Merge branch 'debian-merge' into debian

* debian-merge:
  New upstream version
  bump to 0.2.1.19
  document my new relay-early behavior
  Changing MaxAdvertisedBW may not need a republish
  Write fingerprint to file and log without spaces
  Don't leak memory if we get too many create cells
  three hacks to workaround bug 1038

ChangeLog

+Changes in version 0.2.1.19 - 2009-07-28
+  o Major bugfixes:
+    - Make accessing hidden services on 0.2.1.x work right
+      again. Bugfix on 0.2.1.3-alpha; workaround for bug 1038.
+
+  o Minor features:
+    - When a relay/bridge is writing out its identity key fingerprint to
+      the "fingerprint" file and to its logs, write it without spaces. Now
+      it will look like the fingerprints in our bridges documentation,
+      and confuse fewer users.
+
+  o Minor bugfixes:
+    - Relays no longer publish a new server descriptor if they change
+      their MaxAdvertisedBandwidth config option but it doesn't end up
+      changing their advertised bandwidth numbers. Bugfix on 0.2.0.28-rc;
+      fixes bug 1026. Patch from Sebastian.
+    - Avoid leaking memory every time we get a create cell but we have
+      so many already queued that we refuse it. Bugfix on 0.2.0.19-alpha;
+      fixes bug 1034. Reported by BarkerJr.
+
+
 Changes in version 0.2.1.18 - 2009-07-24
   o Build fixes:
     - Add LIBS=-lrt to Makefile.am so the Tor RPMs use a static libevent.

configure.in

@@ -5,7 +5,7 @@ dnl Copyright (c) 2007-2008, The Tor Project, Inc.
 dnl See LICENSE for licensing information
 
 AC_INIT
-AM_INIT_AUTOMAKE(tor, 0.2.1.18)
+AM_INIT_AUTOMAKE(tor, 0.2.1.19)
 AM_CONFIG_HEADER(orconfig.h)
 
 AC_CANONICAL_HOST

contrib/tor-mingw.nsi.in

@@ -9,7 +9,7 @@
 !include "FileFunc.nsh"
 !insertmacro GetParameters
   
-!define VERSION "0.2.1.18"
+!define VERSION "0.2.1.19"
 !define INSTALLER "tor-${VERSION}-win32.exe"
 !define WEBSITE "https://www.torproject.org/"
 !define LICENSE "LICENSE"

debian/changelog

+tor (0.2.1.19-1) unstable; urgency=low
+
+  * New upstream version.
+
+ -- Peter Palfrader <weasel@debian.org>  Wed, 29 Jul 2009 12:18:14 +0200
+
 tor (0.2.1.18-1) unstable; urgency=low
 
   * New upstream version.

doc/spec/tor-spec.txt

@@ -661,8 +661,11 @@ see tor-design.pdf.
    is speaking v2 of the link protocol or later, the OR relays the cell as a
    RELAY_EARLY cell.  Otherwise, it relays it as a RELAY cell.
 
-   If a node ever receives more than 8 RELAY_EARLY cells on a given circuit,
-   it SHOULD close the circuit.
+   If a node ever receives more than 8 RELAY_EARLY cells on a given
+   outbound circuit, it SHOULD close the circuit. (For historical reasons,
+   we don't limit the number of inbound RELAY_EARLY cells; they should
+   be harmless anyway because clients won't accept extend requests. See
+   bug 1038.)
 
    When speaking v2 of the link protocol or later, clients MUST only send
    EXTEND cells inside RELAY_EARLY cells.  Clients SHOULD send the first ~8

src/or/command.c

@@ -395,12 +395,8 @@ command_process_relay_cell(cell_t *cell, or_connection_t *conn)
    * gotten no more than MAX_RELAY_EARLY_CELLS_PER_CIRCUIT of them. */
   if (cell->command == CELL_RELAY_EARLY) {
     if (direction == CELL_DIRECTION_IN) {
-      log_fn(LOG_PROTOCOL_WARN, LD_OR,
-             "Received an inbound RELAY_EARLY cell on circuit %d from %s:%d."
-             "  Closing circuit.",
-             cell->circ_id, conn->_base.address, conn->_base.port);
-      circuit_mark_for_close(circ, END_CIRC_REASON_TORPROTOCOL);
-      return;
+      /* XXX Allow an unlimited number of inbound relay_early cells for
+       * now, for hidden service compatibility. See bug 1038. -RD */
     } else {
       or_circuit_t *or_circ = TO_OR_CIRCUIT(circ);
       if (or_circ->remaining_relay_early_cells == 0) {

src/or/config.c

@@ -1222,6 +1222,30 @@ options_need_geoip_info(or_options_t *options, const char **reason_out)
   return bridge_usage || routerset_usage;
 }
 
+/** Return the bandwidthrate that we are going to report to the authorities
+ * based on the config options. */
+int
+get_effective_bwrate(or_options_t *options)
+{
+  int bw = (int)options->BandwidthRate;
+  if (bw > options->MaxAdvertisedBandwidth)
+    bw = (int)options->MaxAdvertisedBandwidth;
+  if (options->RelayBandwidthRate > 0 && bw > options->RelayBandwidthRate)
+    bw = (int)options->RelayBandwidthRate;
+  return bw;
+}
+
+/** Return the bandwidthburst that we are going to report to the authorities
+ * based on the config options. */
+int
+get_effective_bwburst(or_options_t *options)
+{
+  int bw = (int)options->BandwidthBurst;
+  if (options->RelayBandwidthBurst > 0 && bw > options->RelayBandwidthBurst)
+    bw = (int)options->RelayBandwidthBurst;
+  return bw;
+}
+
 /** Fetch the active option list, and take actions based on it. All of the
  * things we do should survive being done repeatedly.  If present,
  * <b>old_options</b> contains the previous value of the options.
@@ -3744,9 +3768,7 @@ options_transition_affects_descriptor(or_options_t *old_options,
                                       or_options_t *new_options)
 {
   /* XXX We can be smarter here. If your DirPort isn't being
-   * published and you just turned it off, no need to republish. If
-   * you changed your bandwidthrate but maxadvertisedbandwidth still
-   * trumps, no need to republish. Etc. */
+   * published and you just turned it off, no need to republish. Etc. */
   if (!opt_streq(old_options->DataDirectory, new_options->DataDirectory) ||
       !opt_streq(old_options->Nickname,new_options->Nickname) ||
       !opt_streq(old_options->Address,new_options->Address) ||
@@ -3759,10 +3781,9 @@ options_transition_affects_descriptor(or_options_t *old_options,
       old_options->NoPublish != new_options->NoPublish ||
       old_options->_PublishServerDescriptor !=
         new_options->_PublishServerDescriptor ||
-      old_options->BandwidthRate != new_options->BandwidthRate ||
-      old_options->BandwidthBurst != new_options->BandwidthBurst ||
-      old_options->MaxAdvertisedBandwidth !=
-        new_options->MaxAdvertisedBandwidth ||
+      get_effective_bwrate(old_options) != get_effective_bwrate(new_options) ||
+      get_effective_bwburst(old_options) !=
+        get_effective_bwburst(new_options) ||
       !opt_streq(old_options->ContactInfo, new_options->ContactInfo) ||
       !opt_streq(old_options->MyFamily, new_options->MyFamily) ||
       !opt_streq(old_options->AccountingStart, new_options->AccountingStart) ||

src/or/cpuworker.c

@@ -444,8 +444,10 @@ assign_onionskin_to_cpuworker(connection_t *cpuworker,
   if (1) {
     if (num_cpuworkers_busy == num_cpuworkers) {
       log_debug(LD_OR,"No idle cpuworkers. Queuing.");
-      if (onion_pending_add(circ, onionskin) < 0)
+      if (onion_pending_add(circ, onionskin) < 0) {
+        tor_free(onionskin);
         return -1;
+      }
       return 0;
     }
 

src/or/or.h

@@ -488,6 +488,11 @@ typedef enum {
    (p)<=_CIRCUIT_PURPOSE_C_MAX)
 /** True iff the circuit_t <b>c</b> is actually an origin_circuit_t. */
 #define CIRCUIT_IS_ORIGIN(c) (CIRCUIT_PURPOSE_IS_ORIGIN((c)->purpose))
+/** True iff the circuit purpose <b>p</b> is for an established rendezvous
+ * circuit. */
+#define CIRCUIT_PURPOSE_IS_ESTABLISHED_REND(p) \
+  ((p) == CIRCUIT_PURPOSE_C_REND_JOINED ||     \
+   (p) == CIRCUIT_PURPOSE_S_REND_JOINED)
 
 /** How many circuits do we want simultaneously in-progress to handle
  * a given stream? */
@@ -2921,6 +2926,9 @@ int options_need_geoip_info(or_options_t *options, const char **reason_out);
 int getinfo_helper_config(control_connection_t *conn,
                           const char *question, char **answer);
 
+int get_effective_bwrate(or_options_t *options);
+int get_effective_bwburst(or_options_t *options);
+
 #ifdef CONFIG_PRIVATE
 /* Used only by config.c and test.c */
 or_options_t *options_new(void);

src/or/relay.c

@@ -208,6 +208,7 @@ circuit_receive_relay_cell(cell_t *cell, circuit_t *circ,
       tor_assert(circ->purpose == CIRCUIT_PURPOSE_REND_ESTABLISHED);
       tor_assert(splice->_base.purpose == CIRCUIT_PURPOSE_REND_ESTABLISHED);
       cell->circ_id = splice->p_circ_id;
+      cell->command = CELL_RELAY; /* can't be relay_early anyway */
       if ((reason = circuit_receive_relay_cell(cell, TO_CIRCUIT(splice),
                                                CELL_DIRECTION_IN)) < 0) {
         log_warn(LD_REND, "Error relaying cell across rendezvous; closing "
@@ -541,11 +542,17 @@ relay_send_command_from_edge(uint16_t stream_id, circuit_t *circ,
     origin_circuit_t *origin_circ = TO_ORIGIN_CIRCUIT(circ);
     if (origin_circ->remaining_relay_early_cells > 0 &&
         (relay_command == RELAY_COMMAND_EXTEND ||
-         cpath_layer != origin_circ->cpath)) {
-      /* If we've got any relay_early cells left, and we're sending a relay
-       * cell or we're not talking to the first hop, use one of them.  Don't
-       * worry about the conn protocol version: append_cell_to_circuit_queue
-       * will fix it up. */
+         (cpath_layer != origin_circ->cpath &&
+          !CIRCUIT_PURPOSE_IS_ESTABLISHED_REND(circ->purpose)))) {
+      /* If we've got any relay_early cells left, and we're sending
+       * an extend cell or (we're not talking to the first hop and we're
+       * not talking to a rendezvous circuit), use one of them.
+       * Don't worry about the conn protocol version:
+       * append_cell_to_circuit_queue will fix it up. */
+      /* XXX For now, clients don't use RELAY_EARLY cells when sending
+       * relay cells on rendezvous circuits. See bug 1038. Eventually,
+       * we can take this behavior away in favor of having clients avoid
+       * rendezvous points running 0.2.1.3-alpha through 0.2.1.18. -RD */
       cell.command = CELL_RELAY_EARLY;
       --origin_circ->remaining_relay_early_cells;
       log_debug(LD_OR, "Sending a RELAY_EARLY cell; %d remaining.",

src/or/router.c

@@ -568,7 +568,7 @@ init_keys(void)
   /* 5. Dump fingerprint to 'fingerprint' */
   keydir = get_datadir_fname("fingerprint");
   log_info(LD_GENERAL,"Dumping fingerprint to \"%s\"...",keydir);
-  if (crypto_pk_get_fingerprint(get_identity_key(), fingerprint, 1)<0) {
+  if (crypto_pk_get_fingerprint(get_identity_key(), fingerprint, 0)<0) {
     log_err(LD_GENERAL,"Error computing fingerprint");
     tor_free(keydir);
     return -1;
@@ -1300,18 +1300,10 @@ router_rebuild_descriptor(int force)
   ri->platform = tor_strdup(platform);
 
   /* compute ri->bandwidthrate as the min of various options */
-  ri->bandwidthrate = (int)options->BandwidthRate;
-  if (ri->bandwidthrate > options->MaxAdvertisedBandwidth)
-    ri->bandwidthrate = (int)options->MaxAdvertisedBandwidth;
-  if (options->RelayBandwidthRate > 0 &&
-      ri->bandwidthrate > options->RelayBandwidthRate)
-    ri->bandwidthrate = (int)options->RelayBandwidthRate;
+  ri->bandwidthrate = get_effective_bwrate(options);
 
   /* and compute ri->bandwidthburst similarly */
-  ri->bandwidthburst = (int)options->BandwidthBurst;
-  if (options->RelayBandwidthBurst > 0 &&
-      ri->bandwidthburst > options->RelayBandwidthBurst)
-    ri->bandwidthburst = (int)options->RelayBandwidthBurst;
+  ri->bandwidthburst = get_effective_bwburst(options);
 
   ri->bandwidthcapacity = hibernating ? 0 : rep_hist_bandwidth_assess();
 

src/win32/orconfig.h

@@ -226,6 +226,6 @@
 #define USING_TWOS_COMPLEMENT
 
 /* Version number of package */
-#define VERSION "0.2.1.18"
+#define VERSION "0.2.1.19"