|
@@ -5,31 +5,58 @@ Changes in version 0.2.8.1-alpha - 2016-02-0?
|
|
|
- Schedule multiple in-progress consensus downloads during client
|
|
|
bootstrap. Use the first one that starts downloading, close the
|
|
|
rest. This reduces failures when authorities are slow or down.
|
|
|
- Together with the code for feature 15775, it reduces failures due to fallback churn.
|
|
|
- Implements ticket 4483 (reduce failures when authorities are down).
|
|
|
- Patch by "teor".
|
|
|
- Implements IPv4 portions of proposal 210 by "mikeperry" and
|
|
|
- "teor".
|
|
|
+ Together with the code for feature 15775, it reduces failures due
|
|
|
+ to fallback churn. Implements ticket 4483 (reduce failures when
|
|
|
+ authorities are down). Patch by "teor". Implements IPv4 portions
|
|
|
+ of proposal 210 by "mikeperry" and "teor".
|
|
|
|
|
|
o Major features (controller):
|
|
|
- - New "GETINFO hs/service/desc/id/" command to retrieve a hidden service
|
|
|
- descriptor from a service's local hidden service descriptor cache.
|
|
|
- Closes ticket 14846.
|
|
|
+ - New "GETINFO hs/service/desc/id/" command to retrieve a hidden
|
|
|
+ service descriptor from a service's local hidden service
|
|
|
+ descriptor cache. Closes ticket 14846.
|
|
|
|
|
|
o Major features (directory mirrors):
|
|
|
- Include an opt-in trial list of Default Fallback Directories in
|
|
|
- add_default_fallback_dir_servers(). Doing this should improve
|
|
|
+ add_default_fallback_dir_servers(). Doing this should improve
|
|
|
client reliability and initial bootstrap performance, and reduce
|
|
|
- load on the directory authorities.
|
|
|
- Closes ticket 15775. Patch by "teor".
|
|
|
- OnionOO script by "weasel", "teor", "gsathya", and "karsten".
|
|
|
+ load on the directory authorities. Closes ticket 15775. Patch by
|
|
|
+ "teor". OnionOO script by "weasel", "teor", "gsathya",
|
|
|
+ and "karsten".
|
|
|
|
|
|
o Major features (relay):
|
|
|
- - When Tor is started as root on Linux and told to switch user ID, it
|
|
|
- can now retain the capabilitity to bind to low ports. By default,
|
|
|
- Tor will do this only when it's switching user ID and some low
|
|
|
- ports have been configured. You can change this behavior with
|
|
|
- the new option KeepBindCapabilities. Closes ticket 8195.
|
|
|
+ - When Tor is started as root on Linux and told to switch user ID,
|
|
|
+ it can now retain the capabilitity to bind to low ports. By
|
|
|
+ default, Tor will do this only when it's switching user ID and
|
|
|
+ some low ports have been configured. You can change this behavior
|
|
|
+ with the new option KeepBindCapabilities. Closes ticket 8195.
|
|
|
+
|
|
|
+ o Minor features (security):
|
|
|
+ - Adjust Tor's use of OpenSSL's RNG APIs so that they absolutely,
|
|
|
+ positively are not allowed to fail. Previously we depended on
|
|
|
+ internals about OpenSSL behavior. Closes ticket 17686.
|
|
|
+ - Never use the system entropy output directly for anything besides
|
|
|
+ seeding the PRNG. When we want to generate important keys, instead
|
|
|
+ of using system entropy directly, hash it with the PRNG stream.
|
|
|
+ This may help resist certain attacks based on broken OS entropy
|
|
|
+ implementations. Closes part of ticket 17694.
|
|
|
+ - Set unused entires in a smartlist to NULL. This helped catch
|
|
|
+ a (harmless) bug, and shouldn't affect performance too much.
|
|
|
+ Implements ticket 17026.
|
|
|
+ - Use SecureMemoryWipe() function to securely clean memory on
|
|
|
+ Windows. Implements feature 17986.
|
|
|
+ - Use explicit_bzero or memset_s when present. Previously, we'd use
|
|
|
+ OpenSSL's OPENSSL_cleanse() function. Closes ticket 7419; patches
|
|
|
+ from <logan@hackers.mu> and <selven@hackers.mu>.
|
|
|
+
|
|
|
+ o Minor features (security, clock):
|
|
|
+ - Warn when the system clock is set back in time (when the state
|
|
|
+ file was last written in the future). Tor doesn't know that
|
|
|
+ consensuses have expired if the clock is in the past. Patch by
|
|
|
+ "teor". Implements ticket 17188.
|
|
|
+
|
|
|
+ o Minor features (security, cryptography):
|
|
|
+ - Use modern system calls to generate strong entropy on platforms
|
|
|
+ that provide them. Closes ticket 13696.
|
|
|
|
|
|
o Minor feature (crypto):
|
|
|
- Add SHA512 support to crypto.c. Closes ticket 17663; patch from
|
|
@@ -38,8 +65,8 @@ Changes in version 0.2.8.1-alpha - 2016-02-0?
|
|
|
o Minor feature (directory downloads):
|
|
|
- Wait for busy authorities and fallbacks to become non-busy when
|
|
|
bootstrapping. (A similar change was made in 6c443e987d for
|
|
|
- directory servers chosen from the consensus.)
|
|
|
- Closes ticket 17864; patch by "teor".
|
|
|
+ directory servers chosen from the consensus.) Closes ticket 17864;
|
|
|
+ patch by "teor".
|
|
|
|
|
|
o Minor feature (fallback directories):
|
|
|
- Add UseDefaultFallbackDirs, which enables any hard-coded fallback
|
|
@@ -47,75 +74,71 @@ Changes in version 0.2.8.1-alpha - 2016-02-0?
|
|
|
Implements ticket 17576. Patch by "teor".
|
|
|
|
|
|
o Minor feature (IPv6):
|
|
|
- - Add a flag ipv6=address:orport to the DirAuthority and FallbackDir torrc
|
|
|
- options. Add hard-coded ipv6 addresses for directory authorities with
|
|
|
- ipv6 lines in their descriptors.
|
|
|
- Closes ticket 17327; patch from Nick Mathewson / "teor".
|
|
|
+ - Add a flag ipv6=address:orport to the DirAuthority and FallbackDir
|
|
|
+ torrc options. Add hard-coded ipv6 addresses for directory
|
|
|
+ authorities with ipv6 lines in their descriptors. Closes ticket
|
|
|
+ 17327; patch from Nick Mathewson / "teor".
|
|
|
- Add address policy assume_action support for IPv6 addresses.
|
|
|
- Limit IPv6 mask bits to 128.
|
|
|
- - Warn when comparing against an AF_UNSPEC address in a policy,
|
|
|
- it's almost always a bug.
|
|
|
- Closes ticket 17863; patch by "teor".
|
|
|
+ - Warn when comparing against an AF_UNSPEC address in a policy, it's
|
|
|
+ almost always a bug. Closes ticket 17863; patch by "teor".
|
|
|
|
|
|
o Minor feature (logging):
|
|
|
- When logging to syslog, allow a tag to be added to the syslog
|
|
|
identity ("Tor"), i.e. the string prepended to every log message.
|
|
|
- The tag can be configured by setting SyslogIdentityTag and defaults
|
|
|
- to none. Setting it to "foo" will cause logs to be tagged as
|
|
|
- "Tor-foo". Closes ticket 17194.
|
|
|
+ The tag can be configured by setting SyslogIdentityTag and
|
|
|
+ defaults to none. Setting it to "foo" will cause logs to be tagged
|
|
|
+ as "Tor-foo". Closes ticket 17194.
|
|
|
|
|
|
o Minor feature (refactoring):
|
|
|
- Move logging of redundant policy entries in
|
|
|
- policies_parse_exit_policy_internal into its own function.
|
|
|
- Closes ticket 17608; patch from "juce".
|
|
|
+ policies_parse_exit_policy_internal into its own function. Closes
|
|
|
+ ticket 17608; patch from "juce".
|
|
|
|
|
|
o Minor features (accounting):
|
|
|
- - Added two modes to AccountingRule in torrc for
|
|
|
- limiting just input or just output.
|
|
|
- Closes ticket 15989; patch from "unixninja92".
|
|
|
+ - Added two modes to AccountingRule in torrc for limiting just input
|
|
|
+ or just output. Closes ticket 15989; patch from "unixninja92".
|
|
|
|
|
|
o Minor features (authorities):
|
|
|
- - Update the V3 identity key for dannenberg: it was changed on
|
|
|
- 18 November 2015.
|
|
|
- Closes task 17906. Patch by "teor".
|
|
|
+ - Update the V3 identity key for dannenberg: it was changed on 18
|
|
|
+ November 2015. Closes task 17906. Patch by "teor".
|
|
|
|
|
|
o Minor features (build):
|
|
|
- - Since our build process now uses 'make distcheck', we no longer force
|
|
|
- "make dist" to depend on "make check". Closes ticket 17893;
|
|
|
+ - Since our build process now uses 'make distcheck', we no longer
|
|
|
+ force "make dist" to depend on "make check". Closes ticket 17893;
|
|
|
patch from "cypherpunks."
|
|
|
|
|
|
o Minor features (compilation):
|
|
|
- - Repair some compilation issues with some recent (unreleased, alpha)
|
|
|
- vesions of OpenSSL 1.1. Closes ticket 17549.
|
|
|
+ - Repair some compilation issues with some recent (unreleased,
|
|
|
+ alpha) vesions of OpenSSL 1.1. Closes ticket 17549.
|
|
|
|
|
|
o Minor features (controller):
|
|
|
- - Adds FallbackDir entries to 'GETINFO config/defaults'. Closes tickets
|
|
|
- 16774 and 17817. Patch by George Tankersley.
|
|
|
+ - Adds FallbackDir entries to 'GETINFO config/defaults'. Closes
|
|
|
+ tickets 16774 and 17817. Patch by George Tankersley.
|
|
|
|
|
|
o Minor features (crypto):
|
|
|
- - When allocating a digest state object, allocate no more space than we
|
|
|
- actually need. Previously, we were allocating as much space as the
|
|
|
- state for the largest algorithm would need. This change saves up to
|
|
|
- 672 bytes per circuit. Closes ticket 17796.
|
|
|
+ - When allocating a digest state object, allocate no more space than
|
|
|
+ we actually need. Previously, we were allocating as much space as
|
|
|
+ the state for the largest algorithm would need. This change saves
|
|
|
+ up to 672 bytes per circuit. Closes ticket 17796.
|
|
|
|
|
|
o Minor features (directory system):
|
|
|
- - Previously only relays who explicitly opened a directory port (DirPort)
|
|
|
- accepted directory requests from clients. Now all relays, with and without
|
|
|
- a DirPort, who do not disable the DirCache option accept and serve
|
|
|
- directory requests sent (tunnelled) through their ORPort.
|
|
|
- Closes ticket 12538.
|
|
|
+ - Previously only relays who explicitly opened a directory port
|
|
|
+ (DirPort) accepted directory requests from clients. Now all
|
|
|
+ relays, with and without a DirPort, who do not disable the
|
|
|
+ DirCache option accept and serve directory requests sent
|
|
|
+ (tunnelled) through their ORPort. Closes ticket 12538.
|
|
|
|
|
|
o Minor features (exit policies, controllers):
|
|
|
- Add controller getinfo exit-policy/reject-private/[default,relay]
|
|
|
for the reject rules added by ExitPolicyRejectPrivate. This makes
|
|
|
it easier for stem to display exit policies.
|
|
|
- - Add unit tests for getinfo exit-policy/*.
|
|
|
- Finishes implementation for ticket 17183. Patch by "teor".
|
|
|
+ - Add unit tests for getinfo exit-policy/*. Finishes implementation
|
|
|
+ for ticket 17183. Patch by "teor".
|
|
|
|
|
|
o Minor features (fallback directories):
|
|
|
- - Add a set of default fallback directories for the 0.2.8 alpha releases.
|
|
|
- Closes ticket 17158.
|
|
|
- Patch by "teor".
|
|
|
+ - Add a set of default fallback directories for the 0.2.8 alpha
|
|
|
+ releases. Closes ticket 17158. Patch by "teor".
|
|
|
|
|
|
o Minor features (geoip):
|
|
|
- Update geoip and geoip6 to the January 5 2016 Maxmind GeoLite2
|
|
@@ -123,7 +146,7 @@ Changes in version 0.2.8.1-alpha - 2016-02-0?
|
|
|
|
|
|
o Minor features (IPv6 support):
|
|
|
- Allow users to configure directory authorities and fallback
|
|
|
- directory servers with IPv6 addresses and ORPorts. Resolves
|
|
|
+ directory servers with IPv6 addresses and ORPorts. Resolves
|
|
|
ticket 6027.
|
|
|
|
|
|
o Minor features (portability):
|
|
@@ -134,93 +157,73 @@ Changes in version 0.2.8.1-alpha - 2016-02-0?
|
|
|
- Add a family argument to get_interface_addresses_raw() and
|
|
|
subfunctions to make network interface address interogation more
|
|
|
efficient. Now Tor can specifically ask for IPv4, IPv6 or both
|
|
|
- types of interfaces from the operating system. Resolves ticket 17950.
|
|
|
- - When get_interface_address6_list(.,AF_UNSPEC,.) is called and fails
|
|
|
- to enumerate interface addresses using the platform-specific API,
|
|
|
- have it rely on the UDP socket fallback technique to try and find
|
|
|
- out what IP addresses (both IPv4 and IPv6) our machine has. Resolves
|
|
|
- ticket 17951.
|
|
|
+ types of interfaces from the operating system. Resolves
|
|
|
+ ticket 17950.
|
|
|
+ - When get_interface_address6_list(.,AF_UNSPEC,.) is called and
|
|
|
+ fails to enumerate interface addresses using the platform-specific
|
|
|
+ API, have it rely on the UDP socket fallback technique to try and
|
|
|
+ find out what IP addresses (both IPv4 and IPv6) our machine has.
|
|
|
+ Resolves ticket 17951.
|
|
|
|
|
|
o Minor features (replaycache):
|
|
|
- - The replay cache now uses SHA256 instead of SHA1.
|
|
|
- Implements feature 8961.
|
|
|
- Patch by "teor", issue reported by "rransom".
|
|
|
-
|
|
|
- o Minor features (security):
|
|
|
- - Adjust Tor's use of OpenSSL's RNG APIs so that they absolutely,
|
|
|
- positively are not allowed to fail. Previously we depended on
|
|
|
- internals about OpenSSL behavior. Closes ticket 17686.
|
|
|
- - Never use the system entropy output directly for anything besides
|
|
|
- seeding the PRNG. When we want to generate important keys, instead
|
|
|
- of using system entropy directly, hash it with the PRNG stream.
|
|
|
- This may help resist certain attacks based on broken OS entropy
|
|
|
- implementations. Closes part of ticket 17694.
|
|
|
- - Set unused entires in a smartlist to NULL. This helped catch a
|
|
|
- (harmless) bug, and shouldn't affect performance too much.
|
|
|
- Implements ticket 17026.
|
|
|
- - Use SecureMemoryWipe() function to securely clean memory on
|
|
|
- Windows. Implements feature 17986.
|
|
|
- - Use explicit_bzero or memset_s when present. Previously, we'd use
|
|
|
- OpenSSL's OPENSSL_cleanse() function.
|
|
|
- Closes ticket 7419; patches from <logan@hackers.mu> and <selven@hackers.mu>.
|
|
|
-
|
|
|
- o Minor features (security, clock):
|
|
|
- - Warn when the system clock is set back in time (when the
|
|
|
- state file was last written in the future). Tor doesn't know
|
|
|
- that consensuses have expired if the clock is in the past.
|
|
|
- Patch by "teor". Implements ticket 17188.
|
|
|
-
|
|
|
- o Minor features (security, cryptography):
|
|
|
- - Use modern system calls to generate strong entropy on platforms that
|
|
|
- provide them. Closes ticket 13696.
|
|
|
+ - The replay cache now uses SHA256 instead of SHA1. Implements
|
|
|
+ feature 8961. Patch by "teor", issue reported by "rransom".
|
|
|
|
|
|
o Minor features (testing):
|
|
|
- - Log more information when the backtrace tests fail.
|
|
|
- Closes ticket 17892. Patch from "cypherpunks."
|
|
|
+ - Log more information when the backtrace tests fail. Closes ticket
|
|
|
+ 17892. Patch from "cypherpunks."
|
|
|
|
|
|
o Minor features (unit tests, random number generation):
|
|
|
- Add unit tests that check for common RNG failure modes, such as
|
|
|
returning all zeroes, identical values, or incrementing values
|
|
|
- (OpenSSL's rand_predictable feature).
|
|
|
- Patch by "teor".
|
|
|
+ (OpenSSL's rand_predictable feature). Patch by "teor".
|
|
|
|
|
|
o Minor features (unix permissions):
|
|
|
- - Defer creation of Unix sockets until after setuid. This avoids needing
|
|
|
- CAP_CHOWN and CAP_FOWNER when using systemd's CapabilityBoundingSet, or
|
|
|
- chown and fowner when using SELinux.
|
|
|
+ - Defer creation of Unix sockets until after setuid. This avoids
|
|
|
+ needing CAP_CHOWN and CAP_FOWNER when using systemd's
|
|
|
+ CapabilityBoundingSet, or chown and fowner when using SELinux.
|
|
|
Implements part of ticket 17562. Patch from Jamie Nguyen.
|
|
|
- If any directory created by Tor is marked as group readable, the
|
|
|
- filesystem group is allowed to be either the default GID or the root
|
|
|
- user. Allowing root to read the DataDirectory prevents the need for
|
|
|
- CAP_READ_SEARCH when using systemd's CapabilityBoundingSet, or
|
|
|
- dac_read_search when using SELinux.
|
|
|
+ filesystem group is allowed to be either the default GID or the
|
|
|
+ root user. Allowing root to read the DataDirectory prevents the
|
|
|
+ need for CAP_READ_SEARCH when using systemd's
|
|
|
+ CapabilityBoundingSet, or dac_read_search when using SELinux.
|
|
|
Implements part of ticket 17562. Patch from Jamie Nguyen.
|
|
|
- Introduce DataDirectoryGroupReadable boolean. If set to 1, the
|
|
|
- DataDirectory will be made readable by the default GID.
|
|
|
- Implements part of ticket 17562. Patch from Jamie Nguyen.
|
|
|
+ DataDirectory will be made readable by the default GID. Implements
|
|
|
+ part of ticket 17562. Patch from Jamie Nguyen.
|
|
|
|
|
|
- o Minor bugfix (crypto):
|
|
|
- - Check the return value of HMAC and assert on failure.
|
|
|
- Fixes bug 17658; bugfix on 0.2.3.6-alpha.
|
|
|
+ o Minor bugfixes (security):
|
|
|
+ - Make memwipe() do nothing when passed a NULL pointer or zero size.
|
|
|
+ Check size argument to memwipe() for underflow. Fixes bug 18089;
|
|
|
+ bugfix on 0.2.3.25 and 0.2.4.6-alpha. Reported by "gk", patch
|
|
|
+ by "teor".
|
|
|
+
|
|
|
+ o Minor bugfixes (security, exit policies):
|
|
|
+ - ExitPolicyRejectPrivate rejects more private addresses by default.
|
|
|
+ Specifically, it rejects the relay's outbound bind addresses (if
|
|
|
+ configured), and the relay's configured port addresses (such as
|
|
|
+ ORPort and DirPort). Fixes bug 17027; bugfix on 0.2.0.11-alpha.
|
|
|
Patch by "teor".
|
|
|
|
|
|
+ o Minor bugfix (crypto):
|
|
|
+ - Check the return value of HMAC and assert on failure. Fixes bug
|
|
|
+ 17658; bugfix on 0.2.3.6-alpha. Patch by "teor".
|
|
|
+
|
|
|
o Minor bugfix (fallback directories):
|
|
|
- Mark fallbacks as "too busy" when they return a 503 response,
|
|
|
- rather than just marking authorities.
|
|
|
- Fixes bug 17572; bugfix on 5c51b3f1f0d4 released in 0.2.4.7-alpha.
|
|
|
- Patch by "teor".
|
|
|
+ rather than just marking authorities. Fixes bug 17572; bugfix on
|
|
|
+ 5c51b3f1f0d4 released in 0.2.4.7-alpha. Patch by "teor".
|
|
|
|
|
|
o Minor bugfix (IPv6 compatibility, unit tests):
|
|
|
- - Make tor_ersatz_socketpair work on IPv6-only systems.
|
|
|
- Fixes bug 17638; bugfix on 0.0.2pre8.
|
|
|
- Patch by "teor".
|
|
|
+ - Make tor_ersatz_socketpair work on IPv6-only systems. Fixes bug
|
|
|
+ 17638; bugfix on 0.0.2pre8. Patch by "teor".
|
|
|
|
|
|
o Minor bugfix (relays, hidden services):
|
|
|
- Refuse connection requests to private OR addresses unless
|
|
|
- ExtendAllowPrivateAddresses is set. Previously, tor would
|
|
|
- connect, then refuse to send any cells to a private address.
|
|
|
- Fixes bugs 17674 and 8976; bugfix on 0.2.3.21-rc.
|
|
|
- Patch by "teor".
|
|
|
+ ExtendAllowPrivateAddresses is set. Previously, tor would connect,
|
|
|
+ then refuse to send any cells to a private address. Fixes bugs
|
|
|
+ 17674 and 8976; bugfix on 0.2.3.21-rc. Patch by "teor".
|
|
|
|
|
|
o Minor bugfix (SipHash-2-4 performance):
|
|
|
- Improve performance when hashing non-multiple of 8 sized buffers,
|
|
@@ -229,187 +232,171 @@ Changes in version 0.2.8.1-alpha - 2016-02-0?
|
|
|
|
|
|
o Minor bugfix (testing):
|
|
|
- The test for log_heartbeat was incorrectly failing in timezones
|
|
|
- with non-integer offsets. Instead of comparing the end of the
|
|
|
- time string against a constant, compare it to the output of
|
|
|
- format_local_iso_time when given the correct input.
|
|
|
- Fixes bug 18039; bugfix on 0.2.5.4-alpha.
|
|
|
+ with non-integer offsets. Instead of comparing the end of the time
|
|
|
+ string against a constant, compare it to the output of
|
|
|
+ format_local_iso_time when given the correct input. Fixes bug
|
|
|
+ 18039; bugfix on 0.2.5.4-alpha.
|
|
|
|
|
|
o Minor bugfix (unit tests):
|
|
|
- Make unit tests pass on IPv6-only systems, and systems without
|
|
|
- localhost addresses (like some FreeBSD jails).
|
|
|
- Fixes bug 17632; bugfix on 0.2.7.3-rc.
|
|
|
- Patch by "teor".
|
|
|
+ localhost addresses (like some FreeBSD jails). Fixes bug 17632;
|
|
|
+ bugfix on 0.2.7.3-rc. Patch by "teor".
|
|
|
|
|
|
o Minor bugfixes (accounting):
|
|
|
- - The max bandwidth when using AccountRule sum
|
|
|
- is now correctly logged. Fixes bug 18024; bugfix on 0.2.6.1-alpha.
|
|
|
- Patch from "unixninja92".
|
|
|
+ - The max bandwidth when using AccountRule sum is now correctly
|
|
|
+ logged. Fixes bug 18024; bugfix on 0.2.6.1-alpha. Patch
|
|
|
+ from "unixninja92".
|
|
|
|
|
|
o Minor bugfixes (build):
|
|
|
- - Mark all object files that include micro-revision.i as depending on
|
|
|
- it, so as to make our build more reliable with parallel builds.
|
|
|
+ - Mark all object files that include micro-revision.i as depending
|
|
|
+ on it, so as to make our build more reliable with parallel builds.
|
|
|
Fixes bug 17826; bugfix on 0.2.5.1-alpha.
|
|
|
|
|
|
o Minor bugfixes (client, correctness):
|
|
|
- When closing an entry connection, generate a warning if we should
|
|
|
- have sent an end cell for it but we haven't. Fixes bug 17876;
|
|
|
+ have sent an end cell for it but we haven't. Fixes bug 17876;
|
|
|
bugfix on 0.2.3.2-alpha.
|
|
|
|
|
|
o Minor bugfixes (code correctness):
|
|
|
- Assert that allocated memory held by the reputation code is freed
|
|
|
- according to its internal counters. Fixes bug 17753; bugfix on
|
|
|
- tor-0.1.1.1-alpha.
|
|
|
+ according to its internal counters. Fixes bug 17753; bugfix
|
|
|
+ on tor-0.1.1.1-alpha.
|
|
|
|
|
|
o Minor bugfixes (compilation):
|
|
|
- - Don't try to use the pthrad_condattr_setclock() function unless
|
|
|
- it actually exists. Fixes compilation on NetBSD-6.x. Fixes bug
|
|
|
- 17819; bugfix on 0.2.6.3-alpha.
|
|
|
- - Fix backtrace compilation on FreeBSD. Fixes bug 17827; bugfix on
|
|
|
- tor-0.2.5.2-alpha.
|
|
|
- - Fix compilation of sandbox.c with musl-libc.
|
|
|
- Fixes bug 17347; bugfix on 0.2.5.1-alpha.
|
|
|
- Patch from 'jamestk'.
|
|
|
+ - Don't try to use the pthrad_condattr_setclock() function unless it
|
|
|
+ actually exists. Fixes compilation on NetBSD-6.x. Fixes bug 17819;
|
|
|
+ bugfix on 0.2.6.3-alpha.
|
|
|
+ - Fix backtrace compilation on FreeBSD. Fixes bug 17827; bugfix
|
|
|
+ on tor-0.2.5.2-alpha.
|
|
|
+ - Fix compilation of sandbox.c with musl-libc. Fixes bug 17347;
|
|
|
+ bugfix on 0.2.5.1-alpha. Patch from 'jamestk'.
|
|
|
- Fix search for libevent libraries on OpenBSD (and similar systems
|
|
|
which install libevent 1 and libevent 2 in parallel). Fixes bug
|
|
|
- 16651; bugfix on 0.1.0.7-rc.
|
|
|
- Patch from "rubiate".
|
|
|
+ 16651; bugfix on 0.1.0.7-rc. Patch from "rubiate".
|
|
|
- Isolate environment variables meant for tests from the rest of the
|
|
|
build system. Fixes bug 17818; bugfix on tor-0.2.7.3-rc.
|
|
|
- Replace usage of 'INLINE' with 'inline'. Fixes bug 17804; bugfix
|
|
|
on tor-0.0.2pre8.
|
|
|
|
|
|
o Minor bugfixes (IPv6):
|
|
|
- - Update the limits in max_dl_per_request for IPv6 address
|
|
|
- length. Fixes bug 17573; bugfix on 0.2.1.5-alpha.
|
|
|
+ - Update the limits in max_dl_per_request for IPv6 address length.
|
|
|
+ Fixes bug 17573; bugfix on 0.2.1.5-alpha.
|
|
|
|
|
|
o Minor bugfixes (linux seccomp2 sandbox):
|
|
|
- - Fix a crash when using offline master ed25519 keys with the
|
|
|
- Linux seccomp2 sandbox enabled. Fixes bug 17675; bugfix on
|
|
|
- 0.2.7.3-alpha.
|
|
|
+ - Fix a crash when using offline master ed25519 keys with the Linux
|
|
|
+ seccomp2 sandbox enabled. Fixes bug 17675; bugfix on 0.2.7.3-alpha.
|
|
|
|
|
|
o Minor bugfixes (logging):
|
|
|
- - In log messages that include a function name, use __FUNCTION__ instead
|
|
|
- of __PRETTY_FUNCTION__. In GCC, these are synonymous, but with clang
|
|
|
- __PRETTY_FUNCTION__ has extra information we don't need.
|
|
|
- Fixes bug 16563; bugfix on 0.0.2pre8. Fix by Tom van der Woerdt.
|
|
|
- - Remove needless quotes from a log message about unparseable addresses.
|
|
|
- Fixes bug 17843; bugfix on 0.2.3.3-alpha.
|
|
|
+ - In log messages that include a function name, use __FUNCTION__
|
|
|
+ instead of __PRETTY_FUNCTION__. In GCC, these are synonymous, but
|
|
|
+ with clang __PRETTY_FUNCTION__ has extra information we don't
|
|
|
+ need. Fixes bug 16563; bugfix on 0.0.2pre8. Fix by Tom van
|
|
|
+ der Woerdt.
|
|
|
+ - Remove needless quotes from a log message about unparseable
|
|
|
+ addresses. Fixes bug 17843; bugfix on 0.2.3.3-alpha.
|
|
|
|
|
|
o Minor bugfixes (makefile):
|
|
|
- - Remove config.log only from make distclean, not from
|
|
|
- make clean. Fixes bug 17924; bugfix on 0.2.4.1-alpha.
|
|
|
+ - Remove config.log only from make distclean, not from make clean.
|
|
|
+ Fixes bug 17924; bugfix on 0.2.4.1-alpha.
|
|
|
|
|
|
o Minor bugfixes (portability):
|
|
|
- - Remove an #endif from configure.ac so that we correctly detect
|
|
|
- the presence of in6_addr.s6_addr32. Fixes bug 17923; bugfix on
|
|
|
- 0.2.0.13-alpha.
|
|
|
+ - Remove an #endif from configure.ac so that we correctly detect the
|
|
|
+ presence of in6_addr.s6_addr32. Fixes bug 17923; bugfix
|
|
|
+ on 0.2.0.13-alpha.
|
|
|
|
|
|
o Minor bugfixes (relays):
|
|
|
- Check that both the ORPort and DirPort (if present) are reachable
|
|
|
before publishing a relay descriptor. Otherwise, relays publish a
|
|
|
descriptor with DirPort 0 when the DirPort reachability test takes
|
|
|
- longer than the ORPort reachability test.
|
|
|
- Fixes bug 18050; bugfix on 0.1.0.1-rc.
|
|
|
- Reported by "starlight", patch by "teor".
|
|
|
+ longer than the ORPort reachability test. Fixes bug 18050; bugfix
|
|
|
+ on 0.1.0.1-rc. Reported by "starlight", patch by "teor".
|
|
|
|
|
|
o Minor bugfixes (routersets, IPv6):
|
|
|
- - routerset_parse now accepts IPv6 literal addresses.
|
|
|
- Fixes bug 17060; bugfix on 0.2.1.3-alpha. Patch by "teor".
|
|
|
+ - routerset_parse now accepts IPv6 literal addresses. Fixes bug
|
|
|
+ 17060; bugfix on 0.2.1.3-alpha. Patch by "teor".
|
|
|
|
|
|
o Minor bugfixes (safe logging):
|
|
|
- - When logging a malformed hostname received through socks4, scrub it
|
|
|
- if SafeLogging says we should. Fixes bug 17419; bugfix on 0.1.1.16-rc.
|
|
|
-
|
|
|
- o Minor bugfixes (security):
|
|
|
- - Make memwipe() do nothing when passed a NULL pointer
|
|
|
- or zero size. Check size argument to memwipe() for underflow.
|
|
|
- Fixes bug 18089; bugfix on 0.2.3.25 and 0.2.4.6-alpha.
|
|
|
- Reported by "gk", patch by "teor".
|
|
|
-
|
|
|
- o Minor bugfixes (security, exit policies):
|
|
|
- - ExitPolicyRejectPrivate rejects more private addresses by default.
|
|
|
- Specifically, it rejects
|
|
|
- the relay's outbound bind addresses (if configured), and
|
|
|
- the relay's configured port addresses (such as ORPort and DirPort).
|
|
|
- Fixes bug 17027; bugfix on 0.2.0.11-alpha. Patch by "teor".
|
|
|
+ - When logging a malformed hostname received through socks4, scrub
|
|
|
+ it if SafeLogging says we should. Fixes bug 17419; bugfix
|
|
|
+ on 0.1.1.16-rc.
|
|
|
|
|
|
o Minor bugfixes (statistics code):
|
|
|
- Consistently check for overflow in round_*_to_next_multiple_of
|
|
|
functions, and add unit tests with additional and maximal values.
|
|
|
Fixes part of bug 13192; bugfix on 0.2.2.1-alpha.
|
|
|
- - Handle edge cases in the laplace functions: avoid division by zero,
|
|
|
- avoid taking the log of zero, and silence clang type conversion
|
|
|
- warnings using round and trunc. Add unit tests for edge cases with
|
|
|
- maximal values. Fixes part of bug 13192; bugfix on 0.2.6.2-alpha.
|
|
|
+ - Handle edge cases in the laplace functions: avoid division by
|
|
|
+ zero, avoid taking the log of zero, and silence clang type
|
|
|
+ conversion warnings using round and trunc. Add unit tests for edge
|
|
|
+ cases with maximal values. Fixes part of bug 13192; bugfix
|
|
|
+ on 0.2.6.2-alpha.
|
|
|
|
|
|
o Minor bugfixes (tests):
|
|
|
- - Fix a memory leak in the ntor test. Fixes bug 17778; bugfix on
|
|
|
- 0.2.4.8-alpha.
|
|
|
+ - Fix a memory leak in the ntor test. Fixes bug 17778; bugfix
|
|
|
+ on 0.2.4.8-alpha.
|
|
|
|
|
|
o Minor bugfixes (TLS context):
|
|
|
- Assert when the TLS contexts fail to initialize. Fixes bug 17683;
|
|
|
bugfix on 0.0.6.
|
|
|
|
|
|
o Minor bugfixes (unit tests):
|
|
|
- - Check the full results of SHA256 and SHA512 digests in the
|
|
|
- unit tests. Bugfix on 0.2.2.4-alpha. Patch by "teor".
|
|
|
+ - Check the full results of SHA256 and SHA512 digests in the unit
|
|
|
+ tests. Bugfix on 0.2.2.4-alpha. Patch by "teor".
|
|
|
|
|
|
o Code simplification and refactoring:
|
|
|
- Extract the more complicated parts of circuit_mark_for_close into
|
|
|
- a new function run periodically before connections are freed.
|
|
|
- This change removes more than half of the functions currently
|
|
|
- in the "blob".
|
|
|
- Closes ticket 17218.
|
|
|
- - Clean up a little duplicated code in crypto_expand_key_material_TAP.
|
|
|
- Closes ticket 17587; patch from "pfrankw".
|
|
|
+ a new function run periodically before connections are freed. This
|
|
|
+ change removes more than half of the functions currently in the
|
|
|
+ "blob". Closes ticket 17218.
|
|
|
+ - Clean up a little duplicated code in
|
|
|
+ crypto_expand_key_material_TAP. Closes ticket 17587; patch
|
|
|
+ from "pfrankw".
|
|
|
- Decouple the list of streams needing to be attached to circuits
|
|
|
from the overall connection list. This change makes it possible to
|
|
|
attach streams quickly while both simplifying Tor's callgraph and
|
|
|
- avoiding O(N) scans of the entire connection list. Closes ticket
|
|
|
- 17590.
|
|
|
+ avoiding O(N) scans of the entire connection list. Closes
|
|
|
+ ticket 17590.
|
|
|
- When a direct directory request fails immediately on launch,
|
|
|
instead of relaunching that request from inside the code that
|
|
|
- launches it, instead mark the connection for teardown. This
|
|
|
- change simplifies Tor's callback and prevents the directory-
|
|
|
- request launching code from invoking itself recursively.
|
|
|
- Closes ticket 17589.
|
|
|
+ launches it, instead mark the connection for teardown. This change
|
|
|
+ simplifies Tor's callback and prevents the directory- request
|
|
|
+ launching code from invoking itself recursively. Closes
|
|
|
+ ticket 17589.
|
|
|
|
|
|
o Documentation:
|
|
|
- - Add a description of the correct use of the '--keygen' command-line
|
|
|
- option. Closes ticket 17583; based on text by 's7r'.
|
|
|
+ - Add a description of the correct use of the '--keygen' command-
|
|
|
+ line option. Closes ticket 17583; based on text by 's7r'.
|
|
|
- Document the minimum HeartbeatPeriod value. Closes ticket 15638.
|
|
|
- Explain actual minima for BandwidthRate. Closes ticket 16382.
|
|
|
- - Fix a minor formatting typo in the manpage. Closes ticket
|
|
|
- 17791.
|
|
|
+ - Fix a minor formatting typo in the manpage. Closes ticket 17791.
|
|
|
- Mention torspec URL in the manpage and point the reader to it
|
|
|
- whenever we mention a document that belongs in torspce.
|
|
|
- Fixes issue 17392.
|
|
|
+ whenever we mention a document that belongs in torspce. Fixes
|
|
|
+ issue 17392.
|
|
|
|
|
|
o Removed features:
|
|
|
- Remove client-side support for connecting to Tor servers running
|
|
|
- versions of Tor before 0.2.3.6-alpha. These servers didn't
|
|
|
- support the v3 TLS handshake protocol, and are no longer allowed
|
|
|
- on the Tor network. Implements the client side of ticket
|
|
|
- 11150. Based on patches by Tom van der Woerdt.
|
|
|
+ versions of Tor before 0.2.3.6-alpha. These servers didn't support
|
|
|
+ the v3 TLS handshake protocol, and are no longer allowed on the
|
|
|
+ Tor network. Implements the client side of ticket 11150. Based on
|
|
|
+ patches by Tom van der Woerdt.
|
|
|
- Remove code for OpenSSL dynamic locks; OpenSSL doesn't use them.
|
|
|
Closes ticket 17926.
|
|
|
|
|
|
o Testing:
|
|
|
- - Always test both ed25519 backends, so that we can be sure that
|
|
|
- our batch-open replacement code works. Part of ticket 16794.
|
|
|
+ - Always test both ed25519 backends, so that we can be sure that our
|
|
|
+ batch-open replacement code works. Part of ticket 16794.
|
|
|
- Cover dns_resolve_impl() in dns.c with unit tests. Implements a
|
|
|
portion of ticket 16831.
|
|
|
- - More unit tests for compat_libevent.c. Closes ticket 17075.
|
|
|
- Patch from Ola Bini.
|
|
|
- - More unit tests for procmon.c. Closes ticket 17078.
|
|
|
- Patch from Ola Bini.
|
|
|
- - More unit tests for tortls.c. Closes ticket 17082.
|
|
|
- Patch from Ola Bini.
|
|
|
- - More unit tests for util_format.c. Closes ticket 17084.
|
|
|
- Patch from Ola Bini.
|
|
|
- - New tests for directory.c functions. Closes ticket 17003. Patch
|
|
|
+ - More unit tests for compat_libevent.c. Closes ticket 17075. Patch
|
|
|
+ from Ola Bini.
|
|
|
+ - More unit tests for procmon.c. Closes ticket 17078. Patch from
|
|
|
+ Ola Bini.
|
|
|
+ - More unit tests for tortls.c. Closes ticket 17082. Patch from
|
|
|
+ Ola Bini.
|
|
|
+ - More unit tests for util_format.c. Closes ticket 17084. Patch from
|
|
|
+ Ola Bini.
|
|
|
+ - New tests for directory.c functions. Closes ticket 17003. Patch
|
|
|
from Ola Bini.
|
|
|
- - New tests for options_validate. Closes ticket 17076. Patch from
|
|
|
+ - New tests for options_validate. Closes ticket 17076. Patch from
|
|
|
Ola Bini.
|
|
|
- Unit tests for directory_handle_command_get. Closes ticket 17004.
|
|
|
Patch from Reinaldo de Souza Jr.
|