[tor-commits] [doctor/master] Dynamically get package versions from the wiki

[atagar]

commit d7c1caadb5af4431ad8bafb54bbb1fb716b88a68
Author: Damian Johnson 
Date:   Sun Feb 11 19:15:45 2018 -0800

Dynamically get package versions from the wiki

The biggest time sync for me to keep this wiki up to date is bumping 
versions
in this DocTor script. It's brittle, but instead having this script get the
current versions on the wiki first so all I need to do to update is fix the
wiki.
---
 package_versions.py | 161 +++-
 1 file changed, 121 insertions(+), 40 deletions(-)

diff --git a/package_versions.py b/package_versions.py
index 6c6e3f6..aa10bad 100755
--- a/package_versions.py
+++ b/package_versions.py
@@ -26,57 +26,58 @@ NETBSD_VERSION = 'CURRENT, Version: ([0-9\.]+),'
 
 COLUMN = '| %-10s | %-10s | %-10s | %-50s |'
 DIV = '+%s+%s+%s+%s+' % ('-' * 12, '-' * 12, '-' * 12, '-' * 52)
+TRAC_URL = 'https://trac.torproject.org/projects/tor/wiki/doc/packages'
 
-Package = collections.namedtuple('Package', ['platform', 'url', 'version', 
'regex'])
+Package = collections.namedtuple('Package', ['platform', 'url', 'regex'])
 
 PACKAGES = [
   ('tor', [
-Package('mac', 
'https://raw.githubusercontent.com/Homebrew/homebrew-core/master/Formula/tor.rb',
 '0.3.2.9', 'tor-([0-9\.]+).tar.gz'),
-Package('debian', 'https://packages.debian.org/sid/tor', '0.3.2.9', 
DEBIAN_VERSION),
-Package('fedora', 'https://apps.fedoraproject.org/packages/tor', 
'0.3.2.9', FEDORA_VERSION),
-Package('gentoo', 'https://packages.gentoo.org/packages/net-vpn/tor', 
'0.3.2.9', None),
-Package('archlinux', 
'https://www.archlinux.org/packages/community/x86_64/tor/', '0.3.2.9', 
ARCH_LINUX_VERSION),
-Package('slackware', 
'https://slackbuilds.org/repository/14.2/network/tor/', '0.3.2.9', 
'tor-([0-9\.]+).tar.gz'),
-Package('freebsd', 'https://www.freshports.org/security/tor/', '0.3.2.9', 
FREEBSD_VERSION),
-Package('openbsd', 
'https://cvsweb.openbsd.org/cgi-bin/cvsweb/ports/net/tor/Makefile?rev=HEAD=text/x-cvsweb-markup',
 '0.3.2.9', OPENBSD_DIST_VERSION),
-Package('netbsd', 'http://pkgsrc.se/net/tor', '0.3.2.9', NETBSD_VERSION),
+Package('mac', 
'https://raw.githubusercontent.com/Homebrew/homebrew-core/master/Formula/tor.rb',
 'tor-([0-9\.]+).tar.gz'),
+Package('debian', 'https://packages.debian.org/sid/tor', DEBIAN_VERSION),
+Package('fedora', 'https://apps.fedoraproject.org/packages/tor', 
FEDORA_VERSION),
+Package('gentoo', 'https://packages.gentoo.org/packages/net-vpn/tor', 
None),
+Package('archlinux', 
'https://www.archlinux.org/packages/community/x86_64/tor/', ARCH_LINUX_VERSION),
+Package('slackware', 
'https://slackbuilds.org/repository/14.2/network/tor/', 
'tor-([0-9\.]+).tar.gz'),
+Package('freebsd', 'https://www.freshports.org/security/tor/', 
FREEBSD_VERSION),
+Package('openbsd', 
'https://cvsweb.openbsd.org/cgi-bin/cvsweb/ports/net/tor/Makefile?rev=HEAD=text/x-cvsweb-markup',
 OPENBSD_DIST_VERSION),
+Package('netbsd', 'http://pkgsrc.se/net/tor', NETBSD_VERSION),
   ]),
   ('nyx', [
-Package('gentoo', 'https://packages.gentoo.org/packages/net-misc/nyx', 
'2.0.4', None),
-Package('archlinux', 'https://aur.archlinux.org/packages/nyx/', '2.0.4', 
AUR_VERSION),
-Package('slackware', 
'https://slackbuilds.org/repository/14.2/python/nyx/', '2.0.4', 
'nyx-([0-9\.]+).tar.gz'),
-Package('freebsd', 'https://www.freshports.org/security/nyx/', '2.0.4', 
FREEBSD_VERSION),
-Package('openbsd', 
'https://cvsweb.openbsd.org/cgi-bin/cvsweb/ports/net/nyx/Makefile?rev=HEAD=text/x-cvsweb-markup',
 '2.0.4', OPENBSD_EGG_VERSION),
+Package('gentoo', 'https://packages.gentoo.org/packages/net-misc/nyx', 
None),
+Package('archlinux', 'https://aur.archlinux.org/packages/nyx/', 
AUR_VERSION),
+Package('slackware', 
'https://slackbuilds.org/repository/14.2/python/nyx/', 'nyx-([0-9\.]+).tar.gz'),
+Package('freebsd', 'https://www.freshports.org/security/nyx/', 
FREEBSD_VERSION),
+Package('openbsd', 
'https://cvsweb.openbsd.org/cgi-bin/cvsweb/ports/net/nyx/Makefile?rev=HEAD=text/x-cvsweb-markup',
 OPENBSD_EGG_VERSION),
   ]),
   ('stem', [
-Package('debian', 'https://packages.debian.org/sid/python-stem', '1.6.0', 
DEBIAN_VERSION),
-Package('fedora', 'https://apps.fedoraproject.org/packages/python-stem', 
'1.6.0', FEDORA_VERSION),
-Package('gentoo', 'https://packages.gentoo.org/packages/net-libs/stem', 
'1.6.0', None),
-Package('archlinux', 'https://aur.archlinux.org/packages/stem/', '1.6.0', 
AUR_VERSION),
-Package('slackware', 
'https://slackbuilds.org/repository/14.2/python/stem/', '1.6.0', 
'stem-([0-9\.]+).tar.gz'),
-Package('freebsd', 'https://www.freshports.org/security/py-stem/', 
'1.6.0', FREEBSD_VERSION),
-Package('openbsd', 
'https://cvsweb.openbsd.org/cgi-bin/cvsweb/ports/net/py-stem/Makefile?rev=HEAD=text/x-cvsweb-markup',
 '1.6.0', OPENBSD_EGG_VERSION),
+Package('debian', 

[tor-commits] [doctor/master] Track txtorcon's archlinux version

[atagar]

commit 33df762f055c718d3604061bc30986b2731ae76c
Author: Damian Johnson 
Date:   Sun Feb 11 19:22:32 2018 -0800

Track txtorcon's archlinux version
---
 package_versions.py | 1 +
 1 file changed, 1 insertion(+)

diff --git a/package_versions.py b/package_versions.py
index aa10bad..03282fb 100755
--- a/package_versions.py
+++ b/package_versions.py
@@ -61,6 +61,7 @@ PACKAGES = [
   ('txtorcon', [
 Package('debian', 'https://packages.debian.org/sid/python-txtorcon', 
DEBIAN_VERSION),
 Package('gentoo', 
'https://packages.gentoo.org/packages/dev-python/txtorcon', None),
+Package('archlinux', 
'https://aur.archlinux.org/packages/python-txtorcon/', AUR_VERSION),
 Package('slackware', 
'https://slackbuilds.org/repository/14.2/python/txtorcon/', 
'txtorcon-([0-9\.]+).tar.gz'),
 Package('freebsd', 'https://www.freshports.org/security/py-txtorcon/', 
FREEBSD_VERSION),
   ]),

___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [doctor/master] Move curling to a helper

[atagar]

commit 22080b3f4b08f05c2c6e2fa841c259620ed66d72
Author: Damian Johnson 
Date:   Sun Feb 11 18:23:35 2018 -0800

Move curling to a helper

No reason to bundle retries and such in the main function.
---
 package_versions.py | 36 +---
 1 file changed, 21 insertions(+), 15 deletions(-)

diff --git a/package_versions.py b/package_versions.py
index 9d56659..6c6e3f6 100755
--- a/package_versions.py
+++ b/package_versions.py
@@ -83,6 +83,17 @@ PACKAGES = [
 log = util.get_logger('package_versions')
 
 
+def fetch_url(url):
+  for i in range(3):
+try:
+  return urllib2.urlopen(url, timeout = 5).read()
+except Exception as exc:
+  if i < 2:
+time.sleep(2 ** i)
+  else:
+raise IOError(str(exc))
+
+
 def gentoo_version(request):
   # Unlike other platforms gentoo lists all package versions, so we
   # need to figure out what's the latest.
@@ -113,19 +124,9 @@ def email_content():
 lines.append(DIV)
 
 for package in packages:
-  request, request_exc = None, None
-
-  for i in range(3):
-try:
-  request = urllib2.urlopen(package.url, timeout = 5).read()
-  break
-except Exception as exc:
-  request_exc = exc  # note exception and retry
+  try:
+request = fetch_url(package.url)
 
-  if i != 2:
-time.sleep(2 ** i)
-
-  if request:
 if package.platform == 'gentoo':
   current_version = gentoo_version(request)
 else:
@@ -140,9 +141,14 @@ def email_content():
 else:
   msg = 'current version is %s but wiki has %s' % (current_version, 
package.version)
   has_issue = True
-  else:
-msg = 'unable to retrieve current version: %s' % request_exc
-has_issue = True
+  except IOError as exc:
+msg = 'unable to retrieve current version: %s' % exc
+
+# Gentoo's site fails pretty routinely. No need to generate notices for
+# it.
+
+if package.platform == 'gentoo':
+  has_issue = True
 
   lines.append(COLUMN % (project, package.platform, package.version, msg))
 



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [translation/tails-openpgp-applet_completed] Update translations for tails-openpgp-applet_completed

[translation]

commit e4afc4d140c18a19b5c82361b219134c16d77889
Author: Translation commit bot 
Date:   Mon Feb 12 02:19:45 2018 +

Update translations for tails-openpgp-applet_completed
---
 de/openpgp-applet.pot | 2 +-
 es/openpgp-applet.pot | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/de/openpgp-applet.pot b/de/openpgp-applet.pot
index 0908afd25..1db83ef29 100644
--- a/de/openpgp-applet.pot
+++ b/de/openpgp-applet.pot
@@ -10,7 +10,7 @@ msgstr ""
 "Project-Id-Version: The Tor Project\n"
 "Report-Msgid-Bugs-To: ta...@boum.org\n"
 "POT-Creation-Date: 2017-08-05 15:07-0400\n"
-"PO-Revision-Date: 2017-09-22 17:51+\n"
+"PO-Revision-Date: 2018-02-12 01:57+\n"
 "Last-Translator: spriver \n"
 "Language-Team: German 
(http://www.transifex.com/otf/torproject/language/de/)\n"
 "MIME-Version: 1.0\n"
diff --git a/es/openpgp-applet.pot b/es/openpgp-applet.pot
index ff72d81ab..d48ce11b8 100644
--- a/es/openpgp-applet.pot
+++ b/es/openpgp-applet.pot
@@ -10,7 +10,7 @@ msgstr ""
 "Project-Id-Version: The Tor Project\n"
 "Report-Msgid-Bugs-To: ta...@boum.org\n"
 "POT-Creation-Date: 2017-08-05 15:07-0400\n"
-"PO-Revision-Date: 2018-01-31 23:29+\n"
+"PO-Revision-Date: 2018-02-12 02:02+\n"
 "Last-Translator: Emma Peel\n"
 "Language-Team: Spanish 
(http://www.transifex.com/otf/torproject/language/es/)\n"
 "MIME-Version: 1.0\n"

___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [translation/tails-openpgp-applet] Update translations for tails-openpgp-applet

[translation]

commit a9e604acf36bcae475b6cf0c6c9de37a2c1a19f3
Author: Translation commit bot 
Date:   Mon Feb 12 02:19:38 2018 +

Update translations for tails-openpgp-applet
---
 de/openpgp-applet.pot | 2 +-
 es/openpgp-applet.pot | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/de/openpgp-applet.pot b/de/openpgp-applet.pot
index 0908afd25..1db83ef29 100644
--- a/de/openpgp-applet.pot
+++ b/de/openpgp-applet.pot
@@ -10,7 +10,7 @@ msgstr ""
 "Project-Id-Version: The Tor Project\n"
 "Report-Msgid-Bugs-To: ta...@boum.org\n"
 "POT-Creation-Date: 2017-08-05 15:07-0400\n"
-"PO-Revision-Date: 2017-09-22 17:51+\n"
+"PO-Revision-Date: 2018-02-12 01:57+\n"
 "Last-Translator: spriver \n"
 "Language-Team: German 
(http://www.transifex.com/otf/torproject/language/de/)\n"
 "MIME-Version: 1.0\n"
diff --git a/es/openpgp-applet.pot b/es/openpgp-applet.pot
index ff72d81ab..d48ce11b8 100644
--- a/es/openpgp-applet.pot
+++ b/es/openpgp-applet.pot
@@ -10,7 +10,7 @@ msgstr ""
 "Project-Id-Version: The Tor Project\n"
 "Report-Msgid-Bugs-To: ta...@boum.org\n"
 "POT-Creation-Date: 2017-08-05 15:07-0400\n"
-"PO-Revision-Date: 2018-01-31 23:29+\n"
+"PO-Revision-Date: 2018-02-12 02:02+\n"
 "Last-Translator: Emma Peel\n"
 "Language-Team: Spanish 
(http://www.transifex.com/otf/torproject/language/es/)\n"
 "MIME-Version: 1.0\n"

___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/release-0.3.2] Merge remote-tracking branch 'public/bug24198_029' into maint-0.2.9

[nickm]

commit 84c13336c410ac218c70d6ce2ce6216f9b24e796
Merge: 848ba26c1 7461cd306
Author: Nick Mathewson 
Date:   Sun Feb 11 18:10:59 2018 -0500

Merge remote-tracking branch 'public/bug24198_029' into maint-0.2.9

 changes/bug24198 |  4 
 src/common/sandbox.c | 16 +++-
 2 files changed, 19 insertions(+), 1 deletion(-)




___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/release-0.3.2] Merge branch 'maint-0.3.2' into release-0.3.2

[nickm]

commit 1a877693da774acea626acb4349a80010b058563
Merge: 2a24ce965 98fc8cd93
Author: Nick Mathewson 
Date:   Sun Feb 11 18:11:04 2018 -0500

Merge branch 'maint-0.3.2' into release-0.3.2

___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/release-0.3.2] Merge branch 'maint-0.3.1' into maint-0.3.2

[nickm]

commit 98fc8cd937a61becb96c848d7719012a9ce959ef
Merge: 67043d957 b2c4d4e7f
Author: Nick Mathewson 
Date:   Sun Feb 11 18:11:04 2018 -0500

Merge branch 'maint-0.3.1' into maint-0.3.2




___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/release-0.3.2] Merge branch 'maint-0.2.9' into maint-0.3.1

[nickm]

commit b2c4d4e7fae3dda864282953c05ab3b9b0f1b22d
Merge: 8939eaf47 84c13336c
Author: Nick Mathewson 
Date:   Sun Feb 11 18:11:04 2018 -0500

Merge branch 'maint-0.2.9' into maint-0.3.1

 changes/bug24198 |  4 
 src/common/sandbox.c | 16 +++-
 2 files changed, 19 insertions(+), 1 deletion(-)




___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/release-0.2.9] Merge remote-tracking branch 'public/bug24198_029' into maint-0.2.9

[nickm]

commit 84c13336c410ac218c70d6ce2ce6216f9b24e796
Merge: 848ba26c1 7461cd306
Author: Nick Mathewson 
Date:   Sun Feb 11 18:10:59 2018 -0500

Merge remote-tracking branch 'public/bug24198_029' into maint-0.2.9

 changes/bug24198 |  4 
 src/common/sandbox.c | 16 +++-
 2 files changed, 19 insertions(+), 1 deletion(-)




___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/release-0.2.9] Permit kill(pid, 0) in the seccomp2 sandbox.

[nickm]

commit 7461cd30676da62324271ddd7b7d347eeff40266
Author: Nick Mathewson 
Date:   Thu Nov 16 12:44:47 2017 -0500

Permit kill(pid, 0) in the seccomp2 sandbox.

We don't want to allow general signals to be sent, but there's no
problem sending a kill(0) to probe whether a process is there.

Fixes bug 24198; bugfix on 0.2.5.1-alpha when the seccomp2 sandbox
was introduced.
---
 changes/bug24198 |  4 
 src/common/sandbox.c | 16 +++-
 2 files changed, 19 insertions(+), 1 deletion(-)

diff --git a/changes/bug24198 b/changes/bug24198
new file mode 100644
index 0..679070687
--- /dev/null
+++ b/changes/bug24198
@@ -0,0 +1,4 @@
+  o Minor bugfixes (controller, linux seccomp2 sandbox):
+- Avoid a crash when attempting to use the seccomp2 sandbox
+  together with the OwningControllerProcess feature.
+  Fixes bug 24198; bugfix on 0.2.5.1-alpha.
diff --git a/src/common/sandbox.c b/src/common/sandbox.c
index 7f4511db2..0b862a549 100644
--- a/src/common/sandbox.c
+++ b/src/common/sandbox.c
@@ -1050,6 +1050,19 @@ sb_stat64(scmp_filter_ctx ctx, sandbox_cfg_t *filter)
 }
 #endif
 
+static int
+sb_kill(scmp_filter_ctx ctx, sandbox_cfg_t *filter)
+{
+  (void) filter;
+#ifdef __NR_kill
+  /* Allow killing anything with signal 0 -- it isn't really a kill. */
+  return seccomp_rule_add_1(ctx, SCMP_ACT_ALLOW, SCMP_SYS(kill),
+   SCMP_CMP(1, SCMP_CMP_EQ, 0));
+#else
+  return 0;
+#endif
+}
+
 /**
  * Array of function pointers responsible for filtering different syscalls at
  * a parameter level.
@@ -1088,7 +1101,8 @@ static sandbox_filter_func_t filter_func[] = {
 sb_socket,
 sb_setsockopt,
 sb_getsockopt,
-sb_socketpair
+sb_socketpair,
+sb_kill
 };
 
 const char *



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/maint-0.2.9] Permit kill(pid, 0) in the seccomp2 sandbox.

[nickm]

commit 7461cd30676da62324271ddd7b7d347eeff40266
Author: Nick Mathewson 
Date:   Thu Nov 16 12:44:47 2017 -0500

Permit kill(pid, 0) in the seccomp2 sandbox.

We don't want to allow general signals to be sent, but there's no
problem sending a kill(0) to probe whether a process is there.

Fixes bug 24198; bugfix on 0.2.5.1-alpha when the seccomp2 sandbox
was introduced.
---
 changes/bug24198 |  4 
 src/common/sandbox.c | 16 +++-
 2 files changed, 19 insertions(+), 1 deletion(-)

diff --git a/changes/bug24198 b/changes/bug24198
new file mode 100644
index 0..679070687
--- /dev/null
+++ b/changes/bug24198
@@ -0,0 +1,4 @@
+  o Minor bugfixes (controller, linux seccomp2 sandbox):
+- Avoid a crash when attempting to use the seccomp2 sandbox
+  together with the OwningControllerProcess feature.
+  Fixes bug 24198; bugfix on 0.2.5.1-alpha.
diff --git a/src/common/sandbox.c b/src/common/sandbox.c
index 7f4511db2..0b862a549 100644
--- a/src/common/sandbox.c
+++ b/src/common/sandbox.c
@@ -1050,6 +1050,19 @@ sb_stat64(scmp_filter_ctx ctx, sandbox_cfg_t *filter)
 }
 #endif
 
+static int
+sb_kill(scmp_filter_ctx ctx, sandbox_cfg_t *filter)
+{
+  (void) filter;
+#ifdef __NR_kill
+  /* Allow killing anything with signal 0 -- it isn't really a kill. */
+  return seccomp_rule_add_1(ctx, SCMP_ACT_ALLOW, SCMP_SYS(kill),
+   SCMP_CMP(1, SCMP_CMP_EQ, 0));
+#else
+  return 0;
+#endif
+}
+
 /**
  * Array of function pointers responsible for filtering different syscalls at
  * a parameter level.
@@ -1088,7 +1101,8 @@ static sandbox_filter_func_t filter_func[] = {
 sb_socket,
 sb_setsockopt,
 sb_getsockopt,
-sb_socketpair
+sb_socketpair,
+sb_kill
 };
 
 const char *



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/maint-0.3.2] Merge remote-tracking branch 'public/bug24198_029' into maint-0.2.9

[nickm]

commit 84c13336c410ac218c70d6ce2ce6216f9b24e796
Merge: 848ba26c1 7461cd306
Author: Nick Mathewson 
Date:   Sun Feb 11 18:10:59 2018 -0500

Merge remote-tracking branch 'public/bug24198_029' into maint-0.2.9

 changes/bug24198 |  4 
 src/common/sandbox.c | 16 +++-
 2 files changed, 19 insertions(+), 1 deletion(-)




___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/release-0.3.1] Merge branch 'maint-0.2.9' into maint-0.3.1

[nickm]

commit b2c4d4e7fae3dda864282953c05ab3b9b0f1b22d
Merge: 8939eaf47 84c13336c
Author: Nick Mathewson 
Date:   Sun Feb 11 18:11:04 2018 -0500

Merge branch 'maint-0.2.9' into maint-0.3.1

 changes/bug24198 |  4 
 src/common/sandbox.c | 16 +++-
 2 files changed, 19 insertions(+), 1 deletion(-)




___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/release-0.3.1] Merge branch 'maint-0.3.1' into release-0.3.1

[nickm]

commit 97c988c4315f9ff4b4e892194bda3d640a368f7e
Merge: c93f69af5 b2c4d4e7f
Author: Nick Mathewson 
Date:   Sun Feb 11 18:11:04 2018 -0500

Merge branch 'maint-0.3.1' into release-0.3.1

 changes/bug24198 |  4 
 src/common/sandbox.c | 16 +++-
 2 files changed, 19 insertions(+), 1 deletion(-)

___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/maint-0.3.2] Merge branch 'maint-0.3.1' into maint-0.3.2

[nickm]

commit 98fc8cd937a61becb96c848d7719012a9ce959ef
Merge: 67043d957 b2c4d4e7f
Author: Nick Mathewson 
Date:   Sun Feb 11 18:11:04 2018 -0500

Merge branch 'maint-0.3.1' into maint-0.3.2

___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/release-0.3.1] Permit kill(pid, 0) in the seccomp2 sandbox.

[nickm]

commit 7461cd30676da62324271ddd7b7d347eeff40266
Author: Nick Mathewson 
Date:   Thu Nov 16 12:44:47 2017 -0500

Permit kill(pid, 0) in the seccomp2 sandbox.

We don't want to allow general signals to be sent, but there's no
problem sending a kill(0) to probe whether a process is there.

Fixes bug 24198; bugfix on 0.2.5.1-alpha when the seccomp2 sandbox
was introduced.
---
 changes/bug24198 |  4 
 src/common/sandbox.c | 16 +++-
 2 files changed, 19 insertions(+), 1 deletion(-)

diff --git a/changes/bug24198 b/changes/bug24198
new file mode 100644
index 0..679070687
--- /dev/null
+++ b/changes/bug24198
@@ -0,0 +1,4 @@
+  o Minor bugfixes (controller, linux seccomp2 sandbox):
+- Avoid a crash when attempting to use the seccomp2 sandbox
+  together with the OwningControllerProcess feature.
+  Fixes bug 24198; bugfix on 0.2.5.1-alpha.
diff --git a/src/common/sandbox.c b/src/common/sandbox.c
index 7f4511db2..0b862a549 100644
--- a/src/common/sandbox.c
+++ b/src/common/sandbox.c
@@ -1050,6 +1050,19 @@ sb_stat64(scmp_filter_ctx ctx, sandbox_cfg_t *filter)
 }
 #endif
 
+static int
+sb_kill(scmp_filter_ctx ctx, sandbox_cfg_t *filter)
+{
+  (void) filter;
+#ifdef __NR_kill
+  /* Allow killing anything with signal 0 -- it isn't really a kill. */
+  return seccomp_rule_add_1(ctx, SCMP_ACT_ALLOW, SCMP_SYS(kill),
+   SCMP_CMP(1, SCMP_CMP_EQ, 0));
+#else
+  return 0;
+#endif
+}
+
 /**
  * Array of function pointers responsible for filtering different syscalls at
  * a parameter level.
@@ -1088,7 +1101,8 @@ static sandbox_filter_func_t filter_func[] = {
 sb_socket,
 sb_setsockopt,
 sb_getsockopt,
-sb_socketpair
+sb_socketpair,
+sb_kill
 };
 
 const char *



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/release-0.2.9] Merge branch 'maint-0.2.9' into release-0.2.9

[nickm]

commit cb42f93a923ddf7455d7553e63abcf320bd2a00b
Merge: 27c30bc22 84c13336c
Author: Nick Mathewson 
Date:   Sun Feb 11 18:11:04 2018 -0500

Merge branch 'maint-0.2.9' into release-0.2.9

 changes/bug24198 |  4 
 src/common/sandbox.c | 16 +++-
 2 files changed, 19 insertions(+), 1 deletion(-)

___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/maint-0.3.1] Merge branch 'maint-0.2.9' into maint-0.3.1

[nickm]

commit b2c4d4e7fae3dda864282953c05ab3b9b0f1b22d
Merge: 8939eaf47 84c13336c
Author: Nick Mathewson 
Date:   Sun Feb 11 18:11:04 2018 -0500

Merge branch 'maint-0.2.9' into maint-0.3.1

 changes/bug24198 |  4 
 src/common/sandbox.c | 16 +++-
 2 files changed, 19 insertions(+), 1 deletion(-)

___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/master] Merge branch 'maint-0.3.1' into maint-0.3.2

[nickm]

commit 98fc8cd937a61becb96c848d7719012a9ce959ef
Merge: 67043d957 b2c4d4e7f
Author: Nick Mathewson 
Date:   Sun Feb 11 18:11:04 2018 -0500

Merge branch 'maint-0.3.1' into maint-0.3.2




___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/release-0.3.1] Merge remote-tracking branch 'public/bug24198_029' into maint-0.2.9

[nickm]

commit 84c13336c410ac218c70d6ce2ce6216f9b24e796
Merge: 848ba26c1 7461cd306
Author: Nick Mathewson 
Date:   Sun Feb 11 18:10:59 2018 -0500

Merge remote-tracking branch 'public/bug24198_029' into maint-0.2.9

 changes/bug24198 |  4 
 src/common/sandbox.c | 16 +++-
 2 files changed, 19 insertions(+), 1 deletion(-)




___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/maint-0.3.1] Permit kill(pid, 0) in the seccomp2 sandbox.

[nickm]

commit 7461cd30676da62324271ddd7b7d347eeff40266
Author: Nick Mathewson 
Date:   Thu Nov 16 12:44:47 2017 -0500

Permit kill(pid, 0) in the seccomp2 sandbox.

We don't want to allow general signals to be sent, but there's no
problem sending a kill(0) to probe whether a process is there.

Fixes bug 24198; bugfix on 0.2.5.1-alpha when the seccomp2 sandbox
was introduced.
---
 changes/bug24198 |  4 
 src/common/sandbox.c | 16 +++-
 2 files changed, 19 insertions(+), 1 deletion(-)

diff --git a/changes/bug24198 b/changes/bug24198
new file mode 100644
index 0..679070687
--- /dev/null
+++ b/changes/bug24198
@@ -0,0 +1,4 @@
+  o Minor bugfixes (controller, linux seccomp2 sandbox):
+- Avoid a crash when attempting to use the seccomp2 sandbox
+  together with the OwningControllerProcess feature.
+  Fixes bug 24198; bugfix on 0.2.5.1-alpha.
diff --git a/src/common/sandbox.c b/src/common/sandbox.c
index 7f4511db2..0b862a549 100644
--- a/src/common/sandbox.c
+++ b/src/common/sandbox.c
@@ -1050,6 +1050,19 @@ sb_stat64(scmp_filter_ctx ctx, sandbox_cfg_t *filter)
 }
 #endif
 
+static int
+sb_kill(scmp_filter_ctx ctx, sandbox_cfg_t *filter)
+{
+  (void) filter;
+#ifdef __NR_kill
+  /* Allow killing anything with signal 0 -- it isn't really a kill. */
+  return seccomp_rule_add_1(ctx, SCMP_ACT_ALLOW, SCMP_SYS(kill),
+   SCMP_CMP(1, SCMP_CMP_EQ, 0));
+#else
+  return 0;
+#endif
+}
+
 /**
  * Array of function pointers responsible for filtering different syscalls at
  * a parameter level.
@@ -1088,7 +1101,8 @@ static sandbox_filter_func_t filter_func[] = {
 sb_socket,
 sb_setsockopt,
 sb_getsockopt,
-sb_socketpair
+sb_socketpair,
+sb_kill
 };
 
 const char *



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/maint-0.3.1] Merge remote-tracking branch 'public/bug24198_029' into maint-0.2.9

[nickm]

commit 84c13336c410ac218c70d6ce2ce6216f9b24e796
Merge: 848ba26c1 7461cd306
Author: Nick Mathewson 
Date:   Sun Feb 11 18:10:59 2018 -0500

Merge remote-tracking branch 'public/bug24198_029' into maint-0.2.9

 changes/bug24198 |  4 
 src/common/sandbox.c | 16 +++-
 2 files changed, 19 insertions(+), 1 deletion(-)




___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/maint-0.3.2] Merge branch 'maint-0.2.9' into maint-0.3.1

[nickm]

commit b2c4d4e7fae3dda864282953c05ab3b9b0f1b22d
Merge: 8939eaf47 84c13336c
Author: Nick Mathewson 
Date:   Sun Feb 11 18:11:04 2018 -0500

Merge branch 'maint-0.2.9' into maint-0.3.1

 changes/bug24198 |  4 
 src/common/sandbox.c | 16 +++-
 2 files changed, 19 insertions(+), 1 deletion(-)




___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/master] Merge branch 'maint-0.2.9' into maint-0.3.1

[nickm]

commit b2c4d4e7fae3dda864282953c05ab3b9b0f1b22d
Merge: 8939eaf47 84c13336c
Author: Nick Mathewson 
Date:   Sun Feb 11 18:11:04 2018 -0500

Merge branch 'maint-0.2.9' into maint-0.3.1

 changes/bug24198 |  4 
 src/common/sandbox.c | 16 +++-
 2 files changed, 19 insertions(+), 1 deletion(-)




___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/master] Merge branch 'maint-0.3.2'

[nickm]

commit 019bb55181c8649cf45b7fcfff9a3e1bd06c4ab9
Merge: a7f5ece2b 98fc8cd93
Author: Nick Mathewson 
Date:   Sun Feb 11 18:11:04 2018 -0500

Merge branch 'maint-0.3.2'

___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/master] Merge remote-tracking branch 'public/bug24198_029' into maint-0.2.9

[nickm]

commit 84c13336c410ac218c70d6ce2ce6216f9b24e796
Merge: 848ba26c1 7461cd306
Author: Nick Mathewson 
Date:   Sun Feb 11 18:10:59 2018 -0500

Merge remote-tracking branch 'public/bug24198_029' into maint-0.2.9

 changes/bug24198 |  4 
 src/common/sandbox.c | 16 +++-
 2 files changed, 19 insertions(+), 1 deletion(-)




___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/maint-0.2.9] Merge remote-tracking branch 'public/bug24198_029' into maint-0.2.9

[nickm]

commit 84c13336c410ac218c70d6ce2ce6216f9b24e796
Merge: 848ba26c1 7461cd306
Author: Nick Mathewson 
Date:   Sun Feb 11 18:10:59 2018 -0500

Merge remote-tracking branch 'public/bug24198_029' into maint-0.2.9

 changes/bug24198 |  4 
 src/common/sandbox.c | 16 +++-
 2 files changed, 19 insertions(+), 1 deletion(-)

___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/release-0.3.2] Merge branch 'ticket24315_029' into maint-0.2.9

[nickm]

commit 848ba26c188c43cb97a22d5911fceb3714a97272
Merge: 5dc785cee 80bf27040
Author: Nick Mathewson 
Date:   Sun Feb 11 18:07:37 2018 -0500

Merge branch 'ticket24315_029' into maint-0.2.9

 changes/ticket24315  |  3 +++
 configure.ac |  2 ++
 src/common/sandbox.c | 71 +---
 3 files changed, 72 insertions(+), 4 deletions(-)




___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/release-0.3.2] Merge branch 'maint-0.3.1' into maint-0.3.2

[nickm]

commit 67043d957f2f3cc107c5e0cb3f5c2caa35639506
Merge: 684d57fe8 8939eaf47
Author: Nick Mathewson 
Date:   Sun Feb 11 18:09:35 2018 -0500

Merge branch 'maint-0.3.1' into maint-0.3.2




___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/release-0.3.1] Merge branch 'maint-0.2.9' into maint-0.3.1

[nickm]

commit 8939eaf479bc123e774421c9de6dfc3c864e0326
Merge: eccef6ba6 848ba26c1
Author: Nick Mathewson 
Date:   Sun Feb 11 18:09:35 2018 -0500

Merge branch 'maint-0.2.9' into maint-0.3.1

 changes/ticket24315  |  3 +++
 configure.ac |  2 ++
 src/common/sandbox.c | 71 +---
 3 files changed, 72 insertions(+), 4 deletions(-)




___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/release-0.3.1] Merge branch 'maint-0.3.1' into release-0.3.1

[nickm]

commit c93f69af582141f846a0f7c5dfd30c293c901c58
Merge: cf55f0516 8939eaf47
Author: Nick Mathewson 
Date:   Sun Feb 11 18:09:35 2018 -0500

Merge branch 'maint-0.3.1' into release-0.3.1

 changes/ticket24315  |  3 +++
 configure.ac |  2 ++
 src/common/sandbox.c | 71 +---
 3 files changed, 72 insertions(+), 4 deletions(-)

___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/release-0.3.1] Merge branch 'ticket24315_029' into maint-0.2.9

[nickm]

commit 848ba26c188c43cb97a22d5911fceb3714a97272
Merge: 5dc785cee 80bf27040
Author: Nick Mathewson 
Date:   Sun Feb 11 18:07:37 2018 -0500

Merge branch 'ticket24315_029' into maint-0.2.9

 changes/ticket24315  |  3 +++
 configure.ac |  2 ++
 src/common/sandbox.c | 71 +---
 3 files changed, 72 insertions(+), 4 deletions(-)




___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/release-0.3.2] Merge branch 'maint-0.3.2' into release-0.3.2

[nickm]

commit 2a24ce9656cc36283b615b0da9e64c16adf36374
Merge: 9e81221c9 67043d957
Author: Nick Mathewson 
Date:   Sun Feb 11 18:09:35 2018 -0500

Merge branch 'maint-0.3.2' into release-0.3.2

___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/release-0.3.1] Add a changes file.

[nickm]

commit 80bf270404a52c634a14f6aad594dec4e9ce1e12
Author: Nick Mathewson 
Date:   Thu Nov 16 14:07:58 2017 -0500

Add a changes file.
---
 changes/ticket24315 | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/changes/ticket24315 b/changes/ticket24315
new file mode 100644
index 0..df34dbf41
--- /dev/null
+++ b/changes/ticket24315
@@ -0,0 +1,3 @@
+  o Major features (linux seccomp2 sandbox):
+- Update the sandbox rules so that they should now work correctly with
+  Glibc 2.26.  Closes  ticket 24315.



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/release-0.3.2] Merge branch 'maint-0.2.9' into maint-0.3.1

[nickm]

commit 8939eaf479bc123e774421c9de6dfc3c864e0326
Merge: eccef6ba6 848ba26c1
Author: Nick Mathewson 
Date:   Sun Feb 11 18:09:35 2018 -0500

Merge branch 'maint-0.2.9' into maint-0.3.1

 changes/ticket24315  |  3 +++
 configure.ac |  2 ++
 src/common/sandbox.c | 71 +---
 3 files changed, 72 insertions(+), 4 deletions(-)




___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/release-0.3.1] Check the libc version to decide whether to allow openat.

[nickm]

commit 2d3904aba67e79e57db1814033b1df3f77336065
Author: Nick Mathewson 
Date:   Thu Nov 16 14:06:38 2017 -0500

Check the libc version to decide whether to allow openat.
---
 configure.ac |  2 ++
 src/common/sandbox.c | 38 +-
 2 files changed, 39 insertions(+), 1 deletion(-)

diff --git a/configure.ac b/configure.ac
index f2c3f90ba..3ff819052 100644
--- a/configure.ac
+++ b/configure.ac
@@ -390,6 +390,7 @@ AC_CHECK_FUNCS(
 getrlimit \
 gettimeofday \
 gmtime_r \
+   gnu_get_libc_version \
htonll \
 inet_aton \
 ioctl \
@@ -1011,6 +1012,7 @@ AC_CHECK_HEADERS([assert.h \
   arpa/inet.h \
   crt_externs.h \
   execinfo.h \
+  gnu/libc-version.h \
   grp.h \
   ifaddrs.h \
   inttypes.h \
diff --git a/src/common/sandbox.c b/src/common/sandbox.c
index 417c1e305..d0ead2cae 100644
--- a/src/common/sandbox.c
+++ b/src/common/sandbox.c
@@ -56,6 +56,9 @@
 #include 
 #include 
 
+#ifdef HAVE_GNU_LIBC_VERSION_H
+#include 
+#endif
 #ifdef HAVE_LINUX_NETFILTER_IPV4_H
 #include 
 #endif
@@ -424,6 +427,37 @@ sb_mmap2(scmp_filter_ctx ctx, sandbox_cfg_t *filter)
 }
 #endif
 
+#ifdef HAVE_GNU_LIBC_VERSION_H
+#ifdef HAVE_GNU_GET_LIBC_VERSION
+#define CHECK_LIBC_VERSION
+#endif
+#endif
+
+/* Return true if we think we're running with a libc that always uses
+ * openat on linux. */
+static int
+libc_uses_openat_for_everything(void)
+{
+#ifdef CHECK_LIBC_VERSION
+  const char *version = gnu_get_libc_version();
+  if (version == NULL)
+return 0;
+
+  int major = -1;
+  int minor = -1;
+
+  tor_sscanf(version, "%d.%d", , );
+  if (major >= 3)
+return 1;
+  else if (major == 2 && minor >= 26)
+return 1;
+  else
+return 0;
+#else
+  return 0;
+#endif
+}
+
 /** Allow a single file to be opened.  If use_openat is true,
  * we're using a libc that remaps all the opens into openats. */
 static int
@@ -449,13 +483,15 @@ sb_open(scmp_filter_ctx ctx, sandbox_cfg_t *filter)
   int rc;
   sandbox_cfg_t *elem = NULL;
 
+  int use_openat = libc_uses_openat_for_everything();
+
   // for each dynamic parameter filters
   for (elem = filter; elem != NULL; elem = elem->next) {
 smp_param_t *param = elem->param;
 
 if (param != NULL && param->prot == 1 && param->syscall
 == SCMP_SYS(open)) {
-  rc = allow_file_open(ctx, 0 /*  */, param->value);
+  rc = allow_file_open(ctx, use_openat, param->value);
   if (rc != 0) {
 log_err(LD_BUG,"(Sandbox) failed to add open syscall, received "
 "libseccomp error %d", rc);



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/release-0.2.9] Merge branch 'maint-0.2.9' into release-0.2.9

[nickm]

commit 27c30bc227b06bb43e170c454f8987f3a45b67cb
Merge: da194bb49 848ba26c1
Author: Nick Mathewson 
Date:   Sun Feb 11 18:09:35 2018 -0500

Merge branch 'maint-0.2.9' into release-0.2.9

 changes/ticket24315  |  3 +++
 configure.ac |  2 ++
 src/common/sandbox.c | 71 +---
 3 files changed, 72 insertions(+), 4 deletions(-)

___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/maint-0.2.9] Make our seccomp2 sandbox handle Glibc 2.26

[nickm]

commit d2d6a1b082fa0eac8b6478889a0c28bf05e48073
Author: Nick Mathewson 
Date:   Thu Nov 16 13:53:48 2017 -0500

Make our seccomp2 sandbox handle Glibc 2.26

There are three changes here:
  * We need to allow epoll_pwait.
  * We need to allow PF_NETLINK sockets to be opened with SOCK_CLOEXEC.
  * We need to use openat() instead of open().

Note that this fix is not complete, since the openat() change is
turned off.  The next commit will make the openat() change happen
when we're running glibc 2.26 or later.

Fix for 24315.
---
 src/common/sandbox.c | 35 +++
 1 file changed, 31 insertions(+), 4 deletions(-)

diff --git a/src/common/sandbox.c b/src/common/sandbox.c
index 7f4511db2..417c1e305 100644
--- a/src/common/sandbox.c
+++ b/src/common/sandbox.c
@@ -127,6 +127,9 @@ static int filter_nopar_gen[] = {
 SCMP_SYS(clone),
 SCMP_SYS(epoll_create),
 SCMP_SYS(epoll_wait),
+#ifdef __NR_epoll_pwait
+SCMP_SYS(epoll_pwait),
+#endif
 #ifdef HAVE_EVENTFD
 SCMP_SYS(eventfd2),
 #endif
@@ -421,6 +424,21 @@ sb_mmap2(scmp_filter_ctx ctx, sandbox_cfg_t *filter)
 }
 #endif
 
+/** Allow a single file to be opened.  If use_openat is true,
+ * we're using a libc that remaps all the opens into openats. */
+static int
+allow_file_open(scmp_filter_ctx ctx, int use_openat, const char *file)
+{
+  if (use_openat) {
+return seccomp_rule_add_2(ctx, SCMP_ACT_ALLOW, SCMP_SYS(openat),
+  SCMP_CMP_STR(0, SCMP_CMP_EQ, AT_FDCWD),
+  SCMP_CMP_STR(1, SCMP_CMP_EQ, file));
+  } else {
+return seccomp_rule_add_1(ctx, SCMP_ACT_ALLOW, SCMP_SYS(open),
+  SCMP_CMP_STR(0, SCMP_CMP_EQ, file));
+  }
+}
+
 /**
  * Function responsible for setting up the open syscall for
  * the seccomp filter sandbox.
@@ -437,8 +455,7 @@ sb_open(scmp_filter_ctx ctx, sandbox_cfg_t *filter)
 
 if (param != NULL && param->prot == 1 && param->syscall
 == SCMP_SYS(open)) {
-  rc = seccomp_rule_add_1(ctx, SCMP_ACT_ALLOW, SCMP_SYS(open),
-SCMP_CMP_STR(0, SCMP_CMP_EQ, param->value));
+  rc = allow_file_open(ctx, 0 /*  */, param->value);
   if (rc != 0) {
 log_err(LD_BUG,"(Sandbox) failed to add open syscall, received "
 "libseccomp error %d", rc);
@@ -456,6 +473,15 @@ sb_open(scmp_filter_ctx ctx, sandbox_cfg_t *filter)
 return rc;
   }
 
+  rc = seccomp_rule_add_1(ctx, SCMP_ACT_ERRNO(EACCES), SCMP_SYS(openat),
+SCMP_CMP_MASKED(2, O_CLOEXEC|O_NONBLOCK|O_NOCTTY|O_NOFOLLOW,
+O_RDONLY));
+  if (rc != 0) {
+log_err(LD_BUG,"(Sandbox) failed to add openat syscall, received "
+"libseccomp error %d", rc);
+return rc;
+  }
+
   return 0;
 }
 
@@ -645,7 +671,7 @@ sb_socket(scmp_filter_ctx ctx, sandbox_cfg_t *filter)
 
   rc = seccomp_rule_add_3(ctx, SCMP_ACT_ALLOW, SCMP_SYS(socket),
   SCMP_CMP(0, SCMP_CMP_EQ, PF_NETLINK),
-  SCMP_CMP(1, SCMP_CMP_EQ, SOCK_RAW),
+  SCMP_CMP_MASKED(1, SOCK_CLOEXEC, SOCK_RAW),
   SCMP_CMP(2, SCMP_CMP_EQ, 0));
   if (rc)
 return rc;
@@ -1616,7 +1642,8 @@ add_param_filter(scmp_filter_ctx ctx, sandbox_cfg_t* cfg)
 
   // function pointer
   for (i = 0; i < ARRAY_LENGTH(filter_func); i++) {
-if ((filter_func[i])(ctx, cfg)) {
+rc = filter_func[i](ctx, cfg);
+if (rc) {
   log_err(LD_BUG,"(Sandbox) failed to add syscall %d, received libseccomp "
   "error %d", i, rc);
   return rc;



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/master] Merge branch 'maint-0.3.1' into maint-0.3.2

[nickm]

commit 67043d957f2f3cc107c5e0cb3f5c2caa35639506
Merge: 684d57fe8 8939eaf47
Author: Nick Mathewson 
Date:   Sun Feb 11 18:09:35 2018 -0500

Merge branch 'maint-0.3.1' into maint-0.3.2




___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/release-0.2.9] Merge branch 'ticket24315_029' into maint-0.2.9

[nickm]

commit 848ba26c188c43cb97a22d5911fceb3714a97272
Merge: 5dc785cee 80bf27040
Author: Nick Mathewson 
Date:   Sun Feb 11 18:07:37 2018 -0500

Merge branch 'ticket24315_029' into maint-0.2.9

 changes/ticket24315  |  3 +++
 configure.ac |  2 ++
 src/common/sandbox.c | 71 +---
 3 files changed, 72 insertions(+), 4 deletions(-)




___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/maint-0.3.2] Merge branch 'ticket24315_029' into maint-0.2.9

[nickm]

commit 848ba26c188c43cb97a22d5911fceb3714a97272
Merge: 5dc785cee 80bf27040
Author: Nick Mathewson 
Date:   Sun Feb 11 18:07:37 2018 -0500

Merge branch 'ticket24315_029' into maint-0.2.9

 changes/ticket24315  |  3 +++
 configure.ac |  2 ++
 src/common/sandbox.c | 71 +---
 3 files changed, 72 insertions(+), 4 deletions(-)




___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/maint-0.2.9] Merge branch 'ticket24315_029' into maint-0.2.9

[nickm]

commit 848ba26c188c43cb97a22d5911fceb3714a97272
Merge: 5dc785cee 80bf27040
Author: Nick Mathewson 
Date:   Sun Feb 11 18:07:37 2018 -0500

Merge branch 'ticket24315_029' into maint-0.2.9

 changes/ticket24315  |  3 +++
 configure.ac |  2 ++
 src/common/sandbox.c | 71 +---
 3 files changed, 72 insertions(+), 4 deletions(-)

___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/maint-0.3.1] Merge branch 'maint-0.2.9' into maint-0.3.1

[nickm]

commit 8939eaf479bc123e774421c9de6dfc3c864e0326
Merge: eccef6ba6 848ba26c1
Author: Nick Mathewson 
Date:   Sun Feb 11 18:09:35 2018 -0500

Merge branch 'maint-0.2.9' into maint-0.3.1

 changes/ticket24315  |  3 +++
 configure.ac |  2 ++
 src/common/sandbox.c | 71 +---
 3 files changed, 72 insertions(+), 4 deletions(-)

___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/release-0.2.9] Add a changes file.

[nickm]

commit 80bf270404a52c634a14f6aad594dec4e9ce1e12
Author: Nick Mathewson 
Date:   Thu Nov 16 14:07:58 2017 -0500

Add a changes file.
---
 changes/ticket24315 | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/changes/ticket24315 b/changes/ticket24315
new file mode 100644
index 0..df34dbf41
--- /dev/null
+++ b/changes/ticket24315
@@ -0,0 +1,3 @@
+  o Major features (linux seccomp2 sandbox):
+- Update the sandbox rules so that they should now work correctly with
+  Glibc 2.26.  Closes  ticket 24315.



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/maint-0.3.1] Make our seccomp2 sandbox handle Glibc 2.26

[nickm]

commit d2d6a1b082fa0eac8b6478889a0c28bf05e48073
Author: Nick Mathewson 
Date:   Thu Nov 16 13:53:48 2017 -0500

Make our seccomp2 sandbox handle Glibc 2.26

There are three changes here:
  * We need to allow epoll_pwait.
  * We need to allow PF_NETLINK sockets to be opened with SOCK_CLOEXEC.
  * We need to use openat() instead of open().

Note that this fix is not complete, since the openat() change is
turned off.  The next commit will make the openat() change happen
when we're running glibc 2.26 or later.

Fix for 24315.
---
 src/common/sandbox.c | 35 +++
 1 file changed, 31 insertions(+), 4 deletions(-)

diff --git a/src/common/sandbox.c b/src/common/sandbox.c
index 7f4511db2..417c1e305 100644
--- a/src/common/sandbox.c
+++ b/src/common/sandbox.c
@@ -127,6 +127,9 @@ static int filter_nopar_gen[] = {
 SCMP_SYS(clone),
 SCMP_SYS(epoll_create),
 SCMP_SYS(epoll_wait),
+#ifdef __NR_epoll_pwait
+SCMP_SYS(epoll_pwait),
+#endif
 #ifdef HAVE_EVENTFD
 SCMP_SYS(eventfd2),
 #endif
@@ -421,6 +424,21 @@ sb_mmap2(scmp_filter_ctx ctx, sandbox_cfg_t *filter)
 }
 #endif
 
+/** Allow a single file to be opened.  If use_openat is true,
+ * we're using a libc that remaps all the opens into openats. */
+static int
+allow_file_open(scmp_filter_ctx ctx, int use_openat, const char *file)
+{
+  if (use_openat) {
+return seccomp_rule_add_2(ctx, SCMP_ACT_ALLOW, SCMP_SYS(openat),
+  SCMP_CMP_STR(0, SCMP_CMP_EQ, AT_FDCWD),
+  SCMP_CMP_STR(1, SCMP_CMP_EQ, file));
+  } else {
+return seccomp_rule_add_1(ctx, SCMP_ACT_ALLOW, SCMP_SYS(open),
+  SCMP_CMP_STR(0, SCMP_CMP_EQ, file));
+  }
+}
+
 /**
  * Function responsible for setting up the open syscall for
  * the seccomp filter sandbox.
@@ -437,8 +455,7 @@ sb_open(scmp_filter_ctx ctx, sandbox_cfg_t *filter)
 
 if (param != NULL && param->prot == 1 && param->syscall
 == SCMP_SYS(open)) {
-  rc = seccomp_rule_add_1(ctx, SCMP_ACT_ALLOW, SCMP_SYS(open),
-SCMP_CMP_STR(0, SCMP_CMP_EQ, param->value));
+  rc = allow_file_open(ctx, 0 /*  */, param->value);
   if (rc != 0) {
 log_err(LD_BUG,"(Sandbox) failed to add open syscall, received "
 "libseccomp error %d", rc);
@@ -456,6 +473,15 @@ sb_open(scmp_filter_ctx ctx, sandbox_cfg_t *filter)
 return rc;
   }
 
+  rc = seccomp_rule_add_1(ctx, SCMP_ACT_ERRNO(EACCES), SCMP_SYS(openat),
+SCMP_CMP_MASKED(2, O_CLOEXEC|O_NONBLOCK|O_NOCTTY|O_NOFOLLOW,
+O_RDONLY));
+  if (rc != 0) {
+log_err(LD_BUG,"(Sandbox) failed to add openat syscall, received "
+"libseccomp error %d", rc);
+return rc;
+  }
+
   return 0;
 }
 
@@ -645,7 +671,7 @@ sb_socket(scmp_filter_ctx ctx, sandbox_cfg_t *filter)
 
   rc = seccomp_rule_add_3(ctx, SCMP_ACT_ALLOW, SCMP_SYS(socket),
   SCMP_CMP(0, SCMP_CMP_EQ, PF_NETLINK),
-  SCMP_CMP(1, SCMP_CMP_EQ, SOCK_RAW),
+  SCMP_CMP_MASKED(1, SOCK_CLOEXEC, SOCK_RAW),
   SCMP_CMP(2, SCMP_CMP_EQ, 0));
   if (rc)
 return rc;
@@ -1616,7 +1642,8 @@ add_param_filter(scmp_filter_ctx ctx, sandbox_cfg_t* cfg)
 
   // function pointer
   for (i = 0; i < ARRAY_LENGTH(filter_func); i++) {
-if ((filter_func[i])(ctx, cfg)) {
+rc = filter_func[i](ctx, cfg);
+if (rc) {
   log_err(LD_BUG,"(Sandbox) failed to add syscall %d, received libseccomp "
   "error %d", i, rc);
   return rc;



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/master] Merge branch 'maint-0.3.2'

[nickm]

commit a7f5ece2b9e64447c25e1c52bba48a1187c03fd0
Merge: bdc29eaa7 67043d957
Author: Nick Mathewson 
Date:   Sun Feb 11 18:09:35 2018 -0500

Merge branch 'maint-0.3.2'

___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/master] Merge branch 'ticket24315_029' into maint-0.2.9

[nickm]

commit 848ba26c188c43cb97a22d5911fceb3714a97272
Merge: 5dc785cee 80bf27040
Author: Nick Mathewson 
Date:   Sun Feb 11 18:07:37 2018 -0500

Merge branch 'ticket24315_029' into maint-0.2.9

 changes/ticket24315  |  3 +++
 configure.ac |  2 ++
 src/common/sandbox.c | 71 +---
 3 files changed, 72 insertions(+), 4 deletions(-)




___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/maint-0.3.1] Merge branch 'ticket24315_029' into maint-0.2.9

[nickm]

commit 848ba26c188c43cb97a22d5911fceb3714a97272
Merge: 5dc785cee 80bf27040
Author: Nick Mathewson 
Date:   Sun Feb 11 18:07:37 2018 -0500

Merge branch 'ticket24315_029' into maint-0.2.9

 changes/ticket24315  |  3 +++
 configure.ac |  2 ++
 src/common/sandbox.c | 71 +---
 3 files changed, 72 insertions(+), 4 deletions(-)




___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/release-0.3.1] Make our seccomp2 sandbox handle Glibc 2.26

[nickm]

commit d2d6a1b082fa0eac8b6478889a0c28bf05e48073
Author: Nick Mathewson 
Date:   Thu Nov 16 13:53:48 2017 -0500

Make our seccomp2 sandbox handle Glibc 2.26

There are three changes here:
  * We need to allow epoll_pwait.
  * We need to allow PF_NETLINK sockets to be opened with SOCK_CLOEXEC.
  * We need to use openat() instead of open().

Note that this fix is not complete, since the openat() change is
turned off.  The next commit will make the openat() change happen
when we're running glibc 2.26 or later.

Fix for 24315.
---
 src/common/sandbox.c | 35 +++
 1 file changed, 31 insertions(+), 4 deletions(-)

diff --git a/src/common/sandbox.c b/src/common/sandbox.c
index 7f4511db2..417c1e305 100644
--- a/src/common/sandbox.c
+++ b/src/common/sandbox.c
@@ -127,6 +127,9 @@ static int filter_nopar_gen[] = {
 SCMP_SYS(clone),
 SCMP_SYS(epoll_create),
 SCMP_SYS(epoll_wait),
+#ifdef __NR_epoll_pwait
+SCMP_SYS(epoll_pwait),
+#endif
 #ifdef HAVE_EVENTFD
 SCMP_SYS(eventfd2),
 #endif
@@ -421,6 +424,21 @@ sb_mmap2(scmp_filter_ctx ctx, sandbox_cfg_t *filter)
 }
 #endif
 
+/** Allow a single file to be opened.  If use_openat is true,
+ * we're using a libc that remaps all the opens into openats. */
+static int
+allow_file_open(scmp_filter_ctx ctx, int use_openat, const char *file)
+{
+  if (use_openat) {
+return seccomp_rule_add_2(ctx, SCMP_ACT_ALLOW, SCMP_SYS(openat),
+  SCMP_CMP_STR(0, SCMP_CMP_EQ, AT_FDCWD),
+  SCMP_CMP_STR(1, SCMP_CMP_EQ, file));
+  } else {
+return seccomp_rule_add_1(ctx, SCMP_ACT_ALLOW, SCMP_SYS(open),
+  SCMP_CMP_STR(0, SCMP_CMP_EQ, file));
+  }
+}
+
 /**
  * Function responsible for setting up the open syscall for
  * the seccomp filter sandbox.
@@ -437,8 +455,7 @@ sb_open(scmp_filter_ctx ctx, sandbox_cfg_t *filter)
 
 if (param != NULL && param->prot == 1 && param->syscall
 == SCMP_SYS(open)) {
-  rc = seccomp_rule_add_1(ctx, SCMP_ACT_ALLOW, SCMP_SYS(open),
-SCMP_CMP_STR(0, SCMP_CMP_EQ, param->value));
+  rc = allow_file_open(ctx, 0 /*  */, param->value);
   if (rc != 0) {
 log_err(LD_BUG,"(Sandbox) failed to add open syscall, received "
 "libseccomp error %d", rc);
@@ -456,6 +473,15 @@ sb_open(scmp_filter_ctx ctx, sandbox_cfg_t *filter)
 return rc;
   }
 
+  rc = seccomp_rule_add_1(ctx, SCMP_ACT_ERRNO(EACCES), SCMP_SYS(openat),
+SCMP_CMP_MASKED(2, O_CLOEXEC|O_NONBLOCK|O_NOCTTY|O_NOFOLLOW,
+O_RDONLY));
+  if (rc != 0) {
+log_err(LD_BUG,"(Sandbox) failed to add openat syscall, received "
+"libseccomp error %d", rc);
+return rc;
+  }
+
   return 0;
 }
 
@@ -645,7 +671,7 @@ sb_socket(scmp_filter_ctx ctx, sandbox_cfg_t *filter)
 
   rc = seccomp_rule_add_3(ctx, SCMP_ACT_ALLOW, SCMP_SYS(socket),
   SCMP_CMP(0, SCMP_CMP_EQ, PF_NETLINK),
-  SCMP_CMP(1, SCMP_CMP_EQ, SOCK_RAW),
+  SCMP_CMP_MASKED(1, SOCK_CLOEXEC, SOCK_RAW),
   SCMP_CMP(2, SCMP_CMP_EQ, 0));
   if (rc)
 return rc;
@@ -1616,7 +1642,8 @@ add_param_filter(scmp_filter_ctx ctx, sandbox_cfg_t* cfg)
 
   // function pointer
   for (i = 0; i < ARRAY_LENGTH(filter_func); i++) {
-if ((filter_func[i])(ctx, cfg)) {
+rc = filter_func[i](ctx, cfg);
+if (rc) {
   log_err(LD_BUG,"(Sandbox) failed to add syscall %d, received libseccomp "
   "error %d", i, rc);
   return rc;



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/release-0.2.9] Check the libc version to decide whether to allow openat.

[nickm]

commit 2d3904aba67e79e57db1814033b1df3f77336065
Author: Nick Mathewson 
Date:   Thu Nov 16 14:06:38 2017 -0500

Check the libc version to decide whether to allow openat.
---
 configure.ac |  2 ++
 src/common/sandbox.c | 38 +-
 2 files changed, 39 insertions(+), 1 deletion(-)

diff --git a/configure.ac b/configure.ac
index f2c3f90ba..3ff819052 100644
--- a/configure.ac
+++ b/configure.ac
@@ -390,6 +390,7 @@ AC_CHECK_FUNCS(
 getrlimit \
 gettimeofday \
 gmtime_r \
+   gnu_get_libc_version \
htonll \
 inet_aton \
 ioctl \
@@ -1011,6 +1012,7 @@ AC_CHECK_HEADERS([assert.h \
   arpa/inet.h \
   crt_externs.h \
   execinfo.h \
+  gnu/libc-version.h \
   grp.h \
   ifaddrs.h \
   inttypes.h \
diff --git a/src/common/sandbox.c b/src/common/sandbox.c
index 417c1e305..d0ead2cae 100644
--- a/src/common/sandbox.c
+++ b/src/common/sandbox.c
@@ -56,6 +56,9 @@
 #include 
 #include 
 
+#ifdef HAVE_GNU_LIBC_VERSION_H
+#include 
+#endif
 #ifdef HAVE_LINUX_NETFILTER_IPV4_H
 #include 
 #endif
@@ -424,6 +427,37 @@ sb_mmap2(scmp_filter_ctx ctx, sandbox_cfg_t *filter)
 }
 #endif
 
+#ifdef HAVE_GNU_LIBC_VERSION_H
+#ifdef HAVE_GNU_GET_LIBC_VERSION
+#define CHECK_LIBC_VERSION
+#endif
+#endif
+
+/* Return true if we think we're running with a libc that always uses
+ * openat on linux. */
+static int
+libc_uses_openat_for_everything(void)
+{
+#ifdef CHECK_LIBC_VERSION
+  const char *version = gnu_get_libc_version();
+  if (version == NULL)
+return 0;
+
+  int major = -1;
+  int minor = -1;
+
+  tor_sscanf(version, "%d.%d", , );
+  if (major >= 3)
+return 1;
+  else if (major == 2 && minor >= 26)
+return 1;
+  else
+return 0;
+#else
+  return 0;
+#endif
+}
+
 /** Allow a single file to be opened.  If use_openat is true,
  * we're using a libc that remaps all the opens into openats. */
 static int
@@ -449,13 +483,15 @@ sb_open(scmp_filter_ctx ctx, sandbox_cfg_t *filter)
   int rc;
   sandbox_cfg_t *elem = NULL;
 
+  int use_openat = libc_uses_openat_for_everything();
+
   // for each dynamic parameter filters
   for (elem = filter; elem != NULL; elem = elem->next) {
 smp_param_t *param = elem->param;
 
 if (param != NULL && param->prot == 1 && param->syscall
 == SCMP_SYS(open)) {
-  rc = allow_file_open(ctx, 0 /*  */, param->value);
+  rc = allow_file_open(ctx, use_openat, param->value);
   if (rc != 0) {
 log_err(LD_BUG,"(Sandbox) failed to add open syscall, received "
 "libseccomp error %d", rc);



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/maint-0.3.1] Add a changes file.

[nickm]

commit 80bf270404a52c634a14f6aad594dec4e9ce1e12
Author: Nick Mathewson 
Date:   Thu Nov 16 14:07:58 2017 -0500

Add a changes file.
---
 changes/ticket24315 | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/changes/ticket24315 b/changes/ticket24315
new file mode 100644
index 0..df34dbf41
--- /dev/null
+++ b/changes/ticket24315
@@ -0,0 +1,3 @@
+  o Major features (linux seccomp2 sandbox):
+- Update the sandbox rules so that they should now work correctly with
+  Glibc 2.26.  Closes  ticket 24315.



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/maint-0.2.9] Add a changes file.

[nickm]

commit 80bf270404a52c634a14f6aad594dec4e9ce1e12
Author: Nick Mathewson 
Date:   Thu Nov 16 14:07:58 2017 -0500

Add a changes file.
---
 changes/ticket24315 | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/changes/ticket24315 b/changes/ticket24315
new file mode 100644
index 0..df34dbf41
--- /dev/null
+++ b/changes/ticket24315
@@ -0,0 +1,3 @@
+  o Major features (linux seccomp2 sandbox):
+- Update the sandbox rules so that they should now work correctly with
+  Glibc 2.26.  Closes  ticket 24315.



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/master] Merge branch 'maint-0.2.9' into maint-0.3.1

[nickm]

commit 8939eaf479bc123e774421c9de6dfc3c864e0326
Merge: eccef6ba6 848ba26c1
Author: Nick Mathewson 
Date:   Sun Feb 11 18:09:35 2018 -0500

Merge branch 'maint-0.2.9' into maint-0.3.1

 changes/ticket24315  |  3 +++
 configure.ac |  2 ++
 src/common/sandbox.c | 71 +---
 3 files changed, 72 insertions(+), 4 deletions(-)




___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/maint-0.3.2] Merge branch 'maint-0.3.1' into maint-0.3.2

[nickm]

commit 67043d957f2f3cc107c5e0cb3f5c2caa35639506
Merge: 684d57fe8 8939eaf47
Author: Nick Mathewson 
Date:   Sun Feb 11 18:09:35 2018 -0500

Merge branch 'maint-0.3.1' into maint-0.3.2

___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/maint-0.2.9] Check the libc version to decide whether to allow openat.

[nickm]

commit 2d3904aba67e79e57db1814033b1df3f77336065
Author: Nick Mathewson 
Date:   Thu Nov 16 14:06:38 2017 -0500

Check the libc version to decide whether to allow openat.
---
 configure.ac |  2 ++
 src/common/sandbox.c | 38 +-
 2 files changed, 39 insertions(+), 1 deletion(-)

diff --git a/configure.ac b/configure.ac
index f2c3f90ba..3ff819052 100644
--- a/configure.ac
+++ b/configure.ac
@@ -390,6 +390,7 @@ AC_CHECK_FUNCS(
 getrlimit \
 gettimeofday \
 gmtime_r \
+   gnu_get_libc_version \
htonll \
 inet_aton \
 ioctl \
@@ -1011,6 +1012,7 @@ AC_CHECK_HEADERS([assert.h \
   arpa/inet.h \
   crt_externs.h \
   execinfo.h \
+  gnu/libc-version.h \
   grp.h \
   ifaddrs.h \
   inttypes.h \
diff --git a/src/common/sandbox.c b/src/common/sandbox.c
index 417c1e305..d0ead2cae 100644
--- a/src/common/sandbox.c
+++ b/src/common/sandbox.c
@@ -56,6 +56,9 @@
 #include 
 #include 
 
+#ifdef HAVE_GNU_LIBC_VERSION_H
+#include 
+#endif
 #ifdef HAVE_LINUX_NETFILTER_IPV4_H
 #include 
 #endif
@@ -424,6 +427,37 @@ sb_mmap2(scmp_filter_ctx ctx, sandbox_cfg_t *filter)
 }
 #endif
 
+#ifdef HAVE_GNU_LIBC_VERSION_H
+#ifdef HAVE_GNU_GET_LIBC_VERSION
+#define CHECK_LIBC_VERSION
+#endif
+#endif
+
+/* Return true if we think we're running with a libc that always uses
+ * openat on linux. */
+static int
+libc_uses_openat_for_everything(void)
+{
+#ifdef CHECK_LIBC_VERSION
+  const char *version = gnu_get_libc_version();
+  if (version == NULL)
+return 0;
+
+  int major = -1;
+  int minor = -1;
+
+  tor_sscanf(version, "%d.%d", , );
+  if (major >= 3)
+return 1;
+  else if (major == 2 && minor >= 26)
+return 1;
+  else
+return 0;
+#else
+  return 0;
+#endif
+}
+
 /** Allow a single file to be opened.  If use_openat is true,
  * we're using a libc that remaps all the opens into openats. */
 static int
@@ -449,13 +483,15 @@ sb_open(scmp_filter_ctx ctx, sandbox_cfg_t *filter)
   int rc;
   sandbox_cfg_t *elem = NULL;
 
+  int use_openat = libc_uses_openat_for_everything();
+
   // for each dynamic parameter filters
   for (elem = filter; elem != NULL; elem = elem->next) {
 smp_param_t *param = elem->param;
 
 if (param != NULL && param->prot == 1 && param->syscall
 == SCMP_SYS(open)) {
-  rc = allow_file_open(ctx, 0 /*  */, param->value);
+  rc = allow_file_open(ctx, use_openat, param->value);
   if (rc != 0) {
 log_err(LD_BUG,"(Sandbox) failed to add open syscall, received "
 "libseccomp error %d", rc);



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/maint-0.3.2] Merge branch 'maint-0.2.9' into maint-0.3.1

[nickm]

commit 8939eaf479bc123e774421c9de6dfc3c864e0326
Merge: eccef6ba6 848ba26c1
Author: Nick Mathewson 
Date:   Sun Feb 11 18:09:35 2018 -0500

Merge branch 'maint-0.2.9' into maint-0.3.1

 changes/ticket24315  |  3 +++
 configure.ac |  2 ++
 src/common/sandbox.c | 71 +---
 3 files changed, 72 insertions(+), 4 deletions(-)




___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/release-0.2.9] Make our seccomp2 sandbox handle Glibc 2.26

[nickm]

commit d2d6a1b082fa0eac8b6478889a0c28bf05e48073
Author: Nick Mathewson 
Date:   Thu Nov 16 13:53:48 2017 -0500

Make our seccomp2 sandbox handle Glibc 2.26

There are three changes here:
  * We need to allow epoll_pwait.
  * We need to allow PF_NETLINK sockets to be opened with SOCK_CLOEXEC.
  * We need to use openat() instead of open().

Note that this fix is not complete, since the openat() change is
turned off.  The next commit will make the openat() change happen
when we're running glibc 2.26 or later.

Fix for 24315.
---
 src/common/sandbox.c | 35 +++
 1 file changed, 31 insertions(+), 4 deletions(-)

diff --git a/src/common/sandbox.c b/src/common/sandbox.c
index 7f4511db2..417c1e305 100644
--- a/src/common/sandbox.c
+++ b/src/common/sandbox.c
@@ -127,6 +127,9 @@ static int filter_nopar_gen[] = {
 SCMP_SYS(clone),
 SCMP_SYS(epoll_create),
 SCMP_SYS(epoll_wait),
+#ifdef __NR_epoll_pwait
+SCMP_SYS(epoll_pwait),
+#endif
 #ifdef HAVE_EVENTFD
 SCMP_SYS(eventfd2),
 #endif
@@ -421,6 +424,21 @@ sb_mmap2(scmp_filter_ctx ctx, sandbox_cfg_t *filter)
 }
 #endif
 
+/** Allow a single file to be opened.  If use_openat is true,
+ * we're using a libc that remaps all the opens into openats. */
+static int
+allow_file_open(scmp_filter_ctx ctx, int use_openat, const char *file)
+{
+  if (use_openat) {
+return seccomp_rule_add_2(ctx, SCMP_ACT_ALLOW, SCMP_SYS(openat),
+  SCMP_CMP_STR(0, SCMP_CMP_EQ, AT_FDCWD),
+  SCMP_CMP_STR(1, SCMP_CMP_EQ, file));
+  } else {
+return seccomp_rule_add_1(ctx, SCMP_ACT_ALLOW, SCMP_SYS(open),
+  SCMP_CMP_STR(0, SCMP_CMP_EQ, file));
+  }
+}
+
 /**
  * Function responsible for setting up the open syscall for
  * the seccomp filter sandbox.
@@ -437,8 +455,7 @@ sb_open(scmp_filter_ctx ctx, sandbox_cfg_t *filter)
 
 if (param != NULL && param->prot == 1 && param->syscall
 == SCMP_SYS(open)) {
-  rc = seccomp_rule_add_1(ctx, SCMP_ACT_ALLOW, SCMP_SYS(open),
-SCMP_CMP_STR(0, SCMP_CMP_EQ, param->value));
+  rc = allow_file_open(ctx, 0 /*  */, param->value);
   if (rc != 0) {
 log_err(LD_BUG,"(Sandbox) failed to add open syscall, received "
 "libseccomp error %d", rc);
@@ -456,6 +473,15 @@ sb_open(scmp_filter_ctx ctx, sandbox_cfg_t *filter)
 return rc;
   }
 
+  rc = seccomp_rule_add_1(ctx, SCMP_ACT_ERRNO(EACCES), SCMP_SYS(openat),
+SCMP_CMP_MASKED(2, O_CLOEXEC|O_NONBLOCK|O_NOCTTY|O_NOFOLLOW,
+O_RDONLY));
+  if (rc != 0) {
+log_err(LD_BUG,"(Sandbox) failed to add openat syscall, received "
+"libseccomp error %d", rc);
+return rc;
+  }
+
   return 0;
 }
 
@@ -645,7 +671,7 @@ sb_socket(scmp_filter_ctx ctx, sandbox_cfg_t *filter)
 
   rc = seccomp_rule_add_3(ctx, SCMP_ACT_ALLOW, SCMP_SYS(socket),
   SCMP_CMP(0, SCMP_CMP_EQ, PF_NETLINK),
-  SCMP_CMP(1, SCMP_CMP_EQ, SOCK_RAW),
+  SCMP_CMP_MASKED(1, SOCK_CLOEXEC, SOCK_RAW),
   SCMP_CMP(2, SCMP_CMP_EQ, 0));
   if (rc)
 return rc;
@@ -1616,7 +1642,8 @@ add_param_filter(scmp_filter_ctx ctx, sandbox_cfg_t* cfg)
 
   // function pointer
   for (i = 0; i < ARRAY_LENGTH(filter_func); i++) {
-if ((filter_func[i])(ctx, cfg)) {
+rc = filter_func[i](ctx, cfg);
+if (rc) {
   log_err(LD_BUG,"(Sandbox) failed to add syscall %d, received libseccomp "
   "error %d", i, rc);
   return rc;



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/maint-0.3.1] Check the libc version to decide whether to allow openat.

[nickm]

commit 2d3904aba67e79e57db1814033b1df3f77336065
Author: Nick Mathewson 
Date:   Thu Nov 16 14:06:38 2017 -0500

Check the libc version to decide whether to allow openat.
---
 configure.ac |  2 ++
 src/common/sandbox.c | 38 +-
 2 files changed, 39 insertions(+), 1 deletion(-)

diff --git a/configure.ac b/configure.ac
index f2c3f90ba..3ff819052 100644
--- a/configure.ac
+++ b/configure.ac
@@ -390,6 +390,7 @@ AC_CHECK_FUNCS(
 getrlimit \
 gettimeofday \
 gmtime_r \
+   gnu_get_libc_version \
htonll \
 inet_aton \
 ioctl \
@@ -1011,6 +1012,7 @@ AC_CHECK_HEADERS([assert.h \
   arpa/inet.h \
   crt_externs.h \
   execinfo.h \
+  gnu/libc-version.h \
   grp.h \
   ifaddrs.h \
   inttypes.h \
diff --git a/src/common/sandbox.c b/src/common/sandbox.c
index 417c1e305..d0ead2cae 100644
--- a/src/common/sandbox.c
+++ b/src/common/sandbox.c
@@ -56,6 +56,9 @@
 #include 
 #include 
 
+#ifdef HAVE_GNU_LIBC_VERSION_H
+#include 
+#endif
 #ifdef HAVE_LINUX_NETFILTER_IPV4_H
 #include 
 #endif
@@ -424,6 +427,37 @@ sb_mmap2(scmp_filter_ctx ctx, sandbox_cfg_t *filter)
 }
 #endif
 
+#ifdef HAVE_GNU_LIBC_VERSION_H
+#ifdef HAVE_GNU_GET_LIBC_VERSION
+#define CHECK_LIBC_VERSION
+#endif
+#endif
+
+/* Return true if we think we're running with a libc that always uses
+ * openat on linux. */
+static int
+libc_uses_openat_for_everything(void)
+{
+#ifdef CHECK_LIBC_VERSION
+  const char *version = gnu_get_libc_version();
+  if (version == NULL)
+return 0;
+
+  int major = -1;
+  int minor = -1;
+
+  tor_sscanf(version, "%d.%d", , );
+  if (major >= 3)
+return 1;
+  else if (major == 2 && minor >= 26)
+return 1;
+  else
+return 0;
+#else
+  return 0;
+#endif
+}
+
 /** Allow a single file to be opened.  If use_openat is true,
  * we're using a libc that remaps all the opens into openats. */
 static int
@@ -449,13 +483,15 @@ sb_open(scmp_filter_ctx ctx, sandbox_cfg_t *filter)
   int rc;
   sandbox_cfg_t *elem = NULL;
 
+  int use_openat = libc_uses_openat_for_everything();
+
   // for each dynamic parameter filters
   for (elem = filter; elem != NULL; elem = elem->next) {
 smp_param_t *param = elem->param;
 
 if (param != NULL && param->prot == 1 && param->syscall
 == SCMP_SYS(open)) {
-  rc = allow_file_open(ctx, 0 /*  */, param->value);
+  rc = allow_file_open(ctx, use_openat, param->value);
   if (rc != 0) {
 log_err(LD_BUG,"(Sandbox) failed to add open syscall, received "
 "libseccomp error %d", rc);



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/release-0.3.2] Add a cast to avoid a signed/unsigned comparison

[nickm]

commit 0bfd5a659777688798722a20f894797a4f4b54f0
Author: Nick Mathewson 
Date:   Wed Jan 17 09:06:32 2018 -0500

Add a cast to avoid a signed/unsigned comparison
---
 src/common/compat.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/common/compat.c b/src/common/compat.c
index a88e9b514..4ac443c13 100644
--- a/src/common/compat.c
+++ b/src/common/compat.c
@@ -1723,7 +1723,7 @@ set_max_file_descriptors(rlim_t limit, int *max_out)
 if (errno == EINVAL && try_limit < (uint64_t) rlim.rlim_cur) {
   /* On some platforms, OPEN_MAX is the real limit, and getrlimit() is
* full of nasty lies.  I'm looking at you, OSX 10.5 */
-  rlim.rlim_cur = MIN(try_limit, rlim.rlim_cur);
+  rlim.rlim_cur = MIN((rlim_t) try_limit, rlim.rlim_cur);
   if (setrlimit(RLIMIT_NOFILE, ) == 0) {
 if (rlim.rlim_cur < (rlim_t)limit) {
   log_warn(LD_CONFIG, "We are limited to %lu file descriptors by "



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/release-0.3.2] Merge branch 'maint-0.2.9' into maint-0.3.1

[nickm]

commit eccef6ba60e59c6d7001d8f6623eb4d01ea8ca11
Merge: 86583ad78 5dc785cee
Author: Nick Mathewson 
Date:   Sun Feb 11 16:51:56 2018 -0500

Merge branch 'maint-0.2.9' into maint-0.3.1

 changes/bug21074_downgrade |  4 
 src/common/compat.c| 14 +++---
 2 files changed, 11 insertions(+), 7 deletions(-)




___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/release-0.3.2] Merge branch 'maint-0.3.1' into maint-0.3.2

[nickm]

commit 684d57fe8a21ee74b7b66f0035674ccbe0c1f921
Merge: 4de20d175 eccef6ba6
Author: Nick Mathewson 
Date:   Sun Feb 11 17:00:52 2018 -0500

Merge branch 'maint-0.3.1' into maint-0.3.2

 changes/bug21074_downgrade |  4 
 src/common/compat.c| 14 +++---
 2 files changed, 11 insertions(+), 7 deletions(-)

diff --cc src/common/compat.c
index 7fe97488e,4a1f0013c..83bb707e1
--- a/src/common/compat.c
+++ b/src/common/compat.c
@@@ -1753,14 -1752,13 +1754,13 @@@ set_max_file_descriptors(rlim_t limit, 
 (unsigned long)try_limit, (unsigned long)OPEN_MAX,
 (unsigned long)rlim.rlim_max);
  }
- bad = 0;
+ couldnt_set = 0;
}
  }
 -#endif /* OPEN_MAX */
 +#endif /* defined(OPEN_MAX) */
- if (bad) {
+ if (couldnt_set) {
log_warn(LD_CONFIG,"Couldn't set maximum number of file descriptors: 
%s",
-strerror(errno));
-   return -1;
+strerror(setrlimit_errno));
  }
}
/* leave some overhead for logs, etc, */



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/release-0.3.2] Merge branch 'maint-0.3.2' into release-0.3.2

[nickm]

commit 9e81221c96793adfe3c46979ae4f749ff26e3644
Merge: cb3c1f2e5 684d57fe8
Author: Nick Mathewson 
Date:   Sun Feb 11 17:01:00 2018 -0500

Merge branch 'maint-0.3.2' into release-0.3.2

 changes/bug21074_downgrade |  4 
 src/common/compat.c| 14 +++---
 2 files changed, 11 insertions(+), 7 deletions(-)

___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/release-0.3.2] Merge remote-tracking branch 'public/bug21074_029' into maint-0.2.9

[nickm]

commit 5dc785ceef465125f180f020991ec2c363bb8abc
Merge: 320dac460 0bfd5a659
Author: Nick Mathewson 
Date:   Sun Feb 11 16:51:53 2018 -0500

Merge remote-tracking branch 'public/bug21074_029' into maint-0.2.9

 changes/bug21074_downgrade |  4 
 src/common/compat.c| 14 +++---
 2 files changed, 11 insertions(+), 7 deletions(-)



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/release-0.2.9] Merge remote-tracking branch 'public/bug21074_029' into maint-0.2.9

[nickm]

commit 5dc785ceef465125f180f020991ec2c363bb8abc
Merge: 320dac460 0bfd5a659
Author: Nick Mathewson 
Date:   Sun Feb 11 16:51:53 2018 -0500

Merge remote-tracking branch 'public/bug21074_029' into maint-0.2.9

 changes/bug21074_downgrade |  4 
 src/common/compat.c| 14 +++---
 2 files changed, 11 insertions(+), 7 deletions(-)



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/master] Merge branch 'maint-0.3.2'

[nickm]

commit bdc29eaa7efa4227cd718325d966c4e139a2fd47
Merge: a75ae628c 684d57fe8
Author: Nick Mathewson 
Date:   Sun Feb 11 17:01:00 2018 -0500

Merge branch 'maint-0.3.2'

___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/release-0.3.1] Merge remote-tracking branch 'public/bug21074_029' into maint-0.2.9

[nickm]

commit 5dc785ceef465125f180f020991ec2c363bb8abc
Merge: 320dac460 0bfd5a659
Author: Nick Mathewson 
Date:   Sun Feb 11 16:51:53 2018 -0500

Merge remote-tracking branch 'public/bug21074_029' into maint-0.2.9

 changes/bug21074_downgrade |  4 
 src/common/compat.c| 14 +++---
 2 files changed, 11 insertions(+), 7 deletions(-)



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/release-0.2.9] Merge branch 'maint-0.2.9' into release-0.2.9

[nickm]

commit da194bb490e3f3e7ad9a06a43d7a007059a0e87f
Merge: 890162761 5dc785cee
Author: Nick Mathewson 
Date:   Sun Feb 11 16:51:56 2018 -0500

Merge branch 'maint-0.2.9' into release-0.2.9

 changes/bug21074_downgrade |  4 
 src/common/compat.c| 14 +++---
 2 files changed, 11 insertions(+), 7 deletions(-)

___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/release-0.3.1] Don't treat a setrlimit failure as fatal.

[nickm]

commit 68ca6d2e1971372617f920e71a4a51e16900095e
Author: Nick Mathewson 
Date:   Thu Jan 4 13:20:37 2018 -0500

Don't treat a setrlimit failure as fatal.

Fixes bug 21074; bugfix on 4689243242e2e12 in 0.0.9rc5 when we
started doing setrlimit() in the first place.
---
 changes/bug21074_downgrade |  4 
 src/common/compat.c| 14 +++---
 2 files changed, 11 insertions(+), 7 deletions(-)

diff --git a/changes/bug21074_downgrade b/changes/bug21074_downgrade
new file mode 100644
index 0..c9f81bd13
--- /dev/null
+++ b/changes/bug21074_downgrade
@@ -0,0 +1,4 @@
+  o Minor bugfixes:
+- Don't exit the Tor process if setrlimit() fails to change the file
+  limit (which can happen sometimes on some versions of OSX). Fixes
+  bug 21074; bugfix on 0.0.9pre5.
diff --git a/src/common/compat.c b/src/common/compat.c
index e16dfb1d2..a88e9b514 100644
--- a/src/common/compat.c
+++ b/src/common/compat.c
@@ -1651,7 +1651,7 @@ get_max_sockets(void)
  * fail by returning -1 and max_out is untouched.
  *
  * If we are unable to set the limit value because of setrlimit() failing,
- * return -1 and max_out is set to the current maximum value returned
+ * return 0 and max_out is set to the current maximum value returned
  * by getrlimit().
  *
  * Otherwise, return 0 and store the maximum we found inside max_out
@@ -1716,13 +1716,14 @@ set_max_file_descriptors(rlim_t limit, int *max_out)
   rlim.rlim_cur = rlim.rlim_max;
 
   if (setrlimit(RLIMIT_NOFILE, ) != 0) {
-int bad = 1;
+int couldnt_set = 1;
+const int setrlimit_errno = errno;
 #ifdef OPEN_MAX
 uint64_t try_limit = OPEN_MAX - ULIMIT_BUFFER;
 if (errno == EINVAL && try_limit < (uint64_t) rlim.rlim_cur) {
   /* On some platforms, OPEN_MAX is the real limit, and getrlimit() is
* full of nasty lies.  I'm looking at you, OSX 10.5 */
-  rlim.rlim_cur = try_limit;
+  rlim.rlim_cur = MIN(try_limit, rlim.rlim_cur);
   if (setrlimit(RLIMIT_NOFILE, ) == 0) {
 if (rlim.rlim_cur < (rlim_t)limit) {
   log_warn(LD_CONFIG, "We are limited to %lu file descriptors by "
@@ -1737,14 +1738,13 @@ set_max_file_descriptors(rlim_t limit, int *max_out)
(unsigned long)try_limit, (unsigned long)OPEN_MAX,
(unsigned long)rlim.rlim_max);
 }
-bad = 0;
+couldnt_set = 0;
   }
 }
 #endif /* OPEN_MAX */
-if (bad) {
+if (couldnt_set) {
   log_warn(LD_CONFIG,"Couldn't set maximum number of file descriptors: %s",
-   strerror(errno));
-  return -1;
+   strerror(setrlimit_errno));
 }
   }
   /* leave some overhead for logs, etc, */



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/release-0.3.1] Merge branch 'maint-0.3.1' into release-0.3.1

[nickm]

commit cf55f0516c9eecc3e2779931fdba9eeb5335f569
Merge: ed13a7f62 eccef6ba6
Author: Nick Mathewson 
Date:   Sun Feb 11 16:51:56 2018 -0500

Merge branch 'maint-0.3.1' into release-0.3.1

 changes/bug21074_downgrade |  4 
 src/common/compat.c| 14 +++---
 2 files changed, 11 insertions(+), 7 deletions(-)

___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/release-0.3.1] Merge branch 'maint-0.2.9' into maint-0.3.1

[nickm]

commit eccef6ba60e59c6d7001d8f6623eb4d01ea8ca11
Merge: 86583ad78 5dc785cee
Author: Nick Mathewson 
Date:   Sun Feb 11 16:51:56 2018 -0500

Merge branch 'maint-0.2.9' into maint-0.3.1

 changes/bug21074_downgrade |  4 
 src/common/compat.c| 14 +++---
 2 files changed, 11 insertions(+), 7 deletions(-)




___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/maint-0.3.1] Merge remote-tracking branch 'public/bug21074_029' into maint-0.2.9

[nickm]

commit 5dc785ceef465125f180f020991ec2c363bb8abc
Merge: 320dac460 0bfd5a659
Author: Nick Mathewson 
Date:   Sun Feb 11 16:51:53 2018 -0500

Merge remote-tracking branch 'public/bug21074_029' into maint-0.2.9

 changes/bug21074_downgrade |  4 
 src/common/compat.c| 14 +++---
 2 files changed, 11 insertions(+), 7 deletions(-)



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/master] Merge remote-tracking branch 'public/bug21074_029' into maint-0.2.9

[nickm]

commit 5dc785ceef465125f180f020991ec2c363bb8abc
Merge: 320dac460 0bfd5a659
Author: Nick Mathewson 
Date:   Sun Feb 11 16:51:53 2018 -0500

Merge remote-tracking branch 'public/bug21074_029' into maint-0.2.9

 changes/bug21074_downgrade |  4 
 src/common/compat.c| 14 +++---
 2 files changed, 11 insertions(+), 7 deletions(-)



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/release-0.3.1] Add a cast to avoid a signed/unsigned comparison

[nickm]

commit 0bfd5a659777688798722a20f894797a4f4b54f0
Author: Nick Mathewson 
Date:   Wed Jan 17 09:06:32 2018 -0500

Add a cast to avoid a signed/unsigned comparison
---
 src/common/compat.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/common/compat.c b/src/common/compat.c
index a88e9b514..4ac443c13 100644
--- a/src/common/compat.c
+++ b/src/common/compat.c
@@ -1723,7 +1723,7 @@ set_max_file_descriptors(rlim_t limit, int *max_out)
 if (errno == EINVAL && try_limit < (uint64_t) rlim.rlim_cur) {
   /* On some platforms, OPEN_MAX is the real limit, and getrlimit() is
* full of nasty lies.  I'm looking at you, OSX 10.5 */
-  rlim.rlim_cur = MIN(try_limit, rlim.rlim_cur);
+  rlim.rlim_cur = MIN((rlim_t) try_limit, rlim.rlim_cur);
   if (setrlimit(RLIMIT_NOFILE, ) == 0) {
 if (rlim.rlim_cur < (rlim_t)limit) {
   log_warn(LD_CONFIG, "We are limited to %lu file descriptors by "



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/release-0.3.2] Don't treat a setrlimit failure as fatal.

[nickm]

commit 68ca6d2e1971372617f920e71a4a51e16900095e
Author: Nick Mathewson 
Date:   Thu Jan 4 13:20:37 2018 -0500

Don't treat a setrlimit failure as fatal.

Fixes bug 21074; bugfix on 4689243242e2e12 in 0.0.9rc5 when we
started doing setrlimit() in the first place.
---
 changes/bug21074_downgrade |  4 
 src/common/compat.c| 14 +++---
 2 files changed, 11 insertions(+), 7 deletions(-)

diff --git a/changes/bug21074_downgrade b/changes/bug21074_downgrade
new file mode 100644
index 0..c9f81bd13
--- /dev/null
+++ b/changes/bug21074_downgrade
@@ -0,0 +1,4 @@
+  o Minor bugfixes:
+- Don't exit the Tor process if setrlimit() fails to change the file
+  limit (which can happen sometimes on some versions of OSX). Fixes
+  bug 21074; bugfix on 0.0.9pre5.
diff --git a/src/common/compat.c b/src/common/compat.c
index e16dfb1d2..a88e9b514 100644
--- a/src/common/compat.c
+++ b/src/common/compat.c
@@ -1651,7 +1651,7 @@ get_max_sockets(void)
  * fail by returning -1 and max_out is untouched.
  *
  * If we are unable to set the limit value because of setrlimit() failing,
- * return -1 and max_out is set to the current maximum value returned
+ * return 0 and max_out is set to the current maximum value returned
  * by getrlimit().
  *
  * Otherwise, return 0 and store the maximum we found inside max_out
@@ -1716,13 +1716,14 @@ set_max_file_descriptors(rlim_t limit, int *max_out)
   rlim.rlim_cur = rlim.rlim_max;
 
   if (setrlimit(RLIMIT_NOFILE, ) != 0) {
-int bad = 1;
+int couldnt_set = 1;
+const int setrlimit_errno = errno;
 #ifdef OPEN_MAX
 uint64_t try_limit = OPEN_MAX - ULIMIT_BUFFER;
 if (errno == EINVAL && try_limit < (uint64_t) rlim.rlim_cur) {
   /* On some platforms, OPEN_MAX is the real limit, and getrlimit() is
* full of nasty lies.  I'm looking at you, OSX 10.5 */
-  rlim.rlim_cur = try_limit;
+  rlim.rlim_cur = MIN(try_limit, rlim.rlim_cur);
   if (setrlimit(RLIMIT_NOFILE, ) == 0) {
 if (rlim.rlim_cur < (rlim_t)limit) {
   log_warn(LD_CONFIG, "We are limited to %lu file descriptors by "
@@ -1737,14 +1738,13 @@ set_max_file_descriptors(rlim_t limit, int *max_out)
(unsigned long)try_limit, (unsigned long)OPEN_MAX,
(unsigned long)rlim.rlim_max);
 }
-bad = 0;
+couldnt_set = 0;
   }
 }
 #endif /* OPEN_MAX */
-if (bad) {
+if (couldnt_set) {
   log_warn(LD_CONFIG,"Couldn't set maximum number of file descriptors: %s",
-   strerror(errno));
-  return -1;
+   strerror(setrlimit_errno));
 }
   }
   /* leave some overhead for logs, etc, */



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/maint-0.3.2] Add a cast to avoid a signed/unsigned comparison

[nickm]

commit 0bfd5a659777688798722a20f894797a4f4b54f0
Author: Nick Mathewson 
Date:   Wed Jan 17 09:06:32 2018 -0500

Add a cast to avoid a signed/unsigned comparison
---
 src/common/compat.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/common/compat.c b/src/common/compat.c
index a88e9b514..4ac443c13 100644
--- a/src/common/compat.c
+++ b/src/common/compat.c
@@ -1723,7 +1723,7 @@ set_max_file_descriptors(rlim_t limit, int *max_out)
 if (errno == EINVAL && try_limit < (uint64_t) rlim.rlim_cur) {
   /* On some platforms, OPEN_MAX is the real limit, and getrlimit() is
* full of nasty lies.  I'm looking at you, OSX 10.5 */
-  rlim.rlim_cur = MIN(try_limit, rlim.rlim_cur);
+  rlim.rlim_cur = MIN((rlim_t) try_limit, rlim.rlim_cur);
   if (setrlimit(RLIMIT_NOFILE, ) == 0) {
 if (rlim.rlim_cur < (rlim_t)limit) {
   log_warn(LD_CONFIG, "We are limited to %lu file descriptors by "



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/maint-0.3.2] Merge remote-tracking branch 'public/bug21074_029' into maint-0.2.9

[nickm]

commit 5dc785ceef465125f180f020991ec2c363bb8abc
Merge: 320dac460 0bfd5a659
Author: Nick Mathewson 
Date:   Sun Feb 11 16:51:53 2018 -0500

Merge remote-tracking branch 'public/bug21074_029' into maint-0.2.9

 changes/bug21074_downgrade |  4 
 src/common/compat.c| 14 +++---
 2 files changed, 11 insertions(+), 7 deletions(-)



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/master] Merge branch 'maint-0.2.9' into maint-0.3.1

[nickm]

commit eccef6ba60e59c6d7001d8f6623eb4d01ea8ca11
Merge: 86583ad78 5dc785cee
Author: Nick Mathewson 
Date:   Sun Feb 11 16:51:56 2018 -0500

Merge branch 'maint-0.2.9' into maint-0.3.1

 changes/bug21074_downgrade |  4 
 src/common/compat.c| 14 +++---
 2 files changed, 11 insertions(+), 7 deletions(-)




___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/maint-0.3.2] Don't treat a setrlimit failure as fatal.

[nickm]

commit 68ca6d2e1971372617f920e71a4a51e16900095e
Author: Nick Mathewson 
Date:   Thu Jan 4 13:20:37 2018 -0500

Don't treat a setrlimit failure as fatal.

Fixes bug 21074; bugfix on 4689243242e2e12 in 0.0.9rc5 when we
started doing setrlimit() in the first place.
---
 changes/bug21074_downgrade |  4 
 src/common/compat.c| 14 +++---
 2 files changed, 11 insertions(+), 7 deletions(-)

diff --git a/changes/bug21074_downgrade b/changes/bug21074_downgrade
new file mode 100644
index 0..c9f81bd13
--- /dev/null
+++ b/changes/bug21074_downgrade
@@ -0,0 +1,4 @@
+  o Minor bugfixes:
+- Don't exit the Tor process if setrlimit() fails to change the file
+  limit (which can happen sometimes on some versions of OSX). Fixes
+  bug 21074; bugfix on 0.0.9pre5.
diff --git a/src/common/compat.c b/src/common/compat.c
index e16dfb1d2..a88e9b514 100644
--- a/src/common/compat.c
+++ b/src/common/compat.c
@@ -1651,7 +1651,7 @@ get_max_sockets(void)
  * fail by returning -1 and max_out is untouched.
  *
  * If we are unable to set the limit value because of setrlimit() failing,
- * return -1 and max_out is set to the current maximum value returned
+ * return 0 and max_out is set to the current maximum value returned
  * by getrlimit().
  *
  * Otherwise, return 0 and store the maximum we found inside max_out
@@ -1716,13 +1716,14 @@ set_max_file_descriptors(rlim_t limit, int *max_out)
   rlim.rlim_cur = rlim.rlim_max;
 
   if (setrlimit(RLIMIT_NOFILE, ) != 0) {
-int bad = 1;
+int couldnt_set = 1;
+const int setrlimit_errno = errno;
 #ifdef OPEN_MAX
 uint64_t try_limit = OPEN_MAX - ULIMIT_BUFFER;
 if (errno == EINVAL && try_limit < (uint64_t) rlim.rlim_cur) {
   /* On some platforms, OPEN_MAX is the real limit, and getrlimit() is
* full of nasty lies.  I'm looking at you, OSX 10.5 */
-  rlim.rlim_cur = try_limit;
+  rlim.rlim_cur = MIN(try_limit, rlim.rlim_cur);
   if (setrlimit(RLIMIT_NOFILE, ) == 0) {
 if (rlim.rlim_cur < (rlim_t)limit) {
   log_warn(LD_CONFIG, "We are limited to %lu file descriptors by "
@@ -1737,14 +1738,13 @@ set_max_file_descriptors(rlim_t limit, int *max_out)
(unsigned long)try_limit, (unsigned long)OPEN_MAX,
(unsigned long)rlim.rlim_max);
 }
-bad = 0;
+couldnt_set = 0;
   }
 }
 #endif /* OPEN_MAX */
-if (bad) {
+if (couldnt_set) {
   log_warn(LD_CONFIG,"Couldn't set maximum number of file descriptors: %s",
-   strerror(errno));
-  return -1;
+   strerror(setrlimit_errno));
 }
   }
   /* leave some overhead for logs, etc, */



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/master] Merge branch 'maint-0.3.1' into maint-0.3.2

[nickm]

commit 684d57fe8a21ee74b7b66f0035674ccbe0c1f921
Merge: 4de20d175 eccef6ba6
Author: Nick Mathewson 
Date:   Sun Feb 11 17:00:52 2018 -0500

Merge branch 'maint-0.3.1' into maint-0.3.2

 changes/bug21074_downgrade |  4 
 src/common/compat.c| 14 +++---
 2 files changed, 11 insertions(+), 7 deletions(-)

diff --cc src/common/compat.c
index 7fe97488e,4a1f0013c..83bb707e1
--- a/src/common/compat.c
+++ b/src/common/compat.c
@@@ -1753,14 -1752,13 +1754,13 @@@ set_max_file_descriptors(rlim_t limit, 
 (unsigned long)try_limit, (unsigned long)OPEN_MAX,
 (unsigned long)rlim.rlim_max);
  }
- bad = 0;
+ couldnt_set = 0;
}
  }
 -#endif /* OPEN_MAX */
 +#endif /* defined(OPEN_MAX) */
- if (bad) {
+ if (couldnt_set) {
log_warn(LD_CONFIG,"Couldn't set maximum number of file descriptors: 
%s",
-strerror(errno));
-   return -1;
+strerror(setrlimit_errno));
  }
}
/* leave some overhead for logs, etc, */



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/release-0.2.9] Add a cast to avoid a signed/unsigned comparison

[nickm]

commit 0bfd5a659777688798722a20f894797a4f4b54f0
Author: Nick Mathewson 
Date:   Wed Jan 17 09:06:32 2018 -0500

Add a cast to avoid a signed/unsigned comparison
---
 src/common/compat.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/common/compat.c b/src/common/compat.c
index a88e9b514..4ac443c13 100644
--- a/src/common/compat.c
+++ b/src/common/compat.c
@@ -1723,7 +1723,7 @@ set_max_file_descriptors(rlim_t limit, int *max_out)
 if (errno == EINVAL && try_limit < (uint64_t) rlim.rlim_cur) {
   /* On some platforms, OPEN_MAX is the real limit, and getrlimit() is
* full of nasty lies.  I'm looking at you, OSX 10.5 */
-  rlim.rlim_cur = MIN(try_limit, rlim.rlim_cur);
+  rlim.rlim_cur = MIN((rlim_t) try_limit, rlim.rlim_cur);
   if (setrlimit(RLIMIT_NOFILE, ) == 0) {
 if (rlim.rlim_cur < (rlim_t)limit) {
   log_warn(LD_CONFIG, "We are limited to %lu file descriptors by "



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/maint-0.3.2] Merge branch 'maint-0.2.9' into maint-0.3.1

[nickm]

commit eccef6ba60e59c6d7001d8f6623eb4d01ea8ca11
Merge: 86583ad78 5dc785cee
Author: Nick Mathewson 
Date:   Sun Feb 11 16:51:56 2018 -0500

Merge branch 'maint-0.2.9' into maint-0.3.1

 changes/bug21074_downgrade |  4 
 src/common/compat.c| 14 +++---
 2 files changed, 11 insertions(+), 7 deletions(-)




___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/maint-0.2.9] Don't treat a setrlimit failure as fatal.

[nickm]

commit 68ca6d2e1971372617f920e71a4a51e16900095e
Author: Nick Mathewson 
Date:   Thu Jan 4 13:20:37 2018 -0500

Don't treat a setrlimit failure as fatal.

Fixes bug 21074; bugfix on 4689243242e2e12 in 0.0.9rc5 when we
started doing setrlimit() in the first place.
---
 changes/bug21074_downgrade |  4 
 src/common/compat.c| 14 +++---
 2 files changed, 11 insertions(+), 7 deletions(-)

diff --git a/changes/bug21074_downgrade b/changes/bug21074_downgrade
new file mode 100644
index 0..c9f81bd13
--- /dev/null
+++ b/changes/bug21074_downgrade
@@ -0,0 +1,4 @@
+  o Minor bugfixes:
+- Don't exit the Tor process if setrlimit() fails to change the file
+  limit (which can happen sometimes on some versions of OSX). Fixes
+  bug 21074; bugfix on 0.0.9pre5.
diff --git a/src/common/compat.c b/src/common/compat.c
index e16dfb1d2..a88e9b514 100644
--- a/src/common/compat.c
+++ b/src/common/compat.c
@@ -1651,7 +1651,7 @@ get_max_sockets(void)
  * fail by returning -1 and max_out is untouched.
  *
  * If we are unable to set the limit value because of setrlimit() failing,
- * return -1 and max_out is set to the current maximum value returned
+ * return 0 and max_out is set to the current maximum value returned
  * by getrlimit().
  *
  * Otherwise, return 0 and store the maximum we found inside max_out
@@ -1716,13 +1716,14 @@ set_max_file_descriptors(rlim_t limit, int *max_out)
   rlim.rlim_cur = rlim.rlim_max;
 
   if (setrlimit(RLIMIT_NOFILE, ) != 0) {
-int bad = 1;
+int couldnt_set = 1;
+const int setrlimit_errno = errno;
 #ifdef OPEN_MAX
 uint64_t try_limit = OPEN_MAX - ULIMIT_BUFFER;
 if (errno == EINVAL && try_limit < (uint64_t) rlim.rlim_cur) {
   /* On some platforms, OPEN_MAX is the real limit, and getrlimit() is
* full of nasty lies.  I'm looking at you, OSX 10.5 */
-  rlim.rlim_cur = try_limit;
+  rlim.rlim_cur = MIN(try_limit, rlim.rlim_cur);
   if (setrlimit(RLIMIT_NOFILE, ) == 0) {
 if (rlim.rlim_cur < (rlim_t)limit) {
   log_warn(LD_CONFIG, "We are limited to %lu file descriptors by "
@@ -1737,14 +1738,13 @@ set_max_file_descriptors(rlim_t limit, int *max_out)
(unsigned long)try_limit, (unsigned long)OPEN_MAX,
(unsigned long)rlim.rlim_max);
 }
-bad = 0;
+couldnt_set = 0;
   }
 }
 #endif /* OPEN_MAX */
-if (bad) {
+if (couldnt_set) {
   log_warn(LD_CONFIG,"Couldn't set maximum number of file descriptors: %s",
-   strerror(errno));
-  return -1;
+   strerror(setrlimit_errno));
 }
   }
   /* leave some overhead for logs, etc, */



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/maint-0.2.9] Add a cast to avoid a signed/unsigned comparison

[nickm]

commit 0bfd5a659777688798722a20f894797a4f4b54f0
Author: Nick Mathewson 
Date:   Wed Jan 17 09:06:32 2018 -0500

Add a cast to avoid a signed/unsigned comparison
---
 src/common/compat.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/common/compat.c b/src/common/compat.c
index a88e9b514..4ac443c13 100644
--- a/src/common/compat.c
+++ b/src/common/compat.c
@@ -1723,7 +1723,7 @@ set_max_file_descriptors(rlim_t limit, int *max_out)
 if (errno == EINVAL && try_limit < (uint64_t) rlim.rlim_cur) {
   /* On some platforms, OPEN_MAX is the real limit, and getrlimit() is
* full of nasty lies.  I'm looking at you, OSX 10.5 */
-  rlim.rlim_cur = MIN(try_limit, rlim.rlim_cur);
+  rlim.rlim_cur = MIN((rlim_t) try_limit, rlim.rlim_cur);
   if (setrlimit(RLIMIT_NOFILE, ) == 0) {
 if (rlim.rlim_cur < (rlim_t)limit) {
   log_warn(LD_CONFIG, "We are limited to %lu file descriptors by "



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/maint-0.2.9] Merge remote-tracking branch 'public/bug21074_029' into maint-0.2.9

[nickm]

commit 5dc785ceef465125f180f020991ec2c363bb8abc
Merge: 320dac460 0bfd5a659
Author: Nick Mathewson 
Date:   Sun Feb 11 16:51:53 2018 -0500

Merge remote-tracking branch 'public/bug21074_029' into maint-0.2.9

 changes/bug21074_downgrade |  4 
 src/common/compat.c| 14 +++---
 2 files changed, 11 insertions(+), 7 deletions(-)

___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/maint-0.3.2] Merge branch 'maint-0.3.1' into maint-0.3.2

[nickm]

commit 684d57fe8a21ee74b7b66f0035674ccbe0c1f921
Merge: 4de20d175 eccef6ba6
Author: Nick Mathewson 
Date:   Sun Feb 11 17:00:52 2018 -0500

Merge branch 'maint-0.3.1' into maint-0.3.2

 changes/bug21074_downgrade |  4 
 src/common/compat.c| 14 +++---
 2 files changed, 11 insertions(+), 7 deletions(-)

diff --cc src/common/compat.c
index 7fe97488e,4a1f0013c..83bb707e1
--- a/src/common/compat.c
+++ b/src/common/compat.c
@@@ -1753,14 -1752,13 +1754,13 @@@ set_max_file_descriptors(rlim_t limit, 
 (unsigned long)try_limit, (unsigned long)OPEN_MAX,
 (unsigned long)rlim.rlim_max);
  }
- bad = 0;
+ couldnt_set = 0;
}
  }
 -#endif /* OPEN_MAX */
 +#endif /* defined(OPEN_MAX) */
- if (bad) {
+ if (couldnt_set) {
log_warn(LD_CONFIG,"Couldn't set maximum number of file descriptors: 
%s",
-strerror(errno));
-   return -1;
+strerror(setrlimit_errno));
  }
}
/* leave some overhead for logs, etc, */

___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/maint-0.3.1] Don't treat a setrlimit failure as fatal.

[nickm]

commit 68ca6d2e1971372617f920e71a4a51e16900095e
Author: Nick Mathewson 
Date:   Thu Jan 4 13:20:37 2018 -0500

Don't treat a setrlimit failure as fatal.

Fixes bug 21074; bugfix on 4689243242e2e12 in 0.0.9rc5 when we
started doing setrlimit() in the first place.
---
 changes/bug21074_downgrade |  4 
 src/common/compat.c| 14 +++---
 2 files changed, 11 insertions(+), 7 deletions(-)

diff --git a/changes/bug21074_downgrade b/changes/bug21074_downgrade
new file mode 100644
index 0..c9f81bd13
--- /dev/null
+++ b/changes/bug21074_downgrade
@@ -0,0 +1,4 @@
+  o Minor bugfixes:
+- Don't exit the Tor process if setrlimit() fails to change the file
+  limit (which can happen sometimes on some versions of OSX). Fixes
+  bug 21074; bugfix on 0.0.9pre5.
diff --git a/src/common/compat.c b/src/common/compat.c
index e16dfb1d2..a88e9b514 100644
--- a/src/common/compat.c
+++ b/src/common/compat.c
@@ -1651,7 +1651,7 @@ get_max_sockets(void)
  * fail by returning -1 and max_out is untouched.
  *
  * If we are unable to set the limit value because of setrlimit() failing,
- * return -1 and max_out is set to the current maximum value returned
+ * return 0 and max_out is set to the current maximum value returned
  * by getrlimit().
  *
  * Otherwise, return 0 and store the maximum we found inside max_out
@@ -1716,13 +1716,14 @@ set_max_file_descriptors(rlim_t limit, int *max_out)
   rlim.rlim_cur = rlim.rlim_max;
 
   if (setrlimit(RLIMIT_NOFILE, ) != 0) {
-int bad = 1;
+int couldnt_set = 1;
+const int setrlimit_errno = errno;
 #ifdef OPEN_MAX
 uint64_t try_limit = OPEN_MAX - ULIMIT_BUFFER;
 if (errno == EINVAL && try_limit < (uint64_t) rlim.rlim_cur) {
   /* On some platforms, OPEN_MAX is the real limit, and getrlimit() is
* full of nasty lies.  I'm looking at you, OSX 10.5 */
-  rlim.rlim_cur = try_limit;
+  rlim.rlim_cur = MIN(try_limit, rlim.rlim_cur);
   if (setrlimit(RLIMIT_NOFILE, ) == 0) {
 if (rlim.rlim_cur < (rlim_t)limit) {
   log_warn(LD_CONFIG, "We are limited to %lu file descriptors by "
@@ -1737,14 +1738,13 @@ set_max_file_descriptors(rlim_t limit, int *max_out)
(unsigned long)try_limit, (unsigned long)OPEN_MAX,
(unsigned long)rlim.rlim_max);
 }
-bad = 0;
+couldnt_set = 0;
   }
 }
 #endif /* OPEN_MAX */
-if (bad) {
+if (couldnt_set) {
   log_warn(LD_CONFIG,"Couldn't set maximum number of file descriptors: %s",
-   strerror(errno));
-  return -1;
+   strerror(setrlimit_errno));
 }
   }
   /* leave some overhead for logs, etc, */



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/release-0.2.9] Don't treat a setrlimit failure as fatal.

[nickm]

commit 68ca6d2e1971372617f920e71a4a51e16900095e
Author: Nick Mathewson 
Date:   Thu Jan 4 13:20:37 2018 -0500

Don't treat a setrlimit failure as fatal.

Fixes bug 21074; bugfix on 4689243242e2e12 in 0.0.9rc5 when we
started doing setrlimit() in the first place.
---
 changes/bug21074_downgrade |  4 
 src/common/compat.c| 14 +++---
 2 files changed, 11 insertions(+), 7 deletions(-)

diff --git a/changes/bug21074_downgrade b/changes/bug21074_downgrade
new file mode 100644
index 0..c9f81bd13
--- /dev/null
+++ b/changes/bug21074_downgrade
@@ -0,0 +1,4 @@
+  o Minor bugfixes:
+- Don't exit the Tor process if setrlimit() fails to change the file
+  limit (which can happen sometimes on some versions of OSX). Fixes
+  bug 21074; bugfix on 0.0.9pre5.
diff --git a/src/common/compat.c b/src/common/compat.c
index e16dfb1d2..a88e9b514 100644
--- a/src/common/compat.c
+++ b/src/common/compat.c
@@ -1651,7 +1651,7 @@ get_max_sockets(void)
  * fail by returning -1 and max_out is untouched.
  *
  * If we are unable to set the limit value because of setrlimit() failing,
- * return -1 and max_out is set to the current maximum value returned
+ * return 0 and max_out is set to the current maximum value returned
  * by getrlimit().
  *
  * Otherwise, return 0 and store the maximum we found inside max_out
@@ -1716,13 +1716,14 @@ set_max_file_descriptors(rlim_t limit, int *max_out)
   rlim.rlim_cur = rlim.rlim_max;
 
   if (setrlimit(RLIMIT_NOFILE, ) != 0) {
-int bad = 1;
+int couldnt_set = 1;
+const int setrlimit_errno = errno;
 #ifdef OPEN_MAX
 uint64_t try_limit = OPEN_MAX - ULIMIT_BUFFER;
 if (errno == EINVAL && try_limit < (uint64_t) rlim.rlim_cur) {
   /* On some platforms, OPEN_MAX is the real limit, and getrlimit() is
* full of nasty lies.  I'm looking at you, OSX 10.5 */
-  rlim.rlim_cur = try_limit;
+  rlim.rlim_cur = MIN(try_limit, rlim.rlim_cur);
   if (setrlimit(RLIMIT_NOFILE, ) == 0) {
 if (rlim.rlim_cur < (rlim_t)limit) {
   log_warn(LD_CONFIG, "We are limited to %lu file descriptors by "
@@ -1737,14 +1738,13 @@ set_max_file_descriptors(rlim_t limit, int *max_out)
(unsigned long)try_limit, (unsigned long)OPEN_MAX,
(unsigned long)rlim.rlim_max);
 }
-bad = 0;
+couldnt_set = 0;
   }
 }
 #endif /* OPEN_MAX */
-if (bad) {
+if (couldnt_set) {
   log_warn(LD_CONFIG,"Couldn't set maximum number of file descriptors: %s",
-   strerror(errno));
-  return -1;
+   strerror(setrlimit_errno));
 }
   }
   /* leave some overhead for logs, etc, */



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/maint-0.3.1] Add a cast to avoid a signed/unsigned comparison

[nickm]

commit 0bfd5a659777688798722a20f894797a4f4b54f0
Author: Nick Mathewson 
Date:   Wed Jan 17 09:06:32 2018 -0500

Add a cast to avoid a signed/unsigned comparison
---
 src/common/compat.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/common/compat.c b/src/common/compat.c
index a88e9b514..4ac443c13 100644
--- a/src/common/compat.c
+++ b/src/common/compat.c
@@ -1723,7 +1723,7 @@ set_max_file_descriptors(rlim_t limit, int *max_out)
 if (errno == EINVAL && try_limit < (uint64_t) rlim.rlim_cur) {
   /* On some platforms, OPEN_MAX is the real limit, and getrlimit() is
* full of nasty lies.  I'm looking at you, OSX 10.5 */
-  rlim.rlim_cur = MIN(try_limit, rlim.rlim_cur);
+  rlim.rlim_cur = MIN((rlim_t) try_limit, rlim.rlim_cur);
   if (setrlimit(RLIMIT_NOFILE, ) == 0) {
 if (rlim.rlim_cur < (rlim_t)limit) {
   log_warn(LD_CONFIG, "We are limited to %lu file descriptors by "



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/maint-0.3.1] Merge branch 'maint-0.2.9' into maint-0.3.1

[nickm]

commit eccef6ba60e59c6d7001d8f6623eb4d01ea8ca11
Merge: 86583ad78 5dc785cee
Author: Nick Mathewson 
Date:   Sun Feb 11 16:51:56 2018 -0500

Merge branch 'maint-0.2.9' into maint-0.3.1

 changes/bug21074_downgrade |  4 
 src/common/compat.c| 14 +++---
 2 files changed, 11 insertions(+), 7 deletions(-)

___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/master] rust: Replace two `unwrap()`s in FFI code with `unwrap_or()`s.

[nickm]

commit 45c59eff6c0b261d1f868eb22e0bd36a39dfdbb3
Author: Isis Lovecruft 
Date:   Sat Feb 10 01:21:31 2018 +

rust: Replace two `unwrap()`s in FFI code with `unwrap_or()`s.
---
 src/rust/protover/ffi.rs  | 2 +-
 src/rust/protover/protover.rs | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/rust/protover/ffi.rs b/src/rust/protover/ffi.rs
index d724c102d..2ee0286ec 100644
--- a/src/rust/protover/ffi.rs
+++ b/src/rust/protover/ffi.rs
@@ -232,7 +232,7 @@ pub extern "C" fn protover_compute_for_old_tor(version: 
*const c_char) -> *const
 // we can see that the bytes we're passing into it 1) are valid UTF-8,
 // 2) have no intermediate NUL bytes, and 3) are terminated with a NUL
 // byte.
-supported = CStr::from_bytes_with_nul(elder_protocols).unwrap();
+supported = CStr::from_bytes_with_nul(elder_protocols).unwrap_or(empty);
 
 supported.as_ptr()
 }
diff --git a/src/rust/protover/protover.rs b/src/rust/protover/protover.rs
index 826f1b73f..25f776aed 100644
--- a/src/rust/protover/protover.rs
+++ b/src/rust/protover/protover.rs
@@ -110,7 +110,7 @@ pub fn get_supported_protocols() -> &'static str {
 // The `unwrap` is safe becauase we SUPPORTED_PROTOCOLS is under
 // our control.
 str::from_utf8(_PROTOCOLS[..SUPPORTED_PROTOCOLS.len() - 1])
-.unwrap()
+.unwrap_or("")
 }
 
 pub struct SupportedProtocols(HashMap);



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/master] chnages file for 25120

[nickm]

commit 3834441a72857fdc637f67d908acd3efd8ab0f12
Author: Nick Mathewson 
Date:   Sun Feb 11 16:14:19 2018 -0500

chnages file for 25120
---
 changes/bug25120 | 4 
 1 file changed, 4 insertions(+)

diff --git a/changes/bug25120 b/changes/bug25120
new file mode 100644
index 0..7215756ef
--- /dev/null
+++ b/changes/bug25120
@@ -0,0 +1,4 @@
+  o Minor features (logging):
+- Clarify the log messages produced when getrandom() or a related
+  entropy-generation mechanism gives an error. Closes ticket
+  25120.



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/master] Merge remote-tracking branch 'isis/bug25127_redux'

[nickm]

commit a75ae628c74d8105d7b021b051ffd6eaaed08904
Merge: 7aa94f744 45c59eff6
Author: Nick Mathewson 
Date:   Sun Feb 11 16:17:41 2018 -0500

Merge remote-tracking branch 'isis/bug25127_redux'

 src/rust/protover/ffi.rs  | 2 +-
 src/rust/protover/protover.rs | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/master] Merge branch 'bug25120'

[nickm]

commit 627974b02ed9e5c286055272f34bd8c1ba268267
Merge: 1df701c08 14c47a0b5
Author: Nick Mathewson 
Date:   Sun Feb 11 16:10:58 2018 -0500

Merge branch 'bug25120'

 src/common/crypto.c | 31 ---
 1 file changed, 20 insertions(+), 11 deletions(-)




___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/master] fix compilation.

[nickm]

commit 7aa94f744112d224dd7a5523faef7a9b858ad5b1
Author: Nick Mathewson 
Date:   Sun Feb 11 16:16:58 2018 -0500

fix compilation.
---
 src/common/crypto.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/common/crypto.c b/src/common/crypto.c
index 6dce7d5e8..d85aca400 100644
--- a/src/common/crypto.c
+++ b/src/common/crypto.c
@@ -1963,9 +1963,9 @@ crypto_strongest_rand_syscall(uint8_t *out, size_t 
out_len)
" function--probably because it is too old?"
" Trying fallback method instead.");
   } else {
-log_notice(LD_CRYPTO, "Can't get entropy from getrandom(): %s.",
-  " Trying fallback method instead."
- strerror(errno));
+log_notice(LD_CRYPTO, "Can't get entropy from getrandom(): %s."
+  " Trying fallback method instead.",
+   strerror(errno));
   }
 
   getrandom_works = 0; /* Don't bother trying again. */

___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/master] Slightly different wording for error cases around entropy source selection.

[nickm]

commit a2990081d516873d94643853d1a98b9cc3da55c4
Author: Alexander Færøy 
Date:   Thu Feb 1 21:25:33 2018 +0100

Slightly different wording for error cases around entropy source selection.

This patch makes the wording around error cases for selecting an entropy
source in Tor slightly more verbose. We also let the user know when
something goes wrong that we are trying out a fallback method instead.

See: https://bugs.torproject.org/25120
---
 src/common/crypto.c | 13 -
 1 file changed, 8 insertions(+), 5 deletions(-)

diff --git a/src/common/crypto.c b/src/common/crypto.c
index 2ecf64c39..0dcffd2fb 100644
--- a/src/common/crypto.c
+++ b/src/common/crypto.c
@@ -1903,13 +1903,13 @@ crypto_strongest_rand_syscall(uint8_t *out, size_t 
out_len)
   if (!provider_set) {
 if (!CryptAcquireContext(, NULL, NULL, PROV_RSA_FULL,
  CRYPT_VERIFYCONTEXT)) {
-  log_warn(LD_CRYPTO, "Can't get CryptoAPI provider [1]");
+  log_warn(LD_CRYPTO, "Unable to set Windows CryptoAPI provider [1].");
   return -1;
 }
 provider_set = 1;
   }
   if (!CryptGenRandom(provider, out_len, out)) {
-log_warn(LD_CRYPTO, "Can't get entropy from CryptoAPI.");
+log_warn(LD_CRYPTO, "Unable get entropy from the Windows CryptoAPI.");
 return -1;
   }
 
@@ -1954,9 +1954,11 @@ crypto_strongest_rand_syscall(uint8_t *out, size_t 
out_len)
 log_warn(LD_CRYPTO, "Can't get entropy from getrandom()."
  " You are running a version of Tor built to support"
  " getrandom(), but the kernel doesn't implement this"
- " function--probably because it is too old?");
+ " function--probably because it is too old?"
+ " Trying fallback method instead.");
   } else {
 log_warn(LD_CRYPTO, "Can't get entropy from getrandom(): %s.",
+" Trying fallback method instead."
  strerror(errno));
   }
 
@@ -2009,7 +2011,7 @@ crypto_strongest_rand_fallback(uint8_t *out, size_t 
out_len)
   size_t n;
 
   for (i = 0; filenames[i]; ++i) {
-log_debug(LD_FS, "Considering %s for entropy", filenames[i]);
+log_debug(LD_FS, "Considering %s as entropy source", filenames[i]);
 fd = open(sandbox_intern_string(filenames[i]), O_RDONLY, 0);
 if (fd<0) continue;
 log_info(LD_CRYPTO, "Reading entropy from \"%s\"", filenames[i]);
@@ -2019,7 +2021,8 @@ crypto_strongest_rand_fallback(uint8_t *out, size_t 
out_len)
   /* LCOV_EXCL_START
* We can't make /dev/foorandom actually fail. */
   log_warn(LD_CRYPTO,
-   "Error reading from entropy source (read only %lu bytes).",
+   "Error reading from entropy source %s (read only %lu bytes).",
+   filenames[i],
(unsigned long)n);
   return -1;
   /* LCOV_EXCL_STOP */



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/master] Lower log-level in different error conditions in entropy selection.

[nickm]

commit 14c47a0b5c8965463957f8c8c9311bcb96885049
Author: Alexander Færøy 
Date:   Thu Feb 1 21:27:38 2018 +0100

Lower log-level in different error conditions in entropy selection.

This patch lowers the log-level from warning to info in the cases where
we are going to attempt another method as entropy source to hopefully
make the user feel less concerned.

See: https://bugs.torproject.org/25120
---
 src/common/crypto.c | 32 +++-
 1 file changed, 19 insertions(+), 13 deletions(-)

diff --git a/src/common/crypto.c b/src/common/crypto.c
index 0dcffd2fb..f8da2fcf1 100644
--- a/src/common/crypto.c
+++ b/src/common/crypto.c
@@ -1891,6 +1891,12 @@ crypto_strongest_rand_syscall(uint8_t *out, size_t 
out_len)
 {
   tor_assert(out_len <= MAX_STRONGEST_RAND_SIZE);
 
+  /* We only log at notice-level here because in the case that this function
+   * fails the crypto_strongest_rand_raw() caller will log with a warning-level
+   * message and let crypto_strongest_rand() error out and finally terminating
+   * Tor with an assertion error.
+   */
+
 #ifdef TOR_UNIT_TESTS
   if (break_strongest_rng_syscall)
 return -1;
@@ -1903,13 +1909,13 @@ crypto_strongest_rand_syscall(uint8_t *out, size_t 
out_len)
   if (!provider_set) {
 if (!CryptAcquireContext(, NULL, NULL, PROV_RSA_FULL,
  CRYPT_VERIFYCONTEXT)) {
-  log_warn(LD_CRYPTO, "Unable to set Windows CryptoAPI provider [1].");
+  log_notice(LD_CRYPTO, "Unable to set Windows CryptoAPI provider [1].");
   return -1;
 }
 provider_set = 1;
   }
   if (!CryptGenRandom(provider, out_len, out)) {
-log_warn(LD_CRYPTO, "Unable get entropy from the Windows CryptoAPI.");
+log_notice(LD_CRYPTO, "Unable get entropy from the Windows CryptoAPI.");
 return -1;
   }
 
@@ -1951,14 +1957,14 @@ crypto_strongest_rand_syscall(uint8_t *out, size_t 
out_len)
 
   /* Useful log message for errno. */
   if (errno == ENOSYS) {
-log_warn(LD_CRYPTO, "Can't get entropy from getrandom()."
- " You are running a version of Tor built to support"
- " getrandom(), but the kernel doesn't implement this"
- " function--probably because it is too old?"
- " Trying fallback method instead.");
+log_notice(LD_CRYPTO, "Can't get entropy from getrandom()."
+   " You are running a version of Tor built to support"
+   " getrandom(), but the kernel doesn't implement this"
+   " function--probably because it is too old?"
+   " Trying fallback method instead.");
   } else {
-log_warn(LD_CRYPTO, "Can't get entropy from getrandom(): %s.",
-" Trying fallback method instead."
+log_notice(LD_CRYPTO, "Can't get entropy from getrandom(): %s.",
+  " Trying fallback method instead."
  strerror(errno));
   }
 
@@ -2020,10 +2026,10 @@ crypto_strongest_rand_fallback(uint8_t *out, size_t 
out_len)
 if (n != out_len) {
   /* LCOV_EXCL_START
* We can't make /dev/foorandom actually fail. */
-  log_warn(LD_CRYPTO,
-   "Error reading from entropy source %s (read only %lu bytes).",
-   filenames[i],
-   (unsigned long)n);
+  log_notice(LD_CRYPTO,
+ "Error reading from entropy source %s (read only %lu bytes).",
+ filenames[i],
+ (unsigned long)n);
   return -1;
   /* LCOV_EXCL_STOP */
 }



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [doctor/master] Notify if flag count substantially differ

[atagar]

commit 894501335535e04668fb63f3aadd5f25c7318ebe
Author: Damian Johnson 
Date:   Sun Feb 11 12:50:42 2018 -0800

Notify if flag count substantially differ

Recently dannenberg stopped issuing the Exit flag. Check Requested by 
nusenu...

https://lists.torproject.org/pipermail/tor-dev/2018-February/012918.html
---
 consensus_health_checker.py | 30 ++
 data/consensus_health.cfg   |  1 +
 2 files changed, 31 insertions(+)

diff --git a/consensus_health_checker.py b/consensus_health_checker.py
index 23f3f9d..e91e292 100755
--- a/consensus_health_checker.py
+++ b/consensus_health_checker.py
@@ -321,6 +321,7 @@ def run_checks(consensuses, votes):
 voting_bandwidth_scanners,
 #unmeasured_relays,
 has_authority_flag,
+has_similar_flag_counts,
 is_recommended_versions,
 bad_exits_in_sync,
 bandwidth_authorities_in_sync,
@@ -612,6 +613,35 @@ def has_authority_flag(latest_consensus, consensuses, 
votes):
   return issues
 
 
+def has_similar_flag_counts(latest_consensus, consensuses, votes):
+  "Checks that flags issued by authorities are similar."
+
+  issues = []
+  flag_count = {}  # {flag => count}
+
+  for desc in latest_consensus.routers.values():
+for flag in desc.flags:
+  flag_count[flag] = flag_count.setdefault(flag, 0) + 1
+
+  for authority, vote in votes.items():
+authority_flag_count = {}
+
+for desc in vote.routers.values():
+  for flag in desc.flags:
+authority_flag_count[flag] = authority_flag_count.setdefault(flag, 0) 
+ 1
+
+for flag, count in flag_count.items():
+  if flag == 'BadExit':
+continue
+
+  vote_count = authority_flag_count.get(flag, 0)
+
+  if vote_count > count * 1.5 or vote_count < count * 0.5:
+issues.append(Issue(Runlevel.NOTICE, 'FLAG_COUNT_DIFFERS', authority = 
authority, flag = flag, consensus_count = count, vote_count = vote_count, to = 
[authority]))
+
+  return issues
+
+
 def has_expected_fingerprints(latest_consensus, consensuses, votes):
   "Checks that the authorities have the fingerprints that we expect."
 
diff --git a/data/consensus_health.cfg b/data/consensus_health.cfg
index 423ab6d..326aa20 100644
--- a/data/consensus_health.cfg
+++ b/data/consensus_health.cfg
@@ -14,6 +14,7 @@ msg TOO_MANY_UNMEASURED_RELAYS => As a bandwidth authority 
{authority} lacked a
 msg MISSING_VOTES => The consensuses downloaded from the following authorities 
are missing votes that are contained in consensuses downloaded from other 
authorities: {authorities}
 msg MISSING_AUTHORITIES => The following authorities are missing from the 
consensus: {authorities}
 msg EXTRA_AUTHORITIES => The following authorities were not expected in the 
consensus: {authorities}
+msg FLAG_COUNT_DIFFERS => {authority} had {vote_count} {flag} flags in its 
vote but the consensus had {consensus_count}
 msg FINGERPRINT_MISMATCH => {authority} had a different fingerprint than we 
expected (expected: {expected}, actual: {actual})
 msg TOR_OUT_OF_DATE =>  The following authorities are an out of date version 
of tor: {authorities}
 msg BADEXIT_OUT_OF_SYNC => Authorities disagree about the BadExit flag for 
{fingerprint} ({counts})

___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits