC_DEFINE(_REENTRANT, 1, [Define on some platforms to activate x_r() functions in time.h])
@@ -618,7 +672,7 @@ dnl since sometimes the linker will like an option but not be willing to
 dnl use it with a build of a library.
 
 all_ldflags_for_check="$TOR_LDFLAGS_zlib $TOR_LDFLAGS_openssl $TOR_LDFLAGS_libevent"
-all_libs_for_check="$TOR_ZLIB_LIBS $TOR_LIB_MATH $TOR_LIBEVENT_LIBS $TOR_OPENSSL_LIBS $TOR_LIB_WS32 $TOR_LIB_GDI"
+all_libs_for_check="$TOR_ZLIB_LIBS $TOR_LIB_MATH $TOR_LIBEVENT_LIBS $TOR_OPENSSL_LIBS $TOR_SYSTEMD_LIBS $TOR_LIB_WS32 $TOR_LIB_GDI"
 
 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([], [
 #if !defined(__clang__)
@@ -937,6 +991,14 @@ AC_CHECK_HEADERS(net/pfvar.h, net_pfvar_found=1, net_pfvar_found=0,
 #ifdef HAVE_NET_IF_H
 #include <net/if.h>
 #endif])
+
+AC_CHECK_HEADERS(linux/if.h,[],[],
+[
+#ifdef HAVE_SYS_SOCKET_H
+#include <sys/socket.h>
+#endif
+])
+
 AC_CHECK_HEADERS(linux/netfilter_ipv4.h,
         linux_netfilter_ipv4=1, linux_netfilter_ipv4=0,
 [#ifdef HAVE_SYS_TYPES_H
@@ -958,6 +1020,30 @@ AC_CHECK_HEADERS(linux/netfilter_ipv4.h,
 #include <netinet/in.h>
 #endif])
 
+AC_CHECK_HEADERS(linux/netfilter_ipv6/ip6_tables.h,
+        linux_netfilter_ipv6_ip6_tables=1, linux_netfilter_ipv6_ip6_tables=0,
+[#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+#ifdef HAVE_SYS_SOCKET_H
+#include <sys/socket.h>
+#endif
+#ifdef HAVE_LIMITS_H
+#include <limits.h>
+#endif
+#ifdef HAVE_LINUX_TYPES_H
+#include <linux/types.h>
+#endif
+#ifdef HAVE_NETINET_IN6_H
+#include <netinet/in6.h>
+#endif
+#ifdef HAVE_NETINET_IN_H
+#include <netinet/in.h>
+#endif
+#ifdef HAVE_LINUX_IF_H
+#include <linux/if.h>
+#endif])
+
 if test x$transparent = xtrue ; then
    transparent_ok=0
    if test x$net_if_found = x1 && test x$net_pfvar_found = x1 ; then
@@ -966,6 +1052,9 @@ if test x$transparent = xtrue ; then
    if test x$linux_netfilter_ipv4 = x1 ; then
      transparent_ok=1
    fi
+   if test x$linux_netfilter_ipv6_ip6_tables = x1 ; then
+     transparent_ok=1
+   fi
    if test x$transparent_ok = x1 ; then
      AC_DEFINE(USE_TRANSPARENT, 1, "Define to enable transparent proxy support")
      case $host in
@@ -1454,10 +1543,9 @@ fi
 if test "$GCC" = yes; then
   # Disable GCC's strict aliasing checks.  They are an hours-to-debug
   # accident waiting to happen.
-  CFLAGS="$CFLAGS -Wall -fno-strict-aliasing"
+  CFLAGS="$CFLAGS -Wall -fno-strict-aliasing -g -O2"
 else
-  # Autoconf sets -g -O2 by default. Override optimization level
-  # for non-gcc compilers
+  # Override optimization level for non-gcc compilers
   CFLAGS="$CFLAGS -O"
   enable_gcc_warnings=no
   enable_gcc_warnings_advisory=no

contrib/win32build/tor-mingw.nsi.in

@@ -8,7 +8,7 @@
 !include "LogicLib.nsh"
 !include "FileFunc.nsh"
 !insertmacro GetParameters
-!define VERSION "0.2.6.1-alpha-dev"
+!define VERSION "0.2.6.2-alpha-dev"
 !define INSTALLER "tor-${VERSION}-win32.exe"
 !define WEBSITE "https://www.torproject.org/"
 !define LICENSE "LICENSE"

doc/tor.1.txt

@@ -1469,6 +1469,19 @@ is non-zero):
     that it's an email address and/or generate a new address for this
     purpose.
 
+[[ExitRelay]] **ExitRelay** **0**|**1**|**auto**::
+    Tells Tor whether to run as an exit relay.  If Tor is running as a
+    non-bridge server, and ExitRelay is set to 1, then Tor allows traffic to
+    exit according to the ExitPolicy option (or the default ExitPolicy if
+    none is specified).
+ +
+    If ExitRelay is set to 0, no traffic is allowed to
+    exit, and the ExitPolicy option is ignored. +
+ +
+    If ExitRelay is set to "auto", then Tor behaves as if it were set to 1, but
+    warns the user if this would cause traffic to exit.  In a future version,
+    the default value will be 0. (Default: auto)
+
 [[ExitPolicy]] **ExitPolicy** __policy__,__policy__,__...__::
     Set an exit policy for this server. Each policy is of the form
     "**accept**|**reject** __ADDR__[/__MASK__][:__PORT__]". If /__MASK__ is
@@ -1764,6 +1777,13 @@ is non-zero):
     When this option is enabled, Tor writes statistics on the bidirectional use
     of connections to disk every 24 hours. (Default: 0)
 
+[[HiddenServiceStatistics]] **HiddenServiceStatistics** **0**|**1**::
+    When this option is enabled, a Tor relay writes obfuscated
+    statistics on its role as hidden-service directory, introduction
+    point, or rendezvous point to disk every 24 hours. If
+    ExtraInfoStatistics is also enabled, these statistics are further
+    published to the directory authorities. (Default: 0)
+
 [[ExtraInfoStatistics]] **ExtraInfoStatistics** **0**|**1**::
     When this option is enabled, Tor includes previously gathered statistics in
     its extra-info documents that it uploads to the directory authorities.
@@ -2025,6 +2045,11 @@ The following options are used to configure a hidden service.
     Store data files for a hidden service in DIRECTORY. Every hidden service
     must have a separate directory. You may use this option  multiple times to
     specify multiple services. DIRECTORY must be an existing directory.
+    (Note: in current versions of Tor, if DIRECTORY is a relative path,
+    it will be relative to current
+    working directory of Tor instance, not to its DataDirectory.  Do not
+    rely on this behavior; it is not guaranteed to remain the same in future
+    versions.)
 
 [[HiddenServicePort]] **HiddenServicePort** __VIRTPORT__ [__TARGET__]::
     Configure a virtual port VIRTPORT for a hidden service. You may use this

m4/pkg.m4

@@ -0,0 +1,214 @@
+# pkg.m4 - Macros to locate and utilise pkg-config.            -*- Autoconf -*-
+# serial 1 (pkg-config-0.24)
+# 
+# Copyright © 2004 Scott James Remnant <scott@netsplit.com>.
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
+#
+# As a special exception to the GNU General Public License, if you
+# distribute this file as part of a program that contains a
+# configuration script generated by Autoconf, you may include it under
+# the same distribution terms that you use for the rest of that program.
+
+# PKG_PROG_PKG_CONFIG([MIN-VERSION])
+# ----------------------------------
+AC_DEFUN([PKG_PROG_PKG_CONFIG],
+[m4_pattern_forbid([^_?PKG_[A-Z_]+$])
+m4_pattern_allow([^PKG_CONFIG(_(PATH|LIBDIR|SYSROOT_DIR|ALLOW_SYSTEM_(CFLAGS|LIBS)))?$])
+m4_pattern_allow([^PKG_CONFIG_(DISABLE_UNINSTALLED|TOP_BUILD_DIR|DEBUG_SPEW)$])
+AC_ARG_VAR([PKG_CONFIG], [path to pkg-config utility])
+AC_ARG_VAR([PKG_CONFIG_PATH], [directories to add to pkg-config's search path])
+AC_ARG_VAR([PKG_CONFIG_LIBDIR], [path overriding pkg-config's built-in search path])
+
+if test "x$ac_cv_env_PKG_CONFIG_set" != "xset"; then
+	AC_PATH_TOOL([PKG_CONFIG], [pkg-config])
+fi
+if test -n "$PKG_CONFIG"; then
+	_pkg_min_version=m4_default([$1], [0.9.0])
+	AC_MSG_CHECKING([pkg-config is at least version $_pkg_min_version])
+	if $PKG_CONFIG --atleast-pkgconfig-version $_pkg_min_version; then
+		AC_MSG_RESULT([yes])
+	else
+		AC_MSG_RESULT([no])
+		PKG_CONFIG=""
+	fi
+fi[]dnl
+])# PKG_PROG_PKG_CONFIG
+
+# PKG_CHECK_EXISTS(MODULES, [ACTION-IF-FOUND], [ACTION-IF-NOT-FOUND])
+#
+# Check to see whether a particular set of modules exists.  Similar
+# to PKG_CHECK_MODULES(), but does not set variables or print errors.
+#
+# Please remember that m4 expands AC_REQUIRE([PKG_PROG_PKG_CONFIG])
+# only at the first occurence in configure.ac, so if the first place
+# it's called might be skipped (such as if it is within an "if", you
+# have to call PKG_CHECK_EXISTS manually
+# --------------------------------------------------------------
+AC_DEFUN([PKG_CHECK_EXISTS],
+[AC_REQUIRE([PKG_PROG_PKG_CONFIG])dnl
+if test -n "$PKG_CONFIG" && \
+    AC_RUN_LOG([$PKG_CONFIG --exists --print-errors "$1"]); then
+  m4_default([$2], [:])
+m4_ifvaln([$3], [else
+  $3])dnl
+fi])
+
+# _PKG_CONFIG([VARIABLE], [COMMAND], [MODULES])
+# ---------------------------------------------
+m4_define([_PKG_CONFIG],
+[if test -n "$$1"; then
+    pkg_cv_[]$1="$$1"
+ elif test -n "$PKG_CONFIG"; then
+    PKG_CHECK_EXISTS([$3],
+                     [pkg_cv_[]$1=`$PKG_CONFIG --[]$2 "$3" 2>/dev/null`
+		      test "x$?" != "x0" && pkg_failed=yes ],
+		     [pkg_failed=yes])
+ else
+    pkg_failed=untried
+fi[]dnl
+])# _PKG_CONFIG
+
+# _PKG_SHORT_ERRORS_SUPPORTED
+# -----------------------------
+AC_DEFUN([_PKG_SHORT_ERRORS_SUPPORTED],
+[AC_REQUIRE([PKG_PROG_PKG_CONFIG])
+if $PKG_CONFIG --atleast-pkgconfig-version 0.20; then
+        _pkg_short_errors_supported=yes
+else
+        _pkg_short_errors_supported=no
+fi[]dnl
+])# _PKG_SHORT_ERRORS_SUPPORTED
+
+
+# PKG_CHECK_MODULES(VARIABLE-PREFIX, MODULES, [ACTION-IF-FOUND],
+# [ACTION-IF-NOT-FOUND])
+#
+#
+# Note that if there is a possibility the first call to
+# PKG_CHECK_MODULES might not happen, you should be sure to include an
+# explicit call to PKG_PROG_PKG_CONFIG in your configure.ac
+#
+#
+# --------------------------------------------------------------
+AC_DEFUN([PKG_CHECK_MODULES],
+[AC_REQUIRE([PKG_PROG_PKG_CONFIG])dnl
+AC_ARG_VAR([$1][_CFLAGS], [C compiler flags for $1, overriding pkg-config])dnl
+AC_ARG_VAR([$1][_LIBS], [linker flags for $1, overriding pkg-config])dnl
+
+pkg_failed=no
+AC_MSG_CHECKING([for $1])
+
+_PKG_CONFIG([$1][_CFLAGS], [cflags], [$2])
+_PKG_CONFIG([$1][_LIBS], [libs], [$2])
+
+m4_define([_PKG_TEXT], [Alternatively, you may set the environment variables $1[]_CFLAGS
+and $1[]_LIBS to avoid the need to call pkg-config.
+See the pkg-config man page for more details.])
+
+if test $pkg_failed = yes; then
+   	AC_MSG_RESULT([no])
+        _PKG_SHORT_ERRORS_SUPPORTED
+        if test $_pkg_short_errors_supported = yes; then
+	        $1[]_PKG_ERRORS=`$PKG_CONFIG --short-errors --print-errors --cflags --libs "$2" 2>&1`
+        else 
+	        $1[]_PKG_ERRORS=`$PKG_CONFIG --print-errors --cflags --libs "$2" 2>&1`
+        fi
+	# Put the nasty error message in config.log where it belongs
+	echo "$$1[]_PKG_ERRORS" >&AS_MESSAGE_LOG_FD
+
+	m4_default([$4], [AC_MSG_ERROR(
+[Package requirements ($2) were not met:
+
+$$1_PKG_ERRORS
+
+Consider adjusting the PKG_CONFIG_PATH environment variable if you
+installed software in a non-standard prefix.
+
+_PKG_TEXT])[]dnl
+        ])
+elif test $pkg_failed = untried; then
+     	AC_MSG_RESULT([no])
+	m4_default([$4], [AC_MSG_FAILURE(
+[The pkg-config script could not be found or is too old.  Make sure it
+is in your PATH or set the PKG_CONFIG environment variable to the full
+path to pkg-config.
+
+_PKG_TEXT
+
+To get pkg-config, see <http://pkg-config.freedesktop.org/>.])[]dnl
+        ])
+else
+	$1[]_CFLAGS=$pkg_cv_[]$1[]_CFLAGS
+	$1[]_LIBS=$pkg_cv_[]$1[]_LIBS
+        AC_MSG_RESULT([yes])
+	$3
+fi[]dnl
+])# PKG_CHECK_MODULES
+
+
+# PKG_INSTALLDIR(DIRECTORY)
+# -------------------------
+# Substitutes the variable pkgconfigdir as the location where a module
+# should install pkg-config .pc files. By default the directory is
+# $libdir/pkgconfig, but the default can be changed by passing
+# DIRECTORY. The user can override through the --with-pkgconfigdir
+# parameter.
+AC_DEFUN([PKG_INSTALLDIR],
+[m4_pushdef([pkg_default], [m4_default([$1], ['${libdir}/pkgconfig'])])
+m4_pushdef([pkg_description],
+    [pkg-config installation directory @<:@]pkg_default[@:>@])
+AC_ARG_WITH([pkgconfigdir],
+    [AS_HELP_STRING([--with-pkgconfigdir], pkg_description)],,
+    [with_pkgconfigdir=]pkg_default)
+AC_SUBST([pkgconfigdir], [$with_pkgconfigdir])
+m4_popdef([pkg_default])
+m4_popdef([pkg_description])
+]) dnl PKG_INSTALLDIR
+
+
+# PKG_NOARCH_INSTALLDIR(DIRECTORY)
+# -------------------------
+# Substitutes the variable noarch_pkgconfigdir as the location where a
+# module should install arch-independent pkg-config .pc files. By
+# default the directory is $datadir/pkgconfig, but the default can be
+# changed by passing DIRECTORY. The user can override through the
+# --with-noarch-pkgconfigdir parameter.
+AC_DEFUN([PKG_NOARCH_INSTALLDIR],
+[m4_pushdef([pkg_default], [m4_default([$1], ['${datadir}/pkgconfig'])])
+m4_pushdef([pkg_description],
+    [pkg-config arch-independent installation directory @<:@]pkg_default[@:>@])
+AC_ARG_WITH([noarch-pkgconfigdir],
+    [AS_HELP_STRING([--with-noarch-pkgconfigdir], pkg_description)],,
+    [with_noarch_pkgconfigdir=]pkg_default)
+AC_SUBST([noarch_pkgconfigdir], [$with_noarch_pkgconfigdir])
+m4_popdef([pkg_default])
+m4_popdef([pkg_description])
+]) dnl PKG_NOARCH_INSTALLDIR
+
+
+# PKG_CHECK_VAR(VARIABLE, MODULE, CONFIG-VARIABLE,
+# [ACTION-IF-FOUND], [ACTION-IF-NOT-FOUND])
+# -------------------------------------------
+# Retrieves the value of the pkg-config variable for the given module.
+AC_DEFUN([PKG_CHECK_VAR],
+[AC_REQUIRE([PKG_PROG_PKG_CONFIG])dnl
+AC_ARG_VAR([$1], [value of $3 for $2, overriding pkg-config])dnl
+
+_PKG_CONFIG([$1], [variable="][$3]["], [$2])
+AS_VAR_COPY([$1], [pkg_cv_][$1])
+
+AS_VAR_IF([$1], [""], [$5], [$4])dnl
+])# PKG_CHECK_VAR

scripts/codegen/gen_server_ciphers.py

@@ -1,5 +1,5 @@
 #!/usr/bin/python
-# Copyright 2014, The Tor Project, Inc
+# Copyright 2014-2015, The Tor Project, Inc
 # See LICENSE for licensing information
 
 # This script parses openssl headers to find ciphersuite names, determines

scripts/codegen/get_mozilla_ciphers.py

@@ -1,6 +1,6 @@
 #!/usr/bin/python
 # coding=utf-8
-# Copyright 2011, The Tor Project, Inc
+# Copyright 2011-2015, The Tor Project, Inc
 # original version by Arturo Filastò
 # See LICENSE for licensing information
 

scripts/codegen/makedesc.py

@@ -1,5 +1,5 @@
 #!/usr/bin/python
-# Copyright 2014, The Tor Project, Inc.
+# Copyright 2014-2015, The Tor Project, Inc.
 # See LICENSE for license information
 
 # This is a kludgey python script that uses ctypes and openssl to sign

scripts/maint/format_changelog.py

@@ -1,5 +1,5 @@
 #!/usr/bin/python
-# Copyright (c) 2014, The Tor Project, Inc.
+# Copyright (c) 2014-2015, The Tor Project, Inc.
 # See LICENSE for licensing information
 #
 # This script reformats a section of the changelog to wrap everything to

scripts/maint/lintChanges.py

@@ -0,0 +1,52 @@
+#!/usr/bin/python
+
+import sys
+import re
+
+
+
+def lintfile(fname):
+    have_warned = []
+    def warn(s):
+        if not have_warned:
+            have_warned.append(1)
+            print fname,":"
+        print "\t",s
+
+    m = re.search(r'(\d{3,})', fname)
+    if m:
+        bugnum = m.group(1)
+    else:
+        bugnum = None
+
+    with open(fname) as f:
+        contents = f.read()
+
+    if bugnum and bugnum not in contents:
+        warn("bug number %s does not appear"%bugnum)
+
+    lines = contents.split("\n")
+    isBug = ("bug" in lines[0] or "fix" in lines[0])
+
+    if not re.match(r'^ +o (.*)', contents):
+        warn("header not in format expected")
+
+    contents = " ".join(contents.split())
+
+    if isBug and not re.search(r'(\d+)', contents):
+        warn("bugfix does not mention a number")
+    elif isBug and not re.search(r'Fixes ([a-z ]*)bug (\d+)', contents):
+        warn("bugfix does not say 'Fixes bug XXX'")
+
+    if re.search(r'[bB]ug (\d+)', contents):
+        if not re.search(r'[Bb]ugfix on ', contents):
+            warn("bugfix does not say 'bugfix on X.Y.Z'")
+        elif not re.search('[fF]ixes ([a-z ]*)bug (\d+); bugfix on ', contents):
+            warn("bugfix incant is not semicoloned")
+
+
+if __name__=='__main__':
+    for fname in sys.argv[1:]:
+        if fname.endswith("~"):
+            continue
+        lintfile(fname)

scripts/maint/redox.py

@@ -1,6 +1,6 @@
 #!/usr/bin/python
 #
-#  Copyright (c) 2008-2013, The Tor Project, Inc.
+#  Copyright (c) 2008-2015, The Tor Project, Inc.
 #  See LICENSE for licensing information.
 #
 # Hi!

scripts/maint/sortChanges.py

@@ -1,5 +1,5 @@
 #!/usr/bin/python
-# Copyright (c) 2014, The Tor Project, Inc.
+# Copyright (c) 2014-2015, The Tor Project, Inc.
 # See LICENSE for licensing information
 
 """This script sorts a bunch of changes files listed on its command
@@ -18,10 +18,10 @@ def fetch(fn):
         s = "%s\n" % s.rstrip()
         return s
 
-def score(s):
+def score(s,fname=None):
     m = re.match(r'^ +o (.*)', s)
     if not m:
-        print >>sys.stderr, "Can't score %r"%s
+        print >>sys.stderr, "Can't score %r from %s"%(s,fname)
     lw = m.group(1).lower()
     if lw.startswith("major feature"):
         score = 0
@@ -41,7 +41,7 @@ def score(s):
     return (score,  lw, s)
 
 
-changes = [ score(fetch(fn)) for fn in sys.argv[1:] if not fn.endswith('~') ]
+changes = [ score(fetch(fn),fn) for fn in sys.argv[1:] if not fn.endswith('~') ]
 
 changes.sort()
 

scripts/maint/updateCopyright.pl

@@ -0,0 +1,7 @@
+#!/usr/bin/perl -i -w -p
+
+$NEWYEAR=2015;
+
+s/Copyright(.*) (201[^5]), The Tor Project/Copyright$1 $2-${NEWYEAR}, The Tor Project/;
+
+s/Copyright(.*)-(20..), The Tor Project/Copyright$1-${NEWYEAR}, The Tor Project/;

src/common/address.c

@@ -1,6 +1,6 @@
 /* Copyright (c) 2003-2004, Roger Dingledine
  * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
- * Copyright (c) 2007-2014, The Tor Project, Inc. */
+ * Copyright (c) 2007-2015, The Tor Project, Inc. */
 /* See LICENSE for licensing information */
 
 /**
@@ -89,13 +89,14 @@ tor_addr_to_sockaddr(const tor_addr_t *a,
                      struct sockaddr *sa_out,
                      socklen_t len)
 {
+  memset(sa_out, 0, len);
+
   sa_family_t family = tor_addr_family(a);
   if (family == AF_INET) {
     struct sockaddr_in *sin;
     if (len < (int)sizeof(struct sockaddr_in))
       return 0;
     sin = (struct sockaddr_in *)sa_out;
-    memset(sin, 0, sizeof(struct sockaddr_in));
 #ifdef HAVE_STRUCT_SOCKADDR_IN_SIN_LEN
     sin->sin_len = sizeof(struct sockaddr_in);
 #endif
@@ -108,7 +109,6 @@ tor_addr_to_sockaddr(const tor_addr_t *a,
     if (len < (int)sizeof(struct sockaddr_in6))
       return 0;
     sin6 = (struct sockaddr_in6 *)sa_out;
-    memset(sin6, 0, sizeof(struct sockaddr_in6));
 #ifdef HAVE_STRUCT_SOCKADDR_IN6_SIN6_LEN
     sin6->sin6_len = sizeof(struct sockaddr_in6);
 #endif
@@ -129,6 +129,9 @@ tor_addr_from_sockaddr(tor_addr_t *a, const struct sockaddr *sa,
 {
   tor_assert(a);
   tor_assert(sa);
+
+  memset(a, 0, sizeof(*a));
+
   if (sa->sa_family == AF_INET) {
     struct sockaddr_in *sin = (struct sockaddr_in *) sa;
     tor_addr_from_ipv4n(a, sin->sin_addr.s_addr);
@@ -1023,7 +1026,6 @@ tor_addr_compare_masked(const tor_addr_t *addr1, const tor_addr_t *addr2,
     } else {
       a2 = tor_addr_to_ipv4h(addr2);
     }
-    if (mbits <= 0) return 0;
     if (mbits > 32) mbits = 32;
     a1 >>= (32-mbits);
     a2 >>= (32-mbits);
@@ -1369,8 +1371,8 @@ tor_addr_is_multicast(const tor_addr_t *a)
  * connects to the Internet.  This address should only be used in checking
  * whether our address has changed.  Return 0 on success, -1 on failure.
  */
-int
-get_interface_address6(int severity, sa_family_t family, tor_addr_t *addr)
+MOCK_IMPL(int,
+get_interface_address6,(int severity, sa_family_t family, tor_addr_t *addr))
 {
   /* XXX really, this function should yield a smartlist of addresses. */
   smartlist_t *addrs;
@@ -1699,8 +1701,8 @@ tor_dup_ip(uint32_t addr)
  * checking whether our address has changed.  Return 0 on success, -1 on
  * failure.
  */
-int
-get_interface_address(int severity, uint32_t *addr)
+MOCK_IMPL(int,
+get_interface_address,(int severity, uint32_t *addr))
 {
   tor_addr_t local_addr;
   int r;

src/common/address.h

@@ -1,6 +1,6 @@
 /* Copyright (c) 2003-2004, Roger Dingledine
  * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
- * Copyright (c) 2007-2014, The Tor Project, Inc. */
+ * Copyright (c) 2007-2015, The Tor Project, Inc. */
 /* See LICENSE for licensing information */
 
 /**
@@ -159,7 +159,8 @@ char *tor_dup_addr(const tor_addr_t *addr) ATTR_MALLOC;
 const char *fmt_addr_impl(const tor_addr_t *addr, int decorate);
 const char *fmt_addrport(const tor_addr_t *addr, uint16_t port);
 const char * fmt_addr32(uint32_t addr);
-int get_interface_address6(int severity, sa_family_t family, tor_addr_t *addr);
+MOCK_DECL(int,get_interface_address6,(int severity, sa_family_t family,
+tor_addr_t *addr));
 
 /** Flag to specify how to do a comparison between addresses.  In an "exact"
  * comparison, addresses are equivalent only if they are in the same family
@@ -236,7 +237,7 @@ int addr_mask_get_bits(uint32_t mask);
 #define INET_NTOA_BUF_LEN 16
 int tor_inet_ntoa(const struct in_addr *in, char *buf, size_t buf_len);
 char *tor_dup_ip(uint32_t addr) ATTR_MALLOC;
-int get_interface_address(int severity, uint32_t *addr);
+MOCK_DECL(int,get_interface_address,(int severity, uint32_t *addr));
 
 tor_addr_port_t *tor_addr_port_new(const tor_addr_t *addr, uint16_t port);
 

src/common/aes.c

@@ -1,7 +1,7 @@
 /* Copyright (c) 2001, Matej Pfajfar.
  * Copyright (c) 2001-2004, Roger Dingledine.
  * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
- * Copyright (c) 2007-2014, The Tor Project, Inc. */
+ * Copyright (c) 2007-2015, The Tor Project, Inc. */
 /* See LICENSE for licensing information */
 
 /**

src/common/aes.h

@@ -1,6 +1,6 @@
 /* Copyright (c) 2003, Roger Dingledine
  * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
- * Copyright (c) 2007-2014, The Tor Project, Inc. */
+ * Copyright (c) 2007-2015, The Tor Project, Inc. */
 /* See LICENSE for licensing information */
 
 /* Implements a minimal interface to counter-mode AES. */

src/common/backtrace.c

@@ -1,4 +1,4 @@
-/* Copyright (c) 2013-2014, The Tor Project, Inc. */
+/* Copyright (c) 2013-2015, The Tor Project, Inc. */
 /* See LICENSE for licensing information */
 
 #define __USE_GNU

src/common/backtrace.h

@@ -1,4 +1,4 @@
-/* Copyright (c) 2013-2014, The Tor Project, Inc. */
+/* Copyright (c) 2013-2015, The Tor Project, Inc. */
 /* See LICENSE for licensing information */
 
 #ifndef TOR_BACKTRACE_H

src/common/compat.c

@@ -1,6 +1,6 @@
 /* Copyright (c) 2003-2004, Roger Dingledine
  * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
- * Copyright (c) 2007-2014, The Tor Project, Inc. */
+ * Copyright (c) 2007-2015, The Tor Project, Inc. */
 /* See LICENSE for licensing information */
 
 /**
@@ -2198,9 +2198,20 @@ get_environment(void)
 #endif
 }
 
-/** Set *addr to the IP address (in dotted-quad notation) stored in c.
- * Return 1 on success, 0 if c is badly formatted.  (Like inet_aton(c,addr),
- * but works on Windows and Solaris.)
+/** Get name of current host and write it to <b>name</b> array, whose
+ * length is specified by <b>namelen</b> argument. Return 0 upon
+ * successfull completion; otherwise return return -1. (Currently,
+ * this function is merely a mockable wrapper for POSIX gethostname().)
+ */
+MOCK_IMPL(int,
+tor_gethostname,(char *name, size_t namelen))
+{
+   return gethostname(name,namelen);
+}
+
+/** Set *addr to the IP address (in dotted-quad notation) stored in *str.
+ * Return 1 on success, 0 if *str is badly formatted.
+ * (Like inet_aton(str,addr), but works on Windows and Solaris.)
  */
 int
 tor_inet_aton(const char *str, struct in_addr* addr)
@@ -2420,8 +2431,9 @@ tor_inet_pton(int af, const char *src, void *dst)
  * (This function exists because standard windows gethostbyname
  * doesn't treat raw IP addresses properly.)
  */
-int
-tor_lookup_hostname(const char *name, uint32_t *addr)
+
+MOCK_IMPL(int,
+tor_lookup_hostname,(const char *name, uint32_t *addr))
 {
   tor_addr_t myaddr;
   int ret;

src/common/compat.h

@@ -1,6 +1,6 @@
 /* Copyright (c) 2003-2004, Roger Dingledine
  * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
- * Copyright (c) 2007-2014, The Tor Project, Inc. */
+ * Copyright (c) 2007-2015, The Tor Project, Inc. */
 /* See LICENSE for licensing information */
 
 #ifndef TOR_COMPAT_H
@@ -532,10 +532,11 @@ struct sockaddr_in6 {
 };
 #endif
 
+MOCK_DECL(int,tor_gethostname,(char *name, size_t namelen));
 int tor_inet_aton(const char *cp, struct in_addr *addr) ATTR_NONNULL((1,2));
 const char *tor_inet_ntop(int af, const void *src, char *dst, size_t len);
 int tor_inet_pton(int af, const char *src, void *dst);
-int tor_lookup_hostname(const char *name, uint32_t *addr) ATTR_NONNULL((1,2));
+MOCK_DECL(int,tor_lookup_hostname,(const char *name, uint32_t *addr));
 int set_socket_nonblocking(tor_socket_t socket);
 int tor_socketpair(int family, int type, int protocol, tor_socket_t fd[2]);
 int network_init(void);

src/common/compat_libevent.c

@@ -1,4 +1,4 @@
-/* Copyright (c) 2009-2014, The Tor Project, Inc. */
+/* Copyright (c) 2009-2015, The Tor Project, Inc. */
 /* See LICENSE for licensing information */
 
 /**
@@ -146,13 +146,25 @@ tor_evsignal_new(struct event_base * base, int sig,
 {
   return tor_event_new(base, sig, EV_SIGNAL|EV_PERSIST, cb, arg);
 }
-/** Work-alike replacement for event_free() on pre-Libevent-2.0 systems. */
+/** Work-alike replacement for event_free() on pre-Libevent-2.0 systems,
+ * except tolerate tor_event_free(NULL). */
 void
 tor_event_free(struct event *ev)
 {
+  if (ev == NULL)
+    return;
   event_del(ev);
   tor_free(ev);
 }
+#else
+/* Wrapper for event_free() that tolerates tor_event_free(NULL) */
+void
+tor_event_free(struct event *ev)
+{
+  if (ev == NULL)
+    return;
+  event_free(ev);
+}
 #endif
 
 /** Global event base for use by the main thread. */

src/common/compat_libevent.h

@@ -1,4 +1,4 @@
-/* Copyright (c) 2009-2014, The Tor Project, Inc. */
+/* Copyright (c) 2009-2015, The Tor Project, Inc. */
 /* See LICENSE for licensing information */
 
 #ifndef TOR_COMPAT_LIBEVENT_H
@@ -28,11 +28,9 @@ void suppress_libevent_log_msg(const char *msg);
 #define tor_event_new     event_new
 #define tor_evtimer_new   evtimer_new
 #define tor_evsignal_new  evsignal_new
-#define tor_event_free    event_free
 #define tor_evdns_add_server_port(sock, tcp, cb, data) \
   evdns_add_server_port_with_base(tor_libevent_get_base(), \
   (sock),(tcp),(cb),(data));
-
 #else
 struct event *tor_event_new(struct event_base * base, evutil_socket_t sock,
            short what, void (*cb)(evutil_socket_t, short, void *), void *arg);
@@ -40,10 +38,11 @@ struct event *tor_evtimer_new(struct event_base * base,
             void (*cb)(evutil_socket_t, short, void *), void *arg);
 struct event *tor_evsignal_new(struct event_base * base, int sig,
             void (*cb)(evutil_socket_t, short, void *), void *arg);
-void tor_event_free(struct event *ev);
 #define tor_evdns_add_server_port evdns_add_server_port
 #endif
 
+void tor_event_free(struct event *ev);
+
 typedef struct periodic_timer_t periodic_timer_t;
 
 periodic_timer_t *periodic_timer_new(struct event_base *base,

src/common/container.c

@@ -1,6 +1,6 @@
 /* Copyright (c) 2003-2004, Roger Dingledine
  * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
- * Copyright (c) 2007-2014, The Tor Project, Inc. */
+ * Copyright (c) 2007-2015, The Tor Project, Inc. */
 /* See LICENSE for licensing information */
 
 /**

src/common/container.h

@@ -1,6 +1,6 @@
 /* Copyright (c) 2003-2004, Roger Dingledine
  * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
- * Copyright (c) 2007-2014, The Tor Project, Inc. */
+ * Copyright (c) 2007-2015, The Tor Project, Inc. */
 /* See LICENSE for licensing information */
 
 #ifndef TOR_CONTAINER_H

src/common/crypto.c

@@ -1,7 +1,7 @@
 /* Copyright (c) 2001, Matej Pfajfar.
  * Copyright (c) 2001-2004, Roger Dingledine.
  * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
- * Copyright (c) 2007-2014, The Tor Project, Inc. */
+ * Copyright (c) 2007-2015, The Tor Project, Inc. */
 /* See LICENSE for licensing information */
 
 /**
@@ -1293,7 +1293,7 @@ crypto_pk_asn1_decode(const char *str, size_t len)
  * Return 0 on success, -1 on failure.
  */
 int
-crypto_pk_get_digest(crypto_pk_t *pk, char *digest_out)
+crypto_pk_get_digest(const crypto_pk_t *pk, char *digest_out)
 {
   unsigned char *buf = NULL;
   int len;
@@ -2752,6 +2752,8 @@ base64_decode(char *dest, size_t destlen, const char *src, size_t srclen)
   if (destlen > SIZE_T_CEILING)
     return -1;
 
+  memset(dest, 0, destlen);
+
   EVP_DecodeInit(&ctx);
   EVP_DecodeUpdate(&ctx, (unsigned char*)dest, &len,
                    (unsigned char*)src, srclen);
@@ -2773,6 +2775,8 @@ base64_decode(char *dest, size_t destlen, const char *src, size_t srclen)
   if (destlen > SIZE_T_CEILING)
     return -1;
 
+  memset(dest, 0, destlen);
+
   /* Iterate over all the bytes in src.  Each one will add 0 or 6 bits to the
    * value we're decoding.  Accumulate bits in <b>n</b>, and whenever we have
    * 24 bits, batch them into 3 bytes and flush those bytes to dest.
@@ -2952,6 +2956,8 @@ base32_decode(char *dest, size_t destlen, const char *src, size_t srclen)
   tor_assert((nbits/8) <= destlen); /* We need enough space. */
   tor_assert(destlen < SIZE_T_CEILING);
 
+  memset(dest, 0, destlen);
+
   /* Convert base32 encoded chars to the 5-bit values that they represent. */
   tmp = tor_malloc_zero(srclen);
   for (j = 0; j < srclen; ++j) {

src/common/crypto.h

@@ -1,7 +1,7 @@
 /* Copyright (c) 2001, Matej Pfajfar.
  * Copyright (c) 2001-2004, Roger Dingledine.
  * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
- * Copyright (c) 2007-2014, The Tor Project, Inc. */
+ * Copyright (c) 2007-2015, The Tor Project, Inc. */
 /* See LICENSE for licensing information */
 
 /**
@@ -180,7 +180,7 @@ int crypto_pk_private_hybrid_decrypt(crypto_pk_t *env, char *to,
 
 int crypto_pk_asn1_encode(crypto_pk_t *pk, char *dest, size_t dest_len);
 crypto_pk_t *crypto_pk_asn1_decode(const char *str, size_t len);
-int crypto_pk_get_digest(crypto_pk_t *pk, char *digest_out);
+int crypto_pk_get_digest(const crypto_pk_t *pk, char *digest_out);
 int crypto_pk_get_all_digests(crypto_pk_t *pk, digests_t *digests_out);
 int crypto_pk_get_fingerprint(crypto_pk_t *pk, char *fp_out,int add_space);
 int crypto_pk_get_hashed_fingerprint(crypto_pk_t *pk, char *fp_out);

src/common/crypto_curve25519.c

@@ -1,4 +1,4 @@
-/* Copyright (c) 2012-2014, The Tor Project, Inc. */
+/* Copyright (c) 2012-2015, The Tor Project, Inc. */
 /* See LICENSE for licensing information */
 
 /* Wrapper code for a curve25519 implementation. */

src/common/crypto_curve25519.h

@@ -1,4 +1,4 @@
-/* Copyright (c) 2012-2014, The Tor Project, Inc. */
+/* Copyright (c) 2012-2015, The Tor Project, Inc. */
 /* See LICENSE for licensing information */
 
 #ifndef TOR_CRYPTO_CURVE25519_H

src/common/crypto_ed25519.c

@@ -1,4 +1,4 @@
-/* Copyright (c) 2013-2014, The Tor Project, Inc. */
+/* Copyright (c) 2013-2015, The Tor Project, Inc. */
 /* See LICENSE for licensing information */
 
 /* Wrapper code for an ed25519 implementation. */

src/common/crypto_ed25519.h

@@ -1,4 +1,4 @@
-/* Copyright (c) 2012-2014, The Tor Project, Inc. */
+/* Copyright (c) 2012-2015, The Tor Project, Inc. */
 /* See LICENSE for licensing information */
 
 #ifndef TOR_CRYPTO_ED25519_H

src/common/crypto_format.c

@@ -1,4 +1,4 @@
-/* Copyright (c) 2012-2014, The Tor Project, Inc. */
+/* Copyright (c) 2012-2015, The Tor Project, Inc. */
 /* See LICENSE for licensing information */
 
 /* Formatting and parsing code for crypto-related data structures. */

src/common/crypto_s2k.c

@@ -1,7 +1,7 @@
 /* Copyright (c) 2001, Matej Pfajfar.
  * Copyright (c) 2001-2004, Roger Dingledine.
  * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
- * Copyright (c) 2007-2014, The Tor Project, Inc. */
+ * Copyright (c) 2007-2015, The Tor Project, Inc. */
 /* See LICENSE for licensing information */
 
 #define CRYPTO_S2K_PRIVATE

src/common/crypto_s2k.h

@@ -1,7 +1,7 @@
 /* Copyright (c) 2001, Matej Pfajfar.
  * Copyright (c) 2001-2004, Roger Dingledine.
  * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
- * Copyright (c) 2007-2014, The Tor Project, Inc. */
+ * Copyright (c) 2007-2015, The Tor Project, Inc. */
 /* See LICENSE for licensing information */
 
 #ifndef TOR_CRYPTO_S2K_H_INCLUDED

src/common/di_ops.c

@@ -1,4 +1,4 @@
-/* Copyright (c) 2011-2014, The Tor Project, Inc. */
+/* Copyright (c) 2011-2015, The Tor Project, Inc. */
 /* See LICENSE for licensing information */
 
 /**

src/common/di_ops.h

@@ -1,6 +1,6 @@
 /* Copyright (c) 2003-2004, Roger Dingledine
  * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
- * Copyright (c) 2007-2014, The Tor Project, Inc. */
+ * Copyright (c) 2007-2015, The Tor Project, Inc. */
 /* See LICENSE for licensing information */
 
 /**

src/common/log.c

@@ -1,7 +1,7 @@
 /* Copyright (c) 2001, Matej Pfajfar.
  * Copyright (c) 2001-2004, Roger Dingledine.
  * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
- * Copyright (c) 2007-2014, The Tor Project, Inc. */
+ * Copyright (c) 2007-2015, The Tor Project, Inc. */
 /* See LICENSE for licensing information */
 
 /**

src/common/memarea.c

@@ -1,4 +1,4 @@
-/* Copyright (c) 2008-2014, The Tor Project, Inc. */
+/* Copyright (c) 2008-2015, The Tor Project, Inc. */
 /* See LICENSE for licensing information */
 
 /** \file memarea.c

src/common/memarea.h

@@ -1,4 +1,4 @@
-/* Copyright (c) 2008-2014, The Tor Project, Inc. */
+/* Copyright (c) 2008-2015, The Tor Project, Inc. */
 /* See LICENSE for licensing information */
 /* Tor dependencies */
 

src/common/mempool.c

@@ -1,4 +1,4 @@
-/* Copyright (c) 2007-2014, The Tor Project, Inc. */
+/* Copyright (c) 2007-2015, The Tor Project, Inc. */
 /* See LICENSE for licensing information */
 #if 1
 /* Tor dependencies */

src/common/mempool.h

@@ -1,4 +1,4 @@
-/* Copyright (c) 2007-2014, The Tor Project, Inc. */
+/* Copyright (c) 2007-2015, The Tor Project, Inc. */
 /* See LICENSE for licensing information */
 
 /**

src/common/procmon.c

@@ -1,4 +1,4 @@
-/* Copyright (c) 2011-2014, The Tor Project, Inc. */
+/* Copyright (c) 2011-2015, The Tor Project, Inc. */
 /* See LICENSE for licensing information */
 
 /**

src/common/procmon.h

@@ -1,4 +1,4 @@
-/* Copyright (c) 2011-2014, The Tor Project, Inc. */
+/* Copyright (c) 2011-2015, The Tor Project, Inc. */
 /* See LICENSE for licensing information */
 
 /**

src/common/sandbox.c

@@ -1,7 +1,7 @@
 /* Copyright (c) 2001 Matej Pfajfar.
  * Copyright (c) 2001-2004, Roger Dingledine.
  * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
- * Copyright (c) 2007-2014, The Tor Project, Inc. */
+ * Copyright (c) 2007-2015, The Tor Project, Inc. */
 /* See LICENSE for licensing information */
 
 /**
@@ -58,6 +58,16 @@
 #include <time.h>
 #include <poll.h>
 
+#ifdef HAVE_LINUX_NETFILTER_IPV4_H
+#include <linux/netfilter_ipv4.h>
+#endif
+#ifdef HAVE_LINUX_IF_H
+#include <linux/if.h>
+#endif
+#ifdef HAVE_LINUX_NETFILTER_IPV6_IP6_TABLES_H
+#include <linux/netfilter_ipv6/ip6_tables.h>
+#endif
+
 #if defined(HAVE_EXECINFO_H) && defined(HAVE_BACKTRACE) && \
   defined(HAVE_BACKTRACE_SYMBOLS_FD) && defined(HAVE_SIGACTION)
 #define USE_BACKTRACE
@@ -634,6 +644,22 @@ sb_getsockopt(scmp_filter_ctx ctx, sandbox_cfg_t *filter)
   if (rc)
     return rc;
 
+#ifdef HAVE_LINUX_NETFILTER_IPV4_H
+  rc = seccomp_rule_add_2(ctx, SCMP_ACT_ALLOW, SCMP_SYS(getsockopt),
+      SCMP_CMP(1, SCMP_CMP_EQ, SOL_IP),
+      SCMP_CMP(2, SCMP_CMP_EQ, SO_ORIGINAL_DST));
+  if (rc)
+    return rc;
+#endif
+
+#ifdef HAVE_LINUX_NETFILTER_IPV6_IP6_TABLES_H
+  rc = seccomp_rule_add_2(ctx, SCMP_ACT_ALLOW, SCMP_SYS(getsockopt),
+      SCMP_CMP(1, SCMP_CMP_EQ, SOL_IPV6),
+      SCMP_CMP(2, SCMP_CMP_EQ, IP6T_SO_ORIGINAL_DST));
+  if (rc)
+    return rc;
+#endif
+
   return 0;
 }
 
@@ -1309,6 +1335,13 @@ sandbox_disable_getaddrinfo_cache(void)
   sandbox_getaddrinfo_cache_disabled = 1;
 }
 
+void
+sandbox_freeaddrinfo(struct addrinfo *ai)
+{
+  if (sandbox_getaddrinfo_cache_disabled)
+    freeaddrinfo(ai);
+}
+
 int
 sandbox_getaddrinfo(const char *name, const char *servname,
                     const struct addrinfo *hints,

src/common/sandbox.h

@@ -1,7 +1,7 @@
 /* Copyright (c) 2001 Matej Pfajfar.
  * Copyright (c) 2001-2004, Roger Dingledine.
  * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
- * Copyright (c) 2007-2014, The Tor Project, Inc. */
+ * Copyright (c) 2007-2015, The Tor Project, Inc. */
 /* See LICENSE for licensing information */
 
 /**
@@ -115,7 +115,7 @@ struct addrinfo;
 int sandbox_getaddrinfo(const char *name, const char *servname,
                         const struct addrinfo *hints,
                         struct addrinfo **res);
-#define sandbox_freeaddrinfo(addrinfo) ((void)0)
+void sandbox_freeaddrinfo(struct addrinfo *addrinfo);
 void sandbox_free_getaddrinfo_cache(void);
 #else
 #define sandbox_getaddrinfo(name, servname, hints, res)  \

src/common/testsupport.h

@@ -1,4 +1,4 @@
-/* Copyright (c) 2013-2014, The Tor Project, Inc. */
+/* Copyright (c) 2013-2015, The Tor Project, Inc. */
 /* See LICENSE for licensing information */
 
 #ifndef TOR_TESTSUPPORT_H
@@ -20,8 +20,8 @@
  *
  * and implement it as:
  *
- *     MOCK_IMPL(void
- *     writebuf,(size_t n, char *buf)
+ *     MOCK_IMPL(void,
+ *     writebuf,(size_t n, char *buf))
  *     {
  *          ...
  *     }

src/common/torgzip.c

@@ -1,6 +1,6 @@
 /* Copyright (c) 2004, Roger Dingledine.
  * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
- * Copyright (c) 2007-2014, The Tor Project, Inc. */
+ * Copyright (c) 2007-2015, The Tor Project, Inc. */
 /* See LICENSE for licensing information */
 
 /**
@@ -92,10 +92,27 @@ tor_zlib_get_header_version_str(void)
 
 /** Return the 'bits' value to tell zlib to use <b>method</b>.*/
 static INLINE int
-method_bits(compress_method_t method)
+method_bits(compress_method_t method, zlib_compression_level_t level)
 {
   /* Bits+16 means "use gzip" in zlib >= 1.2 */
-  return method == GZIP_METHOD ? 15+16 : 15;
+  const int flag = method == GZIP_METHOD ? 16 : 0;
+  switch (level) {
+    default:
+    case HIGH_COMPRESSION: return flag + 15;
+    case MEDIUM_COMPRESSION: return flag + 13;
+    case LOW_COMPRESSION: return flag + 11;
+  }
+}
+
+static INLINE int
+get_memlevel(zlib_compression_level_t level)
+{
+  switch (level) {
+    default:
+    case HIGH_COMPRESSION: return 8;
+    case MEDIUM_COMPRESSION: return 7;
+    case LOW_COMPRESSION: return 6;
+  }
 }
 
 /** @{ */
@@ -162,8 +179,9 @@ tor_gzip_compress(char **out, size_t *out_len,
   stream->avail_in = (unsigned int)in_len;
 
   if (deflateInit2(stream, Z_BEST_COMPRESSION, Z_DEFLATED,
-                   method_bits(method),
-                   8, Z_DEFAULT_STRATEGY) != Z_OK) {
+                   method_bits(method, HIGH_COMPRESSION),
+                   get_memlevel(HIGH_COMPRESSION),
+                   Z_DEFAULT_STRATEGY) != Z_OK) {
     log_warn(LD_GENERAL, "Error from deflateInit2: %s",
              stream->msg?stream->msg:"<no message>");
     goto err;
@@ -289,7 +307,7 @@ tor_gzip_uncompress(char **out, size_t *out_len,
   stream->avail_in = (unsigned int)in_len;
 
   if (inflateInit2(stream,
-                   method_bits(method)) != Z_OK) {
+                   method_bits(method, HIGH_COMPRESSION)) != Z_OK) {
     log_warn(LD_GENERAL, "Error from inflateInit2: %s",
              stream->msg?stream->msg:"<no message>");
     goto err;
@@ -315,7 +333,8 @@ tor_gzip_uncompress(char **out, size_t *out_len,
           log_warn(LD_BUG, "Error freeing gzip structures");
           goto err;
         }
-        if (inflateInit2(stream, method_bits(method)) != Z_OK) {
+        if (inflateInit2(stream,
+                         method_bits(method,HIGH_COMPRESSION)) != Z_OK) {
           log_warn(LD_GENERAL, "Error from second inflateInit2: %s",
                    stream->msg?stream->msg:"<no message>");
           goto err;
@@ -426,10 +445,11 @@ struct tor_zlib_state_t {
  * <b>compress</b>, it's for compression; otherwise it's for
  * decompression. */
 tor_zlib_state_t *
-tor_zlib_new(int compress, compress_method_t method)
+tor_zlib_new(int compress, compress_method_t method,
+             zlib_compression_level_t compression_level)
 {
   tor_zlib_state_t *out;
-  int bits;
+  int bits, memlevel;
 
   if (method == GZIP_METHOD && !is_gzip_supported()) {
     /* Old zlib version don't support gzip in inflateInit2 */
@@ -437,21 +457,29 @@ tor_zlib_new(int compress, compress_method_t method)
     return NULL;
  }
 
+ if (! compress) {
+   /* use this setting for decompression, since we might have the
+    * max number of window bits */
+   compression_level = HIGH_COMPRESSION;
+ }
+
  out = tor_malloc_zero(sizeof(tor_zlib_state_t));
  out->stream.zalloc = Z_NULL;
  out->stream.zfree = Z_NULL;
  out->stream.opaque = NULL;
  out->compress = compress;
- bits = method_bits(method);
+ bits = method_bits(method, compression_level);
+ memlevel = get_memlevel(compression_level);
  if (compress) {
    if (deflateInit2(&out->stream, Z_BEST_COMPRESSION, Z_DEFLATED,
-                    bits, 8, Z_DEFAULT_STRATEGY) != Z_OK)
+                    bits, memlevel,
+                    Z_DEFAULT_STRATEGY) != Z_OK)
      goto err;
  } else {
    if (inflateInit2(&out->stream, bits) != Z_OK)
      goto err;
  }
- out->allocation = tor_zlib_state_size_precalc(!compress, bits, 8);
+ out->allocation = tor_zlib_state_size_precalc(!compress, bits, memlevel);
 
  total_zlib_allocation += out->allocation;
 

src/common/torgzip.h

@@ -1,6 +1,6 @@
 /* Copyright (c) 2003, Roger Dingledine
  * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
- * Copyright (c) 2007-2014, The Tor Project, Inc. */
+ * Copyright (c) 2007-2015, The Tor Project, Inc. */
 /* See LICENSE for licensing information */
 
 /**
@@ -19,6 +19,15 @@ typedef enum {
   NO_METHOD=0, GZIP_METHOD=1, ZLIB_METHOD=2, UNKNOWN_METHOD=3
 } compress_method_t;
 
+/**
+ * Enumeration to define tradeoffs between memory usage and compression level.
+ * HIGH_COMPRESSION saves the most bandwidth; LOW_COMPRESSION saves the most
+ * memory.
+ **/
+typedef enum {
+  HIGH_COMPRESSION, MEDIUM_COMPRESSION, LOW_COMPRESSION
+} zlib_compression_level_t;
+
 int
 tor_gzip_compress(char **out, size_t *out_len,
                   const char *in, size_t in_len,
@@ -47,7 +56,8 @@ typedef enum {
 } tor_zlib_output_t;
 /** Internal state for an incremental zlib compression/decompression. */
 typedef struct tor_zlib_state_t tor_zlib_state_t;
-tor_zlib_state_t *tor_zlib_new(int compress, compress_method_t method);
+tor_zlib_state_t *tor_zlib_new(int compress, compress_method_t method,
+                               zlib_compression_level_t level);
 
 tor_zlib_output_t tor_zlib_process(tor_zlib_state_t *state,
                                    char **out, size_t *out_len,

src/common/torint.h

@@ -1,6 +1,6 @@
 /* Copyright (c) 2003, Roger Dingledine
  * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
- * Copyright (c) 2007-2014, The Tor Project, Inc. */
+ * Copyright (c) 2007-2015, The Tor Project, Inc. */
 /* See LICENSE for licensing information */
 
 /**
@@ -191,6 +191,10 @@ typedef unsigned __int64 uint64_t;
 #endif
 #endif
 
+#ifndef INT64_MIN
+#define INT64_MIN ((- INT64_MAX) - 1)
+#endif
+
 #ifndef SIZE_MAX
 #if SIZEOF_SIZE_T == 8
 #define SIZE_MAX UINT64_MAX

src/common/torlog.h

@@ -1,7 +1,7 @@
 /* Copyright (c) 2001, Matej Pfajfar.
  * Copyright (c) 2001-2004, Roger Dingledine.
  * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
- * Copyright (c) 2007-2014, The Tor Project, Inc. */
+ * Copyright (c) 2007-2015, The Tor Project, Inc. */
 /* See LICENSE for licensing information */
 
 /**

src/common/tortls.c

@@ -1,6 +1,6 @@
 /* Copyright (c) 2003, Roger Dingledine.
  * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
- * Copyright (c) 2007-2014, The Tor Project, Inc. */
+ * Copyright (c) 2007-2015, The Tor Project, Inc. */
 /* See LICENSE for licensing information */
 
 /**

src/common/tortls.h

@@ -1,6 +1,6 @@
 /* Copyright (c) 2003, Roger Dingledine
  * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
- * Copyright (c) 2007-2014, The Tor Project, Inc. */
+ * Copyright (c) 2007-2015, The Tor Project, Inc. */
 /* See LICENSE for licensing information */
 
 #ifndef TOR_TORTLS_H