|
|
@@ -1,3 +1,229 @@
|
|
|
+Changes in version 0.2.3.16-alpha - 2012-06-0?
|
|
|
+ o Major bugfixes (general):
|
|
|
+ - Work around a bug in OpenSSL that broke renegotiation with TLS
|
|
|
+ 1.1 and TLS 1.2. Without this workaround, all attempts to speak
|
|
|
+ the v2 Tor connection protocol when both sides were using OpenSSL
|
|
|
+ 1.0.1 would fail. Resolves ticket 6033.
|
|
|
+ - When waiting for a client to renegotiate, don't allow it to add
|
|
|
+ any bytes to the input buffer. This fixes a potential DoS issue.
|
|
|
+ Fixes bugs 5934 and 6007; bugfix on 0.2.0.20-rc.
|
|
|
+ - Pass correct OR address to managed proxies (like obfsproxy),
|
|
|
+ even when ORListenAddress is used. Fixes bug 4865; bugfix on
|
|
|
+ 0.2.3.9-alpha.
|
|
|
+ - The advertised platform of a router now includes only its operating
|
|
|
+ system's name (e.g., "Linux", "Darwin", "Windows 7"), and not its
|
|
|
+ service pack level (for Windows) or its CPU architecture (for Unix).
|
|
|
+ We also no longer include the "git-XYZ" tag in the version. Resolves
|
|
|
+ part of bug 2988.
|
|
|
+
|
|
|
+ o Major bugfixes (clients):
|
|
|
+ - If we are unable to find any exit that supports our predicted ports,
|
|
|
+ stop calling them predicted, so that we don't loop and build
|
|
|
+ hopeless circuits indefinitely. Fixes bug 3296; bugfix on 0.0.9pre6,
|
|
|
+ which introduced predicted ports.
|
|
|
+ - Fix an edge case where if we fetch or publish a hidden service
|
|
|
+ descriptor, we might build a 4-hop circuit and then use that circuit
|
|
|
+ for exiting afterwards -- even if the new last hop doesn't obey our
|
|
|
+ ExitNodes config option. Fixes bug 5283; bugfix on 0.2.0.10-alpha.
|
|
|
+ - Check at each new consensus whether our entry guards were picked
|
|
|
+ long enough ago that we should rotate them. Previously, we only
|
|
|
+ did this check at startup, which could lead to us holding a guard
|
|
|
+ indefinitely. Fixes bug 5380; bugfix on 0.2.1.14-rc.
|
|
|
+ - When fetching a bridge descriptor from a bridge authority,
|
|
|
+ always do so anonymously, whether we have been able to open
|
|
|
+ circuits or not. Partial fix for bug 1938; bugfix on 2.0.7-alpha.
|
|
|
+ This behavior makes it *safer* to use UpdateBridgesFromAuthority,
|
|
|
+ but we'll need to wait for bug 6010 before it's actually usable.
|
|
|
+
|
|
|
+ o Major bugfixes (directory authorities):
|
|
|
+ - When computing weight parameters, behave more robustly in the
|
|
|
+ presence of a bad bwweightscale value. Previously, the authorities
|
|
|
+ would crash if they agreed on a sufficiently broken weight_scale
|
|
|
+ value: now, they use a reasonable default and carry on. Partial
|
|
|
+ fix for 5786; bugfix on 0.2.2.17-alpha.
|
|
|
+ - Check more thoroughly to prevent a rogue authority from
|
|
|
+ double-voting on any consensus directory parameter. Previously,
|
|
|
+ authorities would crash in this case if the total number of
|
|
|
+ votes for any parameter exceeded the number of active voters,
|
|
|
+ but would let it pass otherwise. Partial fix for bug 5786; bugfix
|
|
|
+ on 0.2.2.2-alpha.
|
|
|
+
|
|
|
+ o Minor features:
|
|
|
+ - Rate-limit log messages when asked to connect anonymously to
|
|
|
+ a private address. When these hit, they tended to hit fast and
|
|
|
+ often. Also, don't bother trying to connect to addresses that we
|
|
|
+ are sure will resolve to 127.0.0.1: getting 127.0.0.1 in a directory
|
|
|
+ reply makes us think we have been lied to, even when the address the
|
|
|
+ client tried to connect to was "localhost." Resolves ticket 2822.
|
|
|
+ - Allow packagers to insert an extra string in server descriptor
|
|
|
+ platform lines by setting the preprocessor variable TOR_BUILD_TAG.
|
|
|
+ Resolves the rest of ticket 2988.
|
|
|
+ - Raise the threshold of server descriptors needed (75%) and exit
|
|
|
+ server descriptors needed (50%) before we will declare ourselves
|
|
|
+ bootstrapped. This will make clients start building circuits a
|
|
|
+ little later, but makes the initially constructed circuits less
|
|
|
+ skewed and less in conflict with further directory fetches. Fixes
|
|
|
+ ticket 3196.
|
|
|
+ - Close any connection that sends unrecognized junk before the
|
|
|
+ handshake. Solves an issue noted in bug 4369.
|
|
|
+ - Improve log messages about managed transports. Resolves ticket 5070.
|
|
|
+ - Tag a bridge's descriptor as "never to be sent unencrypted".
|
|
|
+ This shouldn't matter, since bridges don't open non-anonymous
|
|
|
+ connections to the bridge authority and don't allow unencrypted
|
|
|
+ directory connections from clients, but we might as well make
|
|
|
+ sure. Closes bug 5139.
|
|
|
+ - Expose our view of whether we have gone dormant to the controller,
|
|
|
+ via a new "GETINFO dormant" value. Torbutton and other controllers
|
|
|
+ can use this to avoid doing periodic requests through Tor while
|
|
|
+ it's dormant (bug 4718). Fixes bug 5954.
|
|
|
+ - Tell GCC and Clang to check for any errors in format strings passed
|
|
|
+ to the tor_v*(print|scan)f functions.
|
|
|
+ - Update to the May 1 2012 Maxmind GeoLite Country database.
|
|
|
+
|
|
|
+ o Minor bugfixes (already included in 0.2.2.36):
|
|
|
+ - Reject out-of-range times like 23:59:61 in parse_rfc1123_time().
|
|
|
+ Fixes bug 5346; bugfix on 0.0.8pre3.
|
|
|
+ - Correct parsing of certain date types in parse_http_time().
|
|
|
+ Without this patch, If-Modified-Since would behave
|
|
|
+ incorrectly. Fixes bug 5346; bugfix on 0.2.0.2-alpha. Patch from
|
|
|
+ Esteban Manchado Velázques.
|
|
|
+ - Make our number-parsing functions always treat too-large values
|
|
|
+ as an error, even when those values exceed the width of the
|
|
|
+ underlying type. Previously, if the caller provided these
|
|
|
+ functions with minima or maxima set to the extreme values of the
|
|
|
+ underlying integer type, these functions would return those
|
|
|
+ values on overflow rather than treating overflow as an error.
|
|
|
+ Fixes part of bug 5786; bugfix on 0.0.9.
|
|
|
+ - If we hit the error case where routerlist_insert() replaces an
|
|
|
+ existing (old) server descriptor, make sure to remove that
|
|
|
+ server descriptor from the old_routers list. Fix related to bug
|
|
|
+ 1776. Bugfix on 0.2.2.18-alpha.
|
|
|
+ - Clarify the behavior of MaxCircuitDirtiness with hidden service
|
|
|
+ circuits. Fixes issue 5259.
|
|
|
+
|
|
|
+ o Minor bugfixes (coding cleanup, on 0.2.2.x and earlier):
|
|
|
+ - Prevent a null-pointer dereference when receiving a data cell
|
|
|
+ for a nonexistent stream when the circuit in question has an
|
|
|
+ empty deliver window. We don't believe this is triggerable,
|
|
|
+ since we don't currently allow deliver windows to become empty,
|
|
|
+ but the logic is tricky enough that it's better to make the code
|
|
|
+ robust. Fixes bug 5541; bugfix on 0.0.2pre14.
|
|
|
+ - Fix a memory leak when trying to launch a DNS request when the
|
|
|
+ network is disabled or the nameservers are unconfigurable. Fixes
|
|
|
+ bug 5916; bugfix on Tor 0.1.2.1-alpha (for the unconfigurable
|
|
|
+ nameserver case) and on 0.2.3.9-alpha (for the DisableNetwork case).
|
|
|
+ - Don't hold a windows file handle open for every file mapping;
|
|
|
+ the file mapping handle is sufficient. Fixes bug 5951; bugfix on
|
|
|
+ 0.1.2.1-alpha.
|
|
|
+ - Avoid O(n^2) performance characteristics when parsing a large
|
|
|
+ extrainfo cache. Fixes bug 5828; bugfix on 0.2.0.1-alpha.
|
|
|
+ - Format more doubles with %f, not %lf. Patch from grarpamp to make
|
|
|
+ Tor build correctly on older BSDs again. Fixes bug 3894; bugfix on
|
|
|
+ Tor 0.2.0.8-alpha.
|
|
|
+ - Make our replacement implementation of strtok_r() compatible with
|
|
|
+ the standard behavior of strtok_r(). Patch by nils. Fixes bug 5091;
|
|
|
+ bugfix on 0.2.2.1-alpha.
|
|
|
+ - Fix a NULL-pointer dereference on a badly formed
|
|
|
+ SETCIRCUITPURPOSE command. Found by mikeyc. Fixes bug 5796;
|
|
|
+ bugfix on 0.2.2.9-alpha.
|
|
|
+ - Fix a build warning with Clang 3.1 related to our use of vasprint.
|
|
|
+ Fixes bug 5969. Bugfix on 0.2.2.11-alpha.
|
|
|
+ - Defensively refactor rend_mid_rendezvous() so that protocol
|
|
|
+ violations and length checks happen in the beginning. Fixes
|
|
|
+ bug 5645.
|
|
|
+ - Set _WIN32_WINNT to 0x0501 consistently throughout the code, so
|
|
|
+ that IPv6 stuff will compile on MSVC, and compilation issues
|
|
|
+ will be easier to track down. Fixes bug 5861.
|
|
|
+
|
|
|
+ o Minor bugfixes (correctness, on 0.2.2.x and earlier):
|
|
|
+ - Exit nodes now correctly report EADDRINUSE and EADDRNOTAVAIL as
|
|
|
+ resource exhaustion, so that clients can adjust their load to
|
|
|
+ try other exits. Fixes bug 4710; bugfix on 0.1.0.1-rc, which
|
|
|
+ started using END_STREAM_REASON_RESOURCELIMIT.
|
|
|
+ - Don't check for whether the address we're using for outbound
|
|
|
+ connections has changed until after the outbound connection has
|
|
|
+ completed. On Windows, getsockname() doesn't succeed until the
|
|
|
+ connection is finished. Fixes bug 5374; bugfix on 0.1.1.14-alpha.
|
|
|
+ - If the configuration tries to set MyFamily on a bridge, refuse to
|
|
|
+ do so, and warn about the security implications. Fixes bug 4657;
|
|
|
+ bugfix on 0.2.0.3-alpha.
|
|
|
+ - If the client fails to set a reasonable set of ciphersuites
|
|
|
+ during its v2 handshake renegotiation, allow the renegotiation to
|
|
|
+ continue nevertheless (i.e. send all the required certificates).
|
|
|
+ Fixes bug 4591; bugfix on 0.2.0.20-rc.
|
|
|
+ - When we receive a SIGHUP and the controller __ReloadTorrcOnSIGHUP
|
|
|
+ option is set to 0 (which Vidalia version 0.2.16 now does when
|
|
|
+ a SAVECONF attempt fails), perform other actions that SIGHUP
|
|
|
+ usually causes (like reopening the logs). Fixes bug 5095; bugfix
|
|
|
+ on 0.2.1.9-alpha.
|
|
|
+ - If we fail to write a microdescriptor to the disk cache, do not
|
|
|
+ continue replacing the old microdescriptor file. Fixes bug 2954;
|
|
|
+ bugfix on 0.2.2.6-alpha.
|
|
|
+ - Exit nodes don't need to fetch certificates for authorities that
|
|
|
+ they don't recognize; only directory authorities, bridges,
|
|
|
+ and caches need to do that. Fixes part of bug 2297; bugfix on
|
|
|
+ 0.2.2.11-alpha.
|
|
|
+ - Correctly handle checking the permissions on the parent
|
|
|
+ directory of a control socket in the root directory. Bug found
|
|
|
+ by Esteban Manchado Velázquez. Fixes bug 5089; bugfix on Tor
|
|
|
+ 0.2.2.26-beta.
|
|
|
+ - When told to add a bridge with the same digest as a preexisting
|
|
|
+ bridge but a different addr:port, change the addr:port as
|
|
|
+ requested. Previously we would not notice the change. Fixes half
|
|
|
+ of bug 5603; fix on 0.2.2.26-beta.
|
|
|
+ - End AUTHCHALLENGE error messages (in the control protocol) with
|
|
|
+ a CRLF. Fixes bug 5760; bugfix on 0.2.2.36 and 0.2.3.13-alpha.
|
|
|
+
|
|
|
+ o Minor bugfixes (on 0.2.3.x):
|
|
|
+ - Turn an assertion (that the number of handshakes received as a
|
|
|
+ server is not < 1) into a warning. Fixes bug 4873; bugfix on
|
|
|
+ 0.2.3.1-alpha.
|
|
|
+ - Format IPv4 addresses correctly in ADDRMAP events. (Previously,
|
|
|
+ we had reversed them when the answer was cached.) Fixes bug
|
|
|
+ 5723; bugfix on 0.2.3.1-alpha.
|
|
|
+ - Work correctly on Linux systems with accept4 support advertised in
|
|
|
+ their headers, but without accept4 support in the kernel. Fix
|
|
|
+ by murb. Fixes bug 5762; bugfix on 0.2.3.1-alpha.
|
|
|
+ - When told to add a bridge with the same addr:port as a preexisting
|
|
|
+ bridge but a different transport, change the transport as
|
|
|
+ requested. Previously we would not notice the change. Fixes half
|
|
|
+ of bug 5603; fix on 0.2.3.2-alpha.
|
|
|
+ - Avoid a "double-reply" warning when replying to a SOCKS request
|
|
|
+ with a parse error. Patch from Fabian Keil. Fixes bug 4108;
|
|
|
+ bugfix on 0.2.3.4-alpha.
|
|
|
+ - Fix a bug where a bridge authority crashes if it has seen no
|
|
|
+ directory requests when it's time to write statistics to disk.
|
|
|
+ Fixes bug 5891; bugfix on 0.2.3.6-alpha. Also fixes bug 5508 in
|
|
|
+ a better way.
|
|
|
+ - Don't try to open non-control listeners when DisableNetwork is set.
|
|
|
+ Previousy, we'd open all listeners, then immediately close them.
|
|
|
+ Fixes bug 5604; bugfix on 0.2.3.9-alpha.
|
|
|
+ - Don't abort the managed proxy protocol if the managed proxy
|
|
|
+ sends us an unrecognized line; ignore it instead. Fixes bug
|
|
|
+ 5910; bugfix on 0.2.3.9-alpha.
|
|
|
+ - Fix a compile warning in crypto.c when compiling with clang 3.1.
|
|
|
+ Fixes bug 5969, bugfix on 0.2.3.9-alpha.
|
|
|
+ - Fix a compilation issue on GNU Hurd, which doesn't have PATH_MAX.
|
|
|
+ Fixes bug 5355; bugfix on 0.2.3.11-alpha.
|
|
|
+ - Remove bogus definition of "_WIN32" from src/win32/orconfig.h, to
|
|
|
+ unbreak the MSVC build. Fies bug 5858; bugfix on 0.2.3.12-alpha.
|
|
|
+ - Resolve numerous small warnings and build issues with MSVC. Resolves
|
|
|
+ bug 5859.
|
|
|
+
|
|
|
+ o Documentation fixes:
|
|
|
+ - Improve the manual's documentation for the NT Service command-line
|
|
|
+ options. Addresses ticket 3964.
|
|
|
+ - Clarify SessionGroup documentation slightly; resolves ticket 5437.
|
|
|
+ - Document the changes to the ORPort and DirPort options, and the
|
|
|
+ fact that {OR/Dir}ListenAddress is now unnecessary (and
|
|
|
+ therefore deprecated). Resolves ticket 5597.
|
|
|
+
|
|
|
+ o Removed files:
|
|
|
+ - Remove the torrc.bridge file: we don't use it for anything, and
|
|
|
+ it had become badly desynchronized from torrc.sample. Resolves
|
|
|
+ bug 5622.
|
|
|
+
|
|
|
+
|
|
|
Changes in version 0.2.2.36 - 2012-05-24
|
|
|
Tor 0.2.2.36 updates the addresses for two of the eight directory
|
|
|
authorities, fixes some potential anonymity and security issues,
|
Roger Dingledine