Merge commit 'origin/maint-0.2.1'

Conflicts:
	debian/changelog
	debian/control
	debian/patches/03_tor_manpage_in_section_8.dpatch
	debian/patches/06_add_compile_time_defaults.dpatch
	debian/rules

debian/tor-geoipdb.lintian-override

-tor-geoipdb: debian-changelog-file-is-a-symlink

debian/tor.NEWS

-tor (0.2.0.26-rc-1) experimental; urgency=critical
-
-  * weak cryptographic keys
-
-    It has been discovered that the random number generator in Debian's
-    openssl package is predictable.  This is caused by an incorrect
-    Debian-specific change to the openssl package (CVE-2008-0166).  As a
-    result, cryptographic key material may be guessable.
-
-    See Debian Security Advisory number 1571 (DSA-1571) for more information:
-    http://lists.debian.org/debian-security-announce/2008/msg00152.html
-
-    If you run a Tor server using this package please see
-    /var/lib/tor/keys/moved-away-by-tor-package/README.REALLY
-
- -- Peter Palfrader <weasel@debian.org>  Tue, 13 May 2008 12:49:05 +0200

debian/tor.default

-# Defaults for tor initscript
-# sourced by /etc/init.d/tor
-# installed at /etc/default/tor by the maintainer scripts
-
-#
-# This is a bash shell fragment
-#
-RUN_DAEMON="yes"
-
-#
-# Servers sometimes may need more than the default 1024 file descriptors
-# if they are very busy and have many clients connected to them.  The top
-# servers as of early 2008 regularly have more than 10000 connected
-# clients.
-#  (ulimit -n)
-#
-# (the default varies as it depends on the number of available system-wide file
-#  descriptors.  See the init script in /etc/init.d/tor for details.)
-#
-# MAX_FILEDESCRIPTORS=
-
-#
-# If tor is seriously hogging your CPU, taking away too much cycles from
-# other system resources, then you can renice tor.  See nice(1) for a
-# bit more information.  Another way to limit the CPU usage of an Onion
-# Router is to set a lower BandwidthRate, as CPU usage is mostly a function
-# of the amount of traffic flowing through your node.  Consult the torrc(5)
-# manual page for more information on setting BandwidthRate.
-#
-# NICE="--nicelevel 5"
-
-# Additional arguments to pass on tor's command line.
-#
-# ARGS=""
-
-#
-# Uncomment this if you want to get coredumps
-#
-ulimit -c unlimited

debian/tor.dirs

-etc/tor
-var/lib/tor
-var/log/tor
-usr/share/lintian/overrides
-usr/bin
-usr/sbin

debian/tor.docs

-AUTHORS
-debian/README.Debian
-debian/README.privoxy
-doc/HACKING
-doc/TODO
-doc/design-paper/tor-design.pdf
-doc/design-paper/tor-design.ps
-doc/website/stylesheet.css
-doc/website/tor-*

debian/tor.init

-#! /bin/bash
-
-### BEGIN INIT INFO
-# Provides:          tor
-# Required-Start:    $local_fs $remote_fs $network $named $time
-# Required-Stop:     $local_fs $remote_fs $network $named $time
-# Should-Start:      $syslog
-# Should-Stop:       $syslog
-# Default-Start:     2 3 4 5
-# Default-Stop:      0 1 6
-# Short-Description: Starts The Onion Router daemon processes
-# Description:       Start The Onion Router, a TCP overlay
-#                    network client that provides anonymous
-#                    transport.
-### END INIT INFO
-
-set -e
-
-PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
-DAEMON=/usr/sbin/tor
-NAME=tor
-DESC="tor daemon"
-TORPIDDIR=/var/run/tor
-TORPID=$TORPIDDIR/tor.pid
-DEFAULTSFILE=/etc/default/$NAME
-WAITFORDAEMON=60
-ARGS=""
-# Let's try to figure our some sane defaults:
-if [ -r /proc/sys/fs/file-max ]; then
-	system_max=`cat /proc/sys/fs/file-max`
-	if [ "$system_max" -gt "80000" ] ; then
-		MAX_FILEDESCRIPTORS=32768
-	elif [ "$system_max" -gt "40000" ] ; then
-		MAX_FILEDESCRIPTORS=16384
-	elif [ "$system_max" -gt "10000" ] ; then
-		MAX_FILEDESCRIPTORS=8192
-	else
-		MAX_FILEDESCRIPTORS=1024
-		cat << EOF
-
-Warning: Your system has very few filedescriptors available in total.
-
-Maybe you should try raising that by adding 'fs.file-max=100000' to your
-/etc/sysctl.conf file.  Feel free to pick any number that you deem appropriate.
-Then run 'sysctl -p'.  See /proc/sys/fs/file-max for the current value, and
-file-nr in the same directory for how many of those are used at the moment.
-
-EOF
-	fi
-else
-	MAX_FILEDESCRIPTORS=8192
-fi
-
-NICE=""
-
-test -x $DAEMON || exit 0
-
-# Include tor defaults if available
-if [ -f $DEFAULTSFILE ] ; then
-	. $DEFAULTSFILE
-fi
-
-wait_for_deaddaemon () {
-	pid=$1
-	sleep 1
-	if test -n "$pid"
-	then
-		if kill -0 $pid 2>/dev/null
-		then
-			echo -n "."
-			cnt=0
-			while kill -0 $pid 2>/dev/null
-			do
-				cnt=`expr $cnt + 1`
-				if [ $cnt -gt $WAITFORDAEMON ]
-				then
-					echo " FAILED."
-					return 1
-				fi
-				sleep 1
-				echo -n "."
-			done
-		fi
-	fi
-	return 0
-}
-
-
-check_torpiddir () {
-	if test ! -d $TORPIDDIR; then
-		#echo "There is no $TORPIDDIR directory.  Creating one for you."
-		mkdir -m 02700 "$TORPIDDIR"
-		chown debian-tor:debian-tor "$TORPIDDIR"
-	fi
-
-	if test ! -x $TORPIDDIR; then
-		echo "Cannot access $TORPIDDIR directory, are you root?" >&2
-		exit 1
-	fi
-}
-
-check_config () {
-	if ! $DAEMON --verify-config > /dev/null; then
-		echo "ABORTED: Tor configuration invalid:" >&2
-		$DAEMON --verify-config >&2
-		exit 1
-	fi
-}
-
-
-case "$1" in
-  start)
-	if [ "$RUN_DAEMON" != "yes" ]; then
-		echo "Not starting $DESC (Disabled in $DEFAULTSFILE)."
-		exit 0
-	fi
-
-	if [ -n "$MAX_FILEDESCRIPTORS" ]; then
-		echo -n "Raising maximum number of filedescriptors (ulimit -n) to $MAX_FILEDESCRIPTORS"
-		if ulimit -n "$MAX_FILEDESCRIPTORS" ; then
-			echo "."
-		else
-			echo ": FAILED."
-		fi
-	fi
-
-	check_torpiddir
-
-	echo "Starting $DESC: $NAME..."
-	check_config
-
-	start-stop-daemon --start --quiet --oknodo \
-		--pidfile $TORPID \
-		$NICE \
-		--exec $DAEMON -- $ARGS
-	echo "done."
-	;;
-  stop)
-	echo -n "Stopping $DESC: "
-	pid=`cat $TORPID 2>/dev/null` || true
-
-	if test ! -f $TORPID -o -z "$pid"; then
-		echo "not running (there is no $TORPID)."
-		exit 0
-	fi
-
-	if start-stop-daemon --stop --signal INT --quiet --pidfile $TORPID --exec $DAEMON; then
-		wait_for_deaddaemon $pid
-		echo "$NAME."
-	elif kill -0 $pid 2>/dev/null
-	then
-		echo "FAILED (Is $pid not $NAME?  Is $DAEMON a different binary now?)."
-	else
-		echo "FAILED ($DAEMON died: process $pid not running; or permission denied)."
-	fi
-	;;
-  reload|force-reload)
-	echo -n "Reloading $DESC configuration: "
-	pid=`cat $TORPID 2>/dev/null` || true
-
-	if test ! -f $TORPID -o -z "$pid"; then
-		echo "not running (there is no $TORPID)."
-		exit 0
-	fi
-
-	check_config
-
-	if start-stop-daemon --stop --signal 1 --quiet --pidfile $TORPID --exec $DAEMON
-	then
-		echo "$NAME."
-	elif kill -0 $pid 2>/dev/null
-	then
-		echo "FAILED (Is $pid not $NAME?  Is $DAEMON a different binary now?)."
-	else
-		echo "FAILED ($DAEMON died: process $pid not running; or permission denied)."
-	fi
-	;;
-  restart)
-	check_config
-
-	$0 stop
-	sleep 1
-	$0 start
-	;;
-  *)
-	echo "Usage: $0 {start|stop|restart|reload|force-reload}" >&2
-	exit 1
-	;;
-esac
-
-exit 0

debian/tor.lintian-override

-tor: package-contains-upstream-install-documentation

debian/tor.logrotate

-/var/log/tor/*log {
-	daily
-	rotate 5
-	compress
-	delaycompress
-	missingok
-	notifempty
-	create 0640 debian-tor adm
-	sharedscripts
-	postrotate
-		/etc/init.d/tor reload > /dev/null
-	endscript
-}

debian/tor.postinst

-#!/bin/sh -e
-
-# checking debian-tor account
-
-uid=`getent passwd debian-tor | cut -d ":" -f 3`
-home=`getent passwd debian-tor | cut -d ":" -f 6`
-
-# if there is the uid the account is there and we can do
-# the sanit(ar)y checks otherwise we can safely create it.
-
-if [ "$uid" ]; then
-	if [ "$home" = "/var/lib/tor" ]; then
-		:
-		#echo "debian-tor homedir check: ok"
-	else
-		echo "ERROR: debian-tor account has an unexpected home directory!"
-		echo "It should be '/var/lib/tor', but it is '$home'."
-		echo "Removing the debian-tor user might fix this, but the question"
-		echo "remains how you got into this mess to begin with."
-		exit 1
-	fi
-else
-	adduser --quiet \
-		--system \
-		--disabled-password \
-		--home /var/lib/tor \
-		--no-create-home \
-		--shell /bin/bash \
-		--group \
-		debian-tor
-fi
-
-
-for i in lib run log; do
-	if ! [ -d "/var/$i/tor" ]; then
-		echo "Something or somebody made /var/$i/tor disappear."
-		echo "Creating one for you again."
-		mkdir "/var/$i/tor"
-	fi
-done
-
-find /var/lib/tor \( \( ! -user debian-tor \) -o \( ! -group debian-tor \) \) -print0 | xargs -0 --no-run-if-empty chown debian-tor:debian-tor
-find /var/lib/tor -type d -print0 | xargs -0 --no-run-if-empty chmod 02700
-find /var/lib/tor -type f -print0 | xargs -0 --no-run-if-empty chmod 00600
-
-if [ -e /var/run/tor ]; then
-	find /var/run/tor \( \( ! -user debian-tor \) -o \( ! -group debian-tor \) \) -print0 | xargs -0 --no-run-if-empty chown debian-tor:debian-tor
-	find /var/run/tor -type d -print0 | xargs -0 --no-run-if-empty chmod 02750
-	find /var/run/tor -type f -print0 | xargs -0 --no-run-if-empty chmod 00600
-fi
-
-find /var/log/tor \( \( ! -user debian-tor \) -o \( ! -group adm \) \) -print0 | xargs -0 --no-run-if-empty chown debian-tor:adm
-find /var/log/tor -type d -print0 | xargs -0 --no-run-if-empty chmod 02750
-find /var/log/tor -type f -print0 | xargs -0 --no-run-if-empty chmod 00640
-
-
-move_away_keys=0
-
-if [ "$1" = "configure" ] &&
-   [ -e /var/lib/tor/keys ] &&
-   [ ! -z "$2" ]; then
-	if dpkg --compare-versions "$2" lt 0.1.2.19-2; then
-		move_away_keys=1
-	elif dpkg --compare-versions "$2" gt 0.2.0 &&
-	     dpkg --compare-versions "$2" lt 0.2.0.26-rc; then
-		move_away_keys=1
-	fi
-fi
-if [ "$move_away_keys" = "1" ]; then
-	echo "Retiring possibly compromised keys.  See /usr/share/doc/tor/NEWS.Debian.gz"
-	echo "and /var/lib/tor/keys/moved-away-by-tor-package/README.REALLY for"
-	echo "further information."
-	if ! [ -d /var/lib/tor/keys/moved-away-by-tor-package ]; then
-		mkdir /var/lib/tor/keys/moved-away-by-tor-package
-		cat > /var/lib/tor/keys/moved-away-by-tor-package/README.REALLY << EOF
-It has been discovered that the random number generator in Debian's
-openssl package is predictable.  This is caused by an incorrect
-Debian-specific change to the openssl package (CVE-2008-0166).  As a
-result, cryptographic key material may be guessable.
-
-See Debian Security Advisory number 1571 (DSA-1571) for more information:
-http://lists.debian.org/debian-security-announce/2008/msg00152.html
-
-The Debian package for Tor has moved away the onion keys upon package
-upgrade, and it will have moved away your identity key if it was created
-in the affected timeframe.  There is no sure way to automatically tell
-if your key was created with an affected openssl library, so this move
-is done unconditionally.
-
-If you have restarted Tor since this change (and the package probably
-did that for you already unless you configured your system differently)
-then the Tor daemon already created new keys for itself and in all
-likelyhood is already working just fine with new keys.
-
-If you are absolutely certain that your identity key was created with
-a non-affected version of openssl and for some reason you have to retain
-the old identity, then you can move back the copy of secret_id_key to
-/var/lib/tor/keys.  Do not move back the onion keys, they were created
-only recently since they are temporary keys with a lifetime of only a few
-days anyway.
-
-Sincerely,
-Peter Palfrader, Tue, 13 May 2008 13:32:23 +0200
-EOF
-	fi
-	for f in secret_onion_key secret_onion_key.old; do
-		if [ -e /var/lib/tor/keys/"$f" ]; then
-			mv -v /var/lib/tor/keys/"$f" /var/lib/tor/keys/moved-away-by-tor-package/"$f"
-		fi
-	done
-	if [ -e /var/lib/tor/keys/secret_id_key ]; then
-		id_mtime=`/usr/bin/stat -c %Y /var/lib/tor/keys/secret_id_key`
-		sept=`date -d '2006-09-10' +%s`
-		if [ "$id_mtime" -gt "$sept" ] ; then
-			mv -v /var/lib/tor/keys/secret_id_key /var/lib/tor/keys/moved-away-by-tor-package/secret_id_key
-		fi
-	fi
-fi
-
-
-#DEBHELPER#
-
-exit 0

debian/tor.postrm

-#!/bin/sh -e
-
-if [ "$1" = "purge" ]; then
-    # logs have to be removed according to policy.
-    rm -rf /var/log/tor/
-    rm -rf /var/lib/tor/
-fi
-
-#DEBHELPER#
-
-exit 0

debian/watch

-version=2
-http://tor.eff.org/dist/tor-(.*)\.tar\.gz