Hello community, here is the log from the commit of package tor for openSUSE:Factory checked in at 2015-06-15 17:48:48 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/tor (Old) and /work/SRC/openSUSE:Factory/.tor.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "tor" Changes: -------- --- /work/SRC/openSUSE:Factory/tor/tor.changes 2015-05-24 19:34:07.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.tor.new/tor.changes 2015-06-15 17:48:52.000000000 +0200 @@ -1,0 +2,10 @@ +Thu Jun 11 18:55:44 UTC 2015 - astieger@suse.com + +- tor 0.2.6.9: + Clients using circuit isolation should upgrade; + all directory authorities should upgrade. + * fixes a regression in the circuit isolation code + * increases the requirements for receiving an HSDir flag + * addresses some small bugs in the systemd and sandbox code. + +------------------------------------------------------------------- Old: ---- tor-0.2.6.8.tar.gz tor-0.2.6.8.tar.gz.asc New: ---- tor-0.2.6.9.tar.gz tor-0.2.6.9.tar.gz.asc ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ tor.spec ++++++ --- /var/tmp/diff_new_pack.glQDau/_old 2015-06-15 17:48:53.000000000 +0200 +++ /var/tmp/diff_new_pack.glQDau/_new 2015-06-15 17:48:53.000000000 +0200 @@ -24,7 +24,7 @@ %define home_dir %{_localstatedir}/lib/empty %bcond_with bufferevents Name: tor -Version: 0.2.6.8 +Version: 0.2.6.9 Release: 0 Summary: Anonymizing overlay network for TCP (The onion router) License: BSD-3-Clause ++++++ tor-0.2.6.8.tar.gz -> tor-0.2.6.9.tar.gz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/tor-0.2.6.8/ChangeLog new/tor-0.2.6.9/ChangeLog --- old/tor-0.2.6.8/ChangeLog 2015-05-19 21:09:31.000000000 +0200 +++ new/tor-0.2.6.9/ChangeLog 2015-06-10 20:07:50.000000000 +0200 @@ -1,4 +1,43 @@ -Changes in version 0.2.6.8 - 2015-05-2? +Changes in version 0.2.6.9 - 2015-06-11 + Tor 0.2.6.9 fixes a regression in the circuit isolation code, increases the + requirements for receiving an HSDir flag, and addresses some other small + bugs in the systemd and sandbox code. Clients using circuit isolation + should upgrade; all directory authorities should upgrade. + + o Major bugfixes (client-side privacy): + - Properly separate out each SOCKSPort when applying stream + isolation. The error occurred because each port's session group was + being overwritten by a default value when the listener connection + was initialized. Fixes bug 16247; bugfix on 0.2.6.3-alpha. Patch + by "jojelino". + + o Minor feature (directory authorities, security): + - The HSDir flag given by authorities now requires the Stable flag. + For the current network, this results in going from 2887 to 2806 + HSDirs. Also, it makes it harder for an attacker to launch a sybil + attack by raising the effort for a relay to become Stable which + takes at the very least 7 days to do so and by keeping the 96 + hours uptime requirement for HSDir. Implements ticket 8243. + + o Minor bugfixes (compilation): + - Build with --enable-systemd correctly when libsystemd is + installed, but systemd is not. Fixes bug 16164; bugfix on + 0.2.6.3-alpha. Patch from Peter Palfrader. + + o Minor bugfixes (Linux seccomp2 sandbox): + - Fix sandboxing to work when running as a relaymby renaming of + secret_id_key, and allowing the eventfd2 and futex syscalls. Fixes + bug 16244; bugfix on 0.2.6.1-alpha. Patch by Peter Palfrader. + - Allow systemd connections to work with the Linux seccomp2 sandbox + code. Fixes bug 16212; bugfix on 0.2.6.2-alpha. Patch by + Peter Palfrader. + + o Minor bugfixes (tests): + - Fix a crash in the unit tests when built with MSVC2013. Fixes bug + 16030; bugfix on 0.2.6.2-alpha. Patch from "NewEraCracker". + + +Changes in version 0.2.6.8 - 2015-05-21 Tor 0.2.6.8 fixes a bit of dodgy code in parsing INTRODUCE2 cells, and fixes an authority-side bug in assigning the HSDir flag. All directory authorities should upgrade. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/tor-0.2.6.8/Makefile.in new/tor-0.2.6.9/Makefile.in --- old/tor-0.2.6.8/Makefile.in 2015-05-19 20:50:01.000000000 +0200 +++ new/tor-0.2.6.9/Makefile.in 2015-06-10 20:01:31.000000000 +0200 @@ -1003,6 +1003,8 @@ LDFLAGS = @LDFLAGS@ LIBOBJS = @LIBOBJS@ LIBS = @LIBS@ +LIBSYSTEMD209_CFLAGS = @LIBSYSTEMD209_CFLAGS@ +LIBSYSTEMD209_LIBS = @LIBSYSTEMD209_LIBS@ LOCALSTATEDIR = @LOCALSTATEDIR@ LOGFACILITY = @LOGFACILITY@ LTLIBOBJS = @LTLIBOBJS@ @@ -1028,8 +1030,6 @@ SHA1SUM = @SHA1SUM@ SHELL = @SHELL@ STRIP = @STRIP@ -SYSTEMD209_CFLAGS = @SYSTEMD209_CFLAGS@ -SYSTEMD209_LIBS = @SYSTEMD209_LIBS@ SYSTEMD_CFLAGS = @SYSTEMD_CFLAGS@ SYSTEMD_LIBS = @SYSTEMD_LIBS@ TORGROUP = @TORGROUP@ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/tor-0.2.6.8/ReleaseNotes new/tor-0.2.6.9/ReleaseNotes --- old/tor-0.2.6.8/ReleaseNotes 2015-05-19 21:09:31.000000000 +0200 +++ new/tor-0.2.6.9/ReleaseNotes 2015-06-10 20:07:56.000000000 +0200 @@ -3,6 +3,66 @@ of Tor. If you want to see more detailed descriptions of the changes in each development snapshot, see the ChangeLog file. +Changes in version 0.2.6.9 - 2015-06-11 + Tor 0.2.6.9 fixes a regression in the circuit isolation code, increases the + requirements for receiving an HSDir flag, and addresses some other small + bugs in the systemd and sandbox code. Clients using circuit isolation + should upgrade; all directory authorities should upgrade. + + o Major bugfixes (client-side privacy): + - Properly separate out each SOCKSPort when applying stream + isolation. The error occurred because each port's session group was + being overwritten by a default value when the listener connection + was initialized. Fixes bug 16247; bugfix on 0.2.6.3-alpha. Patch + by "jojelino". + + o Minor feature (directory authorities, security): + - The HSDir flag given by authorities now requires the Stable flag. + For the current network, this results in going from 2887 to 2806 + HSDirs. Also, it makes it harder for an attacker to launch a sybil + attack by raising the effort for a relay to become Stable which + takes at the very least 7 days to do so and by keeping the 96 + hours uptime requirement for HSDir. Implements ticket 8243. + + o Minor bugfixes (compilation): + - Build with --enable-systemd correctly when libsystemd is + installed, but systemd is not. Fixes bug 16164; bugfix on + 0.2.6.3-alpha. Patch from Peter Palfrader. + + o Minor bugfixes (Linux seccomp2 sandbox): + - Fix sandboxing to work when running as a relaymby renaming of + secret_id_key, and allowing the eventfd2 and futex syscalls. Fixes + bug 16244; bugfix on 0.2.6.1-alpha. Patch by Peter Palfrader. + - Allow systemd connections to work with the Linux seccomp2 sandbox + code. Fixes bug 16212; bugfix on 0.2.6.2-alpha. Patch by + Peter Palfrader. + + o Minor bugfixes (tests): + - Fix a crash in the unit tests when built with MSVC2013. Fixes bug + 16030; bugfix on 0.2.6.2-alpha. Patch from "NewEraCracker". + + +Changes in version 0.2.6.8 - 2015-05-21 + Tor 0.2.6.8 fixes a bit of dodgy code in parsing INTRODUCE2 cells, and + fixes an authority-side bug in assigning the HSDir flag. All directory + authorities should upgrade. + + o Major bugfixes (hidden services, backport from 0.2.7.1-alpha): + - Revert commit that made directory authorities assign the HSDir + flag to relay without a DirPort; this was bad because such relays + can't handle BEGIN_DIR cells. Fixes bug 15850; bugfix + on tor-0.2.6.3-alpha. + + o Minor bugfixes (hidden service, backport from 0.2.7.1-alpha): + - Fix an out-of-bounds read when parsing invalid INTRODUCE2 cells on + a client authorized hidden service. Fixes bug 15823; bugfix + on 0.2.1.6-alpha. + + o Minor features (geoip): + - Update geoip to the April 8 2015 Maxmind GeoLite2 Country database. + - Update geoip6 to the April 8 2015 Maxmind GeoLite2 + Country database. + Changes in version 0.2.6.7 - 2015-04-06 Tor 0.2.6.7 fixes two security issues that could be used by an diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/tor-0.2.6.8/configure new/tor-0.2.6.9/configure --- old/tor-0.2.6.8/configure 2015-05-19 20:50:00.000000000 +0200 +++ new/tor-0.2.6.9/configure 2015-06-10 20:01:31.000000000 +0200 @@ -1,6 +1,6 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.69 for tor 0.2.6.8. +# Generated by GNU Autoconf 2.69 for tor 0.2.6.9. # # # Copyright (C) 1992-1996, 1998-2012 Free Software Foundation, Inc. @@ -577,8 +577,8 @@ # Identity of this package. PACKAGE_NAME='tor' PACKAGE_TARNAME='tor' -PACKAGE_VERSION='0.2.6.8' -PACKAGE_STRING='tor 0.2.6.8' +PACKAGE_VERSION='0.2.6.9' +PACKAGE_STRING='tor 0.2.6.9' PACKAGE_BUGREPORT='' PACKAGE_URL='' @@ -703,8 +703,8 @@ AR TOR_SYSTEMD_LIBS TOR_SYSTEMD_CFLAGS -SYSTEMD209_LIBS -SYSTEMD209_CFLAGS +LIBSYSTEMD209_LIBS +LIBSYSTEMD209_CFLAGS SYSTEMD_LIBS SYSTEMD_CFLAGS USE_OPENBSD_MALLOC_FALSE @@ -840,8 +840,8 @@ PKG_CONFIG_LIBDIR SYSTEMD_CFLAGS SYSTEMD_LIBS -SYSTEMD209_CFLAGS -SYSTEMD209_LIBS +LIBSYSTEMD209_CFLAGS +LIBSYSTEMD209_LIBS CC CFLAGS LDFLAGS @@ -1389,7 +1389,7 @@ # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures tor 0.2.6.8 to adapt to many kinds of systems. +\`configure' configures tor 0.2.6.9 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1459,7 +1459,7 @@ if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of tor 0.2.6.8:";; + short | recursive ) echo "Configuration of tor 0.2.6.9:";; esac cat <<\_ACEOF @@ -1539,10 +1539,10 @@ C compiler flags for SYSTEMD, overriding pkg-config SYSTEMD_LIBS linker flags for SYSTEMD, overriding pkg-config - SYSTEMD209_CFLAGS - C compiler flags for SYSTEMD209, overriding pkg-config - SYSTEMD209_LIBS - linker flags for SYSTEMD209, overriding pkg-config + LIBSYSTEMD209_CFLAGS + C compiler flags for LIBSYSTEMD209, overriding pkg-config + LIBSYSTEMD209_LIBS + linker flags for LIBSYSTEMD209, overriding pkg-config CC C compiler command CFLAGS C compiler flags LDFLAGS linker flags, e.g. -L<lib dir> if you have libraries in a @@ -1619,7 +1619,7 @@ test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -tor configure 0.2.6.8 +tor configure 0.2.6.9 generated by GNU Autoconf 2.69 Copyright (C) 2012 Free Software Foundation, Inc. @@ -2324,7 +2324,7 @@ This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by tor $as_me 0.2.6.8, which was +It was created by tor $as_me 0.2.6.9, which was generated by GNU Autoconf 2.69. Invocation command line was $ $0 $@ @@ -3189,7 +3189,7 @@ # Define the identity of the package. PACKAGE='tor' - VERSION='0.2.6.8' + VERSION='0.2.6.9' cat >>confdefs.h <<_ACEOF @@ -3842,19 +3842,19 @@ TOR_SYSTEMD_LIBS="${SYSTEMD_LIBS}" pkg_failed=no -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for SYSTEMD209" >&5 -$as_echo_n "checking for SYSTEMD209... " >&6; } +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for LIBSYSTEMD209" >&5 +$as_echo_n "checking for LIBSYSTEMD209... " >&6; } -if test -n "$SYSTEMD209_CFLAGS"; then - pkg_cv_SYSTEMD209_CFLAGS="$SYSTEMD209_CFLAGS" +if test -n "$LIBSYSTEMD209_CFLAGS"; then + pkg_cv_LIBSYSTEMD209_CFLAGS="$LIBSYSTEMD209_CFLAGS" elif test -n "$PKG_CONFIG"; then if test -n "$PKG_CONFIG" && \ - { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"systemd >= 209\""; } >&5 - ($PKG_CONFIG --exists --print-errors "systemd >= 209") 2>&5 + { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"libsystemd >= 209\""; } >&5 + ($PKG_CONFIG --exists --print-errors "libsystemd >= 209") 2>&5 ac_status=$? $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; }; then - pkg_cv_SYSTEMD209_CFLAGS=`$PKG_CONFIG --cflags "systemd >= 209" 2>/dev/null` + pkg_cv_LIBSYSTEMD209_CFLAGS=`$PKG_CONFIG --cflags "libsystemd >= 209" 2>/dev/null` test "x$?" != "x0" && pkg_failed=yes else pkg_failed=yes @@ -3862,16 +3862,16 @@ else pkg_failed=untried fi -if test -n "$SYSTEMD209_LIBS"; then - pkg_cv_SYSTEMD209_LIBS="$SYSTEMD209_LIBS" +if test -n "$LIBSYSTEMD209_LIBS"; then + pkg_cv_LIBSYSTEMD209_LIBS="$LIBSYSTEMD209_LIBS" elif test -n "$PKG_CONFIG"; then if test -n "$PKG_CONFIG" && \ - { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"systemd >= 209\""; } >&5 - ($PKG_CONFIG --exists --print-errors "systemd >= 209") 2>&5 + { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"libsystemd >= 209\""; } >&5 + ($PKG_CONFIG --exists --print-errors "libsystemd >= 209") 2>&5 ac_status=$? $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; }; then - pkg_cv_SYSTEMD209_LIBS=`$PKG_CONFIG --libs "systemd >= 209" 2>/dev/null` + pkg_cv_LIBSYSTEMD209_LIBS=`$PKG_CONFIG --libs "libsystemd >= 209" 2>/dev/null` test "x$?" != "x0" && pkg_failed=yes else pkg_failed=yes @@ -3892,22 +3892,22 @@ _pkg_short_errors_supported=no fi if test $_pkg_short_errors_supported = yes; then - SYSTEMD209_PKG_ERRORS=`$PKG_CONFIG --short-errors --print-errors --cflags --libs "systemd >= 209" 2>&1` + LIBSYSTEMD209_PKG_ERRORS=`$PKG_CONFIG --short-errors --print-errors --cflags --libs "libsystemd >= 209" 2>&1` else - SYSTEMD209_PKG_ERRORS=`$PKG_CONFIG --print-errors --cflags --libs "systemd >= 209" 2>&1` + LIBSYSTEMD209_PKG_ERRORS=`$PKG_CONFIG --print-errors --cflags --libs "libsystemd >= 209" 2>&1` fi # Put the nasty error message in config.log where it belongs - echo "$SYSTEMD209_PKG_ERRORS" >&5 + echo "$LIBSYSTEMD209_PKG_ERRORS" >&5 - as_fn_error $? "Package requirements (systemd >= 209) were not met: + as_fn_error $? "Package requirements (libsystemd >= 209) were not met: -$SYSTEMD209_PKG_ERRORS +$LIBSYSTEMD209_PKG_ERRORS Consider adjusting the PKG_CONFIG_PATH environment variable if you installed software in a non-standard prefix. -Alternatively, you may set the environment variables SYSTEMD209_CFLAGS -and SYSTEMD209_LIBS to avoid the need to call pkg-config. +Alternatively, you may set the environment variables LIBSYSTEMD209_CFLAGS +and LIBSYSTEMD209_LIBS to avoid the need to call pkg-config. See the pkg-config man page for more details." "$LINENO" 5 elif test $pkg_failed = untried; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 @@ -3918,15 +3918,15 @@ is in your PATH or set the PKG_CONFIG environment variable to the full path to pkg-config. -Alternatively, you may set the environment variables SYSTEMD209_CFLAGS -and SYSTEMD209_LIBS to avoid the need to call pkg-config. +Alternatively, you may set the environment variables LIBSYSTEMD209_CFLAGS +and LIBSYSTEMD209_LIBS to avoid the need to call pkg-config. See the pkg-config man page for more details. To get pkg-config, see http://pkg-config.freedesktop.org/. See \`config.log' for more details" "$LINENO" 5; } else - SYSTEMD209_CFLAGS=$pkg_cv_SYSTEMD209_CFLAGS - SYSTEMD209_LIBS=$pkg_cv_SYSTEMD209_LIBS + LIBSYSTEMD209_CFLAGS=$pkg_cv_LIBSYSTEMD209_CFLAGS + LIBSYSTEMD209_LIBS=$pkg_cv_LIBSYSTEMD209_LIBS { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } @@ -13966,7 +13966,7 @@ # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by tor $as_me 0.2.6.8, which was +This file was extended by tor $as_me 0.2.6.9, which was generated by GNU Autoconf 2.69. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -14032,7 +14032,7 @@ cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" ac_cs_version="\\ -tor config.status 0.2.6.8 +tor config.status 0.2.6.9 configured by $0, generated by GNU Autoconf 2.69, with options \\"\$ac_cs_config\\" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/tor-0.2.6.8/configure.ac new/tor-0.2.6.9/configure.ac --- old/tor-0.2.6.8/configure.ac 2015-05-19 20:49:01.000000000 +0200 +++ new/tor-0.2.6.9/configure.ac 2015-06-10 17:01:31.000000000 +0200 @@ -3,7 +3,7 @@ dnl Copyright (c) 2007-2015, The Tor Project, Inc. dnl See LICENSE for licensing information -AC_INIT([tor],[0.2.6.8]) +AC_INIT([tor],[0.2.6.9]) AC_CONFIG_SRCDIR([src/or/main.c]) AC_CONFIG_MACRO_DIR([m4]) AM_INIT_AUTOMAKE @@ -131,7 +131,7 @@ AC_DEFINE(HAVE_SYSTEMD,1,[Have systemd]) TOR_SYSTEMD_CFLAGS="${SYSTEMD_CFLAGS}" TOR_SYSTEMD_LIBS="${SYSTEMD_LIBS}" - PKG_CHECK_MODULES(SYSTEMD209, [systemd >= 209], + PKG_CHECK_MODULES(LIBSYSTEMD209, [libsystemd >= 209], [AC_DEFINE(HAVE_SYSTEMD_209,1,[Have systemd v209 or more])], []) fi AC_SUBST(TOR_SYSTEMD_CFLAGS) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/tor-0.2.6.8/contrib/win32build/tor-mingw.nsi.in new/tor-0.2.6.9/contrib/win32build/tor-mingw.nsi.in --- old/tor-0.2.6.8/contrib/win32build/tor-mingw.nsi.in 2015-05-19 20:49:50.000000000 +0200 +++ new/tor-0.2.6.9/contrib/win32build/tor-mingw.nsi.in 2015-06-10 17:01:31.000000000 +0200 @@ -8,7 +8,7 @@ !include "LogicLib.nsh" !include "FileFunc.nsh" !insertmacro GetParameters -!define VERSION "0.2.6.8" +!define VERSION "0.2.6.9" !define INSTALLER "tor-${VERSION}-win32.exe" !define WEBSITE "https://www.torproject.org/" !define LICENSE "LICENSE" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/tor-0.2.6.8/micro-revision.i new/tor-0.2.6.9/micro-revision.i --- old/tor-0.2.6.8/micro-revision.i 2015-05-19 21:09:43.000000000 +0200 +++ new/tor-0.2.6.9/micro-revision.i 2015-06-11 18:47:02.000000000 +0200 @@ -1 +1 @@ -"5c8440b13bde6c88" +"d41ab97294ec69c7" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/tor-0.2.6.8/src/common/sandbox.c new/tor-0.2.6.9/src/common/sandbox.c --- old/tor-0.2.6.8/src/common/sandbox.c 2015-03-10 15:26:37.000000000 +0100 +++ new/tor-0.2.6.9/src/common/sandbox.c 2015-06-08 16:42:25.000000000 +0200 @@ -129,11 +129,13 @@ SCMP_SYS(clone), SCMP_SYS(epoll_create), SCMP_SYS(epoll_wait), + SCMP_SYS(eventfd2), SCMP_SYS(fcntl), SCMP_SYS(fstat), #ifdef __NR_fstat64 SCMP_SYS(fstat64), #endif + SCMP_SYS(futex), SCMP_SYS(getdents64), SCMP_SYS(getegid), #ifdef __NR_getegid32 @@ -170,6 +172,7 @@ SCMP_SYS(read), SCMP_SYS(rt_sigreturn), SCMP_SYS(sched_getaffinity), + SCMP_SYS(sendmsg), SCMP_SYS(set_robust_list), #ifdef __NR_sigreturn SCMP_SYS(sigreturn), @@ -547,6 +550,15 @@ SCMP_CMP(0, SCMP_CMP_EQ, PF_UNIX), SCMP_CMP_MASKED(1, SOCK_CLOEXEC|SOCK_NONBLOCK, SOCK_STREAM), SCMP_CMP(2, SCMP_CMP_EQ, 0)); + if (rc) + return rc; + + rc = seccomp_rule_add_3(ctx, SCMP_ACT_ALLOW, SCMP_SYS(socket), + SCMP_CMP(0, SCMP_CMP_EQ, PF_UNIX), + SCMP_CMP_MASKED(1, SOCK_CLOEXEC|SOCK_NONBLOCK, SOCK_DGRAM), + SCMP_CMP(2, SCMP_CMP_EQ, 0)); + if (rc) + return rc; rc = seccomp_rule_add_3(ctx, SCMP_ACT_ALLOW, SCMP_SYS(socket), SCMP_CMP(0, SCMP_CMP_EQ, PF_NETLINK), diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/tor-0.2.6.8/src/or/connection.c new/tor-0.2.6.9/src/or/connection.c --- old/tor-0.2.6.8/src/or/connection.c 2015-03-11 18:32:49.000000000 +0100 +++ new/tor-0.2.6.9/src/or/connection.c 2015-06-08 16:42:25.000000000 +0200 @@ -1284,6 +1284,8 @@ conn->port = gotPort; tor_addr_copy(&conn->addr, &addr); + memcpy(&lis_conn->entry_cfg, &port_cfg->entry_cfg, sizeof(entry_port_cfg_t)); + if (port_cfg->entry_cfg.isolation_flags) { lis_conn->entry_cfg.isolation_flags = port_cfg->entry_cfg.isolation_flags; if (port_cfg->entry_cfg.session_group >= 0) { @@ -1299,8 +1301,6 @@ } } - memcpy(&lis_conn->entry_cfg, &port_cfg->entry_cfg, sizeof(entry_port_cfg_t)); - if (type != CONN_TYPE_AP_LISTENER) { lis_conn->entry_cfg.ipv4_traffic = 1; lis_conn->entry_cfg.ipv6_traffic = 1; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/tor-0.2.6.8/src/or/dirserv.c new/tor-0.2.6.9/src/or/dirserv.c --- old/tor-0.2.6.8/src/or/dirserv.c 2015-05-13 17:05:05.000000000 +0200 +++ new/tor-0.2.6.9/src/or/dirserv.c 2015-06-08 16:42:25.000000000 +0200 @@ -1278,8 +1278,9 @@ } /** Return true iff <b>router</b> should be assigned the "HSDir" flag. - * Right now this means it advertises support for it, it has a high - * uptime, it has a DirPort open, and it's currently considered Running. + * Right now this means it advertises support for it, it has a high uptime, + * it has a DirPort open, it has the Stable flag and it's currently + * considered Running. * * This function needs to be called after router-\>is_running has * been set. @@ -1306,6 +1307,7 @@ uptime = real_uptime(router, now); return (router->wants_to_be_hs_dir && router->dir_port && + node->is_stable && uptime >= get_options()->MinUptimeHidServDirectoryV2 && router_is_active(router, node, now)); } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/tor-0.2.6.8/src/or/main.c new/tor-0.2.6.9/src/or/main.c --- old/tor-0.2.6.8/src/or/main.c 2015-05-19 20:38:48.000000000 +0200 +++ new/tor-0.2.6.9/src/or/main.c 2015-06-08 16:42:25.000000000 +0200 @@ -2984,7 +2984,7 @@ // orport if (server_mode(get_options())) { - OPEN_DATADIR2_SUFFIX("keys", "secret_id_key", "tmp"); + OPEN_DATADIR2_SUFFIX("keys", "secret_id_key", ".tmp"); OPEN_DATADIR2_SUFFIX("keys", "secret_onion_key", ".tmp"); OPEN_DATADIR2_SUFFIX("keys", "secret_onion_key_ntor", ".tmp"); OPEN_DATADIR2("keys", "secret_id_key.old"); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/tor-0.2.6.8/src/or/or_sha1.i new/tor-0.2.6.9/src/or/or_sha1.i --- old/tor-0.2.6.8/src/or/or_sha1.i 2015-05-19 20:42:17.000000000 +0200 +++ new/tor-0.2.6.9/src/or/or_sha1.i 2015-06-10 20:02:08.000000000 +0200 @@ -13,13 +13,13 @@ "ce051b980881a187d1f3ec523af7bcbe05d47493 src/or/command.c\n" "a62c99c09b6422963a476a081b99302bef9ee3fd src/or/config.c\n" "e647847e7ff8ae6ab5d4265231db84850681e27e src/or/confparse.c\n" -"398ed9822fe86794639b59873843d4551450741e src/or/connection.c\n" +"62d82a06567878a3bb13cf437fe2b481a7d72a07 src/or/connection.c\n" "33beb636c1e426dd26dcfdf5e1ba8079f851ad4b src/or/connection_edge.c\n" "2fc1742f4221783eafec251ab298c1c87d78cfea src/or/connection_or.c\n" "8fbce30454f2ee687f440fd9db7fff65adf367db src/or/control.c\n" "dd2db709c1801c11a348cb93584b624b73aa750b src/or/cpuworker.c\n" "f8cc680e279b722260ff14352efdaa24972c28f0 src/or/directory.c\n" -"e542e403f87ef89256aca29270395da7773763d0 src/or/dirserv.c\n" +"ffd24c5414db06298f02e2b74cb696de164c2556 src/or/dirserv.c\n" "f1c12f6a0006e7f77c18086ad379a4edd812be5b src/or/dirvote.c\n" "091b986c7423e617a91dd10679a25c753f99349e src/or/dns.c\n" "5812ff84687416f820420d3f8a52b9600cdb4116 src/or/dnsserv.c\n" @@ -28,7 +28,7 @@ "0f0b0b06d2a799c1609372092b135469c1c4584b src/or/entrynodes.c\n" "dd355eff16288001961d64202ccd1a4b658d3254 src/or/ext_orport.c\n" "4c6eebb08027a653aaa9852032c526bf4286ae5d src/or/hibernate.c\n" -"08be8f5dae4fbf22e0889ba9f1f9f4c97733538c src/or/main.c\n" +"6ada05b653918164436987350636d4e42a04d3fa src/or/main.c\n" "62077776bbb3053cd6dc78f154d95886d081e827 src/or/microdesc.c\n" "0155eed1e65f2ab6b31d590688c583223a9ffd01 src/or/networkstatus.c\n" "7404e661b28a8cfd4c9acbc9b0b95272b0fb4317 src/or/nodelist.c\n" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/tor-0.2.6.8/src/test/test_channel.c new/tor-0.2.6.9/src/test/test_channel.c --- old/tor-0.2.6.8/src/test/test_channel.c 2015-03-10 15:26:37.000000000 +0100 +++ new/tor-0.2.6.9/src/test/test_channel.c 2015-06-08 16:42:25.000000000 +0200 @@ -420,6 +420,7 @@ chan->close = chan_test_close; chan->get_overhead_estimate = chan_test_get_overhead_estimate; + chan->get_remote_descr = chan_test_get_remote_descr; chan->num_bytes_queued = chan_test_num_bytes_queued; chan->num_cells_writeable = chan_test_num_cells_writeable; chan->write_cell = chan_test_write_cell; @@ -615,7 +616,6 @@ /* Test channel_dump_statistics */ ch->describe_transport = chan_test_describe_transport; ch->dumpstats = chan_test_dumpstats; - ch->get_remote_descr = chan_test_get_remote_descr; ch->is_canonical = chan_test_is_canonical; old_count = test_dumpstats_calls; channel_dump_statistics(ch, LOG_DEBUG); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/tor-0.2.6.8/src/win32/orconfig.h new/tor-0.2.6.9/src/win32/orconfig.h --- old/tor-0.2.6.8/src/win32/orconfig.h 2015-05-19 21:09:31.000000000 +0200 +++ new/tor-0.2.6.9/src/win32/orconfig.h 2015-06-10 17:01:31.000000000 +0200 @@ -232,7 +232,7 @@ #define USING_TWOS_COMPLEMENT /* Version number of package */ -#define VERSION "0.2.6.8" +#define VERSION "0.2.6.9" #define HAVE_STRUCT_SOCKADDR_IN6