|
@@ -42,12 +42,12 @@ Changes in version 0.2.9.3-alpha - 2016-09-23
|
|
|
proposal 260, completes ticket 17178. Patch by teor and asn.
|
|
|
|
|
|
o Major features (resource management):
|
|
|
- - Tor can now notice it is about to run out
|
|
|
- of sockets, and preemptively close connections of lower
|
|
|
- priority. (This feature is off by default for now, since the
|
|
|
- current prioritizing method is yet not mature enough. You can
|
|
|
- enable it by setting "DisableOOSCheck 0", but watch out: it might close
|
|
|
- some sockets you would rather have it keep.) Closes ticket 18640.
|
|
|
+ - Tor can now notice it is about to run out of sockets, and
|
|
|
+ preemptively close connections of lower priority. (This feature is
|
|
|
+ off by default for now, since the current prioritizing method is
|
|
|
+ yet not mature enough. You can enable it by setting
|
|
|
+ "DisableOOSCheck 0", but watch out: it might close some sockets
|
|
|
+ you would rather have it keep.) Closes ticket 18640.
|
|
|
|
|
|
o Major bugfixes (circuit building):
|
|
|
- Hidden service client-to-intro-point and service-to-rendezvous-
|
|
@@ -60,21 +60,21 @@ Changes in version 0.2.9.3-alpha - 2016-09-23
|
|
|
rubiate. Fixes bug 19902; bugfix on 0.2.9.1-alpha.
|
|
|
|
|
|
o Major bugfixes (hidden services):
|
|
|
- - Clients now require hidden services to include the TAP keys for their
|
|
|
- intro points in the hidden service descriptor. This prevents an
|
|
|
- inadvertent upgrade to ntor, which a malicious hidden service
|
|
|
+ - Clients now require hidden services to include the TAP keys for
|
|
|
+ their intro points in the hidden service descriptor. This prevents
|
|
|
+ an inadvertent upgrade to ntor, which a malicious hidden service
|
|
|
could use to distinguish clients by consensus version. Fixes bug
|
|
|
20012; bugfix on 0.2.4.8-alpha. Patch by teor.
|
|
|
|
|
|
o Minor features (security, TLS):
|
|
|
- - Servers no longer support clients that without AES
|
|
|
- ciphersuites. (3DES is no longer considered an acceptable cipher.)
|
|
|
- We believe that no such Tor clients currently exist, since Tor has
|
|
|
- required OpenSSL 0.9.7 or later since 2009. Closes ticket 19998.
|
|
|
+ - Servers no longer support clients that without AES ciphersuites.
|
|
|
+ (3DES is no longer considered an acceptable cipher.) We believe
|
|
|
+ that no such Tor clients currently exist, since Tor has required
|
|
|
+ OpenSSL 0.9.7 or later since 2009. Closes ticket 19998.
|
|
|
|
|
|
o Minor feature (fallback directories):
|
|
|
- - Remove broken entries from the hard-coded fallback directory
|
|
|
- list. Closes ticket 20190; patch by teor.
|
|
|
+ - Remove broken entries from the hard-coded fallback directory list.
|
|
|
+ Closes ticket 20190; patch by teor.
|
|
|
|
|
|
o Minor features (geoip, also in 0.2.8.8):
|
|
|
- Update geoip and geoip6 to the September 6 2016 Maxmind GeoLite2
|
|
@@ -82,11 +82,10 @@ Changes in version 0.2.9.3-alpha - 2016-09-23
|
|
|
|
|
|
o Minor feature (port flags):
|
|
|
- Add new flags to the *Port options to finer control over which
|
|
|
- requests are allowed. The flags are NoDNSRequest, NoOnionTraffic, and
|
|
|
- the synthetic
|
|
|
- flag OnionTrafficOnly, which is equivalent to NoDNSRequest,
|
|
|
- NoIPv4Traffic, and NoIPv6Traffic. Closes enhancement 18693; patch
|
|
|
- by "teor".
|
|
|
+ requests are allowed. The flags are NoDNSRequest, NoOnionTraffic,
|
|
|
+ and the synthetic flag OnionTrafficOnly, which is equivalent to
|
|
|
+ NoDNSRequest, NoIPv4Traffic, and NoIPv6Traffic. Closes enhancement
|
|
|
+ 18693; patch by "teor".
|
|
|
|
|
|
o Minor features (directory authority):
|
|
|
- After voting, if the authorities decide that a relay is not
|
|
@@ -94,17 +93,16 @@ Changes in version 0.2.9.3-alpha - 2016-09-23
|
|
|
ticket 20002; implements part of proposal 272.
|
|
|
|
|
|
o Minor features (testing):
|
|
|
- - Disable memory protections on OpenBSD when performing our unit tests
|
|
|
- for memwipe(). The
|
|
|
- test deliberately invokes undefined behavior, and the OpenBSD
|
|
|
- protections interfere with this.
|
|
|
- Patch from "rubiate". Closes ticket 20066.
|
|
|
+ - Disable memory protections on OpenBSD when performing our unit
|
|
|
+ tests for memwipe(). The test deliberately invokes undefined
|
|
|
+ behavior, and the OpenBSD protections interfere with this. Patch
|
|
|
+ from "rubiate". Closes ticket 20066.
|
|
|
|
|
|
o Minor features (testing, ipv6):
|
|
|
- - Add the single-onion and single-onion-ipv6 chutney targets to "make
|
|
|
- test-network-all". This requires a recent chutney version with the
|
|
|
- single onion network flavours (git c72a652 or later). Closes
|
|
|
- ticket 20072; patch by teor.
|
|
|
+ - Add the single-onion and single-onion-ipv6 chutney targets to
|
|
|
+ "make test-network-all". This requires a recent chutney version
|
|
|
+ with the single onion network flavours (git c72a652 or later).
|
|
|
+ Closes ticket 20072; patch by teor.
|
|
|
- Add the hs-ipv6 chutney target to make test-network-all's IPv6
|
|
|
tests. Remove bridges+hs, as it's somewhat redundant. This
|
|
|
requires a recent chutney version that supports IPv6 clients,
|
|
@@ -128,16 +126,17 @@ Changes in version 0.2.9.3-alpha - 2016-09-23
|
|
|
- The unit tests now log all warning messages with the "BUG" flag.
|
|
|
Previously, they only logged errors by default. This change will
|
|
|
help us make our testing code more correct, and make sure that we
|
|
|
- only hit this code when we mean to. In the meantime, however, there
|
|
|
- will be more warnings in the unit test logs than before. This is preparatory work for
|
|
|
- ticket 19999.
|
|
|
+ only hit this code when we mean to. In the meantime, however,
|
|
|
+ there will be more warnings in the unit test logs than before.
|
|
|
+ This is preparatory work for ticket 19999.
|
|
|
- The unit tests now treat any failure of a "tor_assert_nonfatal()"
|
|
|
assertion as a test failure.
|
|
|
|
|
|
o Minor bug fixes (circuits):
|
|
|
- - Use the CircuitBuildTimeout option whenever LearnCircuitBuildTimeout is
|
|
|
- disabled. Previously, we would respect the option when a user disabled
|
|
|
- it, but not when it was disabled because some other option was set. Fixes bug 20073; bugfix on
|
|
|
+ - Use the CircuitBuildTimeout option whenever
|
|
|
+ LearnCircuitBuildTimeout is disabled. Previously, we would respect
|
|
|
+ the option when a user disabled it, but not when it was disabled
|
|
|
+ because some other option was set. Fixes bug 20073; bugfix on
|
|
|
0.2.4.12-alpha. Patch by teor.
|
|
|
|
|
|
o Minor bugfixes (allocation):
|
|
@@ -158,10 +157,10 @@ Changes in version 0.2.9.3-alpha - 2016-09-23
|
|
|
wrappers. Fixes bug 20110; bugfix on 0.2.9.1-alpha.
|
|
|
|
|
|
o Minor bugfixes (directory authority):
|
|
|
- - Die with a more useful error when the operator forgets to place the
|
|
|
- authority_signing_key file into the keys directory. This avoids an
|
|
|
- uninformative assert & traceback about having an invalid key.
|
|
|
- Fixes bug 20065; bugfix on 0.2.0.1-alpha.
|
|
|
+ - Die with a more useful error when the operator forgets to place
|
|
|
+ the authority_signing_key file into the keys directory. This
|
|
|
+ avoids an uninformative assert & traceback about having an invalid
|
|
|
+ key. Fixes bug 20065; bugfix on 0.2.0.1-alpha.
|
|
|
- When allowing private addresses, mark Exits that only exit to
|
|
|
private locations as such. Fixes bug 20064; bugfix
|
|
|
on 0.2.2.9-alpha.
|
|
@@ -188,8 +187,8 @@ Changes in version 0.2.9.3-alpha - 2016-09-23
|
|
|
- Add permission to run the sched_yield() and sigaltstack() system
|
|
|
calls, in order to support versions of Tor compiled with asan or
|
|
|
ubsan code that use these calls. Now "sandbox 1" and
|
|
|
- "--enable-expensive-hardening" should be compatible on more systems. Fixes bug
|
|
|
- 20063; bugfix on 0.2.5.1-alpha.
|
|
|
+ "--enable-expensive-hardening" should be compatible on more
|
|
|
+ systems. Fixes bug 20063; bugfix on 0.2.5.1-alpha.
|
|
|
|
|
|
o Minor bugfixes (logging):
|
|
|
- When logging a message from the BUG() macro, be explicit about
|
|
@@ -209,8 +208,8 @@ Changes in version 0.2.9.3-alpha - 2016-09-23
|
|
|
|
|
|
o Minor bugfixes (options):
|
|
|
- Check the consistency of UseEntryGuards and EntryNodes more
|
|
|
- reliably. Fixes bug 20074; bugfix on tor-
|
|
|
- 0.2.4.12-alpha. Patch by teor.
|
|
|
+ reliably. Fixes bug 20074; bugfix on tor- 0.2.4.12-alpha. Patch
|
|
|
+ by teor.
|
|
|
- Stop changing the configured value of UseEntryGuards on
|
|
|
authorities and Tor2web clients. Fixes bug 20074; bugfix on
|
|
|
commits 51fc6799 in tor-0.1.1.16-rc and acda1735 in tor-0.2.4.3-
|
|
@@ -223,10 +222,10 @@ Changes in version 0.2.9.3-alpha - 2016-09-23
|
|
|
|
|
|
o Minor bugfixes (unit tests):
|
|
|
- Fix a shared-random unit test that was failing on big endian
|
|
|
- architectures due to internal representation of a integer copied to
|
|
|
- a buffer. The test is changed to take a full 32 bytes of data and
|
|
|
- use the output of a python script that make the COMMIT and REVEAL
|
|
|
- calculation according to the spec. Fixes bug 19977; bugfix
|
|
|
+ architectures due to internal representation of a integer copied
|
|
|
+ to a buffer. The test is changed to take a full 32 bytes of data
|
|
|
+ and use the output of a python script that make the COMMIT and
|
|
|
+ REVEAL calculation according to the spec. Fixes bug 19977; bugfix
|
|
|
on 0.2.9.1-alpha.
|
|
|
- The tor_tls_server_info_callback unit test no longer crashes when
|
|
|
debug-level logging is turned on. Fixes bug 20041; bugfix
|