ChangeLog 1.3 MB

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586878889909192939495969798991001011021031041051061071081091101111121131141151161171181191201211221231241251261271281291301311321331341351361371381391401411421431441451461471481491501511521531541551561571581591601611621631641651661671681691701711721731741751761771781791801811821831841851861871881891901911921931941951961971981992002012022032042052062072082092102112122132142152162172182192202212222232242252262272282292302312322332342352362372382392402412422432442452462472482492502512522532542552562572582592602612622632642652662672682692702712722732742752762772782792802812822832842852862872882892902912922932942952962972982993003013023033043053063073083093103113123133143153163173183193203213223233243253263273283293303313323333343353363373383393403413423433443453463473483493503513523533543553563573583593603613623633643653663673683693703713723733743753763773783793803813823833843853863873883893903913923933943953963973983994004014024034044054064074084094104114124134144154164174184194204214224234244254264274284294304314324334344354364374384394404414424434444454464474484494504514524534544554564574584594604614624634644654664674684694704714724734744754764774784794804814824834844854864874884894904914924934944954964974984995005015025035045055065075085095105115125135145155165175185195205215225235245255265275285295305315325335345355365375385395405415425435445455465475485495505515525535545555565575585595605615625635645655665675685695705715725735745755765775785795805815825835845855865875885895905915925935945955965975985996006016026036046056066076086096106116126136146156166176186196206216226236246256266276286296306316326336346356366376386396406416426436446456466476486496506516526536546556566576586596606616626636646656666676686696706716726736746756766776786796806816826836846856866876886896906916926936946956966976986997007017027037047057067077087097107117127137147157167177187197207217227237247257267277287297307317327337347357367377387397407417427437447457467477487497507517527537547557567577587597607617627637647657667677687697707717727737747757767777787797807817827837847857867877887897907917927937947957967977987998008018028038048058068078088098108118128138148158168178188198208218228238248258268278288298308318328338348358368378388398408418428438448458468478488498508518528538548558568578588598608618628638648658668678688698708718728738748758768778788798808818828838848858868878888898908918928938948958968978988999009019029039049059069079089099109119129139149159169179189199209219229239249259269279289299309319329339349359369379389399409419429439449459469479489499509519529539549559569579589599609619629639649659669679689699709719729739749759769779789799809819829839849859869879889899909919929939949959969979989991000100110021003100410051006100710081009101010111012101310141015101610171018101910201021102210231024102510261027102810291030103110321033103410351036103710381039104010411042104310441045104610471048104910501051105210531054105510561057105810591060106110621063106410651066106710681069107010711072107310741075107610771078107910801081108210831084108510861087108810891090109110921093109410951096109710981099110011011102110311041105110611071108110911101111111211131114111511161117111811191120112111221123112411251126112711281129113011311132113311341135113611371138113911401141114211431144114511461147114811491150115111521153115411551156115711581159116011611162116311641165116611671168116911701171117211731174117511761177117811791180118111821183118411851186118711881189119011911192119311941195119611971198119912001201120212031204120512061207120812091210121112121213121412151216121712181219122012211222122312241225122612271228122912301231123212331234123512361237123812391240124112421243124412451246124712481249125012511252125312541255125612571258125912601261126212631264126512661267126812691270127112721273127412751276127712781279128012811282128312841285128612871288128912901291129212931294129512961297129812991300130113021303130413051306130713081309131013111312131313141315131613171318131913201321132213231324132513261327132813291330133113321333133413351336133713381339134013411342134313441345134613471348134913501351135213531354135513561357135813591360136113621363136413651366136713681369137013711372137313741375137613771378137913801381138213831384138513861387138813891390139113921393139413951396139713981399140014011402140314041405140614071408140914101411141214131414141514161417141814191420142114221423142414251426142714281429143014311432143314341435143614371438143914401441144214431444144514461447144814491450145114521453145414551456145714581459146014611462146314641465146614671468146914701471147214731474147514761477147814791480148114821483148414851486148714881489149014911492149314941495149614971498149915001501150215031504150515061507150815091510151115121513151415151516151715181519152015211522152315241525152615271528152915301531153215331534153515361537153815391540154115421543154415451546154715481549155015511552155315541555155615571558155915601561156215631564156515661567156815691570157115721573157415751576157715781579158015811582158315841585158615871588158915901591159215931594159515961597159815991600160116021603160416051606160716081609161016111612161316141615161616171618161916201621162216231624162516261627162816291630163116321633163416351636163716381639164016411642164316441645164616471648164916501651165216531654165516561657165816591660166116621663166416651666166716681669167016711672167316741675167616771678167916801681168216831684168516861687168816891690169116921693169416951696169716981699170017011702170317041705170617071708170917101711171217131714171517161717171817191720172117221723172417251726172717281729173017311732173317341735173617371738173917401741174217431744174517461747174817491750175117521753175417551756175717581759176017611762176317641765176617671768176917701771177217731774177517761777177817791780178117821783178417851786178717881789179017911792179317941795179617971798179918001801180218031804180518061807180818091810181118121813181418151816181718181819182018211822182318241825182618271828182918301831183218331834183518361837183818391840184118421843184418451846184718481849185018511852185318541855185618571858185918601861186218631864186518661867186818691870187118721873187418751876187718781879188018811882188318841885188618871888188918901891189218931894189518961897189818991900190119021903190419051906190719081909191019111912191319141915191619171918191919201921192219231924192519261927192819291930193119321933193419351936193719381939194019411942194319441945194619471948194919501951195219531954195519561957195819591960196119621963196419651966196719681969197019711972197319741975197619771978197919801981198219831984198519861987198819891990199119921993199419951996199719981999200020012002200320042005200620072008200920102011201220132014201520162017201820192020202120222023202420252026202720282029203020312032203320342035203620372038203920402041204220432044204520462047204820492050205120522053205420552056205720582059206020612062206320642065206620672068206920702071207220732074207520762077207820792080208120822083208420852086208720882089209020912092209320942095209620972098209921002101210221032104210521062107210821092110211121122113211421152116211721182119212021212122212321242125212621272128212921302131213221332134213521362137213821392140214121422143214421452146214721482149215021512152215321542155215621572158215921602161216221632164216521662167216821692170217121722173217421752176217721782179218021812182218321842185218621872188218921902191219221932194219521962197219821992200220122022203220422052206220722082209221022112212221322142215221622172218221922202221222222232224222522262227222822292230223122322233223422352236223722382239224022412242224322442245224622472248224922502251225222532254225522562257225822592260226122622263226422652266226722682269227022712272227322742275227622772278227922802281228222832284228522862287228822892290229122922293229422952296229722982299230023012302230323042305230623072308230923102311231223132314231523162317231823192320232123222323232423252326232723282329233023312332233323342335233623372338233923402341234223432344234523462347234823492350235123522353235423552356235723582359236023612362236323642365236623672368236923702371237223732374237523762377237823792380238123822383238423852386238723882389239023912392239323942395239623972398239924002401240224032404240524062407240824092410241124122413241424152416241724182419242024212422242324242425242624272428242924302431243224332434243524362437243824392440244124422443244424452446244724482449245024512452245324542455245624572458245924602461246224632464246524662467246824692470247124722473247424752476247724782479248024812482248324842485248624872488248924902491249224932494249524962497249824992500250125022503250425052506250725082509251025112512251325142515251625172518251925202521252225232524252525262527252825292530253125322533253425352536253725382539254025412542254325442545254625472548254925502551255225532554255525562557255825592560256125622563256425652566256725682569257025712572257325742575257625772578257925802581258225832584258525862587258825892590259125922593259425952596259725982599260026012602260326042605260626072608260926102611261226132614261526162617261826192620262126222623262426252626262726282629263026312632263326342635263626372638263926402641264226432644264526462647264826492650265126522653265426552656265726582659266026612662266326642665266626672668266926702671267226732674267526762677267826792680268126822683268426852686268726882689269026912692269326942695269626972698269927002701270227032704270527062707270827092710271127122713271427152716271727182719272027212722272327242725272627272728272927302731273227332734273527362737273827392740274127422743274427452746274727482749275027512752275327542755275627572758275927602761276227632764276527662767276827692770277127722773277427752776277727782779278027812782278327842785278627872788278927902791279227932794279527962797279827992800280128022803280428052806280728082809281028112812281328142815281628172818281928202821282228232824282528262827282828292830283128322833283428352836283728382839284028412842284328442845284628472848284928502851285228532854285528562857285828592860286128622863286428652866286728682869287028712872287328742875287628772878287928802881288228832884288528862887288828892890289128922893289428952896289728982899290029012902290329042905290629072908290929102911291229132914291529162917291829192920292129222923292429252926292729282929293029312932293329342935293629372938293929402941294229432944294529462947294829492950295129522953295429552956295729582959296029612962296329642965296629672968296929702971297229732974297529762977297829792980298129822983298429852986298729882989299029912992299329942995299629972998299930003001300230033004300530063007300830093010301130123013301430153016301730183019302030213022302330243025302630273028302930303031303230333034303530363037303830393040304130423043304430453046304730483049305030513052305330543055305630573058305930603061306230633064306530663067306830693070307130723073307430753076307730783079308030813082308330843085308630873088308930903091309230933094309530963097309830993100310131023103310431053106310731083109311031113112311331143115311631173118311931203121312231233124312531263127312831293130313131323133313431353136313731383139314031413142314331443145314631473148314931503151315231533154315531563157315831593160316131623163316431653166316731683169317031713172317331743175317631773178317931803181318231833184318531863187318831893190319131923193319431953196319731983199320032013202320332043205320632073208320932103211321232133214321532163217321832193220322132223223322432253226322732283229323032313232323332343235323632373238323932403241324232433244324532463247324832493250325132523253325432553256325732583259326032613262326332643265326632673268326932703271327232733274327532763277327832793280328132823283328432853286328732883289329032913292329332943295329632973298329933003301330233033304330533063307330833093310331133123313331433153316331733183319332033213322332333243325332633273328332933303331333233333334333533363337333833393340334133423343334433453346334733483349335033513352335333543355335633573358335933603361336233633364336533663367336833693370337133723373337433753376337733783379338033813382338333843385338633873388338933903391339233933394339533963397339833993400340134023403340434053406340734083409341034113412341334143415341634173418341934203421342234233424342534263427342834293430343134323433343434353436343734383439344034413442344334443445344634473448344934503451345234533454345534563457345834593460346134623463346434653466346734683469347034713472347334743475347634773478347934803481348234833484348534863487348834893490349134923493349434953496349734983499350035013502350335043505350635073508350935103511351235133514351535163517351835193520352135223523352435253526352735283529353035313532353335343535353635373538353935403541354235433544354535463547354835493550355135523553355435553556355735583559356035613562356335643565356635673568356935703571357235733574357535763577357835793580358135823583358435853586358735883589359035913592359335943595359635973598359936003601360236033604360536063607360836093610361136123613361436153616361736183619362036213622362336243625362636273628362936303631363236333634363536363637363836393640364136423643364436453646364736483649365036513652365336543655365636573658365936603661366236633664366536663667366836693670367136723673367436753676367736783679368036813682368336843685368636873688368936903691369236933694369536963697369836993700370137023703370437053706370737083709371037113712371337143715371637173718371937203721372237233724372537263727372837293730373137323733373437353736373737383739374037413742374337443745374637473748374937503751375237533754375537563757375837593760376137623763376437653766376737683769377037713772377337743775377637773778377937803781378237833784378537863787378837893790379137923793379437953796379737983799380038013802380338043805380638073808380938103811381238133814381538163817381838193820382138223823382438253826382738283829383038313832383338343835383638373838383938403841384238433844384538463847384838493850385138523853385438553856385738583859386038613862386338643865386638673868386938703871387238733874387538763877387838793880388138823883388438853886388738883889389038913892389338943895389638973898389939003901390239033904390539063907390839093910391139123913391439153916391739183919392039213922392339243925392639273928392939303931393239333934393539363937393839393940394139423943394439453946394739483949395039513952395339543955395639573958395939603961396239633964396539663967396839693970397139723973397439753976397739783979398039813982398339843985398639873988398939903991399239933994399539963997399839994000400140024003400440054006400740084009401040114012401340144015401640174018401940204021402240234024402540264027402840294030403140324033403440354036403740384039404040414042404340444045404640474048404940504051405240534054405540564057405840594060406140624063406440654066406740684069407040714072407340744075407640774078407940804081408240834084408540864087408840894090409140924093409440954096409740984099410041014102410341044105410641074108410941104111411241134114411541164117411841194120412141224123412441254126412741284129413041314132413341344135413641374138413941404141414241434144414541464147414841494150415141524153415441554156415741584159416041614162416341644165416641674168416941704171417241734174417541764177417841794180418141824183418441854186418741884189419041914192419341944195419641974198419942004201420242034204420542064207420842094210421142124213421442154216421742184219422042214222422342244225422642274228422942304231423242334234423542364237423842394240424142424243424442454246424742484249425042514252425342544255425642574258425942604261426242634264426542664267426842694270427142724273427442754276427742784279428042814282428342844285428642874288428942904291429242934294429542964297429842994300430143024303430443054306430743084309431043114312431343144315431643174318431943204321432243234324432543264327432843294330433143324333433443354336433743384339434043414342434343444345434643474348434943504351435243534354435543564357435843594360436143624363436443654366436743684369437043714372437343744375437643774378437943804381438243834384438543864387438843894390439143924393439443954396439743984399440044014402440344044405440644074408440944104411441244134414441544164417441844194420442144224423442444254426442744284429443044314432443344344435443644374438443944404441444244434444444544464447444844494450445144524453445444554456445744584459446044614462446344644465446644674468446944704471447244734474447544764477447844794480448144824483448444854486448744884489449044914492449344944495449644974498449945004501450245034504450545064507450845094510451145124513451445154516451745184519452045214522452345244525452645274528452945304531453245334534453545364537453845394540454145424543454445454546454745484549455045514552455345544555455645574558455945604561456245634564456545664567456845694570457145724573457445754576457745784579458045814582458345844585458645874588458945904591459245934594459545964597459845994600460146024603460446054606460746084609461046114612461346144615461646174618461946204621462246234624462546264627462846294630463146324633463446354636463746384639464046414642464346444645464646474648464946504651465246534654465546564657465846594660466146624663466446654666466746684669467046714672467346744675467646774678467946804681468246834684468546864687468846894690469146924693469446954696469746984699470047014702470347044705470647074708470947104711471247134714471547164717471847194720472147224723472447254726472747284729473047314732473347344735473647374738473947404741474247434744474547464747474847494750475147524753475447554756475747584759476047614762476347644765476647674768476947704771477247734774477547764777477847794780478147824783478447854786478747884789479047914792479347944795479647974798479948004801480248034804480548064807480848094810481148124813481448154816481748184819482048214822482348244825482648274828482948304831483248334834483548364837483848394840484148424843484448454846484748484849485048514852485348544855485648574858485948604861486248634864486548664867486848694870487148724873487448754876487748784879488048814882488348844885488648874888488948904891489248934894489548964897489848994900490149024903490449054906490749084909491049114912491349144915491649174918491949204921492249234924492549264927492849294930493149324933493449354936493749384939494049414942494349444945494649474948494949504951495249534954495549564957495849594960496149624963496449654966496749684969497049714972497349744975497649774978497949804981498249834984498549864987498849894990499149924993499449954996499749984999500050015002500350045005500650075008500950105011501250135014501550165017501850195020502150225023502450255026502750285029503050315032503350345035503650375038503950405041504250435044504550465047504850495050505150525053505450555056505750585059506050615062506350645065506650675068506950705071507250735074507550765077507850795080508150825083508450855086508750885089509050915092509350945095509650975098509951005101510251035104510551065107510851095110511151125113511451155116511751185119512051215122512351245125512651275128512951305131513251335134513551365137513851395140514151425143514451455146514751485149515051515152515351545155515651575158515951605161516251635164516551665167516851695170517151725173517451755176517751785179518051815182518351845185518651875188518951905191519251935194519551965197519851995200520152025203520452055206520752085209521052115212521352145215521652175218521952205221522252235224522552265227522852295230523152325233523452355236523752385239524052415242524352445245524652475248524952505251525252535254525552565257525852595260526152625263526452655266526752685269527052715272527352745275527652775278527952805281528252835284528552865287528852895290529152925293529452955296529752985299530053015302530353045305530653075308530953105311531253135314531553165317531853195320532153225323532453255326532753285329533053315332533353345335533653375338533953405341534253435344534553465347534853495350535153525353535453555356535753585359536053615362536353645365536653675368536953705371537253735374537553765377537853795380538153825383538453855386538753885389539053915392539353945395539653975398539954005401540254035404540554065407540854095410541154125413541454155416541754185419542054215422542354245425542654275428542954305431543254335434543554365437543854395440544154425443544454455446544754485449545054515452545354545455545654575458545954605461546254635464546554665467546854695470547154725473547454755476547754785479548054815482548354845485548654875488548954905491549254935494549554965497549854995500550155025503550455055506550755085509551055115512551355145515551655175518551955205521552255235524552555265527552855295530553155325533553455355536553755385539554055415542554355445545554655475548554955505551555255535554555555565557555855595560556155625563556455655566556755685569557055715572557355745575557655775578557955805581558255835584558555865587558855895590559155925593559455955596559755985599560056015602560356045605560656075608560956105611561256135614561556165617561856195620562156225623562456255626562756285629563056315632563356345635563656375638563956405641564256435644564556465647564856495650565156525653565456555656565756585659566056615662566356645665566656675668566956705671567256735674567556765677567856795680568156825683568456855686568756885689569056915692569356945695569656975698569957005701570257035704570557065707570857095710571157125713571457155716571757185719572057215722572357245725572657275728572957305731573257335734573557365737573857395740574157425743574457455746574757485749575057515752575357545755575657575758575957605761576257635764576557665767576857695770577157725773577457755776577757785779578057815782578357845785578657875788578957905791579257935794579557965797579857995800580158025803580458055806580758085809581058115812581358145815581658175818581958205821582258235824582558265827582858295830583158325833583458355836583758385839584058415842584358445845584658475848584958505851585258535854585558565857585858595860586158625863586458655866586758685869587058715872587358745875587658775878587958805881588258835884588558865887588858895890589158925893589458955896589758985899590059015902590359045905590659075908590959105911591259135914591559165917591859195920592159225923592459255926592759285929593059315932593359345935593659375938593959405941594259435944594559465947594859495950595159525953595459555956595759585959596059615962596359645965596659675968596959705971597259735974597559765977597859795980598159825983598459855986598759885989599059915992599359945995599659975998599960006001600260036004600560066007600860096010601160126013601460156016601760186019602060216022602360246025602660276028602960306031603260336034603560366037603860396040604160426043604460456046604760486049605060516052605360546055605660576058605960606061606260636064606560666067606860696070607160726073607460756076607760786079608060816082608360846085608660876088608960906091609260936094609560966097609860996100610161026103610461056106610761086109611061116112611361146115611661176118611961206121612261236124612561266127612861296130613161326133613461356136613761386139614061416142614361446145614661476148614961506151615261536154615561566157615861596160616161626163616461656166616761686169617061716172617361746175617661776178617961806181618261836184618561866187618861896190619161926193619461956196619761986199620062016202620362046205620662076208620962106211621262136214621562166217621862196220622162226223622462256226622762286229623062316232623362346235623662376238623962406241624262436244624562466247624862496250625162526253625462556256625762586259626062616262626362646265626662676268626962706271627262736274627562766277627862796280628162826283628462856286628762886289629062916292629362946295629662976298629963006301630263036304630563066307630863096310631163126313631463156316631763186319632063216322632363246325632663276328632963306331633263336334633563366337633863396340634163426343634463456346634763486349635063516352635363546355635663576358635963606361636263636364636563666367636863696370637163726373637463756376637763786379638063816382638363846385638663876388638963906391639263936394639563966397639863996400640164026403640464056406640764086409641064116412641364146415641664176418641964206421642264236424642564266427642864296430643164326433643464356436643764386439644064416442644364446445644664476448644964506451645264536454645564566457645864596460646164626463646464656466646764686469647064716472647364746475647664776478647964806481648264836484648564866487648864896490649164926493649464956496649764986499650065016502650365046505650665076508650965106511651265136514651565166517651865196520652165226523652465256526652765286529653065316532653365346535653665376538653965406541654265436544654565466547654865496550655165526553655465556556655765586559656065616562656365646565656665676568656965706571657265736574657565766577657865796580658165826583658465856586658765886589659065916592659365946595659665976598659966006601660266036604660566066607660866096610661166126613661466156616661766186619662066216622662366246625662666276628662966306631663266336634663566366637663866396640664166426643664466456646664766486649665066516652665366546655665666576658665966606661666266636664666566666667666866696670667166726673667466756676667766786679668066816682668366846685668666876688668966906691669266936694669566966697669866996700670167026703670467056706670767086709671067116712671367146715671667176718671967206721672267236724672567266727672867296730673167326733673467356736673767386739674067416742674367446745674667476748674967506751675267536754675567566757675867596760676167626763676467656766676767686769677067716772677367746775677667776778677967806781678267836784678567866787678867896790679167926793679467956796679767986799680068016802680368046805680668076808680968106811681268136814681568166817681868196820682168226823682468256826682768286829683068316832683368346835683668376838683968406841684268436844684568466847684868496850685168526853685468556856685768586859686068616862686368646865686668676868686968706871687268736874687568766877687868796880688168826883688468856886688768886889689068916892689368946895689668976898689969006901690269036904690569066907690869096910691169126913691469156916691769186919692069216922692369246925692669276928692969306931693269336934693569366937693869396940694169426943694469456946694769486949695069516952695369546955695669576958695969606961696269636964696569666967696869696970697169726973697469756976697769786979698069816982698369846985698669876988698969906991699269936994699569966997699869997000700170027003700470057006700770087009701070117012701370147015701670177018701970207021702270237024702570267027702870297030703170327033703470357036703770387039704070417042704370447045704670477048704970507051705270537054705570567057705870597060706170627063706470657066706770687069707070717072707370747075707670777078707970807081708270837084708570867087708870897090709170927093709470957096709770987099710071017102710371047105710671077108710971107111711271137114711571167117711871197120712171227123712471257126712771287129713071317132713371347135713671377138713971407141714271437144714571467147714871497150715171527153715471557156715771587159716071617162716371647165716671677168716971707171717271737174717571767177717871797180718171827183718471857186718771887189719071917192719371947195719671977198719972007201720272037204720572067207720872097210721172127213721472157216721772187219722072217222722372247225722672277228722972307231723272337234723572367237723872397240724172427243724472457246724772487249725072517252725372547255725672577258725972607261726272637264726572667267726872697270727172727273727472757276727772787279728072817282728372847285728672877288728972907291729272937294729572967297729872997300730173027303730473057306730773087309731073117312731373147315731673177318731973207321732273237324732573267327732873297330733173327333733473357336733773387339734073417342734373447345734673477348734973507351735273537354735573567357735873597360736173627363736473657366736773687369737073717372737373747375737673777378737973807381738273837384738573867387738873897390739173927393739473957396739773987399740074017402740374047405740674077408740974107411741274137414741574167417741874197420742174227423742474257426742774287429743074317432743374347435743674377438743974407441744274437444744574467447744874497450745174527453745474557456745774587459746074617462746374647465746674677468746974707471747274737474747574767477747874797480748174827483748474857486748774887489749074917492749374947495749674977498749975007501750275037504750575067507750875097510751175127513751475157516751775187519752075217522752375247525752675277528752975307531753275337534753575367537753875397540754175427543754475457546754775487549755075517552755375547555755675577558755975607561756275637564756575667567756875697570757175727573757475757576757775787579758075817582758375847585758675877588758975907591759275937594759575967597759875997600760176027603760476057606760776087609761076117612761376147615761676177618761976207621762276237624762576267627762876297630763176327633763476357636763776387639764076417642764376447645764676477648764976507651765276537654765576567657765876597660766176627663766476657666766776687669767076717672767376747675767676777678767976807681768276837684768576867687768876897690769176927693769476957696769776987699770077017702770377047705770677077708770977107711771277137714771577167717771877197720772177227723772477257726772777287729773077317732773377347735773677377738773977407741774277437744774577467747774877497750775177527753775477557756775777587759776077617762776377647765776677677768776977707771777277737774777577767777777877797780778177827783778477857786778777887789779077917792779377947795779677977798779978007801780278037804780578067807780878097810781178127813781478157816781778187819782078217822782378247825782678277828782978307831783278337834783578367837783878397840784178427843784478457846784778487849785078517852785378547855785678577858785978607861786278637864786578667867786878697870787178727873787478757876787778787879788078817882788378847885788678877888788978907891789278937894789578967897789878997900790179027903790479057906790779087909791079117912791379147915791679177918791979207921792279237924792579267927792879297930793179327933793479357936793779387939794079417942794379447945794679477948794979507951795279537954795579567957795879597960796179627963796479657966796779687969797079717972797379747975797679777978797979807981798279837984798579867987798879897990799179927993799479957996799779987999800080018002800380048005800680078008800980108011801280138014801580168017801880198020802180228023802480258026802780288029803080318032803380348035803680378038803980408041804280438044804580468047804880498050805180528053805480558056805780588059806080618062806380648065806680678068806980708071807280738074807580768077807880798080808180828083808480858086808780888089809080918092809380948095809680978098809981008101810281038104810581068107810881098110811181128113811481158116811781188119812081218122812381248125812681278128812981308131813281338134813581368137813881398140814181428143814481458146814781488149815081518152815381548155815681578158815981608161816281638164816581668167816881698170817181728173817481758176817781788179818081818182818381848185818681878188818981908191819281938194819581968197819881998200820182028203820482058206820782088209821082118212821382148215821682178218821982208221822282238224822582268227822882298230823182328233823482358236823782388239824082418242824382448245824682478248824982508251825282538254825582568257825882598260826182628263826482658266826782688269827082718272827382748275827682778278827982808281828282838284828582868287828882898290829182928293829482958296829782988299830083018302830383048305830683078308830983108311831283138314831583168317831883198320832183228323832483258326832783288329833083318332833383348335833683378338833983408341834283438344834583468347834883498350835183528353835483558356835783588359836083618362836383648365836683678368836983708371837283738374837583768377837883798380838183828383838483858386838783888389839083918392839383948395839683978398839984008401840284038404840584068407840884098410841184128413841484158416841784188419842084218422842384248425842684278428842984308431843284338434843584368437843884398440844184428443844484458446844784488449845084518452845384548455845684578458845984608461846284638464846584668467846884698470847184728473847484758476847784788479848084818482848384848485848684878488848984908491849284938494849584968497849884998500850185028503850485058506850785088509851085118512851385148515851685178518851985208521852285238524852585268527852885298530853185328533853485358536853785388539854085418542854385448545854685478548854985508551855285538554855585568557855885598560856185628563856485658566856785688569857085718572857385748575857685778578857985808581858285838584858585868587858885898590859185928593859485958596859785988599860086018602860386048605860686078608860986108611861286138614861586168617861886198620862186228623862486258626862786288629863086318632863386348635863686378638863986408641864286438644864586468647864886498650865186528653865486558656865786588659866086618662866386648665866686678668866986708671867286738674867586768677867886798680868186828683868486858686868786888689869086918692869386948695869686978698869987008701870287038704870587068707870887098710871187128713871487158716871787188719872087218722872387248725872687278728872987308731873287338734873587368737873887398740874187428743874487458746874787488749875087518752875387548755875687578758875987608761876287638764876587668767876887698770877187728773877487758776877787788779878087818782878387848785878687878788878987908791879287938794879587968797879887998800880188028803880488058806880788088809881088118812881388148815881688178818881988208821882288238824882588268827882888298830883188328833883488358836883788388839884088418842884388448845884688478848884988508851885288538854885588568857885888598860886188628863886488658866886788688869887088718872887388748875887688778878887988808881888288838884888588868887888888898890889188928893889488958896889788988899890089018902890389048905890689078908890989108911891289138914891589168917891889198920892189228923892489258926892789288929893089318932893389348935893689378938893989408941894289438944894589468947894889498950895189528953895489558956895789588959896089618962896389648965896689678968896989708971897289738974897589768977897889798980898189828983898489858986898789888989899089918992899389948995899689978998899990009001900290039004900590069007900890099010901190129013901490159016901790189019902090219022902390249025902690279028902990309031903290339034903590369037903890399040904190429043904490459046904790489049905090519052905390549055905690579058905990609061906290639064906590669067906890699070907190729073907490759076907790789079908090819082908390849085908690879088908990909091909290939094909590969097909890999100910191029103910491059106910791089109911091119112911391149115911691179118911991209121912291239124912591269127912891299130913191329133913491359136913791389139914091419142914391449145914691479148914991509151915291539154915591569157915891599160916191629163916491659166916791689169917091719172917391749175917691779178917991809181918291839184918591869187918891899190919191929193919491959196919791989199920092019202920392049205920692079208920992109211921292139214921592169217921892199220922192229223922492259226922792289229923092319232923392349235923692379238923992409241924292439244924592469247924892499250925192529253925492559256925792589259926092619262926392649265926692679268926992709271927292739274927592769277927892799280928192829283928492859286928792889289929092919292929392949295929692979298929993009301930293039304930593069307930893099310931193129313931493159316931793189319932093219322932393249325932693279328932993309331933293339334933593369337933893399340934193429343934493459346934793489349935093519352935393549355935693579358935993609361936293639364936593669367936893699370937193729373937493759376937793789379938093819382938393849385938693879388938993909391939293939394939593969397939893999400940194029403940494059406940794089409941094119412941394149415941694179418941994209421942294239424942594269427942894299430943194329433943494359436943794389439944094419442944394449445944694479448944994509451945294539454945594569457945894599460946194629463946494659466946794689469947094719472947394749475947694779478947994809481948294839484948594869487948894899490949194929493949494959496949794989499950095019502950395049505950695079508950995109511951295139514951595169517951895199520952195229523952495259526952795289529953095319532953395349535953695379538953995409541954295439544954595469547954895499550955195529553955495559556955795589559956095619562956395649565956695679568956995709571957295739574957595769577957895799580958195829583958495859586958795889589959095919592959395949595959695979598959996009601960296039604960596069607960896099610961196129613961496159616961796189619962096219622962396249625962696279628962996309631963296339634963596369637963896399640964196429643964496459646964796489649965096519652965396549655965696579658965996609661966296639664966596669667966896699670967196729673967496759676967796789679968096819682968396849685968696879688968996909691969296939694969596969697969896999700970197029703970497059706970797089709971097119712971397149715971697179718971997209721972297239724972597269727972897299730973197329733973497359736973797389739974097419742974397449745974697479748974997509751975297539754975597569757975897599760976197629763976497659766976797689769977097719772977397749775977697779778977997809781978297839784978597869787978897899790979197929793979497959796979797989799980098019802980398049805980698079808980998109811981298139814981598169817981898199820982198229823982498259826982798289829983098319832983398349835983698379838983998409841984298439844984598469847984898499850985198529853985498559856985798589859986098619862986398649865986698679868986998709871987298739874987598769877987898799880988198829883988498859886988798889889989098919892989398949895989698979898989999009901990299039904990599069907990899099910991199129913991499159916991799189919992099219922992399249925992699279928992999309931993299339934993599369937993899399940994199429943994499459946994799489949995099519952995399549955995699579958995999609961996299639964996599669967996899699970997199729973997499759976997799789979998099819982998399849985998699879988998999909991999299939994999599969997999899991000010001100021000310004100051000610007100081000910010100111001210013100141001510016100171001810019100201002110022100231002410025100261002710028100291003010031100321003310034100351003610037100381003910040100411004210043100441004510046100471004810049100501005110052100531005410055100561005710058100591006010061100621006310064100651006610067100681006910070100711007210073100741007510076100771007810079100801008110082100831008410085100861008710088100891009010091100921009310094100951009610097100981009910100101011010210103101041010510106101071010810109101101011110112101131011410115101161011710118101191012010121101221012310124101251012610127101281012910130101311013210133101341013510136101371013810139101401014110142101431014410145101461014710148101491015010151101521015310154101551015610157101581015910160101611016210163101641016510166101671016810169101701017110172101731017410175101761017710178101791018010181101821018310184101851018610187101881018910190101911019210193101941019510196101971019810199102001020110202102031020410205102061020710208102091021010211102121021310214102151021610217102181021910220102211022210223102241022510226102271022810229102301023110232102331023410235102361023710238102391024010241102421024310244102451024610247102481024910250102511025210253102541025510256102571025810259102601026110262102631026410265102661026710268102691027010271102721027310274102751027610277102781027910280102811028210283102841028510286102871028810289102901029110292102931029410295102961029710298102991030010301103021030310304103051030610307103081030910310103111031210313103141031510316103171031810319103201032110322103231032410325103261032710328103291033010331103321033310334103351033610337103381033910340103411034210343103441034510346103471034810349103501035110352103531035410355103561035710358103591036010361103621036310364103651036610367103681036910370103711037210373103741037510376103771037810379103801038110382103831038410385103861038710388103891039010391103921039310394103951039610397103981039910400104011040210403104041040510406104071040810409104101041110412104131041410415104161041710418104191042010421104221042310424104251042610427104281042910430104311043210433104341043510436104371043810439104401044110442104431044410445104461044710448104491045010451104521045310454104551045610457104581045910460104611046210463104641046510466104671046810469104701047110472104731047410475104761047710478104791048010481104821048310484104851048610487104881048910490104911049210493104941049510496104971049810499105001050110502105031050410505105061050710508105091051010511105121051310514105151051610517105181051910520105211052210523105241052510526105271052810529105301053110532105331053410535105361053710538105391054010541105421054310544105451054610547105481054910550105511055210553105541055510556105571055810559105601056110562105631056410565105661056710568105691057010571105721057310574105751057610577105781057910580105811058210583105841058510586105871058810589105901059110592105931059410595105961059710598105991060010601106021060310604106051060610607106081060910610106111061210613106141061510616106171061810619106201062110622106231062410625106261062710628106291063010631106321063310634106351063610637106381063910640106411064210643106441064510646106471064810649106501065110652106531065410655106561065710658106591066010661106621066310664106651066610667106681066910670106711067210673106741067510676106771067810679106801068110682106831068410685106861068710688106891069010691106921069310694106951069610697106981069910700107011070210703107041070510706107071070810709107101071110712107131071410715107161071710718107191072010721107221072310724107251072610727107281072910730107311073210733107341073510736107371073810739107401074110742107431074410745107461074710748107491075010751107521075310754107551075610757107581075910760107611076210763107641076510766107671076810769107701077110772107731077410775107761077710778107791078010781107821078310784107851078610787107881078910790107911079210793107941079510796107971079810799108001080110802108031080410805108061080710808108091081010811108121081310814108151081610817108181081910820108211082210823108241082510826108271082810829108301083110832108331083410835108361083710838108391084010841108421084310844108451084610847108481084910850108511085210853108541085510856108571085810859108601086110862108631086410865108661086710868108691087010871108721087310874108751087610877108781087910880108811088210883108841088510886108871088810889108901089110892108931089410895108961089710898108991090010901109021090310904109051090610907109081090910910109111091210913109141091510916109171091810919109201092110922109231092410925109261092710928109291093010931109321093310934109351093610937109381093910940109411094210943109441094510946109471094810949109501095110952109531095410955109561095710958109591096010961109621096310964109651096610967109681096910970109711097210973109741097510976109771097810979109801098110982109831098410985109861098710988109891099010991109921099310994109951099610997109981099911000110011100211003110041100511006110071100811009110101101111012110131101411015110161101711018110191102011021110221102311024110251102611027110281102911030110311103211033110341103511036110371103811039110401104111042110431104411045110461104711048110491105011051110521105311054110551105611057110581105911060110611106211063110641106511066110671106811069110701107111072110731107411075110761107711078110791108011081110821108311084110851108611087110881108911090110911109211093110941109511096110971109811099111001110111102111031110411105111061110711108111091111011111111121111311114111151111611117111181111911120111211112211123111241112511126111271112811129111301113111132111331113411135111361113711138111391114011141111421114311144111451114611147111481114911150111511115211153111541115511156111571115811159111601116111162111631116411165111661116711168111691117011171111721117311174111751117611177111781117911180111811118211183111841118511186111871118811189111901119111192111931119411195111961119711198111991120011201112021120311204112051120611207112081120911210112111121211213112141121511216112171121811219112201122111222112231122411225112261122711228112291123011231112321123311234112351123611237112381123911240112411124211243112441124511246112471124811249112501125111252112531125411255112561125711258112591126011261112621126311264112651126611267112681126911270112711127211273112741127511276112771127811279112801128111282112831128411285112861128711288112891129011291112921129311294112951129611297112981129911300113011130211303113041130511306113071130811309113101131111312113131131411315113161131711318113191132011321113221132311324113251132611327113281132911330113311133211333113341133511336113371133811339113401134111342113431134411345113461134711348113491135011351113521135311354113551135611357113581135911360113611136211363113641136511366113671136811369113701137111372113731137411375113761137711378113791138011381113821138311384113851138611387113881138911390113911139211393113941139511396113971139811399114001140111402114031140411405114061140711408114091141011411114121141311414114151141611417114181141911420114211142211423114241142511426114271142811429114301143111432114331143411435114361143711438114391144011441114421144311444114451144611447114481144911450114511145211453114541145511456114571145811459114601146111462114631146411465114661146711468114691147011471114721147311474114751147611477114781147911480114811148211483114841148511486114871148811489114901149111492114931149411495114961149711498114991150011501115021150311504115051150611507115081150911510115111151211513115141151511516115171151811519115201152111522115231152411525115261152711528115291153011531115321153311534115351153611537115381153911540115411154211543115441154511546115471154811549115501155111552115531155411555115561155711558115591156011561115621156311564115651156611567115681156911570115711157211573115741157511576115771157811579115801158111582115831158411585115861158711588115891159011591115921159311594115951159611597115981159911600116011160211603116041160511606116071160811609116101161111612116131161411615116161161711618116191162011621116221162311624116251162611627116281162911630116311163211633116341163511636116371163811639116401164111642116431164411645116461164711648116491165011651116521165311654116551165611657116581165911660116611166211663116641166511666116671166811669116701167111672116731167411675116761167711678116791168011681116821168311684116851168611687116881168911690116911169211693116941169511696116971169811699117001170111702117031170411705117061170711708117091171011711117121171311714117151171611717117181171911720117211172211723117241172511726117271172811729117301173111732117331173411735117361173711738117391174011741117421174311744117451174611747117481174911750117511175211753117541175511756117571175811759117601176111762117631176411765117661176711768117691177011771117721177311774117751177611777117781177911780117811178211783117841178511786117871178811789117901179111792117931179411795117961179711798117991180011801118021180311804118051180611807118081180911810118111181211813118141181511816118171181811819118201182111822118231182411825118261182711828118291183011831118321183311834118351183611837118381183911840118411184211843118441184511846118471184811849118501185111852118531185411855118561185711858118591186011861118621186311864118651186611867118681186911870118711187211873118741187511876118771187811879118801188111882118831188411885118861188711888118891189011891118921189311894118951189611897118981189911900119011190211903119041190511906119071190811909119101191111912119131191411915119161191711918119191192011921119221192311924119251192611927119281192911930119311193211933119341193511936119371193811939119401194111942119431194411945119461194711948119491195011951119521195311954119551195611957119581195911960119611196211963119641196511966119671196811969119701197111972119731197411975119761197711978119791198011981119821198311984119851198611987119881198911990119911199211993119941199511996119971199811999120001200112002120031200412005120061200712008120091201012011120121201312014120151201612017120181201912020120211202212023120241202512026120271202812029120301203112032120331203412035120361203712038120391204012041120421204312044120451204612047120481204912050120511205212053120541205512056120571205812059120601206112062120631206412065120661206712068120691207012071120721207312074120751207612077120781207912080120811208212083120841208512086120871208812089120901209112092120931209412095120961209712098120991210012101121021210312104121051210612107121081210912110121111211212113121141211512116121171211812119121201212112122121231212412125121261212712128121291213012131121321213312134121351213612137121381213912140121411214212143121441214512146121471214812149121501215112152121531215412155121561215712158121591216012161121621216312164121651216612167121681216912170121711217212173121741217512176121771217812179121801218112182121831218412185121861218712188121891219012191121921219312194121951219612197121981219912200122011220212203122041220512206122071220812209122101221112212122131221412215122161221712218122191222012221122221222312224122251222612227122281222912230122311223212233122341223512236122371223812239122401224112242122431224412245122461224712248122491225012251122521225312254122551225612257122581225912260122611226212263122641226512266122671226812269122701227112272122731227412275122761227712278122791228012281122821228312284122851228612287122881228912290122911229212293122941229512296122971229812299123001230112302123031230412305123061230712308123091231012311123121231312314123151231612317123181231912320123211232212323123241232512326123271232812329123301233112332123331233412335123361233712338123391234012341123421234312344123451234612347123481234912350123511235212353123541235512356123571235812359123601236112362123631236412365123661236712368123691237012371123721237312374123751237612377123781237912380123811238212383123841238512386123871238812389123901239112392123931239412395123961239712398123991240012401124021240312404124051240612407124081240912410124111241212413124141241512416124171241812419124201242112422124231242412425124261242712428124291243012431124321243312434124351243612437124381243912440124411244212443124441244512446124471244812449124501245112452124531245412455124561245712458124591246012461124621246312464124651246612467124681246912470124711247212473124741247512476124771247812479124801248112482124831248412485124861248712488124891249012491124921249312494124951249612497124981249912500125011250212503125041250512506125071250812509125101251112512125131251412515125161251712518125191252012521125221252312524125251252612527125281252912530125311253212533125341253512536125371253812539125401254112542125431254412545125461254712548125491255012551125521255312554125551255612557125581255912560125611256212563125641256512566125671256812569125701257112572125731257412575125761257712578125791258012581125821258312584125851258612587125881258912590125911259212593125941259512596125971259812599126001260112602126031260412605126061260712608126091261012611126121261312614126151261612617126181261912620126211262212623126241262512626126271262812629126301263112632126331263412635126361263712638126391264012641126421264312644126451264612647126481264912650126511265212653126541265512656126571265812659126601266112662126631266412665126661266712668126691267012671126721267312674126751267612677126781267912680126811268212683126841268512686126871268812689126901269112692126931269412695126961269712698126991270012701127021270312704127051270612707127081270912710127111271212713127141271512716127171271812719127201272112722127231272412725127261272712728127291273012731127321273312734127351273612737127381273912740127411274212743127441274512746127471274812749127501275112752127531275412755127561275712758127591276012761127621276312764127651276612767127681276912770127711277212773127741277512776127771277812779127801278112782127831278412785127861278712788127891279012791127921279312794127951279612797127981279912800128011280212803128041280512806128071280812809128101281112812128131281412815128161281712818128191282012821128221282312824128251282612827128281282912830128311283212833128341283512836128371283812839128401284112842128431284412845128461284712848128491285012851128521285312854128551285612857128581285912860128611286212863128641286512866128671286812869128701287112872128731287412875128761287712878128791288012881128821288312884128851288612887128881288912890128911289212893128941289512896128971289812899129001290112902129031290412905129061290712908129091291012911129121291312914129151291612917129181291912920129211292212923129241292512926129271292812929129301293112932129331293412935129361293712938129391294012941129421294312944129451294612947129481294912950129511295212953129541295512956129571295812959129601296112962129631296412965129661296712968129691297012971129721297312974129751297612977129781297912980129811298212983129841298512986129871298812989129901299112992129931299412995129961299712998129991300013001130021300313004130051300613007130081300913010130111301213013130141301513016130171301813019130201302113022130231302413025130261302713028130291303013031130321303313034130351303613037130381303913040130411304213043130441304513046130471304813049130501305113052130531305413055130561305713058130591306013061130621306313064130651306613067130681306913070130711307213073130741307513076130771307813079130801308113082130831308413085130861308713088130891309013091130921309313094130951309613097130981309913100131011310213103131041310513106131071310813109131101311113112131131311413115131161311713118131191312013121131221312313124131251312613127131281312913130131311313213133131341313513136131371313813139131401314113142131431314413145131461314713148131491315013151131521315313154131551315613157131581315913160131611316213163131641316513166131671316813169131701317113172131731317413175131761317713178131791318013181131821318313184131851318613187131881318913190131911319213193131941319513196131971319813199132001320113202132031320413205132061320713208132091321013211132121321313214132151321613217132181321913220132211322213223132241322513226132271322813229132301323113232132331323413235132361323713238132391324013241132421324313244132451324613247132481324913250132511325213253132541325513256132571325813259132601326113262132631326413265132661326713268132691327013271132721327313274132751327613277132781327913280132811328213283132841328513286132871328813289132901329113292132931329413295132961329713298132991330013301133021330313304133051330613307133081330913310133111331213313133141331513316133171331813319133201332113322133231332413325133261332713328133291333013331133321333313334133351333613337133381333913340133411334213343133441334513346133471334813349133501335113352133531335413355133561335713358133591336013361133621336313364133651336613367133681336913370133711337213373133741337513376133771337813379133801338113382133831338413385133861338713388133891339013391133921339313394133951339613397133981339913400134011340213403134041340513406134071340813409134101341113412134131341413415134161341713418134191342013421134221342313424134251342613427134281342913430134311343213433134341343513436134371343813439134401344113442134431344413445134461344713448134491345013451134521345313454134551345613457134581345913460134611346213463134641346513466134671346813469134701347113472134731347413475134761347713478134791348013481134821348313484134851348613487134881348913490134911349213493134941349513496134971349813499135001350113502135031350413505135061350713508135091351013511135121351313514135151351613517135181351913520135211352213523135241352513526135271352813529135301353113532135331353413535135361353713538135391354013541135421354313544135451354613547135481354913550135511355213553135541355513556135571355813559135601356113562135631356413565135661356713568135691357013571135721357313574135751357613577135781357913580135811358213583135841358513586135871358813589135901359113592135931359413595135961359713598135991360013601136021360313604136051360613607136081360913610136111361213613136141361513616136171361813619136201362113622136231362413625136261362713628136291363013631136321363313634136351363613637136381363913640136411364213643136441364513646136471364813649136501365113652136531365413655136561365713658136591366013661136621366313664136651366613667136681366913670136711367213673136741367513676136771367813679136801368113682136831368413685136861368713688136891369013691136921369313694136951369613697136981369913700137011370213703137041370513706137071370813709137101371113712137131371413715137161371713718137191372013721137221372313724137251372613727137281372913730137311373213733137341373513736137371373813739137401374113742137431374413745137461374713748137491375013751137521375313754137551375613757137581375913760137611376213763137641376513766137671376813769137701377113772137731377413775137761377713778137791378013781137821378313784137851378613787137881378913790137911379213793137941379513796137971379813799138001380113802138031380413805138061380713808138091381013811138121381313814138151381613817138181381913820138211382213823138241382513826138271382813829138301383113832138331383413835138361383713838138391384013841138421384313844138451384613847138481384913850138511385213853138541385513856138571385813859138601386113862138631386413865138661386713868138691387013871138721387313874138751387613877138781387913880138811388213883138841388513886138871388813889138901389113892138931389413895138961389713898138991390013901139021390313904139051390613907139081390913910139111391213913139141391513916139171391813919139201392113922139231392413925139261392713928139291393013931139321393313934139351393613937139381393913940139411394213943139441394513946139471394813949139501395113952139531395413955139561395713958139591396013961139621396313964139651396613967139681396913970139711397213973139741397513976139771397813979139801398113982139831398413985139861398713988139891399013991139921399313994139951399613997139981399914000140011400214003140041400514006140071400814009140101401114012140131401414015140161401714018140191402014021140221402314024140251402614027140281402914030140311403214033140341403514036140371403814039140401404114042140431404414045140461404714048140491405014051140521405314054140551405614057140581405914060140611406214063140641406514066140671406814069140701407114072140731407414075140761407714078140791408014081140821408314084140851408614087140881408914090140911409214093140941409514096140971409814099141001410114102141031410414105141061410714108141091411014111141121411314114141151411614117141181411914120141211412214123141241412514126141271412814129141301413114132141331413414135141361413714138141391414014141141421414314144141451414614147141481414914150141511415214153141541415514156141571415814159141601416114162141631416414165141661416714168141691417014171141721417314174141751417614177141781417914180141811418214183141841418514186141871418814189141901419114192141931419414195141961419714198141991420014201142021420314204142051420614207142081420914210142111421214213142141421514216142171421814219142201422114222142231422414225142261422714228142291423014231142321423314234142351423614237142381423914240142411424214243142441424514246142471424814249142501425114252142531425414255142561425714258142591426014261142621426314264142651426614267142681426914270142711427214273142741427514276142771427814279142801428114282142831428414285142861428714288142891429014291142921429314294142951429614297142981429914300143011430214303143041430514306143071430814309143101431114312143131431414315143161431714318143191432014321143221432314324143251432614327143281432914330143311433214333143341433514336143371433814339143401434114342143431434414345143461434714348143491435014351143521435314354143551435614357143581435914360143611436214363143641436514366143671436814369143701437114372143731437414375143761437714378143791438014381143821438314384143851438614387143881438914390143911439214393143941439514396143971439814399144001440114402144031440414405144061440714408144091441014411144121441314414144151441614417144181441914420144211442214423144241442514426144271442814429144301443114432144331443414435144361443714438144391444014441144421444314444144451444614447144481444914450144511445214453144541445514456144571445814459144601446114462144631446414465144661446714468144691447014471144721447314474144751447614477144781447914480144811448214483144841448514486144871448814489144901449114492144931449414495144961449714498144991450014501145021450314504145051450614507145081450914510145111451214513145141451514516145171451814519145201452114522145231452414525145261452714528145291453014531145321453314534145351453614537145381453914540145411454214543145441454514546145471454814549145501455114552145531455414555145561455714558145591456014561145621456314564145651456614567145681456914570145711457214573145741457514576145771457814579145801458114582145831458414585145861458714588145891459014591145921459314594145951459614597145981459914600146011460214603146041460514606146071460814609146101461114612146131461414615146161461714618146191462014621146221462314624146251462614627146281462914630146311463214633146341463514636146371463814639146401464114642146431464414645146461464714648146491465014651146521465314654146551465614657146581465914660146611466214663146641466514666146671466814669146701467114672146731467414675146761467714678146791468014681146821468314684146851468614687146881468914690146911469214693146941469514696146971469814699147001470114702147031470414705147061470714708147091471014711147121471314714147151471614717147181471914720147211472214723147241472514726147271472814729147301473114732147331473414735147361473714738147391474014741147421474314744147451474614747147481474914750147511475214753147541475514756147571475814759147601476114762147631476414765147661476714768147691477014771147721477314774147751477614777147781477914780147811478214783147841478514786147871478814789147901479114792147931479414795147961479714798147991480014801148021480314804148051480614807148081480914810148111481214813148141481514816148171481814819148201482114822148231482414825148261482714828148291483014831148321483314834148351483614837148381483914840148411484214843148441484514846148471484814849148501485114852148531485414855148561485714858148591486014861148621486314864148651486614867148681486914870148711487214873148741487514876148771487814879148801488114882148831488414885148861488714888148891489014891148921489314894148951489614897148981489914900149011490214903149041490514906149071490814909149101491114912149131491414915149161491714918149191492014921149221492314924149251492614927149281492914930149311493214933149341493514936149371493814939149401494114942149431494414945149461494714948149491495014951149521495314954149551495614957149581495914960149611496214963149641496514966149671496814969149701497114972149731497414975149761497714978149791498014981149821498314984149851498614987149881498914990149911499214993149941499514996149971499814999150001500115002150031500415005150061500715008150091501015011150121501315014150151501615017150181501915020150211502215023150241502515026150271502815029150301503115032150331503415035150361503715038150391504015041150421504315044150451504615047150481504915050150511505215053150541505515056150571505815059150601506115062150631506415065150661506715068150691507015071150721507315074150751507615077150781507915080150811508215083150841508515086150871508815089150901509115092150931509415095150961509715098150991510015101151021510315104151051510615107151081510915110151111511215113151141511515116151171511815119151201512115122151231512415125151261512715128151291513015131151321513315134151351513615137151381513915140151411514215143151441514515146151471514815149151501515115152151531515415155151561515715158151591516015161151621516315164151651516615167151681516915170151711517215173151741517515176151771517815179151801518115182151831518415185151861518715188151891519015191151921519315194151951519615197151981519915200152011520215203152041520515206152071520815209152101521115212152131521415215152161521715218152191522015221152221522315224152251522615227152281522915230152311523215233152341523515236152371523815239152401524115242152431524415245152461524715248152491525015251152521525315254152551525615257152581525915260152611526215263152641526515266152671526815269152701527115272152731527415275152761527715278152791528015281152821528315284152851528615287152881528915290152911529215293152941529515296152971529815299153001530115302153031530415305153061530715308153091531015311153121531315314153151531615317153181531915320153211532215323153241532515326153271532815329153301533115332153331533415335153361533715338153391534015341153421534315344153451534615347153481534915350153511535215353153541535515356153571535815359153601536115362153631536415365153661536715368153691537015371153721537315374153751537615377153781537915380153811538215383153841538515386153871538815389153901539115392153931539415395153961539715398153991540015401154021540315404154051540615407154081540915410154111541215413154141541515416154171541815419154201542115422154231542415425154261542715428154291543015431154321543315434154351543615437154381543915440154411544215443154441544515446154471544815449154501545115452154531545415455154561545715458154591546015461154621546315464154651546615467154681546915470154711547215473154741547515476154771547815479154801548115482154831548415485154861548715488154891549015491154921549315494154951549615497154981549915500155011550215503155041550515506155071550815509155101551115512155131551415515155161551715518155191552015521155221552315524155251552615527155281552915530155311553215533155341553515536155371553815539155401554115542155431554415545155461554715548155491555015551155521555315554155551555615557155581555915560155611556215563155641556515566155671556815569155701557115572155731557415575155761557715578155791558015581155821558315584155851558615587155881558915590155911559215593155941559515596155971559815599156001560115602156031560415605156061560715608156091561015611156121561315614156151561615617156181561915620156211562215623156241562515626156271562815629156301563115632156331563415635156361563715638156391564015641156421564315644156451564615647156481564915650156511565215653156541565515656156571565815659156601566115662156631566415665156661566715668156691567015671156721567315674156751567615677156781567915680156811568215683156841568515686156871568815689156901569115692156931569415695156961569715698156991570015701157021570315704157051570615707157081570915710157111571215713157141571515716157171571815719157201572115722157231572415725157261572715728157291573015731157321573315734157351573615737157381573915740157411574215743157441574515746157471574815749157501575115752157531575415755157561575715758157591576015761157621576315764157651576615767157681576915770157711577215773157741577515776157771577815779157801578115782157831578415785157861578715788157891579015791157921579315794157951579615797157981579915800158011580215803158041580515806158071580815809158101581115812158131581415815158161581715818158191582015821158221582315824158251582615827158281582915830158311583215833158341583515836158371583815839158401584115842158431584415845158461584715848158491585015851158521585315854158551585615857158581585915860158611586215863158641586515866158671586815869158701587115872158731587415875158761587715878158791588015881158821588315884158851588615887158881588915890158911589215893158941589515896158971589815899159001590115902159031590415905159061590715908159091591015911159121591315914159151591615917159181591915920159211592215923159241592515926159271592815929159301593115932159331593415935159361593715938159391594015941159421594315944159451594615947159481594915950159511595215953159541595515956159571595815959159601596115962159631596415965159661596715968159691597015971159721597315974159751597615977159781597915980159811598215983159841598515986159871598815989159901599115992159931599415995159961599715998159991600016001160021600316004160051600616007160081600916010160111601216013160141601516016160171601816019160201602116022160231602416025160261602716028160291603016031160321603316034160351603616037160381603916040160411604216043160441604516046160471604816049160501605116052160531605416055160561605716058160591606016061160621606316064160651606616067160681606916070160711607216073160741607516076160771607816079160801608116082160831608416085160861608716088160891609016091160921609316094160951609616097160981609916100161011610216103161041610516106161071610816109161101611116112161131611416115161161611716118161191612016121161221612316124161251612616127161281612916130161311613216133161341613516136161371613816139161401614116142161431614416145161461614716148161491615016151161521615316154161551615616157161581615916160161611616216163161641616516166161671616816169161701617116172161731617416175161761617716178161791618016181161821618316184161851618616187161881618916190161911619216193161941619516196161971619816199162001620116202162031620416205162061620716208162091621016211162121621316214162151621616217162181621916220162211622216223162241622516226162271622816229162301623116232162331623416235162361623716238162391624016241162421624316244162451624616247162481624916250162511625216253162541625516256162571625816259162601626116262162631626416265162661626716268162691627016271162721627316274162751627616277162781627916280162811628216283162841628516286162871628816289162901629116292162931629416295162961629716298162991630016301163021630316304163051630616307163081630916310163111631216313163141631516316163171631816319163201632116322163231632416325163261632716328163291633016331163321633316334163351633616337163381633916340163411634216343163441634516346163471634816349163501635116352163531635416355163561635716358163591636016361163621636316364163651636616367163681636916370163711637216373163741637516376163771637816379163801638116382163831638416385163861638716388163891639016391163921639316394163951639616397163981639916400164011640216403164041640516406164071640816409164101641116412164131641416415164161641716418164191642016421164221642316424164251642616427164281642916430164311643216433164341643516436164371643816439164401644116442164431644416445164461644716448164491645016451164521645316454164551645616457164581645916460164611646216463164641646516466164671646816469164701647116472164731647416475164761647716478164791648016481164821648316484164851648616487164881648916490164911649216493164941649516496164971649816499165001650116502165031650416505165061650716508165091651016511165121651316514165151651616517165181651916520165211652216523165241652516526165271652816529165301653116532165331653416535165361653716538165391654016541165421654316544165451654616547165481654916550165511655216553165541655516556165571655816559165601656116562165631656416565165661656716568165691657016571165721657316574165751657616577165781657916580165811658216583165841658516586165871658816589165901659116592165931659416595165961659716598165991660016601166021660316604166051660616607166081660916610166111661216613166141661516616166171661816619166201662116622166231662416625166261662716628166291663016631166321663316634166351663616637166381663916640166411664216643166441664516646166471664816649166501665116652166531665416655166561665716658166591666016661166621666316664166651666616667166681666916670166711667216673166741667516676166771667816679166801668116682166831668416685166861668716688166891669016691166921669316694166951669616697166981669916700167011670216703167041670516706167071670816709167101671116712167131671416715167161671716718167191672016721167221672316724167251672616727167281672916730167311673216733167341673516736167371673816739167401674116742167431674416745167461674716748167491675016751167521675316754167551675616757167581675916760167611676216763167641676516766167671676816769167701677116772167731677416775167761677716778167791678016781167821678316784167851678616787167881678916790167911679216793167941679516796167971679816799168001680116802168031680416805168061680716808168091681016811168121681316814168151681616817168181681916820168211682216823168241682516826168271682816829168301683116832168331683416835168361683716838168391684016841168421684316844168451684616847168481684916850168511685216853168541685516856168571685816859168601686116862168631686416865168661686716868168691687016871168721687316874168751687616877168781687916880168811688216883168841688516886168871688816889168901689116892168931689416895168961689716898168991690016901169021690316904169051690616907169081690916910169111691216913169141691516916169171691816919169201692116922169231692416925169261692716928169291693016931169321693316934169351693616937169381693916940169411694216943169441694516946169471694816949169501695116952169531695416955169561695716958169591696016961169621696316964169651696616967169681696916970169711697216973169741697516976169771697816979169801698116982169831698416985169861698716988169891699016991169921699316994169951699616997169981699917000170011700217003170041700517006170071700817009170101701117012170131701417015170161701717018170191702017021170221702317024170251702617027170281702917030170311703217033170341703517036170371703817039170401704117042170431704417045170461704717048170491705017051170521705317054170551705617057170581705917060170611706217063170641706517066170671706817069170701707117072170731707417075170761707717078170791708017081170821708317084170851708617087170881708917090170911709217093170941709517096170971709817099171001710117102171031710417105171061710717108171091711017111171121711317114171151711617117171181711917120171211712217123171241712517126171271712817129171301713117132171331713417135171361713717138171391714017141171421714317144171451714617147171481714917150171511715217153171541715517156171571715817159171601716117162171631716417165171661716717168171691717017171171721717317174171751717617177171781717917180171811718217183171841718517186171871718817189171901719117192171931719417195171961719717198171991720017201172021720317204172051720617207172081720917210172111721217213172141721517216172171721817219172201722117222172231722417225172261722717228172291723017231172321723317234172351723617237172381723917240172411724217243172441724517246172471724817249172501725117252172531725417255172561725717258172591726017261172621726317264172651726617267172681726917270172711727217273172741727517276172771727817279172801728117282172831728417285172861728717288172891729017291172921729317294172951729617297172981729917300173011730217303173041730517306173071730817309173101731117312173131731417315173161731717318173191732017321173221732317324173251732617327173281732917330173311733217333173341733517336173371733817339173401734117342173431734417345173461734717348173491735017351173521735317354173551735617357173581735917360173611736217363173641736517366173671736817369173701737117372173731737417375173761737717378173791738017381173821738317384173851738617387173881738917390173911739217393173941739517396173971739817399174001740117402174031740417405174061740717408174091741017411174121741317414174151741617417174181741917420174211742217423174241742517426174271742817429174301743117432174331743417435174361743717438174391744017441174421744317444174451744617447174481744917450174511745217453174541745517456174571745817459174601746117462174631746417465174661746717468174691747017471174721747317474174751747617477174781747917480174811748217483174841748517486174871748817489174901749117492174931749417495174961749717498174991750017501175021750317504175051750617507175081750917510175111751217513175141751517516175171751817519175201752117522175231752417525175261752717528175291753017531175321753317534175351753617537175381753917540175411754217543175441754517546175471754817549175501755117552175531755417555175561755717558175591756017561175621756317564175651756617567175681756917570175711757217573175741757517576175771757817579175801758117582175831758417585175861758717588175891759017591175921759317594175951759617597175981759917600176011760217603176041760517606176071760817609176101761117612176131761417615176161761717618176191762017621176221762317624176251762617627176281762917630176311763217633176341763517636176371763817639176401764117642176431764417645176461764717648176491765017651176521765317654176551765617657176581765917660176611766217663176641766517666176671766817669176701767117672176731767417675176761767717678176791768017681176821768317684176851768617687176881768917690176911769217693176941769517696176971769817699177001770117702177031770417705177061770717708177091771017711177121771317714177151771617717177181771917720177211772217723177241772517726177271772817729177301773117732177331773417735177361773717738177391774017741177421774317744177451774617747177481774917750177511775217753177541775517756177571775817759177601776117762177631776417765177661776717768177691777017771177721777317774177751777617777177781777917780177811778217783177841778517786177871778817789177901779117792177931779417795177961779717798177991780017801178021780317804178051780617807178081780917810178111781217813178141781517816178171781817819178201782117822178231782417825178261782717828178291783017831178321783317834178351783617837178381783917840178411784217843178441784517846178471784817849178501785117852178531785417855178561785717858178591786017861178621786317864178651786617867178681786917870178711787217873178741787517876178771787817879178801788117882178831788417885178861788717888178891789017891178921789317894178951789617897178981789917900179011790217903179041790517906179071790817909179101791117912179131791417915179161791717918179191792017921179221792317924179251792617927179281792917930179311793217933179341793517936179371793817939179401794117942179431794417945179461794717948179491795017951179521795317954179551795617957179581795917960179611796217963179641796517966179671796817969179701797117972179731797417975179761797717978179791798017981179821798317984179851798617987179881798917990179911799217993179941799517996179971799817999180001800118002180031800418005180061800718008180091801018011180121801318014180151801618017180181801918020180211802218023180241802518026180271802818029180301803118032180331803418035180361803718038180391804018041180421804318044180451804618047180481804918050180511805218053180541805518056180571805818059180601806118062180631806418065180661806718068180691807018071180721807318074180751807618077180781807918080180811808218083180841808518086180871808818089180901809118092180931809418095180961809718098180991810018101181021810318104181051810618107181081810918110181111811218113181141811518116181171811818119181201812118122181231812418125181261812718128181291813018131181321813318134181351813618137181381813918140181411814218143181441814518146181471814818149181501815118152181531815418155181561815718158181591816018161181621816318164181651816618167181681816918170181711817218173181741817518176181771817818179181801818118182181831818418185181861818718188181891819018191181921819318194181951819618197181981819918200182011820218203182041820518206182071820818209182101821118212182131821418215182161821718218182191822018221182221822318224182251822618227182281822918230182311823218233182341823518236182371823818239182401824118242182431824418245182461824718248182491825018251182521825318254182551825618257182581825918260182611826218263182641826518266182671826818269182701827118272182731827418275182761827718278182791828018281182821828318284182851828618287182881828918290182911829218293182941829518296182971829818299183001830118302183031830418305183061830718308183091831018311183121831318314183151831618317183181831918320183211832218323183241832518326183271832818329183301833118332183331833418335183361833718338183391834018341183421834318344183451834618347183481834918350183511835218353183541835518356183571835818359183601836118362183631836418365183661836718368183691837018371183721837318374183751837618377183781837918380183811838218383183841838518386183871838818389183901839118392183931839418395183961839718398183991840018401184021840318404184051840618407184081840918410184111841218413184141841518416184171841818419184201842118422184231842418425184261842718428184291843018431184321843318434184351843618437184381843918440184411844218443184441844518446184471844818449184501845118452184531845418455184561845718458184591846018461184621846318464184651846618467184681846918470184711847218473184741847518476184771847818479184801848118482184831848418485184861848718488184891849018491184921849318494184951849618497184981849918500185011850218503185041850518506185071850818509185101851118512185131851418515185161851718518185191852018521185221852318524185251852618527185281852918530185311853218533185341853518536185371853818539185401854118542185431854418545185461854718548185491855018551185521855318554185551855618557185581855918560185611856218563185641856518566185671856818569185701857118572185731857418575185761857718578185791858018581185821858318584185851858618587185881858918590185911859218593185941859518596185971859818599186001860118602186031860418605186061860718608186091861018611186121861318614186151861618617186181861918620186211862218623186241862518626186271862818629186301863118632186331863418635186361863718638186391864018641186421864318644186451864618647186481864918650186511865218653186541865518656186571865818659186601866118662186631866418665186661866718668186691867018671186721867318674186751867618677186781867918680186811868218683186841868518686186871868818689186901869118692186931869418695186961869718698186991870018701187021870318704187051870618707187081870918710187111871218713187141871518716187171871818719187201872118722187231872418725187261872718728187291873018731187321873318734187351873618737187381873918740187411874218743187441874518746187471874818749187501875118752187531875418755187561875718758187591876018761187621876318764187651876618767187681876918770187711877218773187741877518776187771877818779187801878118782187831878418785187861878718788187891879018791187921879318794187951879618797187981879918800188011880218803188041880518806188071880818809188101881118812188131881418815188161881718818188191882018821188221882318824188251882618827188281882918830188311883218833188341883518836188371883818839188401884118842188431884418845188461884718848188491885018851188521885318854188551885618857188581885918860188611886218863188641886518866188671886818869188701887118872188731887418875188761887718878188791888018881188821888318884188851888618887188881888918890188911889218893188941889518896188971889818899189001890118902189031890418905189061890718908189091891018911189121891318914189151891618917189181891918920189211892218923189241892518926189271892818929189301893118932189331893418935189361893718938189391894018941189421894318944189451894618947189481894918950189511895218953189541895518956189571895818959189601896118962189631896418965189661896718968189691897018971189721897318974189751897618977189781897918980189811898218983189841898518986189871898818989189901899118992189931899418995189961899718998189991900019001190021900319004190051900619007190081900919010190111901219013190141901519016190171901819019190201902119022190231902419025190261902719028190291903019031190321903319034190351903619037190381903919040190411904219043190441904519046190471904819049190501905119052190531905419055190561905719058190591906019061190621906319064190651906619067190681906919070190711907219073190741907519076190771907819079190801908119082190831908419085190861908719088190891909019091190921909319094190951909619097190981909919100191011910219103191041910519106191071910819109191101911119112191131911419115191161911719118191191912019121191221912319124191251912619127191281912919130191311913219133191341913519136191371913819139191401914119142191431914419145191461914719148191491915019151191521915319154191551915619157191581915919160191611916219163191641916519166191671916819169191701917119172191731917419175191761917719178191791918019181191821918319184191851918619187191881918919190191911919219193191941919519196191971919819199192001920119202192031920419205192061920719208192091921019211192121921319214192151921619217192181921919220192211922219223192241922519226192271922819229192301923119232192331923419235192361923719238192391924019241192421924319244192451924619247192481924919250192511925219253192541925519256192571925819259192601926119262192631926419265192661926719268192691927019271192721927319274192751927619277192781927919280192811928219283192841928519286192871928819289192901929119292192931929419295192961929719298192991930019301193021930319304193051930619307193081930919310193111931219313193141931519316193171931819319193201932119322193231932419325193261932719328193291933019331193321933319334193351933619337193381933919340193411934219343193441934519346193471934819349193501935119352193531935419355193561935719358193591936019361193621936319364193651936619367193681936919370193711937219373193741937519376193771937819379193801938119382193831938419385193861938719388193891939019391193921939319394193951939619397193981939919400194011940219403194041940519406194071940819409194101941119412194131941419415194161941719418194191942019421194221942319424194251942619427194281942919430194311943219433194341943519436194371943819439194401944119442194431944419445194461944719448194491945019451194521945319454194551945619457194581945919460194611946219463194641946519466194671946819469194701947119472194731947419475194761947719478194791948019481194821948319484194851948619487194881948919490194911949219493194941949519496194971949819499195001950119502195031950419505195061950719508195091951019511195121951319514195151951619517195181951919520195211952219523195241952519526195271952819529195301953119532195331953419535195361953719538195391954019541195421954319544195451954619547195481954919550195511955219553195541955519556195571955819559195601956119562195631956419565195661956719568195691957019571195721957319574195751957619577195781957919580195811958219583195841958519586195871958819589195901959119592195931959419595195961959719598195991960019601196021960319604196051960619607196081960919610196111961219613196141961519616196171961819619196201962119622196231962419625196261962719628196291963019631196321963319634196351963619637196381963919640196411964219643196441964519646196471964819649196501965119652196531965419655196561965719658196591966019661196621966319664196651966619667196681966919670196711967219673196741967519676196771967819679196801968119682196831968419685196861968719688196891969019691196921969319694196951969619697196981969919700197011970219703197041970519706197071970819709197101971119712197131971419715197161971719718197191972019721197221972319724197251972619727197281972919730197311973219733197341973519736197371973819739197401974119742197431974419745197461974719748197491975019751197521975319754197551975619757197581975919760197611976219763197641976519766197671976819769197701977119772197731977419775197761977719778197791978019781197821978319784197851978619787197881978919790197911979219793197941979519796197971979819799198001980119802198031980419805198061980719808198091981019811198121981319814198151981619817198181981919820198211982219823198241982519826198271982819829198301983119832198331983419835198361983719838198391984019841198421984319844198451984619847198481984919850198511985219853198541985519856198571985819859198601986119862198631986419865198661986719868198691987019871198721987319874198751987619877198781987919880198811988219883198841988519886198871988819889198901989119892198931989419895198961989719898198991990019901199021990319904199051990619907199081990919910199111991219913199141991519916199171991819919199201992119922199231992419925199261992719928199291993019931199321993319934199351993619937199381993919940199411994219943199441994519946199471994819949199501995119952199531995419955199561995719958199591996019961199621996319964199651996619967199681996919970199711997219973199741997519976199771997819979199801998119982199831998419985199861998719988199891999019991199921999319994199951999619997199981999920000200012000220003200042000520006200072000820009200102001120012200132001420015200162001720018200192002020021200222002320024200252002620027200282002920030200312003220033200342003520036200372003820039200402004120042200432004420045200462004720048200492005020051200522005320054200552005620057200582005920060200612006220063200642006520066200672006820069200702007120072200732007420075200762007720078200792008020081200822008320084200852008620087200882008920090200912009220093200942009520096200972009820099201002010120102201032010420105201062010720108201092011020111201122011320114201152011620117201182011920120201212012220123201242012520126201272012820129201302013120132201332013420135201362013720138201392014020141201422014320144201452014620147201482014920150201512015220153201542015520156201572015820159201602016120162201632016420165201662016720168201692017020171201722017320174201752017620177201782017920180201812018220183201842018520186201872018820189201902019120192201932019420195201962019720198201992020020201202022020320204202052020620207202082020920210202112021220213202142021520216202172021820219202202022120222202232022420225202262022720228202292023020231202322023320234202352023620237202382023920240202412024220243202442024520246202472024820249202502025120252202532025420255202562025720258202592026020261202622026320264202652026620267202682026920270202712027220273202742027520276202772027820279202802028120282202832028420285202862028720288202892029020291202922029320294202952029620297202982029920300203012030220303203042030520306203072030820309203102031120312203132031420315203162031720318203192032020321203222032320324203252032620327203282032920330203312033220333203342033520336203372033820339203402034120342203432034420345203462034720348203492035020351203522035320354203552035620357203582035920360203612036220363203642036520366203672036820369203702037120372203732037420375203762037720378203792038020381203822038320384203852038620387203882038920390203912039220393203942039520396203972039820399204002040120402204032040420405204062040720408204092041020411204122041320414204152041620417204182041920420204212042220423204242042520426204272042820429204302043120432204332043420435204362043720438204392044020441204422044320444204452044620447204482044920450204512045220453204542045520456204572045820459204602046120462204632046420465204662046720468204692047020471204722047320474204752047620477204782047920480204812048220483204842048520486204872048820489204902049120492204932049420495204962049720498204992050020501205022050320504205052050620507205082050920510205112051220513205142051520516205172051820519205202052120522205232052420525205262052720528205292053020531205322053320534205352053620537205382053920540205412054220543205442054520546205472054820549205502055120552205532055420555205562055720558205592056020561205622056320564205652056620567205682056920570205712057220573205742057520576205772057820579205802058120582205832058420585205862058720588205892059020591205922059320594205952059620597205982059920600206012060220603206042060520606206072060820609206102061120612206132061420615206162061720618206192062020621206222062320624206252062620627206282062920630206312063220633206342063520636206372063820639206402064120642206432064420645206462064720648206492065020651206522065320654206552065620657206582065920660206612066220663206642066520666206672066820669206702067120672206732067420675206762067720678206792068020681206822068320684206852068620687206882068920690206912069220693206942069520696206972069820699207002070120702207032070420705207062070720708207092071020711207122071320714207152071620717207182071920720207212072220723207242072520726207272072820729207302073120732207332073420735207362073720738207392074020741207422074320744207452074620747207482074920750207512075220753207542075520756207572075820759207602076120762207632076420765207662076720768207692077020771207722077320774207752077620777207782077920780207812078220783207842078520786207872078820789207902079120792207932079420795207962079720798207992080020801208022080320804208052080620807208082080920810208112081220813208142081520816208172081820819208202082120822208232082420825208262082720828208292083020831208322083320834208352083620837208382083920840208412084220843208442084520846208472084820849208502085120852208532085420855208562085720858208592086020861208622086320864208652086620867208682086920870208712087220873208742087520876208772087820879208802088120882208832088420885208862088720888208892089020891208922089320894208952089620897208982089920900209012090220903209042090520906209072090820909209102091120912209132091420915209162091720918209192092020921209222092320924209252092620927209282092920930209312093220933209342093520936209372093820939209402094120942209432094420945209462094720948209492095020951209522095320954209552095620957209582095920960209612096220963209642096520966209672096820969209702097120972209732097420975209762097720978209792098020981209822098320984209852098620987209882098920990209912099220993209942099520996209972099820999210002100121002210032100421005210062100721008210092101021011210122101321014210152101621017210182101921020210212102221023210242102521026210272102821029210302103121032210332103421035210362103721038210392104021041210422104321044210452104621047210482104921050210512105221053210542105521056210572105821059210602106121062210632106421065210662106721068210692107021071210722107321074210752107621077210782107921080210812108221083210842108521086210872108821089210902109121092210932109421095210962109721098210992110021101211022110321104211052110621107211082110921110211112111221113211142111521116211172111821119211202112121122211232112421125211262112721128211292113021131211322113321134211352113621137211382113921140211412114221143211442114521146211472114821149211502115121152211532115421155211562115721158211592116021161211622116321164211652116621167211682116921170211712117221173211742117521176211772117821179211802118121182211832118421185211862118721188211892119021191211922119321194211952119621197211982119921200212012120221203212042120521206212072120821209212102121121212212132121421215212162121721218212192122021221212222122321224212252122621227212282122921230212312123221233212342123521236212372123821239212402124121242212432124421245212462124721248212492125021251212522125321254212552125621257212582125921260212612126221263212642126521266212672126821269212702127121272212732127421275212762127721278212792128021281212822128321284212852128621287212882128921290212912129221293212942129521296212972129821299213002130121302213032130421305213062130721308213092131021311213122131321314213152131621317213182131921320213212132221323213242132521326213272132821329213302133121332213332133421335213362133721338213392134021341213422134321344213452134621347213482134921350213512135221353213542135521356213572135821359213602136121362213632136421365213662136721368213692137021371213722137321374213752137621377213782137921380213812138221383213842138521386213872138821389213902139121392213932139421395213962139721398213992140021401214022140321404214052140621407214082140921410214112141221413214142141521416214172141821419214202142121422214232142421425214262142721428214292143021431214322143321434214352143621437214382143921440214412144221443214442144521446214472144821449214502145121452214532145421455214562145721458214592146021461214622146321464214652146621467214682146921470214712147221473214742147521476214772147821479214802148121482214832148421485214862148721488214892149021491214922149321494214952149621497214982149921500215012150221503215042150521506215072150821509215102151121512215132151421515215162151721518215192152021521215222152321524215252152621527215282152921530215312153221533215342153521536215372153821539215402154121542215432154421545215462154721548215492155021551215522155321554215552155621557215582155921560215612156221563215642156521566215672156821569215702157121572215732157421575215762157721578215792158021581215822158321584215852158621587215882158921590215912159221593215942159521596215972159821599216002160121602216032160421605216062160721608216092161021611216122161321614216152161621617216182161921620216212162221623216242162521626216272162821629216302163121632216332163421635216362163721638216392164021641216422164321644216452164621647216482164921650216512165221653216542165521656216572165821659216602166121662216632166421665216662166721668216692167021671216722167321674216752167621677216782167921680216812168221683216842168521686216872168821689216902169121692216932169421695216962169721698216992170021701217022170321704217052170621707217082170921710217112171221713217142171521716217172171821719217202172121722217232172421725217262172721728217292173021731217322173321734217352173621737217382173921740217412174221743217442174521746217472174821749217502175121752217532175421755217562175721758217592176021761217622176321764217652176621767217682176921770217712177221773217742177521776217772177821779217802178121782217832178421785217862178721788217892179021791217922179321794217952179621797217982179921800218012180221803218042180521806218072180821809218102181121812218132181421815218162181721818218192182021821218222182321824218252182621827218282182921830218312183221833218342183521836218372183821839218402184121842218432184421845218462184721848218492185021851218522185321854218552185621857218582185921860218612186221863218642186521866218672186821869218702187121872218732187421875218762187721878218792188021881218822188321884218852188621887218882188921890218912189221893218942189521896218972189821899219002190121902219032190421905219062190721908219092191021911219122191321914219152191621917219182191921920219212192221923219242192521926219272192821929219302193121932219332193421935219362193721938219392194021941219422194321944219452194621947219482194921950219512195221953219542195521956219572195821959219602196121962219632196421965219662196721968219692197021971219722197321974219752197621977219782197921980219812198221983219842198521986219872198821989219902199121992219932199421995219962199721998219992200022001220022200322004220052200622007220082200922010220112201222013220142201522016220172201822019220202202122022220232202422025220262202722028220292203022031220322203322034220352203622037220382203922040220412204222043220442204522046220472204822049220502205122052220532205422055220562205722058220592206022061220622206322064220652206622067220682206922070220712207222073220742207522076220772207822079220802208122082220832208422085220862208722088220892209022091220922209322094220952209622097220982209922100221012210222103221042210522106221072210822109221102211122112221132211422115221162211722118221192212022121221222212322124221252212622127221282212922130221312213222133221342213522136221372213822139221402214122142221432214422145221462214722148221492215022151221522215322154221552215622157221582215922160221612216222163221642216522166221672216822169221702217122172221732217422175221762217722178221792218022181221822218322184221852218622187221882218922190221912219222193221942219522196221972219822199222002220122202222032220422205222062220722208222092221022211222122221322214222152221622217222182221922220222212222222223222242222522226222272222822229222302223122232222332223422235222362223722238222392224022241222422224322244222452224622247222482224922250222512225222253222542225522256222572225822259222602226122262222632226422265222662226722268222692227022271222722227322274222752227622277222782227922280222812228222283222842228522286222872228822289222902229122292222932229422295222962229722298222992230022301223022230322304223052230622307223082230922310223112231222313223142231522316223172231822319223202232122322223232232422325223262232722328223292233022331223322233322334223352233622337223382233922340223412234222343223442234522346223472234822349223502235122352223532235422355223562235722358223592236022361223622236322364223652236622367223682236922370223712237222373223742237522376223772237822379223802238122382223832238422385223862238722388223892239022391223922239322394223952239622397223982239922400224012240222403224042240522406224072240822409224102241122412224132241422415224162241722418224192242022421224222242322424224252242622427224282242922430224312243222433224342243522436224372243822439224402244122442224432244422445224462244722448224492245022451224522245322454224552245622457224582245922460224612246222463224642246522466224672246822469224702247122472224732247422475224762247722478224792248022481224822248322484224852248622487224882248922490224912249222493224942249522496224972249822499225002250122502225032250422505225062250722508225092251022511225122251322514225152251622517225182251922520225212252222523225242252522526225272252822529225302253122532225332253422535225362253722538225392254022541225422254322544225452254622547225482254922550225512255222553225542255522556225572255822559225602256122562225632256422565225662256722568225692257022571225722257322574225752257622577225782257922580225812258222583225842258522586225872258822589225902259122592225932259422595225962259722598225992260022601226022260322604226052260622607226082260922610226112261222613226142261522616226172261822619226202262122622226232262422625226262262722628226292263022631226322263322634226352263622637226382263922640226412264222643226442264522646226472264822649226502265122652226532265422655226562265722658226592266022661226622266322664226652266622667226682266922670226712267222673226742267522676226772267822679226802268122682226832268422685226862268722688226892269022691226922269322694226952269622697226982269922700227012270222703227042270522706227072270822709227102271122712227132271422715227162271722718227192272022721227222272322724227252272622727227282272922730227312273222733227342273522736227372273822739227402274122742227432274422745227462274722748227492275022751227522275322754227552275622757227582275922760227612276222763227642276522766227672276822769227702277122772227732277422775227762277722778227792278022781227822278322784227852278622787227882278922790227912279222793227942279522796227972279822799228002280122802228032280422805228062280722808228092281022811228122281322814228152281622817228182281922820228212282222823228242282522826228272282822829228302283122832228332283422835228362283722838228392284022841228422284322844228452284622847228482284922850228512285222853228542285522856228572285822859228602286122862228632286422865228662286722868228692287022871228722287322874228752287622877228782287922880228812288222883228842288522886228872288822889228902289122892228932289422895228962289722898228992290022901229022290322904229052290622907229082290922910229112291222913229142291522916229172291822919229202292122922229232292422925229262292722928229292293022931229322293322934229352293622937229382293922940229412294222943229442294522946229472294822949229502295122952229532295422955229562295722958229592296022961229622296322964229652296622967229682296922970229712297222973229742297522976229772297822979229802298122982229832298422985229862298722988229892299022991229922299322994229952299622997229982299923000230012300223003230042300523006230072300823009230102301123012230132301423015230162301723018230192302023021230222302323024230252302623027230282302923030230312303223033230342303523036230372303823039230402304123042230432304423045230462304723048230492305023051230522305323054230552305623057230582305923060230612306223063230642306523066230672306823069230702307123072230732307423075230762307723078230792308023081230822308323084230852308623087230882308923090230912309223093230942309523096230972309823099231002310123102231032310423105231062310723108231092311023111231122311323114231152311623117231182311923120231212312223123231242312523126231272312823129231302313123132231332313423135231362313723138231392314023141231422314323144231452314623147231482314923150231512315223153231542315523156231572315823159231602316123162231632316423165231662316723168231692317023171231722317323174231752317623177231782317923180231812318223183231842318523186231872318823189231902319123192231932319423195231962319723198231992320023201232022320323204232052320623207232082320923210232112321223213232142321523216232172321823219232202322123222232232322423225232262322723228232292323023231232322323323234232352323623237232382323923240232412324223243232442324523246232472324823249232502325123252232532325423255232562325723258232592326023261232622326323264232652326623267232682326923270232712327223273232742327523276232772327823279232802328123282232832328423285232862328723288232892329023291232922329323294232952329623297232982329923300233012330223303233042330523306233072330823309233102331123312233132331423315233162331723318233192332023321233222332323324233252332623327233282332923330233312333223333233342333523336233372333823339233402334123342233432334423345233462334723348233492335023351233522335323354233552335623357233582335923360233612336223363233642336523366233672336823369233702337123372233732337423375233762337723378233792338023381233822338323384233852338623387233882338923390233912339223393233942339523396233972339823399234002340123402234032340423405234062340723408234092341023411234122341323414234152341623417234182341923420234212342223423234242342523426234272342823429234302343123432234332343423435234362343723438234392344023441234422344323444234452344623447234482344923450234512345223453234542345523456234572345823459234602346123462234632346423465234662346723468234692347023471234722347323474234752347623477234782347923480234812348223483234842348523486234872348823489234902349123492234932349423495234962349723498234992350023501235022350323504235052350623507235082350923510235112351223513235142351523516235172351823519235202352123522235232352423525235262352723528235292353023531235322353323534235352353623537235382353923540235412354223543235442354523546235472354823549235502355123552235532355423555235562355723558235592356023561235622356323564235652356623567235682356923570235712357223573235742357523576235772357823579235802358123582235832358423585235862358723588235892359023591235922359323594235952359623597235982359923600236012360223603236042360523606236072360823609236102361123612236132361423615236162361723618236192362023621236222362323624236252362623627236282362923630236312363223633236342363523636236372363823639236402364123642236432364423645236462364723648236492365023651236522365323654236552365623657236582365923660236612366223663236642366523666236672366823669236702367123672236732367423675236762367723678236792368023681236822368323684236852368623687236882368923690236912369223693236942369523696236972369823699237002370123702237032370423705237062370723708237092371023711237122371323714237152371623717237182371923720237212372223723237242372523726237272372823729237302373123732237332373423735237362373723738237392374023741237422374323744237452374623747237482374923750237512375223753237542375523756237572375823759237602376123762237632376423765237662376723768237692377023771237722377323774237752377623777237782377923780237812378223783237842378523786237872378823789237902379123792237932379423795237962379723798237992380023801238022380323804238052380623807238082380923810238112381223813238142381523816238172381823819238202382123822238232382423825238262382723828238292383023831238322383323834238352383623837238382383923840238412384223843238442384523846238472384823849238502385123852238532385423855238562385723858238592386023861238622386323864238652386623867238682386923870238712387223873238742387523876238772387823879238802388123882238832388423885238862388723888238892389023891238922389323894238952389623897238982389923900239012390223903239042390523906239072390823909239102391123912239132391423915239162391723918239192392023921239222392323924239252392623927239282392923930239312393223933239342393523936239372393823939239402394123942239432394423945239462394723948239492395023951239522395323954239552395623957239582395923960239612396223963239642396523966239672396823969239702397123972239732397423975239762397723978239792398023981239822398323984239852398623987239882398923990239912399223993239942399523996239972399823999240002400124002240032400424005240062400724008240092401024011240122401324014240152401624017240182401924020240212402224023240242402524026240272402824029240302403124032240332403424035240362403724038240392404024041240422404324044240452404624047240482404924050240512405224053240542405524056240572405824059240602406124062240632406424065240662406724068240692407024071240722407324074240752407624077240782407924080240812408224083240842408524086240872408824089240902409124092240932409424095240962409724098240992410024101241022410324104241052410624107241082410924110241112411224113241142411524116241172411824119241202412124122241232412424125241262412724128241292413024131241322413324134241352413624137241382413924140241412414224143241442414524146241472414824149241502415124152241532415424155241562415724158241592416024161241622416324164241652416624167241682416924170241712417224173241742417524176241772417824179241802418124182241832418424185241862418724188241892419024191241922419324194241952419624197241982419924200242012420224203242042420524206242072420824209242102421124212242132421424215242162421724218242192422024221242222422324224242252422624227242282422924230242312423224233242342423524236242372423824239242402424124242242432424424245242462424724248242492425024251242522425324254242552425624257242582425924260242612426224263242642426524266242672426824269242702427124272242732427424275242762427724278242792428024281242822428324284242852428624287242882428924290242912429224293242942429524296242972429824299243002430124302243032430424305243062430724308243092431024311243122431324314243152431624317243182431924320243212432224323243242432524326243272432824329243302433124332243332433424335243362433724338243392434024341243422434324344243452434624347243482434924350243512435224353243542435524356243572435824359243602436124362243632436424365243662436724368243692437024371243722437324374243752437624377243782437924380243812438224383243842438524386243872438824389243902439124392243932439424395243962439724398243992440024401244022440324404244052440624407244082440924410244112441224413244142441524416244172441824419244202442124422244232442424425244262442724428244292443024431244322443324434244352443624437244382443924440244412444224443244442444524446244472444824449244502445124452244532445424455244562445724458244592446024461244622446324464244652446624467244682446924470244712447224473244742447524476244772447824479244802448124482244832448424485244862448724488244892449024491244922449324494244952449624497244982449924500245012450224503245042450524506245072450824509245102451124512245132451424515245162451724518245192452024521245222452324524245252452624527245282452924530245312453224533245342453524536245372453824539245402454124542245432454424545245462454724548245492455024551245522455324554245552455624557245582455924560245612456224563245642456524566245672456824569245702457124572245732457424575245762457724578245792458024581245822458324584245852458624587245882458924590245912459224593245942459524596245972459824599246002460124602246032460424605246062460724608246092461024611246122461324614246152461624617246182461924620246212462224623246242462524626246272462824629246302463124632246332463424635246362463724638246392464024641246422464324644246452464624647246482464924650246512465224653246542465524656246572465824659246602466124662246632466424665246662466724668246692467024671246722467324674246752467624677246782467924680246812468224683246842468524686246872468824689246902469124692246932469424695246962469724698246992470024701247022470324704247052470624707247082470924710247112471224713247142471524716247172471824719247202472124722247232472424725247262472724728247292473024731247322473324734247352473624737247382473924740247412474224743247442474524746247472474824749247502475124752247532475424755247562475724758247592476024761247622476324764247652476624767247682476924770247712477224773247742477524776247772477824779247802478124782247832478424785247862478724788247892479024791247922479324794247952479624797247982479924800248012480224803248042480524806248072480824809248102481124812248132481424815248162481724818248192482024821248222482324824248252482624827248282482924830248312483224833248342483524836248372483824839248402484124842248432484424845248462484724848248492485024851248522485324854248552485624857248582485924860248612486224863248642486524866248672486824869248702487124872248732487424875248762487724878248792488024881248822488324884248852488624887248882488924890248912489224893248942489524896248972489824899249002490124902249032490424905249062490724908249092491024911249122491324914249152491624917249182491924920249212492224923249242492524926249272492824929249302493124932249332493424935249362493724938249392494024941249422494324944249452494624947249482494924950249512495224953249542495524956249572495824959249602496124962249632496424965249662496724968249692497024971249722497324974249752497624977249782497924980249812498224983249842498524986249872498824989249902499124992249932499424995249962499724998249992500025001250022500325004250052500625007250082500925010250112501225013250142501525016250172501825019250202502125022250232502425025250262502725028250292503025031250322503325034250352503625037250382503925040250412504225043250442504525046250472504825049250502505125052250532505425055250562505725058250592506025061250622506325064250652506625067250682506925070250712507225073250742507525076250772507825079250802508125082250832508425085250862508725088250892509025091250922509325094250952509625097250982509925100251012510225103251042510525106251072510825109251102511125112251132511425115251162511725118251192512025121251222512325124251252512625127251282512925130251312513225133251342513525136251372513825139251402514125142251432514425145251462514725148251492515025151251522515325154251552515625157251582515925160251612516225163251642516525166251672516825169251702517125172251732517425175251762517725178251792518025181251822518325184251852518625187251882518925190251912519225193251942519525196251972519825199252002520125202252032520425205252062520725208252092521025211252122521325214252152521625217252182521925220252212522225223252242522525226252272522825229252302523125232252332523425235252362523725238252392524025241252422524325244252452524625247252482524925250252512525225253252542525525256252572525825259252602526125262252632526425265252662526725268252692527025271252722527325274252752527625277252782527925280252812528225283252842528525286252872528825289252902529125292252932529425295252962529725298252992530025301253022530325304253052530625307253082530925310253112531225313253142531525316253172531825319253202532125322253232532425325253262532725328253292533025331253322533325334253352533625337253382533925340253412534225343253442534525346253472534825349253502535125352253532535425355253562535725358253592536025361253622536325364253652536625367253682536925370253712537225373253742537525376253772537825379253802538125382253832538425385253862538725388253892539025391253922539325394253952539625397253982539925400254012540225403254042540525406254072540825409254102541125412254132541425415254162541725418254192542025421254222542325424254252542625427254282542925430254312543225433254342543525436254372543825439254402544125442254432544425445254462544725448254492545025451254522545325454254552545625457254582545925460254612546225463254642546525466254672546825469254702547125472254732547425475254762547725478254792548025481254822548325484254852548625487254882548925490254912549225493254942549525496254972549825499255002550125502255032550425505255062550725508255092551025511255122551325514255152551625517255182551925520255212552225523255242552525526255272552825529255302553125532255332553425535255362553725538255392554025541255422554325544255452554625547255482554925550255512555225553255542555525556255572555825559255602556125562255632556425565255662556725568255692557025571255722557325574255752557625577255782557925580255812558225583255842558525586255872558825589255902559125592255932559425595255962559725598255992560025601256022560325604256052560625607256082560925610256112561225613256142561525616256172561825619256202562125622256232562425625256262562725628256292563025631256322563325634256352563625637256382563925640256412564225643256442564525646256472564825649256502565125652256532565425655256562565725658256592566025661256622566325664256652566625667256682566925670256712567225673256742567525676256772567825679256802568125682256832568425685256862568725688256892569025691256922569325694256952569625697256982569925700257012570225703257042570525706257072570825709257102571125712257132571425715257162571725718257192572025721257222572325724257252572625727257282572925730257312573225733257342573525736257372573825739257402574125742257432574425745257462574725748257492575025751257522575325754257552575625757257582575925760257612576225763257642576525766257672576825769257702577125772257732577425775257762577725778257792578025781257822578325784257852578625787257882578925790257912579225793257942579525796257972579825799258002580125802258032580425805258062580725808258092581025811258122581325814258152581625817258182581925820258212582225823258242582525826258272582825829258302583125832258332583425835258362583725838258392584025841258422584325844258452584625847258482584925850258512585225853258542585525856258572585825859258602586125862258632586425865258662586725868258692587025871258722587325874258752587625877258782587925880258812588225883258842588525886258872588825889258902589125892258932589425895258962589725898258992590025901259022590325904259052590625907259082590925910259112591225913259142591525916259172591825919259202592125922259232592425925259262592725928259292593025931259322593325934259352593625937259382593925940259412594225943259442594525946259472594825949259502595125952259532595425955259562595725958259592596025961259622596325964259652596625967259682596925970259712597225973259742597525976259772597825979259802598125982259832598425985259862598725988259892599025991259922599325994259952599625997259982599926000260012600226003260042600526006260072600826009260102601126012260132601426015260162601726018260192602026021260222602326024260252602626027260282602926030260312603226033260342603526036260372603826039260402604126042260432604426045260462604726048260492605026051260522605326054260552605626057260582605926060260612606226063260642606526066260672606826069260702607126072260732607426075260762607726078260792608026081260822608326084260852608626087260882608926090260912609226093260942609526096260972609826099261002610126102261032610426105261062610726108261092611026111261122611326114261152611626117261182611926120261212612226123261242612526126261272612826129261302613126132261332613426135261362613726138261392614026141261422614326144261452614626147261482614926150261512615226153261542615526156261572615826159261602616126162261632616426165261662616726168261692617026171261722617326174261752617626177261782617926180261812618226183261842618526186261872618826189261902619126192261932619426195261962619726198261992620026201262022620326204262052620626207262082620926210262112621226213262142621526216262172621826219262202622126222262232622426225262262622726228262292623026231262322623326234262352623626237262382623926240262412624226243262442624526246262472624826249262502625126252262532625426255262562625726258262592626026261262622626326264262652626626267262682626926270262712627226273262742627526276262772627826279262802628126282262832628426285262862628726288262892629026291262922629326294262952629626297262982629926300263012630226303263042630526306263072630826309263102631126312263132631426315263162631726318263192632026321263222632326324263252632626327263282632926330263312633226333263342633526336263372633826339263402634126342263432634426345263462634726348263492635026351263522635326354263552635626357263582635926360263612636226363263642636526366263672636826369263702637126372263732637426375263762637726378263792638026381263822638326384263852638626387263882638926390263912639226393263942639526396263972639826399264002640126402264032640426405264062640726408264092641026411264122641326414264152641626417264182641926420264212642226423264242642526426264272642826429264302643126432264332643426435264362643726438264392644026441264422644326444264452644626447264482644926450264512645226453264542645526456264572645826459264602646126462264632646426465264662646726468264692647026471264722647326474264752647626477264782647926480264812648226483264842648526486264872648826489264902649126492264932649426495264962649726498264992650026501265022650326504265052650626507265082650926510265112651226513265142651526516265172651826519265202652126522265232652426525265262652726528265292653026531265322653326534265352653626537265382653926540265412654226543265442654526546265472654826549265502655126552265532655426555265562655726558265592656026561265622656326564265652656626567265682656926570265712657226573265742657526576265772657826579265802658126582265832658426585265862658726588265892659026591265922659326594265952659626597265982659926600266012660226603266042660526606266072660826609266102661126612266132661426615266162661726618266192662026621266222662326624266252662626627266282662926630266312663226633266342663526636266372663826639266402664126642266432664426645266462664726648266492665026651266522665326654266552665626657266582665926660266612666226663266642666526666266672666826669266702667126672266732667426675266762667726678266792668026681266822668326684266852668626687266882668926690266912669226693266942669526696266972669826699267002670126702267032670426705267062670726708267092671026711267122671326714267152671626717267182671926720267212672226723267242672526726267272672826729267302673126732267332673426735267362673726738267392674026741267422674326744267452674626747267482674926750267512675226753267542675526756267572675826759267602676126762267632676426765267662676726768267692677026771267722677326774267752677626777267782677926780267812678226783267842678526786267872678826789267902679126792267932679426795267962679726798267992680026801268022680326804268052680626807268082680926810268112681226813268142681526816268172681826819268202682126822268232682426825
  1. Changes in version 0.3.3.1-alpha - 2018-01-25
  2. Tor 0.3.3.1-alpha is the first release in the 0.3.3.x series. It adds
  3. several new features to Tor, including several improvements to
  4. bootstrapping, and support for an experimental "vanguards" feature to
  5. resist guard discovery attacks. This series also includes better
  6. support for applications that need to embed Tor or manage v3
  7. onion services.
  8. o Major features (embedding):
  9. - There is now a documented stable API for programs that need to
  10. embed Tor. See tor_api.h for full documentation and known bugs.
  11. Closes ticket 23684.
  12. - Tor now has support for restarting in the same process.
  13. Controllers that run Tor using the "tor_api.h" interface can now
  14. restart Tor after Tor has exited. This support is incomplete,
  15. however: we fixed crash bugs that prevented it from working at
  16. all, but many bugs probably remain, including a possibility of
  17. security issues. Implements ticket 24581.
  18. o Major features (IPv6, directory documents):
  19. - Add consensus method 27, which adds IPv6 ORPorts to the microdesc
  20. consensus. This information makes it easier for IPv6 clients to
  21. bootstrap and choose reachable entry guards. Implements 23826.
  22. - Add consensus method 28, which removes IPv6 ORPorts from
  23. microdescriptors. Now that the consensus contains IPv6 ORPorts,
  24. they are redundant in microdescs. This change will be used by Tor
  25. clients on 0.2.8.x and later. (That is to say, with all Tor
  26. clients having IPv6 bootstrap and guard support.) Implements 23828.
  27. - Expand the documentation for AuthDirHasIPv6Connectivity when it is
  28. set by different numbers of authorities. Fixes 23870
  29. on 0.2.4.1-alpha.
  30. o Major features (onion service v3, control port):
  31. - The control port now supports commands and events for v3 onion
  32. services. It is now possible to create ephemeral v3 services using
  33. ADD_ONION. Additionally, several events (HS_DESC, HS_DESC_CONTENT,
  34. CIRC and CIRC_MINOR) and commands (GETINFO, HSPOST, ADD_ONION and
  35. DEL_ONION) have been extended to support v3 onion services. Closes
  36. ticket 20699; implements proposal 284.
  37. o Major features (onion services):
  38. - Provide torrc options to pin the second and third hops of onion
  39. service circuits to a list of nodes. The option HSLayer2Guards
  40. pins the second hop, and the option HSLayer3Guards pins the third
  41. hop. These options are for use in conjunction with experiments
  42. with "vanguards" for preventing guard enumeration attacks. Closes
  43. ticket 13837.
  44. o Major features (rust, portability, experimental):
  45. - Tor now ships with an optional implementation of one of its
  46. smaller modules (protover.c) in the Rust programming language. To
  47. try it out, install a Rust build environment, and configure Tor
  48. with "--enable-rust --enable-cargo-online-mode". This should not
  49. cause any user-visible changes, but should help us gain more
  50. experience with Rust, and plan future Rust integration work.
  51. Implementation by Chelsea Komlo. Closes ticket 22840.
  52. o Major features (storage, configuration):
  53. - Users can store cached directory documents somewhere other than
  54. the DataDirectory by using the CacheDirectory option. Similarly,
  55. the storage location for relay's keys can be overridden with the
  56. KeyDirectory option. Closes ticket 22703.
  57. o Major features (v3 onion services, ipv6):
  58. - When v3 onion service clients send introduce cells, they now
  59. include the IPv6 address of the rendezvous point, if it has one.
  60. Current v3 onion services running 0.3.2 ignore IPv6 addresses, but
  61. in future Tor versions, IPv6-only v3 single onion services will be
  62. able to use IPv6 addresses to connect directly to the rendezvous
  63. point. Closes ticket 23577. Patch by Neel Chauhan.
  64. o Major bugfixes (onion services, retry behavior):
  65. - Fix an "off by 2" error in counting rendezvous failures on the
  66. onion service side. While we thought we would stop the rendezvous
  67. attempt after one failed circuit, we were actually making three
  68. circuit attempts before giving up. Now switch to a default of 2,
  69. and allow the consensus parameter "hs_service_max_rdv_failures" to
  70. override. Fixes bug 24895; bugfix on 0.0.6.
  71. - New-style (v3) onion services now obey the "max rendezvous circuit
  72. attempts" logic. Previously they would make as many rendezvous
  73. circuit attempts as they could fit in the MAX_REND_TIMEOUT second
  74. window before giving up. Fixes bug 24894; bugfix on 0.3.2.1-alpha.
  75. o Major bugfixes (relays):
  76. - Fix a set of false positives where relays would consider
  77. connections to other relays as being client-only connections (and
  78. thus e.g. deserving different link padding schemes) if those
  79. relays fell out of the consensus briefly. Now we look only at the
  80. initial handshake and whether the connection authenticated as a
  81. relay. Fixes bug 24898; bugfix on 0.3.1.1-alpha.
  82. o Minor feature (IPv6):
  83. - Make IPv6-only clients wait for microdescs for relays, even if we
  84. were previously using descriptors (or were using them as a bridge)
  85. and have a cached descriptor for them. Implements 23827.
  86. - When a consensus has IPv6 ORPorts, make IPv6-only clients use
  87. them, rather than waiting to download microdescriptors.
  88. Implements 23827.
  89. o Minor features (cleanup):
  90. - Tor now deletes the CookieAuthFile and ExtORPortCookieAuthFile
  91. when it stops. Closes ticket 23271.
  92. o Minor features (defensive programming):
  93. - Most of the functions in Tor that free objects have been replaced
  94. with macros that free the objects and set the corresponding
  95. pointers to NULL. This change should help prevent a large class of
  96. dangling pointer bugs. Closes ticket 24337.
  97. - Where possible, the tor_free() macro now only evaluates its input
  98. once. Part of ticket 24337.
  99. - Check that microdesc ed25519 ids are non-zero in
  100. node_get_ed25519_id() before returning them. Implements 24001,
  101. patch by "aruna1234".
  102. o Minor features (directory authority):
  103. - Make the "Exit" flag assignment only depend on whether the exit
  104. policy allows connections to ports 80 and 443. Previously relays
  105. would get the Exit flag if they allowed connections to one of
  106. these ports and also port 6667. Resolves ticket 23637.
  107. o Minor features (embedding):
  108. - Tor can now start with a preauthenticated control connection
  109. created by the process that launched it. This feature is meant for
  110. use by programs that want to launch and manage a Tor process
  111. without allowing other programs to manage it as well. For more
  112. information, see the __OwningControllerFD option documented in
  113. control-spec.txt. Closes ticket 23900.
  114. - On most errors that would cause Tor to exit, it now tries to
  115. return from the tor_main() function, rather than calling the
  116. system exit() function. Most users won't notice a difference here,
  117. but it should make a significant for programs that run Tor inside
  118. a separate thread: they should now be able to survive Tor's exit
  119. conditions rather than having Tor shut down the entire process.
  120. Closes ticket 23848.
  121. - Applications that want to embed Tor can now tell Tor not to
  122. register any of its own POSIX signal handlers, using the
  123. __DisableSignalHandlers option. Closes ticket 24588.
  124. o Minor features (fallback directory list):
  125. - Avoid selecting fallbacks that change their IP addresses too
  126. often. Select more fallbacks by ignoring the Guard flag, and
  127. allowing lower cutoffs for the Running and V2Dir flags. Also allow
  128. a lower bandwidth, and a higher number of fallbacks per operator
  129. (5% of the list). Implements ticket 24785.
  130. - Update the fallback whitelist and blacklist based on opt-ins and
  131. relay changes. Closes tickets 22321, 24678, 22527, 24135,
  132. and 24695.
  133. o Minor features (fallback directory mirror configuration):
  134. - Add a nickname to each fallback in a C comment. This makes it
  135. easier for operators to find their relays, and allows stem to use
  136. nicknames to identify fallbacks. Implements ticket 24600.
  137. - Add a type and version header to the fallback directory mirror
  138. file. Also add a delimiter to the end of each fallback entry. This
  139. helps external parsers like stem and Relay Search. Implements
  140. ticket 24725.
  141. - Add an extrainfo cache flag for each fallback in a C comment. This
  142. allows stem to use fallbacks to fetch extra-info documents, rather
  143. than using authorities. Implements ticket 22759.
  144. - Add the generateFallbackDirLine.py script for automatically
  145. generating fallback directory mirror lines from relay fingerprints.
  146. No more typos! Add the lookupFallbackDirContact.py script for
  147. automatically looking up operator contact info from relay
  148. fingerprints. Implements ticket 24706, patch by teor and atagar.
  149. - Reject any fallback directory mirror that serves an expired
  150. consensus. Implements ticket 20942, patch by "minik".
  151. - Remove commas and equals signs from external string inputs to the
  152. fallback list. This avoids format confusion attacks. Implements
  153. ticket 24726.
  154. - Remove the "weight=10" line from fallback directory mirror
  155. entries. Ticket 24681 will maintain the current fallback weights
  156. by changing Tor's default fallback weight to 10. Implements
  157. ticket 24679.
  158. - Stop logging excessive information about fallback netblocks.
  159. Implements ticket 24791.
  160. o Minor features (forward-compatibility):
  161. - If a relay supports some link authentication protocol that we do
  162. not recognize, then include that relay's ed25519 key when telling
  163. other relays to extend to it. Previously, we treated future
  164. versions as if they were too old to support ed25519 link
  165. authentication. Closes ticket 20895.
  166. o Minor features (heartbeat):
  167. - Add onion service information to our heartbeat logs, displaying
  168. stats about the activity of configured onion services. Closes
  169. ticket 24896.
  170. o Minor features (instrumentation, development):
  171. - Add the MainloopStats option to allow developers to get
  172. instrumentation information from the main event loop via the
  173. heartbeat messages. We hope to use this to improve Tor's behavior
  174. when it's trying to sleep. Closes ticket 24605.
  175. o Minor features (log messages):
  176. - Improve a warning message that happens when we fail to re-parse an
  177. old router because of an expired certificate. Closes ticket 20020.
  178. - Make the log more quantitative when we hit MaxMemInQueues
  179. threshold exposing some values. Closes ticket 24501.
  180. o Minor features (logging, android):
  181. - Added support for the Android logging subsystem. Closes
  182. ticket 24362.
  183. o Minor features (performance):
  184. - Support predictive circuit building for onion service circuits
  185. with multiple layers of guards. Closes ticket 23101.
  186. - Use stdatomic.h where available, rather than mutexes, to implement
  187. atomic_counter_t. Closes ticket 23953.
  188. o Minor features (performance, 32-bit):
  189. - Improve performance on 32-bit systems by avoiding 64-bit division
  190. when calculating the timestamp in milliseconds for channel padding
  191. computations. Implements ticket 24613.
  192. - Improve performance on 32-bit systems by avoiding 64-bit division
  193. when timestamping cells and buffer chunks for OOM calculations.
  194. Implements ticket 24374.
  195. o Minor features (performance, OSX, iOS):
  196. - Use the mach_approximate_time() function (when available) to
  197. implement coarse monotonic time. Having a coarse time function
  198. should avoid a large number of system calls, and improve
  199. performance slightly, especially under load. Closes ticket 24427.
  200. o Minor features (performance, windows):
  201. - Improve performance on Windows Vista and Windows 7 by adjusting
  202. TCP send window size according to the recommendation from
  203. SIO_IDEAL_SEND_BACKLOG_QUERY. Closes ticket 22798. Patch
  204. from Vort.
  205. o Minor features (relay):
  206. - Implement an option, ReducedExitPolicy, to allow an Tor exit relay
  207. operator to use a more reasonable ("reduced") exit policy, rather
  208. than the default one. If you want to run an exit node without
  209. thinking too hard about which ports to allow, this one is for you.
  210. Closes ticket 13605. Patch from Neel Chauhan.
  211. o Minor features (testing, debugging, embedding):
  212. - For development purposes, Tor now has a mode in which it runs for
  213. a few seconds, then stops, and starts again without exiting the
  214. process. This mode is meant to help us debug various issues with
  215. ticket 23847. To use this feature, compile with
  216. --enable-restart-debugging, and set the TOR_DEBUG_RESTART
  217. environment variable. This is expected to crash a lot, and is
  218. really meant for developers only. It will likely be removed in a
  219. future release. Implements ticket 24583.
  220. o Minor bugfix (network IPv6 test):
  221. - Tor's test scripts now check if "ping -6 ::1" works when the user
  222. runs "make test-network-all". Fixes bug 24677; bugfix on
  223. 0.2.9.3-alpha. Patch by "ffmancera".
  224. o Minor bugfixes (build, rust):
  225. - Fix output of autoconf checks to display success messages for Rust
  226. dependencies and a suitable rustc compiler version. Fixes bug
  227. 24612; bugfix on 0.3.1.3-alpha.
  228. - When building with Rust on OSX, link against libresolv, to work
  229. around the issue at https://github.com/rust-lang/rust/issues/46797.
  230. Fixes bug 24652; bugfix on 0.3.1.1-alpha.
  231. - Don't pass the --quiet option to cargo: it seems to suppress some
  232. errors, which is not what we want to do when building. Fixes bug
  233. 24518; bugfix on 0.3.1.7.
  234. - Build correctly when building from outside Tor's source tree with
  235. the TOR_RUST_DEPENDENCIES option set. Fixes bug 22768; bugfix
  236. on 0.3.1.7.
  237. o Minor bugfixes (directory authorities, IPv6):
  238. - When creating a routerstatus (vote) from a routerinfo (descriptor),
  239. set the IPv6 address to the unspecified IPv6 address, and
  240. explicitly initialize the port to zero. Fixes bug 24488; bugfix
  241. on 0.2.4.1-alpha.
  242. o Minor bugfixes (fallback directory mirrors):
  243. - Make updateFallbackDirs.py search harder for python. (Some OSs
  244. don't put it in /usr/bin.) Fixes bug 24708; bugfix
  245. on 0.2.8.1-alpha.
  246. o Minor bugfixes (hibernation, bandwidth accounting, shutdown):
  247. - When hibernating, close connections normally and allow them to
  248. flush. Fixes bug 23571; bugfix on 0.2.4.7-alpha. Also fixes
  249. bug 7267.
  250. - Do not attempt to launch self-reachability tests when entering
  251. hibernation. Fixes a case of bug 12062; bugfix on 0.0.9pre5.
  252. - Resolve several bugs related to descriptor fetching on bridge
  253. clients with bandwidth accounting enabled. (This combination is
  254. not recommended!) Fixes a case of bug 12062; bugfix
  255. on 0.2.0.3-alpha.
  256. - When hibernating, do not attempt to launch DNS checks. Fixes a
  257. case of bug 12062; bugfix on 0.1.2.2-alpha.
  258. - When hibernating, do not try to upload or download descriptors.
  259. Fixes a case of bug 12062; bugfix on 0.0.9pre5.
  260. o Minor bugfixes (IPv6, bridges):
  261. - Tor now always sets IPv6 preferences for bridges. Fixes bug 24573;
  262. bugfix on 0.2.8.2-alpha.
  263. - Tor now sets IPv6 address in the routerstatus as well as in the
  264. router descriptors when updating addresses for a bridge. Closes
  265. ticket 24572; bugfix on 0.2.4.5-alpha. Patch by "ffmancera".
  266. o Minor bugfixes (linux seccomp2 sandbox):
  267. - When running with the sandbox enabled, reload configuration files
  268. correctly even when %include was used. Previously we would crash.
  269. Fixes bug 22605; bugfix on 0.3.1. Patch from Daniel Pinto.
  270. o Minor bugfixes (memory leaks):
  271. - Avoid possible at-exit memory leaks related to use of Libevent's
  272. event_base_once() function. (This function tends to leak memory if
  273. the event_base is closed before the event fires.) Fixes bug 24584;
  274. bugfix on 0.2.8.1-alpha.
  275. - Fix a harmless memory leak in tor-resolve. Fixes bug 24582; bugfix
  276. on 0.2.1.1-alpha.
  277. o Minor bugfixes (OSX):
  278. - Don't exit the Tor process if setrlimit() fails to change the file
  279. limit (which can happen sometimes on some versions of OSX). Fixes
  280. bug 21074; bugfix on 0.0.9pre5.
  281. o Minor bugfixes (performance, fragile-hardening):
  282. - Improve the performance of our consensus-diff application code
  283. when Tor is built with the --enable-fragile-hardening option set.
  284. Fixes bug 24826; bugfix on 0.3.1.1-alpha.
  285. o Minor bugfixes (performance, timeouts):
  286. - Consider circuits for timeout as soon as they complete a hop. This
  287. is more accurate than applying the timeout in
  288. circuit_expire_building() because that function is only called
  289. once per second, which is now too slow for typical timeouts on the
  290. current network. Fixes bug 23114; bugfix on 0.2.2.2-alpha.
  291. - Use onion service circuits (and other circuits longer than 3 hops)
  292. to calculate a circuit build timeout. Previously, Tor only
  293. calculated its build timeout based on circuits that planned to be
  294. exactly 3 hops long. With this change, we include measurements
  295. from all circuits at the point where they complete their third
  296. hop. Fixes bug 23100; bugfix on 0.2.2.2-alpha.
  297. o Minor bugfixes (testing):
  298. - Give out Exit flags in bootstrapping networks. Fixes bug 24137;
  299. bugfix on 0.2.3.1-alpha.
  300. - Fix a memory leak in the scheduler/loop_kist unit test. Fixes bug
  301. 25005; bugfix on 0.3.2.7-rc.
  302. o Code simplification and refactoring:
  303. - Remove /usr/athena from search path in configure.ac. Closes
  304. ticket 24363.
  305. - Remove duplicate code in node_has_curve25519_onion_key() and
  306. node_get_curve25519_onion_key(), and add a check for a zero
  307. microdesc curve25519 onion key. Closes ticket 23966, patch by
  308. "aruna1234" and teor.
  309. - Rewrite channel_rsa_id_group_set_badness to reduce temporary
  310. memory allocations with large numbers of OR connections (e.g.
  311. relays). Closes ticket 24119.
  312. - Separate the function that deletes ephemeral files when Tor
  313. stops gracefully.
  314. - Small changes to Tor's buf_t API to make it suitable for use as a
  315. general-purpose safe string constructor. Closes ticket 22342.
  316. - Switch -Wnormalized=id to -Wnormalized=nfkc in configure.ac to
  317. avoid source code identifier confusion. Closes ticket 24467.
  318. - The tor_git_revision[] constant no longer needs to be redeclared
  319. by everything that links against the rest of Tor. Done as part of
  320. ticket 23845, to simplify our external API.
  321. - We make extend_info_from_node() use node_get_curve25519_onion_key()
  322. introduced in ticket 23577 to access the curve25519 public keys
  323. rather than accessing it directly. Closes ticket 23760. Patch by
  324. Neel Chauhan.
  325. - Add a function to log channels' scheduler state changes to aid
  326. debugging efforts. Closes ticket 24531.
  327. o Documentation:
  328. - Add documentation on how to build tor with Rust dependencies
  329. without having to be online. Closes ticket 22907; bugfix
  330. on 0.3.0.3-alpha.
  331. - Clarify the behavior of RelayBandwidth{Rate,Burst} with client
  332. traffic. Closes ticket 24318.
  333. - Document that OutboundBindAddress doesn't apply to DNS requests.
  334. Closes ticket 22145. Patch from Aruna Maurya.
  335. - Document that operators who run more than one relay or bridge are
  336. expected to set MyFamily and ContactInfo correctly. Closes
  337. ticket 24526.
  338. o Code simplification and refactoring (channels):
  339. - Remove the incoming and outgoing channel queues. These were never
  340. used, but still took up a step in our fast path.
  341. - The majority of the channel unit tests have been rewritten and the
  342. code coverage has now been raised to 83.6% for channel.c. Closes
  343. ticket 23709.
  344. - Remove other dead code from the channel subsystem: All together,
  345. this cleanup has removed more than 1500 lines of code overall and
  346. adding very little except for unit test.
  347. o Code simplification and refactoring (circuit rendezvous):
  348. - Split the client-size rendezvous circuit lookup into two
  349. functions: one that returns only established circuits and another
  350. that returns all kinds of circuits. Closes ticket 23459.
  351. o Code simplification and refactoring (controller):
  352. - Make most of the variables in networkstatus_getinfo_by_purpose()
  353. const. Implements ticket 24489.
  354. Changes in version 0.3.2.9 - 2018-01-09
  355. Tor 0.3.2.9 is the first stable release in the 0.3.2 series.
  356. The 0.3.2 series includes our long-anticipated new onion service
  357. design, with numerous security features. (For more information, see
  358. our blog post at https://blog.torproject.org/fall-harvest.) We also
  359. have a new circuit scheduler algorithm for improved performance on
  360. relays everywhere (see https://blog.torproject.org/kist-and-tell),
  361. along with many smaller features and bugfixes.
  362. Per our stable release policy, we plan to support each stable release
  363. series for at least the next nine months, or for three months after
  364. the first stable release of the next series: whichever is longer. If
  365. you need a release with long-term support, we recommend that you stay
  366. with the 0.2.9 series.
  367. Below is a list of the changes since 0.3.2.8-rc. For a list of all
  368. changes since 0.3.1, see the ReleaseNotes file.
  369. o Minor features (fallback directory mirrors):
  370. - The fallback directory list has been re-generated based on the
  371. current status of the network. Tor uses fallback directories to
  372. bootstrap when it doesn't yet have up-to-date directory
  373. information. Closes ticket 24801.
  374. - Make the default DirAuthorityFallbackRate 0.1, so that clients
  375. prefer to bootstrap from fallback directory mirrors. This is a
  376. follow-up to 24679, which removed weights from the default
  377. fallbacks. Implements ticket 24681.
  378. o Minor features (geoip):
  379. - Update geoip and geoip6 to the January 5 2018 Maxmind GeoLite2
  380. Country database.
  381. o Minor bugfixes (address selection):
  382. - When the fascist_firewall_choose_address_ functions don't find a
  383. reachable address, set the returned address to the null address
  384. and port. This is a precautionary measure, because some callers do
  385. not check the return value. Fixes bug 24736; bugfix
  386. on 0.2.8.2-alpha.
  387. o Minor bugfixes (compilation):
  388. - Resolve a few shadowed-variable warnings in the onion service
  389. code. Fixes bug 24634; bugfix on 0.3.2.1-alpha.
  390. o Minor bugfixes (portability, msvc):
  391. - Fix a bug in the bit-counting parts of our timing-wheel code on
  392. MSVC. (Note that MSVC is still not a supported build platform, due
  393. to cyptographic timing channel risks.) Fixes bug 24633; bugfix
  394. on 0.2.9.1-alpha.
  395. Changes in version 0.3.2.8-rc - 2017-12-21
  396. Tor 0.3.2.8-rc fixes a pair of bugs in the KIST and KISTLite
  397. schedulers that had led servers under heavy load to overload their
  398. outgoing connections. All relay operators running earlier 0.3.2.x
  399. versions should upgrade. This version also includes a mitigation for
  400. over-full DESTROY queues leading to out-of-memory conditions: if it
  401. works, we will soon backport it to earlier release series.
  402. This is the second release candidate in the 0.3.2 series. If we find
  403. no new bugs or regression here, then the first stable 0.3.2 release
  404. will be nearly identical to this.
  405. o Major bugfixes (KIST, scheduler):
  406. - The KIST scheduler did not correctly account for data already
  407. enqueued in each connection's send socket buffer, particularly in
  408. cases when the TCP/IP congestion window was reduced between
  409. scheduler calls. This situation lead to excessive per-connection
  410. buffering in the kernel, and a potential memory DoS. Fixes bug
  411. 24665; bugfix on 0.3.2.1-alpha.
  412. o Minor features (geoip):
  413. - Update geoip and geoip6 to the December 6 2017 Maxmind GeoLite2
  414. Country database.
  415. o Minor bugfixes (hidden service v3):
  416. - Bump hsdir_spread_store parameter from 3 to 4 in order to increase
  417. the probability of reaching a service for a client missing
  418. microdescriptors. Fixes bug 24425; bugfix on 0.3.2.1-alpha.
  419. o Minor bugfixes (memory usage):
  420. - When queuing DESTROY cells on a channel, only queue the circuit-id
  421. and reason fields: not the entire 514-byte cell. This fix should
  422. help mitigate any bugs or attacks that fill up these queues, and
  423. free more RAM for other uses. Fixes bug 24666; bugfix
  424. on 0.2.5.1-alpha.
  425. o Minor bugfixes (scheduler, KIST):
  426. - Use a sane write limit for KISTLite when writing onto a connection
  427. buffer instead of using INT_MAX and shoving as much as it can.
  428. Because the OOM handler cleans up circuit queues, we are better
  429. off at keeping them in that queue instead of the connection's
  430. buffer. Fixes bug 24671; bugfix on 0.3.2.1-alpha.
  431. Changes in version 0.3.2.7-rc - 2017-12-14
  432. Tor 0.3.2.7-rc fixes various bugs in earlier versions of Tor,
  433. including some that could affect reliability or correctness.
  434. This is the first release candidate in the 0.3.2 series. If we find no
  435. new bugs or regression here, then the first stable 0.3.2. release will
  436. be nearly identical to this.
  437. o Major bugfixes (circuit prediction):
  438. - Fix circuit prediction logic so that a client doesn't treat a port
  439. as being "handled" by a circuit if that circuit already has
  440. isolation settings on it. This change should make Tor clients more
  441. responsive by improving their chances of having a pre-created
  442. circuit ready for use when a request arrives. Fixes bug 18859;
  443. bugfix on 0.2.3.3-alpha.
  444. o Minor features (logging):
  445. - Provide better warnings when the getrandom() syscall fails. Closes
  446. ticket 24500.
  447. o Minor features (portability):
  448. - Tor now compiles correctly on arm64 with libseccomp-dev installed.
  449. (It doesn't yet work with the sandbox enabled.) Closes
  450. ticket 24424.
  451. o Minor bugfixes (bridge clients, bootstrap):
  452. - Retry directory downloads when we get our first bridge descriptor
  453. during bootstrap or while reconnecting to the network. Keep
  454. retrying every time we get a bridge descriptor, until we have a
  455. reachable bridge. Fixes part of bug 24367; bugfix on 0.2.0.3-alpha.
  456. - Stop delaying bridge descriptor fetches when we have cached bridge
  457. descriptors. Instead, only delay bridge descriptor fetches when we
  458. have at least one reachable bridge. Fixes part of bug 24367;
  459. bugfix on 0.2.0.3-alpha.
  460. - Stop delaying directory fetches when we have cached bridge
  461. descriptors. Instead, only delay bridge descriptor fetches when
  462. all our bridges are definitely unreachable. Fixes part of bug
  463. 24367; bugfix on 0.2.0.3-alpha.
  464. o Minor bugfixes (compilation):
  465. - Fix a signed/unsigned comparison warning introduced by our fix to
  466. TROVE-2017-009. Fixes bug 24480; bugfix on 0.2.5.16.
  467. o Minor bugfixes (correctness):
  468. - Fix several places in our codebase where a C compiler would be
  469. likely to eliminate a check, based on assuming that undefined
  470. behavior had not happened elsewhere in the code. These cases are
  471. usually a sign of redundant checking or dubious arithmetic. Found
  472. by Georg Koppen using the "STACK" tool from Wang, Zeldovich,
  473. Kaashoek, and Solar-Lezama. Fixes bug 24423; bugfix on various
  474. Tor versions.
  475. o Minor bugfixes (onion service v3):
  476. - Fix a race where an onion service would launch a new intro circuit
  477. after closing an old one, but fail to register it before freeing
  478. the previously closed circuit. This bug was making the service
  479. unable to find the established intro circuit and thus not upload
  480. its descriptor, thus making a service unavailable for up to 24
  481. hours. Fixes bug 23603; bugfix on 0.3.2.1-alpha.
  482. o Minor bugfixes (scheduler, KIST):
  483. - Properly set the scheduler state of an unopened channel in the
  484. KIST scheduler main loop. This prevents a harmless but annoying
  485. log warning. Fixes bug 24502; bugfix on 0.3.2.4-alpha.
  486. - Avoid a possible integer overflow when computing the available
  487. space on the TCP buffer of a channel. This had no security
  488. implications; but could make KIST allow too many cells on a
  489. saturated connection. Fixes bug 24590; bugfix on 0.3.2.1-alpha.
  490. - Downgrade to "info" a harmless warning about the monotonic time
  491. moving backwards: This can happen on platform not supporting
  492. monotonic time. Fixes bug 23696; bugfix on 0.3.2.1-alpha.
  493. Changes in version 0.3.2.6-alpha - 2017-12-01
  494. This version of Tor is the latest in the 0.3.2 alpha series. It
  495. includes fixes for several important security issues. All Tor users
  496. should upgrade to this release, or to one of the other releases coming
  497. out today.
  498. o Major bugfixes (security):
  499. - Fix a denial of service bug where an attacker could use a
  500. malformed directory object to cause a Tor instance to pause while
  501. OpenSSL would try to read a passphrase from the terminal. (Tor
  502. instances run without a terminal, which is the case for most Tor
  503. packages, are not impacted.) Fixes bug 24246; bugfix on every
  504. version of Tor. Also tracked as TROVE-2017-011 and CVE-2017-8821.
  505. Found by OSS-Fuzz as testcase 6360145429790720.
  506. - Fix a denial of service issue where an attacker could crash a
  507. directory authority using a malformed router descriptor. Fixes bug
  508. 24245; bugfix on 0.2.9.4-alpha. Also tracked as TROVE-2017-010
  509. and CVE-2017-8820.
  510. - When checking for replays in the INTRODUCE1 cell data for a
  511. (legacy) onion service, correctly detect replays in the RSA-
  512. encrypted part of the cell. We were previously checking for
  513. replays on the entire cell, but those can be circumvented due to
  514. the malleability of Tor's legacy hybrid encryption. This fix helps
  515. prevent a traffic confirmation attack. Fixes bug 24244; bugfix on
  516. 0.2.4.1-alpha. This issue is also tracked as TROVE-2017-009
  517. and CVE-2017-8819.
  518. o Major bugfixes (security, onion service v2):
  519. - Fix a use-after-free error that could crash v2 Tor onion services
  520. when they failed to open circuits while expiring introduction
  521. points. Fixes bug 24313; bugfix on 0.2.7.2-alpha. This issue is
  522. also tracked as TROVE-2017-013 and CVE-2017-8823.
  523. o Major bugfixes (security, relay):
  524. - When running as a relay, make sure that we never build a path
  525. through ourselves, even in the case where we have somehow lost the
  526. version of our descriptor appearing in the consensus. Fixes part
  527. of bug 21534; bugfix on 0.2.0.1-alpha. This issue is also tracked
  528. as TROVE-2017-012 and CVE-2017-8822.
  529. - When running as a relay, make sure that we never choose ourselves
  530. as a guard. Fixes part of bug 21534; bugfix on 0.3.0.1-alpha. This
  531. issue is also tracked as TROVE-2017-012 and CVE-2017-8822.
  532. o Minor feature (relay statistics):
  533. - Change relay bandwidth reporting stats interval from 4 hours to 24
  534. hours in order to reduce the efficiency of guard discovery
  535. attacks. Fixes ticket 23856.
  536. o Minor features (directory authority):
  537. - Add an IPv6 address for the "bastet" directory authority. Closes
  538. ticket 24394.
  539. o Minor bugfixes (client):
  540. - By default, do not enable storage of client-side DNS values. These
  541. values were unused by default previously, but they should not have
  542. been cached at all. Fixes bug 24050; bugfix on 0.2.6.3-alpha.
  543. Changes in version 0.3.1.9 - 2017-12-01:
  544. Tor 0.3.1.9 backports important security and stability fixes from the
  545. 0.3.2 development series. All Tor users should upgrade to this
  546. release, or to another of the releases coming out today.
  547. o Major bugfixes (security, backport from 0.3.2.6-alpha):
  548. - Fix a denial of service bug where an attacker could use a
  549. malformed directory object to cause a Tor instance to pause while
  550. OpenSSL would try to read a passphrase from the terminal. (Tor
  551. instances run without a terminal, which is the case for most Tor
  552. packages, are not impacted.) Fixes bug 24246; bugfix on every
  553. version of Tor. Also tracked as TROVE-2017-011 and CVE-2017-8821.
  554. Found by OSS-Fuzz as testcase 6360145429790720.
  555. - Fix a denial of service issue where an attacker could crash a
  556. directory authority using a malformed router descriptor. Fixes bug
  557. 24245; bugfix on 0.2.9.4-alpha. Also tracked as TROVE-2017-010
  558. and CVE-2017-8820.
  559. - When checking for replays in the INTRODUCE1 cell data for a
  560. (legacy) onion service, correctly detect replays in the RSA-
  561. encrypted part of the cell. We were previously checking for
  562. replays on the entire cell, but those can be circumvented due to
  563. the malleability of Tor's legacy hybrid encryption. This fix helps
  564. prevent a traffic confirmation attack. Fixes bug 24244; bugfix on
  565. 0.2.4.1-alpha. This issue is also tracked as TROVE-2017-009
  566. and CVE-2017-8819.
  567. o Major bugfixes (security, onion service v2, backport from 0.3.2.6-alpha):
  568. - Fix a use-after-free error that could crash v2 Tor onion services
  569. when they failed to open circuits while expiring introduction
  570. points. Fixes bug 24313; bugfix on 0.2.7.2-alpha. This issue is
  571. also tracked as TROVE-2017-013 and CVE-2017-8823.
  572. o Major bugfixes (security, relay, backport from 0.3.2.6-alpha):
  573. - When running as a relay, make sure that we never build a path
  574. through ourselves, even in the case where we have somehow lost the
  575. version of our descriptor appearing in the consensus. Fixes part
  576. of bug 21534; bugfix on 0.2.0.1-alpha. This issue is also tracked
  577. as TROVE-2017-012 and CVE-2017-8822.
  578. - When running as a relay, make sure that we never choose ourselves
  579. as a guard. Fixes part of bug 21534; bugfix on 0.3.0.1-alpha. This
  580. issue is also tracked as TROVE-2017-012 and CVE-2017-8822.
  581. o Major bugfixes (exit relays, DNS, backport from 0.3.2.4-alpha):
  582. - Fix an issue causing DNS to fail on high-bandwidth exit nodes,
  583. making them nearly unusable. Fixes bugs 21394 and 18580; bugfix on
  584. 0.1.2.2-alpha, which introduced eventdns. Thanks to Dhalgren for
  585. identifying and finding a workaround to this bug and to Moritz,
  586. Arthur Edelstein, and Roger for helping to track it down and
  587. analyze it.
  588. o Minor features (bridge):
  589. - Bridges now include notice in their descriptors that they are
  590. bridges, and notice of their distribution status, based on their
  591. publication settings. Implements ticket 18329. For more fine-
  592. grained control of how a bridge is distributed, upgrade to 0.3.2.x
  593. or later.
  594. o Minor features (directory authority, backport from 0.3.2.6-alpha):
  595. - Add an IPv6 address for the "bastet" directory authority. Closes
  596. ticket 24394.
  597. o Minor features (geoip):
  598. - Update geoip and geoip6 to the November 6 2017 Maxmind GeoLite2
  599. Country database.
  600. o Minor bugfix (relay address resolution, backport from 0.3.2.1-alpha):
  601. - Avoid unnecessary calls to directory_fetches_from_authorities() on
  602. relays, to prevent spurious address resolutions and descriptor
  603. rebuilds. This is a mitigation for bug 21789. Fixes bug 23470;
  604. bugfix on in 0.2.8.1-alpha.
  605. o Minor bugfixes (compilation, backport from 0.3.2.1-alpha):
  606. - Fix unused variable warnings in donna's Curve25519 SSE2 code.
  607. Fixes bug 22895; bugfix on 0.2.7.2-alpha.
  608. o Minor bugfixes (logging, relay shutdown, annoyance, backport from 0.3.2.2-alpha):
  609. - When a circuit is marked for close, do not attempt to package any
  610. cells for channels on that circuit. Previously, we would detect
  611. this condition lower in the call stack, when we noticed that the
  612. circuit had no attached channel, and log an annoying message.
  613. Fixes bug 8185; bugfix on 0.2.5.4-alpha.
  614. o Minor bugfixes (onion service, backport from 0.3.2.5-alpha):
  615. - Rename the consensus parameter "hsdir-interval" to "hsdir_interval"
  616. so it matches dir-spec.txt. Fixes bug 24262; bugfix
  617. on 0.3.1.1-alpha.
  618. o Minor bugfixes (relay, crash, backport from 0.3.2.4-alpha):
  619. - Avoid a crash when transitioning from client mode to bridge mode.
  620. Previously, we would launch the worker threads whenever our
  621. "public server" mode changed, but not when our "server" mode
  622. changed. Fixes bug 23693; bugfix on 0.2.6.3-alpha.
  623. Changes in version 0.3.0.13 - 2017-12-01
  624. Tor 0.3.0.13 backports important security and stability bugfixes from
  625. later Tor releases. All Tor users should upgrade to this release, or
  626. to another of the releases coming out today.
  627. Note: the Tor 0.3.0 series will no longer be supported after 26 Jan
  628. 2018. If you need a release with long-term support, please stick with
  629. the 0.2.9 series. Otherwise, please upgrade to 0.3.1 or later.
  630. o Major bugfixes (security, backport from 0.3.2.6-alpha):
  631. - Fix a denial of service bug where an attacker could use a
  632. malformed directory object to cause a Tor instance to pause while
  633. OpenSSL would try to read a passphrase from the terminal. (Tor
  634. instances run without a terminal, which is the case for most Tor
  635. packages, are not impacted.) Fixes bug 24246; bugfix on every
  636. version of Tor. Also tracked as TROVE-2017-011 and CVE-2017-8821.
  637. Found by OSS-Fuzz as testcase 6360145429790720.
  638. - Fix a denial of service issue where an attacker could crash a
  639. directory authority using a malformed router descriptor. Fixes bug
  640. 24245; bugfix on 0.2.9.4-alpha. Also tracked as TROVE-2017-010
  641. and CVE-2017-8820.
  642. - When checking for replays in the INTRODUCE1 cell data for a
  643. (legacy) onion service, correctly detect replays in the RSA-
  644. encrypted part of the cell. We were previously checking for
  645. replays on the entire cell, but those can be circumvented due to
  646. the malleability of Tor's legacy hybrid encryption. This fix helps
  647. prevent a traffic confirmation attack. Fixes bug 24244; bugfix on
  648. 0.2.4.1-alpha. This issue is also tracked as TROVE-2017-009
  649. and CVE-2017-8819.
  650. o Major bugfixes (security, onion service v2, backport from 0.3.2.6-alpha):
  651. - Fix a use-after-free error that could crash v2 Tor onion services
  652. when they failed to open circuits while expiring introduction
  653. points. Fixes bug 24313; bugfix on 0.2.7.2-alpha. This issue is
  654. also tracked as TROVE-2017-013 and CVE-2017-8823.
  655. o Major bugfixes (security, relay, backport from 0.3.2.6-alpha):
  656. - When running as a relay, make sure that we never build a path
  657. through ourselves, even in the case where we have somehow lost the
  658. version of our descriptor appearing in the consensus. Fixes part
  659. of bug 21534; bugfix on 0.2.0.1-alpha. This issue is also tracked
  660. as TROVE-2017-012 and CVE-2017-8822.
  661. - When running as a relay, make sure that we never choose ourselves
  662. as a guard. Fixes part of bug 21534; bugfix on 0.3.0.1-alpha. This
  663. issue is also tracked as TROVE-2017-012 and CVE-2017-8822.
  664. o Major bugfixes (exit relays, DNS, backport from 0.3.2.4-alpha):
  665. - Fix an issue causing DNS to fail on high-bandwidth exit nodes,
  666. making them nearly unusable. Fixes bugs 21394 and 18580; bugfix on
  667. 0.1.2.2-alpha, which introduced eventdns. Thanks to Dhalgren for
  668. identifying and finding a workaround to this bug and to Moritz,
  669. Arthur Edelstein, and Roger for helping to track it down and
  670. analyze it.
  671. o Minor features (security, windows, backport from 0.3.1.1-alpha):
  672. - Enable a couple of pieces of Windows hardening: one
  673. (HeapEnableTerminationOnCorruption) that has been on-by-default
  674. since Windows 8, and unavailable before Windows 7; and one
  675. (PROCESS_DEP_DISABLE_ATL_THUNK_EMULATION) which we believe doesn't
  676. affect us, but shouldn't do any harm. Closes ticket 21953.
  677. o Minor features (bridge, backport from 0.3.1.9):
  678. - Bridges now include notice in their descriptors that they are
  679. bridges, and notice of their distribution status, based on their
  680. publication settings. Implements ticket 18329. For more fine-
  681. grained control of how a bridge is distributed, upgrade to 0.3.2.x
  682. or later.
  683. o Minor features (directory authority, backport from 0.3.2.6-alpha):
  684. - Add an IPv6 address for the "bastet" directory authority. Closes
  685. ticket 24394.
  686. o Minor features (geoip):
  687. - Update geoip and geoip6 to the November 6 2017 Maxmind GeoLite2
  688. Country database.
  689. o Minor bugfix (relay address resolution, backport from 0.3.2.1-alpha):
  690. - Avoid unnecessary calls to directory_fetches_from_authorities() on
  691. relays, to prevent spurious address resolutions and descriptor
  692. rebuilds. This is a mitigation for bug 21789. Fixes bug 23470;
  693. bugfix on in 0.2.8.1-alpha.
  694. o Minor bugfixes (compilation, backport from 0.3.2.1-alpha):
  695. - Fix unused variable warnings in donna's Curve25519 SSE2 code.
  696. Fixes bug 22895; bugfix on 0.2.7.2-alpha.
  697. o Minor bugfixes (logging, relay shutdown, annoyance, backport from 0.3.2.2-alpha):
  698. - When a circuit is marked for close, do not attempt to package any
  699. cells for channels on that circuit. Previously, we would detect
  700. this condition lower in the call stack, when we noticed that the
  701. circuit had no attached channel, and log an annoying message.
  702. Fixes bug 8185; bugfix on 0.2.5.4-alpha.
  703. o Minor bugfixes (relay, crash, backport from 0.3.2.4-alpha):
  704. - Avoid a crash when transitioning from client mode to bridge mode.
  705. Previously, we would launch the worker threads whenever our
  706. "public server" mode changed, but not when our "server" mode
  707. changed. Fixes bug 23693; bugfix on 0.2.6.3-alpha.
  708. o Minor bugfixes (testing, backport from 0.3.1.6-rc):
  709. - Fix an undersized buffer in test-memwipe.c. Fixes bug 23291;
  710. bugfix on 0.2.7.2-alpha. Found and patched by Ties Stuij.
  711. Changes in version 0.2.9.14 - 2017-12-01
  712. Tor 0.3.0.13 backports important security and stability bugfixes from
  713. later Tor releases. All Tor users should upgrade to this release, or
  714. to another of the releases coming out today.
  715. o Major bugfixes (exit relays, DNS, backport from 0.3.2.4-alpha):
  716. - Fix an issue causing DNS to fail on high-bandwidth exit nodes,
  717. making them nearly unusable. Fixes bugs 21394 and 18580; bugfix on
  718. 0.1.2.2-alpha, which introduced eventdns. Thanks to Dhalgren for
  719. identifying and finding a workaround to this bug and to Moritz,
  720. Arthur Edelstein, and Roger for helping to track it down and
  721. analyze it.
  722. o Major bugfixes (security, backport from 0.3.2.6-alpha):
  723. - Fix a denial of service bug where an attacker could use a
  724. malformed directory object to cause a Tor instance to pause while
  725. OpenSSL would try to read a passphrase from the terminal. (Tor
  726. instances run without a terminal, which is the case for most Tor
  727. packages, are not impacted.) Fixes bug 24246; bugfix on every
  728. version of Tor. Also tracked as TROVE-2017-011 and CVE-2017-8821.
  729. Found by OSS-Fuzz as testcase 6360145429790720.
  730. - Fix a denial of service issue where an attacker could crash a
  731. directory authority using a malformed router descriptor. Fixes bug
  732. 24245; bugfix on 0.2.9.4-alpha. Also tracked as TROVE-2017-010
  733. and CVE-2017-8820.
  734. - When checking for replays in the INTRODUCE1 cell data for a
  735. (legacy) onion service, correctly detect replays in the RSA-
  736. encrypted part of the cell. We were previously checking for
  737. replays on the entire cell, but those can be circumvented due to
  738. the malleability of Tor's legacy hybrid encryption. This fix helps
  739. prevent a traffic confirmation attack. Fixes bug 24244; bugfix on
  740. 0.2.4.1-alpha. This issue is also tracked as TROVE-2017-009
  741. and CVE-2017-8819.
  742. o Major bugfixes (security, onion service v2, backport from 0.3.2.6-alpha):
  743. - Fix a use-after-free error that could crash v2 Tor onion services
  744. when they failed to open circuits while expiring introduction
  745. points. Fixes bug 24313; bugfix on 0.2.7.2-alpha. This issue is
  746. also tracked as TROVE-2017-013 and CVE-2017-8823.
  747. o Major bugfixes (security, relay, backport from 0.3.2.6-alpha):
  748. - When running as a relay, make sure that we never build a path
  749. through ourselves, even in the case where we have somehow lost the
  750. version of our descriptor appearing in the consensus. Fixes part
  751. of bug 21534; bugfix on 0.2.0.1-alpha. This issue is also tracked
  752. as TROVE-2017-012 and CVE-2017-8822.
  753. o Minor features (bridge, backport from 0.3.1.9):
  754. - Bridges now include notice in their descriptors that they are
  755. bridges, and notice of their distribution status, based on their
  756. publication settings. Implements ticket 18329. For more fine-
  757. grained control of how a bridge is distributed, upgrade to 0.3.2.x
  758. or later.
  759. o Minor features (directory authority, backport from 0.3.2.6-alpha):
  760. - Add an IPv6 address for the "bastet" directory authority. Closes
  761. ticket 24394.
  762. o Minor features (geoip):
  763. - Update geoip and geoip6 to the November 6 2017 Maxmind GeoLite2
  764. Country database.
  765. o Minor features (security, windows, backport from 0.3.1.1-alpha):
  766. - Enable a couple of pieces of Windows hardening: one
  767. (HeapEnableTerminationOnCorruption) that has been on-by-default
  768. since Windows 8, and unavailable before Windows 7; and one
  769. (PROCESS_DEP_DISABLE_ATL_THUNK_EMULATION) which we believe doesn't
  770. affect us, but shouldn't do any harm. Closes ticket 21953.
  771. o Minor bugfix (relay address resolution, backport from 0.3.2.1-alpha):
  772. - Avoid unnecessary calls to directory_fetches_from_authorities() on
  773. relays, to prevent spurious address resolutions and descriptor
  774. rebuilds. This is a mitigation for bug 21789. Fixes bug 23470;
  775. bugfix on in 0.2.8.1-alpha.
  776. o Minor bugfixes (compilation, backport from 0.3.2.1-alpha):
  777. - Fix unused variable warnings in donna's Curve25519 SSE2 code.
  778. Fixes bug 22895; bugfix on 0.2.7.2-alpha.
  779. o Minor bugfixes (logging, relay shutdown, annoyance, backport from 0.3.2.2-alpha):
  780. - When a circuit is marked for close, do not attempt to package any
  781. cells for channels on that circuit. Previously, we would detect
  782. this condition lower in the call stack, when we noticed that the
  783. circuit had no attached channel, and log an annoying message.
  784. Fixes bug 8185; bugfix on 0.2.5.4-alpha.
  785. o Minor bugfixes (relay, crash, backport from 0.3.2.4-alpha):
  786. - Avoid a crash when transitioning from client mode to bridge mode.
  787. Previously, we would launch the worker threads whenever our
  788. "public server" mode changed, but not when our "server" mode
  789. changed. Fixes bug 23693; bugfix on 0.2.6.3-alpha.
  790. o Minor bugfixes (testing, backport from 0.3.1.6-rc):
  791. - Fix an undersized buffer in test-memwipe.c. Fixes bug 23291;
  792. bugfix on 0.2.7.2-alpha. Found and patched by Ties Stuij.
  793. Changes in version 0.2.8.17 - 2017-12-01
  794. Tor 0.2.8.17 backports important security and stability bugfixes from
  795. later Tor releases. All Tor users should upgrade to this release, or
  796. to another of the releases coming out today.
  797. Note: the Tor 0.2.8 series will no longer be supported after 1 Jan
  798. 2018. If you need a release with long-term support, please upgrade with
  799. the 0.2.9 series. Otherwise, please upgrade to 0.3.1 or later.
  800. o Major bugfixes (security, backport from 0.3.2.6-alpha):
  801. - Fix a denial of service bug where an attacker could use a
  802. malformed directory object to cause a Tor instance to pause while
  803. OpenSSL would try to read a passphrase from the terminal. (Tor
  804. instances run without a terminal, which is the case for most Tor
  805. packages, are not impacted.) Fixes bug 24246; bugfix on every
  806. version of Tor. Also tracked as TROVE-2017-011 and CVE-2017-8821.
  807. Found by OSS-Fuzz as testcase 6360145429790720.
  808. - When checking for replays in the INTRODUCE1 cell data for a
  809. (legacy) onion service, correctly detect replays in the RSA-
  810. encrypted part of the cell. We were previously checking for
  811. replays on the entire cell, but those can be circumvented due to
  812. the malleability of Tor's legacy hybrid encryption. This fix helps
  813. prevent a traffic confirmation attack. Fixes bug 24244; bugfix on
  814. 0.2.4.1-alpha. This issue is also tracked as TROVE-2017-009
  815. and CVE-2017-8819.
  816. o Major bugfixes (security, onion service v2, backport from 0.3.2.6-alpha):
  817. - Fix a use-after-free error that could crash v2 Tor onion services
  818. when they failed to open circuits while expiring introduction
  819. points. Fixes bug 24313; bugfix on 0.2.7.2-alpha. This issue is
  820. also tracked as TROVE-2017-013 and CVE-2017-8823.
  821. o Major bugfixes (security, relay, backport from 0.3.2.6-alpha):
  822. - When running as a relay, make sure that we never build a path through
  823. ourselves, even in the case where we have somehow lost the version of
  824. our descriptor appearing in the consensus. Fixes part of bug 21534;
  825. bugfix on 0.2.0.1-alpha. This issue is also tracked as TROVE-2017-012
  826. and CVE-2017-8822.
  827. o Minor features (bridge, backport from 0.3.1.9):
  828. - Bridges now include notice in their descriptors that they are
  829. bridges, and notice of their distribution status, based on their
  830. publication settings. Implements ticket 18329. For more fine-
  831. grained control of how a bridge is distributed, upgrade to 0.3.2.x
  832. or later.
  833. o Minor features (directory authority, backport from 0.3.2.6-alpha):
  834. - Add an IPv6 address for the "bastet" directory authority. Closes
  835. ticket 24394.
  836. o Minor features (geoip):
  837. - Update geoip and geoip6 to the November 6 2017 Maxmind GeoLite2
  838. Country database.
  839. o Minor bugfixes (testing, backport from 0.3.1.6-rc):
  840. - Fix an undersized buffer in test-memwipe.c. Fixes bug 23291;
  841. bugfix on 0.2.7.2-alpha. Found and patched by Ties Stuij.
  842. Changes in version 0.2.5.16 - 2017-12-01
  843. Tor 0.2.5.13 backports important security and stability bugfixes from
  844. later Tor releases. All Tor users should upgrade to this release, or
  845. to another of the releases coming out today.
  846. Note: the Tor 0.2.5 series will no longer be supported after 1 May
  847. 2018. If you need a release with long-term support, please upgrade to
  848. the 0.2.9 series. Otherwise, please upgrade to 0.3.1 or later.
  849. o Major bugfixes (security, backport from 0.3.2.6-alpha):
  850. - Fix a denial of service bug where an attacker could use a
  851. malformed directory object to cause a Tor instance to pause while
  852. OpenSSL would try to read a passphrase from the terminal. (Tor
  853. instances run without a terminal, which is the case for most Tor
  854. packages, are not impacted.) Fixes bug 24246; bugfix on every
  855. version of Tor. Also tracked as TROVE-2017-011 and CVE-2017-8821.
  856. Found by OSS-Fuzz as testcase 6360145429790720.
  857. - When checking for replays in the INTRODUCE1 cell data for a
  858. (legacy) onion service, correctly detect replays in the RSA-
  859. encrypted part of the cell. We were previously checking for
  860. replays on the entire cell, but those can be circumvented due to
  861. the malleability of Tor's legacy hybrid encryption. This fix helps
  862. prevent a traffic confirmation attack. Fixes bug 24244; bugfix on
  863. 0.2.4.1-alpha. This issue is also tracked as TROVE-2017-009
  864. and CVE-2017-8819.
  865. o Major bugfixes (security, relay, backport from 0.3.2.6-alpha):
  866. - When running as a relay, make sure that we never build a path
  867. through ourselves, even in the case where we have somehow lost the
  868. version of our descriptor appearing in the consensus. Fixes part
  869. of bug 21534; bugfix on 0.2.0.1-alpha. This issue is also tracked
  870. as TROVE-2017-012 and CVE-2017-8822.
  871. o Minor features (bridge, backport from 0.3.1.9):
  872. - Bridges now include notice in their descriptors that they are
  873. bridges, and notice of their distribution status, based on their
  874. publication settings. Implements ticket 18329. For more fine-
  875. grained control of how a bridge is distributed, upgrade to 0.3.2.x
  876. or later.
  877. o Minor features (geoip):
  878. - Update geoip and geoip6 to the November 6 2017 Maxmind GeoLite2
  879. Country database.
  880. Changes in version 0.3.2.5-alpha - 2017-11-22
  881. Tor 0.3.2.5-alpha is the fifth alpha release in the 0.3.2.x series. It
  882. fixes several stability and reliability bugs, including a fix for
  883. intermittent bootstrapping failures that some people have been seeing
  884. since the 0.3.0.x series.
  885. Please test this alpha out -- many of these fixes will soon be
  886. backported to stable Tor versions if no additional bugs are found
  887. in them.
  888. o Major bugfixes (bootstrapping):
  889. - Fetch descriptors aggressively whenever we lack enough to build
  890. circuits, regardless of how many descriptors we are missing.
  891. Previously, we would delay launching the fetch when we had fewer
  892. than 15 missing descriptors, even if some of those descriptors
  893. were blocking circuits from building. Fixes bug 23985; bugfix on
  894. 0.1.1.11-alpha. The effects of this bug became worse in
  895. 0.3.0.3-alpha, when we began treating missing descriptors from our
  896. primary guards as a reason to delay circuits.
  897. - Don't try fetching microdescriptors from relays that have failed
  898. to deliver them in the past. Fixes bug 23817; bugfix
  899. on 0.3.0.1-alpha.
  900. o Minor features (directory authority):
  901. - Make the "Exit" flag assignment only depend on whether the exit
  902. policy allows connections to ports 80 and 443. Previously relays
  903. would get the Exit flag if they allowed connections to one of
  904. these ports and also port 6667. Resolves ticket 23637.
  905. o Minor features (geoip):
  906. - Update geoip and geoip6 to the November 6 2017 Maxmind GeoLite2
  907. Country database.
  908. o Minor features (linux seccomp2 sandbox):
  909. - Update the sandbox rules so that they should now work correctly
  910. with Glibc 2.26. Closes ticket 24315.
  911. o Minor features (logging):
  912. - Downgrade a pair of log messages that could occur when an exit's
  913. resolver gave us an unusual (but not forbidden) response. Closes
  914. ticket 24097.
  915. - Improve the message we log when re-enabling circuit build timeouts
  916. after having received a consensus. Closes ticket 20963.
  917. o Minor bugfixes (compilation):
  918. - Fix a memory leak warning in one of the libevent-related
  919. configuration tests that could occur when manually specifying
  920. -fsanitize=address. Fixes bug 24279; bugfix on 0.3.0.2-alpha.
  921. Found and patched by Alex Xu.
  922. - When detecting OpenSSL on Windows from our configure script, make
  923. sure to try linking with the ws2_32 library. Fixes bug 23783;
  924. bugfix on 0.3.2.2-alpha.
  925. o Minor bugfixes (control port, linux seccomp2 sandbox):
  926. - Avoid a crash when attempting to use the seccomp2 sandbox together
  927. with the OwningControllerProcess feature. Fixes bug 24198; bugfix
  928. on 0.2.5.1-alpha.
  929. o Minor bugfixes (control port, onion services):
  930. - Report "FAILED" instead of "UPLOAD_FAILED" "FAILED" for the
  931. HS_DESC event when a service is not able to upload a descriptor.
  932. Fixes bug 24230; bugfix on 0.2.7.1-alpha.
  933. o Minor bugfixes (directory cache):
  934. - Recover better from empty or corrupt files in the consensus cache
  935. directory. Fixes bug 24099; bugfix on 0.3.1.1-alpha.
  936. - When a consensus diff calculation is only partially successful,
  937. only record the successful parts as having succeeded. Partial
  938. success can happen if (for example) one compression method fails
  939. but the others succeed. Previously we misrecorded all the
  940. calculations as having succeeded, which would later cause a
  941. nonfatal assertion failure. Fixes bug 24086; bugfix
  942. on 0.3.1.1-alpha.
  943. o Minor bugfixes (logging):
  944. - Only log once if we notice that KIST support is gone. Fixes bug
  945. 24158; bugfix on 0.3.2.1-alpha.
  946. - Suppress a log notice when relay descriptors arrive. We already
  947. have a bootstrap progress for this so no need to log notice
  948. everytime tor receives relay descriptors. Microdescriptors behave
  949. the same. Fixes bug 23861; bugfix on 0.2.8.2-alpha.
  950. o Minor bugfixes (network layer):
  951. - When closing a connection via close_connection_immediately(), we
  952. mark it as "not blocked on bandwidth", to prevent later calls from
  953. trying to unblock it, and give it permission to read. This fixes a
  954. backtrace warning that can happen on relays under various
  955. circumstances. Fixes bug 24167; bugfix on 0.1.0.1-rc.
  956. o Minor bugfixes (onion services):
  957. - The introduction circuit was being timed out too quickly while
  958. waiting for the rendezvous circuit to complete. Keep the intro
  959. circuit around longer instead of timing out and reopening new ones
  960. constantly. Fixes bug 23681; bugfix on 0.2.4.8-alpha.
  961. - Rename the consensus parameter "hsdir-interval" to "hsdir_interval"
  962. so it matches dir-spec.txt. Fixes bug 24262; bugfix
  963. on 0.3.1.1-alpha.
  964. - Silence a warning about failed v3 onion descriptor uploads that
  965. can happen naturally under certain edge cases. Fixes part of bug
  966. 23662; bugfix on 0.3.2.1-alpha.
  967. o Minor bugfixes (tests):
  968. - Fix a memory leak in one of the bridge-distribution test cases.
  969. Fixes bug 24345; bugfix on 0.3.2.3-alpha.
  970. - Fix a bug in our fuzzing mock replacement for crypto_pk_checksig(),
  971. to correctly handle cases where a caller gives it an RSA key of
  972. under 160 bits. (This is not actually a bug in Tor itself, but
  973. rather in our fuzzing code.) Fixes bug 24247; bugfix on
  974. 0.3.0.3-alpha. Found by OSS-Fuzz as issue 4177.
  975. o Documentation:
  976. - Add notes in man page regarding OS support for the various
  977. scheduler types. Attempt to use less jargon in the scheduler
  978. section. Closes ticket 24254.
  979. Changes in version 0.3.2.4-alpha - 2017-11-08
  980. Tor 0.3.2.4-alpha is the fourth alpha release in the 0.3.2.x series.
  981. It fixes several stability and reliability bugs, especially including
  982. a major reliability issue that has been plaguing fast exit relays in
  983. recent months.
  984. o Major bugfixes (exit relays, DNS):
  985. - Fix an issue causing DNS to fail on high-bandwidth exit nodes,
  986. making them nearly unusable. Fixes bugs 21394 and 18580; bugfix on
  987. 0.1.2.2-alpha, which introduced eventdns. Thanks to Dhalgren for
  988. identifying and finding a workaround to this bug and to Moritz,
  989. Arthur Edelstein, and Roger for helping to track it down and
  990. analyze it.
  991. o Major bugfixes (scheduler, channel):
  992. - Stop processing scheduled channels if they closed while flushing
  993. cells. This can happen if the write on the connection fails
  994. leading to the channel being closed while in the scheduler loop.
  995. Fixes bug 23751; bugfix on 0.3.2.1-alpha.
  996. o Minor features (logging, scheduler):
  997. - Introduce a SCHED_BUG() function to log extra information about
  998. the scheduler state if we ever catch a bug in the scheduler.
  999. Closes ticket 23753.
  1000. o Minor features (removed deprecations):
  1001. - The ClientDNSRejectInternalAddresses flag can once again be set in
  1002. non-testing Tor networks, so long as they do not use the default
  1003. directory authorities. This change also removes the deprecation of
  1004. this flag from 0.2.9.2-alpha. Closes ticket 21031.
  1005. o Minor features (testing):
  1006. - Our fuzzing tests now test the encrypted portions of v3 onion
  1007. service descriptors. Implements more of 21509.
  1008. o Minor bugfixes (directory client):
  1009. - On failure to download directory information, delay retry attempts
  1010. by a random amount based on the "decorrelated jitter" algorithm.
  1011. Our previous delay algorithm tended to produce extra-long delays
  1012. too easily. Fixes bug 23816; bugfix on 0.2.9.1-alpha.
  1013. o Minor bugfixes (IPv6, v3 single onion services):
  1014. - Remove buggy code for IPv6-only v3 single onion services, and
  1015. reject attempts to configure them. This release supports IPv4,
  1016. dual-stack, and IPv6-only v3 onion services; and IPv4 and dual-
  1017. stack v3 single onion services. Fixes bug 23820; bugfix
  1018. on 0.3.2.1-alpha.
  1019. o Minor bugfixes (logging, relay):
  1020. - Give only a protocol warning when the ed25519 key is not
  1021. consistent between the descriptor and microdescriptor of a relay.
  1022. This can happen, for instance, if the relay has been flagged
  1023. NoEdConsensus. Fixes bug 24025; bugfix on 0.3.2.1-alpha.
  1024. o Minor bugfixes (manpage, onion service):
  1025. - Document that the HiddenServiceNumIntroductionPoints option is
  1026. 0-10 for v2 services and 0-20 for v3 services. Fixes bug 24115;
  1027. bugfix on 0.3.2.1-alpha.
  1028. o Minor bugfixes (memory leaks):
  1029. - Fix a minor memory leak at exit in the KIST scheduler. This bug
  1030. should have no user-visible impact. Fixes bug 23774; bugfix
  1031. on 0.3.2.1-alpha.
  1032. - Fix a memory leak when decrypting a badly formatted v3 onion
  1033. service descriptor. Fixes bug 24150; bugfix on 0.3.2.1-alpha.
  1034. Found by OSS-Fuzz; this is OSS-Fuzz issue 3994.
  1035. o Minor bugfixes (onion services):
  1036. - Cache some needed onion service client information instead of
  1037. constantly computing it over and over again. Fixes bug 23623;
  1038. bugfix on 0.3.2.1-alpha.
  1039. - Properly retry HSv3 descriptor fetches when missing required
  1040. directory information. Fixes bug 23762; bugfix on 0.3.2.1-alpha.
  1041. o Minor bugfixes (path selection):
  1042. - When selecting relays by bandwidth, avoid a rounding error that
  1043. could sometimes cause load to be imbalanced incorrectly.
  1044. Previously, we would always round upwards; now, we round towards
  1045. the nearest integer. This had the biggest effect when a relay's
  1046. weight adjustments should have given it weight 0, but it got
  1047. weight 1 instead. Fixes bug 23318; bugfix on 0.2.4.3-alpha.
  1048. - When calculating the fraction of nodes that have descriptors, and
  1049. all nodes in the network have zero bandwidths, count the number of
  1050. nodes instead. Fixes bug 23318; bugfix on 0.2.4.10-alpha.
  1051. - Actually log the total bandwidth in compute_weighted_bandwidths().
  1052. Fixes bug 24170; bugfix on 0.2.4.3-alpha.
  1053. o Minor bugfixes (relay, crash):
  1054. - Avoid a crash when transitioning from client mode to bridge mode.
  1055. Previously, we would launch the worker threads whenever our
  1056. "public server" mode changed, but not when our "server" mode
  1057. changed. Fixes bug 23693; bugfix on 0.2.6.3-alpha.
  1058. o Minor bugfixes (testing):
  1059. - Fix a spurious fuzzing-only use of an uninitialized value. Found
  1060. by Brian Carpenter. Fixes bug 24082; bugfix on 0.3.0.3-alpha.
  1061. - Test that IPv6-only clients can use microdescriptors when running
  1062. "make test-network-all". Requires chutney master 61c28b9 or later.
  1063. Closes ticket 24109.
  1064. Changes in version 0.3.2.3-alpha - 2017-10-27
  1065. Tor 0.3.2.3-alpha is the third release in the 0.3.2 series. It fixes
  1066. numerous small bugs in earlier versions of 0.3.2.x, and adds a new
  1067. directory authority, Bastet.
  1068. o Directory authority changes:
  1069. - Add "Bastet" as a ninth directory authority to the default list.
  1070. Closes ticket 23910.
  1071. - The directory authority "Longclaw" has changed its IP address.
  1072. Closes ticket 23592.
  1073. o Minor features (bridge):
  1074. - Bridge relays can now set the BridgeDistribution config option to
  1075. add a "bridge-distribution-request" line to their bridge
  1076. descriptor, which tells BridgeDB how they'd like their bridge
  1077. address to be given out. (Note that as of Oct 2017, BridgeDB does
  1078. not yet implement this feature.) As a side benefit, this feature
  1079. provides a way to distinguish bridge descriptors from non-bridge
  1080. descriptors. Implements tickets 18329.
  1081. o Minor features (client, entry guards):
  1082. - Improve log messages when missing descriptors for primary guards.
  1083. Resolves ticket 23670.
  1084. o Minor features (geoip):
  1085. - Update geoip and geoip6 to the October 4 2017 Maxmind GeoLite2
  1086. Country database.
  1087. o Minor bugfixes (bridge):
  1088. - Overwrite the bridge address earlier in the process of retrieving
  1089. its descriptor, to make sure we reach it on the configured
  1090. address. Fixes bug 20532; bugfix on 0.2.0.10-alpha.
  1091. o Minor bugfixes (documentation):
  1092. - Document better how to read gcov, and what our gcov postprocessing
  1093. scripts do. Fixes bug 23739; bugfix on 0.2.9.1-alpha.
  1094. o Minor bugfixes (entry guards):
  1095. - Tor now updates its guard state when it reads a consensus
  1096. regardless of whether it's missing descriptors. That makes tor use
  1097. its primary guards to fetch descriptors in some edge cases where
  1098. it would previously have used fallback directories. Fixes bug
  1099. 23862; bugfix on 0.3.0.1-alpha.
  1100. o Minor bugfixes (hidden service client):
  1101. - When handling multiple SOCKS request for the same .onion address,
  1102. only fetch the service descriptor once.
  1103. - When a descriptor fetch fails with a non-recoverable error, close
  1104. all pending SOCKS requests for that .onion. Fixes bug 23653;
  1105. bugfix on 0.3.2.1-alpha.
  1106. o Minor bugfixes (hidden service):
  1107. - Always regenerate missing hidden service public key files. Prior
  1108. to this, if the public key was deleted from disk, it wouldn't get
  1109. recreated. Fixes bug 23748; bugfix on 0.3.2.2-alpha. Patch
  1110. from "cathugger".
  1111. - Make sure that we have a usable ed25519 key when the intro point
  1112. relay supports ed25519 link authentication. Fixes bug 24002;
  1113. bugfix on 0.3.2.1-alpha.
  1114. o Minor bugfixes (hidden service, v2):
  1115. - When reloading configured hidden services, copy all information
  1116. from the old service object. Previously, some data was omitted,
  1117. causing delays in descriptor upload, and other bugs. Fixes bug
  1118. 23790; bugfix on 0.2.1.9-alpha.
  1119. o Minor bugfixes (memory safety, defensive programming):
  1120. - Clear the target address when node_get_prim_orport() returns
  1121. early. Fixes bug 23874; bugfix on 0.2.8.2-alpha.
  1122. o Minor bugfixes (relay):
  1123. - Avoid a BUG warning when receiving a dubious CREATE cell while an
  1124. option transition is in progress. Fixes bug 23952; bugfix
  1125. on 0.3.2.1-alpha.
  1126. o Minor bugfixes (testing):
  1127. - Adjust the GitLab CI configuration to more closely match that of
  1128. Travis CI. Fixes bug 23757; bugfix on 0.3.2.2-alpha.
  1129. - Prevent scripts/test/coverage from attempting to move gcov output
  1130. to the root directory. Fixes bug 23741; bugfix on 0.2.5.1-alpha.
  1131. - When running unit tests as root, skip a test that would fail
  1132. because it expects a permissions error. This affects some
  1133. continuous integration setups. Fixes bug 23758; bugfix
  1134. on 0.3.2.2-alpha.
  1135. - Stop unconditionally mirroring the tor repository in GitLab CI.
  1136. This prevented developers from enabling GitLab CI on master. Fixes
  1137. bug 23755; bugfix on 0.3.2.2-alpha.
  1138. - Fix the hidden service v3 descriptor decoding fuzzing to use the
  1139. latest decoding API correctly. Fixes bug 21509; bugfix
  1140. on 0.3.2.1-alpha.
  1141. o Minor bugfixes (warnings):
  1142. - When we get an HTTP request on a SOCKS port, tell the user about
  1143. the new HTTPTunnelPort option. Previously, we would give a "Tor is
  1144. not an HTTP Proxy" message, which stopped being true when
  1145. HTTPTunnelPort was introduced. Fixes bug 23678; bugfix
  1146. on 0.3.2.1-alpha.
  1147. Changes in version 0.2.5.15 - 2017-10-25
  1148. Tor 0.2.5.15 backports a collection of bugfixes from later Tor release
  1149. series. It also adds a new directory authority, Bastet.
  1150. Note: the Tor 0.2.5 series will no longer be supported after 1 May
  1151. 2018. If you need a release with long-term support, please upgrade to
  1152. the 0.2.9 series. Otherwise, please upgrade to 0.3.1 or later.
  1153. o Directory authority changes:
  1154. - Add "Bastet" as a ninth directory authority to the default list.
  1155. Closes ticket 23910.
  1156. - The directory authority "Longclaw" has changed its IP address.
  1157. Closes ticket 23592.
  1158. o Major bugfixes (openbsd, denial-of-service, backport from 0.3.1.5-alpha):
  1159. - Avoid an assertion failure bug affecting our implementation of
  1160. inet_pton(AF_INET6) on certain OpenBSD systems whose strtol()
  1161. handling of "0xx" differs from what we had expected. Fixes bug
  1162. 22789; bugfix on 0.2.3.8-alpha. Also tracked as TROVE-2017-007.
  1163. o Minor features (geoip):
  1164. - Update geoip and geoip6 to the October 4 2017 Maxmind GeoLite2
  1165. Country database.
  1166. o Minor bugfixes (defensive programming, undefined behavior, backport from 0.3.1.4-alpha):
  1167. - Fix a memset() off the end of an array when packing cells. This
  1168. bug should be harmless in practice, since the corrupted bytes are
  1169. still in the same structure, and are always padding bytes,
  1170. ignored, or immediately overwritten, depending on compiler
  1171. behavior. Nevertheless, because the memset()'s purpose is to make
  1172. sure that any other cell-handling bugs can't expose bytes to the
  1173. network, we need to fix it. Fixes bug 22737; bugfix on
  1174. 0.2.4.11-alpha. Fixes CID 1401591.
  1175. o Build features (backport from 0.3.1.5-alpha):
  1176. - Tor's repository now includes a Travis Continuous Integration (CI)
  1177. configuration file (.travis.yml). This is meant to help new
  1178. developers and contributors who fork Tor to a Github repository be
  1179. better able to test their changes, and understand what we expect
  1180. to pass. To use this new build feature, you must fork Tor to your
  1181. Github account, then go into the "Integrations" menu in the
  1182. repository settings for your fork and enable Travis, then push
  1183. your changes. Closes ticket 22636.
  1184. Changes in version 0.2.8.16 - 2017-10-25
  1185. Tor 0.2.8.16 backports a collection of bugfixes from later Tor release
  1186. series, including a bugfix for a crash issue that had affected relays
  1187. under memory pressure. It also adds a new directory authority, Bastet.
  1188. Note: the Tor 0.2.8 series will no longer be supported after 1 Jan
  1189. 2018. If you need a release with long-term support, please stick with
  1190. the 0.2.9 series. Otherwise, please upgrade to 0.3.1 or later.
  1191. o Directory authority changes:
  1192. - Add "Bastet" as a ninth directory authority to the default list.
  1193. Closes ticket 23910.
  1194. - The directory authority "Longclaw" has changed its IP address.
  1195. Closes ticket 23592.
  1196. o Major bugfixes (relay, crash, assertion failure, backport from 0.3.2.2-alpha):
  1197. - Fix a timing-based assertion failure that could occur when the
  1198. circuit out-of-memory handler freed a connection's output buffer.
  1199. Fixes bug 23690; bugfix on 0.2.6.1-alpha.
  1200. o Minor features (directory authorities, backport from 0.3.2.2-alpha):
  1201. - Remove longclaw's IPv6 address, as it will soon change. Authority
  1202. IPv6 addresses were originally added in 0.2.8.1-alpha. This leaves
  1203. 3/8 directory authorities with IPv6 addresses, but there are also
  1204. 52 fallback directory mirrors with IPv6 addresses. Resolves 19760.
  1205. o Minor features (geoip):
  1206. - Update geoip and geoip6 to the October 4 2017 Maxmind GeoLite2
  1207. Country database.
  1208. Changes in version 0.2.9.13 - 2017-10-25
  1209. Tor 0.2.9.13 backports a collection of bugfixes from later Tor release
  1210. series, including a bugfix for a crash issue that had affected relays
  1211. under memory pressure. It also adds a new directory authority, Bastet.
  1212. o Directory authority changes:
  1213. - Add "Bastet" as a ninth directory authority to the default list.
  1214. Closes ticket 23910.
  1215. - The directory authority "Longclaw" has changed its IP address.
  1216. Closes ticket 23592.
  1217. o Major bugfixes (relay, crash, assertion failure, backport from 0.3.2.2-alpha):
  1218. - Fix a timing-based assertion failure that could occur when the
  1219. circuit out-of-memory handler freed a connection's output buffer.
  1220. Fixes bug 23690; bugfix on 0.2.6.1-alpha.
  1221. o Minor features (directory authorities, backport from 0.3.2.2-alpha):
  1222. - Remove longclaw's IPv6 address, as it will soon change. Authority
  1223. IPv6 addresses were originally added in 0.2.8.1-alpha. This leaves
  1224. 3/8 directory authorities with IPv6 addresses, but there are also
  1225. 52 fallback directory mirrors with IPv6 addresses. Resolves 19760.
  1226. o Minor features (geoip):
  1227. - Update geoip and geoip6 to the October 4 2017 Maxmind GeoLite2
  1228. Country database.
  1229. o Minor bugfixes (directory authority, backport from 0.3.1.5-alpha):
  1230. - When a directory authority rejects a descriptor or extrainfo with
  1231. a given digest, mark that digest as undownloadable, so that we do
  1232. not attempt to download it again over and over. We previously
  1233. tried to avoid downloading such descriptors by other means, but we
  1234. didn't notice if we accidentally downloaded one anyway. This
  1235. behavior became problematic in 0.2.7.2-alpha, when authorities
  1236. began pinning Ed25519 keys. Fixes bug 22349; bugfix
  1237. on 0.2.1.19-alpha.
  1238. o Minor bugfixes (memory safety, backport from 0.3.2.3-alpha):
  1239. - Clear the address when node_get_prim_orport() returns early.
  1240. Fixes bug 23874; bugfix on 0.2.8.2-alpha.
  1241. o Minor bugfixes (Windows service, backport from 0.3.1.6-rc):
  1242. - When running as a Windows service, set the ID of the main thread
  1243. correctly. Failure to do so made us fail to send log messages to
  1244. the controller in 0.2.1.16-rc, slowed down controller event
  1245. delivery in 0.2.7.3-rc and later, and crash with an assertion
  1246. failure in 0.3.1.1-alpha. Fixes bug 23081; bugfix on 0.2.1.6-alpha.
  1247. Patch and diagnosis from "Vort".
  1248. Changes in version 0.3.0.12 - 2017-10-25
  1249. Tor 0.3.0.12 backports a collection of bugfixes from later Tor release
  1250. series, including a bugfix for a crash issue that had affected relays
  1251. under memory pressure. It also adds a new directory authority, Bastet.
  1252. Note: the Tor 0.3.0 series will no longer be supported after 26 Jan
  1253. 2018. If you need a release with long-term support, please stick with
  1254. the 0.2.9 series. Otherwise, please upgrade to 0.3.1 or later.
  1255. o Directory authority changes:
  1256. - Add "Bastet" as a ninth directory authority to the default list.
  1257. Closes ticket 23910.
  1258. - The directory authority "Longclaw" has changed its IP address.
  1259. Closes ticket 23592.
  1260. o Major bugfixes (relay, crash, assertion failure, backport from 0.3.2.2-alpha):
  1261. - Fix a timing-based assertion failure that could occur when the
  1262. circuit out-of-memory handler freed a connection's output buffer.
  1263. Fixes bug 23690; bugfix on 0.2.6.1-alpha.
  1264. o Minor features (directory authorities, backport from 0.3.2.2-alpha):
  1265. - Remove longclaw's IPv6 address, as it will soon change. Authority
  1266. IPv6 addresses were originally added in 0.2.8.1-alpha. This leaves
  1267. 3/8 directory authorities with IPv6 addresses, but there are also
  1268. 52 fallback directory mirrors with IPv6 addresses. Resolves 19760.
  1269. o Minor features (geoip):
  1270. - Update geoip and geoip6 to the October 4 2017 Maxmind GeoLite2
  1271. Country database.
  1272. o Minor bugfixes (directory authority, backport from 0.3.1.5-alpha):
  1273. - When a directory authority rejects a descriptor or extrainfo with
  1274. a given digest, mark that digest as undownloadable, so that we do
  1275. not attempt to download it again over and over. We previously
  1276. tried to avoid downloading such descriptors by other means, but we
  1277. didn't notice if we accidentally downloaded one anyway. This
  1278. behavior became problematic in 0.2.7.2-alpha, when authorities
  1279. began pinning Ed25519 keys. Fixes bug 22349; bugfix
  1280. on 0.2.1.19-alpha.
  1281. o Minor bugfixes (hidden service, relay, backport from 0.3.2.2-alpha):
  1282. - Avoid a possible double close of a circuit by the intro point on
  1283. error of sending the INTRO_ESTABLISHED cell. Fixes bug 23610;
  1284. bugfix on 0.3.0.1-alpha.
  1285. o Minor bugfixes (memory safety, backport from 0.3.2.3-alpha):
  1286. - Clear the address when node_get_prim_orport() returns early.
  1287. Fixes bug 23874; bugfix on 0.2.8.2-alpha.
  1288. o Minor bugfixes (Windows service, backport from 0.3.1.6-rc):
  1289. - When running as a Windows service, set the ID of the main thread
  1290. correctly. Failure to do so made us fail to send log messages to
  1291. the controller in 0.2.1.16-rc, slowed down controller event
  1292. delivery in 0.2.7.3-rc and later, and crash with an assertion
  1293. failure in 0.3.1.1-alpha. Fixes bug 23081; bugfix on 0.2.1.6-alpha.
  1294. Patch and diagnosis from "Vort".
  1295. Changes in version 0.3.1.8 - 2017-10-25
  1296. Tor 0.3.1.8 is the second stable release in the 0.3.1 series.
  1297. It includes several bugfixes, including a bugfix for a crash issue
  1298. that had affected relays under memory pressure. It also adds
  1299. a new directory authority, Bastet.
  1300. o Directory authority changes:
  1301. - Add "Bastet" as a ninth directory authority to the default list.
  1302. Closes ticket 23910.
  1303. - The directory authority "Longclaw" has changed its IP address.
  1304. Closes ticket 23592.
  1305. o Major bugfixes (relay, crash, assertion failure, backport from 0.3.2.2-alpha):
  1306. - Fix a timing-based assertion failure that could occur when the
  1307. circuit out-of-memory handler freed a connection's output buffer.
  1308. Fixes bug 23690; bugfix on 0.2.6.1-alpha.
  1309. o Minor features (directory authorities, backport from 0.3.2.2-alpha):
  1310. - Remove longclaw's IPv6 address, as it will soon change. Authority
  1311. IPv6 addresses were originally added in 0.2.8.1-alpha. This leaves
  1312. 3/8 directory authorities with IPv6 addresses, but there are also
  1313. 52 fallback directory mirrors with IPv6 addresses. Resolves 19760.
  1314. o Minor features (geoip):
  1315. - Update geoip and geoip6 to the October 4 2017 Maxmind GeoLite2
  1316. Country database.
  1317. o Minor bugfixes (compilation, backport from 0.3.2.2-alpha):
  1318. - Fix a compilation warning when building with zstd support on
  1319. 32-bit platforms. Fixes bug 23568; bugfix on 0.3.1.1-alpha. Found
  1320. and fixed by Andreas Stieger.
  1321. o Minor bugfixes (compression, backport from 0.3.2.2-alpha):
  1322. - Handle a pathological case when decompressing Zstandard data when
  1323. the output buffer size is zero. Fixes bug 23551; bugfix
  1324. on 0.3.1.1-alpha.
  1325. o Minor bugfixes (directory authority, backport from 0.3.2.1-alpha):
  1326. - Remove the length limit on HTTP status lines that authorities can
  1327. send in their replies. Fixes bug 23499; bugfix on 0.3.1.6-rc.
  1328. o Minor bugfixes (hidden service, relay, backport from 0.3.2.2-alpha):
  1329. - Avoid a possible double close of a circuit by the intro point on
  1330. error of sending the INTRO_ESTABLISHED cell. Fixes bug 23610;
  1331. bugfix on 0.3.0.1-alpha.
  1332. o Minor bugfixes (memory safety, backport from 0.3.2.3-alpha):
  1333. - Clear the address when node_get_prim_orport() returns early.
  1334. Fixes bug 23874; bugfix on 0.2.8.2-alpha.
  1335. o Minor bugfixes (unit tests, backport from 0.3.2.2-alpha):
  1336. - Fix additional channelpadding unit test failures by using mocked
  1337. time instead of actual time for all tests. Fixes bug 23608; bugfix
  1338. on 0.3.1.1-alpha.
  1339. Changes in version 0.3.2.2-alpha - 2017-09-29
  1340. Tor 0.3.2.2-alpha is the second release in the 0.3.2 series. This
  1341. release fixes several minor bugs in the new scheduler and next-
  1342. generation onion services; both features were newly added in the 0.3.2
  1343. series. Other fixes in this alpha include several fixes for non-fatal
  1344. tracebacks which would appear in logs.
  1345. With the aim to stabilise the 0.3.2 series by 15 December 2017, this
  1346. alpha does not contain any substantial new features. Minor features
  1347. include better testing and logging.
  1348. The following comprises the complete list of changes included
  1349. in tor-0.3.2.2-alpha:
  1350. o Major bugfixes (relay, crash, assertion failure):
  1351. - Fix a timing-based assertion failure that could occur when the
  1352. circuit out-of-memory handler freed a connection's output buffer.
  1353. Fixes bug 23690; bugfix on 0.2.6.1-alpha.
  1354. o Major bugfixes (scheduler):
  1355. - If a channel is put into the scheduler's pending list, then it
  1356. starts closing, and then if the scheduler runs before it finishes
  1357. closing, the scheduler will get stuck trying to flush its cells
  1358. while the lower layers refuse to cooperate. Fix that race
  1359. condition by giving the scheduler an escape method. Fixes bug
  1360. 23676; bugfix on 0.3.2.1-alpha.
  1361. o Minor features (build, compilation):
  1362. - The "check-changes" feature is now part of the "make check" tests;
  1363. we'll use it to try to prevent misformed changes files from
  1364. accumulating. Closes ticket 23564.
  1365. - Tor builds should now fail if there are any mismatches between the
  1366. C type representing a configuration variable and the C type the
  1367. data-driven parser uses to store a value there. Previously, we
  1368. needed to check these by hand, which sometimes led to mistakes.
  1369. Closes ticket 23643.
  1370. o Minor features (directory authorities):
  1371. - Remove longclaw's IPv6 address, as it will soon change. Authority
  1372. IPv6 addresses were originally added in 0.2.8.1-alpha. This leaves
  1373. 3/8 directory authorities with IPv6 addresses, but there are also
  1374. 52 fallback directory mirrors with IPv6 addresses. Resolves 19760.
  1375. o Minor features (hidden service, circuit, logging):
  1376. - Improve logging of many callsite in the circuit subsystem to print
  1377. the circuit identifier(s).
  1378. - Log when we cleanup an intro point from a service so we know when
  1379. and for what reason it happened. Closes ticket 23604.
  1380. o Minor features (logging):
  1381. - Log more circuit information whenever we are about to try to
  1382. package a relay cell on a circuit with a nonexistent n_chan.
  1383. Attempt to diagnose ticket 8185.
  1384. - Improve info-level log identification of particular circuits, to
  1385. help with debugging. Closes ticket 23645.
  1386. o Minor features (relay):
  1387. - When choosing which circuits can be expired as unused, consider
  1388. circuits from clients even if those clients used regular CREATE
  1389. cells to make them; and do not consider circuits from relays even
  1390. if they were made with CREATE_FAST. Part of ticket 22805.
  1391. o Minor features (robustness):
  1392. - Change several fatal assertions when flushing buffers into non-
  1393. fatal assertions, to prevent any recurrence of 23690.
  1394. o Minor features (spec conformance, bridge, diagnostic):
  1395. - When handling the USERADDR command on an ExtOrPort, warn when the
  1396. transports provides a USERADDR with no port. In a future version,
  1397. USERADDR commands of this format may be rejected. Detects problems
  1398. related to ticket 23080.
  1399. o Minor features (testing):
  1400. - Add a unit test to make sure that our own generated platform
  1401. string will be accepted by directory authorities. Closes
  1402. ticket 22109.
  1403. o Minor bugfixes (bootstrapping):
  1404. - When warning about state file clock skew, report the correct
  1405. direction for the detected skew. Fixes bug 23606; bugfix
  1406. on 0.2.8.1-alpha.
  1407. - Avoid an assertion failure when logging a state file clock skew
  1408. very early in bootstrapping. Fixes bug 23607; bugfix
  1409. on 0.3.2.1-alpha.
  1410. o Minor bugfixes (build, compilation):
  1411. - Fix a compilation warning when building with zstd support on
  1412. 32-bit platforms. Fixes bug 23568; bugfix on 0.3.1.1-alpha. Found
  1413. and fixed by Andreas Stieger.
  1414. - When searching for OpenSSL, don't accept any OpenSSL library that
  1415. lacks TLSv1_1_method(): Tor doesn't build with those versions.
  1416. Additionally, look in /usr/local/opt/openssl, if it's present.
  1417. These changes together repair the default build on OSX systems
  1418. with Homebrew installed. Fixes bug 23602; bugfix on 0.2.7.2-alpha.
  1419. o Minor bugfixes (compression):
  1420. - Handle a pathological case when decompressing Zstandard data when
  1421. the output buffer size is zero. Fixes bug 23551; bugfix
  1422. on 0.3.1.1-alpha.
  1423. o Minor bugfixes (documentation):
  1424. - Fix manpage to not refer to the obsolete (and misspelled)
  1425. UseEntryGuardsAsDirectoryGuards parameter in the description of
  1426. NumDirectoryGuards. Fixes bug 23611; bugfix on 0.2.4.8-alpha.
  1427. o Minor bugfixes (hidden service v3):
  1428. - Don't log an assertion failure when we can't find the right
  1429. information to extend to an introduction point. In rare cases,
  1430. this could happen, causing a warning, even though tor would
  1431. recover gracefully. Fixes bug 23159; bugfix on 0.3.2.1-alpha.
  1432. - Pad RENDEZVOUS cell up to the size of the legacy cell which is
  1433. much bigger so the rendezvous point can't distinguish which hidden
  1434. service protocol is being used. Fixes bug 23420; bugfix
  1435. on 0.3.2.1-alpha.
  1436. o Minor bugfixes (hidden service, relay):
  1437. - Avoid a possible double close of a circuit by the intro point on
  1438. error of sending the INTRO_ESTABLISHED cell. Fixes bug 23610;
  1439. bugfix on 0.3.0.1-alpha.
  1440. o Minor bugfixes (logging, relay shutdown, annoyance):
  1441. - When a circuit is marked for close, do not attempt to package any
  1442. cells for channels on that circuit. Previously, we would detect
  1443. this condition lower in the call stack, when we noticed that the
  1444. circuit had no attached channel, and log an annoying message.
  1445. Fixes bug 8185; bugfix on 0.2.5.4-alpha.
  1446. o Minor bugfixes (scheduler):
  1447. - When switching schedulers due to a consensus change, we didn't
  1448. give the new scheduler a chance to react to the consensus. Fix
  1449. that. Fixes bug 23537; bugfix on 0.3.2.1-alpha.
  1450. - Make the KISTSchedRunInterval option a non negative value. With
  1451. this, the way to disable KIST through the consensus is to set it
  1452. to 0. Fixes bug 23539; bugfix on 0.3.2.1-alpha.
  1453. - Only notice log the selected scheduler when we switch scheduler
  1454. types. Fixes bug 23552; bugfix on 0.3.2.1-alpha.
  1455. - Avoid a compilation warning on macOS in scheduler_ev_add() caused
  1456. by a different tv_usec data type. Fixes bug 23575; bugfix
  1457. on 0.3.2.1-alpha.
  1458. - Make a hard exit if tor is unable to pick a scheduler which can
  1459. happen if the user specifies a scheduler type that is not
  1460. supported and not other types in Schedulers. Fixes bug 23581;
  1461. bugfix on 0.3.2.1-alpha.
  1462. - Properly initialize the scheduler last run time counter so it is
  1463. not 0 at the first tick. Fixes bug 23696; bugfix on 0.3.2.1-alpha.
  1464. o Minor bugfixes (testing):
  1465. - Capture and detect several "Result does not fit" warnings in unit
  1466. tests on platforms with 32-bit time_t. Fixes bug 21800; bugfix
  1467. on 0.2.9.3-alpha.
  1468. - Fix additional channelpadding unit test failures by using mocked
  1469. time instead of actual time for all tests. Fixes bug 23608; bugfix
  1470. on 0.3.1.1-alpha.
  1471. - The removal of some old scheduler options caused some tests to
  1472. fail on BSD systems. Assume current behavior is correct and make
  1473. the tests pass again. Fixes bug 23566; bugfix on 0.3.2.1-alpha.
  1474. o Code simplification and refactoring:
  1475. - Remove various ways of testing circuits and connections for
  1476. "clientness"; instead, favor channel_is_client(). Part of
  1477. ticket 22805.
  1478. o Deprecated features:
  1479. - The ReachableDirAddresses and ClientPreferIPv6DirPort options are
  1480. now deprecated; they do not apply to relays, and they have had no
  1481. effect on clients since 0.2.8.x. Closes ticket 19704.
  1482. o Documentation:
  1483. - HiddenServiceVersion man page entry wasn't mentioning the now
  1484. supported version 3. Fixes ticket 23580; bugfix on 0.3.2.1-alpha.
  1485. - Clarify that the Address option is entirely about setting an
  1486. advertised IPv4 address. Closes ticket 18891.
  1487. - Clarify the manpage's use of the term "address" to clarify what
  1488. kind of address is intended. Closes ticket 21405.
  1489. - Document that onion service subdomains are allowed, and ignored.
  1490. Closes ticket 18736.
  1491. Changes in version 0.3.2.1-alpha - 2017-09-18
  1492. Tor 0.3.2.1-alpha is the first release in the 0.3.2.x series. It
  1493. includes support for our next-generation ("v3") onion service
  1494. protocol, and adds a new circuit scheduler for more responsive
  1495. forwarding decisions from relays. There are also numerous other small
  1496. features and bugfixes here.
  1497. Below are the changes since Tor 0.3.1.7.
  1498. o Major feature (scheduler, channel):
  1499. - Tor now uses new schedulers to decide which circuits should
  1500. deliver cells first, in order to improve congestion at relays. The
  1501. first type is called "KIST" ("Kernel Informed Socket Transport"),
  1502. and is only available on Linux-like systems: it uses feedback from
  1503. the kernel to prevent the kernel's TCP buffers from growing too
  1504. full. The second new scheduler type is called "KISTLite": it
  1505. behaves the same as KIST, but runs on systems without kernel
  1506. support for inspecting TCP implementation details. The old
  1507. scheduler is still available, under the name "Vanilla". To change
  1508. the default scheduler preference order, use the new "Schedulers"
  1509. option. (The default preference order is "KIST,KISTLite,Vanilla".)
  1510. Matt Traudt implemented KIST, based on research by Rob Jansen,
  1511. John Geddes, Christ Wacek, Micah Sherr, and Paul Syverson. For
  1512. more information, see the design paper at
  1513. http://www.robgjansen.com/publications/kist-sec2014.pdf and the
  1514. followup implementation paper at https://arxiv.org/abs/1709.01044.
  1515. Closes ticket 12541.
  1516. o Major features (next-generation onion services):
  1517. - Tor now supports the next-generation onion services protocol for
  1518. clients and services! As part of this release, the core of
  1519. proposal 224 has been implemented and is available for
  1520. experimentation and testing by our users. This newer version of
  1521. onion services ("v3") features many improvements over the legacy
  1522. system, including:
  1523. a) Better crypto (replaced SHA1/DH/RSA1024
  1524. with SHA3/ed25519/curve25519)
  1525. b) Improved directory protocol, leaking much less information to
  1526. directory servers.
  1527. c) Improved directory protocol, with smaller surface for
  1528. targeted attacks.
  1529. d) Better onion address security against impersonation.
  1530. e) More extensible introduction/rendezvous protocol.
  1531. f) A cleaner and more modular codebase.
  1532. You can identify a next-generation onion address by its length:
  1533. they are 56 characters long, as in
  1534. "4acth47i6kxnvkewtm6q7ib2s3ufpo5sqbsnzjpbi7utijcltosqemad.onion".
  1535. In the future, we will release more options and features for v3
  1536. onion services, but we first need a testing period, so that the
  1537. current codebase matures and becomes more robust. Planned features
  1538. include: offline keys, advanced client authorization, improved
  1539. guard algorithms, and statistics. For full details, see
  1540. proposal 224.
  1541. Legacy ("v2") onion services will still work for the foreseeable
  1542. future, and will remain the default until this new codebase gets
  1543. tested and hardened. Service operators who want to experiment with
  1544. the new system can use the 'HiddenServiceVersion 3' torrc
  1545. directive along with the regular onion service configuration
  1546. options. We will publish a blog post about this new feature
  1547. soon! Enjoy!
  1548. o Major bugfixes (usability, control port):
  1549. - Report trusted clock skew indications as bootstrap errors, so
  1550. controllers can more easily alert users when their clocks are
  1551. wrong. Fixes bug 23506; bugfix on 0.1.2.6-alpha.
  1552. o Minor features (bug detection):
  1553. - Log a warning message with a stack trace for any attempt to call
  1554. get_options() during option validation. This pattern has caused
  1555. subtle bugs in the past. Closes ticket 22281.
  1556. o Minor features (client):
  1557. - You can now use Tor as a tunneled HTTP proxy: use the new
  1558. HTTPTunnelPort option to open a port that accepts HTTP CONNECT
  1559. requests. Closes ticket 22407.
  1560. - Add an extra check to make sure that we always use the newer guard
  1561. selection code for picking our guards. Closes ticket 22779.
  1562. - When downloading (micro)descriptors, don't split the list into
  1563. multiple requests unless we want at least 32 descriptors.
  1564. Previously, we split at 4, not 32, which led to significant
  1565. overhead in HTTP request size and degradation in compression
  1566. performance. Closes ticket 23220.
  1567. o Minor features (command line):
  1568. - Add a new commandline option, --key-expiration, which prints when
  1569. the current signing key is going to expire. Implements ticket
  1570. 17639; patch by Isis Lovecruft.
  1571. o Minor features (control port):
  1572. - If an application tries to use the control port as an HTTP proxy,
  1573. respond with a meaningful "This is the Tor control port" message,
  1574. and log the event. Closes ticket 1667. Patch from Ravi
  1575. Chandra Padmala.
  1576. - Provide better error message for GETINFO desc/(id|name) when not
  1577. fetching router descriptors. Closes ticket 5847. Patch by
  1578. Kevin Butler.
  1579. - Add GETINFO "{desc,md}/download-enabled", to inform the controller
  1580. whether Tor will try to download router descriptors and
  1581. microdescriptors respectively. Closes ticket 22684.
  1582. - Added new GETINFO targets "ip-to-country/{ipv4,ipv6}-available",
  1583. so controllers can tell whether the geoip databases are loaded.
  1584. Closes ticket 23237.
  1585. - Adds a timestamp field to the CIRC_BW and STREAM_BW bandwidth
  1586. events. Closes ticket 19254. Patch by "DonnchaC".
  1587. o Minor features (development support):
  1588. - Developers can now generate a call-graph for Tor using the
  1589. "calltool" python program, which post-processes object dumps. It
  1590. should work okay on many Linux and OSX platforms, and might work
  1591. elsewhere too. To run it, install calltool from
  1592. https://gitweb.torproject.org/user/nickm/calltool.git and run
  1593. "make callgraph". Closes ticket 19307.
  1594. o Minor features (ed25519):
  1595. - Add validation function to checks for torsion components in
  1596. ed25519 public keys, used by prop224 client-side code. Closes
  1597. ticket 22006. Math help by Ian Goldberg.
  1598. o Minor features (exit relay, DNS):
  1599. - Improve the clarity and safety of the log message from evdns when
  1600. receiving an apparently spoofed DNS reply. Closes ticket 3056.
  1601. o Minor features (integration, hardening):
  1602. - Add a new NoExec option to prevent Tor from running other
  1603. programs. When this option is set to 1, Tor will never try to run
  1604. another program, regardless of the settings of
  1605. PortForwardingHelper, ClientTransportPlugin, or
  1606. ServerTransportPlugin. Once NoExec is set, it cannot be disabled
  1607. without restarting Tor. Closes ticket 22976.
  1608. o Minor features (logging):
  1609. - Improve the warning message for specifying a relay by nickname.
  1610. The previous message implied that nickname registration was still
  1611. part of the Tor network design, which it isn't. Closes
  1612. ticket 20488.
  1613. - If the sandbox filter fails to load, suggest to the user that
  1614. their kernel might not support seccomp2. Closes ticket 23090.
  1615. o Minor features (portability):
  1616. - Check at configure time whether uint8_t is the same type as
  1617. unsigned char. Lots of existing code already makes this
  1618. assumption, and there could be strict aliasing issues if the
  1619. assumption is violated. Closes ticket 22410.
  1620. o Minor features (relay, configuration):
  1621. - Reject attempts to use relative file paths when RunAsDaemon is
  1622. set. Previously, Tor would accept these, but the directory-
  1623. changing step of RunAsDaemon would give strange and/or confusing
  1624. results. Closes ticket 22731.
  1625. o Minor features (startup, safety):
  1626. - When configured to write a PID file, Tor now exits if it is unable
  1627. to do so. Previously, it would warn and continue. Closes
  1628. ticket 20119.
  1629. o Minor features (static analysis):
  1630. - The BUG() macro has been changed slightly so that Coverity no
  1631. longer complains about dead code if the bug is impossible. Closes
  1632. ticket 23054.
  1633. o Minor features (testing):
  1634. - The default chutney network tests now include tests for the v3
  1635. hidden service design. Make sure you have the latest version of
  1636. chutney if you want to run these. Closes ticket 22437.
  1637. - Add a unit test to verify that we can parse a hardcoded v2 hidden
  1638. service descriptor. Closes ticket 15554.
  1639. o Minor bugfixes (certificate handling):
  1640. - Fix a time handling bug in Tor certificates set to expire after
  1641. the year 2106. Fixes bug 23055; bugfix on 0.3.0.1-alpha. Found by
  1642. Coverity as CID 1415728.
  1643. o Minor bugfixes (client, usability):
  1644. - Refrain from needlessly rejecting SOCKS5-with-hostnames and
  1645. SOCKS4a requests that contain IP address strings, even when
  1646. SafeSocks in enabled, as this prevents user from connecting to
  1647. known IP addresses without relying on DNS for resolving. SafeSocks
  1648. still rejects SOCKS connections that connect to IP addresses when
  1649. those addresses are _not_ encoded as hostnames. Fixes bug 22461;
  1650. bugfix on Tor 0.2.6.2-alpha.
  1651. o Minor bugfixes (code correctness):
  1652. - Call htons() in extend_cell_format() for encoding a 16-bit value.
  1653. Previously we used ntohs(), which happens to behave the same on
  1654. all the platforms we support, but which isn't really correct.
  1655. Fixes bug 23106; bugfix on 0.2.4.8-alpha.
  1656. - For defense-in-depth, make the controller's write_escaped_data()
  1657. function robust to extremely long inputs. Fixes bug 19281; bugfix
  1658. on 0.1.1.1-alpha. Reported by Guido Vranken.
  1659. o Minor bugfixes (compilation):
  1660. - Fix unused-variable warnings in donna's Curve25519 SSE2 code.
  1661. Fixes bug 22895; bugfix on 0.2.7.2-alpha.
  1662. o Minor bugfixes (consensus expiry):
  1663. - Check for adequate directory information correctly. Previously, Tor
  1664. would reconsider whether it had sufficient directory information
  1665. every 2 minutes. Fixes bug 23091; bugfix on 0.2.0.19-alpha.
  1666. o Minor bugfixes (directory protocol):
  1667. - Directory servers now include a "Date:" http header for response
  1668. codes other than 200. Clients starting with a skewed clock and a
  1669. recent consensus were getting "304 Not modified" responses from
  1670. directory authorities, so without the Date header, the client
  1671. would never hear about a wrong clock. Fixes bug 23499; bugfix
  1672. on 0.0.8rc1.
  1673. - Make clients wait for 6 seconds before trying to download a
  1674. consensus from an authority. Fixes bug 17750; bugfix
  1675. on 0.2.8.1-alpha.
  1676. o Minor bugfixes (DoS-resistance):
  1677. - If future code asks if there are any running bridges, without
  1678. checking if bridges are enabled, log a BUG warning rather than
  1679. crashing. Fixes bug 23524; bugfix on 0.3.0.1-alpha.
  1680. o Minor bugfixes (format strictness):
  1681. - Restrict several data formats to decimal. Previously, the
  1682. BuildTimeHistogram entries in the state file, the "bw=" entries in
  1683. the bandwidth authority file, and the process IDs passed to the
  1684. __OwningControllerProcess option could all be specified in hex or
  1685. octal as well as in decimal. This was not an intentional feature.
  1686. Fixes bug 22802; bugfixes on 0.2.2.1-alpha, 0.2.2.2-alpha,
  1687. and 0.2.2.28-beta.
  1688. o Minor bugfixes (heartbeat):
  1689. - If we fail to write a heartbeat message, schedule a retry for the
  1690. minimum heartbeat interval number of seconds in the future. Fixes
  1691. bug 19476; bugfix on 0.2.3.1-alpha.
  1692. o Minor bugfixes (linux seccomp2 sandbox, logging):
  1693. - Fix some messages on unexpected errors from the seccomp2 library.
  1694. Fixes bug 22750; bugfix on 0.2.5.1-alpha. Patch from "cypherpunks".
  1695. o Minor bugfixes (logging):
  1696. - Remove duplicate log messages regarding opening non-local
  1697. SocksPorts upon parsing config and opening listeners at startup.
  1698. Fixes bug 4019; bugfix on 0.2.3.3-alpha.
  1699. - Use a more comprehensible log message when telling the user
  1700. they've excluded every running exit node. Fixes bug 7890; bugfix
  1701. on 0.2.2.25-alpha.
  1702. - When logging the number of descriptors we intend to download per
  1703. directory request, do not log a number higher than then the number
  1704. of descriptors we're fetching in total. Fixes bug 19648; bugfix
  1705. on 0.1.1.8-alpha.
  1706. - When warning about a directory owned by the wrong user, log the
  1707. actual name of the user owning the directory. Previously, we'd log
  1708. the name of the process owner twice. Fixes bug 23487; bugfix
  1709. on 0.2.9.1-alpha.
  1710. - The tor specification says hop counts are 1-based, so fix two log
  1711. messages that mistakenly logged 0-based hop counts. Fixes bug
  1712. 18982; bugfix on 0.2.6.2-alpha and 0.2.4.5-alpha. Patch by teor.
  1713. Credit to Xiaofan Li for reporting this issue.
  1714. o Minor bugfixes (portability):
  1715. - Stop using the PATH_MAX variable, which is not defined on GNU
  1716. Hurd. Fixes bug 23098; bugfix on 0.3.1.1-alpha.
  1717. o Minor bugfixes (relay):
  1718. - When uploading our descriptor for the first time after startup,
  1719. report the reason for uploading as "Tor just started" rather than
  1720. leaving it blank. Fixes bug 22885; bugfix on 0.2.3.4-alpha.
  1721. - Avoid unnecessary calls to directory_fetches_from_authorities() on
  1722. relays, to prevent spurious address resolutions and descriptor
  1723. rebuilds. This is a mitigation for bug 21789. Fixes bug 23470;
  1724. bugfix on in 0.2.8.1-alpha.
  1725. o Minor bugfixes (tests):
  1726. - Fix a broken unit test for the OutboundAddress option: the parsing
  1727. function was never returning an error on failure. Fixes bug 23366;
  1728. bugfix on 0.3.0.3-alpha.
  1729. - Fix a signed-integer overflow in the unit tests for
  1730. dir/download_status_random_backoff, which was untriggered until we
  1731. fixed bug 17750. Fixes bug 22924; bugfix on 0.2.9.1-alpha.
  1732. o Minor bugfixes (usability, control port):
  1733. - Stop making an unnecessary routerlist check in NETINFO clock skew
  1734. detection; this was preventing clients from reporting NETINFO clock
  1735. skew to controllers. Fixes bug 23532; bugfix on 0.2.4.4-alpha.
  1736. o Code simplification and refactoring:
  1737. - Extract the code for handling newly-open channels into a separate
  1738. function from the general code to handle channel state
  1739. transitions. This change simplifies our callgraph, reducing the
  1740. size of the largest strongly connected component by roughly a
  1741. factor of two. Closes ticket 22608.
  1742. - Remove dead code for largely unused statistics on the number of
  1743. times we've attempted various public key operations. Fixes bug
  1744. 19871; bugfix on 0.1.2.4-alpha. Fix by Isis Lovecruft.
  1745. - Remove several now-obsolete functions for asking about old
  1746. variants directory authority status. Closes ticket 22311; patch
  1747. from "huyvq".
  1748. - Remove some of the code that once supported "Named" and "Unnamed"
  1749. routers. Authorities no longer vote for these flags. Closes
  1750. ticket 22215.
  1751. - Rename the obsolete malleable hybrid_encrypt functions used in TAP
  1752. and old hidden services, to indicate that they aren't suitable for
  1753. new protocols or formats. Closes ticket 23026.
  1754. - Replace our STRUCT_OFFSET() macro with offsetof(). Closes ticket
  1755. 22521. Patch from Neel Chauhan.
  1756. - Split the enormous circuit_send_next_onion_skin() function into
  1757. multiple subfunctions. Closes ticket 22804.
  1758. - Split the portions of the buffer.c module that handle particular
  1759. protocols into separate modules. Part of ticket 23149.
  1760. - Use our test macros more consistently, to produce more useful
  1761. error messages when our unit tests fail. Add coccinelle patches to
  1762. allow us to re-check for test macro uses. Closes ticket 22497.
  1763. o Deprecated features:
  1764. - Deprecate HTTPProxy/HTTPProxyAuthenticator config options. They
  1765. only applies to direct unencrypted HTTP connections to your
  1766. directory server, which your Tor probably isn't using. Closes
  1767. ticket 20575.
  1768. o Documentation:
  1769. - Clarify in the manual that "Sandbox 1" is only supported on Linux
  1770. kernels. Closes ticket 22677.
  1771. - Document all values of PublishServerDescriptor in the manpage.
  1772. Closes ticket 15645.
  1773. - Improve the documentation for the directory port part of the
  1774. DirAuthority line. Closes ticket 20152.
  1775. - Restore documentation for the authorities' "approved-routers"
  1776. file. Closes ticket 21148.
  1777. o Removed features:
  1778. - The AllowDotExit option has been removed as unsafe. It has been
  1779. deprecated since 0.2.9.2-alpha. Closes ticket 23426.
  1780. - The ClientDNSRejectInternalAddresses flag can no longer be set on
  1781. non-testing networks. It has been deprecated since 0.2.9.2-alpha.
  1782. Closes ticket 21031.
  1783. - The controller API no longer includes an AUTHDIR_NEWDESCS event:
  1784. nobody was using it any longer. Closes ticket 22377.
  1785. Changes in version 0.2.8.15 - 2017-09-18
  1786. Tor 0.2.8.15 backports a collection of bugfixes from later
  1787. Tor series.
  1788. Most significantly, it includes a fix for TROVE-2017-008, a
  1789. security bug that affects hidden services running with the
  1790. SafeLogging option disabled. For more information, see
  1791. https://trac.torproject.org/projects/tor/ticket/23490
  1792. Note that Tor 0.2.8.x will no longer be supported after 1 Jan
  1793. 2018. We suggest that you upgrade to the latest stable release if
  1794. possible. If you can't, we recommend that you upgrade at least to
  1795. 0.2.9, which will be supported until 2020.
  1796. o Major bugfixes (openbsd, denial-of-service, backport from 0.3.1.5-alpha):
  1797. - Avoid an assertion failure bug affecting our implementation of
  1798. inet_pton(AF_INET6) on certain OpenBSD systems whose strtol()
  1799. handling of "0xx" differs from what we had expected. Fixes bug
  1800. 22789; bugfix on 0.2.3.8-alpha. Also tracked as TROVE-2017-007.
  1801. o Minor features:
  1802. - Update geoip and geoip6 to the September 6 2017 Maxmind GeoLite2
  1803. Country database.
  1804. o Minor bugfixes (compilation, mingw, backport from 0.3.1.1-alpha):
  1805. - Backport a fix for an "unused variable" warning that appeared
  1806. in some versions of mingw. Fixes bug 22838; bugfix on
  1807. 0.2.8.1-alpha.
  1808. o Minor bugfixes (defensive programming, undefined behavior, backport from 0.3.1.4-alpha):
  1809. - Fix a memset() off the end of an array when packing cells. This
  1810. bug should be harmless in practice, since the corrupted bytes are
  1811. still in the same structure, and are always padding bytes,
  1812. ignored, or immediately overwritten, depending on compiler
  1813. behavior. Nevertheless, because the memset()'s purpose is to make
  1814. sure that any other cell-handling bugs can't expose bytes to the
  1815. network, we need to fix it. Fixes bug 22737; bugfix on
  1816. 0.2.4.11-alpha. Fixes CID 1401591.
  1817. o Build features (backport from 0.3.1.5-alpha):
  1818. - Tor's repository now includes a Travis Continuous Integration (CI)
  1819. configuration file (.travis.yml). This is meant to help new
  1820. developers and contributors who fork Tor to a Github repository be
  1821. better able to test their changes, and understand what we expect
  1822. to pass. To use this new build feature, you must fork Tor to your
  1823. Github account, then go into the "Integrations" menu in the
  1824. repository settings for your fork and enable Travis, then push
  1825. your changes. Closes ticket 22636.
  1826. Changes in version 0.2.9.12 - 2017-09-18
  1827. Tor 0.2.9.12 backports a collection of bugfixes from later
  1828. Tor series.
  1829. Most significantly, it includes a fix for TROVE-2017-008, a
  1830. security bug that affects hidden services running with the
  1831. SafeLogging option disabled. For more information, see
  1832. https://trac.torproject.org/projects/tor/ticket/23490
  1833. o Major features (security, backport from 0.3.0.2-alpha):
  1834. - Change the algorithm used to decide DNS TTLs on client and server
  1835. side, to better resist DNS-based correlation attacks like the
  1836. DefecTor attack of Greschbach, Pulls, Roberts, Winter, and
  1837. Feamster. Now relays only return one of two possible DNS TTL
  1838. values, and clients are willing to believe DNS TTL values up to 3
  1839. hours long. Closes ticket 19769.
  1840. o Major bugfixes (crash, directory connections, backport from 0.3.0.5-rc):
  1841. - Fix a rare crash when sending a begin cell on a circuit whose
  1842. linked directory connection had already been closed. Fixes bug
  1843. 21576; bugfix on 0.2.9.3-alpha. Reported by Alec Muffett.
  1844. o Major bugfixes (DNS, backport from 0.3.0.2-alpha):
  1845. - Fix a bug that prevented exit nodes from caching DNS records for
  1846. more than 60 seconds. Fixes bug 19025; bugfix on 0.2.4.7-alpha.
  1847. o Major bugfixes (linux TPROXY support, backport from 0.3.1.1-alpha):
  1848. - Fix a typo that had prevented TPROXY-based transparent proxying
  1849. from working under Linux. Fixes bug 18100; bugfix on 0.2.6.3-alpha.
  1850. Patch from "d4fq0fQAgoJ".
  1851. o Major bugfixes (openbsd, denial-of-service, backport from 0.3.1.5-alpha):
  1852. - Avoid an assertion failure bug affecting our implementation of
  1853. inet_pton(AF_INET6) on certain OpenBSD systems whose strtol()
  1854. handling of "0xx" differs from what we had expected. Fixes bug
  1855. 22789; bugfix on 0.2.3.8-alpha. Also tracked as TROVE-2017-007.
  1856. o Minor features (code style, backport from 0.3.1.3-alpha):
  1857. - Add "Falls through" comments to our codebase, in order to silence
  1858. GCC 7's -Wimplicit-fallthrough warnings. Patch from Andreas
  1859. Stieger. Closes ticket 22446.
  1860. o Minor features (geoip):
  1861. - Update geoip and geoip6 to the September 6 2017 Maxmind GeoLite2
  1862. Country database.
  1863. o Minor bugfixes (bandwidth accounting, backport from 0.3.1.1-alpha):
  1864. - Roll over monthly accounting at the configured hour and minute,
  1865. rather than always at 00:00. Fixes bug 22245; bugfix on 0.0.9rc1.
  1866. Found by Andrey Karpov with PVS-Studio.
  1867. o Minor bugfixes (compilation, backport from 0.3.1.5-alpha):
  1868. - Suppress -Wdouble-promotion warnings with clang 4.0. Fixes bug 22915;
  1869. bugfix on 0.2.8.1-alpha.
  1870. - Fix warnings when building with libscrypt and openssl scrypt support
  1871. on Clang. Fixes bug 22916; bugfix on 0.2.7.2-alpha.
  1872. - When building with certain versions the mingw C header files, avoid
  1873. float-conversion warnings when calling the C functions isfinite(),
  1874. isnan(), and signbit(). Fixes bug 22801; bugfix on 0.2.8.1-alpha.
  1875. o Minor bugfixes (compilation, backport from 0.3.1.7):
  1876. - Avoid compiler warnings in the unit tests for running tor_sscanf()
  1877. with wide string outputs. Fixes bug 15582; bugfix on 0.2.6.2-alpha.
  1878. o Minor bugfixes (compilation, mingw, backport from 0.3.1.1-alpha):
  1879. - Backport a fix for an "unused variable" warning that appeared
  1880. in some versions of mingw. Fixes bug 22838; bugfix on
  1881. 0.2.8.1-alpha.
  1882. o Minor bugfixes (controller, backport from 0.3.1.7):
  1883. - Do not crash when receiving a HSPOST command with an empty body.
  1884. Fixes part of bug 22644; bugfix on 0.2.7.1-alpha.
  1885. - Do not crash when receiving a POSTDESCRIPTOR command with an
  1886. empty body. Fixes part of bug 22644; bugfix on 0.2.0.1-alpha.
  1887. o Minor bugfixes (coverity build support, backport from 0.3.1.5-alpha):
  1888. - Avoid Coverity build warnings related to our BUG() macro. By
  1889. default, Coverity treats BUG() as the Linux kernel does: an
  1890. instant abort(). We need to override that so our BUG() macro
  1891. doesn't prevent Coverity from analyzing functions that use it.
  1892. Fixes bug 23030; bugfix on 0.2.9.1-alpha.
  1893. o Minor bugfixes (defensive programming, undefined behavior, backport from 0.3.1.4-alpha):
  1894. - Fix a memset() off the end of an array when packing cells. This
  1895. bug should be harmless in practice, since the corrupted bytes are
  1896. still in the same structure, and are always padding bytes,
  1897. ignored, or immediately overwritten, depending on compiler
  1898. behavior. Nevertheless, because the memset()'s purpose is to make
  1899. sure that any other cell-handling bugs can't expose bytes to the
  1900. network, we need to fix it. Fixes bug 22737; bugfix on
  1901. 0.2.4.11-alpha. Fixes CID 1401591.
  1902. o Minor bugfixes (file limits, osx, backport from 0.3.1.5-alpha):
  1903. - When setting the maximum number of connections allowed by the OS,
  1904. always allow some extra file descriptors for other files. Fixes
  1905. bug 22797; bugfix on 0.2.0.10-alpha.
  1906. o Minor bugfixes (linux seccomp2 sandbox, backport from 0.3.1.5-alpha):
  1907. - Avoid a sandbox failure when trying to re-bind to a socket and
  1908. mark it as IPv6-only. Fixes bug 20247; bugfix on 0.2.5.1-alpha.
  1909. o Minor bugfixes (linux seccomp2 sandbox, backport from 0.3.1.4-alpha):
  1910. - Permit the fchmod system call, to avoid crashing on startup when
  1911. starting with the seccomp2 sandbox and an unexpected set of
  1912. permissions on the data directory or its contents. Fixes bug
  1913. 22516; bugfix on 0.2.5.4-alpha.
  1914. o Minor bugfixes (relay, backport from 0.3.0.5-rc):
  1915. - Avoid a double-marked-circuit warning that could happen when we
  1916. receive DESTROY cells under heavy load. Fixes bug 20059; bugfix
  1917. on 0.1.0.1-rc.
  1918. o Minor bugfixes (voting consistency, backport from 0.3.1.1-alpha):
  1919. - Reject version numbers with non-numeric prefixes (such as +, -, or
  1920. whitespace). Disallowing whitespace prevents differential version
  1921. parsing between POSIX-based and Windows platforms. Fixes bug 21507
  1922. and part of 21508; bugfix on 0.0.8pre1.
  1923. o Build features (backport from 0.3.1.5-alpha):
  1924. - Tor's repository now includes a Travis Continuous Integration (CI)
  1925. configuration file (.travis.yml). This is meant to help new
  1926. developers and contributors who fork Tor to a Github repository be
  1927. better able to test their changes, and understand what we expect
  1928. to pass. To use this new build feature, you must fork Tor to your
  1929. Github account, then go into the "Integrations" menu in the
  1930. repository settings for your fork and enable Travis, then push
  1931. your changes. Closes ticket 22636.
  1932. Changes in version 0.3.0.11 - 2017-09-18
  1933. Tor 0.3.0.11 backports a collection of bugfixes from Tor the 0.3.1
  1934. series.
  1935. Most significantly, it includes a fix for TROVE-2017-008, a
  1936. security bug that affects hidden services running with the
  1937. SafeLogging option disabled. For more information, see
  1938. https://trac.torproject.org/projects/tor/ticket/23490
  1939. o Minor features (code style, backport from 0.3.1.7):
  1940. - Add "Falls through" comments to our codebase, in order to silence
  1941. GCC 7's -Wimplicit-fallthrough warnings. Patch from Andreas
  1942. Stieger. Closes ticket 22446.
  1943. o Minor features:
  1944. - Update geoip and geoip6 to the September 6 2017 Maxmind GeoLite2
  1945. Country database.
  1946. o Minor bugfixes (compilation, backport from 0.3.1.7):
  1947. - Avoid compiler warnings in the unit tests for calling tor_sscanf()
  1948. with wide string outputs. Fixes bug 15582; bugfix on 0.2.6.2-alpha.
  1949. o Minor bugfixes (controller, backport from 0.3.1.7):
  1950. - Do not crash when receiving a HSPOST command with an empty body.
  1951. Fixes part of bug 22644; bugfix on 0.2.7.1-alpha.
  1952. - Do not crash when receiving a POSTDESCRIPTOR command with an empty
  1953. body. Fixes part of bug 22644; bugfix on 0.2.0.1-alpha.
  1954. o Minor bugfixes (file limits, osx, backport from 0.3.1.5-alpha):
  1955. - When setting the maximum number of connections allowed by the OS,
  1956. always allow some extra file descriptors for other files. Fixes
  1957. bug 22797; bugfix on 0.2.0.10-alpha.
  1958. o Minor bugfixes (logging, relay, backport from 0.3.1.6-rc):
  1959. - Remove a forgotten debugging message when an introduction point
  1960. successfully establishes a hidden service prop224 circuit with
  1961. a client.
  1962. - Change three other log_warn() for an introduction point to
  1963. protocol warnings, because they can be failure from the network
  1964. and are not relevant to the operator. Fixes bug 23078; bugfix on
  1965. 0.3.0.1-alpha and 0.3.0.2-alpha.
  1966. Changes in version 0.3.1.7 - 2017-09-18
  1967. Tor 0.3.1.7 is the first stable release in the 0.3.1 series.
  1968. With the 0.3.1 series, Tor now serves and downloads directory
  1969. information in more compact formats, to save on bandwidth overhead. It
  1970. also contains a new padding system to resist netflow-based traffic
  1971. analysis, and experimental support for building parts of Tor in Rust
  1972. (though no parts of Tor are in Rust yet). There are also numerous
  1973. small features, bugfixes on earlier release series, and groundwork for
  1974. the hidden services revamp of 0.3.2.
  1975. This release also includes a fix for TROVE-2017-008, a security bug
  1976. that affects hidden services running with the SafeLogging option
  1977. disabled. For more information, see
  1978. https://trac.torproject.org/projects/tor/ticket/23490
  1979. Per our stable release policy, we plan to support each stable release
  1980. series for at least the next nine months, or for three months after
  1981. the first stable release of the next series: whichever is longer. If
  1982. you need a release with long-term support, we recommend that you stay
  1983. with the 0.2.9 series.
  1984. Below is a list of the changes since 0.3.1.6-rc. For a list of all
  1985. changes since 0.3.0, see the ReleaseNotes file.
  1986. o Major bugfixes (security, hidden services, loggging):
  1987. - Fix a bug where we could log uninitialized stack when a certain
  1988. hidden service error occurred while SafeLogging was disabled.
  1989. Fixes bug #23490; bugfix on 0.2.7.2-alpha. This is also tracked as
  1990. TROVE-2017-008 and CVE-2017-0380.
  1991. o Minor features (defensive programming):
  1992. - Create a pair of consensus parameters, nf_pad_tor2web and
  1993. nf_pad_single_onion, to disable netflow padding in the consensus
  1994. for non-anonymous connections in case the overhead is high. Closes
  1995. ticket 17857.
  1996. o Minor features (diagnostic):
  1997. - Add a stack trace to the bug warnings that can be logged when
  1998. trying to send an outgoing relay cell with n_chan == 0. Diagnostic
  1999. attempt for bug 23105.
  2000. o Minor features (geoip):
  2001. - Update geoip and geoip6 to the September 6 2017 Maxmind GeoLite2
  2002. Country database.
  2003. o Minor bugfixes (compilation):
  2004. - Avoid compiler warnings in the unit tests for calling tor_sscanf()
  2005. with wide string outputs. Fixes bug 15582; bugfix on 0.2.6.2-alpha.
  2006. o Minor bugfixes (controller):
  2007. - Do not crash when receiving a HSPOST command with an empty body.
  2008. Fixes part of bug 22644; bugfix on 0.2.7.1-alpha.
  2009. - Do not crash when receiving a POSTDESCRIPTOR command with an empty
  2010. body. Fixes part of bug 22644; bugfix on 0.2.0.1-alpha.
  2011. o Minor bugfixes (relay):
  2012. - Inform the geoip and rephist modules about all requests, even on
  2013. relays that are only fetching microdescriptors. Fixes a bug
  2014. related to 21585; bugfix on 0.3.0.1-alpha.
  2015. o Minor bugfixes (unit tests):
  2016. - Fix a channelpadding unit test failure on slow systems by using
  2017. mocked time instead of actual time. Fixes bug 23077; bugfix
  2018. on 0.3.1.1-alpha.
  2019. Changes in version 0.3.1.6-rc - 2017-09-05
  2020. Tor 0.3.1.6-rc fixes a few small bugs and annoyances in the 0.3.1
  2021. release series, including a bug that produced weird behavior on
  2022. Windows directory caches.
  2023. This is the first release candidate in the Tor 0.3.1 series. If we
  2024. find no new bugs or regressions here, the first stable 0.3.1 release
  2025. will be nearly identical to it.
  2026. o Major bugfixes (windows, directory cache):
  2027. - On Windows, do not try to delete cached consensus documents and
  2028. diffs before they are unmapped from memory--Windows won't allow
  2029. that. Instead, allow the consensus cache directory to grow larger,
  2030. to hold files that might need to stay around longer. Fixes bug
  2031. 22752; bugfix on 0.3.1.1-alpha.
  2032. o Minor features (directory authority):
  2033. - Improve the message that authorities report to relays that present
  2034. RSA/Ed25519 keypairs that conflict with previously pinned keys.
  2035. Closes ticket 22348.
  2036. o Minor features (geoip):
  2037. - Update geoip and geoip6 to the August 3 2017 Maxmind GeoLite2
  2038. Country database.
  2039. o Minor features (testing):
  2040. - Add more tests for compression backend initialization. Closes
  2041. ticket 22286.
  2042. o Minor bugfixes (directory cache):
  2043. - Fix a memory leak when recovering space in the consensus cache.
  2044. Fixes bug 23139; bugfix on 0.3.1.1-alpha.
  2045. o Minor bugfixes (hidden service):
  2046. - Increase the number of circuits that a service is allowed to
  2047. open over a specific period of time. The value was lower than it
  2048. should be (8 vs 12) in the normal case of 3 introduction points.
  2049. Fixes bug 22159; bugfix on 0.3.0.5-rc.
  2050. - Fix a BUG warning during HSv3 descriptor decoding that could be
  2051. cause by a specially crafted descriptor. Fixes bug 23233; bugfix
  2052. on 0.3.0.1-alpha. Bug found by "haxxpop".
  2053. - Rate-limit the log messages if we exceed the maximum number of
  2054. allowed intro circuits. Fixes bug 22159; bugfix on 0.3.1.1-alpha.
  2055. o Minor bugfixes (logging, relay):
  2056. - Remove a forgotten debugging message when an introduction point
  2057. successfully establishes a hidden service prop224 circuit with
  2058. a client.
  2059. - Change three other log_warn() for an introduction point to
  2060. protocol warnings, because they can be failure from the network
  2061. and are not relevant to the operator. Fixes bug 23078; bugfix on
  2062. 0.3.0.1-alpha and 0.3.0.2-alpha.
  2063. o Minor bugfixes (relay):
  2064. - When a relay is not running as a directory cache, it will no
  2065. longer generate compressed consensuses and consensus diff
  2066. information. Previously, this was a waste of disk and CPU. Fixes
  2067. bug 23275; bugfix on 0.3.1.1-alpha.
  2068. o Minor bugfixes (robustness, error handling):
  2069. - Improve our handling of the cases where OpenSSL encounters a
  2070. memory error while encoding keys and certificates. We haven't
  2071. observed these errors in the wild, but if they do happen, we now
  2072. detect and respond better. Fixes bug 19418; bugfix on all versions
  2073. of Tor. Reported by Guido Vranken.
  2074. o Minor bugfixes (stability):
  2075. - Avoid crashing on a double-free when unable to load or process an
  2076. included file. Fixes bug 23155; bugfix on 0.3.1.1-alpha. Found
  2077. with the clang static analyzer.
  2078. o Minor bugfixes (testing):
  2079. - Fix an undersized buffer in test-memwipe.c. Fixes bug 23291;
  2080. bugfix on 0.2.7.2-alpha. Found and patched by Ties Stuij.
  2081. - Port the hs_ntor handshake test to work correctly with recent
  2082. versions of the pysha3 module. Fixes bug 23071; bugfix
  2083. on 0.3.1.1-alpha.
  2084. o Minor bugfixes (Windows service):
  2085. - When running as a Windows service, set the ID of the main thread
  2086. correctly. Failure to do so made us fail to send log messages to
  2087. the controller in 0.2.1.16-rc, slowed down controller event
  2088. delivery in 0.2.7.3-rc and later, and crash with an assertion
  2089. failure in 0.3.1.1-alpha. Fixes bug 23081; bugfix on 0.2.1.6-alpha.
  2090. Patch and diagnosis from "Vort".
  2091. Changes in version 0.3.0.10 - 2017-08-02
  2092. Tor 0.3.0.10 backports a collection of small-to-medium bugfixes
  2093. from the current Tor alpha series. OpenBSD users and TPROXY users
  2094. should upgrade; others are probably okay sticking with 0.3.0.9.
  2095. o Major features (build system, continuous integration, backport from 0.3.1.5-alpha):
  2096. - Tor's repository now includes a Travis Continuous Integration (CI)
  2097. configuration file (.travis.yml). This is meant to help new
  2098. developers and contributors who fork Tor to a Github repository be
  2099. better able to test their changes, and understand what we expect
  2100. to pass. To use this new build feature, you must fork Tor to your
  2101. Github account, then go into the "Integrations" menu in the
  2102. repository settings for your fork and enable Travis, then push
  2103. your changes. Closes ticket 22636.
  2104. o Major bugfixes (linux TPROXY support, backport from 0.3.1.1-alpha):
  2105. - Fix a typo that had prevented TPROXY-based transparent proxying
  2106. from working under Linux. Fixes bug 18100; bugfix on 0.2.6.3-alpha.
  2107. Patch from "d4fq0fQAgoJ".
  2108. o Major bugfixes (openbsd, denial-of-service, backport from 0.3.1.5-alpha):
  2109. - Avoid an assertion failure bug affecting our implementation of
  2110. inet_pton(AF_INET6) on certain OpenBSD systems whose strtol()
  2111. handling of "0xbar" differs from what we had expected. Fixes bug
  2112. 22789; bugfix on 0.2.3.8-alpha. Also tracked as TROVE-2017-007.
  2113. o Minor features (backport from 0.3.1.5-alpha):
  2114. - Update geoip and geoip6 to the July 4 2017 Maxmind GeoLite2
  2115. Country database.
  2116. o Minor bugfixes (bandwidth accounting, backport from 0.3.1.2-alpha):
  2117. - Roll over monthly accounting at the configured hour and minute,
  2118. rather than always at 00:00. Fixes bug 22245; bugfix on 0.0.9rc1.
  2119. Found by Andrey Karpov with PVS-Studio.
  2120. o Minor bugfixes (compilation warnings, backport from 0.3.1.5-alpha):
  2121. - Suppress -Wdouble-promotion warnings with clang 4.0. Fixes bug 22915;
  2122. bugfix on 0.2.8.1-alpha.
  2123. - Fix warnings when building with libscrypt and openssl scrypt
  2124. support on Clang. Fixes bug 22916; bugfix on 0.2.7.2-alpha.
  2125. - When building with certain versions of the mingw C header files,
  2126. avoid float-conversion warnings when calling the C functions
  2127. isfinite(), isnan(), and signbit(). Fixes bug 22801; bugfix
  2128. on 0.2.8.1-alpha.
  2129. o Minor bugfixes (compilation, mingw, backport from 0.3.1.1-alpha):
  2130. - Backport a fix for an "unused variable" warning that appeared
  2131. in some versions of mingw. Fixes bug 22838; bugfix on
  2132. 0.2.8.1-alpha.
  2133. o Minor bugfixes (coverity build support, backport from 0.3.1.5-alpha):
  2134. - Avoid Coverity build warnings related to our BUG() macro. By
  2135. default, Coverity treats BUG() as the Linux kernel does: an
  2136. instant abort(). We need to override that so our BUG() macro
  2137. doesn't prevent Coverity from analyzing functions that use it.
  2138. Fixes bug 23030; bugfix on 0.2.9.1-alpha.
  2139. o Minor bugfixes (directory authority, backport from 0.3.1.1-alpha):
  2140. - When rejecting a router descriptor for running an obsolete version
  2141. of Tor without ntor support, warn about the obsolete tor version,
  2142. not the missing ntor key. Fixes bug 20270; bugfix on 0.2.9.3-alpha.
  2143. o Minor bugfixes (linux seccomp2 sandbox, backport from 0.3.1.5-alpha):
  2144. - Avoid a sandbox failure when trying to re-bind to a socket and
  2145. mark it as IPv6-only. Fixes bug 20247; bugfix on 0.2.5.1-alpha.
  2146. o Minor bugfixes (unit tests, backport from 0.3.1.5-alpha)
  2147. - Fix a memory leak in the link-handshake/certs_ok_ed25519 test.
  2148. Fixes bug 22803; bugfix on 0.3.0.1-alpha.
  2149. Changes in version 0.3.1.5-alpha - 2017-08-01
  2150. Tor 0.3.1.5-alpha improves the performance of consensus diff
  2151. calculation, fixes a crash bug on older versions of OpenBSD, and fixes
  2152. several other bugs. If no serious bugs are found in this version, the
  2153. next version will be a release candidate.
  2154. This release also marks the end of support for the Tor 0.2.4.x,
  2155. 0.2.6.x, and 0.2.7.x release series. Those releases will receive no
  2156. further bug or security fixes. Anyone still running or distributing
  2157. one of those versions should upgrade.
  2158. o Major features (build system, continuous integration):
  2159. - Tor's repository now includes a Travis Continuous Integration (CI)
  2160. configuration file (.travis.yml). This is meant to help new
  2161. developers and contributors who fork Tor to a Github repository be
  2162. better able to test their changes, and understand what we expect
  2163. to pass. To use this new build feature, you must fork Tor to your
  2164. Github account, then go into the "Integrations" menu in the
  2165. repository settings for your fork and enable Travis, then push
  2166. your changes. Closes ticket 22636.
  2167. o Major bugfixes (openbsd, denial-of-service):
  2168. - Avoid an assertion failure bug affecting our implementation of
  2169. inet_pton(AF_INET6) on certain OpenBSD systems whose strtol()
  2170. handling of "0xbar" differs from what we had expected. Fixes bug
  2171. 22789; bugfix on 0.2.3.8-alpha. Also tracked as TROVE-2017-007.
  2172. o Major bugfixes (relay, performance):
  2173. - Perform circuit handshake operations at a higher priority than we
  2174. use for consensus diff creation and compression. This should
  2175. prevent circuits from starving when a relay or bridge receives a
  2176. new consensus, especially on lower-powered machines. Fixes bug
  2177. 22883; bugfix on 0.3.1.1-alpha.
  2178. o Minor features (bridge authority):
  2179. - Add "fingerprint" lines to the networkstatus-bridges file produced
  2180. by bridge authorities. Closes ticket 22207.
  2181. o Minor features (directory cache, consensus diff):
  2182. - Add a new MaxConsensusAgeForDiffs option to allow directory cache
  2183. operators with low-resource environments to adjust the number of
  2184. consensuses they'll store and generate diffs from. Most cache
  2185. operators should leave it unchanged. Helps to work around
  2186. bug 22883.
  2187. o Minor features (geoip):
  2188. - Update geoip and geoip6 to the July 4 2017 Maxmind GeoLite2
  2189. Country database.
  2190. o Minor features (relay, performance):
  2191. - Always start relays with at least two worker threads, to prevent
  2192. priority inversion on slow tasks. Part of the fix for bug 22883.
  2193. - Allow background work to be queued with different priorities, so
  2194. that a big pile of slow low-priority jobs will not starve out
  2195. higher priority jobs. This lays the groundwork for a fix for
  2196. bug 22883.
  2197. o Minor bugfixes (build system, rust):
  2198. - Fix a problem where Rust toolchains were not being found when
  2199. building without --enable-cargo-online-mode, due to setting the
  2200. $HOME environment variable instead of $CARGO_HOME. Fixes bug
  2201. 22830; bugfix on 0.3.1.1-alpha. Fix by Chelsea Komlo.
  2202. o Minor bugfixes (compatibility, zstd):
  2203. - Write zstd epilogues correctly when the epilogue requires
  2204. reallocation of the output buffer, even with zstd 1.3.0.
  2205. (Previously, we worked on 1.2.0 and failed with 1.3.0). Fixes bug
  2206. 22927; bugfix on 0.3.1.1-alpha.
  2207. o Minor bugfixes (compilation warnings):
  2208. - Suppress -Wdouble-promotion warnings with clang 4.0. Fixes bug
  2209. 22915; bugfix on 0.2.8.1-alpha.
  2210. - Fix warnings when building with libscrypt and openssl scrypt
  2211. support on Clang. Fixes bug 22916; bugfix on 0.2.7.2-alpha.
  2212. - Compile correctly when both openssl 1.1.0 and libscrypt are
  2213. detected. Previously this would cause an error. Fixes bug 22892;
  2214. bugfix on 0.3.1.1-alpha.
  2215. - When building with certain versions of the mingw C header files,
  2216. avoid float-conversion warnings when calling the C functions
  2217. isfinite(), isnan(), and signbit(). Fixes bug 22801; bugfix
  2218. on 0.2.8.1-alpha.
  2219. o Minor bugfixes (coverity build support):
  2220. - Avoid Coverity build warnings related to our BUG() macro. By
  2221. default, Coverity treats BUG() as the Linux kernel does: an
  2222. instant abort(). We need to override that so our BUG() macro
  2223. doesn't prevent Coverity from analyzing functions that use it.
  2224. Fixes bug 23030; bugfix on 0.2.9.1-alpha.
  2225. o Minor bugfixes (directory authority):
  2226. - When a directory authority rejects a descriptor or extrainfo with
  2227. a given digest, mark that digest as undownloadable, so that we do
  2228. not attempt to download it again over and over. We previously
  2229. tried to avoid downloading such descriptors by other means, but we
  2230. didn't notice if we accidentally downloaded one anyway. This
  2231. behavior became problematic in 0.2.7.2-alpha, when authorities
  2232. began pinning Ed25519 keys. Fixes bug 22349; bugfix
  2233. on 0.2.1.19-alpha.
  2234. o Minor bugfixes (error reporting, windows):
  2235. - When formatting Windows error messages, use the English format to
  2236. avoid codepage issues. Fixes bug 22520; bugfix on 0.1.2.8-alpha.
  2237. Patch from "Vort".
  2238. o Minor bugfixes (file limits, osx):
  2239. - When setting the maximum number of connections allowed by the OS,
  2240. always allow some extra file descriptors for other files. Fixes
  2241. bug 22797; bugfix on 0.2.0.10-alpha.
  2242. o Minor bugfixes (linux seccomp2 sandbox):
  2243. - Avoid a sandbox failure when trying to re-bind to a socket and
  2244. mark it as IPv6-only. Fixes bug 20247; bugfix on 0.2.5.1-alpha.
  2245. o Minor bugfixes (memory leaks):
  2246. - Fix a small memory leak when validating a configuration that uses
  2247. two or more AF_UNIX sockets for the same port type. Fixes bug
  2248. 23053; bugfix on 0.2.6.3-alpha. This is CID 1415725.
  2249. o Minor bugfixes (unit tests):
  2250. - test_consdiff_base64cmp would fail on OS X because while OS X
  2251. follows the standard of (less than zero/zero/greater than zero),
  2252. it doesn't follow the convention of (-1/0/+1). Make the test
  2253. comply with the standard. Fixes bug 22870; bugfix on 0.3.1.1-alpha.
  2254. - Fix a memory leak in the link-handshake/certs_ok_ed25519 test.
  2255. Fixes bug 22803; bugfix on 0.3.0.1-alpha.
  2256. Changes in version 0.3.1.4-alpha - 2017-06-29
  2257. Tor 0.3.1.4-alpha fixes a path selection bug that would allow a client
  2258. to use a guard that was in the same network family as a chosen exit
  2259. relay. This is a security regression; all clients running earlier
  2260. versions of 0.3.0.x or 0.3.1.x should upgrade to 0.3.0.9
  2261. or 0.3.1.4-alpha.
  2262. This release also fixes several other bugs introduced in 0.3.0.x
  2263. and 0.3.1.x, including others that can affect bandwidth usage
  2264. and correctness.
  2265. o New dependencies:
  2266. - To build with zstd and lzma support, Tor now requires the
  2267. pkg-config tool at build time. (This requirement was new in
  2268. 0.3.1.1-alpha, but was not noted at the time. Noting it here to
  2269. close ticket 22623.)
  2270. o Major bugfixes (path selection, security):
  2271. - When choosing which guard to use for a circuit, avoid the exit's
  2272. family along with the exit itself. Previously, the new guard
  2273. selection logic avoided the exit, but did not consider its family.
  2274. Fixes bug 22753; bugfix on 0.3.0.1-alpha. Tracked as TROVE-2017-
  2275. 006 and CVE-2017-0377.
  2276. o Major bugfixes (compression, zstd):
  2277. - Correctly detect a full buffer when decompressing a large zstd-
  2278. compressed input. Previously, we would sometimes treat a full
  2279. buffer as an error. Fixes bug 22628; bugfix on 0.3.1.1-alpha.
  2280. o Major bugfixes (directory protocol):
  2281. - Ensure that we send "304 Not modified" as HTTP status code when a
  2282. client is attempting to fetch a consensus or consensus diff, and
  2283. the best one we can send them is one they already have. Fixes bug
  2284. 22702; bugfix on 0.3.1.1-alpha.
  2285. o Major bugfixes (entry guards):
  2286. - When starting with an old consensus, do not add new entry guards
  2287. unless the consensus is "reasonably live" (under 1 day old). Fixes
  2288. one root cause of bug 22400; bugfix on 0.3.0.1-alpha.
  2289. o Minor features (bug mitigation, diagnostics, logging):
  2290. - Avoid an assertion failure, and log a better error message, when
  2291. unable to remove a file from the consensus cache on Windows.
  2292. Attempts to mitigate and diagnose bug 22752.
  2293. o Minor features (geoip):
  2294. - Update geoip and geoip6 to the June 8 2017 Maxmind GeoLite2
  2295. Country database.
  2296. o Minor bugfixes (compression):
  2297. - When compressing or decompressing a buffer, check for a failure to
  2298. create a compression object. Fixes bug 22626; bugfix
  2299. on 0.3.1.1-alpha.
  2300. - When decompressing a buffer, check for extra data after the end of
  2301. the compressed data. Fixes bug 22629; bugfix on 0.3.1.1-alpha.
  2302. - When decompressing an object received over an anonymous directory
  2303. connection, if we have already decompressed it using an acceptable
  2304. compression method, do not reject it for looking like an
  2305. unacceptable compression method. Fixes part of bug 22670; bugfix
  2306. on 0.3.1.1-alpha.
  2307. - When serving directory votes compressed with zlib, do not claim to
  2308. have compressed them with zstd. Fixes bug 22669; bugfix
  2309. on 0.3.1.1-alpha.
  2310. - When spooling compressed data to an output buffer, don't try to
  2311. spool more data when there is no more data to spool and we are not
  2312. trying to flush the input. Previously, we would sometimes launch
  2313. compression requests with nothing to do, which interferes with our
  2314. 22672 checks. Fixes bug 22719; bugfix on 0.2.0.16-alpha.
  2315. o Minor bugfixes (defensive programming):
  2316. - Detect and break out of infinite loops in our compression code. We
  2317. don't think that any such loops exist now, but it's best to be
  2318. safe. Closes ticket 22672.
  2319. - Fix a memset() off the end of an array when packing cells. This
  2320. bug should be harmless in practice, since the corrupted bytes are
  2321. still in the same structure, and are always padding bytes,
  2322. ignored, or immediately overwritten, depending on compiler
  2323. behavior. Nevertheless, because the memset()'s purpose is to make
  2324. sure that any other cell-handling bugs can't expose bytes to the
  2325. network, we need to fix it. Fixes bug 22737; bugfix on
  2326. 0.2.4.11-alpha. Fixes CID 1401591.
  2327. o Minor bugfixes (linux seccomp2 sandbox):
  2328. - Permit the fchmod system call, to avoid crashing on startup when
  2329. starting with the seccomp2 sandbox and an unexpected set of
  2330. permissions on the data directory or its contents. Fixes bug
  2331. 22516; bugfix on 0.2.5.4-alpha.
  2332. - Fix a crash in the LZMA module, when the sandbox was enabled, and
  2333. liblzma would allocate more than 16 MB of memory. We solve this by
  2334. bumping the mprotect() limit in the sandbox module from 16 MB to
  2335. 20 MB. Fixes bug 22751; bugfix on 0.3.1.1-alpha.
  2336. o Minor bugfixes (logging):
  2337. - When decompressing, do not warn if we fail to decompress using a
  2338. compression method that we merely guessed. Fixes part of bug
  2339. 22670; bugfix on 0.1.1.14-alpha.
  2340. - When decompressing, treat mismatch between content-encoding and
  2341. actual compression type as a protocol warning. Fixes part of bug
  2342. 22670; bugfix on 0.1.1.9-alpha.
  2343. - Downgrade "assigned_to_cpuworker failed" message to info-level
  2344. severity. In every case that can reach it, either a better warning
  2345. has already been logged, or no warning is warranted. Fixes bug
  2346. 22356; bugfix on 0.2.6.3-alpha.
  2347. - Demote a warn that was caused by libevent delays to info if
  2348. netflow padding is less than 4.5 seconds late, or to notice
  2349. if it is more (4.5 seconds is the amount of time that a netflow
  2350. record might be emitted after, if we chose the maximum timeout).
  2351. Fixes bug 22212; bugfix on 0.3.1.1-alpha.
  2352. o Minor bugfixes (process behavior):
  2353. - When exiting because of an error, always exit with a nonzero exit
  2354. status. Previously, we would fail to report an error in our exit
  2355. status in cases related to __OwningControllerProcess failure,
  2356. lockfile contention, and Ed25519 key initialization. Fixes bug
  2357. 22720; bugfix on versions 0.2.1.6-alpha, 0.2.2.28-beta, and
  2358. 0.2.7.2-alpha respectively. Reported by "f55jwk4f"; patch
  2359. from "huyvq".
  2360. o Documentation:
  2361. - Add a manpage description for the key-pinning-journal file. Closes
  2362. ticket 22347.
  2363. - Correctly note that bandwidth accounting values are stored in the
  2364. state file, and the bw_accounting file is now obsolete. Closes
  2365. ticket 16082.
  2366. - Document more of the files in the Tor data directory, including
  2367. cached-extrainfo, secret_onion_key{,_ntor}.old, hidserv-stats,
  2368. approved-routers, sr-random, and diff-cache. Found while fixing
  2369. ticket 22347.
  2370. Changes in version 0.3.0.9 - 2017-06-29
  2371. Tor 0.3.0.9 fixes a path selection bug that would allow a client
  2372. to use a guard that was in the same network family as a chosen exit
  2373. relay. This is a security regression; all clients running earlier
  2374. versions of 0.3.0.x or 0.3.1.x should upgrade to 0.3.0.9 or
  2375. 0.3.1.4-alpha.
  2376. This release also backports several other bugfixes from the 0.3.1.x
  2377. series.
  2378. o Major bugfixes (path selection, security, backport from 0.3.1.4-alpha):
  2379. - When choosing which guard to use for a circuit, avoid the exit's
  2380. family along with the exit itself. Previously, the new guard
  2381. selection logic avoided the exit, but did not consider its family.
  2382. Fixes bug 22753; bugfix on 0.3.0.1-alpha. Tracked as TROVE-2017-
  2383. 006 and CVE-2017-0377.
  2384. o Major bugfixes (entry guards, backport from 0.3.1.1-alpha):
  2385. - Don't block bootstrapping when a primary bridge is offline and we
  2386. can't get its descriptor. Fixes bug 22325; fixes one case of bug
  2387. 21969; bugfix on 0.3.0.3-alpha.
  2388. o Major bugfixes (entry guards, backport from 0.3.1.4-alpha):
  2389. - When starting with an old consensus, do not add new entry guards
  2390. unless the consensus is "reasonably live" (under 1 day old). Fixes
  2391. one root cause of bug 22400; bugfix on 0.3.0.1-alpha.
  2392. o Minor features (geoip):
  2393. - Update geoip and geoip6 to the June 8 2017 Maxmind GeoLite2
  2394. Country database.
  2395. o Minor bugfixes (voting consistency, backport from 0.3.1.1-alpha):
  2396. - Reject version numbers with non-numeric prefixes (such as +, -, or
  2397. whitespace). Disallowing whitespace prevents differential version
  2398. parsing between POSIX-based and Windows platforms. Fixes bug 21507
  2399. and part of 21508; bugfix on 0.0.8pre1.
  2400. o Minor bugfixes (linux seccomp2 sandbox, backport from 0.3.1.4-alpha):
  2401. - Permit the fchmod system call, to avoid crashing on startup when
  2402. starting with the seccomp2 sandbox and an unexpected set of
  2403. permissions on the data directory or its contents. Fixes bug
  2404. 22516; bugfix on 0.2.5.4-alpha.
  2405. o Minor bugfixes (defensive programming, backport from 0.3.1.4-alpha):
  2406. - Fix a memset() off the end of an array when packing cells. This
  2407. bug should be harmless in practice, since the corrupted bytes are
  2408. still in the same structure, and are always padding bytes,
  2409. ignored, or immediately overwritten, depending on compiler
  2410. behavior. Nevertheless, because the memset()'s purpose is to make
  2411. sure that any other cell-handling bugs can't expose bytes to the
  2412. network, we need to fix it. Fixes bug 22737; bugfix on
  2413. 0.2.4.11-alpha. Fixes CID 1401591.
  2414. Changes in version 0.3.1.3-alpha - 2017-06-08
  2415. Tor 0.3.1.3-alpha fixes a pair of bugs that would allow an attacker to
  2416. remotely crash a hidden service with an assertion failure. Anyone
  2417. running a hidden service should upgrade to this version, or to some
  2418. other version with fixes for TROVE-2017-004 and TROVE-2017-005.
  2419. Tor 0.3.1.3-alpha also includes fixes for several key management bugs
  2420. that sometimes made relays unreliable, as well as several other
  2421. bugfixes described below.
  2422. o Major bugfixes (hidden service, relay, security):
  2423. - Fix a remotely triggerable assertion failure when a hidden service
  2424. handles a malformed BEGIN cell. Fixes bug 22493, tracked as
  2425. TROVE-2017-004 and as CVE-2017-0375; bugfix on 0.3.0.1-alpha.
  2426. - Fix a remotely triggerable assertion failure caused by receiving a
  2427. BEGIN_DIR cell on a hidden service rendezvous circuit. Fixes bug
  2428. 22494, tracked as TROVE-2017-005 and CVE-2017-0376; bugfix
  2429. on 0.2.2.1-alpha.
  2430. o Major bugfixes (relay, link handshake):
  2431. - When performing the v3 link handshake on a TLS connection, report
  2432. that we have the x509 certificate that we actually used on that
  2433. connection, even if we have changed certificates since that
  2434. connection was first opened. Previously, we would claim to have
  2435. used our most recent x509 link certificate, which would sometimes
  2436. make the link handshake fail. Fixes one case of bug 22460; bugfix
  2437. on 0.2.3.6-alpha.
  2438. o Major bugfixes (relays, key management):
  2439. - Regenerate link and authentication certificates whenever the key
  2440. that signs them changes; also, regenerate link certificates
  2441. whenever the signed key changes. Previously, these processes were
  2442. only weakly coupled, and we relays could (for minutes to hours)
  2443. wind up with an inconsistent set of keys and certificates, which
  2444. other relays would not accept. Fixes two cases of bug 22460;
  2445. bugfix on 0.3.0.1-alpha.
  2446. - When sending an Ed25519 signing->link certificate in a CERTS cell,
  2447. send the certificate that matches the x509 certificate that we
  2448. used on the TLS connection. Previously, there was a race condition
  2449. if the TLS context rotated after we began the TLS handshake but
  2450. before we sent the CERTS cell. Fixes a case of bug 22460; bugfix
  2451. on 0.3.0.1-alpha.
  2452. o Major bugfixes (torrc, crash):
  2453. - Fix a crash bug when using %include in torrc. Fixes bug 22417;
  2454. bugfix on 0.3.1.1-alpha. Patch by Daniel Pinto.
  2455. o Minor features (code style):
  2456. - Add "Falls through" comments to our codebase, in order to silence
  2457. GCC 7's -Wimplicit-fallthrough warnings. Patch from Andreas
  2458. Stieger. Closes ticket 22446.
  2459. o Minor features (diagnostic):
  2460. - Add logging messages to try to diagnose a rare bug that seems to
  2461. generate RSA->Ed25519 cross-certificates dated in the 1970s. We
  2462. think this is happening because of incorrect system clocks, but
  2463. we'd like to know for certain. Diagnostic for bug 22466.
  2464. o Minor bugfixes (correctness):
  2465. - Avoid undefined behavior when parsing IPv6 entries from the geoip6
  2466. file. Fixes bug 22490; bugfix on 0.2.4.6-alpha.
  2467. o Minor bugfixes (directory protocol):
  2468. - Check for libzstd >= 1.1, because older versions lack the
  2469. necessary streaming API. Fixes bug 22413; bugfix on 0.3.1.1-alpha.
  2470. o Minor bugfixes (link handshake):
  2471. - Lower the lifetime of the RSA->Ed25519 cross-certificate to six
  2472. months, and regenerate it when it is within one month of expiring.
  2473. Previously, we had generated this certificate at startup with a
  2474. ten-year lifetime, but that could lead to weird behavior when Tor
  2475. was started with a grossly inaccurate clock. Mitigates bug 22466;
  2476. mitigation on 0.3.0.1-alpha.
  2477. o Minor bugfixes (storage directories):
  2478. - Always check for underflows in the cached storage directory usage.
  2479. If the usage does underflow, re-calculate it. Also, avoid a
  2480. separate underflow when the usage is not known. Fixes bug 22424;
  2481. bugfix on 0.3.1.1-alpha.
  2482. o Minor bugfixes (unit tests):
  2483. - The unit tests now pass on systems where localhost is misconfigured
  2484. to some IPv4 address other than 127.0.0.1. Fixes bug 6298; bugfix
  2485. on 0.0.9pre2.
  2486. o Documentation:
  2487. - Clarify the manpage for the (deprecated) torify script. Closes
  2488. ticket 6892.
  2489. Changes in version 0.3.0.8 - 2017-06-08
  2490. Tor 0.3.0.8 fixes a pair of bugs that would allow an attacker to
  2491. remotely crash a hidden service with an assertion failure. Anyone
  2492. running a hidden service should upgrade to this version, or to some
  2493. other version with fixes for TROVE-2017-004 and TROVE-2017-005.
  2494. Tor 0.3.0.8 also includes fixes for several key management bugs
  2495. that sometimes made relays unreliable, as well as several other
  2496. bugfixes described below.
  2497. o Major bugfixes (hidden service, relay, security, backport
  2498. from 0.3.1.3-alpha):
  2499. - Fix a remotely triggerable assertion failure when a hidden service
  2500. handles a malformed BEGIN cell. Fixes bug 22493, tracked as
  2501. TROVE-2017-004 and as CVE-2017-0375; bugfix on 0.3.0.1-alpha.
  2502. - Fix a remotely triggerable assertion failure caused by receiving a
  2503. BEGIN_DIR cell on a hidden service rendezvous circuit. Fixes bug
  2504. 22494, tracked as TROVE-2017-005 and CVE-2017-0376; bugfix
  2505. on 0.2.2.1-alpha.
  2506. o Major bugfixes (relay, link handshake, backport from 0.3.1.3-alpha):
  2507. - When performing the v3 link handshake on a TLS connection, report
  2508. that we have the x509 certificate that we actually used on that
  2509. connection, even if we have changed certificates since that
  2510. connection was first opened. Previously, we would claim to have
  2511. used our most recent x509 link certificate, which would sometimes
  2512. make the link handshake fail. Fixes one case of bug 22460; bugfix
  2513. on 0.2.3.6-alpha.
  2514. o Major bugfixes (relays, key management, backport from 0.3.1.3-alpha):
  2515. - Regenerate link and authentication certificates whenever the key
  2516. that signs them changes; also, regenerate link certificates
  2517. whenever the signed key changes. Previously, these processes were
  2518. only weakly coupled, and we relays could (for minutes to hours)
  2519. wind up with an inconsistent set of keys and certificates, which
  2520. other relays would not accept. Fixes two cases of bug 22460;
  2521. bugfix on 0.3.0.1-alpha.
  2522. - When sending an Ed25519 signing->link certificate in a CERTS cell,
  2523. send the certificate that matches the x509 certificate that we
  2524. used on the TLS connection. Previously, there was a race condition
  2525. if the TLS context rotated after we began the TLS handshake but
  2526. before we sent the CERTS cell. Fixes a case of bug 22460; bugfix
  2527. on 0.3.0.1-alpha.
  2528. o Major bugfixes (hidden service v3, backport from 0.3.1.1-alpha):
  2529. - Stop rejecting v3 hidden service descriptors because their size
  2530. did not match an old padding rule. Fixes bug 22447; bugfix on
  2531. tor-0.3.0.1-alpha.
  2532. o Minor features (fallback directory list, backport from 0.3.1.3-alpha):
  2533. - Replace the 177 fallbacks originally introduced in Tor 0.2.9.8 in
  2534. December 2016 (of which ~126 were still functional) with a list of
  2535. 151 fallbacks (32 new, 119 unchanged, 58 removed) generated in May
  2536. 2017. Resolves ticket 21564.
  2537. o Minor bugfixes (configuration, backport from 0.3.1.1-alpha):
  2538. - Do not crash when starting with LearnCircuitBuildTimeout 0. Fixes
  2539. bug 22252; bugfix on 0.2.9.3-alpha.
  2540. o Minor bugfixes (correctness, backport from 0.3.1.3-alpha):
  2541. - Avoid undefined behavior when parsing IPv6 entries from the geoip6
  2542. file. Fixes bug 22490; bugfix on 0.2.4.6-alpha.
  2543. o Minor bugfixes (link handshake, backport from 0.3.1.3-alpha):
  2544. - Lower the lifetime of the RSA->Ed25519 cross-certificate to six
  2545. months, and regenerate it when it is within one month of expiring.
  2546. Previously, we had generated this certificate at startup with a
  2547. ten-year lifetime, but that could lead to weird behavior when Tor
  2548. was started with a grossly inaccurate clock. Mitigates bug 22466;
  2549. mitigation on 0.3.0.1-alpha.
  2550. o Minor bugfixes (memory leak, directory authority, backport from
  2551. 0.3.1.2-alpha):
  2552. - When directory authorities reject a router descriptor due to
  2553. keypinning, free the router descriptor rather than leaking the
  2554. memory. Fixes bug 22370; bugfix on 0.2.7.2-alpha.
  2555. Changes in version 0.2.9.11 - 2017-06-08
  2556. Tor 0.2.9.11 backports a fix for a bug that would allow an attacker to
  2557. remotely crash a hidden service with an assertion failure. Anyone
  2558. running a hidden service should upgrade to this version, or to some