--- Begin Message ---
Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock
Please unblock package tor. The version currently in unstable fixes the
issues that were updated in stable with DSA 3203-1 [1].
unblock tor/0.2.5.11-1
A polished diff is attached (I cut out database and auto*/version noise).
This version updates the set of directory authority servers that clients
trust and use to bootstrap. It fixes denial of service issues, and it
fixes an issue that manifests when sandboxing is enabled (without this,
the cron daily HUP will crash tor).
There's also, unfortunately, one minor new feature in this too, in
control.c. It appears quite comparmentalized, so I think the threat of
any regressions through this is very low.
[git|master] weasel@valiant:~/projects/tor/tor$ diffstat tor-jessie.diff
ChangeLog | 113 ++++++++++++++++++++++++++++++++++++++++++++++
debian/changelog | 10 ++++
src/common/compat.h | 12 ++++
src/common/crypto.c | 6 ++
src/common/sandbox.c | 1
src/common/tortls.c | 22 ++++++++
src/common/util.c | 3 +
src/or/addressmap.c | 8 ++-
src/or/buffers.c | 11 +++-
src/or/config.c | 8 +--
src/or/control.c | 53 +++++++++++++++++++++
src/or/control.h | 1
src/or/directory.c | 9 +++
src/or/dirserv.c | 2
src/or/dns.c | 6 ++
src/or/rephist.c | 4 -
src/test/test_relaycell.c | 2
src/test/test_util.c | 2
Thanks for your consideration,
weasel
1. https://lists.debian.org/E1YZksY-0000F0-FL@pool.mine.nu
diff --git a/ChangeLog b/ChangeLog
index 3daba3e..5df0100 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,116 @@
+Changes in version 0.2.5.11 - 2015-03-17
+ Tor 0.2.5.11 is the second stable release in the 0.2.5 series.
+
+ It backports several bugfixes from the 0.2.6 branch, including a
+ couple of medium-level security fixes for relays and exit nodes.
+ It also updates the list of directory authorities.
+
+ o Directory authority changes:
+ - Remove turtles as a directory authority.
+ - Add longclaw as a new (v3) directory authority. This implements
+ ticket 13296. This keeps the directory authority count at 9.
+ - The directory authority Faravahar has a new IP address. This
+ closes ticket 14487.
+
+ o Major bugfixes (crash, OSX, security):
+ - Fix a remote denial-of-service opportunity caused by a bug in
+ OSX's _strlcat_chk() function. Fixes bug 15205; bug first appeared
+ in OSX 10.9.
+
+ o Major bugfixes (relay, stability, possible security):
+ - Fix a bug that could lead to a relay crashing with an assertion
+ failure if a buffer of exactly the wrong layout was passed to
+ buf_pullup() at exactly the wrong time. Fixes bug 15083; bugfix on
+ 0.2.0.10-alpha. Patch from 'cypherpunks'.
+ - Do not assert if the 'data' pointer on a buffer is advanced to the
+ very end of the buffer; log a BUG message instead. Only assert if
+ it is past that point. Fixes bug 15083; bugfix on 0.2.0.10-alpha.
+
+ o Major bugfixes (exit node stability):
+ - Fix an assertion failure that could occur under high DNS load.
+ Fixes bug 14129; bugfix on Tor 0.0.7rc1. Found by "jowr";
+ diagnosed and fixed by "cypherpunks".
+
+ o Major bugfixes (Linux seccomp2 sandbox):
+ - Upon receiving sighup with the seccomp2 sandbox enabled, do not
+ crash during attempts to call wait4. Fixes bug 15088; bugfix on
+ 0.2.5.1-alpha. Patch from "sanic".
+
+ o Minor features (controller):
+ - New "GETINFO bw-event-cache" to get information about recent
+ bandwidth events. Closes ticket 14128. Useful for controllers to
+ get recent bandwidth history after the fix for ticket 13988.
+
+ o Minor features (geoip):
+ - Update geoip to the March 3 2015 Maxmind GeoLite2 Country database.
+ - Update geoip6 to the March 3 2015 Maxmind GeoLite2
+ Country database.
+
+ o Minor bugfixes (client, automapping):
+ - Avoid crashing on torrc lines for VirtualAddrNetworkIPv[4|6] when
+ no value follows the option. Fixes bug 14142; bugfix on
+ 0.2.4.7-alpha. Patch by "teor".
+ - Fix a memory leak when using AutomapHostsOnResolve. Fixes bug
+ 14195; bugfix on 0.1.0.1-rc.
+
+ o Minor bugfixes (compilation):
+ - Build without warnings with the stock OpenSSL srtp.h header, which
+ has a duplicate declaration of SSL_get_selected_srtp_profile().
+ Fixes bug 14220; this is OpenSSL's bug, not ours.
+
+ o Minor bugfixes (directory authority):
+ - Allow directory authorities to fetch more data from one another if
+ they find themselves missing lots of votes. Previously, they had
+ been bumping against the 10 MB queued data limit. Fixes bug 14261;
+ bugfix on 0.1.2.5-alpha.
+ - Enlarge the buffer to read bwauth generated files to avoid an
+ issue when parsing the file in dirserv_read_measured_bandwidths().
+ Fixes bug 14125; bugfix on 0.2.2.1-alpha.
+
+ o Minor bugfixes (statistics):
+ - Increase period over which bandwidth observations are aggregated
+ from 15 minutes to 4 hours. Fixes bug 13988; bugfix on 0.0.8pre1.
+
+ o Minor bugfixes (preventative security, C safety):
+ - When reading a hexadecimal, base-32, or base-64 encoded value from
+ a string, always overwrite the whole output buffer. This prevents
+ some bugs where we would look at (but fortunately, not reveal)
+ uninitialized memory on the stack. Fixes bug 14013; bugfix on all
+ versions of Tor.
+
+
+Changes in version 0.2.4.26 - 2015-03-17
+ Tor 0.2.4.26 includes an updated list of directory authorities. It
+ also backports a couple of stability and security bugfixes from 0.2.5
+ and beyond.
+
+ o Directory authority changes:
+ - Remove turtles as a directory authority.
+ - Add longclaw as a new (v3) directory authority. This implements
+ ticket 13296. This keeps the directory authority count at 9.
+ - The directory authority Faravahar has a new IP address. This
+ closes ticket 14487.
+
+ o Major bugfixes (exit node stability, also in 0.2.6.3-alpha):
+ - Fix an assertion failure that could occur under high DNS load.
+ Fixes bug 14129; bugfix on Tor 0.0.7rc1. Found by "jowr";
+ diagnosed and fixed by "cypherpunks".
+
+ o Major bugfixes (relay, stability, possible security, also in 0.2.6.4-rc):
+ - Fix a bug that could lead to a relay crashing with an assertion
+ failure if a buffer of exactly the wrong layout was passed to
+ buf_pullup() at exactly the wrong time. Fixes bug 15083; bugfix on
+ 0.2.0.10-alpha. Patch from 'cypherpunks'.
+ - Do not assert if the 'data' pointer on a buffer is advanced to the
+ very end of the buffer; log a BUG message instead. Only assert if
+ it is past that point. Fixes bug 15083; bugfix on 0.2.0.10-alpha.
+
+ o Minor features (geoip):
+ - Update geoip to the March 3 2015 Maxmind GeoLite2 Country database.
+ - Update geoip6 to the March 3 2015 Maxmind GeoLite2
+ Country database.
+
+
Changes in version 0.2.5.10 - 2014-10-24
Tor 0.2.5.10 is the first stable release in the 0.2.5 series.
diff --git a/ReleaseNotes b/ReleaseNotes
[cut]
diff --git a/configure.ac b/configure.ac
[cut]
diff --git a/contrib/win32build/tor-mingw.nsi.in b/contrib/win32build/tor-mingw.nsi.in
[cut]
diff --git a/debian/changelog b/debian/changelog
index 25355fd..1f3c9d2 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,13 @@
+tor (0.2.5.11-1) unstable; urgency=medium
+
+ * New upstream version.
+ - Directory authority changes.
+ - Fix assertion errors that may trigger under high DNS load.
+ - No longer break on HUP (happens daily on Debian) with seccomp2 enabled.
+ - and more - please consult the upstream changelog.
+
+ -- Peter Palfrader <weasel@debian.org> Thu, 19 Mar 2015 18:26:22 +0100
+
tor (0.2.5.10-1) unstable; urgency=medium
* New upstream version.
diff --git a/src/common/compat.h b/src/common/compat.h
index ec7d241..531e88f 100644
--- a/src/common/compat.h
+++ b/src/common/compat.h
@@ -224,6 +224,18 @@ extern INLINE double U64_TO_DBL(uint64_t x) {
#define strncasecmp _strnicmp
#define strcasecmp _stricmp
#endif
+
+#if defined __APPLE__
+/* On OSX 10.9 and later, the overlap-checking code for strlcat would
+ * appear to have a severe bug that can sometimes cause aborts in Tor.
+ * Instead, use the non-checking variants. This is sad.
+ *
+ * See https://trac.torproject.org/projects/tor/ticket/15205
+ */
+#undef strlcat
+#undef strlcpy
+#endif
+
#ifndef HAVE_STRLCAT
size_t strlcat(char *dst, const char *src, size_t siz) ATTR_NONNULL((1,2));
#endif
diff --git a/src/common/crypto.c b/src/common/crypto.c
index a247a87..f4e8668 100644
--- a/src/common/crypto.c
+++ b/src/common/crypto.c
@@ -2756,6 +2756,8 @@ base64_decode(char *dest, size_t destlen, const char *src, size_t srclen)
if (destlen > SIZE_T_CEILING)
return -1;
+ memset(dest, 0, destlen);
+
EVP_DecodeInit(&ctx);
EVP_DecodeUpdate(&ctx, (unsigned char*)dest, &len,
(unsigned char*)src, srclen);
@@ -2777,6 +2779,8 @@ base64_decode(char *dest, size_t destlen, const char *src, size_t srclen)
if (destlen > SIZE_T_CEILING)
return -1;
+ memset(dest, 0, destlen);
+
/* Iterate over all the bytes in src. Each one will add 0 or 6 bits to the
* value we're decoding. Accumulate bits in <b>n</b>, and whenever we have
* 24 bits, batch them into 3 bytes and flush those bytes to dest.
@@ -2956,6 +2960,8 @@ base32_decode(char *dest, size_t destlen, const char *src, size_t srclen)
tor_assert((nbits/8) <= destlen); /* We need enough space. */
tor_assert(destlen < SIZE_T_CEILING);
+ memset(dest, 0, destlen);
+
/* Convert base32 encoded chars to the 5-bit values that they represent. */
tmp = tor_malloc_zero(srclen);
for (j = 0; j < srclen; ++j) {
diff --git a/src/common/sandbox.c b/src/common/sandbox.c
index dbbaa59..e43b64b 100644
--- a/src/common/sandbox.c
+++ b/src/common/sandbox.c
@@ -164,6 +164,7 @@ static int filter_nopar_gen[] = {
#endif
SCMP_SYS(stat),
SCMP_SYS(uname),
+ SCMP_SYS(wait4),
SCMP_SYS(write),
SCMP_SYS(writev),
SCMP_SYS(exit_group),
diff --git a/src/common/tortls.c b/src/common/tortls.c
index 999d971..d637a8e 100644
--- a/src/common/tortls.c
+++ b/src/common/tortls.c
@@ -33,6 +33,20 @@
#include <ws2tcpip.h>
#endif
#endif
+
+#ifdef __GNUC__
+#define GCC_VERSION (__GNUC__ * 100 + __GNUC_MINOR__)
+#endif
+
+#if __GNUC__ && GCC_VERSION >= 402
+#if GCC_VERSION >= 406
+#pragma GCC diagnostic push
+#endif
+/* Some versions of OpenSSL declare SSL_get_selected_srtp_profile twice in
+ * srtp.h. Suppress the GCC warning so we can build with -Wredundant-decl. */
+#pragma GCC diagnostic ignored "-Wredundant-decls"
+#endif
+
#include <openssl/ssl.h>
#include <openssl/ssl3.h>
#include <openssl/err.h>
@@ -41,6 +55,14 @@
#include <openssl/bio.h>
#include <openssl/opensslv.h>
+#if __GNUC__ && GCC_VERSION >= 402
+#if GCC_VERSION >= 406
+#pragma GCC diagnostic pop
+#else
+#pragma GCC diagnostic warning "-Wredundant-decls"
+#endif
+#endif
+
#ifdef USE_BUFFEREVENTS
#include <event2/bufferevent_ssl.h>
#include <event2/buffer.h>
diff --git a/src/common/util.c b/src/common/util.c
index 2d7893b..04cc6b1 100644
--- a/src/common/util.c
+++ b/src/common/util.c
@@ -1129,6 +1129,9 @@ base16_decode(char *dest, size_t destlen, const char *src, size_t srclen)
return -1;
if (destlen < srclen/2 || destlen > SIZE_T_CEILING)
return -1;
+
+ memset(dest, 0, destlen);
+
end = src+srclen;
while (src<end) {
v1 = hex_decode_digit_(*src);
diff --git a/src/config/geoip b/src/config/geoip
[cut]
diff --git a/src/config/geoip6 b/src/config/geoip6
[cut]
diff --git a/src/or/addressmap.c b/src/or/addressmap.c
index 998770a..d4b7acf 100644
--- a/src/or/addressmap.c
+++ b/src/or/addressmap.c
@@ -738,6 +738,12 @@ parse_virtual_addr_network(const char *val, sa_family_t family,
const int max_bits = ipv6 ? 40 : 16;
virtual_addr_conf_t *conf = ipv6 ? &virtaddr_conf_ipv6 : &virtaddr_conf_ipv4;
+ if (!val || val[0] == '\0') {
+ if (msg)
+ tor_asprintf(msg, "Value not present (%s) after VirtualAddressNetwork%s",
+ val?"Empty":"NULL", ipv6?"IPv6":"");
+ return -1;
+ }
if (tor_addr_parse_mask_ports(val, 0, &addr, &bits, NULL, NULL) < 0) {
if (msg)
tor_asprintf(msg, "Error parsing VirtualAddressNetwork%s %s",
@@ -945,7 +951,7 @@ addressmap_register_virtual_address(int type, char *new_address)
!strcasecmp(new_address, ent->new_address)) {
tor_free(new_address);
tor_assert(!vent_needs_to_be_added);
- return tor_strdup(*addrp);
+ return *addrp;
} else {
log_warn(LD_BUG,
"Internal confusion: I thought that '%s' was mapped to by "
diff --git a/src/or/buffers.c b/src/or/buffers.c
index 033f862..ae73c70 100644
--- a/src/or/buffers.c
+++ b/src/or/buffers.c
@@ -447,7 +447,7 @@ buf_pullup(buf_t *buf, size_t bytes, int nulterminate)
size_t n = bytes - dest->datalen;
src = dest->next;
tor_assert(src);
- if (n > src->datalen) {
+ if (n >= src->datalen) {
memcpy(CHUNK_WRITE_PTR(dest), src->data, src->datalen);
dest->datalen += src->datalen;
dest->next = src->next;
@@ -2624,7 +2624,14 @@ assert_buf_ok(buf_t *buf)
total += ch->datalen;
tor_assert(ch->datalen <= ch->memlen);
tor_assert(ch->data >= &ch->mem[0]);
- tor_assert(ch->data < &ch->mem[0]+ch->memlen);
+ tor_assert(ch->data <= &ch->mem[0]+ch->memlen);
+ if (ch->data == &ch->mem[0]+ch->memlen) {
+ static int warned = 0;
+ if (! warned) {
+ log_warn(LD_BUG, "Invariant violation in buf.c related to #15083");
+ warned = 1;
+ }
+ }
tor_assert(ch->data+ch->datalen <= &ch->mem[0] + ch->memlen);
if (!ch->next)
tor_assert(ch == buf->tail);
diff --git a/src/or/config.c b/src/or/config.c
index 39b85aa..2a7237d 100644
--- a/src/or/config.c
+++ b/src/or/config.c
@@ -858,9 +858,6 @@ add_default_trusted_dir_authorities(dirinfo_type_t type)
"194.109.206.212:80 7EA6 EAD6 FD83 083C 538F 4403 8BBF A077 587D D755",
"Tonga orport=443 bridge 82.94.251.203:80 "
"4A0C CD2D DC79 9508 3D73 F5D6 6710 0C8A 5831 F16D",
- "turtles orport=9090 "
- "v3ident=27B6B5996C426270A5C95488AA5BCEB6BCC86956 "
- "76.73.17.194:9030 F397 038A DC51 3361 35E7 B80B D99C A384 4360 292B",
"gabelmoo orport=443 "
"v3ident=ED03BB616EB2F60BEC80151114BB25CEF515B226 "
"131.188.40.189:80 F204 4413 DAC2 E02E 3D6B CF47 35A1 9BCA 1DE9 7281",
@@ -874,7 +871,10 @@ add_default_trusted_dir_authorities(dirinfo_type_t type)
"171.25.193.9:443 BD6A 8292 55CB 08E6 6FBE 7D37 4836 3586 E46B 3810",
"Faravahar orport=443 "
"v3ident=EFCBE720AB3A82B99F9E953CD5BF50F7EEFC7B97 "
- "154.35.32.5:80 CF6D 0AAF B385 BE71 B8E1 11FC 5CFF 4B47 9237 33BC",
+ "154.35.175.225:80 CF6D 0AAF B385 BE71 B8E1 11FC 5CFF 4B47 9237 33BC",
+ "longclaw orport=443 "
+ "v3ident=23D15D965BC35114467363C165C4F724B64B4F66 "
+ "199.254.238.52:80 74A9 1064 6BCE EFBC D2E8 74FC 1DC9 9743 0F96 8145",
NULL
};
for (i=0; authorities[i]; i++) {
diff --git a/src/or/control.c b/src/or/control.c
index 9378f38..2ff1cc8 100644
--- a/src/or/control.c
+++ b/src/or/control.c
@@ -1424,6 +1424,8 @@ getinfo_helper_misc(control_connection_t *conn, const char *question,
(void) conn;
if (!strcmp(question, "version")) {
*answer = tor_strdup(get_version());
+ } else if (!strcmp(question, "bw-event-cache")) {
+ *answer = get_bw_samples();
} else if (!strcmp(question, "config-file")) {
*answer = tor_strdup(get_torrc_fname(0));
} else if (!strcmp(question, "config-defaults-file")) {
@@ -2099,6 +2101,7 @@ typedef struct getinfo_item_t {
* to answer them. */
static const getinfo_item_t getinfo_items[] = {
ITEM("version", misc, "The current version of Tor."),
+ ITEM("bw-event-cache", misc, "Cached BW events for a short interval."),
ITEM("config-file", misc, "Current location of the \"torrc\" file."),
ITEM("config-defaults-file", misc, "Current location of the defaults file."),
ITEM("config-text", misc,
@@ -4133,11 +4136,29 @@ control_event_tb_empty(const char *bucket, uint32_t read_empty_time,
return 0;
}
+/* about 5 minutes worth. */
+#define N_BW_EVENTS_TO_CACHE 300
+/* Index into cached_bw_events to next write. */
+static int next_measurement_idx = 0;
+/* number of entries set in n_measurements */
+static int n_measurements = 0;
+static struct cached_bw_event_s {
+ uint32_t n_read;
+ uint32_t n_written;
+} cached_bw_events[N_BW_EVENTS_TO_CACHE];
+
/** A second or more has elapsed: tell any interested control
* connections how much bandwidth we used. */
int
control_event_bandwidth_used(uint32_t n_read, uint32_t n_written)
{
+ cached_bw_events[next_measurement_idx].n_read = n_read;
+ cached_bw_events[next_measurement_idx].n_written = n_written;
+ if (++next_measurement_idx == N_BW_EVENTS_TO_CACHE)
+ next_measurement_idx = 0;
+ if (n_measurements < N_BW_EVENTS_TO_CACHE)
+ ++n_measurements;
+
if (EVENT_IS_INTERESTING(EVENT_BANDWIDTH_USED)) {
send_control_event(EVENT_BANDWIDTH_USED, ALL_FORMATS,
"650 BW %lu %lu\r\n",
@@ -4148,6 +4169,38 @@ control_event_bandwidth_used(uint32_t n_read, uint32_t n_written)
return 0;
}
+STATIC char *
+get_bw_samples(void)
+{
+ int i;
+ int idx = (next_measurement_idx + N_BW_EVENTS_TO_CACHE - n_measurements)
+ % N_BW_EVENTS_TO_CACHE;
+ smartlist_t *elements = smartlist_new();
+ tor_assert(0 <= idx && idx < N_BW_EVENTS_TO_CACHE);
+
+ for (i = 0; i < n_measurements; ++i) {
+ tor_assert(0 <= idx && idx < N_BW_EVENTS_TO_CACHE);
+ {
+ const struct cached_bw_event_s *bwe = &cached_bw_events[idx];
+
+ smartlist_add_asprintf(elements, "%u,%u",
+ (unsigned)bwe->n_read,
+ (unsigned)bwe->n_written);
+
+ idx = (idx + 1) % N_BW_EVENTS_TO_CACHE;
+ }
+ }
+
+ {
+ char *result = smartlist_join_strings(elements, " ", 0, NULL);
+
+ SMARTLIST_FOREACH(elements, char *, cp, tor_free(cp));
+ smartlist_free(elements);
+
+ return result;
+ }
+}
+
/** Called when we are sending a log message to the controllers: suspend
* sending further log messages to the controllers until we're done. Used by
* CONN_LOG_PROTECT. */
diff --git a/src/or/control.h b/src/or/control.h
index 494f04b..8697262 100644
--- a/src/or/control.h
+++ b/src/or/control.h
@@ -201,6 +201,7 @@ void append_cell_stats_by_command(smartlist_t *event_parts,
const uint64_t *number_to_include);
void format_cell_stats(char **event_string, circuit_t *circ,
cell_stats_t *cell_stats);
+STATIC char *get_bw_samples(void);
#endif
#endif
diff --git a/src/or/directory.c b/src/or/directory.c
index 298271f..50863d0 100644
--- a/src/or/directory.c
+++ b/src/or/directory.c
@@ -2183,12 +2183,15 @@ connection_dir_reached_eof(dir_connection_t *conn)
*/
#define MAX_DIRECTORY_OBJECT_SIZE (10*(1<<20))
+#define MAX_VOTE_DL_SIZE (MAX_DIRECTORY_OBJECT_SIZE * 5)
+
/** Read handler for directory connections. (That's connections <em>to</em>
* directory servers and connections <em>at</em> directory servers.)
*/
int
connection_dir_process_inbuf(dir_connection_t *conn)
{
+ size_t max_size;
tor_assert(conn);
tor_assert(conn->base_.type == CONN_TYPE_DIR);
@@ -2207,7 +2210,11 @@ connection_dir_process_inbuf(dir_connection_t *conn)
return 0;
}
- if (connection_get_inbuf_len(TO_CONN(conn)) > MAX_DIRECTORY_OBJECT_SIZE) {
+ max_size =
+ (TO_CONN(conn)->purpose == DIR_PURPOSE_FETCH_STATUS_VOTE) ?
+ MAX_VOTE_DL_SIZE : MAX_DIRECTORY_OBJECT_SIZE;
+
+ if (connection_get_inbuf_len(TO_CONN(conn)) > max_size) {
log_warn(LD_HTTP, "Too much data received from directory connection: "
"denial of service attempt, or you need to upgrade?");
connection_mark_for_close(TO_CONN(conn));
diff --git a/src/or/dirserv.c b/src/or/dirserv.c
index 49fafaf..03b32cb 100644
--- a/src/or/dirserv.c
+++ b/src/or/dirserv.c
@@ -2487,7 +2487,7 @@ int
dirserv_read_measured_bandwidths(const char *from_file,
smartlist_t *routerstatuses)
{
- char line[256];
+ char line[512];
FILE *fp = tor_fopen_cloexec(from_file, "r");
int applied_lines = 0;
time_t file_time, now;
diff --git a/src/or/dns.c b/src/or/dns.c
index a9c4318..b55bf73 100644
--- a/src/or/dns.c
+++ b/src/or/dns.c
@@ -558,6 +558,8 @@ purge_expired_resolves(time_t now)
/* Connections should only be pending if they have no socket. */
tor_assert(!SOCKET_OK(pend->conn->base_.s));
pendconn = pend->conn;
+ /* Prevent double-remove */
+ pendconn->base_.state = EXIT_CONN_STATE_RESOLVEFAILED;
if (!pendconn->base_.marked_for_close) {
connection_edge_end(pendconn, END_STREAM_REASON_TIMEOUT);
circuit_detach_stream(circuit_get_by_edge_conn(pendconn), pendconn);
@@ -1133,7 +1135,9 @@ connection_dns_remove(edge_connection_t *conn)
return; /* more are pending */
}
}
- tor_assert(0); /* not reachable unless onlyconn not in pending list */
+ log_warn(LD_BUG, "Connection (fd "TOR_SOCKET_T_FORMAT") was not waiting "
+ "for a resolve of %s, but we tried to remove it.",
+ conn->base_.s, escaped_safe_str(conn->base_.address));
}
}
diff --git a/src/or/rephist.c b/src/or/rephist.c
index 72de54c..cedc56a 100644
--- a/src/or/rephist.c
+++ b/src/or/rephist.c
@@ -1131,9 +1131,7 @@ rep_hist_load_mtbf_data(time_t now)
* totals? */
#define NUM_SECS_ROLLING_MEASURE 10
/** How large are the intervals for which we track and report bandwidth use? */
-/* XXXX Watch out! Before Tor 0.2.2.21-alpha, using any other value here would
- * generate an unparseable state file. */
-#define NUM_SECS_BW_SUM_INTERVAL (15*60)
+#define NUM_SECS_BW_SUM_INTERVAL (4*60*60)
/** How far in the past do we remember and publish bandwidth use? */
#define NUM_SECS_BW_SUM_IS_VALID (24*60*60)
/** How many bandwidth usage intervals do we remember? (derived) */
diff --git a/src/test/test_relaycell.c b/src/test/test_relaycell.c
index 5deb362..9aff6ab 100644
--- a/src/test/test_relaycell.c
+++ b/src/test/test_relaycell.c
@@ -104,7 +104,7 @@ test_relaycell_resolved(void *arg)
tt_int_op(srm_answer_is_set, ==, 0); \
} \
tt_int_op(srm_ttl, ==, ttl); \
- tt_int_op(srm_expires, ==, expires); \
+ tt_i64_op((int64_t)srm_expires, ==, (int64_t)expires); \
} while (0)
(void)arg;
diff --git a/src/test/test_util.c b/src/test/test_util.c
index 151ec69..225fb79 100644
--- a/src/test/test_util.c
+++ b/src/test/test_util.c
@@ -3741,7 +3741,7 @@ test_util_max_mem(void *arg)
} else {
/* You do not have a petabyte. */
#if SIZEOF_SIZE_T == SIZEOF_UINT64_T
- tt_uint_op(memory1, <, (U64_LITERAL(1)<<50));
+ tt_u64_op(memory1, <, (U64_LITERAL(1)<<50));
#endif
}
diff --git a/src/win32/orconfig.h b/src/win32/orconfig.h
[cut]
--- End Message ---