Version in base suite: 0.4.5.10-1~deb11u1 Base version: tor_0.4.5.10-1~deb11u1 Target version: tor_0.4.5.16-1 Base file: /srv/ftp-master.debian.org/ftp/pool/main/t/tor/tor_0.4.5.10-1~deb11u1.dsc Target file: /srv/ftp-master.debian.org/policy/pool/main/t/tor/tor_0.4.5.16-1.dsc ChangeLog | 285 Makefile.am | 4 Makefile.in | 66 ReleaseNotes | 288 aclocal.m4 | 52 ar-lib | 17 compile | 10 config.guess | 128 config.sub | 2463 configure | 80 configure.ac | 28 contrib/win32build/tor-mingw.nsi.in | 2 debian/.debian-ci.yml | 324 debian/.debian-ci/build_source-release/build-depends | 1 debian/.debian-ci/build_source-release/build-script | 165 debian/.debian-ci/build_source/build-depends | 16 debian/.debian-ci/build_source/build-script | 205 debian/changelog | 19 debian/micro-revision.i | 2 debian/misc/backport | 5 debian/misc/build-tor-sources | 13 debian/rules | 2 depcomp | 6 doc/asciidoc-helper.sh | 5 doc/man/tor-gencert.1.in | 4 doc/man/tor-gencert.html.in | 4 doc/man/tor-print-ed-signing-cert.1.in | 4 doc/man/tor-print-ed-signing-cert.html.in | 4 doc/man/tor-resolve.1.in | 4 doc/man/tor-resolve.html.in | 4 doc/man/tor.1.in | 11 doc/man/tor.1.txt | 8 doc/man/tor.html.in | 17 doc/man/torify.1.in | 4 doc/man/torify.html.in | 4 install-sh | 40 missing | 6 orconfig.h.in | 2 src/app/config/auth_dirs.inc | 11 src/app/config/config.c | 2 src/app/config/fallback_dirs.inc | 978 src/app/config/or_options_st.h | 4 src/app/config/testnet.inc | 1 src/app/main/main.c | 2 src/config/geoip |47957 ++++++++++++------- src/config/geoip6 |36682 ++++++++++---- src/core/or/channelpadding.c | 2 src/core/or/command.c | 17 src/core/or/connection_edge.c | 53 src/core/or/connection_edge.h | 14 src/core/or/connection_or.c | 20 src/core/or/origin_circuit_st.h | 6 src/core/or/protover.c | 109 src/core/or/protover.h | 4 src/core/proto/proto_socks.c | 2 src/feature/client/circpathbias.c | 11 src/feature/control/control_cmd.c | 34 src/feature/control/control_getinfo.c | 32 src/feature/dirauth/dirvote.c | 12 src/feature/dirauth/dirvote.h | 58 src/feature/dircache/dircache.c | 61 src/feature/dirclient/dirclient.c | 41 src/feature/dircommon/consdiff.c | 2 src/feature/dircommon/directory.h | 6 src/feature/hs/hs_client.c | 48 src/feature/hs/hs_common.h | 2 src/feature/hs/hs_config.c | 8 src/feature/hs/hs_intropoint.c | 3 src/feature/hs/hs_metrics.c | 29 src/feature/relay/dns.c | 17 src/feature/relay/relay_config.c | 13 src/feature/relay/router.c | 32 src/feature/relay/router.h | 1 src/feature/stats/bwhist.c | 19 src/feature/stats/bwhist.h | 2 src/lib/sandbox/sandbox.c | 6 src/lib/time/compat_time.c | 11 src/test/include.am | 13 src/test/test_cell_formats.c | 4 src/test/test_config.c | 4 src/test/test_dir_handle_get.c | 75 src/test/test_dns.c | 31 src/test/test_entryconn.c | 41 src/test/test_hs_common.c | 17 src/test/test_hs_config.c | 201 src/test/test_hs_intropoint.c | 64 src/test/test_hs_service.c | 5 src/test/test_metrics.c | 4 src/test/test_protover.c | 19 src/test/test_relay.c | 4 src/win32/orconfig.h | 2 test-driver | 6 92 files changed, 62258 insertions(+), 28846 deletions(-) diff -Nru tor-0.4.5.10/ChangeLog tor-0.4.5.16/ChangeLog --- tor-0.4.5.10/ChangeLog 2021-08-16 19:34:13.000000000 +0000 +++ tor-0.4.5.16/ChangeLog 2023-01-12 16:16:03.000000000 +0000 @@ -1,3 +1,286 @@ +Changes in version 0.4.5.16 - 2023-01-12 + This version has one major bugfix for relay and a security fix, + TROVE-2022-002, affecting clients. We strongly recommend to upgrade to our + 0.4.7.x stable series. As a reminder, this series is EOL on February 15th, + 2023. + + o Major bugfixes (relay): + - When opening a channel because of a circuit request that did not + include an Ed25519 identity, record the Ed25519 identity that we + actually received, so that we can use the channel for other + circuit requests that _do_ list an Ed25519 identity. (Previously + we had code to record this identity, but a logic bug caused it to + be disabled.) Fixes bug 40563; bugfix on 0.3.0.1-alpha. Patch + from "cypherpunks". + + o Major bugfixes (TROVE-2022-002, client): + - The SafeSocks option had its logic inverted for SOCKS4 and + SOCKS4a. It would let the unsafe SOCKS4 pass but not the safe + SOCKS4a one. This is TROVE-2022-002 which was reported on + Hackerone by "cojabo". Fixes bug 40730; bugfix on 0.3.5.1-alpha. + + o Minor features (fallbackdir): + - Regenerate fallback directories generated on January 12, 2023. + + o Minor features (geoip data): + - Update the geoip files to match the IPFire Location Database, as + retrieved on 2023/01/12. + + +Changes in version 0.4.5.15 - 2022-12-06 + This version has several major changes for directory authorities. And a + major bugfix on OSX. Again, we strongly recommend to upgrade to our 0.4.7.x + series latest stable. This series is EOL on February 15th, 2023. + + o Directory authority changes (dizum): + - Change dizum IP address. Closes ticket 40687. + + o Directory authority changes (Faravahar): + - Remove Faravahar until its operator, Sina, set it back up online + outside of Team Cymru network. Closes ticket 40688. + + o Directory authority changes (moria1): + - Rotate the relay identity key and v3 identity key for moria1. They + have been online for more than a decade and refreshing keys + periodically is good practice. Advertise new ports too, to avoid + confusion. Closes ticket 40722. + + o Major bugfixes (OSX): + - Fix coarse-time computation on Apple platforms (like Mac M1) where + the Mach absolute time ticks do not correspond directly to + nanoseconds. Previously, we computed our shift value wrong, which + led us to give incorrect timing results. Fixes bug 40684; bugfix + on 0.3.3.1-alpha. + + o Major bugfixes (relay): + - Improve security of our DNS cache by randomly clipping the TTL + value. TROVE-2021-009. Fixes bug 40674; bugfix on 0.3.5.1-alpha. + + o Minor features (fallbackdir): + - Regenerate fallback directories generated on December 06, 2022. + + o Minor features (geoip data): + - Update the geoip files to match the IPFire Location Database, as + retrieved on 2022/12/06. + + +Changes in version 0.4.5.14 - 2022-08-12 + This version updates the geoip cache that we generate from IPFire location + database to use the August 9th, 2022 one. Everyone MUST update to this + latest release else circuit path selection and relay metrics are badly + affected. + + o Major bugfixes (geoip data): + - IPFire informed us on August 12th that databases generated after + (including) August 10th did not have proper ARIN network allocations. We + are updating the database to use the one generated on August 9th, 2022. + Fixes bug 40658; bugfix on 0.4.5.13. + + +Changes in version 0.4.5.13 - 2022-08-11 + This version contains two major fixes aimed at reducing memory pressure on + relays and possible side-channel. The rest of the fixes were backported for + stability or safety purposes. We strongly recommend to upgrade your relay to + this version or, ideally, to the latest stable of the 0.4.7.x series. + + o Major bugfixes (relay): + - Remove OR connections btrack subsystem entries when the connections + close normally. Before this, we would only remove the entry on error and + thus leaking memory for each normal OR connections. Fixes bug 40604; + bugfix on 0.4.0.1-alpha. + - Stop sending TRUNCATED cell and instead close the circuit from which we + received a DESTROY cell. This makes every relay in the circuit path to + stop queuing cells. Fixes bug 40623; bugfix on 0.1.0.2-rc. + + o Minor features (fallbackdir): + - Regenerate fallback directories generated on August 11, 2022. + + o Minor features (geoip data): + - Update the geoip files to match the IPFire Location Database, as + retrieved on 2022/08/11. + + o Minor features (linux seccomp2 sandbox): + - Permit the clone3 syscall, which is apparently used in glibc-2.34 + and later. Closes ticket 40590. + + o Minor bugfixes (controller, path bias): + - When a circuit's path is specified, in full or in part, from the + controller API, do not count that circuit towards our path-bias + calculations. (Doing so was incorrect, since we cannot tell + whether the controller is selecting relays randomly.) Resolves a + "Bug" warning. Fixes bug 40515; bugfix on 0.2.4.10-alpha. + + o Minor bugfixes (defense in depth): + - Change a test in the netflow padding code to make it more + _obviously_ safe against remotely triggered crashes. (It was safe + against these before, but not obviously so.) Fixes bug 40645; + bugfix on 0.3.1.1-alpha. + + o Minor bugfixes (linux seccomp2 sandbox): + - Allow the rseq system call in the sandbox. This solves a crash + issue with glibc 2.35 on Linux. Patch from pmu-ipf. Fixes bug + 40601; bugfix on 0.3.5.11. + + o Minor bugfixes (metrics port, onion service): + - The MetricsPort line for an onion service with multiple ports are now + unique that is one line per port. Before this, all ports of an onion + service would be on the same line which violates the Prometheus rules of + unique labels. Fixes bug 40581; bugfix on 0.4.5.1-alpha. + + o Minor bugfixes (onion service, client): + - Fix a fatal assert due to a guard subsystem recursion triggered by + the onion service client. Fixes bug 40579; bugfix on 0.3.5.1-alpha. + + o Minor bugfixes (performance, DoS): + - Fix one case of a not-especially viable denial-of-service attack + found by OSS-Fuzz in our consensus-diff parsing code. This attack + causes a lot small of memory allocations and then immediately + frees them: this is only slow when running with all the sanitizers + enabled. Fixes one case of bug 40472; bugfix on 0.3.1.1-alpha. + + o Minor bugfixes (relay): + - Do not propagate either forward or backward a DESTROY remote reason when + closing a circuit in order to avoid a possible side channel. Fixes bug + 40649; bugfix on 0.1.2.4-alpha. + + +Changes in version 0.4.5.12 - 2022-02-04 + This version contains mostly minor bugfixes for which you can find the + details below. The previous release (0.4.5.11) was suppose to update the + GeoIP and fallbackdir lists but a problem in our release pipeline prevented + those files to be updated correctly. Thus, this release regenerates up to + date lists. Furthermore, another fix to highlight is that relays don't + advertise onion service v2 support at the protocol version level. + + o Minor feature (reproducible build): + - The repository can now build reproducible tarballs which adds the + build command "make dist-reprod" for that purpose. Closes + ticket 26299. + + o Minor features (compilation): + - Give an error message if trying to build with a version of + LibreSSL known not to work with Tor. (There's an incompatibility + with LibreSSL versions 3.2.1 through 3.4.0 inclusive because of + their incompatibility with OpenSSL 1.1.1's TLSv1.3 APIs.) Closes + ticket 40511. + + o Minor features (fallbackdir): + - Regenerate fallback directories generated on February 04, 2022. + + o Minor features (geoip data): + - Update the geoip files to match the IPFire Location Database, as + retrieved on 2022/02/04. + + o Minor bugfix (logging): + - Update a log notice dead URL to a working one. Fixes bug 40544; + bugfix on 0.3.5.1-alpha. + + o Minor bugfix (relay): + - Remove the HSDir and HSIntro onion service v2 protocol versions so + relay stop advertising that they support them. Fixes bug 40509; + bugfix on 0.3.5.17. + + o Minor bugfixes (compilation): + - Fix a compilation error when trying to build Tor with a compiler + that does not support expanding statitically initialized const + values in macro's. Fixes bug 40410; bugfix on 0.4.5.1-alpha + - Fix our configuration logic to detect whether we had OpenSSL 3: + previously, our logic was reversed. This has no other effect than + to change whether we suppress deprecated API warnings. Fixes bug + 40429; bugfix on 0.3.5.13. + + o Minor bugfixes (MetricsPort, Prometheus): + - Add double quotes to the label values of the onion service + metrics. Fixes bug 40552; bugfix on 0.4.5.1-alpha. + + o Minor bugfixes (relay): + - Reject IPv6-only DirPorts. Our reachability self-test forces + DirPorts to be IPv4, but our configuration parser allowed them to + be IPv6-only, which led to an assertion failure. Fixes bug 40494; + bugfix on 0.4.5.1-alpha. + + +Changes in version 0.4.5.11 - 2021-10-26 + The major change in this version is that v2 onion services are now + disabled at the client, service, and relay: any Tor nodes running this + version and onward will stop supporting v2 onion services. This is the + last step in the long deprecation process of v2 onion services. + Everyone running an earlier version, whether as a client, a relay, or + an onion service, should upgrade to Tor 0.3.5.17, 0.4.5.11, + or 0.4.6.8. + + o Major feature (onion service v2): + - See https://blog.torproject.org/v2-deprecation-timeline for + details on how to transition from v2 to v3. + - The control port commands HSFETCH and HSPOST no longer allow + version 2, and it is no longer possible to create a v2 service + with ADD_ONION. + - Tor no longer allows creating v2 services, or connecting as a + client to a v2 service. Relays will decline to be a v2 HSDir or + introduction point. This effectively disables onion service + version 2 Tor-wide. Closes ticket 40476. + + o Minor features (bridge, backport from 0.4.6.8): + - We now announce the URL to Tor's new bridge status at + https://bridges.torproject.org/ when Tor is configured to run as a + bridge relay. Closes ticket 30477. + + o Minor features (fallbackdir): + - Regenerate fallback directories for October 2021. Closes + ticket 40493. + + o Minor features (logging, diagnostic, backport from 0.4.6.5): + - Log decompression failures at a higher severity level, since they + can help provide missing context for other warning messages. We + rate-limit these messages, to avoid flooding the logs if they + begin to occur frequently. Closes ticket 40175. + + o Minor features (testing, backport from 0.4.6.8): + - On a testing network, relays can now use the + TestingMinTimeToReportBandwidth option to change the smallest + amount of time over which they're willing to report their observed + maximum bandwidth. Previously, this was fixed at 1 day. For + safety, values under 2 hours are only supported on testing + networks. Part of a fix for ticket 40337. + - Relays on testing networks no longer rate-limit how frequently + they are willing to report new bandwidth measurements. Part of a + fix for ticket 40337. + - Relays on testing networks now report their observed bandwidths + immediately from startup. Previously, they waited until they had + been running for a full day. Closes ticket 40337. + + o Minor bugfix (CI, onion service): + - Exclude onion service version 2 Stem tests in our CI. Fixes bug 40500; + bugfix on 0.3.2.1-alpha. + + o Minor bugfix (onion service, backport from 0.4.6.8): + - Do not flag an HSDir as non-running in case the descriptor upload + or fetch fails. An onion service closes pending directory + connections before uploading a new descriptor which can thus lead + to wrongly flagging many relays and thus affecting circuit building + path selection. Fixes bug 40434; bugfix on 0.2.0.13-alpha. + + o Minor bugfixes (compatibility, backport from 0.4.6.8): + - Fix compatibility with the most recent Libevent versions, which no + longer have an evdns_set_random_bytes() function. Because this + function has been a no-op since Libevent 2.0.4-alpha, it is safe + for us to just stop calling it. Fixes bug 40371; bugfix + on 0.2.1.7-alpha. + + o Minor bugfixes (consensus handling, backport from 0.4.6.4-rc): + - Avoid a set of bugs that could be caused by inconsistently + preferring an out-of-date consensus stored in a stale directory + cache over a more recent one stored on disk as the latest + consensus. Fixes bug 40375; bugfix on 0.3.1.1-alpha. + + o Minor bugfixes (onion service, TROVE-2021-008, backport from 0.4.6.8): + - Only log v2 access attempts once total, in order to not pollute + the logs with warnings and to avoid recording the times on disk + when v2 access was attempted. Note that the onion address was + _never_ logged. This counts as a Low-severity security issue. + Fixes bug 40474; bugfix on 0.4.5.8. + + Changes in version 0.4.5.10 - 2021-08-16 This version fixes several bugs from earlier versions of Tor, including one that could lead to a denial-of-service attack. Everyone @@ -14,7 +297,7 @@ CVE-2021-38385. Found by Henry de Valence. o Minor feature (fallbackdir): - - Regenerate fallback directories list. Close ticket 40447. + - Regenerate fallback directories list. Closes ticket 40447. o Minor features (geoip data): - Update the geoip files to match the IPFire Location Database, as diff -Nru tor-0.4.5.10/Makefile.am tor-0.4.5.16/Makefile.am --- tor-0.4.5.10/Makefile.am 2021-01-22 14:17:01.000000000 +0000 +++ tor-0.4.5.16/Makefile.am 2023-01-12 16:16:03.000000000 +0000 @@ -739,3 +739,7 @@ else \ echo "No bear command found. On debian, apt install bear"; \ fi + +# Reproducible tarball. We change the tar options for this. +dist-reprod: + $(MAKE) dist am__tar="$${TAR-tar} --format=gnu --owner=root --group=root --sort=name --mtime=\"`git show --no-patch --format='%ci'`\" -chof - $(distdir)" diff -Nru tor-0.4.5.10/Makefile.in tor-0.4.5.16/Makefile.in --- tor-0.4.5.10/Makefile.in 2021-08-16 13:15:36.000000000 +0000 +++ tor-0.4.5.16/Makefile.in 2023-01-12 16:16:03.000000000 +0000 @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.16.2 from Makefile.am. +# Makefile.in generated by automake 1.16 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2020 Free Software Foundation, Inc. +# Copyright (C) 1994-2018 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -4588,8 +4588,8 @@ src/test/test_hs_descriptor.inc src/test/vote_descriptors.inc \ src/test/fuzz/fuzzing.h HEADERS = $(noinst_HEADERS) -am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP) \ - orconfig.h.in +am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) \ + $(LISP)orconfig.h.in # Read a list of newline-separated strings from the standard input, # and print each of them once, without duplicates. Input order is # *not* preserved. @@ -5053,7 +5053,6 @@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ -runstatedir = @runstatedir@ rust_crates = @rust_crates@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ @@ -6720,23 +6719,21 @@ # run a quick test or two # this test only uses IPv4 -TEST_CHUTNEY_FLAVOR_QUICK = bridges+hs-v23 +TEST_CHUTNEY_FLAVOR_QUICK = bridges+hs-v3 # only run if we can ping6 ::1 (localhost) -TEST_CHUTNEY_FLAVOR_QUICK_IPV6 = single-onion-v23-ipv6-md +TEST_CHUTNEY_FLAVOR_QUICK_IPV6 = single-onion-v3-ipv6-md # run a basic set of tests, which only use IPv4 -TEST_CHUTNEY_FLAVORS = basic-min bridges-min hs-v23-min single-onion-v23 +TEST_CHUTNEY_FLAVORS = basic-min bridges-min hs-v3-min single-onion-v3 # only run if we can ping ::1 (localhost) -TEST_CHUTNEY_FLAVORS_IPV6 = bridges+ipv6-min ipv6-exit-min hs-v23-ipv6-md \ - single-onion-v23-ipv6-md - +TEST_CHUTNEY_FLAVORS_IPV6 = bridges+ipv6-min ipv6-exit-min hs-v3-ipv6 single-onion-v3-ipv6-md # only run if we can find a stable (or simply another) version of tor -TEST_CHUTNEY_FLAVORS_MIXED = mixed+hs-v23 +TEST_CHUTNEY_FLAVORS_MIXED = mixed+hs-v3 # only run if IPv6 and mixed networks are run -TEST_CHUTNEY_FLAVORS_IPV6_MIXED = mixed+hs-v23-ipv6 +TEST_CHUTNEY_FLAVORS_IPV6_MIXED = mixed+hs-v3-ipv6 src_test_AM_CPPFLAGS = -DSHARE_DATADIR="\"$(datadir)\"" \ -DLOCALSTATEDIR="\"$(localstatedir)\"" \ -DBINDIR="\"$(bindir)\"" \ @@ -22729,10 +22726,6 @@ tardir=$(distdir) && $(am__tar) | XZ_OPT=$${XZ_OPT--e} xz -c >$(distdir).tar.xz $(am__post_remove_distdir) -dist-zstd: distdir - tardir=$(distdir) && $(am__tar) | zstd -c $${ZSTD_CLEVEL-$${ZSTD_OPT--19}} >$(distdir).tar.zst - $(am__post_remove_distdir) - dist-tarZ: distdir @echo WARNING: "Support for distribution archives compressed with" \ "legacy program 'compress' is deprecated." >&2 @@ -22775,8 +22768,6 @@ eval GZIP= gzip $(GZIP_ENV) -dc $(distdir).shar.gz | unshar ;;\ *.zip*) \ unzip $(distdir).zip ;;\ - *.tar.zst*) \ - zstd -dc $(distdir).tar.zst | $(am__untar) ;;\ esac chmod -R a-w $(distdir) chmod u+w $(distdir) @@ -25152,23 +25143,22 @@ clean-cscope clean-generic clean-local clean-noinstLIBRARIES \ clean-noinstPROGRAMS cscope cscopelist-am ctags ctags-am dist \ dist-all dist-bzip2 dist-gzip dist-lzip dist-shar dist-tarZ \ - dist-xz dist-zip dist-zstd distcheck distclean \ - distclean-compile distclean-generic distclean-hdr \ - distclean-local distclean-tags distcleancheck distdir \ - distuninstallcheck dvi dvi-am html html-am info info-am \ - install install-am install-binPROGRAMS install-binSCRIPTS \ - install-confDATA install-data install-data-am install-docDATA \ - install-dvi install-dvi-am install-exec install-exec-am \ - install-html install-html-am install-info install-info-am \ - install-man install-man1 install-pdf install-pdf-am install-ps \ - install-ps-am install-strip install-tordataDATA installcheck \ - installcheck-am installdirs maintainer-clean \ - maintainer-clean-generic mostlyclean mostlyclean-compile \ - mostlyclean-generic mostlyclean-local pdf pdf-am ps ps-am \ - recheck tags tags-am uninstall uninstall-am \ - uninstall-binPROGRAMS uninstall-binSCRIPTS uninstall-confDATA \ - uninstall-docDATA uninstall-man uninstall-man1 \ - uninstall-tordataDATA + dist-xz dist-zip distcheck distclean distclean-compile \ + distclean-generic distclean-hdr distclean-local distclean-tags \ + distcleancheck distdir distuninstallcheck dvi dvi-am html \ + html-am info info-am install install-am install-binPROGRAMS \ + install-binSCRIPTS install-confDATA install-data \ + install-data-am install-docDATA install-dvi install-dvi-am \ + install-exec install-exec-am install-html install-html-am \ + install-info install-info-am install-man install-man1 \ + install-pdf install-pdf-am install-ps install-ps-am \ + install-strip install-tordataDATA installcheck installcheck-am \ + installdirs maintainer-clean maintainer-clean-generic \ + mostlyclean mostlyclean-compile mostlyclean-generic \ + mostlyclean-local pdf pdf-am ps ps-am recheck tags tags-am \ + uninstall uninstall-am uninstall-binPROGRAMS \ + uninstall-binSCRIPTS uninstall-confDATA uninstall-docDATA \ + uninstall-man uninstall-man1 uninstall-tordataDATA .PRECIOUS: Makefile @@ -25741,6 +25731,10 @@ echo "No bear command found. On debian, apt install bear"; \ fi +# Reproducible tarball. We change the tar options for this. +dist-reprod: + $(MAKE) dist am__tar="$${TAR-tar} --format=gnu --owner=root --group=root --sort=name --mtime=\"`git show --no-patch --format='%ci'`\" -chof - $(distdir)" + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: diff -Nru tor-0.4.5.10/ReleaseNotes tor-0.4.5.16/ReleaseNotes --- tor-0.4.5.10/ReleaseNotes 2021-08-16 19:34:13.000000000 +0000 +++ tor-0.4.5.16/ReleaseNotes 2023-01-12 16:16:03.000000000 +0000 @@ -2,6 +2,292 @@ release of Tor. If you want to see more detailed descriptions of the changes in each development snapshot, see the ChangeLog file. +Changes in version 0.4.5.16 - 2023-01-12 + This version has one major bugfix for relay and a security fix, + TROVE-2022-002, affecting clients. We strongly recommend to upgrade to our + 0.4.7.x stable series. As a reminder, this series is EOL on February 15th, + 2023. + + o Major bugfixes (relay): + - When opening a channel because of a circuit request that did not + include an Ed25519 identity, record the Ed25519 identity that we + actually received, so that we can use the channel for other + circuit requests that _do_ list an Ed25519 identity. (Previously + we had code to record this identity, but a logic bug caused it to + be disabled.) Fixes bug 40563; bugfix on 0.3.0.1-alpha. Patch + from "cypherpunks". + + o Major bugfixes (TROVE-2022-002, client): + - The SafeSocks option had its logic inverted for SOCKS4 and + SOCKS4a. It would let the unsafe SOCKS4 pass but not the safe + SOCKS4a one. This is TROVE-2022-002 which was reported on + Hackerone by "cojabo". Fixes bug 40730; bugfix on 0.3.5.1-alpha. + + o Minor features (fallbackdir): + - Regenerate fallback directories generated on January 12, 2023. + + o Minor features (geoip data): + - Update the geoip files to match the IPFire Location Database, as + retrieved on 2023/01/12. + + +Changes in version 0.4.5.15 - 2022-12-06 + This version has several major changes for directory authorities. And a + major bugfix on OSX. Again, we strongly recommend to upgrade to our 0.4.7.x + series latest stable. This series is EOL on February 15th, 2023. + + o Directory authority changes (dizum): + - Change dizum IP address. Closes ticket 40687. + + o Directory authority changes (Faravahar): + - Remove Faravahar until its operator, Sina, set it back up online + outside of Team Cymru network. Closes ticket 40688. + + o Directory authority changes (moria1): + - Rotate the relay identity key and v3 identity key for moria1. They + have been online for more than a decade and refreshing keys + periodically is good practice. Advertise new ports too, to avoid + confusion. Closes ticket 40722. + + o Major bugfixes (OSX): + - Fix coarse-time computation on Apple platforms (like Mac M1) where + the Mach absolute time ticks do not correspond directly to + nanoseconds. Previously, we computed our shift value wrong, which + led us to give incorrect timing results. Fixes bug 40684; bugfix + on 0.3.3.1-alpha. + + o Major bugfixes (relay): + - Improve security of our DNS cache by randomly clipping the TTL + value. TROVE-2021-009. Fixes bug 40674; bugfix on 0.3.5.1-alpha. + + o Minor features (fallbackdir): + - Regenerate fallback directories generated on December 06, 2022. + + o Minor features (geoip data): + - Update the geoip files to match the IPFire Location Database, as + retrieved on 2022/12/06. + + +Changes in version 0.4.5.14 - 2022-08-12 + This version updates the geoip cache that we generate from IPFire location + database to use the August 9th, 2022 one. Everyone MUST update to this + latest release else circuit path selection and relay metrics are badly + affected. + + o Major bugfixes (geoip data): + - IPFire informed us on August 12th that databases generated after + (including) August 10th did not have proper ARIN network allocations. We + are updating the database to use the one generated on August 9th, 2022. + Fixes bug 40658; bugfix on 0.4.5.13. + + +Changes in version 0.4.5.13 - 2022-08-11 + This version contains two major fixes aimed at reducing memory pressure on + relays and possible side-channel. The rest of the fixes were backported for + stability or safety purposes. We strongly recommend to upgrade your relay to + this version or, ideally, to the latest stable of the 0.4.7.x series. + + o Major bugfixes (relay): + - Remove OR connections btrack subsystem entries when the connections + close normally. Before this, we would only remove the entry on error and + thus leaking memory for each normal OR connections. Fixes bug 40604; + bugfix on 0.4.0.1-alpha. + - Stop sending TRUNCATED cell and instead close the circuit from which we + received a DESTROY cell. This makes every relay in the circuit path to + stop queuing cells. Fixes bug 40623; bugfix on 0.1.0.2-rc. + + o Minor features (fallbackdir): + - Regenerate fallback directories generated on August 11, 2022. + + o Minor features (geoip data): + - Update the geoip files to match the IPFire Location Database, as + retrieved on 2022/08/11. + + o Minor features (linux seccomp2 sandbox): + - Permit the clone3 syscall, which is apparently used in glibc-2.34 + and later. Closes ticket 40590. + + o Minor bugfixes (controller, path bias): + - When a circuit's path is specified, in full or in part, from the + controller API, do not count that circuit towards our path-bias + calculations. (Doing so was incorrect, since we cannot tell + whether the controller is selecting relays randomly.) Resolves a + "Bug" warning. Fixes bug 40515; bugfix on 0.2.4.10-alpha. + + o Minor bugfixes (defense in depth): + - Change a test in the netflow padding code to make it more + _obviously_ safe against remotely triggered crashes. (It was safe + against these before, but not obviously so.) Fixes bug 40645; + bugfix on 0.3.1.1-alpha. + + o Minor bugfixes (linux seccomp2 sandbox): + - Allow the rseq system call in the sandbox. This solves a crash + issue with glibc 2.35 on Linux. Patch from pmu-ipf. Fixes bug + 40601; bugfix on 0.3.5.11. + + o Minor bugfixes (metrics port, onion service): + - The MetricsPort line for an onion service with multiple ports are now + unique that is one line per port. Before this, all ports of an onion + service would be on the same line which violates the Prometheus rules of + unique labels. Fixes bug 40581; bugfix on 0.4.5.1-alpha. + + o Minor bugfixes (onion service, client): + - Fix a fatal assert due to a guard subsystem recursion triggered by + the onion service client. Fixes bug 40579; bugfix on 0.3.5.1-alpha. + + o Minor bugfixes (performance, DoS): + - Fix one case of a not-especially viable denial-of-service attack + found by OSS-Fuzz in our consensus-diff parsing code. This attack + causes a lot small of memory allocations and then immediately + frees them: this is only slow when running with all the sanitizers + enabled. Fixes one case of bug 40472; bugfix on 0.3.1.1-alpha. + + o Minor bugfixes (relay): + - Do not propagate either forward or backward a DESTROY remote reason when + closing a circuit in order to avoid a possible side channel. Fixes bug + 40649; bugfix on 0.1.2.4-alpha. + + +Changes in version 0.4.5.12 - 2022-02-04 + This version contains mostly minor bugfixes for which you can find the + details below. The previous release (0.4.5.11) was suppose to update the + GeoIP and fallbackdir lists but a problem in our release pipeline prevented + those files to be updated correctly. Thus, this release regenerates up to + date lists. Furthermore, another fix to highlight is that relays don't + advertise onion service v2 support at the protocol version level. + + o Minor feature (reproducible build): + - The repository can now build reproducible tarballs which adds the + build command "make dist-reprod" for that purpose. Closes + ticket 26299. + + o Minor features (compilation): + - Give an error message if trying to build with a version of + LibreSSL known not to work with Tor. (There's an incompatibility + with LibreSSL versions 3.2.1 through 3.4.0 inclusive because of + their incompatibility with OpenSSL 1.1.1's TLSv1.3 APIs.) Closes + ticket 40511. + + o Minor features (fallbackdir): + - Regenerate fallback directories generated on December 15, 2021. + - Regenerate fallback directories generated on February 04, 2022. + + o Minor features (geoip data): + - Update the geoip files to match the IPFire Location Database, as + retrieved on 2021/12/15. + - Update the geoip files to match the IPFire Location Database, as + retrieved on 2022/02/04. + + o Minor bugfix (logging): + - Update a log notice dead URL to a working one. Fixes bug 40544; + bugfix on 0.3.5.1-alpha. + + o Minor bugfix (relay): + - Remove the HSDir and HSIntro onion service v2 protocol versions so + relay stop advertising that they support them. Fixes bug 40509; + bugfix on 0.3.5.17. + + o Minor bugfixes (compilation): + - Fix a compilation error when trying to build Tor with a compiler + that does not support expanding statitically initialized const + values in macro's. Fixes bug 40410; bugfix on 0.4.5.1-alpha + - Fix our configuration logic to detect whether we had OpenSSL 3: + previously, our logic was reversed. This has no other effect than + to change whether we suppress deprecated API warnings. Fixes bug + 40429; bugfix on 0.3.5.13. + + o Minor bugfixes (MetricsPort, Prometheus): + - Add double quotes to the label values of the onion service + metrics. Fixes bug 40552; bugfix on 0.4.5.1-alpha. + + o Minor bugfixes (relay): + - Reject IPv6-only DirPorts. Our reachability self-test forces + DirPorts to be IPv4, but our configuration parser allowed them to + be IPv6-only, which led to an assertion failure. Fixes bug 40494; + bugfix on 0.4.5.1-alpha. + + +Changes in version 0.4.5.11 - 2021-10-26 + The major change in this version is that v2 onion services are now + disabled at the client, service, and relay: any Tor nodes running this + version and onward will stop supporting v2 onion services. This is the + last step in the long deprecation process of v2 onion services. + Everyone running an earlier version, whether as a client, a relay, or + an onion service, should upgrade to Tor 0.3.5.17, 0.4.5.11, + or 0.4.6.8. + + o Major feature (onion service v2): + - See https://blog.torproject.org/v2-deprecation-timeline for + details on how to transition from v2 to v3. + - The control port commands HSFETCH and HSPOST no longer allow + version 2, and it is no longer possible to create a v2 service + with ADD_ONION. + - Tor no longer allows creating v2 services, or connecting as a + client to a v2 service. Relays will decline to be a v2 HSDir or + introduction point. This effectively disables onion service + version 2 Tor-wide. Closes ticket 40476. + + o Minor features (bridge, backport from 0.4.6.8): + - We now announce the URL to Tor's new bridge status at + https://bridges.torproject.org/ when Tor is configured to run as a + bridge relay. Closes ticket 30477. + + o Minor features (fallbackdir): + - Regenerate fallback directories for October 2021. Closes + ticket 40493. + + o Minor features (logging, diagnostic, backport from 0.4.6.5): + - Log decompression failures at a higher severity level, since they + can help provide missing context for other warning messages. We + rate-limit these messages, to avoid flooding the logs if they + begin to occur frequently. Closes ticket 40175. + + o Minor features (testing, backport from 0.4.6.8): + - On a testing network, relays can now use the + TestingMinTimeToReportBandwidth option to change the smallest + amount of time over which they're willing to report their observed + maximum bandwidth. Previously, this was fixed at 1 day. For + safety, values under 2 hours are only supported on testing + networks. Part of a fix for ticket 40337. + - Relays on testing networks no longer rate-limit how frequently + they are willing to report new bandwidth measurements. Part of a + fix for ticket 40337. + - Relays on testing networks now report their observed bandwidths + immediately from startup. Previously, they waited until they had + been running for a full day. Closes ticket 40337. + + o Minor bugfix (CI, onion service): + - Exclude onion service version 2 Stem tests in our CI. Fixes bug 40500; + bugfix on 0.3.2.1-alpha. + + o Minor bugfix (onion service, backport from 0.4.6.8): + - Do not flag an HSDir as non-running in case the descriptor upload + or fetch fails. An onion service closes pending directory + connections before uploading a new descriptor which can thus lead + to wrongly flagging many relays and thus affecting circuit building + path selection. Fixes bug 40434; bugfix on 0.2.0.13-alpha. + + o Minor bugfixes (compatibility, backport from 0.4.6.8): + - Fix compatibility with the most recent Libevent versions, which no + longer have an evdns_set_random_bytes() function. Because this + function has been a no-op since Libevent 2.0.4-alpha, it is safe + for us to just stop calling it. Fixes bug 40371; bugfix + on 0.2.1.7-alpha. + + o Minor bugfixes (consensus handling, backport from 0.4.6.4-rc): + - Avoid a set of bugs that could be caused by inconsistently + preferring an out-of-date consensus stored in a stale directory + cache over a more recent one stored on disk as the latest + consensus. Fixes bug 40375; bugfix on 0.3.1.1-alpha. + + o Minor bugfixes (onion service, TROVE-2021-008, backport from 0.4.6.8): + - Only log v2 access attempts once total, in order to not pollute + the logs with warnings and to avoid recording the times on disk + when v2 access was attempted. Note that the onion address was + _never_ logged. This counts as a Low-severity security issue. + Fixes bug 40474; bugfix on 0.4.5.8. + + Changes in version 0.4.5.10 - 2021-08-16 This version fixes several bugs from earlier versions of Tor, including one that could lead to a denial-of-service attack. Everyone running an earlier @@ -18,7 +304,7 @@ Valence. o Minor feature (fallbackdir): - - Regenerate fallback directories list. Close ticket 40447. + - Regenerate fallback directories list. Closes ticket 40447. o Minor features (geoip data): - Update the geoip files to match the IPFire Location Database, diff -Nru tor-0.4.5.10/aclocal.m4 tor-0.4.5.16/aclocal.m4 --- tor-0.4.5.10/aclocal.m4 2021-08-16 13:15:35.000000000 +0000 +++ tor-0.4.5.16/aclocal.m4 2023-01-12 16:16:03.000000000 +0000 @@ -1,6 +1,6 @@ -# generated automatically by aclocal 1.16.2 -*- Autoconf -*- +# generated automatically by aclocal 1.16 -*- Autoconf -*- -# Copyright (C) 1996-2020 Free Software Foundation, Inc. +# Copyright (C) 1996-2018 Free Software Foundation, Inc. # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -20,7 +20,7 @@ If you have problems, you may need to regenerate the build system entirely. To do so, use the procedure documented by the package, typically 'autoreconf'.])]) -# Copyright (C) 2002-2020 Free Software Foundation, Inc. +# Copyright (C) 2002-2018 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -35,7 +35,7 @@ [am__api_version='1.16' dnl Some users find AM_AUTOMAKE_VERSION and mistake it for a way to dnl require some minimum version. Point them to the right macro. -m4_if([$1], [1.16.2], [], +m4_if([$1], [1.16], [], [AC_FATAL([Do not call $0, use AM_INIT_AUTOMAKE([$1]).])])dnl ]) @@ -51,12 +51,12 @@ # Call AM_AUTOMAKE_VERSION and AM_AUTOMAKE_VERSION so they can be traced. # This function is AC_REQUIREd by AM_INIT_AUTOMAKE. AC_DEFUN([AM_SET_CURRENT_AUTOMAKE_VERSION], -[AM_AUTOMAKE_VERSION([1.16.2])dnl +[AM_AUTOMAKE_VERSION([1.16])dnl m4_ifndef([AC_AUTOCONF_VERSION], [m4_copy([m4_PACKAGE_VERSION], [AC_AUTOCONF_VERSION])])dnl _AM_AUTOCONF_VERSION(m4_defn([AC_AUTOCONF_VERSION]))]) -# Copyright (C) 2011-2020 Free Software Foundation, Inc. +# Copyright (C) 2011-2018 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -118,7 +118,7 @@ # AM_AUX_DIR_EXPAND -*- Autoconf -*- -# Copyright (C) 2001-2020 Free Software Foundation, Inc. +# Copyright (C) 2001-2018 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -170,7 +170,7 @@ # AM_COND_IF -*- Autoconf -*- -# Copyright (C) 2008-2020 Free Software Foundation, Inc. +# Copyright (C) 2008-2018 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -207,7 +207,7 @@ # AM_CONDITIONAL -*- Autoconf -*- -# Copyright (C) 1997-2020 Free Software Foundation, Inc. +# Copyright (C) 1997-2018 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -238,7 +238,7 @@ Usually this means the macro was only invoked conditionally.]]) fi])]) -# Copyright (C) 1999-2020 Free Software Foundation, Inc. +# Copyright (C) 1999-2018 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -429,7 +429,7 @@ # Generate code to set up dependency tracking. -*- Autoconf -*- -# Copyright (C) 1999-2020 Free Software Foundation, Inc. +# Copyright (C) 1999-2018 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -468,9 +468,7 @@ done if test $am_rc -ne 0; then AC_MSG_FAILURE([Something went wrong bootstrapping makefile fragments - for automatic dependency tracking. If GNU make was not used, consider - re-running the configure script with MAKE="gmake" (or whatever is - necessary). You can also try re-running configure with the + for automatic dependency tracking. Try re-running configure with the '--disable-dependency-tracking' option to at least be able to build the package (albeit without support for automatic dependency tracking).]) fi @@ -497,7 +495,7 @@ # Do all the work for Automake. -*- Autoconf -*- -# Copyright (C) 1996-2020 Free Software Foundation, Inc. +# Copyright (C) 1996-2018 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -694,7 +692,7 @@ done echo "timestamp for $_am_arg" >`AS_DIRNAME(["$_am_arg"])`/stamp-h[]$_am_stamp_count]) -# Copyright (C) 2001-2020 Free Software Foundation, Inc. +# Copyright (C) 2001-2018 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -715,7 +713,7 @@ fi AC_SUBST([install_sh])]) -# Copyright (C) 2003-2020 Free Software Foundation, Inc. +# Copyright (C) 2003-2018 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -736,7 +734,7 @@ # Check to see how 'make' treats includes. -*- Autoconf -*- -# Copyright (C) 2001-2020 Free Software Foundation, Inc. +# Copyright (C) 2001-2018 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -779,7 +777,7 @@ # Fake the existence of programs that GNU maintainers use. -*- Autoconf -*- -# Copyright (C) 1997-2020 Free Software Foundation, Inc. +# Copyright (C) 1997-2018 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -818,7 +816,7 @@ # Helper functions for option handling. -*- Autoconf -*- -# Copyright (C) 2001-2020 Free Software Foundation, Inc. +# Copyright (C) 2001-2018 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -847,7 +845,7 @@ AC_DEFUN([_AM_IF_OPTION], [m4_ifset(_AM_MANGLE_OPTION([$1]), [$2], [$3])]) -# Copyright (C) 1999-2020 Free Software Foundation, Inc. +# Copyright (C) 1999-2018 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -894,7 +892,7 @@ # For backward compatibility. AC_DEFUN_ONCE([AM_PROG_CC_C_O], [AC_REQUIRE([AC_PROG_CC])]) -# Copyright (C) 2001-2020 Free Software Foundation, Inc. +# Copyright (C) 2001-2018 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -913,7 +911,7 @@ # Check to make sure that the build environment is sane. -*- Autoconf -*- -# Copyright (C) 1996-2020 Free Software Foundation, Inc. +# Copyright (C) 1996-2018 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -994,7 +992,7 @@ rm -f conftest.file ]) -# Copyright (C) 2009-2020 Free Software Foundation, Inc. +# Copyright (C) 2009-2018 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -1054,7 +1052,7 @@ _AM_SUBST_NOTMAKE([AM_BACKSLASH])dnl ]) -# Copyright (C) 2001-2020 Free Software Foundation, Inc. +# Copyright (C) 2001-2018 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -1082,7 +1080,7 @@ INSTALL_STRIP_PROGRAM="\$(install_sh) -c -s" AC_SUBST([INSTALL_STRIP_PROGRAM])]) -# Copyright (C) 2006-2020 Free Software Foundation, Inc. +# Copyright (C) 2006-2018 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -1101,7 +1099,7 @@ # Check how to create a tarball. -*- Autoconf -*- -# Copyright (C) 2004-2020 Free Software Foundation, Inc. +# Copyright (C) 2004-2018 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, diff -Nru tor-0.4.5.10/ar-lib tor-0.4.5.16/ar-lib --- tor-0.4.5.10/ar-lib 2020-11-21 20:17:10.000000000 +0000 +++ tor-0.4.5.16/ar-lib 2023-01-12 16:16:03.000000000 +0000 @@ -2,9 +2,9 @@ # Wrapper for Microsoft lib.exe me=ar-lib -scriptversion=2019-07-04.01; # UTC +scriptversion=2012-03-01.08; # UTC -# Copyright (C) 2010-2020 Free Software Foundation, Inc. +# Copyright (C) 2010-2018 Free Software Foundation, Inc. # Written by Peter Rosin . # # This program is free software; you can redistribute it and/or modify @@ -53,7 +53,7 @@ MINGW*) file_conv=mingw ;; - CYGWIN* | MSYS*) + CYGWIN*) file_conv=cygwin ;; *) @@ -65,7 +65,7 @@ mingw) file=`cmd //C echo "$file " | sed -e 's/"\(.*\) " *$/\1/'` ;; - cygwin | msys) + cygwin) file=`cygpath -m "$file" || echo "$file"` ;; wine) @@ -224,11 +224,10 @@ esac done else - $AR -NOLOGO -LIST "$archive" | tr -d '\r' | sed -e 's/\\/\\\\/g' \ - | while read member - do - $AR -NOLOGO -EXTRACT:"$member" "$archive" || exit $? - done + $AR -NOLOGO -LIST "$archive" | sed -e 's/\\/\\\\/g' | while read member + do + $AR -NOLOGO -EXTRACT:"$member" "$archive" || exit $? + done fi elif test -n "$quick$replace"; then diff -Nru tor-0.4.5.10/compile tor-0.4.5.16/compile --- tor-0.4.5.10/compile 2020-11-21 20:17:10.000000000 +0000 +++ tor-0.4.5.16/compile 2023-01-12 16:16:03.000000000 +0000 @@ -1,9 +1,9 @@ #! /bin/sh # Wrapper for compilers which do not understand '-c -o'. -scriptversion=2018-03-07.03; # UTC +scriptversion=2017-09-16.17; # UTC -# Copyright (C) 1999-2020 Free Software Foundation, Inc. +# Copyright (C) 1999-2018 Free Software Foundation, Inc. # Written by Tom Tromey . # # This program is free software; you can redistribute it and/or modify @@ -53,7 +53,7 @@ MINGW*) file_conv=mingw ;; - CYGWIN* | MSYS*) + CYGWIN*) file_conv=cygwin ;; *) @@ -67,7 +67,7 @@ mingw/*) file=`cmd //C echo "$file " | sed -e 's/"\(.*\) " *$/\1/'` ;; - cygwin/* | msys/*) + cygwin/*) file=`cygpath -m "$file" || echo "$file"` ;; wine/*) @@ -340,7 +340,7 @@ # Local Variables: # mode: shell-script # sh-indentation: 2 -# eval: (add-hook 'before-save-hook 'time-stamp) +# eval: (add-hook 'write-file-hooks 'time-stamp) # time-stamp-start: "scriptversion=" # time-stamp-format: "%:y-%02m-%02d.%02H" # time-stamp-time-zone: "UTC0" diff -Nru tor-0.4.5.10/config.guess tor-0.4.5.16/config.guess --- tor-0.4.5.10/config.guess 2020-11-21 20:17:10.000000000 +0000 +++ tor-0.4.5.16/config.guess 2023-01-12 16:16:03.000000000 +0000 @@ -2,7 +2,7 @@ # Attempt to guess a canonical system name. # Copyright 1992-2018 Free Software Foundation, Inc. -timestamp='2018-08-29' +timestamp='2018-02-24' # This file is free software; you can redistribute it and/or modify it # under the terms of the GNU General Public License as published by @@ -84,6 +84,8 @@ exit 1 fi +trap 'exit 1' 1 2 15 + # CC_FOR_BUILD -- compiler used by this script. Note that the use of a # compiler to aid in system detection is discouraged as it requires # temporary files to be created and, as you can see below, it is a @@ -94,39 +96,34 @@ # Portable tmp directory creation inspired by the Autoconf team. -tmp= -# shellcheck disable=SC2172 -trap 'test -z "$tmp" || rm -fr "$tmp"' 1 2 13 15 -trap 'exitcode=$?; test -z "$tmp" || rm -fr "$tmp"; exit $exitcode' 0 - -set_cc_for_build() { - : "${TMPDIR=/tmp}" - # shellcheck disable=SC2039 - { tmp=`(umask 077 && mktemp -d "$TMPDIR/cgXXXXXX") 2>/dev/null` && test -n "$tmp" && test -d "$tmp" ; } || - { test -n "$RANDOM" && tmp=$TMPDIR/cg$$-$RANDOM && (umask 077 && mkdir "$tmp" 2>/dev/null) ; } || - { tmp=$TMPDIR/cg-$$ && (umask 077 && mkdir "$tmp" 2>/dev/null) && echo "Warning: creating insecure temp directory" >&2 ; } || - { echo "$me: cannot create a temporary directory in $TMPDIR" >&2 ; exit 1 ; } - dummy=$tmp/dummy - case ${CC_FOR_BUILD-},${HOST_CC-},${CC-} in - ,,) echo "int x;" > "$dummy.c" - for driver in cc gcc c89 c99 ; do - if ($driver -c -o "$dummy.o" "$dummy.c") >/dev/null 2>&1 ; then - CC_FOR_BUILD="$driver" - break - fi - done - if test x"$CC_FOR_BUILD" = x ; then - CC_FOR_BUILD=no_compiler_found - fi - ;; - ,,*) CC_FOR_BUILD=$CC ;; - ,*,*) CC_FOR_BUILD=$HOST_CC ;; - esac -} +set_cc_for_build=' +trap "exitcode=\$?; (rm -f \$tmpfiles 2>/dev/null; rmdir \$tmp 2>/dev/null) && exit \$exitcode" 0 ; +trap "rm -f \$tmpfiles 2>/dev/null; rmdir \$tmp 2>/dev/null; exit 1" 1 2 13 15 ; +: ${TMPDIR=/tmp} ; + { tmp=`(umask 077 && mktemp -d "$TMPDIR/cgXXXXXX") 2>/dev/null` && test -n "$tmp" && test -d "$tmp" ; } || + { test -n "$RANDOM" && tmp=$TMPDIR/cg$$-$RANDOM && (umask 077 && mkdir $tmp) ; } || + { tmp=$TMPDIR/cg-$$ && (umask 077 && mkdir $tmp) && echo "Warning: creating insecure temp directory" >&2 ; } || + { echo "$me: cannot create a temporary directory in $TMPDIR" >&2 ; exit 1 ; } ; +dummy=$tmp/dummy ; +tmpfiles="$dummy.c $dummy.o $dummy.rel $dummy" ; +case $CC_FOR_BUILD,$HOST_CC,$CC in + ,,) echo "int x;" > "$dummy.c" ; + for c in cc gcc c89 c99 ; do + if ($c -c -o "$dummy.o" "$dummy.c") >/dev/null 2>&1 ; then + CC_FOR_BUILD="$c"; break ; + fi ; + done ; + if test x"$CC_FOR_BUILD" = x ; then + CC_FOR_BUILD=no_compiler_found ; + fi + ;; + ,,*) CC_FOR_BUILD=$CC ;; + ,*,*) CC_FOR_BUILD=$HOST_CC ;; +esac ; set_cc_for_build= ;' # This is needed to find uname on a Pyramid OSx when run in the BSD universe. # (ghazi@noc.rutgers.edu 1994-08-24) -if test -f /.attbin/uname ; then +if (test -f /.attbin/uname) >/dev/null 2>&1 ; then PATH=$PATH:/.attbin ; export PATH fi @@ -141,7 +138,7 @@ # We could probably try harder. LIBC=gnu - set_cc_for_build + eval "$set_cc_for_build" cat <<-EOF > "$dummy.c" #include #if defined(__UCLIBC__) @@ -202,7 +199,7 @@ os=netbsdelf ;; arm*|i386|m68k|ns32k|sh3*|sparc|vax) - set_cc_for_build + eval "$set_cc_for_build" if echo __ELF__ | $CC_FOR_BUILD -E - 2>/dev/null \ | grep -q __ELF__ then @@ -240,7 +237,7 @@ # Since CPU_TYPE-MANUFACTURER-KERNEL-OPERATING_SYSTEM: # contains redundant information, the shorter form: # CPU_TYPE-MANUFACTURER-OPERATING_SYSTEM is used. - echo "$machine-${os}${release}${abi-}" + echo "$machine-${os}${release}${abi}" exit ;; *:Bitrig:*:*) UNAME_MACHINE_ARCH=`arch | sed 's/Bitrig.//'` @@ -392,15 +389,20 @@ echo i386-pc-auroraux"$UNAME_RELEASE" exit ;; i86pc:SunOS:5.*:* | i86xen:SunOS:5.*:*) - UNAME_REL="`echo "$UNAME_RELEASE" | sed -e 's/[^.]*//'`" - case `isainfo -b` in - 32) - echo i386-pc-solaris2"$UNAME_REL" - ;; - 64) - echo x86_64-pc-solaris2"$UNAME_REL" - ;; - esac + eval "$set_cc_for_build" + SUN_ARCH=i386 + # If there is a compiler, see if it is configured for 64-bit objects. + # Note that the Sun cc does not turn __LP64__ into 1 like gcc does. + # This test works for both compilers. + if [ "$CC_FOR_BUILD" != no_compiler_found ]; then + if (echo '#ifdef __amd64'; echo IS_64BIT_ARCH; echo '#endif') | \ + (CCOPTS="" $CC_FOR_BUILD -E - 2>/dev/null) | \ + grep IS_64BIT_ARCH >/dev/null + then + SUN_ARCH=x86_64 + fi + fi + echo "$SUN_ARCH"-pc-solaris2"`echo "$UNAME_RELEASE"|sed -e 's/[^.]*//'`" exit ;; sun4*:SunOS:6*:*) # According to config.sub, this is the proper way to canonicalize @@ -480,7 +482,7 @@ echo clipper-intergraph-clix"$UNAME_RELEASE" exit ;; mips:*:*:UMIPS | mips:*:*:RISCos) - set_cc_for_build + eval "$set_cc_for_build" sed 's/^ //' << EOF > "$dummy.c" #ifdef __cplusplus #include /* for printf() prototype */ @@ -577,7 +579,7 @@ exit ;; *:AIX:2:3) if grep bos325 /usr/include/stdio.h >/dev/null 2>&1; then - set_cc_for_build + eval "$set_cc_for_build" sed 's/^ //' << EOF > "$dummy.c" #include @@ -658,7 +660,7 @@ esac fi if [ "$HP_ARCH" = "" ]; then - set_cc_for_build + eval "$set_cc_for_build" sed 's/^ //' << EOF > "$dummy.c" #define _HPUX_SOURCE @@ -698,7 +700,7 @@ esac if [ "$HP_ARCH" = hppa2.0w ] then - set_cc_for_build + eval "$set_cc_for_build" # hppa2.0w-hp-hpux* has a 64-bit kernel and a compiler generating # 32-bit code. hppa64-hp-hpux* has the same kernel and a compiler @@ -724,7 +726,7 @@ echo ia64-hp-hpux"$HPUX_REV" exit ;; 3050*:HI-UX:*:*) - set_cc_for_build + eval "$set_cc_for_build" sed 's/^ //' << EOF > "$dummy.c" #include int @@ -838,17 +840,6 @@ *:BSD/OS:*:*) echo "$UNAME_MACHINE"-unknown-bsdi"$UNAME_RELEASE" exit ;; - arm:FreeBSD:*:*) - UNAME_PROCESSOR=`uname -p` - set_cc_for_build - if echo __ARM_PCS_VFP | $CC_FOR_BUILD -E - 2>/dev/null \ - | grep -q __ARM_PCS_VFP - then - echo "${UNAME_PROCESSOR}"-unknown-freebsd"`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'`"-gnueabi - else - echo "${UNAME_PROCESSOR}"-unknown-freebsd"`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'`"-gnueabihf - fi - exit ;; *:FreeBSD:*:*) UNAME_PROCESSOR=`/usr/bin/uname -p` case "$UNAME_PROCESSOR" in @@ -903,8 +894,8 @@ # other systems with GNU libc and userland echo "$UNAME_MACHINE-unknown-`echo "$UNAME_SYSTEM" | sed 's,^[^/]*/,,' | tr "[:upper:]" "[:lower:]"``echo "$UNAME_RELEASE"|sed -e 's/[-(].*//'`-$LIBC" exit ;; - *:Minix:*:*) - echo "$UNAME_MACHINE"-unknown-minix + i*86:Minix:*:*) + echo "$UNAME_MACHINE"-pc-minix exit ;; aarch64:Linux:*:*) echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" @@ -931,7 +922,7 @@ echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" exit ;; arm*:Linux:*:*) - set_cc_for_build + eval "$set_cc_for_build" if echo __ARM_EABI__ | $CC_FOR_BUILD -E - 2>/dev/null \ | grep -q __ARM_EABI__ then @@ -980,7 +971,7 @@ echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" exit ;; mips:Linux:*:* | mips64:Linux:*:*) - set_cc_for_build + eval "$set_cc_for_build" sed 's/^ //' << EOF > "$dummy.c" #undef CPU #undef ${UNAME_MACHINE} @@ -1055,7 +1046,11 @@ echo "$UNAME_MACHINE"-dec-linux-"$LIBC" exit ;; x86_64:Linux:*:*) - echo "$UNAME_MACHINE"-pc-linux-"$LIBC" + if objdump -f /bin/sh | grep -q elf32-x86-64; then + echo "$UNAME_MACHINE"-pc-linux-"$LIBC"x32 + else + echo "$UNAME_MACHINE"-pc-linux-"$LIBC" + fi exit ;; xtensa*:Linux:*:*) echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" @@ -1294,7 +1289,7 @@ exit ;; *:Darwin:*:*) UNAME_PROCESSOR=`uname -p` || UNAME_PROCESSOR=unknown - set_cc_for_build + eval "$set_cc_for_build" if test "$UNAME_PROCESSOR" = unknown ; then UNAME_PROCESSOR=powerpc fi @@ -1367,7 +1362,6 @@ # "uname -m" is not consistent, so use $cputype instead. 386 # is converted to i386 for consistency with other x86 # operating systems. - # shellcheck disable=SC2154 if test "$cputype" = 386; then UNAME_MACHINE=i386 else @@ -1479,7 +1473,7 @@ exit 1 # Local variables: -# eval: (add-hook 'before-save-hook 'time-stamp) +# eval: (add-hook 'write-file-functions 'time-stamp) # time-stamp-start: "timestamp='" # time-stamp-format: "%:y-%02m-%02d" # time-stamp-end: "'" diff -Nru tor-0.4.5.10/config.sub tor-0.4.5.16/config.sub --- tor-0.4.5.10/config.sub 2020-11-21 20:17:10.000000000 +0000 +++ tor-0.4.5.16/config.sub 2023-01-12 16:16:03.000000000 +0000 @@ -2,7 +2,7 @@ # Configuration validation subroutine script. # Copyright 1992-2018 Free Software Foundation, Inc. -timestamp='2018-08-29' +timestamp='2018-02-22' # This file is free software; you can redistribute it and/or modify it # under the terms of the GNU General Public License as published by @@ -110,1159 +110,1223 @@ exit 1;; esac -# Split fields of configuration type -IFS="-" read -r field1 field2 field3 field4 <&2 - exit 1 +# Separate what the user gave into CPU-COMPANY and OS or KERNEL-OS (if any). +# Here we must recognize all the valid KERNEL-OS combinations. +maybe_os=`echo "$1" | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\2/'` +case $maybe_os in + nto-qnx* | linux-gnu* | linux-android* | linux-dietlibc | linux-newlib* | \ + linux-musl* | linux-uclibc* | uclinux-uclibc* | uclinux-gnu* | kfreebsd*-gnu* | \ + knetbsd*-gnu* | netbsd*-gnu* | netbsd*-eabi* | \ + kopensolaris*-gnu* | cloudabi*-eabi* | \ + storm-chaos* | os2-emx* | rtmk-nova*) + os=-$maybe_os + basic_machine=`echo "$1" | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\1/'` + ;; + android-linux) + os=-linux-android + basic_machine=`echo "$1" | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\1/'`-unknown + ;; + *) + basic_machine=`echo "$1" | sed 's/-[^-]*$//'` + if [ "$basic_machine" != "$1" ] + then os=`echo "$1" | sed 's/.*-/-/'` + else os=; fi + ;; +esac + +### Let's recognize common machines as not being operating systems so +### that things like config.sub decstation-3100 work. We also +### recognize some manufacturers as not being operating systems, so we +### can provide default operating systems below. +case $os in + -sun*os*) + # Prevent following clause from handling this invalid input. ;; - *-*-*-*) - basic_machine=$field1-$field2 - os=$field3-$field4 + -dec* | -mips* | -sequent* | -encore* | -pc532* | -sgi* | -sony* | \ + -att* | -7300* | -3300* | -delta* | -motorola* | -sun[234]* | \ + -unicom* | -ibm* | -next | -hp | -isi* | -apollo | -altos* | \ + -convergent* | -ncr* | -news | -32* | -3600* | -3100* | -hitachi* |\ + -c[123]* | -convex* | -sun | -crds | -omron* | -dg | -ultra | -tti* | \ + -harris | -dolphin | -highlevel | -gould | -cbm | -ns | -masscomp | \ + -apple | -axis | -knuth | -cray | -microblaze*) + os= + basic_machine=$1 + ;; + -bluegene*) + os=-cnk + ;; + -sim | -cisco | -oki | -wec | -winbond) + os= + basic_machine=$1 + ;; + -scout) + ;; + -wrs) + os=-vxworks + basic_machine=$1 + ;; + -chorusos*) + os=-chorusos + basic_machine=$1 + ;; + -chorusrdb) + os=-chorusrdb + basic_machine=$1 + ;; + -hiux*) + os=-hiuxwe2 + ;; + -sco6) + os=-sco5v6 + basic_machine=`echo "$1" | sed -e 's/86-.*/86-pc/'` + ;; + -sco5) + os=-sco3.2v5 + basic_machine=`echo "$1" | sed -e 's/86-.*/86-pc/'` + ;; + -sco4) + os=-sco3.2v4 + basic_machine=`echo "$1" | sed -e 's/86-.*/86-pc/'` ;; - *-*-*) - # Ambiguous whether COMPANY is present, or skipped and KERNEL-OS is two - # parts - maybe_os=$field2-$field3 - case $maybe_os in - nto-qnx* | linux-gnu* | linux-android* | linux-dietlibc \ - | linux-newlib* | linux-musl* | linux-uclibc* | uclinux-uclibc* \ - | uclinux-gnu* | kfreebsd*-gnu* | knetbsd*-gnu* | netbsd*-gnu* \ - | netbsd*-eabi* | kopensolaris*-gnu* | cloudabi*-eabi* \ - | storm-chaos* | os2-emx* | rtmk-nova*) - basic_machine=$field1 - os=$maybe_os - ;; - android-linux) - basic_machine=$field1-unknown - os=linux-android - ;; - *) - basic_machine=$field1-$field2 - os=$field3 - ;; - esac + -sco3.2.[4-9]*) + os=`echo $os | sed -e 's/sco3.2./sco3.2v/'` + basic_machine=`echo "$1" | sed -e 's/86-.*/86-pc/'` ;; - *-*) - # A lone config we happen to match not fitting any patern - case $field1-$field2 in - decstation-3100) - basic_machine=mips-dec - os= - ;; - *-*) - # Second component is usually, but not always the OS - case $field2 in - # Prevent following clause from handling this valid os - sun*os*) - basic_machine=$field1 - os=$field2 - ;; - # Manufacturers - dec* | mips* | sequent* | encore* | pc533* | sgi* | sony* \ - | att* | 7300* | 3300* | delta* | motorola* | sun[234]* \ - | unicom* | ibm* | next | hp | isi* | apollo | altos* \ - | convergent* | ncr* | news | 32* | 3600* | 3100* \ - | hitachi* | c[123]* | convex* | sun | crds | omron* | dg \ - | ultra | tti* | harris | dolphin | highlevel | gould \ - | cbm | ns | masscomp | apple | axis | knuth | cray \ - | microblaze* | sim | cisco \ - | oki | wec | wrs | winbond) - basic_machine=$field1-$field2 - os= - ;; - *) - basic_machine=$field1 - os=$field2 - ;; - esac - ;; - esac + -sco3.2v[4-9]*) + # Don't forget version if it is 3.2v4 or newer. + basic_machine=`echo "$1" | sed -e 's/86-.*/86-pc/'` ;; - *) - # Convert single-component short-hands not valid as part of - # multi-component configurations. - case $field1 in - 386bsd) - basic_machine=i386-pc - os=bsd - ;; - a29khif) - basic_machine=a29k-amd - os=udi - ;; - adobe68k) - basic_machine=m68010-adobe - os=scout - ;; - alliant) - basic_machine=fx80-alliant - os= - ;; - altos | altos3068) - basic_machine=m68k-altos - os= - ;; - am29k) - basic_machine=a29k-none - os=bsd - ;; - amdahl) - basic_machine=580-amdahl - os=sysv - ;; - amiga) - basic_machine=m68k-unknown - os= - ;; - amigaos | amigados) - basic_machine=m68k-unknown - os=amigaos - ;; - amigaunix | amix) - basic_machine=m68k-unknown - os=sysv4 - ;; - apollo68) - basic_machine=m68k-apollo - os=sysv - ;; - apollo68bsd) - basic_machine=m68k-apollo - os=bsd - ;; - aros) - basic_machine=i386-pc - os=aros - ;; - aux) - basic_machine=m68k-apple - os=aux - ;; - balance) - basic_machine=ns32k-sequent - os=dynix - ;; - blackfin) - basic_machine=bfin-unknown - os=linux - ;; - cegcc) - basic_machine=arm-unknown - os=cegcc - ;; - convex-c1) - basic_machine=c1-convex - os=bsd - ;; - convex-c2) - basic_machine=c2-convex - os=bsd - ;; - convex-c32) - basic_machine=c32-convex - os=bsd - ;; - convex-c34) - basic_machine=c34-convex - os=bsd - ;; - convex-c38) - basic_machine=c38-convex - os=bsd - ;; - cray) - basic_machine=j90-cray - os=unicos - ;; - crds | unos) - basic_machine=m68k-crds - os= - ;; - da30) - basic_machine=m68k-da30 - os= - ;; - decstation | pmax | pmin | dec3100 | decstatn) - basic_machine=mips-dec - os= - ;; - delta88) - basic_machine=m88k-motorola - os=sysv3 - ;; - dicos) - basic_machine=i686-pc - os=dicos - ;; - djgpp) - basic_machine=i586-pc - os=msdosdjgpp - ;; - ebmon29k) - basic_machine=a29k-amd - os=ebmon - ;; - es1800 | OSE68k | ose68k | ose | OSE) - basic_machine=m68k-ericsson - os=ose - ;; - gmicro) - basic_machine=tron-gmicro - os=sysv - ;; - go32) - basic_machine=i386-pc - os=go32 - ;; - h8300hms) - basic_machine=h8300-hitachi - os=hms - ;; - h8300xray) - basic_machine=h8300-hitachi - os=xray - ;; - h8500hms) - basic_machine=h8500-hitachi - os=hms - ;; - harris) - basic_machine=m88k-harris - os=sysv3 - ;; - hp300) - basic_machine=m68k-hp - ;; - hp300bsd) - basic_machine=m68k-hp - os=bsd - ;; - hp300hpux) - basic_machine=m68k-hp - os=hpux - ;; - hppaosf) - basic_machine=hppa1.1-hp - os=osf - ;; - hppro) - basic_machine=hppa1.1-hp - os=proelf - ;; - i386mach) - basic_machine=i386-mach - os=mach - ;; - vsta) - basic_machine=i386-pc - os=vsta - ;; - isi68 | isi) - basic_machine=m68k-isi - os=sysv - ;; - m68knommu) - basic_machine=m68k-unknown - os=linux - ;; - magnum | m3230) - basic_machine=mips-mips - os=sysv - ;; - merlin) - basic_machine=ns32k-utek - os=sysv - ;; - mingw64) - basic_machine=x86_64-pc - os=mingw64 - ;; - mingw32) - basic_machine=i686-pc - os=mingw32 - ;; - mingw32ce) - basic_machine=arm-unknown - os=mingw32ce - ;; - monitor) - basic_machine=m68k-rom68k - os=coff - ;; - morphos) - basic_machine=powerpc-unknown - os=morphos - ;; - moxiebox) - basic_machine=moxie-unknown - os=moxiebox - ;; - msdos) - basic_machine=i386-pc - os=msdos - ;; - msys) - basic_machine=i686-pc - os=msys - ;; - mvs) - basic_machine=i370-ibm - os=mvs - ;; - nacl) - basic_machine=le32-unknown - os=nacl - ;; - ncr3000) - basic_machine=i486-ncr - os=sysv4 - ;; - netbsd386) - basic_machine=i386-pc - os=netbsd - ;; - netwinder) - basic_machine=armv4l-rebel - os=linux - ;; - news | news700 | news800 | news900) - basic_machine=m68k-sony - os=newsos - ;; - news1000) - basic_machine=m68030-sony - os=newsos - ;; - necv70) - basic_machine=v70-nec - os=sysv - ;; - nh3000) - basic_machine=m68k-harris - os=cxux - ;; - nh[45]000) - basic_machine=m88k-harris - os=cxux - ;; - nindy960) - basic_machine=i960-intel - os=nindy - ;; - mon960) - basic_machine=i960-intel - os=mon960 - ;; - nonstopux) - basic_machine=mips-compaq - os=nonstopux - ;; - os400) - basic_machine=powerpc-ibm - os=os400 - ;; - OSE68000 | ose68000) - basic_machine=m68000-ericsson - os=ose - ;; - os68k) - basic_machine=m68k-none - os=os68k - ;; - paragon) - basic_machine=i860-intel - os=osf - ;; - parisc) - basic_machine=hppa-unknown - os=linux - ;; - pw32) - basic_machine=i586-unknown - os=pw32 - ;; - rdos | rdos64) - basic_machine=x86_64-pc - os=rdos - ;; - rdos32) - basic_machine=i386-pc - os=rdos - ;; - rom68k) - basic_machine=m68k-rom68k - os=coff - ;; - sa29200) - basic_machine=a29k-amd - os=udi - ;; - sei) - basic_machine=mips-sei - os=seiux - ;; - sequent) - basic_machine=i386-sequent - os= - ;; - sps7) - basic_machine=m68k-bull - os=sysv2 - ;; - st2000) - basic_machine=m68k-tandem - os= - ;; - stratus) - basic_machine=i860-stratus - os=sysv4 - ;; - sun2) - basic_machine=m68000-sun - os= - ;; - sun2os3) - basic_machine=m68000-sun - os=sunos3 - ;; - sun2os4) - basic_machine=m68000-sun - os=sunos4 - ;; - sun3) - basic_machine=m68k-sun - os= - ;; - sun3os3) - basic_machine=m68k-sun - os=sunos3 - ;; - sun3os4) - basic_machine=m68k-sun - os=sunos4 - ;; - sun4) - basic_machine=sparc-sun - os= - ;; - sun4os3) - basic_machine=sparc-sun - os=sunos3 - ;; - sun4os4) - basic_machine=sparc-sun - os=sunos4 - ;; - sun4sol2) - basic_machine=sparc-sun - os=solaris2 - ;; - sun386 | sun386i | roadrunner) - basic_machine=i386-sun - os= - ;; - sv1) - basic_machine=sv1-cray - os=unicos - ;; - symmetry) - basic_machine=i386-sequent - os=dynix - ;; - t3e) - basic_machine=alphaev5-cray - os=unicos - ;; - t90) - basic_machine=t90-cray - os=unicos - ;; - toad1) - basic_machine=pdp10-xkl - os=tops20 - ;; - tpf) - basic_machine=s390x-ibm - os=tpf - ;; - udi29k) - basic_machine=a29k-amd - os=udi - ;; - ultra3) - basic_machine=a29k-nyu - os=sym1 - ;; - v810 | necv810) - basic_machine=v810-nec - os=none - ;; - vaxv) - basic_machine=vax-dec - os=sysv - ;; - vms) - basic_machine=vax-dec - os=vms - ;; - vxworks960) - basic_machine=i960-wrs - os=vxworks - ;; - vxworks68) - basic_machine=m68k-wrs - os=vxworks - ;; - vxworks29k) - basic_machine=a29k-wrs - os=vxworks - ;; - xbox) - basic_machine=i686-pc - os=mingw32 - ;; - ymp) - basic_machine=ymp-cray - os=unicos - ;; - *) - basic_machine=$1 - os= - ;; - esac + -sco5v6*) + # Don't forget version if it is 3.2v4 or newer. + basic_machine=`echo "$1" | sed -e 's/86-.*/86-pc/'` + ;; + -sco*) + os=-sco3.2v2 + basic_machine=`echo "$1" | sed -e 's/86-.*/86-pc/'` + ;; + -udk*) + basic_machine=`echo "$1" | sed -e 's/86-.*/86-pc/'` + ;; + -isc) + os=-isc2.2 + basic_machine=`echo "$1" | sed -e 's/86-.*/86-pc/'` + ;; + -clix*) + basic_machine=clipper-intergraph + ;; + -isc*) + basic_machine=`echo "$1" | sed -e 's/86-.*/86-pc/'` + ;; + -lynx*178) + os=-lynxos178 + ;; + -lynx*5) + os=-lynxos5 + ;; + -lynx*) + os=-lynxos + ;; + -ptx*) + basic_machine=`echo "$1" | sed -e 's/86-.*/86-sequent/'` + ;; + -psos*) + os=-psos + ;; + -mint | -mint[0-9]*) + basic_machine=m68k-atari + os=-mint ;; esac -# Decode 1-component or ad-hoc basic machines +# Decode aliases for certain CPU-COMPANY combinations. case $basic_machine in - # Here we handle the default manufacturer of certain CPU types. It is in - # some cases the only manufacturer, in others, it is the most popular. - w89k) - cpu=hppa1.1 - vendor=winbond + # Recognize the basic CPU types without company name. + # Some are omitted here because they have special meanings below. + 1750a | 580 \ + | a29k \ + | aarch64 | aarch64_be \ + | alpha | alphaev[4-8] | alphaev56 | alphaev6[78] | alphapca5[67] \ + | alpha64 | alpha64ev[4-8] | alpha64ev56 | alpha64ev6[78] | alpha64pca5[67] \ + | am33_2.0 \ + | arc | arceb \ + | arm | arm[bl]e | arme[lb] | armv[2-8] | armv[3-8][lb] | armv7[arm] \ + | avr | avr32 \ + | ba \ + | be32 | be64 \ + | bfin \ + | c4x | c8051 | clipper \ + | d10v | d30v | dlx | dsp16xx \ + | e2k | epiphany \ + | fido | fr30 | frv | ft32 \ + | h8300 | h8500 | hppa | hppa1.[01] | hppa2.0 | hppa2.0[nw] | hppa64 \ + | hexagon \ + | i370 | i860 | i960 | ia16 | ia64 \ + | ip2k | iq2000 \ + | k1om \ + | le32 | le64 \ + | lm32 \ + | m32c | m32r | m32rle | m68000 | m68k | m88k \ + | maxq | mb | microblaze | microblazeel | mcore | mep | metag \ + | mips | mipsbe | mipseb | mipsel | mipsle \ + | mips16 \ + | mips64 | mips64el \ + | mips64octeon | mips64octeonel \ + | mips64orion | mips64orionel \ + | mips64r5900 | mips64r5900el \ + | mips64vr | mips64vrel \ + | mips64vr4100 | mips64vr4100el \ + | mips64vr4300 | mips64vr4300el \ + | mips64vr5000 | mips64vr5000el \ + | mips64vr5900 | mips64vr5900el \ + | mipsisa32 | mipsisa32el \ + | mipsisa32r2 | mipsisa32r2el \ + | mipsisa32r6 | mipsisa32r6el \ + | mipsisa64 | mipsisa64el \ + | mipsisa64r2 | mipsisa64r2el \ + | mipsisa64r6 | mipsisa64r6el \ + | mipsisa64sb1 | mipsisa64sb1el \ + | mipsisa64sr71k | mipsisa64sr71kel \ + | mipsr5900 | mipsr5900el \ + | mipstx39 | mipstx39el \ + | mn10200 | mn10300 \ + | moxie \ + | mt \ + | msp430 \ + | nds32 | nds32le | nds32be \ + | nios | nios2 | nios2eb | nios2el \ + | ns16k | ns32k \ + | open8 | or1k | or1knd | or32 \ + | pdp10 | pj | pjl \ + | powerpc | powerpc64 | powerpc64le | powerpcle \ + | pru \ + | pyramid \ + | riscv32 | riscv64 \ + | rl78 | rx \ + | score \ + | sh | sh[1234] | sh[24]a | sh[24]aeb | sh[23]e | sh[234]eb | sheb | shbe | shle | sh[1234]le | sh3ele \ + | sh64 | sh64le \ + | sparc | sparc64 | sparc64b | sparc64v | sparc86x | sparclet | sparclite \ + | sparcv8 | sparcv9 | sparcv9b | sparcv9v \ + | spu \ + | tahoe | tic4x | tic54x | tic55x | tic6x | tic80 | tron \ + | ubicom32 \ + | v850 | v850e | v850e1 | v850e2 | v850es | v850e2v3 \ + | visium \ + | wasm32 \ + | x86 | xc16x | xstormy16 | xtensa \ + | z8k | z80) + basic_machine=$basic_machine-unknown ;; - op50n) - cpu=hppa1.1 - vendor=oki + c54x) + basic_machine=tic54x-unknown ;; - op60c) - cpu=hppa1.1 - vendor=oki + c55x) + basic_machine=tic55x-unknown ;; - ibm*) - cpu=i370 - vendor=ibm + c6x) + basic_machine=tic6x-unknown ;; - orion105) - cpu=clipper - vendor=highlevel + leon|leon[3-9]) + basic_machine=sparc-$basic_machine ;; - mac | mpw | mac-mpw) - cpu=m68k - vendor=apple + m6811 | m68hc11 | m6812 | m68hc12 | m68hcs12x | nvptx | picochip) + basic_machine=$basic_machine-unknown + os=-none ;; - pmac | pmac-mpw) - cpu=powerpc - vendor=apple + m88110 | m680[12346]0 | m683?2 | m68360 | m5200 | v70 | w65) + ;; + ms1) + basic_machine=mt-unknown + ;; + + strongarm | thumb | xscale) + basic_machine=arm-unknown + ;; + xgate) + basic_machine=$basic_machine-unknown + os=-none + ;; + xscaleeb) + basic_machine=armeb-unknown + ;; + + xscaleel) + basic_machine=armel-unknown ;; + # We use `pc' rather than `unknown' + # because (1) that's what they normally are, and + # (2) the word "unknown" tends to confuse beginning users. + i*86 | x86_64) + basic_machine=$basic_machine-pc + ;; + # Object if more than one company name word. + *-*-*) + echo Invalid configuration \`"$1"\': machine \`"$basic_machine"\' not recognized 1>&2 + exit 1 + ;; + # Recognize the basic CPU types with company name. + 580-* \ + | a29k-* \ + | aarch64-* | aarch64_be-* \ + | alpha-* | alphaev[4-8]-* | alphaev56-* | alphaev6[78]-* \ + | alpha64-* | alpha64ev[4-8]-* | alpha64ev56-* | alpha64ev6[78]-* \ + | alphapca5[67]-* | alpha64pca5[67]-* | arc-* | arceb-* \ + | arm-* | armbe-* | armle-* | armeb-* | armv*-* \ + | avr-* | avr32-* \ + | ba-* \ + | be32-* | be64-* \ + | bfin-* | bs2000-* \ + | c[123]* | c30-* | [cjt]90-* | c4x-* \ + | c8051-* | clipper-* | craynv-* | cydra-* \ + | d10v-* | d30v-* | dlx-* \ + | e2k-* | elxsi-* \ + | f30[01]-* | f700-* | fido-* | fr30-* | frv-* | fx80-* \ + | h8300-* | h8500-* \ + | hppa-* | hppa1.[01]-* | hppa2.0-* | hppa2.0[nw]-* | hppa64-* \ + | hexagon-* \ + | i*86-* | i860-* | i960-* | ia16-* | ia64-* \ + | ip2k-* | iq2000-* \ + | k1om-* \ + | le32-* | le64-* \ + | lm32-* \ + | m32c-* | m32r-* | m32rle-* \ + | m68000-* | m680[012346]0-* | m68360-* | m683?2-* | m68k-* \ + | m88110-* | m88k-* | maxq-* | mcore-* | metag-* \ + | microblaze-* | microblazeel-* \ + | mips-* | mipsbe-* | mipseb-* | mipsel-* | mipsle-* \ + | mips16-* \ + | mips64-* | mips64el-* \ + | mips64octeon-* | mips64octeonel-* \ + | mips64orion-* | mips64orionel-* \ + | mips64r5900-* | mips64r5900el-* \ + | mips64vr-* | mips64vrel-* \ + | mips64vr4100-* | mips64vr4100el-* \ + | mips64vr4300-* | mips64vr4300el-* \ + | mips64vr5000-* | mips64vr5000el-* \ + | mips64vr5900-* | mips64vr5900el-* \ + | mipsisa32-* | mipsisa32el-* \ + | mipsisa32r2-* | mipsisa32r2el-* \ + | mipsisa32r6-* | mipsisa32r6el-* \ + | mipsisa64-* | mipsisa64el-* \ + | mipsisa64r2-* | mipsisa64r2el-* \ + | mipsisa64r6-* | mipsisa64r6el-* \ + | mipsisa64sb1-* | mipsisa64sb1el-* \ + | mipsisa64sr71k-* | mipsisa64sr71kel-* \ + | mipsr5900-* | mipsr5900el-* \ + | mipstx39-* | mipstx39el-* \ + | mmix-* \ + | mt-* \ + | msp430-* \ + | nds32-* | nds32le-* | nds32be-* \ + | nios-* | nios2-* | nios2eb-* | nios2el-* \ + | none-* | np1-* | ns16k-* | ns32k-* \ + | open8-* \ + | or1k*-* \ + | orion-* \ + | pdp10-* | pdp11-* | pj-* | pjl-* | pn-* | power-* \ + | powerpc-* | powerpc64-* | powerpc64le-* | powerpcle-* \ + | pru-* \ + | pyramid-* \ + | riscv32-* | riscv64-* \ + | rl78-* | romp-* | rs6000-* | rx-* \ + | sh-* | sh[1234]-* | sh[24]a-* | sh[24]aeb-* | sh[23]e-* | sh[34]eb-* | sheb-* | shbe-* \ + | shle-* | sh[1234]le-* | sh3ele-* | sh64-* | sh64le-* \ + | sparc-* | sparc64-* | sparc64b-* | sparc64v-* | sparc86x-* | sparclet-* \ + | sparclite-* \ + | sparcv8-* | sparcv9-* | sparcv9b-* | sparcv9v-* | sv1-* | sx*-* \ + | tahoe-* \ + | tic30-* | tic4x-* | tic54x-* | tic55x-* | tic6x-* | tic80-* \ + | tile*-* \ + | tron-* \ + | ubicom32-* \ + | v850-* | v850e-* | v850e1-* | v850es-* | v850e2-* | v850e2v3-* \ + | vax-* \ + | visium-* \ + | wasm32-* \ + | we32k-* \ + | x86-* | x86_64-* | xc16x-* | xps100-* \ + | xstormy16-* | xtensa*-* \ + | ymp-* \ + | z8k-* | z80-*) + ;; + # Recognize the basic CPU types without company name, with glob match. + xtensa*) + basic_machine=$basic_machine-unknown + ;; # Recognize the various machine names and aliases which stand # for a CPU type and a company and sometimes even an OS. + 386bsd) + basic_machine=i386-pc + os=-bsd + ;; 3b1 | 7300 | 7300-att | att-7300 | pc7300 | safari | unixpc) - cpu=m68000 - vendor=att + basic_machine=m68000-att ;; 3b*) - cpu=we32k - vendor=att + basic_machine=we32k-att + ;; + a29khif) + basic_machine=a29k-amd + os=-udi + ;; + abacus) + basic_machine=abacus-unknown + ;; + adobe68k) + basic_machine=m68010-adobe + os=-scout + ;; + alliant | fx80) + basic_machine=fx80-alliant + ;; + altos | altos3068) + basic_machine=m68k-altos + ;; + am29k) + basic_machine=a29k-none + os=-bsd + ;; + amd64) + basic_machine=x86_64-pc + ;; + amd64-*) + basic_machine=x86_64-`echo "$basic_machine" | sed 's/^[^-]*-//'` + ;; + amdahl) + basic_machine=580-amdahl + os=-sysv + ;; + amiga | amiga-*) + basic_machine=m68k-unknown + ;; + amigaos | amigados) + basic_machine=m68k-unknown + os=-amigaos + ;; + amigaunix | amix) + basic_machine=m68k-unknown + os=-sysv4 + ;; + apollo68) + basic_machine=m68k-apollo + os=-sysv + ;; + apollo68bsd) + basic_machine=m68k-apollo + os=-bsd + ;; + aros) + basic_machine=i386-pc + os=-aros + ;; + asmjs) + basic_machine=asmjs-unknown + ;; + aux) + basic_machine=m68k-apple + os=-aux + ;; + balance) + basic_machine=ns32k-sequent + os=-dynix + ;; + blackfin) + basic_machine=bfin-unknown + os=-linux + ;; + blackfin-*) + basic_machine=bfin-`echo "$basic_machine" | sed 's/^[^-]*-//'` + os=-linux ;; bluegene*) - cpu=powerpc - vendor=ibm - os=cnk + basic_machine=powerpc-ibm + os=-cnk + ;; + c54x-*) + basic_machine=tic54x-`echo "$basic_machine" | sed 's/^[^-]*-//'` + ;; + c55x-*) + basic_machine=tic55x-`echo "$basic_machine" | sed 's/^[^-]*-//'` + ;; + c6x-*) + basic_machine=tic6x-`echo "$basic_machine" | sed 's/^[^-]*-//'` + ;; + c90) + basic_machine=c90-cray + os=-unicos + ;; + cegcc) + basic_machine=arm-unknown + os=-cegcc + ;; + convex-c1) + basic_machine=c1-convex + os=-bsd + ;; + convex-c2) + basic_machine=c2-convex + os=-bsd + ;; + convex-c32) + basic_machine=c32-convex + os=-bsd + ;; + convex-c34) + basic_machine=c34-convex + os=-bsd + ;; + convex-c38) + basic_machine=c38-convex + os=-bsd + ;; + cray | j90) + basic_machine=j90-cray + os=-unicos + ;; + craynv) + basic_machine=craynv-cray + os=-unicosmp + ;; + cr16 | cr16-*) + basic_machine=cr16-unknown + os=-elf + ;; + crds | unos) + basic_machine=m68k-crds + ;; + crisv32 | crisv32-* | etraxfs*) + basic_machine=crisv32-axis + ;; + cris | cris-* | etrax*) + basic_machine=cris-axis + ;; + crx) + basic_machine=crx-unknown + os=-elf + ;; + da30 | da30-*) + basic_machine=m68k-da30 + ;; + decstation | decstation-3100 | pmax | pmax-* | pmin | dec3100 | decstatn) + basic_machine=mips-dec ;; decsystem10* | dec10*) - cpu=pdp10 - vendor=dec - os=tops10 + basic_machine=pdp10-dec + os=-tops10 ;; decsystem20* | dec20*) - cpu=pdp10 - vendor=dec - os=tops20 + basic_machine=pdp10-dec + os=-tops20 ;; delta | 3300 | motorola-3300 | motorola-delta \ | 3300-motorola | delta-motorola) - cpu=m68k - vendor=motorola + basic_machine=m68k-motorola + ;; + delta88) + basic_machine=m88k-motorola + os=-sysv3 + ;; + dicos) + basic_machine=i686-pc + os=-dicos + ;; + djgpp) + basic_machine=i586-pc + os=-msdosdjgpp + ;; + dpx20 | dpx20-*) + basic_machine=rs6000-bull + os=-bosx ;; dpx2*) - cpu=m68k - vendor=bull - os=sysv3 + basic_machine=m68k-bull + os=-sysv3 ;; - encore | umax | mmax) - cpu=ns32k - vendor=encore + e500v[12]) + basic_machine=powerpc-unknown + os=$os"spe" + ;; + e500v[12]-*) + basic_machine=powerpc-`echo "$basic_machine" | sed 's/^[^-]*-//'` + os=$os"spe" + ;; + ebmon29k) + basic_machine=a29k-amd + os=-ebmon ;; elxsi) - cpu=elxsi - vendor=elxsi - os=${os:-bsd} + basic_machine=elxsi-elxsi + os=-bsd + ;; + encore | umax | mmax) + basic_machine=ns32k-encore + ;; + es1800 | OSE68k | ose68k | ose | OSE) + basic_machine=m68k-ericsson + os=-ose ;; fx2800) - cpu=i860 - vendor=alliant + basic_machine=i860-alliant ;; genix) - cpu=ns32k - vendor=ns + basic_machine=ns32k-ns + ;; + gmicro) + basic_machine=tron-gmicro + os=-sysv + ;; + go32) + basic_machine=i386-pc + os=-go32 ;; h3050r* | hiux*) - cpu=hppa1.1 - vendor=hitachi - os=hiuxwe2 + basic_machine=hppa1.1-hitachi + os=-hiuxwe2 + ;; + h8300hms) + basic_machine=h8300-hitachi + os=-hms + ;; + h8300xray) + basic_machine=h8300-hitachi + os=-xray + ;; + h8500hms) + basic_machine=h8500-hitachi + os=-hms + ;; + harris) + basic_machine=m88k-harris + os=-sysv3 + ;; + hp300-*) + basic_machine=m68k-hp + ;; + hp300bsd) + basic_machine=m68k-hp + os=-bsd + ;; + hp300hpux) + basic_machine=m68k-hp + os=-hpux ;; hp3k9[0-9][0-9] | hp9[0-9][0-9]) - cpu=hppa1.0 - vendor=hp + basic_machine=hppa1.0-hp ;; hp9k2[0-9][0-9] | hp9k31[0-9]) - cpu=m68000 - vendor=hp + basic_machine=m68000-hp ;; hp9k3[2-9][0-9]) - cpu=m68k - vendor=hp + basic_machine=m68k-hp ;; hp9k6[0-9][0-9] | hp6[0-9][0-9]) - cpu=hppa1.0 - vendor=hp + basic_machine=hppa1.0-hp ;; hp9k7[0-79][0-9] | hp7[0-79][0-9]) - cpu=hppa1.1 - vendor=hp + basic_machine=hppa1.1-hp ;; hp9k78[0-9] | hp78[0-9]) # FIXME: really hppa2.0-hp - cpu=hppa1.1 - vendor=hp + basic_machine=hppa1.1-hp ;; hp9k8[67]1 | hp8[67]1 | hp9k80[24] | hp80[24] | hp9k8[78]9 | hp8[78]9 | hp9k893 | hp893) # FIXME: really hppa2.0-hp - cpu=hppa1.1 - vendor=hp + basic_machine=hppa1.1-hp ;; hp9k8[0-9][13679] | hp8[0-9][13679]) - cpu=hppa1.1 - vendor=hp + basic_machine=hppa1.1-hp ;; hp9k8[0-9][0-9] | hp8[0-9][0-9]) - cpu=hppa1.0 - vendor=hp + basic_machine=hppa1.0-hp + ;; + hppaosf) + basic_machine=hppa1.1-hp + os=-osf + ;; + hppro) + basic_machine=hppa1.1-hp + os=-proelf + ;; + i370-ibm* | ibm*) + basic_machine=i370-ibm ;; i*86v32) - cpu=`echo "$1" | sed -e 's/86.*/86/'` - vendor=pc - os=sysv32 + basic_machine=`echo "$1" | sed -e 's/86.*/86-pc/'` + os=-sysv32 ;; i*86v4*) - cpu=`echo "$1" | sed -e 's/86.*/86/'` - vendor=pc - os=sysv4 + basic_machine=`echo "$1" | sed -e 's/86.*/86-pc/'` + os=-sysv4 ;; i*86v) - cpu=`echo "$1" | sed -e 's/86.*/86/'` - vendor=pc - os=sysv + basic_machine=`echo "$1" | sed -e 's/86.*/86-pc/'` + os=-sysv ;; i*86sol2) - cpu=`echo "$1" | sed -e 's/86.*/86/'` - vendor=pc - os=solaris2 - ;; - j90 | j90-cray) - cpu=j90 - vendor=cray - os=${os:-unicos} + basic_machine=`echo "$1" | sed -e 's/86.*/86-pc/'` + os=-solaris2 + ;; + i386mach) + basic_machine=i386-mach + os=-mach + ;; + vsta) + basic_machine=i386-unknown + os=-vsta ;; iris | iris4d) - cpu=mips - vendor=sgi + basic_machine=mips-sgi case $os in - irix*) + -irix*) ;; *) - os=irix4 + os=-irix4 ;; esac ;; + isi68 | isi) + basic_machine=m68k-isi + os=-sysv + ;; + leon-*|leon[3-9]-*) + basic_machine=sparc-`echo "$basic_machine" | sed 's/-.*//'` + ;; + m68knommu) + basic_machine=m68k-unknown + os=-linux + ;; + m68knommu-*) + basic_machine=m68k-`echo "$basic_machine" | sed 's/^[^-]*-//'` + os=-linux + ;; + magnum | m3230) + basic_machine=mips-mips + os=-sysv + ;; + merlin) + basic_machine=ns32k-utek + os=-sysv + ;; + microblaze*) + basic_machine=microblaze-xilinx + ;; + mingw64) + basic_machine=x86_64-pc + os=-mingw64 + ;; + mingw32) + basic_machine=i686-pc + os=-mingw32 + ;; + mingw32ce) + basic_machine=arm-unknown + os=-mingw32ce + ;; miniframe) - cpu=m68000 - vendor=convergent + basic_machine=m68000-convergent + ;; + *mint | -mint[0-9]* | *MiNT | *MiNT[0-9]*) + basic_machine=m68k-atari + os=-mint + ;; + mips3*-*) + basic_machine=`echo "$basic_machine" | sed -e 's/mips3/mips64/'` + ;; + mips3*) + basic_machine=`echo "$basic_machine" | sed -e 's/mips3/mips64/'`-unknown + ;; + monitor) + basic_machine=m68k-rom68k + os=-coff + ;; + morphos) + basic_machine=powerpc-unknown + os=-morphos + ;; + moxiebox) + basic_machine=moxie-unknown + os=-moxiebox + ;; + msdos) + basic_machine=i386-pc + os=-msdos ;; - *mint | mint[0-9]* | *MiNT | *MiNT[0-9]*) - cpu=m68k - vendor=atari - os=mint + ms1-*) + basic_machine=`echo "$basic_machine" | sed -e 's/ms1-/mt-/'` + ;; + msys) + basic_machine=i686-pc + os=-msys + ;; + mvs) + basic_machine=i370-ibm + os=-mvs + ;; + nacl) + basic_machine=le32-unknown + os=-nacl + ;; + ncr3000) + basic_machine=i486-ncr + os=-sysv4 + ;; + netbsd386) + basic_machine=i386-unknown + os=-netbsd + ;; + netwinder) + basic_machine=armv4l-rebel + os=-linux + ;; + news | news700 | news800 | news900) + basic_machine=m68k-sony + os=-newsos + ;; + news1000) + basic_machine=m68030-sony + os=-newsos ;; news-3600 | risc-news) - cpu=mips - vendor=sony - os=newsos + basic_machine=mips-sony + os=-newsos + ;; + necv70) + basic_machine=v70-nec + os=-sysv ;; next | m*-next) - cpu=m68k - vendor=next + basic_machine=m68k-next case $os in - nextstep* ) + -nextstep* ) ;; - ns2*) - os=nextstep2 + -ns2*) + os=-nextstep2 ;; *) - os=nextstep3 + os=-nextstep3 ;; esac ;; + nh3000) + basic_machine=m68k-harris + os=-cxux + ;; + nh[45]000) + basic_machine=m88k-harris + os=-cxux + ;; + nindy960) + basic_machine=i960-intel + os=-nindy + ;; + mon960) + basic_machine=i960-intel + os=-mon960 + ;; + nonstopux) + basic_machine=mips-compaq + os=-nonstopux + ;; np1) - cpu=np1 - vendor=gould + basic_machine=np1-gould + ;; + neo-tandem) + basic_machine=neo-tandem + ;; + nse-tandem) + basic_machine=nse-tandem + ;; + nsr-tandem) + basic_machine=nsr-tandem + ;; + nsv-tandem) + basic_machine=nsv-tandem + ;; + nsx-tandem) + basic_machine=nsx-tandem ;; op50n-* | op60c-*) - cpu=hppa1.1 - vendor=oki - os=proelf + basic_machine=hppa1.1-oki + os=-proelf + ;; + openrisc | openrisc-*) + basic_machine=or32-unknown + ;; + os400) + basic_machine=powerpc-ibm + os=-os400 + ;; + OSE68000 | ose68000) + basic_machine=m68000-ericsson + os=-ose + ;; + os68k) + basic_machine=m68k-none + os=-os68k ;; pa-hitachi) - cpu=hppa1.1 - vendor=hitachi - os=hiuxwe2 + basic_machine=hppa1.1-hitachi + os=-hiuxwe2 + ;; + paragon) + basic_machine=i860-intel + os=-osf + ;; + parisc) + basic_machine=hppa-unknown + os=-linux + ;; + parisc-*) + basic_machine=hppa-`echo "$basic_machine" | sed 's/^[^-]*-//'` + os=-linux ;; pbd) - cpu=sparc - vendor=tti + basic_machine=sparc-tti ;; pbb) - cpu=m68k - vendor=tti + basic_machine=m68k-tti ;; - pc532) - cpu=ns32k - vendor=pc532 + pc532 | pc532-*) + basic_machine=ns32k-pc532 ;; - pn) - cpu=pn - vendor=gould + pc98) + basic_machine=i386-pc ;; - power) - cpu=power - vendor=ibm + pc98-*) + basic_machine=i386-`echo "$basic_machine" | sed 's/^[^-]*-//'` ;; - ps2) - cpu=i386 - vendor=ibm + pentium | p5 | k5 | k6 | nexgen | viac3) + basic_machine=i586-pc ;; - rm[46]00) - cpu=mips - vendor=siemens + pentiumpro | p6 | 6x86 | athlon | athlon_*) + basic_machine=i686-pc ;; - rtpc | rtpc-*) - cpu=romp - vendor=ibm + pentiumii | pentium2 | pentiumiii | pentium3) + basic_machine=i686-pc ;; - sde) - cpu=mipsisa32 - vendor=sde - os=${os:-elf} + pentium4) + basic_machine=i786-pc ;; - simso-wrs) - cpu=sparclite - vendor=wrs - os=vxworks + pentium-* | p5-* | k5-* | k6-* | nexgen-* | viac3-*) + basic_machine=i586-`echo "$basic_machine" | sed 's/^[^-]*-//'` ;; - tower | tower-32) - cpu=m68k - vendor=ncr + pentiumpro-* | p6-* | 6x86-* | athlon-*) + basic_machine=i686-`echo "$basic_machine" | sed 's/^[^-]*-//'` ;; - vpp*|vx|vx-*) - cpu=f301 - vendor=fujitsu + pentiumii-* | pentium2-* | pentiumiii-* | pentium3-*) + basic_machine=i686-`echo "$basic_machine" | sed 's/^[^-]*-//'` ;; - w65) - cpu=w65 - vendor=wdc + pentium4-*) + basic_machine=i786-`echo "$basic_machine" | sed 's/^[^-]*-//'` ;; - w89k-*) - cpu=hppa1.1 - vendor=winbond - os=proelf + pn) + basic_machine=pn-gould ;; - none) - cpu=none - vendor=none + power) basic_machine=power-ibm ;; - leon|leon[3-9]) - cpu=sparc - vendor=$basic_machine + ppc | ppcbe) basic_machine=powerpc-unknown ;; - leon-*|leon[3-9]-*) - cpu=sparc - vendor=`echo "$basic_machine" | sed 's/-.*//'` + ppc-* | ppcbe-*) + basic_machine=powerpc-`echo "$basic_machine" | sed 's/^[^-]*-//'` ;; - - *-*) - IFS="-" read -r cpu vendor <&2 - exit 1 - ;; - esac + echo Invalid configuration \`"$1"\': machine \`"$basic_machine"\' not recognized 1>&2 + exit 1 ;; esac # Here we canonicalize certain aliases for manufacturers. -case $vendor in - digital*) - vendor=dec +case $basic_machine in + *-digital*) + basic_machine=`echo "$basic_machine" | sed 's/digital.*/dec/'` ;; - commodore*) - vendor=cbm + *-commodore*) + basic_machine=`echo "$basic_machine" | sed 's/commodore.*/cbm/'` ;; *) ;; @@ -1270,245 +1334,199 @@ # Decode manufacturer-specific aliases for certain operating systems. -if [ x$os != x ] +if [ x"$os" != x"" ] then case $os in # First match some system type aliases that might get confused # with valid system types. - # solaris* is a basic system type, with this one exception. - auroraux) - os=auroraux + # -solaris* is a basic system type, with this one exception. + -auroraux) + os=-auroraux ;; - bluegene*) - os=cnk - ;; - solaris1 | solaris1.*) + -solaris1 | -solaris1.*) os=`echo $os | sed -e 's|solaris1|sunos4|'` ;; - solaris) - os=solaris2 + -solaris) + os=-solaris2 ;; - unixware*) - os=sysv4.2uw + -unixware*) + os=-sysv4.2uw ;; - gnu/linux*) + -gnu/linux*) os=`echo $os | sed -e 's|gnu/linux|linux-gnu|'` ;; # es1800 is here to avoid being matched by es* (a different OS) - es1800*) - os=ose - ;; - # Some version numbers need modification - chorusos*) - os=chorusos - ;; - isc) - os=isc2.2 - ;; - sco6) - os=sco5v6 - ;; - sco5) - os=sco3.2v5 - ;; - sco4) - os=sco3.2v4 - ;; - sco3.2.[4-9]*) - os=`echo $os | sed -e 's/sco3.2./sco3.2v/'` - ;; - sco3.2v[4-9]* | sco5v6*) - # Don't forget version if it is 3.2v4 or newer. - ;; - scout) - # Don't match below - ;; - sco*) - os=sco3.2v2 - ;; - psos*) - os=psos + -es1800*) + os=-ose ;; # Now accept the basic system types. # The portable systems comes first. # Each alternative MUST end in a * to match a version number. - # sysv* is not here because it comes later, after sysvr4. - gnu* | bsd* | mach* | minix* | genix* | ultrix* | irix* \ - | *vms* | esix* | aix* | cnk* | sunos | sunos[34]*\ - | hpux* | unos* | osf* | luna* | dgux* | auroraux* | solaris* \ - | sym* | kopensolaris* | plan9* \ - | amigaos* | amigados* | msdos* | newsos* | unicos* | aof* \ - | aos* | aros* | cloudabi* | sortix* \ - | nindy* | vxsim* | vxworks* | ebmon* | hms* | mvs* \ - | clix* | riscos* | uniplus* | iris* | isc* | rtu* | xenix* \ - | knetbsd* | mirbsd* | netbsd* \ - | bitrig* | openbsd* | solidbsd* | libertybsd* \ - | ekkobsd* | kfreebsd* | freebsd* | riscix* | lynxos* \ - | bosx* | nextstep* | cxux* | aout* | elf* | oabi* \ - | ptx* | coff* | ecoff* | winnt* | domain* | vsta* \ - | udi* | eabi* | lites* | ieee* | go32* | aux* | hcos* \ - | chorusrdb* | cegcc* | glidix* \ - | cygwin* | msys* | pe* | moss* | proelf* | rtems* \ - | midipix* | mingw32* | mingw64* | linux-gnu* | linux-android* \ - | linux-newlib* | linux-musl* | linux-uclibc* \ - | uxpv* | beos* | mpeix* | udk* | moxiebox* \ - | interix* | uwin* | mks* | rhapsody* | darwin* \ - | openstep* | oskit* | conix* | pw32* | nonstopux* \ - | storm-chaos* | tops10* | tenex* | tops20* | its* \ - | os2* | vos* | palmos* | uclinux* | nucleus* \ - | morphos* | superux* | rtmk* | windiss* \ - | powermax* | dnix* | nx6 | nx7 | sei* | dragonfly* \ - | skyos* | haiku* | rdos* | toppers* | drops* | es* \ - | onefs* | tirtos* | phoenix* | fuchsia* | redox* | bme* \ - | midnightbsd*) + # -sysv* is not here because it comes later, after sysvr4. + -gnu* | -bsd* | -mach* | -minix* | -genix* | -ultrix* | -irix* \ + | -*vms* | -sco* | -esix* | -isc* | -aix* | -cnk* | -sunos | -sunos[34]*\ + | -hpux* | -unos* | -osf* | -luna* | -dgux* | -auroraux* | -solaris* \ + | -sym* | -kopensolaris* | -plan9* \ + | -amigaos* | -amigados* | -msdos* | -newsos* | -unicos* | -aof* \ + | -aos* | -aros* | -cloudabi* | -sortix* \ + | -nindy* | -vxsim* | -vxworks* | -ebmon* | -hms* | -mvs* \ + | -clix* | -riscos* | -uniplus* | -iris* | -rtu* | -xenix* \ + | -hiux* | -knetbsd* | -mirbsd* | -netbsd* \ + | -bitrig* | -openbsd* | -solidbsd* | -libertybsd* \ + | -ekkobsd* | -kfreebsd* | -freebsd* | -riscix* | -lynxos* \ + | -bosx* | -nextstep* | -cxux* | -aout* | -elf* | -oabi* \ + | -ptx* | -coff* | -ecoff* | -winnt* | -domain* | -vsta* \ + | -udi* | -eabi* | -lites* | -ieee* | -go32* | -aux* \ + | -chorusos* | -chorusrdb* | -cegcc* | -glidix* \ + | -cygwin* | -msys* | -pe* | -psos* | -moss* | -proelf* | -rtems* \ + | -midipix* | -mingw32* | -mingw64* | -linux-gnu* | -linux-android* \ + | -linux-newlib* | -linux-musl* | -linux-uclibc* \ + | -uxpv* | -beos* | -mpeix* | -udk* | -moxiebox* \ + | -interix* | -uwin* | -mks* | -rhapsody* | -darwin* \ + | -openstep* | -oskit* | -conix* | -pw32* | -nonstopux* \ + | -storm-chaos* | -tops10* | -tenex* | -tops20* | -its* \ + | -os2* | -vos* | -palmos* | -uclinux* | -nucleus* \ + | -morphos* | -superux* | -rtmk* | -windiss* \ + | -powermax* | -dnix* | -nx6 | -nx7 | -sei* | -dragonfly* \ + | -skyos* | -haiku* | -rdos* | -toppers* | -drops* | -es* \ + | -onefs* | -tirtos* | -phoenix* | -fuchsia* | -redox* | -bme* \ + | -midnightbsd*) # Remember, each alternative MUST END IN *, to match a version number. ;; - qnx*) - case $cpu in - x86 | i*86) + -qnx*) + case $basic_machine in + x86-* | i*86-*) ;; *) - os=nto-$os + os=-nto$os ;; esac ;; - hiux*) - os=hiuxwe2 + -nto-qnx*) ;; - nto-qnx*) - ;; - nto*) + -nto*) os=`echo $os | sed -e 's|nto|nto-qnx|'` ;; - sim | xray | os68k* | v88r* \ - | windows* | osx | abug | netware* | os9* \ - | macos* | mpw* | magic* | mmixware* | mon960* | lnews*) - ;; - linux-dietlibc) - os=linux-dietlibc + -sim | -xray | -os68k* | -v88r* \ + | -windows* | -osx | -abug | -netware* | -os9* \ + | -macos* | -mpw* | -magic* | -mmixware* | -mon960* | -lnews*) ;; - linux*) - os=`echo $os | sed -e 's|linux|linux-gnu|'` - ;; - lynx*178) - os=lynxos178 - ;; - lynx*5) - os=lynxos5 - ;; - lynx*) - os=lynxos - ;; - mac*) + -mac*) os=`echo "$os" | sed -e 's|mac|macos|'` ;; - opened*) - os=openedition + -linux-dietlibc) + os=-linux-dietlibc ;; - os400*) - os=os400 + -linux*) + os=`echo $os | sed -e 's|linux|linux-gnu|'` ;; - sunos5*) + -sunos5*) os=`echo "$os" | sed -e 's|sunos5|solaris2|'` ;; - sunos6*) + -sunos6*) os=`echo "$os" | sed -e 's|sunos6|solaris3|'` ;; - wince*) - os=wince + -opened*) + os=-openedition ;; - utek*) - os=bsd + -os400*) + os=-os400 ;; - dynix*) - os=bsd + -wince*) + os=-wince ;; - acis*) - os=aos + -utek*) + os=-bsd ;; - atheos*) - os=atheos + -dynix*) + os=-bsd ;; - syllable*) - os=syllable + -acis*) + os=-aos ;; - 386bsd) - os=bsd + -atheos*) + os=-atheos + ;; + -syllable*) + os=-syllable ;; - ctix* | uts*) - os=sysv + -386bsd) + os=-bsd ;; - nova*) - os=rtmk-nova + -ctix* | -uts*) + os=-sysv ;; - ns2) - os=nextstep2 + -nova*) + os=-rtmk-nova ;; - nsk*) - os=nsk + -ns2) + os=-nextstep2 + ;; + -nsk*) + os=-nsk ;; # Preserve the version number of sinix5. - sinix5.*) + -sinix5.*) os=`echo $os | sed -e 's|sinix|sysv|'` ;; - sinix*) - os=sysv4 + -sinix*) + os=-sysv4 ;; - tpf*) - os=tpf + -tpf*) + os=-tpf ;; - triton*) - os=sysv3 + -triton*) + os=-sysv3 ;; - oss*) - os=sysv3 + -oss*) + os=-sysv3 ;; - svr4*) - os=sysv4 + -svr4*) + os=-sysv4 ;; - svr3) - os=sysv3 + -svr3) + os=-sysv3 ;; - sysvr4) - os=sysv4 + -sysvr4) + os=-sysv4 ;; - # This must come after sysvr4. - sysv*) + # This must come after -sysvr4. + -sysv*) ;; - ose*) - os=ose + -ose*) + os=-ose ;; - *mint | mint[0-9]* | *MiNT | MiNT[0-9]*) - os=mint + -*mint | -mint[0-9]* | -*MiNT | -MiNT[0-9]*) + os=-mint ;; - zvmoe) - os=zvmoe + -zvmoe) + os=-zvmoe ;; - dicos*) - os=dicos + -dicos*) + os=-dicos ;; - pikeos*) + -pikeos*) # Until real need of OS specific support for # particular features comes up, bare metal # configurations are quite functional. - case $cpu in + case $basic_machine in arm*) - os=eabi + os=-eabi ;; *) - os=elf + os=-elf ;; esac ;; - nacl*) - ;; - ios) + -nacl*) ;; - none) + -ios) ;; - *-eabi) + -none) ;; *) + # Get rid of the `-' at the beginning of $os. + os=`echo $os | sed 's/[^-]*-//'` echo Invalid configuration \`"$1"\': system \`"$os"\' not recognized 1>&2 exit 1 ;; @@ -1525,265 +1543,258 @@ # will signal an error saying that MANUFACTURER isn't an operating # system, and we'll never get to this point. -case $cpu-$vendor in +case $basic_machine in score-*) - os=elf + os=-elf ;; spu-*) - os=elf + os=-elf ;; *-acorn) - os=riscix1.2 + os=-riscix1.2 ;; arm*-rebel) - os=linux + os=-linux ;; arm*-semi) - os=aout + os=-aout ;; c4x-* | tic4x-*) - os=coff + os=-coff ;; c8051-*) - os=elf - ;; - clipper-intergraph) - os=clix + os=-elf ;; hexagon-*) - os=elf + os=-elf ;; tic54x-*) - os=coff + os=-coff ;; tic55x-*) - os=coff + os=-coff ;; tic6x-*) - os=coff + os=-coff ;; # This must come before the *-dec entry. pdp10-*) - os=tops20 + os=-tops20 ;; pdp11-*) - os=none + os=-none ;; *-dec | vax-*) - os=ultrix4.2 + os=-ultrix4.2 ;; m68*-apollo) - os=domain + os=-domain ;; i386-sun) - os=sunos4.0.2 + os=-sunos4.0.2 ;; m68000-sun) - os=sunos3 + os=-sunos3 ;; m68*-cisco) - os=aout + os=-aout ;; mep-*) - os=elf + os=-elf ;; mips*-cisco) - os=elf + os=-elf ;; mips*-*) - os=elf + os=-elf ;; or32-*) - os=coff + os=-coff ;; *-tti) # must be before sparc entry or we get the wrong os. - os=sysv3 + os=-sysv3 ;; sparc-* | *-sun) - os=sunos4.1.1 + os=-sunos4.1.1 ;; pru-*) - os=elf + os=-elf ;; *-be) - os=beos + os=-beos ;; *-ibm) - os=aix + os=-aix ;; *-knuth) - os=mmixware + os=-mmixware ;; *-wec) - os=proelf + os=-proelf ;; *-winbond) - os=proelf + os=-proelf ;; *-oki) - os=proelf + os=-proelf ;; *-hp) - os=hpux + os=-hpux ;; *-hitachi) - os=hiux + os=-hiux ;; i860-* | *-att | *-ncr | *-altos | *-motorola | *-convergent) - os=sysv + os=-sysv ;; *-cbm) - os=amigaos + os=-amigaos ;; *-dg) - os=dgux + os=-dgux ;; *-dolphin) - os=sysv3 + os=-sysv3 ;; m68k-ccur) - os=rtu + os=-rtu ;; m88k-omron*) - os=luna + os=-luna ;; *-next) - os=nextstep + os=-nextstep ;; *-sequent) - os=ptx + os=-ptx ;; *-crds) - os=unos + os=-unos ;; *-ns) - os=genix + os=-genix ;; i370-*) - os=mvs + os=-mvs ;; *-gould) - os=sysv + os=-sysv ;; *-highlevel) - os=bsd + os=-bsd ;; *-encore) - os=bsd + os=-bsd ;; *-sgi) - os=irix + os=-irix ;; *-siemens) - os=sysv4 + os=-sysv4 ;; *-masscomp) - os=rtu + os=-rtu ;; f30[01]-fujitsu | f700-fujitsu) - os=uxpv + os=-uxpv ;; *-rom68k) - os=coff + os=-coff ;; *-*bug) - os=coff + os=-coff ;; *-apple) - os=macos + os=-macos ;; *-atari*) - os=mint - ;; - *-wrs) - os=vxworks + os=-mint ;; *) - os=none + os=-none ;; esac fi # Here we handle the case where we know the os, and the CPU type, but not the # manufacturer. We pick the logical manufacturer. -case $vendor in - unknown) +vendor=unknown +case $basic_machine in + *-unknown) case $os in - riscix*) + -riscix*) vendor=acorn ;; - sunos*) + -sunos*) vendor=sun ;; - cnk*|-aix*) + -cnk*|-aix*) vendor=ibm ;; - beos*) + -beos*) vendor=be ;; - hpux*) + -hpux*) vendor=hp ;; - mpeix*) + -mpeix*) vendor=hp ;; - hiux*) + -hiux*) vendor=hitachi ;; - unos*) + -unos*) vendor=crds ;; - dgux*) + -dgux*) vendor=dg ;; - luna*) + -luna*) vendor=omron ;; - genix*) + -genix*) vendor=ns ;; - clix*) - vendor=intergraph - ;; - mvs* | opened*) + -mvs* | -opened*) vendor=ibm ;; - os400*) + -os400*) vendor=ibm ;; - ptx*) + -ptx*) vendor=sequent ;; - tpf*) + -tpf*) vendor=ibm ;; - vxsim* | vxworks* | windiss*) + -vxsim* | -vxworks* | -windiss*) vendor=wrs ;; - aux*) + -aux*) vendor=apple ;; - hms*) + -hms*) vendor=hitachi ;; - mpw* | macos*) + -mpw* | -macos*) vendor=apple ;; - *mint | mint[0-9]* | *MiNT | MiNT[0-9]*) + -*mint | -mint[0-9]* | -*MiNT | -MiNT[0-9]*) vendor=atari ;; - vos*) + -vos*) vendor=stratus ;; esac + basic_machine=`echo "$basic_machine" | sed "s/unknown/$vendor/"` ;; esac -echo "$cpu-$vendor-$os" +echo "$basic_machine$os" exit # Local variables: -# eval: (add-hook 'before-save-hook 'time-stamp) +# eval: (add-hook 'write-file-functions 'time-stamp) # time-stamp-start: "timestamp='" # time-stamp-format: "%:y-%02m-%02d" # time-stamp-end: "'" diff -Nru tor-0.4.5.10/configure tor-0.4.5.16/configure --- tor-0.4.5.10/configure 2021-08-16 13:15:37.000000000 +0000 +++ tor-0.4.5.16/configure 2023-01-12 16:16:03.000000000 +0000 @@ -1,6 +1,6 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.69 for tor 0.4.5.10. +# Generated by GNU Autoconf 2.69 for tor 0.4.5.16. # # # Copyright (C) 1992-1996, 1998-2012 Free Software Foundation, Inc. @@ -577,8 +577,8 @@ # Identity of this package. PACKAGE_NAME='tor' PACKAGE_TARNAME='tor' -PACKAGE_VERSION='0.4.5.10' -PACKAGE_STRING='tor 0.4.5.10' +PACKAGE_VERSION='0.4.5.16' +PACKAGE_STRING='tor 0.4.5.16' PACKAGE_BUGREPORT='' PACKAGE_URL='' @@ -837,7 +837,6 @@ docdir oldincludedir includedir -runstatedir localstatedir sharedstatedir sysconfdir @@ -986,7 +985,6 @@ sysconfdir='${prefix}/etc' sharedstatedir='${prefix}/com' localstatedir='${prefix}/var' -runstatedir='${localstatedir}/run' includedir='${prefix}/include' oldincludedir='/usr/include' docdir='${datarootdir}/doc/${PACKAGE_TARNAME}' @@ -1239,15 +1237,6 @@ | -silent | --silent | --silen | --sile | --sil) silent=yes ;; - -runstatedir | --runstatedir | --runstatedi | --runstated \ - | --runstate | --runstat | --runsta | --runst | --runs \ - | --run | --ru | --r) - ac_prev=runstatedir ;; - -runstatedir=* | --runstatedir=* | --runstatedi=* | --runstated=* \ - | --runstate=* | --runstat=* | --runsta=* | --runst=* | --runs=* \ - | --run=* | --ru=* | --r=*) - runstatedir=$ac_optarg ;; - -sbindir | --sbindir | --sbindi | --sbind | --sbin | --sbi | --sb) ac_prev=sbindir ;; -sbindir=* | --sbindir=* | --sbindi=* | --sbind=* | --sbin=* \ @@ -1385,7 +1374,7 @@ for ac_var in exec_prefix prefix bindir sbindir libexecdir datarootdir \ datadir sysconfdir sharedstatedir localstatedir includedir \ oldincludedir docdir infodir htmldir dvidir pdfdir psdir \ - libdir localedir mandir runstatedir + libdir localedir mandir do eval ac_val=\$$ac_var # Remove trailing slashes. @@ -1498,7 +1487,7 @@ # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures tor 0.4.5.10 to adapt to many kinds of systems. +\`configure' configures tor 0.4.5.16 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1538,7 +1527,6 @@ --sysconfdir=DIR read-only single-machine data [PREFIX/etc] --sharedstatedir=DIR modifiable architecture-independent data [PREFIX/com] --localstatedir=DIR modifiable single-machine data [PREFIX/var] - --runstatedir=DIR modifiable per-process data [LOCALSTATEDIR/run] --libdir=DIR object code libraries [EPREFIX/lib] --includedir=DIR C header files [PREFIX/include] --oldincludedir=DIR C header files for non-gcc [/usr/include] @@ -1569,7 +1557,7 @@ if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of tor 0.4.5.10:";; + short | recursive ) echo "Configuration of tor 0.4.5.16:";; esac cat <<\_ACEOF @@ -1796,7 +1784,7 @@ test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -tor configure 0.4.5.10 +tor configure 0.4.5.16 generated by GNU Autoconf 2.69 Copyright (C) 2012 Free Software Foundation, Inc. @@ -2501,7 +2489,7 @@ This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by tor $as_me 0.4.5.10, which was +It was created by tor $as_me 0.4.5.16, which was generated by GNU Autoconf 2.69. Invocation command line was $ $0 $@ @@ -2861,7 +2849,7 @@ # only shuts down for missing "required protocols" when those protocols # are listed as required by a consensus after this date. -$as_echo "#define APPROX_RELEASE_DATE \"2021-08-16\"" >>confdefs.h +$as_echo "#define APPROX_RELEASE_DATE \"2023-01-12\"" >>confdefs.h # "foreign" means we don't follow GNU package layout standards @@ -3382,7 +3370,7 @@ # Define the identity of the package. PACKAGE='tor' - VERSION='0.4.5.10' + VERSION='0.4.5.16' cat >>confdefs.h <<_ACEOF @@ -10290,7 +10278,7 @@ /* end confdefs.h. */ #include -#if !defined(LIBRESSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER <= 0x30000000L +#if !defined(LIBRESSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER >= 0x30000000L #error "you_have_version_3" #endif @@ -10340,6 +10328,34 @@ fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether LibreSSL TLS 1.3 APIs are busted" >&5 +$as_echo_n "checking whether LibreSSL TLS 1.3 APIs are busted... " >&6; } +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#include +#if defined(LIBRESSL_VERSION_NUMBER) && \ + LIBRESSL_VERSION_NUMBER >= 0x3020100fL && \ + LIBRESSL_VERSION_NUMBER < 0x3040100fL +#error "oh no" +#endif + +int +main () +{ + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +else + as_fn_error $? "This version of LibreSSL won't work with Tor. Please upgrade to LibreSSL 3.4.1 or later. (Or downgrade to 3.2.0 if you really must.)" "$LINENO" 5 +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ @@ -14367,7 +14383,7 @@ #ifdef HAVE_STDDEF_H #include #endif -int main () { char *p1,*p2; p1=NULL; memset(&p2,0,sizeof(p2)); +int main (void) { char *p1,*p2; p1=NULL; memset(&p2,0,sizeof(p2)); return memcmp(&p1,&p2,sizeof(char*))?1:0; } _ACEOF if ac_fn_c_try_run "$LINENO"; then : @@ -14411,7 +14427,7 @@ #ifdef HAVE_STDDEF_H #include #endif -int main () { double d1,d2; d1=0; memset(&d2,0,sizeof(d2)); +int main (void) { double d1,d2; d1=0; memset(&d2,0,sizeof(d2)); return memcmp(&d1,&d2,sizeof(d1))?1:0; } _ACEOF if ac_fn_c_try_run "$LINENO"; then : @@ -14456,7 +14472,7 @@ #ifdef HAVE_STDDEF_H #include #endif -int main () { return malloc(0)?0:1; } +int main (void) { return malloc(0)?0:1; } _ACEOF if ac_fn_c_try_run "$LINENO"; then : tor_cv_malloc_zero_works=yes @@ -14494,7 +14510,7 @@ else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ -int main () { int problem = ((-99) != (~99)+1); +int main (void) { int problem = ((-99) != (~99)+1); return problem ? 1 : 0; } _ACEOF if ac_fn_c_try_run "$LINENO"; then : @@ -14533,7 +14549,7 @@ else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ -int main () { int okay = (-60 >> 8) == -1; return okay ? 0 : 1; } +int main (void) { int okay = (-60 >> 8) == -1; return okay ? 0 : 1; } _ACEOF if ac_fn_c_try_run "$LINENO"; then : tor_cv_sign_extend=yes @@ -28768,7 +28784,7 @@ # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by tor $as_me 0.4.5.10, which was +This file was extended by tor $as_me 0.4.5.16, which was generated by GNU Autoconf 2.69. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -28834,7 +28850,7 @@ cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" ac_cs_version="\\ -tor config.status 0.4.5.10 +tor config.status 0.4.5.16 configured by $0, generated by GNU Autoconf 2.69, with options \\"\$ac_cs_config\\" @@ -29651,9 +29667,7 @@ { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 $as_echo "$as_me: error: in \`$ac_pwd':" >&2;} as_fn_error $? "Something went wrong bootstrapping makefile fragments - for automatic dependency tracking. If GNU make was not used, consider - re-running the configure script with MAKE=\"gmake\" (or whatever is - necessary). You can also try re-running configure with the + for automatic dependency tracking. Try re-running configure with the '--disable-dependency-tracking' option to at least be able to build the package (albeit without support for automatic dependency tracking). See \`config.log' for more details" "$LINENO" 5; } diff -Nru tor-0.4.5.10/configure.ac tor-0.4.5.16/configure.ac --- tor-0.4.5.10/configure.ac 2021-08-16 12:21:28.000000000 +0000 +++ tor-0.4.5.16/configure.ac 2023-01-12 16:16:03.000000000 +0000 @@ -4,7 +4,7 @@ dnl See LICENSE for licensing information AC_PREREQ([2.63]) -AC_INIT([tor],[0.4.5.10]) +AC_INIT([tor],[0.4.5.16]) AC_CONFIG_SRCDIR([src/app/main/tor_main.c]) AC_CONFIG_MACRO_DIR([m4]) @@ -16,7 +16,7 @@ # version number changes. Tor uses it to make sure that it # only shuts down for missing "required protocols" when those protocols # are listed as required by a consensus after this date. -AC_DEFINE(APPROX_RELEASE_DATE, ["2021-08-16"], # for 0.4.5.10 +AC_DEFINE(APPROX_RELEASE_DATE, ["2023-01-12"], # for 0.4.5.16 [Approximate date when this software was released. (Updated when the version changes.)]) # "foreign" means we don't follow GNU package layout standards @@ -1103,7 +1103,7 @@ AC_MSG_CHECKING([for OpenSSL >= 3.0.0]) AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include -#if !defined(LIBRESSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER <= 0x30000000L +#if !defined(LIBRESSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER >= 0x30000000L #error "you_have_version_3" #endif ]], [[]])], @@ -1121,6 +1121,18 @@ [ AC_MSG_RESULT([no]) ], [ AC_MSG_ERROR([OpenSSL is too old. We require 1.0.1 or later. You can specify a path to a newer one with --with-openssl-dir.]) ]) +AC_MSG_CHECKING([whether LibreSSL TLS 1.3 APIs are busted]) +AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ +#include +#if defined(LIBRESSL_VERSION_NUMBER) && \ + LIBRESSL_VERSION_NUMBER >= 0x3020100fL && \ + LIBRESSL_VERSION_NUMBER < 0x3040100fL +#error "oh no" +#endif + ]], [[]])], + [ AC_MSG_RESULT([no]) ], + [ AC_MSG_ERROR([This version of LibreSSL won't work with Tor. Please upgrade to LibreSSL 3.4.1 or later. (Or downgrade to 3.2.0 if you really must.)]) ]) + AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include #include @@ -1970,7 +1982,7 @@ #ifdef HAVE_STDDEF_H #include #endif -int main () { char *p1,*p2; p1=NULL; memset(&p2,0,sizeof(p2)); +int main (void) { char *p1,*p2; p1=NULL; memset(&p2,0,sizeof(p2)); return memcmp(&p1,&p2,sizeof(char*))?1:0; }]])], [tor_cv_null_is_zero=yes], [tor_cv_null_is_zero=no], @@ -1994,7 +2006,7 @@ #ifdef HAVE_STDDEF_H #include #endif -int main () { double d1,d2; d1=0; memset(&d2,0,sizeof(d2)); +int main (void) { double d1,d2; d1=0; memset(&d2,0,sizeof(d2)); return memcmp(&d1,&d2,sizeof(d1))?1:0; }]])], [tor_cv_dbl0_is_zero=yes], [tor_cv_dbl0_is_zero=no], @@ -2019,7 +2031,7 @@ #ifdef HAVE_STDDEF_H #include #endif -int main () { return malloc(0)?0:1; }]])], +int main (void) { return malloc(0)?0:1; }]])], [tor_cv_malloc_zero_works=yes], [tor_cv_malloc_zero_works=no], [tor_cv_malloc_zero_works=cross])]) @@ -2037,7 +2049,7 @@ # whether we seem to be in a 2s-complement world. AC_CACHE_CHECK([whether we are using 2s-complement arithmetic], tor_cv_twos_complement, [AC_RUN_IFELSE([AC_LANG_SOURCE( -[[int main () { int problem = ((-99) != (~99)+1); +[[int main (void) { int problem = ((-99) != (~99)+1); return problem ? 1 : 0; }]])], [tor_cv_twos_complement=yes], [tor_cv_twos_complement=no], @@ -2057,7 +2069,7 @@ # What does shifting a negative value do? AC_CACHE_CHECK([whether right-shift on negative values does sign-extension], tor_cv_sign_extend, [AC_RUN_IFELSE([AC_LANG_SOURCE( -[[int main () { int okay = (-60 >> 8) == -1; return okay ? 0 : 1; }]])], +[[int main (void) { int okay = (-60 >> 8) == -1; return okay ? 0 : 1; }]])], [tor_cv_sign_extend=yes], [tor_cv_sign_extend=no], [tor_cv_sign_extend=cross])]) diff -Nru tor-0.4.5.10/contrib/win32build/tor-mingw.nsi.in tor-0.4.5.16/contrib/win32build/tor-mingw.nsi.in --- tor-0.4.5.10/contrib/win32build/tor-mingw.nsi.in 2021-08-16 12:21:28.000000000 +0000 +++ tor-0.4.5.16/contrib/win32build/tor-mingw.nsi.in 2023-01-12 16:16:03.000000000 +0000 @@ -8,7 +8,7 @@ !include "LogicLib.nsh" !include "FileFunc.nsh" !insertmacro GetParameters -!define VERSION "0.4.5.10" +!define VERSION "0.4.5.16" !define INSTALLER "tor-${VERSION}-win32.exe" !define WEBSITE "https://www.torproject.org/" !define LICENSE "LICENSE" diff -Nru tor-0.4.5.10/debian/.debian-ci/build_source/build-depends tor-0.4.5.16/debian/.debian-ci/build_source/build-depends --- tor-0.4.5.10/debian/.debian-ci/build_source/build-depends 1970-01-01 00:00:00.000000000 +0000 +++ tor-0.4.5.16/debian/.debian-ci/build_source/build-depends 2023-01-16 19:52:42.000000000 +0000 @@ -0,0 +1,16 @@ +asciidoc +autoconf +automake +dctrl-tools +devscripts +docbook-xml +docbook-xsl +git +libcap-dev +libevent-dev +liblzma-dev +libssl-dev +libzstd-dev +quilt +xmlto +zlib1g-dev diff -Nru tor-0.4.5.10/debian/.debian-ci/build_source/build-script tor-0.4.5.16/debian/.debian-ci/build_source/build-script --- tor-0.4.5.10/debian/.debian-ci/build_source/build-script 1970-01-01 00:00:00.000000000 +0000 +++ tor-0.4.5.16/debian/.debian-ci/build_source/build-script 2023-01-16 19:52:42.000000000 +0000 @@ -0,0 +1,205 @@ +#!/bin/bash + +# given upstream tor and the debian-tor repos in src/tor and src/debian-tor, build a debian +# source package. + + +# Copyright 2007--2021 Peter Palfrader +# +# Permission is hereby granted, free of charge, to any person obtaining +# a copy of this software and associated documentation files (the +# "Software"), to deal in the Software without restriction, including +# without limitation the rights to use, copy, modify, merge, publish, +# distribute, sublicense, and/or sell copies of the Software, and to +# permit persons to whom the Software is furnished to do so, subject to +# the following conditions: +# +# The above copyright notice and this permission notice shall be +# included in all copies or substantial portions of the Software. +# +# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, +# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF +# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND +# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE +# LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION +# OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION +# WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. + +set -e +set -u +set -x + +fudge_upstream_version() { + # set the upstream version in configure.ac correctly + local pkggitdir="$1"; shift + + if ! [ -e configure.ac ]; then + echo >&2 "Did not find configure.at" + exit 1 + fi + + if [ "$(grep -c AC_INIT configure.ac)" != 1 ]; then + echo >&2 "Did not find exactly one AC_INIT" + exit 1 + fi + + sed -i -e '/^AC_INIT(/ s/\(-dev\)\?])/-dev])/' configure.ac + + if [ "$(grep -c "AC_INIT.*-dev" configure.ac)" != 1 ]; then + echo >&2 "Unexpect version in configure.ac." + exit 1 + fi +} + + +pkg=tor + +pkggitdir="src/${pkg}" +pkggitdir="$(readlink -f "$pkggitdir")" + +debgitdir="src/debian-${pkg}" +debgitdir="$(readlink -f "$debgitdir")" + +rm -rf RESULT +rm -f *.tar.gz + +if [ -z "${CI_COMMIT_BRANCH:-}" ] ; then + # building a (release?) tag + echo >&2 "Only can build branches currently." + exit 1 +fi + +# building a branch +if [ "${CI_COMMIT_BRANCH#debian-}" = "$CI_COMMIT_BRANCH" ]; then + echo >&2 "Branch name does not start with 'debian-'." + exit 1 +elif [ "${CI_COMMIT_BRANCH}" = "debian-main" ]; then + upstream_branch=main +else + upstream_branch="maint-${CI_COMMIT_BRANCH#debian-}" +fi + + +# prepare upstream dir +echo "Preparing upstream directory" +echo "========================================" +pushd . +cd "$pkggitdir" + +git checkout "$upstream_branch" +rev_upstream_branch="$( git rev-parse --short=16 "$upstream_branch" )" +if [ -z "${rev_upstream_branch}" ]; then echo >&2 "Could not get revision of upstream branch $upstream_branch."; exit 1; fi + +if [ "$upstream_branch" = "main" ]; then + pkgrev="${rev_upstream_branch}" + distribution="${pkg}-nightly-main" +else + upstream_branch_version_number="${upstream_branch#maint-}" + upstream_release_branch="release-${upstream_branch_version_number}" && + + git checkout "${upstream_release_branch}" + rev_release_branch="$(git rev-parse --short=16 "$upstream_release_branch")" + if [ -z "${rev_release_branch}" ]; then echo >&2 "Could not get revision of release branch $upstream_release_branch."; exit 1; fi + + git merge --no-commit "${upstream_branch}" + + pkgrev="${rev_release_branch}+${rev_upstream_branch}" + distribution="${pkg}-nightly-${upstream_branch_version_number}.x" +fi + +fudge_upstream_version "${pkggitdir}" +popd + + +debianrev=$(cd "$debgitdir" && git rev-parse --short HEAD) +ts="$(TZ=UTC date +%Y%m%dT%H%M%SZ)" + + +# build release tarball +####################### +echo "Building release tarball" +echo "========================================" +pushd . + +(cd "${pkggitdir}" && ./autogen.sh) + +mkdir build-tree-dist +cd build-tree-dist + +"${pkggitdir}/configure" --disable-silent-rules --enable-gcc-warnings +if [ "$(ls -1 *.tar.gz 2>/dev/null | wc -l)" != 0 ] ; then + echo >&2 "We already have one .tar.gz file before make dist. Confused." + exit 1 +fi +make dist +if [ "$(ls -1 *.tar.gz | wc -l)" != 1 ] ; then + echo >&2 "Do not have exactly one .tar.gz file after make dist. Confused." + exit 1 +fi + +tgz="$(echo -n *.tar.gz)" +tgz="$(readlink -f "$tgz")" + +popd + +# prepare debian source package +############################### +echo "Prepearing Debian source package" +echo "========================================" +pushd . + +tardir="$(tar taf "$tgz" 2>/dev/null | head -n1)" +tardir="${tardir%%/}" +dir_version="${tardir##${pkg}-}" +build_version="${dir_version}-${ts}" +ddir="${pkg}-${build_version}" +debian_version="${build_version}-1" + +mkdir build-tree-deb +cd build-tree-deb + +tar xaf "$tgz" +[ "$tardir" = "$ddir" ] || mv "$tardir" "$ddir" +echo "\"$pkgrev\"" > "$ddir/micro-revision.i" + +origtar="${pkg}_${build_version}.orig.tar.gz" +tar caf "$origtar" "$ddir" + +cp -ra "${debgitdir}/debian" "$ddir" +echo "\"${pkgrev}+${debianrev}\"" > "${ddir}/debian/micro-revision.i" + +( cd "$ddir" && + dch --force-distribution \ + --distribution "$distribution" \ + --force-bad-version \ + --newversion "${debian_version}" \ + "Automated build of "$pkg"-nightly at $ts, git revision $pkgrev with debiantree $debianrev." +) + +dpkg-source -b $ddir $origtar + +# build them ALL +echo "Creating backported debian source packages" +echo "====================" +PATH="$debgitdir/debian/misc:$PATH" + +. "$(which build-tor-sources)" +set -x +set +e +backport_all "$pkg" "$ddir" "$origtar" "$debian_version" + +include_orig="-sa" +for i in *.dsc; do + dpkg-source -x "$i" + (cd "$ddir" && dpkg-genchanges -S $include_orig) > ${i%.dsc}_src.changes + include_orig="" + rm -r "$ddir" +done + +mkdir RESULT +for i in *changes; do dcmd mv -v $i RESULT; done +echo "$build_version" > RESULT/version.txt +echo "$debian_version" >> RESULT/version.txt +mv RESULT .. + +popd diff -Nru tor-0.4.5.10/debian/.debian-ci/build_source-release/build-depends tor-0.4.5.16/debian/.debian-ci/build_source-release/build-depends --- tor-0.4.5.10/debian/.debian-ci/build_source-release/build-depends 1970-01-01 00:00:00.000000000 +0000 +++ tor-0.4.5.16/debian/.debian-ci/build_source-release/build-depends 2023-01-16 19:52:42.000000000 +0000 @@ -0,0 +1 @@ +pristine-tar gpgv gnupg devscripts dctrl-tools git diff -Nru tor-0.4.5.10/debian/.debian-ci/build_source-release/build-script tor-0.4.5.16/debian/.debian-ci/build_source-release/build-script --- tor-0.4.5.10/debian/.debian-ci/build_source-release/build-script 1970-01-01 00:00:00.000000000 +0000 +++ tor-0.4.5.16/debian/.debian-ci/build_source-release/build-script 2023-01-16 19:52:42.000000000 +0000 @@ -0,0 +1,165 @@ +#!/bin/bash + +# build a release debian source package given signed commits and +# upstream tarballs + + +# Copyright 2007--2021 Peter Palfrader +# +# Permission is hereby granted, free of charge, to any person obtaining +# a copy of this software and associated documentation files (the +# "Software"), to deal in the Software without restriction, including +# without limitation the rights to use, copy, modify, merge, publish, +# distribute, sublicense, and/or sell copies of the Software, and to +# permit persons to whom the Software is furnished to do so, subject to +# the following conditions: +# +# The above copyright notice and this permission notice shall be +# included in all copies or substantial portions of the Software. +# +# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, +# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF +# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND +# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE +# LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION +# OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION +# WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. + +set -e +set -u +set -x +set -o pipefail + +pkg=tor + +base="$PWD" +keyring_upstream="${base}/keyrings/upstream.gpg" +keyring_debian="${base}/keyrings/debian.gpg" + +if [ -z "${CI_COMMIT_TAG:-}" ] ; then + echo >&2 "CI_COMMIT_TAG variable not set" + exit 1 +fi + +debian_tag="${CI_COMMIT_TAG}" +debian_version="${debian_tag#debian-tor-}" +if [ "${debian_version}" = "${debian_tag}" ] ; then + echo >&2 "debian_tag variable does not start with 'debian-tor-'." + exit 1 +fi +upstream_version="${debian_version%-*}" +if [ "${debian_version}" = "${upstream_version}" ] ; then + echo >&2 "Malformed debian_version '$debian_version'" + exit 1 +fi + +if [ -z "$(git tag -l "$debian_tag")" ]; then + echo >&2 "Tag $debian_tag does not exist." + exit 1 +fi + +cd "${base}/src/debian-tor" +if [ -z "$(git tag -l "$debian_tag")" ]; then + echo >&2 "Tag ${debian_tag} does not exist." + exit 1 +fi + +changelog_version="$(dpkg-parsechangelog | grep-dctrl -sVersion -n .)" +if [ "${debian_version}" != "${changelog_version}" ] ; then + echo >&2 "Tag version (${debian_version}) versus debian/change version (${changelog_version}) mismatch." + exit 1 +fi + +mkdir -v "${base}/build" + +# get original upstream tarball and verify it. +############################################## +cd "${base}/src/pristine-upstream" +git branch pristine-tar origin/master + +cd "${base}/src/debian-tor" +git remote add pristine "${base}/src/pristine-upstream" +git fetch pristine --depth 1 pristine-tar:pristine-tar +tarball="${pkg}-${upstream_version}.tar.gz" +pristine-tar checkout "${tarball}" +mv -v "${tarball}" "${base}/build/" + +cd "${base}/src/pristine-upstream-signatures" +if [ -e "${tarball}.asc" ]; then + signature="${tarball}.asc" + cp -v "${base}/src/pristine-upstream-signatures/${signature}" "${base}/build/" + + cd "${base}/build/" + gpgv --keyring "$keyring_upstream" "$signature" "$tarball" +elif [ -e "${tarball}.sha256sum" ] && [ -e "${tarball}.sha256sum.asc" ] ; then + shafile="${tarball}.sha256sum" + signature="${shafile}.asc" + gpgv --keyring "$keyring_upstream" "$signature" "$shafile" + expect="$(awk '{print $1}' < "$shafile")" + if [ -z "${expect}" ]; then + echo >&2 "Did not get a checksum" + exit 1 + fi + + cd "${base}/build/" + got="$(sha256sum < "${tarball}" | awk '{print $1}')" + if [ "${got}" != "${expect}" ]; then + echo >&2 "Checksum mismatch: expected: ${expect}; got: ${got}" + exit 1 + fi +else + echo >&2 "Unable to verify upstream tarball." + exit 1 +fi + +origtar="${pkg}_${upstream_version}.orig.tar.gz" +ln "${tarball}" "${origtar}" +tar xaf "${tarball}" --transform 's#^[^/]*#upstream#' + +# get and verify debian tree +############################ + +mkdir "${base}/gpghome" +cp -v "$keyring_debian" "${base}/gpghome/pubring.gpg" +cd "${base}/src/debian-tor" +GNUPGHOME="${base}/gpghome" git tag -v "${debian_tag}" +micro_revision=$(git rev-parse --short=16 "${debian_tag}") + +mkdir "${base}/build/deb" +git archive "${debian_tag}" | (cd "${base}/build/deb" && tar xf -) + +# check the source for differences and build source +cd "${base}/build" +if diff -qr deb upstream | grep -v '^Only in ' | grep .; then + echo >&2 "Unwanted difference in source trees!" + exit 1 +fi + +mv -v --no-target-directory deb/debian upstream/debian +echo "\"$micro_revision\"" > upstream/debian/micro-revision.i +dpkg-source -b upstream $origtar + +if ! [ -e "${pkg}_${debian_version}.dsc" ]; then + echo >&2 "Did not produce ${pkg}_${debian_version}.dsc!" + exit 1 +fi + +# build them ALL +ddir="${pkg}-${upstream_version}" +PATH="${base}/build/upstream/debian/misc:$PATH" +. "$(which build-tor-sources)" +set -x +set +e +backport_all "$pkg" "$ddir" "$origtar" "$debian_version" +include_orig="-sa" +for i in *.dsc; do + dpkg-source -x "$i" + (cd "$ddir" && dpkg-genchanges -S $include_orig) > ${i%.dsc}_src.changes + include_orig="" + rm -r "$ddir" +done + +mkdir "${base}/RESULT" +for i in *changes; do dcmd mv -v "$i" "${base}/RESULT"; done +echo "$upstream_version" > "${base}/RESULT/version.txt" +echo "$debian_version" >> "${base}/RESULT/version.txt" diff -Nru tor-0.4.5.10/debian/.debian-ci.yml tor-0.4.5.16/debian/.debian-ci.yml --- tor-0.4.5.10/debian/.debian-ci.yml 1970-01-01 00:00:00.000000000 +0000 +++ tor-0.4.5.16/debian/.debian-ci.yml 2023-01-16 19:52:42.000000000 +0000 @@ -0,0 +1,324 @@ +variables: + TORGIT: https://git.torproject.org/tor.git + BUILDUSER: build + DEBIAN_FRONTEND: "noninteractive" + +## caching is disabled as it triggers all sorts of issues according to anarcat (2021-11-13) +#cache: +# key: apt-cache +# paths: [ 'apt-cache' ] + +.rule_condition_branch_debian: &rule_condition_branch_debian | + $CI_COMMIT_TAG == null && $CI_COMMIT_BRANCH =~ /^debian-(main$|[0-9].*)/ && $CI_COMMIT_BRANCH !~ /^debian-0\.3\.5($|[.-])/ + +.rule_condition_branch_debian_0_3_5: &rule_condition_branch_debian_0_3_5 | + $CI_COMMIT_TAG == null && $CI_COMMIT_BRANCH =~ /^debian-0\.3\.5($|[.-])/ + +.rule_condition_tag_debian: &rule_condition_tag_debian | + $CI_COMMIT_TAG =~ /^debian-tor-/ && $CI_COMMIT_TAG !~ /^debian-tor-0\.3\.5\./ + +.rule_condition_tag_debian_0_3_5: &rule_condition_tag_debian_0_3_5 | + $CI_COMMIT_TAG =~ /^debian-tor-0\.3\.5\./ + +workflow: + rules: + - if: *rule_condition_branch_debian + - if: *rule_condition_branch_debian_0_3_5 + - if: *rule_condition_tag_debian + - if: *rule_condition_tag_debian_0_3_5 + +default: + after_script: + - rm -rf build-env + + +.apt-init: &apt-init | + # APT_CACHE_DIR="${PWD}/apt-cache" && + # mkdir -p "${APT_CACHE_DIR}" && + cat > /etc/apt/apt.conf.d/90-gitlab << EOF && + APT::Install-Recommends "0"; + APT::Acquire::Retries "5"; + APT::Get::Assume-Yes "true"; + // Dir::Cache::Archives "${APT_CACHE_DIR}"; + EOF + apt-get update && + apt-get dist-upgrade + + +########################### +########################### +## common binary and source build parts + +.build_source_common: &build_source_common + stage: build + image: debian:stable-slim + before_script: + - rm -rf build-env + - *apt-init + - apt-get install sudo + - apt-get install build-essential + - apt-get install $(cat debian/.debian-ci/"${CI_JOB_NAME}"/build-depends) + - adduser --system --group --disabled-password --shell /bin/sh --home "$CI_PROJECT_DIR"/build-env "${BUILDUSER}" + artifacts: + paths: + - source-packages + expire_in: 1 week + +.build_binary_common: &build_binary_common + stage: build + timeout: 6h + variables: + GIT_STRATEGY: none + tags: [ $RUNNER_TAG ] + before_script: + - rm -rf build-env binary-packages + - *apt-init + - apt-get install sudo + - apt-get install build-essential devscripts reprepro fakeroot + image: ${DOCKER_ARCH}/${OS}:${SUITE}${IMAGE_EXTENSION} + + script: + - 'echo "SUITE: $SUITE"' + - 'echo "DOCKER_ARCH: $DOCKER_ARCH"' + - find source-packages + - upstream_version="$(head -n1 source-packages/version.txt)" + - if [ -z "$upstream_version" ]; then echo >&2 "Did not get package version from artifact."; exit 1; fi + - | + case "$SUITE" in + sid) srcchanges="$(ls -1 source-packages/tor_"$upstream_version"*_src.changes | grep -v '~')";; + *) srcchanges="$(ls -1 source-packages/tor_"$upstream_version"*"$SUITE"+*_src.changes)";; + esac + - 'echo "srcchanges: $srcchanges"' + - | + case "$DOCKER_ARCH" in + amd64) build_selector="-b";; + *) build_selector="-B";; + esac + - if [ "$(echo "$srcchanges" | wc -l)" != 1 ] || [ -z "$srcchanges" ] ; then echo >&2 "Weird number of changes files found."; exit 1; fi + - echo "source changes file:" + - cat "$srcchanges" + - dsc="$(dcmd --dsc "$srcchanges")" + - echo "dsc file is ${dsc}" + - cat "$dsc" + + - adduser --system --group --disabled-password --shell /bin/sh --home "$CI_PROJECT_DIR"/build-env "${BUILDUSER}" + + - sudo -i -u "${BUILDUSER}" mkdir build-tree + - sudo -i -u "${BUILDUSER}" sh -c "cd build-tree && dpkg-source -x ../../${dsc}" + - | + if [ "${SUITE}" = "xenial" ]; then + (cd "build-env/build-tree/tor-${upstream_version}" && + apt-get install \ + debhelper dh-systemd quilt libssl-dev zlib1g-dev libevent-dev asciidoc docbook-xml \ + docbook-xsl xmlto dh-apparmor libsystemd-dev pkg-config libcap-dev dh-autoreconf \ + liblzma-dev libzstd-dev && + ( [ "${DOCKER_ARCH}" != 'amd64' ] && [ "${DOCKER_ARCH}" != 'i386' ] || apt install libseccomp-dev ) + ) || exit 1 + else + (cd "build-env/build-tree/tor-${upstream_version}" && apt-get build-dep . ) || exit 1 + fi + - sudo -i -u "${BUILDUSER}" sh -c "cd 'build-tree/tor-${upstream_version}' && debuild -rfakeroot -uc -us '$build_selector'" + - binchanges="$(cd build-env/build-tree && ls -1 *.changes)" + - if [ "$(echo "$binchanges" | wc -l)" != 1 ] || [ -z "$binchanges" ] ; then echo >&2 "Weird number of changes files produced."; exit 1; fi + - sudo -i -u "${BUILDUSER}" mkdir RESULT + - sudo -i -u "${BUILDUSER}" dcmd ln -v "build-tree/${binchanges}" RESULT + + - mkdir binary-packages + - mv --no-target-directory build-env/RESULT binary-packages/"${OS}-${DOCKER_ARCH}-${SUITE}" + + artifacts: + paths: + - binary-packages/${OS}-${DOCKER_ARCH}-${SUITE} + expire_in: 1 hour + + +########################### +########################### +## matrix configuration + +.matrix_full: &matrix_full + - OS: debian + SUITE: [ 'sid', 'stretch', 'buster', 'bullseye', 'bookworm' ] + DOCKER_ARCH: ['amd64', 'i386'] + RUNNER_TAG: amd64 + IMAGE_EXTENSION: '-slim' + - OS: debian + DOCKER_ARCH: 'arm64v8' + SUITE: [ 'sid', 'stretch', 'buster', 'bullseye', 'bookworm' ] + RUNNER_TAG: aarch64 + IMAGE_EXTENSION: '-slim' + + - OS: ubuntu + SUITE: [ 'xenial', 'bionic' ] + DOCKER_ARCH: ['amd64', 'i386'] + RUNNER_TAG: amd64 + IMAGE_EXTENSION: [ '' ] + - OS: ubuntu + SUITE: [ 'focal', 'jammy', 'kinetic' ] + DOCKER_ARCH: 'amd64' + RUNNER_TAG: amd64 + IMAGE_EXTENSION: [ '' ] + - OS: ubuntu + SUITE: [ 'xenial', 'bionic', 'focal', 'jammy', 'kinetic' ] + DOCKER_ARCH: 'arm64v8' + RUNNER_TAG: 'aarch64' + IMAGE_EXTENSION: [ '' ] + +.matrix_tor_0_3_5: &matrix_tor_0_3_5 + - OS: debian + SUITE: [ 'stretch', 'buster' ] + DOCKER_ARCH: ['amd64', 'i386'] + RUNNER_TAG: amd64 + IMAGE_EXTENSION: '-slim' + - OS: debian + DOCKER_ARCH: 'arm64v8' + SUITE: [ 'stretch', 'buster' ] + RUNNER_TAG: aarch64 + IMAGE_EXTENSION: '-slim' + + - OS: ubuntu + SUITE: [ 'xenial', 'bionic' ] + DOCKER_ARCH: ['amd64', 'i386'] + RUNNER_TAG: amd64 + IMAGE_EXTENSION: [ '' ] + - OS: ubuntu + SUITE: 'focal' + DOCKER_ARCH: 'amd64' + RUNNER_TAG: amd64 + IMAGE_EXTENSION: [ '' ] + - OS: ubuntu + SUITE: [ 'xenial', 'bionic', 'focal' ] + DOCKER_ARCH: 'arm64v8' + RUNNER_TAG: 'aarch64' + IMAGE_EXTENSION: [ '' ] + + +########################### +########################### +## nightly/per-commit builds + +build_source: + rules: + - if: *rule_condition_branch_debian + - if: *rule_condition_branch_debian_0_3_5 + <<: *build_source_common + variables: + GIT_STRATEGY: fetch + GIT_DEPTH: 1 + script: + - git tag -f this-build + - sudo -i -u "${BUILDUSER}" mkdir src + - sudo -i -u "${BUILDUSER}" git clone file://"${CI_PROJECT_DIR}" --branch this-build --depth 1 src/debian-tor + - sudo -i -u "${BUILDUSER}" git clone "$TORGIT" src/tor + # this should not need network now: + - sudo -i -u "${BUILDUSER}" --preserve-env=CI_COMMIT_BRANCH src/debian-tor/debian/.debian-ci/"${CI_JOB_NAME}"/build-script + + - mv --no-target-directory build-env/RESULT source-packages + +build_binary: + <<: *build_binary_common + rules: + - if: *rule_condition_branch_debian + parallel: + matrix: *matrix_full + needs: [ 'build_source' ] + +build_binary_0_3_5: + <<: *build_binary_common + rules: + - if: *rule_condition_branch_debian_0_3_5 + parallel: + matrix: *matrix_tor_0_3_5 + needs: [ 'build_source' ] + + +########################### +## release builds + +build_source-release: + rules: + - if: *rule_condition_tag_debian + - if: *rule_condition_tag_debian_0_3_5 + <<: *build_source_common + variables: + # pristine-tar wants the repo + GIT_STRATEGY: clone + GIT_DEPTH: 0 + script: + - sudo -i -u "${BUILDUSER}" mkdir src + - sudo -i -u "${BUILDUSER}" git clone "${CI_PROJECT_DIR}" --branch "${CI_COMMIT_TAG}" src/debian-tor + - sudo -i -u "${BUILDUSER}" git clone https://git.torproject.org/debian/tor-pristine-upstream.git --branch master --depth 1 src/pristine-upstream + - sudo -i -u "${BUILDUSER}" git clone https://git.torproject.org/debian/tor-pristine-upstream.git --branch pristine-tar-signatures --depth 1 src/pristine-upstream-signatures + + - sudo -i -u "${BUILDUSER}" mkdir keyrings + - sudo -i -u "${BUILDUSER}" gpg --no-default-keyring --keyring ./keyrings/upstream.gpg --import "${TOR_DEBIAN_RELEASE_KEYRING_UPSTREAM}" + - sudo -i -u "${BUILDUSER}" gpg --no-default-keyring --keyring ./keyrings/debian.gpg --import "${TOR_DEBIAN_RELEASE_KEYRING_DEBIAN}" + + # this should not need network now: + - sudo -i -u "${BUILDUSER}" --preserve-env=CI_COMMIT_TAG src/debian-tor/debian/.debian-ci/"${CI_JOB_NAME}"/build-script + + - mv --no-target-directory build-env/RESULT source-packages + +build_binary-release: + <<: *build_binary_common + rules: + - if: *rule_condition_tag_debian + parallel: + matrix: *matrix_full + needs: [ 'build_source-release' ] + +build_binary-release_0_3_5: + <<: *build_binary_common + rules: + - if: *rule_condition_tag_debian_0_3_5 + parallel: + matrix: *matrix_tor_0_3_5 + needs: [ 'build_source-release' ] + + +########################### +########################### +## install into deb.tpo + +deploy: + stage: deploy + image: debian:stable-slim + variables: + GIT_STRATEGY: none + cache: [] + before_script: + - *apt-init + - apt-get install openssh-client rsync + script: + - chmod 0400 "${STATIC_GITLAB_SHIM_SSH_PRIVATE_KEY}" + - chmod 0444 "${STATIC_GITLAB_SHIM_SSH_HOST_KEYS}" + - rm -vf source-packages/version.txt + - > + rsync + -e "ssh -i '${STATIC_GITLAB_SHIM_SSH_PRIVATE_KEY}' -o GlobalKnownHostsFile='${STATIC_GITLAB_SHIM_SSH_HOST_KEYS}'" + -v + source-packages/* binary-packages/*/* + tordeb@palmeri.torproject.org:-overridden-server-side- + - > + ssh + -i "${STATIC_GITLAB_SHIM_SSH_PRIVATE_KEY}" + -o GlobalKnownHostsFile="${STATIC_GITLAB_SHIM_SSH_HOST_KEYS}" + tordeb@palmeri.torproject.org dinstall + +collect_artifacts: + rules: + - if: *rule_condition_tag_debian + - if: *rule_condition_tag_debian_0_3_5 + stage: deploy + image: debian:stable-slim + variables: + GIT_STRATEGY: none + cache: [] + script: + - find binary-packages source-packages + - chmod go-w -R binary-packages source-packages + artifacts: + paths: + - binary-packages + - source-packages + expire_in: 1 month diff -Nru tor-0.4.5.10/debian/changelog tor-0.4.5.16/debian/changelog --- tor-0.4.5.10/debian/changelog 2023-01-16 19:52:41.000000000 +0000 +++ tor-0.4.5.16/debian/changelog 2023-01-16 19:52:42.000000000 +0000 @@ -1,3 +1,22 @@ +tor (0.4.5.16-1) bullseye-security; urgency=medium + + * New upstream version: fixing TROVE-2022-002: + - The SafeSocks option had its logic inverted for SOCKS4 and + SOCKS4a. It would let the unsafe SOCKS4 pass but not the safe + SOCKS4a one. This is TROVE-2022-002 which was reported on + Hackerone by "cojabo". Fixes bug 40730; bugfix on 0.3.5.1-alpha. + + -- Peter Palfrader Thu, 12 Jan 2023 20:35:33 +0100 + +tor (0.4.5.15-1) bullseye; urgency=medium + + * New upstream version. + * Among minor security and stability improvements, update the set + of directory authorities (update moria1 key, update dizum address, + retire Faravahar). + + -- Peter Palfrader Sat, 10 Dec 2022 18:54:25 +0100 + tor (0.4.5.10-1~deb11u1) bullseye-security; urgency=medium * Upload fix for TROVE-2021-007/CVE-2021-38385 to bullseye: diff -Nru tor-0.4.5.10/debian/micro-revision.i tor-0.4.5.16/debian/micro-revision.i --- tor-0.4.5.10/debian/micro-revision.i 2023-01-16 19:52:41.000000000 +0000 +++ tor-0.4.5.16/debian/micro-revision.i 2023-01-16 19:52:42.000000000 +0000 @@ -1 +1 @@ -"01955086bcd35aca" +"b5ffc015a9e856d8" diff -Nru tor-0.4.5.10/debian/misc/backport tor-0.4.5.16/debian/misc/backport --- tor-0.4.5.10/debian/misc/backport 2023-01-16 19:52:41.000000000 +0000 +++ tor-0.4.5.16/debian/misc/backport 2023-01-16 19:52:42.000000000 +0000 @@ -39,6 +39,7 @@ stretch d9.stretch 1 buster d10.buster 1 bullseye d11.bullseye 1 +bookworm d12.bookworm 1 lenny-bpo bpo5 1 lenny-backports squeeze-bpo bpo6 1 squeeze-backports @@ -47,6 +48,7 @@ stretch-bpo bpo9 1 stretch-backports buster-bpo bpo10 1 buster-backports bullseye-bpo bpo11 1 bullseye-backports +bookworm-bpo bpo12 1 bookworm-backports dapper dapper 1 edgy edgy 1 @@ -79,6 +81,9 @@ focal focal 1 groovy groovy 1 hirsute hirsute 1 +impish impish 1 +jammy jammy 1 +kinetic kinetic 1 EOF ) if [ -z "$result" ] ; then diff -Nru tor-0.4.5.10/debian/misc/build-tor-sources tor-0.4.5.16/debian/misc/build-tor-sources --- tor-0.4.5.10/debian/misc/build-tor-sources 2023-01-16 19:52:41.000000000 +0000 +++ tor-0.4.5.16/debian/misc/build-tor-sources 2023-01-16 19:52:42.000000000 +0000 @@ -163,6 +163,11 @@ bp1 $pkg $dir $sid_debian_version bullseye bp2 $pkg $dir $origtar + # bookworm + ################################################# + bp1 $pkg $dir $sid_debian_version bookworm + bp2 $pkg $dir $origtar + # xenial (EOL: Apr 2021) ################################################# @@ -182,14 +187,14 @@ bp1 $pkg $dir $sid_debian_version focal bp2 $pkg $dir $origtar - # groovy (EOL: 2021-07) + # jammy (EOL: 2027-04-21, 2032-04) ################################################# - bp1 $pkg $dir $sid_debian_version groovy + bp1 $pkg $dir $sid_debian_version jammy bp2 $pkg $dir $origtar - # hirsute (EOL: 2022-01) + # kinetic (EOL: 2023-07) ################################################# - bp1 $pkg $dir $sid_debian_version hirsute + bp1 $pkg $dir $sid_debian_version kinetic bp2 $pkg $dir $origtar ################################################# diff -Nru tor-0.4.5.10/debian/rules tor-0.4.5.16/debian/rules --- tor-0.4.5.10/debian/rules 2023-01-16 19:52:41.000000000 +0000 +++ tor-0.4.5.16/debian/rules 2023-01-16 19:52:42.000000000 +0000 @@ -49,8 +49,6 @@ echo "\"`git rev-parse --short=16 HEAD`\"" > "debian/micro-revision.i" ; \ fi - # these get autobuilt from the .txt files, some of which we also patch - rm -vf doc/*.in rm -f debian/tor-instance-create.8 dh_clean diff -Nru tor-0.4.5.10/depcomp tor-0.4.5.16/depcomp --- tor-0.4.5.10/depcomp 2020-11-21 20:17:10.000000000 +0000 +++ tor-0.4.5.16/depcomp 2023-01-12 16:16:03.000000000 +0000 @@ -1,9 +1,9 @@ #! /bin/sh # depcomp - compile a program generating dependencies as side-effects -scriptversion=2018-03-07.03; # UTC +scriptversion=2017-09-16.17; # UTC -# Copyright (C) 1999-2020 Free Software Foundation, Inc. +# Copyright (C) 1999-2018 Free Software Foundation, Inc. # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by @@ -783,7 +783,7 @@ # Local Variables: # mode: shell-script # sh-indentation: 2 -# eval: (add-hook 'before-save-hook 'time-stamp) +# eval: (add-hook 'write-file-hooks 'time-stamp) # time-stamp-start: "scriptversion=" # time-stamp-format: "%:y-%02m-%02d.%02H" # time-stamp-time-zone: "UTC0" diff -Nru tor-0.4.5.10/doc/asciidoc-helper.sh tor-0.4.5.16/doc/asciidoc-helper.sh --- tor-0.4.5.10/doc/asciidoc-helper.sh 2020-11-17 13:04:37.000000000 +0000 +++ tor-0.4.5.16/doc/asciidoc-helper.sh 2023-01-12 16:16:03.000000000 +0000 @@ -12,6 +12,9 @@ exit 1; fi +SOURCE_DATE_EPOCH="$(git show --no-patch --format='%ct')" +export SOURCE_DATE_EPOCH + output=$3 if [ "$1" = "html" ]; then @@ -19,7 +22,7 @@ base=${output%%.html.in} if [ "$2" != none ]; then - TZ=UTC "$2" -d manpage -o "$output" "$input"; + TZ=UTC "$2" -f "$(dirname "$0")/nofooter.conf" -d manpage -o "$output" "$input"; else echo "=================================="; echo; diff -Nru tor-0.4.5.10/doc/man/tor-gencert.1.in tor-0.4.5.16/doc/man/tor-gencert.1.in --- tor-0.4.5.10/doc/man/tor-gencert.1.in 2020-11-21 20:37:37.000000000 +0000 +++ tor-0.4.5.16/doc/man/tor-gencert.1.in 2023-01-12 16:16:03.000000000 +0000 @@ -2,12 +2,12 @@ .\" Title: tor-gencert .\" Author: [FIXME: author] [see http://www.docbook.org/tdg5/en/html/author] .\" Generator: DocBook XSL Stylesheets vsnapshot -.\" Date: 11/21/2020 +.\" Date: 01/12/2023 .\" Manual: Tor Manual .\" Source: Tor .\" Language: English .\" -.TH "TOR\-GENCERT" "1" "11/21/2020" "Tor" "Tor Manual" +.TH "TOR\-GENCERT" "1" "01/12/2023" "Tor" "Tor Manual" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- diff -Nru tor-0.4.5.10/doc/man/tor-gencert.html.in tor-0.4.5.16/doc/man/tor-gencert.html.in --- tor-0.4.5.10/doc/man/tor-gencert.html.in 2020-11-21 20:37:37.000000000 +0000 +++ tor-0.4.5.16/doc/man/tor-gencert.html.in 2023-01-12 16:16:03.000000000 +0000 @@ -4,7 +4,7 @@ - + tor-gencert(1)