[tbb-commits] [tor-browser-bundle/hardened-builds] Bug 17801: Remove special tor patches

gk at torproject.org gk at torproject.org
Thu Dec 10 09:44:54 UTC 2015


commit fe0fbddde4c008ceba36abe826daf75fd63b403d
Author: Georg Koppen <gk at torproject.org>
Date:   Thu Dec 10 09:04:42 2015 +0000

    Bug 17801: Remove special tor patches
---
 gitian/descriptors/linux/gitian-tor.yml   |   14 -
 gitian/descriptors/mac/gitian-tor.yml     |   14 -
 gitian/descriptors/windows/gitian-tor.yml |   14 -
 gitian/patches/bug15482.patch             |   40 --
 gitian/patches/bug16430.patch             |   93 ----
 gitian/patches/bug16674.patch             |   74 ---
 gitian/patches/bug8402-master.patch       |  732 -----------------------------
 gitian/patches/bug8405.patch              |   84 ----
 8 files changed, 1065 deletions(-)

diff --git a/gitian/descriptors/linux/gitian-tor.yml b/gitian/descriptors/linux/gitian-tor.yml
index f31aac9..630c2e0 100644
--- a/gitian/descriptors/linux/gitian-tor.yml
+++ b/gitian/descriptors/linux/gitian-tor.yml
@@ -23,11 +23,6 @@ files:
 - "openssl-linux64-utils.zip"
 - "libevent-linux64-utils.zip"
 - "versions"
-- "bug8402-master.patch"
-- "bug8405.patch"
-- "bug15482.patch"
-- "bug16430.patch"
-- "bug16674.patch"
 - "dzip.sh"
 script: |
   INSTDIR="$HOME/install"
@@ -73,15 +68,6 @@ script: |
   # Building tor
   cd tor
   git update-index --refresh -q
-  export GIT_COMMITTER_NAME="nobody"
-  export GIT_COMMITTER_EMAIL="nobody at localhost"
-  export GIT_COMMITTER_DATE="$REFERENCE_DATETIME"
-  if [ ${TOR_TAG::9} == "tor-0.2.6" ];
-  then
-      git am ~/build/bug15482.patch
-      git am ~/build/bug16430.patch
-      git am ~/build/bug16674.patch
-  fi
   mkdir -p $OUTDIR/src
   #git archive HEAD | tar -x -C $OUTDIR/src
   ./autogen.sh
diff --git a/gitian/descriptors/mac/gitian-tor.yml b/gitian/descriptors/mac/gitian-tor.yml
index 857b5de..a6824c0 100644
--- a/gitian/descriptors/mac/gitian-tor.yml
+++ b/gitian/descriptors/mac/gitian-tor.yml
@@ -15,11 +15,6 @@ remotes:
   "dir": "tor"
 files:
 - "versions"
-- "bug8402-master.patch"
-- "bug8405.patch"
-- "bug15482.patch"
-- "bug16430.patch"
-- "bug16674.patch"
 - "apple-uni-sdk-10.6_20110407-0.flosoft1_i386.deb"
 - "multiarch-darwin11-cctools127.2-gcc42-5666.3-llvmgcc42-2336.1-Linux-120724.tar.xz"
 - "dzip.sh"
@@ -54,15 +49,6 @@ script: |
   export LDFLAGS="-m64 -L/usr/lib/apple/SDKs/MacOSX10.6.sdk/usr/lib/ -L/usr/lib/apple/SDKs/MacOSX10.6.sdk/usr/lib/system/ -mmacosx-version-min=10.5"
   cd tor
   git update-index --refresh -q
-  export GIT_COMMITTER_NAME="nobody"
-  export GIT_COMMITTER_EMAIL="nobody at localhost"
-  export GIT_COMMITTER_DATE="$REFERENCE_DATETIME"
-  if [ ${TOR_TAG::9} == "tor-0.2.6" ];
-  then
-      git am ~/build/bug15482.patch
-      git am ~/build/bug16430.patch
-      git am ~/build/bug16674.patch
-  fi
   mkdir -p $OUTDIR/src
   #git archive HEAD | tar -x -C $OUTDIR/src
   ./autogen.sh
diff --git a/gitian/descriptors/windows/gitian-tor.yml b/gitian/descriptors/windows/gitian-tor.yml
index 601dc4e..63b527a 100644
--- a/gitian/descriptors/windows/gitian-tor.yml
+++ b/gitian/descriptors/windows/gitian-tor.yml
@@ -15,11 +15,6 @@ remotes:
   "dir": "tor"
 files:
 - "versions"
-- "bug8402-master.patch"
-- "bug8405.patch"
-- "bug15482.patch"
-- "bug16430.patch"
-- "bug16674.patch"
 - "binutils.tar.bz2"
 - "dzip.sh"
 - "mingw-w64-win32-utils.zip"
@@ -54,15 +49,6 @@ script: |
   # Building tor
   cd tor
   git update-index --refresh -q
-  export GIT_COMMITTER_NAME="nobody"
-  export GIT_COMMITTER_EMAIL="nobody at localhost"
-  export GIT_COMMITTER_DATE="$REFERENCE_DATETIME"
-  if [ ${TOR_TAG::9} == "tor-0.2.6" ];
-  then
-      git am ~/build/bug15482.patch
-      git am ~/build/bug16430.patch
-      git am ~/build/bug16674.patch
-  fi
   mkdir -p $OUTDIR/src
   #git archive HEAD | tar -x -C $OUTDIR/src
   # We are building normal bundles without the console popping up and expert
diff --git a/gitian/patches/bug15482.patch b/gitian/patches/bug15482.patch
deleted file mode 100644
index df8a156..0000000
--- a/gitian/patches/bug15482.patch
+++ /dev/null
@@ -1,40 +0,0 @@
-From 748414784f71126b093aa7466908e00f71a7b046 Mon Sep 17 00:00:00 2001
-From: Mike Perry <mikeperry-git at torproject.org>
-Date: Fri, 27 Mar 2015 12:57:37 -0700
-Subject: [PATCH] Bug 15482: Don't abandon circuits that are still in use for
- browsing.
-
-Only applies to connections with SOCKS auth set, so that non-web Tor
-activity is not affected.
-
-Simpler version of Nick's patch because the randomness worried me, and I'm not
-otherwise sure why we want a max here.
----
- src/or/circuituse.c | 11 +++++++++--
- 1 file changed, 9 insertions(+), 2 deletions(-)
-
-diff --git a/src/or/circuituse.c b/src/or/circuituse.c
-index d0d31ad..6cce4bf 100644
---- a/src/or/circuituse.c
-+++ b/src/or/circuituse.c
-@@ -2264,8 +2264,15 @@ connection_ap_handshake_attach_chosen_circuit(entry_connection_t *conn,
- 
-   base_conn->state = AP_CONN_STATE_CIRCUIT_WAIT;
- 
--  if (!circ->base_.timestamp_dirty)
--    circ->base_.timestamp_dirty = time(NULL);
-+  if (!circ->base_.timestamp_dirty) {
-+    circ->base_.timestamp_dirty = approx_time();
-+  } else if ((conn->entry_cfg.isolation_flags & ISO_SOCKSAUTH) &&
-+             (conn->socks_request->usernamelen ||
-+              conn->socks_request->passwordlen)) {
-+    /* When stream isolation is in use and controlled by an application
-+     * we are willing to keep using the stream. */
-+    circ->base_.timestamp_dirty = approx_time();
-+  }
- 
-   pathbias_count_use_attempt(circ);
- 
--- 
-1.9.1
-
diff --git a/gitian/patches/bug16430.patch b/gitian/patches/bug16430.patch
deleted file mode 100644
index 81bbe3e..0000000
--- a/gitian/patches/bug16430.patch
+++ /dev/null
@@ -1,93 +0,0 @@
-From 3f336966a264d7cd7c6dab08fb85d85273f06d68 Mon Sep 17 00:00:00 2001
-From: Yawning Angel <yawning at schwanenlied.me>
-Date: Wed, 24 Jun 2015 13:52:29 +0000
-Subject: [PATCH] Work around nytimes.com's broken hostnames in our SOCKS
- checks.
-
-RFC 952 is approximately 30 years old, and people are failing to comply,
-by serving A records with '_' as part of the hostname.  Since relaxing
-the check is a QOL improvement for our userbase, relax the check to
-allow such abominations as destinations, especially since there are
-likely to be other similarly misconfigured domains out there.
----
- changes/bug16430     | 4 ++++
- src/common/util.c    | 7 +++++--
- src/test/test_util.c | 9 +++++++--
- 3 files changed, 16 insertions(+), 4 deletions(-)
- create mode 100644 changes/bug16430
-
-diff --git a/changes/bug16430 b/changes/bug16430
-new file mode 100644
-index 0000000..ca7b874
---- /dev/null
-+++ b/changes/bug16430
-@@ -0,0 +1,4 @@
-+  o Minor features (client):
-+    - Relax the validation done to hostnames in SOCKS5 requests, and allow
-+      '_' to cope with domains observed in the wild that are serving non-RFC
-+      compliant records. Resolves ticket 16430.
-diff --git a/src/common/util.c b/src/common/util.c
-index 942d0c2..4490150 100644
---- a/src/common/util.c
-+++ b/src/common/util.c
-@@ -1036,6 +1036,9 @@ string_is_valid_ipv6_address(const char *string)
- 
- /** Return true iff <b>string</b> matches a pattern of DNS names
-  * that we allow Tor clients to connect to.
-+ *
-+ * Note: This allows certain technically invalid characters ('_') to cope
-+ * with misconfigured zones that have been encountered in the wild.
-  */
- int
- string_is_valid_hostname(const char *string)
-@@ -1048,7 +1051,7 @@ string_is_valid_hostname(const char *string)
-   smartlist_split_string(components,string,".",0,0);
- 
-   SMARTLIST_FOREACH_BEGIN(components, char *, c) {
--    if (c[0] == '-') {
-+    if ((c[0] == '-') || (*c == '_')) {
-       result = 0;
-       break;
-     }
-@@ -1057,7 +1060,7 @@ string_is_valid_hostname(const char *string)
-       if ((*c >= 'a' && *c <= 'z') ||
-           (*c >= 'A' && *c <= 'Z') ||
-           (*c >= '0' && *c <= '9') ||
--          (*c == '-'))
-+          (*c == '-') || (*c == '_'))
-         c++;
-       else
-         result = 0;
-diff --git a/src/test/test_util.c b/src/test/test_util.c
-index b0366db..0f64c26 100644
---- a/src/test/test_util.c
-+++ b/src/test/test_util.c
-@@ -4268,18 +4268,23 @@ test_util_hostname_validation(void *arg)
-   tt_assert(string_is_valid_hostname("stanford.edu"));
-   tt_assert(string_is_valid_hostname("multiple-words-with-hypens.jp"));
- 
--  // Subdomain name cannot start with '-'.
-+  // Subdomain name cannot start with '-' or '_'.
-   tt_assert(!string_is_valid_hostname("-torproject.org"));
-   tt_assert(!string_is_valid_hostname("subdomain.-domain.org"));
-   tt_assert(!string_is_valid_hostname("-subdomain.domain.org"));
-+  tt_assert(!string_is_valid_hostname("___abc.org"));
- 
-   // Hostnames cannot contain non-alphanumeric characters.
-   tt_assert(!string_is_valid_hostname("%%domain.\\org."));
-   tt_assert(!string_is_valid_hostname("***x.net"));
--  tt_assert(!string_is_valid_hostname("___abc.org"));
-   tt_assert(!string_is_valid_hostname("\xff\xffxyz.org"));
-   tt_assert(!string_is_valid_hostname("word1 word2.net"));
- 
-+  // Test workaround for nytimes.com stupidity, technically invalid,
-+  // but we allow it since they are big, even though they are failing to
-+  // comply with a ~30 year old standard.
-+  tt_assert(string_is_valid_hostname("core3_euw1.fabrik.nytimes.com"));
-+
-   // XXX: do we allow single-label DNS names?
- 
-   done:
--- 
-1.9.1
-
diff --git a/gitian/patches/bug16674.patch b/gitian/patches/bug16674.patch
deleted file mode 100644
index 9497684..0000000
--- a/gitian/patches/bug16674.patch
+++ /dev/null
@@ -1,74 +0,0 @@
-From da6aa7bfa5014b980a93b38024d16b32720dc67a Mon Sep 17 00:00:00 2001
-From: Yawning Angel <yawning at schwanenlied.me>
-Date: Mon, 27 Jul 2015 12:58:40 +0000
-Subject: [PATCH] Allow a single trailing `.` when validating FQDNs from SOCKS.
-
-URI syntax (and DNS syntax) allows for a single trailing `.` to
-explicitly distinguish between a relative and absolute
-(fully-qualified) domain name. While this is redundant in that RFC 1928
-DOMAINNAME addresses are *always* fully-qualified, certain clients
-blindly pass the trailing `.` along in the request.
-
-Fixes bug 16674; bugfix on 0.2.6.2-alpha.
----
- changes/bug16674     |  5 +++++
- src/common/util.c    |  6 ++++++
- src/test/test_util.c | 12 ++++++++++++
- 3 files changed, 23 insertions(+)
- create mode 100644 changes/bug16674
-
-diff --git a/changes/bug16674 b/changes/bug16674
-new file mode 100644
-index 0000000..de55523
---- /dev/null
-+++ b/changes/bug16674
-@@ -0,0 +1,5 @@
-+  o Minor features (client):
-+    - Relax the validation done to hostnames in SOCKS5 requests, and allow
-+      a single trailing '.' to cope with clients that pass FQDNs using that
-+      syntax to explicitly indicate that the domain name is
-+      fully-qualified. Fixes bug 16674; bugfix on 0.2.6.2-alpha.
-diff --git a/src/common/util.c b/src/common/util.c
-index 618e6a1..1aac4fc 100644
---- a/src/common/util.c
-+++ b/src/common/util.c
-@@ -1056,6 +1056,12 @@ string_is_valid_hostname(const char *string)
-       break;
-     }
- 
-+    /* Allow a single terminating '.' used rarely to indicate domains
-+     * are FQDNs rather than relative. */
-+    if ((c_sl_idx > 0) && (c_sl_idx + 1 == c_sl_len) && !*c) {
-+      continue;
-+    }
-+
-     do {
-       if ((*c >= 'a' && *c <= 'z') ||
-           (*c >= 'A' && *c <= 'Z') ||
-diff --git a/src/test/test_util.c b/src/test/test_util.c
-index 0f64c26..2bffb17 100644
---- a/src/test/test_util.c
-+++ b/src/test/test_util.c
-@@ -4285,7 +4285,19 @@ test_util_hostname_validation(void *arg)
-   // comply with a ~30 year old standard.
-   tt_assert(string_is_valid_hostname("core3_euw1.fabrik.nytimes.com"));
- 
-+  // Firefox passes FQDNs with trailing '.'s  directly to the SOCKS proxy,
-+  // which is redundant since the spec states DOMAINNAME addresses are fully
-+  // qualified.  While unusual, this should be tollerated.
-+  tt_assert(string_is_valid_hostname("core9_euw1.fabrik.nytimes.com."));
-+  tt_assert(!string_is_valid_hostname("..washingtonpost.is.better.com"));
-+  tt_assert(!string_is_valid_hostname("so.is..ft.com"));
-+  tt_assert(!string_is_valid_hostname("..."));
-+
-   // XXX: do we allow single-label DNS names?
-+  // We shouldn't for SOCKS (spec says "contains a fully-qualified domain name"
-+  // but only test pathologically malformed traling '.' cases for now.
-+  tt_assert(!string_is_valid_hostname("."));
-+  tt_assert(!string_is_valid_hostname(".."));
- 
-   done:
-   return;
--- 
-1.9.1
-
diff --git a/gitian/patches/bug8402-master.patch b/gitian/patches/bug8402-master.patch
deleted file mode 100644
index 5a6386a..0000000
--- a/gitian/patches/bug8402-master.patch
+++ /dev/null
@@ -1,732 +0,0 @@
-From 9d7410ac5837658efa9b2d7d85c0c71f09a7a759 Mon Sep 17 00:00:00 2001
-From: Yawning Angel <yawning at schwanenlied.me>
-Date: Tue, 25 Mar 2014 07:21:22 +0000
-Subject: [PATCH 1/5] Allow ClientTransportPlugins to use proxies
-
-This change allows using Socks4Proxy, Socks5Proxy and HTTPSProxy with
-ClientTransportPlugins via the TOR_PT_PROXY extension to the
-pluggable transport specification.
-
-This fixes bug #8402.
----
- src/or/config.c     |  13 ++++--
- src/or/connection.c |  62 +++++++++++++++++++++--------
- src/or/transports.c | 112 ++++++++++++++++++++++++++++++++++++++++++++++++++--
- src/or/transports.h |   6 +++
- src/test/test_pt.c  |  81 +++++++++++++++++++++++++++++++++++++
- 5 files changed, 251 insertions(+), 23 deletions(-)
-
-diff --git a/src/or/config.c b/src/or/config.c
-index 0f7b1d2..b33098e 100644
---- a/src/or/config.c
-+++ b/src/or/config.c
-@@ -3174,11 +3174,11 @@ options_validate(or_options_t *old_options, or_options_t *options,
-     }
-   }
- 
--  /* Check if more than one proxy type has been enabled. */
-+  /* Check if more than one exclusive proxy type has been enabled. */
-   if (!!options->Socks4Proxy + !!options->Socks5Proxy +
--      !!options->HTTPSProxy + !!options->ClientTransportPlugin > 1)
-+      !!options->HTTPSProxy > 1)
-     REJECT("You have configured more than one proxy type. "
--           "(Socks4Proxy|Socks5Proxy|HTTPSProxy|ClientTransportPlugin)");
-+           "(Socks4Proxy|Socks5Proxy|HTTPSProxy)");
- 
-   /* Check if the proxies will give surprising behavior. */
-   if (options->HTTPProxy && !(options->Socks4Proxy ||
-@@ -4842,6 +4842,13 @@ parse_client_transport_line(const or_options_t *options,
-       pt_kickstart_client_proxy(transport_list, proxy_argv);
-     }
-   } else { /* external */
-+    /* ClientTransportPlugins connecting through a proxy is managed only. */
-+    if (options->Socks4Proxy || options->Socks5Proxy || options->HTTPSProxy) {
-+      log_warn(LD_CONFIG, "You have configured an external proxy with another "
-+                          "proxy type. (Socks4Proxy|Socks5Proxy|HTTPSProxy)");
-+      goto err;
-+    }
-+
-     if (smartlist_len(transport_list) != 1) {
-       log_warn(LD_CONFIG, "You can't have an external proxy with "
-                "more than one transports.");
-diff --git a/src/or/connection.c b/src/or/connection.c
-index cef9172..b32cddf 100644
---- a/src/or/connection.c
-+++ b/src/or/connection.c
-@@ -86,6 +86,8 @@ static int connection_read_https_proxy_response(connection_t *conn);
- static void connection_send_socks5_connect(connection_t *conn);
- static const char *proxy_type_to_string(int proxy_type);
- static int get_proxy_type(void);
-+static int get_bridge_pt_addrport(tor_addr_t *addr, uint16_t *port,
-+                                  int *proxy_type, const connection_t *conn);
- 
- /** The last addresses that our network interface seemed to have been
-  * binding to.  We use this as one way to detect when our IP changes.
-@@ -1689,14 +1691,14 @@ get_proxy_type(void)
- {
-   const or_options_t *options = get_options();
- 
--  if (options->HTTPSProxy)
-+  if (options->ClientTransportPlugin)
-+    return PROXY_PLUGGABLE;
-+  else if (options->HTTPSProxy)
-     return PROXY_CONNECT;
-   else if (options->Socks4Proxy)
-     return PROXY_SOCKS4;
-   else if (options->Socks5Proxy)
-     return PROXY_SOCKS5;
--  else if (options->ClientTransportPlugin)
--    return PROXY_PLUGGABLE;
-   else
-     return PROXY_NONE;
- }
-@@ -4771,6 +4773,35 @@ assert_connection_ok(connection_t *conn, time_t now)
- }
- 
- /** Fills <b>addr</b> and <b>port</b> with the details of the global
-+ *  pluggable transport or bridge we are using.
-+ *  <b>conn</b> contains the connection we are using the PT/bridge for.
-+ *
-+ * Return 0 on success, -1 on failure.
-+ */
-+static int
-+get_bridge_pt_addrport(tor_addr_t *addr, uint16_t *port, int *proxy_type,
-+                       const connection_t *conn)
-+{
-+  const or_options_t *options = get_options();
-+
-+  if (options->ClientTransportPlugin || options->Bridges) {
-+    const transport_t *transport = NULL;
-+    int r;
-+    r = get_transport_by_bridge_addrport(&conn->addr, conn->port, &transport);
-+    if (r<0)
-+      return -1;
-+    if (transport) { /* transport found */
-+      tor_addr_copy(addr, &transport->addr);
-+      *port = transport->port;
-+      *proxy_type = transport->socks_version;
-+      return 0;
-+    }
-+  }
-+
-+  return -1;
-+}
-+
-+/** Fills <b>addr</b> and <b>port</b> with the details of the global
-  *  proxy server we are using.
-  *  <b>conn</b> contains the connection we are using the proxy for.
-  *
-@@ -4782,6 +4813,16 @@ get_proxy_addrport(tor_addr_t *addr, uint16_t *port, int *proxy_type,
- {
-   const or_options_t *options = get_options();
- 
-+  /* Client Transport Plugins can use another proxy, but that should be hidden
-+   * from the rest of tor (as the plugin is responsible for dealing with the
-+   * proxy), check it first, then check the rest of the proxy types to allow
-+   * the config to have unused ClientTransportPlugin entries.
-+   */
-+  if (options->ClientTransportPlugin) {
-+    if (get_bridge_pt_addrport(addr, port, proxy_type, conn) == 0)
-+      return 0;
-+  }
-+
-   if (options->HTTPSProxy) {
-     tor_addr_copy(addr, &options->HTTPSProxyAddr);
-     *port = options->HTTPSProxyPort;
-@@ -4797,19 +4838,8 @@ get_proxy_addrport(tor_addr_t *addr, uint16_t *port, int *proxy_type,
-     *port = options->Socks5ProxyPort;
-     *proxy_type = PROXY_SOCKS5;
-     return 0;
--  } else if (options->ClientTransportPlugin ||
--             options->Bridges) {
--    const transport_t *transport = NULL;
--    int r;
--    r = get_transport_by_bridge_addrport(&conn->addr, conn->port, &transport);
--    if (r<0)
--      return -1;
--    if (transport) { /* transport found */
--      tor_addr_copy(addr, &transport->addr);
--      *port = transport->port;
--      *proxy_type = transport->socks_version;
--      return 0;
--    }
-+  } else if (options->Bridges) {
-+    return get_bridge_pt_addrport(addr, port, proxy_type, conn);
-   }
- 
-   tor_addr_make_unspec(addr);
-diff --git a/src/or/transports.c b/src/or/transports.c
-index dc30754..b810315 100644
---- a/src/or/transports.c
-+++ b/src/or/transports.c
-@@ -124,6 +124,8 @@ static INLINE void free_execve_args(char **arg);
- #define PROTO_SMETHOD_ERROR "SMETHOD-ERROR"
- #define PROTO_CMETHODS_DONE "CMETHODS DONE"
- #define PROTO_SMETHODS_DONE "SMETHODS DONE"
-+#define PROTO_PROXY_DONE "PROXY DONE"
-+#define PROTO_PROXY_ERROR "PROXY-ERROR"
- 
- /** The first and only supported - at the moment - configuration
-     protocol version. */
-@@ -439,6 +441,17 @@ add_transport_to_proxy(const char *transport, managed_proxy_t *mp)
- static int
- proxy_needs_restart(const managed_proxy_t *mp)
- {
-+  int ret = 1;
-+  char* proxy_uri;
-+
-+  /* If the PT proxy config has changed, then all existing pluggable transports
-+   * should be restarted.
-+   */
-+
-+  proxy_uri = get_pt_proxy_uri();
-+  if (strcmp_opt(proxy_uri, mp->proxy_uri) != 0)
-+    goto needs_restart;
-+
-   /* mp->transport_to_launch is populated with the names of the
-      transports that must be launched *after* the SIGHUP.
-      mp->transports is populated with the transports that were
-@@ -459,10 +472,10 @@ proxy_needs_restart(const managed_proxy_t *mp)
- 
-   } SMARTLIST_FOREACH_END(t);
- 
--  return 0;
--
-- needs_restart:
--  return 1;
-+  ret = 0;
-+needs_restart:
-+  tor_free(proxy_uri);
-+  return ret;
- }
- 
- /** Managed proxy <b>mp</b> must be restarted. Do all the necessary
-@@ -493,6 +506,11 @@ proxy_prepare_for_restart(managed_proxy_t *mp)
-   SMARTLIST_FOREACH(mp->transports, transport_t *, t, transport_free(t));
-   smartlist_clear(mp->transports);
- 
-+  /* Reset the proxy's HTTPS/SOCKS proxy */
-+  tor_free(mp->proxy_uri);
-+  mp->proxy_uri = get_pt_proxy_uri();
-+  mp->proxy_supported = 0;
-+
-   /* flag it as an infant proxy so that it gets launched on next tick */
-   mp->conf_state = PT_PROTO_INFANT;
-   unconfigured_proxies_n++;
-@@ -727,12 +745,52 @@ managed_proxy_destroy(managed_proxy_t *mp,
-   /* free the argv */
-   free_execve_args(mp->argv);
- 
-+  /* free the outgoing proxy URI */
-+  tor_free(mp->proxy_uri);
-+
-   tor_process_handle_destroy(mp->process_handle, also_terminate_process);
-   mp->process_handle = NULL;
- 
-   tor_free(mp);
- }
- 
-+/** Convert the tor proxy options to a URI suitable for TOR_PT_PROXY. */
-+STATIC char *
-+get_pt_proxy_uri(void)
-+{
-+  const or_options_t *options = get_options();
-+  char *uri = NULL;
-+
-+  if (options->Socks4Proxy || options->Socks5Proxy || options->HTTPSProxy) {
-+    char addr[TOR_ADDR_BUF_LEN+1];
-+
-+    if (options->Socks4Proxy) {
-+      tor_addr_to_str(addr, &options->Socks4ProxyAddr, sizeof(addr), 1);
-+      tor_asprintf(&uri, "socks4a://%s:%d", addr, options->Socks4ProxyPort);
-+    } else if (options->Socks5Proxy) {
-+      tor_addr_to_str(addr, &options->Socks5ProxyAddr, sizeof(addr), 1);
-+      if (!options->Socks5ProxyUsername && !options->Socks5ProxyPassword) {
-+        tor_asprintf(&uri, "socks5://%s:%d", addr, options->Socks5ProxyPort);
-+      } else {
-+        tor_asprintf(&uri, "socks5://%s:%s@%s:%d",
-+                     options->Socks5ProxyUsername,
-+                     options->Socks5ProxyPassword,
-+                     addr, options->Socks5ProxyPort);
-+      }
-+    } else if (options->HTTPSProxy) {
-+      tor_addr_to_str(addr, &options->HTTPSProxyAddr, sizeof(addr), 1);
-+      if (!options->HTTPSProxyAuthenticator) {
-+        tor_asprintf(&uri, "http://%s:%d", addr, options->HTTPSProxyPort);
-+      } else {
-+        tor_asprintf(&uri, "http://%s@%s:%d", options->HTTPSProxyAuthenticator,
-+                     addr, options->HTTPSProxyPort);
-+      }
-+    }
-+  }
-+
-+  return uri;
-+}
-+
- /** Handle a configured or broken managed proxy <b>mp</b>. */
- static void
- handle_finished_proxy(managed_proxy_t *mp)
-@@ -745,6 +803,12 @@ handle_finished_proxy(managed_proxy_t *mp)
-     managed_proxy_destroy(mp, 0); /* destroy it but don't terminate */
-     break;
-   case PT_PROTO_CONFIGURED: /* if configured correctly: */
-+    if (mp->proxy_uri && !mp->proxy_supported) {
-+      log_warn(LD_CONFIG, "Managed proxy '%s' did not configure the "
-+               "specified outgoing proxy.", mp->argv[0]);
-+      managed_proxy_destroy(mp, 1); /* annihilate it. */
-+      break;
-+    }
-     register_proxy(mp); /* register its transports */
-     mp->conf_state = PT_PROTO_COMPLETED; /* and mark it as completed. */
-     break;
-@@ -862,6 +926,22 @@ handle_proxy_line(const char *line, managed_proxy_t *mp)
-       goto err;
- 
-     return;
-+  } else if (!strcmpstart(line, PROTO_PROXY_DONE)) {
-+    if (mp->conf_state != PT_PROTO_ACCEPTING_METHODS)
-+      goto err;
-+
-+    if (mp->proxy_uri) {
-+      mp->proxy_supported = 1;
-+      return;
-+    }
-+
-+    /* No proxy was configured, this should log */
-+  } else if (!strcmpstart(line, PROTO_PROXY_ERROR)) {
-+    if (mp->conf_state != PT_PROTO_ACCEPTING_METHODS)
-+      goto err;
-+
-+    parse_proxy_error(line);
-+    goto err;
-   } else if (!strcmpstart(line, SPAWN_ERROR_MESSAGE)) {
-     /* managed proxy launch failed: parse error message to learn why. */
-     int retval, child_state, saved_errno;
-@@ -1128,6 +1208,21 @@ parse_cmethod_line(const char *line, managed_proxy_t *mp)
-   return r;
- }
- 
-+/** Parses an PROXY-ERROR <b>line</b> and warns the user accordingly. */
-+STATIC void
-+parse_proxy_error(const char *line)
-+{
-+  /* (Length of the protocol string) plus (a space) and (the first char of
-+     the error message) */
-+  if (strlen(line) < (strlen(PROTO_PROXY_ERROR) + 2))
-+    log_notice(LD_CONFIG, "Managed proxy sent us an %s without an error "
-+               "message.", PROTO_PROXY_ERROR);
-+
-+  log_warn(LD_CONFIG, "Managed proxy failed to configure the "
-+           "pluggable transport's outgoing proxy. (%s)",
-+           line+strlen(PROTO_PROXY_ERROR)+1);
-+}
-+
- /** Return a newly allocated string that tor should place in
-  * TOR_PT_SERVER_TRANSPORT_OPTIONS while configuring the server
-  * manged proxy in <b>mp</b>. Return NULL if no such options are found. */
-@@ -1292,6 +1387,14 @@ create_managed_proxy_environment(const managed_proxy_t *mp)
-     } else {
-       smartlist_add_asprintf(envs, "TOR_PT_EXTENDED_SERVER_PORT=");
-     }
-+  } else {
-+    /* If ClientTransportPlugin has a HTTPS/SOCKS proxy configured, set the
-+     * TOR_PT_PROXY line.
-+     */
-+
-+    if (mp->proxy_uri) {
-+      smartlist_add_asprintf(envs, "TOR_PT_PROXY=%s", mp->proxy_uri);
-+    }
-   }
- 
-   SMARTLIST_FOREACH_BEGIN(envs, const char *, env_var) {
-@@ -1324,6 +1427,7 @@ managed_proxy_create(const smartlist_t *transport_list,
-   mp->is_server = is_server;
-   mp->argv = proxy_argv;
-   mp->transports = smartlist_new();
-+  mp->proxy_uri = get_pt_proxy_uri();
- 
-   mp->transports_to_launch = smartlist_new();
-   SMARTLIST_FOREACH(transport_list, const char *, transport,
-diff --git a/src/or/transports.h b/src/or/transports.h
-index 1365ead..bc2331d 100644
---- a/src/or/transports.h
-+++ b/src/or/transports.h
-@@ -81,6 +81,9 @@ typedef struct {
-   char **argv; /* the cli arguments of this proxy */
-   int conf_protocol; /* the configuration protocol version used */
- 
-+  char *proxy_uri;  /* the outgoing proxy in TOR_PT_PROXY URI format */
-+  int proxy_supported : 1; /* the proxy claims to honor TOR_PT_PROXY */
-+
-   int is_server; /* is it a server proxy? */
- 
-   /* A pointer to the process handle of this managed proxy. */
-@@ -112,6 +115,7 @@ STATIC int parse_smethod_line(const char *line, managed_proxy_t *mp);
- 
- STATIC int parse_version(const char *line, managed_proxy_t *mp);
- STATIC void parse_env_error(const char *line);
-+STATIC void parse_proxy_error(const char *line);
- STATIC void handle_proxy_line(const char *line, managed_proxy_t *mp);
- STATIC char *get_transport_options_for_server_proxy(const managed_proxy_t *mp);
- 
-@@ -123,6 +127,8 @@ STATIC managed_proxy_t *managed_proxy_create(const smartlist_t *transport_list,
- 
- STATIC int configure_proxy(managed_proxy_t *mp);
- 
-+STATIC char* get_pt_proxy_uri(void);
-+
- #endif
- 
- #endif
-diff --git a/src/test/test_pt.c b/src/test/test_pt.c
-index f71627d..788d420 100644
---- a/src/test/test_pt.c
-+++ b/src/test/test_pt.c
-@@ -450,6 +450,85 @@ test_pt_configure_proxy(void *arg)
-   tor_free(mp);
- }
- 
-+/* Test the get_pt_proxy_uri() function. */
-+static void
-+test_get_pt_proxy_uri(void *arg)
-+{
-+  or_options_t *options = get_options_mutable();
-+  char *uri = NULL;
-+  int ret;
-+  (void) arg;
-+
-+  /* Test with no proxy. */
-+  uri = get_pt_proxy_uri();
-+  tt_assert(uri == NULL);
-+
-+  /* Test with a SOCKS4 proxy. */
-+  options->Socks4Proxy = "192.0.2.1:1080";
-+  ret = tor_addr_port_lookup(options->Socks4Proxy,
-+                             &options->Socks4ProxyAddr,
-+                             &options->Socks4ProxyPort);
-+  tt_assert(ret == 0);
-+  uri = get_pt_proxy_uri();
-+  tt_str_op(uri, ==, "socks4a://192.0.2.1:1080");
-+  tor_free(uri);
-+
-+  options->Socks4Proxy = NULL;
-+
-+  /* Test with a SOCKS5 proxy, no username/password. */
-+  options->Socks5Proxy = "192.0.2.1:1080";
-+  ret = tor_addr_port_lookup(options->Socks5Proxy,
-+                             &options->Socks5ProxyAddr,
-+                             &options->Socks5ProxyPort);
-+  tt_assert(ret == 0);
-+  uri = get_pt_proxy_uri();
-+  tt_str_op(uri, ==, "socks5://192.0.2.1:1080");
-+  tor_free(uri);
-+
-+  /* Test with a SOCKS5 proxy, with username/password. */
-+  options->Socks5ProxyUsername = "hwest";
-+  options->Socks5ProxyPassword = "r34n1m470r";
-+  uri = get_pt_proxy_uri();
-+  tt_str_op(uri, ==, "socks5://hwest:r34n1m470r at 192.0.2.1:1080");
-+  tor_free(uri);
-+
-+  options->Socks5Proxy = NULL;
-+
-+  /* Test with a HTTPS proxy, no authenticator. */
-+  options->HTTPSProxy = "192.0.2.1:80";
-+  ret = tor_addr_port_lookup(options->HTTPSProxy,
-+                             &options->HTTPSProxyAddr,
-+                             &options->HTTPSProxyPort);
-+  tt_assert(ret == 0);
-+  uri = get_pt_proxy_uri();
-+  tt_str_op(uri, ==, "http://192.0.2.1:80");
-+  tor_free(uri);
-+
-+  /* Test with a HTTPS proxy, with authenticator. */
-+  options->HTTPSProxyAuthenticator = "hwest:r34n1m470r";
-+  uri = get_pt_proxy_uri();
-+  tt_str_op(uri, ==, "http://hwest:r34n1m470r@192.0.2.1:80");
-+  tor_free(uri);
-+
-+  options->HTTPSProxy = NULL;
-+
-+  /* Token nod to the fact that IPv6 exists. */
-+  options->Socks4Proxy = "[2001:db8::1]:1080";
-+  ret = tor_addr_port_lookup(options->Socks4Proxy,
-+                             &options->Socks4ProxyAddr,
-+                             &options->Socks4ProxyPort);
-+  tt_assert(ret == 0);
-+  uri = get_pt_proxy_uri();
-+  tt_str_op(uri, ==, "socks4a://[2001:db8::1]:1080");
-+  tor_free(uri);
-+
-+
-+ done:
-+  if (uri)
-+    tor_free(uri);
-+}
-+
-+
- #define PT_LEGACY(name)                                               \
-   { #name, legacy_test_helper, 0, &legacy_setup, test_pt_ ## name }
- 
-@@ -462,6 +541,8 @@ struct testcase_t pt_tests[] = {
-     NULL, NULL },
-   { "configure_proxy",test_pt_configure_proxy, TT_FORK,
-     NULL, NULL },
-+  { "get_pt_proxy_uri", test_get_pt_proxy_uri, TT_FORK,
-+    NULL, NULL },
-   END_OF_TESTCASES
- };
- 
--- 
-2.0.0.rc2
-
-
-From 92eecbfee128b22b07bcc97ac36ecdd5183c2da7 Mon Sep 17 00:00:00 2001
-From: Yawning Angel <yawning at schwanenlied.me>
-Date: Mon, 14 Apr 2014 21:51:34 +0000
-Subject: [PATCH 2/5] Fixed the test build with --enable-gcc-warnings
-
----
- src/test/test_pt.c | 28 ++++++++++++++--------------
- 1 file changed, 14 insertions(+), 14 deletions(-)
-
-diff --git a/src/test/test_pt.c b/src/test/test_pt.c
-index 788d420..cfbd084 100644
---- a/src/test/test_pt.c
-+++ b/src/test/test_pt.c
-@@ -464,7 +464,7 @@ test_get_pt_proxy_uri(void *arg)
-   tt_assert(uri == NULL);
- 
-   /* Test with a SOCKS4 proxy. */
--  options->Socks4Proxy = "192.0.2.1:1080";
-+  options->Socks4Proxy = tor_strdup("192.0.2.1:1080");
-   ret = tor_addr_port_lookup(options->Socks4Proxy,
-                              &options->Socks4ProxyAddr,
-                              &options->Socks4ProxyPort);
-@@ -472,11 +472,10 @@ test_get_pt_proxy_uri(void *arg)
-   uri = get_pt_proxy_uri();
-   tt_str_op(uri, ==, "socks4a://192.0.2.1:1080");
-   tor_free(uri);
--
--  options->Socks4Proxy = NULL;
-+  tor_free(options->Socks4Proxy);
- 
-   /* Test with a SOCKS5 proxy, no username/password. */
--  options->Socks5Proxy = "192.0.2.1:1080";
-+  options->Socks5Proxy = tor_strdup("192.0.2.1:1080");
-   ret = tor_addr_port_lookup(options->Socks5Proxy,
-                              &options->Socks5ProxyAddr,
-                              &options->Socks5ProxyPort);
-@@ -486,16 +485,17 @@ test_get_pt_proxy_uri(void *arg)
-   tor_free(uri);
- 
-   /* Test with a SOCKS5 proxy, with username/password. */
--  options->Socks5ProxyUsername = "hwest";
--  options->Socks5ProxyPassword = "r34n1m470r";
-+  options->Socks5ProxyUsername = tor_strdup("hwest");
-+  options->Socks5ProxyPassword = tor_strdup("r34n1m470r");
-   uri = get_pt_proxy_uri();
-   tt_str_op(uri, ==, "socks5://hwest:r34n1m470r at 192.0.2.1:1080");
-   tor_free(uri);
--
--  options->Socks5Proxy = NULL;
-+  tor_free(options->Socks5Proxy);
-+  tor_free(options->Socks5ProxyUsername);
-+  tor_free(options->Socks5ProxyPassword);
- 
-   /* Test with a HTTPS proxy, no authenticator. */
--  options->HTTPSProxy = "192.0.2.1:80";
-+  options->HTTPSProxy = tor_strdup("192.0.2.1:80");
-   ret = tor_addr_port_lookup(options->HTTPSProxy,
-                              &options->HTTPSProxyAddr,
-                              &options->HTTPSProxyPort);
-@@ -505,15 +505,15 @@ test_get_pt_proxy_uri(void *arg)
-   tor_free(uri);
- 
-   /* Test with a HTTPS proxy, with authenticator. */
--  options->HTTPSProxyAuthenticator = "hwest:r34n1m470r";
-+  options->HTTPSProxyAuthenticator = tor_strdup("hwest:r34n1m470r");
-   uri = get_pt_proxy_uri();
-   tt_str_op(uri, ==, "http://hwest:r34n1m470r@192.0.2.1:80");
-   tor_free(uri);
--
--  options->HTTPSProxy = NULL;
-+  tor_free(options->HTTPSProxy);
-+  tor_free(options->HTTPSProxyAuthenticator);
- 
-   /* Token nod to the fact that IPv6 exists. */
--  options->Socks4Proxy = "[2001:db8::1]:1080";
-+  options->Socks4Proxy = tor_strdup("[2001:db8::1]:1080");
-   ret = tor_addr_port_lookup(options->Socks4Proxy,
-                              &options->Socks4ProxyAddr,
-                              &options->Socks4ProxyPort);
-@@ -521,7 +521,7 @@ test_get_pt_proxy_uri(void *arg)
-   uri = get_pt_proxy_uri();
-   tt_str_op(uri, ==, "socks4a://[2001:db8::1]:1080");
-   tor_free(uri);
--
-+  tor_free(options->Socks4Proxy);
- 
-  done:
-   if (uri)
--- 
-2.0.0.rc2
-
-
-From 8361223c10eb929b570e72853a5d9e51b67fd6c3 Mon Sep 17 00:00:00 2001
-From: Yawning Angel <yawning at schwanenlied.me>
-Date: Thu, 1 May 2014 03:30:09 +0000
-Subject: [PATCH 3/5] Remove get_bridge_pt_addrport().
-
-The code was not disambiguating ClientTransportPlugin configured and
-not used, and ClientTransportPlugin configured, but in a failed state.
-
-The right thing to do is to undo moving the get_transport_by_addrport()
-call back into get_proxy_addrport(), and remove and explicit check for
-using a Bridge since by the time the check is made, if a Bridge is
-being used, it is PT/proxy-less.
----
- src/or/connection.c | 46 ++++++++++++----------------------------------
- 1 file changed, 12 insertions(+), 34 deletions(-)
-
-diff --git a/src/or/connection.c b/src/or/connection.c
-index b32cddf..ff8cdf1 100644
---- a/src/or/connection.c
-+++ b/src/or/connection.c
-@@ -86,8 +86,6 @@ static int connection_read_https_proxy_response(connection_t *conn);
- static void connection_send_socks5_connect(connection_t *conn);
- static const char *proxy_type_to_string(int proxy_type);
- static int get_proxy_type(void);
--static int get_bridge_pt_addrport(tor_addr_t *addr, uint16_t *port,
--                                  int *proxy_type, const connection_t *conn);
- 
- /** The last addresses that our network interface seemed to have been
-  * binding to.  We use this as one way to detect when our IP changes.
-@@ -4773,35 +4771,6 @@ assert_connection_ok(connection_t *conn, time_t now)
- }
- 
- /** Fills <b>addr</b> and <b>port</b> with the details of the global
-- *  pluggable transport or bridge we are using.
-- *  <b>conn</b> contains the connection we are using the PT/bridge for.
-- *
-- * Return 0 on success, -1 on failure.
-- */
--static int
--get_bridge_pt_addrport(tor_addr_t *addr, uint16_t *port, int *proxy_type,
--                       const connection_t *conn)
--{
--  const or_options_t *options = get_options();
--
--  if (options->ClientTransportPlugin || options->Bridges) {
--    const transport_t *transport = NULL;
--    int r;
--    r = get_transport_by_bridge_addrport(&conn->addr, conn->port, &transport);
--    if (r<0)
--      return -1;
--    if (transport) { /* transport found */
--      tor_addr_copy(addr, &transport->addr);
--      *port = transport->port;
--      *proxy_type = transport->socks_version;
--      return 0;
--    }
--  }
--
--  return -1;
--}
--
--/** Fills <b>addr</b> and <b>port</b> with the details of the global
-  *  proxy server we are using.
-  *  <b>conn</b> contains the connection we are using the proxy for.
-  *
-@@ -4819,8 +4788,19 @@ get_proxy_addrport(tor_addr_t *addr, uint16_t *port, int *proxy_type,
-    * the config to have unused ClientTransportPlugin entries.
-    */
-   if (options->ClientTransportPlugin) {
--    if (get_bridge_pt_addrport(addr, port, proxy_type, conn) == 0)
-+    const transport_t *transport = NULL;
-+    int r;
-+    r = get_transport_by_bridge_addrport(&conn->addr, conn->port, &transport);
-+    if (r<0)
-+      return -1;
-+    if (transport) { /* transport found */
-+      tor_addr_copy(addr, &transport->addr);
-+      *port = transport->port;
-+      *proxy_type = transport->socks_version;
-       return 0;
-+    }
-+
-+    /* Unused ClientTransportPlugin. */
-   }
- 
-   if (options->HTTPSProxy) {
-@@ -4838,8 +4818,6 @@ get_proxy_addrport(tor_addr_t *addr, uint16_t *port, int *proxy_type,
-     *port = options->Socks5ProxyPort;
-     *proxy_type = PROXY_SOCKS5;
-     return 0;
--  } else if (options->Bridges) {
--    return get_bridge_pt_addrport(addr, port, proxy_type, conn);
-   }
- 
-   tor_addr_make_unspec(addr);
--- 
-2.0.0.rc2
-
-
-From 68184b317d3f4dc14e758e451377e4e3996bd0ab Mon Sep 17 00:00:00 2001
-From: Yawning Angel <yawning at schwanenlied.me>
-Date: Thu, 1 May 2014 03:43:53 +0000
-Subject: [PATCH 4/5] Log the correct proxy type on failure.
-
-get_proxy_addrport fills in proxy_type with the correct value, so there
-is no point in logging something that's a "best guess" based off the
-config.
----
- src/or/connection.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/src/or/connection.c b/src/or/connection.c
-index ff8cdf1..5069ed6 100644
---- a/src/or/connection.c
-+++ b/src/or/connection.c
-@@ -4841,7 +4841,7 @@ log_failed_proxy_connection(connection_t *conn)
-   log_warn(LD_NET,
-            "The connection to the %s proxy server at %s just failed. "
-            "Make sure that the proxy server is up and running.",
--           proxy_type_to_string(get_proxy_type()),
-+           proxy_type_to_string(proxy_type),
-            fmt_addrport(&proxy_addr, proxy_port));
- }
- 
--- 
-2.0.0.rc2
-
-
-From 34200a44fbbd3f158ea17043c2bcd21d0e382b89 Mon Sep 17 00:00:00 2001
-From: Yawning Angel <yawning at schwanenlied.me>
-Date: Thu, 1 May 2014 18:58:53 +0000
-Subject: [PATCH 5/5] Improve the log message when a transport doesn't support
- proxies.
-
-Per feedback, explicltly note that the transport will be killed when it
-does not acknowledge the configured outgoing proxy.
----
- src/or/transports.c | 3 ++-
- 1 file changed, 2 insertions(+), 1 deletion(-)
-
-diff --git a/src/or/transports.c b/src/or/transports.c
-index b810315..eee159d 100644
---- a/src/or/transports.c
-+++ b/src/or/transports.c
-@@ -805,7 +805,8 @@ handle_finished_proxy(managed_proxy_t *mp)
-   case PT_PROTO_CONFIGURED: /* if configured correctly: */
-     if (mp->proxy_uri && !mp->proxy_supported) {
-       log_warn(LD_CONFIG, "Managed proxy '%s' did not configure the "
--               "specified outgoing proxy.", mp->argv[0]);
-+               "specified outgoing proxy and will be terminated.",
-+               mp->argv[0]);
-       managed_proxy_destroy(mp, 1); /* annihilate it. */
-       break;
-     }
--- 
-2.0.0.rc2
-
diff --git a/gitian/patches/bug8405.patch b/gitian/patches/bug8405.patch
deleted file mode 100644
index 3c40632..0000000
--- a/gitian/patches/bug8405.patch
+++ /dev/null
@@ -1,84 +0,0 @@
-From a298c77f7eba232154ff08ca1119b05ccd9eee9e Mon Sep 17 00:00:00 2001
-From: Arthur Edelstein <arthuredelstein at gmail.com>
-Date: Tue, 15 Jul 2014 21:27:59 -0700
-Subject: [PATCH] Bug #8405: Report SOCKS username/password in CIRC status
- events
-
-Introduces two new circuit status name-value parameters: SOCKS_USERNAME
-and SOCKS_PASSWORD. Values are enclosing in quotes and unusual characters
-are escaped.
-
-Example:
-
-    650 CIRC 5 EXTENDED [...] SOCKS_USERNAME="my_username" SOCKS_PASSWORD="my_password"
----
- src/common/util.c | 14 ++++++++++++++
- src/common/util.h |  1 +
- src/or/control.c  | 14 ++++++++++++++
- 3 files changed, 29 insertions(+)
-
-diff --git a/src/common/util.c b/src/common/util.c
-index 8589344..64cee56 100644
---- a/src/common/util.c
-+++ b/src/common/util.c
-@@ -1222,6 +1222,20 @@ esc_for_log(const char *s)
-   return result;
- }
- 
-+/** Similar to esc_for_log. Allocate and return a new string representing
-+ * the first n characters in <b>chars</b>, surround by quotes and using
-+ * standard C escapes. If a NUL character is encountered in <b>chars</b>,
-+ * the resulting string will be terminated there.
-+ */
-+char *
-+esc_for_log_len(const char *chars, size_t n)
-+{
-+  char *string = tor_strndup(chars, n);
-+  char *string_escaped = esc_for_log(string);
-+  tor_free(string);
-+  return string_escaped;
-+}
-+
- /** Allocate and return a new string representing the contents of <b>s</b>,
-  * surrounded by quotes and using standard C escapes.
-  *
-diff --git a/src/common/util.h b/src/common/util.h
-index 97367a9..50c5a3d 100644
---- a/src/common/util.h
-+++ b/src/common/util.h
-@@ -229,6 +229,7 @@ int tor_mem_is_zero(const char *mem, size_t len);
- int tor_digest_is_zero(const char *digest);
- int tor_digest256_is_zero(const char *digest);
- char *esc_for_log(const char *string) ATTR_MALLOC;
-+char *esc_for_log_len(const char *chars, size_t n) ATTR_MALLOC;
- const char *escaped(const char *string);
- 
- char *tor_escape_str_for_pt_args(const char *string,
-diff --git a/src/or/control.c b/src/or/control.c
-index 9285fc5..aa46df6 100644
---- a/src/or/control.c
-+++ b/src/or/control.c
-@@ -1862,6 +1862,20 @@ circuit_describe_status_for_controller(origin_circuit_t *circ)
-     smartlist_add_asprintf(descparts, "TIME_CREATED=%s", tbuf);
-   }
- 
-+  // Show username and/or password if available.
-+  if (circ->socks_username_len > 0) {
-+    char* socks_username_escaped = esc_for_log_len(circ->socks_username,
-+                                     (size_t) circ->socks_username_len);
-+    smartlist_add_asprintf(descparts, "SOCKS_USERNAME=%s", socks_username_escaped);
-+    tor_free(socks_username_escaped);
-+  }
-+  if (circ->socks_password_len > 0) {
-+    char* socks_password_escaped = esc_for_log_len(circ->socks_password,
-+                                     (size_t) circ->socks_password_len);
-+    smartlist_add_asprintf(descparts, "SOCKS_PASSWORD=%s", socks_password_escaped);
-+    tor_free(socks_password_escaped);
-+  }
-+
-   rv = smartlist_join_strings(descparts, " ", 0, NULL);
- 
-   SMARTLIST_FOREACH(descparts, char *, cp, tor_free(cp));
--- 
-1.8.3.4 (Apple Git-47)
-



More information about the tbb-commits mailing list